--------------- QuickDiag | g3n-h@ckm@n | 2_23.09.2016.1 --------------- ----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 25/10/2016 20:06:26 Updated 23/09/2016 | 10.30 by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Time Zone : (UTC+01:00) Bruxelles, Copenhague, Madrid, Paris [Damien (Administrator)] - [DAMIEN-PC] (S-1-5-21-632178411-2394207594-2140285815-1000) System: Microsoft Windows 7 Édition Intégrale - Service Pack 1 - (6.1.7601) - BuildType: Multiprocessor Free - OSLanguage: 1036 (040c) System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True Boot : Microsoft Windows 7 Édition Intégrale |C:\Windows|\Device\Harddisk0\Partition1 Boot : Normal boot PC: MS-7821 - MSI - IdNumber: To be filled by O.E.M. - UUID: 00000000-0000-0000-0000-D43D7EF4A7A7 Processor : X64 - 3400 Mhz - Intel(R) Core(TM) i7-4770 CPU @ 3.40GHz BIOS Date: 07/21/14 11:03:17 Ver: V1.9B0 - en|US|iso8859-1 - American Megatrends Inc. - S/N: To be filled by O.E.M. - V1.9 - ALASKA - 1072009 CoreTemp : 29.8 Celsius ----------| Quick ---------- | SoundDevice NVIDIA High Definition Audio - Status: OK - Manufacturer: NVIDIA - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10DE&DEV_0084&SUBSYS_14623281&REV_1001\5&21E97BB5&0&0001 NVIDIA Virtual Audio Device (Wave Extensible) (WDM) - Status: OK - Manufacturer: NVIDIA - PNPDeviceID: ROOT\UNNAMED_DEVICE\0000 Realtek High Definition Audio - Status: OK - Manufacturer: Realtek - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0900&SUBSYS_1462D821&REV_1000\4&234E0589&0&0001 ---------- | Video NVIDIA GeForce GTX 1060 6GB - Resolution: 1920x1080 - Colors: 4294967296 - RefreshRate: 60 - 32 Bits Per Pixel - DeviceID: VideoController1 - Drivers: nvd3dumx.dll,nvwgf2umx.dll,nvwgf2umx.dll,nvd3dum,nvwgf2um,nvwgf2um - PNPDeviceID: PCI\VEN_10DE&DEV_1C03&SUBSYS_32811462&REV_A1\4&EF96EB&0&0008 - AdapterCompatibility: NVIDIA - RAM: -1048576 Inegrated Video Chipset DeviceName: NVIDIA GeForce GTX 1060 6GB - DriverVersion: 21.21.13.7563 - SpecificationVersion: 1025 ---------- | Codecs c:\windows\system32\msrle32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 16384 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msvidc32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 38912 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\imaadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 22016 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msg711.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 14848 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msgsm32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 29184 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 24064 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 25600 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\iyuv_32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 54272 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\tsbyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 14848 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\l3codeca.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 81408 - Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK ---------- | CPU CPU #1 value:0 % CPU #2 value:0 % CPU #3 value:0 % CPU #4 value:6 % Total Overall CPU Usage value:1 % ---------- | Network WAN Miniport (SSTP) - - Microsoft - Status: - PnPID : ROOT\MS_SSTPMINIPORT\0000 WAN Miniport (IKEv2) - - Microsoft - Status: - PnPID : ROOT\MS_AGILEVPNMINIPORT\0000 WAN Miniport (L2TP) - - Microsoft - Status: - PnPID : ROOT\MS_L2TPMINIPORT\0000 WAN Miniport (PPTP) - - Microsoft - Status: - PnPID : ROOT\MS_PPTPMINIPORT\0000 WAN Miniport (PPPOE) - - Microsoft - Status: - PnPID : ROOT\MS_PPPOEMINIPORT\0000 WAN Miniport (IPv6) - - Microsoft - Status: - PnPID : ROOT\MS_NDISWANIPV6\0000 WAN Miniport (Network Monitor) - - Microsoft - Status: - PnPID : ROOT\MS_NDISWANBH\0000 NETGEAR A6210 WiFi USB3.0 Adapter - Ethernet 802.3 - NETGEAR Inc. - Status: - PnPID : USB\VID_0846&PID_9053\100 WAN Miniport (IP) - - Microsoft - Status: - PnPID : ROOT\MS_NDISWANIP\0000 RAS Async Adapter - Réseau étendu (WAN) - Microsoft - Status: - PnPID : SW\{EEAB7790-C514-11D1-B42B-00805FC1270E}\ASYNCMAC Apple Mobile Device Ethernet - - - Status: - PnPID : ---------- | Memory RAM = Total (MB) : 16720 | Free (MB) : 12815 Pagefile = Total (MB) : 16923 | Free (MB) : 12525 Virtual = Total (MB) : 4194 | Free (MB) : 4024 Physical Memory 0 : Capacity: 4294967296 - ChannelA-DIMM0 - Posit.: - Manufacturer: Kingston - PartNumber: KHX1600C9D3/4GX - S/N: 5B38AABC Physical Memory 1 : Capacity: 4294967296 - ChannelA-DIMM1 - Posit.: - Manufacturer: Kingston - PartNumber: KHX1600C9D3/4GX - S/N: 2D38DA78 Physical Memory 2 : Capacity: 4294967296 - ChannelB-DIMM0 - Posit.: - Manufacturer: Kingston - PartNumber: KHX1600C9D3/4GX - S/N: 5A380CBD Physical Memory 3 : Capacity: 4294967296 - ChannelB-DIMM1 - Posit.: - Manufacturer: Kingston - PartNumber: KHX1600C9D3/4GX - S/N: 2E38CE78 ---------- | SID Users Administrateur : [S-1-5-21-632178411-2394207594-2140285815-500] Damien : [S-1-5-21-632178411-2394207594-2140285815-1000] HomeGroupUser$ : [S-1-5-21-632178411-2394207594-2140285815-1002] Invité : [S-1-5-21-632178411-2394207594-2140285815-501] Administrateurs : [S-1-5-32-544] Duplicateurs : [S-1-5-32-552] IIS_IUSRS : [S-1-5-32-568] Invités : [S-1-5-32-546] Lecteurs des journaux d’événements : [S-1-5-32-573] Opérateurs de chiffrement : [S-1-5-32-569] Opérateurs de configuration réseau : [S-1-5-32-556] Opérateurs de sauvegarde : [S-1-5-32-551] Utilisateurs : [S-1-5-32-545] Utilisateurs avec pouvoir : [S-1-5-32-547] Utilisateurs de l’Analyseur de performances : [S-1-5-32-558] Utilisateurs du Bureau à distance : [S-1-5-32-555] Utilisateurs du journal de performances : [S-1-5-32-559] Utilisateurs du modèle COM distribué : [S-1-5-32-562] HomeUsers : [S-1-5-21-632178411-2394207594-2140285815-1001] ---------- | Drives G:\ -> [CDROM] | [G71-VNT1039] | Total : 0.8 Go | Free : 0 Go -> CDFS [SATA] F:\ -> [Fixed] | [Nouveau nom] | Total : 1863.01 Go | Free : 1462.88 Go -> NTFS [SATA] D:\ -> [Fixed] | [] | Total : 465.76 Go | Free : 311.98 Go -> NTFS (SSD) [SATA] C:\ -> [Fixed] | [] | Total : 232.88 Go | Free : 114.42 Go -> NTFS (SSD) [SATA] Disk Usage Information [3 total Physical Disks] Physical Drive #0 [C:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Physical Drive #1 [F:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Physical Drive #2 [D:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Overall - Read Maximum:0 bytes/sec, Write Maximum:0 bytes/sec DeviceID: \\.\PHYSICALDRIVE2 - Status: OK - IDE - Fixed hard disk media - 1 Part. - PnPID : SCSI\DISK&VEN_SAMSUNG&PROD_SSD_750_EVO_500G\4&1AA7EE5&0&050000 DeviceID: \\.\PHYSICALDRIVE0 - Status: OK - IDE - Fixed hard disk media - 1 Part. - PnPID : SCSI\DISK&VEN_SAMSUNG&PROD_SSD_840_EVO_250G\4&1AA7EE5&0&000000 DeviceID: \\.\PHYSICALDRIVE1 - Status: OK - IDE - Fixed hard disk media - 1 Part. - PnPID : SCSI\DISK&VEN_ST2000DM&PROD_001-1CH164\4&1AA7EE5&0&010000 ---------- | Windows updates Last detection : 2016-09-29 19:31:30 Downloaded last ones : 2016-09-29 19:55:39 Installed last ones : 2016-09-29 21:12:39 Windows Is Activated ---------- | Browsers IE : 11.0.9600.17840 (© Microsoft Corporation. Tous droits réservés.) FF : 49.0.1.6109 (©Firefox and Mozilla Developers; available under the MPL 2 license.) Default : "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" ---------- | FlashPlayer FlashPlayer Plugin : 23.0.0.162 ---------- | Security AV : AS : Windows Defender Enabled AM : Malwarebytes' Anti-Malware ( 2.3.173.0) [Update : 18/10/2016 20:08:03] FW : WINDOWS Firewall WMI : OK WU: Windows Update Service [Auto(2)] = Running AS: Windows Defender [Auto(2)] = Running WMI: Windows Management Instrumentation [Auto(2)] = Running ---------- | Running processes 320 | [Owner : Système | Parent : 4(System) | ?????] - (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (6.1.7601.23539) = C:\Windows\System32\smss.exe [29/09/2016 21:55:27] CPU Usage:0 % 620 | [Owner : | Parent : 544() | ?????] - (.Microsoft Corporation - Application de démarrage de Windows.) - (6.1.7600.16385) = C:\Windows\System32\wininit.exe [14/07/2009 01:52:37] CPU Usage:0 % 676 | [Owner : | Parent : 620(wininit.exe) | ?????] - (.Microsoft Corporation - Applications Services et Contrôleur.) - (6.1.7601.18829) = C:\Windows\System32\services.exe [29/09/2016 21:55:07] CPU Usage:0 % 700 | [Owner : | Parent : 620(wininit.exe) | ?????] - (.Microsoft Corporation - Local Security Authority Process.) - (6.1.7601.23539) = C:\Windows\System32\lsass.exe [29/09/2016 21:55:27] CPU Usage:0 % 708 | [Owner : | Parent : 620(wininit.exe) | ?????] - (.Microsoft Corporation - Service du gestionnaire de session locale.) - (6.1.7601.17514) = C:\Windows\System32\lsm.exe [21/11/2010 05:23:53] CPU Usage:0 % 804 | [Owner : | Parent : 676(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:31:13] CPU Usage:0 % 892 | [Owner : | Parent : 676(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:31:13] CPU Usage:0 % 952 | [Owner : | Parent : 676(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:31:13] CPU Usage:0 % 984 | [Owner : | Parent : 676(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:31:13] CPU Usage:0 % 1012 | [Owner : | Parent : 676(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:31:13] CPU Usage:0 % 352 | [Owner : | Parent : 676(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:31:13] CPU Usage:0 % 1128 | [Owner : | Parent : 676(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:31:13] CPU Usage:0 % 1216 | [Owner : | Parent : 612() | ?????] - (.Microsoft Corporation - Application d’ouverture de session Windows.) - (6.1.7601.18540) = C:\Windows\System32\winlogon.exe [29/09/2016 21:52:34] CPU Usage:0 % 1360 | [Owner : | Parent : 676(services.exe) | ?????] - (.Microsoft Corporation - Application sous-système spouleur.) - (6.1.7601.17514) = C:\Windows\System32\spoolsv.exe [21/11/2010 05:24:27] CPU Usage:0 % 1388 | [Owner : | Parent : 676(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:31:13] CPU Usage:0 % 1480 | [Owner : | Parent : 676(services.exe) | ?????] - (.Apple Inc. - MobileDeviceService.) - (17.374.70.8) = C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [05/08/2016 17:29:14] CPU Usage:0 % 1536 | [Owner : | Parent : 676(services.exe) | ?????] - (.Apple Inc. - Bonjour Service.) - (3.1.0.1) = C:\Program Files\Bonjour\mDNSResponder.exe [12/08/2015 16:03:42] CPU Usage:0 % 1580 | [Owner : | Parent : 676(services.exe) | ?????] - (.Micro-Star Int'l Co., Ltd. - GamingApp_Service.) - (1.0.0.9) = C:\Program Files (x86)\MSI\Gaming APP\GamingApp_Service.exe [22/10/2016 15:10:45] CPU Usage:0 % 1744 | [Owner : Damien | Parent : 676(services.exe) | 13.72 Mo] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (6.1.7601.18010) = C:\Windows\System32\taskhost.exe [29/09/2016 21:51:32] CPU Usage:0 % 1764 | [Owner : Damien | Parent : 352(svchost.exe) | 7.04 Mo] - (.Microsoft Corporation - Moteur du Planificateur de tâches.) - (6.1.7601.17514) = C:\Windows\System32\taskeng.exe [21/11/2010 05:24:27] CPU Usage:0 % 1824 | [Owner : Damien | Parent : 984(svchost.exe) | 61.06 Mo] - (.Microsoft Corporation - Gestionnaire de fenêtres du Bureau.) - (6.1.7600.16385) = C:\Windows\System32\dwm.exe [14/07/2009 01:37:38] CPU Usage:0 % 1900 | [Owner : Damien | Parent : 1816() | 57.94 Mo] - (.Microsoft Corporation - Explorateur Windows.) - (6.1.7601.17514) = C:\Windows\explorer.exe [21/11/2010 05:24:11] CPU Usage:0 % 2024 | [Owner : | Parent : 676(services.exe) | ?????] - (.Micro-Star INT'L CO., LTD. - Gaming Hotkey Service.) - (1.0.0.6) = C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey_Service.exe [22/10/2016 15:10:45] CPU Usage:0 % 616 | [Owner : | Parent : 676(services.exe) | ?????] - (.- ISCT Agent Application.) - (5.0.10.2907) = C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [25/08/2014 16:01:34] CPU Usage:0 % 1608 | [Owner : Damien | Parent : 1764(taskeng.exe) | 17.68 Mo] - (.Micro-Star INT'L CO., LTD. - MsiGamingOSD_x86.) - (1.0.0.3) = C:\Program Files (x86)\MSI\Gaming APP\OSD\x86\MsiGamingOSD_x86.exe [22/10/2016 15:11:10] CPU Usage:0 % 1532 | [Owner : Damien | Parent : 1764(taskeng.exe) | 17.92 Mo] - (.Micro-Star INT'L CO., LTD. - MsiGamingOSD_x64.) - (1.0.0.3) = C:\Program Files (x86)\MSI\Gaming APP\OSD\x64\MsiGamingOSD_x64.exe [22/10/2016 15:11:10] CPU Usage:0 % 1624 | [Owner : Damien | Parent : 1764(taskeng.exe) | 6 Mo] - (.MSI - Windows Host Process.) - (1.0.0.1) = C:\Windows\SysWOW64\muachost.exe [29/09/2016 07:19:26] CPU Usage:0 % 2152 | [Owner : | Parent : 676(services.exe) | ?????] - (.Micro-Star INT'L CO., LTD. - MSI Live Update Service.) - (1.0.0.34) = C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [29/09/2016 07:08:48] CPU Usage:0 % 2192 | [Owner : | Parent : 676(services.exe) | ?????] - (.MSI - Super Charger Service.) - (1.3.0.7) = C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe [29/09/2016 07:07:44] CPU Usage:0 % 2224 | [Owner : Damien | Parent : 1900(explorer.exe) | 12.42 Mo] - (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) - (1.0.561.0) = C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [29/09/2016 07:08:14] CPU Usage:0 % 2260 | [Owner : Damien | Parent : 1900(explorer.exe) | 5.3 Mo] - (.Intel Corporation - ISCT SysTray.) - (5.0.10.2907) = C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe [25/08/2014 16:01:14] CPU Usage:0 % 2292 | [Owner : | Parent : 676(services.exe) | ?????] - (.- MediatekSw Application.) - (1.0.1.3) = C:\Program Files (x86)\NETGEAR\A6210\NetgearSwitchUSB.exe [17/09/2015 17:42:32] CPU Usage:0 % 2340 | [Owner : Damien | Parent : 1900(explorer.exe) | 4.16 Mo] - (.Samsung Electronics Co., Ltd. - Samsung RAPID Mode Notification Utility.) - (1.0.1.96) = C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe [04/09/2015 12:08:04] CPU Usage:0 % 2360 | [Owner : Damien | Parent : 1900(explorer.exe) | 16 Mo] - (.Apple Inc. - iTunesHelper.) - (12.5.1.21) = C:\Program Files\iTunes\iTunesHelper.exe [09/09/2016 15:00:48] CPU Usage:0 % 2368 | [Owner : | Parent : 676(services.exe) | ?????] - (.NVIDIA Corporation - NVIDIA Container.) - (1.0.2118.2499) = C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [29/09/2016 06:40:52] CPU Usage:0 % 2512 | [Owner : | Parent : 676(services.exe) | ?????] - (.NVIDIA Corporation - NVIDIA Wireless Controller Service.) - (3.0.7.34) = C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [29/09/2016 06:40:53] CPU Usage:0 % 2732 | [Owner : Damien | Parent : 2384() | 16.71 Mo] - (.NETGEAR - A6210 Genie MFC Application.) - (1.0.0.35) = C:\Program Files (x86)\NETGEAR\A6210\A6210.EXE [14/07/2016 11:30:00] CPU Usage:0 % 2744 | [Owner : Damien | Parent : 2384() | 11.62 Mo] - (.MSI - Super Charger.) - (1.3.0.7) = C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe [29/09/2016 07:07:44] CPU Usage:0 % 2760 | [Owner : Damien | Parent : 2384() | 21.99 Mo] - (.Micro-Star INT'L CO., LTD. - Live Update 6 Application.) - (6.1.23.0) = C:\Program Files (x86)\MSI\Live Update\Live Update.exe [29/09/2016 07:08:48] CPU Usage:0 % 2768 | [Owner : Damien | Parent : 2384() | 6.46 Mo] - (.Intel Corporation - iusb3mon.) - (3.0.5.69) = C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [29/09/2016 07:11:07] CPU Usage:0 % 3128 | [Owner : Damien | Parent : 2368(nvcontainer.exe) | 29.36 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.0.2118.2499) = C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe [29/09/2016 06:40:52] CPU Usage:0 % 3256 | [Owner : Damien | Parent : 3240() | 55.1 Mo] - (.Node.js - NVIDIA Web Helper Service.) - (4.4.3.0) = C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe [29/09/2016 06:40:53] CPU Usage:0 % 3272 | [Owner : Damien | Parent : 632(csrss.exe) | 3.82 Mo] - (.Microsoft Corporation - Hôte de la fenêtre de la console.) - (6.1.7601.23539) = C:\Windows\System32\conhost.exe [29/09/2016 21:55:27] CPU Usage:0 % 3872 | [Owner : Damien | Parent : 2284() | 32.52 Mo] - (.Intel Corporation - IAStorIcon.) - (13.1.0.1058) = C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [28/05/2014 10:10:36] CPU Usage:0 % 2676 | [Owner : | Parent : 676(services.exe) | ?????] - (.Visicom Media Inc. - Anti-phishing Domain Advisor (Powered by Panda Security).) - (2.0.1.48) = C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringb.exe [06/11/2015 20:38:18] CPU Usage:0 % 3756 | [Owner : | Parent : 676(services.exe) | ?????] - (.Samsung Electronics Co., Ltd. - Samsung RAPID Mode Service.) - (1.0.1.96) = C:\Windows\System32\RAPID\SamsungRapidSvc.exe [04/09/2015 12:08:02] CPU Usage:0 % 1924 | [Owner : | Parent : 676(services.exe) | ?????] - (.Microsoft Corporation - SQL Server VSS Writer - 64 Bit.) - (2011.110.2318.0) = C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [20/04/2012 01:35:38] CPU Usage:0 % 3580 | [Owner : | Parent : 676(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:31:13] CPU Usage:0 % 4452 | [Owner : | Parent : 676(services.exe) | ?????] - (.Apple Inc. - iPodService Module (64-bit).) - (12.5.1.21) = C:\Program Files\iPod\bin\iPodService.exe [09/09/2016 15:00:48] CPU Usage:0 % 4648 | [Owner : | Parent : 676(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:31:13] CPU Usage:0 % 4844 | [Owner : | Parent : 676(services.exe) | ?????] - (.Microsoft Corporation - Service Partage réseau du Lecteur Windows Media.) - (12.0.7601.17514) = C:\Program Files\Windows Media Player\wmpnetwk.exe [21/11/2010 05:25:05] CPU Usage:0 % 4960 | [Owner : | Parent : 676(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:31:13] CPU Usage:0 % 2120 | [Owner : | Parent : 676(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:31:13] CPU Usage:0 % 456 | [Owner : | Parent : 2380() | ?????] - (.Google Inc. - Programme d'installation de Google.) - (1.3.31.5) = C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [03/10/2016 13:31:04] CPU Usage:0 % 3760 | [Owner : | Parent : 676(services.exe) | ?????] - (.Intel Corporation - IAStorDataSvc.) - (13.1.0.1058) = C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [28/05/2014 10:10:36] CPU Usage:0 % 4852 | [Owner : | Parent : 676(services.exe) | ?????] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host Interface.) - (10.0.30.1054) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [10/11/2014 12:12:42] CPU Usage:0 % 3380 | [Owner : | Parent : 676(services.exe) | ?????] - (.Intel Corporation - Intel(R) Local Management Service.) - (10.0.30.1054) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [10/11/2014 12:12:44] CPU Usage:0 % 1984 | [Owner : | Parent : 676(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:31:13] CPU Usage:0 % 2620 | [Owner : | Parent : 676(services.exe) | ?????] - (.Electronic Arts - OriginWebHelperService.) - (10.2.1.38915) = C:\Program Files (x86)\Origin\OriginWebHelperService.exe [30/09/2016 03:54:32] CPU Usage:0 % 3188 | [Owner : Damien | Parent : 5640() | 146.89 Mo] - (.Electronic Arts - Origin.) - (10.2.1.38915) = C:\Program Files (x86)\Origin\Origin.exe [30/09/2016 03:54:32] CPU Usage:0 % 5412 | [Owner : Damien | Parent : 804(svchost.exe) | 27.59 Mo] - (.NVIDIA Corporation - NVIDIA Capture Server.) - (3.0.7.34) = C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe [29/09/2016 06:40:54] CPU Usage:0 % 3116 | [Owner : Damien | Parent : 5412(nvspcaps64.exe) | 41 Mo] - (.NVIDIA Corporation - NVIDIA Share.) - (51.2704.1434.1) = C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe [29/09/2016 06:40:54] CPU Usage:0 % 4148 | [Owner : Damien | Parent : 3116(NVIDIA Share.exe) | 58.87 Mo] - (.NVIDIA Corporation - NVIDIA Share.) - (51.2704.1434.1) = C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe [29/09/2016 06:40:54] CPU Usage:0 % 3988 | [Owner : Damien | Parent : 3188(Origin.exe) | 35.74 Mo] - (.-.) - (0.0.0.0) = C:\Program Files (x86)\Origin\QtWebEngineProcess.exe [30/09/2016 03:54:32] CPU Usage:0 % 388 | [Owner : Damien | Parent : 3188(Origin.exe) | 43.02 Mo] - (.-.) - (0.0.0.0) = C:\Program Files (x86)\Origin\QtWebEngineProcess.exe [30/09/2016 03:54:32] CPU Usage:0 % 3160 | [Owner : Damien | Parent : 3188(Origin.exe) | 119.78 Mo] - (.-.) - (0.0.0.0) = C:\Program Files (x86)\Origin\QtWebEngineProcess.exe [30/09/2016 03:54:32] CPU Usage:0 % 4508 | [Owner : | Parent : 676(services.exe) | ?????] - (.NVIDIA Corporation - NVIDIA Container.) - (1.0.0.0) = C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [22/10/2016 13:06:13] CPU Usage:0 % 2756 | [Owner : | Parent : 4508(NVDisplay.Container.exe) | ?????] - (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) - (8.17.13.7563) = C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe [29/09/2016 07:05:08] CPU Usage:0 % 6224 | [Owner : Damien | Parent : 3004() | 12.01 Mo] - (.- CPU temperature and system information utility.) - (1.4.1.5) = C:\Program Files\Core Temp\Core Temp.exe [25/10/2016 15:39:40] CPU Usage:0 % 7080 | [Owner : Damien | Parent : 404() | 44.39 Mo] - (.gputemp.com - GPU Temp.) - (1.0.0.0) = C:\Program Files (x86)\GPU Temp\GPUTemp.exe [25/10/2016 15:41:52] CPU Usage:0 % 3648 | [Owner : Damien | Parent : 1900(explorer.exe) | 494.1 Mo] - (.Mozilla Corporation - Firefox.) - (49.0.1.6109) = C:\Program Files (x86)\Mozilla Firefox\firefox.exe [29/09/2016 06:34:53] CPU Usage:12 % 6288 | [Owner : Damien | Parent : 1900(explorer.exe) | 24.23 Mo] - (.SosVirus - QuickDiag.) - (23.9.2016.1) = C:\Users\Damien\Desktop\quickdiag_2_23.09.2016.1.exe [25/10/2016 20:05:56] CPU Usage:0 % 4792 | [Owner : | Parent : 676(services.exe) | ?????] - (.Microsoft Corporation - Service de la plateforme de protection logicielle Microsoft.) - (6.1.7601.17514) = C:\Windows\System32\sppsvc.exe [21/11/2010 05:23:56] CPU Usage:0 % ---------- | MD5 [MD5.AC4C51EB24AA95B77F705AB159189E24] - [21/11/2010 05:24:11] - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [2805 Ko] - (6.1.7601.17514) : C:\Windows\Explorer.exe [MD5.5746BD7E255DD6A8AFA06F7C42C1BA41] - [21/11/2010 05:23:55] - (.© Microsoft Corporation. Tous droits réservés. - Interpréteur de commandes Windows.) - [337 Ko] - (6.1.7601.17514) : C:\Windows\System32\cmd.exe [MD5.60C2862B4BF0FD9F582EF344C2B1EC72] - [14/07/2009 01:19:49] - (.© Microsoft Corporation. Tous droits réservés. - Processus d’exécution client-serveur.) - [7.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\csrss.exe [MD5.A8EDB86FC2A4D6D1285E4C70384AC35A] - [14/07/2009 01:59:17] - (.© Microsoft Corporation. - COM Surrogate.) - [9.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\dllhost.exe [MD5.C9805CDE0B275E7554F9023497169B9B] - [29/09/2016 21:55:27] - (.© Microsoft Corporation. Tous droits réservés. - DLL du client API BASE Windows NT.) - [1136 Ko] - (6.1.7601.23539) : C:\Windows\System32\Kernel32.dll [MD5.07932D7BA536B0BB58306A156A9AFC31] - [29/09/2016 21:55:27] - (.© Microsoft Corporation. - Local Security Authority Process.) - [30 Ko] - (6.1.7601.23539) : C:\Windows\System32\lsass.exe [MD5.5C627D1B1138676C0A7AB2C2C190D123] - [21/11/2010 05:24:01] - (.© Microsoft Corporation. - Distributed COM Services.) - [500 Ko] - (6.1.7601.17514) : C:\Windows\System32\rpcss.dll [MD5.DD81D91FF3B0763C392422865C9AC12E] - [14/07/2009 01:57:20] - (.© Microsoft Corporation. Tous droits réservés. - Processus hôte Windows (Rundll32).) - [44.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\rundll32.exe [MD5.71C85477DF9347FE8E7BC55768473FCA] - [29/09/2016 21:55:07] - (.© Microsoft Corporation. Tous droits réservés. - Applications Services et Contrôleur.) - [321 Ko] - (6.1.7601.18829) : C:\Windows\System32\services.exe [MD5.C78655BC80301D76ED4FEF1C1EA40A7D] - [14/07/2009 01:31:13] - (.© Microsoft Corporation. Tous droits réservés. - Processus hôte pour les services Windows.) - [26.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\svchost.exe [MD5.8F4B991E7837E8E0F90C856659456652] - [29/09/2016 21:54:58] - (.© Microsoft Corporation. Tous droits réservés. - DLL client de l’API uilisateur de Windows multi-utilisateurs.) - [985.5 Ko] - (6.1.7601.23528) : C:\Windows\System32\user32.dll [MD5.BAFE84E637BF7388C96EF48D4D3FDD53] - [21/11/2010 05:24:28] - (.© Microsoft Corporation. Tous droits réservés. - Application d’ouverture de session Userinit.) - [30 Ko] - (6.1.7601.17514) : C:\Windows\System32\userinit.exe [MD5.94355C28C1970635A31B3FE52EB7CEBA] - [14/07/2009 01:52:37] - (.© Microsoft Corporation. Tous droits réservés. - Application de démarrage de Windows.) - [126 Ko] - (6.1.7600.16385) : C:\Windows\System32\Wininit.exe [MD5.8CEBD9D0A0A879CDE9F36F4383B7CAEA] - [29/09/2016 21:52:34] - (.© Microsoft Corporation. Tous droits réservés. - Application d’ouverture de session Windows.) - [444.5 Ko] - (6.1.7601.18540) : C:\Windows\System32\Winlogon.exe [MD5.9A4A1EEE802BF2F878EE8EAB407B21B7] - [29/09/2016 21:54:24] - (.© Microsoft Corporation. Tous droits réservés. - Ancillary Function Driver for WinSock.) - [486 Ko] - (6.1.7601.19031) : C:\Windows\System32\Drivers\afd.sys [MD5.02062C0B390B7729EDC9E69C680A6F3C] - [14/07/2009 01:19:47] - (.© Microsoft Corporation. - ATAPI IDE Miniport Driver.) - [23.56 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\atapi.sys [MD5.A34FE1E025E88798E746F484956C0720] - [21/11/2010 05:23:47] - (.© Microsoft Corporation. - ATAPI Driver Extension.) - [151.88 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\ataport.sys [MD5.B8BD2BB284668C84865658C77574381A] - [14/07/2009 01:19:47] - (.© Microsoft Corporation. - CD-ROM File System Driver.) - [90 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\cdfs.sys [MD5.F036CE71586E93D94DAB220D7BDF4416] - [21/11/2010 05:23:47] - (.© Microsoft Corporation. - SCSI CD-ROM Driver.) - [144 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\cdrom.sys [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - [21/11/2010 05:24:32] - (.© Microsoft Corporation. - DFS Namespace Client Driver.) - [100 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\dfsc.sys [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - [21/11/2010 05:23:47] - (.© Microsoft Corporation. - High Definition Audio Bus Driver.) - [119.5 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\hdaudbus.sys [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - [14/07/2009 01:19:58] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de port i8042.) - [103 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\i8042prt.sys [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - [14/07/2009 02:10:03] - (.© Microsoft Corporation. - IP Network Address Translator.) - [113.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\ipnat.sys [MD5.341C65D6D4E9AB705258AC83511F7ADD] - [29/09/2016 21:55:27] - (.© Microsoft Corporation. - Windows NT SMB Minirdr.) - [156 Ko] - (6.1.7601.23539) : C:\Windows\System32\Drivers\mrxsmb.sys [MD5.F7309F42555F8AAB7144A51A1F2585B0] - [29/09/2016 21:51:43] - (.© Microsoft Corporation. Tous droits réservés. - Pilote NDIS 6.20.) - [928.44 Ko] - (6.1.7601.19030) : C:\Windows\System32\Drivers\ndis.sys [MD5.E47D571FEC2C76E867935109AB2A770C] - [29/09/2016 21:51:43] - (.© Microsoft Corporation. - MBT Transport driver.) - [256 Ko] - (6.1.7601.23451) : C:\Windows\System32\Drivers\netbt.sys [MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - [29/09/2016 21:54:37] - (.© Microsoft Corporation. Tous droits réservés. - Pilote du système de fichiers NT.) - [1617.85 Ko] - (6.1.7601.18127) : C:\Windows\System32\Drivers\ntfs.sys [MD5.0086431C29C35BE1DBC43F52CC273887] - [14/07/2009 02:00:41] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de port parallèle.) - [95 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\parport.sys [MD5.471815800AE33E6F1C32FB1B97C490CA] - [21/11/2010 05:24:33] - (.© Microsoft Corporation. - RAS L2TP mini-port/call-manager driver.) - [126.5 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\rasl2tp.sys [MD5.1B6163C503398B23FF8B939C67747683] - [21/11/2010 05:25:07] - (.© Microsoft Corporation. - Microsoft RDP Device redirector.) - [162 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\rdpdr.sys [MD5.548260A7B8654E024DC30BF8A7C5BAA4] - [14/07/2009 02:09:09] - (.© Microsoft Corporation. - SMB Transport driver.) - [91 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\smb.sys [MD5.04ADD18EE5CC9FBEDAEC1DD1CD0CB45E] - [29/09/2016 21:54:29] - (.© Microsoft Corporation. Tous droits réservés. - Pilote TCP/IP.) - [1858.94 Ko] - (6.1.7601.18438) : C:\Windows\System32\Drivers\tcpip.sys [MD5.AA77EB517D2F07A947294F260E3ACA83] - [29/09/2016 21:54:24] - (.© Microsoft Corporation. - TDI Translation Driver.) - [115.5 Ko] - (6.1.7601.19031) : C:\Windows\System32\Drivers\tdx.sys [MD5.0D08D2F3B3FF84E433346669B5E0F639] - [21/11/2010 05:23:47] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de cliché instantané du volume.) - [288.88 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\volsnap.sys ---------- | Locked Applications ---------- | Explorer.exe component call (Microsoft Files Whitelisted) (.Alexander Roshal.-.WinRAR shell extension.) - (5.40.0.0) -- C:\Program Files\WinRAR\rarext.dll (.Malwarebytes.-.Malwarebytes Anti-Malware.) - (3.1.1.0) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll (.NVIDIA Corporation.-.NVIDIA Shell Extensions.) - (8.17.13.7563) -- C:\Windows\system32\nv3dappshext.dll (.NVIDIA Corporation.-.NVIDIA NVAPI Library, Version 375.63.) - (21.21.13.7563) -- C:\Windows\system32\nvapi64.dll ---------- | Svchost.exe component call (Microsoft Files Whitelisted) (.Creative Technology Ltd..-.Audio Processing Object Chaining Module.) - (1.0.0.270) -- C:\Windows\system32\MBWrp64.dll (.Creative Technology Ltd..-.Creative Audio Processing Object Module.) - (1.2.16.115) -- C:\Windows\system32\MBAPO264.dll (.Realtek Semiconductor Corp..-.Realtek(r) LFX/GFX DSP component.) - (11.0.6000.526) -- C:\Windows\system32\RltkAPO64.dll (.Apple Inc..-.Bonjour Namespace Provider.) - (3.1.0.1) -- C:\Program Files\Bonjour\mdnsNSP.dll ---------- | ZeroAccess Check [HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\shell32.dll [HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll [HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\shell32.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll ---------- | Startings up Sidebar - (%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [HKU\S-1-5-19\...\Run]) - User: AUTORITE NT\SERVICE LOCAL Sidebar - (%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [HKU\S-1-5-20\...\Run]) - User: AUTORITE NT\SERVICE RÉSEAU ShadowPlay - ("C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart [HKLM\...\Run]) - User: Public RTHDVCPL - ("C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s [HKLM\...\Run]) - User: Public ISCT Tray - (C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe [HKLM\...\Run]) - User: Public IAStorIcon - ("C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60 [HKLM\...\Run]) - User: Public SamsungRapidApp - (C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe [HKLM\...\Run]) - User: Public iTunesHelper - ("C:\Program Files\iTunes\iTunesHelper.exe" [HKLM\...\Run]) - User: Public [HKU\S-1-5-21-632178411-2394207594-2140285815-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"=C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_162_Plugin.exe -update plugin [HKU\S-1-5-21-632178411-2394207594-2140285815-1000\Software\Microsoft\Command Processor] "CompletionChar"=9 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=9 [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "ShadowPlay"="C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s "ISCT Tray"=C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe [25/08/2014 16:01:14] "IAStorIcon"="C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60 "SamsungRapidApp"=C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe [04/09/2015 12:08:04] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [HKLM\Software\Microsoft\Command Processor] "CompletionChar"=64 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=64 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] "A6210"=C:\Program Files (x86)\NETGEAR\A6210\A6210.EXE [14/07/2016 11:30:00] "Super Charger"=C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe [29/09/2016 07:07:44] "Live Update"=C:\Program Files (x86)\MSI\Live Update\Live Update.exe /REMINDER "USB3MON"="C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [HKLM\Software\WOW6432Node\Microsoft\Command Processor] "CompletionChar"=64 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=64 ---------- | Startings up registry ¦ Folder ---------- | Other keys [HKLM\System\CurrentControlSet\Control\SecurityProviders] "SecurityProviders"=credssp.dll [HKLM\System\CurrentControlSet\Control\Terminal Server] "RCDependentServices"=CertPropSvc SessionEnv "NotificationTimeOut"=0 "SnapshotMonitors"=1 "ProductVersion"=5.1 "AllowRemoteRPC"=0 "DelayConMgrTimeout"=0 "fDenyTSConnections"=1 "StartRCM"=0 "TSAdvertise"=0 "DeleteTempDirsOnExit"=1 "fSingleSessionPerUser"=1 "PerSessionTempDir"=0 "TSUserEnabled"=0 "InstanceID"=bca6bac0-b025-4e47-be85-d31afc2 "RailShowallNotifyIcons"=1 "RDPVGCInstalled"=1 "fCredentialLessLogonSupported"=1 "fCredentialLessLogonSupportedTSS"=1 "fCredentialLessLogonSupportedKMRDP"=1 [HKLM\System\CurrentControlSet\Control\Session Manager] "CriticalSectionTimeout"=2592000 "GlobalFlag"=0 "HeapDeCommitFreeBlockThreshold"=0 "HeapDeCommitTotalFreeThreshold"=0 "HeapSegmentCommit"=0 "HeapSegmentReserve"=0 "ProcessorControl"=2 "ResourceTimeoutCount"=648000 "BootExecute"=autocheck autochk * "ExcludeFromKnownDlls"= "ObjectDirectories"=\Windows \RPC Control "ProtectionMode"=1 "NumberOfInitialSessions"=2 "SetupExecute"= "PendingFileRenameOperations"=\??\C:\Windows\system32\SET23A0.tmp \??\C:\Windows\system32\SET2B43.tmp \??\C:\Windows\system32\SET2F90.tmp \??\C:\Windows\system32\SET309B.tmp \??\C:\Windows\SysWow64\SET310E.tmp \??\C:\Windows\SysWow64\SET372B.tmp \??\C:\Windows\SysWow64\SET3CEF.tmp \??\C:\Users\Damien\AppData\Local\Temp\~nsuA.tmp\Au_.exe \??\C:\Users\Damien\AppData\Local\Temp\~nsuA.tmp \??\C:\Users\Damien\AppData\Local\Temp\INS_f4c16a5d.TMP [HKLM\System\CurrentControlSet\Control] "PreshutdownOrder"=wuauserv gpsvc trustedinstaller "WaitToKillServiceTimeout"=200 "CurrentUser"=USERNAME "BootDriverFlags"=0 "ServiceControlManagerExtension"=%systemroot%\system32\scext.dll "SystemStartOptions"= NOEXECUTE=OPTIN "SystemBootDevice"=multi(0)disk(0)rdisk(1)partition(1) "FirmwareBootDevice"=multi(0)disk(0)rdisk(0)partition(1) "ServicesPipeTimeout"=60000 [HKLM\System\CurrentControlSet\Control\lsa] "auditbaseobjects"=0 "auditbasedirectories"=0 "crashonauditfail"=0 "fullprivilegeauditing"=0x00 "Bounds"=0x0030000000200000 "LimitBlankPasswordUse"=1 "NoLmHash"=1 "Notification Packages"=scecli "Security Packages"=kerberos msv1_0 schannel wdigest tspkg pku2u "Authentication Packages"=msv1_0 "LsaPid"=700 "SecureBoot"=1 "ProductType"=1 "disabledomaincreds"=0 "everyoneincludesanonymous"=0 "forceguest"=0 "restrictanonymous"=0 "restrictanonymoussam"=1 ---------- | .LNK C:\Users\Damien\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk (/SendTo) C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk (/name Microsoft.EaseOfAccessCenter) C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Orbx\Uninstall FTX Global Base Pack.lnk ("/U:D:\Program Files (x86)\Lockheed Martin\Prepar3D v3\\ORBX\Uninstall\uninstall.xml") C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SimObject Display Engine\Uninstall SODE.lnk (/x {8A713E65-F1E6-4E63-832F-BCA60401E9AA}) C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk (/name Microsoft.DefaultPrograms) C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk (startmenu) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk (/showgadgets) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk (/prefetch:1) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk (/open) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk (-SpeechUX) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk (/res) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk (/s) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk (/s) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk (/s) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk (/s) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk (/s) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk (/s) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk (-NoExit -ImportSystemModules) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aerosoft\Airbus A318-A319 - PREPAR3D V3.x\Documentation.lnk ("D:\Program Files (x86)\Lockheed Martin\Prepar3D v3\Aerosoft\Airbus A318_A319\Documentation") C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aerosoft\Airbus A320-A321 - PREPAR3D V3.x\Documentation.lnk ("D:\Program Files (x86)\Lockheed Martin\Prepar3D v3\Aerosoft\Airbus A320_A321\Documentation") C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aerosoft\Professional Flight Planner X\Support-Files.lnk ("C:\aerosoft\Professional Flight Planner X\SupportFiles") C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aerosoft\Professional Flight Planner X\UninstallProfessional Flight Planner X.lnk (-runfromtemp -l0x0007 -uninst -removeonly) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Start Google Earth in OpenGL mode.lnk ( -setOGL) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IVAO\IvAp - IVAO Virtual Pilot Client v2\IvAp v2 - External.lnk ("C:\Program Files (x86)\IVAO\IvAp v2\ivap_fsx.dll") C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IVAO\IvAp - IVAO Virtual Pilot Client v2\MTL\Hide all Aircraft.lnk (--hidden) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IVAO\IvAp - IVAO Virtual Pilot Client v2\MTL\Show all Aircraft.lnk (--show) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk (/name Microsoft.BackupAndRestore) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\3D Vision preview pack 1.lnk (/show) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\Disable 3D Vision.lnk (/disable) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\Enable 3D Vision.lnk (/enable) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SimMarket\Digital Design Salzburg P3Dv3\Repair Digital Design Salzburg P3Dv3.lnk (/SILENT) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SimMarket\JetStream Designs LFML X 2013\Repair JetStream Designs LFML X 2013.lnk (/SILENT) ---------- | AppCertDlls | AppInit_DLLs ---------- | Dnsapi.dll C:\Windows\System32\dnsapi.dll -> OK : \drivers\etc\hosts C:\Windows\SysWOW64\dnsapi.dll -> OK : \drivers\etc\hosts ---------- | Policies | Registry [HKU\S-1-5-21-632178411-2394207594-2140285815-1000\Control Panel\Desktop] "ScreenSaveActive"=1 "ActiveWndTrackTimeout"=0 "BlockSendInputResets"=0 "CaretWidth"=1 "ClickLockTime"=1200 "CoolSwitchColumns"=7 "CoolSwitchRows"=3 "CursorBlinkRate"=530 "DockMoving"=1 "DragFromMaximize"=1 "DragFullWindows"=1 "DragHeight"=4 "DragWidth"=4 "FocusBorderHeight"=1 "FocusBorderWidth"=1 "FontSmoothing"=2 "FontSmoothingGamma"=0 "FontSmoothingOrientation"=1 "FontSmoothingType"=2 "ForegroundFlashCount"=7 "ForegroundLockTimeout"=0 "LeftOverlapChars"=3 "MenuShowDelay"=400 "PaintDesktopVersion"=0 "Pattern"=0 "RightOverlapChars"=3 "SnapSizing"=1 "TileWallpaper"=0 "WallpaperOriginX"=0 "WallpaperOriginY"=0 "WallpaperStyle"=10 "WheelScrollChars"=3 "WheelScrollLines"=3 "WindowArrangementActive"=1 "UserPreferencesMask"=0x9E3E078012000000 "Wallpaper"=C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg [29/09/2016 06:13:02] "WaitToKillAppTimeout"=200 [HKU\S-1-5-21-632178411-2394207594-2140285815-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDriveTypeAutoRun"=145 [HKU\S-1-5-21-632178411-2394207594-2140285815-1000\Software\Microsoft\Windows\CurrentVersion\Explorer] "ExplorerStartupTraceRecorded"=1 "ShellState"=0x240000003028000000000000000000000000000001000000120000000000000022000000 "CleanShutdown"=0 "link"=0x18000000 "Browse For Folder Width"=347 "Browse For Folder Height"=326 [HKU\S-1-5-21-632178411-2394207594-2140285815-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_SearchFiles"=2 "ServerAdminUI"=0 "Hidden"=1 "ShowCompColor"=1 "HideFileExt"=1 "DontPrettyPath"=0 "ShowInfoTip"=1 "HideIcons"=0 "MapNetDrvBtn"=0 "WebView"=1 "Filter"=0 "SuperHidden"=0 "SeparateProcess"=0 "AutoCheckSelect"=0 "IconsOnly"=0 "ShowTypeOverlay"=1 "ListviewAlphaSelect"=1 "ListviewShadow"=1 "TaskbarAnimations"=1 "StartMenuInit"=4 "TaskbarSizeMove"=0 "DisablePreviewDesktop"=0 "TaskbarSmallIcons"=0 "TaskbarGlomLevel"=0 "ShowSuperHidden"=0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableInstallerDetection"=1 "EnableLUA"=0 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableVirtualization"=1 "PromptOnSecureDesktop"=1 "ValidateAdminCodeSignatures"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "FilterAdministratorToken"=0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "ForceActiveDesktopOn"=0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoAddingComponents"=1 "NoComponents"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "CheckedValue"=1 "ValueName"=Hidden "DefaultValue"=2 "HKeyRoot"=2147483649 "HelpID"=shell.hlp#51105 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer] "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "BrowserCFCreator"={57f8510b-a5e2-41da-a8f0-8a5ae85dfffd} "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "IconUnderline"=2 "GlobalAssocChangedCounter"=95 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "TaskbarSizeMove"=0 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableInstallerDetection"=1 "EnableLUA"=0 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableVirtualization"=1 "PromptOnSecureDesktop"=1 "ValidateAdminCodeSignatures"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "FilterAdministratorToken"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "ForceActiveDesktopOn"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoAddingComponents"=1 "NoComponents"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "CheckedValue"=1 "ValueName"=Hidden "DefaultValue"=2 "HKeyRoot"=2147483649 "HelpID"=shell.hlp#51105 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer] "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "BrowserCFCreator"={57f8510b-a5e2-41da-a8f0-8a5ae85dfffd} "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "IconUnderline"=2 "GlobalAssocChangedCounter"=173 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "TaskbarSizeMove"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s ---------- | Winlogon [HKU\S-1-5-21-632178411-2394207594-2140285815-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin "BuildNumber"=7601 "FirstLogon"=0 "ParseAutoexec"=1 [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "ReportBootOk"=1 "Shell"=explorer.exe "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "Userinit"=C:\Windows\system32\userinit.exe, "VMApplet"=SystemPropertiesPerformance.exe /pagefile "AutoRestartShell"=1 "Background"=0 0 0 "CachedLogonsCount"=10 "DebugServerCommand"=no "ForceUnlockLogon"=0 "LegalNoticeCaption"= "LegalNoticeText"= "PasswordExpiryWarning"=5 "PowerdownAfterShutdown"=0 "ShutdownWithoutLogon"=0 "WinStationsDisabled"=0 "DisableCAD"=1 "scremoveoption"=0 "ShutdownFlags"=43 [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon] "ReportBootOk"=1 "Shell"=explorer.exe "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "DefaultDomainName"= "DefaultUserName"= "Userinit"=C:\Windows\system32\userinit.exe, "VMApplet"=SystemPropertiesPerformance.exe /pagefile ---------- | Associations [HKLM\Software\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\Classes\.com] ""=comfile [HKLM\Software\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.reg] ""=regfile [HKLM\Software\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\Classes\.scr] ""=scrfile [HKLM\Software\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\Classes\.bat] ""=batfile [HKLM\Software\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.cmd] ""=cmdfile [HKLM\Software\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.pif] ""=piffile [HKLM\Software\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.inf] ""=inffile [HKLM\Software\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\Classes\.url] ""=InternetShortcut [HKLM\Software\Classes\.lnk] ""=lnkfile [HKLM\Software\Classes\InternetShortcut] "NeverShowExt"= "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "EditFlags"=2 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "FriendlyTypeName"=@C:\Windows\System32\ieframe.dll,-10046 "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment [HKLM\Software\Classes\Application.Manifest] ""=Application Manifest "EditFlags"=65536 "BrowserFlags"=4096 "FriendlyTypeName"=@dfshim.dll,-200 [HKLM\Software\Classes\Application.Reference] "NeverShowExt"= ""=Application Reference "IsShortcut"= "EditFlags"=131072 "FriendlyTypeName"=@dfshim.dll,-201 [HKLM\Software\Classes\Folder] "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeLayoutPatternForSearch"=alpha "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay ""=Folder "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.ItemTypeText [HKLM\Software\WOW6432Node\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\WOW6432Node\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\WOW6432Node\Classes\.com] ""=comfile [HKLM\Software\WOW6432Node\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.reg] ""=regfile [HKLM\Software\WOW6432Node\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\WOW6432Node\Classes\.scr] ""=scrfile [HKLM\Software\WOW6432Node\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\WOW6432Node\Classes\.bat] ""=batfile [HKLM\Software\WOW6432Node\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.cmd] ""=cmdfile [HKLM\Software\WOW6432Node\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.pif] ""=piffile [HKLM\Software\WOW6432Node\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.inf] ""=inffile [HKLM\Software\WOW6432Node\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\WOW6432Node\Classes\.url] ""=InternetShortcut [HKLM\Software\WOW6432Node\Classes\.lnk] ""=lnkfile [HKLM\Software\WOW6432Node\Classes\InternetShortcut] "NeverShowExt"= "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "EditFlags"=2 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "FriendlyTypeName"=@C:\Windows\System32\ieframe.dll,-10046 "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment [HKLM\Software\WOW6432Node\Classes\Application.Manifest] ""=Application Manifest "EditFlags"=65536 "BrowserFlags"=4096 "FriendlyTypeName"=@dfshim.dll,-200 [HKLM\Software\WOW6432Node\Classes\Application.Reference] "NeverShowExt"= ""=Application Reference "IsShortcut"= "EditFlags"=131072 "FriendlyTypeName"=@dfshim.dll,-201 [HKLM\Software\WOW6432Node\Classes\Folder] "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeLayoutPatternForSearch"=alpha "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay ""=Folder "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.ItemTypeText [HKLM\Software\Clients\StartMenuInternet\FIREFOX.EXE\Shell\open\Command] ""="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [HKLM\Software\Clients\StartMenuInternet\FIREFOX.EXE\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""=C:\Program Files\Internet Explorer\iexplore.exe [29/09/2016 22:43:45] [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\FIREFOX.EXE\Shell\open\Command] ""="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\FIREFOX.EXE\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""=C:\Program Files\Internet Explorer\iexplore.exe [29/09/2016 22:43:45] [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall ---------- | AppcompatFlags [HKU\S-1-5-21-632178411-2394207594-2140285815-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted] "SIGN.MEDIA=2A2BFDD DVDSetup.exe"=1 "F:\P3D et addons\FSX-P3D-FSX SE - Orbx - FTX Global openLC North America\OrbxFTXopenLCNA110.exe"=1 "F:\P3D et addons\FSX-P3D-FSX SE - FSDreamTeam - Pack Aeroports\FSDT-KLAS\Install_FSDT-KLAS.exe"=1 "F:\P3D et addons\FSX-P3D-FSX SE - FSDreamTeam - Pack Aeroports\FSDT-KLAXv2\Install_FSDT-KLAXv2.exe"=1 "F:\P3D et addons\ActiveSky2016_P3D_Install.exe"=1 "F:\P3D et addons\ActiveSky2016_P3D_Update.exe"=1 "F:\P3D et addons\JUSTSIM_LFMN_FSXP3D.exe"=1 "C:\Users\Damien\Downloads\rexinstaller.exe"=1 "C:\Users\Damien\Downloads\rexinstaller(1).exe"=1 "F:\telechargement\[FSX][P3D] EZDok Camera v1.18.7\EZCA-Setup-1.15.exe"=1 "D:\Program Files (x86)\Lockheed Martin\Prepar3D v3\ORBX\uninstall.exe"=1 "C:\Program Files (x86)\PMDG Operations Center\OpsCenterUpdater.exe"=1 "F:\P3D et addons\gsx_fsx_setup.exe"=1 "F:\P3D et addons\FSX-P3D - FlightSimSoft - Professional Flight Planner X v.1.28\AS_PFPX_V128.exe"=1 "F:\P3D et addons\FlyTampa Integral Pack FSX\FlyTampa - Buffalo v1.0\FlyTampa_Buffalo_FSX_10.exe"=1 "F:\telechargement\USA\FSX (P3D)\Sacramento\AS_SACRAMENTO-AIRPORT_FSX-P3DV2-P3DV3-FSXSTEAM_V101.exe"=1 "F:\telechargement\USA\FSX (P3D)\Daytona Beach (FSX-P3D)\AS_DAYTONA-BEACH-X_FSX-P3D-FSXSTEAM_V110.exe"=1 "F:\telechargement\USA\FSX (P3D)\US Cities X Series\Boston (FSX-P3D)\Setup.exe"=1 "C:\Users\Damien\Downloads\SteamSetup.exe"=1 "F:\telechargement\USA\FSX (P3D)\US Cities X Series\Chicago\AS_USCITIESX-CHICAGO_FSX_V100.exe"=1 "F:\telechargement\USA\FSX (P3D)\US Cities X Series\Detroit (FSX-P3D)\AS_USCITIESX-DETROIT_FSX-FSXSTEAM-P3D_V101.exe"=1 "F:\telechargement\USA\FSX (P3D)\US Cities X Series\Los Angeles (FSX-P3D)\US Cities X Los Angeles v100 FSX.exe"=1 "F:\telechargement\USA\FSX (P3D)\US Cities X Series\New Orleans\US Cities X - New Orleans.exe"=1 "F:\telechargement\USA\FSX (P3D)\US Cities X Series\San Francisco\Aerosoft - US Cities X - San Francisco 1.00.exe"=1 "F:\telechargement\USA\FSX (P3D)\Anchorage\AS_ANCHORAGE-X_V100.exe"=1 "F:\telechargement\USA\FSX (P3D)\US Cities X Series\Cleveland\AS_USCitiesX-Cleveland_FSX_V100.exe"=1 "F:\P3D et addons\FlyTampa Integral Pack FSX\FlyTampa - Chicago Midway v2.0\FlyTampa_Midway_FSX_20.exe"=1 "F:\P3D et addons\[FSX-P3D] ImagineSim - KATL Atlanta\ImagineSim KATL 2016 P3D\1. Installer\ImagineSim_KATL_P3D_2016_DEMO.exe"=1 "F:\telechargement\FSX-P3D-FSX SE - FlightBeam - Pack Airports\FlightBeam - Washington Dulles Intl Airport v1.3\Installv1.2_FB-KIAD1.3.exe"=1 "F:\P3D et addons\Tropicalsim\FSX\!!!18 Airports PACK!!!\TSIM-18AIRPORTS-FSX.exe"=1 "F:\telechargement\FSX-P3D-FSX SE - FlightBeam - Pack Airports\FlightBeam - Denver Internation Airport v1.2\Installv1.2_FB-KDEN1.2.exe"=1 "F:\P3D et addons\FSX-P3D-FSX SE - FSDreamTeam - Pack Aeroports\FSDT-JFKv2\Install_FSDT-JFKv2.exe"=1 "F:\telechargement\Malwarebytes Anti-Malware Premium 2.2.0.1024 Final\mbam-setup-2.2.0.1024.exe"=1 "C:\Users\Damien\Downloads\trjsetup694.exe"=1 "C:\Users\Damien\Downloads\mbam-setup-web.NT-2.2.1.1043.exe"=1 "C:\Users\Damien\Downloads\kss16.0.0.1344mlg_10007.exe"=1 "F:\telechargement\CCleaner.Professional+Business+Technician.v5.22+Portable\ccsetup522.exe"=1 "C:\Users\Damien\Downloads\mbam-setup-2.2.1.1043.exe"=1 "C:\Users\Damien\Downloads\mbam-setup-2.2.1.1043(1).exe"=1 "F:\P3D et addons\FSX-P3D-FSX SE - FSDreamTeam - Pack Aeroports\FSDT-PHNL\Install_FSDT-PHNL.exe"=1 "C:\Users\Damien\Downloads\mbam-setup-2.2.1.1043(2).exe"=1 "C:\Users\Damien\Downloads\FSX & P3D - Hawaii Photoreal Vol. 1 - Oahu v.0.97 Setup.exe"=1 "F:\P3D et addons\FSX-P3D - Digital Design - LOWS Salzburg W.A. Mozart\Setup.exe"=1 "F:\P3D et addons\Aerosoft\FSX-P3D-FSX SE - Aaerosoft - Mega Airport Frankfurt v2.08\AS_MEGA-AIRPORT-FRANKFURT-V2_FSX-P3D-FSXSTEAM_V208.exe"=1 "F:\P3D et addons\lfml sim market\JETSTREAM_DESIGN_LFML_X_2013.exe"=1 "F:\telechargement\FSX-P3D-FSX SE - Aerosoft - La Palma X v1.01\AS_LA-PALMA-X_FSX-P3D-FSXSTEAM_V101.exe"=1 "SIGN.MEDIA=DD8C371 Utility\MSI\Gaming APP\Gaming APP.exe"=1 "C:\Users\Damien\Downloads\TeamSpeak3-Client-win64-3.0.19.4.exe"=1 "C:\Program Files (x86)\IVAO\IvAp v2\mtl.exe"=1 "C:\Users\Damien\Downloads\speedfan_4-52_en_11074.exe"=1 "C:\Users\Damien\AppData\Local\Temp\0ee2aa55-40c0-44c6-942e-e125ac77142b\setup.exe"=1 "C:\ProgramData\Origin\SelfUpdate\Staged\OriginThinSetupInternal.exe"=1 "C:\Users\Damien\Downloads\Core-Temp-setup.exe"=1 "C:\Users\Damien\Downloads\gputemp_setup.exe"=1 ---------- | IFEO ---------- | Mountpoints2 [HKU\S-1-5-21-632178411-2394207594-2140285815-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{4d6b32ce-85fa-11e6-8ce1-806e6f6e6963}] : G:\DVDSetup.exe (AutoRun) ---------- | Windows [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "SwapMouseButtons"=#USR:Control Panel\Mouse "Beep"=#USR:Control Panel\Sound "DoubleClickSpeed"=#USR:Control Panel\Mouse "CoolSwitch"=USR:Control Panel\Desktop "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse ""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows "Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf] ""=@SYS:DoesNotExist [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "SwapMouseButtons"=#USR:Control Panel\Mouse "Beep"=#USR:Control Panel\Sound "DoubleClickSpeed"=#USR:Control Panel\Mouse "CoolSwitch"=USR:Control Panel\Desktop "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems] "windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ---------- | Security center [HKLM\SOFTWARE\Microsoft\Security Center] "cval"=1 [HKLM\SOFTWARE\Microsoft\Security Center\svc] "VistaSp1"=128920218544262440 "AntiVirusOverride"=0 "AntiSpywareOverride"=0 "FirewallOverride"=0 [HKLM\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=0 "DisableRoutinelyTakingAction"=1 "ProductStatus"=0 "InstallTime"=0x6B6EEF49081AD201 [HKLM\Software\WOW6432Node\Microsoft\Windows Defender] "DisableAntiSpyware"=0 "DisableRoutinelyTakingAction"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall"=1 ---------- | Safeboot [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] ---------- | Winsock (Whitelist) ---------- | Hosts # Fichier Hosts créé par RstHosts 127.0.0.1 localhost ::1 localhost ---------- | @ [HKU\S-1-5-21-632178411-2394207594-2140285815-1000\Software\Microsoft\Internet Explorer\Main] "Disable Script Debugger"=yes "Anchor Underline"=yes "Cache_Update_Frequency"=Once_Per_Session "Display Inline Images"=yes "Do404Search"=0x01000000 "Local Page"=C:\Windows\system32\blank.htm "Save_Session_History_On_Exit"=no "Show_FullURL"=no "Show_StatusBar"=yes "Show_ToolBar"=yes "Show_URLinStatusBar"=yes "Show_URLToolBar"=yes "Use_DlgBox_Colors"=yes "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "XMLHTTP"=1 "NoUpdateCheck"=1 "UseClearType"=no "Enable Browser Extensions"=yes "Play_Background_Sounds"=yes "Play_Animations"=yes "Start Page"=http://www.google.fr/ "CompatibilityFlags"=0 "FullScreen"=no "Window_Placement"=0x2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF2700000027000000D7040000CA020000 "Start Page Redirect Cache"=http://www.msn.com/fr-fr/?ocid=iehp "Start Page Redirect Cache_TIMESTAMP"=0x13D49E810A1AD201 "Start Page Redirect Cache AcceptLangs"=fr "IE8RunOnceLastShown"=1 "IE8RunOnceLastShown_TIMESTAMP"=0x38B9C8830A1AD201 "IE8TourShown"=1 "IE8TourShownTime"=0x5B69F9840A1AD201 "Use FormSuggest"=yes "NotifyDownloadComplete"=yes "DisableScriptDebuggerIE"=yes "OperationalData"=5 "ImageStoreRandomFolder"=vqju76u "IE10RunOnceLastShown"=1 "IE10RunOnceLastShown_TIMESTAMP"=0xFF39CBA7652CD201 "IE10TourShown"=1 "IE10TourShownTime"=0xCE376F8E9B1AD201 [HKU\S-1-5-21-632178411-2394207594-2140285815-1000\Software\Microsoft\Windows\CurrentVersion\Internet settings] "IE5_UA_Backup_Flag"=5.0 "User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32) "EmailName"=User@ "PrivDiscUiShown"=1 "EnableHttp1_1"=1 "WarnOnIntranet"=1 "MimeExclusionListForCache"=multipart/mixed multipart/x-mixed-replace multipart/x-byteranges "AutoConfigProxy"=wininet.dll "UseSchannelDirectly"=0x01000000 "WarnOnPost"=0x01000000 "UrlEncoding"=0 "SecureProtocols"=2688 "PrivacyAdvanced"=0 "ZonesSecurityUpgrade"=0xFF1C00FB961AD201 "DisableCachingOfSSLPages"=0 "WarnonZoneCrossing"=0 "CertificateRevocation"=1 "EnableNegotiate"=1 "MigrateProxy"=1 "ProxyEnable"=0 [HKLM\Software\Microsoft\Internet Explorer\Main] "AutoHide"=yes "Security Risk Page"=about:SecurityRisk "Extensions Off Page"=about:NoAdd-ons "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Anchor_Visitation_Horizon"=0x01000000 "Cache_Percent_of_Disk"=0x0A000000 "Placeholder_Width"=0x1A000000 "Placeholder_Height"=0x1A000000 "Default_Secondary_Page_URL"= "Use_Async_DNS"=yes "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Local Page"=C:\Windows\System32\blank.htm "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [HKLM\Software\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "InPrivate"=res://ieframe.dll/inprivate_win7.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "Home"=270 "PostNotCached"=res://ieframe.dll/repost.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes] "mosaic"=http:// "www"=http:// "home"=http:// "ftp"=ftp:// [HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings] "EnablePunycode"=1 "CodeBaseSearchPath"=CODEBASE "WarnOnIntranet"=1 "MinorVersion"=0 "ActiveXCache"=C:\Windows\Downloaded Program Files [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Main] "AutoHide"=yes "Security Risk Page"=about:SecurityRisk "Extensions Off Page"=about:NoAdd-ons "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Anchor_Visitation_Horizon"=0x01000000 "Cache_Percent_of_Disk"=0x0A000000 "Placeholder_Width"=0x1A000000 "Placeholder_Height"=0x1A000000 "Default_Secondary_Page_URL"= "Use_Async_DNS"=yes "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Local Page"=C:\Windows\SysWOW64\blank.htm "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "Check_Associations"=yes "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "InPrivate"=res://ieframe.dll/inprivate_win7.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "Home"=270 "PostNotCached"=res://ieframe.dll/repost.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes] "mosaic"=http:// "www"=http:// "home"=http:// "ftp"=ftp:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet settings] "EnablePunycode"=1 "CodeBaseSearchPath"=CODEBASE "WarnOnIntranet"=1 "MinorVersion"=0 "ActiveXCache"=C:\Windows\Downloaded Program Files ---------- | reparsepoint ---------- | Detection of offsets ---------- | Notify ---------- | SSODL | SEH | URLSH | STS ---------- | Toolbar [HKU\S-1-5-21-632178411-2394207594-2140285815-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "Locked"=1 [HKU\S-1-5-21-632178411-2394207594-2140285815-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} "DownloadRetries"=0 [HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"=Panda Safe Web [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} ---------- | Extensions ---------- | SearchScopes [HKU\S-1-5-21-632178411-2394207594-2140285815-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (Bing) - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : ---------- | Browser Helper Objects ---------- | Chrome ---------- | Opera ---------- | Firefox C:\Users\Damien\AppData\Roaming\Mozilla\Firefox\Profiles\kefx2svl.default\Extensions\jid1-4P0kohSJxU1qGg@jetpack : : Hola Better Internet - : https://hola.org C:\Users\Damien\AppData\Roaming\Mozilla\Firefox\Profiles\kefx2svl.default\Extensions\firefox@mega.co.nz.xpi C:\Users\Damien\AppData\Roaming\Mozilla\Firefox\Profiles\kefx2svl.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer] - (Adobe® Flash® Player 23.0.0.162 Plugin) : C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@adobe.com/FlashPlayer] - (Adobe® Flash® Player 23.0.0.162 Plugin) : C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin] - (Google Earth in your browser) : C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56] - (Intel IPT WebApi plugin) : C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater] - (This plugin updates Intel WebAPI component) : C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@nvidia.com/3DVision] - (NVIDIA stereo images plugin for Mozilla browsers) : C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming] - (NVIDIA 3D Vision Streaming plugin for Mozilla browsers) : C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll C:\Users\Damien\AppData\Roaming\Mozilla\Firefox\Profiles\kefx2svl.default\Prefs.js user_pref("browser.startup.homepage", "www.google.fr"); user_pref("browser.startup.homepage_override.buildID", "20160922113459"); user_pref("browser.startup.homepage_override.mstone", "49.0.1"); user_pref("extensions.adblockplus.currentVersion", "2.7.3"); user_pref("extensions.adblockplus.notificationdata", "{\"lastCheck\":1477418752568,\"softExpiration\":1477478657298,\"hardExpiration\":1477573814322,\"data\":{\"notifications\":[],\"version\":\"201610251309\"},\"lastError\":0,\"downloadStatus\":\"synchronize_ok\",\"downloadCount\":21,\"shown\":[\"antiadblock\"]}"); user_pref("extensions.blocklist.pingCountTotal", 23); user_pref("extensions.blocklist.pingCountVersion", 23); user_pref("extensions.bootstrappedAddons", "{\"{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\":{\"version\":\"2.7.3\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\Damien\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\kefx2svl.default\\\\extensions\\\\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi\",\"multiprocessCompatible\":true,\"runInSafeMode\":false},\"e10srollout@mozilla.org\":{\"version\":\"1.3\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\Damien\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\kefx2svl.default\\\\features\\\\{af4e8ad1-21a8-4d0b-8057-639ebf4c2afe}\\\\e10srollout@mozilla.org.xpi\",\"multiprocessCompatible\":false,\"runInSafeMode\":true},\"firefox@getpocket.com\":{\"version\":\"1.0.4\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\firefox@getpocket.com.xpi\",\"multiprocessCompatible\":false,\"runInSafeMode\":true},\"webcompat@mozilla.org\":{\"version\":\"1.0\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\webcompat@mozilla.org.xpi\",\"multiprocessCompatible\":false,\"runInSafeMode\":true},\"firefox@mega.co.nz\":{\"version\":\"3.6.4\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\Damien\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\kefx2svl.default\\\\extensions\\\\firefox@mega.co.nz.xpi\",\"multiprocessCompatible\":false,\"runInSafeMode\":false},\"jid1-4P0kohSJxU1qGg@jetpack\":{\"version\":\"1.17.263\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\Damien\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\kefx2svl.default\\\\extensions\\\\jid1-4P0kohSJxU1qGg@jetpack\",\"multiprocessCompatible\":false,\"runInSafeMode\":false}}"); user_pref("extensions.checkCompatibility.49.0.1", false); user_pref("extensions.databaseSchema", 17); user_pref("extensions.e10s.rollout.hasAddon", true); user_pref("extensions.e10s.rollout.policy", "49a"); user_pref("extensions.e10sBlockedByAddons", true); user_pref("extensions.enabledAddons", "%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:49.0.1"); user_pref("extensions.getAddons.cache.lastUpdate", 1477401315); user_pref("extensions.getAddons.databaseSchema", 5); user_pref("extensions.hotfix.lastVersion", "20160826.01"); user_pref("extensions.jid1-4P0kohSJxU1qGg@jetpack.sdk.baseURI", "resource://jid1-4p0kohsjxu1qgg-at-jetpack/"); user_pref("extensions.jid1-4P0kohSJxU1qGg@jetpack.sdk.console.logLevel", "warn"); user_pref("extensions.jid1-4P0kohSJxU1qGg@jetpack.sdk.domain", "jid1-4p0kohsjxu1qgg-at-jetpack"); user_pref("extensions.jid1-4P0kohSJxU1qGg@jetpack.sdk.load.reason", "startup"); user_pref("extensions.jid1-4P0kohSJxU1qGg@jetpack.sdk.rootURI", "file:///C:/Users/Damien/AppData/Roaming/Mozilla/Firefox/Profiles/kefx2svl.default/extensions/jid1-4P0kohSJxU1qGg@jetpack/"); user_pref("extensions.jid1-4P0kohSJxU1qGg@jetpack.sdk.version", "1.17.263"); user_pref("extensions.lastAppVersion", "49.0.1"); user_pref("extensions.lastPlatformVersion", "49.0.1"); user_pref("extensions.mega.askdir", false); user_pref("extensions.mega.dir", "C:\\Users\\Damien\\Desktop"); user_pref("extensions.mega.notifydl", true); user_pref("extensions.mega.version", "3.6.4"); user_pref("extensions.pendingOperations", false); user_pref("extensions.systemAddonSet", "{\"schema\":1,\"directory\":\"{af4e8ad1-21a8-4d0b-8057-639ebf4c2afe}\",\"addons\":{\"e10srollout@mozilla.org\":{\"version\":\"1.3\"}}}"); user_pref("extensions.ui.dictionary.hidden", true); user_pref("extensions.ui.experiment.hidden", true); user_pref("extensions.ui.lastCategory", "addons://discover/"); user_pref("extensions.ui.locale.hidden", true); user_pref("extensions.webshieldlite.installtime", "1476442887"); user_pref("extensions.webshieldlite.server", "https://s674.secureweb24.net"); user_pref("extensions.webshieldlite.src", "674"); user_pref("extensions.webshieldlite.user_id", "laPxqRoFSwquLV"); user_pref("extensions.xpiState", "{\"app-profile\":{\"firefox@mega.co.nz\":{\"d\":\"C:\\\\Users\\\\Damien\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\kefx2svl.default\\\\extensions\\\\firefox@mega.co.nz.xpi\",\"e\":true,\"v\":\"3.6.4\",\"st\":1477003527560},\"jid1-4P0kohSJxU1qGg@jetpack\":{\"d\":\"C:\\\\Users\\\\Damien\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\kefx2svl.default\\\\extensions\\\\jid1-4P0kohSJxU1qGg@jetpack\",\"e\":true,\"v\":\"1.17.263\",\"st\":1477393061400,\"mt\":1477393059682},\"{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\":{\"d\":\"C:\\\\Users\\\\Damien\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\kefx2svl.default\\\\extensions\\\\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi\",\"e\":true,\"v\":\"2.7.3\",\"st\":1475123824145}},\"app-system-addons\":{\"e10srollout@mozilla.org\":{\"d\":\"C:\\\\Users\\\\Damien\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\kefx2svl.default\\\\features\\\\{af4e8ad1-21a8-4d0b-8057-639ebf4c2afe}\\\\e10srollout@mozilla.org.xpi\",\"e\":true,\"v\":\"1.3\",\"st\":1475124399871}},\"app-system-defaults\":{\"e10srollout@mozilla.org\":{\"d\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\e10srollout@mozilla.org.xpi\",\"e\":false,\"v\":\"1.2\",\"st\":1474591843918},\"firefox@getpocket.com\":{\"d\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\firefox@getpocket.com.xpi\",\"e\":true,\"v\":\"1.0.4\",\"st\":1474591843954},\"webcompat@mozilla.org\":{\"d\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\webcompat@mozilla.org.xpi\",\"e\":true,\"v\":\"1.0\",\"st\":1474591843955}},\"app-global\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"d\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi\",\"e\":false,\"v\":\"49.0.1\",\"st\":1474591843917}}}"); ---------- | Active Connections TCP 127.0.0.1:5354 Damien-PC:49155 ESTABLISHED 1536 TCP 127.0.0.1:5354 Damien-PC:49156 ESTABLISHED 1536 TCP 127.0.0.1:27015 Damien-PC:49159 ESTABLISHED 1480 TCP 127.0.0.1:49155 Damien-PC:5354 ESTABLISHED 1480 TCP 127.0.0.1:49156 Damien-PC:5354 ESTABLISHED 1480 TCP 127.0.0.1:49159 Damien-PC:27015 ESTABLISHED 2360 TCP 127.0.0.1:49164 Damien-PC:59307 ESTABLISHED 3256 TCP 127.0.0.1:59307 Damien-PC:49164 ESTABLISHED 3116 TCP 127.0.0.1:62970 Damien-PC:62971 ESTABLISHED 3648 TCP 127.0.0.1:62971 Damien-PC:62970 ESTABLISHED 3648 TCP 127.0.0.1:65025 Damien-PC:65026 ESTABLISHED 6536 TCP 127.0.0.1:65026 Damien-PC:65025 ESTABLISHED 6536 TCP 192.168.1.11:57594 ec2-52-71-229-131.compute-1.amazonaws.com:http ESTABLISHED 3188 TCP 192.168.1.11:62530 ec2-54-165-45-110.compute-1.amazonaws.com:5222 ESTABLISHED 3188 TCP 192.168.1.11:62968 ec2-54-172-15-217.compute-1.amazonaws.com:https ESTABLISHED 3188 TCP 192.168.1.11:62969 ec2-54-225-215-74.compute-1.amazonaws.com:https ESTABLISHED 3188 TCP 192.168.1.11:62972 par10s28-in-f3.1e100.net:http TIME_WAIT 0 TCP 192.168.1.11:62974 par10s28-in-f3.1e100.net:https ESTABLISHED 3648 TCP 192.168.1.11:62978 par03s14-in-f14.1e100.net:http ESTABLISHED 3648 TCP 192.168.1.11:62979 par03s14-in-f14.1e100.net:http ESTABLISHED 3648 TCP 192.168.1.11:62983 par03s13-in-f8.1e100.net:https ESTABLISHED 3648 TCP 192.168.1.11:62992 par03s14-in-f3.1e100.net:https ESTABLISHED 3648 TCP 192.168.1.11:62993 par10s27-in-f3.1e100.net:https ESTABLISHED 3648 TCP 192.168.1.11:62998 par10s28-in-f4.1e100.net:https ESTABLISHED 3648 TCP 192.168.1.11:63003 par03s14-in-f14.1e100.net:https ESTABLISHED 3648 TCP 192.168.1.11:63004 par10s27-in-f14.1e100.net:https ESTABLISHED 3648 TCP 192.168.1.11:63005 par03s14-in-f14.1e100.net:https ESTABLISHED 3648 TCP 192.168.1.11:63006 par03s14-in-f14.1e100.net:https ESTABLISHED 3648 TCP 192.168.1.11:63007 par10s29-in-f14.1e100.net:https ESTABLISHED 3648 TCP 192.168.1.11:63010 198.41.215.68:https ESTABLISHED 3648 TCP 192.168.1.11:63015 wk-in-f157.1e100.net:https ESTABLISHED 3648 TCP 192.168.1.11:63020 par10s29-in-f13.1e100.net:https ESTABLISHED 3648 TCP 192.168.1.11:63063 ec2-52-89-80-240.us-west-2.compute.amazonaws.com:https TIME_WAIT 0 TCP 192.168.1.11:63066 ec2-52-89-80-240.us-west-2.compute.amazonaws.com:https TIME_WAIT 0 TCP 192.168.1.11:63106 ns3047581.ip-37-59-33.eu:https ESTABLISHED 3648 TCP 192.168.1.11:63111 server-54-240-186-18.mad50.r.cloudfront.net:http TIME_WAIT 0 TCP 192.168.1.11:63114 xx-fbcdn-shv-01-cdg2.fbcdn.net:https ESTABLISHED 3648 TCP 192.168.1.11:63116 2.22.112.91:http TIME_WAIT 0 TCP 192.168.1.11:63118 par10s29-in-f8.1e100.net:http TIME_WAIT 0 TCP 192.168.1.11:63122 server-54-240-186-68.mad50.r.cloudfront.net:http TIME_WAIT 0 TCP 192.168.1.11:63123 server-54-240-186-68.mad50.r.cloudfront.net:http TIME_WAIT 0 TCP 192.168.1.11:63126 edge-star-mini-shv-01-mad1.facebook.com:https ESTABLISHED 3648 TCP 192.168.1.11:63155 ns524901.ip-158-69-240.net:https ESTABLISHED 3648 TCP 192.168.1.11:63158 par10s28-in-f3.1e100.net:https ESTABLISHED 3648 TCP 192.168.1.11:63161 server-54-240-186-193.mad50.r.cloudfront.net:https TIME_WAIT 0 TCP 192.168.1.11:63232 par10s27-in-f10.1e100.net:https ESTABLISHED 3648 TCP 192.168.1.11:63250 wn-in-f95.1e100.net:https ESTABLISHED 3648 TCP 192.168.1.11:63266 a104-89-40-81.deploy.static.akamaitechnologies.com:https ESTABLISHED 3648 TCP 192.168.1.11:63268 a104-124-193-221.deploy.static.akamaitechnologies.com:https ESTABLISHED 3648 TCP 192.168.1.11:63739 wb-in-f132.1e100.net:https ESTABLISHED 3648 TCP 192.168.1.11:63740 iad23s42-in-f99.1e100.net:https ESTABLISHED 3648 TCP 192.168.1.11:63831 par10s28-in-f14.1e100.net:https ESTABLISHED 3648 TCP 192.168.1.11:63898 par10s22-in-f2.1e100.net:https ESTABLISHED 3648 TCP 192.168.1.11:63901 par10s22-in-f2.1e100.net:https ESTABLISHED 3648 TCP 192.168.1.11:63920 par10s27-in-f1.1e100.net:https ESTABLISHED 3648 TCP 192.168.1.11:63982 ns3047581.ip-37-59-33.eu:http TIME_WAIT 0 TCP 192.168.1.11:64013 wb-in-f136.1e100.net:https ESTABLISHED 3648 TCP 192.168.1.11:64434 195-154-146-117.rev.poneytelecom.eu:http ESTABLISHED 3648 TCP 192.168.1.11:64465 195-154-146-117.rev.poneytelecom.eu:http ESTABLISHED 3648 TCP 192.168.1.11:64466 195-154-146-117.rev.poneytelecom.eu:http ESTABLISHED 3648 TCP 192.168.1.11:64467 195-154-146-117.rev.poneytelecom.eu:http ESTABLISHED 3648 TCP 192.168.1.11:64468 195-154-146-117.rev.poneytelecom.eu:http TIME_WAIT 0 TCP 192.168.1.11:64470 static.criteo.net:http ESTABLISHED 3648 TCP 192.168.1.11:64471 198.41.214.68:http TIME_WAIT 0 TCP 192.168.1.11:64472 static.criteo.net:http TIME_WAIT 0 TCP 192.168.1.11:64473 ns3047581.ip-37-59-33.eu:http TIME_WAIT 0 TCP 192.168.1.11:64474 cas.criteo.com:http ESTABLISHED 3648 TCP 192.168.1.11:64504 am5.service.criteo.net:http ESTABLISHED 3648 TCP 192.168.1.11:64505 am5.service.criteo.net:http ESTABLISHED 3648 TCP 192.168.1.11:64506 am5.service.criteo.net:http ESTABLISHED 3648 TCP 192.168.1.11:64508 am5.service.criteo.net:http ESTABLISHED 3648 TCP 192.168.1.11:64543 not.updated.oxalide.net:http TIME_WAIT 0 TCP 192.168.1.11:64574 ns3047581.ip-37-59-33.eu:http TIME_WAIT 0 TCP 192.168.1.11:64905 ns3047581.ip-37-59-33.eu:http TIME_WAIT 0 TCP 192.168.1.11:65063 edge-star-shv-01-cdg2.facebook.com:https ESTABLISHED 3648 ---------- | DNS [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters] "DhcpNameServer"=192.168.1.1 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{1788DCF5-F786-4118-995F-5DA87E68454D}] "DhcpNameServer"=172.20.10.1 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{A4030826-7AC8-44A3-80CE-DC817D06BE15}] "DhcpNameServer"=192.168.1.1 [HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{1788DCF5-F786-4118-995F-5DA87E68454D}] "DhcpNameServer"=172.20.10.1 [HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{A4030826-7AC8-44A3-80CE-DC817D06BE15}] "DhcpNameServer"=192.168.1.1 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{1788DCF5-F786-4118-995F-5DA87E68454D}] "DhcpNameServer"=172.20.10.1 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A4030826-7AC8-44A3-80CE-DC817D06BE15}] "DhcpNameServer"=192.168.1.1 ---------- | Applications [HKU\S-1-5-21-632178411-2394207594-2140285815-1000\SOFTWARE\Classes\Applications\uTorrent.exe] : "C:\Program Files (x86)\uTorrent\uTorrent.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\ehshell.exe] : "C:\Windows\eHome\ehshell.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\iexplore.exe" %1 [HKLM\SOFTWARE\Classes\Applications\iTunes.exe] : "C:\Program Files\iTunes\iTunes.exe" /open "%L" [HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1 [HKLM\SOFTWARE\Classes\Applications\WinRAR.exe] : "C:\Program Files\WinRAR\WinRAR.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\ehshell.exe] : "C:\Windows\eHome\ehshell.exe" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\iexplore.exe" %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iTunes.exe] : "C:\Program Files\iTunes\iTunes.exe" /open "%L" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\WinRAR.exe] : "C:\Program Files\WinRAR\WinRAR.exe" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" ---------- | Svchost - Netsvcs (Whitelisted) Term - : ---------- | Software [HKU\S-1-5-21-632178411-2394207594-2140285815-1000\Software\12bPilot] [HKU\S-1-5-21-632178411-2394207594-2140285815-1000\Software\973119610B84366E254A120A470A5803] [HKU\S-1-5-21-632178411-2394207594-2140285815-1000\Software\AppDataLow] [HKU\S-1-5-21-632178411-2394207594-2140285815-1000\Software\Apple Computer, Inc.] [HKU\S-1-5-21-632178411-2394207594-2140285815-1000\Software\Apple Inc.] [HKU\S-1-5-21-632178411-2394207594-2140285815-1000\Software\Bitdefender] [HKU\S-1-5-21-632178411-2394207594-2140285815-1000\Software\BitTorrent] [HKU\S-1-5-21-632178411-2394207594-2140285815-1000\Software\Clients] [HKU\S-1-5-21-632178411-2394207594-2140285815-1000\Software\dlr] [HKU\S-1-5-21-632178411-2394207594-2140285815-1000\Software\Electronic Arts] [HKU\S-1-5-21-632178411-2394207594-2140285815-1000\Software\eSellerate] [HKU\S-1-5-21-632178411-2394207594-2140285815-1000\Software\FLEXlm License Manager] [HKU\S-1-5-21-632178411-2394207594-2140285815-1000\Software\FlightBeam] [HKU\S-1-5-21-632178411-2394207594-2140285815-1000\Software\FlightSimSoft.com] [HKU\S-1-5-21-632178411-2394207594-2140285815-1000\Software\FSDreamTeam] [HKU\S-1-5-21-632178411-2394207594-2140285815-1000\Software\g3n-h@ckm@n] [HKU\S-1-5-21-632178411-2394207594-2140285815-1000\Software\Google] [HKU\S-1-5-21-632178411-2394207594-2140285815-1000\Software\HiFi] [HKU\S-1-5-21-632178411-2394207594-2140285815-1000\Software\IDS Scenery Manager] [HKU\S-1-5-21-632178411-2394207594-2140285815-1000\Software\Intel] [HKU\S-1-5-21-632178411-2394207594-2140285815-1000\Software\KasperskyLab] [HKU\S-1-5-21-632178411-2394207594-2140285815-1000\Software\Licenses] [HKU\S-1-5-21-632178411-2394207594-2140285815-1000\Software\Lockheed Martin] [HKU\S-1-5-21-632178411-2394207594-2140285815-1000\Software\LockheedMartin] [HKU\S-1-5-21-632178411-2394207594-2140285815-1000\Software\Macromedia] [HKU\S-1-5-21-632178411-2394207594-2140285815-1000\Software\Microsoft] [HKU\S-1-5-21-632178411-2394207594-2140285815-1000\Software\Mozilla] [HKU\S-1-5-21-632178411-2394207594-2140285815-1000\Software\MSI] [HKU\S-1-5-21-632178411-2394207594-2140285815-1000\Software\NVIDIA Corporation] [HKU\S-1-5-21-632178411-2394207594-2140285815-1000\Software\OldProp Solutions Inc.] [HKU\S-1-5-21-632178411-2394207594-2140285815-1000\Software\Piriform] [HKU\S-1-5-21-632178411-2394207594-2140285815-1000\Software\Policies] [HKU\S-1-5-21-632178411-2394207594-2140285815-1000\Software\PopWnd] [HKU\S-1-5-21-632178411-2394207594-2140285815-1000\Software\QtProject] [HKU\S-1-5-21-632178411-2394207594-2140285815-1000\Software\RealismShaderPack] [HKU\S-1-5-21-632178411-2394207594-2140285815-1000\Software\Realtek] [HKU\S-1-5-21-632178411-2394207594-2140285815-1000\Software\REX Game Studios] [HKU\S-1-5-21-632178411-2394207594-2140285815-1000\Software\SpeedFan] [HKU\S-1-5-21-632178411-2394207594-2140285815-1000\Software\sysinternals] [HKU\S-1-5-21-632178411-2394207594-2140285815-1000\Software\The Silicon Realms Toolworks] [HKU\S-1-5-21-632178411-2394207594-2140285815-1000\Software\Trolltech] [HKU\S-1-5-21-632178411-2394207594-2140285815-1000\Software\UpgSvr] [HKU\S-1-5-21-632178411-2394207594-2140285815-1000\Software\Valve] [HKU\S-1-5-21-632178411-2394207594-2140285815-1000\Software\VB and VBA Program Settings] [HKU\S-1-5-21-632178411-2394207594-2140285815-1000\Software\VirtualDJ] [HKU\S-1-5-21-632178411-2394207594-2140285815-1000\Software\WinRAR] [HKU\S-1-5-21-632178411-2394207594-2140285815-1000\Software\WinRAR SFX] [HKU\S-1-5-21-632178411-2394207594-2140285815-1000\Software\Wow6432Node] [HKU\S-1-5-21-632178411-2394207594-2140285815-1000\Software\{B2CB09FF-2453-4f85-9F40-21C05BE4CBA8}] [HKU\S-1-5-21-632178411-2394207594-2140285815-1000\SOFTWARE\AppDataLow\Software\Microsoft] [HKU\S-1-5-21-632178411-2394207594-2140285815-1000\Software\Microsoft\Windows\CurrentVersion] [HKU\S-1-5-21-632178411-2394207594-2140285815-1000\Software\Microsoft\Windows\DWM] [HKU\S-1-5-21-632178411-2394207594-2140285815-1000\Software\Microsoft\Windows\Shell] [HKU\S-1-5-21-632178411-2394207594-2140285815-1000\Software\Microsoft\Windows\TabletPC] [HKU\S-1-5-21-632178411-2394207594-2140285815-1000\Software\Microsoft\Windows\Windows Error Reporting] [HKU\S-1-5-21-632178411-2394207594-2140285815-1000\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\Ada2] [HKLM\Software\AGEIA Technologies] [HKLM\Software\Apple Computer, Inc.] [HKLM\Software\Apple Inc.] [HKLM\Software\ATI Technologies] [HKLM\Software\CBSTEST] [HKLM\Software\Class] [HKLM\Software\Clients] [HKLM\Software\EA Games] [HKLM\Software\Fortemedia] [HKLM\Software\g3n-h@ckm@n] [HKLM\Software\geusqo] [HKLM\Software\Intel] [HKLM\Software\Khronos] [HKLM\Software\Macromedia] [HKLM\Software\Microsoft] [HKLM\Software\Mozilla] [HKLM\Software\MozillaPlugins] [HKLM\Software\MSI] [HKLM\Software\Nuance] [HKLM\Software\NVIDIA Corporation] [HKLM\Software\ODBC] [HKLM\Software\panda_url_filtering] [HKLM\Software\Piriform] [HKLM\Software\Policies] [HKLM\Software\Realtek] [HKLM\Software\RegisteredApplications] [HKLM\Software\Sonic] [HKLM\Software\SRS Labs] [HKLM\Software\sysinternals] [HKLM\Software\TeamSpeak 3 Client] [HKLM\Software\Waves Audio] [HKLM\Software\WinRAR] [HKLM\Software\Wow6432Node] [HKLM\Software\RAPID] [HKLM\Software\Microsoft\Windows\CurrentVersion] [HKLM\Software\Microsoft\Windows\HTML Help] [HKLM\Software\Microsoft\Windows\ITStorage] [HKLM\Software\Microsoft\Windows\ScheduledDiagnostics] [HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\Microsoft\Windows\Tablet PC] [HKLM\Software\Microsoft\Windows\TabletPC] [HKLM\Software\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\Microsoft\Windows\Windows Search] [HKLM\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\AxInstSVGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wcssvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport] [HKLM\Software\WOW6432Node\12bPilot] [HKLM\Software\WOW6432Node\973119610B84366E254A120A470A5803] [HKLM\Software\WOW6432Node\Ada2] [HKLM\Software\WOW6432Node\Aerosoft] [HKLM\Software\WOW6432Node\AGEIA Technologies] [HKLM\Software\WOW6432Node\Apple Inc.] [HKLM\Software\WOW6432Node\Caphyon] [HKLM\Software\WOW6432Node\EA Games] [HKLM\Software\WOW6432Node\eSellerate] [HKLM\Software\WOW6432Node\EZCA2] [HKLM\Software\WOW6432Node\Florenc] [HKLM\Software\WOW6432Node\FlyTampa] [HKLM\Software\WOW6432Node\geusqo] [HKLM\Software\WOW6432Node\Google] [HKLM\Software\WOW6432Node\HiFi] [HKLM\Software\WOW6432Node\Intel] [HKLM\Software\WOW6432Node\IObit] [HKLM\Software\WOW6432Node\KasperskyLab] [HKLM\Software\WOW6432Node\Khronos] [HKLM\Software\WOW6432Node\Licenses] [HKLM\Software\WOW6432Node\Lockheed Martin] [HKLM\Software\WOW6432Node\LockheedMartin] [HKLM\Software\WOW6432Node\Macromedia] [HKLM\Software\WOW6432Node\Macrovision] [HKLM\Software\WOW6432Node\Malwarebytes' Anti-Malware] [HKLM\Software\WOW6432Node\Microsoft] [HKLM\Software\WOW6432Node\Mozilla] [HKLM\Software\WOW6432Node\mozilla.org] [HKLM\Software\WOW6432Node\MozillaPlugin] [HKLM\Software\WOW6432Node\MozillaPlugins] [HKLM\Software\WOW6432Node\MSI] [HKLM\Software\WOW6432Node\NETGEAR] [HKLM\Software\WOW6432Node\Nuance] [HKLM\Software\WOW6432Node\NVIDIA Corporation] [HKLM\Software\WOW6432Node\ODBC] [HKLM\Software\WOW6432Node\OldProp Solutions Inc.] [HKLM\Software\WOW6432Node\Origin] [HKLM\Software\WOW6432Node\Origin Games] [HKLM\Software\WOW6432Node\Overwolf] [HKLM\Software\WOW6432Node\Panda Software] [HKLM\Software\WOW6432Node\pandasecuritytb] [HKLM\Software\WOW6432Node\PMDG Simulations, LLC.] [HKLM\Software\WOW6432Node\Realtek] [HKLM\Software\WOW6432Node\Realtek Semiconductor Corp.] [HKLM\Software\WOW6432Node\Samsung] [HKLM\Software\WOW6432Node\Samsung Magician] [HKLM\Software\WOW6432Node\SpeedFan] [HKLM\Software\WOW6432Node\The FlightSim Store] [HKLM\Software\WOW6432Node\Valve] [HKLM\Software\WOW6432Node\VirtualDJ] [HKLM\Software\WOW6432Node\VistaMareSoftware] [HKLM\Software\WOW6432Node\Clients] [HKLM\Software\WOW6432Node\Policies] [HKLM\Software\WOW6432Node\RegisteredApplications] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows\HTML Help] [HKLM\Software\WOW6432Node\Microsoft\Windows\ITStorage] [HKLM\Software\WOW6432Node\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Search] [HKLM\Software\WOW6432Node\Microsoft\Windows\Tablet PC] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\wcssvc] ---------- | Drives G: [12/08/2009 05:16:40] - |R| - (.Copyright (C) 2008 - CDriver_dll DLL.) - [98304] - (1.0.0.1) - G:\CDriver_dll.dll [02/03/2010 07:21:22] - |R| - (.Copyright (C) 2002 - Turbo Dynamic Linked Library.) - [352256] - (1.0.0.1) - G:\TurboDLLD.dll [17/08/2015 04:19:14] - |R| - (.-.) - [216064] - (0.0.0.0) - G:\gcapi_dll.dll [17/08/2015 04:20:48] - |R| - (.-.) - [12800] - (0.0.0.0) - G:\gdapi.dll [17/08/2015 04:21:54] - |R| - (.-.) - [73408] - (0.0.0.0) - G:\gtapi_signed.dll [17/08/2015 04:22:00] - |R| - (.-.) - [81088] - (0.0.0.0) - G:\gtapi_signed64.dll [17/06/2015 10:34:06] - |R| - (.Copyright c 2015 Micro-Star INT'L CO.,LTD. - DVDChangeDisc.) - [3583952] - (1.0.0.3) - G:\DVDChangeDisc.exe [20/04/2016 12:00:31] - |R| - (.Copyright (c) 2015 Micro-Star INT'L CO., LTD. - DVDSetup Application.) - [4143032] - (4.0.0.10) - G:\DVDSetup.exe [10/09/2015 07:55:23] - |R| - (.Copyright © 2015 Micro-Star INT'L CO.,LTD. - MSIRegister Setup .) - [2684656] - (1.0.0.7) - G:\MSIRegister.exe [11/10/2013 08:02:14] - |R| - (.-.) - [270336] - (0.0.0.0) - G:\SCEWIN.exe [11/10/2013 08:02:14] - |R| - (.-.) - [349696] - (0.0.0.0) - G:\SCEWIN_64.exe [31/12/2010 05:04:12] - |R| - (.© Microsoft Corporation. - Windows Setup API.) - [83296] - (6.0.6000.16386) - G:\devcon.exe [31/12/2010 05:07:02] - |R| - (.© Microsoft Corporation. - Windows Setup API.) - [86880] - (6.0.6000.16386) - G:\devcon64.exe [01/09/2010 10:11:42] - |R| - (.-.) - [49] - (0.0.0.0) - G:\AUTORUN.INF F: [29/09/2016 07:42:39] - |A| - (.-.) - [4347904] - (0.0.0.0) - F:\WDSync.exe D: ---------- | C: [14/07/2009 05:18:56] - |SHD| - [129] - C:\$Recycle.Bin [25/10/2016 02:26:29] - |D| - [1111349] - C:\AdwCleaner [30/09/2016 03:58:13] - |D| - [104643429] - C:\Aerosoft [14/07/2009 07:08:56] - |SHD| - [0] - C:\Documents and Settings [29/09/2016 07:10:30] - |D| - [99571] - C:\Intel [29/09/2016 07:07:44] - |D| - [510552352] - C:\MSI [MD5.D41D8CD98F00B204E9800998ECF8427E] - [29/09/2016 06:08:09] - |ASH| - (.-.) - [209715200] - (0.0.0.0) - C:\pagefile.sys [14/07/2009 05:20:08] - |D| - [0] - C:\PerfLogs [14/07/2009 05:20:08] - |RD| - [2833484053] - C:\Program Files [14/07/2009 05:20:08] - |RD| - [54456007368] - C:\Program Files (x86) [14/07/2009 05:20:08] - |HD| - [23917415764] - C:\ProgramData [25/10/2016 20:06:11] - |D| - [262057] - C:\QuickDiag [MD5.044EA9F65F35B58E11814BF89C5B7F60] - [25/10/2016 20:06:26] - |A| - (.-.) - [122611] - (0.0.0.0) - C:\QuickDiag.txt [29/09/2016 06:12:57] - |SHD| - [174130820] - C:\Recovery [30/09/2016 01:06:49] - |D| - [87417644] - C:\REX Soft Clouds [30/09/2016 00:56:56] - |D| - [18054040299] - C:\REX Texture Direct [29/09/2016 06:08:09] - |SHD| - [0] - C:\System Volume Information [14/07/2009 05:20:08] - |RD| - [28051756763] - C:\Users [14/07/2009 05:20:08] - |D| - [21930717875] - C:\Windows ---------- | C:\Windows [MD5.D2A2D69173654899705C88EEE378A5B2] - [29/09/2016 07:08:48] - |A| - (.© Microsoft Corporation. - Resource only DLL containing MOF for ASL code.) - [11248] - (6.1.7600.16385) - C:\Windows\acpimof.dll [14/07/2009 07:32:38] - |D| - [802] - C:\Windows\addins [14/07/2009 05:20:08] - |D| - [45462] - C:\Windows\AppCompat [14/07/2009 05:20:08] - |D| - [10977814] - C:\Windows\AppPatch [14/07/2009 05:20:08] - |RSD| - [1452139929] - C:\Windows\assembly [MD5.317CD1CE327B6520BF4EE007BCD39E61] - [21/11/2010 05:24:22] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Utilitaire de service de fichier de démarrage.) - [71168] - (6.1.7601.17514) - C:\Windows\bfsvc.exe [12/04/2011 11:27:59] - |SHD| - [553227] - C:\Windows\BitLockerDiscoveryVolumeContents [14/07/2009 05:20:09] - |D| - [29062678] - C:\Windows\Boot [MD5.F8B8FFA11B19738B700BE99DD6FF61A6] - [14/07/2009 07:38:36] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\Windows\bootstat.dat [14/07/2009 05:20:09] - |D| - [3233280] - C:\Windows\Branding [MD5.CBF97F5B493AF1E3309F08D34BF26338] - [29/09/2016 23:42:56] - |SH| - (.-.) - [61] - (0.0.0.0) - C:\Windows\cnerolf.bin [12/04/2011 11:27:59] - |D| - [0] - C:\Windows\CSC [14/07/2009 05:20:09] - |D| - [2113488] - C:\Windows\Cursors [14/07/2009 06:45:54] - |D| - [230] - C:\Windows\debug [14/07/2009 07:32:38] - |D| - [3046207] - C:\Windows\diagnostics [14/07/2009 07:37:46] - |D| - [0] - C:\Windows\DigitalLocker [29/09/2016 06:15:30] - |D| - [34467854] - C:\Windows\Downloaded Installations [14/07/2009 07:32:38] - |D| - [65] - C:\Windows\Downloaded Program Files [MD5.11CEC7630E9F4AFCBD2C904B73D71349] - [13/10/2016 23:32:04] - |A| - (.-.) - [1970665] - (0.0.0.0) - C:\Windows\edf7f82cc372d8edce762f6ec20ab7c8.exe [12/04/2011 11:28:00] - |D| - [118084593] - C:\Windows\ehome [14/07/2009 07:37:46] - |D| - [0] - C:\Windows\en-US [MD5.AC4C51EB24AA95B77F705AB159189E24] - [21/11/2010 05:24:11] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [2872320] - (6.1.7601.17514) - C:\Windows\explorer.exe [14/07/2009 05:20:09] - |RSD| - [355085311] - C:\Windows\Fonts [12/04/2011 11:16:36] - |D| - [142336] - C:\Windows\fr-FR [MD5.92BB2E9AA28542C685C59EFCBAC2490B] - [14/07/2009 01:22:13] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Utilitaire de service de chiffrement de lecteur BitLocker.) - [15360] - (6.1.7600.16385) - C:\Windows\fveupdate.exe [14/07/2009 05:20:09] - |D| - [21741460] - C:\Windows\Globalization [14/07/2009 05:20:09] - |D| - [111709583] - C:\Windows\Help [MD5.CD47548A52B02D254BF6D7F7A5F2BFD3] - [14/07/2009 02:29:53] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Aide et support Microsoft.) - [733696] - (6.1.7600.16385) - C:\Windows\HelpPane.exe [MD5.3D0B9EA79BF1F828324447D84AA9DCE2] - [14/07/2009 02:29:03] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Exécutable de l’aide HTML Microsoft®.) - [16896] - (6.1.7600.16385) - C:\Windows\hh.exe [14/07/2009 05:20:09] - |D| - [143547244] - C:\Windows\IME [14/07/2009 05:20:10] - |D| - [131238114] - C:\Windows\inf [29/09/2016 06:15:30] - |SHD| - [831694489] - C:\Windows\Installer [29/09/2016 07:23:39] - |D| - [0] - C:\Windows\IObit [14/07/2009 05:20:10] - |D| - [48371] - C:\Windows\L2Schemas [25/10/2016 15:10:21] - |D| - [302630384] - C:\Windows\LastGood [14/07/2009 05:20:10] - |D| - [0] - C:\Windows\LiveKernelReports [14/07/2009 05:20:10] - |D| - [62791838] - C:\Windows\Logs [14/07/2009 05:20:10] - |RSD| - [13327133] - C:\Windows\Media [MD5.23AF90D2355D8C83AA4567EF1763B467] - [14/07/2009 02:10:29] - |A| - (.-.) - [43131] - (0.0.0.0) - C:\Windows\mib.bin [14/07/2009 05:20:10] - |D| - [984714944] - C:\Windows\Microsoft.NET [29/09/2016 10:43:15] - |D| - [2179] - C:\Windows\Migration [29/09/2016 09:53:09] - |D| - [0] - C:\Windows\Minidump [14/07/2009 05:20:10] - |D| - [0] - C:\Windows\ModemLogs [MD5.B9FB94A8DA62711C6955825DEFB25C5A] - [14/07/2009 04:35:42] - |A| - (.-.) - [1405] - (0.0.0.0) - C:\Windows\msdfmap.ini [MD5.B32189BDFF6E577A92BAA61AD49264E6] - [29/09/2016 21:54:22] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Bloc-notes.) - [193536] - (6.1.7601.18917) - C:\Windows\notepad.exe [MD5.74F28574BB8F61FFC7DD419FE6B6E0D5] - [29/09/2016 06:40:52] - |A| - (.-.) - [1951] - (0.0.0.0) - C:\Windows\NvContainerRecovery.bat [14/07/2009 07:32:38] - |D| - [65] - C:\Windows\Offline Web Pages [29/09/2016 07:06:53] - |D| - [1060411] - C:\Windows\Panther [14/07/2009 07:32:38] - |D| - [62499994] - C:\Windows\Performance [MD5.79D58299A4E7C08D2E2AC500BF4EF77C] - [22/10/2016 15:04:38] - |A| - (.-.) - [1068] - (0.0.0.0) - C:\Windows\PFRO.log [14/07/2009 05:20:10] - |D| - [1124149] - C:\Windows\PLA [14/07/2009 05:20:10] - |D| - [5766542] - C:\Windows\PolicyDefinitions [29/09/2016 06:08:15] - |D| - [0] - C:\Windows\Prefetch [MD5.2E2C937846A0B8789E5E91739284D17A] - [14/07/2009 01:27:10] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Éditeur du Registre.) - [427008] - (6.1.7600.16385) - C:\Windows\regedit.exe [14/07/2009 05:20:10] - |D| - [22588] - C:\Windows\Registration [12/04/2011 11:27:59] - |D| - [0] - C:\Windows\RemotePackages [14/07/2009 05:20:10] - |D| - [12546804] - C:\Windows\rescache [14/07/2009 05:20:10] - |D| - [1674534] - C:\Windows\Resources [MD5.51254CE041C5D011944C3E11D5A00608] - [29/09/2016 07:08:06] - |A| - (.Copyright (C) 2016 Realtek Semiconductor Corp. - RtlExUpd DLL for setup utility function.) - [2838232] - (1.0.6.8) - C:\Windows\RtlExUpd.dll [14/07/2009 05:20:10] - |D| - [0] - C:\Windows\SchCache [14/07/2009 05:20:10] - |D| - [55533] - C:\Windows\schemas [14/07/2009 05:20:10] - |D| - [5282874] - C:\Windows\security [14/07/2009 06:45:47] - |D| - [44304042] - C:\Windows\ServiceProfiles [14/07/2009 05:20:10] - |D| - [65514476] - C:\Windows\servicing [14/07/2009 06:45:50] - |D| - [42] - C:\Windows\Setup [MD5.97207A4D6C9249442A8F3FFD62777D9F] - [22/10/2016 15:04:42] - |A| - (.-.) - [5731] - (0.0.0.0) - C:\Windows\setupact.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - [22/10/2016 15:04:42] - |A| - (.-.) - [0] - (0.0.0.0) - C:\Windows\setuperr.log [12/04/2011 11:28:00] - |D| - [4544] - C:\Windows\ShellNew [29/09/2016 06:12:56] - |D| - [1109293141] - C:\Windows\SoftwareDistribution [14/07/2009 05:20:10] - |D| - [70579144] - C:\Windows\Speech [MD5.D01628AF9F7FB3F415B357D446FBE6D9] - [21/11/2010 05:24:16] - |A| - (.© Microsoft Corporation. - Print driver host for 32bit applications.) - [67072] - (6.1.7601.17514) - C:\Windows\splwow64.exe [MD5.9060C3C745E7B2D8E1A81DD061021546] - [14/07/2009 07:28:38] - |A| - (.-.) - [48201] - (0.0.0.0) - C:\Windows\Starter.xml [14/07/2009 05:20:10] - |D| - [0] - C:\Windows\system [MD5.286A9EDB379DC3423A528B0864A0F111] - [14/07/2009 04:34:57] - |A| - (.-.) - [219] - (0.0.0.0) - C:\Windows\system.ini [14/07/2009 05:20:10] - |D| - [4763820580] - C:\Windows\System32 [14/07/2009 05:20:14] - |D| - [1445818723] - C:\Windows\SysWOW64 [14/07/2009 05:20:14] - |D| - [15] - C:\Windows\TAPI [14/07/2009 05:20:14] - |D| - [30786] - C:\Windows\Tasks [14/07/2009 05:20:14] - |D| - [9673038] - C:\Windows\Temp [14/07/2009 05:20:14] - |D| - [0] - C:\Windows\tracing [MD5.0BEA3F79A36B1F67B2CE0F595524C77C] - [10/06/2009 23:41:17] - |A| - (.- Twain Source Manager (Image Acquisition Interface).) - [94784] - (1.7.0.0) - C:\Windows\twain.dll [14/07/2009 07:32:38] - |D| - [6144] - C:\Windows\twain_32 [MD5.163A95975E1D8819E653AA3E961371CA] - [21/11/2010 05:25:10] - |A| - (.- Gestionnaire de sources Twain_32 (Image Acquisition Interface).) - [51200] - (1.7.1.3) - C:\Windows\twain_32.dll [MD5.F36A271706EDD23C94956AFB56981184] - [14/07/2009 00:47:26] - |A| - (.- Twain_32.dll Client's 16-Bit Thunking Server.) - [49680] - (1.7.0.0) - C:\Windows\twunk_16.exe [MD5.0BD6E68F3EA0DD62CD86283D86895381] - [14/07/2009 02:14:40] - |A| - (.- Twain.dll Client's 32-Bit Thunking Server.) - [31232] - (1.7.1.0) - C:\Windows\twunk_32.exe [MD5.BE9ABBA239905C914B050195978E4D02] - [12/04/2011 11:28:44] - |A| - (.-.) - [51867] - (0.0.0.0) - C:\Windows\Ultimate.xml [14/07/2009 05:20:14] - |D| - [12420] - C:\Windows\Vss [14/07/2009 05:20:14] - |D| - [40681427] - C:\Windows\Web [MD5.162904DAA5412143F5403233E77F787E] - [14/07/2009 04:34:57] - |A| - (.-.) - [403] - (0.0.0.0) - C:\Windows\win.ini [MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - [14/07/2009 06:54:24] - |RAH| - (.-.) - [749] - (0.0.0.0) - C:\Windows\WindowsShell.Manifest [MD5.BABD5F9A23515F7AC9DF523788FB4DE3] - [18/10/2016 14:23:41] - |A| - (.-.) - [395245] - (0.0.0.0) - C:\Windows\WindowsUpdate.log [MD5.1D420D66250BCAAAED05724FB34008CF] - [14/07/2009 02:12:29] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Relais Windows Winhlp32.) - [9728] - (6.1.7600.16385) - C:\Windows\winhlp32.exe [14/07/2009 05:20:14] - |D| - [9668148524] - C:\Windows\winsxs [MD5.DC17DD0189B0C36D863B4DD0A036C10F] - [10/06/2009 22:52:44] - |A| - (.-.) - [316640] - (0.0.0.0) - C:\Windows\WMSysPr9.prx [MD5.F8ED3B4B209E2CB49028E36CF06CA851] - [14/07/2009 01:56:28] - |A| - (.© Microsoft Corporation. - Windows Write.) - [10240] - (6.1.7600.16385) - C:\Windows\write.exe ---------- | Systemroot\System ---------- | Systemroot\Installer (Microsoft Files Whitelisted) [22/07/2016 16:13:32] - C:\Windows\Installer\155dce3.msi : (Test file in a Product - 12bPilot) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [14/09/2016 23:27:55] - C:\Windows\Installer\168821.msi : (Prepar3D v3 Content - Lockheed Martin) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [15/09/2016 00:01:51] - C:\Windows\Installer\168828.msi : (Prepar3D v3 Scenery - Lockheed Martin) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2014 12:13:16] - C:\Windows\Installer\19291.msi : (Intel Smart Connect Technology enables your computer to periodically wake from sleep to keep your content fresh - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [14/07/2015 13:51:48] - C:\Windows\Installer\22a61.msi : (Intel(R) Chipset Device Software - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [29/09/2016 06:15:30] - C:\Windows\Installer\2a509.msi : (Blank Project Template - Macrovision Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [14/10/2016 00:06:23] - C:\Windows\Installer\34ca925.msi : (REX 4 - Texture Direct - SP6 Hotfix 4 - REX Game Studios, LLC.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [14/10/2016 00:09:52] - C:\Windows\Installer\34ca931.msi : (REX Soft Clouds SP3 - Hotfix 34 - REX Game Studios, LLC.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [21/09/2015 02:39:22] - C:\Windows\Installer\39cf86.msi : (REX 4 - Texture Direct with Service Pack 5 - REX Game Studios, LLC.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/09/2016 01:00:33] - C:\Windows\Installer\39cf8e.msi : (REX 4 - Texture Direct - SP5 - Hotfix 1 - REX Game Studios, LLC.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/09/2016 01:02:10] - C:\Windows\Installer\39cf95.msi : (REX 4 - Texture Direct - SP6 - REX Game Studios, LLC.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/09/2016 01:02:57] - C:\Windows\Installer\39cf9a.msi : (REX 4 - Texture Direct - SP6 Hotfix 1 - REX Game Studios, LLC.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/09/2016 01:04:06] - C:\Windows\Installer\39d061.msi : (REX 4 - Texture Direct - SP6 Hotfix 2 - REX Game Studios, LLC.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/09/2016 01:04:55] - C:\Windows\Installer\39d06a.msi : (REX 4 - Texture Direct - SP6 Hotfix 3 - REX Game Studios, LLC.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [20/09/2015 03:27:12] - C:\Windows\Installer\39d06e.msi : (REX Soft Clouds SP2 - REX Game Studios, LLC.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/09/2016 01:07:51] - C:\Windows\Installer\39d076.msi : (REX Soft Clouds - SP2 - Hotfix 1 - REX Game Studios, LLC.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/09/2016 01:09:46] - C:\Windows\Installer\39d07c.msi : (REX Soft Clouds - SP3 - REX Game Studios, LLC.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/09/2016 01:10:28] - C:\Windows\Installer\39d080.msi : (REX Soft Clouds - SP3 Hotfix 1 - REX Game Studios, LLC.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/09/2016 01:11:32] - C:\Windows\Installer\39d0a9.msi : (REX Soft Clouds - SP3 Hotfix 2 - REX Game Studios, LLC.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/09/2016 01:12:20] - C:\Windows\Installer\39d0b3.msi : (REX Soft Clouds SP3 - Hotfix 3 - REX Game Studios, LLC.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [14/12/2015 13:28:32] - C:\Windows\Installer\43a182.msi : (Test file in a Product - 12bPilot) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [04/09/2015 12:09:18] - C:\Windows\Installer\4fb738b.msi : (RAPID Mode Installation Package - Samsung Electronics Co., Ltd.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [09/09/2016 14:16:18] - C:\Windows\Installer\5aa8c8.msi : (Apple Application Support Installer - Apple Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [09/09/2016 14:16:20] - C:\Windows\Installer\5aa8d3.msi : (Apple Application Support Installer - Apple Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [16/08/2016 12:57:10] - C:\Windows\Installer\5aa8da.msi : ([ProductName] Installer - Apple Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [16/08/2016 12:56:44] - C:\Windows\Installer\5aa8e1.msi : (Apple Mobile Device Support Installer - Apple Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [16/08/2016 13:01:12] - C:\Windows\Installer\5aa8e8.msi : (Apple Software Update Installer - Apple Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [09/09/2016 15:46:12] - C:\Windows\Installer\5aa8ec.msi : (iTunes Installer - Apple Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/09/2016 06:37:59] - C:\Windows\Installer\779618.msi : (VirtualDJ PRO Full Installer - Atomix Productions) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/05/2014 10:12:42] - C:\Windows\Installer\d761.msi : (Intel(R) Rapid Storage Technology - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [10/11/2014 12:14:08] - C:\Windows\Installer\d769.msi : (Intel(R) ME UninstallLegacy - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [10/11/2014 12:14:54] - C:\Windows\Installer\d771.msi : (Intel(R) Management Engine Components - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [10/11/2014 12:15:10] - C:\Windows\Installer\d779.msi : (Intel(R) Management Engine Components - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [10/11/2014 12:12:38] - C:\Windows\Installer\d781.msi : (Intel(R) Trusted Connect Service Client - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [03/10/2016 13:32:28] - C:\Windows\Installer\fb5ac7.msi : (Google Earth - Google) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [03/10/2016 13:31:04] - C:\Windows\Installer\fb5ace.msi : (Google Update Helper - Google Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] ---------- | %System%\*.in* [14/07/2009 06:57:09] - [73] - C:\Windows\System32\desktop.ini [29/09/2016 22:43:45] - [16303] - C:\Windows\System32\ieuinit.inf [14/07/2009 07:13:15] - [1670714] - C:\Windows\System32\PerfStringBackup.INI [29/09/2016 06:17:24] - [148] - C:\Windows\System32\RT08469053.ini [10/06/2009 23:01:25] - [60124] - C:\Windows\System32\tcpmon.ini [29/09/2016 22:43:45] - [16303] - C:\Windows\Syswow64\ieuinit.inf [14/07/2009 06:55:01] - [535] - C:\Windows\Syswow64\mapisvc.inf [29/09/2016 06:58:08] - [1645078] - C:\Windows\Syswow64\PerfStringBackup.INI ---------- | [Damien] [30/09/2016 03:51:15] - |D| - [0] - C:\Users\Damien\.Origin [30/09/2016 03:51:15] - |D| - [0] - C:\Users\Damien\.QtWebEngineProcess [29/09/2016 06:12:59] - |HD| - [2749461883] - C:\Users\Damien\AppData [29/09/2016 06:12:59] - |SHD| - [0] - C:\Users\Damien\Application Data [29/09/2016 06:13:02] - |RD| - [68787] - C:\Users\Damien\Contacts [29/09/2016 06:12:59] - |SHD| - [0] - C:\Users\Damien\Cookies [29/09/2016 06:12:59] - |RD| - [69154160] - C:\Users\Damien\Desktop [29/09/2016 06:12:59] - |RD| - [266349906] - C:\Users\Damien\Documents [29/09/2016 06:12:59] - |RD| - [752551896] - C:\Users\Damien\Downloads [29/09/2016 06:12:59] - |RD| - [4276] - C:\Users\Damien\Favorites [02/10/2016 17:35:22] - |A| - [179] - C:\Users\Damien\FSDreamTeam_GSX.reg [29/09/2016 07:15:26] - |D| - [1787876] - C:\Users\Damien\Intel [29/09/2016 06:12:59] - |RD| - [2372] - C:\Users\Damien\Links [29/09/2016 06:12:59] - |SHD| - [0] - C:\Users\Damien\Local Settings [29/09/2016 06:12:59] - |SHD| - [0] - C:\Users\Damien\Menu Démarrer [29/09/2016 06:12:59] - |SHD| - [0] - C:\Users\Damien\Mes documents [29/09/2016 06:12:59] - |SHD| - [0] - C:\Users\Damien\Modèles [29/09/2016 06:12:59] - |RD| - [54890] - C:\Users\Damien\Music [29/09/2016 06:12:59] - |ASH| - [1835008] - C:\Users\Damien\NTUSER.DAT [29/09/2016 06:12:59] - |ASH| - [262144] - C:\Users\Damien\ntuser.dat.LOG1 [29/09/2016 06:12:59] - |ASH| - [0] - C:\Users\Damien\ntuser.dat.LOG2 [29/09/2016 06:12:59] - |ASH| - [65536] - C:\Users\Damien\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [29/09/2016 06:12:59] - |ASH| - [524288] - C:\Users\Damien\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [29/09/2016 06:12:59] - |ASH| - [524288] - C:\Users\Damien\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [29/09/2016 06:12:59] - |SH| - [20] - C:\Users\Damien\ntuser.ini [29/09/2016 06:12:59] - |RD| - [504] - C:\Users\Damien\Pictures [29/09/2016 06:12:59] - |SHD| - [0] - C:\Users\Damien\Recent [29/09/2016 06:12:59] - |RD| - [282] - C:\Users\Damien\Saved Games [29/09/2016 06:13:08] - |RD| - [1020] - C:\Users\Damien\Searches [29/09/2016 06:12:59] - |SHD| - [0] - C:\Users\Damien\SendTo [29/09/2016 06:12:59] - |RD| - [504] - C:\Users\Damien\Videos [29/09/2016 06:12:59] - |SHD| - [0] - C:\Users\Damien\Voisinage d'impression [29/09/2016 06:12:59] - |SHD| - [0] - C:\Users\Damien\Voisinage réseau [29/09/2016 06:44:38] - |D| - [0] - C:\Users\Damien\AppData\Roaming\Adobe [12/10/2016 23:56:08] - |D| - [3152593] - C:\Users\Damien\AppData\Roaming\Apple Computer [14/10/2016 13:00:43] - |D| - [0] - C:\Users\Damien\AppData\Roaming\Ckewerspwowoy [30/09/2016 15:52:47] - |D| - [3866475] - C:\Users\Damien\AppData\Roaming\EZCA [02/10/2016 17:37:24] - |D| - [7886149] - C:\Users\Damien\AppData\Roaming\Hifi [29/09/2016 06:13:03] - |D| - [0] - C:\Users\Damien\AppData\Roaming\Identities [01/10/2016 13:20:23] - |D| - [0] - C:\Users\Damien\AppData\Roaming\InstallShield [29/09/2016 07:15:38] - |D| - [0] - C:\Users\Damien\AppData\Roaming\Intel Corporation [29/09/2016 07:22:28] - |D| - [27942] - C:\Users\Damien\AppData\Roaming\IObit [07/10/2016 09:00:50] - |D| - [4298] - C:\Users\Damien\AppData\Roaming\IVAO [30/09/2016 23:47:33] - |D| - [1283637] - C:\Users\Damien\AppData\Roaming\Lockheed Martin [29/09/2016 06:44:38] - |D| - [1333] - C:\Users\Damien\AppData\Roaming\Macromedia [29/09/2016 06:12:59] - |D| - [0] - C:\Users\Damien\AppData\Roaming\Media Center Programs [29/09/2016 06:12:59] - |SD| - [1666472] - C:\Users\Damien\AppData\Roaming\Microsoft [29/09/2016 06:35:09] - |D| - [87517039] - C:\Users\Damien\AppData\Roaming\Mozilla [03/10/2016 08:45:13] - |D| - [78986540] - C:\Users\Damien\AppData\Roaming\NVIDIA [03/10/2016 16:31:27] - |D| - [755] - C:\Users\Damien\AppData\Roaming\Orbx systems [30/09/2016 03:56:31] - |D| - [12092] - C:\Users\Damien\AppData\Roaming\Origin [14/10/2016 13:15:58] - |D| - [0] - C:\Users\Damien\AppData\Roaming\Panda Security [30/09/2016 00:28:03] - |D| - [1030699306] - C:\Users\Damien\AppData\Roaming\PMDG [14/10/2016 13:00:42] - |D| - [86428727] - C:\Users\Damien\AppData\Roaming\Profiles [17/10/2016 12:14:19] - |D| - [68382] - C:\Users\Damien\AppData\Roaming\QuickScan [02/10/2016 17:51:39] - |D| - [2012] - C:\Users\Damien\AppData\Roaming\RAASPRO [07/10/2016 09:30:36] - |D| - [30078] - C:\Users\Damien\AppData\Roaming\teamspeak2 [24/10/2016 20:42:25] - |D| - [1032946] - C:\Users\Damien\AppData\Roaming\TS3Client [29/09/2016 06:35:11] - |D| - [2513245] - C:\Users\Damien\AppData\Roaming\uTorrent [29/09/2016 23:28:53] - |D| - [363833] - C:\Users\Damien\AppData\Roaming\Virtuali [29/09/2016 07:07:37] - |D| - [12] - C:\Users\Damien\AppData\Roaming\WinRAR [29/09/2016 06:42:43] - |D| - [0] - C:\Users\Damien\AppData\Local\Adobe [12/10/2016 23:55:56] - |D| - [0] - C:\Users\Damien\AppData\Local\Apple [12/10/2016 23:56:08] - |D| - [31664] - C:\Users\Damien\AppData\Local\Apple Computer [29/09/2016 06:12:59] - |SHD| - [0] - C:\Users\Damien\AppData\Local\Application Data [14/10/2016 13:00:44] - |D| - [709] - C:\Users\Damien\AppData\Local\Apps [29/09/2016 06:40:59] - |D| - [5984542] - C:\Users\Damien\AppData\Local\CEF [29/09/2016 21:09:13] - |D| - [0] - C:\Users\Damien\AppData\Local\CrashDumps [07/10/2016 13:57:13] - |D| - [1450907] - C:\Users\Damien\AppData\Local\ElevatedDiagnostics [29/09/2016 06:54:57] - |A| - [61872] - C:\Users\Damien\AppData\Local\GDIPFONTCACHEV1.DAT [14/10/2016 13:00:42] - |D| - [0] - C:\Users\Damien\AppData\Local\Gerjupy [29/09/2016 06:12:59] - |SHD| - [0] - C:\Users\Damien\AppData\Local\Historique [04/10/2016 16:10:11] - |D| - [1085] - C:\Users\Damien\AppData\Local\I [14/10/2016 13:36:38] - |AH| - [4405686] - C:\Users\Damien\AppData\Local\IconCache.db [30/09/2016 23:47:33] - |D| - [17301002] - C:\Users\Damien\AppData\Local\Lockheed Martin [29/09/2016 06:44:38] - |D| - [0] - C:\Users\Damien\AppData\Local\Macromedia [29/09/2016 06:12:59] - |D| - [90669175] - C:\Users\Damien\AppData\Local\Microsoft [29/09/2016 06:35:09] - |D| - [377649234] - C:\Users\Damien\AppData\Local\Mozilla [29/09/2016 06:41:05] - |D| - [83549704] - C:\Users\Damien\AppData\Local\NVIDIA [29/09/2016 06:40:59] - |D| - [80435482] - C:\Users\Damien\AppData\Local\NVIDIA Corporation [01/10/2016 00:16:06] - |D| - [39336408] - C:\Users\Damien\AppData\Local\Orbx [30/09/2016 03:51:12] - |D| - [326497767] - C:\Users\Damien\AppData\Local\Origin [29/09/2016 07:22:25] - |D| - [0] - C:\Users\Damien\AppData\Local\Programs [29/09/2016 21:13:52] - |A| - [7597] - C:\Users\Damien\AppData\Local\Resmon.ResmonCfg [04/10/2016 22:35:37] - |D| - [150310677] - C:\Users\Damien\AppData\Local\Steam [29/09/2016 06:12:59] - |D| - [267731375] - C:\Users\Damien\AppData\Local\Temp [29/09/2016 06:12:59] - |SHD| - [0] - C:\Users\Damien\AppData\Local\Temporary Internet Files [29/09/2016 06:13:01] - |D| - [0] - C:\Users\Damien\AppData\Local\VirtualStore [29/09/2016 06:13:08] - |ASH| - [174] - C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini [29/09/2016 06:12:59] - |SHD| - [0] - C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes [29/09/2016 06:12:59] - |RD| - [42971] - C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [29/09/2016 06:12:59] - |RD| - [14243] - C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [29/09/2016 06:13:08] - |RD| - [174] - C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [29/09/2016 06:13:08] - |ASH| - [476] - C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini [30/09/2016 01:29:48] - |D| - [4908] - C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flightsim Estonia [04/10/2016 13:14:18] - |D| - [339] - C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FlyTampa [29/09/2016 06:13:09] - |A| - [1188] - C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [03/10/2016 22:34:36] - |D| - [0] - C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LatinVFR [29/09/2016 06:12:59] - |RD| - [580] - C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [30/09/2016 01:31:57] - |D| - [1191] - C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Games [03/10/2016 09:36:20] - |D| - [1297] - C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OldProp Solutions Inc [01/10/2016 00:16:04] - |D| - [1073] - C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Orbx [19/10/2016 12:27:51] - |D| - [2237] - C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SimObject Display Engine [25/10/2016 15:11:32] - |D| - [3959] - C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan [29/09/2016 06:13:08] - |RD| - [174] - C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [07/10/2016 14:24:56] - |D| - [7031] - C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ [29/09/2016 06:38:59] - |D| - [4101] - C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [29/09/2016 06:13:08] - |ASH| - [174] - C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | [Public] [14/07/2009 05:20:08] - |RHD| - [22740] - C:\Users\Public\Desktop [14/07/2009 06:54:24] - |ASH| - [174] - C:\Users\Public\desktop.ini [14/07/2009 05:20:08] - |RD| - [229548651] - C:\Users\Public\Documents [14/07/2009 05:20:08] - |RD| - [174] - C:\Users\Public\Downloads [14/07/2009 05:20:08] - |RHD| - [0] - C:\Users\Public\Favorites [14/07/2009 05:20:08] - |RHD| - [3970] - C:\Users\Public\Libraries [14/07/2009 05:20:08] - |RD| - [17452032] - C:\Users\Public\Music [14/07/2009 05:20:08] - |RD| - [7101480] - C:\Users\Public\Pictures [12/04/2011 11:27:56] - |RD| - [9699579] - C:\Users\Public\Recorded TV [14/10/2016 13:01:08] - |D| - [31955] - C:\Users\Public\Thunder Network [14/07/2009 05:20:08] - |RD| - [26246732] - C:\Users\Public\Videos ---------- | C:\ProgramData [30/09/2016 00:27:29] - |D| - [253990629] - C:\ProgramData\12bPilot [12/10/2016 23:55:45] - |D| - [106497601] - C:\ProgramData\Apple [12/10/2016 23:56:04] - |D| - [79779104] - C:\ProgramData\Apple Computer [14/07/2009 07:08:56] - |SHD| - [214520115886] - C:\ProgramData\Application Data [14/10/2016 13:01:27] - |D| - [20480] - C:\ProgramData\Avg [29/09/2016 06:12:57] - |SHD| - [22740] - C:\ProgramData\Bureau [30/09/2016 01:07:54] - |D| - [10788496] - C:\ProgramData\Caphyon [14/07/2009 07:08:56] - |SHD| - [22740] - C:\ProgramData\Desktop [14/07/2009 07:08:56] - |SHD| - [229548651] - C:\ProgramData\Documents [03/10/2016 14:43:35] - |D| - [1777] - C:\ProgramData\Electronic Arts [29/09/2016 22:43:19] - |D| - [360580] - C:\ProgramData\Esellerate [29/09/2016 06:12:57] - |SHD| - [0] - C:\ProgramData\Favoris [14/07/2009 07:08:56] - |SHD| - [0] - C:\ProgramData\Favorites [30/09/2016 00:35:41] - |D| - [87110] - C:\ProgramData\FLEXnet [30/09/2016 01:28:00] - |D| - [594] - C:\ProgramData\Flightsim Estonia [29/09/2016 07:12:35] - |D| - [42358457] - C:\ProgramData\Intel [29/09/2016 07:22:36] - |D| - [753] - C:\ProgramData\IObit [17/10/2016 11:58:55] - |D| - [90024834] - C:\ProgramData\Kaspersky Lab Setup Files [17/10/2016 10:13:19] - |D| - [133] - C:\ProgramData\Licenses [30/09/2016 23:47:33] - |D| - [50587816] - C:\ProgramData\Lockheed Martin [18/10/2016 20:08:02] - |D| - [13537366] - C:\ProgramData\Malwarebytes [29/09/2016 06:12:57] - |SHD| - [307072] - C:\ProgramData\Menu Démarrer [14/07/2009 05:20:08] - |SD| - [10825056823] - C:\ProgramData\Microsoft [29/09/2016 06:12:57] - |SHD| - [0] - C:\ProgramData\Modèles [29/09/2016 06:15:34] - |D| - [1386] - C:\ProgramData\NETGEAR [29/09/2016 06:40:52] - |D| - [2589252] - C:\ProgramData\NVIDIA [29/09/2016 06:40:52] - |D| - [1312040110] - C:\ProgramData\NVIDIA Corporation [30/09/2016 03:51:14] - |D| - [329031085] - C:\ProgramData\Origin [29/09/2016 06:40:47] - |D| - [10755057705] - C:\ProgramData\Package Cache [25/10/2016 02:32:31] - |D| - [24861518] - C:\ProgramData\panda_url_filtering [29/09/2016 07:23:40] - |D| - [83] - C:\ProgramData\ProductData [29/09/2016 06:17:45] - |D| - [0] - C:\ProgramData\Ralink [30/09/2016 23:02:35] - |D| - [19230575] - C:\ProgramData\Samsung [30/09/2016 00:26:30] - |D| - [176] - C:\ProgramData\simMarket [14/07/2009 07:08:56] - |SHD| - [307072] - C:\ProgramData\Start Menu [17/10/2016 10:13:19] - |AD| - [4] - C:\ProgramData\TEMP [14/07/2009 07:08:56] - |SHD| - [0] - C:\ProgramData\Templates [02/10/2016 17:28:00] - |D| - [1712623] - C:\ProgramData\Virtuali ---------- | C:\ProgramData\Microsoft\Windows\Start Menu [14/07/2009 07:01:14] - |A| - [1282] - C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk [14/07/2009 06:49:40] - |ASH| - [442] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini [29/09/2016 06:12:57] - |SHD| - [303133] - C:\ProgramData\Microsoft\Windows\Start Menu\Programmes [14/07/2009 05:20:08] - |RD| - [303133] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs [14/07/2009 06:49:40] - |A| - [1266] - C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk [29/09/2016 06:35:37] - |A| - [949] - C:\ProgramData\Microsoft\Windows\Start Menu\µTorrent.lnk ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs [14/07/2009 05:20:08] - |RD| - [45100] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories [14/07/2009 07:32:38] - |RD| - [21303] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [29/09/2016 23:58:13] - |D| - [79701] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aerosoft [12/10/2016 23:55:56] - |A| - [2519] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [21/10/2016 06:40:48] - |D| - [4193] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 1 [18/10/2016 13:39:09] - |D| - [922] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [25/10/2016 15:39:40] - |D| - [1803] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core Temp [14/07/2009 06:54:23] - |ASH| - [964] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini [06/10/2016 00:03:25] - |D| - [3177] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Drzewiecki Design [30/09/2016 15:52:49] - |D| - [5066] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EZCA [14/10/2016 11:25:22] - |D| - [1200] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 16 DEMO [04/10/2016 13:14:18] - |D| - [8393] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlyTampa [02/10/2016 17:28:16] - |D| - [1192] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FsDreamTeam [14/07/2009 07:32:38] - |RD| - [6192] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games [03/10/2016 13:32:31] - |D| - [6324] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [25/10/2016 15:41:52] - |D| - [1915] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GPU Temp [02/10/2016 17:37:22] - |D| - [1251] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HiFi [29/09/2016 22:43:01] - |A| - [1011] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hola.lnk [29/09/2016 07:11:47] - |RD| - [4676] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel [12/10/2016 23:56:08] - |D| - [3999] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [07/10/2016 09:00:50] - |D| - [9564] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IVAO [30/09/2016 23:47:33] - |D| - [3635] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lockheed Martin [14/07/2009 05:20:08] - |RD| - [4370] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance [18/10/2016 20:08:04] - |D| - [3679] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware [29/09/2016 06:09:35] - |A| - [1345] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [29/09/2016 06:34:54] - |A| - [1061] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [29/09/2016 07:07:44] - |D| - [15809] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI [29/09/2016 06:40:54] - |D| - [11136] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [29/09/2016 11:44:35] - |D| - [1378] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Orbx [30/09/2016 03:54:32] - |D| - [3252] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin [30/09/2016 00:15:43] - |D| - [8618] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PMDG Simulations [30/09/2016 00:56:56] - |D| - [5076] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REX 4 [30/09/2016 23:02:37] - |D| - [3384] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Magician [14/07/2009 06:57:08] - |A| - [1330] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk [19/10/2016 12:27:41] - |D| - [13990] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SimMarket [02/10/2016 17:28:31] - |D| - [1973] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SimObject Display Engine [14/07/2009 05:20:08] - |RD| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [04/10/2016 22:31:27] - |D| - [1039] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [12/04/2011 11:27:56] - |RHD| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC [24/10/2016 20:42:24] - |A| - [929] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk [07/10/2016 09:01:57] - |D| - [1132] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Teamspeak2 RC2 [29/09/2016 06:09:34] - |A| - [1326] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [14/07/2009 06:54:59] - |A| - [1210] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk [14/07/2009 06:57:06] - |A| - [1547] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk [29/09/2016 06:38:59] - |D| - [4029] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [14/07/2009 06:57:08] - |A| - [1246] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [14/07/2009 06:54:23] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | C:\Program Files (x86) [02/10/2016 17:28:30] - |D| - [18063021] - C:\Program Files (x86)\12bPilot [04/10/2016 22:47:52] - |D| - [4204644] - C:\Program Files (x86)\Aerosoft [12/10/2016 23:55:56] - |D| - [2743854] - C:\Program Files (x86)\Apple Software Update [12/10/2016 23:55:51] - |D| - [631636] - C:\Program Files (x86)\Bonjour [14/07/2009 05:20:08] - |D| - [202692141] - C:\Program Files (x86)\Common Files [14/07/2009 06:54:24] - |ASH| - [174] - C:\Program Files (x86)\desktop.ini [30/09/2016 15:52:47] - |D| - [12573280] - C:\Program Files (x86)\EZCA [14/10/2016 12:00:58] - |D| - [0] - C:\Program Files (x86)\FIFA 16 Super Deluxe Edition [30/09/2016 01:28:49] - |D| - [75978109] - C:\Program Files (x86)\Flightsim Estonia [03/10/2016 13:31:04] - |D| - [239262493] - C:\Program Files (x86)\Google [25/10/2016 15:41:52] - |D| - [1932849] - C:\Program Files (x86)\GPU Temp [29/09/2016 23:40:18] - |D| - [1099190863] - C:\Program Files (x86)\HiFi [29/09/2016 06:17:23] - |HD| - [170757883] - C:\Program Files (x86)\InstallShield Installation Information [29/09/2016 07:10:58] - |D| - [22205178] - C:\Program Files (x86)\Intel [14/07/2009 05:20:08] - |D| - [10532593] - C:\Program Files (x86)\Internet Explorer [07/10/2016 09:00:50] - |D| - [41083460] - C:\Program Files (x86)\IVAO [18/10/2016 14:24:14] - |D| - [60124089] - C:\Program Files (x86)\Malwarebytes Anti-Malware [20/10/2016 15:39:08] - |D| - [417] - C:\Program Files (x86)\Microsoft Games [30/09/2016 00:55:46] - |D| - [890322] - C:\Program Files (x86)\Microsoft SQL Server [29/09/2016 06:58:00] - |D| - [23935] - C:\Program Files (x86)\Microsoft.NET [29/09/2016 06:34:53] - |D| - [94268384] - C:\Program Files (x86)\Mozilla Firefox [29/09/2016 06:34:54] - |D| - [262595] - C:\Program Files (x86)\Mozilla Maintenance Service [14/07/2009 07:32:38] - |D| - [25757] - C:\Program Files (x86)\MSBuild [29/09/2016 07:07:44] - |D| - [190822214] - C:\Program Files (x86)\MSI [29/09/2016 06:17:22] - |D| - [14162269] - C:\Program Files (x86)\NETGEAR [29/09/2016 06:40:52] - |D| - [394475065] - C:\Program Files (x86)\NVIDIA Corporation [03/10/2016 09:36:20] - |D| - [5782338] - C:\Program Files (x86)\OldProp Solutions Inc [30/09/2016 03:54:32] - |D| - [320412599] - C:\Program Files (x86)\Origin [30/09/2016 03:57:55] - |D| - [50646509965] - C:\Program Files (x86)\Origin Games [14/10/2016 13:15:53] - |D| - [4527104] - C:\Program Files (x86)\Panda Security [30/09/2016 00:15:43] - |D| - [61541800] - C:\Program Files (x86)\PMDG Operations Center [29/09/2016 07:08:12] - |D| - [3563065] - C:\Program Files (x86)\Realtek [14/07/2009 07:32:38] - |D| - [39175425] - C:\Program Files (x86)\Reference Assemblies [30/09/2016 23:02:35] - |D| - [93209018] - C:\Program Files (x86)\Samsung [25/10/2016 15:11:32] - |D| - [9449978] - C:\Program Files (x86)\SpeedFan [04/10/2016 22:31:27] - |D| - [547012646] - C:\Program Files (x86)\Steam [29/09/2016 07:08:06] - |HD| - [0] - C:\Program Files (x86)\Temp [29/09/2016 06:35:37] - |D| - [399736] - C:\Program Files (x86)\uTorrent [07/10/2016 14:24:56] - |D| - [32140645] - C:\Program Files (x86)\VirtualDJ [25/10/2016 15:10:56] - |D| - [846194] - C:\Program Files (x86)\VulkanRT [14/07/2009 07:32:38] - |D| - [524800] - C:\Program Files (x86)\Windows Defender [14/07/2009 05:20:08] - |D| - [6181376] - C:\Program Files (x86)\Windows Mail [14/07/2009 07:32:38] - |D| - [5024017] - C:\Program Files (x86)\Windows Media Player [14/07/2009 05:20:08] - |D| - [12197556] - C:\Program Files (x86)\Windows NT [14/07/2009 07:32:38] - |D| - [4417800] - C:\Program Files (x86)\Windows Photo Viewer [14/07/2009 07:32:38] - |D| - [189952] - C:\Program Files (x86)\Windows Portable Devices [14/07/2009 07:32:38] - |D| - [5994626] - C:\Program Files (x86)\Windows Sidebar ---------- | C:\Program Files [12/10/2016 23:55:51] - |D| - [615046] - C:\Program Files\Bonjour [18/10/2016 13:39:08] - |D| - [20150215] - C:\Program Files\CCleaner [14/07/2009 05:20:08] - |D| - [240947418] - C:\Program Files\Common Files [25/10/2016 15:39:40] - |D| - [2176320] - C:\Program Files\Core Temp [14/07/2009 06:54:24] - |ASH| - [174] - C:\Program Files\desktop.ini [14/07/2009 07:32:38] - |D| - [90256916] - C:\Program Files\DVD Maker [29/09/2016 06:12:57] - |SHD| - [240947418] - C:\Program Files\Fichiers communs [29/09/2016 07:09:04] - |D| - [49929118] - C:\Program Files\Intel [14/07/2009 05:20:08] - |D| - [30536588] - C:\Program Files\Internet Explorer [12/10/2016 23:56:05] - |D| - [1374691] - C:\Program Files\iPod [12/10/2016 23:56:04] - |D| - [220322794] - C:\Program Files\iTunes [14/07/2009 07:32:38] - |D| - [149237810] - C:\Program Files\Microsoft Games [30/09/2016 00:55:46] - |D| - [160557273] - C:\Program Files\Microsoft SQL Server [14/07/2009 07:32:38] - |D| - [25757] - C:\Program Files\MSBuild [22/10/2016 15:11:22] - |D| - [168687774] - C:\Program Files\MSI [29/09/2016 06:40:14] - |D| - [1497890714] - C:\Program Files\NVIDIA Corporation [14/10/2016 13:16:24] - |D| - [1127327] - C:\Program Files\Panda Security URL Filtering [29/09/2016 07:08:20] - |D| - [36046200] - C:\Program Files\Realtek [14/07/2009 07:32:38] - |D| - [36834473] - C:\Program Files\Reference Assemblies [24/10/2016 20:42:23] - |D| - [67399238] - C:\Program Files\TeamSpeak 3 Client [14/07/2009 07:09:26] - |HD| - [0] - C:\Program Files\Uninstall Information [14/07/2009 07:32:38] - |D| - [4039680] - C:\Program Files\Windows Defender [12/04/2011 11:28:07] - |D| - [9240696] - C:\Program Files\Windows Journal [14/07/2009 05:20:08] - |D| - [6667776] - C:\Program Files\Windows Mail [14/07/2009 07:32:38] - |D| - [7687085] - C:\Program Files\Windows Media Player [14/07/2009 05:20:08] - |D| - [12627636] - C:\Program Files\Windows NT [14/07/2009 07:32:38] - |D| - [5516056] - C:\Program Files\Windows Photo Viewer [14/07/2009 07:32:38] - |D| - [244736] - C:\Program Files\Windows Portable Devices [14/07/2009 07:32:38] - |D| - [7044767] - C:\Program Files\Windows Sidebar [29/09/2016 06:38:57] - |D| - [6299775] - C:\Program Files\WinRAR ---------- | C:\Program Files (x86)\Common Files [12/10/2016 23:55:45] - |D| - [131898092] - C:\Program Files (x86)\Common Files\Apple [29/09/2016 07:16:21] - |D| - [256016] - C:\Program Files (x86)\Common Files\Intel Corporation [30/09/2016 00:16:01] - |D| - [1045196] - C:\Program Files (x86)\Common Files\Macrovision Shared [14/07/2009 05:20:08] - |D| - [17098625] - C:\Program Files (x86)\Common Files\microsoft shared [29/09/2016 07:16:03] - |D| - [204796] - C:\Program Files (x86)\Common Files\PostureAgent [14/07/2009 05:20:08] - |D| - [2702] - C:\Program Files (x86)\Common Files\Services [14/07/2009 05:20:08] - |D| - [41103783] - C:\Program Files (x86)\Common Files\SpeechEngines [04/10/2016 22:31:27] - |D| - [837312] - C:\Program Files (x86)\Common Files\Steam [14/07/2009 05:20:08] - |D| - [10245619] - C:\Program Files (x86)\Common Files\System ---------- | C:\Program Files\Common files [12/10/2016 23:55:49] - |D| - [176350485] - C:\Program Files\Common files\Apple [21/10/2016 06:40:47] - |HD| - [1021231] - C:\Program Files\Common files\EAInstaller [14/07/2009 05:20:08] - |D| - [50774037] - C:\Program Files\Common files\Microsoft Shared [14/07/2009 05:20:08] - |D| - [2702] - C:\Program Files\Common files\Services [14/07/2009 05:20:08] - |D| - [608768] - C:\Program Files\Common files\SpeechEngines [14/07/2009 05:20:08] - |D| - [12190195] - C:\Program Files\Common files\System ---------- | Tasks [MD5.C908B3240957E4CF3622FFA422A54AAF] - [03/10/2016 13:31:04] - |A| - [1064] - C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [MD5.458DA7CB2C436024001DF8B1C43574CB] - [03/10/2016 13:31:04] - |A| - [1068] - C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [14/07/2009 07:08:49] - |AH| - [6] - C:\Windows\Tasks\SA.DAT [MD5.BD862D603BE7C99DCCA44234FA87AF26] - [14/07/2009 07:08:49] - |A| - [28942] - C:\Windows\Tasks\SCHEDLGU.TXT [MD5.9A57A2DF4A9278B89C41DF484E36171F] - [18/10/2016 13:39:10] - |A| - [2796] - C:\Windows\System32\Tasks\CCleanerSkipUAC : "C:\Program Files\CCleaner\CCleaner.exe" [MD5.00000000000000000000000000000000] - [14/07/2009 05:20:13] - |D| - [256526] - C:\Windows\System32\Tasks\Microsoft [MD5.8B5B2D735CB8F930ABAE135CE30203CA] - [22/10/2016 14:59:07] - |A| - [3068] - C:\Windows\System32\Tasks\MSIOSDx64_Host : C:\Program Files (x86)\MSI\Gaming APP\OSD\x64\MsiGamingOSD_x64.exe [MD5.C8A3377EF861EF6D314965165362A6F1] - [22/10/2016 14:59:07] - |A| - [3068] - C:\Windows\System32\Tasks\MSIOSDx86_Host : C:\Program Files (x86)\MSI\Gaming APP\OSD\x86\MsiGamingOSD_x86.exe [MD5.311ED4A9A6CB1D8FBACD386AFFEA3661] - [22/10/2016 14:59:02] - |A| - [3002] - C:\Windows\System32\Tasks\MSISW_Host : C:\Windows\SysWOW64\muachost.exe [MD5.00000000000000000000000000000000] - [14/07/2009 07:09:57] - |D| - [4480] - C:\Windows\System32\Tasks\WPD [MD5.00000000000000000000000000000000] - [14/07/2009 05:20:14] - |D| - [0] - C:\Windows\Syswow64\Tasks\Microsoft ---------- | Firewall [HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules] "Netlogon-NamedPipe-In"=v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|Name=@netlogon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010| "{8F308DDB-FE20-4FF7-A7D3-9C10442775EB}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Mozilla Firefox\firefox.exe|Name=Firefox (C:\Program Files (x86)\Mozilla Firefox)| "{E953E039-07E7-4230-A9FC-7A711EA72F58}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Mozilla Firefox\firefox.exe|Name=Firefox (C:\Program Files (x86)\Mozilla Firefox)| "{794E6DAF-E222-4F5E-9D79-0543BB0D5BDE}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Program Files (x86)\uTorrent\uTorrent.exe|Name=µTorrent (TCP-In)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE| "{1D37E99C-4BBC-47E4-8951-1D2CD4151E11}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Program Files (x86)\uTorrent\uTorrent.exe|Name=µTorrent (UDP-In)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE| "{8453CC12-0B9E-4AD8-A48B-4DA35A5DA416}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=47984|LPort=47989|LPort=48010|App=C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe|Name=SHIELD Streaming NSS TCP Exception|Desc=TCP exceptions for SHIELD Streaming NSS (HTTP)| "{ED5C3F54-48FC-4FF6-B2B5-8810B33F6577}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe|Name=SHIELD Streaming NSS UDP Exception|Desc=UDP exceptions for SHIELD Streaming NSS (mDNS)| "{1B023265-62F5-4FE3-8C1B-57806B5C73B2}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=47998|App=C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe|Name=SHIELD Streaming SSAU UDP Exception|Desc=UDP exceptions for SHIELD Streaming SSAU (NWT)| "{7C3A1394-0D9D-4347-9FB4-27CDCFF0F3C7}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=35043|LPort=47995|LPort=48010|App=C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe|Name=SHIELD Streaming NvStreamer TCP Exception|Desc=TCP exceptions for SHIELD Streaming NvStreamer (RTSP/RI)| "{4E713D5A-037A-49B9-9A65-C0BAE7D16A4F}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=47995|LPort=47998|LPort=47999|LPort=48000|LPort=48010|App=C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe|Name=SHIELD Streaming NvStreamer UDP Exception|Desc=UDP exceptions for SHIELD Streaming NvStreamer (RTSP/RI/A/V)| "{E532AAF2-3595-4BD2-B26F-B0DD92E5FAC9}"=v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=808|App=C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe|Svc=NetTcpActivator|Name=@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelEvents.dll,-2000|Desc=@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelEvents.dll,-2001|EmbedCtxt=@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelEvents.dll,-2002| "TCP Query User{13D34AE3-3295-42A0-A2FE-2F8716A7C5BC}C:\program files (x86)\hifi\as16_p3d\as16.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files (x86)\hifi\as16_p3d\as16.exe|Name=Active Sky 2016 for P3D|Desc=Active Sky 2016 for P3D|Defer=User| "UDP Query User{C5CCD633-2F9E-43F3-A311-57273D51C819}C:\program files (x86)\hifi\as16_p3d\as16.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files (x86)\hifi\as16_p3d\as16.exe|Name=Active Sky 2016 for P3D|Desc=Active Sky 2016 for P3D|Defer=User| "{ED0A2B21-EF5E-4B2A-898B-C222A478A846}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=445|Name=AS_PIPE_PORT| "{84D6ADED-A38C-4702-A8A9-52680F165B20}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=19284|Name=AS_RADAR_PORT| "{AA593C46-A68E-4E7E-A496-3E5FE5686ADB}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=19285|Name=AS_HTTP_PORT| "{4F660F29-219C-4F8F-9005-369493A5A016}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Bonjour\mDNSResponder.exe|Name=Service Bonjour| "{4D22CF6D-C242-463F-B6CD-A44DDB2A0462}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Bonjour\mDNSResponder.exe|Name=Service Bonjour| "{A2967B16-703C-4EC8-975D-234175EFF36B}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Bonjour\mDNSResponder.exe|Name=Service Bonjour| "{28DAFC3A-B0DE-43F6-B38E-44393ACB9978}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Bonjour\mDNSResponder.exe|Name=Service Bonjour| "TCP Query User{4A6432BC-2D2F-458E-A4DC-31A1F3B07080}C:\program files (x86)\origin games\star wars battlefront\starwarsbattlefront.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files (x86)\origin games\star wars battlefront\starwarsbattlefront.exe|Name=STAR WARS™ Battlefront™|Desc=STAR WARS™ Battlefront™|Defer=User| "UDP Query User{31CE1D21-A891-4708-809F-87A8D390FDBC}C:\program files (x86)\origin games\star wars battlefront\starwarsbattlefront.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files (x86)\origin games\star wars battlefront\starwarsbattlefront.exe|Name=STAR WARS™ Battlefront™|Desc=STAR WARS™ Battlefront™|Defer=User| "{BA35DDB5-C4D6-40A1-BCF8-72B42F782529}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=26789|Name=Gaming APP Server| "{921F3E23-905F-4468-9730-5B7DB14F9656}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Origin Games\Battlefield 1\bf1Trial.exe|Name=Battlefield™ 1 Trial (x64)| "{988BE6BA-DB89-4759-A743-FAF72770361D}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Origin Games\Battlefield 1\bf1Trial.exe|Name=Battlefield™ 1 Trial (x64)| "{6A5CC143-BCBD-4D65-AC6F-B21191ED051C}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Origin Games\Battlefield 1\bf1.exe|Name=Battlefield™ 1 (x64)| "{854505D2-BFFA-45BF-92A4-18963F5A4E22}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Origin Games\Battlefield 1\bf1.exe|Name=Battlefield™ 1 (x64)| ---------- | Control\Class [HKLM\SYSTEM\CurrentControlSet\Control\Class\{0475BB51-5A02-4EE0-B36C-29040FAD2650}] : (nvlddmkm) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1264760F-A5C8-4BFE-B314-D56A7B44A362}] : (DXGKrnl) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{25DBCE51-6C8F-4A72-8A6D-B54C2B4FC835}] : (WCEUSBS) [] -> @%SystemRoot%\System32\SysClass.Dll,-3026 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{36FC9E60-C465-11CF-8056-444553540000}] : (USB) [] -> @%SystemRoot%\System32\SysClass.Dll,-3025 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4116F60B-25B3-4662-B732-99A6111EDC0B}] : (IPMIDRV) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{43675D81-502A-4A82-9F84-B75F418C5DEA}] : (Media Center Extender) [] -> @%SystemRoot%\system32\McxDriv.dll,-100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4658EE7E-F050-11D1-B6BD-00C04FA372A7}] : (PnpPrinters) [] -> @%systemroot%\system32\ntprint.dll,-1300 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{48721B56-6795-11D2-B1A8-0080C72E74A2}] : (Dot4) [] -> @%SystemRoot%\system32\sysclass.dll,-3023 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{49CE6AC8-6F86-11D2-B1E5-0080C72E74A2}] : (Dot4Print) [] -> @%SystemRoot%\system32\sysclass.dll,-3024 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}] : (CDROM) [] -> @%SystemRoot%\System32\StorProp.dll,-17001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E966-E325-11CE-BFC1-08002BE10318}] : (Computer) [] -> @%SystemRoot%\System32\SysClass.dll,-3000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}] : (DiskDrive) [] -> @%SystemRoot%\System32\StorProp.dll,-17000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}] : (Display) [] -> @DispCI.dll,-3100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}] : (fdc) [] -> @%SystemRoot%\System32\SysClass.Dll,-3013 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}] : (hdc) [] -> @%SystemRoot%\System32\SysClass.Dll,-3001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}] : (Keyboard) [] -> @%SystemRoot%\System32\SysClass.Dll,-3002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96C-E325-11CE-BFC1-08002BE10318}] : (MEDIA) [] -> @mmci.dll,-3000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}] : (Modem) [] -> @%SystemRoot%\System32\mdminst.dll,-14100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}] : (Monitor) [] -> @Montr_CI.dll,-3100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96F-E325-11CE-BFC1-08002BE10318}] : (Mouse) [] -> @%SystemRoot%\System32\SysClass.Dll,-3004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E970-E325-11CE-BFC1-08002BE10318}] : (MTD) [] -> @SysClass.Dll,-3021 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E971-E325-11CE-BFC1-08002BE10318}] : (MultiFunction) [] -> @%SystemRoot%\System32\SysClass.Dll,-3014 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}] : (Net) [] -> @NetCfgx.dll,-1502 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E973-E325-11CE-BFC1-08002BE10318}] : (NetClient) [] -> @NetCfgx.dll,-1504 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E974-E325-11CE-BFC1-08002BE10318}] : (NetService) [] -> @NetCfgx.dll,-1505 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E975-E325-11CE-BFC1-08002BE10318}] : (NetTrans) [] -> @NetCfgx.dll,-1503 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E977-E325-11CE-BFC1-08002BE10318}] : (PCMCIA) [] -> @%SystemRoot%\System32\SysClass.Dll,-3010 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E978-E325-11CE-BFC1-08002BE10318}] : (Ports) [] -> @%SystemRoot%\System32\msports.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E979-E325-11CE-BFC1-08002BE10318}] : (Printer) [] -> @%systemroot%\system32\ntprint.dll,-1004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}] : (SCSIAdapter) [] -> @%SystemRoot%\System32\SysClass.Dll,-3005 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E97D-E325-11CE-BFC1-08002BE10318}] : (System) [] -> @%SystemRoot%\System32\SysClass.Dll,-3008 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E97E-E325-11CE-BFC1-08002BE10318}] : (Unknown) [] -> @%SystemRoot%\System32\SysClass.Dll,-3009 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}] : (FloppyDisk) [] -> @%SystemRoot%\System32\SysClass.Dll,-3015 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50127DC3-0F36-415E-A6CC-4CB3BE910B65}] : (Processor) [] -> @%SystemRoot%\system32\procinst.dll,-100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50906CB8-BA12-11D1-BF5D-0000F805F530}] : (MultiPortSerial) [] -> @%SystemRoot%\system32\sysclass.dll,-3022 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5099944A-F6B9-4057-A056-8C550228544C}] : (Memory) [] -> @%SystemRoot%\System32\SysClass.Dll,-3018 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50DD5230-BA8A-11D1-BF5D-0000F805F530}] : (SmartCardReader) [] -> @StorProp.dll,-17002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5175D334-C371-4806-B3BA-71FD53C9258D}] : (Sensor) [] -> @%systemroot%\system32\SensorsCpl.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] : (VolumeSnapshot) [] -> @%SystemRoot%\System32\SysClass.Dll,-3011 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53D29EF7-377C-4D14-864B-EB3A85769359}] : (BiometricDevice) [] -> @%SystemRoot%\System32\SysClass.DLL,-3028 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] : (1394) [] -> @%SystemRoot%\System32\SysClass.Dll,-3016 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC5-810F-11D0-BEC7-08002BE2092F}] : (Infrared) [] -> @NetCfgx.dll,-1501 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}] : (Image) [] -> @%systemroot%\system32\sti_ci.dll,-52 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6D807884-7D21-11CF-801C-08002BE10318}] : (TapeDrive) [] -> @%SystemRoot%\System32\SysClass.Dll,-3006 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6FAE73B7-B735-4B50-A0DA-0DC2484B1F1A}] : (nvlddmkm) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] : (Volume) [] -> @%SystemRoot%\System32\SysClass.Dll,-3007 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{72631E54-78A4-11D0-BCF7-00AA00B7B32A}] : (Battery) [] -> @%SystemRoot%\system32\batt.dll,-100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] : (HIDClass) [] -> @hid.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{7EBEFBC0-3200-11D2-B4C2-00A0C9697D07}] : (61883) [] -> @%SystemRoot%\System32\SysClass.Dll,-3019 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8ECC055D-047F-11D1-A537-0000F8753ED1}] : (LegacyDriver) [] -> @%SystemRoot%\System32\SysClass.Dll,-3003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{990A2BD7-E738-46C7-B26F-1CF8FB9F1391}] : (SmartCard) [] -> @sccls.dll,-300 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{997B5D8D-C442-4F2E-BAF3-9C8E671E9E21}] : (SideShow) [] -> @%systemroot%\system32\AuxiliaryDisplayClassInstaller.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] : (SDHost) [] -> @%SystemRoot%\System32\SysClass.Dll,-3012 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{A3E32DBA-BA89-4F17-8386-2D0127FBD4CC}] : (rdpbus) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{A73C93F1-9727-4D1D-ACE1-0E333BA4E7DB}] : (nvlddmkm) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{BC103702-DD72-406F-9B28-95C868337B59}] : (Transfer Cable) [] -> @%SystemRoot%\System32\migwiz\migres.dll,-20 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{C06FF265-AE09-48F0-812C-16753D7CBA83}] : (AVC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3027 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{CE5939AE-EBDE-11D0-B181-0000F8753EC4}] : (MediumChanger) [] -> @%SystemRoot%\System32\StorProp.dll,-17003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] : (SBP2) [] -> @%SystemRoot%\System32\SysClass.Dll,-3017 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{D61CA365-5AF4-4486-998B-9DB4734C6CA3}] : (XnaComposite) [] -> @%SystemRoot%\system32\XInput9_1_0.dll,-1000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] : (SecurityDevices) [] -> @%SystemRoot%\System32\SysClass.Dll,-3020 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{DB4F6DDD-9C0E-45E4-9597-78DBBAD0F412}] : (SmartCardFilter) [] -> @sccls.dll,-301 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{DD18574C-B785-4E3C-A74F-8BC4990D790B}] : (USBKCXTRLER) [] -> @oem17.inf,%USBKCXTRLER%;Universal Serial Bus Keyboard Controllers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{E0CBF06C-CD8B-4647-BB8A-263B43F0F974}] : (Bluetooth) [] -> @%SystemRoot%\system32\bthci.dll,-4001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}] : (WPD) [] -> @wpd_ci.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5] -> elstrans.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) ---------- | Loaded modules (whitelist) [04/09/2015 12:08:46] - (1.0.1.96) - (Samsung Electronics Co., Ltd. - Samsung RAPID Mode File Filter Driver) - C:\Windows\system32\DRIVERS\SamsungRapidFSFltr.sys [30/09/2016 23:05:50] - (1.0.1.96) - (Samsung Electronics Co., Ltd. - Samsung RAPID Mode Disk Filter Driver) - C:\Windows\system32\DRIVERS\SamsungRapidDiskFltr.sys [14/07/2009 02:00:40] - (6.1.7600.16385) - (Brother Industries Ltd. - Pilote Brother Série I/F (WDM)) - C:\Windows\system32\DRIVERS\serial.sys [29/09/2016 07:22:36] - (8.98.0.0) - (REALiX(tm) - HWiNFO AMD64 Kernel Driver) - C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27/05/2014 11:21:08] - (1.1.0.0) - ( - Intel(R) Smart Connect Technology Device Driver) - C:\Windows\system32\DRIVERS\ISCTD.sys [29/09/2016 06:40:20] - (1.2.41.0) - (NVIDIA Corporation - NVIDIA Virtual Audio Driver) - C:\Windows\system32\drivers\nvvad64v.sys [29/09/2016 07:19:24] - (1.0.2014.217) - (FINTEK Corp. - FINTEK Corp. FitGpBus Device Driver) - C:\Windows\system32\drivers\I2cHkBurn.sys [29/09/2016 07:08:13] - (6.10.0.8) - (Creative Technology Ltd. - Creative Audio Driver) - C:\Windows\system32\drivers\MBfilt64.sys [27/05/2014 11:21:04] - (0.0.0.0) - ( -) - C:\Windows\system32\DRIVERS\ikbevent.sys [27/05/2014 11:21:08] - (0.0.0.0) - ( -) - C:\Windows\system32\DRIVERS\imsevent.sys [26/05/2015 16:20:04] - (5.1.22.0) - (MediaTek Inc. - MediaTek 802.11n Wireless Adapter Driver) - C:\Windows\system32\DRIVERS\A6210.sys [29/09/2016 07:07:44] - (1.0.0.0) - (MSI - NTIOLib) - C:\Program Files (x86)\MSI\Super Charger\NTIOLib_X64.sys [19/03/2014 22:42:54] - (2.1.0.1) - (Visicom Media Inc. - Visicom Media Anti-phishing Domain Advisor (Powered by Panda Security)) - C:\Program Files\Panda Security URL Filtering\panda_url_filteringd.sys [29/09/2016 07:12:36] - (0.0.0.0) - ( -) - C:\Windows\System32\Drivers\INETMON.sys [29/09/2016 07:07:44] - (1.0.0.0) - (MSI - ipadtst2) - C:\Program Files (x86)\MSI\Super Charger\ipadtst2_64.sys [29/09/2016 07:07:44] - (6.1.7600.16385) - (Windows (R) Win 7 DDK provider - Sample Cancel Driver) - C:\Program Files (x86)\MSI\Super Charger\ipadtst_64.sys [25/10/2016 15:09:45] - (21.21.13.7563) - (NVIDIA Corporation - NVIDIA Windows Kernel Mode Driver, Version 375.63) - C:\Windows\system32\DRIVERS\nvlddmkm.sys [22/10/2016 13:05:37] - (1.3.34.17) - (NVIDIA Corporation - NVIDIA HDMI Audio Driver) - C:\Windows\system32\drivers\nvhda64v.sys [29/12/2012 22:59:38] - (2.3.11.0) - (Almico Software - SpeedFan x64 Driver) - C:\Windows\SysWOW64\speedfan.sys ---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service R0 - ACPI (Pilote ACPI Microsoft) -> system32\drivers\ACPI.sys R0 - amdxata () -> system32\drivers\amdxata.sys R0 - atapi (Canal IDE) -> system32\drivers\atapi.sys R0 - CLFS (@%SystemRoot%\system32\clfs.sys,-100) -> System32\CLFS.sys R0 - CNG () -> System32\Drivers\cng.sys R0 - Disk (Pilote de disque) -> system32\drivers\disk.sys R0 - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) -> system32\drivers\fileinfo.sys R0 - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) -> system32\drivers\fltmgr.sys S0 - Fs_Rec () -> (?) R0 - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) -> System32\DRIVERS\fvevol.sys R0 - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) -> System32\drivers\hwpolicy.sys R0 - iaStorA () -> system32\DRIVERS\iaStorA.sys R0 - iaStorF () -> system32\DRIVERS\iaStorF.sys R0 - iusb3hcs (Pilote de commutateur de contrôleur d'hôte Intel(R) USB 3.0) -> system32\DRIVERS\iusb3hcs.sys R0 - KSecDD () -> System32\Drivers\ksecdd.sys R0 - KSecPkg () -> System32\Drivers\ksecpkg.sys R0 - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) -> System32\drivers\mountmgr.sys R0 - msahci () -> system32\drivers\msahci.sys R0 - msisadrv () -> system32\drivers\msisadrv.sys R0 - Mup (@%systemroot%\system32\drivers\mup.sys,-101) -> System32\Drivers\mup.sys R0 - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) -> system32\drivers\ndis.sys R0 - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) -> System32\drivers\partmgr.sys R0 - pci (Pilote de bus PCI) -> system32\drivers\pci.sys R0 - pcw (Performance Counters for Windows Driver) -> System32\drivers\pcw.sys R0 - rdyboost (ReadyBoost) -> System32\drivers\rdyboost.sys R0 - SamsungRapidDiskFltr (SAMSUNG RAPID Mode Disk Filter Driver) -> system32\DRIVERS\SamsungRapidDiskFltr.sys R0 - SamsungRapidFSFltr (SamsungRapidFSFltr) -> system32\DRIVERS\SamsungRapidFSFltr.sys R0 - spldr (Security Processor Loader Driver) -> (?) R0 - storflt (@%SystemRoot%\system32\vmstorfltres.dll,-1000) -> system32\drivers\vmstorfl.sys R0 - Tcpip (@%SystemRoot%\system32\tcpipcfg.dll,-50003) -> System32\drivers\tcpip.sys R0 - vdrvroot (Pilote d’énumérateur de lecteur virtuel Microsoft) -> system32\drivers\vdrvroot.sys R0 - volmgr (Pilote du Gestionnaire de volume) -> system32\drivers\volmgr.sys R0 - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) -> System32\drivers\volmgrx.sys R0 - volsnap (Volumes de stockage) -> system32\drivers\volsnap.sys R0 - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) -> system32\drivers\Wdf01000.sys R1 - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) -> \SystemRoot\system32\drivers\afd.sys R1 - Beep (Beep) -> (?) R1 - blbdrive () -> system32\DRIVERS\blbdrive.sys R1 - cdrom (Pilote de CD-ROM) -> system32\DRIVERS\cdrom.sys R1 - CSC (@%systemroot%\system32\cscsvc.dll,-202) -> system32\drivers\csc.sys R1 - DfsC (@%systemroot%\system32\drivers\dfsc.sys,-101) -> System32\Drivers\dfsc.sys R1 - discache (@%systemroot%\system32\drivers\discache.sys,-102) -> System32\drivers\discache.sys R1 - HWiNFO32 (HWiNFO32/64 Kernel Driver) -> \??\C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS R1 - Msfs () -> (?) R1 - mssmbios (Pilote BIOS de gestion de systèmes Microsoft) -> system32\DRIVERS\mssmbios.sys R1 - NetBIOS (NetBIOS Interface) -> system32\DRIVERS\netbios.sys R1 - NetBT (@%SystemRoot%\system32\drivers\netbt.sys,-2) -> System32\DRIVERS\netbt.sys R1 - Npfs () -> (?) R1 - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) -> system32\drivers\nsiproxy.sys R1 - Null () -> (?) R1 - Psched (@%SystemRoot%\System32\drivers\pacer.sys,-101) -> system32\DRIVERS\pacer.sys R1 - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) -> system32\DRIVERS\rdbss.sys R1 - RDPCDD (@%systemroot%\system32\DRIVERS\RDPCDD.sys,-100) -> System32\DRIVERS\RDPCDD.sys R1 - RDPENCDD (@%systemroot%\system32\drivers\RDPENCDD.sys,-101) -> system32\drivers\rdpencdd.sys R1 - RDPREFMP (@%systemroot%\system32\drivers\RdpRefMp.sys,-101) -> system32\drivers\rdprefmp.sys R1 - Serial (Pilote de port série) -> system32\DRIVERS\serial.sys R1 - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) -> system32\DRIVERS\tdx.sys R1 - TermDD (Pilote de périphérique terminal) -> system32\DRIVERS\termdd.sys R1 - VgaSave () -> \SystemRoot\System32\drivers\vga.sys R1 - vwififlt (Virtual WiFi Filter Driver) -> system32\DRIVERS\vwififlt.sys R1 - Wanarpv6 (@%systemroot%\system32\rascfg.dll,-32012) -> system32\DRIVERS\wanarp.sys R1 - WfpLwf (WFP Lightweight Filter) -> system32\DRIVERS\wfplwf.sys R2 - Apple Mobile Device Service (Apple Mobile Device Service) -> "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" R2 - AudioEndpointBuilder (@%SystemRoot%\system32\audiosrv.dll,-204) -> %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted R2 - AudioSrv (@%SystemRoot%\system32\audiosrv.dll,-200) -> %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted R2 - BFE (@%SystemRoot%\system32\bfe.dll,-1001) -> %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork R2 - BITS (@%SystemRoot%\system32\qmgr.dll,-1000) -> %SystemRoot%\System32\svchost.exe -k netsvcs R2 - Bonjour Service (Service Bonjour) -> "C:\Program Files\Bonjour\mDNSResponder.exe" S2 - clr_optimization_v4.0.30319_32 (Microsoft .NET Framework NGEN v4.0.30319_X86) -> C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe S2 - clr_optimization_v4.0.30319_64 (Microsoft .NET Framework NGEN v4.0.30319_X64) -> C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe R2 - CryptSvc (@%SystemRoot%\system32\cryptsvc.dll,-1001) -> %SystemRoot%\system32\svchost.exe -k NetworkService R2 - CscService (@%systemroot%\system32\cscsvc.dll,-200) -> %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted R2 - DcomLaunch (@oleres.dll,-5012) -> %SystemRoot%\system32\svchost.exe -k DcomLaunch R2 - Dhcp (@%SystemRoot%\system32\dhcpcore.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted R2 - Dnscache (@%SystemRoot%\System32\dnsapi.dll,-101) -> %SystemRoot%\system32\svchost.exe -k NetworkService R2 - DPS (@%systemroot%\system32\dps.dll,-500) -> %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork R2 - eventlog (@%SystemRoot%\system32\wevtsvc.dll,-200) -> %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted R2 - EventSystem (@comres.dll,-2450) -> %SystemRoot%\system32\svchost.exe -k LocalService R2 - FontCache (@%systemroot%\system32\FntCache.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalService R2 - GamingApp_Service () -> "C:\Program Files (x86)\MSI\Gaming APP\GamingApp_Service.exe" R2 - GamingHotkey_Service (GamingHotkey_Service) -> C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey_Service.exe R2 - gpsvc (@gpapi.dll,-112) -> %systemroot%\system32\svchost.exe -k netsvcs S2 - gupdate (Service Google Update (gupdate)) -> "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc R2 - IAStorDataMgrSvc (Intel(R) Rapid Storage Technology) -> "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe" R2 - IKEEXT (@%SystemRoot%\system32\ikeext.dll,-501) -> %systemroot%\system32\svchost.exe -k netsvcs R2 - iphlpsvc (@%SystemRoot%\system32\iphlpsvc.dll,-500) -> %SystemRoot%\System32\svchost.exe -k NetSvcs R2 - ISCTAgent (Intel(R) Smart Connect Technology Agent) -> "C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe" R2 - jhi_service (Intel(R) Dynamic Application Loader Host Interface Service) -> "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe" R2 - LanmanServer (@%systemroot%\system32\srvsvc.dll,-100) -> %SystemRoot%\system32\svchost.exe -k netsvcs R2 - LanmanWorkstation (@%systemroot%\system32\wkssvc.dll,-100) -> %SystemRoot%\System32\svchost.exe -k NetworkService R2 - lltdio (Link-Layer Topology Discovery Mapper I/O Driver) -> system32\DRIVERS\lltdio.sys R2 - lmhosts (@%SystemRoot%\system32\lmhsvc.dll,-101) -> %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted R2 - LMS (Intel(R) Management and Security Application Local Management Service) -> "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe" R2 - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) -> \SystemRoot\system32\drivers\luafv.sys S2 - MBAMService () -> "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe" S2 - MMCSS (@%systemroot%\system32\mmcss.dll,-100) -> %SystemRoot%\system32\svchost.exe -k netsvcs R2 - MpsSvc (@%SystemRoot%\system32\FirewallAPI.dll,-23090) -> %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork S2 - MSI_ActiveX_Service (MSI_ActiveX_Service) -> "C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\MSI_ActiveX_Service.exe" R2 - MSI_LiveUpdate_Service (MSI Live Update Service) -> "C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe" R2 - MSI_SuperCharger (MSI_SuperCharger) -> C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe R2 - NetgearSwitchUSB (NetgearSwitchUSB) -> "C:\Program Files (x86)\NETGEAR\A6210\NetgearSwitchUSB.exe" R2 - NlaSvc (@%SystemRoot%\System32\nlasvc.dll,-1) -> %SystemRoot%\System32\svchost.exe -k NetworkService R2 - nsi (@%SystemRoot%\system32\nsisvc.dll,-200) -> %systemroot%\system32\svchost.exe -k LocalService R2 - NvContainerLocalSystem (NVIDIA LocalSystem Container) -> "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerLocalSystem -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" R2 - NVDisplay.ContainerLocalSystem (NVIDIA Display Container LS) -> "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" R2 - NVIDIA Wireless Controller Service (NVIDIA Wireless Controller Service) -> "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe" R2 - Origin Web Helper Service (Origin Web Helper Service) -> "C:\Program Files (x86)\Origin\OriginWebHelperService.exe" R2 - panda_url_filtering (panda_url_filtering Service) -> C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringb.exe -- R2 - PcaSvc (@%SystemRoot%\system32\pcasvc.dll,-1) -> %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted R2 - PEAUTH (PEAUTH) -> system32\drivers\peauth.sys R2 - PlugPlay (@%SystemRoot%\system32\umpnpmgr.dll,-100) -> %SystemRoot%\system32\svchost.exe -k DcomLaunch R2 - Power (@%SystemRoot%\system32\umpo.dll,-100) -> %SystemRoot%\system32\svchost.exe -k DcomLaunch R2 - ProfSvc (@%systemroot%\system32\profsvc.dll,-300) -> %systemroot%\system32\svchost.exe -k netsvcs R2 - RpcEptMapper (@%windir%\system32\RpcEpMap.dll,-1001) -> %SystemRoot%\system32\svchost.exe -k RPCSS R2 - RpcSs (@oleres.dll,-5010) -> %SystemRoot%\system32\svchost.exe -k rpcss R2 - rspndr (Link-Layer Topology Discovery Responder) -> system32\DRIVERS\rspndr.sys R2 - SamSs (@%SystemRoot%\system32\samsrv.dll,-1) -> %SystemRoot%\system32\lsass.exe R2 - SamsungRapidSvc (Samsung RAPID Mode Service) -> system32\RAPID\SamsungRapidSvc.exe R2 - Schedule (@%SystemRoot%\system32\schedsvc.dll,-100) -> %systemroot%\system32\svchost.exe -k netsvcs R2 - SENS (@%SystemRoot%\system32\Sens.dll,-200) -> %SystemRoot%\system32\svchost.exe -k netsvcs R2 - ShellHWDetection (@%SystemRoot%\System32\shsvcs.dll,-12288) -> %SystemRoot%\System32\svchost.exe -k netsvcs R2 - speedfan (speedfan) -> \??\C:\Windows\SysWOW64\speedfan.sys R2 - Spooler (@%systemroot%\system32\spoolsv.exe,-1) -> %SystemRoot%\System32\spoolsv.exe R2 - sppsvc (@%SystemRoot%\system32\sppsvc.exe,-101) -> %SystemRoot%\system32\sppsvc.exe R2 - SQLWriter (SQL Server VSS Writer) -> "C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" R2 - stisvc (@%SystemRoot%\system32\wiaservc.dll,-9) -> %SystemRoot%\system32\svchost.exe -k imgsvc R2 - tcpipreg (TCP/IP Registry Compatibility) -> System32\drivers\tcpipreg.sys R2 - Themes (@%SystemRoot%\System32\themeservice.dll,-8192) -> %SystemRoot%\System32\svchost.exe -k netsvcs R2 - TrkWks (@%SystemRoot%\system32\trkwks.dll,-1) -> %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted R2 - UxSms (@%SystemRoot%\system32\dwm.exe,-2000) -> %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted S2 - Veqach (Veqach) -> %SystemRoot%\system32\svchost.exe -k Veqach R2 - WinDefend (@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103) -> %SystemRoot%\System32\svchost.exe -k secsvcs R2 - Winmgmt (@%Systemroot%\system32\wbem\wmisvc.dll,-205) -> %systemroot%\system32\svchost.exe -k netsvcs R2 - Wlansvc (@%SystemRoot%\System32\wlansvc.dll,-257) -> %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted R2 - WMPNetworkSvc (@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101) -> "%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe" R2 - wscsvc (@%SystemRoot%\System32\wscsvc.dll,-200) -> %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted R2 - wuauserv (@%systemroot%\system32\wuaueng.dll,-105) -> %systemroot%\system32\svchost.exe -k netsvcs R2 - wudfsvc (@%SystemRoot%\system32\wudfsvc.dll,-1000) -> %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted ---------- | System files (Microsoft Files whitelisted) [MD5.43705807B0FC004C4B556B3D7361305D] - [26/05/2015 16:20:04] - (.MediaTek Inc. (C)2015. - MediaTek 802.11n Wireless Adapter Driver.) - [2191.17 Ko] - (5.1.22.0) - C:\Windows\System32\Drivers\A6210.sys [MD5.2F6B34B83843F0C5118B63AC634F5BF4] - [10/06/2009 22:36:24] - (.Copyright © 2006 Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) - [479.58 Ko] - (1.6.6.4) - C:\Windows\System32\Drivers\adp94xx.sys [MD5.597F78224EE9224EA1A13D6350CED962] - [13/07/2009 23:59:32] - (.Copyright © 2006 Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) - [331.58 Ko] - (1.6.6.1) - C:\Windows\System32\Drivers\adpahci.sys [MD5.E109549C90F62FB570B9540C4B148E54] - [13/07/2009 23:59:33] - (.Copyright © 2003 Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver (X64).) - [178.58 Ko] - (7.2.0.0) - C:\Windows\System32\Drivers\adpu320.sys [MD5.5812713A477A3AD7363C7438CA2EE038] - [14/07/2009 01:19:47] - (.Copyright (C) Acer Laboratories Inc. 2000 - ALi mini IDE Driver.) - [15.08 Ko] - (1.2.0.0) - C:\Windows\System32\Drivers\aliide.sys [MD5.1FF8B4431C353CE385C875F194924C0C] - [14/07/2009 01:19:49] - (.Copyright (C) AMD 2003 - Pilote IDE AMD.) - [15.08 Ko] - (6.1.7600.16385) - C:\Windows\System32\Drivers\amdide.sys [MD5.6EC6D772EAE38DC17C14AED9B178D24B] - [21/11/2010 05:23:47] - (.Copyright © 2008-2010 AMD, Inc. - AHCI 1.2 Device Driver.) - [105.38 Ko] - (1.1.2.5) - C:\Windows\System32\Drivers\amdsata.sys [MD5.F67F933E79241ED32FF46A4F29B5120B] - [10/06/2009 22:37:35] - (.2008 Advanced Micro Devices, Inc. - AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform.) - [189.58 Ko] - (3.6.1540.127) - C:\Windows\System32\Drivers\amdsbs.sys [MD5.1142A21DB581A84EA5597B03A26EBAA0] - [21/11/2010 05:23:47] - (.Copyright © 2008-2010 AMD, Inc. - Storage Filter Driver.) - [26.38 Ko] - (1.1.2.5) - C:\Windows\System32\Drivers\amdxata.sys [MD5.C484F8CEB1717C540242531DB7845C4E] - [13/07/2009 23:59:33] - (.Copyright 2007 Adaptec, Inc. - Adaptec RAID Storport Driver.) - [85.58 Ko] - (5.2.0.10384) - C:\Windows\System32\Drivers\arc.sys [MD5.019AF6924AEFE7839F61C830227FE79C] - [13/07/2009 23:59:33] - (.Copyright 2008 Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) - [95.56 Ko] - (5.2.0.16119) - C:\Windows\System32\Drivers\arcsas.sys [MD5.B5ACE6968304A3900EEB1EBFD9622DF2] - [10/06/2009 22:34:23] - (.Copyright 2000-2008, Broadcom Corporation. - Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver..) - [264.5 Ko] - (10.100.4.0) - C:\Windows\System32\Drivers\b57nd60a.sys [MD5.F09EEE9EDC320B5E1501F749FDE686C8] - [14/07/2009 03:19:59] - (.Copyright (C) Brother Industries, Ltd. 2001-2003 - Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) - [18 Ko] - (1.10.0.2) - C:\Windows\System32\Drivers\BrFiltLo.sys [MD5.B114D3098E9BDB8BEA8B053685831BE6] - [14/07/2009 03:20:21] - (.Copyright (C) Brother Industries, Ltd. 2001 - Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) - [8.5 Ko] - (1.4.0.1) - C:\Windows\System32\Drivers\BrFiltUp.sys [MD5.43BEA8D483BF1870F018E2D02E06A5BD] - [14/07/2009 03:19:06] - (.Copyright (C) Brother Industries Ltd.1997-2006 - Pilote Brother Série I/F (WDM).) - [280 Ko] - (1.0.1.6) - C:\Windows\System32\Drivers\BrSerId.sys [MD5.A6ECA2151B08A09CACECA35C07F05B42] - [14/07/2009 03:20:11] - (.Copyright (C) Brother Industries Ltd.1997-2003 - Brother Serial driver (WDM version).) - [46 Ko] - (1.0.0.20) - C:\Windows\System32\Drivers\BrSerWdm.sys [MD5.B79968002C277E869CF38BD22CD61524] - [14/07/2009 03:20:26] - (.Copyright(C)Brother Industries Ltd.1997-2006 - Brother USB MDM Driver.) - [14.63 Ko] - (1.0.0.12) - C:\Windows\System32\Drivers\BrUsbMdm.sys [MD5.A87528880231C54E75EA7A44943B38BF] - [14/07/2009 03:20:15] - (.Copyright(C)Brother Industries Ltd.1997-2006 - Brother USB Serial Driver.) - [14.38 Ko] - (1.0.1.3) - C:\Windows\System32\Drivers\BrUsbSer.sys [MD5.3E5B191307609F7514148C6832BB0842] - [10/06/2009 22:34:28] - (.(c) COPYRIGHT 2001-2008 Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) - [457.5 Ko] - (4.8.2.0) - C:\Windows\System32\Drivers\bxvbda.sys [MD5.E19D3F095812725D88F9001985B94EDD] - [14/07/2009 01:19:48] - (.Copyright (C) CMD Technology, Inc. 1999-2000 - CMD PCI IDE Bus Driver.) - [17.08 Ko] - (2.0.7.0) - C:\Windows\System32\Drivers\cmdide.sys [MD5.0E5DA5369A0FCAEA12456DD852545184] - [10/06/2009 22:36:49] - (.Copyright © 2003-2009 Emulex - Storport Miniport Driver for LightPulse HBAs.) - [518.06 Ko] - (7.2.10.211) - C:\Windows\System32\Drivers\elxstor.sys [MD5.DC5D737F51BE844D8C82C695EB17372F] - [10/06/2009 22:34:33] - (.(c) COPYRIGHT 2001-2008 Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) - [3209 Ko] - (4.8.13.0) - C:\Windows\System32\Drivers\evbda.sys [MD5.F2523EF6460FC42405B12248338AB2F0] - [14/07/2009 00:53:43] - (.Copyright ©2007-2009 Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) - [30.5 Ko] - (1.31.27127.0) - C:\Windows\System32\Drivers\hcw85cir.sys [MD5.39D2ABCD392F3D8A6DCE7B60AE7B8EFC] - [21/11/2010 05:23:47] - (.Copyright (c) 2004-2010 Hewlett-Packard Development Company, L.P. - Smart Array SAS/SATA Controller Media Driver.) - [76.88 Ko] - (6.12.6.64) - C:\Windows\System32\Drivers\HpSAMD.sys [MD5.38C20EBB2621A86A5E9729EDA8F0F126] - [29/09/2016 07:19:24] - (.Copyright (c) 2003 FINTEK Corp. - FINTEK Corp. FitGpBus Device Driver.) - [40.78 Ko] - (1.0.2014.217) - C:\Windows\System32\Drivers\I2cHkBurn.sys [MD5.9EBE1AE8B3DA91D06BE1971EB37F7DA0] - [28/05/2014 10:10:20] - (.Copyright (C), Intel Corporation. - Intel(R) Rapid Storage Technology driver - x64.) - [656.35 Ko] - (13.1.0.1058) - C:\Windows\System32\Drivers\iaStorA.sys [MD5.C018747131B4E90E9267BA5B31EB43A7] - [28/05/2014 10:10:20] - (.Copyright (C), Intel Corporation. - Intel(R) Rapid Storage Technology Filter driver - x64.) - [27.35 Ko] - (13.1.0.1058) - C:\Windows\System32\Drivers\iaStorF.sys [MD5.3DF4395A7CF8B7A72A5F4606366B8C2D] - [21/11/2010 05:23:47] - (.Copyright(C) Intel Corporation 1994-2008 - Intel Matrix Storage Manager driver - x64.) - [400.88 Ko] - (8.6.2.1014) - C:\Windows\System32\Drivers\iaStorV.sys [MD5.5C18831C61933628F5BB0EA2675B9D21] - [13/07/2009 23:59:33] - (.Copyright © 2002-05 Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) - [43.08 Ko] - (5.4.22.0) - C:\Windows\System32\Drivers\iirsp.sys [MD5.FF604BCE2537A4734DA0CE19AD9B7B7A] - [27/05/2014 11:21:04] - (.-.) - [21.7 Ko] - (0.0.0.0) - C:\Windows\System32\Drivers\ikbevent.sys [MD5.298E67827BE3C4403C32EAB66987A334] - [27/05/2014 11:21:08] - (.-.) - [22.2 Ko] - (0.0.0.0) - C:\Windows\System32\Drivers\imsevent.sys [MD5.0BBE196EED750C18E5D4B3CB55EB097C] - [29/09/2016 07:12:36] - (.-.) - [25.2 Ko] - (0.0.0.0) - C:\Windows\System32\Drivers\INETMON.sys [MD5.35C0995BCDB0E45D1EEBE4FB582D1563] - [27/05/2014 11:21:08] - (.Copyright (C) 2011-2012 - Intel(R) Smart Connect Technology Device Driver.) - [43.7 Ko] - (1.1.0.0) - C:\Windows\System32\Drivers\ISCTD.sys [MD5.8CAF9BE17438F875A82FCE36DE4DC634] - [02/04/2015 15:48:09] - (.(C) 2010-2015 Intel Corporation - Intel(R) USB 3.0 Host Controller Switch Driver.) - [22.27 Ko] - (3.0.5.69) - C:\Windows\System32\Drivers\iusb3hcs.sys [MD5.013AC194D2716C345742B01CDC4A73A7] - [02/04/2015 15:48:28] - (.(C) 2010-2015 Intel Corporation - Intel(R) USB 3.0 Hub Driver.) - [381.27 Ko] - (3.0.5.69) - C:\Windows\System32\Drivers\iusb3hub.sys [MD5.242C9879365A45E4E0C5E2E13E43E938] - [02/04/2015 15:48:34] - (.(C) 2010-2015 Intel Corporation - Intel(R) USB 3.0 eXtensible Host Controller Driver.) - [781.27 Ko] - (3.0.5.69) - C:\Windows\System32\Drivers\iusb3xhc.sys [MD5.1A93E54EB0ECE102495A51266DCDB6A6] - [13/07/2009 23:59:34] - (.Copyright © LSI Corporation 2008 - LSI Fusion-MPT FC Driver (StorPort).) - [112.06 Ko] - (1.28.3.52) - C:\Windows\System32\Drivers\lsi_fc.sys [MD5.1047184A9FDC8BDBFF857175875EE810] - [13/07/2009 23:59:33] - (.Copyright © LSI Corporation 2008 - LSI Fusion-MPT SAS Driver (StorPort).) - [104.06 Ko] - (1.28.3.52) - C:\Windows\System32\Drivers\lsi_sas.sys [MD5.30F5C0DE1EE8B5BC9306C1F0E4A75F93] - [13/07/2009 23:59:34] - (.Copyright © LSI Corporation 2009 - LSI SAS Gen2 Driver (StorPort).) - [64.06 Ko] - (2.0.2.71) - C:\Windows\System32\Drivers\lsi_sas2.sys [MD5.0504EACAFF0D3C8AED161C4B0D369D4A] - [13/07/2009 23:59:33] - (.Copyright © LSI Corporation 2008 - LSI Fusion-MPT SCSI Driver (StorPort).) - [113.06 Ko] - (1.28.3.67) - C:\Windows\System32\Drivers\lsi_scsi.sys [MD5.78BFF5425E044086E74E78650A359FBB] - [18/10/2016 20:08:02] - (.© Malwarebytes. - Malwarebytes Anti-Malware.) - [26.38 Ko] - (0.1.16.0) - C:\Windows\System32\Drivers\mbam.sys [MD5.1239597BAB7EED2BB16D035AF87E65D9] - [18/10/2016 20:08:02] - (.© Malwarebytes. - Malwarebytes Chameleon Protection Driver.) - [137.38 Ko] - (1.1.22.0) - C:\Windows\System32\Drivers\mbamchameleon.sys [MD5.78488AF2AB2111D67B3C4044707A519B] - [18/10/2016 20:08:37] - (.© Malwarebytes. - Malwarebytes Anti-Malware.) - [187.71 Ko] - (0.3.0.4) - C:\Windows\System32\Drivers\MBAMSwissArmy.sys [MD5.CBDD6C33375D5335D8CBDC9CA3E97996] - [29/09/2016 07:08:13] - (.Copyright © Creative Technology Ltd. 2009 - Creative Audio Driver.) - [40.13 Ko] - (6.10.0.8) - C:\Windows\System32\Drivers\MBfilt64.sys [MD5.A55805F747C6EDB6A9080D7C633BD0F4] - [10/06/2009 22:37:14] - (.Copyright © LSI Corporation - MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64.) - [34.56 Ko] - (4.5.1.64) - C:\Windows\System32\Drivers\megasas.sys [MD5.BAF74CE0072480C3B6B7C13B2A94D6B3] - [13/07/2009 23:59:33] - (.Copyright (C) 2007 LSI Corporation. - LSI MegaRAID Software RAID Driver.) - [278.06 Ko] - (13.5.409.2009) - C:\Windows\System32\Drivers\MegaSR.sys [MD5.452ACB7A9914398D9E18CCCFFCF92208] - [18/10/2016 20:08:02] - (.© Malwarebytes Corporation. - Malwarebytes Web Access Control.) - [63.38 Ko] - (1.0.6.0) - C:\Windows\System32\Drivers\mwac.sys [MD5.EE00C544C025958AF50C7B199F3C8595] - [28/03/2016 12:41:28] - (.Copyright (C) 2009 Apple Inc. - Apple Mobile Device Ethernet.) - [22.5 Ko] - (1.8.5.1) - C:\Windows\System32\Drivers\netaapl64.sys [MD5.77889813BE4D166CDAB78DDBA990DA92] - [13/07/2009 23:59:33] - (.(C) Copyright IBM Corp. 1994, 2002. - IBM ServeRAID Controller Driver.) - [50.06 Ko] - (7.10.0.0) - C:\Windows\System32\Drivers\nfrd960.sys [MD5.64DA1993B1973F049C1347DA1B05185E] - [22/10/2016 13:05:37] - (.(C) NVIDIA Corporation. - NVIDIA HDMI Audio Driver.) - [207.95 Ko] - (1.3.34.17) - C:\Windows\System32\Drivers\nvhda64v.sys [MD5.10F843D0092034E16CDF68FB032BF402] - [25/10/2016 15:09:45] - (.(C) 2016 NVIDIA Corporation. - NVIDIA Windows Kernel Mode Driver, Version 375.63.) - [13689.44 Ko] - (21.21.13.7563) - C:\Windows\System32\Drivers\nvlddmkm.sys [MD5.5D9FD91F3D38DC9DA01E3CB5FA89CD48] - [21/11/2010 05:23:47] - (.Copyright(C) 2001-2010 NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) - [144.88 Ko] - (10.6.0.18) - C:\Windows\System32\Drivers\nvraid.sys [MD5.F7CD50FE7139F07E77DA8AC8033D1832] - [21/11/2010 05:23:47] - (.Copyright(C) 2001-2010 NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) - [162.38 Ko] - (10.6.0.18) - C:\Windows\System32\Drivers\nvstor.sys [MD5.B437620D61C86C135D72AA96B812A66B] - [29/09/2016 06:40:20] - (.(C) NVIDIA Corporation. - NVIDIA Virtual Audio Driver.) - [46.55 Ko] - (1.2.41.0) - C:\Windows\System32\Drivers\nvvad64v.sys [MD5.A53A15A11EBFD21077463EE2C7AFEEF0] - [10/06/2009 22:37:36] - (.Copyright © QLogic Corporation 1996-2009 - QLogic Fibre Channel Stor Miniport Driver.) - [1489.08 Ko] - (9.1.8.6) - C:\Windows\System32\Drivers\ql2300.sys [MD5.4F6D12B51DE1AAEFF7DC58C4D75423C8] - [13/07/2009 23:59:34] - (.© QLogic Corporation. - QLogic iSCSI Storport Miniport Driver.) - [125.58 Ko] - (2.1.3.20) - C:\Windows\System32\Drivers\ql40xx.sys [MD5.13AD818FFE1E7524D85E1AA0531C9EA7] - [29/09/2016 07:08:14] - (.Copyright (c) Realtek Semiconductor Corp.1998-2013 - Realtek(r) High Definition Audio Function Driver.) - [5152.51 Ko] - (6.0.1.7910) - C:\Windows\System32\Drivers\RTKVHD64.sys [MD5.BC99D12CE9DB8DB55E231F8D195FC67B] - [30/09/2016 23:05:50] - (.© Samsung Electronics Co., Ltd.. - Samsung RAPID Mode Disk Filter Driver.) - [265.59 Ko] - (1.0.1.96) - C:\Windows\System32\Drivers\SamsungRapidDiskFltr.sys [MD5.AF482EF7743667400875C7B9470BFD4D] - [04/09/2015 12:08:46] - (.© Samsung Electronics Co., Ltd.. - Samsung RAPID Mode File Filter Driver.) - [108.09 Ko] - (1.0.1.96) - C:\Windows\System32\Drivers\SamsungRapidFSFltr.sys [MD5.3EA8A16169C26AFBEB544E0E48421186] - [14/07/2009 04:36:07] - (.© 2006 Macrovision Corporation - Macrovision SECURITY Driver.) - [22.5 Ko] - (4.3.86.0) - C:\Windows\System32\Drivers\secdrv.sys [MD5.C1D8E28B2C2ADFAEC4BA89E9FDA69BD6] - [14/07/2009 02:00:40] - (.Copyright (C) Brother Industries Ltd.1997-2006 - Pilote Brother Série I/F (WDM).) - [92 Ko] - (6.1.7600.16385) - C:\Windows\System32\Drivers\serial.sys [MD5.843CAF1E5FDE1FFD5FF768F23A51E2E1] - [10/06/2009 22:37:40] - (.Copyright (c) SiS Corp. 2000-2010 - SiS RAID Stor Miniport Driver.) - [42.56 Ko] - (5.1.1039.2600) - C:\Windows\System32\Drivers\sisraid2.sys [MD5.6A6C106D42E9FFFF8B9FCB4F754F6DA4] - [13/07/2009 23:59:33] - (.Copyright (c) SiS Corp. 2007-2013 - SiS AHCI Stor-Miniport Driver.) - [78.58 Ko] - (5.1.1039.3600) - C:\Windows\System32\Drivers\sisraid4.sys [MD5.F3817967ED533D08327DC73BC4D5542A] - [13/07/2009 23:59:33] - (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) - [24.08 Ko] - (5.0.1.1) - C:\Windows\System32\Drivers\stexstor.sys [MD5.1BC9159CF58BABD89419072EA180A8F6] - [10/11/2014 12:12:42] - (.Copyright © 2006-2014, Intel Corporation. - Intel(R) Management Engine Interface.) - [126.28 Ko] - (10.0.30.1054) - C:\Windows\System32\Drivers\TeeDriverx64.sys [MD5.F957092C63CD71D85903CA0D8370F473] - [28/03/2016 12:41:34] - (.© Apple, Inc. - Apple Mobile Device USB Driver.) - [53.5 Ko] - (1.67.0.0) - C:\Windows\System32\Drivers\usbaapl64.sys [MD5.E5689D93FFE4E5D66C0178761240DD54] - [14/07/2009 01:19:50] - (.Copyright (C) VIA Technologies, Inc. 2000-2007 - VIA Generic PCI IDE Bus Driver.) - [17.08 Ko] - (6.0.6000.170) - C:\Windows\System32\Drivers\viaide.sys [MD5.5E2016EA6EBACA03C04FEAC5F330D997] - [10/06/2009 22:37:58] - (.Copyright (C) VIA Technologies 1992-2007 - VIA RAID DRIVER FOR AMD-X86-64.) - [158.08 Ko] - (6.0.6000.6210) - C:\Windows\System32\Drivers\vsmraid.sys [MD5.EF558A02D734A1403583E95CCEEC2487] - [29/09/2016 07:22:36] - (.Copyright (c)1999-2015 Martin Malík - REALiX - HWiNFO AMD64 Kernel Driver.) - [26.91 Ko] - (8.98.0.0) - C:\Windows\Syswow64\Drivers\HWiNFO64A.SYS ---------- | Uninstall [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\CCleaner] : (CCleaner.-.Piriform) -> "C:\Program Files\CCleaner\uninst.exe" [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\TeamSpeak 3 Client] : (TeamSpeak 3 Client.-.TeamSpeak Systems GmbH) -> "C:\Program Files\TeamSpeak 3 Client\uninstall.exe" [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\VulkanRT1.0.26.0] : (Vulkan Run Time Libraries 1.0.26.0.-.LunarG, Inc.) -> C:\Program Files (x86)\VulkanRT\1.0.26.0\UninstallVulkanRT.exe [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WinRAR archiver] : (WinRAR 5.40 (64-bit).-.win.rar GmbH) -> C:\Program Files\WinRAR\uninstall.exe [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1] : (Core Temp 1.4.1.-.ALCPU) -> "C:\Program Files\Core Temp\unins000.exe" [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{18DF567E-AA9B-434D-BE77-BFE2292712F6}] : (RAPID Mode.-.Samsung Electronics Co., Ltd.) -> MsiExec.exe /X{18DF567E-AA9B-434D-BE77-BFE2292712F6} [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{1B444AF9-1DBE-4884-8F35-969BEFCF69A8}] : (Intel® Trusted Connect Service Client.-.Intel Corporation) -> MsiExec.exe /I{1B444AF9-1DBE-4884-8F35-969BEFCF69A8} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{1CEAC85D-2590-4760-800F-8DE5E91F3700}] : (Intel(R) Management Engine Components.-.Intel Corporation) -> "C:\ProgramData\Intel\Package Cache\{1CEAC85D-2590-4760-800F-8DE5E91F3700}\Setup.exe" -uninstall [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{33013669-7557-430E-9153-3C025284E623}] : (Intel(R) Smart Connect Technology.-.Intel Corporation) -> MsiExec.exe /I{33013669-7557-430E-9153-3C025284E623} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{409CB30E-E457-4008-9B1A-ED1B9EA21140}] : (Intel(R) Rapid Storage Technology.-.Intel Corporation) -> "C:\ProgramData\Intel\Package Cache\{409CB30E-E457-4008-9B1A-ED1B9EA21140}\Setup.exe" -uninstall [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{55398EAC-F58E-4F19-B553-BDF8B9EFD839}] : (Intel(R) Chipset Device Software.-.Intel Corporation) -> MsiExec.exe /I{55398EAC-F58E-4F19-B553-BDF8B9EFD839} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}] : (Bonjour.-.Apple Inc.) -> MsiExec.exe /X{56DDDFB8-7F79-4480-89D5-25E1F52AB28F} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{5905C8CF-1C88-4478-A48E-4E458AD1BC7E}] : (Apple Application Support (64 bits).-.Apple Inc.) -> MsiExec.exe /I{5905C8CF-1C88-4478-A48E-4E458AD1BC7E} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{7116875E-F251-4C33-AB3F-37DE05B15595}_is1] : (MSI DragonEye.-.MSI) -> "C:\Program Files\MSI\DragonEye\unins000.exe" [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{8C791A9C-B26E-4E09-8D87-3348AAE61B4A}] : (Intel(R) Management Engine Components.-.Intel Corporation) -> MsiExec.exe /I{8C791A9C-B26E-4E09-8D87-3348AAE61B4A} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{9946A4F7-E0FD-4A33-82D1-06CBFFBBB9F9}] : (iTunes.-.Apple Inc.) -> MsiExec.exe /I{9946A4F7-E0FD-4A33-82D1-06CBFFBBB9F9} [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{9F75A0EC-6773-4116-9D07-ABC427273606}] : (Intel(R) Management Engine Components.-.Intel Corporation) -> MsiExec.exe /I{9F75A0EC-6773-4116-9D07-ABC427273606} [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel] : (Ansel.-.NVIDIA Corporation) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision] : (NVIDIA Pilote 3D Vision 375.63.-.NVIDIA Corporation) -> "C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.3DVision [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel] : (Panneau de configuration NVIDIA 375.63.-.NVIDIA Corporation) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver] : (NVIDIA Pilote graphique 375.63.-.NVIDIA Corporation) -> "C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.Driver [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience] : (NVIDIA GeForce Experience 3.0.7.34.-.NVIDIA Corporation) -> "C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.GFExperience [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB] : (NVIDIA Pilote du contrôleur 3D Vision 369.04.-.NVIDIA Corporation) -> "C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.NVIRUSB [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus] : (NVIDIA Optimus Update 2.13.0.21.-.NVIDIA Corporation) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX] : (NVIDIA Logiciel système PhysX 9.16.0318.-.NVIDIA Corporation) -> "C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.PhysX [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update] : (Mises à jour NVIDIA 2.13.0.21.-.NVIDIA Corporation) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv] : (SHIELD Streaming.-.NVIDIA Corporation) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GfExperienceService] : (NVIDIA Wireless Controller Service.-.NVIDIA Corporation) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver] : (NVIDIA Pilote audio HD : 1.3.34.17.-.NVIDIA Corporation) -> "C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage HDAudio.Driver [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer] : (NVIDIA Install Application.-.NVIDIA Corporation) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvBackend] : (NVIDIA Backend.-.NVIDIA Corporation) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer] : (NVIDIA Container.-.NVIDIA Corporation) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.LocalSystem] : (NVIDIA LocalSystem Container.-.NVIDIA Corporation) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.MessageBus] : (NVIDIA Message Bus for NvContainer.-.NVIDIA Corporation) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NetworkService] : (NVIDIA NetworkService Container.-.NVIDIA Corporation) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.User] : (NVIDIA User Container.-.NVIDIA Corporation) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.UserElevated] : (NVIDIA Elevated User Container.-.NVIDIA Corporation) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainer] : (NVIDIA Display Container.-.NVIDIA Corporation) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainerLS] : (NVIDIA Display Container LS.-.NVIDIA Corporation) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs] : (NvNodejs.-.NVIDIA Corporation) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvPlugin.Watchdog] : (NVIDIA Watchdog Plugin for NvContainer.-.NVIDIA Corporation) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry] : (NvTelemetry.-.NVIDIA Corporation) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_OSC] : (Nvidia Share.-.NVIDIA Corporation) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay] : (NVIDIA ShadowPlay 2.13.0.21.-.NVIDIA Corporation) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController] : (SHIELD Wireless Controller Driver.-.NVIDIA Corporation) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core] : (NVIDIA Update Core.-.NVIDIA Corporation) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver] : (NVIDIA Virtual Audio 1.2.41.-.NVIDIA Corporation) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{D4D86CB2-2370-4691-8272-3869EDED6C64}] : (Apple Mobile Device Support.-.Apple Inc.) -> MsiExec.exe /I{D4D86CB2-2370-4691-8272-3869EDED6C64} [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{DBC3205C-2A41-490A-8EE4-BE4993FC2EC6}] : (Intel(R) ME UninstallLegacy.-.Intel Corporation) -> MsiExec.exe /I{DBC3205C-2A41-490A-8EE4-BE4993FC2EC6} [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{EAF826C0-245E-4D02-9D51-BA4C98717EAE}] : (Intel(R) Rapid Storage Technology.-.Intel Corporation) -> MsiExec.exe /I{EAF826C0-245E-4D02-9D51-BA4C98717EAE} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Adobe Flash Player NPAPI] : (Adobe Flash Player 23 NPAPI.-.Adobe Systems Incorporated) -> C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_162_Plugin.exe -maintain plugin [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Airbus A318-A319 - PREPAR3D V3.x] : (Aerosoft's - Airbus A318-A319 - PREPAR3D V3.x.-.Aerosoft) -> D:\Program Files (x86)\Lockheed Martin\Prepar3D v3\Aerosoft\Uninstall_AirbusA31-A319.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Airbus A320-A321 - PREPAR3D V3.x] : (Aerosoft's - Airbus A320-A321 - PREPAR3D V3.x.-.Aerosoft) -> D:\Program Files (x86)\Lockheed Martin\Prepar3D v3\Aerosoft\Uninstall_AirbusA320-A321.exe [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DIGITALDESIGN-ZALZBURG-5AA2B000-276D-409B-B8E2-0~36C3D109_is1] : (Digital Design Salzburg.-.SimMarket) -> "D:\Program Files (x86)\Lockheed Martin\Prepar3D v3\SimMarket\Digital Design Salzburg P3Dv3\bin\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\EZdok Camera for Microsoft Flight Simulator X] : (EZdok Camera for Microsoft Flight Simulator X.-.) -> C:\Program Files (x86)\EZCA\UnEZCA.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\FSDreamTeam GSX P3D v3.x_is1] : (FSDreamTeam GSX P3D v3.x.-.VIRTUALI Sagl) -> "D:\Program Files (x86)\Lockheed Martin\Prepar3D v3\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\FSX_JETSTREAM_DESIGN_LFML_X_2013_is1] : (JetStream Designs LFML X 2013.-.SimMarket) -> "D:\Program Files (x86)\Lockheed Martin\Prepar3D v3\SimMarket\JetStream Designs LFML X 2013\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\FTX Global Base Pack1.40] : (FTX Global Base Pack.-.Orbx Simulation Systems Pty Ltd) -> "D:\Program Files (x86)\Lockheed Martin\Prepar3D v3\\ORBX\uninstall.exe" "/U:D:\Program Files (x86)\Lockheed Martin\Prepar3D v3\\ORBX\Uninstall\uninstall.xml" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield Uninstall Information] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield_{75F86B5E-3DE3-4274-ACCA-28C48FA11612}] : (NETGEAR A6210 Genie.-.NETGEAR) -> "C:\Program Files (x86)\InstallShield Installation Information\{75F86B5E-3DE3-4274-ACCA-28C48FA11612}\setup.exe" -runfromtemp -l0x040c -removeonly [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IvAp-v2_is1] : (IvAp v2.0.2 (build 2773).-.IVAO) -> "C:\Program Files (x86)\IVAO\IvAp v2\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\JUSTSIM-LFMN-F99AB8EC-E05C-4F9E-B8E4-C06D6DEA3CED_is1] : (JustSim-LFMN.-.SimMarket) -> "D:\Program Files (x86)\Lockheed Martin\Prepar3D v3\SimMarket\JustSim-LFMN P3Dv3\bin\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\JUSTSIM-LOWI-D9ECF54F-F5D7-4E8E-9275-8832B6C3330E_is1] : (JustSim-LOWI.-.SimMarket) -> "D:\Program Files (x86)\Lockheed Martin\Prepar3D v3\SimMarket\JustSim-LOWI P3Dv3\bin\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\La Palma X - PREPAR3D V3.x] : (Aerosoft's - La Palma X - PREPAR3D V3.x.-.Aerosoft) -> D:\Program Files (x86)\Lockheed Martin\Prepar3D v3\Aerosoft\Uninstall_LaPalma.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Malwarebytes Anti-Malware_is1] : (Malwarebytes Anti-Malware version 2.2.1.1043.-.Malwarebytes) -> "C:\Program Files (x86)\Malwarebytes Anti-Malware\unins001.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Mega Airport Frankfurt 2.0 - PREPAR3D V3.x] : (Aerosoft's - Mega Airport Frankfurt 2.0 - PREPAR3D V3.x.-.Aerosoft) -> D:\Program Files (x86)\Lockheed Martin\Prepar3D v3\Aerosoft\Uninstall_EDDF20.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Mega Airport Prag - PREPAR3D V3.x] : (Aerosoft's - Mega Airport Prag - PREPAR3D V3.x.-.Aerosoft) -> D:\Program Files (x86)\Lockheed Martin\Prepar3D v3\Aerosoft\Uninstall_MegaAirportPrag.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Mozilla Firefox 49.0.1 (x86 fr)] : (Mozilla Firefox 49.0.1 (x86 fr).-.Mozilla) -> "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MozillaMaintenanceService] : (Mozilla Maintenance Service.-.Mozilla) -> "C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Night Environment - France - PREPAR3D V2.x] : (Aerosoft's - Night Environment - France - P3DV2.-.Aerosoft) -> D:\Program Files (x86)\Lockheed Martin\Prepar3D v3\Aerosoft\Uninstall_Night Environment_France.exe [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\NVIDIAStereo] : (NVIDIA Stereoscopic 3D Driver.-.NVIDIA Corporation) -> "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInst.exe" /uninstall /ask [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Origin] : (Origin.-.Electronic Arts, Inc.) -> C:\Program Files (x86)\Origin\OriginUninstall.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Panda Security URL Filtering] : (.-.Panda Security) -> C:\Program Files\Panda Security URL Filtering\uninstall.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\REX Soft Clouds - SP2 - Hotfix 1 4.2.2015.1002] : (REX Soft Clouds - SP2 - Hotfix 1.-.REX Game Studios, LLC.) -> C:\ProgramData\Caphyon\Advanced Installer\{EB5C6167-D788-4CB0-921E-EDEFF65C993F}\setup.exe /i {EB5C6167-D788-4CB0-921E-EDEFF65C993F} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\REX Soft Clouds - SP3 4.3.2016.0210] : (REX Soft Clouds - SP3.-.REX Game Studios, LLC.) -> C:\ProgramData\Caphyon\Advanced Installer\{1B84EE50-54DE-4385-AF1F-80B22BA7DFAB}\setup.exe /i {1B84EE50-54DE-4385-AF1F-80B22BA7DFAB} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\REX Soft Clouds - SP3 Hotfix 1 4.3.2016.0314] : (REX Soft Clouds - SP3 Hotfix 1.-.REX Game Studios, LLC.) -> C:\ProgramData\Caphyon\Advanced Installer\{CBD55D6A-A1DB-4BBA-8021-AA9E06773D0B}\setup.exe /i {CBD55D6A-A1DB-4BBA-8021-AA9E06773D0B} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\REX Soft Clouds - SP3 Hotfix 2 4.3.2016.0325] : (REX Soft Clouds - SP3 Hotfix 2.-.REX Game Studios, LLC.) -> C:\ProgramData\Caphyon\Advanced Installer\{4C7C0C26-317C-47E3-BE56-7F9F7D08F0E5}\rexinstaller.exe /i {4C7C0C26-317C-47E3-BE56-7F9F7D08F0E5} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\REX Soft Clouds SP3 - Hotfix 3 4.3.2016.0622] : (REX Soft Clouds SP3 - Hotfix 3.-.REX Game Studios, LLC.) -> C:\ProgramData\Caphyon\Advanced Installer\{B30437E7-0682-4D37-9DBF-97631DDF848F}\setup.exe /i {B30437E7-0682-4D37-9DBF-97631DDF848F} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\REX Soft Clouds SP3 - Hotfix 34 4.3.2016.0928] : (REX Soft Clouds SP3 - Hotfix 34.-.REX Game Studios, LLC.) -> C:\ProgramData\Caphyon\Advanced Installer\{C8768F80-4FD3-46A6-999C-EB1A0667D57D}\rexinstaller.exe /i {C8768F80-4FD3-46A6-999C-EB1A0667D57D} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SpeedFan] : (SpeedFan (remove only).-.) -> "C:\Program Files (x86)\SpeedFan\uninstall.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Steam] : (Steam.-.Valve Corporation) -> C:\Program Files (x86)\Steam\uninstall.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Teamspeak 2 RC2_is1] : (TeamSpeak 2 RC2.-.Dominating Bytes Design) -> "C:\Program Files (x86)\IVAO\IvAp v2\ts2\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\US Cities X - Boston - PREPAR3D V3.x] : (Aerosoft's - US Cities X - Boston - PREPAR3D V3.x.-.Aerosoft) -> D:\Program Files (x86)\Lockheed Martin\Prepar3D v3\Aerosoft\Uninstall_USCitiesX-Boston.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\USCitiesX - Detroit - PREPAR3D V3.x] : (aerosoft's - USCitiesX - Detroit - PREPAR3D V3.x.-.aerosoft) -> D:\Program Files (x86)\Lockheed Martin\Prepar3D v3\Aerosoft\Uninstall_USCitiesX-Detroit.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\uTorrent] : (µTorrent.-.) -> "C:\Program Files (x86)\uTorrent\uTorrent.exe" /UNINSTALL [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\VFXCentral] : (VFXCentral.-.OldProp Solutions Inc) -> C:\Program Files (x86)\OldProp Solutions Inc\VFXCentral\Uninstall.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\ViMaCore X] : (VistaMare ViMaCore X.-.) -> "D:\Program Files (x86)\Lockheed Martin\Prepar3D v3\VistaMare\ViMaCoreXuninstall.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{0623887F-D6F5-46AC-8902-F9BCD2CC0D54}] : (REX 4 - Texture Direct - SP6 Hotfix 4.-.REX Game Studios, LLC.) -> MsiExec.exe /I{0623887F-D6F5-46AC-8902-F9BCD2CC0D54} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{0EA92925-36E7-40CB-A714-118AB046099B}] : (PMDG 737 8900 NGX Base Package P3D.-.PMDG Simulations, LLC.) -> "C:\Program Files (x86)\InstallShield Installation Information\{0EA92925-36E7-40CB-A714-118AB046099B}\setup.exe" -runfromtemp -l0x0409 -removeonly [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{0F5E7FC8-3D49-47DA-9A51-6A8B4BE393B0}] : (aerosoft's - Mega Airport Paris CDG X.-.aerosoft) -> C:\Program Files (x86)\InstallShield Installation Information\{0F5E7FC8-3D49-47DA-9A51-6A8B4BE393B0}\setup.exe -runfromtemp -l0x0009 -removeonly [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{137aeb26-3d74-400c-bdbe-a33a0663b5c4}_is1] : (ASConnect 2016 for P3D Installer.-.HiFi Technologies, Inc.) -> "D:\Program Files (x86)\Lockheed Martin\Prepar3D v3\unins001.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1A5D2729-4A3B-4CD5-85C8-4896FD44B78D}] : (aerosoft's - Professional Flight Planner X.-.aerosoft) -> "C:\Program Files (x86)\InstallShield Installation Information\{1A5D2729-4A3B-4CD5-85C8-4896FD44B78D}\setup.exe" -runfromtemp -l0x040c -removeonly [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1B84EE50-54DE-4385-AF1F-80B22BA7DFAB}] : (REX Soft Clouds - SP3.-.REX Game Studios, LLC.) -> MsiExec.exe /I{1B84EE50-54DE-4385-AF1F-80B22BA7DFAB} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1DCE89A8-DA2F-4E90-92EB-5288E24DF217}] : (REX Soft Clouds SP2.-.REX Game Studios, LLC.) -> MsiExec.exe /I{1DCE89A8-DA2F-4E90-92EB-5288E24DF217} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{213CD124-D688-436D-9BD8-FFB56DC830BE}] : (Prepar3D v3 Academic Client.-.Lockheed Martin) -> MsiExec.exe /X{213CD124-D688-436D-9BD8-FFB56DC830BE} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}] : (Intel(R) USB 3.0 eXtensible Host Controller Driver.-.Intel Corporation) -> C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Uninstall\setup.exe -uninstall_arp [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1] : (Samsung Magician.-.Samsung Electronics) -> "C:\Program Files (x86)\Samsung\Samsung Magician\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{29DB9165-5FC1-48F0-9188-26123F526848}] : (Apple Application Support (32 bits).-.Apple Inc.) -> MsiExec.exe /I{29DB9165-5FC1-48F0-9188-26123F526848} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{2C44ABB9-8621-4EF5-AF34-0886DCDA7C21}] : (Google Earth.-.Google) -> MsiExec.exe /I{2C44ABB9-8621-4EF5-AF34-0886DCDA7C21} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{33063246-4819-4224-85F9-4B050D32DAD9}_is1] : (Sky AI Traffic P3D 2.0 versión 2.0.-.Sky AI Traffic) -> "D:\Program Files (x86)\Lockheed Martin\Prepar3D v3\unins002.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{335B50BC-6130-4BAF-9A6A-F1561270587B}] : (Battlefield™ 1.-.Electronic Arts) -> "C:\Program Files\Common Files\EAInstaller\Battlefield 1\Cleanup.exe" uninstall_game -autologging [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{3D88DF20-8778-422F-933D-4C4D74210045}] : (Aerosoft's - Anchorage X.-.Aerosoft) -> "C:\Program Files (x86)\InstallShield Installation Information\{3D88DF20-8778-422F-933D-4C4D74210045}\setup.exe" -runfromtemp -l0x040c -removeonly [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{3F2CF900-1437-4F93-9ABF-07B8B80E37DA}] : (Prepar3D v3 Scenery.-.Lockheed Martin) -> MsiExec.exe /I{3F2CF900-1437-4F93-9ABF-07B8B80E37DA} [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{4C7C0C26-317C-47E3-BE56-7F9F7D08F0E5}] : (REX Soft Clouds - SP3 Hotfix 2.-.REX Game Studios, LLC.) -> MsiExec.exe /I{4C7C0C26-317C-47E3-BE56-7F9F7D08F0E5} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1] : (MSI Live Update 6.-.MSI) -> "C:\Program Files (x86)\MSI\Live Update\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{51CE3C56-7069-4055-AC02-FDCA5A0C0D0C}] : (PMDG 737 6700 NGX Expansion P3D.-.PMDG Simulations, LLC.) -> "C:\Program Files (x86)\InstallShield Installation Information\{51CE3C56-7069-4055-AC02-FDCA5A0C0D0C}\setup.exe" -runfromtemp -l0x0409 -removeonly [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{56EC47AA-5813-4FF6-8E75-544026FBEA83}] : (Apple Software Update.-.Apple Inc.) -> MsiExec.exe /I{56EC47AA-5813-4FF6-8E75-544026FBEA83} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{5F86053E-B506-4B07-B74C-6BC673E864FF}] : (REX 4 - Texture Direct with Service Pack 5.-.REX Game Studios, LLC.) -> MsiExec.exe /I{5F86053E-B506-4B07-B74C-6BC673E864FF} [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}] : (Google Update Helper.-.Google Inc.) -> MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{64cd40e2-6e5e-4732-8ed4-b4a5be475825}] : (Migration Tool.-.Flightsim Estonia) -> "C:\Program Files (x86)\Flightsim Estonia\Migration Tool\Uninstall.exe" [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{75F86B5E-3DE3-4274-ACCA-28C48FA11612}] : (NETGEAR A6210 Genie.-.NETGEAR) -> MsiExec.exe /I{75F86B5E-3DE3-4274-ACCA-28C48FA11612} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1] : (MSI Super Charger.-.MSI) -> "C:\Program Files (x86)\MSI\Super Charger\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{8997C261-4536-4360-9B93-8D733F22EBD1}] : (SimObject Display Engine.-.12bPilot) -> MsiExec.exe /X{8997C261-4536-4360-9B93-8D733F22EBD1} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{8A713E65-F1E6-4E63-832F-BCA60401E9AA}] : (SimObject Display Engine.-.12bPilot) -> MsiExec.exe /X{8A713E65-F1E6-4E63-832F-BCA60401E9AA} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{8C8711FD-0FC8-4801-B33E-ED19BB0350B1}_is1] : (GPU Temp version 1.0.-.gputemp.com) -> "C:\Program Files (x86)\GPU Temp\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{8FF9311E-76B1-423D-92AD-176F67D959B0}] : (REX 4 - Texture Direct - SP6 Hotfix 2.-.REX Game Studios, LLC.) -> MsiExec.exe /I{8FF9311E-76B1-423D-92AD-176F67D959B0} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{9E710825-EF34-4976-B6A0-821FE314266F}] : (aerosoft's - Gibraltar X.-.aerosoft) -> "C:\Program Files (x86)\InstallShield Installation Information\{9E710825-EF34-4976-B6A0-821FE314266F}\setup.exe" -runfromtemp -l0x0409 -removeonly [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A9FF3B7B-F4BC-4F74-AF6B-BC4925682D3D}] : (aerosoft's - USCitiesX - Chicago.-.aerosoft) -> "C:\Program Files (x86)\InstallShield Installation Information\{A9FF3B7B-F4BC-4F74-AF6B-BC4925682D3D}\setup.exe" -runfromtemp -l0x0409 -removeonly [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{B2004DB8-745F-45F7-A327-E6FCA8341B1B}] : (REX 4 - Texture Direct - SP6 Hotfix 1.-.REX Game Studios, LLC.) -> MsiExec.exe /I{B2004DB8-745F-45F7-A327-E6FCA8341B1B} [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{B30437E7-0682-4D37-9DBF-97631DDF848F}] : (REX Soft Clouds SP3 - Hotfix 3.-.REX Game Studios, LLC.) -> MsiExec.exe /I{B30437E7-0682-4D37-9DBF-97631DDF848F} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{BD6E3AEC-7746-494A-B055-75D6D56A82BB}] : (PMDG 777-300ER Expansion P3D.-.PMDG Simulations, LLC.) -> "C:\Program Files (x86)\InstallShield Installation Information\{BD6E3AEC-7746-494A-B055-75D6D56A82BB}\setup.exe" -runfromtemp -l0x0409 -removeonly [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{C1CB0E26-CE1A-4789-8EEA-919C4CD491C1}] : (PMDG 777-200LRF Base Package P3D.-.PMDG Simulations, LLC.) -> "C:\Program Files (x86)\InstallShield Installation Information\{C1CB0E26-CE1A-4789-8EEA-919C4CD491C1}\setup.exe" -runfromtemp -l0x0409 -removeonly [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{C3BEF41C-2408-4AB3-B498-27418C01D8B2}] : (REX 4 - Texture Direct - SP6 Hotfix 3.-.REX Game Studios, LLC.) -> MsiExec.exe /I{C3BEF41C-2408-4AB3-B498-27418C01D8B2} [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{c7f54569-0018-439c-809a-48046a4d4ebc}] : (Logiciel pour périphérique à chipset Intel®.-.Intel(R) Corporation) -> "C:\ProgramData\Package Cache\{c7f54569-0018-439c-809a-48046a4d4ebc}\SetupChipset.exe" /uninstall [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{C8768F80-4FD3-46A6-999C-EB1A0667D57D}] : (REX Soft Clouds SP3 - Hotfix 34.-.REX Game Studios, LLC.) -> MsiExec.exe /I{C8768F80-4FD3-46A6-999C-EB1A0667D57D} [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{CBD55D6A-A1DB-4BBA-8021-AA9E06773D0B}] : (REX Soft Clouds - SP3 Hotfix 1.-.REX Game Studios, LLC.) -> MsiExec.exe /I{CBD55D6A-A1DB-4BBA-8021-AA9E06773D0B} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{cdd40cf2-9726-4eaf-b3b0-b6fb6b0884e8}] : (Prepar3D v3 Academic.-.Lockheed Martin) -> "C:\ProgramData\Package Cache\{cdd40cf2-9726-4eaf-b3b0-b6fb6b0884e8}\Setup_Prepar3D.exe" /uninstall [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{CE8E65FC-9BE3-438A-8449-BCD5E8ACC6BE}] : (Prepar3D v3 Content.-.Lockheed Martin) -> MsiExec.exe /I{CE8E65FC-9BE3-438A-8449-BCD5E8ACC6BE} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{d0b0a249-0f47-46a8-a765-1d2601fd6e94}_is1] : (Active Sky 2016 for P3D Update.-.HiFi Technologies, Inc.) -> "C:\Program Files (x86)\HiFi\AS16_P3D\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{DBED58E1-AA28-474B-8626-0DCAD6D62CDB}] : (REX 4 - Texture Direct - SP5 - Hotfix 1.-.REX Game Studios, LLC.) -> MsiExec.exe /I{DBED58E1-AA28-474B-8626-0DCAD6D62CDB} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{E0229316-E73B-484B-B9E0-45098AB38D8C}}_is1] : (MSI Gaming APP.-.MSI) -> "C:\Program Files (x86)\MSI\Gaming APP\unins000.exe" [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{EB5C6167-D788-4CB0-921E-EDEFF65C993F}] : (REX Soft Clouds - SP2 - Hotfix 1.-.REX Game Studios, LLC.) -> MsiExec.exe /I{EB5C6167-D788-4CB0-921E-EDEFF65C993F} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{EDA76D78-8C23-4245-A4B1-4A9217AC9CF3}] : (VirtualDJ PRO Full.-.Atomix Productions) -> MsiExec.exe /I{EDA76D78-8C23-4245-A4B1-4A9217AC9CF3} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}] : (Realtek High Definition Audio Driver.-.Realtek Semiconductor Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -runfromtemp -removeonly [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F35DA190-DD75-49EF-ABB8-307AF62A55F3}] : (REX 4 - Texture Direct - SP6.-.REX Game Studios, LLC.) -> MsiExec.exe /I{F35DA190-DD75-49EF-ABB8-307AF62A55F3} ---------- | Installer [HKCR\Installer\Products\009FC2F3734139F4A9FB708B8BE073AD] : Prepar3D v3 Scenery -> C:\Windows\Installer\{3F2CF900-1437-4F93-9ABF-07B8B80E37DA}\Scenery.ico [HKCR\Installer\Products\05EE48B1ED455834FAF1082BB27AFDBA] : REX Soft Clouds - SP3 -> C:\Windows\Installer\{1B84EE50-54DE-4385-AF1F-80B22BA7DFAB}\softclouds_icon_256px.exe [HKCR\Installer\Products\08F8678C3DF46A6499C9BEA160765DD7] : REX Soft Clouds SP3 - Hotfix 34 -> C:\Windows\Installer\{C8768F80-4FD3-46A6-999C-EB1A0667D57D}\softclouds_icon_256px.exe [HKCR\Installer\Products\091AD53F57DDFE94BA8B03A76FA2553F] : REX 4 - Texture Direct - SP6 -> C:\Windows\Installer\{F35DA190-DD75-49EF-ABB8-307AF62A55F3}\rexwxdirect.exe [HKCR\Installer\Products\0C628FAEE54220D4D915ABC48917E7EA] : Intel(R) Rapid Storage Technology [HKCR\Installer\Products\162C799863540634B939D837F322BE1D] : SimObject Display Engine -> C:\Windows\Installer\{8997C261-4536-4360-9B93-8D733F22EBD1}\sode_icon [HKCR\Installer\Products\1E85DEBD82AAB4746862D0AC6D6DC2BD] : REX 4 - Texture Direct - SP5 - Hotfix 1 -> C:\Windows\Installer\{DBED58E1-AA28-474B-8626-0DCAD6D62CDB}\rexwxdirect.exe [HKCR\Installer\Products\2BC68D4D0732196428278396DEDEC646] : Apple Mobile Device Support -> C:\Windows\Installer\{D4D86CB2-2370-4691-8272-3869EDED6C64}\Installer.ico [HKCR\Installer\Products\421DC312886DD634B98DFF5BD68C03EB] : Prepar3D v3 Academic Client -> C:\Windows\Installer\{213CD124-D688-436D-9BD8-FFB56DC830BE}\Prepar3D.ico [HKCR\Installer\Products\5619BD921CF50F8419886221F3258684] : Apple Application Support (32 bits) -> C:\Windows\Installer\{29DB9165-5FC1-48F0-9188-26123F526848}\WinInstall.ico [HKCR\Installer\Products\62C0C7C4C7133E74EB65F7F9D7800F5E] : REX Soft Clouds - SP3 Hotfix 2 -> C:\Windows\Installer\{4C7C0C26-317C-47E3-BE56-7F9F7D08F0E5}\softclouds_icon_256px.exe [HKCR\Installer\Products\7616C5BE887D0BC429E1DEFE6FC599F3] : REX Soft Clouds - SP2 - Hotfix 1 -> C:\Windows\Installer\{EB5C6167-D788-4CB0-921E-EDEFF65C993F}\softclouds_icon_256px.exe [HKCR\Installer\Products\7E73403B286073D4D9FB7936D1FD48F8] : REX Soft Clouds SP3 - Hotfix 3 -> C:\Windows\Installer\{B30437E7-0682-4D37-9DBF-97631DDF848F}\softclouds_icon_256px.exe [HKCR\Installer\Products\7F4A6499DF0E33A4281D60BCFFBB9B9F] : iTunes -> C:\Windows\Installer\{9946A4F7-E0FD-4A33-82D1-06CBFFBBB9F9}\Installer.ico [HKCR\Installer\Products\8A98ECD1F2AD09E429BE25882ED42F71] : REX Soft Clouds SP2 -> C:\Windows\Installer\{1DCE89A8-DA2F-4E90-92EB-5288E24DF217}\softclouds_icon_256px_1.exe [HKCR\Installer\Products\8BD4002BF5477F543A726ECF8A43B1B1] : REX 4 - Texture Direct - SP6 Hotfix 1 -> C:\Windows\Installer\{B2004DB8-745F-45F7-A327-E6FCA8341B1B}\rexwxdirect.exe [HKCR\Installer\Products\8BFDDD6597F70844985D521E5FA22BF8] : Bonjour -> C:\Windows\Installer\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}\Bonjour.ico [HKCR\Installer\Products\966310337557E0341935C32025486E32] : Intel(R) Smart Connect Technology -> C:\Windows\Installer\{33013669-7557-430E-9153-3C025284E623}\ISCT.ico [HKCR\Installer\Products\9BBA44C212685FE4FA438068CDADC712] : Google Earth -> C:\Windows\Installer\{2C44ABB9-8621-4EF5-AF34-0886DCDA7C21}\MainIcon.ico [HKCR\Installer\Products\9FA444B1EBD14884F85369B9FEFC968A] : Intel® Trusted Connect Service Client [HKCR\Installer\Products\A089CE062ADB6BC44A720BA745894BAC] : Google Update Helper [HKCR\Installer\Products\A6D55DBCBD1AABB40812AAE96077D3B0] : REX Soft Clouds - SP3 Hotfix 1 -> C:\Windows\Installer\{CBD55D6A-A1DB-4BBA-8021-AA9E06773D0B}\softclouds_icon_256px.exe [HKCR\Installer\Products\AA74CE6531856FF4E857450462BFAE38] : Apple Software Update -> C:\Windows\Installer\{56EC47AA-5813-4FF6-8E75-544026FBEA83}\Installer.ico [HKCR\Installer\Products\C14FEB3C80423BA44B897214C8108D2B] : REX 4 - Texture Direct - SP6 Hotfix 3 -> C:\Windows\Installer\{C3BEF41C-2408-4AB3-B498-27418C01D8B2}\rexwxdirect.exe [HKCR\Installer\Products\C5023CBD14A2A094E84EEB9439CFE26C] : Intel(R) ME UninstallLegacy [HKCR\Installer\Products\C9A197C8E62B90E4D8783384AA6EB1A4] : Intel(R) Management Engine Components [HKCR\Installer\Products\CAE89355E85F91F45B35DB8F9BFE8D93] : Intel(R) Chipset Device Software [HKCR\Installer\Products\CE0A57F937766114D970BA4C72726360] : Intel(R) Management Engine Components [HKCR\Installer\Products\CF56E8EC3EB9A8344894CB5D8ECA6CEB] : Prepar3D v3 Content -> C:\Windows\Installer\{CE8E65FC-9BE3-438A-8449-BCD5E8ACC6BE}\Content.ico [HKCR\Installer\Products\E1139FF81B67D32429DA71F6769D950B] : REX 4 - Texture Direct - SP6 Hotfix 2 -> C:\Windows\Installer\{8FF9311E-76B1-423D-92AD-176F67D959B0}\rexwxdirect.exe [HKCR\Installer\Products\E35068F5605B70B47BC4B66C378E46FF] : REX 4 - Texture Direct with Service Pack 5 -> C:\Windows\Installer\{5F86053E-B506-4B07-B74C-6BC673E864FF}\rexwxdirect.exe [HKCR\Installer\Products\E5B68F573ED34724CAAC824CF81A6121] : NETGEAR A6210 Genie -> C:\Windows\Installer\{75F86B5E-3DE3-4274-ACCA-28C48FA11612}\ARPPRODUCTICON.exe [HKCR\Installer\Products\E765FD81B9AAD434EB77FB2E9272216F] : RAPID Mode -> C:\Windows\Installer\{18DF567E-AA9B-434D-BE77-BFE2292712F6}\RAPID.ico [HKCR\Installer\Products\F78832605F6DCA6498209FCB2DCCD045] : REX 4 - Texture Direct - SP6 Hotfix 4 -> C:\Windows\Installer\{0623887F-D6F5-46AC-8902-F9BCD2CC0D54}\rexwxdirect.exe [HKCR\Installer\Products\FC8C509588C187444AE8E454A81DCBE7] : Apple Application Support (64 bits) -> C:\Windows\Installer\{5905C8CF-1C88-4478-A48E-4E458AD1BC7E}\WinInstall.ico ---------- | ADS @C:\ProgramData\Temp:CB0AACC9 ---------- | Drives Disk: 0 Size=238G Pos MBRndx Type/Name Size Active Hide Start Sector Sectors --- ------ ---------- ---- ------ ---- ------------ ------------ 0 0 07-NTFS 238G Yes No 2,048 488,392,704 ---------- | MBR Windows Version: Windows 7 Ultimate Edition Windows Information: Service Pack 1 (build 7601), 64-bit Base Board Manufacturer: MSI BIOS Manufacturer: American Megatrends Inc. System Manufacturer: MSI System Product Name: MS-7821 Logical Drives Mask: 0x0000006c Analysis of file "C:\QuickDiag\MBR.bin": Windows 7 MBR code detected 64 bits not supported by MBR.exe, Dump : C:\QuickDiag\MBR.Bin ---------- | 20 LastEventLog La création du contexte d’activation a échoué pour « d:\program files (x86)\lockheed martin\prepar3d v3\aerosoft\airbus a320_a321\AirbusXConnectExtended.exe ». Assembly dépendant Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé. ------------ La création du contexte d’activation a échoué pour « d:\program files (x86)\lockheed martin\prepar3d v3\aerosoft\airbus a318_a319\AirbusXConnectExtended.exe ». Assembly dépendant Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé. ------------ Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé. ------------ Le service ne peut pas être démarré. System.Runtime.InteropServices.COMException (0x80010002): L’appel a été annulé par le filtre de messages. (Exception de HRESULT : 0x80010002 (RPC_E_CALL_CANCELED)) à System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) à System.Management.ManagementScope.InitializeGuts(Object o) à System.Management.ManagementScope.Initialize() à System.Management.ManagementEventWatcher.Initialize() à System.Management.ManagementEventWatcher.Start() à MSI_ActiveX_Service.ActiveX_Service.OnStart(String[] args) à System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) ------------ La création du contexte d’activation a échoué pour « d:\program files (x86)\lockheed martin\prepar3d v3\aerosoft\airbus a320_a321\AirbusXConnectExtended.exe ». Assembly dépendant Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé. ------------ La création du contexte d’activation a échoué pour « d:\program files (x86)\lockheed martin\prepar3d v3\aerosoft\airbus a318_a319\AirbusXConnectExtended.exe ». Assembly dépendant Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé. ------------ Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé. ------------ Le service ne peut pas être démarré. System.Runtime.InteropServices.COMException (0x80010002): L’appel a été annulé par le filtre de messages. (Exception de HRESULT : 0x80010002 (RPC_E_CALL_CANCELED)) à System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) à System.Management.ManagementScope.InitializeGuts(Object o) à System.Management.ManagementScope.Initialize() à System.Management.ManagementEventWatcher.Initialize() à System.Management.ManagementEventWatcher.Start() à MSI_ActiveX_Service.ActiveX_Service.OnStart(String[] args) à System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) ------------ Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé. ------------ Le service ne peut pas être démarré. System.Runtime.InteropServices.COMException (0x80010002): L’appel a été annulé par le filtre de messages. (Exception de HRESULT : 0x80010002 (RPC_E_CALL_CANCELED)) à System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) à System.Management.ManagementScope.InitializeGuts(Object o) à System.Management.ManagementScope.Initialize() à System.Management.ManagementEventWatcher.Initialize() à System.Management.ManagementEventWatcher.Start() à MSI_ActiveX_Service.ActiveX_Service.OnStart(String[] args) à System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) ------------ Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé. ------------ Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé. ------------ Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé. ------------ Le service ne peut pas être démarré. System.Runtime.InteropServices.COMException (0x80010002): L’appel a été annulé par le filtre de messages. (Exception de HRESULT : 0x80010002 (RPC_E_CALL_CANCELED)) à System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) à System.Management.ManagementScope.InitializeGuts(Object o) à System.Management.ManagementScope.Initialize() à System.Management.ManagementEventWatcher.Initialize() à System.Management.ManagementEventWatcher.Start() à MSI_ActiveX_Service.ActiveX_Service.OnStart(String[] args) à System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) ------------ La création du contexte d’activation a échoué pour « d:\program files (x86)\lockheed martin\prepar3d v3\aerosoft\airbus a320_a321\AirbusXConnectExtended.exe ». Assembly dépendant Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé. ------------ La création du contexte d’activation a échoué pour « d:\program files (x86)\lockheed martin\prepar3d v3\aerosoft\airbus a318_a319\AirbusXConnectExtended.exe ». Assembly dépendant Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé. ------------ Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé. ------------ Le service ne peut pas être démarré. System.Runtime.InteropServices.COMException (0x80010002): L’appel a été annulé par le filtre de messages. (Exception de HRESULT : 0x80010002 (RPC_E_CALL_CANCELED)) à System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) à System.Management.ManagementScope.InitializeGuts(Object o) à System.Management.ManagementScope.Initialize() à System.Management.ManagementEventWatcher.Initialize() à System.Management.ManagementEventWatcher.Start() à MSI_ActiveX_Service.ActiveX_Service.OnStart(String[] args) à System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) ------------ La création du contexte d’activation a échoué pour « d:\program files (x86)\lockheed martin\prepar3d v3\aerosoft\airbus a320_a321\AirbusXConnectExtended.exe ». Assembly dépendant Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé. ------------ ----------( EOF)---------- - 3102 | 20:08:25