--------------- QuickDiag | g3n-h@ckm@n | V4_19.04.18.1 --------------- ----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 21/04/2018 10:09:22 Updated 19/04/2018.1 | 00.05 (GMT) by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Time Zone : (UTC+01:00) Bruxelles, Copenhague, Madrid, Paris [ABL (Administrator)] - [ABL-PC] (S-1-5-21-1173329608-3597697485-1409086752-1000) System: Microsoft Windows 7 Professionnel - Service Pack 1 - (6.1.7601) - BuildType: Multiprocessor Free - OSLanguage: 1036 (040c) -> () System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True Boot : Microsoft Windows 7 Professionnel |C:\Windows|\Device\Harddisk0\Partition2 Boot : Normal boot PC: Presario CQ56 Notebook PC - Hewlett-Packard - IdNumber: CNF04129J7 - UUID: 30464E43-3134-3932-4A37-6431505728AD Processor : X64 - 2294 Mhz - Pentium(R) Dual-Core CPU T4500 @ 2.30GHz Default System BIOS - - Hewlett-Packard - S/N: CNF04129J7 - F.05 - HPQOEM - 1 CoreTemp : 54 Celsius ----------| Quick ---------- | SoundDevice Realtek High Definition Audio - Status: OK - Manufacturer: Realtek - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0270&SUBSYS_103C1605&REV_1001\4&923B75&0&0001 ---------- | Video Mobile Intel(R) 4 Series Express Chipset Family - Resolution: 1366x768 - Colors: 4294967296 - RefreshRate: 60 - 32 Bits Per Pixel - DeviceID: VideoController1 - Drivers: igdumdx32.dll,igd10umd32.dll - PNPDeviceID: PCI\VEN_8086&DEV_2A43&SUBSYS_1605103C&REV_07\3&21436425&0&11 - AdapterCompatibility: Intel Corporation - RAM: Mobile Intel(R) 4 Series Express Chipset Family - Resolution: x - Colors: - RefreshRate: - Bits Per Pixel - DeviceID: VideoController2 - Drivers: igdumdx32.dll,igd10umd32.dll - PNPDeviceID: PCI\VEN_8086&DEV_2A42&SUBSYS_1605103C&REV_07\3&21436425&0&10 - AdapterCompatibility: Intel Corporation - RAM: 836196352 Inegrated Video Chipset DeviceName: Mobile Intel(R) 4 Series Express Chipset Family - DriverVersion: 8.15.10.2869 - SpecificationVersion: 1025 ---------- | Codecs c:\windows\system32\iyuv_32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 50176 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msg711.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 12288 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msrle32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 13312 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 18432 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msvidc32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 31744 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msgsm32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 23552 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\tsbyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 12288 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 22528 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\imaadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 17920 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\l3codeca.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 64000 - Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK c:\windows\system32\iccvid.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 82944 - Manufacturer: Radius Inc. - Status: OK ---------- | CPU CPU #1 value:19 % CPU #2 value:19 % Total Overall CPU Usage value:19 % ---------- | Network Realtek PCIe FE Family Controller : SENT:0 bytes/sec / RECVD:0 bytes/sec Ralink RT3090 802.11b_g_n WiFi Adapter : SENT:0 bytes/sec / RECVD:0 bytes/sec Microsoft Virtual WiFi Miniport Adapter : SENT:0 bytes/sec / RECVD:0 bytes/sec isatap.{D88B9BF1-4D6F-4D94-8B77-6E8B8873093C} : SENT:0 bytes/sec / RECVD:0 bytes/sec Teredo Tunneling Pseudo-Interface : SENT:0 bytes/sec / RECVD:0 bytes/sec Overall -> SEND Maxium:19 bytes/sec, / RECEIVE Maximum:0 bytes/sec WAN Miniport (SSTP) - - Microsoft - Status: - PnPID : ROOT\MS_SSTPMINIPORT\0000 WAN Miniport (IKEv2) - - Microsoft - Status: - PnPID : ROOT\MS_AGILEVPNMINIPORT\0000 WAN Miniport (L2TP) - - Microsoft - Status: - PnPID : ROOT\MS_L2TPMINIPORT\0000 WAN Miniport (PPTP) - - Microsoft - Status: - PnPID : ROOT\MS_PPTPMINIPORT\0000 WAN Miniport (PPPOE) - - Microsoft - Status: - PnPID : ROOT\MS_PPPOEMINIPORT\0000 WAN Miniport (IPv6) - - Microsoft - Status: - PnPID : ROOT\MS_NDISWANIPV6\0000 WAN Miniport (Network Monitor) - - Microsoft - Status: - PnPID : ROOT\MS_NDISWANBH\0000 Realtek PCIe FE Family Controller - Ethernet 802.3 - Realtek - Status: - PnPID : PCI\VEN_10EC&DEV_8136&SUBSYS_1605103C&REV_02\4&2D6CBFB3&0&00E1 WAN Miniport (IP) - - Microsoft - Status: - PnPID : ROOT\MS_NDISWANIP\0000 Carte Microsoft ISATAP - Tunnel - Microsoft - Status: - PnPID : ROOT\*ISATAP\0000 RAS Async Adapter - - - Status: - PnPID : Ralink RT3090 802.11b/g/n WiFi Adapter - Ethernet 802.3 - Ralink Technology, Corp. - Status: - PnPID : PCI\VEN_1814&DEV_3090&SUBSYS_1453103C&REV_00\4&1DC56AB4&0&00E0 Périphérique Bluetooth (réseau personnel) - Ethernet 802.3 - Microsoft - Status: - PnPID : BTH\MS_BTHPAN\6&27261BA1&0&2 Teredo Tunneling Pseudo-Interface - Tunnel - Microsoft - Status: - PnPID : ROOT\*TEREDO\0000 Microsoft Virtual WiFi Miniport Adapter - Ethernet 802.3 - Microsoft - Status: - PnPID : {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&11922336&0&01 Carte Microsoft 6to4 - Tunnel - Microsoft - Status: - PnPID : ROOT\*6TO4MP\0000 ---------- | Memory RAM = Total (MB) : 2026 | Free (MB) : 1232 Pagefile = Total (MB) : 4053 | Free (MB) : 2372 Virtual = Total (MB) : 2097 | Free (MB) : 1908 Physical Memory 1 : Capacity: 2147483648 - DIMM2 - Posit.: 0 - Manufacturer: Hynix - PartNumber: HYMP125S64CP8-S6 - S/N: 2FB766A9 ---------- | SID Users ABL : [S-1-5-21-1173329608-3597697485-1409086752-1000] Administrateur : [S-1-5-21-1173329608-3597697485-1409086752-500] Invité : [S-1-5-21-1173329608-3597697485-1409086752-501] Administrateurs : [S-1-5-32-544] Duplicateurs : [S-1-5-32-552] IIS_IUSRS : [S-1-5-32-568] Invités : [S-1-5-32-546] Lecteurs des journaux d’événements : [S-1-5-32-573] Opérateurs de chiffrement : [S-1-5-32-569] Opérateurs de configuration réseau : [S-1-5-32-556] Opérateurs de sauvegarde : [S-1-5-32-551] Utilisateurs : [S-1-5-32-545] Utilisateurs avec pouvoir : [S-1-5-32-547] Utilisateurs de l’Analyseur de performances : [S-1-5-32-558] Utilisateurs du Bureau à distance : [S-1-5-32-555] Utilisateurs du journal de performances : [S-1-5-32-559] Utilisateurs du modèle COM distribué : [S-1-5-32-562] ---------- | SystemAccounts Name: Tout le monde - SID: S-1-1-0 - SIDType: 5 - Status: OK Name: LOCAL - SID: S-1-2-0 - SIDType: 5 - Status: OK Name: CREATEUR PROPRIETAIRE - SID: S-1-3-0 - SIDType: 5 - Status: OK Name: GROUPE CREATEUR - SID: S-1-3-1 - SIDType: 5 - Status: OK Name: CREATOR OWNER SERVER - SID: S-1-3-2 - SIDType: 5 - Status: OK Name: CREATOR GROUP SERVER - SID: S-1-3-3 - SIDType: 5 - Status: OK Name: DROITS DU PROPRIÉTAIRE - SID: S-1-3-4 - SIDType: 5 - Status: OK Name: LIGNE - SID: S-1-5-1 - SIDType: 5 - Status: OK Name: RESEAU - SID: S-1-5-2 - SIDType: 5 - Status: OK Name: TACHE - SID: S-1-5-3 - SIDType: 5 - Status: OK Name: INTERACTIF - SID: S-1-5-4 - SIDType: 5 - Status: OK Name: SERVICE - SID: S-1-5-6 - SIDType: 5 - Status: OK Name: ANONYMOUS LOGON - SID: S-1-5-7 - SIDType: 5 - Status: OK Name: Proxy - SID: S-1-5-8 - SIDType: 5 - Status: OK Name: Système - SID: S-1-5-18 - SIDType: 5 - Status: OK Name: ENTERPRISE DOMAIN CONTROLLERS - SID: S-1-5-9 - SIDType: 5 - Status: OK Name: SELF - SID: S-1-5-10 - SIDType: 5 - Status: OK Name: Utilisateurs authentifiés - SID: S-1-5-11 - SIDType: 5 - Status: OK Name: RESTRICTED - SID: S-1-5-12 - SIDType: 5 - Status: OK Name: UTILISATEUR TERMINAL SERVER - SID: S-1-5-13 - SIDType: 5 - Status: OK Name: REMOTE INTERACTIVE LOGON - SID: S-1-5-14 - SIDType: 5 - Status: OK Name: IUSR - SID: S-1-5-17 - SIDType: 5 - Status: OK Name: SERVICE LOCAL - SID: S-1-5-19 - SIDType: 5 - Status: OK Name: SERVICE RÉSEAU - SID: S-1-5-20 - SIDType: 5 - Status: OK Name: BUILTIN - SID: S-1-5-32 - SIDType: 3 - Status: OK ---------- | Drives C:\ -> [Fixed] | [] | Total : 146.39 Go | Free : 65.18 Go -> NTFS [SATA] D:\ -> [Fixed] | [] | Total : 146.48 Go | Free : 28.23 Go -> NTFS [SATA] E:\ -> [Fixed] | [] | Total : 172.79 Go | Free : 172.7 Go -> NTFS [SATA] Disk Usage Information [1 total Physical Disks] Physical Drive #0 [C:, D:, E:] : Read:0 bytes/sec, Written:32,790 bytes/sec Max Read:0 bytes/sec, Max Write:32,790 bytes/sec Overall - Read Maximum:0 bytes/sec, Write Maximum:32,790 bytes/sec DeviceID: \\.\PHYSICALDRIVE0 - Status: OK - IDE - Fixed hard disk media - 4 Part. - PnPID : SCSI\DISK&VEN_ATA&PROD_HGST_HTS545050A7\4&2A1A62F9&0&000000 ---------- | Windows updates Downloaded last ones : 2017-02-25 18:11:47 Installed last ones : 2017-02-26 00:48:05 Next search : 2017-04-11 11:45:52 Test 1 : Possible Fixed Windows ---------- | Browsers IE : 11.0.9600.18538 (© Microsoft Corporation. Tous droits réservés.) FF : 59.0.2.6656 (©Firefox and Mozilla Developers; available under the MPL 2 license.) GC : 66.0.3359.117 (Copyright 2017 Google Inc.) Default : "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "" ---------- | FlashPlayer ---------- | Security AS : Windows Defender Enabled WMI : OK WU: Windows Update Service [Auto(2)] = Running AS: Windows Defender [Auto(2)] = Running WMI: Windows Management Instrumentation [Auto(2)] = Running ---------- | Running processes 372 | [Owner : Système | Parent : 4(System) | 0.1 Mo] - (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (6.1.7601.23572) = C:\Windows\System32\smss.exe [24/02/2017 22:06:20] CPU Usage:0 % --> Command Line : 528 | [Owner : Système | Parent : 472() | 1.38 Mo] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (6.1.7600.16385) = C:\Windows\System32\csrss.exe [14/07/2009 00:11:09] CPU Usage:0 % --> Command Line : 580 | [Owner : Système | Parent : 472() | 0.23 Mo] - (.Microsoft Corporation - Application de démarrage de Windows.) - (6.1.7600.16385) = C:\Windows\System32\wininit.exe [14/07/2009 00:36:49] CPU Usage:0 % --> Command Line : 600 | [Owner : Système | Parent : 572() | 8.89 Mo] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (6.1.7600.16385) = C:\Windows\System32\csrss.exe [14/07/2009 00:11:09] CPU Usage:0 % --> Command Line : 636 | [Owner : Système | Parent : 580(wininit.exe) | 2.99 Mo] - (.Microsoft Corporation - Applications Services et Contrôleur.) - (6.1.7601.18829) = C:\Windows\System32\services.exe [26/03/2016 23:07:20] CPU Usage:0 % --> Command Line : 652 | [Owner : Système | Parent : 580(wininit.exe) | 3.6 Mo] - (.Microsoft Corporation - Local Security Authority Process.) - (6.1.7601.23642) = C:\Windows\System32\lsass.exe [25/02/2017 17:44:17] CPU Usage:0 % --> Command Line : 660 | [Owner : Système | Parent : 580(wininit.exe) | 1.18 Mo] - (.Microsoft Corporation - Service du gestionnaire de session locale.) - (6.1.7601.17514) = C:\Windows\System32\lsm.exe [20/11/2010 22:29:11] CPU Usage:0 % --> Command Line : 728 | [Owner : Système | Parent : 572() | 1.14 Mo] - (.Microsoft Corporation - Application d’ouverture de session Windows.) - (6.1.7601.18540) = C:\Windows\System32\winlogon.exe [26/03/2016 23:05:12] CPU Usage:0 % --> Command Line : 820 | [Owner : Système | Parent : 636(services.exe) | 2.9 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 00:19:28] CPU Usage:0 % --> Command Line : 900 | [Owner : SERVICE RÉSEAU | Parent : 636(services.exe) | 2.74 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 00:19:28] CPU Usage:0 % --> Command Line : 972 | [Owner : SERVICE LOCAL | Parent : 636(services.exe) | 7.97 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 00:19:28] CPU Usage:0 % --> Command Line : 1028 | [Owner : Système | Parent : 636(services.exe) | 27.2 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 00:19:28] CPU Usage:0 % --> Command Line : 1052 | [Owner : SERVICE LOCAL | Parent : 636(services.exe) | 3.39 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 00:19:28] CPU Usage:0 % --> Command Line : 1076 | [Owner : Système | Parent : 636(services.exe) | 14.28 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 00:19:28] CPU Usage:0 % --> Command Line : 1348 | [Owner : Système | Parent : 636(services.exe) | 0.24 Mo] - (.Realtek Semiconductor - Realtek Audio Service.) - (1.0.0.55) = C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe [08/02/2016 18:57:34] CPU Usage:0 % --> Command Line : 1376 | [Owner : Système | Parent : 1348(RtkAudioService.exe) | 0.84 Mo] - (.Realtek Semiconductor - HD Audio Background Process.) - (1.0.0.185) = C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [08/02/2016 18:57:34] CPU Usage:0 % --> Command Line : 1444 | [Owner : SERVICE RÉSEAU | Parent : 636(services.exe) | 5.08 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 00:19:28] CPU Usage:0 % --> Command Line : 1616 | [Owner : Système | Parent : 636(services.exe) | 1.64 Mo] - (.Microsoft Corporation - Application sous-système spouleur.) - (6.1.7601.17514) = C:\Windows\System32\spoolsv.exe [20/11/2010 22:29:06] CPU Usage:0 % --> Command Line : 1644 | [Owner : SERVICE LOCAL | Parent : 636(services.exe) | 4.46 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 00:19:28] CPU Usage:0 % --> Command Line : 1748 | [Owner : Système | Parent : 636(services.exe) | 0.28 Mo] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - (1.824.26.5200) = C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [09/02/2018 18:02:50] CPU Usage:0 % --> Command Line : 1796 | [Owner : Système | Parent : 636(services.exe) | 0.57 Mo] - (.Andrea Electronics Corporation - Andrea filters APO access service (32-bit).) - (1.0.32.10) = C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe [08/02/2016 18:57:33] CPU Usage:0 % --> Command Line : 1836 | [Owner : Système | Parent : 636(services.exe) | 27.02 Mo] - (.AO Kaspersky Lab - Kaspersky Anti-Virus.) - (16.0.1.445) = C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.1\avp.exe [22/12/2015 04:53:58] CPU Usage:0 % --> Command Line : 1912 | [Owner : Système | Parent : 636(services.exe) | 1.33 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 00:19:28] CPU Usage:0 % --> Command Line : 1996 | [Owner : SERVICE LOCAL | Parent : 636(services.exe) | 0.42 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 00:19:28] CPU Usage:0 % --> Command Line : 1940 | [Owner : SERVICE LOCAL | Parent : 636(services.exe) | 0.4 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 00:19:28] CPU Usage:0 % --> Command Line : 2060 | [Owner : SERVICE RÉSEAU | Parent : 636(services.exe) | 1.05 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 00:19:28] CPU Usage:0 % --> Command Line : 2496 | [Owner : ABL | Parent : 636(services.exe) | 5.17 Mo] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (6.1.7601.18010) = C:\Windows\System32\taskhost.exe [26/03/2016 23:04:36] CPU Usage:0 % --> Command Line : 2872 | [Owner : Système | Parent : 2780() | 0.06 Mo] - (.Google Inc. - Google Crash Handler.) - (1.3.33.7) = C:\Program Files\Google\Update\1.3.33.7\GoogleCrashHandler.exe [20/03/2018 20:42:23] CPU Usage:0 % --> Command Line : 3064 | [Owner : ABL | Parent : 1028(svchost.exe) | 27.34 Mo] - (.Microsoft Corporation - Gestionnaire de fenêtres du Bureau.) - (6.1.7600.16385) = C:\Windows\System32\dwm.exe [14/07/2009 00:24:23] CPU Usage:0 % --> Command Line : 3088 | [Owner : ABL | Parent : 2712() | 25.49 Mo] - (.Microsoft Corporation - Explorateur Windows.) - (6.1.7601.17567) = C:\Windows\explorer.exe [26/04/2011 20:14:45] CPU Usage:0 % --> Command Line : 3180 | [Owner : ABL | Parent : 3088(explorer.exe) | 0.86 Mo] - (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) - (1.0.0.361) = C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe [08/02/2016 18:57:34] CPU Usage:0 % --> Command Line : 3188 | [Owner : ABL | Parent : 3088(explorer.exe) | 0.36 Mo] - (.Intel Corporation - igfxTray Module.) - (8.15.10.2869) = C:\Windows\System32\igfxtray.exe [08/02/2016 19:02:35] CPU Usage:0 % --> Command Line : 3228 | [Owner : ABL | Parent : 3088(explorer.exe) | 0.45 Mo] - (.Intel Corporation - hkcmd Module.) - (8.15.10.2869) = C:\Windows\System32\hkcmd.exe [08/02/2016 19:02:34] CPU Usage:0 % --> Command Line : 3276 | [Owner : ABL | Parent : 3088(explorer.exe) | 0.48 Mo] - (.Intel Corporation - persistence Module.) - (8.15.10.2869) = C:\Windows\System32\igfxpers.exe [08/02/2016 19:02:34] CPU Usage:0 % --> Command Line : 3308 | [Owner : ABL | Parent : 3088(explorer.exe) | 3.88 Mo] - (.Synaptics Incorporated - Synaptics TouchPad 32-bit Enhancements.) - (18.0.8.0) = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [08/02/2016 19:00:23] CPU Usage:0 % --> Command Line : 3344 | [Owner : ABL | Parent : 3088(explorer.exe) | 0.54 Mo] - (. - HSDPALauncher MFC Application.) - (1.0.0.1) = C:\Program Files\HSPA USB Modem\HSPALauncher.exe [09/01/2012 18:01:00] CPU Usage:0 % --> Command Line : 3712 | [Owner : ABL | Parent : 1836(avp.exe) | 4.75 Mo] - (.AO Kaspersky Lab - Kaspersky Anti-Virus.) - (16.0.1.527) = C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.1\avpui.exe [22/12/2015 04:52:14] CPU Usage:0 % --> Command Line : 3748 | [Owner : ABL | Parent : 3416() | 0.31 Mo] - (.Synaptics Incorporated - Synaptics Pointing Device Helper.) - (18.0.8.0) = C:\Program Files\Synaptics\SynTP\SynTPHelper.exe [08/02/2016 19:00:25] CPU Usage:0 % --> Command Line : 3880 | [Owner : Système | Parent : 636(services.exe) | 7.36 Mo] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.7600.16385) = C:\Windows\System32\SearchIndexer.exe [14/07/2009 01:14:13] CPU Usage:0 % --> Command Line : 4076 | [Owner : ABL | Parent : 3088(explorer.exe) | 14.75 Mo] - (.Skype Technologies S.A. - Skype .) - (7.18.0.112) = C:\Program Files\Skype\Phone\Skype.exe [10/02/2016 13:44:22] CPU Usage:0 % --> Command Line : 4088 | [Owner : ABL | Parent : 3088(explorer.exe) | 0.62 Mo] - (.© 2015 Microsoft Corporation - Microsoft Bing Service.) - (1.0.6.0) = C:\Users\ABL\AppData\Local\Microsoft\BingSvc\BingSvc.exe [16/02/2016 22:07:20] CPU Usage:0 % --> Command Line : 1560 | [Owner : SERVICE LOCAL | Parent : 636(services.exe) | 1.34 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 00:19:28] CPU Usage:0 % --> Command Line : 3460 | [Owner : SERVICE RÉSEAU | Parent : 636(services.exe) | 4.06 Mo] - (.Microsoft Corporation - Service de la plateforme de protection logicielle Microsoft.) - (6.1.7601.17514) = C:\Windows\System32\sppsvc.exe [20/11/2010 22:29:12] CPU Usage:0 % --> Command Line : 1856 | [Owner : Système | Parent : 636(services.exe) | 30.88 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 00:19:28] CPU Usage:0 % --> Command Line : 172 | [Owner : ABL | Parent : 3088(explorer.exe) | 55.7 Mo] - (.Google Inc. - Google Chrome.) - (66.0.3359.117) = C:\Program Files\Google\Chrome\Application\chrome.exe [20/03/2018 20:46:42] CPU Usage:0 % --> Command Line : 3160 | [Owner : ABL | Parent : 172(chrome.exe) | 2.26 Mo] - (.Google Inc. - Google Chrome.) - (66.0.3359.117) = C:\Program Files\Google\Chrome\Application\chrome.exe [20/03/2018 20:46:42] CPU Usage:0 % --> Command Line : 1880 | [Owner : ABL | Parent : 172(chrome.exe) | 1.86 Mo] - (.Google Inc. - Google Chrome.) - (66.0.3359.117) = C:\Program Files\Google\Chrome\Application\chrome.exe [20/03/2018 20:46:42] CPU Usage:0 % --> Command Line : 3912 | [Owner : ABL | Parent : 172(chrome.exe) | 35.94 Mo] - (.Google Inc. - Google Chrome.) - (66.0.3359.117) = C:\Program Files\Google\Chrome\Application\chrome.exe [20/03/2018 20:46:42] CPU Usage:0 % --> Command Line : 3696 | [Owner : ABL | Parent : 172(chrome.exe) | 83.74 Mo] - (.Google Inc. - Google Chrome.) - (66.0.3359.117) = C:\Program Files\Google\Chrome\Application\chrome.exe [20/03/2018 20:46:42] CPU Usage:0 % --> Command Line : 3328 | [Owner : ABL | Parent : 172(chrome.exe) | 29.7 Mo] - (.Google Inc. - Google Chrome.) - (66.0.3359.117) = C:\Program Files\Google\Chrome\Application\chrome.exe [20/03/2018 20:46:42] CPU Usage:0 % --> Command Line : 912 | [Owner : ABL | Parent : 172(chrome.exe) | 7.24 Mo] - (.Google Inc. - Google Chrome.) - (66.0.3359.117) = C:\Program Files\Google\Chrome\Application\chrome.exe [20/03/2018 20:46:42] CPU Usage:0 % --> Command Line : 4868 | [Owner : ABL | Parent : 172(chrome.exe) | 14.6 Mo] - (.Google Inc. - Google Chrome.) - (66.0.3359.117) = C:\Program Files\Google\Chrome\Application\chrome.exe [20/03/2018 20:46:42] CPU Usage:0 % --> Command Line : 5560 | [Owner : Système | Parent : 820(svchost.exe) | 3.13 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (6.1.7601.17514) = C:\Windows\System32\wbem\WmiPrvSE.exe [20/11/2010 22:29:20] CPU Usage:0 % --> Command Line : 4100 | [Owner : SERVICE RÉSEAU | Parent : 820(svchost.exe) | 14.47 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (6.1.7601.17514) = C:\Windows\System32\wbem\WmiPrvSE.exe [20/11/2010 22:29:20] CPU Usage:0 % --> Command Line : 6108 | [Owner : ABL | Parent : 172(chrome.exe) | 6.19 Mo] - (.Google Inc. - Google Chrome.) - (66.0.3359.117) = C:\Program Files\Google\Chrome\Application\chrome.exe [20/03/2018 20:46:42] CPU Usage:0 % --> Command Line : 4660 | [Owner : Système | Parent : 1836(avp.exe) | 17.34 Mo] - (.AO Kaspersky Lab - Kaspersky Anti-Virus.) - (16.0.1.445) = C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.1\avp.exe [22/12/2015 04:53:58] CPU Usage:0 % --> Command Line : 5244 | [Owner : SERVICE LOCAL | Parent : 972(svchost.exe) | 16.52 Mo] - (.Microsoft Corporation - Isolation graphique de périphérique audio Windows .) - (6.1.7601.23471) = C:\Windows\System32\audiodg.exe [12/10/2016 19:55:26] CPU Usage:0 % --> Command Line : 4108 | [Owner : ABL | Parent : 3088(explorer.exe) | 32.97 Mo] - (.SosVirus - QuickDiag.) - (19.4.18.1) = C:\Users\ABL\Downloads\QuickDiag.exe [21/04/2018 10:00:24] CPU Usage:0 % --> Command Line : ---------- | MD5 [MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - [26/04/2011 20:14:45] - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [2555 Ko] - (6.1.7601.17567) : C:\Windows\Explorer.exe [MD5.AD7B9C14083B52BC532FBA5948342B98] - [20/11/2010 22:29:12] - (.© Microsoft Corporation. Tous droits réservés. - Interpréteur de commandes Windows.) - [295.5 Ko] - (6.1.7601.17514) : C:\Windows\System32\cmd.exe [MD5.342271F6142E7C70805B8A81E1BA5F5C] - [14/07/2009 00:11:09] - (.© Microsoft Corporation. Tous droits réservés. - Processus d’exécution client-serveur.) - [6 Ko] - (6.1.7600.16385) : C:\Windows\System32\csrss.exe [MD5.A63DC5C2EA944E6657203E0C8EDEAF61] - [14/07/2009 00:43:52] - (.© Microsoft Corporation. - COM Surrogate.) - [7 Ko] - (6.1.7600.16385) : C:\Windows\System32\dllhost.exe [MD5.4D1BC518FF64EB70F6B9218A6FBFDEF6] - [22/04/2016 20:48:08] - (.© Microsoft Corporation. Tous droits réservés. - DLL du client API BASE Windows NT.) - [852 Ko] - (6.1.7601.23392) : C:\Windows\System32\Kernel32.dll [MD5.4E568DBE3FFF1A0025EB432DC929B78F] - [25/02/2017 17:44:17] - (.© Microsoft Corporation. - Local Security Authority Process.) - [21.5 Ko] - (6.1.7601.23642) : C:\Windows\System32\lsass.exe [MD5.7660F01D3B38ACA1747E397D21D790AF] - [20/11/2010 22:29:12] - (.© Microsoft Corporation. - Distributed COM Services.) - [368 Ko] - (6.1.7601.17514) : C:\Windows\System32\rpcss.dll [MD5.51138BEEA3E2C21EC44D0932C71762A8] - [14/07/2009 00:41:43] - (.© Microsoft Corporation. Tous droits réservés. - Processus hôte Windows (Rundll32).) - [43.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\rundll32.exe [MD5.0780A42DBD7D9969F9BF4A19AA4285B5] - [26/03/2016 23:07:20] - (.© Microsoft Corporation. Tous droits réservés. - Applications Services et Contrôleur.) - [253 Ko] - (6.1.7601.18829) : C:\Windows\System32\services.exe [MD5.54A47F6B5E09A77E61649109C6A08866] - [14/07/2009 00:19:28] - (.© Microsoft Corporation. Tous droits réservés. - Processus hôte pour les services Windows.) - [20.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\svchost.exe [MD5.8626F0C30D4E3564FFDD25C90F4426F1] - [24/02/2017 22:06:20] - (.© Microsoft Corporation. Tous droits réservés. - DLL client de l’API uilisateur de Windows multi-utilisateurs.) - [792.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\user32.dll [MD5.61AC3EFDFACFDD3F0F11DD4FD4044223] - [20/11/2010 22:29:06] - (.© Microsoft Corporation. Tous droits réservés. - Application d’ouverture de session Userinit.) - [26 Ko] - (6.1.7601.17514) : C:\Windows\System32\userinit.exe [MD5.B5C5DCAD3899512020D135600129D665] - [14/07/2009 00:36:49] - (.© Microsoft Corporation. Tous droits réservés. - Application de démarrage de Windows.) - [94 Ko] - (6.1.7600.16385) : C:\Windows\System32\Wininit.exe [MD5.52449FD429D6053B78AE564DEF303870] - [26/03/2016 23:05:12] - (.© Microsoft Corporation. Tous droits réservés. - Application d’ouverture de session Windows.) - [297 Ko] - (6.1.7601.18540) : C:\Windows\System32\Winlogon.exe [MD5.93B49FA857F7036A4EFF32371F6E7391] - [26/03/2016 23:19:56] - (.© Microsoft Corporation. Tous droits réservés. - Ancillary Function Driver for WinSock.) - [331 Ko] - (6.1.7601.19031) : C:\Windows\System32\Drivers\afd.sys [MD5.338C86357871C167A96AB976519BF59E] - [14/07/2009 00:11:15] - (.© Microsoft Corporation. - ATAPI IDE Miniport Driver.) - [21.08 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\atapi.sys [MD5.4B55C9F9A93B3BFD01ED7366EB0B9D2E] - [20/11/2010 22:29:03] - (.© Microsoft Corporation. - ATAPI Driver Extension.) - [129.88 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\ataport.sys [MD5.77EA11B065E0A8AB902D78145CA51E10] - [14/07/2009 00:11:15] - (.© Microsoft Corporation. - CD-ROM File System Driver.) - [69 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\cdfs.sys [MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - [20/11/2010 22:29:03] - (.© Microsoft Corporation. - SCSI CD-ROM Driver.) - [106 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\cdrom.sys [MD5.EA9DBD76CE9254C77BAAB4339DD4C4FB] - [12/10/2016 19:55:28] - (.© Microsoft Corporation. - DFS Namespace Client Driver.) - [79.5 Ko] - (6.1.7601.23542) : C:\Windows\System32\Drivers\dfsc.sys [MD5.9036377B8A6C15DC2EEC53E489D159B5] - [20/11/2010 22:29:03] - (.© Microsoft Corporation. - High Definition Audio Bus Driver.) - [106 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\hdaudbus.sys [MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - [14/07/2009 00:11:24] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de port i8042.) - [79 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\i8042prt.sys [MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - [14/07/2009 00:54:29] - (.© Microsoft Corporation. - IP Network Address Translator.) - [99.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\ipnat.sys [MD5.6284D46BAA301BEDB9AB7FA7672B2410] - [25/02/2017 17:44:17] - (.© Microsoft Corporation. - Windows NT SMB Minirdr.) - [121.5 Ko] - (6.1.7601.23642) : C:\Windows\System32\Drivers\mrxsmb.sys [MD5.9804FB2E46077F2977552347DFCA7E05] - [26/03/2016 23:17:43] - (.© Microsoft Corporation. Tous droits réservés. - Pilote NDIS 6.20.) - [695.94 Ko] - (6.1.7601.19030) : C:\Windows\System32\Drivers\ndis.sys [MD5.A00996C9BFEF29A93B9F21DBE1DC502D] - [23/06/2016 11:26:55] - (.© Microsoft Corporation. - MBT Transport driver.) - [184.5 Ko] - (6.1.7601.23451) : C:\Windows\System32\Drivers\netbt.sys [MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - [26/03/2016 23:35:30] - (.© Microsoft Corporation. Tous droits réservés. - Pilote du système de fichiers NT.) - [1183.35 Ko] - (6.1.7601.18127) : C:\Windows\System32\Drivers\ntfs.sys [MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - [14/07/2009 00:45:35] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de port parallèle.) - [77.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\parport.sys [MD5.D9F91EAFEC2815365CBE6D167E4E332A] - [14/07/2009 00:54:34] - (.© Microsoft Corporation. - RAS L2TP mini-port/call-manager driver.) - [77 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\rasl2tp.sys [MD5.B973FCFC50DC1434E1970A146F7E3885] - [20/11/2010 22:29:49] - (.© Microsoft Corporation. - Microsoft RDP Device redirector.) - [130.5 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\rdpdr.sys [MD5.3E21C083B8A01CB70BA1F09303010FCE] - [14/07/2009 00:53:41] - (.© Microsoft Corporation. - SMB Transport driver.) - [69.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\smb.sys [MD5.5579DD18546999F5D0EC39D018726C6B] - [26/03/2016 23:07:14] - (.© Microsoft Corporation. Tous droits réservés. - Pilote TCP/IP.) - [1263.94 Ko] - (6.1.7601.18438) : C:\Windows\System32\Drivers\tcpip.sys [MD5.BB8817D0508DD5EA69C770C8DEF5AB67] - [26/03/2016 23:19:56] - (.© Microsoft Corporation. - TDI Translation Driver.) - [73 Ko] - (6.1.7601.19031) : C:\Windows\System32\Drivers\tdx.sys [MD5.F497F67932C6FA693D7DE2780631CFE7] - [20/11/2010 22:29:03] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de cliché instantané du volume.) - [239.88 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\volsnap.sys ---------- | Locked Applications ---------- | Explorer.exe component call (Microsoft Files Whitelisted) (.Fraunhofer Institut Integrierte Schaltungen IIS.-.MPEG Layer-3 Audio Codec for MSACM.) - (1.9.0.401) -- C:\Windows\System32\l3codeca.acm (.Alexander Roshal.-.WinRAR shell extension.) - (5.10.4.0) -- C:\Program Files\WinRAR\rarext.dll (.AO Kaspersky Lab.-.Shell Extension.) - (16.0.1.596) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.1\shellex.dll (.AO Kaspersky Lab.-.Helper Library.) - (1.6.0.154) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.1\remote_eka_prague_loader.dll (.AO Kaspersky Lab.-.PR_REMOTE.) - (1.6.0.154) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.1\prremote.dll (.AO Kaspersky Lab.-.Prague Core.) - (1.6.0.154) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.1\prcore.dll (.AO Kaspersky Lab.-.Component service provider.) - (1.10.0.0) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.1\kl_service.dll (.AO Kaspersky Lab.-.Proxy Stubs.) - (16.0.1.596) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.1\pxstub.ppl (.AO Kaspersky Lab.-.Structure Serializer.) - (16.0.1.596) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.1\params.ppl (.AO Kaspersky Lab.-.Kaspersky Product Info library.) - (16.0.1.596) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.1\product_info.dll (.AO Kaspersky Lab.-.Product Metainformation.) - (16.0.1.690) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.1\product_metainfo.dll ---------- | Svchost.exe component call (Microsoft Files Whitelisted) (.Copyright (c) 2014 Realtek Semiconductor Corp..-.Realtek(r) LFX/GFX DSP component.) - (11.0.6000.368) -- C:\Windows\system32\RtkAPO.dll ---------- | ZeroAccess Check [HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\shell32.dll [HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll [HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll ---------- | Startings up Sidebar - (%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [HKU\S-1-5-19\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE LOCAL Sidebar - (%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [HKU\S-1-5-20\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE RÉSEAU Skype - ("C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [HKU\S-1-5-21-1173329608-3597697485-1409086752-1000\SOFTWARE\...\Run]) - User: ABL-PC\ABL BingSvc - (C:\Users\ABL\AppData\Local\Microsoft\BingSvc\BingSvc.exe [HKU\S-1-5-21-1173329608-3597697485-1409086752-1000\SOFTWARE\...\Run]) - User: ABL-PC\ABL RTHDVCPL - ("C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe" -s [HKLM\SOFTWARE\...\Run]) - User: Public IgfxTray - (C:\Windows\system32\igfxtray.exe [HKLM\SOFTWARE\...\Run]) - User: Public HotKeysCmds - (C:\Windows\system32\hkcmd.exe [HKLM\SOFTWARE\...\Run]) - User: Public Persistence - (C:\Windows\system32\igfxpers.exe [HKLM\SOFTWARE\...\Run]) - User: Public SynTPEnh - (%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [HKLM\SOFTWARE\...\Run]) - User: Public HSPALauncher - (C:\PROGRA~1\HSPAUS~1\HSPALA~1.EXE [HKLM\SOFTWARE\...\Run]) - User: Public [HKU\S-1-5-21-1173329608-3597697485-1409086752-1000\Software\Microsoft\Command Processor] "CompletionChar"=9 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=9 [HKU\S-1-5-21-1173329608-3597697485-1409086752-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun "BingSvc"=C:\Users\ABL\AppData\Local\Microsoft\BingSvc\BingSvc.exe [16/02/2016 22:07:20] [HKU\S-1-5-21-1173329608-3597697485-1409086752-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "DebugOptions"=2048 "Documents"= "DosPrint"=no "Load"= "NetMessage"=no "NullPort"=None "Programs"=com exe bat pif cmd "UserSelectedDefault"=0 "Device"=Microsoft XPS Document Writer,winspool,Ne00: [HKLM\Software\Microsoft\Command Processor] "CompletionChar"=64 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=64 [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe" -s "IgfxTray"=C:\Windows\system32\igfxtray.exe [08/02/2016 19:02:35] "HotKeysCmds"=C:\Windows\system32\hkcmd.exe [08/02/2016 19:02:34] "Persistence"=C:\Windows\system32\igfxpers.exe [08/02/2016 19:02:34] "SynTPEnh"=%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "HSPALauncher"=C:\PROGRA~1\HSPAUS~1\HSPALA~1.EXE [09/01/2012 18:01:00] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "IconServiceLib"=IconCodecService.dll "DdeSendTimeout"=0 "DesktopHeapLogging"=1 "GDIProcessHandleQuota"=10000 "ShutdownWarningDialogTimeout"=4294967295 "USERNestedWindowLimit"=50 "USERPostMessageLimit"=10000 "USERProcessHandleQuota"=10000 ""=mnmsrvc "DeviceNotSelectedTimeout"=15 "Spooler"=yes "TransmissionRetryTimeout"=90 "AppInit_DLLs"= "LoadAppInit_DLLs"=0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED} ---------- | Win.ini : ---------- | System.ini : ---------- | Config.sys : FILES=40 ---------- | Tasks List Adobe Acrobat Update Task Adobe Flash Player PPAPI Notifier Adobe Flash Player Updater GoogleUpdateTaskMachineCore GoogleUpdateTaskMachineUA {2B59714C-A834-4564-BEBF-E725BF26A3DB} ---------- | Startings up registry ? Folder ---------- | Control - lsa - SecurityProviders - Session Manager - Terminal Server [HKLM\System\CurrentControlSet\Control] "PreshutdownOrder"=wuauserv gpsvc trustedinstaller "WaitToKillServiceTimeout"=200 "CurrentUser"=USERNAME "BootDriverFlags"=0 "ServiceControlManagerExtension"=%systemroot%\system32\scext.dll "SystemStartOptions"= NOEXECUTE=OPTIN "SystemBootDevice"=multi(0)disk(0)rdisk(0)partition(2) "FirmwareBootDevice"=multi(0)disk(0)rdisk(0)partition(1) [HKLM\System\CurrentControlSet\Control\lsa] "auditbaseobjects"=0 "auditbasedirectories"=0 "crashonauditfail"=0 "fullprivilegeauditing"=0x00 "Bounds"=0x0030000000200000 "LimitBlankPasswordUse"=1 "NoLmHash"=1 "Notification Packages"=scecli "Security Packages"=kerberos msv1_0 schannel wdigest tspkg pku2u "Authentication Packages"=msv1_0 "LsaPid"=652 "SecureBoot"=1 "ProductType"=6 "disabledomaincreds"=0 "everyoneincludesanonymous"=0 "forceguest"=0 "restrictanonymous"=0 "restrictanonymoussam"=1 [HKLM\System\CurrentControlSet\Control\SecurityProviders] "SecurityProviders"=credssp.dll [HKLM\System\CurrentControlSet\Control\Session Manager] "CriticalSectionTimeout"=2592000 "GlobalFlag"=0 "HeapDeCommitFreeBlockThreshold"=0 "HeapDeCommitTotalFreeThreshold"=0 "HeapSegmentCommit"=0 "HeapSegmentReserve"=0 "ProcessorControl"=2 "ResourceTimeoutCount"=648000 "BootExecute"=autocheck autochk * "ExcludeFromKnownDlls"= "ObjectDirectories"=\Windows \RPC Control "ProtectionMode"=1 "NumberOfInitialSessions"=2 "SetupExecute"= [HKLM\System\CurrentControlSet\Control\Terminal Server] "RCDependentServices"=CertPropSvc SessionEnv "NotificationTimeOut"=0 "SnapshotMonitors"=1 "ProductVersion"=5.1 "AllowRemoteRPC"=0 "DelayConMgrTimeout"=0 "fDenyTSConnections"=1 "StartRCM"=0 "TSAdvertise"=0 "DeleteTempDirsOnExit"=1 "fSingleSessionPerUser"=1 "PerSessionTempDir"=0 "TSUserEnabled"=0 "InstanceID"=68bdd4f6-d55e-4124-bdca-b171080 "fCredentialLessLogonSupported"=1 "fCredentialLessLogonSupportedTSS"=1 "fCredentialLessLogonSupportedKMRDP"=1 ---------- | .LNK with Arguments ---------- | AppCertDlls ---------- | Dnsapi.dll C:\Windows\System32\dnsapi.dll -> OK : \drivers\etc\hosts ---------- | Policies | Registry [HKU\S-1-5-21-1173329608-3597697485-1409086752-1000\Control Panel\Desktop] "ScreenSaveActive"=1 "ActiveWndTrackTimeout"=0 "BlockSendInputResets"=0 "CaretWidth"=1 "ClickLockTime"=1200 "CoolSwitchColumns"=7 "CoolSwitchRows"=3 "CursorBlinkRate"=530 "DockMoving"=1 "DragFromMaximize"=1 "DragFullWindows"=1 "DragHeight"=4 "DragWidth"=4 "FocusBorderHeight"=1 "FocusBorderWidth"=1 "FontSmoothing"=2 "FontSmoothingGamma"=0 "FontSmoothingOrientation"=1 "FontSmoothingType"=2 "ForegroundFlashCount"=7 "ForegroundLockTimeout"=200000 "LeftOverlapChars"=3 "MenuShowDelay"=400 "PaintDesktopVersion"=0 "RightOverlapChars"=3 "SnapSizing"=1 "TileWallpaper"=0 "WallpaperOriginX"=0 "WallpaperOriginY"=0 "WallpaperStyle"=10 "WheelScrollChars"=3 "WheelScrollLines"=3 "WindowArrangementActive"=1 "UserPreferencesMask"=0x9E3E078012000000 "Wallpaper"=C:\Users\ABL\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg [08/02/2016 18:51:13] "Pattern Upgrade"=TRUE "ScreenSaveTimeOut"=3600 "ScreenSaverIsSecure"=0 "WaitToKillAppTimeout"=200 "HungAppTimeout"=200 [HKU\S-1-5-21-1173329608-3597697485-1409086752-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=0 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=0 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 [HKU\S-1-5-21-1173329608-3597697485-1409086752-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 [HKU\S-1-5-21-1173329608-3597697485-1409086752-1000\Software\Microsoft\Windows\CurrentVersion\Explorer] "ExplorerStartupTraceRecorded"=1 "ShellState"=0x240000003028000000000000000000000000000001000000120000000000000022000000 "CleanShutdown"=0 "link"=0x1E000000 "Browse For Folder Width"=347 "Browse For Folder Height"=288 [HKU\S-1-5-21-1173329608-3597697485-1409086752-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_SearchFiles"=2 "ServerAdminUI"=0 "Hidden"=2 "ShowCompColor"=1 "HideFileExt"=1 "DontPrettyPath"=0 "ShowInfoTip"=1 "HideIcons"=0 "MapNetDrvBtn"=0 "WebView"=1 "Filter"=0 "SuperHidden"=0 "SeparateProcess"=0 "AutoCheckSelect"=0 "IconsOnly"=0 "ShowTypeOverlay"=1 "ListviewAlphaSelect"=1 "ListviewShadow"=1 "TaskbarAnimations"=1 "StartMenuInit"=4 "Start_ShowMyGames"=0 "TaskbarSizeMove"=1 "DisablePreviewDesktop"=0 "TaskbarSmallIcons"=0 "TaskbarGlomLevel"=0 [HKU\S-1-5-21-1173329608-3597697485-1409086752-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\WordWheelQuery] "MRUListEx"=0x160000001500000014000000130000001200000011000000100000000F0000000E0000000D0000000C0000000B0000000A00000009000000080000000700000006000000050000000400000003000000020000000100000000000000FFFFFFFF "0"=0x680070002000770065006200630061006D000000 "1"=0x62006100720072007200650020006400650020006C0061006E006700750065000000 "2"=0x690064000000 "3"=0x59006F00750067006F0073006C0061007600690065000000 "4"=0x2706440645062E060000 "5"=0x63006F006D007000740065000000 "6"=0x4606330627062106200035063A064A06310627062A060000 "7"=0x700068006F0074006F006F000000 "8"=0x7200650063000000 "9"=0x7200650063007500760061000000 "10"=0x63006F007200E900650020006400750020007300750064000000 "11"=0x63006F007200E90065002000640075000000 "12"=0x73006F007500740068000000 "13"=0x7300E9006D0069006E0061006900720065000000 "14"=0x630076000000 "15"=0x43002E00560020004C000000 "16"=0x43002E00560020004C0061006D00690061000000 "17"=0x27064406320646062806420629060000 "18"=0x75000000 "19"=0x6300680069006E0065000000 "20"=0x2706440627062E06480629060000 "21"=0x310038000000 "22"=0x630063006C00650061006E00650072000000 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableVirtualization"=1 "PromptOnSecureDesktop"=1 "ValidateAdminCodeSignatures"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "FilterAdministratorToken"=0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "CheckedValue"=1 "ValueName"=Hidden "DefaultValue"=2 "HKeyRoot"=2147483649 "HelpID"=shell.hlp#51105 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer] "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "BrowserCFCreator"={57f8510b-a5e2-41da-a8f0-8a5ae85dfffd} "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "IconUnderline"=2 "GlobalAssocChangedCounter"=96 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "TaskbarSizeMove"=0 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s ---------- | Winlogon [HKU\S-1-5-21-1173329608-3597697485-1409086752-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin "BuildNumber"=7601 "FirstLogon"=0 "ParseAutoexec"=1 [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "ReportBootOk"=1 "Shell"=explorer.exe "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "Userinit"=C:\Windows\system32\userinit.exe, "VMApplet"=SystemPropertiesPerformance.exe /pagefile "AutoRestartShell"=1 "Background"=0 0 0 "CachedLogonsCount"=10 "DebugServerCommand"=no "ForceUnlockLogon"=0 "LegalNoticeCaption"= "LegalNoticeText"= "PasswordExpiryWarning"=5 "PowerdownAfterShutdown"=0 "ShutdownWithoutLogon"=0 "WinStationsDisabled"=0 "DisableCAD"=1 "scremoveoption"=0 "ShutdownFlags"=43 ---------- | Associations [HKLM\Software\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\Classes\.com] ""=comfile [HKLM\Software\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.reg] ""=regfile [HKLM\Software\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\Classes\.scr] ""=scrfile [HKLM\Software\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\Classes\.bat] ""=batfile [HKLM\Software\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.cmd] ""=cmdfile [HKLM\Software\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.pif] ""=piffile [HKLM\Software\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.inf] ""=inffile [HKLM\Software\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\Classes\.url] ""=InternetShortcut [HKLM\Software\Classes\.lnk] ""=lnkfile [HKLM\Software\Classes\.hta] "PerceivedType"=text ""=htafile "Content Type"=application/hta [HKLM\Software\Classes\htafile\Shell\Open\Command] ""=C:\Windows\System32\mshta.exe "%1" %* [HKLM\Software\Classes\InternetShortcut] "NeverShowExt"= "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "EditFlags"=2 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "FriendlyTypeName"=@C:\Windows\system32\ieframe.dll,-10046 "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment ""=Raccourci Internet [HKLM\Software\Classes\Application.Manifest] ""=Application Manifest "EditFlags"=65536 "BrowserFlags"=4096 "FriendlyTypeName"=@dfshim.dll,-200 [HKLM\Software\Classes\Application.Reference] "NeverShowExt"= ""=Application Reference "IsShortcut"= "EditFlags"=131072 "FriendlyTypeName"=@dfshim.dll,-201 [HKLM\Software\Classes\Folder] "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeLayoutPatternForSearch"=alpha "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay ""=Folder "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.ItemTypeText [HKLM\Software\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\Shell\open\Command] ""="C:\Program Files\Mozilla Firefox\firefox.exe" [HKLM\Software\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\InstallInfo] "ReinstallCommand"="C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\Clients\StartMenuInternet\Google Chrome\Shell\open\Command] ""="C:\Program Files\Google\Chrome\Application\chrome.exe" [HKLM\Software\Clients\StartMenuInternet\Google Chrome\InstallInfo] "ReinstallCommand"="C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""=C:\Program Files\Internet Explorer\iexplore.exe [24/02/2017 22:06:26] [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall ---------- | AppcompatFlags [HKU\S-1-5-21-1173329608-3597697485-1409086752-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted] "SIGN.MEDIA=6578C78 xyz\Double Click\Office et PDF\Adobe Reader Final.exe"=1 "SIGN.MEDIA=20E730 xyz\Double Click\Utilitaires\WinRAR.5\wrar51b4.exe"=1 "SIGN.MEDIA=54596 xyz\By Issaem MCD\DriverPackSolution.exe"=1 "SIGN.MEDIA=8272EC xyz\Double Click\Utilitaires\flashplayer14_install_win_pi.exe"=1 "SIGN.MEDIA=AA860663 xyz\Double Click\Multimedia\vlc-2.1.3-win32.exe"=1 "SIGN.MEDIA=6025D8D xyz\Double Click\Internet\Firefox Setup 29.0.1.exe"=1 "SIGN.MEDIA=6025D8D xyz\Double Click\Internet\SkypeSetupFull.exe"=1 "SIGN.MEDIA=1A784C office 2013\setup.exe"=1 "SIGN.MEDIA=6025D8D xyz\Double Click\Internet\GoogleChromeFinal.exe"=1 "SIGN.MEDIA=4C05C xyz\Double Click\Office et PDF\Microsoft Office 2007 French Pro Plus\SETUP.EXE"=1 "C:\Program Files\Calibre2\calibre.exe"=1 "D:\Administrateur\Mes documents\Downloads\Programs\free-youtube-download_free_youtube_download_3.0.22_francais_72314.exe"=1 "D:\Administrateur\Mes documents\Downloads\Programs\ADE_2.0_Installer (1).exe"=1 "SIGN.MEDIA=BBF9C4 setup.exe"=1 "C:\Program Files\InstallShield Installation Information\{06ADE2A0-E46A-4A84-A211-64CF50520185}\setup.exe"=1 "C:\Users\ABL\Downloads\ViberSetup.exe"=1 "C:\Users\ABL\Downloads\MEGAsyncSetup.exe"=1 "C:\Program Files\Common Files\DVDVideoSoft\Uninstall.exe"=32 "C:\Users\ABL\Downloads\Opera_52.0.2871.64_Setup.exe"=1 "C:\Users\ABL\Downloads\Firefox Installer.exe"=1 ---------- | IFEO ---------- | Mountpoints2 [HKU\S-1-5-21-1173329608-3597697485-1409086752-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\G] : G:\Auto.exe (AutoRun) [HKU\S-1-5-21-1173329608-3597697485-1409086752-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{2e136b26-1099-11e6-b131-70f395dc99f5}] : G:\autorun.exe (AutoRun) [HKU\S-1-5-21-1173329608-3597697485-1409086752-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{77dddae2-0fee-11e6-a49a-70f395dc99f5}] : G:\autorun.exe (AutoRun) [HKU\S-1-5-21-1173329608-3597697485-1409086752-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{8152bf29-dd9f-11e6-bcc1-70f395dc99f5}] : G:\Auto.exe (AutoRun) ---------- | Windows [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "SwapMouseButtons"=#USR:Control Panel\Mouse "Beep"=#USR:Control Panel\Sound "DoubleClickSpeed"=#USR:Control Panel\Mouse "CoolSwitch"=USR:Control Panel\Desktop "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse ""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows "Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems] "windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ---------- | Security center [HKLM\SOFTWARE\Microsoft\Security Center] "cval"=1 [HKLM\SOFTWARE\Microsoft\Security Center\svc] "VistaSp1"=128920209537502489 "AntiVirusOverride"=0 "AntiSpywareOverride"=0 "FirewallOverride"=0 [HKLM\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=0 "DisableRoutinelyTakingAction"=0 "ProductStatus"=0 "InstallTime"=0x69B2E7499862D101 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall"=1 ---------- | Safeboot [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] ---------- | Winsock (Whitelist) ---------- | Hosts 127.0.0.1 genuine.microsoft.com 127.0.0.1 mpa.one.microsoft.com 127.0.0.1 sls.microsoft.com ---------- | Ping Envoi d'une requ?te 'ping' sur google.com [216.58.198.14] avec 32 octets de donn?es?: R?ponse de 216.58.198.14?: octets=32 temps=60 ms TTL=54 R?ponse de 216.58.198.14?: octets=32 temps=59 ms TTL=54 R?ponse de 216.58.198.14?: octets=32 temps=59 ms TTL=54 R?ponse de 216.58.198.14?: octets=32 temps=194 ms TTL=54 Statistiques Ping pour 216.58.198.14: Paquets?: envoy?s = 4, re?us = 4, perdus = 0 (perte 0%), Dur?e approximative des boucles en millisecondes : Minimum = 59ms, Maximum = 194ms, Moyenne = 93ms ---------- | @ [HKU\S-1-5-21-1173329608-3597697485-1409086752-1000\Software\Microsoft\Internet Explorer\Main] "Disable Script Debugger"=yes "Anchor Underline"=yes "Cache_Update_Frequency"=Once_Per_Session "Display Inline Images"=yes "Do404Search"=0x01000000 "Local Page"=C:\Windows\system32\blank.htm "Save_Session_History_On_Exit"=no "Show_FullURL"=no "Show_StatusBar"=yes "Show_ToolBar"=yes "Show_URLinStatusBar"=yes "Show_URLToolBar"=yes "Use_DlgBox_Colors"=yes "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "XMLHTTP"=1 "NoUpdateCheck"=1 "DisableScriptDebuggerIE"=yes "UseClearType"=no "Enable Browser Extensions"=yes "Play_Background_Sounds"=yes "Play_Animations"=yes "Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157 "ImageStoreRandomFolder"=bla1yhw "OperationalData"=5 "CompatibilityFlags"=0 "FullScreen"=no "Window_Placement"=0x2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF2300000023000000780300007B020000 "Start Page_TIMESTAMP"=0x6B227394A6A4D101 "SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy"= "IE10RunOnceLastShown"=1 "IE10RunOnceLastShown_TIMESTAMP"=0x3E41585CA512D301 "IE10TourShown"=1 "IE10TourShownTime"=0xB0CD695CA512D301 "DoNotTrack"=1 "IE10RunOncePerInstallCompleted"=1 "IE10RunOnceCompletionTime"=0x8D55FBD1B7BFD301 "DefSpellLang"=fr-FR [HKU\S-1-5-21-1173329608-3597697485-1409086752-1000\Software\Microsoft\Windows\CurrentVersion\Internet settings] "IE5_UA_Backup_Flag"=5.0 "User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32) "EmailName"=User@ "PrivDiscUiShown"=1 "EnableHttp1_1"=1 "WarnOnIntranet"=1 "MimeExclusionListForCache"=multipart/mixed multipart/x-mixed-replace multipart/x-byteranges "AutoConfigProxy"=wininet.dll "UseSchannelDirectly"=0x01000000 "WarnOnPost"=0x01000000 "UrlEncoding"=0 "SecureProtocols"=2688 "PrivacyAdvanced"=0 "ZonesSecurityUpgrade"=0x3B0D8874FE87D101 "DisableCachingOfSSLPages"=0 "WarnonZoneCrossing"=0 "CertificateRevocation"=1 "EnableNegotiate"=1 "MigrateProxy"=1 "ProxyEnable"=0 [HKLM\Software\Microsoft\Internet Explorer\Main] "AutoHide"=yes "Security Risk Page"=about:SecurityRisk "Extensions Off Page"=about:NoAdd-ons "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Anchor_Visitation_Horizon"=0x01000000 "Cache_Percent_of_Disk"=0x0A000000 "Placeholder_Width"=0x1A000000 "Placeholder_Height"=0x1A000000 "Default_Secondary_Page_URL"= "Use_Async_DNS"=yes "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Local Page"=C:\Windows\System32\blank.htm "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "Check_Associations"=yes "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "x86AppPath"=C:\Program Files\Internet Explorer\IEXPLORE.EXE [HKLM\Software\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "InPrivate"=res://ieframe.dll/inprivate_win7.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "Home"=270 "PostNotCached"=res://ieframe.dll/repost.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm "Compat"=res://mshtml.dll/compat.htm [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes] "mosaic"=http:// "www"=http:// "home"=http:// "ftp"=ftp:// [HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings] "EnablePunycode"=1 "CodeBaseSearchPath"=CODEBASE "WarnOnIntranet"=1 "MinorVersion"=0 "ActiveXCache"=C:\Windows\Downloaded Program Files ---------- | Proxy ---------- | reparsepoint ---------- | Detection of offsets ---------- | Notify [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] : igfxdev.dll ---------- | Execution FileExts ---------- | SIOI | SEH | URLSH [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending)] - {056D528D-CE28-4194-9BA3-BA2E9197FF8C} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced)] - {05B38830-F4E9-4329-978B-1DD28605D202} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing)] - {0596C850-7BDD-4C9D-AFDF-873BE6890637} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} -- %SystemRoot%\system32\EhStorShell.dll [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Offline Files] - {4E77131D-3629-431c-9818-C5679DC83E81} -- %SystemRoot%\System32\cscui.dll [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SharingPrivate] - {08244EE6-92F0-47f2-9FC9-929BAA2E7235} -- %SystemRoot%\system32\ntshrui.dll [HKU\S-1-5-21-1173329608-3597697485-1409086752-1000\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks] "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"= ---------- | Toolbar [HKU\S-1-5-21-1173329608-3597697485-1409086752-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "Locked"=1 "ShowDiscussionButton"=Yes [HKU\S-1-5-21-1173329608-3597697485-1409086752-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} "DefaultPackCorrection"=1 "DefaultPackNTCorrection"=1 "KnownProvidersUpgradeTime"=0xE3007758A512D301 "DownloadRetries"=1 "Version"=4 "UpgradeTime"=0x28CCDAE3A512D301 [HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{001032CB-B0AC-4F2C-A650-AD4B2B26E5DA}"= [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} ---------- | Extensions [HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}] : () - [] ---------- | SearchScopes [HKU\S-1-5-21-1173329608-3597697485-1409086752-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (Bing) - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : ---------- | Browser Helper Objects [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03993315-5CE9-4F00-8790-D14A94F1D91A}] -> (Kaspersky Protection) : C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.1\IEExt\ie_plugin.dll [22/12/2015 03:47:46] ---------- | Chrome C:\Users\ABL\AppData\Local\Google\Chrome\User Data\Default\extensions\aohghmighlieiainnegkcijnfilokake = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\ABL\AppData\Local\Google\Chrome\User Data\Default\extensions\apdfllckaahabafndbhieahigkjlhalf = : Google & co - https://drive.google.com/?usp=chrome_app - Google & co - [http://docs.google.com/http://drive.google.com/https://docs.google.com/https://drive.google.com/] - https://clients2.google.com/service/update2/crx C:\Users\ABL\AppData\Local\Google\Chrome\User Data\Default\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo = : Google & co - http://www.youtube.com - http://www.youtube.com - Google & co - http://clients2.google.com/service/update2/crx C:\Users\ABL\AppData\Local\Google\Chrome\User Data\Default\extensions\coobgpohoikkiipiblmjeljniedjpjpf = : Google & co - http://www.google.com/webhp?source=search_app - Google & co - [*://www.google.com/search*://www.google.com/webhp*://www.google.com/imgres] - http://clients2.google.com/service/update2/crx C:\Users\ABL\AppData\Local\Google\Chrome\User Data\Default\extensions\fcfenmboojpjinhpgggodefccipikbpd = : MSN Homepage & Bing Search Engine - short_name: __MSG_ExtnName__ - https://clients2.google.com/service/update2/crx C:\Users\ABL\AppData\Local\Google\Chrome\User Data\Default\extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi = : __MSG_extDesc__ - __MSG_extName__ - https://clients2.google.com/service/update2/crx C:\Users\ABL\AppData\Local\Google\Chrome\User Data\Default\extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl = : Quickly access Skype for Web and Share on Skype through your browser - Skype - https://clients2.google.com/service/update2/crx C:\Users\ABL\AppData\Local\Google\Chrome\User Data\Default\extensions\lpeeaghdjmhlakojjcgfdhgcejdaefmi = : __MSG_ExtensionDescription__ - __MSG_ExtensionName__ - https://clients2.google.com/service/update2/crx C:\Users\ABL\AppData\Local\Google\Chrome\User Data\Default\extensions\nmmhkkegccagdldgiimedpiccmgmieda = : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx C:\Users\ABL\AppData\Local\Google\Chrome\User Data\Default\extensions\pjkljhegncpnkpknbcohdijeoejaedia = : Google & co - https://mail.google.com/mail/ca - Google & co - [*://mail.google.com/mail/ca] - http://clients2.google.com/service/update2/crx C:\Users\ABL\AppData\Local\Google\Chrome\User Data\Default\extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm = : Provider for discovery and services for mirroring of Chrome Media Router - Chrome Media Router - 919648714761-55j965o0km033psv3i9qls5mo3qtdrb0.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx C:\Users\ABL\AppData\Local\Google\Chrome\User Data\Profile 1\extensions\aeifanonhefcaphaeeknpklkfnjjmpec = : Interactive audio lessons and games for studying French - http://www.tresbienfrench.com/ - short_name: Learn French - [http://www.tresbienfrench.com/] - https://clients2.google.com/service/update2/crx C:\Users\ABL\AppData\Local\Google\Chrome\User Data\Profile 1\extensions\apdfllckaahabafndbhieahigkjlhalf = : Google & co - https://drive.google.com/?usp=chrome_app - Google & co - [http://docs.google.com/http://drive.google.com/https://docs.google.com/https://drive.google.com/] - https://clients2.google.com/service/update2/crx C:\Users\ABL\AppData\Local\Google\Chrome\User Data\Profile 1\extensions\bhaonknplhhecdgjpphnooeomecgipkc = : Shape your photos the way you want in seconds - http://www.getloupe.com/create?r=gc - Loupe Collage - [http://www.getloupe.com/create] - https://clients2.google.com/service/update2/crx C:\Users\ABL\AppData\Local\Google\Chrome\User Data\Profile 1\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo = : Google & co - http://www.youtube.com - http://www.youtube.com - Google & co - http://clients2.google.com/service/update2/crx C:\Users\ABL\AppData\Local\Google\Chrome\User Data\Profile 1\extensions\cfhdojbkjhnklbpkdaibdccddilifddb = : __MSG_description__ - short_name: __MSG_name__ - permissions:[tabs\u003Call_urls>contextMenuswebRequestwebRequestBlockingwebNavigationstorageunlimitedStoragenotifications] - https://clients2.google.com/service/update2/crx C:\Users\ABL\AppData\Local\Google\Chrome\User Data\Profile 1\extensions\coobgpohoikkiipiblmjeljniedjpjpf = : Google & co - http://www.google.com/webhp?source=search_app - Google & co - [*://www.google.com/search*://www.google.com/webhp*://www.google.com/imgres] - http://clients2.google.com/service/update2/crx C:\Users\ABL\AppData\Local\Google\Chrome\User Data\Profile 1\extensions\ddflbhlhphojgjenkeoigncnolnmmbcn = : Google & co - http://atavi.com/browser-themes/?from=chrome-themes&tid=island_of_love - short_name: Awesome theme for Atavi.com - [http://atavi.com/browser-themes/] - https://clients2.google.com/service/update2/crx C:\Users\ABL\AppData\Local\Google\Chrome\User Data\Profile 1\extensions\docbkfambadmgbpfgcnccfkanheehpab = : Study English with Authentic Videos. Paid App with free demo. - https://english.yabla.com/ - short_name: Yabla English - [https://english.yabla.com/] - https://clients2.google.com/service/update2/crx C:\Users\ABL\AppData\Local\Google\Chrome\User Data\Profile 1\extensions\epadnjldocmkadjbopkanclaamocokoo = : __MSG_extDesc__ - http://www.busuu.com/ - __MSG_extName__ - [http://www.busuu.com/] - http://clients2.google.com/service/update2/crx C:\Users\ABL\AppData\Local\Google\Chrome\User Data\Profile 1\extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi = : __MSG_extDesc__ - __MSG_extName__ - https://clients2.google.com/service/update2/crx C:\Users\ABL\AppData\Local\Google\Chrome\User Data\Profile 1\extensions\gighmmpiobklfepjocnamgkkbiglidom = : __MSG_description__ - short_name: __MSG_name__ - permissions:[tabs\u003Call_urls>contextMenuswebRequestwebRequestBlockingwebNavigationstorageunlimitedStoragenotificationsidlealarms] - https://clients2.google.com/service/update2/crx C:\Users\ABL\AppData\Local\Google\Chrome\User Data\Profile 1\extensions\hfeonckpgplpefbagdnejdgokiihhifm = : Apprendre quelque chose de nouveau! - http://www.lepetiterudit.com/ - short_name: Le Petit Érudit - [http://www.lepetiterudit.com/] - https://clients2.google.com/service/update2/crx C:\Users\ABL\AppData\Local\Google\Chrome\User Data\Profile 1\extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl = : Quickly access Skype for Web and Share on Skype through your browser - Skype - https://clients2.google.com/service/update2/crx C:\Users\ABL\AppData\Local\Google\Chrome\User Data\Profile 1\extensions\lpeeaghdjmhlakojjcgfdhgcejdaefmi = : __MSG_ExtensionDescription__ - __MSG_ExtensionName__ - https://clients2.google.com/service/update2/crx C:\Users\ABL\AppData\Local\Google\Chrome\User Data\Profile 1\extensions\mdgdbmohcdjfbglkepkiaabaieenhhhc = : Look up and translate the word under your mouse to your native language. Can work with Phonetically Intuitive English (PIE). - Word Translator - permissions:[tabs\u003Call_urls>] - https://clients2.google.com/service/update2/crx C:\Users\ABL\AppData\Local\Google\Chrome\User Data\Profile 1\extensions\nipmhcphldahmaffcapambikpnmdpbka = : Educational resource for world maps atlases and in-depth geography information - http://www.appmonestry.com/apps/map/index.html - World Map - [http://www.appmonestry.com/apps/map/index.html] - https://clients2.google.com/service/update2/crx C:\Users\ABL\AppData\Local\Google\Chrome\User Data\Profile 1\extensions\nmmhkkegccagdldgiimedpiccmgmieda = : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx C:\Users\ABL\AppData\Local\Google\Chrome\User Data\Profile 1\extensions\pjkljhegncpnkpknbcohdijeoejaedia = : Google & co - https://mail.google.com/mail/ca - Google & co - [*://mail.google.com/mail/ca] - http://clients2.google.com/service/update2/crx C:\Users\ABL\AppData\Local\Google\Chrome\User Data\Profile 1\extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm = : Provider for discovery and services for mirroring of Chrome Media Router - Chrome Media Router - 919648714761-55j965o0km033psv3i9qls5mo3qtdrb0.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx C:\Users\ABL\AppData\Local\Google\Chrome\User Data\Profile 1\extensions\pmcdjmebmeoobmdghjbjhbifoocbcmaj = : Interactive audio lessons and games for studying Spanish - http://www.queondaspanish.com/ - short_name: Learn Spanish - [http://www.queondaspanish.com/] - https://clients2.google.com/service/update2/crx C:\Users\Invité\AppData\Local\Google\Chrome\User Data\Default\extensions\aapocclcgogkmnckokdopfmhonfmgoek = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\Invité\AppData\Local\Google\Chrome\User Data\Default\extensions\aohghmighlieiainnegkcijnfilokake = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\Invité\AppData\Local\Google\Chrome\User Data\Default\extensions\apdfllckaahabafndbhieahigkjlhalf = : Google & co - https://drive.google.com/?usp=chrome_app - Google & co - [http://docs.google.com/http://drive.google.com/https://docs.google.com/https://drive.google.com/] - https://clients2.google.com/service/update2/crx C:\Users\Invité\AppData\Local\Google\Chrome\User Data\Default\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo = : Google & co - http://www.youtube.com - http://www.youtube.com - Google & co - http://clients2.google.com/service/update2/crx C:\Users\Invité\AppData\Local\Google\Chrome\User Data\Default\extensions\felcaaldnbdncclmgdcncolpebgiejap = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\Invité\AppData\Local\Google\Chrome\User Data\Default\extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi = : __MSG_extDesc__ - __MSG_extName__ - https://clients2.google.com/service/update2/crx C:\Users\Invité\AppData\Local\Google\Chrome\User Data\Default\extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl = : Quickly access Skype for Web and Share on Skype through your browser - Skype - https://clients2.google.com/service/update2/crx C:\Users\Invité\AppData\Local\Google\Chrome\User Data\Default\extensions\lpeeaghdjmhlakojjcgfdhgcejdaefmi = : __MSG_ExtensionDescription__ - __MSG_ExtensionName__ - https://clients2.google.com/service/update2/crx C:\Users\Invité\AppData\Local\Google\Chrome\User Data\Default\extensions\nmmhkkegccagdldgiimedpiccmgmieda = : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx C:\Users\Invité\AppData\Local\Google\Chrome\User Data\Default\extensions\pjkljhegncpnkpknbcohdijeoejaedia = : Google & co - https://mail.google.com/mail/ca - Google & co - [*://mail.google.com/mail/ca] - http://clients2.google.com/service/update2/crx C:\Users\Invité\AppData\Local\Google\Chrome\User Data\Default\extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm = : Provider for discovery and services for mirroring of Chrome Media Router - Chrome Media Router - 919648714761-55j965o0km033psv3i9qls5mo3qtdrb0.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx [HKU\S-1-5-21-1173329608-3597697485-1409086752-1000\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd] [HKLM\Software\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl] [HKLM\Software\Google\Chrome\Extensions\lpeeaghdjmhlakojjcgfdhgcejdaefmi] ---------- | Opera ---------- | Firefox [HKLM\Software\mozilla\Firefox\Extensions] "light_plugin_8B78A3E0B2874D708E89F783B0DB2AFB@kaspersky.com"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.1\FFExt\light_plugin_firefox\addon.xpi [HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE] - () : disabled [HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3] - (Google Update) : C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9] - (Google Update) : C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3] - (VLC Multimedia Plugin) : C:\Program Files\VideoLAN\VLC\npvlc.dll [HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.1] - (VLC Multimedia Plugin) : C:\Program Files\VideoLAN\VLC\npvlc.dll [HKLM\Software\MozillaPlugins\Adobe Reader] - (Handles PDFs in-place in Firefox) : C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll C:\Users\ABL\AppData\Roaming\Mozilla\Firefox\Profiles\mo3yazn9.default-1486151431729-1524257915771\Prefs.js user_pref("browser.startup.homepage_override.buildID", "20180323154952"); user_pref("browser.startup.homepage_override.mstone", "59.0.2"); user_pref("extensions.blocklist.pingCountVersion", 0); user_pref("extensions.databaseSchema", 24); user_pref("extensions.getAddons.databaseSchema", 5); user_pref("extensions.lastAppVersion", "59.0.2"); user_pref("extensions.lastPlatformVersion", "59.0.2"); user_pref("extensions.pendingOperations", false); user_pref("extensions.shield-recipe-client.first_run", false); user_pref("extensions.systemAddonSet", "{\"schema\":1,\"addons\":{}}"); user_pref("extensions.webextensions.uuids", "{\"screenshots@mozilla.org\":\"022174fc-28c3-478f-bc13-a6a11cc235e7\"}"); C:\Users\ABL\AppData\Roaming\Mozilla\Firefox\Profiles\wgiomkek.default-1486151431729\Prefs.js user_pref("browser.startup.homepage_override.buildID", "20180323154952"); user_pref("browser.startup.homepage_override.mstone", "59.0.2"); user_pref("e10s.rollout.cohort", "webextensions-multiBucket4"); user_pref("extensions.blocklist.pingCountTotal", 15); user_pref("extensions.blocklist.pingCountVersion", 2); user_pref("extensions.bootstrappedAddons", "{\"light_plugin_ACF0E80077C511E59DED005056C00008@kaspersky.com\":{\"version\":\"4.6.3.23\",\"type\":\"webextension\",\"multiprocessCompatible\":false,\"descriptor\":\"C:\\\\Program Files\\\\Kaspersky Lab\\\\Kaspersky Internet Security 16.0.1\\\\FFExt\\\\light_plugin_firefox\\\\addon.xpi\"}}"); user_pref("extensions.databaseSchema", 24); user_pref("extensions.e10s.rollout.blocklist", ""); user_pref("extensions.e10s.rollout.hasAddon", true); user_pref("extensions.e10s.rollout.policy", "50allmpc"); user_pref("extensions.e10sBlockedByAddons", false); user_pref("extensions.e10sMultiBlockedByAddons", false); user_pref("extensions.getAddons.cache.lastUpdate", 1513199631); user_pref("extensions.getAddons.databaseSchema", 5); user_pref("extensions.hotfix.lastVersion", "20170302.01"); user_pref("extensions.lastAppBuildId", "20180323154952"); user_pref("extensions.lastAppVersion", "59.0.2"); user_pref("extensions.lastPlatformVersion", "59.0.2"); user_pref("extensions.light_plugin_ACF0E80077C511E59DED005056C00008@kaspersky.com.sdk.baseURI", "resource://light_plugin_acf0e80077c511e59ded005056c00008-at-kaspersky-dot-com/"); user_pref("extensions.light_plugin_ACF0E80077C511E59DED005056C00008@kaspersky.com.sdk.domain", "light_plugin_acf0e80077c511e59ded005056c00008-at-kaspersky-dot-com"); user_pref("extensions.light_plugin_ACF0E80077C511E59DED005056C00008@kaspersky.com.sdk.load.reason", "startup"); user_pref("extensions.light_plugin_ACF0E80077C511E59DED005056C00008@kaspersky.com.sdk.rootURI", "jar:file:///C:/Program%20Files/Kaspersky%20Lab/Kaspersky%20Internet%20Security%2016.0.1/FFExt/light_plugin_firefox/addon.xpi!/"); user_pref("extensions.light_plugin_ACF0E80077C511E59DED005056C00008@kaspersky.com.sdk.version", "4.6.3.15"); user_pref("extensions.pendingOperations", false); user_pref("extensions.shield-recipe-client.first_run", false); user_pref("extensions.shield-recipe-client.startupExperimentMigrated", true); user_pref("extensions.shield-recipe-client.user_id", "9535e8ca-fe6d-40c5-98be-7e2cd7d76d7d"); user_pref("extensions.systemAddonSet", "{\"schema\":1,\"addons\":{}}"); user_pref("extensions.webextensions.uuids", "{\"light_plugin_ACF0E80077C511E59DED005056C00008@kaspersky.com\":\"3b6efb0e-4766-4389-9903-13d0c6045b24\",\"screenshots@mozilla.org\":\"cb3d413c-abd4-4771-9287-7364e2257c0a\"}"); [Profile0] - Name=default-1486151431729 -> Profiles/mo3yazn9.default-1486151431729-1524257915771 ---------- | DNS [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters] "DhcpNameServer"=192.168.1.1 0.0.0.0 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{7DCA2CA6-F93C-496C-AFD4-35FBFBEA9B26}] "DhcpNameServer"=192.168.1.1 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{D88B9BF1-4D6F-4D94-8B77-6E8B8873093C}] "DhcpNameServer"=192.168.1.1 0.0.0.0 [HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{7DCA2CA6-F93C-496C-AFD4-35FBFBEA9B26}] "DhcpNameServer"=192.168.1.1 [HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{D88B9BF1-4D6F-4D94-8B77-6E8B8873093C}] "DhcpNameServer"=192.168.1.1 0.0.0.0 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{7DCA2CA6-F93C-496C-AFD4-35FBFBEA9B26}] "DhcpNameServer"=192.168.1.1 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{D88B9BF1-4D6F-4D94-8B77-6E8B8873093C}] "DhcpNameServer"=192.168.1.1 0.0.0.0 ---------- | Applications [HKU\S-1-5-21-1173329608-3597697485-1409086752-1000\SOFTWARE\Classes\Applications\POWERPNT.EXE] : "C:\Program Files\Microsoft Office\Office12\POWERPNT.EXE" "%1" [HKLM\SOFTWARE\Classes\Applications\ehshell.exe] : "C:\Windows\eHome\ehshell.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\iexplore.exe" %1 [HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\Classes\Applications\ois.exe] : C:\PROGRA~1\MICROS~1\Office12\OIS.EXE /shellOpen "%1" [HKLM\SOFTWARE\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1 [HKLM\SOFTWARE\Classes\Applications\vlc.exe] : "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "%1" [HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" ---------- | SvcHost (Whitelist) [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost] "regsvc"=RemoteRegistry "DcomLaunch"=Power PlugPlay DcomLaunch "secsvcs"=WinDefend "bthsvcs"=bthserv "PeerDist"=PeerDistSvc ---------- | SvcHost - Netsvcs (Whitelist) ---------- | Software [HKU\S-1-5-21-1173329608-3597697485-1409086752-1000\Software\Adobe] [HKU\S-1-5-21-1173329608-3597697485-1409086752-1000\Software\AppDataLow] [HKU\S-1-5-21-1173329608-3597697485-1409086752-1000\Software\Chromium] [HKU\S-1-5-21-1173329608-3597697485-1409086752-1000\Software\Clients] [HKU\S-1-5-21-1173329608-3597697485-1409086752-1000\Software\drpsu] [HKU\S-1-5-21-1173329608-3597697485-1409086752-1000\Software\DVDVideoSoft] [HKU\S-1-5-21-1173329608-3597697485-1409086752-1000\Software\EasyBoot Systems] [HKU\S-1-5-21-1173329608-3597697485-1409086752-1000\Software\g3n-h@ckm@n] [HKU\S-1-5-21-1173329608-3597697485-1409086752-1000\Software\Google] [HKU\S-1-5-21-1173329608-3597697485-1409086752-1000\Software\IM Providers] [HKU\S-1-5-21-1173329608-3597697485-1409086752-1000\Software\Intel] [HKU\S-1-5-21-1173329608-3597697485-1409086752-1000\Software\KasperskyLab] [HKU\S-1-5-21-1173329608-3597697485-1409086752-1000\Software\Macromedia] [HKU\S-1-5-21-1173329608-3597697485-1409086752-1000\Software\Microsoft] [HKU\S-1-5-21-1173329608-3597697485-1409086752-1000\Software\Mozilla] [HKU\S-1-5-21-1173329608-3597697485-1409086752-1000\Software\MozillaPlugins] [HKU\S-1-5-21-1173329608-3597697485-1409086752-1000\Software\Netscape] [HKU\S-1-5-21-1173329608-3597697485-1409086752-1000\Software\ODBC] [HKU\S-1-5-21-1173329608-3597697485-1409086752-1000\Software\Opera Software] [HKU\S-1-5-21-1173329608-3597697485-1409086752-1000\Software\Piriform] [HKU\S-1-5-21-1173329608-3597697485-1409086752-1000\Software\Policies] [HKU\S-1-5-21-1173329608-3597697485-1409086752-1000\Software\QtProject] [HKU\S-1-5-21-1173329608-3597697485-1409086752-1000\Software\Realtek] [HKU\S-1-5-21-1173329608-3597697485-1409086752-1000\Software\RegisteredApplications] [HKU\S-1-5-21-1173329608-3597697485-1409086752-1000\Software\Skype] [HKU\S-1-5-21-1173329608-3597697485-1409086752-1000\Software\Synaptics] [HKU\S-1-5-21-1173329608-3597697485-1409086752-1000\Software\sysinternals] [HKU\S-1-5-21-1173329608-3597697485-1409086752-1000\Software\Trolltech] [HKU\S-1-5-21-1173329608-3597697485-1409086752-1000\Software\WinRAR] [HKU\S-1-5-21-1173329608-3597697485-1409086752-1000\Software\WinRAR SFX] [HKU\S-1-5-21-1173329608-3597697485-1409086752-1000\SOFTWARE\AppDataLow\Software\Microsoft] [HKU\S-1-5-21-1173329608-3597697485-1409086752-1000\Software\Microsoft\Windows\CurrentVersion] [HKU\S-1-5-21-1173329608-3597697485-1409086752-1000\Software\Microsoft\Windows\DWM] [HKU\S-1-5-21-1173329608-3597697485-1409086752-1000\Software\Microsoft\Windows\Shell] [HKU\S-1-5-21-1173329608-3597697485-1409086752-1000\Software\Microsoft\Windows\TabletPC] [HKU\S-1-5-21-1173329608-3597697485-1409086752-1000\Software\Microsoft\Windows\Windows Error Reporting] [HKU\S-1-5-21-1173329608-3597697485-1409086752-1000\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\Adobe] [HKLM\Software\ATI Technologies] [HKLM\Software\calibre] [HKLM\Software\CBSTEST] [HKLM\Software\Clients] [HKLM\Software\CyberGhost] [HKLM\Software\DVDVideoSoft] [HKLM\Software\EasyBoot Systems] [HKLM\Software\g3n-h@ckm@n] [HKLM\Software\Google] [HKLM\Software\HSPA] [HKLM\Software\IM Providers] [HKLM\Software\InstalledOptions] [HKLM\Software\Intel] [HKLM\Software\KasperskyLab] [HKLM\Software\Macromedia] [HKLM\Software\McAfee.com] [HKLM\Software\Microsoft] [HKLM\Software\Mozilla] [HKLM\Software\mozilla.org] [HKLM\Software\MozillaPlugins] [HKLM\Software\Nuance] [HKLM\Software\ODBC] [HKLM\Software\Opera Software] [HKLM\Software\Policies] [HKLM\Software\Realtek] [HKLM\Software\RegisteredApplications] [HKLM\Software\Skype] [HKLM\Software\Sonic] [HKLM\Software\SRS Labs] [HKLM\Software\Synaptics] [HKLM\Software\sysinternals] [HKLM\Software\VideoLAN] [HKLM\Software\Volatile] [HKLM\Software\WinRAR] [HKLM\Software\WOW6432Node] [HKLM\Software\Microsoft\Windows\CurrentVersion] [HKLM\Software\Microsoft\Windows\Help] [HKLM\Software\Microsoft\Windows\HTML Help] [HKLM\Software\Microsoft\Windows\ITStorage] [HKLM\Software\Microsoft\Windows\ScheduledDiagnostics] [HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\Microsoft\Windows\Tablet PC] [HKLM\Software\Microsoft\Windows\TabletPC] [HKLM\Software\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\Microsoft\Windows\Windows Search] [HKLM\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\AxInstSVGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wcssvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport] ---------- | Drives D: E: ---------- | C: [14/07/2009 03:36:15] - |SHD| - [31377167] - C:\$Recycle.Bin [MD5.D9EBEC6668A6092FCBD1713C347AA5E0] - [14/07/2009 03:04:04] - |A| - (. - .) - [24] - (0.0.0.0) - C:\autoexec.bat [MD5.A6799D0F42122C0D1E28655C10DB2707] - [04/03/2018 20:00:30] - |A| - (. - .) - [30] - (0.0.0.0) - C:\AVScanner.ini [23/06/2016 14:24:55] - |SHD| - [261625] - C:\Config.Msi [MD5.ED4FC5980BD8B1AD869FF725C7776338] - [14/07/2009 03:04:04] - |A| - (. - .) - [10] - (0.0.0.0) - C:\config.sys [14/07/2009 05:53:55] - |SHD| - [0] - C:\Documents and Settings [MD5.D41D8CD98F00B204E9800998ECF8427E] - [08/02/2016 18:41:00] - |ASH| - (. - .) - [1556283392] - (0.0.0.0) - C:\hiberfil.sys [08/02/2016 19:04:28] - |D| - [27858] - C:\Intel [03/03/2018 21:34:16] - |D| - [0] - C:\Macromedia [09/02/2016 17:27:17] - |RHD| - [529153367] - C:\MSOCache [MD5.D41D8CD98F00B204E9800998ECF8427E] - [08/02/2016 18:41:01] - |ASH| - (. - .) - [2075045888] - (0.0.0.0) - C:\pagefile.sys [14/07/2009 03:37:05] - |D| - [0] - C:\PerfLogs [14/07/2009 03:37:05] - |RD| - [2789694244] - C:\Program Files [14/07/2009 03:37:05] - |HD| - [1588555239] - C:\ProgramData [21/04/2018 10:02:04] - |D| - [68698] - C:\QuickDiag [MD5.344180493AD45DA8B61558B334FF21DC] - [21/04/2018 10:02:22] - |A| - (. - .) - [102406] - (0.0.0.0) - C:\QuickDiag.txt [08/02/2016 18:50:51] - |SHD| - [150201734] - C:\Recovery [08/02/2016 18:41:00] - |SHD| - [0] - C:\System Volume Information [14/07/2009 03:37:05] - |RD| - [65485269351] - C:\Users [14/07/2009 03:37:05] - |D| - [17243430426] - C:\Windows ---------- | C:\Windows [14/07/2009 05:52:30] - |D| - [802] - C:\Windows\addins [14/07/2009 03:37:05] - |D| - [5911546] - C:\Windows\AppCompat [14/07/2009 03:37:05] - |D| - [9912584] - C:\Windows\AppPatch [14/07/2009 03:37:05] - |RSD| - [633821150] - C:\Windows\assembly [MD5.DBD14D0DB0382DFE96D7B5007DDD5ABE] - [20/11/2010 22:29:04] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Utilitaire de service de fichier de démarrage.) - [65024] - (6.1.7601.17514) - C:\Windows\bfsvc.exe [14/07/2009 03:37:06] - |D| - [18320680] - C:\Windows\Boot [MD5.84FC0764B9A7588D21EDCD7042B20B26] - [14/07/2009 05:57:37] - |AS| - (. - .) - [67584] - (0.0.0.0) - C:\Windows\bootstat.dat [14/07/2009 03:37:06] - |D| - [3233280] - C:\Windows\Branding [21/11/2010 01:39:46] - |D| - [0] - C:\Windows\CSC [14/07/2009 03:37:06] - |D| - [2113488] - C:\Windows\Cursors [14/07/2009 05:34:21] - |D| - [2814] - C:\Windows\debug [14/07/2009 05:52:30] - |D| - [3042330] - C:\Windows\diagnostics [21/11/2010 01:30:44] - |D| - [0] - C:\Windows\DigitalLocker [14/07/2009 05:52:30] - |D| - [65] - C:\Windows\Downloaded Program Files [21/11/2010 01:39:46] - |D| - [106301103] - C:\Windows\ehome [08/02/2016 19:33:18] - |D| - [24496] - C:\Windows\ELAMBKUP [MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - [26/04/2011 20:14:45] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [2616320] - (6.1.7601.17567) - C:\Windows\explorer.exe [14/07/2009 03:37:06] - |RSD| - [480824263] - C:\Windows\Fonts [21/11/2010 01:30:44] - |D| - [142336] - C:\Windows\fr-FR [MD5.F9202335BBA03A02F084FE588564BBF5] - [14/07/2009 00:12:58] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Utilitaire de service de chiffrement de lecteur BitLocker.) - [13824] - (6.1.7600.16385) - C:\Windows\fveupdate.exe [14/07/2009 03:37:06] - |D| - [21741460] - C:\Windows\Globalization [14/07/2009 03:37:06] - |D| - [41067359] - C:\Windows\Help [MD5.2FF3A32F01DF61836FED59D441D8B9DF] - [14/07/2009 01:12:58] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Aide et support Microsoft.) - [497152] - (6.1.7600.16385) - C:\Windows\HelpPane.exe [MD5.9B90B0C78671A4881D06C91941F6F379] - [14/07/2009 01:12:22] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Exécutable de l’aide HTML Microsoft®.) - [15360] - (6.1.7600.16385) - C:\Windows\hh.exe [14/07/2009 03:37:06] - |D| - [143547244] - C:\Windows\IME [14/07/2009 03:37:06] - |D| - [80103225] - C:\Windows\inf [08/02/2016 18:54:26] - |SHD| - [3149747940] - C:\Windows\Installer [14/07/2009 03:37:06] - |D| - [48371] - C:\Windows\L2Schemas [14/07/2009 03:37:06] - |D| - [0] - C:\Windows\LiveKernelReports [14/07/2009 03:37:06] - |D| - [23313077] - C:\Windows\Logs [14/07/2009 03:37:06] - |RSD| - [13327133] - C:\Windows\Media [MD5.23AF90D2355D8C83AA4567EF1763B467] - [14/07/2009 00:55:01] - |A| - (. - .) - [43131] - (0.0.0.0) - C:\Windows\mib.bin [14/07/2009 03:37:07] - |D| - [512865003] - C:\Windows\Microsoft.NET [14/07/2009 03:37:07] - |D| - [0] - C:\Windows\ModemLogs [MD5.B9FB94A8DA62711C6955825DEFB25C5A] - [14/07/2009 03:04:57] - |A| - (. - .) - [1405] - (0.0.0.0) - C:\Windows\msdfmap.ini [MD5.A4F6DF0E33E644E802C8798ED94D80EA] - [26/03/2016 23:31:26] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Bloc-notes.) - [179712] - (6.1.7601.18917) - C:\Windows\notepad.exe [14/07/2009 05:52:30] - |D| - [65] - C:\Windows\Offline Web Pages [08/02/2016 18:40:16] - |D| - [1143833] - C:\Windows\Panther [09/02/2016 17:33:40] - |D| - [0] - C:\Windows\PCHEALTH [14/07/2009 05:52:30] - |D| - [62128783] - C:\Windows\Performance [MD5.1749EB79AFC88027FFF0775D60741C17] - [20/11/2010 22:48:02] - |A| - (. - .) - [33916] - (0.0.0.0) - C:\Windows\PFRO.log [14/07/2009 03:37:07] - |D| - [1132015] - C:\Windows\PLA [14/07/2009 03:37:07] - |D| - [5799879] - C:\Windows\PolicyDefinitions [08/02/2016 18:41:53] - |D| - [31982951] - C:\Windows\Prefetch [MD5.FFB8B91BD19E5BC10A3344AAF34880F3] - [21/11/2010 01:40:26] - |A| - (. - .) - [53551] - (0.0.0.0) - C:\Windows\Professional.xml [MD5.8A4883F5E7AC37444F23279239553878] - [14/07/2009 00:17:08] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Éditeur du Registre.) - [398336] - (6.1.7600.16385) - C:\Windows\regedit.exe [14/07/2009 03:37:07] - |D| - [21544] - C:\Windows\Registration [14/07/2009 03:37:07] - |D| - [6786832] - C:\Windows\rescache [14/07/2009 03:37:07] - |D| - [1674534] - C:\Windows\Resources [14/07/2009 03:37:07] - |D| - [0] - C:\Windows\SchCache [14/07/2009 03:37:07] - |D| - [55533] - C:\Windows\schemas [14/07/2009 03:37:07] - |D| - [1070380] - C:\Windows\security [14/07/2009 05:34:13] - |D| - [60296114] - C:\Windows\ServiceProfiles [14/07/2009 03:37:07] - |D| - [56424911] - C:\Windows\servicing [14/07/2009 05:34:16] - |D| - [42] - C:\Windows\Setup [MD5.16E4957949DD58C1D08E8FED8F03EFC1] - [05/03/2018 20:24:10] - |A| - (. - .) - [2128] - (0.0.0.0) - C:\Windows\setupact.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - [05/03/2018 20:24:10] - |A| - (. - .) - [0] - (0.0.0.0) - C:\Windows\setuperr.log [21/11/2010 01:39:46] - |D| - [101851] - C:\Windows\ShellNew [08/02/2016 18:44:03] - |D| - [891586900] - C:\Windows\SoftwareDistribution [14/07/2009 03:37:07] - |D| - [70586312] - C:\Windows\Speech [MD5.9060C3C745E7B2D8E1A81DD061021546] - [14/07/2009 05:48:09] - |A| - (. - .) - [48201] - (0.0.0.0) - C:\Windows\Starter.xml [14/07/2009 03:37:07] - |D| - [700380] - C:\Windows\system [MD5.286A9EDB379DC3423A528B0864A0F111] - [14/07/2009 03:04:23] - |A| - (. - .) - [219] - (0.0.0.0) - C:\Windows\system.ini [14/07/2009 03:37:07] - |D| - [3169845326] - C:\Windows\System32 [14/07/2009 03:37:09] - |D| - [15] - C:\Windows\TAPI [14/07/2009 03:37:09] - |D| - [32502] - C:\Windows\Tasks [14/07/2009 03:37:09] - |D| - [81703172] - C:\Windows\Temp [14/07/2009 03:37:09] - |D| - [0] - C:\Windows\tracing [MD5.0BEA3F79A36B1F67B2CE0F595524C77C] - [10/06/2009 22:41:17] - |A| - (. - Twain Source Manager (Image Acquisition Interface).) - [94784] - (1.7.0.0) - C:\Windows\twain.dll [14/07/2009 05:52:30] - |D| - [6144] - C:\Windows\twain_32 [MD5.163A95975E1D8819E653AA3E961371CA] - [20/11/2010 22:29:41] - |A| - (. - Gestionnaire de sources Twain_32 (Image Acquisition Interface).) - [51200] - (1.7.1.3) - C:\Windows\twain_32.dll [MD5.F36A271706EDD23C94956AFB56981184] - [13/07/2009 23:47:26] - |A| - (. - Twain_32.dll Client's 16-Bit Thunking Server.) - [49680] - (1.7.0.0) - C:\Windows\twunk_16.exe [MD5.0BD6E68F3EA0DD62CD86283D86895381] - [14/07/2009 01:14:40] - |A| - (. - Twain.dll Client's 32-Bit Thunking Server.) - [31232] - (1.7.1.0) - C:\Windows\twunk_32.exe [14/07/2009 03:37:09] - |D| - [12420] - C:\Windows\Vss [MD5.B9FBD181D25677E09D88135AE073BFB2] - [25/04/2011 08:24:24] - |A| - (. - .) - [42] - (0.0.0.0) - C:\Windows\W7T.txt [14/07/2009 03:37:09] - |D| - [40681427] - C:\Windows\Web [MD5.E13F489F0B1E52319A86BDD996263F4B] - [14/07/2009 03:04:23] - |A| - (. - .) - [478] - (0.0.0.0) - C:\Windows\win.ini [MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - [14/07/2009 05:41:57] - |RAH| - (. - .) - [749] - (0.0.0.0) - C:\Windows\WindowsShell.Manifest [MD5.7F9DF43A56BD5FAD889895F8D08B9F11] - [08/02/2016 18:44:01] - |A| - (. - .) - [1137195] - (0.0.0.0) - C:\Windows\WindowsUpdate.log [MD5.8E6F7D51A5CB299C25621C6C1AB57E84] - [13/07/2009 21:29:46] - |A| - (.Copyright © Microsoft Corp. 1991-1992 - Windows Help Engine application file.) - [256192] - (3.10.0.425) - C:\Windows\winhelp.exe [MD5.1D420D66250BCAAAED05724FB34008CF] - [14/07/2009 01:12:29] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Relais Windows Winhlp32.) - [9728] - (6.1.7600.16385) - C:\Windows\winhlp32.exe [14/07/2009 03:37:09] - |D| - [7504251106] - C:\Windows\winsxs [MD5.DC17DD0189B0C36D863B4DD0A036C10F] - [10/06/2009 22:34:23] - |A| - (. - .) - [316640] - (0.0.0.0) - C:\Windows\WMSysPr9.prx [MD5.6E8EACC0B339365D79A2C06896865D3D] - [14/07/2009 00:41:00] - |A| - (.© Microsoft Corporation. All rights reserved. - Windows Write.) - [9216] - (6.1.7600.16385) - C:\Windows\write.exe [MD5.B317B33694BAC49D492DD3F23E374899] - [13/07/2009 22:30:30] - |A| - (. - .) - [707] - (0.0.0.0) - C:\Windows\_default.pif ---------- | C:\Windows\System32\GroupPolicy ---------- | Systemroot\System [14/07/2009 00:00:47] - |A| - [69584] - C:\Windows\System\avicap.dll (Copyright © Microsoft Corp. 1992-1994) - (AVI Capture DLL) [14/07/2009 00:00:47] - |A| - [109456] - C:\Windows\System\avifile.dll (Copyright © Microsoft Corp. 1991-2000) - (Microsoft AVI File support library) [13/07/2009 22:41:42] - |A| - [32816] - C:\Windows\System\COMMDLG.DLL (Copyright © Microsoft Corp. 1981-1996) - (Common Dialogs libraries) [13/07/2009 22:41:23] - |A| - [2000] - C:\Windows\System\keyboard.drv (Copyright © Microsoft Corp. 1981-1996) - (WOW Keyboard Driver Module) [13/07/2009 21:29:46] - |A| - [9936] - C:\Windows\System\lzexpand.dll (Copyright © Microsoft Corp. 1989-1992) - (Windows file expansion library) [14/07/2009 00:00:47] - |A| - [73376] - C:\Windows\System\mciavi.drv (Copyright © Microsoft Corp. 1992-1994) - (MCI driver for AVI) [14/07/2009 00:00:47] - |A| - [25264] - C:\Windows\System\mciseq.drv (Copyright © Microsoft Corp. 1991) - (MCI driver for MIDI sequencer) [14/07/2009 00:00:47] - |A| - [28160] - C:\Windows\System\mciwave.drv (Copyright © Microsoft Corp. 1991) - (MCI driver for waveform audio) [13/07/2009 22:41:32] - |A| - [68992] - C:\Windows\System\MMSYSTEM.DLL (Copyright © Microsoft Corp. 1981-1996) - (System APIs for Multimedia) [13/07/2009 22:41:32] - |A| - [1152] - C:\Windows\System\mmtask.tsk (Copyright © Microsoft Corp. 1981-1996) - (Multimedia background task support module) [13/07/2009 22:41:27] - |A| - [2032] - C:\Windows\System\mouse.drv (Copyright © Microsoft Corp. 1981-1996) - (WOW MOUSE Driver Module) [10/06/2009 22:21:50] - |A| - [126912] - C:\Windows\System\msvideo.dll (Copyright © Microsoft Corp. 1992-1994) - (Microsoft Video for Windows DLL) [13/07/2009 21:29:46] - |A| - [82944] - C:\Windows\System\olecli.dll (Copyright © Microsoft Corp. 1991-1993) - (Object Linking and Embedding Client Library) [13/07/2009 22:41:50] - |A| - [24064] - C:\Windows\System\OLESVR.DLL (Copyright © Microsoft Corp. 1991-1996) - (Object Linking and Embedding Server Library) [13/07/2009 22:41:22] - |A| - [5120] - C:\Windows\System\SHELL.DLL (Copyright © Microsoft Corp. 1981-1996) - (Windows Shell library) [13/07/2009 22:41:23] - |A| - [1744] - C:\Windows\System\sound.drv (Copyright © Microsoft Corp. 1981-1996) - (WOW SOUND Driver Module) [13/07/2009 23:00:27] - |A| - [5532] - C:\Windows\System\stdole.tlb (Copyright © Microsoft Corp. 1993-1995) - (OLE 2.1 16/32 Interoperability Type Library) [13/07/2009 22:41:21] - |A| - [3360] - C:\Windows\System\system.drv (Copyright © Microsoft Corp. 1981-1996) - (Windows System Driver core component) [13/07/2009 22:41:39] - |A| - [4048] - C:\Windows\System\TIMER.DRV (Copyright © Microsoft Corp. 1981-1996) - (Timer driver for PC compatibles) [13/07/2009 21:29:46] - |A| - [9008] - C:\Windows\System\ver.dll (Copyright © Microsoft Corp. 1991) - (Version Checking and File Installation Libraries) [13/07/2009 22:41:26] - |A| - [2176] - C:\Windows\System\vga.drv (Copyright © Microsoft Corp. 1981-1996) - (WOW Display Driver Module) [13/07/2009 22:41:45] - |A| - [12704] - C:\Windows\System\WFWNET.DRV (Copyright © Microsoft Corp. 1981-1996) - (Windows for Workgroups network driver) ---------- | Systemroot\Installer (Microsoft Files Whitelisted) [08/04/2016 17:40:55] - C:\Windows\Installer\132551.msi : (calibre Installer - Kovid Goyal) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]