System: Microsoft Windows 10 Famille - - (10.0.16299) - BuildType: Multiprocessor Free - OSLanguage: 1036 (040c) -> (1709) System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True Boot : Microsoft Windows 10 Famille|C:\WINDOWS|\Device\Harddisk0\Partition3 Boot : Normal boot PC: NC-V3-372-570P - Acer - IdNumber: NXG7AEF018624036BD6600 - UUID: 00000000-0000-0000-0000-000000000000 Processor : X64 - 2400 Mhz - Intel(R) Core(TM) i5-6200U CPU @ 2.30GHz V1.12 - - Insyde Corp. - S/N: NXG7AEF018624036BD6600 - V1.12 - ACRSYS - 0 CoreTemp : 23 Celsius ----------| Quick ---------- | SoundDevice Son Intel(R) pour écrans - Status: OK - Manufacturer: Intel(R) Corporation - PNPDeviceID: HDAUDIO\FUNC_01&VEN_8086&DEV_2809&SUBSYS_80860101&REV_1000\4&233DF221&0&0201 Realtek High Definition Audio - Status: OK - Manufacturer: Realtek - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0255&SUBSYS_1025104C&REV_1000\4&233DF221&0&0001 ---------- | Video Intel(R) HD Graphics 520 - Resolution: 1366x768 - Colors: 4294967296 - RefreshRate: 60 - 32 Bits Per Pixel - DeviceID: VideoController1 - Drivers: C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7ee21f0fcd504371\igdumdim64.dll,C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7ee21f0fcd504371\igd10iumd64.dll,C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7ee21f0fcd504371\igd10iumd64.dll,C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7ee21f0fcd504371\igd12umd64.dll - PNPDeviceID: PCI\VEN_8086&DEV_1916&SUBSYS_104C1025&REV_07\3&11583659&1&10 - AdapterCompatibility: Intel Corporation - RAM: 1073741824 Inegrated Video Chipset DeviceName: Intel(R) HD Graphics 520 - DriverVersion: 21.20.16.4550 - SpecificationVersion: 1025 ---------- | Codecs c:\windows\system32\msadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 33296 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msgsm32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 42480 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msg711.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 25400 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\imaadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 34864 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\tsbyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 16896 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msvidc32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 38912 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\iyuv_32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 53760 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\l3codeca.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 84480 - Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK c:\windows\system32\msyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 28672 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msrle32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 17920 - Manufacturer: Microsoft Corporation - Status: OK ---------- | CPU CPU #1 value:44 % CPU #2 value:20 % CPU #3 value:32 % CPU #4 value:32 % Total Overall CPU Usage value:32 % ---------- | Network Realtek PCIe GBE Family Controller : SENT:0 bytes/sec / RECVD:0 bytes/sec Qualcomm Atheros QCA61x4A Wireless Network Adapter : SENT:93,118 bytes/sec / RECVD:93,118 bytes/sec Connexion au réseau local* 15 : SENT:0 bytes/sec / RECVD:0 bytes/sec Overall -> SEND Maxium:93,118 bytes/sec, / RECEIVE Maximum:93,118 bytes/sec Microsoft Kernel Debug Network Adapter - - Microsoft - Status: - PnPID : ROOT\KDNIC\0000 Kaspersky Security Data Escort Adapter - Ethernet 802.3 - Kaspersky Security Data Escort Provider - Status: - PnPID : ROOT\NET\0000 WAN Miniport (IKEv2) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_AGILEVPNMINIPORT WAN Miniport (L2TP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_L2TPMINIPORT WAN Miniport (PPTP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_PPTPMINIPORT WAN Miniport (PPPOE) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_PPPOEMINIPORT WAN Miniport (IP) - Ethernet 802.3 - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_NDISWANIP VMware Virtual Ethernet Adapter for VMnet1 - Ethernet 802.3 - VMware, Inc. - Status: - PnPID : ROOT\VMWARE\0000 WAN Miniport (IPv6) - Ethernet 802.3 - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_NDISWANIPV6 WAN Miniport (Network Monitor) - Ethernet 802.3 - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_NDISWANBH Realtek PCIe GBE Family Controller - Ethernet 802.3 - Realtek - Status: - PnPID : PCI\VEN_10EC&DEV_8168&SUBSYS_104C1025&REV_15\4&2A998795&0&00E4 Qualcomm Atheros QCA61x4A Wireless Network Adapter - Ethernet 802.3 - Qualcomm Communications Inc. - Status: - PnPID : PCI\VEN_168C&DEV_003E&SUBSYS_080711AD&REV_32\4&152A3F22&0&00E5 Bluetooth Device (RFCOMM Protocol TDI) - - Microsoft - Status: - PnPID : BTH\MS_RFCOMM\6&7CEFB99&0&0 Bluetooth Device (Personal Area Network) - Ethernet 802.3 - Microsoft - Status: - PnPID : BTH\MS_BTHPAN\6&7CEFB99&0&3 WAN Miniport (SSTP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_SSTPMINIPORT Microsoft Wi-Fi Direct Virtual Adapter #2 - Ethernet 802.3 - Microsoft - Status: - PnPID : {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP_WFD\5&27506D7A&3&15 RAS Async Adapter - - - Status: - PnPID : VMware Virtual Ethernet Adapter for VMnet8 - Ethernet 802.3 - VMware, Inc. - Status: - PnPID : ROOT\VMWARE\0001 Microsoft Teredo Tunneling Adapter - Tunnel - Microsoft - Status: - PnPID : SWD\IP_TUNNEL_VBUS\TEREDO_TUNNEL_DEVICE Microsoft Wi-Fi Direct Virtual Adapter - - - Status: - PnPID : Microsoft Wi-Fi Direct Virtual Adapter #6 - Ethernet 802.3 - Microsoft - Status: - PnPID : {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP_WFD\5&27506D7A&3&16 VirtualBox Host-Only Ethernet Adapter #2 - Ethernet 802.3 - Oracle Corporation - Status: - PnPID : ROOT\NET\0001 ---------- | Memory RAM = Total (MB) : 8282 | Free (MB) : 3172 Pagefile = Total (MB) : 16408 | Free (MB) : 6405 Virtual = Total (MB) : 4194 | Free (MB) : 3872 Physical Memory 0 : Capacity: 8589934592 - ChannelA-DIMM0 - Posit.: 1 - Manufacturer: Kingston - PartNumber: ACR16D3LS1KNG/8G - S/N: 22022051 ---------- | SID Users Administrateur : [S-1-5-21-3183174187-342176784-3280352271-500] Boun : [S-1-5-21-3183174187-342176784-3280352271-1002] DefaultAccount : [S-1-5-21-3183174187-342176784-3280352271-503] Invité : [S-1-5-21-3183174187-342176784-3280352271-501] ligma : [S-1-5-21-3183174187-342176784-3280352271-1001] WDAGUtilityAccount : [S-1-5-21-3183174187-342176784-3280352271-504] Administrateurs : [S-1-5-32-544] IIS_IUSRS : [S-1-5-32-568] Invités : [S-1-5-32-546] Lecteurs des journaux d’événements : [S-1-5-32-573] System Managed Accounts Group : [S-1-5-32-581] Utilisateurs : [S-1-5-32-545] Utilisateurs de gestion à distance : [S-1-5-32-580] Utilisateurs de l’Analyseur de performances : [S-1-5-32-558] Utilisateurs du journal de performances : [S-1-5-32-559] Utilisateurs du modèle COM distribué : [S-1-5-32-562] __vmware__ : [S-1-5-21-3183174187-342176784-3280352271-1008] ---------- | SystemAccounts Name: Tout le monde - SID: S-1-1-0 - SIDType: 5 - Status: OK Name: LOCAL - SID: S-1-2-0 - SIDType: 5 - Status: OK Name: CREATEUR PROPRIETAIRE - SID: S-1-3-0 - SIDType: 5 - Status: OK Name: GROUPE CREATEUR - SID: S-1-3-1 - SIDType: 5 - Status: OK Name: CREATOR OWNER SERVER - SID: S-1-3-2 - SIDType: 5 - Status: OK Name: CREATOR GROUP SERVER - SID: S-1-3-3 - SIDType: 5 - Status: OK Name: DROITS DU PROPRIÉTAIRE - SID: S-1-3-4 - SIDType: 5 - Status: OK Name: LIGNE - SID: S-1-5-1 - SIDType: 5 - Status: OK Name: RESEAU - SID: S-1-5-2 - SIDType: 5 - Status: OK Name: TACHE - SID: S-1-5-3 - SIDType: 5 - Status: OK Name: INTERACTIF - SID: S-1-5-4 - SIDType: 5 - Status: OK Name: SERVICE - SID: S-1-5-6 - SIDType: 5 - Status: OK Name: ANONYMOUS LOGON - SID: S-1-5-7 - SIDType: 5 - Status: OK Name: Proxy - SID: S-1-5-8 - SIDType: 5 - Status: OK Name: Système - SID: S-1-5-18 - SIDType: 5 - Status: OK Name: ENTERPRISE DOMAIN CONTROLLERS - SID: S-1-5-9 - SIDType: 5 - Status: OK Name: SELF - SID: S-1-5-10 - SIDType: 5 - Status: OK Name: Utilisateurs authentifiés - SID: S-1-5-11 - SIDType: 5 - Status: OK Name: RESTRICTED - SID: S-1-5-12 - SIDType: 5 - Status: OK Name: UTILISATEUR TERMINAL SERVER - SID: S-1-5-13 - SIDType: 5 - Status: OK Name: REMOTE INTERACTIVE LOGON - SID: S-1-5-14 - SIDType: 5 - Status: OK Name: IUSR - SID: S-1-5-17 - SIDType: 5 - Status: OK Name: SERVICE LOCAL - SID: S-1-5-19 - SIDType: 5 - Status: OK Name: SERVICE RÉSEAU - SID: S-1-5-20 - SIDType: 5 - Status: OK Name: BUILTIN - SID: S-1-5-32 - SIDType: 3 - Status: OK ---------- | Drives C:\ -> [Fixed] | [Acer] | Total : 163.18 Go | Free : 28.95 Go -> NTFS (SSD) [SATA] D:\ -> [Fixed] | [DATA] | Total : 74.69 Go | Free : 28.24 Go -> NTFS (SSD) [SATA] Disk Usage Information [1 total Physical Disks] Physical Drive #0 [C:, D:] : Read:0 bytes/sec, Written:510,589 bytes/sec Max Read:0 bytes/sec, Max Write:510,589 bytes/sec Overall - Read Maximum:0 bytes/sec, Write Maximum:510,589 bytes/sec DeviceID: \\.\PHYSICALDRIVE0 - Status: OK - IDE - Fixed hard disk media - 4 Part. - PnPID : SCSI\DISK&VEN_LITEON&PROD_CV1-8B256\4&1CCB4144&0&000000 ---------- | Windows updates Test 1 : Windows Is Activated ---------- | Browsers IE : 11.0.16299.371 (© Microsoft Corporation. Tous droits réservés.) GC : 65.0.3325.181 (Copyright 2017 Google Inc.) Default : "C:\Program Files\Internet Explorer\iexplore.exe" ---------- | FlashPlayer FlashPlayer ActiveX : 29.0.0.140 FlashPlayer Plugin : 29.0.0.140 ---------- | Security AV : Windows Defender Enabled AS : Windows Defender Enabled FW : WINDOWS Firewall WMI : OK WU: Windows Update Service [Auto(2)] = Running AS: Windows Defender [Auto(2)] = Running WMI: Windows Management Instrumentation [Auto(2)] = Running ---------- | Running processes 476 | [Owner : Système | Parent : 4(System) | ?????] - (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (10.0.16299.15) = C:\Windows\System32\smss.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 712 | [Owner : Système | Parent : 596() | ?????] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (10.0.16299.15) = C:\Windows\System32\csrss.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 804 | [Owner : Système | Parent : 596() | ?????] - (.Microsoft Corporation - Application de démarrage de Windows.) - (10.0.16299.15) = C:\Windows\System32\wininit.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 948 | [Owner : Système | Parent : 804(wininit.exe) | ?????] - (.Microsoft Corporation - Applications Services et Contrôleur.) - (10.0.16299.192) = C:\Windows\System32\services.exe [06/01/2018 10:59:09] CPU Usage:0 % --> Command Line : 960 | [Owner : Système | Parent : 804(wininit.exe) | 13.73 Mo] - (.Microsoft Corporation - Local Security Authority Process.) - (10.0.16299.15) = C:\Windows\System32\lsass.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 556 | [Owner : UMFD-0 | Parent : 804(wininit.exe) | 0.38 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.16299.334) = C:\Windows\System32\fontdrvhost.exe [11/04/2018 11:24:31] CPU Usage:0 % --> Command Line : 488 | [Owner : Système | Parent : 948(services.exe) | 0.32 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 880 | [Owner : Système | Parent : 948(services.exe) | 18.79 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 1080 | [Owner : SERVICE RÉSEAU | Parent : 948(services.exe) | 12.33 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 1124 | [Owner : Système | Parent : 948(services.exe) | 3.7 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 1332 | [Owner : Système | Parent : 948(services.exe) | 4.61 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 1340 | [Owner : SERVICE LOCAL | Parent : 948(services.exe) | 3.74 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 1432 | [Owner : Système | Parent : 948(services.exe) | 8.84 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 1460 | [Owner : Système | Parent : 948(services.exe) | 4.88 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 1480 | [Owner : SERVICE LOCAL | Parent : 948(services.exe) | 4.55 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 1516 | [Owner : Système | Parent : 948(services.exe) | 2.2 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 1608 | [Owner : SERVICE LOCAL | Parent : 948(services.exe) | 27.07 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 1712 | [Owner : SERVICE LOCAL | Parent : 948(services.exe) | 14.18 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 1756 | [Owner : Système | Parent : 948(services.exe) | 5.41 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 1824 | [Owner : SERVICE LOCAL | Parent : 948(services.exe) | 3.24 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 1848 | [Owner : Système | Parent : 948(services.exe) | 11.23 Mo] - (.IObit - IObit Malware Fighter Service.) - (5.4.0.8535) = C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [16/01/2018 16:58:32] CPU Usage:0 % --> Command Line : 1868 | [Owner : Système | Parent : 948(services.exe) | 4.9 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 1900 | [Owner : SERVICE LOCAL | Parent : 948(services.exe) | 7.84 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 1320 | [Owner : SERVICE LOCAL | Parent : 1868(svchost.exe) | 12.68 Mo] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (10.0.16299.15) = C:\Windows\System32\dasHost.exe [29/09/2017 14:41:33] CPU Usage:0 % --> Command Line : 1580 | [Owner : SERVICE LOCAL | Parent : 948(services.exe) | 4.08 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 2136 | [Owner : SERVICE RÉSEAU | Parent : 948(services.exe) | 9.24 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 2164 | [Owner : Système | Parent : 948(services.exe) | 5.26 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 2212 | [Owner : SERVICE LOCAL | Parent : 948(services.exe) | 6.37 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 2360 | [Owner : SERVICE LOCAL | Parent : 948(services.exe) | 2.22 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 2408 | [Owner : Système | Parent : 948(services.exe) | 5.18 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 2416 | [Owner : Système | Parent : 948(services.exe) | 1.39 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 2424 | [Owner : SERVICE LOCAL | Parent : 948(services.exe) | 4.07 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 2568 | [Owner : Système | Parent : 948(services.exe) | 4.96 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 2592 | [Owner : Système | Parent : 948(services.exe) | 2.02 Mo] - (.Intel Corporation - igfxCUIService Module.) - (6.15.10.4550) = C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7ee21f0fcd504371\igfxCUIService.exe [23/11/2016 01:59:26] CPU Usage:0 % --> Command Line : 2628 | [Owner : Système | Parent : 948(services.exe) | 4.62 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 2636 | [Owner : SERVICE LOCAL | Parent : 948(services.exe) | 2.51 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 2752 | [Owner : SERVICE LOCAL | Parent : 948(services.exe) | 5.14 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 2792 | [Owner : SERVICE LOCAL | Parent : 948(services.exe) | 9.06 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 2840 | [Owner : SERVICE RÉSEAU | Parent : 948(services.exe) | 5.38 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 2876 | [Owner : Système | Parent : 948(services.exe) | 11.82 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 2944 | [Owner : SERVICE LOCAL | Parent : 948(services.exe) | 2.54 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 2952 | [Owner : SERVICE LOCAL | Parent : 948(services.exe) | 6.71 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 2960 | [Owner : SERVICE LOCAL | Parent : 948(services.exe) | 5.05 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 3152 | [Owner : Système | Parent : 948(services.exe) | 10.97 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 3236 | [Owner : Système | Parent : 948(services.exe) | 7.02 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 3284 | [Owner : Système | Parent : 948(services.exe) | 14.48 Mo] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.16299.371) = C:\Windows\System32\spoolsv.exe [11/04/2018 11:24:29] CPU Usage:0 % --> Command Line : 3360 | [Owner : SERVICE RÉSEAU | Parent : 948(services.exe) | 2.74 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 3552 | [Owner : Système | Parent : 948(services.exe) | 3.8 Mo] - (.Windows (R) Win 7 DDK provider - Windows Setup API.) - (6.1.7600.16385) = C:\Windows\System32\AdminService.exe [25/06/2016 23:57:00] CPU Usage:0 % --> Command Line : 3564 | [Owner : SERVICE RÉSEAU | Parent : 948(services.exe) | 8.14 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 3572 | [Owner : Système | Parent : 948(services.exe) | 12.4 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 3580 | [Owner : Système | Parent : 948(services.exe) | 14.48 Mo] - (.Intel - DSAService.) - (3.1.2.2) = C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe [17/01/2018 15:32:58] CPU Usage:0 % --> Command Line : 3608 | [Owner : Système | Parent : 948(services.exe) | 26.76 Mo] - (.- Intel(R) System Usage Report.) - (2.1.0.3638) = C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe [07/03/2018 16:56:28] CPU Usage:0 % --> Command Line : 3616 | [Owner : SERVICE RÉSEAU | Parent : 948(services.exe) | 1.54 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 3632 | [Owner : Système | Parent : 948(services.exe) | 133.18 Mo] - (.AO Kaspersky Lab - Kaspersky Anti-Virus.) - (17.0.0.611) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avp.exe [28/06/2016 00:54:28] CPU Usage:0 % --> Command Line : 3640 | [Owner : SERVICE LOCAL | Parent : 948(services.exe) | 1.3 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 3656 | [Owner : SERVICE LOCAL | Parent : 948(services.exe) | 6.14 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 3664 | [Owner : Système | Parent : 948(services.exe) | 8.73 Mo] - (.- DolbyDAX2API.) - (0.5.2.33) = C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [22/09/2015 20:37:02] CPU Usage:0 % --> Command Line : 3672 | [Owner : Système | Parent : 948(services.exe) | 1.7 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 3684 | [Owner : SERVICE LOCAL | Parent : 948(services.exe) | 15.64 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 3692 | [Owner : Système | Parent : 948(services.exe) | 4.6 Mo] - (.IObit - Uninstall Programs.) - (7.0.0.104) = C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [23/01/2018 19:30:45] CPU Usage:2 % --> Command Line : 3700 | [Owner : Système | Parent : 948(services.exe) | 3.79 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 3720 | [Owner : Système | Parent : 948(services.exe) | 6.86 Mo] - (.TeamViewer GmbH - TeamViewer 13.) - (13.1.1548.0) = C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [16/01/2018 16:27:11] CPU Usage:0 % --> Command Line : 3732 | [Owner : Système | Parent : 948(services.exe) | 0.38 Mo] - (.VMware, Inc. - VMware VMnet DHCP service.) - (14.1.1.28517) = C:\Windows\SysWOW64\vmnetdhcp.exe [13/01/2018 22:15:22] CPU Usage:0 % --> Command Line : 3740 | [Owner : Système | Parent : 948(services.exe) | ?????] - (.Microsoft Corporation - Windows Security Health Service.) - (4.12.16299.309) = C:\Windows\System32\SecurityHealthService.exe [15/03/2018 17:30:51] CPU Usage:0 % --> Command Line : 3772 | [Owner : Système | Parent : 948(services.exe) | 12.98 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 3784 | [Owner : Système | Parent : 948(services.exe) | 2.57 Mo] - (.VMware, Inc. - VMware NAT Service.) - (14.1.1.28517) = C:\Windows\SysWOW64\vmnat.exe [13/01/2018 22:15:21] CPU Usage:0 % --> Command Line : 3812 | [Owner : Système | Parent : 948(services.exe) | 38.92 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 4228 | [Owner : SERVICE RÉSEAU | Parent : 948(services.exe) | 2.6 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 4384 | [Owner : Système | Parent : 948(services.exe) | 9 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 4396 | [Owner : Système | Parent : 948(services.exe) | 4.14 Mo] - (.VMware, Inc. - VMware Authorization Service.) - (14.1.1.28517) = C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe [08/01/2018 01:57:44] CPU Usage:0 % --> Command Line : 4404 | [Owner : Système | Parent : 948(services.exe) | 2.36 Mo] - (.VMware, Inc. - VMware USB Arbitration Service.) - (17.1.3.0) = C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [07/11/2017 12:11:20] CPU Usage:0 % --> Command Line : 4664 | [Owner : SERVICE LOCAL | Parent : 948(services.exe) | 1.36 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 5448 | [Owner : Système | Parent : 948(services.exe) | 2.64 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 5460 | [Owner : SERVICE RÉSEAU | Parent : 948(services.exe) | 3.73 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 5844 | [Owner : SERVICE LOCAL | Parent : 948(services.exe) | 3.94 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 5356 | [Owner : Système | Parent : 880(svchost.exe) | 11.62 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.16299.248) = C:\Windows\System32\wbem\WmiPrvSE.exe [15/02/2018 18:42:14] CPU Usage:0 % --> Command Line : 6608 | [Owner : SERVICE LOCAL | Parent : 948(services.exe) | 5.11 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 6776 | [Owner : SERVICE LOCAL | Parent : 948(services.exe) | 4.82 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 7560 | [Owner : SERVICE LOCAL | Parent : 948(services.exe) | 1.32 Mo] - (.Microsoft Corporation - PresentationFontCache.exe.) - (3.0.6920.8833) = C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe [30/10/2017 16:16:40] CPU Usage:0 % --> Command Line : 7908 | [Owner : Système | Parent : 948(services.exe) | 10.76 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 7916 | [Owner : Système | Parent : 948(services.exe) | 2.1 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 9448 | [Owner : SERVICE LOCAL | Parent : 948(services.exe) | 12.36 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 9944 | [Owner : SERVICE LOCAL | Parent : 948(services.exe) | 10.71 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 9372 | [Owner : SERVICE LOCAL | Parent : 948(services.exe) | 4.72 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 11196 | [Owner : Système | Parent : 948(services.exe) | 4.66 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 10280 | [Owner : Système | Parent : 948(services.exe) | 5.82 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 12084 | [Owner : Système | Parent : 948(services.exe) | 3.85 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 15328 | [Owner : SERVICE LOCAL | Parent : 948(services.exe) | 5.09 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 11860 | [Owner : Système | Parent : 948(services.exe) | 0.08 Mo] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - (1.824.26.5200) = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [09/02/2018 18:02:50] CPU Usage:0 % --> Command Line : 14768 | [Owner : Système | Parent : 948(services.exe) | 16.49 Mo] - (.HP - HP LaserJet Service.) - (9.33.926.0) = C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [24/06/2014 22:31:48] CPU Usage:0 % --> Command Line : 15916 | [Owner : Système | Parent : 948(services.exe) | 0.09 Mo] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host Interface.) - (11.0.0.1178) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [20/01/2016 23:15:02] CPU Usage:0 % --> Command Line : 16004 | [Owner : Système | Parent : 948(services.exe) | 17.75 Mo] - (.AO Kaspersky Lab - Kaspersky Secure Connection.) - (17.0.0.611) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [28/06/2016 00:54:28] CPU Usage:0 % --> Command Line : 16156 | [Owner : Système | Parent : 948(services.exe) | 3.06 Mo] - (.Intel Corporation - Intel(R) Local Management Service.) - (11.0.0.1178) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [20/01/2016 23:13:08] CPU Usage:0 % --> Command Line : 9136 | [Owner : SERVICE LOCAL | Parent : 948(services.exe) | 5.42 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 13788 | [Owner : Système | Parent : 948(services.exe) | 8.71 Mo] - (.acer - UEIPSvc.) - (3.1.3001.0) = C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [01/02/2016 20:01:24] CPU Usage:0 % --> Command Line : 8612 | [Owner : Système | Parent : 948(services.exe) | 5.45 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 9340 | [Owner : SERVICE LOCAL | Parent : 948(services.exe) | 2.42 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 15668 | [Owner : SERVICE RÉSEAU | Parent : 880(svchost.exe) | 2.65 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.16299.248) = C:\Windows\SysWOW64\wbem\WmiPrvSE.exe [15/02/2018 18:42:13] CPU Usage:0 % --> Command Line : 7672 | [Owner : Système | Parent : 716() | ?????] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (10.0.16299.15) = C:\Windows\System32\csrss.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 13956 | [Owner : Système | Parent : 716() | 3.76 Mo] - (.Microsoft Corporation - Application d’ouverture de session Windows.) - (10.0.16299.371) = C:\Windows\System32\winlogon.exe [11/04/2018 11:24:47] CPU Usage:0 % --> Command Line : 14820 | [Owner : UMFD-3 | Parent : 13956(winlogon.exe) | 2.6 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.16299.334) = C:\Windows\System32\fontdrvhost.exe [11/04/2018 11:24:31] CPU Usage:0 % --> Command Line : 13516 | [Owner : DWM-3 | Parent : 13956(winlogon.exe) | 83.02 Mo] - (.Microsoft Corporation - Gestionnaire de fenêtres du Bureau.) - (10.0.16299.15) = C:\Windows\System32\dwm.exe [29/09/2017 14:41:41] CPU Usage:0 % --> Command Line : 15972 | [Owner : ligma | Parent : 948(services.exe) | 16.75 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 2584 | [Owner : ligma | Parent : 1756(svchost.exe) | 24.33 Mo] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.16299.15) = C:\Windows\System32\sihost.exe [29/09/2017 14:41:31] CPU Usage:0 % --> Command Line : 6496 | [Owner : ligma | Parent : 948(services.exe) | 26.65 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 12456 | [Owner : ligma | Parent : 8860() | 4.22 Mo] - (.Intel Corporation - igfxEM Module.) - (6.15.10.4550) = C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7ee21f0fcd504371\igfxEM.exe [23/11/2016 02:00:06] CPU Usage:0 % --> Command Line : 17748 | [Owner : ligma | Parent : 1432(svchost.exe) | 9.55 Mo] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.16299.15) = C:\Windows\System32\taskhostw.exe [29/09/2017 14:42:01] CPU Usage:0 % --> Command Line : 16652 | [Owner : Système | Parent : 948(services.exe) | 3.22 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 17568 | [Owner : ligma | Parent : 880(svchost.exe) | 5.86 Mo] - (.Microsoft Corporation - COM Surrogate.) - (10.0.16299.15) = C:\Windows\System32\dllhost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 11060 | [Owner : ligma | Parent : 880(svchost.exe) | 14.31 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.16299.15) = C:\Windows\System32\RuntimeBroker.exe [29/09/2017 14:41:25] CPU Usage:0 % --> Command Line : 16824 | [Owner : ligma | Parent : 880(svchost.exe) | 22.19 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.16299.15) = C:\Windows\System32\RuntimeBroker.exe [29/09/2017 14:41:25] CPU Usage:0 % --> Command Line : 18340 | [Owner : ligma | Parent : 880(svchost.exe) | 15.42 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.16299.15) = C:\Windows\System32\RuntimeBroker.exe [29/09/2017 14:41:25] CPU Usage:0 % --> Command Line : 14672 | [Owner : ligma | Parent : 7916(svchost.exe) | 8.15 Mo] - (.Microsoft Corporation - Chargeur CTF.) - (10.0.16299.15) = C:\Windows\System32\ctfmon.exe [29/09/2017 14:42:00] CPU Usage:0 % --> Command Line : 1284 | [Owner : ligma | Parent : 880(svchost.exe) | 1.4 Mo] - (.Microsoft Corporation - Microsoft IME.) - (10.0.16299.15) = C:\Windows\System32\InputMethod\CHS\ChsIME.exe [29/09/2017 14:43:19] CPU Usage:0 % --> Command Line : 10932 | [Owner : ligma | Parent : 3632(avp.exe) | 3.22 Mo] - (.AO Kaspersky Lab - Kaspersky Anti-Virus.) - (17.0.0.643) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avpui.exe [12/03/2017 01:05:16] CPU Usage:0 % --> Command Line : 1276 | [Owner : ligma | Parent : 16004(ksde.exe) | 3.98 Mo] - (.AO Kaspersky Lab - Kaspersky Secure Connection.) - (17.0.0.643) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe [12/03/2017 01:05:18] CPU Usage:0 % --> Command Line : 11992 | [Owner : ligma | Parent : 880(svchost.exe) | 7.25 Mo] - (.Microsoft Corporation - Host Process for Setting Synchronization.) - (10.0.16299.15) = C:\Windows\System32\SettingSyncHost.exe [29/09/2017 14:41:26] CPU Usage:0 % --> Command Line : 12468 | [Owner : ligma | Parent : 948(services.exe) | 30.56 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 4940 | [Owner : ligma | Parent : 16452() | 3.38 Mo] - (.Microsoft Corporation - Windows Defender notification icon.) - (4.12.16299.15) = C:\Program Files\Windows Defender\MSASCuiL.exe [29/09/2017 14:41:19] CPU Usage:0 % --> Command Line : 6648 | [Owner : ligma | Parent : 16452() | 8.94 Mo] - (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) - (1.0.0.984) = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [15/06/2016 16:31:53] CPU Usage:0 % --> Command Line : 18304 | [Owner : ligma | Parent : 16452() | 3.3 Mo] - (.Realtek Semiconductor - HD Audio Background Process.) - (1.0.0.226) = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [15/06/2016 16:31:53] CPU Usage:0 % --> Command Line : 14456 | [Owner : ligma | Parent : 16452() | 0.91 Mo] - (.-.) - (0.5.3.31) = C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe [13/11/2015 18:51:16] CPU Usage:0 % --> Command Line : 10708 | [Owner : ligma | Parent : 16452() | 4.82 Mo] - (.Greenshot - Greenshot.) - (1.2.10.6) = C:\Program Files\Greenshot\Greenshot.exe [16/02/2018 18:57:21] CPU Usage:2 % --> Command Line : 13236 | [Owner : ligma | Parent : 880(svchost.exe) | 6.91 Mo] - (.Microsoft Corporation - Casting protocol connection listener.) - (10.0.16299.15) = C:\Windows\System32\CastSrv.exe [29/09/2017 14:41:41] CPU Usage:0 % --> Command Line : 17524 | [Owner : ligma | Parent : 16452() | 11.26 Mo] - (.f.lux Software LLC - f.lux.) - (4.55.0.0) = C:\Users\ligma\AppData\Local\FluxSoftware\Flux\flux.exe [10/10/2017 20:47:00] CPU Usage:0 % --> Command Line : 15752 | [Owner : ligma | Parent : 16452() | 13.8 Mo] - (.- Ditto.) - (3.21.134.0) = C:\Program Files (x86)\Ditto\Ditto.exe [02/09/2017 14:32:55] CPU Usage:0 % --> Command Line : 11172 | [Owner : ligma | Parent : 16452() | 40.96 Mo] - (.Discord Inc. - Discord.) - (0.0.44.0) = C:\Users\ligma\AppData\Local\Discord\app-0.0.300\Discord.exe [09/01/2018 19:06:20] CPU Usage:0 % --> Command Line : 6576 | [Owner : ligma | Parent : 880(svchost.exe) | 1.83 Mo] - (.Microsoft Corporation - COM Surrogate.) - (10.0.16299.15) = C:\Windows\System32\dllhost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 5488 | [Owner : ligma | Parent : 11172(Discord.exe) | 15.04 Mo] - (.Discord Inc. - Discord.) - (0.0.44.0) = C:\Users\ligma\AppData\Local\Discord\app-0.0.300\Discord.exe [09/01/2018 19:06:20] CPU Usage:0 % --> Command Line : 13140 | [Owner : ligma | Parent : 11172(Discord.exe) | 103.88 Mo] - (.Discord Inc. - Discord.) - (0.0.44.0) = C:\Users\ligma\AppData\Local\Discord\app-0.0.300\Discord.exe [09/01/2018 19:06:20] CPU Usage:2 % --> Command Line : 18380 | [Owner : ligma | Parent : 16452() | 56.48 Mo] - (.Valve Corporation - Steam Client Bootstrapper.) - (4.44.85.6) = C:\Program Files (x86)\Steam\Steam.exe [23/07/2016 00:36:30] CPU Usage:2 % --> Command Line : 17132 | [Owner : ligma | Parent : 16452() | 160.79 Mo] - (.Vivaldi Technologies AS - Vivaldi.) - (1.14.1077.60) = C:\Program Files (x86)\Vivaldi\Application\vivaldi.exe [30/09/2017 14:05:04] CPU Usage:0 % --> Command Line : 4684 | [Owner : ligma | Parent : 17132(vivaldi.exe) | 2.58 Mo] - (.Vivaldi Technologies AS - Vivaldi.) - (1.14.1077.60) = C:\Program Files (x86)\Vivaldi\Application\vivaldi.exe [30/09/2017 14:05:04] CPU Usage:0 % --> Command Line : 11792 | [Owner : ligma | Parent : 16452() | 3.07 Mo] - (.Spotify Ltd - SpotifyWebHelper.) - (1.0.77.338) = C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.77.338.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe [11/04/2018 11:01:21] CPU Usage:0 % --> Command Line : 1376 | [Owner : ligma | Parent : 17132(vivaldi.exe) | 90.85 Mo] - (.Vivaldi Technologies AS - Vivaldi.) - (1.14.1077.60) = C:\Program Files (x86)\Vivaldi\Application\vivaldi.exe [30/09/2017 14:05:04] CPU Usage:4 % --> Command Line : 4320 | [Owner : ligma | Parent : 17132(vivaldi.exe) | 6 Mo] - (.Vivaldi Technologies AS - Vivaldi update notifier.) - (1.14.1077.60) = C:\Program Files (x86)\Vivaldi\Application\update_notifier.exe [30/09/2017 14:05:04] CPU Usage:0 % --> Command Line : 17196 | [Owner : ligma | Parent : 17132(vivaldi.exe) | 99.96 Mo] - (.Vivaldi Technologies AS - Vivaldi.) - (1.14.1077.60) = C:\Program Files (x86)\Vivaldi\Application\vivaldi.exe [30/09/2017 14:05:04] CPU Usage:0 % --> Command Line : 13208 | [Owner : ligma | Parent : 17132(vivaldi.exe) | 18 Mo] - (.Vivaldi Technologies AS - Vivaldi.) - (1.14.1077.60) = C:\Program Files (x86)\Vivaldi\Application\vivaldi.exe [30/09/2017 14:05:04] CPU Usage:0 % --> Command Line : 17936 | [Owner : ligma | Parent : 17132(vivaldi.exe) | 45.21 Mo] - (.Vivaldi Technologies AS - Vivaldi.) - (1.14.1077.60) = C:\Program Files (x86)\Vivaldi\Application\vivaldi.exe [30/09/2017 14:05:04] CPU Usage:0 % --> Command Line : 13112 | [Owner : ligma | Parent : 17132(vivaldi.exe) | 67.64 Mo] - (.Vivaldi Technologies AS - Vivaldi.) - (1.14.1077.60) = C:\Program Files (x86)\Vivaldi\Application\vivaldi.exe [30/09/2017 14:05:04] CPU Usage:0 % --> Command Line : 9504 | [Owner : ligma | Parent : 17132(vivaldi.exe) | 30.37 Mo] - (.Vivaldi Technologies AS - Vivaldi.) - (1.14.1077.60) = C:\Program Files (x86)\Vivaldi\Application\vivaldi.exe [30/09/2017 14:05:04] CPU Usage:0 % --> Command Line : 8704 | [Owner : ligma | Parent : 17132(vivaldi.exe) | 2.88 Mo] - (.Vivaldi Technologies AS - Vivaldi.) - (1.14.1077.60) = C:\Program Files (x86)\Vivaldi\Application\vivaldi.exe [30/09/2017 14:05:04] CPU Usage:0 % --> Command Line : 5280 | [Owner : ligma | Parent : 17132(vivaldi.exe) | 2.93 Mo] - (.Vivaldi Technologies AS - Vivaldi.) - (1.14.1077.60) = C:\Program Files (x86)\Vivaldi\Application\vivaldi.exe [30/09/2017 14:05:04] CPU Usage:0 % --> Command Line : 11684 | [Owner : ligma | Parent : 17132(vivaldi.exe) | 117.3 Mo] - (.Vivaldi Technologies AS - Vivaldi.) - (1.14.1077.60) = C:\Program Files (x86)\Vivaldi\Application\vivaldi.exe [30/09/2017 14:05:04] CPU Usage:0 % --> Command Line : 17416 | [Owner : ligma | Parent : 17132(vivaldi.exe) | 46.83 Mo] - (.Vivaldi Technologies AS - Vivaldi.) - (1.14.1077.60) = C:\Program Files (x86)\Vivaldi\Application\vivaldi.exe [30/09/2017 14:05:04] CPU Usage:0 % --> Command Line : 724 | [Owner : ligma | Parent : 17132(vivaldi.exe) | 7.01 Mo] - (.Vivaldi Technologies AS - Vivaldi.) - (1.14.1077.60) = C:\Program Files (x86)\Vivaldi\Application\vivaldi.exe [30/09/2017 14:05:04] CPU Usage:0 % --> Command Line : 10008 | [Owner : ligma | Parent : 17132(vivaldi.exe) | 9.09 Mo] - (.Vivaldi Technologies AS - Vivaldi.) - (1.14.1077.60) = C:\Program Files (x86)\Vivaldi\Application\vivaldi.exe [30/09/2017 14:05:04] CPU Usage:0 % --> Command Line : 15788 | [Owner : ligma | Parent : 18380(Steam.exe) | 29.44 Mo] - (.Valve Corporation - Steam Client WebHelper.) - (4.44.85.6) = C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe [10/03/2018 19:58:17] CPU Usage:0 % --> Command Line : 16140 | [Owner : ligma | Parent : 16452() | 16.26 Mo] - (.Rainmeter - Rainmeter desktop customization tool.) - (4.0.0.2746) = C:\Program Files\Rainmeter\Rainmeter.exe [01/01/2017 15:01:02] CPU Usage:0 % --> Command Line : 14388 | [Owner : ligma | Parent : 14240() | 16.6 Mo] - (.Intel - Intel Driver & Support Assistant Tray.) - (3.1.2.2) = C:\Program Files (x86)\Intel Driver and Support Assistant\DSATray.exe [17/01/2018 15:32:44] CPU Usage:0 % --> Command Line : 15040 | [Owner : ligma | Parent : 15788(steamwebhelper.exe) | 4.51 Mo] - (.Valve Corporation - Steam Client WebHelper.) - (4.44.85.6) = C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe [10/03/2018 19:58:17] CPU Usage:0 % --> Command Line : 13024 | [Owner : Système | Parent : 948(services.exe) | 2.93 Mo] - (.Valve Corporation - Steam Client Service.) - (4.44.85.6) = C:\Program Files (x86)\Common Files\Steam\SteamService.exe [10/03/2018 19:51:08] CPU Usage:0 % --> Command Line : 2868 | [Owner : ligma | Parent : 14240() | 3.72 Mo] - (.Oracle Corporation - Java Update Scheduler.) - (2.8.161.12) = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [19/12/2017 18:30:46] CPU Usage:0 % --> Command Line : 7308 | [Owner : Système | Parent : 948(services.exe) | 4.43 Mo] - (.Intel Corporation - Intel(R) Security Assist.) - (1.0.0.534) = C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [06/07/2015 12:52:38] CPU Usage:0 % --> Command Line : 13444 | [Owner : Système | Parent : 1848(IMFsrv.exe) | 14.1 Mo] - (.IObit - IObit Malware Fighter.) - (5.4.0.4201) = C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [16/01/2018 16:58:32] CPU Usage:0 % --> Command Line : 11304 | [Owner : Système | Parent : 13444(IMF.exe) | 5.21 Mo] - (.IObit - IObit Malware Fighter Tips.) - (5.0.2.4148) = C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFTips.exe [16/01/2018 16:58:32] CPU Usage:0 % --> Command Line : 16896 | [Owner : ligma | Parent : 7936() | 1.63 Mo] - (.Microsoft Corporation - Console Window Host.) - (10.0.16299.15) = C:\Windows\System32\conhost.exe [29/09/2017 14:41:45] CPU Usage:0 % --> Command Line : 17928 | [Owner : ligma | Parent : 16080() | 10.27 Mo] - (.- Intel(R) System Usage Report.) - (2.1.0.3638) = C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe [07/03/2018 16:56:30] CPU Usage:0 % --> Command Line : 15908 | [Owner : ligma | Parent : 17132(vivaldi.exe) | 1.3 Mo] - (.Vivaldi Technologies AS - Vivaldi.) - (1.14.1077.60) = C:\Program Files (x86)\Vivaldi\Application\vivaldi.exe [30/09/2017 14:05:04] CPU Usage:0 % --> Command Line : 12184 | [Owner : ligma | Parent : 880(svchost.exe) | 32.22 Mo] - (.Microsoft Corporation - Application Frame Host.) - (10.0.16299.15) = C:\Windows\System32\ApplicationFrameHost.exe [29/09/2017 14:41:37] CPU Usage:0 % --> Command Line : 1120 | [Owner : ligma | Parent : 880(svchost.exe) | 0.4 Mo] - (.Microsoft Corporation - Store.) - (11803.1001.6.0) = C:\Program Files\WindowsApps\Microsoft.WindowsStore_11803.1001.6.0_x64__8wekyb3d8bbwe\WinStore.App.exe [06/04/2018 17:29:07] CPU Usage:0 % --> Command Line : 2204 | [Owner : ligma | Parent : 880(svchost.exe) | 7.44 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.16299.15) = C:\Windows\System32\RuntimeBroker.exe [29/09/2017 14:41:25] CPU Usage:0 % --> Command Line : 8384 | [Owner : ligma | Parent : 880(svchost.exe) | 0.72 Mo] - (.Microsoft Corporation - OneNote.) - (16.0.9126.2125) = C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.9126.21251.0_x64__8wekyb3d8bbwe\onenoteim.exe [06/04/2018 17:29:12] CPU Usage:0 % --> Command Line : 18100 | [Owner : ligma | Parent : 880(svchost.exe) | 2.1 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.16299.15) = C:\Windows\System32\RuntimeBroker.exe [29/09/2017 14:41:25] CPU Usage:0 % --> Command Line : 15424 | [Owner : ligma | Parent : 880(svchost.exe) | 0.29 Mo] - (.-.) - (10.18011.1341.0) = C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.18011.13411.1000_x64__8wekyb3d8bbwe\Music.UI.exe [16/02/2018 04:29:49] CPU Usage:0 % --> Command Line : 10336 | [Owner : ligma | Parent : 880(svchost.exe) | 0.37 Mo] - (.-.) - (10.17122.1621.0) = C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17122.16211.1000_x64__8wekyb3d8bbwe\Video.UI.exe [22/02/2018 17:05:11] CPU Usage:0 % --> Command Line : 8724 | [Owner : ligma | Parent : 4680() | 10.32 Mo] - (.IObit - UninstallerMonitor.) - (7.0.2.1014) = C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe [23/01/2018 19:30:45] CPU Usage:0 % --> Command Line : 11848 | [Owner : SERVICE LOCAL | Parent : 948(services.exe) | 10.27 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 8464 | [Owner : ligma | Parent : 1432(svchost.exe) | 4.08 Mo] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.16299.15) = C:\Windows\System32\taskhostw.exe [29/09/2017 14:42:01] CPU Usage:0 % --> Command Line : 7384 | [Owner : Système | Parent : 948(services.exe) | 13.22 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 16852 | [Owner : SERVICE LOCAL | Parent : 948(services.exe) | 3.59 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 11868 | [Owner : ligma | Parent : 12304() | 1.45 Mo] - (.Acresso Software Inc. - InstallShield (R) 64-bit Setup Engine.) - (16.0.0.328) = C:\Users\ligma\AppData\Local\Temp\{29A1CD07-9D3E-45C5-AB12-2EAB8AE8F835}\ISBEW64.exe [14/04/2018 14:54:43] CPU Usage:0 % --> Command Line : 19504 | [Owner : ligma | Parent : 13956(winlogon.exe) | 117.52 Mo] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.16299.248) = C:\Windows\explorer.exe [15/02/2018 18:42:51] CPU Usage:7 % --> Command Line : 6868 | [Owner : ligma | Parent : 880(svchost.exe) | 43.76 Mo] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.16299.334) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [11/04/2018 11:24:28] CPU Usage:0 % --> Command Line : 13824 | [Owner : ligma | Parent : 880(svchost.exe) | 3.08 Mo] - (.Microsoft Corporation - Search and Cortana application.) - (10.0.16299.251) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [15/03/2018 17:30:54] CPU Usage:0 % --> Command Line : 15212 | [Owner : ligma | Parent : 880(svchost.exe) | 0.45 Mo] - (.Microsoft Corporation - Windows My People.) - (10.0.16299.15) = C:\Windows\SystemApps\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\PeopleExperienceHost.exe [29/09/2017 14:41:35] CPU Usage:0 % --> Command Line : 16992 | [Owner : ligma | Parent : 880(svchost.exe) | 1.95 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.16299.15) = C:\Windows\System32\RuntimeBroker.exe [29/09/2017 14:41:25] CPU Usage:0 % --> Command Line : 6408 | [Owner : ligma | Parent : 13560() | 64.22 Mo] - (.Spotify Ltd - Spotify.) - (1.0.77.338) = C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.77.338.0_x86__zpdnekdrzrea0\Spotify.exe [11/04/2018 11:01:21] CPU Usage:2 % --> Command Line : 12216 | [Owner : ligma | Parent : 6408(Spotify.exe) | 1.7 Mo] - (.Spotify Ltd - Spotify.) - (1.0.77.338) = C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.77.338.0_x86__zpdnekdrzrea0\Spotify.exe [11/04/2018 11:01:21] CPU Usage:0 % --> Command Line : 8744 | [Owner : ligma | Parent : 6408(Spotify.exe) | 82.2 Mo] - (.Spotify Ltd - Spotify.) - (1.0.77.338) = C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.77.338.0_x86__zpdnekdrzrea0\Spotify.exe [11/04/2018 11:01:21] CPU Usage:0 % --> Command Line : 5104 | [Owner : ligma | Parent : 6408(Spotify.exe) | 154.09 Mo] - (.Spotify Ltd - Spotify.) - (1.0.77.338) = C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.77.338.0_x86__zpdnekdrzrea0\Spotify.exe [11/04/2018 11:01:21] CPU Usage:4 % --> Command Line : 13920 | [Owner : Système | Parent : 948(services.exe) | 3.59 Mo] - (.Sandboxie Holdings, LLC - Sandboxie Service.) - (5.24.0.0) = C:\Program Files\Sandboxie\SbieSvc.exe [09/03/2018 19:17:56] CPU Usage:0 % --> Command Line : 18560 | [Owner : Système | Parent : 13920(SbieSvc.exe) | 1.43 Mo] - (.Sandboxie Holdings, LLC - Sandboxie Service.) - (5.24.0.0) = C:\Program Files\Sandboxie\SbieSvc.exe [09/03/2018 19:17:56] CPU Usage:0 % --> Command Line : 7236 | [Owner : ANONYMOUS LOGON | Parent : 13920(SbieSvc.exe) | 5.2 Mo] - (.Sandboxie Holdings, LLC - Sandboxie COM Services (RPC).) - (5.24.0.0) = C:\Program Files\Sandboxie\SandboxieRpcSs.exe [08/03/2018 20:15:24] CPU Usage:0 % --> Command Line : 2100 | [Owner : ANONYMOUS LOGON | Parent : 7236(SandboxieRpcSs.exe) | 1.4 Mo] - (.Sandboxie Holdings, LLC - Sandboxie COM Services (DCOM).) - (5.24.0.0) = C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe [08/03/2018 20:15:08] CPU Usage:0 % --> Command Line : 11500 | [Owner : ANONYMOUS LOGON | Parent : 11864() | 7.55 Mo] - (.Vivaldi Technologies AS - Vivaldi update notifier.) - (1.14.1077.60) = C:\Program Files (x86)\Vivaldi\Application\update_notifier.exe [30/09/2017 14:05:04] CPU Usage:0 % --> Command Line : 18588 | [Owner : ligma | Parent : 13920(SbieSvc.exe) | 0.3 Mo] - (.Sandboxie Holdings, LLC - Sandboxie Service.) - (5.24.0.0) = C:\Program Files\Sandboxie\32\SbieSvc.exe [08/03/2018 20:14:50] CPU Usage:0 % --> Command Line : 19884 | [Owner : ANONYMOUS LOGON | Parent : 11864() | 0.73 Mo] - (.Sandboxie Holdings, LLC - Sandboxie COM Services (CryptSvc).) - (5.24.0.0) = C:\Program Files\Sandboxie\SandboxieCrypto.exe [08/03/2018 20:15:08] CPU Usage:0 % --> Command Line : 7092 | [Owner : ANONYMOUS LOGON | Parent : 2100(SandboxieDcomLaunch.exe) | 5.25 Mo] - (.Microsoft Corporation - COM Surrogate.) - (10.0.16299.15) = C:\Windows\System32\dllhost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 11452 | [Owner : ligma | Parent : 17132(vivaldi.exe) | 20.71 Mo] - (.Vivaldi Technologies AS - Vivaldi.) - (1.14.1077.60) = C:\Program Files (x86)\Vivaldi\Application\vivaldi.exe [30/09/2017 14:05:04] CPU Usage:0 % --> Command Line : 16784 | [Owner : ligma | Parent : 880(svchost.exe) | 1.87 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.16299.15) = C:\Windows\System32\RuntimeBroker.exe [29/09/2017 14:41:25] CPU Usage:0 % --> Command Line : 16128 | [Owner : ligma | Parent : 17132(vivaldi.exe) | 73.16 Mo] - (.Vivaldi Technologies AS - Vivaldi.) - (1.14.1077.60) = C:\Program Files (x86)\Vivaldi\Application\vivaldi.exe [30/09/2017 14:05:04] CPU Usage:0 % --> Command Line : 4656 | [Owner : ligma | Parent : 19504(explorer.exe) | 39.85 Mo] - (.www.TAGO-Solutions.com - TAGO-Fences.) - (2.5.0.0) = C:\Program Files (x86)\TAGO-Fences\TAGO-Fences.exe [29/09/2013 11:16:36] CPU Usage:0 % --> Command Line : 13912 | [Owner : ligma | Parent : 15788(steamwebhelper.exe) | 4.49 Mo] - (.Valve Corporation - Steam Client WebHelper.) - (4.44.85.6) = C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe [10/03/2018 19:58:17] CPU Usage:0 % --> Command Line : 13624 | [Owner : ligma | Parent : 17132(vivaldi.exe) | 31.59 Mo] - (.Vivaldi Technologies AS - Vivaldi.) - (1.14.1077.60) = C:\Program Files (x86)\Vivaldi\Application\vivaldi.exe [30/09/2017 14:05:04] CPU Usage:0 % --> Command Line : 18548 | [Owner : ANONYMOUS LOGON | Parent : 2100(SandboxieDcomLaunch.exe) | 1.07 Mo] - (.Microsoft Corporation - Processus hôte Windows (Rundll32).) - (10.0.16299.15) = C:\Windows\System32\rundll32.exe [29/09/2017 14:41:58] CPU Usage:0 % --> Command Line : 7084 | [Owner : ANONYMOUS LOGON | Parent : 2100(SandboxieDcomLaunch.exe) | 1.07 Mo] - (.Microsoft Corporation - Processus hôte Windows (Rundll32).) - (10.0.16299.15) = C:\Windows\System32\rundll32.exe [29/09/2017 14:41:58] CPU Usage:0 % --> Command Line : 12108 | [Owner : ANONYMOUS LOGON | Parent : 2100(SandboxieDcomLaunch.exe) | 1.07 Mo] - (.Microsoft Corporation - Processus hôte Windows (Rundll32).) - (10.0.16299.15) = C:\Windows\System32\rundll32.exe [29/09/2017 14:41:58] CPU Usage:0 % --> Command Line : 20968 | [Owner : ligma | Parent : 19504(explorer.exe) | 11.27 Mo] - (.Sandboxie Holdings, LLC - Sandboxie Control.) - (5.24.0.0) = C:\Program Files\Sandboxie\SbieCtrl.exe [08/03/2018 20:15:24] CPU Usage:0 % --> Command Line : 17124 | [Owner : ANONYMOUS LOGON | Parent : 6676() | 82.72 Mo] - (.Google Inc. - Google Chrome.) - (65.0.3325.181) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [06/04/2017 16:55:39] CPU Usage:0 % --> Command Line : 7584 | [Owner : ANONYMOUS LOGON | Parent : 17124(chrome.exe) | 1.73 Mo] - (.Google Inc. - Google Chrome.) - (65.0.3325.181) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [06/04/2017 16:55:39] CPU Usage:0 % --> Command Line : 20540 | [Owner : ANONYMOUS LOGON | Parent : 17124(chrome.exe) | 1.11 Mo] - (.Google Inc. - Google Chrome.) - (65.0.3325.181) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [06/04/2017 16:55:39] CPU Usage:0 % --> Command Line : 20776 | [Owner : ANONYMOUS LOGON | Parent : 17124(chrome.exe) | 23.86 Mo] - (.Google Inc. - Google Chrome.) - (65.0.3325.181) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [06/04/2017 16:55:39] CPU Usage:0 % --> Command Line : 20840 | [Owner : ANONYMOUS LOGON | Parent : 17124(chrome.exe) | 3.13 Mo] - (.Google Inc. - Google Chrome.) - (65.0.3325.181) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [06/04/2017 16:55:39] CPU Usage:0 % --> Command Line : 5144 | [Owner : ANONYMOUS LOGON | Parent : 17124(chrome.exe) | 24.99 Mo] - (.Google Inc. - Google Chrome.) - (65.0.3325.181) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [06/04/2017 16:55:39] CPU Usage:0 % --> Command Line : 8468 | [Owner : ANONYMOUS LOGON | Parent : 17124(chrome.exe) | 3.09 Mo] - (.Google Inc. - Google Chrome.) - (65.0.3325.181) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [06/04/2017 16:55:39] CPU Usage:0 % --> Command Line : 4076 | [Owner : ANONYMOUS LOGON | Parent : 17124(chrome.exe) | 18.97 Mo] - (.Google Inc. - Google Chrome.) - (65.0.3325.181) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [06/04/2017 16:55:39] CPU Usage:0 % --> Command Line : 19636 | [Owner : ANONYMOUS LOGON | Parent : 17124(chrome.exe) | 65.3 Mo] - (.Google Inc. - Google Chrome.) - (65.0.3325.181) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [06/04/2017 16:55:39] CPU Usage:0 % --> Command Line : 8016 | [Owner : ligma | Parent : 880(svchost.exe) | 13.77 Mo] - (.Microsoft Corporation - System Settings Broker.) - (10.0.16299.15) = C:\Windows\System32\SystemSettingsBroker.exe [29/09/2017 14:42:06] CPU Usage:0 % --> Command Line : 15148 | [Owner : ligma | Parent : 15788(steamwebhelper.exe) | 16.37 Mo] - (.Valve Corporation - Steam Client WebHelper.) - (4.44.85.6) = C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe [10/03/2018 19:58:17] CPU Usage:0 % --> Command Line : 2096 | [Owner : ligma | Parent : 17132(vivaldi.exe) | 33.46 Mo] - (.Vivaldi Technologies AS - Vivaldi.) - (1.14.1077.60) = C:\Program Files (x86)\Vivaldi\Application\vivaldi.exe [30/09/2017 14:05:04] CPU Usage:0 % --> Command Line : 3752 | [Owner : ligma | Parent : 17132(vivaldi.exe) | 113.65 Mo] - (.Vivaldi Technologies AS - Vivaldi.) - (1.14.1077.60) = C:\Program Files (x86)\Vivaldi\Application\vivaldi.exe [30/09/2017 14:05:04] CPU Usage:0 % --> Command Line : 7676 | [Owner : ligma | Parent : 880(svchost.exe) | 0.49 Mo] - (.Microsoft Corporation - Paramètres.) - (10.0.16299.15) = C:\Windows\ImmersiveControlPanel\SystemSettings.exe [29/09/2017 14:43:11] CPU Usage:0 % --> Command Line : 16736 | [Owner : ligma | Parent : 880(svchost.exe) | 0.35 Mo] - (.-.) - (10.1803.1803.12001) = C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1803.711.1000_x64__8wekyb3d8bbwe\Calculator.exe [24/03/2018 12:00:59] CPU Usage:0 % --> Command Line : 10404 | [Owner : ligma | Parent : 880(svchost.exe) | 1.58 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.16299.15) = C:\Windows\System32\RuntimeBroker.exe [29/09/2017 14:41:25] CPU Usage:0 % --> Command Line : 11572 | [Owner : Système | Parent : 948(services.exe) | 2.58 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 1360 | [Owner : Système | Parent : 948(services.exe) | 35.97 Mo] - (.- Intel(R) System Usage Report.) - (2.1.0.3638) = C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe [07/03/2018 16:56:30] CPU Usage:0 % --> Command Line : 11104 | [Owner : ligma | Parent : 15788(steamwebhelper.exe) | 30.8 Mo] - (.Valve Corporation - Steam Client WebHelper.) - (4.44.85.6) = C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe [10/03/2018 19:58:17] CPU Usage:0 % --> Command Line : 26444 | [Owner : ligma | Parent : 13920(SbieSvc.exe) | 5.25 Mo] - (.Sandboxie Holdings, LLC - Sandboxie Service.) - (5.24.0.0) = C:\Program Files\Sandboxie\SbieSvc.exe [09/03/2018 19:17:56] CPU Usage:0 % --> Command Line : 26084 | [Owner : ligma | Parent : 17132(vivaldi.exe) | 150.43 Mo] - (.Vivaldi Technologies AS - Vivaldi.) - (1.14.1077.60) = C:\Program Files (x86)\Vivaldi\Application\vivaldi.exe [30/09/2017 14:05:04] CPU Usage:0 % --> Command Line : 16660 | [Owner : SERVICE LOCAL | Parent : 2792(svchost.exe) | 19.3 Mo] - (.Microsoft Corporation - Isolation graphique de périphérique audio Windows.) - (10.0.16299.248) = C:\Windows\System32\audiodg.exe [15/02/2018 18:43:14] CPU Usage:0 % --> Command Line : 6228 | [Owner : ligma | Parent : 880(svchost.exe) | 9.95 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.16299.15) = C:\Windows\System32\RuntimeBroker.exe [29/09/2017 14:41:25] CPU Usage:0 % --> Command Line : 27444 | [Owner : ligma | Parent : 880(svchost.exe) | 91.24 Mo] - (.Microsoft Corporation - Microsoft Outlook.) - (16.0.9126.2153) = C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.9126.21535.0_x64__8wekyb3d8bbwe\HxOutlook.exe [11/04/2018 11:03:28] CPU Usage:0 % --> Command Line : 13636 | [Owner : ligma | Parent : 880(svchost.exe) | 38.84 Mo] - (.Microsoft Corporation - Microsoft Outlook Communications.) - (16.0.9126.2153) = C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.9126.21535.0_x64__8wekyb3d8bbwe\HxTsr.exe [11/04/2018 11:03:28] CPU Usage:0 % --> Command Line : 22784 | [Owner : ligma | Parent : 880(svchost.exe) | 11.3 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.16299.15) = C:\Windows\System32\RuntimeBroker.exe [29/09/2017 14:41:25] CPU Usage:0 % --> Command Line : 19004 | [Owner : ligma | Parent : 17132(vivaldi.exe) | 118.22 Mo] - (.Vivaldi Technologies AS - Vivaldi.) - (1.14.1077.60) = C:\Program Files (x86)\Vivaldi\Application\vivaldi.exe [30/09/2017 14:05:04] CPU Usage:0 % --> Command Line : 21124 | [Owner : ligma | Parent : 880(svchost.exe) | 0.43 Mo] - (.-.) - (12.1811.248.0) = C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.1000_x64__kzf8qxf38zg5c\SkypeHost.exe [24/03/2018 12:01:38] CPU Usage:0 % --> Command Line : 18628 | [Owner : ligma | Parent : 880(svchost.exe) | 2 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.16299.15) = C:\Windows\System32\RuntimeBroker.exe [29/09/2017 14:41:25] CPU Usage:0 % --> Command Line : 24892 | [Owner : ligma | Parent : 5788() | 126.23 Mo] - (.Skype Technologies S.A. - Skype.) - (7.41.0.101) = C:\Program Files (x86)\Skype\Phone\Skype.exe [13/03/2018 16:39:58] CPU Usage:0 % --> Command Line : 5852 | [Owner : Système | Parent : 948(services.exe) | 6.54 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 16420 | [Owner : SERVICE LOCAL | Parent : 948(services.exe) | 5.35 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 26348 | [Owner : ligma | Parent : 880(svchost.exe) | 86.98 Mo] - (.Skype Technologies - Skype Browser Host.) - (6.13.0.270) = C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe [06/03/2018 13:26:26] CPU Usage:0 % --> Command Line : 21064 | [Owner : SERVICE LOCAL | Parent : 948(services.exe) | 8.74 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 26296 | [Owner : ligma | Parent : 880(svchost.exe) | 27.45 Mo] - (.Microsoft Corporation - Windows Defender SmartScreen.) - (10.0.16299.98) = C:\Windows\System32\smartscreen.exe [12/12/2017 19:41:19] CPU Usage:0 % --> Command Line : 16352 | [Owner : SERVICE LOCAL | Parent : 948(services.exe) | 8.39 Mo] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (10.0.16299.15) = C:\Windows\System32\WUDFHost.exe [29/09/2017 14:41:51] CPU Usage:0 % --> Command Line : 20668 | [Owner : ligma | Parent : 19504(explorer.exe) | 29.13 Mo] - (.SosVirus - QuickDiag.) - (22.10.17.1) = C:\Users\ligma\Desktop\QuickDiag.exe [15/04/2018 17:57:10] CPU Usage:0 % --> Command Line : 27420 | [Owner : ligma | Parent : 17132(vivaldi.exe) | 58.42 Mo] - (.Vivaldi Technologies AS - Vivaldi.) - (1.14.1077.60) = C:\Program Files (x86)\Vivaldi\Application\vivaldi.exe [30/09/2017 14:05:04] CPU Usage:0 % --> Command Line : 20808 | [Owner : Système | Parent : 948(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 12972 | [Owner : Système | Parent : 948(services.exe) | 5.55 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 14684 | [Owner : Système | Parent : 948(services.exe) | ?????] - (.Microsoft Corporation - Antimalware Service Executable.) - (4.12.17007.18022) = C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18022-0\MsMpEng.exe [17/03/2018 09:08:09] CPU Usage:0 % --> Command Line : 24456 | [Owner : ligma | Parent : 19504(explorer.exe) | 43.18 Mo] - (.SosVirus - QuickDiag.) - (22.10.17.1) = C:\Users\ligma\Desktop\QuickDiag.exe [15/04/2018 17:57:10] CPU Usage:0 % --> Command Line : 15348 | [Owner : SERVICE RÉSEAU | Parent : 25956() | 7.9 Mo] - (.Microsoft Corporation - Microsoft Malware Protection Command Line Utility.) - (4.12.17007.18022) = C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18022-0\MpCmdRun.exe [17/03/2018 09:08:09] CPU Usage:0 % --> Command Line : 16388 | [Owner : Système | Parent : 14684(MsMpEng.exe) | 9.69 Mo] - (.Microsoft Corporation - Microsoft Malware Protection Command Line Utility.) - (4.12.17007.18022) = C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18022-0\MpCmdRun.exe [17/03/2018 09:08:09] CPU Usage:0 % --> Command Line : 13620 | [Owner : Système | Parent : 16388(MpCmdRun.exe) | 6.96 Mo] - (.Microsoft Corporation - Console Window Host.) - (10.0.16299.15) = C:\Windows\System32\conhost.exe [29/09/2017 14:41:45] CPU Usage:0 % --> Command Line : 17328 | [Owner : SERVICE LOCAL | Parent : 948(services.exe) | ?????] - (.Microsoft Corporation - Microsoft Network Realtime Inspection Service.) - (4.12.17007.18022) = C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18022-0\NisSrv.exe [17/03/2018 09:08:09] CPU Usage:0 % --> Command Line : 24024 | [Owner : SERVICE RÉSEAU | Parent : 948(services.exe) | 18.77 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 25328 | [Owner : SERVICE RÉSEAU | Parent : 880(svchost.exe) | 9.53 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.16299.248) = C:\Windows\SysWOW64\wbem\WmiPrvSE.exe [15/02/2018 18:42:13] CPU Usage:0 % --> Command Line : ---------- | MD5 [MD5.A77D56422C38C1F8A00D95D2D5B1675E] - [15/02/2018 18:42:51] - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [3812.79 Ko] - (10.0.16299.248) : C:\WINDOWS\Explorer.exe [MD5.E08FE2DE3DDD22123247D49A11B4F53D] - [29/09/2017 14:41:33] - (.© Microsoft Corporation. Tous droits réservés. - Interpréteur de commandes Windows.) - [266.5 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\cmd.exe [MD5.4E043FE41901F1EA1B0FCCEF3C077C56] - [29/09/2017 14:41:43] - (.© Microsoft Corporation. Tous droits réservés. - Processus d’exécution client-serveur.) - [17.27 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\csrss.exe [MD5.5D94FA288F4BB230FE77BC67DE506257] - [29/09/2017 14:41:43] - (.© Microsoft Corporation. - COM Surrogate.) - [20.4 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\dllhost.exe [MD5.222A8E8EA615529B5025DE5782830AF1] - [29/09/2017 14:42:04] - (.© Microsoft Corporation. Tous droits réservés. - DLL du client API BASE Windows NT.) - [686.1 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\Kernel32.dll [MD5.94E06D509D50807774F35BEE3163E806] - [29/09/2017 14:41:43] - (.© Microsoft Corporation. - Local Security Authority Process.) - [56.62 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\lsass.exe [MD5.79BDBB684629A526CCD958F06B9D6FAD] - [29/09/2017 14:41:44] - (.© Microsoft Corporation. - Distributed COM Services.) - [1091 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\rpcss.dll [MD5.731A783A36A8E69A6434D19D98B12A09] - [29/09/2017 14:41:58] - (.© Microsoft Corporation. Tous droits réservés. - Processus hôte Windows (Rundll32).) - [69.5 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\rundll32.exe [MD5.AB75687641C9ADBE22336EC3C496909C] - [06/01/2018 10:59:09] - (.© Microsoft Corporation. Tous droits réservés. - Applications Services et Contrôleur.) - [601.34 Ko] - (10.0.16299.192) : C:\WINDOWS\System32\services.exe [MD5.440684C4F823AAE2CC587363F9C477A6] - [29/09/2017 14:41:43] - (.© Microsoft Corporation. Tous droits réservés. - Processus hôte pour les services Windows.) - [47.55 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\svchost.exe [MD5.0370364D4D8846B6CF316ABBB2EDB083] - [12/12/2017 19:41:25] - (.© Microsoft Corporation. Tous droits réservés. - DLL client de l’API uilisateur de Windows multi-utilisateurs.) - [1595.98 Ko] - (10.0.16299.125) : C:\WINDOWS\System32\user32.dll [MD5.755ED4FDBD7D6C3980610E26E527E2F5] - [29/09/2017 14:41:43] - (.© Microsoft Corporation. Tous droits réservés. - Application d’ouverture de session Userinit.) - [31.5 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\userinit.exe [MD5.BF3E1D9B2360C6BE4CC3094CD2DDC617] - [29/09/2017 14:41:43] - (.© Microsoft Corporation. Tous droits réservés. - Application de démarrage de Windows.) - [351.16 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\Wininit.exe [MD5.C67E7F605A830AA96A204ECCDC678FBC] - [11/04/2018 11:24:47] - (.© Microsoft Corporation. Tous droits réservés. - Application d’ouverture de session Windows.) - [699.5 Ko] - (10.0.16299.371) : C:\WINDOWS\System32\Winlogon.exe [MD5.9619C0D7DB55CC3A636A24A7D82B0C8E] - [11/04/2018 11:25:03] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de fonction connexe pour WinSock.) - [599.91 Ko] - (10.0.16299.371) : C:\WINDOWS\System32\Drivers\afd.sys [MD5.6191B9B2EE0E8CB957C683B9B341CC86] - [29/09/2017 14:41:03] - (.© Microsoft Corporation. - ATAPI IDE Miniport Driver.) - [27.9 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\Drivers\atapi.sys [MD5.10B25A467C6FB6ACBDB2D203B98BEFBC] - [15/03/2018 17:30:48] - (.© Microsoft Corporation. - ATAPI Driver Extension.) - [189.9 Ko] - (10.0.16299.251) : C:\WINDOWS\System32\Drivers\ataport.sys [MD5.9E82A95D77AC78C84BA75FF896B060BF] - [29/09/2017 14:41:43] - (.© Microsoft Corporation. - CD-ROM File System Driver.) - [91 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\Drivers\cdfs.sys [MD5.6D83565C1652E80447EDEA6947FA89D7] - [29/09/2017 14:41:02] - (.© Microsoft Corporation. - SCSI CD-ROM Driver.) - [156 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\Drivers\cdrom.sys [MD5.FAEC08F583CAD06D4F057DBB733A03A1] - [11/04/2018 11:24:20] - (.© Microsoft Corporation. - DFS Namespace Client Driver.) - [147.5 Ko] - (10.0.16299.371) : C:\WINDOWS\System32\Drivers\dfsc.sys [MD5.99A34FD1F6431A10D8C3BB50E170D0F2] - [29/09/2017 14:40:59] - (.© Microsoft Corporation. - High Definition Audio Bus Driver.) - [84 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\Drivers\hdaudbus.sys [MD5.56FF074E50F9042FD2856AB3418F4B18] - [29/09/2017 14:41:08] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de port i8042.) - [103.5 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\Drivers\i8042prt.sys [MD5.7BEC2AF23F586EFF0DB4DBF4331B0C70] - [29/09/2017 14:41:33] - (.© Microsoft Corporation. - IP Network Address Translator.) - [209 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\Drivers\ipnat.sys [MD5.71729B1EE949E1B092CB5CB75CC63715] - [15/02/2018 18:43:13] - (.© Microsoft Corporation. Tous droits réservés. - Minirdr SMB Windows NT.) - [482.9 Ko] - (10.0.16299.248) : C:\WINDOWS\System32\Drivers\mrxsmb.sys [MD5.25D126EFFEC0B117DA4C81F7AE6C99FC] - [11/04/2018 11:24:59] - (.© Microsoft Corporation. Tous droits réservés. - NDIS (Network Driver Interface Specification).) - [1247.91 Ko] - (10.0.16299.371) : C:\WINDOWS\System32\Drivers\ndis.sys [MD5.E5C5E6ED3949546E2ACA79B6A3817202] - [11/04/2018 11:25:10] - (.© Microsoft Corporation. - MBT Transport driver.) - [309.5 Ko] - (10.0.16299.371) : C:\WINDOWS\System32\Drivers\netbt.sys [MD5.ADF52C1A5831EA1009382B3BE3A204B3] - [11/04/2018 11:25:06] - (.© Microsoft Corporation. Tous droits réservés. - Pilote du système de fichiers NT.) - [2338.91 Ko] - (10.0.16299.371) : C:\WINDOWS\System32\Drivers\ntfs.sys [MD5.2E07EC2C1622F5E7B535D62DCD61F3AB] - [29/09/2017 14:41:03] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de port parallèle.) - [96.5 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\Drivers\parport.sys [MD5.E0220BB6580D34001D4D1D133052DAA4] - [29/09/2017 14:41:58] - (.© Microsoft Corporation. - RAS L2TP mini-port/call-manager driver.) - [104 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\Drivers\rasl2tp.sys [MD5.39886C19FB466BBF8AEC31E3E77C034C] - [11/04/2018 11:24:20] - (.© Microsoft Corporation. Tous droits réservés. - Redirecteur de périphérique de Microsoft RDP.) - [178.5 Ko] - (10.0.16299.371) : C:\WINDOWS\System32\Drivers\rdpdr.sys [MD5.AE5CA8D3D81DCC76C5FFF1CD60E48606] - [11/04/2018 11:24:58] - (.© Microsoft Corporation. Tous droits réservés. - Pilote TCP/IP.) - [2708.41 Ko] - (10.0.16299.334) : C:\WINDOWS\System32\Drivers\tcpip.sys [MD5.09125A12CAB5F8D5EAE9C83C25792FDD] - [11/04/2018 11:24:21] - (.© Microsoft Corporation. - TDI Translation Driver.) - [118.41 Ko] - (10.0.16299.371) : C:\WINDOWS\System32\Drivers\tdx.sys [MD5.5B27846CF4B1C21AFB3A35A8336BA02F] - [12/12/2017 19:41:06] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de cliché instantané du volume.) - [391.9 Ko] - (10.0.16299.125) : C:\WINDOWS\System32\Drivers\volsnap.sys ---------- | Locked Applications ---------- | Explorer.exe component call (Microsoft Files Whitelisted) (..-..) - (0.0.0.0) -- C:\WINDOWS\SYSTEM32\inputhost.dll (.Intel Corporation.-.User Mode Driver for Intel(R) Graphics Technology.) - (21.20.16.4550) -- C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7ee21f0fcd504371\igd10iumd64.dll (.Intel Corporation.-.Intel Graphics Shader Compiler for Intel(R) Graphics Accelerator.) - (21.20.16.4550) -- C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7ee21f0fcd504371\igc64.dll (..-.fzshellext Dynamic Link Library.) - (3.32.0.0) -- C:\Program Files\FileZilla FTP Client\fzshellext_64.dll (.AO Kaspersky Lab.-.Shell Extension.) - (17.0.0.727) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\shellex.dll (.AO Kaspersky Lab.-.Helper Library.) - (1.7.106.0) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\remote_eka_prague_loader.dll (.AO Kaspersky Lab.-.PR_REMOTE.) - (1.7.106.1) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\prremote.dll (.AO Kaspersky Lab.-.Prague Core.) - (1.7.106.0) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\prcore.dll (.AO Kaspersky Lab.-.Component service provider.) - (1.10.0.0) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\kl_service.dll (.AO Kaspersky Lab.-.Proxy Stubs.) - (17.0.0.783) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\pxstub.ppl (.AO Kaspersky Lab.-.Structure Serializer.) - (17.0.0.727) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\params.ppl (.AO Kaspersky Lab.-.Kaspersky Product Info library.) - (17.0.0.727) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\product_info.dll (.AO Kaspersky Lab.-.Product Metainformation.) - (17.0.0.881) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\product_metainfo.dll (.Alexander Roshal.-.WinRAR shell extension.) - (5.60.1.0) -- C:\Program Files\WinRAR\rarext.dll (.IObit.-.IObitUnlockerExtension.) - (1.2.0.2) -- C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll (.IObit.-.IMFShellExt Module.) - (5.0.0.2166) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll (..-.ShellHandler for Notepad++ (64 bit).) - (0.1.0.0) -- C:\Program Files (x86)\Notepad++\NppShell_06.dll (.AIMP DevTeam.-.Context Menu Extension.) - (4.0.0.0) -- C:\Program Files (x86)\AIMP\System\aimp_menu64.dll (.IObit.-.ASCExtMenu Module.) - (11.0.0.9) -- C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll ---------- | Svchost.exe component call (Microsoft Files Whitelisted) (.(c) Copyright 2015 HP Development Company, L.P..-.HP WIA 2.0 scanner driver.) - (36.0.75.24896) -- C:\WINDOWS\system32\hpwia2_lj276.dll (.Copyright (C) 2012 Hewlett-Packard Development Company, LP Reproduction, adaptation or translation without prior written permission is prohibited, except as allowed under the copyright laws..-.HP Scanner Driver.) - (36.0.75.24896) -- C:\WINDOWS\system32\hpptsplj276_x64.dll (.http://www.sqlite.org/copyright.html.-.SQLite is a software library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine..) - (3.19.3.0) -- C:\WINDOWS\System32\winsqlite3.dll (.Copyright (c) 1998-2016 Intel Corporation..-.Intel Graphics Shader Compiler for Intel(R) Graphics Accelerator.) - (21.20.16.4550) -- C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7ee21f0fcd504371\igc64.dll (.Copyright © 1998-2017 VMware, Inc..-.VMware bridge notify DLL (64-bit).) - (14.0.0.0) -- C:\Program Files (x86)\VMware\VMware Player\vmnetbridge.dll ---------- | ZeroAccess Check [HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll [HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll [HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll ---------- | Startings up OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-19\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE LOCAL OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-20\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE RÉSEAU Rainmeter - (Rainmeter.lnk [Startup]) - User: LAPTOP-UG97LR7L\ligma OneDrive - ("C:\Users\ligma\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\SOFTWARE\...\Run]) - User: LAPTOP-UG97LR7L\ligma f.lux - ("C:\Users\ligma\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\SOFTWARE\...\Run]) - User: LAPTOP-UG97LR7L\ligma Ditto - (C:\Program Files (x86)\Ditto\Ditto.exe [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\SOFTWARE\...\Run]) - User: LAPTOP-UG97LR7L\ligma TAGO-Fences - (C:\Program Files (x86)\TAGO-Fences\TAGO-Fences.exe [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\SOFTWARE\...\Run]) - User: LAPTOP-UG97LR7L\ligma Vivaldi Update Notifier - ("C:\Program Files (x86)\Vivaldi\Application\update_notifier.exe" [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\SOFTWARE\...\Run]) - User: LAPTOP-UG97LR7L\ligma Franz - ("C:\Users\ligma\AppData\Local\Franz\app-4.0.4\Franz.exe" [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\SOFTWARE\...\Run]) - User: LAPTOP-UG97LR7L\ligma Discord - (C:\Users\ligma\AppData\Local\Discord\app-0.0.300\Discord.exe [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\SOFTWARE\...\Run]) - User: LAPTOP-UG97LR7L\ligma Unified Remote V3 - ("C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe" [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\SOFTWARE\...\Run]) - User: LAPTOP-UG97LR7L\ligma ApowerMirror - (C:\Program Files (x86)\Apowersoft\ApowerMirror\ApowerMirror.exe /autoStart [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\SOFTWARE\...\Run]) - User: LAPTOP-UG97LR7L\ligma Steam - ("C:\Program Files (x86)\Steam\steam.exe" -silent [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\SOFTWARE\...\Run]) - User: LAPTOP-UG97LR7L\ligma SandboxieControl - ("C:\Program Files\Sandboxie\SbieCtrl.exe" [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\SOFTWARE\...\Run]) - User: LAPTOP-UG97LR7L\ligma SecurityHealth - (%ProgramFiles%\Windows Defender\MSASCuiL.exe [HKLM\SOFTWARE\...\Run]) - User: Public RTHDVCPL - ("C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s [HKLM\SOFTWARE\...\Run]) - User: Public RtHDVBg_Dolby - ("C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4 [HKLM\SOFTWARE\...\Run]) - User: Public DAX2_APP - (C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe -Hide [HKLM\SOFTWARE\...\Run]) - User: Public Greenshot - (C:\Program Files\Greenshot\Greenshot.exe [HKLM\SOFTWARE\...\Run]) - User: Public WindowsDefender - ("%ProgramFiles%\Windows Defender\MSASCuiL.exe" [HKLM\SOFTWARE\...\Run]) - User: Public [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\Microsoft\Command Processor] "CompletionChar"=9 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=9 [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\Microsoft\Windows\CurrentVersion\Run] "OneDrive"="C:\Users\ligma\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background "f.lux"="C:\Users\ligma\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow "Ditto"=C:\Program Files (x86)\Ditto\Ditto.exe [02/09/2017 14:32:55] "TAGO-Fences"=C:\Program Files (x86)\TAGO-Fences\TAGO-Fences.exe [29/09/2013 11:16:36] "Vivaldi Update Notifier"="C:\Program Files (x86)\Vivaldi\Application\update_notifier.exe" "Franz"="C:\Users\ligma\AppData\Local\Franz\app-4.0.4\Franz.exe" "Discord"=C:\Users\ligma\AppData\Local\Discord\app-0.0.300\Discord.exe [09/01/2018 19:06:20] "Unified Remote V3"="C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe" "ApowerMirror"=C:\Program Files (x86)\Apowersoft\ApowerMirror\ApowerMirror.exe /autoStart "Steam"="C:\Program Files (x86)\Steam\steam.exe" -silent "SandboxieControl"="C:\Program Files\Sandboxie\SbieCtrl.exe" [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Application Restart #2"=C:\Program Files (x86)\Vivaldi\Application\vivaldi.exe --always-authorize-plugins --enable-blink-features=ResizeObserver --ppapi-flash-path="C:\WINDOWS\SysWOW64\Macromed\Flash\pepflashplayer32_28_0_0_161.dll" --flag-switches-begin --flag-switches-end --restore-last-session "Application Restart #0"=C:\Program Files (x86)\Vivaldi\Application\vivaldi.exe --always-authorize-plugins --enable-blink-features=ResizeObserver --ppapi-flash-path="C:\WINDOWS\SysWOW64\Macromed\Flash\pepflashplayer32_29_0_0_140.dll" --flag-switches-begin --flag-switches-end --restore-last-session [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run] "OneDrive"=0x030000004983F2E5C74CD201 "Skype"=0x020000000000000000000000 "7 Taskbar Tweaker"=0x020000000000000000000000 "Ditto"=0x020000000000000000000000 "f.lux"=0x020000000000000000000000 "TAGO-Fences"=0x020000000000000000000000 "Vivaldi Update Notifier"=0x03000000A99C02A44A40D301 "Clavier+"=0x020000000000000000000000 "Discord"=0x020000000000000000000000 "Franz"=0x030000006A138C2800D4D301 "Unified Remote V3"=0x020000000000000000000000 "FileHippo.com"=0x020000000000000000000000 "ApowerMirror"=0x030000003DF30D1A00D4D301 "SandboxieControl"=0x03000000031290E9FFD3D301 "Steam"=0x020000000000000000000000 [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RunMRU] "a"=explorer\1 "MRUList"=onfmklihbjegdca "b"=mrt\1 "c"=control\1 "d"=chkdsk\1 "e"=diskmgmt.msc\1 "f"=cmd\1 "g"=diskpart.exe\1 "h"=regedit\1 "i"=diskpart\1 "j"=ncpa.cpl\1 "k"=notepad\1 "l"=osk\1 "m"=devmgmt.msc\1 "n"=compmgmt.msc\1 "o"=chrome\1 [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "Device"=Brother MFC-1910W series Printer,winspool,Ne06: "IsMRUEstablished"=1 "LegacyDefaultPrinterMode"=0 [HKLM\Software\Microsoft\Command Processor] "CompletionChar"=64 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=64 [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "SecurityHealth"=%ProgramFiles%\Windows Defender\MSASCuiL.exe "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s "RtHDVBg_Dolby"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4 "DAX2_APP"=C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe -Hide "Greenshot"=C:\Program Files\Greenshot\Greenshot.exe [16/02/2018 18:57:21] "WindowsDefender"="%ProgramFiles%\Windows Defender\MSASCuiL.exe" [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run] "SecurityHealth"=0x060000000000000000000000 "RTHDVCPL"=0x060000000000000000000000 "RtHDVBg_Dolby"=0x020000000000000000000000 "DAX2_APP"=0x020000000000000000000000 "HP LaserJet 200 color MFP M276 Series Fax"=0x000000000000000000000000 "Greenshot"=0x020000000000000000000000 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32] "BacKGround Agent"=0x040000000000000000000000 "AvastUI.exe"=0x020000000000000000000000 "StatusAlerts"=0x03000000043263B34A40D301 "HP Software Update"=0x03000000F34005D2C74CD201 "SunJavaUpdateSched"=0x020000000000000000000000 "Avira SystrayStartTrigger"=0x020000000000000000000000 "avgnt"=0x03000000DD8197AF4A40D301 "Avira System Speedup User Starter"=0x020000000000000000000000 "KeePass 2 PreLoad"=0x03000000DCE686B14A40D301 "IObit Malware Fighter"=0x020000000000000000000000 "SDTray"=0x020000000000000000000000 "DSATray"=0x020000000000000000000000 [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] ""=mnmsrvc "AppInit_DLLs"= "DdeSendTimeout"=0 "DesktopHeapLogging"=1 "DeviceNotSelectedTimeout"=15 "DwmInputUsesIoCompletionPort"=1 "EnableDwmInputProcessing"=7 "EnableMitInputProcessing"=7 "GDIProcessHandleQuota"=10000 "IconServiceLib"=IconCodecService.dll "LoadAppInit_DLLs"=0 "NaturalInputHandler"=Ninput.dll "ShutdownWarningDialogTimeout"=4294967295 "Spooler"=yes "ThreadUnresponsiveLogTimeout"=500 "TransmissionRetryTimeout"=90 "USERNestedWindowLimit"=50 "USERPostMessageLimit"=10000 "USERProcessHandleQuota"=10000 "Win32kLastWriteTime"=1D33928A8E92551 [HKLM\Software\WOW6432Node\Microsoft\Command Processor] "CompletionChar"=64 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=64 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] "HP Software Update"=C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [30/05/2013 13:50:10] "KeePass 2 PreLoad"="C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload "StatusAlerts"="C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on "IObit Malware Fighter"="C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart "DSATray"=C:\Program Files (x86)\Intel Driver and Support Assistant\DsaTray.exe [17/01/2018 15:32:44] "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows] ""=mnmsrvc "AppInit_DLLs"= "DdeSendTimeout"=0 "DesktopHeapLogging"=1 "DeviceNotSelectedTimeout"=15 "DwmInputUsesIoCompletionPort"=1 "EnableDwmInputProcessing"=7 "EnableMitInputProcessing"=7 "GDIProcessHandleQuota"=10000 "IconServiceLib"=IconCodecService.dll "LoadAppInit_DLLs"=0 "NaturalInputHandler"=Ninput.dll "ShutdownWarningDialogTimeout"=4294967295 "Spooler"=yes "ThreadUnresponsiveLogTimeout"=500 "TransmissionRetryTimeout"=90 "USERNestedWindowLimit"=50 "USERPostMessageLimit"=10000 "USERProcessHandleQuota"=10000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED} ---------- | Wininit.ini : [rename] NUL=C:\Program Files (x86)\Spybot - Search & Destroy 2\av\smartdb-ntfs.db ---------- | Win.ini : ---------- | System.ini : ---------- | Tasks List AcerCMUpdateTask2.1.16258 Adobe Acrobat Update Task Adobe Flash Player NPAPI Notifier Adobe Flash Player PPAPI Notifier Adobe Flash Player Updater BacKGroundAgent FUBTrackingByPLD GoogleUpdateTaskMachineCore GoogleUpdateTaskMachineUA HPLJCustParticipation IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 OneDrive Standalone Update Task-S-1-5-21-3183174187-342176784-3280352271-1001 OneDrive Standalone Update Task-S-1-5-21-3183174187-342176784-3280352271-1002 Software Update Application UbtFrameworkService USER_ESRV_SVC_QUEENCREEK User_Feed_Synchronization-{10CC98E4-641F-429D-8E1E-42F9DA71A733} ---------- | Startings up registry ? Folder ---------- | Control - lsa - SecurityProviders - Session Manager - Terminal Server [HKLM\System\CurrentControlSet\Control] "BootDriverFlags"=28 "CurrentUser"=USERNAME "EarlyStartServices"=RpcSs Power BrokerInfrastructure SystemEventsBroker DcomLaunch RpcEpMapper LSM AppIdSvc "PreshutdownOrder"=UsoSvc DeviceInstall gpsvc trustedinstaller "SvcHostSplitThresholdInKB"=3670016 "WaitToKillServiceTimeout"=200 "SystemStartOptions"= NOEXECUTE=OPTIN NOVGA "SystemBootDevice"=multi(0)disk(0)rdisk(0)partition(3) "FirmwareBootDevice"=multi(0)disk(0)rdisk(0)partition(1) "LastBootSucceeded"=1 "LastBootShutdown"=0 "DirtyShutdownCount"=19 [HKLM\System\CurrentControlSet\Control\lsa] "auditbasedirectories"=0 "auditbaseobjects"=0 "Bounds"=0x0030000000200000 "crashonauditfail"=0 "LimitBlankPasswordUse"=1 "NoLmHash"=1 "Security Packages"="" [02/10/2016 10:53:55] "Notification Packages"=scecli "Authentication Packages"=msv1_0 "disabledomaincreds"=0 "everyoneincludesanonymous"=0 "forceguest"=0 "fullprivilegeauditing"=0x80 "LsaPid"=960 "ProductType"=3 "restrictanonymous"=0 "restrictanonymoussam"=1 "SamConnectedAccountsExist"=1 "SecureBoot"=1 [HKLM\System\CurrentControlSet\Control\SecurityProviders] "SecurityProviders"=credssp.dll [HKLM\System\CurrentControlSet\Control\Session Manager] "AutoChkTimeout"=8 "BootExecute"=autocheck autochk * "BootShell"=%SystemRoot%\system32\bootim.exe "CriticalSectionTimeout"=2592000 "ExcludeFromKnownDlls"= "GlobalFlag"=0 "HeapDeCommitFreeBlockThreshold"=0 "HeapDeCommitTotalFreeThreshold"=0 "HeapSegmentCommit"=0 "HeapSegmentReserve"=0 "InitConsoleFlags"=0 "NumberOfInitialSessions"=2 "ObjectDirectories"=\Windows \RPC Control "ProcessorControl"=2 "ProtectionMode"=1 "ResourceTimeoutCount"=648000 "RunLevelExecute"=WinInit ServiceControlManager "RunLevelValidate"=ServiceControlManager "SETUPEXECUTE"= "AutoChkSkipSystemPartition"=0 "PendingFileRenameOperations"=\??\C:\Users\ligma\AppData\Local\Temp\~nsu.tmp\Au_.exe \??\C:\Users\ligma\AppData\Local\Temp\~nsu.tmp \??\C:\Users\ligma\AppData\Local\Temp\~nsu.tmp\Bu_.exe \??\C:\Users\ligma\AppData\Local\Temp\~nsu.tmp \??\C:\Users\ligma\AppData\Local\Temp\_iu14D2N.tmp \??\C:\Users\ligma\AppData\Local\Temp\~nsu.tmp\Au_.exe \??\C:\Users\ligma\AppData\Local\Temp\~nsu.tmp \??\C:\Config.Msi\3b875ed.rbf \??\C:\Config.Msi\3b875f0.rbf \??\C:\Users\ligma\AppData\Local\Temp\_iu14D2O.tmp \??\C:\Users\ligma\AppData\Local\Temp\983E.tmp.ico \??\C:\Users\ligma\AppData\Local\Temp\989D.tmp.ico \??\C:\Users\ligma\AppData\Local\Temp\~nsuA.tmp\Un_A.exe \??\C:\Users\ligma\AppData\Local\Temp\~nsuA.tmp \??\C:\Program Files\Common Files\adaware\adaware antivirus\updater\12.3.909.11573\resources\icudtl.dat \??\C:\Program Files\Common Files\adaware\adaware antivirus\updater\12.3.909.11573\resources\qtwebengine_resources.pak \??\C:\Program Files\Common Files\adaware\adaware antivirus\updater\12.3.909.11573\resources\qtwebengine_resources_100p.pak \??\C:\Program Files\Common Files\adaware\adaware antivirus\updater\12.3.909.11573\resources\qtwebengine_resources_200p.pak \??\C:\Program Files\Common Files\adaware\adaware antivirus\updater\12.3.909.11573\translations\qtwebengine_locales\fr.pak \??\C:\Config.Msi\3c655df.rbf \??\C:\Config.Msi\3c655e0.rbf \??\C:\Config.Msi\3c655e4.rbf \??\C:\Config.Msi\3c655e5.rbf \??\C:\Config.Msi\3c655e6.rbf \??\C:\Config.Msi\3c655e8.rbf \??\C:\Config.Msi\3c655e9.rbf \??\C:\Config.Msi\3c655ea.rbf \??\C:\Config.Msi\3c655eb.rbf \??\C:\Config.Msi\3c655ec.rbf \??\C:\Config.Msi\3c655ed.rbf \??\C:\Config.Msi\3c655f2.rbf \??\C:\Config.Msi\3c655f3.rbf \??\C:\Config.Msi\3c655f4.rbf \??\C:\Config.Msi\3c655f5.rbf \??\C:\Config.Msi\3c655f6.rbf \??\C:\Config.Msi\3c655f7.rbf \??\C:\Config.Msi\3c655f8.rbf \??\C:\Config.Msi\3c655f9.rbf \??\C:\Config.Msi\3c655fa.rbf \??\C:\Config.Msi\3c655fc.rbf \??\C:\Config.Msi\3c655fd.rbf \??\C:\Config.Msi\3c655ff.rbf \??\C:\Config.Msi\3c65600.rbf \??\C:\Config.Msi\3c65601.rbf \??\C:\Config.Msi\3c65602.rbf \??\C:\Config.Msi\3c65603.rbf \??\C:\Config.Msi\3c65604.rbf \??\C:\Config.Msi\3c65605.rbf \??\C:\Config.Msi\3c65606.rbf \??\C:\Config.Msi\3c65608.rbf \??\C:\Config.Msi\3c65609.rbf \??\C:\Config.Msi\3c6560a.rbf \??\C:\Config.Msi\3c6560b.rbf \??\C:\Config.Msi\3c6560c.rbf \??\C:\Config.Msi\3c6560e.rbf \??\C:\Config.Msi\3c6564d.rbf \??\C:\Config.Msi\3c65677.rbf \??\C:\Config.Msi\3c6567a.rbf \??\C:\Config.Msi\3c6567b.rbf \??\C:\Config.Msi\3c6567c.rbf \??\C:\Program Files\Common Files\adaware\adaware antivirus\updater\12.3.909.11573\resources\icudtl.dat \??\C:\Program Files\Common Files\adaware\adaware antivirus\updater\12.3.909.11573\resources\qtwebengine_resources.pak \??\C:\Program Files\Common Files\adaware\adaware antivirus\updater\12.3.909.11573\resources\qtwebengine_resources_100p.pak \??\C:\Program Files\Common Files\adaware\adaware antivirus\updater\12.3.909.11573\resources\qtwebengine_resources_200p.pak \??\C:\Program Files\Common Files\adaware\adaware antivirus\updater\12.3.909.11573\resources \??\C:\Program Files\Common Files\adaware\adaware antivirus\updater\12.3.909.11573\translations\qtwebengine_locales\fr.pak \??\C:\Program Files\Common Files\adaware\adaware antivirus\updater\12.3.909.11573\translations\qtwebengine_locales \??\C:\Program Files\Common Files\adaware\adaware antivirus\updater\12.3.909.11573\translations \??\C:\Program Files\Common Files\adaware\adaware antivirus\updater\12.3.909.11573 \??\C:\Program Files\Common Files\adaware\adaware antivirus\updater \??\C:\Program Files\Common Files\adaware\adaware antivirus \??\C:\Program Files\Common Files\adaware [HKLM\System\CurrentControlSet\Control\Terminal Server] "AllowRemoteRPC"=0 "DelayConMgrTimeout"=0 "DeleteTempDirsOnExit"=1 "fDenyTSConnections"=1 "fSingleSessionPerUser"=1 "NotificationTimeOut"=0 "PerSessionTempDir"=0 "ProductVersion"=5.1 "RCDependentServices"=CertPropSvc SessionEnv "SnapshotMonitors"=1 "StartRCM"=0 "TSUserEnabled"=0 "InstanceID"=f13c1d97-16cf-4fbc-aeea-5a7c10d "GlassSessionId"=3 ---------- | .LNK with Arguments c:\oem\preload\command\alaunchx\backuplinks\acheter en ligne.lnk - Encrypted: False - Target: C:\Program Files\Accessory Store\StartUrl.exe - Args: (hxxp://go.acer.com/?id=13415&model=Aspire V3-372) - Hidden: False - Status: OK c:\oem\preload\command\alaunchx\backuplinks\booking.com.lnk - Encrypted: False - Target: C:\Program Files\Booking.COM\StartURL.exe - Args: (hxxp://www.booking.com/index.html?aid=379334) - Hidden: False - Status: OK c:\program files\accessory store\accessory store.lnk - Encrypted: False - Target: C:\Program Files\Accessory Store\StartUrl.exe - Args: (hxxp://go.acer.com/?id=13469&model=Aspire V3-372) - Hidden: False - Status: OK c:\program files\accessory store\boutique accessoires acer.lnk - Encrypted: False - Target: C:\Program Files\Accessory Store\StartUrl.exe - Args: (hxxp://go.acer.com/?id=13469&model=Aspire V3-372) - Hidden: False - Status: OK ---------- | AppCertDlls ---------- | Dnsapi.dll C:\WINDOWS\System32\dnsapi.dll -> OK : \drivers\etc\hosts C:\WINDOWS\SysWOW64\dnsapi.dll -> OK : \drivers\etc\hosts ---------- | Policies | Registry [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Control Panel\Desktop] "ActiveWndTrackTimeout"=0 "BlockSendInputResets"=0 "CaretTimeout"=5000 "CaretWidth"=1 "ClickLockTime"=1200 "CoolSwitchColumns"=7 "CoolSwitchRows"=3 "CursorBlinkRate"=530 "DockMoving"=1 "DragFromMaximize"=1 "DragFullWindows"=1 "DragHeight"=4 "DragWidth"=4 "FocusBorderHeight"=1 "FocusBorderWidth"=1 "FontSmoothing"=2 "FontSmoothingGamma"=0 "FontSmoothingOrientation"=1 "FontSmoothingType"=2 "ForegroundFlashCount"=7 "ForegroundLockTimeout"=1698840 "LeftOverlapChars"=3 "MenuShowDelay"=400 "MouseWheelRouting"=2 "PaintDesktopVersion"=0 "Pattern"=0 "RightOverlapChars"=3 "ScreenSaveActive"=1 "SnapSizing"=1 "TileWallpaper"=0 "WallPaper"=C:\Users\ligma\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper [30/10/2017 16:38:01] "WallpaperOriginX"=0 "WallpaperOriginY"=0 "WallpaperStyle"=22 "WheelScrollChars"=3 "WheelScrollLines"=3 "WindowArrangementActive"=1 "Win8DpiScaling"=0 "DpiScalingVer"=4096 "UserPreferencesMask"=0x9E5E078012000000 "MaxVirtualDesktopDimension"=1366 "MaxMonitorDimension"=1366 "TranscodedImageCount"=1 "LastUpdated"=4294967295 "TranscodedImageCache"=0x7AC3010087730600800700003804000041C299C77B3AD30143003A005C00550073006500720073005C006C00690067006D0061005C00500069006300740075007200650073005C0046006F006E006400200064002700E9006300720061006E005C005000200048004400200036002E006A007000670000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 "Pattern Upgrade"=TRUE "LockScreenAutoLockActive"=0 "AutoColorization"=1 "ImageColor"=2951728496 "PreferredUILanguages"=fr-FR "ScreenSaverIsSecure"=1 "ScreenSaveTimeOut"=2700 "SCRNSAVE.EXE"=C:\WINDOWS\system32\Mystify.scr [29/09/2017 14:42:00] "LowLevelHooksTimeout"=5000 "WaitToKillAppTimeout"=200 "HungAppTimeout"=200 [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{018D5C66-4533-4307-9B53-224DE2ED1FE6}"=1 [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\Microsoft\Windows\CurrentVersion\Explorer] "ShellState"=0x240000003628000000000000000000000000000001000000130000000000000062000000 "ExplorerStartupTraceRecorded"=1 "UserSignedIn"=1 "SlowContextMenuEntries"=0x0114020000000000C000000000000046A226000089FAC93912707345A92DBFD1F8CA542DC62000006024B221EA3A6910A2DC08002B30309DEC1200004014B80B425F8044A5F7770A6F439FC85D2F0000FB9A790967ADD111ABCD00C04FC30936071E0000 "SIDUpdatedOnLibraries"=1 "LocalKnownFoldersMigrated"=1 "TelemetrySalt"=2 "GlobalAssocChangedCounter"=445 "FirstRunTelemetryComplete"=1 "AppReadinessLogonComplete"=1 "Browse For Folder Width"=347 "Browse For Folder Height"=290 "link"=0x1D000000 "PostAppInstallTasksCompleted"=1 [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_SearchFiles"=2 "ServerAdminUI"=0 "Hidden"=2 "ShowCompColor"=1 "HideFileExt"=0 "DontPrettyPath"=0 "ShowInfoTip"=1 "MapNetDrvBtn"=0 "WebView"=1 "Filter"=0 "ShowSuperHidden"=0 "SeparateProcess"=0 "AutoCheckSelect"=0 "IconsOnly"=0 "ShowTypeOverlay"=1 "ShowStatusBar"=1 "ListviewAlphaSelect"=1 "ListviewShadow"=1 "TaskbarAnimations"=1 "StoreAppsOnTaskbar"=1 "EnableStartMenu"=1 "StartMenuInit"=13 "ReindexedProfile"=1 "TaskbarSizeMove"=1 "DisablePreviewDesktop"=0 "TaskbarSmallIcons"=0 "TaskbarGlomLevel"=0 "DontUsePowerShellOnWinX"=1 "ShowTaskViewButton"=1 "TaskbarStateLastRun"=0xAE06CE5A00000000 "NavPaneShowAllFolders"=0 "NavPaneExpandToCurrentFolder"=0 "ShellViewReentered"=1 "HideIcons"=0 [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\WordWheelQuery] "MRUListEx"=0x14000000130000001200000011000000100000000F0000000E0000000D0000000C0000000B0000000A00000009000000030000000600000008000000070000000500000004000000010000000200000000000000FFFFFFFF "0"=0x6300750062006100730065000000 "2"=0x700072006F00640075006B00650079000000 "1"=0x500072006F00640075000000 "4"=0x69006D006100670065002000690073006F000000 "5"=0x660069006C0065007A0069006C006C0061000000 "7"=0x6600640072000000 "8"=0x6600690063006800650020006400650020007200E900760069000000 "6"=0x660069006300680065000000 "3"=0x690073006F000000 "9"=0x690073006F00200073006F007200740065003A003D00700068006F0074006F0067007200610070006800690065000000 "10"=0x570069006E0064006F00770073002E00690073006F000000 "11"=0x460069006C00650073004F007200610063006C0065005600690072007400750061006C0042006F0078000000 "12"=0x5600690072007400750061006C0042006F0078000000 "13"=0x62006C0061000000 "14"=0x6600750062000000 "15"=0x73007600630068006F0073000000 "16"=0xEA007400720065000000 "17"=0x630068006100700032000000 "18"=0x63006800610070000000 "19"=0x6400650073006B000000 "20"=0x6400650073006B0070000000 [HKLM\Software\Policies\Microsoft\Windows\System] "DisableCMD"=0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "DSCAutomationHostEnabled"=2 "EnableCursorSuppression"=1 "EnableFullTrustStartupTasks"=2 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableUwpStartupTasks"=2 "EnableVirtualization"=1 "PromptOnSecureDesktop"=1 "SupportFullTrustStartupTasks"=1 "SupportUwpStartupTasks"=1 "ValidateAdminCodeSignatures"=0 "undockwithoutlogon"=1 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "ForceActiveDesktopOn"=0 "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "NoRecentDocsHistory"=0 "NoDriveTypeAutoRun"=60 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoAddingComponents"=1 "NoComponents"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "CheckedValue"=1 "DefaultValue"=2 "HKeyRoot"=2147483649 "Id"=2 "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "ValueName"=Hidden [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer] "ActiveSetupDisabled"=0 "ActiveSetupTaskOverride"=1 "AsyncRunOnce"=1 "AsyncUpdatePCSettings"=1 "DisableAppInstallsOnFirstLogon"=1 "DisableResolveStoreCategories"=1 "DisableUpgradeCleanup"=1 "EarlyAppResolverStart"=1 "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "FSIASleepTimeInMs"=60000 "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "IconUnderline"=2 "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "MachineOobeUpdates"=1 "NoWaitOnRoamingPayloads"=1 "TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd} "SmartScreenEnabled"=RequireAdmin "GlobalAssocChangedCounter"=35 "AicEnabled"=Anywhere [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_TrackDocs"=1 "TaskbarSizeMove"=0 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s [HKLM\Software\WOW6432Node\Policies\Microsoft\Windows\System] "DisableCMD"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "DSCAutomationHostEnabled"=2 "EnableCursorSuppression"=1 "EnableFullTrustStartupTasks"=2 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableUwpStartupTasks"=2 "EnableVirtualization"=1 "PromptOnSecureDesktop"=1 "SupportFullTrustStartupTasks"=1 "SupportUwpStartupTasks"=1 "ValidateAdminCodeSignatures"=0 "undockwithoutlogon"=1 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer] "ForceActiveDesktopOn"=0 "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "NoRecentDocsHistory"=0 "NoDriveTypeAutoRun"=60 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoAddingComponents"=1 "NoComponents"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "CheckedValue"=1 "DefaultValue"=2 "HKeyRoot"=2147483649 "Id"=2 "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "ValueName"=Hidden [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer] "ActiveSetupDisabled"=0 "ActiveSetupTaskOverride"=1 "AsyncRunOnce"=1 "AsyncUpdatePCSettings"=1 "DisableAppInstallsOnFirstLogon"=1 "DisableResolveStoreCategories"=1 "DisableUpgradeCleanup"=1 "EarlyAppResolverStart"=1 "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "FSIASleepTimeInMs"=60000 "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "IconUnderline"=2 "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "MachineOobeUpdates"=1 "NoWaitOnRoamingPayloads"=1 "TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd} "GlobalAssocChangedCounter"=117 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_TrackDocs"=1 "TaskbarSizeMove"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s ---------- | Winlogon [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin;OneDrive;Work Folders "PUUActive"=0x82E4F33F0200130091009203EC9F2400DF4A3B00DF4A3B00D2000000020074001DF7A4827619D10056283D00EF5C15007DB91300918205000A34000017852D0003E1010073120000D15C30ACDAD4D30193FD45000000000001000000EC9F2400AB3F000000000000 "BuildNumber"=16299 "FirstLogon"=0 "DP"=0xD200E800200113009200000082E4F33F0000000000000000D15C30ACDAD4D301D15C30ACDAD4D301000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000F03F80510100528700001000D0501084F051276E008043501000C354100084420080900D1C04910D1E44000500C01A0818301B0C1830FB1201800009830A8029830A16040180026120000661A00024640080812088429120884A840E01008893E44088B3EC4901AA008080030D0080130D64A44E01C022C08008E7C08208FBB200808202090D8202690D "ParseAutoexec"=1 [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "AutoRestartShell"=1 "Background"=0 0 0 "CachedLogonsCount"=10 "DebugServerCommand"=no "DisableBackButton"=1 "EnableSIHostIntegration"=1 "ForceUnlockLogon"=0 "LegalNoticeCaption"= "LegalNoticeText"= "PasswordExpiryWarning"=5 "PowerdownAfterShutdown"=0 "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "ReportBootOk"=1 "Shell"=explorer.exe "ShellCritical"=0 "ShellInfrastructure"=sihost.exe "SiHostCritical"=0 "SiHostReadyTimeOut"=0 "SiHostRestartCountLimit"=0 "SiHostRestartTimeGap"=0 "VMApplet"=SystemPropertiesPerformance.exe /pagefile "WinStationsDisabled"=0 "scremoveoption"=0 "LastLogOffEndTimePerfCounter"=120379400050 "ShutdownFlags"=7 "Userinit"=C:\WINDOWS\System32\Userinit.exe, "DisableCad"=1 "DisableLockWorkstation"=0 "EnableFirstLogonAnimation"=1 "AutoLogonSID"=S-1-5-21-3183174187-342176784-3280352271-1001 "LastUsedUsername"=ligma [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon] "DefaultDomainName"= "DefaultUserName"= "EnableSIHostIntegration"=1 "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "Shell"=explorer.exe "ShellCritical"=0 "SiHostCritical"=0 "SiHostReadyTimeOut"=0 "SiHostRestartCountLimit"=0 "SiHostRestartTimeGap"=0 "Userinit"=C:\WINDOWS\system32\userinit.exe [29/09/2017 14:41:43] ---------- | Associations [HKLM\Software\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\Classes\.com] ""=comfile [HKLM\Software\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.reg] ""=regfile [HKLM\Software\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\Classes\.scr] ""=scrfile [HKLM\Software\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\Classes\.bat] ""=batfile [HKLM\Software\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.cmd] ""=cmdfile [HKLM\Software\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.pif] ""=piffile [HKLM\Software\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.inf] ""=inffile [HKLM\Software\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\Classes\.url] ""=InternetShortcut [HKLM\Software\Classes\.lnk] ""=lnkfile [HKLM\Software\Classes\.hta] ""=htafile "Content Type"=application/hta "PerceivedType"=text [HKLM\Software\Classes\htafile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\InternetShortcut] "EditFlags"=2 "FriendlyTypeName"=@C:\WINDOWS\system32\ieframe.dll,-10046 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "NeverShowExt"= "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment ""=Raccourci Internet [HKLM\Software\Classes\Application.Manifest] ""=Application Manifest "BrowserFlags"=4096 "EditFlags"=4259840 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200 [HKLM\Software\Classes\Application.Reference] ""=Application Reference "EditFlags"=131072 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201 "IsShortcut"= "NeverShowExt"= [HKLM\Software\Classes\Folder] ""=Folder "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeLayoutPatternForSearch"=alpha "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.HomeGroupSharingStatus [HKLM\Software\WOW6432Node\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\WOW6432Node\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\WOW6432Node\Classes\.com] ""=comfile [HKLM\Software\WOW6432Node\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.reg] ""=regfile [HKLM\Software\WOW6432Node\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\WOW6432Node\Classes\.scr] ""=scrfile [HKLM\Software\WOW6432Node\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\WOW6432Node\Classes\.bat] ""=batfile [HKLM\Software\WOW6432Node\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.cmd] ""=cmdfile [HKLM\Software\WOW6432Node\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.pif] ""=piffile [HKLM\Software\WOW6432Node\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.inf] ""=inffile [HKLM\Software\WOW6432Node\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\WOW6432Node\Classes\.url] ""=InternetShortcut [HKLM\Software\WOW6432Node\Classes\.lnk] ""=lnkfile [HKLM\Software\WOW6432Node\Classes\.hta] ""=htafile "Content Type"=application/hta "PerceivedType"=text [HKLM\Software\WOW6432Node\Classes\htafile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\InternetShortcut] "EditFlags"=2 "FriendlyTypeName"=@C:\WINDOWS\system32\ieframe.dll,-10046 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "NeverShowExt"= "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment ""=Raccourci Internet [HKLM\Software\WOW6432Node\Classes\Application.Manifest] ""=Application Manifest "BrowserFlags"=4096 "EditFlags"=4259840 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200 [HKLM\Software\WOW6432Node\Classes\Application.Reference] ""=Application Reference "EditFlags"=131072 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201 "IsShortcut"= "NeverShowExt"= [HKLM\Software\WOW6432Node\Classes\Folder] ""=Folder "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeLayoutPatternForSearch"=alpha "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.HomeGroupSharingStatus [HKLM\Software\Clients\StartMenuInternet\Google Chrome\Shell\open\Command] ""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [HKLM\Software\Clients\StartMenuInternet\Google Chrome\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""=C:\Program Files\Internet Explorer\iexplore.exe [11/04/2018 11:24:22] [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall [HKLM\Software\Clients\StartMenuInternet\Vivaldi\Shell\open\Command] ""="C:\Program Files (x86)\Vivaldi\Application\vivaldi.exe" [HKLM\Software\Clients\StartMenuInternet\Vivaldi\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Vivaldi\Application\vivaldi.exe" --make-default-browser [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\Shell\open\Command] ""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""=C:\Program Files\Internet Explorer\iexplore.exe [11/04/2018 11:24:22] [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Vivaldi\Shell\open\Command] ""="C:\Program Files (x86)\Vivaldi\Application\vivaldi.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Vivaldi\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Vivaldi\Application\vivaldi.exe" --make-default-browser ---------- | AppcompatFlags [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted] "C:\Users\ligma\Downloads\pile-bluetooth-widcomm-generique_pile_bluetooth_widcomm_generique_francais_322408.exe"=1 [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store] "C:\OEM\Preload\DPOP\OEMCustomize\FirstBoot.cmd"=0x534143500100000000000000070000002800000000920300914704000100000000000000000001050010000059193B14E312D1010000000000000000 "C:\Program Files\Acer\Acer Quick Access\QAAgent.exe"=0x5341435001000000000000000700000028000000A0DD06008713070001000000000000000000000A7322000059193B14E312D1010000000000000000020000002800000000000000000000400000000000000000000000000000000000BF1301000000000200000002000000 "C:\OEM\Preload\Autorun\CheckFiles.exe"=0x5341435001000000000000000700000028000000207A0D00AD780E000100000000000000000000067100000019B4C529E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000007D000000000000000100000001000000 "C:\Users\ligma\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C03802000BA5020001000000000000000000000A0021000019B4C529E312D1010000000100000000 "C:\Users\ligma\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C8BA020001D3020001000000000000000000000A0021000019B4C529E312D1010000000100000000 "C:\Users\ligma\Downloads\SkypeSetupFull.exe"=0x534143500100000000000000070000002800000080F47C0231267D0201000000000000000000000A0021000019B4C529E312D101000000000000000002000000280000000000000000000040000000000000000000000000000000000CD80100000000000100000001000000 "C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE"=0x5341435001000000000000000700000028000000D05C1C00E1661C0001000000000000000000000A0021000019B4C529E312D1010000009100000000 "C:\Program Files (x86)\Acer\abFiles\abFilesSetup.exe"=0x53414350010000000000000007000000280000000011A3005ED2A30001000000000000000000000AF522000059193B14E312D101000000000000000002000000280000000000000000000040000000000000000000000000000000009D420200000000000100000001000000 "C:\Program Files (x86)\Acer\abPhoto\abPhotoSetup.exe"=0x5341435001000000000000000700000028000000D8DA26001414270001000000000000000000000AF122000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000EAD40200000000000200000002000000 "C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe"=0x5341435001000000000000000700000028000000F0702C000D6F2D0001000000000000000000000A0021000059193B14E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000BC280200000000000100000001000000 "C:\Program Files (x86)\WildTangent Games\Game Explorer Categories - genres\Uninstall.exe"=0x5341435001000000000000000700000028000000BCB00600720A0D000100000000000000000001060001000019B4C529E312D1010000000000000000020000002800000000000000000000400000000000000000000000000000000017040000000000000100000001000000 "C:\Program Files (x86)\WildTangent Games\Game Explorer Categories - main\Uninstall.exe"=0x5341435001000000000000000700000028000000BCB00600E5D50D000100000000000000000001060001000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000E8030000000000000100000001000000 "C:\Program Files (x86)\WildGames\Uninstall.exe"=0x5341435001000000000000000700000028000000500A0A0024FF0A000100000000000000000003067122000019B4C529E312D1010000000000000000020000002800000000000000000000400000000000000000000000000000000064B80000000000000100000001000000 "C:\Program Files (x86)\Acer\AOP Framework\uninstall.exe"=0x5341435001000000000000000700000028000000D8420000A38C000001000000000000000000000A7122000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000768D0100000000000100000001000000 "C:\Users\ligma\Downloads\LibreOffice_5.1.5_Win_x86.msi"=0x534143500100000000000000070000002800000000E400006BAB01000100000000000000000001050010000019B4C529E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000018180100000000000100000001000000 "C:\Program Files (x86)\Dashlane\Upgrade\DashlaneDownloader.exe"=0x5341435001000000000000000700000028000000186802001C43030001000000000000000000000AF122000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000C1150200000000000100000001000000 "C:\Users\ligma\AppData\Roaming\Dashlane\Dashlane.exe"=0x534143500100000000000000070000002800000080450700A1F307000100000000000000000003060001000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000F0F90000000000000100000001000000 "C:\Users\ligma\AppData\Roaming\Dashlane\4.6.1.18109\bin\DashlaneUninstall.exe"=0x5341435001000000000000000700000028000000282405002F8A0A000100000000000000000001060001000019B4C529E312D101000000000000000002000000280000000000000000000040000000100000000000000000000000007BA70000000000000100000001000000 "C:\ProgramData\{E4FEB43E-F69B-4D80-8F7F-D58114A44D4B}\DashlaneUpgradeInstaller.exe"=0x5341435001000000000000000700000028000000D8FE51009801520001000000000000000000000A0021000019B4C529E312D101000000000000000002000000280000000000000000000040000000000000000000000000000000008B510000000000000100000001000000 "C:\Users\ligma\Downloads\avast_free_antivirus_setup_online.exe"=0x534143500100000000000000070000002800000080A96000747E610001000000000000000000000A0021000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000927D0200000000000300000003000000 "C:\Windows\System32\msiexec.exe"=0x53414350010000000000000007000000280000000002010066CD01000300000001000000000003060001000059193B14E312D1010000000000000000 "C:\Program Files (x86)\Acer\Acer Portal\uninstall.exe"=0x5341435001000000000000000700000028000000603B0000921A010003000000000000000000000A7122000019B4C529E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000007F190100000000000100000001000000 "C:\Users\ligma\Downloads\Team_extreme_minecraft_launcher_3.1.7_download_downloader.exe"=0x5341435001000000000000000700000028000000A0AA090091AF090001000000000000000000000A0021000019B4C529E312D1010000000000000000020000002800000000000000800000400000000000000000000000000000000006960000000000000100000001000000 "C:\ProgramData\Webitar Production Inc\products\FileFinder\uninstall\uninstall.exe"=0x53414350010000000000000007000000280000000013210028C1210001000000000000000000000A0021000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000AD1F0000000000000100000001000000 "D:\Utilitaires\Firefox\Firefox Setup Stub 49.0.1.exe"=0x534143500100000000000000070000002800000068B70300A590040001000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000C94D0200000000000200000002000000 "C:\Users\ligma\Downloads\readerdc_fr_ka_install.exe"=0x5341435001000000000000000700000028000000E0541200BF7C120001000000000000000000000A0021000019B4C529E312D1010000000000000000 "C:\Users\ligma\Downloads\vlc-2.2.4-win32.exe"=0x534143500100000000000000070000002800000038E8D1015414D2010100000000000000000001060001000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000E5F30000000000000100000001000000 "C:\Users\ligma\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C0AC02007050030001000000000000000000000A0021000019B4C529E312D1010000000100000000 "C:\Users\ligma\Desktop\Jeux\lol.launcher.exe"=0x534143500100000000000000070000002800000040960100E28502000100000000000000000001067100000019B4C529E312D10100000000000000000200000028000000000000008000000000020000000000000000000000000000766C0000000000000300000003000000 "C:\Users\ligma\Downloads\LeagueofLegends_EUW_Installer_2016_05_13 (1).exe"=0x5341435001000000000000000700000028000000F00AD90157A9D90101000000000000000000000A0021000019B4C529E312D10100000000000000000200000050000000000000000000004000000000000000000000000000000000D007000000000000010000000100000000000000000000000000000000000000000000000000000009010000000000000100000000000000 "C:\Users\ligma\AppData\Local\Temp\IXP000.TMP\VCREDI~2.EXE"=0x5341435001000000000000000700000028000000507F30004B5231000100000000000000000001057100000019B4C529E312D1010000000000000000020000002800000000000000800900400000000000000000000000000000000072430000000000000100000001000000 "C:\Users\ligma\AppData\Local\Temp\IXP000.TMP\VCREDI~3.EXE"=0x534143500100000000000000070000002800000050492900C3D329000100000000000000000001057100000019B4C529E312D1010000000000000000020000002800000000000000800900400000000000000000000000000000000046110000000000000100000001000000 "C:\Users\ligma\AppData\Roaming\Riot Games\League of Legends\prerequisites\DXSETUP.exe"=0x53414350010000000000000007000000280000000810080083D108000100000000000000000000067102000019B4C529E312D1010000000000000000020000002800000000000000000000400000000000000000000000000000000087060000000000000100000001000000 "C:\Riot Games\League of Legends\lol.launcher.exe"=0x534143500100000000000000070000002800000040960100E285020001000000000000000000010671000000DB80FDAC2839D301000000000000000002000000500000000000000080000040000000000000000000000000000000003DF51F0200000000020000000100000000000000800000001000000000000000000000000000000064972034000000001800000000000000 "C:\Users\ligma\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C0AC02007050030001000000000000000000000A0021000033504C2B57DFD1010000000100000000 "C:\Users\ligma\Downloads\LJ-Pro-200-color-MFP-M276-full-solution-15188.exe"=0x5341435001000000000000000700000028000000808A770606F277060100000000000000000001060001000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000FAD4670A000000000200000002000000 "C:\Program Files (x86)\HP\HP LaserJet 200 color MFP M276\bin\HPScan.exe"=0x5341435001000000000000000700000028000000682B0700EA2D070001000000000000000000010671220000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000F6D61400000000001200000012000000 "C:\Users\ligma\Desktop\Jeux\Minecraft Launcher.exe"=0x5341435001000000000000000700000028000000B6A21900C30C010001000000000000000000010600010000DB80FDAC2839D301000000000000000002000000280000000000000080000000001000000000000000000000000000006F54D105000000003F0000003F000000 "C:\Program Files (x86)\Java\jre1.8.0_101\bin\javaw.exe"=0x534143500100000000000000070000002800000040EC02008885030001000000000000000000000A0021000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000040585900000000002400000024000000 "C:\Users\ligma\Downloads\jre-8u111-windows-x64.exe"=0x534143500100000000000000070000002800000040E6C403FF7DC50301000000000000000000000A73220000D5B3B31A57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000000A2F0100000000000100000001000000 "C:\Program Files\Java\jre1.8.0_111\bin\javaw.exe"=0x53414350010000000000000007000000280000004028030022C8030001000000000000000000000A00210000D5B3B31A57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000001C5BCD00000000000A0000000A000000 "C:\Program Files\Acer\User Experience Improvement Program\Framework\Setting.exe"=0x534143500100000000000000070000002800000000A9210088D8210001000000000000000000000AF5220000DB80FDAC2839D301000000000000000002000000280000000000000000000000000000000000000000000000000000001B3A0000000000000300000003000000 "C:\Windows.old\Windows\WinSxS\wow64_microsoft-windows-notepad_31bf3856ad364e35_10.0.10586.589_none_e653b9cf0381ee5d\notepad.exe"=0x5341435001000000000000000700000028000000008C030091A4030001000000010000000000000A7122000033504C2B57DFD1010000000000000000 "SIGN.MEDIA=646955 LaunchU3.exe"=0x534143500100000000000000070000002800000000F01000000000000100000000000000000000067120000033504C2B57DFD101000000000000000002000000280000000000000080000010001000000000000000000000000000001E080000000000000100000001000000 "C:\Program Files\AVAST Software\Avast\avastui.exe"=0x5341435001000000000000000700000028000000A8018A0006E08A0001000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000DB000000000000000500000005000000 "C:\Users\ligma\Downloads\flashplayer23_jd_install.exe"=0x5341435001000000000000000700000028000000D0481200294B120001000000000000000000000A0021000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000007EB0100000000000100000001000000 "C:\Program Files (x86)\McAfee\SiteAdvisor\uninstall.exe"=0x534143500100000000000000070000002800000008DB0D00B7CF0E0003000000000000000000000A0021000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000066B50000000000000200000002000000 "C:\Program Files\Elantech\ETDUn_inst.exe"=0x5341435001000000000000000700000028000000B82E25006B18260003000000000000000000020673020000D5B3B31A57DFD1010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000000002020000000000000000000000000095090000000000000100000001000000 "C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.153\deploy\League of Legends.exe"=0x5341435001000000000000000700000028000000F82D6D01A59B6D0101000000000000000000000A7120000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000003D080000000000000200000002000000 "C:\Users\ligma\Downloads\Adaware_Installer.exe"=0x534143500100000000000000070000002800000030CF200096E2200001000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000DC524D00000000000100000001000000 "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareTray.exe"=0x5341435001000000000000000700000028000000E00C9200363D920001000000000000000000000A00210000D5B3B31A57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000528BCB02000000000200000002000000 "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareDesktop.exe"=0x5341435001000000000000000700000028000000E8C62601C886270101000000000000000000000A00210000D5B3B31A57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000059DD4701000000000400000004000000 "C:\Program Files\Common Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus Updater\11.12.945.9202\AdAwareUpdater.exe"=0x534143500100000000000000070000002800000010EF5900D32A5A0003000000000000000000000A00210000D5B3B31A57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000003AF30000000000000200000002000000 "C:\Program Files\AVAST Software\Avast\setup\instup.exe"=0x5341435001000000000000000700000028000000E89A0D000000000003000000000000000000000A0021000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000001F0A0400000000000100000001000000 "C:\Program Files\mcafee\msc\mcuihost.exe"=0x5341435001000000000000000700000028000000D8FC10003BF0110003000000000000000000000A00210000D5B3B31A57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000008D420200000000000100000001000000 "C:\Program Files\Windows Defender\MSASCui.exe"=0x534143500100000000000000070000002800000000D61300B300140001000000010000000000000A00210000D5B3B31A57DFD1010000000000000000 "C:\Users\ligma\Downloads\avira_fr_fass0_584402e2845d1__ws.exe"=0x5341435001000000000000000700000028000000480245007A9F450001000000000000000000000A0021000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000017520000000000000100000001000000 "C:\Program Files (x86)\Avira\Antivirus\avconfig.exe"=0x534143500100000000000000070000002800000078820F007B28100001000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000052E0000000000000100000001000000 "C:\Program Files (x86)\Avira\Antivirus\avscan.exe"=0x534143500100000000000000070000002800000028A31600E117170001000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000A0F86B00000000000100000001000000 "C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.155\deploy\League of Legends.exe"=0x5341435001000000000000000700000028000000F88D6D01CAA56D0101000000000000000000000A7120000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000AD050000000000000100000001000000 "C:\Program Files (x86)\Avira\System Speedup\Avira_System_Speedup.exe"=0x534143500100000000000000070000002800000078A3010053FB010001000000000000000000000AF122000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000007D10100000000000100000001000000 "C:\Users\ligma\Downloads\flashplayer24au_ga_install.exe"=0x534143500100000000000000070000002800000068541200139B120001000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000A7744100000000000100000001000000 "C:\Program Files\McAfee Security Scan\uninstall.exe"=0x5341435001000000000000000700000028000000407C05001BA805000300000000000000000001060001000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000BDB60000000000000100000001000000 "C:\Users\ligma\Downloads\gimp-2.8.18-setup.exe"=0x5341435001000000000000000700000028000000F0199D043EDD9D0401000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000E8DB0000000000000100000001000000 "C:\Users\ligma\Downloads\flashplayer24_xa_install.exe"=0x534143500100000000000000070000002800000068541200695F120001000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000D0CD0000000000000100000001000000 "C:\Users\ligma\Downloads\GeoGebra-Windows-Installer-5-0-311-0.exe"=0x534143500100000000000000070000002800000028AD2003000000000100000000000000000001060001000033504C2B57DFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000020710500000000000100000001000000 "C:\Program Files (x86)\GeoGebra 5.0\GeoGebra.exe"=0x5341435001000000000000000700000028000000282C0200000000000100000000000000000001060001000033504C2B57DFD101000000000000000002000000280000000000000000000000001000000000000000000000000000000474F603000000000200000002000000 "C:\Users\ligma\AppData\Local\Temp\jre-8u121-windows-au.exe"=0x5341435001000000000000000700000028000000404A0B009A2E0C0001000000000000000000000A7122000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000309E0400000000000100000001000000 "C:\Users\ligma\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000E07E03004B44040001000000000000000000000A0021000033504C2B57DFD1010000000100000000 "C:\Users\ligma\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"=0x5341435001000000000000000700000028000000D84A3801F9DF380101000000000000000000000A0021000033504C2B57DFD1010000000100000000 "C:\Users\ligma\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D87E030025C1030001000000000000000000000A0021000033504C2B57DFD1010000000100000000 "C:\Users\ligma\Downloads\4kyoutubetomp3_3.1.exe"=0x5341435001000000000000000700000028000000F8B4CA0199D1CA0101000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000AE8F0300000000000100000001000000 "C:\Program Files (x86)\LibreOffice 5\program\sdraw.exe"=0x5341435001000000000000000700000028000000680601004239010001000000000000000000000A7122000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000345D0000000000000200000002000000 "C:\Users\ligma\Downloads\blender-2.78b-windows64.msi"=0x534143500100000000000000070000002800000000E40000F2B301000100000000000000000001050010000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000048EE0000000000000100000001000000 "C:\Program Files\Blender Foundation\Blender\blender.exe"=0x5341435001000000000000000700000028000000008A1D060000000001000000000000000000000A73220000D5B3B31A57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000D3C71400000000000600000006000000 "C:\Users\ligma\Downloads\GoogleEarthSetup.exe"=0x5341435001000000000000000700000028000000A03B1100BAC0110001000000000000000000000A0021000033504C2B57DFD1010000008000000000020000002800000000000000000000000000000000000000000000000000000091770000000000000100000001000000 "C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe"=0x5341435001000000000000000700000028000000F84503000911040001000000000000000000000A71220000E63F486B2AA0D201000000000000000002000000280000000000000000000010000000000000000000000000000000001D2B3000000000000800000008000000 "C:\Users\ligma\Downloads\kav17.0.0.611fr-fr_full.exe"=0x534143500100000000000000070000002800000060405F0BA3645F0B01000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000E79B0900000000000100000001000000 "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avpui.exe"=0x5341435001000000000000000700000028000000D8690300411F040001000000000000000000000A00210000DB80FDAC2839D3010000000000000000 "C:\Users\ligma\Downloads\LibreOffice_5.2.6_Win_x86.msi"=0x534143500100000000000000070000002800000000E40000F2B301000100000000000000000001050010000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000055AC0500000000000100000001000000 "C:\Program Files (x86)\LibreOffice 5\program\swriter.exe"=0x534143500100000000000000070000002800000068FC00002BAD010001000000000000000000000A71220000DB80FDAC2839D301000000000000000002000000280000000000000000000000000000000000000000000000000000003BD9172E00000000B9000000B9000000 "C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.169\deploy\League of Legends.exe"=0x534143500100000000000000070000002800000080CC7201D419730101000000000000000000000A7120000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000F5060000000000000100000001000000 "C:\Program Files (x86)\LibreOffice 5\program\simpress.exe"=0x534143500100000000000000070000002800000068F60000C185010001000000000000000000000A71220000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000264CC000000000001500000015000000 "C:\Users\ligma\Downloads\Inkscape-0.92.1-x64-1.exe"=0x534143500100000000000000070000002800000052D89D030000000001000000000000000000000A0021000033504C2B57DFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000087310500000000000100000001000000 "C:\Users\ligma\Downloads\python-3.6.1.exe"=0x5341435001000000000000000700000028000000C8ADD001D9C3D00101000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000A8A20000000000000100000001000000 "C:\Users\ligma\AppData\Local\Programs\Python\Python36-32\python.exe"=0x5341435001000000000000000700000028000000987E01009457020001000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000B4432A00000000000500000005000000 "C:\Windows\py.exe"=0x534143500100000000000000070000002800000098920D00435B0E0001000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000CB000000000000001600000016000000 "C:\Users\ligma\Downloads\npp.7.3.3.Installer.exe"=0x534143500100000000000000070000002800000050842D009FD52D0001000000000000000000000A0021000033504C2B57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000009A660000000000000100000001000000 "C:\Program Files (x86)\Notepad++\notepad++.exe"=0x5341435001000000000000000700000028000000B0562300AA95230001000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000C7CC1A00000000000100000001000000 "C:\Users\ligma\AppData\Local\Package Cache\{1babc3bc-6a32-44f7-bf4d-60eec36c9ad1}\python-3.6.1.exe"=0x534143500100000000000000070000002800000098C70C00E6090D0001000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000AE460000000000000200000002000000 "C:\Users\ligma\AppData\Local\Programs\Python\Python36-32\pythonw.exe"=0x534143500100000000000000070000002800000098780100384A020001000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000D4AE2300000000000300000003000000 "C:\Program Files\Inkscape\inkscape.exe"=0x5341435001000000000000000700000028000000C18C07001982080001000000000000000000000A73200000D5B3B31A57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000055D74500000000000400000004000000 "C:\Program Files (x86)\LibreOffice 5\program\scalc.exe"=0x534143500100000000000000070000002800000068000100716C010001000000000000000000000A71220000DB80FDAC2839D301000000000000000002000000280000000000000000000000000000000000000000000000000000004BFB0504000000000E0000000E000000 "C:\Users\ligma\Downloads\flashplayer25_xa_install.exe"=0x53414350010000000000000007000000280000006856120020B7120001000000000000000000000A0021000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000004E770100000000000100000001000000 "C:\Users\ligma\AppData\Local\Temp\jre-8u131-windows-au.exe"=0x5341435001000000000000000700000028000000404A0B00316E0B0001000000000000000000000A7122000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000B2C40100000000000100000001000000 "C:\Users\ligma\AppData\Local\Temp\Temp1_SAMSUNG_USB_Driver_for_Mobile_Phones.zip\SAMSUNG_USB_Driver_for_Mobile_Phones.exe"=0x53414350010000000000000007000000280000004813F5001671F5000100000000000000000000067100000033504C2B57DFD10100000000000000000200000028000000000000000008004000000000000000000000000000000000C4E10000000000000100000001000000 "C:\Users\ligma\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D88203009CF3030001000000000000000000000A0021000033504C2B57DFD1010000000100000000 "C:\Users\ligma\Downloads\CamStudio202Fr\CamStudio202Fr.exe"=0x53414350010000000000000007000000280000008F8817000000000001000000000000000000000A4120000033504C2B57DFD1010000000000000000020000002800000000000000000800400000000000000000000000000000000005A50100000000000100000001000000 "C:\Program Files (x86)\CamStudio\Recorder.exe"=0x5341435001000000000000000700000028000000007006000000000001000000000000000000010571200000DB80FDAC2839D3010000000000000000020000002800000000000000000000000000000000000000000000000000000027BDC200000000000400000004000000 "C:\Windows\System32\UNPUXWorker.exe"=0x534143500100000000000000070000002800000060570100B8B0010001000000000000000000000A73220000D5B3B31A57DFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000020000000000000000200000002000000 "C:\Users\ligma\Downloads\gs921w64.exe"=0x5341435001000000000000000700000028000000000D070158AC070101000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000E88D0000000000000100000001000000 "C:\Users\ligma\Downloads\scribus-1.4.6-windows.exe"=0x53414350010000000000000007000000280000007331E304000000000100000000000000000001060001000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000BEC22200000000000100000001000000 "C:\Users\ligma\Downloads\WhatsAppSetup.exe"=0x534143500100000000000000070000002800000010496F05194170050100000000000000000003060001000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000002CB50900000000000100000001000000 "C:\Users\ligma\Desktop\ICIEE Donwload Interface.exe"=0x534143500100000000000000070000002800000000AE03000000000001000000000000000000000A71200000E63F486B2AA0D201000000000000000002000000280000000000000000000000000000000000000000000000000000007DE00000000000000200000002000000 "C:\Program Files (x86)\4KDownload\4kyoutubetomp3\4kyoutubetomp3.exe"=0x53414350010000000000000007000000280000003024E100D610E20001000000000000000000000A71220000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000F80A7400000000000400000004000000 "C:\Users\ligma\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000787C03003765040001000000000000000000000A00210000E63F486B2AA0D2010000000100000000 "C:\Users\ligma\AppData\Local\Temp\SkypeSetup.exe"=0x5341435001000000000000000700000028000000E0757F0372F67F0301000000000000000000000A00210000E63F486B2AA0D201000000000000000002000000280000000000000000000040000000000000000000000000000000006C5E0000000000000100000001000000 "C:\Users\ligma\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D09A0300AA58040001000000000000000000000A71200000E63F486B2AA0D2010000000100000000 "C:\Program Files (x86)\Avira\VPN\Avira.VPN.Notifier.exe"=0x5341435001000000000000000700000028000000088400007C3B010001000000000000000000000AF5220000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000043AB0000000000000500000005000000 "C:\Program Files (x86)\HP\HP LaserJet 200 color MFP M276\Help_Learn\Help.exe"=0x5341435001000000000000000700000028000000E04C4D0013864D0001000000000000000000010600210000E63F486B2AA0D2010000000000000000020000002800000000000000000000000010000000000000000000000000000096300000000000000100000001000000 "C:\Program Files (x86)\HP\csiInstaller\CC38C23C-7824-4DBB-AC73-997CD0BBFEC7\Setup.exe"=0x5341435001000000000000000700000028000000F07424005C00250001000000000000000000010600010000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000E7400200000000000100000001000000 "C:\Users\ligma\AppData\Local\Temp\jre-8u141-windows-au.exe"=0x5341435001000000000000000700000028000000404A0B0046ED0B0001000000000000000000000A71220000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000CE5F0100000000000100000001000000 "C:\Users\ligma\AppData\Local\Microsoft\OneDrive\17.3.6943.0625\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D0960300F48A040001000000000000000000000A71200000E63F486B2AA0D2010000000100000000 "C:\Program Files (x86)\Avira\VPN\Avira.WebAppHost.exe"=0x5341435001000000000000000700000028000000C0E70C00CF940D0001000000000000000000000AF5220000E78E163C2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000A1AA9002000000000600000006000000 "C:\ProgramData\Package Cache\{dd9049b8-31d1-40bd-8c8c-97a7b087a78f}\Avira.OE.Setup.Bundle.exe"=0x534143500100000000000000070000002800000068EF0E0077A80F0001000000000000000000000A00210000E63F486B2AA0D2010000000000000000020000002800000000000000000000400000000000000000000000000000000010690200000000000100000001000000 "C:\Program Files (x86)\Avira\VPN\uninstaller.exe"=0x534143500100000000000000070000002800000000BB030061D6030001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000A3360600000000000100000001000000 "C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe"=0x5341435001000000000000000700000028000000600201006821010001000000000000000000000AF1220000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000C3040000000000000100000001000000 "C:\Program Files (x86)\Mozilla Firefox\firefox.exe"=0x5341435001000000000000000700000028000000D01F08001887080001000000000000000000000A00210000E63F486B2AA0D2010000000100000000 "C:\Program Files (x86)\Mozilla Firefox\pingsender.exe"=0x5341435001000000000000000700000028000000D0D7000052C3010001000000000000000000000A71200000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000AE120000000000001600000016000000 "C:\Program Files (x86)\Google\Google Earth Pro\client\googleearth.exe"=0x53414350010000000000000007000000280000007878080088D8080001000000000000000000000A71220000E63F486B2AA0D20100000000000000000200000028000000000000000000001000000000000000000000000000000000ADA90A00000000000100000001000000 "C:\Users\ligma\Downloads\ShareX-11.9.1-setup.exe"=0x5341435001000000000000000700000028000000F98C4D000000000001000000000000000000000A00210000E63F486B2AA0D201000000000000000002000000280000000000000000000000000000000000000000000000000000008E733101000000000100000001000000 "C:\Users\ligma\Downloads\flux-setup.exe"=0x534143500100000000000000070000002800000050970B00115A0C0001000000000000000000010600010000E63F486B2AA0D201000000000000000002000000280000000000000000000000040000000000000000000000000000003B4B3001000000000100000001000000 "C:\Users\ligma\Downloads\DittoSetup_3_21_134_0.exe"=0x5341435001000000000000000700000028000000F416A4000000000001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000EA952E01000000000100000001000000 "C:\Users\ligma\Downloads\Extract Nimi Places (portable).exe"=0x5341435001000000000000000700000028000000008C05007B4E060001000000000000000000000A80210000E78E163C2AA0D201000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000000000000000000000000000000000000001A350000000000000300000003000000 "C:\Program Files (x86)\Mozilla Firefox\minidump-analyzer.exe"=0x5341435001000000000000000700000028000000D015080085EC080001000000000000000000000A71200000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000017040000000000000100000001000000 "C:\Users\ligma\Downloads\ConvertHelperSetup-3.2.exe"=0x534143500100000000000000070000002800000040E7BD02A69BBE0201000000000000000000030600010000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000D3520000000000000100000001000000 "C:\Program Files\ConvertHelper3\unins000.exe"=0x5341435001000000000000000700000028000000C95B12000000000001000000000000000000030600010000E63F486B2AA0D201000000000000000002000000280000000000000000000040000200000000000000000000000000006C100000000000000100000001000000 "C:\Users\ligma\Downloads\KeePass-2.36-Setup.exe"=0x5341435001000000000000000700000028000000300D31002CAF310001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000B4BA1400000000000100000001000000 "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe"=0x5341435001000000000000000700000028000000B0B3300028D6300001000000000000000000000AF5220000DB80FDAC2839D301000000000000000002000000280000000000000000000000000000000000000000000000000000001C6B0700000000000200000002000000 "C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDax2Launcher.exe"=0x5341435001000000000000000700000028000000008600000000000001000000000000000000000A73220000E78E163C2AA0D201000000000000000002000000280000000000000000000000000000000000000000000000000000007A530100000000000100000001000000 "C:\Users\ligma\Downloads\Scratch-456.0.4.exe"=0x5341435001000000000000000700000028000000D056A3038703A40301000000000000000000000A71220000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000073220200000000000800000008000000 "C:\Users\ligma\AppData\Local\Temp\Temp1_ICU_v3.5_-_Exe.zip\ICU.exe"=0x534143500100000000000000070000002800000007C71C003BC30A0001000000000000000000010671020000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000063550000000000000100000001000000 "C:\Users\ligma\Downloads\ICU.exe"=0x534143500100000000000000070000002800000007C71C003BC30A0001000000000000000000010671020000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000DBF70700000000000200000002000000 "C:\Users\ligma\Downloads\Scratch-456.0.4(1).exe"=0x5341435001000000000000000700000028000000D056A3038703A40301000000000000000000000A71220000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000E9170400000000000200000002000000 "C:\Users\ligma\Downloads\ICU\ICU_64bit.exe"=0x53414350010000000000000007000000280000000FEB0D000FEF0C0001000000000000000000010673220000E78E163C2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000DB000000000000000600000006000000 "C:\Program Files (x86)\Avira\System Speedup\unins000.exe"=0x534143500100000000000000070000002800000050C01200D43F130001000000000000000000000A00210000E63F486B2AA0D2010000000000000000020000002800000000000000000000400000000000000000000000000000000021820000000000000100000001000000 "C:\ProgramData\Package Cache\{4771539a-931b-4378-8d4a-721ba62effca}\Avira.OE.Setup.Bundle.exe"=0x534143500100000000000000070000002800000080080F0099FA0F0001000000000000000000000A00210000E63F486B2AA0D201000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000006B2A0000000000000100000001000000 "C:\Users\ligma\Downloads\TAGO-Fences-Setup.exe"=0x534143500100000000000000070000002800000000F21600F837170001000000000000000000010600010000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000CD662000000000000100000001000000 "C:\Program Files (x86)\TAGO-Fences\TAGO-Fences.exe"=0x534143500100000000000000070000002800000050D01500786C1600010000000000000000000206F5020000DB80FDAC2839D30100000000000000000200000050000000000000000000000000000000000000000000000000000000BB1AAC2900000000280000002600000000000000000000400000000000000000000000000000000013020000000000000100000000000000 "C:\Program Files (x86)\Scratch 2\Scratch 2.exe"=0x5341435001000000000000000700000028000000007E030098B5010001000000000000000000000A00210000DB80FDAC2839D301000000000000000002000000280000000000000000000000000000000000000000000000000000003D1F0B01000000001100000011000000 "C:\Users\ligma\Downloads\OperaSetup.exe"=0x5341435001000000000000000700000028000000A0C111004521120001000000000000000000000A00210000E63F486B2AA0D2010000000000000000 "C:\Users\ligma\AppData\Local\Microsoft\OneDrive\17.3.6966.0824\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D0B00300CDA9040001000000000000000000000A71200000E63F486B2AA0D2010000000100000000 "SIGN.MEDIA=C58E22 encryptsticklite.exe"=0x5341435001000000000000000700000028000000204BFB009E0CFC0001000000000000000000000A71220000E63F486B2AA0D201000000000000000002000000280000000000000000000000000000000000000000000000000000005A320000000000000100000001000000 "SIGN.MEDIA=28319B0 PortablesApps\OperaPortable_47.0.2631.80.paf.exe"=0x5341435001000000000000000700000028000000B0198302AF97830201000000000000000000000A00210000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000074176500000000000100000001000000 "SIGN.MEDIA=28CAC3E PortablesApps\OperaPortable\OperaPortable.exe"=0x534143500100000000000000070000002800000050E40300152A040001000000000000000000010600010000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000080C30300000000000100000001000000 "SIGN.MEDIA=9743F8 Opera\launcher.exe"=0x534143500100000000000000070000002800000058DE12004C58130001000000000000000000000A00210000E78E163C2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000825D0000000000000200000002000000 "SIGN.MEDIA=9743F8 PortablesApps\Operas\Opera\launcher.exe"=0x534143500100000000000000070000002800000058DE12004C58130001000000000000000000000A00210000E78E163C2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000191A4D00000000000900000009000000 "SIGN.MEDIA=5EC21 PortablesApps\GIMPPortable\GIMPPortable.exe"=0x5341435001000000000000000700000028000000D8FF0200DC3C030001000000000000000000010600010000E63F486B2AA0D201000000000000000002000000280000000000000000000000000000000000000000000000000000000CD10000000000000200000002000000 "C:\Program Files (x86)\AIMP\AIMP.exe"=0x5341435001000000000000000700000028000000301C4500612A450001000000000000000000000A71220000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000837A583900000000D0000000D0000000 "SIGN.MEDIA=3DED6 PortablesApps\VLC\VLCPortable\VLCPortable.exe"=0x534143500100000000000000070000002800000048E401002687020001000000000000000000000A00210000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000060200500000000000200000002000000 "C:\Program Files (x86)\Mp3tag\Mp3tag.exe"=0x534143500100000000000000070000002800000008726D007D4E6E0001000000000000000000000A00210000E63F486B2AA0D201000000000000000002000000280000000000000000000000000000000000000000000000000000002D2D0600000000000100000001000000 "C:\Program Files (x86)\Mp3tag\Mp3tagUninstall.exe"=0x53414350010000000000000007000000280000002E1502009E4C320001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000AD2C0000000000000200000002000000 "C:\Program Files (x86)\MusicBrainz Picard\picard.exe"=0x534143500100000000000000070000002800000000F401003433010001000000000000000000000671020000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000EB210E00000000000100000001000000 "C:\Users\ligma\Downloads\Virtual Box\VirtualBox-5.1.28-117968-Win.exe"=0x534143500100000000000000070000002800000058056307BFD6630701000000000000000000000A71200000E63F486B2AA0D201000000000000000002000000280000000000000000000000000000000000000000000000000000009B0F0100000000000100000001000000 "C:\Users\ligma\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D0E20300117A040001000000000000000000000A71200000E63F486B2AA0D2010000000100000000 "C:\Program Files (x86)\LibreOffice 5\program\soffice.exe"=0x534143500100000000000000070000002800000068D600001FA4010001000000000000000000000A71220000E63F486B2AA0D20100000000000000000200000028000000000000000000001000000000000000000000000000000000D6060000000000000100000001000000 "C:\Users\ligma\AppData\Local\Temp\Temp1_ScreenToGif.2.9.Portable.zip\ScreenToGif.exe"=0x534143500100000000000000070000002800000000C21E000000000001000000000000000000000A80210000E78E163C2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000ED170000000000000100000001000000 "SIGN.MEDIA=1EC200 PortablesApps\Screentogif\ScreenToGif.exe"=0x534143500100000000000000070000002800000000C21E000000000001000000000000000000000A80210000E78E163C2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000BA6B0000000000000100000001000000 "C:\Users\ligma\Downloads\Vivaldi\Vivaldi.1.12.955.38.exe"=0x5341435001000000000000000700000028000000788E9A02482F9B0201000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000FFAB0000000000000100000001000000 "C:\Users\ligma\Downloads\KMSAutoNet\KMSAuto Net Portable v1.4.2\KMSAuto Portable v1.4.2\KMSAuto Net.exe"=0x534143500100000000000000070000002800000080608C00A7A48C0001000000000000000000000AF5220000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000BBF40100000000000100000001000000 "SIGN.MEDIA=DDDFA3C PortablesApps\ZedTV\ZedTV_portable\zedtv\enr.exe"=0x534143500100000000000000070000002800000000FC0F00DB81100001000000000000000000030600010000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000EA000000000000000100000001000000 "SIGN.MEDIA=DDDFA3C PortablesApps\ZedTV\ZedTV_portable\zedtv\zedtv.exe"=0x534143500100000000000000070000002800000000AE13004CD2130001000000000000000000000A00210000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000041110100000000000100000001000000 "SIGN.MEDIA=1BBBF52B PortablesApps\ZedTV\ZedTV_portable\zedtv\zedtv.exe"=0x534143500100000000000000070000002800000000AE13004CD2130001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000F1DF0000000000000100000001000000 "C:\Program Files\Rainmeter\SkinInstaller.exe"=0x5341435001000000000000000700000028000000906E0000176E010001000000000000000000000A00210000E78E163C2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000E50A2D01000000000300000003000000 "C:\Program Files (x86)\3RVX\3RVX.exe"=0x5341435001000000000000000700000028000000006E020000000000010000000000000000000006F5220000E78E163C2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000092709A01000000000100000001000000 "C:\Program Files (x86)\ScreenToGif\ScreenToGif.exe"=0x534143500100000000000000070000002800000000C21E000000000001000000000000000000000A80210000E78E163C2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000091090100000000000100000001000000 "C:\Program Files (x86)\Hydrogen\hydrogen.exe"=0x5341435001000000000000000700000028000000B0322D00FD322D0001000000000000000000000A71220000E63F486B2AA0D2010000000000000000 "C:\Program Files\Opera\48.0.2685.39\opera.exe"=0x5341435001000000000000000700000028000000583A0E00A19E0E0001000000000000000000000A00210000E78E163C2AA0D2010000000100000000 "C:\Program Files (x86)\Audacity\audacity.exe"=0x534143500100000000000000070000002800000000547E000000000001000000000000000000000A71220000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000105A0201000000001600000016000000 "C:\Users\ligma\Downloads\ProduKey\produkey\ProduKey.exe"=0x5341435001000000000000000700000028000000D0780100A8E9010001000000000000000000000A00210000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000015210000000000000100000001000000 "C:\Users\ligma\Desktop\ProduKey\ProduKey.exe"=0x5341435001000000000000000700000028000000D0780100A8E9010001000000000000000000000A00210000DB80FDAC2839D301000000000000000002000000280000000000000000000000000000000000000000000000000000003A540000000000000200000002000000 "C:\Program Files (x86)\Scribus 1.4.6\Scribus.exe"=0x534143500100000000000000070000002800000000AC8A001CA18B0001000000000000000000000A71220000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000A3CD1D00000000000300000003000000 "C:\Users\ligma\AppData\Local\FluxSoftware\Flux\flux.exe"=0x5341435001000000000000000700000028000000F89D1900EDC2190001000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000DCFF0000000000000100000001000000 "D:\Logiciel\Cubase 9\Start Installation.exe"=0x534143500100000000000000070000002800000008070600DE7A060001000000000000000000000A00210000DB80FDAC2839D3010000000000000000020000002800000000000000000000400000000000000000000000000000000047AB9000000000000400000004000000 "C:\Program Files (x86)\4KDownload\4kyoutubetomp3\unins000.exe"=0x5341435001000000000000000700000028000000A8281200C87C120001000000000000000000000A00210000DB80FDAC2839D3010000000000000000020000002800000000000000000000400000000000000000000000000000000092140000000000000100000001000000 "C:\Program Files (x86)\Hydrogen\Uninstall.exe"=0x5341435001000000000000000700000028000000EF9D0200253E010001000000000000000000010600010000DB80FDAC2839D301000000000000000002000000280000000000000000000040000000000000000000000000000000006C150000000000000100000001000000 "C:\Program Files (x86)\MusicBrainz Picard\uninst.exe"=0x5341435001000000000000000700000028000000B39701000000000001000000000000000000010600010000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000D9800000000000000200000002000000 "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe"=0x5341435001000000000000000700000028000000F09F0D003EBF0D0001000000000000000000000A00210000DB80FDAC2839D301000000000000000002000000280000000000000000000040000000000000000000000000000000004B180000000000000100000001000000 "C:\Program Files (x86)\eLicenser\eLCC\eLCC.exe"=0x534143500100000000000000070000002800000000A02B000000000001000000000000000000000A71220000DB80FDAC2839D3010000000000000000020000002800000000000000000000000000000000000000000000000000000088BDC902000000000500000005000000 "D:\Logiciel\Cubase 9\Cubase9.exe"=0x5341435001000000000000000700000028000000F8BCEF039E67F00301000000000000000000000A73200000DB80FDAC2839D301000000000000000002000000280000000000000000000000000000000000000000000000000000007AD10D00000000000B0000000B000000 "C:\Program Files\Opera\48.0.2685.52\opera.exe"=0x5341435001000000000000000700000028000000583A0E00A76A0E0001000000000000000000000A00210000DB80FDAC2839D3010000000100000000 "C:\Users\ligma\AppData\Roaming\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe"=0x5341435001000000000000000700000028000000007C06000000000001000000000000000000000A00210000DB80FDAC2839D301000000000000000002000000280000000000000000000000000000000000000000000000000000001F132701000000000100000001000000 "D:\Logiciel\Cubase 9\Cubase for Windows\Steinberg Installation Updater.exe"=0x534143500100000000000000070000002800000018EB3A00A44D3B0001000000000000000000000A71220000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000A8A50300000000000100000001000000 "C:\Users\ligma\Downloads\TeamViewerQS.exe"=0x53414350010000000000000007000000280000006039BA00DABBBA0001000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000BE2D3D00000000000B0000000B000000 "C:\Users\ligma\Downloads\OemKey.exe"=0x534143500100000000000000070000002800000098241600DA0E170001000000000000000000000A71220000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000D21E0000000000000100000001000000 "C:\Users\ligma\AppData\Local\Microsoft\OneDrive\17.3.7074.1023\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C80E0400B6AD040001000000000000000000000A71200000DB80FDAC2839D3010000000100000000 "C:\Program Files (x86)\eLicenser\Uninstaller\Uninstall eLicenser Control.exe"=0x5341435001000000000000000700000028000000200C8600E0ADEF0301000000000000000000000A00210000DB80FDAC2839D301000000000000000002000000280000000000000000000040000000000000000000000000000000000E370000000000000100000001000000 "C:\Users\ligma\Downloads\deskpins-1.30\DeskPins 1.30 setup.exe"=0x53414350010000000000000007000000280000001AAD01000000000001000000000000000000010571000000DB80FDAC2839D30100000000000000000200000028000000000000000008004000000000000000000000000000000000ED240000000000000100000001000000 "C:\Program Files (x86)\DeskPins\DeskPins.exe"=0x534143500100000000000000070000002800000000F400000000000001000000000000000000010571200000DB80FDAC2839D30100000000000000000200000050000000000000000000000000000000000000000000000000000000E688C80A000000000500000001000000000000000000004000000000000000000000000000000000BC050000000000000100000000000000 "C:\Users\ligma\AppData\Local\Microsoft\OneDrive\17.3.7076.1026\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C80E040067ED040001000000000000000000000A71200000DB80FDAC2839D3010000000100000000 "C:\Users\ligma\Downloads\Lame_v3.99.3_for_Windows.exe"=0x53414350010000000000000007000000280000003F0C08000000000001000000000000000000010600010000DB80FDAC2839D3010000000000000000020000002800000000000000000000000000000000000000000000000000000036380000000000000100000001000000 "C:\Program Files (x86)\Super macro\Super_macro.exe"=0x5341435001000000000000000700000028000000009022000000000001000000000000000000010661200000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000B8830803000000008300000083000000 "C:\Users\ligma\AppData\Local\Clavier+\Clavier.exe"=0x534143500100000000000000070000002800000000EA0100A4A8020001000000000000000000000A71200000DB80FDAC2839D301000000000000000002000000280000000000000000000000000000000000000000000000000000008C1B241E000000000900000009000000 "C:\Program Files\LMMS\lmms.exe"=0x5341435001000000000000000700000028000000009E24008263250001000000000000000000000A73200000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000C5500C00000000000200000002000000 "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe"=0x5341435001000000000000000700000028000000C0DC010044B6020001000000000000000000030671220000DB80FDAC2839D30100000000000000000200000028000000000000000000001000000000000000000000000000000000EAC25304000000000700000007000000 "C:\Program Files (x86)\WinRAR\WinRAR.exe"=0x5341435001000000000000000700000028000000C8411700F3B9170001000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000DB280200000000000A0000000A000000 "C:\Users\ligma\Downloads\osu!install.exe"=0x534143500100000000000000070000002800000038843E00AF793F0001000000000000000000030600010000DB80FDAC2839D3010000000000000000 "C:\Users\ligma\AppData\Local\Temp\scoped_dir6148_17786\spsetup131.exe"=0x5341435001000000000000000700000028000000C81E6000FDD4600001000000000000000000010600010000DB80FDAC2839D3010000000000000000 "C:\Program Files\Speccy\Speccy64.exe"=0x5341435001000000000000000700000028000000D8206A00FA936A0001000000000000000000000A73220000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000E0409B00000000000A0000000A000000 "C:\Users\ligma\AppData\Local\Temp\scoped_dir6148_10126\VMware-player-12.5.8-7098237.exe"=0x5341435001000000000000000700000028000000C893A3049D3CA40401000000000000000000030600010000DB80FDAC2839D3010000000000000000020000002800000000000000000000400000000000000000000000000000000026F80100000000000100000001000000 "C:\Users\ligma\AppData\Local\Temp\scoped_dir6148_1156\VMware-player-14.0.0-6661328.exe"=0x5341435001000000000000000700000028000000D8B4AB051585AC0501000000000000000000030600010000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000CC700300000000000100000001000000 "C:\Users\ligma\AppData\Local\Temp\ShareX\ShareX-12.0.0-setup.exe"=0x534143500100000000000000070000002800000074E24F000000000001000000000000000000000A00210000DB80FDAC2839D3010000000000000000 "C:\Program Files\WindowsApps\TencentWeChatLimited.forWindows10_2.5.2.0_x86__sdtnhv12zgd7a\WeChatStore\WeChatStore.exe"=0x5341435001000000000000000700000028000000C88607008A6B080001000000000000000000000A00210000DB80FDAC2839D3010000000000000000020000002800000000000000000000000000000000000000000000000000000008DB6705000000002B0000002B000000 "C:\Program Files (x86)\Skype\Phone\Skype.exe"=0x5341435001000000000000000700000028000000C8AFA801C304A90101000000000000000000000A00210000DB80FDAC2839D301000000000000000002000000280000000000000000000010000000000000000000000000000000009C7D4E0F000000001500000015000000 "C:\Users\ligma\AppData\Local\wire\Wire.exe"=0x534143500100000000000000070000002800000000B409000000000001000000000000000000000A00210000DB80FDAC2839D3010000000000000000020000002800000000000000000000000000000000000000000000000000000000A80C01000000000200000002000000 "C:\Users\ligma\AppData\Local\Temp\jre-8u151-windows-au.exe"=0x534143500100000000000000070000002800000040541C005DC41C0001000000000000000000000A71220000DB80FDAC2839D3010000000000000000020000002800000000000000000000400000000000000000000000000000000099AB0500000000000100000001000000 "C:\Users\ligma\Downloads\Franz-win32-x64-4.0.4\FranzSetup.exe"=0x534143500100000000000000070000002800000018A7D4034769D50301000000000000000000030600010000DB80FDAC2839D3010000000000000000 "C:\Program Files (x86)\CamStudio\unins000.exe"=0x5341435001000000000000000700000028000000DE4901000000000001000000000000000000010541200000DB80FDAC2839D30100000000000000000200000028000000000000000008004000000000000000000000000000000000B61B0000000000000100000001000000 "C:\Users\ligma\AppData\Local\osu!\osu!.exe"=0x534143500100000000000000070000002800000038843E00AF793F0001000000000000000000030600010000DB80FDAC2839D301000000000000000002000000280000000000000000000040000000000000000000000000000000006C440000000000000100000001000000 "C:\Program Files (x86)\Avira\Antivirus\ipmgui.exe"=0x5341435001000000000000000700000028000000B0330A00E0C00A0001000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000B482040400000000B8000000B8000000 "C:\Program Files\OpenShot Video Editor\launch.exe"=0x534143500100000000000000070000002800000000400100CFEF000001000000000000000000000A73220000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000BBAD2600000000000400000004000000 "C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.69.336.0_x86__zpdnekdrzrea0\SpotifyMigrator.exe"=0x534143500100000000000000070000002800000090570C004AAD0C0001000000000000000000000A00210000DB80FDAC2839D3010000000000000000020000002800000000000000000000000000000000000000000000000000000074C0B015000000000300000003000000 "C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.69.336.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe"=0x534143500100000000000000070000002800000090E90B00216E0C0001000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000FB80D703000000000100000001000000 "C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.69.336.0_x86__zpdnekdrzrea0\SpotifyStartupTask.exe"=0x53414350010000000000000007000000280000009007020058C1020001000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000A674D703000000000200000002000000 "C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.70.388.0_x86__zpdnekdrzrea0\Spotify.exe"=0x5341435001000000000000000700000028000000908141015743420101000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000C4160000000000000300000003000000 "C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.70.388.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe"=0x534143500100000000000000070000002800000090E90B008F680C0001000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000B9753714000000000A0000000A000000 "C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.70.388.0_x86__zpdnekdrzrea0\SpotifyStartupTask.exe"=0x5341435001000000000000000700000028000000900702000845020001000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000C2939E05000000000800000008000000 "SIGN.MEDIA=1D1300 HiSuiteDownLoader.exe"=0x5341435001000000000000000700000028000000C8DA1D009C1D1E0001000000000000000000000A71220000DB80FDAC2839D3010000000000000000020000002800000000000000000000000000000000000000000000000000000070B60000000000000300000003000000 "C:\Program Files\PuTTY\putty.exe"=0x534143500100000000000000070000002800000038080D005D310D0001000000000000000000000A63200000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000E3699303000000002600000026000000 "C:\Users\ligma\Downloads\win32diskimager-1.0.0-install.exe"=0x534143500100000000000000070000002800000094C2BF000000000001000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000E2830400000000000100000001000000 "C:\Program Files (x86)\ImageWriter\Win32DiskImager.exe"=0x534143500100000000000000070000002800000000EA02002A52030001000000000000000000000A71220000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000821A0900000000000200000002000000 "C:\Program Files (x86)\SDA\SD Card Formatter\SD Card Formatter.exe"=0x5341435001000000000000000700000028000000085437000734380001000000000000000000000A71220000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000613A0500000000000300000003000000 "C:\Users\ligma\Downloads\VNC-Viewer-6.17.1113-Windows.exe"=0x5341435001000000000000000700000028000000501694005C46940001000000000000000000000A00210000DB80FDAC2839D3010000000000000000 "C:\Program Files\RealVNC\VNC Viewer\vncviewer.exe"=0x534143500100000000000000070000002800000050B2810023D0810001000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000DC2A7301000000000A0000000A000000 "C:\Users\ligma\AppData\Local\Temp\scoped_dir9744_5658\Windows10Upgrade24074.exe"=0x534143500100000000000000070000002800000010405F00B02E600001000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000FDEF0000000000000100000001000000 "C:\Users\ligma\Documents\Windows10Upgrade24074.exe"=0x534143500100000000000000070000002800000010405F00B02E600001000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000E40E0000000000000200000002000000 "C:\Windows\SysWOW64\explorer.exe"=0x5341435001000000000000000700000028000000A82C35000128360001000000010000000000000A61220000DB80FDAC2839D3010000000000000000 "C:\Program Files (x86)\Advanced IP Scanner\advanced_ip_scanner.exe"=0x5341435001000000000000000700000028000000B04415003647150001000000000000000000030600010000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000D2502700000000000200000002000000 "C:\Users\ligma\Desktop\Xming-6-9-0-31-setup.exe"=0x5341435001000000000000000700000028000000F2A421000000000001000000000000000000000A41220000DB80FDAC2839D3010000000000000000 "C:\Riot Games\League of Legends\BsSndRpt.exe"=0x5341435001000000000000000700000028000000D0F1040040FF040001000000000000000000000A71220000DB80FDAC2839D3010000000000000000020000002800000000000000000000000000000000000000000000000000000015070000000000000100000001000000 "C:\Program Files (x86)\Xming\Xming.exe"=0x5341435001000000000000000700000028000000002420005BB6200001000000000000000000000671200000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000EB000000000000000100000001000000 "C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.70.388.0_x86__zpdnekdrzrea0\SpotifyMigrator.exe"=0x534143500100000000000000070000002800000090570C0011020D0001000000000000000000000A00210000DB80FDAC2839D3010000000000000000 "C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.198\deploy\League of Legends.exe"=0x5341435001000000000000000700000028000000804C7A01D8307B0101000000000000000000000A71200000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000C45F0000000000000100000001000000 "C:\Users\ligma\Downloads\ChromeSetup.exe"=0x5341435001000000000000000700000028000000583D1100C0A5110001000000000000000000000A00210000DB80FDAC2839D3010000000100000000 "C:\Users\ligma\AppData\Local\Temp\GUMCA0.tmp\GoogleUpdateSetup.exe"=0x5341435001000000000000000700000028000000583D1100C0A5110001000000000000000000000A00210000DB80FDAC2839D301000000000000000002000000280000000000000000000040000000000000000000000000000000006C2F0000000000000100000001000000 "C:\Program Files (x86)\Prezi\Prezi.exe"=0x534143500100000000000000070000002800000000700300212D010001000000000000000000010600010000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000216F5300000000000200000002000000 "C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe"=0x5341435001000000000000000700000028000000B8A230006A4D310001000000000000000000000A71220000DB80FDAC2839D301000000000000000002000000280000000000000000000000000000000000000000000000000000001E150000000000000100000001000000 "C:\Program Files\Opera\49.0.2725.64\opera.exe"=0x5341435001000000000000000700000028000000285D0E0005180F0001000000000000000000000A00210000DB80FDAC2839D3010000000100000000 "C:\Users\ligma\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C89C0300B381040001000000000000000000000A71200000DB80FDAC2839D3010000000100000000 "C:\Riot Games\League of Legends\lol.launcher.admin.exe"=0x534143500100000000000000070000002800000040960100738E020001000000000000000000010671020000DB80FDAC2839D30100000000000000000200000028000000000000008000004000000000000000000000000000000000D3CF0000000000000100000001000000 "C:\Users\ligma\AppData\Local\Temp\scoped_dir8348_17438\uTorrent.exe"=0x5341435001000000000000000700000028000000A8782B00D5502C0001000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000AE240000000000000100000001000000 "C:\Users\ligma\AppData\Local\Temp\scoped_dir8348_14330\uTorrent.exe"=0x5341435001000000000000000700000028000000A8782B00D5502C0001000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000A3330000000000000100000001000000 "C:\Users\ligma\AppData\Local\Temp\scoped_dir8348_28136\uTorrent.exe"=0x5341435001000000000000000700000028000000A8782B00D5502C0001000000000000000000000A00210000DB80FDAC2839D3010000000000000000 "C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe"=0x5341435001000000000000000700000028000000E8571800C020190001000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000F8FC9F00000000000700000007000000 "C:\Program Files\Oracle\VirtualBox\VBoxManage.exe"=0x5341435001000000000000000700000028000000104010002AB4100001000000000000000000000A73200000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000F4010000000000000100000001000000 "C:\Users\ligma\AppData\Local\Temp\scoped_dir8348_8696\DWS_Lite.exe"=0x5341435001000000000000000700000028000000007E04000000000001000000000000000000000A75220000DB80FDAC2839D3010000000000000000020000002800000000000000000000400000000000000000000000000000000086A90500000000000100000001000000 "C:\ProgramData\Package Cache\{0e5e27aa-4f81-4a4b-9f13-d8b8530fcc2b}\PreziDesktop.exe"=0x5341435001000000000000000700000028000000888A0900A46D0A0001000000000000000000000A00210000DB80FDAC2839D3010000000000000000020000002800000000000000000000400000000000000000000000000000000085EE1400000000000100000001000000 "C:\Program Files\Java\jre1.8.0_151\bin\javacpl.exe"=0x5341435001000000000000000700000028000000403A01002F49010001000000000000000000010600010000DB80FDAC2839D30100000000000000000200000028000000000000000000000000100000000000000000000000000000E0B80000000000000600000006000000 "C:\Windows\SysWOW64\FlashPlayerApp.exe"=0x5341435001000000000000000700000028000000F8BF0C00C19E0D0001000000000000000000000A71220000DB80FDAC2839D3010000000000000000 "C:\Program Files (x86)\Windows Media Player\wmplayer.exe"=0x5341435001000000000000000700000028000000008C02007E0F030001000000010000000000000A61220000DB80FDAC2839D3010000000000000000 "C:\Program Files\Opera\launcher.exe"=0x5341435001000000000000000700000028000000281113008F8E130001000000000000000000000A00210000DB80FDAC2839D301000000000000000002000000280000000000000000000000000000000000000000000000000000008F5FAE03000000000200000002000000 "C:\Users\ligma\Documents\Mes téléchargements Filehippo\winrar-x64-550.exe"=0x534143500100000000000000070000002800000048BF210094AB220001000000000000000000000A00210000DB80FDAC2839D3010000000000000000020000002800000000000000000000400000000000000000000000000000000019980000000000000400000004000000 "C:\Program Files\WinRAR\WinRAR.exe"=0x5341435001000000000000000700000028000000C8F71700FD24180001000000000000000000000A00210000DB80FDAC2839D3010000000000000000020000002800000000000000000000000000000000000000000000000000000001B60000000000000A0000000A000000 "C:\Users\ligma\Documents\Gamezor v2.6\Install\Setup.exe"=0x5341435001000000000000000700000028000000D1065E000000000001000000000000000000030600010000DB80FDAC2839D30100000000000000000200000050000000000000000000004000000000000000000000000000000000849702000000000001000000010000000000000000000000000000000000000000000000000000007DE10200000000000200000000000000 "C:\Program Files (x86)\Gamezor\unins000.exe"=0x534143500100000000000000070000002800000021040B000000000001000000000000000000030600010000DB80FDAC2839D301000000000000000002000000280000000000000000000040000200000000000000000000000000009D120000000000000100000001000000 "C:\Program Files (x86)\Security Task Manager\TaskMan.exe"=0x5341435001000000000000000700000028000000D07B1200F248130001000000000000000000000A00210000DB80FDAC2839D3010000000000000000020000002800000000000000000000000000000000000000000000000000000002B0E903000000000100000001000000 "C:\Users\ligma\Desktop\adwcleaner_7.0.6.0.exe"=0x534143500100000000000000070000002800000020197D00CDE67D0001000000000000000000000A00210000DB80FDAC2839D3010000000000000000 "C:\Program Files\windows nt\accessories\wordpad.exe"=0x53414350010000000000000007000000280000000084440048B7440001000000010000000000000A63220000DB80FDAC2839D3010000000000000000 "C:\Windows\System32\MRT.exe"=0x5341435001000000000000000700000028000000E8F6B5072DAFB60701000000000000000000030600010000DB80FDAC2839D30100000000000000000200000028000000000000000000000004000000000000000000000000000000E6759901000000000600000006000000 "C:\Users\ligma\Desktop\spybotsd-2.6.46.exe"=0x534143500100000000000000070000002800000070461503C4A4150301000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000BB220000000000000100000001000000 "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe"=0x534143500100000000000000070000002800000070704100F1A8410001000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000BC70FF03000000000100000001000000 "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe"=0x534143500100000000000000070000002800000020F55700062A580001000000000000000000000A00210000DB80FDAC2839D301000000000000000002000000280000000000000000000000000000000000000000000000000000007E0D0000000000000200000002000000 "C:\ProgramData\Package Cache\{638c58eb-e71e-4b96-8f16-c5a7dbc4293f}\Avira.OE.Setup.Bundle.exe"=0x5341435001000000000000000700000028000000C8AB13007507140001000000000000000000000A00210000DB80FDAC2839D3010000000000000000020000002800000000000000000000400000000000000000000000000000000010C00400000000000200000002000000 "C:\Program Files (x86)\Avira\Antivirus\setup.exe"=0x5341435001000000000000000700000028000000C8EC16003C6E170001000000000000000000000A00210000DB80FDAC2839D301000000000000000002000000280000000000000000000040000000000000000000000000000000007F1E0100000000000100000001000000 "C:\Program Files\Opera\50.0.2762.58\opera.exe"=0x534143500100000000000000070000002800000028BB0E00BDA50F0001000000000000000000000A00210000DB80FDAC2839D3010000000100000000 "C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe"=0x534143500100000000000000070000002800000090E90B0093820C0001000000000000000000000A00210000DB80FDAC2839D3010000000000000000020000002800000000000000000000000000000000000000000000000000000035C12D23000000003400000034000000 "C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\SpotifyStartupTask.exe"=0x5341435001000000000000000700000028000000900702006CA8020001000000000000000000000A00210000DB80FDAC2839D301000000000000000002000000280000000000000000000000000000000000000000000000000000003ADAF002000000001800000018000000 "C:\Users\ligma\Desktop\revosetup.exe"=0x534143500100000000000000070000002800000000B56D00EED46D0001000000000000000000000A00210000DB80FDAC2839D3010000000000000000 "C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe"=0x53414350010000000000000007000000280000002021E100ED8DE10001000000000000000000000A73220000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000423F0200000000000100000001000000 "C:\Users\ligma\Desktop\FRST64.exe"=0x5341435001000000000000000700000028000000008424002833250001000000000000000000000A00210000DB80FDAC2839D3010000000000000000 "C:\Program Files\VS Revo Group\Revo Uninstaller\unins000.exe"=0x5341435001000000000000000700000028000000C9A914000000000001000000000000000000000A00210000DB80FDAC2839D3010000000000000000 "C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe"=0x5341435001000000000000000700000028000000D0F79A00AF8E9B0001000000000000000000000A71220000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000450E0400000000000100000001000000 "C:\Program Files\internet explorer\iexplore.exe"=0x534143500100000000000000070000002800000038950C005F6B0D0001000000010000000000000A00210000DB80FDAC2839D3010000000000000000 "C:\Program Files (x86)\TeamViewer\TeamViewer.exe"=0x534143500100000000000000070000002800000098628202D6CC820201000000000000000000000A00210000DB80FDAC2839D301000000000000000002000000280000000000000000000000000000000000000000000000000000004E7C6400000000000100000001000000 "C:\Users\ligma\Downloads\Firefox Installer.exe"=0x534143500100000000000000070000002800000010C00400C3A4050001000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000F1480300000000000100000001000000 "C:\Users\ligma\Downloads\TeamViewer_Setup.exe"=0x534143500100000000000000070000002800000000BB2601524B270101000000000000000000000A00210000DB80FDAC2839D301000000000000000002000000280000000000000000000000000000000000000000000000000000004B180000000000000100000001000000 "C:\Users\ligma\Documents\Mes téléchargements Filehippo\jre-9.0.4_windows-x64_bin.exe"=0x534143500100000000000000070000002800000040FA0906E5360A0601000000000000000000000A73220000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000E2690400000000000100000001000000 "C:\Users\ligma\Downloads\ZHPDiag3.exe"=0x534143500100000000000000070000002800000080412D00375E2D0001000000000000000000030600010000DB80FDAC2839D3010000000000000000020000002800000000000000000000400000000000000000000000000000000098470000000000000100000001000000 "C:\Users\ligma\AppData\Roaming\ZHP\ZHPDiag3.exe"=0x534143500100000000000000070000002800000080412D00375E2D0001000000000000000000030600010000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000E4D60400000000000100000001000000 "C:\Users\ligma\AppData\Roaming\uTorrent\uTorrent.exe"=0x5341435001000000000000000700000028000000B84B1E0010EC1E0001000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000BB3B990C000000000300000003000000 "C:\Program Files\LibreOffice 5\program\swriter.exe"=0x5341435001000000000000000700000028000000680E0100824B010001000000000000000000000A73220000DB80FDAC2839D301000000000000000002000000280000000000000000000000000000000000000000000000000000008EC65500000000000200000002000000 "C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\SpotifyMigrator.exe"=0x534143500100000000000000070000002800000090550C00B9290D0001000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000C9357900000000000400000004000000 "C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe"=0x534143500100000000000000070000002800000090F34101CD9A420101000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000EF070000000000001800000018000000 "C:\Program Files (x86)\LinuxLive USB Creator\Uninstall.exe"=0x53414350010000000000000007000000280000006CD301000000000001000000000000000000010600010000DB80FDAC2839D3010000000000000000020000002800000000000000000000400000000000000000000000000000000080600000000000000200000002000000 "C:\Users\ligma\Downloads\rufus-2.18.exe"=0x534143500100000000000000070000002800000078C40E0025E00E0001000000000000000000000A00210000DB80FDAC2839D301000000000000000002000000280000000000000000000040000000000000000000000000000000001A5F1000000000000A0000000A000000 "C:\Users\ligma\AppData\Local\Franz\Update.exe"=0x534143500100000000000000070000002800000018171700259C170001000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000C1070000000000000100000001000000 "C:\Users\ligma\Downloads\HPUSBDisk-2.2.3.exe"=0x5341435001000000000000000700000028000000008001000000000001000000000000000000000671000000DB80FDAC2839D3010000000000000000020000005000000000000000000000400000000000000000000000000000000049430200000000000100000001000000000000000000000000020300000000000000000000000000EF070000000000000100000000000000 "C:\Users\ligma\Downloads\UsbWriteProtect.exe"=0x534143500100000000000000070000002800000000E006000000000001000000000000000000010661200000DB80FDAC2839D301000000000000000002000000280000000000000000000000000000000000000000000000000000002A760000000000000200000002000000 "C:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.8\bin\epm0.exe"=0x5341435001000000000000000700000028000000901E0A00AFD30A0001000000000000000000000A71220000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000D2D80200000000000200000002000000 "C:\Users\ligma\Downloads\PAssist_Std.exe"=0x534143500100000000000000070000002800000068DCA2002260A30001000000000000000000010600010000DB80FDAC2839D3010000000000000000020000002800000000000000000000400000000000000000000000000000000013DA2B00000000000100000001000000 "C:\Program Files (x86)\AOMEI Partition Assistant Standard Edition 6.6\PartAssist.exe"=0x53414350010000000000000007000000280000006080500056BA500001000000000000000000000A71220000DB80FDAC2839D3010000000000000000020000002800000000000000000000400000000000000000000000000000000078E40600000000000400000004000000 "C:\Program Files (x86)\AOMEI Partition Assistant Standard Edition 6.6\unins000.exe"=0x5341435001000000000000000700000028000000490712000000000001000000000000000000010600010000DB80FDAC2839D301000000000000000002000000280000000000000000000040000200000000000000000000000000002E220000000000000100000001000000 "C:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.8\unins000.exe"=0x5341435001000000000000000700000028000000C0121200A106130001000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000191B0000000000000100000001000000 "C:\Users\ligma\Downloads\unetbootin-windows-575.exe"=0x5341435001000000000000000700000028000000003449000000000001000000000000000000010671020000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000BAC10000000000000100000001000000 "C:\Users\ligma\AppData\Local\Temp\Temp1_2013051518183751.zip\Restore.exe"=0x534143500100000000000000070000002800000000D40D001CF50D0001000000000000000000010671020000DB80FDAC2839D301000000000000000002000000280000000000000000000000000000000000000000000000000000007E680000000000000100000001000000 "C:\Users\ligma\AppData\Local\Temp\Temp2_2013051518183751.zip\Restore.exe"=0x534143500100000000000000070000002800000000D40D001CF50D0001000000000000000000010671020000DB80FDAC2839D301000000000000000002000000280000000000000000000000000002000000000000000000000000002A200000000000000100000001000000 "C:\Users\ligma\AppData\Local\Temp\Temp3_2013051518183751.zip\Restore.exe"=0x534143500100000000000000070000002800000000D40D001CF50D0001000000000000000000010671020000DB80FDAC2839D3010000000000000000020000002800000000000000000000000000000000000000000000000000000080240000000000000100000001000000 "C:\Users\ligma\Downloads\LinuxLive USB Creator 2.9.4.exe"=0x5341435001000000000000000700000028000000C0FF5D000000000001000000000000000000010600010000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000B80B0000000000000500000005000000 "C:\Program Files (x86)\LinuxLive USB Creator\LiLi USB Creator.exe"=0x534143500100000000000000070000002800000000BA1500EADC150001000000000000000000030600010000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000C6A13300000000000800000008000000 "C:\Program Files\Oracle\VirtualBox\VirtualBox.exe"=0x5341435001000000000000000700000028000000485A10008F38110001000000000000000000000A73200000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000564A4C00000000000200000002000000 "C:\Program Files\LibreOffice 5\program\simpress.exe"=0x534143500100000000000000070000002800000068080100DC11010001000000000000000000000A73220000DB80FDAC2839D301000000000000000002000000280000000000000000000000000000000000000000000000000000008F413100000000000100000001000000 "C:\Users\ligma\Downloads\image-writer-0.2-alpha\Win32DiskImager.exe"=0x534143500100000000000000070000002800000000720100DF01020001000000000000000000000671220000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000FF8B0100000000000300000003000000 "C:\Program Files (x86)\ImageWriter\unins000.exe"=0x5341435001000000000000000700000028000000D15612000000000001000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000B9100000000000000200000002000000 "C:\Users\ligma\Downloads\ImageWriter.exe"=0x5341435001000000000000000700000028000000007A00000000000001000000000000000000000675020000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000B14A0E00000000000800000008000000 "C:\Users\ligma\Downloads\Universal-USB-Installer-1.9.8.0.exe"=0x5341435001000000000000000700000028000000D5321B000000000001000000000000000000010600010000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000BF650B02000000000300000003000000 "C:\ProgramData\IObit\IObit Malware Fighter\Downloader\IMF5\IObit Uninstaller.exe"=0x53414350010000000000000007000000280000003091EB00D0ADEB0001000000000000000000000A00210000DB80FDAC2839D3010000000000000000 "C:\Users\ligma\Downloads\AdobeAIRInstaller.exe"=0x53414350010000000000000007000000280000009049A5005D23A60001000000000000000000000A00210000DB80FDAC2839D3010000000000000000020000002800000000000000000000000000000000000000000000000000000069750100000000000200000002000000 "C:\Users\ligma\Downloads\vlc-2.2.8-win32.exe"=0x5341435001000000000000000700000028000000B8EFD601DCC9D70101000000000000000000010600010000DB80FDAC2839D301000000000000000002000000280000000000000000000040000000000000000000000000000000009B6B0000000000000100000001000000 "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe"=0x5341435001000000000000000700000028000000B03302003C93020001000000000000000000000600010000DB80FDAC2839D301000000000000000002000000280000000000000000000010000000000000000000000000000000006F050000000000000100000001000000 "C:\Users\ligma\AppData\Local\Discord\Update.exe"=0x5341435001000000000000000700000028000000F83F1700D1DA170001000000000000000000000A75220000DB80FDAC2839D3010000000000000000020000002800000000000000000000000000000000000000000000000000000093190000000000000300000003000000 "C:\Program Files (x86)\Security Task Manager\SpyProtector.exe"=0x534143500100000000000000070000002800000050310200C5F6020001000000000000000000000A61220000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000EC750000000000000100000001000000 "C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe"=0x5341435001000000000000000700000028000000204B55006EE2550001000000000000000000000A00210000DB80FDAC2839D3010000000000000000020000002800000000000000000000400000000000000000000000000000000091970900000000000100000001000000 "C:\Users\ligma\AppData\Local\Temp\Temp1_BIOS_Acer_1.12_A_A.zip\BIOS_112.exe"=0x5341435001000000000000000700000028000000AB6CB4000000000001000000000000000000010671000000DB80FDAC2839D3010000000000000000050000001000000000000000000000000000000000080000020000002800000000000000000800400002000000000000000000000000000079B70000000000000200000002000000 "C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe"=0x5341435001000000000000000700000028000000C00905000C73050001000000000000000000010500100000DB80FDAC2839D301000000000000000002000000280000000000000000000000000000000000000000000000000000006D53DF0F000000000100000001000000 "C:\Program Files (x86)\4KDownload\4kvideodownloader\4kvideodownloader.exe"=0x534143500100000000000000070000002800000070EF01019B19020101000000000000000000000A71220000DB80FDAC2839D301000000000000000002000000280000000000000000000000000000000000000000000000000000007B481C00000000000400000004000000 "C:\Users\ligma\AppData\Local\Temp\GUMC7AD.tmp\GoogleUpdateSetup.exe"=0x5341435001000000000000000700000028000000583D1100C0A5110001000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000350D0200000000000100000001000000 "C:\Program Files (x86)\Google\Drive\googledrivesync.exe"=0x5341435001000000000000000700000028000000E08D72027C07730201000000000000000000000A61200000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000A1360000000000000300000003000000 "C:\Program Files (x86)\Ditto\Ditto.exe"=0x534143500100000000000000070000002800000000DC240094F9240001000000000000000000000A71220000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000B373E106000000000200000002000000 "C:\Users\ligma\AppData\Local\Microsoft\OneDrive\17.3.7294.0108\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000A0A203006855040001000000000000000000000A71200000DB80FDAC2839D3010000000100000000 "C:\Program Files (x86)\IObit\IObit Uninstaller\AUpdate.exe"=0x534143500100000000000000070000002800000020CD0100D757020001000000000000000000000A00210000DB80FDAC2839D3010000000000000000020000002800000000000000000000000000000000000000000000000000000095090000000000000600000006000000 "C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.201\deploy\League of Legends.exe"=0x5341435001000000000000000700000028000000809C6B013BAF6B0101000000000000000000000A71200000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000B6B20000000000000200000002000000 "C:\Users\ligma\Downloads\apowermirror.exe"=0x534143500100000000000000070000002800000070062A0455B82A0401000000000000000000000A00210000DB80FDAC2839D301000000000000000002000000280000000000000000000000000000000000000000000000000000007BD41300000000000100000001000000 "C:\Users\ligma\Downloads\tuxguitar-1.5-windows-x86-installer.exe"=0x5341435001000000000000000700000028000000057C740891662B0001000000000000000000000A00210000DB80FDAC2839D301000000000000000002000000280000000000000000000040000000000000000000000000000000003DF50000000000000100000001000000 "C:\Program Files (x86)\tuxguitar-1.5\tuxguitar.exe"=0x5341435001000000000000000700000028000000001002000000000001000000000000000000020671000000DB80FDAC2839D30100000000000000000200000028000000000000000000000000100000000000000000000000000000DB97371B000000000700000007000000 "C:\Users\ligma\Downloads\DaVinci_Resolve_14.3_Windows\DaVinci_Resolve_14.3_Windows.exe"=0x5341435001000000000000000700000028000000B0833128BE37322801000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000DD200200000000000100000001000000 "C:\Program Files (x86)\Blackmagic Design\DaVinci Resolve Panels\DaVinci Resolve Panels Setup.exe"=0x5341435001000000000000000700000028000000000C13002DC5130001000000000000000000010600010000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000EA0D0000000000000100000001000000 "C:\Program Files\Blackmagic Design\DaVinci Resolve\Resolve.exe"=0x5341435001000000000000000700000028000000D011150E6C36150E01000000000000000000000A73200000DB80FDAC2839D301000000000000000002000000280000000000000000000000800000000000000000000000000000002E396000000000000400000004000000 "C:\Users\ligma\Downloads\pile-bluetooth-widcomm-generique_pile_bluetooth_widcomm_generique_francais_322408.exe"=0x5341435001000000000000000700000028000000C80D380072FC380001000000000000000000000671000000DB80FDAC2839D30100000000000000000200000028000000000000000000000000001000000000000000000000000000A0020000000000000200000002000000 "C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.73.345.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe"=0x534143500100000000000000070000002800000090E90B006DFE0B0001000000000000000000000A00210000DB80FDAC2839D301000000000000000002000000280000000000000000000000000000000000000000000000000000004ADFBC14000000000400000004000000 "C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.73.345.0_x86__zpdnekdrzrea0\SpotifyStartupTask.exe"=0x534143500100000000000000070000002800000090070200EE84020001000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000BE091F00000000000200000002000000 "C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.73.345.0_x86__zpdnekdrzrea0\Spotify.exe"=0x534143500100000000000000070000002800000090D54101C44C420101000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000AA030000000000000200000002000000 "C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.73.345.0_x86__zpdnekdrzrea0\SpotifyMigrator.exe"=0x534143500100000000000000070000002800000090550C008AE20C0001000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000ED0A0000000000000100000001000000 "C:\Users\ligma\Documents\Mes téléchargements Filehippo\vlc-3.0.0-win64.exe"=0x53414350010000000000000007000000280000007832640279BE640201000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000BD260100000000000100000001000000 "C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe"=0x534143500100000000000000070000002800000010C17D0098C57D0001000000000000000000000A00210000DB80FDAC2839D3010000000000000000020000002800000000000000000000000000000000000000000000000000000029010000000000000100000001000000 "C:\Program Files\ShareX\ShareX.exe"=0x534143500100000000000000070000002800000000981C000000000001000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000B73A0000000000000300000003000000 "C:\Program Files\ShareX\unins000.exe"=0x5341435001000000000000000700000028000000D15812000000000001000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000C3110000000000000100000001000000 "C:\Users\ligma\Downloads\Greenshot-INSTALLER-1.2.10.6-RELEASE.exe"=0x5341435001000000000000000700000028000000A0351B001A4A1B0001000000000000000000000A00210000DB80FDAC2839D3010000000000000000 "C:\Users\ligma\Downloads\KiesSetup.exe"=0x5341435001000000000000000700000028000000A0404B0453C84B0401000000000000000000000A71220000DB80FDAC2839D3010000000000000000 "C:\Program Files (x86)\Apowersoft\ApowerMirror\unins000.exe"=0x534143500100000000000000070000002800000067A016000000000001000000000000000000000A00210000DB80FDAC2839D301000000000000000002000000280000000000000000000040000000000000000000000000000000005B1D0000000000000100000001000000 "C:\Users\ligma\Downloads\FlashS3\Odin3-v3.04\Odin3-v3.04\Odin3 v3.04.exe"=0x534143500100000000000000070000002800000000EA0E004FA10F0001000000000000000000010671020000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000DAB96600000000000500000005000000 "C:\Users\ligma\Downloads\mobilego_setup_full1150.exe"=0x534143500100000000000000070000002800000010B411004412120001000000000000000000000A00210000DB80FDAC2839D301000000000000000002000000280000000000000000000040000000000000000000000000000000008C220000000000000100000001000000 "C:\Users\ligma\Downloads\Android Injector.exe"=0x53414350010000000000000007000000280000001D0937000000000001000000000000000000010600210000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000A3321500000000000200000002000000 "C:\Program Files (x86)\Android Injector\injector.exe"=0x5341435001000000000000000700000028000000001004001489030001000000000000000000010671200000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000BC342E00000000000100000001000000 "C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.74.380.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe"=0x534143500100000000000000070000002800000090E90B0022F90B0001000000000000000000000A00210000DB80FDAC2839D3010000000000000000020000002800000000000000000000000000000000000000000000000000000001D46C24000000001100000011000000 "C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.74.380.0_x86__zpdnekdrzrea0\SpotifyStartupTask.exe"=0x53414350010000000000000007000000280000009007020064B5020001000000000000000000000A00210000DB80FDAC2839D3010000000000000000020000002800000000000000000000000000000000000000000000000000000027F17F0F000000000300000003000000 "C:\Users\ligma\Documents\Mes téléchargements Filehippo\FileZilla_3.31.0-rc1_win32-setup.exe"=0x5341435001000000000000000700000028000000C0637500E468750001000000000000000000000A00210000DB80FDAC2839D3010000000000000000020000002800000000000000000000400000000000000000000000000000000068BF0000000000000100000001000000 "C:\Users\ligma\Documents\Mes téléchargements Filehippo\Kies3Setup.exe"=0x5341435001000000000000000700000028000000386F50025BA8500201000000000000000000010600010000DB80FDAC2839D3010000000000000000020000002800000000000000000000400000000000000000000000000000000099E10600000000000100000001000000 "C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.74.380.0_x86__zpdnekdrzrea0\SpotifyMigrator.exe"=0x534143500100000000000000070000002800000090550C003B370D0001000000000000000000000A00210000DB80FDAC2839D3010000000000000000 "C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.74.380.0_x86__zpdnekdrzrea0\Spotify.exe"=0x5341435001000000000000000700000028000000906545013206460101000000000000000000000A00210000DB80FDAC2839D3010000000000000000020000002800000000000000000000000000000000000000000000000000000082070000000000000D0000000D000000 "C:\Program Files\Rainmeter\Rainmeter.exe"=0x534143500100000000000000070000002800000090960000C37A010001000000000000000000000A00210000DB80FDAC2839D301000000000000000002000000280000000000000000000000000000000000000000000000000000004E000000000000000100000001000000 "C:\Program Files\Java\jre-9.0.4\bin\javaw.exe"=0x5341435001000000000000000700000028000000408A0300C867040001000000000000000000000A00210000DB80FDAC2839D301000000000000000002000000280000000000000000000000000000000000000000000000000000007B030000000000000300000003000000 "C:\Users\ligma\Downloads\UnityDownloadAssistant-2017.3.1f1.exe"=0x534143500100000000000000070000002800000048240C0074790C0001000000000000000000010600010000DB80FDAC2839D3010000000000000000 "C:\Program Files\Unity\Editor\Unity.exe"=0x5341435001000000000000000700000028000000C0E9D304262CD40401000000000000000000000A00210000DB80FDAC2839D301000000000000000002000000280000000000000000000000000000000000000000000000000000002A228902000000000100000001000000 "C:\Users\ligma\Downloads\camstudio.exe"=0x534143500100000000000000070000002800000028F521000112253C01000000000000000000030600010000DB80FDAC2839D3010000000000000000 "C:\Users\ligma\Documents\Mes téléchargements Filehippo\npp.7.5.5.Installer.exe"=0x5341435001000000000000000700000028000000B0404100B735420001000000000000000000000A00210000DB80FDAC2839D3010000000000000000020000002800000000000000000000400000000000000000000000000000000098750100000000000100000001000000 "C:\Program Files (x86)\LibreOffice\program\swriter.exe"=0x5341435001000000000000000700000028000000680801000079010001000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000432E0000000000000100000001000000 "C:\Program Files (x86)\LibreOffice\program\soffice.exe"=0x534143500100000000000000070000002800000068EA0000D052010001000000000000000000000A00210000DB80FDAC2839D3010000000000000000020000002800000000000000000000100000000000000000000000000000000008390200000000000100000001000000 "C:\Users\ligma\Documents\Citra\Citra JIT (Dec 1) gdmk\Citra JIT (Dec 1) gdmk\citra-qt-gcc-24.exe"=0x5341435001000000000000000700000028000000E1765800BC86580001000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000FB87660B000000000700000007000000 "C:\Program Files\GIMP 2\bin\gimp-2.8.exe"=0x534143500100000000000000070000002800000040DD53000A73540001000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000DCA31C01000000000200000002000000 "C:\Program Files\CamStudio 2.7\Recorder.exe"=0x5341435001000000000000000700000028000000006223006B40240001000000000000000000000A71220000DB80FDAC2839D3010000000000000000020000002800000000000000000000000000000000000000000000000000000093D01600000000000800000008000000 "C:\Program Files (x86)\Apowersoft\Apowersoft Screen Recorder Pro 2\unins000.exe"=0x5341435001000000000000000700000028000000E32A16000000000001000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000BF0F0000000000000100000001000000 "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"=0x5341435001000000000000000700000028000000180E120058A0120001000000000000000000000A71220000DB80FDAC2839D3010000000000000000020000002800000000000000000000000000000000000000000000000000000058010000000000000100000001000000 "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"=0x5341435001000000000000000700000028000000F09122002D30230001000000000000000000000A00210000DB80FDAC2839D3010000000000000000020000002800000000000000000000100000000000000000000000000000000007987700000000000500000005000000 "C:\Users\ligma\Downloads\SteamSetup.exe"=0x534143500100000000000000070000002800000088131600052B160001000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000F14D0000000000000100000001000000 "C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe"=0x534143500100000000000000070000002800000090F10B00E25E0C0001000000000000000000000A00210000DB80FDAC2839D301000000000000000002000000280000000000000000000000000000000000000000000000000000005BC29A0C000000000300000003000000 "C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\SpotifyStartupTask.exe"=0x5341435001000000000000000700000028000000900702001BDD020001000000000000000000000A00210000DB80FDAC2839D3010000000000000000 "C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe"=0x534143500100000000000000070000002800000090154E01FDB74E0101000000000000000000000A00210000DB80FDAC2839D3010000000000000000020000002800000000000000000000000000000000000000000000000000000049060000000000000200000002000000 "C:\Users\ligma\Documents\Mes téléchargements Filehippo\winrar-x64-56b1.exe"=0x5341435001000000000000000700000028000000009F30006274310001000000000000000000000A00210000DB80FDAC2839D301000000000000000002000000280000000000000000000040000000000000000000000000000000008F6D0000000000000100000001000000 "C:\Users\ligma\AppData\Local\Temp\TeamViewer\TeamViewer_.exe"=0x5341435001000000000000000700000028000000701C2C01F9F22C0101000000000000000000000A00210000DB80FDAC2839D301000000000000000002000000280000000000000000000040000000000000000000000000000000005F600000000000000100000001000000 "C:\Users\ligma\Documents\Mes téléchargements Filehippo\vlc-3.0.1-win64.exe"=0x5341435001000000000000000700000028000000A0CA64020C86650201000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000A3D00900000000000100000001000000 "C:\Program Files\VideoLAN\VLC\vlc.exe"=0x5341435001000000000000000700000028000000C8F20E000FF70E0001000000000000000000000600010000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000FB050000000000000100000001000000 "C:\Program Files (x86)\AIMP\AIMPac.exe"=0x534143500100000000000000070000002800000030080A0024620A0001000000000000000000000A71220000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000F8780000000000000300000003000000 "C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\SpotifyMigrator.exe"=0x5341435001000000000000000700000028000000905D0C00A5580D0001000000000000000000000A00210000DB80FDAC2839D3010000000000000000 "C:\Program Files (x86)\IObit\IObit Uninstaller\Uninstaler_SkipUac.exe"=0x5341435001000000000000000700000028000000204F09007B94090001000000000000000000000A00210000DB80FDAC2839D301000000000000000002000000280000000000000000000000000000000000000000000000000000005A0B0000000000000200000002000000 "C:\Users\ligma\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"=0x5341435001000000000000000700000028000000986E8001F4F4800101000000000000000000000A00210000DB80FDAC2839D3010000000100000000 "C:\Users\ligma\AppData\Local\Microsoft\OneDrive\18.025.0204.0009\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000A0AE0300F24D040001000000000000000000000A71200000DB80FDAC2839D3010000000100000000 "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"=0x53414350010000000000000007000000280000005841180027EA180001000000000000000000000A00210000DB80FDAC2839D3010000000100000000 "C:\Program Files (x86)\Vivaldi\Application\vivaldi.exe"=0x534143500100000000000000070000002800000048FC16000579170001000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000F6830000000000000E0000000E000000 "C:\ProgramData\Malwarebytes\MBAMService\instlrupdate\mb3-setup-consumer-3.4.4.2398-1.0.322-1.0.4190.exe"=0x534143500100000000000000070000002800000030A71804F040190401000000000000000000000A00210000DB80FDAC2839D3010000000000000000020000002800000000000000000000400000000000000000000000000000000024AB0000000000000100000001000000 "C:\Program Files\Malwarebytes\Anti-Malware\malwarebytes_assistant.exe"=0x534143500100000000000000070000002800000020BD0B0034FB0B0001000000000000000000000A71220000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000E7250000000000000100000001000000 "C:\Users\ligma\Documents\Mes téléchargements Filehippo\FileZilla_3.32.0-rc1_win32-setup.exe"=0x5341435001000000000000000700000028000000F8337500A21D760001000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000BF8C0000000000000100000001000000 "C:\Riot Games\League of Legends\LeagueClient.exe"=0x5341435001000000000000000700000028000000801035007D32350001000000000000000000000A71220000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000429C9203000000001000000010000000 "C:\ProgramData\Malwarebytes\MBAMService\instlrupdate\mb3-setup-consumer-3.4.5.2467-1.0.342-1.0.4514.exe"=0x534143500100000000000000070000002800000008C149046F384A0401000000000000000000000A00210000DB80FDAC2839D301000000000000000002000000280000000000000000000040000000000000000000000000000000004A980300000000000100000001000000 "C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe"=0x5341435001000000000000000700000028000000202D12009A35120001000000000000000000000A00210000DB80FDAC2839D301000000000000000002000000280000000000000000000040000000000000000000000000000000003C800000000000000100000001000000 "C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.77.338.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe"=0x534143500100000000000000070000002800000090F10B0018650C0001000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000D6CB1500000000000200000002000000 "C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.77.338.0_x86__zpdnekdrzrea0\SpotifyStartupTask.exe"=0x5341435001000000000000000700000028000000900702006BF9020001000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000A31C0600000000000100000001000000 "C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.77.338.0_x86__zpdnekdrzrea0\Spotify.exe"=0x5341435001000000000000000700000028000000909F5601B2B4560101000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000FD020000000000000100000001000000 "C:\Users\ligma\AppData\Local\Temp\Temp1_ad-aware-free-11-12.zip\Adaware_Installer.exe"=0x534143500100000000000000070000002800000030CF200020E9200001000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000C4BD0300000000000100000001000000 "C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.3.909.11573\AdAwareTray.exe"=0x5341435001000000000000000700000028000000D86948006D74480001000000000000000000000A00210000DB80FDAC2839D3010000000000000000020000002800000000000000000000000000000000000000000000000000000024B28800000000000100000001000000 "C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.3.909.11573\AdAwareDesktop.exe"=0x5341435001000000000000000700000028000000D8C7CC00295CCD0001000000000000000000000A00210000DB80FDAC2839D3010000000000000000020000002800000000000000000000000000000000000000000000000000000070948700000000000200000002000000 "C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe"=0x5341435001000000000000000700000028000000D03AA100D031A20001000000000000000000000A71220000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000F7900300000000000100000001000000 "C:\Program Files\LMMS\Uninstall.exe"=0x534143500100000000000000070000002800000022FF03006AB0010001000000000000000000010671000000DB80FDAC2839D3010000000000000000020000002800000000000000000800400000000000000000000000000000000058690000000000000100000001000000 "C:\Program Files (x86)\PowerDataRecovery\unins000.exe"=0x5341435001000000000000000700000028000000C3D717000000000001000000000000000000010600010000DB80FDAC2839D301000000000000000002000000280000000000000000000040000200000000000000000000000000000B130000000000000100000001000000 "C:\Program Files (x86)\FileHippo.com\Uninstall.exe"=0x5341435001000000000000000700000028000000A9B5020086F0210001000000000000000000010600010000DB80FDAC2839D301000000000000000002000000280000000000000000000040000000000000000000000000000000005FFF0000000000000100000001000000 "C:\Program Files (x86)\Apowersoft\Streaming Audio Recorder\unins000.exe"=0x5341435001000000000000000700000028000000C5B816000000000001000000000000000000000A00210000DB80FDAC2839D3010000000000000000020000002800000000000000000000400000000000000000000000000000000028230000000000000100000001000000 "C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_140_pepper.exe"=0x534143500100000000000000070000002800000000DA1400364B150001000000000000000000000A00210000DB80FDAC2839D301000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000007A100000000000000100000001000000 "C:\Program Files (x86)\Android Injector\unins000.exe"=0x534143500100000000000000070000002800000024090B000000000001000000000000000000010600010000DB80FDAC2839D30100000000000000000200000028000000000000000000004000020000000000000000000000000000CB0D0000000000000100000001000000 "C:\Program Files\CamStudio 2.7\unins000.exe"=0x5341435001000000000000000700000028000000F5EF0A000000000001000000000000000000020600010000DB80FDAC2839D30100000000000000000200000028000000000000000000004000020000000000000000000000000000A5160000000000000100000001000000 "C:\Program Files (x86)\Cracklock\unins000.exe"=0x5341435001000000000000000700000028000000D1A90A000000000001000000000000000000000A41220000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000A61B0000000000000100000001000000 "C:\Program Files (x86)\Lame For Audacity\unins000.exe"=0x53414350010000000000000007000000280000001EE90A000000000001000000000000000000010600010000DB80FDAC2839D30100000000000000000200000028000000000000000000004000020000000000000000000000000000EE0F0000000000000100000001000000 "C:\Program Files (x86)\InstallShield Installation Information\{758C8301-2696-4855-AF45-534B1200980A}\setup.exe"=0x5341435001000000000000000700000028000000003812007936120001000000000000000000020600010000DB80FDAC2839D3010000000000000000020000002800000000000000000000400000000000000000000000000000000073C50000000000000100000001000000 "C:\Program Files (x86)\InstallShield Installation Information\{88547073-C566-4895-9005-EBE98EA3F7C7}\setup.exe"=0x534143500100000000000000070000002800000060120F000000000001000000000000000000010600010000DB80FDAC2839D3010000000000000000020000002800000000000000000000400000000000000000000000000000000028BA0000000000000100000001000000 "C:\Program Files\SAMSUNG\USB Drivers\Uninstall.exe"=0x5341435001000000000000000700000028000000184317009D92170001000000000000000000030673020000DB80FDAC2839D3010000000000000000020000002800000000000000000000D0000000000000000000000000000000007BCE0000000000000100000001000000 "C:\Program Files (x86)\Unified Remote 3\unins000.exe"=0x5341435001000000000000000700000028000000B8201200BD90120001000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000618C0000000000000100000001000000 "C:\Users\ligma\AppData\Local\wire\Update.exe"=0x534143500100000000000000070000002800000000301D000000000001000000000000000000000A00210000DB80FDAC2839D3010000000000000000020000002800000000000000000000400000000000000000000000000000000036110000000000000100000001000000 "C:\Program Files\Common Files\adaware\adaware antivirus\updater\12.3.909.11573\AdAwareUpdater.exe"=0x5341435001000000000000000700000028000000B83A82008A57820001000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000340E0100000000000100000001000000 "C:\Users\ligma\AppData\Local\Clavier+\unins000.exe"=0x5341435001000000000000000700000028000000C94F12000000000001000000000000000000020600010000DB80FDAC2839D30100000000000000000200000028000000000000000000004000020000000000000000000000000000A1140000000000000100000001000000 "C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.77.338.0_x86__zpdnekdrzrea0\SpotifyMigrator.exe"=0x5341435001000000000000000700000028000000905D0C00BF2D0D0001000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000AC000000000000001401000014010000 "C:\Users\ligma\Downloads\SandboxieInstall.exe"=0x534143500100000000000000070000002800000098065600D61A560001000000000000000000000A71220000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000B1080200000000000100000001000000 "C:\Program Files (x86)\Steam\Steam.exe"=0x534143500100000000000000070000002800000020D33000D03F310001000000000000000000000A00210000DB80FDAC2839D301000000000000000002000000280000000000000000000000000000000000000000000000000000002F000000000000000100000001000000 "C:\Program Files\Sandboxie\Start.exe"=0x534143500100000000000000070000002800000098C40300E83D040001000000000000000000000A73200000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000C7880000000000000100000001000000 "C:\Program Files\Sandboxie\SbieCtrl.exe"=0x534143500100000000000000070000002800000098323800AAC1380001000000000000000000000A73200000DB80FDAC2839D3010000000000000000 "C:\Users\ligma\Desktop\QuickDiag.exe"=0x5341435001000000000000000700000028000000A8C73C0092F63C0001000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000FED50000000000000100000001000000 ---------- | IFEO ---------- | Mountpoints2 [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{6f1f2708-e89e-11e7-9e39-c8ff28ef6e8e}] : "E:\HiSuiteDownLoader.exe" (AutoRun) ---------- | Windows [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] ""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "Beep"=#USR:Control Panel\Sound "CoolSwitch"=USR:Control Panel\Desktop "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickSpeed"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse "Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SwapMouseButtons"=#USR:Control Panel\Mouse "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "Beep"=#USR:Control Panel\Sound "CoolSwitch"=USR:Control Panel\Desktop "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickSpeed"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SwapMouseButtons"=#USR:Control Panel\Mouse "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems] "windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ---------- | Security center [HKLM\SOFTWARE\Microsoft\Security Center] "cval"=1 [HKLM\SOFTWARE\Microsoft\Security Center\svc] "VistaSp1"=131538510808194666 [HKLM\SOFTWARE\Microsoft\Windows Defender] "ProductAppDataPath"=C:\ProgramData\Microsoft\Windows Defender "ProductIcon"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-100 "ProductLocalizedName"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-1000 "RemediationExe"=%ProgramFiles%\Windows Defender\MSASCui.exe "DisableAntiSpyware"=0 "TrustedImageIdentifier"=POP010KY63X8IC25-PAP010NJ63X86C31 "ProductType"=2 "InstallTime"=0x382A7C75E61BD201 "ManagedDefenderProductType"=0 "ProductStatus"=0 "OOBEInstallTime"=0xE18843B36025D201 "DisableAntiVirus"=0 "InstallLocation"=C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\ "LastEnabledTime"=0x85F34D11DBD4D301 "OneTimeSqmDataSent"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall"=1 ---------- | Safeboot [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicDisplay.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicRender.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BrokerInfrastructure] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DeviceInstall] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dxgkrnl.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\epmntdrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EuGdiDrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FsDepends.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LSM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SerCx2.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SystemEventsBroker] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicDisplay.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicRender.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BrokerInfrastructure] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DeviceInstall] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dxgkrnl.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\epmntdrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EuGdiDrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\FsDepends.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LSM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetSetupSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SerCx2.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmartcardSimulator] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SpbCx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SystemEventsBroker] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TileDataModelSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\uefi.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VirtualSmartcardReader] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wcmsvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}] ---------- | Winsock (Whitelist) ---------- | Hosts ---------- | Ping Envoi d'une requ?te 'ping' sur google.com [216.58.198.206] avec 32 octets de donn?es?: R?ponse de 216.58.198.206?: octets=32 temps=168 ms TTL=55 R?ponse de 216.58.198.206?: octets=32 temps=174 ms TTL=55 R?ponse de 216.58.198.206?: octets=32 temps=162 ms TTL=55 R?ponse de 216.58.198.206?: octets=32 temps=158 ms TTL=55 Statistiques Ping pour 216.58.198.206: Paquets?: envoy?s = 4, re?us = 4, perdus = 0 (perte 0%), Dur?e approximative des boucles en millisecondes : Minimum = 158ms, Maximum = 174ms, Moyenne = 165ms ---------- | @ [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\Microsoft\Internet Explorer\Main] "Anchor Underline"=yes "Disable Script Debugger"=yes "DisableScriptDebuggerIE"=yes "Display Inline Images"=yes "Do404Search"=0x01000000 "Save_Session_History_On_Exit"=no "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Show_FullURL"=no "Show_StatusBar"=yes "Show_ToolBar"=yes "Show_URLinStatusBar"=yes "Show_URLToolBar"=yes "Use_DlgBox_Colors"=yes "UseClearType"=no "XMLHTTP"=1 "Cache_Update_Frequency"=Once_Per_Session "Local Page"=C:\WINDOWS\system32\blank.htm "Enable Browser Extensions"=yes "Play_Background_Sounds"=yes "Play_Animations"=yes "Default_Page_URL"=http://acer15.msn.com/?pc=ACTE "DisableFirstRunCustomize"=1 "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "OperationalData"=12 "EdgeSwitchingOSBuildNumber"=10586.th2_release.160906-1759 "CompatibilityFlags"=0 "FullScreen"=no "Window_Placement"=0x2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFB6000000B600000022050000AE020000 "ImageStoreRandomFolder"=vqlpjkv "Start Page_TIMESTAMP"=0x00963C6E8251D201 "SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy"=0x010000004800000049CF6A6880E0A4E331AFD50DCD2436A0BEF4A18143D850B65C7BAD1B606968CDDFB70AF69F332B7BDD53292A97B61F77F27DF1D704475AF62231CFCEE195AF5D2426BC3F4BAD5F3C02000000100000004A54526B25326263443667526B253364 "FormSuggest PW Ask"=yes "ScriptDebugger_EnableHiddenTabs"=0 "StatusBarWeb"=1 "ForceGDIPlus"=0 "AlwaysShowMenus"=0 "ShutdownWaitForOnUnload"=0 "DNSPreresolution"=8 "SpellChecking"=1 "LangToolsBroker"={5bbd58bb-993e-4c17-8af6-3af8e908fca8} "DisablePasswordReveal"=0 "DisableRequiresActiveXPrompt"= "SuppressScriptDebuggerDialog"=0 "PredictedViewExpansion"=100 "PredictedViewChangeThreshold"=10 "PredictedViewChangeThresholdPaint"=10 "ContentLayerCacheExpansion"=300 "RenderingLoopMaxTime"=250 "NscSingleExpand"=0 "Error Dlg Displayed On Every Error"=no "NotifyDownloadComplete"=yes "Friendly http errors"=yes "CSS_Compat"=doctype "Expand Alt Text"=no "Display Inline Videos"=1 "Use Stylesheets"=1 "SmoothScroll"=1 "Show image placeholders"=0 "Disable Diagnostics Mode"=no "Move System Caret"=no "Enable AutoImageResize"=yes "UseThemes"=1 "UseHR"=0 "Q300829"=0 "Cleanup HTCs"=0 "XDomainRequest"=1 "DOMStorage"=1 "EnableAlternativeCodec"=yes "JScriptProfileCacheEventDelay"=5000 "HideLocalHostIP"=0 "CrossfadeMinTimeoutInMS"=30000 "CrossfadeMaxTimeoutInMS"=30000 "CrossfadeCurrentTimeoutInMS"=30000 "ScrollTimeoutInMS"=6000 "IE10RunOnceLastShown"=0 "IE10RunOnceLastShown_TIMESTAMP"=0xCAD5D558ACBED301 "IE10RunOncePerInstallCompleted"=0 "IE10TourNoShow"=0 "IE10TourShown"=0 "IE10RecommendedSettingsNo"=0 "FrameTabWindow"=1 "AdminTabProcs"=1 "SessionMerging"=1 "FrameMerging"=1 "HangRecovery"=1 "DesktopTransparentCoverWindowTime"=8 "TSEnable"=1 "Isolation"=PMIL "Isolation64Bit"=0 "IsolationImmersive"=PMEM "TabShutdownDelay"=60000 "FrameShutdownDelay"=0 "NoUpdateCheck"=1 "Search Bar"=Preserve "MinIEEnabled"=1 "RefcountTracker"=0 "TabDragOnSingleProc"=0 "ForceBFCacheCandidacyPass"=0 "Fasterback"=1 "BackForwardInstrumentation"=0 "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE03&ocid=UE03DHP "UseSWRender"=0 "GotoIntranetSiteForSingleWordEntry"=0 "DoNotTrack"=0 "AutoHide"=yes "SearchBandMigrationVersion"=0 "HideNewEdgeButton"=1 "ShowApplicationGuardFirstRunExperienceFromIE"=1 "Check_Associations"=yes "EnableLeakDetectionInEdge"=0 "IE11EdgeNotifyTime"=0x0000000000000000 "EdgeReminderURL"=http://go.microsoft.com/fwlink/?LinkId=838604 "EdgeReminderDuration"=31 "EdgeReminderRemainingCount"=6 "News Feed First Run Experience"=1 [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\Microsoft\Windows\CurrentVersion\Internet settings] "DisableCachingOfSSLPages"=0 "IE5_UA_Backup_Flag"=5.0 "PrivacyAdvanced"=1 "SecureProtocols"=2688 "CertificateRevocation"=1 "User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32) "ZonesSecurityUpgrade"=0x76D9F2C68BD1D301 "WarnonZoneCrossing"=0 "EnableNegotiate"=1 "MigrateProxy"=1 "ProxyEnable"=0 "UrlEncoding"=0 "EnableAutodial"=0 "NoNetAutodial"=0 "EnableHttp1_1"=1 "ProxyHttp1.1"=1 "EnableHTTP2"=1 "BackgroundConnections"=1 "SyncMode5"=4 "EmailName"=IEUser@ "MimeExclusionListForCache"=multipart/mixed multipart/x-mixed-replace multipart/x-byteranges "EnableSSL3Fallback"=1 "EnablePunycode"=1 "ShowPunycode"=0 "CreateUriCacheSize"=80 "CoInternetCombineIUriCacheSize"=80 "SecurityIdIUriCacheSize"=30 "SpecialFoldersCacheSize"=8 "PrivDiscUiShown"=1 "WarnOnIntranet"=1 "AutoConfigProxy"=wininet.dll "UseSchannelDirectly"=0x01000000 "DisableIDNPrompt"=0 "WarnOnPostRedirect"=1 "WarnonBadCertRecving"=1 "PreventIgnoreCertErrors"=0 [HKLM\Software\Microsoft\Internet Explorer\Main] "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "AutoHide"=yes "Anchor_Visitation_Horizon"=0x01000000 "Cache_Percent_of_Disk"=0x0A000000 "Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Secondary_Page_URL"= "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "Extensions Off Page"=about:NoAdd-ons "Local Page"=C:\Windows\System32\blank.htm "Placeholder_Height"=0x1A000000 "Placeholder_Width"=0x1A000000 "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Security Risk Page"=about:SecurityRisk "Use_Async_DNS"=yes "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE "Start Page"=about:blank "TabProcGrowth"=Medium [HKLM\Software\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "Home"=270 "InPrivate"=res://ieframe.dll/inprivate.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "PostNotCached"=res://ieframe.dll/repost.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes] "ftp"=ftp:// "home"=http:// "mosaic"=http:// "www"=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings] "ActiveXCache"=C:\Windows\Downloaded Program Files "CodeBaseSearchPath"=CODEBASE "EnablePunycode"=1 "MinorVersion"=0 "WarnOnIntranet"=1 "ProxyEnable"=0 [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Main] "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "AutoHide"=yes "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Anchor_Visitation_Horizon"=0x01000000 "Cache_Percent_of_Disk"=0x0A000000 "Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Secondary_Page_URL"= "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "Extensions Off Page"=about:NoAdd-ons "Local Page"=C:\Windows\SysWOW64\blank.htm "Placeholder_Height"=0x1A000000 "Placeholder_Width"=0x1A000000 "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Security Risk Page"=about:SecurityRisk "Use_Async_DNS"=yes "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "Home"=270 "InPrivate"=res://ieframe.dll/inprivate.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "PostNotCached"=res://ieframe.dll/repost.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes] "ftp"=ftp:// "home"=http:// "mosaic"=http:// "www"=http:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet settings] "ActiveXCache"=C:\Windows\Downloaded Program Files "CodeBaseSearchPath"=CODEBASE "EnablePunycode"=1 "MinorVersion"=0 "WarnOnIntranet"=1 "ProxyEnable"=0 ---------- | Proxy ---------- | reparsepoint ---------- | Detection of offsets ---------- | Notify ---------- | Execution FileExts ---------- | SIOI | SEH | URLSH [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6] - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} -- C:\Windows\System32\EhStorShell.dll [29/09/2017 14:41:47] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6] - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} -- [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks] "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"= ---------- | Toolbar [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "Locked"=1 [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser] "ITBar7Layout"=0x13000000000000000000000020000000100000001500000001000000000700005E010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} "Version"=5 "UpgradeTime"=0x6CDBEE405B2DD301 [HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{093F479D-712E-46CD-9E06-62E734A05F68}"= [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={2B351BD9-5D58-4C8C-99F9-8CEBE73753BC} [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Toolbar] "{093F479D-712E-46CD-9E06-62E734A05F68}"= [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={2B351BD9-5D58-4C8C-99F9-8CEBE73753BC} ---------- | Extensions ---------- | SearchScopes [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2B351BD9-5D58-4C8C-99F9-8CEBE73753BC}] - () - : [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8AC0EEDD-401F-436A-AE04-E352C4E83CA2}] - () - : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2B351BD9-5D58-4C8C-99F9-8CEBE73753BC}] - (Bing) - http://www.bing.com/search?q={searchTerms}&form=PRACE1&src=IE11TR&pc=ACTE : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8AC0EEDD-401F-436A-AE04-E352C4E83CA2}] - (Bing) - http://www.bing.com/search?q={searchTerms}&form=PRACE1&src=IE11TR&pc=ACTE : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{2B351BD9-5D58-4C8C-99F9-8CEBE73753BC}] - (Bing) - http://www.bing.com/search?q={searchTerms}&form=PRACE1&src=IE11TR&pc=ACTE : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{8AC0EEDD-401F-436A-AE04-E352C4E83CA2}] - (Bing) - http://www.bing.com/search?q={searchTerms}&form=PRACE1&src=IE11TR&pc=ACTE : ---------- | Browser Helper Objects [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}] -> () : [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2E38825B-8815-42CF-9126-C58BC28D4591}] -> (Kaspersky Protection) : C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\IEExt\ie_plugin.dll [12/03/2017 01:05:18] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] -> (Java(tm) Plug-In SSV Helper) : C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [01/03/2018 14:58:13] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] -> (Java(tm) Plug-In 2 SSV Helper) : C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [01/03/2018 14:58:13] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2E38825B-8815-42CF-9126-C58BC28D4591}] -> (Kaspersky Protection) : C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\IEExt\ie_plugin.dll [12/03/2017 01:05:18] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] -> (Java(tm) Plug-In SSV Helper) : C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [01/03/2018 14:58:13] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] -> (Java(tm) Plug-In 2 SSV Helper) : C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [01/03/2018 14:58:13] ---------- | Chrome C:\Users\ligma\AppData\Local\Google\Chrome\User Data\Default\extensions\aapocclcgogkmnckokdopfmhonfmgoek = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\ligma\AppData\Local\Google\Chrome\User Data\Default\extensions\aohghmighlieiainnegkcijnfilokake = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\ligma\AppData\Local\Google\Chrome\User Data\Default\extensions\apdfllckaahabafndbhieahigkjlhalf = : Google & co - https://drive.google.com/?usp=chrome_app - Google & co - [http://docs.google.com/http://drive.google.com/https://docs.google.com/https://drive.google.com/] - https://clients2.google.com/service/update2/crx C:\Users\ligma\AppData\Local\Google\Chrome\User Data\Default\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo = : Google & co - http://www.youtube.com - http://www.youtube.com - Google & co - http://clients2.google.com/service/update2/crx C:\Users\ligma\AppData\Local\Google\Chrome\User Data\Default\extensions\fahmaaghhglfmonjliepjlchgpgfmobi = : __MSG_4886126295094352182__ - short_name: __MSG_7774266771623079214__ - 383889641097-j3bpg7n6ao86l0f5v3b0br458rrug02m.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx C:\Users\ligma\AppData\Local\Google\Chrome\User Data\Default\extensions\felcaaldnbdncclmgdcncolpebgiejap = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\ligma\AppData\Local\Google\Chrome\User Data\Default\extensions\fhoibnponjcgjgcnfacekaijdbbplhib = : __MSG_ExtensionDescription__ - __MSG_ExtensionName__ - https://clients2.google.com/service/update2/crx C:\Users\ligma\AppData\Local\Google\Chrome\User Data\Default\extensions\flliilndjeohchalpbbcdekjklbdgfkk = : __MSG_extDescription__ - __MSG_extName__ - https://clients2.google.com/service/update2/crx C:\Users\ligma\AppData\Local\Google\Chrome\User Data\Default\extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi = : __MSG_extDesc__ - __MSG_extName__ - https://clients2.google.com/service/update2/crx C:\Users\ligma\AppData\Local\Google\Chrome\User Data\Default\extensions\gmohpefamblocnmkimaabagacaceinam = : __MSG_esdesc__ - __MSG_esname__ - https://clients2.google.com/service/update2/crx C:\Users\ligma\AppData\Local\Google\Chrome\User Data\Default\extensions\nmmhkkegccagdldgiimedpiccmgmieda = : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx C:\Users\ligma\AppData\Local\Google\Chrome\User Data\Default\extensions\pjkljhegncpnkpknbcohdijeoejaedia = : Google & co - https://mail.google.com/mail/ca - Google & co - [*://mail.google.com/mail/ca] - http://clients2.google.com/service/update2/crx C:\Users\ligma\AppData\Local\Google\Chrome\User Data\Default\extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm = : Provider for discovery and services for mirroring of Chrome Media Router - Chrome Media Router - 919648714761-55j965o0km033psv3i9qls5mo3qtdrb0.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx [HKLM\Software\Google\Chrome\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib] [HKLM\Software\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk] [HKLM\Software\Google\Chrome\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp] [HKLM\Software\WOW6432Node\Google\Chrome\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib] [HKLM\Software\WOW6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk] [HKLM\Software\WOW6432Node\Google\Chrome\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam] ---------- | Opera C:\Users\ligma\AppData\Roaming\Opera Software\Opera Stable\extensions\adgafhafebhhomajadapndmhmckpfpic = : __MSG_extDesc__ - Tree Tabs - https://extension-updates.opera.com/api/omaha/update/ C:\Users\ligma\AppData\Roaming\Opera Software\Opera Stable\extensions\agocngbnphnfdhpacecdpcpfphhdmoff = : __MSG_description__ - short_name: Zoom - permissions:[contextMenustabs\u003Call_urls>storagenotifications] - https://extension-updates.opera.com/api/omaha/update/ C:\Users\ligma\AppData\Roaming\Opera Software\Opera Stable\extensions\baocaagndhipibgklemoalmkljaimfdj = : A tool for designers to measure screen dimensions - Dimensions - https://clients2.google.com/service/update2/crx C:\Users\ligma\AppData\Roaming\Opera Software\Opera Stable\extensions\bbkekonodcdmedgffkkbgmnnekbainbg = : __MSG_short_description__ - version_name: 8.0.3.1 - https://extension-updates.opera.com/api/omaha/update/ C:\Users\ligma\AppData\Roaming\Opera Software\Opera Stable\extensions\bdbghbgbindbkaainmmmekddaokgbffn = : Automatically find and apply coupon codes when you shop online! - Honey - https://extension-updates.opera.com/api/omaha/update/ C:\Users\ligma\AppData\Roaming\Opera Software\Opera Stable\extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp = : __MSG_extension_description__ - ColorZilla - permissions:[tabs\u003Call_urls>] - https://clients2.google.com/service/update2/crx C:\Users\ligma\AppData\Roaming\Opera Software\Opera Stable\extensions\cdkjiboegfmaoljgenhdapdngbdepigm = : The famous 2048 game on the Opera Sidebar. - 2048 Sidebar - https://extension-updates.opera.com/api/omaha/update/ C:\Users\ligma\AppData\Roaming\Opera Software\Opera Stable\extensions\chphlpgkkbolifaimnlloiipkdnihall = : __MSG_manifestDescription__ - OneTab - permissions:[tabs\u003Call_urls>webRequestwebRequestBlockingcontextMenus] - https://clients2.google.com/service/update2/crx C:\Users\ligma\AppData\Roaming\Opera Software\Opera Stable\extensions\dcmckllgnkpcbeccppoedhmmincfdgni = : __MSG_extDescription__ - __MSG_extName__ - https://extension-updates.opera.com/api/omaha/update/ C:\Users\ligma\AppData\Roaming\Opera Software\Opera Stable\extensions\ddpephnhacfpgcemhioaejgenlgadnnh = : Preloads any YouTube links and appends the title of the video to the link in the referring page. - Video Title Adder - https://clients2.google.com/service/update2/crx C:\Users\ligma\AppData\Roaming\Opera Software\Opera Stable\extensions\dfanhpdcmhemhkjafmannijhneiplgec = : Brancher lets you explore manage and share your history in a totally new visual way. - short_name: brancher - permissions:[identitywebNavigationtabscontextMenushistorywebRequestwebRequestBlockingnotificationssessionshttps://www.googleapis.com/\u003Call_urls>] - 988709185566-qfhg97ue5d7rj3f9f7a38vmpr6h3ms8v.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx C:\Users\ligma\AppData\Roaming\Opera Software\Opera Stable\extensions\ebpielhlnnpkiddeeacoephkilopgblc = : __MSG_extensionDescription__ - __MSG_extensionName__ - permissions:[tabscontentSettingsmanagementcookiesnotificationsproxywebRequestwebRequestBlockingprivacy\u003Call_urls>offroad] - https://extension-updates.opera.com/api/omaha/update/ C:\Users\ligma\AppData\Roaming\Opera Software\Opera Stable\extensions\ehcgjadobjgpoblppedbeogpgkjeiham = : QR Code Generator - short_name: QR Code - https://extension-updates.opera.com/api/omaha/update/ C:\Users\ligma\AppData\Roaming\Opera Software\Opera Stable\extensions\emcclmhiklabihbljnpjnacgdaaohpjc = : Watch YouTube in the full-HD quality or the highest available one - short_name: iyutubehd - https://extension-updates.opera.com/api/omaha/update/ C:\Users\ligma\AppData\Roaming\Opera Software\Opera Stable\extensions\eogfogpibhkncjnldmfbljblmkghihnd = : Navigate to websites in the sidebar. - Web Panel - permissions:[storagebookmarkswebRequestwebRequestBlocking\u003Call_urls>] - https://extension-updates.opera.com/api/omaha/update/ C:\Users\ligma\AppData\Roaming\Opera Software\Opera Stable\extensions\flkijckbigolpahbkklilflpmkalfohc = : __MSG_description__ - short_name: ignotifier - https://extension-updates.opera.com/api/omaha/update/ C:\Users\ligma\AppData\Roaming\Opera Software\Opera Stable\extensions\gcbommkclmclpchllfjekcdonpmejbdp = : __MSG_about_ext_description__ - __MSG_about_ext_name__ - http://clients2.google.com/service/update2/crx C:\Users\ligma\AppData\Roaming\Opera Software\Opera Stable\extensions\gfenjblodoldnbiddmggcbkcapiolbig = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\ligma\AppData\Roaming\Opera Software\Opera Stable\extensions\gmohpefamblocnmkimaabagacaceinam = : __MSG_esdesc__ - __MSG_esname__ - https://clients2.google.com/service/update2/crx C:\Users\ligma\AppData\Roaming\Opera Software\Opera Stable\extensions\gojbdfnpnhogfdgjbigejoaolejmgdhk = : Google & co - OneNote Web Clipper - permissions:[\u003Call_urls>activeTabcontextMenustabswebRequestwebRequestBlockingstoragewebNavigation] - https://clients2.google.com/service/update2/crx C:\Users\ligma\AppData\Roaming\Opera Software\Opera Stable\extensions\imilbobhamcfahccagbncamhpnbkaenm = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\ligma\AppData\Roaming\Opera Software\Opera Stable\extensions\kfdfpgeiehibehpmgjnkekpenkkfajlj = : __MSG_extDescription__ - __MSG_extName__ - https://extension-updates.opera.com/api/omaha/update/ C:\Users\ligma\AppData\Roaming\Opera Software\Opera Stable\extensions\kipjbhgniklcnglfaldilecjomjaddfi = : __MSG_description__ - __MSG_name__ - https://extension-updates.opera.com/api/omaha/update/ C:\Users\ligma\AppData\Roaming\Opera Software\Opera Stable\extensions\kjacjjdnoddnpbbcjilcajfhhbdhkpgk = : Google & co - Google & co - permissions:[activeTabstoragenotificationstabshttps://*/*\u003Call_urls>] - https://clients2.google.com/service/update2/crx C:\Users\ligma\AppData\Roaming\Opera Software\Opera Stable\extensions\kmfnjcfhogoimhkaenemdgchchjjmifi = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\ligma\AppData\Roaming\Opera Software\Opera Stable\extensions\laookkfknpbbblfpciffpaejjkokdgca = : Replace new tab page with a personal dashboard featuring to-do weather and inspiration. - short_name: Momentum - https://clients2.google.com/service/update2/crx C:\Users\ligma\AppData\Roaming\Opera Software\Opera Stable\extensions\mcbpblocgmgfnpjjppndjkmgjaogfceg = : Google & co - short_name: FireShot - optional_permissions:[tabs\u003Call_urls>downloads] - https://clients2.google.com/service/update2/crx C:\Users\ligma\AppData\Roaming\Opera Software\Opera Stable\extensions\mhckaeojpndkpchffabjhnkeiildpjhg = : __MSG_opis__ - V7 Extension Manager - https://extension-updates.opera.com/api/omaha/update/ C:\Users\ligma\AppData\Roaming\Opera Software\Opera Stable\extensions\molncoemjfmpgdkbdlbjmhlcgniigdnf = : Highlight copy edit and translate text from any image on the web. - short_name: Naptha - permissions:[clipboardWriteclipboardReadstoragecontextMenustts\u003Call_urls>] - https://clients2.google.com/service/update2/crx C:\Users\ligma\AppData\Roaming\Opera Software\Opera Stable\extensions\nbjjemmkialdllodpkodmdifebbadnak = : Preview documents videos music and more before you download them. - Peek - https://extension-updates.opera.com/api/omaha/update/ C:\Users\ligma\AppData\Roaming\Opera Software\Opera Stable\extensions\nlffnljnicbkfhnlomjhjlebndachaka = : __MSG_extDesc__ - default_title: __MSG_extName__ - permissions:[tabsstoragecontextMenus\u003Call_urls>] - https://extension-updates.opera.com/api/omaha/update/ C:\Users\ligma\AppData\Roaming\Opera Software\Opera Stable\extensions\nojknakoailnpbjlmfkpbbhoodlolfbh = : A very simple and useful reference for the codes that can be used to generate Emojis on popular sites like GitHub or Basecamp. - short_name: Emoji Helper - https://clients2.google.com/service/update2/crx C:\Users\ligma\AppData\Roaming\Opera Software\Opera Stable\extensions\oemmndcbldboiebfnladdacbdfmadadm = : Uses HTML5 to display PDF files directly in the browser. - PDF Viewer - permissions:[fileBrowserHandlerwebRequestwebRequestBlocking\u003Call_urls>tabswebNavigationstorage] - https://clients2.google.com/service/update2/crx C:\Users\ligma\AppData\Roaming\Opera Software\Opera Stable\extensions\ogmklpmbehclccahgccdnhjipkmmjaom = : Easy Access to Google Translate via Sidebar UI - short_name: translatorsidebar - permissions:[tabsstorage\u003Call_urls>webRequestcontextMenuswebRequestBlocking] - https://extension-updates.opera.com/api/omaha/update/ C:\Users\ligma\AppData\Roaming\Opera Software\Opera Stable\extensions\oidhhegpmlfpoeialbgcdocjalghfpkp = : __MSG_description__ - short_name: __MSG_name__ - permissions:[tabs\u003Call_urls>contextMenuswebRequestwebRequestBlockingwebNavigationstorageunlimitedStoragenotifications] - https://extension-updates.opera.com/api/omaha/update/ C:\Users\ligma\AppData\Roaming\Opera Software\Opera Stable\extensions\oldceeleldhonbafppcapldpdifcinji = : Google & co - short_name: LanguageTool - https://clients2.google.com/service/update2/crx C:\Users\ligma\AppData\Roaming\Opera Software\Opera Stable\extensions\pcdbekffgfnmjeacgnmdbekgjffgfckb = : __MSG_description__ - __MSG_name__ - https://extension-updates.opera.com/api/omaha/update/ ---------- | Firefox C:\Users\ligma\AppData\Roaming\Mozilla\Firefox\Profiles\d2eu4sra.default\Extensions\fr-dicollecte@dictionaries.addons.mozilla.org : : Dictionnaire français - : http://www.dicollecte.org/ C:\Users\ligma\AppData\Roaming\Mozilla\Firefox\Profiles\d2eu4sra.default\Extensions\abs@avira.com.xpi C:\Users\ligma\AppData\Roaming\Mozilla\Firefox\Profiles\d2eu4sra.default\Extensions\copyfish@a9t9.com.xpi C:\Users\ligma\AppData\Roaming\Mozilla\Firefox\Profiles\d2eu4sra.default\Extensions\firefox@ghostery.com.xpi C:\Users\ligma\AppData\Roaming\Mozilla\Firefox\Profiles\d2eu4sra.default\Extensions\jid1-NdaSiRJQjdPtJg@jetpack.xpi C:\Users\ligma\AppData\Roaming\Mozilla\Firefox\Profiles\d2eu4sra.default\Extensions\jid1-Xo5SuA6qc1DFpw@jetpack.xpi C:\Users\ligma\AppData\Roaming\Mozilla\Firefox\Profiles\d2eu4sra.default\Extensions\langpack-fr@firefox.mozilla.org.xpi C:\Users\ligma\AppData\Roaming\Mozilla\Firefox\Profiles\d2eu4sra.default\Extensions\languagetool-webextension@languagetool.org.xpi C:\Users\ligma\AppData\Roaming\Mozilla\Firefox\Profiles\d2eu4sra.default\Extensions\safesearchplus2@avira.com.xpi C:\Users\ligma\AppData\Roaming\Mozilla\Firefox\Profiles\d2eu4sra.default\Extensions\{0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}.xpi C:\Users\ligma\AppData\Roaming\Mozilla\Firefox\Profiles\d2eu4sra.default\Extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}.xpi C:\Users\ligma\AppData\Roaming\Mozilla\Firefox\Profiles\d2eu4sra.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [HKLM\Software\mozilla\Firefox\Extensions] "light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com"=C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\FFExt\light_plugin_firefox\addon.xpi [HKLM\Software\WOW6432Node\mozilla\Firefox\Extensions] "light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com"=C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\FFExt\light_plugin_firefox\addon.xpi [HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer] - (Adobe® Flash® Player 29.0.0.140 Plugin) : C:\WINDOWS\system32\Macromed\Flash\NPSWF64_29_0_0_140.dll [HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=12.0.4.0] - (Java™ Deployment Toolkit) : C:\Program Files\Java\jre-9.0.4\bin\dtplugin\npDeployJava1.dll [HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=12.0.4.0] - (Oracle® Next Generation Java™ Plug-In) : C:\Program Files\Java\jre-9.0.4\bin\plugin2\npjp2.dll [HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.8] - (VLC Multimedia Plugin) : C:\Program Files\VideoLAN\VLC\npvlc.dll [HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=3.0.0] - (VLC Multimedia Plugin) : C:\Program Files\VideoLAN\VLC\npvlc.dll [HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=3.0.1] - (VLC Multimedia Plugin) : C:\Program Files\VideoLAN\VLC\npvlc.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@adobe.com/FlashPlayer] - (Adobe® Flash® Player 29.0.0.140 Plugin) : C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_140.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68] - (Intel IPT WebApi plugin) : C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater] - (This plugin updates Intel WebAPI component) : C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.161.2] - (Java™ Deployment Toolkit) : C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.161.2] - (Oracle® Next Generation Java™ Plug-In) : C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331] - (WLPG Install MIME type) : C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [HKLM\Software\WOW6432Node\MozillaPlugins\Adobe Reader] - (Handles PDFs in-place in Firefox) : C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll C:\Users\ligma\AppData\Roaming\Mozilla\Firefox\Profiles\d2eu4sra.default\Prefs.js user_pref("browser.search.defaultenginename", "Google"); user_pref("browser.startup.homepage", "www.google.fr"); user_pref("browser.startup.homepage_override.buildID", "20180103231032"); user_pref("browser.startup.homepage_override.mstone", "57.0.4"); user_pref("browser.uiCustomization.state", "{\"placements\":{\"widget-overflow-fixed-list\":[\"toggle-button--jid1-zmgygiqpxjtjnajetpack-lilo-prefs\"],\"PersonalToolbar\":[\"personal-bookmarks\"],\"nav-bar\":[\"back-button\",\"forward-button\",\"stop-reload-button\",\"home-button\",\"customizableui-special-spring1\",\"urlbar-container\",\"search-container\",\"customizableui-special-spring2\",\"downloads-button\",\"library-button\",\"loop-button\",\"abp-toolbarbutton\",\"toggle-button--light_plugin_f6f079488b53499db99380a7e11a93f6kasperskycom-kl-light_plugin_f6f079488b53499db99380a7e11a93f6kasperskycom-plugin-button\",\"jid1-93cwpmrbvpjrqa_jetpack-browser-action\",\"_6ac85730-7d0f-4de0-b3fa-21142dd85326_-browser-action\",\"copyfish_a9t9_com-browser-action\",\"firefox_ghostery_com-browser-action\",\"jid1-xo5sua6qc1dfpw_jetpack-browser-action\",\"action-button--b9db16a4-6edc-47ec-a1f4-b86292ed211d-vdh-tbbutton\",\"languagetool-webextension_languagetool_org-browser-action\",\"screenshots_mozilla_org-browser-action\",\"sidebar-button\",\"_0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3_-browser-action\",\"_d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d_-browser-action\",\"light_plugin_f6f079488b53499db99380a7e11a93f6_kaspersky_com-browser-action\"],\"TabsToolbar\":[\"tabbrowser-tabs\",\"new-tab-button\",\"alltabs-button\"],\"toolbar-menubar\":[\"menubar-items\"],\"addon-bar\":[\"addonbar-closebutton\",\"status-bar\"]},\"seen\":[\"loop-button\",\"toggle-button--abb-aceramazoncom-mazon1\",\"pocket-button\",\"abp-toolbarbutton\",\"developer-button\",\"toggle-button--jid1-zmgygiqpxjtjnajetpack-lilo-prefs\",\"toggle-button--light_plugin_f6f079488b53499db99380a7e11a93f6kasperskycom-kl-light_plugin_f6f079488b53499db99380a7e11a93f6kasperskycom-plugin-button\",\"webide-button\",\"jid1-93cwpmrbvpjrqa_jetpack-browser-action\",\"_6ac85730-7d0f-4de0-b3fa-21142dd85326_-browser-action\",\"copyfish_a9t9_com-browser-action\",\"firefox_ghostery_com-browser-action\",\"jid1-xo5sua6qc1dfpw_jetpack-browser-action\",\"action-button--b9db16a4-6edc-47ec-a1f4-b86292ed211d-vdh-tbbutton\",\"languagetool-webextension_languagetool_org-browser-action\",\"screenshots_mozilla_org-browser-action\",\"_0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3_-browser-action\",\"_d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d_-browser-action\",\"light_plugin_f6f079488b53499db99380a7e11a93f6_kaspersky_com-browser-action\"],\"dirtyAreaCache\":[\"PersonalToolbar\",\"nav-bar\",\"TabsToolbar\",\"toolbar-menubar\",\"PanelUI-contents\",\"addon-bar\",\"widget-overflow-fixed-list\"],\"currentVersion\":12,\"newElementCount\":2}"); user_pref("e10s.rollout.cohort", "webextensions-multiBucket4"); user_pref("extensions.adblockplus.currentVersion", "2.9.1"); user_pref("extensions.adblockplus.notificationdata", "{\"lastCheck\":1505670129052,\"softExpiration\":1505740428005,\"hardExpiration\":1505821536470,\"data\":{\"notifications\":[],\"version\":\"201709171145\"},\"lastError\":0,\"downloadStatus\":\"synchronize_ok\",\"downloadCount\":175,\"shown\":{\"antiadblock\":1503173670506}}"); user_pref("extensions.blocklist.pingCountTotal", 222); user_pref("extensions.blocklist.pingCountVersion", -1); user_pref("extensions.bootstrappedAddons", "{\"light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com\":{\"version\":\"5.0.141-12-20170704091344\",\"type\":\"extension\",\"multiprocessCompatible\":false,\"descriptor\":\"C:\\\\Program Files (x86)\\\\Kaspersky Lab\\\\Kaspersky Anti-Virus 17.0.0\\\\FFExt\\\\light_plugin_firefox\\\\addon.xpi\"}}"); user_pref("extensions.databaseSchema", 23); user_pref("extensions.dwhelper.convertHelper.lastChecked", 1504456951); user_pref("extensions.dwhelper.converter-path", "C:\\Program Files\\ConvertHelper3\\avconv.exe"); user_pref("extensions.dwhelper.dlconv-last-output", "4174b9dd-c2a0-409d-801d-c84f96be0b76"); user_pref("extensions.dwhelper.download-count", 1); user_pref("extensions.dwhelper.last-version", "6.3.1"); user_pref("extensions.dwhelper.need-prefs-migration", false); user_pref("extensions.dwhelper.scrap.state", "stopped"); user_pref("extensions.dwhelper.storagedirectory", "C:\\Users\\ligma\\Music"); user_pref("extensions.dwhelper.tpsr.state", "stopped"); user_pref("extensions.e10s.rollout.blocklist", ""); user_pref("extensions.e10s.rollout.hasAddon", true); user_pref("extensions.e10s.rollout.policy", "50allmpc"); user_pref("extensions.e10sBlockedByAddons", false); user_pref("extensions.e10sMultiBlockedByAddons", false); user_pref("extensions.followonsearch.cohortSample", "0.878105"); user_pref("extensions.getAddons.cache.lastUpdate", 1505649427); user_pref("extensions.getAddons.databaseSchema", 5); user_pref("extensions.hotfix.lastVersion", "20170302.01"); user_pref("extensions.installedDistroAddon.abb-acer@amazon.com", true); user_pref("extensions.installedDistroAddon.langpack-fr@firefox.mozilla.org", true); user_pref("extensions.installedDistroAddon.partnerdefaults@mozilla.com", true); user_pref("extensions.jid1-zmgYgiQPXJtjNA@jetpack.defaultSearchEngineLilo", false); user_pref("extensions.jid1-zmgYgiQPXJtjNA@jetpack.firsttime", true); user_pref("extensions.jid1-zmgYgiQPXJtjNA@jetpack.lang", "fr"); user_pref("extensions.jid1-zmgYgiQPXJtjNA@jetpack.newTabLilo", false); user_pref("extensions.jid1-zmgYgiQPXJtjNA@jetpack.reactivationTimeLiloSearch", 0); user_pref("extensions.jid1-zmgYgiQPXJtjNA@jetpack.reactivationTimeLiloTab", 0); user_pref("extensions.jid1-zmgYgiQPXJtjNA@jetpack.userkey", "6fc4ef90f3c54c4133d6f7134dd6157d"); user_pref("extensions.lastAppVersion", "57.0.4"); user_pref("extensions.lastPlatformVersion", "57.0.4"); user_pref("extensions.light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com.sdk.baseURI", "resource://light_plugin_f6f079488b53499db99380a7e11a93f6-at-kaspersky-dot-com/"); user_pref("extensions.light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com.sdk.domain", "light_plugin_f6f079488b53499db99380a7e11a93f6-at-kaspersky-dot-com"); user_pref("extensions.light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com.sdk.load.reason", "startup"); user_pref("extensions.light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com.sdk.rootURI", "jar:file:///C:/Program%20Files%20(x86)/Kaspersky%20Lab/Kaspersky%20Anti-Virus%2017.0.0/FFExt/light_plugin_firefox/addon.xpi!/"); user_pref("extensions.light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com.sdk.version", "5.0.141-12-20170704091344"); user_pref("extensions.lilo.oldHomePage", "www.google.fr"); user_pref("extensions.lilo.oldNewTabPage", "about:newtab"); user_pref("extensions.malware-remediation.first-results", "{\"blocklistDisabled\":false,\"mainAddonActive\":null,\"mainAddonBlocked\":null,\"foundUserJS\":false,\"secmoddAddon\":null,\"hiddenAddons\":[],\"updateURLs\":{}}"); user_pref("extensions.malware-remediation.last-results", "{\"blocklistDisabled\":false,\"mainAddonActive\":null,\"mainAddonBlocked\":null,\"foundUserJS\":false,\"secmoddAddon\":null,\"hiddenAddons\":[],\"updateURLs\":{}}"); user_pref("extensions.malware-remediation.last-results-clean", true); user_pref("extensions.partnerdefaults.firstRunDate", "1475402392343"); user_pref("extensions.partnerdefaults.firstRunDone", true); user_pref("extensions.pendingOperations", false); user_pref("extensions.pocket.settings.signupAB", "storyboard_lm"); user_pref("extensions.pocket.settings.test.panelSignUp", "v1"); user_pref("extensions.pocket.settings.test.panelTab", "control"); user_pref("extensions.resurrect.target", "targetTab"); user_pref("extensions.shield-recipe-client.first_run", false); user_pref("extensions.shield-recipe-client.user_id", "bb900253-6876-4d01-918f-bf06d0f13ebe"); user_pref("extensions.shownSelectionUI", true); user_pref("extensions.systemAddonSet", "{\"schema\":1,\"addons\":{}}"); user_pref("extensions.ui.dictionary.hidden", false); user_pref("extensions.ui.experiment.hidden", true); user_pref("extensions.ui.lastCategory", "addons://list/extension"); user_pref("extensions.ui.locale.hidden", false); user_pref("extensions.webextensions.uuids", "{\"{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\":\"9f3d4183-53b4-4edd-ac90-d4783c38106d\",\"jid1-93CWPmRbVPjRQA@jetpack\":\"068d1d9d-aee2-495d-b4f1-1b073738e871\",\"{6AC85730-7D0F-4de0-B3FA-21142DD85326}\":\"8c060bfb-baa6-4703-9293-42100c101fff\",\"copyfish@a9t9.com\":\"785bdb37-3647-4600-968d-d02075a70d98\",\"firefox@ghostery.com\":\"30c42d2b-8f81-4851-87d3-806f7ae6af78\",\"jid1-Xo5SuA6qc1DFpw@jetpack\":\"d9ba8422-04e1-4eff-abc3-8b1c615b3e91\",\"languagetool-webextension@languagetool.org\":\"d5c6c8af-3918-48ef-abb9-fcdcec213edd\",\"screenshots@mozilla.org\":\"a2708d61-6bbd-4fb8-ae15-afbbe2dd5dca\",\"abs@avira.com\":\"ac2d0fdc-9db2-4a2a-9e97-f60af46fda7e\",\"{0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}\":\"e6e2524e-7453-4485-b11b-fc7fd462374c\",\"light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com\":\"ce3fad83-763b-44db-a778-4f85514171fd\"}"); [Profile0] - Name=default -> Profiles/d2eu4sra.default ---------- | DNS [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{3ba98cb0-7e31-4cd9-b99c-54efc1467651}] "DhcpNameServer"=212.27.40.240 212.27.40.241 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{3ba98cb0-7e31-4cd9-b99c-54efc1467651}] "DhcpNameServer"=212.27.40.240 212.27.40.241 ---------- | Applications [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\SOFTWARE\Classes\Applications\uTorrent.exe] : "C:\Users\ligma\AppData\Roaming\uTorrent\uTorrent.exe" "%1" /SHELLASSOC [HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 [HKLM\SOFTWARE\Classes\Applications\MovieMaker.exe] : "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\Classes\Applications\provtool.exe] : "%SystemRoot%\System32\provtool.exe" "%1" /source ShellOpen [HKLM\SOFTWARE\Classes\Applications\vlc.exe] : "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "%1" [HKLM\SOFTWARE\Classes\Applications\vmplayer.exe] : "C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\VSLauncher.exe] : "C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\VSLauncher.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\WLXPhotoViewer.dll] : "C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe" /LaunchPhotoViewer /v "%1" [HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\MovieMaker.exe] : "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\provtool.exe] : "%SystemRoot%\System32\provtool.exe" "%1" /source ShellOpen [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\vlc.exe] : "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\vmplayer.exe] : "C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\VSLauncher.exe] : "C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\VSLauncher.exe" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\WLXPhotoViewer.dll] : "C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe" /LaunchPhotoViewer /v "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" ---------- | SvcHost (Whitelist) [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost] "DcomLaunch"=Power LSM BrokerInfrastructure PlugPlay DcomLaunch DeviceInstall SystemEventsBroker "rdxgroup"=RetailDemo "Camera"=FrameS "diagnostics"=DiagSvc "PrintWorkflow"=PrintWorkflowUserSvc "DevicesFlow"=DevicesFlowUserSvc "GraphicsPerfSvcGroup"=GraphicsPerfSvc "smbsvcs"=lanmanserver browser "HPZ12"=Pml Driver HPZ12 Net Driver HPZ12 [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost] "DcomLaunch"=PlugPlay DcomLaunch DeviceInstall "PrintWorkflow"=PrintWorkflowUserSvc "smbsvcs"=lanmanserver ---------- | SvcHost - Netsvcs (Whitelist) ---------- | Software [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\4kdownload.com] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\7 Taskbar Tweaker] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\8floor] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\Acer] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\Adobe] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\Akeo Consulting] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\Antanda] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\Apowersoft] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\AppDataLow] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\AVAST Software] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\BitTorrent] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\Blackmagic Design] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\BugSplat] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\Bytescout] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\CamStudioOpenSource for Nick] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\Chromium] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\Clients] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\Cygnus Solutions] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\Dashlane_profiles] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\Ditto] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\Dolby] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\EaseUS] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\Elias Fotinis] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\ESET] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\famatech] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\g3n-h@ckm@n] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\Google] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\GPL Ghostscript] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\Harmony Hollow] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\Hewlett-Packard] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\HP] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\IM Providers] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\Intel] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\Intel Corporation] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\IObit] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\JavaSoft] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\KasperskyLab] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\LinuxLive] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\Local AppWizard-Generated Applications] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\Logitech] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\Macromedia] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\Malwarebytes] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\Michael Herf] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\Microsoft] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\Mozilla] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\MusicBrainz] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\Netscape] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\Neuber GbR] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\Northcode Inc] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\ODBC] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\OEM] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\Open Media LLC] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\Opera Software] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\Oracle] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\osu!] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\Partition Assistant] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\Piriform] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\Policies] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\ProtectedStorage] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\Python] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\QtProject] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\Realtek] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\RealVNC] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\RegisteredApplications] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\Safer Networking Limited] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\Samsung] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\SimonTatham] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\Skype] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\skypeapp-9ff674bc54eb] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\SyncEngines] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\sysinternals] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\TAGO-Solutions] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\TeamViewer] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\The Document Foundation] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\Trolltech] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\Unity] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\Unity Technologies] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\Valve] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\Vivaldi] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\VMware, Inc.] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\Win32DiskImager] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\WinRAR] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\WinRAR SFX] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\WixSharp] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\Wondershare] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\Wow6432Node] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\ZHP] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\SOFTWARE\AppDataLow\Software\Microsoft] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\Microsoft\Windows\CurrentVersion] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\Microsoft\Windows\DWM] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\Microsoft\Windows\PrivacySettingsBeforeCreatorsUpdate] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\Microsoft\Windows\Shell] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\Microsoft\Windows\TabletPC] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\Microsoft\Windows\Windows Error Reporting] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\Microsoft\Windows\Winlogon] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\acer] [HKLM\Software\adaware] [HKLM\Software\Artifex] [HKLM\Software\Atheros] [HKLM\Software\Blackmagic Design] [HKLM\Software\Clearfi] [HKLM\Software\Clients] [HKLM\Software\Dolby] [HKLM\Software\DTS] [HKLM\Software\FileZilla 3] [HKLM\Software\Fortemedia] [HKLM\Software\g3n-h@ckm@n] [HKLM\Software\Google] [HKLM\Software\GPL Ghostscript] [HKLM\Software\Hewlett-Packard] [HKLM\Software\IM Providers] [HKLM\Software\Intel] [HKLM\Software\IPS] [HKLM\Software\JavaSoft] [HKLM\Software\JreMetrics] [HKLM\Software\KasperskyLab] [HKLM\Software\Khronos] [HKLM\Software\Knowles] [HKLM\Software\Lavasoft] [HKLM\Software\Macromedia] [HKLM\Software\mcafeeupdater] [HKLM\Software\Microsoft] [HKLM\Software\Mozilla] [HKLM\Software\mozilla.org] [HKLM\Software\MozillaPlugins] [HKLM\Software\Nahimic] [HKLM\Software\Nuance] [HKLM\Software\ODBC] [HKLM\Software\OEM] [HKLM\Software\Opera Software] [HKLM\Software\Oracle] [HKLM\Software\Partner] [HKLM\Software\Piriform] [HKLM\Software\Policies] [HKLM\Software\Realtek] [HKLM\Software\RealVNC] [HKLM\Software\RegisteredApplications] [HKLM\Software\RTLSetup] [HKLM\Software\Safer Networking Limited] [HKLM\Software\SAMSUNG] [HKLM\Software\SimonTatham] [HKLM\Software\Software] [HKLM\Software\SonicFocus] [HKLM\Software\SoundResearch] [HKLM\Software\SRS Labs] [HKLM\Software\sysinternals] [HKLM\Software\VideoLAN] [HKLM\Software\VMware, Inc.] [HKLM\Software\Waves Audio] [HKLM\Software\WinRAR] [HKLM\Software\WOW6432Node] [HKLM\Software\Yamaha APO] [HKLM\Software\Microsoft\Windows\ClickNote] [HKLM\Software\Microsoft\Windows\CurrentVersion] [HKLM\Software\Microsoft\Windows\Dwm] [HKLM\Software\Microsoft\Windows\DynamicManagement] [HKLM\Software\Microsoft\Windows\EnterpriseResourceManager] [HKLM\Software\Microsoft\Windows\Heat] [HKLM\Software\Microsoft\Windows\HTML Help] [HKLM\Software\Microsoft\Windows\ITStorage] [HKLM\Software\Microsoft\Windows\PrivacySettingsBeforeCreatorsUpdate] [HKLM\Software\Microsoft\Windows\ScheduledDiagnostics] [HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\Microsoft\Windows\Shell] [HKLM\Software\Microsoft\Windows\Tablet PC] [HKLM\Software\Microsoft\Windows\TabletPC] [HKLM\Software\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\Microsoft\Windows\Windows Search] [HKLM\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\Camera] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\DevicesFlow] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\diagnostics] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\GraphicsPerfSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ICService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceHttp] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestrictedDhcpLmHosts] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetworkFirewall] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceDnsNla] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\print] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\PrintWorkflow] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\rdxgroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\RmSvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\UnistackSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\WepHostSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wsappx] [HKLM\Software\WOW6432Node\adaware] [HKLM\Software\WOW6432Node\Adobe] [HKLM\Software\WOW6432Node\AppDataLow] [HKLM\Software\WOW6432Node\ATHEROS] [HKLM\Software\WOW6432Node\Blackmagic Design] [HKLM\Software\WOW6432Node\Clearfi] [HKLM\Software\WOW6432Node\Cygnus Solutions] [HKLM\Software\WOW6432Node\DownloadHelper] [HKLM\Software\WOW6432Node\EaseUS] [HKLM\Software\WOW6432Node\Elias Fotinis] [HKLM\Software\WOW6432Node\Eset] [HKLM\Software\WOW6432Node\FileZilla 3] [HKLM\Software\WOW6432Node\FileZilla Client] [HKLM\Software\WOW6432Node\Florian Heidenreich] [HKLM\Software\WOW6432Node\Google] [HKLM\Software\WOW6432Node\Hewlett-Packard] [HKLM\Software\WOW6432Node\Hydrogen Developers] [HKLM\Software\WOW6432Node\IM Providers] [HKLM\Software\WOW6432Node\Insyde] [HKLM\Software\WOW6432Node\Intel] [HKLM\Software\WOW6432Node\IObit] [HKLM\Software\WOW6432Node\JavaSoft] [HKLM\Software\WOW6432Node\JreMetrics] [HKLM\Software\WOW6432Node\KasperskyLab] [HKLM\Software\WOW6432Node\Khronos] [HKLM\Software\WOW6432Node\Lavasoft] [HKLM\Software\WOW6432Node\LibreOffice] [HKLM\Software\WOW6432Node\LMMS Developers] [HKLM\Software\WOW6432Node\Macromedia] [HKLM\Software\WOW6432Node\McAfee] [HKLM\Software\WOW6432Node\McAfee.com] [HKLM\Software\WOW6432Node\mcafeeupdater] [HKLM\Software\WOW6432Node\Microsoft] [HKLM\Software\WOW6432Node\MimarSinan] [HKLM\Software\WOW6432Node\Mozilla] [HKLM\Software\WOW6432Node\mozilla.org] [HKLM\Software\WOW6432Node\MozillaPlugins] [HKLM\Software\WOW6432Node\MusicBrainz] [HKLM\Software\WOW6432Node\Notepad++] [HKLM\Software\WOW6432Node\Nuance] [HKLM\Software\WOW6432Node\ODBC] [HKLM\Software\WOW6432Node\OEM] [HKLM\Software\WOW6432Node\Oracle] [HKLM\Software\WOW6432Node\Piriform] [HKLM\Software\WOW6432Node\Python] [HKLM\Software\WOW6432Node\Qualcomm Atheros] [HKLM\Software\WOW6432Node\Rainmeter] [HKLM\Software\WOW6432Node\Realtek] [HKLM\Software\WOW6432Node\Realtek Semiconductor Corp.] [HKLM\Software\WOW6432Node\Riot Games] [HKLM\Software\WOW6432Node\Safer Networking Limited] [HKLM\Software\WOW6432Node\Skype] [HKLM\Software\WOW6432Node\SRS Labs] [HKLM\Software\WOW6432Node\Steinberg Media Technologies GmbH] [HKLM\Software\WOW6432Node\TeamViewer] [HKLM\Software\WOW6432Node\The Document Foundation] [HKLM\Software\WOW6432Node\ThinPrint] [HKLM\Software\WOW6432Node\TuxGuitar] [HKLM\Software\WOW6432Node\Valve] [HKLM\Software\WOW6432Node\Vivaldi] [HKLM\Software\WOW6432Node\VMware, Inc.] [HKLM\Software\WOW6432Node\WafCX] [HKLM\Software\WOW6432Node\WildTangent] [HKLM\Software\WOW6432Node\WinRAR] [HKLM\Software\WOW6432Node\Wondershare] [HKLM\Software\WOW6432Node\WOW6432Node] [HKLM\Software\WOW6432Node\Xamarin] [HKLM\Software\WOW6432Node\Clients] [HKLM\Software\WOW6432Node\Policies] [HKLM\Software\WOW6432Node\RegisteredApplications] [HKLM\Software\WOW6432Node\Microsoft\Windows\ClickNote] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows\Dwm] [HKLM\Software\WOW6432Node\Microsoft\Windows\EnterpriseResourceManager] [HKLM\Software\WOW6432Node\Microsoft\Windows\Heat] [HKLM\Software\WOW6432Node\Microsoft\Windows\HTML Help] [HKLM\Software\WOW6432Node\Microsoft\Windows\ITStorage] [HKLM\Software\WOW6432Node\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\WOW6432Node\Microsoft\Windows\Tablet PC] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceHttp] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestrictedDhcpLmHosts] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetworkFirewall] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceDnsNla] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\PrintWorkflow] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] ---------- | Drives D: ---------- | C: [02/10/2016 10:53:45] - |SHD| - [12654260388] - C:\$RECYCLE.BIN [25/08/2016 22:15:13] - |HD| - [181126930] - C:\$SysReset [MD5.E618F1ECC99FD89347702C3E00ED98EA] - [21/01/2018 09:06:50] - |H| - (.-.) - [1024] - (0.0.0.0) - C:\AMTAG.BIN [14/04/2018 14:54:31] - |SHD| - [122849176] - C:\Config.Msi [01/10/2016 14:22:32] - |SHD| - [0] - C:\Documents and Settings [MD5.D41D8CD98F00B204E9800998ECF8427E] - [30/10/2017 16:27:12] - |ASH| - (.-.) - [3392258048] - (0.0.0.0) - C:\hiberfil.sys [17/10/2016 18:13:47] - |D| - [203488667] - C:\HP_LaserJet_200_color_MFP_M276 [01/10/2016 14:10:49] - |HD| - [338661] - C:\Intel [02/10/2016 00:09:20] - |HD| - [305598536] - C:\OEM [MD5.D41D8CD98F00B204E9800998ECF8427E] - [11/04/2018 14:07:41] - |ASH| - (.-.) - [8321499136] - (0.0.0.0) - C:\pagefile.sys [29/09/2017 14:46:33] - |D| - [0] - C:\PerfLogs [29/09/2017 14:46:33] - |RD| - [8618902930] - C:\Program Files [29/09/2017 14:46:33] - |RD| - [19166754777] - C:\Program Files (x86) [29/09/2017 14:46:33] - |HD| - [4151728093] - C:\ProgramData [15/04/2018 17:59:19] - |D| - [68685] - C:\QuickDiag [MD5.062D7463CF824966D25840C9C014F2D9] - [15/04/2018 17:59:34] - |A| - (.-.) - [327071] - (0.0.0.0) - C:\QuickDiag.txt [01/04/2016 20:26:39] - |SHD| - [3340964875] - C:\Recovery [07/10/2016 15:23:16] - |D| - [11212286286] - C:\Riot Games [14/04/2018 15:49:17] - |RD| - [376210593] - C:\Sandbox [MD5.D41D8CD98F00B204E9800998ECF8427E] - [30/10/2017 16:23:19] - |ASH| - (.-.) - [16777216] - (0.0.0.0) - C:\swapfile.sys [15/06/2016 15:35:17] - |SHD| - [0] - C:\System Volume Information [29/09/2017 09:45:11] - |RD| - [64625611431] - C:\Users [29/09/2017 09:45:11] - |D| - [23432116787] - C:\Windows [28/12/2017 10:05:14] - |D| - [20044518] - C:\Windows10Upgrade ---------- | C:\WINDOWS [MD5.A486C15BA34B4C23677AA34F47CE2C0D] - [15/06/2016 16:14:38] - |A| - (.-.) - [1078] - (0.0.0.0) - C:\WINDOWS\ACU.ico [29/09/2017 14:46:33] - |D| - [802] - C:\WINDOWS\addins [29/09/2017 14:46:33] - |D| - [14548654] - C:\WINDOWS\appcompat [29/09/2017 14:46:33] - |D| - [8191022] - C:\WINDOWS\apppatch [29/09/2017 14:46:33] - |D| - [0] - C:\WINDOWS\AppReadiness [29/09/2017 14:46:33] - |RSD| - [1386397312] - C:\WINDOWS\assembly [29/09/2017 14:46:33] - |D| - [692493] - C:\WINDOWS\bcastdvr [MD5.55F49769891E4DC7CAB3E293E1238888] - [29/09/2017 14:41:23] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Utilitaire de service de fichier de démarrage.) - [65536] - (10.0.16299.15) - C:\WINDOWS\bfsvc.exe [29/09/2017 14:46:33] - |D| - [38262854] - C:\WINDOWS\Boot [MD5.B83C5AD71F722C47852E0E591E368E32] - [30/10/2017 16:24:10] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\WINDOWS\bootstat.dat [29/09/2017 14:46:33] - |D| - [2448464] - C:\WINDOWS\Branding [29/09/2017 14:37:01] - |D| - [0] - C:\WINDOWS\CbsTemp [MD5.7E37A05CFC82684B22252ED31D793744] - [16/06/2016 01:23:40] - |A| - (.-.) - [41] - (0.0.0.0) - C:\WINDOWS\ChangeLang_Done.tag [MD5.A155FFABF2F04265A97274CCAB44D773] - [30/09/2017 15:42:03] - |A| - (.-.) - [35138] - (0.0.0.0) - C:\WINDOWS\Core.xml [MD5.32FC1CBC59FD08B82D339232DEFEF39C] - [01/04/2016 21:23:19] - |A| - (.-.) - [10] - (0.0.0.0) - C:\WINDOWS\CSUP.txt [29/09/2017 14:46:33] - |D| - [16158062] - C:\WINDOWS\Cursors [29/09/2017 14:46:33] - |D| - [22059004] - C:\WINDOWS\debug [29/09/2017 14:46:33] - |D| - [1516] - C:\WINDOWS\DeliveryOptimization [MD5.99F5D5BBD351694638DF3C0CC4A919A3] - [30/10/2017 16:30:17] - |A| - (.-.) - [7623] - (0.0.0.0) - C:\WINDOWS\diagerr.xml [29/09/2017 14:46:33] - |D| - [4795199] - C:\WINDOWS\diagnostics [MD5.99F5D5BBD351694638DF3C0CC4A919A3] - [30/10/2017 16:30:17] - |A| - (.-.) - [7623] - (0.0.0.0) - C:\WINDOWS\diagwrn.xml [30/09/2017 15:40:03] - |D| - [0] - C:\WINDOWS\DigitalLocker [29/09/2017 14:46:33] - |SD| - [65] - C:\WINDOWS\Downloaded Program Files [29/09/2017 14:46:33] - |HD| - [44608] - C:\WINDOWS\ELAMBKUP [26/11/2017 10:16:57] - |D| - [116936] - C:\WINDOWS\en [30/09/2017 15:40:03] - |D| - [0] - C:\WINDOWS\en-US [MD5.A77D56422C38C1F8A00D95D2D5B1675E] - [15/02/2018 18:42:51] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [3904296] - (10.0.16299.248) - C:\WINDOWS\explorer.exe [29/09/2017 14:46:33] - |RSD| - [534740802] - C:\WINDOWS\Fonts [30/09/2017 15:40:03] - |D| - [109568] - C:\WINDOWS\fr-FR [29/09/2017 14:46:33] - |D| - [0] - C:\WINDOWS\GameBarPresenceWriter [29/09/2017 14:46:33] - |D| - [46685678] - C:\WINDOWS\Globalization [29/09/2017 14:46:33] - |D| - [941199] - C:\WINDOWS\Help [MD5.CDC3893777C157B13897B8A9144C1A39] - [29/09/2017 14:41:47] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Aide et support Microsoft.) - [976896] - (10.0.16299.15) - C:\WINDOWS\HelpPane.exe [MD5.620517DFE23E0DEB918F70538DF8AD67] - [29/09/2017 14:41:47] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Exécutable de l’aide HTML Microsoft®.) - [17920] - (10.0.16299.15) - C:\WINDOWS\hh.exe [MD5.D41D8CD98F00B204E9800998ECF8427E] - [07/10/2016 15:21:00] - |A| - (.-.) - [0] - (0.0.0.0) - C:\WINDOWS\HPMProp.INI [29/09/2017 14:46:33] - |D| - [173056880] - C:\WINDOWS\IME [29/09/2017 14:46:33] - |RD| - [7817000] - C:\WINDOWS\ImmersiveControlPanel [29/09/2017 14:44:34] - |D| - [58548949] - C:\WINDOWS\INF [29/09/2017 14:46:33] - |D| - [1739104371] - C:\WINDOWS\InfusedApps [29/09/2017 14:46:33] - |D| - [97870763] - C:\WINDOWS\InputMethod [29/09/2017 14:46:33] - |SHDC| - [2304765036] - C:\WINDOWS\Installer [29/09/2017 14:46:33] - |D| - [94163] - C:\WINDOWS\L2Schemas [29/09/2017 14:46:33] - |D| - [262144] - C:\WINDOWS\LiveKernelReports [29/09/2017 09:45:14] - |D| - [14899982] - C:\WINDOWS\Logs [MD5.BBF1106FEF85FD9049506FA8AD454D75] - [17/05/2016 23:49:10] - |A| - (.Copyright (C) 2003-2006, (?)???? - KTMusic Download ActiveX Module.) - [90112] - (1.7.2009.1116) - C:\WINDOWS\MAMCityDownload.ocx [MD5.F9FCD1220E1B880111258C03D1650994] - [17/05/2016 23:49:10] - |A| - (.Copyright 2004 - (?)???? ContentSAFER ?? ???.) - [330240] - (1.4.2012.508) - C:\WINDOWS\MASetupCaller.dll [29/09/2017 14:46:33] - |RSD| - [20501595] - C:\WINDOWS\media [MD5.23AF90D2355D8C83AA4567EF1763B467] - [29/09/2017 14:42:00] - |A| - (.-.) - [43131] - (0.0.0.0) - C:\WINDOWS\mib.bin [29/09/2017 14:46:33] - |RD| - [876111534] - C:\WINDOWS\Microsoft.NET [29/09/2017 14:46:33] - |D| - [2943] - C:\WINDOWS\Migration [03/12/2017 10:37:43] - |D| - [0] - C:\WINDOWS\Minidump [29/09/2017 14:46:33] - |D| - [0] - C:\WINDOWS\ModemLogs [MD5.35783FF1CCAB7CFBFE799EF8D6476C0D] - [17/05/2016 23:49:10] - |A| - (.Copyright (C) 2007 - NYEDownload MFC ?? ????.) - [30568] - (1.0.2007.927) - C:\WINDOWS\MusiccityDownload.exe [16/06/2016 01:19:54] - |D| - [18905202] - C:\WINDOWS\NAPP_Dism_Log [MD5.15750221BBFFA36C055D656C46899460] - [29/09/2017 14:41:38] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Bloc-notes.) - [246784] - (10.0.16299.15) - C:\WINDOWS\notepad.exe [30/09/2017 15:40:54] - |D| - [2575294] - C:\WINDOWS\OCR [02/10/2016 10:51:45] - |D| - [1260] - C:\WINDOWS\oem [29/09/2017 14:46:33] - |RD| - [65] - C:\WINDOWS\Offline Web Pages [30/10/2017 14:35:31] - |DC| - [62103] - C:\WINDOWS\Panther [29/09/2017 14:46:33] - |D| - [1052033] - C:\WINDOWS\Performance [MD5.5C41034DF4BF539985509B7DDC9706C2] - [16/02/2018 18:44:20] - |A| - (.-.) - [7574] - (0.0.0.0) - C:\WINDOWS\PFRO.log [29/09/2017 14:46:33] - |D| - [1136442] - C:\WINDOWS\PLA [29/09/2017 14:46:33] - |D| - [2764562] - C:\WINDOWS\PolicyDefinitions [30/10/2017 16:23:20] - |D| - [7544820] - C:\WINDOWS\Prefetch [29/09/2017 14:46:33] - |RD| - [2166035] - C:\WINDOWS\PrintDialog [29/09/2017 14:46:33] - |D| - [3771298] - C:\WINDOWS\Provisioning [08/10/2017 16:36:34] - |D| - [57344] - C:\WINDOWS\pss [MD5.459AD62300EAD93C4FF37E160A7F9685] - [21/03/2017 16:55:50] - |A| - (.Copyright © 2001-2016 Python Software Foundation. Copyright © 2000 BeOpen.com. Copyright © 1995-2001 CNRI. Copyright © 1991-1995 SMC. - Python.) - [889496] - (3.6.1150.1013) - C:\WINDOWS\py.exe [MD5.BBF75CEAC330CF2EF472FB46764DC1FF] - [04/03/2017 19:00:54] - |A| - (.Copyright © 2001-2016 Python Software Foundation. Copyright © 2000 BeOpen.com. Copyright © 1995-2001 CNRI. Copyright © 1991-1995 SMC. - Python.) - [55456] - (3.6.1121.1013) - C:\WINDOWS\pyshellext.amd64.dll [MD5.0D7C2B91D8AC19AA7427959E809C961C] - [21/03/2017 16:55:50] - |A| - (.Copyright © 2001-2016 Python Software Foundation. Copyright © 2000 BeOpen.com. Copyright © 1995-2001 CNRI. Copyright © 1991-1995 SMC. - Python.) - [890008] - (3.6.1150.1013) - C:\WINDOWS\pyw.exe [MD5.14A3681D6247758B1F4880022ABEE0D7] - [29/09/2017 14:41:58] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Éditeur du Registre.) - [335872] - (10.0.16299.15) - C:\WINDOWS\regedit.exe [29/09/2017 14:46:33] - |D| - [1141084] - C:\WINDOWS\Registration [29/09/2017 14:46:33] - |D| - [9154407] - C:\WINDOWS\rescache [29/09/2017 14:46:33] - |D| - [3623417] - C:\WINDOWS\Resources [MD5.C907881F207C3BC2BFA7005DDD8C81EF] - [15/06/2016 16:31:49] - |A| - (.Copyright (C) 2015 Realtek Semiconductor Corp. - RtlExUpd DLL for setup utility function.) - [2826832] - (1.0.6.6) - C:\WINDOWS\RtlExUpd.dll [MD5.718AAFDF89F10AD41F21D1E91E2139C5] - [14/04/2018 15:48:10] - |A| - (.-.) - [1684] - (0.0.0.0) - C:\WINDOWS\Sandboxie.ini [29/09/2017 14:46:33] - |D| - [0] - C:\WINDOWS\SchCache [29/09/2017 14:46:33] - |D| - [122082] - C:\WINDOWS\schemas [29/09/2017 14:46:33] - |D| - [8956368] - C:\WINDOWS\security [30/10/2017 16:19:00] - |D| - [71418535] - C:\WINDOWS\ServiceProfiles [29/09/2017 09:45:11] - |D| - [130686274] - C:\WINDOWS\servicing [29/09/2017 14:49:45] - |D| - [42] - C:\WINDOWS\Setup [MD5.F183701681D45C2DC7AE4F0AE6CBF02F] - [30/03/2018 19:55:57] - |A| - (.-.) - [695] - (0.0.0.0) - C:\WINDOWS\setupact.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - [30/03/2018 19:55:57] - |A| - (.-.) - [0] - (0.0.0.0) - C:\WINDOWS\setuperr.log [29/09/2017 14:46:33] - |D| - [53788160] - C:\WINDOWS\ShellExperiences [30/09/2017 15:40:41] - |D| - [3070736] - C:\WINDOWS\SKB [01/04/2016 20:55:41] - |D| - [477473453] - C:\WINDOWS\SoftwareDistribution [29/09/2017 14:46:33] - |D| - [86037185] - C:\WINDOWS\Speech [29/09/2017 14:46:33] - |D| - [61728519] - C:\WINDOWS\Speech_OneCore [MD5.B3FBABDA876CFA2B4695471D5348F59F] - [29/09/2017 14:42:06] - |A| - (.© Microsoft Corporation. - Print driver host for applications.) - [130560] - (10.0.16299.15) - C:\WINDOWS\splwow64.exe [MD5.C27F1EAE27B704D86873ADF7E944616D] - [18/12/2016 13:36:40] - |A| - (.-.) - [40] - (0.0.0.0) - C:\WINDOWS\spotify.preload [29/09/2017 14:46:33] - |D| - [31039] - C:\WINDOWS\System [MD5.286A9EDB379DC3423A528B0864A0F111] - [30/10/2015 08:24:29] - |A| - (.-.) - [219] - (0.0.0.0) - C:\WINDOWS\system.ini [29/09/2017 09:45:11] - |D| - [5973830019] - C:\WINDOWS\System32 [29/09/2017 14:46:34] - |D| - [199049856] - C:\WINDOWS\SystemApps [29/09/2017 14:46:34] - |D| - [24143418] - C:\WINDOWS\SystemResources [29/09/2017 09:45:15] - |D| - [1378795913] - C:\WINDOWS\SysWOW64 [29/09/2017 14:46:34] - |D| - [0] - C:\WINDOWS\TAPI [02/10/2016 00:03:21] - |D| - [220] - C:\WINDOWS\Tasks [29/09/2017 14:46:34] - |D| - [385903] - C:\WINDOWS\Temp [29/09/2017 14:46:34] - |D| - [13428736] - C:\WINDOWS\TextInput [29/09/2017 14:46:34] - |D| - [0] - C:\WINDOWS\tracing [29/09/2017 14:46:34] - |D| - [13256452] - C:\WINDOWS\twain_32 [MD5.F6C33A8A65C6AF007812EED398D783B2] - [29/09/2017 14:42:16] - |A| - (.- Gestionnaire de sources Twain_32 (Image Acquisition Interface).) - [65536] - (1.7.1.3) - C:\WINDOWS\twain_32.dll [29/09/2017 14:46:34] - |D| - [12420] - C:\WINDOWS\Vss [29/09/2017 14:46:34] - |D| - [26983002] - C:\WINDOWS\Web [MD5.60CDAF0811BF825164C0E246F4F5620D] - [30/10/2015 08:24:29] - |A| - (.-.) - [124] - (0.0.0.0) - C:\WINDOWS\win.ini [MD5.C844CA459F3B209329984772269B6E56] - [29/09/2017 14:41:58] - |RAH| - (.-.) - [670] - (0.0.0.0) - C:\WINDOWS\WindowsShell.Manifest [MD5.2CC83D93DD1DDE691158CF5E9882420B] - [19/12/2016 17:39:22] - |A| - (.-.) - [276] - (0.0.0.0) - C:\WINDOWS\WindowsUpdate.log [MD5.02BD03E57C66CB40AEDB7039E93E7CB0] - [29/09/2017 14:42:16] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Relais Windows Winhlp32.) - [11776] - (10.0.16299.15) - C:\WINDOWS\winhlp32.exe [MD5.0A34066D56D57C0DA73BFFC1E4169FF2] - [18/01/2018 20:42:00] - |A| - (.-.) - [85] - (0.0.0.0) - C:\WINDOWS\wininit.ini [29/09/2017 09:45:11] - |D| - [7474041856] - C:\WINDOWS\WinSxS [MD5.907AE50A03DEEC4CFFDC70EA3D5AD4D8] - [31/03/2014 21:34:22] - |A| - (.© 2012 Microsoft Corporation. - Photo Gallery Screen Saver.) - [322248] - (16.4.3528.331) - C:\WINDOWS\WLXPGSS.SCR [MD5.E7E4D8D7340DA6934B9EA81CBB21374C] - [29/09/2017 14:41:16] - |A| - (.-.) - [316640] - (0.0.0.0) - C:\WINDOWS\WMSysPr9.prx [MD5.0D5D4E344F5581C954355D7164DD4BE1] - [29/09/2017 14:41:38] - |A| - (.© Microsoft Corporation. - Windows Write.) - [11264] - (10.0.16299.15) - C:\WINDOWS\write.exe ---------- | C:\WINDOWS\System32\GroupPolicy [MD5.EF1671A462CA8515D9F173F0F5207622] - [20/01/2018 22:17:38] - |A| - (.-.) - [128] - (0.0.0.0) - C:\WINDOWS\System32\GroupPolicy\GPT.INI [20/01/2018 22:17:38] - |D| - [150] - C:\WINDOWS\System32\GroupPolicy\Machine [13/10/2017 15:44:09] - |D| - [0] - C:\WINDOWS\System32\GroupPolicy\User ---------- | Systemroot\System ---------- | Systemroot\Installer (Microsoft Files Whitelisted) [10/09/2012 07:49:12] - C:\WINDOWS\Installer\1039bab4.msi : (HP Unified IO - HP) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [10/09/2012 07:50:00] - C:\WINDOWS\Installer\1039bab9.msi : (HP Unified IO - HP) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [02/10/2016 15:38:46] - C:\WINDOWS\Installer\10b092a.msi : (Google Update Helper - Google Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [05/06/2013 15:14:58] - C:\WINDOWS\Installer\10ffbef3.msi : (HP Update - Hewlett-Packard) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [29/04/2014 06:37:32] - C:\WINDOWS\Installer\10ffbef8.msi : ( - ) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [29/04/2014 06:37:42] - C:\WINDOWS\Installer\10ffbefd.msi : ( - ) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [03/05/2012 04:04:10] - C:\WINDOWS\Installer\10ffbf02.msi : (hppM276LaserJetService - Hewlett-Packard) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [25/06/2014 06:32:52] - C:\WINDOWS\Installer\10ffbf07.msi : ( - ) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [15/09/2011 22:56:58] - C:\WINDOWS\Installer\10ffbf0c.msi : (HP Product FWUpdater - Hewlett-Packard Company) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [01/11/2011 18:36:34] - C:\WINDOWS\Installer\10ffbf11.msi : (HP LJ200 M276 HP Scan - Hewlett-Packard Co.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [20/08/2014 03:03:26] - C:\WINDOWS\Installer\10ffbf16.msi : (hpStatusAlerts - Hewlett Packard) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [22/05/2012 23:59:52] - C:\WINDOWS\Installer\10ffbf1c.msi : (hpStatusAlertsM276 - Hewlett-Packard) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [20/10/2014 05:48:58] - C:\WINDOWS\Installer\10ffbf23.msi : (HPLJUT - HP) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [16/09/2011 22:57:58] - C:\WINDOWS\Installer\10ffbf29.msi : (HPLJUTM276 - HP) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [04/11/2011 20:00:30] - C:\WINDOWS\Installer\10ffbf2e.msi : (HPDXP - HP) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [21/05/2014 19:52:40] - C:\WINDOWS\Installer\10ffbf33.msi : ( - HP) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [21/05/2014 19:52:46] - C:\WINDOWS\Installer\10ffbf38.msi : ( - HP) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [21/09/2011 22:50:56] - C:\WINDOWS\Installer\10ffbf3e.msi : (Learn more about the product and get help solving problems. - Hewlett-Packard) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [01/02/2016 10:09:04] - C:\WINDOWS\Installer\136aa.msi : (User Experience Improvement Program - Acer Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/01/2018 15:32:26] - C:\WINDOWS\Installer\1392a2.msi : (.. - Intel) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/01/2018 15:33:02] - C:\WINDOWS\Installer\1392ac.msi : (Intel(R) Driver & Support Assistant 3.1.2 - Intel) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [26/08/2016 08:41:42] - C:\WINDOWS\Installer\13d3a3c9.msi : (64 Bit HP CIO Components Installer Package - HP Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [07/10/2016 15:22:07] - C:\WINDOWS\Installer\13d3a3d6.msi : (League of Legends - Riot Games) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [01/10/2017 08:16:01] - C:\WINDOWS\Installer\145583.msi : (Volume Control - matt.malensek.net) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [11/04/2018 14:09:00] - C:\WINDOWS\Installer\16d04.msi : (Intel(R) Computing Improvement Program - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [13/01/2018 21:51:19] - C:\WINDOWS\Installer\1a92ae6a.msi : (VMware Player - VMware, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [08/09/2017 19:36:36] - C:\WINDOWS\Installer\1eccdef3.msi : (Scratch 2 - Massachusetts Institute of Technology) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [29/09/2017 16:20:21] - C:\WINDOWS\Installer\20bd6bfd.msi : (4K Video Downloader 4.3 Installer - Open Media LLC) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [21/03/2017 17:01:04] - C:\WINDOWS\Installer\22c8cd.msi : (Python 3.6.1 Core Interpreter (32-bit) - Python Software Foundation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [21/03/2017 17:01:30] - C:\WINDOWS\Installer\22c8d2.msi : (Python 3.6.1 Development Libraries (32-bit) - Python Software Foundation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [21/03/2017 17:01:46] - C:\WINDOWS\Installer\22c8d7.msi : (Python 3.6.1 Executables (32-bit) - Python Software Foundation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [21/03/2017 17:02:50] - C:\WINDOWS\Installer\22c8dc.msi : (Python 3.6.1 Standard Library (32-bit) - Python Software Foundation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [21/03/2017 17:05:32] - C:\WINDOWS\Installer\22c8e1.msi : (Python 3.6.1 Test Suite (32-bit) - Python Software Foundation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [21/03/2017 17:01:40] - C:\WINDOWS\Installer\22c8e6.msi : (Python 3.6.1 Documentation (32-bit) - Python Software Foundation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [21/03/2017 17:05:46] - C:\WINDOWS\Installer\22c8eb.msi : (Python 3.6.1 Utility Scripts (32-bit) - Python Software Foundation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [21/03/2017 17:04:22] - C:\WINDOWS\Installer\22c8f0.msi : (Python 3.6.1 Tcl/Tk Support (32-bit) - Python Software Foundation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [21/03/2017 17:00:56] - C:\WINDOWS\Installer\22c8f5.msi : (Python Launcher - Python Software Foundation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [21/03/2017 17:03:24] - C:\WINDOWS\Installer\22c8fa.msi : (Python 3.6.1 pip Bootstrap (32-bit) - Python Software Foundation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/09/2017 11:50:22] - C:\WINDOWS\Installer\24ec8913.msi : (The installer of ScreenToGif - Nicke Manarin) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/02/2018 09:38:36] - C:\WINDOWS\Installer\3601feb.msi : (Oracle VM VirtualBox 5.2.8 installation package - Oracle Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [05/04/2017 20:25:01] - C:\WINDOWS\Installer\36d128.msi : (Kaspersky Anti-Virus - Kaspersky Lab) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [05/04/2017 20:24:57] - C:\WINDOWS\Installer\36d12e.msi : (Kaspersky Secure Connection - Kaspersky Lab) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [26/02/2018 17:36:38] - C:\WINDOWS\Installer\40c2c99.msi : (Adobe ARM Installer - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [23/01/2018 19:32:33] - C:\WINDOWS\Installer\45b75.msi : (Adobe AIR Installer - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/09/2016 11:07:46] - C:\WINDOWS\Installer\51344.msi : ( - Acer) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [19/11/2017 13:43:45] - C:\WINDOWS\Installer\608f0b47.msi : (Google Update Helper - Google Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [25/12/2017 18:44:42] - C:\WINDOWS\Installer\6794cfd.msi : (PuTTY release 0.70 installer - Simon Tatham) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [16/02/2018 20:37:42] - C:\WINDOWS\Installer\690eaa.msi : (Blank Project Template - Samsung Electronics Co., Ltd.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [15/04/2018 10:44:03] - C:\WINDOWS\Installer\7fb1ff6.msi : (Skype - Skype Technologies S.A.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [21/03/2017 17:03:22] - C:\WINDOWS\Installer\88ed5c.msi : (Python 3.6.1 Add to Path (32-bit) - Python Software Foundation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [15/02/2016 09:03:44] - C:\WINDOWS\Installer\93bb.msi : (Acer Configuration Manager - Acer Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [26/12/2017 08:39:22] - C:\WINDOWS\Installer\97572f0.msi : (VNC Viewer 6.17.1113 - RealVNC Ltd) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [01/02/2018 11:42:20] - C:\WINDOWS\Installer\9a96931.msi : (DaVinci Resolve Panels - Blackmagic Design) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [01/03/2018 14:57:57] - C:\WINDOWS\Installer\9aa5c3b.msi : (Java SE Runtime Environment 8 Update 161 - Oracle Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [01/03/2018 14:57:50] - C:\WINDOWS\Installer\9aa5c40.msi : (Java Auto Updater - Oracle Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [20/01/2018 13:55:46] - C:\WINDOWS\Installer\9c2102.msi : (Java(TM) SE Runtime Environment 9.0.4 - Oracle Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [20/07/2015 04:49:26] - C:\WINDOWS\Installer\9cfe.msi : (Intel(R) Serial IO - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [20/01/2016 23:19:00] - C:\WINDOWS\Installer\9d30.msi : (Intel(R) ME UninstallLegacy - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [20/01/2016 23:19:56] - C:\WINDOWS\Installer\9d34.msi : (Intel(R) Management Engine Components - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [20/01/2016 23:20:10] - C:\WINDOWS\Installer\9d46.msi : (Intel(R) Management Engine Components - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [22/05/2015 15:27:22] - C:\WINDOWS\Installer\9d4a.msi : (Intel(R) Trusted Connect Service Client - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [02/12/2015 23:58:12] - C:\WINDOWS\Installer\9d4e.msi : (Intel® Security Assist - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [15/06/2016 16:26:47] - C:\WINDOWS\Installer\a4d0.msi : (Blank Project Template - InstallShield) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [15/06/2016 16:27:59] - C:\WINDOWS\Installer\a4e4.msi : (Blank Project Template - InstallShield) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/10/2015 18:43:34] - C:\WINDOWS\Installer\b09a.msi : (Intel(R) Chipset Device Software - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/03/2015 09:41:29] - C:\WINDOWS\Installer\b1759.msi : ( - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [11/10/2017 11:21:58] - C:\WINDOWS\Installer\d4d7a71.msi : (Gtk# for .Net 2.12.26 - Xamarin, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [24/03/2018 08:43:13] - C:\WINDOWS\Installer\e6c6efb.msi : (Backup and Sync from Google - Google, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [25/09/2015 00:37:42] - C:\WINDOWS\Installer\fd76.msi : (Dolby Audio X2 Windows API SDK - Dolby Laboratories, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/11/2015 12:34:46] - C:\WINDOWS\Installer\fd7b.msi : (Dolby Audio X2 Windows APP - Dolby Laboratories, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] ---------- | %System%\*.in* [11/07/2017 09:00:32] - [143] - C:\WINDOWS\System32\AddPort.ini [17/10/2016 21:51:28] - [242] - C:\WINDOWS\System32\hppfaxprinter5.ini [16/09/2009 10:44:52] - [3235] - C:\WINDOWS\System32\hptcpmon.ini [15/02/2018 18:42:12] - [3329] - C:\WINDOWS\System32\ieuinit.inf [30/10/2017 16:31:44] - [2105938] - C:\WINDOWS\System32\PerfStringBackup.INI [29/09/2017 14:41:57] - [60124] - C:\WINDOWS\System32\tcpmon.ini [29/09/2017 14:41:41] - [2307] - C:\WINDOWS\System32\WimBootCompress.ini [15/02/2018 18:42:11] - [3329] - C:\WINDOWS\Syswow64\ieuinit.inf [30/11/2017 21:08:20] - [2690212] - C:\WINDOWS\Syswow64\PerfStringBackup.INI [29/09/2017 14:42:13] - [2307] - C:\WINDOWS\Syswow64\WimBootCompress.ini ---------- | Listing no Microsoft signed files (Not necessary Malwares) | system32 | Syswow64 | General scan [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:33] - [0 Ko] - C:\WINDOWS\AppPatch\Custom\Custom64 [MD5.259E429BF11E30D88AD706DBD747711A] - |A| - [08/10/2017 16:36:35] - (.-.) - [28 Ko] - (0.0.0.0) - C:\WINDOWS\PSS\boot.backup [MD5.3526762E0E4DABF269C877EA96E90E3B] - |ASH| - [08/10/2017 16:36:35] - (.-.) - [28 Ko] - (0.0.0.0) - C:\WINDOWS\PSS\boot.backup.LOG [MD5.D41D8CD98F00B204E9800998ECF8427E] - |ASH| - [08/10/2017 16:36:35] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\PSS\boot.backup.LOG1 [MD5.D41D8CD98F00B204E9800998ECF8427E] - |ASH| - [08/10/2017 16:36:35] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\PSS\boot.backup.LOG2 [MD5.00000000000000000000000000000000] - |D| - [15/04/2018 18:06:28] - [0 Ko] - C:\WINDOWS\Temp\E2E26267-4B75-493B-9F5F-3F775B16A5DC-Sigs [MD5.BF619EAC0CDF3F68D496EA9344137E8B] - |AHT| - [11/04/2018 10:56:36] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_3BKO9vaFuo9bser [MD5.BF619EAC0CDF3F68D496EA9344137E8B] - |AHT| - [11/04/2018 14:07:58] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_4GxtjazKAwmyZcR [MD5.BF619EAC0CDF3F68D496EA9344137E8B] - |AHT| - [11/04/2018 14:46:13] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_5F3j2TZveVdZbBG [MD5.BF619EAC0CDF3F68D496EA9344137E8B] - |AHT| - [11/04/2018 13:53:16] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_Dh3mgUYVhmhmUSx [MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [13/04/2018 21:32:44] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_fCJOfIzkgbMH2dh [MD5.BF619EAC0CDF3F68D496EA9344137E8B] - |AHT| - [13/04/2018 21:32:44] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_FuLJSWr5Lq8EJI4 [MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [11/04/2018 14:07:58] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_kZHsTsKfNLNPoRh [MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [11/04/2018 10:56:36] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_rIh92zTRv4mmeZ3 [MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [11/04/2018 13:53:16] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_tlOkRtYbBa1cPB8 [MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [11/04/2018 14:46:13] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_XScQPaImgBHg1ee [MD5.921A75B08273C1686980E82DD02AFC99] - |A| - [11/04/2018 11:09:33] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\FailureReportMetadata_15238.txt [MD5.921A75B08273C1686980E82DD02AFC99] - |A| - [11/04/2018 16:45:10] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\FailureReportMetadata_15461.txt [MD5.921A75B08273C1686980E82DD02AFC99] - |A| - [11/04/2018 14:03:45] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\FailureReportMetadata_16602.txt [MD5.921A75B08273C1686980E82DD02AFC99] - |A| - [14/04/2018 12:40:41] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\FailureReportMetadata_27565.txt [MD5.F572B9EF9F2A2EC3A436F8B7A1CD977F] - |A| - [15/04/2018 17:59:00] - (.-.) - [10.69 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MpCmdRun.log [MD5.AC971EC429DCDF4669413AD75EA6EA36] - |A| - [15/04/2018 18:06:28] - (.-.) - [18.29 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MpSigStub.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [08/04/2018 11:12:06] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu50D7.tmp [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [08/04/2018 11:12:08] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu58E7.tmp [MD5.060F5C48AEB3BB2CF22C39772CAADD47] - |A| - [08/04/2018 11:12:08] - (.-.) - [112.08 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu5936.tmp [MD5.A8EEA1623257E5FA8D27149EDCA296A8] - |A| - [08/04/2018 11:12:08] - (.-.) - [13.03 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu5946.tmp [MD5.979D6375F11DB6CCB10323354F6C09D2] - |A| - [11/04/2018 16:39:04] - (.-.) - [216.88 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\vminst.log [MD5.00000000000000000000000000000000] - |D| - [19/01/2018 16:18:18] - [19.45 Ko] - C:\WINDOWS\Temp\vmware-Système [MD5.E5A6EEDB1CDA02E8F41F7C04F4FBDB44] - |A| - [09/04/2018 16:19:11] - (.-.) - [5.63 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WERCF33.tmp.WERInternalMetadata.xml [MD5.BC0F6124BD792AF86C4BDC83239E7BA2] - |A| - [01/04/2016 20:53:58] - (.-.) - [1.17 Ko] - (0.0.0.0) - C:\WINDOWS\System32\$Acer$.cmd [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:40:04] - [0 Ko] - C:\WINDOWS\System32\0409 [MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [29/09/2017 14:41:41] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@AudioToastIcon.png [MD5.8E4B25CC8E98F63DBD54176DFAB539E0] - |A| - [29/09/2017 14:41:27] - (.-.) - [0.44 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@BackgroundAccessToastIcon.png [MD5.3937359E324E15F6A7A7092D4DAEBD64] - |A| - [29/09/2017 14:41:47] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@bitlockertoastimage.png [MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [29/09/2017 14:41:33] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@EnrollmentToastIcon.png [MD5.C2A332DE50FE519DA21AFB8BD6E134F4] - |A| - [29/09/2017 14:41:50] - (.-.) - [0.55 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@language_notification_icon.png [MD5.A119D69B4C29845D3F8CE2E5638C8E65] - |A| - [29/09/2017 14:41:56] - (.-.) - [0.47 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@optionalfeatures.png [MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [29/09/2017 14:41:58] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@VpnToastIcon.png [MD5.7AC3EA1A5175106ED6467FF0C5315541] - |A| - [29/09/2017 14:42:07] - (.-.) - [14.75 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WiFiNotificationIcon.png [MD5.13EF2C8D799F7B6E9D8E3D6BACB9C779] - |A| - [29/09/2017 14:41:33] - (.-.) - [0.7 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsHelloFaceToastIcon.png [MD5.F553B252FEC3134D4F5303D9B25298B3] - |A| - [29/09/2017 14:41:12] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsUpdateToastIcon.contrast-black.png [MD5.DAD405CBDE259DE527EBF71BCC28099C] - |A| - [29/09/2017 14:41:12] - (.-.) - [0.79 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsUpdateToastIcon.contrast-white.png [MD5.F553B252FEC3134D4F5303D9B25298B3] - |A| - [29/09/2017 14:41:12] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsUpdateToastIcon.png [MD5.DB71001FC261F6685BE410527DAE3942] - |A| - [29/09/2017 14:41:41] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WirelessDisplayToast.png [MD5.D0FCF781D0801ABF5F74B54E98076A5B] - |A| - [29/09/2017 14:41:31] - (.-.) - [0.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WwanNotificationIcon.png [MD5.85D91E478AF18125007C531227FF6E59] - |A| - [29/09/2017 14:41:31] - (.-.) - [0.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WwanSimLockIcon.png [MD5.325DE898B8EB07BEC2FBE569C547DE81] - |A| - [15/06/2016 16:31:51] - (.-.) - [115.82 Ko] - (0.0.0.0) - C:\WINDOWS\System32\AcpiServiceVnA64.dll [MD5.0EE8F500355F9D50D2A42F410D0E8700] - |A| - [11/07/2017 09:00:32] - (.-.) - [0.14 Ko] - (0.0.0.0) - C:\WINDOWS\System32\AddPort.ini [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 09:45:14] - [2985.4 Ko] - C:\WINDOWS\System32\AdvancedInstallers [MD5.5CEA5B28B25D851186050FAB07F6946C] - |A| - [15/06/2016 16:31:51] - (.-.) - [102.84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\audioLibVc.dll [MD5.C03F0062C0749CDB59A4D60862C3E83E] - |A| - [29/09/2017 14:41:25] - (.-.) - [134.86 Ko] - (0.0.0.0) - C:\WINDOWS\System32\AverageRoom.bin [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [30 Ko] - C:\WINDOWS\System32\az-Latn-AZ [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [29.5 Ko] - C:\WINDOWS\System32\be-BY [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:33] - [287 Ko] - C:\WINDOWS\System32\bg-BG [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [28.5 Ko] - C:\WINDOWS\System32\bn-BD [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [29.5 Ko] - C:\WINDOWS\System32\bn-IN [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:33] - [4638.66 Ko] - C:\WINDOWS\System32\Boot [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [28.5 Ko] - C:\WINDOWS\System32\bs-Latn-BA [MD5.BC2D2E56F702422665853F409A9AB988] - |A| - [25/06/2016 23:57:00] - (.Qualcomm Atheros Communications Inc. - Qualcomm Atheros Bluetooth Driver Coinstaller.) - [194.53 Ko] - (1.0.0.0) - C:\WINDOWS\System32\btcoinst.dll [MD5.3B7D1F3F4E8C5374B8569D9F2A1D39CF] - |A| - [25/06/2016 23:57:00] - (.© Qualcomm Atheros, Inc. - Atheros Bluetooth Module.) - [195.53 Ko] - (8.0.1.302) - C:\WINDOWS\System32\BtContextMenu.dll [MD5.ACF278099C36903181E78DA91B044000] - |A| - [25/06/2016 23:57:00] - (.© Qualcomm Atheros, Inc. - Atheros Bluetooth Module.) - [28.03 Ko] - (8.0.1.302) - C:\WINDOWS\System32\BtContextMenu.dll.muien-US [MD5.5712256A8FAB555CC50AEAC2A899A17A] - |A| - [29/09/2017 14:41:41] - (.Copyright (C) 2008 - Gestionnaire de contexte pour réseau personnel Bluetooth.) - [180.5 Ko] - (1.0.0.1) - C:\WINDOWS\System32\BthpanContextHandler.dll [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:33] - [0.1 Ko] - C:\WINDOWS\System32\Bthprops [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [30.5 Ko] - C:\WINDOWS\System32\ca-ES [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [31 Ko] - C:\WINDOWS\System32\ca-ES-valencia [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 09:45:11] - [82018.57 Ko] - C:\WINDOWS\System32\CatRoot [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:33] - [34466.88 Ko] - C:\WINDOWS\System32\catroot2 [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [23 Ko] - C:\WINDOWS\System32\chr-CHER-US [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:33] - [4111.21 Ko] - C:\WINDOWS\System32\CodeIntegrity [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:33] - [358 Ko] - C:\WINDOWS\System32\com [MD5.8B520269BB4F2DB6BB2B2EAA2E3A8A29] - |A| - [15/06/2016 16:31:51] - (.2013 © Real Sound Lab SIA, iSoft Solutions - CONEQ™ Media Suite APO GUI Library.) - [119.45 Ko] - (1.0.0.4) - C:\WINDOWS\System32\CONEQMSAPOGUILibrary.dll [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 09:45:11] - [481174.58 Ko] - C:\WINDOWS\System32\config [MD5.00000000000000000000000000000000] - |SD| - [29/09/2017 14:46:33] - [53.11 Ko] - C:\WINDOWS\System32\Configuration [MD5.0E7CCD69215CA3615CDF824D81D82D1B] - |A| - [22/11/2016 20:48:20] - (.-.) - [547.13 Ko] - (0.0.0.0) - C:\WINDOWS\System32\cp_resources.bin [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:33] - [346 Ko] - C:\WINDOWS\System32\cs-CZ [MD5.D10541287D1619E9ADEFCE73255CAE26] - |A| - [15/06/2016 16:31:51] - (.©Conexant Systems Inc. - Conexant APO.) - [1564.41 Ko] - (1.31.0.0) - C:\WINDOWS\System32\CX64APO.dll [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [31.5 Ko] - C:\WINDOWS\System32\cy-GB [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:33] - [342 Ko] - C:\WINDOWS\System32\da-DK [MD5.ACAC0D435BC0ACAD92784D0668AC2D5E] - |A| - [29/09/2017 14:41:38] - (.-.) - [83 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DataStoreCacheDumpTool.exe [MD5.00000000000000000000000000000000] - |D| - [10/06/2017 11:31:18] - [5274.66 Ko] - C:\WINDOWS\System32\DAX2 [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:33] - [203.41 Ko] - C:\WINDOWS\System32\DDFs [MD5.A16CD5E833E0DBA49E0CA58024E7F773] - |A| - [15/06/2016 16:31:51] - (.©2014 Dolby Laboratories. - Dolby Digital Plus API x86.) - [266.33 Ko] - (7.6.5.1) - C:\WINDOWS\System32\DDPA64.dll [MD5.2D78F62E830F336972D75881D421A071] - |A| - [15/06/2016 16:31:51] - (.©2014 Dolby Laboratories. - Dolby Digital Plus API x86.) - [303.15 Ko] - (7.6.7.2) - C:\WINDOWS\System32\DDPA64F3.dll [MD5.FBB26D79C1C61FC22679DC8ECC2173A4] - |A| - [15/06/2016 16:31:51] - (.©2014 Dolby Laboratories. - Dolby Digital Plus COM DLL x86.) - [1919.74 Ko] - (7.6.5.1) - C:\WINDOWS\System32\DDPD64A.dll [MD5.927CB25F55F3ED98BE6F89C0EFEED621] - |A| - [15/06/2016 16:31:51] - (.©2014 Dolby Laboratories. - Dolby Digital Plus COM DLL x86.) - [1913.68 Ko] - (7.6.7.2) - C:\WINDOWS\System32\DDPD64AF3.dll [MD5.F7BE08482BA2E9B2B0229BF1209FFAF8] - |A| - [15/06/2016 16:31:51] - (.©2014 Dolby Laboratories. - Dolby Digital Plus APO x86.) - [319.78 Ko] - (7.6.5.1) - C:\WINDOWS\System32\DDPO64A.dll [MD5.1A7BB0E128B3916DD26FFA19DCC0D2B9] - |A| - [15/06/2016 16:31:51] - (.©2014 Dolby Laboratories. - Dolby Digital Plus APO x86.) - [353.57 Ko] - (7.6.7.2) - C:\WINDOWS\System32\DDPO64AF3.dll [MD5.231C8D8BFA1D62565319CD476868A41B] - |A| - [15/06/2016 16:31:51] - (.©2014 Dolby Laboratories. - Dolby DS1PC Control Panel x86.) - [6929.88 Ko] - (7.6.5.1) - C:\WINDOWS\System32\DDPP64A.dll [MD5.C143536AD21BCBD5F1E3E49F27D1A5CF] - |A| - [15/06/2016 16:31:51] - (.©2014 Dolby Laboratories. - Dolby DS1PC Control Panel x86.) - [6117.81 Ko] - (7.6.7.2) - C:\WINDOWS\System32\DDPP64AF3.dll [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:33] - [386 Ko] - C:\WINDOWS\System32\de-DE [MD5.C04ED7B2794D40E8E777FD44ED44FC50] - |A| - [29/09/2017 14:41:26] - (.-.) - [0.36 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultAccountTile.png [MD5.618BA9E529EAB7E11DBA43469481835F] - |A| - [29/09/2017 14:41:25] - (.-.) - [4128.04 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultHrtfs.bin [MD5.664AA698FC0106A2B075A641E8DC6302] - |A| - [29/09/2017 14:46:41] - (.-.) - [0.84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultQuestions.json [MD5.00000000000000000000000000000000] - |SD| - [29/09/2017 14:46:33] - [864.5 Ko] - C:\WINDOWS\System32\DiagSvcs [MD5.5FF3FA1BFBB0CD05534F650EA27A6651] - |A| - [29/09/2017 14:41:45] - (.-.) - [90.75 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DiskSnapshot.conf [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 09:45:13] - [8759.8 Ko] - C:\WINDOWS\System32\Dism [MD5.462321CE758F018AEAF724CDFCC18B31] - |A| - [04/08/2016 02:44:50] - (.-.) - [799.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DisplayAudiox64.cab [MD5.D173AA57EB3A4B0451C0F1CAB5ED19A2] - |A| - [15/06/2016 16:31:51] - (.© 2015 Dolby Laboratories, Inc. - Dolby DAX2 APO Property Page.) - [930.65 Ko] - (0.5.2.25) - C:\WINDOWS\System32\DolbyDAX2APOProp.dll [MD5.FA0F093CEA2F726F07B938D44436F755] - |A| - [15/06/2016 16:31:51] - (.© 2015 Dolby Laboratories, Inc. - Dolby DAX2 APO.) - [2380.02 Ko] - (0.5.2.25) - C:\WINDOWS\System32\DolbyDAX2APOv201.dll [MD5.32BABC7C3E34B4178613F279D55580FF] - |A| - [15/06/2016 16:31:51] - (.© 2015 Dolby Laboratories, Inc. - Dolby DAX2 APO.) - [5213.8 Ko] - (0.5.2.25) - C:\WINDOWS\System32\DolbyDAX2APOv211.dll [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 09:45:13] - [1127.34 Ko] - C:\WINDOWS\System32\downlevel [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:04] - [111961.56 Ko] - C:\WINDOWS\System32\drivers [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 09:45:11] - [1521470.98 Ko] - C:\WINDOWS\System32\DriverStore [MD5.00000000000000000000000000000000] - |DC| - [20/09/2017 13:29:00] - [1810.48 Ko] - C:\WINDOWS\System32\DRVSTORE [MD5.00000000000000000000000000000000] - |SD| - [29/09/2017 14:46:33] - [161.5 Ko] - C:\WINDOWS\System32\dsc [MD5.903EA24A765FBACC16EF331382AF2077] - |A| - [15/06/2016 16:31:51] - (.(c) DTS. - DTS Bass Enhancement COM DLL.) - [726.53 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSBassEnhancementDLL64.dll [MD5.F508AAE6695F06ADBB973B434AA3AC08] - |A| - [15/06/2016 16:31:51] - (.(c) DTS. - DTS Boost COM DLL.) - [1473.57 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSBoostDLL64.dll [MD5.30BC22EED501D087E59C30BADB97C606] - |A| - [15/06/2016 16:31:51] - (.(c) DTS. - DTS Gain Compensator COM DLL.) - [430.93 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSGainCompensatorDLL64.dll [MD5.BC61B8A36DD1D53B035FC012B4BE3241] - |A| - [15/06/2016 16:31:51] - (.(c) DTS. - DTS GFX APO.) - [247.95 Ko] - (1.0.0.3) - C:\WINDOWS\System32\DTSGFXAPO64.dll [MD5.F266B9CAF7905107E0293134A8A64DB8] - |A| - [15/06/2016 16:31:51] - (.(c) DTS. - DTS GFX APO.) - [246.95 Ko] - (1.0.0.3) - C:\WINDOWS\System32\DTSGFXAPONS64.dll [MD5.BCBF29C94C1AE3B96B0BA5BF7187C225] - |A| - [15/06/2016 16:31:51] - (.(c) DTS. - DTS LFX APO.) - [247.92 Ko] - (1.0.0.3) - C:\WINDOWS\System32\DTSLFXAPO64.dll [MD5.730F3F1F598AF93660E337C48258D044] - |A| - [15/06/2016 16:31:51] - (.(c) DTS. - DTS Limiter COM DLL.) - [434.97 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSLimiterDLL64.dll [MD5.406DF4F02FF16683BF91A9439A5E3260] - |A| - [15/06/2016 16:31:51] - (.(c) DTS. - DTS NEO:PC COM DLL.) - [492.49 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSNeoPCDLL64.dll [MD5.F8C96FEF49231DA2903EFB8EE52AFDCD] - |A| - [15/06/2016 16:31:51] - (.(c) DTS. - DTS Surround Sensation Headphone COM DLL.) - [1553.77 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSS2HeadphoneDLL64.dll [MD5.9F897990B6ED283985FEAEED745265F2] - |A| - [15/06/2016 16:31:51] - (.(c) DTS. - DTS Surround Sensation Speaker COM DLL.) - [1738.89 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSS2SpeakerDLL64.dll [MD5.04BEA6218D2A3D76EB8AC5F1C98C9DD2] - |A| - [15/06/2016 16:31:51] - (.(c) DTS. - DTS Symmetry COM DLL.) - [710.39 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSSymmetryDLL64.dll [MD5.2C6A7D6B7A348652AB42A636F4753682] - |A| - [15/06/2016 16:31:51] - (.(c) DTS. - DTS GFX APO.) - [488.83 Ko] - (2.1.1.0) - C:\WINDOWS\System32\DTSU2PGFX64.dll [MD5.A4AE1CB2CB36FC2A8EDFEA756A2D39B6] - |A| - [15/06/2016 16:31:51] - (.(c) DTS. - DTS LFX APO.) - [502.47 Ko] - (2.1.1.0) - C:\WINDOWS\System32\DTSU2PLFX64.dll [MD5.AB0EC2CBBE805A34A02B524F60F8E713] - |A| - [15/06/2016 16:31:51] - (.(c) DTS. - DTS LFX APO.) - [418.2 Ko] - (2.1.1.0) - C:\WINDOWS\System32\DTSU2PREC64.dll [MD5.2ACC64ED56959381F95D6889B58E09F1] - |A| - [15/06/2016 16:31:51] - (.(c) DTS. - DTS Voice Clarity COM DLL.) - [691.72 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSVoiceClarityDLL64.dll [MD5.DF84EB7B44D1414284BA384F0061D1DC] - |A| - [29/09/2017 14:41:25] - (.-.) - [728.08 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DynamicLong.bin [MD5.346870077DFD18867A9693C7A59AA3E6] - |A| - [29/09/2017 14:41:25] - (.-.) - [503.08 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DynamicMedium.bin [MD5.2BEC13D68312ADE8C0065D8BCC146D2F] - |A| - [29/09/2017 14:41:25] - (.-.) - [315.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DynamicShort.bin [MD5.4D1B8C9983D257EE86B6CC57C639E8E5] - |A| - [29/09/2017 14:41:12] - (.-.) - [3.38 Ko] - (0.0.0.0) - C:\WINDOWS\System32\edgehtmlpluginpolicy.bin [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:33] - [381.5 Ko] - C:\WINDOWS\System32\el-GR [MD5.B41D76502F449E359C65AFB9090146FF] - |A| - [01/10/2016 14:22:02] - (.-.) - [22.66 Ko] - (0.0.0.0) - C:\WINDOWS\System32\emptyregdb.dat [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:40:04] - [0 Ko] - C:\WINDOWS\System32\en [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:33] - [271 Ko] - C:\WINDOWS\System32\en-GB [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:33] - [2169.03 Ko] - C:\WINDOWS\System32\en-US [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:33] - [371.5 Ko] - C:\WINDOWS\System32\es-ES [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:33] - [298.5 Ko] - C:\WINDOWS\System32\es-MX [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:33] - [266.5 Ko] - C:\WINDOWS\System32\et-EE [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [29 Ko] - C:\WINDOWS\System32\eu-ES [MD5.00000000000000000000000000000000] - |SD| - [29/09/2017 14:46:33] - [28352.16 Ko] - C:\WINDOWS\System32\F12 [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [28.5 Ko] - C:\WINDOWS\System32\fa-IR [MD5.4C3F9C29272215D7C6D07D03BC30E877] - |A| - [19/11/2017 14:02:59] - (.-.) - [953 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FaceProcessor.dll [MD5.9100FDF61D7977FD2C2E1D62589171DC] - |A| - [19/11/2017 14:02:53] - (.-.) - [263.38 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FaceProcessorCore.dll [MD5.812CDFD967D2E82A3D24FCAA5784749D] - |A| - [29/09/2017 14:41:33] - (.-.) - [1325.65 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FaceTrackerInternal.dll [MD5.E65D2A37B6D4445D0CD9234BA933475B] - |A| - [15/02/2018 18:42:26] - (.-.) - [72.96 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FeatureToastHeroImg.jpg [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:33] - [346 Ko] - C:\WINDOWS\System32\fi-FI [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [32.5 Ko] - C:\WINDOWS\System32\fil-PH [MD5.F07652F063E822AF55BD3A0FAA414AC3] - |A| - [30/10/2017 16:23:20] - (.-.) - [582.32 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FNTCACHE.DAT [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:40:04] - [3403 Ko] - C:\WINDOWS\System32\fr [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:33] - [306.5 Ko] - C:\WINDOWS\System32\fr-CA [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:33] - [45047.1 Ko] - C:\WINDOWS\System32\fr-FR [MD5.D07F2281427BD098356EE74B6CB26B86] - |A| - [29/09/2017 14:42:03] - (.-.) - [89 Ko] - (0.0.0.0) - C:\WINDOWS\System32\gatherNetworkInfo.vbs [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [34 Ko] - C:\WINDOWS\System32\gd-GB [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [10/06/2017 11:31:05] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\System32\GfxValDisplayLog.bin [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [31 Ko] - C:\WINDOWS\System32\gl-ES [MD5.00000000000000000000000000000000] - |HD| - [30/10/2015 08:24:25] - [0.27 Ko] - C:\WINDOWS\System32\GroupPolicy [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 08:24:25] - [0 Ko] - C:\WINDOWS\System32\GroupPolicyUsers [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [29 Ko] - C:\WINDOWS\System32\gu-IN [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [29 Ko] - C:\WINDOWS\System32\ha-Latn-NG [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:33] - [284 Ko] - C:\WINDOWS\System32\he-IL [MD5.4CD16A9C15397E1FAD5F19E35A13BE58] - |A| - [29/09/2017 14:41:27] - (.-.) - [215.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeatCore.dll [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [29 Ko] - C:\WINDOWS\System32\hi-IN [MD5.286EC7F64DE211E62BB0D693163DA1D1] - |A| - [15/06/2016 16:31:52] - (.© 2015 Dolby Laboratories, Inc. - Dolby DAX2 HiFi API.) - [360.64 Ko] - (0.6.0.37) - C:\WINDOWS\System32\HiFiDAX2API.dll [MD5.ECECA57AA12F260AE72CDC4BF3A280F9] - |A| - [15/06/2016 03:36:14] - (.© Copyright 2015 HP Development Company, L.P. - Hp Missile API Module.) - [51 Ko] - (21.2.1.1544) - C:\WINDOWS\System32\hpbmiapi.dll [MD5.4B4B905FA2DC7D36FEA8E628CBCB968E] - |A| - [15/06/2016 03:36:14] - (.© Copyright 2015 HP Development Company, L.P. - hpboid Module.) - [51.5 Ko] - (21.2.1.1544) - C:\WINDOWS\System32\hpboid.dll [MD5.1DCF4D1A08C3F98B52838E98E17E2EC1] - |A| - [15/06/2016 03:36:14] - (.© Copyright 2015 HP Development Company, L.P. - hpboidPS Module.) - [12.5 Ko] - (21.2.1.1544) - C:\WINDOWS\System32\hpboidps.dll [MD5.D51930F90B7DD17B0A9DE05C946DC9E7] - |A| - [15/06/2016 03:36:14] - (.© Copyright 2015 HP Development Company, L.P. - hpbpro Module.) - [77 Ko] - (21.2.1.1544) - C:\WINDOWS\System32\hpbpro.dll [MD5.806B121FA1327BA1A41DB653B7C95C25] - |A| - [15/06/2016 03:36:14] - (.© Copyright 2015 HP Development Company, L.P. - Proxy stub dll for HPBPro Module.) - [13 Ko] - (21.2.1.1544) - C:\WINDOWS\System32\hpbprops.dll [MD5.8470BE97596BBADA1714D7140F1BD1FB] - |A| - [15/06/2016 03:35:06] - (.© Copyright 2015 HP Development Company, L.P. - WSDResolver Dynamic Link Library.) - [63.5 Ko] - (21.1.1.1544) - C:\WINDOWS\System32\HPBWSDR.DLL [MD5.80F84B6E094131354D9F284D271956A2] - |A| - [07/10/2016 15:19:50] - (.© Copyright 2009-2016 HPDC LP - Pipeline Manager.) - [173.91 Ko] - (0.3.63.1) - C:\WINDOWS\System32\hpcjpm.dll [MD5.0234BA9F8BCAC4FADF6E49F320E1B0C9] - |A| - [17/10/2016 18:39:50] - (.© Copyright 1997-2010 HPDC -.) - [304.5 Ko] - (0.3.1550.15301) - C:\WINDOWS\System32\hpcpn117.dll [MD5.974F8DC69D26009684E546ED371930D1] - |A| - [07/10/2016 15:19:50] - (.© Copyright 1997-2016 HPDC LP -.) - [473.41 Ko] - (0.3.1584.21178) - C:\WINDOWS\System32\hpcpn190.dll [MD5.2305CFC2189642F3721CE606F2B7761D] - |A| - [14/06/2016 03:17:52] - (. © Copyright 2015 HP Development Company, L.P. - bidichan.) - [176.5 Ko] - (2.5.4.1) - C:\WINDOWS\System32\hplbddrv.dll [MD5.3B7308E95112673AF5A271CFF96736EE] - |A| - [13/09/2016 09:39:06] - (.© Copyright 2007-2016 HPDC LP - hpmco190.dll.) - [141.45 Ko] - (0.3.1584.21178) - C:\WINDOWS\System32\hpmco190.dll [MD5.8900C8C4617EBFDF4F8B17B91E864459] - |A| - [07/10/2016 15:19:50] - (.© Copyright 2007, 2016 HPDC LP - hpmja190.dll.) - [236.23 Ko] - (0.3.1584.21178) - C:\WINDOWS\System32\hpmja190.dll [MD5.EAB183B913F8D6D35AE63227A1777F3A] - |A| - [07/10/2016 15:19:50] - (.© Copyright 1997-2016 HPDC LP - UPD Language Monitor.) - [303.23 Ko] - (0.3.265.0) - C:\WINDOWS\System32\hpmlm190.dll [MD5.0E5E23C8291C1FD73FC3158D7842403D] - |A| - [07/10/2016 15:19:50] - (.© Copyright 2007, 2016 HPDC LP - hpmml190.dll.) - [258.73 Ko] - (0.3.1584.21178) - C:\WINDOWS\System32\hpmml190.dll [MD5.B84A656659F53B95E55B0DD07F66AA53] - |A| - [07/10/2016 15:19:50] - (.© Copyright 2009-2016 HPDC LP - hpmpm081.dll.) - [224.41 Ko] - (0.3.1584.21178) - C:\WINDOWS\System32\hpmpm081.dll [MD5.8ACCD951F028A27215F0F3B10E90D65A] - |A| - [07/10/2016 15:19:50] - (.© Copyright 2009-2016 HPDC LP - hpmpw081.dll.) - [124.91 Ko] - (0.3.1584.21178) - C:\WINDOWS\System32\hpmpw081.dll [MD5.CFA2678A58B56935DDB412794D44CF15] - |A| - [07/10/2016 15:19:50] - (.© Copyright 2007, 2016 HPDC LP - hpmtp190.dll.) - [199.41 Ko] - (0.3.1584.21178) - C:\WINDOWS\System32\hpmtp190.dll [MD5.5B7759C0A7B6176B88C7F8AFC9B77462] - |A| - [17/10/2016 21:51:28] - (.-.) - [0.24 Ko] - (0.0.0.0) - C:\WINDOWS\System32\hppfaxprinter5.ini [MD5.593789385C1AC39E01C21C0CE8541A04] - |A| - [17/10/2016 21:51:29] - (.- port monitor.) - [27.05 Ko] - (5.0.7.20) - C:\WINDOWS\System32\hppfaxprintermon5.dll [MD5.30A933B9564C7B090F349C6E2F1F6DB8] - |A| - [17/10/2016 21:51:29] - (.- port monitor UI.) - [21.55 Ko] - (5.0.7.20) - C:\WINDOWS\System32\hppfaxprintermonui5.dll [MD5.A93573055D33BE69F55F168597E1D767] - |A| - [16/09/2009 10:44:52] - (.-.) - [3.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\hptcpmon.ini [MD5.7E767EFA89DF9466E7CBDB14F5EA2C93] - |A| - [17/10/2016 18:14:02] - (.(c) Copyright 2015 HP Development Company, L.P. - HP WIA 2.0 scanner driver.) - [571.01 Ko] - (36.0.75.24896) - C:\WINDOWS\System32\hpwia2_lj276.dll [MD5.C46E763A298D45FAA425F2465A0410F3] - |A| - [15/06/2016 03:36:20] - (.© Copyright 2015 HP Development Company, L.P. - IEEE-1284.4-1999 Run-time library (kernel).) - [65.5 Ko] - (21.2.1.1544) - C:\WINDOWS\System32\HPZidr12.dll [MD5.07B1F9832B37BA89A656956D04ED0662] - |A| - [15/06/2016 03:36:20] - (.© Copyright 2015 HP Development Company, L.P. - Dot4Net Module.) - [49.5 Ko] - (21.2.1.1544) - C:\WINDOWS\System32\HPZinw12.dll [MD5.91675C437BE3939B3E61ED3102246C81] - |A| - [15/06/2016 03:36:20] - (.© Copyright 2015 HP Development Company, L.P. - PmlDrv Module.) - [64.5 Ko] - (21.2.1.1544) - C:\WINDOWS\System32\HPZipm12.dll [MD5.B878265AE47F3E5A384389FDF37C0BAB] - |A| - [15/06/2016 03:36:20] - (.© Copyright 2015 HP Development Company, L.P. - PML Run-time library.) - [46 Ko] - (21.2.1.1544) - C:\WINDOWS\System32\HPZipr12.dll [MD5.9A5066D46475AAA9EBD1F6D5A0D0E887] - |A| - [15/06/2016 03:36:20] - (.© Copyright 2015 HP Development Company, L.P. - SNMP Network Interface (Windows).) - [37.5 Ko] - (21.2.1.1544) - C:\WINDOWS\System32\hpzipt12.dll [MD5.305A63BA6811F0C1398A67F3B533F66A] - |A| - [15/06/2016 03:36:20] - (.© Copyright 2015 HP Development Company, L.P. - SNMP Network Interface (Windows).) - [23.5 Ko] - (21.2.1.1544) - C:\WINDOWS\System32\hpzisn12.dll [MD5.EAE1BC3F0A324751E87A3FE32BCF4A08] - |A| - [16/09/2009 10:44:42] - (.Copyright © 2003-2005 - HP Rediscovery Library.) - [129 Ko] - (2.2.0.3) - C:\WINDOWS\System32\hpzjrd01.dll [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:33] - [278 Ko] - C:\WINDOWS\System32\hr-HR [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:33] - [352.5 Ko] - C:\WINDOWS\System32\hu-HU [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [27.5 Ko] - C:\WINDOWS\System32\hy-AM [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:33] - [124.21 Ko] - C:\WINDOWS\System32\hydrogen [MD5.A565537F1580872AE5B95D0CA457D780] - |A| - [29/09/2017 14:41:23] - (.-.) - [44.4 Ko] - (0.0.0.0) - C:\WINDOWS\System32\hypervisor.mof [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:33] - [5.36 Ko] - C:\WINDOWS\System32\ias [MD5.02FBE751A877A43C00C0D0FD58FD714A] - |A| - [15/06/2016 16:31:52] - (.Copyright (c) 2015, ICEpower a/s - ICEpower ICEsound audio effects.) - [459.29 Ko] - (1.0.0.18) - C:\WINDOWS\System32\ICEsoundAPO64.dll [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:33] - [36.27 Ko] - C:\WINDOWS\System32\icsxml [MD5.FC7A71725A4887AD88FB4A0B764FFBF4] - |RA| - [29/09/2017 14:41:30] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU I18N DLL.) - [1856 Ko] - (59.1.0.0) - C:\WINDOWS\System32\icuin.dll [MD5.FB96578635DB1CFC08871A599539349E] - |RA| - [29/09/2017 14:41:30] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Common DLL.) - [1309.5 Ko] - (59.1.0.0) - C:\WINDOWS\System32\icuuc.dll [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [28.5 Ko] - C:\WINDOWS\System32\id-ID [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [27 Ko] - C:\WINDOWS\System32\ig-NG [MD5.7BDA75A7AF11283ABB377A06510CBA37] - |A| - [23/11/2016 01:59:22] - (.-.) - [265.01 Ko] - (0.0.0.0) - C:\WINDOWS\System32\igfxCPL.cpl [MD5.19C3C8394B1A8EBE7CF61A8C0221C024] - |A| - [29/09/2017 14:41:25] - (.-.) - [168.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\IHDS.dll [MD5.00000000000000000000000000000000] - |D| - [15/06/2016 16:26:47] - [2848.42 Ko] - C:\WINDOWS\System32\ihvmanager [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:33] - [24877.17 Ko] - C:\WINDOWS\System32\IME [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:33] - [0 Ko] - C:\WINDOWS\System32\inetsrv [MD5.B98C0E77C3C1034303C20843DE05455E] - |A| - [29/09/2017 14:41:31] - (.-.) - [180.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\InputHost.dll [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:33] - [6389.5 Ko] - C:\WINDOWS\System32\InputMethod [MD5.BAB1515ECA97F941DDB545CD5760FBF2] - |A| - [23/11/2016 02:02:12] - (.Copyright © The Khronos Group Inc 2014 - OpenCL Client DLL.) - [111 Ko] - (2.1.0.0) - C:\WINDOWS\System32\Intel_OpenCL_ICD64.dll [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:33] - [0 Ko] - C:\WINDOWS\System32\Ipmi [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [29 Ko] - C:\WINDOWS\System32\is-IS [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:33] - [371.5 Ko] - C:\WINDOWS\System32\it-IT [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:33] - [270.91 Ko] - C:\WINDOWS\System32\ja-jp [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [28.5 Ko] - C:\WINDOWS\System32\ka-GE [MD5.054435ED1411FB2B13686728132C2FB1] - |A| - [15/06/2016 16:31:52] - (.© Knowles Electronics. - Knowles HD Audio APO.) - [603.7 Ko] - (4.1105.6000.53) - C:\WINDOWS\System32\KAAPORT64.dll [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [28.5 Ko] - C:\WINDOWS\System32\kk-KZ [MD5.48BA9C6110A5EBA910E7FB2E7D23CFC1] - |A| - [05/04/2017 20:25:34] - (.Copyright © Kaspersky Lab ZAO 1996-2012. - Filtering Platform Helper Class.) - [107.59 Ko] - (1.0.0.12) - C:\WINDOWS\System32\klfphc.dll [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [28 Ko] - C:\WINDOWS\System32\km-KH [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [31.5 Ko] - C:\WINDOWS\System32\kn-IN [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:33] - [262 Ko] - C:\WINDOWS\System32\ko-KR [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [29 Ko] - C:\WINDOWS\System32\kok-IN [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [29.5 Ko] - C:\WINDOWS\System32\ku-Arab-IQ [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [30 Ko] - C:\WINDOWS\System32\ky-KG [MD5.F0CC83E1BA7E24F9B3292160C28AECD7] - |A| - [29/09/2017 14:41:25] - (.-.) - [145.56 Ko] - (0.0.0.0) - C:\WINDOWS\System32\LargeRoom.bin [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [33 Ko] - C:\WINDOWS\System32\lb-LU [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:33] - [212.14 Ko] - C:\WINDOWS\System32\Licenses [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [27 Ko] - C:\WINDOWS\System32\lo-LA [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:33] - [13370.1 Ko] - C:\WINDOWS\System32\LogFiles [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:33] - [274.5 Ko] - C:\WINDOWS\System32\lt-LT [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:33] - [276 Ko] - C:\WINDOWS\System32\lv-LV [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:33] - [91116.18 Ko] - C:\WINDOWS\System32\Macromed [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [32.68 Ko] - C:\WINDOWS\System32\MailContactsCalendarSync [MD5.0AF60FE617C0D28E770FB505DE2482E6] - |A| - [15/06/2016 16:31:52] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [322.82 Ko] - (2.2.9.0) - C:\WINDOWS\System32\MaxxAudioAPO20.dll [MD5.1E46F63217992783184A73859E92FFC3] - |A| - [15/06/2016 16:31:52] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [662.3 Ko] - (3.6.0.0) - C:\WINDOWS\System32\MaxxAudioAPO30.dll [MD5.DB9E55B3478281B120AAF65FDF9956D2] - |A| - [15/06/2016 16:31:52] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [1137.05 Ko] - (4.5.8.0) - C:\WINDOWS\System32\MaxxAudioAPO4064.dll [MD5.1EFEAAA79CC74DFF99269196233AFFEB] - |A| - [15/06/2016 16:31:52] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [1183.44 Ko] - (5.6.5.0) - C:\WINDOWS\System32\MaxxAudioAPO5064.dll [MD5.C567F90BEE2601CBCEB2C9CD4DA4B961] - |A| - [15/06/2016 16:31:52] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [1387.8 Ko] - (6.1.17.0) - C:\WINDOWS\System32\MaxxAudioAPO6064.dll [MD5.ABFD1CB9D2DE1F373250BD3F31BE0AB4] - |A| - [15/06/2016 16:31:52] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [2757.11 Ko] - (7.0.10.0) - C:\WINDOWS\System32\MaxxAudioAPO7064.dll [MD5.C0D7D6B6BA2C1B54DA45086EFA214BAD] - |A| - [15/06/2016 16:31:52] - (.Copyright (C) 2010-2013 - MaxxAudio APO Shell.) - [909.79 Ko] - (4.10.8.0) - C:\WINDOWS\System32\MaxxAudioAPOShell64.dll [MD5.F867DC9658E1AF6C5ECD6B9B5F886E7C] - |A| - [15/06/2016 16:31:52] - (.Copyright © 1996-2014 -.) - [2002.13 Ko] - (4.1.1.0) - C:\WINDOWS\System32\MaxxAudioEQ64.dll [MD5.6A82B81F12C0A90665C4B2F30A9B84E5] - |A| - [15/06/2016 16:31:52] - (.Copyright © 1996-2013 -.) - [13727.79 Ko] - (4.4.10.0) - C:\WINDOWS\System32\MaxxAudioRealtek64.dll [MD5.B0ED7002C8CA692708EF0425CF04A7D5] - |A| - [15/06/2016 16:31:52] - (.© Waves Audio Ltd. - MaxxSpeech APO.) - [1303.11 Ko] - (1.1.4.0) - C:\WINDOWS\System32\MaxxSpeechAPO64.dll [MD5.4FFBD90C4624636ADC3D85DEF014D291] - |A| - [15/06/2016 16:31:52] - (.© Waves Audio Ltd. - MaxxVoice APO.) - [974.64 Ko] - (2.6.2.0) - C:\WINDOWS\System32\MaxxVoiceAPO2064.dll [MD5.E146329AC2A66061E102BB5A444504CD] - |A| - [15/06/2016 16:31:52] - (.© Waves Audio Ltd. - MaxxVoice APO.) - [12813.24 Ko] - (3.1.14.0) - C:\WINDOWS\System32\MaxxVoiceAPO3064.dll [MD5.205023DDFE94D5A5004B87F4B73ECEF2] - |A| - [15/06/2016 16:31:52] - (.© Waves Audio Ltd. - MaxxVoice APO.) - [12682.16 Ko] - (4.0.19.0) - C:\WINDOWS\System32\MaxxVoiceAPO4064.dll [MD5.761963229240C4691DA7D89A5E70EEAB] - |A| - [15/06/2016 16:31:52] - (.© Waves Audio Ltd. - MaxxVolumeSD APO.) - [661.79 Ko] - (3.6.0.0) - C:\WINDOWS\System32\MaxxVolumeSDAPO.dll [MD5.B209D959831AEF092817ECF8756F71B3] - |A| - [29/09/2017 14:41:58] - (.-.) - [776 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MBR2GPT.EXE [MD5.69D04DE701CF1E8CE69C65D1671D2B3F] - |A| - [29/09/2017 14:41:25] - (.-.) - [107.46 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediumRoom.bin [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [29 Ko] - C:\WINDOWS\System32\mi-NZ [MD5.00000000000000000000000000000000] - |D| - [30/10/2017 16:19:00] - [1111.36 Ko] - C:\WINDOWS\System32\Microsoft [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:33] - [5611.63 Ko] - C:\WINDOWS\System32\migration [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:33] - [47086.6 Ko] - C:\WINDOWS\System32\migwiz [MD5.7B86A00C0AFF5A65BF3A3EC7004F9DAE] - |A| - [15/06/2016 16:31:53] - (.Copyright © 2013 Nahimic Inc. All rights reserved - Nahimic APO lfx dll.) - [5165.97 Ko] - (6.3.9600.17231) - C:\WINDOWS\System32\NAHIMICAPOlfx.dll [MD5.4B00BDA1D99B95F07F52F4472E0D040E] - |A| - [15/06/2016 16:31:53] - (.Copyright © 2013 Nahimic Inc. All rights reserved - Nahimic APO Settings Communication Dll.) - [980.34 Ko] - (1.0.0.14866) - C:\WINDOWS\System32\NahimicAPONSControl.dll [MD5.50940F0C43912D86014D5C6979B8A69E] - |A| - [15/06/2016 16:31:53] - (.Copyright © 2013 Nahimic Inc. All rights reserved - Nahimic APO lfx dll.) - [5641.3 Ko] - (6.3.9600.16384) - C:\WINDOWS\System32\NAHIMICV2apo.dll [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [334 Ko] - C:\WINDOWS\System32\nb-NO [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [1344 Ko] - C:\WINDOWS\System32\NDF [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [31.5 Ko] - C:\WINDOWS\System32\ne-NP [MD5.9A775213E17E83D30CE4BC2E969B3054] - |A| - [10/06/2017 11:30:31] - (.-.) - [112.08 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NetSetupMig.log [MD5.C146E873B22C3B300B21A859FE66C27A] - |A| - [29/09/2017 14:42:03] - (.-.) - [21.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NetTrace.PLA.Diagnostics.xml [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [51 Ko] - C:\WINDOWS\System32\networklist [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [359.5 Ko] - C:\WINDOWS\System32\nl-NL [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [28.5 Ko] - C:\WINDOWS\System32\nn-NO [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [30.5 Ko] - C:\WINDOWS\System32\nso-ZA [MD5.00000000000000000000000000000000] - |SD| - [29/09/2017 14:46:34] - [3781.5 Ko] - C:\WINDOWS\System32\Nui [MD5.00000000000000000000000000000000] - |D| - [15/06/2016 16:41:42] - [0.25 Ko] - C:\WINDOWS\System32\OEM [MD5.5D4A5E27D573738E0C8C8FF4C0715DAF] - |A| - [29/09/2017 14:46:43] - (.-.) - [17.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OEMDefaultAssociations.xml [MD5.F3DC097E834C1A11F2BEDFD429C644A9] - |A| - [29/09/2017 14:41:12] - (.-.) - [0.41 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.contrast-black.png [MD5.BFE1CCA08FEFC8A3422F7DA615567D75] - |A| - [29/09/2017 14:41:12] - (.-.) - [0.43 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.contrast-white.png [MD5.F3DC097E834C1A11F2BEDFD429C644A9] - |A| - [29/09/2017 14:41:12] - (.-.) - [0.41 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.png [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [37700.23 Ko] - C:\WINDOWS\System32\oobe [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [32.5 Ko] - C:\WINDOWS\System32\or-IN [MD5.459FB33AA2114A28C5932FEAA115B072] - |A| - [29/09/2017 14:41:25] - (.-.) - [45.82 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OutdoorAudioEnvironment.bin [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [28.5 Ko] - C:\WINDOWS\System32\pa-Arab-PK [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [30 Ko] - C:\WINDOWS\System32\pa-IN [MD5.A47D45E216C90F0E2E4F964D4FC13B8D] - |A| - [29/09/2017 14:48:30] - (.-.) - [197.23 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc009.dat [MD5.C84DF8FEBF1A40C61CD11E88519921E5] - |A| - [30/09/2017 15:40:07] - (.-.) - [207.73 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc00C.dat [MD5.1E60BC5E525063B96078DF17FBD3C4E1] - |A| - [29/09/2017 14:48:30] - (.-.) - [32.64 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd009.dat [MD5.9F9AF8517189B0D61B2615007E071084] - |A| - [30/09/2017 15:40:07] - (.-.) - [39.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd00C.dat [MD5.F036C674BBB7136834C4ED2A6C460D10] - |A| - [29/09/2017 14:48:30] - (.-.) - [712.87 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh009.dat [MD5.759E45746614DAB023E35AD12EDE36ED] - |A| - [30/09/2017 15:40:07] - (.-.) - [937.42 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh00C.dat [MD5.603A5B914D3DAEF1196C33920E460565] - |A| - [30/10/2017 16:31:44] - (.-.) - [2056.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PerfStringBackup.INI [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [358.5 Ko] - C:\WINDOWS\System32\pl-PL [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [673 Ko] - C:\WINDOWS\System32\PointOfService [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:40:05] - [420.42 Ko] - C:\WINDOWS\System32\Printing_Admin_Scripts [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [0 Ko] - C:\WINDOWS\System32\ProximityToast [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [30.5 Ko] - C:\WINDOWS\System32\prs-AF [MD5.007893E8374C766471239EB291BA8C17] - |A| - [29/09/2017 14:42:04] - (.-.) - [4.05 Ko] - (0.0.0.0) - C:\WINDOWS\System32\psmodulediscoveryprovider.mof [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [359.5 Ko] - C:\WINDOWS\System32\pt-BR [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [355 Ko] - C:\WINDOWS\System32\pt-PT [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [32.5 Ko] - C:\WINDOWS\System32\quc-Latn-GT [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [30.5 Ko] - C:\WINDOWS\System32\quz-PE [MD5.0F80E4E02F72E8A1AE5980979114C829] - |A| - [15/06/2016 16:31:53] - (.©2012 Dolby Laboratories. - Dolby PCEE4 ASL Analog x64.) - [131.06 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EEA64A.dll [MD5.53E61E93FC14D4BDAA8C6EBD5FA660E3] - |A| - [15/06/2016 16:31:53] - (.©2012 Dolby Laboratories. - Dolby PCEE4 COM DLL x64.) - [437.23 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EED64A.dll [MD5.FEA66F72C5831DE95BBF8B0E044E307C] - |A| - [15/06/2016 16:31:53] - (.©2012 Dolby Laboratories. - Dolby PCEE4 GFX APO x64.) - [82.64 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EEG64A.dll [MD5.2EA42ADDD36ECDEC3C46B31FC3DA1E03] - |A| - [15/06/2016 16:31:53] - (.©2012 Dolby Laboratories. - Dolby PCEE4 LFX APO x64.) - [148.23 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EEL64A.dll [MD5.E29E71C7EF2240263C0170AD74EB0BB3] - |A| - [15/06/2016 16:31:53] - (.©2012 Dolby Laboratories. - Dolby PCEE4 Control Panel x64.) - [7004.8 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EEP64A.dll [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [23.75 Ko] - C:\WINDOWS\System32\ras [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [0 Ko] - C:\WINDOWS\System32\RasToast [MD5.692DC6EF573FFCDD9DFB55D1C783DB93] - |A| - [29/09/2017 14:41:23] - (.-.) - [0.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\removehypervisor.mof [MD5.E17EAD4E09FB96BD6DB717CB605B17F1] - |A| - [29/09/2017 14:42:06] - (.-.) - [8.86 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriHMImageList [MD5.8286304CD9A20E2A4621D931F1CEF5CB] - |A| - [29/09/2017 14:42:06] - (.-.) - [8.28 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriImageList [MD5.831C579709F4761E4AB7053FCF4176EC] - |A| - [29/09/2017 14:41:12] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.contrast-black.png [MD5.DF286186041C6BF73C5DC21CEEEFFED5] - |A| - [29/09/2017 14:41:12] - (.-.) - [0.77 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.contrast-white.png [MD5.831C579709F4761E4AB7053FCF4176EC] - |A| - [29/09/2017 14:41:12] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.png [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [0.07 Ko] - C:\WINDOWS\System32\restore [MD5.18823FB201EEA98C05CBF9482F5E401D] - |A| - [15/06/2016 16:23:37] - (.-.) - [16.04 Ko] - (0.0.0.0) - C:\WINDOWS\System32\results.xml [MD5.568A31B448E3CFCD92E79DE2EC10C64C] - |A| - [15/06/2016 16:31:53] - (.© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DAA Control Panel x64.) - [314.18 Ko] - (6.0.6001.18) - C:\WINDOWS\System32\RP3DAA64.dll [MD5.5BA977052A848A1D78CB30A83CEF8CD0] - |A| - [15/06/2016 16:31:53] - (.© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DHT Control Panel x64.) - [314.18 Ko] - (6.0.6001.18) - C:\WINDOWS\System32\RP3DHT64.dll [MD5.E1FDE033ED735A0E0CC9C3607F106733] - |A| - [13/07/2017 22:39:40] - (.Copyright (C) 2014 - RtCRX.) - [91.03 Ko] - (1.11.9600.0) - C:\WINDOWS\System32\RtCRX64.dll [MD5.43321B9B850EC88DDA0812968028EB09] - |A| - [15/06/2016 16:31:54] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 COM DLL x64.) - [209.8 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEED64A.dll [MD5.2417DD60A9980A81031C2BD113FB1570] - |A| - [15/06/2016 16:31:54] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 GFX APO x64.) - [86.28 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEEG64A.dll [MD5.B64225C23248AFDA5E4831631C484BB1] - |A| - [15/06/2016 16:31:54] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 LFX APO x64.) - [108.39 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEEL64A.dll [MD5.2CA1D1BB78C01BD51665D4CB5BA86F4A] - |A| - [15/06/2016 16:31:54] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 Control Panel x64.) - [378.24 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEEP64A.dll [MD5.F0908588473B8D92BD62D6C99C3739BB] - |A| - [11/04/2018 11:24:35] - (.-.) - [96 Ko] - (0.0.0.0) - C:\WINDOWS\System32\runexehelper.exe [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [29.5 Ko] - C:\WINDOWS\System32\rw-RW [MD5.5C18CD22BE4628865FCB63337A6E5EF6] - |A| - [29/09/2017 14:43:11] - (.-.) - [10.18 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScavengeSpace.xml [MD5.2F24BC74DCB28FE032C1596755385917] - |A| - [29/09/2017 14:41:12] - (.-.) - [0.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.contrast-black.png [MD5.E72B1B6800DE45AA9AE7E10F899E5999] - |A| - [29/09/2017 14:41:12] - (.-.) - [0.54 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.contrast-white.png [MD5.2F24BC74DCB28FE032C1596755385917] - |A| - [29/09/2017 14:41:12] - (.-.) - [0.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.png [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [30 Ko] - C:\WINDOWS\System32\sd-Arab-PK [MD5.A8308D2F3DDE0745E8B678BF69A2ECD0] - |A| - [29/09/2017 14:42:04] - (.-.) - [8 Ko] - (0.0.0.0) - C:\WINDOWS\System32\settings.dat [MD5.58CE62C639224DD374EC2D4185FC90D6] - |A| - [15/06/2016 16:31:54] - (.Copyright (c) 2006-2011 Synopsys, Inc. All Rights Reserved - SFAPO.DLL.) - [86.26 Ko] - (3.0.0.16) - C:\WINDOWS\System32\SFAPO64.dll [MD5.7240CB5EE99EC0F80C4D05D4EABF5E64] - |A| - [15/06/2016 16:31:54] - (.Copyright (c) 2006-2011 Synopsys, Inc. All Rights Reserved - SFCOM.DLL.) - [88.79 Ko] - (3.0.0.16) - C:\WINDOWS\System32\SFCOM64.dll [MD5.C3DB744A000A7A4F61CCFC37821B4CA8] - |A| - [15/06/2016 16:31:54] - (.Copyright (c) 2006-2011 Synopsys, Inc. All Rights Reserved - SFNHK.DLL.) - [226.48 Ko] - (3.0.0.16) - C:\WINDOWS\System32\SFNHK64.dll [MD5.B34D6A11C7F4A9B6A6B97F0466D205D7] - |A| - [15/06/2016 16:31:54] - (.Copyright (C) 2015 DTS, Inc. - DTS Universal APO DLL.) - [996.3 Ko] - (3.5.3.0) - C:\WINDOWS\System32\sl3apo64.dll [MD5.CB5AEE7214A2A279C90D683A7B962495] - |A| - [15/06/2016 16:31:54] - (.Copyright (C) 2015 DTS, Inc. - DTS APO Controller DLL.) - [1297.36 Ko] - (3.5.3.0) - C:\WINDOWS\System32\slcnt64.dll [MD5.00000000000000000000000000000000] - |D| - [30/10/2017 16:23:20] - [143076.85 Ko] - C:\WINDOWS\System32\SleepStudy [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:40:05] - [52.14 Ko] - C:\WINDOWS\System32\slmgr [MD5.87A3C74B4EDB367DA006EC3BF6983E83] - |A| - [15/06/2016 16:31:54] - (.TODO: (c) . - TODO: .) - [252.45 Ko] - (1.0.0.1) - C:\WINDOWS\System32\slprp64.dll [MD5.245D86A040F4556F523840398BA45F01] - |A| - [15/06/2016 16:31:54] - (.Copyright (C) 2015 DTS, Inc. - DTS APO Technology DLL.) - [2080.65 Ko] - (3.5.3.0) - C:\WINDOWS\System32\sltech64.dll [MD5.DAC275ABAAD2B689D7BB3685E4032072] - |A| - [29/09/2017 14:41:25] - (.-.) - [68.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SmallRoom.bin [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 09:45:11] - [13385.02 Ko] - C:\WINDOWS\System32\SMI [MD5.55121989BE7B289813D419BA0FDEE8B7] - |A| - [29/09/2017 14:41:12] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.contrast-black.png [MD5.E30B7D226E7B5B0EC2B9FC2316694ECC] - |A| - [29/09/2017 14:41:12] - (.-.) - [0.88 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.contrast-white.png [MD5.55121989BE7B289813D419BA0FDEE8B7] - |A| - [29/09/2017 14:41:12] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.png [MD5.8D30AAF519A40D69F6BABFFD60C75E56] - |A| - [15/03/2018 17:30:48] - (.-.) - [37 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SpectrumSyncClient.dll [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [7488.9 Ko] - C:\WINDOWS\System32\Speech [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [12685.58 Ko] - C:\WINDOWS\System32\Speech_OneCore [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [183982.5 Ko] - C:\WINDOWS\System32\spool [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [7589.23 Ko] - C:\WINDOWS\System32\spp [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [23.61 Ko] - C:\WINDOWS\System32\sppui [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [30.5 Ko] - C:\WINDOWS\System32\sq-AL [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [29.5 Ko] - C:\WINDOWS\System32\sr-Cyrl-BA [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [29.5 Ko] - C:\WINDOWS\System32\sr-Cyrl-RS [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [0 Ko] - C:\WINDOWS\System32\sr-Latn-CS [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [282 Ko] - C:\WINDOWS\System32\sr-Latn-RS [MD5.494F775FB467BD4C8B9F6A7BDB7D18E0] - |A| - [15/06/2016 16:31:54] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRAPO.DLL.) - [456.22 Ko] - (4.0.0.59) - C:\WINDOWS\System32\SRAPO64.dll [MD5.BFE61946FD6A42F45F59C6C562573ABE] - |A| - [15/06/2016 16:31:54] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRCOM.DLL.) - [333.16 Ko] - (4.0.0.59) - C:\WINDOWS\System32\SRCOM.dll [MD5.D09120F2C8B54EAE0145F9A928F3DA3F] - |A| - [15/06/2016 16:31:54] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRCOM.DLL.) - [372.48 Ko] - (4.0.0.59) - C:\WINDOWS\System32\SRCOM64.dll [MD5.B461D2CE1D93ADAB10E0E5495A06E403] - |A| - [29/09/2017 14:42:07] - (.-.) - [16.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\srms-apr.dat [MD5.047BCF71FB0E5EC754437879E8DAA7F6] - |A| - [29/09/2017 14:42:00] - (.-.) - [56.38 Ko] - (0.0.0.0) - C:\WINDOWS\System32\srms.dat [MD5.8F6CA93E769F9049BF1015D12212476D] - |A| - [15/06/2016 16:31:54] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRRPTR.DLL.) - [1401.51 Ko] - (4.0.0.59) - C:\WINDOWS\System32\SRRPTR64.dll [MD5.B0BC41ED1EA92F4ADC563572B459D67C] - |A| - [15/06/2016 16:31:54] - (.(c) 2007 SRS Labs, Inc. - COM object implementing SRS Headphone 360.) - [204.63 Ko] - (1.1.0.0) - C:\WINDOWS\System32\SRSHP64.dll [MD5.5D59D6959FA487E57217375B1C7B5D19] - |A| - [15/06/2016 16:31:54] - (.Copyright (c) 2006 SRS Labs, Inc.. - TruSurround HD and HD4 COM object for Windows.) - [216.77 Ko] - (1.1.4.0) - C:\WINDOWS\System32\SRSTSH64.dll [MD5.B78F97C326F7AB5B4471FE87807B0B95] - |A| - [15/06/2016 16:31:54] - (.Copyright 2002 SRS Labs, Inc. - TruSurroundXT Module.) - [519.91 Ko] - (3.2.0.0) - C:\WINDOWS\System32\SRSTSX64.dll [MD5.D682CAC7B952F727F1EDE6AB3249F529] - |A| - [15/06/2016 16:31:54] - (.(c) 2006 SRS Labs, Inc. - WOW HD COM object for Windows.) - [162.31 Ko] - (1.1.3.0) - C:\WINDOWS\System32\SRSWOW64.dll [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [64856 Ko] - C:\WINDOWS\System32\sru [MD5.1BA92CDCF58B0D7D298CC09799B4D431] - |A| - [29/09/2017 14:41:25] - (.-.) - [410 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ssdm.dll [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [341 Ko] - C:\WINDOWS\System32\sv-SE [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [29 Ko] - C:\WINDOWS\System32\sw-KE [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 09:45:13] - [1273.61 Ko] - C:\WINDOWS\System32\Sysprep [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [907.28 Ko] - C:\WINDOWS\System32\SystemResetPlatform [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [34 Ko] - C:\WINDOWS\System32\ta-IN [MD5.D602CA245CC6774A0981B607F0675609] - |A| - [29/09/2017 14:41:57] - (.-.) - [58.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\tcpmon.ini [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [30 Ko] - C:\WINDOWS\System32\te-IN [MD5.B88B8D017386A00D7724519F475317A0] - |A| - [29/09/2017 14:42:07] - (.-.) - [10.33 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlan.xslt [MD5.2F05390B798363D51EBE65D6320CD45E] - |A| - [29/09/2017 14:42:07] - (.-.) - [1.65 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlanCredentials.xslt [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [28.5 Ko] - C:\WINDOWS\System32\tt-RU [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [28 Ko] - C:\WINDOWS\System32\ug-CN [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [277.5 Ko] - C:\WINDOWS\System32\uk-UA [MD5.00000000000000000000000000000000] - |SD| - [29/09/2017 14:46:34] - [2739.52 Ko] - C:\WINDOWS\System32\UNP [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [29.5 Ko] - C:\WINDOWS\System32\ur-PK [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [32 Ko] - C:\WINDOWS\System32\uz-Latn-UZ [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [31.5 Ko] - C:\WINDOWS\System32\vi-VN [MD5.1B988EB24EBF64C993ED4DE6456C3BCD] - |A| - [08/01/2018 02:14:34] - (.Copyright © 1998-2017 VMware, Inc. - VMware bridge notify DLL (64-bit).) - [87.96 Ko] - (14.0.0.0) - C:\WINDOWS\System32\vmnetbridge.dll [MD5.81613540FBCFD93F7338E81EEF6C8B6B] - |A| - [13/01/2018 22:15:20] - (.Copyright © 1998-2017 VMware, Inc. - VMware network adapter install library.) - [130.96 Ko] - (14.0.0.0) - C:\WINDOWS\System32\vnetinst.dll [MD5.C7D3AAD099A78953C7805C858797C8FD] - |A| - [13/01/2018 22:15:13] - (.Copyright © 1998-2018 VMware, Inc. - VMware network install library.) - [1107.48 Ko] - (14.1.1.28517) - C:\WINDOWS\System32\vnetlib64.dll [MD5.30B42A76C864E5EEB6DD85D98F4D51D3] - |A| - [13/01/2018 22:15:57] - (.Copyright © 1998-2016 VMware, Inc. - VSockets Library.) - [67.48 Ko] - (9.8.8.0) - C:\WINDOWS\System32\vsocklib.dll [MD5.84DAF10A6848CA5067292BCC811BA526] - |A| - [15/06/2016 16:31:54] - (.Copyright © 1996-2012 - General Library for Plug-Ins.) - [2061.13 Ko] - (4.4.5.0) - C:\WINDOWS\System32\WavesGUILib64.dll [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [86340.77 Ko] - C:\WINDOWS\System32\wbem [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:40:05] - [0 Ko] - C:\WINDOWS\System32\WCN [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [249362.2 Ko] - C:\WINDOWS\System32\WDI [MD5.6EDD021A8B6457DDE09DE7B7FA4E8C8B] - |A| - [29/09/2017 14:41:40] - (.-.) - [0.6 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WdsUnattendTemplate.xml [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [1.12 Ko] - C:\WINDOWS\System32\WinBioDatabase [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [80245.93 Ko] - C:\WINDOWS\System32\WinBioPlugIns [MD5.A6044F238153107EA29DF96EC279E00A] - |A| - [20/10/2016 15:46:50] - (.Copyright © 2017 - Java(TM) Platform SE binary.) - [141.06 Ko] - (9.0.4.0) - C:\WINDOWS\System32\WindowsAccessBridge-64.dll [MD5.1E38A547C9380DAB0F0692E1EE9CC5B3] - |A| - [29/09/2017 14:41:27] - (.-.) - [102.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WindowsDefaultHeatProcessor.dll [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [9466.27 Ko] - C:\WINDOWS\System32\WindowsPowerShell [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [204644 Ko] - C:\WINDOWS\System32\winevt [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [5286.48 Ko] - C:\WINDOWS\System32\WinMetadata [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:40:05] - [107.53 Ko] - C:\WINDOWS\System32\winrm [MD5.E35C8A0294283EAEB8F83A0AED6765FB] - |A| - [17/10/2016 21:51:28] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\WINDOWS\System32\winzvprt5.sys [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [27.5 Ko] - C:\WINDOWS\System32\wo-SN [MD5.C30C621748C66CE751B19B2788559A3E] - |A| - [29/09/2017 14:42:07] - (.-.) - [4.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpcmon.png [MD5.D224E07A6F89FD14C3FD8A83127811CC] - |A| - [29/09/2017 14:41:43] - (.-.) - [0.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpr.config.xml [MD5.200BCDE9B44C32B1633B68A9AADA8AAA] - |A| - [29/09/2017 14:41:25] - (.-.) - [78 Ko] - (0.0.0.0) - C:\WINDOWS\System32\xboxgipsynthetic.dll [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [30 Ko] - C:\WINDOWS\System32\xh-ZA [MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [29/09/2017 14:42:13] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@AudioToastIcon.png [MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [29/09/2017 14:42:11] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@EnrollmentToastIcon.png [MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [29/09/2017 14:42:24] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@VpnToastIcon.png [MD5.DB71001FC261F6685BE410527DAE3942] - |A| - [29/09/2017 14:42:13] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@WirelessDisplayToast.png [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 09:45:15] - [2001.4 Ko] - C:\WINDOWS\SysWOW64\AdvancedInstallers [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [29.5 Ko] - C:\WINDOWS\SysWOW64\af-ZA [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [22 Ko] - C:\WINDOWS\SysWOW64\am-ET [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [0 Ko] - C:\WINDOWS\SysWOW64\AppLocker [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [280.5 Ko] - C:\WINDOWS\SysWOW64\ar-SA [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [30.5 Ko] - C:\WINDOWS\SysWOW64\as-IN [MD5.EC52252536D32ACED10B8275FDA43157] - |A| - [31/10/2017 13:47:52] - (.-.) - [2.82 Ko] - (2.7.6.2006) - C:\WINDOWS\SysWOW64\audcon.sys [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [30 Ko] - C:\WINDOWS\SysWOW64\az-Latn-AZ [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [29.5 Ko] - C:\WINDOWS\SysWOW64\be-BY [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [265.5 Ko] - C:\WINDOWS\SysWOW64\bg-BG [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [28.5 Ko] - C:\WINDOWS\SysWOW64\bn-BD [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [29.5 Ko] - C:\WINDOWS\SysWOW64\bn-IN [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [28.5 Ko] - C:\WINDOWS\SysWOW64\bs-Latn-BA [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [0.1 Ko] - C:\WINDOWS\SysWOW64\Bthprops [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [30.5 Ko] - C:\WINDOWS\SysWOW64\ca-ES [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [31 Ko] - C:\WINDOWS\SysWOW64\ca-ES-valencia [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [0 Ko] - C:\WINDOWS\SysWOW64\catroot [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [23 Ko] - C:\WINDOWS\SysWOW64\chr-CHER-US [MD5.209FDF5096AFD1312B98527B8B7B852E] - |A| - [17/05/2016 23:49:10] - (.-.) - [952 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\cis-2.4.dll [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [315 Ko] - C:\WINDOWS\SysWOW64\com [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [261.97 Ko] - C:\WINDOWS\SysWOW64\config [MD5.00000000000000000000000000000000] - |SD| - [29/09/2017 14:46:34] - [53.11 Ko] - C:\WINDOWS\SysWOW64\Configuration [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [325 Ko] - C:\WINDOWS\SysWOW64\cs-CZ [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [31.5 Ko] - C:\WINDOWS\SysWOW64\cy-GB [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [322 Ko] - C:\WINDOWS\SysWOW64\da-DK [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [364 Ko] - C:\WINDOWS\SysWOW64\de-DE [MD5.C04ED7B2794D40E8E777FD44ED44FC50] - |A| - [29/09/2017 14:42:09] - (.-.) - [0.36 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\DefaultAccountTile.png [MD5.00000000000000000000000000000000] - |SD| - [29/09/2017 14:46:34] - [200.5 Ko] - C:\WINDOWS\SysWOW64\DiagSvcs [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [6895.31 Ko] - C:\WINDOWS\SysWOW64\Dism [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [1079.58 Ko] - C:\WINDOWS\SysWOW64\downlevel [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [3410.78 Ko] - C:\WINDOWS\SysWOW64\drivers [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [0.32 Ko] - C:\WINDOWS\SysWOW64\DriverStore [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [358.5 Ko] - C:\WINDOWS\SysWOW64\el-GR [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:40:05] - [0 Ko] - C:\WINDOWS\SysWOW64\en [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [251.5 Ko] - C:\WINDOWS\SysWOW64\en-GB [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [1533.03 Ko] - C:\WINDOWS\SysWOW64\en-US [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [349.5 Ko] - C:\WINDOWS\SysWOW64\es-ES [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [277 Ko] - C:\WINDOWS\SysWOW64\es-MX [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [247.5 Ko] - C:\WINDOWS\SysWOW64\et-EE [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [29 Ko] - C:\WINDOWS\SysWOW64\eu-ES [MD5.00000000000000000000000000000000] - |SD| - [29/09/2017 14:46:34] - [24198.66 Ko] - C:\WINDOWS\SysWOW64\F12 [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [28.5 Ko] - C:\WINDOWS\SysWOW64\fa-IR [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [325 Ko] - C:\WINDOWS\SysWOW64\fi-FI [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [32.5 Ko] - C:\WINDOWS\SysWOW64\fil-PH [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:40:05] - [3149.5 Ko] - C:\WINDOWS\SysWOW64\fr [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [284 Ko] - C:\WINDOWS\SysWOW64\fr-CA [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [37531.15 Ko] - C:\WINDOWS\SysWOW64\fr-FR [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [0 Ko] - C:\WINDOWS\SysWOW64\FxsTmp [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [32.5 Ko] - C:\WINDOWS\SysWOW64\ga-IE [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [34 Ko] - C:\WINDOWS\SysWOW64\gd-GB [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [31 Ko] - C:\WINDOWS\SysWOW64\gl-ES [MD5.3E9C1F83273524020AE7B27EF959F133] - |A| - [15/06/2016 16:15:36] - (.-.) - [87.39 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\Gms.log [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [0.01 Ko] - C:\WINDOWS\SysWOW64\GroupPolicy [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [0 Ko] - C:\WINDOWS\SysWOW64\GroupPolicyUsers [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [29 Ko] - C:\WINDOWS\SysWOW64\gu-IN [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [29 Ko] - C:\WINDOWS\SysWOW64\ha-Latn-NG [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [266.5 Ko] - C:\WINDOWS\SysWOW64\he-IL [MD5.3A7F920893FD6F49BC4CC07B72914013] - |A| - [29/09/2017 14:42:09] - (.-.) - [188.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\HeatCore.dll [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [29 Ko] - C:\WINDOWS\SysWOW64\hi-IN [MD5.E71DF85B60E5A8D543FA4E12E6B9E919] - |A| - [17/10/2016 18:39:50] - (.-.) - [309.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\hpcc3117.DLL [MD5.C513A5994C9C2646EDF849BFC3F1362F] - |A| - [07/10/2016 15:19:50] - (.© Copyright 1997-2016 HPDC LP - HP Settings.) - [442.91 Ko] - (0.3.1584.21178) - C:\WINDOWS\SysWOW64\hpcc3190.dll [MD5.F358EB01CC97EEAE77AB339629729174] - |A| - [07/10/2016 15:19:50] - (.Copyright © 2001-2015 HPDC LP - DMC Component.) - [590.41 Ko] - (0.3.1544.79) - C:\WINDOWS\SysWOW64\hpcdmc32.dll [MD5.5F3110954E7320FEAD137641246ED979] - |A| - [16/09/2009 17:40:14] - (.-.) - [9.52 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\hptcpmui.hlp [MD5.B6AD58867A423595C1661B9C73E09414] - |A| - [15/06/2016 03:35:48] - (.© Copyright 2015 HP Development Company, L.P. - IEEE-1284.4-1999 Run-time library (kernel).) - [54 Ko] - (21.1.1.1544) - C:\WINDOWS\SysWOW64\HPZidr12.dll [MD5.A0C3DA4A1DA9B469ADE1CE0877474E9C] - |A| - [15/06/2016 03:35:48] - (.© Copyright 2015 HP Development Company, L.P. - PML Run-time library.) - [38.5 Ko] - (21.1.1.1544) - C:\WINDOWS\SysWOW64\HPZipr12.dll [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [258 Ko] - C:\WINDOWS\SysWOW64\hr-HR [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [331 Ko] - C:\WINDOWS\SysWOW64\hu-HU [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [27.5 Ko] - C:\WINDOWS\SysWOW64\hy-AM [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [36.27 Ko] - C:\WINDOWS\SysWOW64\icsxml [MD5.F0851D76262FF35F76156F628A04099B] - |RA| - [29/09/2017 14:42:11] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU I18N DLL.) - [1602.5 Ko] - (59.1.0.0) - C:\WINDOWS\SysWOW64\icuin.dll [MD5.40E2D734687DAF397D472B70FC305781] - |RA| - [29/09/2017 14:42:11] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Common DLL.) - [1131.5 Ko] - (59.1.0.0) - C:\WINDOWS\SysWOW64\icuuc.dll [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [28.5 Ko] - C:\WINDOWS\SysWOW64\id-ID [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [27 Ko] - C:\WINDOWS\SysWOW64\ig-NG [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [20706.67 Ko] - C:\WINDOWS\SysWOW64\IME [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [0 Ko] - C:\WINDOWS\SysWOW64\inetsrv [MD5.4F6BFC6464D620149C2BB60243C6A3B8] - |A| - [29/09/2017 14:42:11] - (.-.) - [146.33 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\InputHost.dll [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [218.5 Ko] - C:\WINDOWS\SysWOW64\InputMethod [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [1160 Ko] - C:\WINDOWS\SysWOW64\InstallShield [MD5.7239B44EEDABAB95545DD1ABBBA1E73F] - |A| - [23/11/2016 02:02:08] - (.Copyright © The Khronos Group Inc 2014 - OpenCL Client DLL.) - [102.01 Ko] - (2.1.0.0) - C:\WINDOWS\SysWOW64\Intel_OpenCL_ICD32.dll [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [0 Ko] - C:\WINDOWS\SysWOW64\Ipmi [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [29 Ko] - C:\WINDOWS\SysWOW64\is-IS [MD5.D8D6FA22135619B3C3B32441571B3C4F] - |A| - [17/05/2016 23:49:10] - (.-.) - [80 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\issacapi_bs-2.3.dll [MD5.18DB794E8C223A248671D4A9409AED23] - |A| - [17/05/2016 23:49:10] - (.-.) - [64 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\issacapi_pe-2.3.dll [MD5.F7D4D358EE74ADF1ECDEEFBA35765D22] - |A| - [17/05/2016 23:49:10] - (.-.) - [56 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\issacapi_se-2.3.dll [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [350 Ko] - C:\WINDOWS\SysWOW64\it-IT [MD5.D2E6CC3733FCA7C9B976ABE9D85C8251] - |A| - [23/11/2016 02:02:16] - (.-.) - [138.01 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\libEGL.dll [MD5.61159DAFE80A86C0DD6A4A768EA2C5B7] - |A| - [23/11/2016 02:02:22] - (.-.) - [99 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\libGLESv1_CM.dll [MD5.B680DCA23FEB1E3383CB6932660F342A] - |A| - [23/11/2016 02:02:26] - (.-.) - [109.51 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\libGLESv2.dll [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [212.14 Ko] - C:\WINDOWS\SysWOW64\Licenses [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [27 Ko] - C:\WINDOWS\SysWOW64\lo-LA [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [0 Ko] - C:\WINDOWS\SysWOW64\LogFiles [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [254.5 Ko] - C:\WINDOWS\SysWOW64\lt-LT [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [256 Ko] - C:\WINDOWS\SysWOW64\lv-LV [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [69621.76 Ko] - C:\WINDOWS\SysWOW64\Macromed [MD5.8901A0803B5601DC1DF5ECC99339C09B] - |A| - [17/05/2016 23:49:10] - (.Copyright (C) 2003-2004, (?) ???? - ????? ???? ?????.) - [44 Ko] - (1.2.2005.128) - C:\WINDOWS\SysWOW64\MACXMLProto.dll [MD5.C2CDFD61447D278C96B441C13F8F71BE] - |A| - [17/05/2016 23:49:10] - (.Copyright (C) 2003 - MaDRM DLL.) - [116 Ko] - (3.0.2004.1011) - C:\WINDOWS\SysWOW64\MaDRM.dll [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [32.68 Ko] - C:\WINDOWS\SysWOW64\MailContactsCalendarSync [MD5.B5B76E18B10724CF0D88CCC9B1F4FB37] - |A| - [17/05/2016 23:49:10] - (.Copyright (C) 2003, (?) ???? - MaJGUILib DLL.) - [48 Ko] - (1.0.2004.301) - C:\WINDOWS\SysWOW64\MaJGUILib.dll [MD5.9B2F9CC5BD4D266A2E76DBFECDDB0122] - |A| - [17/05/2016 23:49:10] - (.Copyright ? 2004 MarkAny Inc. - ???? MAC ?? ?? DLL.) - [44.26 Ko] - (1.0.2009.930) - C:\WINDOWS\SysWOW64\MAMACExtract.dll [MD5.2C16CF611C87FAB86B287CFFBA91B647] - |A| - [17/05/2016 23:49:10] - (.Copyright (C) 2004 - (?)???? ContentSAFER Cleaner.) - [24 Ko] - (3.0.2006.925) - C:\WINDOWS\SysWOW64\MASetupCleaner.exe [MD5.AD2454F9D19FDCA0FF26F48E809F5361] - |A| - [17/05/2016 23:49:10] - (.Copyright (C) 2003-2004, (?) ???? - MaXMLProto DLL.) - [44 Ko] - (1.0.2004.602) - C:\WINDOWS\SysWOW64\MaXMLProto.dll [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [29 Ko] - C:\WINDOWS\SysWOW64\mi-NZ [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [3067.44 Ko] - C:\WINDOWS\SysWOW64\migration [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [815.4 Ko] - C:\WINDOWS\SysWOW64\migwiz [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [30 Ko] - C:\WINDOWS\SysWOW64\mk-MK [MD5.01FB39AD6F00AEF968372027259E8F13] - |A| - [17/05/2016 23:49:10] - (.Copyright ? 2004 - MK_Lyric.) - [56 Ko] - (1.0.1124.1) - C:\WINDOWS\SysWOW64\MK_Lyric.dll [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [32.5 Ko] - C:\WINDOWS\SysWOW64\ml-IN [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [30.5 Ko] - C:\WINDOWS\SysWOW64\mn-MN [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [29.5 Ko] - C:\WINDOWS\SysWOW64\mr-IN [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [30 Ko] - C:\WINDOWS\SysWOW64\ms-MY [MD5.422D36A4743BF9CC2A787A68D9C9A988] - |A| - [17/05/2016 23:49:10] - (.Copyright (C) 2005 Teruten Inc. - MSCLib DLL.) - [240 Ko] - (1.0.0.8) - C:\WINDOWS\SysWOW64\MSCLib.dll [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [45.5 Ko] - C:\WINDOWS\SysWOW64\MSDRM [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [52.28 Ko] - C:\WINDOWS\SysWOW64\Msdtc [MD5.99089A2B318765568F2745BBF1A4F870] - |A| - [17/05/2016 23:49:10] - (.Copyright (C) 2005 Teruten Inc. - MSFLib DLL.) - [152 Ko] - (1.0.0.7) - C:\WINDOWS\SysWOW64\MSFLib.dll [MD5.EA65E37686BA38E13CA722A81F622C2E] - |A| - [17/10/2016 21:51:48] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\msiexec.log [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [31 Ko] - C:\WINDOWS\SysWOW64\mt-MT [MD5.CF25249C36368124E0FF9E6B68194460] - |A| - [17/05/2016 23:49:10] - (.Copyright (C) 2001 Telechips Inc., - USB Dynamic Link Library for TCC730.) - [40 Ko] - (1.9.4.2) - C:\WINDOWS\SysWOW64\MTTELECHIP.dll [MD5.E8558EFAD97B3D10A73E8DC9426E4DCA] - |A| - [17/05/2016 23:49:10] - (.Copyright 2004 Marktek Inc. - MTXSYNCICON Module.) - [56 Ko] - (1.0.0.1) - C:\WINDOWS\SysWOW64\MTXSYNCICON.dll [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [19.15 Ko] - C:\WINDOWS\SysWOW64\MUI [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [315 Ko] - C:\WINDOWS\SysWOW64\nb-NO [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [0 Ko] - C:\WINDOWS\SysWOW64\NDF [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [31.5 Ko] - C:\WINDOWS\SysWOW64\ne-NP [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [51 Ko] - C:\WINDOWS\SysWOW64\networklist [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [338 Ko] - C:\WINDOWS\SysWOW64\nl-NL [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [28.5 Ko] - C:\WINDOWS\SysWOW64\nn-NO [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [30.5 Ko] - C:\WINDOWS\SysWOW64\nso-ZA [MD5.00000000000000000000000000000000] - |SD| - [29/09/2017 14:46:34] - [3781.5 Ko] - C:\WINDOWS\SysWOW64\Nui [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [641.72 Ko] - C:\WINDOWS\SysWOW64\oobe [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [32.5 Ko] - C:\WINDOWS\SysWOW64\or-IN [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [28.5 Ko] - C:\WINDOWS\SysWOW64\pa-Arab-PK [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [30 Ko] - C:\WINDOWS\SysWOW64\pa-IN [MD5.25229C1BC55B5899119A87B9DDB1243B] - |A| - [30/11/2017 21:08:20] - (.-.) - [2627.16 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\PerfStringBackup.INI [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [336.5 Ko] - C:\WINDOWS\SysWOW64\pl-PL [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:40:06] - [420.42 Ko] - C:\WINDOWS\SysWOW64\Printing_Admin_Scripts [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [30.5 Ko] - C:\WINDOWS\SysWOW64\prs-AF [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [338.5 Ko] - C:\WINDOWS\SysWOW64\pt-BR [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [333.5 Ko] - C:\WINDOWS\SysWOW64\pt-PT [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [32.5 Ko] - C:\WINDOWS\SysWOW64\quc-Latn-GT [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [30.5 Ko] - C:\WINDOWS\SysWOW64\quz-PE [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [23.75 Ko] - C:\WINDOWS\SysWOW64\ras [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [0 Ko] - C:\WINDOWS\SysWOW64\RasToast [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [0.82 Ko] - C:\WINDOWS\SysWOW64\Recovery [MD5.A64711C9CF690718EADA750370EC5EB2] - |A| - [16/02/2018 20:39:30] - (.Copyright (c) 2000 - 2010 Dmitry Streblechenko - Outlook Redemption COM library.) - [4550.5 Ko] - (4.8.0.1184) - C:\WINDOWS\SysWOW64\Redemption.dll [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [0 Ko] - C:\WINDOWS\SysWOW64\restore [MD5.7753FC56F9CAC4B5AFDA3196DB654F21] - |A| - [16/02/2018 20:39:31] - (.Copyright © 2004-2010 MAPILab Ltd. & Add-in Express Ltd. - Security Manager Component for Microsoft Outlook allows to turn off and on Outlook Object Model Security Guard.) - [141.27 Ko] - (3.0.0.0) - C:\WINDOWS\SysWOW64\secman.dll [MD5.BFE61946FD6A42F45F59C6C562573ABE] - |A| - [15/06/2016 16:31:54] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRCOM.DLL.) - [333.16 Ko] - (4.0.0.59) - C:\WINDOWS\SysWOW64\SRCOM.dll [MD5.B461D2CE1D93ADAB10E0E5495A06E403] - |A| - [29/09/2017 14:42:27] - (.-.) - [16.74 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\srms-apr.dat [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [0 Ko] - C:\WINDOWS\SysWOW64\sru [MD5.30FE146E2F0712AFEEA1ECF3E0EA270C] - |A| - [29/09/2017 14:42:09] - (.-.) - [302 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\ssdm.dll [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [321.5 Ko] - C:\WINDOWS\SysWOW64\sv-SE [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [29 Ko] - C:\WINDOWS\SysWOW64\sw-KE [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:40:06] - [0 Ko] - C:\WINDOWS\SysWOW64\sysprep [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [34 Ko] - C:\WINDOWS\SysWOW64\ta-IN [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [0 Ko] - C:\WINDOWS\SysWOW64\Tasks [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [30 Ko] - C:\WINDOWS\SysWOW64\te-IN [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [32 Ko] - C:\WINDOWS\SysWOW64\tg-Cyrl-TJ [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [241 Ko] - C:\WINDOWS\SysWOW64\th-TH [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [22.5 Ko] - C:\WINDOWS\SysWOW64\ti-ET [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [27.5 Ko] - C:\WINDOWS\SysWOW64\tk-TM [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [32.5 Ko] - C:\WINDOWS\SysWOW64\tn-ZA [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [316.5 Ko] - C:\WINDOWS\SysWOW64\tr-TR [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [28.5 Ko] - C:\WINDOWS\SysWOW64\tt-RU [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [28 Ko] - C:\WINDOWS\SysWOW64\ug-CN [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [257 Ko] - C:\WINDOWS\SysWOW64\uk-UA [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [29.5 Ko] - C:\WINDOWS\SysWOW64\ur-PK [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [32 Ko] - C:\WINDOWS\SysWOW64\uz-Latn-UZ [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [31.5 Ko] - C:\WINDOWS\SysWOW64\vi-VN [MD5.28CEA490E814C54061E2C5CC5691F670] - |A| - [13/01/2018 22:15:21] - (.Copyright © 1998-2018 VMware, Inc. - VMware NAT Service.) - [392.98 Ko] - (14.1.1.28517) - C:\WINDOWS\SysWOW64\vmnat.exe [MD5.388C394F201EA253F5CF287961502A15] - |A| - [13/01/2018 22:15:22] - (.Copyright © 1998-2018 VMware, Inc. - VMware VMnet DHCP service.) - [358.48 Ko] - (14.1.1.28517) - C:\WINDOWS\SysWOW64\vmnetdhcp.exe [MD5.69708592228223CA7B4FBCF49ED65BEA] - |A| - [13/01/2018 22:15:57] - (.Copyright © 1998-2016 VMware, Inc. - VSockets Library.) - [63.49 Ko] - (9.8.8.0) - C:\WINDOWS\SysWOW64\vsocklib.dll [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [15685.13 Ko] - C:\WINDOWS\SysWOW64\wbem [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:40:06] - [0 Ko] - C:\WINDOWS\SysWOW64\WCN [MD5.A6044F238153107EA29DF96EC279E00A] - |A| - [01/03/2018 14:58:18] - (.Copyright © 2017 - Java(TM) Platform SE binary.) - [141.06 Ko] - (9.0.4.0) - C:\WINDOWS\SysWOW64\WindowsAccessBridge-64.dll [MD5.ACC1181C0AA4D01B537F53A1CC33E766] - |A| - [29/09/2017 14:42:09] - (.-.) - [90 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\WindowsDefaultHeatProcessor.dll [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [8698.68 Ko] - C:\WINDOWS\SysWOW64\WindowsPowerShell [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [5286.49 Ko] - C:\WINDOWS\SysWOW64\WinMetadata [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:40:06] - [107.53 Ko] - C:\WINDOWS\SysWOW64\winrm [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [27.5 Ko] - C:\WINDOWS\SysWOW64\wo-SN [MD5.12D91C9A9837995A137ACE4B2E674918] - |A| - [29/09/2017 14:42:09] - (.-.) - [54.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\xboxgipsynthetic.dll [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [30 Ko] - C:\WINDOWS\SysWOW64\xh-ZA [MD5.00000000000000000000000000000000] - |D| - [30/10/2017 16:16:48] - [10.16 Ko] - C:\WINDOWS\SysWOW64\XPSViewer [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [29 Ko] - C:\WINDOWS\SysWOW64\yo-NG [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [220.5 Ko] - C:\WINDOWS\SysWOW64\zh-CN [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\zh-HK [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [214.5 Ko] - C:\WINDOWS\SysWOW64\zh-TW [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [30 Ko] - C:\WINDOWS\SysWOW64\zu-ZA ---------- | Shell Folders [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] "!Do not use this registry key"=Use the SHGetFolderPath or SHGetKnownFolderPath function instead "AppData"=C:\Users\ligma\AppData\Roaming [30/10/2017 16:24:51] "Local AppData"=C:\Users\ligma\AppData\Local [30/10/2017 16:24:51] "CD Burning"=C:\Users\ligma\AppData\Local\Microsoft\Windows\Burn\Burn [30/10/2017 16:39:24] "{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"=C:\Users\ligma\AppData\Roaming\Microsoft\Windows\Libraries [02/10/2016 10:57:36] "My Video"=C:\Users\ligma\Videos [02/10/2016 10:53:55] "My Pictures"=C:\Users\ligma\Pictures [02/10/2016 10:53:55] "Desktop"=C:\Users\ligma\Desktop [02/10/2016 10:53:55] "History"=C:\Users\ligma\AppData\Local\Microsoft\Windows\History [02/10/2016 10:53:55] "NetHood"=C:\Users\ligma\AppData\Roaming\Microsoft\Windows\Network Shortcuts [30/10/2017 16:24:51] "{56784854-C6CB-462B-8169-88E350ACB882}"=C:\Users\ligma\Contacts [02/10/2016 10:57:37] "{00BCFC5A-ED94-4E48-96A1-3F6217F21990}"=C:\Users\ligma\AppData\Local\Microsoft\Windows\RoamingTiles [02/10/2016 10:57:37] "Cookies"=C:\Users\ligma\AppData\Local\Microsoft\Windows\INetCookies [02/10/2016 10:53:55] "Favorites"=C:\Users\ligma\Favorites [02/10/2016 10:53:55] "SendTo"=C:\Users\ligma\AppData\Roaming\Microsoft\Windows\SendTo [13/10/2016 15:41:28] "Start Menu"=C:\Users\ligma\AppData\Roaming\Microsoft\Windows\Start Menu [13/10/2016 15:41:28] "My Music"=C:\Users\ligma\Music [02/10/2016 10:53:55] "Programs"=C:\Users\ligma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [13/10/2016 15:41:28] "Recent"=C:\Users\ligma\AppData\Roaming\Microsoft\Windows\Recent [02/10/2016 10:53:55] "PrintHood"=C:\Users\ligma\AppData\Roaming\Microsoft\Windows\Printer Shortcuts [30/10/2017 16:24:51] "{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}"=C:\Users\ligma\Searches [02/10/2016 10:57:37] "{374DE290-123F-4565-9164-39C4925E467B}"=C:\Users\ligma\Downloads [02/10/2016 10:53:55] "{A520A1A4-1780-4FF6-BD18-167343C5AF16}"=C:\Users\ligma\AppData\LocalLow [02/10/2016 10:55:26] "Startup"=C:\Users\ligma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [02/10/2016 10:57:37] "Administrative Tools"=C:\Users\ligma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [02/10/2016 10:57:37] "Personal"=C:\Users\ligma\Documents [02/10/2016 10:53:55] "{BFB9D5E0-C6A9-404C-B2B2-AE6DB6AF4968}"=C:\Users\ligma\Links [02/10/2016 10:53:55] "Cache"=C:\Users\ligma\AppData\Local\Microsoft\Windows\INetCache [30/10/2017 16:24:51] "Templates"=C:\Users\ligma\AppData\Roaming\Microsoft\Windows\Templates [30/10/2017 16:24:51] "{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}"=C:\Users\ligma\Saved Games [02/10/2016 10:53:55] "Fonts"=C:\WINDOWS\Fonts [29/09/2017 14:46:33] [HKU\S-1-5-21-3183174187-342176784-3280352271-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders] "AppData"=%USERPROFILE%\AppData\Roaming "Cache"=%USERPROFILE%\AppData\Local\Microsoft\Windows\INetCache "Cookies"=%USERPROFILE%\AppData\Local\Microsoft\Windows\INetCookies "Desktop"=%USERPROFILE%\Desktop "Favorites"=%USERPROFILE%\Favorites "History"=%USERPROFILE%\AppData\Local\Microsoft\Windows\History "Local AppData"=%USERPROFILE%\AppData\Local "My Music"=%USERPROFILE%\Music "My Pictures"=%USERPROFILE%\Pictures "My Video"=%USERPROFILE%\Videos "NetHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Network Shortcuts "Personal"=%USERPROFILE%\Documents "PrintHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Printer Shortcuts "Programs"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs "Recent"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Recent "SendTo"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\SendTo "Start Menu"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu "Startup"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup "Templates"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Templates "{374DE290-123F-4565-9164-39C4925E467B}"=%USERPROFILE%\Downloads "{339719B5-8C47-4894-94C2-D8F77ADD44A6}"=C:\Users\ligma\OneDrive\Images [21/10/2016 12:30:40] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] "Common Administrative Tools"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [29/09/2017 14:46:33] "Common AppData"=C:\ProgramData [29/09/2017 14:46:33] "Common Desktop"=C:\Users\Public\Desktop [30/10/2015 08:24:24] "Common Documents"=C:\Users\Public\Documents [30/10/2015 08:24:24] "Common Programs"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs [29/09/2017 14:46:33] "Common Start Menu"=C:\ProgramData\Microsoft\Windows\Start Menu [29/09/2017 14:46:33] "Common Startup"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [29/09/2017 14:46:33] "Common Templates"=C:\ProgramData\Microsoft\Windows\Templates [30/10/2015 08:24:24] "CommonMusic"=C:\Users\Public\Music [30/10/2015 08:24:24] "CommonPictures"=C:\Users\Public\Pictures [30/10/2015 08:24:24] "CommonVideo"=C:\Users\Public\Videos [30/10/2015 08:24:24] "OEM Links"=C:\ProgramData\OEM\Links [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders] "Common AppData"=%ProgramData% "Common Desktop"=%PUBLIC%\Desktop "Common Documents"=%PUBLIC%\Documents "Common Programs"=%ProgramData%\Microsoft\Windows\Start Menu\Programs "Common Start Menu"=%ProgramData%\Microsoft\Windows\Start Menu "Common Startup"=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup "Common Templates"=%ProgramData%\Microsoft\Windows\Templates "CommonMusic"=%PUBLIC%\Music "CommonPictures"=%PUBLIC%\Pictures "CommonVideo"=%PUBLIC%\Videos "{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"=%PUBLIC%\Downloads [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] "Common Administrative Tools"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [29/09/2017 14:46:33] "Common AppData"=C:\ProgramData [29/09/2017 14:46:33] "Common Desktop"=C:\Users\Public\Desktop [30/10/2015 08:24:24] "Common Documents"=C:\Users\Public\Documents [30/10/2015 08:24:24] "Common Programs"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs [29/09/2017 14:46:33] "Common Start Menu"=C:\ProgramData\Microsoft\Windows\Start Menu [29/09/2017 14:46:33] "Common Startup"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [29/09/2017 14:46:33] "Common Templates"=C:\ProgramData\Microsoft\Windows\Templates [30/10/2015 08:24:24] "CommonMusic"=C:\Users\Public\Music [30/10/2015 08:24:24] "CommonPictures"=C:\Users\Public\Pictures [30/10/2015 08:24:24] "CommonVideo"=C:\Users\Public\Videos [30/10/2015 08:24:24] "OEM Links"=C:\ProgramData\OEM\Links [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders] "Common AppData"=%ProgramData% "Common Desktop"=%PUBLIC%\Desktop "Common Documents"=%PUBLIC%\Documents "Common Programs"=%ProgramData%\Microsoft\Windows\Start Menu\Programs "Common Start Menu"=%ProgramData%\Microsoft\Windows\Start Menu "Common Startup"=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup "Common Templates"=%ProgramData%\Microsoft\Windows\Templates "CommonMusic"=%PUBLIC%\Music "CommonPictures"=%PUBLIC%\Pictures "CommonVideo"=%PUBLIC%\Videos "{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"=%PUBLIC%\Downloads ---------- | [Boun] [25/11/2017 23:30:10] - |D| - [211227308] - C:\Users\Boun\AppData\Local [25/11/2017 23:30:13] - |D| - [238452] - C:\Users\Boun\AppData\LocalLow [25/11/2017 23:30:09] - |D| - [484487] - C:\Users\Boun\AppData\Roaming [25/11/2017 23:30:13] - |SHD| - [0] - C:\Users\Boun\AppData\Local\Application Data [25/11/2017 23:30:14] - |D| - [1832] - C:\Users\Boun\AppData\Local\ConnectedDevicesPlatform [25/11/2017 23:43:31] - |D| - [0] - C:\Users\Boun\AppData\Local\DBG [25/11/2017 23:30:22] - |D| - [40] - C:\Users\Boun\AppData\Local\Google [25/11/2017 23:30:13] - |SHD| - [0] - C:\Users\Boun\AppData\Local\Historique [25/11/2017 23:43:42] - |AH| - [11236] - C:\Users\Boun\AppData\Local\IconCache.db [25/11/2017 23:30:10] - |D| - [180277548] - C:\Users\Boun\AppData\Local\Microsoft [25/11/2017 23:30:31] - |D| - [78744] - C:\Users\Boun\AppData\Local\MicrosoftEdge [25/11/2017 23:30:18] - |D| - [30857868] - C:\Users\Boun\AppData\Local\Packages [25/11/2017 23:30:51] - |D| - [0] - C:\Users\Boun\AppData\Local\PlaceholderTileLogoFolder [25/11/2017 23:30:26] - |D| - [0] - C:\Users\Boun\AppData\Local\Publishers [25/11/2017 23:30:10] - |D| - [0] - C:\Users\Boun\AppData\Local\Temp [25/11/2017 23:30:13] - |SHD| - [0] - C:\Users\Boun\AppData\Local\Temporary Internet Files [25/11/2017 23:30:18] - |D| - [0] - C:\Users\Boun\AppData\Local\VirtualStore [25/11/2017 23:30:17] - |D| - [40] - C:\Users\Boun\AppData\Local\Vivaldi [25/11/2017 23:30:26] - |SD| - [223253] - C:\Users\Boun\AppData\LocalLow\Microsoft [25/11/2017 23:35:58] - |D| - [15199] - C:\Users\Boun\AppData\LocalLow\Sun [25/11/2017 23:30:18] - |D| - [0] - C:\Users\Boun\AppData\Roaming\Adobe [25/11/2017 23:30:10] - |D| - [316961] - C:\Users\Boun\AppData\Roaming\Macromedia [25/11/2017 23:30:09] - |SD| - [167526] - C:\Users\Boun\AppData\Roaming\Microsoft [25/11/2017 23:35:58] - |D| - [0] - C:\Users\Boun\AppData\Roaming\Sun [25/11/2017 23:30:22] - |SH| - [174] - C:\Users\Boun\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini [25/11/2017 23:30:13] - |SHD| - [0] - C:\Users\Boun\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes [25/11/2017 23:30:09] - |RD| - [24864] - C:\Users\Boun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [25/11/2017 23:30:10] - |RD| - [3888] - C:\Users\Boun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility [25/11/2017 23:30:10] - |RD| - [2929] - C:\Users\Boun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [25/11/2017 23:30:22] - |RD| - [174] - C:\Users\Boun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [25/11/2017 23:30:22] - |SH| - [174] - C:\Users\Boun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini [25/11/2017 23:30:54] - |A| - [1333] - C:\Users\Boun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gestionnaire audio HD.lnk [25/11/2017 23:30:22] - |A| - [2364] - C:\Users\Boun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk [25/11/2017 23:30:10] - |D| - [170] - C:\Users\Boun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [25/11/2017 23:32:39] - |A| - [2408] - C:\Users\Boun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk [25/11/2017 23:30:10] - |RD| - [174] - C:\Users\Boun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [25/11/2017 23:30:10] - |RD| - [3496] - C:\Users\Boun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools [25/11/2017 23:30:09] - |RD| - [7754] - C:\Users\Boun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell [25/11/2017 23:30:22] - |SH| - [174] - C:\Users\Boun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | [ligma] [30/10/2017 16:24:51] - |D| - [8444979309] - C:\Users\ligma\AppData\Local [02/10/2016 10:55:26] - |D| - [806233128] - C:\Users\ligma\AppData\LocalLow [30/10/2017 16:24:51] - |D| - [1480710097] - C:\Users\ligma\AppData\Roaming [06/02/2017 14:11:24] - |D| - [896776] - C:\Users\ligma\AppData\Local\4kdownload.com [02/10/2016 10:59:35] - |D| - [0] - C:\Users\ligma\AppData\Local\ActiveSync [14/04/2018 12:38:38] - |D| - [131072] - C:\Users\ligma\AppData\Local\AdAwareDesktop [14/04/2018 12:36:03] - |D| - [131072] - C:\Users\ligma\AppData\Local\AdAwareUpdater [02/10/2016 17:22:54] - |D| - [15065774] - C:\Users\ligma\AppData\Local\Adobe [02/10/2016 13:12:24] - |D| - [681] - C:\Users\ligma\AppData\Local\AOP SDK [26/11/2017 12:13:25] - |D| - [0] - C:\Users\ligma\AppData\Local\Apowersoft [30/10/2017 16:24:51] - |SHD| - [0] - C:\Users\ligma\AppData\Local\Application Data [19/12/2016 16:37:59] - |D| - [0] - C:\Users\ligma\AppData\Local\AviraSpeedup [08/09/2017 19:44:48] - |D| - [872] - C:\Users\ligma\AppData\Local\Avira_Operations_GmbH_&_C [02/10/2016 15:43:49] - |D| - [2097208] - C:\Users\ligma\AppData\Local\CEF [02/10/2016 10:57:48] - |D| - [97921121] - C:\Users\ligma\AppData\Local\clear.fi [02/10/2016 10:59:36] - |D| - [48527574] - C:\Users\ligma\AppData\Local\Comms [13/10/2016 15:47:18] - |D| - [1395616] - C:\Users\ligma\AppData\Local\ConnectedDevicesPlatform [14/09/2017 15:18:28] - |D| - [60323498] - C:\Users\ligma\AppData\Local\CrashDumps [10/06/2017 13:59:59] - |D| - [0] - C:\Users\ligma\AppData\Local\DBG [01/01/2017 17:28:32] - |A| - [3584] - C:\Users\ligma\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [19/12/2016 09:23:31] - |D| - [0] - C:\Users\ligma\AppData\Local\Diagnostics [15/12/2017 15:28:42] - |D| - [315494538] - C:\Users\ligma\AppData\Local\Discord [25/12/2017 21:36:12] - |D| - [111793106] - C:\Users\ligma\AppData\Local\Downloaded Installations [19/12/2016 09:23:37] - |D| - [0] - C:\Users\ligma\AppData\Local\ElevatedDiagnostics [31/10/2017 14:16:48] - |D| - [20] - C:\Users\ligma\AppData\Local\eLicenser [19/01/2018 20:47:19] - |D| - [154281700] - C:\Users\ligma\AppData\Local\ESET [25/12/2017 19:10:51] - |D| - [14394] - C:\Users\ligma\AppData\Local\FileZilla [02/09/2017 14:30:52] - |D| - [4129724] - C:\Users\ligma\AppData\Local\FluxSoftware [11/01/2017 18:49:40] - |D| - [4132196] - C:\Users\ligma\AppData\Local\fontconfig [13/12/2017 11:08:30] - |D| - [1513241] - C:\Users\ligma\AppData\Local\Franz [11/01/2017 18:49:39] - |D| - [660] - C:\Users\ligma\AppData\Local\gegl-0.2 [02/10/2016 15:43:49] - |D| - [354462238] - C:\Users\ligma\AppData\Local\Google [16/02/2018 18:57:29] - |D| - [563639] - C:\Users\ligma\AppData\Local\Greenshot [11/01/2017 18:50:33] - |D| - [201] - C:\Users\ligma\AppData\Local\gtk-2.0 [30/10/2017 16:24:51] - |SHD| - [0] - C:\Users\ligma\AppData\Local\Historique [17/10/2016 18:27:10] - |D| - [28946] - C:\Users\ligma\AppData\Local\HP [16/02/2018 18:43:57] - |AH| - [125349] - C:\Users\ligma\AppData\Local\IconCache.db [02/10/2016 14:40:27] - |D| - [174080] - C:\Users\ligma\AppData\Local\IIIQF [14/11/2016 18:07:52] - |D| - [0] - C:\Users\ligma\AppData\Local\Macromedia [01/10/2017 08:17:16] - |D| - [3346] - C:\Users\ligma\AppData\Local\matt.malensek.net [30/10/2017 16:24:51] - |D| - [702014969] - C:\Users\ligma\AppData\Local\Microsoft [02/10/2016 11:35:46] - |D| - [77361] - C:\Users\ligma\AppData\Local\MicrosoftEdge [02/10/2016 10:59:47] - |D| - [5433096] - C:\Users\ligma\AppData\Local\Mozilla [16/09/2017 08:25:17] - |D| - [887056] - C:\Users\ligma\AppData\Local\MusicBrainz [02/10/2016 11:17:19] - |D| - [0] - C:\Users\ligma\AppData\Local\NetworkTiles [12/09/2017 18:03:01] - |D| - [221617628] - C:\Users\ligma\AppData\Local\Opera Software [18/04/2017 16:51:48] - |D| - [23538550] - C:\Users\ligma\AppData\Local\Package Cache [30/10/2017 16:25:01] - |D| - [4561802033] - C:\Users\ligma\AppData\Local\Packages [30/10/2017 16:39:32] - |D| - [0] - C:\Users\ligma\AppData\Local\PlaceholderTileLogoFolder [15/12/2016 17:24:57] - |D| - [79013929] - C:\Users\ligma\AppData\Local\Programs [02/10/2016 10:57:58] - |D| - [272246] - C:\Users\ligma\AppData\Local\Publishers [25/12/2017 18:50:45] - |A| - [600] - C:\Users\ligma\AppData\Local\PUTTY.RND [26/12/2017 08:39:57] - |D| - [20383] - C:\Users\ligma\AppData\Local\RealVNC [03/03/2018 18:17:46] - |A| - [2586] - C:\Users\ligma\AppData\Local\recently-used.xbel [30/10/2017 14:36:02] - |D| - [4491] - C:\Users\ligma\AppData\Local\Recovery [21/01/2018 13:44:29] - |A| - [7626] - C:\Users\ligma\AppData\Local\Resmon.ResmonCfg [25/02/2018 10:53:17] - |D| - [32] - C:\Users\ligma\AppData\Local\ServiceHub [29/05/2017 18:45:06] - |D| - [2820] - C:\Users\ligma\AppData\Local\speech [02/06/2017 14:56:22] - |D| - [32657] - C:\Users\ligma\AppData\Local\SquirrelTemp [10/03/2018 19:59:39] - |D| - [254960518] - C:\Users\ligma\AppData\Local\Steam [31/10/2017 09:41:47] - |D| - [21539768] - C:\Users\ligma\AppData\Local\Steinberg Installation Updater [16/01/2018 16:34:06] - |D| - [0] - C:\Users\ligma\AppData\Local\TeamViewer [30/10/2017 16:24:51] - |D| - [84256809] - C:\Users\ligma\AppData\Local\Temp [30/10/2017 16:24:51] - |SHD| - [0] - C:\Users\ligma\AppData\Local\Temporary Internet Files [02/10/2016 10:57:35] - |D| - [14629274] - C:\Users\ligma\AppData\Local\TileDataLayer [25/02/2018 22:49:29] - |D| - [71422] - C:\Users\ligma\AppData\Local\Unity [25/05/2017 18:35:03] - |D| - [0] - C:\Users\ligma\AppData\Local\UNP [02/10/2016 10:57:39] - |D| - [3212] - C:\Users\ligma\AppData\Local\VirtualStore [30/09/2017 14:04:13] - |D| - [902944769] - C:\Users\ligma\AppData\Local\Vivaldi [30/11/2017 21:37:49] - |D| - [95047804] - C:\Users\ligma\AppData\Local\VMware [02/06/2017 14:56:26] - |D| - [301399187] - C:\Users\ligma\AppData\Local\WhatsApp [12/12/2017 20:03:38] - |D| - [1912833] - C:\Users\ligma\AppData\Local\wire [16/01/2018 13:55:26] - |D| - [266222] - C:\Users\ligma\AppData\Local\ZHP [03/02/2018 21:58:27] - |D| - [7202] - C:\Users\ligma\AppData\Local\__SHARED [10/03/2018 21:57:10] - |D| - [647] - C:\Users\ligma\AppData\LocalLow\8floor [02/10/2016 17:26:27] - |D| - [44032] - C:\Users\ligma\AppData\LocalLow\Adobe [26/02/2018 09:35:52] - |D| - [0] - C:\Users\ligma\AppData\LocalLow\DefaultCompany [15/02/2017 18:38:12] - |D| - [766225130] - C:\Users\ligma\AppData\LocalLow\Google [16/01/2018 16:58:41] - |D| - [637] - C:\Users\ligma\AppData\LocalLow\IObit [02/10/2016 10:57:43] - |SD| - [760675] - C:\Users\ligma\AppData\LocalLow\Microsoft [18/11/2016 21:03:02] - |D| - [0] - C:\Users\ligma\AppData\LocalLow\Mozilla [07/10/2017 08:17:27] - |D| - [0] - C:\Users\ligma\AppData\LocalLow\MSLiveSticker [07/10/2017 08:17:27] - |D| - [0] - C:\Users\ligma\AppData\LocalLow\MSLiveStickerWhiteList [18/01/2017 15:11:17] - |D| - [581632] - C:\Users\ligma\AppData\LocalLow\Oracle [03/10/2016 19:02:17] - |D| - [15206] - C:\Users\ligma\AppData\LocalLow\Sun [16/02/2017 15:51:05] - |D| - [0] - C:\Users\ligma\AppData\LocalLow\Temp [25/02/2018 22:49:31] - |D| - [38539633] - C:\Users\ligma\AppData\LocalLow\Unity [14/03/2018 16:11:40] - |D| - [65536] - C:\Users\ligma\AppData\LocalLow\uTorrent [19/10/2016 17:28:33] - |D| - [3200097] - C:\Users\ligma\AppData\Roaming\.Clyese-Systems [03/10/2016 19:03:32] - |D| - [319197587] - C:\Users\ligma\AppData\Roaming\.minecraft [20/11/2017 17:56:59] - |D| - [117591863] - C:\Users\ligma\AppData\Roaming\4kdownload.com [02/10/2016 10:57:36] - |D| - [3192156] - C:\Users\ligma\AppData\Roaming\Adobe [16/09/2017 08:00:58] - |D| - [1074202] - C:\Users\ligma\AppData\Roaming\AIMP [26/11/2017 12:13:06] - |D| - [2165600] - C:\Users\ligma\AppData\Roaming\Apowersoft [22/11/2017 15:29:32] - |D| - [13358] - C:\Users\ligma\AppData\Roaming\asoftech [28/10/2017 14:18:11] - |D| - [19699] - C:\Users\ligma\AppData\Roaming\Audacity [10/02/2017 18:41:13] - |D| - [0] - C:\Users\ligma\AppData\Roaming\Blender Foundation [27/02/2018 13:21:02] - |A| - [125] - C:\Users\ligma\AppData\Roaming\Camdata.ini [27/02/2018 13:21:02] - |A| - [408] - C:\Users\ligma\AppData\Roaming\CamLayout.ini [27/02/2018 13:21:02] - |A| - [408] - C:\Users\ligma\AppData\Roaming\CamShapes.ini [04/03/2018 18:05:23] - |A| - [4536] - C:\Users\ligma\AppData\Roaming\CamStudio.cfg [15/12/2017 15:29:04] - |D| - [79608899] - C:\Users\ligma\AppData\Roaming\discord [02/09/2017 14:33:01] - |D| - [38876160] - C:\Users\ligma\AppData\Roaming\Ditto [08/09/2017 19:37:06] - |D| - [34549564] - C:\Users\ligma\AppData\Roaming\edu.media.mit.Scratch2Editor [25/12/2017 19:10:51] - |D| - [59405] - C:\Users\ligma\AppData\Roaming\FileZilla [13/12/2017 11:08:50] - |D| - [53922851] - C:\Users\ligma\AppData\Roaming\Franz [14/01/2017 15:38:29] - |D| - [60883795] - C:\Users\ligma\AppData\Roaming\GeoGebra 5.0 [24/05/2017 20:01:31] - |D| - [0] - C:\Users\ligma\AppData\Roaming\Google [16/02/2018 18:57:29] - |D| - [12943] - C:\Users\ligma\AppData\Roaming\Greenshot [17/10/2016 21:52:08] - |D| - [159] - C:\Users\ligma\AppData\Roaming\Hewlett-Packard Company [17/10/2016 21:51:24] - |D| - [1778] - C:\Users\ligma\AppData\Roaming\HpUpdate [18/04/2017 16:38:22] - |D| - [24891] - C:\Users\ligma\AppData\Roaming\inkscape [16/01/2018 16:58:39] - |D| - [2861171] - C:\Users\ligma\AppData\Roaming\IObit [03/10/2016 19:03:50] - |D| - [0] - C:\Users\ligma\AppData\Roaming\java [03/09/2017 20:33:28] - |D| - [4016] - C:\Users\ligma\AppData\Roaming\KeePass [02/10/2016 13:59:02] - |D| - [6276768] - C:\Users\ligma\AppData\Roaming\LibreOffice [30/09/2017 14:55:51] - |D| - [82] - C:\Users\ligma\AppData\Roaming\livestreamer [07/10/2016 17:20:38] - |D| - [0] - C:\Users\ligma\AppData\Roaming\LolClient [02/10/2016 11:00:39] - |D| - [315790] - C:\Users\ligma\AppData\Roaming\Macromedia [30/10/2017 16:24:51] - |SD| - [2985496] - C:\Users\ligma\AppData\Roaming\Microsoft [02/10/2016 10:59:47] - |D| - [102026999] - C:\Users\ligma\AppData\Roaming\Mozilla [16/09/2017 08:25:17] - |D| - [1688] - C:\Users\ligma\AppData\Roaming\MusicBrainz [18/04/2017 18:12:34] - |D| - [2437567] - C:\Users\ligma\AppData\Roaming\Notepad++ [12/09/2017 18:03:01] - |D| - [284514304] - C:\Users\ligma\AppData\Roaming\Opera Software [30/09/2017 15:18:36] - |D| - [7694] - C:\Users\ligma\AppData\Roaming\Rainmeter [26/12/2017 08:39:57] - |D| - [25419] - C:\Users\ligma\AppData\Roaming\RealVNC [07/10/2016 15:22:06] - |D| - [0] - C:\Users\ligma\AppData\Roaming\Riot Games [16/02/2018 20:40:55] - |D| - [0] - C:\Users\ligma\AppData\Roaming\Samsung [30/09/2017 11:49:17] - |D| - [797] - C:\Users\ligma\AppData\Roaming\ScreenToGif [30/05/2017 17:36:04] - |D| - [122222] - C:\Users\ligma\AppData\Roaming\Scribus [02/10/2016 11:09:51] - |D| - [302417645] - C:\Users\ligma\AppData\Roaming\Skype [31/10/2017 13:47:52] - |D| - [272] - C:\Users\ligma\AppData\Roaming\Steinberg [31/10/2017 09:41:47] - |D| - [217] - C:\Users\ligma\AppData\Roaming\Steinberg Installation Updater [03/10/2016 19:02:17] - |D| - [0] - C:\Users\ligma\AppData\Roaming\Sun [31/10/2017 20:52:39] - |D| - [989304] - C:\Users\ligma\AppData\Roaming\TeamViewer [09/11/2016 17:55:52] - |D| - [13159486] - C:\Users\ligma\AppData\Roaming\U3 [25/02/2018 22:49:23] - |D| - [15812442] - C:\Users\ligma\AppData\Roaming\Unity [13/01/2018 21:13:48] - |D| - [8877251] - C:\Users\ligma\AppData\Roaming\uTorrent [27/02/2018 11:11:21] - |A| - [96] - C:\Users\ligma\AppData\Roaming\version2.xml [25/02/2018 10:53:16] - |D| - [1405848] - C:\Users\ligma\AppData\Roaming\Visual Studio Setup [02/10/2016 17:29:13] - |D| - [85852] - C:\Users\ligma\AppData\Roaming\vlc [30/11/2017 21:37:47] - |D| - [1590] - C:\Users\ligma\AppData\Roaming\VMware [25/02/2018 10:53:16] - |D| - [66] - C:\Users\ligma\AppData\Roaming\vstelemetry [02/06/2017 14:56:34] - |D| - [4314470] - C:\Users\ligma\AppData\Roaming\WhatsApp [02/10/2016 11:28:34] - |D| - [40517] - C:\Users\ligma\AppData\Roaming\WildTangent [26/11/2017 17:37:32] - |D| - [12] - C:\Users\ligma\AppData\Roaming\WinRAR [12/12/2017 20:03:47] - |D| - [17088395] - C:\Users\ligma\AppData\Roaming\Wire [02/10/2016 10:57:37] - |SH| - [174] - C:\Users\ligma\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini [30/10/2017 16:24:51] - |SHD| - [0] - C:\Users\ligma\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes [13/10/2016 15:41:28] - |RD| - [60627] - C:\Users\ligma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [01/10/2017 08:16:12] - |A| - [926] - C:\Users\ligma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\3RVX.lnk [29/09/2017 16:20:38] - |D| - [1038] - C:\Users\ligma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\4K Video Downloader [30/10/2017 16:24:51] - |RD| - [3888] - C:\Users\ligma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility [30/10/2017 16:24:51] - |RD| - [2665] - C:\Users\ligma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [02/10/2016 10:57:37] - |RD| - [174] - C:\Users\ligma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [24/05/2017 19:58:09] - |D| - [2775] - C:\Users\ligma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Applications Chrome [20/01/2018 13:35:59] - |D| - [2552] - C:\Users\ligma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Applications Vivaldi [07/02/2018 18:24:55] - |D| - [4236] - C:\Users\ligma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blackmagic Design [30/10/2017 16:37:51] - |SH| - [174] - C:\Users\ligma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini [15/12/2017 15:29:06] - |D| - [2251] - C:\Users\ligma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc [02/09/2017 14:30:55] - |A| - [2160] - C:\Users\ligma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\f.lux.lnk [07/10/2017 08:17:21] - |A| - [1051] - C:\Users\ligma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fonctionnalités optionnelles.lnk [13/12/2017 11:08:51] - |D| - [0] - C:\Users\ligma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Franz [02/10/2016 10:59:42] - |A| - [1333] - C:\Users\ligma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gestionnaire audio HD.lnk [30/10/2017 16:24:51] - |D| - [170] - C:\Users\ligma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [02/10/2016 11:00:07] - |A| - [2411] - C:\Users\ligma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk [18/04/2017 16:51:50] - |D| - [6711] - C:\Users\ligma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.6 [30/09/2017 11:50:34] - |A| - [1076] - C:\Users\ligma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ScreenToGif.lnk [02/10/2016 10:57:37] - |RD| - [1949] - C:\Users\ligma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [14/04/2018 18:14:05] - |D| - [1222] - C:\Users\ligma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam [20/11/2017 19:42:01] - |D| - [4030] - C:\Users\ligma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Super macro [30/10/2017 16:24:51] - |RD| - [3496] - C:\Users\ligma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools [02/06/2017 14:56:35] - |D| - [2256] - C:\Users\ligma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp [30/10/2017 16:24:51] - |RD| - [7754] - C:\Users\ligma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell [26/11/2017 17:37:24] - |D| - [4329] - C:\Users\ligma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [12/12/2017 20:03:47] - |D| - [0] - C:\Users\ligma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wire [02/10/2016 10:57:37] - |SH| - [174] - C:\Users\ligma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini [30/09/2017 15:18:33] - |A| - [1775] - C:\Users\ligma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk ---------- | [Public] ---------- | C:\ProgramData [01/04/2016 20:35:13] - |D| - [231351] - C:\ProgramData\Acer [02/10/2016 17:25:21] - |D| - [356951788] - C:\ProgramData\Adobe [30/10/2017 16:32:00] - |SHD| - [0] - C:\ProgramData\Application Data [02/10/2016 15:33:26] - |D| - [13613822] - C:\ProgramData\AVAST Software [07/02/2018 18:24:55] - |D| - [470866731] - C:\ProgramData\Blackmagic Design [01/10/2016 14:22:32] - |SHD| - [0] - C:\ProgramData\Bureau [16/07/2016 12:47:48] - |D| - [0] - C:\ProgramData\Comms [30/10/2017 16:32:00] - |SHD| - [0] - C:\ProgramData\Documents [10/06/2017 11:31:24] - |D| - [1134678] - C:\ProgramData\Dolby [10/06/2017 11:31:20] - |A| - [0] - C:\ProgramData\DP45977C.lfl [31/10/2017 13:47:25] - |D| - [481916] - C:\ProgramData\eLicenser [07/10/2016 15:20:56] - |D| - [604855] - C:\ProgramData\Hewlett-Packard [07/10/2016 15:20:58] - |D| - [3006] - C:\ProgramData\HP [15/06/2016 16:12:25] - |D| - [64014966] - C:\ProgramData\Intel [16/01/2018 16:57:58] - |D| - [17482885] - C:\ProgramData\IObit [05/04/2017 20:25:26] - |D| - [968395089] - C:\ProgramData\Kaspersky Lab [01/10/2016 14:22:32] - |SHD| - [0] - C:\ProgramData\Menu Démarrer [29/09/2017 14:46:33] - |SD| - [1877216890] - C:\ProgramData\Microsoft [30/10/2017 16:39:37] - |D| - [0] - C:\ProgramData\Microsoft OneDrive [25/02/2018 10:59:04] - |D| - [584] - C:\ProgramData\Microsoft Visual Studio [10/06/2017 11:31:25] - |A| - [102] - C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc [01/10/2016 14:22:32] - |SHD| - [0] - C:\ProgramData\Modèles [13/10/2017 15:44:09] - |RASH| - [290] - C:\ProgramData\ntuser.pol [01/04/2016 20:35:14] - |D| - [37977421] - C:\ProgramData\OEM [03/10/2016 19:02:02] - |D| - [233008831] - C:\ProgramData\Oracle [01/04/2016 20:39:20] - |D| - [56101473] - C:\ProgramData\Package Cache [16/01/2018 16:58:41] - |D| - [779] - C:\ProgramData\ProductData [07/10/2016 15:24:37] - |D| - [39] - C:\ProgramData\Riot Games [02/10/2016 11:09:45] - |D| - [89014272] - C:\ProgramData\Skype [29/09/2017 14:46:33] - |D| - [0] - C:\ProgramData\SoftwareDistribution [16/01/2018 16:53:30] - |D| - [560199] - C:\ProgramData\Spybot - Search & Destroy [01/11/2017 10:36:55] - |D| - [210] - C:\ProgramData\Syncrosoft [21/01/2018 09:03:29] - |D| - [4176] - C:\ProgramData\SystemAcCrux [06/01/2018 21:23:28] - |D| - [481691] - C:\ProgramData\Unified Remote [25/02/2018 22:49:29] - |D| - [9776] - C:\ProgramData\Unity [29/09/2017 14:46:33] - |D| - [8834] - C:\ProgramData\USOPrivate [30/10/2017 16:32:12] - |D| - [2519040] - C:\ProgramData\USOShared [30/11/2017 21:08:16] - |D| - [6997816] - C:\ProgramData\VMware [01/04/2016 20:35:45] - |D| - [1327770] - C:\ProgramData\WildTangent [30/09/2017 15:41:33] - |D| - [0] - C:\ProgramData\WindowsHolographicDevices [16/02/2018 18:38:43] - |D| - [0] - C:\ProgramData\{13CFD044-61E4-4EAC-AD61-02536D961216} [16/01/2018 16:58:01] - |D| - [0] - C:\ProgramData\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705} ---------- | C:\ProgramData\Microsoft\Windows\Start Menu [29/09/2017 14:46:38] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini [01/10/2016 14:22:32] - |SHD| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programmes [29/09/2017 14:46:33] - |RD| - [224997] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs [29/09/2017 14:46:33] - |RD| - [1614] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility [29/09/2017 14:46:33] - |RD| - [14299] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories [01/04/2016 20:35:06] - |D| - [4446] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer [16/04/2017 12:39:29] - |A| - [2457] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk [02/10/2016 17:25:49] - |A| - [2457] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk [29/09/2017 14:46:33] - |RD| - [21770] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [16/02/2018 18:38:33] - |D| - [7052] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare [16/09/2017 08:01:00] - |D| - [4002] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP [28/10/2017 14:18:08] - |A| - [1092] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk [30/01/2018 19:39:53] - |D| - [7386] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google [07/02/2018 18:23:45] - |D| - [1488] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blackmagic Design [29/09/2017 14:46:38] - |SH| - [802] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini [02/09/2017 14:32:57] - |D| - [3358] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ditto [30/10/2017 16:24:21] - |D| - [2231] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby [25/12/2017 19:10:14] - |D| - [2175] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client [01/04/2016 20:38:00] - |RD| - [107] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games [14/01/2017 14:45:31] - |D| - [4133] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GeoGebra 5 [30/05/2017 17:34:31] - |D| - [3287] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ghostscript [11/01/2017 15:37:21] - |A| - [943] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk [01/01/2018 19:22:54] - |A| - [2303] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk [16/02/2018 18:57:22] - |D| - [3599] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Greenshot [17/10/2016 21:51:24] - |D| - [9739] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP [29/09/2017 14:43:11] - |RAS| - [2349] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk [18/04/2017 16:37:21] - |A| - [877] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape.lnk [28/01/2018 21:08:08] - |D| - [1362] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver and Support Assistant [16/01/2018 16:58:37] - |D| - [2658] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter [23/01/2018 19:30:46] - |D| - [2765] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller [23/01/2018 19:30:46] - |A| - [1443] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller.lnk [03/10/2016 19:02:14] - |D| - [6364] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java [05/04/2017 20:25:44] - |D| - [6730] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus [05/04/2017 20:25:50] - |D| - [5945] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection [03/09/2017 20:11:17] - |A| - [1190] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk [07/10/2016 15:23:16] - |D| - [1753] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends [16/02/2018 18:15:06] - |D| - [9390] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 6.0 [29/09/2017 14:46:33] - |D| - [170] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance [25/02/2018 11:10:19] - |D| - [2873] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2017 Tools for Unity [26/11/2017 10:16:44] - |A| - [1382] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk [16/09/2017 08:11:14] - |D| - [46] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag [18/04/2017 18:12:34] - |D| - [1110] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++ [16/12/2017 17:05:00] - |A| - [948] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenShot Video Editor.lnk [28/02/2018 09:40:58] - |D| - [4041] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox [26/11/2017 10:16:48] - |A| - [1451] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk [25/12/2017 18:44:55] - |D| - [5680] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PuTTY (64-bit) [30/09/2017 15:18:33] - |A| - [1751] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rainmeter.lnk [26/12/2017 08:39:36] - |D| - [1131] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealVNC [14/04/2018 15:46:32] - |D| - [6241] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie [08/09/2017 19:37:03] - |A| - [966] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Scratch 2.lnk [30/05/2017 17:35:40] - |D| - [4755] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Scribus 1.4.6 [23/03/2017 18:32:02] - |D| - [2141] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [30/11/2017 17:59:38] - |D| - [939] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy [29/09/2017 14:46:33] - |RD| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp [10/03/2018 19:51:07] - |D| - [1112] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [29/09/2017 14:46:33] - |RD| - [1458] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools [08/09/2017 19:47:10] - |D| - [4034] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAGO-Fences [16/01/2018 16:27:14] - |A| - [1116] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 13.lnk [05/02/2018 21:21:02] - |D| - [3359] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuxGuitar [25/02/2018 10:28:45] - |D| - [3215] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity 2017.3.1f1 (64-bit) [16/02/2018 18:10:08] - |D| - [5874] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [25/02/2018 11:04:34] - |D| - [5949] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017 [25/02/2018 10:54:54] - |A| - [1799] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017.lnk [25/02/2018 10:53:21] - |A| - [1359] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Installer.lnk [30/09/2017 14:05:18] - |A| - [2250] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vivaldi.lnk [13/01/2018 22:14:51] - |D| - [1283] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware [28/12/2017 10:05:15] - |A| - [735] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Update Assistant.lnk [30/10/2017 16:25:45] - |A| - [1576] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk [26/11/2017 10:16:25] - |D| - [2298] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker [26/11/2017 17:37:24] - |D| - [4257] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [29/12/2017 20:51:20] - |D| - [3958] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xming ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [29/09/2017 14:46:38] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | C:\Program Files (x86) [01/10/2017 08:16:11] - |D| - [2101445] - C:\Program Files (x86)\3RVX [06/02/2017 14:11:14] - |D| - [96286101] - C:\Program Files (x86)\4KDownload [01/04/2016 20:35:06] - |D| - [6123987] - C:\Program Files (x86)\Acer [02/10/2016 17:25:42] - |D| - [284224971] - C:\Program Files (x86)\Adobe [16/09/2017 08:00:55] - |D| - [41418774] - C:\Program Files (x86)\AIMP [28/10/2017 14:17:58] - |AD| - [52589725] - C:\Program Files (x86)\Audacity [04/12/2016 13:19:29] - |D| - [4256760] - C:\Program Files (x86)\Avira [07/02/2018 18:23:44] - |D| - [24548839] - C:\Program Files (x86)\Blackmagic Design [29/09/2017 14:46:33] - |D| - [318783443] - C:\Program Files (x86)\Common Files [31/10/2017 14:51:21] - |D| - [188918] - C:\Program Files (x86)\Cracklock [29/09/2017 14:46:37] - |ASH| - [174] - C:\Program Files (x86)\desktop.ini [02/09/2017 14:32:55] - |AD| - [39938454] - C:\Program Files (x86)\Ditto [21/01/2018 09:03:05] - |D| - [776138] - C:\Program Files (x86)\EaseUS [31/10/2017 13:47:24] - |D| - [694870] - C:\Program Files (x86)\eLicenser [14/01/2017 14:45:19] - |AD| - [161081270] - C:\Program Files (x86)\GeoGebra 5.0 [02/10/2016 15:38:46] - |D| - [477911409] - C:\Program Files (x86)\Google [25/02/2018 10:30:20] - |D| - [71525866] - C:\Program Files (x86)\GtkSharp [17/10/2016 18:15:05] - |AD| - [82589108] - C:\Program Files (x86)\HP [15/06/2016 16:13:23] - |HD| - [126449858] - C:\Program Files (x86)\InstallShield Installation Information [10/06/2017 11:31:08] - |D| - [24473334] - C:\Program Files (x86)\Intel [28/01/2018 21:08:07] - |D| - [3854266] - C:\Program Files (x86)\Intel Driver and Support Assistant [29/09/2017 14:46:33] - |D| - [2016077] - C:\Program Files (x86)\Internet Explorer [16/01/2018 16:58:31] - |D| - [366171291] - C:\Program Files (x86)\IObit [01/03/2018 14:57:59] - |D| - [178235042] - C:\Program Files (x86)\Java [05/04/2017 20:25:26] - |D| - [280656991] - C:\Program Files (x86)\Kaspersky Lab [03/09/2017 20:11:16] - |AD| - [6963412] - C:\Program Files (x86)\KeePass Password Safe 2 [16/02/2018 18:14:37] - |D| - [442991849] - C:\Program Files (x86)\LibreOffice [01/04/2016 20:39:37] - |D| - [1754] - C:\Program Files (x86)\McAfee [25/02/2018 11:04:44] - |D| - [26622131] - C:\Program Files (x86)\Microsoft SDKs [26/11/2017 10:16:35] - |D| - [1829877] - C:\Program Files (x86)\Microsoft SQL Server Compact Edition [25/02/2018 10:53:07] - |D| - [973269096] - C:\Program Files (x86)\Microsoft Visual Studio [25/02/2018 11:10:18] - |D| - [1208580] - C:\Program Files (x86)\Microsoft Visual Studio Tools for Unity [29/09/2017 14:46:33] - |D| - [8302071] - C:\Program Files (x86)\Microsoft.NET [18/11/2016 18:18:55] - |AD| - [0] - C:\Program Files (x86)\Mozilla Firefox [30/10/2017 16:16:47] - |D| - [1004669] - C:\Program Files (x86)\MSBuild [18/04/2017 18:12:34] - |D| - [11130036] - C:\Program Files (x86)\Notepad++ [15/06/2016 16:13:25] - |AD| - [7887040] - C:\Program Files (x86)\Qualcomm Atheros [10/06/2017 11:31:23] - |D| - [46627740] - C:\Program Files (x86)\Realtek [30/10/2017 16:16:47] - |D| - [193054371] - C:\Program Files (x86)\Reference Assemblies [16/02/2018 20:39:09] - |D| - [0] - C:\Program Files (x86)\Samsung [08/09/2017 19:36:59] - |AD| - [71703316] - C:\Program Files (x86)\Scratch 2 [30/09/2017 11:50:34] - |D| - [2056798] - C:\Program Files (x86)\ScreenToGif [30/05/2017 17:35:28] - |D| - [204933515] - C:\Program Files (x86)\Scribus 1.4.6 [23/03/2017 18:32:01] - |RD| - [91917941] - C:\Program Files (x86)\Skype [10/03/2018 19:51:06] - |D| - [13004839678] - C:\Program Files (x86)\Steam [20/11/2017 19:42:01] - |D| - [7640937] - C:\Program Files (x86)\Super macro [08/09/2017 19:47:06] - |D| - [1490046] - C:\Program Files (x86)\TAGO-Fences [16/01/2018 16:27:07] - |D| - [102198814] - C:\Program Files (x86)\TeamViewer [15/06/2016 16:31:49] - |HD| - [0] - C:\Program Files (x86)\Temp [05/02/2018 21:20:52] - |D| - [266727893] - C:\Program Files (x86)\tuxguitar-1.5 [02/10/2016 17:28:42] - |D| - [0] - C:\Program Files (x86)\VideoLAN [30/09/2017 14:04:51] - |D| - [384005716] - C:\Program Files (x86)\Vivaldi [13/01/2018 22:14:44] - |D| - [205756179] - C:\Program Files (x86)\VMware [29/09/2017 14:46:33] - |D| - [1794312] - C:\Program Files (x86)\Windows Defender [25/02/2018 11:04:44] - |D| - [3345704] - C:\Program Files (x86)\Windows Kits [26/11/2017 10:16:10] - |D| - [283501815] - C:\Program Files (x86)\Windows Live [29/09/2017 14:46:33] - |D| - [627712] - C:\Program Files (x86)\Windows Mail [30/09/2017 15:40:33] - |D| - [3294663] - C:\Program Files (x86)\Windows Media Player [26/11/2017 10:16:10] - |D| - [132907670] - C:\Program Files (x86)\Windows Movie Maker [29/09/2017 14:46:33] - |D| - [42960] - C:\Program Files (x86)\Windows Multimedia Platform [29/09/2017 14:46:33] - |D| - [7569090] - C:\Program Files (x86)\windows nt [29/09/2017 14:46:33] - |D| - [5358896] - C:\Program Files (x86)\Windows Photo Viewer [29/09/2017 14:46:33] - |D| - [42960] - C:\Program Files (x86)\Windows Portable Devices [29/09/2017 14:46:33] - |SHD| - [0] - C:\Program Files (x86)\Windows Sidebar [29/09/2017 14:46:33] - |D| - [2251143] - C:\Program Files (x86)\WindowsPowerShell [26/11/2017 17:37:06] - |D| - [5187926] - C:\Program Files (x86)\WinRAR [29/12/2017 20:51:17] - |D| - [9769357] - C:\Program Files (x86)\Xming ---------- | C:\Program Files [02/10/2016 10:57:44] - |D| - [153123] - C:\Program Files\Accessory Store [01/04/2016 20:39:22] - |D| - [17623261] - C:\Program Files\Acer [07/02/2018 18:24:55] - |D| - [745988085] - C:\Program Files\Blackmagic Design [29/09/2017 14:46:33] - |D| - [97607599] - C:\Program Files\Common Files [29/09/2017 14:46:37] - |ASH| - [174] - C:\Program Files\desktop.ini [30/10/2017 16:24:20] - |D| - [27204252] - C:\Program Files\Dolby [10/06/2017 11:31:31] - |D| - [4657198] - C:\Program Files\Elantech [01/10/2016 14:22:32] - |SHD| - [0] - C:\Program Files\Fichiers communs [25/12/2017 19:10:10] - |D| - [28378562] - C:\Program Files\FileZilla FTP Client [11/01/2017 15:36:54] - |AD| - [332463180] - C:\Program Files\GIMP 2 [24/03/2018 08:43:28] - |D| - [59512456] - C:\Program Files\Google [16/02/2018 18:57:21] - |D| - [3119047] - C:\Program Files\Greenshot [30/05/2017 17:34:12] - |D| - [40509518] - C:\Program Files\gs [18/04/2017 16:37:05] - |AD| - [243015926] - C:\Program Files\Inkscape [10/06/2017 11:31:04] - |D| - [92351277] - C:\Program Files\Intel [29/09/2017 14:46:33] - |D| - [2639664] - C:\Program Files\internet explorer [20/10/2016 15:46:37] - |D| - [225214732] - C:\Program Files\Java [30/10/2017 16:16:47] - |D| - [25757] - C:\Program Files\MSBuild [16/12/2017 17:04:26] - |D| - [447503279] - C:\Program Files\OpenShot Video Editor [28/02/2018 09:40:54] - |D| - [182791692] - C:\Program Files\Oracle [25/12/2017 18:44:54] - |D| - [3748404] - C:\Program Files\PuTTY [30/09/2017 15:18:32] - |D| - [5319362] - C:\Program Files\Rainmeter [10/06/2017 11:31:14] - |D| - [49817281] - C:\Program Files\Realtek [26/12/2017 08:39:36] - |D| - [12866128] - C:\Program Files\RealVNC [30/10/2017 16:16:47] - |D| - [36854953] - C:\Program Files\Reference Assemblies [14/04/2018 15:46:31] - |D| - [13113790] - C:\Program Files\Sandboxie [30/11/2017 17:59:37] - |D| - [14772192] - C:\Program Files\Speccy [02/10/2016 17:25:56] - |D| - [0] - C:\Program Files\TrueKey [10/06/2017 11:31:23] - |HD| - [0] - C:\Program Files\Uninstall Information [25/02/2018 10:26:52] - |D| - [3023197063] - C:\Program Files\Unity [25/05/2017 18:29:49] - |AD| - [6553600] - C:\Program Files\UNP [14/01/2018 12:50:58] - |D| - [165100583] - C:\Program Files\VideoLAN [29/09/2017 14:46:33] - |RD| - [17900385] - C:\Program Files\Windows Defender [26/11/2017 10:16:52] - |D| - [52928] - C:\Program Files\Windows Live [29/09/2017 14:46:33] - |D| - [638976] - C:\Program Files\Windows Mail [30/09/2017 15:40:33] - |D| - [4824555] - C:\Program Files\Windows Media Player [29/09/2017 14:46:33] - |D| - [49680] - C:\Program Files\Windows Multimedia Platform [29/09/2017 14:46:33] - |D| - [7836866] - C:\Program Files\windows nt [29/09/2017 14:46:33] - |D| - [6137656] - C:\Program Files\Windows Photo Viewer [29/09/2017 14:46:33] - |D| - [49688] - C:\Program Files\Windows Portable Devices [29/09/2017 14:46:33] - |D| - [96880] - C:\Program Files\Windows Security [29/09/2017 14:46:33] - |SHD| - [0] - C:\Program Files\Windows Sidebar [29/09/2017 14:46:33] - |HD| - [2689428545] - C:\Program Files\WindowsApps [29/09/2017 14:46:33] - |D| - [2501937] - C:\Program Files\WindowsPowerShell [14/01/2018 12:49:08] - |D| - [7282696] - C:\Program Files\WinRAR ---------- | C:\Program Files (x86)\Common Files [02/10/2016 17:25:42] - |AD| - [9430811] - C:\Program Files (x86)\Common Files\Adobe [08/09/2017 19:36:15] - |AD| - [28538179] - C:\Program Files (x86)\Common Files\Adobe AIR [15/06/2016 16:14:19] - |D| - [27068] - C:\Program Files (x86)\Common Files\Atheros [25/02/2018 11:04:44] - |D| - [24712] - C:\Program Files (x86)\Common Files\Designer [10/06/2017 11:31:03] - |D| - [75340869] - C:\Program Files (x86)\Common Files\Intel [16/01/2018 16:58:39] - |D| - [0] - C:\Program Files (x86)\Common Files\IObit [01/03/2018 14:58:33] - |D| - [1943624] - C:\Program Files (x86)\Common Files\Java [01/04/2016 20:39:37] - |D| - [1923776] - C:\Program Files (x86)\Common Files\McAfee [29/09/2017 14:46:33] - |D| - [33761676] - C:\Program Files (x86)\Common Files\microsoft shared [15/06/2016 16:15:36] - |D| - [204796] - C:\Program Files (x86)\Common Files\PostureAgent [15/06/2016 16:13:23] - |D| - [146595] - C:\Program Files (x86)\Common Files\Qualcomm Atheros [29/09/2017 14:46:33] - |D| - [2702] - C:\Program Files (x86)\Common Files\Services [15/04/2018 10:44:30] - |D| - [2574280] - C:\Program Files (x86)\Common Files\Skype [10/03/2018 19:51:08] - |D| - [3951168] - C:\Program Files (x86)\Common Files\Steam [29/09/2017 14:46:33] - |D| - [9530251] - C:\Program Files (x86)\Common Files\system [13/01/2018 22:14:48] - |D| - [3795912] - C:\Program Files (x86)\Common Files\ThinPrint [30/11/2017 21:07:32] - |D| - [147587024] - C:\Program Files (x86)\Common Files\VMware [26/11/2017 10:18:35] - |D| - [0] - C:\Program Files (x86)\Common Files\Windows Live ---------- | C:\Program Files\Common files [14/04/2018 12:35:55] - |D| - [14225371] - C:\Program Files\Common files\adaware [10/06/2017 11:31:31] - |D| - [569] - C:\Program Files\Common files\Atheros [05/04/2017 20:25:42] - |D| - [1541669] - C:\Program Files\Common files\AV [29/09/2017 14:46:33] - |D| - [70687101] - C:\Program Files\Common files\microsoft shared [15/06/2016 16:28:00] - |D| - [200467] - C:\Program Files\Common files\QCA_Bluetooth [29/09/2017 14:46:33] - |D| - [2702] - C:\Program Files\Common files\Services [29/09/2017 14:46:33] - |D| - [10206603] - C:\Program Files\Common files\system [13/01/2018 22:14:44] - |D| - [743117] - C:\Program Files\Common files\VMware ---------- | Tasks [MD5.BAD1507216FC981A534BB6DE3C296BBF] - [21/01/2018 19:06:43] - |A| - [214] - C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job [MD5.00000000000000000000000000000000] - [16/02/2018 18:38:39] - |D| - [0] - C:\WINDOWS\Tasks\ImCleanDisabled [MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [30/10/2017 16:29:52] - |AH| - [6] - C:\WINDOWS\Tasks\SA.DAT [MD5.A1C3127C9EBCF3F686024013ABFA11C0] - [30/10/2017 16:29:51] - |A| - [3692] - C:\WINDOWS\System32\Tasks\AcerCMUpdateTask2.1.16258 : "C:\Program Files (x86)\Acer\Amundsen\2.1.16258\AWC.exe" [MD5.D0CE7C7D2539A6D869363194EF47C685] - [30/10/2017 16:29:51] - |A| - [4562] - C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task : C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [MD5.3B118C83FA8BD29F4CB604392131C349] - [14/03/2018 13:17:55] - |A| - [4760] - C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier : C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_140_Plugin.exe [MD5.715B0CD89E8561DFE718068A72FEBAB9] - [30/10/2017 16:29:51] - |A| - [4772] - C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier : C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_140_pepper.exe [MD5.F031E2A0A2E2484C4858036B49115754] - [30/10/2017 16:29:51] - |A| - [4558] - C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater : C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [MD5.00000000000000000000000000000000] - [30/10/2017 16:29:51] - |D| - [0] - C:\WINDOWS\System32\Tasks\Avira [MD5.3C7961C1600E65E0E70EAF6613186B00] - [30/10/2017 16:29:51] - |A| - [2074] - C:\WINDOWS\System32\Tasks\FUBTrackingByPLD : "C:\OEM\Preload\FubTracking\FubTracking.exe" [MD5.B35C540D0410C52D21E5E4ACEF7342BA] - [30/10/2017 16:29:51] - |A| - [3462] - C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [MD5.C5458A436299D21A4D7B1AC95ECFB087] - [30/10/2017 16:29:51] - |A| - [3586] - C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [MD5.7A870AB8F10885787821DD73F3147669] - [30/10/2017 16:29:51] - |A| - [2528] - C:\WINDOWS\System32\Tasks\HPLJCustParticipation : "C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe" [MD5.BDEB74BB628E7479608C4C1AA889C33B] - [28/01/2018 21:08:06] - |A| - [3762] - C:\WINDOWS\System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 : "C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe" [MD5.F680C7CB9F692E039871CC6F5D5F0819] - [28/01/2018 21:08:06] - |A| - [3528] - C:\WINDOWS\System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon : "C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe" [MD5.224E13F74E513FFBFE0A3B755C7D27C3] - [29/01/2018 15:53:30] - |A| - [3834] - C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 : C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [MD5.00000000000000000000000000000000] - [29/09/2017 14:46:34] - |D| - [545446] - C:\WINDOWS\System32\Tasks\Microsoft [MD5.CC09C9C9272E8E06CCCF386A5F44A4B6] - [30/10/2017 16:29:52] - |A| - [3376] - C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3183174187-342176784-3280352271-1001 : %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe [MD5.39A8ECC7E41B0EEF56EA0C4176C2400B] - [25/11/2017 23:34:26] - |A| - [3374] - C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3183174187-342176784-3280352271-1002 : %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe [MD5.00000000000000000000000000000000] - [30/10/2017 16:29:52] - |D| - [3380] - C:\WINDOWS\System32\Tasks\S-1-5-21-3183174187-342176784-3280352271-1001 [MD5.00000000000000000000000000000000] - [16/01/2018 16:53:38] - |D| - [0] - C:\WINDOWS\System32\Tasks\Safer-Networking [MD5.A949D58A38B0FDBF90ED213A8F8017B5] - [30/10/2017 16:29:52] - |A| - [4302] - C:\WINDOWS\System32\Tasks\Software Update Application : "C:\ProgramData\OEM\UpgradeTool\ListCheck.exe" [MD5.3CC16E8F3168983BB825AF5B93FCF37B] - [30/10/2017 16:29:52] - |A| - [2706] - C:\WINDOWS\System32\Tasks\UbtFrameworkService : "C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe" [MD5.6F9F4CFE7E15773A186D7F09AE2AA947] - [11/04/2018 14:11:17] - |A| - [2690] - C:\WINDOWS\System32\Tasks\USER_ESRV_SVC_QUEENCREEK : "C:\WINDOWS\System32\Wscript.exe" [MD5.AC0A40BFD0EE540587FF1F86B33F5D11] - [30/10/2017 16:29:52] - |A| - [4176] - C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{10CC98E4-641F-429D-8E1E-42F9DA71A733} : C:\Windows\system32\msfeedssync.exe [MD5.00000000000000000000000000000000] - [29/09/2017 14:46:34] - |D| - [0] - C:\WINDOWS\Syswow64\Tasks\Microsoft ---------- | Firewall [HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules] "WiFiDirect-KM-Driver-In-TCP"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=System|Name=@wlansvc.dll,-37378|Desc=@wlansvc.dll,-37890|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "WiFiDirect-KM-Driver-Out-TCP"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=System|Name=@wlansvc.dll,-37379|Desc=@wlansvc.dll,-37891|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "WiFiDirect-KM-Driver-In-UDP"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=System|Name=@wlansvc.dll,-37380|Desc=@wlansvc.dll,-37892|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "WiFiDirect-KM-Driver-Out-UDP"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=System|Name=@wlansvc.dll,-37381|Desc=@wlansvc.dll,-37893|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "DeliveryOptimization-TCP-In"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-102|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE| "DeliveryOptimization-UDP-In"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-103|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE| "Netlogon-NamedPipe-In"=v2.27|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|Name=@netlogon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010| "Netlogon-TCP-RPC-In"=v2.27|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%SystemRoot%\System32\lsass.exe|Name=@netlogon.dll,-1008|Desc=@netlogon.dll,-1009|EmbedCtxt=@netlogon.dll,-1010| "WirelessDisplay-In-TCP"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10200|Desc=@wifidisplay.dll,-10201|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Out-TCP"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10202|Desc=@wifidisplay.dll,-10203|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Out-UDP"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10204|Desc=@wifidisplay.dll,-10205|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Infra-In-TCP"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7250|App=%systemroot%\system32\CastSrv.exe|Name=@wifidisplay.dll,-10206|Desc=@wifidisplay.dll,-10207|EmbedCtxt=@wifidisplay.dll,-100| "UDP Query User{568B810E-ABB3-4F7D-B506-DCA9B5840F13}C:\program files (x86)\ditto\ditto.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files (x86)\ditto\ditto.exe|Name=Ditto|Desc=Ditto|Defer=User| "TCP Query User{79DF5730-4107-444F-883E-1D4B56EEF82B}C:\program files (x86)\ditto\ditto.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files (x86)\ditto\ditto.exe|Name=Ditto|Desc=Ditto|Defer=User| "{C5DC270D-7396-4621-8452-5058BA02581E}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-21-3474782400-935884843-1830929421-500|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2:6:2|Platform2=GTEQ| "{58A34DAB-F7BC-4DF2-ABC4-B543CE071659}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Name=NRJ|Desc=NRJ|LUOwn=S-1-5-21-3183174187-342176784-3280352271-1001|AppPkgId=S-1-15-2-68983267-1624064423-1762816698-938903939-2340032703-2025649714-2026823782|EmbedCtxt=NRJ|Platform=2:6:2|Platform2=GTEQ| "{4637BE03-44AC-4524-8CE2-6B17B222B881}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Name=@{00141F67.ChessFriendsOnlineChess_2.2.40.0_neutral__8ykx2f62075fc?ms-resource://00141F67.ChessFriendsOnlineChess/resources/packageDisplayName}|Desc=@{00141F67.ChessFriendsOnlineChess_2.2.40.0_neutral__8ykx2f62075fc?ms-resource://00141F67.ChessFriendsOnlineChess/resources/packageDisplayName}|LUOwn=S-1-5-21-3183174187-342176784-3280352271-1001|AppPkgId=S-1-15-2-104236500-2222740310-1881327528-3659184223-1190667852-3765214608-2813633240|EmbedCtxt=@{00141F67.ChessFriendsOnlineChess_2.2.40.0_neutral__8ykx2f62075fc?ms-resource://00141F67.ChessFriendsOnlineChess/resources/packageDisplayName}|Platform=2:6:2|Platform2=GTEQ| "{6EA5EBAB-D732-4C66-9B64-A125F97DD712}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Name=@{MAGIX.MusicMakerJam_2.3.1055.0_x64__a2t3txkz9j1jw?ms-resource://MAGIX.MusicMakerJam/Resources/app_name}|Desc=@{MAGIX.MusicMakerJam_2.3.1055.0_x64__a2t3txkz9j1jw?ms-resource://MAGIX.MusicMakerJam/Resources/app_name}|LUOwn=S-1-5-21-3183174187-342176784-3280352271-1001|AppPkgId=S-1-15-2-914775309-424825794-3355368112-487557154-2084386389-537045334-2498513562|EmbedCtxt=@{MAGIX.MusicMakerJam_2.3.1055.0_x64__a2t3txkz9j1jw?ms-resource://MAGIX.MusicMakerJam/Resources/app_name}|Platform=2:6:2|Platform2=GTEQ| "{AEE82669-A93C-4AAB-BAA6-19229CD9AED9}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Name=@{MAGIX.MusicMakerJam_2.3.1055.0_x64__a2t3txkz9j1jw?ms-resource://MAGIX.MusicMakerJam/Resources/app_name}|Desc=@{MAGIX.MusicMakerJam_2.3.1055.0_x64__a2t3txkz9j1jw?ms-resource://MAGIX.MusicMakerJam/Resources/app_name}|LUOwn=S-1-5-21-3183174187-342176784-3280352271-1001|AppPkgId=S-1-15-2-914775309-424825794-3355368112-487557154-2084386389-537045334-2498513562|EmbedCtxt=@{MAGIX.MusicMakerJam_2.3.1055.0_x64__a2t3txkz9j1jw?ms-resource://MAGIX.MusicMakerJam/Resources/app_name}|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{1F961816-199B-460D-B160-9A5B78CE05CF}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-18|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2:6:2|Platform2=GTEQ| "{5E3678AF-4843-4EEB-8E02-4F8696C9CDAC}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=HP Smart|Desc=HP Smart|LUOwn=S-1-5-21-3183174187-342176784-3280352271-1002|AppPkgId=S-1-15-2-744533573-2444454674-265863901-3215465728-4115286053-1341080355-789689510|EmbedCtxt=HP Smart|Platform=2:6:2|Platform2=GTEQ| "{50A11D3E-856D-44B5-B3F4-A7D1F153D4E3}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=HP Smart|Desc=HP Smart|LUOwn=S-1-5-21-3183174187-342176784-3280352271-1002|AppPkgId=S-1-15-2-744533573-2444454674-265863901-3215465728-4115286053-1341080355-789689510|EmbedCtxt=HP Smart|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{15ED9212-BE9A-483B-8AC7-79D34A45F7B1}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Public|IFType=Wireless|Name=HP Smart|Desc=HP Smart|LUOwn=S-1-5-21-3183174187-342176784-3280352271-1002|AppPkgId=S-1-15-2-744533573-2444454674-265863901-3215465728-4115286053-1341080355-789689510|EmbedCtxt=HP Smart|Platform=2:6:2|Platform2=GTEQ|TTK2_22=WFDDevices| "{9E2CC3E9-B7AC-4CC1-BE33-29D4274CA644}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Public|IFType=Wireless|Name=HP Smart|Desc=HP Smart|LUOwn=S-1-5-21-3183174187-342176784-3280352271-1002|AppPkgId=S-1-15-2-744533573-2444454674-265863901-3215465728-4115286053-1341080355-789689510|EmbedCtxt=HP Smart|Platform=2:6:2|Platform2=GTEQ|TTK2_22=WFDDevices| "{F2A2221F-2544-41CA-9D71-A3BEEE5E7254}"=v2.27|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe|Name=Windows Live Communications Platform|Edge=TRUE| "{882D1AC0-B632-4312-9799-538E67E7847F}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|Name=Windows Live Communications Platform (UPnP)| "{543DEDF7-DECF-41CD-9E3B-1771DDD25148}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|Name=Windows Live Communications Platform (SSDP)| "{289A966E-7244-4CE8-8B9A-E2740161D2DC}"=v2.27|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Apowersoft\Streaming Audio Recorder\Streaming Audio Recorder.exe|Name=Streaming Audio Recorder| "{666812DE-2751-49B0-B94D-70C5BFB1C4FB}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\Apowersoft\Streaming Audio Recorder\Streaming Audio Recorder.exe|Name=Streaming Audio Recorder| "{275FE57D-7DA3-49C9-8F96-19BA5872E9A9}"=v2.27|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Apowersoft\Streaming Audio Recorder\ApowersoftVideoHelper.dll|Name=Streaming Audio Recorder| "{6E54C50B-278E-427A-8003-2A4A732BDFB2}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\Apowersoft\Streaming Audio Recorder\ApowersoftVideoHelper.dll|Name=Streaming Audio Recorder| "{C64ABFCB-44D5-461B-9D71-897EF86B3B3D}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox Game bar|Desc=Xbox Game bar|LUOwn=S-1-5-21-3183174187-342176784-3280352271-1001|AppPkgId=S-1-15-2-1823635404-1364722122-2170562666-1762391777-2399050872-3465541734-3732476201|EmbedCtxt=Xbox Game bar|Platform=2:6:2|Platform2=GTEQ| "{2564880C-FBAE-49EC-8051-ADE8172876FE}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=TeamViewer: Remote Control|Desc=TeamViewer: Remote Control|LUOwn=S-1-5-21-3183174187-342176784-3280352271-1001|AppPkgId=S-1-15-2-1621008415-3823984570-3195776815-1212390982-3676230072-3581987563-1347451468|EmbedCtxt=TeamViewer: Remote Control|Platform=2:6:2|Platform2=GTEQ| "{000AEFD6-0902-47AC-B263-8814588ECD26}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=TeamViewer: Remote Control|Desc=TeamViewer: Remote Control|LUOwn=S-1-5-21-3183174187-342176784-3280352271-1001|AppPkgId=S-1-15-2-1621008415-3823984570-3195776815-1212390982-3676230072-3581987563-1347451468|EmbedCtxt=TeamViewer: Remote Control|Platform=2:6:2|Platform2=GTEQ| "TCP Query User{8F8EFB22-22DC-455D-B395-E775114494B1}C:\program files\openshot video editor\launch.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files\openshot video editor\launch.exe|Name=launch|Desc=launch|Defer=User| "UDP Query User{29BA78FE-5634-43AB-A18C-523F40377404}C:\program files\openshot video editor\launch.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files\openshot video editor\launch.exe|Name=launch|Desc=launch|Defer=User| "{C9A9DBAE-DFA5-431A-B187-9431773443A4}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=53|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-143|Desc=@ipnathlp.dll,-10142|EmbedCtxt=@ipnathlp.dll,-140| "{9B42BBAA-B2BA-4EDE-93D3-98F9F557F989}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=1900|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|App=%systemroot%\system32\svchost.exe|Svc=ssdpsrv|Name=@ipnathlp.dll,-147|Desc=@ipnathlp.dll,-10146|EmbedCtxt=@ipnathlp.dll,-140| "{D02E2C18-127E-4C68-A3F9-A9847056DD21}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|RPort=1900|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|App=%systemroot%\system32\svchost.exe|Svc=ssdpsrv|Name=@ipnathlp.dll,-150|Desc=@ipnathlp.dll,-10150|EmbedCtxt=@ipnathlp.dll,-140| "{1BC731A4-9178-458E-922F-0107E1F4DA6B}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=2869|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|App=System|Name=@ipnathlp.dll,-146|Desc=@ipnathlp.dll,-10145|EmbedCtxt=@ipnathlp.dll,-140| "{AA1F9E3F-B19E-40DF-B977-39432AA6A4CE}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RPort=2869|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|App=System|Name=@ipnathlp.dll,-152|Desc=@ipnathlp.dll,-10151|EmbedCtxt=@ipnathlp.dll,-140| "{49E57C91-F882-4D3B-B2D5-E1157108E757}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=547|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-142|Desc=@ipnathlp.dll,-10141|EmbedCtxt=@ipnathlp.dll,-140| "{54B1174D-0925-470A-B327-4B2DDAC7D978}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|Profile=Private|Profile=Public|ICMP6=133:0|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|Name=@ipnathlp.dll,-148|Desc=@ipnathlp.dll,-10147|EmbedCtxt=@ipnathlp.dll,-140| "{8D5CADC7-DCBA-4CAB-9F17-6E10559CDC82}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|App=%systemroot%\system32\svchost.exe|Svc=upnphost|Name=@ipnathlp.dll,-149|Desc=@ipnathlp.dll,-10148|EmbedCtxt=@ipnathlp.dll,-140| "{1D091CCD-0A19-45B4-AE7E-AE3E7B603B6E}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|App=%systemroot%\system32\alg.exe|Name=@ipnathlp.dll,-140|Desc=@ipnathlp.dll,-140|EmbedCtxt=@ipnathlp.dll,-140| "{3C54AFA8-94EC-454B-8C7C-DED8CC721DED}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=53|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-143|Desc=@ipnathlp.dll,-10142|EmbedCtxt=@ipnathlp.dll,-140| "{ECB48ABE-F5A7-4AD4-9E93-83A8E4DA97CC}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=1900|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|App=%systemroot%\system32\svchost.exe|Svc=ssdpsrv|Name=@ipnathlp.dll,-147|Desc=@ipnathlp.dll,-10146|EmbedCtxt=@ipnathlp.dll,-140| "{4E1C61BE-FBD0-4BE5-8A3B-EFDBBCF33E0C}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|RPort=1900|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|App=%systemroot%\system32\svchost.exe|Svc=ssdpsrv|Name=@ipnathlp.dll,-150|Desc=@ipnathlp.dll,-10150|EmbedCtxt=@ipnathlp.dll,-140| "{45B3331D-2747-4E96-9CFB-6BAA7ACEA556}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=2869|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|App=System|Name=@ipnathlp.dll,-146|Desc=@ipnathlp.dll,-10145|EmbedCtxt=@ipnathlp.dll,-140| "{43139063-0614-4370-9089-F83549898F1C}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RPort=2869|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|App=System|Name=@ipnathlp.dll,-152|Desc=@ipnathlp.dll,-10151|EmbedCtxt=@ipnathlp.dll,-140| "{68A4A996-DBD5-4CC1-A932-24EF71C285B0}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=547|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-142|Desc=@ipnathlp.dll,-10141|EmbedCtxt=@ipnathlp.dll,-140| "{1799CED1-81B7-4300-B403-25E5D3CC0B13}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|Profile=Private|Profile=Public|ICMP6=133:0|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|Name=@ipnathlp.dll,-148|Desc=@ipnathlp.dll,-10147|EmbedCtxt=@ipnathlp.dll,-140| "{26E3F504-6E17-4FA9-B06C-C78FAC7A5013}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|App=%systemroot%\system32\svchost.exe|Svc=upnphost|Name=@ipnathlp.dll,-149|Desc=@ipnathlp.dll,-10148|EmbedCtxt=@ipnathlp.dll,-140| "{41892BD5-949B-4938-B085-B0A4920A3AFE}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|App=%systemroot%\system32\alg.exe|Name=@ipnathlp.dll,-140|Desc=@ipnathlp.dll,-140|EmbedCtxt=@ipnathlp.dll,-140| "{99DFE69E-3FB3-4015-BCFC-193DDB06FA1C}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=53|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-143|Desc=@ipnathlp.dll,-10142|EmbedCtxt=@ipnathlp.dll,-140| "{7DBB12C1-9EE9-4DE8-926A-6EC8FF3753F6}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=1900|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|App=%systemroot%\system32\svchost.exe|Svc=ssdpsrv|Name=@ipnathlp.dll,-147|Desc=@ipnathlp.dll,-10146|EmbedCtxt=@ipnathlp.dll,-140| "{20F5F1A8-EEA1-4A08-A6FE-6C72D74879D6}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|RPort=1900|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|App=%systemroot%\system32\svchost.exe|Svc=ssdpsrv|Name=@ipnathlp.dll,-150|Desc=@ipnathlp.dll,-10150|EmbedCtxt=@ipnathlp.dll,-140| "{953DD7B5-4F80-4EE9-B75E-F39F8BADE581}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=2869|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|App=System|Name=@ipnathlp.dll,-146|Desc=@ipnathlp.dll,-10145|EmbedCtxt=@ipnathlp.dll,-140| "{FD2A9FE2-A59A-417F-A530-E35D90ED212E}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RPort=2869|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|App=System|Name=@ipnathlp.dll,-152|Desc=@ipnathlp.dll,-10151|EmbedCtxt=@ipnathlp.dll,-140| "{5F7FFEFA-6F13-44D0-BF51-1F0E6617783C}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=547|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-142|Desc=@ipnathlp.dll,-10141|EmbedCtxt=@ipnathlp.dll,-140| "{B59696A1-4D94-4525-811E-50564089179F}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|Profile=Private|Profile=Public|ICMP6=133:0|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|Name=@ipnathlp.dll,-148|Desc=@ipnathlp.dll,-10147|EmbedCtxt=@ipnathlp.dll,-140| "{32F4BD10-8EC6-47FA-93FF-FD72F1DADC1D}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|App=%systemroot%\system32\svchost.exe|Svc=upnphost|Name=@ipnathlp.dll,-149|Desc=@ipnathlp.dll,-10148|EmbedCtxt=@ipnathlp.dll,-140| "{D8F3DD21-90DC-40D3-AA45-4DFBC378AF4D}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|App=%systemroot%\system32\alg.exe|Name=@ipnathlp.dll,-140|Desc=@ipnathlp.dll,-140|EmbedCtxt=@ipnathlp.dll,-140| "{059659CA-1B22-4313-88AF-66226BE12CEB}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=53|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-143|Desc=@ipnathlp.dll,-10142|EmbedCtxt=@ipnathlp.dll,-140| "{5FE7A476-A7A3-4784-B4E8-44216E58E93D}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=1900|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|App=%systemroot%\system32\svchost.exe|Svc=ssdpsrv|Name=@ipnathlp.dll,-147|Desc=@ipnathlp.dll,-10146|EmbedCtxt=@ipnathlp.dll,-140| "{C6A1BDCC-7817-423D-97FC-CC0D18088BA5}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|RPort=1900|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|App=%systemroot%\system32\svchost.exe|Svc=ssdpsrv|Name=@ipnathlp.dll,-150|Desc=@ipnathlp.dll,-10150|EmbedCtxt=@ipnathlp.dll,-140| "{383047D6-EEBA-4039-8500-8CDE378AFBF0}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=2869|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|App=System|Name=@ipnathlp.dll,-146|Desc=@ipnathlp.dll,-10145|EmbedCtxt=@ipnathlp.dll,-140| "{1F9C6113-4E42-4699-B5EB-9CAA189DCF38}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RPort=2869|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|App=System|Name=@ipnathlp.dll,-152|Desc=@ipnathlp.dll,-10151|EmbedCtxt=@ipnathlp.dll,-140| "{CED99B7B-FFE8-44CD-AF00-C95FF15D3F89}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=547|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-142|Desc=@ipnathlp.dll,-10141|EmbedCtxt=@ipnathlp.dll,-140| "{ED8F9200-627A-499D-9AFB-64C2CB91BFDA}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|Profile=Private|Profile=Public|ICMP6=133:0|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|Name=@ipnathlp.dll,-148|Desc=@ipnathlp.dll,-10147|EmbedCtxt=@ipnathlp.dll,-140| "{13BF6A35-E9A4-4D60-8AA7-96ECF700E3BA}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|App=%systemroot%\system32\svchost.exe|Svc=upnphost|Name=@ipnathlp.dll,-149|Desc=@ipnathlp.dll,-10148|EmbedCtxt=@ipnathlp.dll,-140| "{C4F9E897-9714-490D-8945-6CF608CB1635}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|App=%systemroot%\system32\alg.exe|Name=@ipnathlp.dll,-140|Desc=@ipnathlp.dll,-140|EmbedCtxt=@ipnathlp.dll,-140| "{0F8CCE57-D75F-4BA8-8538-4B87E7304B7B}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=53|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-143|Desc=@ipnathlp.dll,-10142|EmbedCtxt=@ipnathlp.dll,-140| "{7DC0205C-8885-4DC9-B4DB-BEDEF0EED2A0}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=1900|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|App=%systemroot%\system32\svchost.exe|Svc=ssdpsrv|Name=@ipnathlp.dll,-147|Desc=@ipnathlp.dll,-10146|EmbedCtxt=@ipnathlp.dll,-140| "{01076AA4-C650-49FB-A6F4-3687CB90D324}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|RPort=1900|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|App=%systemroot%\system32\svchost.exe|Svc=ssdpsrv|Name=@ipnathlp.dll,-150|Desc=@ipnathlp.dll,-10150|EmbedCtxt=@ipnathlp.dll,-140| "{6C09DB62-F772-427C-999D-A572F7B143D8}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=2869|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|App=System|Name=@ipnathlp.dll,-146|Desc=@ipnathlp.dll,-10145|EmbedCtxt=@ipnathlp.dll,-140| "{4495475B-F5C9-421F-9E71-763E20F00B51}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RPort=2869|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|App=System|Name=@ipnathlp.dll,-152|Desc=@ipnathlp.dll,-10151|EmbedCtxt=@ipnathlp.dll,-140| "{B8A50C30-BDA4-4BD2-9924-D8F6767362E3}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=547|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-142|Desc=@ipnathlp.dll,-10141|EmbedCtxt=@ipnathlp.dll,-140| "{786A6577-ECCC-4EC1-BFBE-BEAF676190DB}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|Profile=Private|Profile=Public|ICMP6=133:0|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|Name=@ipnathlp.dll,-148|Desc=@ipnathlp.dll,-10147|EmbedCtxt=@ipnathlp.dll,-140| "{202C1DD5-E95B-4774-B63A-A9F736D8EAFB}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|App=%systemroot%\system32\svchost.exe|Svc=upnphost|Name=@ipnathlp.dll,-149|Desc=@ipnathlp.dll,-10148|EmbedCtxt=@ipnathlp.dll,-140| "{5DB99D22-A1F2-4B7B-B587-8BA677BAC999}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|App=%systemroot%\system32\alg.exe|Name=@ipnathlp.dll,-140|Desc=@ipnathlp.dll,-140|EmbedCtxt=@ipnathlp.dll,-140| "{AE3972B1-E8DA-4826-A75F-7A196DE1A68A}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=53|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-143|Desc=@ipnathlp.dll,-10142|EmbedCtxt=@ipnathlp.dll,-140| "{27D4DB8F-4BF3-4B3A-A4BC-78EC1F5475F0}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=1900|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|App=%systemroot%\system32\svchost.exe|Svc=ssdpsrv|Name=@ipnathlp.dll,-147|Desc=@ipnathlp.dll,-10146|EmbedCtxt=@ipnathlp.dll,-140| "{AC2477D1-C497-4E29-8608-4A9A84CB0E48}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|RPort=1900|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|App=%systemroot%\system32\svchost.exe|Svc=ssdpsrv|Name=@ipnathlp.dll,-150|Desc=@ipnathlp.dll,-10150|EmbedCtxt=@ipnathlp.dll,-140| "{B00ED3E7-5AC0-46A5-AEC6-F394799CCFE8}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=2869|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|App=System|Name=@ipnathlp.dll,-146|Desc=@ipnathlp.dll,-10145|EmbedCtxt=@ipnathlp.dll,-140| "{856A7966-D23F-47F8-BAC5-B8FDE48B78BA}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RPort=2869|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|App=System|Name=@ipnathlp.dll,-152|Desc=@ipnathlp.dll,-10151|EmbedCtxt=@ipnathlp.dll,-140| "{CE16997E-84B2-4989-8DC5-09E231894857}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=547|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-142|Desc=@ipnathlp.dll,-10141|EmbedCtxt=@ipnathlp.dll,-140| "{C1E33C17-1D2B-492D-B30E-F93BDB6AB0C3}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|Profile=Private|Profile=Public|ICMP6=133:0|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|Name=@ipnathlp.dll,-148|Desc=@ipnathlp.dll,-10147|EmbedCtxt=@ipnathlp.dll,-140| "{709E74AD-A283-4FDC-93E7-CED3C18CA5D6}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|App=%systemroot%\system32\svchost.exe|Svc=upnphost|Name=@ipnathlp.dll,-149|Desc=@ipnathlp.dll,-10148|EmbedCtxt=@ipnathlp.dll,-140| "{7F11CC14-27BF-4A21-A99F-3227CAB127B6}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|App=%systemroot%\system32\alg.exe|Name=@ipnathlp.dll,-140|Desc=@ipnathlp.dll,-140|EmbedCtxt=@ipnathlp.dll,-140| "{1A01E3AD-5C55-4EAE-A526-610A2C262CD1}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=53|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-143|Desc=@ipnathlp.dll,-10142|EmbedCtxt=@ipnathlp.dll,-140| "{C075A4B2-31A2-4BF2-9843-B75A1D365799}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=1900|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|App=%systemroot%\system32\svchost.exe|Svc=ssdpsrv|Name=@ipnathlp.dll,-147|Desc=@ipnathlp.dll,-10146|EmbedCtxt=@ipnathlp.dll,-140| "{91F7EC34-9F61-4597-A2FA-D65758B8AC5C}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|RPort=1900|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|App=%systemroot%\system32\svchost.exe|Svc=ssdpsrv|Name=@ipnathlp.dll,-150|Desc=@ipnathlp.dll,-10150|EmbedCtxt=@ipnathlp.dll,-140| "{0DC4B66F-625D-46D6-B585-F045A52BA297}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=2869|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|App=System|Name=@ipnathlp.dll,-146|Desc=@ipnathlp.dll,-10145|EmbedCtxt=@ipnathlp.dll,-140| "{76AD2911-86BA-421D-9D12-8B5E80DA6F59}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RPort=2869|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|App=System|Name=@ipnathlp.dll,-152|Desc=@ipnathlp.dll,-10151|EmbedCtxt=@ipnathlp.dll,-140| "{11C5D2AB-D4A2-4780-9E0A-5D22A13AC1E3}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=547|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-142|Desc=@ipnathlp.dll,-10141|EmbedCtxt=@ipnathlp.dll,-140| "{5634CF68-3AE6-4465-88AA-6AEA96726B59}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|Profile=Private|Profile=Public|ICMP6=133:0|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|Name=@ipnathlp.dll,-148|Desc=@ipnathlp.dll,-10147|EmbedCtxt=@ipnathlp.dll,-140| "{6E4518F3-445E-4B87-AF2F-85854C41BBD8}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|App=%systemroot%\system32\svchost.exe|Svc=upnphost|Name=@ipnathlp.dll,-149|Desc=@ipnathlp.dll,-10148|EmbedCtxt=@ipnathlp.dll,-140| "{1F8A3B01-4EDA-41CE-8ACE-07EB65D2DF2D}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|App=%systemroot%\system32\alg.exe|Name=@ipnathlp.dll,-140|Desc=@ipnathlp.dll,-140|EmbedCtxt=@ipnathlp.dll,-140| "{85BF32A7-EF65-4C22-BD7C-284AE527B1B4}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=53|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-143|Desc=@ipnathlp.dll,-10142|EmbedCtxt=@ipnathlp.dll,-140| "{77F5BBAE-984B-446D-9C4C-1BD45329553C}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=1900|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|App=%systemroot%\system32\svchost.exe|Svc=ssdpsrv|Name=@ipnathlp.dll,-147|Desc=@ipnathlp.dll,-10146|EmbedCtxt=@ipnathlp.dll,-140| "{8B6E298D-DE9E-4F80-ABCA-3667DF6EE148}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|RPort=1900|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|App=%systemroot%\system32\svchost.exe|Svc=ssdpsrv|Name=@ipnathlp.dll,-150|Desc=@ipnathlp.dll,-10150|EmbedCtxt=@ipnathlp.dll,-140| "{C8A25DC1-39C7-4C69-867A-008106F67CC6}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=2869|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|App=System|Name=@ipnathlp.dll,-146|Desc=@ipnathlp.dll,-10145|EmbedCtxt=@ipnathlp.dll,-140| "{117FA06D-690F-45C1-AA9B-C94B0D1B0F3D}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RPort=2869|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|App=System|Name=@ipnathlp.dll,-152|Desc=@ipnathlp.dll,-10151|EmbedCtxt=@ipnathlp.dll,-140| "{0B0AFE67-A776-4AE2-A2E5-11BE10563E60}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=547|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-142|Desc=@ipnathlp.dll,-10141|EmbedCtxt=@ipnathlp.dll,-140| "{F03FE57F-DBE2-4B53-8CCE-2ADB5C082C1C}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|Profile=Private|Profile=Public|ICMP6=133:0|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|Name=@ipnathlp.dll,-148|Desc=@ipnathlp.dll,-10147|EmbedCtxt=@ipnathlp.dll,-140| "{6562FDBF-5ED3-4169-A01A-5508DB17C123}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|App=%systemroot%\system32\svchost.exe|Svc=upnphost|Name=@ipnathlp.dll,-149|Desc=@ipnathlp.dll,-10148|EmbedCtxt=@ipnathlp.dll,-140| "{F7533F44-347E-48BE-8E1B-85B9593FF800}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|App=%systemroot%\system32\alg.exe|Name=@ipnathlp.dll,-140|Desc=@ipnathlp.dll,-140|EmbedCtxt=@ipnathlp.dll,-140| "{5FEFBA3B-70B4-495A-88FD-40EB875CBF71}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=53|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-143|Desc=@ipnathlp.dll,-10142|EmbedCtxt=@ipnathlp.dll,-140| "{8214926C-FBBF-462A-B79B-71812F243658}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=1900|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|App=%systemroot%\system32\svchost.exe|Svc=ssdpsrv|Name=@ipnathlp.dll,-147|Desc=@ipnathlp.dll,-10146|EmbedCtxt=@ipnathlp.dll,-140| "{E95EBC22-45C5-4DCC-8525-18C7456916FD}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|RPort=1900|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|App=%systemroot%\system32\svchost.exe|Svc=ssdpsrv|Name=@ipnathlp.dll,-150|Desc=@ipnathlp.dll,-10150|EmbedCtxt=@ipnathlp.dll,-140| "{E2C8E7E6-6992-4E29-BB2B-24617ACB6AEB}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=2869|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|App=System|Name=@ipnathlp.dll,-146|Desc=@ipnathlp.dll,-10145|EmbedCtxt=@ipnathlp.dll,-140| "{64FEF705-4C28-48B4-B19F-9B3230E03507}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RPort=2869|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|App=System|Name=@ipnathlp.dll,-152|Desc=@ipnathlp.dll,-10151|EmbedCtxt=@ipnathlp.dll,-140| "{C5247FFD-B468-4270-9D36-002A0D8CFF4E}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=547|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-142|Desc=@ipnathlp.dll,-10141|EmbedCtxt=@ipnathlp.dll,-140| "{8A72F16C-014A-42A7-AA48-4EC86759AAD8}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|Profile=Private|Profile=Public|ICMP6=133:0|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|Name=@ipnathlp.dll,-148|Desc=@ipnathlp.dll,-10147|EmbedCtxt=@ipnathlp.dll,-140| "{9F1F8D7E-F7BE-4889-9ACE-C66F5BC7D7C0}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|App=%systemroot%\system32\svchost.exe|Svc=upnphost|Name=@ipnathlp.dll,-149|Desc=@ipnathlp.dll,-10148|EmbedCtxt=@ipnathlp.dll,-140| "{FD3C1640-0304-42A4-B4C4-DB04CD28907F}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|App=%systemroot%\system32\alg.exe|Name=@ipnathlp.dll,-140|Desc=@ipnathlp.dll,-140|EmbedCtxt=@ipnathlp.dll,-140| "{581E83D9-E303-4826-BBD4-44D6EB290CA6}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=53|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-143|Desc=@ipnathlp.dll,-10142|EmbedCtxt=@ipnathlp.dll,-140| "{6E4D0AE2-BEFF-4B24-BAE3-950E4BE4537E}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=1900|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|App=%systemroot%\system32\svchost.exe|Svc=ssdpsrv|Name=@ipnathlp.dll,-147|Desc=@ipnathlp.dll,-10146|EmbedCtxt=@ipnathlp.dll,-140| "{6C9B8FCF-658C-4689-A544-B992EA86CCF4}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|RPort=1900|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|App=%systemroot%\system32\svchost.exe|Svc=ssdpsrv|Name=@ipnathlp.dll,-150|Desc=@ipnathlp.dll,-10150|EmbedCtxt=@ipnathlp.dll,-140| "{EFD4612F-ECC4-49B3-8BF3-427F8F67CDBD}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=2869|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|App=System|Name=@ipnathlp.dll,-146|Desc=@ipnathlp.dll,-10145|EmbedCtxt=@ipnathlp.dll,-140| "{0C42A538-26A3-47AF-BC89-E1D38A0CC7E8}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RPort=2869|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|App=System|Name=@ipnathlp.dll,-152|Desc=@ipnathlp.dll,-10151|EmbedCtxt=@ipnathlp.dll,-140| "{5E3ED9FF-6E06-4368-B760-89D21BC77A26}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=547|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-142|Desc=@ipnathlp.dll,-10141|EmbedCtxt=@ipnathlp.dll,-140| "{7A3A244B-EA0F-4697-AC08-85A974CEBD5C}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|Profile=Private|Profile=Public|ICMP6=133:0|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|Name=@ipnathlp.dll,-148|Desc=@ipnathlp.dll,-10147|EmbedCtxt=@ipnathlp.dll,-140| "{4A12F6FC-D4A4-452D-B2E0-C0B9621B3955}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|App=%systemroot%\system32\svchost.exe|Svc=upnphost|Name=@ipnathlp.dll,-149|Desc=@ipnathlp.dll,-10148|EmbedCtxt=@ipnathlp.dll,-140| "{427809E2-95DE-41FD-B1F8-30CE891487F2}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|IF={C863D126-6EC7-4260-80BD-4F4FC3BCF8E2}|App=%systemroot%\system32\alg.exe|Name=@ipnathlp.dll,-140|Desc=@ipnathlp.dll,-140|EmbedCtxt=@ipnathlp.dll,-140| "TCP Query User{B7D99BCB-2F5C-437B-B69E-B05C100FDA0C}C:\program files (x86)\xming\xming.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files (x86)\xming\xming.exe|Name=Xming X Server|Desc=Xming X Server|Defer=User| "UDP Query User{2F9DE988-4ADE-4B6C-A4D2-9A71D12A526F}C:\program files (x86)\xming\xming.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files (x86)\xming\xming.exe|Name=Xming X Server|Desc=Xming X Server|Defer=User| "TCP Query User{20824A3D-43FE-40EE-A690-825A56EB90E4}C:\program files (x86)\ditto\ditto.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files (x86)\ditto\ditto.exe|Name=Ditto|Desc=Ditto|Defer=User| "UDP Query User{407D5A72-2400-445D-8069-F47AE9C6232C}C:\program files (x86)\ditto\ditto.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files (x86)\ditto\ditto.exe|Name=Ditto|Desc=Ditto|Defer=User| "{C4F962A0-909B-4A76-9294-92D192CC524E}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Users\ligma\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (TCP-In)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE| "{CB86BDA5-1B14-40EA-9F65-275CE46CB7F4}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Users\ligma\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (UDP-In)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE| "{7A71FCD2-33EB-4FFF-AC49-266AF3782592}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|App=C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe|Name=VMware Authd Service|Edge=TRUE| "{10E50026-DB10-4B8D-A526-0675705EF518}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe|Name=VMware Authd Service (private)|Edge=TRUE| "{60E6D465-398E-4850-BE86-7EF7620A2377}"=v2.24|Action=Block|Active=TRUE|Dir=Out|App=C:\windows\system32\svchost.exe|Svc=DiagTrack|Name=Windows Telemetry| "{2765E0F4-2918-4A46-B9C9-43CDD8FCBA2B}"=v2.24|Action=Block|Active=TRUE|Dir=Out|App=C:\windows\systemapps\microsoft.windows.cortana_cw5n1h2txyewy\searchui.exe|Name=Search and Cortana application|AppPkgId=S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742| "{1F3C1EDD-A422-45F0-ABA2-2717D0108353}"=v2.27|Action=Block|Active=TRUE|Dir=Out|RA4=104.96.147.3|Name=104.96.147.3_Block| "{048EC7B8-2877-4CCD-845C-FA9132082201}"=v2.27|Action=Block|Active=TRUE|Dir=Out|RA4=111.221.29.177|Name=111.221.29.177_Block| "{25CF8711-245F-4871-93AD-C0698F8D8212}"=v2.27|Action=Block|Active=TRUE|Dir=Out|RA4=111.221.29.253|Name=111.221.29.253_Block| "{B9571E1C-E4CF-4BEE-A1E2-AEE4BE3680D6}"=v2.27|Action=Block|Active=TRUE|Dir=Out|RA4=111.221.64.0-111.221.127.255|Name=111.221.64.0-111.221.127.255_Block| "{8C30057A-998F-4BB0-90F5-98C80451C1FA}"=v2.27|Action=Block|Active=TRUE|Dir=Out|RA4=131.253.40.37|Name=131.253.40.37_Block| "{FAE8E88A-D627-4384-AB17-215828D4399C}"=v2.27|Action=Block|Active=TRUE|Dir=Out|RA4=134.170.115.60|Name=134.170.115.60_Block| "{3F2116FD-2074-44CF-B3DA-3FE58DF7F0C9}"=v2.27|Action=Block|Active=TRUE|Dir=Out|RA4=134.170.165.248|Name=134.170.165.248_Block| "{AE0F2375-3277-435D-A5E2-A399F8AA1DC2}"=v2.27|Action=Block|Active=TRUE|Dir=Out|RA4=134.170.165.253|Name=134.170.165.253_Block| "{4FF6BA62-D7AE-45BD-BDA1-3178B28712E5}"=v2.27|Action=Block|Active=TRUE|Dir=Out|RA4=134.170.185.70|Name=134.170.185.70_Block| "{A4F68037-500F-465A-8FB5-C3C95C4D21B4}"=v2.27|Action=Block|Active=TRUE|Dir=Out|RA4=134.170.30.202|Name=134.170.30.202_Block| "{8F3C414A-13A4-45A4-8932-0007EC88951F}"=v2.27|Action=Block|Active=TRUE|Dir=Out|RA4=137.116.81.24|Name=137.116.81.24_Block| "{E0153780-58F1-4C2D-BC42-4D38C08DF384}"=v2.27|Action=Block|Active=TRUE|Dir=Out|RA4=137.117.235.16|Name=137.117.235.16_Block| "{72181FFC-3050-4BD1-9B24-C853D000F833}"=v2.27|Action=Block|Active=TRUE|Dir=Out|RA4=157.55.129.21|Name=157.55.129.21_Block| "{8F7845CD-933E-44FF-9B82-F84F6497D9AB}"=v2.27|Action=Block|Active=TRUE|Dir=Out|RA4=157.55.130.0-157.55.130.255|Name=157.55.130.0-157.55.130.255_Block| "{439FC6D1-38DB-44A2-8E6B-7F0FD8939735}"=v2.27|Action=Block|Active=TRUE|Dir=Out|RA4=157.55.133.204|Name=157.55.133.204_Block| "{CA437D71-FC0F-476F-9F21-5C19EF3D8B65}"=v2.27|Action=Block|Active=TRUE|Dir=Out|RA4=157.55.235.0-157.55.235.255|Name=157.55.235.0-157.55.235.255_Block| "{A4A45E52-26AD-437F-B6DB-0B9EFF7076D2}"=v2.27|Action=Block|Active=TRUE|Dir=Out|RA4=157.55.236.0-157.55.236.255|Name=157.55.236.0-157.55.236.255_Block| "{476AB3FB-5B83-4B80-B128-DEA09A19DD00}"=v2.27|Action=Block|Active=TRUE|Dir=Out|RA4=157.55.240.220|Name=157.55.240.220_Block| "{D7D981DB-B5C7-4BB2-AB98-164E69D4C5B0}"=v2.27|Action=Block|Active=TRUE|Dir=Out|RA4=157.55.52.0-157.55.52.255|Name=157.55.52.0-157.55.52.255_Block| "{76C3DC81-4756-462D-8755-4546D37D4FB3}"=v2.27|Action=Block|Active=TRUE|Dir=Out|RA4=157.55.56.0-157.55.56.255|Name=157.55.56.0-157.55.56.255_Block| "{224860ED-3E56-4EC8-BCB6-85A76E519129}"=v2.27|Action=Block|Active=TRUE|Dir=Out|RA4=157.56.106.189|Name=157.56.106.189_Block| "{62194A18-3124-4678-A813-4DD5C9D14ECD}"=v2.27|Action=Block|Active=TRUE|Dir=Out|RA4=157.56.121.89|Name=157.56.121.89_Block| "{D1DC61EC-FF17-492E-A212-EC2135A8C529}"=v2.27|Action=Block|Active=TRUE|Dir=Out|RA4=157.56.124.87|Name=157.56.124.87_Block| "{BE8E1A52-03FB-4A3A-8E76-99000135132E}"=v2.27|Action=Block|Active=TRUE|Dir=Out|RA4=157.56.91.77|Name=157.56.91.77_Block| "{2E3023F1-306C-4B3B-ABF5-60071789B69C}"=v2.27|Action=Block|Active=TRUE|Dir=Out|RA4=157.56.96.54|Name=157.56.96.54_Block| "{3ED86172-2C13-4C87-B454-EB7B8D964A6E}"=v2.27|Action=Block|Active=TRUE|Dir=Out|RA4=168.63.108.233|Name=168.63.108.233_Block| "{D1CBC6AC-4332-48EA-AA40-9E2FE881920E}"=v2.27|Action=Block|Active=TRUE|Dir=Out|RA4=191.232.139.2|Name=191.232.139.2_Block| "{F95ED494-E2B8-416A-BCAA-752F6BC8D958}"=v2.27|Action=Block|Active=TRUE|Dir=Out|RA4=191.232.139.254|Name=191.232.139.254_Block| "{DB1A1AA0-D600-4C10-BA82-B00DBF6B4084}"=v2.27|Action=Block|Active=TRUE|Dir=Out|RA4=191.232.80.58|Name=191.232.80.58_Block| "{E253945C-5BDD-477D-B744-C8EE38092556}"=v2.27|Action=Block|Active=TRUE|Dir=Out|RA4=191.232.80.62|Name=191.232.80.62_Block| "{F9102801-5C61-4459-956B-93F691EF5DE4}"=v2.27|Action=Block|Active=TRUE|Dir=Out|RA4=191.237.208.126|Name=191.237.208.126_Block| "{94463FBF-0288-42A9-BECF-823D0E309951}"=v2.27|Action=Block|Active=TRUE|Dir=Out|RA4=195.138.255.0-195.138.255.255|Name=195.138.255.0-195.138.255.255_Block| "{C561BE12-4B5C-4DA7-83D5-40DD2F252365}"=v2.27|Action=Block|Active=TRUE|Dir=Out|RA4=2.22.61.43|Name=2.22.61.43_Block| "{DCDAD73F-9239-42FE-8DAB-B8D04A1AFD08}"=v2.27|Action=Block|Active=TRUE|Dir=Out|RA4=2.22.61.66|Name=2.22.61.66_Block| "{FCD27A95-8D99-4FC6-A374-522C87D5DA1F}"=v2.27|Action=Block|Active=TRUE|Dir=Out|RA4=204.79.197.200|Name=204.79.197.200_Block| "{8D993A3C-E128-4412-9BA5-1FD0A7230BA8}"=v2.27|Action=Block|Active=TRUE|Dir=Out|RA4=207.46.101.29|Name=207.46.101.29_Block| "{776AC887-B9BE-4847-814D-69B2DA200FBE}"=v2.27|Action=Block|Active=TRUE|Dir=Out|RA4=207.46.114.58|Name=207.46.114.58_Block| "{BBA2763F-9EA9-4A75-B498-108C83E12FFC}"=v2.27|Action=Block|Active=TRUE|Dir=Out|RA4=207.46.223.94|Name=207.46.223.94_Block| "{A7394D06-54EF-4F3D-A854-D9A57E84FE3D}"=v2.27|Action=Block|Active=TRUE|Dir=Out|RA4=207.68.166.254|Name=207.68.166.254_Block| "{0109A999-4EA9-47EC-83D0-8043B6F80555}"=v2.27|Action=Block|Active=TRUE|Dir=Out|RA4=212.30.134.204|Name=212.30.134.204_Block| "{F6489B2A-F5CB-428B-9D7A-3221D1FF16F2}"=v2.27|Action=Block|Active=TRUE|Dir=Out|RA4=212.30.134.205|Name=212.30.134.205_Block| "{0513CADB-26ED-4FC4-ACD5-D1C18191EB77}"=v2.27|Action=Block|Active=TRUE|Dir=Out|RA4=213.199.179.0-213.199.179.255|Name=213.199.179.0-213.199.179.255_Block| "{1D534428-7297-489E-928D-55AA5A8EC88E}"=v2.27|Action=Block|Active=TRUE|Dir=Out|RA4=23.102.21.4|Name=23.102.21.4_Block| "{F47196B8-B549-4CC6-B84F-70753B500546}"=v2.27|Action=Block|Active=TRUE|Dir=Out|RA4=23.218.212.69|Name=23.218.212.69_Block| "{B965FFB4-EAF6-4F16-BDB4-895CAC8457BE}"=v2.27|Action=Block|Active=TRUE|Dir=Out|RA4=23.223.20.82|Name=23.223.20.82_Block| "{94C926FE-64D3-4718-9E15-980500C7B175}"=v2.27|Action=Block|Active=TRUE|Dir=Out|RA4=23.57.101.163|Name=23.57.101.163_Block| "{E942F3EF-8A88-463E-806B-B94945446C71}"=v2.27|Action=Block|Active=TRUE|Dir=Out|RA4=23.57.107.163|Name=23.57.107.163_Block| "{09F6A3F0-3641-4AAA-880B-66080AC5EC64}"=v2.27|Action=Block|Active=TRUE|Dir=Out|RA4=23.57.107.27|Name=23.57.107.27_Block| "{E80B24EB-F5A8-4BC8-9E3C-336AB3D302EB}"=v2.27|Action=Block|Active=TRUE|Dir=Out|RA4=23.99.10.11|Name=23.99.10.11_Block| "{3C44D00D-E74A-4049-B47F-862929E5F3D7}"=v2.27|Action=Block|Active=TRUE|Dir=Out|RA4=64.4.23.0-64.4.23.255|Name=64.4.23.0-64.4.23.255_Block| "{BBD37EB3-C517-4525-A2FF-41F268F2360C}"=v2.27|Action=Block|Active=TRUE|Dir=Out|RA4=64.4.54.22|Name=64.4.54.22_Block| "{1952E5AD-6AF5-4D03-8DC8-FE2117974CD2}"=v2.27|Action=Block|Active=TRUE|Dir=Out|RA4=64.4.54.32|Name=64.4.54.32_Block| "{FA70F56D-4B7F-45B4-86E0-08B7BB9C6E94}"=v2.27|Action=Block|Active=TRUE|Dir=Out|RA4=64.4.6.100|Name=64.4.6.100_Block| "{3A34C6AB-C4D8-46E0-905B-33932EE35E82}"=v2.27|Action=Block|Active=TRUE|Dir=Out|RA4=65.39.117.230|Name=65.39.117.230_Block| "{3BF93C51-5296-4ACF-8673-E8AB16C39E6B}"=v2.27|Action=Block|Active=TRUE|Dir=Out|RA4=65.52.100.11|Name=65.52.100.11_Block| "{A5B93A72-AAA1-401D-987B-C50D7780F9C9}"=v2.27|Action=Block|Active=TRUE|Dir=Out|RA4=65.52.100.7|Name=65.52.100.7_Block| "{DFF11EE9-F852-4F27-BA7B-650727153C30}"=v2.27|Action=Block|Active=TRUE|Dir=Out|RA4=65.52.100.9|Name=65.52.100.9_Block| "{1C08149E-8EEC-4A20-BF5D-038ADDB06186}"=v2.27|Action=Block|Active=TRUE|Dir=Out|RA4=65.52.100.91|Name=65.52.100.91_Block| "{247D48AD-E61F-47CF-8312-B79F83EA827D}"=v2.27|Action=Block|Active=TRUE|Dir=Out|RA4=65.52.100.92|Name=65.52.100.92_Block| "{7B0355F5-4552-404A-B260-D48D7038D7C4}"=v2.27|Action=Block|Active=TRUE|Dir=Out|RA4=65.52.100.93|Name=65.52.100.93_Block| "{7201D8C9-3350-4712-9CD7-A64EA393EE2E}"=v2.27|Action=Block|Active=TRUE|Dir=Out|RA4=65.52.100.94|Name=65.52.100.94_Block| "{03B25489-59E3-4DBF-9A88-061A283C6559}"=v2.27|Action=Block|Active=TRUE|Dir=Out|RA4=65.52.108.29|Name=65.52.108.29_Block| "{B6A756F4-7EC6-4F6A-ACF1-46943C6E7C67}"=v2.27|Action=Block|Active=TRUE|Dir=Out|RA4=65.52.108.33|Name=65.52.108.33_Block| "{D8CD5577-3E42-4EB4-B260-3A1E2702EFD5}"=v2.27|Action=Block|Active=TRUE|Dir=Out|RA4=65.55.108.23|Name=65.55.108.23_Block| "{48213E99-DD96-4016-A084-A00915119B4E}"=v2.27|Action=Block|Active=TRUE|Dir=Out|RA4=65.55.138.114|Name=65.55.138.114_Block| "{DDF58773-759A-4258-8E79-2D1D9EC9023A}"=v2.27|Action=Block|Active=TRUE|Dir=Out|RA4=65.55.138.126|Name=65.55.138.126_Block| "{D1DCF245-25DF-4E5F-A57B-AE0A05865E21}"=v2.27|Action=Block|Active=TRUE|Dir=Out|RA4=65.55.138.186|Name=65.55.138.186_Block| "{8E40BF3E-90AE-47BE-B484-E64551C8C22C}"=v2.27|Action=Block|Active=TRUE|Dir=Out|RA4=65.55.223.0-65.55.223.255|Name=65.55.223.0-65.55.223.255_Block| "{D788A132-CC26-4CB3-985F-5716B2F4C2F6}"=v2.27|Action=Block|Active=TRUE|Dir=Out|RA4=65.55.252.63|Name=65.55.252.63_Block| "{081C5AE2-0679-4AF7-8FE1-71A4F331D78B}"=v2.27|Action=Block|Active=TRUE|Dir=Out|RA4=65.55.252.71|Name=65.55.252.71_Block| "{AF71CA04-2713-411B-A9F2-0F49EADA0032}"=v2.27|Action=Block|Active=TRUE|Dir=Out|RA4=65.55.252.92|Name=65.55.252.92_Block| "{6D250CEA-2D30-43CC-A15E-BAB467F05FB9}"=v2.27|Action=Block|Active=TRUE|Dir=Out|RA4=65.55.252.93|Name=65.55.252.93_Block| "{C953A788-D256-4660-8BDF-146A1EBAF8CF}"=v2.27|Action=Block|Active=TRUE|Dir=Out|RA4=65.55.29.238|Name=65.55.29.238_Block| "{446F35EB-3875-4BB8-A6CB-F8566911E2E3}"=v2.27|Action=Block|Active=TRUE|Dir=Out|RA4=65.55.39.10|Name=65.55.39.10_Block| "{2BF7DB93-AF38-4EDE-B84B-3AFF27F37CF2}"=v2.27|Action=Block|Active=TRUE|Dir=Out|RA4=77.67.29.176|Name=77.67.29.176_Block| "{5BEE00E6-A0F9-4C76-AE89-DD2771858A66}"=v2.27|Action=Block|Active=TRUE|Dir=Out|App=C:\Windows\explorer.exe|Name=Explorer.EXE_BLOCK| "{FBD9758C-2FA8-47BD-B06E-1D0B03293305}"=v2.27|Action=Block|Active=TRUE|Dir=Out|Svc=WSearch|Name=WSearch_Block| "{FF943709-62D7-4AA5-98AE-29B2AA98E852}"=v2.27|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\FFNativeMessage.exe|Name=SP_FF| "{EE3E9A8D-8EC4-4006-9AC3-F5CC10CA363B}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\FFNativeMessage.exe|Name=SP_FF| "{AB7E158C-B20E-4058-8D3B-25185463799A}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=HP Smart|Desc=HP Smart|LUOwn=S-1-5-21-3183174187-342176784-3280352271-1001|AppPkgId=S-1-15-2-744533573-2444454674-265863901-3215465728-4115286053-1341080355-789689510|EmbedCtxt=HP Smart|Platform=2:6:2|Platform2=GTEQ| "{24B709B0-D581-46B2-B384-A4FFC2AC2A4C}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=HP Smart|Desc=HP Smart|LUOwn=S-1-5-21-3183174187-342176784-3280352271-1001|AppPkgId=S-1-15-2-744533573-2444454674-265863901-3215465728-4115286053-1341080355-789689510|EmbedCtxt=HP Smart|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{DE45EBDA-E5CC-467D-AA8A-0698B0501E33}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Bonjour\mDNSResponder.exe|Name=Service Bonjour| "{F8796CD5-980D-4C66-833C-7061B4C66D9A}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Bonjour\mDNSResponder.exe|Name=Service Bonjour| "{F0E7B645-4C30-45EB-AA98-C94B9969EDBD}"=v2.27|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Apowersoft\ApowerMirror\ApowerMirror.exe|Name=ApowerMirror| "{FB816301-3BFB-477B-9609-794160673F77}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\Apowersoft\ApowerMirror\ApowerMirror.exe|Name=ApowerMirror| "{126B04DA-9766-466D-A6C3-BDCBAC5AC5EF}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Private|App=C:\Program Files\Blackmagic Design\DaVinci Resolve\Resolve.exe|Name=DaVinciResolve| "{1E2D4F8C-BF1F-4B4D-8A13-C029BA235B79}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Private|App=C:\Program Files\Blackmagic Design\DaVinci Resolve\bmdpaneld.exe|Name=DaVinciResolveBmdpaneld| "{CBFFB960-4EAD-4197-B672-D2DD020C7A98}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Private|App=C:\Program Files\Blackmagic Design\DaVinci Resolve\DaVinciPanelDaemon.exe|Name=DaVinciResolvePanel| "{EE902E25-1EE9-4B92-AA3A-8C899215E858}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Private|App=C:\Program Files\Blackmagic Design\DaVinci Resolve\JLCooperPanelDaemon.exe|Name=DaVinciResolveJLCooper| "{724E2204-C455-43F4-8D58-711231D5A6F7}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Private|App=C:\Program Files\Blackmagic Design\DaVinci Resolve\EuphonixPanelDaemon.exe|Name=DaVinciResolveEuphonix| "{695F8CF0-E531-4FAD-8F1D-40B8ED60D620}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Private|App=C:\Program Files\Blackmagic Design\DaVinci Resolve\TangentPanelDaemon.exe|Name=DaVinciResolveTangent| "{BE62EBC9-A8C9-4FDE-A298-B7251C445141}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Private|App=C:\Program Files\Blackmagic Design\DaVinci Resolve\ElementsPanelDaemon.exe|Name=DaVinciResolveElements| "{ACA60831-90D5-4AA3-A7D6-614207537027}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Private|App=C:\Program Files\Blackmagic Design\DaVinci Resolve\OxygenPanelDaemon.exe|Name=DaVinciResolveOxygen| "{049BA76A-97A1-49E9-86D0-5AF29FCE5001}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Private|App=C:\Program Files\Blackmagic Design\DaVinci Resolve\DPDecoder.exe|Name=DaVinciResolveDpdecoder| "{5B7A7698-75AB-42FE-A1A6-C88F24ED7E69}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|App=C:\Program Files\Unity\Editor\Unity.exe|Name=Unity 2017.3.1f1 Editor| "{46B9FCC1-1C04-419A-8793-1DAD570D8409}"=v2.27|Action=Block|Active=TRUE|Dir=In|Profile=Public|App=C:\Program Files\Unity\Editor\Unity.exe|Name=Unity 2017.3.1f1 Editor| "{8D5E9E21-0B47-4DA9-B6FD-68C2B6DDB148}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|App=C:\Program Files\Unity\Editor\Data\Tools\nodejs\node.exe|Name=Unity 2017.3.1f1 Package Manager| "{1BB43E88-5562-4E0C-9F6C-19BEBE5A0D3D}"=v2.27|Action=Block|Active=TRUE|Dir=In|Profile=Public|App=C:\Program Files\Unity\Editor\Data\Tools\nodejs\node.exe|Name=Unity 2017.3.1f1 Package Manager| "TCP Query User{C1CEE15B-F7A1-477C-AEFE-469C941693B6}C:\program files (x86)\java\jre1.8.0_161\bin\javaw.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files (x86)\java\jre1.8.0_161\bin\javaw.exe|Name=Java(TM) Platform SE binary|Desc=Java(TM) Platform SE binary|Defer=User| "UDP Query User{25F8F28E-B600-497B-8EA5-879AAB030C25}C:\program files (x86)\java\jre1.8.0_161\bin\javaw.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files (x86)\java\jre1.8.0_161\bin\javaw.exe|Name=Java(TM) Platform SE binary|Desc=Java(TM) Platform SE binary|Defer=User| "{36AEFDCE-7A48-4EEE-8B64-A9B56EB9B135}"=v2.27|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files (x86)\java\jre1.8.0_161\bin\javaw.exe|Name=Java(TM) Platform SE binary|Desc=Java(TM) Platform SE binary| "{ADDDB750-6DBD-46BA-A834-0A70B6CE0EC8}"=v2.27|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files (x86)\java\jre1.8.0_161\bin\javaw.exe|Name=Java(TM) Platform SE binary|Desc=Java(TM) Platform SE binary| "TCP Query User{73B24AD1-4C41-4B1D-8118-316B30622C7C}C:\users\ligma\documents\citra\citra jit (dec 1) gdmk\citra jit (dec 1) gdmk\citra-qt-gcc-24.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=C:\users\ligma\documents\citra\citra jit (dec 1) gdmk\citra jit (dec 1) gdmk\citra-qt-gcc-24.exe|Name=citra-qt-gcc-24.exe|Desc=citra-qt-gcc-24.exe| "UDP Query User{A0A636C1-B3C0-4669-BC74-946C99247EA8}C:\users\ligma\documents\citra\citra jit (dec 1) gdmk\citra jit (dec 1) gdmk\citra-qt-gcc-24.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=C:\users\ligma\documents\citra\citra jit (dec 1) gdmk\citra jit (dec 1) gdmk\citra-qt-gcc-24.exe|Name=citra-qt-gcc-24.exe|Desc=citra-qt-gcc-24.exe| "TCP Query User{9577929E-9B06-400A-8039-D3ECCE6BBE18}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe|Name=League of Legends|Desc=League of Legends|Defer=User| "UDP Query User{24E46328-43A0-4054-9B7D-561E97A8BDB1}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe|Name=League of Legends|Desc=League of Legends|Defer=User| "{4E0C8D6B-94C2-4B78-8182-07632FB26524}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\TeamViewer\TeamViewer.exe|Name=Teamviewer Remote Control Application| "{4EA56EC7-20D3-48AE-A03C-42124D15EF9E}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\TeamViewer\TeamViewer.exe|Name=Teamviewer Remote Control Application| "{DB091716-FA59-473A-A255-721DC1FCAB9B}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe|Name=Teamviewer Remote Control Service| "{8D0227CF-BA7D-4CE4-A389-9340DDBE61BF}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe|Name=Teamviewer Remote Control Service| "{7E12BF85-34C2-49B7-9238-F0FC06773A90}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Shell Input Application|Desc=Shell Input Application|LUOwn=S-1-5-21-3183174187-342176784-3280352271-1001|AppPkgId=S-1-15-2-3945102849-3632965805-3846928828-240845225-3300287824-62672950-817265009|EmbedCtxt=Shell Input Application|Platform=2:6:2|Platform2=GTEQ| "{9F369259-DC29-4166-8C81-3844EA733923}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files (x86)\Google\Chrome\Application\chrome.exe|Name=Google Chrome (mDNS-In)|Desc=Règle de trafic entrant pour Google Chrome autorisant le trafic mDNS|EmbedCtxt=Google Chrome| "TCP Query User{2421BDE7-686E-4425-980D-3C106C889625}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe|Name=League of Legends|Desc=League of Legends|Defer=User| "UDP Query User{F54ECCD4-121C-4A21-9EF2-ED7DE9EE721D}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe|Name=League of Legends|Desc=League of Legends|Defer=User| "{AEE2EE27-E9AF-4AD5-BA44-46B393F0AF49}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Print 3D|Desc=Print 3D|LUOwn=S-1-5-21-3183174187-342176784-3280352271-1001|AppPkgId=S-1-15-2-4177018473-2823706547-3652141868-2730301309-560159678-43221128-488844051|EmbedCtxt=Print 3D|Platform=2:6:2|Platform2=GTEQ| "{C8B46CCF-10AC-47BC-84B1-EA934FBE3760}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Print 3D|Desc=Print 3D|LUOwn=S-1-5-21-3183174187-342176784-3280352271-1001|AppPkgId=S-1-15-2-4177018473-2823706547-3652141868-2730301309-560159678-43221128-488844051|EmbedCtxt=Print 3D|Platform=2:6:2|Platform2=GTEQ| "{64DEC60D-9DC8-4FBD-AA39-A0B73870794A}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files (x86)\Vivaldi\Application\vivaldi.exe|Name=Vivaldi (mDNS-In)|Desc=Règle de trafic entrant pour Vivaldi autorisant le trafic mDNS|EmbedCtxt=Vivaldi| "{3DAC8BCF-E7E0-419A-8C91-A8C57991E454}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Pay|Desc=Microsoft Pay|LUOwn=S-1-5-21-3183174187-342176784-3280352271-1001|AppPkgId=S-1-15-2-567501097-281763132-502764112-1855211022-3143306454-2372101908-561929011|EmbedCtxt=Microsoft Pay|Platform=2:6:2|Platform2=GTEQ| "{FEF5971B-73E8-4306-B236-0A86BF90EEB2}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox|Desc=Xbox|LUOwn=S-1-5-21-3183174187-342176784-3280352271-1001|AppPkgId=S-1-15-2-4153522205-3718366397-1353898457-1332184198-1210887116-3116787857-2103916698|EmbedCtxt=Xbox|Platform=2:6:2|Platform2=GTEQ| "{701FF359-1A5C-479A-AABE-E2804D2DD75C}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox|Desc=Xbox|LUOwn=S-1-5-21-3183174187-342176784-3280352271-1001|AppPkgId=S-1-15-2-4153522205-3718366397-1353898457-1332184198-1210887116-3116787857-2103916698|EmbedCtxt=Xbox|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{B1C9AC1E-9B4F-4524-BDBE-BE5CEFC15E4B}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Sticky Notes|Desc=Microsoft Sticky Notes|LUOwn=S-1-5-21-3183174187-342176784-3280352271-1001|AppPkgId=S-1-15-2-3539788797-2700867667-1432428195-1581642-2885308443-3834444517-2495346167|EmbedCtxt=Microsoft Sticky Notes|Platform=2:6:2|Platform2=GTEQ| "{6582ED4D-8067-4333-B01B-161A5B2BE77D}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Microsoft Sticky Notes|Desc=Microsoft Sticky Notes|LUOwn=S-1-5-21-3183174187-342176784-3280352271-1001|AppPkgId=S-1-15-2-3539788797-2700867667-1432428195-1581642-2885308443-3834444517-2495346167|EmbedCtxt=Microsoft Sticky Notes|Platform=2:6:2|Platform2=GTEQ| "{CE7A0B66-530C-43C2-8EF6-E182B45177BD}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-3183174187-342176784-3280352271-1001|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ| "{68974844-66AF-4229-B053-61878E2A1261}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-3183174187-342176784-3280352271-1001|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ| "TCP Query User{B70343A3-728A-4F4C-9544-38136FA21A1B}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe|Name=League of Legends|Desc=League of Legends|Defer=User| "UDP Query User{CFA5D614-6DAF-41F7-9936-B5CDCBA171D2}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe|Name=League of Legends|Desc=League of Legends|Defer=User| "{4F5B4D7F-1CE3-4B12-9F57-BA11C269FDCD}"=v2.27|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe|Name=League of Legends|Desc=League of Legends| "{E97885D6-DE5F-4621-A667-CF6A830543F1}"=v2.27|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe|Name=League of Legends|Desc=League of Legends| "{6E34AC0D-DB60-46D6-BFD3-54DEA74AE511}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=3D Builder|Desc=3D Builder|LUOwn=S-1-5-21-3183174187-342176784-3280352271-1001|AppPkgId=S-1-15-2-3995430443-3719053022-3339397951-2895237338-2437516106-1575886070-2755610054|EmbedCtxt=3D Builder|Platform=2:6:2|Platform2=GTEQ| "{1EF73E16-9A07-4CFA-ADC0-19C949C10124}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Twitter|Desc=Twitter|LUOwn=S-1-5-21-3183174187-342176784-3280352271-1001|AppPkgId=S-1-15-2-1063257880-1914585122-1954150059-946145533-116938067-416079064-1690466945|EmbedCtxt=Twitter|Platform=2:6:2|Platform2=GTEQ| "{FF70CEA4-F712-4CBB-8B5B-C6E5EECFEF90}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort2_10=4371-4379|App=C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.77.338.0_x86__zpdnekdrzrea0\Spotify.exe|Name=Spotify Music|Desc=Spotify Music|EmbedCtxt={78E1CD88-49E3-476E-B926-580E596AD309}| "{54C50DF9-7391-4AF6-B43B-D468A4567B14}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort2_10=4381-4389|App=C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.77.338.0_x86__zpdnekdrzrea0\Spotify.exe|Name=Spotify Music|Desc=Spotify Music|EmbedCtxt={78E1CD88-49E3-476E-B926-580E596AD309}| "{FEE6F97D-0918-402A-80B8-01BFD37F0554}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=8088|App=C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.77.338.0_x86__zpdnekdrzrea0\Spotify.exe|Name=Spotify Music|Desc=Spotify Music|EmbedCtxt={78E1CD88-49E3-476E-B926-580E596AD309}| "{70CF4E6B-E5AC-4509-A441-37D9D8707F8D}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=8088|App=C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.77.338.0_x86__zpdnekdrzrea0\Spotify.exe|Name=Spotify Music|Desc=Spotify Music|EmbedCtxt={78E1CD88-49E3-476E-B926-580E596AD309}| "{A8D7DB00-D634-4503-9A06-BAF929E09C7D}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=57621|App=C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.77.338.0_x86__zpdnekdrzrea0\Spotify.exe|Name=Spotify Music|Desc=Spotify Music|EmbedCtxt={78E1CD88-49E3-476E-B926-580E596AD309}| "{11F750A6-4AE6-4A23-92E8-39A467E71C2A}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort2_10=57621-57631|App=C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.77.338.0_x86__zpdnekdrzrea0\Spotify.exe|Name=Spotify Music|Desc=Spotify Music|EmbedCtxt={78E1CD88-49E3-476E-B926-580E596AD309}| "{92EA13C4-ACAA-42C2-8B2A-8F3810BE17C1}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.77.338.0_x86__zpdnekdrzrea0\Spotify.exe|Name=Spotify Music|Desc=Spotify Music|EmbedCtxt={78E1CD88-49E3-476E-B926-580E596AD309}| "{FA3157AD-787D-45E6-9489-722862ADF5A4}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.77.338.0_x86__zpdnekdrzrea0\Spotify.exe|Name=Spotify Music|Desc=Spotify Music|EmbedCtxt={78E1CD88-49E3-476E-B926-580E596AD309}| "{6426D9BE-C3A3-4613-A069-350C52E70650}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=4370|App=C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.77.338.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe|Name=Spotify Music|Desc=Spotify Music|EmbedCtxt={78E1CD88-49E3-476E-B926-580E596AD309}| "{4201F705-0B56-44DB-8C3A-CCC53073EBBE}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=4380|App=C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.77.338.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe|Name=Spotify Music|Desc=Spotify Music|EmbedCtxt={78E1CD88-49E3-476E-B926-580E596AD309}| "TCP Query User{749D614F-0BA6-45BB-8647-8E54C169633B}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.139\deploy\leagueclient.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.139\deploy\leagueclient.exe|Name=League of Legends|Desc=League of Legends|Defer=User| "UDP Query User{3B01E90B-5073-465D-8E79-D757911718BE}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.139\deploy\leagueclient.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.139\deploy\leagueclient.exe|Name=League of Legends|Desc=League of Legends|Defer=User| "{457B69AC-7941-4DF1-B015-7EC9A4C08CB0}"=v2.27|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe|Svc=ESRV_SVC_QUEENCREEK|Name=Intel(R) System Usage Report - (QUEENCREEK Public UDP-In)|Desc=Deny inbound UDP traffic to Intel(R) System Usage Report QUEENCREEK on public networks.| "{85ABADDA-3AF1-4C1C-8836-248251C78382}"=v2.27|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe|Svc=ESRV_SVC_QUEENCREEK|Name=Intel(R) System Usage Report - (QUEENCREEK Public TCP-In)|Desc=Deny inbound TCP traffic to Intel(R) System Usage Report QUEENCREEK on public networks.| "{0090A4C7-8B16-4252-A70E-33EA1F5D18DC}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe|Svc=ESRV_SVC_QUEENCREEK|Name=Intel(R) System Usage Report - (QUEENCREEK Private SSDP-In)|Desc=Allow inbound SSDP traffic to Intel(R) System Usage Report QUEENCREEK on private networks.| "{4531E24C-67FF-4AEE-A183-FA29619517E4}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe|Svc=ESRV_SVC_QUEENCREEK|Name=Intel(R) System Usage Report - (QUEENCREEK Private TCP-In)|Desc=Allow inbound TCP traffic to Intel(R) System Usage Report QUEENCREEK on private networks.| "{BC26413D-7157-45F5-8A3E-4B2D8F414D11}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Spotify Music|Desc=Spotify Music|LUOwn=S-1-5-21-3183174187-342176784-3280352271-1001|AppPkgId=S-1-15-2-557819504-3144503769-3460048582-2468406004-2969798954-3397036932-4166026031|EmbedCtxt=Spotify Music|Platform=2:6:2|Platform2=GTEQ| "{0F3FC0A4-9C9E-48D7-A328-BD5072DA2A93}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=67|IF={ADAEE406-8438-40E8-95A6-C76ED2CCAAFA}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-144|Desc=@ipnathlp.dll,-10143|EmbedCtxt=@ipnathlp.dll,-140| "{93AE0BCF-929E-4DD1-BD4B-E705A287D236}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=68|IF={ADAEE406-8438-40E8-95A6-C76ED2CCAAFA}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-145|Desc=@ipnathlp.dll,-10144|EmbedCtxt=@ipnathlp.dll,-140| "{B9782141-12A0-48D1-A48F-D8DF22D2B0D6}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|IF={ADAEE406-8438-40E8-95A6-C76ED2CCAAFA}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-151|Desc=@ipnathlp.dll,-10149|EmbedCtxt=@ipnathlp.dll,-140| "{A21CD329-5F68-4FD5-9C39-934AAA7A6757}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=67|IF={ADAEE406-8438-40E8-95A6-C76ED2CCAAFA}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-144|Desc=@ipnathlp.dll,-10143|EmbedCtxt=@ipnathlp.dll,-140| "{7721A44E-7567-4EE5-BD64-4713D3EA76B2}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=68|IF={ADAEE406-8438-40E8-95A6-C76ED2CCAAFA}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-145|Desc=@ipnathlp.dll,-10144|EmbedCtxt=@ipnathlp.dll,-140| "{7612A508-454D-4590-9FC1-3C12776EFBB4}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|IF={ADAEE406-8438-40E8-95A6-C76ED2CCAAFA}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-151|Desc=@ipnathlp.dll,-10149|EmbedCtxt=@ipnathlp.dll,-140| "{C4EB51D0-F513-4889-BAB1-082CE6AAE56E}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=67|IF={ADAEE406-8438-40E8-95A6-C76ED2CCAAFA}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-144|Desc=@ipnathlp.dll,-10143|EmbedCtxt=@ipnathlp.dll,-140| "{7FCC2061-64F8-4C6A-A137-8B7EC3ED85AD}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=68|IF={ADAEE406-8438-40E8-95A6-C76ED2CCAAFA}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-145|Desc=@ipnathlp.dll,-10144|EmbedCtxt=@ipnathlp.dll,-140| "{65C0FE19-F154-4556-9796-CBC4E5F4B626}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|IF={ADAEE406-8438-40E8-95A6-C76ED2CCAAFA}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-151|Desc=@ipnathlp.dll,-10149|EmbedCtxt=@ipnathlp.dll,-140| "{7421D306-B37D-4012-83CA-9FC5D17B0AC8}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=8 Zip Lite - unpack RAR, ZIP, 7z for free|Desc=8 Zip Lite - unpack RAR, ZIP, 7z for free|LUOwn=S-1-5-21-3183174187-342176784-3280352271-1001|AppPkgId=S-1-15-2-1084438585-2224167913-4113159873-3505449923-2016892550-1369835033-677642764|EmbedCtxt=8 Zip Lite - unpack RAR, ZIP, 7z for free|Platform=2:6:2|Platform2=GTEQ| "{8669F049-470C-463E-8822-156A7CE5CE79}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=67|IF={ADAEE406-8438-40E8-95A6-C76ED2CCAAFA}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-144|Desc=@ipnathlp.dll,-10143|EmbedCtxt=@ipnathlp.dll,-140| "{0D2E8814-20A7-4286-BA3B-4866561ECF11}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=68|IF={ADAEE406-8438-40E8-95A6-C76ED2CCAAFA}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-145|Desc=@ipnathlp.dll,-10144|EmbedCtxt=@ipnathlp.dll,-140| "{41CC01AC-0E44-457A-94C4-E4E71D09D82D}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|IF={ADAEE406-8438-40E8-95A6-C76ED2CCAAFA}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-151|Desc=@ipnathlp.dll,-10149|EmbedCtxt=@ipnathlp.dll,-140| "{1E0C6328-2D0D-45CC-A63D-70523519F077}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=67|IF={ADAEE406-8438-40E8-95A6-C76ED2CCAAFA}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-144|Desc=@ipnathlp.dll,-10143|EmbedCtxt=@ipnathlp.dll,-140| "{B6C10289-55FE-4DED-8C2A-8BECDBEF064E}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=68|IF={ADAEE406-8438-40E8-95A6-C76ED2CCAAFA}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-145|Desc=@ipnathlp.dll,-10144|EmbedCtxt=@ipnathlp.dll,-140| "{703FBCCD-A4F1-4A5D-9227-75C40EEFA875}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|IF={ADAEE406-8438-40E8-95A6-C76ED2CCAAFA}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-151|Desc=@ipnathlp.dll,-10149|EmbedCtxt=@ipnathlp.dll,-140| "{CC79390C-DFE5-466C-ABAA-AEBB3F26957C}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=67|IF={ADAEE406-8438-40E8-95A6-C76ED2CCAAFA}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-144|Desc=@ipnathlp.dll,-10143|EmbedCtxt=@ipnathlp.dll,-140| "{6710E44D-791B-4583-B28B-D104CBFC042D}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=68|IF={ADAEE406-8438-40E8-95A6-C76ED2CCAAFA}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-145|Desc=@ipnathlp.dll,-10144|EmbedCtxt=@ipnathlp.dll,-140| "{EF5411EC-B015-4FEA-8803-DCF22D057BE0}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|IF={ADAEE406-8438-40E8-95A6-C76ED2CCAAFA}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-151|Desc=@ipnathlp.dll,-10149|EmbedCtxt=@ipnathlp.dll,-140| "{A13E67EC-E6B8-40DD-8A9C-7B1B36EE80F4}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=67|IF={ADAEE406-8438-40E8-95A6-C76ED2CCAAFA}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-144|Desc=@ipnathlp.dll,-10143|EmbedCtxt=@ipnathlp.dll,-140| "{D3759EEA-D8C9-4897-BABB-C6D7917A710E}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=68|IF={ADAEE406-8438-40E8-95A6-C76ED2CCAAFA}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-145|Desc=@ipnathlp.dll,-10144|EmbedCtxt=@ipnathlp.dll,-140| "{BBE1CBD8-0F60-455A-925B-99ACC1AB218C}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|IF={ADAEE406-8438-40E8-95A6-C76ED2CCAAFA}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-151|Desc=@ipnathlp.dll,-10149|EmbedCtxt=@ipnathlp.dll,-140| "{8246455A-31EF-43AE-AF8C-56C3A6E6F3A4}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=67|IF={ADAEE406-8438-40E8-95A6-C76ED2CCAAFA}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-144|Desc=@ipnathlp.dll,-10143|EmbedCtxt=@ipnathlp.dll,-140| "{265B4D2D-7EA4-4141-8A32-370575FA211E}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=68|IF={ADAEE406-8438-40E8-95A6-C76ED2CCAAFA}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-145|Desc=@ipnathlp.dll,-10144|EmbedCtxt=@ipnathlp.dll,-140| "{2B34BEE9-9251-4541-9FD3-B04E1799AA3D}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|IF={ADAEE406-8438-40E8-95A6-C76ED2CCAAFA}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-151|Desc=@ipnathlp.dll,-10149|EmbedCtxt=@ipnathlp.dll,-140| "{D4039CC6-0A0D-4255-AD65-5DF08C84025C}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=67|IF={ADAEE406-8438-40E8-95A6-C76ED2CCAAFA}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-144|Desc=@ipnathlp.dll,-10143|EmbedCtxt=@ipnathlp.dll,-140| "{0F2B24A3-C262-41CE-9B1A-940FB6D94D4E}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=68|IF={ADAEE406-8438-40E8-95A6-C76ED2CCAAFA}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-145|Desc=@ipnathlp.dll,-10144|EmbedCtxt=@ipnathlp.dll,-140| "{525DE522-0416-4599-99BB-88E1B3C9E6BA}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|IF={ADAEE406-8438-40E8-95A6-C76ED2CCAAFA}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-151|Desc=@ipnathlp.dll,-10149|EmbedCtxt=@ipnathlp.dll,-140| "{14C36082-F618-4172-A438-A58AA4D07298}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=67|IF={ADAEE406-8438-40E8-95A6-C76ED2CCAAFA}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-144|Desc=@ipnathlp.dll,-10143|EmbedCtxt=@ipnathlp.dll,-140| "{CACD83A1-7977-41A3-B080-2636D13D62AB}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=68|IF={ADAEE406-8438-40E8-95A6-C76ED2CCAAFA}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-145|Desc=@ipnathlp.dll,-10144|EmbedCtxt=@ipnathlp.dll,-140| "{E42D8322-5ED0-4439-B477-93329F5E00C3}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|IF={ADAEE406-8438-40E8-95A6-C76ED2CCAAFA}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-151|Desc=@ipnathlp.dll,-10149|EmbedCtxt=@ipnathlp.dll,-140| "{8DF682F4-B4DD-40BB-AA4C-33A0C40F4BD0}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=67|IF={ADAEE406-8438-40E8-95A6-C76ED2CCAAFA}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-144|Desc=@ipnathlp.dll,-10143|EmbedCtxt=@ipnathlp.dll,-140| "{28027174-6A44-47D2-977C-8821935AB51F}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=68|IF={ADAEE406-8438-40E8-95A6-C76ED2CCAAFA}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-145|Desc=@ipnathlp.dll,-10144|EmbedCtxt=@ipnathlp.dll,-140| "{31CF79BE-55F4-4CFE-AEAB-AC81162784ED}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|IF={ADAEE406-8438-40E8-95A6-C76ED2CCAAFA}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-151|Desc=@ipnathlp.dll,-10149|EmbedCtxt=@ipnathlp.dll,-140| ---------- | Control\Class [HKLM\SYSTEM\CurrentControlSet\Control\Class\{05f5cfe2-4733-4950-a6bb-07aad01a3a84}] : (XboxComposite) [] -> @dc1-controller.inf,%ClassName%;Xbox Peripherals [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1264760F-A5C8-4BFE-B314-D56A7B44A362}] : (DXGKrnl) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{13e42dfa-85d9-424d-8646-28a70f864f9c}] : (RemotePosDevice) [] -> @remoteposdrv.inf,%ClassName%;POS Remote Device [HKLM\SYSTEM\CurrentControlSet\Control\Class\{14b62f50-3f15-11dd-ae16-0800200c9a66}] : (DigitalMediaDevices) [] -> @digitalmediadevice.inf,%ClassName%;Digital Media Devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}] : (PrintQueue) [] -> @printqueue.inf,%ClassName%;Print queues [HKLM\SYSTEM\CurrentControlSet\Control\Class\{25dbce51-6c8f-4a72-8a6d-b54c2b4fc835}] : (WCEUSBS) [] -> @%SystemRoot%\System32\SysClass.Dll,-3026 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{268c95a1-edfe-11d3-95c3-0010dc4050a5}] : (SecurityAccelerator) [] -> @c_sslaccel.inf,%ClassName%;Security accelerators [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2a9fe532-0cdc-44f9-9827-76192f2ca2fb}] : (HidMsr) [] -> @c_magneticstripereader.inf,%ClassName%;POS HID Magnetic Stripe Reader [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2db15374-706e-4131-a0c7-d7c78eb0289a}] : (SystemRecovery) [] -> @c_fssystemrecovery.inf,%ClassDesc%;FS System recovery filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2EA9B43F-3045-43B5-80F2-FD06C55FBB90}] : (vhdmp) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B648}] : (fvevol) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B649}] : (fvevol) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{36fc9e60-c465-11cf-8056-444553540000}] : (USB) [] -> @%SystemRoot%\System32\SysClass.Dll,-3025 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3e3f0674-c83c-4558-bb26-9820e1eba5c5}] : (ContentScreener) [] -> @c_fscontentscreener.inf,%ClassDesc%;FS Content screener filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3f966bd9-fa04-4ec5-991c-d326973b5128}] : (AndroidUsbDeviceClass) [] -> @oem24.inf,%ClassName%;SAMSUNG Android Phone [HKLM\SYSTEM\CurrentControlSet\Control\Class\{43675d81-502a-4a82-9f84-b75f418c5dea}] : (Media Center Extender) [] -> @c_mcx.inf,%ClassDesc%;Media Center Extenders [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4658ee7e-f050-11d1-b6bd-00c04fa372a7}] : (PnpPrinters) [] -> @%SystemRoot%\system32\ntprint.dll,-1300 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{48721b56-6795-11d2-b1a8-0080c72e74a2}] : (Dot4) [] -> @%SystemRoot%\system32\sysclass.dll,-3023 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{48d3ebc4-4cf8-48ff-b869-9c68ad42eb9f}] : (Replication) [] -> @c_fsreplication.inf,%ClassDesc%;FS Replication filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{49ce6ac8-6f86-11d2-b1e5-0080c72e74a2}] : (Dot4Print) [] -> @%SystemRoot%\system32\sysclass.dll,-3024 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e965-e325-11ce-bfc1-08002be10318}] : (CDROM) [] -> @%SystemRoot%\System32\StorProp.dll,-17001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e966-e325-11ce-bfc1-08002be10318}] : (Computer) [] -> @%SystemRoot%\System32\SysClass.dll,-3000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}] : (DiskDrive) [] -> @c_diskdrive.inf,%ClassDesc%;Disk drives [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}] : (Display) [] -> @c_display.inf,%ClassDesc%;Display adapters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e969-e325-11ce-bfc1-08002be10318}] : (FDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3013 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96a-e325-11ce-bfc1-08002be10318}] : (HDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96b-e325-11ce-bfc1-08002be10318}] : (Keyboard) [] -> @%SystemRoot%\System32\SysClass.Dll,-3002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96c-e325-11ce-bfc1-08002be10318}] : (MEDIA) [] -> @%SystemRoot%\System32\mmci.dll,-3000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}] : (Modem) [] -> @%SystemRoot%\System32\mdminst.dll,-14100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96e-e325-11ce-bfc1-08002be10318}] : (Monitor) [] -> @c_monitor.inf,%ClassDesc%;Monitors [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96f-e325-11ce-bfc1-08002be10318}] : (Mouse) [] -> @%SystemRoot%\System32\SysClass.Dll,-3004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e970-e325-11ce-bfc1-08002be10318}] : (MTD) [] -> @%SystemRoot%\System32\SysClass.Dll,-3021 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e971-e325-11ce-bfc1-08002be10318}] : (MultiFunction) [] -> @%SystemRoot%\System32\SysClass.Dll,-3014 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}] : (Net) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1502 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e973-e325-11ce-bfc1-08002be10318}] : (NetClient) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1504 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e974-e325-11ce-bfc1-08002be10318}] : (NetService) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1505 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e975-e325-11ce-bfc1-08002be10318}] : (NetTrans) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1503 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e977-e325-11ce-bfc1-08002be10318}] : (PCMCIA) [] -> @%SystemRoot%\System32\SysClass.Dll,-3010 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e978-e325-11ce-bfc1-08002be10318}] : (Ports) [] -> @%SystemRoot%\System32\msports.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e979-e325-11ce-bfc1-08002be10318}] : (Printer) [] -> @%SystemRoot%\system32\ntprint.dll,-1004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97b-e325-11ce-bfc1-08002be10318}] : (SCSIAdapter) [] -> @%SystemRoot%\System32\SysClass.Dll,-3005 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97d-e325-11ce-bfc1-08002be10318}] : (System) [] -> @%SystemRoot%\System32\SysClass.Dll,-3008 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97e-e325-11ce-bfc1-08002be10318}] : (Unknown) [] -> @%SystemRoot%\System32\SysClass.Dll,-3009 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e980-e325-11ce-bfc1-08002be10318}] : (FloppyDisk) [] -> @%SystemRoot%\System32\SysClass.Dll,-3015 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4fc9541c-0fe6-4480-a4f6-9495a0d17cd2}] : (HidLineDisplay) [] -> @c_linedisplay.inf,%ClassName%;POS Line Display [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50127dc3-0f36-415e-a6cc-4cb3be910b65}] : (Processor) [] -> @c_processor.inf,%ClassDesc%;Processors [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50906cb8-ba12-11d1-bf5d-0000f805f530}] : (MultiPortSerial) [] -> @%SystemRoot%\system32\sysclass.dll,-3022 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5099944a-f6b9-4057-a056-8c550228544c}] : (Memory) [] -> @%SystemRoot%\System32\SysClass.Dll,-3018 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50dd5230-ba8a-11d1-bf5d-0000f805f530}] : (SmartCardReader) [] -> @%SystemRoot%\System32\StorProp.dll,-17002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5175d334-c371-4806-b3ba-71fd53c9258d}] : (Sensor) [] -> @%SystemRoot%\system32\SensorsCpl.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{533c5b84-ec70-11d2-9505-00c04f79deaf}] : (VolumeSnapshot) [] -> @%SystemRoot%\System32\SysClass.Dll,-3011 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53487c23-680f-4585-acc3-1f10d6777e82}] : (SmrDisk) [] -> @c_smrdisk.inf,%ClassDesc%;Shingled magnetic recording disks [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53966cb1-4d46-4166-bf23-c522403cd495}] : (ScmDisk) [] -> @c_scmdisk.inf,%ClassDesc%;Persistent memory disks [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53b3cf03-8f5a-4788-91b6-d19ed9fcccbf}] : (SmrVolume) [] -> @c_smrvolume.inf,%ClassDesc%;Shingled magnetic recording volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53ccb149-e543-4c84-b6e0-bce4f6b7e806}] : (ScmVolume) [] -> @c_scmvolume.inf,%ClassDesc%;Storage Class Memory volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53d29ef7-377c-4d14-864b-eb3a85769359}] : (Biometric) [] -> @%SystemRoot%\System32\SysClass.DLL,-3028 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5630831c-06c9-4856-b327-f5d32586e060}] : (Proximity) [] -> @c_proximity.inf,%ClassDesc%;Proximity devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5989fce8-9cd0-467d-8a6a-5419e31529d4}] : (AudioProcessingObject) [] -> @c_apo.inf,%ClassDesc%;Audio Processing Objects (APOs) [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5aea001d-9372-4ed7-97f3-b79bf15a53c5}] : (OposLegacyDevice) [] -> @oposdrv.inf,%ClassName%;OPOS Legacy Device [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5c4c3332-344d-483c-8739-259e934c9cc8}] : (SoftwareComponent) [] -> @c_swcomponent.inf,%ClassDesc%;Software components [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5c69eefe-3c1e-44ef-8501-f475f902fca7}] : (USB) [] -> @oem34.inf,%synusb64.SvcDesc%;eLicenser [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5d1b9aaa-01e2-46af-849f-272b3f324c46}] : (FSFilterSystem) [] -> @c_fssystem.inf,%ClassDesc%;FS System filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{62f9c741-b25a-46ce-b54c-9bccce08b6f2}] : (SoftwareDevice) [] -> @c_swdevice.inf,%ClassDesc%;Software devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{645ad99b-1344-4316-837a-08a3e73db222}] : (PerceptionSimulation) [] -> @PerceptionSimulationSixDof.inf,%ClassName%;Perception Simulation Controllers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6a0a8e78-bba6-4fc4-a709-1e33cd09d67e}] : (PhysicalQuotaManagement) [] -> @c_fsphysicalquotamgmt.inf,%ClassDesc%;FS Physical quota management filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc1-810f-11d0-bec7-08002be2092f}] : (1394) [] -> @%SystemRoot%\System32\SysClass.Dll,-3016 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc5-810f-11d0-bec7-08002be2092f}] : (Infrared) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1501 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc6-810f-11d0-bec7-08002be2092f}] : (Image) [] -> @%SystemRoot%\system32\sti_ci.dll,-52 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6d807884-7d21-11cf-801c-08002be10318}] : (TapeDrive) [] -> @%SystemRoot%\System32\SysClass.Dll,-3006 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6FAE73B7-B735-4B50-A0DA-0DC2484B1F1A}] : (BasicDisplay) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{71a27cdd-812a-11d0-bec7-08002be2092f}] : (Volume) [] -> @c_volume.inf,%ClassDesc%;Storage volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{71aa14f8-6fad-4622-ad77-92bb9d7e6947}] : (ContinuousBackup) [] -> @c_fscontinuousbackup.inf,%ClassDesc%;FS Continuous backup filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{72631e54-78a4-11d0-bcf7-00aa00b7b32a}] : (Battery) [] -> @%SystemRoot%\system32\powrprof.dll,-611 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{745a17a0-74d3-11d0-b6fe-00a0c90f57da}] : (HIDClass) [] -> @%SystemRoot%\System32\hid.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{772e18f2-8925-4229-a5ac-6453cb482fda}] : (HidCashDrawer) [] -> @c_cashdrawer.inf,%ClassName%;POS Cash Drawer [HKLM\SYSTEM\CurrentControlSet\Control\Class\{7ebefbc0-3200-11d2-b4c2-00a0c9697d07}] : (61883) [] -> @%SystemRoot%\System32\SysClass.Dll,-3019 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{81C87465-DE07-4EFC-9D93-61E891D52FD2}] : (RdpVideoMiniport) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8503c911-a6c7-4919-8f79-5028f5866b0c}] : (QuotaManagement) [] -> @c_fsquotamgmt.inf,%ClassDesc%;FS Quota management filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{87ef9ad1-8f70-49ee-b215-ab1fcadcbe3c}] : (NetDriver) [] -> @c_netdriver.inf,%ClassDesc%;Universal Network Drivers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{884B96C3-56EF-11D1-BC8C-00A0C91405DD}] : (vmkbd3) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{88a1c342-4539-11d3-b88d-00c04fad5171}] : (TS_Generic) [] -> @ts_generic.inf,%TSClassName%;Generic Remote Desktop devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{88bae032-5a81-49f0-bc3d-a4ff138216d6}] : (USBDevice) [] -> @%SystemRoot%\System32\SysClass.Dll,-3029 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{89786ff1-9c12-402f-9c9e-17753c7f4375}] : (CopyProtection) [] -> @c_fscopyprotection.inf,%ClassDesc%;FS Copy protection filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8ecc055d-047f-11d1-a537-0000f8753ed1}] : (LegacyDriver) [] -> @%SystemRoot%\System32\SysClass.Dll,-3003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{990a2bd7-e738-46c7-b26f-1cf8fb9f1391}] : (SmartCard) [] -> @%SystemRoot%\System32\SysClass.DLL,-3031 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{9da2b80f-f89f-4a49-a5c2-511b085b9e8a}] : (EhStorSilo) [] -> @rawsilo.inf,%ClassName%;IEEE 1667 silo and control devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a588a4-c46f-4b37-b7ea-c82fe89870c6}] : (SDHost) [] -> @%SystemRoot%\System32\SysClass.Dll,-3012 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a701c0-a511-42ff-aa6c-06dc0395576f}] : (Encryption) [] -> @c_fsencryption.inf,%ClassDesc%;FS Encryption filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{A3E32DBA-BA89-4F17-8386-2D0127FBD4CC}] : (rdpbus) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b1d1a169-c54f-4379-81db-bee7d88d7454}] : (AntiVirus) [] -> @c_fsantivirus.inf,%ClassDesc%;FS Anti-virus filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b86dff51-a31e-4bac-b3cf-e8cfe75c9fc2}] : (ActivityMonitor) [] -> @c_fsactivitymonitor.inf,%ClassDesc%;FS Activity monitor filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{bbbe8734-08fa-4966-b6a6-4e5ad010cdd7}] : (USBFunctionController) [] -> @%SystemRoot%\System32\SysClass.Dll,-3030 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c06ff265-ae09-48f0-812c-16753d7cba83}] : (AVC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3027 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c166523c-fe0c-4a94-a586-f1a80cfbbf3e}] : (AudioEndpoint) [] -> @audioendpoint.inf,%ClassName%;Audio inputs and outputs [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c243ffbd-3afc-45e9-b3d3-2ba18bc7ebc5}] : (BarcodeScanner) [] -> @c_barcodescanner.inf,%ClassName%;POS Barcode Scanner [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c30ecea0-11ef-4ef9-b02e-6af81e6e65c0}] : (WSDPrintDevice) [] -> @wsdprint.inf,%ClassName%;WSD Print Provider [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c7bc9b22-21f0-4f0d-9bb6-66c229b8cd33}] : (POSPrinter) [] -> @c_receiptprinter.inf,%ClassName%;POS Receipt Printer [HKLM\SYSTEM\CurrentControlSet\Control\Class\{ca3e7ab9-b4c3-4ae6-8251-579ef933890f}] : (Camera) [] -> @c_camera.inf,%ClassDesc%;Cameras [HKLM\SYSTEM\CurrentControlSet\Control\Class\{cdcf0939-b75b-4630-bf76-80f7ba655884}] : (CFSMetadataServer) [] -> @c_fscfsmetadataserver.inf,%ClassDesc%;FS CFS metadata server filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{ce5939ae-ebde-11d0-b181-0000f8753ec4}] : (MediumChanger) [] -> @%SystemRoot%\System32\StorProp.dll,-17003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d02bc3da-0c8e-4945-9bd5-f1883c226c8c}] : (SecurityEnhancer) [] -> @c_fssecurityenhancer.inf,%ClassDesc%;FS Security enhancer filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d421b08e-6d16-41ca-9c4d-9147e5ac98e0}] : (Miracast) [] -> @miradisp.inf,%ClassName%;Miracast display devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d48179be-ec20-11d1-b6b8-00c04fa372a7}] : (SBP2) [] -> @%SystemRoot%\System32\SysClass.Dll,-3017 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d546500a-2aeb-45f6-9482-f4b1799c3177}] : (HSM) [] -> @c_fshsm.inf,%ClassDesc%;FS HSM filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d612553d-06b1-49ca-8938-e39ef80eb16f}] : (Holographic) [] -> @c_holographic.inf,%ClassName%;Mixed Reality devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d61ca365-5af4-4486-998b-9db4734c6ca3}] : (XnaComposite) [] -> @xusb22.inf,%XUSB22.ClassName%;Xbox 360 Peripherals [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d94ee5d8-d189-4994-83d2-f68d7d41b0e6}] : (SecurityDevices) [] -> @%SystemRoot%\System32\SysClass.Dll,-3020 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{db4f6ddd-9c0e-45e4-9597-78dbbad0f412}] : (SmartCardFilter) [] -> @%SystemRoot%\System32\SysClass.DLL,-3032 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e0cbf06c-cd8b-4647-bb8a-263b43f0f974}] : (Bluetooth) [] -> @%SystemRoot%\system32\bthci.dll,-4001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e2f84ce7-8efa-411c-aa69-97454ca4cb57}] : (Extension) [] -> @c_extension.inf,%ClassDesc%;Extensions [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e55fa6f9-128c-4d04-abab-630c74b1453a}] : (Infrastructure) [] -> @c_fsinfrastructure.inf,%ClassDesc%;FS Infrastructure filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{eec5ad98-8080-425f-922a-dabf3de3f69a}] : (WPD) [] -> @%SystemRoot%\System32\wpd_ci.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f2e7dd72-6468-4e36-b6f1-6488f42c1b52}] : (Firmware) [] -> @c_firmware.inf,%ClassDesc%;Firmware [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f3586baf-b5aa-49b5-8d6c-0569284c639f}] : (Compression) [] -> @c_fscompression.inf,%ClassDesc%;FS Compression filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f72fe0d4-cbcb-407d-8814-9ed673d0dd6b}] : (USB) [] -> @oem21.inf,%ClassName%;ADB Interface [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f75a86c0-10d8-4c3a-b233-ed60e4cdfaac}] : (Virtualization) [] -> @c_fsvirtualization.inf,%ClassDesc%;FS Virtualization filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f8ecafa6-66d1-41a5-899b-66585d7216b7}] : (OpenFileBackup) [] -> @c_fsopenfilebackup.inf,%ClassDesc%;FS Open file backup filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{fe8f1572-c67a-48c0-bbac-0b5c6d66cafb}] : (Undelete) [] -> @c_fsundelete.inf,%ClassDesc%;FS Undelete filters [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5] -> elstrans.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) ---------- | Loaded modules (whitelist) [03/03/2018 12:14:40] - (1.14.7.0) - (AO Kaspersky Lab - Kaspersky Lab Anti-Rootkit Monitor) - C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [10/06/2016 05:41:26] - (4.0.74.0) - (AO Kaspersky Lab - Cryptographic Module Driver x64 (56 bit)) - C:\WINDOWS\system32\DRIVERS\cm_km.sys [13/01/2018 22:15:57] - (9.8.8.0) - (VMware, Inc. - VMware vSockets Service) - C:\WINDOWS\system32\DRIVERS\vsock.sys [30/09/2016 01:12:02] - (9.8.6.0) - (VMware, Inc. - VMware PCI VMCI Bus Device) - C:\WINDOWS\System32\drivers\vmci.sys [07/06/2016 22:33:14] - (12.0.0.6) - (AO Kaspersky Lab - Backup Disk Filter [fre_wnet_x64]) - C:\WINDOWS\system32\DRIVERS\klbackupdisk.sys [03/03/2018 14:16:24] - (10.8.5.0) - (AO Kaspersky Lab - Kaspersky Lab Boot Guard Driver) - C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [02/06/2016 02:43:38] - (6.8.0.67) - (AO Kaspersky Lab - Kaspersky Unified Driver) - C:\WINDOWS\system32\DRIVERS\kl1.sys [12/03/2017 01:05:16] - (12.0.129.62) - (AO Kaspersky Lab - klhk [fre_win8_x64]) - C:\WINDOWS\System32\drivers\klhk.sys [14/06/2016 23:23:44] - (12.0.0.8) - (AO Kaspersky Lab - Backup File Filter [fre_win8_x64]) - C:\WINDOWS\system32\DRIVERS\klbackupflt.sys [05/04/2017 20:25:20] - (12.0.31.0) - (AO Kaspersky Lab - Filter Core [fre_win8_x64]) - C:\WINDOWS\system32\DRIVERS\klflt.sys [31/05/2016 22:31:20] - (12.0.0.6) - (AO Kaspersky Lab - Format Recognizer [fre_wnet_x64]) - C:\WINDOWS\system32\DRIVERS\klpd.sys [05/04/2017 20:25:20] - (12.0.239.0) - (AO Kaspersky Lab - Core System Interceptors [fre_win8_x64]) - C:\WINDOWS\system32\DRIVERS\klif.sys [12/03/2017 01:05:16] - (14.0.0.16) - (AO Kaspersky Lab - Packet Network Filter [fre_win8_x64]) - C:\WINDOWS\system32\DRIVERS\klim6.sys [26/02/2018 16:45:40] - (5.2.8.21009) - (Oracle Corporation - VirtualBox NDIS 6.0 Lightweight Filter Driver) - C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [12/03/2017 01:05:16] - (12.0.0.39) - (AO Kaspersky Lab - WFP Network Connection Filter Driver [fre_win8_x64]) - C:\WINDOWS\system32\DRIVERS\klwtp.sys [20/01/2018 16:36:44] - (5.2.8.21009) - (Oracle Corporation - VirtualBox USB Monitor Driver) - C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys [20/01/2018 16:36:43] - (5.2.8.21009) - (Oracle Corporation - VirtualBox Support Driver) - C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys [14/06/2016 16:47:52] - (12.0.0.24) - (AO Kaspersky Lab - Network Processor [fre_wnet_x64]) - C:\WINDOWS\system32\DRIVERS\kneps.sys [16/01/2018 17:25:53] - (1.0.0.2) - (IObit.com - IMFCameraProtect) - C:\WINDOWS\system32\drivers\IMFCameraProtect.sys [07/06/2016 00:31:06] - (9.0.0.21) - (The OpenVPN Project - TAP-Windows Virtual Network Driver (NDIS 6.0)) - C:\WINDOWS\System32\drivers\kltap.sys [26/02/2018 16:45:32] - (5.2.8.21009) - (Oracle Corporation - VirtualBox NDIS 6.0 Host-Only Network Adapter Driver) - C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [08/01/2018 02:14:40] - (14.0.0.0) - (VMware, Inc. - VMware virtual network adapter driver (64-bit)) - C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys [08/01/2018 02:14:34] - (14.0.0.0) - (VMware, Inc. - VMware virtual network driver (64-bit)) - C:\WINDOWS\system32\DRIVERS\VMNET.SYS [29/09/2017 14:40:59] - (4.0.2.262) - (Qualcomm Atheros, Inc. - Qualcomm Atheros Extensible Wireless LAN device driver) - C:\WINDOWS\System32\drivers\Qcamain10x64.sys [18/05/2016 23:57:36] - (12.0.0.1) - (AO Kaspersky Lab - Keyboard Device Filter [fre_win8_x64]) - C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [01/02/2016 16:45:46] - (8.0.0.1) - (Acer Incorporated - LMDriver) - C:\WINDOWS\System32\drivers\LMDriver.sys [01/02/2016 16:45:46] - (8.0.0.1) - (Acer Incorporated - RadioShim) - C:\WINDOWS\System32\drivers\RadioShim.sys [07/06/2015 00:52:56] - (10.0.0.11) - (Kaspersky Lab ZAO - Mouse Device Filter [fre_win8_x64]) - C:\WINDOWS\system32\DRIVERS\klmouflt.sys [22/03/2016 03:12:56] - (12.56.0.4) - (ELAN Microelectronic Corp. - ELAN I2C Driver) - C:\WINDOWS\system32\DRIVERS\ETDI2C.sys [25/06/2016 23:57:00] - (10.0.0.256) - (Qualcomm Atheros - Qualcomm Atheros BtFilter Driver) - C:\WINDOWS\system32\DRIVERS\btfilter.sys [13/07/2017 22:39:42] - (10.0.15063.31235) - (Realsil Semiconductor Corporation - RTS USB READER Driver) - C:\WINDOWS\system32\Drivers\RtsUer.sys [08/01/2018 02:14:34] - (14.0.0.0) - (VMware, Inc. - VMware bridge driver (64-bit)) - C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys [13/01/2018 22:15:20] - (14.0.0.0) - (VMware, Inc. - VMware network application interface driver (64-bit)) - C:\WINDOWS\system32\DRIVERS\vmnetuserif.sys [13/01/2018 22:15:52] - (14.0.0.4) - (VMware, Inc. - VMware kernel driver) - C:\WINDOWS\system32\DRIVERS\vmx86.sys [13/01/2018 22:14:58] - (8.11.3.0) - (VMware, Inc. - VMware USB monitor) - C:\WINDOWS\system32\DRIVERS\hcmon.sys [31/05/2016 22:24:06] - (12.0.0.1) - (AO Kaspersky Lab - Virtual Disk [fre_wnet_x64]) - C:\WINDOWS\system32\DRIVERS\kldisk.sys [03/04/2018 10:28:15] - (0.0.0.46) - (AO Kaspersky Lab - Kernel heuristics engine) - C:\WINDOWS\System32\Drivers\klupd_klif_kimul.sys [03/03/2018 12:14:40] - (5.14.5.0) - (AO Kaspersky Lab - Kaspersky Lab Anti-Rootkit Engine) - C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [16/01/2018 16:58:40] - (1.0.0.8) - (IObit.com - ForceDelete) - C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\IMFForceDelete.sys [16/01/2018 16:58:40] - (1.0.0.3) - (IObit.com - ForceDelete) - C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\IMFDownProtect.sys [23/01/2018 19:30:46] - (1.0.0.20) - (IObit.com - IURegProcessFilter) - C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IURegProcessFilter.sys [28/01/2018 21:07:57] - (0.0.0.0) - ( -) - C:\WINDOWS\system32\drivers\semav6msr64.sys [03/03/2018 14:17:25] - (3.8.5.0) - (AO Kaspersky Lab - Kaspersky Lab Anti-Rootkit) - C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [23/01/2018 19:30:46] - (1.0.0.4) - (IObit.com - IUFileFilter) - C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUFileFilter.sys [09/03/2018 05:24:36] - (5.24.0.0) - (Sandboxie Holdings, LLC - Sandboxie Kernel Mode Driver) - C:\Program Files\Sandboxie\SbieDrv.sys ---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service S0 - [Kernel Driver] - 3ware () -> System32\drivers\3ware.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - ACPI (@acpi.inf,%ACPI.SvcDesc%;Microsoft ACPI Driver) -> System32\drivers\ACPI.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - acpiex (Microsoft ACPIEx Driver) -> System32\Drivers\acpiex.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - ADP80XX () -> System32\drivers\ADP80XX.SYS - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdsata () -> System32\drivers\amdsata.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdsbs () -> System32\drivers\amdsbs.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdxata () -> System32\drivers\amdxata.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - arcsas (@arcsas.inf,%arcsas_ServiceName%;Adaptec SAS/SATA-II RAID Storport's Miniport Driver) -> System32\drivers\arcsas.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - atapi (@mshdc.inf,%idechannel.DeviceDesc%;IDE Channel) -> System32\drivers\atapi.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - b06bdrv (@netbvbda.inf,%vbd_srv_desc%;QLogic Network Adapter VBD) -> System32\drivers\bxvbda.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - bttflt (@virtdisk.inf,%service_desc%;Microsoft Hyper-V VHDPMEM BTT Filter) -> System32\drivers\bttflt.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - cht4iscsi () -> System32\drivers\cht4sx64.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - CLFS (@%SystemRoot%\system32\drivers\clfs.sys,-100) -> System32\drivers\CLFS.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - cm_km (AO Kaspersky Lab Cryptographic Module x64 (56 bit)) -> system32\DRIVERS\cm_km.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - CNG () -> System32\Drivers\cng.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - Disk (@disk.inf,%disk_ServiceDesc%;Pilote de disque) -> System32\drivers\disk.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - ebdrv (@netevbda.inf,%vbd_srv_desc%;QLogic 10 Gigabit Ethernet Adapter VBD) -> System32\drivers\evbda.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - EhStorClass (@%SystemRoot%\system32\drivers\EhStorClass.sys,-100) -> System32\drivers\EhStorClass.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - EhStorTcgDrv (@ehstortcgdrv.inf,%EhStorTcgDrv.Desc%;Microsoft driver for storage devices supporting IEEE 1667 and TCG protocols) -> System32\drivers\EhStorTcgDrv.sys - AcceptPause: False - AcceptStop: False R0 - [File System Driver] - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) -> System32\drivers\fileinfo.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) -> system32\drivers\fltmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) -> System32\DRIVERS\fvevol.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - HpSAMD () -> System32\drivers\HpSAMD.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) -> System32\drivers\hwpolicy.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - iaStorAV (@iastorav.inf,%iaStorAV.DeviceDesc%;Intel(R) SATA RAID Controller Windows) -> System32\drivers\iaStorAV.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - iaStorV (@iastorv.inf,%*PNP0600.DeviceDesc%;Intel RAID Controller Windows 7) -> System32\drivers\iaStorV.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - intelide () -> System32\drivers\intelide.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - intelpep (@intelpep.inf,%INTELPEP.SVCDESC%;Intel(R) Power Engine Plug-in Driver) -> System32\drivers\intelpep.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - iorate (@%SystemRoot%\system32\drivers\iorate.sys,-101) -> system32\drivers\iorate.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - isapnp () -> System32\drivers\isapnp.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - kl1 (kl1) -> system32\DRIVERS\kl1.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - klbackupdisk (Kaspersky Lab klbackupdisk) -> system32\DRIVERS\klbackupdisk.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - klelam (klelam) -> system32\DRIVERS\klelam.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - klupd_klif_arkmon (klupd_klif_arkmon) -> System32\Drivers\klupd_klif_arkmon.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - klupd_klif_klbg (klupd_klif_klbg) -> System32\Drivers\klupd_klif_klbg.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - KSecDD () -> System32\Drivers\ksecdd.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - KSecPkg () -> System32\Drivers\ksecpkg.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - LSI_SAS () -> System32\drivers\lsi_sas.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SAS2i () -> System32\drivers\lsi_sas2i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SAS3i () -> System32\drivers\lsi_sas3i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SSS () -> System32\drivers\lsi_sss.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasas () -> System32\drivers\megasas.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasas2i () -> System32\drivers\MegaSas2i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasr () -> System32\drivers\megasr.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) -> System32\drivers\mountmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - msisadrv () -> System32\drivers\msisadrv.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - Mup (@%systemroot%\system32\drivers\mup.sys,-101) -> System32\Drivers\mup.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - mvumis () -> System32\drivers\mvumis.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) -> system32\drivers\ndis.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - nvraid () -> System32\drivers\nvraid.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - nvstor () -> System32\drivers\nvstor.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) -> System32\drivers\partmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - pci (@pci.inf,%pci_svcdesc%;Pilote de bus PCI) -> System32\drivers\pci.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - pciide () -> System32\drivers\pciide.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - pcmcia () -> System32\drivers\pcmcia.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - pcw (Performance Counters for Windows Driver) -> System32\drivers\pcw.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - pdc (@%SystemRoot%\system32\drivers\pdc.sys,-100) -> system32\drivers\pdc.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - percsas2i () -> System32\drivers\percsas2i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - percsas3i () -> System32\drivers\percsas3i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - Ramdisk (Windows RAM Disk Driver) -> system32\DRIVERS\ramdisk.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - rdyboost (ReadyBoost) -> System32\drivers\rdyboost.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - sbp2port (@sbp2.inf,%sbp2_ServiceDesc%;SBP-2 Transport/Protocol Bus Driver) -> System32\drivers\sbp2port.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - scmbus (@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver) -> System32\drivers\scmbus.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - SiSRaid2 () -> System32\drivers\SiSRaid2.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - SiSRaid4 () -> System32\drivers\sisraid4.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - spaceport (@spaceport.inf,%Spaceport_ServiceDesc%;Storage Spaces Driver) -> System32\drivers\spaceport.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - stexstor () -> System32\drivers\stexstor.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - storahci (@mshdc.inf,%storahci_ServiceDescription%;Microsoft Standard SATA AHCI Driver) -> System32\drivers\storahci.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - storflt (@wstorflt.inf,%service_desc%;Microsoft Hyper-V Storage Accelerator) -> System32\drivers\vmstorfl.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - stornvme (@stornvme.inf,%StorNVMe_ServiceDesc%;Microsoft Standard NVM Express Driver) -> System32\drivers\stornvme.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storufs (@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver) -> System32\drivers\storufs.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storvsc () -> System32\drivers\storvsc.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - Tcpip (@%SystemRoot%\system32\drivers\tcpip.sys,-10001) -> System32\drivers\tcpip.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - vdrvroot (@vdrvroot.inf,%vdrvroot_svcdesc%;Microsoft Virtual Drive Enumerator) -> System32\drivers\vdrvroot.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - vmbus (@wvmbus.inf,%vmbus.SVCDESC%;Virtual Machine Bus) -> System32\drivers\vmbus.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - vmci (@oem83.inf,%loc.vmciServiceDisplayName%;VMware VMCI Bus Driver) -> System32\drivers\vmci.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volmgr (@volmgr.inf,%volmgr_svcdesc%;Volume Manager Driver) -> System32\drivers\volmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) -> System32\drivers\volmgrx.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volsnap (@%SystemRoot%\system32\drivers\volsnap.sys,-100) -> System32\drivers\volsnap.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volume (@volume.inf,%VolumeServiceDesc%;Volume driver) -> System32\drivers\volume.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - vsmraid () -> System32\drivers\vsmraid.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - VSTXRAID (@vstxraid.inf,%Driver.DeviceDesc%;VIA StorX Storage RAID Controller Windows Driver) -> System32\drivers\vstxraid.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - WdBoot (@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-390) -> system32\drivers\wd\WdBoot.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) -> system32\drivers\Wdf01000.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - WdFilter (@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-330) -> system32\drivers\wd\WdFilter.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WFPLWFS (@%SystemRoot%\System32\drivers\wfplwfs.sys,-6000) -> System32\drivers\wfplwfs.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WindowsTrustedRT (Windows Trusted Execution Environment Class Extension) -> system32\drivers\WindowsTrustedRT.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WindowsTrustedRTProxy (@WindowsTrustedRTProxy.inf,%WindowsTrustedRTProxy.SVCDESC%;Microsoft Windows Trusted Runtime Secure Service) -> System32\drivers\WindowsTrustedRTProxy.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - Wof (Windows Overlay File System Filter Driver) -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) -> \SystemRoot\system32\drivers\afd.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - ahcache (@%systemroot%\system32\drivers\ahcache.sys,-102) -> system32\DRIVERS\ahcache.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - bam (@%SystemRoot%\system32\drivers\bam.sys,-100) -> system32\drivers\bam.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - BasicDisplay () -> \SystemRoot\System32\drivers\BasicDisplay.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - BasicRender () -> \SystemRoot\System32\drivers\BasicRender.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Beep (Beep) -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - cdrom (@cdrom.inf,%cdrom_ServiceDesc%;CD-ROM Driver) -> \SystemRoot\System32\drivers\cdrom.sys - AcceptPause: False - AcceptStop: True S1 - [Kernel Driver] - dam (@%SystemRoot%\system32\drivers\dam.sys,-100) -> system32\drivers\dam.sys - AcceptPause: False - AcceptStop: False R1 - [File System Driver] - Dfsc (@%systemroot%\system32\wkssvc.dll,-1008) -> System32\Drivers\dfsc.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - FileCrypt (@%systemroot%\system32\drivers\filecrypt.sys,-100) -> system32\drivers\filecrypt.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - GpuEnergyDrv (@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100) -> System32\drivers\gpuenergydrv.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - IMFCameraProtect (IMFCameraProtect) -> \??\C:\WINDOWS\system32\drivers\IMFCameraProtect.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - klbackupflt (Kaspersky Lab klbackupflt) -> system32\DRIVERS\klbackupflt.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - klhk (@oem58.inf,%klhkDisplayName%;Kaspersky Lab service driver) -> \SystemRoot\System32\drivers\klhk.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - KLIF (Kaspersky Lab Driver) -> system32\DRIVERS\klif.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - KLIM6 (@oem25.inf,%KLIM6_Desc%;Kaspersky Anti-Virus NDIS 6 Filter) -> \SystemRoot\system32\DRIVERS\klim6.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - klpd (Kaspersky Lab format recognizer driver) -> system32\DRIVERS\klpd.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Klwtp (KLwtp - WFP callout traffic inspector) -> \SystemRoot\system32\DRIVERS\klwtp.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - kneps (kneps) -> \SystemRoot\system32\DRIVERS\kneps.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - Msfs () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - mssmbios (@mssmbios.inf,%mssmbios_svcdesc%;Microsoft System Management BIOS Driver) -> \SystemRoot\System32\drivers\mssmbios.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - NetBIOS (@%windir%\system32\drivers\netbios.sys,-503) -> system32\drivers\netbios.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - NetBT (@%SystemRoot%\system32\drivers\netbt.sys,-2) -> System32\DRIVERS\netbt.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - Npfs () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - npsvctrig (@npsvctrig.inf,%NPSVCTRIG.SvcDisplayName%;Named pipe service trigger provider) -> \SystemRoot\System32\drivers\npsvctrig.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) -> system32\drivers\nsiproxy.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Null () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Psched (@%windir%\System32\drivers\pacer.sys,-101) -> System32\drivers\pacer.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) -> system32\DRIVERS\rdbss.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) -> \SystemRoot\system32\DRIVERS\tdx.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - VBoxDrv (VirtualBox Service) -> \SystemRoot\system32\DRIVERS\VBoxDrv.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - VBoxNetLwf (@oem7.inf,%VBoxNetLwfService_Desc%;VirtualBox NDIS6 Bridged Networking Service) -> \SystemRoot\system32\DRIVERS\VBoxNetLwf.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - VBoxUSBMon (VirtualBox USB Monitor Driver) -> \SystemRoot\system32\DRIVERS\VBoxUSBMon.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - vwififlt (@%SystemRoot%\System32\drivers\vwififlt.sys,-259) -> System32\drivers\vwififlt.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - ws2ifsl (Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0) -> \SystemRoot\system32\drivers\ws2ifsl.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - CldFlt (Windows Cloud Files Filter Driver) -> system32\drivers\cldflt.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - hcmon (VMware hcmon) -> \SystemRoot\system32\DRIVERS\hcmon.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - kldisk (kldisk) -> \SystemRoot\system32\DRIVERS\kldisk.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - lltdio (@%SystemRoot%\system32\lltdres.dll,-6) -> system32\drivers\lltdio.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) -> \SystemRoot\system32\drivers\luafv.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - MMCSS (@%systemroot%\system32\drivers\mmcss.sys,-100) -> \SystemRoot\system32\drivers\mmcss.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - MsLldp (@%SystemRoot%\system32\drivers\mslldp.sys,-200) -> system32\drivers\mslldp.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - Ndu (@%SystemRoot%\system32\drivers\Ndu.sys,-10001) -> system32\drivers\Ndu.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - PEAUTH (PEAUTH) -> system32\drivers\peauth.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - rspndr (@%SystemRoot%\system32\lltdres.dll,-5) -> system32\drivers\rspndr.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - srv (@%systemroot%\system32\srvsvc.dll,-102) -> System32\DRIVERS\srv.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - storqosflt (@%SystemRoot%\System32\drivers\storqosflt.sys,-101) -> system32\drivers\storqosflt.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - tcpipreg (TCP/IP Registry Compatibility) -> System32\drivers\tcpipreg.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - VMnetBridge (@oem76.inf,%VMware_Desc%;VMware Bridge Protocol) -> \SystemRoot\system32\DRIVERS\vmnetbridge.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - VMnetUserif (VMware Virtual Ethernet Userif for VMnet) -> \SystemRoot\system32\DRIVERS\vmnetuserif.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - vmx86 (VMware vmx86) -> \SystemRoot\system32\DRIVERS\vmx86.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - wanarp (@%systemroot%\system32\mprmsg.dll,-32011) -> System32\DRIVERS\wanarp.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - wcifs (@%systemroot%\system32\drivers\wcifs.sys,-100) -> \SystemRoot\system32\drivers\wcifs.sys - AcceptPause: False - AcceptStop: True ---------- | System files (Microsoft|Avast|Atheros|Adaptec|Brother|Intel Files whitelisted) ---------- | Uninstall (Whitelist) [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\GIMP-2_is1] : (GIMP 2.8.22.-.The GIMP Team) -> "C:\Program Files\GIMP 2\uninst\unins000.exe" [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\GPL Ghostscript 9.21] : (GPL Ghostscript.-.Artifex Software Inc.) -> "C:\Program Files\gs\gs9.21\uninstgs.exe" [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{12A718F2-2357-4D41-9E1F-18583A4745F7}] : (Acer UEIP Framework.-.Acer Incorporated) -> MsiExec.exe /i {12A718F2-2357-4D41-9E1F-18583A4745F7} PRODUCTNAME="Acer UEIP Framework" BRANDNAME="Acer" BOOTSTRATOR=1 ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{12CB6BC1-4E71-4890-AA0E-26CED6AD7EDD}] : (Intel(R) Chipset Device Software.-.Intel Corporation) -> MsiExec.exe /I{12CB6BC1-4E71-4890-AA0E-26CED6AD7EDD} ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{13DA9C7C-EBFB-40D0-94A1-55B42883DF21}] : (64 Bit HP CIO Components Installer.-.HP Inc.) -> MsiExec.exe /I{13DA9C7C-EBFB-40D0-94A1-55B42883DF21} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{2068E4B9-5A6D-41E3-8B50-CC2ECD49309B}] : (VMware Player.-.VMware, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{30E935B2-0DAC-455E-AC76-3C8504DC3D18}] : (Intel(R) Serial IO.-.Intel Corporation) -> MsiExec.exe /I{30E935B2-0DAC-455E-AC76-3C8504DC3D18} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{3241744A-BA36-41F0-B4AA-EF3946D00632}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{332552D0-B8EE-49BF-B904-E038A72BD2B2}] : (DaVinci Resolve Panels.-.Blackmagic Design) -> MsiExec.exe /X{332552D0-B8EE-49BF-B904-E038A72BD2B2} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{45B3032F-22CC-40CD-9E97-4DA7095FA5A2}] : (PuTTY release 0.70 (64-bit).-.Simon Tatham) -> MsiExec.exe /X{45B3032F-22CC-40CD-9E97-4DA7095FA5A2} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{4B7277C7-9CEE-45FC-B36B-19AD28281B9C}] : (Backup and Sync from Google.-.Google, Inc.) -> MsiExec.exe /X{4B7277C7-9CEE-45FC-B36B-19AD28281B9C} ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{569F29BA-2D46-439B-8B7C-01D999B9201D}] : (...-.Intel) -> MsiExec.exe /I{569F29BA-2D46-439B-8B7C-01D999B9201D} ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{5C76ED0D-0F6F-4985-8B34-F9AE7834848F}] : (HP Unified IO.-.HP) -> MsiExec.exe /I{5C76ED0D-0F6F-4985-8B34-F9AE7834848F} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{6A478BF2-F67F-4ABC-A7F1-B6B5BA862371}] : (Dolby Audio X2 Windows API SDK.-.Dolby Laboratories, Inc.) -> MsiExec.exe /X{6A478BF2-F67F-4ABC-A7F1-B6B5BA862371} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{6DC14AE3-4537-43C7-922B-BDA41FA7C3C8}] : (Oracle VM VirtualBox 5.2.8.-.Oracle Corporation) -> MsiExec.exe /I{6DC14AE3-4537-43C7-922B-BDA41FA7C3C8} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{72E4998D-43F7-488F-A342-9F101D317CDE}] : (VNC Viewer 6.17.1113.-.RealVNC Ltd) -> MsiExec.exe /I{72E4998D-43F7-488F-A342-9F101D317CDE} ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{7D84E343-A23D-451C-B123-0195B2D903A6}] : (Intel® Trusted Connect Service Client.-.Intel Corporation) -> MsiExec.exe /I{7D84E343-A23D-451C-B123-0195B2D903A6} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{7DA57EF8-9D20-4126-AF15-D0CC97D0C017}] : (Dolby Audio X2 Windows APP.-.Dolby Laboratories, Inc.) -> MsiExec.exe /X{7DA57EF8-9D20-4126-AF15-D0CC97D0C017} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{885A3911-0760-5252-92C2-001B92997DEA}] : (Java 9.0.4 (64-bit).-.Oracle Corporation) -> MsiExec.exe /X{885A3911-0760-5252-92C2-001B92997DEA} ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{97D98EE2-53B2-4E9A-94A8-8FC4F0E7B950}] : (Intel(R) ME UninstallLegacy.-.Intel Corporation) -> MsiExec.exe /I{97D98EE2-53B2-4E9A-94A8-8FC4F0E7B950} ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{AA77D6A5-710B-460F-8418-456ED99B3C63}] : (Intel(R) Management Engine Components.-.Intel Corporation) -> MsiExec.exe /I{AA77D6A5-710B-460F-8418-456ED99B3C63} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B038DE18-6092-4C56-ACD4-E268DCFE2B20}] : (DaVinci Resolve.-.Blackmagic Design) -> MsiExec.exe /X{B038DE18-6092-4C56-ACD4-E268DCFE2B20} ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{D1A20264-9483-4C9A-8EE3-CB2F3D4340BF}] : (Intel(R) Management Engine Components.-.Intel Corporation) -> MsiExec.exe /I{D1A20264-9483-4C9A-8EE3-CB2F3D4340BF} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{F0385150-FF86-4A18-AA55-6ED9E5F87DA7}] : (Intel(R) Computing Improvement Program.-.Intel Corporation) -> MsiExec.exe /X{F0385150-FF86-4A18-AA55-6ED9E5F87DA7} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Adobe Flash Player NPAPI] : (Adobe Flash Player 29 NPAPI.-.Adobe Systems Incorporated) -> C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_140_Plugin.exe -maintain plugin [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Adobe Flash Player PPAPI] : (Adobe Flash Player 29 PPAPI.-.Adobe Systems Incorporated) -> C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_140_pepper.exe -maintain pepperplugin [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Advanced SystemCare_is1] : (Advanced SystemCare 11.-.IObit) -> "C:\Program Files (x86)\IObit\Advanced SystemCare\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DeskPins] : (DeskPins (remove only).-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Ditto_is1] : (Ditto.-.Scott Brogden) -> "C:\Program Files (x86)\Ditto\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\edu.media.mit.Scratch2Editor] : (Scratch 2 Offline Editor.-.Massachusetts Institute of Technology) -> msiexec /qb /x {0C26944B-94CF-F315-D5E3-2E7186A3CCF9} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield Uninstall Information] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallWIX_{1CF84962-50F8-48CA-9082-B70F3A02C686}] : (Kaspersky Secure Connection.-.Kaspersky Lab) -> MsiExec.exe /I{1CF84962-50F8-48CA-9082-B70F3A02C686} REMOVE=ALL [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}] : (Kaspersky Anti-Virus.-.Kaspersky Lab) -> MsiExec.exe /I{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2} REMOVE=ALL [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IObit Malware Fighter_is1] : (IObit Malware Fighter 5.-.IObit) -> "C:\Program Files (x86)\IObit\IObit Malware Fighter\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IObitUninstall] : (IObit Uninstaller.-.IObit) -> "C:\Program Files (x86)\IObit\IObit Uninstaller\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\League of Legends 4.1.2] : (League of Legends.-.Riot Games) -> msiexec.exe /x {8E0BDF1C-26D9-4579-A677-53A4CC0D3693} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Super macro] : (Super macro 3.1.-.) -> C:\Program Files (x86)\Super macro\uninst.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\TAGO-Fences] : (TAGO-Fences (remove only).-.) -> C:\Program Files (x86)\TAGO-Fences\Uninstall.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Unity] : (Unity.-.Unity Technologies ApS) -> C:\Program Files\Unity\Editor\Uninstall.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Xming_is1] : (Xming 6.9.0.31.-.Colin Harrison) -> "C:\Program Files (x86)\Xming\unins000.exe" ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{010788AB-706E-4604-A46B-6785EAB64B5E}] : (HPLJDXPHelper.-.HP) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{0C26944B-94CF-F315-D5E3-2E7186A3CCF9}] : (Scratch 2 Offline Editor.-.Massachusetts Institute of Technology) -> MsiExec.exe /I{0C26944B-94CF-F315-D5E3-2E7186A3CCF9} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{0C4C3664-157A-4D69-B474-31EBF2EE1AE3}] : (hppLaserJetService.-.Hewlett-Packard) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{0F044C7A-6EE1-4F03-90AC-329AAF2FCF12}] : (HPLaserJet200color-MFPM276_HelpLearnCenter_SI.-.Hewlett-Packard) -> MsiExec.exe /X{0F044C7A-6EE1-4F03-90AC-329AAF2FCF12} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{10166660-0C51-4355-BD74-D4700EFDB83B}] : (Adobe AIR.-.Adobe Systems Incorporated) -> MsiExec.exe /I{10166660-0C51-4355-BD74-D4700EFDB83B} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1CF84962-50F8-48CA-9082-B70F3A02C686}] : (Kaspersky Secure Connection.-.Kaspersky Lab) -> MsiExec.exe /I{1CF84962-50F8-48CA-9082-B70F3A02C686} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1D839376-74B6-452F-BBFF-845F102E8A3A}] : (HPDXP.-.HP) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F32180161F0}] : (Java 8 Update 161.-.Oracle Corporation) -> MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F32180161F0} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{2AA7DAB3-6778-42A7-9F33-22615234540E}] : (Python 3.6.1 Utility Scripts (32-bit).-.Python Software Foundation) -> MsiExec.exe /I{2AA7DAB3-6778-42A7-9F33-22615234540E} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{3029D656-0C32-4AC9-84FB-A15056F356CC}] : (Python 3.6.1 Development Libraries (32-bit).-.Python Software Foundation) -> MsiExec.exe /I{3029D656-0C32-4AC9-84FB-A15056F356CC} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{323AC113-C6CE-4F99-842F-4936332D055A}] : (Python Launcher.-.Python Software Foundation) -> MsiExec.exe /X{323AC113-C6CE-4F99-842F-4936332D055A} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{3B37F001-CAC7-4973-8693-D253BB0BB60F}] : (hppFaxDrvM276.-.Hewlett-Packard) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}] : (Skype™ 7.41.-.Skype Technologies S.A.) -> MsiExec.exe /X{3B7E914A-93D5-4A29-92BB-AF8C3F66C431} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{3BCCB89B-CD98-4F78-8436-78847FABFD68}] : (Python 3.6.1 Standard Library (32-bit).-.Python Software Foundation) -> MsiExec.exe /I{3BCCB89B-CD98-4F78-8436-78847FABFD68} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{3D45BD48-F215-4C69-B23F-256C83D1D7F0}] : (Intel® Security Assist.-.Intel Corporation) -> MsiExec.exe /I{3D45BD48-F215-4C69-B23F-256C83D1D7F0} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{414D554E-4453-454E-0201-000000016258}] : (Acer Configuration Manager.-.Acer) -> MsiExec.exe /I{414D554E-4453-454E-0201-000000016258} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{492B2DA8-283E-4301-B1C8-3683B11ECC3C}] : (LibreOffice 6.0.1.1.-.The Document Foundation) -> MsiExec.exe /I{492B2DA8-283E-4301-B1C8-3683B11ECC3C} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}] : (Java Auto Updater.-.Oracle Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}] : (Google Update Helper.-.Google Inc.) -> MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{66BB5D8F-D9BD-4799-A9FA-5731B3B7839A}] : (3RVX.-.matt.malensek.net) -> MsiExec.exe /X{66BB5D8F-D9BD-4799-A9FA-5731B3B7839A} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{7DF7A3DB-90B1-48FE-B314-147E1504214D}] : (hppSendFaxM276.-.Hewlett-Packard) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{88B2E402-DE40-4422-9CCB-D285F8602C93}] : (HP Product FWUpdater.-.Hewlett-Packard Company) -> MsiExec.exe /I{88B2E402-DE40-4422-9CCB-D285F8602C93} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{899F7F28-F6D3-4E5B-8FBE-F7929036172A}] : (Python 3.6.1 pip Bootstrap (32-bit).-.Python Software Foundation) -> MsiExec.exe /I{899F7F28-F6D3-4E5B-8FBE-F7929036172A} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{8E0BDF1C-26D9-4579-A677-53A4CC0D3693}] : (League of Legends.-.Riot Games) -> MsiExec.exe /X{8E0BDF1C-26D9-4579-A677-53A4CC0D3693} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}] : (HP Update.-.Hewlett-Packard) -> MsiExec.exe /X{912D30CF-F39E-4B31-AD9A-123C6B794EE2} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{9F460796-0348-4B11-BCA0-714C4B85E3D7}] : (.. ..-.Intel) -> MsiExec.exe /X{9F460796-0348-4B11-BCA0-714C4B85E3D7} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A26EA9EF-0420-4657-AD7F-A4C9D67B63B6}] : (.-.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A7036382-80F1-4FC1-B244-D31AA50337F4}] : (Python 3.6.1 Executables (32-bit).-.Python Software Foundation) -> MsiExec.exe /I{A7036382-80F1-4FC1-B244-D31AA50337F4} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}] : (Google Update Helper.-.Google Inc.) -> MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-0804-1033-1959-001824265200}] : (Adobe Refresh Manager.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-0804-1033-1959-001824265200} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}] : (Adobe Acrobat Reader DC - Français.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-AC0F074E4100} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{B445502B-2F83-4873-90F1-06059F71A46A}] : (HPLJUTCore.-.HP) -> MsiExec.exe /I{B445502B-2F83-4873-90F1-06059F71A46A} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{B46AB504-140F-4E7D-833C-C6CA1A4FAAD7}] : (ScreenToGif.-.Nicke Manarin) -> MsiExec.exe /I{B46AB504-140F-4E7D-833C-C6CA1A4FAAD7} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{BC25B808-A11C-4C9F-9C0A-6682E47AAB83}] : (Gtk# for .Net 2.12.26.-.Xamarin, Inc.) -> MsiExec.exe /X{BC25B808-A11C-4C9F-9C0A-6682E47AAB83} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{C97E3F48-DE95-4E00-80AF-32D75C69302D}] : (HPLJUTM276.-.HP) -> MsiExec.exe /I{C97E3F48-DE95-4E00-80AF-32D75C69302D} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{CC38C23C-7824-4DBB-AC73-997CD0BBFEC7}] : (HP LaserJet 200 color MFP M276.-.Hewlett-Packard) -> C:\Program Files (x86)\HP\csiInstaller\CC38C23C-7824-4DBB-AC73-997CD0BBFEC7\Setup.exe /Uninstall [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{D0CA3944-0FD5-40FF-97A1-FEDFFB5EE31F}] : (4K Video Downloader 4.3.-.Open Media LLC) -> MsiExec.exe /X{D0CA3944-0FD5-40FF-97A1-FEDFFB5EE31F} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{D1198C40-C6F5-4FFB-B98C-79BF1FE706C1}] : (Python 3.6.1 Documentation (32-bit).-.Python Software Foundation) -> MsiExec.exe /I{D1198C40-C6F5-4FFB-B98C-79BF1FE706C1} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{D6610387-8E8B-48ED-AB1C-0D38DFE31C55}] : (hppM276LaserJetService.-.Hewlett-Packard) -> MsiExec.exe /I{D6610387-8E8B-48ED-AB1C-0D38DFE31C55} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{DEB23FB1-04FF-44AC-98B5-EEB243D65A28}] : (LJDXPHelperUI.-.HP) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}] : (Kaspersky Anti-Virus.-.Kaspersky Lab) -> MsiExec.exe /I{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{E35D0ED5-716B-4E1F-8477-54DD746DF527}] : (hpStatusAlerts.-.Hewlett Packard) -> MsiExec.exe /I{E35D0ED5-716B-4E1F-8477-54DD746DF527} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{E63E60CA-437B-4894-8395-81F2F66483B0}] : (Python 3.6.1 Core Interpreter (32-bit).-.Python Software Foundation) -> MsiExec.exe /I{E63E60CA-437B-4894-8395-81F2F66483B0} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{EA540E75-A545-4C9D-B42E-9C8FC09630C4}] : (HP LJ200 M276 HP Scan.-.Hewlett-Packard Co.) -> MsiExec.exe /I{EA540E75-A545-4C9D-B42E-9C8FC09630C4} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{ED8BD450-5015-4CB3-95B5-2D93F23E111B}] : (Python 3.6.1 Add to Path (32-bit).-.Python Software Foundation) -> MsiExec.exe /I{ED8BD450-5015-4CB3-95B5-2D93F23E111B} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F1390872-2500-4408-A46C-CD16C960C661}] : (HP Unified IO.-.HP) -> MsiExec.exe /I{F1390872-2500-4408-A46C-CD16C960C661} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F44EF183-905E-48BB-998E-53FC99B36FE3}] : (Python 3.6.1 Test Suite (32-bit).-.Python Software Foundation) -> MsiExec.exe /I{F44EF183-905E-48BB-998E-53FC99B36FE3} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F6ED0771-FE83-4A1C-BE65-A06CB65B46D5}] : (Python 3.6.1 Tcl/Tk Support (32-bit).-.Python Software Foundation) -> MsiExec.exe /I{F6ED0771-FE83-4A1C-BE65-A06CB65B46D5} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{FFD4184D-7EC6-476E-9A72-E83412AB9D3B}] : (hpStatusAlertsM276.-.Hewlett-Packard) -> MsiExec.exe /I{FFD4184D-7EC6-476E-9A72-E83412AB9D3B} ---------- | Ports ---------- | Installer [HKCR\Installer\Products\0515830F68FF81A4AA55E69D5E8FD77A] : Intel(R) Computing Improvement Program -> C:\WINDOWS\Installer\{F0385150-FF86-4A18-AA55-6ED9E5F87DA7}\vmp [HKCR\Installer\Products\062C4149974DBE940BFB101C5F70E60A] : vs_filehandler_amd64 [HKCR\Installer\Products\0666610115C05534DB474D07E0DF8BB3] : Adobe AIR [HKCR\Installer\Products\0C1DB75ADA248F24FABEAF7C6EBA0B50] : vs_filehandler_x86 [HKCR\Installer\Products\0D255233EE8BFB949B400E837AB22D2B] : DaVinci Resolve Panels -> C:\WINDOWS\Installer\{332552D0-B8EE-49BF-B904-E038A72BD2B2}\Icon.ico [HKCR\Installer\Products\0EFF299C23CA9AF4CBA91F36B7E956D5] : Photo Gallery [HKCR\Installer\Products\100F73B37CAC379468392D35BBB06BF0] : hppFaxDrvM276 [HKCR\Installer\Products\1193A58806702525292C00B12999D7AE] : Java 9.0.4 (64-bit) -> C:\Program Files\Java\jre-9.0.4\\bin\javaws.exe [HKCR\Installer\Products\1BF32BEDFF40CA44895BEE2B346DA582] : LJDXPHelperUI [HKCR\Installer\Products\1CB6BC2117E40984AAE062EC6DDAE7DD] : Intel(R) Chipset Device Software [HKCR\Installer\Products\26948FC18F05AC8409287BF0A3206C68] : Kaspersky Secure Connection -> C:\WINDOWS\Installer\{1CF84962-50F8-48CA-9082-B70F3A02C686}\setup2.ico [HKCR\Installer\Products\2780931F005280444AC6DC619C066C16] : HP Unified IO [HKCR\Installer\Products\2A96DDC9A5670794BAB695A547C016F4] : vs_minshellmsi [HKCR\Installer\Products\2B539E03CAD0E554CA67C35840CDD381] : Intel(R) Serial IO [HKCR\Installer\Products\2EE89D792B35A9E4498AF84C0F7E9B05] : Intel(R) ME UninstallLegacy [HKCR\Installer\Products\2F817A21753214D4E9F18185A374547F] : Acer UEIP Framework -> C:\Windows\Installer\{12A718F2-2357-4D41-9E1F-18583A4745F7}\ProductIconIco [HKCR\Installer\Products\2FB874A6F76FCBA47A1F6B5BAB683217] : Dolby Audio X2 Windows API SDK -> C:\WINDOWS\Installer\{6A478BF2-F67F-4ABC-A7F1-B6B5BA862371}\DolbyBlue.exe [HKCR\Installer\Products\311CA323EC6C99F448F2946333D250A5] : Python Launcher -> C:\WINDOWS\Installer\{323AC113-C6CE-4F99-842F-4936332D055A}\ARPIcon [HKCR\Installer\Products\343E48D7D32AC1541B3210592B9D306A] : Intel® Trusted Connect Service Client [HKCR\Installer\Products\36D5F595377828141A0ECEE9FCB4E64A] : vs_communitymsi [HKCR\Installer\Products\3EA41CD673547C3429B2DB4AF17A3C8C] : Oracle VM VirtualBox 5.2.8 -> C:\WINDOWS\Installer\{6DC14AE3-4537-43C7-922B-BDA41FA7C3C8}\IconVirtualBox [HKCR\Installer\Products\3F6DF3589CB0A41489B609FE35D8AB1A] : vs_minshellmsires [HKCR\Installer\Products\46202A1D3849A9C4E83EBCF2D33404FB] : Intel(R) Management Engine Components [HKCR\Installer\Products\4663C4C0A75196D44B4713BE2FEEA13E] : hppLaserJetService [HKCR\Installer\Products\46E04004BE05FCF42B90ADB002287195] : vs_communitymsires [HKCR\Installer\Products\4B8898265AF36AE4AB3AAD46F07681DB] : -> C:\Windows\Installer\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}\ARPPRODUCTICON.exe [HKCR\Installer\Products\4EA42A62D9304AC4784BF2238110160F] : Java 8 Update 161 -> C:\Program Files (x86)\Java\jre1.8.0_161\\bin\javaws.exe [HKCR\Installer\Products\57E045AE545AD9C44BE2C9F80C69034C] : HP LJ200 M276 HP Scan [HKCR\Installer\Products\5A6D77AAB017F064488154E69DB9C336] : Intel(R) Management Engine Components [HKCR\Installer\Products\5DE0D53EB617F1E4487745DD47D65F72] : hpStatusAlerts [HKCR\Installer\Products\65EC0961132295E409600A78D649E98A] : Tools for .Net 3.5 [HKCR\Installer\Products\673938D16B47F254BBFF48F501E2A8A3] : HPDXP [HKCR\Installer\Products\68AB67CA408033019195008142622500] : Adobe Refresh Manager -> C:\WINDOWS\Installer\{AC76BA86-0804-1033-1959-001824265200}\ARPPRODUCTICON.exe [HKCR\Installer\Products\68AB67CA7DA76301B744CAF070E41400] : Adobe Acrobat Reader DC - Français -> C:\Windows\Installer\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}\SC_Reader.ico [HKCR\Installer\Products\697064F9843011B4CB0A17C4B4583E7D] : . . . -> C:\WINDOWS\Installer\{9F460796-0348-4B11-BCA0-714C4B85E3D7}\ProductIcon [HKCR\Installer\Products\75B373813CF4A1B4593B7A5ECD5A777F] : Qualcomm Atheros Setup -> C:\Windows\Installer\{18373B57-4FC3-4B1A-95B3-A7E5DCA577F7}\ARPPRODUCTICON.exe [HKCR\Installer\Products\7830166DB8E8DE84BAC1D083FD3EC155] : hppM276LaserJetService [HKCR\Installer\Products\7BD4C90EC03660F46A13E87A329932FA] : D3DX10 [HKCR\Installer\Products\7C7727B4EEC9CF543BB691DA8282B1C9] : Backup and Sync from Google -> C:\WINDOWS\Installer\{4B7277C7-9CEE-45FC-B36B-19AD28281B9C}\DriveIcon [HKCR\Installer\Products\84DB54D3512F96C42BF352C6381D7D0F] : Intel® Security Assist -> C:\Windows\Installer\{3D45BD48-F215-4C69-B23F-256C83D1D7F0}\isa.ico [HKCR\Installer\Products\84F3E79C59ED00E408FA237DC59603D2] : HPLJUTM276 [HKCR\Installer\Products\8AD2B294E38210341B8C63381BE1CCC3] : LibreOffice 6.0.1.1 -> C:\WINDOWS\Installer\{492B2DA8-283E-4301-B1C8-3683B11ECC3C}\soffice.ico [HKCR\Installer\Products\8CDD41E806AE81E43B3E917301D4B5AD] : MSVCRT110 [HKCR\Installer\Products\8FE75AD702D96214FA510DCC790D0C71] : Dolby Audio X2 Windows APP -> C:\WINDOWS\Installer\{7DA57EF8-9D20-4126-AF15-D0CC97D0C017}\DolbyBlue.exe [HKCR\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E] : Google Update Helper [HKCR\Installer\Products\96530F83636A3FC4DBED30C2C8523140] : Movie Maker [HKCR\Installer\Products\9B4E8602D6A53E14B805CCE2DC9403B9] : VMware Player [HKCR\Installer\Products\A089CE062ADB6BC44A720BA745894BAC] : Google Update Helper [HKCR\Installer\Products\A419E7B35D3992A429BBFAC8F3664C13] : Skype™ 7.41 -> C:\WINDOWS\Installer\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}\SkypeIcon.exe [HKCR\Installer\Products\A6C64DD86500CEF47BA082BB611A1FF1] : MSVCRT [HKCR\Installer\Products\A75F0AACC8AB8DA4AA303FB2E0F46532] : Photo Common [HKCR\Installer\Products\A7C440F01EE630F409CA23A9FAF2FC21] : HPLaserJet200color-MFPM276_HelpLearnCenter_SI -> C:\WINDOWS\Installer\{0F044C7A-6EE1-4F03-90AC-329AAF2FCF12}\ARPPRODUCTICON.exe [HKCR\Installer\Products\AB92F96564D2B934B8C7109D999B02D1] : . . [HKCR\Installer\Products\B205544B38F23784091F6050F9174AA6] : HPLJUTCore [HKCR\Installer\Products\B44962C0FC49513F5D3EE217683ACC9F] : Scratch 2 Offline Editor [HKCR\Installer\Products\B4EB76DD26E75124FA3A1F328A003A98] : Movie Maker [HKCR\Installer\Products\B7D1B72E43B32A34F90C89825DFD642E] : Kaspersky Anti-Virus -> C:\WINDOWS\Installer\{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}\setup2.ico [HKCR\Installer\Products\BA887010E60740644AB67658AE6BB4E5] : HPLJDXPHelper [HKCR\Installer\Products\BD3A7FD71B09EF843B4141E7514012D4] : hppSendFaxM276 [HKCR\Installer\Products\BDA8C13295FBE8549A90FC8A524F3688] : vs_minshellinteropmsi [HKCR\Installer\Products\BFF2AFFB5901DDA43A256388602D14B2] : vs_devenvmsi [HKCR\Installer\Products\C1FDB0E89D6297546A77354ACCD06339] : League of Legends -> C:\Windows\Installer\{8E0BDF1C-26D9-4579-A677-53A4CC0D3693}\lol.launcher_1.exe [HKCR\Installer\Products\C7C9AD31BFBE0D04491A554B8238FD12] : 64 Bit HP CIO Components Installer [HKCR\Installer\Products\D0DE67C5F6F05894B8439FEA874348F8] : HP Unified IO [HKCR\Installer\Products\D4814DFF6CE7E674A9278E4321BAD9B3] : hpStatusAlertsM276 [HKCR\Installer\Products\D549B7A12FCAF744FA559A53F1A207BA] : vs_communitymsires [HKCR\Installer\Products\D8994E277F34F8843A24F901D113C7ED] : VNC Viewer 6.17.1113 -> C:\WINDOWS\Installer\{72E4998D-43F7-488F-A342-9F101D317CDE}\IconViewer.exe [HKCR\Installer\Products\D8F6EFD6D16B8434BA07A4FB2101FD5D] : vs_minshellmsires [HKCR\Installer\Products\E455D4143544E4542010000000102685] : Acer Configuration Manager -> C:\Windows\Installer\{414D554E-4453-454E-0201-000000016258}\_853F67D554F05449430E7E.exe [HKCR\Installer\Products\E66BAA708174D2242981A4BFC329A217] : Photo Gallery [HKCR\Installer\Products\EE26973C42EEF9E4A81415A4DC9771C7] : Tools for .Net 3.5 - FRA Lang Pack [HKCR\Installer\Products\F2303B54CC22DC04E979D47A90F55A2A] : PuTTY release 0.70 (64-bit) -> C:\WINDOWS\Installer\{45B3032F-22CC-40CD-9E97-4DA7095FA5A2}\installericon.exe [HKCR\Installer\Products\F4B96F07059714841893D5C0E7DDF26E] : vs_FileTracker_Singleton [HKCR\Installer\Products\F60730A4A66673047777F5728467D401] : Java Auto Updater [HKCR\Installer\Products\FC03D219E93F13B4DAA921C3B697E42E] : HP Update -> C:\WINDOWS\Installer\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}\ARPPRODUCTICON.exe ---------- | ADS ---------- | Drives ---------- | MBR 64 bits not supported by MBR.exe, Dump : C:\QuickDiag\MBR.Bin ---------- | 20 LastEventLog Échec de la procédure d’ouverture pour le service « .NETFramework » dans la DLL « C:\WINDOWS\system32\mscoree.dll ». Les données de performance de ce service ne seront pas disponibles. Le premier mot (DWORD) de la section Données contient le code d’erreur. ------------ Erreur lors de la mise à jour du statut vers SECURITY_PRODUCT_STATE_OFF. ------------ Erreur lors de la mise à jour du statut vers SECURITY_PRODUCT_STATE_OFF. ------------ Erreur lors de la mise à jour du statut vers SECURITY_PRODUCT_STATE_OFF. ------------ Nom de l’application défaillante Explorer.EXE, version : 10.0.16299.248, horodatage : 0x18ee648b Nom du module défaillant : unknown, version : 0.0.0.0, horodatage : 0x00000000 Code d’exception : 0xc0000005 Décalage d’erreur : 0x0000000008430fae ID du processus défaillant : 0x4044 Heure de début de l’application défaillante : 0x01d3d3e4500b5f93 Chemin d’accès de l’application défaillante : C:\WINDOWS\Explorer.EXE Chemin d’accès du module défaillant: unknown ID de rapport : 000c2d91-0b3c-4d7e-a646-3b1dad755e49 Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Erreur du service de cliché instantané des volumes : erreur lors de l’appel de la routine QueryFullProcessImageNameW. hr = 0x8007001f, Un périphérique attaché au système ne fonctionne pas correctement. . Opération : Opération asynchrone en cours d’exécution Contexte : État actuel: DoSnapshotSet ------------ Erreur du service de cliché instantané des volumes : erreur lors de l’appel de la routine QueryFullProcessImageNameW. hr = 0x8007001f, Un périphérique attaché au système ne fonctionne pas correctement. . Opération : Opération asynchrone en cours d’exécution Contexte : État actuel: DoSnapshotSet ------------ Erreur lors de la mise à jour du statut vers SECURITY_PRODUCT_STATE_OFF. ------------ Échec de la procédure d’ouverture pour le service « .NETFramework » dans la DLL « C:\WINDOWS\system32\mscoree.dll ». Les données de performance de ce service ne seront pas disponibles. Le premier mot (DWORD) de la section Données contient le code d’erreur. ------------ Erreur lors de la mise à jour du statut vers SECURITY_PRODUCT_STATE_OFF. ------------ Échec de la procédure d’ouverture pour le service « BITS » dans la DLL « C:\Windows\System32\bitsperf.dll ». Les données de performance de ce service ne seront pas disponibles. Le premier mot (DWORD) de la section Données contient le code d’erreur. ------------ Erreur lors de la mise à jour du statut vers SECURITY_PRODUCT_STATE_OFF. ------------ Échec de la procédure d’ouverture pour le service « .NETFramework » dans la DLL « C:\WINDOWS\system32\mscoree.dll ». Les données de performance de ce service ne seront pas disponibles. Le premier mot (DWORD) de la section Données contient le code d’erreur. ------------ ------------ ------------ ------------ ------------ ------------ ------------ ----------( EOF)---------- - 5641 | 18:09:43