--------------- QuickDiag | g3n-h@ckm@n | V3_22.10.17.1 --------------- ----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 16/04/2018 18:26:30 Updated 22/10/2017 | 08.35 (GMT) by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Time Zone : (UTC+01:00) Bruxelles, Copenhague, Madrid, Paris [Mosheur (Administrator)] - [MOSHEUR-PC] (S-1-5-21-2673370752-163226256-3562748738-1000) System: Microsoft Windows 7 Édition Familiale Premium - Service Pack 1 - (6.1.7601) - BuildType: Multiprocessor Free - OSLanguage: 1036 (040c) -> () System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True Boot : Microsoft Windows 7 Édition Familiale Premium |C:\Windows|\Device\Harddisk0\Partition2 Boot : Normal boot PC: - - IdNumber: - UUID: 00000000-0000-0000-0000-000000000000 Processor : X64 - 3500 Mhz - Intel(R) Core(TM) i5-4690 CPU @ 3.50GHz BIOS Date: 05/30/14 09:03:04 Ver: 04.06.05 - - - S/N: - - ALASKA - 1072009 CoreTemp : 29.8 Celsius ----------| Quick ---------- | SoundDevice Realtek High Definition Audio - Status: OK - Manufacturer: Realtek - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0887&SUBSYS_1458A182&REV_1003\4&42F4E46&0&0201 NVIDIA Virtual Audio Device (Wave Extensible) (WDM) - Status: OK - Manufacturer: NVIDIA - PNPDeviceID: ROOT\UNNAMED_DEVICE\0000 Périphérique audio USB - Status: OK - Manufacturer: (USB Audio générique) - PNPDeviceID: USB\VID_0C76&PID_161F&MI_00\6&2DE99420&0&0000 NVIDIA High Definition Audio - Status: OK - Manufacturer: NVIDIA - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10DE&DEV_0040&SUBSYS_1458361C&REV_1001\5&281AED79&0&0001 Webcam C170 - Status: OK - Manufacturer: Logitech - PNPDeviceID: USB\VID_046D&PID_082B&MI_02\6&25DBAE0&0&0002 ---------- | Video Intel(R) HD Graphics 4600 - Resolution: 1920x1080 - Colors: 4294967296 - RefreshRate: 60 - 32 Bits Per Pixel - DeviceID: VideoController1 - Drivers: igdumdim64.dll,igd10iumd64.dll,igd10iumd64.dll,igdumdim32,igd10iumd32,igd10iumd32 - PNPDeviceID: PCI\VEN_8086&DEV_0412&SUBSYS_D0001458&REV_06\3&11583659&0&10 - AdapterCompatibility: Intel Corporation - RAM: 1073741824 NVIDIA GeForce GTX 760 - Resolution: 1280x1024 - Colors: 4294967296 - RefreshRate: 60 - 32 Bits Per Pixel - DeviceID: VideoController2 - Drivers: nvd3dumx.dll,nvwgf2umx.dll,nvwgf2umx.dll,nvd3dum,nvwgf2um,nvwgf2um - PNPDeviceID: PCI\VEN_10DE&DEV_1187&SUBSYS_361C1458&REV_A1\4&1286464&0&0008 - AdapterCompatibility: NVIDIA - RAM: -1048576 Inegrated Video Chipset DeviceName: Intel(R) HD Graphics 4600 - DriverVersion: 10.18.14.4264 - SpecificationVersion: 1025 ---------- | Codecs c:\windows\system32\msrle32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 16384 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msvidc32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 38912 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\imaadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 22016 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msg711.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 14848 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msgsm32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 29184 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 24064 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 25600 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\iyuv_32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 54272 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\tsbyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 14848 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\l3codeca.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 81408 - Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK ---------- | CPU ---------- | Network WAN Miniport (SSTP) - - Microsoft - Status: - PnPID : ROOT\MS_SSTPMINIPORT\0000 WAN Miniport (IKEv2) - - Microsoft - Status: - PnPID : ROOT\MS_AGILEVPNMINIPORT\0000 WAN Miniport (L2TP) - - Microsoft - Status: - PnPID : ROOT\MS_L2TPMINIPORT\0000 WAN Miniport (PPTP) - - Microsoft - Status: - PnPID : ROOT\MS_PPTPMINIPORT\0000 WAN Miniport (PPPOE) - - Microsoft - Status: - PnPID : ROOT\MS_PPPOEMINIPORT\0000 WAN Miniport (IPv6) - - Microsoft - Status: - PnPID : ROOT\MS_NDISWANIPV6\0000 WAN Miniport (Network Monitor) - - Microsoft - Status: - PnPID : ROOT\MS_NDISWANBH\0000 Realtek PCIe GBE Family Controller - Ethernet 802.3 - Realtek - Status: - PnPID : PCI\VEN_10EC&DEV_8168&SUBSYS_E0001458&REV_06\01000000684CE00000 WAN Miniport (IP) - - Microsoft - Status: - PnPID : ROOT\MS_NDISWANIP\0000 Carte Microsoft ISATAP - Tunnel - Microsoft - Status: - PnPID : ROOT\*ISATAP\0002 RAS Async Adapter - Réseau étendu (WAN) - Microsoft - Status: - PnPID : SW\{EEAB7790-C514-11D1-B42B-00805FC1270E}\ASYNCMAC Kaspersky Security Data Escort Adapter - Ethernet 802.3 - Kaspersky Security Data Escort Provider - Status: - PnPID : ROOT\NET\0000 Carte Microsoft ISATAP #2 - Tunnel - Microsoft - Status: - PnPID : ROOT\*ISATAP\0001 Remote NDIS based Internet Sharing Device - - - Status: - PnPID : ---------- | Memory RAM = Total (MB) : 8280 | Free (MB) : 126 Pagefile = Total (MB) : 17520 | Free (MB) : 6339 Virtual = Total (MB) : 4194 | Free (MB) : 3962 ---------- | SID Users Administrateur : [S-1-5-21-2673370752-163226256-3562748738-500] HomeGroupUser$ : [S-1-5-21-2673370752-163226256-3562748738-1002] Invité : [S-1-5-21-2673370752-163226256-3562748738-501] Mosheur : [S-1-5-21-2673370752-163226256-3562748738-1000] Administrateurs : [S-1-5-32-544] IIS_IUSRS : [S-1-5-32-568] Invités : [S-1-5-32-546] Lecteurs des journaux d’événements : [S-1-5-32-573] Utilisateurs : [S-1-5-32-545] Utilisateurs de l’Analyseur de performances : [S-1-5-32-558] Utilisateurs du journal de performances : [S-1-5-32-559] Utilisateurs du modèle COM distribué : [S-1-5-32-562] HomeUsers : [S-1-5-21-2673370752-163226256-3562748738-1001] ---------- | SystemAccounts Name: Tout le monde - SID: S-1-1-0 - SIDType: 5 - Status: OK Name: LOCAL - SID: S-1-2-0 - SIDType: 5 - Status: OK Name: CREATEUR PROPRIETAIRE - SID: S-1-3-0 - SIDType: 5 - Status: OK Name: GROUPE CREATEUR - SID: S-1-3-1 - SIDType: 5 - Status: OK Name: CREATOR OWNER SERVER - SID: S-1-3-2 - SIDType: 5 - Status: OK Name: CREATOR GROUP SERVER - SID: S-1-3-3 - SIDType: 5 - Status: OK Name: DROITS DU PROPRIÉTAIRE - SID: S-1-3-4 - SIDType: 5 - Status: OK Name: LIGNE - SID: S-1-5-1 - SIDType: 5 - Status: OK Name: RESEAU - SID: S-1-5-2 - SIDType: 5 - Status: OK Name: TACHE - SID: S-1-5-3 - SIDType: 5 - Status: OK Name: INTERACTIF - SID: S-1-5-4 - SIDType: 5 - Status: OK Name: SERVICE - SID: S-1-5-6 - SIDType: 5 - Status: OK Name: ANONYMOUS LOGON - SID: S-1-5-7 - SIDType: 5 - Status: OK Name: Proxy - SID: S-1-5-8 - SIDType: 5 - Status: OK Name: Système - SID: S-1-5-18 - SIDType: 5 - Status: OK Name: ENTERPRISE DOMAIN CONTROLLERS - SID: S-1-5-9 - SIDType: 5 - Status: OK Name: SELF - SID: S-1-5-10 - SIDType: 5 - Status: OK Name: Utilisateurs authentifiés - SID: S-1-5-11 - SIDType: 5 - Status: OK Name: RESTRICTED - SID: S-1-5-12 - SIDType: 5 - Status: OK Name: UTILISATEUR TERMINAL SERVER - SID: S-1-5-13 - SIDType: 5 - Status: OK Name: REMOTE INTERACTIVE LOGON - SID: S-1-5-14 - SIDType: 5 - Status: OK Name: IUSR - SID: S-1-5-17 - SIDType: 5 - Status: OK Name: SERVICE LOCAL - SID: S-1-5-19 - SIDType: 5 - Status: OK Name: SERVICE RÉSEAU - SID: S-1-5-20 - SIDType: 5 - Status: OK Name: BUILTIN - SID: S-1-5-32 - SIDType: 3 - Status: OK ---------- | Drives C:\ -> [Fixed] | [] | Total : 119.14 Go | Free : 52.1 Go -> NTFS (SSD) [SATA] D:\ -> [Fixed] | [] | Total : 931.39 Go | Free : 291.27 Go -> NTFS [SATA] F:\ -> [Fixed] | [MOSHEUR] | Total : 465.65 Go | Free : 441.16 Go -> FAT32 [USB] H:\ -> [Fixed] | [Réservé au système] | Total : 0.1 Go | Free : 0.07 Go -> NTFS (SSD) [SATA] DeviceID: \\.\PHYSICALDRIVE0 - Status: OK - IDE - Fixed hard disk media - 2 Part. - PnPID : SCSI\DISK&VEN_ADATA&PROD_SP900\4&2A148996&0&020000 DeviceID: \\.\PHYSICALDRIVE1 - Status: OK - IDE - Fixed hard disk media - 1 Part. - PnPID : SCSI\DISK&VEN_ST1000DM&PROD_003-1ER162\4&2A148996&0&040000 DeviceID: \\.\PHYSICALDRIVE2 - Status: OK - USB - - 0 Part. - PnPID : USBSTOR\DISK&VEN_GENERIC&PROD_STORAGE_DEVICE&REV_0272\000000000272&0 DeviceID: \\.\PHYSICALDRIVE3 - Status: OK - USB - External hard disk media - 1 Part. - PnPID : USBSTOR\DISK&VEN_TOSHIBA&PROD_USB_3.5"-HDD\00210CC2&0 ---------- | Windows updates Last detection : 2018-04-16 11:26:13 Downloaded last ones : 2018-04-13 08:07:58 Installed last ones : 2018-04-13 08:08:02 Next search : 2018-04-16 19:12:25 Test 1 : Windows Is Activated ---------- | Browsers IE : 11.0.9600.18978 (© Microsoft Corporation. Tous droits réservés.) FF : 59.0.2.6656 (©Firefox and Mozilla Developers; available under the MPL 2 license.) GC : 65.0.3325.181 (Copyright 2017 Google Inc.) Default : "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "" ---------- | FlashPlayer FlashPlayer Plugin : 29.0.0.140 ---------- | Security AS : Windows Defender Enabled WMI : OK WU: Windows Update Service [Auto(2)] = Running AS: Windows Defender [Auto(2)] = Running WMI: Windows Management Instrumentation [Auto(2)] = Running ---------- | Running processes 464 | [Owner : Système | Parent : 4(System) | 0.05 Mo] - (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (6.1.7601.24094) = C:\Windows\System32\smss.exe [11/04/2018 09:00:18] --> Command Line : 704 | [Owner : Système | Parent : 560() | 2.08 Mo] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (6.1.7600.16385) = C:\Windows\System32\csrss.exe [14/07/2009 01:19:49] --> Command Line : 828 | [Owner : Système | Parent : 560() | 0.05 Mo] - (.Microsoft Corporation - Application de démarrage de Windows.) - (6.1.7600.16385) = C:\Windows\System32\wininit.exe [14/07/2009 01:52:37] --> Command Line : 836 | [Owner : Système | Parent : 812() | 23.92 Mo] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (6.1.7600.16385) = C:\Windows\System32\csrss.exe [14/07/2009 01:19:49] --> Command Line : 892 | [Owner : Système | Parent : 828(wininit.exe) | 4.83 Mo] - (.Microsoft Corporation - Applications Services et Contrôleur.) - (6.1.7601.18829) = C:\Windows\System32\services.exe [31/08/2017 11:42:01] --> Command Line : 932 | [Owner : Système | Parent : 828(wininit.exe) | 6.44 Mo] - (.Microsoft Corporation - Local Security Authority Process.) - (6.1.7601.24094) = C:\Windows\System32\lsass.exe [11/04/2018 09:00:18] --> Command Line : 940 | [Owner : Système | Parent : 828(wininit.exe) | 1.69 Mo] - (.Microsoft Corporation - Service du gestionnaire de session locale.) - (6.1.7601.17514) = C:\Windows\System32\lsm.exe [20/01/2011 14:28:00] --> Command Line : 536 | [Owner : Système | Parent : 892(services.exe) | 4.5 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:31:13] --> Command Line : 572 | [Owner : SERVICE RÉSEAU | Parent : 892(services.exe) | 4.75 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:31:13] --> Command Line : 444 | [Owner : SERVICE LOCAL | Parent : 892(services.exe) | 10.72 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:31:13] --> Command Line : 1056 | [Owner : Système | Parent : 892(services.exe) | 4.59 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:31:13] --> Command Line : 1084 | [Owner : SERVICE LOCAL | Parent : 892(services.exe) | 10.11 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:31:13] --> Command Line : 1132 | [Owner : Système | Parent : 892(services.exe) | 23.7 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:31:13] --> Command Line : 1192 | [Owner : Système | Parent : 812() | 1.55 Mo] - (.Microsoft Corporation - Application d’ouverture de session Windows.) - (6.1.7601.24000) = C:\Windows\System32\winlogon.exe [05/01/2018 11:22:56] --> Command Line : 1280 | [Owner : SERVICE LOCAL | Parent : 892(services.exe) | 4.39 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:31:13] --> Command Line : 1352 | [Owner : Système | Parent : 892(services.exe) | 1.58 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:31:13] --> Command Line : 1412 | [Owner : Système | Parent : 892(services.exe) | 1.5 Mo] - (.Intel Corporation - igfxCUIService Module.) - (6.15.10.4264) = C:\Windows\System32\igfxCUIService.exe [31/08/2017 11:40:57] --> Command Line : 1468 | [Owner : SERVICE RÉSEAU | Parent : 892(services.exe) | 7.23 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:31:13] --> Command Line : 1640 | [Owner : Système | Parent : 892(services.exe) | 3.03 Mo] - (.Microsoft Corporation - Application sous-système spouleur.) - (6.1.7601.24000) = C:\Windows\System32\spoolsv.exe [05/01/2018 11:22:55] --> Command Line : 1688 | [Owner : SERVICE LOCAL | Parent : 892(services.exe) | 4.92 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:31:13] --> Command Line : 1740 | [Owner : SERVICE LOCAL | Parent : 892(services.exe) | 9.6 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:31:13] --> Command Line : 1796 | [Owner : Mosheur | Parent : 892(services.exe) | 9.74 Mo] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (6.1.7601.18010) = C:\Windows\System32\taskhost.exe [31/08/2017 11:40:42] --> Command Line : 1892 | [Owner : Mosheur | Parent : 1056(svchost.exe) | 154.05 Mo] - (.Microsoft Corporation - Gestionnaire de fenêtres du Bureau.) - (6.1.7600.16385) = C:\Windows\System32\dwm.exe [14/07/2009 01:37:38] --> Command Line : 1980 | [Owner : Mosheur | Parent : 1868() | 71.31 Mo] - (.Microsoft Corporation - Explorateur Windows.) - (6.1.7601.23537) = C:\Windows\explorer.exe [31/08/2017 11:40:52] --> Command Line : 2008 | [Owner : Système | Parent : 892(services.exe) | 0.06 Mo] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - (1.824.26.5200) = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [09/02/2018 19:02:50] --> Command Line : 1576 | [Owner : Système | Parent : 892(services.exe) | 147.86 Mo] - (.AO Kaspersky Lab - Kaspersky Anti-Virus.) - (18.0.0.405) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\avp.exe [24/01/2017 18:57:38] --> Command Line : 2116 | [Owner : Système | Parent : 892(services.exe) | 0.05 Mo] - (.Seiko Epson Corporation - Epson Scanner Service (64bit).) - (1.1.0.1) = C:\Windows\System32\escsvc64.exe [13/10/2017 13:16:45] --> Command Line : 2152 | [Owner : Système | Parent : 892(services.exe) | 0.57 Mo] - (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) - (8.0.0.0) = C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [13/10/2017 12:53:06] --> Command Line : 2224 | [Owner : Système | Parent : 892(services.exe) | 14.46 Mo] - (.Garmin Ltd. or its subsidiaries - Garmin Service.) - (6.3.0.0) = C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [27/03/2018 16:10:20] --> Command Line : 2344 | [Owner : Système | Parent : 892(services.exe) | 1.12 Mo] - (.-.) - (22.29.1.3) = C:\Program Files (x86)\MobileBrServ\mbbService.exe [02/03/2018 12:03:21] --> Command Line : 2392 | [Owner : Système | Parent : 892(services.exe) | 5.22 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.10.2366.3209) = C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [26/01/2018 14:17:14] --> Command Line : 2456 | [Owner : Système | Parent : 892(services.exe) | 4 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.2.0.0) = C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [01/09/2017 13:17:00] --> Command Line : 2480 | [Owner : SERVICE RÉSEAU | Parent : 892(services.exe) | 6.54 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.10.2354.7482) = C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [01/09/2017 13:30:44] --> Command Line : 2524 | [Owner : SERVICE LOCAL | Parent : 892(services.exe) | 2.88 Mo] - (.Electronic Arts - OriginWebHelperService.) - (10.5.16.49299) = D:\Program Files (x86)\Origin\OriginWebHelperService.exe [28/03/2018 00:10:25] --> Command Line : 2548 | [Owner : Système | Parent : 2456(NVDisplay.Container.exe) | 17.32 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.2.0.0) = C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [01/09/2017 13:17:00] --> Command Line : 2972 | [Owner : Mosheur | Parent : 2392(nvcontainer.exe) | 2.01 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.10.2366.3209) = C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe [26/01/2018 14:17:14] --> Command Line : 2980 | [Owner : Mosheur | Parent : 2392(nvcontainer.exe) | 14.79 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.10.2366.3209) = C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe [26/01/2018 14:17:14] --> Command Line : 3624 | [Owner : SERVICE LOCAL | Parent : 892(services.exe) | 1.28 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:31:13] --> Command Line : 3656 | [Owner : Système | Parent : 892(services.exe) | 1.64 Mo] - (.Reason Software Company Inc. - Unchecky Service.) - (1.2.0.0) = D:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [02/09/2017 14:22:41] --> Command Line : 3768 | [Owner : Mosheur | Parent : 3656(unchecky_svc.exe) | 3.42 Mo] - (.Reason Software Company Inc. - Unchecky Background Process.) - (1.2.0.0) = D:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe [02/09/2017 14:22:41] --> Command Line : 3252 | [Owner : Système | Parent : 2068() | 0.07 Mo] - (.Google Inc. - Google Crash Handler.) - (1.3.33.7) = C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe [11/02/2018 17:23:07] --> Command Line : 4108 | [Owner : Système | Parent : 2068() | 0.06 Mo] - (.Google Inc. - Google Crash Handler.) - (1.3.33.7) = C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe [11/02/2018 17:23:07] --> Command Line : 4164 | [Owner : SERVICE LOCAL | Parent : 892(services.exe) | 1.78 Mo] - (.Microsoft Corporation - PresentationFontCache.exe.) - (3.0.6920.5011) = C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe [20/01/2011 14:29:33] --> Command Line : 4428 | [Owner : SERVICE RÉSEAU | Parent : 892(services.exe) | 2.96 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:31:13] --> Command Line : 4668 | [Owner : Mosheur | Parent : 1576(avp.exe) | 13.86 Mo] - (.AO Kaspersky Lab - Kaspersky Anti-Virus.) - (18.0.0.405) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\avpui.exe [31/08/2017 16:15:28] --> Command Line : 4692 | [Owner : Mosheur | Parent : 2076() | 3.32 Mo] - (.Node.js - NVIDIA Web Helper Service.) - (6.12.2.0) = C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe [26/01/2018 14:17:16] --> Command Line : 4792 | [Owner : Mosheur | Parent : 836(csrss.exe) | 0.18 Mo] - (.Microsoft Corporation - Hôte de la fenêtre de la console.) - (6.1.7601.24094) = C:\Windows\System32\conhost.exe [11/04/2018 09:00:18] --> Command Line : 4832 | [Owner : Mosheur | Parent : 4484() | 1 Mo] - (.Intel Corporation - igfxHK Module.) - (6.15.10.4264) = C:\Windows\System32\igfxHK.exe [09/08/2015 04:50:44] --> Command Line : 4840 | [Owner : Mosheur | Parent : 4484() | 1.25 Mo] - (.-.) - (0.0.0.0) = C:\Windows\System32\igfxTray.exe [09/08/2015 04:50:44] --> Command Line : 4116 | [Owner : Mosheur | Parent : 536(svchost.exe) | 2.38 Mo] - (.Intel Corporation - igfxEM Module.) - (6.15.10.4264) = C:\Windows\System32\igfxEM.exe [09/08/2015 04:50:44] --> Command Line : 3120 | [Owner : Mosheur | Parent : 536(svchost.exe) | 1.45 Mo] - (.Microsoft Corporation - Processus hôte Windows (Rundll32).) - (6.1.7601.23755) = C:\Windows\System32\rundll32.exe [31/08/2017 11:43:13] --> Command Line : 1680 | [Owner : Mosheur | Parent : 1980(explorer.exe) | 2.95 Mo] - (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) - (1.0.0.921) = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [31/08/2017 11:44:14] --> Command Line : 4860 | [Owner : Mosheur | Parent : 1980(explorer.exe) | 1.74 Mo] - (.Microsoft Corporation - XBoxStat.exe.) - (1.20.146.0) = C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe [30/09/2009 17:57:30] --> Command Line : 5096 | [Owner : Mosheur | Parent : 1980(explorer.exe) | 28.5 Mo] - (.Valve Corporation - Steam Client Bootstrapper.) - (4.44.85.6) = D:\Program Files (x86)\Steam\Steam.exe [23/07/2016 01:36:30] --> Command Line : 5196 | [Owner : Mosheur | Parent : 1980(explorer.exe) | 28.08 Mo] - (.Skype Technologies S.A. - Skype.) - (7.40.0.104) = C:\Program Files (x86)\Skype\Phone\Skype.exe [10/10/2017 15:56:34] --> Command Line : 5388 | [Owner : Mosheur | Parent : 5292() | 1.12 Mo] - (.Intel Corporation - iusb3mon.) - (5.0.3.42) = C:\Program Files (x86)\Intel\Intel(R) USB 3.0 3.1 eXtensible Host Controller Driver\Application\iusb3mon.exe [26/01/2018 14:02:49] --> Command Line : 5476 | [Owner : Mosheur | Parent : 5292() | 1.63 Mo] - (.Logitech Inc. - Logitech Webcam Software.) - (13.51.815.0) = C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [13/09/2012 01:38:44] --> Command Line : 5604 | [Owner : Mosheur | Parent : 5476(LWS.exe) | 3.76 Mo] - (.-.) - (13.51.815.0) = C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe [13/09/2012 01:38:20] --> Command Line : 5660 | [Owner : Mosheur | Parent : 5580() | 1.28 Mo] - (.Piriform Ltd - CCleaner.) - (5.41.129.6446) = C:\Program Files\CCleaner\CCleaner64.exe [06/03/2018 23:58:52] --> Command Line : 6872 | [Owner : Système | Parent : 892(services.exe) | 8.56 Mo] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.7601.23930) = C:\Windows\System32\SearchIndexer.exe [15/11/2017 12:28:13] --> Command Line : 7040 | [Owner : SERVICE RÉSEAU | Parent : 892(services.exe) | 9.47 Mo] - (.Microsoft Corporation - Service Partage réseau du Lecteur Windows Media.) - (12.0.7601.17514) = C:\Program Files\Windows Media Player\wmpnetwk.exe [20/01/2011 14:29:42] --> Command Line : 7268 | [Owner : SERVICE LOCAL | Parent : 892(services.exe) | 8.8 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:31:13] --> Command Line : 7912 | [Owner : Système | Parent : 892(services.exe) | 13.39 Mo] - (.Malwarebytes - Malwarebytes Service.) - (3.1.0.595) = C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [11/01/2018 07:26:49] --> Command Line : 9860 | [Owner : Mosheur | Parent : 7912(MBAMService.exe) | 5.68 Mo] - (.Malwarebytes - Malwarebytes Tray Application.) - (3.0.0.1284) = C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [11/01/2018 07:26:47] --> Command Line : 10104 | [Owner : Mosheur | Parent : 5096(Steam.exe) | 11.54 Mo] - (.Valve Corporation - Steam Client WebHelper.) - (4.44.85.6) = D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe [01/11/2016 10:43:43] --> Command Line : 10536 | [Owner : Mosheur | Parent : 10104(steamwebhelper.exe) | 1.87 Mo] - (.Valve Corporation - Steam Client WebHelper.) - (4.44.85.6) = D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe [01/11/2016 10:43:43] --> Command Line : 10628 | [Owner : Système | Parent : 892(services.exe) | 1.56 Mo] - (.Valve Corporation - Steam Client Service.) - (4.44.85.6) = C:\Program Files (x86)\Common Files\Steam\SteamService.exe [31/08/2017 16:33:35] --> Command Line : 12680 | [Owner : SERVICE LOCAL | Parent : 1056(svchost.exe) | 0.52 Mo] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (6.2.9200.16384) = C:\Windows\System32\WUDFHost.exe [31/08/2017 19:46:59] --> Command Line : 13984 | [Owner : Mosheur | Parent : 10104(steamwebhelper.exe) | 9.12 Mo] - (.Valve Corporation - Steam Client WebHelper.) - (4.44.85.6) = D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe [01/11/2016 10:43:43] --> Command Line : 20396 | [Owner : Mosheur | Parent : 3172() | 4.36 Mo] - (.Intel Corporation - IAStorIcon.) - (13.0.3.1001) = C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [11/04/2014 09:31:06] --> Command Line : 30296 | [Owner : Système | Parent : 892(services.exe) | 13.44 Mo] - (.Intel Corporation - IAStorDataSvc.) - (13.0.3.1001) = C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [11/04/2014 09:31:04] --> Command Line : 30472 | [Owner : Système | Parent : 892(services.exe) | 4.15 Mo] - (.AO Kaspersky Lab - Kaspersky Secure Connection.) - (18.0.0.405) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe [24/01/2017 18:57:40] --> Command Line : 30140 | [Owner : Système | Parent : 892(services.exe) | 42.86 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:31:13] --> Command Line : 32080 | [Owner : Mosheur | Parent : 30472(ksde.exe) | 1.86 Mo] - (.AO Kaspersky Lab - Kaspersky Secure Connection.) - (18.0.0.405) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksdeui.exe [31/08/2017 16:15:39] --> Command Line : 9708 | [Owner : SERVICE LOCAL | Parent : 1280(svchost.exe) | ?????] - (.Microsoft Corporation - Isolation graphique de périphérique audio Windows.) - (6.1.7601.23471) = C:\Windows\System32\audiodg.exe [31/08/2017 11:43:14] --> Command Line : 864628 | [Owner : Système | Parent : 1132(svchost.exe) | 3.81 Mo] - (.Microsoft Corporation - Moteur du Planificateur de tâches.) - (6.1.7601.17514) = C:\Windows\System32\taskeng.exe [20/01/2011 14:28:51] --> Command Line : 857520 | [Owner : Mosheur | Parent : 1980(explorer.exe) | 153.7 Mo] - (.Google Inc. - Google Chrome.) - (65.0.3325.181) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [13/02/2018 18:44:58] --> Command Line : 862612 | [Owner : Mosheur | Parent : 857520(chrome.exe) | 5.84 Mo] - (.Google Inc. - Google Chrome.) - (65.0.3325.181) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [13/02/2018 18:44:58] --> Command Line : 16236 | [Owner : Mosheur | Parent : 857520(chrome.exe) | 6.1 Mo] - (.Google Inc. - Google Chrome.) - (65.0.3325.181) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [13/02/2018 18:44:58] --> Command Line : 859544 | [Owner : Mosheur | Parent : 857520(chrome.exe) | 72.72 Mo] - (.Google Inc. - Google Chrome.) - (65.0.3325.181) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [13/02/2018 18:44:58] --> Command Line : 862108 | [Owner : Mosheur | Parent : 857520(chrome.exe) | 28.92 Mo] - (.Google Inc. - Google Chrome.) - (65.0.3325.181) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [13/02/2018 18:44:58] --> Command Line : 862756 | [Owner : Mosheur | Parent : 857520(chrome.exe) | 145.96 Mo] - (.Google Inc. - Google Chrome.) - (65.0.3325.181) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [13/02/2018 18:44:58] --> Command Line : 821184 | [Owner : Mosheur | Parent : 857520(chrome.exe) | 20.48 Mo] - (.Google Inc. - Google Chrome.) - (65.0.3325.181) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [13/02/2018 18:44:58] --> Command Line : 866060 | [Owner : Mosheur | Parent : 857520(chrome.exe) | 29.52 Mo] - (.Google Inc. - Google Chrome.) - (65.0.3325.181) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [13/02/2018 18:44:58] --> Command Line : 861608 | [Owner : Mosheur | Parent : 857520(chrome.exe) | 45.18 Mo] - (.Google Inc. - Google Chrome.) - (65.0.3325.181) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [13/02/2018 18:44:58] --> Command Line : 25640 | [Owner : Mosheur | Parent : 857520(chrome.exe) | 25.08 Mo] - (.Google Inc. - Google Chrome.) - (65.0.3325.181) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [13/02/2018 18:44:58] --> Command Line : 533796 | [Owner : Mosheur | Parent : 857520(chrome.exe) | 21.8 Mo] - (.Google Inc. - Google Chrome.) - (65.0.3325.181) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [13/02/2018 18:44:58] --> Command Line : 862548 | [Owner : Mosheur | Parent : 857520(chrome.exe) | 21.76 Mo] - (.Google Inc. - Google Chrome.) - (65.0.3325.181) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [13/02/2018 18:44:58] --> Command Line : 387464 | [Owner : Mosheur | Parent : 857520(chrome.exe) | 141.54 Mo] - (.Google Inc. - Google Chrome.) - (65.0.3325.181) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [13/02/2018 18:44:58] --> Command Line : 593184 | [Owner : Mosheur | Parent : 857520(chrome.exe) | 47.06 Mo] - (.Google Inc. - Google Chrome.) - (65.0.3325.181) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [13/02/2018 18:44:58] --> Command Line : 862588 | [Owner : Mosheur | Parent : 857520(chrome.exe) | 195.6 Mo] - (.Google Inc. - Google Chrome.) - (65.0.3325.181) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [13/02/2018 18:44:58] --> Command Line : 854984 | [Owner : Mosheur | Parent : 857520(chrome.exe) | 65.7 Mo] - (.Google Inc. - Google Chrome.) - (65.0.3325.181) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [13/02/2018 18:44:58] --> Command Line : 9188 | [Owner : Système | Parent : 6872(SearchIndexer.exe) | 7.52 Mo] - (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) - (7.0.7601.23930) = C:\Windows\System32\SearchProtocolHost.exe [15/11/2017 12:28:13] --> Command Line : 7212 | [Owner : Système | Parent : 6872(SearchIndexer.exe) | 6.5 Mo] - (.Microsoft Corporation - Microsoft Windows Search Filter Host.) - (7.0.7601.23930) = C:\Windows\System32\SearchFilterHost.exe [15/11/2017 12:28:13] --> Command Line : 5704 | [Owner : Mosheur | Parent : 1980(explorer.exe) | 36.87 Mo] - (.SosVirus - QuickDiag.) - (22.10.17.1) = C:\Users\Mosheur\Desktop\QuickDiag.exe [16/04/2018 18:25:41] --> Command Line : 1120 | [Owner : SERVICE RÉSEAU | Parent : 536(svchost.exe) | 10.9 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (6.1.7601.17514) = C:\Windows\System32\wbem\WmiPrvSE.exe [20/01/2011 14:28:37] --> Command Line : 865436 | [Owner : Système | Parent : 536(svchost.exe) | 7.54 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (6.1.7601.17514) = C:\Windows\System32\wbem\WmiPrvSE.exe [20/01/2011 14:28:37] --> Command Line : 865420 | [Owner : SERVICE RÉSEAU | Parent : 536(svchost.exe) | 7.54 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (6.1.7601.17514) = C:\Windows\SysWOW64\wbem\WmiPrvSE.exe [20/01/2011 14:28:51] --> Command Line : 861976 | [Owner : SERVICE RÉSEAU | Parent : 892(services.exe) | 9.75 Mo] - (.Microsoft Corporation - Service de la plateforme de protection logicielle Microsoft.) - (6.1.7601.17514) = C:\Windows\System32\sppsvc.exe [20/01/2011 14:28:07] --> Command Line : ---------- | MD5 [MD5.38AE1B3C38FAEF56FE4907922F0385BA] - [31/08/2017 11:40:52] - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [3154 Ko] - (6.1.7601.23537) : C:\Windows\Explorer.exe [MD5.5746BD7E255DD6A8AFA06F7C42C1BA41] - [20/01/2011 14:28:05] - (.© Microsoft Corporation. Tous droits réservés. - Interpréteur de commandes Windows.) - [337 Ko] - (6.1.7601.17514) : C:\Windows\System32\cmd.exe [MD5.60C2862B4BF0FD9F582EF344C2B1EC72] - [14/07/2009 01:19:49] - (.© Microsoft Corporation. Tous droits réservés. - Processus d’exécution client-serveur.) - [7.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\csrss.exe [MD5.A8EDB86FC2A4D6D1285E4C70384AC35A] - [14/07/2009 01:59:17] - (.© Microsoft Corporation. - COM Surrogate.) - [9.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\dllhost.exe [MD5.8A86F3ED8E29AED3EF28A4660A256609] - [11/04/2018 09:00:18] - (.© Microsoft Corporation. Tous droits réservés. - DLL du client API BASE Windows NT.) - [1136 Ko] - (6.1.7601.24094) : C:\Windows\System32\Kernel32.dll [MD5.A3FFECF43819C7162DF774E43C6C724C] - [11/04/2018 09:00:18] - (.© Microsoft Corporation. - Local Security Authority Process.) - [30 Ko] - (6.1.7601.24094) : C:\Windows\System32\lsass.exe [MD5.BA6C9EE518A11DA4AD061B223EBED3D3] - [05/01/2018 11:22:56] - (.© Microsoft Corporation. - Distributed COM Services.) - [500 Ko] - (6.1.7601.24000) : C:\Windows\System32\rpcss.dll [MD5.C36BB659F08F046B139C8D1B980BF1AC] - [31/08/2017 11:43:13] - (.© Microsoft Corporation. Tous droits réservés. - Processus hôte Windows (Rundll32).) - [45 Ko] - (6.1.7601.23755) : C:\Windows\System32\rundll32.exe [MD5.71C85477DF9347FE8E7BC55768473FCA] - [31/08/2017 11:42:01] - (.© Microsoft Corporation. Tous droits réservés. - Applications Services et Contrôleur.) - [321 Ko] - (6.1.7601.18829) : C:\Windows\System32\services.exe [MD5.C78655BC80301D76ED4FEF1C1EA40A7D] - [14/07/2009 01:31:13] - (.© Microsoft Corporation. Tous droits réservés. - Processus hôte pour les services Windows.) - [26.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\svchost.exe [MD5.34BA256FBF83457F9D5E51A56DB54542] - [31/08/2017 11:43:15] - (.© Microsoft Corporation. Tous droits réservés. - DLL client de l’API uilisateur de Windows multi-utilisateurs.) - [985.5 Ko] - (6.1.7601.23594) : C:\Windows\System32\user32.dll [MD5.BAFE84E637BF7388C96EF48D4D3FDD53] - [20/01/2011 14:28:54] - (.© Microsoft Corporation. Tous droits réservés. - Application d’ouverture de session Userinit.) - [30 Ko] - (6.1.7601.17514) : C:\Windows\System32\userinit.exe [MD5.94355C28C1970635A31B3FE52EB7CEBA] - [14/07/2009 01:52:37] - (.© Microsoft Corporation. Tous droits réservés. - Application de démarrage de Windows.) - [126 Ko] - (6.1.7600.16385) : C:\Windows\System32\Wininit.exe [MD5.11D6A262B617130F7C16E308C12E0D41] - [05/01/2018 11:22:56] - (.© Microsoft Corporation. Tous droits réservés. - Application d’ouverture de session Windows.) - [445 Ko] - (6.1.7601.24000) : C:\Windows\System32\Winlogon.exe [MD5.0DC2A9882540DEA4A55B08785E09D8FC] - [31/08/2017 11:43:15] - (.© Microsoft Corporation. Tous droits réservés. - Ancillary Function Driver for WinSock.) - [484.5 Ko] - (6.1.7601.23761) : C:\Windows\System32\Drivers\afd.sys [MD5.02062C0B390B7729EDC9E69C680A6F3C] - [14/07/2009 01:19:47] - (.© Microsoft Corporation. - ATAPI IDE Miniport Driver.) - [23.56 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\atapi.sys [MD5.059F00DEF82BF41E433B7ED465847726] - [31/08/2017 11:41:59] - (.© Microsoft Corporation. - ATAPI Driver Extension.) - [151.94 Ko] - (6.1.7601.18231) : C:\Windows\System32\Drivers\ataport.sys [MD5.B8BD2BB284668C84865658C77574381A] - [14/07/2009 01:19:47] - (.© Microsoft Corporation. - CD-ROM File System Driver.) - [90 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\cdfs.sys [MD5.F036CE71586E93D94DAB220D7BDF4416] - [20/01/2011 14:27:52] - (.© Microsoft Corporation. - SCSI CD-ROM Driver.) - [144 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\cdrom.sys [MD5.7D2D2284833760A82308CF09F7618E8B] - [05/01/2018 11:22:55] - (.© Microsoft Corporation. - DFS Namespace Client Driver.) - [104 Ko] - (6.1.7601.24000) : C:\Windows\System32\Drivers\dfsc.sys [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - [20/01/2011 14:27:51] - (.© Microsoft Corporation. - High Definition Audio Bus Driver.) - [119.5 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\hdaudbus.sys [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - [14/07/2009 01:19:58] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de port i8042.) - [103 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\i8042prt.sys [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - [14/07/2009 02:10:03] - (.© Microsoft Corporation. - IP Network Address Translator.) - [113.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\ipnat.sys [MD5.441EF1EAAB2C3D72C008E0E04B6893ED] - [11/04/2018 09:00:18] - (.© Microsoft Corporation. - Windows NT SMB Minirdr.) - [156.5 Ko] - (6.1.7601.24094) : C:\Windows\System32\Drivers\mrxsmb.sys [MD5.261F27367EB6EA6478B940811F0A6F03] - [05/01/2018 11:22:56] - (.© Microsoft Corporation. Tous droits réservés. - Pilote NDIS 6.20.) - [926.73 Ko] - (6.1.7601.24000) : C:\Windows\System32\Drivers\ndis.sys [MD5.734837208CAFD6E0959A7A0333C95C9D] - [13/09/2017 15:25:26] - (.© Microsoft Corporation. - MBT Transport driver.) - [256.5 Ko] - (6.1.7601.23889) : C:\Windows\System32\Drivers\netbt.sys [MD5.A97B92D11270695B15C3663BCCB737D3] - [05/01/2018 11:22:57] - (.© Microsoft Corporation. Tous droits réservés. - Pilote du système de fichiers NT.) - [1641.23 Ko] - (6.1.7601.24000) : C:\Windows\System32\Drivers\ntfs.sys [MD5.0086431C29C35BE1DBC43F52CC273887] - [14/07/2009 02:00:41] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de port parallèle.) - [95 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\parport.sys [MD5.471815800AE33E6F1C32FB1B97C490CA] - [20/01/2011 14:29:02] - (.© Microsoft Corporation. - RAS L2TP mini-port/call-manager driver.) - [126.5 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\rasl2tp.sys [MD5.548260A7B8654E024DC30BF8A7C5BAA4] - [14/07/2009 02:09:09] - (.© Microsoft Corporation. - SMB Transport driver.) - [91 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\smb.sys [MD5.8A54B9C4206FBAB2CEE3525CFD365241] - [14/02/2018 14:48:17] - (.© Microsoft Corporation. Tous droits réservés. - Pilote TCP/IP.) - [1849.73 Ko] - (6.1.7601.24024) : C:\Windows\System32\Drivers\tcpip.sys [MD5.4DD986720F7CB7A8A5D1226793097B9A] - [31/08/2017 11:43:14] - (.© Microsoft Corporation. - TDI Translation Driver.) - [114.5 Ko] - (6.1.7601.23880) : C:\Windows\System32\Drivers\tdx.sys [MD5.0D08D2F3B3FF84E433346669B5E0F639] - [20/01/2011 14:27:52] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de cliché instantané du volume.) - [288.88 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\volsnap.sys ---------- | Locked Applications ---------- | Explorer.exe component call (Microsoft Files Whitelisted) (.NVIDIA Corporation.-.NVIDIA shim initialization dll, Version 391.35.) - (23.21.13.9135) -- C:\Windows\system32\nvinitx.dll (.AO Kaspersky Lab.-.Shell Extension.) - (18.0.0.537) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\x64\ShellEx.dll (.AO Kaspersky Lab.-.Helper Library.) - (1.8.145.31) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\x64\remote_eka_prague_loader.dll (.AO Kaspersky Lab.-.PR_REMOTE.) - (1.8.145.39) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\x64\prremote.dll (.AO Kaspersky Lab.-.Prague Core.) - (1.8.145.0) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\x64\prcore.dll (.AO Kaspersky Lab.-.Component service provider.) - (1.10.0.0) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\x64\kl_service.dll (.AO Kaspersky Lab.-.Proxy Stubs.) - (18.0.0.445) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\x64\pxstub.ppl (.AO Kaspersky Lab.-.Structure Serializer.) - (18.0.0.634) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\x64\params.ppl (.AO Kaspersky Lab.-.Kaspersky Product Info library.) - (18.0.0.539) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\x64\product_info.dll (.AO Kaspersky Lab.-.Product Metainformation.) - (18.0.0.634) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\x64\product_metainfo.dll (.NVIDIA Corporation.-.NVIDIA NVAPI Library, Version 391.35.) - (23.21.13.9135) -- C:\Windows\system32\nvapi64.dll (.NVIDIA Corporation.-.NVIDIA Display Shell Extension.) - (1.2.0.1) -- C:\Windows\system32\nvshext.dll (.Intel Corporation.-.igfxDTCM Module.) - (6.15.10.4264) -- C:\Windows\system32\igfxDTCM.dll (.Intel Corporation.-.igfxOSP Module.) - (6.15.10.4264) -- C:\Windows\system32\igfxOSP.dll (.NVIDIA Corporation.-.NVIDIA Display Properties Extension.) - (8.17.13.9135) -- C:\Windows\system32\nvcpl.dll (.Malwarebytes.-.Malwarebytes.) - (3.0.0.26) -- C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll (.Alexander Roshal.-.WinRAR shell extension.) - (5.50.0.0) -- C:\Program Files\WinRAR\rarext.dll (.VS Revo Group.-.Revo Uninstaller Pro Extension.) - (1.0.0.3) -- C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll (.NVIDIA Corporation.-.NVIDIA Shell Extensions.) - (6.14.13.9135) -- C:\Windows\system32\nv3dappshext.dll ---------- | Svchost.exe component call (Microsoft Files Whitelisted) (.(C) 2018 NVIDIA Corporation..-.NVIDIA shim initialization dll, Version 391.35.) - (23.21.13.9135) -- C:\Windows\system32\nvinitx.dll (.Copyright (c) 2014 Realtek Semiconductor Corp..-.Realtek(r) LFX/GFX DSP component.) - (11.0.6000.365) -- C:\Windows\system32\RtkAPO64.dll ---------- | ZeroAccess Check [HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\shell32.dll [HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll [HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\shell32.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll ---------- | Startings up GarminExpressTrayApp - ("C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" [HKU\S-1-5-18\SOFTWARE\...\Run]) - User: AUTORITE NT\Système Sidebar - (%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [HKU\S-1-5-19\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE LOCAL Sidebar - (%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [HKU\S-1-5-20\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE RÉSEAU Steam - ("D:\Program Files (x86)\Steam\steam.exe" -silent [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\SOFTWARE\...\Run]) - User: Mosheur-PC\Mosheur EADM - ("D:\Program Files (x86)\Origin\Origin.exe" -AutoStart [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\SOFTWARE\...\Run]) - User: Mosheur-PC\Mosheur Skype - ("C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\SOFTWARE\...\Run]) - User: Mosheur-PC\Mosheur CCleaner Monitoring - ("C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\SOFTWARE\...\Run]) - User: Mosheur-PC\Mosheur GarminExpressTrayApp - ("C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" [HKU\.DEFAULT\SOFTWARE\...\Run]) - User: .DEFAULT RTHDVCPL - ("C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s [HKLM\SOFTWARE\...\Run]) - User: Public IAStorIcon - ("C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60 [HKLM\SOFTWARE\...\Run]) - User: Public XboxStat - ("C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun [HKLM\SOFTWARE\...\Run]) - User: Public [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\Software\Microsoft\Command Processor] "CompletionChar"=9 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=9 [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Steam"="D:\Program Files (x86)\Steam\steam.exe" -silent "EADM"="D:\Program Files (x86)\Origin\Origin.exe" -AutoStart "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "Device"=EPSON XP-312 313 315 Series,winspool,Ne02: "UserSelectedDefault"=1 [HKLM\Software\Microsoft\Command Processor] "CompletionChar"=64 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=64 [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s "IAStorIcon"="C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60 "XboxStat"="C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "IconServiceLib"=IconCodecService.dll "DdeSendTimeout"=0 "DesktopHeapLogging"=1 "GDIProcessHandleQuota"=10000 "ShutdownWarningDialogTimeout"=4294967295 "USERNestedWindowLimit"=50 "USERPostMessageLimit"=10000 "USERProcessHandleQuota"=10000 ""=mnmsrvc "DeviceNotSelectedTimeout"=15 "Spooler"=yes "TransmissionRetryTimeout"=90 "AppInit_DLLs"=C:\Windows\system32\nvinitx.dll [01/09/2017 09:31:49] "LoadAppInit_DLLs"=1 [HKLM\Software\WOW6432Node\Microsoft\Command Processor] "CompletionChar"=64 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=64 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] "USB3MON"="C:\Program Files (x86)\Intel\Intel(R) USB 3.0 3.1 eXtensible Host Controller Driver\Application\iusb3mon.exe" "LWS"=C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows] "IconServiceLib"=IconCodecService.dll "DdeSendTimeout"=0 "DesktopHeapLogging"=1 "GDIProcessHandleQuota"=10000 "ShutdownWarningDialogTimeout"=4294967295 "USERNestedWindowLimit"=50 "USERPostMessageLimit"=10000 "USERProcessHandleQuota"=10000 ""=mnmsrvc "DeviceNotSelectedTimeout"=15 "Spooler"=yes "TransmissionRetryTimeout"=90 "AppInit_DLLs"=C:\Windows\SysWOW64\nvinit.dll [01/09/2017 09:31:49] "LoadAppInit_DLLs"=1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED} ---------- | Win.ini : ---------- | System.ini : ---------- | Tasks List Adobe Acrobat Update Task Adobe Flash Player NPAPI Notifier Adobe Flash Player PPAPI Notifier Adobe Flash Player Updater CCleaner Update CCleanerSkipUAC EPSON XP-312 313 315 Series Invitation {CF730C10-C411-4F5C-820A-0809B90164A9} EPSON XP-312 313 315 Series Update {CF730C10-C411-4F5C-820A-0809B90164A9} ErrorFixKIT GarminUpdaterTask GoogleUpdateTaskMachineCore GoogleUpdateTaskMachineUA NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} {046A7683-A8D2-4BA1-A840-4551A1A2728C} {0935B356-400C-4433-BE98-533ADBCEAE24} {0EBF5027-FA63-4FED-8432-04B4D4BDA2B2} {193B7F9E-8125-48FF-AD2B-E22EB1F97DD5} {2EBF33E4-D2BA-4BF4-9C2E-E4E69E64BD9C} {32724301-C210-4090-A09B-8C7B9F530559} {35CCE60E-9D6B-4A09-922B-31F56A22DF1C} {3895AAED-AA40-45A8-B3BC-E22C005C159F} {3F032F11-24C7-4893-AF0F-6F674B2E7455} {4370A0CA-C033-4C7D-BD5F-FF27860BC0D0} {4AEB6F76-01A7-4D83-9EBA-7A141648B9F3} {4E0A311B-2079-4D24-B6A3-BDB2371F30C3} {534AF700-0ACC-4D26-B04D-49A063FB936C} {62947ECB-A822-45DE-86FC-78D77B1B1ED1} {6943E509-FB3A-4B21-900A-CABB114DD64F} {728B5AAF-573A-40AC-91EB-AA856F8E98E3} {74517E31-0119-435A-91C7-54CF1ED590AB} {8187B8A4-D390-4B34-8F3B-A0A9261F3D64} {81E28C97-12F1-47F2-A8C6-D155C61DC4F2} {82A8A879-2431-45C2-B615-A34344F5E082} {8F4626D9-2BB5-4AAA-9FB2-0188210E05B6} {A2B8B39A-38FF-4B05-AA34-6B76D36E0430} {A3DFA161-07B0-4047-82BD-331F88EFC5E0} {B4766559-724F-457D-9E36-0D8942475FED} {BB2696AA-56D8-4948-9C7F-722FB181D267} {C8A26AC2-E783-4849-9324-63867602DA88} {C8AB2370-65B9-48F5-ADF2-E405C90E5A43} {CE172C37-AB47-4D04-9BAB-B29619A5B330} {CEA95AEA-65D7-4806-A593-D79BF4EAB019} {DD287CA5-36EE-429B-8F75-7C0908E34DD9} {DD63EB32-22C9-4735-9643-C7F293AB8F8C} {E12000AF-4DE5-48AE-A5BE-1378A631A1E5} {EDC56B31-23B0-4274-BC41-DD10A66FEC49} {F11A9475-F16D-4438-9154-7FF6F4EECECC} {FF1C9817-8D62-4463-9D2D-E017F4A4EFAF} {FF1D0627-78F3-4E61-9F8B-7C48709D6F8B} ---------- | Startings up registry ? Folder [HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Discord] : C:\Users\Mosheur\AppData\Local\Discord\app-0.0.299\Discord.exe [12/12/2017 11:16:18] [HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EPLTarget] : [HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GarminExpressTrayApp] : "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" ---------- | Control - lsa - SecurityProviders - Session Manager - Terminal Server [HKLM\System\CurrentControlSet\Control] "PreshutdownOrder"=wuauserv gpsvc trustedinstaller "WaitToKillServiceTimeout"=200 "CurrentUser"=USERNAME "BootDriverFlags"=0 "ServiceControlManagerExtension"=%systemroot%\system32\scext.dll "SystemStartOptions"= NOEXECUTE=OPTIN "SystemBootDevice"=multi(0)disk(0)rdisk(0)partition(2) "FirmwareBootDevice"=multi(0)disk(0)rdisk(0)partition(1) [HKLM\System\CurrentControlSet\Control\lsa] "auditbaseobjects"=0 "auditbasedirectories"=0 "crashonauditfail"=0 "fullprivilegeauditing"=0x00 "Bounds"=0x0030000000200000 "LimitBlankPasswordUse"=1 "NoLmHash"=1 "Notification Packages"=scecli "Security Packages"=kerberos msv1_0 schannel wdigest tspkg pku2u "Authentication Packages"=msv1_0 "LsaPid"=932 "SecureBoot"=1 "ProductType"=3 "disabledomaincreds"=0 "everyoneincludesanonymous"=0 "forceguest"=0 "restrictanonymous"=0 "restrictanonymoussam"=1 [HKLM\System\CurrentControlSet\Control\SecurityProviders] "SecurityProviders"=credssp.dll [HKLM\System\CurrentControlSet\Control\Session Manager] "CriticalSectionTimeout"=2592000 "GlobalFlag"=0 "HeapDeCommitFreeBlockThreshold"=0 "HeapDeCommitTotalFreeThreshold"=0 "HeapSegmentCommit"=0 "HeapSegmentReserve"=0 "ProcessorControl"=2 "ResourceTimeoutCount"=648000 "BootExecute"=autocheck autochk * "ExcludeFromKnownDlls"= "ObjectDirectories"=\Windows \RPC Control "ProtectionMode"=1 "NumberOfInitialSessions"=2 "SetupExecute"= [HKLM\System\CurrentControlSet\Control\Terminal Server] "RCDependentServices"=CertPropSvc SessionEnv "NotificationTimeOut"=0 "SnapshotMonitors"=1 "ProductVersion"=5.1 "AllowRemoteRPC"=0 "DelayConMgrTimeout"=0 "fDenyTSConnections"=1 "StartRCM"=0 "TSAdvertise"=0 "DeleteTempDirsOnExit"=1 "fSingleSessionPerUser"=1 "PerSessionTempDir"=0 "TSUserEnabled"=0 "InstanceID"=40eaf986-6d00-4b61-8975-ae7ec6e "fCredentialLessLogonSupported"=1 "fCredentialLessLogonSupportedTSS"=1 "fCredentialLessLogonSupportedKMRDP"=1 ---------- | .LNK with Arguments ---------- | AppCertDlls ---------- | Dnsapi.dll C:\Windows\System32\dnsapi.dll -> OK : \drivers\etc\hosts C:\Windows\SysWOW64\dnsapi.dll -> OK : \drivers\etc\hosts ---------- | Policies | Registry [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\Control Panel\Desktop] "ScreenSaveActive"=1 "ActiveWndTrackTimeout"=0 "BlockSendInputResets"=0 "CaretWidth"=1 "ClickLockTime"=1200 "CoolSwitchColumns"=7 "CoolSwitchRows"=3 "CursorBlinkRate"=530 "DockMoving"=1 "DragFromMaximize"=1 "DragFullWindows"=1 "DragHeight"=4 "DragWidth"=4 "FocusBorderHeight"=1 "FocusBorderWidth"=1 "FontSmoothing"=2 "FontSmoothingGamma"=0 "FontSmoothingOrientation"=1 "FontSmoothingType"=2 "ForegroundFlashCount"=7 "ForegroundLockTimeout"=200000 "LeftOverlapChars"=3 "MenuShowDelay"=400 "PaintDesktopVersion"=0 "RightOverlapChars"=3 "SnapSizing"=1 "TileWallpaper"=0 "WallpaperOriginX"=0 "WallpaperOriginY"=0 "WallpaperStyle"=0 "WheelScrollChars"=3 "WheelScrollLines"=3 "WindowArrangementActive"=1 "UserPreferencesMask"=0x9E3E078012000000 "Wallpaper"=C:\Users\Mosheur\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg [31/08/2017 11:14:10] "Pattern Upgrade"=TRUE "SCRNSAVE.EXE"=C:\Windows\system32\scrnsave.scr [14/07/2009 01:56:35] "WaitToKillAppTimeout"=200 "HungAppTimeout"=200 [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\Software\Microsoft\Windows\CurrentVersion\Explorer] "ExplorerStartupTraceRecorded"=1 "ShellState"=0x240000003028000000000000000000000000000001000000120000000000000022000000 "CleanShutdown"=0 "Browse For Folder Width"=347 "Browse For Folder Height"=341 "link"=0x18000000 [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_SearchFiles"=2 "ServerAdminUI"=0 "Hidden"=2 "ShowCompColor"=1 "HideFileExt"=1 "DontPrettyPath"=0 "ShowInfoTip"=1 "HideIcons"=0 "MapNetDrvBtn"=0 "WebView"=1 "Filter"=0 "SuperHidden"=0 "SeparateProcess"=0 "AutoCheckSelect"=0 "IconsOnly"=0 "ShowTypeOverlay"=1 "ListviewAlphaSelect"=1 "ListviewShadow"=1 "TaskbarAnimations"=1 "StartMenuInit"=4 "TaskbarSizeMove"=1 "DisablePreviewDesktop"=0 "TaskbarSmallIcons"=1 "TaskbarGlomLevel"=0 ""=0 "ShowSuperHidden"=0 "AlwaysShowMenus"=0 [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\WordWheelQuery] "MRUListEx"=0x0A00000009000000080000000700000006000000050000000400000003000000020000000100000000000000FFFFFFFF "0"=0x73006B000000 "1"=0x73007400650061006D000000 "2"=0x73006B0079000000 "3"=0x660069006300680065002000640065002000700061007900650020006D0061006E00690063006F00720070000000 "4"=0x530041004E004400520049004E0045000000 "5"=0x6D0075000000 "6"=0x430041004C004C000000 "7"=0x6F00700065006E0020006F00660066000000 "8"=0x6F00700065006E006F00660066006900630065000000 "9"=0x4F00700065006E004F00660066006900630065002000430061006C0063000000 "10"=0x67006F006F0067006C0065000000 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableVirtualization"=1 "PromptOnSecureDesktop"=1 "ValidateAdminCodeSignatures"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "FilterAdministratorToken"=0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "ForceActiveDesktopOn"=0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoAddingComponents"=1 "NoComponents"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "CheckedValue"=1 "ValueName"=Hidden "DefaultValue"=2 "HKeyRoot"=2147483649 "HelpID"=shell.hlp#51105 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer] "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "BrowserCFCreator"={57f8510b-a5e2-41da-a8f0-8a5ae85dfffd} "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "IconUnderline"=2 "GlobalAssocChangedCounter"=26 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "TaskbarSizeMove"=0 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableVirtualization"=1 "PromptOnSecureDesktop"=1 "ValidateAdminCodeSignatures"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "FilterAdministratorToken"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "ForceActiveDesktopOn"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoAddingComponents"=1 "NoComponents"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "CheckedValue"=1 "ValueName"=Hidden "DefaultValue"=2 "HKeyRoot"=2147483649 "HelpID"=shell.hlp#51105 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer] "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "BrowserCFCreator"={57f8510b-a5e2-41da-a8f0-8a5ae85dfffd} "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "IconUnderline"=2 "GlobalAssocChangedCounter"=86 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "TaskbarSizeMove"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s ---------- | Winlogon [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin "BuildNumber"=7601 "FirstLogon"=0 "ParseAutoexec"=1 [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "ReportBootOk"=1 "Shell"=explorer.exe "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "Userinit"=C:\Windows\system32\userinit.exe, "VMApplet"=SystemPropertiesPerformance.exe /pagefile "AutoRestartShell"=1 "Background"=0 0 0 "CachedLogonsCount"=10 "DebugServerCommand"=no "ForceUnlockLogon"=0 "LegalNoticeCaption"= "LegalNoticeText"= "PasswordExpiryWarning"=5 "PowerdownAfterShutdown"=0 "ShutdownWithoutLogon"=0 "WinStationsDisabled"=0 "DisableCAD"=1 "scremoveoption"=0 "ShutdownFlags"=43 [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon] "ReportBootOk"=1 "Shell"=explorer.exe "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "DefaultDomainName"= "DefaultUserName"= "Userinit"=userinit.exe, "VMApplet"=SystemPropertiesPerformance.exe /pagefile ---------- | Associations [HKLM\Software\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\Classes\.com] ""=comfile [HKLM\Software\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.reg] ""=regfile [HKLM\Software\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\Classes\.scr] ""=scrfile [HKLM\Software\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\Classes\.bat] ""=batfile [HKLM\Software\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.cmd] ""=cmdfile [HKLM\Software\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.pif] ""=piffile [HKLM\Software\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.inf] ""=inffile [HKLM\Software\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\Classes\.url] ""=InternetShortcut [HKLM\Software\Classes\.lnk] ""=lnkfile [HKLM\Software\Classes\.hta] "PerceivedType"=text ""=htafile "Content Type"=application/hta [HKLM\Software\Classes\htafile\Shell\Open\Command] ""=C:\Windows\SysWOW64\mshta.exe "%1" %* [HKLM\Software\Classes\InternetShortcut] "NeverShowExt"= "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "EditFlags"=2 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "FriendlyTypeName"=@C:\Windows\System32\ieframe.dll,-10046 "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment [HKLM\Software\Classes\Application.Manifest] ""=Application Manifest "EditFlags"=65536 "BrowserFlags"=4096 "FriendlyTypeName"=@dfshim.dll,-200 [HKLM\Software\Classes\Application.Reference] "NeverShowExt"= ""=Application Reference "IsShortcut"= "EditFlags"=131072 "FriendlyTypeName"=@dfshim.dll,-201 [HKLM\Software\Classes\Folder] "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeLayoutPatternForSearch"=alpha "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay ""=Folder "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.ItemTypeText [HKLM\Software\WOW6432Node\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\WOW6432Node\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\WOW6432Node\Classes\.com] ""=comfile [HKLM\Software\WOW6432Node\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.reg] ""=regfile [HKLM\Software\WOW6432Node\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\WOW6432Node\Classes\.scr] ""=scrfile [HKLM\Software\WOW6432Node\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\WOW6432Node\Classes\.bat] ""=batfile [HKLM\Software\WOW6432Node\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.cmd] ""=cmdfile [HKLM\Software\WOW6432Node\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.pif] ""=piffile [HKLM\Software\WOW6432Node\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.inf] ""=inffile [HKLM\Software\WOW6432Node\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\WOW6432Node\Classes\.url] ""=InternetShortcut [HKLM\Software\WOW6432Node\Classes\.lnk] ""=lnkfile [HKLM\Software\WOW6432Node\Classes\.hta] "PerceivedType"=text ""=htafile "Content Type"=application/hta [HKLM\Software\WOW6432Node\Classes\htafile\Shell\Open\Command] ""=C:\Windows\SysWOW64\mshta.exe "%1" %* [HKLM\Software\WOW6432Node\Classes\InternetShortcut] "NeverShowExt"= "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "EditFlags"=2 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "FriendlyTypeName"=@C:\Windows\System32\ieframe.dll,-10046 "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment [HKLM\Software\WOW6432Node\Classes\Application.Manifest] ""=Application Manifest "EditFlags"=65536 "BrowserFlags"=4096 "FriendlyTypeName"=@dfshim.dll,-200 [HKLM\Software\WOW6432Node\Classes\Application.Reference] "NeverShowExt"= ""=Application Reference "IsShortcut"= "EditFlags"=131072 "FriendlyTypeName"=@dfshim.dll,-201 [HKLM\Software\WOW6432Node\Classes\Folder] "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeLayoutPatternForSearch"=alpha "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay ""=Folder "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.ItemTypeText [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\Software\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\Shell\open\Command] ""="C:\Program Files\Mozilla Firefox\firefox.exe" [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\Software\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\InstallInfo] "ReinstallCommand"="C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\Software\Clients\StartMenuInternet\Firefox-E7CF176E110C211B\Shell\open\Command] ""="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\Software\Clients\StartMenuInternet\Firefox-E7CF176E110C211B\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\Shell\open\Command] ""="C:\Program Files\Mozilla Firefox\firefox.exe" [HKLM\Software\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\InstallInfo] "ReinstallCommand"="C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\Clients\StartMenuInternet\Firefox-E7CF176E110C211B\Shell\open\Command] ""="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [HKLM\Software\Clients\StartMenuInternet\Firefox-E7CF176E110C211B\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\Clients\StartMenuInternet\FIREFOX.EXE\Shell\open\Command] ""="C:\Program Files\Mozilla Firefox\firefox.exe" [HKLM\Software\Clients\StartMenuInternet\FIREFOX.EXE\InstallInfo] "ReinstallCommand"="C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\Clients\StartMenuInternet\Google Chrome\Shell\open\Command] ""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [HKLM\Software\Clients\StartMenuInternet\Google Chrome\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""=C:\Program Files\Internet Explorer\iexplore.exe [11/04/2018 09:00:19] [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\Shell\open\Command] ""="C:\Program Files\Mozilla Firefox\firefox.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\InstallInfo] "ReinstallCommand"="C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Firefox-E7CF176E110C211B\Shell\open\Command] ""="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Firefox-E7CF176E110C211B\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\FIREFOX.EXE\Shell\open\Command] ""="C:\Program Files\Mozilla Firefox\firefox.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\FIREFOX.EXE\InstallInfo] "ReinstallCommand"="C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\Shell\open\Command] ""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""=C:\Program Files\Internet Explorer\iexplore.exe [11/04/2018 09:00:19] [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall ---------- | AppcompatFlags [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted] "C:\Program Files (x86)\InstallShield Installation Information\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}\setup.exe"=33 "C:\Program Files (x86)\Realtek\Realtek Windows NIC Driver\RTINSTALLER64.EXE"=1 "D:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\upc.exe"=32 "SIGN.MEDIA=22806E0 Setup.exe"=1 "SIGN.MEDIA=2FFE0D6 AUTORUN\DEMO32.EXE"=1 "SIGN.MEDIA=E24BC48 DIRECTX\dxsetup.exe"=1 "SIGN.MEDIA=6871C DRIVER\Win8_Win7_Vista_64\320.49\setup.exe"=1 "C:\Users\Public\Documents\Wondershare\filmora_64bit_full1084.exe"=1 "C:\ProgramData\Origin\SelfUpdate\Staged\OriginThinSetupInternal.exe"=1 "C:\Users\Mosheur\AppData\Local\Discord\Update.exe"=1 ---------- | IFEO ---------- | Mountpoints2 [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{334e6e51-1dee-11e8-b045-74d435beb381}] : I:\AutoRun.exe (AutoRun) ---------- | Windows [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "SwapMouseButtons"=#USR:Control Panel\Mouse "Beep"=#USR:Control Panel\Sound "DoubleClickSpeed"=#USR:Control Panel\Mouse "CoolSwitch"=USR:Control Panel\Desktop "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse ""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows "Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "SwapMouseButtons"=#USR:Control Panel\Mouse "Beep"=#USR:Control Panel\Sound "DoubleClickSpeed"=#USR:Control Panel\Mouse "CoolSwitch"=USR:Control Panel\Desktop "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems] "windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ---------- | Security center [HKLM\SOFTWARE\Microsoft\Security Center] "cval"=1 [HKLM\SOFTWARE\Microsoft\Security Center\svc] "VistaSp1"=128920218544262440 "AntiVirusOverride"=0 "AntiSpywareOverride"=0 "FirewallOverride"=0 [HKLM\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=0 "DisableRoutinelyTakingAction"=0 "ProductStatus"=0 "InstallTime"=0xDB5B10E73822D301 [HKLM\Software\WOW6432Node\Microsoft\Windows Defender] "DisableAntiSpyware"=0 "DisableRoutinelyTakingAction"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall"=1 ---------- | Safeboot [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] ---------- | Winsock (Whitelist) ---------- | Hosts # Fichier Hosts créé par RstHosts 127.0.0.1 localhost ::1 localhost # unchecky_begin # These rules were added by the Unchecky program in order to block advertising software modules 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com 0.0.0.0 media.opencandy.com 0.0.0.0 cdn.opencandy.com 0.0.0.0 tracking.opencandy.com 0.0.0.0 api.opencandy.com 0.0.0.0 api.recommendedsw.com 0.0.0.0 rp.yefeneri2.com 0.0.0.0 os.yefeneri2.com 0.0.0.0 os2.yefeneri2.com 0.0.0.0 installer.betterinstaller.com 0.0.0.0 installer.filebulldog.com 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net 0.0.0.0 inno.bisrv.com 0.0.0.0 nsis.bisrv.com 0.0.0.0 cdn.file2desktop.com 0.0.0.0 cdn.goateastcach.us 0.0.0.0 cdn.guttastatdk.us 0.0.0.0 cdn.inskinmedia.com 0.0.0.0 cdn.insta.oibundles2.com 0.0.0.0 cdn.insta.playbryte.com 0.0.0.0 cdn.llogetfastcach.us 0.0.0.0 cdn.montiera.com [47] More lines ---------- | Ping Envoi d'une requ?te 'ping' sur google.com [216.58.206.238] avec 32 octets de donn?es?: R?ponse de 216.58.206.238?: octets=32 temps=12 ms TTL=52 R?ponse de 216.58.206.238?: octets=32 temps=9 ms TTL=52 R?ponse de 216.58.206.238?: octets=32 temps=11 ms TTL=52 R?ponse de 216.58.206.238?: octets=32 temps=11 ms TTL=52 Statistiques Ping pour 216.58.206.238: Paquets?: envoy?s = 4, re?us = 4, perdus = 0 (perte 0%), Dur?e approximative des boucles en millisecondes : Minimum = 9ms, Maximum = 12ms, Moyenne = 10ms ---------- | @ [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\Software\Microsoft\Internet Explorer\Main] "Disable Script Debugger"=yes "Anchor Underline"=yes "Cache_Update_Frequency"=Once_Per_Session "Display Inline Images"=yes "Do404Search"=0x01000000 "Local Page"=C:\Windows\system32\blank.htm "Save_Session_History_On_Exit"=no "Show_FullURL"=no "Show_StatusBar"=yes "Show_ToolBar"=yes "Show_URLinStatusBar"=yes "Show_URLToolBar"=yes "Use_DlgBox_Colors"=yes "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "XMLHTTP"=1 "NoUpdateCheck"=1 "UseClearType"=no "Enable Browser Extensions"=yes "Play_Background_Sounds"=yes "Play_Animations"=yes "Start Page"=http://www.google.fr/ "CompatibilityFlags"=0 "FullScreen"=no "Window_Placement"=0x2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFDC0000004A0000000B06000008030000 "IE8RunOnceLastShown"=1 "IE8RunOnceLastShown_TIMESTAMP"=0xC985D9CE3922D301 "IE8TourShown"=1 "IE8TourShownTime"=0xB8394FDB3922D301 "DisableScriptDebuggerIE"=yes "OperationalData"=5 "ImageStoreRandomFolder"=hr6qsyu "NotifyDownloadComplete"=yes "SearchBandRestoreBarCount"=0 "SearchBandMigrationVersion"=1 "DoNotTrack"=1 "IE10RunOncePerInstallCompleted"=1 "IE10RunOnceCompletionTime"=0xEB9BCF302645D301 "IE10TourShown"=1 "IE10TourShownTime"=0xD3BED1302645D301 "Start Page_TIMESTAMP"=0x158EDE0E2845D301 "SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy"= "Check_Associations"=no "DownloadWindowPlacement"=0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 "Use FormSuggest"=no [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\Software\Microsoft\Windows\CurrentVersion\Internet settings] "IE5_UA_Backup_Flag"=5.0 "User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32) "EmailName"=User@ "PrivDiscUiShown"=1 "EnableHttp1_1"=1 "WarnOnIntranet"=1 "MimeExclusionListForCache"=multipart/mixed multipart/x-mixed-replace multipart/x-byteranges "AutoConfigProxy"=wininet.dll "UseSchannelDirectly"=0x01000000 "WarnOnPost"=0x01000000 "UrlEncoding"=0 "SecureProtocols"=2688 "PrivacyAdvanced"=0 "ZonesSecurityUpgrade"=0xFD405FE2F022D301 "DisableCachingOfSSLPages"=0 "WarnonZoneCrossing"=0 "CertificateRevocation"=1 "EnableNegotiate"=1 "MigrateProxy"=1 "ProxyEnable"=0 [HKLM\Software\Microsoft\Internet Explorer\Main] "AutoHide"=yes "Security Risk Page"=about:SecurityRisk "Extensions Off Page"=about:NoAdd-ons "Default_Search_URL"=http://www.google.fr/ "Default_Page_URL"=http://www.google.fr/ "Anchor_Visitation_Horizon"=0x01000000 "Cache_Percent_of_Disk"=0x0A000000 "Placeholder_Width"=0x1A000000 "Placeholder_Height"=0x1A000000 "Default_Secondary_Page_URL"= "Use_Async_DNS"=yes "Start Page"=http://www.google.fr/ "Local Page"=C:\Windows\System32\blank.htm "Search Page"=http://www.google.fr/?q={searchTerms} "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [HKLM\Software\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "InPrivate"=res://ieframe.dll/inprivate_win7.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "Home"=270 "PostNotCached"=res://ieframe.dll/repost.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm "Compat"=res://mshtml.dll/compat.htm [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes] "mosaic"=http:// "www"=http:// "home"=http:// "ftp"=ftp:// [HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings] "EnablePunycode"=1 "CodeBaseSearchPath"=CODEBASE "WarnOnIntranet"=1 "MinorVersion"=0 "ActiveXCache"=C:\Windows\Downloaded Program Files [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Main] "AutoHide"=yes "Security Risk Page"=about:SecurityRisk "Extensions Off Page"=about:NoAdd-ons "Default_Search_URL"=http://www.google.fr/ "Default_Page_URL"=http://www.google.fr/ "Anchor_Visitation_Horizon"=0x01000000 "Cache_Percent_of_Disk"=0x0A000000 "Placeholder_Width"=0x1A000000 "Placeholder_Height"=0x1A000000 "Default_Secondary_Page_URL"= "Use_Async_DNS"=yes "Start Page"=http://www.google.fr/ "Local Page"=C:\Windows\SysWOW64\blank.htm "Search Page"=http://www.google.fr/?q={searchTerms} "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "Check_Associations"=yes "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "InPrivate"=res://ieframe.dll/inprivate_win7.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "Home"=270 "PostNotCached"=res://ieframe.dll/repost.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm "Compat"=res://mshtml.dll/compat.htm [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes] "mosaic"=http:// "www"=http:// "home"=http:// "ftp"=ftp:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet settings] "EnablePunycode"=1 "CodeBaseSearchPath"=CODEBASE "WarnOnIntranet"=1 "MinorVersion"=0 "ActiveXCache"=C:\Windows\Downloaded Program Files ---------- | Proxy ---------- | reparsepoint ---------- | Detection of offsets ---------- | Notify ---------- | Execution FileExts ---------- | SIOI | SEH | URLSH [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} -- %SystemRoot%\system32\EhStorShell.dll [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SharingPrivate] - {08244EE6-92F0-47f2-9FC9-929BAA2E7235} -- %SystemRoot%\system32\ntshrui.dll [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} -- %SystemRoot%\system32\EhStorShell.dll [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SharingPrivate] - {08244EE6-92F0-47f2-9FC9-929BAA2E7235} -- %SystemRoot%\system32\ntshrui.dll ---------- | Toolbar [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "Locked"=1 [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{4853DF44-7D6B-48E9-9258-D800EEE54AF6}"=0x44DF53486B7DE9489258D800EEE54AF6 "ITBar7Layout"=0x13000000000000000000000020000000100001003300000001000000000700005E01000006000000410100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000044DF53486B7DE9489258D800EEE54AF60000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 "ITBar7Layout64"=0x13000000000000000000000004000000100001000000000001000000000000005E01000006000000410100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000044DF53486B7DE9489258D800EEE54AF60000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 "ITBar7Height"=28 [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={96BBC430-9900-4299-9F5D-7951AB36EFDF} "DownloadRetries"=0 "DefaultPackCorrection"=1 "DefaultPackNTCorrection"=1 "KnownProvidersUpgradeTime"=0xF16680162845D301 "Version"=4 "UpgradeTime"=0x2339C5162845D301 [HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{4853DF44-7D6B-48E9-9258-D800EEE54AF6}"= "{9421DD08-935F-4701-A9CA-22DF90AC4EA6}"=EPTBL [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Toolbar] "{4853DF44-7D6B-48E9-9258-D800EEE54AF6}"= [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} ---------- | Extensions ---------- | SearchScopes [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{96BBC430-9900-4299-9F5D-7951AB36EFDF}] - (Google) - http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - () - : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - () - : ---------- | Browser Helper Objects ---------- | Chrome C:\Users\Mosheur\AppData\Local\Google\Chrome\User Data\Default\extensions\aapocclcgogkmnckokdopfmhonfmgoek = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\Mosheur\AppData\Local\Google\Chrome\User Data\Default\extensions\aohghmighlieiainnegkcijnfilokake = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\Mosheur\AppData\Local\Google\Chrome\User Data\Default\extensions\apdfllckaahabafndbhieahigkjlhalf = : Google & co - https://drive.google.com/?usp=chrome_app - Google & co - [http://docs.google.com/http://drive.google.com/https://docs.google.com/https://drive.google.com/] - https://clients2.google.com/service/update2/crx C:\Users\Mosheur\AppData\Local\Google\Chrome\User Data\Default\extensions\apfgogkjjjedakfeibebkfmlbmagifci = : Le guide de la télévision de rattrapage - http://www.tv-replay.fr/ - Tv-replay - [http://www.tv-replay.fr/] - https://clients2.google.com/service/update2/crx C:\Users\Mosheur\AppData\Local\Google\Chrome\User Data\Default\extensions\bhmmomiinigofkjcapegjjndpbikblnp = : Google & co - short_name: Web of Trust - http://clients2.google.com/service/update2/crx C:\Users\Mosheur\AppData\Local\Google\Chrome\User Data\Default\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo = : Google & co - http://www.youtube.com - http://www.youtube.com - Google & co - http://clients2.google.com/service/update2/crx C:\Users\Mosheur\AppData\Local\Google\Chrome\User Data\Default\extensions\bpgpffljkgjmijjdmjbdppndoojdgboe = : This extension gives you access to all secret emoticons in Facebook coments and posts. - Mogicons - https://clients2.google.com/service/update2/crx C:\Users\Mosheur\AppData\Local\Google\Chrome\User Data\Default\extensions\cfhdojbkjhnklbpkdaibdccddilifddb = : __MSG_description__ - short_name: __MSG_name__ - permissions:[tabs\u003Call_urls>contextMenuswebRequestwebRequestBlockingwebNavigationstorageunlimitedStoragenotifications] - https://clients2.google.com/service/update2/crx C:\Users\Mosheur\AppData\Local\Google\Chrome\User Data\Default\extensions\dmgjckeibmdfndlflobjhddhmemajjld = : __MSG_description__ - short_name: __MSG_short_name__ - https://clients2.google.com/service/update2/crx C:\Users\Mosheur\AppData\Local\Google\Chrome\User Data\Default\extensions\efaidnbmnnnibpcajpcglclefindmkaj = : __MSG_web2pdfExtnDescription__ - __MSG_web2pdfExtnName__ - https://clients2.google.com/service/update2/crx C:\Users\Mosheur\AppData\Local\Google\Chrome\User Data\Default\extensions\felcaaldnbdncclmgdcncolpebgiejap = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\Mosheur\AppData\Local\Google\Chrome\User Data\Default\extensions\fllaojicojecljbmefodhfapmkghcbnh = : __MSG_gaoptout_description__ - __MSG_gaoptout_name__ - https://clients2.google.com/service/update2/crx C:\Users\Mosheur\AppData\Local\Google\Chrome\User Data\Default\extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi = : __MSG_extDesc__ - __MSG_extName__ - https://clients2.google.com/service/update2/crx C:\Users\Mosheur\AppData\Local\Google\Chrome\User Data\Default\extensions\hdokiejnpimakedhajhdlcegeplioahd = : Google & co - version_name: 4.9.1 - https://clients2.google.com/service/update2/crx C:\Users\Mosheur\AppData\Local\Google\Chrome\User Data\Default\extensions\hflefjhkfeiaignkclmphmokmmbhbhik = : __MSG_description__ - short_name: __MSG_short_name__ - https://clients2.google.com/service/update2/crx C:\Users\Mosheur\AppData\Local\Google\Chrome\User Data\Default\extensions\hkdlcejbjnnmjgajjjfenejacioiimpp = : Great collection of emoticons and stickers that you can use in Facebook status comments and chat. - https://www.mogicons.com/?utm_source=chrome&utm_medium=application&utm_campaign=emoticons - Mogicons.com - [https://www.mogicons.com/?utm_source=chrome&utm_medium=application&utm_campaign=emoticons] - https://clients2.google.com/service/update2/crx C:\Users\Mosheur\AppData\Local\Google\Chrome\User Data\Default\extensions\imkpamgpfalmdaikobnkefcmmkpgljjd = : Remove popup ads on The Pirate Bay. - short_name: APB - https://clients2.google.com/service/update2/crx C:\Users\Mosheur\AppData\Local\Google\Chrome\User Data\Default\extensions\mchjnmdbdlkdbfliogedbnpnanfjnolk = : __MSG_ExtensionDescription__ - __MSG_ExtensionName__ - https://clients2.google.com/service/update2/crx C:\Users\Mosheur\AppData\Local\Google\Chrome\User Data\Default\extensions\mlomiejdfkolichcflejclcbmpeaniij = : __MSG_short_description__ - version_name: 8.1.0 - https://clients2.google.com/service/update2/crx C:\Users\Mosheur\AppData\Local\Google\Chrome\User Data\Default\extensions\nmmhkkegccagdldgiimedpiccmgmieda = : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx C:\Users\Mosheur\AppData\Local\Google\Chrome\User Data\Default\extensions\oiiohfpnbijbgdidjfcpcljcfbmkaooi = : __MSG_slogan__ - short_name: StopFlash - matches:[\u003Call_urls>] - https://clients2.google.com/service/update2/crx C:\Users\Mosheur\AppData\Local\Google\Chrome\User Data\Default\extensions\oofnbdifeelbaidfgpikinijekkjcicg = : __MSG_description__ - short_name: __MSG_short_name__ - permissions:[contextMenusprivacystoragetabsunlimitedStoragewebNavigationwebRequestwebRequestBlocking\u003Call_urls>] - https://clients2.google.com/service/update2/crx C:\Users\Mosheur\AppData\Local\Google\Chrome\User Data\Default\extensions\pjkljhegncpnkpknbcohdijeoejaedia = : Google & co - https://mail.google.com/mail/ca - Google & co - [*://mail.google.com/mail/ca] - http://clients2.google.com/service/update2/crx C:\Users\Mosheur\AppData\Local\Google\Chrome\User Data\Default\extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm = : Provider for discovery and services for mirroring of Chrome Media Router - Chrome Media Router - 919648714761-55j965o0km033psv3i9qls5mo3qtdrb0.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx [HKLM\Software\Google\Chrome\Extensions\mchjnmdbdlkdbfliogedbnpnanfjnolk] [HKLM\Software\WOW6432Node\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj] [HKLM\Software\WOW6432Node\Google\Chrome\Extensions\mchjnmdbdlkdbfliogedbnpnanfjnolk] ---------- | Opera ---------- | Firefox [HKLM\Software\mozilla\Firefox\Extensions] "light_plugin_448EC0843447455C9DA355B3C2811D6A@kaspersky.com"=C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\FFExt\light_plugin_firefox\addon.xpi [HKLM\Software\WOW6432Node\mozilla\Firefox\Extensions] "light_plugin_448EC0843447455C9DA355B3C2811D6A@kaspersky.com"=C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\FFExt\light_plugin_firefox\addon.xpi [HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer] - (Adobe® Flash® Player 29.0.0.140 Plugin) : C:\Windows\system32\Macromed\Flash\NPSWF64_29_0_0_140.dll [HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE] - () : disabled [HKLM\Software\WOW6432Node\MozillaPlugins\@adobe.com/FlashPlayer] - (Adobe® Flash® Player 29.0.0.140 Plugin) : C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_140.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/GENUINE] - () : disabled [HKLM\Software\WOW6432Node\MozillaPlugins\@nvidia.com/3DVision] - (NVIDIA stereo images plugin for Mozilla browsers) : C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming] - (NVIDIA 3D Vision Streaming plugin for Mozilla browsers) : C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.6] - (VLC Multimedia Plugin) : D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [HKLM\Software\WOW6432Node\MozillaPlugins\Adobe Reader] - (Handles PDFs in-place in Firefox) : C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll C:\Users\Mosheur\AppData\Roaming\Mozilla\Firefox\Profiles\m8dk7t3g.default\Prefs.js user_pref("browser.startup.homepage_override.buildID", "20180323154952"); user_pref("browser.startup.homepage_override.mstone", "59.0.2"); user_pref("extensions.blocklist.pingCountTotal", 7); user_pref("extensions.blocklist.pingCountVersion", -1); user_pref("extensions.bootstrappedAddons", "{\"{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\":{\"version\":\"3.0.2\",\"type\":\"webextension\",\"descriptor\":\"C:\\\\Users\\\\Mosheur\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\m8dk7t3g.default\\\\extensions\\\\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi\",\"multiprocessCompatible\":true,\"runInSafeMode\":false,\"dependencies\":[],\"hasEmbeddedWebExtension\":false},\"support@lastpass.com\":{\"version\":\"4.2.3.20\",\"type\":\"webextension\",\"descriptor\":\"C:\\\\Users\\\\Mosheur\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\m8dk7t3g.default\\\\extensions\\\\support@lastpass.com.xpi\",\"multiprocessCompatible\":true,\"runInSafeMode\":false,\"dependencies\":[],\"hasEmbeddedWebExtension\":false},\"{9AA46F4F-4DC7-4c06-97AF-5035170634FE}\":{\"version\":\"12.11\",\"type\":\"webextension\",\"descriptor\":\"C:\\\\Users\\\\Mosheur\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\m8dk7t3g.default\\\\extensions\\\\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi\",\"multiprocessCompatible\":true,\"runInSafeMode\":false,\"dependencies\":[],\"hasEmbeddedWebExtension\":false},\"firefox@ghostery.com\":{\"version\":\"8.0.7.1\",\"type\":\"webextension\",\"descriptor\":\"C:\\\\Users\\\\Mosheur\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\m8dk7t3g.default\\\\extensions\\\\firefox@ghostery.com.xpi\",\"multiprocessCompatible\":true,\"runInSafeMode\":false,\"dependencies\":[],\"hasEmbeddedWebExtension\":false},\"aushelper@mozilla.org\":{\"version\":\"2.0\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Program Files\\\\Mozilla Firefox\\\\browser\\\\features\\\\aushelper@mozilla.org.xpi\",\"multiprocessCompatible\":true,\"runInSafeMode\":true,\"dependencies\":[],\"hasEmbeddedWebExtension\":false},\"firefox@getpocket.com\":{\"version\":\"1.0.5\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Program Files\\\\Mozilla Firefox\\\\browser\\\\features\\\\firefox@getpocket.com.xpi\",\"multiprocessCompatible\":true,\"runInSafeMode\":true,\"dependencies\":[],\"hasEmbeddedWebExtension\":false},\"webcompat@mozilla.org\":{\"version\":\"1.0\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Program Files\\\\Mozilla Firefox\\\\browser\\\\features\\\\webcompat@mozilla.org.xpi\",\"multiprocessCompatible\":true,\"runInSafeMode\":true,\"dependencies\":[],\"hasEmbeddedWebExtension\":false},\"e10srollout@mozilla.org\":{\"version\":\"1.10\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Program Files\\\\Mozilla Firefox\\\\browser\\\\features\\\\e10srollout@mozilla.org.xpi\",\"multiprocessCompatible\":true,\"runInSafeMode\":true,\"dependencies\":[],\"hasEmbeddedWebExtension\":false},\"light_plugin_448EC0843447455C9DA355B3C2811D6A@kaspersky.com\":{\"version\":\"5.1.94.24d-20171109154438\",\"type\":\"webextension\",\"descriptor\":\"C:\\\\Program Files (x86)\\\\Kaspersky Lab\\\\Kaspersky Internet Security 18.0.0\\\\FFExt\\\\light_plugin_firefox\\\\addon.xpi\",\"multiprocessCompatible\":true,\"runInSafeMode\":false,\"dependencies\":[],\"hasEmbeddedWebExtension\":false}}"); user_pref("extensions.databaseSchema", 24); user_pref("extensions.e10s.rollout.blocklist", "{dc572301-7619-498c-a57d-39143191b318};support@lastpass.com;"); user_pref("extensions.e10s.rollout.hasAddon", true); user_pref("extensions.e10s.rollout.policy", "esrA"); user_pref("extensions.e10sBlockedByAddons", true); user_pref("extensions.enabledAddons", "%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:52.7.2"); user_pref("extensions.getAddons.cache.lastUpdate", 1523016962); user_pref("extensions.getAddons.databaseSchema", 5); user_pref("extensions.lastAppBuildId", "20180323154952"); user_pref("extensions.lastAppVersion", "59.0.2"); user_pref("extensions.lastPlatformVersion", "59.0.2"); user_pref("extensions.pendingOperations", false); user_pref("extensions.shield-recipe-client.first_run", false); user_pref("extensions.shield-recipe-client.startupExperimentPrefs.browser.urlbar.matchBuckets", "suggestion:4,general:5"); user_pref("extensions.shield-recipe-client.user_id", "c88766c2-6a46-45af-87d5-a0b9b9682710"); user_pref("extensions.systemAddonSet", "{\"schema\":1,\"addons\":{}}"); user_pref("extensions.ui.dictionary.hidden", true); user_pref("extensions.ui.experiment.hidden", true); user_pref("extensions.ui.lastCategory", "addons://list/extension"); user_pref("extensions.ui.locale.hidden", true); user_pref("extensions.webextensions.uuids", "{\"screenshots@mozilla.org\":\"e65da97b-50a2-4c43-9fe2-c85224315dbf\",\"{9AA46F4F-4DC7-4c06-97AF-5035170634FE}\":\"b766d7a6-bfca-494d-9222-8a89fb1933f5\",\"{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\":\"a710e477-33ad-4e09-841c-86dac8a76a85\",\"firefox@ghostery.com\":\"9ea31aed-1766-42ff-9df4-fbaa74bbd3b9\",\"support@lastpass.com\":\"16309ea9-bc74-4732-9bf1-6613ab53d682\",\"light_plugin_448EC0843447455C9DA355B3C2811D6A@kaspersky.com\":\"0be4ed38-1e78-4a0a-92b0-572748d3e627\"}"); user_pref("extensions.xpiState", "{\"app-profile\":{\"firefox@ghostery.com\":{\"d\":\"C:\\\\Users\\\\Mosheur\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\m8dk7t3g.default\\\\extensions\\\\firefox@ghostery.com.xpi\",\"e\":true,\"v\":\"8.0.7.1\",\"st\":1518871062273},\"support@lastpass.com\":{\"d\":\"C:\\\\Users\\\\Mosheur\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\m8dk7t3g.default\\\\extensions\\\\support@lastpass.com.xpi\",\"e\":true,\"v\":\"4.2.3.20\",\"st\":1518208978810},\"{9AA46F4F-4DC7-4c06-97AF-5035170634FE}\":{\"d\":\"C:\\\\Users\\\\Mosheur\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\m8dk7t3g.default\\\\extensions\\\\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi\",\"e\":true,\"v\":\"12.11\",\"st\":1518871062134},\"{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\":{\"d\":\"C:\\\\Users\\\\Mosheur\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\m8dk7t3g.default\\\\extensions\\\\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi\",\"e\":true,\"v\":\"3.0.2\",\"st\":1518208975292}},\"app-system-defaults\":{\"aushelper@mozilla.org\":{\"d\":\"C:\\\\Program Files\\\\Mozilla Firefox\\\\browser\\\\features\\\\aushelper@mozilla.org.xpi\",\"e\":true,\"v\":\"2.0\",\"st\":1521173263367},\"e10srollout@mozilla.org\":{\"d\":\"C:\\\\Program Files\\\\Mozilla Firefox\\\\browser\\\\features\\\\e10srollout@mozilla.org.xpi\",\"e\":true,\"v\":\"1.10\",\"st\":1521173263368},\"firefox@getpocket.com\":{\"d\":\"C:\\\\Program Files\\\\Mozilla Firefox\\\\browser\\\\features\\\\firefox@getpocket.com.xpi\",\"e\":true,\"v\":\"1.0.5\",\"st\":1521173263421},\"webcompat@mozilla.org\":{\"d\":\"C:\\\\Program Files\\\\Mozilla Firefox\\\\browser\\\\features\\\\webcompat@mozilla.org.xpi\",\"e\":true,\"v\":\"1.0\",\"st\":1521173263422}},\"app-global\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"d\":\"C:\\\\Program Files\\\\Mozilla Firefox\\\\browser\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi\",\"e\":true,\"v\":\"52.7.2\",\"st\":1521173263365}},\"winreg-app-global\":{\"light_plugin_448EC0843447455C9DA355B3C2811D6A@kaspersky.com\":{\"d\":\"C:\\\\Program Files (x86)\\\\Kaspersky Lab\\\\Kaspersky Internet Security 18.0.0\\\\FFExt\\\\light_plugin_firefox\\\\addon.xpi\",\"e\":true,\"v\":\"5.1.94.24d-20171109154438\",\"st\":1513252746980}}}"); user_pref("services.sync.extension-storage.lastSync", "0"); user_pref("services.sync.extension-storage.lastSyncLocal", "0"); [Profile0] - Name=default -> Profiles/m8dk7t3g.default ---------- | DNS [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters] "DhcpNameServer"=192.168.1.254 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{91851A70-1381-488D-A542-7CA77858775C}] "DhcpNameServer"=192.168.1.1 192.168.1.1 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{E65CD2E6-0F0F-4B15-82A8-B8B265E385D2}] "DhcpNameServer"=192.168.1.254 [HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{91851A70-1381-488D-A542-7CA77858775C}] "DhcpNameServer"=192.168.1.1 192.168.1.1 [HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{E65CD2E6-0F0F-4B15-82A8-B8B265E385D2}] "DhcpNameServer"=192.168.1.254 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{91851A70-1381-488D-A542-7CA77858775C}] "DhcpNameServer"=192.168.1.1 192.168.1.1 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{E65CD2E6-0F0F-4B15-82A8-B8B265E385D2}] "DhcpNameServer"=192.168.1.254 ---------- | Applications [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\SOFTWARE\Classes\Applications\scalc.exe] : "C:\Program Files (x86)\OpenOffice 4\program\scalc.exe" "%1" [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\SOFTWARE\Classes\Applications\soffice.exe] : "C:\Program Files (x86)\OpenOffice 4\program\soffice.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\ehshell.exe] : "C:\Windows\eHome\ehshell.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\iexplore.exe" %1 [HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1 [HKLM\SOFTWARE\Classes\Applications\vlc.exe] : "D:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file "%1" [HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\ehshell.exe] : "C:\Windows\eHome\ehshell.exe" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\iexplore.exe" %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\vlc.exe] : "D:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" ---------- | SvcHost (Whitelist) [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost] "regsvc"=RemoteRegistry "DcomLaunch"=Power PlugPlay DcomLaunch "secsvcs"=WinDefend "bthsvcs"=bthserv "GPSvcGroup"=GPSvc [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost] "DcomLaunch"=Power PlugPlay DcomLaunch ---------- | SvcHost - Netsvcs (Whitelist) ---------- | Software [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\Software\4A-Games] [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\Software\Adobe] [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\Software\AppDataLow] [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\Software\BugSplat] [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\Software\Chromium] [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\Software\CineForm] [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\Software\cks] [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\Software\Clients] [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\Software\DownloadCenter] [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\Software\Electronic Arts] [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\Software\Epic Games] [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\Software\EPSON] [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\Software\g3n-h@ckm@n] [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\Software\Gaijin] [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\Software\Gameloft] [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\Software\Garmin] [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\Software\Google] [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\Software\IM Providers] [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\Software\Intel] [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\Software\KasperskyLab] [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\Software\KasperskyLabSetup] [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\Software\Leadertech] [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\Software\Local AppWizard-Generated Applications] [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\Software\LogiShrd] [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\Software\Logitech] [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\Software\LogMeInInc] [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\Software\Malwarebytes] [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\Software\Microsoft] [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\Software\Mirage] [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\Software\Mozilla] [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\Software\MozillaPlugins] [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\Software\Netscape] [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\Software\NVIDIA Corporation] [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\Software\OpenAutomate] [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\Software\OpenOffice] [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\Software\Piriform] [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\Software\Policies] [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\Software\PopCap] [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\Software\ProtectedStorage] [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\Software\QtProject] [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\Software\Realtek] [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\Software\RegisteredApplications] [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\Software\Robot Riot] [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\Software\Scarlet.Crush Productions] [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\Software\Skype] [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\Software\skypeapp-896571a7a82d] [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\Software\skypeapp-bb32a2e27889] [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\Software\SysInternals] [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\Software\Trolltech] [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\Software\Ubisoft] [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\Software\Unchecky] [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\Software\Unity] [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\Software\UsbFix] [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\Software\Valve] [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\Software\VS Revo Group] [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\Software\WinRAR] [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\Software\WinRAR SFX] [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\Software\Wondershare] [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\Software\Wow6432Node] [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\Software\ZebHelpProcess Helper] [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\Software\ZHP] [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\Software\{B2CB09FF-2453-4f85-9F40-21C05BE4CBA8}] [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\SOFTWARE\AppDataLow\Software\Microsoft] [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\Software\Microsoft\Windows\CurrentVersion] [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\Software\Microsoft\Windows\DWM] [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\Software\Microsoft\Windows\Shell] [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\Software\Microsoft\Windows\TabletPC] [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\Software\Microsoft\Windows\Windows Error Reporting] [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\AGEIA Technologies] [HKLM\Software\Apple Inc.] [HKLM\Software\ATI Technologies] [HKLM\Software\Clients] [HKLM\Software\Corsair] [HKLM\Software\cybelsoft] [HKLM\Software\Dolby] [HKLM\Software\DTS] [HKLM\Software\EPSON] [HKLM\Software\ESET] [HKLM\Software\g3n-h@ckm@n] [HKLM\Software\Google] [HKLM\Software\IM Providers] [HKLM\Software\Intel] [HKLM\Software\KasperskyLab] [HKLM\Software\Khronos] [HKLM\Software\Knowles] [HKLM\Software\Logitech] [HKLM\Software\Macromedia] [HKLM\Software\Microsoft] [HKLM\Software\Mozilla] [HKLM\Software\mozilla.org] [HKLM\Software\MozillaPlugins] [HKLM\Software\Nahimic] [HKLM\Software\Nuance] [HKLM\Software\NVIDIA Corporation] [HKLM\Software\ODBC] [HKLM\Software\Piriform] [HKLM\Software\Policies] [HKLM\Software\Realtek] [HKLM\Software\RegisteredApplications] [HKLM\Software\RT 7 Lite] [HKLM\Software\RTLSetup] [HKLM\Software\Software] [HKLM\Software\Sonic] [HKLM\Software\SonicFocus] [HKLM\Software\SRS Labs] [HKLM\Software\sysinternals] [HKLM\Software\TeamSpeak 3 Client] [HKLM\Software\Waves Audio] [HKLM\Software\WinRAR] [HKLM\Software\Wondershare] [HKLM\Software\Wow6432Node] [HKLM\Software\Yamaha APO] [HKLM\Software\Microsoft\Windows\CurrentVersion] [HKLM\Software\Microsoft\Windows\HTML Help] [HKLM\Software\Microsoft\Windows\ITStorage] [HKLM\Software\Microsoft\Windows\ScheduledDiagnostics] [HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\Microsoft\Windows\Tablet PC] [HKLM\Software\Microsoft\Windows\TabletPC] [HKLM\Software\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\Microsoft\Windows\Windows Search] [HKLM\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\AxInstSVGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\GPSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wcssvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport] [HKLM\Software\WOW6432Node\activision] [HKLM\Software\WOW6432Node\Adobe] [HKLM\Software\WOW6432Node\AGEIA Technologies] [HKLM\Software\WOW6432Node\Apple Inc.] [HKLM\Software\WOW6432Node\DownloadCenter] [HKLM\Software\WOW6432Node\ea games] [HKLM\Software\WOW6432Node\Electronic Arts] [HKLM\Software\WOW6432Node\EPSON] [HKLM\Software\WOW6432Node\Eset] [HKLM\Software\WOW6432Node\Garmin] [HKLM\Software\WOW6432Node\Google] [HKLM\Software\WOW6432Node\IM Providers] [HKLM\Software\WOW6432Node\Intel] [HKLM\Software\WOW6432Node\KasperskyLab] [HKLM\Software\WOW6432Node\Khronos] [HKLM\Software\WOW6432Node\logishrd] [HKLM\Software\WOW6432Node\Logitech] [HKLM\Software\WOW6432Node\LogMeInInc] [HKLM\Software\WOW6432Node\Macromedia] [HKLM\Software\WOW6432Node\MAGIX] [HKLM\Software\WOW6432Node\Microsoft] [HKLM\Software\WOW6432Node\Mozilla] [HKLM\Software\WOW6432Node\mozilla.org] [HKLM\Software\WOW6432Node\MozillaPlugins] [HKLM\Software\WOW6432Node\Nuance] [HKLM\Software\WOW6432Node\NVIDIA Corporation] [HKLM\Software\WOW6432Node\ODBC] [HKLM\Software\WOW6432Node\OpenOffice] [HKLM\Software\WOW6432Node\Origin] [HKLM\Software\WOW6432Node\Origin Games] [HKLM\Software\WOW6432Node\PopCap Games] [HKLM\Software\WOW6432Node\Realtek] [HKLM\Software\WOW6432Node\Realtek Semiconductor Corp.] [HKLM\Software\WOW6432Node\rebellion] [HKLM\Software\WOW6432Node\Sensible Vision] [HKLM\Software\WOW6432Node\Skype] [HKLM\Software\WOW6432Node\SOSVirus] [HKLM\Software\WOW6432Node\techland] [HKLM\Software\WOW6432Node\Ubisoft] [HKLM\Software\WOW6432Node\Unchecky] [HKLM\Software\WOW6432Node\Valve] [HKLM\Software\WOW6432Node\VideoLAN] [HKLM\Software\WOW6432Node\WafCX] [HKLM\Software\WOW6432Node\Wondershare] [HKLM\Software\WOW6432Node\WOW6432Node] [HKLM\Software\WOW6432Node\Clients] [HKLM\Software\WOW6432Node\Policies] [HKLM\Software\WOW6432Node\RegisteredApplications] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows\HTML Help] [HKLM\Software\WOW6432Node\Microsoft\Windows\ITStorage] [HKLM\Software\WOW6432Node\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Search] [HKLM\Software\WOW6432Node\Microsoft\Windows\Tablet PC] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\wcssvc] ---------- | Drives D: [02/12/2006 00:37:14] - |A| - (.© Microsoft Corporation. - Microsoft® Debug Information Accessor.) - [904704] - (8.0.50727.762) - D:\msdia80.dll F: [17/05/2016 10:43:04] - |A| - (.Samsung Electronic Ltd. - Samsung Kies Installer 2.0 .) - [77795152] - (16.0.0.400) - F:\Kies_2.0.0.11034_5.exe H: ---------- | C: [14/07/2009 05:18:56] - |SHD| - [129] - C:\$Recycle.Bin [08/04/2016 14:49:49] - |RASHD| - [3] - C:\Autorun.inf [MD5.90690FF825E89EF23062E248C5897E01] - [06/12/2017 23:30:44] - |A| - (.-.) - [1088] - (0.0.0.0) - C:\DelFix.txt [14/07/2009 07:08:56] - |SHD| - [0] - C:\Documents and Settings [07/04/2016 11:41:24] - |D| - [0] - C:\GvTemp [MD5.D41D8CD98F00B204E9800998ECF8427E] - [31/08/2017 11:07:43] - |ASH| - (.-.) - [6358708224] - (0.0.0.0) - C:\hiberfil.sys [07/04/2016 10:20:46] - |D| - [374536] - C:\Intel [28/01/2018 08:40:35] - |D| - [76397] - C:\KVRT_Data [MD5.D41D8CD98F00B204E9800998ECF8427E] - [06/04/2016 23:41:29] - |ASH| - (.-.) - [9463853056] - (0.0.0.0) - C:\pagefile.sys [14/07/2009 05:20:08] - |D| - [0] - C:\PerfLogs [14/07/2009 05:20:08] - |RD| - [2945524300] - C:\Program Files [14/07/2009 05:20:08] - |RD| - [3248017879] - C:\Program Files (x86) [14/07/2009 05:20:08] - |HD| - [7161992123] - C:\ProgramData [16/04/2018 18:26:07] - |D| - [68686] - C:\QuickDiag [MD5.55C4EB394DB11FA9570AA2400C8E863C] - [16/04/2018 18:26:30] - |A| - (.-.) - [138498] - (0.0.0.0) - C:\QuickDiag.txt [06/04/2016 23:47:52] - |SHD| - [346295874] - C:\Recovery [06/04/2016 23:41:28] - |SHD| - [0] - C:\System Volume Information [13/04/2016 15:48:19] - |D| - [768184] - C:\temp [14/07/2009 05:20:08] - |RD| - [14420550619] - C:\Users [14/07/2009 05:20:08] - |D| - [34188717275] - C:\Windows ---------- | C:\Windows [14/07/2009 07:32:38] - |D| - [802] - C:\Windows\addins [14/07/2009 05:20:08] - |D| - [16236314] - C:\Windows\AppCompat [14/07/2009 05:20:08] - |D| - [10978306] - C:\Windows\AppPatch [14/07/2009 05:20:08] - |RSD| - [1799980888] - C:\Windows\assembly [MD5.317CD1CE327B6520BF4EE007BCD39E61] - [20/01/2011 14:28:43] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Utilitaire de service de fichier de démarrage.) - [71168] - (6.1.7601.17514) - C:\Windows\bfsvc.exe [14/07/2009 05:20:09] - |D| - [29189358] - C:\Windows\Boot [MD5.B09C4A6E2B58727F4C62DDAFCA05720B] - [14/07/2009 07:38:36] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\Windows\bootstat.dat [14/07/2009 05:20:09] - |D| - [3233280] - C:\Windows\Branding [31/08/2017 12:48:00] - |D| - [299551567] - C:\Windows\CheckSur [14/07/2009 05:20:09] - |D| - [2113488] - C:\Windows\Cursors [14/07/2009 06:45:54] - |D| - [15719] - C:\Windows\debug [14/07/2009 07:32:38] - |D| - [3044378] - C:\Windows\diagnostics [14/07/2009 07:37:46] - |D| - [0] - C:\Windows\DigitalLocker [MD5.31D699A50CBE25ECD9BE7F0B9D94C7FE] - [02/04/2018 14:26:04] - |A| - (.-.) - [18549] - (0.0.0.0) - C:\Windows\DirectX.log [14/07/2009 07:32:38] - |D| - [65] - C:\Windows\Downloaded Program Files [14/07/2009 17:35:13] - |D| - [118084593] - C:\Windows\ehome [14/07/2009 07:37:46] - |D| - [0] - C:\Windows\en-US [MD5.38AE1B3C38FAEF56FE4907922F0385BA] - [31/08/2017 11:40:52] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [3229696] - (6.1.7601.23537) - C:\Windows\explorer.exe [14/07/2009 05:20:09] - |RSD| - [370113679] - C:\Windows\Fonts [14/07/2009 17:24:08] - |D| - [142336] - C:\Windows\fr-FR [MD5.92BB2E9AA28542C685C59EFCBAC2490B] - [14/07/2009 01:22:13] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Utilitaire de service de chiffrement de lecteur BitLocker.) - [15360] - (6.1.7600.16385) - C:\Windows\fveupdate.exe [14/07/2009 05:20:09] - |D| - [21741460] - C:\Windows\Globalization [MD5.46E77AB5E91094D6C1EE518CA4626972] - [27/08/2009 09:04:14] - |RA| - (.Copyright (C) 2007 - GSetup MFC Application.) - [207400] - (1.0.0.1) - C:\Windows\GSetup.exe [MD5.A8ED0188CA6580088F760D25D83E557E] - [31/08/2017 11:22:48] - |A| - (.-.) - [10] - (0.0.0.0) - C:\Windows\GSetup.ini [14/07/2009 05:20:09] - |D| - [111119142] - C:\Windows\Help [MD5.A66E522F3CBFB8709EA37844922A002E] - [31/08/2017 11:43:15] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Aide et support Microsoft.) - [733696] - (6.1.7601.23834) - C:\Windows\HelpPane.exe [MD5.3D0B9EA79BF1F828324447D84AA9DCE2] - [14/07/2009 02:29:03] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Exécutable de l’aide HTML Microsoft®.) - [16896] - (6.1.7600.16385) - C:\Windows\hh.exe [MD5.1AEB4967A760D6EC21A3270F1B004AC1] - [14/07/2009 17:35:58] - |A| - (.-.) - [48265] - (0.0.0.0) - C:\Windows\HomePremium.xml [14/07/2009 05:20:09] - |D| - [143547244] - C:\Windows\IME [14/07/2009 05:20:10] - |D| - [144944357] - C:\Windows\inf [31/08/2017 11:23:47] - |SHD| - [1236924194] - C:\Windows\Installer [14/07/2009 05:20:10] - |D| - [48371] - C:\Windows\L2Schemas [14/07/2009 05:20:10] - |D| - [3834375] - C:\Windows\LiveKernelReports [14/07/2009 05:20:10] - |D| - [83501627] - C:\Windows\Logs [14/07/2009 05:20:10] - |RSD| - [13327133] - C:\Windows\Media [MD5.81F70FB59395E904A99558AF47BDFECC] - [12/04/2018 10:09:03] - |A| - (.-.) - [535910611] - (0.0.0.0) - C:\Windows\MEMORY.DMP [MD5.23AF90D2355D8C83AA4567EF1763B467] - [14/07/2009 02:10:29] - |A| - (.-.) - [43131] - (0.0.0.0) - C:\Windows\mib.bin [14/07/2009 05:20:10] - |D| - [1072732558] - C:\Windows\Microsoft.NET [31/08/2017 12:53:01] - |D| - [4206] - C:\Windows\Migration [30/09/2017 13:11:34] - |D| - [814432] - C:\Windows\Minidump [14/07/2009 05:20:10] - |D| - [0] - C:\Windows\ModemLogs [MD5.B9FB94A8DA62711C6955825DEFB25C5A] - [14/07/2009 04:35:42] - |A| - (.-.) - [1405] - (0.0.0.0) - C:\Windows\msdfmap.ini [MD5.B32189BDFF6E577A92BAA61AD49264E6] - [31/08/2017 11:41:56] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Bloc-notes.) - [193536] - (6.1.7601.18917) - C:\Windows\notepad.exe [MD5.74F28574BB8F61FFC7DD419FE6B6E0D5] - [26/01/2018 14:17:15] - |A| - (.-.) - [1951] - (0.0.0.0) - C:\Windows\NvContainerRecovery.bat [MD5.74F28574BB8F61FFC7DD419FE6B6E0D5] - [01/09/2017 13:30:44] - |A| - (.-.) - [1951] - (0.0.0.0) - C:\Windows\NvTelemetryContainerRecovery.bat [14/07/2009 07:32:38] - |D| - [65] - C:\Windows\Offline Web Pages [31/08/2017 12:07:15] - |D| - [1227596] - C:\Windows\Panther [14/07/2009 07:32:38] - |D| - [63282456] - C:\Windows\Performance [MD5.808FA4C77548DB9D54FB93C428EC44EB] - [17/12/2017 13:42:31] - |A| - (.-.) - [19958] - (0.0.0.0) - C:\Windows\PFRO.log [14/07/2009 05:20:10] - |D| - [1124149] - C:\Windows\PLA [14/07/2009 05:20:10] - |D| - [2972247] - C:\Windows\PolicyDefinitions [10/02/2018 21:38:18] - |D| - [0] - C:\Windows\Prefetch [MD5.2E2C937846A0B8789E5E91739284D17A] - [14/07/2009 01:27:10] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Éditeur du Registre.) - [427008] - (6.1.7600.16385) - C:\Windows\regedit.exe [14/07/2009 05:20:10] - |D| - [22588] - C:\Windows\registration [14/07/2009 05:20:10] - |D| - [8985466] - C:\Windows\rescache [14/07/2009 05:20:10] - |D| - [1674534] - C:\Windows\Resources [MD5.A8F0B315F67842060906A301108CDAB0] - [31/08/2017 11:41:16] - |R| - (.Copyright (C) 2014 Realtek Semiconductor Corp. - RtlExUpd DLL for setup utility function.) - [2080472] - (1.0.5.4) - C:\Windows\RtlExUpd.dll [14/07/2009 05:20:10] - |D| - [0] - C:\Windows\SchCache [14/07/2009 05:20:10] - |D| - [58021] - C:\Windows\schemas [14/07/2009 05:20:10] - |D| - [5268180] - C:\Windows\security [14/07/2009 06:45:47] - |D| - [63960513] - C:\Windows\ServiceProfiles [14/07/2009 05:20:10] - |D| - [196861037] - C:\Windows\servicing [14/07/2009 06:45:50] - |D| - [42] - C:\Windows\Setup [MD5.6376D022C279D3F79F2BC1653CBD8904] - [02/04/2018 10:09:47] - |A| - (.-.) - [4751] - (0.0.0.0) - C:\Windows\setupact.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - [02/04/2018 10:09:47] - |A| - (.-.) - [0] - (0.0.0.0) - C:\Windows\setuperr.log [31/08/2017 11:14:05] - |D| - [1450711127] - C:\Windows\SoftwareDistribution [14/07/2009 05:20:10] - |D| - [70579144] - C:\Windows\Speech [MD5.D01628AF9F7FB3F415B357D446FBE6D9] - [20/01/2011 14:28:37] - |A| - (.© Microsoft Corporation. - Print driver host for 32bit applications.) - [67072] - (6.1.7601.17514) - C:\Windows\splwow64.exe [MD5.9060C3C745E7B2D8E1A81DD061021546] - [14/07/2009 07:28:38] - |A| - (.-.) - [48201] - (0.0.0.0) - C:\Windows\Starter.xml [14/07/2009 05:20:10] - |D| - [0] - C:\Windows\system [MD5.286A9EDB379DC3423A528B0864A0F111] - [14/07/2009 04:34:57] - |A| - (.-.) - [219] - (0.0.0.0) - C:\Windows\system.ini [14/07/2009 05:20:10] - |D| - [8284700262] - C:\Windows\System32 [14/07/2009 05:20:14] - |D| - [1519731393] - C:\Windows\SysWOW64 [14/07/2009 05:20:14] - |D| - [15] - C:\Windows\TAPI [14/07/2009 05:20:14] - |D| - [66624] - C:\Windows\Tasks [14/07/2009 05:20:14] - |D| - [91193357] - C:\Windows\Temp [14/07/2009 05:20:14] - |D| - [0] - C:\Windows\tracing [MD5.0BEA3F79A36B1F67B2CE0F595524C77C] - [10/06/2009 23:41:17] - |A| - (.- Twain Source Manager (Image Acquisition Interface).) - [94784] - (1.7.0.0) - C:\Windows\twain.dll [14/07/2009 07:32:38] - |D| - [41729460] - C:\Windows\twain_32 [MD5.163A95975E1D8819E653AA3E961371CA] - [20/01/2011 14:29:53] - |A| - (.- Gestionnaire de sources Twain_32 (Image Acquisition Interface).) - [51200] - (1.7.1.3) - C:\Windows\twain_32.dll [MD5.F36A271706EDD23C94956AFB56981184] - [14/07/2009 00:47:26] - |A| - (.- Twain_32.dll Client's 16-Bit Thunking Server.) - [49680] - (1.7.0.0) - C:\Windows\twunk_16.exe [MD5.0BD6E68F3EA0DD62CD86283D86895381] - [14/07/2009 02:14:40] - |A| - (.- Twain.dll Client's 32-Bit Thunking Server.) - [31232] - (1.7.1.0) - C:\Windows\twunk_32.exe [14/07/2009 05:20:14] - |D| - [12420] - C:\Windows\Vss [14/07/2009 05:20:14] - |D| - [40681427] - C:\Windows\Web [MD5.162904DAA5412143F5403233E77F787E] - [14/07/2009 04:34:57] - |A| - (.-.) - [403] - (0.0.0.0) - C:\Windows\win.ini [MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - [14/07/2009 06:54:24] - |RAH| - (.-.) - [749] - (0.0.0.0) - C:\Windows\WindowsShell.Manifest [MD5.C6D2C54983EF75CC59CCE9891A07C461] - [06/02/2018 12:26:27] - |A| - (.-.) - [1511188] - (0.0.0.0) - C:\Windows\WindowsUpdate.log [MD5.1D420D66250BCAAAED05724FB34008CF] - [14/07/2009 02:12:29] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Relais Windows Winhlp32.) - [9728] - (6.1.7600.16385) - C:\Windows\winhlp32.exe [14/07/2009 05:20:14] - |D| - [16313366506] - C:\Windows\winsxs [MD5.DC17DD0189B0C36D863B4DD0A036C10F] - [10/06/2009 22:52:44] - |A| - (.-.) - [316640] - (0.0.0.0) - C:\Windows\WMSysPr9.prx [MD5.F8ED3B4B209E2CB49028E36CF06CA851] - [14/07/2009 01:56:28] - |A| - (.© Microsoft Corporation. - Windows Write.) - [10240] - (6.1.7600.16385) - C:\Windows\write.exe [MD5.F9F4905664C5B42B49E78EFA12D1A6B6] - [16/09/2017 17:56:20] - |A| - (.-.) - [20] - (0.0.0.0) - C:\Windows\¨ôÝ [MD5.F9F4905664C5B42B49E78EFA12D1A6B6] - [16/09/2017 17:50:28] - |A| - (.-.) - [20] - (0.0.0.0) - C:\Windows\ÈöÕ ---------- | C:\Windows\System32\GroupPolicy ---------- | Systemroot\System ---------- | Systemroot\Installer (Microsoft Files Whitelisted) [11/02/2018 17:23:07] - C:\Windows\Installer\1142b31.msi : (Google Update Helper - Google Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [20/03/2014 11:44:52] - C:\Windows\Installer\16bd9b.msi : (Intel(R) Management Engine Components - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [11/04/2014 09:33:00] - C:\Windows\Installer\16bdb6.msi : (Intel(R) Rapid Storage Technology - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [18/12/2017 14:56:26] - C:\Windows\Installer\1700ed.msi : (Google Update Helper - Google Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/03/2015 10:41:29] - C:\Windows\Installer\17f99e5.msi : ( - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [13/02/2018 18:44:20] - C:\Windows\Installer\1a3e03.msi : (Skype - Skype Technologies S.A.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [12/12/2017 05:24:08] - C:\Windows\Installer\1ee6d22.msi : (OpenOffice 4.1.5 - OpenOffice) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [27/09/2012 01:34:20] - C:\Windows\Installer\2094f6.msi : (LWS Help_main - Logitech) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [13/09/2012 09:41:18] - C:\Windows\Installer\2094fe.msi : (LWS Webcam Software - Logitech) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [13/09/2012 09:41:16] - C:\Windows\Installer\209506.msi : (CameraHelperMsi - Logitech) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [27/09/2012 01:46:08] - C:\Windows\Installer\20950e.msi : (Logitech eReg 1.12 merge module-to-MSI converter - Logitech, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [24/07/2012 00:15:18] - C:\Windows\Installer\209516.msi : (LWS Facebook - Logitech) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [27/09/2012 00:19:08] - C:\Windows\Installer\20951e.msi : (LWS Gallery - Logitech) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [27/09/2012 01:36:58] - C:\Windows\Installer\209526.msi : (LWS Launcher - Logitech) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [13/09/2012 09:41:12] - C:\Windows\Installer\20952e.msi : (LWS Motion Detection - Logitech) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [13/09/2012 09:41:22] - C:\Windows\Installer\209536.msi : (LWS Pictures And Video - Logitech) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [27/07/2011 04:51:16] - C:\Windows\Installer\20953e.msi : (LWS Twitter - Logitech) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [13/06/2011 05:26:48] - C:\Windows\Installer\209546.msi : (LWS WLM Plugin - Logitech) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [12/11/2011 00:14:28] - C:\Windows\Installer\20954e.msi : (LWS YouTube Plugin - Logitech) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [19/11/2015 11:56:58] - C:\Windows\Installer\29de52.msi : (Epic Games Launcher Prerequisites (x64) - Epic Games, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [18/09/2017 03:53:07] - C:\Windows\Installer\3b5a47.msi : (Google Chrome Installer - Google, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [31/08/2017 16:14:25] - C:\Windows\Installer\3fca1a.msi : (Kaspersky Internet Security - Kaspersky Lab) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [31/08/2017 16:14:29] - C:\Windows\Installer\3fca23.msi : (Kaspersky Secure Connection - Kaspersky Lab) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [15/03/2018 21:10:43] - C:\Windows\Installer\9dcd2.msi : (Backup and Sync from Google - Google, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [27/03/2018 16:11:14] - C:\Windows\Installer\a16d2.msi : (Garmin Express Installer - Garmin Ltd or its subsidiaries) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [27/03/2018 16:10:00] - C:\Windows\Installer\a1716.msi : (Garmin Express Tray - Garmin Ltd or its subsidiaries) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [27/03/2018 16:10:10] - C:\Windows\Installer\a172f.msi : (Elevated Installer - Garmin Ltd or its subsidiaries) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [27/03/2018 16:09:40] - C:\Windows\Installer\a1737.msi : (ANT Drivers Installer x64 - Garmin Ltd or its subsidiaries) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [01/03/2018 09:38:38] - C:\Windows\Installer\b5b97.msi : (Adobe ARM Installer - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [26/02/2014 09:38:28] - C:\Windows\Installer\eadd2.msi : (Intel(R) Chipset Device Software - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [31/08/2017 11:23:47] - C:\Windows\Installer\eade0.msi : (Google Update Helper - Google Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] ---------- | %System%\*.in* [14/07/2009 06:57:09] - [73] - C:\Windows\System32\desktop.ini [01/09/2017 08:45:21] - [16303] - C:\Windows\System32\ieuinit.inf [18/01/2012 06:22:54] - [28418] - C:\Windows\System32\lvcoin64.ini [14/07/2009 07:13:15] - [6434] - C:\Windows\System32\PerfStringBackup.INI [10/06/2009 23:01:25] - [60124] - C:\Windows\System32\tcpmon.ini [01/09/2017 08:45:21] - [16303] - C:\Windows\Syswow64\ieuinit.inf [14/07/2009 06:55:01] - [535] - C:\Windows\Syswow64\mapisvc.inf [31/08/2017 11:24:43] - [1645810] - C:\Windows\Syswow64\PerfStringBackup.INI ---------- | Listing no Microsoft signed files (Not necessary Malwares) | system32 | Syswow64 | General scan [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:08] - [0 Ko] - C:\Windows\AppPatch\Custom\Custom64 [MD5.6A01A3C85007427C4C2B64D8AA8F66F9] - |A| - [05/01/2018 11:23:00] - (.-.) - [124.53 Ko] - (0.0.0.0) - C:\Windows\AppPatch\AppPatch64\sysmain.sdb [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [31/03/2018 13:08:10] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\01d3c8e08e218604 [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [02/04/2018 14:10:20] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\01d3ca7b924a78db [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [03/04/2018 12:03:26] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\01d3cb330236e3b4 [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [03/04/2018 14:00:25] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\01d3cb4359fbb160 [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [03/04/2018 16:14:11] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\01d3cb560a07e42d [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [03/04/2018 17:37:19] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\01d3cb61a7010534 [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [03/04/2018 18:09:58] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\01d3cb663638da24 [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [04/04/2018 21:08:51] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\01d3cc485e7b6a6a [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [05/04/2018 12:24:17] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\01d3ccc840d26cb8 [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [05/04/2018 17:50:19] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\01d3ccf5cc4658d9 [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [05/04/2018 18:00:26] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\01d3ccf7366678b1 [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [05/04/2018 18:12:20] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\01d3ccf8e02d7922 [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [05/04/2018 18:47:39] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\01d3ccfdceab6ed3 [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [07/04/2018 12:00:05] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\01d3ce5734455e87 [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [09/04/2018 09:19:39] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\01d3cfd31f479c49 [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [09/04/2018 13:22:19] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\01d3cff505e7da83 [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [11/04/2018 12:47:02] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\01d3d1826cd795e1 [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [13/04/2018 12:15:07] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\01d3d3104c3ec313 [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [13/04/2018 22:50:35] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\01d3d3691255db82 [MD5.77442B774057A4BA153536C9152884E5] - |A| - [03/04/2018 10:56:01] - (.-.) - [22.72 Ko] - (0.0.0.0) - C:\Windows\Temp\Garmin_Express_20180403105601.log [MD5.94C9E638A6F6CD861545A0D31549AFBB] - |A| - [03/04/2018 10:56:09] - (.-.) - [1145.08 Ko] - (0.0.0.0) - C:\Windows\Temp\Garmin_Express_20180403105601_000_GarminExpress.log [MD5.8499762C1D76D1713F31FB6BE7D49E87] - |A| - [03/04/2018 10:56:20] - (.-.) - [508.81 Ko] - (0.0.0.0) - C:\Windows\Temp\Garmin_Express_20180403105601_001_GarminTray.log [MD5.12D066222E5421B061D36E9EA57858CA] - |A| - [03/04/2018 10:56:21] - (.-.) - [181.44 Ko] - (0.0.0.0) - C:\Windows\Temp\Garmin_Express_20180403105601_002_GarminElevatedInstaller.log [MD5.1D27FA6B957ED1E01D4484A7FB893F1C] - |A| - [03/04/2018 10:56:22] - (.-.) - [179.59 Ko] - (0.0.0.0) - C:\Windows\Temp\Garmin_Express_20180403105601_004_AntDriversX64.log [MD5.E38FD7B99033E0837CEF15BEA4005D23] - |A| - [03/04/2018 10:56:21] - (.-.) - [0.21 Ko] - (0.0.0.0) - C:\Windows\Temp\Garmin_Express_20180403105621_5_LegacyApplication_Removal.log [MD5.A6780978893798CB7EE018983AF85822] - |A| - [03/04/2018 10:56:23] - (.-.) - [14.95 Ko] - (0.0.0.0) - C:\Windows\Temp\Garmin_Express_20180403105623.log [MD5.F42D0C25CCC6270050E67DF576B9BD32] - |A| - [03/04/2018 10:56:23] - (.-.) - [113.03 Ko] - (0.0.0.0) - C:\Windows\Temp\Garmin_Express_20180403105623_000_AntDriversX64.log [MD5.CE3A5AD37BCC74BAC470121095C8C5CF] - |A| - [08/03/2018 17:45:56] - (.-.) - [27.39 Ko] - (0.0.0.0) - C:\Windows\Temp\MpCmdRun.log [MD5.00000000000000000000000000000000] - |D| - [09/04/2018 09:12:36] - [0 Ko] - C:\Windows\Temp\MPInstrumentation [MD5.D7543A2967F6B356CE53690E028B28FB] - |A| - [03/04/2018 12:02:49] - (.-.) - [23.8 Ko] - (0.0.0.0) - C:\Windows\Temp\MpSigStub.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [03/04/2018 10:55:54] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\tmpDB12.tmp [MD5.9394099E280BAC60C0E7157E5B94FC33] - |A| - [03/04/2018 10:55:54] - (.Copyright (c) Garmin Ltd or its subsidiaries. - Garmin Express.) - [85507.47 Ko] - (6.3.0.0) - C:\Windows\Temp\tmpDB12.tmp.exe [MD5.00000000000000000000000000000000] - |D| - [08/04/2018 20:37:20] - [1331.54 Ko] - C:\Windows\Temp\unchecky [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 17:24:06] - [0 Ko] - C:\Windows\System32\040C [MD5.D41D8CD98F00B204E9800998ECF8427E] - |AH| - [14/07/2009 06:45:49] - (.-.) - [22.52 Ko] - (0.0.0.0) - C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [MD5.D41D8CD98F00B204E9800998ECF8427E] - |AH| - [14/07/2009 06:45:49] - (.-.) - [22.52 Ko] - (0.0.0.0) - C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [MD5.F2CF417EF502555B139EDCD9FEBF9CD3] - |A| - [31/08/2017 11:41:19] - (.-.) - [107.27 Ko] - (0.0.0.0) - C:\Windows\System32\AcpiServiceVnA64.dll [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:10] - [4987.5 Ko] - C:\Windows\System32\AdvancedInstallers [MD5.2D0895BED270D1A8CADD981A5BFC0AE5] - |A| - [31/08/2017 11:47:27] - (.-.) - [591.3 Ko] - (0.0.0.0) - C:\Windows\System32\audioLibVc.dll [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:10] - [173 Ko] - C:\Windows\System32\bg-BG [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:10] - [2592.52 Ko] - C:\Windows\System32\Boot [MD5.F02F93D5AEC524052E4A37C1BB7CCF31] - |A| - [14/07/2009 03:20:24] - (.Copyright(C)Brother Industries Ltd.1997-2006 - Brother Multi Function CoInstaller.) - [19 Ko] - (1.0.0.20) - C:\Windows\System32\brcoinst.dll [MD5.7D00FF6A4315FDF4ACAFBB4EF157EA9F] - |A| - [14/07/2009 02:07:04] - (.Copyright (C) 2008 - Gestionnaire de contexte pour réseau personnel Bluetooth.) - [91.5 Ko] - (1.0.0.1) - C:\Windows\System32\BthpanContextHandler.dll [MD5.6794D9D442E31DC5E95BDF65F37E4386] - |A| - [14/07/2009 01:56:54] - (.Copyright (C) 2006 - CardGames Resources.) - [6068.5 Ko] - (1.0.0.1) - C:\Windows\System32\CardGames.dll [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:10] - [140182.69 Ko] - C:\Windows\System32\catroot [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:10] - [35378.63 Ko] - C:\Windows\System32\catroot2 [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:10] - [15328.57 Ko] - C:\Windows\System32\CodeIntegrity [MD5.64430E214B5B229D426D2D35538C402D] - |A| - [07/08/2015 23:34:40] - (.-.) - [366.38 Ko] - (0.0.0.0) - C:\Windows\System32\ColorImageEnhancement.wmv [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:10] - [357 Ko] - C:\Windows\System32\com [MD5.00000000000000000000000000000000] - |SD| - [01/09/2017 10:00:53] - [4945.69 Ko] - C:\Windows\System32\CompatTel [MD5.6E14F444A2506049EEC25CB5EDFE0905] - |A| - [31/08/2017 11:41:20] - (.2013 © Real Sound Lab SIA, iSoft Solutions - CONEQ™ Media Suite APO GUI Library.) - [110.91 Ko] - (1.0.0.4) - C:\Windows\System32\CONEQMSAPOGUILibrary.dll [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:10] - [332824.16 Ko] - C:\Windows\System32\config [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:10] - [432 Ko] - C:\Windows\System32\cs-CZ [MD5.59075B2A63DF6A568123218BF4DC2696] - |A| - [31/08/2017 11:40:57] - (.-.) - [0.87 Ko] - (0.0.0.0) - C:\Windows\System32\CustomModeApp.exe.config [MD5.899E708E589C09700BFF1C73CB7D7002] - |A| - [31/08/2017 11:40:57] - (.-.) - [0.87 Ko] - (0.0.0.0) - C:\Windows\System32\CustomModeAppv2_0.exe.config [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:10] - [427.5 Ko] - C:\Windows\System32\da-DK [MD5.82DF29C6D5571BFA69429563F0AED677] - |A| - [31/08/2017 11:41:20] - (.©2013 Dolby Laboratories. - Dolby Digital Plus API x86.) - [254.17 Ko] - (7.5.1.1) - C:\Windows\System32\DDPA64.dll [MD5.FAC24F4CC63235D9533DD6605E5EE6F0] - |A| - [31/08/2017 11:41:20] - (.©2013 Dolby Laboratories. - Dolby Digital Plus COM DLL x86.) - [1893.17 Ko] - (7.5.1.1) - C:\Windows\System32\DDPD64A.dll [MD5.A1C8F811777EFA1B6BD82B226016CF2D] - |A| - [31/08/2017 11:41:20] - (.©2013 Dolby Laboratories. - Dolby Digital Plus APO x86.) - [306.17 Ko] - (7.5.1.1) - C:\Windows\System32\DDPO64A.dll [MD5.B827E0AE582ACD641F0B2B052773A5CA] - |A| - [31/08/2017 11:41:20] - (.©2012 Dolby Laboratories. - Dolby DS1PC Control Panel x86.) - [6072.17 Ko] - (7.5.1.1) - C:\Windows\System32\DDPP64A.dll [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:10] - [457.5 Ko] - C:\Windows\System32\de-DE [MD5.079B8AEB4A55BF8493BD1EC70285D920] - |ASH| - [14/07/2009 06:57:09] - (.-.) - [0.07 Ko] - (0.0.0.0) - C:\Windows\System32\desktop.ini [MD5.60E6C68CB0B797EDD0386A68526935A4] - |A| - [07/08/2015 23:34:42] - (.-.) - [0.91 Ko] - (0.0.0.0) - C:\Windows\System32\DPTopologyApp.exe.config [MD5.899E708E589C09700BFF1C73CB7D7002] - |A| - [31/08/2017 11:40:57] - (.-.) - [0.87 Ko] - (0.0.0.0) - C:\Windows\System32\DPTopologyAppv2_0.exe.config [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:10] - [102750.26 Ko] - C:\Windows\System32\drivers [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [4611439.84 Ko] - C:\Windows\System32\DriverStore [MD5.8B5A737AD11EF45D9B1AEB4ED6884968] - |A| - [31/08/2017 11:41:21] - (.(c) DTS. - DTS Bass Enhancement COM DLL.) - [711.6 Ko] - (1.0.0.1) - C:\Windows\System32\DTSBassEnhancementDLL64.dll [MD5.21B38D4D86A87909491F690883AE6D1E] - |A| - [31/08/2017 11:41:21] - (.(c) DTS. - DTS Boost COM DLL.) - [1452.1 Ko] - (1.0.0.1) - C:\Windows\System32\DTSBoostDLL64.dll [MD5.FF31A2F57AAAB58DB78FCC961A58B206] - |A| - [31/08/2017 11:41:22] - (.(c) DTS. - DTS Gain Compensator COM DLL.) - [418.6 Ko] - (1.0.0.1) - C:\Windows\System32\DTSGainCompensatorDLL64.dll [MD5.BC0474E5476E5EA0D0E1AA5AC41E2061] - |A| - [31/08/2017 11:41:22] - (.(c) DTS. - DTS GFX APO.) - [237.1 Ko] - (1.0.0.3) - C:\Windows\System32\DTSGFXAPO64.dll [MD5.3B8FB5376F5431C0101747D5138BCB9B] - |A| - [31/08/2017 11:41:22] - (.(c) DTS. - DTS GFX APO.) - [236.1 Ko] - (1.0.0.3) - C:\Windows\System32\DTSGFXAPONS64.dll [MD5.B3977C8BA77559F4F8752AE8EB724C87] - |A| - [31/08/2017 11:41:22] - (.(c) DTS. - DTS LFX APO.) - [237.1 Ko] - (1.0.0.3) - C:\Windows\System32\DTSLFXAPO64.dll [MD5.192A03A21636D3775CEE4C049C3BEB2A] - |A| - [31/08/2017 11:41:22] - (.(c) DTS. - DTS Limiter COM DLL.) - [422.6 Ko] - (1.0.0.1) - C:\Windows\System32\DTSLimiterDLL64.dll [MD5.2EF5442E8E7ED20F7634EEFB09640C8F] - |A| - [31/08/2017 11:41:22] - (.(c) DTS. - DTS NEO:PC COM DLL.) - [479.6 Ko] - (1.0.0.1) - C:\Windows\System32\DTSNeoPCDLL64.dll [MD5.F7C357462077156DC211AC2112FC8C53] - |A| - [31/08/2017 11:41:22] - (.(c) DTS. - DTS Surround Sensation Headphone COM DLL.) - [1531.6 Ko] - (1.0.0.1) - C:\Windows\System32\DTSS2HeadphoneDLL64.dll [MD5.F132C08BD8C58579B400DFAA71F34CFB] - |A| - [31/08/2017 11:41:22] - (.(c) DTS. - DTS Surround Sensation Speaker COM DLL.) - [1715.1 Ko] - (1.0.0.1) - C:\Windows\System32\DTSS2SpeakerDLL64.dll [MD5.9948969B2C1987B1D64789EFEB284A84] - |A| - [31/08/2017 11:41:23] - (.(c) DTS. - DTS Symmetry COM DLL.) - [695.6 Ko] - (1.0.0.1) - C:\Windows\System32\DTSSymmetryDLL64.dll [MD5.37B8A8089ECED77F6CEAF74917C5D12B] - |A| - [31/08/2017 11:41:23] - (.(c) DTS. - DTS GFX APO.) - [475.94 Ko] - (2.1.1.0) - C:\Windows\System32\DTSU2PGFX64.dll [MD5.8AE860D92752CFA136979B1FF797FFDC] - |A| - [31/08/2017 11:41:23] - (.(c) DTS. - DTS LFX APO.) - [489.44 Ko] - (2.1.1.0) - C:\Windows\System32\DTSU2PLFX64.dll [MD5.A9B98F96FBE514ADEABD20B2BD132172] - |A| - [31/08/2017 11:41:23] - (.(c) DTS. - DTS LFX APO.) - [405.94 Ko] - (2.1.1.0) - C:\Windows\System32\DTSU2PREC64.dll [MD5.DE32448E6B40141C80DAABFF6FBE1744] - |A| - [31/08/2017 11:41:23] - (.(c) DTS. - DTS Voice Clarity COM DLL.) - [677.1 Ko] - (1.0.0.1) - C:\Windows\System32\DTSVoiceClarityDLL64.dll [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [457 Ko] - C:\Windows\System32\el-GR [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [2876.93 Ko] - C:\Windows\System32\en-US [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [448 Ko] - C:\Windows\System32\es-ES [MD5.BAC5074667751F72A9CE48CDC31BAC48] - |A| - [13/10/2017 12:52:19] - (.Copyright (C) 2007 SEIKO EPSON CORP. - E_GCINST.) - [10.5 Ko] - (1.0.0.6) - C:\Windows\System32\E_GCINST.DLL [MD5.8159960E8BA20F1C4A4EBCF0DAEC60E5] - |A| - [13/10/2017 12:52:19] - (.Copyright (C) SEIKO EPSON CORPORATION 2005-2010. - ECBTEGB AMD64.) - [82 Ko] - (3.3.0.0) - C:\Windows\System32\E_ID4BLFE.DLL [MD5.2E21840342850A8A7F28D28D6DD3A1CD] - |A| - [13/10/2017 12:52:19] - (.Copyright (C) SEIKO EPSON CORPORATION 2005-2013. - EPSON Bi-directional Monitor AMD64.) - [175.5 Ko] - (4.4.0.0) - C:\Windows\System32\E_ILMBLFE.DLL [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [430 Ko] - C:\Windows\System32\fi-FI [MD5.A08B87CC51FB774ED45FDF4284B1974F] - |A| - [07/08/2015 23:34:42] - (.-.) - [626.49 Ko] - (0.0.0.0) - C:\Windows\System32\FilmModeDetection.wmv [MD5.D5BAFC1C78A7A88A668414D2A42BCBA4] - |A| - [14/07/2009 06:45:34] - (.-.) - [289.88 Ko] - (0.0.0.0) - C:\Windows\System32\FNTCACHE.DAT [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 17:24:06] - [1840 Ko] - C:\Windows\System32\fr [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [41471.1 Ko] - C:\Windows\System32\fr-FR [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 07:32:38] - [0 Ko] - C:\Windows\System32\FxsTmp [MD5.2AE808CB0D9A667B0CF41EA74B3B9BAC] - |A| - [10/06/2009 22:36:24] - (.-.) - [39.6 Ko] - (0.0.0.0) - C:\Windows\System32\gatherNetworkInfo.vbs [MD5.899E708E589C09700BFF1C73CB7D7002] - |A| - [31/08/2017 11:40:56] - (.-.) - [0.87 Ko] - (0.0.0.0) - C:\Windows\System32\Gfxv2_0.exe.config [MD5.60E6C68CB0B797EDD0386A68526935A4] - |A| - [07/08/2015 23:34:44] - (.-.) - [0.91 Ko] - (0.0.0.0) - C:\Windows\System32\Gfxv4_0.exe.config [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [0 Ko] - C:\Windows\System32\GroupPolicy [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [0 Ko] - C:\Windows\System32\GroupPolicyUsers [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [191.5 Ko] - C:\Windows\System32\he-IL [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [168 Ko] - C:\Windows\System32\hr-HR [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [434.5 Ko] - C:\Windows\System32\hu-HU [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [5.36 Ko] - C:\Windows\System32\ias [MD5.8F724116A11341821203E1F5ADE95FDD] - |A| - [09/08/2015 04:50:42] - (.-.) - [100.5 Ko] - (0.0.0.0) - C:\Windows\System32\IccLibDll_x64.dll [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [36.27 Ko] - C:\Windows\System32\icsxml [MD5.49515625078FF33FAFEF9B58D8864206] - |A| - [09/08/2015 04:52:02] - (.-.) - [17552.48 Ko] - (0.0.0.0) - C:\Windows\System32\igd11dxva64.dll [MD5.BA29BE22CA52E874A7A356A9771C318B] - |A| - [07/08/2015 23:35:38] - (.-.) - [6567.54 Ko] - (0.0.0.0) - C:\Windows\System32\igdclbif.bin [MD5.02E00BFD4E0C2C465448A2B399368ACC] - |A| - [09/08/2015 04:50:42] - (.-.) - [196 Ko] - (0.0.0.0) - C:\Windows\System32\igdde64.dll [MD5.6DDF280828E12BF1063C6184CE301D89] - |A| - [09/08/2015 04:50:42] - (.Copyright (C) 2012-2013 - MDF(CM) Runtime DX11 Dynamic Link Library.) - [218.98 Ko] - (4.0.0.1162) - C:\Windows\System32\igfx11cmrt64.dll [MD5.62BF65313C9D722319AA45A3CE43F03A] - |A| - [09/08/2015 04:50:44] - (.Copyright (C) 2010 - 2013 - MDF(CM) JIT Dynamic Link Library.) - [1347 Ko] - (4.0.0.1162) - C:\Windows\System32\igfxcmjit64.dll [MD5.F0AA459CEB18C2D7C0C254EBA755430C] - |A| - [09/08/2015 04:52:02] - (.Copyright (C) 2010 - 2013 - MDF(CM) Runtime Dynamic Link Library.) - [220.2 Ko] - (4.0.0.1162) - C:\Windows\System32\igfxcmrt64.dll [MD5.14F5FCCC9EE424357A56DC819920AB61] - |A| - [09/08/2015 04:50:44] - (.-.) - [259.98 Ko] - (0.0.0.0) - C:\Windows\System32\igfxCPL.cpl [MD5.FC0BF8CF5D89B6BB5D3E34AFB1F8403E] - |A| - [09/08/2015 04:50:44] - (.-.) - [93 Ko] - (0.0.0.0) - C:\Windows\System32\igfxCUIServicePS.dll [MD5.8D8AD12C340109B92373BD9D37DB8893] - |A| - [09/08/2015 04:50:44] - (.-.) - [69.48 Ko] - (1.0.0.0) - C:\Windows\System32\igfxDHLib.dll [MD5.C303220D818F309A7EAF68E80195C14F] - |A| - [09/08/2015 04:50:44] - (.-.) - [80.5 Ko] - (1.0.0.0) - C:\Windows\System32\igfxDHLibv2_0.dll [MD5.98FB26CC1AD671DA6ACB5CA3294D7A7D] - |A| - [09/08/2015 04:50:44] - (.-.) - [19.5 Ko] - (1.0.0.0) - C:\Windows\System32\igfxDILib.dll [MD5.315B873209695877BCAC0F34B9962A78] - |A| - [09/08/2015 04:50:44] - (.-.) - [20.48 Ko] - (1.0.0.0) - C:\Windows\System32\igfxDILibv2_0.dll [MD5.8EE2FC9427FC407E030578EEB34C6F6D] - |A| - [09/08/2015 04:50:44] - (.-.) - [18.5 Ko] - (1.0.0.0) - C:\Windows\System32\igfxEMLib.dll [MD5.5C51719B73739AC57582F548112BC3A6] - |A| - [09/08/2015 04:50:44] - (.-.) - [18.5 Ko] - (1.0.0.0) - C:\Windows\System32\igfxEMLibv2_0.dll [MD5.8256711401566B4FDAE7A3094CC62776] - |A| - [09/08/2015 04:50:44] - (.-.) - [13.5 Ko] - (1.0.0.0) - C:\Windows\System32\igfxLHMLib.dll [MD5.44924A5A35F330AA2C21247A6522B406] - |A| - [09/08/2015 04:50:44] - (.-.) - [13.5 Ko] - (1.0.0.0) - C:\Windows\System32\igfxLHMLibv2_0.dll [MD5.75FBFC49CE8A7EF087AB450145C093C1] - |A| - [09/08/2015 04:50:44] - (.-.) - [394.9 Ko] - (0.0.0.0) - C:\Windows\System32\igfxTray.exe [MD5.6C0F36ABFE80433B352FA7748ED887BF] - |A| - [31/08/2017 11:40:56] - (.-.) - [2748 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxa64.cpa [MD5.2FCCF7939D4D3F392AB3C0F5F40039DD] - |A| - [28/03/2014 13:06:34] - (.-.) - [1.1 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxa64.vp [MD5.B226B85123619EF1394339C1B5EB5A8D] - |A| - [31/08/2017 11:40:56] - (.-.) - [42.47 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxc64.vp [MD5.55C71EDC47B57E5115B40095EEC9E205] - |A| - [31/08/2017 11:40:57] - (.-.) - [42.79 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxc64_dev.vp [MD5.94ED4F871997E5DFC610DC1649C38911] - |A| - [31/08/2017 11:40:56] - (.-.) - [42.24 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxg64.vp [MD5.04590E9E52E13EF34B2AA02C7EA2431B] - |A| - [31/08/2017 11:40:57] - (.-.) - [42.28 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxg64_dev.vp [MD5.3B6EF4F03F2DE75A3B7DDF627A3EC146] - |A| - [31/08/2017 11:40:56] - (.-.) - [42.99 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxo64.vp [MD5.715DBDBED4599E798F94EDF6003F75B6] - |A| - [31/08/2017 11:40:57] - (.-.) - [41.09 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxo64_dev.vp [MD5.9530ED0BDBD3A87EEF4B2E7B4D92E8D2] - |A| - [07/08/2015 23:36:06] - (.-.) - [3.95 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxs64.vp [MD5.3ED204C864E5CC3C78D3DBB707D102D1] - |A| - [07/08/2015 23:36:06] - (.-.) - [394.21 Ko] - (0.0.0.0) - C:\Windows\System32\ImageStabilization.wmv [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [36875.94 Ko] - C:\Windows\System32\IME [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [0 Ko] - C:\Windows\System32\inetsrv [MD5.A8EAA7832F844A0757F54CBD41BD5FBF] - |A| - [09/08/2015 04:50:44] - (.Copyright © The Khronos Group Inc 2014 - OpenCL Client DLL.) - [90.48 Ko] - (2.0.2.0) - C:\Windows\System32\Intel_OpenCL_ICD64.dll [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [452 Ko] - C:\Windows\System32\it-IT [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [365 Ko] - C:\Windows\System32\ja-JP [MD5.6F7D1601DA55BBE5C7A79E01E236D7B9] - |A| - [31/08/2017 11:41:28] - (.© Knowles Electronics. - Knowles HD Audio APO.) - [589.83 Ko] - (4.1105.6000.53) - C:\Windows\System32\KAAPORT64.dll [MD5.48BA9C6110A5EBA910E7FB2E7D23CFC1] - |A| - [31/08/2017 16:15:30] - (.Copyright © Kaspersky Lab ZAO 1996-2012. - Filtering Platform Helper Class.) - [107.59 Ko] - (1.0.0.12) - C:\Windows\System32\klfphc.dll [MD5.A30D76B27391CC0E479C540A950DC8F4] - |A| - [31/08/2017 16:15:21] - (.© 2016 AO Kaspersky Lab. - System Interceptors PDK usermode service interceptor.) - [145.8 Ko] - (13.0.136.0) - C:\Windows\System32\klhkum.dll [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [360 Ko] - C:\Windows\System32\ko-KR [MD5.C1B7AB03AC2F3C990A40BC2E18E02CF1] - |A| - [14/07/2009 04:35:50] - (.-.) - [11687.04 Ko] - (0.0.0.0) - C:\Windows\System32\korwbrkr.lex [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [3985.07 Ko] - C:\Windows\System32\LogFiles [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [165 Ko] - C:\Windows\System32\lt-LT [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [166 Ko] - C:\Windows\System32\lv-LV [MD5.842FE246144628943AA6522C98DF0932] - |A| - [18/01/2012 06:44:26] - (.(c) 1996-2012 Logitech. - Logitech Co-Installer.) - [257.28 Ko] - (13.31.1044.0) - C:\Windows\System32\lvco13311044.dll [MD5.62641B50B9D2FDE44E583AFA8380E02A] - |A| - [21/09/2012 21:04:24] - (.(c) 1996-2012 Logitech. - Logitech Co-Installer.) - [256.28 Ko] - (13.51.823.0) - C:\Windows\System32\lvco1351823.dll [MD5.BCD7159B6F32F03F394DFBC9F925398F] - |A| - [18/01/2012 06:22:54] - (.-.) - [27.75 Ko] - (0.0.0.0) - C:\Windows\System32\lvcoin64.ini [MD5.6E6B11E3F3A9CBC632FC569F7D679320] - |A| - [31/08/2017 11:56:39] - (.-.) - [29.16 Ko] - (0.0.0.0) - C:\Windows\System32\lvcoinst.log [MD5.00000000000000000000000000000000] - |D| - [17/12/2017 00:43:57] - [61058.48 Ko] - C:\Windows\System32\Macromed [MD5.7A495CA1402C2F9F5D035092AD808669] - |A| - [13/07/2009 22:17:48] - (.-.) - [0.85 Ko] - (0.0.0.0) - C:\Windows\System32\manage-bde.wsf [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [1981.88 Ko] - C:\Windows\System32\manifeststore [MD5.75616F8DB5C092A8A50AFEC273859DD7] - |A| - [31/08/2017 11:41:30] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [311.34 Ko] - (2.2.9.0) - C:\Windows\System32\MaxxAudioAPO20.dll [MD5.06080807E61471A18AD99F3E6FF3C9B5] - |A| - [31/08/2017 11:41:30] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [647.75 Ko] - (3.6.0.0) - C:\Windows\System32\MaxxAudioAPO30.dll [MD5.B77F2DC56F6E1E7A99C17F0DCCBC57BA] - |A| - [31/08/2017 11:41:30] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [1391.59 Ko] - (4.5.3.0) - C:\Windows\System32\MaxxAudioAPO4064.dll [MD5.9DA0ED5924EB9198CAB22CCABF5E2143] - |A| - [31/08/2017 11:41:30] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [1390.59 Ko] - (5.4.10.0) - C:\Windows\System32\MaxxAudioAPO5064.dll [MD5.BFD0DE954C3675DC6F45615361861E14] - |A| - [31/08/2017 11:41:31] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [2340.59 Ko] - (6.0.12.0) - C:\Windows\System32\MaxxAudioAPO6064.dll [MD5.8B79D5D68E6CA4ACC4557BC2B9FEC76C] - |A| - [31/08/2017 11:41:31] - (.Copyright (C) 2010-2014 - MaxxAudio APO Shell.) - [1018.09 Ko] - (4.14.8.0) - C:\Windows\System32\MaxxAudioAPOShell64.dll [MD5.A013A87534A2AA4A57DC9F6AA082F2D3] - |A| - [31/08/2017 11:41:35] - (.Copyright © 1996-2014 -.) - [1993.09 Ko] - (4.1.1.0) - C:\Windows\System32\MaxxAudioEQ64.dll [MD5.45B914BC0A4A0E645326A50D6DC4BAD3] - |A| - [31/08/2017 11:41:45] - (.- Waves Realtek App.) - [1888.09 Ko] - (5.2.20.0) - C:\Windows\System32\MaxxAudioRealtek264.dll [MD5.E9CB0AE8617D580A60B23D6202025ECE] - |A| - [31/08/2017 11:41:53] - (.Copyright © 1996-2014 -.) - [14396.59 Ko] - (4.5.4.0) - C:\Windows\System32\MaxxAudioRealtek64.dll [MD5.50654E6164CD118BDB36730D765272AE] - |A| - [31/08/2017 11:42:18] - (.Copyright © 1996-2014 -.) - [27650.59 Ko] - (1.7.8.0) - C:\Windows\System32\MaxxAudioVnA64.dll [MD5.E1510B4CE2191CF05706F8A0CFD724D2] - |A| - [31/08/2017 11:43:07] - (.Copyright © 1996-2014 -.) - [3835.59 Ko] - (1.4.3.0) - C:\Windows\System32\MaxxAudioVnN64.dll [MD5.581778867AEB80C4366057B3DE1DC4D0] - |A| - [31/08/2017 11:43:16] - (.© Waves Audio Ltd. - MaxxSpeech APO.) - [1283.11 Ko] - (1.1.4.0) - C:\Windows\System32\MaxxSpeechAPO64.dll [MD5.6697E2E2A7AA44BC03E3C953E641EBE6] - |A| - [31/08/2017 11:43:18] - (.© Waves Audio Ltd. - MaxxVoice APO.) - [916.61 Ko] - (2.4.4.0) - C:\Windows\System32\MaxxVoiceAPO2064.dll [MD5.8D53AF11D605B1DD6BEE7B0178AB9738] - |A| - [31/08/2017 11:43:20] - (.© Waves Audio Ltd. - MaxxVoice APO.) - [12516.09 Ko] - (3.0.7.0) - C:\Windows\System32\MaxxVoiceAPO3064.dll [MD5.587A8CF457604D84266FF858CEB60223] - |A| - [31/08/2017 11:43:41] - (.© Waves Audio Ltd. - MaxxVolumeSD APO.) - [647.25 Ko] - (3.6.0.0) - C:\Windows\System32\MaxxVolumeSDAPO.dll [MD5.39E801545FFF6230C80140E0F8A06629] - |A| - [14/07/2009 06:57:09] - (.-.) - [1.21 Ko] - (0.0.0.0) - C:\Windows\System32\migwiz.lnk [MD5.410714075B87B0E602D275641C688C4F] - |A| - [31/08/2017 11:43:44] - (.Copyright © 2013 Nahimic Inc. All rights reserved - Nahimic APO lfx dll.) - [5616.26 Ko] - (6.3.9600.16384) - C:\Windows\System32\NAHIMICAPOlfx.dll [MD5.13E58536C6C3B7A858A26A058E76452A] - |A| - [31/08/2017 11:43:42] - (.Copyright © 2013 Nahimic Inc. All rights reserved - Nahimic APO Settings Communication Dll.) - [920.3 Ko] - (1.0.0.14866) - C:\Windows\System32\NAHIMICAPOSettingsIPC.dll [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [422.5 Ko] - C:\Windows\System32\nb-NO [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [512 Ko] - C:\Windows\System32\NDF [MD5.CD48AD912839B9FB6CCA5D4AA9B37500] - |A| - [14/07/2009 00:01:19] - (.-.) - [21.3 Ko] - (0.0.0.0) - C:\Windows\System32\NetTrace.PLA.Diagnostics.xml [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [119 Ko] - C:\Windows\System32\NetworkList [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [443.5 Ko] - C:\Windows\System32\nl-NL [MD5.1C96B3DA6ABE5E18B63C64DF75884F6A] - |A| - [14/07/2009 04:35:51] - (.-.) - [1.45 Ko] - (0.0.0.0) - C:\Windows\System32\noise.kor [MD5.F0F4DA57937F064881F751786244B7AF] - |A| - [13/01/2018 21:01:15] - (.-.) - [0.65 Ko] - (0.0.0.0) - C:\Windows\System32\nv-vk64.json [MD5.BED94E70C10EFF09AEF94D18CA7FF7F7] - |A| - [01/09/2017 09:33:38] - (.-.) - [7924.04 Ko] - (0.0.0.0) - C:\Windows\System32\nvcoproc.bin [MD5.1BAA5246AF741F83B5130C001BEE9DB0] - |A| - [01/09/2017 09:33:23] - (.-.) - [44.44 Ko] - (0.0.0.0) - C:\Windows\System32\nvinfo.pb [MD5.2901049544FDF863362FABA2363EB647] - |A| - [13/07/2009 22:24:21] - (.-.) - [0.82 Ko] - (0.0.0.0) - C:\Windows\System32\onlinesetup.cmd [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [13095.58 Ko] - C:\Windows\System32\oobe [MD5.BE37A9F9C9B33A8CE52876C812B9169A] - |A| - [14/07/2009 04:36:59] - (.-.) - [1297.03 Ko] - (0.0.0.0) - C:\Windows\System32\perfc009.dat [MD5.35748C14ECC2CC08B8E88996E2E39145] - |A| - [14/07/2009 17:24:17] - (.-.) - [1500.18 Ko] - (0.0.0.0) - C:\Windows\System32\perfc00C.dat [MD5.B7795BC96C1CEB86E04E8DC843E9C784] - |A| - [10/06/2009 22:33:35] - (.-.) - [113.56 Ko] - (0.0.0.0) - C:\Windows\System32\PerfCenterCpl.ico [MD5.7AAA3E23CE4C7845B112F7A79B110E60] - |A| - [14/07/2009 04:36:59] - (.-.) - [30.81 Ko] - (0.0.0.0) - C:\Windows\System32\perfd009.dat [MD5.07BA000B2E67565BDF112C35171865A5] - |A| - [14/07/2009 17:24:17] - (.-.) - [37.27 Ko] - (0.0.0.0) - C:\Windows\System32\perfd00C.dat [MD5.47CE23F41C635C89EBBD3F3F11BCA53F] - |A| - [14/07/2009 04:36:59] - (.-.) - [1872.86 Ko] - (0.0.0.0) - C:\Windows\System32\perfh009.dat [MD5.8148AFE72C495F2418A69976870ABC2C] - |A| - [14/07/2009 17:24:17] - (.-.) - [4867.36 Ko] - (0.0.0.0) - C:\Windows\System32\perfh00C.dat [MD5.4560BDD84E36CC93A9CF303C8541CA9D] - |A| - [14/07/2009 07:13:15] - (.-.) - [6.28 Ko] - (0.0.0.0) - C:\Windows\System32\PerfStringBackup.INI [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [439 Ko] - C:\Windows\System32\pl-PL [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 17:24:06] - [420.42 Ko] - C:\Windows\System32\Printing_Admin_Scripts [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [436 Ko] - C:\Windows\System32\pt-BR [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [438.5 Ko] - C:\Windows\System32\pt-PT [MD5.8882AD10853E45402CABD3BAF48A7EFC] - |A| - [31/08/2017 11:43:56] - (.©2012 Dolby Laboratories. - Dolby PCEE4 ASL Analog x64.) - [121.27 Ko] - (7.2.8000.17) - C:\Windows\System32\R4EEA64A.dll [MD5.0B5EF50E26CFD1E7BF01E32E053532B2] - |A| - [31/08/2017 11:43:56] - (.©2012 Dolby Laboratories. - Dolby PCEE4 COM DLL x64.) - [424.77 Ko] - (7.2.8000.17) - C:\Windows\System32\R4EED64A.dll [MD5.01096663377134C41D618AF0E53A953E] - |A| - [31/08/2017 11:43:57] - (.©2012 Dolby Laboratories. - Dolby PCEE4 GFX APO x64.) - [73.27 Ko] - (7.2.8000.17) - C:\Windows\System32\R4EEG64A.dll [MD5.D0EB28022A91A5C084E8A7DEBB08D8D2] - |A| - [31/08/2017 11:43:59] - (.©2012 Dolby Laboratories. - Dolby PCEE4 LFX APO x64.) - [138.27 Ko] - (7.2.8000.17) - C:\Windows\System32\R4EEL64A.dll [MD5.03625A179B27362D3A90E3331AEBE95E] - |A| - [31/08/2017 11:43:59] - (.©2012 Dolby Laboratories. - Dolby PCEE4 Control Panel x64.) - [6996.27 Ko] - (7.2.8000.17) - C:\Windows\System32\R4EEP64A.dll [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [23.75 Ko] - C:\Windows\System32\ras [MD5.D61937B3B6F0EB457F1C052CE49962AB] - |A| - [21/09/2012 20:48:56] - (.-.) - [39.8 Ko] - (0.0.0.0) - C:\Windows\System32\Repository.reg [MD5.DA9D442C05D54D24E103DBFFAC9966B8] - |A| - [31/08/2017 11:40:57] - (.-.) - [158.08 Ko] - (0.0.0.0) - C:\Windows\System32\resARA.cui [MD5.24D7767BB5A92CFC45AFB907AF0447B1] - |A| - [31/08/2017 11:40:57] - (.-.) - [142.72 Ko] - (0.0.0.0) - C:\Windows\System32\resCHS.cui [MD5.EFDD4AE7B4DA2A12F271B336FEE228D7] - |A| - [31/08/2017 11:40:57] - (.-.) - [143.54 Ko] - (0.0.0.0) - C:\Windows\System32\resCHT.cui [MD5.D57346699D8C8EAAD62E41A1A9D9D1CE] - |A| - [31/08/2017 11:40:56] - (.-.) - [149.52 Ko] - (0.0.0.0) - C:\Windows\System32\resCSY.cui [MD5.F0681F1F1A17A9953EA6DA51D07C3298] - |A| - [31/08/2017 11:40:57] - (.-.) - [146.55 Ko] - (0.0.0.0) - C:\Windows\System32\resDAN.cui [MD5.2E95E4FD1A0C19EB2D1A25742D2F7581] - |A| - [31/08/2017 11:40:57] - (.-.) - [151.25 Ko] - (0.0.0.0) - C:\Windows\System32\resDEU.cui [MD5.6F2989FD566FAD45AA824D79B8AB8E9F] - |A| - [31/08/2017 11:40:57] - (.-.) - [175.94 Ko] - (0.0.0.0) - C:\Windows\System32\resELL.cui [MD5.07C7409BF9BB0DE0681BE2E37D345DD2] - |A| - [31/08/2017 11:40:56] - (.-.) - [145.27 Ko] - (0.0.0.0) - C:\Windows\System32\resENU.cui [MD5.FFBB4443F5C6922CC8AE04570B79118A] - |A| - [31/08/2017 11:40:56] - (.-.) - [150.99 Ko] - (0.0.0.0) - C:\Windows\System32\resESN.cui [MD5.6EE746C67B97FF4C25E5DB7BE30DADCC] - |A| - [31/08/2017 11:40:57] - (.-.) - [148.99 Ko] - (0.0.0.0) - C:\Windows\System32\resFIN.cui [MD5.DEC50C7FDACD4FEF048AE8DEA92E220B] - |A| - [31/08/2017 11:40:57] - (.-.) - [153.02 Ko] - (0.0.0.0) - C:\Windows\System32\resFRA.cui [MD5.85136AD4C6402CDA519A828BFF030F70] - |A| - [31/08/2017 11:40:57] - (.-.) - [157.55 Ko] - (0.0.0.0) - C:\Windows\System32\resHEB.cui [MD5.A2F79431CA041236B28953372961DD55] - |A| - [31/08/2017 11:40:56] - (.-.) - [148.57 Ko] - (0.0.0.0) - C:\Windows\System32\resHRV.cui [MD5.339A69E190849AB09618CBBC6A4941D5] - |A| - [31/08/2017 11:40:56] - (.-.) - [153 Ko] - (0.0.0.0) - C:\Windows\System32\resHUN.cui [MD5.B0353388F1E5EC15476F04415D9CD709] - |A| - [31/08/2017 11:40:57] - (.-.) - [151.25 Ko] - (0.0.0.0) - C:\Windows\System32\resITA.cui [MD5.07A03EACD63BDB7E26D19AAB9E8EE965] - |A| - [31/08/2017 11:40:56] - (.-.) - [157.49 Ko] - (0.0.0.0) - C:\Windows\System32\resJPN.cui [MD5.6506FA437D5442067A5490453E02C6B4] - |A| - [31/08/2017 11:40:56] - (.-.) - [151.35 Ko] - (0.0.0.0) - C:\Windows\System32\resKOR.cui [MD5.CE0213536A9B322659B082E7315A81F4] - |A| - [31/08/2017 11:40:57] - (.-.) - [150.24 Ko] - (0.0.0.0) - C:\Windows\System32\resNLD.cui [MD5.9FC32F05EFEDC9E2DFEBA5CF25E702C4] - |A| - [31/08/2017 11:40:56] - (.-.) - [147.05 Ko] - (0.0.0.0) - C:\Windows\System32\resNOR.cui [MD5.3674D10DDF9C6469C9FDC9DAA6B05A9D] - |A| - [31/08/2017 11:40:56] - (.-.) - [150.57 Ko] - (0.0.0.0) - C:\Windows\System32\resPLK.cui [MD5.F07A45C9D036F7550F474C5DF497D159] - |A| - [31/08/2017 11:40:56] - (.-.) - [149.69 Ko] - (0.0.0.0) - C:\Windows\System32\resPTB.cui [MD5.13D95CCB47B9217BB974AD5C67DBAD31] - |A| - [31/08/2017 11:40:56] - (.-.) - [149.39 Ko] - (0.0.0.0) - C:\Windows\System32\resPTG.cui [MD5.2C17E210566467F0458F452BF67C306A] - |A| - [31/08/2017 11:40:56] - (.-.) - [151.1 Ko] - (0.0.0.0) - C:\Windows\System32\resROM.cui [MD5.9AE787133FEC857E16559907E2968C38] - |A| - [31/08/2017 11:40:56] - (.-.) - [171.89 Ko] - (0.0.0.0) - C:\Windows\System32\resRUS.cui [MD5.D30155B657A00FA9A8E472C3E36306B9] - |A| - [31/08/2017 11:40:56] - (.-.) - [150.43 Ko] - (0.0.0.0) - C:\Windows\System32\resSKY.cui [MD5.A357B3A6A1C6FCD8A8D5B65297F5FE55] - |A| - [31/08/2017 11:40:56] - (.-.) - [147.96 Ko] - (0.0.0.0) - C:\Windows\System32\resSLV.cui [MD5.44B2E46215B39D32064C52E2B785D2E6] - |A| - [31/08/2017 11:40:56] - (.-.) - [148.13 Ko] - (0.0.0.0) - C:\Windows\System32\resSVE.cui [MD5.C20A7C24C0D0A2C7E6F858D071BBD4E3] - |A| - [31/08/2017 11:40:57] - (.-.) - [182.96 Ko] - (0.0.0.0) - C:\Windows\System32\resTHA.cui [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 07:32:38] - [0.07 Ko] - C:\Windows\System32\restore [MD5.A63A0911148E7F161DF20AD39CBA4BF3] - |A| - [31/08/2017 11:40:56] - (.-.) - [149.55 Ko] - (0.0.0.0) - C:\Windows\System32\resTRK.cui [MD5.82CEEBAD5678CE85AEA7CCB9C8774EF3] - |A| - [31/08/2017 11:55:37] - (.-.) - [17.77 Ko] - (0.0.0.0) - C:\Windows\System32\results.xml [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [169 Ko] - C:\Windows\System32\ro-RO [MD5.E9D4A333DF15D06C68AC4BFB9B6581CB] - |A| - [31/08/2017 11:46:03] - (.© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DAA Control Panel x64.) - [302.84 Ko] - (6.0.6001.18) - C:\Windows\System32\RP3DAA64.dll [MD5.B6FE01558CC03F3866C9AD0ED19261D8] - |A| - [31/08/2017 11:46:03] - (.© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DHT Control Panel x64.) - [302.84 Ko] - (6.0.6001.18) - C:\Windows\System32\RP3DHT64.dll [MD5.A6286A6C7A1BBFCBA17AA54384A21D1C] - |A| - [31/08/2017 11:46:08] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 COM DLL x64.) - [199.34 Ko] - (6.1.6001.33) - C:\Windows\System32\RTEED64A.dll [MD5.6F4CD493196100EEF349D7132CECAFD9] - |A| - [31/08/2017 11:46:09] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 GFX APO x64.) - [76.84 Ko] - (6.1.6001.33) - C:\Windows\System32\RTEEG64A.dll [MD5.ECAEC5FBBBEF8612AF0A866AFA5F7EF2] - |A| - [31/08/2017 11:46:09] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 LFX APO x64.) - [98.84 Ko] - (6.1.6001.33) - C:\Windows\System32\RTEEL64A.dll [MD5.D0D0D82B7366E691275E433CD34F89B2] - |A| - [31/08/2017 11:46:10] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 Control Panel x64.) - [366.34 Ko] - (6.1.6001.33) - C:\Windows\System32\RTEEP64A.dll [MD5.903B8789D3B79CB091B627E75F609A7A] - |A| - [20/01/2011 13:32:51] - (.-.) - [0.71 Ko] - (0.0.0.0) - C:\Windows\System32\RTSLCS.dll [MD5.5C18CD22BE4628865FCB63337A6E5EF6] - |A| - [20/01/2011 14:28:49] - (.-.) - [10.18 Ko] - (0.0.0.0) - C:\Windows\System32\ScavengeSpace.xml [MD5.17ABCAD44A75C635583A238ED6333357] - |A| - [31/08/2017 11:46:59] - (.Copyright (c) 2006-2011 Synopsys, Inc. All Rights Reserved - SFAPO.DLL.) - [76.84 Ko] - (3.0.0.16) - C:\Windows\System32\SFAPO64.dll [MD5.2C25AF115BDDC05D9A84D26227A08E63] - |A| - [31/08/2017 11:47:00] - (.Copyright (c) 2006-2011 Synopsys, Inc. All Rights Reserved - SFCOM.DLL.) - [79.34 Ko] - (3.0.0.16) - C:\Windows\System32\SFCOM64.dll [MD5.7B3E9344FB43D799C6462227A0E65877] - |A| - [31/08/2017 11:47:01] - (.Copyright (c) 2006-2011 Synopsys, Inc. All Rights Reserved - SFNHK.DLL.) - [215.84 Ko] - (3.0.0.16) - C:\Windows\System32\SFNHK64.dll [MD5.55D8C5F89695CBDE93201671F5A4A23F] - |A| - [31/08/2017 11:47:53] - (.Copyright (C) 2013 DTS, Inc. - DTS Studio Sound.) - [868.74 Ko] - (3.1.23.0) - C:\Windows\System32\sl3apo64.dll [MD5.1671AE03E56BEED80A0FBD8519557232] - |A| - [31/08/2017 11:47:56] - (.Copyright (C) 2011 SRS Labs, Inc. - SRS Labs.) - [1024.24 Ko] - (3.1.23.0) - C:\Windows\System32\slcnt64.dll [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 17:24:06] - [42.67 Ko] - C:\Windows\System32\slmgr [MD5.CBC5F17C1A77DFAC7825575A7BBB15C1] - |A| - [31/08/2017 11:48:02] - (.TODO: (c) . - TODO: .) - [240.24 Ko] - (1.0.0.1) - C:\Windows\System32\slprp64.dll [MD5.AD8A1086FEBF23D98532659B82F68891] - |A| - [31/08/2017 11:48:03] - (.Copyright (C) 2013 DTS, Inc. - DTS Studio Sound.) - [707.74 Ko] - (3.1.23.0) - C:\Windows\System32\sltech64.dll [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:13] - [18562.02 Ko] - C:\Windows\System32\SMI [MD5.C74D61FCA22F36791105D7878AF73572] - |A| - [10/06/2009 23:08:17] - (.-.) - [8.09 Ko] - (0.0.0.0) - C:\Windows\System32\spcinstrumentation.man [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:13] - [17378 Ko] - C:\Windows\System32\Speech [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:13] - [83005.44 Ko] - C:\Windows\System32\spool [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:13] - [1959.75 Ko] - C:\Windows\System32\spp [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:13] - [30.19 Ko] - C:\Windows\System32\sppui [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:13] - [170 Ko] - C:\Windows\System32\sr-Latn-CS [MD5.A88BE9A6C4E646A2B2A1BD3A7F4B58E7] - |A| - [31/08/2017 11:47:09] - (.(c) 2007 SRS Labs, Inc. - COM object implementing SRS Headphone 360.) - [194.23 Ko] - (1.1.0.0) - C:\Windows\System32\SRSHP64.dll [MD5.A028717B791416182959B325D5B40679] - |A| - [31/08/2017 11:47:09] - (.Copyright (c) 2006 SRS Labs, Inc.. - TruSurround HD and HD4 COM object for Windows.) - [206.23 Ko] - (1.1.4.0) - C:\Windows\System32\SRSTSH64.dll [MD5.018D3D2478754AA411DE6DA6DE5F8F21] - |A| - [31/08/2017 11:47:10] - (.Copyright 2002 SRS Labs, Inc. - TruSurroundXT Module.) - [506.73 Ko] - (3.2.0.0) - C:\Windows\System32\SRSTSX64.dll [MD5.2FCADCC14F8E540F6ADE4BF92BD8AEDD] - |A| - [31/08/2017 11:47:11] - (.(c) 2006 SRS Labs, Inc. - WOW HD COM object for Windows.) - [152.23 Ko] - (1.1.3.0) - C:\Windows\System32\SRSWOW64.dll [MD5.40249687A1128E1779087E5C15280BDE] - |A| - [31/08/2017 11:47:11] - (.-.) - [1697.3 Ko] - (0.0.0.0) - C:\Windows\System32\SStudio.dll [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:13] - [426.5 Ko] - C:\Windows\System32\sv-SE [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:13] - [137.88 Ko] - C:\Windows\System32\sysprep [MD5.5EC92F0EAE3CA59F647C3CA5AA7CB053] - |A| - [20/01/2011 14:29:05] - (.-.) - [339.75 Ko] - (0.0.0.0) - C:\Windows\System32\systemsf.ebd [MD5.C3E769BC39012C746BD56341C4465B7A] - |A| - [11/01/2018 07:19:00] - (.-.) - [0.29 Ko] - (0.0.0.0) - C:\Windows\System32\TaskScheduler.log [MD5.47F22CAD4A16BB40153555D631546B94] - |A| - [10/06/2009 23:01:25] - (.-.) - [58.71 Ko] - (0.0.0.0) - C:\Windows\System32\tcpmon.ini [MD5.B0D8E26D3CC725F0CC6D33FDBEA061F7] - |A| - [14/07/2009 06:45:37] - (.-.) - [21 Ko] - (0.0.0.0) - C:\Windows\System32\umstartup.etl [MD5.E2090ABBDE0128166584C1534810D334] - |A| - [14/07/2009 06:45:37] - (.-.) - [9 Ko] - (0.0.0.0) - C:\Windows\System32\umstartup000.etl [MD5.5450A69087D2F6955A253CB2BF86503C] - |A| - [09/12/2017 00:24:44] - (.Copyright (C) 2015-2017 - Vulkan Loader.) - [906.8 Ko] - (1.0.65.1) - C:\Windows\System32\vulkan-1-1-0-65-1.dll [MD5.5450A69087D2F6955A253CB2BF86503C] - |A| - [03/04/2018 17:30:25] - (.Copyright (C) 2015-2017 - Vulkan Loader.) - [906.8 Ko] - (1.0.65.1) - C:\Windows\System32\vulkan-1.dll [MD5.95253BF8F996BEA19BFA974F61277E87] - |A| - [09/12/2017 00:24:32] - (.-.) - [577.8 Ko] - (0.0.0.0) - C:\Windows\System32\vulkaninfo-1-1-0-65-1.exe [MD5.95253BF8F996BEA19BFA974F61277E87] - |A| - [03/04/2018 17:30:26] - (.-.) - [577.8 Ko] - (0.0.0.0) - C:\Windows\System32\vulkaninfo.exe [MD5.00000000000000000000000000000000] - |D| - [01/09/2017 08:25:04] - [1754.83 Ko] - C:\Windows\System32\Wat [MD5.63EAAE0EFD2DD5D840B7FE3DAB60C2CB] - |A| - [31/08/2017 11:47:14] - (.Copyright © 1996-2012 - General Library for Plug-Ins.) - [2052.59 Ko] - (4.4.5.0) - C:\Windows\System32\WavesGUILib64.dll [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [51842.24 Ko] - C:\Windows\System32\wbem [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 17:24:06] - [47.61 Ko] - C:\Windows\System32\WCN [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [172738.29 Ko] - C:\Windows\System32\wdi [MD5.6EDD021A8B6457DDE09DE7B7FA4E8C8B] - |A| - [13/07/2009 23:54:15] - (.-.) - [0.6 Ko] - (0.0.0.0) - C:\Windows\System32\WdsUnattendTemplate.xml [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [144 Ko] - C:\Windows\System32\wfp [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 07:32:38] - [0 Ko] - C:\Windows\System32\WinBioDatabase [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 07:32:38] - [73.5 Ko] - C:\Windows\System32\WinBioPlugIns [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 07:32:38] - [9124.89 Ko] - C:\Windows\System32\WindowsPowerShell [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [104988 Ko] - C:\Windows\System32\winevt [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 17:24:07] - [106.26 Ko] - C:\Windows\System32\winrm [MD5.E47A844AC4B2A85B1E4EAE78C6E40FD9] - |A| - [01/09/2017 08:01:09] - (.-.) - [0.18 Ko] - (0.0.0.0) - C:\Windows\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat [MD5.0055B62657CE7561F68136FB1E54AFAC] - |A| - [31/08/2017 11:59:50] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\Windows\System32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 17:24:07] - [0 Ko] - C:\Windows\SysWOW64\040C [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [2258.5 Ko] - C:\Windows\SysWOW64\AdvancedInstallers [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [201.5 Ko] - C:\Windows\SysWOW64\ar-SA [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [173 Ko] - C:\Windows\SysWOW64\bg-BG [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [0 Ko] - C:\Windows\SysWOW64\catroot [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [0 Ko] - C:\Windows\SysWOW64\catroot2 [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [302.5 Ko] - C:\Windows\SysWOW64\com [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [3573.15 Ko] - C:\Windows\SysWOW64\config [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [427.5 Ko] - C:\Windows\SysWOW64\cs-CZ [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [422.5 Ko] - C:\Windows\SysWOW64\da-DK [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [452 Ko] - C:\Windows\SysWOW64\de-DE [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [4156 Ko] - C:\Windows\SysWOW64\Dism [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [3498.67 Ko] - C:\Windows\SysWOW64\drivers [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [1.09 Ko] - C:\Windows\SysWOW64\DriverStore [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [451.5 Ko] - C:\Windows\SysWOW64\el-GR [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [2846.93 Ko] - C:\Windows\SysWOW64\en-US [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [443 Ko] - C:\Windows\SysWOW64\es-ES [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [160.5 Ko] - C:\Windows\SysWOW64\et-EE [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [425 Ko] - C:\Windows\SysWOW64\fi-FI [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 17:24:07] - [1680 Ko] - C:\Windows\SysWOW64\fr [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [37751.48 Ko] - C:\Windows\SysWOW64\fr-FR [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 07:32:38] - [0 Ko] - C:\Windows\SysWOW64\FxsTmp [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [0 Ko] - C:\Windows\SysWOW64\GroupPolicy [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [0 Ko] - C:\Windows\SysWOW64\GroupPolicyUsers [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [191.5 Ko] - C:\Windows\SysWOW64\he-IL [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [168 Ko] - C:\Windows\SysWOW64\hr-HR [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [429 Ko] - C:\Windows\SysWOW64\hu-HU [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [36.27 Ko] - C:\Windows\SysWOW64\icsxml [MD5.BF445302D1233BD23B0A73BF93C0D170] - |A| - [09/08/2015 04:52:04] - (.-.) - [17083.2 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\igd11dxva32.dll [MD5.E6CF480590A9A5811E4864FD3F36B0DC] - |A| - [09/08/2015 04:50:44] - (.Copyright © The Khronos Group Inc 2014 - OpenCL Client DLL.) - [94.48 Ko] - (2.0.2.0) - C:\Windows\SysWOW64\Intel_OpenCL_ICD32.dll [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [447 Ko] - C:\Windows\SysWOW64\it-IT [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [361 Ko] - C:\Windows\SysWOW64\ja-JP [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [356.5 Ko] - C:\Windows\SysWOW64\ko-KR [MD5.C1B7AB03AC2F3C990A40BC2E18E02CF1] - |A| - [14/07/2009 04:35:50] - (.-.) - [11687.04 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\korwbrkr.lex [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 07:32:38] - [0 Ko] - C:\Windows\SysWOW64\LogFiles [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [165 Ko] - C:\Windows\SysWOW64\lt-LT [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [166 Ko] - C:\Windows\SysWOW64\lv-LV [MD5.00000000000000000000000000000000] - |D| - [17/12/2017 00:43:56] - [45006.31 Ko] - C:\Windows\SysWOW64\Macromed [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [1968.26 Ko] - C:\Windows\SysWOW64\manifeststore [MD5.98071B6EE16AA76DABFF377A5DC69C86] - |A| - [14/07/2009 06:55:01] - (.-.) - [0.52 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\mapisvc.inf [MD5.96A2FF4AD0A0043AC49B59EA2E639901] - |A| - [31/08/2017 11:41:31] - (.Copyright (C) 2010-2014 - MaxxAudio APO Shell.) - [862.09 Ko] - (4.14.8.0) - C:\Windows\SysWOW64\MaxxAudioAPOShell.dll [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [3178.93 Ko] - C:\Windows\SysWOW64\migration [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [32763.45 Ko] - C:\Windows\SysWOW64\migwiz [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [52.28 Ko] - C:\Windows\SysWOW64\Msdtc [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [24.48 Ko] - C:\Windows\SysWOW64\MUI [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [418 Ko] - C:\Windows\SysWOW64\nb-NO [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [0 Ko] - C:\Windows\SysWOW64\NDF [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [51 Ko] - C:\Windows\SysWOW64\NetworkList [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [438.5 Ko] - C:\Windows\SysWOW64\nl-NL [MD5.1C96B3DA6ABE5E18B63C64DF75884F6A] - |A| - [14/07/2009 04:35:50] - (.-.) - [1.45 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\noise.kor [MD5.086279344068D7029717526620409786] - |A| - [13/01/2018 21:01:15] - (.-.) - [0.65 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\nv-vk32.json [MD5.B7795BC96C1CEB86E04E8DC843E9C784] - |A| - [10/06/2009 23:17:19] - (.-.) - [113.56 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\PerfCenterCpl.ico [MD5.823A942C840B72B91965657CE310EBD9] - |A| - [31/08/2017 11:24:43] - (.-.) - [1607.24 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\PerfStringBackup.INI [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [434 Ko] - C:\Windows\SysWOW64\pl-PL [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 17:24:07] - [420.42 Ko] - C:\Windows\SysWOW64\Printing_Admin_Scripts [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [431 Ko] - C:\Windows\SysWOW64\pt-BR [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [433 Ko] - C:\Windows\SysWOW64\pt-PT [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [23.75 Ko] - C:\Windows\SysWOW64\ras [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [0.64 Ko] - C:\Windows\SysWOW64\Recovery [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 07:32:38] - [0 Ko] - C:\Windows\SysWOW64\restore [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [169 Ko] - C:\Windows\SysWOW64\ro-RO [MD5.00000000000000000000000000000000] - |D| - [31/08/2017 11:48:21] - [5335.77 Ko] - C:\Windows\SysWOW64\RTCOM [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [429.5 Ko] - C:\Windows\SysWOW64\ru-RU [MD5.15BD0F8D507546F512EE5D73C3721FA8] - |A| - [14/07/2009 04:35:41] - (.Copyright © 2000 - vfpodbc.) - [20.05 Ko] - (1.0.2.0) - C:\Windows\SysWOW64\vfpodbc.dll [MD5.ECAD282D3035068CFB021D159C91B514] - |A| - [09/12/2017 00:25:12] - (.Copyright (C) 2015-2017 - Vulkan Loader.) - [779.8 Ko] - (1.0.65.1) - C:\Windows\SysWOW64\vulkan-1-1-0-65-1.dll [MD5.ECAD282D3035068CFB021D159C91B514] - |A| - [03/04/2018 17:30:26] - (.Copyright (C) 2015-2017 - Vulkan Loader.) - [779.8 Ko] - (1.0.65.1) - C:\Windows\SysWOW64\vulkan-1.dll [MD5.35065D5FFEFB6886F77AA6A7E5DF901B] - |A| - [09/12/2017 00:25:00] - (.-.) - [479.3 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\vulkaninfo-1-1-0-65-1.exe [MD5.35065D5FFEFB6886F77AA6A7E5DF901B] - |A| - [03/04/2018 17:30:26] - (.-.) - [479.3 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\vulkaninfo.exe [MD5.00000000000000000000000000000000] - |D| - [01/09/2017 08:25:04] - [237.33 Ko] - C:\Windows\SysWOW64\Wat [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [9057.18 Ko] - C:\Windows\SysWOW64\wbem [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 17:24:07] - [47.61 Ko] - C:\Windows\SysWOW64\WCN [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [101.23 Ko] - C:\Windows\SysWOW64\wdi [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 07:32:38] - [9079.89 Ko] - C:\Windows\SysWOW64\WindowsPowerShell [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 17:24:07] - [106.26 Ko] - C:\Windows\SysWOW64\winrm [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 17:24:07] - [10.16 Ko] - C:\Windows\SysWOW64\XPSViewer [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [333.5 Ko] - C:\Windows\SysWOW64\zh-CN [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [255.5 Ko] - C:\Windows\SysWOW64\zh-HK [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [334 Ko] - C:\Windows\SysWOW64\zh-TW ---------- | Shell Folders [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] "!Do not use this registry key"=Use the SHGetFolderPath or SHGetKnownFolderPath function instead "AppData"=C:\Users\Mosheur\AppData\Roaming [31/08/2017 11:14:08] "Local AppData"=C:\Users\Mosheur\AppData\Local [31/08/2017 11:14:08] "My Video"=C:\Users\Mosheur\Videos [31/08/2017 11:14:08] "{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"=C:\Users\Mosheur\AppData\Roaming\Microsoft\Windows\Libraries [31/08/2017 11:14:17] "My Pictures"=C:\Users\Mosheur\Pictures [31/08/2017 11:14:08] "Desktop"=C:\Users\Mosheur\Desktop [31/08/2017 11:14:08] "History"=C:\Users\Mosheur\AppData\Local\Microsoft\Windows\History [31/08/2017 11:14:08] "NetHood"=C:\Users\Mosheur\AppData\Roaming\Microsoft\Windows\Network Shortcuts [31/08/2017 11:14:08] "{56784854-C6CB-462B-8169-88E350ACB882}"=C:\Users\Mosheur\Contacts [31/08/2017 11:14:11] "Cookies"=C:\Users\Mosheur\AppData\Roaming\Microsoft\Windows\Cookies [31/08/2017 11:14:08] "Favorites"=C:\Users\Mosheur\Favorites [31/08/2017 11:14:08] "SendTo"=C:\Users\Mosheur\AppData\Roaming\Microsoft\Windows\SendTo [31/08/2017 11:14:08] "Start Menu"=C:\Users\Mosheur\AppData\Roaming\Microsoft\Windows\Start Menu [31/08/2017 11:14:08] "My Music"=C:\Users\Mosheur\Music [31/08/2017 11:14:08] "Programs"=C:\Users\Mosheur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [31/08/2017 11:14:08] "Recent"=C:\Users\Mosheur\AppData\Roaming\Microsoft\Windows\Recent [31/08/2017 11:14:08] "CD Burning"=C:\Users\Mosheur\AppData\Local\Microsoft\Windows\Burn\Burn [31/08/2017 11:14:19] "PrintHood"=C:\Users\Mosheur\AppData\Roaming\Microsoft\Windows\Printer Shortcuts [31/08/2017 11:14:08] "{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}"=C:\Users\Mosheur\Searches [31/08/2017 11:14:17] "{374DE290-123F-4565-9164-39C4925E467B}"=C:\Users\Mosheur\Downloads [31/08/2017 11:14:08] "{A520A1A4-1780-4FF6-BD18-167343C5AF16}"=C:\Users\Mosheur\AppData\LocalLow [31/08/2017 11:14:08] "Startup"=C:\Users\Mosheur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [31/08/2017 11:14:17] "Administrative Tools"=C:\Users\Mosheur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [31/08/2017 11:14:17] "Personal"=C:\Users\Mosheur\Documents [31/08/2017 11:14:08] "{BFB9D5E0-C6A9-404C-B2B2-AE6DB6AF4968}"=C:\Users\Mosheur\Links [31/08/2017 11:14:08] "Cache"=C:\Users\Mosheur\AppData\Local\Microsoft\Windows\Temporary Internet Files [31/08/2017 11:14:08] "Templates"=C:\Users\Mosheur\AppData\Roaming\Microsoft\Windows\Templates [31/08/2017 11:14:08] "{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}"=C:\Users\Mosheur\Saved Games [31/08/2017 11:14:08] "Fonts"=C:\Windows\Fonts [14/07/2009 05:20:09] [HKU\S-1-5-21-2673370752-163226256-3562748738-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders] "AppData"=%USERPROFILE%\AppData\Roaming "Cache"=%USERPROFILE%\AppData\Local\Microsoft\Windows\Temporary Internet Files "Cookies"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Cookies "Desktop"=%USERPROFILE%\Desktop "Favorites"=%USERPROFILE%\Favorites "History"=%USERPROFILE%\AppData\Local\Microsoft\Windows\History "Local AppData"=%USERPROFILE%\AppData\Local "My Music"=%USERPROFILE%\Music "My Pictures"=%USERPROFILE%\Pictures "My Video"=%USERPROFILE%\Videos "NetHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Network Shortcuts "Personal"=%USERPROFILE%\Documents "Programs"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs "Recent"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Recent "SendTo"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\SendTo "Startup"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup "Start Menu"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu "Templates"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Templates "{374DE290-123F-4565-9164-39C4925E467B}"=%USERPROFILE%\Downloads "PrintHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Printer Shortcuts [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] "Common Desktop"=C:\Users\Public\Desktop [14/07/2009 05:20:08] "Common Start Menu"=C:\ProgramData\Microsoft\Windows\Start Menu [14/07/2009 05:20:08] "CommonVideo"=C:\Users\Public\Videos [14/07/2009 05:20:08] "CommonPictures"=C:\Users\Public\Pictures [14/07/2009 05:20:08] "Common Programs"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs [14/07/2009 05:20:08] "CommonMusic"=C:\Users\Public\Music [14/07/2009 05:20:08] "Common Administrative Tools"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [14/07/2009 07:32:38] "Common Startup"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [14/07/2009 05:20:08] "Common Documents"=C:\Users\Public\Documents [14/07/2009 05:20:08] "OEM Links"=C:\ProgramData\OEM Links "Common Templates"=C:\ProgramData\Microsoft\Windows\Templates [14/07/2009 05:20:08] "Common AppData"=C:\ProgramData [14/07/2009 05:20:08] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders] "Common Desktop"=%PUBLIC%\Desktop "Common Documents"=%PUBLIC%\Documents "CommonPictures"=%PUBLIC%\Pictures "CommonMusic"=%PUBLIC%\Music "CommonVideo"=%PUBLIC%\Videos "{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"=%PUBLIC%\Downloads "Common Start Menu"=%ProgramData%\Microsoft\Windows\Start Menu "Common Programs"=%ProgramData%\Microsoft\Windows\Start Menu\Programs "Common Startup"=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup "Common AppData"=%ProgramData% "Common Templates"=%ProgramData%\Microsoft\Windows\Templates [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] "Common Desktop"=C:\Users\Public\Desktop [14/07/2009 05:20:08] "Common Start Menu"=C:\ProgramData\Microsoft\Windows\Start Menu [14/07/2009 05:20:08] "CommonVideo"=C:\Users\Public\Videos [14/07/2009 05:20:08] "CommonPictures"=C:\Users\Public\Pictures [14/07/2009 05:20:08] "Common Programs"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs [14/07/2009 05:20:08] "CommonMusic"=C:\Users\Public\Music [14/07/2009 05:20:08] "Common Administrative Tools"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [14/07/2009 07:32:38] "Common Startup"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [14/07/2009 05:20:08] "Common Documents"=C:\Users\Public\Documents [14/07/2009 05:20:08] "OEM Links"=C:\ProgramData\OEM Links "Common Templates"=C:\ProgramData\Microsoft\Windows\Templates [14/07/2009 05:20:08] "Common AppData"=C:\ProgramData [14/07/2009 05:20:08] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders] "Common Desktop"=%PUBLIC%\Desktop "Common Documents"=%PUBLIC%\Documents "CommonPictures"=%PUBLIC%\Pictures "CommonMusic"=%PUBLIC%\Music "CommonVideo"=%PUBLIC%\Videos "{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"=%PUBLIC%\Downloads "Common Start Menu"=%ProgramData%\Microsoft\Windows\Start Menu "Common Programs"=%ProgramData%\Microsoft\Windows\Start Menu\Programs "Common Startup"=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup "Common AppData"=%ProgramData% "Common Templates"=%ProgramData%\Microsoft\Windows\Templates ---------- | [Mosheur] [31/08/2017 11:14:08] - |D| - [2998669422] - C:\Users\Mosheur\AppData\Local [31/08/2017 11:23:48] - |D| - [0] - C:\Users\Mosheur\AppData\LocalGoogle [31/08/2017 11:14:08] - |D| - [25051550] - C:\Users\Mosheur\AppData\LocalLow [31/08/2017 11:14:08] - |D| - [3318151943] - C:\Users\Mosheur\AppData\Roaming [24/11/2017 19:49:13] - |D| - [8518] - C:\Users\Mosheur\AppData\Local\4A Games [01/09/2017 17:11:08] - |D| - [1512337] - C:\Users\Mosheur\AppData\Local\Adobe [31/08/2017 11:14:08] - |SHD| - [0] - C:\Users\Mosheur\AppData\Local\Application Data [31/08/2017 16:37:28] - |D| - [2543373] - C:\Users\Mosheur\AppData\Local\CEF [30/01/2018 21:07:43] - |D| - [5961854] - C:\Users\Mosheur\AppData\Local\Corsair [22/09/2017 10:10:53] - |D| - [16180870] - C:\Users\Mosheur\AppData\Local\CrashDumps [05/01/2018 17:18:37] - |D| - [8040866] - C:\Users\Mosheur\AppData\Local\Criterion Games [31/08/2017 11:17:37] - |D| - [524906] - C:\Users\Mosheur\AppData\Local\Diagnostics [01/09/2017 10:42:37] - |D| - [387733665] - C:\Users\Mosheur\AppData\Local\Discord [14/10/2017 15:18:29] - |D| - [2854884] - C:\Users\Mosheur\AppData\Local\fontconfig [15/09/2017 16:50:07] - |D| - [5524] - C:\Users\Mosheur\AppData\Local\Garmin_Ltd._or_its_subsid [31/08/2017 11:49:35] - |A| - [65200] - C:\Users\Mosheur\AppData\Local\GDIPFONTCACHEV1.DAT [14/10/2017 15:18:28] - |D| - [660] - C:\Users\Mosheur\AppData\Local\gegl-0.2 [31/08/2017 11:23:47] - |D| - [1114134883] - C:\Users\Mosheur\AppData\Local\Google [03/03/2018 12:26:24] - |D| - [3939272] - C:\Users\Mosheur\AppData\Local\GoToAssist Corporate [14/10/2017 15:44:57] - |D| - [202] - C:\Users\Mosheur\AppData\Local\gtk-2.0 [31/08/2017 11:14:08] - |SHD| - [0] - C:\Users\Mosheur\AppData\Local\Historique [11/02/2018 00:00:56] - |AH| - [2883672] - C:\Users\Mosheur\AppData\Local\IconCache.db [24/11/2017 15:37:24] - |D| - [106] - C:\Users\Mosheur\AppData\Local\id Software [20/02/2018 20:15:25] - |D| - [2914129] - C:\Users\Mosheur\AppData\Local\Logitech® Webcam Software [31/08/2017 11:14:08] - |D| - [91110808] - C:\Users\Mosheur\AppData\Local\Microsoft [09/02/2018 22:41:42] - |D| - [44457980] - C:\Users\Mosheur\AppData\Local\Mozilla [26/01/2018 14:17:21] - |D| - [239447028] - C:\Users\Mosheur\AppData\Local\NVIDIA [01/09/2017 13:19:38] - |D| - [50028063] - C:\Users\Mosheur\AppData\Local\NVIDIA Corporation [02/09/2017 15:02:20] - |D| - [472971010] - C:\Users\Mosheur\AppData\Local\Origin [18/02/2018 19:15:18] - |D| - [20418] - C:\Users\Mosheur\AppData\Local\PoolNationFX [11/09/2017 18:54:20] - |D| - [0] - C:\Users\Mosheur\AppData\Local\Programs [26/03/2018 17:16:32] - |A| - [4129] - C:\Users\Mosheur\AppData\Local\recently-used.xbel [29/03/2018 21:50:47] - |D| - [15594] - C:\Users\Mosheur\AppData\Local\RootsofInsanity [27/11/2017 15:02:11] - |D| - [4096] - C:\Users\Mosheur\AppData\Local\Sniper Elite Nazi Zombie Army 2 [01/09/2017 10:42:37] - |D| - [7098] - C:\Users\Mosheur\AppData\Local\SquirrelTemp [31/08/2017 16:37:28] - |D| - [388165265] - C:\Users\Mosheur\AppData\Local\Steam [08/02/2018 18:56:19] - |D| - [0] - C:\Users\Mosheur\AppData\Local\Targem [02/04/2018 14:26:30] - |D| - [2994] - C:\Users\Mosheur\AppData\Local\techland [31/08/2017 11:14:08] - |D| - [55796868] - C:\Users\Mosheur\AppData\Local\Temp [31/08/2017 11:14:08] - |SHD| - [0] - C:\Users\Mosheur\AppData\Local\Temporary Internet Files [31/08/2017 16:53:47] - |D| - [4636] - C:\Users\Mosheur\AppData\Local\Ubisoft Game Launcher [13/02/2018 18:58:02] - |D| - [81] - C:\Users\Mosheur\AppData\Local\UnrealEngine [31/08/2017 11:14:10] - |D| - [0] - C:\Users\Mosheur\AppData\Local\VirtualStore [24/02/2018 09:53:37] - |D| - [106724112] - C:\Users\Mosheur\AppData\Local\VS Revo Group [14/10/2017 15:23:52] - |D| - [17408] - C:\Users\Mosheur\AppData\Local\webkit [16/09/2017 17:56:27] - |D| - [0] - C:\Users\Mosheur\AppData\Local\Windows Live [15/09/2017 12:30:01] - |D| - [82] - C:\Users\Mosheur\AppData\Local\Wondershare [09/09/2017 12:12:35] - |D| - [561816] - C:\Users\Mosheur\AppData\Local\ZHP [03/09/2017 18:14:26] - |D| - [5388] - C:\Users\Mosheur\AppData\Local\Zombie Army Trilogy [16/12/2017 20:34:32] - |D| - [19627] - C:\Users\Mosheur\AppData\Local\{003ACA6A-C058-424D-B955-A82DE5375C64} [01/09/2017 17:12:18] - |D| - [83968] - C:\Users\Mosheur\AppData\LocalLow\Adobe [31/08/2017 11:16:46] - |D| - [8328740] - C:\Users\Mosheur\AppData\LocalLow\Microsoft [16/12/2017 20:44:01] - |D| - [0] - C:\Users\Mosheur\AppData\LocalLow\Mozilla [09/04/2018 13:22:16] - |D| - [16638842] - C:\Users\Mosheur\AppData\LocalLow\Robot Riot [09/04/2018 13:23:04] - |D| - [0] - C:\Users\Mosheur\AppData\Roaming\.mono [01/09/2017 09:06:50] - |D| - [3778664] - C:\Users\Mosheur\AppData\Roaming\Adobe [27/02/2018 18:57:17] - |D| - [5348] - C:\Users\Mosheur\AppData\Roaming\com.playsaurus.heroclicker [30/01/2018 19:43:55] - |D| - [425843] - C:\Users\Mosheur\AppData\Roaming\Corsair [01/09/2017 10:42:42] - |D| - [171601490] - C:\Users\Mosheur\AppData\Roaming\discord [13/10/2017 13:21:57] - |D| - [0] - C:\Users\Mosheur\AppData\Roaming\EPSON [24/10/2017 14:30:11] - |D| - [2050388] - C:\Users\Mosheur\AppData\Roaming\FiraxisLive [15/09/2017 16:50:07] - |D| - [0] - C:\Users\Mosheur\AppData\Roaming\Garmin [31/08/2017 11:37:14] - |D| - [0] - C:\Users\Mosheur\AppData\Roaming\Google [31/08/2017 11:14:12] - |D| - [0] - C:\Users\Mosheur\AppData\Roaming\Identities [31/08/2017 11:49:35] - |D| - [0] - C:\Users\Mosheur\AppData\Roaming\Intel Corporation [20/02/2018 20:12:24] - |D| - [345] - C:\Users\Mosheur\AppData\Roaming\Leadertech [09/12/2017 19:40:36] - |D| - [852] - C:\Users\Mosheur\AppData\Roaming\Logishrd [09/12/2017 19:35:59] - |D| - [0] - C:\Users\Mosheur\AppData\Roaming\Logitech [24/11/2017 11:47:45] - |D| - [49249004] - C:\Users\Mosheur\AppData\Roaming\Macromedia [31/08/2017 11:14:08] - |D| - [0] - C:\Users\Mosheur\AppData\Roaming\Media Center Programs [31/08/2017 11:14:08] - |SD| - [1577179] - C:\Users\Mosheur\AppData\Roaming\Microsoft [16/12/2017 20:44:00] - |D| - [63114961] - C:\Users\Mosheur\AppData\Roaming\Mozilla [02/09/2017 15:16:43] - |D| - [50151] - C:\Users\Mosheur\AppData\Roaming\NVIDIA [05/04/2018 17:55:27] - |D| - [12454487] - C:\Users\Mosheur\AppData\Roaming\OpenOffice [02/09/2017 15:04:08] - |D| - [94924] - C:\Users\Mosheur\AppData\Roaming\Origin [01/09/2017 10:55:29] - |D| - [81802050] - C:\Users\Mosheur\AppData\Roaming\Skype [01/09/2017 10:33:36] - |D| - [774] - C:\Users\Mosheur\AppData\Roaming\TeamViewer [29/09/2017 12:29:04] - |D| - [2721582] - C:\Users\Mosheur\AppData\Roaming\TS3Client [16/09/2017 17:23:28] - |D| - [93751] - C:\Users\Mosheur\AppData\Roaming\vlc [02/09/2017 14:19:25] - |D| - [12] - C:\Users\Mosheur\AppData\Roaming\WinRAR [16/09/2017 17:50:48] - |D| - [4] - C:\Users\Mosheur\AppData\Roaming\WMM [09/09/2017 12:12:35] - |D| - [2929130134] - C:\Users\Mosheur\AppData\Roaming\ZHP [31/08/2017 11:14:17] - |SH| - [174] - C:\Users\Mosheur\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini [31/08/2017 11:14:08] - |SHD| - [0] - C:\Users\Mosheur\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes [31/08/2017 11:14:08] - |RD| - [30147] - C:\Users\Mosheur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [31/08/2017 11:14:08] - |RD| - [14639] - C:\Users\Mosheur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [31/08/2017 11:14:17] - |RD| - [174] - C:\Users\Mosheur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [08/02/2018 18:55:49] - |D| - [4632] - C:\Users\Mosheur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Crossout [31/08/2017 11:14:17] - |SH| - [476] - C:\Users\Mosheur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini [01/09/2017 10:42:42] - |D| - [2186] - C:\Users\Mosheur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc [31/08/2017 11:14:18] - |A| - [1429] - C:\Users\Mosheur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [31/08/2017 11:14:08] - |RD| - [580] - C:\Users\Mosheur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [31/08/2017 11:14:17] - |RD| - [174] - C:\Users\Mosheur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [31/08/2017 16:53:47] - |D| - [1756] - C:\Users\Mosheur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft [19/12/2017 17:43:36] - |D| - [4101] - C:\Users\Mosheur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [31/08/2017 11:14:17] - |SH| - [174] - C:\Users\Mosheur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | [Public] ---------- | C:\ProgramData [09/04/2018 13:23:04] - |D| - [0] - C:\ProgramData\.mono [01/09/2017 17:11:47] - |D| - [385938468] - C:\ProgramData\Adobe [14/07/2009 07:08:56] - |SHD| - [0] - C:\ProgramData\Application Data [31/08/2017 11:14:06] - |SHD| - [0] - C:\ProgramData\Bureau [14/07/2009 07:08:56] - |SHD| - [0] - C:\ProgramData\Desktop [14/07/2009 07:08:56] - |SHD| - [0] - C:\ProgramData\Documents [18/12/2017 15:45:16] - |AH| - [0] - C:\ProgramData\DP45977C.lfl [05/12/2017 22:50:18] - |D| - [577] - C:\ProgramData\Electronic Arts [13/10/2017 12:52:07] - |D| - [11622762] - C:\ProgramData\EPSON [31/08/2017 11:14:06] - |SHD| - [0] - C:\ProgramData\Favoris [14/07/2009 07:08:56] - |SHD| - [0] - C:\ProgramData\Favorites [08/02/2018 18:55:50] - |D| - [67] - C:\ProgramData\Gaijin [15/09/2017 16:49:58] - |D| - [2384953603] - C:\ProgramData\Garmin [31/08/2017 11:38:45] - |D| - [20437004] - C:\ProgramData\Intel [31/08/2017 16:15:23] - |D| - [1851548774] - C:\ProgramData\Kaspersky Lab [06/12/2017 14:29:02] - |D| - [19166764] - C:\ProgramData\Kaspersky Lab Setup Files [09/12/2017 19:40:20] - |D| - [234364424] - C:\ProgramData\Logishrd [05/12/2017 13:16:53] - |D| - [91925915] - C:\ProgramData\Malwarebytes [05/12/2017 13:16:48] - |D| - [8207264] - C:\ProgramData\MB3CoreBackup [31/08/2017 11:14:06] - |SHD| - [0] - C:\ProgramData\Menu Démarrer [14/07/2009 05:20:08] - |SD| - [409433119] - C:\ProgramData\Microsoft [31/08/2017 11:14:06] - |SHD| - [0] - C:\ProgramData\Modèles [06/12/2017 14:35:51] - |A| - [262144] - C:\ProgramData\ntuser.dat [06/12/2017 14:35:51] - |ASH| - [5120] - C:\ProgramData\ntuser.dat.LOG1 [06/12/2017 14:35:51] - |ASH| - [0] - C:\ProgramData\ntuser.dat.LOG2 [06/12/2017 14:35:51] - |ASH| - [65536] - C:\ProgramData\ntuser.dat{de5cc394-da6d-11e7-8d14-74d435beb381}.TM.blf [06/12/2017 14:35:51] - |ASH| - [524288] - C:\ProgramData\ntuser.dat{de5cc394-da6d-11e7-8d14-74d435beb381}.TMContainer00000000000000000001.regtrans-ms [06/12/2017 14:35:51] - |ASH| - [524288] - C:\ProgramData\ntuser.dat{de5cc394-da6d-11e7-8d14-74d435beb381}.TMContainer00000000000000000002.regtrans-ms [01/09/2017 09:33:43] - |D| - [3462891] - C:\ProgramData\NVIDIA [01/09/2017 09:33:29] - |D| - [1032124229] - C:\ProgramData\NVIDIA Corporation [02/09/2017 15:02:10] - |D| - [358213515] - C:\ProgramData\Origin [31/08/2017 11:27:27] - |D| - [167384293] - C:\ProgramData\Package Cache [05/12/2017 22:50:22] - |D| - [81767477] - C:\ProgramData\PopCap Games [01/09/2017 10:55:22] - |D| - [45718504] - C:\ProgramData\Skype [01/09/2017 10:42:23] - |D| - [54332920] - C:\ProgramData\SquirrelMachineInstalls [14/07/2009 07:08:56] - |SHD| - [0] - C:\ProgramData\Start Menu [14/07/2009 07:08:56] - |SHD| - [0] - C:\ProgramData\Templates [13/10/2017 12:56:10] - |D| - [4680] - C:\ProgramData\UDL [02/09/2017 14:22:41] - |D| - [1828] - C:\ProgramData\Unchecky [24/02/2018 09:53:35] - |D| - [1754] - C:\ProgramData\VS Revo Group [15/09/2017 12:30:19] - |D| - [0] - C:\ProgramData\Wondershare ---------- | C:\ProgramData\Microsoft\Windows\Start Menu [14/07/2009 07:01:14] - |A| - [1282] - C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk [14/07/2009 06:49:40] - |ASH| - [442] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini [31/08/2017 11:14:06] - |SHD| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programmes [14/07/2009 05:20:08] - |RD| - [170246] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs [14/07/2009 06:49:40] - |A| - [1266] - C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs [14/07/2009 05:20:08] - |RD| - [42092] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories [01/09/2017 17:12:05] - |A| - [2441] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk [14/07/2009 07:32:38] - |RD| - [18363] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [18/12/2017 11:33:51] - |D| - [7078] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google [16/03/2018 18:10:28] - |D| - [922] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [14/07/2009 06:54:23] - |SH| - [1130] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini [13/10/2017 12:53:05] - |D| - [6627] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON [16/12/2017 20:43:59] - |A| - [936] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk [14/07/2009 07:32:38] - |RD| - [6316] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games [03/04/2018 10:56:17] - |D| - [2166] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin [14/10/2017 15:17:58] - |A| - [894] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk [13/02/2018 18:44:58] - |A| - [2222] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk [31/08/2017 11:49:32] - |RD| - [2398] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel [31/08/2017 16:15:40] - |D| - [5811] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection [06/12/2017 14:35:52] - |D| - [6682] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Total Security [20/02/2018 20:12:13] - |D| - [1642] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech [14/07/2009 05:20:08] - |RD| - [4370] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance [11/01/2018 07:26:52] - |D| - [3806] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes [31/08/2017 11:10:08] - |A| - [1345] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [29/03/2018 19:13:18] - |D| - [6680] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Xbox 360 Accessories [18/03/2018 18:58:15] - |A| - [936] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [26/01/2018 14:17:18] - |D| - [11136] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [05/04/2018 17:55:14] - |SD| - [7280] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.5 [02/09/2017 15:03:20] - |D| - [2235] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin [24/02/2018 09:53:35] - |D| - [3400] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro [14/07/2009 06:57:08] - |A| - [1330] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk [01/09/2017 10:55:25] - |D| - [2137] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [14/07/2009 05:20:08] - |RD| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [31/08/2017 16:32:48] - |D| - [738] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [02/09/2017 14:22:42] - |D| - [1413] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky [16/09/2017 17:23:13] - |D| - [4836] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [14/07/2009 06:57:09] - |A| - [1352] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk [31/08/2017 11:10:06] - |A| - [1326] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [14/07/2009 06:54:59] - |A| - [1210] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk [14/07/2009 06:57:06] - |A| - [1547] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk [19/12/2017 17:43:36] - |D| - [4029] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [14/07/2009 06:57:08] - |A| - [1246] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [14/07/2009 06:54:23] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | C:\Program Files (x86) [01/09/2017 17:11:59] - |D| - [283884031] - C:\Program Files (x86)\Adobe [14/07/2009 05:20:08] - |D| - [284384105] - C:\Program Files (x86)\Common Files [14/07/2009 06:54:24] - |ASH| - [174] - C:\Program Files (x86)\desktop.ini [13/10/2017 13:16:45] - |D| - [2946001] - C:\Program Files (x86)\epson [15/09/2017 16:49:52] - |D| - [186572996] - C:\Program Files (x86)\Garmin [18/12/2017 14:55:18] - |D| - [0] - C:\Program Files (x86)\GCRF73A.tmp [31/08/2017 11:23:47] - |D| - [464606680] - C:\Program Files (x86)\Google [31/08/2017 11:25:59] - |HD| - [10151399] - C:\Program Files (x86)\InstallShield Installation Information [31/08/2017 11:36:16] - |D| - [9385982] - C:\Program Files (x86)\Intel [14/07/2009 05:20:08] - |D| - [10535561] - C:\Program Files (x86)\Internet Explorer [31/08/2017 16:15:23] - |D| - [265793364] - C:\Program Files (x86)\Kaspersky Lab [20/02/2018 20:12:13] - |D| - [38884251] - C:\Program Files (x86)\Logitech [03/03/2018 12:26:35] - |D| - [0] - C:\Program Files (x86)\LogMeIn [31/08/2017 11:24:32] - |D| - [23935] - C:\Program Files (x86)\Microsoft.NET [02/03/2018 12:03:19] - |D| - [11436257] - C:\Program Files (x86)\MobileBrServ [09/02/2018 22:40:21] - |D| - [139228169] - C:\Program Files (x86)\Mozilla Firefox [16/12/2017 20:43:58] - |D| - [277152] - C:\Program Files (x86)\Mozilla Maintenance Service [14/07/2009 07:32:38] - |D| - [25757] - C:\Program Files (x86)\MSBuild [01/09/2017 09:33:27] - |D| - [484799098] - C:\Program Files (x86)\NVIDIA Corporation [05/04/2018 17:55:08] - |D| - [326710907] - C:\Program Files (x86)\OpenOffice 4 [03/09/2017 09:25:15] - |D| - [541199530] - C:\Program Files (x86)\Origin Games [31/08/2017 11:26:00] - |D| - [7576119] - C:\Program Files (x86)\Realtek [14/07/2009 07:32:38] - |D| - [39183617] - C:\Program Files (x86)\Reference Assemblies [02/09/2017 14:51:39] - |D| - [93283589] - C:\Program Files (x86)\Skype [31/08/2017 11:41:17] - |HD| - [0] - C:\Program Files (x86)\Temp [14/07/2009 06:57:06] - |HD| - [0] - C:\Program Files (x86)\Uninstall Information [11/02/2018 13:12:31] - |D| - [10864196] - C:\Program Files (x86)\UsbFix [03/04/2018 17:30:25] - |D| - [1735394] - C:\Program Files (x86)\VulkanRT [14/07/2009 07:32:38] - |D| - [524800] - C:\Program Files (x86)\Windows Defender [14/07/2009 05:20:08] - |D| - [6181376] - C:\Program Files (x86)\Windows Mail [14/07/2009 07:32:38] - |D| - [5024017] - C:\Program Files (x86)\Windows Media Player [14/07/2009 05:20:08] - |D| - [12197044] - C:\Program Files (x86)\Windows NT [14/07/2009 07:32:38] - |D| - [4417800] - C:\Program Files (x86)\Windows Photo Viewer [14/07/2009 07:32:38] - |D| - [189952] - C:\Program Files (x86)\Windows Portable Devices [14/07/2009 07:32:38] - |D| - [5994626] - C:\Program Files (x86)\Windows Sidebar ---------- | C:\Program Files [16/03/2018 18:10:28] - |D| - [35436200] - C:\Program Files\CCleaner [14/07/2009 05:20:08] - |D| - [87448398] - C:\Program Files\Common Files [14/07/2009 06:54:24] - |ASH| - [174] - C:\Program Files\desktop.ini [15/09/2017 16:50:08] - |D| - [707464] - C:\Program Files\DIFX [14/07/2009 07:32:38] - |D| - [90256404] - C:\Program Files\DVD Maker [31/08/2017 11:14:06] - |SHD| - [0] - C:\Program Files\Fichiers communs [14/10/2017 15:17:44] - |D| - [302022145] - C:\Program Files\GIMP 2 [20/03/2018 10:05:42] - |D| - [59512456] - C:\Program Files\Google [31/08/2017 11:27:34] - |D| - [49789366] - C:\Program Files\Intel [14/07/2009 05:20:08] - |D| - [30572316] - C:\Program Files\Internet Explorer [11/09/2017 18:54:33] - |D| - [232319300] - C:\Program Files\Malwarebytes [14/07/2009 07:32:38] - |D| - [149237810] - C:\Program Files\Microsoft Games [29/03/2018 19:13:18] - |D| - [8087955] - C:\Program Files\Microsoft Xbox 360 Accessories [16/12/2017 20:43:56] - |D| - [107480625] - C:\Program Files\Mozilla Firefox [14/07/2009 07:32:38] - |D| - [25757] - C:\Program Files\MSBuild [01/09/2017 09:30:02] - |D| - [1616853485] - C:\Program Files\NVIDIA Corporation [31/08/2017 11:48:21] - |D| - [43797960] - C:\Program Files\Realtek [14/07/2009 07:32:38] - |D| - [36842665] - C:\Program Files\Reference Assemblies [14/07/2009 07:09:26] - |HD| - [0] - C:\Program Files\Uninstall Information [24/02/2018 09:53:34] - |D| - [44964529] - C:\Program Files\VS Revo Group [14/07/2009 07:32:38] - |D| - [4039680] - C:\Program Files\Windows Defender [14/07/2009 05:20:08] - |D| - [6667776] - C:\Program Files\Windows Mail [14/07/2009 07:32:38] - |D| - [7687085] - C:\Program Files\Windows Media Player [14/07/2009 05:20:08] - |D| - [12627124] - C:\Program Files\Windows NT [14/07/2009 07:32:38] - |D| - [5516056] - C:\Program Files\Windows Photo Viewer [14/07/2009 07:32:38] - |D| - [244736] - C:\Program Files\Windows Portable Devices [14/07/2009 07:32:38] - |D| - [7044767] - C:\Program Files\Windows Sidebar [19/12/2017 17:43:31] - |D| - [6342067] - C:\Program Files\WinRAR ---------- | C:\Program Files (x86)\Common Files [01/09/2017 17:11:59] - |D| - [9430811] - C:\Program Files (x86)\Common Files\Adobe [16/01/2018 15:44:08] - |D| - [13942800] - C:\Program Files (x86)\Common Files\BattlEye [05/12/2017 22:50:10] - |HD| - [1722135] - C:\Program Files (x86)\Common Files\EAInstaller [31/08/2017 11:41:12] - |D| - [2106564] - C:\Program Files (x86)\Common Files\InstallShield [31/08/2017 11:41:02] - |D| - [88838921] - C:\Program Files (x86)\Common Files\Intel [31/08/2017 11:50:17] - |D| - [248052] - C:\Program Files (x86)\Common Files\Intel Corporation [20/02/2018 20:12:13] - |D| - [90116084] - C:\Program Files (x86)\Common Files\LogiShrd [14/07/2009 05:20:08] - |D| - [20105266] - C:\Program Files (x86)\Common Files\microsoft shared [14/07/2009 05:20:08] - |D| - [2702] - C:\Program Files (x86)\Common Files\Services [01/09/2017 10:55:25] - |D| - [2574296] - C:\Program Files (x86)\Common Files\Skype [14/07/2009 05:20:08] - |D| - [41103783] - C:\Program Files (x86)\Common Files\SpeechEngines [31/08/2017 16:33:35] - |D| - [3951168] - C:\Program Files (x86)\Common Files\Steam [14/07/2009 05:20:08] - |D| - [10241523] - C:\Program Files (x86)\Common Files\System [16/09/2017 17:56:03] - |D| - [0] - C:\Program Files (x86)\Common Files\Windows Live ---------- | C:\Program Files\Common files [31/08/2017 16:15:42] - |D| - [2305249] - C:\Program Files\Common files\AV [13/10/2017 12:53:06] - |D| - [152640] - C:\Program Files\Common files\EPSON [31/08/2017 11:56:39] - |D| - [22539931] - C:\Program Files\Common files\logishrd [14/07/2009 05:20:08] - |D| - [49648913] - C:\Program Files\Common files\Microsoft Shared [14/07/2009 05:20:08] - |D| - [2702] - C:\Program Files\Common files\Services [14/07/2009 05:20:08] - |D| - [608768] - C:\Program Files\Common files\SpeechEngines [14/07/2009 05:20:08] - |D| - [12190195] - C:\Program Files\Common files\System ---------- | Tasks [MD5.2B08552408D13FE840A3395E0732108F] - [13/10/2017 12:53:06] - |A| - [727] - C:\Windows\Tasks\EPSON XP-312 313 315 Series Invitation {CF730C10-C411-4F5C-820A-0809B90164A9}.job [MD5.B2EED8FDFA7BD3AA2218D9CA0367C463] - [13/10/2017 12:53:06] - |A| - [913] - C:\Windows\Tasks\EPSON XP-312 313 315 Series Update {CF730C10-C411-4F5C-820A-0809B90164A9}.job [MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [14/07/2009 07:08:49] - |AH| - [6] - C:\Windows\Tasks\SA.DAT [MD5.3F8A4B4A6B7090546EEAA6A1F25EB9C9] - [14/07/2009 07:08:49] - |A| - [32482] - C:\Windows\Tasks\SCHEDLGU(27).TXT [MD5.48FA6EC742B81801403C7D596602750B] - [14/07/2009 07:08:49] - |A| - [32496] - C:\Windows\Tasks\SCHEDLGU.TXT [MD5.EED748D8E9DE707674E093CB618FF14F] - [01/09/2017 17:12:14] - |A| - [4476] - C:\Windows\System32\Tasks\Adobe Acrobat Update Task : C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [MD5.59ABEBAA04453AE51F2B14C99F740DDD] - [13/03/2018 12:07:53] - |A| - [4642] - C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier : C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_140_Plugin.exe [MD5.4137C473559DF52D5DD431D2AE2CA50F] - [28/02/2018 16:20:06] - |A| - [4654] - C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier : C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_140_pepper.exe [MD5.D3A4B2B76C5006AA654E71382D22C5DC] - [17/12/2017 00:43:59] - |A| - [4496] - C:\Windows\System32\Tasks\Adobe Flash Player Updater : C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [MD5.8DAD6FC6F95BB1F45191C14B80F496BB] - [16/03/2018 18:10:29] - |A| - [4128] - C:\Windows\System32\Tasks\CCleaner Update : C:\Program Files\CCleaner\CCUpdate.exe [MD5.A5735B07AE535C7EE04765C561DA1A3C] - [16/03/2018 18:10:29] - |A| - [2798] - C:\Windows\System32\Tasks\CCleanerSkipUAC : "C:\Program Files\CCleaner\CCleaner.exe" [MD5.B0F9F8B223BD3BB000862A0EF326577B] - [13/10/2017 12:53:06] - |A| - [3794] - C:\Windows\System32\Tasks\EPSON XP-312 313 315 Series Invitation {CF730C10-C411-4F5C-820A-0809B90164A9} : C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLFE.EXE [MD5.04005E1BE4B2080631D83CBC1AAC313C] - [13/10/2017 12:53:06] - |A| - [3980] - C:\Windows\System32\Tasks\EPSON XP-312 313 315 Series Update {CF730C10-C411-4F5C-820A-0809B90164A9} : C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLFE.EXE [MD5.ED80B1BB68BC47990189A10D47DFF9C0] - [16/12/2017 20:34:29] - |A| - [3378] - C:\Windows\System32\Tasks\ErrorFixKIT : "C:\Program Files (x86)\ErrorFixKIT\ErrorFixKIT.exe" [MD5.5CDE37B8F23FAADFE73F8C54660E0EB1] - [15/09/2017 16:49:51] - |A| - [3556] - C:\Windows\System32\Tasks\GarminUpdaterTask : C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [MD5.5A013787F041E5F11D7B33490C546161] - [31/08/2017 11:23:47] - |A| - [3372] - C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [MD5.68196A0FACA00E7225B5797B8A7DB3A5] - [31/08/2017 11:23:47] - |A| - [3500] - C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [MD5.00000000000000000000000000000000] - [14/07/2009 05:20:13] - |D| - [269432] - C:\Windows\System32\Tasks\Microsoft [MD5.EAA6ED3944D20B674DA4BD4DF21C3875] - [20/03/2018 20:03:02] - |A| - [3922] - C:\Windows\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe [MD5.22118992AB3E76FF74E2B145A0D5E2CD] - [26/01/2018 14:17:16] - |A| - [4146] - C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [MD5.3C0F7172EC3F5F97DA68462DE913397D] - [26/01/2018 14:17:18] - |A| - [3814] - C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe" [MD5.6D942C9E07C810B68033EA5BFEF10C35] - [26/01/2018 14:17:18] - |A| - [3798] - C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [MD5.135A44AA0352B03944440F904011515C] - [26/01/2018 14:17:15] - |A| - [3738] - C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [MD5.8C70F48179F211F0163FB1D1491FD41B] - [26/01/2018 14:17:15] - |A| - [3494] - C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [MD5.4D656907EC768BDF92B5706DEE3CB6C4] - [26/01/2018 14:17:15] - |A| - [3730] - C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [MD5.C83D3E4D6AE24108F6DCDBC66AC7D73B] - [26/01/2018 14:17:15] - |A| - [3738] - C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [MD5.00000000000000000000000000000000] - [14/07/2009 07:09:57] - |D| - [4484] - C:\Windows\System32\Tasks\WPD [MD5.36606AE2A7038BC2EA75CD6AC7537984] - [01/09/2017 08:21:06] - |A| - [3072] - C:\Windows\System32\Tasks\{046A7683-A8D2-4BA1-A840-4551A1A2728C} : C:\Windows\system32\pcalua.exe [MD5.85385975811C1F4DF350E7E08776792D] - [10/02/2018 21:47:32] - |A| - [2954] - C:\Windows\System32\Tasks\{0935B356-400C-4433-BE98-533ADBCEAE24} : C:\Users\Mosheur\Desktop\ChromeSetup.exe [MD5.9427BFD02E113B1A74BABC25E08100BB] - [23/12/2017 19:47:15] - |A| - [3318] - C:\Windows\System32\Tasks\{0EBF5027-FA63-4FED-8432-04B4D4BDA2B2} : C:\Windows\system32\pcalua.exe [MD5.109389EF485BAC99863F99C2B893C39B] - [13/10/2017 13:18:25] - |A| - [2948] - C:\Windows\System32\Tasks\{193B7F9E-8125-48FF-AD2B-E22EB1F97DD5} : C:\Windows\twain_32\escndv\escndv.exe [MD5.993D67089484BFBD9BBE5B335920577B] - [09/12/2017 19:38:40] - |A| - [3174] - C:\Windows\System32\Tasks\{2EBF33E4-D2BA-4BF4-9C2E-E4E69E64BD9C} : C:\Windows\system32\pcalua.exe [MD5.47A3E144619A69CFE20D66AC0445CDB3] - [01/09/2017 13:06:47] - |A| - [3022] - C:\Windows\System32\Tasks\{32724301-C210-4090-A09B-8C7B9F530559} : C:\Users\Mosheur\Desktop\375.70-desktop-win10-64bit-international-whql.exe [MD5.7F7FBFB68AA7594C6D063272A046AA4F] - [26/01/2018 13:30:46] - |A| - [3120] - C:\Windows\System32\Tasks\{35CCE60E-9D6B-4A09-922B-31F56A22DF1C} : msiexec.exe [MD5.488314210AD5B4A03CCEB987A19B3324] - [01/09/2017 08:21:59] - |A| - [3074] - C:\Windows\System32\Tasks\{3895AAED-AA40-45A8-B3BC-E22C005C159F} : C:\Windows\system32\pcalua.exe [MD5.BB8DC1EA74210E55DFF3CADDF9E56E49] - [13/10/2017 13:00:35] - |A| - [3010] - C:\Windows\System32\Tasks\{3F032F11-24C7-4893-AF0F-6F674B2E7455} : C:\Program Files (x86)\Epson Software\Easy Photo Print\EPQuicker.exe [MD5.D3F03D2C346B0FF8084E47E1E241466F] - [18/11/2017 13:19:50] - |A| - [2950] - C:\Windows\System32\Tasks\{4370A0CA-C033-4C7D-BD5F-FF27860BC0D0} : D:\Program Files (x86)\Steam\Steam.exe [MD5.8456039B3C654F253179147F3D1B5878] - [30/01/2018 14:50:47] - |A| - [3120] - C:\Windows\System32\Tasks\{4AEB6F76-01A7-4D83-9EBA-7A141648B9F3} : msiexec.exe [MD5.671BFB64FD227ABC73B8E2034832F7B1] - [13/02/2018 18:43:53] - |A| - [3096] - C:\Windows\System32\Tasks\{4E0A311B-2079-4D24-B6A3-BDB2371F30C3} : "c:\program files (x86)\mozilla firefox\firefox.exe" [MD5.02D72896F244376D1E70CF1D39DDEA3A] - [09/02/2018 13:40:10] - |A| - [3114] - C:\Windows\System32\Tasks\{534AF700-0ACC-4D26-B04D-49A063FB936C} : "c:\program files (x86)\google\chrome\application\chrome.exe" [MD5.56E1DD1C0E97AA1EC0E32CB4444AF170] - [13/02/2018 18:36:45] - |A| - [2962] - C:\Windows\System32\Tasks\{62947ECB-A822-45DE-86FC-78D77B1B1ED1} : C:\Program Files (x86)\Skype\Phone\Skype.exe [MD5.D3F03D2C346B0FF8084E47E1E241466F] - [18/11/2017 13:22:18] - |A| - [2950] - C:\Windows\System32\Tasks\{6943E509-FB3A-4B21-900A-CABB114DD64F} : D:\Program Files (x86)\Steam\Steam.exe [MD5.E42E9280E0BEF9E5B78E3ECFE902AE5C] - [26/01/2018 14:11:43] - |A| - [2990] - C:\Windows\System32\Tasks\{728B5AAF-573A-40AC-91EB-AA856F8E98E3} : C:\Users\Mosheur\Desktop\GeForce_Experience_v3.12.0.79.exe [MD5.A8C0968C0A6FC6C0DEE4DADF96DCA0E0] - [23/12/2017 19:46:19] - |A| - [3140] - C:\Windows\System32\Tasks\{74517E31-0119-435A-91C7-54CF1ED590AB} : C:\Windows\system32\pcalua.exe [MD5.F5F05E13DEE00BB7332544D28ED7061C] - [14/01/2018 14:57:54] - |A| - [3120] - C:\Windows\System32\Tasks\{8187B8A4-D390-4B34-8F3B-A0A9261F3D64} : msiexec.exe [MD5.E42E9280E0BEF9E5B78E3ECFE902AE5C] - [26/01/2018 14:13:08] - |A| - [2990] - C:\Windows\System32\Tasks\{81E28C97-12F1-47F2-A8C6-D155C61DC4F2} : C:\Users\Mosheur\Desktop\GeForce_Experience_v3.12.0.79.exe [MD5.85385975811C1F4DF350E7E08776792D] - [10/02/2018 21:48:21] - |A| - [2954] - C:\Windows\System32\Tasks\{82A8A879-2431-45C2-B615-A34344F5E082} : C:\Users\Mosheur\Desktop\ChromeSetup.exe [MD5.671BFB64FD227ABC73B8E2034832F7B1] - [13/02/2018 13:10:29] - |A| - [3096] - C:\Windows\System32\Tasks\{8F4626D9-2BB5-4AAA-9FB2-0188210E05B6} : "c:\program files (x86)\mozilla firefox\firefox.exe" [MD5.D3F03D2C346B0FF8084E47E1E241466F] - [18/11/2017 13:22:17] - |A| - [2950] - C:\Windows\System32\Tasks\{A2B8B39A-38FF-4B05-AA34-6B76D36E0430} : D:\Program Files (x86)\Steam\Steam.exe [MD5.E42E9280E0BEF9E5B78E3ECFE902AE5C] - [26/01/2018 14:13:57] - |A| - [2990] - C:\Windows\System32\Tasks\{A3DFA161-07B0-4047-82BD-331F88EFC5E0} : C:\Users\Mosheur\Desktop\GeForce_Experience_v3.12.0.79.exe [MD5.F5F05E13DEE00BB7332544D28ED7061C] - [15/01/2018 14:33:10] - |A| - [3120] - C:\Windows\System32\Tasks\{B4766559-724F-457D-9E36-0D8942475FED} : msiexec.exe [MD5.85385975811C1F4DF350E7E08776792D] - [10/02/2018 21:47:53] - |A| - [2954] - C:\Windows\System32\Tasks\{BB2696AA-56D8-4948-9C7F-722FB181D267} : C:\Users\Mosheur\Desktop\ChromeSetup.exe [MD5.8F9AFA698446EDB8318434F5035A8E81] - [26/01/2018 14:11:59] - |A| - [3068] - C:\Windows\System32\Tasks\{C8A26AC2-E783-4849-9324-63867602DA88} : C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [MD5.D3F03D2C346B0FF8084E47E1E241466F] - [18/11/2017 13:23:00] - |A| - [2950] - C:\Windows\System32\Tasks\{C8AB2370-65B9-48F5-ADF2-E405C90E5A43} : D:\Program Files (x86)\Steam\Steam.exe [MD5.BB8DC1EA74210E55DFF3CADDF9E56E49] - [13/10/2017 13:00:40] - |A| - [3010] - C:\Windows\System32\Tasks\{CE172C37-AB47-4D04-9BAB-B29619A5B330} : C:\Program Files (x86)\Epson Software\Easy Photo Print\EPQuicker.exe [MD5.85385975811C1F4DF350E7E08776792D] - [10/02/2018 21:48:48] - |A| - [2954] - C:\Windows\System32\Tasks\{CEA95AEA-65D7-4806-A593-D79BF4EAB019} : C:\Users\Mosheur\Desktop\ChromeSetup.exe [MD5.E42E9280E0BEF9E5B78E3ECFE902AE5C] - [26/01/2018 14:12:33] - |A| - [2990] - C:\Windows\System32\Tasks\{DD287CA5-36EE-429B-8F75-7C0908E34DD9} : C:\Users\Mosheur\Desktop\GeForce_Experience_v3.12.0.79.exe [MD5.02D72896F244376D1E70CF1D39DDEA3A] - [08/02/2018 20:15:58] - |A| - [3114] - C:\Windows\System32\Tasks\{DD63EB32-22C9-4735-9643-C7F293AB8F8C} : "c:\program files (x86)\google\chrome\application\chrome.exe" [MD5.09CDFB87826783799144C0F022D6466B] - [31/08/2017 19:37:17] - |A| - [3040] - C:\Windows\System32\Tasks\{E12000AF-4DE5-48AE-A5BE-1378A631A1E5} : C:\Windows\system32\pcalua.exe [MD5.671BFB64FD227ABC73B8E2034832F7B1] - [11/02/2018 12:03:46] - |A| - [3096] - C:\Windows\System32\Tasks\{EDC56B31-23B0-4274-BC41-DD10A66FEC49} : "c:\program files (x86)\mozilla firefox\firefox.exe" [MD5.95B662676442EF482157F4423F669089] - [07/01/2018 15:36:14] - |A| - [3142] - C:\Windows\System32\Tasks\{F11A9475-F16D-4438-9154-7FF6F4EECECC} : C:\Windows\system32\pcalua.exe [MD5.109389EF485BAC99863F99C2B893C39B] - [13/10/2017 13:17:38] - |A| - [2948] - C:\Windows\System32\Tasks\{FF1C9817-8D62-4463-9D2D-E017F4A4EFAF} : C:\Windows\twain_32\escndv\escndv.exe [MD5.F5F05E13DEE00BB7332544D28ED7061C] - [14/01/2018 14:10:16] - |A| - [3120] - C:\Windows\System32\Tasks\{FF1D0627-78F3-4E61-9F8B-7C48709D6F8B} : msiexec.exe [MD5.00000000000000000000000000000000] - [14/07/2009 05:20:14] - |D| - [0] - C:\Windows\Syswow64\Tasks\Microsoft ---------- | Firewall [HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules] "Netlogon-NamedPipe-In"=v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|Name=@netlogon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010| "{078587AB-6E0F-4204-BE59-3D42E22079DF}"=v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=808|App=C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe|Svc=NetTcpActivator|Name=@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelEvents.dll,-2000|Desc=@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelEvents.dll,-2001|EmbedCtxt=@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelEvents.dll,-2002| "{237D30ED-6441-4A3B-9141-C4899173C5A0}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Origin Games\Zuma's Revenge\ZumasRevenge.exe|Name=Zumas Revenge| "{BF6EBDA1-D466-4521-B263-C56B5170B4D9}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Origin Games\Zuma's Revenge\ZumasRevenge.exe|Name=Zumas Revenge| "{08DB38C8-2DE8-4CC1-B94F-45725C1D9448}"=v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.EXE|Name=LogiOptionsMgr.EXE|Desc=LogiOptionsMgr.EXE| "{14AD2954-EAC2-4AF1-B231-721F8654B1B5}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=D:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSix_BE.exe|Name=Rainbow Six - Siege: Launcher| "{F42EC97C-6EFC-4E3F-9708-6057F1CB5FFE}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=D:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSix_BE.exe|Name=Rainbow Six - Siege: Launcher| "{137185D8-EB13-471D-9764-B484AE9E6990}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=D:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSix.exe|Name=Rainbow Six - Siege: Game| "{9813D20E-482D-43A8-A022-081650B960B7}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=D:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSix.exe|Name=Rainbow Six - Siege: Game| "{07058033-9871-4DAC-AD85-DE07C0A56D21}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files (x86)\Google\Chrome\Application\chrome.exe|Name=Google Chrome (mDNS-In)|Desc=Règle de trafic entrant pour Google Chrome autorisant le trafic mDNS|EmbedCtxt=Google Chrome| ---------- | Control\Class [HKLM\SYSTEM\CurrentControlSet\Control\Class\{0475BB51-5A02-4EE0-B36C-29040FAD2650}] : (nvlddmkm) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{05F5CFE2-4733-4950-A6BB-07AAD01A3A84}] : (XboxComposite) [] -> @oem48.inf,%ClassName%;Xbox Peripherals (legacy) [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1264760F-A5C8-4BFE-B314-D56A7B44A362}] : (DXGKrnl) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{25DBCE51-6C8F-4A72-8A6D-B54C2B4FC835}] : (WCEUSBS) [] -> @%SystemRoot%\System32\SysClass.Dll,-3026 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{36FC9E60-C465-11CF-8056-444553540000}] : (USB) [] -> @%SystemRoot%\System32\SysClass.Dll,-3025 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4116F60B-25B3-4662-B732-99A6111EDC0B}] : (IPMIDRV) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{43675D81-502A-4A82-9F84-B75F418C5DEA}] : (Media Center Extender) [] -> @%SystemRoot%\system32\McxDriv.dll,-100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4658EE7E-F050-11D1-B6BD-00C04FA372A7}] : (PnpPrinters) [] -> @%systemroot%\system32\ntprint.dll,-1300 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{48721B56-6795-11D2-B1A8-0080C72E74A2}] : (Dot4) [] -> @%SystemRoot%\system32\sysclass.dll,-3023 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{49CE6AC8-6F86-11D2-B1E5-0080C72E74A2}] : (Dot4Print) [] -> @%SystemRoot%\system32\sysclass.dll,-3024 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}] : (CDROM) [] -> @%SystemRoot%\System32\StorProp.dll,-17001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E966-E325-11CE-BFC1-08002BE10318}] : (Computer) [] -> @%SystemRoot%\System32\SysClass.dll,-3000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}] : (DiskDrive) [] -> @%SystemRoot%\System32\StorProp.dll,-17000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}] : (Display) [] -> @DispCI.dll,-3100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}] : (fdc) [] -> @%SystemRoot%\System32\SysClass.Dll,-3013 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}] : (hdc) [] -> @%SystemRoot%\System32\SysClass.Dll,-3001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}] : (Keyboard) [] -> @%SystemRoot%\System32\SysClass.Dll,-3002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96C-E325-11CE-BFC1-08002BE10318}] : (MEDIA) [] -> @mmci.dll,-3000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}] : (Modem) [] -> @%SystemRoot%\System32\mdminst.dll,-14100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}] : (Monitor) [] -> @Montr_CI.dll,-3100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96F-E325-11CE-BFC1-08002BE10318}] : (Mouse) [] -> @%SystemRoot%\System32\SysClass.Dll,-3004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E970-E325-11CE-BFC1-08002BE10318}] : (MTD) [] -> @SysClass.Dll,-3021 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E971-E325-11CE-BFC1-08002BE10318}] : (MultiFunction) [] -> @%SystemRoot%\System32\SysClass.Dll,-3014 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}] : (Net) [] -> @NetCfgx.dll,-1502 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E973-E325-11CE-BFC1-08002BE10318}] : (NetClient) [] -> @NetCfgx.dll,-1504 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E974-E325-11CE-BFC1-08002BE10318}] : (NetService) [] -> @NetCfgx.dll,-1505 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E975-E325-11CE-BFC1-08002BE10318}] : (NetTrans) [] -> @NetCfgx.dll,-1503 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E977-E325-11CE-BFC1-08002BE10318}] : (PCMCIA) [] -> @%SystemRoot%\System32\SysClass.Dll,-3010 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E978-E325-11CE-BFC1-08002BE10318}] : (Ports) [] -> @%SystemRoot%\System32\msports.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E979-E325-11CE-BFC1-08002BE10318}] : (Printer) [] -> @%systemroot%\system32\ntprint.dll,-1004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}] : (SCSIAdapter) [] -> @%SystemRoot%\System32\SysClass.Dll,-3005 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E97D-E325-11CE-BFC1-08002BE10318}] : (System) [] -> @%SystemRoot%\System32\SysClass.Dll,-3008 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E97E-E325-11CE-BFC1-08002BE10318}] : (Unknown) [] -> @%SystemRoot%\System32\SysClass.Dll,-3009 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}] : (FloppyDisk) [] -> @%SystemRoot%\System32\SysClass.Dll,-3015 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50127DC3-0F36-415E-A6CC-4CB3BE910B65}] : (Processor) [] -> @%SystemRoot%\system32\procinst.dll,-100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50906CB8-BA12-11D1-BF5D-0000F805F530}] : (MultiPortSerial) [] -> @%SystemRoot%\system32\sysclass.dll,-3022 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5099944A-F6B9-4057-A056-8C550228544C}] : (Memory) [] -> @%SystemRoot%\System32\SysClass.Dll,-3018 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50DD5230-BA8A-11D1-BF5D-0000F805F530}] : (SmartCardReader) [] -> @StorProp.dll,-17002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5175D334-C371-4806-B3BA-71FD53C9258D}] : (Sensor) [] -> @%systemroot%\system32\SensorsCpl.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] : (VolumeSnapshot) [] -> @%SystemRoot%\System32\SysClass.Dll,-3011 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53D29EF7-377C-4D14-864B-EB3A85769359}] : (BiometricDevice) [] -> @%SystemRoot%\System32\SysClass.DLL,-3028 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] : (1394) [] -> @%SystemRoot%\System32\SysClass.Dll,-3016 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC5-810F-11D0-BEC7-08002BE2092F}] : (Infrared) [] -> @NetCfgx.dll,-1501 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}] : (Image) [] -> @%systemroot%\system32\sti_ci.dll,-52 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6D807884-7D21-11CF-801C-08002BE10318}] : (TapeDrive) [] -> @%SystemRoot%\System32\SysClass.Dll,-3006 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6FAE73B7-B735-4B50-A0DA-0DC2484B1F1A}] : (nvlddmkm) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] : (Volume) [] -> @%SystemRoot%\System32\SysClass.Dll,-3007 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{72631E54-78A4-11D0-BCF7-00AA00B7B32A}] : (Battery) [] -> @%SystemRoot%\system32\batt.dll,-100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] : (HIDClass) [] -> @hid.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{7EBEFBC0-3200-11D2-B4C2-00A0C9697D07}] : (61883) [] -> @%SystemRoot%\System32\SysClass.Dll,-3019 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{88BAE032-5A81-49F0-BC3D-A4FF138216D6}] : (UsbDevice) [] -> @oem46.inf,%ClassName%;Universal Serial Bus devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8ECC055D-047F-11D1-A537-0000F8753ED1}] : (LegacyDriver) [] -> @%SystemRoot%\System32\SysClass.Dll,-3003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{990A2BD7-E738-46C7-B26F-1CF8FB9F1391}] : (SmartCard) [] -> @sccls.dll,-300 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{997B5D8D-C442-4F2E-BAF3-9C8E671E9E21}] : (SideShow) [] -> @%systemroot%\system32\AuxiliaryDisplayClassInstaller.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] : (SDHost) [] -> @%SystemRoot%\System32\SysClass.Dll,-3012 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{A73C93F1-9727-4D1D-ACE1-0E333BA4E7DB}] : (nvlddmkm) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{BC103702-DD72-406F-9B28-95C868337B59}] : (Transfer Cable) [] -> @%SystemRoot%\System32\migwiz\migres.dll,-20 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{C06FF265-AE09-48F0-812C-16753D7CBA83}] : (AVC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3027 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{CE5939AE-EBDE-11D0-B181-0000F8753EC4}] : (MediumChanger) [] -> @%SystemRoot%\System32\StorProp.dll,-17003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] : (SBP2) [] -> @%SystemRoot%\System32\SysClass.Dll,-3017 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{D61CA365-5AF4-4486-998B-9DB4734C6CA3}] : (XnaComposite) [] -> @%SystemRoot%\system32\XInput9_1_0.dll,-1000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] : (SecurityDevices) [] -> @%SystemRoot%\System32\SysClass.Dll,-3020 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{DB4F6DDD-9C0E-45E4-9597-78DBBAD0F412}] : (SmartCardFilter) [] -> @sccls.dll,-301 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{E0CBF06C-CD8B-4647-BB8A-263B43F0F974}] : (Bluetooth) [] -> @%SystemRoot%\system32\bthci.dll,-4001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}] : (WPD) [] -> @wpd_ci.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5] -> elstrans.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) ---------- | Loaded modules (whitelist) [01/10/2016 02:26:00] - (6.8.0.67) - (AO Kaspersky Lab - Kaspersky Unified Driver) - C:\Windows\system32\DRIVERS\kl1.sys [26/12/2016 20:27:10] - (4.1.28.0) - (AO Kaspersky Lab - Cryptographic Module Driver x64 (56 bit)) - C:\Windows\system32\DRIVERS\cm_km.sys [22/12/2016 07:13:36] - (14.0.0.9) - (AO Kaspersky Lab - Backup Disk Filter [fre_wnet_x64]) - C:\Windows\system32\DRIVERS\klbackupdisk.sys [20/06/2017 22:14:54] - (13.0.136.60) - (AO Kaspersky Lab - klhk [fre_wlh_x64]) - C:\Windows\system32\DRIVERS\klhk.sys [27/12/2016 07:56:50] - (14.0.0.23) - (AO Kaspersky Lab - Backup File Filter [fre_wlh_x64]) - C:\Windows\system32\DRIVERS\klbackupflt.sys [31/08/2017 16:15:21] - (13.0.56.0) - (AO Kaspersky Lab - Filter Core [fre_wlh_x64]) - C:\Windows\system32\DRIVERS\klflt.sys [31/08/2017 16:15:21] - (13.0.349.0) - (AO Kaspersky Lab - Core System Interceptors [fre_wlh_x64]) - C:\Windows\system32\DRIVERS\klif.sys [20/06/2017 22:14:54] - (13.0.0.9) - (AO Kaspersky Lab - Format Recognizer [fre_wnet_x64]) - C:\Windows\system32\DRIVERS\klpd.sys [20/06/2017 22:14:54] - (13.0.0.12) - (AO Kaspersky Lab - Legacy Network Filter [fre_wnet_x64]) - C:\Windows\system32\DRIVERS\kltdi.sys [20/06/2017 22:14:54] - (13.0.0.37) - (AO Kaspersky Lab - WFP Network Connection Filter Driver [fre_win7_x64]) - C:\Windows\system32\DRIVERS\klwtp.sys [11/10/2016 14:14:28] - (14.0.0.16) - (AO Kaspersky Lab - Packet Network Filter [fre_wlh_x64]) - C:\Windows\system32\DRIVERS\klim6.sys [14/07/2009 02:00:40] - (6.1.7600.16385) - (Brother Industries Ltd. - Pilote Brother Série I/F (WDM)) - C:\Windows\system32\DRIVERS\serial.sys [20/06/2017 22:14:54] - (13.0.0.40) - (AO Kaspersky Lab - Network Processor [fre_wnet_x64]) - C:\Windows\system32\DRIVERS\kneps.sys [03/04/2018 17:29:09] - (23.21.13.9135) - (NVIDIA Corporation - NVIDIA Windows Kernel Mode Driver, Version 391.35) - C:\Windows\system32\DRIVERS\nvlddmkm.sys [07/06/2016 01:31:06] - (9.0.0.21) - (The OpenVPN Project - TAP-Windows Virtual Network Driver (NDIS 6.0)) - C:\Windows\system32\DRIVERS\kltap.sys [12/02/2017 16:52:58] - (1.0.0.103) - (Scarlet.Crush Productions - Scp Virtual Bus Driver) - C:\Windows\system32\DRIVERS\ScpVBus.sys [26/01/2018 14:17:11] - (4.4.0.0) - (NVIDIA Corporation - NVIDIA Virtual Audio Driver) - C:\Windows\system32\drivers\nvvad64v.sys [26/01/2018 14:17:11] - (202.0.0.0) - (NVIDIA Corporation - Virtual USB Host Controller driver) - C:\Windows\system32\DRIVERS\nvvhci.sys [03/02/2018 15:29:55] - (1.3.36.6) - (NVIDIA Corporation - NVIDIA HDMI Audio Driver) - C:\Windows\system32\drivers\nvhda64v.sys [07/12/2016 09:38:46] - (13.0.0.5) - (AO Kaspersky Lab - Mouse Device Filter [fre_wlh_x64]) - C:\Windows\system32\DRIVERS\klmouflt.sys [23/12/2016 09:19:30] - (13.0.0.8) - (AO Kaspersky Lab - Keyboard Device Filter [fre_wlh_x64]) - C:\Windows\system32\DRIVERS\klkbdflt.sys [31/05/2016 23:24:06] - (12.0.0.1) - (AO Kaspersky Lab - Virtual Disk [fre_wnet_x64]) - C:\Windows\system32\DRIVERS\kldisk.sys ---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service R0 - [Kernel Driver] - ACPI (Pilote ACPI Microsoft) -> system32\drivers\ACPI.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - amdxata () -> system32\drivers\amdxata.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - atapi (Canal IDE) -> system32\drivers\atapi.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - CLFS (@%SystemRoot%\system32\clfs.sys,-100) -> System32\CLFS.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - cm_km (AO Kaspersky Lab Cryptographic Module x64 (56 bit)) -> system32\DRIVERS\cm_km.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - CNG () -> System32\Drivers\cng.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - Disk (Pilote de disque) -> system32\drivers\disk.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) -> system32\drivers\fileinfo.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) -> system32\drivers\fltmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) -> System32\DRIVERS\fvevol.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) -> System32\drivers\hwpolicy.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - iaStorA () -> system32\DRIVERS\iaStorA.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - iaStorF () -> system32\DRIVERS\iaStorF.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - iusb3hcs (Pilote de commutateur de contrôleur d'hôte Intel(R) USB 3.0) -> system32\DRIVERS\iusb3hcs.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - kl1 (kl1) -> system32\DRIVERS\kl1.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - klbackupdisk (Kaspersky Lab klbackupdisk) -> system32\DRIVERS\klbackupdisk.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - KSecDD () -> System32\Drivers\ksecdd.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - KSecPkg () -> System32\Drivers\ksecpkg.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) -> System32\drivers\mountmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - msahci () -> system32\drivers\msahci.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - msisadrv () -> system32\drivers\msisadrv.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - Mup (@%systemroot%\system32\drivers\mup.sys,-101) -> System32\Drivers\mup.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) -> system32\drivers\ndis.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) -> System32\drivers\partmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - pci (Pilote de bus PCI) -> system32\drivers\pci.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - pcw (Performance Counters for Windows Driver) -> System32\drivers\pcw.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - rdyboost (ReadyBoost) -> System32\drivers\rdyboost.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - spldr (Security Processor Loader Driver) -> (?) - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - Tcpip (@%SystemRoot%\system32\tcpipcfg.dll,-50003) -> System32\drivers\tcpip.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - vdrvroot (Pilote d’énumérateur de lecteur virtuel Microsoft) -> system32\drivers\vdrvroot.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volmgr (Pilote du Gestionnaire de volume) -> system32\drivers\volmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) -> System32\drivers\volmgrx.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volsnap (Volumes de stockage) -> system32\DRIVERS\volsnap.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) -> system32\drivers\Wdf01000.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) -> \SystemRoot\system32\drivers\afd.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Beep (Beep) -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - blbdrive () -> system32\DRIVERS\blbdrive.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - cdrom (Pilote de CD-ROM) -> system32\DRIVERS\cdrom.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - DfsC (@%systemroot%\system32\drivers\dfsc.sys,-101) -> System32\Drivers\dfsc.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - discache (@%systemroot%\system32\drivers\discache.sys,-102) -> System32\drivers\discache.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - klbackupflt (Kaspersky Lab klbackupflt) -> system32\DRIVERS\klbackupflt.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - klhk (Kaspersky Lab service driver) -> system32\DRIVERS\klhk.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - KLIF (Kaspersky Lab Driver) -> system32\DRIVERS\klif.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - KLIM6 (Kaspersky Anti-Virus NDIS 6 Filter) -> system32\DRIVERS\klim6.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - klpd (Kaspersky Lab format recognizer driver) -> system32\DRIVERS\klpd.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - kltdi (kltdi) -> system32\DRIVERS\kltdi.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Klwtp (KLwtp - WFP callout traffic inspector) -> system32\DRIVERS\klwtp.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - kneps (kneps) -> system32\DRIVERS\kneps.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - Msfs () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - mssmbios (Pilote BIOS de gestion de systèmes Microsoft) -> \SystemRoot\system32\drivers\mssmbios.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - NetBIOS (NetBIOS Interface) -> system32\DRIVERS\netbios.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - NetBT (@%SystemRoot%\system32\drivers\netbt.sys,-2) -> System32\DRIVERS\netbt.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - Npfs () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) -> system32\drivers\nsiproxy.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Null () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Psched (@%SystemRoot%\System32\drivers\pacer.sys,-101) -> system32\DRIVERS\pacer.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) -> system32\DRIVERS\rdbss.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - RDPCDD (@%systemroot%\system32\DRIVERS\RDPCDD.sys,-100) -> System32\DRIVERS\RDPCDD.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - RDPENCDD (@%systemroot%\system32\drivers\RDPENCDD.sys,-101) -> system32\drivers\rdpencdd.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - RDPREFMP (@%systemroot%\system32\drivers\RdpRefMp.sys,-101) -> system32\drivers\rdprefmp.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Serial (Pilote de port série) -> system32\DRIVERS\serial.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) -> system32\DRIVERS\tdx.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - TermDD (Pilote de périphérique terminal) -> \SystemRoot\system32\drivers\termdd.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - VgaSave () -> \SystemRoot\System32\drivers\vga.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Wanarpv6 (@%systemroot%\system32\rascfg.dll,-32012) -> system32\DRIVERS\wanarp.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - WfpLwf (WFP Lightweight Filter) -> system32\DRIVERS\wfplwf.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - kldisk (kldisk) -> system32\DRIVERS\kldisk.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - lltdio (Link-Layer Topology Discovery Mapper I/O Driver) -> system32\DRIVERS\lltdio.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) -> \SystemRoot\system32\drivers\luafv.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - PEAUTH (PEAUTH) -> system32\drivers\peauth.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - rspndr (Link-Layer Topology Discovery Responder) -> system32\DRIVERS\rspndr.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - tcpipreg (TCP/IP Registry Compatibility) -> System32\drivers\tcpipreg.sys - AcceptPause: False - AcceptStop: True ---------- | System files (Microsoft|Avast|Atheros|Adaptec|Brother|Intel Files whitelisted) ---------- | Uninstall (Whitelist) [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\GIMP-2_is1] : (GIMP 2.8.22.-.The GIMP Team) -> "C:\Program Files\GIMP 2\uninst\unins000.exe" [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{3DE56A70-06BA-4863-8FBB-45D041AF0C7A}] : (ANT Drivers Installer x64.-.Garmin Ltd or its subsidiaries) -> MsiExec.exe /I{3DE56A70-06BA-4863-8FBB-45D041AF0C7A} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{4B7277C7-9CEE-45FC-B36B-19AD28281B9C}] : (Backup and Sync from Google.-.Google, Inc.) -> MsiExec.exe /X{4B7277C7-9CEE-45FC-B36B-19AD28281B9C} ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{66C5838F-B854-4A55-89E6-A6138747A4DF}] : (Epic Games Launcher Prerequisites (x64).-.Epic Games, Inc.) -> MsiExec.exe /X{66C5838F-B854-4A55-89E6-A6138747A4DF} ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel] : (NVIDIA Ansel.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel] : (Panneau de configuration NVIDIA 391.35.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update] : (Mises à jour NVIDIA 31.1.10.0.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer] : (DisplayDriverAnalyzer.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv] : (NVIDIA SHIELD Streaming.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer] : (NVIDIA Install Application.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvBackend] : (NVIDIA Backend.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer] : (NVIDIA Container.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.ContainerTelemetryApiHelper] : (NVIDIA TelemetryApi helper for NvContainer.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.LocalSystem] : (NVIDIA LocalSystem Container.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.MessageBus] : (NVIDIA Message Bus for NvContainer.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NetworkService] : (NVIDIA NetworkService Container.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.Session] : (NVIDIA Session Container.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.User] : (NVIDIA User Container.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainer] : (NVIDIA Display Container.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainerLS] : (NVIDIA Display Container LS.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayPluginWatchdog] : (NVIDIA Display Watchdog Plugin.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplaySessionContainer] : (NVIDIA Display Session Container.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs] : (NVIDIA NodeJS.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvPlugin.Watchdog] : (NVIDIA Watchdog Plugin for NvContainer.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry] : (NVIDIA Telemetry Client.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetryContainer] : (NVIDIA Telemetry Container.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci] : (NVIDIA Virtual Host Controller.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_OSC] : (Nvidia Share.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay] : (NVIDIA ShadowPlay 3.13.1.30.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController] : (NVIDIA SHIELD Wireless Controller Driver.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core] : (NVIDIA Update Core.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver] : (NVIDIA Virtual Audio 4.04.0.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B7CC660E-F31D-490C-BD2A-2CB2EC5A5E3A}] : (Intel(R) Chipset Device Software.-.Intel Corporation) -> MsiExec.exe /I{B7CC660E-F31D-490C-BD2A-2CB2EC5A5E3A} ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B9C27F57-AB84-425F-9D00-E18C5D65C18D}] : (Intel(R) Rapid Storage Technology.-.Intel Corporation) -> MsiExec.exe /I{B9C27F57-AB84-425F-9D00-E18C5D65C18D} ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{D4FC649C-0247-4873-930D-D9E6904DCAF5}] : (Intel(R) Management Engine Components.-.Intel Corporation) -> MsiExec.exe /I{D4FC649C-0247-4873-930D-D9E6904DCAF5} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Adobe Flash Player NPAPI] : (Adobe Flash Player 29 NPAPI.-.Adobe Systems Incorporated) -> C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_140_Plugin.exe -maintain plugin [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Adobe Flash Player PPAPI] : (Adobe Flash Player 29 PPAPI.-.Adobe Systems Incorporated) -> C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_140_pepper.exe -maintain pepperplugin ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallWIX_{5AAE61FF-858E-453E-B8F3-944618149975}] : (Kaspersky Total Security.-.Kaspersky Lab) -> MsiExec.exe /I{5AAE61FF-858E-453E-B8F3-944618149975} REMOVE=ALL [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallWIX_{F33C0717-8E04-4EB5-90C8-47221287DB4F}] : (Kaspersky Secure Connection.-.Kaspersky Lab) -> MsiExec.exe /I{F33C0717-8E04-4EB5-90C8-47221287DB4F} REMOVE=ALL [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Mobile Broadband HL Service] : (Mobile Broadband HL Service.-.Huawei Technologies Co.,Ltd) -> C:\Program Files (x86)\MobileBrServ\uninstall.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{08610298-29AE-445B-B37D-EFBE05802967}] : (LWS Pictures And Video.-.Logitech) -> MsiExec.exe /I{08610298-29AE-445B-B37D-EFBE05802967} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{155C4F2E-7381-4B80-B258-FD0600C9C46B}] : (OpenOffice 4.1.5.-.Apache Software Foundation) -> MsiExec.exe /I{155C4F2E-7381-4B80-B258-FD0600C9C46B} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{15634701-BACE-4449-8B25-1567DA8C9FD3}] : (CameraHelperMsi.-.Logitech) -> MsiExec.exe /I{15634701-BACE-4449-8B25-1567DA8C9FD3} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1651216E-E7AD-4250-92A1-FB8ED61391C9}] : (LWS Help_main.-.Logitech) -> MsiExec.exe /I{1651216E-E7AD-4250-92A1-FB8ED61391C9} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{174A3B31-4C43-43DD-866F-73C9DB887B48}] : (LWS Twitter.-.Logitech) -> MsiExec.exe /I{174A3B31-4C43-43DD-866F-73C9DB887B48} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{178D3388-656C-4326-BFFF-3607481CA5BB}] : (Garmin Express.-.Garmin Ltd or its subsidiaries) -> MsiExec.exe /I{178D3388-656C-4326-BFFF-3607481CA5BB} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}] : (LWS YouTube Plugin.-.Logitech) -> MsiExec.exe /I{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}] : (Skype™ 7.40.-.Skype Technologies S.A.) -> MsiExec.exe /X{3B7E914A-93D5-4A29-92BB-AF8C3F66C431} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}] : (erLT.-.Logitech, Inc.) -> MsiExec.exe /I{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{5AAE61FF-858E-453E-B8F3-944618149975}] : (Kaspersky Total Security.-.Kaspersky Lab) -> MsiExec.exe /I{5AAE61FF-858E-453E-B8F3-944618149975} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}] : (Google Update Helper.-.Google Inc.) -> MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}] : (LWS Gallery.-.Logitech) -> MsiExec.exe /I{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{71E66D3F-A009-44AB-8784-75E2819BA4BA}] : (LWS Motion Detection.-.Logitech) -> MsiExec.exe /I{71E66D3F-A009-44AB-8784-75E2819BA4BA} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}] : (LWS Launcher.-.Logitech) -> MsiExec.exe /I{83C8FA3C-F4EA-46C4-8392-D3CE353738D6} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{8937D274-C281-42E4-8CDB-A0B2DF979189}] : (LWS Webcam Software.-.Logitech) -> MsiExec.exe /I{8937D274-C281-42E4-8CDB-A0B2DF979189} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{9DAEA76B-E50F-4272-A595-0124E826553D}] : (LWS WLM Plugin.-.Logitech) -> MsiExec.exe /I{9DAEA76B-E50F-4272-A595-0124E826553D} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-0804-1033-1959-001824265200}] : (Adobe Refresh Manager.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-0804-1033-1959-001824265200} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}] : (Adobe Acrobat Reader DC - Français.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-AC0F074E4100} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{B7768089-44E1-4B51-9213-737959C689E5}] : (Elevated Installer.-.Garmin Ltd or its subsidiaries) -> MsiExec.exe /I{B7768089-44E1-4B51-9213-737959C689E5} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{C6C8A534-050C-40E9-92FC-4D06A8A487C8}] : (Garmin Express Tray.-.Garmin Ltd or its subsidiaries) -> MsiExec.exe /I{C6C8A534-050C-40E9-92FC-4D06A8A487C8} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F33C0717-8E04-4EB5-90C8-47221287DB4F}] : (Kaspersky Secure Connection.-.Kaspersky Lab) -> MsiExec.exe /I{F33C0717-8E04-4EB5-90C8-47221287DB4F} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}] : (LWS Facebook.-.Logitech) -> MsiExec.exe /I{FF167195-9EE4-46C0-8CD7-FBA3457E88AB} ---------- | Ports ---------- | Installer [HKCR\Installer\Products\07A65ED3AB603684F8BB540D14FAC0A7] : ANT Drivers Installer x64 [HKCR\Installer\Products\10743651ECAB9444B8525176ADC8F93D] : CameraHelperMsi [HKCR\Installer\Products\13B3A47134C4DD3468F6379CBD88B784] : LWS Twitter [HKCR\Installer\Products\435A8C6CC0509E0429CFD4608A4A788C] : Garmin Express Tray [HKCR\Installer\Products\442FE3E105560C53AB952B588EEF4469] : Google Chrome [HKCR\Installer\Products\472D7398182C4E24C8BD0A2BFD791998] : LWS Webcam Software [HKCR\Installer\Products\4920FD12D9B61474BAF62BBABF2D83E7] : LWS YouTube Plugin [HKCR\Installer\Products\591761FF4EE90C64C87DBF3A54E788BA] : LWS Facebook [HKCR\Installer\Products\68AB67CA408033019195008142622500] : Adobe Refresh Manager -> C:\Windows\Installer\{AC76BA86-0804-1033-1959-001824265200}\ARPPRODUCTICON.exe [HKCR\Installer\Products\68AB67CA7DA76301B744CAF070E41400] : Adobe Acrobat Reader DC - Français -> C:\Windows\Installer\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}\SC_Reader.ico [HKCR\Installer\Products\7170C33F40E85BE4098C74222178BDF4] : Kaspersky Secure Connection -> C:\Windows\Installer\{F33C0717-8E04-4EB5-90C8-47221287DB4F}\arp.ico [HKCR\Installer\Products\75F72C9B48BAF524D9001EC8D5561CD8] : Intel(R) Rapid Storage Technology [HKCR\Installer\Products\7C7727B4EEC9CF543BB691DA8282B1C9] : Backup and Sync from Google -> C:\Windows\Installer\{4B7277C7-9CEE-45FC-B36B-19AD28281B9C}\DriveIcon [HKCR\Installer\Products\8833D871C6566234FBFF637084C15ABB] : Garmin Express [HKCR\Installer\Products\89201680EA92B5443BD7FEEB50089276] : LWS Pictures And Video [HKCR\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E] : Google Update Helper [HKCR\Installer\Products\9808677B1E4415B429313797956C985E] : Elevated Installer -> C:\Windows\Installer\{B7768089-44E1-4B51-9213-737959C689E5}\express.ico [HKCR\Installer\Products\A089CE062ADB6BC44A720BA745894BAC] : Google Update Helper [HKCR\Installer\Products\A419E7B35D3992A429BBFAC8F3664C13] : Skype™ 7.40 -> C:\Windows\Installer\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}\SkypeIcon.exe [HKCR\Installer\Products\B67AEAD9F05E27245A5910428E6255D3] : LWS WLM Plugin [HKCR\Installer\Products\C3AF8C38AE4F4C6438293DEC5373836D] : LWS Launcher [HKCR\Installer\Products\C3CE67F61B43E63479BF845CD8B7DEDC] : LWS Gallery [HKCR\Installer\Products\C946CF4D7420378439D09D6E09D4AC5F] : Intel(R) Management Engine Components [HKCR\Installer\Products\E066CC7BD13FC094DBA2C22BCEA5E5A3] : Intel(R) Chipset Device Software [HKCR\Installer\Products\E2F4C551183708B42B85DF60009C4CB6] : OpenOffice 4.1.5 -> C:\Windows\Installer\{155C4F2E-7381-4B80-B258-FD0600C9C46B}\soffice.ico [HKCR\Installer\Products\E6121561DA7E0524291ABFE86D31199C] : LWS Help_main [HKCR\Installer\Products\F3D66E17900ABA447848572E18B94AAB] : LWS Motion Detection [HKCR\Installer\Products\F8385C66458B55A4986E6A3178744AFD] : Epic Games Launcher Prerequisites (x64) -> C:\Windows\Installer\{66C5838F-B854-4A55-89E6-A6138747A4DF}\UnrealEngineLauncher.ico [HKCR\Installer\Products\FF16EAA5E858E3548B3F496481419957] : Kaspersky Total Security -> C:\Windows\Installer\{5AAE61FF-858E-453E-B8F3-944618149975}\arp.ico ---------- | ADS ---------- | Drives ---------- | MBR 64 bits not supported by MBR.exe, Dump : C:\QuickDiag\MBR.Bin ---------- | 20 LastEventLog Nom de l’application défaillante The Fishing Club 3D.exe, version : 5.5.2.10711, horodatage : 0x58ad74ab Nom du module défaillant : The Fishing Club 3D.exe, version : 5.5.2.10711, horodatage : 0x58ad74ab Code d’exception : 0xc0000005 Décalage d’erreur : 0x006a8cf6 ID du processus défaillant : 0x2ed0 Heure de début de l’application défaillante : 0x01d3d591dc612f24 Chemin d’accès de l’application défaillante : D:\Program Files (x86)\Steam\steamapps\common\The Fishing Club 3D\The Fishing Club 3D.exe Chemin d’accès du module défaillant: D:\Program Files (x86)\Steam\steamapps\common\The Fishing Club 3D\The Fishing Club 3D.exe ID de rapport : 2206680d-4185-11e8-a2c2-74d435beb381 ------------ Les notifications ne sont pas actives pour le volume C:\. Contexte : Application Windows Détails : Quota insuffisant pour terminer le service demandé. (HRESULT : 0x800705ad) (0x800705ad) ------------ Le déchargement des chaînes de compteurs de performances pour le service WmiApRpl (WmiApRpl) a échoué. Le premier DWORD de la section Data contient le code d’erreur. ------------ Les chaînes de performance dans la valeur de Registre Performance sont endommagées lors du traitement du fournisseur de compteurs d’extension Performance. La valeur BaseIndex à partir du Registre de performance est le premier DWORD dans la section Données, la valeur LastCounter est le deuxième DWORD dans la section Données, et la valeur LastHelp est le troisième DWORD dans la section Données. ------------ Les chaînes de performance dans la valeur de Registre Performance sont endommagées lors du traitement du fournisseur de compteurs d’extension Performance. La valeur BaseIndex à partir du Registre de performance est le premier DWORD dans la section Données, la valeur LastCounter est le deuxième DWORD dans la section Données, et la valeur LastHelp est le troisième DWORD dans la section Données. ------------ Le déchargement des chaînes de compteurs de performances pour le service WmiApRpl (WmiApRpl) a échoué. Le premier DWORD de la section Data contient le code d’erreur. ------------ Les chaînes de performance dans la valeur de Registre Performance sont endommagées lors du traitement du fournisseur de compteurs d’extension Performance. La valeur BaseIndex à partir du Registre de performance est le premier DWORD dans la section Données, la valeur LastCounter est le deuxième DWORD dans la section Données, et la valeur LastHelp est le troisième DWORD dans la section Données. ------------ Les chaînes de performance dans la valeur de Registre Performance sont endommagées lors du traitement du fournisseur de compteurs d’extension Performance. La valeur BaseIndex à partir du Registre de performance est le premier DWORD dans la section Données, la valeur LastCounter est le deuxième DWORD dans la section Données, et la valeur LastHelp est le troisième DWORD dans la section Données. ------------ Le déchargement des chaînes de compteurs de performances pour le service WmiApRpl (WmiApRpl) a échoué. Le premier DWORD de la section Data contient le code d’erreur. ------------ Les chaînes de performance dans la valeur de Registre Performance sont endommagées lors du traitement du fournisseur de compteurs d’extension Performance. La valeur BaseIndex à partir du Registre de performance est le premier DWORD dans la section Données, la valeur LastCounter est le deuxième DWORD dans la section Données, et la valeur LastHelp est le troisième DWORD dans la section Données. ------------ Les chaînes de performance dans la valeur de Registre Performance sont endommagées lors du traitement du fournisseur de compteurs d’extension Performance. La valeur BaseIndex à partir du Registre de performance est le premier DWORD dans la section Données, la valeur LastCounter est le deuxième DWORD dans la section Données, et la valeur LastHelp est le troisième DWORD dans la section Données. ------------ Les notifications ne sont pas actives pour le volume C:\. Contexte : Application Windows Détails : Quota insuffisant pour terminer le service demandé. (HRESULT : 0x800705ad) (0x800705ad) ------------ Le déchargement des chaînes de compteurs de performances pour le service WmiApRpl (WmiApRpl) a échoué. Le premier DWORD de la section Data contient le code d’erreur. ------------ Les chaînes de performance dans la valeur de Registre Performance sont endommagées lors du traitement du fournisseur de compteurs d’extension Performance. La valeur BaseIndex à partir du Registre de performance est le premier DWORD dans la section Données, la valeur LastCounter est le deuxième DWORD dans la section Données, et la valeur LastHelp est le troisième DWORD dans la section Données. ------------ Les chaînes de performance dans la valeur de Registre Performance sont endommagées lors du traitement du fournisseur de compteurs d’extension Performance. La valeur BaseIndex à partir du Registre de performance est le premier DWORD dans la section Données, la valeur LastCounter est le deuxième DWORD dans la section Données, et la valeur LastHelp est le troisième DWORD dans la section Données. ------------ Le déchargement des chaînes de compteurs de performances pour le service WmiApRpl (WmiApRpl) a échoué. Le premier DWORD de la section Data contient le code d’erreur. ------------ Les chaînes de performance dans la valeur de Registre Performance sont endommagées lors du traitement du fournisseur de compteurs d’extension Performance. La valeur BaseIndex à partir du Registre de performance est le premier DWORD dans la section Données, la valeur LastCounter est le deuxième DWORD dans la section Données, et la valeur LastHelp est le troisième DWORD dans la section Données. ------------ Les chaînes de performance dans la valeur de Registre Performance sont endommagées lors du traitement du fournisseur de compteurs d’extension Performance. La valeur BaseIndex à partir du Registre de performance est le premier DWORD dans la section Données, la valeur LastCounter est le deuxième DWORD dans la section Données, et la valeur LastHelp est le troisième DWORD dans la section Données. ------------ Le déchargement des chaînes de compteurs de performances pour le service WmiApRpl (WmiApRpl) a échoué. Le premier DWORD de la section Data contient le code d’erreur. ------------ ----------( EOF)---------- - 3503 | 18:29:50