--------------- QuickDiag | g3n-h@ckm@n | V4_21.04.18.1 --------------- ----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 23/04/2018 17:47:10 Updated 21/04/2018 | 21.05 (GMT) by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Time Zone : (UTC+01:00) Bruxelles, Copenhague, Madrid, Paris [Julien (Administrator)] - [XIONG] (S-1-5-21-3714920687-1367710502-1323822166-1002) System: Microsoft Windows 8.1 - - (6.3.9600) - BuildType: Multiprocessor Free - OSLanguage: 1036 (040c) -> () System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True Boot : Microsoft Windows 8.1|C:\Windows|\Device\Harddisk0\Partition4 Boot : Normal boot PC: G10AJ - ASUSTeK COMPUTER INC. - IdNumber: E9PDCG000PET - UUID: C93B6AD3-FC29-76AF-3FC3-7824AF832E79 Processor : X64 - 3193 Mhz - Intel(R) Core(TM) i7-4790S CPU @ 3.20GHz 0303 - en|US|iso8859-1 - American Megatrends Inc. - S/N: E9PDCG000PET - 0303 - ALASKA - 1072009 CoreTemp : 29.8 Celsius ----------| Quick ---------- | SoundDevice Realtek Bluetooth A2dp Device - Status: OK - Manufacturer: Realtek Bluetooth - PNPDeviceID: BTHENUM\{0000110B-0000-1000-8000-00805F9B34FB}_LOCALMFG&005D\7&6DBE9DD&0&B869C223EE18_C00000000 Realtek Bluetooth A2dp Device - Status: OK - Manufacturer: Realtek Bluetooth - PNPDeviceID: BTHENUM\{0000110A-0000-1000-8000-00805F9B34FB}_VID&0001000F_PID&1200\7&6DBE9DD&0&8CEBC6AAFC9B_C00000000 NVIDIA High Definition Audio - Status: OK - Manufacturer: NVIDIA - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10DE&DEV_0040&SUBSYS_10438477&REV_1001\5&382E8CD0&0&0001 Realtek High Definition Audio - Status: OK - Manufacturer: Realtek - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0887&SUBSYS_10438633&REV_1003\4&1EF6D59E&0&0001 NVIDIA Virtual Audio Device (Wave Extensible) (WDM) - Status: OK - Manufacturer: NVIDIA - PNPDeviceID: ROOT\UNNAMED_DEVICE\0000 ---------- | Video NVIDIA GeForce GTX 760 (192-bit) - Resolution: 1920x1080 - Colors: 4294967296 - RefreshRate: 60 - 32 Bits Per Pixel - DeviceID: VideoController1 - Drivers: nvd3dumx.dll,nvwgf2umx.dll,nvwgf2umx.dll,nvd3dum,nvwgf2um,nvwgf2um - PNPDeviceID: PCI\VEN_10DE&DEV_118E&SUBSYS_84771043&REV_A1\4&3834D97&0&0008 - AdapterCompatibility: NVIDIA - RAM: -1073741824 Inegrated Video Chipset DeviceName: NVIDIA GeForce GTX 760 (192-bit) - DriverVersion: 23.21.13.9135 - SpecificationVersion: 1025 ---------- | Codecs c:\windows\system32\msyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 26624 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\l3codeca.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 82432 - Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK c:\windows\system32\iyuv_32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 52736 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 34088 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msvidc32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 37888 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msrle32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 16896 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\imaadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 35664 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msg711.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 25312 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msgsm32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 41880 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\tsbyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 15872 - Manufacturer: Microsoft Corporation - Status: OK ---------- | CPU CPU #1 value:6 % CPU #2 value:81 % CPU #3 value:6 % CPU #4 value:6 % CPU #5 value:31 % CPU #6 value:6 % CPU #7 value:12 % CPU #8 value:6 % Total Overall CPU Usage value:19 % ---------- | Network Realtek PCIe GBE Family Controller : SENT:0 bytes/sec / RECVD:0 bytes/sec Realtek 8821AE Wireless LAN 802.11ac PCI-E NIC : SENT:23,177 bytes/sec / RECVD:23,177 bytes/sec isatap.lan : SENT:0 bytes/sec / RECVD:0 bytes/sec Overall -> SEND Maxium:23,177 bytes/sec, / RECEIVE Maximum:23,177 bytes/sec Realtek PCIe GBE Family Controller - Ethernet 802.3 - Realtek - Status: - PnPID : PCI\VEN_10EC&DEV_8168&SUBSYS_861D1043&REV_11\4&2F422611&0&00E2 Microsoft Kernel Debug Network Adapter - - Microsoft - Status: - PnPID : ROOT\KDNIC\0000 Bluetooth Device (Personal Area Network) - Ethernet 802.3 - Microsoft - Status: - PnPID : BTH\MS_BTHPAN\6&31A763FB&0&2 Realtek 8821AE Wireless LAN 802.11ac PCI-E NIC - Ethernet 802.3 - Realtek Semiconductor Corp. - Status: - PnPID : PCI\VEN_10EC&DEV_8821&SUBSYS_21611A3B&REV_00\4&E561B7A&0&00E3 Microsoft Wi-Fi Direct Virtual Adapter - Ethernet 802.3 - Microsoft - Status: - PnPID : {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP_WFD\5&5280D47&0&01 Carte Microsoft ISATAP - - - Status: - PnPID : Microsoft Teredo Tunneling Adapter - - - Status: - PnPID : Carte Microsoft ISATAP #2 - Tunnel - Microsoft - Status: - PnPID : SWD\IP_TUNNEL_VBUS\ISATAP_1 Carte virtuelle directe Wi-Fi Microsoft - - - Status: - PnPID : ---------- | Memory RAM = Total (MB) : 8330 | Free (MB) : 4850 Pagefile = Total (MB) : 10821 | Free (MB) : 6938 Virtual = Total (MB) : 4194 | Free (MB) : 3928 Physical Memory 0 : Capacity: 8589934592 - DIMM_A1 - Posit.: - Manufacturer: Samsung - PartNumber: M378B1G73DB0-CK0 - S/N: 3863EB97 ---------- | SID Users Administrateur : [S-1-5-21-3714920687-1367710502-1323822166-500] Invité : [S-1-5-21-3714920687-1367710502-1323822166-501] Julien : [S-1-5-21-3714920687-1367710502-1323822166-1002] Administrateurs : [S-1-5-32-544] IIS_IUSRS : [S-1-5-32-568] Invités : [S-1-5-32-546] Lecteurs des journaux d’événements : [S-1-5-32-573] Utilisateurs : [S-1-5-32-545] Utilisateurs de gestion à distance : [S-1-5-32-580] Utilisateurs de l’Analyseur de performances : [S-1-5-32-558] Utilisateurs du journal de performances : [S-1-5-32-559] Utilisateurs du modèle COM distribué : [S-1-5-32-562] WinRMRemoteWMIUsers__ : [S-1-5-21-3714920687-1367710502-1323822166-1000] ---------- | SystemAccounts Name: Tout le monde - SID: S-1-1-0 - SIDType: 5 - Status: OK Name: LOCAL - SID: S-1-2-0 - SIDType: 5 - Status: OK Name: CREATEUR PROPRIETAIRE - SID: S-1-3-0 - SIDType: 5 - Status: OK Name: GROUPE CREATEUR - SID: S-1-3-1 - SIDType: 5 - Status: OK Name: CREATOR OWNER SERVER - SID: S-1-3-2 - SIDType: 5 - Status: OK Name: CREATOR GROUP SERVER - SID: S-1-3-3 - SIDType: 5 - Status: OK Name: DROITS DU PROPRIÉTAIRE - SID: S-1-3-4 - SIDType: 5 - Status: OK Name: LIGNE - SID: S-1-5-1 - SIDType: 5 - Status: OK Name: RESEAU - SID: S-1-5-2 - SIDType: 5 - Status: OK Name: TACHE - SID: S-1-5-3 - SIDType: 5 - Status: OK Name: INTERACTIF - SID: S-1-5-4 - SIDType: 5 - Status: OK Name: SERVICE - SID: S-1-5-6 - SIDType: 5 - Status: OK Name: ANONYMOUS LOGON - SID: S-1-5-7 - SIDType: 5 - Status: OK Name: Proxy - SID: S-1-5-8 - SIDType: 5 - Status: OK Name: Système - SID: S-1-5-18 - SIDType: 5 - Status: OK Name: ENTERPRISE DOMAIN CONTROLLERS - SID: S-1-5-9 - SIDType: 5 - Status: OK Name: SELF - SID: S-1-5-10 - SIDType: 5 - Status: OK Name: Utilisateurs authentifiés - SID: S-1-5-11 - SIDType: 5 - Status: OK Name: RESTRICTED - SID: S-1-5-12 - SIDType: 5 - Status: OK Name: UTILISATEUR TERMINAL SERVER - SID: S-1-5-13 - SIDType: 5 - Status: OK Name: REMOTE INTERACTIVE LOGON - SID: S-1-5-14 - SIDType: 5 - Status: OK Name: IUSR - SID: S-1-5-17 - SIDType: 5 - Status: OK Name: SERVICE LOCAL - SID: S-1-5-19 - SIDType: 5 - Status: OK Name: SERVICE RÉSEAU - SID: S-1-5-20 - SIDType: 5 - Status: OK Name: BUILTIN - SID: S-1-5-32 - SIDType: 3 - Status: OK ---------- | Drives C:\ -> [Fixed] | [Windows] | Total : 150 Go | Free : 12.87 Go -> NTFS [RAID] D:\ -> [Fixed] | [Data] | Total : 762.54 Go | Free : 351.24 Go -> NTFS [RAID] Disk Usage Information [1 total Physical Disks] Physical Drive #0 [C:, D:] : Read:27,530,316 bytes/sec, Written:64,786 bytes/sec Max Read:27,530,316 bytes/sec, Max Write:64,786 bytes/sec Overall - Read Maximum:27,530,316 bytes/sec, Write Maximum:64,786 bytes/sec DeviceID: \\.\PHYSICALDRIVE0 - Status: OK - SCSI - Fixed hard disk media - 5 Part. - PnPID : SCSI\DISK&VEN_WDC&PROD_WD10EZEX-22BN5A0\4&195EFD62&0&000000 ---------- | Windows updates Last detection : 2018-04-22 15:36:32 Downloaded last ones : 2018-04-22 16:55:02 Installed last ones : 2018-04-20 19:33:09 Next search : 2018-04-23 13:33:08 Test 1 : Windows Is Activated Test 2 : Windows Is Activated ---------- | Browsers IE : 11.0.9600.18817 (© Microsoft Corporation. Tous droits réservés.) GC : 65.0.3325.181 (Copyright 2017 Google Inc.) Default : "C:\Program Files\Internet Explorer\iexplore.exe" ---------- | FlashPlayer FlashPlayer ActiveX : 29.0.0.140 ---------- | Security AV : Antivirus Bitdefender Enabled AS : Windows Defender Disabled FW : WINDOWS Firewall WMI : OK WU: Windows Update Service [Manual(3)] = Running AS: Windows Defender [Manual(3)] = stopped WMI: Windows Management Instrumentation [Auto(2)] = Running ---------- | Running processes 372 | [Owner : Système | Parent : 4(System) | ?????] - (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (6.3.9600.17031) = C:\Windows\System32\smss.exe [13/03/2014 05:56:59] CPU Usage:0 % --> Command Line : 716 | [Owner : Système | Parent : 552() | ?????] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (6.3.9600.16384) = C:\Windows\System32\csrss.exe [22/08/2013 15:25:40] CPU Usage:0 % --> Command Line : 768 | [Owner : Système | Parent : 552() | 4.44 Mo] - (.Microsoft Corporation - Application de démarrage de Windows.) - (6.3.9600.18577) = C:\Windows\System32\wininit.exe [16/03/2017 19:29:49] CPU Usage:0 % --> Command Line : 824 | [Owner : Système | Parent : 768(wininit.exe) | ?????] - (.Microsoft Corporation - Applications Services et Contrôleur.) - (6.3.9600.17793) = C:\Windows\System32\services.exe [24/06/2016 13:54:01] CPU Usage:0 % --> Command Line : 832 | [Owner : Système | Parent : 768(wininit.exe) | 12.97 Mo] - (.Microsoft Corporation - Local Security Authority Process.) - (6.3.9600.17415) = C:\Windows\System32\lsass.exe [24/06/2016 14:24:24] CPU Usage:0 % --> Command Line : 948 | [Owner : Système | Parent : 824(services.exe) | 11.35 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.3.9600.17415) = C:\Windows\System32\svchost.exe [24/06/2016 14:24:30] CPU Usage:0 % --> Command Line : 992 | [Owner : SERVICE RÉSEAU | Parent : 824(services.exe) | 8.69 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.3.9600.17415) = C:\Windows\System32\svchost.exe [24/06/2016 14:24:30] CPU Usage:0 % --> Command Line : 396 | [Owner : Système | Parent : 824(services.exe) | 389.56 Mo] - (.Bitdefender - Bitdefender Security Service.) - (19.6.0.318) = C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [04/12/2016 14:20:52] CPU Usage:1 % --> Command Line : 1368 | [Owner : Système | Parent : 824(services.exe) | 11.11 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.2.0.0) = C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [26/02/2018 19:53:26] CPU Usage:0 % --> Command Line : 1460 | [Owner : SERVICE LOCAL | Parent : 824(services.exe) | 30.72 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.3.9600.17415) = C:\Windows\System32\svchost.exe [24/06/2016 14:24:30] CPU Usage:0 % --> Command Line : 1536 | [Owner : Système | Parent : 824(services.exe) | 59.7 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.3.9600.17415) = C:\Windows\System32\svchost.exe [24/06/2016 14:24:30] CPU Usage:0 % --> Command Line : 1580 | [Owner : SERVICE LOCAL | Parent : 824(services.exe) | 17.62 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.3.9600.17415) = C:\Windows\System32\svchost.exe [24/06/2016 14:24:30] CPU Usage:0 % --> Command Line : 1664 | [Owner : Système | Parent : 824(services.exe) | 112.54 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.3.9600.17415) = C:\Windows\System32\svchost.exe [24/06/2016 14:24:30] CPU Usage:0 % --> Command Line : 1924 | [Owner : SERVICE RÉSEAU | Parent : 824(services.exe) | 16.65 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.3.9600.17415) = C:\Windows\System32\svchost.exe [24/06/2016 14:24:30] CPU Usage:0 % --> Command Line : 2024 | [Owner : Système | Parent : 1664(svchost.exe) | 5.2 Mo] - (.Microsoft Corporation - Infrastructure d’extensibilité pour les services réseau Windows sans fil 802.11.) - (6.3.9600.17415) = C:\Windows\System32\wlanext.exe [24/06/2016 14:24:04] CPU Usage:0 % --> Command Line : 1112 | [Owner : Système | Parent : 2024(wlanext.exe) | 2.88 Mo] - (.Microsoft Corporation - Hôte de la fenêtre de la console.) - (6.3.9600.17415) = C:\Windows\System32\conhost.exe [24/06/2016 14:26:11] CPU Usage:0 % --> Command Line : 2156 | [Owner : Système | Parent : 824(services.exe) | 16.95 Mo] - (.Microsoft Corporation - Application sous-système spouleur.) - (6.3.9600.18895) = C:\Windows\System32\spoolsv.exe [12/01/2018 19:43:43] CPU Usage:0 % --> Command Line : 2184 | [Owner : SERVICE LOCAL | Parent : 824(services.exe) | 35.11 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.3.9600.17415) = C:\Windows\System32\svchost.exe [24/06/2016 14:24:30] CPU Usage:0 % --> Command Line : 2288 | [Owner : Système | Parent : 824(services.exe) | 4.26 Mo] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - (1.824.26.5200) = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [09/02/2018 19:02:50] CPU Usage:0 % --> Command Line : 2332 | [Owner : Système | Parent : 824(services.exe) | 24.92 Mo] - (.ASUS Cloud Corporation - Asus WebStorage Windows Service.) - (1.0.0.0) = C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe [16/08/2013 10:04:18] CPU Usage:0 % --> Command Line : 2372 | [Owner : Système | Parent : 824(services.exe) | 6.16 Mo] - (.Realtek Semiconductor Corporation - Realtek Bluetooth AVRCP Service.) - (1.0.18.1) = C:\Program Files (x86)\Realtek\Realtek Bluetooth\AvrcpService.exe [11/09/2014 02:27:10] CPU Usage:0 % --> Command Line : 2432 | [Owner : Système | Parent : 824(services.exe) | 5.31 Mo] - (.- Realtek Bluetooth BTDevManager Service Application.) - (1.0.24.1) = C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe [11/09/2014 02:27:10] CPU Usage:0 % --> Command Line : 2500 | [Owner : Système | Parent : 824(services.exe) | 52.71 Mo] - (.Microsoft Corporation - Microsoft Office Click-to-Run (SxS).) - (16.0.9226.2082) = C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe [14/01/2018 18:33:17] CPU Usage:0 % --> Command Line : 2616 | [Owner : Système | Parent : 824(services.exe) | 15.62 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.3.9600.17415) = C:\Windows\System32\svchost.exe [24/06/2016 14:24:30] CPU Usage:0 % --> Command Line : 2648 | [Owner : SERVICE LOCAL | Parent : 1664(svchost.exe) | 8.86 Mo] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (6.3.9600.17415) = C:\Windows\System32\dasHost.exe [24/06/2016 14:24:35] CPU Usage:0 % --> Command Line : 2684 | [Owner : Système | Parent : 824(services.exe) | 49.19 Mo] - (.Hi-Rez Studios - HiPatchService.) - (5.1.2.0) = D:\Hi-Rez Studios\HiPatchService.exe [14/06/2017 00:36:13] CPU Usage:0 % --> Command Line : 2732 | [Owner : Système | Parent : 824(services.exe) | 7.29 Mo] - (.- HuaweiHiSuiteService.) - (2.0.0.42) = C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [26/07/2017 09:58:28] CPU Usage:0 % --> Command Line : 2792 | [Owner : Système | Parent : 824(services.exe) | 24.5 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.10.2366.3209) = C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [26/02/2018 19:54:05] CPU Usage:0 % --> Command Line : 2872 | [Owner : SERVICE RÉSEAU | Parent : 824(services.exe) | 14.46 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.10.2354.7482) = C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [26/02/2018 19:54:05] CPU Usage:0 % --> Command Line : 2940 | [Owner : Système | Parent : 824(services.exe) | 4.65 Mo] - (.- RichVideo Module.) - (2.0.1.7413) = C:\Program Files\CyberLink\Shared files\RichVideo64.exe [05/06/2014 20:42:31] CPU Usage:0 % --> Command Line : 2996 | [Owner : SERVICE LOCAL | Parent : 824(services.exe) | 6.66 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.3.9600.17415) = C:\Windows\System32\svchost.exe [24/06/2016 14:24:30] CPU Usage:0 % --> Command Line : 3064 | [Owner : Système | Parent : 824(services.exe) | 9.15 Mo] - (.Bitdefender - Bitdefender Update Service.) - (19.5.0.310) = C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [04/12/2016 14:20:52] CPU Usage:0 % --> Command Line : 2632 | [Owner : Système | Parent : 824(services.exe) | 279.06 Mo] - (.Malwarebytes - Malwarebytes Service.) - (3.1.0.643) = C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [21/04/2018 16:35:43] CPU Usage:0 % --> Command Line : 5248 | [Owner : SERVICE RÉSEAU | Parent : 948(svchost.exe) | 13.72 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (6.3.9600.18946) = C:\Windows\System32\wbem\WmiPrvSE.exe [11/04/2018 18:22:17] CPU Usage:0 % --> Command Line : 304 | [Owner : SERVICE LOCAL | Parent : 824(services.exe) | 12.46 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.3.9600.17415) = C:\Windows\System32\svchost.exe [24/06/2016 14:24:30] CPU Usage:0 % --> Command Line : 6140 | [Owner : Système | Parent : 824(services.exe) | 30.3 Mo] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.9600.18722) = C:\Windows\System32\SearchIndexer.exe [14/06/2017 12:00:42] CPU Usage:0 % --> Command Line : 4732 | [Owner : SERVICE RÉSEAU | Parent : 824(services.exe) | 4.7 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.3.9600.17415) = C:\Windows\System32\svchost.exe [24/06/2016 14:24:30] CPU Usage:0 % --> Command Line : 6708 | [Owner : Système | Parent : 948(svchost.exe) | 6.97 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (6.3.9600.18946) = C:\Windows\System32\wbem\WmiPrvSE.exe [11/04/2018 18:22:17] CPU Usage:0 % --> Command Line : 4504 | [Owner : Système | Parent : 824(services.exe) | 11.22 Mo] - (.-.) - (0.0.0.0) = C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [05/06/2014 20:34:44] CPU Usage:0 % --> Command Line : 8012 | [Owner : Système | Parent : 824(services.exe) | 45.02 Mo] - (.Intel Corporation - IAStorDataSvc.) - (13.0.3.1001) = C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [11/04/2014 19:31:04] CPU Usage:0 % --> Command Line : 7408 | [Owner : Système | Parent : 824(services.exe) | 4.45 Mo] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host Interface.) - (10.0.0.1180) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [20/03/2014 21:43:02] CPU Usage:0 % --> Command Line : 5400 | [Owner : Système | Parent : 824(services.exe) | 9.9 Mo] - (.Intel Corporation - Intel(R) Local Management Service.) - (10.0.0.1180) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [20/03/2014 21:43:04] CPU Usage:0 % --> Command Line : 4816 | [Owner : SERVICE RÉSEAU | Parent : 824(services.exe) | 6 Mo] - (.Microsoft Corporation - Service Partage réseau du Lecteur Windows Media.) - (12.0.9600.17415) = C:\Program Files\Windows Media Player\wmpnetwk.exe [24/06/2016 14:27:52] CPU Usage:0 % --> Command Line : 6268 | [Owner : SERVICE LOCAL | Parent : 1536(svchost.exe) | 15.06 Mo] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (6.3.9600.17415) = C:\Windows\System32\taskhost.exe [24/06/2016 14:25:29] CPU Usage:0 % --> Command Line : 5996 | [Owner : Système | Parent : 7360() | ?????] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (6.3.9600.16384) = C:\Windows\System32\csrss.exe [22/08/2013 15:25:40] CPU Usage:0 % --> Command Line : 7384 | [Owner : Système | Parent : 7360() | 5.6 Mo] - (.Microsoft Corporation - Application d’ouverture de session Windows.) - (6.3.9600.18895) = C:\Windows\System32\winlogon.exe [12/01/2018 19:43:43] CPU Usage:0 % --> Command Line : 332 | [Owner : DWM-2 | Parent : 7384(winlogon.exe) | 28.66 Mo] - (.Microsoft Corporation - Gestionnaire de fenêtres du Bureau.) - (6.3.9600.17415) = C:\Windows\System32\dwm.exe [24/06/2016 14:25:30] CPU Usage:0 % --> Command Line : 6068 | [Owner : Système | Parent : 6140(SearchIndexer.exe) | 6.82 Mo] - (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) - (7.0.9600.18722) = C:\Windows\System32\SearchProtocolHost.exe [14/06/2017 12:00:42] CPU Usage:0 % --> Command Line : 5616 | [Owner : Système | Parent : 1368(NVDisplay.Container.exe) | 36.74 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.2.0.0) = C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [26/02/2018 19:53:26] CPU Usage:0 % --> Command Line : 3896 | [Owner : Système | Parent : 1536(svchost.exe) | 4.75 Mo] - (.Microsoft Corporation - Moteur du Planificateur de tâches.) - (6.3.9600.18001) = C:\Windows\System32\taskeng.exe [24/06/2016 13:48:13] CPU Usage:0 % --> Command Line : 5920 | [Owner : Julien | Parent : 1536(svchost.exe) | 9.17 Mo] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (6.3.9600.17415) = C:\Windows\System32\taskhostex.exe [24/06/2016 14:25:12] CPU Usage:0 % --> Command Line : 4036 | [Owner : Julien | Parent : 1536(svchost.exe) | 1.06 Mo] - (.ASUSTeK Computer Inc. - ASUS System Level Up Newe Service.) - (1.1.0.2) = C:\Program Files (x86)\ASUS\AEGIS\AsSysLevelUpSrc.exe [05/06/2014 20:34:43] CPU Usage:0 % --> Command Line : 4760 | [Owner : Julien | Parent : 1536(svchost.exe) | 0.82 Mo] - (.ASUSTeK Computer Inc. - AEGIS Alert Service Application.) - (2.0.1.1) = C:\Program Files (x86)\ASUS\AEGIS\AEGIS_AlertService.exe [05/06/2014 20:34:43] CPU Usage:0 % --> Command Line : 4340 | [Owner : Julien | Parent : 2792(nvcontainer.exe) | 15.87 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.10.2366.3209) = C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe [26/02/2018 19:54:05] CPU Usage:0 % --> Command Line : 3660 | [Owner : Julien | Parent : 2792(nvcontainer.exe) | 32.71 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.10.2366.3209) = C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe [26/02/2018 19:54:05] CPU Usage:0 % --> Command Line : 6148 | [Owner : Julien | Parent : 1536(svchost.exe) | 3.58 Mo] - (.ASUSTeK Computer Inc. - AEGIS System Detection Application.) - (1.0.2.6) = C:\Program Files (x86)\ASUS\AEGIS\AEGIS_SysMode.exe [05/06/2014 20:34:43] CPU Usage:12 % --> Command Line : 6032 | [Owner : Julien | Parent : 1536(svchost.exe) | 29.8 Mo] - (.- SecureDeleteBackground.) - (1.0.0.0) = C:\Program Files (x86)\ASUS\ASUS Manager\PC Cleanup\SecureDeleteBackground.exe [11/09/2014 02:31:08] CPU Usage:0 % --> Command Line : 7496 | [Owner : Julien | Parent : 1536(svchost.exe) | 0.68 Mo] - (.ASUSTeK - Power Manager_background.) - (1.4.0.1) = C:\Program Files (x86)\ASUS\ASUS Manager\Power Manager\Power Manager_background.exe [11/09/2014 02:31:16] CPU Usage:0 % --> Command Line : 5576 | [Owner : Julien | Parent : 2632(MBAMService.exe) | 26.24 Mo] - (.Malwarebytes - Malwarebytes Tray Application.) - (3.0.0.1429) = C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [21/04/2018 16:35:41] CPU Usage:0 % --> Command Line : 4440 | [Owner : Julien | Parent : 1536(svchost.exe) | 0.58 Mo] - (.ASUSTeK - ASUS_Manager_Lighting.) - (1.4.0.0) = C:\Program Files (x86)\ASUS\ASUS Manager\Lighting\ASUS_Manager_Lighting.exe [11/09/2014 02:30:58] CPU Usage:0 % --> Command Line : 6216 | [Owner : Julien | Parent : 3672() | 125.2 Mo] - (.Microsoft Corporation - Explorateur Windows.) - (6.3.9600.18460) = C:\Windows\explorer.exe [12/10/2016 14:32:27] CPU Usage:0 % --> Command Line : 3328 | [Owner : Julien | Parent : 1536(svchost.exe) | 0.65 Mo] - (.ASUSTeK Computer Inc. - Tool to handle application key.) - (2.0.0.5) = C:\Program Files (x86)\ASUS\ASUS Manager\AsHKService.exe [11/09/2014 02:30:10] CPU Usage:0 % --> Command Line : 3900 | [Owner : Julien | Parent : 6216(explorer.exe) | 8.74 Mo] - (.IvoSoft - Classic Start Menu.) - (4.0.4.0) = C:\Program Files\Classic Shell\ClassicStartMenu.exe [18/01/2014 18:12:04] CPU Usage:0 % --> Command Line : 4368 | [Owner : Julien | Parent : 2432(BTDevMgr.exe) | 10.45 Mo] - (.Realtek Semiconductor Corporation - Realtek Bluetooth BTServer Application.) - (1.0.79.1) = C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe [11/09/2014 02:27:10] CPU Usage:0 % --> Command Line : 1952 | [Owner : Julien | Parent : 948(svchost.exe) | 14.76 Mo] - (.Microsoft Corporation - OneDrive Sync Engine.) - (6.3.9600.17484) = C:\Windows\System32\SkyDrive.exe [26/06/2016 10:07:33] CPU Usage:0 % --> Command Line : 5816 | [Owner : Julien | Parent : 948(svchost.exe) | 3.73 Mo] - (.Microsoft Corporation - Host Process for Setting Synchronization.) - (6.3.9600.18231) = C:\Windows\System32\SettingSyncHost.exe [24/06/2016 14:35:45] CPU Usage:0 % --> Command Line : 412 | [Owner : Julien | Parent : 5608() | 19.62 Mo] - (.Node.js - NVIDIA Web Helper Service.) - (6.12.2.0) = C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe [26/02/2018 19:54:15] CPU Usage:0 % --> Command Line : 928 | [Owner : Julien | Parent : 412(NVIDIA Web Helper.exe) | 0.46 Mo] - (.Microsoft Corporation - Hôte de la fenêtre de la console.) - (6.3.9600.17415) = C:\Windows\System32\conhost.exe [24/06/2016 14:26:11] CPU Usage:0 % --> Command Line : 5728 | [Owner : Julien | Parent : 6216(explorer.exe) | 14.06 Mo] - (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) - (1.0.630.0) = C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [13/04/2017 05:48:26] CPU Usage:0 % --> Command Line : 2668 | [Owner : Julien | Parent : 6216(explorer.exe) | 11.9 Mo] - (.Realtek Semiconductor - HD Audio Background Process.) - (1.0.0.269) = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [13/04/2017 05:48:12] CPU Usage:0 % --> Command Line : 7712 | [Owner : Julien | Parent : 7656() | 5.81 Mo] - (.CyberLink Corp. - PowerDVD RC Service.) - (10.0.4313.0) = C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [09/03/2013 01:18:34] CPU Usage:0 % --> Command Line : 3688 | [Owner : Julien | Parent : 7656() | 5.1 Mo] - (.Oracle Corporation - Java Update Scheduler.) - (2.8.171.11) = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [28/03/2018 16:27:32] CPU Usage:0 % --> Command Line : 1392 | [Owner : Julien | Parent : 4056() | 16.89 Mo] - (.Piriform Ltd - CCleaner.) - (5.19.0.5633) = C:\Program Files\CCleaner\CCleaner64.exe [15/06/2016 15:53:54] CPU Usage:0 % --> Command Line : 3748 | [Owner : Julien | Parent : 948(svchost.exe) | 5.19 Mo] - (.Microsoft Corporation - Sink to receive asynchronous callbacks for WMI client application.) - (6.3.9600.17415) = C:\Windows\System32\wbem\unsecapp.exe [24/06/2016 14:24:27] CPU Usage:0 % --> Command Line : 8812 | [Owner : Julien | Parent : 6216(explorer.exe) | 119.64 Mo] - (.Google Inc. - Google Chrome.) - (65.0.3325.181) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [26/06/2016 09:58:08] CPU Usage:0 % --> Command Line : 8828 | [Owner : Julien | Parent : 8812(chrome.exe) | 8.82 Mo] - (.Google Inc. - Google Chrome.) - (65.0.3325.181) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [26/06/2016 09:58:08] CPU Usage:0 % --> Command Line : 8860 | [Owner : Julien | Parent : 8812(chrome.exe) | 9.25 Mo] - (.Google Inc. - Google Chrome.) - (65.0.3325.181) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [26/06/2016 09:58:08] CPU Usage:0 % --> Command Line : 9004 | [Owner : Julien | Parent : 8812(chrome.exe) | 84.1 Mo] - (.Google Inc. - Google Chrome.) - (65.0.3325.181) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [26/06/2016 09:58:08] CPU Usage:1 % --> Command Line : 9060 | [Owner : Julien | Parent : 8812(chrome.exe) | 92.83 Mo] - (.Google Inc. - Google Chrome.) - (65.0.3325.181) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [26/06/2016 09:58:08] CPU Usage:0 % --> Command Line : 9092 | [Owner : Julien | Parent : 8812(chrome.exe) | 102.11 Mo] - (.Google Inc. - Google Chrome.) - (65.0.3325.181) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [26/06/2016 09:58:08] CPU Usage:0 % --> Command Line : 8688 | [Owner : Julien | Parent : 6216(explorer.exe) | 22.66 Mo] - (.Microsoft Corporation - Microsoft Office Click-to-Run (SxS).) - (16.0.9226.2082) = C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe [14/01/2018 18:33:17] CPU Usage:0 % --> Command Line : 4560 | [Owner : Julien | Parent : 8812(chrome.exe) | 106.22 Mo] - (.Google Inc. - Google Chrome.) - (65.0.3325.181) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [26/06/2016 09:58:08] CPU Usage:0 % --> Command Line : 9696 | [Owner : Système | Parent : 824(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.3.9600.17415) = C:\Windows\System32\svchost.exe [24/06/2016 14:24:30] CPU Usage:0 % --> Command Line : 10132 | [Owner : Julien | Parent : 7428() | 28.14 Mo] - (.Intel Corporation - IAStorIcon.) - (13.0.3.1001) = C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [11/04/2014 19:31:06] CPU Usage:0 % --> Command Line : 10228 | [Owner : Système | Parent : 2500(OfficeClickToRun.exe) | 49.02 Mo] - (.Microsoft Corporation - Microsoft Office Click-to-Run (SxS).) - (16.0.9226.2100) = C:\Program Files\Common Files\microsoft shared\ClickToRun\Updates\16.0.9226.2100\OfficeClickToRun.exe [23/04/2018 17:42:28] CPU Usage:0 % --> Command Line : 1224 | [Owner : SERVICE LOCAL | Parent : 1460(svchost.exe) | ?????] - (.Microsoft Corporation - Isolation graphique de périphérique audio Windows.) - (6.3.9600.17415) = C:\Windows\System32\audiodg.exe [24/06/2016 14:26:49] CPU Usage:0 % --> Command Line : 11964 | [Owner : Julien | Parent : 8812(chrome.exe) | 26.14 Mo] - (.Google Inc. - Google Chrome.) - (65.0.3325.181) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [26/06/2016 09:58:08] CPU Usage:0 % --> Command Line : 9016 | [Owner : Système | Parent : 1536(svchost.exe) | 1.19 Mo] - (.Microsoft Corporation - Microsoft Compatibility Telemetry.) - (10.0.17060.1029) = C:\Windows\System32\CompatTelRunner.exe [11/04/2018 18:15:01] CPU Usage:0 % --> Command Line : 5212 | [Owner : Système | Parent : 9016(CompatTelRunner.exe) | 0.97 Mo] - (.Microsoft Corporation - Hôte de la fenêtre de la console.) - (6.3.9600.17415) = C:\Windows\System32\conhost.exe [24/06/2016 14:26:11] CPU Usage:0 % --> Command Line : 12212 | [Owner : Système | Parent : 9016(CompatTelRunner.exe) | 23.89 Mo] - (.Microsoft Corporation - Microsoft Compatibility Telemetry.) - (10.0.17060.1029) = C:\Windows\System32\CompatTelRunner.exe [11/04/2018 18:15:01] CPU Usage:1 % --> Command Line : 10152 | [Owner : Julien | Parent : 6216(explorer.exe) | 34.89 Mo] - (.SosVirus - QuickDiag.) - (21.4.18.1) = C:\Users\Julien\Downloads\QuickDiag.exe [21/04/2018 17:34:09] CPU Usage:0 % --> Command Line : 2152 | [Owner : Julien | Parent : 3064(updatesrv.exe) | 9 Mo] - (.Bitdefender - Bitdefender Agent.) - (19.6.0.321) = C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [04/12/2016 14:20:45] CPU Usage:0 % --> Command Line : 12260 | [Owner : SERVICE RÉSEAU | Parent : 948(svchost.exe) | 7.19 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (6.3.9600.18946) = C:\Windows\SysWOW64\wbem\WmiPrvSE.exe [11/04/2018 18:22:17] CPU Usage:0 % --> Command Line : 444 | [Owner : Système | Parent : 824(services.exe) | 2.59 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.3.9600.17415) = C:\Windows\System32\svchost.exe [24/06/2016 14:24:30] CPU Usage:0 % --> Command Line : ---------- | MD5 [MD5.ED6B4C95E2A6D67480B9DBB8A8E7D9B4] - [12/10/2016 14:32:27] - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [2690.92 Ko] - (6.3.9600.18460) : C:\Windows\Explorer.exe [MD5.F5AE03DE0AD60F5B17B82F2CD68402FE] - [24/06/2016 14:26:22] - (.© Microsoft Corporation. Tous droits réservés. - Interpréteur de commandes Windows.) - [349 Ko] - (6.3.9600.17415) : C:\Windows\System32\cmd.exe [MD5.B2D3F07F5E8A13AF988A8B3C0A800880] - [22/08/2013 15:25:40] - (.© Microsoft Corporation. Tous droits réservés. - Processus d’exécution client-serveur.) - [16.72 Ko] - (6.3.9600.16384) : C:\Windows\System32\csrss.exe [MD5.9361355721F51E3A25DF53702D10E9DE] - [24/06/2016 14:26:49] - (.© Microsoft Corporation. - COM Surrogate.) - [18.81 Ko] - (6.3.9600.17415) : C:\Windows\System32\dllhost.exe [MD5.4F455778B6CDA2FD61D4F8B0A3E0543C] - [24/06/2016 14:27:10] - (.© Microsoft Corporation. Tous droits réservés. - DLL du client API BASE Windows NT.) - [1279.05 Ko] - (6.3.9600.17415) : C:\Windows\System32\Kernel32.dll [MD5.382100E75B6F4668AEAEF228C6CEFFAD] - [24/06/2016 14:24:24] - (.© Microsoft Corporation. - Local Security Authority Process.) - [45.92 Ko] - (6.3.9600.17415) : C:\Windows\System32\lsass.exe [MD5.2928249E4DD39C2ADD3E74F02427AB8B] - [12/01/2018 19:43:49] - (.© Microsoft Corporation. - Distributed COM Services.) - [798.5 Ko] - (6.3.9600.18895) : C:\Windows\System32\rpcss.dll [MD5.6C308D32AFA41D26CE2A0EA8F7B79565] - [24/06/2016 14:24:07] - (.© Microsoft Corporation. Tous droits réservés. - Processus hôte Windows (Rundll32).) - [53.5 Ko] - (6.3.9600.17415) : C:\Windows\System32\rundll32.exe [MD5.E0C7813A97CA7947FF5C18A8F3B61A45] - [24/06/2016 13:54:01] - (.© Microsoft Corporation. Tous droits réservés. - Applications Services et Contrôleur.) - [400.52 Ko] - (6.3.9600.17793) : C:\Windows\System32\services.exe [MD5.E3A2AD05E24105B35E986CF9CB38EC47] - [24/06/2016 14:24:30] - (.© Microsoft Corporation. Tous droits réservés. - Processus hôte pour les services Windows.) - [37.88 Ko] - (6.3.9600.17415) : C:\Windows\System32\svchost.exe [MD5.421B695412FE0D5B0C0DB00C51EABA1B] - [14/12/2016 19:22:20] - (.© Microsoft Corporation. Tous droits réservés. - DLL client de l’API uilisateur de Windows multi-utilisateurs.) - [1505.12 Ko] - (6.3.9600.18535) : C:\Windows\System32\user32.dll [MD5.5C131534A3EA4A461A793FB507A8004F] - [24/06/2016 14:23:26] - (.© Microsoft Corporation. Tous droits réservés. - Application d’ouverture de session Userinit.) - [25.5 Ko] - (6.3.9600.17415) : C:\Windows\System32\userinit.exe [MD5.D9516405E05F24EDCD90B1988FAF3948] - [16/03/2017 19:29:49] - (.© Microsoft Corporation. Tous droits réservés. - Application de démarrage de Windows.) - [143.5 Ko] - (6.3.9600.18577) : C:\Windows\System32\Wininit.exe [MD5.4294D7AD504EA206A4A03DB29311B6C2] - [12/01/2018 19:43:43] - (.© Microsoft Corporation. Tous droits réservés. - Application d’ouverture de session Windows.) - [558 Ko] - (6.3.9600.18895) : C:\Windows\System32\Winlogon.exe [MD5.B246BEE99740A2A357E21D863A18774D] - [14/03/2018 08:56:10] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de fonction connexe pour WinSock.) - [546.5 Ko] - (6.3.9600.18909) : C:\Windows\System32\Drivers\afd.sys [MD5.74B14192CF79A72F7536B27CB8814FBD] - [22/08/2013 14:22:57] - (.© Microsoft Corporation. - ATAPI IDE Miniport Driver.) - [25.84 Ko] - (6.3.9600.16384) : C:\Windows\System32\Drivers\atapi.sys [MD5.38E1F4E0148A24C65D215F14D57B0711] - [22/08/2013 14:22:57] - (.© Microsoft Corporation. - ATAPI Driver Extension.) - [194.84 Ko] - (6.3.9600.16384) : C:\Windows\System32\Drivers\ataport.sys [MD5.2FA6510E33F7DEFEC03658B74101A9B9] - [22/08/2013 13:40:20] - (.© Microsoft Corporation. - CD-ROM File System Driver.) - [86.5 Ko] - (6.3.9600.16384) : C:\Windows\System32\Drivers\cdfs.sys [MD5.D61EDE3D49B04E703AEC3B111C763F42] - [14/02/2018 12:56:42] - (.© Microsoft Corporation. - SCSI CD-ROM Driver.) - [161.5 Ko] - (6.3.9600.18878) : C:\Windows\System32\Drivers\cdrom.sys [MD5.D1049D4D1311D43F6FCF180CAA5BF78B] - [12/01/2018 19:43:40] - (.© Microsoft Corporation. - DFS Namespace Client Driver.) - [135.5 Ko] - (6.3.9600.18895) : C:\Windows\System32\Drivers\dfsc.sys [MD5.D4B7ED39C7900384D9E5C1283F1E7926] - [24/06/2016 14:25:24] - (.© Microsoft Corporation. - High Definition Audio Bus Driver.) - [75 Ko] - (6.3.9600.17238) : C:\Windows\System32\Drivers\hdaudbus.sys [MD5.49EE0AE9E5B64FFBBD06D55C4984B598] - [24/06/2016 14:37:08] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de port i8042.) - [106 Ko] - (6.3.9600.17480) : C:\Windows\System32\Drivers\i8042prt.sys [MD5.B7342B3C58E91107F6E946A93D9D4EFD] - [13/03/2014 05:57:51] - (.© Microsoft Corporation. - IP Network Address Translator.) - [139.5 Ko] - (6.3.9600.16477) : C:\Windows\System32\Drivers\ipnat.sys [MD5.CD5A8F361D0A057EB0C5797D86FA6CF4] - [20/04/2018 21:30:20] - (.© Microsoft Corporation. Tous droits réservés. - Minirdr SMB Windows NT.) - [392 Ko] - (6.3.9600.18911) : C:\Windows\System32\Drivers\mrxsmb.sys [MD5.FFAA6C6E798FBA448FA7628A1B277F5C] - [12/04/2017 14:22:28] - (.© Microsoft Corporation. Tous droits réservés. - NDIS (Network Driver Interface Specification).) - [1087.84 Ko] - (6.3.9600.18577) : C:\Windows\System32\Drivers\ndis.sys [MD5.0FE750800DEEE91D22399D081371BA79] - [13/09/2017 18:19:05] - (.© Microsoft Corporation. - MBT Transport driver.) - [275 Ko] - (6.3.9600.18790) : C:\Windows\System32\Drivers\netbt.sys [MD5.EE9B628D84DE372953A6D30AAB02DBD6] - [12/01/2018 19:43:52] - (.© Microsoft Corporation. Tous droits réservés. - Pilote du système de fichiers NT.) - [1965.84 Ko] - (6.3.9600.18895) : C:\Windows\System32\Drivers\ntfs.sys [MD5.57DCE4FB0467986AE78E1C6FC5240D32] - [12/10/2016 14:34:00] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de port parallèle.) - [94 Ko] - (6.3.9600.18437) : C:\Windows\System32\Drivers\parport.sys [MD5.235624C147E3CB4C288D5D3D8E8D64A2] - [24/06/2016 14:44:56] - (.© Microsoft Corporation. - RAS L2TP mini-port/call-manager driver.) - [110 Ko] - (6.3.9600.18226) : C:\Windows\System32\Drivers\rasl2tp.sys [MD5.680C1DAE268B6FB67FA21B389A8B79EF] - [22/08/2013 21:11:06] - (.© Microsoft Corporation. Tous droits réservés. - Redirecteur de périphérique de Microsoft RDP.) - [191 Ko] - (6.3.9600.16384) : C:\Windows\System32\Drivers\rdpdr.sys [MD5.12D04D8C02F16D8D7346A494E524507D] - [14/02/2018 12:56:45] - (.© Microsoft Corporation. Tous droits réservés. - Pilote TCP/IP.) - [2395.34 Ko] - (6.3.9600.18911) : C:\Windows\System32\Drivers\tcpip.sys [MD5.576FA545FAB846B06E79B324160DE25C] - [09/08/2017 15:18:14] - (.© Microsoft Corporation. - TDI Translation Driver.) - [105 Ko] - (6.3.9600.18783) : C:\Windows\System32\Drivers\tdx.sys [MD5.17F7B0F2298D97F4B6C7A69511033D3D] - [24/06/2016 13:50:54] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de cliché instantané du volume.) - [309.34 Ko] - (6.3.9600.18265) : C:\Windows\System32\Drivers\volsnap.sys ---------- | Locked Applications ---------- | Explorer.exe component call (Microsoft Files Whitelisted) (.IvoSoft.-.Start Menu Helper Extension.) - (4.0.4.0) -- C:\Windows\system32\StartMenuHelper64.dll (.NVIDIA Corporation.-.NVIDIA D3D10 Driver, Version 391.35.) - (23.21.13.9135) -- C:\Windows\SYSTEM32\nvwgf2umx.dll (.IvoSoft.-.Classic Start Menu.) - (4.0.4.0) -- C:\Program Files\Classic Shell\ClassicStartMenuDLL.dll (.ASUS Cloud Corporation..-.AsusWSShellExt64.) - (1.1.0.27) -- C:\Program Files (x86)\Common Files\AWS\2.0.3.226\ASUSWSShellExt64.dll (.Bitdefender.-.Product Info Library.) - (19.6.0.326) -- C:\Program Files\Bitdefender\Bitdefender 2015\IServConfig.dll (.Bitdefender.-.Bitdefender File Shredder Shell Extension.) - (19.1.0.3) -- C:\Program Files\Bitdefender\Bitdefender 2015\UI\fshredctx.ui (.NVIDIA Corporation.-.NVIDIA NVAPI Library, Version 391.35.) - (23.21.13.9135) -- C:\Windows\system32\nvapi64.dll ---------- | Svchost.exe component call (Microsoft Files Whitelisted) (.Copyright (c) 2016 Realtek Semiconductor Corp..-.Realtek(r) LFX/GFX DSP component.) - (11.0.6000.562) -- C:\Windows\system32\RltkAPO64.dll ---------- | ZeroAccess Check [HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\shell32.dll [HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll [HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\shell32.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll ---------- | Startings up Twitch - (Twitch.lnk [Startup]) - User: XIONG\Julien CCleaner Monitoring - ("C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\SOFTWARE\...\Run]) - User: XIONG\Julien Spotify - (C:\Users\Julien\AppData\Roaming\Spotify\Spotify.exe --autostart --minimized [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\SOFTWARE\...\Run]) - User: XIONG\Julien Skype - ("C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\SOFTWARE\...\Run]) - User: XIONG\Julien Spotify Web Helper - (C:\Users\Julien\AppData\Roaming\Spotify\SpotifyWebHelper.exe --autostart [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\SOFTWARE\...\Run]) - User: XIONG\Julien RTHDVCPL - ("C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s [HKLM\SOFTWARE\...\Run]) - User: Public RtHDVBg - ("C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX4 [HKLM\SOFTWARE\...\Run]) - User: Public IAStorIcon - ("C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60 [HKLM\SOFTWARE\...\Run]) - User: Public BtServer - ("C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe" [HKLM\SOFTWARE\...\Run]) - User: Public Classic Start Menu - ("C:\Program Files\Classic Shell\ClassicStartMenu.exe" -autorun [HKLM\SOFTWARE\...\Run]) - User: Public Bdagent - ("C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe" [HKLM\SOFTWARE\...\Run]) - User: Public [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Microsoft\Command Processor] "PathCompletionChar"=9 "EnableExtensions"=1 "CompletionChar"=9 "DefaultColor"=0 [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Microsoft\Windows\CurrentVersion\Run] "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR "Spotify"=C:\Users\Julien\AppData\Roaming\Spotify\Spotify.exe --autostart --minimized "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun "Spotify Web Helper"=C:\Users\Julien\AppData\Roaming\Spotify\SpotifyWebHelper.exe --autostart [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run] "Skype"=0x0300000070EBF0F88ACFD101 "CCleaner Monitoring"=0x020000000000000000000000 "Spotify"=0x030000009BA63A550263D301 "Spotify Web Helper"=0x030000006C1872570263D301 "Steam"=0x03000000602EC275A5D3D101 "EADM"=0x030000001B089CF4BB03D201 [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "Device"=HP Photosmart 5520 series Class Driver,winspool,Ne03: "UserSelectedDefault"=1 [HKLM\Software\Microsoft\Command Processor] "PathCompletionChar"=64 "EnableExtensions"=1 "CompletionChar"=64 "DefaultColor"=0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s "RtHDVBg"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX4 "IAStorIcon"="C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60 "BtServer"="C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe" "Classic Start Menu"="C:\Program Files\Classic Shell\ClassicStartMenu.exe" -autorun "Bdagent"="C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe" [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run] "RTHDVCPL"=0x060000000000000000000000 "RtHDVBg"=0x060000000000000000000000 "Classic Start Menu"=0x020000000000000000000000 "IAStorIcon"=0x020000000000000000000000 "Nvtmru"=0x020000000000000000000000 "BtServer"=0x020000000000000000000000 "iTunesHelper"=0x03000000C6BB694F0263D301 "ShadowPlay"=0x020000000000000000000000 "Bdagent"=0x03000000FB76D167294ED201 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32] "Adobe ARM"=0x060000000000000000000000 "ASUSPRP"=0x070000002A4C29238BCFD101 "WebStorage"=0x07000000A88891248BCFD101 "mcpltui_exe"=0x040000000000000000000000 "RemoteControl10"=0x020000000000000000000000 "SunJavaUpdateSched"=0x020000000000000000000000 "Snap"=0x03000000415B10A87786D301 [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] ""=mnmsrvc "Spooler"=yes "DeviceNotSelectedTimeout"=15 "TransmissionRetryTimeout"=90 "EnableDwmInputProcessing"=7 "ShutdownWarningDialogTimeout"=4294967295 "USERProcessHandleQuota"=10000 "LoadAppInit_DLLs"=0 "IconServiceLib"=IconCodecService.dll "DesktopHeapLogging"=1 "DdeSendTimeout"=0 "DwmInputUsesIoCompletionPort"=1 "USERPostMessageLimit"=10000 "USERNestedWindowLimit"=50 "AppInit_DLLs"= "NaturalInputHandler"=Ninput.dll "ThreadUnresponsiveLogTimeout"=500 "GDIProcessHandleQuota"=10000 "Win32kLastWriteTime"=1D3C2ADDAEEC4BF [HKLM\Software\WOW6432Node\Microsoft\Command Processor] "PathCompletionChar"=64 "EnableExtensions"=1 "CompletionChar"=64 "DefaultColor"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] "ASUSPRP"="C:\Program Files (x86)\ASUS\APRP\APRP.EXE" "WebStorage"=C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\ASUSWSLoader.exe [16/08/2013 10:25:08] "RemoteControl10"="C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" "Snap"=C:\Program Files (x86)\USB 2.0 PC CAMERA\Camera Snap.exe [01/01/2018 19:00:16] "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows] ""=mnmsrvc "Spooler"=yes "DeviceNotSelectedTimeout"=15 "TransmissionRetryTimeout"=90 "EnableDwmInputProcessing"=7 "ShutdownWarningDialogTimeout"=4294967295 "USERProcessHandleQuota"=10000 "LoadAppInit_DLLs"=0 "IconServiceLib"=IconCodecService.dll "DesktopHeapLogging"=1 "DdeSendTimeout"=0 "DwmInputUsesIoCompletionPort"=1 "USERPostMessageLimit"=10000 "USERNestedWindowLimit"=50 "AppInit_DLLs"= "NaturalInputHandler"=Ninput.dll "ThreadUnresponsiveLogTimeout"=500 "GDIProcessHandleQuota"=10000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED} ---------- | Win.ini : ---------- | System.ini : ---------- | Tasks List Adobe Acrobat Update Task AsusVibeSchedule CCleanerSkipUAC GoogleUpdateTaskMachineCore GoogleUpdateTaskMachineUA NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} OneDrive Standalone Update Task-S-1-5-21-3714920687-1367710502-1323822166-1002 Optimize Start Menu Cache Files-S-1-5-21-3714920687-1367710502-1323822166-1002 User_Feed_Synchronization-{694876AC-481A-4F4E-8531-3D8D8157712C} {0DFE458C-F0D8-4326-B501-7DEAE6413E4E} ---------- | Startings up registry ? Folder ---------- | Control - lsa - SecurityProviders - Session Manager - Terminal Server [HKLM\System\CurrentControlSet\Control] "PreshutdownOrder"=wuauserv gpsvc trustedinstaller "EarlyStartServices"=RpcSs Power BrokerInfrastructure SystemEventsBroker DcomLaunch RpcEpMapper LSM "BootDriverFlags"=28 "CurrentUser"=USERNAME "WaitToKillServiceTimeout"=200 "ServiceControlManagerExtension"=%systemroot%\system32\scext.dll "SystemStartOptions"= NOEXECUTE=OPTIN "SystemBootDevice"=multi(0)disk(0)rdisk(0)partition(4) "FirmwareBootDevice"=multi(0)disk(0)rdisk(0)partition(2) "LastBootSucceeded"=1 "LastBootShutdown"=0 "DirtyShutdownCount"=39 [HKLM\System\CurrentControlSet\Control\lsa] "Bounds"=0x0030000000200000 "auditbasedirectories"=0 "fullprivilegeauditing"=0x00 "crashonauditfail"=0 "auditbaseobjects"=0 "Security Packages"="" [24/06/2016 13:19:53] "LimitBlankPasswordUse"=1 "NoLmHash"=1 "Notification Packages"=scecli "Authentication Packages"=msv1_0 "LsaPid"=832 "SecureBoot"=1 "ProductType"=3 "disabledomaincreds"=0 "everyoneincludesanonymous"=0 "forceguest"=0 "restrictanonymous"=0 "restrictanonymoussam"=1 "SamConnectedAccountsExist"=1 [HKLM\System\CurrentControlSet\Control\SecurityProviders] "SecurityProviders"=credssp.dll [HKLM\System\CurrentControlSet\Control\Session Manager] "GlobalFlag"=0 "HeapDeCommitTotalFreeThreshold"=0 "HeapSegmentCommit"=0 "HeapDeCommitFreeBlockThreshold"=0 "ResourceTimeoutCount"=648000 "ObjectDirectories"=\Windows \RPC Control "ProtectionMode"=1 "CriticalSectionTimeout"=2592000 "ProcessorControl"=2 "HeapSegmentReserve"=0 "ExcludeFromKnownDlls"= "BootExecute"=autocheck autochk * "BootShell"=%SystemRoot%\system32\bootim.exe "NumberOfInitialSessions"=2 "RunLevelExecute"=WinInit ServiceControlManager "AutoChkTimeout"=1 "RunLevelValidate"=ServiceControlManager "SETUPEXECUTE"= [HKLM\System\CurrentControlSet\Control\Terminal Server] "StartRCM"=0 "DeleteTempDirsOnExit"=1 "fSingleSessionPerUser"=1 "TSUserEnabled"=0 "RCDependentServices"=CertPropSvc SessionEnv "SnapshotMonitors"=1 "DelayConMgrTimeout"=0 "NotificationTimeOut"=0 "PerSessionTempDir"=0 "AllowRemoteRPC"=0 "ProductVersion"=5.1 "fDenyTSConnections"=1 "InstanceID"=a214cc38-1f11-481a-bf3d-b0810cf "GlassSessionId"=2 ---------- | .LNK with Arguments c:\adsfix\quarantine\c\$recycle.bin.adsfix\s-1-5-21-3714920687-1367710502-1323822166-1002\$ram9mcv.lnk - Encrypted: False - Target: C:\Program Files (x86)\Internet Explorer\iexplore.exe - Args: (hxxps://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=S3AQ8V3XRWWYN) - Hidden: False - Status: OK ---------- | AppCertDlls ---------- | Dnsapi.dll C:\Windows\System32\dnsapi.dll -> OK : \drivers\etc\hosts C:\Windows\SysWOW64\dnsapi.dll -> OK : \drivers\etc\hosts ---------- | Policies | Registry [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Control Panel\Desktop] "DragHeight"=4 "CoolSwitchColumns"=7 "ActiveWndTrackTimeout"=0 "MouseCornerClipLength"=6 "MouseMonitorEscapeSpeed"=0 "DragWidth"=4 "WallpaperStyle"=0 "ScreenSaveActive"=1 "TileWallpaper"=0 "WheelScrollLines"=3 "Pattern"=0 "FontSmoothingType"=2 "WindowArrangementActive"=1 "BlockSendInputResets"=0 "MenuShowDelay"=400 "ClickLockTime"=1200 "CaretWidth"=1 "FocusBorderWidth"=1 "WallpaperOriginX"=0 "WallpaperOriginY"=0 "DragFullWindows"=1 "CoolSwitchRows"=3 "ForegroundFlashCount"=7 "LeftOverlapChars"=3 "ForegroundLockTimeout"=1633424 "FontSmoothingGamma"=0 "DragFromMaximize"=1 "FontSmoothing"=2 "FocusBorderHeight"=1 "WheelScrollChars"=3 "DockMoving"=1 "SnapSizing"=1 "CursorBlinkRate"=530 "MouseWheelRouting"=1 "RightOverlapChars"=3 "FontSmoothingOrientation"=1 "PaintDesktopVersion"=0 "Win8DpiScaling"=0 "UserPreferencesMask"=0x9E1E078012000000 "AutoColorization"=1 "Wallpaper"=C:\Users\Julien\AppData\Roaming\Microsoft\Windows Photo Viewer\Papier peint de la Visionneuse de photos Windows.jpg [23/10/2017 16:19:33] "MaxVirtualDesktopDimension"=3840 "MaxMonitorDimension"=1920 "TranscodedImageCount"=1 "LastUpdated"=4294967295 "TranscodedImageCache"=0x7AC301000EA302002A0300003804000070BE0BF3094CD30143003A005C00550073006500720073005C004A0075006C00690065006E005C0041007000700044006100740061005C0052006F0061006D0069006E0067005C004D006900630072006F0073006F00660074005C00570069006E0064006F00770073002000500068006F0074006F0020005600690065007700650072005C0050006100700069006500720020007000650069006E00740020006400650020006C006100200056006900730069006F006E006E0065007500730065002000640065002000700068006F0074006F0073002000570069006E0064006F00770073002E006A0070006700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 "ImageColor"=2531186243 "PreferredUILanguages"=fr-FR "WaitToKillAppTimeout"=200 "HungAppTimeout"=200 [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Microsoft\Windows\CurrentVersion\Explorer] "ExplorerStartupTraceRecorded"=1 "ShellState"=0x240000003628000000000000000000000000000001000000130000000000000062000000 "UserSignedIn"=1 "AllowStartMenuToDefaultOn"=1 "SIDUpdatedOnLibraries"=1 "LastClockSize"=0x270000000F000000460000000F000000410000000F000000 "GlobalAssocChangedCounter"=893 "AppReadinessLogonComplete"=1 "link"=0x1E000000 "Browse For Folder Width"=347 "Browse For Folder Height"=346 [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_SearchFiles"=2 "StoreAppsOnTaskbar"=1 "ServerAdminUI"=0 "Hidden"=0 "ShowCompColor"=1 "HideFileExt"=0 "DontPrettyPath"=0 "ShowInfoTip"=1 "HideIcons"=0 "MapNetDrvBtn"=0 "WebView"=1 "Filter"=0 "ShowSuperHidden"=0 "SeparateProcess"=0 "AutoCheckSelect"=0 "IconsOnly"=0 "ShowTypeOverlay"=1 "ShowStatusBar"=1 "ListviewAlphaSelect"=1 "ListviewShadow"=1 "TaskbarAnimations"=1 "StartMenuInit"=6 "ReindexedProfile"=1 "RTStartMenuNotificationDisplayCount"=0 "TaskbarSizeMove"=0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "EnableVirtualization"=1 "EnableInstallerDetection"=1 "PromptOnSecureDesktop"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "ConsentPromptBehaviorAdmin"=5 "ValidateAdminCodeSignatures"=0 "EnableUIADesktopToggle"=0 "EnableCursorSuppression"=1 "ConsentPromptBehaviorUser"=3 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "FilterAdministratorToken"=0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "ForceActiveDesktopOn"=0 "NoActiveDesktopChanges"=1 "NoActiveDesktop"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoComponents"=1 "NoAddingComponents"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{8E74D236-7F35-4720-B138-1FED0B85EA75}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "CheckedValue"=1 "Id"=2 "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "HKeyRoot"=2147483649 "DefaultValue"=2 "ValueName"=Hidden "Text"=@shell32.dll,-30500 "Type"=radio [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer] "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "IconUnderline"=2 "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd} "DoNotCleanTaskBar"=1 "SmartScreenEnabled"=RequireAdmin "GlobalAssocChangedCounter"=40 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "TaskbarSizeMove"=0 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\System] "EnableVirtualization"=1 "EnableInstallerDetection"=1 "PromptOnSecureDesktop"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "ConsentPromptBehaviorAdmin"=5 "ValidateAdminCodeSignatures"=0 "EnableUIADesktopToggle"=0 "EnableCursorSuppression"=1 "ConsentPromptBehaviorUser"=3 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "FilterAdministratorToken"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer] "ForceActiveDesktopOn"=0 "NoActiveDesktopChanges"=1 "NoActiveDesktop"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoComponents"=1 "NoAddingComponents"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 "{8E74D236-7F35-4720-B138-1FED0B85EA75}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "CheckedValue"=1 "Id"=2 "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "HKeyRoot"=2147483649 "DefaultValue"=2 "ValueName"=Hidden "Text"=@shell32.dll,-30500 "Type"=radio [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer] "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "IconUnderline"=2 "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd} "GlobalAssocChangedCounter"=111 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "TaskbarSizeMove"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s ---------- | Winlogon [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin;SkyDrive;Work Folders "BuildNumber"=9600 "FirstLogon"=0 "ParseAutoexec"=1 [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "Userinit"=C:\Windows\system32\userinit.exe, "LegalNoticeText"= "Shell"=explorer.exe "LegalNoticeCaption"= "DebugServerCommand"=no "ForceUnlockLogon"=0 "ReportBootOk"=1 "VMApplet"=SystemPropertiesPerformance.exe /pagefile "AutoRestartShell"=1 "PowerdownAfterShutdown"=0 "ShutdownWithoutLogon"=0 "Background"=0 0 0 "PasswordExpiryWarning"=5 "CachedLogonsCount"=10 "WinStationsDisabled"=0 "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "scremoveoption"=0 "DisableCAD"=1 "ShutdownFlags"=7 "EnableFirstLogonAnimation"=1 "AutoLogonSID"=S-1-11-96-3623454863-58364-18864-2661722203-1597581903-3839499467-452403515-1966291231-3296986956-1722986098 "LastUsedUsername"=MicrosoftAccount\tokiohideo01@hotmail.com "AutoAdminLogon"=0 "DefaultUserName"=MicrosoftAccount\tokiohideo01@hotmail.com [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon] "Userinit"=userinit.exe, "Shell"=explorer.exe "VMApplet"=SystemPropertiesPerformance.exe /pagefile "DefaultDomainName"= "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "DefaultUserName"= ---------- | Associations [HKLM\Software\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\Classes\.com] ""=comfile [HKLM\Software\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.reg] ""=regfile [HKLM\Software\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\Classes\.scr] ""=scrfile [HKLM\Software\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\Classes\.bat] ""=batfile [HKLM\Software\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.cmd] ""=cmdfile [HKLM\Software\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.pif] ""=piffile [HKLM\Software\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.inf] ""=inffile [HKLM\Software\Classes\inffile\Shell\Open\Command] ""="%SystemRoot%\system32\NOTEPAD.EXE" %1 [HKLM\Software\Classes\.url] ""=InternetShortcut [HKLM\Software\Classes\.lnk] ""=lnkfile [HKLM\Software\Classes\.hta] ""=htafile "PerceivedType"=text "Content Type"=application/hta [HKLM\Software\Classes\htafile\Shell\Open\Command] ""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* [HKLM\Software\Classes\InternetShortcut] "NeverShowExt"= "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "EditFlags"=2 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "FriendlyTypeName"=@C:\Windows\System32\ieframe.dll,-10046 "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment [HKLM\Software\Classes\Application.Manifest] ""=Application Manifest "EditFlags"=4259840 "BrowserFlags"=4096 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200 [HKLM\Software\Classes\Application.Reference] ""=Application Reference "NeverShowExt"= "EditFlags"=131072 "IsShortcut"= "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201 [HKLM\Software\Classes\Folder] "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeLayoutPatternForBrowse"=delta ""=Folder "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay "ContentViewModeLayoutPatternForSearch"=alpha "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus "ThumbnailCutoff"=0 "NoRecentDocs"= "TileInfo"=prop:System.Title;System.HomeGroupSharingStatus [HKLM\Software\WOW6432Node\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\WOW6432Node\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\WOW6432Node\Classes\.com] ""=comfile [HKLM\Software\WOW6432Node\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.reg] ""=regfile [HKLM\Software\WOW6432Node\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\WOW6432Node\Classes\.scr] ""=scrfile [HKLM\Software\WOW6432Node\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\WOW6432Node\Classes\.bat] ""=batfile [HKLM\Software\WOW6432Node\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.cmd] ""=cmdfile [HKLM\Software\WOW6432Node\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.pif] ""=piffile [HKLM\Software\WOW6432Node\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.inf] ""=inffile [HKLM\Software\WOW6432Node\Classes\inffile\Shell\Open\Command] ""="%SystemRoot%\system32\NOTEPAD.EXE" %1 [HKLM\Software\WOW6432Node\Classes\.url] ""=InternetShortcut [HKLM\Software\WOW6432Node\Classes\.lnk] ""=lnkfile [HKLM\Software\WOW6432Node\Classes\.hta] ""=htafile "PerceivedType"=text "Content Type"=application/hta [HKLM\Software\WOW6432Node\Classes\htafile\Shell\Open\Command] ""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* [HKLM\Software\WOW6432Node\Classes\InternetShortcut] "NeverShowExt"= "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "EditFlags"=2 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "FriendlyTypeName"=@C:\Windows\System32\ieframe.dll,-10046 "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment [HKLM\Software\WOW6432Node\Classes\Application.Manifest] ""=Application Manifest "EditFlags"=4259840 "BrowserFlags"=4096 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200 [HKLM\Software\WOW6432Node\Classes\Application.Reference] ""=Application Reference "NeverShowExt"= "EditFlags"=131072 "IsShortcut"= "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201 [HKLM\Software\WOW6432Node\Classes\Folder] "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeLayoutPatternForBrowse"=delta ""=Folder "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay "ContentViewModeLayoutPatternForSearch"=alpha "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus "ThumbnailCutoff"=0 "NoRecentDocs"= "TileInfo"=prop:System.Title;System.HomeGroupSharingStatus [HKLM\Software\Clients\StartMenuInternet\Google Chrome\Shell\open\Command] ""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [HKLM\Software\Clients\StartMenuInternet\Google Chrome\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""="C:\Program Files (x86)\Internet Explorer\iexplore.exe" [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\Shell\open\Command] ""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""="C:\Program Files (x86)\Internet Explorer\iexplore.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall ---------- | AppcompatFlags [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store] "C:\Program Files (x86)\ASUS\StartMenuSetup\StartMenuSetup.exe"=0x5341435001000000000000000700000028000000383305001A6E050001000000000000000000030600210000975FD891C99ECE0100000000000000000200000028000000000000000000004000000000000000000000000000000000FB4E0000000000000100000001000000 "C:\Windows10Upgrade\Windows10UpgraderApp.exe"=0x5341435001000000000000000700000028000000C8841200D471130001000000000000000000030671220000975FD891C99ECE010000000000000000020000002800000000000000000000400000000000000000000000000000000043D64700000000000400000004000000 "C:\Windows10Upgrade\DW20.EXE"=0x5341435001000000000000000700000028000000C8D2090020C00A0001000000000000000000000671000000975FD891C99ECE01000000000000000002000000280000000000000000000080000000000000000000000000000000008C000000000000000100000001000000 "C:\Windows10Upgrade\bootsect.exe"=0x5341435001000000000000000700000028000000C8CE0100D016020001000000000000000000030671220000975FD891C99ECE01000000000000000002000000280000000000000000000000000000000000000000000000000000001F000000000000000100000001000000 "C:\Program Files (x86)\WinRAR\WinRAR.exe"=0x5341435001000000000000000700000028000000000816006EE1160001000000000000000000030600210000975FD891C99ECE0100000000000000000200000028000000000000000000001000000000000000000000000000000000B93F240000000000BB010000BB010000 "C:\Program Files\CCleaner\CCleaner64.exe"=0x5341435001000000000000000700000028000000D86E860045C4860001000000000000000000030600210000B395E7CF049FCE01000000000000000002000000280000000000000000000000000000000000000000000000000000004F410000000000007D0100007D010000 "D:\NCWest\NCLauncher\NCLauncher.exe"=0x53414350010000000000000007000000280000002077020046D0020001000000000000000000030671220000975FD891C99ECE01000000000000000002000000280000000000000080000040000000000000000000000000000000002337B502000000000500000005000000 "D:\NCWest\NCLauncher\Download\BnS\bin\Client.exe"=0x5341435001000000000000000700000028000000480E6E00EACF6E0001000000000000000000030671200000975FD891C99ECE01000000000000000002000000280000000000000000000000400000000000000000000000000000005A470000000000000100000001000000 "D:\NCWest\NCLauncher\NCLauncherR.exe"=0x534143500100000000000000070000002800000020574000E2EF400001000000000000000000030671220000975FD891C99ECE0100000000000000000500000010000000000000000000000000000000800000000200000028000000000000008000004000000000000000000000000000000000E3520000000000000200000002000000 "D:\Riot Games\League of Legends\lol.launcher.exe"=0x5341435001000000000000000700000028000000B87C010083C1010001000000000000000000010671000000975FD891C99ECE01000000000000000002000000280000000000000080000000000000000000000000000000000000000022A202000000006B0100006B010000 "D:\S4LEAGUE\patcher_s4.exe"=0x534143500100000000000000070000002800000060C84400A11C450001000000000000000000030671220000975FD891C99ECE01000000C000000000020000002800000000000000000000400000000000000000000000000000000094E24100000000004900000049000000 "C:\ProgramData\BlueStacksGameManager\uninstall.exe"=0x5341435001000000000000000700000028000000186E08004451090001000000000000000000030680210000975FD891C99ECE0100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000372B0000000000000200000002000000 "C:\Program Files\Realtek\Audio\HDA\MaxxAudioControl64.exe"=0x534143500100000000000000070000002800000058FE38006072390001000000000000000000030673220000B395E7CF049FCE010000000000000000020000002800000000000000000000000000000000000000000000000000000098350300000000000400000004000000 "C:\Program Files (x86)\ASUS\ASUS Manager\PC Cleanup\UincodeCreateHelper.exe"=0x5341435001000000000000000700000028000000902C0000FA6E0000010000000000000000000206F1020000975FD891C99ECE01000000000000000002000000280000000000000000000000000000000000000000000000000000001F000000000000000100000001000000 "C:\Program Files (x86)\ASUS\ASUS Manager\PC Cleanup\SecureDeleteWindow.exe"=0x53414350010000000000000007000000280000009080100054AB100001000000000000000000030680210000975FD891C99ECE010000000000000000020000002800000000000000000000000000000000000000000000000000000008090000000000000200000002000000 "C:\Program Files (x86)\InstallShield Installation Information\{C3F383C1-D050-4A40-843F-8171A6A02C3A}\setup.exe"=0x5341435001000000000000000700000028000000008613000000000003000000000000000000030600210000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000475F0000000000000100000001000000 "C:\Program Files (x86)\NCWest\NCLauncher\NCLauncher.exe"=0x53414350010000000000000007000000280000002077020046D0020001000000000000000000030671220000975FD891C99ECE01000000000000000002000000280000000000000080000040060000000000000000000000000000004B717900000000000600000006000000 "C:\Windows\SysWOW64\msiexec.exe"=0x534143500100000000000000070000002800000000EA0000FD42010003000000000000000000030600210000975FD891C99ECE010000000000000000 "C:\Program Files\Oracle\VirtualBox\VirtualBox.exe"=0x534143500100000000000000070000002800000060361000ABC0100001000000000000000000030673200000B395E7CF049FCE010000000000000000020000002800000000000000000000000000000000000000000000000000000063F78300000000000900000009000000 "D:\The crew\The Crew (Worldwide)\TheCrewLauncher.exe"=0x5341435001000000000000000700000028000000982E0700476C070001000000000000000000030671220000975FD891C99ECE0100000000000000000200000078000000000000008000000000000000000000000000000000000000A7060000000000000200000001000000000002068000002000000000000000000000000000000000FC050000000000000100000000000000000000008000004000000000000000000000000000000000AD050000000000000100000000000000 "D:\The crew\The Crew (Worldwide)\TheCrew.exe"=0x534143500100000000000000070000002800000098BE620413F6620401000000000000000000030673220000B395E7CF049FCE0100000000000000000200000028000000000000000000000000000000000000000000000000000000008A0000000000000100000001000000 "C:\Users\Julien\AppData\Roaming\Spotify\SpotifyLauncher.exe"=0x534143500100000000000000070000002800000070DE02000A84030001000000000000000000030600210000975FD891C99ECE0100000000000000000200000028000000000000008000000000000000000000000000000000000000E77B0000000000000100000001000000 "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe"=0x5341435001000000000000000700000028000000D8D405000286060001000000000000000000030671220000975FD891C99ECE010000000000000000020000002800000000000000000000400000000000000000000000000000000053030500000000000100000001000000 "C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe"=0x5341435001000000000000000700000028000000D04F180080C9180001000000000000000000030600210000B395E7CF049FCE01000000000000000002000000280000000000000000000000000000000000000000000000000000000E020501000000000800000008000000 "D:\The Sims 4\Game\Bin\TS4.exe"=0x534143500100000000000000070000002800000000C836010000000001000000000000000000030600210000975FD891C99ECE0100000000000000000500000010000000000000000000000000000000000000000200000050000000000000000000000000000000000000000000000000000000847B9F0000000000020000000200000000000000000000400000000000000000000000000000000076AD3800000000000100000000000000 "C:\Program Files (x86)\ASUS\ASUS Manager\ASUS Manager.exe"=0x534143500100000000000000070000002800000018051D009B501D0001000000000000000000030680210000975FD891C99ECE01000000000000000002000000280000000000000000000000000000000000000000000000000000003BB70D00000000000100000001000000 "C:\Program Files (x86)\HiSuite\HWManager.exe"=0x5341435001000000000000000700000028000000C81A040063F6040001000000000000000000030671220000975FD891C99ECE010000000000000000020000002800000000000000000000000000000000000000000000000000000002050000000000000200000002000000 "C:\Users\Julien\Downloads\Yu-Gi-Oh! Legacy of the Duelist\YuGiOh.exe"=0x53414350010000000000000007000000280000000004F1000000000001000000000000000000030673220000B395E7CF049FCE0100000000000000000200000028000000000000000000000000000000000000000000000000000000E10C0000000000000100000001000000 "C:\Users\Julien\Downloads\Yu-Gi-Oh! Legacy of the Duelist\LAUNCHER.exe"=0x5341435001000000000000000700000028000000008C0300F40A040001000000000000000000030671220000975FD891C99ECE0100000000000000000500000010000000000000000000000000000000800000000200000050000000000000008000000010000000000000000000000000000000915B2B0200000000140000000A000000000000008000004010000000000000000000000000000000C00F0000000000000100000000000000 "C:\Program Files (x86)\Notepad++\notepad++.exe"=0x5341435001000000000000000700000028000000B09C22000C3B230001000000000000000000030600210000975FD891C99ECE01000000000000000002000000280000000000000000000000000000000000000000000000000000008A8F5300000000000400000004000000 "C:\Program Files\AutoHotkey\AutoHotkey.exe"=0x5341435001000000000000000700000028000000007412000000000001000000000000000000030600210000B395E7CF049FCE0100000000000000000200000028000000000000000000000000000000000000000000000000000000DE8A1300000000003E0000003E000000 "C:\Program Files (x86)\trend micro\hijackthis.exe"=0x534143500100000000000000070000002800000000EE05000000000001000000000000000000010671000000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000FA0D0000000000000100000001000000 "C:\Program Files (x86)\ASUS\AEGIS\AsToastHelper.exe"=0x5341435001000000000000000700000028000000181D2500EAB4250001000000000000000000030671220000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000F76D4E02000000000A0000000A000000 "C:\Users\Julien\AppData\Roaming\BitTorrent\BitTorrent.exe"=0x5341435001000000000000000700000028000000C8CC2400EDB4250001000000000000000000030600210000975FD891C99ECE0100000000000000000200000050000000000000000000000000000000000000000000000000000000F188B402000000000F0000000A000000000000008000000000000000000000000000000000000000C0A60000000000000100000000000000 "D:\bot\League of Legends\lol.launcher.exe"=0x5341435001000000000000000700000028000000B87C010083C1010001000000000000000000010671000000975FD891C99ECE010000000000000000020000002800000000000000800000000000000000000000000000000000000097941C00000000000200000002000000 "D:\bot\League of Legends\lol.launcher.admin.exe"=0x5341435001000000000000000700000028000000B87C0100DA99010001000000000000000000010671020000975FD891C99ECE01000000000000000002000000280000000000000080000040000000000000000000000000000000006EC00400000000000100000001000000 "C:\Program Files (x86)\HiSuite\HiSuite.exe"=0x5341435001000000000000000700000028000000405F66002EAF660001000000000000000000030671220000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000EB48F501000000000100000001000000 "D:\Hi-Rez Studios\SteamLauncherUI.exe"=0x534143500100000000000000070000002800000098CF360044EF360001000000000000000000030671220000975FD891C99ECE01000000000000000005000000100000000000000000000000000000008000000002000000500000000000000080000040000000000000000000000000000000007CB3010000000000010000000100000000000000800000000000000000000000000000000000000080520100000000000300000000000000 "D:\Hi-Rez Studios\HirezLauncherUI.exe"=0x534143500100000000000000070000002800000098CF360044EF360001000000000000000000030671220000975FD891C99ECE010000000000000000050000001000000000000000000000000000000080000000020000002800000000000000800000000000000000000000000000000000000083036C02000000001000000010000000 "C:\Users\Julien\Downloads\SWProxy-windows-2\SWProxy-windows\SWProxy.exe"=0x53414350010000000000000007000000280000002CA1BA00B972020001000000000000000000030661200000975FD891C99ECE0100000000000000000200000050000000000000000000000000000000000000000000000000000000CF4705000000000003000000020000000000000000000040000000000000000000000000000000002DE40200000000000100000000000000 "C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE"=0x5341435001000000000000000700000028000000C8201E0284681E0201000000000000000000030600210000975FD891C99ECE010000000100000000 "C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\MSOXMLED.EXE"=0x5341435001000000000000000700000028000000C8680300FC99030001000000000000000000030671220000975FD891C99ECE010000000000000000020000002800000000000000000000000000000000000000000000000000000039BF0000000000000100000001000000 "C:\Users\Julien\Downloads\css\CS-Source v34 full game.exe"=0x53414350010000000000000007000000280000006FADCE7E0000000001000000000000000000010600010000975FD891C99ECE010000000000000000020000002800000000000000800000000000000000000000000000000000000094F40600000000000200000002000000 "C:\Users\Julien\Downloads\css\Counter Strike Source v34\play-css-v34.exe"=0x5341435001000000000000000700000028000000077D01000000000001000000000000000000000671020000975FD891C99ECE0100000000000000000200000050000000000000000000000000000002000000000000000000000000E3413300000000000F0000000A00000000000000000000400000000000000000000000000000000053070000000000000100000000000000 "C:\Users\Julien\Downloads\css\update-css34.bat"=0x53414350010000000000000007000000280000000074050047AE050001000000000000000000010500100000B395E7CF049FCE010000000000000000 "C:\Program Files (x86)\Rockstar Games\Social Club\subprocess.exe"=0x5341435001000000000000000700000028000000E0ED0D0097E50E0001000000000000000000030671220000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000BC000000000000000400000004000000 "D:\CLEAN\Grand Theft Auto V\Launcher.exe"=0x534143500100000000000000070000002800000000DA0700C3F8070001000000000000000000030673220000B395E7CF049FCE0100000000000000000200000028000000000000000000000000000000000000000000000000000000B83E3600000000003000000030000000 "D:\Setup GTA\Redist\SC.exe"=0x5341435001000000000000000700000028000000C89F5C03E8535D0301000000000000000000010671000000975FD891C99ECE01000000000000000005000000100000000000000000000000000000000008000002000000280000000000000000080040000200000000000000000000000000005A050100000000000300000003000000 "D:\Setup GTA\Redist\DirectX\DXSETUP.exe"=0x534143500100000000000000070000002800000058E707007433080001000000000000000000010671020000975FD891C99ECE0100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000CEBB0000000000000100000001000000 "C:\Program Files\Rockstar Games\Social Club\uninstallRGSCRedistributable.exe"=0x5341435001000000000000000700000028000000C8000300FE36030003000000000000000000010671000000975FD891C99ECE01000000000000000002000000280000000000000000080000000200000000000000000000000000007D0D0000000000000400000004000000 "C:\Program Files (x86)\Rockstar Games\Social Club\uninstallRGSCRedistributable.exe"=0x5341435001000000000000000700000028000000C8000300FF69030001000000000000000000010671000000975FD891C99ECE01000000000000000005000000100000000000000000000000000000000008000002000000280000000000000000080040000200000000000000000000000000008B030000000000000100000001000000 "C:\Users\Julien\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"=0x5341435001000000000000000700000028000000D0A474012679750101000000000000000000030600210000975FD891C99ECE010000000000000000020000002800000000000000000000000000000000000000000000000000000034DD0600000000000100000001000000 "C:\Program Files (x86)\Skype\Phone\Skype.exe"=0x5341435001000000000000000700000028000000D0AFA801110EA90101000000000000000000030600210000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000840F8A01000000001200000012000000 "C:\Users\Julien\AppData\Local\Hisuite\userdata\hwtools\hdbtransport.exe"=0x5341435001000000000000000700000028000000202FDC008482DC0001000000000000000000030671200000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000EBB6C900000000000200000002000000 "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVDLaunchPolicy.exe"=0x5341435001000000000000000700000028000000D8C30600251D070001000000000000000000010671020000975FD891C99ECE0100000000000000000200000028000000000000008000000000000000000000000000000000000000560D0F00000000000100000001000000 "SIGN.MEDIA=341E3 Setup.exe"=0x534143500100000000000000070000002800000000A001000000000001000000000000000000010671200000975FD891C99ECE01000000000000000002000000280000000000000000080040000000000000000000000000000000002E9B1C00000000000100000001000000 "C:\Program Files (x86)\USB 2.0 PC CAMERA\Camera Capture.exe"=0x534143500100000000000000070000002800000000AC020019F6020001000000000000000000010671200000975FD891C99ECE01000000000000000002000000280000000000000000000000000000000000000000000000000000009C700000000000000200000002000000 "C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe"=0x5341435001000000000000000700000028000000A87E10011277110101000000000000000000030600210000B395E7CF049FCE01000000000000000002000000280000000000000000000000000000000000000000000000000000002A751500000000000300000003000000 "C:\Users\Julien\AppData\Roaming\Twitch\Bin\Twitch.exe"=0x534143500100000000000000070000002800000040EB170040331800010000000000000000000306F1220000975FD891C99ECE010000000000000000020000002800000000000000000000000000000000000000000000000000000056428400000000000300000003000000 "C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe"=0x5341435001000000000000000700000028000000480EF40050FBF40001000000000000000000030600210000975FD891C99ECE010000000000000000020000002800000000000000000000000000000000000000000000000000000091497C00000000000100000001000000 "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"=0x5341435001000000000000000700000028000000F09122002D30230001000000000000000000030600210000975FD891C99ECE010000000000000000020000002800000000000000000000000000000000000000000000000000000028741000000000000200000002000000 "C:\Users\Julien\AppData\Local\New Technology Studio\Apps\OpenIV\OpenIV.exe"=0x534143500100000000000000070000002800000000585D010000000001000000000000000000030600210000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000FD511600000000000100000001000000 "C:\Users\Julien\Downloads\Loader.exe"=0x534143500100000000000000070000002800000000542F000000000001000000000000000000030661220000975FD891C99ECE010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000065472F00000000000300000003000000 "D:\bot\League of Legends\LeagueClient.exe"=0x534143500100000000000000070000002800000080CE340060B7350001000000000000000000030671220000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000C1140000000000000100000001000000 "D:\FORTNITE\Epic Games\Fortnite\FortniteGame\Binaries\Win64\FortniteClient-Win64-Shipping.exe"=0x53414350010000000000000007000000280000009065FE0493BAFE0401000000000000000000030673200000B395E7CF049FCE01000000000000000002000000280000000000000000000000000000000000000000000000000000008F310000000000000100000001000000 "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"=0x53414350010000000000000007000000280000005841180027EA180001000000000000000000030600210000B395E7CF049FCE010000000100000000 "C:\Users\Julien\AppData\Local\TeamSpeak 3 Client\ts3client_win64.exe"=0x534143500100000000000000070000002800000098E8E3001C32E40001000000000000000000030673220000B395E7CF049FCE0100000000000000000200000028000000000000000000004000000000000000000000000000000000BD470200000000000200000002000000 "C:\ProgramData\NVIDIA Corporation\Downloader\9ea5f785c6c51bd4074453f93cd9d725\GeForce_Experience_Update_v3.13.1.30_Official_8540CC.exe"=0x534143500100000000000000070000002800000050A66F0510EF6F0501000000000000000000020600010000975FD891C99ECE01000000800000000002000000500000000000000020000000000000000000000000000000000000007F996D000000000003000000020000000000000000000040000000000000000000000000000000005EA42100000000000100000000000000 "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe"=0x534143500100000000000000070000002800000048741D0071A11D0001000000000000000000030600210000975FD891C99ECE010000000000000000020000002800000000000000000000000000000000000000000000000000000023020000000000000100000001000000 "C:\Users\Julien\AppData\Roaming\Spotify\Spotify.exe"=0x5341435001000000000000000700000028000000909F5601B2B4560101000000000000000000030600210000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000A2A61503000000000C0000000C000000 "C:\Users\Julien\Downloads\GeForce_Experience_v3.13.1.30.exe"=0x5341435001000000000000000700000028000000C0B46D056A276E0501000000000000000000020600010000975FD891C99ECE010000000000000000020000002800000000000000000000400000000000000000000000000000000072AD0100000000000100000001000000 "C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe"=0x5341435001000000000000000700000028000000C0E70E0024690F0001000000000000000000030671200000975FD891C99ECE01000000000000000002000000280000000000000080000000000000000000000000000000000000004F340000000000000100000001000000 "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe"=0x534143500100000000000000070000002800000090971F005A81200001000000000000000000030600210000975FD891C99ECE01000000000000000002000000280000000000000020000060000000000000000000000000000000005DD80700000000000100000001000000 "C:\Program Files (x86)\BlueStacks\HD-RunApp.exe"=0x534143500100000000000000070000002800000020B805001BD80500010000000000000000000306F5220000B395E7CF049FCE0100000000000000000200000028000000000000000000000000000000000000000000000000000000D3ACB000000000000F0000000F000000 "D:\nnc\BlueStacks\Client\Bluestacks.exe"=0x534143500100000000000000070000002800000020E2180037951900010000000000000000000306F1220000975FD891C99ECE010000000000000000020000002800000000000000000000000000000000000000000000000000000039D27601000000000600000006000000 "D:\Riot Games\League of Legends\LeagueClient.exe"=0x5341435001000000000000000700000028000000801035007D32350001000000000000000000030671220000975FD891C99ECE010000000000000000020000002800000000000000000000000000000000000000000000000000000094CD1D00000000000B0000000B000000 "D:\Steam\Steam.exe"=0x534143500100000000000000070000002800000020D33000D03F310001000000000000000000030600210000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000855B0F00000000000500000005000000 "D:\FORTNITE\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.exe"=0x534143500100000000000000070000002800000090812E0077B32E0001000000000000000000030671220000975FD891C99ECE01000000000000000002000000280000000000000080000000000000000000000000000000000000005C3C0401000000000B0000000B000000 "C:\Users\Julien\Downloads\ZHPDiag3.exe"=0x534143500100000000000000070000002800000080DB2E00C1702F0001000000000000000000030600210000975FD891C99ECE010000000000000000020000002800000000000000000000400000000000000000000000000000000042C50700000000000100000001000000 "C:\Users\Julien\Downloads\ZHPCleaner.exe"=0x534143500100000000000000070000002800000080D12F00A057300001000000000000000000030600210000975FD891C99ECE01000000000000000002000000280000000000000000000040000000000000000000000000000000003DBC0300000000000100000001000000 "C:\Users\Julien\Downloads\adwcleaner_7.1.0.0.exe"=0x5341435001000000000000000700000028000000D0B86E0043DB6E0001000000000000000000030600210000975FD891C99ECE0100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000A0800200000000000100000001000000 "C:\Users\Julien\Desktop\AdsFix.exe"=0x5341435001000000000000000700000028000000A8855B00BB8B5B0001000000000000000000030600210000975FD891C99ECE010000000000000000020000002800000000000000000000400000000000000000000000000000000099BC4F00000000000200000002000000 "C:\Users\Julien\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"=0x5341435001000000000000000700000028000000A09085011B81860101000000000000000000030600210000975FD891C99ECE010000000000000000020000002800000000000000000000000000000000000000000000000000000079050100000000000100000001000000 "C:\Users\Julien\Downloads\mb3-setup-consumer-3.4.5.2467-1.0.342-1.0.4826.exe"=0x5341435001000000000000000700000028000000E8CD6104431F620401000000000000000000030600210000975FD891C99ECE01000000000000000002000000280000000000000000000040000000000000000000000000000000005A710600000000000100000001000000 "C:\Users\Julien\Downloads\QuickDiag.exe"=0x5341435001000000000000000700000028000000A8F13C009E693D0001000000000000000000030600210000975FD891C99ECE0100000000000000000200000028000000000000000000004000000000000000000000000000000000250F1000000000000100000001000000 "C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe"=0x5341435001000000000000000700000028000000B0B48200D0C2820001000000000000000000030600210000B395E7CF049FCE010000000000000000020000002800000000000000000000000000000000000000000000000000000091290000000000000100000001000000 "C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE"=0x5341435001000000000000000700000028000000B0681C0054B91C0001000000000000000000030600210000975FD891C99ECE010000000100000000 "C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE"=0x5341435001000000000000000700000028000000B09A1D00CC131E0001000000000000000000030600210000975FD891C99ECE010000000100000000 ---------- | IFEO ---------- | Mountpoints2 [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{10cf342b-ae5f-11e6-82e2-6c71d9f91a9e}] : "E:\HiSuiteDownLoader.exe" (AutoRun) [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{47ab5576-ba15-11e7-83b2-6c71d9f91a9e}] : "E:\HiSuiteDownLoader.exe" (AutoRun) [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{53c7d023-bc76-11e6-82fc-6c71d9f91a9e}] : "E:\HiSuiteDownLoader.exe" (AutoRun) [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{72346fa4-3255-11e7-8366-6c71d9f91a9e}] : "E:\HiSuiteDownLoader.exe" (AutoRun) [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{806a33f2-0adb-11e7-8355-6c71d9f91a9e}] : "E:\HiSuiteDownLoader.exe" (AutoRun) [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{f134870a-e2f8-11e6-832c-6c71d9f91a9e}] : "E:\HiSuiteDownLoader.exe" (AutoRun) ---------- | Windows [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] "DoubleClickSpeed"=#USR:Control Panel\Mouse "PowerOffActive"=#USR:Control Panel\Desktop "DragFullWindows"=USR:Control Panel\Desktop ""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows "Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "DoubleClickHeight"=#USR:Control Panel\Mouse "MouseSpeed"=#USR:Control Panel\Mouse "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "MouseThreshold2"=#USR:Control Panel\Mouse "SwapMouseButtons"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "CoolSwitch"=USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "DoubleClickWidth"=#USR:Control Panel\Mouse "SnapToDefaultButton"=#USR:Control Panel\Mouse "Beep"=#USR:Control Panel\Sound "ScreenSaveActive"=#USR:Control Panel\Desktop "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "PowerOffTimeOut"=#USR:Control Panel\Desktop "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon "SCRNSAVE.EXE"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "ScreenSaverActive"=USR:Control Panel\Desktop [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] "DoubleClickSpeed"=#USR:Control Panel\Mouse "PowerOffActive"=#USR:Control Panel\Desktop "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "DoubleClickHeight"=#USR:Control Panel\Mouse "MouseSpeed"=#USR:Control Panel\Mouse "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "MouseThreshold2"=#USR:Control Panel\Mouse "SwapMouseButtons"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "CoolSwitch"=USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "DoubleClickWidth"=#USR:Control Panel\Mouse "SnapToDefaultButton"=#USR:Control Panel\Mouse "Beep"=#USR:Control Panel\Sound "ScreenSaveActive"=#USR:Control Panel\Desktop "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "PowerOffTimeOut"=#USR:Control Panel\Desktop "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon "SCRNSAVE.EXE"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "ScreenSaverActive"=USR:Control Panel\Desktop [HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems] "windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ---------- | Security center [HKLM\SOFTWARE\Microsoft\Security Center] "cval"=1 [HKLM\SOFTWARE\Microsoft\Security Center\svc] "VistaSp1"=130216565553372332 "AntiVirusOverride"=0 "AntiSpywareOverride"=0 "FirewallOverride"=0 [HKLM\SOFTWARE\Microsoft\Windows Defender] "ProductIcon"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-100 "RemediationExe"=%ProgramFiles%\Windows Defender\MSASCui.exe "ProductLocalizedName"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-1000 "DisableAntiSpyware"=1 "ProductType"=2 "ProductStatus"=0 "InstallTime"=0x5832D03E56CDCF01 "DisableAntiVirus"=1 "ProductAppDataPath"=C:\ProgramData\Microsoft\Windows Defender [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall"=1 ---------- | Safeboot [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicDisplay.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicRender.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BrokerInfrastructure] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DeviceInstall] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dxgkrnl.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FsDepends.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LSM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SystemEventsBroker] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicDisplay.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicRender.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BrokerInfrastructure] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DeviceInstall] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dxgkrnl.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\FsDepends.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LSM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmartcardSimulator] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SystemEventsBroker] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VirtualSmartcardReader] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wcmsvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] ---------- | Winsock (Whitelist) ---------- | Hosts ---------- | Ping Envoi d'une requ?te 'ping' sur google.com [172.217.18.238] avec 32 octets de donn?es?: R?ponse de 172.217.18.238?: octets=32 temps=45 ms TTL=55 R?ponse de 172.217.18.238?: octets=32 temps=21 ms TTL=55 R?ponse de 172.217.18.238?: octets=32 temps=60 ms TTL=55 R?ponse de 172.217.18.238?: octets=32 temps=18 ms TTL=55 Statistiques Ping pour 172.217.18.238: Paquets?: envoy?s = 4, re?us = 4, perdus = 0 (perte 0%), Dur?e approximative des boucles en millisecondes : Minimum = 18ms, Maximum = 60ms, Moyenne = 36ms ---------- | @ [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Microsoft\Internet Explorer\Main] "Anchor Underline"=yes "Cache_Update_Frequency"=Once_Per_Session "Display Inline Images"=yes "Do404Search"=0x01000000 "Local Page"=C:\Windows\system32\blank.htm "Save_Session_History_On_Exit"=no "Show_FullURL"=no "Show_StatusBar"=yes "Show_ToolBar"=yes "Show_URLinStatusBar"=yes "Show_URLToolBar"=yes "Use_DlgBox_Colors"=yes "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "XMLHTTP"=1 "NoUpdateCheck"=0 "Disable Script Debugger"=yes "DisableScriptDebuggerIE"=yes "UseClearType"=no "Enable Browser Extensions"=yes "Play_Background_Sounds"=yes "Play_Animations"=yes "DisableFirstRunCustomize"=3 "OperationalData"=13 "CompatibilityFlags"=0 "FullScreen"=no "Window_Placement"=0x2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF401000008010000A4060000A3030000 "ImageStoreRandomFolder"=ksovwe0 "IE10RunOncePerInstallCompleted"=1 "IE10RunOnceCompletionTime"=0xC2E59A6FD5C8D301 "DownloadWindowPlacement"=0x2C0000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF50020000F0000000D0040000D0020000 "Start Page_TIMESTAMP"=0x945EC7A3F475D301 "SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy"=0x01000000220000008EBE7C1D716F8C7542DE944728DF0D7D81E596CDC3AD0767D128C554EC4A3B415C7602000000100000004F507647356425326276535449253364 "Start Page"=http://asus13.msn.com/?pc=ASJB "SearchBandRestoreBarCount"=0 "SearchBandMigrationVersion"=1 [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Microsoft\Windows\CurrentVersion\Internet settings] "User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32) "IE5_UA_Backup_Flag"=5.0 "ZonesSecurityUpgrade"=0x67494C8E0ACED101 "EmailName"=User@ "AutoConfigProxy"=wininet.dll "MimeExclusionListForCache"=multipart/mixed multipart/x-mixed-replace multipart/x-byteranges "WarnOnPost"=0x01000000 "UseSchannelDirectly"=0x01000000 "EnableHttp1_1"=1 "UrlEncoding"=0 "SecureProtocols"=2688 "PrivacyAdvanced"=0 "DisableCachingOfSSLPages"=0 "WarnonZoneCrossing"=0 "CertificateRevocation"=1 "EnableNegotiate"=1 "MigrateProxy"=1 "ProxyEnable"=0 "ProxyHttp1.1"=1 "ProxyOverride"=*.local "WarNonBadCertReceving"=1 "WarNonHTTPSToHTTPRedirect"=1 [HKLM\Software\Microsoft\Internet Explorer\Main] "AutoHide"=yes "Security Risk Page"=about:SecurityRisk "Extensions Off Page"=about:NoAdd-ons "Anchor_Visitation_Horizon"=0x01000000 "Cache_Percent_of_Disk"=0x0A000000 "Placeholder_Width"=0x1A000000 "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE "Placeholder_Height"=0x1A000000 "Default_Secondary_Page_URL"= "Use_Async_DNS"=yes "Local Page"=C:\Windows\System32\blank.htm "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "TabProcGrowth"=Medium "DoNotTrack"=1 "Start Page"=https://www.google.com/ [HKLM\Software\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "InPrivate"=res://ieframe.dll/inprivate.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "Home"=270 "PostNotCached"=res://ieframe.dll/repost.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm "Compat"=res://mshtml.dll/compat.htm [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes] "mosaic"=http:// "www"=http:// "home"=http:// "ftp"=ftp:// [HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings] "CodeBaseSearchPath"=CODEBASE "EnablePunycode"=1 "WarnOnIntranet"=1 "MinorVersion"=0 "ActiveXCache"=C:\Windows\Downloaded Program Files [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Main] "AutoHide"=yes "Security Risk Page"=about:SecurityRisk "Extensions Off Page"=about:NoAdd-ons "Anchor_Visitation_Horizon"=0x01000000 "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "Cache_Percent_of_Disk"=0x0A000000 "Placeholder_Width"=0x1A000000 "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE "Placeholder_Height"=0x1A000000 "Default_Secondary_Page_URL"= "Use_Async_DNS"=yes "Local Page"=C:\Windows\System32\blank.htm "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "TabProcGrowth"=Medium "DoNotTrack"=1 "Start Page"=https://www.google.com/ [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "InPrivate"=res://ieframe.dll/inprivate.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "Home"=270 "PostNotCached"=res://ieframe.dll/repost.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm "Compat"=res://mshtml.dll/compat.htm [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes] "mosaic"=http:// "www"=http:// "home"=http:// "ftp"=ftp:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet settings] "CodeBaseSearchPath"=CODEBASE "WarnOnIntranet"=1 "EnablePunycode"=1 "MinorVersion"=0 "ActiveXCache"=C:\Windows\Downloaded Program Files ---------- | Proxy ---------- | reparsepoint ---------- | Detection of offsets ---------- | Notify ---------- | Execution FileExts [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2] "Application"=wmplayer.exe [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp] "Application"=wmplayer.exe [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2] "Application"=wmplayer.exe [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp] "Application"=wmplayer.exe [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amv] "Application"=wmplayer.exe [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apk] "Progid"=.apkHisuite [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ASF] "Application"=wmplayer.exe [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi] "Application"=wmplayer.exe [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bdmv] "Application"=wmplayer.exe [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.divx] "Application"=wmplayer.exe [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dv] "Application"=wmplayer.exe [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.evo] "Application"=wmplayer.exe [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.f4v] "Application"=wmplayer.exe [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flv] "Application"=wmplayer.exe [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdmov] "Application"=wmplayer.exe [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ifo] "Application"=wmplayer.exe [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M1V] "Application"=wmplayer.exe [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2p] "Application"=wmplayer.exe [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2t] "Application"=wmplayer.exe [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2ts] "Application"=wmplayer.exe [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V] "Application"=wmplayer.exe [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v] "Application"=wmplayer.exe [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mkv] "Application"=wmplayer.exe [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov] "Application"=wmplayer.exe [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MP2V] "Application"=wmplayer.exe [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4] "Application"=wmplayer.exe [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MPE] "Application"=wmplayer.exe [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg] "Application"=wmplayer.exe [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg] "Application"=wmplayer.exe [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpls] "Application"=wmplayer.exe [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2] "Application"=wmplayer.exe [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv4] "Application"=wmplayer.exe [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mts] "Application"=wmplayer.exe [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mxf] "Application"=wmplayer.exe [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogm] "Application"=wmplayer.exe [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogv] "Application"=wmplayer.exe [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ram] "Application"=wmplayer.exe [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rec] "Application"=wmplayer.exe [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rm] "Application"=wmplayer.exe [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmvb] "Application"=wmplayer.exe [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tp] "Application"=wmplayer.exe [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tps] "Application"=wmplayer.exe [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.trp] "Application"=wmplayer.exe [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TS] "Application"=wmplayer.exe [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vob] "Application"=wmplayer.exe [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webm] "Application"=wmplayer.exe [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv] "Application"=wmplayer.exe ---------- | SIOI | SEH | URLSH [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending)] - {056D528D-CE28-4194-9BA3-BA2E9197FF8C} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced)] - {05B38830-F4E9-4329-978B-1DD28605D202} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing)] - {0596C850-7BDD-4C9D-AFDF-873BE6890637} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {7AFDFDDB-F914-11E4-8377-6C3BE50D980C} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\!AsusWSShellExt_B] - {6D4133E5-0742-4ADC-8A8C-9303440F7191} -- C:\Program Files (x86)\Common Files\AWS\2.0.3.226\ASUSWSShellExt64.dll [26/06/2013 05:26:22] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\!AsusWSShellExt_O] - {64174815-8D98-4CE6-8646-4C039977D809} -- C:\Program Files (x86)\Common Files\AWS\2.0.3.226\ASUSWSShellExt64.dll [26/06/2013 05:26:22] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\!AsusWSShellExt_U] - {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} -- C:\Program Files (x86)\Common Files\AWS\2.0.3.226\ASUSWSShellExt64.dll [26/06/2013 05:26:22] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} -- C:\Windows\System32\EhStorShell.dll [24/06/2016 14:25:12] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShareOverlay] - {594D4122-1F87-41E2-96C7-825FB4796516} -- C:\Program Files\Classic Shell\ClassicExplorer64.dll [18/01/2014 18:12:02] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending)] - {056D528D-CE28-4194-9BA3-BA2E9197FF8C} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced)] - {05B38830-F4E9-4329-978B-1DD28605D202} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing)] - {0596C850-7BDD-4C9D-AFDF-873BE6890637} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {7AFDFDDB-F914-11E4-8377-6C3BE50D980C} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShareOverlay] - {594D4122-1F87-41E2-96C7-825FB4796516} -- C:\Program Files\Classic Shell\ClassicExplorer32.dll [18/01/2014 18:11:54] [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks] "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"= ---------- | Toolbar [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "Locked"=0 "ShowDiscussionButton"=Yes [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser] "ITBar7Layout"=0x13000000000000000000000020000000100000001500000001000000800600005E010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "KnownProvidersUpgradeTime"=0xDE4E370576D2D301 "Version"=4 "UpgradeTime"=0x43D3F60676D2D301 "DefaultPackCorrection"=1 "DefaultPackNTCorrection"=1 [HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "Locked"=0 "{553891B7-A0D5-4526-BE18-D3CE461D6310}"= "{1DAC0C53-7D23-4AB3-856A-B04D98CD982A}"=0 [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Toolbar] "Locked"=0 "{553891B7-A0D5-4526-BE18-D3CE461D6310}"= "{1DAC0C53-7D23-4AB3-856A-B04D98CD982A}"=0 ---------- | Extensions [HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}] : (Se&nd to OneNote) - [] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] : (Lync Click to Call) - [] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{56753E59-AF1D-4FBA-9E15-31557124ADA2}] : (Classic IE Settings) - [] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}] : (OneNote Lin&ked Notes) - [] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{56753E59-AF1D-4FBA-9E15-31557124ADA2}] : (Classic IE Settings) - [] ---------- | SearchScopes [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=ASJB : [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}] - () - : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - () - : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=ASJB : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - () - : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}] - (Bing) - http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=ASJB : ---------- | Browser Helper Objects [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1DAC0C53-7D23-4AB3-856A-B04D98CD982A}] -> (Bitdefender Wallet) : C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [04/12/2016 14:20:45] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] -> () : [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{449D0D6E-2412-4E61-B68F-1CB625CD9E52}] -> (ExplorerBHO Class) : C:\Program Files\Classic Shell\ClassicExplorer32.dll [18/01/2014 18:11:54] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA801577-E6AD-4BD5-8F71-4BE0154331A4}] -> (ClassicIEBHO Class) : C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [18/01/2014 18:11:56] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1DAC0C53-7D23-4AB3-856A-B04D98CD982A}] -> (Bitdefender Wallet) : C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [04/12/2016 14:20:45] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{449D0D6E-2412-4E61-B68F-1CB625CD9E52}] -> (ExplorerBHO Class) : C:\Program Files\Classic Shell\ClassicExplorer32.dll [18/01/2014 18:11:54] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] -> (Java(tm) Plug-In SSV Helper) : C:\Program Files (x86)\Java\jre1.8.0_171\bin\ssv.dll [20/04/2018 16:36:11] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] -> (Java(tm) Plug-In 2 SSV Helper) : C:\Program Files (x86)\Java\jre1.8.0_171\bin\jp2ssv.dll [20/04/2018 16:36:11] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA801577-E6AD-4BD5-8F71-4BE0154331A4}] -> (ClassicIEBHO Class) : C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [18/01/2014 18:11:56] ---------- | Chrome C:\Users\Julien\AppData\Local\Google\Chrome\User Data\Default\extensions\aapocclcgogkmnckokdopfmhonfmgoek = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\Julien\AppData\Local\Google\Chrome\User Data\Default\extensions\aohghmighlieiainnegkcijnfilokake = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\Julien\AppData\Local\Google\Chrome\User Data\Default\extensions\apdfllckaahabafndbhieahigkjlhalf = : Google & co - https://drive.google.com/?usp=chrome_app - Google & co - [http://docs.google.com/http://drive.google.com/https://docs.google.com/https://drive.google.com/] - https://clients2.google.com/service/update2/crx C:\Users\Julien\AppData\Local\Google\Chrome\User Data\Default\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo = : Google & co - http://www.youtube.com - http://www.youtube.com - Google & co - http://clients2.google.com/service/update2/crx C:\Users\Julien\AppData\Local\Google\Chrome\User Data\Default\extensions\efaidnbmnnnibpcajpcglclefindmkaj = : __MSG_web2pdfExtnDescription__ - __MSG_web2pdfExtnName__ - https://clients2.google.com/service/update2/crx C:\Users\Julien\AppData\Local\Google\Chrome\User Data\Default\extensions\fabcmochhfpldjekobfaaggijgohadih = : Automatically fills your logins online while keeping them completely secured. - Bitdefender Wallet - http://clients2.google.com/service/update2/crx C:\Users\Julien\AppData\Local\Google\Chrome\User Data\Default\extensions\felcaaldnbdncclmgdcncolpebgiejap = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\Julien\AppData\Local\Google\Chrome\User Data\Default\extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi = : __MSG_extDesc__ - __MSG_extName__ - https://clients2.google.com/service/update2/crx C:\Users\Julien\AppData\Local\Google\Chrome\User Data\Default\extensions\mlomiejdfkolichcflejclcbmpeaniij = : __MSG_short_description__ - version_name: 8.1.2 - https://clients2.google.com/service/update2/crx C:\Users\Julien\AppData\Local\Google\Chrome\User Data\Default\extensions\nmmhkkegccagdldgiimedpiccmgmieda = : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx C:\Users\Julien\AppData\Local\Google\Chrome\User Data\Default\extensions\oofnbdifeelbaidfgpikinijekkjcicg = : __MSG_description__ - short_name: __MSG_short_name__ - permissions:[contextMenusprivacystoragetabsunlimitedStoragewebNavigationwebRequestwebRequestBlocking\u003Call_urls>] - https://clients2.google.com/service/update2/crx C:\Users\Julien\AppData\Local\Google\Chrome\User Data\Default\extensions\pjkljhegncpnkpknbcohdijeoejaedia = : Google & co - https://mail.google.com/mail/ca - Google & co - [*://mail.google.com/mail/ca] - http://clients2.google.com/service/update2/crx C:\Users\Julien\AppData\Local\Google\Chrome\User Data\Default\extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm = : Provider for discovery and services for mirroring of Chrome Media Router - Chrome Media Router - 919648714761-55j965o0km033psv3i9qls5mo3qtdrb0.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx [HKLM\Software\WOW6432Node\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj] [HKLM\Software\WOW6432Node\Google\Chrome\Extensions\fabcmochhfpldjekobfaaggijgohadih] ---------- | Opera ---------- | Firefox [HKLM\Software\mozilla\Firefox\Extensions] "bdwteffv19@bitdefender.com"=C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff\ [HKLM\Software\WOW6432Node\mozilla\Firefox\Extensions] "bdwteffv19@bitdefender.com"=C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff\ [HKLM\Software\WOW6432Node\MozillaPlugins\@adobe.com/FlashPlayer] - (Adobe® Flash® Player 10.1 Plugin) : C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5] - (Intel IPT WebApi plugin) : C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater] - (This plugin updates Intel WebAPI component) : C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.171.2] - (Java™ Deployment Toolkit) : C:\Program Files (x86)\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.171.2] - (Oracle® Next Generation Java™ Plug-In) : C:\Program Files (x86)\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0] - (Microsoft SharePoint Plug-in for Firefox) : C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3522.0110] - (WLPG Install MIME type) : C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@nvidia.com/3DVision] - (NVIDIA stereo images plugin for Mozilla browsers) : C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming] - (NVIDIA 3D Vision Streaming plugin for Mozilla browsers) : C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [HKLM\Software\WOW6432Node\MozillaPlugins\Adobe Reader] - (Handles PDFs in-place in Firefox) : C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll ---------- | DNS [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters] "DhcpNameServer"=192.168.1.254 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{8F1B45FD-0F40-4C90-8BF6-1B85EE636F36}] "DhcpNameServer"=192.168.1.254 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{8F1B45FD-0F40-4C90-8BF6-1B85EE636F36}] "DhcpNameServer"=192.168.1.254 ---------- | Applications [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\SOFTWARE\Classes\Applications\BitTorrent.exe] : "%APPDATA%\BitTorrent\BitTorrent.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\iexplore.exe" %1 [HKLM\SOFTWARE\Classes\Applications\MovieMaker.exe] : "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\MSOXMLED.EXE] : "C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE" "%1" [HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1 [HKLM\SOFTWARE\Classes\Applications\WLXPhotoViewer.dll] : "C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe" /LaunchPhotoViewer /v "%1" [HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\iexplore.exe" %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\MovieMaker.exe] : "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\MSOXMLED.EXE] : "C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\WLXPhotoViewer.dll] : "C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe" /LaunchPhotoViewer /v "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" ---------- | SvcHost (Whitelist) [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost] "DcomLaunch"=Power LSM BrokerInfrastructure PlugPlay DcomLaunch DeviceInstall SystemEventsBroker "regsvc"=RemoteRegistry [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost] "DcomLaunch"=PlugPlay DcomLaunch DeviceInstall ---------- | SvcHost - Netsvcs (Whitelist) ---------- | Software [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Adobe] [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\AppDataLow] [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Apple Computer, Inc.] [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Apple Inc.] [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\ASUS] [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Bitdefender] [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\BitTorrent] [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\BugSplat] [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Burda] [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Camfrog] [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Chromium] [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Clients] [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\CyberLink] [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\ECAREME] [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Electronic Arts] [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\ENMASSE] [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Epic Games] [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Facepunch Studios LTD] [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\g3n-h@ckm@n] [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Google] [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Haali] [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\IM Providers] [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Image-Line] [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\INCAInternet] [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\IvoSoft] [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\JavaSoft] [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\LAV] [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Logitech] [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\LumaEmu] [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Macromedia] [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Malwarebytes] [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Microsoft] [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Mojang] [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\MPC-HC] [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\MurGee.com] [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\MyComGames] [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Netscape] [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\NewTechnologyStudio] [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\NTSCorp] [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\NVIDIA Corporation] [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\ODBC] [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Oracle] [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Piriform] [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Policies] [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Prius] [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\ProtectedStorage] [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\QtProject] [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Realtek] [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\RegisteredApplications] [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\SimonTatham] [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Skype] [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\skypeapp-9948dff7f395] [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\SoftVoice] [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Spotify] [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\sysinternals] [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\TCP Optimizer] [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\TeamSpeak 3 Client] [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Trolltech] [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Ubisoft] [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Valve] [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Waves Audio] [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\WinRAR] [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\WinRAR SFX] [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Wow6432Node] [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\ZHP] [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\SOFTWARE\AppDataLow\Software\Microsoft] [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Microsoft\Windows\CurrentVersion] [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Microsoft\Windows\DWM] [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Microsoft\Windows\Roaming] [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Microsoft\Windows\Shell] [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Microsoft\Windows\ShellNoRoam] [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Microsoft\Windows\TabletPC] [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Microsoft\Windows\Windows Error Reporting] [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\AdsFix] [HKLM\Software\AGEIA Technologies] [HKLM\Software\Apple Computer, Inc.] [HKLM\Software\Apple Inc.] [HKLM\Software\AutoHotkey] [HKLM\Software\AVC3] [HKLM\Software\BitDefender] [HKLM\Software\Bitdefender Migrate] [HKLM\Software\BlueStacks] [HKLM\Software\Clients] [HKLM\Software\CyberLink] [HKLM\Software\Dolby] [HKLM\Software\DTS] [HKLM\Software\ECAREME] [HKLM\Software\Fortemedia] [HKLM\Software\g3n-h@ckm@n] [HKLM\Software\Google] [HKLM\Software\HaaliMkx] [HKLM\Software\Huawei technologies] [HKLM\Software\IM Providers] [HKLM\Software\Image-Line] [HKLM\Software\Intel] [HKLM\Software\IvoSoft] [HKLM\Software\Khronos] [HKLM\Software\Knowles] [HKLM\Software\Macromedia] [HKLM\Software\McAfee] [HKLM\Software\Microsoft] [HKLM\Software\Mozilla] [HKLM\Software\MozillaPlugins] [HKLM\Software\Nuance] [HKLM\Software\NVIDIA Corporation] [HKLM\Software\ODBC] [HKLM\Software\Oracle] [HKLM\Software\PDR_Upgrade] [HKLM\Software\Piriform] [HKLM\Software\Plantronics] [HKLM\Software\Policies] [HKLM\Software\Propellerhead Software] [HKLM\Software\Realtek] [HKLM\Software\RegisteredApplications] [HKLM\Software\RTLSetup] [HKLM\Software\SonicFocus] [HKLM\Software\SRS Labs] [HKLM\Software\sysinternals] [HKLM\Software\Waves Audio] [HKLM\Software\Wow6432Node] [HKLM\Software\Xiph.Org] [HKLM\Software\Microsoft\Windows\CurrentVersion] [HKLM\Software\Microsoft\Windows\HTML Help] [HKLM\Software\Microsoft\Windows\ITStorage] [HKLM\Software\Microsoft\Windows\ScheduledDiagnostics] [HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\Microsoft\Windows\Shell] [HKLM\Software\Microsoft\Windows\Tablet PC] [HKLM\Software\Microsoft\Windows\TabletPC] [HKLM\Software\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\Microsoft\Windows\Windows Search] [HKLM\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ICService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\print] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wcssvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\WepHostSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wsappx] [HKLM\Software\WOW6432Node\Adobe] [HKLM\Software\WOW6432Node\AGEIA Technologies] [HKLM\Software\WOW6432Node\Apple Inc.] [HKLM\Software\WOW6432Node\ASUS] [HKLM\Software\WOW6432Node\Bitdefender] [HKLM\Software\WOW6432Node\BlueStacks] [HKLM\Software\WOW6432Node\BlueStacksGameManager] [HKLM\Software\WOW6432Node\BlueStacksGP] [HKLM\Software\WOW6432Node\BoL] [HKLM\Software\WOW6432Node\CyberLink] [HKLM\Software\WOW6432Node\DigitalWave] [HKLM\Software\WOW6432Node\DuoDianOnline] [HKLM\Software\WOW6432Node\EasyAntiCheat] [HKLM\Software\WOW6432Node\ECAREME] [HKLM\Software\WOW6432Node\Electronic Arts] [HKLM\Software\WOW6432Node\Epic Games] [HKLM\Software\WOW6432Node\EpicGames] [HKLM\Software\WOW6432Node\Google] [HKLM\Software\WOW6432Node\HaaliMkx] [HKLM\Software\WOW6432Node\Hi-Rez Studios] [HKLM\Software\WOW6432Node\HiRez Studios] [HKLM\Software\WOW6432Node\IM Providers] [HKLM\Software\WOW6432Node\Image-Line] [HKLM\Software\WOW6432Node\Intel] [HKLM\Software\WOW6432Node\JavaSoft] [HKLM\Software\WOW6432Node\JreMetrics] [HKLM\Software\WOW6432Node\KasperskyLab] [HKLM\Software\WOW6432Node\Khronos] [HKLM\Software\WOW6432Node\Lake] [HKLM\Software\WOW6432Node\Macromedia] [HKLM\Software\WOW6432Node\MAGIX] [HKLM\Software\WOW6432Node\Maxis] [HKLM\Software\WOW6432Node\McAfee] [HKLM\Software\WOW6432Node\Microsoft] [HKLM\Software\WOW6432Node\Mojang] [HKLM\Software\WOW6432Node\Mozilla] [HKLM\Software\WOW6432Node\MozillaPlugins] [HKLM\Software\WOW6432Node\NCWest] [HKLM\Software\WOW6432Node\Notepad++] [HKLM\Software\WOW6432Node\Nuance] [HKLM\Software\WOW6432Node\NVIDIA Corporation] [HKLM\Software\WOW6432Node\ODBC] [HKLM\Software\WOW6432Node\Oracle] [HKLM\Software\WOW6432Node\Origin] [HKLM\Software\WOW6432Node\Origin Games] [HKLM\Software\WOW6432Node\Propellerhead Software] [HKLM\Software\WOW6432Node\Realtek] [HKLM\Software\WOW6432Node\Realtek Semiconductor Corp.] [HKLM\Software\WOW6432Node\Riot Games] [HKLM\Software\WOW6432Node\Rockstar Games] [HKLM\Software\WOW6432Node\Skype] [HKLM\Software\WOW6432Node\SyncIntegrationClients] [HKLM\Software\WOW6432Node\TrendMicro] [HKLM\Software\WOW6432Node\Ubisoft] [HKLM\Software\WOW6432Node\USB 2.0 PC CAMERA] [HKLM\Software\WOW6432Node\Valve] [HKLM\Software\WOW6432Node\WinRAR] [HKLM\Software\WOW6432Node\Xiph.Org] [HKLM\Software\WOW6432Node\Clients] [HKLM\Software\WOW6432Node\Policies] [HKLM\Software\WOW6432Node\RegisteredApplications] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows\HTML Help] [HKLM\Software\WOW6432Node\Microsoft\Windows\ITStorage] [HKLM\Software\WOW6432Node\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\WOW6432Node\Microsoft\Windows\Tablet PC] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Search] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\wcssvc] ---------- | Drives D: ---------- | C: [24/06/2016 14:48:24] - |HD| - [268218] - C:\$GetCurrent [21/04/2018 16:06:19] - |SHD| - [486438648] - C:\$RECYCLE.BIN [26/06/2016 09:16:00] - |D| - [75978] - C:\$SysReset [26/06/2016 10:37:32] - |HD| - [857612] - C:\$WINDOWS.~BT [29/03/2018 17:20:13] - |SHD| - [234] - C:\82ace7d6-0197-474d-bf4b-a2043e72329b [21/04/2018 14:35:12] - |D| - [257979437] - C:\AdsFix [MD5.F2A1B8107C72C110B3CCAF330C672948] - [21/04/2018 14:39:43] - |A| - (.-.) - [16228] - (0.0.0.0) - C:\AdsFix_21_04_2018_16_04_53.txt [26/06/2016 10:42:35] - |D| - [2569303] - C:\AdwCleaner [MD5.2F3C669DA013CC7FF44F8C2FC58AD4B2] - [15/09/2016 21:42:28] - |A| - (.-.) - [2413] - (0.0.0.0) - C:\app_updater.log [05/06/2014 20:38:22] - |D| - [4458931] - C:\AsusVibeData [MD5.3C8B36F78D29C2C6AE5E53979A53E1BA] - [04/12/2016 14:31:57] - |A| - (.-.) - [43509] - (0.0.0.0) - C:\bdlog.txt [MD5.04C91D3AB4CDB766C34A8DC5372BA09E] - [22/08/2013 17:44:03] - |RASH| - (.-.) - [427680] - (0.0.0.0) - C:\bootmgr [MD5.93B885ADFE0DA089CDF634904FD59F71] - [22/08/2013 17:44:04] - |ASH| - (.-.) - [1] - (0.0.0.0) - C:\BOOTNXT [21/01/2018 13:47:39] - |SHD| - [208552] - C:\Config.Msi [22/08/2013 16:45:52] - |SHD| - [0] - C:\Documents and Settings [MD5.409112D16A9F85705D7411996112CCBE] - [16/07/2016 01:58:59] - |A| - (.Copyright © 2015 - Unity3d_RUST_Public.) - [15360] - (1.2.0.0) - C:\hax3s.dll [MD5.D41D8CD98F00B204E9800998ECF8427E] - [21/04/2018 16:04:53] - |ASH| - (.-.) - [6824325120] - (0.0.0.0) - C:\hiberfil.sys [MD5.D41D8CD98F00B204E9800998ECF8427E] - [18/03/2018 13:17:07] - |ASH| - (.-.) - [2550136832] - (0.0.0.0) - C:\pagefile.sys [22/08/2013 17:36:30] - |D| - [0] - C:\PerfLogs [22/08/2013 15:36:15] - |RD| - [13187576927] - C:\Program Files [22/08/2013 15:36:15] - |RD| - [32966392401] - C:\Program Files (x86) [22/08/2013 15:36:15] - |HD| - [6323292177] - C:\ProgramData [21/04/2018 17:36:23] - |D| - [461526] - C:\QuickDiag [MD5.3764649428BEE7B228058AAFA34F03E8] - [23/04/2018 17:47:10] - |A| - (.-.) - [166815] - (0.0.0.0) - C:\QuickDiag.txt [MD5.0646F0BA417198993F8B4FCDF3CC2EBC] - [21/04/2018 17:53:46] - |RA| - (.-.) - [370894] - (0.0.0.0) - C:\QuickDiag_21_04_2018_17_53_46.txt [26/06/2016 03:31:52] - |SHD| - [971] - C:\Recovery [MD5.D41D8CD98F00B204E9800998ECF8427E] - [24/06/2016 23:12:48] - |A| - (.-.) - [0] - (0.0.0.0) - C:\Recovery.txt [MD5.D41D8CD98F00B204E9800998ECF8427E] - [26/06/2016 09:37:38] - |ASH| - (.-.) - [268435456] - (0.0.0.0) - C:\swapfile.sys [24/06/2016 23:13:08] - |SHD| - [0] - C:\System Volume Information [MD5.4EB6B47AE6D6A6D50862FC9E07B7E4D2] - [16/07/2016 01:58:59] - |A| - (.-.) - [8704] - (0.0.0.0) - C:\UnityLoaderv2.dll [22/08/2013 15:36:15] - |RD| - [41391888462] - C:\Users [22/08/2013 15:36:15] - |D| - [67724452719] - C:\Windows [24/06/2016 14:48:19] - |D| - [15934148] - C:\Windows10Upgrade ---------- | C:\Windows [22/08/2013 17:36:30] - |D| - [802] - C:\Windows\addins [22/08/2013 17:36:31] - |D| - [1175552] - C:\Windows\ADFS [MD5.0518932C9A69AFDD49A1BB931AAAF8C2] - [05/06/2014 20:34:44] - |A| - (.-.) - [432254] - (0.0.0.0) - C:\Windows\AEGIS.ico [22/08/2013 17:36:30] - |D| - [36126027] - C:\Windows\AppCompat [22/08/2013 17:36:31] - |D| - [16379756] - C:\Windows\apppatch [22/08/2013 17:36:30] - |D| - [0] - C:\Windows\AppReadiness [MD5.D41D8CD98F00B204E9800998ECF8427E] - [05/06/2014 20:05:42] - |A| - (.-.) - [0] - (0.0.0.0) - C:\Windows\Ascd_err.ini [MD5.3ADB48A53049DDAA59618DADB387BBA0] - [05/06/2014 20:05:42] - |A| - (.-.) - [2947] - (0.0.0.0) - C:\Windows\Ascd_HDI_log.ini [MD5.BC571F20152A8BFCE85E41F7C3C1F320] - [05/06/2014 20:05:42] - |A| - (.-.) - [5498] - (0.0.0.0) - C:\Windows\Ascd_log.ini [MD5.F2C89D11ACDD647623ACDA9D559CA53A] - [05/06/2014 20:05:35] - |A| - (.-.) - [4035] - (0.0.0.0) - C:\Windows\Ascd_tmp.ini [22/08/2013 17:36:30] - |RSD| - [1694233553] - C:\Windows\assembly [MD5.84FEB7449116B1A29E41A1E39A9156C2] - [05/06/2014 20:47:55] - |A| - (.-.) - [10] - (0.0.0.0) - C:\Windows\ASUSBuildDate.txt [MD5.81051BCC2CF1BEDF378224B0A93E2877] - [11/09/2014 02:40:07] - |A| - (.-.) - [2] - (0.0.0.0) - C:\Windows\As_Process_Pass.tag [MD5.E81550AA0FCBC3D0DF026425BBC8C389] - [11/09/2014 02:41:04] - |A| - (.-.) - [18] - (0.0.0.0) - C:\Windows\As_Sysprep_Success.tag [MD5.DF1E5F5296F26632B9D5B5CDD69BE034] - [05/06/2014 11:02:00] - |A| - (.-.) - [18] - (0.0.0.0) - C:\Windows\As_WIMBOOT.tag [MD5.FA78F9739F8F0239A539A06B10D354C7] - [22/08/2013 13:21:53] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Utilitaire de service de fichier de démarrage.) - [56832] - (6.3.9600.16384) - C:\Windows\bfsvc.exe [22/08/2013 17:36:31] - |D| - [37110753] - C:\Windows\Boot [MD5.E0C85E1AC19F192EAFE1D268E3227A78] - [22/08/2013 16:46:23] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\Windows\bootstat.dat [22/08/2013 17:36:31] - |D| - [2340408] - C:\Windows\Branding [22/08/2013 17:36:30] - |D| - [7255092] - C:\Windows\Camera [MD5.9130CCE19B5DB3D2E31F9F789263FC4A] - [04/12/2016 14:20:52] - |A| - (.Copyright (c) 1999-2006 Microsoft Corporation - CAPICOM Module.) - [511328] - (2.1.0.2) - C:\Windows\capicom.dll [22/08/2013 17:20:01] - |D| - [0] - C:\Windows\CbsTemp [MD5.0505315076F50DE128B8256927B94722] - [22/08/2013 21:11:23] - |A| - (.-.) - [35851] - (0.0.0.0) - C:\Windows\Core.xml [MD5.83084644EA4C940FFF0F0B39B2DF6AB2] - [05/06/2014 11:04:15] - |A| - (.-.) - [13] - (0.0.0.0) - C:\Windows\CSUP.txt [22/08/2013 17:36:30] - |D| - [4503720] - C:\Windows\Cursors [05/06/2014 20:52:30] - |D| - [117440] - C:\Windows\da [13/03/2014 02:36:50] - |D| - [102400] - C:\Windows\da-DK [05/06/2014 20:52:33] - |D| - [117960] - C:\Windows\de [13/03/2014 02:44:38] - |D| - [109056] - C:\Windows\de-DE [22/08/2013 17:36:31] - |D| - [25759] - C:\Windows\debug [22/08/2013 17:36:30] - |RD| - [46950] - C:\Windows\DesktopTileResources [MD5.70757BB715401D58378CEFA1164902C8] - [24/06/2016 16:56:58] - |A| - (.-.) - [13338] - (0.0.0.0) - C:\Windows\diagerr.xml [22/08/2013 17:36:30] - |D| - [7079600] - C:\Windows\diagnostics [MD5.70757BB715401D58378CEFA1164902C8] - [24/06/2016 16:56:58] - |A| - (.-.) - [13338] - (0.0.0.0) - C:\Windows\diagwrn.xml [22/08/2013 17:43:29] - |D| - [0] - C:\Windows\DigitalLocker [22/08/2013 17:36:31] - |SD| - [0] - C:\Windows\Downloaded Program Files [05/06/2014 20:52:37] - |D| - [117952] - C:\Windows\el [13/03/2014 02:52:48] - |D| - [114176] - C:\Windows\el-GR [22/08/2013 17:36:31] - |D| - [23568] - C:\Windows\ELAMBKUP [05/06/2014 20:52:21] - |D| - [116928] - C:\Windows\en [13/03/2014 02:59:02] - |D| - [166592] - C:\Windows\en-GB [22/08/2013 17:43:29] - |D| - [97792] - C:\Windows\en-US [05/06/2014 20:52:41] - |D| - [117448] - C:\Windows\es [13/03/2014 03:08:22] - |D| - [109568] - C:\Windows\es-ES [MD5.ED6B4C95E2A6D67480B9DBB8A8E7D9B4] - [12/10/2016 14:32:27] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [2755504] - (6.3.9600.18460) - C:\Windows\explorer.exe [MD5.E1FD9DE48AF5D7652AA31BBE914F54B8] - [26/02/2009 08:50:34] - |A| - (.-.) - [176] - (0.0.0.0) - C:\Windows\explorer.exe.config [MD5.2B97764F76F21170C5673B3AB798881A] - [11/09/2014 02:31:22] - |A| - (.TODO: (c) . - TODO: .) - [1886208] - (1.0.0.1) - C:\Windows\FbkGo.dll [05/06/2014 20:52:45] - |D| - [116928] - C:\Windows\fi [13/03/2014 03:17:29] - |D| - [99840] - C:\Windows\fi-FI [22/08/2013 17:36:30] - |D| - [14577753] - C:\Windows\FileManager [22/08/2013 15:36:15] - |RSD| - [512773267] - C:\Windows\Fonts [05/06/2014 20:52:49] - |D| - [117440] - C:\Windows\fr [13/03/2014 03:27:38] - |D| - [111616] - C:\Windows\fr-FR [22/08/2013 17:36:30] - |D| - [93339833] - C:\Windows\Globalization [MD5.D41D8CD98F00B204E9800998ECF8427E] - [11/09/2014 02:19:45] - |A| - (.-.) - [0] - (0.0.0.0) - C:\Windows\HDT-Exit_Pass.tag [22/08/2013 17:36:31] - |D| - [94974258] - C:\Windows\Help [MD5.95DBA7370490F85BD8A48B913A3D8541] - [14/06/2017 12:00:43] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Aide et support Microsoft.) - [1001984] - (6.3.9600.18722) - C:\Windows\HelpPane.exe [MD5.B934411DFE7DEACFA95A1255A48133C9] - [24/06/2016 13:54:03] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Exécutable de l’aide HTML Microsoft®.) - [17408] - (6.3.9600.17415) - C:\Windows\hh.exe [22/08/2013 17:36:30] - |D| - [152872852] - C:\Windows\IME [22/08/2013 17:36:31] - |RD| - [7403324] - C:\Windows\ImmersiveControlPanel [22/08/2013 15:36:15] - |D| - [143967660] - C:\Windows\Inf [22/08/2013 17:36:31] - |D| - [119175822] - C:\Windows\InputMethod [22/08/2013 17:36:31] - |SHD| - [1213520911] - C:\Windows\Installer [05/06/2014 20:52:53] - |D| - [116928] - C:\Windows\it [13/03/2014 03:38:21] - |D| - [108544] - C:\Windows\it-IT [22/08/2013 17:36:31] - |D| - [61417] - C:\Windows\L2Schemas [MD5.718FECF22BF4BD4FC05B79AA4BEC75D0] - [05/06/2014 20:05:36] - |A| - (.-.) - [1769] - (0.0.0.0) - C:\Windows\Language_trs.ini [22/08/2013 17:36:31] - |D| - [5655121] - C:\Windows\LiveKernelReports [22/08/2013 15:36:15] - |D| - [12061950] - C:\Windows\Logs [22/08/2013 17:36:30] - |RSD| - [19944453] - C:\Windows\Media [22/08/2013 17:36:31] - |D| - [18917376] - C:\Windows\MediaViewer [MD5.23AF90D2355D8C83AA4567EF1763B467] - [22/08/2013 09:01:23] - |A| - (.-.) - [43131] - (0.0.0.0) - C:\Windows\mib.bin [22/08/2013 17:36:30] - |D| - [1760270657] - C:\Windows\Microsoft.NET [24/06/2016 13:20:08] - |D| - [1263] - C:\Windows\Migration [24/06/2016 23:57:37] - |D| - [0] - C:\Windows\Minidump [22/08/2013 17:36:31] - |D| - [0] - C:\Windows\ModemLogs [13/03/2014 03:49:12] - |D| - [99328] - C:\Windows\nb-NO [05/06/2014 20:52:56] - |D| - [117440] - C:\Windows\nl [13/03/2014 04:00:43] - |D| - [109056] - C:\Windows\nl-NL [MD5.FC2EA5BD5307D2CFA5AAA38E0C0DDCE9] - [24/06/2016 13:49:49] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Bloc-notes.) - [221184] - (6.3.9600.17930) - C:\Windows\notepad.exe [MD5.74F28574BB8F61FFC7DD419FE6B6E0D5] - [26/02/2018 19:53:26] - |A| - (.-.) - [1951] - (0.0.0.0) - C:\Windows\NvContainerRecovery.bat [MD5.74F28574BB8F61FFC7DD419FE6B6E0D5] - [26/02/2018 19:54:05] - |A| - (.-.) - [1951] - (0.0.0.0) - C:\Windows\NvTelemetryContainerRecovery.bat [MD5.584F9410E53894C8F30CA5E61D324DC3] - [05/06/2014 11:01:00] - |A| - (.-.) - [55] - (0.0.0.0) - C:\Windows\OEMVer.txt [22/08/2013 17:36:30] - |RD| - [0] - C:\Windows\Offline Web Pages [05/06/2014 11:09:59] - |D| - [4121940] - C:\Windows\Panther [05/06/2014 20:52:02] - |D| - [0] - C:\Windows\PCHEALTH [22/08/2013 17:36:30] - |D| - [44833195] - C:\Windows\Performance [MD5.813D33D6F551AFDD23168FBA02445431] - [11/09/2014 02:27:11] - |A| - (.-.) - [2380] - (0.0.0.0) - C:\Windows\PidVid_List.txt [22/08/2013 17:36:30] - |D| - [3347304] - C:\Windows\PLA [22/08/2013 17:36:30] - |D| - [11563172] - C:\Windows\PolicyDefinitions [05/06/2014 18:51:43] - |D| - [38019673] - C:\Windows\Prefetch [MD5.E6FEE6D006E048C1C0F39547C1B66124] - [24/06/2016 16:54:47] - |A| - (.-.) - [66] - (0.0.0.0) - C:\Windows\progress.ini [13/03/2014 04:12:24] - |D| - [224960] - C:\Windows\pt-PT [MD5.B67DB709F5FDAA89CA6C2CB6C1E39B3B] - [24/06/2016 14:24:49] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Éditeur du Registre.) - [154624] - (6.3.9600.17415) - C:\Windows\regedit.exe [22/08/2013 17:36:30] - |D| - [1071164] - C:\Windows\Registration [22/08/2013 17:36:30] - |D| - [6316515] - C:\Windows\rescache [22/08/2013 17:36:31] - |D| - [2945375] - C:\Windows\Resources [MD5.A8F0B315F67842060906A301108CDAB0] - [05/06/2014 20:13:05] - |RA| - (.Copyright (C) 2014 Realtek Semiconductor Corp. - RtlExUpd DLL for setup utility function.) - [2080472] - (1.0.5.4) - C:\Windows\RtlExUpd.dll [MD5.6106526CA0AB6DFE788BDB29C98B5004] - [11/09/2014 02:26:36] - |A| - (.Copyright (C) 2012-2013 -.) - [44104] - (1.1003.514.2013) - C:\Windows\runSW.exe [MD5.02DF2382F5730216C4AE47E5AD4B322E] - [05/06/2014 20:05:42] - |A| - (.-.) - [2384] - (0.0.0.0) - C:\Windows\scd.ini [22/08/2013 17:36:31] - |D| - [0] - C:\Windows\SchCache [22/08/2013 17:36:30] - |D| - [118561] - C:\Windows\schemas [22/08/2013 17:36:31] - |D| - [5261274] - C:\Windows\security [22/08/2013 16:45:15] - |D| - [76695594] - C:\Windows\ServiceProfiles [22/08/2013 15:36:15] - |D| - [648832766] - C:\Windows\servicing [22/08/2013 16:45:23] - |AD| - [2218] - C:\Windows\Setup [MD5.A6340484E64BF361690C830AFE21507A] - [05/06/2014 20:34:43] - |A| - (.-.) - [504] - (0.0.0.0) - C:\Windows\setup.iss [MD5.D14F527EBB5416B6912FBE7B37E8C2CD] - [22/04/2018 17:29:17] - |A| - (.-.) - [232] - (0.0.0.0) - C:\Windows\setupact.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - [22/04/2018 17:29:17] - |A| - (.-.) - [0] - (0.0.0.0) - C:\Windows\setuperr.log [18/02/2017 16:17:06] - |D| - [324] - C:\Windows\ShellNew [22/08/2013 21:11:12] - |D| - [31373168] - C:\Windows\SKB [11/09/2014 02:24:41] - |D| - [336954882] - C:\Windows\SoftwareDistribution [22/08/2013 17:36:30] - |D| - [693911016] - C:\Windows\Speech [MD5.7826082B93262AB6460E77B91C61EA30] - [26/06/2016 10:07:30] - |A| - (.© Microsoft Corporation. - Print driver host for applications.) - [128512] - (6.3.9600.17480) - C:\Windows\splwow64.exe [MD5.A77E65831A152C8FCA5B822749E2624D] - [22/08/2013 17:19:59] - |A| - (.-.) - [35891] - (0.0.0.0) - C:\Windows\Starter.xml [MD5.96AB021E14DFBF346E10EFC784B3ADE0] - [05/06/2014 20:38:31] - |A| - (.-.) - [135413] - (0.0.0.0) - C:\Windows\StartMenuSetup.ico [05/06/2014 20:52:59] - |D| - [116928] - C:\Windows\sv [13/03/2014 04:24:21] - |D| - [101376] - C:\Windows\sv-SE [MD5.FC8D05A5D6FE42ABF41CA8A8F94B4CB0] - [11/09/2014 02:26:36] - |A| - (.2012: (c) Realtek. By Karl - Switch USB2.0/USB3.0 for WinXP SP2+ ~ Win8.) - [446168] - (500.1019.705.2013) - C:\Windows\SwUSB.exe [22/08/2013 17:36:30] - |D| - [31039] - C:\Windows\System [MD5.286A9EDB379DC3423A528B0864A0F111] - [22/08/2013 15:25:43] - |A| - (.-.) - [219] - (0.0.0.0) - C:\Windows\system.ini [22/08/2013 15:36:16] - |D| - [18886086407] - C:\Windows\System32 [22/08/2013 17:36:30] - |D| - [21211312] - C:\Windows\SystemResources [22/08/2013 15:36:16] - |AD| - [2012669549] - C:\Windows\SysWOW64 [22/08/2013 17:36:31] - |D| - [0] - C:\Windows\TAPI [22/08/2013 17:36:30] - |D| - [6] - C:\Windows\Tasks [22/08/2013 15:36:16] - |D| - [2520268] - C:\Windows\Temp [22/08/2013 17:36:30] - |RD| - [22151] - C:\Windows\ToastData [05/06/2014 20:53:03] - |D| - [116936] - C:\Windows\tr [13/03/2014 04:37:12] - |D| - [102400] - C:\Windows\tr-TR [22/08/2013 17:36:31] - |D| - [0] - C:\Windows\tracing [22/08/2013 17:36:31] - |D| - [7680] - C:\Windows\twain_32 [MD5.727B4519FE9919447108CBEC4768F34A] - [24/06/2016 14:24:37] - |A| - (.- Gestionnaire de sources Twain_32 (Image Acquisition Interface).) - [54272] - (1.7.1.3) - C:\Windows\twain_32.dll [22/08/2013 17:36:30] - |D| - [15612486] - C:\Windows\vpnplugins [22/08/2013 17:36:30] - |D| - [12420] - C:\Windows\Vss [22/08/2013 17:36:31] - |D| - [9345102] - C:\Windows\Web [MD5.C2606968F31723DFB06B0B83B23E38D5] - [22/08/2013 15:25:43] - |A| - (.-.) - [167] - (0.0.0.0) - C:\Windows\win.ini [MD5.C844CA459F3B209329984772269B6E56] - [22/08/2013 08:53:50] - |RAH| - (.-.) - [670] - (0.0.0.0) - C:\Windows\WindowsShell.Manifest [MD5.0F9498EBE21036BD2220B5D768A8F9DF] - [04/12/2016 13:46:44] - |A| - (.-.) - [1843138] - (0.0.0.0) - C:\Windows\WindowsUpdate.log [MD5.335C38783B3F1B383ECAC17DB3705895] - [24/06/2016 14:22:54] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Relais Windows Winhlp32.) - [9728] - (6.3.9600.17415) - C:\Windows\winhlp32.exe [22/08/2013 17:36:31] - |D| - [2261802] - C:\Windows\WinStore [22/08/2013 15:36:16] - |D| - [38890979117] - C:\Windows\WinSxS [MD5.11B01B3F4AF229467DBA81F9F80A6766] - [10/01/2014 23:31:32] - |A| - (.© 2012 Microsoft Corporation. Tous droits réservés. - Écran de veille de la Galerie de photos.) - [322240] - (16.4.3522.110) - C:\Windows\WLXPGSS.SCR [MD5.E7E4D8D7340DA6934B9EA81CBB21374C] - [22/08/2013 08:52:18] - |A| - (.-.) - [316640] - (0.0.0.0) - C:\Windows\WMSysPr9.prx [MD5.73E19BE0E0ECD88616B5762F621B0226] - [24/06/2016 14:22:51] - |A| - (.© Microsoft Corporation. - Windows Write.) - [11264] - (6.3.9600.17415) - C:\Windows\write.exe [13/03/2014 04:50:56] - |D| - [183488] - C:\Windows\zh-CN [13/03/2014 05:05:29] - |D| - [182984] - C:\Windows\zh-TW ---------- | C:\Windows\System32\GroupPolicy [MD5.E12324ACF507ACE937B7FEC19E97D9AE] - [02/09/2016 19:33:23] - |A| - (.-.) - [127] - (0.0.0.0) - C:\Windows\System32\GroupPolicy\GPT.INI [02/09/2016 19:33:23] - |D| - [94] - C:\Windows\System32\GroupPolicy\Machine [02/09/2016 19:33:23] - |D| - [0] - C:\Windows\System32\GroupPolicy\User ---------- | Systemroot\System ---------- | Systemroot\Installer (Microsoft Files Whitelisted) [25/10/2017 20:07:12] - C:\Windows\Installer\10124f5f.msi : (Epic Games Launcher - Epic Games, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [19/11/2015 10:56:58] - C:\Windows\Installer\10124f64.msi : (Epic Games Launcher Prerequisites (x64) - Epic Games, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [11/04/2014 19:33:00] - C:\Windows\Installer\12162.msi : (Intel(R) Rapid Storage Technology - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [20/03/2014 21:44:52] - C:\Windows\Installer\12167.msi : (Intel(R) Management Engine Components - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [20/03/2014 21:45:10] - C:\Windows\Installer\1216c.msi : (Intel(R) Management Engine Components - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [20/03/2014 21:42:56] - C:\Windows\Installer\12171.msi : (Intel(R) Trusted Connect Service Client - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [07/11/2012 18:30:52] - C:\Windows\Installer\1217b.msi : ( - Cisco Systems, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [07/11/2012 18:39:00] - C:\Windows\Installer\12180.msi : ( - Cisco Systems, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [07/11/2012 18:37:52] - C:\Windows\Installer\12185.msi : ( - Cisco Systems, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [04/09/2016 21:10:22] - C:\Windows\Installer\15ab0cf.msi : (Oracle VM VirtualBox 5.0.26 installation package - Oracle Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [11/11/2016 22:19:17] - C:\Windows\Installer\16c0e7.msi : (Minecraft - Mojang) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/03/2015 10:41:29] - C:\Windows\Installer\1736b60.msi : ( - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [08/08/2013 12:56:01] - C:\Windows\Installer\2af95.msi : (ASUS Music Maker - v18.0.4.1 (en-GB) - MAGIX AG) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [22/07/2013 02:55:56] - C:\Windows\Installer\2af99.msi : (Blank Project Template - CyberLink Corp.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [29/07/2016 13:51:42] - C:\Windows\Installer\334222d.msi : (Blade & Soul Client - NC Interactive, LLC) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [27/03/2014 03:00:32] - C:\Windows\Installer\36873.msi : (Intel(R) Chipset Device Software - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [24/06/2016 14:20:52] - C:\Windows\Installer\377e00.msi : (Classic Shell - IvoSoft) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/08/2013 09:08:54] - C:\Windows\Installer\3ec14.msi : (Blank Project Template - Macrovision Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [07/06/2013 05:38:46] - C:\Windows\Installer\3ec18.msi : (Blank Project Template - CyberLink Corp.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [13/10/2017 21:44:35] - C:\Windows\Installer\5a653cfd.msi : (Skype - Skype Technologies S.A.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [20/04/2018 16:35:55] - C:\Windows\Installer\838ef.msi : (Java SE Runtime Environment 8 Update 171 - Oracle Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [20/04/2018 16:35:51] - C:\Windows\Installer\838fa.msi : (Java Auto Updater - Oracle Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [15/11/2017 20:30:55] - C:\Windows\Installer\b1e1d4f.msi : (Google Update Helper - Google Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [01/03/2018 12:12:45] - C:\Windows\Installer\e0a1221.msi : (Adobe ARM Installer - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] ---------- | %System%\*.in* [22/08/2013 17:36:48] - [75] - C:\Windows\System32\desktop.ini [24/06/2016 13:49:55] - [16303] - C:\Windows\System32\ieuinit.inf [05/06/2014 20:12:41] - [11613558] - C:\Windows\System32\PerfStringBackup.INI [22/08/2013 08:56:03] - [60124] - C:\Windows\System32\tcpmon.ini [13/03/2014 05:57:38] - [2255] - C:\Windows\System32\WimBootCompress.ini [01/01/2018 19:00:39] - [113] - C:\Windows\Syswow64\camera.ini [24/06/2016 13:49:55] - [16303] - C:\Windows\Syswow64\ieuinit.inf [11/09/2014 02:24:12] - [11801042] - C:\Windows\Syswow64\PerfStringBackup.INI [13/03/2014 05:58:21] - [2255] - C:\Windows\Syswow64\WimBootCompress.ini ---------- | Listing no Microsoft signed files (Not necessary Malwares) | system32 | Syswow64 | General scan [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [0 Ko] - C:\Windows\AppPatch\Custom\Custom64 [MD5.BE452D7BF880125D2832F99BFDBFD1AE] - |A| - [22/08/2013 08:57:05] - (.-.) - [6.83 Ko] - (0.0.0.0) - C:\Windows\AppPatch\AppPatch64\pcamain.sdb [MD5.C4DFAA24F8EAB45F06BC9F6CFBF0C804] - |A| - [11/04/2018 18:22:20] - (.-.) - [423.33 Ko] - (0.0.0.0) - C:\Windows\AppPatch\AppPatch64\sysmain.sdb [MD5.D647DED84075F39E4794469DCB3C7B62] - |A| - [21/04/2018 16:05:42] - (.-.) - [1.21 Ko] - (0.0.0.0) - C:\Windows\Temp\bdec.bytes [MD5.00000000000000000000000000000000] - |D| - [21/04/2018 16:07:07] - [4.01 Ko] - C:\Windows\Temp\HP [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [21/04/2018 16:05:56] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\officeclicktorun.exe_streamserver(201804211605568B4).log [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [21/04/2018 16:59:04] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\officeclicktorun.exe_streamserver(20180421165904928).log [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [22/04/2018 17:29:42] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\officeclicktorun.exe_streamserver(20180422172942B38).log [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [23/04/2018 17:51:40] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\officeclicktorun.exe_streamserver(2018042317514033C8).log [MD5.00000000000000000000000000000000] - |D| - [22/04/2018 19:48:55] - [0 Ko] - C:\Windows\Temp\tmp00000213 [MD5.00000000000000000000000000000000] - |D| - [22/04/2018 21:09:16] - [0 Ko] - C:\Windows\Temp\tmp0000034d [MD5.00000000000000000000000000000000] - |D| - [21/04/2018 19:18:09] - [0 Ko] - C:\Windows\Temp\tmp00000502 [MD5.6FB7CD69433313FF7783F2BDD60F5C86] - |A| - [21/04/2018 14:39:47] - (.-.) - [12.91 Ko] - (0.0.0.0) - C:\Windows\Temp\XIONG-20180421-1439.log [MD5.EDB92A9C2CF2836EA001A680FECFC210] - |A| - [21/04/2018 16:05:55] - (.-.) - [11.92 Ko] - (0.0.0.0) - C:\Windows\Temp\XIONG-20180421-1605.log [MD5.1A0451FF7AA7F25B67964F87D5D6EFDA] - |A| - [21/04/2018 16:10:54] - (.-.) - [9.52 Ko] - (0.0.0.0) - C:\Windows\Temp\XIONG-20180421-1610.log [MD5.CD366C872D688794D41BF02C7984151E] - |A| - [21/04/2018 16:59:03] - (.-.) - [11.11 Ko] - (0.0.0.0) - C:\Windows\Temp\XIONG-20180421-1659.log [MD5.32B4A6465FF154C734F8BFEB8940E91E] - |A| - [21/04/2018 17:05:10] - (.-.) - [9.52 Ko] - (0.0.0.0) - C:\Windows\Temp\XIONG-20180421-1705.log [MD5.611DC28C055CBD3517C378B875D85A64] - |A| - [21/04/2018 17:28:01] - (.-.) - [9.52 Ko] - (0.0.0.0) - C:\Windows\Temp\XIONG-20180421-1728.log [MD5.9DFFC12A12C6B5870E2B75F1CB3F021B] - |A| - [21/04/2018 17:52:04] - (.-.) - [9.9 Ko] - (0.0.0.0) - C:\Windows\Temp\XIONG-20180421-1752.log [MD5.8AF77D683A54DA1E9BE472024AED513D] - |A| - [21/04/2018 18:04:04] - (.-.) - [9.48 Ko] - (0.0.0.0) - C:\Windows\Temp\XIONG-20180421-1804.log [MD5.84FF2746D830AF573301071E96836E58] - |A| - [21/04/2018 18:56:51] - (.-.) - [9.52 Ko] - (0.0.0.0) - C:\Windows\Temp\XIONG-20180421-1856.log [MD5.514F31B3613A36C5814EA640CFDD5310] - |A| - [22/04/2018 17:29:42] - (.-.) - [52.36 Ko] - (0.0.0.0) - C:\Windows\Temp\XIONG-20180422-1729.log [MD5.F7E8565EFF9FCC7092B51C4985C6C0C3] - |A| - [22/04/2018 17:35:23] - (.-.) - [17.32 Ko] - (0.0.0.0) - C:\Windows\Temp\XIONG-20180422-1735.log [MD5.68B6B63B5D6A5FBC157B449AE96D01CB] - |A| - [22/04/2018 17:39:32] - (.-.) - [10.25 Ko] - (0.0.0.0) - C:\Windows\Temp\XIONG-20180422-1739.log [MD5.DF8432EF89CFC0AA926556326D85CCC0] - |A| - [22/04/2018 17:39:47] - (.-.) - [7.39 Ko] - (0.0.0.0) - C:\Windows\Temp\XIONG-20180422-1739a.log [MD5.BC0E90869E7DE3C18CFEF100413D21BB] - |A| - [22/04/2018 18:05:58] - (.-.) - [9.88 Ko] - (0.0.0.0) - C:\Windows\Temp\XIONG-20180422-1805.log [MD5.689295F17E7C0C53F7558FB5FABC75BF] - |A| - [22/04/2018 21:04:19] - (.-.) - [9.5 Ko] - (0.0.0.0) - C:\Windows\Temp\XIONG-20180422-2104.log [MD5.A935BE30D0CBE0CA827C76CA16BA59B3] - |A| - [22/04/2018 21:09:54] - (.-.) - [86.55 Ko] - (0.0.0.0) - C:\Windows\Temp\XIONG-20180422-2109.log [MD5.88208866AD87DEEC40CEA837998D141A] - |A| - [22/04/2018 21:15:25] - (.-.) - [9.52 Ko] - (0.0.0.0) - C:\Windows\Temp\XIONG-20180422-2115.log [MD5.A8A17CCC688695CDE89290EB11B0A447] - |A| - [22/04/2018 21:31:47] - (.-.) - [18.42 Ko] - (0.0.0.0) - C:\Windows\Temp\XIONG-20180422-2131.log [MD5.99577E6D1C5726CF9B28C13A5E016BEC] - |A| - [23/04/2018 17:42:43] - (.-.) - [138.92 Ko] - (0.0.0.0) - C:\Windows\Temp\XIONG-20180423-1742.log [MD5.6188F0D1C19670E15B2361089AFADD97] - |A| - [23/04/2018 17:46:21] - (.-.) - [10.88 Ko] - (0.0.0.0) - C:\Windows\Temp\XIONG-20180423-1746.log [MD5.6ADD8C4EBF09E351F45B292E950A43FC] - |A| - [23/04/2018 17:51:40] - (.-.) - [146.74 Ko] - (0.0.0.0) - C:\Windows\Temp\XIONG-20180423-1751.log [MD5.493684991A9431B1D44C93097942E81F] - |A| - [23/04/2018 17:52:17] - (.-.) - [9.87 Ko] - (0.0.0.0) - C:\Windows\Temp\XIONG-20180423-1752.log [MD5.50963C28778A8D5184B4CADF72170DB5] - |A| - [23/04/2018 17:52:42] - (.-.) - [7.76 Ko] - (0.0.0.0) - C:\Windows\Temp\XIONG-20180423-1752a.log [MD5.2801330C5522A2C03AD558E2547CADFD] - |A| - [23/04/2018 17:52:48] - (.-.) - [10.99 Ko] - (0.0.0.0) - C:\Windows\Temp\XIONG-20180423-1752b.log [MD5.ADBF90F54E66F882D74113D3DB34D594] - |A| - [23/04/2018 17:54:20] - (.-.) - [28.2 Ko] - (0.0.0.0) - C:\Windows\Temp\XIONG-20180423-1754.log [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:09:51] - [0 Ko] - C:\Windows\System32\0409 [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:16] - [3882.5 Ko] - C:\Windows\System32\AdvancedInstallers [MD5.96A6FCCACCAF7402A3FEC9632D4CFD42] - |A| - [09/08/2017 15:18:07] - (.-.) - [438.11 Ko] - (0.0.0.0) - C:\Windows\System32\ApnDatabase.xml [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [0 Ko] - C:\Windows\System32\AppLocker [MD5.00000000000000000000000000000000] - |D| - [24/06/2016 23:52:34] - [2524.88 Ko] - C:\Windows\System32\appraiser [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:30] - [253 Ko] - C:\Windows\System32\ar-SA [MD5.D638E3AD81E149A75EEF59E9C743E27C] - |A| - [22/08/2013 17:36:38] - (.-.) - [0.38 Ko] - (0.0.0.0) - C:\Windows\System32\AutoWorkplace.exe.config [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [228.5 Ko] - C:\Windows\System32\bg-BG [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:16] - [7401.75 Ko] - C:\Windows\System32\Boot [MD5.A5F320FFE96F6939D2FF39360ADA9B5A] - |A| - [24/06/2016 14:25:09] - (.Copyright (C) 2008 - Gestionnaire de contexte pour réseau personnel Bluetooth.) - [94 Ko] - (1.0.0.1) - C:\Windows\System32\BthpanContextHandler.dll [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:30] - [0.93 Ko] - C:\Windows\System32\Bthprops [MD5.6A33F3047345CC67D036DD0E6AA9C4BC] - |A| - [11/09/2014 02:27:11] - (.-.) - [3.29 Ko] - (0.0.0.0) - C:\Windows\System32\bt_only_chip_bt40_fw_asic_rom_patch.dll [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:16] - [506376.43 Ko] - C:\Windows\System32\catroot [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [211103.91 Ko] - C:\Windows\System32\catroot2 [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [1470.02 Ko] - C:\Windows\System32\CodeIntegrity [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [418.5 Ko] - C:\Windows\System32\Com [MD5.00000000000000000000000000000000] - |SD| - [24/06/2016 23:50:39] - [1440.19 Ko] - C:\Windows\System32\CompatTel [MD5.46B2868BB6EAC5F71B47E17B6C883C34] - |A| - [13/04/2017 05:47:32] - (.2013 © Real Sound Lab SIA, iSoft Solutions - CONEQ™ Media Suite APO GUI Library.) - [119.45 Ko] - (1.0.0.4) - C:\Windows\System32\CONEQMSAPOGUILibrary.dll [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:16] - [788704.28 Ko] - C:\Windows\System32\config [MD5.00000000000000000000000000000000] - |SD| - [22/08/2013 17:36:31] - [228.58 Ko] - C:\Windows\System32\Configuration [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [273 Ko] - C:\Windows\System32\cs-CZ [MD5.00000000000000000000000000000000] - |D| - [13/03/2014 02:36:50] - [1677 Ko] - C:\Windows\System32\da [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [30194.58 Ko] - C:\Windows\System32\da-DK [MD5.38024C73936E9E9B4B1954D0E4DF82D6] - |A| - [13/04/2017 05:47:18] - (.©2014 Dolby Laboratories. - Dolby Digital Plus API x86.) - [266.32 Ko] - (7.6.5.1) - C:\Windows\System32\DDPA64.dll [MD5.65485DD46B555D153B33165FEC3C865C] - |A| - [13/04/2017 05:47:24] - (.©2014 Dolby Laboratories. - Dolby Digital Plus COM DLL x86.) - [1919.73 Ko] - (7.6.5.1) - C:\Windows\System32\DDPD64A.dll [MD5.403310903C62E962B846FD60C3C36DAD] - |A| - [13/04/2017 05:47:24] - (.©2014 Dolby Laboratories. - Dolby Digital Plus APO x86.) - [319.77 Ko] - (7.6.5.1) - C:\Windows\System32\DDPO64A.dll [MD5.CB8881A4FD3E251ECBFAD0D3021B70AA] - |A| - [13/04/2017 05:47:42] - (.©2014 Dolby Laboratories. - Dolby DS1PC Control Panel x86.) - [6929.87 Ko] - (7.6.5.1) - C:\Windows\System32\DDPP64A.dll [MD5.00000000000000000000000000000000] - |D| - [13/03/2014 02:44:38] - [1675.5 Ko] - C:\Windows\System32\de [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [40121.84 Ko] - C:\Windows\System32\de-DE [MD5.08750A50CF027F93070C8BB78E27C3B7] - |SH| - [22/08/2013 17:36:48] - (.-.) - [0.07 Ko] - (0.0.0.0) - C:\Windows\System32\desktop.ini [MD5.DCF2510E0745720E543E84F5E921FCC0] - |A| - [13/03/2014 05:59:13] - (.-.) - [256.19 Ko] - (0.0.0.0) - C:\Windows\System32\dfpinc.dat [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:16] - [7584.17 Ko] - C:\Windows\System32\Dism [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:16] - [328 Ko] - C:\Windows\System32\downlevel [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:16] - [160664.43 Ko] - C:\Windows\System32\drivers [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:31:28] - [12935795.75 Ko] - C:\Windows\System32\DriverStore [MD5.00000000000000000000000000000000] - |DC| - [26/06/2016 10:53:38] - [1077.38 Ko] - C:\Windows\System32\DRVSTORE [MD5.00000000000000000000000000000000] - |SD| - [22/08/2013 17:36:30] - [246 Ko] - C:\Windows\System32\dsc [MD5.4DE481D24087B6556D567A2D3361934C] - |A| - [13/04/2017 05:47:36] - (.(c) DTS. - DTS Bass Enhancement COM DLL.) - [726.52 Ko] - (1.0.0.1) - C:\Windows\System32\DTSBassEnhancementDLL64.dll [MD5.6048BE0930E13B6DB5FAF18D9A81690E] - |A| - [13/04/2017 05:47:38] - (.(c) DTS. - DTS Boost COM DLL.) - [1473.56 Ko] - (1.0.0.1) - C:\Windows\System32\DTSBoostDLL64.dll [MD5.5435FD493302C6647375DD12B161B38E] - |A| - [13/04/2017 05:47:40] - (.(c) DTS. - DTS Gain Compensator COM DLL.) - [430.92 Ko] - (1.0.0.1) - C:\Windows\System32\DTSGainCompensatorDLL64.dll [MD5.95C07AFFF5095F22DAFE8F1217AD096E] - |A| - [13/04/2017 05:47:42] - (.(c) DTS. - DTS GFX APO.) - [247.95 Ko] - (1.0.0.3) - C:\Windows\System32\DTSGFXAPO64.dll [MD5.E3B83240FB61DA70E6F188D1021EB1F4] - |A| - [13/04/2017 05:47:44] - (.(c) DTS. - DTS GFX APO.) - [246.95 Ko] - (1.0.0.3) - C:\Windows\System32\DTSGFXAPONS64.dll [MD5.F54F17BF43A7FE7817C1029066C4EF05] - |A| - [13/04/2017 05:47:46] - (.(c) DTS. - DTS LFX APO.) - [247.91 Ko] - (1.0.0.3) - C:\Windows\System32\DTSLFXAPO64.dll [MD5.843BDD876C49439E07EC79A54DDD74A8] - |A| - [13/04/2017 05:47:48] - (.(c) DTS. - DTS Limiter COM DLL.) - [434.95 Ko] - (1.0.0.1) - C:\Windows\System32\DTSLimiterDLL64.dll [MD5.53591E9E53F15B0FB64298438EFE19A9] - |A| - [13/04/2017 05:47:50] - (.(c) DTS. - DTS NEO:PC COM DLL.) - [492.48 Ko] - (1.0.0.1) - C:\Windows\System32\DTSNeoPCDLL64.dll [MD5.F6D64A2A6789C9C3C8A5BD98D15DC011] - |A| - [13/04/2017 05:47:52] - (.(c) DTS. - DTS Surround Sensation Headphone COM DLL.) - [1553.77 Ko] - (1.0.0.1) - C:\Windows\System32\DTSS2HeadphoneDLL64.dll [MD5.D0A8901291A84154F03F2D7050110412] - |A| - [13/04/2017 05:47:54] - (.(c) DTS. - DTS Surround Sensation Speaker COM DLL.) - [1738.88 Ko] - (1.0.0.1) - C:\Windows\System32\DTSS2SpeakerDLL64.dll [MD5.BBA3CD9F164D7FC15E0C079BD7E0055E] - |A| - [13/04/2017 05:47:54] - (.(c) DTS. - DTS Symmetry COM DLL.) - [710.38 Ko] - (1.0.0.1) - C:\Windows\System32\DTSSymmetryDLL64.dll [MD5.37B8A8089ECED77F6CEAF74917C5D12B] - |A| - [05/06/2014 20:13:20] - (.(c) DTS. - DTS GFX APO.) - [475.94 Ko] - (2.1.1.0) - C:\Windows\System32\DTSU2PGFX64.dll [MD5.8AE860D92752CFA136979B1FF797FFDC] - |A| - [05/06/2014 20:13:20] - (.(c) DTS. - DTS LFX APO.) - [489.44 Ko] - (2.1.1.0) - C:\Windows\System32\DTSU2PLFX64.dll [MD5.A9B98F96FBE514ADEABD20B2BD132172] - |A| - [05/06/2014 20:13:20] - (.(c) DTS. - DTS LFX APO.) - [405.94 Ko] - (2.1.1.0) - C:\Windows\System32\DTSU2PREC64.dll [MD5.C96BB32B07A2628215F617D8B2E836C4] - |A| - [13/04/2017 05:47:56] - (.(c) DTS. - DTS Voice Clarity COM DLL.) - [691.7 Ko] - (1.0.0.1) - C:\Windows\System32\DTSVoiceClarityDLL64.dll [MD5.00000000000000000000000000000000] - |D| - [13/03/2014 02:52:48] - [1740 Ko] - C:\Windows\System32\el [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [34821.73 Ko] - C:\Windows\System32\el-GR [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:09:51] - [1680 Ko] - C:\Windows\System32\en [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [16132.03 Ko] - C:\Windows\System32\en-GB [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [36170.3 Ko] - C:\Windows\System32\en-US [MD5.00000000000000000000000000000000] - |D| - [13/03/2014 03:08:23] - [1688 Ko] - C:\Windows\System32\es [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [39505.4 Ko] - C:\Windows\System32\es-ES [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [213.5 Ko] - C:\Windows\System32\et-EE [MD5.00000000000000000000000000000000] - |D| - [13/03/2014 03:17:28] - [1682.5 Ko] - C:\Windows\System32\fi [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [29901.21 Ko] - C:\Windows\System32\fi-FI [MD5.58A47526FD122DC41721D49D338B5B12] - |A| - [22/08/2013 16:44:50] - (.-.) - [545.42 Ko] - (0.0.0.0) - C:\Windows\System32\FNTCACHE.DAT [MD5.00000000000000000000000000000000] - |D| - [13/03/2014 03:27:35] - [1711 Ko] - C:\Windows\System32\fr [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [40354.32 Ko] - C:\Windows\System32\fr-FR [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [0 Ko] - C:\Windows\System32\FxsTmp [MD5.55158C8F4CFAB021134137B68BBFD01F] - |A| - [22/08/2013 08:58:31] - (.-.) - [72.53 Ko] - (0.0.0.0) - C:\Windows\System32\gatherNetworkInfo.vbs [MD5.00000000000000000000000000000000] - |HD| - [22/08/2013 17:36:31] - [0.22 Ko] - C:\Windows\System32\GroupPolicy [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [0 Ko] - C:\Windows\System32\GroupPolicyUsers [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [241.5 Ko] - C:\Windows\System32\he-IL [MD5.6F7D1601DA55BBE5C7A79E01E236D7B9] - |A| - [05/06/2014 20:13:21] - (.© Knowles Electronics. - Knowles HD Audio APO.) - [589.83 Ko] - (4.1105.6000.53) - C:\Windows\System32\KAAPORT64.dll [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [208.5 Ko] - C:\Windows\System32\ko-KR [MD5.FAFA8B2317AABF4EBDC94D74CDB73394] - |A| - [22/08/2013 08:59:51] - (.-.) - [11741.31 Ko] - (0.0.0.0) - C:\Windows\System32\korwbrkr.lex [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [86.43 Ko] - C:\Windows\System32\Licenses [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:30] - [11128.72 Ko] - C:\Windows\System32\LogFiles [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:30] - [220.5 Ko] - C:\Windows\System32\lt-LT [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [220.5 Ko] - C:\Windows\System32\lv-LV [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [30012.97 Ko] - C:\Windows\System32\Macromed [MD5.75616F8DB5C092A8A50AFEC273859DD7] - |A| - [05/06/2014 20:13:21] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [311.34 Ko] - (2.2.9.0) - C:\Windows\System32\MaxxAudioAPO20.dll [MD5.06080807E61471A18AD99F3E6FF3C9B5] - |A| - [05/06/2014 20:13:22] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [647.75 Ko] - (3.6.0.0) - C:\Windows\System32\MaxxAudioAPO30.dll [MD5.80C4F3C1718C9EB97872E8074F215D35] - |A| - [05/06/2014 20:13:22] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [1110.09 Ko] - (4.5.5.0) - C:\Windows\System32\MaxxAudioAPO4064.dll [MD5.20033C3A104038F59668D563F0A0A048] - |A| - [05/06/2014 20:13:23] - (.Copyright (C) 2010-2014 - MaxxAudio APO Shell.) - [1038.59 Ko] - (4.15.0.0) - C:\Windows\System32\MaxxAudioAPOShell64.dll [MD5.E93ADE8C38CA41442FE60E844DED92AC] - |A| - [05/06/2014 20:13:23] - (.Copyright © 1996-2014 -.) - [1993.59 Ko] - (4.1.1.0) - C:\Windows\System32\MaxxAudioEQ64.dll [MD5.75EA61BDD02296302A61B9188DB2F5A9] - |A| - [05/06/2014 20:13:23] - (.- Waves Realtek App.) - [1889.09 Ko] - (5.2.21.0) - C:\Windows\System32\MaxxAudioRealtek264.dll [MD5.CF1FBA842B8F4E9AA8926B0BAC1DE47D] - |A| - [05/06/2014 20:13:23] - (.Copyright © 1996-2014 -.) - [14515.09 Ko] - (4.5.7.0) - C:\Windows\System32\MaxxAudioRealtek64.dll [MD5.E151AAB6C22879648EC0C37422214E08] - |A| - [05/06/2014 20:13:24] - (.Copyright © 1996-2014 -.) - [27679.09 Ko] - (1.7.11.0) - C:\Windows\System32\MaxxAudioVnA64.dll [MD5.587A8CF457604D84266FF858CEB60223] - |A| - [05/06/2014 20:13:30] - (.© Waves Audio Ltd. - MaxxVolumeSD APO.) - [647.25 Ko] - (3.6.0.0) - C:\Windows\System32\MaxxVolumeSDAPO.dll [MD5.00000000000000000000000000000000] - |SD| - [22/08/2013 16:45:10] - [1117.35 Ko] - C:\Windows\System32\Microsoft [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:16] - [4686.5 Ko] - C:\Windows\System32\migration [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:30] - [45353.06 Ko] - C:\Windows\System32\migwiz [MD5.3774B5C0E0BBA8C8EE54DF3606AB815C] - |A| - [22/08/2013 08:53:23] - (.-.) - [1.14 Ko] - (0.0.0.0) - C:\Windows\System32\migwiz.lnk [MD5.00000000000000000000000000000000] - |D| - [24/06/2016 20:23:39] - [0 Ko] - C:\Windows\System32\MRT [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [45.5 Ko] - C:\Windows\System32\MSDRM [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [4244.28 Ko] - C:\Windows\System32\MsDtc [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:30] - [179.08 Ko] - C:\Windows\System32\MUI [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:30] - [29520.69 Ko] - C:\Windows\System32\nb-NO [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [640 Ko] - C:\Windows\System32\NDF [MD5.CD48AD912839B9FB6CCA5D4AA9B37500] - |A| - [22/08/2013 08:58:31] - (.-.) - [21.3 Ko] - (0.0.0.0) - C:\Windows\System32\NetTrace.PLA.Diagnostics.xml [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [51 Ko] - C:\Windows\System32\networklist [MD5.00000000000000000000000000000000] - |D| - [13/03/2014 04:00:43] - [1677 Ko] - C:\Windows\System32\nl [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:30] - [32664.01 Ko] - C:\Windows\System32\nl-NL [MD5.00000000000000000000000000000000] - |D| - [13/03/2014 03:49:12] - [1701 Ko] - C:\Windows\System32\no [MD5.F0F4DA57937F064881F751786244B7AF] - |A| - [26/02/2018 19:51:14] - (.-.) - [0.65 Ko] - (0.0.0.0) - C:\Windows\System32\nv-vk64.json [MD5.BED94E70C10EFF09AEF94D18CA7FF7F7] - |A| - [26/02/2018 19:53:33] - (.-.) - [7924.04 Ko] - (0.0.0.0) - C:\Windows\System32\nvcoproc.bin [MD5.1BAA5246AF741F83B5130C001BEE9DB0] - |A| - [26/02/2018 19:51:18] - (.-.) - [44.44 Ko] - (0.0.0.0) - C:\Windows\System32\nvinfo.pb [MD5.F746E5DDC489931AD269ECFFA4A39815] - |A| - [22/08/2013 17:36:38] - (.-.) - [8.5 Ko] - (0.0.0.0) - C:\Windows\System32\OEMDefaultAssociations.xml [MD5.2901049544FDF863362FABA2363EB647] - |A| - [22/08/2013 08:52:33] - (.-.) - [0.82 Ko] - (0.0.0.0) - C:\Windows\System32\onlinesetup.cmd [MD5.00000000000000000000000000000000] - |AD| - [22/08/2013 15:36:16] - [26717.74 Ko] - C:\Windows\System32\oobe [MD5.CFA04A0DB1B5C901B14333F1AA0172F2] - |A| - [13/03/2014 02:37:24] - (.-.) - [76.03 Ko] - (0.0.0.0) - C:\Windows\System32\perfc006.dat [MD5.99DA24F92E25DE86A4E058A0E7FF0234] - |A| - [13/03/2014 02:45:15] - (.-.) - [153.63 Ko] - (0.0.0.0) - C:\Windows\System32\perfc007.dat [MD5.D94750D125455EBC69918625FA31A856] - |A| - [13/03/2014 02:53:12] - (.-.) - [85.24 Ko] - (0.0.0.0) - C:\Windows\System32\perfc008.dat [MD5.77380CAEA925867F0F8472B21060800F] - |A| - [22/08/2013 17:39:08] - (.-.) - [133.9 Ko] - (0.0.0.0) - C:\Windows\System32\perfc009.dat [MD5.422EECD1D49058712FD6B40F83A60DDE] - |A| - [13/03/2014 03:08:45] - (.-.) - [160.79 Ko] - (0.0.0.0) - C:\Windows\System32\perfc00A.dat [MD5.A6F237FAB8CE8DCF450F1D801ED421A7] - |A| - [13/03/2014 03:17:52] - (.-.) - [78.01 Ko] - (0.0.0.0) - C:\Windows\System32\perfc00B.dat [MD5.843ADCB4543D0EEE83816F36E46C415F] - |A| - [13/03/2014 03:28:01] - (.-.) - [154.27 Ko] - (0.0.0.0) - C:\Windows\System32\perfc00C.dat [MD5.0C3B0B367A22F3450CD027AE6464834B] - |A| - [13/03/2014 03:38:42] - (.-.) - [150.89 Ko] - (0.0.0.0) - C:\Windows\System32\perfc010.dat [MD5.65D85043C55143784C5CD9EB991DF730] - |A| - [13/03/2014 04:01:07] - (.-.) - [156.66 Ko] - (0.0.0.0) - C:\Windows\System32\perfc013.dat [MD5.87624D0AE80F7B0A9A930EE06F1F3B85] - |A| - [13/03/2014 03:49:35] - (.-.) - [73.71 Ko] - (0.0.0.0) - C:\Windows\System32\perfc014.dat [MD5.FBB1B0653E56DCB8109B120C86F1F9E0] - |A| - [13/03/2014 04:24:46] - (.-.) - [146.94 Ko] - (0.0.0.0) - C:\Windows\System32\perfc01D.dat [MD5.C22F153117E42F06DAAB7AE2B891750A] - |A| - [13/03/2014 04:37:35] - (.-.) - [144.94 Ko] - (0.0.0.0) - C:\Windows\System32\perfc01F.dat [MD5.6831F7664EDD6AA11F40E00FB1436A46] - |A| - [13/03/2014 02:37:24] - (.-.) - [40.29 Ko] - (0.0.0.0) - C:\Windows\System32\perfd006.dat [MD5.097391890350D6054526A5A30A488347] - |A| - [13/03/2014 02:45:15] - (.-.) - [39.44 Ko] - (0.0.0.0) - C:\Windows\System32\perfd007.dat [MD5.548DFF953697D725CC52536B7533FB65] - |A| - [13/03/2014 02:53:12] - (.-.) - [46.18 Ko] - (0.0.0.0) - C:\Windows\System32\perfd008.dat [MD5.32BC2E0CC95E2DCEE25B15BFB82D07B8] - |A| - [22/08/2013 17:39:08] - (.-.) - [32.58 Ko] - (0.0.0.0) - C:\Windows\System32\perfd009.dat [MD5.D3047458CBB03174A88865072F00B7F4] - |A| - [13/03/2014 03:08:45] - (.-.) - [42.78 Ko] - (0.0.0.0) - C:\Windows\System32\perfd00A.dat [MD5.61E86D912ED7C2F54F37EA8FE1722232] - |A| - [13/03/2014 03:17:52] - (.-.) - [39.81 Ko] - (0.0.0.0) - C:\Windows\System32\perfd00B.dat [MD5.AA180E09E4990FF71FBEAC8C4455CF47] - |A| - [13/03/2014 03:28:01] - (.-.) - [39.58 Ko] - (0.0.0.0) - C:\Windows\System32\perfd00C.dat [MD5.F10365C194B7CFB952BF4DDC39F624F5] - |A| - [13/03/2014 03:38:42] - (.-.) - [38.85 Ko] - (0.0.0.0) - C:\Windows\System32\perfd010.dat [MD5.88361FF7E914089E7D55A16669A0050D] - |A| - [13/03/2014 04:01:07] - (.-.) - [44.31 Ko] - (0.0.0.0) - C:\Windows\System32\perfd013.dat [MD5.9B0D50628D61DB53561AF670DCE8EAA1] - |A| - [13/03/2014 03:49:35] - (.-.) - [37.37 Ko] - (0.0.0.0) - C:\Windows\System32\perfd014.dat [MD5.C8557658E7AB8B3C2E9FF54C32548051] - |A| - [13/03/2014 04:24:46] - (.-.) - [38.26 Ko] - (0.0.0.0) - C:\Windows\System32\perfd01D.dat [MD5.7213D2C2C95ABD720AA9130555D9138B] - |A| - [13/03/2014 04:37:35] - (.-.) - [38.17 Ko] - (0.0.0.0) - C:\Windows\System32\perfd01F.dat [MD5.E681A0917EB42B2D72549004A1621981] - |A| - [13/03/2014 02:37:24] - (.-.) - [443.14 Ko] - (0.0.0.0) - C:\Windows\System32\perfh006.dat [MD5.E1E29D5FCCA7E3E30D5D0E6B49F679AD] - |A| - [13/03/2014 02:45:15] - (.-.) - [734.17 Ko] - (0.0.0.0) - C:\Windows\System32\perfh007.dat [MD5.4A255726D10870E92E924B1A404AD14F] - |A| - [13/03/2014 02:53:12] - (.-.) - [526.47 Ko] - (0.0.0.0) - C:\Windows\System32\perfh008.dat [MD5.122953CF23BC0370998B5C69EC32F98F] - |A| - [22/08/2013 17:39:08] - (.-.) - [710.08 Ko] - (0.0.0.0) - C:\Windows\System32\perfh009.dat [MD5.3FEBA190D77B807CF4B3634398E7C40E] - |A| - [13/03/2014 03:08:45] - (.-.) - [778.98 Ko] - (0.0.0.0) - C:\Windows\System32\perfh00A.dat [MD5.51D1E7DD7459C1E56432F7E56C5C235D] - |A| - [13/03/2014 03:17:52] - (.-.) - [415.33 Ko] - (0.0.0.0) - C:\Windows\System32\perfh00B.dat [MD5.422CBF461211C8292749624B5E00FAA2] - |A| - [13/03/2014 03:28:01] - (.-.) - [790.42 Ko] - (0.0.0.0) - C:\Windows\System32\perfh00C.dat [MD5.6246D487C9D4E0A8B2559F46A90C1679] - |A| - [13/03/2014 03:38:42] - (.-.) - [772.56 Ko] - (0.0.0.0) - C:\Windows\System32\perfh010.dat [MD5.07D79346E44849FE66C0BD31A92BC635] - |A| - [13/03/2014 04:01:07] - (.-.) - [776.54 Ko] - (0.0.0.0) - C:\Windows\System32\perfh013.dat [MD5.59F06F4560913462D79596A1467B3B41] - |A| - [13/03/2014 03:49:35] - (.-.) - [429.13 Ko] - (0.0.0.0) - C:\Windows\System32\perfh014.dat [MD5.319F8ABBD27385C6027372FF82EF1D07] - |A| - [13/03/2014 04:24:46] - (.-.) - [706.44 Ko] - (0.0.0.0) - C:\Windows\System32\perfh01D.dat [MD5.3C594DE9E0B6A60C02F4B43849E62489] - |A| - [13/03/2014 04:37:35] - (.-.) - [697.07 Ko] - (0.0.0.0) - C:\Windows\System32\perfh01F.dat [MD5.2ECBCBA870D82C3769A0478504821F5D] - |A| - [05/06/2014 20:12:41] - (.-.) - [11341.37 Ko] - (0.0.0.0) - C:\Windows\System32\PerfStringBackup.INI [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [281.5 Ko] - C:\Windows\System32\pl-PL [MD5.B6E85ED39D19E5389C9D0AC5073F1C06] - |A| - [13/03/2014 05:05:54] - (.-.) - [130.82 Ko] - (0.0.0.0) - C:\Windows\System32\prfc0404.dat [MD5.B6E85ED39D19E5389C9D0AC5073F1C06] - |A| - [13/03/2014 04:51:20] - (.-.) - [130.82 Ko] - (0.0.0.0) - C:\Windows\System32\prfc0804.dat [MD5.B6D7F7AC5D80DE5ADB110FD533413259] - |A| - [13/03/2014 04:12:45] - (.-.) - [158.46 Ko] - (0.0.0.0) - C:\Windows\System32\prfc0816.dat [MD5.32BC2E0CC95E2DCEE25B15BFB82D07B8] - |A| - [13/03/2014 05:05:54] - (.-.) - [32.58 Ko] - (0.0.0.0) - C:\Windows\System32\prfd0404.dat [MD5.32BC2E0CC95E2DCEE25B15BFB82D07B8] - |A| - [13/03/2014 04:51:20] - (.-.) - [32.58 Ko] - (0.0.0.0) - C:\Windows\System32\prfd0804.dat [MD5.5EFA290050FB182E8D5801F0DB1AAC2B] - |A| - [13/03/2014 04:12:45] - (.-.) - [41.64 Ko] - (0.0.0.0) - C:\Windows\System32\prfd0816.dat [MD5.47B18233989496BAF1E2AE729125073A] - |A| - [13/03/2014 05:05:54] - (.-.) - [441.21 Ko] - (0.0.0.0) - C:\Windows\System32\prfh0404.dat [MD5.7F5AB58CA9172005927B1B1BD1C5127A] - |A| - [13/03/2014 04:51:20] - (.-.) - [427.33 Ko] - (0.0.0.0) - C:\Windows\System32\prfh0804.dat [MD5.92742266265DD82347FC0CCF5BFB12B6] - |A| - [13/03/2014 04:12:45] - (.-.) - [768.32 Ko] - (0.0.0.0) - C:\Windows\System32\prfh0816.dat [MD5.5DDC3C338F6130DCBAB768595F9F6BA5] - |A| - [13/03/2014 05:05:54] - (.-.) - [116.86 Ko] - (0.0.0.0) - C:\Windows\System32\prfi0404.dat [MD5.D3DA7DA1F2C40DCD81F94906F76DE33F] - |A| - [13/03/2014 04:51:20] - (.-.) - [110.43 Ko] - (0.0.0.0) - C:\Windows\System32\prfi0804.dat [MD5.2CE3CE80B5A54C4961A8E1BE910A9D64] - |A| - [13/03/2014 04:12:45] - (.-.) - [333.11 Ko] - (0.0.0.0) - C:\Windows\System32\prfi0816.dat [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:09:50] - [6232.99 Ko] - C:\Windows\System32\Printing_Admin_Scripts [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [0 Ko] - C:\Windows\System32\ProximityToast [MD5.007893E8374C766471239EB291BA8C17] - |A| - [22/08/2013 11:17:09] - (.-.) - [4.05 Ko] - (0.0.0.0) - C:\Windows\System32\psmodulediscoveryprovider.mof [MD5.00000000000000000000000000000000] - |D| - [13/03/2014 04:12:21] - [1704 Ko] - C:\Windows\System32\pt [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:30] - [277.5 Ko] - C:\Windows\System32\pt-BR [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [32794.79 Ko] - C:\Windows\System32\pt-PT [MD5.7CF76807A5E57D1BDDF351739F494E17] - |A| - [13/04/2017 05:48:28] - (.©2012 Dolby Laboratories. - Dolby PCEE4 ASL Analog x64.) - [131.05 Ko] - (7.2.8000.17) - C:\Windows\System32\R4EEA64A.dll [MD5.B5913812BBD03F177484E5A88011204F] - |A| - [13/04/2017 05:48:30] - (.©2012 Dolby Laboratories. - Dolby PCEE4 COM DLL x64.) - [437.22 Ko] - (7.2.8000.17) - C:\Windows\System32\R4EED64A.dll [MD5.325C34CE7D9E30439356F70C5AF07BB9] - |A| - [13/04/2017 05:48:30] - (.©2012 Dolby Laboratories. - Dolby PCEE4 GFX APO x64.) - [82.63 Ko] - (7.2.8000.17) - C:\Windows\System32\R4EEG64A.dll [MD5.B96BC218F6E4CB902B122EBD43060251] - |A| - [13/04/2017 05:48:36] - (.©2012 Dolby Laboratories. - Dolby PCEE4 LFX APO x64.) - [148.23 Ko] - (7.2.8000.17) - C:\Windows\System32\R4EEL64A.dll [MD5.DFB4FF008A9E4F67890EDBDD892C4968] - |A| - [13/04/2017 05:48:08] - (.©2012 Dolby Laboratories. - Dolby PCEE4 Control Panel x64.) - [7004.8 Ko] - (7.2.8000.17) - C:\Windows\System32\R4EEP64A.dll [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [23.75 Ko] - C:\Windows\System32\ras [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [0 Ko] - C:\Windows\System32\RasToast [MD5.A0A45C8542B975EB513031315C90444C] - |A| - [11/09/2014 02:27:11] - (.-.) - [34.39 Ko] - (0.0.0.0) - C:\Windows\System32\rlt8723a_chip_bt40_fw_asic_rom_patch.dll [MD5.26EE2BE0A8F46597809BF4351ACCF2D4] - |A| - [13/04/2017 05:48:40] - (.© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DAA Control Panel x64.) - [314.17 Ko] - (6.0.6001.18) - C:\Windows\System32\RP3DAA64.dll [MD5.A8DEDE2DDF7618B11A6CD6605999E88E] - |A| - [13/04/2017 05:48:44] - (.© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DHT Control Panel x64.) - [314.16 Ko] - (6.0.6001.18) - C:\Windows\System32\RP3DHT64.dll [MD5.1131851157319A1CE4CC997AD40948F3] - |A| - [13/04/2017 05:48:58] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 COM DLL x64.) - [209.8 Ko] - (6.1.6001.33) - C:\Windows\System32\RTEED64A.dll [MD5.E64F1708E0B84199985C4D18C196D17E] - |A| - [13/04/2017 05:48:58] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 GFX APO x64.) - [86.27 Ko] - (6.1.6001.33) - C:\Windows\System32\RTEEG64A.dll [MD5.3F8F28300781BC9A1649FC4E77D6F226] - |A| - [13/04/2017 05:49:00] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 LFX APO x64.) - [108.38 Ko] - (6.1.6001.33) - C:\Windows\System32\RTEEL64A.dll [MD5.9BCC51F13191DD1F0DC940222E541D0C] - |A| - [13/04/2017 05:49:02] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 Control Panel x64.) - [378.23 Ko] - (6.1.6001.33) - C:\Windows\System32\RTEEP64A.dll [MD5.4C37BCCBC1CB33F53A6F58FD6D0336E9] - |A| - [11/09/2014 02:27:11] - (.-.) - [6.59 Ko] - (0.0.0.0) - C:\Windows\System32\rtl8723b_chip_bt40_fw_asic_rom_patch.dll [MD5.C2604F15D5FC0392F94373BF292AB165] - |A| - [11/09/2014 02:27:11] - (.-.) - [37.41 Ko] - (0.0.0.0) - C:\Windows\System32\rtl8723b_mp_chip_bt40_fw_asic_rom_patch_new.dll [MD5.1908F6DBD56F3C6DC4D6FBC00B28E6E3] - |A| - [11/09/2014 02:27:11] - (.-.) - [48.19 Ko] - (0.0.0.0) - C:\Windows\System32\rtl8761a_bcut_bt40_fw_asic_rom_patch_new.dll [MD5.1908F6DBD56F3C6DC4D6FBC00B28E6E3] - |A| - [11/09/2014 02:27:11] - (.-.) - [48.19 Ko] - (0.0.0.0) - C:\Windows\System32\rtl8761a_mp_chip_bt40_fw_asic_rom_patch_8192ee_new.dll [MD5.4167580869186D1D5C92B82F42F30003] - |A| - [11/09/2014 02:27:11] - (.-.) - [46.43 Ko] - (0.0.0.0) - C:\Windows\System32\rtl8761a_mp_chip_bt40_fw_asic_rom_patch_8192eu_new.dll [MD5.1E007BD8989D21F5E60F82EBD0C784FD] - |A| - [11/09/2014 02:27:11] - (.-.) - [48.23 Ko] - (0.0.0.0) - C:\Windows\System32\rtl8761a_mp_chip_bt40_fw_asic_rom_patch_8812ae_new.dll [MD5.54B58DFDAFAA9C1E56E6271F4D411E2C] - |A| - [11/09/2014 02:27:11] - (.-.) - [46.08 Ko] - (0.0.0.0) - C:\Windows\System32\rtl8761a_mp_chip_bt40_fw_asic_rom_patch_new.dll [MD5.F93F1B751899C2F0B4C312ED85F95023] - |A| - [11/09/2014 02:27:11] - (.-.) - [27.22 Ko] - (0.0.0.0) - C:\Windows\System32\rtl8821a_mp_chip_bt40_fw_asic_rom_patch_new.dll [MD5.5C18CD22BE4628865FCB63337A6E5EF6] - |A| - [22/08/2013 12:54:19] - (.-.) - [10.18 Ko] - (0.0.0.0) - C:\Windows\System32\ScavengeSpace.xml [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:30] - [6.92 Ko] - C:\Windows\System32\SecureBootUpdates [MD5.A8308D2F3DDE0745E8B678BF69A2ECD0] - |A| - [22/08/2013 08:55:37] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\System32\settings.dat [MD5.00B64F21848662D18A18E89E052D9877] - |A| - [13/04/2017 05:49:30] - (.Copyright (c) 2006-2011 Synopsys, Inc. All Rights Reserved - SFAPO.DLL.) - [86.24 Ko] - (3.0.0.16) - C:\Windows\System32\SFAPO64.dll [MD5.EDAA0168475A780139B427463592A90A] - |A| - [13/04/2017 05:49:34] - (.Copyright (c) 2006-2011 Synopsys, Inc. All Rights Reserved - SFCOM.DLL.) - [88.78 Ko] - (3.0.0.16) - C:\Windows\System32\SFCOM64.dll [MD5.D90A838D4585123298D014B79A33D800] - |A| - [13/04/2017 05:49:44] - (.Copyright (c) 2006-2011 Synopsys, Inc. All Rights Reserved - SFNHK.DLL.) - [226.48 Ko] - (3.0.0.16) - C:\Windows\System32\SFNHK64.dll [MD5.A1BFB666F2FD085567FD7F10AA9EE0EB] - |A| - [10/09/2017 15:33:33] - (.-.) - [15 Ko] - (0.0.0.0) - C:\Windows\System32\SppExtComObjHook.dll [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [23.63 Ko] - C:\Windows\System32\sppui [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [224.5 Ko] - C:\Windows\System32\sr-Latn-CS [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [225.5 Ko] - C:\Windows\System32\sr-Latn-RS [MD5.B7CC32E00C5C5152D221DF182827F58E] - |A| - [24/06/2016 14:22:25] - (.-.) - [49.56 Ko] - (0.0.0.0) - C:\Windows\System32\srms.dat [MD5.334EBF0BF553386B95D5491928305F89] - |A| - [13/04/2017 05:50:54] - (.(c) 2007 SRS Labs, Inc. - COM object implementing SRS Headphone 360.) - [204.62 Ko] - (1.1.0.0) - C:\Windows\System32\SRSHP64.dll [MD5.AF7812D602D341582FE7BA607250D22E] - |A| - [13/04/2017 05:50:56] - (.Copyright (c) 2006 SRS Labs, Inc.. - TruSurround HD and HD4 COM object for Windows.) - [216.76 Ko] - (1.1.4.0) - C:\Windows\System32\SRSTSH64.dll [MD5.29EFED1F2D36C97D03B73B01D1E85FE6] - |A| - [13/04/2017 05:50:58] - (.Copyright 2002 SRS Labs, Inc. - TruSurroundXT Module.) - [519.9 Ko] - (3.2.0.0) - C:\Windows\System32\SRSTSX64.dll [MD5.7945CA1A5363E50719EE11E33954D601] - |A| - [13/04/2017 05:51:02] - (.(c) 2006 SRS Labs, Inc. - WOW HD COM object for Windows.) - [162.3 Ko] - (1.1.3.0) - C:\Windows\System32\SRSWOW64.dll [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:30] - [19528 Ko] - C:\Windows\System32\sru [MD5.1A8273A1327E9AD0492ED097E8912B72] - |A| - [18/01/2014 18:12:06] - (.Copyright (C) 2009-2014, Ivo Beltchev - Start Menu Helper Extension.) - [277.19 Ko] - (4.0.4.0) - C:\Windows\System32\StartMenuHelper64.dll [MD5.B59958CD06C9F89C39281FB12F1BB233] - |A| - [22/08/2013 08:57:09] - (.-.) - [513.74 Ko] - (0.0.0.0) - C:\Windows\System32\staticurllist.bin [MD5.00000000000000000000000000000000] - |D| - [13/03/2014 04:24:22] - [1690.5 Ko] - C:\Windows\System32\sv [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [29800.42 Ko] - C:\Windows\System32\sv-SE [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:16] - [2850.06 Ko] - C:\Windows\System32\Sysprep [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:30] - [1182.49 Ko] - C:\Windows\System32\SystemResetPlatform [MD5.FFFCC3C3ED6886A95D3C0E1B49C652BA] - |A| - [13/03/2014 05:57:37] - (.-.) - [136.33 Ko] - (0.0.0.0) - C:\Windows\System32\systemsf.ebd [MD5.D602CA245CC6774A0981B607F0675609] - |A| - [22/08/2013 08:56:03] - (.-.) - [58.71 Ko] - (0.0.0.0) - C:\Windows\System32\tcpmon.ini [MD5.60CE51972E0A06217C52202F7208EB9A] - |A| - [22/08/2013 12:18:00] - (.-.) - [0.43 Ko] - (0.0.0.0) - C:\Windows\System32\TelemetrySampleManifest.xml [MD5.359619622BD8F101E1FCDA48597AE67A] - |A| - [13/07/2016 21:53:40] - (.nobody - IME Injector http://github.com/dwendt/UniversalInject.) - [52.5 Ko] - (1.0.0.1) - C:\Windows\System32\UInject.ime [MD5.4EB6B47AE6D6A6D50862FC9E07B7E4D2] - |A| - [13/07/2016 21:53:40] - (.-.) - [8.5 Ko] - (0.0.0.0) - C:\Windows\System32\UInject.tmp [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [221.5 Ko] - C:\Windows\System32\uk-UA [MD5.4E8F2BB3A5A87E75C35533723B50E685] - |A| - [04/12/2016 14:21:10] - (.-.) - [0.38 Ko] - (0.0.0.0) - C:\Windows\System32\user_gensett.xml [MD5.5450A69087D2F6955A253CB2BF86503C] - |A| - [09/12/2017 00:24:44] - (.Copyright (C) 2015-2017 - Vulkan Loader.) - [906.8 Ko] - (1.0.65.1) - C:\Windows\System32\vulkan-1-1-0-65-1.dll [MD5.5450A69087D2F6955A253CB2BF86503C] - |A| - [05/04/2018 11:02:25] - (.Copyright (C) 2015-2017 - Vulkan Loader.) - [906.8 Ko] - (1.0.65.1) - C:\Windows\System32\vulkan-1.dll [MD5.95253BF8F996BEA19BFA974F61277E87] - |A| - [09/12/2017 00:24:32] - (.-.) - [577.8 Ko] - (0.0.0.0) - C:\Windows\System32\vulkaninfo-1-1-0-65-1.exe [MD5.95253BF8F996BEA19BFA974F61277E87] - |A| - [05/04/2018 11:02:26] - (.-.) - [577.8 Ko] - (0.0.0.0) - C:\Windows\System32\vulkaninfo.exe [MD5.D5DBBF94106B931112FBFB19A1351506] - |A| - [05/06/2014 20:13:45] - (.Copyright © 1996-2012 - General Library for Plug-Ins.) - [2052.59 Ko] - (4.4.5.0) - C:\Windows\System32\WavesGUILib64.dll [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:16] - [302102.35 Ko] - C:\Windows\System32\wbem [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:09:50] - [0 Ko] - C:\Windows\System32\WCN [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [123053.14 Ko] - C:\Windows\System32\wdi [MD5.6EDD021A8B6457DDE09DE7B7FA4E8C8B] - |A| - [22/08/2013 10:29:44] - (.-.) - [0.6 Ko] - (0.0.0.0) - C:\Windows\System32\WdsUnattendTemplate.xml [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:30] - [128 Ko] - C:\Windows\System32\wfp [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:30] - [0 Ko] - C:\Windows\System32\WinBioDatabase [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [46 Ko] - C:\Windows\System32\WinBioPlugIns [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [14.53 Ko] - C:\Windows\System32\WindowsInternal.Inbox.Media.Shared [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [27.59 Ko] - C:\Windows\System32\WindowsInternal.Inbox.Shared [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [10305.72 Ko] - C:\Windows\System32\WindowsPowerShell [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [177928 Ko] - C:\Windows\System32\winevt [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [1928.5 Ko] - C:\Windows\System32\WinMetadata [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:09:51] - [1514.14 Ko] - C:\Windows\System32\winrm [MD5.F1DF7849450DBC5D5C3A464E8A791C8C] - |A| - [22/08/2013 08:57:09] - (.-.) - [1485.18 Ko] - (0.0.0.0) - C:\Windows\System32\WpcNBModel.bin [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [23243.48 Ko] - C:\Windows\System32\zh-CN [MD5.00000000000000000000000000000000] - |D| - [13/03/2014 04:50:56] - [1657.5 Ko] - C:\Windows\System32\zh-HANS [MD5.00000000000000000000000000000000] - |D| - [13/03/2014 05:05:29] - [1673 Ko] - C:\Windows\System32\zh-HANT [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:30] - [186 Ko] - C:\Windows\System32\zh-HK [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [22884.55 Ko] - C:\Windows\System32\zh-TW [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:09:52] - [0 Ko] - C:\Windows\SysWOW64\0409 [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:16] - [2228.5 Ko] - C:\Windows\SysWOW64\AdvancedInstallers [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [0 Ko] - C:\Windows\SysWOW64\AppLocker [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [237 Ko] - C:\Windows\SysWOW64\ar-SA [MD5.8128B54EAA48F9C06B19A86C87752996] - |RA| - [05/06/2014 20:34:44] - (.Copyright (C) 2010 - AsIO DLL.) - [28 Ko] - (1.0.0.4) - C:\Windows\SysWOW64\AsIO.dll [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [209.5 Ko] - C:\Windows\SysWOW64\bg-BG [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [0.93 Ko] - C:\Windows\SysWOW64\Bthprops [MD5.0032E60BA03FBBEF8779E8724AE7CE41] - |R| - [01/01/2018 19:00:39] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\camera.ini [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [0 Ko] - C:\Windows\SysWOW64\catroot [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [372 Ko] - C:\Windows\SysWOW64\Com [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:16] - [2519.95 Ko] - C:\Windows\SysWOW64\config [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [254.5 Ko] - C:\Windows\SysWOW64\cs-CZ [MD5.00000000000000000000000000000000] - |D| - [13/03/2014 02:36:50] - [1653 Ko] - C:\Windows\SysWOW64\da [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [26526.9 Ko] - C:\Windows\SysWOW64\da-DK [MD5.00000000000000000000000000000000] - |D| - [13/03/2014 02:44:38] - [1650 Ko] - C:\Windows\SysWOW64\de [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [34974.16 Ko] - C:\Windows\SysWOW64\de-DE [MD5.00000000000000000000000000000000] - |D| - [26/06/2016 11:23:06] - [0 Ko] - C:\Windows\SysWOW64\directx [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:16] - [6150.17 Ko] - C:\Windows\SysWOW64\Dism [MD5.5F0291F743A717E5E90D5FCAA65F323B] - |A| - [10/07/2012 11:43:08] - (.© PoINT Software & Systems GmbH 1994-2012 - API of PoINT CD/DVD Audio/Video SDK.) - [741.38 Ko] - (11.0.0.226) - C:\Windows\SysWOW64\DLLAV32.dll [MD5.B28BCDE12EF536157B0836F0E35BF0EE] - |A| - [10/07/2012 11:43:08] - (.© PoINT Software & Systems GmbH 1994-2012 - PoINT Shared DLL.) - [153.38 Ko] - (4.0.0.167) - C:\Windows\SysWOW64\DLLCPY32.dll [MD5.46805CB8BCBB94C6AF09F2EB63D2F4E4] - |A| - [10/07/2012 11:43:08] - (.© PoINT Software & Systems GmbH 1994-2012 - PoINT Shared DLL.) - [221.38 Ko] - (4.0.0.306) - C:\Windows\SysWOW64\DLLDEV32.dll [MD5.A0193025F23F4509C561D3358F4A149F] - |A| - [27/04/2007 10:43:58] - (.-.) - [117.38 Ko] - (3.7.0.12) - C:\Windows\SysWOW64\DLLDEV32i.dll [MD5.2E7B44A102611318AC9A6627A4A2FBF4] - |A| - [10/07/2012 11:43:06] - (.© PoINT Software & Systems GmbH 1994-2012 - PoINT Shared DLL.) - [213.38 Ko] - (4.0.0.393) - C:\Windows\SysWOW64\DLLDRV32.dll [MD5.75D9D1AF69F397737150089723EDFA7A] - |A| - [10/07/2012 11:43:06] - (.© PoINT Software & Systems GmbH 1994-2012 - PoINT Shared DLL.) - [97.38 Ko] - (3.1.0.109) - C:\Windows\SysWOW64\DLLIO32.dll [MD5.D621B9F4C9F0647BFBCE84D7C0F68E27] - |A| - [10/07/2012 11:43:06] - (.Copyright © PoINT Software & Systems GmbH 1994-2012 - PoINT Shared DLL.) - [81.38 Ko] - (3.3.0.59) - C:\Windows\SysWOW64\DLLPNT32.dll [MD5.FAC8907FE85FB1C43E6E81D45D507278] - |A| - [10/07/2012 11:43:06] - (.© PoINT Software & Systems GmbH 1994-2010 - PoINT Shared DLL.) - [93.38 Ko] - (3.1.0.40) - C:\Windows\SysWOW64\DLLPRF32.dll [MD5.C77A763D688D9D4C25D4D899F5491CBD] - |A| - [10/07/2012 11:43:04] - (.PoINT Software & Systems GmbH 1994-2012 - PoINT Shared DLL.) - [297.38 Ko] - (3.3.0.217) - C:\Windows\SysWOW64\DLLRES32.dll [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:16] - [327.5 Ko] - C:\Windows\SysWOW64\downlevel [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:16] - [6572.32 Ko] - C:\Windows\SysWOW64\drivers [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [0 Ko] - C:\Windows\SysWOW64\DriverStore [MD5.00000000000000000000000000000000] - |D| - [13/03/2014 02:52:48] - [1708.5 Ko] - C:\Windows\SysWOW64\el [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [30736.01 Ko] - C:\Windows\SysWOW64\el-GR [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:09:52] - [1653.5 Ko] - C:\Windows\SysWOW64\en [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [13950.5 Ko] - C:\Windows\SysWOW64\en-GB [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [31485.61 Ko] - C:\Windows\SysWOW64\en-US [MD5.00000000000000000000000000000000] - |D| - [13/03/2014 03:08:23] - [1663 Ko] - C:\Windows\SysWOW64\es [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [34459.21 Ko] - C:\Windows\SysWOW64\es-ES [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [196.5 Ko] - C:\Windows\SysWOW64\et-EE [MD5.C600E13E04029C761993A0AAA0E7B6C7] - |R| - [01/01/2018 19:00:38] - (.-.) - [76 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\face.ax [MD5.00000000000000000000000000000000] - |D| - [13/03/2014 03:17:29] - [1658 Ko] - C:\Windows\SysWOW64\fi [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [26242.51 Ko] - C:\Windows\SysWOW64\fi-FI [MD5.00000000000000000000000000000000] - |D| - [13/03/2014 03:27:36] - [1686 Ko] - C:\Windows\SysWOW64\fr [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [35189.13 Ko] - C:\Windows\SysWOW64\fr-FR [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [0 Ko] - C:\Windows\SysWOW64\FxsTmp [MD5.D474B25D37968604B4D9AEA01628C32E] - |A| - [29/07/2016 00:35:25] - (.Copyright ? 2000-2011 INCA Internet - nProtect Game Monitor Rev 2390.) - [4260.41 Ko] - (2016.2.25.1) - C:\Windows\SysWOW64\GameMon.des [MD5.265C2677A97C28541E8480B1CBE089A1] - |A| - [11/09/2014 02:31:49] - (.-.) - [11.44 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\Gms.log [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [0.01 Ko] - C:\Windows\SysWOW64\GroupPolicy [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [0 Ko] - C:\Windows\SysWOW64\GroupPolicyUsers [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [226 Ko] - C:\Windows\SysWOW64\he-IL [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [204.5 Ko] - C:\Windows\SysWOW64\hr-HR [MD5.F899139DF5E1059396431415E770C6DD] - |A| - [04/12/2016 13:52:08] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\HRUPPROG.TXT [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [257 Ko] - C:\Windows\SysWOW64\hu-HU [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [36.27 Ko] - C:\Windows\SysWOW64\icsxml [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [18874.17 Ko] - C:\Windows\SysWOW64\IME [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [0 Ko] - C:\Windows\SysWOW64\inetsrv [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [184 Ko] - C:\Windows\SysWOW64\InputMethod [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [1160 Ko] - C:\Windows\SysWOW64\InstallShield [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [0 Ko] - C:\Windows\SysWOW64\Ipmi [MD5.EDD400CC92C6D43F98D3D3AFC97C2559] - |A| - [11/09/2014 02:26:36] - (.-.) - [440.5 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\ISSRemoveSP.exe [MD5.00000000000000000000000000000000] - |D| - [13/03/2014 03:38:19] - [1652.5 Ko] - C:\Windows\SysWOW64\it [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [33222.96 Ko] - C:\Windows\SysWOW64\it-IT [MD5.EE3043C17751C763E26D03F6EEBB1B8B] - |A| - [26/06/2016 17:49:15] - (.-.) - [164 Ko] - (5.1.4.0) - C:\Windows\SysWOW64\lua5.1.dll [MD5.C6F4741087716159BC48C9800AAA19DA] - |A| - [26/06/2016 17:49:16] - (.-.) - [247.11 Ko] - (5.2.1.0) - C:\Windows\SysWOW64\lua52.dll [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [202.5 Ko] - C:\Windows\SysWOW64\lv-LV [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [30933.67 Ko] - C:\Windows\SysWOW64\Macromed [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:16] - [3106.5 Ko] - C:\Windows\SysWOW64\migration [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [789 Ko] - C:\Windows\SysWOW64\migwiz [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [45.5 Ko] - C:\Windows\SysWOW64\MSDRM [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [52.28 Ko] - C:\Windows\SysWOW64\MsDtc [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [179.08 Ko] - C:\Windows\SysWOW64\MUI [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [25927.51 Ko] - C:\Windows\SysWOW64\nb-NO [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [0 Ko] - C:\Windows\SysWOW64\NDF [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [51 Ko] - C:\Windows\SysWOW64\networklist [MD5.00000000000000000000000000000000] - |D| - [13/03/2014 04:00:43] - [1652 Ko] - C:\Windows\SysWOW64\nl [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [28838.82 Ko] - C:\Windows\SysWOW64\nl-NL [MD5.00000000000000000000000000000000] - |D| - [13/03/2014 03:49:12] - [1677.5 Ko] - C:\Windows\SysWOW64\no [MD5.FB820C142B89F3037B8BEE0968B0276B] - |A| - [29/07/2016 00:35:07] - (.-.) - [5.05 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\nppt9x.vxd [MD5.9131FE60ADFAB595C8DA53AD6A06AA31] - |A| - [29/07/2016 00:35:07] - (.Copyright ? 2000-2005 INCA Internet - nProtect NPSC Kernel Mode Driver for NT.) - [4.57 Ko] - (2005.1.5.1) - C:\Windows\SysWOW64\npptNT2.sys [MD5.086279344068D7029717526620409786] - |A| - [26/02/2018 19:51:14] - (.-.) - [0.65 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\nv-vk32.json [MD5.67A82E77A8A220045DED02D2886727E3] - |A| - [11/09/2014 02:24:12] - (.-.) - [11524.46 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\PerfStringBackup.INI [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [261.5 Ko] - C:\Windows\SysWOW64\pl-PL [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:09:51] - [6232.99 Ko] - C:\Windows\SysWOW64\Printing_Admin_Scripts [MD5.00000000000000000000000000000000] - |D| - [13/03/2014 04:12:22] - [1679 Ko] - C:\Windows\SysWOW64\pt [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [258.5 Ko] - C:\Windows\SysWOW64\pt-BR [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [28943.1 Ko] - C:\Windows\SysWOW64\pt-PT [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [23.75 Ko] - C:\Windows\SysWOW64\ras [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [0 Ko] - C:\Windows\SysWOW64\RasToast [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [0.76 Ko] - C:\Windows\SysWOW64\Recovery [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [0 Ko] - C:\Windows\SysWOW64\restore [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [206.5 Ko] - C:\Windows\SysWOW64\ro-RO [MD5.00000000000000000000000000000000] - |D| - [05/06/2014 20:26:02] - [4529.09 Ko] - C:\Windows\SysWOW64\RTCOM [MD5.73B0CE289F75A103DFA3F5CDC9513970] - |A| - [11/09/2014 02:31:21] - (.-.) - [0.09 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\setup.log [MD5.D89190BEDE191ACEFA833CC0FA0DA3C5] - |A| - [10/07/2012 11:43:04] - (.© PoINT Software & Systems GmbH 1994-2012 - PoINT Shared DLL.) - [69.38 Ko] - (3.0.0.24) - C:\Windows\SysWOW64\STRING32.dll [MD5.00000000000000000000000000000000] - |D| - [13/03/2014 04:24:22] - [1667 Ko] - C:\Windows\SysWOW64\sv [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [26183.23 Ko] - C:\Windows\SysWOW64\sv-SE [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:09:52] - [0 Ko] - C:\Windows\SysWOW64\sysprep [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [0 Ko] - C:\Windows\SysWOW64\Tasks [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [193 Ko] - C:\Windows\SysWOW64\th-TH [MD5.00000000000000000000000000000000] - |D| - [13/03/2014 04:37:12] - [1640.5 Ko] - C:\Windows\SysWOW64\tr [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [26901.7 Ko] - C:\Windows\SysWOW64\tr-TR [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [203 Ko] - C:\Windows\SysWOW64\uk-UA [MD5.ECAD282D3035068CFB021D159C91B514] - |A| - [09/12/2017 00:25:12] - (.Copyright (C) 2015-2017 - Vulkan Loader.) - [779.8 Ko] - (1.0.65.1) - C:\Windows\SysWOW64\vulkan-1-1-0-65-1.dll [MD5.ECAD282D3035068CFB021D159C91B514] - |A| - [05/04/2018 11:02:26] - (.Copyright (C) 2015-2017 - Vulkan Loader.) - [779.8 Ko] - (1.0.65.1) - C:\Windows\SysWOW64\vulkan-1.dll [MD5.35065D5FFEFB6886F77AA6A7E5DF901B] - |A| - [09/12/2017 00:25:00] - (.-.) - [479.3 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\vulkaninfo-1-1-0-65-1.exe [MD5.35065D5FFEFB6886F77AA6A7E5DF901B] - |A| - [05/04/2018 11:02:26] - (.-.) - [479.3 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\vulkaninfo.exe [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:16] - [51886.57 Ko] - C:\Windows\SysWOW64\wbem [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:09:52] - [0 Ko] - C:\Windows\SysWOW64\WCN [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [158.1 Ko] - C:\Windows\SysWOW64\wdi [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [7841.96 Ko] - C:\Windows\SysWOW64\WindowsPowerShell [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [1928.5 Ko] - C:\Windows\SysWOW64\WinMetadata [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:09:52] - [1514.14 Ko] - C:\Windows\SysWOW64\winrm [MD5.00000000000000000000000000000000] - |D| - [13/03/2014 02:36:50] - [140.19 Ko] - C:\Windows\SysWOW64\XPSViewer [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [20415.79 Ko] - C:\Windows\SysWOW64\zh-CN [MD5.00000000000000000000000000000000] - |D| - [13/03/2014 04:50:56] - [1634.5 Ko] - C:\Windows\SysWOW64\zh-HANS [MD5.00000000000000000000000000000000] - |D| - [13/03/2014 05:05:29] - [1649.5 Ko] - C:\Windows\SysWOW64\zh-HANT [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [176 Ko] - C:\Windows\SysWOW64\zh-HK [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [20027.85 Ko] - C:\Windows\SysWOW64\zh-TW ---------- | Shell Folders [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] "!Do not use this registry key"=Use the SHGetFolderPath or SHGetKnownFolderPath function instead "AppData"=C:\Users\Julien\AppData\Roaming [24/06/2016 13:19:53] "Local AppData"=C:\Users\Julien\AppData\Local [24/06/2016 13:19:53] "My Video"=C:\Users\Julien\Videos [24/06/2016 13:19:53] "{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"=C:\Users\Julien\AppData\Roaming\Microsoft\Windows\Libraries [24/06/2016 13:21:44] "My Pictures"=C:\Users\Julien\Pictures [24/06/2016 13:19:53] "Desktop"=C:\Users\Julien\Desktop [24/06/2016 13:19:53] "History"=C:\Users\Julien\AppData\Local\Microsoft\Windows\History [24/06/2016 13:19:53] "NetHood"=C:\Users\Julien\AppData\Roaming\Microsoft\Windows\Network Shortcuts [24/06/2016 13:19:53] "{56784854-C6CB-462B-8169-88E350ACB882}"=C:\Users\Julien\Contacts [24/06/2016 13:21:44] "{00BCFC5A-ED94-4E48-96A1-3F6217F21990}"=C:\Users\Julien\AppData\Local\Microsoft\Windows\RoamingTiles [24/06/2016 13:21:27] "Cookies"=C:\Users\Julien\AppData\Local\Microsoft\Windows\INetCookies [24/06/2016 13:19:53] "Favorites"=C:\Users\Julien\Favorites [24/06/2016 13:19:53] "SendTo"=C:\Users\Julien\AppData\Roaming\Microsoft\Windows\SendTo [24/06/2016 13:19:53] "Start Menu"=C:\Users\Julien\AppData\Roaming\Microsoft\Windows\Start Menu [24/06/2016 13:19:53] "My Music"=C:\Users\Julien\Music [24/06/2016 13:19:53] "Programs"=C:\Users\Julien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [24/06/2016 13:19:53] "Recent"=C:\Users\Julien\AppData\Roaming\Microsoft\Windows\Recent [24/06/2016 13:19:53] "CD Burning"=C:\Users\Julien\AppData\Local\Microsoft\Windows\Burn\Burn [24/06/2016 13:22:37] "PrintHood"=C:\Users\Julien\AppData\Roaming\Microsoft\Windows\Printer Shortcuts [24/06/2016 13:19:53] "{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}"=C:\Users\Julien\Searches [24/06/2016 13:21:45] "{374DE290-123F-4565-9164-39C4925E467B}"=C:\Users\Julien\Downloads [24/06/2016 13:19:53] "{A520A1A4-1780-4FF6-BD18-167343C5AF16}"=C:\Users\Julien\AppData\LocalLow [24/06/2016 13:19:53] "Startup"=C:\Users\Julien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [24/06/2016 13:21:45] "Administrative Tools"=C:\Users\Julien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [24/06/2016 13:21:45] "Personal"=C:\Users\Julien\Documents [24/06/2016 13:19:53] "{BFB9D5E0-C6A9-404C-B2B2-AE6DB6AF4968}"=C:\Users\Julien\Links [24/06/2016 13:19:53] "Cache"=C:\Users\Julien\AppData\Local\Microsoft\Windows\INetCache [24/06/2016 13:19:53] "Templates"=C:\Users\Julien\AppData\Roaming\Microsoft\Windows\Templates [24/06/2016 13:19:53] "{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}"=C:\Users\Julien\Saved Games [24/06/2016 13:19:53] "Fonts"=C:\Windows\Fonts [22/08/2013 15:36:15] [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders] "Desktop"=%USERPROFILE%\Desktop "Local AppData"=%USERPROFILE%\AppData\Local "Startup"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup "Cookies"=%USERPROFILE%\AppData\Local\Microsoft\Windows\INetCookies "SendTo"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\SendTo "Personal"=%USERPROFILE%\Documents "Recent"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Recent "Favorites"=%USERPROFILE%\Favorites "My Pictures"=%USERPROFILE%\Pictures "Start Menu"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu "NetHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Network Shortcuts "My Music"=%USERPROFILE%\Music "My Video"=%USERPROFILE%\Videos "Cache"=%USERPROFILE%\AppData\Local\Microsoft\Windows\INetCache "Programs"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs "History"=%USERPROFILE%\AppData\Local\Microsoft\Windows\History "{374DE290-123F-4565-9164-39C4925E467B}"=%USERPROFILE%\Downloads "Templates"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Templates "AppData"=%USERPROFILE%\AppData\Roaming "PrintHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Printer Shortcuts "{339719B5-8C47-4894-94C2-D8F77ADD44A6}"=%USERPROFILE%\OneDrive\Images "{767E6811-49CB-4273-87C2-20F355E1085B}"=%USERPROFILE%\OneDrive\Images\Pellicule [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] "OEM Links"=C:\ProgramData\OEM\Links "CommonVideo"=C:\Users\Public\Videos [22/08/2013 17:36:30] "Common Documents"=C:\Users\Public\Documents [22/08/2013 17:36:30] "Common Startup"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [22/08/2013 17:36:30] "Common AppData"=C:\ProgramData [22/08/2013 15:36:15] "CommonPictures"=C:\Users\Public\Pictures [22/08/2013 17:36:30] "Common Desktop"=C:\Users\Public\Desktop [22/08/2013 17:36:30] "CommonMusic"=C:\Users\Public\Music [22/08/2013 17:36:30] "Common Start Menu"=C:\ProgramData\Microsoft\Windows\Start Menu [22/08/2013 17:36:30] "Common Programs"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs [22/08/2013 17:36:30] "Common Templates"=C:\ProgramData\Microsoft\Windows\Templates [22/08/2013 17:36:30] "Common Administrative Tools"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [22/08/2013 17:36:30] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders] "CommonVideo"=%PUBLIC%\Videos "{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"=%PUBLIC%\Downloads "Common Documents"=%PUBLIC%\Documents "Common Startup"=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup "Common AppData"=%ProgramData% "CommonPictures"=%PUBLIC%\Pictures "Common Desktop"=%PUBLIC%\Desktop "CommonMusic"=%PUBLIC%\Music "Common Start Menu"=%ProgramData%\Microsoft\Windows\Start Menu "Common Programs"=%ProgramData%\Microsoft\Windows\Start Menu\Programs "Common Templates"=%ProgramData%\Microsoft\Windows\Templates [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] "OEM Links"=C:\ProgramData\OEM\Links "CommonVideo"=C:\Users\Public\Videos [22/08/2013 17:36:30] "Common Administrative Tools"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [22/08/2013 17:36:30] "Common Documents"=C:\Users\Public\Documents [22/08/2013 17:36:30] "Common Startup"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [22/08/2013 17:36:30] "Common AppData"=C:\ProgramData [22/08/2013 15:36:15] "CommonPictures"=C:\Users\Public\Pictures [22/08/2013 17:36:30] "Common Desktop"=C:\Users\Public\Desktop [22/08/2013 17:36:30] "CommonMusic"=C:\Users\Public\Music [22/08/2013 17:36:30] "Common Start Menu"=C:\ProgramData\Microsoft\Windows\Start Menu [22/08/2013 17:36:30] "Common Programs"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs [22/08/2013 17:36:30] "Common Templates"=C:\ProgramData\Microsoft\Windows\Templates [22/08/2013 17:36:30] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders] "CommonVideo"=%PUBLIC%\Videos "{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"=%PUBLIC%\Downloads "Common Documents"=%PUBLIC%\Documents "Common Startup"=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup "Common AppData"=%ProgramData% "CommonPictures"=%PUBLIC%\Pictures "Common Desktop"=%PUBLIC%\Desktop "CommonMusic"=%PUBLIC%\Music "Common Start Menu"=%ProgramData%\Microsoft\Windows\Start Menu "Common Programs"=%ProgramData%\Microsoft\Windows\Start Menu\Programs "Common Templates"=%ProgramData%\Microsoft\Windows\Templates ---------- | [Julien] [01/02/2018 18:00:38] - |D| - [2448] - C:\Users\Julien\.android [13/12/2017 16:01:56] - |D| - [43358] - C:\Users\Julien\.BigNox [20/02/2017 22:21:00] - |D| - [0] - C:\Users\Julien\.TeamSpeak 3 [26/06/2016 10:54:04] - |D| - [187606] - C:\Users\Julien\.VirtualBox [26/02/2018 19:54:39] - |D| - [0] - C:\Users\Julien\ansel [24/06/2016 13:19:53] - |HD| - [6833129935] - C:\Users\Julien\AppData [24/06/2016 13:19:53] - |SHD| - [0] - C:\Users\Julien\Application Data [24/06/2016 13:21:44] - |RD| - [412] - C:\Users\Julien\Contacts [24/06/2016 13:19:53] - |SHD| - [0] - C:\Users\Julien\Cookies [24/06/2016 13:19:53] - |RD| - [8485030] - C:\Users\Julien\Desktop [24/06/2016 13:19:53] - |RD| - [496694150] - C:\Users\Julien\Documents [24/06/2016 13:19:53] - |RD| - [10339341362] - C:\Users\Julien\Downloads [24/06/2016 13:19:53] - |RD| - [908] - C:\Users\Julien\Favorites [13/02/2018 18:05:37] - |A| - [66] - C:\Users\Julien\inittk.ini [24/06/2016 13:19:53] - |RD| - [2378] - C:\Users\Julien\Links [24/06/2016 13:19:53] - |SHD| - [0] - C:\Users\Julien\Local Settings [24/06/2016 13:19:53] - |SHD| - [0] - C:\Users\Julien\Menu Démarrer [24/06/2016 13:19:53] - |SHD| - [0] - C:\Users\Julien\Mes documents [24/06/2016 13:19:53] - |SHD| - [0] - C:\Users\Julien\Modèles [24/06/2016 13:19:53] - |RD| - [1188804477] - C:\Users\Julien\Music [19/06/2017 17:05:37] - |D| - [0] - C:\Users\Julien\Nox_share [24/06/2016 13:19:53] - |ASH| - [4456448] - C:\Users\Julien\NTUSER.DAT [24/06/2016 13:19:53] - |ASH| - [3153920] - C:\Users\Julien\ntuser.dat.LOG1 [24/06/2016 13:19:53] - |ASH| - [61440] - C:\Users\Julien\ntuser.dat.LOG2 [24/06/2016 13:19:53] - |ASH| - [65536] - C:\Users\Julien\NTUSER.DAT{bbed3e3b-0b41-11e3-8249-d6927d06400b}.TM.blf [24/06/2016 13:19:53] - |ASH| - [524288] - C:\Users\Julien\NTUSER.DAT{bbed3e3b-0b41-11e3-8249-d6927d06400b}.TMContainer00000000000000000001.regtrans-ms [24/06/2016 13:19:53] - |ASH| - [524288] - C:\Users\Julien\NTUSER.DAT{bbed3e3b-0b41-11e3-8249-d6927d06400b}.TMContainer00000000000000000002.regtrans-ms [24/06/2016 13:19:53] - |SH| - [20] - C:\Users\Julien\ntuser.ini [13/02/2018 18:05:06] - |A| - [45] - C:\Users\Julien\nuuid.ini [24/06/2016 13:29:10] - |RADO| - [79846] - C:\Users\Julien\OneDrive [24/06/2016 13:19:53] - |RD| - [3641524] - C:\Users\Julien\Pictures [24/06/2016 13:19:53] - |SHD| - [0] - C:\Users\Julien\Recent [24/06/2016 13:19:53] - |RD| - [327292606] - C:\Users\Julien\Saved Games [24/06/2016 13:21:45] - |RD| - [1879] - C:\Users\Julien\Searches [24/06/2016 13:19:53] - |SHD| - [0] - C:\Users\Julien\SendTo [05/01/2018 23:01:54] - |D| - [49242112] - C:\Users\Julien\Tracing [24/06/2016 13:19:53] - |RD| - [722411552] - C:\Users\Julien\Videos [04/09/2016 21:11:58] - |D| - [14986408721] - C:\Users\Julien\VirtualBox VMs [13/12/2017 16:02:00] - |D| - [26575] - C:\Users\Julien\vmlogs [24/06/2016 13:19:53] - |SHD| - [0] - C:\Users\Julien\Voisinage d'impression [24/06/2016 13:19:53] - |SHD| - [0] - C:\Users\Julien\Voisinage réseau [24/06/2016 13:19:53] - |D| - [4094964279] - C:\Users\Julien\AppData\Local [24/06/2016 13:19:53] - |D| - [4931017] - C:\Users\Julien\AppData\LocalLow [24/06/2016 13:19:53] - |D| - [2733234254] - C:\Users\Julien\AppData\Roaming [04/12/2016 14:21:12] - |A| - [385] - C:\Users\Julien\AppData\Roaminguser_gensett.xml [14/08/2016 15:03:52] - |D| - [12743169] - C:\Users\Julien\AppData\Local\Adobe [17/07/2016 21:05:25] - |D| - [0] - C:\Users\Julien\AppData\Local\Apple [17/07/2016 21:07:31] - |D| - [11884179] - C:\Users\Julien\AppData\Local\Apple Computer [24/06/2016 13:19:53] - |SHD| - [0] - C:\Users\Julien\AppData\Local\Application Data [24/06/2016 13:21:51] - |D| - [9351] - C:\Users\Julien\AppData\Local\ASUS [29/06/2016 15:33:59] - |D| - [939563] - C:\Users\Julien\AppData\Local\BlueStacks [21/04/2018 16:04:54] - |A| - [77541] - C:\Users\Julien\AppData\Local\BTServer.log [18/08/2016 00:08:36] - |D| - [692] - C:\Users\Julien\AppData\Local\Camfrog [26/06/2016 11:20:24] - |D| - [10231238] - C:\Users\Julien\AppData\Local\CEF [29/09/2016 16:18:25] - |D| - [0] - C:\Users\Julien\AppData\Local\CrashDumps [14/03/2018 17:26:24] - |D| - [20974] - C:\Users\Julien\AppData\Local\CrashReportClient [24/06/2016 14:38:46] - |D| - [84936656] - C:\Users\Julien\AppData\Local\Diagnostics [24/06/2016 14:21:30] - |SHD| - [0] - C:\Users\Julien\AppData\Local\EmieSiteList [24/06/2016 14:21:30] - |SHD| - [0] - C:\Users\Julien\AppData\Local\EmieUserList [25/10/2017 20:08:21] - |D| - [23281516] - C:\Users\Julien\AppData\Local\EpicGamesLauncher [25/10/2017 21:20:43] - |D| - [468088099] - C:\Users\Julien\AppData\Local\FortniteGame [23/08/2016 21:21:32] - |D| - [35390027] - C:\Users\Julien\AppData\Local\GMap.NET [26/06/2016 09:57:00] - |D| - [321004101] - C:\Users\Julien\AppData\Local\Google [24/06/2016 13:29:24] - |D| - [71] - C:\Users\Julien\AppData\Local\GWX [25/12/2016 23:12:26] - |D| - [257] - C:\Users\Julien\AppData\Local\HirezLauncherUI [24/06/2016 13:19:53] - |SHD| - [0] - C:\Users\Julien\AppData\Local\Historique [07/12/2016 17:36:33] - |D| - [39436009] - C:\Users\Julien\AppData\Local\Hisuite [08/11/2016 20:52:31] - |D| - [0] - C:\Users\Julien\AppData\Local\http___www.julien-manici [24/06/2016 18:40:38] - |AH| - [61417] - C:\Users\Julien\AppData\Local\IconCache.db [03/03/2017 15:42:33] - |D| - [2841] - C:\Users\Julien\AppData\Local\LegendaryZone [29/06/2016 00:31:26] - |D| - [0] - C:\Users\Julien\AppData\Local\Macromedia [19/02/2018 16:55:59] - |D| - [0] - C:\Users\Julien\AppData\Local\Mega Limited [24/06/2016 13:19:53] - |D| - [442395134] - C:\Users\Julien\AppData\Local\Microsoft [19/06/2017 22:38:59] - |D| - [112] - C:\Users\Julien\AppData\Local\MultiPlayerManager [19/12/2016 16:59:00] - |D| - [819] - C:\Users\Julien\AppData\Local\Nepix_Launcher [21/07/2017 02:08:01] - |D| - [82486681] - C:\Users\Julien\AppData\Local\New Technology Studio [19/06/2017 17:04:25] - |D| - [3721916] - C:\Users\Julien\AppData\Local\Nox [24/06/2016 14:52:44] - |D| - [247335568] - C:\Users\Julien\AppData\Local\NVIDIA [17/09/2016 17:53:09] - |D| - [52666067] - C:\Users\Julien\AppData\Local\NVIDIA Corporation [31/08/2016 00:09:46] - |D| - [84968086] - C:\Users\Julien\AppData\Local\Origin [24/06/2016 13:21:33] - |D| - [28411024] - C:\Users\Julien\AppData\Local\Packages [01/01/2018 23:28:48] - |D| - [26712] - C:\Users\Julien\AppData\Local\Prius [26/06/2016 11:33:01] - |D| - [0] - C:\Users\Julien\AppData\Local\Programs [10/04/2018 22:57:15] - |D| - [6529371] - C:\Users\Julien\AppData\Local\RadicalHeights [21/11/2017 21:53:34] - |A| - [7597] - C:\Users\Julien\AppData\Local\Resmon.ResmonCfg [09/04/2017 09:26:39] - |D| - [13722] - C:\Users\Julien\AppData\Local\Rockstar Games [26/06/2016 11:20:24] - |D| - [1568702440] - C:\Users\Julien\AppData\Local\Spotify [26/06/2016 21:29:56] - |D| - [317127437] - C:\Users\Julien\AppData\Local\Steam [26/06/2016 10:47:26] - |D| - [183663687] - C:\Users\Julien\AppData\Local\TeamSpeak 3 Client [24/06/2016 13:19:53] - |D| - [77948190] - C:\Users\Julien\AppData\Local\Temp [24/06/2016 13:19:53] - |SHD| - [0] - C:\Users\Julien\AppData\Local\Temporary Internet Files [18/12/2017 10:13:40] - |D| - [12708] - C:\Users\Julien\AppData\Local\TslGame [17/09/2016 17:22:58] - |D| - [23884] - C:\Users\Julien\AppData\Local\Ubisoft [17/09/2016 10:41:50] - |D| - [3705] - C:\Users\Julien\AppData\Local\Ubisoft Game Launcher [25/10/2017 20:08:21] - |D| - [241] - C:\Users\Julien\AppData\Local\UnrealEngine [25/10/2017 20:08:22] - |D| - [456] - C:\Users\Julien\AppData\Local\UnrealEngineLauncher [24/06/2016 13:21:34] - |D| - [863] - C:\Users\Julien\AppData\Local\VirtualStore [19/04/2018 23:46:28] - |D| - [278653] - C:\Users\Julien\AppData\Local\ZHP [01/01/2018 23:28:55] - |D| - [809] - C:\Users\Julien\AppData\Local\_ [14/08/2016 15:03:52] - |D| - [44032] - C:\Users\Julien\AppData\LocalLow\Adobe [19/02/2018 16:58:20] - |D| - [0] - C:\Users\Julien\AppData\LocalLow\BitTorrent [24/06/2016 14:21:28] - |SHD| - [0] - C:\Users\Julien\AppData\LocalLow\EmieSiteList [24/06/2016 14:21:36] - |SHD| - [0] - C:\Users\Julien\AppData\LocalLow\EmieUserList [24/06/2016 13:19:54] - |SD| - [4871209] - C:\Users\Julien\AppData\LocalLow\Microsoft [06/08/2017 22:24:53] - |D| - [15776] - C:\Users\Julien\AppData\LocalLow\Sun [11/11/2016 22:21:23] - |D| - [326885008] - C:\Users\Julien\AppData\Roaming\.minecraft [24/06/2016 13:21:35] - |D| - [133900] - C:\Users\Julien\AppData\Roaming\Adobe [17/07/2016 21:07:30] - |D| - [1308943723] - C:\Users\Julien\AppData\Roaming\Apple Computer [04/12/2016 14:20:32] - |D| - [197572] - C:\Users\Julien\AppData\Roaming\Bitdefender [07/04/2017 22:22:40] - |D| - [10756065] - C:\Users\Julien\AppData\Roaming\BitTorrent [28/02/2017 20:48:56] - |D| - [442393] - C:\Users\Julien\AppData\Roaming\BoL [18/08/2016 00:08:33] - |D| - [2158060] - C:\Users\Julien\AppData\Roaming\Camfrog [24/06/2016 14:24:24] - |D| - [1417711] - C:\Users\Julien\AppData\Roaming\ClassicShell [17/12/2017 16:21:07] - |D| - [2322] - C:\Users\Julien\AppData\Roaming\CyberLink [05/08/2017 13:55:49] - |D| - [0] - C:\Users\Julien\AppData\Roaming\DevPro, LLC [10/04/2018 22:57:49] - |D| - [32188720] - C:\Users\Julien\AppData\Roaming\discordsdk [03/07/2016 15:40:07] - |D| - [61755989] - C:\Users\Julien\AppData\Roaming\DVDVideoSoft [23/02/2017 13:00:01] - |D| - [2706948] - C:\Users\Julien\AppData\Roaming\EasyAntiCheat [05/11/2016 19:45:37] - |D| - [11245211] - C:\Users\Julien\AppData\Roaming\GamingOnSteroids [25/06/2016 02:52:52] - |D| - [0] - C:\Users\Julien\AppData\Roaming\Identities [15/08/2017 16:30:57] - |D| - [2752370] - C:\Users\Julien\AppData\Roaming\Image-Line [24/06/2016 13:23:45] - |D| - [0] - C:\Users\Julien\AppData\Roaming\Intel Corporation [11/11/2016 22:21:28] - |D| - [0] - C:\Users\Julien\AppData\Roaming\java [24/06/2016 14:40:39] - |D| - [0] - C:\Users\Julien\AppData\Roaming\LolClient [24/06/2016 14:24:17] - |D| - [993] - C:\Users\Julien\AppData\Roaming\Macromedia [24/06/2016 13:19:53] - |SD| - [59062750] - C:\Users\Julien\AppData\Roaming\Microsoft [29/06/2016 00:30:51] - |D| - [0] - C:\Users\Julien\AppData\Roaming\Mozilla [02/01/2018 15:46:06] - |D| - [6468459] - C:\Users\Julien\AppData\Roaming\NexonLauncher [11/12/2016 16:00:55] - |D| - [2369437] - C:\Users\Julien\AppData\Roaming\Notepad++ [31/03/2018 17:07:35] - |D| - [0] - C:\Users\Julien\AppData\Roaming\NVIDIA [31/08/2016 00:09:49] - |D| - [4610] - C:\Users\Julien\AppData\Roaming\Origin [08/03/2017 20:59:49] - |D| - [287344] - C:\Users\Julien\AppData\Roaming\PingBuster [02/01/2018 15:48:02] - |D| - [0] - C:\Users\Julien\AppData\Roaming\Python [04/12/2016 14:14:33] - |D| - [0] - C:\Users\Julien\AppData\Roaming\QuickScan [26/06/2016 10:45:19] - |D| - [108204142] - C:\Users\Julien\AppData\Roaming\Skype [18/02/2017 14:03:30] - |D| - [29703] - C:\Users\Julien\AppData\Roaming\SmartSteamEmu [26/06/2016 11:18:45] - |D| - [214062732] - C:\Users\Julien\AppData\Roaming\Spotify [06/08/2017 22:24:48] - |D| - [0] - C:\Users\Julien\AppData\Roaming\Sun [26/06/2016 10:47:35] - |D| - [23079273] - C:\Users\Julien\AppData\Roaming\TS3Client [20/01/2018 22:52:22] - |D| - [541081628] - C:\Users\Julien\AppData\Roaming\Twitch [02/09/2016 20:34:06] - |A| - [45] - C:\Users\Julien\AppData\Roaming\WB.CFG [24/06/2016 13:25:47] - |D| - [537] - C:\Users\Julien\AppData\Roaming\WebStorage [26/06/2016 10:01:48] - |D| - [12] - C:\Users\Julien\AppData\Roaming\WinRAR [05/08/2017 13:56:54] - |D| - [10036290] - C:\Users\Julien\AppData\Roaming\YGOPro DevPro Launcher [19/04/2018 23:46:29] - |D| - [6960021] - C:\Users\Julien\AppData\Roaming\ZHP [24/06/2016 13:21:45] - |SH| - [174] - C:\Users\Julien\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini [19/06/2017 17:05:20] - |D| - [2126] - C:\Users\Julien\AppData\Roaming\Microsoft\Windows\Start Menu\Nox [21/07/2017 02:08:06] - |A| - [1334] - C:\Users\Julien\AppData\Roaming\Microsoft\Windows\Start Menu\OpenIV.lnk [24/06/2016 13:19:53] - |SHD| - [0] - C:\Users\Julien\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes [24/06/2016 13:19:53] - |RD| - [38635] - C:\Users\Julien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [24/06/2016 13:19:53] - |RD| - [3888] - C:\Users\Julien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility [24/06/2016 13:19:53] - |RD| - [1486] - C:\Users\Julien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [24/06/2016 13:21:45] - |RD| - [174] - C:\Users\Julien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [25/03/2017 12:16:18] - |A| - [1204] - C:\Users\Julien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AsToastHelper.lnk [24/06/2016 13:19:53] - |SH| - [564] - C:\Users\Julien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini [01/08/2017 17:25:26] - |A| - [2012] - C:\Users\Julien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FiveM.lnk [21/08/2017 19:02:21] - |A| - [998] - C:\Users\Julien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Grand Theft Multiplayer.lnk [15/08/2017 16:30:49] - |D| - [6238] - C:\Users\Julien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line [24/06/2016 13:21:35] - |A| - [1469] - C:\Users\Julien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [24/06/2016 13:19:53] - |D| - [170] - C:\Users\Julien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [15/09/2016 16:05:35] - |A| - [2392] - C:\Users\Julien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive Entreprise.lnk [26/06/2016 11:20:21] - |A| - [1847] - C:\Users\Julien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk [24/06/2016 13:21:45] - |RD| - [1163] - C:\Users\Julien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [26/06/2016 23:53:33] - |D| - [646] - C:\Users\Julien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam [24/06/2016 13:19:53] - |RD| - [5274] - C:\Users\Julien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools [26/06/2016 10:47:32] - |A| - [1223] - C:\Users\Julien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk [20/01/2018 22:52:49] - |A| - [965] - C:\Users\Julien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Twitch.lnk [17/09/2016 10:41:51] - |D| - [2609] - C:\Users\Julien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft [26/06/2016 10:01:40] - |D| - [4313] - C:\Users\Julien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [24/06/2016 13:21:45] - |SH| - [174] - C:\Users\Julien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini [20/01/2018 22:52:49] - |A| - [989] - C:\Users\Julien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Twitch.lnk ---------- | [Public] [24/06/2016 23:15:05] - |RHD| - [196] - C:\Users\Public\AccountPictures [19/01/2018 22:22:08] - |AHD| - [0] - C:\Users\Public\AppData [17/12/2017 16:21:17] - |D| - [120] - C:\Users\Public\CyberLink [22/08/2013 17:36:30] - |RHD| - [25809] - C:\Users\Public\Desktop [22/08/2013 17:36:32] - |ASH| - [174] - C:\Users\Public\desktop.ini [22/08/2013 17:36:30] - |RD| - [95936891] - C:\Users\Public\Documents [22/08/2013 17:36:30] - |RD| - [174] - C:\Users\Public\Downloads [07/07/2017 18:17:31] - |D| - [0] - C:\Users\Public\Games [22/08/2013 17:36:30] - |RHD| - [1174] - C:\Users\Public\Libraries [10/01/2018 15:23:51] - |SH| - [234] - C:\Users\Public\Libraries.ini [22/08/2013 17:36:30] - |RD| - [380] - C:\Users\Public\Music [26/06/2016 10:05:05] - |A| - [262144] - C:\Users\Public\NTUSER.DAT [26/06/2016 10:05:05] - |ASH| - [8192] - C:\Users\Public\NTUSER.DAT.LOG1 [26/06/2016 10:05:05] - |ASH| - [8192] - C:\Users\Public\NTUSER.DAT.LOG2 [26/06/2016 10:05:05] - |ASH| - [65536] - C:\Users\Public\NTUSER.DAT{d5045938-3b70-11e6-825f-6c71d9f91a9e}.TM.blf [26/06/2016 10:05:05] - |ASH| - [524288] - C:\Users\Public\NTUSER.DAT{d5045938-3b70-11e6-825f-6c71d9f91a9e}.TMContainer00000000000000000001.regtrans-ms [26/06/2016 10:05:05] - |ASH| - [524288] - C:\Users\Public\NTUSER.DAT{d5045938-3b70-11e6-825f-6c71d9f91a9e}.TMContainer00000000000000000002.regtrans-ms [22/08/2013 17:36:30] - |RD| - [1263209] - C:\Users\Public\Pictures [22/08/2013 17:36:30] - |RD| - [380] - C:\Users\Public\Videos ---------- | C:\ProgramData [04/12/2016 14:23:18] - |A| - [2462777] - C:\ProgramData\1480853673.bdinstall.bin [05/06/2014 20:34:01] - |D| - [543472663] - C:\ProgramData\Adobe [17/07/2016 21:03:07] - |D| - [187266267] - C:\ProgramData\Apple [17/07/2016 21:07:19] - |D| - [1503] - C:\ProgramData\Apple Computer [22/08/2013 16:45:52] - |SHD| - [0] - C:\ProgramData\Application Data [11/09/2014 02:30:02] - |D| - [145441395] - C:\ProgramData\ASUS [05/06/2014 20:39:05] - |D| - [2282] - C:\ProgramData\ASUS WebStorage [17/07/2017 14:53:02] - |D| - [83] - C:\ProgramData\bdch [04/12/2016 14:20:53] - |D| - [1277902] - C:\ProgramData\BDLogging [04/12/2016 14:14:52] - |D| - [412513973] - C:\ProgramData\Bitdefender [29/06/2016 00:29:48] - |D| - [799280] - C:\ProgramData\BlueStacksGameManager [09/04/2018 13:14:42] - |D| - [0] - C:\ProgramData\BlueStacksSetup [07/07/2017 18:17:45] - |D| - [0] - C:\ProgramData\boost_interprocess [18/08/2016 00:08:34] - |D| - [72] - C:\ProgramData\Camfrog Update [05/06/2014 20:41:40] - |D| - [0] - C:\ProgramData\CLSK [05/06/2014 20:41:31] - |D| - [52819535] - C:\ProgramData\CyberLink [22/08/2013 16:45:52] - |SHD| - [0] - C:\ProgramData\Desktop [22/08/2013 16:45:52] - |SHD| - [0] - C:\ProgramData\Documents [05/06/2014 20:26:07] - |AH| - [0] - C:\ProgramData\DP45977C.lfl [31/08/2016 00:07:43] - |D| - [0] - C:\ProgramData\Electronic Arts [25/10/2017 20:07:35] - |D| - [95400531] - C:\ProgramData\Epic [26/06/2016 12:13:10] - |D| - [14654139] - C:\ProgramData\Hi-Rez Studios [05/06/2014 20:40:47] - |D| - [28173] - C:\ProgramData\install_clap [11/09/2014 02:24:03] - |D| - [44451795] - C:\ProgramData\Intel [26/06/2016 11:02:09] - |D| - [10240] - C:\ProgramData\Kaspersky Lab [11/09/2014 02:32:28] - |D| - [5829007] - C:\ProgramData\MAGIX [21/04/2018 16:35:40] - |D| - [145864354] - C:\ProgramData\Malwarebytes [05/06/2014 20:39:40] - |D| - [1277] - C:\ProgramData\McAfee [22/08/2013 15:36:15] - |SD| - [3026975222] - C:\ProgramData\Microsoft [05/06/2014 20:51:26] - |D| - [0] - C:\ProgramData\Microsoft OneDrive [26/06/2016 11:02:08] - |A| - [262144] - C:\ProgramData\ntuser.dat [26/06/2016 11:02:08] - |ASH| - [8192] - C:\ProgramData\ntuser.dat.LOG1 [26/06/2016 11:02:08] - |ASH| - [8192] - C:\ProgramData\ntuser.dat.LOG2 [26/06/2016 11:02:08] - |ASH| - [65536] - C:\ProgramData\ntuser.dat{2545ff46-3b78-11e6-8260-6c71d9f91a9e}.TM.blf [26/06/2016 11:02:08] - |ASH| - [524288] - C:\ProgramData\ntuser.dat{2545ff46-3b78-11e6-8260-6c71d9f91a9e}.TMContainer00000000000000000001.regtrans-ms [26/06/2016 11:02:08] - |ASH| - [524288] - C:\ProgramData\ntuser.dat{2545ff46-3b78-11e6-8260-6c71d9f91a9e}.TMContainer00000000000000000002.regtrans-ms [02/09/2016 19:33:25] - |RASH| - [290] - C:\ProgramData\ntuser.pol [11/09/2014 02:25:17] - |D| - [3413972] - C:\ProgramData\NVIDIA [11/09/2014 02:24:58] - |D| - [1028336080] - C:\ProgramData\NVIDIA Corporation [06/08/2017 22:24:29] - |D| - [72367552] - C:\ProgramData\Oracle [31/08/2016 00:07:45] - |D| - [359614156] - C:\ProgramData\Origin [05/06/2014 20:07:35] - |D| - [87713197] - C:\ProgramData\Package Cache [11/09/2014 02:27:06] - |D| - [9002984] - C:\ProgramData\Realtek [22/08/2013 17:36:30] - |D| - [6341] - C:\ProgramData\regid.1991-06.com.microsoft [24/06/2016 14:30:51] - |D| - [39] - C:\ProgramData\Riot Games [26/06/2016 10:45:10] - |D| - [86745088] - C:\ProgramData\Skype [01/08/2017 16:16:50] - |D| - [2381690] - C:\ProgramData\Socialclub [22/08/2013 16:45:52] - |SHD| - [0] - C:\ProgramData\Start Menu [01/08/2017 16:16:49] - |D| - [2686] - C:\ProgramData\Steam [05/06/2014 20:40:47] - |D| - [0] - C:\ProgramData\Temp [22/08/2013 16:45:52] - |SHD| - [0] - C:\ProgramData\Templates [20/01/2018 22:53:46] - |D| - [4170048] - C:\ProgramData\Twitch [10/08/2016 19:28:55] - |D| - [7009] - C:\ProgramData\VsTelemetry [05/06/2014 20:39:05] - |D| - [2282] - C:\ProgramData\WebStorage ---------- | C:\ProgramData\Microsoft\Windows\Start Menu [09/04/2018 13:14:48] - |A| - [627] - C:\ProgramData\Microsoft\Windows\Start Menu\BlueStacks.lnk [22/08/2013 17:36:33] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini [22/08/2013 17:36:30] - |RD| - [197136] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs [22/08/2013 17:36:30] - |RD| - [1614] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility [22/08/2013 17:36:30] - |RD| - [16870] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories [11/04/2017 19:35:55] - |A| - [2457] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk [26/10/2016 20:38:23] - |A| - [2457] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk [22/08/2013 17:36:30] - |RD| - [25660] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [24/06/2016 14:48:21] - |A| - [709] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Assistant Mise à niveau de Windows 10.lnk [05/06/2014 20:34:44] - |D| - [10372] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS [11/09/2014 02:32:41] - |D| - [1223] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Music Maker [11/09/2014 02:33:24] - |RD| - [2346] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUSDVD [05/06/2014 20:26:09] - |A| - [1333] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudioWizard.lnk [18/02/2017 16:17:06] - |D| - [5870] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey [04/12/2016 14:20:55] - |D| - [11794] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2015 [22/08/2013 08:57:22] - |RAS| - [2131] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Camera.lnk [26/06/2016 10:03:00] - |D| - [941] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [24/06/2016 14:21:06] - |D| - [7425] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell [05/06/2014 20:41:30] - |RD| - [1653] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PhotoDirector 3 [05/06/2014 20:42:17] - |RD| - [1273] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDirector 10 [22/08/2013 17:36:33] - |SH| - [1358] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini [22/08/2013 08:57:05] - |RAS| - [853] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desktop.lnk [25/10/2017 20:07:38] - |A| - [937] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk [14/01/2018 18:55:42] - |A| - [2437] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk [13/03/2014 05:58:38] - |RAS| - [2440] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileManager.lnk [26/06/2016 09:58:08] - |A| - [2249] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk [01/08/2017 16:15:26] - |A| - [609] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grand Theft Auto V.lnk [14/06/2017 00:35:30] - |D| - [2244] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios [26/10/2017 09:55:10] - |D| - [1838] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HiSuite [15/08/2017 16:30:48] - |D| - [3863] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line [22/08/2013 08:54:10] - |RAS| - [2349] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk [11/09/2014 02:24:04] - |RD| - [2421] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel [06/08/2017 22:24:37] - |D| - [6736] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java [22/08/2013 17:36:30] - |D| - [170] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance [21/04/2018 16:35:47] - |D| - [3852] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes [11/11/2016 22:20:14] - |D| - [998] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft [05/06/2014 20:52:18] - |A| - [1328] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk [26/06/2016 12:37:46] - |D| - [4433] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCSOFT [26/06/2016 12:36:10] - |D| - [2206] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCWest [11/12/2016 16:00:56] - |D| - [1060] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++ [26/02/2018 19:54:04] - |D| - [6503] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [04/09/2016 21:11:29] - |D| - [3897] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox [31/08/2016 00:07:43] - |D| - [1830] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin [14/01/2018 18:55:42] - |D| - [10425] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outils Microsoft Office 2016 [09/07/2016 01:38:46] - |D| - [1048] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Passware [05/06/2014 20:52:16] - |A| - [1397] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk [22/08/2013 08:57:08] - |RAS| - [2365] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotosApp.lnk [14/01/2018 18:55:42] - |A| - [2464] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk [14/01/2018 18:55:42] - |A| - [2495] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project.lnk [22/08/2013 08:45:50] - |RAS| - [1588] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk [13/10/2017 21:46:44] - |D| - [2160] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [22/08/2013 17:36:30] - |RD| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp [26/06/2016 21:25:48] - |D| - [1062] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [22/08/2013 17:36:30] - |RD| - [6359] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools [01/01/2018 19:00:00] - |D| - [1452] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USB2.0 PC CAMERA [14/01/2018 18:55:42] - |A| - [2481] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visio.lnk [22/08/2013 08:48:43] - |RAS| - [2191] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Store.lnk [26/06/2016 10:01:40] - |D| - [4241] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [14/01/2018 18:55:42] - |A| - [2447] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk [27/11/2016 20:34:39] - |D| - [48] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xiph.Org ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [22/08/2013 17:36:33] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | C:\Program Files (x86) [26/10/2016 20:38:21] - |D| - [283884031] - C:\Program Files (x86)\Adobe [05/06/2014 20:34:43] - |D| - [359809036] - C:\Program Files (x86)\ASUS [13/12/2017 16:01:42] - |D| - [38421860] - C:\Program Files (x86)\Bignox [09/04/2018 13:14:25] - |D| - [61936073] - C:\Program Files (x86)\BlueStacks [11/09/2014 02:26:54] - |D| - [3558495] - C:\Program Files (x86)\Cisco [22/08/2013 15:36:15] - |D| - [367008586] - C:\Program Files (x86)\Common Files [05/06/2014 20:41:20] - |D| - [402482281] - C:\Program Files (x86)\CyberLink [22/08/2013 17:36:33] - |ASH| - [174] - C:\Program Files (x86)\desktop.ini [08/03/2018 19:01:42] - |D| - [1601864] - C:\Program Files (x86)\EasyAntiCheat [03/07/2016 15:40:21] - |D| - [20645164] - C:\Program Files (x86)\FreeCodecPack [26/06/2016 09:57:04] - |D| - [420950414] - C:\Program Files (x86)\Google [26/10/2017 09:54:37] - |D| - [69162298] - C:\Program Files (x86)\HiSuite [05/06/2014 20:13:09] - |HD| - [197321313] - C:\Program Files (x86)\InstallShield Installation Information [11/09/2014 02:24:15] - |D| - [16682927] - C:\Program Files (x86)\Intel [22/08/2013 17:36:30] - |D| - [8322161] - C:\Program Files (x86)\Internet Explorer [06/08/2017 22:24:27] - |D| - [178958814] - C:\Program Files (x86)\Java [14/01/2018 18:33:23] - |D| - [2499522900] - C:\Program Files (x86)\Microsoft Office [15/09/2016 16:05:35] - |D| - [9040072] - C:\Program Files (x86)\Microsoft OneDrive [05/06/2014 20:52:14] - |D| - [1829877] - C:\Program Files (x86)\Microsoft SQL Server Compact Edition [22/08/2013 17:36:30] - |D| - [8175999] - C:\Program Files (x86)\Microsoft.NET [12/03/2014 16:30:19] - |D| - [61672620] - C:\Program Files (x86)\MSBuild [11/09/2014 02:32:30] - |D| - [154033] - C:\Program Files (x86)\MSXML 4.0 [29/07/2016 00:36:36] - |D| - [26843887727] - C:\Program Files (x86)\NCSOFT [29/07/2016 00:38:25] - |D| - [28276749] - C:\Program Files (x86)\NCWest [11/12/2016 16:00:55] - |D| - [6949084] - C:\Program Files (x86)\Notepad++ [11/09/2014 02:24:57] - |D| - [484827814] - C:\Program Files (x86)\NVIDIA Corporation [08/03/2017 20:57:48] - |D| - [165376] - C:\Program Files (x86)\PingBuster [05/06/2014 20:13:10] - |D| - [73763735] - C:\Program Files (x86)\Realtek [11/09/2014 02:26:36] - |D| - [9037422] - C:\Program Files (x86)\REALTEK PCIE Wireless LAN Driver [12/03/2014 16:30:19] - |D| - [61497465] - C:\Program Files (x86)\Reference Assemblies [09/04/2017 07:59:34] - |D| - [82547723] - C:\Program Files (x86)\Rockstar Games [13/10/2017 21:46:43] - |RD| - [90499909] - C:\Program Files (x86)\Skype [05/06/2014 20:13:08] - |HD| - [0] - C:\Program Files (x86)\Temp [09/10/2016 13:56:58] - |D| - [807677] - C:\Program Files (x86)\trend micro [01/01/2018 19:00:01] - |D| - [52141108] - C:\Program Files (x86)\USB 2.0 PC CAMERA [05/04/2018 11:02:25] - |D| - [1735394] - C:\Program Files (x86)\VulkanRT [22/08/2013 17:36:30] - |D| - [3218072] - C:\Program Files (x86)\Windows Defender [05/06/2014 20:51:53] - |D| - [163815619] - C:\Program Files (x86)\Windows Live [22/08/2013 17:36:30] - |D| - [13160448] - C:\Program Files (x86)\Windows Mail [22/08/2013 17:36:30] - |D| - [4436506] - C:\Program Files (x86)\Windows Media Player [22/08/2013 17:36:30] - |D| - [230912] - C:\Program Files (x86)\Windows Multimedia Platform [22/08/2013 17:36:30] - |D| - [9269818] - C:\Program Files (x86)\Windows NT [22/08/2013 17:36:30] - |D| - [6150800] - C:\Program Files (x86)\Windows Photo Viewer [22/08/2013 17:36:30] - |D| - [230912] - C:\Program Files (x86)\Windows Portable Devices [22/08/2013 17:36:30] - |SHD| - [0] - C:\Program Files (x86)\Windows Sidebar [22/08/2013 17:36:30] - |D| - [0] - C:\Program Files (x86)\WindowsPowerShell [26/06/2016 10:01:37] - |D| - [4615840] - C:\Program Files (x86)\WinRAR [27/11/2016 20:34:37] - |D| - [13985299] - C:\Program Files (x86)\Xiph.Org ---------- | C:\Program Files [18/02/2017 16:17:06] - |D| - [10511564] - C:\Program Files\AutoHotkey [04/12/2016 14:14:51] - |D| - [328262370] - C:\Program Files\Bitdefender [26/06/2016 10:02:57] - |D| - [18983896] - C:\Program Files\CCleaner [24/06/2016 14:21:06] - |D| - [10517762] - C:\Program Files\Classic Shell [22/08/2013 15:36:15] - |D| - [1406321473] - C:\Program Files\Common Files [05/06/2014 20:41:43] - |D| - [563373072] - C:\Program Files\CyberLink [22/08/2013 17:36:45] - |ASH| - [174] - C:\Program Files\desktop.ini [13/10/2017 21:43:14] - |D| - [707464] - C:\Program Files\DIFX [15/08/2017 16:30:52] - |D| - [3681435] - C:\Program Files\Image-Line [05/06/2014 20:09:12] - |D| - [31608307] - C:\Program Files\Intel [22/08/2013 17:36:31] - |D| - [28805706] - C:\Program Files\Internet Explorer [21/04/2018 16:35:40] - |D| - [158725236] - C:\Program Files\Malwarebytes [14/01/2018 18:33:18] - |D| - [9029984] - C:\Program Files\Microsoft Office 15 [12/03/2014 16:30:19] - |D| - [25757] - C:\Program Files\MSBuild [11/09/2014 02:24:39] - |D| - [8923590912] - C:\Program Files\NVIDIA Corporation [04/09/2016 21:11:27] - |D| - [160852805] - C:\Program Files\Oracle [05/06/2014 20:26:02] - |D| - [51289832] - C:\Program Files\Realtek [12/03/2014 16:30:19] - |D| - [64828585] - C:\Program Files\Reference Assemblies [09/04/2017 07:59:20] - |D| - [103962035] - C:\Program Files\Rockstar Games [22/08/2013 16:47:10] - |HD| - [0] - C:\Program Files\Uninstall Information [22/08/2013 17:36:31] - |D| - [19196214] - C:\Program Files\Windows Defender [22/08/2013 17:36:31] - |D| - [13519360] - C:\Program Files\Windows Mail [22/08/2013 17:36:31] - |D| - [7190078] - C:\Program Files\Windows Media Player [22/08/2013 17:36:31] - |D| - [286208] - C:\Program Files\Windows Multimedia Platform [22/08/2013 17:36:31] - |D| - [9622586] - C:\Program Files\Windows NT [22/08/2013 17:36:31] - |D| - [7082128] - C:\Program Files\Windows Photo Viewer [22/08/2013 17:36:31] - |D| - [286208] - C:\Program Files\Windows Portable Devices [22/08/2013 17:36:31] - |SHD| - [0] - C:\Program Files\Windows Sidebar [22/08/2013 17:36:31] - |HD| - [1255054410] - C:\Program Files\WindowsApps [22/08/2013 17:36:31] - |D| - [0] - C:\Program Files\WindowsPowerShell [26/06/2016 10:00:34] - |D| - [262565] - C:\Program Files\WinRAR ---------- | C:\Program Files (x86)\Common Files [26/10/2016 20:38:21] - |D| - [9430811] - C:\Program Files (x86)\Common Files\Adobe [17/07/2016 21:03:07] - |D| - [0] - C:\Program Files (x86)\Common Files\Apple [05/06/2014 20:38:59] - |D| - [3966986] - C:\Program Files (x86)\Common Files\AWS [25/10/2017 21:20:31] - |D| - [20941336] - C:\Program Files (x86)\Common Files\BattlEye [23/04/2018 17:56:52] - |D| - [24240] - C:\Program Files (x86)\Common Files\DESIGNER [05/06/2014 20:12:42] - |D| - [3261625] - C:\Program Files (x86)\Common Files\InstallShield [11/09/2014 02:24:14] - |D| - [259775] - C:\Program Files (x86)\Common Files\Intel Corporation [20/04/2018 16:36:27] - |D| - [1948384] - C:\Program Files (x86)\Common Files\Java [11/09/2014 02:32:28] - |D| - [3708469] - C:\Program Files (x86)\Common Files\MAGIX Services [22/08/2013 17:36:30] - |D| - [95641056] - C:\Program Files (x86)\Common Files\Microsoft Shared [05/06/2014 20:41:31] - |D| - [1485205] - C:\Program Files (x86)\Common Files\Nikon [20/04/2018 16:36:13] - |D| - [1369776] - C:\Program Files (x86)\Common Files\Oracle [11/09/2014 02:24:18] - |D| - [196972] - C:\Program Files (x86)\Common Files\PostureAgent [15/08/2017 16:31:29] - |D| - [1435256] - C:\Program Files (x86)\Common Files\Propellerhead Software [22/08/2013 17:36:30] - |D| - [2702] - C:\Program Files (x86)\Common Files\Services [13/10/2017 21:46:43] - |D| - [2574296] - C:\Program Files (x86)\Common Files\Skype [26/06/2016 21:25:49] - |D| - [3951168] - C:\Program Files (x86)\Common Files\Steam [22/08/2013 17:36:30] - |D| - [13759371] - C:\Program Files (x86)\Common Files\System [05/06/2014 20:51:18] - |D| - [203051158] - C:\Program Files (x86)\Common Files\Windows Live ---------- | C:\Program Files\Common files [02/10/2016 12:53:07] - |D| - [0] - C:\Program Files\Common files\AV [04/12/2016 14:14:28] - |D| - [1047084814] - C:\Program Files\Common files\Bitdefender [29/07/2016 00:35:00] - |D| - [3345915] - C:\Program Files\Common files\INCA Shared [22/08/2013 17:36:31] - |D| - [331959207] - C:\Program Files\Common files\microsoft shared [15/08/2017 16:31:29] - |D| - [2193016] - C:\Program Files\Common files\Propellerhead Software [22/08/2013 17:36:31] - |D| - [2702] - C:\Program Files\Common files\Services [22/08/2013 17:36:31] - |D| - [14621067] - C:\Program Files\Common files\System [15/08/2017 16:31:30] - |D| - [7114752] - C:\Program Files\Common files\VST2 ---------- | Tasks [MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [22/08/2013 16:45:54] - |AH| - [6] - C:\Windows\Tasks\SA.DAT [MD5.449E9CD55835CF4362113F01C408A24C] - [26/10/2016 20:38:33] - |A| - [4476] - C:\Windows\System32\Tasks\Adobe Acrobat Update Task : C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [MD5.00000000000000000000000000000000] - [05/06/2014 20:34:46] - |D| - [19368] - C:\Windows\System32\Tasks\ASUS [MD5.1CDF5AAA89E9CFBD0D26FC23F67BD7AD] - [05/06/2014 20:38:24] - |A| - [1838] - C:\Windows\System32\Tasks\AsusVibeSchedule : "C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe" [MD5.86972D41E6AFB6398E7DDE35DE88E96F] - [26/06/2016 10:03:01] - |A| - [2786] - C:\Windows\System32\Tasks\CCleanerSkipUAC : "C:\Program Files\CCleaner\CCleaner.exe" [MD5.00000000000000000000000000000000] - [05/07/2016 16:33:57] - |D| - [0] - C:\Windows\System32\Tasks\Games [MD5.4F3D710FC0C4834A1DF9C05E0CB8C3FF] - [26/06/2016 09:57:05] - |A| - [3372] - C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [MD5.CA66322452D074B8F0F5F7FB173CE2A7] - [26/06/2016 09:57:05] - |A| - [3500] - C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [MD5.00000000000000000000000000000000] - [19/02/2018 16:55:59] - |D| - [0] - C:\Windows\System32\Tasks\MEGA [MD5.00000000000000000000000000000000] - [22/08/2013 17:36:30] - |D| - [378058] - C:\Windows\System32\Tasks\Microsoft [MD5.EAA6ED3944D20B674DA4BD4DF21C3875] - [30/03/2018 19:37:15] - |A| - [3922] - C:\Windows\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe [MD5.C2F731C51F40B88E5BC0FF97058C6E6F] - [26/02/2018 19:54:13] - |A| - [4146] - C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [MD5.3C0F7172EC3F5F97DA68462DE913397D] - [26/02/2018 19:54:21] - |A| - [3814] - C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe" [MD5.6D942C9E07C810B68033EA5BFEF10C35] - [26/02/2018 19:54:22] - |A| - [3798] - C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [MD5.582B9C6ABC49FA5E935D1318C82412C1] - [26/02/2018 19:54:09] - |A| - [3738] - C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [MD5.8C70F48179F211F0163FB1D1491FD41B] - [26/02/2018 19:54:08] - |A| - [3494] - C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [MD5.4D656907EC768BDF92B5706DEE3CB6C4] - [26/02/2018 19:54:09] - |A| - [3730] - C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [MD5.3C96A16986A822F11E6722334B2CB956] - [26/02/2018 19:54:09] - |A| - [3738] - C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [MD5.B4D6E2ACBDEE42EC88C5E646780180CC] - [21/07/2017 03:14:07] - |A| - [3168] - C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3714920687-1367710502-1323822166-1002 : %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe [MD5.1C272D51566A82F33D6255185E81F014] - [24/06/2016 13:27:26] - |A| - [3600] - C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3714920687-1367710502-1323822166-1002 : %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe [MD5.CFF404DD4C5A5185DB03AE89C4FE9768] - [24/06/2016 14:21:30] - |A| - [3784] - C:\Windows\System32\Tasks\User_Feed_Synchronization-{694876AC-481A-4F4E-8531-3D8D8157712C} : C:\Windows\system32\msfeedssync.exe [MD5.00000000000000000000000000000000] - [24/06/2016 13:22:32] - |D| - [3578] - C:\Windows\System32\Tasks\WPD [MD5.2C43BCC1D5FEAE5C2A0C3E4D020B5B0A] - [04/12/2016 13:51:06] - |A| - [3158] - C:\Windows\System32\Tasks\{0DFE458C-F0D8-4326-B501-7DEAE6413E4E} : C:\Windows\system32\pcalua.exe [MD5.00000000000000000000000000000000] - [22/08/2013 17:36:31] - |D| - [0] - C:\Windows\Syswow64\Tasks\Microsoft ---------- | Firewall [HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules] "Netlogon-NamedPipe-In"=v2.22|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|Name=@netlogon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010| "Netlogon-TCP-RPC-In"=v2.22|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%SystemRoot%\System32\lsass.exe|Name=@netlogon.dll,-1008|Desc=@netlogon.dll,-1009|EmbedCtxt=@netlogon.dll,-1010| "WirelessDisplay-In-TCP"=v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10200|Desc=@wifidisplay.dll,-10201|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Out-TCP"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10202|Desc=@wifidisplay.dll,-10203|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Out-UDP"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10204|Desc=@wifidisplay.dll,-10205|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=SonicWALL.MobileConnect|Desc=SonicWALL.MobileConnect|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-1141404472-3582312691-3771565717-2155153689-4284170330-1053580937-782359393|EmbedCtxt=SonicWALL.MobileConnect|Platform=2:6:2|Platform2=GTEQ| "{560448D6-095C-4907-B046-AC7F710701A7}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=SonicWALL.MobileConnect|Desc=SonicWALL.MobileConnect|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-1141404472-3582312691-3771565717-2155153689-4284170330-1053580937-782359393|EmbedCtxt=SonicWALL.MobileConnect|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{D6980480-941A-4DF6-AB81-3734ECD3D779}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=JuniperNetworks.JunosPulseVpn|Desc=JuniperNetworks.JunosPulseVpn|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-413786399-3497379642-531169432-1175633435-3083429259-2317590812-1892764672|EmbedCtxt=JuniperNetworks.JunosPulseVpn|Platform=2:6:2|Platform2=GTEQ| "{EC799E33-72BA-42D7-9127-DEFE68F9799D}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=JuniperNetworks.JunosPulseVpn|Desc=JuniperNetworks.JunosPulseVpn|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-413786399-3497379642-531169432-1175633435-3083429259-2317590812-1892764672|EmbedCtxt=JuniperNetworks.JunosPulseVpn|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{F64300AD-D559-4000-BD45-0997BCC8E70A}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=f5.vpn.client|Desc=f5.vpn.client|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-3873129616-3864902477-3117653462-838095904-2337665935-1018217662-2152729480|EmbedCtxt=f5.vpn.client|Platform=2:6:2|Platform2=GTEQ| "{F77E5446-4378-4E99-8B7A-7061AAAEA193}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=f5.vpn.client|Desc=f5.vpn.client|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-3873129616-3864902477-3117653462-838095904-2337665935-1018217662-2152729480|EmbedCtxt=f5.vpn.client|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{9E3D57FC-7C37-4424-9352-4831E97D029D}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{C:\Windows\WinStore\resources.pri?ms-resource://WinStore/resources/DisplayName}|Desc=@{C:\Windows\WinStore\resources.pri?ms-resource://WinStore/resources/Description}|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-2608634532-1453884237-1118350049-1925931850-670756941-1603938316-3764965493|EmbedCtxt=@{C:\Windows\WinStore\resources.pri?ms-resource://WinStore/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ| "{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{C:\Windows\WinStore\resources.pri?ms-resource://WinStore/resources/DisplayName}|Desc=@{C:\Windows\WinStore\resources.pri?ms-resource://WinStore/resources/Description}|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-2608634532-1453884237-1118350049-1925931850-670756941-1603938316-3764965493|EmbedCtxt=@{C:\Windows\WinStore\resources.pri?ms-resource://WinStore/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ| "{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=CheckPoint.VPN|Desc=CheckPoint.VPN|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-3676279713-3632409675-756843784-3388909659-2454753834-4233625902-1413163418|EmbedCtxt=CheckPoint.VPN|Platform=2:6:2|Platform2=GTEQ| "{4282FE99-8560-4BC7-9576-5F3ED84E263F}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=CheckPoint.VPN|Desc=CheckPoint.VPN|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-3676279713-3632409675-756843784-3388909659-2454753834-4233625902-1413163418|EmbedCtxt=CheckPoint.VPN|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{35C60325-DAE2-410E-B422-541F7FE99383}"=v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE|Name=CyberLink PowerDirector|Desc=CyberLink PowerDirector| "{5E0216B4-BFFC-41FC-A781-E5668FB78192}"=v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe|Name=Windows Live Communications Platform|Edge=TRUE| "{D3794EC1-2619-48CC-AE24-5E20C2FA3F86}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|Name=Windows Live Communications Platform (UPnP)| "{92BF62E6-B87D-4E61-97A9-DF0EEBF24CBC}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|Name=Windows Live Communications Platform (SSDP)| "{71B6836F-B0CE-413E-A151-B6D96463A11C}"=v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe|Name=CyberLink PowerDVD 10.0|Desc=CyberLink PowerDVD 10.0| "{B2475B22-F461-4584-B46B-334EC52D0730}"=v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE|Name=CyberLink PowerDVD 10.0|Desc=CyberLink PowerDVD 10.0| "{009BE725-9E0F-4E3C-A8AC-A26C89062DD5}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-21-3714920687-1367710502-1323822166-500|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2:6:2|Platform2=GTEQ| "{62CBE0F5-9388-43C4-B401-E2264F80DA6C}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Fingertapps Organizer recommended by ASUS|Desc=Organizer 3.1.5245 0dec48929ee2 10/06/2013 11:37|LUOwn=S-1-5-21-3714920687-1367710502-1323822166-1002|AppPkgId=S-1-15-2-4229215270-1845391095-482815050-802128451-1246825127-1015136754-1310895966|EmbedCtxt=Fingertapps Organizer recommended by ASUS|Platform=2:6:2|Platform2=GTEQ| "{646BEF03-0E83-45A8-A51D-730486A550AB}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Fingertapps Organizer recommended by ASUS|Desc=Organizer 3.1.5245 0dec48929ee2 10/06/2013 11:37|LUOwn=S-1-5-21-3714920687-1367710502-1323822166-1002|AppPkgId=S-1-15-2-4229215270-1845391095-482815050-802128451-1246825127-1015136754-1310895966|EmbedCtxt=Fingertapps Organizer recommended by ASUS|Platform=2:6:2|Platform2=GTEQ| "{0E2D073A-3D88-48D8-B1C8-6520A9D613BF}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Fingertapps Instruments recommended by ASUS|Desc=Fingertapps Instruments|LUOwn=S-1-5-21-3714920687-1367710502-1323822166-1002|AppPkgId=S-1-15-2-2335652789-4043004035-3350355981-2066762484-2260609466-2431050703-1074851053|EmbedCtxt=Fingertapps Instruments recommended by ASUS|Platform=2:6:2|Platform2=GTEQ| "{FE82E7F0-538C-43FF-AF66-BD8D59CF5948}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=JigsWar recommended by ASUS|Desc=Jigswar|LUOwn=S-1-5-21-3714920687-1367710502-1323822166-1002|AppPkgId=S-1-15-2-3699438345-764867176-607887312-443883014-4288786640-4203541789-1524562109|EmbedCtxt=JigsWar recommended by ASUS|Platform=2:6:2|Platform2=GTEQ| "{479F1446-106C-4C23-8243-4C10490B3861}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Fresh Paint|Desc=Fresh Paint|LUOwn=S-1-5-21-3714920687-1367710502-1323822166-1002|AppPkgId=S-1-15-2-753205055-3642759886-2300710532-466079404-1496176425-3605778055-1481226570|EmbedCtxt=Fresh Paint|Platform=2:6:2|Platform2=GTEQ| "{1C7EF545-75CC-44F5-86A1-B0EC68524D26}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=ASUS WebStorage|Desc=ASUS WebStorage|LUOwn=S-1-5-21-3714920687-1367710502-1323822166-1002|AppPkgId=S-1-15-2-2379699041-582217313-309184701-132115402-2983263408-230732246-1589285292|EmbedCtxt=ASUS WebStorage|Platform=2:6:2|Platform2=GTEQ| "{580818BB-592D-40BB-BFB2-970F26F012FB}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=ASUS WebStorage|Desc=ASUS WebStorage|LUOwn=S-1-5-21-3714920687-1367710502-1323822166-1002|AppPkgId=S-1-15-2-2379699041-582217313-309184701-132115402-2983263408-230732246-1589285292|EmbedCtxt=ASUS WebStorage|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "TCP Query User{5F314A69-3BC5-49DA-B508-6666E1E9E137}C:\users\julien\appdata\roaming\spotify\spotify.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\julien\appdata\roaming\spotify\spotify.exe|Name=spotify.exe|Desc=spotify.exe| "UDP Query User{D11DE1D3-21B9-458F-B6A9-E9C96155E87F}C:\users\julien\appdata\roaming\spotify\spotify.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\julien\appdata\roaming\spotify\spotify.exe|Name=spotify.exe|Desc=spotify.exe| "{D117B0C9-ACF6-4FB7-8870-0074D4ACD152}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=D:\The crew\The Crew (Worldwide)\TheCrew.exe|Name=The Crew| "{D04D15F5-A68D-4894-BCFB-74729998CDBF}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=D:\The crew\The Crew (Worldwide)\TheCrew.exe|Name=The Crew| "TCP Query User{6C66BD37-4435-4E64-8305-BB8C6C0340B3}C:\users\julien\appdata\roaming\spotify\spotify.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\julien\appdata\roaming\spotify\spotify.exe|Name=spotify.exe|Desc=spotify.exe|Defer=User| "UDP Query User{C5B8EC8A-D486-4477-9C64-F4FE8A8D383D}C:\users\julien\appdata\roaming\spotify\spotify.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\julien\appdata\roaming\spotify\spotify.exe|Name=spotify.exe|Desc=spotify.exe|Defer=User| "TCP Query User{282D9BB3-B790-4BB7-8334-2C68BE84195B}C:\users\julien\downloads\yu-gi-oh! legacy of the duelist\yugioh.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\julien\downloads\yu-gi-oh! legacy of the duelist\yugioh.exe|Name=yugioh.exe|Desc=yugioh.exe|Defer=User| "UDP Query User{73D6E2AF-C0B2-42E9-B87A-59AD4A8DB3D2}C:\users\julien\downloads\yu-gi-oh! legacy of the duelist\yugioh.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\julien\downloads\yu-gi-oh! legacy of the duelist\yugioh.exe|Name=yugioh.exe|Desc=yugioh.exe|Defer=User| "{DA0FF0E7-D9A6-4BBC-8EFF-725A1FBA890D}"=v2.22|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=D:\Riot Games\League of Legends\LeagueClient.exe|Name=League Client| "{59DF9812-1623-45B8-9732-AF7BD3AD7FAE}"=v2.22|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|App=D:\Riot Games\League of Legends\LeagueClient.exe|Name=League Client| "{FC7BAC62-5724-4661-AF72-F58CFE174EDB}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Users\Julien\AppData\Roaming\BitTorrent\BitTorrent.exe|Name=BitTorrent (TCP-In) (Julien)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE| "{DB5B2905-506D-4182-A46D-D6967829A18D}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=C:\Users\Julien\AppData\Roaming\BitTorrent\BitTorrent.exe|Name=BitTorrent (TCP-Out) (Julien)|Desc=Allow µTorrent network traffic| "{3F5AAE79-29C9-470E-85F6-84DEB057B98E}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Users\Julien\AppData\Roaming\BitTorrent\BitTorrent.exe|Name=BitTorrent (UDP-In) (Julien)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE| "{1879C3D8-4BB0-4936-8910-C2A32D7CD736}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Julien\AppData\Roaming\BitTorrent\BitTorrent.exe|Name=BitTorrent (Julien)| "{817735E7-D872-4A2C-851F-4B295C5BE9EF}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Julien\AppData\Roaming\BitTorrent\BitTorrent.exe|Name=BitTorrent (Julien)| "{9C0302BE-8869-4B28-9801-1301C2A6F164}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=C:\Users\Julien\AppData\Roaming\BitTorrent\BitTorrent.exe|Name=BitTorrent (UDP-Out) (Julien)|Desc=Allow µTorrent network traffic| "TCP Query User{794C1C9C-2539-42E6-B130-39F811857647}D:\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=D:\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe|Name=smite|Desc=smite|Defer=User| "UDP Query User{69DFA1A3-453E-49C2-B140-BC78E7B350FA}D:\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=D:\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe|Name=smite|Desc=smite|Defer=User| "TCP Query User{5BE3B02F-6BB9-471F-A973-3EC5D6D3C6C6}C:\users\julien\downloads\swproxy-windows-2\swproxy-windows\swproxy.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\julien\downloads\swproxy-windows-2\swproxy-windows\swproxy.exe|Name=swproxy.exe|Desc=swproxy.exe|Defer=User| "UDP Query User{5E5FB9A8-4A60-4E4A-A81C-04AC2B03DDF4}C:\users\julien\downloads\swproxy-windows-2\swproxy-windows\swproxy.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\julien\downloads\swproxy-windows-2\swproxy-windows\swproxy.exe|Name=swproxy.exe|Desc=swproxy.exe|Defer=User| "TCP Query User{698BD23D-837C-4757-B560-E1B6D9A545BF}C:\users\julien\appdata\roaming\bittorrent\updates\7.10.0_43917.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\julien\appdata\roaming\bittorrent\updates\7.10.0_43917.exe|Name=7.10.0_43917.exe|Desc=7.10.0_43917.exe|Edge=TRUE|Defer=App| "UDP Query User{87D5B8AF-99A5-44A9-9133-70C476F758B0}C:\users\julien\appdata\roaming\bittorrent\updates\7.10.0_43917.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\julien\appdata\roaming\bittorrent\updates\7.10.0_43917.exe|Name=7.10.0_43917.exe|Desc=7.10.0_43917.exe|Edge=TRUE|Defer=App| "TCP Query User{E7B77A65-AAE3-487A-8364-BBB396FB932C}C:\users\julien\downloads\css\counter strike source v34\hl2.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\julien\downloads\css\counter strike source v34\hl2.exe|Name=hl2.exe|Desc=hl2.exe|Defer=User| "UDP Query User{A34C74AA-AA39-44F1-9AC4-B7F09E8411B9}C:\users\julien\downloads\css\counter strike source v34\hl2.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\julien\downloads\css\counter strike source v34\hl2.exe|Name=hl2.exe|Desc=hl2.exe|Defer=User| "TCP Query User{21A4409A-E8FD-4E62-A03A-8DD5BB1DB682}D:\fortnite\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=D:\fortnite\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe|Name=EpicGamesLauncher|Desc=EpicGamesLauncher|Defer=User| "UDP Query User{2595D9F9-913E-4464-9785-340D4A210F29}D:\fortnite\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=D:\fortnite\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe|Name=EpicGamesLauncher|Desc=EpicGamesLauncher|Defer=User| "TCP Query User{F01F8016-3071-4736-BBEB-4928B76D7558}D:\fortnite\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=D:\fortnite\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe|Name=EpicGamesLauncher|Desc=EpicGamesLauncher|Defer=User| "UDP Query User{F9696E5A-CB18-4AEE-BD9F-085F390251CB}D:\fortnite\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=D:\fortnite\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe|Name=EpicGamesLauncher|Desc=EpicGamesLauncher|Defer=User| "TCP Query User{19929456-3713-45B6-B9C4-DEA11742FB92}D:\fortnite\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=D:\fortnite\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe|Name=Fortnite|Desc=Fortnite|Defer=User| "UDP Query User{BD8BC956-B776-4566-8A43-3580EE7FC211}D:\fortnite\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=D:\fortnite\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe|Name=Fortnite|Desc=Fortnite|Defer=User| "{8CDB2926-67A7-4147-8197-B8CDFAA6B157}"=v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Bignox\BigNoxVM\RT\NoxVMHandle.exe|Name=NoxVMHandle.exe|Desc=| "TCP Query User{313AB5D7-8B15-4BE1-9FC0-9337AB089E2A}D:\fortnite\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=D:\fortnite\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe|Name=EpicGamesLauncher|Desc=EpicGamesLauncher|Defer=User| "UDP Query User{1F460F3D-7202-4729-AB52-5243FEA8AF62}D:\fortnite\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=D:\fortnite\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe|Name=EpicGamesLauncher|Desc=EpicGamesLauncher|Defer=User| "{68B4CB10-D866-4F4D-8F3F-411925231AEE}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-3714920687-1367710502-1323822166-1002|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ| "{FF5890C7-6C91-4D81-A0BD-875A43946089}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-3714920687-1367710502-1323822166-1002|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{EB6211C5-7887-4A38-9166-08F62667392C}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=HP All-in-One Printer Remote|Desc=HP All-in-One Printer Remote|LUOwn=S-1-5-21-3714920687-1367710502-1323822166-1002|AppPkgId=S-1-15-2-744533573-2444454674-265863901-3215465728-4115286053-1341080355-789689510|EmbedCtxt=HP All-in-One Printer Remote|Platform=2:6:2|Platform2=GTEQ| "{46C66A41-CC4A-4D5A-9D5D-F8AC83312B2F}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=HP All-in-One Printer Remote|Desc=HP All-in-One Printer Remote|LUOwn=S-1-5-21-3714920687-1367710502-1323822166-1002|AppPkgId=S-1-15-2-744533573-2444454674-265863901-3215465728-4115286053-1341080355-789689510|EmbedCtxt=HP All-in-One Printer Remote|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{9A9DA0B8-4D72-4E4F-A0FE-C4FDE7B7C011}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{MAGIX.MusicMakerJam_2.3.1055.0_x64__a2t3txkz9j1jw?ms-resource://MAGIX.MusicMakerJam/Resources/app_name}|Desc=@{MAGIX.MusicMakerJam_2.3.1055.0_x64__a2t3txkz9j1jw?ms-resource://MAGIX.MusicMakerJam/Resources/app_name}|LUOwn=S-1-5-21-3714920687-1367710502-1323822166-1002|AppPkgId=S-1-15-2-914775309-424825794-3355368112-487557154-2084386389-537045334-2498513562|EmbedCtxt=@{MAGIX.MusicMakerJam_2.3.1055.0_x64__a2t3txkz9j1jw?ms-resource://MAGIX.MusicMakerJam/Resources/app_name}|Platform=2:6:2|Platform2=GTEQ| "{8C75D309-CB49-45C7-87DC-09EFEB4CB1EE}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=@{MAGIX.MusicMakerJam_2.3.1055.0_x64__a2t3txkz9j1jw?ms-resource://MAGIX.MusicMakerJam/Resources/app_name}|Desc=@{MAGIX.MusicMakerJam_2.3.1055.0_x64__a2t3txkz9j1jw?ms-resource://MAGIX.MusicMakerJam/Resources/app_name}|LUOwn=S-1-5-21-3714920687-1367710502-1323822166-1002|AppPkgId=S-1-15-2-914775309-424825794-3355368112-487557154-2084386389-537045334-2498513562|EmbedCtxt=@{MAGIX.MusicMakerJam_2.3.1055.0_x64__a2t3txkz9j1jw?ms-resource://MAGIX.MusicMakerJam/Resources/app_name}|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "TCP Query User{3C040116-2844-499E-8895-A57332128792}D:\bot\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=D:\bot\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe|Name=League of Legends|Desc=League of Legends|Defer=User| "UDP Query User{51953F8B-8A5A-45C0-9F3C-CC0C95AF6014}D:\bot\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=D:\bot\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe|Name=League of Legends|Desc=League of Legends|Defer=User| "{0FBE6108-13BF-42C7-B4DA-462357845F2D}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files (x86)\Google\Chrome\Application\chrome.exe|Name=Google Chrome (mDNS-In)|Desc=Règle de trafic entrant pour Google Chrome autorisant le trafic mDNS|EmbedCtxt=Google Chrome| "TCP Query User{965E392F-CE07-4C95-9789-A3406CD80415}D:\fortnite\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=D:\fortnite\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe|Name=Fortnite|Desc=Fortnite|Defer=User| "UDP Query User{D9C619E6-80D4-4853-B904-F5D3C9E18901}D:\fortnite\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=D:\fortnite\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe|Name=Fortnite|Desc=Fortnite|Defer=User| "TCP Query User{2DAC5474-9E68-41DD-812B-B68D60D2E02F}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe|Name=League of Legends|Desc=League of Legends|Defer=User| "UDP Query User{46900446-D7F2-459B-8337-542080A22263}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe|Name=League of Legends|Desc=League of Legends|Defer=User| "{236C97F5-62F4-4C8D-8D76-3982BAA10757}"=v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\BlueStacks\HD-Player.exe|Name=BlueStacks Service| "{01BD5C19-789C-4281-94D0-2D3F7FE6194A}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=McAfee® Central for ASUS|Desc=McAfee® Central for ASUS|LUOwn=S-1-5-21-3714920687-1367710502-1323822166-1002|AppPkgId=S-1-15-2-2765696161-823825158-446941565-3726326493-3574487356-3592776108-1778328952|EmbedCtxt=McAfee® Central for ASUS|Platform=2:6:2|Platform2=GTEQ| "{43BABF85-6806-41F2-BB1E-CA395AB68444}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=McAfee® Central for ASUS|Desc=McAfee® Central for ASUS|LUOwn=S-1-5-21-3714920687-1367710502-1323822166-1002|AppPkgId=S-1-15-2-2765696161-823825158-446941565-3726326493-3574487356-3592776108-1778328952|EmbedCtxt=McAfee® Central for ASUS|Platform=2:6:2|Platform2=GTEQ| "TCP Query User{005188CE-A00C-4ECD-B1F2-0803520D95DE}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.139\deploy\leagueclient.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.139\deploy\leagueclient.exe|Name=League of Legends|Desc=League of Legends|Defer=User| "UDP Query User{1B5362EA-E6C4-415D-BC5C-E6164D226087}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.139\deploy\leagueclient.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.139\deploy\leagueclient.exe|Name=League of Legends|Desc=League of Legends|Defer=User| ---------- | Control\Class [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1264760F-A5C8-4BFE-B314-D56A7B44A362}] : (DXGKrnl) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{14b62f50-3f15-11dd-ae16-0800200c9a66}] : (DigitalMediaDevices) [] -> @digitalmediadevice.inf,%ClassName%;Digital Media Devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}] : (PrintQueue) [] -> @PrintQueue.inf,%ClassName%;Print queues [HKLM\SYSTEM\CurrentControlSet\Control\Class\{25dbce51-6c8f-4a72-8a6d-b54c2b4fc835}] : (WCEUSBS) [] -> @%SystemRoot%\System32\SysClass.Dll,-3026 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{268c95a1-edfe-11d3-95c3-0010dc4050a5}] : (Security Accelerator) [] -> @c_sslaccel.inf,%SECURITYACCELERATORCLASSNAME%;Security Accelerator [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2a9fe532-0cdc-44f9-9827-76192f2ca2fb}] : (HidMsr) [] -> @idtsec.inf,%ClassName%;POS HID Magnetic Stripe Reader [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2EA9B43F-3045-43B5-80F2-FD06C55FBB90}] : (vhdmp) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B648}] : (fvevol) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B649}] : (fvevol) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{36fc9e60-c465-11cf-8056-444553540000}] : (USB) [] -> @%SystemRoot%\System32\SysClass.Dll,-3025 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{37C9A9DF-DC57-451E-8ED1-81D2EBB3F713}] : (cm_km) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3f966bd9-fa04-4ec5-991c-d326973b5128}] : (AndroidUsbDeviceClass) [] -> @oem39.inf,%ClassName%;Android Phone [HKLM\SYSTEM\CurrentControlSet\Control\Class\{43675d81-502a-4a82-9f84-b75f418c5dea}] : (Media Center Extender) [] -> @%SystemRoot%\system32\McxDriv.dll,-100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4658ee7e-f050-11d1-b6bd-00c04fa372a7}] : (PnpPrinters) [] -> @%systemroot%\system32\ntprint.dll,-1300 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{48721b56-6795-11d2-b1a8-0080c72e74a2}] : (Dot4) [] -> @%SystemRoot%\system32\sysclass.dll,-3023 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{49ce6ac8-6f86-11d2-b1e5-0080c72e74a2}] : (Dot4Print) [] -> @%SystemRoot%\system32\sysclass.dll,-3024 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e965-e325-11ce-bfc1-08002be10318}] : (CDROM) [] -> @%SystemRoot%\System32\StorProp.dll,-17001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e966-e325-11ce-bfc1-08002be10318}] : (Computer) [] -> @%SystemRoot%\System32\SysClass.dll,-3000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}] : (DiskDrive) [] -> @%SystemRoot%\System32\StorProp.dll,-17000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}] : (Display) [] -> @%SystemRoot%\System32\DispCI.dll,-3100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e969-e325-11ce-bfc1-08002be10318}] : (fdc) [] -> @%SystemRoot%\System32\SysClass.Dll,-3013 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96a-e325-11ce-bfc1-08002be10318}] : (hdc) [] -> @%SystemRoot%\System32\SysClass.Dll,-3001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96b-e325-11ce-bfc1-08002be10318}] : (Keyboard) [] -> @%SystemRoot%\System32\SysClass.Dll,-3002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96c-e325-11ce-bfc1-08002be10318}] : (MEDIA) [] -> @%SystemRoot%\System32\mmci.dll,-3000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}] : (Modem) [] -> @%SystemRoot%\System32\mdminst.dll,-14100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96e-e325-11ce-bfc1-08002be10318}] : (Monitor) [] -> @%SystemRoot%\System32\Montr_CI.dll,-3100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96f-e325-11ce-bfc1-08002be10318}] : (Mouse) [] -> @%SystemRoot%\System32\SysClass.Dll,-3004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e970-e325-11ce-bfc1-08002be10318}] : (MTD) [] -> @%SystemRoot%\System32\SysClass.Dll,-3021 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e971-e325-11ce-bfc1-08002be10318}] : (MultiFunction) [] -> @%SystemRoot%\System32\SysClass.Dll,-3014 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}] : (Net) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1502 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e973-e325-11ce-bfc1-08002be10318}] : (NetClient) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1504 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e974-e325-11ce-bfc1-08002be10318}] : (NetService) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1505 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e975-e325-11ce-bfc1-08002be10318}] : (NetTrans) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1503 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e977-e325-11ce-bfc1-08002be10318}] : (PCMCIA) [] -> @%SystemRoot%\System32\SysClass.Dll,-3010 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e978-e325-11ce-bfc1-08002be10318}] : (Ports) [] -> @%SystemRoot%\System32\msports.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e979-e325-11ce-bfc1-08002be10318}] : (Printer) [] -> @%systemroot%\system32\ntprint.dll,-1004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97b-e325-11ce-bfc1-08002be10318}] : (SCSIAdapter) [] -> @%SystemRoot%\System32\SysClass.Dll,-3005 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97d-e325-11ce-bfc1-08002be10318}] : (System) [] -> @%SystemRoot%\System32\SysClass.Dll,-3008 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97e-e325-11ce-bfc1-08002be10318}] : (Unknown) [] -> @%SystemRoot%\System32\SysClass.Dll,-3009 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e980-e325-11ce-bfc1-08002be10318}] : (FloppyDisk) [] -> @%SystemRoot%\System32\SysClass.Dll,-3015 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50127dc3-0f36-415e-a6cc-4cb3be910b65}] : (Processor) [] -> @%SystemRoot%\system32\procinst.dll,-100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{502EB68B-57B4-4FEE-9890-18F2D8AD1E3E}] : (mfencbdc) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50906cb8-ba12-11d1-bf5d-0000f805f530}] : (MultiPortSerial) [] -> @%SystemRoot%\system32\sysclass.dll,-3022 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5099944a-f6b9-4057-a056-8c550228544c}] : (Memory) [] -> @%SystemRoot%\System32\SysClass.Dll,-3018 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50dd5230-ba8a-11d1-bf5d-0000f805f530}] : (SmartCardReader) [] -> @%SystemRoot%\System32\StorProp.dll,-17002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5175d334-c371-4806-b3ba-71fd53c9258d}] : (Sensor) [] -> @%systemroot%\system32\SensorsCpl.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{52bdc6b4-868d-40c4-8ba7-b3ae6bf7b965}] : (BluetoothVirtual) [] -> @oem13.inf,%BluetoothVirtualName%;RTK Bluetooth Virtual Devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{533c5b84-ec70-11d2-9505-00c04f79deaf}] : (VolumeSnapshot) [] -> @%SystemRoot%\System32\SysClass.Dll,-3011 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53d29ef7-377c-4d14-864b-eb3a85769359}] : (Biometric) [] -> @%SystemRoot%\System32\SysClass.DLL,-3028 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5630831c-06c9-4856-b327-f5d32586e060}] : (Proximity) [] -> @c_proximity.inf,%ClassDesc%;Proximity devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{57465043-616c-6c6f-7574-5f636c617373}] : (WFPCALLOUTS) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{62f9c741-b25a-46ce-b54c-9bccce08b6f2}] : (SoftwareDevice) [] -> @c_swdevice.inf,%ClassDesc%;Software devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc1-810f-11d0-bec7-08002be2092f}] : (1394) [] -> @%SystemRoot%\System32\SysClass.Dll,-3016 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc5-810f-11d0-bec7-08002be2092f}] : (Infrared) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1501 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc6-810f-11d0-bec7-08002be2092f}] : (Image) [] -> @%systemroot%\system32\sti_ci.dll,-52 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6d807884-7d21-11cf-801c-08002be10318}] : (TapeDrive) [] -> @%SystemRoot%\System32\SysClass.Dll,-3006 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6FAE73B7-B735-4B50-A0DA-0DC2484B1F1A}] : (BasicDisplay) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{71a27cdd-812a-11d0-bec7-08002be2092f}] : (Volume) [] -> @%SystemRoot%\System32\SysClass.Dll,-3007 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{72631e54-78a4-11d0-bcf7-00aa00b7b32a}] : (Battery) [] -> @%SystemRoot%\system32\powrprof.dll,-611 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{745a17a0-74d3-11d0-b6fe-00a0c90f57da}] : (HIDClass) [] -> @%SystemRoot%\System32\hid.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{78A1C341-4539-11D3-B88D-00C04FAD5171}] : (mfesapsn) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{7ebefbc0-3200-11d2-b4c2-00a0c9697d07}] : (61883) [] -> @%SystemRoot%\System32\SysClass.Dll,-3019 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{81C87465-DE07-4EFC-9D93-61E891D52FD2}] : (RdpVideoMiniport) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{88a1c342-4539-11d3-b88d-00c04fad5171}] : (TS_Generic) [] -> @ts_generic.inf,%TSClassName%;Generic Remote Desktop devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{88bae032-5a81-49f0-bc3d-a4ff138216d6}] : (USBDevice) [] -> @%SystemRoot%\System32\SysClass.Dll,-3029 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8c78b96c-9120-4da4-a144-ff427f2cf132}] : (BarcodeScanner) [] -> @hidscanner.inf,%ClassName%;POS HID Barcode scanners [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8ecc055d-047f-11d1-a537-0000f8753ed1}] : (LegacyDriver) [] -> @%SystemRoot%\System32\SysClass.Dll,-3003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{990a2bd7-e738-46c7-b26f-1cf8fb9f1391}] : (SmartCard) [] -> @%SystemRoot%\System32\sccls.dll,-300 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{9d6d66a6-0b0c-4563-9077-a0e9a7955ae4}] : (Ramdisk) [] -> @ramdisk.inf,%ClassName%;RAM Disk drives [HKLM\SYSTEM\CurrentControlSet\Control\Class\{9da2b80f-f89f-4a49-a5c2-511b085b9e8a}] : (EhStorSilo) [] -> @rawsilo.inf,%ClassName%;IEEE 1667 silo and control devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a588a4-c46f-4b37-b7ea-c82fe89870c6}] : (SDHost) [] -> @%SystemRoot%\System32\SysClass.Dll,-3012 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{A3E32DBA-BA89-4F17-8386-2D0127FBD4CC}] : (rdpbus) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{A73C93F1-9727-4D1D-ACE1-0E333BA4E7DB}] : (nvlddmkm) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{B95B836B-234E-4857-A1F8-D0D9A9BEC1C5}] : (vmbus) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c06ff265-ae09-48f0-812c-16753d7cba83}] : (AVC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3027 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c166523c-fe0c-4a94-a586-f1a80cfbbf3e}] : (AudioEndpoint) [] -> @AudioEndpoint.inf,%ClassName%;Audio inputs and outputs [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c30ecea0-11ef-4ef9-b02e-6af81e6e65c0}] : (WSDPrintDevice) [] -> @WSDPrint.Inf,%ClassName%;WSD Print Provider [HKLM\SYSTEM\CurrentControlSet\Control\Class\{ce5939ae-ebde-11d0-b181-0000f8753ec4}] : (MediumChanger) [] -> @%SystemRoot%\System32\StorProp.dll,-17003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d421b08e-6d16-41ca-9c4d-9147e5ac98e0}] : (Miracast) [] -> @miradisp.inf,%ClassName%;Miracast display devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d48179be-ec20-11d1-b6b8-00c04fa372a7}] : (SBP2) [] -> @%SystemRoot%\System32\SysClass.Dll,-3017 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d61ca365-5af4-4486-998b-9db4734c6ca3}] : (XnaComposite) [] -> @xusb22.inf,%XUSB22.ClassName%;Xbox 360 Peripherals [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d94ee5d8-d189-4994-83d2-f68d7d41b0e6}] : (SecurityDevices) [] -> @%SystemRoot%\System32\SysClass.Dll,-3020 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{db4f6ddd-9c0e-45e4-9597-78dbbad0f412}] : (SmartCardFilter) [] -> @%SystemRoot%\System32\sccls.dll,-301 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e0cbf06c-cd8b-4647-bb8a-263b43f0f974}] : (Bluetooth) [] -> @%SystemRoot%\system32\bthci.dll,-4001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e2f84ce7-8efa-411c-aa69-97454ca4cb57}] : (Extension) [] -> @c_extension.inf,%ClassDesc%;Extensions [HKLM\SYSTEM\CurrentControlSet\Control\Class\{eec5ad98-8080-425f-922a-dabf3de3f69a}] : (WPD) [] -> @%SystemRoot%\System32\wpd_ci.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f2e7dd72-6468-4e36-b6f1-6488f42c1b52}] : (Firmware) [] -> @c_firmware.inf,%ClassDesc%;Firmware [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f72fe0d4-cbcb-407d-8814-9ed673d0dd6b}] : (USB) [] -> @oem56.inf,%ClassName%;ADB Interface [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5] -> elstrans.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) ---------- | Loaded modules (whitelist) [04/12/2016 14:14:51] - (2.4.986.22902) - (BitDefender S.R.L. - Trufos Kernel Module) - C:\Windows\system32\DRIVERS\trufos.sys [11/09/2014 02:31:10] - (0.0.0.0) - ( -) - C:\Windows\System32\Drivers\assdv2.sys [04/12/2016 14:20:45] - (3.12.13582.6399) - (BitDefender - Active Virus Control filter driver) - C:\Windows\system32\DRIVERS\avc3.sys [04/12/2016 14:14:52] - (2.0.0.63) - (BitDefender LLC - BitDefender Gonzales FileSystem Driver) - C:\Windows\system32\DRIVERS\gzflt.sys [04/12/2016 14:20:44] - (7.0.0.8) - (BitDefender LLC - BitDefender Firewall WFP Filter Driver) - C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [18/07/2016 14:52:02] - (5.0.26.8824) - (Oracle Corporation - VirtualBox NDIS 6.0 Lightweight Filter Driver) - C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [13/12/2017 16:01:45] - (4.3.12.0) - (BigNox Corporation - VirtualBox Support Driver) - C:\Program Files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys [26/06/2016 10:53:57] - (5.0.26.8824) - (Oracle Corporation - VirtualBox USB Monitor Driver) - C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [26/06/2016 10:53:58] - (5.0.26.8824) - (Oracle Corporation - VirtualBox Support Driver) - C:\Windows\system32\DRIVERS\VBoxDrv.sys [21/04/2018 16:35:45] - (0.0.0.0) - ( -) - C:\Windows\system32\drivers\mbae64.sys [11/09/2014 02:31:32] - (0.0.0.0) - ( -) - C:\Windows\SysWow64\drivers\AsUpIO.sys [05/06/2014 20:34:44] - (0.0.0.0) - ( -) - C:\Windows\SysWow64\drivers\AsIO.sys [05/04/2018 11:00:44] - (23.21.13.9135) - (NVIDIA Corporation - NVIDIA Windows Kernel Mode Driver, Version 391.35) - C:\Windows\system32\DRIVERS\nvlddmkm.sys [26/02/2018 19:51:19] - (4.4.0.0) - (NVIDIA Corporation - NVIDIA Virtual Audio Driver) - C:\Windows\system32\drivers\nvvad64v.sys [26/02/2018 19:51:21] - (202.0.0.0) - (NVIDIA Corporation - Virtual USB Host Controller driver) - C:\Windows\System32\drivers\nvvhci.sys [26/02/2018 19:51:18] - (1.3.36.6) - (NVIDIA Corporation - NVIDIA HDMI Audio Driver) - C:\Windows\system32\drivers\nvhda64v.sys ---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service S0 - [Kernel Driver] - 3ware () -> System32\drivers\3ware.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - ACPI (@acpi.inf,%ACPI.SvcDesc%;Microsoft ACPI Driver) -> System32\drivers\ACPI.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - acpiex (Microsoft ACPIEx Driver) -> System32\Drivers\acpiex.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - ADP80XX () -> System32\drivers\ADP80XX.SYS - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - agp440 (@machine.inf,%agp440_svcdesc%;Intel AGP Bus Filter) -> System32\drivers\agp440.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdsata () -> System32\drivers\amdsata.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdsbs () -> System32\drivers\amdsbs.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdxata () -> System32\drivers\amdxata.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - arcsas (@arcsas.inf,%arcsas_ServiceName%;Adaptec SAS/SATA-II RAID Storport's Miniport Driver) -> System32\drivers\arcsas.sys - AcceptPause: False - AcceptStop: False R0 - [File System Driver] - assdv2 () -> (?) - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - atapi (@mshdc.inf,%idechannel.DeviceDesc%;IDE Channel) -> System32\drivers\atapi.sys - AcceptPause: False - AcceptStop: False R0 - [File System Driver] - avc3 (avc3) -> system32\DRIVERS\avc3.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - b06bdrv (@netbvbda.inf,%vbd_srv_desc%;Broadcom NetXtreme II VBD) -> System32\drivers\bxvbda.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - bdelam () -> system32\drivers\bdelam.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - CLFS (@%SystemRoot%\system32\drivers\clfs.sys,-100) -> System32\drivers\CLFS.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - CNG () -> System32\Drivers\cng.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - disk (@disk.inf,%disk_ServiceDesc%;Disk Driver) -> System32\drivers\disk.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - ebdrv (@netevbda.inf,%vbd_srv_desc%;Broadcom NetXtreme II 10 GigE VBD) -> System32\drivers\evbda.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - EhStorClass (@%SystemRoot%\system32\drivers\EhStorClass.sys,-100) -> System32\drivers\EhStorClass.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - EhStorTcgDrv (@ehstortcgdrv.inf,%EhStorTcgDrv.Desc%;Microsoft driver for storage devices supporting IEEE 1667 and TCG protocols) -> System32\drivers\EhStorTcgDrv.sys - AcceptPause: False - AcceptStop: False R0 - [File System Driver] - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) -> System32\drivers\fileinfo.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) -> system32\drivers\fltmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) -> System32\DRIVERS\fvevol.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - gagp30kx (@machine.inf,%gagp30kx_svcdesc%;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms) -> System32\drivers\gagp30kx.sys - AcceptPause: False - AcceptStop: False R0 - [File System Driver] - gzflt (gzflt) -> system32\DRIVERS\gzflt.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - HpSAMD () -> System32\drivers\HpSAMD.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) -> System32\drivers\hwpolicy.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - iaStorA () -> System32\drivers\iaStorA.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - iaStorAV (@iastorav.inf,%iaStorAV.DeviceDesc%;Intel(R) SATA RAID Controller Windows) -> System32\drivers\iaStorAV.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - iaStorV (@iastorv.inf,%*PNP0600.DeviceDesc%;Intel RAID Controller Windows 7) -> System32\drivers\iaStorV.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - intelide () -> System32\drivers\intelide.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - intelpep (@intelpep.inf,%INTELPEP.SVCDESC%;Intel(R) Power Engine Plug-in Driver) -> System32\drivers\intelpep.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - isapnp () -> System32\drivers\isapnp.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - KSecDD () -> System32\Drivers\ksecdd.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - KSecPkg () -> System32\Drivers\ksecpkg.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - LSI_SAS () -> System32\drivers\lsi_sas.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SAS2 () -> System32\drivers\lsi_sas2.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SAS3 () -> System32\drivers\lsi_sas3.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SSS () -> System32\drivers\lsi_sss.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - MBAMSwissArmy (MBAMSwissArmy) -> System32\Drivers\mbamswissarmy.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - megasas () -> System32\drivers\megasas.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasr () -> System32\drivers\megasr.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) -> System32\drivers\mountmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - msisadrv () -> System32\drivers\msisadrv.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - Mup (@%systemroot%\system32\drivers\mup.sys,-101) -> System32\Drivers\mup.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - mvumis () -> System32\drivers\mvumis.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) -> system32\drivers\ndis.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - nvraid () -> System32\drivers\nvraid.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - nvstor () -> System32\drivers\nvstor.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - nv_agp (@machine.inf,%agpnvidia_svcdesc%;NVIDIA nForce AGP Bus Filter) -> System32\drivers\nv_agp.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) -> System32\drivers\partmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - pci (@machine.inf,%pci_svcdesc%;PCI Bus Driver) -> System32\drivers\pci.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - pciide () -> System32\drivers\pciide.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - pcmcia () -> System32\drivers\pcmcia.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - pcw (Performance Counters for Windows Driver) -> System32\drivers\pcw.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - pdc (@%SystemRoot%\system32\drivers\pdc.sys,-100) -> system32\drivers\pdc.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - rdyboost (ReadyBoost) -> System32\drivers\rdyboost.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - sbp2port (@sbp2.inf,%sbp2_ServiceDesc%;SBP-2 Transport/Protocol Bus Driver) -> System32\drivers\sbp2port.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - SiSRaid2 () -> System32\drivers\SiSRaid2.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - SiSRaid4 () -> System32\drivers\sisraid4.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - spaceport (@spaceport.inf,%Spaceport_ServiceDesc%;Storage Spaces Driver) -> System32\drivers\spaceport.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - stexstor () -> System32\drivers\stexstor.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storahci (@mshdc.inf,%storahci_ServiceDescription%;Microsoft Standard SATA AHCI Driver) -> System32\drivers\storahci.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storflt (@%SystemRoot%\system32\vmstorfltres.dll,-1000) -> System32\drivers\vmstorfl.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - stornvme (@stornvme.inf,%StorNVMe_ServiceDesc%;Microsoft Standard NVM Express Driver) -> System32\drivers\stornvme.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storvsc () -> System32\drivers\storvsc.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - Tcpip (@%SystemRoot%\system32\tcpipcfg.dll,-50003) -> System32\drivers\tcpip.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - trufos (trufos) -> system32\DRIVERS\trufos.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - uagp35 (@machine.inf,%uagp35_svcdesc%;Microsoft AGPv3.5 Filter) -> System32\drivers\uagp35.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - uliagpkx (@machine.inf,%uliagpkx_svcdesc%;Uli AGP Bus Filter) -> System32\drivers\uliagpkx.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - vdrvroot (@vdrvroot.inf,%vdrvroot_svcdesc%;Microsoft Virtual Drive Enumerator) -> System32\drivers\vdrvroot.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - viaide () -> System32\drivers\viaide.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - vmbus (@%SystemRoot%\system32\vmbusres.dll,-1000) -> System32\drivers\vmbus.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - volmgr (@volmgr.inf,%volmgr_svcdesc%;Volume Manager Driver) -> System32\drivers\volmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) -> System32\drivers\volmgrx.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volsnap (@volume.inf,%VolumeClassName%;Storage volumes) -> System32\drivers\volsnap.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - vsmraid () -> System32\drivers\vsmraid.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - VSTXRAID (@vstxraid.inf,%Driver.DeviceDesc%;VIA StorX Storage RAID Controller Windows Driver) -> System32\drivers\vstxraid.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) -> system32\drivers\Wdf01000.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WFPLWFS (@%SystemRoot%\System32\drivers\wfplwfs.sys,-6000) -> system32\DRIVERS\wfplwfs.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - Wof (Windows Overlay File System Filter Driver) -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) -> \SystemRoot\system32\drivers\afd.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - ahcache (@%systemroot%\system32\drivers\ahcache.sys,-102) -> system32\DRIVERS\ahcache.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - BasicDisplay () -> \SystemRoot\System32\drivers\BasicDisplay.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - BasicRender () -> \SystemRoot\System32\drivers\BasicRender.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - bdfwfpf (bdfwfpf) -> \??\C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Beep (Beep) -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - cdrom (@cdrom.inf,%cdrom_ServiceDesc%;CD-ROM Driver) -> \SystemRoot\System32\drivers\cdrom.sys - AcceptPause: False - AcceptStop: True S1 - [Kernel Driver] - dam (@%SystemRoot%\system32\drivers\dam.sys,-100) -> system32\drivers\dam.sys - AcceptPause: False - AcceptStop: False R1 - [File System Driver] - Dfsc (@%systemroot%\system32\wkssvc.dll,-1008) -> System32\Drivers\dfsc.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - ESProtectionDriver (Malwarebytes Anti-Exploit) -> \??\C:\Windows\system32\drivers\mbae64.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - Msfs () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - mssmbios (@mssmbios.inf,%mssmbios_svcdesc%;Microsoft System Management BIOS Driver) -> \SystemRoot\System32\drivers\mssmbios.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - NetBIOS (@netnb.inf,%NetBIOS_Desc%;NetBIOS Interface) -> system32\DRIVERS\netbios.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - NetBT (@%SystemRoot%\system32\drivers\netbt.sys,-2) -> System32\DRIVERS\netbt.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - Npfs () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - npsvctrig (@npsvctrig.inf,%NPSVCTRIG.SvcDisplayName%;Named pipe service trigger provider) -> \SystemRoot\System32\drivers\npsvctrig.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) -> system32\drivers\nsiproxy.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Null () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Psched (@%SystemRoot%\System32\drivers\pacer.sys,-101) -> \SystemRoot\system32\DRIVERS\pacer.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) -> system32\DRIVERS\rdbss.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) -> \SystemRoot\system32\DRIVERS\tdx.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - VBoxDrv (VirtualBox Service) -> \SystemRoot\system32\DRIVERS\VBoxDrv.sys - AcceptPause: False - AcceptStop: True S1 - [Kernel Driver] - VBoxNetAdp (@oem25.inf,%VBoxNetAdp6Service_Desc%;VirtualBox NDIS 6.0 Miniport Service) -> \SystemRoot\system32\DRIVERS\VBoxNetAdp6.sys - AcceptPause: False - AcceptStop: False R1 - [Kernel Driver] - VBoxNetLwf (@oem26.inf,%VBoxNetLwfService_Desc%;VirtualBox NDIS6 Bridged Networking Service) -> \SystemRoot\system32\DRIVERS\VBoxNetLwf.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - VBoxUSBMon (VirtualBox USB Monitor Driver) -> \SystemRoot\system32\DRIVERS\VBoxUSBMon.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - vwififlt (@%SystemRoot%\System32\drivers\vwififlt.sys,-259) -> \SystemRoot\system32\DRIVERS\vwififlt.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - YSDrv (VBox Support Driver) -> \??\C:\Program Files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - lltdio (@%SystemRoot%\system32\lltdres.dll,-6) -> \SystemRoot\system32\DRIVERS\lltdio.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) -> \SystemRoot\system32\drivers\luafv.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - MBAMChameleon (MBAMChameleon) -> \SystemRoot\System32\Drivers\MbamChameleon.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - mrxsmb10 (@%systemroot%\system32\wkssvc.dll,-1004) -> system32\DRIVERS\mrxsmb10.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - Ndu (@%SystemRoot%\system32\drivers\Ndu.sys,-10001) -> system32\drivers\Ndu.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - PEAUTH (PEAUTH) -> system32\drivers\peauth.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - rspndr (@%SystemRoot%\system32\lltdres.dll,-5) -> \SystemRoot\system32\DRIVERS\rspndr.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - srv (@%systemroot%\system32\srvsvc.dll,-102) -> System32\DRIVERS\srv.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - tcpipreg (TCP/IP Registry Compatibility) -> System32\drivers\tcpipreg.sys - AcceptPause: False - AcceptStop: True ---------- | System files (Microsoft|Avast|Atheros|Adaptec|Brother|Intel Files whitelisted) [MD5.ADAA34740E9F6AFF94CC75D5CF8ED7E2] - [05/06/2014 20:34:44] - (.-.) - [9.98 Ko] - (0.0.0.0) - C:\Windows\Syswow64\Drivers\AsInsHelp32.sys [MD5.EDAA17CE771C696655B6585F7CAD2100] - [05/06/2014 20:34:44] - (.-.) - [11.55 Ko] - (0.0.0.0) - C:\Windows\Syswow64\Drivers\AsInsHelp64.sys [MD5.798DE15F187C1F013095BBBEB6FB6197] - [05/06/2014 20:34:44] - (.-.) - [14.88 Ko] - (0.0.0.0) - C:\Windows\Syswow64\Drivers\AsIO.sys [MD5.1392B92179B07B672720763D9B1028A5] - [11/09/2014 02:31:32] - (.-.) - [14.13 Ko] - (0.0.0.0) - C:\Windows\Syswow64\Drivers\AsUpIO.sys [MD5.19166026A93206F9C6A8CD3A1F010AE4] - [05/06/2014 20:05:35] - (.-.) - [10.05 Ko] - (0.0.0.0) - C:\Windows\Syswow64\Drivers\ASUSHWIO.SYS ---------- | Uninstall (Whitelist) [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\OpenIV] : (OpenIV.-..black/OpenIV Team) -> C:\Users\Julien\AppData\Local\New Technology Studio\Apps\OpenIV\uninstall.exe [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{0B9D5D50-1530-496F-81FF-CB1B4A298FCA}] : (Intel(R) Chipset Device Software.-.Intel Corporation) -> MsiExec.exe /I{0B9D5D50-1530-496F-81FF-CB1B4A298FCA} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{2368907C-E8F6-4750-A023-254C3E2B5E8D}] : (Classic Shell.-.IvoSoft) -> MsiExec.exe /X{2368907C-E8F6-4750-A023-254C3E2B5E8D} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{257A247A-9BC8-4506-B4EC-F4A725976174}] : (Oracle VM VirtualBox 5.0.26.-.Oracle Corporation) -> MsiExec.exe /I{257A247A-9BC8-4506-B4EC-F4A725976174} ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{3DE97849-544D-4D68-9255-11DF6F9F10D8}] : (Intel® Trusted Connect Service Client.-.Intel Corporation) -> MsiExec.exe /I{3DE97849-544D-4D68-9255-11DF6F9F10D8} ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{66C5838F-B854-4A55-89E6-A6138747A4DF}] : (Epic Games Launcher Prerequisites (x64).-.Epic Games, Inc.) -> MsiExec.exe /X{66C5838F-B854-4A55-89E6-A6138747A4DF} ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{AB515018-7F9D-4047-B0C0-F26BAC30F3E1}] : (ASUS Music Maker.-.MAGIX AG) -> MsiExec.exe /I{AB515018-7F9D-4047-B0C0-F26BAC30F3E1} ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel] : (NVIDIA Ansel.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel] : (Panneau de configuration NVIDIA 391.35.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update] : (Mises à jour NVIDIA 31.1.10.0.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer] : (DisplayDriverAnalyzer.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv] : (NVIDIA SHIELD Streaming.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer] : (NVIDIA Install Application.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvBackend] : (NVIDIA Backend.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer] : (NVIDIA Container.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.ContainerTelemetryApiHelper] : (NVIDIA TelemetryApi helper for NvContainer.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.LocalSystem] : (NVIDIA LocalSystem Container.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.MessageBus] : (NVIDIA Message Bus for NvContainer.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NetworkService] : (NVIDIA NetworkService Container.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.Session] : (NVIDIA Session Container.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.User] : (NVIDIA User Container.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainer] : (NVIDIA Display Container.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainerLS] : (NVIDIA Display Container LS.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayPluginWatchdog] : (NVIDIA Display Watchdog Plugin.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplaySessionContainer] : (NVIDIA Display Session Container.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs] : (NVIDIA NodeJS.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvPlugin.Watchdog] : (NVIDIA Watchdog Plugin for NvContainer.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry] : (NVIDIA Telemetry Client.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetryContainer] : (NVIDIA Telemetry Container.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci] : (NVIDIA Virtual Host Controller.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_OSC] : (Nvidia Share.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay] : (NVIDIA ShadowPlay 3.13.1.30.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController] : (NVIDIA SHIELD Wireless Controller Driver.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core] : (NVIDIA Update Core.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver] : (NVIDIA Virtual Audio 4.04.0.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B9C27F57-AB84-425F-9D00-E18C5D65C18D}] : (Intel(R) Rapid Storage Technology.-.Intel Corporation) -> MsiExec.exe /I{B9C27F57-AB84-425F-9D00-E18C5D65C18D} ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{D4FC649C-0247-4873-930D-D9E6904DCAF5}] : (Intel(R) Management Engine Components.-.Intel Corporation) -> MsiExec.exe /I{D4FC649C-0247-4873-930D-D9E6904DCAF5} ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{E1CBE9A2-1323-488E-9F3B-736DF6399F38}] : (Intel(R) Management Engine Components.-.Intel Corporation) -> MsiExec.exe /I{E1CBE9A2-1323-488E-9F3B-736DF6399F38} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin] : (Adobe Flash Player 10 Plugin.-.Adobe Systems Incorporated) -> C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10zr_Plugin.exe -maintain plugin ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\HiSuite] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield Uninstall Information] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Rockstar Games Social Club] : (Rockstar Games Social Club.-.Rockstar Games) -> C:\Program Files\Rockstar Games\Social Club\uninstallRGSCRedistributable.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}] : (Cisco PEAP Module.-.Cisco Systems, Inc.) -> MsiExec.exe /I{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}] : (Minecraft.-.Mojang) -> MsiExec.exe /X{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F32180171F0}] : (Java 8 Update 171.-.Oracle Corporation) -> MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F32180171F0} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}] : (Firebird SQL Server - MAGIX Edition.-.MAGIX AG) -> MsiExec.exe /X{39AB2E37-1A55-4292-A5D3-971E9F70D0F8} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}] : (Skype™ 7.40.-.Skype Technologies S.A.) -> MsiExec.exe /X{3B7E914A-93D5-4A29-92BB-AF8C3F66C431} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}] : (Java Auto Updater.-.Oracle Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}] : (Google Update Helper.-.Google Inc.) -> MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}] : (Cisco EAP-FAST Module.-.Cisco Systems, Inc.) -> MsiExec.exe /I{64BF0187-F3D2-498B-99EA-163AF9AE6EC9} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{6C7D32B2-4FEC-44F1-810D-BBEC78AE8562}] : (Epic Games Launcher.-.Epic Games, Inc.) -> MsiExec.exe /X{6C7D32B2-4FEC-44F1-810D-BBEC78AE8562} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{7ACF74AE-C0B8-4B58-B050-09BF4F5D84D0}] : (.-.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-0804-1033-1959-001824265200}] : (Adobe Refresh Manager.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-0804-1033-1959-001824265200} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}] : (Adobe Acrobat Reader DC - Français.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-AC0F074E4100} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AF312B06-5C5C-468E-89B3-BE6DE2645722}] : (Cisco LEAP Module.-.Cisco Systems, Inc.) -> MsiExec.exe /I{AF312B06-5C5C-468E-89B3-BE6DE2645722} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{C3F383C1-D050-4A40-843F-8171A6A02C3A}] : (Blade & Soul.-.NC Interactive, LLC) -> MsiExec.exe /X{C3F383C1-D050-4A40-843F-8171A6A02C3A} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{D37B2717-39AA-4D98-BDA2-2B75B951150B}] : (.-.) -> ---------- | Ports ---------- | Installer [HKCR\Installer\Products\00006109C80000000000000000F01FEC] : Office 16 Click-to-Run Extensibility Component [HKCR\Installer\Products\00006109C800C0400000000000F01FEC] : Office 16 Click-to-Run Localization Component [HKCR\Installer\Products\00006109DD0000000100000000F01FEC] : Office 16 Click-to-Run Extensibility Component 64-bit Registration [HKCR\Installer\Products\00006109F80000000100000000F01FEC] : Office 16 Click-to-Run Licensing Component [HKCR\Installer\Products\05C27341049E799459D1A97A76525EFB] : Movie Maker [HKCR\Installer\Products\05D5D9B00351F69418FFBCB1A492F8AC] : Intel(R) Chipset Device Software [HKCR\Installer\Products\0E492339F9DFADA41B3BCA7C0C0E69D9] : Photo Common [HKCR\Installer\Products\1C383F3C050D04A448F318176A0AC2A3] : Blade & Soul -> C:\Windows\Installer\{C3F383C1-D050-4A40-843F-8171A6A02C3A}\ARPPRODUCTICON.exe [HKCR\Installer\Products\1F764691F11C67F458B88521DA8CB349] : MSXML 4.0 SP3 Parser [HKCR\Installer\Products\2815EF3337F49BE4A8F09B47C0058DD5] : Valokuvavalikoima [HKCR\Installer\Products\2A9EBC1E3231E884F9B337D66F93F983] : Intel(R) Management Engine Components [HKCR\Installer\Products\2B23D7C6CEF41F4418D0BBCE87EA5826] : Epic Games Launcher -> C:\Windows\Installer\{6C7D32B2-4FEC-44F1-810D-BBEC78AE8562}\Installer.ico [HKCR\Installer\Products\2D6F4B0BEA2FA1544969F6F2A698B723] : PowerDirector -> C:\Windows\Installer\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}\ARPPRODUCTICON.exe [HKCR\Installer\Products\35BEA59CEAF7752479FA17638E9D9FAC] : Movie Maker [HKCR\Installer\Products\3ACB61C11CBE6F946832F8FB9BCC8C27] : Minecraft -> C:\Windows\Installer\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}\minecraft.ico [HKCR\Installer\Products\3C1765AC6A14651478ABB39CE469E008] : Photo Common [HKCR\Installer\Products\3CF9E9EFE6F52764082C0023CE6061C9] : Movie Maker [HKCR\Installer\Products\4375849970535CC40A35273A4FC1E316] : Photo Common [HKCR\Installer\Products\47FA88A5F1521EC49A4CA526D701EA61] : Movie Maker [HKCR\Installer\Products\48681065C14218D44A6FEC1D5B92C294] : Fotogalerie [HKCR\Installer\Products\492A22C8ABBDF5445BC52E8671CCEF96] : Movie Maker [HKCR\Installer\Products\492B1B625C44A374096B3D78EDA0B292] : Movie Maker [HKCR\Installer\Products\4EA42A62D9304AC4784BF2238110170F] : Java 8 Update 171 -> C:\Program Files (x86)\Java\jre1.8.0_171\\bin\javaws.exe [HKCR\Installer\Products\56573393E0336ba49AEACA180E27B001] : PhotoDirector -> C:\Windows\Installer\{39337565-330E-4ab6-A9AE-AC81E0720B10}\ARPPRODUCTICON.exe [HKCR\Installer\Products\5D2AF15ABDEFE134AAD2097D0854F011] : Photo Common [HKCR\Installer\Products\60B213FAC5C5E864983BEBD62E467522] : Cisco LEAP Module [HKCR\Installer\Products\619EBA38A957EB94CBBE192F730E5120] : Movie Maker [HKCR\Installer\Products\652E5AB1180E3E44E8151FE04F98BA6D] : Fotogalleriet [HKCR\Installer\Products\68AB67CA408033019195008142622500] : Adobe Refresh Manager -> C:\Windows\Installer\{AC76BA86-0804-1033-1959-001824265200}\ARPPRODUCTICON.exe [HKCR\Installer\Products\68AB67CA7DA76301B744CAF070E41400] : Adobe Acrobat Reader DC - Français -> C:\Windows\Installer\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}\SC_Reader.ico [HKCR\Installer\Products\6E0FE4A0219AEDC47A3FE6657E1CA3F2] : Cisco PEAP Module [HKCR\Installer\Products\6E5287E5202E07340962A24C27F942BC] : Fotograf Galerisi [HKCR\Installer\Products\73E2BA9355A129245A3D79E1F9070D8F] : Firebird SQL Server - MAGIX Edition -> C:\Windows\Installer\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}\ProgramIcon.exe [HKCR\Installer\Products\75F72C9B48BAF524D9001EC8D5561CD8] : Intel(R) Rapid Storage Technology [HKCR\Installer\Products\76B910BB19EC26E458ECF78F9BA578E8] : Photo Common [HKCR\Installer\Products\780F68E34966C0544A998412ADD19351] : Photo Gallery [HKCR\Installer\Products\7810FB462D3FB89499AE61A39FEAE69C] : Cisco EAP-FAST Module [HKCR\Installer\Products\7B599804EAAA27946BE0C4E080A69325] : ??? [HKCR\Installer\Products\7BD4C90EC03660F46A13E87A329932FA] : D3DX10 [HKCR\Installer\Products\7BF6270CF27B4A6478568D6B2A754D79] : Photo Common [HKCR\Installer\Products\7F21368149E5907458E9A8199FD76C47] : Movie Maker [HKCR\Installer\Products\810515BAD9F774040B0C2FB6CA033F1E] : ASUS Music Maker [HKCR\Installer\Products\852114CBD9EF9CE4599593D205433D4C] : Movie Maker [HKCR\Installer\Products\8659DA59FE4C2744E99EE73DAE73D5DA] : Photo Common [HKCR\Installer\Products\87FB8C4B170286147A452C9164E7D639] : Photo Common [HKCR\Installer\Products\8CDD41E806AE81E43B3E917301D4B5AD] : MSVCRT110 [HKCR\Installer\Products\94879ED3D44586D4295511FDF6F9018D] : Intel® Trusted Connect Service Client [HKCR\Installer\Products\99E80CA9B0328e74791254777B1F42AE] : [HKCR\Installer\Products\9A9C6ACD395D3FB4A92D1CAA96FDBA72] : Movie Maker [HKCR\Installer\Products\9FDB102C72C18F642A844F64C9F92CC7] : Photo Common [HKCR\Installer\Products\A089CE062ADB6BC44A720BA745894BAC] : Google Update Helper [HKCR\Installer\Products\A24567DD9DA5C184C98A57F6488AEFFA] : Movie Maker [HKCR\Installer\Products\A419E7B35D3992A429BBFAC8F3664C13] : Skype™ 7.40 -> C:\Windows\Installer\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}\SkypeIcon.exe [HKCR\Installer\Products\A6C64DD86500CEF47BA082BB611A1FF1] : MSVCRT [HKCR\Installer\Products\A742A7528CB960544BCE4F7A52791647] : Oracle VM VirtualBox 5.0.26 -> C:\Windows\Installer\{257A247A-9BC8-4506-B4EC-F4A725976174}\IconVirtualBox [HKCR\Installer\Products\A7921EA53E852F04C995DABCC85F9681] : Galería de fotos [HKCR\Installer\Products\A8763B128300D5847B5B40868E8CC5AC] : Photo Common [HKCR\Installer\Products\AEFE1DE22B24DBF40A18FC3FDC002980] : Photo Common [HKCR\Installer\Products\AFDB6796948A85B4CB51ACACC70804DF] : Movie Maker [HKCR\Installer\Products\BC1DC1BB8E924EF42A6E278FD72F413E] : Photo Common [HKCR\Installer\Products\BD0E00CE36C1A0F4AB3D5DCFEFA4DEE2] : Galeria de Fotografias [HKCR\Installer\Products\BFF8D8C18B6F4A049808A92E0A4914A6] : Photo Common [HKCR\Installer\Products\C53A71EC007B2154EACB4185FB53A25E] : Photo Common [HKCR\Installer\Products\C70986326F8E05740A3252C4E3B2E5D8] : Classic Shell -> C:\Windows\Installer\{2368907C-E8F6-4750-A023-254C3E2B5E8D}\icon.ico [HKCR\Installer\Products\C73F313CBD172724DAEC7EFCE7C3D878] : Movie Maker [HKCR\Installer\Products\C946CF4D7420378439D09D6E09D4AC5F] : Intel(R) Management Engine Components [HKCR\Installer\Products\CDE38F2097B82884086A59BCDB96E599] : Photo Common [HKCR\Installer\Products\D139E7FE48CDB174D86B8A3385904547] : [HKCR\Installer\Products\D3ADA65B61E7C744AA6CE1E1EBED5C50] : ???? [HKCR\Installer\Products\D54CD7FDC3A8C0947AF0C8A61698DE9F] : Photo Gallery [HKCR\Installer\Products\D953B115958281146B2D8791633F9602] : S?????? f?t???af??? [HKCR\Installer\Products\DAF1A04C0BBDC8A42836A2B7474E25A0] : Movie Maker [HKCR\Installer\Products\DBAFE1BFE82914644AB98E8C115C20AF] : Photo Gallery [HKCR\Installer\Products\DE532CED4A8571542A874CE1D8EABAB3] : PowerDVD -> C:\Windows\Installer\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\ARPPRODUCTICON.exe [HKCR\Installer\Products\E2AC9B01DA59BFA48AE37242D1E35B3D] : Raccolta foto [HKCR\Installer\Products\E8B1173487EA38C448CEE3686D9813C1] : Galerie de photos [HKCR\Installer\Products\EBC928E8F2E92D44A9C234D7696730F8] : Movie Maker [HKCR\Installer\Products\F187AF9E08E3993428A5DAE3112CC877] : MSVCRT110_amd64 [HKCR\Installer\Products\F60730A4A66673047777F5728467D401] : Java Auto Updater [HKCR\Installer\Products\F8385C66458B55A4986E6A3178744AFD] : Epic Games Launcher Prerequisites (x64) -> C:\Windows\Installer\{66C5838F-B854-4A55-89E6-A6138747A4DF}\UnrealEngineLauncher.ico [HKCR\Installer\Products\FB10A09986043274A948EC9CE8D9CC44] : Movie Maker [HKCR\Installer\Products\FBE710E34D39A354394F5D0BCAA03696] : Photo Gallery [HKCR\Installer\Products\FCB64E6163D33534B9BC43F48721ECED] : Photo Gallery ---------- | ADS ---------- | Drives ---------- | MBR 64 bits not supported by MBR.exe, Dump : C:\QuickDiag\MBR.Bin ---------- | 20 LastEventLog Nom de l’application défaillante POWERPNT.EXE, version : 16.0.9226.2082, horodatage : 0x5ab8b1e4 Nom du module défaillant : mso20win32client.dll, version : 0.0.0.0, horodatage : 0x5aceaa0c Code d’exception : 0x01483052 Décalage d’erreur : 0x0015fb25 ID du processus défaillant : 0x276c Heure de début de l’application défaillante : 0x01d3da54d6703256 Chemin d’accès de l’application défaillante : C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE Chemin d’accès du module défaillant: C:\Program Files (x86)\Common Files\Microsoft Shared\Office16\mso20win32client.dll ID de rapport : 1811f272-4648-11e8-841c-6c71d9f91a9e Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Nom de l’application défaillante POWERPNT.EXE, version : 16.0.9226.2082, horodatage : 0x5ab8b1e4 Nom du module défaillant : mso20win32client.dll, version : 0.0.0.0, horodatage : 0x5aceaa0c Code d’exception : 0x01483052 Décalage d’erreur : 0x0015fb25 ID du processus défaillant : 0x2790 Heure de début de l’application défaillante : 0x01d3da54cb209caf Chemin d’accès de l’application défaillante : C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE Chemin d’accès du module défaillant: C:\Program Files (x86)\Common Files\Microsoft Shared\Office16\mso20win32client.dll ID de rapport : 116fa6d6-4648-11e8-841c-6c71d9f91a9e Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Impossible d’initialiser l’index. Détails : L’objet spécifié est introuvable. Spécifiez le nom d’un objet existant. (HRESULT : 0x80040d06) (0x80040d06) ------------ Impossible d’initialiser l’application. Contexte : Application Windows Détails : L’objet spécifié est introuvable. Spécifiez le nom d’un objet existant. (HRESULT : 0x80040d06) (0x80040d06) ------------ Impossible d’initialiser l’objet rassembleur. Contexte : Application Windows, Catalogue SystemIndex Détails : L’objet spécifié est introuvable. Spécifiez le nom d’un objet existant. (HRESULT : 0x80040d06) (0x80040d06) ------------ Impossible d’initialiser le plug-in dans . Contexte : Application Windows, Catalogue SystemIndex Détails : L’objet spécifié est introuvable. Spécifiez le nom d’un objet existant. (HRESULT : 0x80040d06) (0x80040d06) ------------ Impossible d’initialiser le gestionnaire plug-in . Contexte : Application Windows Détails : (HRESULT : 0x8e5e0210) (0x8e5e0210) ------------ Le service de recherche Windows a été arrêté à cause d’un problème avec l’indexeur : The catalog is corrupt. Détails : Le catalogue d’index des contenus est endommagé. 0xc0041801 (0xc0041801) ------------ Le service de recherche a détecté des fichiers de données endommagés dans l’index {id=4810 - enduser\mssearch2\search\ytrip\common\util\jetutil.cpp (167)}. Le service tentera de corriger automatiquement ce problème en recréant l’index. Détails : 0x8e5e0210 (0x8e5e0210) ------------ SearchIndexer (3768) Windows: L'Erreur -1811 (0xfffff8ed) s'est produite lors de l'ouverture du fichier journal C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb00107.log. ------------ There was an error with the Windows Location Provider database ------------ Échec de la procédure d’ouverture pour le service « WmiApRpl » dans la DLL « C:\Windows\system32\wbem\wmiaprpl.dll ». Les données de performance de ce service ne seront pas disponibles. Le premier mot (DWORD) de la section Données contient le code d’erreur. ------------ Impossible d’ouvrir l’objet de performance pour le service Serveur. Les quatre premiers octets (DWORD) de la section Data contiennent le code d’état. ------------ Échec de la procédure d’ouverture pour le service « MSDTC » dans la DLL « C:\Windows\system32\msdtcuiu.DLL ». Les données de performance de ce service ne seront pas disponibles. Le premier mot (DWORD) de la section Données contient le code d’erreur. ------------ Échec de la procédure d’ouverture pour le service « Lsa » dans la DLL « C:\Windows\System32\Secur32.dll ». Les données de performance de ce service ne seront pas disponibles. Le premier mot (DWORD) de la section Données contient le code d’erreur. ------------ Échec de la procédure d’ouverture pour le service « ESENT » dans la DLL « C:\Windows\system32\esentprf.dll ». Les données de performance de ce service ne seront pas disponibles. Le premier mot (DWORD) de la section Données contient le code d’erreur. ------------ Échec de la procédure d’ouverture pour le service « BITS » dans la DLL « C:\Windows\System32\bitsperf.dll ». Les données de performance de ce service ne seront pas disponibles. Le premier mot (DWORD) de la section Données contient le code d’erreur. ------------ Échec de la procédure d’ouverture pour le service « WmiApRpl » dans la DLL « C:\Windows\system32\wbem\wmiaprpl.dll ». Les données de performance de ce service ne seront pas disponibles. Le premier mot (DWORD) de la section Données contient le code d’erreur. ------------ Impossible d’ouvrir l’objet de performance pour le service Serveur. Les quatre premiers octets (DWORD) de la section Data contiennent le code d’état. ------------ ----------( EOF)---------- - 4070 | 18:19:41