--------------- QuickDiag | g3n-h@ckm@n | V3_01.07.17.1 --------------- ----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 29/08/2017 16:28:16 Updated 01/07/2017 | 11.30 (GMT) by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Time Zone : (UTC+01:00) Bruxelles, Copenhague, Madrid, Paris [David (Administrator)] - [DESKTOP-FVIMMGR] (S-1-5-21-3509389351-3950065392-2608423712-1001) System: Microsoft Windows 10 Famille - - (10.0.10586) - BuildType: Multiprocessor Free - OSLanguage: 1036 (040c) -> (1511) System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True Boot : Microsoft Windows 10 Famille|C:\Windows|\Device\Harddisk1\Partition4 Boot : Normal boot PC: System Product Name - System manufacturer - IdNumber: System Serial Number - UUID: 95C3EAC0-A131-11E5-99BB-9C5C8E7609F5 Processor : X64 - 3312 Mhz - Intel(R) Core(TM) i5-6600 CPU @ 3.30GHz 0601 - fr|FR|iso8859-1 - American Megatrends Inc. - S/N: System Serial Number - 0601 - ALASKA - 1072009 CoreTemp : 29.8 Celsius ----------| Quick ---------- | SoundDevice NVIDIA High Definition Audio - Status: OK - Manufacturer: NVIDIA - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10DE&DEV_0040&SUBSYS_14622825&REV_1001\5&5ADC666&0&0001 NVIDIA Virtual Audio Device (Wave Extensible) (WDM) - Status: OK - Manufacturer: NVIDIA - PNPDeviceID: ROOT\UNNAMED_DEVICE\0000 Realtek High Definition Audio - Status: OK - Manufacturer: Realtek - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0900&SUBSYS_104386AE&REV_1000\4&2DE74382&0&0001 ---------- | Video NVIDIA GeForce GTX 770 - Resolution: 1920x1080 - Colors: 4294967296 - RefreshRate: 60 - 32 Bits Per Pixel - DeviceID: VideoController1 - Drivers: nvd3dumx.dll,nvwgf2umx.dll,nvwgf2umx.dll,nvwgf2umx.dll,nvd3dum,nvwgf2um,nvwgf2um,nvwgf2um - PNPDeviceID: PCI\VEN_10DE&DEV_1184&SUBSYS_28251462&REV_A1\4&2D78AB8F&0&0008 - AdapterCompatibility: NVIDIA - RAM: -2147483648 Inegrated Video Chipset DeviceName: NVIDIA GeForce GTX 770 - DriverVersion: 21.21.13.7878 - SpecificationVersion: 1025 ---------- | Codecs c:\windows\system32\msrle32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 17920 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\imaadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 35696 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msgsm32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 42936 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msg711.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 25344 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\l3codeca.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 87040 - Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK c:\windows\system32\msadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 34632 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msvidc32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 38912 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\iyuv_32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 53760 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\tsbyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 16896 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 27136 - Manufacturer: Microsoft Corporation - Status: OK ---------- | CPU CPU #1 value:2 % CPU #2 value:2 % CPU #3 value:2 % CPU #4 value:8 % Total Overall CPU Usage value:3 % ---------- | Network Intel[R] Ethernet Connection [2] I219-V : SENT:0 bytes/sec / RECVD:0 bytes/sec Qualcomm Atheros AR9285 Wireless Network Adapter : SENT:0 bytes/sec / RECVD:0 bytes/sec isatap.home : SENT:0 bytes/sec / RECVD:0 bytes/sec Teredo Tunneling Pseudo-Interface : SENT:0 bytes/sec / RECVD:0 bytes/sec Overall -> SEND Maxium:3 bytes/sec, / RECEIVE Maximum:0 bytes/sec Qualcomm Atheros AR9285 Wireless Network Adapter - Ethernet 802.3 - Qualcomm Atheros Communications Inc. - Status: - PnPID : PCI\VEN_168C&DEV_002B&SUBSYS_30A1168C&REV_01\4&24034A3E&0&00E0 Microsoft Kernel Debug Network Adapter - - Microsoft - Status: - PnPID : ROOT\KDNIC\0000 Microsoft Wi-Fi Direct Virtual Adapter - Ethernet 802.3 - Microsoft - Status: - PnPID : {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP_WFD\5&139D4DD7&0&11 Microsoft ISATAP Adapter - Tunnel - Microsoft - Status: - PnPID : SWD\IP_TUNNEL_VBUS\ISATAP_0 Teredo Tunneling Pseudo-Interface - Tunnel - Microsoft - Status: - PnPID : SWD\IP_TUNNEL_VBUS\TEREDO_TUNNEL_DEVICE Intel(R) Ethernet Connection (2) I219-V - Ethernet 802.3 - Intel - Status: - PnPID : PCI\VEN_8086&DEV_15B8&SUBSYS_86721043&REV_31\3&11583659&0&FE Microsoft ISATAP Adapter - - - Status: - PnPID : ---------- | Memory RAM = Total (MB) : 16690 | Free (MB) : 13961 Pagefile = Total (MB) : 19180 | Free (MB) : 16458 Virtual = Total (MB) : 4194 | Free (MB) : 3917 Physical Memory 1 : Capacity: 8589934592 - DIMM_A2 - Posit.: 1 - Manufacturer: Kingston - PartNumber: KHX2133C14D4/8G - S/N: 05161317 Physical Memory 3 : Capacity: 8589934592 - DIMM_B2 - Posit.: 2 - Manufacturer: Kingston - PartNumber: KHX2133C14D4/8G - S/N: 12162277 ---------- | SID Users Administrateur : [S-1-5-21-3509389351-3950065392-2608423712-500] David : [S-1-5-21-3509389351-3950065392-2608423712-1001] DefaultAccount : [S-1-5-21-3509389351-3950065392-2608423712-503] Invité : [S-1-5-21-3509389351-3950065392-2608423712-501] Administrateurs : [S-1-5-32-544] IIS_IUSRS : [S-1-5-32-568] Invités : [S-1-5-32-546] Lecteurs des journaux d’événements : [S-1-5-32-573] System Managed Accounts Group : [S-1-5-32-581] Utilisateurs : [S-1-5-32-545] Utilisateurs de gestion à distance : [S-1-5-32-580] Utilisateurs de l’Analyseur de performances : [S-1-5-32-558] Utilisateurs du journal de performances : [S-1-5-32-559] Utilisateurs du modèle COM distribué : [S-1-5-32-562] ---------- | SystemAccounts Name: Tout le monde - SID: S-1-1-0 - SIDType: 5 - Status: OK Name: LOCAL - SID: S-1-2-0 - SIDType: 5 - Status: OK Name: CREATEUR PROPRIETAIRE - SID: S-1-3-0 - SIDType: 5 - Status: OK Name: GROUPE CREATEUR - SID: S-1-3-1 - SIDType: 5 - Status: OK Name: CREATOR OWNER SERVER - SID: S-1-3-2 - SIDType: 5 - Status: OK Name: CREATOR GROUP SERVER - SID: S-1-3-3 - SIDType: 5 - Status: OK Name: DROITS DU PROPRIÉTAIRE - SID: S-1-3-4 - SIDType: 5 - Status: OK Name: LIGNE - SID: S-1-5-1 - SIDType: 5 - Status: OK Name: RESEAU - SID: S-1-5-2 - SIDType: 5 - Status: OK Name: TACHE - SID: S-1-5-3 - SIDType: 5 - Status: OK Name: INTERACTIF - SID: S-1-5-4 - SIDType: 5 - Status: OK Name: SERVICE - SID: S-1-5-6 - SIDType: 5 - Status: OK Name: ANONYMOUS LOGON - SID: S-1-5-7 - SIDType: 5 - Status: OK Name: Proxy - SID: S-1-5-8 - SIDType: 5 - Status: OK Name: Système - SID: S-1-5-18 - SIDType: 5 - Status: OK Name: ENTERPRISE DOMAIN CONTROLLERS - SID: S-1-5-9 - SIDType: 5 - Status: OK Name: SELF - SID: S-1-5-10 - SIDType: 5 - Status: OK Name: Utilisateurs authentifiés - SID: S-1-5-11 - SIDType: 5 - Status: OK Name: RESTRICTED - SID: S-1-5-12 - SIDType: 5 - Status: OK Name: UTILISATEUR TERMINAL SERVER - SID: S-1-5-13 - SIDType: 5 - Status: OK Name: REMOTE INTERACTIVE LOGON - SID: S-1-5-14 - SIDType: 5 - Status: OK Name: IUSR - SID: S-1-5-17 - SIDType: 5 - Status: OK Name: SERVICE LOCAL - SID: S-1-5-19 - SIDType: 5 - Status: OK Name: SERVICE RÉSEAU - SID: S-1-5-20 - SIDType: 5 - Status: OK Name: BUILTIN - SID: S-1-5-32 - SIDType: 3 - Status: OK ---------- | Drives C:\ -> [Fixed] | [SSD] | Total : 465.1 Go | Free : 345.14 Go -> NTFS (SSD) [SATA] E:\ -> [Fixed] | [HDD] | Total : 930.96 Go | Free : 904.13 Go -> NTFS [SATA] Disk Usage Information [2 total Physical Disks] Physical Drive #0 [E:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Physical Drive #1 [C:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Overall - Read Maximum:0 bytes/sec, Write Maximum:0 bytes/sec DeviceID: \\.\PHYSICALDRIVE1 - Status: OK - IDE - Fixed hard disk media - 3 Part. - PnPID : SCSI\DISK&VEN_CRUCIAL_&PROD_CT500MX200SSD1\4&39693902&0&040000 DeviceID: \\.\PHYSICALDRIVE0 - Status: OK - IDE - Fixed hard disk media - 3 Part. - PnPID : SCSI\DISK&VEN_ST1000DM&PROD_003-9YN162\4&39693902&0&000000 ---------- | Windows updates Test 1 : Windows Is Activated ---------- | Browsers IE : 11.0.10586.1045 (© Microsoft Corporation. Tous droits réservés.) GC : 60.0.3112.101 (Copyright 2016 Google Inc.) Default : "C:\Program Files\Internet Explorer\iexplore.exe" ---------- | FlashPlayer FlashPlayer ActiveX : 26.0.0.151 ---------- | Security AV : Windows Defender Enabled AS : Windows Defender Enabled FW : WINDOWS Firewall WMI : OK WU: Windows Update Service [Manual(3)] = Running AS: Windows Defender [Auto(2)] = Running WMI: Windows Management Instrumentation [Auto(2)] = Running ---------- | Running processes 316 | [Owner : Système | Parent : 4(System) | ?????] - (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (10.0.10586.0) = C:\Windows\System32\smss.exe [30/10/2015 09:18:03] CPU Usage:0 % 524 | [Owner : Système | Parent : 504() | ?????] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (10.0.10586.0) = C:\Windows\System32\csrss.exe [30/10/2015 09:18:03] CPU Usage:0 % 616 | [Owner : Système | Parent : 504() | ?????] - (.Microsoft Corporation - Application de démarrage de Windows.) - (10.0.10586.306) = C:\Windows\System32\wininit.exe [11/05/2016 17:21:24] CPU Usage:0 % 624 | [Owner : Système | Parent : 608() | ?????] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (10.0.10586.0) = C:\Windows\System32\csrss.exe [30/10/2015 09:18:03] CPU Usage:0 % 688 | [Owner : Système | Parent : 616(wininit.exe) | ?????] - (.Microsoft Corporation - Applications Services et Contrôleur.) - (10.0.10586.71) = C:\Windows\System32\services.exe [04/03/2016 17:22:53] CPU Usage:0 % 696 | [Owner : Système | Parent : 616(wininit.exe) | 15.44 Mo] - (.Microsoft Corporation - Local Security Authority Process.) - (10.0.10586.589) = C:\Windows\System32\lsass.exe [16/08/2017 16:43:32] CPU Usage:0 % 788 | [Owner : Système | Parent : 688(services.exe) | 20.98 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe [30/10/2015 09:17:49] CPU Usage:0 % 844 | [Owner : Système | Parent : 608() | 9.28 Mo] - (.Microsoft Corporation - Application d’ouverture de session Windows.) - (10.0.10586.839) = C:\Windows\System32\winlogon.exe [15/03/2017 00:08:53] CPU Usage:0 % 904 | [Owner : SERVICE RÉSEAU | Parent : 688(services.exe) | 10.25 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe [30/10/2015 09:17:49] CPU Usage:0 % 992 | [Owner : Système | Parent : 688(services.exe) | 32.81 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe [30/10/2015 09:17:49] CPU Usage:0 % 84 | [Owner : DWM-1 | Parent : 844(winlogon.exe) | 40.19 Mo] - (.Microsoft Corporation - Gestionnaire de fenêtres du Bureau.) - (10.0.10586.0) = C:\Windows\System32\dwm.exe [30/10/2015 09:17:58] CPU Usage:0 % 752 | [Owner : Système | Parent : 688(services.exe) | 60.29 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe [30/10/2015 09:17:49] CPU Usage:0 % 920 | [Owner : SERVICE LOCAL | Parent : 688(services.exe) | 8.1 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe [30/10/2015 09:17:49] CPU Usage:0 % 972 | [Owner : SERVICE LOCAL | Parent : 688(services.exe) | 31.34 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe [30/10/2015 09:17:49] CPU Usage:0 % 1112 | [Owner : SERVICE LOCAL | Parent : 688(services.exe) | 24.9 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe [30/10/2015 09:17:49] CPU Usage:0 % 1208 | [Owner : SERVICE LOCAL | Parent : 688(services.exe) | 24.48 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe [30/10/2015 09:17:49] CPU Usage:0 % 1404 | [Owner : SERVICE RÉSEAU | Parent : 688(services.exe) | 20.62 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe [30/10/2015 09:17:49] CPU Usage:0 % 1472 | [Owner : Système | Parent : 688(services.exe) | 14.52 Mo] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.10586.589) = C:\Windows\System32\spoolsv.exe [15/09/2016 16:43:56] CPU Usage:0 % 1700 | [Owner : Système | Parent : 688(services.exe) | 24.81 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe [30/10/2015 09:17:49] CPU Usage:0 % 1720 | [Owner : Système | Parent : 688(services.exe) | 7.54 Mo] - (.ASUSTeK Computer Inc. -.) - (0.1.0.19) = C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [04/03/2016 13:30:53] CPU Usage:0 % 1712 | [Owner : Système | Parent : 688(services.exe) | 12.12 Mo] - (.-.) - (0.0.0.0) = C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [04/03/2016 13:19:20] CPU Usage:0 % 1728 | [Owner : Système | Parent : 688(services.exe) | 6.84 Mo] - (.Intel Corporation - Intel® PROSet Monitoring Service.) - (20.2.4000.0) = C:\Windows\System32\IPROSetMonitor.exe [07/05/2015 15:59:08] CPU Usage:0 % 1736 | [Owner : Système | Parent : 688(services.exe) | 5.58 Mo] - (.-.) - (0.0.0.0) = C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [04/03/2016 13:19:22] CPU Usage:0 % 1848 | [Owner : SERVICE LOCAL | Parent : 688(services.exe) | 9.58 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe [30/10/2015 09:17:49] CPU Usage:0 % 1876 | [Owner : Système | Parent : 688(services.exe) | 5.58 Mo] - (.Logitech Inc. - Logitech Surround Sound Service.) - (8.87.116.0) = C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [30/08/2016 02:17:08] CPU Usage:0 % 2004 | [Owner : Système | Parent : 688(services.exe) | 11.99 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.2.0.0) = C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [23/10/2016 19:51:34] CPU Usage:0 % 2016 | [Owner : Système | Parent : 688(services.exe) | 25.36 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.2.2158.9553) = C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [15/09/2016 17:10:00] CPU Usage:0 % 2024 | [Owner : SERVICE RÉSEAU | Parent : 688(services.exe) | 14.06 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.2.2159.775) = C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [10/02/2017 18:40:13] CPU Usage:0 % 1372 | [Owner : Système | Parent : 688(services.exe) | 19.01 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe [30/10/2015 09:17:49] CPU Usage:0 % 1776 | [Owner : Système | Parent : 688(services.exe) | ?????] - (.Microsoft Corporation - Antimalware Service Executable.) - (4.9.10586.1045) = C:\Program Files\Windows Defender\MsMpEng.exe [16/08/2017 16:44:08] CPU Usage:0 % 2416 | [Owner : Système | Parent : 2004(NVDisplay.Container.exe) | 24.31 Mo] - (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) - (8.17.13.7878) = C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe [22/09/2016 00:35:05] CPU Usage:0 % 3116 | [Owner : David | Parent : 2016(nvcontainer.exe) | 33.38 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.2.2158.9553) = C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe [15/09/2016 17:10:00] CPU Usage:0 % 3140 | [Owner : David | Parent : 752(svchost.exe) | 20.44 Mo] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.10586.0) = C:\Windows\System32\sihost.exe [30/10/2015 09:18:01] CPU Usage:0 % 3364 | [Owner : David | Parent : 788(svchost.exe) | 35.04 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.10586.0) = C:\Windows\System32\RuntimeBroker.exe [30/10/2015 09:17:51] CPU Usage:0 % 3560 | [Owner : David | Parent : 752(svchost.exe) | 17.37 Mo] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.10586.0) = C:\Windows\System32\taskhostw.exe [30/10/2015 09:17:43] CPU Usage:0 % 3576 | [Owner : David | Parent : 3528() | 107.74 Mo] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.10586.839) = C:\Windows\explorer.exe [15/03/2017 00:08:51] CPU Usage:0 % 3828 | [Owner : David | Parent : 788(svchost.exe) | 5.56 Mo] - (.-.) - (10.1.2123.36) = C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe [20/04/2016 14:51:13] CPU Usage:0 % 4008 | [Owner : David | Parent : 788(svchost.exe) | 80.33 Mo] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.10586.494) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [13/07/2016 17:31:12] CPU Usage:0 % 4088 | [Owner : Système | Parent : 688(services.exe) | 26.54 Mo] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.10586.962) = C:\Windows\System32\SearchIndexer.exe [17/06/2017 00:08:49] CPU Usage:0 % 4160 | [Owner : David | Parent : 788(svchost.exe) | 97.08 Mo] - (.Microsoft Corporation - Search and Cortana application.) - (10.0.10586.916) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [10/05/2017 23:57:23] CPU Usage:0 % 5112 | [Owner : David | Parent : 2416(nvxdsync.exe) | 12.53 Mo] - (.NVIDIA Corporation - NVIDIA Settings.) - (7.17.13.7878) = C:\Program Files\NVIDIA Corporation\Display\nvtray.exe [22/09/2016 00:35:05] CPU Usage:0 % 2668 | [Owner : David | Parent : 3576(explorer.exe) | 12.7 Mo] - (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) - (1.0.484.0) = C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [04/03/2016 13:21:22] CPU Usage:0 % 2720 | [Owner : David | Parent : 3576(explorer.exe) | 47.93 Mo] - (.Logitech Inc. - Logitech Gaming Framework.) - (8.87.116.0) = C:\Program Files\Logitech Gaming Software\LCore.exe [30/08/2016 02:17:06] CPU Usage:0 % 5404 | [Owner : David | Parent : 3576(explorer.exe) | 32.92 Mo] - (.Microsoft Corporation - Microsoft OneDrive.) - (17.3.6966.824) = C:\Users\David\AppData\Local\Microsoft\OneDrive\OneDrive.exe [04/03/2016 12:22:54] CPU Usage:0 % 5536 | [Owner : Système | Parent : 788(svchost.exe) | 8.58 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.10586.589) = C:\Windows\System32\wbem\WmiPrvSE.exe [15/09/2016 16:43:43] CPU Usage:0 % 5592 | [Owner : David | Parent : 788(svchost.exe) | 29.18 Mo] - (.NVIDIA Corporation - NVIDIA Capture Server.) - (3.4.0.70) = C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe [15/09/2016 17:10:03] CPU Usage:0 % 5768 | [Owner : David | Parent : 2016(nvcontainer.exe) | 5.66 Mo] - (.NVIDIA Corporation - NVIDIA ShadowPlay Helper.) - (3.4.0.70) = C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe [15/09/2016 17:10:03] CPU Usage:0 % 5796 | [Owner : David | Parent : 5592(nvspcaps64.exe) | 80.21 Mo] - (.NVIDIA Corporation - NVIDIA Share.) - (56.2924.1538.1) = C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe [15/09/2016 17:10:03] CPU Usage:0 % 5172 | [Owner : David | Parent : 5796(NVIDIA Share.exe) | 56.7 Mo] - (.NVIDIA Corporation - NVIDIA Share.) - (56.2924.1538.1) = C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe [15/09/2016 17:10:03] CPU Usage:0 % 5380 | [Owner : David | Parent : 5272() | 52.82 Mo] - (.Node.js - NVIDIA Web Helper Service.) - (6.9.1.0) = C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe [15/09/2016 17:10:01] CPU Usage:0 % 5260 | [Owner : David | Parent : 5380(NVIDIA Web Helper.exe) | 9.05 Mo] - (.Microsoft Corporation - Console Window Host.) - (10.0.10586.0) = C:\Windows\System32\conhost.exe [30/10/2015 09:17:58] CPU Usage:0 % 724 | [Owner : SERVICE LOCAL | Parent : 992(svchost.exe) | 8.31 Mo] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (10.0.10586.0) = C:\Windows\System32\WUDFHost.exe [30/10/2015 09:18:09] CPU Usage:0 % 6916 | [Owner : David | Parent : 688(services.exe) | 23.41 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe [30/10/2015 09:17:49] CPU Usage:0 % 5012 | [Owner : David | Parent : 788(svchost.exe) | 19.83 Mo] - (.Microsoft Corporation - Application Frame Host.) - (10.0.10586.0) = C:\Windows\System32\ApplicationFrameHost.exe [30/10/2015 09:18:16] CPU Usage:0 % 3784 | [Owner : SERVICE RÉSEAU | Parent : 3164() | 10.95 Mo] - (.Microsoft Corporation - Microsoft Malware Protection Command Line Utility.) - (4.9.10586.1045) = C:\Program Files\Windows Defender\MpCmdRun.exe [16/08/2017 16:44:08] CPU Usage:0 % 6736 | [Owner : David | Parent : 3576(explorer.exe) | 238.26 Mo] - (.Google Inc. - Google Chrome.) - (60.0.3112.101) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [08/03/2016 14:43:53] CPU Usage:0 % 5836 | [Owner : David | Parent : 6736(chrome.exe) | 6.69 Mo] - (.Google Inc. - Google Chrome.) - (60.0.3112.101) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [08/03/2016 14:43:53] CPU Usage:0 % 1484 | [Owner : David | Parent : 6736(chrome.exe) | 7.65 Mo] - (.Google Inc. - Google Chrome.) - (60.0.3112.101) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [08/03/2016 14:43:53] CPU Usage:0 % 6720 | [Owner : David | Parent : 6736(chrome.exe) | 111.94 Mo] - (.Google Inc. - Google Chrome.) - (60.0.3112.101) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [08/03/2016 14:43:53] CPU Usage:0 % 3016 | [Owner : David | Parent : 6736(chrome.exe) | 165.62 Mo] - (.Google Inc. - Google Chrome.) - (60.0.3112.101) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [08/03/2016 14:43:53] CPU Usage:0 % 2844 | [Owner : David | Parent : 6736(chrome.exe) | 273.29 Mo] - (.Google Inc. - Google Chrome.) - (60.0.3112.101) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [08/03/2016 14:43:53] CPU Usage:0 % 5756 | [Owner : SERVICE LOCAL | Parent : 688(services.exe) | ?????] - (.Microsoft Corporation - Microsoft Network Realtime Inspection Service.) - (4.9.10586.672) = C:\Program Files\Windows Defender\NisSrv.exe [10/11/2016 00:42:05] CPU Usage:0 % 684 | [Owner : Système | Parent : 844(winlogon.exe) | 2.89 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.10586.962) = C:\Windows\System32\fontdrvhost.exe [17/06/2017 00:08:39] CPU Usage:0 % 6900 | [Owner : | Parent : 688(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe [30/10/2015 09:17:49] CPU Usage:0 % 4628 | [Owner : Système | Parent : 4088(SearchIndexer.exe) | 5.43 Mo] - (.Microsoft Corporation - Microsoft Windows Search Filter Host.) - (7.0.10586.494) = C:\Windows\System32\SearchFilterHost.exe [13/07/2016 17:32:11] CPU Usage:0 % 4704 | [Owner : LogonSessionId_0_3188508 | Parent : 788(svchost.exe) | 11.03 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.10586.589) = C:\Windows\System32\wbem\WmiPrvSE.exe [15/09/2016 16:43:43] CPU Usage:0 % 4744 | [Owner : Système | Parent : 4088(SearchIndexer.exe) | 10.52 Mo] - (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) - (7.0.10586.589) = C:\Windows\System32\SearchProtocolHost.exe [15/09/2016 16:44:12] CPU Usage:0 % 1864 | [Owner : | Parent : 972(svchost.exe) | ?????] - (.Microsoft Corporation - Isolation graphique de périphérique audio Windows.) - (10.0.10586.218) = C:\Windows\System32\audiodg.exe [13/04/2016 17:37:45] CPU Usage:0 % 6616 | [Owner : Aucun | Parent : 6736(chrome.exe) | 37.55 Mo] - (.SosVirus - QuickDiag.) - (1.7.17.1) = E:\Telechargements\QuickDiag.exe [29/08/2017 16:27:59] CPU Usage:0 % 4208 | [Owner : LogonSessionId_0_3337265 | Parent : 788(svchost.exe) | 8.43 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.10586.589) = C:\Windows\SysWOW64\wbem\WmiPrvSE.exe [15/09/2016 16:44:00] CPU Usage:0 % ---------- | MD5 [MD5.FBE9252AEC157F10485A88E3EF77F9C4] - [15/03/2017 00:08:51] - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [4410.94 Ko] - (10.0.10586.839) : C:\Windows\Explorer.exe [MD5.41E25E514D90E9C8BC570484DBAFF62B] - [30/10/2015 09:17:49] - (.© Microsoft Corporation. Tous droits réservés. - Interpréteur de commandes Windows.) - [228.5 Ko] - (10.0.10586.0) : C:\Windows\System32\cmd.exe [MD5.3E7CCD0F507877C50078205667CE8133] - [30/10/2015 09:18:03] - (.© Microsoft Corporation. Tous droits réservés. - Processus d’exécution client-serveur.) - [17.72 Ko] - (10.0.10586.0) : C:\Windows\System32\csrss.exe [MD5.9513834DAC717444F04169EA5D120885] - [30/10/2015 09:17:51] - (.© Microsoft Corporation. - COM Surrogate.) - [18.34 Ko] - (10.0.10586.0) : C:\Windows\System32\dllhost.exe [MD5.B03DF95636ADED78F32F8AA546E7988A] - [15/09/2016 16:43:17] - (.© Microsoft Corporation. Tous droits réservés. - DLL du client API BASE Windows NT.) - [689.04 Ko] - (10.0.10586.589) : C:\Windows\System32\Kernel32.dll [MD5.28F844500ADA77447835BC586F15AAAE] - [16/08/2017 16:43:32] - (.© Microsoft Corporation. - Local Security Authority Process.) - [56.55 Ko] - (10.0.10586.589) : C:\Windows\System32\lsass.exe [MD5.3B2AE6B885E09C2C8AB0D32B6EB4EA32] - [10/05/2017 23:57:19] - (.© Microsoft Corporation. - Distributed COM Services.) - [884.5 Ko] - (10.0.10586.916) : C:\Windows\System32\rpcss.dll [MD5.0DCB89B1F3689BC6262FF30BBD603171] - [30/10/2015 09:18:14] - (.© Microsoft Corporation. Tous droits réservés. - Processus hôte Windows (Rundll32).) - [58 Ko] - (10.0.10586.0) : C:\Windows\System32\rundll32.exe [MD5.6FF8248F3A9D69A095C7F3F42BC29CB2] - [04/03/2016 17:22:53] - (.© Microsoft Corporation. Tous droits réservés. - Applications Services et Contrôleur.) - [429.84 Ko] - (10.0.10586.71) : C:\Windows\System32\services.exe [MD5.8497852ED44AFF902D502015792D315D] - [30/10/2015 09:17:49] - (.© Microsoft Corporation. Tous droits réservés. - Processus hôte pour les services Windows.) - [42.91 Ko] - (10.0.10586.0) : C:\Windows\System32\svchost.exe [MD5.EB29608D1405D016617EFEBD5B03C0F2] - [14/12/2016 19:19:34] - (.© Microsoft Corporation. Tous droits réservés. - DLL client de l’API uilisateur de Windows multi-utilisateurs.) - [1366.42 Ko] - (10.0.10586.713) : C:\Windows\System32\user32.dll [MD5.8F3ECCB5DC878FA14887B43CD148CBA9] - [30/10/2015 09:17:53] - (.© Microsoft Corporation. Tous droits réservés. - Application d’ouverture de session Userinit.) - [30 Ko] - (10.0.10586.0) : C:\Windows\System32\userinit.exe [MD5.C1C81AAF533552B3C4D9F11A5FF97700] - [11/05/2016 17:21:24] - (.© Microsoft Corporation. Tous droits réservés. - Application de démarrage de Windows.) - [284.53 Ko] - (10.0.10586.306) : C:\Windows\System32\Wininit.exe [MD5.046C8307CFB02D0D21CDDBCE5A3C4E3F] - [15/03/2017 00:08:53] - (.© Microsoft Corporation. Tous droits réservés. - Application d’ouverture de session Windows.) - [571.5 Ko] - (10.0.10586.839) : C:\Windows\System32\Winlogon.exe [MD5.70148EFA9A562E7185B75BBE7D376BF7] - [04/03/2016 17:22:35] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de fonction connexe pour WinSock.) - [565.34 Ko] - (10.0.10586.3) : C:\Windows\System32\Drivers\afd.sys [MD5.492B99D2E3D5D7BFD5F0AE1BE7BD37DD] - [30/10/2015 09:17:23] - (.© Microsoft Corporation. - ATAPI IDE Miniport Driver.) - [27.84 Ko] - (10.0.10586.0) : C:\Windows\System32\Drivers\atapi.sys [MD5.B6664965BF346322BBDF286174851476] - [30/10/2015 09:17:23] - (.© Microsoft Corporation. - ATAPI Driver Extension.) - [188.34 Ko] - (10.0.10586.0) : C:\Windows\System32\Drivers\ataport.sys [MD5.7F9C7226D743B232907ED2537B8A574F] - [30/10/2015 09:18:09] - (.© Microsoft Corporation. - CD-ROM File System Driver.) - [90.5 Ko] - (10.0.10586.0) : C:\Windows\System32\Drivers\cdfs.sys [MD5.82D97776BF982AA143BDC7DFB5054EA8] - [30/10/2015 09:17:22] - (.© Microsoft Corporation. - SCSI CD-ROM Driver.) - [169.5 Ko] - (10.0.10586.0) : C:\Windows\System32\Drivers\cdrom.sys [MD5.F69EB180AB7F8D324B6A7770959C6434] - [15/03/2017 00:09:16] - (.© Microsoft Corporation. - DFS Namespace Client Driver.) - [145.5 Ko] - (10.0.10586.839) : C:\Windows\System32\Drivers\dfsc.sys [MD5.DB1409A2774DB8AD3611EA28C48CEB66] - [10/11/2016 00:41:58] - (.© Microsoft Corporation. - High Definition Audio Bus Driver.) - [78 Ko] - (10.0.10586.672) : C:\Windows\System32\Drivers\hdaudbus.sys [MD5.53FDD9E69189E546DE4740F8C4D8AB2F] - [30/10/2015 09:17:23] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de port i8042.) - [112 Ko] - (10.0.10586.0) : C:\Windows\System32\Drivers\i8042prt.sys [MD5.9E5E8F2A1996F23B7E9687846AA81B01] - [30/10/2015 09:17:43] - (.© Microsoft Corporation. - IP Network Address Translator.) - [140 Ko] - (10.0.10586.0) : C:\Windows\System32\Drivers\ipnat.sys [MD5.E899947F5A85901F75AB04C8E5BE60B1] - [15/03/2017 00:09:16] - (.© Microsoft Corporation. Tous droits réservés. - Minirdr SMB Windows NT.) - [421.34 Ko] - (10.0.10586.839) : C:\Windows\System32\Drivers\mrxsmb.sys [MD5.E582DA849A58524E645545FB68B6625D] - [13/04/2016 17:37:34] - (.© Microsoft Corporation. Tous droits réservés. - NDIS (Network Driver Interface Specification).) - [1125.84 Ko] - (10.0.10586.212) : C:\Windows\System32\Drivers\ndis.sys [MD5.C03E926B0E7D66D68994067231DC3246] - [15/06/2016 16:14:51] - (.© Microsoft Corporation. - MBT Transport driver.) - [272 Ko] - (10.0.10586.420) : C:\Windows\System32\Drivers\netbt.sys [MD5.D0A63A68D5F81F814A9C2449AA5B5843] - [12/07/2017 18:03:45] - (.© Microsoft Corporation. Tous droits réservés. - Pilote du système de fichiers NT.) - [2098.84 Ko] - (10.0.10586.1007) : C:\Windows\System32\Drivers\ntfs.sys [MD5.7D0FC96264C0F8F2C1321E33E8EB646C] - [30/10/2015 09:17:23] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de port parallèle.) - [94.5 Ko] - (10.0.10586.0) : C:\Windows\System32\Drivers\parport.sys [MD5.E3C82823B22463BC38AA4F8ADA852624] - [04/03/2016 17:21:46] - (.© Microsoft Corporation. - RAS L2TP mini-port/call-manager driver.) - [102.5 Ko] - (10.0.10586.122) : C:\Windows\System32\Drivers\rasl2tp.sys [MD5.1DC2CC74B51E4DC4CD5A20C1021E4010] - [30/10/2015 09:19:42] - (.© Microsoft Corporation. Tous droits réservés. - Redirecteur de périphérique de Microsoft RDP.) - [169 Ko] - (10.0.10586.0) : C:\Windows\System32\Drivers\rdpdr.sys [MD5.DD04E1DF5709F98B2487A011E708194D] - [16/08/2017 16:44:01] - (.© Microsoft Corporation. Tous droits réservés. - Pilote TCP/IP.) - [2346.84 Ko] - (10.0.10586.1045) : C:\Windows\System32\Drivers\tcpip.sys [MD5.E40CD9A4ACC8C6D0F8307A4A4F38A3D1] - [16/08/2017 16:44:01] - (.© Microsoft Corporation. - TDI Translation Driver.) - [115.34 Ko] - (10.0.10586.1045) : C:\Windows\System32\Drivers\tdx.sys [MD5.E1F91A727A04C9F8199D04FF3BBBF63C] - [30/10/2015 09:17:22] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de cliché instantané du volume.) - [404.84 Ko] - (10.0.10586.0) : C:\Windows\System32\Drivers\volsnap.sys ---------- | Locked Applications [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{f9e93b39-49d1-4179-9848-a5a2896955ea}] - () - (%systemroot%\system32\mrt.exe) ---------- | Explorer.exe component call (Microsoft Files Whitelisted) (..-..) - (0.0.0.0) -- C:\Windows\System32\CoreUIComponents.dll (.NVIDIA Corporation.-.NVIDIA D3D10 Driver, Version 378.78.) - (21.21.13.7878) -- C:\Windows\SYSTEM32\nvwgf2umx.dll (.NVIDIA Corporation.-.NVIDIA Capture Server Proxy.) - (3.4.0.70) -- C:\Windows\system32\nvspcap64.dll (.NVIDIA Corporation.-.NVIDIA NVAPI Library, Version 378.78.) - (21.21.13.7878) -- C:\Windows\system32\nvapi64.dll ---------- | Svchost.exe component call (Microsoft Files Whitelisted) (.Realtek Semiconductor Corp..-.Realtek(r) LFX/GFX DSP component.) - (11.0.6000.434) -- C:\Windows\system32\RltkAPO64.dll (.Nahimic Inc.-.Nahimic APO lfx dll.) - (6.3.9600.17231) -- C:\Windows\system32\NAHIMICAPOlfx.dll ---------- | ZeroAccess Check [HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll [HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll [HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll ---------- | Startings up OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-19\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE LOCAL OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-20\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE RÉSEAU OneDrive - ("C:\Users\David\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background [HKU\S-1-5-21-3509389351-3950065392-2608423712-1001\SOFTWARE\...\Run]) - User: DESKTOP-FVIMMGR\David RTHDVCPL - ("C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s [HKLM\SOFTWARE\...\Run]) - User: Public Launch LCore - (C:\Program Files\Logitech Gaming Software\LCore.exe /minimized [HKLM\SOFTWARE\...\Run]) - User: Public ShadowPlay - ("C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart [HKLM\SOFTWARE\...\Run]) - User: Public [HKU\S-1-5-21-3509389351-3950065392-2608423712-1001\Software\Microsoft\Command Processor] "CompletionChar"=9 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=9 [HKU\S-1-5-21-3509389351-3950065392-2608423712-1001\Software\Microsoft\Windows\CurrentVersion\Run] "OneDrive"="C:\Users\David\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background [HKU\S-1-5-21-3509389351-3950065392-2608423712-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run] "OneDrive"=0x020000000000000000000000 [HKU\S-1-5-21-3509389351-3950065392-2608423712-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RunMRU] "a"=%USERPROFILE%\AppData\local\temp\1 "MRUList"=a [HKU\S-1-5-21-3509389351-3950065392-2608423712-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "Device"=Microsoft Print to PDF,winspool,Ne01: "IsMRUEstablished"=0 "LegacyDefaultPrinterMode"=0 [HKLM\Software\Microsoft\Command Processor] "CompletionChar"=64 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=64 [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s "Launch LCore"=C:\Program Files\Logitech Gaming Software\LCore.exe /minimized "ShadowPlay"="C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run] "RTHDVCPL"=0x020000000000000000000000 "NvBackend"=0x020000000000000000000000 "ShadowPlay"=0x020000000000000000000000 "Acronis Scheduler2 Service"=0x03000000BE62189D648CD101 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32] "AcronisTibMounterMonitor"=0x03000000804BEA9B648CD101 "TrueImageMonitor.exe"=0x0300000063B5F899648CD101 [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] ""=mnmsrvc "AppInit_DLLs"= "DdeSendTimeout"=0 "DesktopHeapLogging"=1 "DeviceNotSelectedTimeout"=15 "DwmInputUsesIoCompletionPort"=1 "EnableDwmInputProcessing"=7 "GDIProcessHandleQuota"=10000 "IconServiceLib"=IconCodecService.dll "LoadAppInit_DLLs"=0 "NaturalInputHandler"=Ninput.dll "ShutdownWarningDialogTimeout"=4294967295 "Spooler"=yes "ThreadUnresponsiveLogTimeout"=500 "TransmissionRetryTimeout"=90 "USERNestedWindowLimit"=50 "USERPostMessageLimit"=10000 "USERProcessHandleQuota"=10000 "Win32kLastWriteTime"=1D1269DFE7CB383 [HKLM\Software\WOW6432Node\Microsoft\Command Processor] "CompletionChar"=64 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=64 [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows] ""=mnmsrvc "AppInit_DLLs"= "DdeSendTimeout"=0 "DesktopHeapLogging"=1 "DeviceNotSelectedTimeout"=15 "DwmInputUsesIoCompletionPort"=1 "EnableDwmInputProcessing"=7 "GDIProcessHandleQuota"=10000 "IconServiceLib"=IconCodecService.dll "LoadAppInit_DLLs"=0 "NaturalInputHandler"=Ninput.dll "ShutdownWarningDialogTimeout"=4294967295 "Spooler"=yes "ThreadUnresponsiveLogTimeout"=500 "TransmissionRetryTimeout"=90 "USERNestedWindowLimit"=50 "USERPostMessageLimit"=10000 "USERProcessHandleQuota"=10000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED} ---------- | Win.ini : ---------- | System.ini : ---------- | Tasks List GoogleUpdateTaskMachineCore GoogleUpdateTaskMachineUA NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} OneDrive Standalone Update Task-S-1-5-21-3509389351-3950065392-2608423712-1001 ---------- | Startings up registry ¦ Folder ---------- | Other keys [HKLM\System\CurrentControlSet\Control\SecurityProviders] "SecurityProviders"=credssp.dll [HKLM\System\CurrentControlSet\Control\Terminal Server] "AllowRemoteRPC"=0 "DelayConMgrTimeout"=0 "DeleteTempDirsOnExit"=1 "fDenyTSConnections"=1 "fSingleSessionPerUser"=1 "NotificationTimeOut"=0 "PerSessionTempDir"=0 "ProductVersion"=5.1 "RCDependentServices"=CertPropSvc SessionEnv "SnapshotMonitors"=1 "StartRCM"=0 "TSUserEnabled"=0 "InstanceID"=ff1efdb9-f49c-4d4b-8848-f4c6d95 "GlassSessionId"=1 [HKLM\System\CurrentControlSet\Control\Session Manager] "AutoChkTimeout"=8 "BootExecute"=autocheck autochk * "BootShell"=%SystemRoot%\system32\bootim.exe "CriticalSectionTimeout"=2592000 "ExcludeFromKnownDlls"= "GlobalFlag"=0 "HeapDeCommitFreeBlockThreshold"=0 "HeapDeCommitTotalFreeThreshold"=0 "HeapSegmentCommit"=0 "HeapSegmentReserve"=0 "InitConsoleFlags"=0 "NumberOfInitialSessions"=2 "ObjectDirectories"=\Windows \RPC Control "ProcessorControl"=2 "ProtectionMode"=1 "ResourceTimeoutCount"=648000 "RunLevelExecute"=WinInit ServiceControlManager "RunLevelValidate"=ServiceControlManager "SETUPEXECUTE"= "PendingFileRenameOperations"=\??\E:\TEMP\_iu14D2N.tmp \??\E:\TEMP\{916D20BA-43AB-4C4B-B16E-CD126E462315}\setup.exe \??\E:\TEMP\~nsu.tmp\Au_.exe \??\E:\TEMP\~nsu.tmp \??\E:\TEMP\nsl61F8.tmp\ \??\E:\TEMP\nsl61F8.tmp\Lang\ENU.dll \??\E:\TEMP\nsl61F8.tmp\Lang\FRA.dll \??\E:\TEMP\nsl61F8.tmp\SetupHelper.exe \??\E:\TEMP\nsl61F8.tmp\ [HKLM\System\CurrentControlSet\Control] "BootDriverFlags"=28 "CurrentUser"=USERNAME "EarlyStartServices"=RpcSs Power BrokerInfrastructure SystemEventsBroker DcomLaunch RpcEpMapper LSM AppIdSvc "PreshutdownOrder"=UsoSvc gpsvc trustedinstaller "WaitToKillServiceTimeout"=200 "SystemStartOptions"= NOEXECUTE=OPTIN "SystemBootDevice"=multi(0)disk(0)rdisk(1)partition(4) "FirmwareBootDevice"=multi(0)disk(0)rdisk(1)partition(3) "LastBootSucceeded"=1 "LastBootShutdown"=1 "DirtyShutdownCount"=10 [HKLM\System\CurrentControlSet\Control\lsa] "auditbasedirectories"=0 "auditbaseobjects"=0 "Bounds"=0x0030000000200000 "crashonauditfail"=0 "fullprivilegeauditing"=0x80 "LimitBlankPasswordUse"=1 "NoLmHash"=1 "Security Packages"="" [30/03/2016 19:36:00] "Notification Packages"=scecli "Authentication Packages"=msv1_0 "LsaPid"=696 "SecureBoot"=1 "ProductType"=3 "disabledomaincreds"=0 "everyoneincludesanonymous"=0 "forceguest"=0 "restrictanonymous"=0 "restrictanonymoussam"=1 ---------- | .LNK with Arguments ---------- | AppCertDlls ---------- | Dnsapi.dll C:\Windows\System32\dnsapi.dll -> OK : \drivers\etc\hosts C:\Windows\SysWOW64\dnsapi.dll -> OK : \drivers\etc\hosts ---------- | Policies | Registry [HKU\S-1-5-21-3509389351-3950065392-2608423712-1001\Control Panel\Desktop] "ActiveWndTrackTimeout"=0 "BlockSendInputResets"=0 "CaretWidth"=1 "ClickLockTime"=1200 "CoolSwitchColumns"=7 "CoolSwitchRows"=3 "CursorBlinkRate"=530 "DockMoving"=1 "DragFromMaximize"=1 "DragFullWindows"=1 "DragHeight"=4 "DragWidth"=4 "FocusBorderHeight"=1 "FocusBorderWidth"=1 "FontSmoothing"=2 "FontSmoothingGamma"=0 "FontSmoothingOrientation"=1 "FontSmoothingType"=2 "ForegroundFlashCount"=7 "ForegroundLockTimeout"=200000 "LeftOverlapChars"=3 "MenuShowDelay"=400 "MouseWheelRouting"=2 "PaintDesktopVersion"=0 "Pattern"=0 "RightOverlapChars"=3 "SnapSizing"=1 "TileWallpaper"=0 "WallpaperOriginX"=0 "WallpaperOriginY"=0 "WallpaperStyle"=10 "WheelScrollChars"=3 "WheelScrollLines"=3 "WindowArrangementActive"=1 "ScreenSaveActive"=1 "Win8DpiScaling"=0 "DpiScalingVer"=4096 "UserPreferencesMask"=0x9E1E078012000000 "Wallpaper"=C:\Windows\web\wallpaper\Windows\img0.jpg [30/10/2015 09:18:47] "MaxVirtualDesktopDimension"=1920 "MaxMonitorDimension"=1920 "TranscodedImageCount"=1 "LastUpdated"=4294967295 "TranscodedImageCache"=0x7AC301002B73030080070000B00400005F32D837E312D10143003A005C00570069006E0064006F00770073005C007700650062005C00770061006C006C00700061007000650072005C00570069006E0064006F00770073005C0069006D00670030002E006A007000670000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 "WaitToKillAppTimeout"=200 [HKU\S-1-5-21-3509389351-3950065392-2608423712-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{018D5C66-4533-4307-9B53-224DE2ED1FE6}"=1 [HKU\S-1-5-21-3509389351-3950065392-2608423712-1001\Software\Microsoft\Windows\CurrentVersion\Explorer] "ExplorerStartupTraceRecorded"=1 "ShellState"=0x240000003428000000000000000000000000000001000000130000000000000062000000 "UserSignedIn"=1 "SlowContextMenuEntries"=0x44F8271D1F3A104485AC14651078412DA60100006024B221EA3A6910A2DC08002B30309DA60100000114020000000000C000000000000046900200006078A409B011A54DAFA526D86198A7804604000005F7542848354C41A11393E27C808C85F7030000 "TelemetrySalt"=0 "SIDUpdatedOnLibraries"=1 "LocalKnownFoldersMigrated"=1 "LastClockSize"=0x270000000F000000460000000F000000410000000F000000 "GlobalAssocChangedCounter"=332 "AppReadinessLogonComplete"=1 "FirstRunTelemetryComplete"=1 "Browse For Folder Width"=347 "Browse For Folder Height"=346 "link"=0x15000000 "Reason Setting"=255 [HKU\S-1-5-21-3509389351-3950065392-2608423712-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_SearchFiles"=2 "ServerAdminUI"=0 "Hidden"=2 "ShowCompColor"=1 "HideFileExt"=1 "DontPrettyPath"=0 "ShowInfoTip"=1 "HideIcons"=0 "MapNetDrvBtn"=0 "WebView"=1 "Filter"=0 "ShowSuperHidden"=0 "SeparateProcess"=0 "AutoCheckSelect"=0 "IconsOnly"=0 "ShowTypeOverlay"=1 "ShowStatusBar"=1 "ListviewAlphaSelect"=1 "ListviewShadow"=1 "TaskbarAnimations"=1 "StoreAppsOnTaskbar"=1 "EnableStartMenu"=1 "StartMenuInit"=11 "ReindexedProfile"=1 [HKU\S-1-5-21-3509389351-3950065392-2608423712-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\WordWheelQuery] "MRUListEx"=0xFFFFFFFF [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "DSCAutomationHostEnabled"=2 "EnableCursorSuppression"=1 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableVirtualization"=1 "PromptOnSecureDesktop"=1 "ValidateAdminCodeSignatures"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableLinkedConnections"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "ForceActiveDesktopOn"=0 "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "NoRecentDocsHistory"=0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoAddingComponents"=1 "NoComponents"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "CheckedValue"=1 "DefaultValue"=2 "HKeyRoot"=2147483649 "Id"=2 "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "ValueName"=Hidden [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer] "ActiveSetupDisabled"=0 "ActiveSetupTaskOverride"=1 "AsyncRunOnce"=1 "AsyncUpdatePCSettings"=1 "DisableAppInstallsOnFirstLogon"=1 "DisableResolveStoreCategories"=1 "DisableUpgradeCleanup"=1 "EarlyAppResolverStart"=1 "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "FSIASleepTimeInMs"=60000 "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "IconUnderline"=2 "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "MachineOobeUpdates"=1 "NoWaitOnRoamingPayloads"=1 "TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd} "SmartScreenEnabled"=RequireAdmin "GlobalAssocChangedCounter"=19 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_TrackDocs"=1 "TaskbarSizeMove"=0 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "DSCAutomationHostEnabled"=2 "EnableCursorSuppression"=1 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableVirtualization"=1 "PromptOnSecureDesktop"=1 "ValidateAdminCodeSignatures"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableLinkedConnections"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer] "ForceActiveDesktopOn"=0 "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "NoRecentDocsHistory"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoAddingComponents"=1 "NoComponents"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "CheckedValue"=1 "DefaultValue"=2 "HKeyRoot"=2147483649 "Id"=2 "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "ValueName"=Hidden [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer] "ActiveSetupDisabled"=0 "ActiveSetupTaskOverride"=1 "AsyncRunOnce"=1 "AsyncUpdatePCSettings"=1 "DisableAppInstallsOnFirstLogon"=1 "DisableResolveStoreCategories"=1 "DisableUpgradeCleanup"=1 "EarlyAppResolverStart"=1 "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "FSIASleepTimeInMs"=60000 "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "IconUnderline"=2 "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "MachineOobeUpdates"=1 "NoWaitOnRoamingPayloads"=1 "TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd} "GlobalAssocChangedCounter"=29 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_TrackDocs"=1 "TaskbarSizeMove"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s ---------- | Winlogon [HKU\S-1-5-21-3509389351-3950065392-2608423712-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin;OneDrive;Work Folders "BuildNumber"=10586 "FirstLogon"=0 "ParseAutoexec"=1 "PUUActive"=0x496F9AEC100000000F001F0049190100101E0100FB430100D0000000490157013DAC1D7D989D0100989D010073C6000031AD000003980000000000002E4401001A0400004B000000CA579150D120D301 [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "AutoRestartShell"=1 "Background"=0 0 0 "CachedLogonsCount"=10 "DebugServerCommand"=no "DefaultDomainName"= "DefaultUserName"=David "DisableBackButton"=1 "EnableSIHostIntegration"=1 "ForceUnlockLogon"=0 "LegalNoticeCaption"= "LegalNoticeText"= "PasswordExpiryWarning"=5 "PowerdownAfterShutdown"=0 "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "ReportBootOk"=1 "Shell"=explorer.exe "ShellCritical"=0 "ShellInfrastructure"=sihost.exe "SiHostCritical"=0 "SiHostReadyTimeOut"=0 "SiHostRestartCountLimit"=0 "SiHostRestartTimeGap"=0 "Userinit"=C:\Windows\system32\userinit.exe, "VMApplet"=SystemPropertiesPerformance.exe /pagefile "WinStationsDisabled"=0 "scremoveoption"=0 "DisableCAD"=1 "ShutdownStartTime"=131484266107145433 "UserSessionShutdownStopTime"=131484266107301704 "ShutdownFlags"=2147483755 "AutoAdminLogon"=0 "IsConnectedAutoLogon"=0 "DisableLockWorkstation"=0 "EnableFirstLogonAnimation"=1 "AutoLogonSID"=S-1-5-21-3509389351-3950065392-2608423712-1001 "LastUsedUsername"=David [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon] "DefaultDomainName"= "DefaultUserName"= "EnableSIHostIntegration"=1 "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "Shell"=explorer.exe "ShellCritical"=0 "SiHostCritical"=0 "SiHostReadyTimeOut"=0 "SiHostRestartCountLimit"=0 "SiHostRestartTimeGap"=0 ---------- | Associations [HKLM\Software\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\Classes\.com] ""=comfile [HKLM\Software\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.reg] ""=regfile [HKLM\Software\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\Classes\.scr] ""=scrfile [HKLM\Software\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\Classes\.bat] ""=batfile [HKLM\Software\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.cmd] ""=cmdfile [HKLM\Software\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.pif] ""=piffile [HKLM\Software\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.inf] ""=inffile [HKLM\Software\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\Classes\.url] ""=InternetShortcut [HKLM\Software\Classes\.lnk] ""=lnkfile [HKLM\Software\Classes\.hta] ""=htafile "Content Type"=application/hta "PerceivedType"=text [HKLM\Software\Classes\htafile\Shell\Open\Command] ""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* [HKLM\Software\Classes\InternetShortcut] "EditFlags"=2 "FriendlyTypeName"=@C:\Windows\System32\ieframe.dll,-10046 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "NeverShowExt"= "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment [HKLM\Software\Classes\Application.Manifest] ""=Application Manifest "BrowserFlags"=4096 "EditFlags"=4259840 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200 [HKLM\Software\Classes\Application.Reference] ""=Application Reference "EditFlags"=131072 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201 "IsShortcut"= "NeverShowExt"= [HKLM\Software\Classes\Folder] ""=Folder "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeLayoutPatternForSearch"=alpha "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.HomeGroupSharingStatus [HKLM\Software\WOW6432Node\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\WOW6432Node\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\WOW6432Node\Classes\.com] ""=comfile [HKLM\Software\WOW6432Node\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.reg] ""=regfile [HKLM\Software\WOW6432Node\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\WOW6432Node\Classes\.scr] ""=scrfile [HKLM\Software\WOW6432Node\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\WOW6432Node\Classes\.bat] ""=batfile [HKLM\Software\WOW6432Node\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.cmd] ""=cmdfile [HKLM\Software\WOW6432Node\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.pif] ""=piffile [HKLM\Software\WOW6432Node\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.inf] ""=inffile [HKLM\Software\WOW6432Node\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\WOW6432Node\Classes\.url] ""=InternetShortcut [HKLM\Software\WOW6432Node\Classes\.lnk] ""=lnkfile [HKLM\Software\WOW6432Node\Classes\.hta] ""=htafile "Content Type"=application/hta "PerceivedType"=text [HKLM\Software\WOW6432Node\Classes\htafile\Shell\Open\Command] ""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* [HKLM\Software\WOW6432Node\Classes\InternetShortcut] "EditFlags"=2 "FriendlyTypeName"=@C:\Windows\System32\ieframe.dll,-10046 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "NeverShowExt"= "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment [HKLM\Software\WOW6432Node\Classes\Application.Manifest] ""=Application Manifest "BrowserFlags"=4096 "EditFlags"=4259840 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200 [HKLM\Software\WOW6432Node\Classes\Application.Reference] ""=Application Reference "EditFlags"=131072 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201 "IsShortcut"= "NeverShowExt"= [HKLM\Software\WOW6432Node\Classes\Folder] ""=Folder "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeLayoutPatternForSearch"=alpha "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.HomeGroupSharingStatus [HKLM\Software\Clients\StartMenuInternet\Google Chrome\Shell\open\Command] ""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [HKLM\Software\Clients\StartMenuInternet\Google Chrome\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""=C:\Program Files\Internet Explorer\iexplore.exe [16/08/2017 16:43:28] [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\Shell\open\Command] ""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""=C:\Program Files\Internet Explorer\iexplore.exe [16/08/2017 16:43:28] [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall ---------- | AppcompatFlags [HKU\S-1-5-21-3509389351-3950065392-2608423712-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store] "C:\Users\David\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C03802000BA5020001000000000000000000000A0021000019B4C529E312D1010000000100000000 "SIGN.MEDIA=A80E5C DVDSetup.exe"=0x5341435001000000000000000700000028000000F06B09001E7509000100000000000000000002067122000019B4C529E312D10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000C5980000000000000100000001000000 "C:\Users\David\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C88002006821030001000000000000000000000A0021000019B4C529E312D1010000000100000000 "C:\Users\David\Downloads\GeForce_Experience_v2.10.2.40.exe"=0x534143500100000000000000070000002800000078E59102EF0692020100000000000000000002060001000019B4C529E312D1010000000000000000 "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exe"=0x5341435001000000000000000700000028000000D0B0480035C9480001000000000000000000000AF122000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000140F0000000000000100000001000000 "SIGN.MEDIA=7AB4598 Bin\Instv2.exe"=0x534143500100000000000000070000002800000090F452001510530001000000000000000000000A7122000019B4C529E312D101000000000000000002000000280000000000000000000040000000000000000000000000000000004BA90100000000000100000001000000 "SIGN.MEDIA=1B1EAA4 Software\AI_SuiteIII\AISuite3_1.02.18\AppSetup\Setup.exe"=0x534143500100000000000000070000002800000000DC0000000000000100000000000000000001060001000019B4C529E312D101000000000000000002000000280000000000000000000080000000000000000000000000000000001B2D0000000000000100000001000000 "SIGN.MEDIA=330AA3E Software\AI_SuiteIII\Ai Charger+ - V3.02.01\AppSetup\Setup.exe"=0x534143500100000000000000070000002800000000DC0000000000000100000000000000000001060001000019B4C529E312D1010000000000000000020000002800000000000000000000800000000000000000000000000000000063070000000000000100000001000000 "SIGN.MEDIA=77CA1E Software\AI_SuiteIII\EZUpdate\AppSetup\Setup.exe"=0x534143500100000000000000070000002800000000DC0000000000000100000000000000000001060001000019B4C529E312D10100000000000000000200000028000000000000000000008000000000000000000000000000000000710F0000000000000100000001000000 "SIGN.MEDIA=2E6F9 Software\AI_SuiteIII\EZUpdate\AppSetup\AsUpIo\AsUpIoIns.exe"=0x534143500100000000000000070000002800000080BA0100F36602000100000000000000000000067100000019B4C529E312D101000000000000000002000000280000000000000000080080000000000000000000000000000000004E000000000000000100000001000000 "SIGN.MEDIA=29CE88C Software\AI_SuiteIII\LED_Control_1.00.03\AppSetup\Setup.exe"=0x534143500100000000000000070000002800000000DC0000000000000100000000000000000001057120000019B4C529E312D101000000000000000002000000280000000000000000080080000000000000000000000000000000008A030000000000000100000001000000 "SIGN.MEDIA=582DDC8 Software\AI_SuiteIII\Mobo_Connect_1.00.15\AppSetup\Setup.exe"=0x534143500100000000000000070000002800000000DC0000000000000100000000000000000003060001000019B4C529E312D101000000000000000002000000280000000000000000000080000000000000000000000000000000007C150000000000000100000001000000 "SIGN.MEDIA=E2AF32 Software\AI_SuiteIII\PPSU_1.02.69\AppSetup\Setup.exe"=0x534143500100000000000000070000002800000000DC0000000000000100000000000000000001060001000019B4C529E312D101000000000000000002000000280000000000000000000080000000000000000000000000000000005B730000000000000100000001000000 "SIGN.MEDIA=25C7BD Software\AI_SuiteIII\Push Notice_1.01.06\AppSetup\Setup.exe"=0x534143500100000000000000070000002800000000DC0000000000000100000000000000000001060001000019B4C529E312D10100000000000000000200000028000000000000000000008000000000000000000000000000000000540C0000000000000100000001000000 "SIGN.MEDIA=31BBED Software\AI_SuiteIII\System_Information_1.00.22\AppSetup\Setup.exe"=0x534143500100000000000000070000002800000000DC0000000000000100000000000000000001060001000019B4C529E312D10100000000000000000200000028000000000000000000008000000000000000000000000000000000B3040000000000000100000001000000 "SIGN.MEDIA=2966C9 Software\AI_SuiteIII\USB 3 Boost - V1.10.00\AppSetup\Setup.exe"=0x534143500100000000000000070000002800000000DC0000000000000100000000000000000001060001000019B4C529E312D10100000000000000000200000028000000000000000000008000000000000000000000000000000000B1770000000000000100000001000000 "SIGN.MEDIA=DD094F Software\AI_SuiteIII\USB 3 Boost - V1.10.00\AppSetup\USBDriver\AsusSetup.exe"=0x534143500100000000000000070000002800000018413700DADC370001000000000000000000000A0021000019B4C529E312D10100000000000000000200000028000000000000000008008000000000000000000000000000000000265A0000000000000100000001000000 "SIGN.MEDIA=BAE65 Software\AI_SuiteIII\USB 3 Boost - V1.10.00\AppSetup\UASDriver\Setup.exe"=0x53414350010000000000000007000000280000009845020054F802000100000000000000000002067122000019B4C529E312D101000000000000000002000000280000000000000000080080000000000000000000000000000000004D080000000000000100000001000000 "C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe"=0x534143500100000000000000070000002800000038810600A93307000100000000000000000003060021000059193B14E312D1010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000000000000000000000000000000000000033380400000000000100000001000000 "C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe"=0x534143500100000000000000070000002800000018971C002F921D000100000000000000000001060001000019B4C529E312D10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000020200000000000000000000000000C0210000000000000300000003000000 "C:\ProgramData\ASUS\AI Suite III\Setup.exe"=0x534143500100000000000000070000002800000018E10F0082BB100001000000000000000000000A0021000019B4C529E312D101000000000000000002000000280000000000000000000040000000000000000000000000000000004E8A0000000000000200000002000000 "C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\Setup.exe"=0x534143500100000000000000070000002800000000DC0000000000000100000000000000000001060001000019B4C529E312D10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000000000000000000000000000000000000000DC120000000000000100000001000000 "C:\Program Files (x86)\InstallShield Installation Information\{C740780B-F589-481C-8F59-A32735DEFCFF}\Setup.exe"=0x534143500100000000000000070000002800000000DC0000000000000100000000000000000001060001000019B4C529E312D1010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000000000000000000000000000000000000079200000000000000100000001000000 "C:\Program Files (x86)\InstallShield Installation Information\{7B40EADF-CA1B-423A-A110-89DA90679788}\Setup.exe"=0x534143500100000000000000070000002800000000DC0000000000000100000000000000000001060001000019B4C529E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000001F080000000000000100000001000000 "C:\Program Files (x86)\InstallShield Installation Information\{BF4E451B-78BD-47C6-A786-71F295F818FA}\Setup.exe"=0x534143500100000000000000070000002800000000DC0000000000000100000000000000000001060001000019B4C529E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000001E080000000000000100000001000000 "C:\Program Files (x86)\InstallShield Installation Information\{2AEAE3EB-AF83-4A1E-A749-2C263F62955B}\Setup.exe"=0x534143500100000000000000070000002800000000DC0000000000000100000000000000000003060001000019B4C529E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000000E080000000000000100000001000000 "C:\Program Files (x86)\InstallShield Installation Information\{1F83046C-90BD-49E2-B918-5E28EDB7D7EF}\Setup.exe"=0x534143500100000000000000070000002800000000DC0000000000000100000000000000000001060001000019B4C529E312D10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000000000000000000000000000000000000000D3380000000000000100000001000000 "C:\Program Files (x86)\InstallShield Installation Information\{C0FEE440-FA2F-4C0D-B64C-35F1D4B7A009}\Setup.exe"=0x534143500100000000000000070000002800000000DC0000000000000100000000000000000001060001000019B4C529E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000000E080000000000000100000001000000 "C:\Program Files (x86)\InstallShield Installation Information\{015CFA5F-1377-48B2-84DB-F4D3DE8EBAF7}\Setup.exe"=0x534143500100000000000000070000002800000000DC0000000000000100000000000000000001060001000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000610F0000000000000100000001000000 "C:\Program Files (x86)\InstallShield Installation Information\{AF8D8D0D-1262-4368-895E-44DA5632CD7B}\Setup.exe"=0x534143500100000000000000070000002800000000DC0000000000000100000000000000000001060001000019B4C529E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000006F0A0000000000000100000001000000 "C:\Users\David\Downloads\BlackDesertOnlineSetup_20160228_1005.exe"=0x5341435001000000000000000700000028000000C87B0403AA04050301000000000000000000000A0021000019B4C529E312D101000000000000000002000000280000000000000000000040000000000000000000000000000000003D6FBD00000000000100000001000000 "C:\Users\David\Downloads\mumble-1.2.13_plus_MumbleComSkin.exe"=0x5341435001000000000000000700000028000000181DE800839BE8000100000000000000000001060001000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000DB8A0000000000000100000001000000 "C:\Program Files (x86)\Mumble\mumble.exe"=0x5341435001000000000000000700000028000000A8EA56001FAB570001000000000000000000010600010000A47A1198672ED20100000000000000000200000028000000000000000000004000000000000000000000000000000000D538AE00000000000C0000000C000000 "C:\Users\David\Downloads\ChromeSetup.exe"=0x534143500100000000000000070000002800000050120F00AD530F0001000000000000000000000A0021000019B4C529E312D1010000008100000000 "C:\Users\David\AppData\Local\Temp\GUMF2D9.tmp\GoogleUpdateSetup.exe"=0x534143500100000000000000070000002800000050120F00AD530F0001000000000000000000000A0021000019B4C529E312D1010000008000000000020000002800000000000000000000400000000000000000000000000000000050C30000000000000100000001000000 "C:\Program Files (x86)\Black Desert Online\Black Desert Online Launcher.exe"=0x5341435001000000000000000700000028000000281BAF006F2BAF0001000000000000000000000A7122000019B4C529E312D101000000000000000002000000280000000000000080000040000000000000000000000000000000003AE5BE08000000003600000036000000 "C:\Users\David\AppData\Local\Temp\187E51BB-1DFE-4AA4-B464-F95C070BB942\atih_installer_shell_hd_standard.exe"=0x534143500100000000000000070000002800000048EB27005F5E28000100000000000000000001060001000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000A9960200000000000100000001000000 "C:\Users\David\AppData\Local\Temp\25D78404-A3FC-4303-BE9D-8B29D972E874\securezone_upgrade_standard.exe"=0x534143500100000000000000070000002800000010426300FD9363000100000000000000000001060001000019B4C529E312D10100000080000000000500000010000000000000000000000000000000000000000200000028000000000000000000000000000000000000000000000000000000EB000000000000000100000001000000 "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageLauncher.exe"=0x534143500100000000000000070000002800000040790100D24C020001000000000000000000000A0021000019B4C529E312D10100000000000000000500000010000000000000000000000000000000800000000200000028000000000000008000004000000000000000000000000000000000AF650000000000000100000001000000 "C:\Users\David\AppData\Local\Temp\Temp1_storage-executive-win-64.zip\StorageExecutive-3.24.082015.05-windows-64bit-Setup.exe"=0x5341435001000000000000000700000028000000B8728607113A87070100000000000000000003060001000019B4C529E312D1010000000000000000 "C:\Users\David\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C8BA0200D5D3020001000000000000000000000A0021000019B4C529E312D1010000000100000000 "E:\TEMP\Temp1_2-2-1-build-25130-utorrent.zip\2-2-1-build-25130-utorrent.exe"=0x534143500100000000000000070000002800000078190600548F06000100000000000000000001067102000019B4C529E312D1010000000000000000 "E:\Telechargements\wrar531fr.exe"=0x534143500100000000000000070000002800000050FC1C005F9C1D0001000000000000000000000A0021000019B4C529E312D101000000800000000002000000280000000000000000000040000000000000000000000000000000000ACC0000000000000100000001000000 "E:\Telechargements\winrar-x64-531fr.exe"=0x5341435001000000000000000700000028000000F8CC1F004662200001000000000000000000000A0021000059193B14E312D1010000000000000000020000002800000000000000000000400000000000000000000000000000000027740000000000000200000002000000 "E:\Programmes\Uninstall.exe"=0x5341435001000000000000000700000028000000F8F90200EE0D030001000000000000000000000A0021000059193B14E312D101000000000000000002000000280000000000000000000040000000000000000000000000000000003F050000000000000100000001000000 "E:\Telechargements\DTLiteInstaller.exe"=0x5341435001000000000000000700000028000000688F0A0077280B000100000000000000000001060001000019B4C529E312D1010000000000000000 "E:\Programmes\DAEMON Tools Lite\DTLauncher.exe"=0x5341435001000000000000000700000028000000C0BE2F001B3E300001000000000000000000000A7322000059193B14E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000A4950100000000000100000001000000 "SIGN.MEDIA=F495F676 setup.exe"=0x534143500100000000000000070000002800000081624700000000000100000000000000000001060001000019B4C529E312D101000000000000000002000000280000000000000000000040000000000000000000000000000000000A4A0300000000000100000001000000 "E:\Games\Tales from the Borderlands Episode 5\Borderlands.exe"=0x5341435001000000000000000700000028000000003EA800D4C9A80001000000000000000000000A7122000019B4C529E312D1010000000000000000020000002800000000000000200000600000000000000000000000000000000017082301000000000600000006000000 "E:\Programmes\Winrar\WinRAR.exe"=0x5341435001000000000000000700000028000000F87D170014CB170001000000000000000000000A0021000059193B14E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000297A0500000000000300000003000000 "E:\Telechargements\World-of-Warcraft-Setup.exe"=0x5341435001000000000000000700000028000000F09F2E00EF172F0001000000000000000000000A0021000019B4C529E312D1010000000000000000 "C:\Program Files (x86)\World of Warcraft\World of Warcraft Launcher.exe"=0x534143500100000000000000070000002800000030542C0013D82C000100000000000000000001060001000019B4C529E312D10100000000000000000200000028000000000000008000000000000000000000000000000000000000C6738100000000000200000002000000 "C:\Users\David\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C8BA020001D3020001000000000000000000000A0021000019B4C529E312D1010000000100000000 "E:\Telechargements\LGS_8.83.85_x64_Logitech.exe"=0x5341435001000000000000000700000028000000203F5A07795F5A0701000000000000000000000A0021000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000779A0100000000000100000001000000 "C:\Program Files\Logitech Gaming Software\LU_1\LogitechUpdate.exe"=0x5341435001000000000000000700000028000000188D1F00D46620000100000000000000000002067122000019B4C529E312D101000000800000000002000000280000000000000000000000000000000000000000000000000000001C3F0000000000000200000002000000 "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\LaunchGFExperience.exe"=0x5341435001000000000000000700000028000000C04110004CF610000100000000000000000003060001000019B4C529E312D10100000000000000000200000028000000000000008000000000000000000000000000000000000000EF070000000000000200000002000000 "E:\TEMP\4D1E2CF0-B399-4C1E-B62F-CEF304D1B510\securezone_upgrade_standard.exe"=0x534143500100000000000000070000002800000010426300FD9363000100000000000000000001060001000019B4C529E312D10100000080000000000500000010000000000000000000000000000000000000000200000028000000000000000000000000000000000000000000000000000000C6060000000000000100000001000000 "E:\TEMP\0C1840DE-EF89-487A-80F0-45C1501D30C3\securezone_upgrade_standard.exe"=0x534143500100000000000000070000002800000010426300FD9363000100000000000000000001060001000019B4C529E312D10100000080000000000500000010000000000000000000000000000000000000000200000028000000000000000000000000000000000000000000000000000000EA000000000000000100000001000000 "E:\TEMP\6B7AEC16-90B3-498B-B89B-F0980AF47925\securezone_upgrade_standard.exe"=0x534143500100000000000000070000002800000010426300FD9363000100000000000000000001060001000019B4C529E312D101000000800000000005000000100000000000000000000000000000000000000002000000280000000000000000000000000000000000000000000000000000008D000000000000000100000001000000 "E:\TEMP\30EFD062-B585-4C55-A6BA-7B52D24F9459\sync_info_remover.exe"=0x5341435001000000000000000700000028000000E0290B00B00E0C000100000000000000000003067100000019B4C529E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000002F000000000000000100000001000000 "E:\Telechargements\hwmonitor_1.22-32bit\HWMonitor_x32.exe"=0x5341435001000000000000000700000028000000E8981500CA1216000100000000000000000002067102000019B4C529E312D10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000F1961700000000000400000004000000 "E:\TEMP\Rar$EXa0.635\MSIAfterburnerSetup420.exe"=0x534143500100000000000000070000002800000058CB4802038449020100000000000000000001060001000019B4C529E312D1010000000000000000020000002800000000000000000000400000000000000000000000000000000036A80000000000000100000001000000 "C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe"=0x5341435001000000000000000700000028000000C8DA08000FFA080001000000000000000000000A71220000A47A1198672ED20100000000000000000200000028000000000000000000004000000000000000000000000000000000EAC84600000000000400000004000000 "E:\Telechargements\Core-Temp-setup.exe"=0x534143500100000000000000070000002800000050B3110043F111000100000000000000000002060001000019B4C529E312D1010000000000000000020000002800000000000000000000400000000000000000000000000000000057930000000000000100000001000000 "C:\Program Files\Core Temp\Core Temp.exe"=0x5341435001000000000000000700000028000000D8B00D00A18C0E0001000000000000000000000A732200008D6EE477682ED201000000000000000002000000280000000000000000000040000000000000000000000000000000006BC64C00000000000400000004000000 "E:\TEMP\NVIDIA\DisplayDriver\GeForceGameReadyDriver368.81\setup.exe"=0x534143500100000000000000070000002800000038720600C35C070001000000000000000000000A0021000019B4C529E312D101000000000000000002000000280000000000000080000040000000000000000000000000000000006E7C0100000000000100000001000000 "C:\Users\David\AppData\Local\Microsoft\OneDrive\17.3.6514.0720\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C8AC02000903030001000000000000000000000A0021000019B4C529E312D1010000000100000000 "C:\Users\David\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C0AC02007050030001000000000000000000000A0021000019B4C529E312D1010000000100000000 "E:\TEMP\NVIDIA\DisplayDriver\GeForceGameReadyDriver372.54\setup.exe"=0x5341435001000000000000000700000028000000C06B0600081B070001000000000000000000000A0021000019B4C529E312D10100000000000000000200000028000000000000008000004000000000000000000000000000000000C9F70100000000000100000001000000 "E:\Telechargements\SteamSetup.exe"=0x534143500100000000000000070000002800000088131600052B160001000000000000000000000A0021000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000E1400000000000000100000001000000 "C:\Program Files (x86)\Steam\Steam.exe"=0x534143500100000000000000070000002800000050842C00D4532D0001000000000000000000000A0021000019B4C529E312D1010000000000000000 "E:\Games\Attack on Titan [FitGirl Repack]\setup.exe"=0x5341435001000000000000000700000028000000929F5B00000000000100000000000000000001060001000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000991CEB00000000000100000001000000 "E:\TEMP\Logitech\Logitech_Gaming_Software_1\MSetup.exe"=0x534143500100000000000000070000002800000018191A00003D1A000100000000000000000002060001000019B4C529E312D1010000000000000000020000002800000000000000000000400000000000000000000000000000000034700200000000000100000001000000 "C:\Program Files (x86)\Common Files\Overwolf\0.97.306.0\OverwolfHelper.exe"=0x5341435001000000000000000700000028000000F0480100BC5F010001000000000000000000000A7122000019B4C529E312D10100000000000000000500000010000000000000000000000000000000800000000200000028000000000000008000004000000000000000000000000000000000FC1C1400000000000400000004000000 "C:\Program Files (x86)\Common Files\Overwolf\0.97.306.0\OverwolfHelper64.exe"=0x5341435001000000000000000700000028000000F06A01002835020001000000000000000000000A7322000059193B14E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000F9500B00000000000200000002000000 "C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe"=0x5341435001000000000000000700000028000000C06B060011B9060001000000000000000000000A0021000019B4C529E312D1010000000000000000020000002800000000000000800000400000000000000000000000000000000010AB0100000000000100000001000000 "E:\Telechargements\GeForce_Experience_v3.0.5.22.exe"=0x534143500100000000000000070000002800000070531504DBE715040100000000000000000002060001000019B4C529E312D1010000000000000000020000002800000000000000000000400000000000000000000000000000000054BD0000000000000100000001000000 "C:\Program Files (x86)\Overwolf\OWUninstaller.exe"=0x534143500100000000000000070000002800000088C40100EEFA01000100000000000000000003060001000019B4C529E312D1010000000000000000 "E:\Telechargements\GeForce_Experience_v3.0.5.22 (1).exe"=0x534143500100000000000000070000002800000070531504DBE715040100000000000000000002060001000019B4C529E312D101000000000000000002000000280000000000000000000040000000000000000000000000000000002AD90000000000000100000001000000 "E:\TEMP\743b2723-2ae7-4e80-bdc7-aec3e896d219\setup.exe"=0x5341435001000000000000000700000028000000C06B0600A41A070001000000000000000000000A0021000019B4C529E312D10100000000000000000200000028000000000000008000004000000000000000000000000000000000295D0200000000000100000001000000 "E:\Games\Attack on Titan\AoT.exe"=0x534143500100000000000000070000002800000088C2CC00F096CD0001000000000000000000000A7322000059193B14E312D101000000000000000002000000500000000000010600000060000000000000000000000000000000005054020000000000010000000100000000000000000000000000000000000000000000000000000015550000000000000100000000000000 "E:\Games\Attack on Titan\Language Selector.exe"=0x534143500100000000000000070000002800000000900000000000000100000000000000000003067100000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000681B2E00000000000100000001000000 "E:\TEMP\c69ffdb7-5837-44c6-8f95-8dfb93c885e0\setup.exe"=0x5341435001000000000000000700000028000000C06B06003B4A070001000000000000000000000A0021000019B4C529E312D101000000000000000002000000280000000000000080000040000000000000000000000000000000000FBA9600000000000100000001000000 "E:\TEMP\7319a876-708b-477f-836c-1c5d2e7f1a58\setup.exe"=0x534143500100000000000000070000002800000038720600E113070001000000000000000000000A0021000019B4C529E312D101000000000000000002000000280000000000000080000040000000000000000000000000000000009E788300000000000100000001000000 "C:\ProgramData\NVIDIA Corporation\Downloader\latest\setup.exe"=0x534143500100000000000000070000002800000038720600C458070001000000000000000000000A0021000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000AE9C0000000000000100000001000000 "C:\Users\David\AppData\Local\Microsoft\OneDrive\17.3.6674.1021\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C86A03003FEB030001000000000000000000000A0021000019B4C529E312D1010000000100000000 "E:\TEMP\628d0a9e-fad2-477f-9533-e73ab5bea837\setup.exe"=0x5341435001000000000000000700000028000000C06B0600CA11070001000000000000000000000A00210000A47A1198672ED20100000000000000000200000028000000000000008000004000000000000000000000000000000000B28D4000000000000100000001000000 "C:\Users\David\AppData\Local\Microsoft\OneDrive\17.3.6705.1122\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D87E03000008040001000000000000000000000A00210000A47A1198672ED2010000000100000000 "C:\Users\David\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000E07E03004B44040001000000000000000000000A00210000A47A1198672ED2010000000100000000 "C:\Users\David\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D87E030025C1030001000000000000000000000A00210000A47A1198672ED2010000000100000000 "C:\Users\David\AppData\Local\Microsoft\OneDrive\17.3.6764.0111\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000E07E0300F3A9030001000000000000000000000A00210000A47A1198672ED2010000000100000000 "E:\TEMP\ffbedf12-5914-4d32-9bba-93f8568ed3e8\setup.exe"=0x534143500100000000000000070000002800000038780600F5F6060001000000000000000000000A00210000A47A1198672ED2010000000000000000020000002800000000000000800000400000000000000000000000000000000084B80300000000000100000001000000 "C:\Users\David\AppData\Local\Microsoft\OneDrive\17.3.6798.0207\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D88003007F30040001000000000000000000000A00210000A47A1198672ED2010000000100000000 "E:\TEMP\fb2a1094-3f9a-466f-a55d-e3684d020eee\setup.exe"=0x5341435001000000000000000700000028000000387806001026070001000000000000000000000A00210000A47A1198672ED2010000000000000000020000002800000000000000800000400000000000000000000000000000000028C80200000000000100000001000000 "C:\ProgramData\NVIDIA Corporation\Downloader\0cfd1195e705a478237a4db99f7ce77c\GeForce_Experience_Update_v3.4.0.70.exe"=0x5341435001000000000000000700000028000000C848BC04E73EBD0401000000000000000000020600010000A47A1198672ED2010000008000000000020000002800000000000000000000400000000000000000000000000000000085A00000000000000100000001000000 "C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe"=0x5341435001000000000000000700000028000000C0EB0B0096020C0001000000000000000000000A71200000A47A1198672ED201000000000000000002000000280000000000000080000000000000000000000000000000000000007D000000000000000100000001000000 "C:\Program Files\NVIDIA Corporation\Display\nvtray.exe"=0x5341435001000000000000000700000028000000387C25006167260001000000000000000000000A732200008D6EE477682ED20100000000000000000200000028000000000000000000000000000000000000000000000000000000CCAE3F00000000000100000001000000 "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe"=0x5341435001000000000000000700000028000000C031160086C6160001000000000000000000000A00210000A47A1198672ED2010000000000000000 "C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe"=0x5341435001000000000000000700000028000000E84531004460310001000000000000000000000A00210000A47A1198672ED20100000000000000000200000028000000000000008000000000000000000000000000000000000000AEF6CA00000000001900000019000000 "C:\Users\David\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D88203009CF3030001000000000000000000000A00210000A47A1198672ED2010000000100000000 "C:\Users\David\AppData\Local\Microsoft\OneDrive\17.3.6915.0529\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D09A03001AF7030001000000000000000000000A71200000A47A1198672ED2010000000100000000 "E:\Telechargements\TeamSpeak3-Client-win32-3.0.16.exe"=0x5341435001000000000000000700000028000000C801AD01DC0BAD0101000000000000000000010600010000A47A1198672ED201000000000000000002000000280000000000000000000040000000000000000000000000000000008A170100000000000100000001000000 "C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe"=0x534143500100000000000000070000002800000018FB9600F0F5970001000000000000000000000A71220000A47A1198672ED2010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000022FFAE00000000000700000007000000 "C:\Users\David\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D09A0300AA58040001000000000000000000000A71200000A47A1198672ED2010000000100000000 "C:\Windows\System32\UNPUXWorker.exe"=0x534143500100000000000000070000002800000060570100D7A3010001000000000000000000000A732200008D6EE477682ED2010000000000000000020000002800000000000000000000400000000000000000000000000000000010000000000000000200000002000000 "C:\Users\David\AppData\Local\Microsoft\OneDrive\17.3.6943.0625\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D0960300F48A040001000000000000000000000A71200000A47A1198672ED2010000000100000000 "C:\Users\David\AppData\Local\Microsoft\OneDrive\17.3.6963.0807\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D0B003006835040001000000000000000000000A71200000A47A1198672ED2010000000100000000 "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"=0x534143500100000000000000070000002800000058DD1300AC8C140001000000000000000000000A002100008D6EE477682ED2010000000100000000 "E:\Telechargements\avast_free_antivirus_setup_online_a1h.exe"=0x534143500100000000000000070000002800000030076A00737E6A0001000000000000000000000A00210000A47A1198672ED20100000000000000000200000028000000000000000000004000000000000000000000000000000000E3940200000000000100000001000000 "C:\Program Files\AVAST Software\Avast\avastui.exe"=0x534143500100000000000000070000002800000048718B00B9388C0001000000000000000000000A00210000A47A1198672ED2010000000000000000 "C:\Users\David\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"=0x5341435001000000000000000700000028000000D01C78014489780101000000000000000000000A00210000A47A1198672ED2010000000100000000 "C:\Users\David\AppData\Local\Microsoft\OneDrive\17.3.6966.0824\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D0B00300CDA9040001000000000000000000000A71200000A47A1198672ED2010000000100000000 "E:\Telechargements\Windows10cu1703.exe"=0x5341435001000000000000000700000028000000906E64003FB4640001000000000000000000000A00210000A47A1198672ED20100000000000000000200000028000000000000000000004000000000000000000000000000000000ABCA4A00000000000100000001000000 "C:\Users\David\AppData\Local\F-Secure\stubdl\F-SecureOnlineScanner.exe"=0x534143500100000000000000070000002800000098C56400A465650001000000000000000000000A00210000A47A1198672ED2010000000000000000020000002800000000000000000000000000000000000000000000000000000077580200000000000100000001000000 "E:\Telechargements\MediaCreationTool.exe"=0x5341435001000000000000000700000028000000101E18017809190101000000000000000000000A00210000A47A1198672ED2010000000000000000020000002800000000000000000000400000000000000000000000000000000052E20D00000000000100000001000000 "C:\Windows10Upgrade\Windows10UpgraderApp.exe"=0x5341435001000000000000000700000028000000C81C13001CD4130001000000000000000000000A71220000A47A1198672ED201000000000000000002000000280000000000000000000040000000000000000000000000000000009A440000000000000100000001000000 "E:\Telechargements\MediaCreationTool (1).exe"=0x5341435001000000000000000700000028000000101E18017809190101000000000000000000000A00210000A47A1198672ED2010000000000000000 "C:\Program Files\AVAST Software\Avast\setup\instup.exe"=0x5341435001000000000000000700000028000000200714000000000001000000000000000000000A00210000A47A1198672ED2010000000000000000020000002800000000000000000000400000000000000000000000000000000020750000000000000100000001000000 "E:\Games\Attack on Titan\unins000.exe"=0x5341435001000000000000000700000028000000712117000000000001000000000000000000010600010000A47A1198672ED201000000000000000002000000280000000000000000000040000200000000000000000000000000002B130000000000000100000001000000 "C:\Program Files (x86)\InstallShield Installation Information\{C1F96C92-7B8C-485F-A9CD-37A0708A2A60}\setup.exe"=0x5341435001000000000000000700000028000000002E12000000000001000000000000000000000A00210000A47A1198672ED20100000000000000000200000028000000000000000000004000000000000000000000000000000000F7660000000000000100000001000000 "E:\Programmes\DAEMON Tools Lite\uninst.exe"=0x5341435001000000000000000700000028000000A0422900D73B2A0001000000000000000000010600010000A47A1198672ED2010000000000000000 "E:\Games\Tales from the Borderlands Episode 5\unins000.exe"=0x5341435001000000000000000700000028000000712518000000000001000000000000000000010600010000A47A1198672ED2010000000000000000020000002800000000000000000000400002000000000000000000000000000041170000000000000100000001000000 "E:\Telechargements\ZHPDiag3.exe"=0x5341435001000000000000000700000028000000801B2B00163C2B0001000000000000000000030600010000A47A1198672ED20100000000000000000200000028000000000000000000004000000000000000000000000000000000213A0200000000000100000001000000 "E:\Telechargements\QuickDiag.exe"=0x5341435001000000000000000700000028000000A83547001933480001000000000000000000000A00210000A47A1198672ED2010000000000000000 ---------- | IFEO ---------- | Mountpoints2 ---------- | Windows [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] ""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "Beep"=#USR:Control Panel\Sound "CoolSwitch"=USR:Control Panel\Desktop "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickSpeed"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse "Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SwapMouseButtons"=#USR:Control Panel\Mouse "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "Beep"=#USR:Control Panel\Sound "CoolSwitch"=USR:Control Panel\Desktop "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickSpeed"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SwapMouseButtons"=#USR:Control Panel\Mouse "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems] "windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ---------- | Security center [HKLM\SOFTWARE\Microsoft\Security Center] "cval"=1 [HKLM\SOFTWARE\Microsoft\Security Center\svc] "VistaSp1"=131016458972864712 [HKLM\SOFTWARE\Microsoft\Windows Defender] "ProductAppDataPath"=C:\ProgramData\Microsoft\Windows Defender "ProductIcon"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-100 "ProductLocalizedName"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-1000 "RemediationExe"=%ProgramFiles%\Windows Defender\MSASCui.exe "ProductType"=2 "InstallTime"=0xF91C432FC676D101 "ManagedDefenderProductType"=0 "ProductStatus"=0 "OOBEInstallTime"=0x14E5FD7AFF75D101 "OneTimeSqmDataSent"=1 "DisableAntiSpyware"=0 "DisableAntiVirus"=0 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall"=1 ---------- | Safeboot [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicDisplay.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicRender.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BrokerInfrastructure] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DeviceInstall] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dxgkrnl.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FsDepends.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LSM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SystemEventsBroker] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicDisplay.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicRender.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BrokerInfrastructure] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DeviceInstall] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dxgkrnl.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\FsDepends.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LSM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmartcardSimulator] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SpbCx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SystemEventsBroker] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TileDataModelSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\uefi.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VirtualSmartcardReader] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wcmsvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}] ---------- | Winsock (Whitelist) ---------- | Hosts ---------- | Ping Envoi d'une requ?te 'ping' sur google.com [2a00:1450:4007:814::200e] avec 32 octets de donn?es?: R?ponse de 2a00:1450:4007:814::200e?: temps=11 ms R?ponse de 2a00:1450:4007:814::200e?: temps=12 ms R?ponse de 2a00:1450:4007:814::200e?: temps=13 ms R?ponse de 2a00:1450:4007:814::200e?: temps=12 ms Statistiques Ping pour 2a00:1450:4007:814::200e: Paquets?: envoy?s = 4, re?us = 4, perdus = 0 (perte 0%), Dur?e approximative des boucles en millisecondes : Minimum = 11ms, Maximum = 13ms, Moyenne = 12ms ---------- | @ [HKU\S-1-5-21-3509389351-3950065392-2608423712-1001\Software\Microsoft\Internet Explorer\Main] "Anchor Underline"=yes "Cache_Update_Frequency"=yes "Disable Script Debugger"=yes "DisableScriptDebuggerIE"=yes "Display Inline Images"=yes "Do404Search"=0x01000000 "Local Page"=%11%\blank.htm "Save_Session_History_On_Exit"=no "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Show_FullURL"=no "Show_StatusBar"=yes "Show_ToolBar"=yes "Show_URLinStatusBar"=yes "Show_URLToolBar"=yes "Use_DlgBox_Colors"=yes "UseClearType"=no "XMLHTTP"=1 "Enable Browser Extensions"=yes "Play_Background_Sounds"=yes "Play_Animations"=yes "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "ApplicationTileImmersiveActivation"=0 "AssociationActivationMode"=2 "OperationalData"=0 "EdgeSwitchingOSBuildNumber"=10586.th2_release_sec.160223-1728 "ImageStoreRandomFolder"=3zpx1xp [HKU\S-1-5-21-3509389351-3950065392-2608423712-1001\Software\Microsoft\Windows\CurrentVersion\Internet settings] "DisableCachingOfSSLPages"=0 "IE5_UA_Backup_Flag"=5.0 "PrivacyAdvanced"=1 "SecureProtocols"=2688 "User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32) "CertificateRevocation"=1 "ZonesSecurityUpgrade"=0x9ED108215E17D301 "WarnonZoneCrossing"=0 "EnableNegotiate"=1 "MigrateProxy"=1 "ProxyEnable"=0 [HKLM\Software\Microsoft\Internet Explorer\Main] "Anchor_Visitation_Horizon"=0x01000000 "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "AutoHide"=yes "Cache_Percent_of_Disk"=0x0A000000 "Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Secondary_Page_URL"= "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "Extensions Off Page"=about:NoAdd-ons "Local Page"=C:\Windows\System32\blank.htm "Placeholder_Height"=0x1A000000 "Placeholder_Width"=0x1A000000 "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Security Risk Page"=about:SecurityRisk "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Use_Async_DNS"=yes "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [HKLM\Software\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "Home"=270 "InPrivate"=res://ieframe.dll/inprivate.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "PostNotCached"=res://ieframe.dll/repost.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes] "ftp"=ftp:// "home"=http:// "mosaic"=http:// "www"=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings] "ActiveXCache"=C:\Windows\Downloaded Program Files "CodeBaseSearchPath"=CODEBASE "EnablePunycode"=1 "MinorVersion"=0 "WarnOnIntranet"=1 [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Main] "Anchor_Visitation_Horizon"=0x01000000 "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "AutoHide"=yes "Cache_Percent_of_Disk"=0x0A000000 "Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Secondary_Page_URL"= "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "Extensions Off Page"=about:NoAdd-ons "Local Page"=C:\Windows\SysWOW64\blank.htm "Placeholder_Height"=0x1A000000 "Placeholder_Width"=0x1A000000 "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Security Risk Page"=about:SecurityRisk "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Use_Async_DNS"=yes "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "Home"=270 "InPrivate"=res://ieframe.dll/inprivate.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "PostNotCached"=res://ieframe.dll/repost.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes] "ftp"=ftp:// "home"=http:// "mosaic"=http:// "www"=http:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet settings] "ActiveXCache"=C:\Windows\Downloaded Program Files "CodeBaseSearchPath"=CODEBASE "EnablePunycode"=1 "MinorVersion"=0 "WarnOnIntranet"=1 ---------- | Proxy [HKLM\System\CurrentControlSet\Services\NLASVC\Parameters\Internet\Manualproxies] ---------- | reparsepoint ---------- | Detection of offsets ---------- | Notify ---------- | Execution FileExts ---------- | SIOI | SEH | URLSH [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw] - {472083B0-C522-11CF-8763-00608CC02F24} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} -- C:\Windows\System32\EhStorShell.dll [30/10/2015 09:19:26] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} -- [HKU\S-1-5-21-3509389351-3950065392-2608423712-1001\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks] "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"= ---------- | Toolbar [HKU\S-1-5-21-3509389351-3950065392-2608423712-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "Locked"=1 [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} ---------- | Extensions ---------- | SearchScopes [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : ---------- | Browser Helper Objects ---------- | Chrome C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\extensions\gighmmpiobklfepjocnamgkkbiglidom = : __MSG_description__ - short_name: __MSG_name__ - permissions:[tabs\u003Call_urls>contextMenuswebRequestwebRequestBlockingwebNavigationstorageunlimitedStoragenotificationsidlealarms] - https://clients2.google.com/service/update2/crx C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\extensions\nmmhkkegccagdldgiimedpiccmgmieda = : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm = : Provider for discovery and services for mirroring of Chrome Media Router - Chrome Media Router - 919648714761-55j965o0km033psv3i9qls5mo3qtdrb0.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx ---------- | Opera ---------- | Firefox [HKLM\Software\WOW6432Node\MozillaPlugins\@nvidia.com/3DVision] - (NVIDIA stereo images plugin for Mozilla browsers) : C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming] - (NVIDIA 3D Vision Streaming plugin for Mozilla browsers) : C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll ---------- | DNS [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters] "DhcpNameServer"=192.168.1.1 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{7c4257b3-83e9-4e4a-88a6-7e1f533e3d6c}] "DhcpNameServer"=192.168.1.1 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{7c4257b3-83e9-4e4a-88a6-7e1f533e3d6c}] "DhcpNameServer"=192.168.1.1 ---------- | Applications [HKU\S-1-5-21-3509389351-3950065392-2608423712-1001\SOFTWARE\Classes\Applications\uTorrent.exe] : "E:\Programmes\utorrent\uTorrent.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\iexplore.exe" %1 [HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\Classes\Applications\provtool.exe] : "%SystemRoot%\System32\provtool.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\iexplore.exe" %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\provtool.exe] : "%SystemRoot%\System32\provtool.exe" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" ---------- | SvcHost (Whitelist) [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost] "DcomLaunch"=Power LSM BrokerInfrastructure PlugPlay DcomLaunch SystemEventsBroker DeviceInstall [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost] "DcomLaunch"=PlugPlay DcomLaunch DeviceInstall ---------- | SvcHost - Netsvcs (Whitelist) ---------- | Software [HKU\S-1-5-21-3509389351-3950065392-2608423712-1001\Software\Acronis] [HKU\S-1-5-21-3509389351-3950065392-2608423712-1001\Software\AppDataLow] [HKU\S-1-5-21-3509389351-3950065392-2608423712-1001\Software\ASUS] [HKU\S-1-5-21-3509389351-3950065392-2608423712-1001\Software\BitTorrent] [HKU\S-1-5-21-3509389351-3950065392-2608423712-1001\Software\Blizzard Entertainment] [HKU\S-1-5-21-3509389351-3950065392-2608423712-1001\Software\Chromium] [HKU\S-1-5-21-3509389351-3950065392-2608423712-1001\Software\Disc Soft] [HKU\S-1-5-21-3509389351-3950065392-2608423712-1001\Software\g3n-h@ckm@n] [HKU\S-1-5-21-3509389351-3950065392-2608423712-1001\Software\Google] [HKU\S-1-5-21-3509389351-3950065392-2608423712-1001\Software\KoeiTecmo] [HKU\S-1-5-21-3509389351-3950065392-2608423712-1001\Software\Logitech] [HKU\S-1-5-21-3509389351-3950065392-2608423712-1001\Software\Macromedia] [HKU\S-1-5-21-3509389351-3950065392-2608423712-1001\Software\Microsoft] [HKU\S-1-5-21-3509389351-3950065392-2608423712-1001\Software\MozillaPlugins] [HKU\S-1-5-21-3509389351-3950065392-2608423712-1001\Software\MSI] [HKU\S-1-5-21-3509389351-3950065392-2608423712-1001\Software\Mumble] [HKU\S-1-5-21-3509389351-3950065392-2608423712-1001\Software\NVIDIA Corporation] [HKU\S-1-5-21-3509389351-3950065392-2608423712-1001\Software\Policies] [HKU\S-1-5-21-3509389351-3950065392-2608423712-1001\Software\Realtek] [HKU\S-1-5-21-3509389351-3950065392-2608423712-1001\Software\RegisteredApplications] [HKU\S-1-5-21-3509389351-3950065392-2608423712-1001\Software\sysinternals] [HKU\S-1-5-21-3509389351-3950065392-2608423712-1001\Software\TeamSpeak 3 Client] [HKU\S-1-5-21-3509389351-3950065392-2608423712-1001\Software\Trolltech] [HKU\S-1-5-21-3509389351-3950065392-2608423712-1001\Software\Valve] [HKU\S-1-5-21-3509389351-3950065392-2608423712-1001\Software\WinRAR] [HKU\S-1-5-21-3509389351-3950065392-2608423712-1001\Software\WinRAR SFX] [HKU\S-1-5-21-3509389351-3950065392-2608423712-1001\Software\Wow6432Node] [HKU\S-1-5-21-3509389351-3950065392-2608423712-1001\Software\ZHP] [HKU\S-1-5-21-3509389351-3950065392-2608423712-1001\SOFTWARE\AppDataLow\Software\Microsoft] [HKU\S-1-5-21-3509389351-3950065392-2608423712-1001\Software\Microsoft\Windows\CurrentVersion] [HKU\S-1-5-21-3509389351-3950065392-2608423712-1001\Software\Microsoft\Windows\DWM] [HKU\S-1-5-21-3509389351-3950065392-2608423712-1001\Software\Microsoft\Windows\Roaming] [HKU\S-1-5-21-3509389351-3950065392-2608423712-1001\Software\Microsoft\Windows\Shell] [HKU\S-1-5-21-3509389351-3950065392-2608423712-1001\Software\Microsoft\Windows\TabletPC] [HKU\S-1-5-21-3509389351-3950065392-2608423712-1001\Software\Microsoft\Windows\Windows Error Reporting] [HKU\S-1-5-21-3509389351-3950065392-2608423712-1001\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\AGEIA Technologies] [HKLM\Software\Alienware] [HKLM\Software\Apple Inc.] [HKLM\Software\Clients] [HKLM\Software\Disc Soft] [HKLM\Software\g3n-h@ckm@n] [HKLM\Software\Intel] [HKLM\Software\Khronos] [HKLM\Software\Logitech] [HKLM\Software\Macromedia] [HKLM\Software\MCCI] [HKLM\Software\Micron] [HKLM\Software\Microsoft] [HKLM\Software\Nahimic] [HKLM\Software\Nuance] [HKLM\Software\NVIDIA Corporation] [HKLM\Software\ODBC] [HKLM\Software\OEM] [HKLM\Software\Partner] [HKLM\Software\Policies] [HKLM\Software\Realtek] [HKLM\Software\RegisteredApplications] [HKLM\Software\SRS Labs] [HKLM\Software\sysinternals] [HKLM\Software\WinRAR] [HKLM\Software\WOW6432Node] [HKLM\Software\Microsoft\Windows\ClickNote] [HKLM\Software\Microsoft\Windows\Configuration] [HKLM\Software\Microsoft\Windows\CurrentVersion] [HKLM\Software\Microsoft\Windows\DWM] [HKLM\Software\Microsoft\Windows\EnterpriseResourceManager] [HKLM\Software\Microsoft\Windows\HTML Help] [HKLM\Software\Microsoft\Windows\ITStorage] [HKLM\Software\Microsoft\Windows\ScheduledDiagnostics] [HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\Microsoft\Windows\Shell] [HKLM\Software\Microsoft\Windows\Tablet PC] [HKLM\Software\Microsoft\Windows\TabletPC] [HKLM\Software\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\Microsoft\Windows\Windows Search] [HKLM\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ICService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\print] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\UnistackSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wcssvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\WepHostSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wsappx] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wswpnservice] [HKLM\Software\WOW6432Node\Acronis] [HKLM\Software\WOW6432Node\AGEIA Technologies] [HKLM\Software\WOW6432Node\ASUS] [HKLM\Software\WOW6432Node\AVAST Software] [HKLM\Software\WOW6432Node\Blizzard Entertainment] [HKLM\Software\WOW6432Node\Data Fellows] [HKLM\Software\WOW6432Node\F-Secure] [HKLM\Software\WOW6432Node\Google] [HKLM\Software\WOW6432Node\Intel] [HKLM\Software\WOW6432Node\Khronos] [HKLM\Software\WOW6432Node\Macromedia] [HKLM\Software\WOW6432Node\Microsoft] [HKLM\Software\WOW6432Node\MozillaPlugins] [HKLM\Software\WOW6432Node\MSI] [HKLM\Software\WOW6432Node\Nuance] [HKLM\Software\WOW6432Node\NVIDIA Corporation] [HKLM\Software\WOW6432Node\ODBC] [HKLM\Software\WOW6432Node\Overwolf] [HKLM\Software\WOW6432Node\Realtek] [HKLM\Software\WOW6432Node\Realtek Semiconductor Corp.] [HKLM\Software\WOW6432Node\TeamSpeak 3 Client] [HKLM\Software\WOW6432Node\Valve] [HKLM\Software\WOW6432Node\Clients] [HKLM\Software\WOW6432Node\Policies] [HKLM\Software\WOW6432Node\RegisteredApplications] [HKLM\Software\WOW6432Node\Microsoft\Windows\ClickNote] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows\HTML Help] [HKLM\Software\WOW6432Node\Microsoft\Windows\ITStorage] [HKLM\Software\WOW6432Node\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\WOW6432Node\Microsoft\Windows\Tablet PC] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Search] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\wcssvc] ---------- | Drives E: ---------- | C: [28/08/2017 14:38:47] - |HD| - [5820122414] - C:\$GetCurrent [30/10/2015 09:24:24] - |SHD| - [850630472] - C:\$Recycle.Bin [28/08/2017 19:03:36] - |HD| - [63862269] - C:\$WINDOWS.~BT [28/08/2017 18:10:38] - |HD| - [530716] - C:\$Windows.~WS [30/03/2016 18:26:04] - |RSHD| - [78089104] - C:\acroldr [MD5.2B5AB42E04B1B91DE2807FFFDB266B9C] - [04/03/2016 13:19:27] - |A| - (.-.) - [206] - (0.0.0.0) - C:\audio.log [MD5.0DBACCF6F62484244F6A48B7584019A8] - [30/10/2015 10:13:43] - |RASH| - (.-.) - [400228] - (0.0.0.0) - C:\bootmgr [MD5.93B885ADFE0DA089CDF634904FD59F71] - [30/10/2015 10:13:44] - |ASH| - (.-.) - [1] - (0.0.0.0) - C:\BOOTNXT [05/03/2016 12:02:40] - |SHD| - [0] - C:\Documents and Settings [MD5.99914B932BD37A50B983C5E7C90AE93B] - [13/09/2016 11:14:59] - |A| - (.-.) - [2] - (0.0.0.0) - C:\END [28/08/2017 16:09:44] - |D| - [3641253318] - C:\ESD [MD5.D41D8CD98F00B204E9800998ECF8427E] - [05/03/2016 12:02:21] - |ASH| - (.-.) - [6836236288] - (0.0.0.0) - C:\hiberfil.sys [MD5.D41D8CD98F00B204E9800998ECF8427E] - [05/03/2016 11:59:51] - |ASH| - (.-.) - [2550136832] - (0.0.0.0) - C:\pagefile.sys [30/10/2015 09:24:24] - |D| - [0] - C:\PerfLogs [30/10/2015 08:28:30] - |RD| - [6827224010] - C:\Program Files [30/10/2015 08:28:30] - |RD| - [75159043390] - C:\Program Files (x86) [30/10/2015 09:24:24] - |HD| - [5171186524] - C:\ProgramData [29/08/2017 16:28:11] - |D| - [262051] - C:\QuickDiag [MD5.5E89BDDEA6F79551A9779E370527BEF1] - [29/08/2017 16:28:16] - |A| - (.-.) - [140420] - (0.0.0.0) - C:\QuickDiag.txt [05/03/2016 12:02:37] - |SHD| - [0] - C:\Recovery [MD5.D41D8CD98F00B204E9800998ECF8427E] - [05/03/2016 11:59:51] - |ASH| - (.-.) - [16777216] - (0.0.0.0) - C:\swapfile.sys [05/03/2016 11:59:50] - |SHD| - [0] - C:\System Volume Information [30/10/2015 08:28:30] - |RD| - [7080046931] - C:\Users [30/10/2015 08:28:30] - |D| - [26453267680] - C:\Windows [28/08/2017 14:34:56] - |D| - [20745744] - C:\Windows10Upgrade ---------- | C:\Windows [30/10/2015 09:24:24] - |D| - [802] - C:\Windows\addins [30/10/2015 09:24:24] - |D| - [11601187] - C:\Windows\appcompat [30/10/2015 09:24:24] - |D| - [12360982] - C:\Windows\AppPatch [30/10/2015 09:24:24] - |D| - [0] - C:\Windows\AppReadiness [MD5.3398B40E682AB04C153881F56E80E6E6] - [04/03/2016 13:17:30] - |A| - (.-.) - [676] - (0.0.0.0) - C:\Windows\Ascd_ProcessLog.ini [MD5.72DCE7C1ECD01A69CFA2E747EFC3A1C7] - [04/03/2016 13:17:23] - |A| - (.-.) - [38404] - (0.0.0.0) - C:\Windows\Ascd_tmp.ini [30/10/2015 09:24:24] - |RSD| - [751278199] - C:\Windows\assembly [30/10/2015 09:24:24] - |D| - [241412] - C:\Windows\bcastdvr [MD5.DE3C720C11A91557E1DFDFF0DB2AA3C2] - [30/10/2015 09:17:47] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Utilitaire de service de fichier de démarrage.) - [61952] - (10.0.10586.0) - C:\Windows\bfsvc.exe [30/10/2015 09:24:24] - |D| - [32730788] - C:\Windows\Boot [MD5.E896265399972206598A381221AF32BD] - [05/03/2016 12:00:23] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\Windows\bootstat.dat [30/10/2015 09:24:24] - |D| - [2380376] - C:\Windows\Branding [30/10/2015 09:11:39] - |D| - [0] - C:\Windows\CbsTemp [MD5.C6E817E5FC4E3C3FC6501121ADB250E7] - [28/09/2016 17:22:32] - |A| - (.-.) - [23485] - (0.0.0.0) - C:\Windows\comsetup.log [MD5.F59060E298148DE24DEBB3E8321C4407] - [30/10/2015 21:03:30] - |A| - (.-.) - [31816] - (0.0.0.0) - C:\Windows\Core.xml [30/10/2015 09:24:24] - |D| - [8970858] - C:\Windows\Cursors [30/10/2015 09:24:24] - |D| - [140122] - C:\Windows\debug [30/10/2015 09:24:24] - |RD| - [20934] - C:\Windows\DesktopTileResources [30/10/2015 09:24:24] - |RD| - [3032320] - C:\Windows\DevicesFlow [MD5.D1E75542EC8D1B4851765A57AC63618E] - [28/09/2016 17:22:23] - |A| - (.-.) - [1908] - (0.0.0.0) - C:\Windows\diagerr.xml [30/10/2015 09:24:24] - |D| - [4217368] - C:\Windows\diagnostics [MD5.D1E75542EC8D1B4851765A57AC63618E] - [28/09/2016 17:22:23] - |A| - (.-.) - [1908] - (0.0.0.0) - C:\Windows\diagwrn.xml [30/10/2015 21:00:07] - |D| - [0] - C:\Windows\DigitalLocker [MD5.70E333FE266E462852AA616392AAE975] - [28/08/2016 23:06:57] - |A| - (.-.) - [9021] - (0.0.0.0) - C:\Windows\DirectX.log [30/10/2015 09:24:24] - |SD| - [65] - C:\Windows\Downloaded Program Files [MD5.E2461F89C92751E479066EC50660D95B] - [30/10/2015 09:25:57] - |A| - (.-.) - [12400] - (0.0.0.0) - C:\Windows\DtcInstall.log [30/10/2015 09:24:24] - |HD| - [44568] - C:\Windows\ELAMBKUP [30/10/2015 21:00:07] - |D| - [0] - C:\Windows\en-US [MD5.FBE9252AEC157F10485A88E3EF77F9C4] - [15/03/2017 00:08:51] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [4516800] - (10.0.10586.839) - C:\Windows\explorer.exe [30/10/2015 09:24:24] - |RSD| - [353712302] - C:\Windows\Fonts [30/10/2015 21:00:07] - |D| - [134144] - C:\Windows\fr-FR [30/10/2015 09:24:24] - |D| - [20843631] - C:\Windows\Globalization [30/10/2015 09:24:24] - |D| - [72009265] - C:\Windows\Help [MD5.155D58C372FCA4929BCB663D2DD03A5F] - [17/06/2017 00:08:41] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Aide et support Microsoft.) - [995840] - (10.0.10586.962) - C:\Windows\HelpPane.exe [MD5.C7228F24B9130C64DCF4C390A04A775C] - [30/10/2015 09:17:54] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Exécutable de l’aide HTML Microsoft®.) - [18432] - (10.0.10586.0) - C:\Windows\hh.exe [30/10/2015 09:24:24] - |D| - [173194846] - C:\Windows\IME [30/10/2015 09:24:24] - |RD| - [6839829] - C:\Windows\ImmersiveControlPanel [30/10/2015 09:21:47] - |D| - [95474576] - C:\Windows\INF [30/10/2015 09:24:24] - |D| - [931024796] - C:\Windows\InfusedApps [30/10/2015 09:24:24] - |D| - [36258450] - C:\Windows\InputMethod [30/10/2015 09:24:24] - |SHD| - [39197794] - C:\Windows\Installer [30/10/2015 09:24:24] - |D| - [89407] - C:\Windows\L2Schemas [30/10/2015 09:24:24] - |D| - [4604277] - C:\Windows\LiveKernelReports [MD5.F43CC6CC9DBA73AA771CFD8536E70CC1] - [03/06/2016 23:18:07] - |A| - (.-.) - [776] - (0.0.0.0) - C:\Windows\LkmdfCoInst.log [30/10/2015 08:31:03] - |D| - [52501491] - C:\Windows\Logs [MD5.964C1E76589BF4C6712D4A61DFD84F44] - [05/03/2016 12:00:01] - |A| - (.-.) - [1344] - (0.0.0.0) - C:\Windows\lsasetup.log [30/10/2015 09:24:24] - |RSD| - [20145669] - C:\Windows\Media [MD5.23AF90D2355D8C83AA4567EF1763B467] - [30/10/2015 09:17:40] - |A| - (.-.) - [43131] - (0.0.0.0) - C:\Windows\mib.bin [30/10/2015 09:24:24] - |D| - [782268616] - C:\Windows\Microsoft.NET [30/10/2015 09:24:24] - |D| - [2371] - C:\Windows\Migration [30/10/2015 09:24:24] - |RD| - [470257] - C:\Windows\MiracastView [30/10/2015 09:24:24] - |D| - [0] - C:\Windows\ModemLogs [MD5.60336413E419C2EA5E215F1A32061E40] - [30/10/2015 09:19:28] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Bloc-notes.) - [244736] - (10.0.10586.0) - C:\Windows\notepad.exe [MD5.74F28574BB8F61FFC7DD419FE6B6E0D5] - [15/09/2016 17:10:00] - |A| - (.-.) - [1951] - (0.0.0.0) - C:\Windows\NvContainerRecovery.bat [MD5.74F28574BB8F61FFC7DD419FE6B6E0D5] - [10/02/2017 18:40:13] - |A| - (.-.) - [1951] - (0.0.0.0) - C:\Windows\NvTelemetryContainerRecovery.bat [30/10/2015 21:00:47] - |D| - [199124] - C:\Windows\OCR [30/10/2015 09:24:24] - |RD| - [65] - C:\Windows\Offline Web Pages [05/03/2016 11:59:17] - |D| - [35503940] - C:\Windows\Panther [30/10/2015 09:24:24] - |D| - [29429976] - C:\Windows\Performance [MD5.CF0D1FDB91A14B4B03CA9B9FDAA0A54E] - [04/03/2016 13:24:04] - |A| - (.-.) - [461382] - (0.0.0.0) - C:\Windows\PFRO.log [30/10/2015 09:24:24] - |D| - [1136442] - C:\Windows\PLA [30/10/2015 09:24:24] - |D| - [2566448] - C:\Windows\PolicyDefinitions [05/03/2016 12:00:26] - |D| - [26471682] - C:\Windows\Prefetch [30/10/2015 09:24:24] - |RD| - [1963312] - C:\Windows\PrintDialog [MD5.09394999ADB19901C665454EE964B13C] - [28/08/2017 14:39:00] - |A| - (.-.) - [36] - (0.0.0.0) - C:\Windows\progress.ini [30/10/2015 09:24:24] - |D| - [1298700] - C:\Windows\Provisioning [30/10/2015 09:24:24] - |RD| - [770223] - C:\Windows\PurchaseDialog [MD5.D9D56AFAA121BD6B4206F7FF3DA84BBA] - [30/10/2015 09:17:48] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Éditeur du Registre.) - [320512] - (10.0.10586.0) - C:\Windows\regedit.exe [30/10/2015 09:24:24] - |D| - [1071164] - C:\Windows\Registration [30/10/2015 09:24:24] - |D| - [7113061] - C:\Windows\rescache [30/10/2015 09:24:24] - |D| - [3728995] - C:\Windows\Resources [MD5.A444609BA3B1DD9C1E9C7934BBB40350] - [04/03/2016 13:19:27] - |R| - (.Copyright (C) 2015 Realtek Semiconductor Corp. - RtlExUpd DLL for setup utility function.) - [2825944] - (1.0.6.4) - C:\Windows\RtlExUpd.dll [30/10/2015 09:24:24] - |D| - [0] - C:\Windows\SchCache [30/10/2015 09:24:24] - |D| - [121229] - C:\Windows\schemas [30/10/2015 09:24:24] - |D| - [1114338] - C:\Windows\security [30/10/2015 21:07:12] - |D| - [38856976] - C:\Windows\ServiceProfiles [30/10/2015 08:28:30] - |D| - [245219192] - C:\Windows\servicing [30/10/2015 09:26:37] - |D| - [42] - C:\Windows\Setup [MD5.C284A527B182EA7EE2307D87479F5DD3] - [05/03/2016 12:00:19] - |A| - (.-.) - [2406] - (0.0.0.0) - C:\Windows\setupact.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - [05/03/2016 12:00:19] - |A| - (.-.) - [0] - (0.0.0.0) - C:\Windows\setuperr.log [30/10/2015 21:00:30] - |D| - [3070736] - C:\Windows\SKB [05/03/2016 12:03:55] - |D| - [4752272804] - C:\Windows\SoftwareDistribution [30/10/2015 09:24:24] - |D| - [103543755] - C:\Windows\Speech [30/10/2015 09:24:24] - |D| - [50814701] - C:\Windows\Speech_OneCore [MD5.3BB80AF91D069F97006DCCC031164903] - [30/10/2015 09:18:09] - |A| - (.© Microsoft Corporation. - Print driver host for applications.) - [128000] - (10.0.10586.0) - C:\Windows\splwow64.exe [30/10/2015 09:24:24] - |D| - [31039] - C:\Windows\System [MD5.286A9EDB379DC3423A528B0864A0F111] - [30/10/2015 09:24:29] - |A| - (.-.) - [219] - (0.0.0.0) - C:\Windows\system.ini [30/10/2015 08:28:30] - |D| - [9179173014] - C:\Windows\System32 [30/10/2015 09:24:25] - |D| - [155463891] - C:\Windows\SystemApps [30/10/2015 09:24:25] - |D| - [18239877] - C:\Windows\SystemResources [30/10/2015 08:28:37] - |D| - [1438125609] - C:\Windows\SysWOW64 [30/10/2015 09:24:25] - |D| - [0] - C:\Windows\TAPI [30/10/2015 09:24:25] - |D| - [6] - C:\Windows\Tasks [30/10/2015 09:24:25] - |D| - [6093815] - C:\Windows\Temp [30/10/2015 09:24:25] - |D| - [0] - C:\Windows\tracing [30/10/2015 09:24:25] - |D| - [7680] - C:\Windows\twain_32 [MD5.669A44C0BCA67D8CDE111F7FBA91EE86] - [30/10/2015 09:19:30] - |A| - (.- Gestionnaire de sources Twain_32 (Image Acquisition Interface).) - [60416] - (1.7.1.3) - C:\Windows\twain_32.dll [30/10/2015 09:24:25] - |D| - [12420] - C:\Windows\Vss [30/10/2015 09:24:25] - |D| - [15729830] - C:\Windows\Web [MD5.23CF8138F49416231807E6DE371FB9E6] - [30/10/2015 09:24:29] - |A| - (.-.) - [92] - (0.0.0.0) - C:\Windows\win.ini [MD5.C844CA459F3B209329984772269B6E56] - [30/10/2015 09:18:16] - |RAH| - (.-.) - [670] - (0.0.0.0) - C:\Windows\WindowsShell.Manifest [MD5.038356387332650843BCB352BB89A101] - [05/03/2016 12:17:40] - |A| - (.-.) - [275] - (0.0.0.0) - C:\Windows\WindowsUpdate.log [MD5.8C459D003560EA9817F7CDB29AA55382] - [30/10/2015 09:18:29] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Relais Windows Winhlp32.) - [10240] - (10.0.10586.0) - C:\Windows\winhlp32.exe [30/10/2015 08:28:30] - |D| - [6908082777] - C:\Windows\WinSxS [MD5.E7E4D8D7340DA6934B9EA81CBB21374C] - [30/10/2015 09:18:41] - |A| - (.-.) - [316640] - (0.0.0.0) - C:\Windows\WMSysPr9.prx [MD5.E9C22DCE95A6E5B6C37FED42B3749E32] - [30/10/2015 09:18:14] - |A| - (.© Microsoft Corporation. - Windows Write.) - [11264] - (10.0.10586.0) - C:\Windows\write.exe [MD5.A0145EEB9EDA56392B044D34CDC20E53] - [05/03/2016 00:26:33] - |A| - (.Copyright (c) 2006-2013 Wellbia.com Co., Ltd. - XIGNCODE3 System Guard.) - [36904] - (3.4.2.150) - C:\Windows\xhunter1.sys ---------- | C:\Windows\System32\GroupPolicy ---------- | Systemroot\System ---------- | Systemroot\Installer (Microsoft Files Whitelisted) [30/04/2017 18:29:16] - C:\Windows\Installer\140842.msi : (Google Update Helper - Google Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [19/01/2016 00:55:02] - C:\Windows\Installer\18812db.msi : (Mumble 1.2.13 - Thorvald Natvig) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [16/06/2015 15:44:34] - C:\Windows\Installer\372f83.msi : (Intel(R) Chipset Device Software - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [25/06/2015 15:28:02] - C:\Windows\Installer\372f8b.msi : (NahimicSettingsConfigurator - ASUSTeKcomputer.Inc) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [25/06/2015 15:28:20] - C:\Windows\Installer\372f8f.msi : (Sonic Studio Plugin - ASUSTeKcomputer.Inc) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [08/05/2015 00:17:50] - C:\Windows\Installer\372f93.msi : (Intel(R) Network Connections - Intel) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [04/03/2016 13:22:55] - C:\Windows\Installer\372f99.msi : (Asmedia USB Host Controller Driver - Asmedia Technology) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [07/09/2016 12:15:06] - C:\Windows\Installer\62d06.msi : ( - Overwolf) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] ---------- | %System%\*.in* [30/10/2015 09:18:41] - [3458] - C:\Windows\System32\ieuinit.inf [05/03/2016 12:07:06] - [1848398] - C:\Windows\System32\PerfStringBackup.INI [30/10/2015 09:18:09] - [60124] - C:\Windows\System32\tcpmon.ini [30/10/2015 09:17:49] - [2269] - C:\Windows\System32\WimBootCompress.ini [30/10/2015 09:19:39] - [3458] - C:\Windows\Syswow64\ieuinit.inf [30/10/2015 09:18:25] - [2269] - C:\Windows\Syswow64\WimBootCompress.ini ---------- | Listing no Microsoft signed files (Not necessary Malwares) | system32 | Syswow64 | General scan [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:24] - [0 Ko] - C:\Windows\AppPatch\Custom\Custom64 [MD5.6214E50CFF4F5893159AADE9F1BD8082] - |A| - [10/11/2016 00:40:33] - (.-.) - [12.57 Ko] - (0.0.0.0) - C:\Windows\AppPatch\AppPatch64\pcamain.sdb [MD5.3BDF6A5A84D2590EDFF168691808EF04] - |A| - [10/11/2016 00:40:57] - (.-.) - [512.8 Ko] - (0.0.0.0) - C:\Windows\AppPatch\AppPatch64\sysmain.sdb [MD5.00000000000000000000000000000000] - |D| - [28/08/2017 14:45:20] - [0 Ko] - C:\Windows\Temp\115684AA-59FC-EC2A-C65C-E8E25FE3515D [MD5.00000000000000000000000000000000] - |D| - [24/08/2017 00:58:52] - [0 Ko] - C:\Windows\Temp\199F91F7-3EE3-293C-DDB7-6A8DB29E3495 [MD5.00000000000000000000000000000000] - |D| - [29/06/2017 16:25:30] - [0 Ko] - C:\Windows\Temp\1A254545-4858-7A8C-B999-E9843FE0F0BC [MD5.00000000000000000000000000000000] - |D| - [16/08/2017 16:31:46] - [881.27 Ko] - C:\Windows\Temp\31DBBF00-377A-4780-9B27-341B004674E71b18.1d3169c63c3f83d [MD5.00000000000000000000000000000000] - |D| - [05/07/2017 16:11:24] - [0 Ko] - C:\Windows\Temp\4433172D-3020-2C04-5D35-900E6E65C463 [MD5.00000000000000000000000000000000] - |D| - [13/07/2017 23:51:41] - [0 Ko] - C:\Windows\Temp\55938AED-4196-C9A0-D007-F2D2DA396533 [MD5.00000000000000000000000000000000] - |D| - [22/05/2017 23:18:22] - [0 Ko] - C:\Windows\Temp\5F314AD4-AFA7-22A1-D702-A8D76D6D07C8 [MD5.00000000000000000000000000000000] - |D| - [06/06/2017 23:34:56] - [866.27 Ko] - C:\Windows\Temp\68420C33-379B-4D1C-8467-E12BD88CB8B3404.1d2df0cbdaa3c5f [MD5.00000000000000000000000000000000] - |D| - [16/06/2017 23:58:12] - [874.27 Ko] - C:\Windows\Temp\6971AEDB-5F2C-4527-B764-C086580CC0551650.1d2e6eba64d43d4 [MD5.00000000000000000000000000000000] - |D| - [19/08/2017 17:27:37] - [0 Ko] - C:\Windows\Temp\6DAA84F6-87EF-DB52-C2AB-4EDCCE8D4B21 [MD5.00000000000000000000000000000000] - |D| - [21/05/2017 23:02:38] - [865.77 Ko] - C:\Windows\Temp\7AC6E7D2-ABC5-4932-BD7E-2D09ED1E6612ae4.1d2d2759443fb19 [MD5.00000000000000000000000000000000] - |D| - [19/06/2017 13:04:04] - [0 Ko] - C:\Windows\Temp\7D3586BF-6007-257B-11AB-70CF44119E46 [MD5.00000000000000000000000000000000] - |D| - [22/05/2017 16:57:54] - [0 Ko] - C:\Windows\Temp\80781C48-A260-773B-0E54-81D9944CB042 [MD5.00000000000000000000000000000000] - |D| - [22/03/2017 23:54:36] - [0 Ko] - C:\Windows\Temp\847CC5E6-D0C3-B438-2960-69DDC2DE862A [MD5.00000000000000000000000000000000] - |D| - [16/05/2017 16:21:54] - [1275.77 Ko] - C:\Windows\Temp\89352D36-55CF-4092-A356-4AF8C0A4FF0F64c.1d2ce4fc470dacb [MD5.00000000000000000000000000000000] - |D| - [31/05/2017 17:11:01] - [866.27 Ko] - C:\Windows\Temp\9045CC73-324A-4904-9BBA-0BEE42359DC5117c.1d2da201d839890 [MD5.00000000000000000000000000000000] - |D| - [30/04/2017 18:29:20] - [0 Ko] - C:\Windows\Temp\9050EB5E-8BB6-2D59-91CD-2BC4A3FEDA41 [MD5.00000000000000000000000000000000] - |D| - [16/08/2017 16:24:07] - [0 Ko] - C:\Windows\Temp\91A80B40-0B57-F252-88C6-EB5C46597A8E [MD5.00000000000000000000000000000000] - |D| - [20/03/2017 15:26:57] - [0 Ko] - C:\Windows\Temp\9676EE25-576E-703B-3F64-39EEA512DA20 [MD5.00000000000000000000000000000000] - |D| - [14/04/2017 00:12:34] - [0 Ko] - C:\Windows\Temp\9B0A08DA-9148-847F-3CCB-C076B58660BE [MD5.00000000000000000000000000000000] - |D| - [04/07/2017 15:25:27] - [0 Ko] - C:\Windows\Temp\A2D9C2B1-ADB1-C8D5-2C34-CB6E5F72145C [MD5.00000000000000000000000000000000] - |D| - [16/05/2017 17:17:22] - [0 Ko] - C:\Windows\Temp\B0D89643-6B40-2685-3908-BC4201144230 [MD5.00000000000000000000000000000000] - |D| - [27/04/2017 00:21:30] - [0 Ko] - C:\Windows\Temp\BBAF4C8D-76D8-2095-388B-78E6427C318A [MD5.00000000000000000000000000000000] - |D| - [11/04/2017 17:04:54] - [0 Ko] - C:\Windows\Temp\D3A421E1-A472-5A0C-B5DC-79450C1C1E13 [MD5.00000000000000000000000000000000] - |D| - [18/08/2017 23:08:53] - [0 Ko] - C:\Windows\Temp\D3B4585D-16E3-5813-CE5D-2E672CF6EDD2 [MD5.00000000000000000000000000000000] - |D| - [24/05/2017 13:09:18] - [0 Ko] - C:\Windows\Temp\D77BA525-F2A3-75EE-75E9-9734C5A7AD50 [MD5.00000000000000000000000000000000] - |D| - [07/04/2017 14:52:19] - [0 Ko] - C:\Windows\Temp\DC2F31BD-B89A-E7C1-8836-006B39192F13 [MD5.00000000000000000000000000000000] - |D| - [12/07/2017 16:45:57] - [0 Ko] - C:\Windows\Temp\DDC6877E-4249-0A94-941F-160C33DD8D05 [MD5.00000000000000000000000000000000] - |D| - [24/08/2017 12:56:56] - [0 Ko] - C:\Windows\Temp\E36DE5DB-3801-5B4F-3F0A-0D5FC2E4705C [MD5.00000000000000000000000000000000] - |D| - [18/08/2017 15:06:58] - [0 Ko] - C:\Windows\Temp\E394F13B-D7D4-4153-999D-A4D36668FCC6-Sigs [MD5.00000000000000000000000000000000] - |D| - [24/04/2017 16:32:22] - [0 Ko] - C:\Windows\Temp\E3E1B3E3-465F-183B-A39B-0B07DCCDC3B2 [MD5.00000000000000000000000000000000] - |D| - [19/03/2017 20:38:40] - [0 Ko] - C:\Windows\Temp\E7B5BE31-A0D0-B7A0-17EC-D5E3B90DD03B [MD5.00000000000000000000000000000000] - |D| - [09/07/2017 22:23:21] - [0 Ko] - C:\Windows\Temp\F11A4C63-F220-8560-1DC6-25C73A7936D2 [MD5.00000000000000000000000000000000] - |D| - [17/06/2017 00:55:59] - [0 Ko] - C:\Windows\Temp\FCADA994-84D9-3B3A-890C-E1A2C21E68FF [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [03/06/2016 23:18:07] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\lnonpnpsamp.log [MD5.AE7218611440335E4338EB2457425E3C] - |A| - [31/03/2016 18:42:52] - (.-.) - [26.81 Ko] - (0.0.0.0) - C:\Windows\Temp\MpCmdRun.log [MD5.00000000000000000000000000000000] - |D| - [01/04/2016 08:13:55] - [0 Ko] - C:\Windows\Temp\MPInstrumentation [MD5.288978CE39A94F15808CC97DE2885BD1] - |A| - [31/03/2016 09:07:47] - (.-.) - [288.26 Ko] - (0.0.0.0) - C:\Windows\Temp\MpSigStub.log [MD5.00000000000000000000000000000000] - |D| - [31/03/2016 18:42:53] - [0 Ko] - C:\Windows\Temp\MRT [MD5.DD3ECA893BDA3600A28ED371565EAF0F] - |A| - [15/04/2016 23:27:55] - (.-.) - [6.29 Ko] - (0.0.0.0) - C:\Windows\Temp\parallels.log [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 21:00:07] - [0 Ko] - C:\Windows\System32\0409 [MD5.373CF57FF3DAAEEB629F90CE7226B30D] - |A| - [30/10/2015 09:18:12] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\Windows\System32\@language_notification_icon.png [MD5.373CF57FF3DAAEEB629F90CE7226B30D] - |A| - [30/10/2015 09:18:10] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\Windows\System32\@optionalfeatures.png [MD5.7AC3EA1A5175106ED6467FF0C5315541] - |A| - [30/10/2015 09:17:39] - (.-.) - [14.75 Ko] - (0.0.0.0) - C:\Windows\System32\@WiFiNotificationIcon.png [MD5.F2CF417EF502555B139EDCD9FEBF9CD3] - |A| - [04/03/2016 13:19:33] - (.-.) - [107.27 Ko] - (0.0.0.0) - C:\Windows\System32\AcpiServiceVnA64.dll [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 08:31:05] - [3230.34 Ko] - C:\Windows\System32\AdvancedInstallers [MD5.96A6FCCACCAF7402A3FEC9632D4CFD42] - |A| - [12/07/2017 18:03:44] - (.-.) - [438.11 Ko] - (0.0.0.0) - C:\Windows\System32\ApnDatabase.xml [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:24] - [0 Ko] - C:\Windows\System32\AppLocker [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:24] - [2485.91 Ko] - C:\Windows\System32\appraiser [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:24] - [269 Ko] - C:\Windows\System32\ar-SA [MD5.8113D6E1884940FC3F9DED886B364A1E] - |A| - [04/03/2016 13:21:30] - (.-.) - [94.3 Ko] - (0.0.0.0) - C:\Windows\System32\audioLibVc.dll [MD5.D638E3AD81E149A75EEF59E9C743E27C] - |A| - [30/10/2015 09:24:33] - (.-.) - [0.38 Ko] - (0.0.0.0) - C:\Windows\System32\AutoWorkplace.exe.config [MD5.00000000000000000000000000000000] - |D| - [15/11/2016 02:02:01] - [13.37 Ko] - C:\Windows\System32\BestPractices [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:24] - [244 Ko] - C:\Windows\System32\bg-BG [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:24] - [4370.13 Ko] - C:\Windows\System32\Boot [MD5.6EC6A5D8C388FCE5792805DC8C736E87] - |A| - [30/10/2015 09:17:40] - (.Copyright (C) 2008 - Gestionnaire de contexte pour réseau personnel Bluetooth.) - [92 Ko] - (1.0.0.1) - C:\Windows\System32\BthpanContextHandler.dll [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:24] - [0.93 Ko] - C:\Windows\System32\Bthprops [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 08:28:30] - [89289.5 Ko] - C:\Windows\System32\CatRoot [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:24] - [49226.89 Ko] - C:\Windows\System32\catroot2 [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:24] - [2497.37 Ko] - C:\Windows\System32\CodeIntegrity [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:24] - [366.5 Ko] - C:\Windows\System32\Com [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 08:28:30] - [301083.03 Ko] - C:\Windows\System32\config [MD5.00000000000000000000000000000000] - |SD| - [30/10/2015 09:24:24] - [48.78 Ko] - C:\Windows\System32\Configuration [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:24] - [290 Ko] - C:\Windows\System32\cs-CZ [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:24] - [286 Ko] - C:\Windows\System32\da-DK [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:24] - [321 Ko] - C:\Windows\System32\de-DE [MD5.306B90493D00011EB635E161C6C024B8] - |A| - [30/10/2015 09:17:57] - (.-.) - [4128.04 Ko] - (0.0.0.0) - C:\Windows\System32\DefaultHrtfs.bin [MD5.664AA698FC0106A2B075A641E8DC6302] - |A| - [30/10/2015 09:24:34] - (.-.) - [0.84 Ko] - (0.0.0.0) - C:\Windows\System32\DefaultQuestions.json [MD5.00000000000000000000000000000000] - |SD| - [30/10/2015 09:24:24] - [570 Ko] - C:\Windows\System32\DiagSvcs [MD5.F938469DAF278EE42E32CE2ED5400172] - |A| - [30/10/2015 09:17:46] - (.-.) - [90.05 Ko] - (0.0.0.0) - C:\Windows\System32\DiskSnapshot.conf [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 08:28:37] - [7597.73 Ko] - C:\Windows\System32\Dism [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 08:28:37] - [1120.48 Ko] - C:\Windows\System32\downlevel [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:23:52] - [93475.49 Ko] - C:\Windows\System32\drivers [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 08:28:30] - [5675423.96 Ko] - C:\Windows\System32\DriverStore [MD5.00000000000000000000000000000000] - |SD| - [30/10/2015 09:24:25] - [148.5 Ko] - C:\Windows\System32\dsc [MD5.9734BDDABAD131D62E9B41126BD2D019] - |A| - [04/03/2016 13:22:31] - (.-.) - [3.06 Ko] - (0.0.0.0) - C:\Windows\System32\e1d65x64.din [MD5.30B4EC182373056C7AE758B72B83E8D5] - |A| - [30/10/2015 09:17:52] - (.-.) - [166.5 Ko] - (0.0.0.0) - C:\Windows\System32\EditionUpgradeHelper.dll [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [316.5 Ko] - C:\Windows\System32\el-GR [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 21:00:07] - [5 Ko] - C:\Windows\System32\en [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [233.5 Ko] - C:\Windows\System32\en-GB [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [2222 Ko] - C:\Windows\System32\en-US [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [311 Ko] - C:\Windows\System32\es-ES [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [254 Ko] - C:\Windows\System32\es-MX [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [228 Ko] - C:\Windows\System32\et-EE [MD5.00000000000000000000000000000000] - |SD| - [30/10/2015 09:24:25] - [24850.33 Ko] - C:\Windows\System32\F12 [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [289.5 Ko] - C:\Windows\System32\fi-FI [MD5.2215ECE6A75BFE1EE74EA2ACE2661850] - |A| - [05/03/2016 11:59:54] - (.-.) - [189.68 Ko] - (0.0.0.0) - C:\Windows\System32\FNTCACHE.DAT [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 21:00:07] - [3393.5 Ko] - C:\Windows\System32\fr [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [260 Ko] - C:\Windows\System32\fr-CA [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [43752.06 Ko] - C:\Windows\System32\fr-FR [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [0 Ko] - C:\Windows\System32\FxsTmp [MD5.0FEE8DB559981D7F06E26042ECD8D671] - |A| - [30/10/2015 09:17:39] - (.-.) - [73.87 Ko] - (0.0.0.0) - C:\Windows\System32\gatherNetworkInfo.vbs [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [0 Ko] - C:\Windows\System32\GroupPolicy [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [0 Ko] - C:\Windows\System32\GroupPolicyUsers [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [257 Ko] - C:\Windows\System32\he-IL [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [237 Ko] - C:\Windows\System32\hr-HR [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [293.5 Ko] - C:\Windows\System32\hu-HU [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [5.36 Ko] - C:\Windows\System32\ias [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [36.27 Ko] - C:\Windows\System32\icsxml [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [24019.17 Ko] - C:\Windows\System32\IME [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [0 Ko] - C:\Windows\System32\inetsrv [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [3229 Ko] - C:\Windows\System32\InputMethod [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [0 Ko] - C:\Windows\System32\Ipmi [MD5.28B8B654FA25578D84A136FA099886EE] - |A| - [15/03/2017 00:09:30] - (.-.) - [181.5 Ko] - (0.0.0.0) - C:\Windows\System32\ism32k.dll [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [316 Ko] - C:\Windows\System32\it-IT [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [231.5 Ko] - C:\Windows\System32\ja-JP [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [229 Ko] - C:\Windows\System32\ko-KR [MD5.050BC9351A3386458B696F8BCA78B27B] - |A| - [30/10/2015 09:17:57] - (.-.) - [145.55 Ko] - (0.0.0.0) - C:\Windows\System32\LargeRoom.bin [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [73.22 Ko] - C:\Windows\System32\Licenses [MD5.23C8C188C7A05F7CC046F52C3508E261] - |A| - [31/05/2013 21:19:12] - (.(C) 1998-2011 Logitech. - Logitech KMDF Co-Installer (UNICODE).) - [1800.27 Ko] - (5.30.42.0) - C:\Windows\System32\LkmdfCoInst.dll [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [3000 Ko] - C:\Windows\System32\LogFiles [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [234 Ko] - C:\Windows\System32\lt-LT [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [235 Ko] - C:\Windows\System32\lv-LV [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [29887.32 Ko] - C:\Windows\System32\Macromed [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [32.68 Ko] - C:\Windows\System32\MailContactsCalendarSync [MD5.BC74BDA8DC53F722C2CA686071600AE2] - |A| - [30/10/2015 09:17:57] - (.-.) - [107.45 Ko] - (0.0.0.0) - C:\Windows\System32\MediumRoom.bin [MD5.00000000000000000000000000000000] - |SD| - [05/03/2016 12:00:00] - [5.99 Ko] - C:\Windows\System32\Microsoft [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 08:28:37] - [5500.7 Ko] - C:\Windows\System32\migration [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [42692.94 Ko] - C:\Windows\System32\migwiz [MD5.00000000000000000000000000000000] - |D| - [04/03/2016 17:23:50] - [0 Ko] - C:\Windows\System32\MRT [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [45.5 Ko] - C:\Windows\System32\MSDRM [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [4628.28 Ko] - C:\Windows\System32\MsDtc [MD5.72534830694CCABA9A5CBA33F9771C63] - |A| - [04/03/2016 17:22:42] - (.-.) - [254.5 Ko] - (0.0.0.0) - C:\Windows\System32\MTFServer.dll [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [19.65 Ko] - C:\Windows\System32\MUI [MD5.52D09193B954697371DFA7BE9E520D05] - |A| - [04/03/2016 13:20:51] - (.Copyright © 2013 Nahimic Inc. All rights reserved - Nahimic APO lfx dll.) - [5112.26 Ko] - (6.3.9600.17231) - C:\Windows\System32\NAHIMICAPOlfx.dll [MD5.4E5442D9B14EF9EF679CD8D65CD50A51] - |A| - [04/03/2016 13:20:54] - (.Copyright © 2013 Nahimic Inc. All rights reserved - Nahimic APO Settings Communication Dll.) - [971.8 Ko] - (1.0.0.14866) - C:\Windows\System32\NahimicAPONSControl.dll [MD5.BE01A0E01C03156B908EDDB4406EC972] - |A| - [04/03/2016 13:20:52] - (.Copyright © 2013 Nahimic Inc. All rights reserved - Nahimic APO lfx dll.) - [5574.94 Ko] - (6.3.9600.16384) - C:\Windows\System32\NAHIMICV2apo.dll [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [281.5 Ko] - C:\Windows\System32\nb-NO [MD5.C146E873B22C3B300B21A859FE66C27A] - |A| - [30/10/2015 09:17:39] - (.-.) - [21.15 Ko] - (0.0.0.0) - C:\Windows\System32\NetTrace.PLA.Diagnostics.xml [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [51 Ko] - C:\Windows\System32\networklist [MD5.2BF0CEEDCF4C5581E199FC4A265B3F71] - |A| - [10/02/2017 18:53:49] - (.-.) - [0.65 Ko] - (0.0.0.0) - C:\Windows\System32\nv-vk64.json [MD5.AB41179FB93B2A37664AAAEFC212CB89] - |A| - [22/09/2016 00:35:05] - (.-.) - [7624.05 Ko] - (0.0.0.0) - C:\Windows\System32\nvcoproc.bin [MD5.A6158D302131124A2BC02DD84A68A05A] - |A| - [19/07/2016 19:43:13] - (.-.) - [42.54 Ko] - (0.0.0.0) - C:\Windows\System32\nvinfo.pb [MD5.7887AFD07F65ABB0AFFC1AC8FD3BFC49] - |A| - [15/09/2016 17:10:03] - (.-.) - [117.44 Ko] - (0.0.0.0) - C:\Windows\System32\NvRtmpStreamer64.dll [MD5.DE4FA2E0FBF5D7CAF54977DE21949EC2] - |A| - [30/10/2015 09:24:36] - (.-.) - [15.33 Ko] - (0.0.0.0) - C:\Windows\System32\OEMDefaultAssociations.xml [MD5.2901049544FDF863362FABA2363EB647] - |A| - [30/10/2015 09:17:50] - (.-.) - [0.82 Ko] - (0.0.0.0) - C:\Windows\System32\onlinesetup.cmd [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [12665.82 Ko] - C:\Windows\System32\oobe [MD5.42D2360079B1DF3230024AE920737367] - |A| - [30/10/2015 09:17:57] - (.-.) - [45.81 Ko] - (0.0.0.0) - C:\Windows\System32\OutdoorAudioEnvironment.bin [MD5.06FCCB3B36706B45C095D60DD7E333DD] - |A| - [30/10/2015 09:26:16] - (.-.) - [135.58 Ko] - (0.0.0.0) - C:\Windows\System32\perfc009.dat [MD5.8BFA63CB5B08B49A980BCC2B4DDC35B4] - |A| - [30/10/2015 21:00:15] - (.-.) - [151.91 Ko] - (0.0.0.0) - C:\Windows\System32\perfc00C.dat [MD5.32BC2E0CC95E2DCEE25B15BFB82D07B8] - |A| - [30/10/2015 09:26:16] - (.-.) - [32.58 Ko] - (0.0.0.0) - C:\Windows\System32\perfd009.dat [MD5.AA180E09E4990FF71FBEAC8C4455CF47] - |A| - [30/10/2015 21:00:15] - (.-.) - [39.58 Ko] - (0.0.0.0) - C:\Windows\System32\perfd00C.dat [MD5.1E203E6F4A882A4A90DA2E6AB05DCED6] - |A| - [30/10/2015 09:26:16] - (.-.) - [717.09 Ko] - (0.0.0.0) - C:\Windows\System32\perfh009.dat [MD5.B624EE11BA95DDD35CC450C3973EC447] - |A| - [30/10/2015 21:00:15] - (.-.) - [804.94 Ko] - (0.0.0.0) - C:\Windows\System32\perfh00C.dat [MD5.5C4F624C039612475F710D4FC024C703] - |A| - [05/03/2016 12:07:06] - (.-.) - [1805.08 Ko] - (0.0.0.0) - C:\Windows\System32\PerfStringBackup.INI [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [297.5 Ko] - C:\Windows\System32\pl-PL [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [377.5 Ko] - C:\Windows\System32\PointOfService [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 21:00:08] - [420.42 Ko] - C:\Windows\System32\Printing_Admin_Scripts [MD5.007893E8374C766471239EB291BA8C17] - |A| - [30/10/2015 09:17:45] - (.-.) - [4.05 Ko] - (0.0.0.0) - C:\Windows\System32\psmodulediscoveryprovider.mof [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [301.5 Ko] - C:\Windows\System32\pt-BR [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [296.5 Ko] - C:\Windows\System32\pt-PT [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [23.75 Ko] - C:\Windows\System32\ras [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [0 Ko] - C:\Windows\System32\RasToast [MD5.226BBC4490EA49B69B407742A85A2D92] - |A| - [30/10/2015 09:19:26] - (.-.) - [8.72 Ko] - (0.0.0.0) - C:\Windows\System32\ResPriHMImageList [MD5.7153DD25B2D727B7281780A3DF33C877] - |A| - [30/10/2015 09:19:26] - (.-.) - [8.16 Ko] - (0.0.0.0) - C:\Windows\System32\ResPriImageList [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [0.07 Ko] - C:\Windows\System32\restore [MD5.5C18CD22BE4628865FCB63337A6E5EF6] - |A| - [30/10/2015 09:19:26] - (.-.) - [10.18 Ko] - (0.0.0.0) - C:\Windows\System32\ScavengeSpace.xml [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [6.92 Ko] - C:\Windows\System32\SecureBootUpdates [MD5.A8308D2F3DDE0745E8B678BF69A2ECD0] - |A| - [30/10/2015 09:17:43] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\System32\settings.dat [MD5.8C3D0C73A0850A0EE62DF9EC36DBDE80] - |N| - [04/03/2016 13:22:34] - (.-.) - [1.86 Ko] - (0.0.0.0) - C:\Windows\System32\SetupBD.din [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [241 Ko] - C:\Windows\System32\sk-SK [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [236.5 Ko] - C:\Windows\System32\sl-SI [MD5.00000000000000000000000000000000] - |D| - [11/03/2016 13:01:23] - [0 Ko] - C:\Windows\System32\SleepStudy [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 21:00:08] - [52.14 Ko] - C:\Windows\System32\slmgr [MD5.1C6F12AA3D178A0A953E8005B3CD4CDE] - |A| - [30/10/2015 09:17:57] - (.-.) - [68.14 Ko] - (0.0.0.0) - C:\Windows\System32\SmallRoom.bin [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 08:28:30] - [16308.02 Ko] - C:\Windows\System32\SMI [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [7733.34 Ko] - C:\Windows\System32\Speech [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [7465.38 Ko] - C:\Windows\System32\Speech_OneCore [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [108684.06 Ko] - C:\Windows\System32\spool [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [6117.42 Ko] - C:\Windows\System32\spp [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [23.67 Ko] - C:\Windows\System32\sppui [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [243.5 Ko] - C:\Windows\System32\sr-Latn-CS [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [240 Ko] - C:\Windows\System32\sr-Latn-RS [MD5.C1AA14DBA23EB5AE5044727DF182FE5C] - |A| - [30/10/2015 09:17:46] - (.-.) - [54.8 Ko] - (0.0.0.0) - C:\Windows\System32\srms.dat [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [8648 Ko] - C:\Windows\System32\sru [MD5.A632ADED3B3511C6D34285AA394DB92E] - |A| - [25/06/2015 15:28:20] - (.-.) - [2084.97 Ko] - (0.0.0.0) - C:\Windows\System32\SStudio.dll [MD5.B59958CD06C9F89C39281FB12F1BB233] - |A| - [30/10/2015 09:18:42] - (.-.) - [513.74 Ko] - (0.0.0.0) - C:\Windows\System32\staticurllist.bin [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [286.5 Ko] - C:\Windows\System32\sv-SE [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 08:28:37] - [1658.68 Ko] - C:\Windows\System32\Sysprep [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [1179.78 Ko] - C:\Windows\System32\SystemResetPlatform [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [484.15 Ko] - C:\Windows\System32\Tasks [MD5.D602CA245CC6774A0981B607F0675609] - |A| - [30/10/2015 09:18:09] - (.-.) - [58.71 Ko] - (0.0.0.0) - C:\Windows\System32\tcpmon.ini [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [224.5 Ko] - C:\Windows\System32\th-TH [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [282.5 Ko] - C:\Windows\System32\tr-TR [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [235.5 Ko] - C:\Windows\System32\uk-UA [MD5.00000000000000000000000000000000] - |D| - [01/06/2017 15:28:15] - [2199.72 Ko] - C:\Windows\System32\UNP [MD5.F5AA1CD090726ED32C0026FBD023FCF7] - |A| - [26/01/2017 02:09:16] - (.Copyright (C) 2015-2017 - Vulkan Loader.) - [315 Ko] - (1.0.39.1) - C:\Windows\System32\vulkan-1-1-0-39-1.dll [MD5.F5AA1CD090726ED32C0026FBD023FCF7] - |A| - [09/03/2017 20:27:06] - (.Copyright (C) 2015-2017 - Vulkan Loader.) - [315 Ko] - (1.0.39.1) - C:\Windows\System32\vulkan-1.dll [MD5.6D2AD21CD6674F1B66CCB8C4C433A4E1] - |A| - [26/01/2017 02:09:50] - (.-.) - [115.5 Ko] - (0.0.0.0) - C:\Windows\System32\vulkaninfo-1-1-0-39-1.exe [MD5.6D2AD21CD6674F1B66CCB8C4C433A4E1] - |A| - [09/03/2017 20:27:06] - (.-.) - [115.5 Ko] - (0.0.0.0) - C:\Windows\System32\vulkaninfo.exe [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [77425.6 Ko] - C:\Windows\System32\wbem [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 21:00:08] - [0 Ko] - C:\Windows\System32\WCN [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [34317.77 Ko] - C:\Windows\System32\WDI [MD5.6EDD021A8B6457DDE09DE7B7FA4E8C8B] - |A| - [30/10/2015 09:17:47] - (.-.) - [0.6 Ko] - (0.0.0.0) - C:\Windows\System32\WdsUnattendTemplate.xml [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [1.1 Ko] - C:\Windows\System32\WinBioDatabase [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [49015 Ko] - C:\Windows\System32\WinBioPlugIns [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [8590.25 Ko] - C:\Windows\System32\WindowsPowerShell [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [160076 Ko] - C:\Windows\System32\winevt [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [3696 Ko] - C:\Windows\System32\WinMetadata [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 21:00:08] - [107.53 Ko] - C:\Windows\System32\winrm [MD5.C30C621748C66CE751B19B2788559A3E] - |A| - [30/10/2015 09:18:42] - (.-.) - [4.58 Ko] - (0.0.0.0) - C:\Windows\System32\wpcmon.png [MD5.F1DF7849450DBC5D5C3A464E8A791C8C] - |A| - [30/10/2015 09:18:42] - (.-.) - [1485.18 Ko] - (0.0.0.0) - C:\Windows\System32\WpcNBModel.bin [MD5.B6B479B04C64AF5EF36C24EBDF278302] - |A| - [30/10/2015 09:18:03] - (.-.) - [0.71 Ko] - (0.0.0.0) - C:\Windows\System32\wpr.config.xml [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [204.5 Ko] - C:\Windows\System32\zh-CN [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [199 Ko] - C:\Windows\System32\zh-HK [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [199 Ko] - C:\Windows\System32\zh-TW [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 21:00:09] - [0 Ko] - C:\Windows\SysWOW64\0409 [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 08:31:03] - [2203.34 Ko] - C:\Windows\SysWOW64\AdvancedInstallers [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [0 Ko] - C:\Windows\SysWOW64\AppLocker [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [250.5 Ko] - C:\Windows\SysWOW64\ar-SA [MD5.8128B54EAA48F9C06B19A86C87752996] - |RA| - [04/03/2016 13:17:22] - (.Copyright (C) 2010 - AsIO DLL.) - [28 Ko] - (1.0.0.4) - C:\Windows\SysWOW64\AsIO.dll [MD5.00000000000000000000000000000000] - |D| - [15/11/2016 02:02:01] - [1.59 Ko] - C:\Windows\SysWOW64\BestPractices [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [222 Ko] - C:\Windows\SysWOW64\bg-BG [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [0.93 Ko] - C:\Windows\SysWOW64\Bthprops [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [0 Ko] - C:\Windows\SysWOW64\catroot [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [320.5 Ko] - C:\Windows\SysWOW64\Com [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [1699.53 Ko] - C:\Windows\SysWOW64\config [MD5.00000000000000000000000000000000] - |SD| - [30/10/2015 09:24:25] - [48.78 Ko] - C:\Windows\SysWOW64\Configuration [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [268.5 Ko] - C:\Windows\SysWOW64\cs-CZ [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [265.5 Ko] - C:\Windows\SysWOW64\da-DK [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [298.5 Ko] - C:\Windows\SysWOW64\de-DE [MD5.00000000000000000000000000000000] - |SD| - [30/10/2015 09:24:25] - [17.5 Ko] - C:\Windows\SysWOW64\DiagSvcs [MD5.00000000000000000000000000000000] - |D| - [28/08/2016 23:05:04] - [0 Ko] - C:\Windows\SysWOW64\directx [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 08:28:37] - [5852.25 Ko] - C:\Windows\SysWOW64\Dism [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 08:28:37] - [1120.09 Ko] - C:\Windows\SysWOW64\downlevel [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [3517.03 Ko] - C:\Windows\SysWOW64\drivers [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [0 Ko] - C:\Windows\SysWOW64\DriverStore [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [292.5 Ko] - C:\Windows\SysWOW64\el-GR [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 21:00:09] - [0 Ko] - C:\Windows\SysWOW64\en [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [213.5 Ko] - C:\Windows\SysWOW64\en-GB [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [1600.5 Ko] - C:\Windows\SysWOW64\en-US [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [288.5 Ko] - C:\Windows\SysWOW64\es-ES [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [232 Ko] - C:\Windows\SysWOW64\es-MX [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [208.5 Ko] - C:\Windows\SysWOW64\et-EE [MD5.00000000000000000000000000000000] - |SD| - [30/10/2015 09:24:25] - [20957.81 Ko] - C:\Windows\SysWOW64\F12 [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [268 Ko] - C:\Windows\SysWOW64\fi-FI [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 21:00:09] - [3140 Ko] - C:\Windows\SysWOW64\fr [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [236.5 Ko] - C:\Windows\SysWOW64\fr-CA [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [37244.37 Ko] - C:\Windows\SysWOW64\fr-FR [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [0 Ko] - C:\Windows\SysWOW64\FxsTmp [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [0 Ko] - C:\Windows\SysWOW64\GroupPolicy [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [0 Ko] - C:\Windows\SysWOW64\GroupPolicyUsers [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [239 Ko] - C:\Windows\SysWOW64\he-IL [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [216.5 Ko] - C:\Windows\SysWOW64\hr-HR [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [271.5 Ko] - C:\Windows\SysWOW64\hu-HU [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [36.27 Ko] - C:\Windows\SysWOW64\icsxml [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [19515.67 Ko] - C:\Windows\SysWOW64\IME [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [0 Ko] - C:\Windows\SysWOW64\inetsrv [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [195.5 Ko] - C:\Windows\SysWOW64\InputMethod [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [1160 Ko] - C:\Windows\SysWOW64\InstallShield [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [0 Ko] - C:\Windows\SysWOW64\Ipmi [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [294 Ko] - C:\Windows\SysWOW64\it-IT [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [217.5 Ko] - C:\Windows\SysWOW64\ja-JP [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [215.5 Ko] - C:\Windows\SysWOW64\ko-KR [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [73.22 Ko] - C:\Windows\SysWOW64\Licenses [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [0 Ko] - C:\Windows\SysWOW64\LogFiles [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [213.5 Ko] - C:\Windows\SysWOW64\lt-LT [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [214.5 Ko] - C:\Windows\SysWOW64\lv-LV [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [24345.97 Ko] - C:\Windows\SysWOW64\Macromed [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [32.68 Ko] - C:\Windows\SysWOW64\MailContactsCalendarSync [MD5.00000000000000000000000000000000] - |SD| - [28/08/2017 22:15:31] - [0 Ko] - C:\Windows\SysWOW64\Microsoft [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [3237.96 Ko] - C:\Windows\SysWOW64\migration [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [846.84 Ko] - C:\Windows\SysWOW64\migwiz [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [45.5 Ko] - C:\Windows\SysWOW64\MSDRM [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [52.28 Ko] - C:\Windows\SysWOW64\MsDtc [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [19.65 Ko] - C:\Windows\SysWOW64\MUI [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [262 Ko] - C:\Windows\SysWOW64\nb-NO [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [0 Ko] - C:\Windows\SysWOW64\NDF [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [51 Ko] - C:\Windows\SysWOW64\networklist [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [278.5 Ko] - C:\Windows\SysWOW64\nl-NL [MD5.00000000000000000000000000000000] - |SD| - [30/10/2015 09:24:25] - [3781.5 Ko] - C:\Windows\SysWOW64\Nui [MD5.E256CF02FDF09732C42AF1C7AB9521DD] - |A| - [10/02/2017 18:53:49] - (.-.) - [0.65 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\nv-vk32.json [MD5.4287C9D06A1086CDF75C697A494BE4B7] - |A| - [26/01/2017 02:12:46] - (.Copyright (C) 2015-2017 - Vulkan Loader.) - [319 Ko] - (1.0.39.1) - C:\Windows\SysWOW64\vulkan-1-1-0-39-1.dll [MD5.4287C9D06A1086CDF75C697A494BE4B7] - |A| - [09/03/2017 20:27:06] - (.Copyright (C) 2015-2017 - Vulkan Loader.) - [319 Ko] - (1.0.39.1) - C:\Windows\SysWOW64\vulkan-1.dll [MD5.BB0B3644D206847B9E39745E7A25BC64] - |A| - [26/01/2017 02:13:16] - (.-.) - [101.5 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\vulkaninfo-1-1-0-39-1.exe [MD5.BB0B3644D206847B9E39745E7A25BC64] - |A| - [09/03/2017 20:27:06] - (.-.) - [101.5 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\vulkaninfo.exe [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [15459.79 Ko] - C:\Windows\SysWOW64\wbem [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 21:00:09] - [0 Ko] - C:\Windows\SysWOW64\WCN [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [7755.93 Ko] - C:\Windows\SysWOW64\WindowsPowerShell [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [3696 Ko] - C:\Windows\SysWOW64\WinMetadata [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 21:00:09] - [107.53 Ko] - C:\Windows\SysWOW64\winrm [MD5.00000000000000000000000000000000] - |D| - [28/08/2016 23:08:37] - [10.16 Ko] - C:\Windows\SysWOW64\XPSViewer [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [193.5 Ko] - C:\Windows\SysWOW64\zh-CN [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [187.5 Ko] - C:\Windows\SysWOW64\zh-HK [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [187.5 Ko] - C:\Windows\SysWOW64\zh-TW ---------- | Shell Folders [HKU\S-1-5-21-3509389351-3950065392-2608423712-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] "!Do not use this registry key"=Use the SHGetFolderPath or SHGetKnownFolderPath function instead "AppData"=C:\Users\David\AppData\Roaming [04/03/2016 12:20:21] "Local AppData"=C:\Users\David\AppData\Local [04/03/2016 12:20:21] "{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"=C:\Users\David\AppData\Roaming\Microsoft\Windows\Libraries [04/03/2016 12:20:38] "My Video"=E:\Videos [30/03/2016 19:37:13] "My Pictures"=E:\Images [30/03/2016 19:36:47] "Desktop"=C:\Users\David\Desktop [04/03/2016 12:20:21] "History"=C:\Users\David\AppData\Local\Microsoft\Windows\History [04/03/2016 12:20:21] "NetHood"=C:\Users\David\AppData\Roaming\Microsoft\Windows\Network Shortcuts [04/03/2016 12:20:21] "{56784854-C6CB-462B-8169-88E350ACB882}"=C:\Users\David\Contacts [04/03/2016 12:20:38] "{00BCFC5A-ED94-4E48-96A1-3F6217F21990}"=C:\Users\David\AppData\Local\Microsoft\Windows\RoamingTiles [04/03/2016 12:20:38] "Cookies"=C:\Users\David\AppData\Local\Microsoft\Windows\INetCookies [04/03/2016 12:20:21] "Favorites"=C:\Users\David\Favorites [04/03/2016 12:20:21] "SendTo"=C:\Users\David\AppData\Roaming\Microsoft\Windows\SendTo [04/03/2016 12:20:21] "Start Menu"=C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu [04/03/2016 12:20:21] "My Music"=E:\Music [30/03/2016 19:34:33] "Programs"=C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [04/03/2016 12:20:21] "Recent"=C:\Users\David\AppData\Roaming\Microsoft\Windows\Recent [04/03/2016 12:20:21] "CD Burning"=C:\Users\David\AppData\Local\Microsoft\Windows\Burn\Burn [04/03/2016 12:22:23] "PrintHood"=C:\Users\David\AppData\Roaming\Microsoft\Windows\Printer Shortcuts [04/03/2016 12:20:21] "{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}"=C:\Users\David\Searches [04/03/2016 12:20:38] "{374DE290-123F-4565-9164-39C4925E467B}"=E:\Telechargements [30/03/2016 19:36:00] "{A520A1A4-1780-4FF6-BD18-167343C5AF16}"=C:\Users\David\AppData\LocalLow [04/03/2016 12:20:22] "Startup"=C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [04/03/2016 12:20:39] "Administrative Tools"=C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [04/03/2016 12:20:39] "Personal"=E:\Documents [30/03/2016 19:40:37] "{BFB9D5E0-C6A9-404C-B2B2-AE6DB6AF4968}"=C:\Users\David\Links [04/03/2016 12:20:21] "Cache"=C:\Users\David\AppData\Local\Microsoft\Windows\INetCache [04/03/2016 12:20:21] "Templates"=C:\Users\David\AppData\Roaming\Microsoft\Windows\Templates [04/03/2016 12:20:21] "{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}"=C:\Users\David\Saved Games [04/03/2016 12:20:21] "Fonts"=C:\Windows\Fonts [30/10/2015 09:24:24] [HKU\S-1-5-21-3509389351-3950065392-2608423712-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders] "AppData"=%USERPROFILE%\AppData\Roaming "Cache"=%USERPROFILE%\AppData\Local\Microsoft\Windows\INetCache "Cookies"=%USERPROFILE%\AppData\Local\Microsoft\Windows\INetCookies "Desktop"=%USERPROFILE%\Desktop "Favorites"=%USERPROFILE%\Favorites "History"=%USERPROFILE%\AppData\Local\Microsoft\Windows\History "Local AppData"=%USERPROFILE%\AppData\Local "My Music"=E:\Music [30/03/2016 19:34:33] "My Pictures"=E:\Images [30/03/2016 19:36:47] "My Video"=E:\Videos [30/03/2016 19:37:13] "NetHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Network Shortcuts "Personal"=E:\Documents [30/03/2016 19:40:37] "PrintHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Printer Shortcuts "Programs"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs "Recent"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Recent "SendTo"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\SendTo "Start Menu"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu "Startup"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup "Templates"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Templates "{374DE290-123F-4565-9164-39C4925E467B}"=E:\Telechargements [30/03/2016 19:36:00] "{A0C69A99-21C8-4671-8703-7934162FCF1D}"=E:\Music [30/03/2016 19:34:33] "{7D83EE9B-2244-4E70-B1F5-5393042AF1E4}"=E:\Telechargements [30/03/2016 19:36:00] "{0DDD015D-B06C-45D5-8C4C-F59713854639}"=E:\Images [30/03/2016 19:36:47] "{35286A68-3C57-41A1-BBB1-0EAE73D76C95}"=E:\Videos [30/03/2016 19:37:13] "{F42EE2D3-909F-4907-8871-4C22FC0BF756}"=E:\Documents [30/03/2016 19:40:37] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] "Common Administrative Tools"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [30/10/2015 09:24:24] "Common AppData"=C:\ProgramData [30/10/2015 09:24:24] "Common Desktop"=C:\Users\Public\Desktop [30/10/2015 09:24:24] "Common Documents"=C:\Users\Public\Documents [30/10/2015 09:24:24] "Common Programs"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs [30/10/2015 09:24:24] "Common Start Menu"=C:\ProgramData\Microsoft\Windows\Start Menu [30/10/2015 09:24:24] "Common Startup"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [30/10/2015 09:24:24] "Common Templates"=C:\ProgramData\Microsoft\Windows\Templates [30/10/2015 09:24:24] "CommonMusic"=C:\Users\Public\Music [30/10/2015 09:24:24] "CommonPictures"=C:\Users\Public\Pictures [30/10/2015 09:24:24] "CommonVideo"=C:\Users\Public\Videos [30/10/2015 09:24:24] "OEM Links"=C:\ProgramData\OEM\Links [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders] "Common AppData"=%ProgramData% "Common Desktop"=%PUBLIC%\Desktop "Common Documents"=%PUBLIC%\Documents "Common Programs"=%ProgramData%\Microsoft\Windows\Start Menu\Programs "Common Start Menu"=%ProgramData%\Microsoft\Windows\Start Menu "Common Startup"=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup "Common Templates"=%ProgramData%\Microsoft\Windows\Templates "CommonMusic"=%PUBLIC%\Music "CommonPictures"=%PUBLIC%\Pictures "CommonVideo"=%PUBLIC%\Videos "{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"=%PUBLIC%\Downloads [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] "Common Administrative Tools"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [30/10/2015 09:24:24] "Common AppData"=C:\ProgramData [30/10/2015 09:24:24] "Common Desktop"=C:\Users\Public\Desktop [30/10/2015 09:24:24] "Common Documents"=C:\Users\Public\Documents [30/10/2015 09:24:24] "Common Programs"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs [30/10/2015 09:24:24] "Common Start Menu"=C:\ProgramData\Microsoft\Windows\Start Menu [30/10/2015 09:24:24] "Common Startup"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [30/10/2015 09:24:24] "Common Templates"=C:\ProgramData\Microsoft\Windows\Templates [30/10/2015 09:24:24] "CommonMusic"=C:\Users\Public\Music [30/10/2015 09:24:24] "CommonPictures"=C:\Users\Public\Pictures [30/10/2015 09:24:24] "CommonVideo"=C:\Users\Public\Videos [30/10/2015 09:24:24] "OEM Links"=C:\ProgramData\OEM\Links [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders] "Common AppData"=%ProgramData% "Common Desktop"=%PUBLIC%\Desktop "Common Documents"=%PUBLIC%\Documents "Common Programs"=%ProgramData%\Microsoft\Windows\Start Menu\Programs "Common Start Menu"=%ProgramData%\Microsoft\Windows\Start Menu "Common Startup"=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup "Common Templates"=%ProgramData%\Microsoft\Windows\Templates "CommonMusic"=%PUBLIC%\Music "CommonPictures"=%PUBLIC%\Pictures "CommonVideo"=%PUBLIC%\Videos "{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"=%PUBLIC%\Downloads ---------- | [David] [04/03/2016 12:20:21] - |D| - [1895227916] - C:\Users\David\AppData\Local [04/03/2016 12:20:22] - |D| - [760030] - C:\Users\David\AppData\LocalLow [04/03/2016 12:20:21] - |D| - [7158702] - C:\Users\David\AppData\Roaming [04/03/2016 12:21:27] - |D| - [0] - C:\Users\David\AppData\Local\ActiveSync [04/03/2016 12:20:22] - |SHD| - [19660959333] - C:\Users\David\AppData\Local\Application Data [03/05/2016 19:01:17] - |D| - [129342178] - C:\Users\David\AppData\Local\Battle.net [04/03/2016 13:44:25] - |D| - [8825899] - C:\Users\David\AppData\Local\BlackDesertOnline [03/05/2016 19:01:23] - |D| - [958015] - C:\Users\David\AppData\Local\Blizzard Entertainment [25/08/2016 19:46:49] - |D| - [6430691] - C:\Users\David\AppData\Local\CEF [10/02/2017 18:40:30] - |D| - [40] - C:\Users\David\AppData\Local\Chromium [04/03/2016 12:38:40] - |D| - [22224916] - C:\Users\David\AppData\Local\Comms [05/03/2016 12:39:18] - |D| - [89823439] - C:\Users\David\AppData\Local\CrashDumps [03/05/2016 13:23:47] - |D| - [1952] - C:\Users\David\AppData\Local\Disc_Soft_Ltd [04/07/2016 22:40:04] - |D| - [176561] - C:\Users\David\AppData\Local\ElevatedDiagnostics [28/08/2017 15:43:09] - |D| - [6604184] - C:\Users\David\AppData\Local\F-Secure [28/08/2017 15:43:29] - |D| - [0] - C:\Users\David\AppData\Local\FSDART [08/03/2016 14:43:00] - |D| - [779646921] - C:\Users\David\AppData\Local\Google [04/03/2016 12:20:22] - |SHD| - [130] - C:\Users\David\AppData\Local\Historique [04/03/2016 13:23:23] - |AH| - [91051] - C:\Users\David\AppData\Local\IconCache.db [03/06/2016 23:19:21] - |D| - [1189652] - C:\Users\David\AppData\Local\Logitech [04/03/2016 12:20:21] - |D| - [341182528] - C:\Users\David\AppData\Local\Microsoft [04/03/2016 12:26:32] - |D| - [82095] - C:\Users\David\AppData\Local\MicrosoftEdge [04/03/2016 13:00:19] - |D| - [0] - C:\Users\David\AppData\Local\NetworkTiles [04/03/2016 12:28:01] - |D| - [216074011] - C:\Users\David\AppData\Local\NVIDIA [04/03/2016 12:34:03] - |D| - [165077497] - C:\Users\David\AppData\Local\NVIDIA Corporation [04/03/2016 12:20:32] - |D| - [101830976] - C:\Users\David\AppData\Local\Packages [19/07/2016 18:47:30] - |D| - [0] - C:\Users\David\AppData\Local\Programs [04/03/2016 12:20:54] - |D| - [0] - C:\Users\David\AppData\Local\Publishers [24/08/2017 01:07:20] - |A| - [7626] - C:\Users\David\AppData\Local\Resmon.ResmonCfg [25/08/2016 19:46:48] - |D| - [9009794] - C:\Users\David\AppData\Local\Steam [04/03/2016 12:20:21] - |D| - [3984424] - C:\Users\David\AppData\Local\Temp [04/03/2016 12:20:22] - |SHD| - [12093949] - C:\Users\David\AppData\Local\Temporary Internet Files [04/03/2016 12:20:31] - |D| - [11608064] - C:\Users\David\AppData\Local\TileDataLayer [01/06/2017 23:30:38] - |D| - [0] - C:\Users\David\AppData\Local\UNP [04/03/2016 12:20:34] - |D| - [0] - C:\Users\David\AppData\Local\VirtualStore [29/08/2017 16:20:56] - |D| - [1055896] - C:\Users\David\AppData\Local\ZHP [04/03/2016 12:21:34] - |SD| - [760030] - C:\Users\David\AppData\LocalLow\Microsoft [30/03/2016 12:22:59] - |D| - [0] - C:\Users\David\AppData\Roaming\Acronis [04/03/2016 12:20:35] - |D| - [0] - C:\Users\David\AppData\Roaming\Adobe [03/05/2016 18:59:15] - |D| - [10698] - C:\Users\David\AppData\Roaming\Battle.net [03/05/2016 13:20:47] - |D| - [26815] - C:\Users\David\AppData\Roaming\DAEMON Tools Lite [03/06/2016 23:16:43] - |D| - [26862] - C:\Users\David\AppData\Roaming\Logishrd [03/06/2016 23:16:43] - |D| - [0] - C:\Users\David\AppData\Roaming\Logitech [04/03/2016 12:29:28] - |D| - [492] - C:\Users\David\AppData\Roaming\Macromedia [04/03/2016 12:20:21] - |SD| - [653406] - C:\Users\David\AppData\Roaming\Microsoft [04/03/2016 20:45:24] - |D| - [1474990] - C:\Users\David\AppData\Roaming\Mumble [09/03/2017 19:16:02] - |D| - [4564] - C:\Users\David\AppData\Roaming\NVIDIA [09/08/2016 15:14:28] - |D| - [76] - C:\Users\David\AppData\Roaming\Skype [03/05/2016 13:27:53] - |D| - [4068] - C:\Users\David\AppData\Roaming\Steam [07/06/2017 15:05:03] - |D| - [435912] - C:\Users\David\AppData\Roaming\TS3Client [15/04/2016 23:34:20] - |D| - [1433305] - C:\Users\David\AppData\Roaming\uTorrent [03/05/2016 13:28:59] - |D| - [12] - C:\Users\David\AppData\Roaming\WinRAR [29/08/2017 16:20:56] - |D| - [3087502] - C:\Users\David\AppData\Roaming\ZHP [04/03/2016 12:20:38] - |ASH| - [174] - C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini [04/03/2016 12:20:22] - |SHD| - [39598] - C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes [04/03/2016 12:20:21] - |RD| - [39598] - C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [04/03/2016 12:20:21] - |RD| - [3888] - C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility [04/03/2016 12:20:21] - |RD| - [2929] - C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [04/03/2016 12:20:39] - |RD| - [174] - C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [30/03/2016 17:56:45] - |D| - [6378] - C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Crucial Storage Executive [04/03/2016 12:20:38] - |ASH| - [174] - C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini [04/03/2016 12:20:21] - |D| - [170] - C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [10/07/2016 02:33:27] - |D| - [7734] - C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner [04/03/2016 12:22:55] - |A| - [2414] - C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk [04/03/2016 12:20:39] - |RD| - [174] - C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [04/03/2016 12:20:21] - |RD| - [5318] - C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools [04/03/2016 12:20:21] - |RSD| - [7238] - C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell [03/05/2016 10:52:36] - |D| - [3007] - C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [04/03/2016 12:20:39] - |ASH| - [174] - C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | [Public] ---------- | C:\ProgramData [05/03/2016 12:02:40] - |SHD| - [52910070798] - C:\ProgramData\Application Data [04/03/2016 13:30:48] - |D| - [198850393] - C:\ProgramData\ASUS [24/08/2017 01:08:57] - |D| - [2179735] - C:\ProgramData\AVAST Software [03/05/2016 18:58:56] - |D| - [12500566] - C:\ProgramData\Battle.net [03/05/2016 19:01:18] - |D| - [439369] - C:\ProgramData\Blizzard Entertainment [05/03/2016 12:02:40] - |SHD| - [10874] - C:\ProgramData\Bureau [30/10/2015 09:24:24] - |D| - [0] - C:\ProgramData\Comms [03/05/2016 13:20:04] - |D| - [3136] - C:\ProgramData\DAEMON Tools Lite [05/03/2016 12:02:40] - |SHD| - [278] - C:\ProgramData\Documents [28/08/2017 15:43:09] - |D| - [14790] - C:\ProgramData\F-Secure [03/06/2016 23:22:10] - |D| - [255] - C:\ProgramData\LogiShrd [05/03/2016 12:02:40] - |SHD| - [87417] - C:\ProgramData\Menu Démarrer [30/10/2015 09:24:24] - |SD| - [898133748] - C:\ProgramData\Microsoft [04/03/2016 12:22:34] - |D| - [0] - C:\ProgramData\Microsoft OneDrive [05/03/2016 12:02:40] - |SHD| - [0] - C:\ProgramData\Modèles [04/03/2016 12:27:35] - |D| - [2997126] - C:\ProgramData\NVIDIA [04/03/2016 12:27:15] - |D| - [4022162283] - C:\ProgramData\NVIDIA Corporation [04/03/2016 12:33:42] - |D| - [31480983] - C:\ProgramData\Package Cache [30/10/2015 09:24:24] - |D| - [1000] - C:\ProgramData\regid.1991-06.com.microsoft [30/10/2015 09:24:24] - |D| - [0] - C:\ProgramData\SoftwareDistribution [30/10/2015 09:24:24] - |D| - [4142] - C:\ProgramData\USOPrivate [05/03/2016 12:03:55] - |D| - [2719744] - C:\ProgramData\USOShared ---------- | C:\ProgramData\Microsoft\Windows\Start Menu [30/10/2015 09:24:28] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini [05/03/2016 12:02:40] - |SHD| - [86576] - C:\ProgramData\Microsoft\Windows\Start Menu\Programmes [30/10/2015 09:24:24] - |D| - [86576] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs [15/04/2016 23:36:14] - |A| - [667] - C:\ProgramData\Microsoft\Windows\Start Menu\µTorrent.lnk ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs [30/10/2015 09:24:24] - |RD| - [1614] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility [30/10/2015 09:24:24] - |RD| - [14324] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories [30/03/2016 12:22:24] - |D| - [9662] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis [30/10/2015 09:24:24] - |RD| - [20488] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [28/08/2017 14:34:56] - |A| - [734] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Assistant Mise à niveau de Windows 10.lnk [03/05/2016 19:01:12] - |D| - [1172] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net [19/07/2016 18:47:41] - |D| - [2045] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core Temp [30/10/2015 09:24:28] - |ASH| - [1010] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini [30/10/2015 09:18:13] - |RAS| - [853] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desktop.lnk [30/10/2015 09:19:28] - |RAS| - [2197] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Devices Flow.lnk [08/03/2016 14:43:53] - |A| - [2273] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk [30/10/2015 09:19:28] - |RAS| - [2349] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk [13/09/2016 11:13:48] - |D| - [991] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech [30/10/2015 09:24:24] - |D| - [170] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance [30/10/2015 09:17:57] - |RAS| - [2219] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiracastView.lnk [04/03/2016 20:44:42] - |D| - [1101] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble [04/03/2016 12:27:55] - |D| - [6662] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [13/07/2016 18:58:39] - |D| - [1193] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Overwatch Test [30/10/2015 09:19:28] - |RAS| - [2199] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintDialog.lnk [30/10/2015 09:18:07] - |RAS| - [1588] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk [30/10/2015 09:24:24] - |RD| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp [25/08/2016 19:44:31] - |D| - [1115] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [30/10/2015 09:24:24] - |RD| - [4033] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools [07/06/2017 15:05:00] - |D| - [2149] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client [03/05/2016 10:52:36] - |D| - [3007] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [03/05/2016 19:06:54] - |D| - [1254] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [30/10/2015 09:24:28] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | C:\Program Files (x86) [04/03/2016 13:22:56] - |AD| - [2652213] - C:\Program Files (x86)\ASM104xUSB3 [04/03/2016 13:17:22] - |D| - [8611355] - C:\Program Files (x86)\ASUS [03/05/2016 18:59:27] - |AD| - [359678326] - C:\Program Files (x86)\Battle.net [04/03/2016 13:44:09] - |AD| - [36950180] - C:\Program Files (x86)\Black Desert Online [30/10/2015 08:28:30] - |D| - [28548106] - C:\Program Files (x86)\Common Files [30/10/2015 09:24:28] - |ASH| - [174] - C:\Program Files (x86)\desktop.ini [08/03/2016 14:43:05] - |D| - [589126298] - C:\Program Files (x86)\Google [04/03/2016 13:19:30] - |HD| - [10044732] - C:\Program Files (x86)\InstallShield Installation Information [30/10/2015 09:24:24] - |D| - [2155967] - C:\Program Files (x86)\Internet Explorer [30/10/2015 09:24:24] - |D| - [23935] - C:\Program Files (x86)\Microsoft.NET [28/08/2016 23:08:35] - |D| - [25757] - C:\Program Files (x86)\MSBuild [10/07/2016 02:33:15] - |D| - [42176617] - C:\Program Files (x86)\MSI Afterburner [04/03/2016 20:44:25] - |AD| - [35477590] - C:\Program Files (x86)\Mumble [04/03/2016 12:27:11] - |D| - [423541137] - C:\Program Files (x86)\NVIDIA Corporation [21/05/2016 17:20:58] - |AD| - [11661615117] - C:\Program Files (x86)\Overwatch [13/07/2016 17:07:06] - |AD| - [13845101499] - C:\Program Files (x86)\Overwatch Test [04/03/2016 13:19:32] - |D| - [21424697] - C:\Program Files (x86)\Realtek [28/08/2016 23:08:35] - |D| - [38454529] - C:\Program Files (x86)\Reference Assemblies [25/08/2016 19:44:30] - |D| - [540113205] - C:\Program Files (x86)\Steam [07/06/2017 15:04:58] - |AD| - [60498949] - C:\Program Files (x86)\TeamSpeak 3 Client [04/03/2016 13:19:30] - |HD| - [0] - C:\Program Files (x86)\Temp [09/03/2017 20:27:06] - |D| - [833354] - C:\Program Files (x86)\VulkanRT [30/10/2015 09:24:24] - |D| - [1465344] - C:\Program Files (x86)\Windows Defender [30/10/2015 09:24:24] - |D| - [5961728] - C:\Program Files (x86)\Windows Mail [30/10/2015 09:24:24] - |D| - [3342927] - C:\Program Files (x86)\Windows Media Player [30/10/2015 09:24:24] - |D| - [220064] - C:\Program Files (x86)\Windows Multimedia Platform [30/10/2015 09:24:24] - |D| - [7575610] - C:\Program Files (x86)\Windows NT [30/10/2015 09:24:24] - |D| - [5484224] - C:\Program Files (x86)\Windows Photo Viewer [30/10/2015 09:24:24] - |D| - [220064] - C:\Program Files (x86)\Windows Portable Devices [30/10/2015 09:24:24] - |SHD| - [0] - C:\Program Files (x86)\Windows Sidebar [30/10/2015 09:24:24] - |SD| - [2685232] - C:\Program Files (x86)\WindowsPowerShell [03/05/2016 19:02:08] - |AD| - [47425034460] - C:\Program Files (x86)\World of Warcraft ---------- | C:\Program Files [04/03/2016 13:33:19] - |D| - [458578] - C:\Program Files\ASUS [04/03/2016 13:21:49] - |D| - [13510471] - C:\Program Files\ASUSTeKcomputer.Inc [30/10/2015 08:28:30] - |D| - [47544589] - C:\Program Files\Common Files [19/07/2016 18:47:41] - |AD| - [3550229] - C:\Program Files\Core Temp [30/03/2016 17:56:40] - |D| - [155039959] - C:\Program Files\Crucial [30/10/2015 09:24:28] - |ASH| - [174] - C:\Program Files\desktop.ini [05/03/2016 12:02:40] - |SHD| - [47544589] - C:\Program Files\Fichiers communs [04/03/2016 13:19:05] - |D| - [15577220] - C:\Program Files\Intel [30/10/2015 09:24:24] - |D| - [2777258] - C:\Program Files\Internet Explorer [03/06/2016 23:17:55] - |D| - [246811054] - C:\Program Files\Logitech Gaming Software [28/08/2016 23:08:35] - |D| - [25757] - C:\Program Files\MSBuild [04/03/2016 12:27:11] - |D| - [4817467129] - C:\Program Files\NVIDIA Corporation [04/03/2016 13:21:42] - |D| - [16448368] - C:\Program Files\Realtek [28/08/2016 23:08:35] - |D| - [36854953] - C:\Program Files\Reference Assemblies [21/07/2017 17:10:17] - |AD| - [2516281] - C:\Program Files\rempl [05/03/2016 12:03:53] - |HD| - [0] - C:\Program Files\Uninstall Information [01/06/2017 15:28:15] - |AD| - [11985503] - C:\Program Files\UNP [30/10/2015 09:24:24] - |D| - [11401178] - C:\Program Files\Windows Defender [30/10/2015 09:24:24] - |D| - [6322176] - C:\Program Files\Windows Mail [30/10/2015 09:24:24] - |D| - [5394547] - C:\Program Files\Windows Media Player [30/10/2015 09:24:24] - |D| - [258280] - C:\Program Files\Windows Multimedia Platform [30/10/2015 09:24:24] - |D| - [7862330] - C:\Program Files\Windows NT [30/10/2015 09:24:24] - |D| - [6381248] - C:\Program Files\Windows Photo Viewer [30/10/2015 09:24:24] - |D| - [258280] - C:\Program Files\Windows Portable Devices [30/10/2015 09:24:24] - |SHD| - [0] - C:\Program Files\Windows Sidebar [30/10/2015 09:24:24] - |HD| - [1415922315] - C:\Program Files\WindowsApps [30/10/2015 09:24:24] - |SD| - [2856133] - C:\Program Files\WindowsPowerShell ---------- | C:\Program Files (x86)\Common Files [30/10/2015 09:24:24] - |D| - [15381425] - C:\Program Files (x86)\Common Files\Microsoft Shared [30/10/2015 09:24:24] - |D| - [2702] - C:\Program Files (x86)\Common Files\Services [25/08/2016 19:44:31] - |D| - [3487296] - C:\Program Files (x86)\Common Files\Steam [30/10/2015 09:24:24] - |D| - [9676683] - C:\Program Files (x86)\Common Files\System ---------- | C:\Program Files\Common files [30/10/2015 09:24:24] - |D| - [37036276] - C:\Program Files\Common files\microsoft shared [30/10/2015 09:24:24] - |D| - [2702] - C:\Program Files\Common files\Services [30/10/2015 09:24:24] - |D| - [10505611] - C:\Program Files\Common files\System ---------- | Tasks [MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [05/03/2016 12:02:43] - |AH| - [6] - C:\Windows\Tasks\SA.DAT [MD5.EBFFE722DD00EB3D8F7FCBCF26E83EB2] - [08/03/2016 14:43:07] - |A| - [3462] - C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [MD5.541C84FCC29CD83BB3868812A3E66841] - [08/03/2016 14:43:07] - |A| - [3586] - C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [MD5.00000000000000000000000000000000] - [30/10/2015 09:24:25] - |D| - [458076] - C:\Windows\System32\Tasks\Microsoft [MD5.1E0C79FEA539E7E2D6FCAD5CAF59860A] - [10/02/2017 18:40:16] - |A| - [4308] - C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [MD5.98EC65B4186006BA30A9F638C8414338] - [15/09/2016 17:10:03] - |A| - [3994] - C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [MD5.05C1FC87E37C942FAC0FBB93F4978ECB] - [15/09/2016 17:10:00] - |A| - [3894] - C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [MD5.4C1943F7A098FE04B84E9B3BDC3715BF] - [15/09/2016 17:10:00] - |A| - [3654] - C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [MD5.2D62DE7DD46269BF68D84A2724403FB5] - [15/09/2016 17:10:00] - |A| - [3858] - C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [MD5.ADAD3DC73227BFB5497EF5B02F8FED89] - [22/09/2016 00:22:34] - |A| - [3696] - C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [MD5.A5A5F70A0B84781550FFB03E295E3FD4] - [15/09/2016 17:10:00] - |A| - [3866] - C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [MD5.DDE4F460541072920537577704BF5D5C] - [13/07/2017 23:42:24] - |A| - [3378] - C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3509389351-3950065392-2608423712-1001 : %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe [MD5.00000000000000000000000000000000] - [30/10/2015 09:24:25] - |D| - [0] - C:\Windows\Syswow64\Tasks\Microsoft ---------- | Firewall [HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules] "Wininit-Shutdown-In-Rule-TCP-RPC"=v2.25|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%systemroot%\system32\wininit.exe|Name=@firewallapi.dll,-36753|Desc=@firewallapi.dll,-36754|EmbedCtxt=@firewallapi.dll,-36751| "Wininit-Shutdown-In-Rule-TCP-RPC-EPMapper"=v2.25|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC-EPMap|App=%systemroot%\system32\wininit.exe|Name=@firewallapi.dll,-36755|Desc=@firewallapi.dll,-36756|EmbedCtxt=@firewallapi.dll,-36751| "DeliveryOptimization-TCP-In"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-102|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE| "DeliveryOptimization-UDP-In"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-103|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE| "Netlogon-NamedPipe-In"=v2.25|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|Name=@netlogon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010| "Netlogon-TCP-RPC-In"=v2.25|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%SystemRoot%\System32\lsass.exe|Name=@netlogon.dll,-1008|Desc=@netlogon.dll,-1009|EmbedCtxt=@netlogon.dll,-1010| "WirelessDisplay-In-TCP"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10200|Desc=@wifidisplay.dll,-10201|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Out-TCP"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10202|Desc=@wifidisplay.dll,-10203|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Out-UDP"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10204|Desc=@wifidisplay.dll,-10205|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "MDNS-In-UDP"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort2_24=mDNS|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@%SystemRoot%\system32\firewallapi.dll,-37303|Desc=@%SystemRoot%\system32\firewallapi.dll,-37304|EmbedCtxt=@%SystemRoot%\system32\firewallapi.dll,-37302| "MDNS-Out-UDP"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|LPort=5353|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@%SystemRoot%\system32\firewallapi.dll,-37305|Desc=@%SystemRoot%\system32\firewallapi.dll,-37306|EmbedCtxt=@%SystemRoot%\system32\firewallapi.dll,-37302| "{35C2456D-3B8A-47F2-AE00-CFB09794EB9E}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe|Name=ASUS Push Notify Server TCP|Desc=|Edge=TRUE| "{10ADAFCE-FDBA-446B-8634-9E279E7DCC0A}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe|Name=ASUS Push Notify Server UDP|Desc=|Edge=TRUE| "{256C3A92-59A5-4C1F-B80B-763160F826B8}"=v2.25|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\David\Downloads\bin\BlackDesert32.exe|Name=Black Desert Test(32bit)| "{1897D6AE-2E8B-4E0B-86E9-905B5A86B980}"=v2.25|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\David\Downloads\bin64\BlackDesert64.exe|Name=Black Desert Test(64bit)| "{872E46C3-9CA3-4E45-8390-15C77EE64681}"=v2.25|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\David\Downloads\BlackDesert_Launcher.exe|Name=Black Desert Launcher| "{DBC96EAA-0CDA-49EF-9882-91A5C1064CE8}"=v2.25|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\David\Downloads\BlackDesert_Downloader.exe|Name=Black Desert Downloader| "{1465B180-CA6D-43CB-9F87-013FB5F9216E}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe|Name=Acronis Sync Agent Service| "{DC4A679F-9B10-4C26-8168-2E7A80C0B138}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|App=C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe|Name=Acronis Sync Agent Service| "{09804E5A-C2B3-40B5-9975-F15246BF6D0F}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe|Name=Acronis Sync Agent Service| "{80E69818-75A7-457E-8F98-A4A2EC5F8341}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe|Name=Acronis Sync Agent Service| "{4D88B612-1838-40C2-9501-BCE700C3E0D8}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe|Name=Acronis Sync Agent Service| "{F07B84B9-F510-4EAA-821A-02DEC5EAD29E}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe|Name=Acronis Sync Agent Service| "TCP Query User{D31506E8-BFC2-4D07-AC27-2CBAC4A9DC86}C:\program files\crucial\crucial storage executive\java\bin\javaw.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files\crucial\crucial storage executive\java\bin\javaw.exe|Name=Java(TM) Platform SE binary|Desc=Java(TM) Platform SE binary|Defer=User| "UDP Query User{A2FA83B6-ABD6-43BF-81FE-4C88F9AAD4AA}C:\program files\crucial\crucial storage executive\java\bin\javaw.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files\crucial\crucial storage executive\java\bin\javaw.exe|Name=Java(TM) Platform SE binary|Desc=Java(TM) Platform SE binary|Defer=User| "{3D58669E-D169-44EB-B2D8-4AEBE2F79F7D}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=E:\Programmes\utorrent\uTorrent.exe|Name=µTorrent (TCP-In)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE| "{0D9CC8FC-704C-4443-AB3B-3846758DDC65}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=E:\Programmes\utorrent\uTorrent.exe|Name=µTorrent (UDP-In)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE| "TCP Query User{32D7AAEA-94E4-453B-A3A6-4C2F470D67A8}C:\program files (x86)\overwatch\overwatch.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files (x86)\overwatch\overwatch.exe|Name=Overwatch Application|Desc=Overwatch Application|Defer=User| "UDP Query User{A6315589-CAAE-4DCF-A347-9F6F990DC613}C:\program files (x86)\overwatch\overwatch.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files (x86)\overwatch\overwatch.exe|Name=Overwatch Application|Desc=Overwatch Application|Defer=User| "TCP Query User{1CADF621-B0AF-4AD9-9094-4B6BDA86280C}C:\program files\logitech gaming software\lcore.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files\logitech gaming software\lcore.exe|Name=Logitech Gaming Framework|Desc=Logitech Gaming Framework|Defer=User| "UDP Query User{5F141F1E-B989-4C70-85F3-D8883F8732D3}C:\program files\logitech gaming software\lcore.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files\logitech gaming software\lcore.exe|Name=Logitech Gaming Framework|Desc=Logitech Gaming Framework|Defer=User| "TCP Query User{4D8E8657-BFFB-4473-B26B-5393EBC62F9B}C:\program files (x86)\overwatch test\overwatch.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files (x86)\overwatch test\overwatch.exe|Name=Overwatch Application|Desc=Overwatch Application|Defer=User| "UDP Query User{523C8668-FC34-4F11-B3D9-19C08C56B38F}C:\program files (x86)\overwatch test\overwatch.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files (x86)\overwatch test\overwatch.exe|Name=Overwatch Application|Desc=Overwatch Application|Defer=User| "{A49A59A4-F88F-40B4-92C6-C67555033DC8}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=47984|LPort=47989|LPort=48010|App=C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe|Name=SHIELD Streaming NSS TCP Exception|Desc=TCP exceptions for SHIELD Streaming NSS (HTTP)| "{C969ED07-338F-4205-83E2-A496376CC1F4}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe|Name=SHIELD Streaming SSAS UDP Exception|Desc=UDP exceptions for SHIELD Streaming SSAS (mDNS)| "{199DD5D0-A77B-48FD-8B24-2A14B2C827E4}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=47998|App=C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe|Name=SHIELD Streaming SSAU UDP Exception|Desc=UDP exceptions for SHIELD Streaming SSAU (NWT)| "{4B64A053-B6F5-4FB8-8392-E8D13AB06BE6}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=35043|LPort=47995|LPort=48010|App=C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe|Name=SHIELD Streaming NvStreamer TCP Exception|Desc=TCP exceptions for SHIELD Streaming NvStreamer (RTSP/RI)| "{E363BBF1-4259-4959-A6BD-F33E0A46017B}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=47995|LPort=47998|LPort=47999|LPort=48000|LPort=48010|App=C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe|Name=SHIELD Streaming NvStreamer UDP Exception|Desc=UDP exceptions for SHIELD Streaming NvStreamer (RTSP/RI/A/V)| "{CAFC3035-9980-4C9C-92C2-BC896183C363}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Twitter|Desc=Twitter|LUOwn=S-1-5-21-3509389351-3950065392-2608423712-1001|AppPkgId=S-1-15-2-1063257880-1914585122-1954150059-946145533-116938067-416079064-1690466945|EmbedCtxt=Twitter|Platform=2:6:2|Platform2=GTEQ| "{070B5D52-0042-4CB9-B37F-2F9C0EBF9578}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-3509389351-3950065392-2608423712-1001|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ| "{D13E4690-9FCD-4B15-BCB5-7992568C428D}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-3509389351-3950065392-2608423712-1001|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ| "{6512286B-7CF5-48E9-8B7A-5910CA6E75A8}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox|Desc=Xbox|LUOwn=S-1-5-21-3509389351-3950065392-2608423712-1001|AppPkgId=S-1-15-2-4153522205-3718366397-1353898457-1332184198-1210887116-3116787857-2103916698|EmbedCtxt=Xbox|Platform=2:6:2|Platform2=GTEQ| "{CEF9B435-007A-440F-9548-9FFB8107F0C3}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox|Desc=Xbox|LUOwn=S-1-5-21-3509389351-3950065392-2608423712-1001|AppPkgId=S-1-15-2-4153522205-3718366397-1353898457-1332184198-1210887116-3116787857-2103916698|EmbedCtxt=Xbox|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{0AE66A6F-6310-4A1A-B677-5681E2FE7396}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Sway|Desc=Microsoft Sway|LUOwn=S-1-5-21-3509389351-3950065392-2608423712-1001|AppPkgId=S-1-15-2-584073948-3292409011-2882754242-2237763630-1999038865-1049037702-4080706152|EmbedCtxt=Sway|Platform=2:6:2|Platform2=GTEQ| "{DFDDBE63-FF82-4DF6-86B9-E21CD72AFFFC}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Sway|Desc=Microsoft Sway|LUOwn=S-1-5-21-3509389351-3950065392-2608423712-1001|AppPkgId=S-1-15-2-584073948-3292409011-2882754242-2237763630-1999038865-1049037702-4080706152|EmbedCtxt=Sway|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{FD822FDD-0377-4CA5-B70D-9DD3557AF2A6}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-3509389351-3950065392-2608423712-1001|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ| "{0E5A6DA0-376A-4E44-B658-34DC896A8CB2}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-3509389351-3950065392-2608423712-1001|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ| "{382DEC90-67E2-4E17-8CE2-4913FE20B1C6}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files (x86)\Google\Chrome\Application\chrome.exe|Name=Google Chrome (mDNS-In)|Desc=Règle de trafic entrant pour Google Chrome autorisant le trafic mDNS|EmbedCtxt=Google Chrome| ---------- | Control\Class [HKLM\SYSTEM\CurrentControlSet\Control\Class\{05f5cfe2-4733-4950-a6bb-07aad01a3a84}] : (XboxComposite) [] -> @dc1-controller.inf,%ClassName%;Xbox Peripherals [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1264760F-A5C8-4BFE-B314-D56A7B44A362}] : (DXGKrnl) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{13e42dfa-85d9-424d-8646-28a70f864f9c}] : (RemotePosDevice) [] -> @remoteposdrv.inf,%ClassName%;POS Remote Device [HKLM\SYSTEM\CurrentControlSet\Control\Class\{14b62f50-3f15-11dd-ae16-0800200c9a66}] : (DigitalMediaDevices) [] -> @digitalmediadevice.inf,%ClassName%;Digital Media Devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}] : (PrintQueue) [] -> @printqueue.inf,%ClassName%;Print queues [HKLM\SYSTEM\CurrentControlSet\Control\Class\{25dbce51-6c8f-4a72-8a6d-b54c2b4fc835}] : (WCEUSBS) [] -> @%SystemRoot%\System32\SysClass.Dll,-3026 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{268c95a1-edfe-11d3-95c3-0010dc4050a5}] : (Security Accelerator) [] -> @c_sslaccel.inf,%ClassName%;Security Accelerator [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2a9fe532-0cdc-44f9-9827-76192f2ca2fb}] : (HidMsr) [] -> @c_magneticstripereader.inf,%ClassName%;POS HID Magnetic Stripe Reader [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2CCDF946-BC55-4FB2-B10C-199A5F362541}] : (LGSHidFilt) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B648}] : (fvevol) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B649}] : (fvevol) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{36fc9e60-c465-11cf-8056-444553540000}] : (USB) [] -> @%SystemRoot%\System32\SysClass.Dll,-3025 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{41966169-3FD7-4392-AFE4-E6A9D0A92C72}] : (ASUSFILTER) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{43675d81-502a-4a82-9f84-b75f418c5dea}] : (Media Center Extender) [] -> @%SystemRoot%\system32\McxDriv.dll,-100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4658ee7e-f050-11d1-b6bd-00c04fa372a7}] : (PnpPrinters) [] -> @%SystemRoot%\system32\ntprint.dll,-1300 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{48721b56-6795-11d2-b1a8-0080c72e74a2}] : (Dot4) [] -> @%SystemRoot%\system32\sysclass.dll,-3023 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{49ce6ac8-6f86-11d2-b1e5-0080c72e74a2}] : (Dot4Print) [] -> @%SystemRoot%\system32\sysclass.dll,-3024 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e965-e325-11ce-bfc1-08002be10318}] : (CDROM) [] -> @%SystemRoot%\System32\StorProp.dll,-17001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e966-e325-11ce-bfc1-08002be10318}] : (Computer) [] -> @%SystemRoot%\System32\SysClass.dll,-3000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}] : (DiskDrive) [] -> @%SystemRoot%\System32\StorProp.dll,-17000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}] : (Display) [] -> @%SystemRoot%\System32\DispCI.dll,-3100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e969-e325-11ce-bfc1-08002be10318}] : (fdc) [] -> @%SystemRoot%\System32\SysClass.Dll,-3013 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96a-e325-11ce-bfc1-08002be10318}] : (hdc) [] -> @%SystemRoot%\System32\SysClass.Dll,-3001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96b-e325-11ce-bfc1-08002be10318}] : (Keyboard) [] -> @%SystemRoot%\System32\SysClass.Dll,-3002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96c-e325-11ce-bfc1-08002be10318}] : (MEDIA) [] -> @%SystemRoot%\System32\mmci.dll,-3000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}] : (Modem) [] -> @%SystemRoot%\System32\mdminst.dll,-14100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96e-e325-11ce-bfc1-08002be10318}] : (Monitor) [] -> @c_monitor.inf,%ClassDesc%;Monitors [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96f-e325-11ce-bfc1-08002be10318}] : (Mouse) [] -> @%SystemRoot%\System32\SysClass.Dll,-3004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e970-e325-11ce-bfc1-08002be10318}] : (MTD) [] -> @%SystemRoot%\System32\SysClass.Dll,-3021 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e971-e325-11ce-bfc1-08002be10318}] : (MultiFunction) [] -> @%SystemRoot%\System32\SysClass.Dll,-3014 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}] : (Net) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1502 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e973-e325-11ce-bfc1-08002be10318}] : (NetClient) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1504 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e974-e325-11ce-bfc1-08002be10318}] : (NetService) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1505 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e975-e325-11ce-bfc1-08002be10318}] : (NetTrans) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1503 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e977-e325-11ce-bfc1-08002be10318}] : (PCMCIA) [] -> @%SystemRoot%\System32\SysClass.Dll,-3010 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e978-e325-11ce-bfc1-08002be10318}] : (Ports) [] -> @%SystemRoot%\System32\msports.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e979-e325-11ce-bfc1-08002be10318}] : (Printer) [] -> @%SystemRoot%\system32\ntprint.dll,-1004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97b-e325-11ce-bfc1-08002be10318}] : (SCSIAdapter) [] -> @%SystemRoot%\System32\SysClass.Dll,-3005 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97d-e325-11ce-bfc1-08002be10318}] : (System) [] -> @%SystemRoot%\System32\SysClass.Dll,-3008 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97e-e325-11ce-bfc1-08002be10318}] : (Unknown) [] -> @%SystemRoot%\System32\SysClass.Dll,-3009 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e980-e325-11ce-bfc1-08002be10318}] : (FloppyDisk) [] -> @%SystemRoot%\System32\SysClass.Dll,-3015 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50127dc3-0f36-415e-a6cc-4cb3be910b65}] : (Processor) [] -> @c_processor.inf,%ClassDesc%;Processors [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50906cb8-ba12-11d1-bf5d-0000f805f530}] : (MultiPortSerial) [] -> @%SystemRoot%\system32\sysclass.dll,-3022 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5099944a-f6b9-4057-a056-8c550228544c}] : (Memory) [] -> @%SystemRoot%\System32\SysClass.Dll,-3018 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50dd5230-ba8a-11d1-bf5d-0000f805f530}] : (SmartCardReader) [] -> @%SystemRoot%\System32\StorProp.dll,-17002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5175d334-c371-4806-b3ba-71fd53c9258d}] : (Sensor) [] -> @%SystemRoot%\system32\SensorsCpl.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{533c5b84-ec70-11d2-9505-00c04f79deaf}] : (VolumeSnapshot) [] -> @%SystemRoot%\System32\SysClass.Dll,-3011 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53d29ef7-377c-4d14-864b-eb3a85769359}] : (Biometric) [] -> @%SystemRoot%\System32\SysClass.DLL,-3028 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5630831c-06c9-4856-b327-f5d32586e060}] : (Proximity) [] -> @c_proximity.inf,%ClassDesc%;Proximity devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{62f9c741-b25a-46ce-b54c-9bccce08b6f2}] : (SoftwareDevice) [] -> @c_swdevice.inf,%ClassDesc%;Software devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc1-810f-11d0-bec7-08002be2092f}] : (1394) [] -> @%SystemRoot%\System32\SysClass.Dll,-3016 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc5-810f-11d0-bec7-08002be2092f}] : (Infrared) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1501 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc6-810f-11d0-bec7-08002be2092f}] : (Image) [] -> @%SystemRoot%\system32\sti_ci.dll,-52 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6d807884-7d21-11cf-801c-08002be10318}] : (TapeDrive) [] -> @%SystemRoot%\System32\SysClass.Dll,-3006 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6FAE73B7-B735-4B50-A0DA-0DC2484B1F1A}] : (BasicDisplay) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{71a27cdd-812a-11d0-bec7-08002be2092f}] : (Volume) [] -> @%SystemRoot%\System32\SysClass.Dll,-3007 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{72631e54-78a4-11d0-bcf7-00aa00b7b32a}] : (Battery) [] -> @%SystemRoot%\system32\powrprof.dll,-611 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{745a17a0-74d3-11d0-b6fe-00a0c90f57da}] : (HIDClass) [] -> @%SystemRoot%\System32\hid.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{772e18f2-8925-4229-a5ac-6453cb482fda}] : (HidCashDrawer) [] -> @c_cashdrawer.inf,%ClassName%;POS Cash Drawer [HKLM\SYSTEM\CurrentControlSet\Control\Class\{7ebefbc0-3200-11d2-b4c2-00a0c9697d07}] : (61883) [] -> @%SystemRoot%\System32\SysClass.Dll,-3019 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{81C87465-DE07-4EFC-9D93-61E891D52FD2}] : (RdpVideoMiniport) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{88a1c342-4539-11d3-b88d-00c04fad5171}] : (TS_Generic) [] -> @ts_generic.inf,%TSClassName%;Generic Remote Desktop devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{88bae032-5a81-49f0-bc3d-a4ff138216d6}] : (USBDevice) [] -> @%SystemRoot%\System32\SysClass.Dll,-3029 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8ecc055d-047f-11d1-a537-0000f8753ed1}] : (LegacyDriver) [] -> @%SystemRoot%\System32\SysClass.Dll,-3003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{990a2bd7-e738-46c7-b26f-1cf8fb9f1391}] : (SmartCard) [] -> @%SystemRoot%\System32\SysClass.DLL,-3031 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{9d6d66a6-0b0c-4563-9077-a0e9a7955ae4}] : (Ramdisk) [] -> @ramdisk.inf,%ClassName%;RAM Disk drives [HKLM\SYSTEM\CurrentControlSet\Control\Class\{9da2b80f-f89f-4a49-a5c2-511b085b9e8a}] : (EhStorSilo) [] -> @rawsilo.inf,%ClassName%;IEEE 1667 silo and control devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a588a4-c46f-4b37-b7ea-c82fe89870c6}] : (SDHost) [] -> @%SystemRoot%\System32\SysClass.Dll,-3012 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{A3E32DBA-BA89-4F17-8386-2D0127FBD4CC}] : (rdpbus) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{A73C93F1-9727-4D1D-ACE1-0E333BA4E7DB}] : (nvlddmkm) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b91b7968-6435-4966-8928-79bf082e3e30}] : (Logitech LCDs) [] -> @oem33.inf,%LGLCD%;Logitech LCDs [HKLM\SYSTEM\CurrentControlSet\Control\Class\{bbbe8734-08fa-4966-b6a6-4e5ad010cdd7}] : (USBFunctionController) [] -> @%SystemRoot%\System32\SysClass.Dll,-3030 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c06ff265-ae09-48f0-812c-16753d7cba83}] : (AVC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3027 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c166523c-fe0c-4a94-a586-f1a80cfbbf3e}] : (AudioEndpoint) [] -> @audioendpoint.inf,%ClassName%;Audio inputs and outputs [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c243ffbd-3afc-45e9-b3d3-2ba18bc7ebc5}] : (BarcodeScanner) [] -> @c_barcodescanner.inf,%ClassName%;POS Barcode Scanner [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c30ecea0-11ef-4ef9-b02e-6af81e6e65c0}] : (WSDPrintDevice) [] -> @wsdprint.inf,%ClassName%;WSD Print Provider [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c7bc9b22-21f0-4f0d-9bb6-66c229b8cd33}] : (POSPrinter) [] -> @c_receiptprinter.inf,%ClassName%;POS Receipt Printer [HKLM\SYSTEM\CurrentControlSet\Control\Class\{ce5939ae-ebde-11d0-b181-0000f8753ec4}] : (MediumChanger) [] -> @%SystemRoot%\System32\StorProp.dll,-17003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d421b08e-6d16-41ca-9c4d-9147e5ac98e0}] : (Miracast) [] -> @miradisp.inf,%ClassName%;Miracast display devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d48179be-ec20-11d1-b6b8-00c04fa372a7}] : (SBP2) [] -> @%SystemRoot%\System32\SysClass.Dll,-3017 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d61ca365-5af4-4486-998b-9db4734c6ca3}] : (XnaComposite) [] -> @xusb22.inf,%XUSB22.ClassName%;Xbox 360 Peripherals [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d94ee5d8-d189-4994-83d2-f68d7d41b0e6}] : (SecurityDevices) [] -> @%SystemRoot%\System32\SysClass.Dll,-3020 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{db4f6ddd-9c0e-45e4-9597-78dbbad0f412}] : (SmartCardFilter) [] -> @%SystemRoot%\System32\SysClass.DLL,-3032 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e0cbf06c-cd8b-4647-bb8a-263b43f0f974}] : (Bluetooth) [] -> @%SystemRoot%\system32\bthci.dll,-4001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e24e7a3c-87cd-4ac9-b426-eec8521b7710}] : (LGWinUSB) [] -> @oem39.inf,%DEVICEMANAGERCATEGORY%;Logitech USB Gaming Devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e2f84ce7-8efa-411c-aa69-97454ca4cb57}] : (Extension) [] -> @c_extension.inf,%ClassDesc%;Extensions [HKLM\SYSTEM\CurrentControlSet\Control\Class\{eec5ad98-8080-425f-922a-dabf3de3f69a}] : (WPD) [] -> @%SystemRoot%\System32\wpd_ci.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f2e7dd72-6468-4e36-b6f1-6488f42c1b52}] : (Firmware) [] -> @c_firmware.inf,%ClassDesc%;Firmware [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5] -> elstrans.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) ---------- | Loaded modules (whitelist) [04/03/2016 13:31:32] - (0.0.0.0) - ( -) - C:\Windows\SysWow64\drivers\AsUpIO.sys [04/03/2016 13:17:22] - (0.0.0.0) - ( -) - C:\Windows\SysWow64\drivers\AsIO.sys [19/07/2016 19:43:13] - (21.21.13.7878) - (NVIDIA Corporation - NVIDIA Windows Kernel Mode Driver, Version 378.78) - C:\Windows\system32\DRIVERS\nvlddmkm.sys [05/06/2015 15:13:28] - (1.16.26.1) - (ASMedia Technology Inc - ASMEDIA XHCI Host Controller Driver) - C:\Windows\System32\drivers\asmtxhci.sys [30/10/2015 09:17:18] - (3.0.2.181) - (Qualcomm Atheros Communications, Inc. - Qualcomm Atheros Extensible Wireless LAN device driver) - C:\Windows\System32\drivers\athwnx.sys [15/09/2016 17:09:58] - (3.51.2.0) - (NVIDIA Corporation - NVIDIA Virtual Audio Driver) - C:\Windows\system32\drivers\nvvad64v.sys [10/02/2017 18:40:06] - (202.0.0.0) - (NVIDIA Corporation - Virtual USB Host Controller driver) - C:\Windows\System32\drivers\nvvhci.sys [10/11/2015 04:14:30] - (1.3.34.23) - (NVIDIA Corporation - NVIDIA HDMI Audio Driver) - C:\Windows\system32\drivers\nvhda64v.sys [05/06/2015 15:13:28] - (1.16.26.1) - (ASMedia Technology Inc - ASMedia USB3 Hub Driver) - C:\Windows\System32\drivers\asmthub3.sys [05/09/2016 06:47:06] - (2.12.4.0) - (Samsung Electronics Co., Ltd. - SAMSUNG USB Composite Device Driver) - C:\Windows\system32\DRIVERS\ssudbus.sys [05/09/2016 06:47:12] - (2.12.4.0) - (Samsung Electronics Co., Ltd. - SAMSUNG Android Modem Device Driver) - C:\Windows\system32\DRIVERS\ssudmdm.sys ---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service S0 - [Kernel Driver] - 3ware () -> System32\drivers\3ware.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - ACPI (@acpi.inf,%ACPI.SvcDesc%;Microsoft ACPI Driver) -> System32\drivers\ACPI.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - acpiex (Microsoft ACPIEx Driver) -> System32\Drivers\acpiex.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - ADP80XX () -> System32\drivers\ADP80XX.SYS - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - agp440 (@machine.inf,%agp440_svcdesc%;Intel AGP Bus Filter) -> System32\drivers\agp440.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdsata () -> System32\drivers\amdsata.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdsbs () -> System32\drivers\amdsbs.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdxata () -> System32\drivers\amdxata.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - arcsas (@arcsas.inf,%arcsas_ServiceName%;Adaptec SAS/SATA-II RAID Storport's Miniport Driver) -> System32\drivers\arcsas.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - atapi (@mshdc.inf,%idechannel.DeviceDesc%;IDE Channel) -> System32\drivers\atapi.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - b06bdrv (@netbvbda.inf,%vbd_srv_desc%;Broadcom NetXtreme II VBD) -> System32\drivers\bxvbda.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - CLFS (@%SystemRoot%\system32\drivers\clfs.sys,-100) -> System32\drivers\CLFS.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - CNG () -> System32\Drivers\cng.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - disk (@disk.inf,%disk_ServiceDesc%;Disk Driver) -> System32\drivers\disk.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - ebdrv (@netevbda.inf,%vbd_srv_desc%;QLogic 10 Gigabit Ethernet Adapter VBD) -> System32\drivers\evbda.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - EhStorClass (@%SystemRoot%\system32\drivers\EhStorClass.sys,-100) -> System32\drivers\EhStorClass.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - EhStorTcgDrv (@ehstortcgdrv.inf,%EhStorTcgDrv.Desc%;Microsoft driver for storage devices supporting IEEE 1667 and TCG protocols) -> System32\drivers\EhStorTcgDrv.sys - AcceptPause: False - AcceptStop: False R0 - [File System Driver] - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) -> System32\drivers\fileinfo.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) -> system32\drivers\fltmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) -> System32\DRIVERS\fvevol.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - gagp30kx (@agp.inf,%gagp30kx_svcdesc%;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms) -> System32\drivers\gagp30kx.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - HpSAMD () -> System32\drivers\HpSAMD.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) -> System32\drivers\hwpolicy.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - iaStorA () -> System32\drivers\iaStorA.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - iaStorAV (@iastorav.inf,%iaStorAV.DeviceDesc%;Intel(R) SATA RAID Controller Windows) -> System32\drivers\iaStorAV.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - iaStorV (@iastorv.inf,%*PNP0600.DeviceDesc%;Intel RAID Controller Windows 7) -> System32\drivers\iaStorV.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - intelide () -> System32\drivers\intelide.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - intelpep (@intelpep.inf,%INTELPEP.SVCDESC%;Intel(R) Power Engine Plug-in Driver) -> System32\drivers\intelpep.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - isapnp () -> System32\drivers\isapnp.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - KSecDD () -> System32\Drivers\ksecdd.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - KSecPkg () -> System32\Drivers\ksecpkg.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - LSI_SAS () -> System32\drivers\lsi_sas.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SAS2i () -> System32\drivers\lsi_sas2i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SAS3i () -> System32\drivers\lsi_sas3i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SSS () -> System32\drivers\lsi_sss.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasas () -> System32\drivers\megasas.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasr () -> System32\drivers\megasr.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) -> System32\drivers\mountmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - msisadrv () -> System32\drivers\msisadrv.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - Mup (@%systemroot%\system32\drivers\mup.sys,-101) -> System32\Drivers\mup.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - mvumis () -> System32\drivers\mvumis.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) -> system32\drivers\ndis.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - nvraid () -> System32\drivers\nvraid.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - nvstor () -> System32\drivers\nvstor.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - nv_agp (@machine.inf,%agpnvidia_svcdesc%;NVIDIA nForce AGP Bus Filter) -> System32\drivers\nv_agp.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) -> System32\drivers\partmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - pci (@pci.inf,%pci_svcdesc%;Pilote de bus PCI) -> System32\drivers\pci.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - pciide () -> System32\drivers\pciide.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - pcmcia () -> System32\drivers\pcmcia.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - pcw (Performance Counters for Windows Driver) -> System32\drivers\pcw.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - pdc (@%SystemRoot%\system32\drivers\pdc.sys,-100) -> system32\drivers\pdc.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - percsas2i () -> System32\drivers\percsas2i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - percsas3i () -> System32\drivers\percsas3i.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - rdyboost (ReadyBoost) -> System32\drivers\rdyboost.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - sbp2port (@sbp2.inf,%sbp2_ServiceDesc%;SBP-2 Transport/Protocol Bus Driver) -> System32\drivers\sbp2port.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - SiSRaid2 () -> System32\drivers\SiSRaid2.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - SiSRaid4 () -> System32\drivers\sisraid4.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - spaceport (@spaceport.inf,%Spaceport_ServiceDesc%;Storage Spaces Driver) -> System32\drivers\spaceport.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - stexstor () -> System32\drivers\stexstor.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storahci (@mshdc.inf,%storahci_ServiceDescription%;Microsoft Standard SATA AHCI Driver) -> System32\drivers\storahci.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storflt (@wstorflt.inf,%service_desc%;Microsoft Hyper-V Storage Accelerator) -> System32\drivers\vmstorfl.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - stornvme (@stornvme.inf,%StorNVMe_ServiceDesc%;Microsoft Standard NVM Express Driver) -> System32\drivers\stornvme.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storufs (@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver) -> System32\drivers\storufs.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storvsc () -> System32\drivers\storvsc.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - Tcpip (@%SystemRoot%\system32\drivers\tcpip.sys,-10001) -> System32\drivers\tcpip.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - uagp35 (@agp.inf,%uagp35_svcdesc%;Microsoft AGPv3.5 Filter) -> System32\drivers\uagp35.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - uliagpkx (@machine.inf,%uliagpkx_svcdesc%;Uli AGP Bus Filter) -> System32\drivers\uliagpkx.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - vdrvroot (@vdrvroot.inf,%vdrvroot_svcdesc%;Microsoft Virtual Drive Enumerator) -> System32\drivers\vdrvroot.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - vmbus (@wvmbus.inf,%vmbus.SVCDESC%;Virtual Machine Bus) -> System32\drivers\vmbus.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - volmgr (@volmgr.inf,%volmgr_svcdesc%;Volume Manager Driver) -> System32\drivers\volmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) -> System32\drivers\volmgrx.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volsnap (@volume.inf,%VolumeClassName%;Storage volumes) -> System32\drivers\volsnap.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - vsmraid () -> System32\drivers\vsmraid.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - VSTXRAID (@vstxraid.inf,%Driver.DeviceDesc%;VIA StorX Storage RAID Controller Windows Driver) -> System32\drivers\vstxraid.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - WdBoot (@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-390) -> system32\drivers\WdBoot.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) -> system32\drivers\Wdf01000.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - WdFilter (@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-330) -> system32\drivers\WdFilter.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WFPLWFS (@%SystemRoot%\System32\drivers\wfplwfs.sys,-6000) -> System32\drivers\wfplwfs.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WindowsTrustedRT (Windows Trusted Execution Environment Class Extension) -> system32\drivers\WindowsTrustedRT.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WindowsTrustedRTProxy (@WindowsTrustedRTProxy.inf,%WindowsTrustedRTProxy.SVCDESC%;Microsoft Windows Trusted Runtime Secure Service) -> System32\drivers\WindowsTrustedRTProxy.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - Wof (Windows Overlay File System Filter Driver) -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) -> \SystemRoot\system32\drivers\afd.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - ahcache (@%systemroot%\system32\drivers\ahcache.sys,-102) -> system32\DRIVERS\ahcache.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - BasicDisplay () -> \SystemRoot\System32\drivers\BasicDisplay.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - BasicRender () -> \SystemRoot\System32\drivers\BasicRender.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Beep (Beep) -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - cdrom (@cdrom.inf,%cdrom_ServiceDesc%;CD-ROM Driver) -> \SystemRoot\System32\drivers\cdrom.sys - AcceptPause: False - AcceptStop: True S1 - [Kernel Driver] - dam (@%SystemRoot%\system32\drivers\dam.sys,-100) -> system32\drivers\dam.sys - AcceptPause: False - AcceptStop: False R1 - [File System Driver] - Dfsc (@%systemroot%\system32\wkssvc.dll,-1008) -> System32\Drivers\dfsc.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - FileCrypt (@%systemroot%\system32\drivers\filecrypt.sys,-100) -> system32\drivers\filecrypt.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - GpuEnergyDrv (@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100) -> System32\drivers\gpuenergydrv.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - Msfs () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - mssmbios (@mssmbios.inf,%mssmbios_svcdesc%;Microsoft System Management BIOS Driver) -> \SystemRoot\System32\drivers\mssmbios.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - NetBIOS (@%windir%\system32\drivers\netbios.sys,-503) -> system32\drivers\netbios.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - NetBT (@%SystemRoot%\system32\drivers\netbt.sys,-2) -> System32\DRIVERS\netbt.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - Npfs () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - npsvctrig (@npsvctrig.inf,%NPSVCTRIG.SvcDisplayName%;Named pipe service trigger provider) -> \SystemRoot\System32\drivers\npsvctrig.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) -> system32\drivers\nsiproxy.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Null () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Psched (@%windir%\System32\drivers\pacer.sys,-101) -> System32\drivers\pacer.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) -> system32\DRIVERS\rdbss.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) -> \SystemRoot\system32\DRIVERS\tdx.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - vwififlt (@%SystemRoot%\System32\drivers\vwififlt.sys,-259) -> System32\drivers\vwififlt.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - LGCoreTemp (Logitech CPU Core Tempurature) -> \??\C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - lltdio (@%SystemRoot%\system32\lltdres.dll,-6) -> system32\drivers\lltdio.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) -> \SystemRoot\system32\drivers\luafv.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - MMCSS (@%systemroot%\system32\drivers\mmcss.sys,-100) -> \SystemRoot\system32\drivers\mmcss.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - mrxsmb10 (@%systemroot%\system32\wkssvc.dll,-1004) -> system32\DRIVERS\mrxsmb10.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - MsLldp (@%SystemRoot%\system32\drivers\mslldp.sys,-200) -> system32\drivers\mslldp.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - Ndu (@%SystemRoot%\system32\drivers\Ndu.sys,-10001) -> system32\drivers\Ndu.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - PEAUTH (PEAUTH) -> system32\drivers\peauth.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - rspndr (@%SystemRoot%\system32\lltdres.dll,-5) -> system32\drivers\rspndr.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - srv (@%systemroot%\system32\srvsvc.dll,-102) -> System32\DRIVERS\srv.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - storqosflt (@%SystemRoot%\System32\drivers\storqosflt.sys,-101) -> system32\drivers\storqosflt.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - tcpipreg (TCP/IP Registry Compatibility) -> System32\drivers\tcpipreg.sys - AcceptPause: False - AcceptStop: True ---------- | System files (Microsoft|Avast|Atheros|Adaptec|Brother|Intel Files whitelisted) [MD5.4BFB41025FA1C37205EDEEFDE36F7771] - [04/03/2016 13:31:22] - (.Copyright (c) ASUSTek Computer Inc. - ASUS Charger driver.) - [14.5 Ko] - (5.2.3790.0) - C:\Windows\Syswow64\Drivers\AiChargerPlus.sys [MD5.6FDDA70D46B51E80CA2311064D05DF19] - [04/03/2016 13:31:52] - (.Copyright (c) ASUSTek Computer Inc. - ASUS Charger driver.) - [27.8 Ko] - (6.1.7600.16385) - C:\Windows\Syswow64\Drivers\AndroidAFDx64.sys [MD5.798DE15F187C1F013095BBBEB6FB6197] - [04/03/2016 13:17:22] - (.-.) - [14.88 Ko] - (0.0.0.0) - C:\Windows\Syswow64\Drivers\AsIO.sys [MD5.1392B92179B07B672720763D9B1028A5] - [04/03/2016 13:31:32] - (.-.) - [14.13 Ko] - (0.0.0.0) - C:\Windows\Syswow64\Drivers\AsUpIO.sys [MD5.A5E4CDB420540095D1293C874B5F89AA] - [04/03/2016 13:33:18] - (.Copyright (c) MCCI Corporation 1997-2011 - ASUS USB Hub filter driver.) - [45.07 Ko] - (5.28.10.0) - C:\Windows\Syswow64\Drivers\ASUSFILTER.sys ---------- | Uninstall [HKU\S-1-5-21-3509389351-3950065392-2608423712-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Crucial Storage Executive 3.24.082015.05] : (Crucial Storage Executive.-.Crucial) -> C:\Program Files\Crucial\Crucial Storage Executive\UninstallStorageExecutive.exe [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Logitech Gaming Software] : (Logitech - Assistant pour jeux vidéo 8.87.-.Logitech Inc.) -> C:\Program Files\Logitech Gaming Software\uninstallhlpr.exe /bitness=x64 /silentmode=off /langid=FRA /downgrade=no /firstRun=yes [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\PROSetDX] : (Intel(R) Network Connections 20.2.4001.0.-.Intel) -> MsiExec.exe /i{638A518B-0D2E-4143-ACF8-F3D83D822E85} ARPREMOVE=1 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\VulkanRT1.0.39.1] : (Vulkan Run Time Libraries 1.0.39.1.-.LunarG, Inc.) -> C:\Program Files (x86)\VulkanRT\1.0.39.1\UninstallVulkanRT.exe [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WinRAR archiver] : (WinRAR 5.31 (64-bit).-.win.rar GmbH) -> E:\Programmes\Winrar\uninstall.exe [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1] : (Core Temp 1.1.-.Alcpu) -> "C:\Program Files\Core Temp\unins000.exe" [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{2780660F-8532-4E52-A940-25D3EDCC19B8}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{27C6D60B-CAD4-4C70-A1F2-299C731EA8F7}] : (.-.) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{638A518B-0D2E-4143-ACF8-F3D83D822E85}] : (Intel(R) Network Connections 20.2.4001.0.-.Intel) -> MsiExec.exe /i{638A518B-0D2E-4143-ACF8-F3D83D822E85} ARPREMOVE=1 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{690285C2-2481-44FB-8402-162EA970A6DD}] : (.-.) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{81B881EA-2E90-4E70-8022-BA48D358586A}] : (NahimicSettingsConfigurator.-.ASUSTeKcomputer.Inc) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{8C91A5EB-2C62-4A6D-8802-CC79FD2ED390}] : (Intel(R) Chipset Device Software.-.Intel Corporation) -> MsiExec.exe /I{8C91A5EB-2C62-4A6D-8802-CC79FD2ED390} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{A70B8D38-273A-4D6A-B7D5-AEBEDEEE5D28}] : (.-.) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel] : (Ansel.-.NVIDIA Corporation) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision] : (NVIDIA Pilote 3D Vision 378.78.-.NVIDIA Corporation) -> "C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.3DVision ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel] : (Panneau de configuration NVIDIA 378.78.-.NVIDIA Corporation) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver] : (NVIDIA Pilote graphique 378.78.-.NVIDIA Corporation) -> "C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.Driver [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience] : (NVIDIA GeForce Experience 3.4.0.70.-.NVIDIA Corporation) -> "C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.GFExperience [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB] : (NVIDIA Pilote du contrôleur 3D Vision 369.04.-.NVIDIA Corporation) -> "C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.NVIRUSB [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX] : (NVIDIA Logiciel système PhysX 9.16.0318.-.NVIDIA Corporation) -> "C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.PhysX ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update] : (Mises à jour NVIDIA 23.23.30.0.-.NVIDIA Corporation) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv] : (SHIELD Streaming.-.NVIDIA Corporation) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver] : (NVIDIA Pilote audio HD : 1.3.34.23.-.NVIDIA Corporation) -> "C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage HDAudio.Driver ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer] : (NVIDIA Install Application.-.NVIDIA Corporation) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvBackend] : (NVIDIA Backend.-.NVIDIA Corporation) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer] : (NVIDIA Container.-.NVIDIA Corporation) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.LocalSystem] : (NVIDIA LocalSystem Container.-.NVIDIA Corporation) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.MessageBus] : (NVIDIA Message Bus for NvContainer.-.NVIDIA Corporation) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NetworkService] : (NVIDIA NetworkService Container.-.NVIDIA Corporation) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.Session] : (NVIDIA Session Container.-.NVIDIA Corporation) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.User] : (NVIDIA User Container.-.NVIDIA Corporation) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainer] : (NVIDIA Display Container.-.NVIDIA Corporation) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainerLS] : (NVIDIA Display Container LS.-.NVIDIA Corporation) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs] : (NvNodejs.-.NVIDIA Corporation) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvPlugin.Watchdog] : (NVIDIA Watchdog Plugin for NvContainer.-.NVIDIA Corporation) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry] : (NvTelemetry.-.NVIDIA Corporation) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetryContainer] : (NVIDIA Telemetry Container.-.NVIDIA Corporation) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci] : (NvvHci.-.NVIDIA Corporation) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_OSC] : (Nvidia Share.-.NVIDIA Corporation) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay] : (NVIDIA ShadowPlay 3.4.0.70.-.NVIDIA Corporation) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController] : (SHIELD Wireless Controller Driver.-.NVIDIA Corporation) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core] : (NVIDIA Update Core.-.NVIDIA Corporation) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver] : (NVIDIA Virtual Audio 3.51.2.-.NVIDIA Corporation) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{EC9D5554-6852-4A55-81BB-AC02C7A8CFED}] : (Overwolf.Setup.VC100CRTx64.Dist.-.Overwolf) -> MsiExec.exe /I{EC9D5554-6852-4A55-81BB-AC02C7A8CFED} ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{F55B1B94-3BFA-49D4-AE45-2ECE776BA815}] : (Sonic Studio Plugin.-.ASUSTeKcomputer.Inc) -> MsiExec.exe /I{F55B1B94-3BFA-49D4-AE45-2ECE776BA815} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Afterburner] : (MSI Afterburner 4.2.0.-.MSI Co., LTD) -> "C:\Program Files (x86)\MSI Afterburner\uninstall.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Battle.net] : (Battle.net.-.Blizzard Entertainment) -> "C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe" --lang=frFR --uid=battle.net --displayname="Battle.net" ##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Google Chrome] : (Google Chrome.-.Google Inc.) -> "C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\Installer\setup.exe" --uninstall --system-level --verbose-logging [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> ##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\NVIDIAStereo] : (NVIDIA Stereoscopic 3D Driver.-.NVIDIA Corporation) -> "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInst.exe" /uninstall /ask [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Overwatch] : (Overwatch.-.Blizzard Entertainment) -> "C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe" --lang=frFR --uid=prometheus --displayname="Overwatch" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Overwatch Test] : (Overwatch Test.-.Blizzard Entertainment) -> "C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe" --lang=frFR --uid=prometheus_test --displayname="Overwatch Test" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Steam] : (Steam.-.Valve Corporation) -> C:\Program Files (x86)\Steam\uninstall.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\TeamSpeak 3 Client] : (TeamSpeak 3 Client.-.TeamSpeak Systems GmbH) -> "C:\Program Files (x86)\TeamSpeak 3 Client\uninstall.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\uTorrent] : (µTorrent.-.) -> "E:\Programmes\utorrent\uTorrent.exe" /UNINSTALL [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\World of Warcraft] : (World of Warcraft.-.Blizzard Entertainment) -> "C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe" --lang=frFR --uid=wow_frfr --displayname="World of Warcraft" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{022319D8-DFB3-4531-8214-EE0E1E9CD4A3}] : (Mumble 1.2.13.-.Thorvald Natvig) -> MsiExec.exe /I{022319D8-DFB3-4531-8214-EE0E1E9CD4A3} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{0D2C9C0A-51AB-4629-A4A9-DF40B24BBF5A}] : (.-.) -> ##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{3843fc8e-e352-4238-be32-74ca38dd57a0}] : (Asus Sonic Suite Plugins.-.ASUSTeKcomputer.Inc) -> "C:\ProgramData\Package Cache\{3843fc8e-e352-4238-be32-74ca38dd57a0}\SetupSonicPlugins_R2.exe" /uninstall ##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{60c073df-e736-4210-9c3a-5fc2b651cef3}] : (Logiciel pour périphérique à chipset Intel®.-.Intel(R) Corporation) -> "C:\ProgramData\Package Cache\{60c073df-e736-4210-9c3a-5fc2b651cef3}\SetupChipset.exe" /uninstall ##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}] : (Google Update Helper.-.Google Inc.) -> MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}] : (Asmedia USB Host Controller Driver.-.Asmedia Technology) -> MsiExec.exe /X{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}] : (Realtek High Definition Audio Driver.-.Realtek Semiconductor Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -runfromtemp -removeonly ---------- | Ports ---------- | Installer [HKCR\Installer\Products\4555D9CE258655A418BBCA207C8AFCDE] : Overwolf.Setup.VC100CRTx64.Dist [HKCR\Installer\Products\49B1B55FAFB34D94EA54E2EC77B68A51] : Sonic Studio Plugin [HKCR\Installer\Products\818DCFD4A63092246AD7FC71CD64D129] : Windows 10 Update and Privacy Settings [HKCR\Installer\Products\8D9132203BFD13542841EEE0E1C94D3A] : Mumble 1.2.13 -> C:\Windows\Installer\{022319D8-DFB3-4531-8214-EE0E1E9CD4A3}\mumble.ico [HKCR\Installer\Products\93B0BF4E199C7EE459DDA1A187753DD3] : Asmedia USB Host Controller Driver -> C:\Windows\Installer\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}\ARPPRODUCTICON.exe [HKCR\Installer\Products\A089CE062ADB6BC44A720BA745894BAC] : Google Update Helper [HKCR\Installer\Products\A98660DE7B3353D4F867638AC20D4360] : KB4023057 [HKCR\Installer\Products\AE188B1809E207E40822AB843D8585A6] : NahimicSettingsConfigurator [HKCR\Installer\Products\B815A836E2D03414CA8F3F8DD328E258] : -> C:\Windows\Installer\{638A518B-0D2E-4143-ACF8-F3D83D822E85}\ARPPRODUCTICON.exe [HKCR\Installer\Products\BE5A19C826C2D6A48820CC97DFE23D09] : Intel(R) Chipset Device Software ---------- | ADS ---------- | Drives Disk: 0 Size=954G Pos MBRndx Type/Name Size Active Hide Start Sector Sectors --- ------ ---------- ---- ------ ---- ------------ ------------ 0 0 EE-UNKNWN 21.0T No No 1 294,967,295 ---------- | MBR Windows Version: Windows Information: (build 9200), 64-bit Base Board Manufacturer: ASUSTeK COMPUTER INC. BIOS Manufacturer: American Megatrends Inc. System Manufacturer: System manufacturer System Product Name: System Product Name Logical Drives Mask: 0x0000001c Analysis of file "C:\QuickDiag\MBR.bin": Unknown MBR code 64 bits not supported by MBR.exe, Dump : C:\QuickDiag\MBR.Bin ---------- | 20 LastEventLog Les services de chiffrement ont échoué lors du traitement de l’appel OnIdentity() dans l’objet System Writer. Details: AddLegacyDriverFiles: Unable to back up image of binary Protocole LLDP (Link Layer Discovery Protocol) Microsoft. System Error: Accès refusé. . ------------ Le programme Windows10UpgraderApp.exe version 1.4.9200.17384 a cessé d'interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l'historique du problème dans le panneau de configuration Sécurité et maintenance. ID de processus : 1f50 Heure de début : 01d320178df7acba Heure de fin : 4294967295 Chemin d'accès de l'application : C:\Windows10Upgrade\Windows10UpgraderApp.exe ID de rapport : d5dfa552-8c0a-11e7-993e-9c5c8e7609f5 Nom complet du package défaillant : ID de l'application relative au package défaillant : ------------ Les services de chiffrement ont échoué lors du traitement de l’appel OnIdentity() dans l’objet System Writer. Details: AddLegacyDriverFiles: Unable to back up image of binary Protocole LLDP (Link Layer Discovery Protocol) Microsoft. System Error: Accès refusé. . ------------ Les services de chiffrement ont échoué lors du traitement de l’appel OnIdentity() dans l’objet System Writer. Details: AddLegacyDriverFiles: Unable to back up image of binary Protocole LLDP (Link Layer Discovery Protocol) Microsoft. System Error: Accès refusé. . ------------ Les services de chiffrement ont échoué lors du traitement de l’appel OnIdentity() dans l’objet System Writer. Details: AddLegacyDriverFiles: Unable to back up image of binary Protocole LLDP (Link Layer Discovery Protocol) Microsoft. System Error: Accès refusé. . ------------ Échec de la procédure d’ouverture pour le service « BITS » dans la DLL « C:\Windows\System32\bitsperf.dll ». Les données de performance de ce service ne seront pas disponibles. Le premier mot (DWORD) de la section Données contient le code d’erreur. ------------ Les services de chiffrement ont échoué lors du traitement de l’appel OnIdentity() dans l’objet System Writer. Details: AddLegacyDriverFiles: Unable to back up image of binary Protocole LLDP (Link Layer Discovery Protocol) Microsoft. System Error: Accès refusé. . ------------ Les services de chiffrement ont échoué lors du traitement de l’appel OnIdentity() dans l’objet System Writer. Details: AddLegacyDriverFiles: Unable to back up image of binary Protocole LLDP (Link Layer Discovery Protocol) Microsoft. System Error: Accès refusé. . ------------ La création du contexte d’activation a échoué pour « C:\Program Files\AVAST Software\Avast\setup\iplugins\IStats.dll ». Assembly dépendant Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé. ------------ Les services de chiffrement ont échoué lors du traitement de l’appel OnIdentity() dans l’objet System Writer. Details: AddLegacyDriverFiles: Unable to back up image of binary Protocole LLDP (Link Layer Discovery Protocol) Microsoft. System Error: Accès refusé. . ------------ Les services de chiffrement ont échoué lors du traitement de l’appel OnIdentity() dans l’objet System Writer. Details: AddLegacyDriverFiles: Unable to back up image of binary Protocole LLDP (Link Layer Discovery Protocol) Microsoft. System Error: Accès refusé. . ------------ Nom de l’application défaillante Microsoft.Photos.exe, version : 1.0.1703.13001, horodatage : 0x58c6eefb Nom du module défaillant : ntdll.dll, version : 10.0.10586.672, horodatage : 0x580ee321 Code d’exception : 0xc0000264 Décalage d’erreur : 0x00000000000a4aa0 ID du processus défaillant : 0xb8c Heure de début de l’application défaillante : 0x01d318ffa4008e96 Chemin d’accès de l’application défaillante : C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.313.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe Chemin d’accès du module défaillant: C:\Windows\SYSTEM32\ntdll.dll ID de rapport : 5361bef8-24d6-470e-96ee-2a3c01d4f6d0 Nom complet du package défaillant : Microsoft.Windows.Photos_17.313.10010.0_x64__8wekyb3d8bbwe ID de l’application relative au package défaillant : App ------------ Les services de chiffrement ont échoué lors du traitement de l’appel OnIdentity() dans l’objet System Writer. Details: AddLegacyDriverFiles: Unable to back up image of binary Protocole LLDP (Link Layer Discovery Protocol) Microsoft. System Error: Accès refusé. . ------------ Les services de chiffrement ont échoué lors du traitement de l’appel OnIdentity() dans l’objet System Writer. Details: AddLegacyDriverFiles: Unable to back up image of binary Protocole LLDP (Link Layer Discovery Protocol) Microsoft. System Error: Accès refusé. . ------------ Les services de chiffrement ont échoué lors du traitement de l’appel OnIdentity() dans l’objet System Writer. Details: AddLegacyDriverFiles: Unable to back up image of binary Protocole LLDP (Link Layer Discovery Protocol) Microsoft. System Error: Accès refusé. . ------------ Les services de chiffrement ont échoué lors du traitement de l’appel OnIdentity() dans l’objet System Writer. Details: AddLegacyDriverFiles: Unable to back up image of binary Protocole LLDP (Link Layer Discovery Protocol) Microsoft. System Error: Accès refusé. . ------------ Les services de chiffrement ont échoué lors du traitement de l’appel OnIdentity() dans l’objet System Writer. Details: AddLegacyDriverFiles: Unable to back up image of binary Protocole LLDP (Link Layer Discovery Protocol) Microsoft. System Error: Accès refusé. . ------------ Les services de chiffrement ont échoué lors du traitement de l’appel OnIdentity() dans l’objet System Writer. Details: AddLegacyDriverFiles: Unable to back up image of binary Protocole LLDP (Link Layer Discovery Protocol) Microsoft. System Error: Accès refusé. . ------------ Les services de chiffrement ont échoué lors du traitement de l’appel OnIdentity() dans l’objet System Writer. Details: AddLegacyDriverFiles: Unable to back up image of binary Protocole LLDP (Link Layer Discovery Protocol) Microsoft. System Error: Accès refusé. . ------------ ----------( EOF)---------- - 3393 | 16:30:25