--------------- QuickDiag | g3n-h@ckm@n | V3_01.07.17.1 --------------- ----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 23/08/2017 21:22:25 Updated 01/07/2017 | 11.30 (GMT) by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Time Zone : (UTC+01:00) Bruxelles, Copenhague, Madrid, Paris [camil (Administrator)] - [DESKTOP-791TIIP] (S-1-5-21-1936536703-1594352767-2527930774-1001) System: Microsoft Windows 10 Famille - - (10.0.15063) - BuildType: Multiprocessor Free - OSLanguage: 1036 (040c) -> (1703) System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True Boot : Microsoft Windows 10 Famille|C:\WINDOWS|\Device\Harddisk0\Partition3 Boot : Normal boot PC: 870-222nf - HP - IdNumber: 4CE7141GL9 - UUID: 390C9A72-ED7A-3BCF-737B-0AAD6A3E0E45 Processor : X64 - 3000 Mhz - Intel(R) Core(TM) i5-7400 CPU @ 3.00GHz F.11 - - AMI - S/N: 4CE7141GL9 - F.11 - HPQOEM - 1072009 CoreTemp : 29.8 Celsius ----------| Quick ---------- | SoundDevice Realtek High Definition Audio - Status: OK - Manufacturer: Realtek - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0867&SUBSYS_103C82F1&REV_1000\4&2367F888&0&0001 NVIDIA High Definition Audio - Status: OK - Manufacturer: NVIDIA - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10DE&DEV_0084&SUBSYS_103C82FC&REV_1001\5&29B1A746&0&0001 NVIDIA Virtual Audio Device (Wave Extensible) (WDM) - Status: OK - Manufacturer: NVIDIA - PNPDeviceID: ROOT\UNNAMED_DEVICE\0000 Virtual Audio Cable - Status: OK - Manufacturer: EuMus Design - PNPDeviceID: ROOT\MEDIA\0000 ---------- | Video NVIDIA GeForce GTX 1060 3GB - Resolution: 1920x1080 - Colors: 4294967296 - RefreshRate: 60 - 32 Bits Per Pixel - DeviceID: VideoController1 - Drivers: C:\WINDOWS\System32\DriverStore\FileRepository\nvhdc.inf_amd64_2112cfa205ccb4cd\nvldumdx.dll,C:\WINDOWS\System32\DriverStore\FileRepository\nvhdc.inf_amd64_2112cfa205ccb4cd\nvldumdx.dll,C:\WINDOWS\System32\DriverStore\FileRepository\nvhdc.inf_amd64_2112cfa205ccb4cd\nvldumdx.dll,C:\WINDOWS\System32\DriverStore\FileRepository\nvhdc.inf_amd64_2112cfa205ccb4cd\nvldumdx.dll,C:\WINDOWS\System32\DriverStore\FileRepository\nvhdc.inf_amd64_2112cfa205ccb4cd\nvldumd.dll,C:\WINDOWS\System32\DriverStore\FileRepository\nvhdc.inf_amd64_2112cfa205ccb4cd\nvldumd.dll,C:\WINDOWS\System32\DriverStore\FileRepository\nvhdc.inf_amd64_2112cfa205ccb4cd\nvldumd.dll,C:\WINDOWS\System32\DriverStore\FileRepository\nvhdc.inf_amd64_2112cfa205ccb4cd\nvldumd.dll - PNPDeviceID: PCI\VEN_10DE&DEV_1C02&SUBSYS_82FC103C&REV_A1\4&2F02E7C&0&0008 - AdapterCompatibility: NVIDIA - RAM: -1073741824 Inegrated Video Chipset DeviceName: NVIDIA GeForce GTX 1060 3GB - DriverVersion: 22.21.13.8165 - SpecificationVersion: 1025 ---------- | Codecs c:\windows\system32\msgsm32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 42488 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msvidc32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 38912 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\tsbyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 16896 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 35208 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msrle32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 17920 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\l3codeca.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 84992 - Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK c:\windows\system32\imaadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 35760 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msg711.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 25920 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 28160 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\iyuv_32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 53760 - Manufacturer: Microsoft Corporation - Status: OK ---------- | CPU CPU #1 value:39 % CPU #2 value:69 % CPU #3 value:45 % CPU #4 value:81 % Total Overall CPU Usage value:59 % ---------- | Network Realtek PCIe GBE Family Controller : SENT:0 bytes/sec / RECVD:0 bytes/sec Intel[R] Dual Band Wireless-AC 3168 : SENT:6,301 bytes/sec / RECVD:6,301 bytes/sec Teredo Tunneling Pseudo-Interface : SENT:0 bytes/sec / RECVD:0 bytes/sec Overall -> SEND Maxium:6,301 bytes/sec, / RECEIVE Maximum:6,301 bytes/sec Microsoft Kernel Debug Network Adapter - - Microsoft - Status: - PnPID : ROOT\KDNIC\0000 Realtek PCIe GBE Family Controller - Ethernet 802.3 - Realtek - Status: - PnPID : PCI\VEN_10EC&DEV_8168&SUBSYS_82F1103C&REV_10\01000000684CE00000 Intel(R) Dual Band Wireless-AC 3168 - Ethernet 802.3 - Intel Corporation - Status: - PnPID : PCI\VEN_8086&DEV_24FB&SUBSYS_21108086&REV_10\30E37AFFFFFEE19700 Microsoft Wi-Fi Direct Virtual Adapter - Ethernet 802.3 - Microsoft - Status: - PnPID : {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP_WFD\5&34A10CB9&0&11 Bluetooth Device (RFCOMM Protocol TDI) - - - Status: - PnPID : Bluetooth Device (Personal Area Network) - - - Status: - PnPID : Teredo Tunneling Pseudo-Interface - Tunnel - Microsoft - Status: - PnPID : SWD\IP_TUNNEL_VBUS\TEREDO_TUNNEL_DEVICE WAN Miniport (SSTP) - - - Status: - PnPID : WAN Miniport (IKEv2) - - - Status: - PnPID : WAN Miniport (L2TP) - - - Status: - PnPID : WAN Miniport (PPTP) - - - Status: - PnPID : WAN Miniport (PPPOE) - - - Status: - PnPID : WAN Miniport (IP) - - - Status: - PnPID : WAN Miniport (IPv6) - - - Status: - PnPID : WAN Miniport (Network Monitor) - - - Status: - PnPID : Microsoft Wi-Fi Direct Virtual Adapter - - - Status: - PnPID : RAS Async Adapter - - - Status: - PnPID : ---------- | Memory RAM = Total (MB) : 8327 | Free (MB) : 4413 Pagefile = Total (MB) : 9638 | Free (MB) : 4412 Virtual = Total (MB) : 4194 | Free (MB) : 3930 Physical Memory 1 : Capacity: 8589934592 - XMM3 - Posit.: 0 - Manufacturer: Micron - PartNumber: 8ATF1G64AZ-2G3B1 - S/N: 1425A721 ---------- | SID Users Administrateur : [S-1-5-21-1936536703-1594352767-2527930774-500] camil : [S-1-5-21-1936536703-1594352767-2527930774-1001] DefaultAccount : [S-1-5-21-1936536703-1594352767-2527930774-503] defaultuser0 : [S-1-5-21-1936536703-1594352767-2527930774-1000] HomeGroupUser$ : [S-1-5-21-1936536703-1594352767-2527930774-1005] Invité : [S-1-5-21-1936536703-1594352767-2527930774-501] phild : [S-1-5-21-1936536703-1594352767-2527930774-1002] Philippe & Stéphanie : [S-1-5-21-1936536703-1594352767-2527930774-1003] Administrateurs : [S-1-5-32-544] IIS_IUSRS : [S-1-5-32-568] Invités : [S-1-5-32-546] Lecteurs des journaux d’événements : [S-1-5-32-573] System Managed Accounts Group : [S-1-5-32-581] Utilisateurs : [S-1-5-32-545] Utilisateurs de gestion à distance : [S-1-5-32-580] Utilisateurs de l’Analyseur de performances : [S-1-5-32-558] Utilisateurs du journal de performances : [S-1-5-32-559] Utilisateurs du modèle COM distribué : [S-1-5-32-562] HomeUsers : [S-1-5-21-1936536703-1594352767-2527930774-1004] ---------- | SystemAccounts Name: Tout le monde - SID: S-1-1-0 - SIDType: 5 - Status: OK Name: LOCAL - SID: S-1-2-0 - SIDType: 5 - Status: OK Name: CREATEUR PROPRIETAIRE - SID: S-1-3-0 - SIDType: 5 - Status: OK Name: GROUPE CREATEUR - SID: S-1-3-1 - SIDType: 5 - Status: OK Name: CREATOR OWNER SERVER - SID: S-1-3-2 - SIDType: 5 - Status: OK Name: CREATOR GROUP SERVER - SID: S-1-3-3 - SIDType: 5 - Status: OK Name: DROITS DU PROPRIÉTAIRE - SID: S-1-3-4 - SIDType: 5 - Status: OK Name: LIGNE - SID: S-1-5-1 - SIDType: 5 - Status: OK Name: RESEAU - SID: S-1-5-2 - SIDType: 5 - Status: OK Name: TACHE - SID: S-1-5-3 - SIDType: 5 - Status: OK Name: INTERACTIF - SID: S-1-5-4 - SIDType: 5 - Status: OK Name: SERVICE - SID: S-1-5-6 - SIDType: 5 - Status: OK Name: ANONYMOUS LOGON - SID: S-1-5-7 - SIDType: 5 - Status: OK Name: Proxy - SID: S-1-5-8 - SIDType: 5 - Status: OK Name: Système - SID: S-1-5-18 - SIDType: 5 - Status: OK Name: ENTERPRISE DOMAIN CONTROLLERS - SID: S-1-5-9 - SIDType: 5 - Status: OK Name: SELF - SID: S-1-5-10 - SIDType: 5 - Status: OK Name: Utilisateurs authentifiés - SID: S-1-5-11 - SIDType: 5 - Status: OK Name: RESTRICTED - SID: S-1-5-12 - SIDType: 5 - Status: OK Name: UTILISATEUR TERMINAL SERVER - SID: S-1-5-13 - SIDType: 5 - Status: OK Name: REMOTE INTERACTIVE LOGON - SID: S-1-5-14 - SIDType: 5 - Status: OK Name: IUSR - SID: S-1-5-17 - SIDType: 5 - Status: OK Name: SERVICE LOCAL - SID: S-1-5-19 - SIDType: 5 - Status: OK Name: SERVICE RÉSEAU - SID: S-1-5-20 - SIDType: 5 - Status: OK Name: BUILTIN - SID: S-1-5-32 - SIDType: 3 - Status: OK ---------- | Drives C:\ -> [Fixed] | [Windows] | Total : 919.25 Go | Free : 465.1 Go -> NTFS [SATA] D:\ -> [Fixed] | [RECOVERY] | Total : 11.03 Go | Free : 1.35 Go -> NTFS [SATA] Disk Usage Information [1 total Physical Disks] Physical Drive #0 [C:, D:] : Read:0 bytes/sec, Written:352,939 bytes/sec Max Read:0 bytes/sec, Max Write:352,939 bytes/sec Overall - Read Maximum:0 bytes/sec, Write Maximum:352,939 bytes/sec DeviceID: \\.\PHYSICALDRIVE0 - Status: OK - IDE - Fixed hard disk media - 4 Part. - PnPID : SCSI\DISK&VEN_WDC&PROD_WD10EZEX-60WN4A0\4&8116128&0&000000 ---------- | Windows updates Test 1 : Windows Is Activated ---------- | Browsers IE : 11.0.15063.0 (© Microsoft Corporation. Tous droits réservés.) FF : 54.0.1.6388 (©Firefox and Mozilla Developers; available under the MPL 2 license.) GC : 60.0.3112.101 (Copyright 2016 Google Inc.) Default : "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "" ---------- | FlashPlayer FlashPlayer ActiveX : 26.0.0.151 FlashPlayer Plugin : 26.0.0.131 ---------- | Security AV : Malwarebytes Enabled AS : Windows Defender Disabled FW : WINDOWS Firewall WMI : OK WU: Windows Update Service [Manual(3)] = Running AS: Windows Defender [Manual(3)] = stopped WMI: Windows Management Instrumentation [Auto(2)] = Running ---------- | Running processes 412 | [Owner : Système | Parent : 4(System) | ?????] - (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (10.0.15063.0) = C:\Windows\System32\smss.exe [18/03/2017 22:57:38] CPU Usage:0 % 596 | [Owner : Système | Parent : 548() | ?????] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (10.0.15063.0) = C:\Windows\System32\csrss.exe [18/03/2017 22:57:38] CPU Usage:0 % 688 | [Owner : Système | Parent : 548() | ?????] - (.Microsoft Corporation - Application de démarrage de Windows.) - (10.0.15063.502) = C:\Windows\System32\wininit.exe [14/08/2017 17:56:36] CPU Usage:0 % 700 | [Owner : Système | Parent : 680() | ?????] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (10.0.15063.0) = C:\Windows\System32\csrss.exe [18/03/2017 22:57:38] CPU Usage:0 % 764 | [Owner : Système | Parent : 688(wininit.exe) | ?????] - (.Microsoft Corporation - Applications Services et Contrôleur.) - (10.0.15063.502) = C:\Windows\System32\services.exe [14/08/2017 17:56:52] CPU Usage:0 % 772 | [Owner : Système | Parent : 688(wininit.exe) | 10.24 Mo] - (.Microsoft Corporation - Local Security Authority Process.) - (10.0.15063.483) = C:\Windows\System32\lsass.exe [12/07/2017 12:10:45] CPU Usage:0 % 856 | [Owner : Système | Parent : 680() | 2.2 Mo] - (.Microsoft Corporation - Application d’ouverture de session Windows.) - (10.0.15063.483) = C:\Windows\System32\winlogon.exe [12/07/2017 12:10:42] CPU Usage:0 % 956 | [Owner : Système | Parent : 764(services.exe) | 0.53 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 980 | [Owner : UMFD-1 | Parent : 856(winlogon.exe) | 4.14 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.15063.483) = C:\Windows\System32\fontdrvhost.exe [12/07/2017 12:10:29] CPU Usage:0 % 984 | [Owner : UMFD-0 | Parent : 688(wininit.exe) | 0.7 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.15063.483) = C:\Windows\System32\fontdrvhost.exe [12/07/2017 12:10:29] CPU Usage:0 % 1004 | [Owner : Système | Parent : 764(services.exe) | 16.12 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 508 | [Owner : SERVICE RÉSEAU | Parent : 764(services.exe) | 9.12 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 916 | [Owner : Système | Parent : 764(services.exe) | 2.96 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 1088 | [Owner : DWM-1 | Parent : 856(winlogon.exe) | 36.61 Mo] - (.Microsoft Corporation - Gestionnaire de fenêtres du Bureau.) - (10.0.15063.0) = C:\Windows\System32\dwm.exe [18/03/2017 22:58:21] CPU Usage:0 % 1208 | [Owner : Système | Parent : 764(services.exe) | 7.85 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 1256 | [Owner : Système | Parent : 764(services.exe) | 1.34 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 1264 | [Owner : Système | Parent : 764(services.exe) | 4.52 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 1296 | [Owner : SERVICE LOCAL | Parent : 764(services.exe) | 4.08 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 1312 | [Owner : SERVICE LOCAL | Parent : 764(services.exe) | 13.05 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 1460 | [Owner : Système | Parent : 764(services.exe) | 2.1 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 1484 | [Owner : Système | Parent : 764(services.exe) | 4.43 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 1496 | [Owner : SERVICE LOCAL | Parent : 764(services.exe) | 8.17 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 1600 | [Owner : SERVICE LOCAL | Parent : 764(services.exe) | 4.68 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 1664 | [Owner : SERVICE LOCAL | Parent : 764(services.exe) | 3.21 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 1724 | [Owner : SERVICE RÉSEAU | Parent : 764(services.exe) | 5.35 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 1748 | [Owner : Système | Parent : 764(services.exe) | 1.38 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 1756 | [Owner : SERVICE LOCAL | Parent : 764(services.exe) | 3.92 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 1840 | [Owner : Système | Parent : 764(services.exe) | 1.03 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 1852 | [Owner : SERVICE LOCAL | Parent : 764(services.exe) | 4.84 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 1896 | [Owner : Système | Parent : 764(services.exe) | 2.24 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 1904 | [Owner : SERVICE LOCAL | Parent : 764(services.exe) | 2.93 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 1660 | [Owner : SERVICE LOCAL | Parent : 764(services.exe) | 8.64 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 2088 | [Owner : Système | Parent : 764(services.exe) | 1.07 Mo] - (.Realtek Semiconductor - Realtek Audio Service.) - (1.0.0.77) = C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [06/04/2017 09:39:10] CPU Usage:0 % 2116 | [Owner : Système | Parent : 764(services.exe) | 9.35 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 2204 | [Owner : SERVICE LOCAL | Parent : 764(services.exe) | 2.01 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 2212 | [Owner : SERVICE RÉSEAU | Parent : 764(services.exe) | 4.65 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 2224 | [Owner : SERVICE LOCAL | Parent : 764(services.exe) | 3.85 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 2404 | [Owner : Système | Parent : 764(services.exe) | 4.14 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 2428 | [Owner : Système | Parent : 764(services.exe) | 2.51 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 2484 | [Owner : Système | Parent : 764(services.exe) | 5.97 Mo] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.15063.0) = C:\Windows\System32\spoolsv.exe [18/03/2017 22:58:24] CPU Usage:0 % 2544 | [Owner : SERVICE RÉSEAU | Parent : 764(services.exe) | 2.76 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 2844 | [Owner : Système | Parent : 2088(RtkAudioService64.exe) | 3.48 Mo] - (.Realtek Semiconductor - HD Audio Background Process.) - (1.0.0.251) = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [06/04/2017 09:39:07] CPU Usage:0 % 2856 | [Owner : Système | Parent : 764(services.exe) | 1.81 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 2864 | [Owner : Système | Parent : 764(services.exe) | 2.08 Mo] - (.Adobe Systems, Incorporated - Adobe Genuine Software Integrity Service.) - (4.2.0.574) = C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [03/03/2016 02:59:34] CPU Usage:0 % 2872 | [Owner : Système | Parent : 764(services.exe) | 1.43 Mo] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - (1.824.23.7067) = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [19/07/2017 23:50:40] CPU Usage:0 % 2880 | [Owner : Système | Parent : 764(services.exe) | 1.79 Mo] - (.NVIDIA Corporation - NVIDIA GeForce ExperienceService.) - (2.11.4.0) = C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [06/04/2017 09:41:44] CPU Usage:0 % 2892 | [Owner : Système | Parent : 764(services.exe) | 1.38 Mo] - (.HP Development Company, L.P. - HP WMI Service.) - (1.2.4.0) = C:\Program Files (x86)\HP\HPPhoenixCtrl\HPWMISVC.exe [16/06/2016 14:24:38] CPU Usage:0 % 2900 | [Owner : Système | Parent : 2088(RtkAudioService64.exe) | 3.51 Mo] - (.Realtek Semiconductor - HD Audio Background Process.) - (1.0.0.251) = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [06/04/2017 09:39:07] CPU Usage:0 % 2908 | [Owner : SERVICE LOCAL | Parent : 764(services.exe) | 17.94 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 2916 | [Owner : Système | Parent : 764(services.exe) | 19.86 Mo] - (.Microsoft Corporation - Microsoft Office Click-to-Run (SxS).) - (16.0.8326.2076) = C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe [06/04/2017 08:09:15] CPU Usage:0 % 2924 | [Owner : SERVICE RÉSEAU | Parent : 764(services.exe) | 7.38 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 2932 | [Owner : Système | Parent : 764(services.exe) | 2.48 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 2940 | [Owner : Système | Parent : 764(services.exe) | 0.78 Mo] - (.Intel Corporation - Intel(R) Wireless Bluetooth(R) iBtSiva Service.) - (19.60.0.3) = C:\Windows\System32\ibtsiva.exe [13/04/2017 20:27:02] CPU Usage:0 % 2952 | [Owner : Système | Parent : 764(services.exe) | 15.2 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 2960 | [Owner : Système | Parent : 764(services.exe) | 1.23 Mo] - (.Apple Inc. - Bonjour Service.) - (3.0.0.10) = C:\Program Files\Bonjour\mDNSResponder.exe [30/08/2011 23:05:32] CPU Usage:0 % 3016 | [Owner : Système | Parent : 764(services.exe) | 5.2 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\SysWOW64\svchost.exe [18/03/2017 22:58:48] CPU Usage:0 % 3060 | [Owner : Système | Parent : 764(services.exe) | 2.2 Mo] - (.Microsoft Corporation - Windows IP Over USB PC Service.) - (10.0.15063.137) = C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [30/03/2017 00:52:02] CPU Usage:0 % 3068 | [Owner : SERVICE LOCAL | Parent : 764(services.exe) | 4.85 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 2436 | [Owner : Système | Parent : 764(services.exe) | 2.26 Mo] - (.Intel Corporation - Intel® Ready Mode Technology Service.) - (1.1.70.528) = C:\Program Files\Intel\Intel(R) Ready Mode Technology\IRMTService.exe [13/10/2016 11:18:28] CPU Usage:0 % 2184 | [Owner : Système | Parent : 764(services.exe) | 10.51 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 3080 | [Owner : Système | Parent : 764(services.exe) | 3.6 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 3088 | [Owner : SERVICE LOCAL | Parent : 764(services.exe) | 0.59 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 3096 | [Owner : Système | Parent : 764(services.exe) | 5.31 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.2.0.0) = C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [07/07/2017 20:33:23] CPU Usage:0 % 3120 | [Owner : Système | Parent : 764(services.exe) | 1.88 Mo] - (.NVIDIA Corporation - NVIDIA Network Service.) - (2.4.13.69) = C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [06/04/2017 09:41:41] CPU Usage:0 % 3168 | [Owner : Système | Parent : 764(services.exe) | 5.09 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 3208 | [Owner : SERVICE LOCAL | Parent : 764(services.exe) | 0.61 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 3220 | [Owner : Système | Parent : 764(services.exe) | ?????] - (.Microsoft Corporation - Windows Security Health Service.) - (4.11.15063.483) = C:\Windows\System32\SecurityHealthService.exe [12/07/2017 12:11:25] CPU Usage:0 % 3236 | [Owner : Système | Parent : 764(services.exe) | 88.69 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 3244 | [Owner : SERVICE LOCAL | Parent : 764(services.exe) | 2.04 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 3344 | [Owner : Système | Parent : 764(services.exe) | 9.03 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 3352 | [Owner : Système | Parent : 764(services.exe) | 0.76 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 3384 | [Owner : Système | Parent : 764(services.exe) | 7.5 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 3612 | [Owner : SERVICE LOCAL | Parent : 764(services.exe) | 0.65 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 3692 | [Owner : Système | Parent : 3096(NVDisplay.Container.exe) | 9.34 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.2.0.0) = C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [07/07/2017 20:33:23] CPU Usage:0 % 4432 | [Owner : Système | Parent : 764(services.exe) | 9.26 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 4440 | [Owner : SERVICE LOCAL | Parent : 2932(svchost.exe) | 10.57 Mo] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (10.0.15063.0) = C:\Windows\System32\dasHost.exe [18/03/2017 22:57:46] CPU Usage:0 % 4504 | [Owner : SERVICE LOCAL | Parent : 764(services.exe) | 4.54 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 4652 | [Owner : Système | Parent : 764(services.exe) | 4.94 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\SysWOW64\svchost.exe [18/03/2017 22:58:48] CPU Usage:0 % 4668 | [Owner : Système | Parent : 764(services.exe) | 5.44 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 4888 | [Owner : Système | Parent : 764(services.exe) | 131.06 Mo] - (.Malwarebytes - Malwarebytes Service.) - (3.1.0.479) = C:\Users\camil\Desktop\Anti-Malware\MBAMService.exe [23/08/2017 11:23:22] CPU Usage:0 % 5212 | [Owner : SERVICE LOCAL | Parent : 764(services.exe) | 2.37 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 5284 | [Owner : SERVICE LOCAL | Parent : 764(services.exe) | 0.61 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 5292 | [Owner : SERVICE LOCAL | Parent : 764(services.exe) | 0.98 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 5328 | [Owner : SERVICE LOCAL | Parent : 764(services.exe) | 0.94 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 5444 | [Owner : SERVICE LOCAL | Parent : 764(services.exe) | 5.71 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 5508 | [Owner : Système | Parent : 764(services.exe) | 1.67 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 5572 | [Owner : SERVICE LOCAL | Parent : 764(services.exe) | 0.71 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 5604 | [Owner : SERVICE LOCAL | Parent : 764(services.exe) | 4.48 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 5764 | [Owner : SERVICE LOCAL | Parent : 764(services.exe) | 5.84 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 5180 | [Owner : Système | Parent : 764(services.exe) | 1.03 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 5316 | [Owner : SERVICE RÉSEAU | Parent : 764(services.exe) | 0.79 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 6260 | [Owner : SERVICE LOCAL | Parent : 764(services.exe) | 6.12 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 6712 | [Owner : Système | Parent : 1004(svchost.exe) | 2.07 Mo] - (.Microsoft Corporation - COM Surrogate.) - (10.0.15063.0) = C:\Windows\System32\dllhost.exe [18/03/2017 22:58:21] CPU Usage:0 % 6320 | [Owner : Système | Parent : 764(services.exe) | 7.83 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 708 | [Owner : Système | Parent : 6480() | 3.76 Mo] - (.Dropbox, Inc. - Dropbox Update.) - (1.3.27.73) = C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [06/04/2017 08:08:30] CPU Usage:0 % 4712 | [Owner : Système | Parent : 764(services.exe) | 4.05 Mo] - (.HP Inc. - CommRecovery.) - (1.0.0.29) = C:\Program Files\HPCommRecovery\HPCommRecovery.exe [06/04/2017 08:08:38] CPU Usage:0 % 3884 | [Owner : Système | Parent : 3196() | 0.58 Mo] - (.Google Inc. - Google Crash Handler.) - (1.3.33.5) = C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe [16/07/2017 12:21:17] CPU Usage:0 % 5304 | [Owner : Système | Parent : 3196() | 0.28 Mo] - (.Google Inc. - Google Crash Handler.) - (1.3.33.5) = C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe [16/07/2017 12:21:17] CPU Usage:0 % 6620 | [Owner : Système | Parent : 764(services.exe) | 3.13 Mo] - (.HP Inc. - HP JumpStart Bridge.) - (1.3.0.407) = C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [23/05/2017 13:34:50] CPU Usage:0 % 300 | [Owner : Système | Parent : 764(services.exe) | 2.93 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 1768 | [Owner : Système | Parent : 764(services.exe) | 3.36 Mo] - (.HP Inc. - HP Support Solutions Framework Service.) - (8.7.27.15) = C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [22/09/2016 02:48:22] CPU Usage:0 % 2492 | [Owner : Système | Parent : 764(services.exe) | 11.8 Mo] - (.Intel Corporation - IAStorDataSvc.) - (15.2.0.1020) = C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [20/09/2016 11:04:30] CPU Usage:0 % 2280 | [Owner : Système | Parent : 764(services.exe) | 1.37 Mo] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host Interface.) - (11.6.0.1030) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [14/09/2016 20:23:42] CPU Usage:0 % 2176 | [Owner : Système | Parent : 764(services.exe) | 1.68 Mo] - (.Intel Corporation - Intel(R) Local Management Service.) - (11.6.0.1030) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [14/09/2016 20:25:54] CPU Usage:0 % 6948 | [Owner : SERVICE LOCAL | Parent : 764(services.exe) | 5.92 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 4380 | [Owner : Système | Parent : 764(services.exe) | 24.02 Mo] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.15063.413) = C:\Windows\System32\SearchIndexer.exe [08/06/2017 12:43:11] CPU Usage:0 % 5568 | [Owner : SERVICE RÉSEAU | Parent : 764(services.exe) | 6.18 Mo] - (.Microsoft Corporation - Service Partage réseau du Lecteur Windows Media.) - (12.0.15063.0) = C:\Program Files\Windows Media Player\wmpnetwk.exe [20/03/2017 07:10:51] CPU Usage:0 % 4500 | [Owner : SERVICE LOCAL | Parent : 764(services.exe) | 5.96 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 5828 | [Owner : Système | Parent : 764(services.exe) | 15.51 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 6496 | [Owner : Système | Parent : 764(services.exe) | 8.4 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 3832 | [Owner : SERVICE LOCAL | Parent : 764(services.exe) | 1.02 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 6516 | [Owner : Système | Parent : 764(services.exe) | 0.84 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 8144 | [Owner : Système | Parent : 1004(svchost.exe) | 5.53 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.15063.0) = C:\Windows\System32\wbem\WmiPrvSE.exe [18/03/2017 22:58:01] CPU Usage:0 % 1964 | [Owner : camil | Parent : 1484(svchost.exe) | 15.49 Mo] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.15063.0) = C:\Windows\System32\sihost.exe [18/03/2017 22:58:10] CPU Usage:0 % 2108 | [Owner : camil | Parent : 764(services.exe) | 4.85 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 2068 | [Owner : camil | Parent : 764(services.exe) | 16.1 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 4460 | [Owner : Système | Parent : 764(services.exe) | 8.99 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 5492 | [Owner : camil | Parent : 1208(svchost.exe) | 9.26 Mo] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.15063.0) = C:\Windows\System32\taskhostw.exe [18/03/2017 22:57:57] CPU Usage:0 % 7708 | [Owner : camil | Parent : 1208(svchost.exe) | 0.33 Mo] - (.-.) - (0.0.0.0) = C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe [23/09/2016 16:29:24] CPU Usage:0 % 7664 | [Owner : camil | Parent : 5076() | 86.42 Mo] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.15063.447) = C:\Windows\explorer.exe [12/07/2017 12:10:41] CPU Usage:0 % 5472 | [Owner : Système | Parent : 764(services.exe) | 3 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 368 | [Owner : camil | Parent : 1004(svchost.exe) | 78.88 Mo] - (.Microsoft Corporation - Search and Cortana application.) - (10.0.15063.332) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [08/06/2017 12:43:14] CPU Usage:0 % 524 | [Owner : camil | Parent : 1004(svchost.exe) | 82.88 Mo] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.15063.0) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [18/03/2017 22:56:41] CPU Usage:0 % 7792 | [Owner : camil | Parent : 1004(svchost.exe) | 32.02 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.15063.0) = C:\Windows\System32\RuntimeBroker.exe [18/03/2017 22:58:01] CPU Usage:0 % 1452 | [Owner : camil | Parent : 1004(svchost.exe) | 7.59 Mo] - (.Microsoft Corporation - Reminders WinRT OOP Server.) - (10.0.15063.0) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe [18/03/2017 22:59:06] CPU Usage:0 % 6512 | [Owner : camil | Parent : 1004(svchost.exe) | 0.7 Mo] - (.-.) - (11.19.856.0) = C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe [23/08/2017 06:03:07] CPU Usage:0 % 6652 | [Owner : camil | Parent : 1004(svchost.exe) | 2.73 Mo] - (.Microsoft Corporation - Host Process for Setting Synchronization.) - (10.0.15063.250) = C:\Windows\System32\SettingSyncHost.exe [08/06/2017 12:43:11] CPU Usage:0 % 4972 | [Owner : camil | Parent : 764(services.exe) | 20.3 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 7368 | [Owner : camil | Parent : 3692(NVDisplay.Container.exe) | 6.38 Mo] - (.NVIDIA Corporation - NVIDIA Settings.) - (7.17.13.8165) = C:\Program Files\NVIDIA Corporation\Display\nvtray.exe [08/07/2017 17:05:03] CPU Usage:0 % 2336 | [Owner : camil | Parent : 7368(nvtray.exe) | 7.3 Mo] - (.NVIDIA Corporation - NVIDIA Backend.) - (20.16.6.0) = C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [06/04/2017 09:41:42] CPU Usage:0 % 11612 | [Owner : camil | Parent : 7664(explorer.exe) | 3.16 Mo] - (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) - (1.0.584.0) = C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [06/04/2017 09:39:10] CPU Usage:0 % 11864 | [Owner : camil | Parent : 7664(explorer.exe) | 6.12 Mo] - (.Malwarebytes - Malwarebytes Tray Application.) - (3.0.0.1068) = C:\Users\camil\Desktop\Anti-Malware\mbamtray.exe [23/08/2017 11:23:20] CPU Usage:0 % 11896 | [Owner : camil | Parent : 7664(explorer.exe) | 34.76 Mo] - (.Valve Corporation - Steam Client Bootstrapper.) - (4.5.78.60) = C:\Program Files (x86)\Steam\Steam.exe [23/07/2016 01:36:30] CPU Usage:0 % 12116 | [Owner : camil | Parent : 7664(explorer.exe) | 1.06 Mo] - (.Guillaume Ryder (http://utilfr42.free.fr) - Clavier+.) - (10.7.1.0) = C:\Users\camil\AppData\Local\Clavier+\Clavier.exe [16/07/2017 12:23:58] CPU Usage:0 % 12188 | [Owner : camil | Parent : 7664(explorer.exe) | 1.03 Mo] - (.Google - Backup and Sync from Google.) - (3.35.5978.2967) = C:\Program Files (x86)\Google\Drive\googledrivesync.exe [21/06/2017 21:13:56] CPU Usage:0 % 12280 | [Owner : camil | Parent : 7664(explorer.exe) | 1.54 Mo] - (.Spotify Ltd - SpotifyWebHelper.) - (1.0.60.492) = C:\Users\camil\AppData\Roaming\Spotify\SpotifyWebHelper.exe [01/08/2017 13:13:58] CPU Usage:0 % 3468 | [Owner : camil | Parent : 7664(explorer.exe) | 4.44 Mo] - (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) - (140.0.297.0) = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [29/04/2011 19:08:34] CPU Usage:0 % 6456 | [Owner : camil | Parent : 7340() | 1.89 Mo] - (.HP Inc. - HP Message Service.) - (1.4.8.0) = C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [11/01/2016 12:15:32] CPU Usage:0 % 11720 | [Owner : Système | Parent : 764(services.exe) | 1.49 Mo] - (.Disc Soft Ltd - Disc Soft Bus Service Lite.) - (10.6.0.275) = C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [03/07/2017 12:07:36] CPU Usage:0 % 312 | [Owner : camil | Parent : 7664(explorer.exe) | 1.41 Mo] - (.Elias Fotinis - DeskPins application.) - (1.30.0.0) = C:\Program Files (x86)\DeskPins\DeskPins.exe [02/05/2004 19:02:51] CPU Usage:0 % 1524 | [Owner : camil | Parent : 7340() | 1.77 Mo] - (.Adobe Systems Inc. - AcroTray.) - (11.0.20.17) = C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe [27/07/2017 07:29:24] CPU Usage:0 % 1780 | [Owner : camil | Parent : 7340() | 1.55 Mo] - (.Hewlett-Packard - hpwuSchd Application.) - (80.1.1.0) = C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [30/05/2013 14:50:10] CPU Usage:0 % 3316 | [Owner : camil | Parent : 7340() | 1.51 Mo] - (.Oracle Corporation - Java Update Scheduler.) - (2.8.141.15) = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [12/07/2017 05:34:44] CPU Usage:0 % 3736 | [Owner : camil | Parent : 7340() | 6.05 Mo] - (.-.) - (1.0.0.128) = C:\Program Files (x86)\MS200 GAMING MOUSE\rssmon.exe [25/07/2017 13:42:01] CPU Usage:0 % 6932 | [Owner : camil | Parent : 3468(hpqtra08.exe) | 2.87 Mo] - (.Hewlett-Packard Co. - HP CUE Status Root.) - (140.0.342.0) = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe [29/04/2011 11:34:02] CPU Usage:0 % 11728 | [Owner : camil | Parent : 1004(svchost.exe) | 1.71 Mo] - (.Hewlett-Packard Co. - HP CUE Alert Popup Window Objects.) - (140.0.411.0) = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe [29/04/2011 11:33:58] CPU Usage:0 % 1716 | [Owner : camil | Parent : 1004(svchost.exe) | 2.35 Mo] - (.Hewlett-Packard - GPCore COM object.) - (130.0.14.16) = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe [29/04/2011 17:01:04] CPU Usage:0 % 5908 | [Owner : camil | Parent : 12188(googledrivesync.exe) | 34.2 Mo] - (.Google - Backup and Sync from Google.) - (3.35.5978.2967) = C:\Program Files (x86)\Google\Drive\googledrivesync.exe [21/06/2017 21:13:56] CPU Usage:0 % 6328 | [Owner : camil | Parent : 11896(Steam.exe) | 16.79 Mo] - (.Valve Corporation - Steam Client WebHelper.) - (4.5.78.60) = C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe [07/07/2017 20:48:15] CPU Usage:0 % 12172 | [Owner : Système | Parent : 764(services.exe) | 3.59 Mo] - (.Valve Corporation - Steam Client Service.) - (4.5.78.60) = C:\Program Files (x86)\Common Files\Steam\SteamService.exe [07/07/2017 20:36:31] CPU Usage:0 % 12808 | [Owner : camil | Parent : 1208(svchost.exe) | 3.99 Mo] - (.HP Inc. - HPAudioSwitch.) - (1.0.138.0) = C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [04/10/2016 17:17:06] CPU Usage:0 % 13300 | [Owner : camil | Parent : 7664(explorer.exe) | 763.18 Mo] - (.Mozilla Corporation - Firefox.) - (54.0.1.6388) = C:\Program Files (x86)\Mozilla Firefox\firefox.exe [07/07/2017 20:29:38] CPU Usage:4 % 8476 | [Owner : camil | Parent : 12568() | 138.59 Mo] - (.Microsoft Corporation - Microsoft .NET Services Installation Utility.) - (4.7.2046.0) = C:\Users\camil\fdsye.exe [01/08/2017 19:06:58] CPU Usage:0 % 11012 | [Owner : camil | Parent : 1004(svchost.exe) | 2.35 Mo] - (.Microsoft Corporation - System Settings Broker.) - (10.0.15063.0) = C:\Windows\System32\SystemSettingsBroker.exe [18/03/2017 22:58:07] CPU Usage:0 % 11184 | [Owner : SERVICE LOCAL | Parent : 764(services.exe) | 1.98 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 10516 | [Owner : SERVICE LOCAL | Parent : 764(services.exe) | 3.22 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 8716 | [Owner : camil | Parent : 1004(svchost.exe) | 32.74 Mo] - (.Microsoft Corporation - Application Frame Host.) - (10.0.15063.0) = C:\Windows\System32\ApplicationFrameHost.exe [18/03/2017 22:58:23] CPU Usage:0 % 8872 | [Owner : camil | Parent : 1004(svchost.exe) | 59.16 Mo] - (.Microsoft Corporation - Microsoft Outlook.) - (16.0.8400.4099) = C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8400.40995.0_x64__8wekyb3d8bbwe\HxOutlook.exe [22/08/2017 09:32:27] CPU Usage:0 % 9760 | [Owner : camil | Parent : 1004(svchost.exe) | 41.35 Mo] - (.Microsoft Corporation - Microsoft Outlook Communications.) - (16.0.8400.4099) = C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8400.40995.0_x64__8wekyb3d8bbwe\HxTsr.exe [22/08/2017 09:32:27] CPU Usage:0 % 10888 | [Owner : camil | Parent : 1004(svchost.exe) | 40.78 Mo] - (.Microsoft Corporation - Paramètres.) - (10.0.15063.502) = C:\Windows\ImmersiveControlPanel\SystemSettings.exe [14/08/2017 17:56:33] CPU Usage:0 % 10720 | [Owner : camil | Parent : 1004(svchost.exe) | 36.01 Mo] - (.-.) - (10.1706.1707.5002) = C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1706.1862.0_x64__8wekyb3d8bbwe\Calculator.exe [21/07/2017 07:45:24] CPU Usage:0 % 8880 | [Owner : camil | Parent : 1004(svchost.exe) | 56.47 Mo] - (.Microsoft Corporation - Store.) - (11706.1001.26.0) = C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1001.26.0_x64__8wekyb3d8bbwe\WinStore.App.exe [25/07/2017 11:28:34] CPU Usage:0 % 9484 | [Owner : camil | Parent : 1004(svchost.exe) | 9.14 Mo] - (.Microsoft Corporation - COM Surrogate.) - (10.0.15063.0) = C:\Windows\System32\dllhost.exe [18/03/2017 22:58:21] CPU Usage:0 % 12064 | [Owner : camil | Parent : 7664(explorer.exe) | 103.27 Mo] - (.Spotify Ltd - Spotify.) - (1.0.60.492) = C:\Users\camil\AppData\Roaming\Spotify\Spotify.exe [01/08/2017 13:13:57] CPU Usage:0 % 7476 | [Owner : camil | Parent : 12064(Spotify.exe) | 30.71 Mo] - (.Spotify Ltd - Spotify.) - (1.0.60.492) = C:\Users\camil\AppData\Roaming\Spotify\Spotify.exe [01/08/2017 13:13:57] CPU Usage:0 % 9908 | [Owner : camil | Parent : 12064(Spotify.exe) | 71.03 Mo] - (.Spotify Ltd - Spotify.) - (1.0.60.492) = C:\Users\camil\AppData\Roaming\Spotify\Spotify.exe [01/08/2017 13:13:57] CPU Usage:0 % 6568 | [Owner : camil | Parent : 6328(steamwebhelper.exe) | 28.66 Mo] - (.Valve Corporation - Steam Client WebHelper.) - (4.5.78.60) = C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe [07/07/2017 20:48:15] CPU Usage:0 % 3176 | [Owner : camil | Parent : 12064(Spotify.exe) | 206.81 Mo] - (.Spotify Ltd - Spotify.) - (1.0.60.492) = C:\Users\camil\AppData\Roaming\Spotify\Spotify.exe [01/08/2017 13:13:57] CPU Usage:0 % 7296 | [Owner : camil | Parent : 7664(explorer.exe) | 99.74 Mo] - (.-.) - (0.0.0.0) = C:\Program Files (x86)\obs-studio\bin\64bit\obs64.exe [22/06/2017 10:47:56] CPU Usage:6 % 9200 | [Owner : SERVICE LOCAL | Parent : 1660(svchost.exe) | 31.16 Mo] - (.Microsoft Corporation - Isolation graphique de périphérique audio Windows.) - (10.0.15063.447) = C:\Windows\System32\audiodg.exe [12/07/2017 12:10:19] CPU Usage:0 % 4548 | [Owner : camil | Parent : 7664(explorer.exe) | 19.08 Mo] - (.-.) - (0.0.0.0) = C:\Users\camil\Documents\AudioRouter-0.10.2\Audio Router.exe [07/07/2017 21:17:13] CPU Usage:0 % 11332 | [Owner : camil | Parent : 7664(explorer.exe) | 8.18 Mo] - (.Microsoft Corporation - Processus hôte Windows (Rundll32).) - (10.0.15063.0) = C:\Windows\System32\rundll32.exe [18/03/2017 22:58:29] CPU Usage:0 % 2200 | [Owner : camil | Parent : 7664(explorer.exe) | 130.8 Mo] - (.Code::Blocks Team - Code::Blocks IDE.) - (16.1.0.0) = C:\Program Files (x86)\CodeBlocks\codeblocks.exe [25/01/2016 23:11:20] CPU Usage:0 % 10532 | [Owner : Système | Parent : 764(services.exe) | 10.75 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 4088 | [Owner : camil | Parent : 7664(explorer.exe) | 37.28 Mo] - (.SosVirus - QuickDiag.) - (1.7.17.1) = C:\Users\camil\Desktop\QuickDiag.exe [23/08/2017 21:20:22] CPU Usage:0 % 6860 | [Owner : Système | Parent : 764(services.exe) | 5.51 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 9388 | [Owner : camil | Parent : 1004(svchost.exe) | 8.44 Mo] - (.Microsoft Corporation - COM Surrogate.) - (10.0.15063.0) = C:\Windows\System32\dllhost.exe [18/03/2017 22:58:21] CPU Usage:0 % 7120 | [Owner : camil | Parent : 1004(svchost.exe) | 9.22 Mo] - (.Microsoft Corporation - SmartScreen.) - (10.0.15063.332) = C:\Windows\System32\smartscreen.exe [08/06/2017 12:43:11] CPU Usage:0 % 8608 | [Owner : Système | Parent : 764(services.exe) | 6.82 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 11480 | [Owner : Système | Parent : 764(services.exe) | 5.42 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 212 | [Owner : SERVICE RÉSEAU | Parent : 1004(svchost.exe) | 9.47 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.15063.0) = C:\Windows\SysWOW64\wbem\WmiPrvSE.exe [18/03/2017 22:58:50] CPU Usage:0 % ---------- | MD5 [MD5.CA3BF0F15BA4F24D511BFEE725CC89BD] - [12/07/2017 12:10:41] - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [4733.81 Ko] - (10.0.15063.447) : C:\WINDOWS\Explorer.exe [MD5.94912C1D73ADE68F2486ED4D8EA82DE6] - [18/03/2017 22:57:50] - (.© Microsoft Corporation. Tous droits réservés. - Interpréteur de commandes Windows.) - [265.5 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\cmd.exe [MD5.31E45CAA8E7035ECD47E96A7377BE975] - [18/03/2017 22:57:38] - (.© Microsoft Corporation. Tous droits réservés. - Processus d’exécution client-serveur.) - [17.28 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\csrss.exe [MD5.2D29C0AFCC8225AFF6637F7362C22960] - [18/03/2017 22:58:21] - (.© Microsoft Corporation. - COM Surrogate.) - [20.91 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\dllhost.exe [MD5.90224339656D3CFEC43150209B4CD38E] - [08/06/2017 12:43:11] - (.© Microsoft Corporation. Tous droits réservés. - DLL du client API BASE Windows NT.) - [692.1 Ko] - (10.0.15063.296) : C:\WINDOWS\System32\Kernel32.dll [MD5.9936F9E94C6E3F47A158D7BFF020575A] - [12/07/2017 12:10:45] - (.© Microsoft Corporation. - Local Security Authority Process.) - [57.12 Ko] - (10.0.15063.483) : C:\WINDOWS\System32\lsass.exe [MD5.0E79A4C76CAAA0CFE9CA42C13E5AA086] - [08/06/2017 12:43:11] - (.© Microsoft Corporation. - Distributed COM Services.) - [1060 Ko] - (10.0.15063.296) : C:\WINDOWS\System32\rpcss.dll [MD5.ECB702B8C5650381C0784F1EEABB97BC] - [18/03/2017 22:58:29] - (.© Microsoft Corporation. Tous droits réservés. - Processus hôte Windows (Rundll32).) - [67 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\rundll32.exe [MD5.C81F9707DEA008EED4071B5A39B7C76E] - [14/08/2017 17:56:52] - (.© Microsoft Corporation. Tous droits réservés. - Applications Services et Contrôleur.) - [515.6 Ko] - (10.0.15063.502) : C:\WINDOWS\System32\services.exe [MD5.3120B24060924F9B94182A1432B2D7F9] - [18/03/2017 22:58:21] - (.© Microsoft Corporation. Tous droits réservés. - Processus hôte pour les services Windows.) - [46.55 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\svchost.exe [MD5.9F67071B597A3CCC8C11CE761CE88B04] - [18/03/2017 22:57:35] - (.© Microsoft Corporation. Tous droits réservés. - DLL client de l’API uilisateur de Windows multi-utilisateurs.) - [1313.56 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\user32.dll [MD5.46B72E05D0B9F489CA60DBD7361039B0] - [18/03/2017 22:58:21] - (.© Microsoft Corporation. Tous droits réservés. - Application d’ouverture de session Userinit.) - [31.5 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\userinit.exe [MD5.0242626678C83AE788C655C1990A3CC3] - [14/08/2017 17:56:36] - (.© Microsoft Corporation. Tous droits réservés. - Application de démarrage de Windows.) - [310.77 Ko] - (10.0.15063.502) : C:\WINDOWS\System32\Wininit.exe [MD5.31E3287EF6D97C5864A301CEA75BBBA1] - [12/07/2017 12:10:42] - (.© Microsoft Corporation. Tous droits réservés. - Application d’ouverture de session Windows.) - [690 Ko] - (10.0.15063.483) : C:\WINDOWS\System32\Winlogon.exe [MD5.AC1928C2F7505BD556C552F153B062AB] - [18/03/2017 22:57:36] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de fonction connexe pour WinSock.) - [596.4 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\afd.sys [MD5.01733BEEE02E51F712330D5909BD701C] - [18/03/2017 22:56:26] - (.© Microsoft Corporation. - ATAPI IDE Miniport Driver.) - [28.41 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\atapi.sys [MD5.71CCAFFF7D5E64E3D07BD96F2B2898EF] - [18/03/2017 22:56:26] - (.© Microsoft Corporation. - ATAPI Driver Extension.) - [189.91 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\ataport.sys [MD5.B6E5AD7C83A5254DEE9D86023C0E5A81] - [18/03/2017 22:57:39] - (.© Microsoft Corporation. - CD-ROM File System Driver.) - [91 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\cdfs.sys [MD5.ABE77AD954BC3D72F559CF0C381E50BC] - [18/03/2017 22:56:25] - (.© Microsoft Corporation. - SCSI CD-ROM Driver.) - [156.5 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\cdrom.sys [MD5.185A4519B7764F4DEF714D890A7A9FD2] - [18/03/2017 22:57:47] - (.© Microsoft Corporation. - DFS Namespace Client Driver.) - [147 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\dfsc.sys [MD5.02B9639D9997E95CDF2F4C4F3BDCC73D] - [12/07/2017 12:11:16] - (.© Microsoft Corporation. - High Definition Audio Bus Driver.) - [84.5 Ko] - (10.0.15063.447) : C:\WINDOWS\System32\Drivers\hdaudbus.sys [MD5.C6C8315E3262FAE460529C6DA2951682] - [18/03/2017 22:56:35] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de port i8042.) - [112.5 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\i8042prt.sys [MD5.DCC05E5EAA580C97F13B434FAFACED85] - [18/03/2017 22:58:21] - (.© Microsoft Corporation. - IP Network Address Translator.) - [209.5 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\ipnat.sys [MD5.F2AD1B72C5A6475FB5FF332E1980DF88] - [18/03/2017 22:57:54] - (.© Microsoft Corporation. Tous droits réservés. - Minirdr SMB Windows NT.) - [456.4 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\mrxsmb.sys [MD5.59F3D5FEF4A24871C07C279762DA8624] - [12/07/2017 12:10:46] - (.© Microsoft Corporation. Tous droits réservés. - NDIS (Network Driver Interface Specification).) - [1213.41 Ko] - (10.0.15063.447) : C:\WINDOWS\System32\Drivers\ndis.sys [MD5.30C2F67EC84EB11B22011620107E0325] - [18/03/2017 22:57:35] - (.© Microsoft Corporation. - MBT Transport driver.) - [298 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\netbt.sys [MD5.075F8C81457804BB79DD33FE69A96C57] - [14/08/2017 17:56:58] - (.© Microsoft Corporation. Tous droits réservés. - Pilote du système de fichiers NT.) - [2272.91 Ko] - (10.0.15063.502) : C:\WINDOWS\System32\Drivers\ntfs.sys [MD5.2CC6C325B271C7CA60F374F8F868CB45] - [18/03/2017 22:56:26] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de port parallèle.) - [95.5 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\parport.sys [MD5.5279EC98F6218D29EADDFECCC0D80E9A] - [18/03/2017 22:58:07] - (.© Microsoft Corporation. - RAS L2TP mini-port/call-manager driver.) - [104.5 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\rasl2tp.sys [MD5.53A01D3FDB701AC5D9DDE4140227E3D9] - [18/03/2017 22:59:55] - (.© Microsoft Corporation. Tous droits réservés. - Redirecteur de périphérique de Microsoft RDP.) - [179 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\rdpdr.sys [MD5.02481DA7952E87F0EF007B54E0216DA8] - [14/08/2017 17:57:15] - (.© Microsoft Corporation. Tous droits réservés. - Pilote TCP/IP.) - [2616.41 Ko] - (10.0.15063.502) : C:\WINDOWS\System32\Drivers\tcpip.sys [MD5.D74756DD1518D28A09CDA99696273FA4] - [14/08/2017 17:57:16] - (.© Microsoft Corporation. - TDI Translation Driver.) - [116.91 Ko] - (10.0.15063.540) : C:\WINDOWS\System32\Drivers\tdx.sys [MD5.E3429DBBEA3965BB96E24B16EF4A2551] - [18/03/2017 22:57:39] - (.© Microsoft Corporation. - Volume Shadow Copy driver.) - [387.91 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\volsnap.sys ---------- | Locked Applications ---------- | Explorer.exe component call (Microsoft Files Whitelisted) (.HP Inc..-.HP DeskBand.) - (8.2.1.0) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFTaskbar.dll (.NVIDIA Corporation.-.NVIDIA Driver Loader, Version 381.65.) - (22.21.13.8165) -- C:\WINDOWS\System32\DriverStore\FileRepository\nvhdc.inf_amd64_2112cfa205ccb4cd\nvldumdx.dll (.NVIDIA Corporation.-.NVIDIA D3D10 Driver, Version 381.65.) - (22.21.13.8165) -- C:\WINDOWS\System32\DriverStore\FileRepository\nvhdc.inf_amd64_2112cfa205ccb4cd\nvwgf2umx_cfg.dll (.NVIDIA Corporation.-.NVIDIA Capture Server Proxy.) - (2.11.4.0) -- C:\WINDOWS\system32\nvspcap64.dll (.Google.-.Google Drive shell extension.) - (3.35.5978.2967) -- C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (.Malwarebytes.-.Malwarebytes.) - (3.0.0.26) -- C:\Users\camil\Desktop\Anti-Malware\mbshlext.dll (.Google.-.Google Drive shell extension.) - (3.35.5978.2967) -- C:\Program Files (x86)\Google\Drive\contextmenu64.dll (..-.ShellHandler for Notepad++ (64 bit).) - (0.1.0.0) -- C:\Program Files\Notepad++\NppShell_06.dll (.Adobe Systems Inc..-.Adobe Acrobat Context Menu.) - (11.0.0.379) -- C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll (.Adobe Systems Inc..-.Adobe Acrobat Context Menu.) - (11.0.0.379) -- C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\locale\fr_fr\Acrobat Elements\ContextMenuShim64.fra (.Igor Pavlov.-.7-Zip Shell Extension.) - (17.0.0.0) -- C:\Program Files\7-Zip\7-zip.dll (.NVIDIA Corporation.-.NVIDIA Shell Extensions.) - (8.17.13.8165) -- C:\WINDOWS\system32\nv3dappshext.dll (.NVIDIA Corporation.-.NVIDIA NVAPI Library, Version 381.65.) - (22.21.13.8165) -- C:\WINDOWS\system32\nvapi64.dll (.Alex Feinman.-.ISO Recorder.) - (3.1.3.1) -- C:\Program Files\Alex Feinman\ISO Recorder\ISORecorder.dll (.The Document Foundation.-..) - (5.2.4.2) -- C:\Program Files (x86)\LibreOffice 5\program\shlxthdl\propertyhdl_x64.dll ---------- | Svchost.exe component call (Microsoft Files Whitelisted) (.Apple Inc..-.Bonjour Namespace Provider.) - (3.0.0.10) -- C:\Program Files\Bonjour\mdnsNSP.dll (.Hewlett-Packard Co..-.HP CUE DeviceDiscovery Service.) - (140.0.298.0) -- C:\program files (x86)\hp\digital imaging\bin\hpqddsvc.dll (.Hewlett-Packard Co..-.HP CUE DeviceDiscovery Common Library.) - (140.0.298.0) -- C:\program files (x86)\hp\digital imaging\bin\hpqddcmn.dll (.Hewlett-Packard.-.Dot4Net Module.) - (12.2.6.51) -- C:\windows\system32\hpzinw12.dll (.Hewlett-Packard.-.PmlDrv Module.) - (12.2.6.51) -- C:\windows\system32\hpzipm12.dll (.SQLite Development Team.-.SQLite is a software library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine..) - (3.15.2.0) -- C:\WINDOWS\System32\winsqlite3.dll (.Hewlett-Packard Co..-.HP CUE Context Manager Objects.) - (140.0.411.0) -- C:\program files (x86)\hp\digital imaging\bin\hpqcxs08.dll (.Hewlett-Packard Co..-.HP CUE/AiO Context Information Objects.) - (140.0.432.0) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpocxi08.dll (.Hewlett-Packard Co..-.HP OfficeJet COM Common Objects.) - (140.0.432.0) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcob08.dll (.Hewlett-Packard Co..-.HP Network Devices Support.) - (140.0.416.0) -- C:\program files (x86)\hp\digital imaging\bin\hpslpsvc64.dll (.NVIDIA Corporation.-.NVIDIA Capture Server Proxy.) - (2.11.4.0) -- C:\WINDOWS\system32\nvspcap64.dll (.NVIDIA Corporation.-.NVIDIA NVAPI Library, Version 381.65.) - (22.21.13.8165) -- C:\WINDOWS\system32\nvapi64.dll ---------- | ZeroAccess Check [HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll [HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll [HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll ---------- | Startings up OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-19\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE LOCAL OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-20\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE RÉSEAU DeskPins - (DeskPins.lnk [Startup]) - User: DESKTOP-791TIIP\camil Steam - ("C:\Program Files (x86)\Steam\steam.exe" -silent [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\SOFTWARE\...\Run]) - User: DESKTOP-791TIIP\camil Clavier+ - (C:\Users\camil\AppData\Local\Clavier+\Clavier.exe [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\SOFTWARE\...\Run]) - User: DESKTOP-791TIIP\camil GoogleDriveSync - ("C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\SOFTWARE\...\Run]) - User: DESKTOP-791TIIP\camil DAEMON Tools Lite Automount - ("C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\SOFTWARE\...\Run]) - User: DESKTOP-791TIIP\camil Spotify Web Helper - (C:\Users\camil\AppData\Roaming\Spotify\SpotifyWebHelper.exe --autostart [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\SOFTWARE\...\Run]) - User: DESKTOP-791TIIP\camil HP Digital Imaging Monitor - (C:\PROGRA~2\HP\DIGITA~1\bin\hpqtra08.exe [Common Startup]) - User: Public SecurityHealth - (%ProgramFiles%\Windows Defender\MSASCuiL.exe [HKLM\SOFTWARE\...\Run]) - User: Public RTHDVCPL - ("C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s [HKLM\SOFTWARE\...\Run]) - User: Public Logitech Download Assistant - (C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [HKLM\SOFTWARE\...\Run]) - User: Public NvBackend - ("C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [HKLM\SOFTWARE\...\Run]) - User: Public ShadowPlay - ("C:\windows\system32\rundll32.exe" C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart [HKLM\SOFTWARE\...\Run]) - User: Public AdobeAAMUpdater-1.0 - ("C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [HKLM\SOFTWARE\...\Run]) - User: Public Malwarebytes TrayApp - (C:\USERS\CAMIL\DESKTOP\ANTI-MALWARE\mbamtray.exe [HKLM\SOFTWARE\...\Run]) - User: Public [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Microsoft\Command Processor] "CompletionChar"=9 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=9 [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Microsoft\Windows\CurrentVersion\Run] "Steam"="C:\Program Files (x86)\Steam\steam.exe" -silent "Clavier+"=C:\Users\camil\AppData\Local\Clavier+\Clavier.exe [16/07/2017 12:23:58] "GoogleDriveSync"="C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart "DAEMON Tools Lite Automount"="C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun "Spotify Web Helper"=C:\Users\camil\AppData\Roaming\Spotify\SpotifyWebHelper.exe --autostart [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run] "OneDrive"=0x020000000000000000000000 "Steam"=0x020000000000000000000000 "GoogleDriveSync"=0x020000000000000000000000 "Clavier+"=0x020000000000000000000000 "WinAuth"=0x020000000000000000000000 "DAEMON Tools Lite Automount"=0x020000000000000000000000 "Spotify Web Helper"=0x020000000000000000000000 [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RunMRU] "a"=regedit\1 "MRUList"=bca "b"=appwiz.cpl\1 "c"=msconfig\1 [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "Device"=HP Deskjet F4500 series (2),winspool,Ne07: "IsMRUEstablished"=1 "LegacyDefaultPrinterMode"=1 [HKLM\Software\Microsoft\Command Processor] "CompletionChar"=64 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=64 [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "SecurityHealth"=%ProgramFiles%\Windows Defender\MSASCuiL.exe "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s "Logitech Download Assistant"=C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch "NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" "ShadowPlay"="C:\windows\system32\rundll32.exe" C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart "AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" "Malwarebytes TrayApp"=C:\USERS\CAMIL\DESKTOP\ANTI-MALWARE\mbamtray.exe [23/08/2017 11:23:20] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run] "SecurityHealth"=0x060000000000000000000000 "RTHDVCPL"=0x060000000000000000000000 "Logitech Download Assistant"=0x060000000000000000000000 "WindowsDefender"=0x040000000000000000000000 "RUNFBI"=0x040000000000000000000000 "NvBackend"=0x060000000000000000000000 "ShadowPlay"=0x060000000000000000000000 "AdobeAAMUpdater-1.0"=0x020000000000000000000000 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32] "HPMessageService"=0x060000000000000000000000 "HPMSGSVC"=0x060000000000000000000000 "SunJavaUpdateSched"=0x020000000000000000000000 "Acrobat Assistant 8.0"=0x020000000000000000000000 "HP Software Update"=0x020000000000000000000000 "GOSTgmmouseRun"=0x020000000000000000000000 "Aimersoft Helper Compact.exe"=0x030000005C9AA8EE1C1BD301 "APSDaemon"=0x020000000000000000000000 [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] ""=mnmsrvc "AppInit_DLLs"= "DdeSendTimeout"=0 "DesktopHeapLogging"=1 "DeviceNotSelectedTimeout"=15 "DwmInputUsesIoCompletionPort"=1 "EnableDwmInputProcessing"=7 "EnableMitInputProcessing"=7 "GDIProcessHandleQuota"=10000 "IconServiceLib"=IconCodecService.dll "LoadAppInit_DLLs"=0 "NaturalInputHandler"=Ninput.dll "ShutdownWarningDialogTimeout"=4294967295 "Spooler"=yes "ThreadUnresponsiveLogTimeout"=500 "TransmissionRetryTimeout"=90 "USERNestedWindowLimit"=50 "USERPostMessageLimit"=10000 "USERProcessHandleQuota"=10000 "Win32kLastWriteTime"=1D2A02A4539A47C [HKLM\Software\WOW6432Node\Microsoft\Command Processor] "CompletionChar"=64 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=64 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] "HPMessageService"=C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [11/01/2016 12:15:32] "HPMSGSVC"=C:\Program Files (x86)\HP\HPPhoenixCtrl\HPMSGSVC.exe [16/06/2016 14:24:48] ""= "Acrobat Assistant 8.0"="C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" "HP Software Update"=C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [30/05/2013 14:50:10] "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "GOSTgmmouseRun"="C:\Program Files (x86)\MS200 GAMING MOUSE\rssmon.exe" -runauto "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "Aimersoft Helper Compact.exe"=C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows] ""=mnmsrvc "AppInit_DLLs"= "DdeSendTimeout"=0 "DesktopHeapLogging"=1 "DeviceNotSelectedTimeout"=15 "DwmInputUsesIoCompletionPort"=1 "EnableDwmInputProcessing"=7 "EnableMitInputProcessing"=7 "GDIProcessHandleQuota"=10000 "IconServiceLib"=IconCodecService.dll "LoadAppInit_DLLs"=0 "NaturalInputHandler"=Ninput.dll "ShutdownWarningDialogTimeout"=4294967295 "Spooler"=yes "ThreadUnresponsiveLogTimeout"=500 "TransmissionRetryTimeout"=90 "USERNestedWindowLimit"=50 "USERPostMessageLimit"=10000 "USERProcessHandleQuota"=10000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED} ---------- | Win.ini : ---------- | System.ini : ---------- | Tasks List Adobe Acrobat Update Task DropboxOEM DropboxUpdateTaskMachineCore DropboxUpdateTaskMachineUA GoogleUpdateTaskMachineCore GoogleUpdateTaskMachineUA gsxklqxk HPAudioSwitch HPCeeScheduleForcamil HPEA3JOBS HPJumpStartLaunch Intel PTT EK Recertification User_Feed_Synchronization-{1814063B-F81F-4B74-953F-53F3F28DAB11} ---------- | Startings up registry ¦ Folder ---------- | Other keys [HKLM\System\CurrentControlSet\Control\SecurityProviders] "SecurityProviders"=credssp.dll [HKLM\System\CurrentControlSet\Control\Terminal Server] "AllowRemoteRPC"=0 "DelayConMgrTimeout"=0 "DeleteTempDirsOnExit"=1 "fDenyTSConnections"=1 "fSingleSessionPerUser"=1 "NotificationTimeOut"=0 "PerSessionTempDir"=0 "ProductVersion"=5.1 "RCDependentServices"=CertPropSvc SessionEnv "SnapshotMonitors"=1 "StartRCM"=0 "TSUserEnabled"=0 "InstanceID"=7701a15e-ccac-4c37-bfbb-8b8f536 "GlassSessionId"=1 [HKLM\System\CurrentControlSet\Control\Session Manager] "AutoChkTimeout"=8 "BootExecute"=autocheck autochk * "BootShell"=%SystemRoot%\system32\bootim.exe "CriticalSectionTimeout"=2592000 "ExcludeFromKnownDlls"= "GlobalFlag"=0 "HeapDeCommitFreeBlockThreshold"=0 "HeapDeCommitTotalFreeThreshold"=0 "HeapSegmentCommit"=0 "HeapSegmentReserve"=0 "InitConsoleFlags"=0 "NumberOfInitialSessions"=2 "ObjectDirectories"=\Windows \RPC Control "ProcessorControl"=2 "ProtectionMode"=1 "ResourceTimeoutCount"=648000 "RunLevelExecute"=WinInit ServiceControlManager "RunLevelValidate"=ServiceControlManager "SETUPEXECUTE"= "AutoChkSkipSystemPartition"=0 [HKLM\System\CurrentControlSet\Control] "BootDriverFlags"=28 "CurrentUser"=USERNAME "EarlyStartServices"=RpcSs Power BrokerInfrastructure SystemEventsBroker DcomLaunch RpcEpMapper LSM AppIdSvc "PreshutdownOrder"=UsoSvc DeviceInstall gpsvc trustedinstaller "SvcHostSplitThresholdInKB"=3670016 "WaitToKillServiceTimeout"=200 "SystemStartOptions"= NOEXECUTE=OPTIN NOVGA "SystemBootDevice"=multi(0)disk(0)rdisk(0)partition(3) "FirmwareBootDevice"=multi(0)disk(0)rdisk(0)partition(1) "LastBootSucceeded"=1 "LastBootShutdown"=1 "DirtyShutdownCount"=5 [HKLM\System\CurrentControlSet\Control\lsa] "auditbasedirectories"=0 "auditbaseobjects"=0 "Bounds"=0x0030000000200000 "crashonauditfail"=0 "fullprivilegeauditing"=0x00 "LimitBlankPasswordUse"=1 "NoLmHash"=1 "Security Packages"="" [07/07/2017 19:59:26] "Notification Packages"=scecli "Authentication Packages"=msv1_0 "disabledomaincreds"=0 "everyoneincludesanonymous"=0 "forceguest"=0 "LsaPid"=772 "ProductType"=3 "restrictanonymous"=0 "restrictanonymoussam"=1 "SamConnectedAccountsExist"=1 "SecureBoot"=1 ---------- | .LNK with Arguments ---------- | AppCertDlls ---------- | Dnsapi.dll C:\WINDOWS\System32\dnsapi.dll -> OK : \drivers\etc\hosts C:\WINDOWS\SysWOW64\dnsapi.dll -> OK : \drivers\etc\hosts ---------- | Policies | Registry [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Control Panel\Desktop] "ActiveWndTrackTimeout"=0 "BlockSendInputResets"=0 "CaretWidth"=1 "ClickLockTime"=1200 "CoolSwitchColumns"=7 "CoolSwitchRows"=3 "CursorBlinkRate"=530 "DockMoving"=1 "DragFromMaximize"=1 "DragFullWindows"=1 "DragHeight"=4 "DragWidth"=4 "FocusBorderHeight"=1 "FocusBorderWidth"=1 "FontSmoothing"=2 "FontSmoothingOrientation"=1 "FontSmoothingType"=2 "ForegroundFlashCount"=7 "ForegroundLockTimeout"=200000 "LeftOverlapChars"=3 "MenuShowDelay"=400 "MouseWheelRouting"=2 "PaintDesktopVersion"=0 "Pattern"=0 "RightOverlapChars"=3 "ScreenSaveActive"=1 "SnapSizing"=1 "TileWallpaper"=0 "WallPaper"=C:\Users\camil\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\jupiter (101).jpg [22/08/2017 17:21:38] "WallpaperOriginX"=0 "WallpaperOriginY"=0 "WallpaperStyle"=10 "WheelScrollChars"=3 "WheelScrollLines"=3 "WindowArrangementActive"=1 "FontSmoothingGamma"=1600 "Win8DpiScaling"=0 "DpiScalingVer"=4096 "UserPreferencesMask"=0x9E1E078012000000 "MaxVirtualDesktopDimension"=1920 "MaxMonitorDimension"=1920 "TranscodedImageCount"=1 "LastUpdated"=4294967295 "TranscodedImageCache"=0x7AC30100750A0800AE09000074060000E5AE35595A1BD30143003A005C00550073006500720073005C00630061006D0069006C005C0041007000700044006100740061005C004C006F00630061006C005C004D006900630072006F0073006F00660074005C00570069006E0064006F00770073005C005400680065006D00650073005C0052006F0061006D00650064005400680065006D006500460069006C00650073005C004400650073006B0074006F0070004200610063006B00670072006F0075006E0064005C006A007500700069007400650072002000280031003000310029002E006A0070006700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 "PreferredUILanguages"=fr-FR "AutoColorization"=0 "ImageColor"=2276688463 "LowLevelHooksTimeout"=200 "WaitToKillAppTimeout"=200 [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{018D5C66-4533-4307-9B53-224DE2ED1FE6}"=1 [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Microsoft\Windows\CurrentVersion\Explorer] "ShellState"=0x2400000032A8000000000000000000000000000001000000130000000000000022000000 "ExplorerStartupTraceRecorded"=1 "UserSignedIn"=1 "SIDUpdatedOnLibraries"=1 "LocalKnownFoldersMigrated"=1 "TelemetrySalt"=1 "GlobalAssocChangedCounter"=224 "AppReadinessLogonComplete"=1 "FirstRunTelemetryComplete"=1 "SlowContextMenuEntries"=0x0114020000000000C000000000000046480E000035B9F434DC1785488BC9CCD1ADF42F93510A00006078A409B011A54DAFA526D86198A780B7130000D15C59A677BF0A43A45218696685F7C74C80000010901EF8A46ECE11A7FF00AA003CA9F634070000 "ShowRecent"=0 "ShowFrequent"=0 "Browse For Folder Width"=347 "Browse For Folder Height"=346 "Reason Setting"=255 [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_SearchFiles"=2 "ServerAdminUI"=0 "Hidden"=2 "ShowCompColor"=1 "HideFileExt"=0 "DontPrettyPath"=0 "ShowInfoTip"=1 "HideIcons"=0 "MapNetDrvBtn"=0 "WebView"=1 "Filter"=0 "ShowSuperHidden"=1 "SeparateProcess"=0 "AutoCheckSelect"=0 "IconsOnly"=0 "ShowTypeOverlay"=1 "ShowStatusBar"=0 "ListviewAlphaSelect"=1 "ListviewShadow"=1 "TaskbarAnimations"=1 "StoreAppsOnTaskbar"=1 "StartMenuInit"=13 "TaskbarSizeMove"=0 "DisablePreviewDesktop"=0 "TaskbarGlomLevel"=0 "TaskbarStateLastRun"=0x8CF49A5900000000 "ReindexedProfile"=1 "AlwaysShowMenus"=1 "HideDrivesWithNoMedia"=0 "SnapAssist"=1 [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\WordWheelQuery] "0"=0x62006500720074006C00690074007A000000 "MRUListEx"=0x0100000000000000FFFFFFFF "1"=0x6200650072006C00690074007A000000 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "DSCAutomationHostEnabled"=2 "EnableCursorSuppression"=1 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableVirtualization"=1 "PromptOnSecureDesktop"=1 "ValidateAdminCodeSignatures"=0 "undockwithoutlogon"=1 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "ForceActiveDesktopOn"=0 "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "NoRecentDocsHistory"=0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoAddingComponents"=1 "NoComponents"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "CheckedValue"=1 "DefaultValue"=2 "HKeyRoot"=2147483649 "Id"=2 "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "ValueName"=Hidden [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer] "ActiveSetupDisabled"=0 "ActiveSetupTaskOverride"=1 "AsyncRunOnce"=1 "AsyncUpdatePCSettings"=1 "DisableAppInstallsOnFirstLogon"=1 "DisableResolveStoreCategories"=1 "DisableUpgradeCleanup"=1 "EarlyAppResolverStart"=1 "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "FSIASleepTimeInMs"=60000 "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "IconUnderline"=2 "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "MachineOobeUpdates"=1 "NoWaitOnRoamingPayloads"=1 "TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd} "SmartScreenEnabled"=Off "GlobalAssocChangedCounter"=18 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_TrackDocs"=1 "TaskbarSizeMove"=0 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "DSCAutomationHostEnabled"=2 "EnableCursorSuppression"=1 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableVirtualization"=1 "PromptOnSecureDesktop"=1 "ValidateAdminCodeSignatures"=0 "undockwithoutlogon"=1 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer] "ForceActiveDesktopOn"=0 "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "NoRecentDocsHistory"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoAddingComponents"=1 "NoComponents"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "CheckedValue"=1 "DefaultValue"=2 "HKeyRoot"=2147483649 "Id"=2 "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "ValueName"=Hidden [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer] "ActiveSetupDisabled"=0 "ActiveSetupTaskOverride"=1 "AsyncRunOnce"=1 "AsyncUpdatePCSettings"=1 "DisableAppInstallsOnFirstLogon"=1 "DisableResolveStoreCategories"=1 "DisableUpgradeCleanup"=1 "EarlyAppResolverStart"=1 "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "FSIASleepTimeInMs"=60000 "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "IconUnderline"=2 "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "MachineOobeUpdates"=1 "NoWaitOnRoamingPayloads"=1 "TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd} "GlobalAssocChangedCounter"=37 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_TrackDocs"=1 "TaskbarSizeMove"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s ---------- | Winlogon [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin;OneDrive;Work Folders "BuildNumber"=15063 "FirstLogon"=0 "PUUActive"=0x3A3934BC0100040044006A0167D90C00AB110D0062133600D100000002001E00F960C69F54F73B00E0BC200063E207008C8B060020210200000000000D781C0007AA0000B0050000B26AA06E451CD30167D90C00000000000100000000000000 "DP"=0xCE00580076000400440000003A3934BC00000000000000003BAA5FA72C1CD3013BAA5FA72C1CD301000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 "ParseAutoexec"=1 [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "AutoRestartShell"=1 "Background"=0 0 0 "CachedLogonsCount"=10 "DebugServerCommand"=no "DefaultDomainName"= "DisableBackButton"=1 "EnableSIHostIntegration"=1 "ForceUnlockLogon"=0 "LegalNoticeCaption"= "LegalNoticeText"= "PasswordExpiryWarning"=5 "PowerdownAfterShutdown"=0 "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "ReportBootOk"=1 "Shell"=explorer.exe "ShellCritical"=0 "ShellInfrastructure"=sihost.exe "SiHostCritical"=0 "SiHostReadyTimeOut"=0 "SiHostRestartCountLimit"=0 "SiHostRestartTimeGap"=0 "VMApplet"=SystemPropertiesPerformance.exe /pagefile "WinStationsDisabled"=0 "LastLogOffEndTimePerfCounter"=35266885800 "ShutdownFlags"=7 "Userinit"=C:\Windows\system32\userinit.exe, "scremoveoption"=0 "AutoAdminLogon"=0 "DefaultUserName"=camillemorel89@outlook.fr "DisableCad"=1 "DisableLockWorkstation"=0 "EnableFirstLogonAnimation"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon] "DefaultDomainName"= "DefaultUserName"= "EnableSIHostIntegration"=1 "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "Shell"=explorer.exe "ShellCritical"=0 "SiHostCritical"=0 "SiHostReadyTimeOut"=0 "SiHostRestartCountLimit"=0 "SiHostRestartTimeGap"=0 "Userinit"=C:\WINDOWS\system32\userinit.exe, ---------- | Associations [HKLM\Software\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\Classes\.com] ""=comfile [HKLM\Software\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.reg] ""=regfile [HKLM\Software\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\Classes\.scr] ""=scrfile [HKLM\Software\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\Classes\.bat] ""=batfile [HKLM\Software\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.cmd] ""=cmdfile [HKLM\Software\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.pif] ""=piffile [HKLM\Software\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.inf] ""=inffile [HKLM\Software\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\Classes\.url] ""=InternetShortcut [HKLM\Software\Classes\.lnk] ""=lnkfile [HKLM\Software\Classes\.hta] ""=htafile "Content Type"=application/hta "PerceivedType"=text [HKLM\Software\Classes\htafile\Shell\Open\Command] ""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* [HKLM\Software\Classes\InternetShortcut] "EditFlags"=2 "FriendlyTypeName"=@C:\WINDOWS\system32\ieframe.dll,-10046 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "NeverShowExt"= "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment ""=Raccourci Internet [HKLM\Software\Classes\Application.Manifest] ""=Application Manifest "BrowserFlags"=4096 "EditFlags"=4259840 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200 [HKLM\Software\Classes\Application.Reference] ""=Application Reference "EditFlags"=131072 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201 "IsShortcut"= "NeverShowExt"= [HKLM\Software\Classes\Folder] ""=Folder "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeLayoutPatternForSearch"=alpha "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.HomeGroupSharingStatus [HKLM\Software\WOW6432Node\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\WOW6432Node\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\WOW6432Node\Classes\.com] ""=comfile [HKLM\Software\WOW6432Node\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.reg] ""=regfile [HKLM\Software\WOW6432Node\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\WOW6432Node\Classes\.scr] ""=scrfile [HKLM\Software\WOW6432Node\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\WOW6432Node\Classes\.bat] ""=batfile [HKLM\Software\WOW6432Node\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.cmd] ""=cmdfile [HKLM\Software\WOW6432Node\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.pif] ""=piffile [HKLM\Software\WOW6432Node\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.inf] ""=inffile [HKLM\Software\WOW6432Node\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\WOW6432Node\Classes\.url] ""=InternetShortcut [HKLM\Software\WOW6432Node\Classes\.lnk] ""=lnkfile [HKLM\Software\WOW6432Node\Classes\.hta] ""=htafile "Content Type"=application/hta "PerceivedType"=text [HKLM\Software\WOW6432Node\Classes\htafile\Shell\Open\Command] ""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* [HKLM\Software\WOW6432Node\Classes\InternetShortcut] "EditFlags"=2 "FriendlyTypeName"=@C:\WINDOWS\system32\ieframe.dll,-10046 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "NeverShowExt"= "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment ""=Raccourci Internet [HKLM\Software\WOW6432Node\Classes\Application.Manifest] ""=Application Manifest "BrowserFlags"=4096 "EditFlags"=4259840 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200 [HKLM\Software\WOW6432Node\Classes\Application.Reference] ""=Application Reference "EditFlags"=131072 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201 "IsShortcut"= "NeverShowExt"= [HKLM\Software\WOW6432Node\Classes\Folder] ""=Folder "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeLayoutPatternForSearch"=alpha "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.HomeGroupSharingStatus [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Clients\StartMenuInternet\Firefox-E7CF176E110C211B\Shell\open\Command] ""="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Clients\StartMenuInternet\Firefox-E7CF176E110C211B\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\Clients\StartMenuInternet\Firefox-E7CF176E110C211B\Shell\open\Command] ""="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [HKLM\Software\Clients\StartMenuInternet\Firefox-E7CF176E110C211B\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\Clients\StartMenuInternet\Google Chrome\Shell\open\Command] ""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [HKLM\Software\Clients\StartMenuInternet\Google Chrome\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""=C:\Program Files\Internet Explorer\iexplore.exe [20/03/2017 07:10:48] [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Firefox-E7CF176E110C211B\Shell\open\Command] ""="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Firefox-E7CF176E110C211B\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\Shell\open\Command] ""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""=C:\Program Files\Internet Explorer\iexplore.exe [20/03/2017 07:10:48] [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall ---------- | AppcompatFlags [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted] "C:\Program Files (x86)\HP\Digital Imaging\{FD126052-310E-4364-937B-6B5564F24578}\hpzstub.exe"=1 [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store] "C:\Program Files (x86)\HP\HPPhoenixCtrl\HPPhoenixCtrl.exe"=0x5341435001000000000000000700000028000000001413000000000001000000000000000000000AF5220000E78E163C2AA0D201000000000000000002000000280000000000000000000000800000000000000000000000000000003F186104000000001000000010000000 "C:\Users\camil\Downloads\Firefox Setup 54.0.exe"=0x53414350010000000000000007000000280000007078B1024C96B1020100000000000000000003060001000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000000D422700000000000100000001000000 "C:\Users\camil\Documents\WinAuth.exe"=0x534143500100000000000000070000002800000048385800AF51580001000000000000000000000AF5200000E78E163C2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000BB0D3003000000001400000014000000 "SIGN.MEDIA=A000 Autokey utility\auto.exe"=0x534143500100000000000000070000002800000000A000003CB700000100000000000000000001057100000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000002ABF0000000000000100000001000000 "SIGN.MEDIA=3D8C MONITOR.EXE"=0x534143500100000000000000070000002800000000900000000000000100000000000000000001057100000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000CC000000000000000100000001000000 "C:\Users\camil\Downloads\OBS-Studio-19.0.3-Full-Installer.exe"=0x5341435001000000000000000700000028000000A0FBBF066305C00601000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000B3D10100000000000100000001000000 "C:\Users\camil\Downloads\uTorrent.exe"=0x5341435001000000000000000700000028000000C0B624001527250001000000000000000000000A0021000033504C2B57DFD1010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000000000000000000000000000000000000091870300000000000100000001000000 "C:\Users\camil\AppData\Roaming\uTorrent\uTorrent.exe"=0x5341435001000000000000000700000028000000C0B624001527250001000000000000000000000A00210000E63F486B2AA0D201000000000000000002000000280000000000000000000000000000000000000000000000000000003BEA9104000000002700000027000000 "C:\Program Files\mcafee\msc\mcuihost.exe"=0x5341435001000000000000000700000028000000C0E21000E2C2110003000000000000000000000A00210000D5B3B31A57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000EDF80200000000000100000001000000 "C:\Windows10Upgrade\Windows10UpgraderApp.exe"=0x5341435001000000000000000700000028000000C888130064A7130001000000000000000000000A71220000E63F486B2AA0D20100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000127AFF03000000000200000002000000 "C:\Program Files (x86)\Mozilla Firefox\firefox.exe"=0x5341435001000000000000000700000028000000C8F3070014AF080001000000000000000000000A00210000E63F486B2AA0D2010000000100000000 "C:\Users\camil\Downloads\7z1700-x64.exe"=0x53414350010000000000000007000000280000007F5515000000000001000000000000000000000A0021000033504C2B57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000008B220000000000000100000001000000 "C:\Program Files\7-Zip\7zG.exe"=0x5341435001000000000000000700000028000000008408000000000001000000000000000000000A73200000E78E163C2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000AE430700000000001400000014000000 "C:\Program Files\7-Zip\7z.exe"=0x534143500100000000000000070000002800000000E606000000000001000000000000000000000A73200000D5B3B31A57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000002F000000000000000100000001000000 "C:\Program Files\7-Zip\7zFM.exe"=0x534143500100000000000000070000002800000000DE0C000000000001000000000000000000000A73200000E78E163C2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000660D8F00000000007000000070000000 "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe"=0x5341435001000000000000000700000028000000B0370200A843020001000000000000000000000600010000E63F486B2AA0D20100000000000000000200000050000000000000000000001000000000000000000000000000000000068A830100000000B30200002C020000000000000000005000000000000000000000000000000000FA7D0000000000000100000000000000 "C:\Users\camil\Downloads\JavaSetup8u131.exe"=0x534143500100000000000000070000002800000040440B0020CC0B0001000000000000000000000A7122000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000023B1B00000000000100000001000000 "SIGN.MEDIA=B3BE0E92 setup.exe"=0x5341435001000000000000000700000028000000A0CC2F00000000000100000000000000000001060001000033504C2B57DFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000098270100000000000100000001000000 "C:\Users\camil\Documents\Adobe Photoshop CS6\Install this.exe"=0x534143500100000000000000070000002800000040E19B04000000000100000000000000000003060001000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000010C0100000000000100000001000000 "C:\Program Files (x86)\Adobe Photoshop CS6\Photoshop.exe"=0x53414350010000000000000007000000280000008B0A0300000000000100000000000000000001060001000033504C2B57DFD1010000000000000000020000005000000000000000200000600400000000000000000000000000000083861100000000000100000001000000000000000000004004000000000000000000000000000000907F0000000000000100000000000000 "C:\Users\camil\Documents\Jeux\OpenHexagonV1.92\SSVOpenHexagon.exe"=0x53414350010000000000000007000000280000002D210B000000000001000000000000000000020671200000E63F486B2AA0D201000000000000000002000000280000000000000000000000100000000000000000000000000000004CA63600000000004200000042000000 "SIGN.MEDIA=A1F5CC4 Far Cry - Primal [FitGirl Repack]\Verify BIN files before installation.bat"=0x53414350010000000000000007000000280000000026040017C9040001000000000000000000010500100000E78E163C2AA0D2010000000000000000 "SIGN.MEDIA=A1F5CC4 Far Cry - Primal [FitGirl Repack]\setup.exe"=0x5341435001000000000000000700000028000000A90570000000000001000000000000000000010600010000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000C3554F01000000000100000001000000 "C:\Games\Far Cry - Primal\bin\FCPrimal.exe"=0x5341435001000000000000000700000028000000A84E49076C4C4A0701000000000000000000000A73220000E78E163C2AA0D20100000000000000000500000010000000000000000000000000000000200000000200000028000000000000002000006000000000000000000000000000000000DCF84400000000000E0000000E000000 "C:\Program Files\WindowsApps\Deezer.62021768415AF_3.3.7.0_x64__q7m17pa7q8kj0\Win32\DeezerMusic.StartupHelper.exe"=0x5341435001000000000000000700000028000000002200000000000001000000000000000000000AF5220000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000252E0000000000000100000001000000 "SIGN.MEDIA=F7D236BB SETUP.EXE"=0x5341435001000000000000000700000028000000506E0500F2BC050001000000000000000000010600010000E63F486B2AA0D20100000000000000000500000010000000000000000000000000000000800000000200000028000000000000008000000000000000000000000000000000000000FB680000000000000100000001000000 "C:\Users\camil\Downloads\rpc420_setup.exe"=0x5341435001000000000000000700000028000000BA7104000000000001000000000000000000010600010000E63F486B2AA0D201000000000000000002000000280000000000000000000040000000000000000000000000000000005BB00200000000000100000001000000 "C:\Program Files\Internet Explorer\iexplore.exe"=0x534143500100000000000000070000002800000040930C00D5A10C0001000000010000000000000A00210000E78E163C2AA0D2010000000000000000 "C:\Users\camil\Downloads\Lame_v3.99.3_for_Windows.exe"=0x53414350010000000000000007000000280000003F0C08000000000001000000000000000000010600010000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000015210000000000000100000001000000 "C:\Users\camil\Downloads\typefighters-win-1.2.exe"=0x534143500100000000000000070000002800000029F9FD000000000001000000000000000000030600010000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000E1B10200000000000100000001000000 "C:\Users\camil\Documents\AudioRouter-0.10.2\Audio Router.exe"=0x534143500100000000000000070000002800000000EC04000000000001000000000000000000000A73220000E78E163C2AA0D201000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000007F7E5406000000002400000024000000 "C:\Users\camil\Documents\VAC 4.14\setup64.exe"=0x5341435001000000000000000700000028000000A87901008A1D020001000000000000000000020673020000E78E163C2AA0D2010000000000000000020000002800000000000000000000400000000000000000000000000000000063620000000000000100000001000000 "C:\Program Files (x86)\Audacity\audacity.exe"=0x534143500100000000000000070000002800000000547E000000000001000000000000000000000A71220000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000D91E2600000000000C0000000C000000 "C:\Users\camil\Documents\Jeux\Audiosurf 2\Audiosurf2.exe"=0x534143500100000000000000070000002800000000AAF6000000000001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000DA260800000000000100000001000000 "C:\Users\camil\Documents\PONG-www.oldgames.sk-Package.exe"=0x53414350010000000000000007000000280000005F751A00E4BE030001000000000000000000000A41220000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000FEDA0000000000000100000001000000 "C:\Program Files (x86)\Oldgames\Pong\dosbox.exe"=0x53414350010000000000000007000000280000000062390022013A0001000000000000000000000671200000E63F486B2AA0D201000000000000000002000000280000000000000000000010000000000000000000000000000000000F560000000000000200000002000000 "C:\Program Files (x86)\Oldgames\Pong\C\CPONG10\CLASSIC PONG.EXE"=0x534143500100000000000000070000002800000000D401000000000001000000000000000000010571200000E63F486B2AA0D2010000000000000000020000005000000000000000008000200000000000000000000000000000000062860100000000000100000001000000000000000000000000000040000000000000000000000000F28E0000000000000100000000000000 "C:\Users\camil\Documents\GameSave Manager\gs_mngr_3.exe"=0x534143500100000000000000070000002800000000EE2A000000000001000000000000000000010600010000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000F1110000000000000100000001000000 "C:\Program Files\Windows Media Player\wmplayer.exe"=0x5341435001000000000000000700000028000000009802000592030001000000010000000000000A63220000E78E163C2AA0D2010000000000000000 "C:\Users\camil\Documents\Jeux\Intralism.v.1.2\Intralism.exe"=0x5341435001000000000000000700000028000000004847010000000001000000000000000000000A00210000E78E163C2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000082D40400000000000100000001000000 "C:\Program Files (x86)\LibreOffice 5\program\soffice.exe"=0x534143500100000000000000070000002800000068D600001882010001000000000000000000000A71220000E63F486B2AA0D20100000000000000000200000028000000000000000000001000000000000000000000000000000000E62D5C00000000001500000015000000 "C:\Users\camil\Downloads\DJ_AIO_06_F4500_140_408-5.exe"=0x5341435001000000000000000700000028000000C877F808F55CF90801000000000000000000010600010000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000C3E80800000000000100000001000000 "C:\Program Files (x86)\HP\Digital Imaging\bin\Hpqdirec.exe"=0x534143500100000000000000070000002800000068CD0D0016D40D0001000000000000000000010671220000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000028120500000000000A0000000A000000 "C:\Users\camil\Downloads\BoseUpdaterInstaller_1.3.9.1150.6279.exe"=0x5341435001000000000000000700000028000000B8BD7100A82E720001000000000000000000000A71220000E63F486B2AA0D2010000008000000000020000002800000000000000000000400000000000000000000000000000000061020000000000000100000001000000 "C:\Program Files (x86)\DeskPins\DeskPins.exe"=0x534143500100000000000000070000002800000000F400000000000001000000000000000000010571200000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000ECA23B07000000000100000001000000 "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrobat.exe"=0x5341435001000000000000000700000028000000780801007C6F010001000000000000000000010600010000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000044142E00000000000900000009000000 "C:\Users\camil\Documents\Jeux\The Sequence\The Sequence.exe"=0x534143500100000000000000070000002800000000B203010000000001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000C64B0500000000000100000001000000 "C:\Users\camil\Documents\kindlegen.exe"=0x534143500100000000000000070000002800000040AB78004022790001000000000000000000030671020000E63F486B2AA0D201000000000000000002000000280000000000000000000000000000000000000000000000000000005E000000000000000200000002000000 "C:\Program Files (x86)\Windows Media Player\wmplayer.exe"=0x5341435001000000000000000700000028000000008C0200FD5A030001000000010000000000000A61220000E63F486B2AA0D2010000000000000000 "SIGN.MEDIA=59264525 setup.exe"=0x534143500100000000000000070000002800000064E109000000000001000000000000000000000A00210000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000096530500000000000100000001000000 "C:\Program Files (x86)\CodeBlocks\codeblocks.exe"=0x53414350010000000000000007000000280000000EF21F006740200001000000000000000000000A00210000E63F486B2AA0D201000000000000000002000000280000000000000000000000000000000000000000000000000000007ABAB801000000000F0000000F000000 "C:\Users\camil\Downloads\MinGW-5.0.2.exe"=0x5341435001000000000000000700000028000000900702000000000001000000000000000000010571000000E63F486B2AA0D2010000000000000000050000001000000000000000000000000000000000080000020000002800000000000000000800400000220000000000000020000000000085BC0100000000000100000001000000010000000400000001000000 "C:\Users\camil\Downloads\Corona-2017.3100.msi"=0x534143500100000000000000070000002800000000E80000D238010001000000000000000000010500100000E63F486B2AA0D201000000000000000002000000280000000000000000000000000000000000000000000000000000004AFA0100000000000100000001000000 "C:\Program Files (x86)\Corona Labs\Corona\Corona Simulator.exe"=0x534143500100000000000000070000002800000060043B00C9953B0001000000000000000000000A71200000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000BB7F0400000000000200000002000000 "C:\Program Files\Notepad++\notepad++.exe"=0x5341435001000000000000000700000028000000B05A2D0009742D0001000000000000000000000A00210000E78E163C2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000885C0D00000000004F0000004F000000 "C:\Users\camil\Downloads\codeblocks-16.01mingw-setup.exe"=0x53414350010000000000000007000000280000000271FE040000000001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000A0870D00000000000300000003000000 "C:\Program Files (x86)\CodeBlocks\uninstall.exe"=0x5341435001000000000000000700000028000000770501000000000001000000000000000000000A00210000E63F486B2AA0D201000000000000000002000000500000000000000000000000000000000000000000000000000000007C440000000000000100000001000000000000000000004000000000000000000000000000000000AE310000000000000100000000000000 "C:\Users\camil\Downloads\vcredist_x64.exe"=0x5341435001000000000000000700000028000000584357008733580001000000000000000000000671020000E63F486B2AA0D2010000000000000000020000002800000000000000000000400000000000000000000000000000000090310000000000000200000002000000 "C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe"=0x5341435001000000000000000700000028000000580A07003CA7070001000000000000000000030600010000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000990B0000000000000100000001000000 "C:\Users\camil\Downloads\vc_redist.x64.exe"=0x5341435001000000000000000700000028000000E059DE00D594DE0001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000E3160000000000000100000001000000 "C:\Users\camil\Downloads\jdk-8u131-windows-x64.exe"=0x5341435001000000000000000700000028000000387C600C9716610C01000000000000000000000A73220000E78E163C2AA0D201000000000000000002000000280000000000000000000040000000000000000000000000000000006D020100000000000100000001000000 "C:\Program Files\NetBeans 8.2\bin\netbeans64.exe"=0x534143500100000000000000070000002800000089711900E1AE190001000000000000000000000A73220000E78E163C2AA0D201000000000000000002000000280000000000000000000010000000000000000000000000000000000001CE00000000000E0000000E000000 "C:\Users\camil\Downloads\mingw-get-setup.exe"=0x5341435001000000000000000700000028000000005201000000000001000000000000000000020600010000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000E4850B00000000000100000001000000 "C:\Program Files (x86)\4KDownload\4kvideodownloader\4kvideodownloader.exe"=0x5341435001000000000000000700000028000000A8D6F5006008F60001000000000000000000000A71220000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000A4C70C03000000000600000006000000 "C:\Users\camil\Downloads\setup-x86_64.exe"=0x534143500100000000000000070000002800000013D60D000000000001000000000000000000000A00210000E78E163C2AA0D20100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000000000000000000000000000000000000000527A5D02000000000400000004000000 "C:\MinGW\libexec\mingw-get\guimain.exe"=0x53414350010000000000000007000000280000000036020076D6020001000000000000000000020600010000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000085090000000000000100000001000000 "C:\Program Files (x86)\LibreOffice 5\program\swriter.exe"=0x534143500100000000000000070000002800000068FC00005A5E010001000000000000000000000A71220000E63F486B2AA0D201000000000000000002000000280000000000000000000000000000000000000000000000000000000C547300000000000800000008000000 "C:\Program Files (x86)\HP\Digital Imaging\{FD126052-310E-4364-937B-6B5564F24578}\hpzstub.exe"=0x5341435001000000000000000700000028000000905F0A00A64A0B0001000000000000000000010600210000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000CB220300000000000300000003000000 "C:\Program Files (x86)\Steam\Steam.exe"=0x534143500100000000000000070000002800000020BB2E006E9F2F0001000000000000000000000A00210000E63F486B2AA0D20100000000000000000500000010000000000000000000000000000000000000000200000050000000000000000000000000000000000000000000000000000000C0B6770200000000340000001900000000000000000000400000000000000000000000000000000010000000000000000100000000000000 "C:\Users\camil\Downloads\KindleForPC-installer-1.20.47037.exe"=0x5341435001000000000000000700000028000000A09B3C034D433D0301000000000000000000000A00210000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000022141100000000000200000002000000 "C:\Users\camil\AppData\Local\Amazon\Kindle\application\uninstall.exe"=0x5341435001000000000000000700000028000000DEB602004D433D0301000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000201A0000000000000100000001000000 "C:\Users\camil\Downloads\UnityDownloadAssistant-2017.1.0f3.exe"=0x5341435001000000000000000700000028000000283B0B00B5F80B0001000000000000000000010600010000E63F486B2AA0D2010000000000000000 "C:\Users\camil\Downloads\fleex-latest.exe"=0x5341435001000000000000000700000028000000188206007EF3060001000000000000000000030600010000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000056090000000000000100000001000000 "C:\Users\camil\AppData\Local\Apps\2.0\G5H940XQ.266\JK3K6VMO.WGV\flee..tion_59124c5ecf58553d_0002.0005_aa1e4defd9d44620\Fleex player.exe"=0x534143500100000000000000070000002800000060FC0200A7E8030001000000000000000000000AF5220000E63F486B2AA0D20100000000000000000200000028000000000000000000008000000000000000000000000000000000C6160300000000000100000001000000 "C:\Users\camil\Downloads\JavaSetup8u141.exe"=0x534143500100000000000000070000002800000040460B00E2C00B0001000000000000000000000A71220000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000CD6B1300000000000100000001000000 "C:\Program Files (x86)\Java\jre1.8.0_141\bin\javaws.exe"=0x5341435001000000000000000700000028000000402204006450040001000000000000000000010600010000E63F486B2AA0D20100000000000000000200000028000000000000000000000000100000000000000000000000000000F0B80000000000000200000002000000 "C:\Program Files (x86)\Java\jre1.8.0_141\bin\javacpl.exe"=0x534143500100000000000000070000002800000040160100681B010001000000000000000000010600010000E63F486B2AA0D20100000000000000000200000028000000000000000000000000100000000000000000000000000000E4710000000000000100000001000000 "C:\Program Files\Unity\Editor\Unity.exe"=0x5341435001000000000000000700000028000000C04DD304721ED40401000000000000000000000A00210000E78E163C2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000EA7C7902000000000200000002000000 "C:\Users\camil\Documents\Calibre Portable\calibre-portable.exe"=0x534143500100000000000000070000002800000000540200186A020001000000000000000000000A71200000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000078A34E00000000000400000004000000 "C:\Users\camil\AppData\Local\Amazon\Kindle\application\Kindle.exe"=0x5341435001000000000000000700000028000000E8C533039421340301000000000000000000000A71220000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000C5DD0500000000000600000006000000 "SIGN.MEDIA=D9D9339D setup.exe"=0x5341435001000000000000000700000028000000910012000000000001000000000000000000030600010000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000029160300000000000100000001000000 "C:\Users\camil\Downloads\Sublime Text Build 3126 x64 Setup.exe"=0x5341435001000000000000000700000028000000F819810017C2810001000000000000000000030600010000E63F486B2AA0D201000000000000000002000000280000000000000000000000000000000000000000000000000000002C320000000000000100000001000000 "C:\Program Files (x86)\Java\jre1.8.0_141\bin\javaw.exe"=0x534143500100000000000000070000002800000040EC02006604030001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000E6FD7E01000000001600000016000000 "C:\Users\camil\Downloads\helpndoc-setup-5.2.0.265.exe"=0x534143500100000000000000070000002800000050983D01ED433E0101000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000CB486700000000000100000001000000 "C:\Users\camil\Downloads\The God Father.exe"=0x534143500100000000000000070000002800000089C861000000000001000000000000000000030600210000E63F486B2AA0D201000000000000000002000000280000000000000000000040000000000000000000000000000000006E4A1C00000000000100000001000000 "C:\Users\camil\Documents\Jeux\STANDBY\Standby.exe"=0x5341435001000000000000000700000028000000002A52010000000001000000000000000000000A00210000E78E163C2AA0D201000000000000000002000000280000000000000000000000000000000000000000000000000000000CCD0500000000000300000003000000 "C:\Users\camil\Documents\Jeux\Circa.Infinity.v1.1\CircaInfinity.exe"=0x5341435001000000000000000700000028000000000A260B5156270B01000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000008001000000000000000000000000000000000000020A0000000000000100000001000000 "C:\Users\camil\Downloads\pushbullet_installer.exe"=0x534143500100000000000000070000002800000090841A00743D1B0001000000000000000000030600010000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000F7429A00000000000100000001000000 "C:\Program Files (x86)\PhotoFiltre 7\PhotoFiltre7.exe"=0x5341435001000000000000000700000028000000001435000000000001000000000000000000000A61200000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000455D8D00000000000400000004000000 "C:\Users\camil\Downloads\dictionnaire_setup.exe"=0x5341435001000000000000000700000028000000C56523000000000001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000E8370000000000000100000001000000 "C:\Users\camil\Downloads\dic_anglais.exe"=0x534143500100000000000000070000002800000070503B000000000001000000000000000000000A41220000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000F3300000000000000100000001000000 "C:\Users\camil\Downloads\Souris-GOST-MS200-2541A-20161025.exe"=0x534143500100000000000000070000002800000015E6D3000000000001000000000000000000020600010000E63F486B2AA0D201000000000000000002000000280000000000000000000040000000000000000000000000000000000EBA0301000000000100000001000000 "SIGN.MEDIA=30C101BD VisiPics-1.31.exe"=0x534143500100000000000000070000002800000099B321000000000001000000000000000000020600010000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000043070000000000000100000001000000 "C:\Users\camil\Downloads\beatpad_installer.exe"=0x5341435001000000000000000700000028000000BF360203BBB0120001000000000000000000020600010000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000064000200000000000100000001000000 "C:\Users\camil\Downloads\ChromeSetup.exe"=0x5341435001000000000000000700000028000000583F11002342110001000000000000000000000A00210000E63F486B2AA0D2010000008100000000 "C:\Program Files (x86)\Avanquest\comCD\fr-fr\EnglishBerlitzTousNiveaux\elex\easylex.exe"=0x53414350010000000000000007000000280000000060130091D1130001000000000000000000000671000000E63F486B2AA0D20100000000000000000200000028000000000000000000001000100000000000000000000000000000F8801101000000000600000006000000 "C:\Users\camil\Documents\Jeux\Strata\Strata.exe"=0x5341435001000000000000000700000028000000003EAC000000000001000000000000000000030671200000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000B2500300000000000100000001000000 "SIGN.MEDIA=82740CD1 setup.exe"=0x53414350010000000000000007000000280000008B6610000000000001000000000000000000000A00210000E63F486B2AA0D201000000000000000002000000280000000000000000000000000000000000000000000000000000000EAB0800000000000100000001000000 "C:\Program Files (x86)\MS200 GAMING MOUSE\unins000.exe"=0x5341435001000000000000000700000028000000C99819000000000001000000000000000000030600010000E63F486B2AA0D20100000000000000000200000028000000000000000000000000020000000000000000000000000000D4300000000000000100000001000000 "SIGN.MEDIA=CE4FF7 setup.exe"=0x534143500100000000000000070000002800000015E6D3000000000001000000000000000000020600010000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000A57B1902000000000100000001000000 "C:\Games\Rise of the Tomb Raider - 20 Years Celebration\ROTTR.exe"=0x5341435001000000000000000700000028000000005847050000000001000000000000000000000A00210000E78E163C2AA0D2010000000000000000020000002800000000000000000000100000000000000000000000000000000055C91500000000000100000001000000 "C:\Users\camil\Documents\Jeux\PivvoPC\Pivvot.exe"=0x53414350010000000000000007000000280000000004B0000000000001000000000000000000030671200000E63F486B2AA0D201000000000000000002000000280000000000000000000000000000000000000000000000000000000AC10400000000000300000003000000 "SIGN.MEDIA=93B2B79E Ori and the Blind Forest - Definitive Edition [FitGirl Repack]\setup.exe"=0x5341435001000000000000000700000028000000A0935B000000000001000000000000000000010600010000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000A8F10900000000000100000001000000 "C:\Program Files (x86)\Steam\bin\steamservice.exe"=0x5341435001000000000000000700000028000000208B18002B12190001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000FC400100000000000200000002000000 "C:\Program Files\Windows Mail\wab.exe"=0x534143500100000000000000070000002800000000E40700173D080001000000010000000000000A63220000E78E163C2AA0D2010000000000000000 "C:\Program Files\Windows Mail\wabmig.exe"=0x5341435001000000000000000700000028000000000C01005D15010001000000010000000000000A63220000E78E163C2AA0D2010000000000000000 "SIGN.MEDIA=E2CC5713 setup.exe"=0x534143500100000000000000070000002800000069040C000000000001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000F4EA0500000000000100000001000000 "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"=0x5341435001000000000000000700000028000000584712001E19130001000000000000000000000A00210000E78E163C2AA0D2010000000100000000 "C:\Users\camil\Downloads\python-3.6.2.exe"=0x53414350010000000000000007000000280000004882D101C205D20101000000000000000000000A00210000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000065A20100000000000100000001000000 "C:\Users\camil\Downloads\qt-unified-windows-x86-3.0.0-online.exe"=0x534143500100000000000000070000002800000018593001CAA8300101000000000000000000030600010000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000020EF5300000000000200000002000000 "C:\Users\camil\AppData\Local\Programs\Python\Python36-32\Scripts\wheel.exe"=0x5341435001000000000000000700000028000000815D0100AA79010001000000000000000000000A71220000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000BB000000000000000100000001000000 "C:\Qt\Tools\QtCreator\bin\qtcreator.exe"=0x5341435001000000000000000700000028000000009C0C000000000001000000000000000000000A71220000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000090660200000000000100000001000000 "C:\Users\camil\Downloads\PyQt5-5.6-gpl-Py3.5-Qt5.6.0-x64-2.exe"=0x5341435001000000000000000700000028000000DEF038030000000001000000000000000000010600010000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000F0280100000000000200000002000000 "C:\Windows\pyw.exe"=0x534143500100000000000000070000002800000098940D00D7AB0D0001000000000000000000000A00210000E63F486B2AA0D201000000000000000002000000280000000000000000000000000000000000000000000000000000006D000000000000000100000001000000 "C:\Users\camil\Downloads\python-3.5.3-amd64.exe"=0x5341435001000000000000000700000028000000C8C2CD01B2BCCE0101000000000000000000000A00210000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000009BA0000000000000100000001000000 "C:\Windows\py.exe"=0x534143500100000000000000070000002800000098EA05006B0F060001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000502D0200000000000200000002000000 "C:\Program Files (x86)\The GodFather\TheGodFather.exe"=0x534143500100000000000000070000002800000000F0A8000000000001000000000000000000030671220000E63F486B2AA0D201000000000000000002000000280000000000000000000040000000000000000000000000000000002ED32B00000000000300000003000000 "C:\Users\camil\Downloads\Ex360E\Ex360E.exe"=0x534143500100000000000000070000002800000000E2000000000000010000000000000000000206F1220000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000C5CB0800000000000200000002000000 "C:\Users\camil\Downloads\Time Adjuster.exe"=0x5341435001000000000000000700000028000000A8430900A9160A0001000000000000000000010571200000E63F486B2AA0D201000000000000000002000000280000000000000000080040000000000000000000000000000000002A590700000000000100000001000000 "C:\Users\camil\Downloads\VisualSubSync-1.0.1-Setup.exe"=0x534143500100000000000000070000002800000045FD1D000000000001000000000000000000010571000000E63F486B2AA0D201000000000000000002000000280000000000000000080040000000000000000000000000000000008B6B0000000000000100000001000000 "C:\Users\camil\Downloads\SubtitleWorkshop_6.0b_131121_installer.exe"=0x53414350010000000000000007000000280000002A6E1F000000000001000000000000000000010600010000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000BBEB1300000000000200000002000000 "C:\Users\camil\Documents\Subtitle Workshop\SubtitleWorkshop.exe"=0x534143500100000000000000070000002800000000A40C000000000001000000000000000000030661200000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000FE177402000000000700000007000000 "C:\Users\camil\Downloads\windows-movie-maker-2016-multi.exe"=0x534143500100000000000000070000002800000000D273040000000001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000825E0F00000000000100000001000000 "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe"=0x5341435001000000000000000700000028000000C0DC010044B6020001000000000000000000030671220000E63F486B2AA0D2010000000000000000020000002800000000000000000000100000000000000000000000000000000097840200000000000100000001000000 "C:\Users\camil\Documents\Jeux\Aragami\setup_aragami_2.0.0.2.exe"=0x5341435001000000000000000700000028000000E828EF016649EF0101000000000000000000030600010000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000C2180B00000000000200000002000000 "C:\Users\camil\Downloads\SpotifySetup.exe"=0x5341435001000000000000000700000028000000D0520A007DBC0A0001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000FFB10A02000000000100000001000000 "C:\Users\camil\Downloads\QuickTimeInstaller.exe"=0x534143500100000000000000070000002800000040497F02DDC37F0201000000000000000000000A71220000E63F486B2AA0D201000000000000000002000000280000000000000000000000000000000000000000000000000000007EC50100000000000100000001000000 "C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe"=0x534143500100000000000000070000002800000040D912004791130001000000000000000000000A71200000E63F486B2AA0D201000000000000000002000000280000000000000000000010000000000000000000000000000000002C130300000000000100000001000000 "C:\Program Files (x86)\CyberLink\PowerDVD14\PDVDLP.exe"=0x534143500100000000000000070000002800000018950600B773070001000000000000000000000A71220000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000E46CD900000000000700000007000000 "C:\Users\camil\Downloads\DTLiteInstaller.exe"=0x5341435001000000000000000700000028000000D80F0C002B7C0C0001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000D2580900000000000100000001000000 "C:\Users\camil\Downloads\ISORecorder3.1.3.x64.msi"=0x534143500100000000000000070000002800000000E80000D238010001000000000000000000010500100000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000026330000000000000200000002000000 "C:\Program Files\Alex Feinman\ISO Recorder\ShellExec.exe"=0x53414350010000000000000007000000280000000062010098C7010001000000000000000000010671220000E63F486B2AA0D2010000000000000000020000002800000000000000000000001000000000000000000000000000000088060000000000000200000002000000 "C:\Program Files\DAEMON Tools Lite\DTLauncher.exe"=0x5341435001000000000000000700000028000000C00C34009022340001000000000000000000000A73220000E78E163C2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000C3889602000000000200000002000000 "C:\Users\camil\Downloads\Install JDownloader.exe"=0x5341435001000000000000000700000028000000508C040046FF040001000000000000000000030600010000E63F486B2AA0D201000000000000000002000000280000000000000000000040000000000000000000000000000000009BB10700000000000100000001000000 "C:\Users\camil\Downloads\RPCS3 (x64) v0.0.3 Alpha\rpcs3.exe"=0x534143500100000000000000070000002800000000D49F010000000001000000000000000000000A73220000E78E163C2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000042572C00000000000100000001000000 "C:\Users\camil\Downloads\Xenia\xenia.exe"=0x5341435001000000000000000700000028000000005C52000000000001000000000000000000000A73220000E78E163C2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000B7C44F00000000000700000007000000 "C:\Users\camil\Downloads\Create ISO\exiso.exe"=0x534143500100000000000000070000002800000000C400000000000001000000000000000000010671200000E63F486B2AA0D201000000000000000002000000280000000000000000000000000000000000000000000000000000008D000000000000000100000001000000 "C:\Users\camil\Downloads\Create ISO\Crear iso.exe"=0x53414350010000000000000007000000280000000010050000000000010000000000000000000106F5200000E78E163C2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000B7E70200000000000100000001000000 "C:\Program Files\DAEMON Tools Lite\DTLite.exe"=0x5341435001000000000000000700000028000000C00A2A00607F2A0001000000000000000000000A80210000E78E163C2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000012039102000000000400000004000000 "C:\Users\camil\Documents\Jeux\Circa.Infinity.v1.1\LAUNCHER.exe"=0x534143500100000000000000070000002800000000F8010003EC020001000000000000000000000A71220000E63F486B2AA0D20100000000000000000200000028000000000000008000000000000000000000000000000000000000AE340300000000000100000001000000 "C:\Program Files (x86)\Avanquest\comCD\fr-fr\EnglishBerlitzTousNiveaux\run.exe"=0x534143500100000000000000070000002800000000301A00753C1A0001000000000000000000020661200000E63F486B2AA0D20100000000000000000200000028000000000000000000001000100000000000000000000000000000B5D27900000000000200000002000000 "C:\Users\camil\AppData\Roaming\Spotify\Spotify.exe"=0x5341435001000000000000000700000028000000701AF200B998F20001000000000000000000000A00210000E63F486B2AA0D201000000000000000002000000280000000000000000000010000000000000000000000000000000000ED2BC04000000001800000018000000 "C:\Program Files\DAEMON Tools Lite\DTAgent.exe"=0x5341435001000000000000000700000028000000C0BA4D0064124E0001000000000000000000000A00210000E78E163C2AA0D201000000000000000002000000280000000000000000000000000000000000000000000000000000000C0B0000000000000100000001000000 "SIGN.MEDIA=3B7424 AUTORUN.EXE"=0x534143500100000000000000070000002800000000C001000000000001000000000000000000010571200000E63F486B2AA0D201000000000000000002000000280000000000000080000000200000000000000000000000000000008A5A0200000000000200000002000000 "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"=0x534143500100000000000000070000002800000060CA11002C5E120001000000000000000000000A71220000E63F486B2AA0D201000000000000000002000000280000000000000000000000000000000000000000000000000000000A010000000000000100000001000000 "SIGN.MEDIA=D06F34BC setup.exe"=0x53414350010000000000000007000000280000004BED42000000000001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000A99A0A00000000000100000001000000 "C:\Program Files (x86)\obs-studio\bin\64bit\obs64.exe"=0x5341435001000000000000000700000028000000C08D27009EFE270001000000000000000000000A73220000E78E163C2AA0D201000000000000000002000000280000000000000000000000000000000000000000000000000000002F050C03000000001000000010000000 "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe"=0x53414350010000000000000007000000280000006870060005DE060001000000000000000000000A71220000E63F486B2AA0D2010000000000000000020000002800000000000000000000400000000000000000000000000000000054BA0400000000000300000003000000 "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"=0x5341435001000000000000000700000028000000F0F721002B26220001000000000000000000000A00210000E63F486B2AA0D2010000000000000000020000002800000000000000000000100000000000000000000000000000000015D82000000000001600000016000000 "C:\Users\camil\Downloads\adwcleaner_7.0.1.0.exe"=0x5341435001000000000000000700000028000000C8E57C00C3187D0001000000000000000000000A00210000E63F486B2AA0D20100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000472F2C00000000000900000009000000 "C:\Users\camil\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.exe"=0x53414350010000000000000007000000280000000057E0033045E10301000000000000000000000A00210000E63F486B2AA0D201000000000000000002000000280000000000000000000000000000000000000000000000000000007A600B00000000000100000001000000 "C:\Users\camil\Downloads\ccsetup533.exe"=0x5341435001000000000000000700000028000000486995001FC5950001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000C21E0A00000000000100000001000000 "SIGN.MEDIA=6818E334 setup.exe"=0x5341435001000000000000000700000028000000FF9A4B000000000001000000000000000000010600010000E63F486B2AA0D2010000000000000000020000002800000000000000000000400000000000000000000000000000000029881E00000000000100000001000000 "C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\Common7\IDE\devenv.exe"=0x5341435001000000000000000700000028000000789E0A00F7ED0A0001000000000000000000000A00210000E63F486B2AA0D201000000C000000000 "C:\Program Files\Malwarebytes\Anti-Malware\malwarebytes_assistant.exe"=0x5341435001000000000000000700000028000000D0390B0088680B0001000000000000000000000A71220000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000BC000000000000000100000001000000 "C:\Program Files\CCleaner\uninst.exe"=0x5341435001000000000000000700000028000000C0A40200CF37030003000000000000000000000A00210000E63F486B2AA0D201000000000000000002000000280000000000000000000000000000000000000000000000000000006A250000000000000100000001000000 "C:\Program Files (x86)\Avanquest\comCD\fr-fr\EnglishBerlitzTousNiveaux\unins000.exe"=0x5341435001000000000000000700000028000000DF3D12000000000003000000000000000000020600010000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000054B00000000000000100000001000000 "C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe"=0x5341435001000000000000000700000028000000D03112002E6B120001000000000000000000000A00210000E63F486B2AA0D201000000000000000002000000280000000000000000000000000000000000000000000000000000005F8F0000000000000100000001000000 "C:\Users\camil\Downloads\RapidTyping_Setup_5.2.exe"=0x5341435001000000000000000700000028000000AD9CF9000000000001000000000000000000000A00210000E63F486B2AA0D201000000000000000002000000280000000000000000000040000000000000000000000000000000003C5C0600000000000100000001000000 "C:\Program Files\RapidTyping 5\RapidTyping.exe"=0x534143500100000000000000070000002800000000682A000000000001000000000000000000000A73220000E78E163C2AA0D201000000000000000002000000280000000000000000000000000000000000000000000000000000004AC00500000000000100000001000000 "C:\Program Files (x86)\LibreOffice 5\program\scalc.exe"=0x534143500100000000000000070000002800000068000100C527010001000000000000000000000A71220000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000F9E10C00000000000200000002000000 "C:\Users\camil\Desktop\mb3-setup-35891.35891-3.1.2.1733-1.0.139-1.0.2060.exe"=0x534143500100000000000000070000002800000088F5D003E57BD10301000000000000000000000A00210000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000084D40700000000000400000004000000 "C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe"=0x5341435001000000000000000700000028000000C88243003263440001000000000000000000000A00210000E78E163C2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000BD0D0300000000000100000001000000 "C:\Users\camil\Desktop\Anti-Malware\mbam.exe"=0x5341435001000000000000000700000028000000D0398200F3CD820001000000000000000000000A71220000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000050EC0E00000000000300000003000000 "C:\Users\camil\Desktop\adwcleaner_7.0.1.0.exe"=0x5341435001000000000000000700000028000000C8E57C00C3187D0001000000000000000000000A00210000E63F486B2AA0D2010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000036F11700000000000300000003000000 "C:\Users\camil\Downloads\FRST64.exe"=0x5341435001000000000000000700000028000000008E2400698D240001000000000000000000000A00210000E78E163C2AA0D2010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000082070000000000000100000001000000 "C:\Users\camil\Desktop\FRST64.exe"=0x5341435001000000000000000700000028000000008E2400698D240001000000000000000000000A00210000E78E163C2AA0D2010000000000000000020000002800000000000000000000400000000000000000000000000000000078C80F00000000000200000002000000 "C:\Users\camil\Desktop\Anti-Malware\malwarebytes_assistant.exe"=0x5341435001000000000000000700000028000000D0390B0088680B0001000000000000000000000A71220000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000DB000000000000000200000002000000 "C:\Users\camil\Desktop\UsbFix.exe"=0x534143500100000000000000070000002800000030593A0068F33A0001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000C8DD0100000000000300000003000000 "C:\UsbFix\UsbFix.exe"=0x534143500100000000000000070000002800000040081C003FF61C0001000000000000000000000A00210000E63F486B2AA0D20100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000806D0300000000000400000004000000 "C:\UsbFix\Un-UsbFix.exe"=0x534143500100000000000000070000002800000055AE040068F33A0001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000AF020000000000000100000001000000 "C:\Users\camil\Desktop\QuickDiag.exe"=0x5341435001000000000000000700000028000000A83547001933480001000000000000000000000A00210000E63F486B2AA0D2010000000000000000 ---------- | IFEO ---------- | Mountpoints2 ---------- | Windows [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] ""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "Beep"=#USR:Control Panel\Sound "CoolSwitch"=USR:Control Panel\Desktop "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickSpeed"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse "Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SwapMouseButtons"=#USR:Control Panel\Mouse "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "Beep"=#USR:Control Panel\Sound "CoolSwitch"=USR:Control Panel\Desktop "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickSpeed"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SwapMouseButtons"=#USR:Control Panel\Mouse "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems] "windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ---------- | Security center [HKLM\SOFTWARE\Microsoft\Security Center] "cval"=1 [HKLM\SOFTWARE\Microsoft\Security Center\svc] "VistaSp1"=131440007173825311 [HKLM\SOFTWARE\Microsoft\Windows Defender] "ProductAppDataPath"=C:\ProgramData\Microsoft\Windows Defender "ProductIcon"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-100 "ProductLocalizedName"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-1000 "RemediationExe"=%ProgramFiles%\Windows Defender\MSASCui.exe "DisableAntiSpyware"=1 "TrustedImageIdentifier"=17WW1TTT605#SABF#DABF "ProductType"=2 "InstallLocation"=C:\Program Files\Windows Defender\ "ProductStatus"=0 "DisableAntiVirus"=1 "InstallTime"=0x806894E57DB2D201 "OOBEInstallTime"=0x89A1C92FFFF7D201 "ManagedDefenderProductType"=0 "OneTimeSqmDataSent"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall"=1 ---------- | Safeboot [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicDisplay.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicRender.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BrokerInfrastructure] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DeviceInstall] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dxgkrnl.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FsDepends.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LSM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SystemEventsBroker] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicDisplay.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicRender.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BrokerInfrastructure] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DeviceInstall] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dxgkrnl.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\FsDepends.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LSM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetSetupSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmartcardSimulator] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SpbCx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SystemEventsBroker] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TileDataModelSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\uefi.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VirtualSmartcardReader] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wcmsvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}] ---------- | Winsock (Whitelist) ---------- | Hosts ---------- | Ping Envoi d'une requ?te 'ping' sur google.com [2a00:1450:4007:80e::200e] avec 32 octets de donn?es?: R?ponse de 2a00:1450:4007:80e::200e?: temps=39 ms R?ponse de 2a00:1450:4007:80e::200e?: temps=40 ms R?ponse de 2a00:1450:4007:80e::200e?: temps=39 ms R?ponse de 2a00:1450:4007:80e::200e?: temps=39 ms Statistiques Ping pour 2a00:1450:4007:80e::200e: Paquets?: envoy?s = 4, re?us = 4, perdus = 0 (perte 0%), Dur?e approximative des boucles en millisecondes : Minimum = 39ms, Maximum = 40ms, Moyenne = 39ms ---------- | @ [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Microsoft\Internet Explorer\Main] "Anchor Underline"=yes "Cache_Update_Frequency"=yes "Disable Script Debugger"=yes "DisableScriptDebuggerIE"=yes "Display Inline Images"=yes "Do404Search"=0x01000000 "Local Page"=%11%\blank.htm "Save_Session_History_On_Exit"=no "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Show_FullURL"=no "Show_StatusBar"=yes "Show_ToolBar"=yes "Show_URLinStatusBar"=yes "Show_URLToolBar"=yes "Use_DlgBox_Colors"=yes "UseClearType"=no "XMLHTTP"=1 "Enable Browser Extensions"=yes "Play_Background_Sounds"=yes "Play_Animations"=yes "Start Page"=http://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131078117292702503&GUID=469E65F4-B17B-4C2F-8172-BA9CE42D3C94 "Default_Page_URL"=http://hp17win10.msn.com/?pc=HCTE "FormSuggest Passwords"=no "FormSuggest PW Ask"=no "ImageStoreRandomFolder"=rif1p5z "OperationalData"=13 "CompatibilityFlags"=0 "FullScreen"=no "Window_Placement"=0x2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF2400000024000000D4040000C7020000 "Start Page_TIMESTAMP"=0xBD89F82336FAD201 "SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy"=0x0100000076000000FA9ABB38BD41788C7EBEE28C98D472E2BD3B3ABD46DF2B342B38DC668DCF752D6C8B970CF1EFEC4BC57A9DE82E24BE815687506CE2B75B3554960984A2ED2BD13B2353BA9C22D401E675E8DF616B0724AAC8F326C0B1DDF99ED772670A64569926128405A04BF3A22E95750156A5FF0044234BF958F4020000000E0000007354454430725555576B34253364 "IE10RunOncePerInstallCompleted"=1 "IE10RunOnceCompletionTime"=0x6BD795B6F7F7D201 "IE10TourShown"=1 "IE10TourShownTime"=0x6BD795B6F7F7D201 "Use FormSuggest"=yes "IE11EdgeNotifyTime"=0x696452AFC000D301 "EdgeReminderRemainingCount"=5 "TabShutdownDelay"=0 "AutoHide"=yes [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Microsoft\Windows\CurrentVersion\Internet settings] "DisableCachingOfSSLPages"=0 "IE5_UA_Backup_Flag"=5.0 "PrivacyAdvanced"=1 "SecureProtocols"=2688 "CertificateRevocation"=1 "User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32) "EnableNegotiate"=1 "MigrateProxy"=1 "ProxyEnable"=0 "ZonesSecurityUpgrade"=0x6BD795B6F7F7D201 "WarnonZoneCrossing"=0 [HKLM\Software\Microsoft\Internet Explorer\Main] "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "AutoHide"=yes "Anchor_Visitation_Horizon"=0x01000000 "Cache_Percent_of_Disk"=0x0A000000 "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Secondary_Page_URL"= "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "Extensions Off Page"=about:NoAdd-ons "Local Page"=C:\Windows\System32\blank.htm "Placeholder_Height"=0x1A000000 "Placeholder_Width"=0x1A000000 "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Security Risk Page"=about:SecurityRisk "Use_Async_DNS"=yes "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE "Default_Page_URL"=http://hp17win10.msn.com/?pc=HCTE "Start Page"=http://hp17win10.msn.com/?pc=HCTE [HKLM\Software\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "Home"=270 "InPrivate"=res://ieframe.dll/inprivate.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "PostNotCached"=res://ieframe.dll/repost.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes] "ftp"=ftp:// "home"=http:// "mosaic"=http:// "www"=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings] "ActiveXCache"=C:\Windows\Downloaded Program Files "CodeBaseSearchPath"=CODEBASE "EnablePunycode"=1 "MinorVersion"=0 "WarnOnIntranet"=1 [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Main] "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "AutoHide"=yes "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Anchor_Visitation_Horizon"=0x01000000 "Cache_Percent_of_Disk"=0x0A000000 "Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Secondary_Page_URL"= "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "Extensions Off Page"=about:NoAdd-ons "Local Page"=C:\Windows\SysWOW64\blank.htm "Placeholder_Height"=0x1A000000 "Placeholder_Width"=0x1A000000 "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Security Risk Page"=about:SecurityRisk "Use_Async_DNS"=yes "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "Home"=270 "InPrivate"=res://ieframe.dll/inprivate.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "PostNotCached"=res://ieframe.dll/repost.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes] "ftp"=ftp:// "home"=http:// "mosaic"=http:// "www"=http:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet settings] "ActiveXCache"=C:\Windows\Downloaded Program Files "CodeBaseSearchPath"=CODEBASE "EnablePunycode"=1 "MinorVersion"=0 "WarnOnIntranet"=1 ---------- | Proxy [HKLM\System\CurrentControlSet\Services\NLASVC\Parameters\Internet\Manualproxies] ---------- | reparsepoint ---------- | Detection of offsets ---------- | Notify ---------- | Execution FileExts [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.azl] "Progid"=Amazon.Kindle.content [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.azm] "Progid"=Amazon.Kindle.magazine.content [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.azn] "Progid"=Amazon.Kindle.newspaper.content [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.azs] "Progid"=Amazon.Kindle.content [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.azw] "Progid"=Amazon.Kindle.content [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.azw4] "Progid"=Amazon.Kindle.content [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mobi] "Progid"=Amazon.Kindle.content [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.prc] "Progid"=Amazon.Kindle.content [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tpz] "Progid"=Amazon.Kindle.content ---------- | SIOI | SEH | URLSH [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ GoogleDriveBlacklisted] - {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} -- C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [21/06/2017 21:13:58] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ GoogleDriveSynced] - {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} -- C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [21/06/2017 21:13:58] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ GoogleDriveSyncing] - {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} -- C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [21/06/2017 21:13:58] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro1 (ErrorConflict)] - {8BA85C75-763B-4103-94EB-9470F12FE0F7} -- C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [06/04/2017 08:10:08] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro2 (SyncInProgress)] - {CD55129A-B1A1-438E-A425-CEBC7DC684EE} -- C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [06/04/2017 08:10:08] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro3 (InSync)] - {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} -- C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [06/04/2017 08:10:08] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} -- C:\Windows\System32\EhStorShell.dll [18/03/2017 22:57:23] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks] "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"= ---------- | Toolbar [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "Locked"=1 [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} "KnownProvidersUpgradeTime"=0x6BD795B6F7F7D201 "Version"=5 "UpgradeTime"=0x6BD795B6F7F7D201 [HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=0x00 [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Toolbar] "{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=0x00 [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} ---------- | Extensions [HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{25510184-5A38-4A99-B273-DCA8EEF6CD08}] : (@C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102) - [] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}] : (Se&nd to OneNote) - [] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] : (Lync Click to Call) - [] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}] : (OneNote Lin&ked Notes) - [] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{25510184-5A38-4A99-B273-DCA8EEF6CD08}] : (@C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102) - [] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}] : (Se&nd to OneNote) - [] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}] : (OneNote Lin&ked Notes) - [] ---------- | SearchScopes [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (Bing) - http://www.bing.com/search?q={searchTerms}&form=PRHPC1&src=IE11TR&pc=HCTE : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (Bing) - http://www.bing.com/search?q={searchTerms}&form=PRHPC1&src=IE11TR&pc=HCTE : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (Bing) - http://www.bing.com/search?q={searchTerms}&form=PRHPC1&src=IE11TR&pc=HCTE : ---------- | Browser Helper Objects [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] -> () : [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}] -> (Adobe Acrobat Create PDF Helper) : C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [28/03/2017 19:24:52] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}] -> () : [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}] -> (HP Network Check Helper) : C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [21/09/2016 22:09:56] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}] -> (Adobe Acrobat Create PDF from Selection) : C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [28/03/2017 19:24:52] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] -> (Adobe PDF Link Helper) : C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [23/09/2012 20:43:54] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] -> (Java(tm) Plug-In SSV Helper) : C:\Program Files (x86)\Java\jre1.8.0_141\bin\ssv.dll [19/07/2017 20:46:08] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}] -> (Adobe Acrobat Create PDF Helper) : C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [28/03/2017 19:24:52] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] -> (Java(tm) Plug-In 2 SSV Helper) : C:\Program Files (x86)\Java\jre1.8.0_141\bin\jp2ssv.dll [19/07/2017 20:46:08] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}] -> (HP Network Check Helper) : C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [21/09/2016 22:09:56] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}] -> (Adobe Acrobat Create PDF from Selection) : C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [28/03/2017 19:24:52] ---------- | Chrome C:\Users\camil\AppData\Local\Google\Chrome\User Data\Default\extensions\aohghmighlieiainnegkcijnfilokake = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\camil\AppData\Local\Google\Chrome\User Data\Default\extensions\apdfllckaahabafndbhieahigkjlhalf = : Google & co - https://drive.google.com/?usp=chrome_app - Google & co - [http://docs.google.com/http://drive.google.com/https://docs.google.com/https://drive.google.com/] - https://clients2.google.com/service/update2/crx C:\Users\camil\AppData\Local\Google\Chrome\User Data\Default\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo = : Google & co - http://www.youtube.com - http://www.youtube.com - Google & co - http://clients2.google.com/service/update2/crx C:\Users\camil\AppData\Local\Google\Chrome\User Data\Default\extensions\efaidnbmnnnibpcajpcglclefindmkaj = : __MSG_web2pdfExtnDescription__ - __MSG_web2pdfExtnName__ - https://clients2.google.com/service/update2/crx C:\Users\camil\AppData\Local\Google\Chrome\User Data\Default\extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi = : __MSG_extDesc__ - __MSG_extName__ - https://clients2.google.com/service/update2/crx C:\Users\camil\AppData\Local\Google\Chrome\User Data\Default\extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh = : Open Drive files directly from your browser in compatible applications installed on your computer. - short_name: Google Drive App Launcher - https://clients2.google.com/service/update2/crx C:\Users\camil\AppData\Local\Google\Chrome\User Data\Default\extensions\nmmhkkegccagdldgiimedpiccmgmieda = : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx C:\Users\camil\AppData\Local\Google\Chrome\User Data\Default\extensions\pjkljhegncpnkpknbcohdijeoejaedia = : Google & co - https://mail.google.com/mail/ca - Google & co - [*://mail.google.com/mail/ca] - http://clients2.google.com/service/update2/crx C:\Users\camil\AppData\Local\Google\Chrome\User Data\Default\extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm = : Provider for discovery and services for mirroring of Chrome Media Router - Chrome Media Router - 919648714761-55j965o0km033psv3i9qls5mo3qtdrb0.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Google\Chrome\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh] [HKLM\Software\WOW6432Node\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj] ---------- | Opera ---------- | Firefox [HKLM\Software\WOW6432Node\mozilla\Firefox\Extensions] "web2pdfextension.15@web2pdf.adobedotcom"=C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer] - (Adobe® Flash® Player 26.0.0.131 Plugin) : C:\windows\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll [HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] - (Ag Player Plugin) : c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect] - () : C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@adobe.com/FlashPlayer] - (Adobe® Flash® Player 26.0.0.131 Plugin) : C:\windows\SysWoW64\Macromed\Flash\NPSWF32_26_0_0_131.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.141.2] - (Java™ Deployment Toolkit) : C:\Program Files (x86)\Java\jre1.8.0_141\bin\dtplugin\npDeployJava1.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.141.2] - (Oracle® Next Generation Java™ Plug-In) : C:\Program Files (x86)\Java\jre1.8.0_141\bin\plugin2\npjp2.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] - (Ag Player Plugin) : c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0] - (Microsoft SharePoint Plug-in for Firefox) : C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331] - (WLPG Install MIME type) : C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@nvidia.com/3DVision] - (NVIDIA stereo images plugin for Mozilla browsers) : C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming] - (NVIDIA 3D Vision Streaming plugin for Mozilla browsers) : C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.6] - (VLC Multimedia Plugin) : C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [HKLM\Software\WOW6432Node\MozillaPlugins\Adobe Acrobat] - (Handles PDFs in-place in Firefox) : C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [HKLM\Software\WOW6432Node\MozillaPlugins\Adobe Reader] - (Handles PDFs in-place in Firefox) : C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [HKLM\Software\WOW6432Node\MozillaPlugins\adobe.com/AdobeAAMDetect] - () : C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll C:\Users\camil\AppData\Roaming\Mozilla\Firefox\Profiles\605p0kbw.default-1500790542260\Prefs.js user_pref("browser.startup.homepage", "google.fr/"); user_pref("browser.startup.homepage_override.buildID", "20170628075643"); user_pref("browser.startup.homepage_override.mstone", "54.0.1"); user_pref("extensions.adblockplus.currentVersion", "2.9.1"); user_pref("extensions.adblockplus.notificationdata", "{\"lastCheck\":1503512982202,\"softExpiration\":1503563322930,\"hardExpiration\":1503653150065,\"data\":{\"notifications\":[],\"version\":\"201708230925\"},\"lastError\":0,\"downloadStatus\":\"synchronize_ok\",\"downloadCount\":23}"); user_pref("extensions.adblockultimate@adblockultimate.net.app-version", "2.26"); user_pref("extensions.adblockultimate@adblockultimate.net.block-list-domains", "[]"); user_pref("extensions.adblockultimate@adblockultimate.net.client-id", "pWhlkg4O90744863"); user_pref("extensions.adblockultimate@adblockultimate.net.filters-state", "{\"2\":{\"loaded\":true,\"enabled\":true,\"installed\":true},\"7\":{\"loaded\":true,\"enabled\":true,\"installed\":true},\"113\":{\"loaded\":true,\"enabled\":true,\"installed\":true}}"); user_pref("extensions.adblockultimate@adblockultimate.net.filters-version", "{\"2\":{\"version\":\"1.1.28.14\",\"lastCheckTime\":1502907959986,\"lastUpdateTime\":1502902831192},\"7\":{\"version\":\"1.0.93.8\",\"lastCheckTime\":1502722898919,\"lastUpdateTime\":1502368858973},\"113\":{\"version\":\"1.0.85.80\",\"lastCheckTime\":1502907960914,\"lastUpdateTime\":1502904707260}}"); user_pref("extensions.adblockultimate@adblockultimate.net.page-statistic", "{\"totalBlocked\":44869}"); user_pref("extensions.adblockultimate@adblockultimate.net.sb-cache", "{}"); user_pref("extensions.adblockultimate@adblockultimate.net.user-rank", 2); user_pref("extensions.adblockultimate@adblockultimate.net.white-list-domains", "[\"francais-gratuite.fr\",\"www.receive-sms-online.info\",\"www.passetoncode.fr\",\"soundiiz.com\",\"viid.me\"]"); user_pref("extensions.blocklist.pingCountTotal", 28); user_pref("extensions.blocklist.pingCountVersion", 28); user_pref("extensions.bootstrappedAddons", "{\"{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\":{\"version\":\"2.9.1\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\camil\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\605p0kbw.default-1500790542260\\\\extensions\\\\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi\",\"multiprocessCompatible\":true,\"runInSafeMode\":false,\"dependencies\":[],\"hasEmbeddedWebExtension\":true},\"{07046613-1993-4b66-9dd1-9dd1ce581cb7}\":{\"version\":\"0.1.6\",\"type\":\"webextension\",\"descriptor\":\"C:\\\\Users\\\\camil\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\605p0kbw.default-1500790542260\\\\extensions\\\\{07046613-1993-4b66-9dd1-9dd1ce581cb7}.xpi\",\"multiprocessCompatible\":true,\"runInSafeMode\":false,\"dependencies\":[],\"hasEmbeddedWebExtension\":false},\"jid1-BYcQOfYfmBMd9A@jetpack\":{\"version\":\"335\",\"type\":\"webextension\",\"descriptor\":\"C:\\\\Users\\\\camil\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\605p0kbw.default-1500790542260\\\\extensions\\\\jid1-BYcQOfYfmBMd9A@jetpack.xpi\",\"multiprocessCompatible\":true,\"runInSafeMode\":false,\"dependencies\":[],\"hasEmbeddedWebExtension\":false},\"firefox@getsharex.com\":{\"version\":\"1.0.0\",\"type\":\"webextension\",\"descriptor\":\"C:\\\\Users\\\\camil\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\605p0kbw.default-1500790542260\\\\extensions\\\\firefox@getsharex.com.xpi\",\"multiprocessCompatible\":true,\"runInSafeMode\":false,\"dependencies\":[],\"hasEmbeddedWebExtension\":false},\"aushelper@mozilla.org\":{\"version\":\"2.0\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\aushelper@mozilla.org.xpi\",\"multiprocessCompatible\":true,\"runInSafeMode\":true,\"dependencies\":[],\"hasEmbeddedWebExtension\":false},\"firefox@getpocket.com\":{\"version\":\"1.0.5\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\firefox@getpocket.com.xpi\",\"multiprocessCompatible\":true,\"runInSafeMode\":true,\"dependencies\":[],\"hasEmbeddedWebExtension\":false},\"screenshots@mozilla.org\":{\"version\":\"6.6.0\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\screenshots@mozilla.org.xpi\",\"multiprocessCompatible\":true,\"runInSafeMode\":true,\"dependencies\":[],\"hasEmbeddedWebExtension\":false},\"webcompat@mozilla.org\":{\"version\":\"1.1\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\webcompat@mozilla.org.xpi\",\"multiprocessCompatible\":true,\"runInSafeMode\":true,\"dependencies\":[],\"hasEmbeddedWebExtension\":false},\"followonsearch@mozilla.com\":{\"version\":\"0.9.1\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\camil\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\605p0kbw.default-1500790542260\\\\features\\\\{25448bab-839e-4b00-aea8-d2b6d4efb56d}\\\\followonsearch@mozilla.com.xpi\",\"multiprocessCompatible\":true,\"runInSafeMode\":true,\"dependencies\":[],\"hasEmbeddedWebExtension\":false},\"shield-recipe-client@mozilla.org\":{\"version\":\"1.0.0\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\camil\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\605p0kbw.default-1500790542260\\\\features\\\\{25448bab-839e-4b00-aea8-d2b6d4efb56d}\\\\shield-recipe-client@mozilla.org.xpi\",\"multiprocessCompatible\":true,\"runInSafeMode\":true,\"dependencies\":[],\"hasEmbeddedWebExtension\":false},\"e10srollout@mozilla.org\":{\"version\":\"1.85\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\camil\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\605p0kbw.default-1500790542260\\\\features\\\\{25448bab-839e-4b00-aea8-d2b6d4efb56d}\\\\e10srollout@mozilla.org.xpi\",\"multiprocessCompatible\":true,\"runInSafeMode\":true,\"dependencies\":[],\"hasEmbeddedWebExtension\":false},\"jid1-W88hD8Mk8QGz3w@jetpack\":{\"version\":\"0.1.0.1-signed.1-signed\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\camil\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\605p0kbw.default-1500790542260\\\\extensions\\\\jid1-W88hD8Mk8QGz3w@jetpack.xpi\",\"multiprocessCompatible\":false,\"runInSafeMode\":false,\"dependencies\":[],\"hasEmbeddedWebExtension\":false},\"spvk@jetpack\":{\"version\":\"0.0.19.1-signed.1-signed\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\camil\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\605p0kbw.default-1500790542260\\\\extensions\\\\spvk@jetpack.xpi\",\"multiprocessCompatible\":false,\"runInSafeMode\":false,\"dependencies\":[],\"hasEmbeddedWebExtension\":false},\"adblockultimate@adblockultimate.net\":{\"version\":\"2.28\",\"type\":\"webextension\",\"descriptor\":\"C:\\\\Users\\\\camil\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\605p0kbw.default-1500790542260\\\\extensions\\\\adblockultimate@adblockultimate.net.xpi\",\"multiprocessCompatible\":true,\"runInSafeMode\":false,\"dependencies\":[],\"hasEmbeddedWebExtension\":false}}"); user_pref("extensions.databaseSchema", 19); user_pref("extensions.e10s.rollout.blocklist", ""); user_pref("extensions.e10s.rollout.hasAddon", true); user_pref("extensions.e10s.rollout.policy", "50allmpc"); user_pref("extensions.e10sBlockedByAddons", true); user_pref("extensions.e10sMultiBlockedByAddons", true); user_pref("extensions.enabledAddons", "addictive_typing_lessons%40tomkennedy.net:4.2,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:54.0.1"); user_pref("extensions.getAddons.cache.lastUpdate", 1503500671); user_pref("extensions.getAddons.databaseSchema", 5); user_pref("extensions.hotfix.lastVersion", "20170302.01"); user_pref("extensions.lastAppVersion", "54.0.1"); user_pref("extensions.lastPlatformVersion", "54.0.1"); user_pref("extensions.pendingOperations", false); user_pref("extensions.pocket.settings.fsv1", "9ddce1a6815bef777526f9db9a3ea391247dc113"); user_pref("extensions.pocket.settings.latestSince", "1500893074"); user_pref("extensions.pocket.settings.premium_status", "0"); user_pref("extensions.pocket.settings.tags", "[\"culture\",\"liste\",\"peur\",\"peurs\",\"phobie\",\"phobies\",\"wikipedia\",\"astuce\",\"code\",\"informatique\",\"clavier\",\"raccourci\",\"raccourcis\",\"cuisine\",\"far\",\"recette\",\"jeu\",\"meat boy\",\"smb\",\"soluce\",\"super meat\",\"cours\",\"entrées\",\"java\",\"langage\",\"openclassrooms\",\"programmation\",\"variables\",\"c++\",\"codage\",\"programmer\",\"pdf\",\"lorde\",\"lyrics\",\"paroles\",\"yellow flicker\",\"games\",\"igg\",\"jeux\",\"télécharger\",\"bilingue\",\"tardigrade\",\"programme\",\"adobe\",\"crack\",\"logiciel\",\"alt\",\"high tech\",\"recovery\",\"smartphone\",\"tuto\",\"classification\",\"rang\",\"taxo\",\"game save\",\"gamesave\",\"sauvegarde\"]"); user_pref("extensions.shield-recipe-client.api_url", "https://normandy.cdn.mozilla.net/api/v1"); user_pref("extensions.shield-recipe-client.dev_mode", false); user_pref("extensions.shield-recipe-client.enabled", true); user_pref("extensions.shield-recipe-client.logging.level", 50); user_pref("extensions.shield-recipe-client.startup_delay_seconds", 300); user_pref("extensions.shield-recipe-client.user_id", "74210194-ab00-4964-bc71-e985087dadea"); user_pref("extensions.systemAddonSet", "{\"schema\":1,\"directory\":\"{25448bab-839e-4b00-aea8-d2b6d4efb56d}\",\"addons\":{\"followonsearch@mozilla.com\":{\"version\":\"0.9.1\"},\"shield-recipe-client@mozilla.org\":{\"version\":\"1.0.0\"},\"e10srollout@mozilla.org\":{\"version\":\"1.85\"}}}"); user_pref("extensions.ui.dictionary.hidden", true); user_pref("extensions.ui.experiment.hidden", true); user_pref("extensions.ui.lastCategory", "addons://list/extension"); user_pref("extensions.ui.locale.hidden", true); user_pref("extensions.webextensions.uuids", "{\"{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\":\"599ef179-e90f-4b95-9183-e5bcd50e2091\",\"{07046613-1993-4b66-9dd1-9dd1ce581cb7}\":\"ce18daf0-bdb6-4611-8144-9d41c88913b7\",\"jid1-BYcQOfYfmBMd9A@jetpack\":\"fe743bf4-e4ba-4b4d-ad98-609b4be88ca9\",\"firefox@getsharex.com\":\"61cec9ff-2b9d-42fc-89b0-c99a35fb0f4e\",\"{52114cbe-92a2-4828-8b44-109c35fbc0e7}\":\"dbf6bc6f-e69b-49a8-8bdd-1b8041b35bbd\",\"adblockultimate@adblockultimate.net\":\"34887fcd-ed57-4932-b165-b2e251ca6916\"}"); user_pref("extensions.xpiState", "{\"app-profile\":{\"adblockultimate@adblockultimate.net\":{\"d\":\"C:\\\\Users\\\\camil\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\605p0kbw.default-1500790542260\\\\extensions\\\\adblockultimate@adblockultimate.net.xpi\",\"e\":true,\"v\":\"2.28\",\"st\":1503068684447},\"addictive_typing_lessons@tomkennedy.net\":{\"d\":\"C:\\\\Users\\\\camil\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\605p0kbw.default-1500790542260\\\\extensions\\\\addictive_typing_lessons@tomkennedy.net.xpi\",\"e\":true,\"v\":\"4.2\",\"st\":1500892875618},\"firefox@getsharex.com\":{\"d\":\"C:\\\\Users\\\\camil\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\605p0kbw.default-1500790542260\\\\extensions\\\\firefox@getsharex.com.xpi\",\"e\":true,\"v\":\"1.0.0\",\"st\":1500877970115},\"jid1-BYcQOfYfmBMd9A@jetpack\":{\"d\":\"C:\\\\Users\\\\camil\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\605p0kbw.default-1500790542260\\\\extensions\\\\jid1-BYcQOfYfmBMd9A@jetpack.xpi\",\"e\":true,\"v\":\"335\",\"st\":1500823275538},\"jid1-W88hD8Mk8QGz3w@jetpack\":{\"d\":\"C:\\\\Users\\\\camil\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\605p0kbw.default-1500790542260\\\\extensions\\\\jid1-W88hD8Mk8QGz3w@jetpack.xpi\",\"e\":true,\"v\":\"0.1.0.1-signed.1-signed\",\"st\":1501255226130},\"spvk@jetpack\":{\"d\":\"C:\\\\Users\\\\camil\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\605p0kbw.default-1500790542260\\\\extensions\\\\spvk@jetpack.xpi\",\"e\":true,\"v\":\"0.0.19.1-signed.1-signed\",\"st\":1501605712719},\"{07046613-1993-4b66-9dd1-9dd1ce581cb7}\":{\"d\":\"C:\\\\Users\\\\camil\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\605p0kbw.default-1500790542260\\\\extensions\\\\{07046613-1993-4b66-9dd1-9dd1ce581cb7}.xpi\",\"e\":true,\"v\":\"0.1.6\",\"st\":1500790739026},\"{52114cbe-92a2-4828-8b44-109c35fbc0e7}\":{\"d\":\"C:\\\\Users\\\\camil\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\605p0kbw.default-1500790542260\\\\extensions\\\\{52114cbe-92a2-4828-8b44-109c35fbc0e7}.xpi\",\"e\":false,\"v\":\"0.0.2.5\",\"st\":1501255256221},\"{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\":{\"d\":\"C:\\\\Users\\\\camil\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\605p0kbw.default-1500790542260\\\\extensions\\\\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi\",\"e\":true,\"v\":\"2.9.1\",\"st\":1500790669307}},\"app-system-addons\":{\"e10srollout@mozilla.org\":{\"d\":\"C:\\\\Users\\\\camil\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\605p0kbw.default-1500790542260\\\\features\\\\{25448bab-839e-4b00-aea8-d2b6d4efb56d}\\\\e10srollout@mozilla.org.xpi\",\"e\":true,\"v\":\"1.85\",\"st\":1500964028729},\"followonsearch@mozilla.com\":{\"d\":\"C:\\\\Users\\\\camil\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\605p0kbw.default-1500790542260\\\\features\\\\{25448bab-839e-4b00-aea8-d2b6d4efb56d}\\\\followonsearch@mozilla.com.xpi\",\"e\":true,\"v\":\"0.9.1\",\"st\":1500964028462},\"shield-recipe-client@mozilla.org\":{\"d\":\"C:\\\\Users\\\\camil\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\605p0kbw.default-1500790542260\\\\features\\\\{25448bab-839e-4b00-aea8-d2b6d4efb56d}\\\\shield-recipe-client@mozilla.org.xpi\",\"e\":true,\"v\":\"1.0.0\",\"st\":1500964028513}},\"app-system-defaults\":{\"aushelper@mozilla.org\":{\"d\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\aushelper@mozilla.org.xpi\",\"e\":true,\"v\":\"2.0\",\"st\":1499454737031},\"e10srollout@mozilla.org\":{\"d\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\e10srollout@mozilla.org.xpi\",\"e\":true,\"v\":\"1.50\",\"st\":1499454737029},\"firefox@getpocket.com\":{\"d\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\firefox@getpocket.com.xpi\",\"e\":true,\"v\":\"1.0.5\",\"st\":1499454737026},\"screenshots@mozilla.org\":{\"d\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\screenshots@mozilla.org.xpi\",\"e\":true,\"v\":\"6.6.0\",\"st\":1496962879000},\"webcompat@mozilla.org\":{\"d\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\webcompat@mozilla.org.xpi\",\"e\":true,\"v\":\"1.1\",\"st\":1499454737017}},\"app-global\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"d\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi\",\"e\":false,\"v\":\"54.0.1\",\"st\":1499454737087}},\"winreg-app-global\":{\"web2pdfextension.15@web2pdf.adobedotcom\":{\"d\":\"C:\\\\Program Files (x86)\\\\Adobe\\\\Acrobat 11.0\\\\Acrobat\\\\Browser\\\\WCFirefoxExtn\",\"e\":false,\"v\":\"2.01.01\",\"st\":1500061608186,\"mt\":1490721894000}}}"); user_pref("services.sync.extension-storage.lastSync", "0"); user_pref("services.sync.extension-storage.lastSyncLocal", "0"); [Profile0] - Name=default -> Profiles/605p0kbw.default-1500790542260 ---------- | DNS [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters] "DhcpNameServer"=192.168.1.1 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{62c614e4-108a-409d-b015-123f012f46a1}] "DhcpNameServer"=192.168.1.1 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{62c614e4-108a-409d-b015-123f012f46a1}] "DhcpNameServer"=192.168.1.1 ---------- | Applications [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\SOFTWARE\Classes\Applications\7z.exe] : "C:\Program Files\7-Zip\7z.exe" "%1" [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\SOFTWARE\Classes\Applications\7zFM.exe] : "C:\Program Files\7-Zip\7zFM.exe" "%1" [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\SOFTWARE\Classes\Applications\7zG.exe] : "C:\Program Files\7-Zip\7zG.exe" "%1" [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\SOFTWARE\Classes\Applications\calibre-portable.exe] : "C:\Users\camil\Documents\Calibre Portable\calibre-portable.exe" "%1" [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\SOFTWARE\Classes\Applications\DTLite.exe] : "C:\Program Files\DAEMON Tools Lite\DTLite.exe" "%1" [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\SOFTWARE\Classes\Applications\notepad++.exe] : "C:\Program Files\Notepad++\notepad++.exe" "%1" [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\SOFTWARE\Classes\Applications\QtProject.QtCreator.c] : C:\Qt\\Tools\QtCreator\bin\qtcreator.exe -client "%1" [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\SOFTWARE\Classes\Applications\QtProject.QtCreator.c++] : C:\Qt\\Tools\QtCreator\bin\qtcreator.exe -client "%1" [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\SOFTWARE\Classes\Applications\QtProject.QtCreator.cc] : C:\Qt\\Tools\QtCreator\bin\qtcreator.exe -client "%1" [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\SOFTWARE\Classes\Applications\QtProject.QtCreator.cp] : C:\Qt\\Tools\QtCreator\bin\qtcreator.exe -client "%1" [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\SOFTWARE\Classes\Applications\QtProject.QtCreator.cpp] : C:\Qt\\Tools\QtCreator\bin\qtcreator.exe -client "%1" [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\SOFTWARE\Classes\Applications\QtProject.QtCreator.cxx] : C:\Qt\\Tools\QtCreator\bin\qtcreator.exe -client "%1" [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\SOFTWARE\Classes\Applications\QtProject.QtCreator.h] : C:\Qt\\Tools\QtCreator\bin\qtcreator.exe -client "%1" [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\SOFTWARE\Classes\Applications\QtProject.QtCreator.h++] : C:\Qt\\Tools\QtCreator\bin\qtcreator.exe -client "%1" [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\SOFTWARE\Classes\Applications\QtProject.QtCreator.hh] : C:\Qt\\Tools\QtCreator\bin\qtcreator.exe -client "%1" [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\SOFTWARE\Classes\Applications\QtProject.QtCreator.hpp] : C:\Qt\\Tools\QtCreator\bin\qtcreator.exe -client "%1" [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\SOFTWARE\Classes\Applications\QtProject.QtCreator.hxx] : C:\Qt\\Tools\QtCreator\bin\qtcreator.exe -client "%1" [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\SOFTWARE\Classes\Applications\QtProject.QtCreator.pri] : C:\Qt\\Tools\QtCreator\bin\qtcreator.exe -client "%1" [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\SOFTWARE\Classes\Applications\QtProject.QtCreator.pro] : C:\Qt\\Tools\QtCreator\bin\qtcreator.exe -client "%1" [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\SOFTWARE\Classes\Applications\QtProject.QtCreator.qbs] : C:\Qt\\Tools\QtCreator\bin\qtcreator.exe -client "%1" [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\SOFTWARE\Classes\Applications\QtProject.QtCreator.qml] : C:\Qt\\Tools\QtCreator\bin\qtcreator.exe -client "%1" [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\SOFTWARE\Classes\Applications\QtProject.QtCreator.qs] : C:\Qt\\Tools\QtCreator\bin\qtcreator.exe -client "%1" [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\SOFTWARE\Classes\Applications\QtProject.QtCreator.ui] : C:\Qt\\Tools\QtCreator\bin\qtcreator.exe -client "%1" [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\SOFTWARE\Classes\Applications\SubtitleWorkshop.exe] : "C:\Users\camil\Documents\Subtitle Workshop\SubtitleWorkshop.exe" "%1" [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\SOFTWARE\Classes\Applications\uTorrent.exe] : "%APPDATA%\uTorrent\uTorrent.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\Acrobat.exe] : "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrobat.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 [HKLM\SOFTWARE\Classes\Applications\MovieMaker.exe] : "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\MSOXMLED.EXE] : "C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE" "%1" [HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1 [HKLM\SOFTWARE\Classes\Applications\vlc.exe] : "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file "%1" [HKLM\SOFTWARE\Classes\Applications\VSLauncher.exe] : "C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\VSLauncher.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\WLXPhotoViewer.dll] : "C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe" /LaunchPhotoViewer /v "%1" [HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\Acrobat.exe] : "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrobat.exe" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\MovieMaker.exe] : "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\MSOXMLED.EXE] : "C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\vlc.exe] : "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\VSLauncher.exe] : "C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\VSLauncher.exe" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\WLXPhotoViewer.dll] : "C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe" /LaunchPhotoViewer /v "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" ---------- | SvcHost (Whitelist) [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost] "DcomLaunch"=Power LSM BrokerInfrastructure PlugPlay DcomLaunch DeviceInstall SystemEventsBroker "rdxgroup"=RetailDemo "Camera"=FrameS "DevicesFlow"=DevicesFlowUserSvc "smbsvcs"=lanmanserver browser "iissvcs"=w3svc was "HPService"=HPSLPSVC "HPZ12"=Pml Driver HPZ12 Net Driver HPZ12 [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost] "DcomLaunch"=PlugPlay DcomLaunch DeviceInstall "smbsvcs"=lanmanserver "iissvcs"=w3svc was "hpdevmgmt"=hpqcxs08 hpqddsvc ---------- | SvcHost - Netsvcs (Whitelist) TokenBroker - %SystemRoot%\System32\TokenBroker.dll : %SystemRoot%\system32\svchost.exe -k netsvcs ---------- | Software [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\4kdownload.com] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\7-Zip] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Acceleroto] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Adobe] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Aimersoft] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Alex Feinman] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Amazon] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Ansca Corona] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\AppDataLow] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Apple Computer, Inc.] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Apple Inc.] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Audiosurf, LLC] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\BENTO] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Blue Isle Studios] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\CakeCollective] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Christian Reuter] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Chromium] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Clients] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\CodeBlocks] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Corona Labs] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Crystal Dynamics] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\CyberLink] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Cygwin] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\DC3_FEXEC] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Digia] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Dinosaur Polo Club] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Disc Soft] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\DropboxUpdate] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\ej-technologies] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Elias Fotinis] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Epic Games] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Fixpoint Productions Ltd.] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\g3n-h@ckm@n] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Gabest] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\GOG.com] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Google] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\GOSTgmmouse] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Graveck] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Hewlett-Packard] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Highresolution Enterprises] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\HP] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\IBE Software] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Imagination Technologies] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Intel] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\IvanovichGames] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\JavaSoft] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Just1337Studio] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\KHB-Soft] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\KittehFace Software] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\LANGMaster] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\LAventure] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Local AppWizard-Generated Applications] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\LogiShrd] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Macromedia] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Malwarebytes] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Matthew Brown] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Michael Todd Games] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Microsoft] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Microsoft Studios] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Monkeybin] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Mozilla] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Netscape] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Noclip] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\NVIDIA Corporation] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\nwjs] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\One Man Band] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\PhotoFiltre 7] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Policies] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Python] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\QtProject] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Rainbow Train] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\RainbowTrain] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Realtek] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\RegisteredApplications] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Sergej110] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\SMGStudio] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Spotify] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\SyncEngines] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\sysinternals] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\The Document Foundation] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\The GodFather] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\THETA AnIn] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Thomas Bowker] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Three Flip Studios] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Two Tribes] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Ubisoft] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Unity] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Unity Technologies] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\UsbFix] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Valve] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\WinAuth3] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Wondershare] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Wow6432Node] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Xiaoma] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\SOFTWARE\AppDataLow\Software\Lince Works] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\SOFTWARE\AppDataLow\Software\Microsoft] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\SOFTWARE\AppDataLow\Software\Unity] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Microsoft\Windows\CurrentVersion] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Microsoft\Windows\DWM] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Microsoft\Windows\PrivacySettingsBeforeCreatorsUpdate] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Microsoft\Windows\Roaming] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Microsoft\Windows\Shell] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Microsoft\Windows\ShellNoRoam] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Microsoft\Windows\TabletPC] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Microsoft\Windows\Windows Error Reporting] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Microsoft\Windows\Winlogon] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\7-Zip] [HKLM\Software\Adobe] [HKLM\Software\AGEIA Technologies] [HKLM\Software\Apple Inc.] [HKLM\Software\Autodesk] [HKLM\Software\Clients] [HKLM\Software\Cygwin] [HKLM\Software\Disc Soft] [HKLM\Software\ej-technologies] [HKLM\Software\Fortemedia] [HKLM\Software\g3n-h@ckm@n] [HKLM\Software\Google] [HKLM\Software\Hewlett-Packard] [HKLM\Software\HP] [HKLM\Software\Intel] [HKLM\Software\JavaSoft] [HKLM\Software\JreMetrics] [HKLM\Software\Khronos] [HKLM\Software\Logishrd] [HKLM\Software\Macromedia] [HKLM\Software\Microsoft] [HKLM\Software\Mozilla] [HKLM\Software\MozillaPlugins] [HKLM\Software\Notepad++] [HKLM\Software\Nuance] [HKLM\Software\NVIDIA Corporation] [HKLM\Software\ODBC] [HKLM\Software\OEM] [HKLM\Software\Partner] [HKLM\Software\Policies] [HKLM\Software\PyQt5] [HKLM\Software\Realtek] [HKLM\Software\RegisteredApplications] [HKLM\Software\RTLSetup] [HKLM\Software\SonicFocus] [HKLM\Software\SoundResearch] [HKLM\Software\SRS Labs] [HKLM\Software\sysinternals] [HKLM\Software\WOW6432Node] [HKLM\Software\Microsoft\Windows\ClickNote] [HKLM\Software\Microsoft\Windows\CurrentVersion] [HKLM\Software\Microsoft\Windows\Dwm] [HKLM\Software\Microsoft\Windows\DynamicManagement] [HKLM\Software\Microsoft\Windows\EnterpriseResourceManager] [HKLM\Software\Microsoft\Windows\Heat] [HKLM\Software\Microsoft\Windows\HTML Help] [HKLM\Software\Microsoft\Windows\ITStorage] [HKLM\Software\Microsoft\Windows\PrivacySettingsBeforeCreatorsUpdate] [HKLM\Software\Microsoft\Windows\ScheduledDiagnostics] [HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\Microsoft\Windows\Shell] [HKLM\Software\Microsoft\Windows\Tablet PC] [HKLM\Software\Microsoft\Windows\TabletPC] [HKLM\Software\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\Microsoft\Windows\Windows Search] [HKLM\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\apphost] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\Camera] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\DevicesFlow] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ICService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\iissvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceHttp] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestrictedDhcpLmHosts] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetworkFirewall] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceDnsNla] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\print] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\rdxgroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\UnistackSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\WepHostSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wsappx] [HKLM\Software\WOW6432Node\Adobe] [HKLM\Software\WOW6432Node\AGEIA Technologies] [HKLM\Software\WOW6432Node\Aimersoft] [HKLM\Software\WOW6432Node\Aimersoft Helper Compact] [HKLM\Software\WOW6432Node\Apple Computer, Inc.] [HKLM\Software\WOW6432Node\Apple Inc.] [HKLM\Software\WOW6432Node\Avanquest] [HKLM\Software\WOW6432Node\Caphyon] [HKLM\Software\WOW6432Node\Corona Labs] [HKLM\Software\WOW6432Node\Cyberlink] [HKLM\Software\WOW6432Node\Dropbox] [HKLM\Software\WOW6432Node\DropboxUpdate] [HKLM\Software\WOW6432Node\Elias Fotinis] [HKLM\Software\WOW6432Node\GOG.com] [HKLM\Software\WOW6432Node\Google] [HKLM\Software\WOW6432Node\Hewlett-Packard] [HKLM\Software\WOW6432Node\HP] [HKLM\Software\WOW6432Node\HP Inc.] [HKLM\Software\WOW6432Node\ICE] [HKLM\Software\WOW6432Node\Intel] [HKLM\Software\WOW6432Node\JavaSoft] [HKLM\Software\WOW6432Node\JreMetrics] [HKLM\Software\WOW6432Node\KeepVid] [HKLM\Software\WOW6432Node\Khronos] [HKLM\Software\WOW6432Node\LibreOffice] [HKLM\Software\WOW6432Node\LogMeInRescueCallingCard] [HKLM\Software\WOW6432Node\LogMeInRescueCallingCards] [HKLM\Software\WOW6432Node\Macromedia] [HKLM\Software\WOW6432Node\MAXSOFT-OCRON] [HKLM\Software\WOW6432Node\McAfee] [HKLM\Software\WOW6432Node\Microsoft] [HKLM\Software\WOW6432Node\Mozilla] [HKLM\Software\WOW6432Node\mozilla.org] [HKLM\Software\WOW6432Node\MozillaPlugins] [HKLM\Software\WOW6432Node\Nuance] [HKLM\Software\WOW6432Node\NVIDIA Corporation] [HKLM\Software\WOW6432Node\OBS Studio] [HKLM\Software\WOW6432Node\ODBC] [HKLM\Software\WOW6432Node\OpenAL] [HKLM\Software\WOW6432Node\Python] [HKLM\Software\WOW6432Node\Realtek] [HKLM\Software\WOW6432Node\Realtek Semiconductor Corp.] [HKLM\Software\WOW6432Node\SOSVirus] [HKLM\Software\WOW6432Node\SyncIntegrationClients] [HKLM\Software\WOW6432Node\The Document Foundation] [HKLM\Software\WOW6432Node\UBISOFT] [HKLM\Software\WOW6432Node\Valve] [HKLM\Software\WOW6432Node\VideoLAN] [HKLM\Software\WOW6432Node\Volatile] [HKLM\Software\WOW6432Node\WafCX] [HKLM\Software\WOW6432Node\Wondershare] [HKLM\Software\WOW6432Node\WOW6432Node] [HKLM\Software\WOW6432Node\Xamarin] [HKLM\Software\WOW6432Node\Clients] [HKLM\Software\WOW6432Node\Policies] [HKLM\Software\WOW6432Node\RegisteredApplications] [HKLM\Software\WOW6432Node\Microsoft\Windows\ClickNote] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows\Dwm] [HKLM\Software\WOW6432Node\Microsoft\Windows\EnterpriseResourceManager] [HKLM\Software\WOW6432Node\Microsoft\Windows\Heat] [HKLM\Software\WOW6432Node\Microsoft\Windows\HTML Help] [HKLM\Software\WOW6432Node\Microsoft\Windows\ITStorage] [HKLM\Software\WOW6432Node\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\WOW6432Node\Microsoft\Windows\Tablet PC] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Search] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\iissvcs] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceHttp] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestrictedDhcpLmHosts] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetworkFirewall] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceDnsNla] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] ---------- | Drives D: [06/04/2017 19:22:25] - |RASH| - (.-.) - [55] - (0.0.0.0) - D:\RP.ini ---------- | C: [07/07/2017 22:06:43] - |HD| - [5695656860] - C:\$GetCurrent [16/07/2016 13:47:47] - |SHD| - [12073098] - C:\$Recycle.Bin [15/08/2017 13:28:22] - |D| - [12994226] - C:\AdwCleaner [MD5.93B885ADFE0DA089CDF634904FD59F71] - [16/07/2016 14:58:19] - |ASH| - (.-.) - [1] - (0.0.0.0) - C:\BOOTNXT [07/07/2017 21:32:50] - |SHD| - [2450360] - C:\Config.Msi [18/07/2017 07:22:09] - |D| - [461261219] - C:\cygwin64 [21/07/2017 16:42:54] - |D| - [0] - C:\Documents [07/07/2017 17:45:16] - |SHD| - [0] - C:\Documents and Settings [16/08/2017 19:45:42] - |D| - [189832892] - C:\FRST [08/07/2017 12:49:29] - |D| - [96126378624] - C:\Games [MD5.D41D8CD98F00B204E9800998ECF8427E] - [08/07/2017 17:11:00] - |ASH| - (.-.) - [3410788352] - (0.0.0.0) - C:\hiberfil.sys [14/01/2017 03:13:49] - |HD| - [4936127] - C:\hp [08/07/2017 17:51:52] - |D| - [60232] - C:\inetpub [17/07/2017 17:31:30] - |D| - [400252773] - C:\MinGW [15/07/2017 08:22:29] - |HD| - [0] - C:\OneDriveTemp [MD5.D41D8CD98F00B204E9800998ECF8427E] - [11/04/2017 06:40:53] - |ASH| - (.-.) - [1342177280] - (0.0.0.0) - C:\pagefile.sys [18/03/2017 23:03:28] - |D| - [0] - C:\PerfLogs [18/03/2017 23:03:28] - |RD| - [10925669000] - C:\Program Files [18/03/2017 23:03:28] - |RD| - [248580957182] - C:\Program Files (x86) [18/03/2017 23:03:29] - |HD| - [3979121112] - C:\ProgramData [29/07/2017 12:39:50] - |D| - [0] - C:\Python35 [29/07/2017 08:15:42] - |D| - [5225453624] - C:\Qt [23/08/2017 21:20:37] - |D| - [262062] - C:\QuickDiag [MD5.D6DB2A3F319A97FD2BA8654BFC0B82BE] - [23/08/2017 21:22:25] - |A| - (.-.) - [229884] - (0.0.0.0) - C:\QuickDiag.txt [MD5.B3CB75D51096A83EC182A6579E35A96B] - [01/08/2017 19:42:44] - |A| - (.-.) - [157] - (0.0.0.0) - C:\RecorderProtectionError.txt [29/07/2016 14:32:27] - |SHD| - [3727699020] - C:\Recovery [MD5.D41D8CD98F00B204E9800998ECF8427E] - [06/04/2017 07:53:34] - |ASH| - (.-.) - [268435456] - (0.0.0.0) - C:\swapfile.sys [23/08/2016 21:10:07] - |D| - [2749121466] - C:\SWSETUP [16/08/2017 14:16:22] - |D| - [0] - C:\SymCache [06/04/2017 09:14:52] - |SHD| - [0] - C:\System Volume Information [23/08/2016 21:10:07] - |AHD| - [180678165] - C:\SYSTEM.SAV [23/08/2017 15:40:45] - |AD| - [5804184] - C:\UsbFix [18/03/2017 13:40:20] - |RD| - [109759454364] - C:\Users [18/03/2017 13:40:20] - |D| - [26083590478] - C:\Windows [07/07/2017 20:03:19] - |D| - [20812895] - C:\Windows10Upgrade ---------- | C:\WINDOWS [18/03/2017 23:03:29] - |D| - [802] - C:\WINDOWS\addins [18/03/2017 23:03:29] - |D| - [49483620] - C:\WINDOWS\appcompat [18/03/2017 23:03:29] - |D| - [12471860] - C:\WINDOWS\AppPatch [18/03/2017 23:03:29] - |D| - [0] - C:\WINDOWS\AppReadiness [18/03/2017 23:03:28] - |RSD| - [1698118950] - C:\WINDOWS\assembly [06/08/2017 07:59:47] - |D| - [200704] - C:\WINDOWS\B83FC356B7C0441F8A4DD71E088E7974.TMP [18/03/2017 23:03:29] - |D| - [639657] - C:\WINDOWS\bcastdvr [MD5.293283CF350E00AF8C4A2770BDBF4D50] - [08/06/2017 12:43:11] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Utilitaire de service de fichier de démarrage.) - [64512] - (10.0.15063.413) - C:\WINDOWS\bfsvc.exe [18/03/2017 23:03:29] - |D| - [38058825] - C:\WINDOWS\Boot [MD5.FF1E4D6F3EB48850187C59FAB630D9AB] - [08/07/2017 17:03:44] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\WINDOWS\bootstat.dat [18/03/2017 23:03:29] - |D| - [2447960] - C:\WINDOWS\Branding [18/03/2017 22:51:24] - |D| - [0] - C:\WINDOWS\CbsTemp [MD5.F471CF70EE6D49C5650A4D5295531435] - [20/03/2017 07:12:07] - |A| - (.-.) - [34390] - (0.0.0.0) - C:\WINDOWS\Core.xml [MD5.D6CE3EEAB0B72F8014E62C728CEA5605] - [16/07/2016 16:16:59] - |A| - (.-.) - [33498] - (0.0.0.0) - C:\WINDOWS\CoreSingleLanguage.xml [MD5.047511ED75B28F6B1B978540BEFA570E] - [06/04/2017 17:33:39] - |A| - (.-.) - [12] - (0.0.0.0) - C:\WINDOWS\CSUP.txt [18/03/2017 23:03:29] - |D| - [8970858] - C:\WINDOWS\Cursors [18/03/2017 23:03:29] - |D| - [1810582] - C:\WINDOWS\debug [MD5.0E359EF178B73AAAE2C6D6AC11B4FE15] - [08/07/2017 17:17:33] - |A| - (.-.) - [11433] - (0.0.0.0) - C:\WINDOWS\diagerr.xml [18/03/2017 23:03:29] - |D| - [4450554] - C:\WINDOWS\diagnostics [MD5.0E359EF178B73AAAE2C6D6AC11B4FE15] - [08/07/2017 17:17:33] - |A| - (.-.) - [11433] - (0.0.0.0) - C:\WINDOWS\diagwrn.xml [20/03/2017 07:10:26] - |D| - [0] - C:\WINDOWS\DigitalLocker [18/03/2017 23:03:29] - |SD| - [65] - C:\WINDOWS\Downloaded Program Files [18/03/2017 23:03:29] - |HD| - [44632] - C:\WINDOWS\ELAMBKUP [31/07/2017 08:02:15] - |D| - [116936] - C:\WINDOWS\en [20/03/2017 07:10:26] - |D| - [0] - C:\WINDOWS\en-US [MD5.CA3BF0F15BA4F24D511BFEE725CC89BD] - [12/07/2017 12:10:41] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [4847424] - (10.0.15063.447) - C:\WINDOWS\explorer.exe [18/03/2017 23:03:29] - |RSD| - [424018569] - C:\WINDOWS\Fonts [20/03/2017 07:10:26] - |D| - [109056] - C:\WINDOWS\fr-FR [18/03/2017 23:03:29] - |D| - [0] - C:\WINDOWS\GameBarPresenceWriter [18/03/2017 23:03:29] - |D| - [53212593] - C:\WINDOWS\Globalization [18/03/2017 23:03:29] - |D| - [74378403] - C:\WINDOWS\Help [MD5.E064A38A807C83ADC8AD9E1B54C85CF9] - [08/06/2017 12:43:11] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Aide et support Microsoft.) - [975360] - (10.0.15063.413) - C:\WINDOWS\HelpPane.exe [MD5.40CBB6FF53388188A2CDA538D5F26A59] - [18/03/2017 22:57:33] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Exécutable de l’aide HTML Microsoft®.) - [18432] - (10.0.15063.0) - C:\WINDOWS\hh.exe [20/03/2017 07:11:49] - |D| - [14071088] - C:\WINDOWS\HoloShell [06/04/2017 09:47:48] - |AD| - [92022650] - C:\WINDOWS\HP [MD5.773CA29CF52A53CBC931606F2D941BC8] - [06/04/2017 19:19:10] - |A| - (.Copyright (c) 2015 Hewlett-Packard Development Company, L.P. - HPCUST1.) - [3322568] - (1.0.0.1) - C:\WINDOWS\HPCUST1.exe [MD5.8D73B7ED5D099EB7E7F83FB23FB2208D] - [06/04/2017 19:19:10] - |A| - (.Copyright (c) 2015 Hewlett-Packard Development Company, L.P. - HPCUST2.) - [3322384] - (1.0.0.1) - C:\WINDOWS\HPCUST2.exe [MD5.B21CFAC42B15D33EE72077C5218BBEA6] - [15/07/2017 08:11:21] - |A| - (.-.) - [246754] - (0.0.0.0) - C:\WINDOWS\hpoins46.dat [MD5.1019435F13A155DB8D33BB2094BA0E26] - [15/07/2017 08:11:21] - |N| - (.-.) - [464] - (0.0.0.0) - C:\WINDOWS\hpomdl46.dat [MD5.1019435F13A155DB8D33BB2094BA0E26] - [18/07/2017 10:43:18] - |N| - (.-.) - [464] - (0.0.0.0) - C:\WINDOWS\hpomdl46.dat.temp [18/03/2017 23:03:29] - |D| - [173056880] - C:\WINDOWS\IME [18/03/2017 23:03:29] - |RD| - [8336344] - C:\WINDOWS\ImmersiveControlPanel [18/03/2017 23:01:21] - |D| - [114855308] - C:\WINDOWS\INF [18/03/2017 23:03:29] - |D| - [1287960665] - C:\WINDOWS\InfusedApps [18/03/2017 23:03:29] - |D| - [38340109] - C:\WINDOWS\InputMethod [18/03/2017 23:03:29] - |SHDC| - [2142616627] - C:\WINDOWS\Installer [18/03/2017 23:03:29] - |D| - [94096] - C:\WINDOWS\L2Schemas [18/03/2017 23:03:29] - |D| - [776768] - C:\WINDOWS\LiveKernelReports [18/03/2017 13:40:24] - |D| - [36049796] - C:\WINDOWS\Logs [18/03/2017 23:03:29] - |RSD| - [20316123] - C:\WINDOWS\Media [MD5.23AF90D2355D8C83AA4567EF1763B467] - [18/03/2017 22:57:03] - |A| - (.-.) - [43131] - (0.0.0.0) - C:\WINDOWS\mib.bin [18/03/2017 23:03:28] - |RD| - [828048648] - C:\WINDOWS\Microsoft.NET [18/03/2017 23:03:29] - |D| - [2938] - C:\WINDOWS\Migration [13/07/2017 19:51:25] - |D| - [0] - C:\WINDOWS\Minidump [18/03/2017 23:03:29] - |RD| - [487308] - C:\WINDOWS\MiracastView [18/03/2017 23:03:29] - |D| - [0] - C:\WINDOWS\ModemLogs [26/07/2017 08:23:51] - |HD| - [0] - C:\WINDOWS\msdownld.tmp [MD5.F60A9D3A9461F68DE0FCCEBB0C6CB31A] - [18/03/2017 22:58:25] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Bloc-notes.) - [246784] - (10.0.15063.0) - C:\WINDOWS\notepad.exe [MD5.74F28574BB8F61FFC7DD419FE6B6E0D5] - [07/07/2017 20:33:23] - |A| - (.-.) - [1951] - (0.0.0.0) - C:\WINDOWS\NvContainerRecovery.bat [20/03/2017 07:11:22] - |D| - [441838] - C:\WINDOWS\OCR [18/03/2017 23:03:29] - |RD| - [65] - C:\WINDOWS\Offline Web Pages [08/07/2017 15:17:55] - |DC| - [169647866] - C:\WINDOWS\Panther [18/03/2017 23:03:29] - |D| - [29366966] - C:\WINDOWS\Performance [MD5.E3B3105D1B479A7EF783F4B324A6E021] - [16/08/2017 19:51:51] - |A| - (.-.) - [2344] - (0.0.0.0) - C:\WINDOWS\PFRO.log [18/03/2017 23:03:29] - |D| - [1136442] - C:\WINDOWS\PLA [18/03/2017 23:03:29] - |D| - [2730616] - C:\WINDOWS\PolicyDefinitions [08/07/2017 17:02:19] - |D| - [22801641] - C:\WINDOWS\Prefetch [18/03/2017 23:03:29] - |RD| - [2168600] - C:\WINDOWS\PrintDialog [MD5.09394999ADB19901C665454EE964B13C] - [08/07/2017 15:15:29] - |A| - (.-.) - [36] - (0.0.0.0) - C:\WINDOWS\progress.ini [18/03/2017 23:03:29] - |D| - [2884514] - C:\WINDOWS\Provisioning [MD5.773BA93DABD87D38F436BBC0C34FC7CE] - [16/01/2017 15:52:00] - |A| - (.Copyright © 2001-2016 Python Software Foundation. Copyright © 2000 BeOpen.com. Copyright © 1995-2001 CNRI. Copyright © 1991-1995 SMC. - Python.) - [387736] - (3.5.3150.1013) - C:\WINDOWS\py.exe [MD5.305BB1EBB3CF60CA3B9CAD98738659EE] - [16/01/2017 16:03:08] - |A| - (.Copyright © 2001-2016 Python Software Foundation. Copyright © 2000 BeOpen.com. Copyright © 1995-2001 CNRI. Copyright © 1991-1995 SMC. - Python.) - [55448] - (3.5.3150.1013) - C:\WINDOWS\pyshellext.amd64.dll [MD5.EEDC179E682A834738DB37BD41632828] - [16/01/2017 15:52:00] - |A| - (.Copyright © 2001-2016 Python Software Foundation. Copyright © 2000 BeOpen.com. Copyright © 1995-2001 CNRI. Copyright © 1991-1995 SMC. - Python.) - [388248] - (3.5.3150.1013) - C:\WINDOWS\pyw.exe [MD5.A3B1FC6C72EA944C2E1B359A19CB40AB] - [18/03/2017 22:57:08] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Éditeur du Registre.) - [321024] - (10.0.15063.0) - C:\WINDOWS\regedit.exe [18/03/2017 23:03:29] - |D| - [1118252] - C:\WINDOWS\Registration [18/03/2017 23:03:29] - |D| - [5736536] - C:\WINDOWS\rescache [18/03/2017 23:03:29] - |D| - [3660232] - C:\WINDOWS\Resources [MD5.0DD3698CBEE8CB6ACEC3379A813F62C1] - [06/04/2017 09:44:40] - |A| - (.Copyright (C) Realtek Semiconductor Corp. - RtCRU.) - [4332032] - (1.13.0.0) - C:\WINDOWS\RtCRU64.exe [MD5.A095B3E67C8EB8F2137EAC63687F2F5B] - [06/04/2017 09:39:00] - |A| - (.Copyright (C) 2016 Realtek Semiconductor Corp. - RtlExUpd DLL for setup utility function.) - [2839520] - (1.0.7.0) - C:\WINDOWS\RtlExUpd.dll [18/03/2017 23:03:29] - |D| - [0] - C:\WINDOWS\SchCache [18/03/2017 23:03:29] - |D| - [121229] - C:\WINDOWS\schemas [18/03/2017 23:03:29] - |D| - [3620864] - C:\WINDOWS\security [08/07/2017 17:53:14] - |D| - [52051596] - C:\WINDOWS\ServiceProfiles [18/03/2017 13:40:20] - |D| - [85299742] - C:\WINDOWS\servicing [18/03/2017 23:06:43] - |D| - [349] - C:\WINDOWS\Setup [MD5.AD3F5741DB0937C71556DDCCA4F63028] - [21/08/2017 22:57:57] - |A| - (.-.) - [778] - (0.0.0.0) - C:\WINDOWS\setupact.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - [21/08/2017 22:57:57] - |A| - (.-.) - [0] - (0.0.0.0) - C:\WINDOWS\setuperr.log [18/03/2017 23:03:29] - |D| - [41940480] - C:\WINDOWS\ShellExperiences [20/03/2017 07:11:06] - |D| - [3752992] - C:\WINDOWS\SKB [07/07/2017 18:01:38] - |D| - [3062237141] - C:\WINDOWS\SoftwareDistribution [18/03/2017 23:03:29] - |D| - [86037185] - C:\WINDOWS\Speech [18/03/2017 23:03:29] - |D| - [73554020] - C:\WINDOWS\Speech_OneCore [MD5.31F324879B791EBF76E0005D1ABDE10E] - [18/03/2017 22:58:24] - |A| - (.© Microsoft Corporation. - Print driver host for applications.) - [130560] - (10.0.15063.0) - C:\WINDOWS\splwow64.exe [18/03/2017 23:03:29] - |D| - [31039] - C:\WINDOWS\System [MD5.286A9EDB379DC3423A528B0864A0F111] - [16/07/2016 13:47:50] - |A| - (.-.) - [219] - (0.0.0.0) - C:\WINDOWS\system.ini [18/03/2017 13:40:20] - |D| - [6170347308] - C:\WINDOWS\System32 [18/03/2017 23:03:29] - |D| - [189920464] - C:\WINDOWS\SystemApps [18/03/2017 23:03:29] - |D| - [19464199] - C:\WINDOWS\SystemResources [18/03/2017 13:40:24] - |D| - [1591549303] - C:\WINDOWS\SysWOW64 [18/03/2017 23:03:29] - |D| - [0] - C:\WINDOWS\TAPI [16/07/2016 13:47:48] - |D| - [3032] - C:\WINDOWS\Tasks [18/03/2017 23:03:29] - |D| - [271047651] - C:\WINDOWS\Temp [18/03/2017 23:03:29] - |D| - [0] - C:\WINDOWS\tracing [18/03/2017 23:03:29] - |D| - [231936] - C:\WINDOWS\twain_32 [MD5.C0792EA1BA08CA6E6420C9BB8E14CB3E] - [18/03/2017 22:58:54] - |A| - (.- Gestionnaire de sources Twain_32 (Image Acquisition Interface).) - [65536] - (1.7.1.3) - C:\WINDOWS\twain_32.dll [07/07/2017 19:56:58] - |SD| - [0] - C:\WINDOWS\UpdateAssistantV2 [18/03/2017 23:03:29] - |D| - [12420] - C:\WINDOWS\Vss [18/03/2017 23:03:30] - |D| - [37422891] - C:\WINDOWS\Web [MD5.34806929F5C189594CBF730452791361] - [16/07/2016 13:47:50] - |A| - (.-.) - [159] - (0.0.0.0) - C:\WINDOWS\win.ini [MD5.C844CA459F3B209329984772269B6E56] - [18/03/2017 22:58:27] - |RAH| - (.-.) - [670] - (0.0.0.0) - C:\WINDOWS\WindowsShell.Manifest [MD5.038356387332650843BCB352BB89A101] - [16/08/2017 19:59:37] - |A| - (.-.) - [275] - (0.0.0.0) - C:\WINDOWS\WindowsUpdate.log [MD5.6E6947D6368FA11E9146C4767F31286E] - [18/03/2017 22:58:42] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Relais Windows Winhlp32.) - [10240] - (10.0.15063.0) - C:\WINDOWS\winhlp32.exe [18/03/2017 13:40:20] - |D| - [7005247540] - C:\WINDOWS\WinSxS [MD5.907AE50A03DEEC4CFFDC70EA3D5AD4D8] - [31/03/2014 21:34:22] - |A| - (.© 2012 Microsoft Corporation. - Photo Gallery Screen Saver.) - [322248] - (16.4.3528.331) - C:\WINDOWS\WLXPGSS.SCR [MD5.E7E4D8D7340DA6934B9EA81CBB21374C] - [18/03/2017 22:56:51] - |A| - (.-.) - [316640] - (0.0.0.0) - C:\WINDOWS\WMSysPr9.prx [MD5.ECEB16331FDDE0EBD7BE30BE085AD3D9] - [18/03/2017 22:58:25] - |A| - (.© Microsoft Corporation. - Windows Write.) - [11264] - (10.0.15063.0) - C:\WINDOWS\write.exe ---------- | C:\WINDOWS\System32\GroupPolicy ---------- | Systemroot\System ---------- | Systemroot\Installer (Microsoft Files Whitelisted) [11/11/2015 22:09:16] - C:\WINDOWS\Installer\12be2.msi : ( - HP Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [01/08/2016 23:48:58] - C:\WINDOWS\Installer\12c05.msi : ( - HP) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [15/07/2017 14:02:19] - C:\WINDOWS\Installer\13920de.msi : (Intel® WiFi - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [20/03/2017 13:49:18] - C:\WINDOWS\Installer\1707649.msi : (Gtk# for .Net 2.12.26 - Xamarin, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [08/12/2015 15:03:34] - C:\WINDOWS\Installer\1866f535.msi : (Apple Application Support Installer - Apple Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [15/12/2015 15:18:36] - C:\WINDOWS\Installer\1866f53d.msi : (QuickTime Installer - Apple Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [01/08/2017 16:06:18] - C:\WINDOWS\Installer\19060b56.msi : ( - Alex Feinman) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [07/07/2017 19:59:45] - C:\WINDOWS\Installer\24763.msi : (Dropbox Update Helper - Dropbox, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [08/07/2017 07:33:45] - C:\WINDOWS\Installer\27d9fe2.msi : (Install/UnInstall PhysX Driver + Engines: 2.3.1/2/3; 2.4.0/1/4; 2.5.0/1/2/3/4; 2.6.0/1/2/3/4; 2.7.0/1/2/3/4/5/6; 2.8.0/1 - NVIDIA Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [19/07/2017 20:45:53] - C:\WINDOWS\Installer\28cf52e.msi : (Java SE Runtime Environment 8 Update 141 - Oracle Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [19/07/2017 20:45:49] - C:\WINDOWS\Installer\28cf539.msi : (Java Auto Updater - Oracle Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [25/11/2011 14:08:40] - C:\WINDOWS\Installer\29470e5.msi : ( - ) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [25/04/2011 20:17:49] - C:\WINDOWS\Installer\29470eb.msi : (64 Bit HP CIO Components Installer Package - Hewlett-Packard) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [13/05/2011 01:40:42] - C:\WINDOWS\Installer\29470f5.msi : ( - ) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/04/2011 01:04:13] - C:\WINDOWS\Installer\29470fb.msi : ( - ) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [13/05/2011 02:04:42] - C:\WINDOWS\Installer\2947101.msi : ( - ) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [15/11/2011 18:40:31] - C:\WINDOWS\Installer\2947108.msi : ( -) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [15/11/2011 23:38:33] - C:\WINDOWS\Installer\294710e.msi : ( - ) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [18/11/2009 10:46:23] - C:\WINDOWS\Installer\2947114.msi : ( - ) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/04/2011 00:46:01] - C:\WINDOWS\Installer\294711e.msi : (Hewlett-Packard - Hewlett-Packard) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/04/2011 04:08:51] - C:\WINDOWS\Installer\2947125.msi : ( - ) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [29/04/2011 20:35:14] - C:\WINDOWS\Installer\294712b.msi : ( - ) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [29/04/2011 23:24:50] - C:\WINDOWS\Installer\2947131.msi : ( - ) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [29/04/2011 18:05:11] - C:\WINDOWS\Installer\294713e.msi : ( - ) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [29/04/2011 21:01:06] - C:\WINDOWS\Installer\2947144.msi : (Builds the Destinations MSI - Builds the Destinations MSI) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [29/04/2011 19:38:34] - C:\WINDOWS\Installer\294714a.msi : ( - ) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [29/04/2011 21:31:13] - C:\WINDOWS\Installer\2947153.msi : ( - ) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/04/2011 03:50:19] - C:\WINDOWS\Installer\2947159.msi : ( - ) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/04/2011 02:10:25] - C:\WINDOWS\Installer\294715f.msi : ( - ) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [18/11/2009 08:58:23] - C:\WINDOWS\Installer\2947165.msi : ( - ) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [14/08/2014 18:45:55] - C:\WINDOWS\Installer\294716c.msi : (HP Update - Hewlett-Packard) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/08/2017 07:37:03] - C:\WINDOWS\Installer\30f318bb.msi : (Adobe ARM Installer - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [07/08/2017 14:08:52] - C:\WINDOWS\Installer\37802f5e.msi : (Apple Software Update Installer - Apple Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [29/08/2016 15:03:51] - C:\WINDOWS\Installer\49b66.msi : (Blank Project Template - HP Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [14/09/2016 20:30:54] - C:\WINDOWS\Installer\49b6c.msi : (Intel(R) Management Engine Components - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [14/09/2016 20:30:16] - C:\WINDOWS\Installer\49b72.msi : (Microsoft VC++ redistributables repacked. - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [14/09/2016 20:30:20] - C:\WINDOWS\Installer\49b88.msi : (Microsoft VC++ redistributables repacked. - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [14/09/2016 20:30:44] - C:\WINDOWS\Installer\49b9e.msi : (Intel(R) Management Engine Components - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [02/08/2016 20:33:30] - C:\WINDOWS\Installer\49ba4.msi : (Intel(R) Trusted Connect Service Client - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [03/10/2016 19:16:02] - C:\WINDOWS\Installer\49baa.msi : (Intel(R) Chipset Device Software - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [03/11/2016 14:22:08] - C:\WINDOWS\Installer\49bb0.msi : (Intel(R) Ready Mode Technology - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [20/09/2016 11:06:08] - C:\WINDOWS\Installer\49bcf.msi : (Intel(R) Rapid Storage Technology - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [20/10/2016 12:58:38] - C:\WINDOWS\Installer\49bd6.msi : (Intel(R) Wireless Bluetooth(R) Patch/Audio Package Installation - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [24/09/2016 17:33:45] - C:\WINDOWS\Installer\49be2.msi : (HP JumpStart Launch - HP Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [24/09/2012 06:02:16] - C:\WINDOWS\Installer\50a9da.msi : (Installers - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [16/07/2017 12:21:16] - C:\WINDOWS\Installer\6073ef1.msi : (Google Update Helper - Google Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [16/07/2017 12:27:51] - C:\WINDOWS\Installer\6073ef7.msi : (Backup and Sync from Google - Google, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [16/01/2017 16:05:42] - C:\WINDOWS\Installer\8dab598.msi : (Python 3.5.3 Core Interpreter (64-bit) - Python Software Foundation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [16/01/2017 16:06:04] - C:\WINDOWS\Installer\8dab59d.msi : (Python 3.5.3 Development Libraries (64-bit) - Python Software Foundation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [16/01/2017 16:06:18] - C:\WINDOWS\Installer\8dab5a2.msi : (Python 3.5.3 Executables (64-bit) - Python Software Foundation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [16/01/2017 16:06:42] - C:\WINDOWS\Installer\8dab5a7.msi : (Python 3.5.3 Standard Library (64-bit) - Python Software Foundation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [16/01/2017 16:07:58] - C:\WINDOWS\Installer\8dab5ac.msi : (Python 3.5.3 Test Suite (64-bit) - Python Software Foundation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [16/01/2017 16:06:16] - C:\WINDOWS\Installer\8dab5b1.msi : (Python 3.5.3 Documentation (64-bit) - Python Software Foundation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [16/01/2017 16:08:10] - C:\WINDOWS\Installer\8dab5b6.msi : (Python 3.5.3 Utility Scripts (64-bit) - Python Software Foundation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [16/01/2017 16:07:32] - C:\WINDOWS\Installer\8dab5bb.msi : (Python 3.5.3 Tcl/Tk Support (64-bit) - Python Software Foundation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [16/01/2017 16:05:36] - C:\WINDOWS\Installer\8dab5c0.msi : (Python Launcher - Python Software Foundation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [16/01/2017 16:07:16] - C:\WINDOWS\Installer\8dab5c5.msi : (Python 3.5.3 pip Bootstrap (64-bit) - Python Software Foundation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/07/2017 16:13:13] - C:\WINDOWS\Installer\bfd63fc.msi : (Java SE Development Kit 8 Update 131 (64-bit) - Oracle Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/04/2017 08:04:56] - C:\WINDOWS\Installer\c96e.msi : (HP Support Solutions Framework - HP Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/04/2017 08:05:12] - C:\WINDOWS\Installer\c971.msi : (HP Support Assistant - HP Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/04/2017 08:05:53] - C:\WINDOWS\Installer\c976.msi : (Blank Project Template - Hewlett-Packard) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/08/2016 10:05:02] - C:\WINDOWS\Installer\c97b.msi : (HP ePrint SW - HP Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/08/2016 10:06:20] - C:\WINDOWS\Installer\c980.msi : (HP ePrint SW - HP Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [15/08/2016 07:21:52] - C:\WINDOWS\Installer\c98f.msi : ([ProductName] Installer - Apple Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/08/2016 09:59:16] - C:\WINDOWS\Installer\c994.msi : (HP ePrint SW - HP Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/08/2016 10:01:50] - C:\WINDOWS\Installer\c999.msi : (HP ePrint SW - HP Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/08/2016 10:03:02] - C:\WINDOWS\Installer\c99e.msi : (HP ePrint SW - HP Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/08/2016 10:00:36] - C:\WINDOWS\Installer\c9a3.msi : (HP ePrint SW - HP Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [15/04/2016 01:51:07] - C:\WINDOWS\Installer\c9ad.msi : ( - © Copyright 2015 HP Development Company, L.P.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/08/2016 03:33:31] - C:\WINDOWS\Installer\c9b2.msi : ( - HP) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [05/10/2016 03:18:54] - C:\WINDOWS\Installer\c9b5.msi : (HP Audio Switch - HP Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [20/09/2016 20:32:43] - C:\WINDOWS\Installer\c9ba.msi : (Dropbox 25 GB - Dropbox, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [15/07/2017 12:32:27] - C:\WINDOWS\Installer\e698d5.msi : (HP JumpStart Bridge - HP Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [16/08/2017 20:33:42] - C:\WINDOWS\Installer\e8eeb.msi : (HP PC Hardware Diagnostics UEFI - HP) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/03/2015 10:41:29] - C:\WINDOWS\Installer\f72f11a.msi : ( - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] ---------- | %System%\*.in* [18/03/2017 22:56:50] - [3458] - C:\WINDOWS\System32\ieuinit.inf [08/07/2017 17:05:30] - [3027088] - C:\WINDOWS\System32\PerfStringBackup.INI [18/03/2017 22:58:24] - [60124] - C:\WINDOWS\System32\tcpmon.ini [18/03/2017 22:57:50] - [2307] - C:\WINDOWS\System32\WimBootCompress.ini [18/03/2017 22:59:49] - [3458] - C:\WINDOWS\Syswow64\ieuinit.inf [08/07/2017 17:05:28] - [1978024] - C:\WINDOWS\Syswow64\PerfStringBackup.INI [18/03/2017 22:58:48] - [2307] - C:\WINDOWS\Syswow64\WimBootCompress.ini ---------- | Listing no Microsoft signed files (Not necessary Malwares) | system32 | Syswow64 | General scan [MD5.A681527B9F23DD5F1A6C8D3F621E814E] - |A| - [18/03/2017 22:57:20] - (.-.) - [14.73 Ko] - (0.0.0.0) - C:\WINDOWS\AppPatch\AppPatch64\pcamain.sdb [MD5.E5D7B16B4C8AECA217E8F5B1CFA5DC97] - |A| - [14/08/2017 17:56:48] - (.-.) - [553.78 Ko] - (0.0.0.0) - C:\WINDOWS\AppPatch\AppPatch64\sysmain.sdb [MD5.00000000000000000000000000000000] - |D| - [18/08/2017 20:29:14] - [0 Ko] - C:\WINDOWS\Temp\81FBC7FA-8877-4B05-99C4-F1432E537850-Sigs [MD5.00000000000000000000000000000000] - |D| - [16/08/2017 20:10:03] - [3887.43 Ko] - C:\WINDOWS\Temp\ACLM [MD5.9988DE3E3CDAF5C3EDCCA8F3514687BA] - |A| - [16/08/2017 19:32:43] - (.-.) - [3.76 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\ACLM_GeneratedProxy.cs [MD5.6440B0F8CEF94420E5E1A848EADC0CBF] - |A| - [14/07/2017 21:47:18] - (.-.) - [1063.15 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\adobegc.log [MD5.0BEF11DF377040F544E38B1FB70A6768] - |AH| - [09/08/2017 08:33:39] - (. - .) - [209893.59 Ko] - (4.0.100.1189) - C:\WINDOWS\Temp\BIT3AEA.tmp [MD5.3FF4AEC85F10556C2910FF78AD7BDE40] - |A| - [17/08/2017 21:27:16] - (.-.) - [11.84 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\chrome_installer.log [MD5.00000000000000000000000000000000] - |D| - [17/08/2017 21:27:16] - [0.04 Ko] - C:\WINDOWS\Temp\Crashpad [MD5.00000000000000000000000000000000] - |D| - [17/08/2017 21:27:16] - [1756.11 Ko] - C:\WINDOWS\Temp\CR_C10C4.tmp [MD5.59731A0D02927B77E69029B62623DDA8] - |A| - [15/08/2017 19:39:26] - (.-.) - [7.47 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170815-1939.log [MD5.AC8F2501C0AF0C85746A4240BC5D37F0] - |A| - [15/08/2017 20:09:25] - (.-.) - [7.47 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170815-2009.log [MD5.3CA3358321BB934A0C700C8333B4A1AB] - |A| - [15/08/2017 20:39:25] - (.-.) - [8.92 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170815-2039.log [MD5.01B1159C22368C9A723087E356BF9DE1] - |A| - [15/08/2017 22:55:04] - (.-.) - [249.56 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170815-2255.log [MD5.6C668A9A9DDE3003A44CC9B4DA5E22E7] - |A| - [15/08/2017 23:10:33] - (.-.) - [7.47 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170815-2310.log [MD5.12D1C8B6EFD2154FA9D926CF0A298A86] - |A| - [15/08/2017 23:40:32] - (.-.) - [7.47 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170815-2340.log [MD5.C945B3AF415AAFE8471425DDAEAE6A38] - |A| - [16/08/2017 00:10:32] - (.-.) - [7.46 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170816-0010.log [MD5.5D02B0362A11B20D0230E2601DFDF865] - |A| - [16/08/2017 07:27:57] - (.-.) - [6.38 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170816-0727.log [MD5.5CC31CE1EFA669AC9FAC48D936A66121] - |A| - [16/08/2017 07:30:51] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170816-0730.log [MD5.6B8E2930A5D53A0D68F9D0713171ADFA] - |A| - [16/08/2017 07:44:02] - (.-.) - [7.47 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170816-0744.log [MD5.15542D85E6BC1B4A470BA1B7495967FF] - |A| - [16/08/2017 08:14:01] - (.-.) - [7.46 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170816-0814.log [MD5.3062A5F175ABEB8600437B898D2D3F2A] - |A| - [16/08/2017 08:43:59] - (.-.) - [7.47 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170816-0843.log [MD5.020F160FD89A87C150414E476FE7F148] - |A| - [16/08/2017 19:49:15] - (.-.) - [14.58 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170816-1949.log [MD5.B77546AE01709B053A858B4707AA3E03] - |A| - [16/08/2017 19:51:56] - (.-.) - [52.94 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170816-1951.log [MD5.B8B15B2AE5DF234AF66E6FE01F76B0C8] - |A| - [16/08/2017 20:07:19] - (.-.) - [7.47 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170816-2007.log [MD5.C1F3D494D6652C3E5A3BDE925A0CE9A4] - |A| - [16/08/2017 20:18:13] - (.-.) - [197.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170816-2018.log [MD5.7720FCE1755A39F4A2C4A4799A995CCD] - |A| - [16/08/2017 20:33:42] - (.-.) - [7.47 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170816-2033.log [MD5.CEA17F1F08D65F6D2D295C85490C11A5] - |A| - [16/08/2017 21:03:36] - (.-.) - [7.47 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170816-2103.log [MD5.C68D22B30739914B832A32D32C94F184] - |A| - [16/08/2017 21:33:36] - (.-.) - [7.47 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170816-2133.log [MD5.C519D4872899DE0475549AC43A1B31B1] - |A| - [17/08/2017 09:52:12] - (.-.) - [6.41 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170817-0952.log [MD5.B50247C3E55B7272A0D24E58142F31EE] - |A| - [17/08/2017 09:55:03] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170817-0955.log [MD5.65C343CCAF12644B716C911345B1ECD5] - |A| - [17/08/2017 10:07:19] - (.-.) - [7.47 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170817-1007.log [MD5.9872807DE059AFA400F93A29379914D5] - |A| - [17/08/2017 10:09:01] - (.-.) - [113.57 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170817-1009.log [MD5.3F9D889DC5A136EDE09011B72E76316B] - |A| - [17/08/2017 10:23:59] - (.-.) - [676.08 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170817-1023.log [MD5.DDB9BC9A33DF60A61E52E6BACA14D287] - |A| - [17/08/2017 10:24:11] - (.-.) - [10.66 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170817-1024.log [MD5.B72307EF55137314F234FCFC9D17A2A0] - |A| - [17/08/2017 10:24:13] - (.-.) - [36 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170817-1024a.log [MD5.6A2E5128A025783ADFB1782461FF17FD] - |A| - [18/08/2017 15:07:00] - (.-.) - [6.38 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170818-1507.log [MD5.61A95D65321ECAE007E96B26E3CB5CEF] - |A| - [18/08/2017 15:09:52] - (.-.) - [7.47 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170818-1509.log [MD5.7F6BE52D3E768869909E4F5027BF613A] - |A| - [18/08/2017 15:09:54] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170818-1509a.log [MD5.2D88E63B9368837052F96BB43446477D] - |A| - [18/08/2017 15:10:27] - (.-.) - [106.92 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170818-1510.log [MD5.34903AC5F6B48D628A29304298C1CA12] - |A| - [18/08/2017 15:22:10] - (.-.) - [7.46 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170818-1522.log [MD5.41844C874A57B536B2A0B22C2DFA4A43] - |A| - [18/08/2017 15:39:48] - (.-.) - [10.65 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170818-1539.log [MD5.3CFA9FCE49DF3BE90BC881DE19869E6B] - |A| - [18/08/2017 15:39:50] - (.-.) - [24.42 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170818-1539a.log [MD5.41064A0A3A596534D5A602FE1DBB54FA] - |A| - [19/08/2017 08:53:26] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170819-0853.log [MD5.0530399D6202B50AF9DA16283EEF2A5F] - |A| - [19/08/2017 08:56:22] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170819-0856.log [MD5.75E1F00ABEB618DF681F06B9E3322B01] - |A| - [19/08/2017 09:09:57] - (.-.) - [7.46 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170819-0909.log [MD5.2E982E0B9BF43E1393EA62D672533E2F] - |A| - [19/08/2017 09:39:57] - (.-.) - [7.47 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170819-0939.log [MD5.36D6B86AD647F5BC5DFA3D89C8990DC6] - |A| - [19/08/2017 10:09:57] - (.-.) - [7.47 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170819-1009.log [MD5.9A824BAF6147962E4E8CAB8E32E21F13] - |A| - [20/08/2017 08:20:32] - (.-.) - [6.41 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170820-0820.log [MD5.2EC656ECFF06715066A157F5ED959183] - |A| - [20/08/2017 08:23:07] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170820-0823.log [MD5.49638D8298A55E976B0E7E22C5AC04E0] - |A| - [20/08/2017 08:23:07] - (.-.) - [7.47 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170820-0823a.log [MD5.0141D8A808BFCFA546879FD6432674B4] - |A| - [20/08/2017 08:56:23] - (.-.) - [2.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170820-0856.log [MD5.E2F37DFF7B8842AFF93196DD71818A46] - |A| - [21/08/2017 08:03:11] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170821-0803.log [MD5.3C9B43E79D362324264C3A7D399B51AE] - |A| - [21/08/2017 08:18:22] - (.-.) - [7.47 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170821-0818.log [MD5.7C8812265ED5F914F88F47A3AF6E741D] - |A| - [21/08/2017 08:23:08] - (.-.) - [6.41 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170821-0823.log [MD5.3A60FD873260A238343FECB243467723] - |A| - [21/08/2017 08:28:57] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170821-0828.log [MD5.46CCA06F3DDB82C1FF6488092051ADE5] - |A| - [21/08/2017 08:48:22] - (.-.) - [7.47 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170821-0848.log [MD5.27FC0B473FABA244177C235BB681EFB8] - |A| - [21/08/2017 08:56:22] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170821-0856.log [MD5.0D6883B2C119C5485E5215772EB716AD] - |A| - [21/08/2017 09:18:22] - (.-.) - [7.46 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170821-0918.log [MD5.4D40A62A893E63297B103FC8045038C1] - |A| - [21/08/2017 22:56:56] - (.-.) - [11.43 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170821-2256.log [MD5.4D0CA805F8F3135DAD585DAB49E935FC] - |A| - [21/08/2017 22:58:01] - (.-.) - [76.62 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170821-2258.log [MD5.B7304E1EFBC262FD7EF1214A8091F3B5] - |A| - [22/08/2017 09:25:56] - (.-.) - [6.39 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170822-0925.log [MD5.6DD3D262C336D17A0357523C98A94FA5] - |A| - [22/08/2017 09:41:07] - (.-.) - [7.46 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170822-0941.log [MD5.6F744373A4024BA948B3B22E0BC621EE] - |A| - [22/08/2017 09:43:09] - (.-.) - [65.67 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170822-0943.log [MD5.AFF4EFD5D1453583BD4C387C48A80F8A] - |A| - [22/08/2017 09:43:18] - (.-.) - [7.47 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170822-0943a.log [MD5.DC5E85BF1BD7B6B7421488DB73331AEC] - |A| - [22/08/2017 09:51:59] - (.-.) - [22.75 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170822-0951.log [MD5.6B913A9BDD128345413388520D1224CA] - |A| - [22/08/2017 09:52:00] - (.-.) - [36.17 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170822-0952.log [MD5.76744BE97C060E7ACF570DA8F21680C8] - |A| - [22/08/2017 09:52:56] - (.-.) - [20.62 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170822-0952a.log [MD5.BD837B907A215F39DBD7AF7E494C7E97] - |A| - [22/08/2017 09:53:03] - (.-.) - [89.45 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170822-0953.log [MD5.5BDC8D1BD2FD1D40A2B8C7F9659E240A] - |A| - [22/08/2017 10:05:00] - (.-.) - [81.95 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170822-1005.log [MD5.E88A2B710323AF6D8BC86112C4948FB0] - |A| - [22/08/2017 11:24:41] - (.-.) - [7.47 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170822-1124.log [MD5.85EFBC1F1DB585ADC611E2482B25D303] - |A| - [22/08/2017 11:26:39] - (.-.) - [111.46 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170822-1126.log [MD5.FE02F7B7EC2A811890808AF67F5A6A2A] - |A| - [22/08/2017 11:48:03] - (.-.) - [174.76 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170822-1148.log [MD5.4249AF72EEB76D6F72C2B23BB38BEAD8] - |A| - [22/08/2017 11:48:15] - (.-.) - [10.62 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170822-1148a.log [MD5.14F8AC157AC6363C7D9187EF1C2C6125] - |A| - [22/08/2017 11:48:18] - (.-.) - [27.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170822-1148b.log [MD5.0E97EC095426DFA7E0FD8C7A1A25169B] - |A| - [23/08/2017 04:00:02] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170823-0400.log [MD5.194FC27E38EF2B60A8C517EF5FB9C562] - |A| - [23/08/2017 04:36:48] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170823-0436.log [MD5.DA97FBE2C060A7AF006A9A9CB7182655] - |A| - [23/08/2017 09:45:41] - (.-.) - [11.73 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170823-0945.log [MD5.3941BAFBE3890657FFBFC5F15152A357] - |A| - [23/08/2017 09:46:51] - (.-.) - [218.26 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170823-0946.log [MD5.C974D0519F8ED476FDD4C1ECA08723AF] - |A| - [23/08/2017 10:35:23] - (.-.) - [7.47 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170823-1035.log [MD5.A0CD91E979D61C2C58CB46C694D59CAC] - |A| - [23/08/2017 10:35:39] - (.-.) - [104.11 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170823-1035a.log [MD5.D47B91F2D26AAD37A5D2BF93829E30D9] - |A| - [23/08/2017 10:40:12] - (.-.) - [9.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170823-1040.log [MD5.E49DD712A300F98ABD976FEA94E2A430] - |A| - [23/08/2017 10:40:14] - (.-.) - [23.57 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170823-1040a.log [MD5.BD99BDA09F9FAB4D1CBFCD00A3D6BB46] - |A| - [23/08/2017 11:31:58] - (.-.) - [129.53 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170823-1131.log [MD5.4F550080270A950E553C0F4D47F3A220] - |A| - [23/08/2017 11:47:19] - (.-.) - [7.47 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170823-1147.log [MD5.291B23300C2BD5BF4C8EFC4C80DE84A1] - |A| - [23/08/2017 12:17:17] - (.-.) - [7.46 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170823-1217.log [MD5.C8DDFDC9D3B8D6BE5023533BF964F123] - |A| - [23/08/2017 12:47:17] - (.-.) - [7.46 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170823-1247.log [MD5.508DC6B4B562AA73F7CCD4FC83D01DDD] - |A| - [23/08/2017 13:57:37] - (.-.) - [11.35 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170823-1357.log [MD5.5D17025DB2C3FF7CEB459CD29ADF5BF8] - |A| - [23/08/2017 13:58:36] - (.-.) - [129.57 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170823-1358.log [MD5.A0E59628A4E3FEE83FEC39283A7A2F17] - |A| - [23/08/2017 14:13:48] - (.-.) - [7.47 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170823-1413.log [MD5.1BF77C6F84136E63E91C5CBC55F6E509] - |A| - [23/08/2017 14:43:47] - (.-.) - [7.47 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170823-1443.log [MD5.B0D56210795E48E0C74D7564C703E70D] - |A| - [23/08/2017 15:13:48] - (.-.) - [7.46 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170823-1513.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [23/08/2017 15:32:37] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170823-1532.log [MD5.2F283D932C69200262D3489E7DA09BB1] - |A| - [23/08/2017 15:32:38] - (.-.) - [9.73 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170823-1532a.log [MD5.7BD59A9FB01FC533101EBB9C05F469AB] - |A| - [23/08/2017 17:19:34] - (.-.) - [130.12 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170823-1719.log [MD5.1C9A3273DE4C9E99F63D8EEC22157E71] - |A| - [23/08/2017 18:42:02] - (.-.) - [8.64 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170823-1842.log [MD5.D693508C1D74876B693D596C07C7D8B9] - |A| - [23/08/2017 19:12:01] - (.-.) - [7.47 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170823-1912.log [MD5.4CD063505F68F7C1F3195B39249BC15F] - |A| - [23/08/2017 19:42:01] - (.-.) - [7.47 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-791TIIP-20170823-1942.log [MD5.CAAED3B923D9AFD222403E0586461A73] - |A| - [16/08/2017 20:33:38] - (.-.) - [52.85 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\Extract.exe [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [16/08/2017 07:31:42] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\FXSAPIDebugLogFile.txt [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [16/08/2017 07:31:41] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\FXSTIFFDebugLogFile.txt [MD5.62A0865F1F022827F4B6AFE4AB85EE06] - |A| - [19/08/2017 13:19:53] - (.-.) - [14.51 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\HealthCheckAC.xml [MD5.00000000000000000000000000000000] - |D| - [16/07/2017 15:17:18] - [85.03 Ko] - C:\WINDOWS\Temp\HP Support Framework [MD5.3650832FE56E2C3EFCC07D68B6371683] - |A| - [22/08/2017 09:26:08] - (.-.) - [1.18 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\hppldcoi.log [MD5.172F6F5C785E75F53DD585E1998E62D1] - |A| - [15/08/2017 22:54:13] - (.-.) - [302.1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\hpqddsvc.log [MD5.C7C6A2BF9EF2B00462721F1D1942A8E9] - |A| - [15/08/2017 22:55:05] - (.-.) - [7.66 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\HPSLPSVC0000.log [MD5.9C0410A4DAE2D897D4E3B67B35281E21] - |A| - [16/08/2017 19:51:57] - (.-.) - [7.04 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\HPSLPSVC0001.log [MD5.9829B1D2D1C8EB7A894B9B92D7DBB00C] - |A| - [16/08/2017 20:18:15] - (.-.) - [15.78 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\HPSLPSVC0002.log [MD5.7B7B3F189BC4E1467DE4B1EE4177B684] - |A| - [19/08/2017 13:20:24] - (.-.) - [13.9 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\HPSLPSVC0003.log [MD5.8565280FB85057AC7BF27ACDBB861F5C] - |A| - [21/08/2017 22:57:59] - (.-.) - [9.35 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\HPSLPSVC0004.log [MD5.132BF1B03E8A3CDC87A28203591B9374] - |A| - [22/08/2017 09:52:53] - (.-.) - [6.19 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\HPSLPSVC0005.log [MD5.65BF0F6E4FC67819A2C79359694FAB68] - |A| - [22/08/2017 10:04:58] - (.-.) - [6.29 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\HPSLPSVC0006.log [MD5.AA0A673A1D42BF3D8BA02DDAA130BFC4] - |A| - [23/08/2017 09:46:34] - (.-.) - [4.82 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\HPSLPSVC0007.log [MD5.0C1499A7696B20BE3FE5D593359C90F3] - |A| - [23/08/2017 11:31:59] - (.-.) - [6.09 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\HPSLPSVC0008.log [MD5.A63BE7CD98D5B82E10F5E70EE748A934] - |A| - [23/08/2017 13:58:37] - (.-.) - [6.28 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\HPSLPSVC0009.log [MD5.FC3AD8355FB4CF7FD55F8BDD4A8C90CC] - |A| - [23/08/2017 17:19:35] - (.-.) - [4.56 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\HPSLPSVC0010.log [MD5.F0E97415F0BCB28B22D1E48CCDEE9435] - |A| - [15/08/2017 23:05:18] - (.-.) - [66.31 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MpCmdRun.log [MD5.7C69330494A8828F3C7D62169E242F50] - |A| - [17/08/2017 10:02:14] - (.-.) - [84.28 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MpSigStub.log [MD5.00000000000000000000000000000000] - |D| - [23/08/2017 15:29:36] - [0 Ko] - C:\WINDOWS\Temp\MPTelemetrySubmit [MD5.00000000000000000000000000000000] - |D| - [15/08/2017 23:05:07] - [20 Ko] - C:\WINDOWS\Temp\NVIDIA Corporation [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [15/08/2017 22:55:04] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(20170815225504C1C).log [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [17/08/2017 10:24:00] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(201708171024001BA0).log [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [21/08/2017 22:56:57] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(201708212256572FB0).log [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [21/08/2017 22:58:02] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(20170821225802FD0).log [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [22/08/2017 09:43:09] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(201708220943092F28).log [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [22/08/2017 09:52:00] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(20170822095200180).log [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [22/08/2017 09:53:04] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(2017082209530414C4).log [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [22/08/2017 11:48:03] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(2017082211480317C).log [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [23/08/2017 11:31:58] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(20170823113158B98).log [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [23/08/2017 13:57:38] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(201708231357386FC).log [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [23/08/2017 13:58:36] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(20170823135836B64).log [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [23/08/2017 15:32:38] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(201708231532382D80).log [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [23/08/2017 15:32:38] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(201708231532382F20).log [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [23/08/2017 17:19:34] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(20170823171934B64).log [MD5.1BFC1A3BF36C36CD1E8231048D7F512B] - |A| - [16/08/2017 11:35:38] - (.(C) Copyright 2017 HP Inc. - HP PC Hardware Diagnostics UEFI .) - [34084.72 Ko] - (4.0.100.1189) - C:\WINDOWS\Temp\sp80223.exe [MD5.800BB6A69B9F35A67337244A7928B85F] - |A| - [19/07/2017 11:56:51] - (. - HP Consumer Desktop PC BIOS Update (ROM Family SSID 82F1).) - [8790.82 Ko] - (4.0.100.1189) - C:\WINDOWS\Temp\sp80767.exe [MD5.9561ACF611D93CD0B69351837DE3C83F] - |A| - [09/08/2017 10:42:28] - (. - .) - [1273.17 Ko] - (4.0.100.1189) - C:\WINDOWS\Temp\sp81254.exe [MD5.358A416B5EDD4AA7810D0D41542C6581] - |A| - [17/08/2017 09:55:54] - (.-.) - [0.24 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\temF97C.tmp [MD5.00000000000000000000000000000000] - |D| - [23/08/2017 18:36:55] - [0 Ko] - C:\WINDOWS\Temp\tw2AF3.tmp [MD5.00000000000000000000000000000000] - |D| - [23/08/2017 18:37:01] - [0 Ko] - C:\WINDOWS\Temp\tw415B.tmp [MD5.00000000000000000000000000000000] - |D| - [23/08/2017 18:36:01] - [0 Ko] - C:\WINDOWS\Temp\tw59B4.tmp [MD5.00000000000000000000000000000000] - |D| - [23/08/2017 18:36:01] - [0 Ko] - C:\WINDOWS\Temp\tw59F4.tmp [MD5.00000000000000000000000000000000] - |D| - [23/08/2017 18:36:01] - [0 Ko] - C:\WINDOWS\Temp\tw5A83.tmp [MD5.00000000000000000000000000000000] - |D| - [23/08/2017 18:36:02] - [0 Ko] - C:\WINDOWS\Temp\tw5B8F.tmp [MD5.00000000000000000000000000000000] - |D| - [23/08/2017 18:36:09] - [0 Ko] - C:\WINDOWS\Temp\tw78CD.tmp [MD5.00000000000000000000000000000000] - |D| - [23/08/2017 18:36:17] - [0 Ko] - C:\WINDOWS\Temp\tw9669.tmp [MD5.00000000000000000000000000000000] - |D| - [23/08/2017 18:36:23] - [0 Ko] - C:\WINDOWS\Temp\twAFB0.tmp [MD5.00000000000000000000000000000000] - |D| - [23/08/2017 18:36:31] - [0 Ko] - C:\WINDOWS\Temp\twCD4C.tmp [MD5.00000000000000000000000000000000] - |D| - [23/08/2017 18:36:40] - [0 Ko] - C:\WINDOWS\Temp\twEFBB.tmp [MD5.00000000000000000000000000000000] - |D| - [23/08/2017 18:36:48] - [0 Ko] - C:\WINDOWS\Temp\twF6A.tmp [MD5.2F805F781C6ABB9DDCED0CE021C92094] - |A| - [21/08/2017 20:59:24] - (.-.) - [0.09 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WERF4EC.tmp.WERDataCollectionStatus.txt [MD5.00000000000000000000000000000000] - |D| - [20/03/2017 07:10:26] - [0 Ko] - C:\WINDOWS\System32\0409 [MD5.00000000000000000000000000000000] - |D| - [16/08/2017 12:28:06] - [105.7 Ko] - C:\WINDOWS\System32\1028 [MD5.00000000000000000000000000000000] - |D| - [16/08/2017 12:28:06] - [110.7 Ko] - C:\WINDOWS\System32\1029 [MD5.00000000000000000000000000000000] - |D| - [16/08/2017 12:28:06] - [111.69 Ko] - C:\WINDOWS\System32\1031 [MD5.00000000000000000000000000000000] - |D| - [16/08/2017 12:28:06] - [110.04 Ko] - C:\WINDOWS\System32\1033 [MD5.00000000000000000000000000000000] - |D| - [16/08/2017 12:28:06] - [111.2 Ko] - C:\WINDOWS\System32\1036 [MD5.00000000000000000000000000000000] - |D| - [16/08/2017 12:28:06] - [110.7 Ko] - C:\WINDOWS\System32\1040 [MD5.00000000000000000000000000000000] - |D| - [16/08/2017 12:28:06] - [107.7 Ko] - C:\WINDOWS\System32\1041 [MD5.00000000000000000000000000000000] - |D| - [16/08/2017 12:28:06] - [107.2 Ko] - C:\WINDOWS\System32\1042 [MD5.00000000000000000000000000000000] - |D| - [16/08/2017 12:28:06] - [111.7 Ko] - C:\WINDOWS\System32\1045 [MD5.00000000000000000000000000000000] - |D| - [16/08/2017 12:28:06] - [110.69 Ko] - C:\WINDOWS\System32\1046 [MD5.00000000000000000000000000000000] - |D| - [16/08/2017 12:28:06] - [110.69 Ko] - C:\WINDOWS\System32\1049 [MD5.00000000000000000000000000000000] - |D| - [16/08/2017 12:28:06] - [110.7 Ko] - C:\WINDOWS\System32\1055 [MD5.00000000000000000000000000000000] - |D| - [16/08/2017 12:28:06] - [105.2 Ko] - C:\WINDOWS\System32\2052 [MD5.00000000000000000000000000000000] - |D| - [16/08/2017 12:28:06] - [111.2 Ko] - C:\WINDOWS\System32\3082 [MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [18/03/2017 22:57:42] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@AudioToastIcon.png [MD5.8E4B25CC8E98F63DBD54176DFAB539E0] - |A| - [18/03/2017 22:58:18] - (.-.) - [0.44 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@BackgroundAccessToastIcon.png [MD5.3937359E324E15F6A7A7092D4DAEBD64] - |A| - [18/03/2017 22:57:25] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@bitlockertoastimage.png [MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [18/03/2017 22:58:17] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@EnrollmentToastIcon.png [MD5.373CF57FF3DAAEEB629F90CE7226B30D] - |A| - [18/03/2017 22:58:29] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@language_notification_icon.png [MD5.46DACDA5036EBECEDF08427407E3017C] - |A| - [18/03/2017 22:58:29] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@optionalfeatures.png [MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [18/03/2017 22:58:21] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@VpnToastIcon.png [MD5.7AC3EA1A5175106ED6467FF0C5315541] - |A| - [18/03/2017 22:58:18] - (.-.) - [14.75 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WiFiNotificationIcon.png [MD5.13EF2C8D799F7B6E9D8E3D6BACB9C779] - |A| - [18/03/2017 22:57:53] - (.-.) - [0.7 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsHelloFaceToastIcon.png [MD5.F553B252FEC3134D4F5303D9B25298B3] - |A| - [18/03/2017 22:56:40] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsUpdateToastIcon.png [MD5.D0FCF781D0801ABF5F74B54E98076A5B] - |A| - [18/03/2017 22:58:13] - (.-.) - [0.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WwanNotificationIcon.png [MD5.85D91E478AF18125007C531227FF6E59] - |A| - [18/03/2017 22:58:13] - (.-.) - [0.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WwanSimLockIcon.png [MD5.E21E74D118E16FF9BA42A6F87F34E9B0] - |A| - [18/03/2017 22:57:00] - (.-.) - [435.67 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ApnDatabase.xml [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\System32\AppLocker [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [2480.52 Ko] - C:\WINDOWS\System32\appraiser [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [273.5 Ko] - C:\WINDOWS\System32\ar-SA [MD5.EFFD0ABB4DDD2CCDD511F903D042AD5B] - |A| - [18/03/2017 22:57:05] - (.-.) - [77.65 Ko] - (0.0.0.0) - C:\WINDOWS\System32\AverageRoom.bin [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [255.5 Ko] - C:\WINDOWS\System32\bg-BG [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [4546.61 Ko] - C:\WINDOWS\System32\Boot [MD5.B13766AFE48C3CF775F53CE90488F7DE] - |A| - [18/03/2017 22:57:03] - (.Copyright (C) 2008 - Gestionnaire de contexte pour réseau personnel Bluetooth.) - [90.5 Ko] - (1.0.0.1) - C:\WINDOWS\System32\BthpanContextHandler.dll [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0.93 Ko] - C:\WINDOWS\System32\Bthprops [MD5.4B307488C9D3D1030DEC61FA4DAC7EE0] - |RA| - [18/03/2017 22:59:10] - (.-.) - [116.23 Ko] - (0.0.0.0) - C:\WINDOWS\System32\CaptureBrackets.hcp [MD5.DC112F4CFDF23AAF5CB0F46BE92CB1CE] - |RA| - [18/03/2017 22:59:10] - (.-.) - [122.08 Ko] - (0.0.0.0) - C:\WINDOWS\System32\CaptureCountdown.hcp [MD5.F80C2CB1D5A28528D662B0DDF440F0F3] - |RA| - [18/03/2017 22:59:10] - (.-.) - [17.39 Ko] - (0.0.0.0) - C:\WINDOWS\System32\CaptureToast.hcp [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 13:40:20] - [57247.78 Ko] - C:\WINDOWS\System32\CatRoot [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [46282.21 Ko] - C:\WINDOWS\System32\catroot2 [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [2987.67 Ko] - C:\WINDOWS\System32\CodeIntegrity [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [357.5 Ko] - C:\WINDOWS\System32\Com [MD5.954964A16E5533C59E8CE090174D06E7] - |A| - [06/04/2017 09:39:01] - (.2013 © Real Sound Lab SIA, iSoft Solutions - CONEQ™ Media Suite APO GUI Library.) - [119.45 Ko] - (1.0.0.4) - C:\WINDOWS\System32\CONEQMSAPOGUILibrary.dll [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 13:40:20] - [412232.61 Ko] - C:\WINDOWS\System32\config [MD5.00000000000000000000000000000000] - |SD| - [18/03/2017 23:03:29] - [51.27 Ko] - C:\WINDOWS\System32\Configuration [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [300.5 Ko] - C:\WINDOWS\System32\cs-CZ [MD5.9E59315C0CB333D9F47455B8E591A3DE] - |A| - [06/04/2017 09:39:01] - (.©Conexant Systems Inc. - Conexant APO.) - [1580.34 Ko] - (1.65.0.0) - C:\WINDOWS\System32\CX64APO.dll [MD5.D7709596BA618021D08A4D63C92E34E1] - |A| - [06/04/2017 09:39:01] - (.©Conexant Systems Inc. - Conexant MFX APO Proxy.) - [1493.3 Ko] - (1.2.0.0) - C:\WINDOWS\System32\CX64Proxy.dll [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [295 Ko] - C:\WINDOWS\System32\da-DK [MD5.75BC227ACD70C906785DB11F853165E4] - |A| - [18/03/2017 22:58:29] - (.-.) - [84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DataStoreCacheDumpTool.exe [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [190.86 Ko] - C:\WINDOWS\System32\DDFs [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [333 Ko] - C:\WINDOWS\System32\de-DE [MD5.618BA9E529EAB7E11DBA43469481835F] - |A| - [18/03/2017 22:57:05] - (.-.) - [4128.04 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultHrtfs.bin [MD5.664AA698FC0106A2B075A641E8DC6302] - |A| - [18/03/2017 23:03:37] - (.-.) - [0.84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultQuestions.json [MD5.00000000000000000000000000000000] - |SD| - [18/03/2017 23:03:29] - [870 Ko] - C:\WINDOWS\System32\DiagSvcs [MD5.E82380D30048D73E4D4CB8C925F6E721] - |A| - [18/03/2017 22:57:58] - (.-.) - [90.03 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DiskSnapshot.conf [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 13:40:22] - [7526.04 Ko] - C:\WINDOWS\System32\Dism [MD5.B438E6C7A6C395E0C2B31E80112C3ACE] - |A| - [12/07/2017 12:10:37] - (.-.) - [31.18 Ko] - (0.0.0.0) - C:\WINDOWS\System32\edgehtmlpluginpolicy.bin [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [329.5 Ko] - C:\WINDOWS\System32\el-GR [MD5.15440B7E2BB0F08E4F5383F2EA35980B] - |A| - [08/07/2017 17:14:28] - (.-.) - [22.57 Ko] - (0.0.0.0) - C:\WINDOWS\System32\emptyregdb.dat [MD5.00000000000000000000000000000000] - |D| - [20/03/2017 07:10:26] - [0 Ko] - C:\WINDOWS\System32\en [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [242.5 Ko] - C:\WINDOWS\System32\en-GB [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [2159.03 Ko] - C:\WINDOWS\System32\en-US [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [322 Ko] - C:\WINDOWS\System32\es-ES [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [266 Ko] - C:\WINDOWS\System32\es-MX [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [239 Ko] - C:\WINDOWS\System32\et-EE [MD5.00000000000000000000000000000000] - |SD| - [18/03/2017 23:03:29] - [28452.16 Ko] - C:\WINDOWS\System32\F12 [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [300.5 Ko] - C:\WINDOWS\System32\fi-FI [MD5.50E26543AF722B969CE8BF3265B6E2AB] - |A| - [08/07/2017 17:02:31] - (.-.) - [427.33 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FNTCACHE.DAT [MD5.00000000000000000000000000000000] - |D| - [20/03/2017 07:10:26] - [3402.5 Ko] - C:\WINDOWS\System32\fr [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [273 Ko] - C:\WINDOWS\System32\fr-CA [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [44643.75 Ko] - C:\WINDOWS\System32\fr-FR [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\System32\FxsTmp [MD5.D07F2281427BD098356EE74B6CB26B86] - |A| - [18/03/2017 22:57:02] - (.-.) - [89 Ko] - (0.0.0.0) - C:\WINDOWS\System32\gatherNetworkInfo.vbs [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [0 Ko] - C:\WINDOWS\System32\GroupPolicy [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [0 Ko] - C:\WINDOWS\System32\GroupPolicyUsers [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [260.5 Ko] - C:\WINDOWS\System32\he-IL [MD5.762F865F75F21FCB260E7C95404B5110] - |A| - [18/03/2017 22:58:18] - (.-.) - [122.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeatCore.dll [MD5.7B7859030FF4D38A912A7BCC4A1B3B5E] - |A| - [18/03/2017 22:59:09] - (.-.) - [14 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HolographicShareInterop.ProxyStub.dll [MD5.6813927F6A57291B8434A957CAED2EEB] - |A| - [19/01/2010 15:12:08] - (.Copyright © 2009 - WSDResolver Dynamic Link Library.) - [68.5 Ko] - (1.0.0.1) - C:\WINDOWS\System32\HPBWSDR.DLL [MD5.E28D133FA5DE125BA95D7F97FC136C44] - |A| - [15/07/2017 08:12:05] - (.Copyright (C) 1999 - LanguageMonitor.) - [133.5 Ko] - (0.3.213.106) - C:\WINDOWS\System32\hpf3l70w.dll [MD5.5B50CDC567CE0E85468F32A585291662] - |A| - [27/11/2009 12:15:28] - (.Copyright © 2005 - bidichan.) - [223.5 Ko] - (1.5.1.1) - C:\WINDOWS\System32\hplbddrv.dll [MD5.20E6EA53EE975C8BD24FA63C0DF022B4] - |A| - [06/04/2017 08:04:52] - (.Copyright (C) 2014 -.) - [141.29 Ko] - (1.3.0.1) - C:\WINDOWS\System32\HPMUIDir.exe [MD5.A59F9CE5EA6537C78374A9F6FDAA5123] - |A| - [15/07/2017 08:11:07] - (.Copyright (C) 2008 - HP Installer Coinstaller.) - [627.3 Ko] - (13.0.248.0) - C:\WINDOWS\System32\hpzids40.dll [MD5.A565537F1580872AE5B95D0CA457D780] - |A| - [18/03/2017 22:58:01] - (.-.) - [44.4 Ko] - (0.0.0.0) - C:\WINDOWS\System32\hypervisor.mof [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [5.36 Ko] - C:\WINDOWS\System32\ias [MD5.6DF9BA3AD0CD866EE939C4C49CEA7B30] - |A| - [18/03/2017 22:57:35] - (.-.) - [188.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\IHDS.dll [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [25850.67 Ko] - C:\WINDOWS\System32\IME [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [5388.95 Ko] - C:\WINDOWS\System32\inetsrv [MD5.479B7966309A411BF4FC34898AC96557] - |A| - [18/03/2017 22:58:10] - (.-.) - [134.77 Ko] - (0.0.0.0) - C:\WINDOWS\System32\InputHost.dll [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [6446.5 Ko] - C:\WINDOWS\System32\InputMethod [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\System32\Ipmi [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [326.5 Ko] - C:\WINDOWS\System32\it-IT [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [236 Ko] - C:\WINDOWS\System32\ja-jp [MD5.050BC9351A3386458B696F8BCA78B27B] - |A| - [18/03/2017 22:57:05] - (.-.) - [145.55 Ko] - (0.0.0.0) - C:\WINDOWS\System32\LargeRoom.bin [MD5.C15D2C94E3C94CEFE8DE6A9D36C35FD1] - |A| - [13/10/2016 21:55:18] - (.(C) 1991-2012 Logitech. - LDA Component Extensions (UNICODE).) - [2410.45 Ko] - (1.10.77.0) - C:\WINDOWS\System32\LdaCx2.dll [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [79.18 Ko] - C:\WINDOWS\System32\Licenses [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [11473.52 Ko] - C:\WINDOWS\System32\LogFiles [MD5.1F1E9FBB7FE7A39A84A061F6EF7003B4] - |A| - [13/10/2016 21:55:24] - (.Copyright © 2010-2012 Logitech. All Rights Reserved - Logitech Download Assistant.) - [3850.45 Ko] - (1.10.77.0) - C:\WINDOWS\System32\LogiLDA.DLL [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [244.5 Ko] - C:\WINDOWS\System32\lt-LT [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [246.5 Ko] - C:\WINDOWS\System32\lv-LV [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [58629.08 Ko] - C:\WINDOWS\System32\Macromed [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [32.68 Ko] - C:\WINDOWS\System32\MailContactsCalendarSync [MD5.FFED99DB5805637345A0FCF68BB0F99F] - |A| - [14/08/2017 17:56:36] - (.-.) - [760 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MBR2GPT.EXE [MD5.BC74BDA8DC53F722C2CA686071600AE2] - |A| - [18/03/2017 22:57:05] - (.-.) - [107.45 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediumRoom.bin [MD5.00000000000000000000000000000000] - |D| - [08/07/2017 17:53:14] - [1110.45 Ko] - C:\WINDOWS\System32\Microsoft [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [5839.03 Ko] - C:\WINDOWS\System32\migration [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [47457.11 Ko] - C:\WINDOWS\System32\migwiz [MD5.00000000000000000000000000000000] - |D| - [08/07/2017 20:49:13] - [0 Ko] - C:\WINDOWS\System32\MRT [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [45.5 Ko] - C:\WINDOWS\System32\MSDRM [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [4212.28 Ko] - C:\WINDOWS\System32\MsDtc [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [19.15 Ko] - C:\WINDOWS\System32\MUI [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [290 Ko] - C:\WINDOWS\System32\nb-NO [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [640 Ko] - C:\WINDOWS\System32\NDF [MD5.C6327A05BD8E2BCF40B78EA8D1B3D6E0] - |A| - [08/07/2017 17:02:39] - (.-.) - [33.41 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NetSetupMig.log [MD5.C146E873B22C3B300B21A859FE66C27A] - |A| - [18/03/2017 22:57:02] - (.-.) - [21.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NetTrace.PLA.Diagnostics.xml [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [51 Ko] - C:\WINDOWS\System32\networklist [MD5.A1AEDB9202950B42A3FAFBA2CFFB8B2F] - |A| - [07/05/2017 23:23:22] - (.-.) - [0.65 Ko] - (0.0.0.0) - C:\WINDOWS\System32\nv-vk64.json [MD5.F7A612ED13BADDF0F602554211F7BFA5] - |A| - [08/07/2017 17:05:03] - (.-.) - [7667.72 Ko] - (0.0.0.0) - C:\WINDOWS\System32\nvcoproc.bin [MD5.2619816BBFDECC5291736FDC8B9784AA] - |A| - [17/01/2017 01:37:20] - (.-.) - [44 Ko] - (0.0.0.0) - C:\WINDOWS\System32\nvinfo.pb [MD5.42256DDFDF673E3FB6C236CB1FF49FE0] - |A| - [06/04/2017 09:41:48] - (.-.) - [109.59 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NvRtmpStreamer64.dll [MD5.C9246EF96F14CB2F0C393F73A20590D8] - |A| - [18/03/2017 23:03:38] - (.-.) - [15.57 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OEMDefaultAssociations.xml [MD5.2901049544FDF863362FABA2363EB647] - |A| - [18/03/2017 22:57:12] - (.-.) - [0.82 Ko] - (0.0.0.0) - C:\WINDOWS\System32\onlinesetup.cmd [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [24818.03 Ko] - C:\WINDOWS\System32\oobe [MD5.2AD7B4F3C8D2BB686D231EDFF404B7A4] - |A| - [17/07/2017 05:08:23] - (.Copyright (C) 2000-2006 - Standard OpenAL(TM) Implementation.) - [120.02 Ko] - (6.14.357.24) - C:\WINDOWS\System32\OpenAL32.dll [MD5.42D2360079B1DF3230024AE920737367] - |A| - [18/03/2017 22:57:05] - (.-.) - [45.81 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OutdoorAudioEnvironment.bin [MD5.75D360642A80D2CD72406936B1868258] - |A| - [18/03/2017 23:05:34] - (.-.) - [294 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc009.dat [MD5.A98B4256F69804E745AADAF7114E3E62] - |A| - [20/03/2017 07:10:29] - (.-.) - [335.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc00C.dat [MD5.1E60BC5E525063B96078DF17FBD3C4E1] - |A| - [18/03/2017 23:05:34] - (.-.) - [32.64 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd009.dat [MD5.9F9AF8517189B0D61B2615007E071084] - |A| - [20/03/2017 07:10:29] - (.-.) - [39.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd00C.dat [MD5.36C94E5358C6F17FAE7478E66919892F] - |A| - [18/03/2017 23:05:34] - (.-.) - [925.52 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh009.dat [MD5.E665989E3B54FBBDB769EF68D93A386A] - |A| - [20/03/2017 07:10:29] - (.-.) - [1379.65 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh00C.dat [MD5.32697023B90B6E49A10B4B9C993E6584] - |A| - [08/07/2017 17:05:30] - (.-.) - [2956.14 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PerfStringBackup.INI [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [310 Ko] - C:\WINDOWS\System32\pl-PL [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [634.5 Ko] - C:\WINDOWS\System32\PointOfService [MD5.686E760C5AEA12E78A85B617B76D99A9] - |A| - [15/07/2017 08:11:02] - (.-.) - [3776.41 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PortChanger.exe [MD5.00000000000000000000000000000000] - |D| - [20/03/2017 07:10:27] - [420.42 Ko] - C:\WINDOWS\System32\Printing_Admin_Scripts [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\System32\ProximityToast [MD5.007893E8374C766471239EB291BA8C17] - |A| - [18/03/2017 22:57:54] - (.-.) - [4.05 Ko] - (0.0.0.0) - C:\WINDOWS\System32\psmodulediscoveryprovider.mof [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [311.5 Ko] - C:\WINDOWS\System32\pt-BR [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [307 Ko] - C:\WINDOWS\System32\pt-PT [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [23.75 Ko] - C:\WINDOWS\System32\ras [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\System32\RasToast [MD5.692DC6EF573FFCDD9DFB55D1C783DB93] - |A| - [18/03/2017 22:58:01] - (.-.) - [0.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\removehypervisor.mof [MD5.D9DF00023703568AE6B4303E3C5C90BB] - |A| - [18/03/2017 22:57:47] - (.-.) - [8.84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriHMImageList [MD5.99C7924C7268BABB5C4E3CFD2EE03331] - |A| - [18/03/2017 22:57:47] - (.-.) - [8.28 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriImageList [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0.07 Ko] - C:\WINDOWS\System32\restore [MD5.498BF5383C6F44B589623F12E31600A9] - |A| - [06/04/2017 09:39:09] - (.© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DAA Control Panel x64.) - [314.18 Ko] - (6.0.6001.18) - C:\WINDOWS\System32\RP3DAA64.dll [MD5.5C145285B1EB7607550C4A72F47CB78E] - |A| - [06/04/2017 09:39:09] - (.© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DHT Control Panel x64.) - [314.18 Ko] - (6.0.6001.18) - C:\WINDOWS\System32\RP3DHT64.dll [MD5.D7CFCE6811519582690065C21088E9A5] - |A| - [06/04/2017 09:44:40] - (.Copyright (C) 2014 - RtCRX.) - [82.5 Ko] - (1.11.9600.0) - C:\WINDOWS\System32\RtCRX64.dll [MD5.281DC79EA0D996AF4FA205ED3233842F] - |A| - [06/04/2017 09:39:09] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 COM DLL x64.) - [209.8 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEED64A.dll [MD5.65C8CAE9C440391EC03B9C50D111DD41] - |A| - [06/04/2017 09:39:09] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 GFX APO x64.) - [86.28 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEEG64A.dll [MD5.740F5A516EB824279ACC9581131C8CFA] - |A| - [06/04/2017 09:39:09] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 LFX APO x64.) - [108.38 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEEL64A.dll [MD5.10729E60F28EABC7A04F6230611402A1] - |A| - [06/04/2017 09:39:10] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 Control Panel x64.) - [378.24 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEEP64A.dll [MD5.4462BED59318232F5F76FAC0F621E271] - |A| - [06/04/2017 09:58:17] - (.-.) - [14.47 Ko] - (0.0.0.0) - C:\WINDOWS\System32\scanstate.log [MD5.5C18CD22BE4628865FCB63337A6E5EF6] - |A| - [18/03/2017 22:59:52] - (.-.) - [10.18 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScavengeSpace.xml [MD5.A8308D2F3DDE0745E8B678BF69A2ECD0] - |A| - [18/03/2017 22:58:03] - (.-.) - [8 Ko] - (0.0.0.0) - C:\WINDOWS\System32\settings.dat [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [253 Ko] - C:\WINDOWS\System32\sk-SK [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [249 Ko] - C:\WINDOWS\System32\sl-SI [MD5.B0815CBE58ECDDCB73DB63C1DE995084] - |A| - [06/04/2017 09:39:11] - (.Copyright (C) 2016 DTS, Inc. - DTS Universal APO DLL.) - [1017.32 Ko] - (3.5.12.0) - C:\WINDOWS\System32\sl3apo64.dll [MD5.805F231215FC76F16D46B3E8BAD5353C] - |A| - [06/04/2017 09:39:11] - (.Copyright (C) 2016 DTS, Inc. - DTS APO Controller DLL.) - [2152.1 Ko] - (3.5.12.0) - C:\WINDOWS\System32\slcnt64.dll [MD5.00000000000000000000000000000000] - |D| - [08/07/2017 17:02:35] - [19723.38 Ko] - C:\WINDOWS\System32\SleepStudy [MD5.00000000000000000000000000000000] - |D| - [20/03/2017 07:10:27] - [52.14 Ko] - C:\WINDOWS\System32\slmgr [MD5.03C6BF5D9BBC5D3EB77DB4547865DC07] - |A| - [06/04/2017 09:39:12] - (.TODO: (c) . - TODO: .) - [252.8 Ko] - (1.0.0.1) - C:\WINDOWS\System32\slprp64.dll [MD5.E1A7F9F67F9AD5B9E689987AB219BBA7] - |A| - [06/04/2017 09:39:12] - (.Copyright (C) 2016 DTS, Inc. - DTS APO Technology DLL.) - [2643.42 Ko] - (3.5.12.0) - C:\WINDOWS\System32\sltech64.dll [MD5.1C6F12AA3D178A0A953E8005B3CD4CDE] - |A| - [18/03/2017 22:57:05] - (.-.) - [68.14 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SmallRoom.bin [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 13:40:20] - [13385.02 Ko] - C:\WINDOWS\System32\SMI [MD5.76F8BDA4D4AA4AA4C4D84C2E2660E6FF] - |A| - [18/03/2017 22:57:05] - (.-.) - [36.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SpectrumSyncClient.dll [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [7504.91 Ko] - C:\WINDOWS\System32\Speech [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [11622.62 Ko] - C:\WINDOWS\System32\Speech_OneCore [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [91967.14 Ko] - C:\WINDOWS\System32\spool [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [7274.92 Ko] - C:\WINDOWS\System32\spp [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [31.88 Ko] - C:\WINDOWS\System32\sppui [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [0 Ko] - C:\WINDOWS\System32\sr-Latn-CS [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [251.5 Ko] - C:\WINDOWS\System32\sr-Latn-RS [MD5.EE5E785F7310BBFC0B3766C82F1E2D69] - |A| - [06/04/2017 09:39:12] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRAPO.DLL.) - [456.21 Ko] - (4.0.0.59) - C:\WINDOWS\System32\SRAPO64.dll [MD5.E674760495D0E72041778B61DA94C3AF] - |A| - [06/04/2017 09:39:12] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRCOM.DLL.) - [333.16 Ko] - (4.0.0.59) - C:\WINDOWS\System32\SRCOM.dll [MD5.5E11E4752D51C62D2C21446EF8F04B24] - |A| - [06/04/2017 09:39:12] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRCOM.DLL.) - [372.48 Ko] - (4.0.0.59) - C:\WINDOWS\System32\SRCOM64.dll [MD5.5128BC123224124D67397A1BE698431C] - |A| - [18/03/2017 22:57:16] - (.-.) - [56.63 Ko] - (0.0.0.0) - C:\WINDOWS\System32\srms.dat [MD5.8C6FEA9F2625B7FE7C857C3DE53630DC] - |A| - [06/04/2017 09:39:12] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRRPTR.DLL.) - [1401.51 Ko] - (4.0.0.59) - C:\WINDOWS\System32\SRRPTR64.dll [MD5.6A0059982CF50D2A4A0329B58F0CEF9E] - |A| - [06/04/2017 09:39:12] - (.(c) 2007 SRS Labs, Inc. - COM object implementing SRS Headphone 360.) - [204.63 Ko] - (1.1.0.0) - C:\WINDOWS\System32\SRSHP64.dll [MD5.00000000000000000000000000000000] - |D| - [08/07/2017 17:04:28] - [2267.74 Ko] - C:\WINDOWS\System32\SRSLabs [MD5.7EEC7C32E35964EDF3B9A417B88F287D] - |A| - [06/04/2017 09:39:12] - (.Copyright (c) 2006 SRS Labs, Inc.. - TruSurround HD and HD4 COM object for Windows.) - [216.77 Ko] - (1.1.4.0) - C:\WINDOWS\System32\SRSTSH64.dll [MD5.37C7853FE89566E9E0CB393BBB29A855] - |A| - [06/04/2017 09:39:12] - (.Copyright 2002 SRS Labs, Inc. - TruSurroundXT Module.) - [519.91 Ko] - (3.2.0.0) - C:\WINDOWS\System32\SRSTSX64.dll [MD5.AF0E969BE6812DE0C13F8327D572C44A] - |A| - [06/04/2017 09:39:12] - (.(c) 2006 SRS Labs, Inc. - WOW HD COM object for Windows.) - [162.31 Ko] - (1.1.3.0) - C:\WINDOWS\System32\SRSWOW64.dll [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [23896 Ko] - C:\WINDOWS\System32\sru [MD5.E042A078EDE878E1F489D08F045D2205] - |A| - [18/03/2017 22:57:05] - (.-.) - [368.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ssdm.dll [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [296 Ko] - C:\WINDOWS\System32\sv-SE [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 13:40:22] - [1596.68 Ko] - C:\WINDOWS\System32\Sysprep [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [906.28 Ko] - C:\WINDOWS\System32\SystemResetPlatform [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [598.64 Ko] - C:\WINDOWS\System32\Tasks [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [565.32 Ko] - C:\WINDOWS\System32\Tasks_Migrated [MD5.D602CA245CC6774A0981B607F0675609] - |A| - [18/03/2017 22:58:24] - (.-.) - [58.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\tcpmon.ini [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [234 Ko] - C:\WINDOWS\System32\th-TH [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [293 Ko] - C:\WINDOWS\System32\tr-TR [MD5.B88B8D017386A00D7724519F475317A0] - |A| - [18/03/2017 22:58:18] - (.-.) - [10.33 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlan.xslt [MD5.2F05390B798363D51EBE65D6320CD45E] - |A| - [18/03/2017 22:58:18] - (.-.) - [1.65 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlanCredentials.xslt [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [247 Ko] - C:\WINDOWS\System32\uk-UA [MD5.00000000000000000000000000000000] - |D| - [07/07/2017 23:19:42] - [2199.72 Ko] - C:\WINDOWS\System32\UNP [MD5.6632EC0848E7C2745695C9FC25416789] - |A| - [10/03/2017 23:17:14] - (.Copyright (C) 2015-2017 - Vulkan Loader.) - [524.28 Ko] - (1.0.42.1) - C:\WINDOWS\System32\vulkan-1-1-0-42-1.dll [MD5.6632EC0848E7C2745695C9FC25416789] - |A| - [08/07/2017 20:47:24] - (.Copyright (C) 2015-2017 - Vulkan Loader.) - [524.28 Ko] - (1.0.42.1) - C:\WINDOWS\System32\vulkan-1.dll [MD5.5D71BF91F7F8760097BE36B38B76BB09] - |A| - [10/03/2017 23:17:10] - (.-.) - [248.28 Ko] - (0.0.0.0) - C:\WINDOWS\System32\vulkaninfo-1-1-0-42-1.exe [MD5.5D71BF91F7F8760097BE36B38B76BB09] - |A| - [08/07/2017 20:47:24] - (.-.) - [248.28 Ko] - (0.0.0.0) - C:\WINDOWS\System32\vulkaninfo.exe [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [91438.44 Ko] - C:\WINDOWS\System32\wbem [MD5.00000000000000000000000000000000] - |D| - [20/03/2017 07:10:27] - [0 Ko] - C:\WINDOWS\System32\WCN [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [105978.57 Ko] - C:\WINDOWS\System32\WDI [MD5.6EDD021A8B6457DDE09DE7B7FA4E8C8B] - |A| - [18/03/2017 22:57:19] - (.-.) - [0.6 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WdsUnattendTemplate.xml [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [1.12 Ko] - C:\WINDOWS\System32\WinBioDatabase [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [76166.45 Ko] - C:\WINDOWS\System32\WinBioPlugIns [MD5.558D9282D5CEA82B2253B88017552F33] - |A| - [18/03/2017 22:58:18] - (.-.) - [96 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WindowsDefaultHeatProcessor.dll [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [9339.55 Ko] - C:\WINDOWS\System32\WindowsPowerShell [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [137420 Ko] - C:\WINDOWS\System32\winevt [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [4753.58 Ko] - C:\WINDOWS\System32\WinMetadata [MD5.00000000000000000000000000000000] - |D| - [20/03/2017 07:10:27] - [107.53 Ko] - C:\WINDOWS\System32\winrm [MD5.00000000000000000000000000000000] - |HD| - [06/04/2017 09:44:32] - [0.05 Ko] - C:\WINDOWS\System32\WLANProfiles [MD5.C30C621748C66CE751B19B2788559A3E] - |A| - [18/03/2017 22:58:17] - (.-.) - [4.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpcmon.png [MD5.B6B479B04C64AF5EF36C24EBDF278302] - |A| - [18/03/2017 22:58:01] - (.-.) - [0.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpr.config.xml [MD5.549347BCD4AACD63243D78E8F869DBB1] - |A| - [17/07/2017 05:08:23] - (.Copyright © 2008 - OpenAL32.) - [455.52 Ko] - (2.2.0.5) - C:\WINDOWS\System32\wrap_oal.dll [MD5.19820EEC2D1A4D264F051B789F79D51A] - |A| - [08/06/2017 12:43:11] - (.-.) - [84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\xboxgipsynthetic.dll [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [208 Ko] - C:\WINDOWS\System32\zh-CN [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [3 Ko] - C:\WINDOWS\System32\zh-HK [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [203 Ko] - C:\WINDOWS\System32\zh-TW [MD5.00000000000000000000000000000000] - |D| - [20/03/2017 07:10:27] - [0 Ko] - C:\WINDOWS\SysWOW64\0409 [MD5.00000000000000000000000000000000] - |D| - [16/08/2017 12:28:05] - [99.2 Ko] - C:\WINDOWS\SysWOW64\1028 [MD5.00000000000000000000000000000000] - |D| - [16/08/2017 12:28:05] - [111.2 Ko] - C:\WINDOWS\SysWOW64\1029 [MD5.00000000000000000000000000000000] - |D| - [16/08/2017 12:28:05] - [112.7 Ko] - C:\WINDOWS\SysWOW64\1031 [MD5.00000000000000000000000000000000] - |D| - [16/08/2017 12:28:05] - [109.55 Ko] - C:\WINDOWS\SysWOW64\1033 [MD5.00000000000000000000000000000000] - |D| - [16/08/2017 12:28:05] - [113.7 Ko] - C:\WINDOWS\SysWOW64\1036 [MD5.00000000000000000000000000000000] - |D| - [16/08/2017 12:28:05] - [112.2 Ko] - C:\WINDOWS\SysWOW64\1040 [MD5.00000000000000000000000000000000] - |D| - [16/08/2017 12:28:05] - [103.2 Ko] - C:\WINDOWS\SysWOW64\1041 [MD5.00000000000000000000000000000000] - |D| - [16/08/2017 12:28:05] - [101.7 Ko] - C:\WINDOWS\SysWOW64\1042 [MD5.00000000000000000000000000000000] - |D| - [16/08/2017 12:28:05] - [113.7 Ko] - C:\WINDOWS\SysWOW64\1045 [MD5.00000000000000000000000000000000] - |D| - [16/08/2017 12:28:05] - [112.2 Ko] - C:\WINDOWS\SysWOW64\1046 [MD5.00000000000000000000000000000000] - |D| - [16/08/2017 12:28:05] - [112.2 Ko] - C:\WINDOWS\SysWOW64\1049 [MD5.00000000000000000000000000000000] - |D| - [16/08/2017 12:28:05] - [111.2 Ko] - C:\WINDOWS\SysWOW64\1055 [MD5.00000000000000000000000000000000] - |D| - [16/08/2017 12:28:05] - [98.05 Ko] - C:\WINDOWS\SysWOW64\2052 [MD5.00000000000000000000000000000000] - |D| - [16/08/2017 12:28:05] - [113.69 Ko] - C:\WINDOWS\SysWOW64\3082 [MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [18/03/2017 22:58:44] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@AudioToastIcon.png [MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [18/03/2017 22:58:54] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@EnrollmentToastIcon.png [MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [18/03/2017 22:58:51] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@VpnToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 13:40:24] - [1998.91 Ko] - C:\WINDOWS\SysWOW64\AdvancedInstallers [MD5.98851BABE0ADD4E79B86433151DD2AF1] - |A| - [03/08/2009 00:21:52] - (.-.) - [57.27 Ko] - (8.9.25.0) - C:\WINDOWS\SysWOW64\AgCPanelFrench.dll [MD5.143EC9C7D18154DBB0760C3FB653EF31] - |A| - [03/08/2009 00:21:52] - (.-.) - [57.27 Ko] - (8.9.26.0) - C:\WINDOWS\SysWOW64\AgCPanelGerman.dll [MD5.7F816BA97FE0CE01ACB51D9DDC0F188A] - |A| - [03/08/2009 00:21:54] - (.-.) - [57.27 Ko] - (8.9.25.0) - C:\WINDOWS\SysWOW64\AgCPanelJapanese.dll [MD5.D5BD2F5CE4CD83935B54C37E9CB47F22] - |A| - [03/08/2009 00:21:54] - (.-.) - [57.27 Ko] - (8.9.18.0) - C:\WINDOWS\SysWOW64\AgCPanelKorean.dll [MD5.905386712352370426133C0CE0E428A5] - |A| - [03/08/2009 00:21:54] - (.-.) - [57.27 Ko] - (8.9.25.0) - C:\WINDOWS\SysWOW64\AgCPanelPortugese.dll [MD5.FF6BCD4B9B2DEF42289341EB7C200599] - |A| - [03/08/2009 00:21:54] - (.-.) - [57.27 Ko] - (8.9.25.0) - C:\WINDOWS\SysWOW64\AgCPanelSimplifiedChinese.dll [MD5.2733F70228CCA6D0E3162CF5E1DD5716] - |A| - [03/08/2009 00:21:54] - (.-.) - [57.27 Ko] - (8.9.25.0) - C:\WINDOWS\SysWOW64\AgCPanelSpanish.dll [MD5.76AA46B94C490518412FBA431515EF9C] - |A| - [03/08/2009 00:21:54] - (.-.) - [57.27 Ko] - (8.9.25.0) - C:\WINDOWS\SysWOW64\AgCPanelSwedish.dll [MD5.3EB00E82E0A3339E0B31220628E3D49D] - |A| - [03/08/2009 00:21:54] - (.-.) - [57.27 Ko] - (8.9.25.0) - C:\WINDOWS\SysWOW64\AgCPanelTraditionalChinese.dll [MD5.00000000000000000000000000000000] - |D| - [08/07/2017 07:33:49] - [635.71 Ko] - C:\WINDOWS\SysWOW64\AGEIA [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\SysWOW64\AppLocker [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [255 Ko] - C:\WINDOWS\SysWOW64\ar-SA [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [234 Ko] - C:\WINDOWS\SysWOW64\bg-BG [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0.93 Ko] - C:\WINDOWS\SysWOW64\Bthprops [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\SysWOW64\catroot [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [314 Ko] - C:\WINDOWS\SysWOW64\Com [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [5993.12 Ko] - C:\WINDOWS\SysWOW64\config [MD5.00000000000000000000000000000000] - |SD| - [18/03/2017 23:03:29] - [51.27 Ko] - C:\WINDOWS\SysWOW64\Configuration [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [279.5 Ko] - C:\WINDOWS\SysWOW64\cs-CZ [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [275 Ko] - C:\WINDOWS\SysWOW64\da-DK [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [311 Ko] - C:\WINDOWS\SysWOW64\de-DE [MD5.00000000000000000000000000000000] - |SD| - [18/03/2017 23:03:29] - [201.5 Ko] - C:\WINDOWS\SysWOW64\DiagSvcs [MD5.00000000000000000000000000000000] - |D| - [08/07/2017 20:57:56] - [0 Ko] - C:\WINDOWS\SysWOW64\directx [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [5929.02 Ko] - C:\WINDOWS\SysWOW64\Dism [MD5.26B0F12F9A4C267AF5B2DA35F87A6EFA] - |A| - [15/07/2017 12:30:59] - (.-.) - [0.05 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\DOErrors.log [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [1077.55 Ko] - C:\WINDOWS\SysWOW64\downlevel [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [3413.93 Ko] - C:\WINDOWS\SysWOW64\drivers [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\SysWOW64\DriverStore [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [306.5 Ko] - C:\WINDOWS\SysWOW64\el-GR [MD5.00000000000000000000000000000000] - |D| - [20/03/2017 07:10:27] - [0 Ko] - C:\WINDOWS\SysWOW64\en [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [145 Ko] - C:\WINDOWS\SysWOW64\en-GB [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [1547.03 Ko] - C:\WINDOWS\SysWOW64\en-US [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [300 Ko] - C:\WINDOWS\SysWOW64\es-ES [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [244.5 Ko] - C:\WINDOWS\SysWOW64\es-MX [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [220 Ko] - C:\WINDOWS\SysWOW64\et-EE [MD5.00000000000000000000000000000000] - |SD| - [18/03/2017 23:03:29] - [24159.66 Ko] - C:\WINDOWS\SysWOW64\F12 [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [279.5 Ko] - C:\WINDOWS\SysWOW64\fi-FI [MD5.00000000000000000000000000000000] - |D| - [20/03/2017 07:10:27] - [3149 Ko] - C:\WINDOWS\SysWOW64\fr [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [250.5 Ko] - C:\WINDOWS\SysWOW64\fr-CA [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [37332.79 Ko] - C:\WINDOWS\SysWOW64\fr-FR [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\SysWOW64\FxsTmp [MD5.765D5E6337894482356936F1178D9FB2] - |A| - [06/04/2017 09:39:48] - (.-.) - [9.1 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\Gms.log [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\SysWOW64\GroupPolicy [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\SysWOW64\GroupPolicyUsers [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [243 Ko] - C:\WINDOWS\SysWOW64\he-IL [MD5.2927ADFC93821B344BA524BCF9889A51] - |A| - [18/03/2017 22:58:54] - (.-.) - [109.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\HeatCore.dll [MD5.24E1434E899B3EC4E3CD4CA56AA63BC6] - |A| - [18/03/2017 22:58:54] - (.-.) - [114.09 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\InputHost.dll [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [221.5 Ko] - C:\WINDOWS\SysWOW64\InputMethod [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [1160 Ko] - C:\WINDOWS\SysWOW64\InstallShield [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\SysWOW64\Ipmi [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [305 Ko] - C:\WINDOWS\SysWOW64\it-IT [MD5.83B77B03667AF77E0BA3E093EF4831F6] - |A| - [07/05/2017 23:23:22] - (.-.) - [0.65 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\nv-vk32.json [MD5.235355A8DD26903E75D5E812ECF50E53] - |A| - [17/07/2017 05:08:23] - (.Copyright (C) 2000-2006 - Standard OpenAL(TM) Implementation.) - [106.52 Ko] - (6.14.357.24) - C:\WINDOWS\SysWOW64\OpenAL32.dll [MD5.5E195B494FDF5BFC8690C6CEA1B1C52F] - |A| - [08/07/2017 17:05:28] - (.-.) - [1931.66 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\PerfStringBackup.INI [MD5.EE21928C80012525513D4D942248CA79] - |A| - [03/08/2009 00:21:54] - (.-.) - [193.27 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\physxcudart_20.dll [MD5.32C5FBD93A8BE38D8F7F49EA5FB427AD] - |A| - [03/08/2009 00:21:54] - (.Copyright (C) 2009 - NVIDIA PhysX Device Module.) - [22.77 Ko] - (9.7.30.0) - C:\WINDOWS\SysWOW64\PhysXDevice.dll [MD5.E674760495D0E72041778B61DA94C3AF] - |A| - [06/04/2017 09:39:12] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRCOM.DLL.) - [333.16 Ko] - (4.0.0.59) - C:\WINDOWS\SysWOW64\SRCOM.dll [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\SysWOW64\sru [MD5.1291A61F0F4A49E5F4C869E677F67C57] - |A| - [18/03/2017 22:58:39] - (.-.) - [300 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\ssdm.dll [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [276.5 Ko] - C:\WINDOWS\SysWOW64\sv-SE [MD5.00000000000000000000000000000000] - |D| - [20/03/2017 07:10:28] - [0 Ko] - C:\WINDOWS\SysWOW64\sysprep [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\SysWOW64\Tasks [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [215 Ko] - C:\WINDOWS\SysWOW64\th-TH [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [273.5 Ko] - C:\WINDOWS\SysWOW64\tr-TR [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [226.5 Ko] - C:\WINDOWS\SysWOW64\uk-UA [MD5.4F89AC14A299EEB1E23D1BACA381A89F] - |A| - [10/03/2017 23:17:28] - (.Copyright (C) 2015-2017 - Vulkan Loader.) - [513.28 Ko] - (1.0.42.1) - C:\WINDOWS\SysWOW64\vulkan-1-1-0-42-1.dll [MD5.4F89AC14A299EEB1E23D1BACA381A89F] - |A| - [08/07/2017 20:47:24] - (.Copyright (C) 2015-2017 - Vulkan Loader.) - [513.28 Ko] - (1.0.42.1) - C:\WINDOWS\SysWOW64\vulkan-1.dll [MD5.82695D42B9F6C2B9625A3E9D3C924B50] - |A| - [10/03/2017 23:17:20] - (.-.) - [228.28 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\vulkaninfo-1-1-0-42-1.exe [MD5.82695D42B9F6C2B9625A3E9D3C924B50] - |A| - [08/07/2017 20:47:24] - (.-.) - [228.28 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\vulkaninfo.exe [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [15599.16 Ko] - C:\WINDOWS\SysWOW64\wbem [MD5.00000000000000000000000000000000] - |D| - [20/03/2017 07:10:28] - [0 Ko] - C:\WINDOWS\SysWOW64\WCN [MD5.D676BC75BD566BC91BFEC3D4EDA42655] - |A| - [18/03/2017 22:58:54] - (.-.) - [84.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\WindowsDefaultHeatProcessor.dll [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [7507.12 Ko] - C:\WINDOWS\SysWOW64\WindowsPowerShell [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [4753.59 Ko] - C:\WINDOWS\SysWOW64\WinMetadata [MD5.00000000000000000000000000000000] - |D| - [20/03/2017 07:10:28] - [107.53 Ko] - C:\WINDOWS\SysWOW64\winrm [MD5.D494267BC169604FAC5E3679B9A97FED] - |A| - [17/07/2017 05:08:23] - (.Copyright © 2008 - OpenAL32.) - [434.52 Ko] - (2.2.0.5) - C:\WINDOWS\SysWOW64\wrap_oal.dll [MD5.B6F89F4C37052969C0E5A8CF47C103D5] - |A| - [08/06/2017 12:43:19] - (.-.) - [58.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\xboxgipsynthetic.dll [MD5.00000000000000000000000000000000] - |D| - [08/07/2017 17:51:52] - [10.16 Ko] - C:\WINDOWS\SysWOW64\XPSViewer [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [197.5 Ko] - C:\WINDOWS\SysWOW64\zh-CN [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\zh-HK [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [192 Ko] - C:\WINDOWS\SysWOW64\zh-TW ---------- | Shell Folders [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] "!Do not use this registry key"=Use the SHGetFolderPath or SHGetKnownFolderPath function instead "AppData"=C:\Users\camil\AppData\Roaming [08/07/2017 17:05:54] "Local AppData"=C:\Users\camil\AppData\Local [08/07/2017 17:05:54] "{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"=C:\Users\camil\AppData\Roaming\Microsoft\Windows\Libraries [07/07/2017 20:01:16] "My Video"=C:\Users\camil\Videos [07/07/2017 19:59:26] "My Pictures"=C:\Users\camil\Pictures [07/07/2017 19:59:26] "Desktop"=C:\Users\camil\Desktop [07/07/2017 19:59:26] "History"=C:\Users\camil\AppData\Local\Microsoft\Windows\History [07/07/2017 19:59:26] "NetHood"=C:\Users\camil\AppData\Roaming\Microsoft\Windows\Network Shortcuts [08/07/2017 17:05:54] "{56784854-C6CB-462B-8169-88E350ACB882}"=C:\Users\camil\Contacts [07/07/2017 20:01:16] "{00BCFC5A-ED94-4E48-96A1-3F6217F21990}"=C:\Users\camil\AppData\Local\Microsoft\Windows\RoamingTiles [07/07/2017 20:01:16] "Cookies"=C:\Users\camil\AppData\Local\Microsoft\Windows\INetCookies [07/07/2017 19:59:26] "Favorites"=C:\Users\camil\Favorites [07/07/2017 19:59:26] "SendTo"=C:\Users\camil\AppData\Roaming\Microsoft\Windows\SendTo [07/07/2017 19:59:26] "Start Menu"=C:\Users\camil\AppData\Roaming\Microsoft\Windows\Start Menu [07/07/2017 19:59:26] "My Music"=C:\Users\camil\Music [07/07/2017 19:59:26] "Programs"=C:\Users\camil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [07/07/2017 19:59:26] "Recent"=C:\Users\camil\AppData\Roaming\Microsoft\Windows\Recent [07/07/2017 19:59:26] "CD Burning"=C:\Users\camil\AppData\Local\Microsoft\Windows\Burn\Burn [08/07/2017 17:32:28] "PrintHood"=C:\Users\camil\AppData\Roaming\Microsoft\Windows\Printer Shortcuts [08/07/2017 17:05:54] "{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}"=C:\Users\camil\Searches [07/07/2017 20:01:17] "{374DE290-123F-4565-9164-39C4925E467B}"=C:\Users\camil\Downloads [07/07/2017 19:59:26] "{A520A1A4-1780-4FF6-BD18-167343C5AF16}"=C:\Users\camil\AppData\LocalLow [07/07/2017 19:59:27] "Startup"=C:\Users\camil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [07/07/2017 20:01:17] "Administrative Tools"=C:\Users\camil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [07/07/2017 20:01:17] "Personal"=C:\Users\camil\Documents [07/07/2017 19:59:26] "{BFB9D5E0-C6A9-404C-B2B2-AE6DB6AF4968}"=C:\Users\camil\Links [07/07/2017 19:59:26] "Cache"=C:\Users\camil\AppData\Local\Microsoft\Windows\INetCache [08/07/2017 17:05:54] "Templates"=C:\Users\camil\AppData\Roaming\Microsoft\Windows\Templates [08/07/2017 17:05:54] "{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}"=C:\Users\camil\Saved Games [07/07/2017 19:59:26] "Fonts"=C:\WINDOWS\Fonts [18/03/2017 23:03:29] [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders] "AppData"=%USERPROFILE%\AppData\Roaming "Cache"=%USERPROFILE%\AppData\Local\Microsoft\Windows\INetCache "Cookies"=%USERPROFILE%\AppData\Local\Microsoft\Windows\INetCookies "Desktop"=%USERPROFILE%\Desktop "Favorites"=%USERPROFILE%\Favorites "History"=%USERPROFILE%\AppData\Local\Microsoft\Windows\History "Local AppData"=%USERPROFILE%\AppData\Local "My Music"=%USERPROFILE%\Music "My Pictures"=%USERPROFILE%\Pictures "My Video"=%USERPROFILE%\Videos "NetHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Network Shortcuts "Personal"=C:\Users\camil\Documents [07/07/2017 19:59:26] "PrintHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Printer Shortcuts "Programs"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs "Recent"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Recent "SendTo"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\SendTo "Start Menu"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu "Startup"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup "Templates"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Templates "{374DE290-123F-4565-9164-39C4925E467B}"=%USERPROFILE%\Downloads "{339719B5-8C47-4894-94C2-D8F77ADD44A6}"=C:\Users\camil\OneDrive\Images "{767E6811-49CB-4273-87C2-20F355E1085B}"=C:\Users\camil\OneDrive\Images\Pellicule [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] "Common Administrative Tools"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [18/03/2017 23:03:29] "Common AppData"=C:\ProgramData [18/03/2017 23:03:29] "Common Desktop"=C:\Users\Public\Desktop [16/07/2016 13:47:48] "Common Documents"=C:\Users\Public\Documents [16/07/2016 13:47:48] "Common Programs"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs [18/03/2017 23:03:29] "Common Start Menu"=C:\ProgramData\Microsoft\Windows\Start Menu [18/03/2017 23:03:29] "Common Startup"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [18/03/2017 23:03:29] "Common Templates"=C:\ProgramData\Microsoft\Windows\Templates [16/07/2016 13:47:48] "CommonMusic"=C:\Users\Public\Music [16/07/2016 13:47:48] "CommonPictures"=C:\Users\Public\Pictures [16/07/2016 13:47:48] "CommonVideo"=C:\Users\Public\Videos [16/07/2016 13:47:48] "OEM Links"=C:\ProgramData\OEM\Links [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders] "Common AppData"=%ProgramData% "Common Desktop"=%PUBLIC%\Desktop "Common Documents"=%PUBLIC%\Documents "Common Programs"=%ProgramData%\Microsoft\Windows\Start Menu\Programs "Common Start Menu"=%ProgramData%\Microsoft\Windows\Start Menu "Common Startup"=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup "Common Templates"=%ProgramData%\Microsoft\Windows\Templates "CommonMusic"=%PUBLIC%\Music "CommonPictures"=%PUBLIC%\Pictures "CommonVideo"=%PUBLIC%\Videos "{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"=%PUBLIC%\Downloads [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] "Common Administrative Tools"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [18/03/2017 23:03:29] "Common AppData"=C:\ProgramData [18/03/2017 23:03:29] "Common Desktop"=C:\Users\Public\Desktop [16/07/2016 13:47:48] "Common Documents"=C:\Users\Public\Documents [16/07/2016 13:47:48] "Common Programs"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs [18/03/2017 23:03:29] "Common Start Menu"=C:\ProgramData\Microsoft\Windows\Start Menu [18/03/2017 23:03:29] "Common Startup"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [18/03/2017 23:03:29] "Common Templates"=C:\ProgramData\Microsoft\Windows\Templates [16/07/2016 13:47:48] "CommonMusic"=C:\Users\Public\Music [16/07/2016 13:47:48] "CommonPictures"=C:\Users\Public\Pictures [16/07/2016 13:47:48] "CommonVideo"=C:\Users\Public\Videos [16/07/2016 13:47:48] "OEM Links"=C:\ProgramData\OEM\Links [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders] "Common AppData"=%ProgramData% "Common Desktop"=%PUBLIC%\Desktop "Common Documents"=%PUBLIC%\Documents "Common Programs"=%ProgramData%\Microsoft\Windows\Start Menu\Programs "Common Start Menu"=%ProgramData%\Microsoft\Windows\Start Menu "Common Startup"=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup "Common Templates"=%ProgramData%\Microsoft\Windows\Templates "CommonMusic"=%PUBLIC%\Music "CommonPictures"=%PUBLIC%\Pictures "CommonVideo"=%PUBLIC%\Videos "{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"=%PUBLIC%\Downloads ---------- | [camil] [08/07/2017 17:05:54] - |D| - [11581242494] - C:\Users\camil\AppData\Local [07/07/2017 19:59:27] - |D| - [216848721] - C:\Users\camil\AppData\LocalLow [08/07/2017 17:05:54] - |D| - [390741965] - C:\Users\camil\AppData\Roaming [16/08/2017 11:44:29] - |D| - [26586] - C:\Users\camil\AppData\Local\.IdentityService [08/07/2017 13:00:17] - |D| - [828684] - C:\Users\camil\AppData\Local\2K Games [17/07/2017 17:53:07] - |D| - [102400] - C:\Users\camil\AppData\Local\4kdownload.com [07/07/2017 21:09:55] - |D| - [17271805] - C:\Users\camil\AppData\Local\Adobe [01/08/2017 19:06:04] - |D| - [82] - C:\Users\camil\AppData\Local\Aimersoft [19/07/2017 12:15:38] - |D| - [175787785] - C:\Users\camil\AppData\Local\Amazon [08/07/2017 12:47:56] - |D| - [2936351] - C:\Users\camil\AppData\Local\Anuman Interactive [01/08/2017 13:13:17] - |D| - [0] - C:\Users\camil\AppData\Local\Apple [01/08/2017 13:19:45] - |D| - [0] - C:\Users\camil\AppData\Local\Apple Computer [08/07/2017 17:05:54] - |SHD| - [131431767723] - C:\Users\camil\AppData\Local\Application Data [19/07/2017 17:27:37] - |D| - [241756188] - C:\Users\camil\AppData\Local\Apps [24/07/2017 19:29:29] - |D| - [8289] - C:\Users\camil\AppData\Local\Beatpad [07/07/2017 20:48:58] - |D| - [0] - C:\Users\camil\AppData\Local\CEF [16/07/2017 18:05:33] - |D| - [40] - C:\Users\camil\AppData\Local\Chromium [03/08/2017 12:47:39] - |D| - [5396] - C:\Users\camil\AppData\Local\CircaInfinity [30/07/2017 08:09:14] - |D| - [25334] - C:\Users\camil\AppData\Local\Citadel [16/07/2017 12:23:58] - |AD| - [1343349] - C:\Users\camil\AppData\Local\Clavier+ [07/07/2017 20:03:00] - |D| - [46112141] - C:\Users\camil\AppData\Local\Comms [07/07/2017 20:00:59] - |D| - [1144221] - C:\Users\camil\AppData\Local\ConnectedDevicesPlatform [17/07/2017 14:49:38] - |D| - [0] - C:\Users\camil\AppData\Local\Corona Labs [07/07/2017 20:12:14] - |D| - [0] - C:\Users\camil\AppData\Local\CrashDumps [01/08/2017 15:58:24] - |D| - [1448456] - C:\Users\camil\AppData\Local\CyberLink [16/07/2017 17:23:44] - |D| - [766] - C:\Users\camil\AppData\Local\David_2_25_2014_FINAL_nogmech [08/07/2017 18:50:49] - |D| - [0] - C:\Users\camil\AppData\Local\DBG [22/07/2017 18:54:13] - |A| - [3584] - C:\Users\camil\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [19/07/2017 17:27:36] - |D| - [0] - C:\Users\camil\AppData\Local\Deployment [01/08/2017 16:10:04] - |D| - [2502] - C:\Users\camil\AppData\Local\Disc_Soft_Ltd [24/07/2017 19:27:05] - |D| - [50196992] - C:\Users\camil\AppData\Local\Downloaded Installations [17/07/2017 15:07:11] - |D| - [2458624] - C:\Users\camil\AppData\Local\drmingw [07/07/2017 20:02:11] - |D| - [2488] - C:\Users\camil\AppData\Local\DropboxOEM [24/07/2017 20:54:37] - |D| - [1061] - C:\Users\camil\AppData\Local\Freelang [12/07/2017 15:28:00] - |D| - [3804] - C:\Users\camil\AppData\Local\GeometryDash [16/07/2017 12:20:50] - |D| - [39870333] - C:\Users\camil\AppData\Local\Google [07/07/2017 20:11:28] - |D| - [9212] - C:\Users\camil\AppData\Local\Hewlett-Packard [08/07/2017 17:05:54] - |SHD| - [130] - C:\Users\camil\AppData\Local\Historique [18/07/2017 10:36:10] - |D| - [86173] - C:\Users\camil\AppData\Local\HP [15/07/2017 12:34:55] - |D| - [5745] - C:\Users\camil\AppData\Local\HP_Development_Company,_L [23/08/2017 09:45:47] - |AH| - [57764] - C:\Users\camil\AppData\Local\IconCache.db [01/08/2017 18:51:42] - |D| - [25849399] - C:\Users\camil\AppData\Local\JDownloader v2.0 [01/08/2017 19:06:27] - |D| - [656] - C:\Users\camil\AppData\Local\Keepvid [17/07/2017 13:55:15] - |D| - [31492] - C:\Users\camil\AppData\Local\Kholat [07/07/2017 21:12:50] - |D| - [0] - C:\Users\camil\AppData\Local\Macromedia [08/07/2017 17:05:54] - |D| - [296045085] - C:\Users\camil\AppData\Local\Microsoft [07/07/2017 20:11:35] - |D| - [79107] - C:\Users\camil\AppData\Local\MicrosoftEdge [07/07/2017 20:29:42] - |D| - [374892413] - C:\Users\camil\AppData\Local\Mozilla [18/07/2017 20:00:14] - |D| - [70] - C:\Users\camil\AppData\Local\Neon_Warp_Demo [17/07/2017 17:23:48] - |D| - [77185466] - C:\Users\camil\AppData\Local\NetBeans [07/07/2017 20:03:28] - |D| - [0] - C:\Users\camil\AppData\Local\NetworkTiles [07/07/2017 20:01:02] - |D| - [80925917] - C:\Users\camil\AppData\Local\NVIDIA [07/07/2017 20:02:05] - |D| - [9597] - C:\Users\camil\AppData\Local\NVIDIA Corporation [26/07/2017 08:26:42] - |D| - [1167686] - C:\Users\camil\AppData\Local\Ori and the Blind Forest DE [29/07/2017 12:49:03] - |D| - [23852680] - C:\Users\camil\AppData\Local\Package Cache [07/07/2017 20:01:03] - |D| - [409628372] - C:\Users\camil\AppData\Local\Packages [07/07/2017 20:01:40] - |D| - [6338] - C:\Users\camil\AppData\Local\PackageStaging [16/07/2017 18:05:34] - |D| - [12586907] - C:\Users\camil\AppData\Local\PIGMENTUM [29/07/2017 12:12:23] - |D| - [100431] - C:\Users\camil\AppData\Local\pip [31/07/2017 08:51:05] - |D| - [331] - C:\Users\camil\AppData\Local\Pixel_Puzzles_Ultimate [08/07/2017 12:16:57] - |D| - [365656908] - C:\Users\camil\AppData\Local\Programs [07/07/2017 20:01:40] - |D| - [293917] - C:\Users\camil\AppData\Local\Publishers [29/07/2017 12:36:08] - |D| - [587728] - C:\Users\camil\AppData\Local\QtProject [18/07/2017 21:06:05] - |D| - [16753] - C:\Users\camil\AppData\Local\Refunct [31/07/2017 21:47:06] - |D| - [71674] - C:\Users\camil\AppData\Local\RT_RW [19/07/2017 17:16:02] - |D| - [32] - C:\Users\camil\AppData\Local\ServiceHub [21/07/2017 16:42:54] - |D| - [940] - C:\Users\camil\AppData\Local\speech [01/08/2017 13:14:01] - |D| - [7360088725] - C:\Users\camil\AppData\Local\Spotify [07/07/2017 20:48:57] - |D| - [16777771] - C:\Users\camil\AppData\Local\Steam [08/07/2017 12:50:26] - |D| - [1477821836] - C:\Users\camil\AppData\Local\Subject_A119 [21/07/2017 10:08:21] - |D| - [1504557] - C:\Users\camil\AppData\Local\Sublime Text 3 [08/07/2017 17:05:54] - |AD| - [408908233] - C:\Users\camil\AppData\Local\Temp [08/07/2017 17:05:54] - |SHD| - [10166372] - C:\Users\camil\AppData\Local\Temporary Internet Files [07/07/2017 21:49:45] - |D| - [2279] - C:\Users\camil\AppData\Local\Threefold [07/07/2017 20:01:01] - |D| - [16539648] - C:\Users\camil\AppData\Local\TileDataLayer [12/07/2017 09:51:10] - |D| - [3040] - C:\Users\camil\AppData\Local\Two Tribes [19/07/2017 18:14:10] - |D| - [510533] - C:\Users\camil\AppData\Local\Unity [08/07/2017 01:12:50] - |D| - [0] - C:\Users\camil\AppData\Local\UNP [08/07/2017 12:50:26] - |D| - [81] - C:\Users\camil\AppData\Local\UnrealEngine [07/07/2017 20:01:07] - |D| - [48701257] - C:\Users\camil\AppData\Local\VirtualStore [11/07/2017 16:47:43] - |D| - [2106515] - C:\Users\camil\AppData\LocalLow\Adobe [01/08/2017 13:12:53] - |D| - [898] - C:\Users\camil\AppData\LocalLow\Apple Computer [14/08/2017 19:41:27] - |D| - [8799] - C:\Users\camil\AppData\LocalLow\CakeCollective [19/07/2017 18:23:36] - |D| - [23] - C:\Users\camil\AppData\LocalLow\DefaultCompany [15/08/2017 09:56:39] - |D| - [712] - C:\Users\camil\AppData\LocalLow\Dinosaur Polo Club [17/07/2017 07:36:19] - |D| - [5770] - C:\Users\camil\AppData\LocalLow\Just1337Studio [13/07/2017 12:53:41] - |D| - [656] - C:\Users\camil\AppData\LocalLow\KHB-Soft [18/07/2017 21:50:57] - |D| - [20272] - C:\Users\camil\AppData\LocalLow\KittehFace Software [31/07/2017 21:37:05] - |D| - [63212] - C:\Users\camil\AppData\LocalLow\Lince Works [07/07/2017 20:01:04] - |SD| - [555622] - C:\Users\camil\AppData\LocalLow\Microsoft [11/07/2017 09:47:55] - |D| - [19334] - C:\Users\camil\AppData\LocalLow\Monkeybin [07/07/2017 20:30:08] - |D| - [0] - C:\Users\camil\AppData\LocalLow\Mozilla [23/07/2017 08:09:14] - |D| - [1149] - C:\Users\camil\AppData\LocalLow\Noclip [17/07/2017 16:13:12] - |D| - [205990298] - C:\Users\camil\AppData\LocalLow\Oracle [08/07/2017 10:29:14] - |D| - [143] - C:\Users\camil\AppData\LocalLow\Pinkapp [22/07/2017 20:21:15] - |D| - [55299] - C:\Users\camil\AppData\LocalLow\Sergej110 [08/07/2017 10:22:37] - |D| - [95427] - C:\Users\camil\AppData\LocalLow\Sun [27/07/2017 17:27:30] - |D| - [0] - C:\Users\camil\AppData\LocalLow\Temp [17/07/2017 17:56:09] - |D| - [0] - C:\Users\camil\AppData\LocalLow\Thomas Bowker [27/07/2017 20:50:34] - |D| - [0] - C:\Users\camil\AppData\LocalLow\Three Flip Studios [07/07/2017 21:46:09] - |D| - [64505] - C:\Users\camil\AppData\LocalLow\Tomlab Games [19/07/2017 18:14:13] - |D| - [7778167] - C:\Users\camil\AppData\LocalLow\Unity [08/07/2017 14:07:39] - |D| - [81920] - C:\Users\camil\AppData\LocalLow\uTorrent [07/07/2017 20:01:10] - |D| - [1998815] - C:\Users\camil\AppData\Roaming\Adobe [02/08/2017 08:27:47] - |D| - [29481] - C:\Users\camil\AppData\Roaming\Apple Computer [11/07/2017 14:28:29] - |D| - [19293] - C:\Users\camil\AppData\Roaming\Audacity [08/07/2017 11:42:48] - |D| - [850748] - C:\Users\camil\AppData\Roaming\Blameless [02/08/2017 17:31:13] - |D| - [191] - C:\Users\camil\AppData\Roaming\Burnaware [17/07/2017 14:36:57] - |D| - [139870] - C:\Users\camil\AppData\Roaming\CodeBlocks [11/07/2017 21:00:33] - |D| - [539] - C:\Users\camil\AppData\Roaming\com.gamebrain.voi [19/07/2017 10:22:51] - |D| - [2947] - C:\Users\camil\AppData\Roaming\com.stateofplaygames.steam.kami [17/07/2017 14:49:38] - |D| - [0] - C:\Users\camil\AppData\Roaming\Corona Labs [25/07/2017 14:34:59] - |D| - [0] - C:\Users\camil\AppData\Roaming\Crystal Dynamics [01/08/2017 15:58:24] - |D| - [0] - C:\Users\camil\AppData\Roaming\CyberLink [01/08/2017 16:03:58] - |D| - [15723] - C:\Users\camil\AppData\Roaming\DAEMON Tools Lite [23/08/2017 18:31:36] - |D| - [7261] - C:\Users\camil\AppData\Roaming\dclogs [07/07/2017 20:02:23] - |D| - [82538953] - C:\Users\camil\AppData\Roaming\DropboxOEM [01/08/2017 15:56:51] - |D| - [203] - C:\Users\camil\AppData\Roaming\dvdcss [29/07/2017 12:54:25] - |D| - [10660] - C:\Users\camil\AppData\Roaming\Eric6 [08/07/2017 12:17:45] - |D| - [92498] - C:\Users\camil\AppData\Roaming\FEZ [12/07/2017 18:08:51] - |D| - [0] - C:\Users\camil\AppData\Roaming\GameSave Manager 3 [07/07/2017 20:05:06] - |D| - [0] - C:\Users\camil\AppData\Roaming\Hewlett-Packard [14/08/2017 19:37:54] - |D| - [979228] - C:\Users\camil\AppData\Roaming\Highresolution Enterprises [14/07/2017 15:15:19] - |D| - [9] - C:\Users\camil\AppData\Roaming\Hive Cluster [07/07/2017 20:02:32] - |D| - [147688] - C:\Users\camil\AppData\Roaming\HP [07/07/2017 20:11:28] - |D| - [3] - C:\Users\camil\AppData\Roaming\hpqLog [15/07/2017 08:13:54] - |D| - [2069] - C:\Users\camil\AppData\Roaming\HpUpdate [07/07/2017 20:00:59] - |D| - [1164] - C:\Users\camil\AppData\Roaming\Intel [01/08/2017 19:05:52] - |D| - [0] - C:\Users\camil\AppData\Roaming\KeepVid [24/07/2017 21:00:36] - |D| - [110737] - C:\Users\camil\AppData\Roaming\langmaster.com [14/07/2017 18:27:39] - |D| - [8000541] - C:\Users\camil\AppData\Roaming\LibreOffice [07/07/2017 20:03:57] - |D| - [1688] - C:\Users\camil\AppData\Roaming\Macromedia [08/07/2017 17:05:54] - |SD| - [3633737] - C:\Users\camil\AppData\Roaming\Microsoft [16/08/2017 11:49:30] - |D| - [0] - C:\Users\camil\AppData\Roaming\Microsoft FxCop [07/07/2017 20:29:42] - |D| - [85599185] - C:\Users\camil\AppData\Roaming\Mozilla [17/07/2017 17:23:48] - |D| - [1031638] - C:\Users\camil\AppData\Roaming\NetBeans [15/07/2017 12:47:02] - |D| - [2429889] - C:\Users\camil\AppData\Roaming\Notepad++ [08/07/2017 12:18:03] - |D| - [2424837] - C:\Users\camil\AppData\Roaming\NVIDIA [08/07/2017 07:07:27] - |D| - [2303345] - C:\Users\camil\AppData\Roaming\obs-studio [16/07/2017 16:59:50] - |D| - [0] - C:\Users\camil\AppData\Roaming\PDAppFlex [24/07/2017 12:53:54] - |D| - [1963] - C:\Users\camil\AppData\Roaming\PhotoFiltre 7 [29/07/2017 12:35:54] - |D| - [77074] - C:\Users\camil\AppData\Roaming\QtProject [21/08/2017 18:14:22] - |D| - [0] - C:\Users\camil\AppData\Roaming\RapidTyping 5 [08/07/2017 20:15:19] - |D| - [76] - C:\Users\camil\AppData\Roaming\Skype [08/07/2017 12:47:56] - |D| - [1242934] - C:\Users\camil\AppData\Roaming\SmartSteamEmu [01/08/2017 13:07:05] - |D| - [163953955] - C:\Users\camil\AppData\Roaming\Spotify [11/07/2017 09:45:30] - |D| - [2259] - C:\Users\camil\AppData\Roaming\Starwind [16/07/2017 17:57:19] - |D| - [1603] - C:\Users\camil\AppData\Roaming\Steam [21/07/2017 10:08:21] - |D| - [5540922] - C:\Users\camil\AppData\Roaming\Sublime Text 3 [08/07/2017 10:22:20] - |D| - [0] - C:\Users\camil\AppData\Roaming\Sun [16/07/2017 21:29:26] - |D| - [0] - C:\Users\camil\AppData\Roaming\temp [07/08/2017 18:35:38] - |D| - [338844] - C:\Users\camil\AppData\Roaming\The Witness [08/07/2017 07:40:14] - |D| - [180126] - C:\Users\camil\AppData\Roaming\Ubisoft [19/07/2017 18:14:02] - |D| - [15736677] - C:\Users\camil\AppData\Roaming\Unity [07/07/2017 21:28:11] - |D| - [10463056] - C:\Users\camil\AppData\Roaming\uTorrent [19/07/2017 17:16:01] - |D| - [557575] - C:\Users\camil\AppData\Roaming\Visual Studio Setup [08/07/2017 09:41:06] - |D| - [261173] - C:\Users\camil\AppData\Roaming\vlc [19/07/2017 17:16:02] - |D| - [66] - C:\Users\camil\AppData\Roaming\vstelemetry [07/07/2017 20:40:49] - |D| - [10811] - C:\Users\camil\AppData\Roaming\WinAuth [31/07/2017 08:02:27] - |D| - [4] - C:\Users\camil\AppData\Roaming\WMM [07/07/2017 20:01:16] - |ASH| - [174] - C:\Users\camil\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini [17/07/2017 17:32:57] - |A| - [910] - C:\Users\camil\AppData\Roaming\Microsoft\Windows\Start Menu\MinGW Installation Manager.lnk [08/07/2017 17:05:54] - |SHD| - [75996] - C:\Users\camil\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes [07/07/2017 19:59:26] - |RD| - [75996] - C:\Users\camil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [07/07/2017 21:31:13] - |A| - [2691] - C:\Users\camil\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk [08/07/2017 17:05:54] - |RD| - [3888] - C:\Users\camil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility [08/07/2017 17:05:54] - |RD| - [3048] - C:\Users\camil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [07/07/2017 20:01:17] - |RD| - [174] - C:\Users\camil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [20/07/2017 21:26:38] - |D| - [4761] - C:\Users\camil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon [11/07/2017 13:40:55] - |A| - [1065] - C:\Users\camil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Audio Router.lnk [15/08/2017 19:57:40] - |D| - [6113] - C:\Users\camil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CodeBlocks [15/07/2017 13:18:23] - |D| - [3374] - C:\Users\camil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DeskPins [08/07/2017 17:31:02] - |ASH| - [174] - C:\Users\camil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini [09/07/2017 13:08:19] - |A| - [1098] - C:\Users\camil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FCPrimal.lnk [19/07/2017 18:17:37] - |D| - [483] - C:\Users\camil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\fleex SAS [12/07/2017 11:00:44] - |A| - [1058] - C:\Users\camil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fonctionnalités optionnelles.lnk [08/07/2017 17:05:54] - |D| - [170] - C:\Users\camil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [19/07/2017 18:13:52] - |D| - [3067] - C:\Users\camil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2017 Tools for Unity [08/07/2017 07:11:09] - |D| - [4720] - C:\Users\camil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PhotoFiltre 7 [29/07/2017 12:49:05] - |D| - [7929] - C:\Users\camil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.5 [29/07/2017 09:35:48] - |D| - [5709] - C:\Users\camil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qt [01/08/2017 13:14:01] - |A| - [1889] - C:\Users\camil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk [23/07/2017 08:27:34] - |A| - [2126] - C:\Users\camil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SSVOpenHexagon.lnk [07/07/2017 20:01:17] - |RD| - [1297] - C:\Users\camil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [30/07/2017 20:36:18] - |D| - [9979] - C:\Users\camil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Subtitle Workshop [08/07/2017 17:05:54] - |RD| - [3496] - C:\Users\camil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools [22/07/2017 18:40:30] - |D| - [2357] - C:\Users\camil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The GodFather [07/07/2017 20:42:31] - |A| - [783] - C:\Users\camil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinAuth.lnk [08/07/2017 17:05:54] - |RD| - [7238] - C:\Users\camil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell [15/07/2017 13:18:23] - |A| - [1123] - C:\Users\camil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DeskPins.lnk [07/07/2017 20:01:17] - |ASH| - [174] - C:\Users\camil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | [Public] ---------- | C:\ProgramData [11/07/2017 16:00:04] - |D| - [549956498] - C:\ProgramData\Adobe [01/08/2017 19:06:28] - |D| - [0] - C:\ProgramData\Aimersoft [06/04/2017 08:06:40] - |D| - [26497536] - C:\ProgramData\Apple [01/08/2017 13:14:11] - |D| - [28397568] - C:\ProgramData\Apple Computer [08/07/2017 17:19:28] - |SHD| - [40366840153] - C:\ProgramData\Application Data [07/07/2017 17:45:16] - |SHD| - [5630] - C:\ProgramData\Bureau [16/07/2016 13:47:48] - |D| - [0] - C:\ProgramData\Comms [06/04/2017 09:49:32] - |D| - [235429] - C:\ProgramData\CyberLink [01/08/2017 16:03:39] - |D| - [3396] - C:\ProgramData\DAEMON Tools Lite [17/07/2017 14:39:47] - |D| - [0] - C:\ProgramData\dbg [08/07/2017 17:19:28] - |SHD| - [742611693] - C:\ProgramData\Documents [06/04/2017 08:08:30] - |D| - [4210612] - C:\ProgramData\Dropbox [06/04/2017 08:05:43] - |D| - [5974404] - C:\ProgramData\Hewlett-Packard [06/04/2017 08:05:43] - |AD| - [18301624] - C:\ProgramData\HP [15/07/2017 08:13:35] - |AD| - [8988] - C:\ProgramData\HP Product Assistant [15/07/2017 08:11:21] - |A| - [2208] - C:\ProgramData\hpzinstall.log [06/04/2017 09:48:30] - |D| - [2064142] - C:\ProgramData\install_backup [06/04/2017 09:48:30] - |D| - [586716] - C:\ProgramData\install_clap [06/04/2017 09:39:37] - |D| - [52011634] - C:\ProgramData\Intel [06/04/2017 09:51:36] - |D| - [23] - C:\ProgramData\Intel Security [01/08/2017 19:05:26] - |D| - [7780] - C:\ProgramData\KeepVid [23/08/2017 11:23:19] - |D| - [127760053] - C:\ProgramData\Malwarebytes [06/04/2017 09:50:21] - |D| - [40461799] - C:\ProgramData\McAfee [07/07/2017 17:45:17] - |SHD| - [4020535] - C:\ProgramData\Menu Démarrer [18/03/2017 23:03:29] - |SD| - [2132207496] - C:\ProgramData\Microsoft [08/07/2017 17:32:41] - |D| - [25] - C:\ProgramData\Microsoft OneDrive [07/07/2017 17:45:17] - |SHD| - [0] - C:\ProgramData\Modèles [06/04/2017 09:41:26] - |D| - [2573127] - C:\ProgramData\NVIDIA [08/07/2017 17:04:56] - |D| - [517113224] - C:\ProgramData\NVIDIA Corporation [08/07/2017 10:22:06] - |D| - [72304904] - C:\ProgramData\Oracle [06/04/2017 08:06:35] - |D| - [402582221] - C:\ProgramData\Package Cache [21/08/2017 18:08:13] - |D| - [1861570] - C:\ProgramData\RapidTyping 5 [14/07/2017 18:55:12] - |D| - [1694] - C:\ProgramData\regid.1986-12.com.adobe [18/03/2017 23:03:29] - |AD| - [5302] - C:\ProgramData\regid.1991-06.com.microsoft [06/04/2017 09:44:16] - |D| - [0] - C:\ProgramData\Roaming [18/03/2017 23:03:29] - |D| - [0] - C:\ProgramData\SoftwareDistribution [08/07/2017 12:17:53] - |D| - [93384] - C:\ProgramData\Steam [06/04/2017 08:08:10] - |D| - [2533] - C:\ProgramData\SteelSeries [06/04/2017 09:48:30] - |D| - [38184] - C:\ProgramData\SUPPORTDIR [06/04/2017 09:48:34] - |AD| - [0] - C:\ProgramData\Temp [08/07/2017 07:40:14] - |D| - [0] - C:\ProgramData\Ubisoft [19/07/2017 18:14:12] - |D| - [9472] - C:\ProgramData\Unity [18/03/2017 23:03:29] - |D| - [8241] - C:\ProgramData\USOPrivate [08/07/2017 17:21:40] - |D| - [1470464] - C:\ProgramData\USOShared [15/07/2017 08:19:57] - |D| - [206] - C:\ProgramData\WEBREG [20/03/2017 07:11:49] - |D| - [0] - C:\ProgramData\WindowsHolographicDevices [01/08/2017 19:11:15] - |D| - [89383] - C:\ProgramData\wondershare ---------- | C:\ProgramData\Microsoft\Windows\Start Menu [15/07/2017 08:13:34] - |A| - [1499] - C:\ProgramData\Microsoft\Windows\Start Menu\Centre de solutions HP.lnk [18/03/2017 23:03:33] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini [06/04/2017 08:06:43] - |A| - [2682] - C:\ProgramData\Microsoft\Windows\Start Menu\HP ePrint SW.lnk [07/07/2017 17:45:17] - |SHD| - [4016180] - C:\ProgramData\Microsoft\Windows\Start Menu\Programmes [18/03/2017 23:03:29] - |RD| - [4016180] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs [17/07/2017 17:52:31] - |D| - [1362] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4K Download [08/07/2017 07:23:35] - |D| - [1571] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [18/03/2017 23:03:29] - |RD| - [1614] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility [18/03/2017 23:03:29] - |RD| - [14299] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories [27/07/2017 12:39:41] - |A| - [2457] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk [18/03/2017 23:03:29] - |RD| - [20488] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [14/07/2017 18:54:47] - |A| - [2133] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk [14/07/2017 18:54:47] - |A| - [2469] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk [14/07/2017 18:54:47] - |A| - [2294] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk [08/07/2017 15:41:35] - |D| - [1187] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 [01/08/2017 13:13:17] - |A| - [2535] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [31/07/2017 21:36:29] - |D| - [2513] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aragami [GOG.com] [07/07/2017 20:03:19] - |A| - [824] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Assistant Mise à niveau de Windows 10.lnk [11/07/2017 10:34:47] - |A| - [1099] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk [16/07/2017 12:27:54] - |D| - [7566] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google [16/07/2017 12:23:58] - |D| - [2585] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Clavier+ [17/07/2017 14:36:07] - |D| - [1189] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodeBlocks [17/07/2017 14:48:53] - |D| - [6674] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corona [06/04/2017 09:49:35] - |A| - [2376] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Power Media Player 14.lnk [17/07/2017 20:16:10] - |D| - [1345] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cygwin [01/08/2017 16:03:58] - |D| - [951] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite [12/07/2017 12:56:24] - |A| - [3744389] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DeezerDownloader3.2.3.jar [18/03/2017 23:03:33] - |ASH| - [1068] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini [06/04/2017 08:08:29] - |A| - [2136] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 25 GB.lnk [08/07/2017 17:04:36] - |A| - [1851] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DTS Audio Control.lnk [06/04/2017 08:09:47] - |A| - [2455] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk [08/07/2017 18:57:25] - |D| - [2212] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games [24/07/2017 20:24:29] - |A| - [2277] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk [15/07/2017 08:12:37] - |D| - [17399] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP [06/04/2017 08:08:27] - |A| - [2127] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Audio Switch.lnk [06/04/2017 08:06:01] - |RD| - [7133] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support [18/03/2017 22:59:54] - |RAS| - [2349] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk [06/04/2017 09:40:38] - |D| - [1453] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel [08/07/2017 10:22:16] - |D| - [6907] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java [17/07/2017 16:13:39] - |D| - [2351] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit [08/07/2017 07:18:14] - |D| - [8213] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.2 [18/03/2017 23:03:29] - |D| - [170] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance [23/08/2017 11:23:27] - |D| - [3482] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes [06/04/2017 08:09:47] - |D| - [5105] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools [31/07/2017 18:42:18] - |D| - [2309] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [18/03/2017 22:57:42] - |RAS| - [2219] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiracastView.lnk [31/07/2017 08:01:58] - |A| - [1385] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk [07/07/2017 20:29:39] - |A| - [1239] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [25/07/2017 13:42:02] - |D| - [2434] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MS200 GAMING MOUSE [17/07/2017 16:17:49] - |D| - [2119] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetBeans [15/07/2017 12:47:04] - |D| - [890] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++ [06/04/2017 09:41:47] - |D| - [3335] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [07/07/2017 21:26:41] - |D| - [3797] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio [06/04/2017 08:07:51] - |A| - [1237] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OMEN Control.lnk [06/04/2017 08:09:47] - |A| - [2435] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk [31/07/2017 08:02:01] - |A| - [1454] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk [12/07/2017 14:17:54] - |D| - [9019] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pong [06/04/2017 08:09:47] - |A| - [2492] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk [18/03/2017 22:58:04] - |RAS| - [2199] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintDialog.lnk [29/07/2017 12:51:15] - |D| - [15000] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PyQt GPL v5.6 for Python v3.5 (x64) [01/08/2017 13:14:15] - |D| - [6806] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [21/08/2017 18:07:42] - |D| - [3584] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RapidTyping 5 [25/07/2017 13:23:03] - |D| - [3056] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rise Of The Tomb Raider 20 Years Celebration [18/03/2017 23:03:29] - |RD| - [2357] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [07/07/2017 20:36:30] - |D| - [1119] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [06/04/2017 08:08:24] - |D| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SteelSeries [18/03/2017 23:03:29] - |RD| - [1458] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools [19/07/2017 15:38:24] - |D| - [3221] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity 2017.1.0f3 (64-bit) [07/07/2017 21:05:02] - |D| - [7254] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [11/07/2017 13:40:14] - |D| - [9376] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Audio Cable [19/07/2017 17:53:03] - |D| - [12578] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017 [19/07/2017 17:30:21] - |A| - [1806] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017.lnk [19/07/2017 17:16:05] - |A| - [1366] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Installer.lnk [16/08/2017 12:48:43] - |D| - [9446] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits [08/07/2017 17:09:53] - |A| - [1519] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk [31/07/2017 08:01:40] - |D| - [2570] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker [06/04/2017 08:09:47] - |A| - [2493] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [18/03/2017 23:03:33] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini [15/07/2017 08:13:10] - |A| - [2183] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ---------- | C:\Program Files (x86) [17/07/2017 17:52:27] - |D| - [107612734] - C:\Program Files (x86)\4KDownload [11/07/2017 16:00:38] - |D| - [2341067824] - C:\Program Files (x86)\Adobe [08/07/2017 15:41:08] - |AD| - [188687607] - C:\Program Files (x86)\Adobe Photoshop CS6 [08/07/2017 07:33:49] - |AD| - [123382454] - C:\Program Files (x86)\AGEIA Technologies [07/08/2017 14:08:56] - |AD| - [2743854] - C:\Program Files (x86)\Apple Software Update [11/07/2017 10:34:37] - |AD| - [52589549] - C:\Program Files (x86)\Audacity [06/04/2017 08:06:40] - |AD| - [631190] - C:\Program Files (x86)\Bonjour [15/08/2017 19:57:38] - |D| - [238762110] - C:\Program Files (x86)\CodeBlocks [18/03/2017 23:03:28] - |D| - [670359373] - C:\Program Files (x86)\Common Files [17/07/2017 14:48:53] - |D| - [200538260] - C:\Program Files (x86)\Corona Labs [06/04/2017 09:49:09] - |D| - [408728345] - C:\Program Files (x86)\CyberLink [15/07/2017 13:18:22] - |D| - [123551] - C:\Program Files (x86)\DeskPins [18/03/2017 23:03:33] - |ASH| - [174] - C:\Program Files (x86)\desktop.ini [06/04/2017 08:08:29] - |D| - [7451972] - C:\Program Files (x86)\Dropbox [16/07/2017 12:21:17] - |D| - [472680840] - C:\Program Files (x86)\Google [19/07/2017 15:38:46] - |D| - [71525866] - C:\Program Files (x86)\GtkSharp [06/04/2017 08:04:59] - |D| - [78802184] - C:\Program Files (x86)\Hewlett-Packard [06/04/2017 08:04:50] - |AD| - [250108267] - C:\Program Files (x86)\HP [06/04/2017 08:08:38] - |D| - [0] - C:\Program Files (x86)\HP Inc [06/04/2017 08:05:40] - |HD| - [45256615] - C:\Program Files (x86)\InstallShield Installation Information [06/04/2017 09:39:36] - |D| - [32645574] - C:\Program Files (x86)\Intel [18/03/2017 23:03:28] - |D| - [2017903] - C:\Program Files (x86)\Internet Explorer [08/07/2017 10:22:05] - |D| - [167658430] - C:\Program Files (x86)\Java [08/07/2017 07:17:54] - |AD| - [449334190] - C:\Program Files (x86)\LibreOffice 5 [06/04/2017 09:50:23] - |D| - [4006012] - C:\Program Files (x86)\McAfee [06/04/2017 08:09:16] - |AD| - [1934180916] - C:\Program Files (x86)\Microsoft Office [19/07/2017 17:53:20] - |D| - [24236117] - C:\Program Files (x86)\Microsoft SDKs [31/07/2017 18:41:48] - |D| - [42892246] - C:\Program Files (x86)\Microsoft Silverlight [16/08/2017 12:04:55] - |AD| - [2461021] - C:\Program Files (x86)\Microsoft SQL Server [31/07/2017 08:01:49] - |AD| - [1829877] - C:\Program Files (x86)\Microsoft SQL Server Compact Edition [19/07/2017 17:15:38] - |D| - [2457130083] - C:\Program Files (x86)\Microsoft Visual Studio [16/08/2017 12:04:55] - |D| - [3225655] - C:\Program Files (x86)\Microsoft Visual Studio 14.0 [19/07/2017 18:13:51] - |D| - [1042600] - C:\Program Files (x86)\Microsoft Visual Studio Tools for Unity [16/08/2017 12:04:47] - |D| - [50181] - C:\Program Files (x86)\Microsoft Web Tools [18/03/2017 23:03:28] - |D| - [8334607] - C:\Program Files (x86)\Microsoft.NET [07/07/2017 20:29:37] - |AD| - [94370827] - C:\Program Files (x86)\Mozilla Firefox [07/07/2017 20:29:39] - |D| - [453803] - C:\Program Files (x86)\Mozilla Maintenance Service [25/07/2017 13:42:00] - |AD| - [22346508] - C:\Program Files (x86)\MS200 GAMING MOUSE [08/07/2017 17:51:52] - |D| - [1005789] - C:\Program Files (x86)\MSBuild [06/04/2017 09:49:35] - |D| - [12112046] - C:\Program Files (x86)\NSIS Uninstall Information [08/07/2017 17:04:51] - |D| - [304305822] - C:\Program Files (x86)\NVIDIA Corporation [07/07/2017 21:26:12] - |D| - [388179484] - C:\Program Files (x86)\obs-studio [12/07/2017 14:17:54] - |D| - [4906894] - C:\Program Files (x86)\Oldgames [06/04/2017 08:06:11] - |RD| - [462472] - C:\Program Files (x86)\Online Services [17/07/2017 05:08:23] - |D| - [809496] - C:\Program Files (x86)\OpenAL [08/07/2017 07:11:07] - |D| - [8331623] - C:\Program Files (x86)\PhotoFiltre 7 [01/08/2017 13:14:11] - |AD| - [71555370] - C:\Program Files (x86)\QuickTime [06/04/2017 09:39:01] - |D| - [23846956] - C:\Program Files (x86)\Realtek [08/07/2017 17:51:52] - |D| - [157074794] - C:\Program Files (x86)\Reference Assemblies [07/07/2017 20:36:30] - |D| - [235271296018] - C:\Program Files (x86)\Steam [06/04/2017 09:39:00] - |HD| - [0] - C:\Program Files (x86)\Temp [22/07/2017 18:40:29] - |D| - [16706723] - C:\Program Files (x86)\The GodFather [08/07/2017 17:05:02] - |HD| - [0] - C:\Program Files (x86)\Uninstall Information [07/07/2017 21:04:25] - |D| - [129295970] - C:\Program Files (x86)\VideoLAN [08/07/2017 20:47:23] - |D| - [1099146] - C:\Program Files (x86)\VulkanRT [18/03/2017 23:03:28] - |D| - [2001344] - C:\Program Files (x86)\Windows Defender [19/07/2017 17:53:20] - |D| - [1243366890] - C:\Program Files (x86)\Windows Kits [31/07/2017 08:01:20] - |AD| - [284666339] - C:\Program Files (x86)\Windows Live [18/03/2017 23:03:28] - |D| - [5924864] - C:\Program Files (x86)\Windows Mail [20/03/2017 07:10:55] - |D| - [3254425] - C:\Program Files (x86)\Windows Media Player [31/07/2017 08:01:20] - |AD| - [126352980] - C:\Program Files (x86)\Windows Movie Maker [18/03/2017 23:03:28] - |D| - [42960] - C:\Program Files (x86)\Windows Multimedia Platform [18/03/2017 23:03:28] - |D| - [7569090] - C:\Program Files (x86)\Windows NT [18/03/2017 23:03:28] - |D| - [5365568] - C:\Program Files (x86)\Windows Photo Viewer [18/03/2017 23:03:28] - |D| - [42960] - C:\Program Files (x86)\Windows Portable Devices [18/03/2017 23:03:28] - |SHD| - [0] - C:\Program Files (x86)\Windows Sidebar [18/03/2017 23:03:28] - |D| - [2184102] - C:\Program Files (x86)\WindowsPowerShell ---------- | C:\Program Files [08/07/2017 07:23:34] - |AD| - [5033516] - C:\Program Files\7-Zip [01/08/2017 16:06:56] - |D| - [1930042] - C:\Program Files\Alex Feinman [06/04/2017 08:06:40] - |AD| - [613987] - C:\Program Files\Bonjour [18/03/2017 23:03:28] - |D| - [421566069] - C:\Program Files\Common Files [01/08/2017 16:03:53] - |D| - [42867423] - C:\Program Files\DAEMON Tools Lite [18/03/2017 23:03:33] - |ASH| - [174] - C:\Program Files\desktop.ini [07/07/2017 17:45:17] - |SHD| - [421566069] - C:\Program Files\Fichiers communs [17/07/2017 16:20:41] - |AD| - [134411881] - C:\Program Files\glassfish-4.1.1 [14/08/2017 19:37:52] - |D| - [0] - C:\Program Files\Highresolution Enterprises [06/04/2017 08:04:49] - |D| - [219419835] - C:\Program Files\HP [06/04/2017 08:08:37] - |D| - [1336856] - C:\Program Files\HPCommRecovery [06/04/2017 09:39:47] - |AD| - [104276903] - C:\Program Files\Intel [18/03/2017 23:03:28] - |D| - [2644570] - C:\Program Files\Internet Explorer [17/07/2017 16:13:20] - |D| - [372169148] - C:\Program Files\Java [06/04/2017 09:50:30] - |D| - [97734574] - C:\Program Files\mcafee [06/04/2017 09:50:30] - |D| - [0] - C:\Program Files\mcafee.com [06/04/2017 08:09:16] - |D| - [8850832] - C:\Program Files\Microsoft Office 15 [31/07/2017 18:41:48] - |AD| - [55725526] - C:\Program Files\Microsoft Silverlight [16/08/2017 12:05:00] - |D| - [1589005] - C:\Program Files\Microsoft SQL Server [08/07/2017 17:51:52] - |D| - [25757] - C:\Program Files\MSBuild [17/07/2017 16:14:43] - |AD| - [750232061] - C:\Program Files\NetBeans 8.2 [15/07/2017 12:47:02] - |D| - [9001377] - C:\Program Files\Notepad++ [08/07/2017 17:04:51] - |D| - [1542776418] - C:\Program Files\NVIDIA Corporation [06/04/2017 08:06:11] - |RD| - [1230] - C:\Program Files\Online Services [21/08/2017 18:07:40] - |AD| - [53264390] - C:\Program Files\RapidTyping 5 [08/07/2017 17:04:25] - |D| - [45052838] - C:\Program Files\Realtek [08/07/2017 17:51:52] - |D| - [36854953] - C:\Program Files\Reference Assemblies [06/04/2017 08:08:08] - |D| - [0] - C:\Program Files\SteelSeries [29/07/2016 14:32:32] - |HD| - [0] - C:\Program Files\Uninstall Information [19/07/2017 15:35:29] - |D| - [2968959972] - C:\Program Files\Unity [07/07/2017 23:19:42] - |AD| - [9438793] - C:\Program Files\UNP [11/07/2017 13:40:13] - |D| - [490575] - C:\Program Files\Virtual Audio Cable [18/03/2017 23:03:28] - |RD| - [16330682] - C:\Program Files\Windows Defender [31/07/2017 08:02:03] - |D| - [52928] - C:\Program Files\Windows Live [18/03/2017 23:03:28] - |D| - [6145536] - C:\Program Files\Windows Mail [20/03/2017 07:10:55] - |D| - [4781757] - C:\Program Files\Windows Media Player [18/03/2017 23:03:28] - |D| - [49688] - C:\Program Files\Windows Multimedia Platform [18/03/2017 23:03:28] - |D| - [7835330] - C:\Program Files\Windows NT [18/03/2017 23:03:28] - |D| - [6169408] - C:\Program Files\Windows Photo Viewer [18/03/2017 23:03:28] - |D| - [49696] - C:\Program Files\Windows Portable Devices [18/03/2017 23:03:28] - |D| - [95352] - C:\Program Files\Windows Security [18/03/2017 23:03:28] - |SHD| - [0] - C:\Program Files\Windows Sidebar [18/03/2017 23:03:28] - |HD| - [3995456046] - C:\Program Files\WindowsApps [18/03/2017 23:03:28] - |D| - [2433872] - C:\Program Files\WindowsPowerShell ---------- | C:\Program Files (x86)\Common Files [11/07/2017 16:00:38] - |AD| - [471897698] - C:\Program Files (x86)\Common Files\Adobe [01/08/2017 13:13:11] - |D| - [66304366] - C:\Program Files (x86)\Common Files\Apple [18/07/2017 07:00:09] - |AD| - [47984] - C:\Program Files (x86)\Common Files\DESIGNER [15/07/2017 08:12:38] - |D| - [2572005] - C:\Program Files (x86)\Common Files\Hewlett-Packard [15/07/2017 08:12:43] - |D| - [1413188] - C:\Program Files (x86)\Common Files\HP [06/04/2017 09:45:26] - |D| - [249268] - C:\Program Files (x86)\Common Files\Intel Corporation [19/07/2017 20:46:31] - |D| - [1941064] - C:\Program Files (x86)\Common Files\Java [06/04/2017 09:50:23] - |D| - [3191576] - C:\Program Files (x86)\Common Files\McAfee [16/08/2017 12:48:42] - |D| - [2221] - C:\Program Files (x86)\Common Files\Microsoft [18/03/2017 23:03:28] - |AD| - [40855758] - C:\Program Files (x86)\Common Files\Microsoft Shared [06/04/2017 09:39:47] - |D| - [204796] - C:\Program Files (x86)\Common Files\PostureAgent [18/03/2017 23:03:28] - |D| - [2702] - C:\Program Files (x86)\Common Files\Services [07/07/2017 20:36:31] - |D| - [3772480] - C:\Program Files (x86)\Common Files\Steam [18/03/2017 23:03:28] - |D| - [9596811] - C:\Program Files (x86)\Common Files\System [31/07/2017 08:02:43] - |D| - [0] - C:\Program Files (x86)\Common Files\Windows Live [08/07/2017 07:32:35] - |D| - [68307456] - C:\Program Files (x86)\Common Files\Wise Installation Wizard ---------- | C:\Program Files\Common files [06/04/2017 09:50:24] - |D| - [3616520] - C:\Program Files\Common files\AV [06/04/2017 09:50:30] - |D| - [111496] - C:\Program Files\Common files\Intel Security [06/04/2017 09:50:24] - |D| - [253664986] - C:\Program Files\Common files\McAfee [18/03/2017 23:03:28] - |D| - [153852658] - C:\Program Files\Common files\microsoft shared [18/03/2017 23:03:28] - |D| - [2702] - C:\Program Files\Common files\Services [18/03/2017 23:03:28] - |D| - [10317707] - C:\Program Files\Common files\System ---------- | Tasks [MD5.3955836C207B3914B41B06034A04BCBD] - [22/08/2017 09:57:43] - |A| - [214] - C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job [MD5.85AD373D3264CD7C1E7969283350AAC6] - [06/04/2017 08:08:30] - |A| - [1222] - C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job [MD5.53D384DF960ECC9ACF9D290E1F4959D1] - [06/04/2017 08:08:31] - |A| - [1226] - C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job [MD5.4D826EA605C02D626E38574F43A4DDF8] - [14/08/2017 17:12:50] - |A| - [364] - C:\WINDOWS\Tasks\HPCeeScheduleForcamil.job [MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [08/07/2017 17:14:04] - |AH| - [6] - C:\WINDOWS\Tasks\SA.DAT [MD5.D0CE7C7D2539A6D869363194EF47C685] - [11/07/2017 16:01:03] - |A| - [4562] - C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task : C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [MD5.00000000000000000000000000000000] - [07/08/2017 14:08:56] - |D| - [3516] - C:\WINDOWS\System32\Tasks\Apple [MD5.C9985D0F3ED916EE80D4E300E3C52419] - [08/07/2017 17:14:01] - |A| - [2262] - C:\WINDOWS\System32\Tasks\DropboxOEM : "%ProgramFiles(x86)%\Dropbox\DropboxOEM\DropboxOEM.exe" [MD5.046CB0952C45C49C6BE3FF290375CE9E] - [08/07/2017 17:14:01] - |A| - [3516] - C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore : C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [MD5.69E65469F2DD6BB07B33B5365F1E3EF3] - [08/07/2017 17:14:01] - |A| - [3740] - C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA : C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [MD5.F52F2D1B25BFBC5DA0F04E8BD47A05D8] - [16/07/2017 12:21:20] - |A| - [3462] - C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [MD5.2F7ED166A615ECC3A3268D7C608CA697] - [16/07/2017 12:21:20] - |A| - [3586] - C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [MD5.4EC4FEA6BC35ABAFF053A963754BAD63] - [01/08/2017 19:06:58] - |A| - [3672] - C:\WINDOWS\System32\Tasks\gsxklqxk : C:\Users\camil\gsxklqxk\fdsye.exe [MD5.00000000000000000000000000000000] - [08/07/2017 17:14:01] - |D| - [35656] - C:\WINDOWS\System32\Tasks\Hewlett-Packard [MD5.A3CA10BCAC4E4335240B6D65EADB88BE] - [08/07/2017 17:14:02] - |A| - [2488] - C:\WINDOWS\System32\Tasks\HPAudioSwitch : "C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe" [MD5.856FCE488B776EE31BBAC7FC4A71F3D3] - [14/08/2017 17:12:50] - |A| - [3256] - C:\WINDOWS\System32\Tasks\HPCeeScheduleForcamil : C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [MD5.577E8CDCEA40DF253CD4DD793EED0BAC] - [08/07/2017 17:14:02] - |A| - [2504] - C:\WINDOWS\System32\Tasks\HPEA3JOBS : C:\Program [MD5.A6C20BC6ADE04919B8AB3FDB7FCEE67E] - [08/07/2017 17:14:02] - |A| - [2302] - C:\WINDOWS\System32\Tasks\HPJumpStartLaunch : "C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe" [MD5.09650088CE3965E8EB34EB949C199736] - [08/07/2017 17:14:02] - |A| - [3118] - C:\WINDOWS\System32\Tasks\Intel PTT EK Recertification : "C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe" [MD5.00000000000000000000000000000000] - [18/03/2017 23:03:29] - |D| - [531194] - C:\WINDOWS\System32\Tasks\Microsoft [MD5.B49887748DBC6C7F05EF4ED813D4426D] - [11/07/2017 13:09:23] - |A| - [4178] - C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1814063B-F81F-4B74-953F-53F3F28DAB11} : C:\WINDOWS\system32\msfeedssync.exe [MD5.00000000000000000000000000000000] - [18/03/2017 23:03:29] - |D| - [0] - C:\WINDOWS\Syswow64\Tasks\Microsoft ---------- | Firewall [HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules] "Wininit-Shutdown-In-Rule-TCP-RPC"=v2.27|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%systemroot%\system32\wininit.exe|Name=@firewallapi.dll,-36753|Desc=@firewallapi.dll,-36754|EmbedCtxt=@firewallapi.dll,-36751| "Wininit-Shutdown-In-Rule-TCP-RPC-EPMapper"=v2.27|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC-EPMap|App=%systemroot%\system32\wininit.exe|Name=@firewallapi.dll,-36755|Desc=@firewallapi.dll,-36756|EmbedCtxt=@firewallapi.dll,-36751| "WiFiDirect-KM-Driver-In-TCP"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=System|Name=@wlansvc.dll,-37378|Desc=@wlansvc.dll,-37890|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "WiFiDirect-KM-Driver-Out-TCP"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=System|Name=@wlansvc.dll,-37379|Desc=@wlansvc.dll,-37891|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "WiFiDirect-KM-Driver-In-UDP"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=System|Name=@wlansvc.dll,-37380|Desc=@wlansvc.dll,-37892|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "WiFiDirect-KM-Driver-Out-UDP"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=System|Name=@wlansvc.dll,-37381|Desc=@wlansvc.dll,-37893|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "DeliveryOptimization-TCP-In"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-102|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE| "DeliveryOptimization-UDP-In"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-103|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE| "Netlogon-NamedPipe-In"=v2.27|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|Name=@netlogon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010| "Netlogon-TCP-RPC-In"=v2.27|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%SystemRoot%\System32\lsass.exe|Name=@netlogon.dll,-1008|Desc=@netlogon.dll,-1009|EmbedCtxt=@netlogon.dll,-1010| "WirelessDisplay-In-TCP"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10200|Desc=@wifidisplay.dll,-10201|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Out-TCP"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10202|Desc=@wifidisplay.dll,-10203|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Out-UDP"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10204|Desc=@wifidisplay.dll,-10205|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Infra-In-TCP"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7250|App=%systemroot%\system32\CastSrv.exe|Name=@wifidisplay.dll,-10206|Desc=@wifidisplay.dll,-10207|EmbedCtxt=@wifidisplay.dll,-100| "MDNS-In-UDP"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort2_24=mDNS|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@%SystemRoot%\system32\firewallapi.dll,-37303|Desc=@%SystemRoot%\system32\firewallapi.dll,-37304|EmbedCtxt=@%SystemRoot%\system32\firewallapi.dll,-37302| "MDNS-Out-UDP"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|LPort=5353|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@%SystemRoot%\system32\firewallapi.dll,-37305|Desc=@%SystemRoot%\system32\firewallapi.dll,-37306|EmbedCtxt=@%SystemRoot%\system32\firewallapi.dll,-37302| "{6E41688C-99F7-4D79-8F34-5A4405893ED1}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Microsoft Sudoku|Desc=Microsoft Sudoku|LUOwn=S-1-5-21-1936536703-1594352767-2527930774-1001|AppPkgId=S-1-15-2-1674745312-3152857778-1098653767-330323997-3364444890-881917274-780845233|EmbedCtxt=Microsoft Sudoku|Platform=2:6:2|Platform2=GTEQ| "{E110527F-DAC2-42EB-8CF1-6916D8A09E22}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Name=Microsoft Sudoku|Desc=Microsoft Sudoku|LUOwn=S-1-5-21-1936536703-1594352767-2527930774-1001|AppPkgId=S-1-15-2-1674745312-3152857778-1098653767-330323997-3364444890-881917274-780845233|EmbedCtxt=Microsoft Sudoku|Platform=2:6:2|Platform2=GTEQ| "{4AAF28FD-9ACE-4EF5-A0A3-1193902B82BC}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-1936536703-1594352767-2527930774-1001|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ| "{2D19CFD6-C68F-4043-9F3F-09B4D97CCDDD}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-1936536703-1594352767-2527930774-1001|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ| "{E2DC5269-2971-4768-8D89-965DFF7502B9}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Microsoft Sticky Notes|Desc=Microsoft Sticky Notes|LUOwn=S-1-5-21-1936536703-1594352767-2527930774-1001|AppPkgId=S-1-15-2-3539788797-2700867667-1432428195-1581642-2885308443-3834444517-2495346167|EmbedCtxt=Microsoft Sticky Notes|Platform=2:6:2|Platform2=GTEQ| "{681313EB-4A45-48ED-8F10-EC60476FCBCF}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Name=Microsoft Sticky Notes|Desc=Microsoft Sticky Notes|LUOwn=S-1-5-21-1936536703-1594352767-2527930774-1001|AppPkgId=S-1-15-2-3539788797-2700867667-1432428195-1581642-2885308443-3834444517-2495346167|EmbedCtxt=Microsoft Sticky Notes|Platform=2:6:2|Platform2=GTEQ| "{07FA1D86-6F4A-4147-950D-91F24D3D7219}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=HP JumpStart|Desc=HP JumpStart|LUOwn=S-1-5-21-1936536703-1594352767-2527930774-1001|AppPkgId=S-1-15-2-955282133-2385331838-3821351064-111986934-3566959149-2149918669-425275083|EmbedCtxt=HP JumpStart|Platform=2:6:2|Platform2=GTEQ| "{64FDC21C-EE05-4C20-A702-D56570A352CD}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Name=HP JumpStart|Desc=HP JumpStart|LUOwn=S-1-5-21-1936536703-1594352767-2527930774-1001|AppPkgId=S-1-15-2-955282133-2385331838-3821351064-111986934-3566959149-2149918669-425275083|EmbedCtxt=HP JumpStart|Platform=2:6:2|Platform2=GTEQ| "{3521F92D-3223-428E-AB22-DF203EB50C6C}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Name=HP LOUNGE|Desc=HP Lounge|LUOwn=S-1-5-21-1936536703-1594352767-2527930774-1001|AppPkgId=S-1-15-2-285658676-2969362761-3479356617-995572392-3740418970-106352598-405418177|EmbedCtxt=HP LOUNGE|Platform=2:6:2|Platform2=GTEQ| "{0BCFD2E9-BE59-479F-9A4D-5C465114CF20}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=C:\Users\camil\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (UDP-Out) (camil)|Desc=Allow µTorrent network traffic| "{23999BDF-F874-4019-9958-8357422DA1C1}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Users\camil\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (camil)| "{98B158AB-8F04-4F52-A1E4-586154E8EB2C}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Users\camil\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (camil)| "{82FA78BB-D286-4CF5-9D74-82792933E4D5}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Users\camil\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (UDP-In) (camil)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE| "{0A41A2D7-0883-4854-B3EF-A43E8C522A9E}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=C:\Users\camil\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (TCP-Out) (camil)|Desc=Allow µTorrent network traffic| "{5851220D-E753-45E5-BF72-F089DCF33A3B}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Users\camil\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (TCP-In) (camil)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE| "{0165CFF3-26B3-479E-99F6-27B52F1FE9F6}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Mozilla Firefox\firefox.exe|Name=Firefox (C:\Program Files (x86)\Mozilla Firefox)| "{524B5CFA-7004-4E2E-B749-2A09BB731D32}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Mozilla Firefox\firefox.exe|Name=Firefox (C:\Program Files (x86)\Mozilla Firefox)| "{1FEF0841-B976-407F-8880-1F14AFB4DE2F}"=v2.26|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe|Name=CyberLink PowerDVD 14.0|Desc=CyberLink PowerDVD 14.0| "{214E2FCE-2CE7-4E22-80CE-B1542D85E091}"=v2.26|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe|Name=CyberLink PowerDVD14 Movie Module|Desc=CyberLink PowerDVD14 Movie Module| "{9DAAA31E-ABA7-428D-B8D7-3D9666766200}"=v2.26|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe|Name=CyberLink PowerDVD 14 Media Server Service|Desc=CyberLink Media Server| "{F6995F4A-3AD4-4C7F-8735-0AD07A96C192}"=v2.26|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe|Name=CyberLink PowerDVD14|Desc=CyberLink PowerDVD14| "{ED35B609-E60D-44CB-B578-A49E2FA446CF}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=47995|LPort=47998|LPort=47999|LPort=48000|LPort=48010|App=C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe|Name=SHIELD Streaming NvStreamer UDP Exception|Desc=UDP exceptions for SHIELD Streaming NvStreamer (RTSP/RI/A/V)| "{BE721207-8812-4AE3-96E8-C581647ACA99}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=35043|LPort=47995|LPort=48010|App=C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe|Name=SHIELD Streaming NvStreamer TCP Exception|Desc=TCP exceptions for SHIELD Streaming NvStreamer (RTSP/RI)| "{08EF31DB-CF20-49AA-A5CC-4A52CD1C2E1B}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=47998|App=C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe|Name=SHIELD Streaming SSAU UDP Exception|Desc=UDP exceptions for SHIELD Streaming SSAU (NWT)| "{D499C009-0B7E-4C90-9F22-98DC9B03F069}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=443|App=C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe|Name=NVIDIA Network Service TCP Exception (HTTPS)|Desc=TCP exceptions for NVIDIA Network Service| "{31C5A010-2E1A-4DC4-82A5-CF7FC9EFD75F}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=80|App=C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe|Name=NVIDIA Network Service TCP Exception (HTTP)|Desc=TCP exceptions for NVIDIA Network Service| "{040A79C4-2222-4B4E-8367-5FD4112D5CB3}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Bonjour\mDNSResponder.exe|Name=Service Bonjour| "{910C8F1F-209A-40D3-877C-BA4BADF9E596}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Bonjour\mDNSResponder.exe|Name=Service Bonjour| "{BE4CD60C-A0D3-4CE3-8F8E-2324BE4828F4}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\Bonjour\mDNSResponder.exe|Name=Service Bonjour| "{1935FAEE-BC45-401E-B5F3-92CD7DC2EE52}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\Bonjour\mDNSResponder.exe|Name=Service Bonjour| "{EA7DDB68-9BAB-490A-B446-78D0AB09BD6E}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-21-1936536703-1594352767-2527930774-500|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2:6:2|Platform2=GTEQ| "{F0FDBB7E-D2E2-4615-8698-5803C13C9A53}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-18|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2:6:2|Platform2=GTEQ| "{60D8F3B4-8F52-44F9-8D53-7B9CAF77986D}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Holographic Item Player|Desc=Holographic Item Player|LUOwn=S-1-5-21-1936536703-1594352767-2527930774-1001|AppPkgId=S-1-15-2-2848169271-1944770290-2690789639-3499139168-2840136067-3338101526-125811250|EmbedCtxt=Holographic Item Player|Platform=2:6:2|Platform2=GTEQ| "{7316E571-E9BF-46C4-9D6D-F2F4896BFE94}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{EnvironmentsApp_10.0.15063.0_neutral__cw5n1h2txyewy?ms-resource://EnvironmentsApp/resources/DisplayName}|Desc=@{EnvironmentsApp_10.0.15063.0_neutral__cw5n1h2txyewy?ms-resource://EnvironmentsApp/resources/Description}|LUOwn=S-1-5-21-1936536703-1594352767-2527930774-1001|AppPkgId=S-1-15-2-968169919-1126953557-685195956-86120492-1320233397-643893155-1374718203|EmbedCtxt=@{EnvironmentsApp_10.0.15063.0_neutral__cw5n1h2txyewy?ms-resource://EnvironmentsApp/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ| "{EF43CDEA-4B98-448D-B56A-D802AAA24222}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Wallet|Desc=Wallet|LUOwn=S-1-5-21-1936536703-1594352767-2527930774-1001|AppPkgId=S-1-15-2-567501097-281763132-502764112-1855211022-3143306454-2372101908-561929011|EmbedCtxt=Wallet|Platform=2:6:2|Platform2=GTEQ| "TCP Query User{4AF926FF-9356-4948-B232-014DD035D7F5}C:\games\battlefield 1\bf1.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\games\battlefield 1\bf1.exe|Name=Battlefield™ 1|Desc=Battlefield™ 1|Defer=User| "UDP Query User{33BD8238-56ED-40B7-80F3-EAFE7E44EA87}C:\games\battlefield 1\bf1.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\games\battlefield 1\bf1.exe|Name=Battlefield™ 1|Desc=Battlefield™ 1|Defer=User| "{0733E8E4-3564-4A9B-87A7-DF9278017F89}"=v2.27|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\games\battlefield 1\bf1.exe|Name=Battlefield™ 1|Desc=Battlefield™ 1| "{FB23A97F-D3AB-43B4-89B4-B7B80729A8EC}"=v2.27|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\games\battlefield 1\bf1.exe|Name=Battlefield™ 1|Desc=Battlefield™ 1| "TCP Query User{D1F05B23-5381-4227-BA3C-020EB45DF1CD}C:\games\far cry - primal\bin\fcprimal.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\games\far cry - primal\bin\fcprimal.exe|Name=Far Cry Primal|Desc=Far Cry Primal|Defer=User| "UDP Query User{70C9C266-4C7A-4CE1-A772-809184B1B9A8}C:\games\far cry - primal\bin\fcprimal.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\games\far cry - primal\bin\fcprimal.exe|Name=Far Cry Primal|Desc=Far Cry Primal|Defer=User| "{4809E8E2-9B98-4D59-A1A6-B07666049316}"=v2.27|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\games\far cry - primal\bin\fcprimal.exe|Name=Far Cry Primal|Desc=Far Cry Primal| "{65C1A724-F6AB-47AA-8030-67C85078D9E5}"=v2.27|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\games\far cry - primal\bin\fcprimal.exe|Name=Far Cry Primal|Desc=Far Cry Primal| "{6628B78E-0046-4144-8C69-B69F02E9E033}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Deezer Music|Desc=Deezer Music|LUOwn=S-1-5-21-1936536703-1594352767-2527930774-1001|AppPkgId=S-1-15-2-3995850928-445304664-2757738950-2274806189-480255890-1635684094-1864967084|EmbedCtxt=Deezer Music|Platform=2:6:2|Platform2=GTEQ| "{E6586DDF-2DEE-41B0-9A08-B2A12BF93465}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Deezer Music|Desc=Deezer Music|LUOwn=S-1-5-21-1936536703-1594352767-2527930774-1001|AppPkgId=S-1-15-2-3995850928-445304664-2757738950-2274806189-480255890-1635684094-1864967084|EmbedCtxt=Deezer Music|Platform=2:6:2|Platform2=GTEQ| "{0BE4D2CA-3FEE-44AA-8E35-280958C6FA73}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox Game bar|Desc=Xbox Game bar|LUOwn=S-1-5-21-1936536703-1594352767-2527930774-1001|AppPkgId=S-1-15-2-1823635404-1364722122-2170562666-1762391777-2399050872-3465541734-3732476201|EmbedCtxt=Xbox Game bar|Platform=2:6:2|Platform2=GTEQ| "{1435BF81-4EB1-4724-8912-DC063971E4BF}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=427|RPort=427|App=C:\WINDOWS\system32\svchost.exe|Svc=HPSLPSVC|Name=SLP_Service|Desc=SLP_Service| "{EBD9B6CF-D746-4CE0-8A6B-3AF5D1860A50}"=v2.27|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe|Name=hpqtra08.exe|Desc=C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe| "{7893D68D-D1F3-460A-932C-D9354818C802}"=v2.27|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe|Name=hpqste08.exe|Desc=C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe| "{D052C8C5-145D-4D45-B2EF-8AF58C3F720B}"=v2.27|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe|Name=hposid01.exe|Desc=C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe| "{B3E903B2-2223-476F-879F-33BDAB87F962}"=v2.27|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe|Name=hpqkygrp.exe|Desc=C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe| "{DB609DDC-C314-43D0-83C4-E8DDFF1A72C2}"=v2.27|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe|Name=hpqcopy2.exe|Desc=C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe| "{74D5390F-DD88-458A-A18F-A49ABC8AB4A8}"=v2.27|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe|Name=hpfccopy.exe|Desc=C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe| "{8AEB21F3-09FC-4295-B818-989A6B51C4ED}"=v2.27|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe|Name=hpoews01.exe|Desc=C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe| "{D73B99A1-3AD3-4A8A-8A83-B9FE03C5B111}"=v2.27|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe|Name=hpiscnapp.exe|Desc=C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe| "{923E7D4C-5E7F-4ACF-9FCB-DFC4543EEFA5}"=v2.27|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe|Name=hpqgplgtupl.exe|Desc=C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe| "{31DA71E0-4080-4C38-A28C-7DD3D689308D}"=v2.27|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe|Name=hpqgpc01.exe|Desc=C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe| "{B9192A2F-83F0-495E-BE64-316191C804CB}"=v2.27|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe|Name=hpqusgm.exe|Desc=C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe| "{9748FFFA-2068-444F-9803-359F03CE4525}"=v2.27|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe|Name=hpqusgh.exe|Desc=C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe| "{CEE738AF-1896-46C9-8BCA-419B1042F45F}"=v2.27|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HP\hp software update\hpwucli.exe|Name=hpwucli.exe|Desc=C:\Program Files (x86)\HP\hp software update\hpwucli.exe| "{3E909DAC-52D3-45CA-B7E9-88AA04DF0706}"=v2.27|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Corona Labs\Corona\Corona.LiveServer.exe|Name=Corona Live Server|Edge=TRUE| "{2DE6ED56-7FD1-400C-A786-E41ABEDD0E09}"=v2.27|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Corona Labs\Corona\Corona.Debugger.exe|Name=Corona Debugger|Edge=TRUE| "{738B437B-2C2B-4C17-9B6B-5E41CB68063F}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Phototastic Collage|Desc=Phototastic Collage|LUOwn=S-1-5-21-1936536703-1594352767-2527930774-1001|AppPkgId=S-1-15-2-2502358608-583759769-2409807134-3449801485-999338879-2502503695-2304874636|EmbedCtxt=Phototastic Collage|Platform=2:6:2|Platform2=GTEQ| "TCP Query User{C708B588-905D-47F8-B819-EBEE9DECF502}C:\program files\unity\editor\unity.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files\unity\editor\unity.exe|Name=Unity Editor|Desc=Unity Editor| "UDP Query User{A829ED8A-4B88-4FF8-B3EF-6BC1899C00E1}C:\program files\unity\editor\unity.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files\unity\editor\unity.exe|Name=Unity Editor|Desc=Unity Editor| "{635741F2-CAE3-425C-BAE3-F84FFBBD018C}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{A278AB0D.MarchofEmpires_2.6.1.1_x86__h6adky7gbf63m?ms-resource://A278AB0D.MarchofEmpires/Resources/MarchOfEmpires}|Desc=@{A278AB0D.MarchofEmpires_2.6.1.1_x86__h6adky7gbf63m?ms-resource://A278AB0D.MarchofEmpires/Resources/MarchOfEmpires}|LUOwn=S-1-5-21-1936536703-1594352767-2527930774-1001|AppPkgId=S-1-15-2-792116756-2163651165-1029707900-2144380252-3717869303-3061844081-355238664|EmbedCtxt=@{A278AB0D.MarchofEmpires_2.6.1.1_x86__h6adky7gbf63m?ms-resource://A278AB0D.MarchofEmpires/Resources/MarchOfEmpires}|Platform=2:6:2|Platform2=GTEQ| "{AD4912C1-4F94-4BBE-9743-B8C64963231A}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=@{A278AB0D.MarchofEmpires_2.6.1.1_x86__h6adky7gbf63m?ms-resource://A278AB0D.MarchofEmpires/Resources/MarchOfEmpires}|Desc=@{A278AB0D.MarchofEmpires_2.6.1.1_x86__h6adky7gbf63m?ms-resource://A278AB0D.MarchofEmpires/Resources/MarchOfEmpires}|LUOwn=S-1-5-21-1936536703-1594352767-2527930774-1001|AppPkgId=S-1-15-2-792116756-2163651165-1029707900-2144380252-3717869303-3061844081-355238664|EmbedCtxt=@{A278AB0D.MarchofEmpires_2.6.1.1_x86__h6adky7gbf63m?ms-resource://A278AB0D.MarchofEmpires/Resources/MarchOfEmpires}|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "TCP Query User{61A3AEE9-90A6-4352-BBF7-7757BC057761}C:\games\rise of the tomb raider - 20 years celebration\rottr.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\games\rise of the tomb raider - 20 years celebration\rottr.exe|Name=Rise of the Tomb Raider|Desc=Rise of the Tomb Raider|Defer=User| "UDP Query User{FCC6EB28-57B5-4693-8BCD-984C5E12A29B}C:\games\rise of the tomb raider - 20 years celebration\rottr.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\games\rise of the tomb raider - 20 years celebration\rottr.exe|Name=Rise of the Tomb Raider|Desc=Rise of the Tomb Raider|Defer=User| "TCP Query User{C5036404-9D01-47E3-ABA2-3CE007151E1B}C:\program files (x86)\steam\steamapps\common\downward\downward\binaries\win64\downward.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files (x86)\steam\steamapps\common\downward\downward\binaries\win64\downward.exe|Name=UE4Game|Desc=UE4Game|Defer=User| "UDP Query User{70C73D01-72D0-4DEC-BABA-9AA9968ED444}C:\program files (x86)\steam\steamapps\common\downward\downward\binaries\win64\downward.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files (x86)\steam\steamapps\common\downward\downward\binaries\win64\downward.exe|Name=UE4Game|Desc=UE4Game|Defer=User| "{490B9598-9683-4206-8A9F-3323EEB30B22}"=v2.27|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe|Name=Windows Live Communications Platform|Edge=TRUE| "{26D803B2-40A0-4A89-8277-6D4F28531845}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|Name=Windows Live Communications Platform (UPnP)| "{39F3F64C-364E-4B52-B025-C1A8E832C6AB}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|Name=Windows Live Communications Platform (SSDP)| "{02C451E2-20AA-4B81-87A9-9444C6CAFF80}"=v2.27|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe|Name=WebKit|Edge=TRUE| "TCP Query User{E9F418FF-230B-42CE-A0C2-87C403823B33}C:\users\camil\appdata\roaming\spotify\spotify.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\camil\appdata\roaming\spotify\spotify.exe|Name=spotify.exe|Desc=spotify.exe|Defer=User| "UDP Query User{F0A19EE3-0371-4C3F-A3D3-EF35AB1AFA32}C:\users\camil\appdata\roaming\spotify\spotify.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\camil\appdata\roaming\spotify\spotify.exe|Name=spotify.exe|Desc=spotify.exe|Defer=User| "{05592344-E57A-4B25-A0EF-A4A87CBCE33E}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=One Calendar|Desc=One Calendar|LUOwn=S-1-5-21-1936536703-1594352767-2527930774-1001|AppPkgId=S-1-15-2-2109895800-839082388-4006170550-1287902502-372411946-1068844273-4186338438|EmbedCtxt=One Calendar|Platform=2:6:2|Platform2=GTEQ| "{718F8DDC-26CC-44C5-95D5-7C79DB9311AE}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=HP Smart|Desc=HP Smart|LUOwn=S-1-5-21-1936536703-1594352767-2527930774-1001|AppPkgId=S-1-15-2-744533573-2444454674-265863901-3215465728-4115286053-1341080355-789689510|EmbedCtxt=HP Smart|Platform=2:6:2|Platform2=GTEQ| "{B8559600-CA77-462D-AD8B-EA82EBB1C555}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=HP Smart|Desc=HP Smart|LUOwn=S-1-5-21-1936536703-1594352767-2527930774-1001|AppPkgId=S-1-15-2-744533573-2444454674-265863901-3215465728-4115286053-1341080355-789689510|EmbedCtxt=HP Smart|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{8AEF3A4C-D3DA-4731-A8B6-E24B7795E483}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Public|IFType=Wireless|Name=HP Smart|Desc=HP Smart|LUOwn=S-1-5-21-1936536703-1594352767-2527930774-1001|AppPkgId=S-1-15-2-744533573-2444454674-265863901-3215465728-4115286053-1341080355-789689510|EmbedCtxt=HP Smart|Platform=2:6:2|Platform2=GTEQ|TTK2_22=WFDDevices| "{55108EA7-994F-4F59-B6AC-E8CAD673CD98}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Public|IFType=Wireless|Name=HP Smart|Desc=HP Smart|LUOwn=S-1-5-21-1936536703-1594352767-2527930774-1001|AppPkgId=S-1-15-2-744533573-2444454674-265863901-3215465728-4115286053-1341080355-789689510|EmbedCtxt=HP Smart|Platform=2:6:2|Platform2=GTEQ|TTK2_22=WFDDevices| "{273F0B5C-56A2-4439-A91E-C02819ADD98B}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=NONOGRAM2|Desc=NONOGRAM2|LUOwn=S-1-5-21-1936536703-1594352767-2527930774-1001|AppPkgId=S-1-15-2-2034502004-115707657-1900899218-680777635-3910517423-3218335355-1155321566|EmbedCtxt=NONOGRAM2|Platform=2:6:2|Platform2=GTEQ| "{A0A56E92-8F15-4A6C-9CA4-998F728E3FD9}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=omgTANGRAM|Desc=omgTANGRAM|LUOwn=S-1-5-21-1936536703-1594352767-2527930774-1001|AppPkgId=S-1-15-2-3491460453-52903356-2379019861-1572401165-3891943425-341701194-3789762455|EmbedCtxt=omgTANGRAM|Platform=2:6:2|Platform2=GTEQ| "{7316F7C1-312F-4550-8F84-B19969B6B2EF}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Ultimate Word Games|Desc=Microsoft Ultimate Word Games|LUOwn=S-1-5-21-1936536703-1594352767-2527930774-1001|AppPkgId=S-1-15-2-3246329098-3230233011-588582504-443901317-3747836941-355108722-2585344712|EmbedCtxt=Microsoft Ultimate Word Games|Platform=2:6:2|Platform2=GTEQ| "{67DE5BE5-AF6B-481A-A3F3-31B3517DE8B4}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Microsoft Ultimate Word Games|Desc=Microsoft Ultimate Word Games|LUOwn=S-1-5-21-1936536703-1594352767-2527930774-1001|AppPkgId=S-1-15-2-3246329098-3230233011-588582504-443901317-3747836941-355108722-2585344712|EmbedCtxt=Microsoft Ultimate Word Games|Platform=2:6:2|Platform2=GTEQ| "{46520461-56DC-424E-9C4D-8EFC24547CF0}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Jigsaw|Desc=Microsoft Jigsaw|LUOwn=S-1-5-21-1936536703-1594352767-2527930774-1001|AppPkgId=S-1-15-2-751959907-908837041-252804800-900526022-4140438912-2324401405-2423745324|EmbedCtxt=Microsoft Jigsaw|Platform=2:6:2|Platform2=GTEQ| "{289BA4F0-6F13-432C-AB4B-99E8D04D4F04}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Microsoft Jigsaw|Desc=Microsoft Jigsaw|LUOwn=S-1-5-21-1936536703-1594352767-2527930774-1001|AppPkgId=S-1-15-2-751959907-908837041-252804800-900526022-4140438912-2324401405-2423745324|EmbedCtxt=Microsoft Jigsaw|Platform=2:6:2|Platform2=GTEQ| "{758A0DE8-C73F-4E97-A07D-30FAF1E0909F}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Keeper - Free Password Manager & Secure Vault|Desc=Keeper - Free Password Manager & Secure Vault|LUOwn=S-1-5-21-1936536703-1594352767-2527930774-1001|AppPkgId=S-1-15-2-1693445186-3345176799-2248129915-4000651515-812732840-1010160964-1868342332|EmbedCtxt=Keeper - Free Password Manager & Secure Vault|Platform=2:6:2|Platform2=GTEQ| "{036C756A-6367-4B48-B180-E663E23A40D1}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Keeper - Free Password Manager & Secure Vault|Desc=Keeper - Free Password Manager & Secure Vault|LUOwn=S-1-5-21-1936536703-1594352767-2527930774-1001|AppPkgId=S-1-15-2-1693445186-3345176799-2248129915-4000651515-812732840-1010160964-1868342332|EmbedCtxt=Keeper - Free Password Manager & Secure Vault|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{C623C264-A3E2-487E-9AFC-66E57C4E2BE9}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=View 3D|Desc=View 3D|LUOwn=S-1-5-21-1936536703-1594352767-2527930774-1001|AppPkgId=S-1-15-2-3739514657-3828455176-2936196785-2025316370-1894713875-3268641221-1640234959|EmbedCtxt=View 3D|Platform=2:6:2|Platform2=GTEQ| "TCP Query User{30E7F599-9228-40AC-A056-18AB959B1944}C:\users\camil\appdata\roaming\spotify\spotify.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\camil\appdata\roaming\spotify\spotify.exe|Name=spotify.exe|Desc=spotify.exe| "UDP Query User{980B1748-F91F-4A44-8336-C0A9925C14D6}C:\users\camil\appdata\roaming\spotify\spotify.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\camil\appdata\roaming\spotify\spotify.exe|Name=spotify.exe|Desc=spotify.exe| "{FC0C6301-6955-49D9-80AF-A4DE16B964AD}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox|Desc=Xbox|LUOwn=S-1-5-21-1936536703-1594352767-2527930774-1001|AppPkgId=S-1-15-2-4153522205-3718366397-1353898457-1332184198-1210887116-3116787857-2103916698|EmbedCtxt=Xbox|Platform=2:6:2|Platform2=GTEQ| "{748B5774-C0C3-452E-B333-4458EE86E576}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox|Desc=Xbox|LUOwn=S-1-5-21-1936536703-1594352767-2527930774-1001|AppPkgId=S-1-15-2-4153522205-3718366397-1353898457-1332184198-1210887116-3116787857-2103916698|EmbedCtxt=Xbox|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{A8DE350E-74C8-4587-AEBD-4E4BAF011EE0}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{49613LetsIQ.LetsIQNonogram_3.1.13.0_x86__5kzgjcztqed00?ms-resource://49613LetsIQ.LetsIQNonogram/Resources/AppName}|Desc=@{49613LetsIQ.LetsIQNonogram_3.1.13.0_x86__5kzgjcztqed00?ms-resource://49613LetsIQ.LetsIQNonogram/Resources/AppName}|LUOwn=S-1-5-21-1936536703-1594352767-2527930774-1001|AppPkgId=S-1-15-2-764677115-2842463492-1866018248-393116772-2814241566-3232138667-260546307|EmbedCtxt=@{49613LetsIQ.LetsIQNonogram_3.1.13.0_x86__5kzgjcztqed00?ms-resource://49613LetsIQ.LetsIQNonogram/Resources/AppName}|Platform=2:6:2|Platform2=GTEQ| "{575C719F-55A3-48B2-BDCA-65D2CFF91DA0}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Netflix|Desc=Netflix|LUOwn=S-1-5-21-1936536703-1594352767-2527930774-1001|AppPkgId=S-1-15-2-444797119-353723001-3522112724-563070080-1809981734-922308773-1844997097|EmbedCtxt=Netflix|Platform=2:6:2|Platform2=GTEQ| "{0B511D3D-95D3-4589-AFBA-1027F6997CE4}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Netflix|Desc=Netflix|LUOwn=S-1-5-21-1936536703-1594352767-2527930774-1001|AppPkgId=S-1-15-2-444797119-353723001-3522112724-563070080-1809981734-922308773-1844997097|EmbedCtxt=Netflix|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{8AD54CF1-9A3A-4A0A-9F81-B10ED72E1B0D}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-1936536703-1594352767-2527930774-1001|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ| "{49D83A6E-606A-4DD6-B3FD-975458A6B2C9}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-1936536703-1594352767-2527930774-1001|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ| "{1545CA5E-E8DD-4698-B1CB-97F90860497E}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files (x86)\Google\Chrome\Application\chrome.exe|Name=Google Chrome (mDNS-In)|Desc=Règle de trafic entrant pour Google Chrome autorisant le trafic mDNS|EmbedCtxt=Google Chrome| "{BB7799D2-FC05-4C71-8211-DA50C6156DA3}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{828B5831.HiddenCityMysteryofShadows_1.15.1501.0_x86__ytsefhwckbdv6?ms-resource://828B5831.HiddenCityMysteryofShadows/Resources/AppName}|Desc=@{828B5831.HiddenCityMysteryofShadows_1.15.1501.0_x86__ytsefhwckbdv6?ms-resource://828B5831.HiddenCityMysteryofShadows/Resources/AppName}|LUOwn=S-1-5-21-1936536703-1594352767-2527930774-1001|AppPkgId=S-1-15-2-966278719-3831304650-4079404797-2493426216-2555063410-2468642337-2667656492|EmbedCtxt=@{828B5831.HiddenCityMysteryofShadows_1.15.1501.0_x86__ytsefhwckbdv6?ms-resource://828B5831.HiddenCityMysteryofShadows/Resources/AppName}|Platform=2:6:2|Platform2=GTEQ| "{14D4F6E7-19B8-4376-83F9-B21AB5DD873F}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Code de la Route|Desc=Code de la Route|LUOwn=S-1-5-21-1936536703-1594352767-2527930774-1001|AppPkgId=S-1-15-2-852157309-3615309568-3919715815-359895508-1315891423-3465084790-30964214|EmbedCtxt=Code de la Route|Platform=2:6:2|Platform2=GTEQ| "{484EA9DC-C57E-424A-96D6-D29B57405891}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Infinite Loop|Desc=Infinite Loop|LUOwn=S-1-5-21-1936536703-1594352767-2527930774-1001|AppPkgId=S-1-15-2-809978888-3483874479-3487280214-81881568-668772631-3929705899-3988045675|EmbedCtxt=Infinite Loop|Platform=2:6:2|Platform2=GTEQ| ---------- | Control\Class [HKLM\SYSTEM\CurrentControlSet\Control\Class\{05f5cfe2-4733-4950-a6bb-07aad01a3a84}] : (XboxComposite) [] -> @dc1-controller.inf,%ClassName%;Xbox Peripherals [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1264760F-A5C8-4BFE-B314-D56A7B44A362}] : (DXGKrnl) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{13e42dfa-85d9-424d-8646-28a70f864f9c}] : (RemotePosDevice) [] -> @remoteposdrv.inf,%ClassName%;POS Remote Device [HKLM\SYSTEM\CurrentControlSet\Control\Class\{14b62f50-3f15-11dd-ae16-0800200c9a66}] : (DigitalMediaDevices) [] -> @digitalmediadevice.inf,%ClassName%;Digital Media Devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}] : (PrintQueue) [] -> @printqueue.inf,%ClassName%;Print queues [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1ee986ed-9d81-43b3-b9ea-30686e6f4219}] : (PSM) [] -> @oem8.inf,%ClassName%;Intel® Power Sharing Manager [HKLM\SYSTEM\CurrentControlSet\Control\Class\{25dbce51-6c8f-4a72-8a6d-b54c2b4fc835}] : (WCEUSBS) [] -> @%SystemRoot%\System32\SysClass.Dll,-3026 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{268c95a1-edfe-11d3-95c3-0010dc4050a5}] : (Security Accelerator) [] -> @c_sslaccel.inf,%ClassName%;Security accelerators [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2a9fe532-0cdc-44f9-9827-76192f2ca2fb}] : (HidMsr) [] -> @c_magneticstripereader.inf,%ClassName%;POS HID Magnetic Stripe Reader [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2db15374-706e-4131-a0c7-d7c78eb0289a}] : (SystemRecovery) [] -> @c_fssystemrecovery.inf,%ClassDesc%;FS System recovery filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2EA9B43F-3045-43B5-80F2-FD06C55FBB90}] : (vhdmp) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B648}] : (fvevol) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B649}] : (fvevol) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{36fc9e60-c465-11cf-8056-444553540000}] : (USB) [] -> @%SystemRoot%\System32\SysClass.Dll,-3025 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3e3f0674-c83c-4558-bb26-9820e1eba5c5}] : (ContentScreener) [] -> @c_fscontentscreener.inf,%ClassDesc%;FS Content screener filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3f966bd9-fa04-4ec5-991c-d326973b5128}] : (AndroidUsbDeviceClass) [] -> @oem7.inf,%ClassName%;SAMSUNG Android Phone [HKLM\SYSTEM\CurrentControlSet\Control\Class\{43675d81-502a-4a82-9f84-b75f418c5dea}] : (Media Center Extender) [] -> @c_mcx.inf,%ClassDesc%;Media Center Extenders [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4658ee7e-f050-11d1-b6bd-00c04fa372a7}] : (PnpPrinters) [] -> @%SystemRoot%\system32\ntprint.dll,-1300 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{48721b56-6795-11d2-b1a8-0080c72e74a2}] : (Dot4) [] -> @%SystemRoot%\system32\sysclass.dll,-3023 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{48d3ebc4-4cf8-48ff-b869-9c68ad42eb9f}] : (Replication) [] -> @c_fsreplication.inf,%ClassDesc%;FS Replication filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{49ce6ac8-6f86-11d2-b1e5-0080c72e74a2}] : (Dot4Print) [] -> @%SystemRoot%\system32\sysclass.dll,-3024 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e965-e325-11ce-bfc1-08002be10318}] : (CDROM) [] -> @%SystemRoot%\System32\StorProp.dll,-17001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e966-e325-11ce-bfc1-08002be10318}] : (Computer) [] -> @%SystemRoot%\System32\SysClass.dll,-3000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}] : (DiskDrive) [] -> @c_diskdrive.inf,%ClassDesc%;Disk drives [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}] : (Display) [] -> @%SystemRoot%\System32\DispCI.dll,-3100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e969-e325-11ce-bfc1-08002be10318}] : (FDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3013 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96a-e325-11ce-bfc1-08002be10318}] : (HDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96b-e325-11ce-bfc1-08002be10318}] : (Keyboard) [] -> @%SystemRoot%\System32\SysClass.Dll,-3002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96c-e325-11ce-bfc1-08002be10318}] : (MEDIA) [] -> @%SystemRoot%\System32\mmci.dll,-3000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}] : (Modem) [] -> @%SystemRoot%\System32\mdminst.dll,-14100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96e-e325-11ce-bfc1-08002be10318}] : (Monitor) [] -> @c_monitor.inf,%ClassDesc%;Monitors [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96f-e325-11ce-bfc1-08002be10318}] : (Mouse) [] -> @%SystemRoot%\System32\SysClass.Dll,-3004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e970-e325-11ce-bfc1-08002be10318}] : (MTD) [] -> @%SystemRoot%\System32\SysClass.Dll,-3021 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e971-e325-11ce-bfc1-08002be10318}] : (MultiFunction) [] -> @%SystemRoot%\System32\SysClass.Dll,-3014 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}] : (Net) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1502 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e973-e325-11ce-bfc1-08002be10318}] : (NetClient) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1504 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e974-e325-11ce-bfc1-08002be10318}] : (NetService) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1505 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e975-e325-11ce-bfc1-08002be10318}] : (NetTrans) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1503 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e977-e325-11ce-bfc1-08002be10318}] : (PCMCIA) [] -> @%SystemRoot%\System32\SysClass.Dll,-3010 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e978-e325-11ce-bfc1-08002be10318}] : (Ports) [] -> @%SystemRoot%\System32\msports.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e979-e325-11ce-bfc1-08002be10318}] : (Printer) [] -> @%SystemRoot%\system32\ntprint.dll,-1004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97b-e325-11ce-bfc1-08002be10318}] : (SCSIAdapter) [] -> @%SystemRoot%\System32\SysClass.Dll,-3005 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97d-e325-11ce-bfc1-08002be10318}] : (System) [] -> @%SystemRoot%\System32\SysClass.Dll,-3008 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97e-e325-11ce-bfc1-08002be10318}] : (Unknown) [] -> @%SystemRoot%\System32\SysClass.Dll,-3009 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e980-e325-11ce-bfc1-08002be10318}] : (FloppyDisk) [] -> @%SystemRoot%\System32\SysClass.Dll,-3015 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4fc9541c-0fe6-4480-a4f6-9495a0d17cd2}] : (HidLineDisplay) [] -> @c_linedisplay.inf,%ClassName%;POS Line Display [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50127dc3-0f36-415e-a6cc-4cb3be910b65}] : (Processor) [] -> @c_processor.inf,%ClassDesc%;Processors [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50906cb8-ba12-11d1-bf5d-0000f805f530}] : (MultiPortSerial) [] -> @%SystemRoot%\system32\sysclass.dll,-3022 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5099944a-f6b9-4057-a056-8c550228544c}] : (Memory) [] -> @%SystemRoot%\System32\SysClass.Dll,-3018 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50dd5230-ba8a-11d1-bf5d-0000f805f530}] : (SmartCardReader) [] -> @%SystemRoot%\System32\StorProp.dll,-17002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5175d334-c371-4806-b3ba-71fd53c9258d}] : (Sensor) [] -> @%SystemRoot%\system32\SensorsCpl.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{533c5b84-ec70-11d2-9505-00c04f79deaf}] : (VolumeSnapshot) [] -> @%SystemRoot%\System32\SysClass.Dll,-3011 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53966cb1-4d46-4166-bf23-c522403cd495}] : (ScmDisk) [] -> @c_scmdisk.inf,%ClassDesc%;Persistent memory disks [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53ccb149-e543-4c84-b6e0-bce4f6b7e806}] : (ScmVolume) [] -> @c_scmvolume.inf,%ClassDesc%;Storage Class Memory volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53d29ef7-377c-4d14-864b-eb3a85769359}] : (Biometric) [] -> @%SystemRoot%\System32\SysClass.DLL,-3028 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5630831c-06c9-4856-b327-f5d32586e060}] : (Proximity) [] -> @c_proximity.inf,%ClassDesc%;Proximity devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5989fce8-9cd0-467d-8a6a-5419e31529d4}] : (AudioProcessingObject) [] -> @c_apo.inf,%ClassDesc%;Audio Processing Objects (APOs) [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5aea001d-9372-4ed7-97f3-b79bf15a53c5}] : (OposLegacyDevice) [] -> @oposdrv.inf,%ClassName%;OPOS Legacy Device [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5c4c3332-344d-483c-8739-259e934c9cc8}] : (SoftwareComponent) [] -> @c_swcomponent.inf,%ClassDesc%;Software components [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5d1b9aaa-01e2-46af-849f-272b3f324c46}] : (FSFilterSystem) [] -> @c_fssystem.inf,%ClassDesc%;FS System filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{62f9c741-b25a-46ce-b54c-9bccce08b6f2}] : (SoftwareDevice) [] -> @c_swdevice.inf,%ClassDesc%;Software devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{645ad99b-1344-4316-837a-08a3e73db222}] : (PerceptionSimulation) [] -> @PerceptionSimulationSixDof.inf,%ClassName%;Perception Simulation Controllers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6a0a8e78-bba6-4fc4-a709-1e33cd09d67e}] : (PhysicalQuotaManagement) [] -> @c_fsphysicalquotamgmt.inf,%ClassDesc%;FS Physical quota management filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc1-810f-11d0-bec7-08002be2092f}] : (1394) [] -> @%SystemRoot%\System32\SysClass.Dll,-3016 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc5-810f-11d0-bec7-08002be2092f}] : (Infrared) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1501 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc6-810f-11d0-bec7-08002be2092f}] : (Image) [] -> @%SystemRoot%\system32\sti_ci.dll,-52 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6d807884-7d21-11cf-801c-08002be10318}] : (TapeDrive) [] -> @%SystemRoot%\System32\SysClass.Dll,-3006 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6FAE73B7-B735-4B50-A0DA-0DC2484B1F1A}] : (BasicDisplay) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{71a27cdd-812a-11d0-bec7-08002be2092f}] : (Volume) [] -> @c_volume.inf,%ClassDesc%;Storage volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{71aa14f8-6fad-4622-ad77-92bb9d7e6947}] : (ContinuousBackup) [] -> @c_fscontinuousbackup.inf,%ClassDesc%;FS Continuous backup filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{72631e54-78a4-11d0-bcf7-00aa00b7b32a}] : (Battery) [] -> @%SystemRoot%\system32\powrprof.dll,-611 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{745a17a0-74d3-11d0-b6fe-00a0c90f57da}] : (HIDClass) [] -> @%SystemRoot%\System32\hid.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{772e18f2-8925-4229-a5ac-6453cb482fda}] : (HidCashDrawer) [] -> @c_cashdrawer.inf,%ClassName%;POS Cash Drawer [HKLM\SYSTEM\CurrentControlSet\Control\Class\{7ebefbc0-3200-11d2-b4c2-00a0c9697d07}] : (61883) [] -> @%SystemRoot%\System32\SysClass.Dll,-3019 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{81C87465-DE07-4EFC-9D93-61E891D52FD2}] : (RdpVideoMiniport) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8496e87e-c0a1-4102-9d8d-bd9a9b8b07a9}] : (WDC_SAM) [] -> @oem34.inf,%WDC_SAM_ClassName%;WD Drive Management devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8503c911-a6c7-4919-8f79-5028f5866b0c}] : (QuotaManagement) [] -> @c_fsquotamgmt.inf,%ClassDesc%;FS Quota management filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{87ef9ad1-8f70-49ee-b215-ab1fcadcbe3c}] : (NetDriver) [] -> @c_netdriver.inf,%ClassDesc%;Universal Network Drivers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{88a1c342-4539-11d3-b88d-00c04fad5171}] : (TS_Generic) [] -> @ts_generic.inf,%TSClassName%;Generic Remote Desktop devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{88bae032-5a81-49f0-bc3d-a4ff138216d6}] : (USBDevice) [] -> @%SystemRoot%\System32\SysClass.Dll,-3029 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{89786ff1-9c12-402f-9c9e-17753c7f4375}] : (CopyProtection) [] -> @c_fscopyprotection.inf,%ClassDesc%;FS Copy protection filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8ecc055d-047f-11d1-a537-0000f8753ed1}] : (LegacyDriver) [] -> @%SystemRoot%\System32\SysClass.Dll,-3003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{990a2bd7-e738-46c7-b26f-1cf8fb9f1391}] : (SmartCard) [] -> @%SystemRoot%\System32\SysClass.DLL,-3031 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{9d6d66a6-0b0c-4563-9077-a0e9a7955ae4}] : (Ramdisk) [] -> @ramdisk.inf,%ClassName%;RAM Disk drives [HKLM\SYSTEM\CurrentControlSet\Control\Class\{9da2b80f-f89f-4a49-a5c2-511b085b9e8a}] : (EhStorSilo) [] -> @rawsilo.inf,%ClassName%;IEEE 1667 silo and control devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a588a4-c46f-4b37-b7ea-c82fe89870c6}] : (SDHost) [] -> @%SystemRoot%\System32\SysClass.Dll,-3012 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a701c0-a511-42ff-aa6c-06dc0395576f}] : (Encryption) [] -> @c_fsencryption.inf,%ClassDesc%;FS Encryption filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{A3E32DBA-BA89-4F17-8386-2D0127FBD4CC}] : (rdpbus) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{A73C93F1-9727-4D1D-ACE1-0E333BA4E7DB}] : (nvlddmkm) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b1d1a169-c54f-4379-81db-bee7d88d7454}] : (AntiVirus) [] -> @c_fsantivirus.inf,%ClassDesc%;FS Anti-virus filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b86dff51-a31e-4bac-b3cf-e8cfe75c9fc2}] : (ActivityMonitor) [] -> @c_fsactivitymonitor.inf,%ClassDesc%;FS Activity monitor filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{bbbe8734-08fa-4966-b6a6-4e5ad010cdd7}] : (USBFunctionController) [] -> @%SystemRoot%\System32\SysClass.Dll,-3030 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c06ff265-ae09-48f0-812c-16753d7cba83}] : (AVC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3027 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c166523c-fe0c-4a94-a586-f1a80cfbbf3e}] : (AudioEndpoint) [] -> @audioendpoint.inf,%ClassName%;Audio inputs and outputs [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c243ffbd-3afc-45e9-b3d3-2ba18bc7ebc5}] : (BarcodeScanner) [] -> @c_barcodescanner.inf,%ClassName%;POS Barcode Scanner [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c30ecea0-11ef-4ef9-b02e-6af81e6e65c0}] : (WSDPrintDevice) [] -> @wsdprint.inf,%ClassName%;WSD Print Provider [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c7bc9b22-21f0-4f0d-9bb6-66c229b8cd33}] : (POSPrinter) [] -> @c_receiptprinter.inf,%ClassName%;POS Receipt Printer [HKLM\SYSTEM\CurrentControlSet\Control\Class\{cdcf0939-b75b-4630-bf76-80f7ba655884}] : (CFSMetadataServer) [] -> @c_fscfsmetadataserver.inf,%ClassDesc%;FS CFS metadata server filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{ce5939ae-ebde-11d0-b181-0000f8753ec4}] : (MediumChanger) [] -> @%SystemRoot%\System32\StorProp.dll,-17003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d02bc3da-0c8e-4945-9bd5-f1883c226c8c}] : (SecurityEnhancer) [] -> @c_fssecurityenhancer.inf,%ClassDesc%;FS Security enhancer filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d421b08e-6d16-41ca-9c4d-9147e5ac98e0}] : (Miracast) [] -> @miradisp.inf,%ClassName%;Miracast display devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d48179be-ec20-11d1-b6b8-00c04fa372a7}] : (SBP2) [] -> @%SystemRoot%\System32\SysClass.Dll,-3017 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d546500a-2aeb-45f6-9482-f4b1799c3177}] : (HSM) [] -> @c_fshsm.inf,%ClassDesc%;FS HSM filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d612553d-06b1-49ca-8938-e39ef80eb16f}] : (Holographic) [] -> @c_holographic.inf,%ClassName%;Mixed Reality devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d61ca365-5af4-4486-998b-9db4734c6ca3}] : (XnaComposite) [] -> @xusb22.inf,%XUSB22.ClassName%;Xbox 360 Peripherals [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d94ee5d8-d189-4994-83d2-f68d7d41b0e6}] : (SecurityDevices) [] -> @%SystemRoot%\System32\SysClass.Dll,-3020 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{db4f6ddd-9c0e-45e4-9597-78dbbad0f412}] : (SmartCardFilter) [] -> @%SystemRoot%\System32\SysClass.DLL,-3032 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e0cbf06c-cd8b-4647-bb8a-263b43f0f974}] : (Bluetooth) [] -> @%SystemRoot%\system32\bthci.dll,-4001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e2f84ce7-8efa-411c-aa69-97454ca4cb57}] : (Extension) [] -> @c_extension.inf,%ClassDesc%;Extensions [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e55fa6f9-128c-4d04-abab-630c74b1453a}] : (Infrastructure) [] -> @c_fsinfrastructure.inf,%ClassDesc%;FS Infrastructure filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{eec5ad98-8080-425f-922a-dabf3de3f69a}] : (WPD) [] -> @%SystemRoot%\System32\wpd_ci.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f2e7dd72-6468-4e36-b6f1-6488f42c1b52}] : (Firmware) [] -> @c_firmware.inf,%ClassDesc%;Firmware [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f3586baf-b5aa-49b5-8d6c-0569284c639f}] : (Compression) [] -> @c_fscompression.inf,%ClassDesc%;FS Compression filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f75a86c0-10d8-4c3a-b233-ed60e4cdfaac}] : (Virtualization) [] -> @c_fsvirtualization.inf,%ClassDesc%;FS Virtualization filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f8ecafa6-66d1-41a5-899b-66585d7216b7}] : (OpenFileBackup) [] -> @c_fsopenfilebackup.inf,%ClassDesc%;FS Open file backup filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{fe8f1572-c67a-48c0-bbac-0b5c6d66cafb}] : (Undelete) [] -> @c_fsundelete.inf,%ClassDesc%;FS Undelete filters [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5] -> elstrans.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) ---------- | Loaded modules (whitelist) [23/08/2017 11:23:25] - (0.0.0.0) - ( -) - C:\WINDOWS\system32\drivers\mbae64.sys [08/05/2017 02:37:36] - (22.21.13.8165) - (NVIDIA Corporation - NVIDIA Windows Kernel Mode Driver, Version 381.65) - C:\WINDOWS\System32\DriverStore\FileRepository\nvhdc.inf_amd64_2112cfa205ccb4cd\nvlddmkm.sys [06/04/2017 09:40:55] - (1.2.40.0) - (NVIDIA Corporation - NVIDIA Virtual Audio Driver) - C:\WINDOWS\system32\drivers\nvvad64v.sys [01/08/2017 16:04:40] - (3.4.0.0) - (Disc Soft Ltd - DAEMON Tools Lite Virtual USB Bus Driver) - C:\WINDOWS\System32\drivers\dtliteusbbus.sys [01/08/2017 16:03:59] - (5.28.0.0) - (Disc Soft Ltd - DAEMON Tools Lite Virtual SCSI Bus Driver) - C:\WINDOWS\System32\drivers\dtlitescsibus.sys [11/07/2017 13:40:13] - (4.14.0.6432) - (Eugene V. Muzychenko - Kernel-mode WDM driver) - C:\WINDOWS\system32\DRIVERS\vrtaucbl.sys [17/01/2017 05:52:50] - (1.3.34.26) - (NVIDIA Corporation - NVIDIA HDMI Audio Driver) - C:\WINDOWS\system32\drivers\nvhda64v.sys [06/04/2017 09:44:40] - (10.0.14393.31228) - (Realsil Semiconductor Corporation - RTS USB READER Driver) - C:\WINDOWS\system32\Drivers\RtsUer.sys ---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service S0 - [Kernel Driver] - 3ware () -> System32\drivers\3ware.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - ACPI (@acpi.inf,%ACPI.SvcDesc%;Microsoft ACPI Driver) -> System32\drivers\ACPI.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - acpiex (Microsoft ACPIEx Driver) -> System32\Drivers\acpiex.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - ADP80XX () -> System32\drivers\ADP80XX.SYS - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdsata () -> System32\drivers\amdsata.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdsbs () -> System32\drivers\amdsbs.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdxata () -> System32\drivers\amdxata.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - arcsas (@arcsas.inf,%arcsas_ServiceName%;Adaptec SAS/SATA-II RAID Storport's Miniport Driver) -> System32\drivers\arcsas.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - atapi (@mshdc.inf,%idechannel.DeviceDesc%;IDE Channel) -> System32\drivers\atapi.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - b06bdrv (@netbvbda.inf,%vbd_srv_desc%;QLogic Network Adapter VBD) -> System32\drivers\bxvbda.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - CLFS (@%SystemRoot%\system32\drivers\clfs.sys,-100) -> System32\drivers\CLFS.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - CNG () -> System32\Drivers\cng.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - Disk (@disk.inf,%disk_ServiceDesc%;Disk Driver) -> System32\drivers\disk.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - ebdrv (@netevbda.inf,%vbd_srv_desc%;QLogic 10 Gigabit Ethernet Adapter VBD) -> System32\drivers\evbda.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - EhStorClass (@%SystemRoot%\system32\drivers\EhStorClass.sys,-100) -> System32\drivers\EhStorClass.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - EhStorTcgDrv (@ehstortcgdrv.inf,%EhStorTcgDrv.Desc%;Microsoft driver for storage devices supporting IEEE 1667 and TCG protocols) -> System32\drivers\EhStorTcgDrv.sys - AcceptPause: False - AcceptStop: False R0 - [File System Driver] - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) -> System32\drivers\fileinfo.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) -> system32\drivers\fltmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) -> System32\DRIVERS\fvevol.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - HpSAMD () -> System32\drivers\HpSAMD.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) -> System32\drivers\hwpolicy.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - iaStorA () -> System32\drivers\iaStorA.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - iaStorAV (@iastorav.inf,%iaStorAV.DeviceDesc%;Intel(R) SATA RAID Controller Windows) -> System32\drivers\iaStorAV.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - iaStorV (@iastorv.inf,%*PNP0600.DeviceDesc%;Intel RAID Controller Windows 7) -> System32\drivers\iaStorV.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - intelide () -> System32\drivers\intelide.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - intelpep (@intelpep.inf,%INTELPEP.SVCDESC%;Intel(R) Power Engine Plug-in Driver) -> System32\drivers\intelpep.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - iorate (@%SystemRoot%\system32\drivers\iorate.sys,-101) -> system32\drivers\iorate.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - isapnp () -> System32\drivers\isapnp.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - KSecDD () -> System32\Drivers\ksecdd.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - KSecPkg () -> System32\Drivers\ksecpkg.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - LSI_SAS () -> System32\drivers\lsi_sas.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SAS2i () -> System32\drivers\lsi_sas2i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SAS3i () -> System32\drivers\lsi_sas3i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SSS () -> System32\drivers\lsi_sss.sys - AcceptPause: False - AcceptStop: False R0 - [File System Driver] - MBAMSwissArmy (MBAMSwissArmy) -> system32\drivers\MBAMSwissArmy.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - megasas () -> System32\drivers\megasas.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasas2i () -> System32\drivers\MegaSas2i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasr () -> System32\drivers\megasr.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) -> System32\drivers\mountmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - msisadrv () -> System32\drivers\msisadrv.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - Mup (@%systemroot%\system32\drivers\mup.sys,-101) -> System32\Drivers\mup.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - mvumis () -> System32\drivers\mvumis.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) -> system32\drivers\ndis.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - nvraid () -> System32\drivers\nvraid.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - nvstor () -> System32\drivers\nvstor.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) -> System32\drivers\partmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - pci (@pci.inf,%pci_svcdesc%;Pilote de bus PCI) -> System32\drivers\pci.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - pciide () -> System32\drivers\pciide.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - pcmcia () -> System32\drivers\pcmcia.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - pcw (Performance Counters for Windows Driver) -> System32\drivers\pcw.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - pdc (@%SystemRoot%\system32\drivers\pdc.sys,-100) -> system32\drivers\pdc.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - percsas2i () -> System32\drivers\percsas2i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - percsas3i () -> System32\drivers\percsas3i.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - rdyboost (ReadyBoost) -> System32\drivers\rdyboost.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - sbp2port (@sbp2.inf,%sbp2_ServiceDesc%;SBP-2 Transport/Protocol Bus Driver) -> System32\drivers\sbp2port.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - scmbus (@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver) -> System32\drivers\scmbus.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - SiSRaid2 () -> System32\drivers\SiSRaid2.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - SiSRaid4 () -> System32\drivers\sisraid4.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - spaceport (@spaceport.inf,%Spaceport_ServiceDesc%;Storage Spaces Driver) -> System32\drivers\spaceport.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - stexstor () -> System32\drivers\stexstor.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storahci (@mshdc.inf,%storahci_ServiceDescription%;Microsoft Standard SATA AHCI Driver) -> System32\drivers\storahci.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storflt (@wstorflt.inf,%service_desc%;Microsoft Hyper-V Storage Accelerator) -> System32\drivers\vmstorfl.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - stornvme (@stornvme.inf,%StorNVMe_ServiceDesc%;Microsoft Standard NVM Express Driver) -> System32\drivers\stornvme.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storufs (@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver) -> System32\drivers\storufs.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storvsc () -> System32\drivers\storvsc.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - Tcpip (@%SystemRoot%\system32\drivers\tcpip.sys,-10001) -> System32\drivers\tcpip.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - vdrvroot (@vdrvroot.inf,%vdrvroot_svcdesc%;Microsoft Virtual Drive Enumerator) -> System32\drivers\vdrvroot.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - vmbus (@wvmbus.inf,%vmbus.SVCDESC%;Virtual Machine Bus) -> System32\drivers\vmbus.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - volmgr (@volmgr.inf,%volmgr_svcdesc%;Volume Manager Driver) -> System32\drivers\volmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) -> System32\drivers\volmgrx.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volsnap (@%SystemRoot%\system32\drivers\volsnap.sys,-100) -> System32\drivers\volsnap.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volume (@volume.inf,%VolumeServiceDesc%;Volume driver) -> System32\drivers\volume.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - vsmraid () -> System32\drivers\vsmraid.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - VSTXRAID (@vstxraid.inf,%Driver.DeviceDesc%;VIA StorX Storage RAID Controller Windows Driver) -> System32\drivers\vstxraid.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) -> system32\drivers\Wdf01000.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WFPLWFS (@%SystemRoot%\System32\drivers\wfplwfs.sys,-6000) -> System32\drivers\wfplwfs.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WindowsTrustedRT (Windows Trusted Execution Environment Class Extension) -> system32\drivers\WindowsTrustedRT.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WindowsTrustedRTProxy (@WindowsTrustedRTProxy.inf,%WindowsTrustedRTProxy.SVCDESC%;Microsoft Windows Trusted Runtime Secure Service) -> System32\drivers\WindowsTrustedRTProxy.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - Wof (Windows Overlay File System Filter Driver) -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) -> \SystemRoot\system32\drivers\afd.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - ahcache (@%systemroot%\system32\drivers\ahcache.sys,-102) -> system32\DRIVERS\ahcache.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - BasicDisplay () -> \SystemRoot\System32\drivers\BasicDisplay.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - BasicRender () -> \SystemRoot\System32\drivers\BasicRender.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Beep (Beep) -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - cdrom (@cdrom.inf,%cdrom_ServiceDesc%;CD-ROM Driver) -> \SystemRoot\System32\drivers\cdrom.sys - AcceptPause: False - AcceptStop: True S1 - [Kernel Driver] - dam (@%SystemRoot%\system32\drivers\dam.sys,-100) -> system32\drivers\dam.sys - AcceptPause: False - AcceptStop: False R1 - [File System Driver] - Dfsc (@%systemroot%\system32\wkssvc.dll,-1008) -> System32\Drivers\dfsc.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - ESProtectionDriver (Malwarebytes Anti-Exploit) -> \??\C:\WINDOWS\system32\drivers\mbae64.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - FileCrypt (@%systemroot%\system32\drivers\filecrypt.sys,-100) -> system32\drivers\filecrypt.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - GpuEnergyDrv (@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100) -> System32\drivers\gpuenergydrv.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - Msfs () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - mssmbios (@mssmbios.inf,%mssmbios_svcdesc%;Microsoft System Management BIOS Driver) -> \SystemRoot\System32\drivers\mssmbios.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - NetBIOS (@%windir%\system32\drivers\netbios.sys,-503) -> system32\drivers\netbios.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - NetBT (@%SystemRoot%\system32\drivers\netbt.sys,-2) -> System32\DRIVERS\netbt.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - Npfs () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - npsvctrig (@npsvctrig.inf,%NPSVCTRIG.SvcDisplayName%;Named pipe service trigger provider) -> \SystemRoot\System32\drivers\npsvctrig.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) -> system32\drivers\nsiproxy.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Null () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Psched (@%windir%\System32\drivers\pacer.sys,-101) -> System32\drivers\pacer.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) -> system32\DRIVERS\rdbss.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) -> \SystemRoot\system32\DRIVERS\tdx.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - vwififlt (@%SystemRoot%\System32\drivers\vwififlt.sys,-259) -> System32\drivers\vwififlt.sys - AcceptPause: False - AcceptStop: True S2 - [File System Driver] - CldFlt (Windows Cloud Files Filter Driver) -> system32\drivers\cldflt.sys - AcceptPause: False - AcceptStop: False R2 - [Kernel Driver] - clreg (@%SystemRoot%\system32\drivers\registry.sys,-100) -> \SystemRoot\System32\drivers\registry.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - lltdio (@%SystemRoot%\system32\lltdres.dll,-6) -> system32\drivers\lltdio.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) -> \SystemRoot\system32\drivers\luafv.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - MBAMChameleon (MBAMChameleon) -> \SystemRoot\system32\drivers\MBAMChameleon.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - MMCSS (@%systemroot%\system32\drivers\mmcss.sys,-100) -> \SystemRoot\system32\drivers\mmcss.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - mrxsmb10 (@%systemroot%\system32\wkssvc.dll,-1004) -> system32\DRIVERS\mrxsmb10.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - MsLldp (@%SystemRoot%\system32\drivers\mslldp.sys,-200) -> system32\drivers\mslldp.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - Ndu (@%SystemRoot%\system32\drivers\Ndu.sys,-10001) -> system32\drivers\Ndu.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - PEAUTH (PEAUTH) -> system32\drivers\peauth.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - rspndr (@%SystemRoot%\system32\lltdres.dll,-5) -> system32\drivers\rspndr.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - srv (@%systemroot%\system32\srvsvc.dll,-102) -> System32\DRIVERS\srv.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - storqosflt (@%SystemRoot%\System32\drivers\storqosflt.sys,-101) -> system32\drivers\storqosflt.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - tcpipreg (TCP/IP Registry Compatibility) -> System32\drivers\tcpipreg.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - wanarp (@%systemroot%\system32\mprmsg.dll,-32011) -> System32\DRIVERS\wanarp.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - wcifs (@%systemroot%\system32\drivers\wcifs.sys,-100) -> \SystemRoot\system32\drivers\wcifs.sys - AcceptPause: False - AcceptStop: True ---------- | System files (Microsoft|Avast|Atheros|Adaptec|Brother|Intel Files whitelisted) ---------- | Uninstall [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\8a32ca80fc8b1f22] : (Fleex player.-.fleex SAS) -> rundll32.exe dfshim.dll,ShArpMaintain Fleex player.application, Culture=neutral, PublicKeyToken=59124c5ecf58553d, processorArchitecture=msil [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Amazon Kindle] : (Amazon Kindle.-.Amazon) -> C:\Users\camil\AppData\Local\Amazon\Kindle\application\uninstall.exe [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\CodeBlocks] : (CodeBlocks.-.The Code::Blocks Team) -> C:\Program Files (x86)\CodeBlocks\uninstall.exe [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\PhotoFiltre 7] : (PhotoFiltre 7.-.) -> "C:\Program Files (x86)\PhotoFiltre 7\Uninst.exe" [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Spotify] : (Spotify.-.Spotify AB) -> "C:\Users\camil\AppData\Roaming\Spotify\Spotify.exe" /uninstall [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\uTorrent] : (µTorrent.-.BitTorrent Inc.) -> "%APPDATA%\uTorrent\uTorrent.exe" /UNINSTALL [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{55a5b68e-f627-45d0-b580-67e10fc69d51}] : (Qt.-.The Qt Company Ltd) -> C:\Qt\MaintenanceTool.exe [HKU\S-1-5-21-1936536703-1594352767-2527930774-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{b94f45d6-8461-440c-aa4d-bf197b2c2499}] : (Python 3.5.3 (64-bit).-.Python Software Foundation) -> "C:\Users\camil\AppData\Local\Package Cache\{b94f45d6-8461-440c-aa4d-bf197b2c2499}\python-3.5.3-amd64.exe" /modify [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\7-Zip] : (7-Zip 17.00 beta (x64).-.Igor Pavlov) -> C:\Program Files\7-Zip\Uninstall.exe [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Clavier+_is1] : (Clavier+ 10.7.1.-.Guillaume Ryder) -> "C:\Users\camil\AppData\Local\Clavier+\unins000.exe" ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DAEMON Tools Lite] : (DAEMON Tools Lite.-.Disc Soft Ltd) -> C:\Program Files\DAEMON Tools Lite\uninst.exe [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\HP Imaging Device Functions] : (HP Imaging Device Functions 14.0.-.HP) -> C:\Program Files (x86)\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\HP Solution Center & Imaging Support Tools] : (HP Solution Center 14.0.-.HP) -> C:\Program Files (x86)\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat -forcereboot [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\HPExtendedCapabilities] : (HP Customer Participation Program 14.0.-.HP) -> C:\Program Files (x86)\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat -forcereboot [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\HP_Documentation] : (HP Documentation.-.HP Inc.) -> CMD /C "C:\Program Files\HP\Documentation\Doc_Uninstall.cmd" [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MozillaMaintenanceService] : (Mozilla Maintenance Service.-.Mozilla) -> "C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe" [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\nbi-glassfish-mod-4.1.1.0.1] : (GlassFish Server Open Source Edition 4.1.1.-.) -> "C:\Program Files\glassfish-4.1.1\uninstall.exe" [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\nbi-nb-base-8.2.0.0.201610071157] : (NetBeans IDE 8.2.-.NetBeans.org) -> "C:\Program Files\NetBeans 8.2\uninstall.exe" [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Notepad++] : (Notepad++ (64-bit x64).-.Notepad++ Team) -> C:\Program Files\Notepad++\uninstall.exe [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\PyQt GPL v5.6 for Python v3.5 (x64)] : (PyQt GPL v5.6 for Python v3.5 (x64).-.) -> "C:\Users\camil\AppData\Local\Programs\Python\Python35\Lib\site-packages\PyQt5\Uninstall.exe" [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\RapidTyping5] : (RapidTyping 5.-.RapidTyping Software) -> C:\Program Files\RapidTyping 5\Uninstall.exe [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Shop for HP Supplies] : (Shop for HP Supplies.-.HP) -> C:\Program Files (x86)\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 12910] : (Audiosurf Demo.-.Dylan Fitterer) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/12910 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 200260] : (Batman: Arkham City GOTY.-.Rocksteady Studios) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/200260 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 210470] : (Sniper Elite V2 Demo.-.Rebellion) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/210470 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 210970] : (The Witness.-.Thekla, Inc.) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/210970 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 22000] : (World of Goo.-.2D BOY) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/22000 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 221640] : (Super Hexagon.-.Terry Cavanagh) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/221640 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 227300] : (Euro Truck Simulator 2.-.SCS Software) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/227300 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 238320] : (Outlast.-.Red Barrels) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/238320 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 241930] : (Middle-earth™: Shadow of Mordor™.-.Monolith Productions, Inc.) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/241930 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 251630] : (The Impossible Game.-.Grip Games) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/251630 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 257510] : (The Talos Principle.-.Croteam) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/257510 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 265890] : (Hexcells.-.Matthew Brown) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/265890 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 266010] : (LYNE.-.Thomas Bowker) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/266010 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 271900] : (Hexcells Plus.-.Matthew Brown) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/271900 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 272040] : (KAMI.-.State of Play Games) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/272040 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 280740] : (Aperture Tag: The Paint Gun Testing Initiative.-.Aperture Tag Team) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/280740 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 280790] : (Creativerse.-.Playful Corporation) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/280790 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 286080] : (Thinking with Time Machine.-.Stridemann) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/286080 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 300300] : (Ichi.-.Stolen Couch Games) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/300300 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 300400] : (Unpossible.-.Acceleroto, Inc.) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/300400 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 302610] : (Boson X.-.Ian MacLarty) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/302610 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 304410] : (Hexcells Infinite.-.Matthew Brown) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/304410 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 304570] : (Qbeh-1: The Atlas Cube Demo.-.Liquid Flower) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/304570 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 315430] : (Polarity.-.Bluebutton Games) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/315430 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 317400] : (Portal Stories: Mel.-.Prism Studios) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/317400 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 317790] : (Rexaura.-.Benjamin Bryant) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/317790 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 319630] : (Life is Strange™.-.DONTNOD Entertainment) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/319630 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 321480] : (Sigils of Elohim.-.Croteam) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/321480 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 322170] : (Geometry Dash.-.RobTop Games) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/322170 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 351030] : (Pixel Puzzles Ultimate.-.Decaying Logic) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/351030 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 35150] : (Lara Croft and the Guardian of Light Demo.-.Crystal Dynamics) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/35150 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 357600] : (Unium.-.Kittehface Software) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/357600 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 365450] : (Hacknet.-.Team Fractal Alligator) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/365450 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 367450] : (Poly Bridge.-.Dry Cactus) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/367450 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 367580] : (Hook.-.Maciej Targoni) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/367580 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 370150] : (LOOP: A Tranquil Puzzle Game.-.John Cullen) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/370150 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 370920] : (Cosmophony.-.Bento-Studio) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/370920 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 371500] : (Grey Cubes.-.Deion Mobile) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/371500 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 372580] : (Lemma Demo.-.Evan Todd) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/372580 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 384050] : (Chime Sharp Demo.-.Twistplay) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/384050 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 387290] : (Ori and the Blind Forest: Definitive Edition.-.Moon Studios GmbH) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/387290 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 38730] : (RUSH Demo.-.Two Tribes) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/38730 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 38740] : (EDGE.-.Two Tribes) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/38740 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 392020] : (RFLEX.-.Wesley LaFerriere) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/392020 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 400] : (Portal.-.Valve) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/400 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 401220] : (Paint it Back Demo.-.Casual Labs) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/401220 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 40310] : (Risen - Demo.-.Piranha – Bytes) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/40310 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 406150] : (Refunct.-.Dominique Grieshofer) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/406150 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 40800] : (Super Meat Boy.-.Team Meat) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/40800 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 416770] : (SquareCells.-.Matthew Brown) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/416770 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 41700] : (S.T.A.L.K.E.R.: Call of Pripyat.-.GSC Game World) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/41700 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 428900] : (Linea, the Game.-.KHB-Soft) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/428900 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 434640] : (Mu Complex Demo.-.studiocime) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/434640 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 4500] : (S.T.A.L.K.E.R.: Shadow of Chernobyl.-.GSC Game World) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/4500 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 454190] : (Cubicolor.-.Moltenplay) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/454190 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 461840] : (Zenge.-.Michal Pawlowski) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/461840 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 463080] : (Momentum Demo.-.Projectile Entertainment) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/463080 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 463150] : (BARRIER X.-.Noclip) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/463150 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 467210] : (Evo Explores.-.Kyrylo Kuzyk) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/467210 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 469790] : (Linelight.-.My Dog Zorro) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/469790 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 476460] : (Picross Touch.-.Jon Gallant) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/476460 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 48000] : (LIMBO.-.Playdead) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/48000 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 487380] : (Tetradecagon.-.Geojitsu) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/487380 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 499440] : (klocki.-.Maciej Targoni) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/499440 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 506900] : (Downward.-.Caracal Games) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/506900 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 515880] : (001 Game Creator Demo.-.SoftWeir Inc.) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/515880 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 527740] : (YANKAI'S TRIANGLE.-.Kenny Sun) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/527740 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 530210] : (INSIDE Demo.-.Playdead) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/530210 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 530330] : (Blameless.-.Vaclav Hudec) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/530330 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 545690] : (VOI.-.Yunus Ayyildiz) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/545690 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 568320] : (Pictopix.-.Tomlab Games) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/568320 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 581200] : (Nash Racing.-.Tero Lunkka) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/581200 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 583490] : (InfiniPicross.-.ReverseImpact) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/583490 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 596060] : (Dishonored 2 Demo.-.Arkane Studios) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/596060 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 620] : (Portal 2.-.Valve) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/620 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 627610] : (Get To The Orange Door Demo.-.Andrew Smith) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/627610 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 630880] : (Styx: Shards of Darkness Demo.-.Cyanide Studio) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/630880 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 632000] : (CrossCells.-.Matthew Brown) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/632000 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 654900] : (qop.-.Quiet River) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/654900 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 661430] : (Line Way.-.Xiaoma) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/661430 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 677720] : (Tangrams Deluxe.-.Cake Collective Games) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/677720 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 8980] : (Borderlands.-.Gearbox Software) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/8980 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 92810] : (SpaceChem - Demo.-.Zachtronics) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/92810 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Virtual Audio Cable 4.14] : (Virtual Audio Cable 4.14.-.) -> C:\Program Files\Virtual Audio Cable\setup64.exe -u [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\VulkanRT1.0.42.1] : (Vulkan Run Time Libraries 1.0.42.1.-.LunarG, Inc.) -> C:\Program Files (x86)\VulkanRT\1.0.42.1\UninstallVulkanRT.exe [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{0EAF0D8F-C9CF-4350-BD9A-07EC66929E04}] : (Python 3.5.3 Standard Library (64-bit).-.Python Software Foundation) -> MsiExec.exe /I{0EAF0D8F-C9CF-4350-BD9A-07EC66929E04} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{1CEAC85D-2590-4760-800F-8DE5E91F3700}] : (Intel(R) Management Engine Components.-.Intel Corporation) -> "C:\ProgramData\Intel\Package Cache\{1CEAC85D-2590-4760-800F-8DE5E91F3700}\Setup.exe" -uninstall ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{29BFCE2E-AB24-41B6-92CB-E3B10339B02A}] : (Python 3.5.3 Executables (64-bit).-.Python Software Foundation) -> MsiExec.exe /I{29BFCE2E-AB24-41B6-92CB-E3B10339B02A} ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{2CB12285-90BF-469F-B973-34495ABAF048}] : (HP ePrint SW.-.HP Inc.) -> MsiExec.exe /I{2CB12285-90BF-469F-B973-34495ABAF048} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{2D7ED2A0-9553-412B-939F-D6E0AEB2ABE1}] : (ISO Recorder.-.Alex Feinman) -> MsiExec.exe /I{2D7ED2A0-9553-412B-939F-D6E0AEB2ABE1} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1] : (Malwarebytes version 3.1.2.1733.-.Malwarebytes) -> "C:\Users\camil\Desktop\Anti-Malware\unins000.exe" [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{409CB30E-E457-4008-9B1A-ED1B9EA21140}] : (Intel(R) Rapid Storage Technology.-.Intel Corporation) -> "C:\ProgramData\Intel\Package Cache\{409CB30E-E457-4008-9B1A-ED1B9EA21140}\Setup.exe" -uninstall ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{41949626-B6BA-4F14-9CF3-5A3528B51837}] : (Python 3.5.3 Core Interpreter (64-bit).-.Python Software Foundation) -> MsiExec.exe /I{41949626-B6BA-4F14-9CF3-5A3528B51837} ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{46676312-5DB3-4732-8672-C03C9A35F7DB}] : (Python 3.5.3 Documentation (64-bit).-.Python Software Foundation) -> MsiExec.exe /I{46676312-5DB3-4732-8672-C03C9A35F7DB} ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{5C690381-6AF5-4374-B50C-02F0390E9980}] : (HP ePrint SW.-.HP Inc.) -> MsiExec.exe /I{5C690381-6AF5-4374-B50C-02F0390E9980} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}] : (Energy Star.-.HP Inc.) -> MsiExec.exe /I{5CB22648-35F8-41BC-9C35-1E41FE6E12A5} ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{5d9a6838-4d82-475e-8910-14035eed71fa}] : (Intel(R) PRO/Wireless Driver.-.Intel Corporation) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{64A3A4F4-B792-11D6-A78A-00B0D0180131}] : (Java SE Development Kit 8 Update 131 (64-bit).-.Oracle Corporation) -> MsiExec.exe /X{64A3A4F4-B792-11D6-A78A-00B0D0180131} ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{6574B7E5-BC77-4EE6-8319-C18FD8B0C960}] : (Intel(R) Management Engine Components.-.Intel Corporation) -> MsiExec.exe /I{6574B7E5-BC77-4EE6-8319-C18FD8B0C960} ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}] : (Network64.-.Hewlett-Packard) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{6CAEAB4F-2B43-485A-B7F9-AFC2D88BD7A3}] : (Microsoft VC++ redistributables repacked..-.Intel Corporation) -> MsiExec.exe /I{6CAEAB4F-2B43-485A-B7F9-AFC2D88BD7A3} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}] : (Bonjour.-.Apple Inc.) -> MsiExec.exe /X{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D} ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{72F2DDCB-1B74-4D9E-A49C-9FDB3B602218}] : (Python 3.5.3 pip Bootstrap (64-bit).-.Python Software Foundation) -> MsiExec.exe /I{72F2DDCB-1B74-4D9E-A49C-9FDB3B602218} ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{75FE588B-F158-4BB3-A283-A8D18E522A52}] : (Intel® Trusted Connect Service Client.-.Intel Corporation) -> MsiExec.exe /I{75FE588B-F158-4BB3-A283-A8D18E522A52} ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{81520FC5-3518-40E9-9803-70CE8A801D07}] : (Intel(R) Chipset Device Software.-.Intel Corporation) -> MsiExec.exe /I{81520FC5-3518-40E9-9803-70CE8A801D07} ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{AC4709F9-831D-4EDD-B8E8-83AC7C563B66}] : (Intel(R) Management Engine Components.-.Intel Corporation) -> MsiExec.exe /I{AC4709F9-831D-4EDD-B8E8-83AC7C563B66} ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel] : (Ansel.-.NVIDIA Corporation) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision] : (NVIDIA Pilote 3D Vision 381.65.-.NVIDIA Corporation) -> "C:\WINDOWS\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.3DVision ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel] : (Panneau de configuration NVIDIA 381.65.-.NVIDIA Corporation) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver] : (NVIDIA Pilote graphique 381.65.-.NVIDIA Corporation) -> "C:\WINDOWS\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.Driver [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience] : (NVIDIA GeForce Experience 2.11.4.0.-.NVIDIA Corporation) -> "C:\windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.GFExperience [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX] : (NVIDIA Logiciel système PhysX 9.16.0318.-.NVIDIA Corporation) -> "C:\windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.PhysX ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update] : (Mises à jour NVIDIA 2.11.4.0.-.NVIDIA Corporation) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer] : (NVIDIA LED Visualizer 1.0.-.NVIDIA Corporation) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv] : (SHIELD Streaming.-.NVIDIA Corporation) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GfExperienceService] : (NVIDIA GeForce Experience Service.-.NVIDIA Corporation) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver] : (NVIDIA Pilote audio HD : 1.3.34.26.-.NVIDIA Corporation) -> "C:\WINDOWS\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage HDAudio.Driver ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer] : (NVIDIA Install Application.-.NVIDIA Corporation) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service] : (NVIDIA Network Service.-.NVIDIA Corporation) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainer] : (NVIDIA Display Container.-.NVIDIA Corporation) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainerLS] : (NVIDIA Display Container LS.-.NVIDIA Corporation) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayPluginWatchdog] : (NVIDIA Display Watchdog Plugin.-.NVIDIA Corporation) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplaySessionContainer] : (NVIDIA Display Session Container.-.NVIDIA Corporation) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay] : (NVIDIA ShadowPlay 2.11.4.0.-.NVIDIA Corporation) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController] : (SHIELD Wireless Controller Driver.-.NVIDIA Corporation) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core] : (NVIDIA Update Core.-.NVIDIA Corporation) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver] : (NVIDIA Virtual Audio 1.2.40.-.NVIDIA Corporation) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{BEDB2A67-763D-496E-ACE1-CEAEE3A11ABE}] : (Intel(R) Ready Mode Technology.-.Intel Corporation) -> MsiExec.exe /X{BEDB2A67-763D-496E-ACE1-CEAEE3A11ABE} ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{CD9C1FBA-6708-4FCC-91C8-BBE247C70C11}] : (Python 3.5.3 Development Libraries (64-bit).-.Python Software Foundation) -> MsiExec.exe /I{CD9C1FBA-6708-4FCC-91C8-BBE247C70C11} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{D1E8F2D7-7794-4245-B286-87ED86C1893C}] : (HP Registration Service.-.HP Inc.) -> MsiExec.exe /X{D1E8F2D7-7794-4245-B286-87ED86C1893C} ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{D711D91A-127D-4A11-BA83-634868AD8016}] : (HP ePrint SW.-.HP Inc.) -> MsiExec.exe /I{D711D91A-127D-4A11-BA83-634868AD8016} ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{D831294A-813F-44DF-A3FB-E7EE64F04BD5}] : (Python 3.5.3 Tcl/Tk Support (64-bit).-.Python Software Foundation) -> MsiExec.exe /I{D831294A-813F-44DF-A3FB-E7EE64F04BD5} ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{EA274518-738D-4A48-A1CB-596173D4C6A2}] : (HP ePrint SW.-.HP Inc.) -> MsiExec.exe /I{EA274518-738D-4A48-A1CB-596173D4C6A2} ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{EBE12EC7-60DF-41C2-AAC8-0B2586F15C96}] : (Intel(R) Rapid Storage Technology.-.Intel Corporation) -> MsiExec.exe /I{EBE12EC7-60DF-41C2-AAC8-0B2586F15C96} ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{EEDE1070-5CA8-4CED-9DD3-947A3EB482EB}] : (Python 3.5.3 Utility Scripts (64-bit).-.Python Software Foundation) -> MsiExec.exe /I{EEDE1070-5CA8-4CED-9DD3-947A3EB482EB} ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{F051AEB1-7D5E-4833-81ED-FF3690D68E50}] : (Python 3.5.3 Test Suite (64-bit).-.Python Software Foundation) -> MsiExec.exe /I{F051AEB1-7D5E-4833-81ED-FF3690D68E50} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{FD126052-310E-4364-937B-6B5564F24578}] : (HP Deskjet F4500 All-in-One Driver Software 14.0 Rel. 6.-.HP) -> C:\Program Files (x86)\HP\Digital Imaging\{FD126052-310E-4364-937B-6B5564F24578}\setup\hpzscr40.exe -datfile hposcr46.dat -onestop -forcereboot ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}] : (64 Bit HP CIO Components Installer.-.Hewlett-Packard) -> MsiExec.exe /I{FF21C3E6-97FD-474F-9518-8DCBE94C2854} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\1846445578_is1] : (Aragami.-.GOG.com) -> "C:\Games\Aragami\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\4K Video Downloader_is1] : (4K Video Downloader 4.2.-.Open Media LLC) -> "C:\Program Files (x86)\4KDownload\4kvideodownloader\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Adobe Flash Player NPAPI] : (Adobe Flash Player 26 NPAPI.-.Adobe Systems Incorporated) -> C:\windows\SysWoW64\Macromed\Flash\FlashUtil32_26_0_0_131_Plugin.exe -maintain plugin [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Audacity_is1] : (Audacity 2.1.0.-.Audacity Team) -> "C:\Program Files (x86)\Audacity\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Battlefield 1_is1] : (Battlefield 1.-.) -> "C:\Games\Battlefield 1\unins000.exe" ##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DeskPins] : (DeskPins (remove only).-.) -> "C:\Program Files (x86)\DeskPins\uninstall.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Far Cry: Primal_is1] : (Far Cry: Primal.-.) -> "C:\Games\Far Cry - Primal\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Google Chrome] : (Google Chrome.-.Google Inc.) -> "C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.101\Installer\setup.exe" --uninstall --system-level --verbose-logging [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield Uninstall Information] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Mozilla Firefox 54.0.1 (x86 fr)] : (Mozilla Firefox 54.0.1 (x86 fr).-.Mozilla) -> "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> ##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\NVIDIAStereo] : (NVIDIA Stereoscopic 3D Driver.-.NVIDIA Corporation) -> "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInst.exe" /uninstall /ask [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\OBS Studio] : (OBS Studio.-.OBS Project) -> C:\Program Files (x86)\obs-studio\uninstall.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\OpenAL] : (OpenAL.-.) -> "C:\Program Files (x86)\OpenAL\oalinst.exe" /U [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\PONGSimulation97] : (DJ OldGames Package: PONG Simulation.-.DJ) -> C:\Program Files (x86)\Oldgames\Pong\Uninst.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Steam] : (Steam.-.Valve Corporation) -> C:\Program Files (x86)\Steam\uninstall.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\The GodFather] : (The GodFather.-.) -> "C:\Program Files (x86)\The GodFather\Uninstall.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Unity] : (Unity.-.Unity Technologies ApS) -> C:\Program Files\Unity\Editor\Uninstall.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Usbfix] : (UsbFix.-.www.SOSVirus.Net) -> C:\UsbFix\Un-UsbFix.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\VLC media player] : (VLC media player.-.VideoLAN) -> C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{025C1573-2F1D-46AF-BAB8-594EBF56A889}] : (HP System Event Utility.-.HP Inc.) -> MsiExec.exe /I{025C1573-2F1D-46AF-BAB8-594EBF56A889} ##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{03ED1397-7E72-4F6E-A0F0-2994A0A13421}] : (HP ePrint SW.-.HP Inc.) -> MsiExec.exe /I{03ED1397-7E72-4F6E-A0F0-2994A0A13421} ##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{06A1D88C-E102-4527-AF70-29FFD7AF215A}] : (Scan.-.Hewlett-Packard) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{0867A88D-764F-366E-9E21-130DA8B472C3}] : (Dropbox 25 GB.-.Dropbox, Inc.) -> MsiExec.exe /I{0867A88D-764F-366E-9E21-130DA8B472C3} ##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{099218A5-A723-43DC-8DB5-6173656A1E94}] : (Dropbox Update Helper.-.Dropbox, Inc.) -> MsiExec.exe /I{099218A5-A723-43DC-8DB5-6173656A1E94} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{0C5D69BD-B518-46DB-8471-506CD27F9478}] : (HP Audio Switch.-.HP Inc.) -> MsiExec.exe /I{0C5D69BD-B518-46DB-8471-506CD27F9478} ##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}] : (DeviceDiscovery.-.Hewlett-Packard) -> ##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}] : (HPProductAssistant.-.Hewlett-Packard) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{185db067-38cd-4521-a43e-c39b96ee1389}] : (Logiciel Intel® PROSet/Wireless.-.Intel Corporation) -> "C:\ProgramData\Package Cache\{185db067-38cd-4521-a43e-c39b96ee1389}\Setup.exe" /uninstall ##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1AB26641-D555-4648-B08B-676F707A0B1B}] : (Microsoft VC++ redistributables repacked..-.Intel Corporation) -> MsiExec.exe /I{1AB26641-D555-4648-B08B-676F707A0B1B} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F32180141F0}] : (Java 8 Update 141.-.Oracle Corporation) -> MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F32180141F0} ##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{292F0F52-B62D-4E71-921B-89A682402201}] : (Toolbox.-.Hewlett-Packard) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{30514137-FB26-4E1A-A3B4-5B48680F3ECE}] : (HP Support Assistant.-.HP Inc.) -> "C:\Program Files (x86)\InstallShield Installation Information\{30514137-FB26-4E1A-A3B4-5B48680F3ECE}\setup.exe" -runfromtemp -l0x0409 -removeonly [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}] : (CyberLink Power Media Player 14.-.CyberLink Corp.) -> C:\Program Files (x86)\NSIS Uninstall Information\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}\Setup.exe _?=C:\Program Files (x86)\NSIS Uninstall Information\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{3CC29C1A-B5FE-457B-8F22-32A2557A92C7}}_is1] : (Windows Movie Maker 2016.-.windows-movie-maker.org) -> "C:\Program Files (x86)\Windows Movie Maker\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{46F044A5-CE8B-4196-984E-5BD6525E361D}] : (Apple Application Support.-.Apple Inc.) -> MsiExec.exe /I{46F044A5-CE8B-4196-984E-5BD6525E361D} ##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}] : (Java Auto Updater.-.Oracle Corporation) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{56EC47AA-5813-4FF6-8E75-544026FBEA83}] : (Apple Software Update.-.Apple Inc.) -> MsiExec.exe /I{56EC47AA-5813-4FF6-8E75-544026FBEA83} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{582876EC-A178-44D4-9823-C10D6C62EAFF}] : (.-.) -> MsiExec /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B} ##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}] : (Status.-.Hewlett-Packard) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{5b1a1d22-bd59-44e0-a954-e2f18ec43a23}] : (HP ePrint SW.-.HP Inc.) -> "C:\ProgramData\Package Cache\{5b1a1d22-bd59-44e0-a954-e2f18ec43a23}\HPEPrintAppSetup.exe" /uninstall [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}] : (Realtek Card Reader.-.Realtek Semiconductor Corp.) -> C:\WINDOWS\RtCRU64.exe /u ##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}] : (Google Update Helper.-.Google Inc.) -> MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA} ##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{6326C5A9-0FC0-4FAF-B675-7333FE16DB57}] : (F4500.-.Hewlett-Packard) -> ##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{64228DFB-7450-49B7-935C-B97342CB6659}] : (HP Customer Experience Enhancements.-.HP Development Company, L.P.) -> MsiExec.exe /X{64228DFB-7450-49B7-935C-B97342CB6659} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{6468C4A5-E47E-405F-B675-A70A70983EA6}] : (HP Sure Connect.-.HP Inc.) -> "C:\Program Files (x86)\InstallShield Installation Information\{6468C4A5-E47E-405F-B675-A70A70983EA6}\setup.exe" -runfromtemp -l0x0409 -removeonly ##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{64BAA990-F1FC-4145-A7B1-E41FBBC9DA47}] : (HP Recovery Manager.-.HP) -> MsiExec.exe /I{64BAA990-F1FC-4145-A7B1-E41FBBC9DA47} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{6A127C16-0770-4BFA-B42D-E13963CB5637}] : (HP JumpStart Launch.-.HP Inc.) -> MsiExec.exe /I{6A127C16-0770-4BFA-B42D-E13963CB5637} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{6CB949F1-4495-48F6-A815-26F6CABA85D7}] : (Backup and Sync from Google.-.Google, Inc.) -> MsiExec.exe /X{6CB949F1-4495-48F6-A815-26F6CABA85D7} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{70E9A143-18EB-4FAB-B020-E3854B12202C}] : (LibreOffice 5.2.4.2.-.The Document Foundation) -> MsiExec.exe /I{70E9A143-18EB-4FAB-B020-E3854B12202C} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{7EA2D36F-925A-4C23-87E7-D6122E160EEC}] : (Python Launcher.-.Python Software Foundation) -> MsiExec.exe /X{7EA2D36F-925A-4C23-87E7-D6122E160EEC} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}] : (Realtek Ethernet Controller Driver.-.Realtek) -> C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -removeonly ##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{8AABFB1F-A5A9-48A6-A8EB-C5F819C89037}] : (DJ_AIO_06_F4500_SW_MIN.-.Hewlett-Packard) -> ##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{8EE94FD8-5F52-4463-A340-185D16328158}] : (WebReg.-.Hewlett-Packard) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}] : (HP Update.-.Hewlett-Packard) -> MsiExec.exe /X{912D30CF-F39E-4B31-AD9A-123C6B794EE2} ##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{924D3ABC-FC75-4042-9DDB-FB846A45848D}] : (HP PC Hardware Diagnostics UEFI.-.HP) -> ##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{9BE466FF-70B7-4DA8-807C-DB4C3610FDAA}] : (Copy.-.Hewlett-Packard) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A5A7C720-6DB2-4A22-A724-1B0924E23CF8}_is1] : (MS200 GAMING MOUSE version 1.2.-.GOST) -> "C:\Program Files (x86)\MS200 GAMING MOUSE\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A724DC44-6241-42D3-BA57-778B178ABC17}_is1] : (Adobe Photoshop CS6 version 13.0.1.-.Adobe Systems, Inc.) -> "C:\Program Files (x86)\Adobe Photoshop CS6\unins000.exe" ##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}] : (HPSSupply.-.Hewlett-Packard) -> ##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-0804-1033-1959-001824237067}] : (Adobe Refresh Manager.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-0804-1033-1959-001824237067} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-1033-FFFF-7760-000000000006}] : (Adobe Acrobat XI Pro.-.Adobe Systems) -> MsiExec.exe /I{AC76BA86-1033-FFFF-7760-000000000006} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}] : (Adobe Acrobat Reader DC - Français.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-AC0F074E4100} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{ADF476D4-563B-44DA-A509-BE24C90A5D4F}] : (HP Support Solutions Framework.-.HP Inc.) -> MsiExec.exe /X{ADF476D4-563B-44DA-A509-BE24C90A5D4F} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AFE5BCE5-46DD-4DFA-9DD9-00F42E15ABD9}] : (OMEN Control.-.HP) -> MsiExec.exe /I{AFE5BCE5-46DD-4DFA-9DD9-00F42E15ABD9} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{B038B503-A961-4C35-BDD4-6E8E00906E54}] : (Intel(R) Wireless Bluetooth(R).-.Intel Corporation) -> MsiExec.exe /I{B038B503-A961-4C35-BDD4-6E8E00906E54} ##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{B9ADB0F9-459B-4E6B-A021-0F38C73FC060}] : (HP ePrint SW.-.HP Inc.) -> MsiExec.exe /I{B9ADB0F9-459B-4E6B-A021-0F38C73FC060} ##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{bb0592a7-5772-4736-9d55-2402740085db}] : (Logiciel pour périphérique à chipset Intel®.-.Intel(R) Corporation) -> "C:\ProgramData\Package Cache\{bb0592a7-5772-4736-9d55-2402740085db}\SetupChipset.exe" /uninstall ##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{BB3447F6-9553-4AA9-960E-0DB5310C5779}] : (GPBaseService2.-.Hewlett-Packard) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{BC25B808-A11C-4C9F-9C0A-6682E47AAB83}] : (Gtk# for .Net 2.12.26.-.Xamarin, Inc.) -> MsiExec.exe /X{BC25B808-A11C-4C9F-9C0A-6682E47AAB83} ##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{BC5DD87B-0143-4D14-AAE6-97109614DC6B}] : (SolutionCenter.-.Hewlett-Packard) -> ##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}] : (Destinations.-.Hewlett-Packard) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}] : (NVIDIA PhysX.-.NVIDIA Corporation) -> MsiExec.exe /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B} ##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{CAE4213F-F797-439D-BD9E-79B71D115BE3}] : (HPPhotoGadget.-.Hewlett-Packard) -> ##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{CD31E63D-47FD-491C-8117-CF201D0AFAB5}] : (TrayApp.-.Hewlett-Packard) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{CFC1496E-C523-413B-84EC-52B2CB65B904}] : (Corona.-.Corona Labs Inc.) -> MsiExec.exe /I{CFC1496E-C523-413B-84EC-52B2CB65B904} ##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{D360FA88-17C8-4F14-B67F-13AAF9607B12}] : (MarketResearch.-.Hewlett-Packard) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{EB0912FF-C311-4E0F-A6B1-420FDD3C295E}] : (HP JumpStart Bridge.-.HP Inc.) -> MsiExec.exe /I{EB0912FF-C311-4E0F-A6B1-420FDD3C295E} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{EDD218D6-C5A2-4C88-88B0-7D0DA4B0B9F4}_is1] : (Rise Of The Tomb Raider 20 Years Celebration.-.Square Enix) -> "C:\Games\Rise of the Tomb Raider - 20 Years Celebration\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}] : (Realtek High Definition Audio Driver.-.Realtek Semiconductor Corp.) -> C:\Program Files\Realtek\Audio\HDA\RtlUpd64.exe -r -m -nrg2709 ##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{FA0FF682-CC70-4C57-93CD-E276F3E7537E}] : (BufferChm.-.Hewlett-Packard) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}] : (QuickTime 7.-.Apple Inc.) -> MsiExec.exe /I{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C} ---------- | Ports ---------- | Installer [HKCR\Installer\Products\00006109C80000000000000000F01FEC] : Office 16 Click-to-Run Extensibility Component [HKCR\Installer\Products\00006109C80090400000000000F01FEC] : Office 16 Click-to-Run Localization Component [HKCR\Installer\Products\00006109C800C0400000000000F01FEC] : Office 16 Click-to-Run Localization Component [HKCR\Installer\Products\00006109DD0000000100000000F01FEC] : Office 16 Click-to-Run Extensibility Component 64-bit Registration [HKCR\Installer\Products\00006109F80000000100000000F01FEC] : Office 16 Click-to-Run Licensing Component [HKCR\Installer\Products\003E8C234BDB8934292C9E7B8D2A33BD] : [HKCR\Installer\Products\06BD92401FECF81079D3BEE7DC86DB27] : Windows Team Extension SDK [HKCR\Installer\Products\06EE0121352ED7045B733D868940C90F] : vs_communitymsires [HKCR\Installer\Products\077E03F5FD27C7C77926519C8FC8DAFD] : Windows SDK Modern Versioned Developer Tools [HKCR\Installer\Products\099AAB46CF1F54147A1B4EF1BB9CAD74] : HP Recovery Manager -> c:\windows\Installer\{64BAA990-F1FC-4145-A7B1-E41FBBC9DA47}\_853F67D554F05449430E7E.exe [HKCR\Installer\Products\0A2DE7D23559B21439F96D0EEA2BBA1E] : ISO Recorder [HKCR\Installer\Products\0B195D5104B775946B0CBE47255BAA6B] : vs_filehandler_amd64 [HKCR\Installer\Products\0C03603C69E56994995BFEE998DAE7AE] : vs_communitymsires [HKCR\Installer\Products\0EFF299C23CA9AF4CBA91F36B7E956D5] : Photo Gallery [HKCR\Installer\Products\0F0C1C5CF26DFBD4184D7DFE93C722B8] : NVIDIA PhysX [HKCR\Installer\Products\1026B0516E9EBFD469E0CCDB35BFDDDE] : HPProductAssistant [HKCR\Installer\Products\102CCEC8AC03EF0E2A4EDE967D78CC4A] : Windows Team Extension SDK Contracts [HKCR\Installer\Products\1167123F414BA3A418FBA6A3D47B7E34] : vs_Graphics_Singletonx64 [HKCR\Installer\Products\1694F97F8D0D39828BD1A7063F00DEF6] : Windows SDK Signing Tools [HKCR\Installer\Products\183096C55FA647345BC0200F93E09908] : HP ePrint SW [HKCR\Installer\Products\1A5735E3C4E03E4326491C8CDB8A324E] : WinRT Intellisense IoT - en-us [HKCR\Installer\Products\1C6BAFB664D6BD645A832A9609C7F9F2] : Network64 [HKCR\Installer\Products\1D261DA037945134799ED59E9AB20494] : icecap_collection_x64 [HKCR\Installer\Products\1F949BC659446F848A51626FACAB587D] : Backup and Sync from Google -> C:\WINDOWS\Installer\{6CB949F1-4495-48F6-A815-26F6CABA85D7}\DriveIcon [HKCR\Installer\Products\25ED50C077C2AF6D5A165D80FCF59CE6] : Kits Configuration Installer [HKCR\Installer\Products\25F0F292D26B17E429B1986A28042210] : Toolbox [HKCR\Installer\Products\25F54DDAA03654F488978ABD08FD29B1] : Universal CRT Extension SDK [HKCR\Installer\Products\286FF0AF07CC75C439DC2E673F7E35E7] : BufferChm [HKCR\Installer\Products\29583028B981028261651F7E8D1F6C36] : Windows SDK for Windows Store Apps Libs [HKCR\Installer\Products\2B0163E6D0340BE4183EB2758E9BEDD8] : Bonjour -> C:\windows\Installer\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}\Bonjour.ico [HKCR\Installer\Products\2C06AA4BEA6B9334B8F465CAB404E200] : vcpp_crt.redist.clickonce [HKCR\Installer\Products\305B830B169A53C4DB4DE6E80009E645] : Intel(R) Wireless Bluetooth(R) -> c:\windows\Installer\{B038B503-A961-4C35-BDD4-6E8E00906E54}\IntelBluetooth.ico [HKCR\Installer\Products\32577B8ABA319B645BF445380E69869F] : vs_minshellmsires [HKCR\Installer\Products\341A9E07BE81BAF40B023E58B42102C2] : LibreOffice 5.2.4.2 -> C:\windows\Installer\{70E9A143-18EB-4FAB-B020-E3854B12202C}\soffice.ico [HKCR\Installer\Products\3751C520D1F2FA64AB8B95E4FB658A98] : HP System Event Utility -> c:\windows\Installer\{025C1573-2F1D-46AF-BAB8-594EBF56A889}\_853F67D554F05449430E7E.exe [HKCR\Installer\Products\3A075C5932E9005478B8E4FDE3F21AC1] : Windows Mobile Extension SDK 10.0.15063.0 - ARM [HKCR\Installer\Products\424AAFE8264EDF37759BEFAB43E68ECE] : Windows SDK for Windows Store Apps [HKCR\Installer\Products\436520B5B5D7D8B4EBA297341CFCD2D5] : Status [HKCR\Installer\Products\442692CD1070EDE46969509B1C0D713B] : vs_filehandler_x86 [HKCR\Installer\Products\492CDF396270AE8489D9058EC976BA0F] : vcpp_crt.redist.clickonce [HKCR\Installer\Products\49E2EBFB68900A70A268685A20ED57EF] : Windows Desktop Extension SDK Contracts [HKCR\Installer\Products\4BFCCD03F860C5C4CB01E5DCACEE554D] : Windows SDK AddOn [HKCR\Installer\Products\4D674FDAB365AD445A90EB429CA0D5F4] : HP Support Solutions Framework -> C:\windows\Installer\{ADF476D4-563B-44DA-A509-BE24C90A5D4F}\icon.ico [HKCR\Installer\Products\4EA42A62D9304AC4784BF2238110140F] : Java 8 Update 141 -> C:\Program Files (x86)\Java\jre1.8.0_141\\bin\javaws.exe [HKCR\Installer\Products\4F4A3A46297B6D117AA8000B0D811013] : Java SE Development Kit 8 Update 131 (64-bit) -> C:\Program Files\Java\jdk1.8.0_131\\bin\javaws.exe [HKCR\Installer\Products\57DB95FFA664A5D4DA32AA8DC7F54DC4] : QuickTime 7 -> C:\WINDOWS\Installer\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}\Installer.ico [HKCR\Installer\Products\58221BC2FB09F9649B374394A5AB0F84] : HP ePrint SW [HKCR\Installer\Products\5887E00415881F3448C9A527C04B0F10] : icecap_collectionresourcesx64 [HKCR\Installer\Products\588A53CAF8F075847BADE6D8BF346E3B] : HPSSupply [HKCR\Installer\Products\58C0321131813CB4C9420E7BB49556E3] : vs_FileTracker_Singleton [HKCR\Installer\Products\5A440F64B8EC691489E4B56D25E563D1] : Apple Application Support -> C:\WINDOWS\Installer\{46F044A5-CE8B-4196-984E-5BD6525E361D}\WinInstall.ico [HKCR\Installer\Products\5A812990327ACD34D85B163756A6E149] : Dropbox Update Helper [HKCR\Installer\Products\5C36D919C5653C1F769D53F39E20FE11] : Universal CRT Headers Libraries and Sources [HKCR\Installer\Products\5CF0251881539E04893007ECA808D170] : Intel(R) Chipset Device Software [HKCR\Installer\Products\5E7B475677CB6EE438911CF88D0B9C06] : Intel(R) Management Engine Components [HKCR\Installer\Products\5ECB5EFADD64AFD4D99D004FE251BA9D] : OMEN Control -> c:\windows\Installer\{AFE5BCE5-46DD-4DFA-9DD9-00F42E15ABD9}\_853F67D554F05449430E7E.exe [HKCR\Installer\Products\61C721A60770AFB44BD21E9336BC6573] : HP JumpStart Launch -> c:\windows\Installer\{6A127C16-0770-4BFA-B42D-E13963CB5637}\HPlogo_blue.ico [HKCR\Installer\Products\628ECCC0C479E9EF2D2F84A3BA308CA9] : Windows SDK Redistributables [HKCR\Installer\Products\6565E1852E6220A47911848C4E993801] : vs_devenvmsi [HKCR\Installer\Products\67705F10DE853CCE63C84A5BC1EDB28C] : Windows SDK for Windows Store Apps Headers [HKCR\Installer\Products\68AB67CA3301FFFF7706000000000060] : Adobe Acrobat XI Pro -> C:\WINDOWS\Installer\{AC76BA86-1033-FFFF-7760-000000000006}\_SC_Acrobat.ico [HKCR\Installer\Products\68AB67CA408033019195008142320776] : Adobe Refresh Manager -> C:\WINDOWS\Installer\{AC76BA86-0804-1033-1959-001824237067}\ARPPRODUCTICON.exe [HKCR\Installer\Products\68AB67CA7DA76301B744CAF070E41400] : Adobe Acrobat Reader DC - Français -> C:\WINDOWS\Installer\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}\SC_Reader.ico [HKCR\Installer\Products\6BB3865F940EC9A72655A11A36D9C864] : Windows SDK EULA [HKCR\Installer\Products\6BFF8E1912BF93046A8CAE79C383BF86] : vs_minshellmsires [HKCR\Installer\Products\6E3C12FFDF79F4745981D8BC9EC48245] : 64 Bit HP CIO Components Installer [HKCR\Installer\Products\6F7443BB35599AA469E0D05B13C07597] : GPBaseService2 [HKCR\Installer\Products\6FC9A23AAA7E8B843A3D051C756EF935] : vs_tipsmsi [HKCR\Installer\Products\7314150362BFA1E43A4BB58486F0E3EC] : HP Support Assistant -> C:\windows\Installer\{30514137-FB26-4E1A-A3B4-5B48680F3ECE}\ARPPRODUCTICON.exe [HKCR\Installer\Products\733F774961DFACA428712E7D0A9F6230] : vs_minshellinteropmsi [HKCR\Installer\Products\76A2BDEBD367E694CA1EECEA3E1AA1EB] : Intel(R) Ready Mode Technology -> C:\windows\Installer\{BEDB2A67-763D-496E-ACE1-CEAEE3A11ABE}\IRMT.ico [HKCR\Installer\Products\76ADC814E98FF53C7B50AD18C4930D8B] : Windows SDK DirectX x64 Remote [HKCR\Installer\Products\7931DE3027E7E6F40A0F92490A1A4312] : HP ePrint SW [HKCR\Installer\Products\796E1092C9E0B4047B0DE6D2346FC45E] : VS JIT Debugger [HKCR\Installer\Products\7BD4C90EC03660F46A13E87A329932FA] : D3DX10 [HKCR\Installer\Products\7CE21EBEFD062C14AA8CB052681FC569] : Intel(R) Rapid Storage Technology [HKCR\Installer\Products\7D165A0992C0D464491EA2E7C1552303] : DiagnosticsHub_CollectionService [HKCR\Installer\Products\7D2F8E1D497754242B6878DE681C98C3] : HP Registration Service -> c:\windows\Installer\{D1E8F2D7-7794-4245-B286-87ED86C1893C}\ARPPRODUCTICON.exe [HKCR\Installer\Products\7F9ED8C2434C065459A4368A5032B74C] : Windows Mobile Extension SDK 10.0.15063.0 - x86 [HKCR\Installer\Products\8090A798735CD1857575727AE9AC2BB6] : Windows SDK Facade Windows WinMD Versioned [HKCR\Installer\Products\815472AED83784A41ABC9516374D6C2A] : HP ePrint SW [HKCR\Installer\Products\818DCFD4A63092246AD7FC71CD64D129] : Windows 10 Update and Privacy Settings [HKCR\Installer\Products\8386A9D528D4E57498014130E5DE17AF] : Intel(R) PRO/Wireless Driver -> C:\WINDOWS\Installer\{5D9A6838-4D82-475E-8910-14035EED71FA}\ARPPRODUCTICON.exe [HKCR\Installer\Products\83880DAF7393C6F07878DFDFBF6F5320] : WinRT Intellisense UAP - en-us [HKCR\Installer\Products\84622BC58F53CB14C953E114EFE6215A] : Energy Star -> c:\windows\Installer\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}\_853F67D554F05449430E7E.exe [HKCR\Installer\Products\8468EEE0515A02678C3FBD6F68DC4E37] : Windows SDK for Windows Store Apps Metadata [HKCR\Installer\Products\872982F4DE188E5CE2F0967A3457D619] : Windows Desktop Extension SDK [HKCR\Installer\Products\87BB85415CD10CB49B3AB246F4A51850] : DeviceDiscovery [HKCR\Installer\Products\87FDEAC17CD3B813178ED0AD465D4AD6] : Windows SDK Desktop Headers x64 [HKCR\Installer\Products\88605C219195A7A478482BA62783CFEE] : icecap_collectionresources [HKCR\Installer\Products\88AF063D8C7141F46BF731AA9F06B721] : MarketResearch [HKCR\Installer\Products\8CDD41E806AE81E43B3E917301D4B5AD] : MSVCRT110 [HKCR\Installer\Products\8D4356AB3FC052599DB29E0CCB05BF9E] : Windows SDK Desktop Libs x64 [HKCR\Installer\Products\8DF49EE825F536443A0481D561231885] : WebReg [HKCR\Installer\Products\959511C6506F2A1613DADC47A5E0BB21] : Windows IoT Extension SDK [HKCR\Installer\Products\96530F83636A3FC4DBED30C2C8523140] : Movie Maker [HKCR\Installer\Products\978D0142F8C0452B2C7054E51109576B] : Universal CRT Tools x86 [HKCR\Installer\Products\99999417B49960C4695B5B93367FA0FA] : icecap_collectionresources [HKCR\Installer\Products\99E80CA9B0328e74791254777B1F42AE] : [HKCR\Installer\Products\9A5C62360CF0FAF46B573733EF61BD75] : F4500 [HKCR\Installer\Products\9F0BDA9BB954B6E40A12F0837CF30C06] : HP ePrint SW [HKCR\Installer\Products\9F9074CAD138DDE48B8E38CAC765B366] : Intel(R) Management Engine Components [HKCR\Installer\Products\A089CE062ADB6BC44A720BA745894BAC] : Google Update Helper [HKCR\Installer\Products\A19D117DD72111A4AB38368486DA0861] : HP ePrint SW [HKCR\Installer\Products\A5F95808C31DE8BA64956B03FC2E95D9] : WinAppDeploy [HKCR\Installer\Products\A6C64DD86500CEF47BA082BB611A1FF1] : MSVCRT [HKCR\Installer\Products\A6CECD4D95CB5D3468A6BA50E7467FF3] : vs_Graphics_Singletonx86 [HKCR\Installer\Products\A75F0AACC8AB8DA4AA303FB2E0F46532] : Photo Common [HKCR\Installer\Products\A80FB044E97ADAF9569D5ACF86F38D7B] : Windows SDK for Windows Store Apps Tools [HKCR\Installer\Products\AA74CE6531856FF4E857450462BFAE38] : Apple Software Update -> C:\WINDOWS\Installer\{56EC47AA-5813-4FF6-8E75-544026FBEA83}\Installer.ico [HKCR\Installer\Products\AABCCCA5331644644B3289135281C40E] : Windows SDK for Windows Store Apps DirectX x64 Remote [HKCR\Installer\Products\AB4027DB46DDE994B955A682C2FDF44A] : Destinations [HKCR\Installer\Products\AC7C08D81B1DEAAA81678FECA26502F4] : Windows SDK Modern Non-Versioned Developer Tools [HKCR\Installer\Products\AD0214708AD7950EDBE875059EC70664] : MSI Development Tools [HKCR\Installer\Products\B4EB76DD26E75124FA3A1F328A003A98] : Movie Maker [HKCR\Installer\Products\B5AFF1F99344C162AA39CEB746A4243F] : Windows SDK for Windows Store Managed Apps Libs [HKCR\Installer\Products\B78DD5CB341041D4AA6E79016941CDB6] : SolutionCenter [HKCR\Installer\Products\B885EF57851F3BB42A388A1DE825A225] : Intel® Trusted Connect Service Client [HKCR\Installer\Products\BBEACB025F0BD3C4D860DF80644E09D6] : icecap_collectionresourcesx64 [HKCR\Installer\Products\BE5D302C884C5F371C7E69181D252320] : Windows SDK Desktop Tools x64 [HKCR\Installer\Products\BFD8224605477B9439C59B3724BC6695] : HP Customer Experience Enhancements -> C:\windows\Installer\{64228DFB-7450-49B7-935C-B97342CB6659}\ARPPRODUCTICON.exe [HKCR\Installer\Products\C1BC6B2451DF58EF6A5FB200F3A9A40F] : Windows SDK Desktop Headers x86 [HKCR\Installer\Products\C3F992B07EC6255BD3AF9F17BD92C9F4] : Windows IP Over USB [HKCR\Installer\Products\C88D1A60201E7254FA0792FF7DFA12A5] : Scan [HKCR\Installer\Products\CBA3D42957CF2404D9BDBF48A65448D8] : HP PC Hardware Diagnostics UEFI -> C:\WINDOWS\Installer\{924D3ABC-FC75-4042-9DDB-FB846A45848D}\ARPPRODUCTICON.exe [HKCR\Installer\Products\CE43992D6B42D5F06CBB9ECEFC22C021] : Universal CRT Tools x64 [HKCR\Installer\Products\CEA1179CF5CB2AA6396CD4DC06E4DFF8] : Windows SDK DirectX x86 Remote [HKCR\Installer\Products\CF6E3F463E862604C9C2BA9DF3FD3F90] : icecap_collection_neutral [HKCR\Installer\Products\D36E13DCDF74C1941871FC02D1A0AF5B] : TrayApp [HKCR\Installer\Products\D790359F6CC466AF4A0EB4A83D211140] : Windows SDK for Windows Store Apps DirectX x86 Remote [HKCR\Installer\Products\D7C711A8B9AD6E14D60410D9B5F5650A] : Windows IoT Extension SDK Contracts [HKCR\Installer\Products\D88A7680F467E663E91231D08A4B273C] : Dropbox 25 GB -> C:\windows\Installer\{0867A88D-764F-366E-9E21-130DA8B472C3}\DropboxOEM.exe [HKCR\Installer\Products\D8CD6615FB95E63332286A5C58AB3DC6] : Windows SDK Desktop Tools x86 [HKCR\Installer\Products\D8E663C1AABC804DDC42010C8A5BF3EC] : Windows SDK for Windows Store Apps Contracts [HKCR\Installer\Products\DB96D5C0815BBD64481705C62DF74987] : HP Audio Switch -> c:\windows\Installer\{0C5D69BD-B518-46DB-8471-506CD27F9478}\HPlogo_blue.ico [HKCR\Installer\Products\E338BAA0D430B0343D4E935C57B341CA] : Universal CRT Redistributable [HKCR\Installer\Products\E66BAA708174D2242981A4BFC329A217] : Photo Gallery [HKCR\Installer\Products\E6941CFC325CB31448CE252BBC569B40] : Corona -> C:\WINDOWS\Installer\{CFC1496E-C523-413B-84EC-52B2CB65B904}\CoronaSimulatorIcon [HKCR\Installer\Products\E86C46B30E4141245AD305E2F9DB237E] : VS Script Debugging Common [HKCR\Installer\Products\EA447EC6F0E7FA001FDB70D7A9CFEB6C] : WinRT Intellisense PPI - en-us [HKCR\Installer\Products\EA902584EC73802295BCB75BA98AB57E] : Universal General MIDI DLS Extension SDK [HKCR\Installer\Products\ECA5A79430AD21441A0119B0C2547002] : vs_minshellmsi [HKCR\Installer\Products\EDA7000A6F6FF01428F257224B0FFBED] : Intellisense Lang Pack Mobile Extension SDK 10.0.15063.0 [HKCR\Installer\Products\EE5FD576F70981560ECF2A6E92B1DC2C] : Windows SDK Desktop Libs x86 [HKCR\Installer\Products\F1BFBAA89A5A6A848ABE5C8F918C0973] : DJ_AIO_06_F4500_SW_MIN [HKCR\Installer\Products\F2026B54617AA86C91E9341B605BA6E7] : WinRT Intellisense Desktop - en-us [HKCR\Installer\Products\F3124EAC797FD934DBE9977BD111B53E] : HPPhotoGadget [HKCR\Installer\Products\F349140AB79C6F84F8325C70F899BBA3] : vs_communitymsi [HKCR\Installer\Products\F3BF308E3B5AE8744A3278BB5FAF1A20] : Windows Mobile Connectivity Tools 10.0.15063.0 - Desktop x86 [HKCR\Installer\Products\F60730A4A66673047777F5728467D401] : Java Auto Updater [HKCR\Installer\Products\F63D2AE7A52932C4787E6D21E261E0CE] : Python Launcher -> C:\WINDOWS\Installer\{7EA2D36F-925A-4C23-87E7-D6122E160EEC}\ARPIcon [HKCR\Installer\Products\FA43A9AF5ED4D710CDD1B5DCCFB02A3A] : Windows SDK [HKCR\Installer\Products\FC03D219E93F13B4DAA921C3B697E42E] : HP Update -> C:\WINDOWS\Installer\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}\ARPPRODUCTICON.exe [HKCR\Installer\Products\FF2190BE113CF0E46A1B24F0DDC392E5] : HP JumpStart Bridge -> C:\WINDOWS\Installer\{EB0912FF-C311-4E0F-A6B1-420FDD3C295E}\HPlogo_blue.ico [HKCR\Installer\Products\FF664EB97B078AD408C7BDC46301DFAA] : Copy ---------- | ADS @C:\Users\camil\AppData\Local\Temp:Win32App_1 ---------- | Drives Disk: 0 Size=954G Pos MBRndx Type/Name Size Active Hide Start Sector Sectors --- ------ ---------- ---- ------ ---- ------------ ------------ 0 0 EE-UNKNWN 21.0T No No 1 294,967,295 ---------- | MBR Windows Version: Windows Information: (build 9200), 64-bit Base Board Manufacturer: HP BIOS Manufacturer: AMI System Manufacturer: HP System Product Name: 870-222nf Logical Drives Mask: 0x0000001c Analysis of file "C:\QuickDiag\MBR.bin": Unknown MBR code 64 bits not supported by MBR.exe, Dump : C:\QuickDiag\MBR.Bin ---------- | 20 LastEventLog La création du contexte d’activation a échoué pour « C:\Program Files (x86)\Corona Labs\Corona\Corona Simulator.exe ». Erreur dans le fichier de manifeste ou de stratégie «  » à la ligne . Une version de composant nécessaire à l’application est en conflit avec une autre version de composant déjà active. Les composants en conflit sont : Composant 1 : C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest. Composant 2 : C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest. ------------ La création du contexte d’activation a échoué pour « C:\Program Files (x86)\Corona Labs\Corona\Corona.Console.exe ». Erreur dans le fichier de manifeste ou de stratégie «  » à la ligne . Une version de composant nécessaire à l’application est en conflit avec une autre version de composant déjà active. Les composants en conflit sont : Composant 1 : C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest. Composant 2 : C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest. ------------ La création du contexte d’activation a échoué pour « C:\Program Files (x86)\Windows Kits\10\bin\10.0.15063.0\arm\signtool.exe.Manifest ». Assembly dépendant Microsoft.Windows.Build.Signing.wintrust.dll,version="0.0.0.0" introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé. ------------ La création du contexte d’activation a échoué pour « C:\Program Files (x86)\Windows Kits\10\bin\10.0.15063.0\arm64\signtool.exe.Manifest ». Assembly dépendant Microsoft.Windows.Build.Appx.AppxSip.dll,version="0.0.0.0" introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé. ------------ La création du contexte d’activation a échoué pour « C:\Program Files (x86)\Corona Labs\Corona\Corona Simulator.exe ». Erreur dans le fichier de manifeste ou de stratégie «  » à la ligne . Une version de composant nécessaire à l’application est en conflit avec une autre version de composant déjà active. Les composants en conflit sont : Composant 1 : C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest. Composant 2 : C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest. ------------ La création du contexte d’activation a échoué pour « C:\Program Files (x86)\Corona Labs\Corona\Corona.Console.exe ». Erreur dans le fichier de manifeste ou de stratégie «  » à la ligne . Une version de composant nécessaire à l’application est en conflit avec une autre version de composant déjà active. Les composants en conflit sont : Composant 1 : C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest. Composant 2 : C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest. ------------ La création du contexte d’activation a échoué pour « C:\Program Files (x86)\Windows Kits\10\bin\10.0.15063.0\arm\signtool.exe.Manifest ». Assembly dépendant Microsoft.Windows.Build.Signing.wintrust.dll,version="0.0.0.0" introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé. ------------ La création du contexte d’activation a échoué pour « C:\Program Files (x86)\Windows Kits\10\bin\10.0.15063.0\arm64\signtool.exe.Manifest ». Assembly dépendant Microsoft.Windows.Build.Appx.AppxSip.dll,version="0.0.0.0" introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé. ------------ La création du contexte d’activation a échoué pour « C:\Program Files (x86)\Corona Labs\Corona\Corona Simulator.exe ». Erreur dans le fichier de manifeste ou de stratégie «  » à la ligne . Une version de composant nécessaire à l’application est en conflit avec une autre version de composant déjà active. Les composants en conflit sont : Composant 1 : C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest. Composant 2 : C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest. ------------ La création du contexte d’activation a échoué pour « C:\Program Files (x86)\Corona Labs\Corona\Corona.Console.exe ». Erreur dans le fichier de manifeste ou de stratégie «  » à la ligne . Une version de composant nécessaire à l’application est en conflit avec une autre version de composant déjà active. Les composants en conflit sont : Composant 1 : C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest. Composant 2 : C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest. ------------ Nom de l’application défaillante superhexagon.exe, version : 0.0.0.0, horodatage : 0x50bf8c6d Nom du module défaillant : OPENGL32.dll, version : 10.0.15063.0, horodatage : 0xd0083079 Code d’exception : 0xc0000005 Décalage d’erreur : 0x0001c788 ID du processus défaillant : 0xe3c Heure de début de l’application défaillante : 0x01d31c12d31e2baa Chemin d’accès de l’application défaillante : C:\Program Files (x86)\Steam\steamapps\common\Super Hexagon\superhexagon.exe Chemin d’accès du module défaillant: C:\WINDOWS\SYSTEM32\OPENGL32.dll ID de rapport : 381f0b91-ca6f-4218-87cd-6cd1dccb3bdb Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Produit : Adobe Acrobat XI Pro - La mise à jour ‘Adobe Acrobat XI (11.0.21)’ n’a pas pu être installée. Code d’erreur 1603. Windows Installer peut créer des journaux pour faciliter la résolution des éventuelles erreurs d’installation des packages logiciels. Utilisez le lien suivant pour afficher des instructions concernant l’activation des journaux : http://go.microsoft.com/fwlink/?LinkId=23127 ------------ Produit : Adobe Acrobat XI Pro - La mise à jour ‘Adobe Acrobat XI (11.0.22)’ n’a pas pu être installée. Code d’erreur 1603. Windows Installer peut créer des journaux pour faciliter la résolution des éventuelles erreurs d’installation des packages logiciels. Utilisez le lien suivant pour afficher des instructions concernant l’activation des journaux : http://go.microsoft.com/fwlink/?LinkId=23127 ------------ Product: Adobe Acrobat XI Pro -- Error 1328.Error applying patch to file C:\Config.Msi\PTBADD.tmp. It has probably been updated by other means, and can no longer be modified by this patch. For more information contact your patch vendor. System Error: -1072807676 ------------ La création du contexte d’activation a échoué pour « C:\Program Files (x86)\Windows Kits\10\bin\10.0.15063.0\arm\signtool.exe.Manifest ». Assembly dépendant Microsoft.Windows.Build.Signing.wintrust.dll,version="0.0.0.0" introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé. ------------ La création du contexte d’activation a échoué pour « C:\Program Files (x86)\Windows Kits\10\bin\10.0.15063.0\arm64\signtool.exe.Manifest ». Assembly dépendant Microsoft.Windows.Build.Appx.AppxSip.dll,version="0.0.0.0" introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé. ------------ La création du contexte d’activation a échoué pour « C:\Program Files (x86)\Corona Labs\Corona\Corona Simulator.exe ». Erreur dans le fichier de manifeste ou de stratégie «  » à la ligne . Une version de composant nécessaire à l’application est en conflit avec une autre version de composant déjà active. Les composants en conflit sont : Composant 1 : C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest. Composant 2 : C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest. ------------ La création du contexte d’activation a échoué pour « C:\Program Files (x86)\Corona Labs\Corona\Corona.Console.exe ». Erreur dans le fichier de manifeste ou de stratégie «  » à la ligne . Une version de composant nécessaire à l’application est en conflit avec une autre version de composant déjà active. Les composants en conflit sont : Composant 1 : C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest. Composant 2 : C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest. ------------ Échec de la procédure d’ouverture pour le service « BITS » dans la DLL « C:\Windows\System32\bitsperf.dll ». Les données de performance de ce service ne seront pas disponibles. Le premier mot (DWORD) de la section Données contient le code d’erreur. ------------ ----------( EOF)---------- - 4830 | 21:33:53