--------------- QuickDiag | g3n-h@ckm@n | V3_31.08.17.1 --------------- ----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 02/10/2017 17:30:55 Updated 31/08/2017 | 12.45 (GMT) by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Time Zone : (UTC+01:00) Bruxelles, Copenhague, Madrid, Paris [Villedieu Mathias (Administrator)] - [DESKTOP-3EGGP8T] (S-1-5-21-2840930965-2178098826-1748127505-1001) System: Microsoft Windows 10 Pro - - (10.0.14393) - BuildType: Multiprocessor Free - OSLanguage: 1033 (040c) -> (1607) System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True Boot : Microsoft Windows 10 Pro|C:\WINDOWS|\Device\Harddisk0\Partition4 Boot : Normal boot PC: MS-7893 - MSI - IdNumber: To be filled by O.E.M. - UUID: 00000000-0000-0000-0000-4CCC6AB253C4 Processor : X64 - 3900 Mhz - AMD FX(tm)-6350 Six-Core Processor V1.4 - en|US|iso8859-1 - American Megatrends Inc. - S/N: To be filled by O.E.M. - V1.4 - ALASKA - 1072009 CoreTemp : ? Celsius ----------| Quick ---------- | SoundDevice Realtek High Definition Audio - Status: OK - Manufacturer: Realtek - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0900&SUBSYS_1462D893&REV_1000\4&118CD1D8&0&0001 NVIDIA Virtual Audio Device (Wave Extensible) (WDM) - Status: OK - Manufacturer: NVIDIA - PNPDeviceID: ROOT\UNNAMED_DEVICE\0000 NVIDIA High Definition Audio - Status: OK - Manufacturer: NVIDIA - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10DE&DEV_0084&SUBSYS_10DE11D7&REV_1001\5&29FD6C03&0&0001 ---------- | Video NVIDIA GeForce GTX 1060 6GB - Resolution: 1746x1026 - Colors: 4294967296 - RefreshRate: 60 - 32 Bits Per Pixel - DeviceID: VideoController1 - Drivers: C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_63f40b686fe9309f\nvldumdx.dll,C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_63f40b686fe9309f\nvldumdx.dll,C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_63f40b686fe9309f\nvldumdx.dll,C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_63f40b686fe9309f\nvldumdx.dll,C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_63f40b686fe9309f\nvldumd.dll,C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_63f40b686fe9309f\nvldumd.dll,C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_63f40b686fe9309f\nvldumd.dll,C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_63f40b686fe9309f\nvldumd.dll - PNPDeviceID: PCI\VEN_10DE&DEV_1C03&SUBSYS_11D710DE&REV_A1\4&357AF840&0&0068 - AdapterCompatibility: NVIDIA - RAM: -1048576 Inegrated Video Chipset DeviceName: NVIDIA GeForce GTX 1060 6GB - DriverVersion: 22.21.13.8569 - SpecificationVersion: 1025 ---------- | Codecs c:\windows\system32\msadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 34640 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\l3codeca.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 87040 - Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK c:\windows\system32\msrle32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 17920 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msvidc32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 38912 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 27648 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msgsm32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 42936 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msg711.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 25352 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\iyuv_32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 54272 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\imaadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 35696 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\tsbyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 16896 - Manufacturer: Microsoft Corporation - Status: OK ---------- | CPU CPU #1 value:31 % CPU #2 value:44 % CPU #3 value:7 % CPU #4 value:38 % CPU #5 value:13 % CPU #6 value:7 % Total Overall CPU Usage value:23 % ---------- | Network Killer e2200 Gigabit Ethernet Controller : SENT:0 bytes/sec / RECVD:0 bytes/sec ASUS PCE-AC56 802.11ac Network Adapter : SENT:0 bytes/sec / RECVD:0 bytes/sec isatap.home : SENT:0 bytes/sec / RECVD:0 bytes/sec Local Area Connection* 3 : SENT:0 bytes/sec / RECVD:0 bytes/sec Overall -> SEND Maxium:23 bytes/sec, / RECEIVE Maximum:0 bytes/sec Killer e2200 Gigabit Ethernet Controller - Ethernet 802.3 - Rivet Networks - Status: - PnPID : PCI\VEN_1969&DEV_E091&SUBSYS_78931462&REV_13\4&2DDBB3B7&0&00A8 ASUS PCE-AC56 802.11ac Network Adapter - Ethernet 802.3 - ASUS - Status: - PnPID : PCI\VEN_14E4&DEV_43B1&SUBSYS_85BA1043&REV_03\4&1C5B4222&0&0050 Microsoft Kernel Debug Network Adapter - - Microsoft - Status: - PnPID : ROOT\KDNIC\0000 Microsoft Wi-Fi Direct Virtual Adapter - Ethernet 802.3 - Microsoft - Status: - PnPID : {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP_WFD\5&23044C2C&0&11 Microsoft ISATAP Adapter - Tunnel - Microsoft - Status: - PnPID : SWD\IP_TUNNEL_VBUS\ISATAP_0 Teredo Tunneling Pseudo-Interface - Tunnel - Microsoft - Status: - PnPID : SWD\IP_TUNNEL_VBUS\TEREDO_TUNNEL_DEVICE WAN Miniport (SSTP) - - - Status: - PnPID : WAN Miniport (IKEv2) - - - Status: - PnPID : WAN Miniport (L2TP) - - - Status: - PnPID : WAN Miniport (PPTP) - - - Status: - PnPID : WAN Miniport (PPPOE) - - - Status: - PnPID : WAN Miniport (IP) - - - Status: - PnPID : WAN Miniport (IPv6) - - - Status: - PnPID : WAN Miniport (Network Monitor) - - - Status: - PnPID : ---------- | Memory RAM = Total (MB) : 8334 | Free (MB) : 5279 Pagefile = Total (MB) : 10300 | Free (MB) : 6211 Virtual = Total (MB) : 4194 | Free (MB) : 3946 Physical Memory 0 : Capacity: 4294967296 - A1_DIMM0 - Posit.: - Manufacturer: Corsair - PartNumber: CMZ8GX3M2A2133C11 - S/N: 00000000 Physical Memory 2 : Capacity: 4294967296 - A1_DIMM2 - Posit.: - Manufacturer: Corsair - PartNumber: CMZ8GX3M2A2133C11 - S/N: 00000000 ---------- | SID Users Administrator : [S-1-5-21-2840930965-2178098826-1748127505-500] DefaultAccount : [S-1-5-21-2840930965-2178098826-1748127505-503] defaultuser0 : [S-1-5-21-2840930965-2178098826-1748127505-1000] Guest : [S-1-5-21-2840930965-2178098826-1748127505-501] Villedieu Mathias : [S-1-5-21-2840930965-2178098826-1748127505-1001] Access Control Assistance Operators : [S-1-5-32-579] Administrators : [S-1-5-32-544] Backup Operators : [S-1-5-32-551] Cryptographic Operators : [S-1-5-32-569] Distributed COM Users : [S-1-5-32-562] Event Log Readers : [S-1-5-32-573] Guests : [S-1-5-32-546] Hyper-V Administrators : [S-1-5-32-578] IIS_IUSRS : [S-1-5-32-568] Network Configuration Operators : [S-1-5-32-556] Performance Log Users : [S-1-5-32-559] Performance Monitor Users : [S-1-5-32-558] Power Users : [S-1-5-32-547] Remote Desktop Users : [S-1-5-32-555] Remote Management Users : [S-1-5-32-580] Replicator : [S-1-5-32-552] System Managed Accounts Group : [S-1-5-32-581] Users : [S-1-5-32-545] ---------- | SystemAccounts Name: Everyone - SID: S-1-1-0 - SIDType: 5 - Status: OK Name: LOCAL - SID: S-1-2-0 - SIDType: 5 - Status: OK Name: CREATOR OWNER - SID: S-1-3-0 - SIDType: 5 - Status: OK Name: CREATOR GROUP - SID: S-1-3-1 - SIDType: 5 - Status: OK Name: CREATOR OWNER SERVER - SID: S-1-3-2 - SIDType: 5 - Status: OK Name: CREATOR GROUP SERVER - SID: S-1-3-3 - SIDType: 5 - Status: OK Name: OWNER RIGHTS - SID: S-1-3-4 - SIDType: 5 - Status: OK Name: DIALUP - SID: S-1-5-1 - SIDType: 5 - Status: OK Name: NETWORK - SID: S-1-5-2 - SIDType: 5 - Status: OK Name: BATCH - SID: S-1-5-3 - SIDType: 5 - Status: OK Name: INTERACTIVE - SID: S-1-5-4 - SIDType: 5 - Status: OK Name: SERVICE - SID: S-1-5-6 - SIDType: 5 - Status: OK Name: ANONYMOUS LOGON - SID: S-1-5-7 - SIDType: 5 - Status: OK Name: PROXY - SID: S-1-5-8 - SIDType: 5 - Status: OK Name: SYSTEM - SID: S-1-5-18 - SIDType: 5 - Status: OK Name: ENTERPRISE DOMAIN CONTROLLERS - SID: S-1-5-9 - SIDType: 5 - Status: OK Name: SELF - SID: S-1-5-10 - SIDType: 5 - Status: OK Name: Authenticated Users - SID: S-1-5-11 - SIDType: 5 - Status: OK Name: RESTRICTED - SID: S-1-5-12 - SIDType: 5 - Status: OK Name: TERMINAL SERVER USER - SID: S-1-5-13 - SIDType: 5 - Status: OK Name: REMOTE INTERACTIVE LOGON - SID: S-1-5-14 - SIDType: 5 - Status: OK Name: IUSR - SID: S-1-5-17 - SIDType: 5 - Status: OK Name: LOCAL SERVICE - SID: S-1-5-19 - SIDType: 5 - Status: OK Name: NETWORK SERVICE - SID: S-1-5-20 - SIDType: 5 - Status: OK Name: BUILTIN - SID: S-1-5-32 - SIDType: 3 - Status: OK ---------- | Drives C:\ -> [Fixed] | [] | Total : 930.13 Go | Free : 796.59 Go -> NTFS [SATA] Disk Usage Information [1 total Physical Disks] Physical Drive #0 [C:] : Read:22,815,698 bytes/sec, Written:194,400 bytes/sec Max Read:22,815,698 bytes/sec, Max Write:194,400 bytes/sec Overall - Read Maximum:22,815,698 bytes/sec, Write Maximum:194,400 bytes/sec DeviceID: \\.\PHYSICALDRIVE0 - Status: OK - IDE - Fixed hard disk media - 4 Part. - PnPID : SCSI\DISK&VEN_&PROD_ST1000DX002-2DV1\4&27C8BE3&0&010000 ---------- | Windows updates Test 1 : Windows Is Activated ---------- | Browsers IE : 11.0.14393.1715 (© Microsoft Corporation. Tous droits réservés.) Default : "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "" ---------- | FlashPlayer FlashPlayer ActiveX : 27.0.0.130 ---------- | Security AV : Windows Defender Enabled AS : Windows Defender Enabled FW : WINDOWS Firewall WMI : OK WU: Windows Update Service [Manual(3)] = Running AS: Windows Defender [Auto(2)] = Running WMI: Windows Management Instrumentation [Auto(2)] = Running ---------- | Running processes 392 | [Owner : SYSTEM | Parent : 4(System) | ?????] - (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (10.0.14393.0) = C:\Windows\System32\smss.exe [16/07/2016 13:42:27] CPU Usage:0 % 572 | [Owner : SYSTEM | Parent : 476() | ?????] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (10.0.14393.0) = C:\Windows\System32\csrss.exe [16/07/2016 13:42:27] CPU Usage:0 % 660 | [Owner : SYSTEM | Parent : 476() | ?????] - (.Microsoft Corporation - Application de démarrage de Windows.) - (10.0.14393.0) = C:\Windows\System32\wininit.exe [16/07/2016 13:42:27] CPU Usage:0 % 732 | [Owner : SYSTEM | Parent : 660(wininit.exe) | ?????] - (.Microsoft Corporation - Applications Services et Contrôleur.) - (10.0.14393.1613) = C:\Windows\System32\services.exe [13/09/2017 15:24:38] CPU Usage:0 % 740 | [Owner : SYSTEM | Parent : 660(wininit.exe) | 13.43 Mo] - (.Microsoft Corporation - Local Security Authority Process.) - (10.0.14393.187) = C:\Windows\System32\lsass.exe [09/08/2017 15:48:11] CPU Usage:0 % 836 | [Owner : SYSTEM | Parent : 732(services.exe) | 59.03 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 13:42:27] CPU Usage:0 % 908 | [Owner : NETWORK SERVICE | Parent : 732(services.exe) | 23.86 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 13:42:27] CPU Usage:0 % 796 | [Owner : SYSTEM | Parent : 732(services.exe) | 121.85 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 13:42:27] CPU Usage:0 % 852 | [Owner : LOCAL SERVICE | Parent : 732(services.exe) | 43.83 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 13:42:27] CPU Usage:0 % 1052 | [Owner : SYSTEM | Parent : 732(services.exe) | 161.41 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 13:42:27] CPU Usage:0 % 1140 | [Owner : LOCAL SERVICE | Parent : 732(services.exe) | 52.39 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 13:42:27] CPU Usage:0 % 1264 | [Owner : LOCAL SERVICE | Parent : 732(services.exe) | 68.12 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 13:42:27] CPU Usage:0 % 1272 | [Owner : SYSTEM | Parent : 732(services.exe) | 10.22 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.2.0.0) = C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [30/09/2017 20:46:05] CPU Usage:0 % 1396 | [Owner : NETWORK SERVICE | Parent : 732(services.exe) | 47.64 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 13:42:27] CPU Usage:0 % 1600 | [Owner : LOCAL SERVICE | Parent : 732(services.exe) | 30.16 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 13:42:27] CPU Usage:0 % 1736 | [Owner : LOCAL SERVICE | Parent : 732(services.exe) | 39.48 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 13:42:27] CPU Usage:0 % 1868 | [Owner : SYSTEM | Parent : 732(services.exe) | 41.33 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 13:42:27] CPU Usage:0 % 2008 | [Owner : SYSTEM | Parent : 1868(svchost.exe) | 6.52 Mo] - (.Microsoft Corporation - Infrastructure d’extensibilité pour les services réseau Windows sans fil 802.11.) - (10.0.14393.0) = C:\Windows\System32\wlanext.exe [16/07/2016 13:42:13] CPU Usage:0 % 2028 | [Owner : SYSTEM | Parent : 2008(wlanext.exe) | 4.38 Mo] - (.Microsoft Corporation - Console Window Host.) - (10.0.14393.0) = C:\Windows\System32\conhost.exe [16/07/2016 13:42:23] CPU Usage:0 % 1456 | [Owner : SYSTEM | Parent : 732(services.exe) | 12.12 Mo] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.14393.953) = C:\Windows\System32\spoolsv.exe [13/04/2017 19:37:56] CPU Usage:0 % 2232 | [Owner : SYSTEM | Parent : 732(services.exe) | 69 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 13:42:27] CPU Usage:0 % 2312 | [Owner : SYSTEM | Parent : 732(services.exe) | 7.07 Mo] - (.Rivet Networks - Killer Network Service.) - (1.1.57.1125) = C:\Program Files\Killer Networking\Network Manager\KillerService.exe [28/01/2016 15:54:40] CPU Usage:1 % 2344 | [Owner : NETWORK SERVICE | Parent : 732(services.exe) | 8.8 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.4.2250.7081) = C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [01/10/2017 00:18:55] CPU Usage:0 % 2384 | [Owner : SYSTEM | Parent : 732(services.exe) | 21.42 Mo] - (.Micro-Star Int'l Co., Ltd. - GamingApp_Service.) - (6.2.0.31) = C:\Program Files (x86)\MSI\Gaming APP\GamingApp_Service.exe [30/09/2017 22:39:54] CPU Usage:0 % 2396 | [Owner : SYSTEM | Parent : 732(services.exe) | 7.79 Mo] - (.MSI - FastBootService.) - (1.0.0.6) = C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe [30/09/2017 22:39:07] CPU Usage:0 % 2404 | [Owner : SYSTEM | Parent : 732(services.exe) | 20.09 Mo] - (.Micro-Star INT'L CO., LTD. - MSI_ActiveX_Service.) - (1.0.1.24) = C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\MSI_ActiveX_Service.exe [30/09/2017 23:17:43] CPU Usage:0 % 2476 | [Owner : SYSTEM | Parent : 732(services.exe) | 8.2 Mo] - (.MSI -.) - (3.0.0.16) = C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe [30/09/2017 22:39:17] CPU Usage:0 % 2484 | [Owner : SYSTEM | Parent : 732(services.exe) | 6.78 Mo] - (.Micro-Star INT'L CO., LTD. - MSI Register Service.) - (1.0.0.6) = C:\MSI\MSIRegister\MSIRegisterService.exe [30/09/2017 22:55:03] CPU Usage:0 % 2552 | [Owner : SYSTEM | Parent : 732(services.exe) | 53.49 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 13:42:27] CPU Usage:0 % 2572 | [Owner : SYSTEM | Parent : 732(services.exe) | ?????] - (.Microsoft Corporation - Antimalware Service Executable.) - (4.10.14393.1613) = C:\Program Files\Windows Defender\MsMpEng.exe [13/09/2017 15:25:03] CPU Usage:0 % 2644 | [Owner : SYSTEM | Parent : 732(services.exe) | 150.05 Mo] - (.Malwarebytes - Malwarebytes Service.) - (3.1.0.556) = C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [30/09/2017 22:13:27] CPU Usage:0 % 2904 | [Owner : SYSTEM | Parent : 732(services.exe) | 7.83 Mo] - (.Micro-Star INT'L CO., LTD. - Gaming Hotkey Service.) - (1.0.0.7) = C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey_Service.exe [30/09/2017 22:39:54] CPU Usage:0 % 2928 | [Owner : SYSTEM | Parent : 732(services.exe) | 11.34 Mo] - (.Micro-Star INT'L CO., LTD. - MSI Live Update Service.) - (1.0.0.50) = C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [30/09/2017 22:54:56] CPU Usage:0 % 3804 | [Owner : SYSTEM | Parent : 732(services.exe) | 20.75 Mo] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.14393.1715) = C:\Windows\System32\SearchIndexer.exe [13/09/2017 15:25:02] CPU Usage:0 % 3924 | [Owner : NETWORK SERVICE | Parent : 836(svchost.exe) | 26.73 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.14393.0) = C:\Windows\System32\wbem\WmiPrvSE.exe [16/07/2016 13:42:31] CPU Usage:0 % 3720 | [Owner : LOCAL SERVICE | Parent : 732(services.exe) | ?????] - (.Microsoft Corporation - Microsoft Network Realtime Inspection Service.) - (4.10.14393.1198) = C:\Program Files\Windows Defender\NisSrv.exe [10/05/2017 19:47:16] CPU Usage:0 % 5984 | [Owner : LOCAL SERVICE | Parent : 732(services.exe) | 22.25 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 13:42:27] CPU Usage:0 % 4484 | [Owner : SYSTEM | Parent : 1840() | ?????] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (10.0.14393.0) = C:\Windows\System32\csrss.exe [16/07/2016 13:42:27] CPU Usage:0 % 4400 | [Owner : SYSTEM | Parent : 1840() | 10.16 Mo] - (.Microsoft Corporation - Application d’ouverture de session Windows.) - (10.0.14393.1378) = C:\Windows\System32\winlogon.exe [12/07/2017 13:11:56] CPU Usage:0 % 2188 | [Owner : DWM-2 | Parent : 4400(winlogon.exe) | 38.56 Mo] - (.Microsoft Corporation - Gestionnaire de fenêtres du Bureau.) - (10.0.14393.0) = C:\Windows\System32\dwm.exe [16/07/2016 13:42:23] CPU Usage:1 % 6704 | [Owner : SYSTEM | Parent : 1272(NVDisplay.Container.exe) | 19.12 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.2.0.0) = C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [30/09/2017 20:46:05] CPU Usage:0 % 5856 | [Owner : SYSTEM | Parent : 732(services.exe) | 13.3 Mo] - (.MSI -.) - (3.0.0.16) = C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe [30/09/2017 23:14:42] CPU Usage:0 % 5812 | [Owner : Villedieu Mathias | Parent : 2644(MBAMService.exe) | 22.7 Mo] - (.Malwarebytes - Malwarebytes Tray Application.) - (3.0.0.1169) = C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [30/09/2017 22:13:25] CPU Usage:0 % 3816 | [Owner : SYSTEM | Parent : 2404(MSI_ActiveX_Service.exe) | 28.1 Mo] - (.Micro-Star INT'L CO., LTD. - VideoCardMonitor.) - (1.0.1.6) = C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\VideoCardMonitorII.exe [30/09/2017 23:17:47] CPU Usage:0 % 6980 | [Owner : SYSTEM | Parent : 2404(MSI_ActiveX_Service.exe) | 27.94 Mo] - (.Micro-Star INT'L CO., LTD. - EyeRest.) - (1.0.1.23) = C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\EyeRest.exe [30/09/2017 23:17:42] CPU Usage:0 % 6860 | [Owner : SYSTEM | Parent : 2404(MSI_ActiveX_Service.exe) | 29 Mo] - (.Micro-Star INT'L CO., LTD. - TriggerModeMonitor.) - (1.0.1.24) = C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\TriggerModeMonitor.exe [30/09/2017 23:17:47] CPU Usage:0 % 7796 | [Owner : Villedieu Mathias | Parent : 732(services.exe) | 82.32 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 13:42:27] CPU Usage:0 % 1908 | [Owner : Villedieu Mathias | Parent : 1052(svchost.exe) | 19.72 Mo] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.14393.0) = C:\Windows\System32\sihost.exe [16/07/2016 13:42:09] CPU Usage:0 % 5520 | [Owner : Villedieu Mathias | Parent : 1052(svchost.exe) | 0.39 Mo] - (.Micro-Star INT'L CO., LTD. - MsiGamingOSD_x86.) - (1.0.0.7) = C:\Program Files (x86)\MSI\Gaming APP\OSD\x86\MsiGamingOSD_x86.exe [30/09/2017 23:16:13] CPU Usage:0 % 8064 | [Owner : Villedieu Mathias | Parent : 1052(svchost.exe) | 54.59 Mo] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.14393.0) = C:\Windows\System32\taskhostw.exe [16/07/2016 13:42:36] CPU Usage:0 % 6260 | [Owner : Villedieu Mathias | Parent : 1052(svchost.exe) | 0.29 Mo] - (.Micro-Star INT'L CO., LTD. - MsiGamingOSD_x64.) - (1.0.0.7) = C:\Program Files (x86)\MSI\Gaming APP\OSD\x64\MsiGamingOSD_x64.exe [30/09/2017 23:16:13] CPU Usage:0 % 4452 | [Owner : Villedieu Mathias | Parent : 836(svchost.exe) | 32.53 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.14393.0) = C:\Windows\System32\RuntimeBroker.exe [16/07/2016 13:42:05] CPU Usage:0 % 4916 | [Owner : Villedieu Mathias | Parent : 1052(svchost.exe) | 6.38 Mo] - (.Micro-Star INT'L CO., LTD. - Gaming Hotkey.) - (1.0.0.19) = C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey.exe [30/09/2017 22:39:54] CPU Usage:0 % 5428 | [Owner : Villedieu Mathias | Parent : 1052(svchost.exe) | 1.71 Mo] - (.MSI - Windows Host Process.) - (1.0.0.1) = C:\Windows\syswow64\muachost.exe [30/09/2017 22:39:20] CPU Usage:0 % 5728 | [Owner : Villedieu Mathias | Parent : 440() | 78.97 Mo] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.14393.1532) = C:\Windows\explorer.exe [09/08/2017 15:47:32] CPU Usage:0 % 1768 | [Owner : Villedieu Mathias | Parent : 836(svchost.exe) | 65.21 Mo] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.14393.447) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [18/01/2017 13:57:17] CPU Usage:0 % 7172 | [Owner : SYSTEM | Parent : 836(svchost.exe) | 7.87 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.14393.0) = C:\Windows\syswow64\wbem\WmiPrvSE.exe [16/07/2016 13:42:56] CPU Usage:0 % 7964 | [Owner : Villedieu Mathias | Parent : 836(svchost.exe) | 64.57 Mo] - (.Microsoft Corporation - Search and Cortana application.) - (10.0.14393.953) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [13/04/2017 19:37:11] CPU Usage:0 % 4656 | [Owner : Villedieu Mathias | Parent : 836(svchost.exe) | 4.88 Mo] - (.-.) - (11.19.856.0) = C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe [01/10/2017 20:04:46] CPU Usage:0 % 4960 | [Owner : Villedieu Mathias | Parent : 836(svchost.exe) | 3.5 Mo] - (.Microsoft Corporation - Host Process for Setting Synchronization.) - (10.0.14393.1198) = C:\Windows\System32\SettingSyncHost.exe [10/05/2017 19:46:20] CPU Usage:0 % 6628 | [Owner : Villedieu Mathias | Parent : 5728(explorer.exe) | 10.55 Mo] - (.Microsoft Corporation - Windows Defender notification icon.) - (4.10.14393.1198) = C:\Program Files\Windows Defender\MSASCuiL.exe [10/05/2017 19:47:16] CPU Usage:0 % 2144 | [Owner : Villedieu Mathias | Parent : 5728(explorer.exe) | 18.86 Mo] - (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) - (1.0.603.0) = C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [30/09/2017 22:16:14] CPU Usage:0 % 5224 | [Owner : Villedieu Mathias | Parent : 5728(explorer.exe) | 8.59 Mo] - (.Microsoft Corporation - Processus hôte Windows (Rundll32).) - (10.0.14393.0) = C:\Windows\System32\rundll32.exe [16/07/2016 13:42:42] CPU Usage:0 % 5756 | [Owner : Villedieu Mathias | Parent : 5728(explorer.exe) | 33.76 Mo] - (.Microsoft Corporation - Microsoft OneDrive.) - (17.3.6998.830) = C:\Users\Villedieu Mathias\AppData\Local\Microsoft\OneDrive\OneDrive.exe [30/09/2017 21:09:03] CPU Usage:0 % 6244 | [Owner : Villedieu Mathias | Parent : 5728(explorer.exe) | 31.1 Mo] - (.Rivet Networks - Killer Network Manager.) - (1.1.57.1125) = C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe [28/01/2016 15:54:10] CPU Usage:0 % 8096 | [Owner : Villedieu Mathias | Parent : 3880() | 43.39 Mo] - (.Creative Technology Ltd - Sound Blaster Cinema 2.) - (1.0.11.0) = C:\Program Files (x86)\Creative\Sound Blaster Cinema 2\Sound Blaster Cinema 2\SBCinema2.exe [30/09/2017 22:26:09] CPU Usage:0 % 7324 | [Owner : Villedieu Mathias | Parent : 3828() | 43.15 Mo] - (.Micro-Star INT'L CO.,LTD. - Fast Boot.) - (1.0.1.11) = C:\Program Files (x86)\MSI\Fast Boot\FastBoot.exe [30/09/2017 22:39:07] CPU Usage:0 % 4148 | [Owner : Villedieu Mathias | Parent : 5728(explorer.exe) | 336.44 Mo] - (.Mozilla Corporation - Firefox.) - (56.0.0.6478) = C:\Program Files\Mozilla Firefox\firefox.exe [30/09/2017 21:12:44] CPU Usage:0 % 4980 | [Owner : Villedieu Mathias | Parent : 6584() | 88.1 Mo] - (.Ubisoft - Uplay launcher.) - (40.0.0.5421) = C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\upc.exe [20/09/2017 15:01:24] CPU Usage:0 % 428 | [Owner : Villedieu Mathias | Parent : 4148(firefox.exe) | 36.41 Mo] - (.Mozilla Corporation - Firefox.) - (56.0.0.6478) = C:\Program Files\Mozilla Firefox\firefox.exe [30/09/2017 21:12:44] CPU Usage:17 % 1432 | [Owner : Villedieu Mathias | Parent : 4148(firefox.exe) | 194.17 Mo] - (.Mozilla Corporation - Firefox.) - (56.0.0.6478) = C:\Program Files\Mozilla Firefox\firefox.exe [30/09/2017 21:12:44] CPU Usage:0 % 1884 | [Owner : Villedieu Mathias | Parent : 4148(firefox.exe) | 508.33 Mo] - (.Mozilla Corporation - Firefox.) - (56.0.0.6478) = C:\Program Files\Mozilla Firefox\firefox.exe [30/09/2017 21:12:44] CPU Usage:1 % 8508 | [Owner : Villedieu Mathias | Parent : 4980(upc.exe) | 32.88 Mo] - (.Ubisoft - Uplay WebCore.) - (40.0.0.5421) = C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UplayWebCore.exe [20/09/2017 15:01:26] CPU Usage:0 % 8888 | [Owner : Villedieu Mathias | Parent : 4980(upc.exe) | 77.85 Mo] - (.Ubisoft - Uplay WebCore.) - (40.0.0.5421) = C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UplayWebCore.exe [20/09/2017 15:01:26] CPU Usage:0 % 8972 | [Owner : Villedieu Mathias | Parent : 4980(upc.exe) | 43.1 Mo] - (.Ubisoft - Uplay WebCore.) - (40.0.0.5421) = C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UplayWebCore.exe [20/09/2017 15:01:26] CPU Usage:0 % 6928 | [Owner : LOCAL SERVICE | Parent : 1600(svchost.exe) | 10.7 Mo] - (.Microsoft Corporation - Isolation graphique de périphérique audio Windows.) - (10.0.14393.0) = C:\Windows\System32\audiodg.exe [16/07/2016 13:42:22] CPU Usage:0 % 4496 | [Owner : Villedieu Mathias | Parent : 1052(svchost.exe) | 69.04 Mo] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.14393.0) = C:\Windows\System32\taskhostw.exe [16/07/2016 13:42:36] CPU Usage:0 % 1108 | [Owner : SYSTEM | Parent : 732(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 13:42:27] CPU Usage:0 % 1592 | [Owner : NETWORK SERVICE | Parent : 836(svchost.exe) | 10.55 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.14393.0) = C:\Windows\syswow64\wbem\WmiPrvSE.exe [16/07/2016 13:42:56] CPU Usage:0 % 7900 | [Owner : Villedieu Mathias | Parent : 4148(firefox.exe) | 34.86 Mo] - (.SosVirus - QuickDiag.) - (31.8.17.1) = C:\Users\Villedieu Mathias\Downloads\QuickDiag.exe [02/10/2017 17:30:37] CPU Usage:0 % 3588 | [Owner : NETWORK SERVICE | Parent : 7288() | 10.78 Mo] - (.Microsoft Corporation - Microsoft Malware Protection Command Line Utility.) - (4.10.14393.1613) = C:\Program Files\Windows Defender\MpCmdRun.exe [13/09/2017 15:25:02] CPU Usage:0 % 9388 | [Owner : SYSTEM | Parent : 836(svchost.exe) | 8.55 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.14393.0) = C:\Windows\System32\wbem\WmiPrvSE.exe [16/07/2016 13:42:31] CPU Usage:0 % ---------- | MD5 [MD5.577119EC77525D3F80FFB03BFACC17D4] - [09/08/2017 15:47:32] - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [4565.3 Ko] - (10.0.14393.1532) : C:\WINDOWS\Explorer.exe [MD5.F4F684066175B77E0C3A000549D2922C] - [16/07/2016 13:42:36] - (.© Microsoft Corporation. Tous droits réservés. - Interpréteur de commandes Windows.) - [227.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\cmd.exe [MD5.77DBC745D957B4F0404ABABC10696784] - [16/07/2016 13:42:27] - (.© Microsoft Corporation. Tous droits réservés. - Processus d’exécution client-serveur.) - [17.72 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\csrss.exe [MD5.DA63852A2B0340E94D74EAF0CD444979] - [16/07/2016 13:42:27] - (.© Microsoft Corporation. - COM Surrogate.) - [20.84 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\dllhost.exe [MD5.951FF70440427DA334B6579D71A19480] - [10/05/2017 19:45:28] - (.© Microsoft Corporation. Tous droits réservés. - DLL du client API BASE Windows NT.) - [684.51 Ko] - (10.0.14393.1198) : C:\WINDOWS\System32\Kernel32.dll [MD5.6F8E95716C1A27FF2FE96D30B147F1C1] - [09/08/2017 15:48:11] - (.© Microsoft Corporation. - Local Security Authority Process.) - [56.05 Ko] - (10.0.14393.187) : C:\WINDOWS\System32\lsass.exe [MD5.4A7015195E49A3BA7DB967B277B21E9D] - [10/05/2017 19:44:46] - (.© Microsoft Corporation. - Distributed COM Services.) - [869.5 Ko] - (10.0.14393.1198) : C:\WINDOWS\System32\rpcss.dll [MD5.C7645D43451C6D94D87F4D07BDE59C89] - [16/07/2016 13:42:42] - (.© Microsoft Corporation. Tous droits réservés. - Processus hôte Windows (Rundll32).) - [68 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\rundll32.exe [MD5.29C7C9F0FE9F048FB47DEE5F66134940] - [13/09/2017 15:24:38] - (.© Microsoft Corporation. Tous droits réservés. - Applications Services et Contrôleur.) - [442.91 Ko] - (10.0.14393.1613) : C:\WINDOWS\System32\services.exe [MD5.36F670D89040709013F6A460176767EC] - [16/07/2016 13:42:27] - (.© Microsoft Corporation. Tous droits réservés. - Processus hôte pour les services Windows.) - [43.45 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\svchost.exe [MD5.C46EA86BF0E7C96235E9064CBAD6ED26] - [18/01/2017 13:57:06] - (.© Microsoft Corporation. Tous droits réservés. - DLL client de l’API uilisateur de Windows multi-utilisateurs.) - [1426.95 Ko] - (10.0.14393.576) : C:\WINDOWS\System32\user32.dll [MD5.C1B1FFC800BE2F31EB2CF8CB40629C69] - [16/07/2016 13:42:27] - (.© Microsoft Corporation. Tous droits réservés. - Application d’ouverture de session Userinit.) - [32.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\userinit.exe [MD5.99A19C9A74E2F9820E501DCE77F84F70] - [16/07/2016 13:42:27] - (.© Microsoft Corporation. Tous droits réservés. - Application de démarrage de Windows.) - [297.11 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Wininit.exe [MD5.CB440E1C4EC9C369EC9DD07B48A83F36] - [12/07/2017 13:11:56] - (.© Microsoft Corporation. Tous droits réservés. - Application d’ouverture de session Windows.) - [658 Ko] - (10.0.14393.1378) : C:\WINDOWS\System32\Winlogon.exe [MD5.323AA1953ED9C01E23F740FA891FE064] - [18/01/2017 13:57:14] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de fonction connexe pour WinSock.) - [570.34 Ko] - (10.0.14393.351) : C:\WINDOWS\System32\Drivers\afd.sys [MD5.A10F989A812B57B9695F6C305907C9C6] - [16/07/2016 13:41:53] - (.© Microsoft Corporation. - ATAPI IDE Miniport Driver.) - [27.84 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\atapi.sys [MD5.65DEB05FC234BFF207379F06F0754402] - [16/07/2016 13:41:53] - (.© Microsoft Corporation. - ATAPI Driver Extension.) - [187.34 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\ataport.sys [MD5.F8FB51B9EF6372610E9B31A1D86B62FC] - [16/07/2016 13:42:35] - (.© Microsoft Corporation. - CD-ROM File System Driver.) - [90 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\cdfs.sys [MD5.613D0137C269187FA298A157E3D14A18] - [16/07/2016 13:41:53] - (.© Microsoft Corporation. - SCSI CD-ROM Driver.) - [169 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\cdrom.sys [MD5.385E6F76E684E7EEEECBBB156C45D191] - [12/07/2017 13:12:04] - (.© Microsoft Corporation. - DFS Namespace Client Driver.) - [141.5 Ko] - (10.0.14393.1378) : C:\WINDOWS\System32\Drivers\dfsc.sys [MD5.10E3515FE5DBA6656FA62C29342EC4A1] - [16/07/2016 13:41:52] - (.© Microsoft Corporation. - High Definition Audio Bus Driver.) - [81.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\hdaudbus.sys [MD5.B54B30992620C97230013A74461C8517] - [16/07/2016 13:41:54] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de port i8042.) - [111.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\i8042prt.sys [MD5.F1DAECC3B3D6399875D4F10529D6A77C] - [16/07/2016 13:42:39] - (.© Microsoft Corporation. - IP Network Address Translator.) - [207.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\ipnat.sys [MD5.F4A3EFC57F7A5406565E6519B25A4C31] - [13/09/2017 15:23:48] - (.© Microsoft Corporation. Tous droits réservés. - Minirdr SMB Windows NT.) - [439.84 Ko] - (10.0.14393.1613) : C:\WINDOWS\System32\Drivers\mrxsmb.sys [MD5.42A3B76320D483D443A60661FE1FEF14] - [09/08/2017 15:48:10] - (.© Microsoft Corporation. Tous droits réservés. - NDIS (Network Driver Interface Specification).) - [1153.34 Ko] - (10.0.14393.1532) : C:\WINDOWS\System32\Drivers\ndis.sys [MD5.C2B9D1E69B332210E87C22CD94665BA3] - [13/09/2017 15:23:47] - (.© Microsoft Corporation. - MBT Transport driver.) - [272.5 Ko] - (10.0.14393.1715) : C:\WINDOWS\System32\Drivers\netbt.sys [MD5.172FC8ECA11632F533CD58497464BCE2] - [13/09/2017 15:23:28] - (.© Microsoft Corporation. Tous droits réservés. - Pilote du système de fichiers NT.) - [2200.84 Ko] - (10.0.14393.1613) : C:\WINDOWS\System32\Drivers\ntfs.sys [MD5.6B81BF7853D161DB8AC62CD8B9C2DE6B] - [16/07/2016 13:41:53] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de port parallèle.) - [94.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\parport.sys [MD5.17E565710172ED71B8531D8822E1C5D1] - [16/07/2016 13:42:39] - (.© Microsoft Corporation. - RAS L2TP mini-port/call-manager driver.) - [102.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\rasl2tp.sys [MD5.7135785C21CA79D270D11037C43D3F19] - [16/07/2016 13:44:03] - (.© Microsoft Corporation. Tous droits réservés. - Redirecteur de périphérique de Microsoft RDP.) - [173 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\rdpdr.sys [MD5.03B9DF5A59B5A201D9B7409EF1C50F6B] - [13/09/2017 15:24:40] - (.© Microsoft Corporation. Tous droits réservés. - Pilote TCP/IP.) - [2473.34 Ko] - (10.0.14393.1715) : C:\WINDOWS\System32\Drivers\tcpip.sys [MD5.3CE84BB06DB5FD6ABF2DE88294E56EDE] - [13/09/2017 15:24:45] - (.© Microsoft Corporation. - TDI Translation Driver.) - [115.34 Ko] - (10.0.14393.1613) : C:\WINDOWS\System32\Drivers\tdx.sys [MD5.BF2546583BB75F01DDA60A7921DFB230] - [16/07/2016 13:42:35] - (.© Microsoft Corporation. - Volume Shadow Copy driver.) - [382.34 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\volsnap.sys ---------- | Locked Applications ---------- | Explorer.exe component call (Microsoft Files Whitelisted) (..-..) - (0.0.0.0) -- C:\WINDOWS\SYSTEM32\CoreUIComponents.dll (.SQLite Development Team.-.SQLite is a software library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine..) - (3.12.2.0) -- C:\WINDOWS\System32\winsqlite3.dll (.NVIDIA Corporation.-.NVIDIA Driver Loader, Version 385.69.) - (22.21.13.8569) -- C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_63f40b686fe9309f\nvldumdx.dll (.NVIDIA Corporation.-.NVIDIA D3D10 Driver, Version 385.69.) - (22.21.13.8569) -- C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_63f40b686fe9309f\nvwgf2umx_cfg.dll (.NVIDIA Corporation.-.NVIDIA Capture Server Proxy.) - (3.9.0.61) -- C:\WINDOWS\system32\nvspcap64.dll ---------- | Svchost.exe component call (Microsoft Files Whitelisted) (.SQLite Development Team.-.SQLite is a software library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine..) - (3.12.2.0) -- C:\WINDOWS\System32\winsqlite3.dll (.NVIDIA Corporation.-.NVIDIA Capture Server Proxy.) - (3.9.0.61) -- C:\WINDOWS\system32\nvspcap64.dll (.NVIDIA Corporation.-.NVIDIA NVAPI Library, Version 385.69.) - (22.21.13.8569) -- C:\WINDOWS\system32\nvapi64.dll ---------- | ZeroAccess Check [HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll [HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll [HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll ---------- | Startings up OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-19\SOFTWARE\...\Run]) - User: NT AUTHORITY\LOCAL SERVICE OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-20\SOFTWARE\...\Run]) - User: NT AUTHORITY\NETWORK SERVICE OneDrive - ("C:\Users\Villedieu Mathias\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background [HKU\S-1-5-21-2840930965-2178098826-1748127505-1001\SOFTWARE\...\Run]) - User: DESKTOP-3EGGP8T\Villedieu Mathias Killer Network Manager - (C:\PROGRA~1\KILLER~1\NETWOR~1\NETWOR~1.EXE -minimize [Common Startup]) - User: Public WindowsDefender - ("%ProgramFiles%\Windows Defender\MSASCuiL.exe" [HKLM\SOFTWARE\...\Run]) - User: Public RTHDVCPL - ("C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s [HKLM\SOFTWARE\...\Run]) - User: Public MBCfg64 - (C:\WINDOWS\system32\RunDLL32.exe C:\WINDOWS\system32\MBCfg64.dll,RunDLLEntry MBCfg64 [HKLM\SOFTWARE\...\Run]) - User: Public ShadowPlay - ("C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart [HKLM\SOFTWARE\...\Run]) - User: Public [HKU\S-1-5-21-2840930965-2178098826-1748127505-1001\Software\Microsoft\Command Processor] "CompletionChar"=9 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=9 [HKU\S-1-5-21-2840930965-2178098826-1748127505-1001\Software\Microsoft\Windows\CurrentVersion\Run] "OneDrive"="C:\Users\Villedieu Mathias\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background [HKU\S-1-5-21-2840930965-2178098826-1748127505-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run] "OneDrive"=0x020000000000000000000000 [HKU\S-1-5-21-2840930965-2178098826-1748127505-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "Device"=Microsoft Print to PDF,winspool,Ne01: "IsMRUEstablished"=0 "LegacyDefaultPrinterMode"=0 [HKLM\Software\Microsoft\Command Processor] "CompletionChar"=64 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=64 [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsDefender"="%ProgramFiles%\Windows Defender\MSASCuiL.exe" "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s "MBCfg64"=C:\WINDOWS\system32\RunDLL32.exe C:\WINDOWS\system32\MBCfg64.dll,RunDLLEntry MBCfg64 "ShadowPlay"="C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run] "WindowsDefender"=0x060000000000000000000000 "RTHDVCPL"=0x020000000000000000000000 "NvBackend"=0x020000000000000000000000 "ShadowPlay"=0x020000000000000000000000 "MBCfg64"=0x020000000000000000000000 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32] "UpdReg"=0x020000000000000000000000 "Live Update"=0x020000000000000000000000 "MSIRegister"=0x020000000000000000000000 "Sound Blaster Cinema 2"=0x020000000000000000000000 "Command Center"=0x020000000000000000000000 "Fast Boot"=0x020000000000000000000000 [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] ""=mnmsrvc "AppInit_DLLs"= "DdeSendTimeout"=0 "DesktopHeapLogging"=1 "DeviceNotSelectedTimeout"=15 "DwmInputUsesIoCompletionPort"=1 "EnableDwmInputProcessing"=7 "GDIProcessHandleQuota"=10000 "IconServiceLib"=IconCodecService.dll "LoadAppInit_DLLs"=0 "NaturalInputHandler"=Ninput.dll "ShutdownWarningDialogTimeout"=4294967295 "Spooler"=yes "ThreadUnresponsiveLogTimeout"=500 "TransmissionRetryTimeout"=90 "USERNestedWindowLimit"=50 "USERPostMessageLimit"=10000 "USERProcessHandleQuota"=10000 "Win32kLastWriteTime"=1D27181FD45603C [HKLM\Software\WOW6432Node\Microsoft\Command Processor] "CompletionChar"=64 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=64 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] "Sound Blaster Cinema 2"="C:\Program Files (x86)\Creative\Sound Blaster Cinema 2\Sound Blaster Cinema 2\SBCinema2.exe" /r "UpdReg"=C:\WINDOWS\UpdReg.EXE [30/09/2017 22:27:07] "Live Update"=C:\Program Files (x86)\MSI\Live Update\Live Update.exe /REMINDER "MSIRegister"="C:\MSI\MSIRegister\MSIRegister.exe" "Command Center"=C:\Program Files (x86)\MSI\Command Center\StartCommandCenter.exe [30/09/2017 22:39:17] "Fast Boot"=C:\Program Files (x86)\MSI\Fast Boot\StartFastBoot.exe [30/09/2017 22:39:07] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows] ""=mnmsrvc "AppInit_DLLs"= "DdeSendTimeout"=0 "DesktopHeapLogging"=1 "DeviceNotSelectedTimeout"=15 "DwmInputUsesIoCompletionPort"=1 "EnableDwmInputProcessing"=7 "GDIProcessHandleQuota"=10000 "IconServiceLib"=IconCodecService.dll "LoadAppInit_DLLs"=0 "NaturalInputHandler"=Ninput.dll "ShutdownWarningDialogTimeout"=4294967295 "Spooler"=yes "ThreadUnresponsiveLogTimeout"=500 "TransmissionRetryTimeout"=90 "USERNestedWindowLimit"=50 "USERPostMessageLimit"=10000 "USERProcessHandleQuota"=10000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED} ---------- | Win.ini : ---------- | System.ini : ---------- | Tasks List MSIGH_Host MSIOSDx64_Host MSIOSDx86_Host MSISW_Host NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} OneDrive Standalone Update Task-S-1-5-21-2840930965-2178098826-1748127505-1001 User_Feed_Synchronization-{FFCA0006-BC86-4E5D-BAB4-2320F0E36450} ---------- | Startings up registry ? Folder ---------- | Other keys [HKLM\System\CurrentControlSet\Control\SecurityProviders] "SecurityProviders"=credssp.dll [HKLM\System\CurrentControlSet\Control\Terminal Server] "AllowRemoteRPC"=0 "DelayConMgrTimeout"=0 "DeleteTempDirsOnExit"=1 "fDenyTSConnections"=1 "fSingleSessionPerUser"=1 "NotificationTimeOut"=0 "PerSessionTempDir"=0 "ProductVersion"=5.1 "RailShowallNotifyIcons"=1 "RCDependentServices"=CertPropSvc SessionEnv "RDPVGCInstalled"=1 "SnapshotMonitors"=1 "StartRCM"=0 "TSUserEnabled"=0 "InstanceID"=3350a500-6b7c-4783-a306-0ada4ad "GlassSessionId"=2 [HKLM\System\CurrentControlSet\Control\Session Manager] "AutoChkTimeout"=8 "BootExecute"=autocheck autochk * "BootShell"=%SystemRoot%\system32\bootim.exe "CriticalSectionTimeout"=2592000 "ExcludeFromKnownDlls"= "GlobalFlag"=0 "HeapDeCommitFreeBlockThreshold"=0 "HeapDeCommitTotalFreeThreshold"=0 "HeapSegmentCommit"=0 "HeapSegmentReserve"=0 "InitConsoleFlags"=0 "NumberOfInitialSessions"=2 "ObjectDirectories"=\Windows \RPC Control "ProcessorControl"=2 "ProtectionMode"=1 "ResourceTimeoutCount"=648000 "RunLevelExecute"=WinInit ServiceControlManager "RunLevelValidate"=ServiceControlManager "SETUPEXECUTE"= "PendingFileRenameOperations"=\??\C:\WINDOWS\AppCompat\Programs\Amcache.hve.tmp !\??\C:\WINDOWS\AppCompat\Programs\Amcache.hve [HKLM\System\CurrentControlSet\Control] "BootDriverFlags"=28 "CurrentUser"=USERNAME "EarlyStartServices"=RpcSs Power BrokerInfrastructure SystemEventsBroker DcomLaunch RpcEpMapper LSM AppIdSvc "PreshutdownOrder"=UsoSvc gpsvc trustedinstaller "WaitToKillServiceTimeout"=200 "SystemStartOptions"= NOEXECUTE=OPTIN "SystemBootDevice"=multi(0)disk(0)rdisk(0)partition(4) "FirmwareBootDevice"=multi(0)disk(0)rdisk(0)partition(2) "LastBootSucceeded"=1 "LastBootShutdown"=1 "ServicesPipeTimeout"=60000 [HKLM\System\CurrentControlSet\Control\lsa] "auditbasedirectories"=0 "auditbaseobjects"=0 "Bounds"=0x0030000000200000 "crashonauditfail"=0 "fullprivilegeauditing"=0x00 "LimitBlankPasswordUse"=1 "NoLmHash"=1 "Security Packages"="" [14/04/2017 04:16:29] "Notification Packages"=scecli "Authentication Packages"=msv1_0 "disabledomaincreds"=0 "everyoneincludesanonymous"=0 "forceguest"=0 "LsaPid"=740 "ProductType"=6 "restrictanonymous"=0 "restrictanonymoussam"=1 "SamConnectedAccountsExist"=1 "SecureBoot"=1 ---------- | .LNK with Arguments ---------- | AppCertDlls ---------- | Dnsapi.dll C:\WINDOWS\System32\dnsapi.dll -> OK : \drivers\etc\hosts C:\WINDOWS\SysWOW64\dnsapi.dll -> OK : \drivers\etc\hosts ---------- | Policies | Registry [HKU\S-1-5-21-2840930965-2178098826-1748127505-1001\Control Panel\Desktop] "ActiveWndTrackTimeout"=0 "BlockSendInputResets"=0 "CaretWidth"=1 "ClickLockTime"=1200 "CoolSwitchColumns"=7 "CoolSwitchRows"=3 "CursorBlinkRate"=530 "DockMoving"=1 "DragFromMaximize"=1 "DragFullWindows"=1 "DragHeight"=4 "DragWidth"=4 "FocusBorderHeight"=1 "FocusBorderWidth"=1 "FontSmoothing"=2 "FontSmoothingGamma"=0 "FontSmoothingOrientation"=1 "FontSmoothingType"=2 "ForegroundFlashCount"=7 "LeftOverlapChars"=3 "MenuShowDelay"=400 "MouseWheelRouting"=2 "PaintDesktopVersion"=0 "RightOverlapChars"=3 "SnapSizing"=1 "TileWallpaper"=0 "WallpaperOriginX"=0 "WallpaperOriginY"=0 "WheelScrollChars"=3 "WheelScrollLines"=3 "WindowArrangementActive"=1 "ScreenSaveActive"=1 "ForegroundLockTimeout"=0 "Pattern"= "WallPaper"=C:\Windows\Web\Wallpaper\MSI\MSI Gaming.jpg "WallpaperStyle"=2 "Win8DpiScaling"=0 "DpiScalingVer"=4096 "UserPreferencesMask"=0x9E1E078012000000 "MaxVirtualDesktopDimension"=2715 "MaxMonitorDimension"=1920 "TranscodedImageCount"=1 "LastUpdated"=4294967295 "TranscodedImageCache"=0x7AC30100184D030080070000380400000004838CD93CCF0143003A005C00570069006E0064006F00770073005C005700650062005C00570061006C006C00700061007000650072005C004D00530049005C004D005300490020002000470061006D0069006E0067002E006A007000670000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 "PreferredUILanguages"=fr-FR "LowLevelHooksTimeout"=200 "ActiveWndTrkTimeout"=0 "WaitToKillAppTimeout"=200 [HKU\S-1-5-21-2840930965-2178098826-1748127505-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{018D5C66-4533-4307-9B53-224DE2ED1FE6}"=1 [HKU\S-1-5-21-2840930965-2178098826-1748127505-1001\Software\Microsoft\Windows\CurrentVersion\Explorer] "ExplorerStartupTraceRecorded"=1 "ShellState"=0x240000003428000000000000000000000000000001000000130000000000000062000000 "UserSignedIn"=1 "SlowContextMenuEntries"=0x10901EF8A46ECE11A7FF00AA003CA9F690020000AF75193DC6488E4FA182BE0E08FA86A9770E00000114020000000000C000000000000046650400006078A409B011A54DAFA526D86198A780EE0200006024B221EA3A6910A2DC08002B30309D8A030000 "SIDUpdatedOnLibraries"=1 "LocalKnownFoldersMigrated"=1 "GlobalAssocChangedCounter"=34 "TelemetrySalt"=5 "FirstRunTelemetryComplete"=1 "AppReadinessLogonComplete"=1 "link"=0x15000000 [HKU\S-1-5-21-2840930965-2178098826-1748127505-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_SearchFiles"=2 "StoreAppsOnTaskbar"=1 "ServerAdminUI"=0 "Hidden"=2 "ShowCompColor"=1 "HideFileExt"=1 "DontPrettyPath"=0 "ShowInfoTip"=1 "HideIcons"=0 "MapNetDrvBtn"=0 "WebView"=1 "Filter"=0 "ShowSuperHidden"=0 "SeparateProcess"=0 "AutoCheckSelect"=0 "IconsOnly"=0 "ShowTypeOverlay"=1 "ShowStatusBar"=1 "ListviewAlphaSelect"=1 "ListviewShadow"=1 "TaskbarAnimations"=1 "StartMenuInit"=13 "TaskbarStateLastRun"=0xC0EBCF5900000000 "ReindexedProfile"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=0 "ConsentPromptBehaviorUser"=3 "DSCAutomationHostEnabled"=2 "EnableCursorSuppression"=1 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableVirtualization"=1 "PromptOnSecureDesktop"=0 "ValidateAdminCodeSignatures"=0 "undockwithoutlogon"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "ForceActiveDesktopOn"=0 "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "NoRecentDocsHistory"=0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoAddingComponents"=1 "NoComponents"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "CheckedValue"=1 "DefaultValue"=2 "HKeyRoot"=2147483649 "Id"=2 "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "ValueName"=Hidden [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer] "AccessDeniedDialog"={100B4FC8-74C1-470F-B1B7-DD7B6BAE79BD} "ActiveSetupDisabled"=0 "ActiveSetupTaskOverride"=1 "AsyncRunOnce"=1 "AsyncUpdatePCSettings"=1 "DisableAppInstallsOnFirstLogon"=1 "DisableResolveStoreCategories"=1 "DisableUpgradeCleanup"=1 "EarlyAppResolverStart"=1 "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "FSIASleepTimeInMs"=60000 "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "IconUnderline"=2 "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "MachineOobeUpdates"=1 "NoWaitOnRoamingPayloads"=1 "TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd} "SmartScreenEnabled"=Off "GlobalAssocChangedCounter"=2 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_TrackDocs"=1 "TaskbarSizeMove"=0 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=0 "ConsentPromptBehaviorUser"=3 "DSCAutomationHostEnabled"=2 "EnableCursorSuppression"=1 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableVirtualization"=1 "PromptOnSecureDesktop"=0 "ValidateAdminCodeSignatures"=0 "undockwithoutlogon"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer] "ForceActiveDesktopOn"=0 "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "NoRecentDocsHistory"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoAddingComponents"=1 "NoComponents"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "CheckedValue"=1 "DefaultValue"=2 "HKeyRoot"=2147483649 "Id"=2 "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "ValueName"=Hidden [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer] "AccessDeniedDialog"={100B4FC8-74C1-470F-B1B7-DD7B6BAE79BD} "ActiveSetupDisabled"=0 "ActiveSetupTaskOverride"=1 "AsyncRunOnce"=1 "AsyncUpdatePCSettings"=1 "DisableAppInstallsOnFirstLogon"=1 "DisableResolveStoreCategories"=1 "DisableUpgradeCleanup"=1 "EarlyAppResolverStart"=1 "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "FSIASleepTimeInMs"=60000 "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "IconUnderline"=2 "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "MachineOobeUpdates"=1 "NoWaitOnRoamingPayloads"=1 "TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd} "GlobalAssocChangedCounter"=4 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_TrackDocs"=1 "TaskbarSizeMove"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s ---------- | Winlogon [HKU\S-1-5-21-2840930965-2178098826-1748127505-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin;OneDrive;Work Folders "BuildNumber"=14393 "FirstLogon"=0 "PUUActive"=0x1CFBE41E020000000400090091800000F49D0000DF500100D10000000A000C007AE00CBCCE53010006A60000F0210000812000007801000000000000127D0000A4010000690000002BB641868E3BD30103E00000000000000100000000000000 "ParseAutoexec"=1 [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "AutoRestartShell"=1 "Background"=0 0 0 "CachedLogonsCount"=10 "DebugServerCommand"=no "DefaultDomainName"= "DisableBackButton"=1 "EnableSIHostIntegration"=1 "ForceUnlockLogon"=0 "LegalNoticeCaption"= "LegalNoticeText"= "PasswordExpiryWarning"=5 "PowerdownAfterShutdown"=0 "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "ReportBootOk"=1 "Shell"=explorer.exe "ShellCritical"=0 "ShellInfrastructure"=sihost.exe "SiHostCritical"=0 "SiHostReadyTimeOut"=0 "SiHostRestartCountLimit"=0 "SiHostRestartTimeGap"=0 "Userinit"=C:\WINDOWS\system32\userinit.exe, "VMApplet"=SystemPropertiesPerformance.exe /pagefile "WinStationsDisabled"=0 "LastLogOffEndTimePerfCounter"=77175099010 "ShutdownFlags"=2147483687 "AutoAdminLogon"=0 "DefaultUserName"=Villedieu Mathias "DisableCAD"=1 "EnableFirstLogonAnimation"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon] "DefaultDomainName"= "DefaultUserName"= "EnableSIHostIntegration"=1 "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "Shell"=explorer.exe "ShellCritical"=0 "SiHostCritical"=0 "SiHostReadyTimeOut"=0 "SiHostRestartCountLimit"=0 "SiHostRestartTimeGap"=0 ---------- | Associations [HKLM\Software\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\Classes\.com] ""=comfile [HKLM\Software\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.reg] ""=regfile [HKLM\Software\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\Classes\.scr] ""=scrfile [HKLM\Software\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\Classes\.bat] ""=batfile [HKLM\Software\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.cmd] ""=cmdfile [HKLM\Software\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.pif] ""=piffile [HKLM\Software\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.inf] ""=inffile [HKLM\Software\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\Classes\.url] ""=InternetShortcut [HKLM\Software\Classes\.lnk] ""=lnkfile [HKLM\Software\Classes\.hta] ""=htafile "Content Type"=application/hta "PerceivedType"=text [HKLM\Software\Classes\htafile\Shell\Open\Command] ""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* [HKLM\Software\Classes\InternetShortcut] "EditFlags"=2 "FriendlyTypeName"=@C:\Windows\System32\ieframe.dll,-10046 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "NeverShowExt"= "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment [HKLM\Software\Classes\Application.Manifest] ""=Application Manifest "BrowserFlags"=4096 "EditFlags"=4259840 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200 [HKLM\Software\Classes\Application.Reference] ""=Application Reference "EditFlags"=131072 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201 "IsShortcut"= "NeverShowExt"= [HKLM\Software\Classes\Folder] ""=Folder "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeLayoutPatternForSearch"=alpha "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.HomeGroupSharingStatus [HKLM\Software\WOW6432Node\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\WOW6432Node\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\WOW6432Node\Classes\.com] ""=comfile [HKLM\Software\WOW6432Node\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.reg] ""=regfile [HKLM\Software\WOW6432Node\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\WOW6432Node\Classes\.scr] ""=scrfile [HKLM\Software\WOW6432Node\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\WOW6432Node\Classes\.bat] ""=batfile [HKLM\Software\WOW6432Node\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.cmd] ""=cmdfile [HKLM\Software\WOW6432Node\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.pif] ""=piffile [HKLM\Software\WOW6432Node\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.inf] ""=inffile [HKLM\Software\WOW6432Node\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\WOW6432Node\Classes\.url] ""=InternetShortcut [HKLM\Software\WOW6432Node\Classes\.lnk] ""=lnkfile [HKLM\Software\WOW6432Node\Classes\.hta] ""=htafile "Content Type"=application/hta "PerceivedType"=text [HKLM\Software\WOW6432Node\Classes\htafile\Shell\Open\Command] ""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* [HKLM\Software\WOW6432Node\Classes\InternetShortcut] "EditFlags"=2 "FriendlyTypeName"=@C:\Windows\System32\ieframe.dll,-10046 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "NeverShowExt"= "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment [HKLM\Software\WOW6432Node\Classes\Application.Manifest] ""=Application Manifest "BrowserFlags"=4096 "EditFlags"=4259840 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200 [HKLM\Software\WOW6432Node\Classes\Application.Reference] ""=Application Reference "EditFlags"=131072 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201 "IsShortcut"= "NeverShowExt"= [HKLM\Software\WOW6432Node\Classes\Folder] ""=Folder "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeLayoutPatternForSearch"=alpha "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.HomeGroupSharingStatus [HKU\S-1-5-21-2840930965-2178098826-1748127505-1001\Software\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\Shell\open\Command] ""="C:\Program Files\Mozilla Firefox\firefox.exe" [HKU\S-1-5-21-2840930965-2178098826-1748127505-1001\Software\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\InstallInfo] "ReinstallCommand"="C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\Shell\open\Command] ""="C:\Program Files\Mozilla Firefox\firefox.exe" [HKLM\Software\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\InstallInfo] "ReinstallCommand"="C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""=C:\Program Files\Internet Explorer\iexplore.exe [13/09/2017 15:23:48] [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\Shell\open\Command] ""="C:\Program Files\Mozilla Firefox\firefox.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\InstallInfo] "ReinstallCommand"="C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""=C:\Program Files\Internet Explorer\iexplore.exe [13/09/2017 15:23:48] [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall ---------- | AppcompatFlags [HKU\S-1-5-21-2840930965-2178098826-1748127505-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted] "C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\upc.exe"=32 [HKU\S-1-5-21-2840930965-2178098826-1748127505-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store] "C:\Users\Villedieu Mathias\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"=0x5341435001000000000000000700000028000000D0A474012679750101000000000000000000000A0021000033504C2B57DFD1010000000100000000 "C:\Users\Villedieu Mathias\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D0E20300117A040001000000000000000000000A7120000033504C2B57DFD1010000000100000000 "C:\Users\Villedieu Mathias\Downloads\Firefox Installer (1).exe"=0x534143500100000000000000070000002800000008C103000ACC030001000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000C0CB0900000000000100000001000000 "C:\Users\Villedieu Mathias\AppData\Roaming\ZHP\ZHPCleaner.exe"=0x5341435001000000000000000700000028000000009E280098C928000100000000000000000003060001000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000A4FE0000000000000100000001000000 "C:\Users\Villedieu Mathias\ZHPCleaner.exe"=0x534143500100000000000000070000002800000080D92C0086662D000100000000000000000003060001000033504C2B57DFD1010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000048140900000000000600000006000000 "C:\Program Files\Mozilla Firefox\firefox.exe"=0x5341435001000000000000000700000028000000D0C70700A8DC070001000000000000000000000A00210000D5B3B31A57DFD1010000000100000000 "C:\Users\Villedieu Mathias\Downloads\Battle.net-Setup.exe"=0x5341435001000000000000000700000028000000F055310097F0310001000000000000000000000A0021000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000066D10400000000000100000001000000 "C:\Users\Villedieu Mathias\Downloads\UplayInstaller.exe"=0x534143500100000000000000070000002800000090AD8A04980D8B0401000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000C87B0000000000000100000001000000 "C:\Program Files (x86)\Blizzard App\Battle.net Launcher.exe"=0x5341435001000000000000000700000028000000E84531004460310001000000000000000000000A0021000033504C2B57DFD1010000000000000000020000002800000000000000800000000000000000000000000000000000000082FE6000000000000300000003000000 "C:\Program Files\Mozilla Firefox\pingsender.exe"=0x5341435001000000000000000700000028000000D0F70000DA86010001000000000000000000000A73200000D5B3B31A57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000FA0D0000000000000B0000000B000000 "C:\Users\Villedieu Mathias\Downloads\mb3-setup-35891.35891-3.2.2.2029.exe"=0x534143500100000000000000070000002800000058D5130468E8130401000000000000000000000A0021000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000082B00700000000000100000001000000 "C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe"=0x5341435001000000000000000700000028000000D07591001008920001000000000000000000000A7122000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000062F70300000000000300000003000000 "C:\Users\Villedieu Mathias\Downloads\Total-Uninstall-Setup-6.21.0.exe"=0x5341435001000000000000000700000028000000408D9F01C5C69F0101000000000000000000000A0021000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000001EC80100000000000100000001000000 "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exe"=0x5341435001000000000000000700000028000000C0A14800D0C3480001000000000000000000000AF122000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000EEB60300000000000100000001000000 "C:\Program Files\NVIDIA Corporation\Display\nvtray.exe"=0x534143500100000000000000070000002800000038842500F0AD250001000000000000000000000A73220000D5B3B31A57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000000F2A0300000000000200000002000000 "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\LaunchGFExperience.exe"=0x5341435001000000000000000700000028000000C04110004CF610000100000000000000000003060001000033504C2B57DFD101000000000000000002000000280000000000000080000000000000000000000000000000000000000D740200000000000100000001000000 "C:\Program Files (x86)\MSI\Gaming APP\Lib\BIOSData\SCEWIN_64.exe"=0x53414350010000000000000007000000280000000056050031C3050001000000000000000000020673000000D5B3B31A57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000076090000000000000A0000000A000000 "C:\Program Files (x86)\MSI\Live Update\Live Update.exe"=0x5341435001000000000000000700000028000000D01BAD00114FAD0001000000000000000000000A0021000033504C2B57DFD10100000080000000000500000010000000000000000000000000000000000000000200000050000000000000000000000000000000000000000000000000000000A23B000000000000050000000100000000000000000000400000000000000000000000000000000034140000000000000100000000000000 "C:\Program Files\Total Uninstall 6\Tu.exe"=0x5341435001000000000000000700000028000000A8747500B705760001000000000000000000000A00210000D5B3B31A57DFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000039BF0000000000000200000002000000 "SIGN.MEDIA=2A4A4F3 DVDSetup.exe"=0x5341435001000000000000000700000028000000B87D3F00ADE83F0001000000000000000000000A0021000033504C2B57DFD10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000C0140000000000000100000001000000 "SIGN.MEDIA=E3FBF2 Utility\MSI\LiveUpdate6\Live Update 6.exe"=0x5341435001000000000000000700000028000000F0E77100189172000100000000000000000001060001000033504C2B57DFD10100000080000000000200000028000000000000000000008000000000000000000000000000000000131C0000000000000100000001000000 "C:\Program Files\Windows Defender\MSASCui.exe"=0x534143500100000000000000070000002800000000D613004AAE140001000000010000000000000A00210000D5B3B31A57DFD1010000000000000000 "C:\Users\Villedieu Mathias\Downloads\DriversCloud_Win.exe"=0x534143500100000000000000070000002800000030B503009AE503000100000000000000000000067100000033504C2B57DFD101000000000000000002000000280000000000000000080040000000000000000000000000000000001B680100000000000100000001000000 "C:\Users\Villedieu Mathias\Downloads\RAT_7_Mouse_7_0_45_2_x64_Drivers.exe"=0x53414350010000000000000007000000280000006885B2001C96B2000100000000000000000001057100000033504C2B57DFD1010000000000000000020000002800000000000000000800400000000000000000000000000000000062990000000000000100000001000000 "C:\Users\Villedieu Mathias\AppData\Local\Temp\Temp1_Asmedia_USB3.1-3.0_Driver_Win7_V116472_20170821.zip\setup.exe"=0x534143500100000000000000070000002800000020C87E00FC877F0001000000000000000000000A0021000033504C2B57DFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000057580200000000000100000001000000 "C:\Users\Villedieu Mathias\Downloads\amd-chipset-drivers.exe"=0x5341435001000000000000000700000028000000A878DE0A4104DF0A01000000000000000000000A0021000033504C2B57DFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000094610100000000000200000002000000 "C:\Users\Villedieu Mathias\AppData\Local\Temp\Temp1_0009-Win7_Win8_Win81_Win10_R282.zip\Win7_Win8_Win81_Win10_R282\Setup.exe"=0x5341435001000000000000000700000028000000E03B12006E1513000100000000000000000003060001000033504C2B57DFD1010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000059540000000000000200000002000000 "C:\Users\Villedieu Mathias\Downloads\385.69-notebook-win10-64bit-international-whql(1).exe"=0x534143500100000000000000070000002800000010B1391B898F3A1B0100000000000000000002060001000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000E3930A00000000000100000001000000 "C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exe"=0x534143500100000000000000070000002800000058CD0600A125070001000000000000000000000A7122000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000004FE42601000000000400000004000000 "C:\Program Files (x86)\MSI\Command Center\CC_LoadingPage.exe"=0x53414350010000000000000007000000280000006038140009D9140001000000000000000000000AF122000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000006D793D00000000000200000002000000 "C:\Windows\System32\UNPUXWorker.exe"=0x534143500100000000000000070000002800000060570100D7A3010001000000000000000000000A73220000D5B3B31A57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000003E000000000000000200000002000000 "C:\Users\Villedieu Mathias\Downloads\QuickDiag.exe"=0x5341435001000000000000000700000028000000A83D47002252470001000000000000000000000A0021000033504C2B57DFD1010000000000000000 ---------- | IFEO ---------- | Mountpoints2 ---------- | Windows [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] ""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "Beep"=#USR:Control Panel\Sound "CoolSwitch"=USR:Control Panel\Desktop "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickSpeed"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse "Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SwapMouseButtons"=#USR:Control Panel\Mouse "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "Beep"=#USR:Control Panel\Sound "CoolSwitch"=USR:Control Panel\Desktop "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickSpeed"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SwapMouseButtons"=#USR:Control Panel\Mouse "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems] "windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ---------- | Security center [HKU\S-1-5-21-2840930965-2178098826-1748127505-1001\SOFTWARE\Microsoft\Windows Defender] "UIFirstRun"=0 [HKLM\SOFTWARE\Microsoft\Security Center] "cval"=1 [HKLM\SOFTWARE\Microsoft\Security Center\svc] "VistaSp1"=131512707325599362 [HKLM\SOFTWARE\Microsoft\Windows Defender] "ProductAppDataPath"=C:\ProgramData\Microsoft\Windows Defender "ProductIcon"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-100 "ProductLocalizedName"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-1000 "RemediationExe"=%ProgramFiles%\Windows Defender\MSASCui.exe "ProductType"=2 "InstallTime"=0x6E55A56E1B3AD301 "InstallLocation"=C:\Program Files\Windows Defender\ "ProductStatus"=0 "ManagedDefenderProductType"=0 "OOBEInstallTime"=0x6EACCE2B1F3AD301 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall"=1 ---------- | Safeboot [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicDisplay.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicRender.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BrokerInfrastructure] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DeviceInstall] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dxgkrnl.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FsDepends.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LSM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMChameleon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SystemEventsBroker] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicDisplay.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicRender.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BrokerInfrastructure] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DeviceInstall] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dxgkrnl.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\FsDepends.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LSM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMChameleon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmartcardSimulator] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SpbCx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SystemEventsBroker] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TileDataModelSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\uefi.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VirtualSmartcardReader] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wcmsvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}] ---------- | Winsock (Whitelist) ---------- | Hosts ---------- | Ping Envoi d'une requ?te 'ping' sur google.com [216.58.201.238] avec 32 octets de donn?es?: R?ponse de 216.58.201.238?: octets=32 temps=5 ms TTL=54 R?ponse de 216.58.201.238?: octets=32 temps=9 ms TTL=54 R?ponse de 216.58.201.238?: octets=32 temps=3 ms TTL=54 R?ponse de 216.58.201.238?: octets=32 temps=1286 ms TTL=54 Statistiques Ping pour 216.58.201.238: Paquets?: envoy?s = 4, re?us = 4, perdus = 0 (perte 0%), Dur?e approximative des boucles en millisecondes : Minimum = 3ms, Maximum = 1286ms, Moyenne = 325ms ---------- | @ [HKU\S-1-5-21-2840930965-2178098826-1748127505-1001\Software\Microsoft\Internet Explorer\Main] "Anchor Underline"=yes "Cache_Update_Frequency"=yes "Disable Script Debugger"=yes "DisableScriptDebuggerIE"=yes "Display Inline Images"=yes "Do404Search"=0x01000000 "Local Page"=%11%\blank.htm "Save_Session_History_On_Exit"=no "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Show_FullURL"=no "Show_StatusBar"=yes "Show_ToolBar"=yes "Show_URLinStatusBar"=yes "Show_URLToolBar"=yes "Use_DlgBox_Colors"=yes "UseClearType"=no "XMLHTTP"=1 "Enable Browser Extensions"=yes "Play_Background_Sounds"=yes "Play_Animations"=yes "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy"=0x0100000033000000309DF32E5BF3E87010BAFC402A29A41297AEE77B88B16CF66D1C87B7FF8A4CBC9622C44CF49FBECF5C83D004101CA94D0D3C2C02000000100000002532626F696245396C35355573253364 "OperationalData"=12 "CompatibilityFlags"=0 "FullScreen"=no "Window_Placement"=0x2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF240000002400000073040000A5020000 "ImageStoreRandomFolder"=275s7k9 "Start Page_TIMESTAMP"=0x0A4ED0DE223AD301 "IE10RunOnceLastShown"=1 "IE10RunOnceLastShown_TIMESTAMP"=0xAB4919E7223AD301 "IE10TourShown"=1 "IE10TourShownTime"=0x505172C51C3AD301 [HKU\S-1-5-21-2840930965-2178098826-1748127505-1001\Software\Microsoft\Windows\CurrentVersion\Internet settings] "DisableCachingOfSSLPages"=0 "IE5_UA_Backup_Flag"=5.0 "PrivacyAdvanced"=1 "SecureProtocols"=2688 "User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32) "CertificateRevocation"=1 "ZonesSecurityUpgrade"=0x77A00584BB3AD301 "WarnonZoneCrossing"=0 "EnableNegotiate"=1 "MigrateProxy"=1 "ProxyEnable"=0 [HKLM\Software\Microsoft\Internet Explorer\Main] "Anchor_Visitation_Horizon"=0x01000000 "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "AutoHide"=yes "Cache_Percent_of_Disk"=0x0A000000 "Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Secondary_Page_URL"= "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "Extensions Off Page"=about:NoAdd-ons "Local Page"=C:\Windows\System32\blank.htm "Placeholder_Height"=0x1A000000 "Placeholder_Width"=0x1A000000 "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Security Risk Page"=about:SecurityRisk "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Use_Async_DNS"=yes "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [HKLM\Software\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "Home"=270 "InPrivate"=res://ieframe.dll/inprivate.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "PostNotCached"=res://ieframe.dll/repost.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes] "ftp"=ftp:// "home"=http:// "mosaic"=http:// "www"=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings] "ActiveXCache"=C:\Windows\Downloaded Program Files "CodeBaseSearchPath"=CODEBASE "EnablePunycode"=1 "MinorVersion"=0 "WarnOnIntranet"=1 [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Main] "Anchor_Visitation_Horizon"=0x01000000 "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "AutoHide"=yes "Cache_Percent_of_Disk"=0x0A000000 "Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Secondary_Page_URL"= "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "Extensions Off Page"=about:NoAdd-ons "Local Page"=C:\Windows\SysWOW64\blank.htm "Placeholder_Height"=0x1A000000 "Placeholder_Width"=0x1A000000 "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Security Risk Page"=about:SecurityRisk "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Use_Async_DNS"=yes "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "Home"=270 "InPrivate"=res://ieframe.dll/inprivate.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "PostNotCached"=res://ieframe.dll/repost.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes] "ftp"=ftp:// "home"=http:// "mosaic"=http:// "www"=http:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet settings] "ActiveXCache"=C:\Windows\Downloaded Program Files "CodeBaseSearchPath"=CODEBASE "EnablePunycode"=1 "MinorVersion"=0 "WarnOnIntranet"=1 ---------- | Proxy [HKLM\System\CurrentControlSet\Services\NLASVC\Parameters\Internet\Manualproxies] ---------- | reparsepoint ---------- | Detection of offsets ---------- | Notify ---------- | Execution FileExts ---------- | SIOI | SEH | URLSH [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} -- C:\Windows\System32\EhStorShell.dll [16/07/2016 13:42:17] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Offline Files] - {4E77131D-3629-431c-9818-C5679DC83E81} -- %SystemRoot%\System32\cscui.dll [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} -- [HKU\S-1-5-21-2840930965-2178098826-1748127505-1001\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks] "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"= ---------- | Toolbar [HKU\S-1-5-21-2840930965-2178098826-1748127505-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "Locked"=1 [HKU\S-1-5-21-2840930965-2178098826-1748127505-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} "KnownProvidersUpgradeTime"=0x505172C51C3AD301 "Version"=5 "UpgradeTime"=0x505172C51C3AD301 [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} ---------- | Extensions ---------- | SearchScopes [HKU\S-1-5-21-2840930965-2178098826-1748127505-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (Bing) - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : ---------- | Browser Helper Objects ---------- | Chrome ---------- | Opera ---------- | Firefox [HKLM\Software\WOW6432Node\MozillaPlugins\@nvidia.com/3DVision] - (NVIDIA stereo images plugin for Mozilla browsers) : C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming] - (NVIDIA 3D Vision Streaming plugin for Mozilla browsers) : C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll C:\Users\Villedieu Mathias\AppData\Roaming\Mozilla\Firefox\Profiles\gs7l9jpl.default\Prefs.js user_pref("browser.startup.homepage", "www.google.com"); user_pref("browser.startup.homepage_override.buildID", "20170926190823"); user_pref("browser.startup.homepage_override.mstone", "56.0"); user_pref("extensions.adblockplus.currentVersion", "2.9.1"); user_pref("extensions.adblockplus.notificationdata", "{\"lastCheck\":1506956510765,\"softExpiration\":1506978867779,\"hardExpiration\":1507071477003,\"data\":{\"notifications\":[],\"version\":\"201710012257\"},\"lastError\":0,\"downloadStatus\":\"synchronize_ok\",\"downloadCount\":2}"); user_pref("extensions.blocklist.pingCountTotal", 3); user_pref("extensions.blocklist.pingCountVersion", 3); user_pref("extensions.databaseSchema", 22); user_pref("extensions.e10s.rollout.blocklist", ""); user_pref("extensions.e10s.rollout.hasAddon", true); user_pref("extensions.e10s.rollout.policy", "50allmpc"); user_pref("extensions.e10sBlockedByAddons", false); user_pref("extensions.e10sMultiBlockedByAddons", true); user_pref("extensions.getAddons.cache.lastUpdate", 1506885716); user_pref("extensions.getAddons.databaseSchema", 5); user_pref("extensions.hotfix.lastVersion", "20170302.01"); user_pref("extensions.lastAppBuildId", "20170926190823"); user_pref("extensions.lastAppVersion", "56.0"); user_pref("extensions.lastPlatformVersion", "56.0"); user_pref("extensions.pendingOperations", false); user_pref("extensions.shield-recipe-client.first_run", false); user_pref("extensions.shield-recipe-client.startupExperimentMigrated", true); user_pref("extensions.shield-recipe-client.user_id", "1f93de29-457f-43aa-a372-79fb8eadca78"); user_pref("extensions.systemAddonSet", "{\"schema\":1,\"addons\":{}}"); user_pref("extensions.ui.dictionary.hidden", true); user_pref("extensions.ui.experiment.hidden", true); user_pref("extensions.ui.lastCategory", "addons://list/plugin"); user_pref("extensions.ui.locale.hidden", true); user_pref("extensions.webextensions.uuids", "{\"screenshots@mozilla.org\":\"04407e09-552f-4a95-a252-6c712d0eef8b\",\"{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\":\"bcca3782-a76a-4c92-88f1-df9fd9f838fe\",\"jid1-NIfFY2CA8fy1tg@jetpack\":\"0ae3b3ea-5e9e-4c58-a20f-c694f48e25dc\"}"); C:\Users\Villedieu Mathias\AppData\Roaming\Mozilla\Firefox\Profiles\gs7l9jpl.default [Profile0] - Name=default -> Profiles/gs7l9jpl.default ---------- | DNS [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters] "DhcpNameServer"=192.168.1.1 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{ad813965-8093-4280-8ed1-80c9f610912f}] "DhcpNameServer"=192.168.1.1 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{ad813965-8093-4280-8ed1-80c9f610912f}] "DhcpNameServer"=192.168.1.1 ---------- | Applications [HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\iexplore.exe" %1 [HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\Classes\Applications\provtool.exe] : "%SystemRoot%\System32\provtool.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\iexplore.exe" %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\provtool.exe] : "%SystemRoot%\System32\provtool.exe" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" ---------- | SvcHost (Whitelist) [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost] "DcomLaunch"=Power LSM BrokerInfrastructure PlugPlay SystemEventsBroker DeviceInstall DcomLaunch "PeerDist"=PeerDistSvc "Camera"=FrameS "smbsvcs"=browser lanmanserver [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost] "DcomLaunch"=PlugPlay DeviceInstall DcomLaunch "smbsvcs"=lanmanserver ---------- | SvcHost - Netsvcs (Whitelist) ---------- | Software [HKU\S-1-5-21-2840930965-2178098826-1748127505-1001\Software\AppDataLow] [HKU\S-1-5-21-2840930965-2178098826-1748127505-1001\Software\Blizzard Entertainment] [HKU\S-1-5-21-2840930965-2178098826-1748127505-1001\Software\Chromium] [HKU\S-1-5-21-2840930965-2178098826-1748127505-1001\Software\Clients] [HKU\S-1-5-21-2840930965-2178098826-1748127505-1001\Software\Creative Tech] [HKU\S-1-5-21-2840930965-2178098826-1748127505-1001\Software\g3n-h@ckm@n] [HKU\S-1-5-21-2840930965-2178098826-1748127505-1001\Software\InstallShield] [HKU\S-1-5-21-2840930965-2178098826-1748127505-1001\Software\Killer Networking] [HKU\S-1-5-21-2840930965-2178098826-1748127505-1001\Software\Malwarebytes] [HKU\S-1-5-21-2840930965-2178098826-1748127505-1001\Software\Microsoft] [HKU\S-1-5-21-2840930965-2178098826-1748127505-1001\Software\Mozilla] [HKU\S-1-5-21-2840930965-2178098826-1748127505-1001\Software\NVIDIA Corporation] [HKU\S-1-5-21-2840930965-2178098826-1748127505-1001\Software\Policies] [HKU\S-1-5-21-2840930965-2178098826-1748127505-1001\Software\Realtek] [HKU\S-1-5-21-2840930965-2178098826-1748127505-1001\Software\RegisteredApplications] [HKU\S-1-5-21-2840930965-2178098826-1748127505-1001\Software\SyncEngines] [HKU\S-1-5-21-2840930965-2178098826-1748127505-1001\Software\sysinternals] [HKU\S-1-5-21-2840930965-2178098826-1748127505-1001\Software\Ubisoft] [HKU\S-1-5-21-2840930965-2178098826-1748127505-1001\Software\Wow6432Node] [HKU\S-1-5-21-2840930965-2178098826-1748127505-1001\Software\ZHP] [HKU\S-1-5-21-2840930965-2178098826-1748127505-1001\SOFTWARE\AppDataLow\Software\Microsoft] [HKU\S-1-5-21-2840930965-2178098826-1748127505-1001\Software\Microsoft\Windows\CurrentVersion] [HKU\S-1-5-21-2840930965-2178098826-1748127505-1001\Software\Microsoft\Windows\DWM] [HKU\S-1-5-21-2840930965-2178098826-1748127505-1001\Software\Microsoft\Windows\Roaming] [HKU\S-1-5-21-2840930965-2178098826-1748127505-1001\Software\Microsoft\Windows\Shell] [HKU\S-1-5-21-2840930965-2178098826-1748127505-1001\Software\Microsoft\Windows\TabletPC] [HKU\S-1-5-21-2840930965-2178098826-1748127505-1001\Software\Microsoft\Windows\Windows Error Reporting] [HKU\S-1-5-21-2840930965-2178098826-1748127505-1001\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\AGEIA Technologies] [HKLM\Software\ASIO] [HKLM\Software\ATI Technologies] [HKLM\Software\Clients] [HKLM\Software\Creative Tech] [HKLM\Software\cybelsoft] [HKLM\Software\Fortemedia] [HKLM\Software\g3n-h@ckm@n] [HKLM\Software\Intel] [HKLM\Software\Khronos] [HKLM\Software\Killer Networking] [HKLM\Software\Macromedia] [HKLM\Software\Microsoft] [HKLM\Software\Mozilla] [HKLM\Software\mozilla.org] [HKLM\Software\Nuance] [HKLM\Software\NVIDIA Corporation] [HKLM\Software\ODBC] [HKLM\Software\OEM] [HKLM\Software\Partner] [HKLM\Software\Policies] [HKLM\Software\Realtek] [HKLM\Software\RegisteredApplications] [HKLM\Software\Saitek] [HKLM\Software\SRS Labs] [HKLM\Software\sysinternals] [HKLM\Software\Waves Audio] [HKLM\Software\WOW6432Node] [HKLM\Software\Microsoft\Windows\ClickNote] [HKLM\Software\Microsoft\Windows\CurrentVersion] [HKLM\Software\Microsoft\Windows\DWM] [HKLM\Software\Microsoft\Windows\EnterpriseResourceManager] [HKLM\Software\Microsoft\Windows\HTML Help] [HKLM\Software\Microsoft\Windows\ITStorage] [HKLM\Software\Microsoft\Windows\ScheduledDiagnostics] [HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\Microsoft\Windows\Shell] [HKLM\Software\Microsoft\Windows\Tablet PC] [HKLM\Software\Microsoft\Windows\TabletPC] [HKLM\Software\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\Microsoft\Windows\Windows Search] [HKLM\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\Camera] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ICService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\print] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\UnistackSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\WepHostSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wsappx] [HKLM\Software\WOW6432Node\AGEIA Technologies] [HKLM\Software\WOW6432Node\AMD] [HKLM\Software\WOW6432Node\ASIO] [HKLM\Software\WOW6432Node\ATI Technologies] [HKLM\Software\WOW6432Node\Blizzard Entertainment] [HKLM\Software\WOW6432Node\Creative Tech] [HKLM\Software\WOW6432Node\EasyAntiCheat] [HKLM\Software\WOW6432Node\Google] [HKLM\Software\WOW6432Node\Intel] [HKLM\Software\WOW6432Node\Khronos] [HKLM\Software\WOW6432Node\Macromedia] [HKLM\Software\WOW6432Node\Microsoft] [HKLM\Software\WOW6432Node\MozillaPlugins] [HKLM\Software\WOW6432Node\MSI] [HKLM\Software\WOW6432Node\Nuance] [HKLM\Software\WOW6432Node\NVIDIA Corporation] [HKLM\Software\WOW6432Node\ODBC] [HKLM\Software\WOW6432Node\Realtek] [HKLM\Software\WOW6432Node\Realtek Semiconductor Corp.] [HKLM\Software\WOW6432Node\Ubisoft] [HKLM\Software\WOW6432Node\WOW6432Node] [HKLM\Software\WOW6432Node\Clients] [HKLM\Software\WOW6432Node\Policies] [HKLM\Software\WOW6432Node\RegisteredApplications] [HKLM\Software\WOW6432Node\Microsoft\Windows\ClickNote] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows\EnterpriseResourceManager] [HKLM\Software\WOW6432Node\Microsoft\Windows\HTML Help] [HKLM\Software\WOW6432Node\Microsoft\Windows\ITStorage] [HKLM\Software\WOW6432Node\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\WOW6432Node\Microsoft\Windows\Tablet PC] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Search] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] ---------- | Drives ---------- | C: [16/07/2016 13:47:47] - |SHD| - [2350763831] - C:\$Recycle.Bin [30/09/2017 19:28:46] - |HD| - [114168528] - C:\$SysReset [18/05/2017 17:38:24] - |D| - [1437585845] - C:\AMD [MD5.79B9D2263314FB764719CF6372B1D0C5] - [16/07/2016 14:58:18] - |RASH| - (.-.) - [384322] - (0.0.0.0) - C:\bootmgr [MD5.93B885ADFE0DA089CDF634904FD59F71] - [16/07/2016 14:58:19] - |ASH| - (.-.) - [1] - (0.0.0.0) - C:\BOOTNXT [14/04/2017 04:07:22] - |SHD| - [0] - C:\Documents and Settings [MD5.D41D8CD98F00B204E9800998ECF8427E] - [30/09/2017 20:52:26] - |ASH| - (.-.) - [3413757952] - (0.0.0.0) - C:\hiberfil.sys [14/04/2017 04:40:43] - |D| - [2738] - C:\Intel [14/04/2017 04:39:06] - |D| - [1945643346] - C:\MSI [17/04/2017 13:01:43] - |D| - [17649925355] - C:\Nexon [14/04/2017 00:28:01] - |D| - [3816236025] - C:\NVIDIA [02/10/2017 13:59:43] - |HD| - [0] - C:\OneDriveTemp [MD5.D41D8CD98F00B204E9800998ECF8427E] - [30/09/2017 18:46:19] - |ASH| - (.-.) - [2013265920] - (0.0.0.0) - C:\pagefile.sys [01/10/2017 06:19:39] - |D| - [0] - C:\PerfLogs [01/10/2017 05:56:29] - |RD| - [3719294849] - C:\Program Files [01/10/2017 05:56:29] - |RD| - [69236282579] - C:\Program Files (x86) [01/10/2017 06:19:40] - |HD| - [1041323418] - C:\ProgramData [02/10/2017 17:30:46] - |D| - [262052] - C:\QuickDiag [MD5.B634D4967AFC697E51926B4607506FE4] - [02/10/2017 17:30:55] - |A| - (.-.) - [122950] - (0.0.0.0) - C:\QuickDiag.txt [MD5.D41D8CD98F00B204E9800998ECF8427E] - [14/04/2017 04:40:05] - |A| - (.-.) - [0] - (0.0.0.0) - C:\RAMDiskImage.img [18/09/2017 03:05:40] - |SHD| - [1006] - C:\Recovery [MD5.5EED8FC415DB5BFEE5FA809014DD4066] - [14/04/2017 04:32:13] - |A| - (.-.) - [3146] - (0.0.0.0) - C:\RHDSetup.log [MD5.E7D20CFA0AFED1503F0E3FFFA049D0E0] - [14/04/2017 04:37:42] - |A| - (.-.) - [181] - (0.0.0.0) - C:\SBCsetup.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - [30/09/2017 18:46:21] - |ASH| - (.-.) - [268435456] - (0.0.0.0) - C:\swapfile.sys [14/04/2017 03:59:27] - |SHD| - [0] - C:\System Volume Information [29/06/2017 21:16:23] - |D| - [0] - C:\TL [01/10/2017 05:56:29] - |RD| - [17896153075] - C:\Users [01/10/2017 05:56:29] - |D| - [23077956581] - C:\Windows [01/10/2017 06:36:26] - |D| - [653959462] - C:\Windows.old ---------- | C:\WINDOWS [MD5.D2A2D69173654899705C88EEE378A5B2] - [30/09/2017 22:39:07] - |A| - (.© Microsoft Corporation. - Resource only DLL containing MOF for ASL code.) - [11248] - (6.1.7600.16385) - C:\WINDOWS\acpimof.dll [01/10/2017 06:19:41] - |D| - [802] - C:\WINDOWS\addins [01/10/2017 06:19:41] - |D| - [8785874] - C:\WINDOWS\appcompat [01/10/2017 06:19:41] - |D| - [12785870] - C:\WINDOWS\AppPatch [01/10/2017 06:19:41] - |D| - [0] - C:\WINDOWS\AppReadiness [01/10/2017 06:19:39] - |RSD| - [176116243] - C:\WINDOWS\assembly [01/10/2017 06:19:41] - |D| - [370072] - C:\WINDOWS\bcastdvr [MD5.7B465E25ADF5D6DBCE9DCAE3C6545405] - [16/07/2016 13:42:16] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Utilitaire de service de fichier de démarrage.) - [61440] - (10.0.14393.0) - C:\WINDOWS\bfsvc.exe [01/10/2017 06:19:41] - |SHD| - [591899] - C:\WINDOWS\BitLockerDiscoveryVolumeContents [01/10/2017 06:19:41] - |D| - [38129105] - C:\WINDOWS\Boot [MD5.6967EB2551E1A8147041B564CD659461] - [30/09/2017 20:39:57] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\WINDOWS\bootstat.dat [01/10/2017 06:19:41] - |D| - [3724824] - C:\WINDOWS\Branding [01/10/2017 06:05:17] - |D| - [0] - C:\WINDOWS\CbsTemp [01/10/2017 06:19:41] - |D| - [0] - C:\WINDOWS\CSC [MD5.57AE1F5B2DBFAEC0855FDFF92BD96B2F] - [30/09/2017 22:26:42] - |RAH| - (.-.) - [159] - (0.0.0.0) - C:\WINDOWS\ctfile.rfc [01/10/2017 06:19:41] - |D| - [8970858] - C:\WINDOWS\Cursors [01/10/2017 06:19:41] - |D| - [1180] - C:\WINDOWS\debug [01/10/2017 06:19:41] - |D| - [4831264] - C:\WINDOWS\diagnostics [01/10/2017 06:25:08] - |D| - [0] - C:\WINDOWS\DigitalLocker [MD5.6A1C4068F0C0779DC04984BAC777CC95] - [30/09/2017 23:16:33] - |A| - (.-.) - [10047] - (0.0.0.0) - C:\WINDOWS\DirectX.log [01/10/2017 06:19:41] - |SD| - [65] - C:\WINDOWS\Downloaded Program Files [01/10/2017 06:19:41] - |HD| - [44056] - C:\WINDOWS\ELAMBKUP [01/10/2017 06:25:08] - |D| - [105984] - C:\WINDOWS\en-US [MD5.577119EC77525D3F80FFB03BFACC17D4] - [09/08/2017 15:47:32] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [4674872] - (10.0.14393.1532) - C:\WINDOWS\explorer.exe [01/10/2017 06:19:41] - |RSD| - [357896164] - C:\WINDOWS\Fonts [01/10/2017 06:28:18] - |D| - [122368] - C:\WINDOWS\fr-FR [01/10/2017 06:19:41] - |D| - [0] - C:\WINDOWS\GameBarPresenceWriter [01/10/2017 06:19:41] - |D| - [33267993] - C:\WINDOWS\Globalization [01/10/2017 06:19:41] - |D| - [73313169] - C:\WINDOWS\Help [MD5.E8B796A523D2B63A9C7BB0576DFE793E] - [14/06/2017 18:08:15] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Aide et support Microsoft.) - [975872] - (10.0.14393.1358) - C:\WINDOWS\HelpPane.exe [MD5.52AFE6DE5E463B7A08C184B1EB49DD6A] - [16/07/2016 13:42:21] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Exécutable de l’aide HTML Microsoft®.) - [18432] - (10.0.14393.0) - C:\WINDOWS\hh.exe [01/10/2017 06:19:41] - |D| - [173192488] - C:\WINDOWS\IME [01/10/2017 06:19:41] - |RD| - [6849336] - C:\WINDOWS\ImmersiveControlPanel [01/10/2017 06:18:15] - |D| - [59742679] - C:\WINDOWS\INF [01/10/2017 06:36:43] - |D| - [885945751] - C:\WINDOWS\InfusedApps [01/10/2017 06:19:41] - |D| - [36285422] - C:\WINDOWS\InputMethod [01/10/2017 06:19:41] - |SHD| - [54145301] - C:\WINDOWS\Installer [01/10/2017 06:19:41] - |D| - [89407] - C:\WINDOWS\L2Schemas [01/10/2017 06:19:41] - |D| - [0] - C:\WINDOWS\LiveKernelReports [01/10/2017 06:19:41] - |D| - [352886652] - C:\WINDOWS\Logs [MD5.157BE5DC8BE87631D75A465AF475FFF8] - [30/09/2017 22:26:51] - |N| - (.-.) - [2783] - (0.0.0.0) - C:\WINDOWS\MBCfg_APOIM.ini [MD5.E9A53A1D9F6C230E40BC71AAE397B9F8] - [30/09/2017 22:26:52] - |N| - (.-.) - [2747] - (0.0.0.0) - C:\WINDOWS\MBCfg_HP_APOIM.ini [MD5.4C391CBB89643DE08EDC06AF60C2BEE1] - [30/09/2017 22:26:52] - |N| - (.-.) - [2835] - (0.0.0.0) - C:\WINDOWS\MBCfg_SP_APOIM.ini [01/10/2017 06:19:41] - |RSD| - [20316123] - C:\WINDOWS\Media [MD5.23AF90D2355D8C83AA4567EF1763B467] - [16/07/2016 13:42:12] - |A| - (.-.) - [43131] - (0.0.0.0) - C:\WINDOWS\mib.bin [01/10/2017 06:19:39] - |RD| - [832821756] - C:\WINDOWS\Microsoft.NET [01/10/2017 06:19:41] - |D| - [2938] - C:\WINDOWS\Migration [01/10/2017 06:19:41] - |RD| - [486161] - C:\WINDOWS\MiracastView [01/10/2017 06:19:41] - |D| - [0] - C:\WINDOWS\ModemLogs [MD5.3B508CAE5DEBCBA928B5BC355517E2E6] - [16/07/2016 13:43:51] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Bloc-notes.) - [243200] - (10.0.14393.0) - C:\WINDOWS\notepad.exe [MD5.74F28574BB8F61FFC7DD419FE6B6E0D5] - [30/09/2017 20:46:05] - |A| - (.-.) - [1951] - (0.0.0.0) - C:\WINDOWS\NvContainerRecovery.bat [MD5.74F28574BB8F61FFC7DD419FE6B6E0D5] - [01/10/2017 00:18:55] - |A| - (.-.) - [1951] - (0.0.0.0) - C:\WINDOWS\NvTelemetryContainerRecovery.bat [01/10/2017 06:29:54] - |D| - [419226] - C:\WINDOWS\OCR [01/10/2017 06:19:41] - |RD| - [65] - C:\WINDOWS\Offline Web Pages [30/09/2017 22:04:16] - |D| - [78259] - C:\WINDOWS\Panther [01/10/2017 06:19:41] - |D| - [28864584] - C:\WINDOWS\Performance [MD5.8FA604A0681061A31E878A471431C8BF] - [01/10/2017 19:52:48] - |A| - (.-.) - [2424] - (0.0.0.0) - C:\WINDOWS\PFRO.log [01/10/2017 06:19:41] - |D| - [1283900] - C:\WINDOWS\PLA [01/10/2017 06:19:41] - |D| - [9457441] - C:\WINDOWS\PolicyDefinitions [01/10/2017 06:19:41] - |D| - [17201017] - C:\WINDOWS\prefetch [01/10/2017 06:19:41] - |RD| - [2037042] - C:\WINDOWS\PrintDialog [01/10/2017 06:19:41] - |D| - [1431564] - C:\WINDOWS\Provisioning [MD5.BF5D30514FEA913E25CCC9E546257088] - [13/04/2017 19:36:07] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Éditeur du Registre.) - [320512] - (10.0.14393.953) - C:\WINDOWS\regedit.exe [01/10/2017 06:19:41] - |D| - [22588] - C:\WINDOWS\Registration [01/10/2017 06:19:41] - |D| - [0] - C:\WINDOWS\RemotePackages [01/10/2017 06:19:41] - |D| - [2100384] - C:\WINDOWS\rescache [01/10/2017 06:19:41] - |D| - [3838706] - C:\WINDOWS\Resources [MD5.A095B3E67C8EB8F2137EAC63687F2F5B] - [30/09/2017 22:13:44] - |A| - (.Copyright (C) 2016 Realtek Semiconductor Corp. - RtlExUpd DLL for setup utility function.) - [2839520] - (1.0.7.0) - C:\WINDOWS\RtlExUpd.dll [01/10/2017 06:19:42] - |D| - [0] - C:\WINDOWS\SchCache [01/10/2017 06:19:42] - |D| - [121229] - C:\WINDOWS\schemas [01/10/2017 06:19:42] - |D| - [9085374] - C:\WINDOWS\security [01/10/2017 06:36:12] - |D| - [37657553] - C:\WINDOWS\ServiceProfiles [01/10/2017 05:56:29] - |D| - [153385457] - C:\WINDOWS\servicing [01/10/2017 06:34:00] - |D| - [42] - C:\WINDOWS\Setup [MD5.4F7ACE259087BC9239F5E1BD7D7C5C31] - [30/09/2017 23:13:45] - |A| - (.-.) - [1233] - (0.0.0.0) - C:\WINDOWS\setupact.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - [30/09/2017 20:39:36] - |A| - (.-.) - [0] - (0.0.0.0) - C:\WINDOWS\setuperr.log [01/10/2017 06:19:42] - |D| - [31196672] - C:\WINDOWS\ShellExperiences [01/10/2017 06:19:42] - |D| - [6828144] - C:\WINDOWS\SKB [30/09/2017 20:46:21] - |D| - [282252676] - C:\WINDOWS\SoftwareDistribution [01/10/2017 06:19:42] - |D| - [178379706] - C:\WINDOWS\Speech [01/10/2017 06:19:42] - |D| - [98719361] - C:\WINDOWS\Speech_OneCore [MD5.BCDB205132974EC3AB6F5C01DD93489B] - [18/01/2017 13:57:09] - |A| - (.© Microsoft Corporation. - Print driver host for applications.) - [130560] - (10.0.14393.351) - C:\WINDOWS\splwow64.exe [01/10/2017 06:19:42] - |D| - [34917] - C:\WINDOWS\System [MD5.286A9EDB379DC3423A528B0864A0F111] - [01/10/2017 06:19:47] - |A| - (.-.) - [219] - (0.0.0.0) - C:\WINDOWS\system.ini [01/10/2017 05:56:29] - |D| - [5408477300] - C:\WINDOWS\System32 [01/10/2017 06:19:43] - |D| - [146147201] - C:\WINDOWS\SystemApps [01/10/2017 06:19:43] - |D| - [18487125] - C:\WINDOWS\SystemResources [01/10/2017 06:19:43] - |D| - [2408255932] - C:\WINDOWS\syswow64 [01/10/2017 06:19:44] - |D| - [0] - C:\WINDOWS\TAPI [01/10/2017 06:19:44] - |D| - [220] - C:\WINDOWS\Tasks [01/10/2017 06:19:44] - |D| - [28077548] - C:\WINDOWS\Temp [01/10/2017 06:19:44] - |D| - [0] - C:\WINDOWS\tracing [01/10/2017 06:19:44] - |D| - [7680] - C:\WINDOWS\twain_32 [MD5.21F91141B4796108A50733B14850CDF2] - [16/07/2016 13:43:52] - |A| - (.- Gestionnaire de sources Twain_32 (Image Acquisition Interface).) - [66560] - (1.7.1.3) - C:\WINDOWS\twain_32.dll [01/10/2017 16:33:04] - |SD| - [6394488] - C:\WINDOWS\UpdateAssistantV2 [MD5.C419DF63E0121D72411285780C2FC6CC] - [30/09/2017 22:27:07] - |N| - (.Copyright (c) Creative Technology Ltd. 2000 - Creative UpdReg.) - [90112] - (1.0.2.0) - C:\WINDOWS\Updreg.EXE [01/10/2017 06:19:44] - |D| - [12420] - C:\WINDOWS\Vss [01/10/2017 06:19:44] - |D| - [15729830] - C:\WINDOWS\Web [MD5.23CF8138F49416231807E6DE371FB9E6] - [01/10/2017 06:19:47] - |A| - (.-.) - [92] - (0.0.0.0) - C:\WINDOWS\win.ini [MD5.C844CA459F3B209329984772269B6E56] - [16/07/2016 13:42:32] - |RH| - (.-.) - [670] - (0.0.0.0) - C:\WINDOWS\WindowsShell.Manifest [MD5.038356387332650843BCB352BB89A101] - [30/09/2017 20:46:21] - |A| - (.-.) - [275] - (0.0.0.0) - C:\WINDOWS\WindowsUpdate.log [MD5.9328E170E5407D9DDE7EB1E208A2CBB4] - [16/07/2016 13:42:48] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Relais Windows Winhlp32.) - [10240] - (10.0.14393.0) - C:\WINDOWS\winhlp32.exe [01/10/2017 05:56:29] - |D| - [11030240553] - C:\WINDOWS\WinSxS [MD5.E7E4D8D7340DA6934B9EA81CBB21374C] - [16/07/2016 13:43:08] - |A| - (.-.) - [316640] - (0.0.0.0) - C:\WINDOWS\WMSysPr9.prx [MD5.E87C6A38E61A712C48025A6AD54C1113] - [16/07/2016 13:42:39] - |A| - (.© Microsoft Corporation. - Windows Write.) - [11264] - (10.0.14393.0) - C:\WINDOWS\write.exe ---------- | C:\WINDOWS\System32\GroupPolicy ---------- | Systemroot\System [08/01/2016 19:40:01] - |A| - [3878] - C:\WINDOWS\System\wpmjoaye.dwu () - () ---------- | Systemroot\Installer (Microsoft Files Whitelisted) [30/09/2017 23:50:41] - C:\WINDOWS\Installer\10943f.msi : (Asmedia USB Host Controller Driver - Asmedia Technology) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/09/2017 22:11:29] - C:\WINDOWS\Installer\2818d.msi : (Blank Project Template - Rivet Networks) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/09/2017 22:11:49] - C:\WINDOWS\Installer\28191.msi : (Blank Project Template - Rivet Networks) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/09/2017 22:12:04] - C:\WINDOWS\Installer\28196.msi : (Blank Project Template - Rivet Networks) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [22/09/2017 17:04:38] - C:\WINDOWS\Installer\b1134.msi : (Hardware Detection DriversCloud.com - Cybelsoft) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] ---------- | %System%\*.in* [16/07/2016 13:43:08] - [3458] - C:\WINDOWS\System32\ieuinit.inf [30/09/2017 22:26:52] - [13741] - C:\WINDOWS\System32\MBCfg64.ini [30/09/2017 22:26:52] - [5856] - C:\WINDOWS\System32\MBCfgUninstall64.ini [30/09/2017 20:54:27] - [2176896] - C:\WINDOWS\System32\PerfStringBackup.INI [16/07/2016 13:42:39] - [60124] - C:\WINDOWS\System32\tcpmon.ini [16/07/2016 13:42:11] - [2307] - C:\WINDOWS\System32\WimBootCompress.ini [16/07/2016 13:43:59] - [3458] - C:\WINDOWS\Syswow64\ieuinit.inf [30/09/2017 22:26:52] - [13741] - C:\WINDOWS\Syswow64\MBCfg32.ini [30/09/2017 22:26:52] - [5856] - C:\WINDOWS\Syswow64\MBCfgUninstall32.ini [16/07/2016 13:42:43] - [2307] - C:\WINDOWS\Syswow64\WimBootCompress.ini ---------- | Listing no Microsoft signed files (Not necessary Malwares) | system32 | Syswow64 | General scan [MD5.B7C476BBE4F001F4F33C04D9ABC33DC8] - |A| - [16/07/2016 13:42:17] - (.-.) - [14.52 Ko] - (0.0.0.0) - C:\WINDOWS\AppPatch\AppPatch64\pcamain.sdb [MD5.8BE31B88D8523648580AFAFB92B78A30] - |A| - [13/04/2017 19:36:54] - (.-.) - [540.84 Ko] - (0.0.0.0) - C:\WINDOWS\AppPatch\AppPatch64\sysmain.sdb [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 15:38:36] - [0 Ko] - C:\WINDOWS\Temp\7C2D30F2-4D1C-4D55-B94B-843FE2533DE8-Sigs [MD5.B5F93CE79F067C5BE0BB05833081C3FF] - |A| - [30/09/2017 23:17:31] - (.-.) - [3.95 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\dd_vcredist_amd64_20170930231731.log [MD5.4E727427764EB90307DD3179FE96E49C] - |A| - [30/09/2017 23:17:33] - (.-.) - [3.89 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\dd_vcredist_x86_20170930231733.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [30/09/2017 22:53:34] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\FanTempControl.txt [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [02/10/2017 17:30:37] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\FXSAPIDebugLogFile.txt [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [02/10/2017 17:30:36] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\FXSTIFFDebugLogFile.txt [MD5.3A7B3C4C68D679F66B91A15ADAE5852D] - |A| - [30/09/2017 22:55:26] - (.-.) - [0.22 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\Live_google_checker.log [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 23:47:00] - [18042.42 Ko] - C:\WINDOWS\Temp\MadCatz [MD5.F5D74C96E3406A19ADA500C2935D01BE] - |A| - [30/09/2017 22:50:37] - (.-.) - [9.53 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MpCmdRun.log [MD5.7F7E44303206C7D914F42695C65B138B] - |A| - [01/10/2017 15:38:36] - (.-.) - [29.63 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MpSigStub.log [MD5.C5E5009D0BE190B628CC487894AE8430] - |A| - [30/09/2017 22:55:30] - (.-.) - [16.95 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\msimb_SCCLog.txt [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 00:18:03] - [18.52 Ko] - C:\WINDOWS\Temp\NvidiaLogging [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 23:12:45] - [0 Ko] - C:\WINDOWS\Temp\Realtek_HD_Audio_Drivers [MD5.DF8AB60028AA448D2A1742289A38FBDA] - |A| - [30/09/2017 22:55:29] - (.-.) - [13.82 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\SymCCISDll.txt [MD5.8278F0D25F9A0074742AC581AC4420DC] - |A| - [01/10/2017 16:45:31] - (.-.) - [256 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_11B7.tmp [MD5.331F90E146B0C6A7391D43F0FE8DB47F] - |A| - [01/10/2017 16:45:31] - (.-.) - [192 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_137D.tmp [MD5.73BDC1330E9E88BEAA9745BA39825206] - |A| - [01/10/2017 16:45:32] - (.-.) - [256 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_13FB.tmp [MD5.C2235B0DFBD8F28AAF87A0EE46450B7D] - |A| - [01/10/2017 16:45:36] - (.-.) - [192 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_26B9.tmp [MD5.ABA6F4FD671F4283BCC6E83045B171E4] - |A| - [01/10/2017 16:45:37] - (.-.) - [192 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_293A.tmp [MD5.2F01D476B290E589622D9E27696554D7] - |A| - [01/10/2017 16:45:37] - (.-.) - [192 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_29A9.tmp [MD5.D56474698B3085BFE2113DC8E865E6BD] - |A| - [01/10/2017 16:43:45] - (.-.) - [320 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_755C.tmp [MD5.246EB657E0EF0F114FD77B9FD405BB37] - |A| - [01/10/2017 16:43:46] - (.-.) - [192 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_75DA.tmp [MD5.2517BFE97CC130830D022A075AC20686] - |A| - [01/10/2017 16:43:46] - (.-.) - [320 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_760A.tmp [MD5.464C691ED294ED520568B3023DD75159] - |A| - [01/10/2017 16:43:46] - (.-.) - [256 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_7678.tmp [MD5.0069386A0DA4128A4E11D2F1DF673226] - |A| - [01/10/2017 16:43:46] - (.-.) - [256 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_76F6.tmp [MD5.05D4E04CB80CC40695CC809FE95ED6ED] - |A| - [01/10/2017 16:43:46] - (.-.) - [192 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_7784.tmp [MD5.F3A5C128BBB4054D174C48B9F5FBFD00] - |A| - [01/10/2017 16:43:47] - (.-.) - [256 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_7BBB.tmp [MD5.057355CFCE684E23A754E6416D71D8AD] - |A| - [01/10/2017 16:42:42] - (.-.) - [192 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_7F86.tmp [MD5.25238CC183AE91B3CF65ED47EC1FD23D] - |A| - [01/10/2017 16:42:43] - (.-.) - [128 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_7FE4.tmp [MD5.9E4BAD760B47D2A8D9691363967BBEDA] - |A| - [01/10/2017 16:42:43] - (.-.) - [128 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_8062.tmp [MD5.29711064DDC2348F54767694C8969066] - |A| - [01/10/2017 16:42:43] - (.-.) - [192 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_80A2.tmp [MD5.AC153345EF6E34BFFA16DE6CF846A5AE] - |A| - [01/10/2017 16:42:43] - (.-.) - [192 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_80F1.tmp [MD5.03F9904E01715E1179AD3F02F30A6FD6] - |A| - [01/10/2017 16:42:43] - (.-.) - [128 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_8150.tmp [MD5.FE5AFF5AF59E4927FF09B449835D7C94] - |A| - [01/10/2017 16:44:55] - (.-.) - [192 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_855C.tmp [MD5.ED1A0F868E8951663062D32E9CBCC278] - |A| - [01/10/2017 16:44:56] - (.-.) - [256 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_880C.tmp [MD5.E541F441B529BAAFD3EBFED1DC88D484] - |A| - [01/10/2017 16:44:59] - (.-.) - [128 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_9471.tmp [MD5.EAFE5130A3843C7D2776CB16E120241A] - |A| - [01/10/2017 16:45:29] - (.-.) - [256 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_A53.tmp [MD5.5913BC2FA295B5E20A16B08B401D7EE7] - |A| - [01/10/2017 16:41:48] - (.-.) - [448 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_AAD1.tmp [MD5.96493FCB7FE16B41F4D6354A00FB8421] - |A| - [01/10/2017 16:41:48] - (.-.) - [192 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_AB9D.tmp [MD5.EC13E3A0E911B004B495818F0D97F4BB] - |A| - [01/10/2017 16:41:48] - (.-.) - [192 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_AC3B.tmp [MD5.D8330A3523FB055B8B8B1319E3AF912E] - |A| - [01/10/2017 16:41:49] - (.-.) - [192 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_AD16.tmp [MD5.92EDC733FC0567A570E44BCD58DD7895] - |A| - [01/10/2017 16:41:49] - (.-.) - [256 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_AD65.tmp [MD5.70C4270D68852BF1DA1C57DF29F93CB7] - |A| - [01/10/2017 16:41:49] - (.-.) - [192 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_ADA5.tmp [MD5.FC1238E0ED952F62FD02C6207374A215] - |A| - [01/10/2017 16:41:51] - (.-.) - [192 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_B6DD.tmp [MD5.D3CD2AE788EF3D2D110274B468221AE3] - |A| - [01/10/2017 16:45:09] - (.-.) - [256 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_BCF9.tmp [MD5.C41E1198DEC0B36AB18D8A36763A0A33] - |A| - [01/10/2017 16:41:54] - (.-.) - [448 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_C229.tmp [MD5.EFFCCCB4FD60F26B2BE5317EBDED64C8] - |A| - [01/10/2017 16:41:55] - (.-.) - [256 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_C556.tmp [MD5.D70D2670A5894C2FD5F45DF6BEE54E86] - |A| - [01/10/2017 16:41:55] - (.-.) - [192 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_C680.tmp [MD5.3B13BEE3C66E66C77C0C386F9083F69D] - |A| - [01/10/2017 16:41:55] - (.-.) - [192 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_C78B.tmp [MD5.A7E581FFBC469011BBDB25C19F1FFA92] - |A| - [01/10/2017 16:41:57] - (.-.) - [128 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_CF1D.tmp [MD5.04AC108AB3835B0E5B163C57CFE77698] - |A| - [01/10/2017 16:41:58] - (.-.) - [128 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_D2D8.tmp [MD5.98E875AD1140244FA8CFDC5DB469BAF3] - |A| - [01/10/2017 16:41:59] - (.-.) - [128 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_D430.tmp [MD5.921C9575931EB6E59BA0289A8C185604] - |A| - [01/10/2017 16:42:01] - (.-.) - [128 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_DE05.tmp [MD5.D143192FA41B98F8C134C375B6677B25] - |A| - [01/10/2017 16:45:22] - (.-.) - [256 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_ED9F.tmp [MD5.D131CAF1A4931298B6B3D55A66E5C9D1] - |A| - [01/10/2017 16:45:24] - (.-.) - [192 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_F83F.tmp [MD5.3D298FABD7586E363A36C231CBDADDDD] - |A| - [01/10/2017 16:45:24] - (.-.) - [192 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_F850.tmp [MD5.033C0A01E14F546CB11140A71522788C] - |A| - [01/10/2017 16:45:26] - (.-.) - [256 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_FEC9.tmp [MD5.6A714E92C31CC703F292299C6E5BF1EB] - |A| - [30/09/2017 23:13:57] - (.-.) - [0.54 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\USetup.iss [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:25:08] - [0 Ko] - C:\WINDOWS\System32\0409 [MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [16/07/2016 13:42:35] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@AudioToastIcon.png [MD5.8E4B25CC8E98F63DBD54176DFAB539E0] - |A| - [16/07/2016 13:42:05] - (.-.) - [0.44 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@BackgroundAccessToastIcon.png [MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [16/07/2016 13:42:38] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@EnrollmentToastIcon.png [MD5.373CF57FF3DAAEEB629F90CE7226B30D] - |A| - [16/07/2016 13:42:41] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@language_notification_icon.png [MD5.46DACDA5036EBECEDF08427407E3017C] - |A| - [16/07/2016 13:42:40] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@optionalfeatures.png [MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [16/07/2016 13:42:38] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@VpnToastIcon.png [MD5.7AC3EA1A5175106ED6467FF0C5315541] - |A| - [16/07/2016 13:42:38] - (.-.) - [14.75 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WiFiNotificationIcon.png [MD5.58B6CB6A8528BA1B267CFAE325E6B834] - |A| - [16/07/2016 13:42:23] - (.-.) - [20.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsHelloFaceToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:42] - [3176.34 Ko] - C:\WINDOWS\System32\AdvancedInstallers [MD5.96A6FCCACCAF7402A3FEC9632D4CFD42] - |A| - [09/08/2017 15:48:22] - (.-.) - [438.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ApnDatabase.xml [MD5.394D95C9903DDA40F2A3B469A4E4D602] - |A| - [30/09/2017 22:26:42] - (.-.) - [357.5 Ko] - (1.0.340.0) - C:\WINDOWS\System32\APOMgr64.DLL [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:42] - [0 Ko] - C:\WINDOWS\System32\AppLocker [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:42] - [2487.16 Ko] - C:\WINDOWS\System32\appraiser [MD5.F94192B47ACA96AFFEBC1073891EBB42] - |A| - [16/07/2016 13:43:20] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\System32\AppVStreamingUX.exe.config [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:42] - [272 Ko] - C:\WINDOWS\System32\ar-SA [MD5.7FB9F67CF1E872F4573028B6B64BFF6D] - |A| - [19/04/2017 05:09:14] - (.-.) - [27.37 Ko] - (0.0.0.0) - C:\WINDOWS\System32\asmtxhcicoinstaller.dll [MD5.31ABC8C02F1CCE0DA39550D763384184] - |A| - [16/07/2016 13:42:12] - (.Copyright (C) 2008 - Gestionnaire de contexte pour réseau personnel Bluetooth.) - [91.5 Ko] - (1.0.0.1) - C:\WINDOWS\System32\BthpanContextHandler.dll [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:42] - [0.93 Ko] - C:\WINDOWS\System32\Bthprops [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 05:56:29] - [101063.36 Ko] - C:\WINDOWS\System32\CatRoot [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:42] - [44803.45 Ko] - C:\WINDOWS\System32\catroot2 [MD5.C507DAFEEA42E4568CFA32DC0DDF64F0] - |N| - [30/09/2017 22:26:52] - (.Copyright (c) 2011 Creative Technology Ltd. - Creative Host SoundCore Module.) - [366.63 Ko] - (1.0.7.0) - C:\WINDOWS\System32\ChezSC64.DLL [MD5.BAB0E8D890110BE248F4F9F995EF4B8B] - |A| - [30/09/2017 22:26:42] - (.-.) - [87.5 Ko] - (1.0.64.0) - C:\WINDOWS\System32\CmdRtr64.DLL [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:42] - [2667.36 Ko] - C:\WINDOWS\System32\CodeIntegrity [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:42] - [365 Ko] - C:\WINDOWS\System32\Com [MD5.62B53E06F95506669CCB6D3810A88E51] - |A| - [30/09/2017 23:12:54] - (.2013 © Real Sound Lab SIA, iSoft Solutions - CONEQ™ Media Suite APO GUI Library.) - [119.45 Ko] - (1.0.0.4) - C:\WINDOWS\System32\CONEQMSAPOGUILibrary.dll [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 05:56:29] - [265114.22 Ko] - C:\WINDOWS\System32\config [MD5.00000000000000000000000000000000] - |SD| - [01/10/2017 06:19:42] - [83.9 Ko] - C:\WINDOWS\System32\Configuration [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:42] - [297 Ko] - C:\WINDOWS\System32\cs-CZ [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:42] - [293 Ko] - C:\WINDOWS\System32\da-DK [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:42] - [177.63 Ko] - C:\WINDOWS\System32\DDFs [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:42] - [329 Ko] - C:\WINDOWS\System32\de-DE [MD5.306B90493D00011EB635E161C6C024B8] - |A| - [16/07/2016 13:42:22] - (.-.) - [4128.04 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultHrtfs.bin [MD5.664AA698FC0106A2B075A641E8DC6302] - |A| - [01/10/2017 06:19:49] - (.-.) - [0.84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultQuestions.json [MD5.00000000000000000000000000000000] - |SD| - [01/10/2017 06:19:42] - [645 Ko] - C:\WINDOWS\System32\DiagSvcs [MD5.8B5F7B8C2EFE38CA571FBE24658DF11F] - |A| - [16/07/2016 13:42:36] - (.-.) - [90.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DiskSnapshot.conf [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:42] - [7863.59 Ko] - C:\WINDOWS\System32\Dism [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:42] - [1116.16 Ko] - C:\WINDOWS\System32\downlevel [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:20] - [95902.74 Ko] - C:\WINDOWS\System32\drivers [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 05:56:29] - [2105654.55 Ko] - C:\WINDOWS\System32\DriverStore [MD5.00000000000000000000000000000000] - |SD| - [01/10/2017 06:19:42] - [210.5 Ko] - C:\WINDOWS\System32\dsc [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:42] - [325 Ko] - C:\WINDOWS\System32\el-GR [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:25:09] - [3445.5 Ko] - C:\WINDOWS\System32\en [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:42] - [236 Ko] - C:\WINDOWS\System32\en-GB [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:42] - [42159.82 Ko] - C:\WINDOWS\System32\en-US [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:42] - [318 Ko] - C:\WINDOWS\System32\es-ES [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:42] - [257.5 Ko] - C:\WINDOWS\System32\es-MX [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:42] - [232 Ko] - C:\WINDOWS\System32\et-EE [MD5.00000000000000000000000000000000] - |SD| - [01/10/2017 06:19:42] - [26096.66 Ko] - C:\WINDOWS\System32\F12 [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:42] - [297 Ko] - C:\WINDOWS\System32\fi-FI [MD5.1195C9BA79397CD051EABF07DD081F0F] - |A| - [14/04/2017 04:40:30] - (.TODO: (c) . ?????,???????? - TODO: .) - [30.78 Ko] - (1.0.0.1) - C:\WINDOWS\System32\FintekIcon1.dll [MD5.87F3C81A8D8E1BCF4B17E2292666E891] - |A| - [30/09/2017 20:38:40] - (.-.) - [201.07 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FNTCACHE.DAT [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:28:19] - [3480.5 Ko] - C:\WINDOWS\System32\fr [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:42] - [264 Ko] - C:\WINDOWS\System32\fr-CA [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:42] - [45809.7 Ko] - C:\WINDOWS\System32\fr-FR [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:42] - [0 Ko] - C:\WINDOWS\System32\FxsTmp [MD5.D07F2281427BD098356EE74B6CB26B86] - |A| - [16/07/2016 13:42:12] - (.-.) - [89 Ko] - (0.0.0.0) - C:\WINDOWS\System32\gatherNetworkInfo.vbs [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:42] - [0 Ko] - C:\WINDOWS\System32\GroupPolicy [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:42] - [0 Ko] - C:\WINDOWS\System32\GroupPolicyUsers [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:42] - [259.5 Ko] - C:\WINDOWS\System32\he-IL [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:42] - [241.5 Ko] - C:\WINDOWS\System32\hr-HR [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:42] - [300.5 Ko] - C:\WINDOWS\System32\hu-HU [MD5.2A571B7728F23E83A800527879105180] - |A| - [16/07/2016 13:42:04] - (.-.) - [44.17 Ko] - (0.0.0.0) - C:\WINDOWS\System32\hypervisor.mof [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:42] - [5.36 Ko] - C:\WINDOWS\System32\ias [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:42] - [36.27 Ko] - C:\WINDOWS\System32\icsxml [MD5.8898B09A8D08E138F238224648DF0739] - |A| - [16/07/2016 13:42:35] - (.-.) - [170.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\IHDS.dll [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:42] - [25813.67 Ko] - C:\WINDOWS\System32\IME [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:42] - [0 Ko] - C:\WINDOWS\System32\inetsrv [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:42] - [4803 Ko] - C:\WINDOWS\System32\InputMethod [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:42] - [0 Ko] - C:\WINDOWS\System32\Ipmi [MD5.5EA855B4A875E08AD93FF901B5D9E275] - |A| - [16/07/2016 13:42:09] - (.-.) - [226 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ism32k.dll [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:42] - [323 Ko] - C:\WINDOWS\System32\it-IT [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:42] - [235.5 Ko] - C:\WINDOWS\System32\ja-jp [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:42] - [233 Ko] - C:\WINDOWS\System32\ko-KR [MD5.130FC8FF1680EF79A3B9166ACECC63C4] - |A| - [23/07/2015 15:03:16] - (.Copyright (C) 2013 Qualcomm Atheros, Inc. - StreamBoost Command Line Utility.) - [92.5 Ko] - (9.0.0.4) - C:\WINDOWS\System32\kstat.exe [MD5.050BC9351A3386458B696F8BCA78B27B] - |A| - [16/07/2016 13:42:22] - (.-.) - [145.55 Ko] - (0.0.0.0) - C:\WINDOWS\System32\LargeRoom.bin [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:42] - [73.41 Ko] - C:\WINDOWS\System32\Licenses [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:42] - [2144.35 Ko] - C:\WINDOWS\System32\LogFiles [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:42] - [237 Ko] - C:\WINDOWS\System32\lt-LT [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:42] - [238.5 Ko] - C:\WINDOWS\System32\lv-LV [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:42] - [29948.5 Ko] - C:\WINDOWS\System32\Macromed [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:42] - [32.68 Ko] - C:\WINDOWS\System32\MailContactsCalendarSync [MD5.7A495CA1402C2F9F5D035092AD808669] - |A| - [16/07/2016 13:44:03] - (.-.) - [0.85 Ko] - (0.0.0.0) - C:\WINDOWS\System32\manage-bde.wsf [MD5.0555A73AACDBDC43B3BD55D51F366FEA] - |A| - [30/09/2017 23:12:59] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [322.8 Ko] - (2.2.9.0) - C:\WINDOWS\System32\MaxxAudioAPO20.dll [MD5.BB678631766E3E05A19E51B74EB00B13] - |A| - [30/09/2017 23:12:59] - (.Copyright © 1996-2014 -.) - [2002.13 Ko] - (4.1.1.0) - C:\WINDOWS\System32\MaxxAudioEQ64.dll [MD5.3D90F8AEF34697D2AC495FBBF9D8F20C] - |A| - [30/09/2017 22:15:22] - (.Copyright (c) 2006-2016 Creative Technology Ltd. - Creative Audio Processing Object Module.) - [1930.48 Ko] - (1.2.16.129) - C:\WINDOWS\System32\MBAPO264.dll [MD5.01409C36EAE864B98A5F3B4DA6E20F0E] - |N| - [30/09/2017 22:26:52] - (.Copyright (C) 2014 -.) - [40.13 Ko] - (1.21.0.0) - C:\WINDOWS\System32\MBCfg64.dll [MD5.F55DC8BFC0B4EEBA996FA297817CC682] - |N| - [30/09/2017 22:26:52] - (.Copyright (c) 2009 Creative Technology Ltd. -.) - [144.63 Ko] - (0.0.0.6) - C:\WINDOWS\System32\MBCfg64.exe [MD5.32B2157AB3B90F7AB725C10037515894] - |N| - [30/09/2017 22:26:52] - (.-.) - [13.42 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MBCfg64.ini [MD5.222FAD09ACEA780623E9E8364EFDB6B8] - |N| - [30/09/2017 22:26:52] - (.-.) - [5.72 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MBCfgUninstall64.ini [MD5.2CEC53E370A14B4C9C5D3E99F0BFA3F7] - |A| - [30/09/2017 22:15:24] - (.Copyright (c) 2006-2010 Creative Technology Ltd. - Audio Processing Object Chaining Module.) - [400.41 Ko] - (1.0.0.270) - C:\WINDOWS\System32\MBWrp64.dll [MD5.BC74BDA8DC53F722C2CA686071600AE2] - |A| - [16/07/2016 13:42:22] - (.-.) - [107.45 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediumRoom.bin [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:36:12] - [1106.79 Ko] - C:\WINDOWS\System32\Microsoft [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:42] - [6560.8 Ko] - C:\WINDOWS\System32\migration [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:42] - [47566.98 Ko] - C:\WINDOWS\System32\migwiz [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 15:27:10] - [0 Ko] - C:\WINDOWS\System32\MRT [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:42] - [45.5 Ko] - C:\WINDOWS\System32\MSDRM [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:42] - [4148.28 Ko] - C:\WINDOWS\System32\MsDtc [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:42] - [19.15 Ko] - C:\WINDOWS\System32\MUI [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:42] - [288 Ko] - C:\WINDOWS\System32\nb-NO [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:42] - [0 Ko] - C:\WINDOWS\System32\NDF [MD5.C146E873B22C3B300B21A859FE66C27A] - |A| - [16/07/2016 13:42:12] - (.-.) - [21.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NetTrace.PLA.Diagnostics.xml [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:42] - [51 Ko] - C:\WINDOWS\System32\networklist [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:42] - [308 Ko] - C:\WINDOWS\System32\nl-NL [MD5.00000000000000000000000000000000] - |SD| - [01/10/2017 06:19:42] - [16570.66 Ko] - C:\WINDOWS\System32\Nui [MD5.8B47B06DAEF36904641ECC268225B47E] - |A| - [01/10/2017 00:14:43] - (.-.) - [0.65 Ko] - (0.0.0.0) - C:\WINDOWS\System32\nv-vk64.json [MD5.1D54660FACFE321274483E05284113B2] - |A| - [30/09/2017 20:46:22] - (.-.) - [8054.76 Ko] - (0.0.0.0) - C:\WINDOWS\System32\nvcoproc.bin [MD5.EEEE3E6ED8CAB22F949F3156BC93A83F] - |A| - [14/04/2017 00:30:25] - (.-.) - [45.35 Ko] - (0.0.0.0) - C:\WINDOWS\System32\nvinfo.pb [MD5.8459EF480AC16A330887C1AD2BC663AD] - |A| - [01/10/2017 00:20:34] - (.-.) - [118.62 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NvRtmpStreamer64.dll [MD5.F54598052A618ADC0231853D870A22BE] - |A| - [01/10/2017 06:19:50] - (.-.) - [15.06 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OEMDefaultAssociations.xml [MD5.2901049544FDF863362FABA2363EB647] - |A| - [16/07/2016 13:42:11] - (.-.) - [0.82 Ko] - (0.0.0.0) - C:\WINDOWS\System32\onlinesetup.cmd [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:42] - [13113.28 Ko] - C:\WINDOWS\System32\oobe [MD5.42D2360079B1DF3230024AE920737367] - |A| - [16/07/2016 13:42:22] - (.-.) - [45.81 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OutdoorAudioEnvironment.bin [MD5.5847751D0B1CDF9955862E237379FDDF] - |A| - [01/10/2017 06:21:54] - (.-.) - [172.83 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc009.dat [MD5.9F1B1691D2E1A69CC3023AA9CDD47E5A] - |A| - [01/10/2017 06:28:55] - (.-.) - [188.85 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc00C.dat [MD5.32BC2E0CC95E2DCEE25B15BFB82D07B8] - |A| - [01/10/2017 06:21:54] - (.-.) - [32.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd009.dat [MD5.AA180E09E4990FF71FBEAC8C4455CF47] - |A| - [01/10/2017 06:28:55] - (.-.) - [39.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd00C.dat [MD5.E3DFC6D27856E09355C1499A38F0AB57] - |A| - [01/10/2017 06:21:54] - (.-.) - [846.12 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh009.dat [MD5.E341F6303F4034406D405A13D3523AD5] - |A| - [01/10/2017 06:28:55] - (.-.) - [924.07 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh00C.dat [MD5.BD7AA0A60A729B19FE1AA913F96D8A14] - |A| - [30/09/2017 20:54:27] - (.-.) - [2125.88 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PerfStringBackup.INI [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:42] - [306 Ko] - C:\WINDOWS\System32\pl-PL [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:42] - [571.5 Ko] - C:\WINDOWS\System32\PointOfService [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:25:09] - [834.3 Ko] - C:\WINDOWS\System32\Printing_Admin_Scripts [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:42] - [0 Ko] - C:\WINDOWS\System32\ProximityToast [MD5.007893E8374C766471239EB291BA8C17] - |A| - [16/07/2016 13:42:31] - (.-.) - [4.05 Ko] - (0.0.0.0) - C:\WINDOWS\System32\psmodulediscoveryprovider.mof [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:42] - [308 Ko] - C:\WINDOWS\System32\pt-BR [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:42] - [303.5 Ko] - C:\WINDOWS\System32\pt-PT [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:42] - [23.75 Ko] - C:\WINDOWS\System32\ras [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:42] - [0 Ko] - C:\WINDOWS\System32\RasToast [MD5.5D9616D2A76F38EF94866248CA4EDB2C] - |A| - [16/07/2016 13:43:18] - (.Copyright (C) 2009 - RemoteFX Helper.) - [106 Ko] - (1.1.0.0) - C:\WINDOWS\System32\RDVGHelper.exe [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:42] - [1.99 Ko] - C:\WINDOWS\System32\Recovery [MD5.692DC6EF573FFCDD9DFB55D1C783DB93] - |A| - [16/07/2016 13:42:04] - (.-.) - [0.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\removehypervisor.mof [MD5.D67CDB8D2584AAC165A77488C5A7A987] - |A| - [16/07/2016 13:42:37] - (.-.) - [8.92 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriHMImageList [MD5.4FE9CE56EFA89779D81B988698D2454C] - |A| - [16/07/2016 13:42:37] - (.-.) - [8.4 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriImageList [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:42] - [0.07 Ko] - C:\WINDOWS\System32\restore [MD5.24B2ADA395883FA03260D6DEB1B39869] - |A| - [30/09/2017 23:13:02] - (.© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DAA Control Panel x64.) - [314.17 Ko] - (6.0.6001.18) - C:\WINDOWS\System32\RP3DAA64.dll [MD5.6241068A334C45059492867DF7890588] - |A| - [30/09/2017 23:13:02] - (.© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DHT Control Panel x64.) - [314.17 Ko] - (6.0.6001.18) - C:\WINDOWS\System32\RP3DHT64.dll [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 23:13:56] - [213.47 Ko] - C:\WINDOWS\System32\RTCOM [MD5.793408DA550E60C0CF1C760F4C49C1E1] - |A| - [30/09/2017 23:13:02] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 COM DLL x64.) - [209.79 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEED64A.dll [MD5.6C41CFD7D8437E6DD597439164418BE9] - |A| - [30/09/2017 23:13:02] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 GFX APO x64.) - [86.27 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEEG64A.dll [MD5.28D25F2764B6DB8CE3E2B0707119E9C7] - |A| - [30/09/2017 23:13:02] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 LFX APO x64.) - [108.38 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEEL64A.dll [MD5.B817DB4E2172DA73044E7D64304363D8] - |A| - [30/09/2017 23:13:02] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 Control Panel x64.) - [378.23 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEEP64A.dll [MD5.5C18CD22BE4628865FCB63337A6E5EF6] - |A| - [16/07/2016 13:43:50] - (.-.) - [10.18 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScavengeSpace.xml [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:42] - [6.92 Ko] - C:\WINDOWS\System32\SecureBootUpdates [MD5.A8308D2F3DDE0745E8B678BF69A2ECD0] - |A| - [16/07/2016 13:42:34] - (.-.) - [8 Ko] - (0.0.0.0) - C:\WINDOWS\System32\settings.dat [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:42] - [245 Ko] - C:\WINDOWS\System32\sk-SK [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:42] - [240.5 Ko] - C:\WINDOWS\System32\sl-SI [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 20:38:49] - [1152 Ko] - C:\WINDOWS\System32\SleepStudy [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:25:09] - [98.06 Ko] - C:\WINDOWS\System32\slmgr [MD5.1C6F12AA3D178A0A953E8005B3CD4CDE] - |A| - [16/07/2016 13:42:22] - (.-.) - [68.14 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SmallRoom.bin [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 05:56:29] - [13633.02 Ko] - C:\WINDOWS\System32\SMI [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:42] - [7799.34 Ko] - C:\WINDOWS\System32\Speech [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:42] - [8650.63 Ko] - C:\WINDOWS\System32\Speech_OneCore [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:42] - [51125.94 Ko] - C:\WINDOWS\System32\spool [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:42] - [10024.04 Ko] - C:\WINDOWS\System32\spp [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:42] - [31.88 Ko] - C:\WINDOWS\System32\sppui [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:42] - [243.5 Ko] - C:\WINDOWS\System32\sr-Latn-CS [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:42] - [244 Ko] - C:\WINDOWS\System32\sr-Latn-RS [MD5.C1AA14DBA23EB5AE5044727DF182FE5C] - |A| - [16/07/2016 13:42:16] - (.-.) - [54.8 Ko] - (0.0.0.0) - C:\WINDOWS\System32\srms.dat [MD5.69DEC334A320C6B6D9B3A09570741FAA] - |A| - [30/09/2017 23:13:05] - (.(c) 2007 SRS Labs, Inc. - COM object implementing SRS Headphone 360.) - [204.62 Ko] - (1.1.0.0) - C:\WINDOWS\System32\SRSHP64.dll [MD5.5951E1D28E558C338408DDDC02497B9D] - |A| - [30/09/2017 23:13:05] - (.Copyright (c) 2006 SRS Labs, Inc.. - TruSurround HD and HD4 COM object for Windows.) - [216.76 Ko] - (1.1.4.0) - C:\WINDOWS\System32\SRSTSH64.dll [MD5.DCFEBC12609F7605EAEB2514ADEE16AD] - |A| - [30/09/2017 23:13:05] - (.Copyright 2002 SRS Labs, Inc. - TruSurroundXT Module.) - [519.9 Ko] - (3.2.0.0) - C:\WINDOWS\System32\SRSTSX64.dll [MD5.3D5F9EF9749AC9BFEE28C00E49FB689A] - |A| - [30/09/2017 23:13:05] - (.(c) 2006 SRS Labs, Inc. - WOW HD COM object for Windows.) - [162.3 Ko] - (1.1.3.0) - C:\WINDOWS\System32\SRSWOW64.dll [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:42] - [1624 Ko] - C:\WINDOWS\System32\sru [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:42] - [293.5 Ko] - C:\WINDOWS\System32\sv-SE [MD5.20C4FE2B130D9F0C92D7629E71AFBB66] - |A| - [16/07/2016 13:43:20] - (.-.) - [1.68 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SyncAppvPublishingServer.vbs [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:39] - [1633.28 Ko] - C:\WINDOWS\System32\Sysprep [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:42] - [920.78 Ko] - C:\WINDOWS\System32\SystemResetPlatform [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:42] - [566.81 Ko] - C:\WINDOWS\System32\Tasks [MD5.D602CA245CC6774A0981B607F0675609] - |A| - [16/07/2016 13:42:39] - (.-.) - [58.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\tcpmon.ini [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:42] - [227.5 Ko] - C:\WINDOWS\System32\th-TH [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:42] - [289.5 Ko] - C:\WINDOWS\System32\tr-TR [MD5.C8F2952DAE3971614DBD0C509F35BE93] - |A| - [16/07/2016 13:42:38] - (.-.) - [10.29 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlan.xslt [MD5.2F05390B798363D51EBE65D6320CD45E] - |A| - [16/07/2016 13:42:38] - (.-.) - [1.65 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlanCredentials.xslt [MD5.D200497DD3A24F138123F0EB6C385D1D] - |A| - [16/07/2016 13:43:20] - (.-.) - [0.14 Ko] - (0.0.0.0) - C:\WINDOWS\System32\UevAppMonitor.exe.config [MD5.4AAEE8D86EC81DA2A1514ABC77E71F57] - |A| - [16/07/2016 13:43:20] - (.-.) - [3.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\UevCustomActionTypes.tlb [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:42] - [240 Ko] - C:\WINDOWS\System32\uk-UA [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 15:23:27] - [2199.72 Ko] - C:\WINDOWS\System32\UNP [MD5.E7482D1D449217C8641762F5C38E157C] - |A| - [16/07/2016 13:42:12] - (.-.) - [9.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\VpnSohDesktop.dll [MD5.86D8AA8AD43521B62F59CC97A5BA6FC0] - |A| - [20/07/2017 19:21:20] - (.Copyright (C) 2015-2017 - Vulkan Loader.) - [884.28 Ko] - (1.0.54.1) - C:\WINDOWS\System32\vulkan-1-1-0-54-1.dll [MD5.86D8AA8AD43521B62F59CC97A5BA6FC0] - |A| - [01/10/2017 00:18:54] - (.Copyright (C) 2015-2017 - Vulkan Loader.) - [884.28 Ko] - (1.0.54.1) - C:\WINDOWS\System32\vulkan-1.dll [MD5.751FD6842AE1BD621EBB8893F5388C96] - |A| - [20/07/2017 19:21:14] - (.-.) - [565.28 Ko] - (0.0.0.0) - C:\WINDOWS\System32\vulkaninfo-1-1-0-54-1.exe [MD5.751FD6842AE1BD621EBB8893F5388C96] - |A| - [01/10/2017 00:18:54] - (.-.) - [565.28 Ko] - (0.0.0.0) - C:\WINDOWS\System32\vulkaninfo.exe [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:42] - [100314.84 Ko] - C:\WINDOWS\System32\wbem [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:25:09] - [0 Ko] - C:\WINDOWS\System32\WCN [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:42] - [49177.88 Ko] - C:\WINDOWS\System32\WDI [MD5.6EDD021A8B6457DDE09DE7B7FA4E8C8B] - |A| - [16/07/2016 13:42:11] - (.-.) - [0.6 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WdsUnattendTemplate.xml [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:42] - [1.1 Ko] - C:\WINDOWS\System32\WinBioDatabase [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:42] - [42585.77 Ko] - C:\WINDOWS\System32\WinBioPlugIns [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:42] - [9914.89 Ko] - C:\WINDOWS\System32\WindowsPowerShell [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:43] - [64116 Ko] - C:\WINDOWS\System32\winevt [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:43] - [4228.5 Ko] - C:\WINDOWS\System32\WinMetadata [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:25:09] - [207.64 Ko] - C:\WINDOWS\System32\winrm [MD5.C30C621748C66CE751B19B2788559A3E] - |A| - [16/07/2016 13:42:35] - (.-.) - [4.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpcmon.png [MD5.B6B479B04C64AF5EF36C24EBDF278302] - |A| - [16/07/2016 13:42:27] - (.-.) - [0.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpr.config.xml [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:43] - [208 Ko] - C:\WINDOWS\System32\zh-CN [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:43] - [202.5 Ko] - C:\WINDOWS\System32\zh-HK [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:43] - [202.5 Ko] - C:\WINDOWS\System32\zh-TW [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:25:10] - [0 Ko] - C:\WINDOWS\SysWOW64\0409 [MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [16/07/2016 13:43:00] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@AudioToastIcon.png [MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [16/07/2016 13:43:02] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@EnrollmentToastIcon.png [MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [16/07/2016 13:43:02] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@VpnToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:43] - [2141.84 Ko] - C:\WINDOWS\SysWOW64\AdvancedInstallers [MD5.E4BF71F72E211B12AFC77CACEE12628A] - |A| - [30/09/2017 22:26:43] - (.-.) - [268.5 Ko] - (1.0.340.0) - C:\WINDOWS\SysWOW64\APOMngr.DLL [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:43] - [0 Ko] - C:\WINDOWS\SysWOW64\AppLocker [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:43] - [250 Ko] - C:\WINDOWS\SysWOW64\ar-SA [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:43] - [222 Ko] - C:\WINDOWS\SysWOW64\bg-BG [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:43] - [0.93 Ko] - C:\WINDOWS\SysWOW64\Bthprops [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:43] - [0 Ko] - C:\WINDOWS\SysWOW64\catroot [MD5.FAB1F423FAC9F69024BAA3F9CD3B7916] - |N| - [30/09/2017 22:26:52] - (.Copyright (c) 2011 Creative Technology Ltd. - Creative Host SoundCore Module.) - [319.63 Ko] - (1.0.7.0) - C:\WINDOWS\SysWOW64\ChezSC32.DLL [MD5.BDBB29F1C23665A4721F79D9BFF60FA6] - |A| - [30/09/2017 22:26:43] - (.-.) - [72.5 Ko] - (1.0.64.0) - C:\WINDOWS\SysWOW64\CmdRtr.DLL [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:43] - [323 Ko] - C:\WINDOWS\SysWOW64\Com [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:43] - [877235.34 Ko] - C:\WINDOWS\SysWOW64\config [MD5.00000000000000000000000000000000] - |SD| - [01/10/2017 06:19:43] - [83.9 Ko] - C:\WINDOWS\SysWOW64\Configuration [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:43] - [267.5 Ko] - C:\WINDOWS\SysWOW64\cs-CZ [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:43] - [264.5 Ko] - C:\WINDOWS\SysWOW64\da-DK [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:43] - [298.5 Ko] - C:\WINDOWS\SysWOW64\de-DE [MD5.00000000000000000000000000000000] - |SD| - [01/10/2017 06:19:43] - [19 Ko] - C:\WINDOWS\SysWOW64\DiagSvcs [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:43] - [6292.55 Ko] - C:\WINDOWS\SysWOW64\Dism [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:43] - [1068.16 Ko] - C:\WINDOWS\SysWOW64\downlevel [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:43] - [3422.15 Ko] - C:\WINDOWS\SysWOW64\drivers [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:43] - [0 Ko] - C:\WINDOWS\SysWOW64\DriverStore [MD5.666AB5CD9B4825BD6F8938F5C0E0B06C] - |A| - [02/10/2017 16:57:25] - (.Copyright © EasyAntiCheat Ltd 2016 - EasyAntiCheat Service.) - [373.04 Ko] - (4.0.0.0) - C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:43] - [293 Ko] - C:\WINDOWS\SysWOW64\el-GR [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:25:10] - [3108.5 Ko] - C:\WINDOWS\SysWOW64\en [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:43] - [213 Ko] - C:\WINDOWS\SysWOW64\en-GB [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:43] - [34159.41 Ko] - C:\WINDOWS\SysWOW64\en-US [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:43] - [287.5 Ko] - C:\WINDOWS\SysWOW64\es-ES [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:43] - [231.5 Ko] - C:\WINDOWS\SysWOW64\es-MX [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:43] - [209 Ko] - C:\WINDOWS\SysWOW64\et-EE [MD5.00000000000000000000000000000000] - |SD| - [01/10/2017 06:19:43] - [21886.16 Ko] - C:\WINDOWS\SysWOW64\F12 [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:43] - [267.5 Ko] - C:\WINDOWS\SysWOW64\fi-FI [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:28:27] - [3140 Ko] - C:\WINDOWS\SysWOW64\fr [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:43] - [237 Ko] - C:\WINDOWS\SysWOW64\fr-CA [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:43] - [37419.55 Ko] - C:\WINDOWS\SysWOW64\fr-FR [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:43] - [0 Ko] - C:\WINDOWS\SysWOW64\FxsTmp [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:43] - [0 Ko] - C:\WINDOWS\SysWOW64\GroupPolicy [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:43] - [0 Ko] - C:\WINDOWS\SysWOW64\GroupPolicyUsers [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:43] - [238.5 Ko] - C:\WINDOWS\SysWOW64\he-IL [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:43] - [217 Ko] - C:\WINDOWS\SysWOW64\hr-HR [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:43] - [270.5 Ko] - C:\WINDOWS\SysWOW64\hu-HU [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:43] - [36.27 Ko] - C:\WINDOWS\SysWOW64\icsxml [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:43] - [21381.17 Ko] - C:\WINDOWS\SysWOW64\IME [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:43] - [0 Ko] - C:\WINDOWS\SysWOW64\inetsrv [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:43] - [201 Ko] - C:\WINDOWS\SysWOW64\InputMethod [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:43] - [1160 Ko] - C:\WINDOWS\SysWOW64\InstallShield [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:44] - [0 Ko] - C:\WINDOWS\SysWOW64\Ipmi [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:44] - [293 Ko] - C:\WINDOWS\SysWOW64\it-IT [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:44] - [214.5 Ko] - C:\WINDOWS\SysWOW64\ja-JP [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:44] - [212.5 Ko] - C:\WINDOWS\SysWOW64\ko-KR [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:44] - [73.41 Ko] - C:\WINDOWS\SysWOW64\Licenses [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 22:54:38] - [13596.16 Ko] - C:\WINDOWS\SysWOW64\LiveUpdate [MD5.3A119F9265AD452A8F84846F5620AE76] - |A| - [30/09/2017 22:54:38] - (.-.) - [4.61 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\LiveUpdate 6.2 ReleaseNote.txt [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:44] - [0 Ko] - C:\WINDOWS\SysWOW64\LogFiles [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:44] - [213.5 Ko] - C:\WINDOWS\SysWOW64\lt-LT [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:44] - [214.5 Ko] - C:\WINDOWS\SysWOW64\lv-LV [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:44] - [24403.4 Ko] - C:\WINDOWS\SysWOW64\Macromed [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:44] - [32.68 Ko] - C:\WINDOWS\SysWOW64\MailContactsCalendarSync [MD5.46B2789314A5327D88365E275101774B] - |A| - [30/09/2017 22:15:21] - (.Copyright (c) 2006-2016 Creative Technology Ltd. - Creative Audio Processing Object Module.) - [1702.48 Ko] - (1.2.16.129) - C:\WINDOWS\SysWOW64\MBAPO232.dll [MD5.20FD18FE9EA2612ED9B421064D69F3D8] - |N| - [30/09/2017 22:26:52] - (.Copyright (C) 2014 -.) - [37.13 Ko] - (1.21.0.0) - C:\WINDOWS\SysWOW64\MBCfg32.dll [MD5.7391C842DFF4D7ACCA1B3C38486178E8] - |N| - [30/09/2017 22:26:52] - (.Copyright (c) 2009 Creative Technology Ltd. -.) - [135.63 Ko] - (0.0.0.6) - C:\WINDOWS\SysWOW64\MBCfg32.exe [MD5.32B2157AB3B90F7AB725C10037515894] - |N| - [30/09/2017 22:26:52] - (.-.) - [13.42 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\MBCfg32.ini [MD5.222FAD09ACEA780623E9E8364EFDB6B8] - |N| - [30/09/2017 22:26:52] - (.-.) - [5.72 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\MBCfgUninstall32.ini [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:44] - [2951.46 Ko] - C:\WINDOWS\SysWOW64\migration [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:44] - [821.34 Ko] - C:\WINDOWS\SysWOW64\migwiz [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:44] - [45.5 Ko] - C:\WINDOWS\SysWOW64\MSDRM [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:44] - [52.28 Ko] - C:\WINDOWS\SysWOW64\MsDtc [MD5.B9966F800D2A3A1522B1825077785C40] - |A| - [30/09/2017 22:39:20] - (.Copyright (c) 2015 Micro-Star INT'L CO.,LTD. - Windows Host Process.) - [1653.16 Ko] - (1.0.0.1) - C:\WINDOWS\SysWOW64\muachost.exe [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:44] - [19.15 Ko] - C:\WINDOWS\SysWOW64\MUI [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:44] - [260.5 Ko] - C:\WINDOWS\SysWOW64\nb-NO [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:44] - [0 Ko] - C:\WINDOWS\SysWOW64\NDF [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:44] - [51 Ko] - C:\WINDOWS\SysWOW64\networklist [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:44] - [278 Ko] - C:\WINDOWS\SysWOW64\nl-NL [MD5.00000000000000000000000000000000] - |SD| - [01/10/2017 06:19:44] - [3781.5 Ko] - C:\WINDOWS\SysWOW64\Nui [MD5.9E88EEF667B0E39FA9D4F82942E7CB83] - |A| - [01/10/2017 00:14:43] - (.-.) - [0.65 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\nv-vk32.json [MD5.98F6807EBE3215EBEB8D4F6C21C86A2E] - |N| - [30/09/2017 22:26:52] - (.Copyright (C) 2011 - Command Router Restore Utility.) - [15.13 Ko] - (2.0.13.0) - C:\WINDOWS\SysWOW64\ResDefA.exe [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:44] - [0 Ko] - C:\WINDOWS\SysWOW64\restore [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:44] - [218.5 Ko] - C:\WINDOWS\SysWOW64\ro-RO [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 22:17:07] - [4737.64 Ko] - C:\WINDOWS\SysWOW64\RTCOM [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:44] - [270.5 Ko] - C:\WINDOWS\SysWOW64\ru-RU [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:44] - [219 Ko] - C:\WINDOWS\SysWOW64\sk-SK [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:44] - [215.5 Ko] - C:\WINDOWS\SysWOW64\sl-SI [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:25:10] - [98.06 Ko] - C:\WINDOWS\SysWOW64\slmgr [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:44] - [0 Ko] - C:\WINDOWS\SysWOW64\SMI [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:44] - [4241.34 Ko] - C:\WINDOWS\SysWOW64\Speech [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:44] - [6279.48 Ko] - C:\WINDOWS\SysWOW64\Speech_OneCore [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:44] - [1677.83 Ko] - C:\WINDOWS\SysWOW64\spp [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:44] - [31.88 Ko] - C:\WINDOWS\SysWOW64\sppui [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:44] - [223 Ko] - C:\WINDOWS\SysWOW64\sr-Latn-CS [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:44] - [219.5 Ko] - C:\WINDOWS\SysWOW64\sr-Latn-RS [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:44] - [0 Ko] - C:\WINDOWS\SysWOW64\sru [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:44] - [265.5 Ko] - C:\WINDOWS\SysWOW64\sv-SE [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:25:10] - [0 Ko] - C:\WINDOWS\SysWOW64\sysprep [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:44] - [0 Ko] - C:\WINDOWS\SysWOW64\Tasks [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:44] - [205 Ko] - C:\WINDOWS\SysWOW64\th-TH [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:44] - [261.5 Ko] - C:\WINDOWS\SysWOW64\tr-TR [MD5.01E96A85B337B702AE2BC7F838AE7B65] - |A| - [16/07/2016 13:43:20] - (.-.) - [3.34 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\UevCustomActionTypes.tlb [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:44] - [215.5 Ko] - C:\WINDOWS\SysWOW64\uk-UA [MD5.5C7D2255B4A154F5372DB35F6A68111B] - |A| - [20/07/2017 19:21:34] - (.Copyright (C) 2015-2017 - Vulkan Loader.) - [758.78 Ko] - (1.0.54.1) - C:\WINDOWS\SysWOW64\vulkan-1-1-0-54-1.dll [MD5.5C7D2255B4A154F5372DB35F6A68111B] - |A| - [01/10/2017 00:18:54] - (.Copyright (C) 2015-2017 - Vulkan Loader.) - [758.78 Ko] - (1.0.54.1) - C:\WINDOWS\SysWOW64\vulkan-1.dll [MD5.4EF3525836057B25E559CC9BAABC7ED7] - |A| - [20/07/2017 19:21:28] - (.-.) - [466.28 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\vulkaninfo-1-1-0-54-1.exe [MD5.4EF3525836057B25E559CC9BAABC7ED7] - |A| - [01/10/2017 00:18:54] - (.-.) - [466.28 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\vulkaninfo.exe [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:44] - [19965.36 Ko] - C:\WINDOWS\SysWOW64\wbem [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:25:11] - [0 Ko] - C:\WINDOWS\SysWOW64\WCN [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:44] - [8876.07 Ko] - C:\WINDOWS\SysWOW64\WindowsPowerShell [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:44] - [4228.5 Ko] - C:\WINDOWS\SysWOW64\WinMetadata [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:25:11] - [207.64 Ko] - C:\WINDOWS\SysWOW64\winrm [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:29:54] - [10.16 Ko] - C:\WINDOWS\SysWOW64\XPSViewer [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:44] - [190.5 Ko] - C:\WINDOWS\SysWOW64\zh-CN [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:44] - [185 Ko] - C:\WINDOWS\SysWOW64\zh-HK [MD5.00000000000000000000000000000000] - |D| - [01/10/2017 06:19:44] - [185 Ko] - C:\WINDOWS\SysWOW64\zh-TW ---------- | Shell Folders [HKU\S-1-5-21-2840930965-2178098826-1748127505-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] "!Do not use this registry key"=Use the SHGetFolderPath or SHGetKnownFolderPath function instead "AppData"=C:\Users\Villedieu Mathias\AppData\Roaming [30/09/2017 20:49:56] "Local AppData"=C:\Users\Villedieu Mathias\AppData\Local [30/09/2017 20:49:56] "{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"=C:\Users\Villedieu Mathias\AppData\Roaming\Microsoft\Windows\Libraries [30/09/2017 20:53:52] "My Video"=C:\Users\Villedieu Mathias\Videos [14/04/2017 04:16:29] "My Pictures"=C:\Users\Villedieu Mathias\Pictures [14/04/2017 04:16:29] "Desktop"=C:\Users\Villedieu Mathias\Desktop [14/04/2017 04:16:29] "History"=C:\Users\Villedieu Mathias\AppData\Local\Microsoft\Windows\History [30/09/2017 20:49:56] "NetHood"=C:\Users\Villedieu Mathias\AppData\Roaming\Microsoft\Windows\Network Shortcuts [30/09/2017 20:49:56] "{56784854-C6CB-462B-8169-88E350ACB882}"=C:\Users\Villedieu Mathias\Contacts [14/04/2017 04:16:52] "{00BCFC5A-ED94-4E48-96A1-3F6217F21990}"=C:\Users\Villedieu Mathias\AppData\Local\Microsoft\Windows\RoamingTiles [30/09/2017 21:06:15] "Cookies"=C:\Users\Villedieu Mathias\AppData\Local\Microsoft\Windows\INetCookies [30/09/2017 20:49:56] "Favorites"=C:\Users\Villedieu Mathias\Favorites [14/04/2017 04:16:29] "SendTo"=C:\Users\Villedieu Mathias\AppData\Roaming\Microsoft\Windows\SendTo [30/09/2017 20:49:56] "Start Menu"=C:\Users\Villedieu Mathias\AppData\Roaming\Microsoft\Windows\Start Menu [30/09/2017 20:49:56] "My Music"=C:\Users\Villedieu Mathias\Music [14/04/2017 04:16:29] "Programs"=C:\Users\Villedieu Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [30/09/2017 20:49:56] "Recent"=C:\Users\Villedieu Mathias\AppData\Roaming\Microsoft\Windows\Recent [30/09/2017 20:49:56] "CD Burning"=C:\Users\Villedieu Mathias\AppData\Local\Microsoft\Windows\Burn\Burn [30/09/2017 21:07:49] "PrintHood"=C:\Users\Villedieu Mathias\AppData\Roaming\Microsoft\Windows\Printer Shortcuts [30/09/2017 20:49:56] "{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}"=C:\Users\Villedieu Mathias\Searches [30/09/2017 21:06:15] "{374DE290-123F-4565-9164-39C4925E467B}"=C:\Users\Villedieu Mathias\Downloads [14/04/2017 04:16:29] "{A520A1A4-1780-4FF6-BD18-167343C5AF16}"=C:\Users\Villedieu Mathias\AppData\LocalLow [14/04/2017 04:16:29] "Startup"=C:\Users\Villedieu Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [30/09/2017 21:06:15] "Administrative Tools"=C:\Users\Villedieu Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [30/09/2017 21:06:15] "Personal"=C:\Users\Villedieu Mathias\Documents [14/04/2017 04:16:29] "{BFB9D5E0-C6A9-404C-B2B2-AE6DB6AF4968}"=C:\Users\Villedieu Mathias\Links [14/04/2017 04:16:29] "Cache"=C:\Users\Villedieu Mathias\AppData\Local\Microsoft\Windows\INetCache [30/09/2017 20:49:56] "Templates"=C:\Users\Villedieu Mathias\AppData\Roaming\Microsoft\Windows\Templates [30/09/2017 20:49:56] "{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}"=C:\Users\Villedieu Mathias\Saved Games [14/04/2017 04:16:29] "Fonts"=C:\WINDOWS\Fonts [01/10/2017 06:19:41] [HKU\S-1-5-21-2840930965-2178098826-1748127505-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders] "AppData"=%USERPROFILE%\AppData\Roaming "Desktop"=%USERPROFILE%\Desktop "Favorites"=%USERPROFILE%\Favorites "History"=%USERPROFILE%\AppData\Local\Microsoft\Windows\History "Local AppData"=%USERPROFILE%\AppData\Local "My Music"=%USERPROFILE%\Music "My Pictures"=%USERPROFILE%\Pictures "My Video"=%USERPROFILE%\Videos "NetHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Network Shortcuts "Personal"=%USERPROFILE%\Documents "PrintHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Printer Shortcuts "Programs"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs "Recent"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Recent "SendTo"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\SendTo "Start Menu"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu "Startup"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup "Templates"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Templates "{374DE290-123F-4565-9164-39C4925E467B}"=%USERPROFILE%\Downloads "Cache"=C:\Users\Villedieu Mathias\AppData\Local\Microsoft\Windows\INetCache [30/09/2017 20:49:56] "Cookies"=C:\Users\Villedieu Mathias\AppData\Local\Microsoft\Windows\INetCookies [30/09/2017 20:49:56] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] "Common Administrative Tools"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [01/10/2017 06:19:40] "Common AppData"=C:\ProgramData [01/10/2017 06:19:40] "Common Desktop"=C:\Users\Public\Desktop [16/07/2016 13:47:48] "Common Documents"=C:\Users\Public\Documents [16/07/2016 13:47:48] "Common Programs"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs [01/10/2017 06:19:40] "Common Start Menu"=C:\ProgramData\Microsoft\Windows\Start Menu [01/10/2017 06:19:40] "Common Startup"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [01/10/2017 06:19:40] "Common Templates"=C:\ProgramData\Microsoft\Windows\Templates [16/07/2016 13:47:48] "CommonMusic"=C:\Users\Public\Music [16/07/2016 13:47:48] "CommonPictures"=C:\Users\Public\Pictures [16/07/2016 13:47:48] "CommonVideo"=C:\Users\Public\Videos [16/07/2016 13:47:48] "OEM Links"=C:\ProgramData\OEM\Links [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders] "Common AppData"=%ProgramData% "Common Desktop"=%PUBLIC%\Desktop "Common Documents"=%PUBLIC%\Documents "Common Programs"=%ProgramData%\Microsoft\Windows\Start Menu\Programs "Common Start Menu"=%ProgramData%\Microsoft\Windows\Start Menu "Common Startup"=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup "Common Templates"=%ProgramData%\Microsoft\Windows\Templates "CommonMusic"=%PUBLIC%\Music "CommonPictures"=%PUBLIC%\Pictures "CommonVideo"=%PUBLIC%\Videos "{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"=%PUBLIC%\Downloads [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] "Common Administrative Tools"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [01/10/2017 06:19:40] "Common AppData"=C:\ProgramData [01/10/2017 06:19:40] "Common Desktop"=C:\Users\Public\Desktop [16/07/2016 13:47:48] "Common Documents"=C:\Users\Public\Documents [16/07/2016 13:47:48] "Common Programs"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs [01/10/2017 06:19:40] "Common Start Menu"=C:\ProgramData\Microsoft\Windows\Start Menu [01/10/2017 06:19:40] "Common Startup"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [01/10/2017 06:19:40] "Common Templates"=C:\ProgramData\Microsoft\Windows\Templates [16/07/2016 13:47:48] "CommonMusic"=C:\Users\Public\Music [16/07/2016 13:47:48] "CommonPictures"=C:\Users\Public\Pictures [16/07/2016 13:47:48] "CommonVideo"=C:\Users\Public\Videos [16/07/2016 13:47:48] "OEM Links"=C:\ProgramData\OEM\Links [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders] "Common AppData"=%ProgramData% "Common Desktop"=%PUBLIC%\Desktop "Common Documents"=%PUBLIC%\Documents "Common Programs"=%ProgramData%\Microsoft\Windows\Start Menu\Programs "Common Start Menu"=%ProgramData%\Microsoft\Windows\Start Menu "Common Startup"=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup "Common Templates"=%ProgramData%\Microsoft\Windows\Templates "CommonMusic"=%PUBLIC%\Music "CommonPictures"=%PUBLIC%\Pictures "CommonVideo"=%PUBLIC%\Videos "{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"=%PUBLIC%\Downloads ---------- | [Public] ---------- | [Villedieu Mathias] [30/09/2017 20:49:56] - |D| - [788441987] - C:\Users\Villedieu Mathias\AppData\Local [14/04/2017 04:16:29] - |D| - [6203792] - C:\Users\Villedieu Mathias\AppData\LocalLow [30/09/2017 20:49:56] - |D| - [49977262] - C:\Users\Villedieu Mathias\AppData\Roaming [30/09/2017 20:49:57] - |SHD| - [7719729403] - C:\Users\Villedieu Mathias\AppData\Local\Application Data [30/09/2017 21:39:41] - |D| - [28199246] - C:\Users\Villedieu Mathias\AppData\Local\Battle.net [30/09/2017 21:43:44] - |D| - [264] - C:\Users\Villedieu Mathias\AppData\Local\Blizzard Entertainment [30/09/2017 21:42:24] - |D| - [0] - C:\Users\Villedieu Mathias\AppData\Local\CEF [30/09/2017 21:08:19] - |D| - [163598042] - C:\Users\Villedieu Mathias\AppData\Local\Comms [30/09/2017 21:06:04] - |D| - [1111758] - C:\Users\Villedieu Mathias\AppData\Local\ConnectedDevicesPlatform [30/09/2017 22:42:30] - |D| - [1302513] - C:\Users\Villedieu Mathias\AppData\Local\CrashDumps [30/09/2017 20:49:57] - |SHD| - [130] - C:\Users\Villedieu Mathias\AppData\Local\History [02/10/2017 01:33:29] - |AH| - [11232] - C:\Users\Villedieu Mathias\AppData\Local\IconCache.db [30/09/2017 20:49:56] - |D| - [239086237] - C:\Users\Villedieu Mathias\AppData\Local\Microsoft [30/09/2017 21:11:18] - |D| - [82095] - C:\Users\Villedieu Mathias\AppData\Local\MicrosoftEdge [30/09/2017 21:12:57] - |D| - [32836758] - C:\Users\Villedieu Mathias\AppData\Local\Mozilla [30/09/2017 22:34:26] - |D| - [91608279] - C:\Users\Villedieu Mathias\AppData\Local\NVIDIA [30/09/2017 22:35:01] - |D| - [8330614] - C:\Users\Villedieu Mathias\AppData\Local\NVIDIA Corporation [30/09/2017 21:06:13] - |D| - [153062999] - C:\Users\Villedieu Mathias\AppData\Local\Packages [30/09/2017 21:30:18] - |D| - [0] - C:\Users\Villedieu Mathias\AppData\Local\PeerDistRepub [30/09/2017 22:13:17] - |D| - [0] - C:\Users\Villedieu Mathias\AppData\Local\Programs [30/09/2017 21:06:29] - |D| - [162274] - C:\Users\Villedieu Mathias\AppData\Local\Publishers [30/09/2017 20:49:56] - |D| - [55110283] - C:\Users\Villedieu Mathias\AppData\Local\Temp [30/09/2017 20:49:57] - |SHD| - [29661347] - C:\Users\Villedieu Mathias\AppData\Local\Temporary Internet Files [30/09/2017 21:06:09] - |D| - [13787136] - C:\Users\Villedieu Mathias\AppData\Local\TileDataLayer [30/09/2017 21:42:05] - |D| - [4105] - C:\Users\Villedieu Mathias\AppData\Local\Ubisoft Game Launcher [01/10/2017 19:57:07] - |D| - [0] - C:\Users\Villedieu Mathias\AppData\Local\UNP [30/09/2017 21:06:16] - |D| - [0] - C:\Users\Villedieu Mathias\AppData\Local\VirtualStore [30/09/2017 21:33:01] - |D| - [158397] - C:\Users\Villedieu Mathias\AppData\Local\ZHP [14/04/2017 00:23:36] - |D| - [39936] - C:\Users\Villedieu Mathias\AppData\LocalLow\Adobe [13/04/2017 23:09:38] - |SD| - [3743120] - C:\Users\Villedieu Mathias\AppData\LocalLow\Microsoft [13/04/2017 23:31:50] - |D| - [2420736] - C:\Users\Villedieu Mathias\AppData\LocalLow\Mozilla [30/09/2017 21:06:13] - |D| - [0] - C:\Users\Villedieu Mathias\AppData\Roaming\Adobe [30/09/2017 21:43:34] - |D| - [3226] - C:\Users\Villedieu Mathias\AppData\Roaming\Battle.net [02/10/2017 16:59:12] - |D| - [1476648] - C:\Users\Villedieu Mathias\AppData\Roaming\EasyAntiCheat [30/09/2017 20:49:56] - |SD| - [2106679] - C:\Users\Villedieu Mathias\AppData\Roaming\Microsoft [30/09/2017 21:12:57] - |D| - [43504346] - C:\Users\Villedieu Mathias\AppData\Roaming\Mozilla [01/10/2017 20:04:02] - |D| - [76] - C:\Users\Villedieu Mathias\AppData\Roaming\Skype [30/09/2017 21:21:37] - |D| - [2886287] - C:\Users\Villedieu Mathias\AppData\Roaming\ZHP [30/09/2017 21:06:15] - |ASH| - [174] - C:\Users\Villedieu Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini [30/09/2017 20:49:56] - |RD| - [26272] - C:\Users\Villedieu Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [30/09/2017 20:49:56] - |RD| - [3888] - C:\Users\Villedieu Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility [30/09/2017 20:49:56] - |RD| - [2929] - C:\Users\Villedieu Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [30/09/2017 21:06:15] - |RD| - [174] - C:\Users\Villedieu Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [30/09/2017 21:06:15] - |ASH| - [174] - C:\Users\Villedieu Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini [30/09/2017 21:06:42] - |A| - [1051] - C:\Users\Villedieu Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fonctionnalités optionnelles.lnk [30/09/2017 20:49:56] - |D| - [170] - C:\Users\Villedieu Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [30/09/2017 21:09:04] - |A| - [2447] - C:\Users\Villedieu Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk [30/09/2017 21:06:15] - |RD| - [174] - C:\Users\Villedieu Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [30/09/2017 20:49:56] - |RD| - [5318] - C:\Users\Villedieu Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools [30/09/2017 21:42:05] - |D| - [2709] - C:\Users\Villedieu Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft [30/09/2017 20:49:56] - |RD| - [7238] - C:\Users\Villedieu Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell [30/09/2017 21:06:15] - |ASH| - [174] - C:\Users\Villedieu Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | C:\ProgramData [30/09/2017 20:57:23] - |SHD| - [11284711280] - C:\ProgramData\Application Data [30/09/2017 21:39:02] - |D| - [35873180] - C:\ProgramData\Battle.net [01/10/2017 14:36:00] - |D| - [9311] - C:\ProgramData\Blizzard Entertainment [01/10/2017 06:19:40] - |D| - [0] - C:\ProgramData\Comms [30/09/2017 22:26:51] - |D| - [48342] - C:\ProgramData\Creative [30/09/2017 20:57:23] - |SHD| - [16257] - C:\ProgramData\Desktop [30/09/2017 20:57:23] - |SHD| - [278] - C:\ProgramData\Documents [30/09/2017 22:07:47] - |D| - [139231736] - C:\ProgramData\Downloaded Installations [30/09/2017 23:45:02] - |D| - [1938711] - C:\ProgramData\DriversCloud.com [02/10/2017 16:59:06] - |D| - [5901859] - C:\ProgramData\For Honor Data [30/09/2017 22:12:10] - |D| - [18228] - C:\ProgramData\Killer [30/09/2017 22:13:25] - |D| - [97774880] - C:\ProgramData\Malwarebytes [30/09/2017 22:29:58] - |D| - [7707341] - C:\ProgramData\Martau [01/10/2017 06:19:40] - |SD| - [710338620] - C:\ProgramData\Microsoft [30/09/2017 21:08:02] - |D| - [0] - C:\ProgramData\Microsoft OneDrive [30/09/2017 22:29:58] - |A| - [16] - C:\ProgramData\mntemp [30/09/2017 20:46:05] - |D| - [2516601] - C:\ProgramData\NVIDIA [30/09/2017 20:45:59] - |D| - [5201800] - C:\ProgramData\NVIDIA Corporation [30/09/2017 22:34:06] - |D| - [36026872] - C:\ProgramData\Package Cache [01/10/2017 06:19:40] - |D| - [1001] - C:\ProgramData\regid.1991-06.com.microsoft [01/10/2017 06:19:40] - |D| - [0] - C:\ProgramData\SoftwareDistribution [30/09/2017 20:57:23] - |SHD| - [99451] - C:\ProgramData\Start Menu [30/09/2017 20:57:23] - |SHD| - [0] - C:\ProgramData\Templates [01/10/2017 06:19:40] - |D| - [2942] - C:\ProgramData\USOPrivate [30/09/2017 20:40:24] - |D| - [458752] - C:\ProgramData\USOShared ---------- | C:\ProgramData\Microsoft\Windows\Start Menu [01/10/2017 06:19:47] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini [01/10/2017 06:19:40] - |RD| - [99277] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs [01/10/2017 06:19:40] - |RD| - [1614] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility [01/10/2017 06:19:40] - |RD| - [14299] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories [01/10/2017 06:19:40] - |RD| - [23012] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [30/09/2017 21:43:27] - |D| - [900] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Application Blizzard [30/09/2017 22:26:26] - |D| - [4942] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative [01/10/2017 06:19:47] - |ASH| - [666] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini [30/09/2017 23:45:03] - |D| - [2967] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriversCloud.com [01/10/2017 15:24:20] - |D| - [948] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm [16/07/2016 13:43:50] - |RAS| - [2349] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk [30/09/2017 22:12:10] - |D| - [5141] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Killer Networking [01/10/2017 06:19:40] - |D| - [170] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance [30/09/2017 22:13:31] - |D| - [3896] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes [16/07/2016 13:42:22] - |RAS| - [2219] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiracastView.lnk [30/09/2017 21:12:47] - |A| - [1005] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [30/09/2017 22:39:07] - |D| - [20262] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI [01/10/2017 00:19:56] - |D| - [6653] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [16/07/2016 13:43:50] - |RAS| - [2199] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintDialog.lnk [01/10/2017 06:19:40] - |RD| - [2473] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp [01/10/2017 06:19:40] - |RD| - [2670] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools [30/09/2017 22:29:57] - |A| - [892] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Uninstall 6.lnk ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [01/10/2017 06:19:47] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini [30/09/2017 22:12:10] - |A| - [2299] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk ---------- | C:\Program Files (x86) [30/09/2017 22:27:27] - |D| - [9244631] - C:\Program Files (x86)\ASM104xUSB3 [30/09/2017 21:41:52] - |D| - [192283463] - C:\Program Files (x86)\Blizzard App [01/10/2017 05:56:29] - |D| - [26546743] - C:\Program Files (x86)\Common Files [30/09/2017 22:24:47] - |D| - [46548698] - C:\Program Files (x86)\Creative [01/10/2017 06:19:47] - |ASH| - [174] - C:\Program Files (x86)\desktop.ini [01/10/2017 14:36:36] - |D| - [10906970644] - C:\Program Files (x86)\Heroes of the Storm [30/09/2017 22:12:15] - |HD| - [136652000] - C:\Program Files (x86)\InstallShield Installation Information [01/10/2017 06:19:40] - |D| - [1998195] - C:\Program Files (x86)\Internet Explorer [01/10/2017 06:19:40] - |D| - [23935] - C:\Program Files (x86)\Microsoft.NET [30/09/2017 21:12:47] - |D| - [285135] - C:\Program Files (x86)\Mozilla Maintenance Service [01/10/2017 06:29:53] - |D| - [25757] - C:\Program Files (x86)\MSBuild [30/09/2017 22:39:07] - |D| - [537781069] - C:\Program Files (x86)\MSI [30/09/2017 20:45:50] - |D| - [433605146] - C:\Program Files (x86)\NVIDIA Corporation [30/09/2017 22:14:42] - |D| - [8295321] - C:\Program Files (x86)\Realtek [01/10/2017 06:29:53] - |D| - [38454529] - C:\Program Files (x86)\Reference Assemblies [30/09/2017 22:13:45] - |HD| - [0] - C:\Program Files (x86)\Temp [30/09/2017 21:42:03] - |D| - [56869099580] - C:\Program Files (x86)\Ubisoft [01/10/2017 00:18:53] - |D| - [1693066] - C:\Program Files (x86)\VulkanRT [01/10/2017 06:19:40] - |D| - [2027008] - C:\Program Files (x86)\Windows Defender [01/10/2017 06:19:40] - |D| - [5958656] - C:\Program Files (x86)\Windows Mail [01/10/2017 06:19:40] - |D| - [3352728] - C:\Program Files (x86)\Windows Media Player [01/10/2017 06:19:40] - |D| - [34128] - C:\Program Files (x86)\Windows Multimedia Platform [01/10/2017 06:19:40] - |D| - [7635650] - C:\Program Files (x86)\Windows NT [01/10/2017 06:19:40] - |D| - [5468864] - C:\Program Files (x86)\Windows Photo Viewer [01/10/2017 06:19:40] - |D| - [34128] - C:\Program Files (x86)\Windows Portable Devices [01/10/2017 06:19:40] - |SHD| - [0] - C:\Program Files (x86)\Windows Sidebar [01/10/2017 06:19:40] - |D| - [2282787] - C:\Program Files (x86)\WindowsPowerShell ---------- | C:\Program Files [01/10/2017 00:02:17] - |D| - [3104] - C:\Program Files\AMD [01/10/2017 05:56:29] - |D| - [47397189] - C:\Program Files\Common Files [01/10/2017 06:19:46] - |ASH| - [174] - C:\Program Files\desktop.ini [30/09/2017 23:45:02] - |D| - [19332043] - C:\Program Files\DriversCloud.com [01/10/2017 06:19:39] - |D| - [2591070] - C:\Program Files\Internet Explorer [30/09/2017 22:11:40] - |D| - [39553005] - C:\Program Files\Killer Networking [30/09/2017 22:13:25] - |D| - [146090538] - C:\Program Files\Malwarebytes [30/09/2017 21:12:43] - |D| - [148058876] - C:\Program Files\Mozilla Firefox [01/10/2017 06:29:53] - |D| - [25757] - C:\Program Files\MSBuild [30/09/2017 20:45:50] - |D| - [1005580965] - C:\Program Files\NVIDIA Corporation [30/09/2017 22:17:08] - |D| - [36456496] - C:\Program Files\Realtek [01/10/2017 06:29:53] - |D| - [36854953] - C:\Program Files\Reference Assemblies [01/10/2017 15:38:32] - |D| - [927033] - C:\Program Files\rempl [30/09/2017 22:29:54] - |D| - [30012076] - C:\Program Files\Total Uninstall 6 [30/09/2017 20:40:17] - |HD| - [0] - C:\Program Files\Uninstall Information [01/10/2017 15:23:27] - |D| - [4710951] - C:\Program Files\UNP [01/10/2017 06:19:39] - |D| - [15211634] - C:\Program Files\Windows Defender [01/10/2017 06:19:39] - |D| - [6297160] - C:\Program Files\Windows Defender Advanced Threat Protection [01/10/2017 06:19:39] - |D| - [6181888] - C:\Program Files\Windows Mail [01/10/2017 06:19:39] - |D| - [5113532] - C:\Program Files\Windows Media Player [01/10/2017 06:19:39] - |D| - [37784] - C:\Program Files\Windows Multimedia Platform [01/10/2017 06:19:39] - |D| - [7899330] - C:\Program Files\Windows NT [01/10/2017 06:19:39] - |D| - [6267584] - C:\Program Files\Windows Photo Viewer [01/10/2017 06:19:39] - |D| - [37784] - C:\Program Files\Windows Portable Devices [01/10/2017 06:19:39] - |SHD| - [0] - C:\Program Files\Windows Sidebar [01/10/2017 06:19:39] - |HD| - [2152091668] - C:\Program Files\WindowsApps [01/10/2017 06:19:39] - |D| - [2562255] - C:\Program Files\WindowsPowerShell ---------- | C:\Program Files (x86)\Common Files [30/09/2017 22:24:26] - |D| - [1929309] - C:\Program Files (x86)\Common Files\InstallShield [01/10/2017 06:19:39] - |D| - [14693313] - C:\Program Files (x86)\Common Files\Microsoft Shared [01/10/2017 06:19:40] - |D| - [2702] - C:\Program Files (x86)\Common Files\Services [01/10/2017 06:19:40] - |D| - [9921419] - C:\Program Files (x86)\Common Files\System ---------- | C:\Program Files\Common files [01/10/2017 06:19:39] - |D| - [36875052] - C:\Program Files\Common files\microsoft shared [01/10/2017 06:19:39] - |D| - [2702] - C:\Program Files\Common files\Services [01/10/2017 06:19:39] - |D| - [10519435] - C:\Program Files\Common files\System ---------- | Tasks [MD5.92BCF7C91335C931F166DD1E0D06B132] - [01/10/2017 19:53:27] - |A| - [214] - C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job [MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [30/09/2017 20:39:19] - |AH| - [6] - C:\WINDOWS\Tasks\SA.DAT [MD5.00000000000000000000000000000000] - [01/10/2017 06:19:42] - |D| - [529024] - C:\WINDOWS\System32\Tasks\Microsoft [MD5.82E7DE159B52985597EB4D8300BDE1B0] - [30/09/2017 23:17:37] - |A| - [3190] - C:\WINDOWS\System32\Tasks\MSIGH_Host : C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey.exe [MD5.1001AD0C9E0654BDEF984D31AFDEEB21] - [30/09/2017 22:40:54] - |A| - [3132] - C:\WINDOWS\System32\Tasks\MSIOSDx64_Host : C:\Program Files (x86)\MSI\Gaming APP\OSD\x64\MsiGamingOSD_x64.exe [MD5.75D13771C6BECC87D06ABC092A9464DA] - [30/09/2017 22:40:54] - |A| - [3132] - C:\WINDOWS\System32\Tasks\MSIOSDx86_Host : C:\Program Files (x86)\MSI\Gaming APP\OSD\x86\MsiGamingOSD_x86.exe [MD5.A73F9C1DA3D5B7E14051ACC71FC75810] - [30/09/2017 22:40:48] - |A| - [3058] - C:\WINDOWS\System32\Tasks\MSISW_Host : C:\WINDOWS\SysWoW64\muachost.exe [MD5.C116CF7569E84EAAE04E0F78FA259611] - [01/10/2017 00:20:19] - |A| - [4308] - C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [MD5.09B5EF68C8E4E211CCF3E5B73A11BAEF] - [01/10/2017 00:20:33] - |A| - [4000] - C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe" [MD5.98EC65B4186006BA30A9F638C8414338] - [01/10/2017 00:20:34] - |A| - [3994] - C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [MD5.9F5315C5E20E718B41670FA6D335F074] - [01/10/2017 00:20:08] - |A| - [3894] - C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [MD5.4C1943F7A098FE04B84E9B3BDC3715BF] - [01/10/2017 00:20:08] - |A| - [3654] - C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [MD5.2D62DE7DD46269BF68D84A2724403FB5] - [01/10/2017 00:20:08] - |A| - [3858] - C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [MD5.ADAD3DC73227BFB5497EF5B02F8FED89] - [01/10/2017 00:20:08] - |A| - [3696] - C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [MD5.0822598E28D43C0EDACD5FAC495B7532] - [01/10/2017 00:20:08] - |A| - [3866] - C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [MD5.0EEC804E6A96178D79DDBA9C8F031C9E] - [30/09/2017 21:10:21] - |A| - [3402] - C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2840930965-2178098826-1748127505-1001 : %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe [MD5.9FEFE90E34900BE3CCAA9F4C5370D9F4] - [30/09/2017 21:32:50] - |A| - [4202] - C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{FFCA0006-BC86-4E5D-BAB4-2320F0E36450} : C:\WINDOWS\system32\msfeedssync.exe [MD5.00000000000000000000000000000000] - [01/10/2017 06:19:44] - |D| - [0] - C:\WINDOWS\Syswow64\Tasks\Microsoft ---------- | Firewall [HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules] "Wininit-Shutdown-In-Rule-TCP-RPC"=v2.26|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%systemroot%\system32\wininit.exe|Name=@firewallapi.dll,-36753|Desc=@firewallapi.dll,-36754|EmbedCtxt=@firewallapi.dll,-36751| "Wininit-Shutdown-In-Rule-TCP-RPC-EPMapper"=v2.26|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC-EPMap|App=%systemroot%\system32\wininit.exe|Name=@firewallapi.dll,-36755|Desc=@firewallapi.dll,-36756|EmbedCtxt=@firewallapi.dll,-36751| "Netlogon-NamedPipe-In"=v2.26|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|Name=@netlogon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010| "Netlogon-TCP-RPC-In"=v2.26|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%SystemRoot%\System32\lsass.exe|Name=@netlogon.dll,-1008|Desc=@netlogon.dll,-1009|EmbedCtxt=@netlogon.dll,-1010| "WirelessDisplay-In-TCP"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10200|Desc=@wifidisplay.dll,-10201|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Out-TCP"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10202|Desc=@wifidisplay.dll,-10203|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Out-UDP"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10204|Desc=@wifidisplay.dll,-10205|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Infra-In-TCP"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=7250|App=%systemroot%\system32\CastSrv.exe|Name=@wifidisplay.dll,-10206|Desc=@wifidisplay.dll,-10207|EmbedCtxt=@wifidisplay.dll,-100| "MDNS-In-UDP"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort2_24=mDNS|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@%SystemRoot%\system32\firewallapi.dll,-37303|Desc=@%SystemRoot%\system32\firewallapi.dll,-37304|EmbedCtxt=@%SystemRoot%\system32\firewallapi.dll,-37302| "MDNS-Out-UDP"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|LPort=5353|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@%SystemRoot%\system32\firewallapi.dll,-37305|Desc=@%SystemRoot%\system32\firewallapi.dll,-37306|EmbedCtxt=@%SystemRoot%\system32\firewallapi.dll,-37302| "{B88F1A44-A201-483A-98DA-A2E2A4EA60F8}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Mozilla Firefox\firefox.exe|Name=Firefox (C:\Program Files\Mozilla Firefox)| "{5FB83C69-8B0C-4DBA-B2EA-1861E3BCE1A4}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Mozilla Firefox\firefox.exe|Name=Firefox (C:\Program Files\Mozilla Firefox)| "{2193625A-687E-41A8-B84C-094428C5EB79}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox|Desc=Xbox|LUOwn=S-1-5-21-2840930965-2178098826-1748127505-1001|AppPkgId=S-1-15-2-4153522205-3718366397-1353898457-1332184198-1210887116-3116787857-2103916698|EmbedCtxt=Xbox|Platform=2:6:2|Platform2=GTEQ| "{7CAD631E-6C41-4A13-9212-3F079B609901}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox|Desc=Xbox|LUOwn=S-1-5-21-2840930965-2178098826-1748127505-1001|AppPkgId=S-1-15-2-4153522205-3718366397-1353898457-1332184198-1210887116-3116787857-2103916698|EmbedCtxt=Xbox|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{D595FB9B-10D4-4DDE-954F-271B223E3BD9}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Autodesk SketchBook|Desc=Autodesk SketchBook|LUOwn=S-1-5-21-2840930965-2178098826-1748127505-1001|AppPkgId=S-1-15-2-1047515161-358678321-1182485124-675918906-21415711-1529155774-789380781|EmbedCtxt=Autodesk SketchBook|Platform=2:6:2|Platform2=GTEQ| "{EBFD9A37-F7EF-47B5-B219-44C07D07244E}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Autodesk SketchBook|Desc=Autodesk SketchBook|LUOwn=S-1-5-21-2840930965-2178098826-1748127505-1001|AppPkgId=S-1-15-2-1047515161-358678321-1182485124-675918906-21415711-1529155774-789380781|EmbedCtxt=Autodesk SketchBook|Platform=2:6:2|Platform2=GTEQ| "{730E2496-83DA-4FAA-A6D6-D1161E0EBE1C}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Store Purchase App|Desc=Store Purchase App|LUOwn=S-1-5-21-2840930965-2178098826-1748127505-1001|AppPkgId=S-1-15-2-2246242352-370130666-2593524754-1827188282-2313440240-2317694540-2761805292|EmbedCtxt=Store Purchase App|Platform=2:6:2|Platform2=GTEQ| "{EF89DC5C-C09E-4931-AD79-18B2F7069B3E}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{A278AB0D.MarchofEmpires_2.7.0.13_x86__h6adky7gbf63m?ms-resource://A278AB0D.MarchofEmpires/Resources/MarchOfEmpires}|Desc=@{A278AB0D.MarchofEmpires_2.7.0.13_x86__h6adky7gbf63m?ms-resource://A278AB0D.MarchofEmpires/Resources/MarchOfEmpires}|LUOwn=S-1-5-21-2840930965-2178098826-1748127505-1001|AppPkgId=S-1-15-2-792116756-2163651165-1029707900-2144380252-3717869303-3061844081-355238664|EmbedCtxt=@{A278AB0D.MarchofEmpires_2.7.0.13_x86__h6adky7gbf63m?ms-resource://A278AB0D.MarchofEmpires/Resources/MarchOfEmpires}|Platform=2:6:2|Platform2=GTEQ| "{A9C502B3-3D6F-4F17-92F6-61512DE6E2D5}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{A278AB0D.MarchofEmpires_2.7.0.13_x86__h6adky7gbf63m?ms-resource://A278AB0D.MarchofEmpires/Resources/MarchOfEmpires}|Desc=@{A278AB0D.MarchofEmpires_2.7.0.13_x86__h6adky7gbf63m?ms-resource://A278AB0D.MarchofEmpires/Resources/MarchOfEmpires}|LUOwn=S-1-5-21-2840930965-2178098826-1748127505-1001|AppPkgId=S-1-15-2-792116756-2163651165-1029707900-2144380252-3717869303-3061844081-355238664|EmbedCtxt=@{A278AB0D.MarchofEmpires_2.7.0.13_x86__h6adky7gbf63m?ms-resource://A278AB0D.MarchofEmpires/Resources/MarchOfEmpires}|Platform=2:6:2|Platform2=GTEQ| "{C23231D2-2351-4E5E-878E-0C9FBFDFC67A}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Minecraft for Windows 10|Desc=Minecraft for Windows 10|LUOwn=S-1-5-21-2840930965-2178098826-1748127505-1001|AppPkgId=S-1-15-2-1958404141-86561845-1752920682-3514627264-368642714-62675701-733520436|EmbedCtxt=Minecraft for Windows 10|Platform=2:6:2|Platform2=GTEQ| "{BA8CD435-0844-4ACF-B816-572CBA7BD150}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Minecraft for Windows 10|Desc=Minecraft for Windows 10|LUOwn=S-1-5-21-2840930965-2178098826-1748127505-1001|AppPkgId=S-1-15-2-1958404141-86561845-1752920682-3514627264-368642714-62675701-733520436|EmbedCtxt=Minecraft for Windows 10|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{50BCC026-1CF6-4E45-A0F2-79533D606812}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{king.com.BubbleWitch3Saga_3.3.2.0_x86__kgqvnymyfvs32?ms-resource://king.com.BubbleWitch3Saga/Resources/AppName}|Desc=@{king.com.BubbleWitch3Saga_3.3.2.0_x86__kgqvnymyfvs32?ms-resource://king.com.BubbleWitch3Saga/Resources/AppName}|LUOwn=S-1-5-21-2840930965-2178098826-1748127505-1001|AppPkgId=S-1-15-2-2480992608-1527340332-3131305588-448447103-1026586663-3117074242-2125591980|EmbedCtxt=@{king.com.BubbleWitch3Saga_3.3.2.0_x86__kgqvnymyfvs32?ms-resource://king.com.BubbleWitch3Saga/Resources/AppName}|Platform=2:6:2|Platform2=GTEQ| "{A4983D16-1CC8-4BD7-8731-C2993B280D86}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Candy Crush Soda Saga|Desc=Candy Crush Soda Saga|LUOwn=S-1-5-21-2840930965-2178098826-1748127505-1001|AppPkgId=S-1-15-2-3055884410-2067824683-223899546-422323478-2359388318-2114876276-1379654078|EmbedCtxt=Candy Crush Soda Saga|Platform=2:6:2|Platform2=GTEQ| "{7C78E9B5-2986-45BF-AFEE-20F1B492F617}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=C:\Program Files\DriversCloud.com\DriversCloud.exe|Name=DriversCloud| "{2FA72C51-4DAB-4DEF-9B94-0B9AD20A3F0E}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=C:\Program Files\DriversCloud.com\DriversCloud.exe|Name=DriversCloud| "{89F8FE19-488F-474E-8E81-7A2C1757904A}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=47984|LPort=47989|LPort=48010|App=C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe|Name=NVIDIA SHIELD Streaming NSS TCP Exception|Desc=TCP exceptions for NVIDIA SHIELD Streaming NSS (HTTP)| "{26649B5F-774B-4037-A475-51A649BB626F}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe|Name=NVIDIA SHIELD Streaming SSAS UDP Exception|Desc=UDP exceptions for NVIDIA SHIELD Streaming SSAS (mDNS)| "{5347B593-E071-403C-B6EC-327B328E915C}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=47998|App=C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe|Name=NVIDIA SHIELD Streaming SSAU UDP Exception|Desc=UDP exceptions for NVIDIA SHIELD Streaming SSAU (NWT)| "{C270C02A-4539-4769-9507-68B953FD93F1}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=47995|LPort=48010|App=C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe|Name=NVIDIA SHIELD Streaming NvStreamer TCP Exception|Desc=TCP exceptions for NVIDIA SHIELD Streaming NvStreamer (RTSP/RI)| "{CFA7F801-C3B1-470C-BFAA-CF26D319F50D}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=47995|LPort=47998|LPort=47999|LPort=48000|LPort=48010|App=C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe|Name=NVIDIA SHIELD Streaming NvStreamer UDP Exception|Desc=UDP exceptions for NVIDIA SHIELD Streaming NvStreamer (RTSP/RI/A/V)| "DeliveryOptimization-TCP-In"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-102|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE| "DeliveryOptimization-UDP-In"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-103|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE| "{B1481458-586C-482F-8F5B-F94F0088A6B8}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Sticky Notes|Desc=Microsoft Sticky Notes|LUOwn=S-1-5-21-2840930965-2178098826-1748127505-1001|AppPkgId=S-1-15-2-3539788797-2700867667-1432428195-1581642-2885308443-3834444517-2495346167|EmbedCtxt=Microsoft Sticky Notes|Platform=2:6:2|Platform2=GTEQ| "{E5E2461B-7263-40D7-9BED-F79CA6D83D7E}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Microsoft Sticky Notes|Desc=Microsoft Sticky Notes|LUOwn=S-1-5-21-2840930965-2178098826-1748127505-1001|AppPkgId=S-1-15-2-3539788797-2700867667-1432428195-1581642-2885308443-3834444517-2495346167|EmbedCtxt=Microsoft Sticky Notes|Platform=2:6:2|Platform2=GTEQ| "{01D2E465-D90C-4F79-AF20-3F91A677FB15}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-2840930965-2178098826-1748127505-1001|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ| "{34A06FEF-096F-473E-867C-134CE8EBFC74}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-2840930965-2178098826-1748127505-1001|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ| "{48552F86-AD16-4BDE-A64B-D3ED16DA9531}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-2840930965-2178098826-1748127505-1001|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ| "TCP Query User{BC316455-3C79-42B9-B816-6725FEC59528}C:\program files (x86)\ubisoft\ubisoft game launcher\games\forhonor\forhonor.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=C:\program files (x86)\ubisoft\ubisoft game launcher\games\forhonor\forhonor.exe|Name=ForHonor|Desc=ForHonor|Defer=User| "UDP Query User{8EAE761B-C8A8-4570-921E-B8AF3A1CB6F1}C:\program files (x86)\ubisoft\ubisoft game launcher\games\forhonor\forhonor.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=C:\program files (x86)\ubisoft\ubisoft game launcher\games\forhonor\forhonor.exe|Name=ForHonor|Desc=ForHonor|Defer=User| ---------- | Control\Class [HKLM\SYSTEM\CurrentControlSet\Control\Class\{05f5cfe2-4733-4950-a6bb-07aad01a3a84}] : (XboxComposite) [] -> @dc1-controller.inf,%ClassName%;Xbox Peripherals [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1264760F-A5C8-4BFE-B314-D56A7B44A362}] : (DXGKrnl) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{13e42dfa-85d9-424d-8646-28a70f864f9c}] : (RemotePosDevice) [] -> @remoteposdrv.inf,%ClassName%;POS Remote Device [HKLM\SYSTEM\CurrentControlSet\Control\Class\{14b62f50-3f15-11dd-ae16-0800200c9a66}] : (DigitalMediaDevices) [] -> @digitalmediadevice.inf,%ClassName%;Digital Media Devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}] : (PrintQueue) [] -> @printqueue.inf,%ClassName%;Print queues [HKLM\SYSTEM\CurrentControlSet\Control\Class\{25dbce51-6c8f-4a72-8a6d-b54c2b4fc835}] : (WCEUSBS) [] -> @%SystemRoot%\System32\SysClass.Dll,-3026 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{268c95a1-edfe-11d3-95c3-0010dc4050a5}] : (Security Accelerator) [] -> @c_sslaccel.inf,%ClassName%;Security accelerators [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2a9fe532-0cdc-44f9-9827-76192f2ca2fb}] : (HidMsr) [] -> @c_magneticstripereader.inf,%ClassName%;POS HID Magnetic Stripe Reader [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2db15374-706e-4131-a0c7-d7c78eb0289a}] : (SystemRecovery) [] -> @c_fssystemrecovery.inf,%ClassDesc%;FS System recovery filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B648}] : (fvevol) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B649}] : (fvevol) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{36fc9e60-c465-11cf-8056-444553540000}] : (USB) [] -> @%SystemRoot%\System32\SysClass.Dll,-3025 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3e3f0674-c83c-4558-bb26-9820e1eba5c5}] : (ContentScreener) [] -> @c_fscontentscreener.inf,%ClassDesc%;FS Content screener filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{43675d81-502a-4a82-9f84-b75f418c5dea}] : (Media Center Extender) [] -> @c_mcx.inf,%ClassDesc%;Media Center Extenders [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4658ee7e-f050-11d1-b6bd-00c04fa372a7}] : (PnpPrinters) [] -> @%SystemRoot%\system32\ntprint.dll,-1300 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{48721b56-6795-11d2-b1a8-0080c72e74a2}] : (Dot4) [] -> @%SystemRoot%\system32\sysclass.dll,-3023 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{48d3ebc4-4cf8-48ff-b869-9c68ad42eb9f}] : (Replication) [] -> @c_fsreplication.inf,%ClassDesc%;FS Replication filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{49ce6ac8-6f86-11d2-b1e5-0080c72e74a2}] : (Dot4Print) [] -> @%SystemRoot%\system32\sysclass.dll,-3024 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e965-e325-11ce-bfc1-08002be10318}] : (CDROM) [] -> @%SystemRoot%\System32\StorProp.dll,-17001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e966-e325-11ce-bfc1-08002be10318}] : (Computer) [] -> @%SystemRoot%\System32\SysClass.dll,-3000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}] : (DiskDrive) [] -> @c_diskdrive.inf,%ClassDesc%;Disk drives [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}] : (Display) [] -> @%SystemRoot%\System32\DispCI.dll,-3100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e969-e325-11ce-bfc1-08002be10318}] : (FDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3013 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96a-e325-11ce-bfc1-08002be10318}] : (HDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96b-e325-11ce-bfc1-08002be10318}] : (Keyboard) [] -> @%SystemRoot%\System32\SysClass.Dll,-3002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96c-e325-11ce-bfc1-08002be10318}] : (MEDIA) [] -> @%SystemRoot%\System32\mmci.dll,-3000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}] : (Modem) [] -> @%SystemRoot%\System32\mdminst.dll,-14100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96e-e325-11ce-bfc1-08002be10318}] : (Monitor) [] -> @c_monitor.inf,%ClassDesc%;Monitors [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96f-e325-11ce-bfc1-08002be10318}] : (Mouse) [] -> @%SystemRoot%\System32\SysClass.Dll,-3004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e970-e325-11ce-bfc1-08002be10318}] : (MTD) [] -> @%SystemRoot%\System32\SysClass.Dll,-3021 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e971-e325-11ce-bfc1-08002be10318}] : (MultiFunction) [] -> @%SystemRoot%\System32\SysClass.Dll,-3014 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}] : (Net) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1502 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e973-e325-11ce-bfc1-08002be10318}] : (NetClient) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1504 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e974-e325-11ce-bfc1-08002be10318}] : (NetService) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1505 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e975-e325-11ce-bfc1-08002be10318}] : (NetTrans) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1503 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e977-e325-11ce-bfc1-08002be10318}] : (PCMCIA) [] -> @%SystemRoot%\System32\SysClass.Dll,-3010 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e978-e325-11ce-bfc1-08002be10318}] : (Ports) [] -> @%SystemRoot%\System32\msports.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e979-e325-11ce-bfc1-08002be10318}] : (Printer) [] -> @%SystemRoot%\system32\ntprint.dll,-1004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97b-e325-11ce-bfc1-08002be10318}] : (SCSIAdapter) [] -> @%SystemRoot%\System32\SysClass.Dll,-3005 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97d-e325-11ce-bfc1-08002be10318}] : (System) [] -> @%SystemRoot%\System32\SysClass.Dll,-3008 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97e-e325-11ce-bfc1-08002be10318}] : (Unknown) [] -> @%SystemRoot%\System32\SysClass.Dll,-3009 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e980-e325-11ce-bfc1-08002be10318}] : (FloppyDisk) [] -> @%SystemRoot%\System32\SysClass.Dll,-3015 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50127dc3-0f36-415e-a6cc-4cb3be910b65}] : (Processor) [] -> @c_processor.inf,%ClassDesc%;Processors [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50906cb8-ba12-11d1-bf5d-0000f805f530}] : (MultiPortSerial) [] -> @%SystemRoot%\system32\sysclass.dll,-3022 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5099944a-f6b9-4057-a056-8c550228544c}] : (Memory) [] -> @%SystemRoot%\System32\SysClass.Dll,-3018 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50dd5230-ba8a-11d1-bf5d-0000f805f530}] : (SmartCardReader) [] -> @%SystemRoot%\System32\StorProp.dll,-17002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5175d334-c371-4806-b3ba-71fd53c9258d}] : (Sensor) [] -> @%SystemRoot%\system32\SensorsCpl.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{533c5b84-ec70-11d2-9505-00c04f79deaf}] : (VolumeSnapshot) [] -> @%SystemRoot%\System32\SysClass.Dll,-3011 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53966cb1-4d46-4166-bf23-c522403cd495}] : (ScmDisk) [] -> @c_scmdisk.inf,%ClassDesc%;Persistent memory disks [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53ccb149-e543-4c84-b6e0-bce4f6b7e806}] : (ScmVolume) [] -> @c_scmvolume.inf,%ClassDesc%;Storage Class Memory volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53d29ef7-377c-4d14-864b-eb3a85769359}] : (Biometric) [] -> @%SystemRoot%\System32\SysClass.DLL,-3028 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5630831c-06c9-4856-b327-f5d32586e060}] : (Proximity) [] -> @c_proximity.inf,%ClassDesc%;Proximity devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5989fce8-9cd0-467d-8a6a-5419e31529d4}] : (AudioProcessingObject) [] -> @c_apo.inf,%ClassDesc%;Audio Processing Objects (APOs) [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5c4c3332-344d-483c-8739-259e934c9cc8}] : (SoftwareComponent) [] -> @c_swcomponent.inf,%ClassDesc%;Software components [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5d1b9aaa-01e2-46af-849f-272b3f324c46}] : (FSFilterSystem) [] -> @c_fssystem.inf,%ClassDesc%;FS System filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{62f9c741-b25a-46ce-b54c-9bccce08b6f2}] : (SoftwareDevice) [] -> @c_swdevice.inf,%ClassDesc%;Software devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{678dcf40-e2e6-11d5-8cd5-e960089ea00a}] : (Programming Support) [] -> @oem19.inf,%CLASSNAME%;Programming Support [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6a0a8e78-bba6-4fc4-a709-1e33cd09d67e}] : (PhysicalQuotaManagement) [] -> @c_fsphysicalquotamgmt.inf,%ClassDesc%;FS Physical quota management filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc1-810f-11d0-bec7-08002be2092f}] : (1394) [] -> @%SystemRoot%\System32\SysClass.Dll,-3016 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc5-810f-11d0-bec7-08002be2092f}] : (Infrared) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1501 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc6-810f-11d0-bec7-08002be2092f}] : (Image) [] -> @%SystemRoot%\system32\sti_ci.dll,-52 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6d807884-7d21-11cf-801c-08002be10318}] : (TapeDrive) [] -> @%SystemRoot%\System32\SysClass.Dll,-3006 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6FAE73B7-B735-4B50-A0DA-0DC2484B1F1A}] : (BasicDisplay) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{71a27cdd-812a-11d0-bec7-08002be2092f}] : (Volume) [] -> @c_volume.inf,%ClassDesc%;Storage volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{71aa14f8-6fad-4622-ad77-92bb9d7e6947}] : (ContinuousBackup) [] -> @c_fscontinuousbackup.inf,%ClassDesc%;FS Continuous backup filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{72631e54-78a4-11d0-bcf7-00aa00b7b32a}] : (Battery) [] -> @%SystemRoot%\system32\powrprof.dll,-611 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{745a17a0-74d3-11d0-b6fe-00a0c90f57da}] : (HIDClass) [] -> @%SystemRoot%\System32\hid.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{772e18f2-8925-4229-a5ac-6453cb482fda}] : (HidCashDrawer) [] -> @c_cashdrawer.inf,%ClassName%;POS Cash Drawer [HKLM\SYSTEM\CurrentControlSet\Control\Class\{7ebefbc0-3200-11d2-b4c2-00a0c9697d07}] : (61883) [] -> @%SystemRoot%\System32\SysClass.Dll,-3019 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{81C87465-DE07-4EFC-9D93-61E891D52FD2}] : (RdpVideoMiniport) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8503c911-a6c7-4919-8f79-5028f5866b0c}] : (QuotaManagement) [] -> @c_fsquotamgmt.inf,%ClassDesc%;FS Quota management filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{88a1c342-4539-11d3-b88d-00c04fad5171}] : (TS_Generic) [] -> @ts_generic.inf,%TSClassName%;Generic Remote Desktop devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{88bae032-5a81-49f0-bc3d-a4ff138216d6}] : (USBDevice) [] -> @%SystemRoot%\System32\SysClass.Dll,-3029 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{89786ff1-9c12-402f-9c9e-17753c7f4375}] : (CopyProtection) [] -> @c_fscopyprotection.inf,%ClassDesc%;FS Copy protection filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8ecc055d-047f-11d1-a537-0000f8753ed1}] : (LegacyDriver) [] -> @%SystemRoot%\System32\SysClass.Dll,-3003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{990a2bd7-e738-46c7-b26f-1cf8fb9f1391}] : (SmartCard) [] -> @%SystemRoot%\System32\SysClass.DLL,-3031 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{9d6d66a6-0b0c-4563-9077-a0e9a7955ae4}] : (Ramdisk) [] -> @ramdisk.inf,%ClassName%;RAM Disk drives [HKLM\SYSTEM\CurrentControlSet\Control\Class\{9da2b80f-f89f-4a49-a5c2-511b085b9e8a}] : (EhStorSilo) [] -> @rawsilo.inf,%ClassName%;IEEE 1667 silo and control devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a588a4-c46f-4b37-b7ea-c82fe89870c6}] : (SDHost) [] -> @%SystemRoot%\System32\SysClass.Dll,-3012 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a701c0-a511-42ff-aa6c-06dc0395576f}] : (Encryption) [] -> @c_fsencryption.inf,%ClassDesc%;FS Encryption filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{A3E32DBA-BA89-4F17-8386-2D0127FBD4CC}] : (rdpbus) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{A73C93F1-9727-4D1D-ACE1-0E333BA4E7DB}] : (nvlddmkm) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b1d1a169-c54f-4379-81db-bee7d88d7454}] : (AntiVirus) [] -> @c_fsantivirus.inf,%ClassDesc%;FS Anti-virus filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b86dff51-a31e-4bac-b3cf-e8cfe75c9fc2}] : (ActivityMonitor) [] -> @c_fsactivitymonitor.inf,%ClassDesc%;FS Activity monitor filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{bbbe8734-08fa-4966-b6a6-4e5ad010cdd7}] : (USBFunctionController) [] -> @%SystemRoot%\System32\SysClass.Dll,-3030 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c06ff265-ae09-48f0-812c-16753d7cba83}] : (AVC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3027 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c166523c-fe0c-4a94-a586-f1a80cfbbf3e}] : (AudioEndpoint) [] -> @audioendpoint.inf,%ClassName%;Audio inputs and outputs [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c243ffbd-3afc-45e9-b3d3-2ba18bc7ebc5}] : (BarcodeScanner) [] -> @c_barcodescanner.inf,%ClassName%;POS Barcode Scanner [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c30ecea0-11ef-4ef9-b02e-6af81e6e65c0}] : (WSDPrintDevice) [] -> @wsdprint.inf,%ClassName%;WSD Print Provider [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c7bc9b22-21f0-4f0d-9bb6-66c229b8cd33}] : (POSPrinter) [] -> @c_receiptprinter.inf,%ClassName%;POS Receipt Printer [HKLM\SYSTEM\CurrentControlSet\Control\Class\{cdcf0939-b75b-4630-bf76-80f7ba655884}] : (CFSMetadataServer) [] -> @c_fscfsmetadataserver.inf,%ClassDesc%;FS CFS metadata server filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{ce5939ae-ebde-11d0-b181-0000f8753ec4}] : (MediumChanger) [] -> @%SystemRoot%\System32\StorProp.dll,-17003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d02bc3da-0c8e-4945-9bd5-f1883c226c8c}] : (SecurityEnhancer) [] -> @c_fssecurityenhancer.inf,%ClassDesc%;FS Security enhancer filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d421b08e-6d16-41ca-9c4d-9147e5ac98e0}] : (Miracast) [] -> @miradisp.inf,%ClassName%;Miracast display devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d48179be-ec20-11d1-b6b8-00c04fa372a7}] : (SBP2) [] -> @%SystemRoot%\System32\SysClass.Dll,-3017 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d546500a-2aeb-45f6-9482-f4b1799c3177}] : (HSM) [] -> @c_fshsm.inf,%ClassDesc%;FS HSM filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d61ca365-5af4-4486-998b-9db4734c6ca3}] : (XnaComposite) [] -> @xusb22.inf,%XUSB22.ClassName%;Xbox 360 Peripherals [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d94ee5d8-d189-4994-83d2-f68d7d41b0e6}] : (SecurityDevices) [] -> @%SystemRoot%\System32\SysClass.Dll,-3020 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{db4f6ddd-9c0e-45e4-9597-78dbbad0f412}] : (SmartCardFilter) [] -> @%SystemRoot%\System32\SysClass.DLL,-3032 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{dd18574c-b785-4e3c-a74f-8bc4990d790b}] : (USBKCXTRLER) [] -> @oem11.inf,%USBKCXTRLER%;Universal Serial Bus Keyboard Controllers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e0cbf06c-cd8b-4647-bb8a-263b43f0f974}] : (Bluetooth) [] -> @%SystemRoot%\system32\bthci.dll,-4001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e2f84ce7-8efa-411c-aa69-97454ca4cb57}] : (Extension) [] -> @c_extension.inf,%ClassDesc%;Extensions [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e55fa6f9-128c-4d04-abab-630c74b1453a}] : (Infrastructure) [] -> @c_fsinfrastructure.inf,%ClassDesc%;FS Infrastructure filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{eec5ad98-8080-425f-922a-dabf3de3f69a}] : (WPD) [] -> @%SystemRoot%\System32\wpd_ci.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f2e7dd72-6468-4e36-b6f1-6488f42c1b52}] : (Firmware) [] -> @c_firmware.inf,%ClassDesc%;Firmware [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f3586baf-b5aa-49b5-8d6c-0569284c639f}] : (Compression) [] -> @c_fscompression.inf,%ClassDesc%;FS Compression filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f75a86c0-10d8-4c3a-b233-ed60e4cdfaac}] : (Virtualization) [] -> @c_fsvirtualization.inf,%ClassDesc%;FS Virtualization filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f8ecafa6-66d1-41a5-899b-66585d7216b7}] : (OpenFileBackup) [] -> @c_fsopenfilebackup.inf,%ClassDesc%;FS Open file backup filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{fe8f1572-c67a-48c0-bbac-0b5c6d66cafb}] : (Undelete) [] -> @c_fsundelete.inf,%ClassDesc%;FS Undelete filters [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5] -> elstrans.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) ---------- | Loaded modules (whitelist) [22/01/2016 19:10:00] - (4.1.4.51) - (Rivet Networks, LLC. - Killer Bandwidth Control Filter Driver) - C:\WINDOWS\system32\DRIVERS\bwcW10x64.sys [01/10/2015 14:24:22] - (7.0.45.2) - (Saitek - Smart Technology Helpers) - C:\WINDOWS\system32\drivers\SaiBus.sys [19/04/2017 05:09:12] - (1.16.47.2) - (ASMedia Technology Inc - ASMedia xHCI Host Controller Driver) - C:\WINDOWS\System32\drivers\asmtxhci.sys [01/10/2017 00:14:48] - (22.21.13.8569) - (NVIDIA Corporation - NVIDIA Windows Kernel Mode Driver, Version 385.69) - C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_63f40b686fe9309f\nvlddmkm.sys [08/10/2015 02:02:14] - (8.1.0.31) - (Qualcomm Atheros, Inc. - Killer e2200 PCI-E Gigabit Ethernet Controller) - C:\WINDOWS\System32\drivers\e22w10x64.sys [01/10/2017 00:14:50] - (3.90.1.0) - (NVIDIA Corporation - NVIDIA Virtual Audio Driver) - C:\WINDOWS\system32\drivers\nvvad64v.sys [01/10/2017 00:15:05] - (202.0.0.0) - (NVIDIA Corporation - Virtual USB Host Controller driver) - C:\WINDOWS\System32\drivers\nvvhci.sys [14/04/2017 04:40:30] - (1.0.2014.217) - (FINTEK Corp. - FINTEK Corp. FitGpBus Device Driver) - C:\WINDOWS\system32\drivers\I2cHkBurn.sys [01/10/2015 14:24:24] - (7.0.45.2) - (Saitek - Saitek Magic Mini Driver) - C:\WINDOWS\System32\drivers\SaiMini.sys [04/01/2017 15:19:32] - (1.3.34.27) - (NVIDIA Corporation - NVIDIA HDMI Audio Driver) - C:\WINDOWS\system32\drivers\nvhda64v.sys [30/09/2017 22:16:28] - (6.10.0.8) - (Creative Technology Ltd. - Creative Audio Driver) - C:\WINDOWS\system32\drivers\MBfilt64.sys [19/04/2017 05:09:10] - (1.16.47.2) - (ASMedia Technology Inc - ASMedia USB3 Hub Driver) - C:\WINDOWS\System32\drivers\asmthub3.sys [01/10/2015 14:24:22] - (7.0.45.2) - (Saitek - Saitek Usb Driver) - C:\WINDOWS\System32\drivers\_usb_0738_1708.sys [01/10/2015 14:24:22] - (7.0.45.2) - (Saitek - Saitek Hid Driver) - C:\WINDOWS\system32\DRIVERS\_hid_0738_1708.sys [13/09/2017 15:23:39] - (5.1.2.252) - (Adobe Systems Incorporated - Windows NT OpenType/Type 1 Font Driver) - C:\WINDOWS\System32\ATMFD.DLL [30/09/2017 22:39:07] - (2.0.0.4) - (MSI - NTIOLib_FastBoot Driver) - C:\Program Files (x86)\MSI\Fast Boot\NTIOLib_X64.sys [30/09/2017 22:13:29] - (0.0.0.0) - ( -) - C:\WINDOWS\system32\drivers\mbae64.sys [30/09/2017 23:14:42] - (1.0.0.0) - (MSI - NTIOLib for MSIDDR_CC) - C:\Program Files (x86)\MSI\Command Center\DDR\NTIOLib_X64.sys [30/09/2017 23:16:01] - (2.0.0.6) - (MSI - NTIOLib_MBAPI Driver) - C:\Program Files (x86)\MSI\Gaming APP\Lib\NTIOLib_X64.sys ---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service S0 - [Kernel Driver] - 3ware () -> System32\drivers\3ware.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - ACPI (@acpi.inf,%ACPI.SvcDesc%;Microsoft ACPI Driver) -> System32\drivers\ACPI.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - acpiex (Microsoft ACPIEx Driver) -> System32\Drivers\acpiex.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - ADP80XX () -> System32\drivers\ADP80XX.SYS - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdsata () -> System32\drivers\amdsata.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdsbs () -> System32\drivers\amdsbs.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdxata () -> System32\drivers\amdxata.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - arcsas (@arcsas.inf,%arcsas_ServiceName%;Adaptec SAS/SATA-II RAID Storport's Miniport Driver) -> System32\drivers\arcsas.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - atapi (@mshdc.inf,%idechannel.DeviceDesc%;IDE Channel) -> System32\drivers\atapi.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - b06bdrv (@netbvbda.inf,%vbd_srv_desc%;QLogic Network Adapter VBD) -> System32\drivers\bxvbda.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - CLFS (@%SystemRoot%\system32\drivers\clfs.sys,-100) -> System32\drivers\CLFS.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - CNG () -> System32\Drivers\cng.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - disk (@disk.inf,%disk_ServiceDesc%;Disk Driver) -> System32\drivers\disk.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - ebdrv (@netevbda.inf,%vbd_srv_desc%;QLogic 10 Gigabit Ethernet Adapter VBD) -> System32\drivers\evbda.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - EhStorClass (@%SystemRoot%\system32\drivers\EhStorClass.sys,-100) -> System32\drivers\EhStorClass.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - EhStorTcgDrv (@EhStorTcgDrv.inf,%EhStorTcgDrv.Desc%;Microsoft driver for storage devices supporting IEEE 1667 and TCG protocols) -> System32\drivers\EhStorTcgDrv.sys - AcceptPause: False - AcceptStop: False R0 - [File System Driver] - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) -> System32\drivers\fileinfo.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) -> system32\drivers\fltmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) -> System32\DRIVERS\fvevol.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - HpSAMD () -> System32\drivers\HpSAMD.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) -> System32\drivers\hwpolicy.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - iaStorAV (@iastorav.inf,%iaStorAV.DeviceDesc%;Intel(R) SATA RAID Controller Windows) -> System32\drivers\iaStorAV.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - iaStorV (@iastorv.inf,%*PNP0600.DeviceDesc%;Intel RAID Controller Windows 7) -> System32\drivers\iaStorV.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - intelide () -> System32\drivers\intelide.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - intelpep (@intelpep.inf,%INTELPEP.SVCDESC%;Intel(R) Power Engine Plug-in Driver) -> System32\drivers\intelpep.sys - AcceptPause: False - AcceptStop: True R0 - [Unknown] - iorate (@%SystemRoot%\system32\drivers\iorate.sys,-100) -> system32\drivers\iorate.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - isapnp () -> System32\drivers\isapnp.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - KSecDD () -> System32\Drivers\ksecdd.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - KSecPkg () -> System32\Drivers\ksecpkg.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - LSI_SAS () -> System32\drivers\lsi_sas.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SAS2i () -> System32\drivers\lsi_sas2i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SAS3i () -> System32\drivers\lsi_sas3i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SSS () -> System32\drivers\lsi_sss.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasas () -> System32\drivers\megasas.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasas2i () -> System32\drivers\MegaSas2i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasr () -> System32\drivers\megasr.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) -> System32\drivers\mountmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - msisadrv () -> System32\drivers\msisadrv.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - Mup (@%systemroot%\system32\drivers\mup.sys,-101) -> System32\Drivers\mup.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - mvumis () -> System32\drivers\mvumis.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) -> system32\drivers\ndis.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - nvraid () -> System32\drivers\nvraid.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - nvstor () -> System32\drivers\nvstor.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) -> System32\drivers\partmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - pci (@pci.inf,%pci_svcdesc%;PCI Bus Driver) -> System32\drivers\pci.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - pciide () -> System32\drivers\pciide.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - pcmcia () -> System32\drivers\pcmcia.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - pcw (Performance Counters for Windows Driver) -> System32\drivers\pcw.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - pdc (@%SystemRoot%\system32\drivers\pdc.sys,-100) -> system32\drivers\pdc.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - percsas2i () -> System32\drivers\percsas2i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - percsas3i () -> System32\drivers\percsas3i.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - rdyboost (ReadyBoost) -> System32\drivers\rdyboost.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - sbp2port (@sbp2.inf,%sbp2_ServiceDesc%;SBP-2 Transport/Protocol Bus Driver) -> System32\drivers\sbp2port.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - scmbus (@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver) -> System32\drivers\scmbus.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - SiSRaid2 () -> System32\drivers\SiSRaid2.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - SiSRaid4 () -> System32\drivers\sisraid4.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - spaceport (@spaceport.inf,%Spaceport_ServiceDesc%;Storage Spaces Driver) -> System32\drivers\spaceport.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - stexstor () -> System32\drivers\stexstor.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - storahci (@mshdc.inf,%storahci_ServiceDescription%;Microsoft Standard SATA AHCI Driver) -> System32\drivers\storahci.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - storflt (@wstorflt.inf,%service_desc%;Microsoft Hyper-V Storage Accelerator) -> System32\drivers\vmstorfl.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - stornvme (@stornvme.inf,%StorNVMe_ServiceDesc%;Microsoft Standard NVM Express Driver) -> System32\drivers\stornvme.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storufs (@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver) -> System32\drivers\storufs.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storvsc () -> System32\drivers\storvsc.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - Tcpip (@%SystemRoot%\system32\tcpipcfg.dll,-50003) -> System32\drivers\tcpip.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - vdrvroot (@vdrvroot.inf,%vdrvroot_svcdesc%;Microsoft Virtual Drive Enumerator) -> System32\drivers\vdrvroot.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - vmbus (@wvmbus.inf,%vmbus.SVCDESC%;Virtual Machine Bus) -> System32\drivers\vmbus.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - volmgr (@volmgr.inf,%volmgr_svcdesc%;Volume Manager Driver) -> System32\drivers\volmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) -> System32\drivers\volmgrx.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volsnap (@%SystemRoot%\system32\drivers\volsnap.sys,-100) -> System32\drivers\volsnap.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volume (@volume.inf,%VolumeServiceDesc%;Volume driver) -> System32\drivers\volume.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - vsmraid () -> System32\drivers\vsmraid.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - VSTXRAID (@vstxraid.inf,%Driver.DeviceDesc%;VIA StorX Storage RAID Controller Windows Driver) -> System32\drivers\vstxraid.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - WdBoot (@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-390) -> system32\drivers\WdBoot.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) -> system32\drivers\Wdf01000.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - WdFilter (@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-330) -> system32\drivers\WdFilter.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WFPLWFS (@%SystemRoot%\System32\drivers\wfplwfs.sys,-6000) -> System32\drivers\wfplwfs.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WindowsTrustedRT (Windows Trusted Execution Environment Class Extension) -> system32\drivers\WindowsTrustedRT.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WindowsTrustedRTProxy (@WindowsTrustedRTProxy.inf,%WindowsTrustedRTProxy.SVCDESC%;Microsoft Windows Trusted Runtime Secure Service) -> System32\drivers\WindowsTrustedRTProxy.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - Wof (Windows Overlay File System Filter Driver) -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) -> \SystemRoot\system32\drivers\afd.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - ahcache (@%systemroot%\system32\drivers\ahcache.sys,-102) -> system32\DRIVERS\ahcache.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - BasicDisplay () -> \SystemRoot\System32\drivers\BasicDisplay.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - BasicRender () -> \SystemRoot\System32\drivers\BasicRender.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Beep (Beep) -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - BfLwf (@oem2.inf,%BfLwf_Desc%;Killer Bandwidth Control) -> \SystemRoot\system32\DRIVERS\bwcW10x64.sys - AcceptPause: False - AcceptStop: True S1 - [Kernel Driver] - cdrom (@cdrom.inf,%cdrom_ServiceDesc%;CD-ROM Driver) -> \SystemRoot\System32\drivers\cdrom.sys - AcceptPause: False - AcceptStop: False R1 - [Kernel Driver] - CSC (@%systemroot%\system32\cscsvc.dll,-202) -> system32\drivers\csc.sys - AcceptPause: False - AcceptStop: True S1 - [Kernel Driver] - dam (@%SystemRoot%\system32\drivers\dam.sys,-100) -> system32\drivers\dam.sys - AcceptPause: False - AcceptStop: False R1 - [File System Driver] - Dfsc (@%systemroot%\system32\wkssvc.dll,-1008) -> System32\Drivers\dfsc.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - FileCrypt (@%systemroot%\system32\drivers\filecrypt.sys,-100) -> system32\drivers\filecrypt.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - GpuEnergyDrv (@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100) -> System32\drivers\gpuenergydrv.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - Msfs () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - mssmbios (@mssmbios.inf,%mssmbios_svcdesc%;Microsoft System Management BIOS Driver) -> \SystemRoot\System32\drivers\mssmbios.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - NetBIOS (@%windir%\system32\drivers\netbios.sys,-503) -> system32\drivers\netbios.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - NetBT (@%SystemRoot%\system32\drivers\netbt.sys,-2) -> System32\DRIVERS\netbt.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - Npfs () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - npsvctrig (@npsvctrig.inf,%NPSVCTRIG.SvcDisplayName%;Named pipe service trigger provider) -> \SystemRoot\System32\drivers\npsvctrig.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) -> system32\drivers\nsiproxy.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Null () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Psched (@%windir%\System32\drivers\pacer.sys,-101) -> System32\drivers\pacer.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) -> system32\DRIVERS\rdbss.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) -> \SystemRoot\system32\DRIVERS\tdx.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - vwififlt (@%SystemRoot%\System32\drivers\vwififlt.sys,-259) -> System32\drivers\vwififlt.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - ESProtectionDriver (Malwarebytes Anti-Exploit) -> \??\C:\WINDOWS\system32\drivers\mbae64.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - MpKsl7b42a5c2 () -> \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D3CD1B6F-6393-4EC2-9C0C-215A57856C14}\MpKsl7b42a5c2.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - clreg (@%SystemRoot%\system32\drivers\registry.sys,-100) -> \SystemRoot\System32\drivers\registry.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - lltdio (@%SystemRoot%\system32\lltdres.dll,-6) -> system32\drivers\lltdio.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) -> \SystemRoot\system32\drivers\luafv.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - MBAMChameleon (MBAMChameleon) -> \SystemRoot\system32\drivers\MBAMChameleon.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - MMCSS (@%systemroot%\system32\drivers\mmcss.sys,-100) -> \SystemRoot\system32\drivers\mmcss.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - mrxsmb10 (@%systemroot%\system32\wkssvc.dll,-1004) -> system32\DRIVERS\mrxsmb10.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - MsLldp (@%SystemRoot%\system32\drivers\mslldp.sys,-200) -> system32\drivers\mslldp.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - PEAUTH (PEAUTH) -> system32\drivers\peauth.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - rspndr (@%SystemRoot%\system32\lltdres.dll,-5) -> system32\drivers\rspndr.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - srv (@%systemroot%\system32\srvsvc.dll,-102) -> System32\DRIVERS\srv.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - storqosflt (@%SystemRoot%\System32\drivers\storqosflt.sys,-101) -> system32\drivers\storqosflt.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - tcpipreg (TCP/IP Registry Compatibility) -> System32\drivers\tcpipreg.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - wanarp (@%systemroot%\system32\mprmsg.dll,-32011) -> System32\DRIVERS\wanarp.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - wcifs (@%systemroot%\system32\drivers\wcifs.sys,-100) -> \SystemRoot\system32\drivers\wcifs.sys - AcceptPause: False - AcceptStop: True ---------- | System files (Microsoft|Avast|Atheros|Adaptec|Brother|Intel Files whitelisted) ---------- | Uninstall ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Mozilla Firefox 56.0 (x64 fr)] : (Mozilla Firefox 56.0 (x64 fr).-.Mozilla) -> "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MozillaMaintenanceService] : (Mozilla Maintenance Service.-.Mozilla) -> "C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe" [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Total Uninstall 6_is1] : (Total Uninstall 6.21.0.-.Gavrila Martau) -> "C:\Program Files\Total Uninstall 6\unins000.exe" ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\VulkanRT1.0.54.1] : (Vulkan Run Time Libraries 1.0.54.1.-.LunarG, Inc.) -> C:\Program Files (x86)\VulkanRT\1.0.54.1\UninstallVulkanRT.exe [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1] : (Malwarebytes version 3.2.2.2029.-.Malwarebytes) -> "C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe" /LOG ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{51B5A084-A40D-4F4B-90AA-EF8354EA7D96}] : (Killer Network Manager.-.Rivet Networks) -> MsiExec.exe /X{51B5A084-A40D-4F4B-90AA-EF8354EA7D96} ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{5B7A2B7B-CEA9-4E50-B0E4-E82F204CBE78}] : (Killer Bandwidth Control Filter Driver.-.Rivet Networks) -> MsiExec.exe /X{5B7A2B7B-CEA9-4E50-B0E4-E82F204CBE78} ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{77C95134-CA2D-4614-9C86-55B7A6A281AA}] : (Killer E220x Drivers.-.Rivet Networks) -> MsiExec.exe /X{77C95134-CA2D-4614-9C86-55B7A6A281AA} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{8B044631-6E1E-4A0B-8E7F-8CB932CC660F}] : (DriversCloud.com (64 bits).-.Cybelsoft) -> MsiExec.exe /X{8B044631-6E1E-4A0B-8E7F-8CB932CC660F} ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel] : (Ansel.-.NVIDIA Corporation) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision] : (NVIDIA Pilote 3D Vision 385.69.-.NVIDIA Corporation) -> "C:\WINDOWS\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.3DVision ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel] : (Panneau de configuration NVIDIA 385.69.-.NVIDIA Corporation) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver] : (NVIDIA Pilote graphique 385.69.-.NVIDIA Corporation) -> "C:\WINDOWS\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.Driver [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience] : (NVIDIA GeForce Experience 3.9.0.61.-.NVIDIA Corporation) -> "C:\WINDOWS\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.GFExperience [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB] : (NVIDIA Pilote du contrôleur 3D Vision 369.04.-.NVIDIA Corporation) -> "C:\WINDOWS\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.NVIRUSB ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus] : (NVIDIA Optimus Update 28.0.0.0.-.NVIDIA Corporation) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX] : (NVIDIA Logiciel système PhysX 9.17.0524.-.NVIDIA Corporation) -> "C:\WINDOWS\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.PhysX ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update] : (Mises à jour NVIDIA 28.0.0.0.-.NVIDIA Corporation) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv] : (NVIDIA SHIELD Streaming.-.NVIDIA Corporation) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver] : (NVIDIA Pilote audio HD : 1.3.34.27.-.NVIDIA Corporation) -> "C:\WINDOWS\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage HDAudio.Driver ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer] : (NVIDIA Install Application.-.NVIDIA Corporation) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvBackend] : (NVIDIA Backend.-.NVIDIA Corporation) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer] : (NVIDIA Container.-.NVIDIA Corporation) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.ContainerTelemetryApiHelper] : (NVIDIA TelemetryApi helper for NvContainer.-.NVIDIA Corporation) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.LocalSystem] : (NVIDIA LocalSystem Container.-.NVIDIA Corporation) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.MessageBus] : (NVIDIA Message Bus for NvContainer.-.NVIDIA Corporation) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NetworkService] : (NVIDIA NetworkService Container.-.NVIDIA Corporation) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.Session] : (NVIDIA Session Container.-.NVIDIA Corporation) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.User] : (NVIDIA User Container.-.NVIDIA Corporation) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainer] : (NVIDIA Display Container.-.NVIDIA Corporation) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainerLS] : (NVIDIA Display Container LS.-.NVIDIA Corporation) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayPluginWatchdog] : (NVIDIA Display Watchdog Plugin.-.NVIDIA Corporation) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplaySessionContainer] : (NVIDIA Display Session Container.-.NVIDIA Corporation) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs] : (NVIDIA NodeJS.-.NVIDIA Corporation) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvPlugin.Watchdog] : (NVIDIA Watchdog Plugin for NvContainer.-.NVIDIA Corporation) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry] : (NVIDIA Telemetry Client.-.NVIDIA Corporation) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetryContainer] : (NVIDIA Telemetry Container.-.NVIDIA Corporation) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci] : (NVIDIA Virtual Host Controller.-.NVIDIA Corporation) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_OSC] : (Nvidia Share.-.NVIDIA Corporation) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay] : (NVIDIA ShadowPlay 3.9.0.61.-.NVIDIA Corporation) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController] : (NVIDIA SHIELD Wireless Controller Driver.-.NVIDIA Corporation) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core] : (NVIDIA Update Core.-.NVIDIA Corporation) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver] : (NVIDIA Virtual Audio 3.90.1.-.NVIDIA Corporation) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Battle.net] : (Application Blizzard.-.Blizzard Entertainment) -> "C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe" --lang=frFR --uid=battle.net --displayname="Application Blizzard" ##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Creative Software AutoUpdate] : (.-.Creative Technology Limited) -> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\setup.exe" -l0x9 /remove [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Heroes of the Storm] : (Heroes of the Storm.-.Blizzard Entertainment) -> "C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe" --lang=frFR --uid=heroes --displayname="Heroes of the Storm" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\HOST_AUDIO_SOUNDCORE_MANAGER] : (.-.Creative Technology Limited) -> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{1F561AD0-55E0-4B00-9429-C727DD525977}\setup.exe" -l0x9 /remove [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> ##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\NVIDIAStereo] : (NVIDIA Stereoscopic 3D Driver.-.NVIDIA Corporation) -> "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInst.exe" /uninstall /ask [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SBCinema2] : (.-.Creative Technology Limited) -> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{80D92E50-9674-44B6-8513-853AB60030A0}\setup.exe" -l0x9 /remove [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Sound Blaster Cinema 2] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SpkEQOEM] : (.-.Creative Technology Limited) -> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{A11DFDF1-93CD-40DD-84AB-ECEB55A766F4}\setup.exe" -l0x9 /remove [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Uplay] : (Uplay.-.Ubisoft) -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uninstall.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Uplay Install 569] : (ForHonor.-.Ubisoft) -> "C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\upc.exe" uplay://uninstall/569 [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{0F212E7A-65EB-4668-A8D7-749026A64F8E}_is1] : (MSI Fast Boot.-.MSI) -> "C:\Program Files (x86)\MSI\Fast Boot\unins001.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1F561AD0-55E0-4B00-9429-C727DD525977}] : (.-.Creative Technology Limited) -> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{1F561AD0-55E0-4B00-9429-C727DD525977}\setup.exe" -l0x9 [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1] : (MSI Live Update 6.-.MSI) -> "C:\Program Files (x86)\MSI\Live Update\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{80B995A4-3A86-4690-98A6-563F1A788835}_is1] : (MSIRegister.-.MSI) -> "C:\MSI\MSIRegister\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{80D92E50-9674-44B6-8513-853AB60030A0}] : (.-.Creative Technology Limited) -> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{80D92E50-9674-44B6-8513-853AB60030A0}\setup.exe" -l0x9 [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{85A2564E-9ED9-448A-91E4-B9211EE58A08}_is1] : (MSI Command Center.-.MSI) -> "C:\Program Files (x86)\MSI\Command Center\unins001.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{88B1984E-36F0-47B8-B8DC-728966807A9C}] : (.-.Creative Technology Limited) -> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\setup.exe" -l0x9 [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A11DFDF1-93CD-40DD-84AB-ECEB55A766F4}] : (.-.Creative Technology Limited) -> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{A11DFDF1-93CD-40DD-84AB-ECEB55A766F4}\setup.exe" -l0x9 [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{B4F6F8CC-2C61-42CC-A4CC-76621F25BDC7}] : (Sound Blaster Cinema 2.-.Creative Technology Limited) -> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{B4F6F8CC-2C61-42CC-A4CC-76621F25BDC7}\Setup.exe" -l0x9 /remove [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{DDCCA038-DAB1-4D09-B85C-848020AA75D6}}_is1] : (MSI Smart Tool.-.MSI) -> "C:\Program Files (x86)\MSI\Smart Tool\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{E0229316-E73B-484B-B9E0-45098AB38D8C}}_is1] : (MSI Gaming APP.-.MSI) -> "C:\Program Files (x86)\MSI\Gaming APP\unins001.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}] : (Asmedia USB Host Controller Driver.-.Asmedia Technology) -> MsiExec.exe /X{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}] : (Killer Performance Suite.-.Rivet Networks) -> "C:\Program Files (x86)\InstallShield Installation Information\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}\PerformanceSuite.exe" -remove -runfromtemp [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}] : (Realtek High Definition Audio Driver.-.Realtek Semiconductor Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -runfromtemp -removeonly ---------- | Ports ---------- | Installer [HKCR\Installer\Products\136440B8E1E6B0A4E8F7C89B23CC66F0] : DriversCloud.com (64 bits) -> C:\WINDOWS\Installer\{8B044631-6E1E-4A0B-8E7F-8CB932CC660F}\maconfico [HKCR\Installer\Products\43159C77D2AC4164C968557B6A2A18AA] : Killer E220x Drivers -> C:\WINDOWS\Installer\{77C95134-CA2D-4614-9C86-55B7A6A281AA}\ARPPRODUCTICON.exe [HKCR\Installer\Products\480A5B15D04AB4F409AAFE3845AED769] : Killer Network Manager -> C:\WINDOWS\Installer\{51B5A084-A40D-4F4B-90AA-EF8354EA7D96}\ARPPRODUCTICON.exe [HKCR\Installer\Products\818DCFD4A63092246AD7FC71CD64D129] : Windows 10 Update and Privacy Settings [HKCR\Installer\Products\93B0BF4E199C7EE459DDA1A187753DD3] : Asmedia USB Host Controller Driver -> C:\WINDOWS\Installer\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}\ARPPRODUCTICON.exe [HKCR\Installer\Products\96DDF462FD4CF6741B8BD7EC4EFA38B9] : KB4023057 [HKCR\Installer\Products\B7B2A7B59AEC05E40B4E8EF202C4EB87] : Killer Bandwidth Control Filter Driver -> C:\WINDOWS\Installer\{5B7A2B7B-CEA9-4E50-B0E4-E82F204CBE78}\ARPPRODUCTICON.exe ---------- | ADS ---------- | Drives Disk: 0 Size=954G Pos MBRndx Type/Name Size Active Hide Start Sector Sectors --- ------ ---------- ---- ------ ---- ------------ ------------ 0 0 EE-UNKNWN 21.0T No No 1 294,967,295 ---------- | MBR Windows Version: Professional Windows Information: (build 9200), 64-bit Base Board Manufacturer: MSI BIOS Manufacturer: American Megatrends Inc. System Manufacturer: MSI System Product Name: MS-7893 Logical Drives Mask: 0x00000004 Analysis of file "C:\QuickDiag\MBR.bin": Windows 7 MBR code detected 64 bits not supported by MBR.exe, Dump : C:\QuickDiag\MBR.Bin ---------- | 20 LastEventLog Erreur du service de cliché instantané des volumes : erreur lors de l’appel de la routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid. . Operation: Executing Asynchronous Operation Context: Current State: DoSnapshotSet ------------ Les services de chiffrement ont échoué lors du traitement de l’appel OnIdentity() dans l’objet System Writer. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . ------------ Erreur du service de cliché instantané des volumes : erreur lors de l’appel de la routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid. . Operation: Executing Asynchronous Operation Context: Current State: DoSnapshotSet ------------ Les services de chiffrement ont échoué lors du traitement de l’appel OnIdentity() dans l’objet System Writer. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . ------------ Nom de l’application défaillante MSISuperIOService.exe, version : 3.0.0.14, horodatage : 0x589d1ecb Nom du module défaillant : ntdll.dll, version : 10.0.14393.1715, horodatage : 0x59b0d8f3 Code d’exception : 0xc0000374 Décalage d’erreur : 0x000d9d71 ID du processus défaillant : 0xcf4 Heure de début de l’application défaillante : 0x01d33b0655b3dab5 Chemin d’accès de l’application défaillante : C:\Program Files (x86)\MSI\Command Center\SuperIO\MSISuperIOService.exe Chemin d’accès du module défaillant: C:\WINDOWS\SYSTEM32\ntdll.dll ID de rapport : 4a66a1ed-83bf-4560-8f53-202b06baa101 Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Impossible d’obtenir les informations de registre des compteurs de performances pour WSearchIdxPi pour l’instance en raison de l’erreur suivante : The operation completed successfully. 0x0. ------------ Impossible d’initialiser le contrôle des performances pour l’objet rassembleur. Les compteurs ne sont pas chargés ou l’objet mémoire partagée ne peut pas être ouvert. Cela affecte seulement la disponibilité des compteurs. Redémarrez l’ordinateur. Context: Application, SystemIndex Catalog ------------ Impossible d’initialiser le contrôle des performances pour le service rassembleur, car les compteurs ne sont pas chargés ou l’objet mémoire partagée ne peut pas être ouvert. Cela affecte seulement la disponibilité des compteurs de performances. Redémarrez l’ordinateur. ------------ Nom de l’application défaillante svchost.exe, version : 10.0.14393.0, horodatage : 0x57899b1c Nom du module défaillant : combase.dll, version : 10.0.14393.0, horodatage : 0x57899850 Code d’exception : 0xc0000005 Décalage d’erreur : 0x000000000001b1e8 ID du processus défaillant : 0x22c Heure de début de l’application défaillante : 0x01d33a3ad9838a58 Chemin d’accès de l’application défaillante : C:\WINDOWS\system32\svchost.exe Chemin d’accès du module défaillant: C:\WINDOWS\System32\combase.dll ID de rapport : 188bde16-bed7-4f0c-9578-16b546fa1145 Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Nom de l’application défaillante MSI_LED.exe, version : 6.2.0.29, horodatage : 0x599be150 Nom du module défaillant : clr.dll, version : 4.6.1586.0, horodatage : 0x575a139f Code d’exception : 0xc0000005 Décalage d’erreur : 0x00017332 ID du processus défaillant : 0x10e4 Heure de début de l’application défaillante : 0x01d33ab10b8e0f22 Chemin d’accès de l’application défaillante : C:\Program Files (x86)\MSI\Gaming APP\MSI_LED.exe Chemin d’accès du module défaillant: C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll ID de rapport : 278a8ab8-ff17-4263-9180-cbe3c618515c Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Application : MSI_LED.exe Version du Framework : v4.0.30319 Description : le processus a été arrêté en raison d'une erreur interne dans le runtime .NET à l'adresse IP 738B7332 (738A0000) avec le code de sortie 80131506. ------------ Impossible de mettre à jour la valeur Object List de la clé SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance Le premier DWORD dans la section des données contient le code d’erreur et le second DWORD contient la valeur mise à jour. ------------ Impossible de mettre à jour la valeur First Help de la clé SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance Le premier DWORD dans la section des données contient le code d’erreur et le second DWORD contient la valeur mise à jour. ------------ Impossible de mettre à jour la valeur First Counter de la clé SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance Le premier DWORD dans la section des données contient le code d’erreur et le second DWORD contient la valeur mise à jour. ------------ Impossible de mettre à jour la valeur Last Help de la clé SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance Le premier DWORD dans la section des données contient le code d’erreur et le second DWORD contient la valeur mise à jour. ------------ Impossible de mettre à jour la valeur Last Counter de la clé SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance Le premier DWORD dans la section des données contient le code d’erreur et le second DWORD contient la valeur mise à jour. ------------ Impossible de mettre à jour la valeur Last Help de la clé SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib Le premier DWORD dans la section des données contient le code d’erreur et le second DWORD contient la valeur mise à jour. ------------ Impossible de mettre à jour la valeur Last Counter de la clé SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib Le premier DWORD dans la section des données contient le code d’erreur et le second DWORD contient la valeur mise à jour. ------------ Nom de l’application défaillante Live Update.exe, version : 6.1.23.0, horodatage : 0x57c00dd4 Nom du module défaillant : Live Update.exe, version : 6.1.23.0, horodatage : 0x57c00dd4 Code d’exception : 0xc000000d Décalage d’erreur : 0x000db9d4 ID du processus défaillant : 0x1c80 Heure de début de l’application défaillante : 0x01d33a2d94059852 Chemin d’accès de l’application défaillante : C:\Program Files (x86)\MSI\Live Update\Live Update.exe Chemin d’accès du module défaillant: C:\Program Files (x86)\MSI\Live Update\Live Update.exe ID de rapport : 058fdf12-408b-435a-9e30-3f3efac7d623 Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ ----------( EOF)---------- - 3392 | 17:39:12