--------------- QuickDiag | g3n-h@ckm@n | V4_20.06.18.1 --------------- ----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 21/06/2018 23:00:11 Updated 20/06/2018 | 08:30 (GMT) by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Time Zone : (UTC+01:00) West Central Africa [cap2north (Administrator)] - [CAP2NORTH-PC] (S-1-5-21-2606610235-3133232790-489272381-1001) System: Microsoft Windows 7 Professional - Service Pack 1 - (6.1.7601) - BuildType: Multiprocessor Free - OSLanguage: 1033 (1401) -> () System: AutoReboot: False - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True Boot : Microsoft Windows 7 Professional |C:\Windows|\Device\Harddisk0\Partition2 Boot : Normal boot PC: Z68MA-D2H-B3 - Gigabyte Technology Co., Ltd. - IdNumber: - UUID: 00000000-0000-0000-0000-50E549E20A5D Processor : X64 - 3392 Mhz - Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz Award Modular BIOS v6.00PG - n|US|iso8859-1 - Award Software International, Inc. - S/N: - F10 - GBT - 42302e31 CoreTemp : ? Celsius ----------| Quick ---------- | SoundDevice NVIDIA High Definition Audio - Status: OK - Manufacturer: NVIDIA - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10DE&DEV_0018&SUBSYS_10DE0101&REV_1001\5&2ED5D517&0&0001 USB Audio Device - Status: OK - Manufacturer: (Generic USB Audio) - PNPDeviceID: USB\VID_046D&PID_0A29&MI_00\8&30C09C38&0&0000 NVIDIA High Definition Audio - Status: OK - Manufacturer: NVIDIA - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10DE&DEV_0018&SUBSYS_10DE0101&REV_1001\5&2ED5D517&0&0101 NVIDIA High Definition Audio - Status: OK - Manufacturer: NVIDIA - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10DE&DEV_0018&SUBSYS_10DE0101&REV_1001\5&2ED5D517&0&0201 NVIDIA Virtual Audio Device (Wave Extensible) (WDM) - Status: OK - Manufacturer: NVIDIA - PNPDeviceID: ROOT\UNNAMED_DEVICE\0000 NVIDIA High Definition Audio - Status: OK - Manufacturer: NVIDIA - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10DE&DEV_0018&SUBSYS_10DE0101&REV_1001\5&2ED5D517&0&0301 Realtek High Definition Audio - Status: OK - Manufacturer: Realtek - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0889&SUBSYS_1458A002&REV_1000\4&3828EB94&0&0201 Intel(R) Display Audio - Status: OK - Manufacturer: Intel(R) Corporation - PNPDeviceID: HDAUDIO\FUNC_01&VEN_8086&DEV_2805&SUBSYS_80860101&REV_1000\4&3828EB94&0&0301 ---------- | Video Intel(R) HD Graphics 3000 - Resolution: 1920x1080 - Colors: 4294967296 - RefreshRate: 59 - 32 Bits Per Pixel - DeviceID: VideoController1 - Drivers: igdumd64.dll,igd10umd64.dll,igd10umd64.dll,igdumd32,igd10umd32,igd10umd32 - PNPDeviceID: PCI\VEN_8086&DEV_0122&SUBSYS_D0001458&REV_09\3&13C0B0C5&0&10 - AdapterCompatibility: Intel Corporation - RAM: -2084569088 NVIDIA GeForce GTX 570 - Resolution: x - Colors: - RefreshRate: - Bits Per Pixel - DeviceID: VideoController2 - Drivers: nvd3dumx.dll,nvwgf2umx.dll,nvwgf2umx.dll,nvd3dum,nvwgf2um,nvwgf2um - PNPDeviceID: PCI\VEN_10DE&DEV_1081&SUBSYS_040110B0&REV_A1\4&2D68EC9A&0&0008 - AdapterCompatibility: NVIDIA - RAM: 1342177280 Inegrated Video Chipset DeviceName: Intel(R) HD Graphics 3000 - DriverVersion: 9.17.10.4229 - SpecificationVersion: 1025 ---------- | Codecs c:\windows\system32\msrle32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 16384 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msvidc32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 38912 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\imaadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 22016 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msg711.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 14848 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msgsm32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 29184 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 24064 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 25600 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\iyuv_32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 54272 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\tsbyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 14848 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\l3codeca.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 81408 - Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK c:\windows\system32\rtvcvfw64.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 246272 - Manufacturer: - Status: OK ---------- | CPU CPU #1 value:0 % CPU #2 value:100 % CPU #3 value:0 % CPU #4 value:100 % CPU #5 value:0 % CPU #6 value:100 % CPU #7 value:0 % CPU #8 value:87 % Total Overall CPU Usage value:48 % ---------- | Network Realtek PCIe GBE Family Controller : SENT:0 bytes/sec / RECVD:0 bytes/sec Qualcomm Atheros AR9285 Wireless Network Adapter : SENT:399 bytes/sec / RECVD:399 bytes/sec Microsoft Virtual WiFi Miniport Adapter : SENT:0 bytes/sec / RECVD:0 bytes/sec Teredo Tunneling Pseudo-Interface : SENT:0 bytes/sec / RECVD:0 bytes/sec isatap.Home : SENT:0 bytes/sec / RECVD:0 bytes/sec Overall -> SEND Maxium:399 bytes/sec, / RECEIVE Maximum:399 bytes/sec WAN Miniport (SSTP) - - Microsoft - Status: - PnPID : ROOT\MS_SSTPMINIPORT\0000 WAN Miniport (IKEv2) - - Microsoft - Status: - PnPID : ROOT\MS_AGILEVPNMINIPORT\0000 WAN Miniport (L2TP) - - Microsoft - Status: - PnPID : ROOT\MS_L2TPMINIPORT\0000 WAN Miniport (PPTP) - - Microsoft - Status: - PnPID : ROOT\MS_PPTPMINIPORT\0000 WAN Miniport (PPPOE) - - Microsoft - Status: - PnPID : ROOT\MS_PPPOEMINIPORT\0000 WAN Miniport (IPv6) - - Microsoft - Status: - PnPID : ROOT\MS_NDISWANIPV6\0000 WAN Miniport (Network Monitor) - - Microsoft - Status: - PnPID : ROOT\MS_NDISWANBH\0000 Qualcomm Atheros AR9285 Wireless Network Adapter - Ethernet 802.3 - Qualcomm Atheros Communications Inc. - Status: - PnPID : PCI\VEN_168C&DEV_002B&SUBSYS_30A1168C&REV_01\4&1AA6ED88&0&0009 WAN Miniport (IP) - - Microsoft - Status: - PnPID : ROOT\MS_NDISWANIP\0000 Microsoft ISATAP Adapter #5 - Tunnel - Microsoft - Status: - PnPID : ROOT\*ISATAP\0000 RAS Async Adapter - Wide Area Network (WAN) - Microsoft - Status: - PnPID : SW\{EEAB7790-C514-11D1-B42B-00805FC1270E}\ASYNCMAC Microsoft Virtual WiFi Miniport Adapter - Ethernet 802.3 - Microsoft - Status: - PnPID : {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&17F5CD1E&0&01 Realtek PCIe GBE Family Controller - Ethernet 802.3 - Realtek - Status: - PnPID : PCI\VEN_10EC&DEV_8168&SUBSYS_E0001458&REV_06\4&B75C242&0&00E6 Teredo Tunneling Pseudo-Interface - Tunnel - Microsoft - Status: - PnPID : ROOT\*TEREDO\0000 ---------- | Memory RAM = Total (MB) : 8304 | Free (MB) : 6151 Pagefile = Total (MB) : 16606 | Free (MB) : 14436 Virtual = Total (MB) : 4194 | Free (MB) : 4006 Physical Memory 0 : Capacity: 4294967296 - A0 - Posit.: 0 - Manufacturer: - PartNumber: - S/N: Physical Memory 1 : Capacity: 4294967296 - A1 - Posit.: 0 - Manufacturer: - PartNumber: - S/N: ---------- | SID Users Administrator : [S-1-5-21-2606610235-3133232790-489272381-500] cap2north : [S-1-5-21-2606610235-3133232790-489272381-1001] Guest : [S-1-5-21-2606610235-3133232790-489272381-501] HomeGroupUser$ : [S-1-5-21-2606610235-3133232790-489272381-1002] Administrators : [S-1-5-32-544] Backup Operators : [S-1-5-32-551] Cryptographic Operators : [S-1-5-32-569] Distributed COM Users : [S-1-5-32-562] Event Log Readers : [S-1-5-32-573] Guests : [S-1-5-32-546] IIS_IUSRS : [S-1-5-32-568] Network Configuration Operators : [S-1-5-32-556] Performance Log Users : [S-1-5-32-559] Performance Monitor Users : [S-1-5-32-558] Power Users : [S-1-5-32-547] Remote Desktop Users : [S-1-5-32-555] Replicator : [S-1-5-32-552] Users : [S-1-5-32-545] HomeUsers : [S-1-5-21-2606610235-3133232790-489272381-1000] ---------- | SystemAccounts Name: Everyone - SID: S-1-1-0 - SIDType: 5 - Status: OK Name: LOCAL - SID: S-1-2-0 - SIDType: 5 - Status: OK Name: CREATOR OWNER - SID: S-1-3-0 - SIDType: 5 - Status: OK Name: CREATOR GROUP - SID: S-1-3-1 - SIDType: 5 - Status: OK Name: CREATOR OWNER SERVER - SID: S-1-3-2 - SIDType: 5 - Status: OK Name: CREATOR GROUP SERVER - SID: S-1-3-3 - SIDType: 5 - Status: OK Name: OWNER RIGHTS - SID: S-1-3-4 - SIDType: 5 - Status: OK Name: DIALUP - SID: S-1-5-1 - SIDType: 5 - Status: OK Name: NETWORK - SID: S-1-5-2 - SIDType: 5 - Status: OK Name: BATCH - SID: S-1-5-3 - SIDType: 5 - Status: OK Name: INTERACTIVE - SID: S-1-5-4 - SIDType: 5 - Status: OK Name: SERVICE - SID: S-1-5-6 - SIDType: 5 - Status: OK Name: ANONYMOUS LOGON - SID: S-1-5-7 - SIDType: 5 - Status: OK Name: PROXY - SID: S-1-5-8 - SIDType: 5 - Status: OK Name: SYSTEM - SID: S-1-5-18 - SIDType: 5 - Status: OK Name: ENTERPRISE DOMAIN CONTROLLERS - SID: S-1-5-9 - SIDType: 5 - Status: OK Name: SELF - SID: S-1-5-10 - SIDType: 5 - Status: OK Name: Authenticated Users - SID: S-1-5-11 - SIDType: 5 - Status: OK Name: RESTRICTED - SID: S-1-5-12 - SIDType: 5 - Status: OK Name: TERMINAL SERVER USER - SID: S-1-5-13 - SIDType: 5 - Status: OK Name: REMOTE INTERACTIVE LOGON - SID: S-1-5-14 - SIDType: 5 - Status: OK Name: IUSR - SID: S-1-5-17 - SIDType: 5 - Status: OK Name: LOCAL SERVICE - SID: S-1-5-19 - SIDType: 5 - Status: OK Name: NETWORK SERVICE - SID: S-1-5-20 - SIDType: 5 - Status: OK Name: BUILTIN - SID: S-1-5-32 - SIDType: 3 - Status: OK ---------- | Drives C:\ -> [Fixed] | [] | Total : 55.36 Go | Free : 5.11 Go -> NTFS (SSD) [SATA] D:\ -> [Fixed] | [FLIGHT SIM ZONE] | Total : 700.16 Go | Free : 641.08 Go -> NTFS [SATA] E:\ -> [Fixed] | [LOGNET] | Total : 697.11 Go | Free : 291.23 Go -> NTFS [SATA] H:\ -> [Fixed] | [Réservé au système] | Total : 0.1 Go | Free : 0.03 Go -> NTFS (SSD) [SATA] Disk Usage Information [2 total Physical Disks] Physical Drive #0 [H:, C:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Physical Drive #1 [D:, E:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Overall - Read Maximum:0 bytes/sec, Write Maximum:0 bytes/sec DeviceID: \\.\PHYSICALDRIVE0 - Status: OK - IDE - Fixed hard disk media - 3 Part. - PnPID : SCSI\DISK&VEN_OCZ-AGIL&PROD_ITY3\4&F58E17D&0&000000 DeviceID: \\.\PHYSICALDRIVE1 - Status: OK - IDE - Fixed hard disk media - 2 Part. - PnPID : SCSI\DISK&VEN_SAMSUNG&PROD_HD155UI\4&F58E17D&0&010000 ---------- | Windows updates - Activation - License Last detection : 2018-06-21 02:25:02 Downloaded last ones : 2018-06-14 19:17:29 Installed last ones : 2018-06-14 20:30:30 Next search : 2018-06-21 22:12:28 Test 1 : Windows Is Activated Volume License ---------- | Browsers IE : 11.0.9600.19036 (© Microsoft Corporation.) GC : 67.0.3396.87 (Copyright 2017 Google Inc.) Default : "E:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "" ---------- | FlashPlayer FlashPlayer ActiveX : 30.0.0.113 ---------- | Security AV : Microsoft Security Essentials Disabled AS : Windows Defender Disabled FW : WINDOWS Firewall WMI : OK WU: Windows Update Service [Auto(2)] = Running AS: Windows Defender [Manual(3)] = stopped WMI: Windows Management Instrumentation [Auto(2)] = Running ---------- | Running processes 400 | [Owner : SYSTEM | Parent : 4(System) | 1.54 Mo] - (.Microsoft Corporation - Windows Session Manager.) - (6.1.7601.24150) = C:\Windows\System32\smss.exe [14/06/2018 15:34:56] CPU Usage:0 % --> Command Line : 608 | [Owner : SYSTEM | Parent : 600() | 5.19 Mo] - (.Microsoft Corporation - Client Server Runtime Process.) - (6.1.7600.16385) = C:\Windows\System32\csrss.exe [14/07/2009 00:19:49] CPU Usage:0 % --> Command Line : 708 | [Owner : SYSTEM | Parent : 600() | 5.66 Mo] - (.Microsoft Corporation - Windows Start-Up Application.) - (6.1.7600.16385) = C:\Windows\System32\wininit.exe [14/07/2009 00:52:37] CPU Usage:0 % --> Command Line : 756 | [Owner : SYSTEM | Parent : 708(wininit.exe) | 11.37 Mo] - (.Microsoft Corporation - Services and Controller app.) - (6.1.7601.18829) = C:\Windows\System32\services.exe [02/03/2017 20:08:01] CPU Usage:0 % --> Command Line : 780 | [Owner : SYSTEM | Parent : 708(wininit.exe) | 17.61 Mo] - (.Microsoft Corporation - Local Security Authority Process.) - (6.1.7601.24150) = C:\Windows\System32\lsass.exe [14/06/2018 15:34:56] CPU Usage:0 % --> Command Line : 788 | [Owner : SYSTEM | Parent : 708(wininit.exe) | 5.42 Mo] - (.Microsoft Corporation - Local Session Manager Service.) - (6.1.7601.17514) = C:\Windows\System32\lsm.exe [21/11/2010 04:23:53] CPU Usage:0 % --> Command Line : 928 | [Owner : SYSTEM | Parent : 756(services.exe) | 11.95 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 00:31:13] CPU Usage:0 % --> Command Line : 992 | [Owner : SYSTEM | Parent : 756(services.exe) | 12.76 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.2.0.0) = E:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [30/03/2018 00:32:33] CPU Usage:0 % --> Command Line : 136 | [Owner : NETWORK SERVICE | Parent : 756(services.exe) | 9.84 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 00:31:13] CPU Usage:0 % --> Command Line : 636 | [Owner : SYSTEM | Parent : 756(services.exe) | 225.02 Mo] - (.Microsoft Corporation - Antimalware Service Executable.) - (4.10.209.0) = C:\Program Files\Microsoft Security Client\MsMpEng.exe [14/11/2016 21:14:42] CPU Usage:0 % --> Command Line : 1036 | [Owner : LOCAL SERVICE | Parent : 756(services.exe) | 24.57 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 00:31:13] CPU Usage:0 % --> Command Line : 1068 | [Owner : SYSTEM | Parent : 756(services.exe) | 25.2 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 00:31:13] CPU Usage:0 % --> Command Line : 1100 | [Owner : LOCAL SERVICE | Parent : 756(services.exe) | 22.77 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 00:31:13] CPU Usage:0 % --> Command Line : 1128 | [Owner : SYSTEM | Parent : 756(services.exe) | 46.51 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 00:31:13] CPU Usage:0 % --> Command Line : 1352 | [Owner : SYSTEM | Parent : 756(services.exe) | 7.08 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 00:31:13] CPU Usage:0 % --> Command Line : 1516 | [Owner : NETWORK SERVICE | Parent : 756(services.exe) | 19.32 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 00:31:13] CPU Usage:0 % --> Command Line : 1796 | [Owner : SYSTEM | Parent : 756(services.exe) | 12.93 Mo] - (.Microsoft Corporation - Spooler SubSystem App.) - (6.1.7601.24000) = C:\Windows\System32\spoolsv.exe [09/01/2018 20:30:22] CPU Usage:0 % --> Command Line : 1824 | [Owner : LOCAL SERVICE | Parent : 756(services.exe) | 19.01 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 00:31:13] CPU Usage:0 % --> Command Line : 1980 | [Owner : SYSTEM | Parent : 756(services.exe) | 4.35 Mo] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - (1.824.26.5200) = E:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [09/02/2018 18:02:50] CPU Usage:0 % --> Command Line : 2004 | [Owner : LOCAL SERVICE | Parent : 756(services.exe) | 5.52 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 00:31:13] CPU Usage:0 % --> Command Line : 2032 | [Owner : SYSTEM | Parent : 756(services.exe) | 13.71 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 00:31:13] CPU Usage:0 % --> Command Line : 1172 | [Owner : SYSTEM | Parent : 756(services.exe) | 32.15 Mo] - (.Intel - DSAService.) - (2.8.0.7) = E:\Program Files (x86)\Intel Driver Update Utility\DSAService.exe [18/05/2017 14:10:06] CPU Usage:0 % --> Command Line : 2092 | [Owner : LOCAL SERVICE | Parent : 756(services.exe) | 16.02 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 00:31:13] CPU Usage:0 % --> Command Line : 2244 | [Owner : SYSTEM | Parent : 756(services.exe) | 7.57 Mo] - (.Flexera Software LLC - Activation Licensing Service.) - (11.14.0.2) = E:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe [28/09/2017 13:41:21] CPU Usage:0 % --> Command Line : 2428 | [Owner : SYSTEM | Parent : 756(services.exe) | 27.52 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.11.2402.8583) = E:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [03/03/2017 10:57:56] CPU Usage:0 % --> Command Line : 2472 | [Owner : NETWORK SERVICE | Parent : 756(services.exe) | 13.81 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.11.2393.9975) = E:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [08/04/2017 18:10:02] CPU Usage:0 % --> Command Line : 2512 | [Owner : SYSTEM | Parent : 756(services.exe) | 7.38 Mo] - (.Microsoft Corporation - SQL Server VSS Writer - 64 Bit.) - (2011.110.2318.0) = E:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [20/04/2012 01:35:38] CPU Usage:0 % --> Command Line : 2532 | [Owner : LOCAL SERVICE | Parent : 756(services.exe) | 6.66 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 00:31:13] CPU Usage:0 % --> Command Line : 2580 | [Owner : SYSTEM | Parent : 756(services.exe) | 31.73 Mo] - (.- Intel(R) System Usage Report.) - (2.0.0.1901) = E:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [07/03/2017 19:04:22] CPU Usage:0 % --> Command Line : 2728 | [Owner : SYSTEM | Parent : 756(services.exe) | 6.18 Mo] - (.Reason Software Company Inc. - Unchecky Service.) - (1.2.0.0) = E:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [03/03/2017 09:15:14] CPU Usage:0 % --> Command Line : 2888 | [Owner : SYSTEM | Parent : 756(services.exe) | 23.25 Mo] - (.Microsoft Corporation - Microsoft Windows Search Indexer.) - (7.0.7601.23930) = C:\Windows\System32\SearchIndexer.exe [19/11/2017 08:27:46] CPU Usage:0 % --> Command Line : 4192 | [Owner : LOCAL SERVICE | Parent : 756(services.exe) | 11.44 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 00:31:13] CPU Usage:0 % --> Command Line : 4408 | [Owner : NETWORK SERVICE | Parent : 756(services.exe) | 12.76 Mo] - (.Microsoft Corporation - Windows Media Player Network Sharing Service.) - (12.0.7601.17514) = E:\Program Files\Windows Media Player\wmpnetwk.exe [21/11/2010 04:25:05] CPU Usage:0 % --> Command Line : 6000 | [Owner : SYSTEM | Parent : 3776() | 1.17 Mo] - (.Google Inc. - Google Crash Handler.) - (1.3.33.17) = E:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe [19/05/2018 19:15:31] CPU Usage:0 % --> Command Line : 6024 | [Owner : SYSTEM | Parent : 3776() | 0.98 Mo] - (.Google Inc. - Google Crash Handler.) - (1.3.33.17) = E:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe [19/05/2018 19:15:32] CPU Usage:0 % --> Command Line : 3820 | [Owner : SYSTEM | Parent : 756(services.exe) | 46.08 Mo] - (.Intel Corporation - IAStorDataSvc.) - (12.9.0.1001) = E:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [21/11/2013 08:31:44] CPU Usage:0 % --> Command Line : 4996 | [Owner : SYSTEM | Parent : 4040() | 18.2 Mo] - (.Microsoft Corporation - Client Server Runtime Process.) - (6.1.7600.16385) = C:\Windows\System32\csrss.exe [14/07/2009 00:19:49] CPU Usage:0 % --> Command Line : 5796 | [Owner : SYSTEM | Parent : 4040() | 9.06 Mo] - (.Microsoft Corporation - Windows Logon Application.) - (6.1.7601.24000) = C:\Windows\System32\winlogon.exe [09/01/2018 20:30:23] CPU Usage:0 % --> Command Line : 728 | [Owner : SYSTEM | Parent : 992(NVDisplay.Container.exe) | 38.98 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.2.0.0) = E:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [30/03/2018 00:32:33] CPU Usage:0 % --> Command Line : 3240 | [Owner : cap2north | Parent : 756(services.exe) | 29.34 Mo] - (.Microsoft Corporation - Host Process for Windows Tasks.) - (6.1.7601.18010) = C:\Windows\System32\taskhost.exe [02/03/2017 20:07:33] CPU Usage:0 % --> Command Line : 5572 | [Owner : cap2north | Parent : 2428(nvcontainer.exe) | 38.53 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.11.2402.8583) = E:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [03/03/2017 10:57:56] CPU Usage:0 % --> Command Line : 3060 | [Owner : cap2north | Parent : 2728(unchecky_svc.exe) | 7.48 Mo] - (.Reason Software Company Inc. - Unchecky Background Process.) - (1.2.0.0) = E:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe [03/03/2017 09:15:14] CPU Usage:0 % --> Command Line : 936 | [Owner : cap2north | Parent : 1068(svchost.exe) | 8.88 Mo] - (.Microsoft Corporation - Desktop Window Manager.) - (6.1.7600.16385) = C:\Windows\System32\dwm.exe [14/07/2009 00:37:38] CPU Usage:0 % --> Command Line : 5256 | [Owner : cap2north | Parent : 5012() | 70.99 Mo] - (.Microsoft Corporation - Windows Explorer.) - (6.1.7601.23537) = C:\Windows\explorer.exe [02/03/2017 20:24:49] CPU Usage:0 % --> Command Line : 4144 | [Owner : cap2north | Parent : 4788() | 8.28 Mo] - (.Node.js - NVIDIA Web Helper Service.) - (6.12.2.0) = E:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe [01/06/2018 18:57:37] CPU Usage:0 % --> Command Line : 1008 | [Owner : cap2north | Parent : 4996(csrss.exe) | 3.81 Mo] - (.Microsoft Corporation - Console Window Host.) - (6.1.7601.24150) = C:\Windows\System32\conhost.exe [14/06/2018 15:34:56] CPU Usage:0 % --> Command Line : 4280 | [Owner : cap2north | Parent : 5256(explorer.exe) | 5.18 Mo] - (.Pixart Imaging Inc - pximouse.) - (1.0.0.2) = C:\Windows\System32\TiltWheelMouse.exe [19/12/2012 08:42:10] CPU Usage:0 % --> Command Line : 5748 | [Owner : cap2north | Parent : 5256(explorer.exe) | 9.22 Mo] - (.Intel Corporation - persistence Module.) - (8.15.10.4229) = C:\Windows\System32\igfxpers.exe [01/06/2015 21:00:32] CPU Usage:0 % --> Command Line : 5492 | [Owner : cap2north | Parent : 5256(explorer.exe) | 7.44 Mo] - (.Saitek - Saitek SST Profile Launcher.) - (7.0.44.1) = E:\Program Files\SmartTechnology\Software\ProfilerU.exe [22/09/2015 10:32:20] CPU Usage:0 % --> Command Line : 2200 | [Owner : cap2north | Parent : 5256(explorer.exe) | 5.35 Mo] - (.Saitek - Saitek MFD File System Driver.) - (7.0.44.1) = E:\Program Files\SmartTechnology\Software\SaiMfd.exe [22/09/2015 10:32:28] CPU Usage:0 % --> Command Line : 4616 | [Owner : cap2north | Parent : 5256(explorer.exe) | 18.54 Mo] - (.Microsoft Corporation - Microsoft Security Client User Interface.) - (4.10.209.0) = E:\Program Files\Microsoft Security Client\msseces.exe [14/11/2016 20:57:26] CPU Usage:0 % --> Command Line : 1608 | [Owner : cap2north | Parent : 5256(explorer.exe) | 48.7 Mo] - (.Logitech - Flight Yoke System Profiler.) - (8.0.134.0) = E:\Program Files\Logitech\Flight Yoke System\Yoke_Profiler.exe [17/05/2017 07:41:46] CPU Usage:0 % --> Command Line : 4704 | [Owner : cap2north | Parent : 3280() | 5.3 Mo] - (.Oracle Corporation - Java Update Scheduler.) - (2.8.171.11) = E:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [28/03/2018 16:27:32] CPU Usage:0 % --> Command Line : 4700 | [Owner : cap2north | Parent : 1692() | 26.83 Mo] - (.Intel Corporation - IAStorIcon.) - (12.9.0.1001) = E:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [21/11/2013 08:31:44] CPU Usage:0 % --> Command Line : 4648 | [Owner : cap2north | Parent : 4884() | 14.9 Mo] - (.Google - Software Reporter Tool.) - (28.151.200.0) = C:\Users\cap2north\AppData\Local\Google\Chrome\User Data\SwReporter\28.151.200\software_reporter_tool.exe [23/04/2018 23:13:53] CPU Usage:0 % --> Command Line : 3488 | [Owner : cap2north | Parent : 4648(software_reporter_tool.exe) | 6.66 Mo] - (.Google - Software Reporter Tool.) - (28.151.200.0) = C:\Users\cap2north\AppData\Local\Google\Chrome\User Data\SwReporter\28.151.200\software_reporter_tool.exe [23/04/2018 23:13:53] CPU Usage:0 % --> Command Line : 3816 | [Owner : cap2north | Parent : 4648(software_reporter_tool.exe) | 8.3 Mo] - (.Google - Software Reporter Tool.) - (28.151.200.0) = C:\Users\cap2north\AppData\Local\Google\Chrome\User Data\SwReporter\28.151.200\software_reporter_tool.exe [23/04/2018 23:13:53] CPU Usage:0 % --> Command Line : 2088 | [Owner : cap2north | Parent : 2888(SearchIndexer.exe) | 9.57 Mo] - (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) - (7.0.7601.23930) = C:\Windows\System32\SearchProtocolHost.exe [19/11/2017 08:27:46] CPU Usage:0 % --> Command Line : 2996 | [Owner : LOCAL SERVICE | Parent : 1036(svchost.exe) | ?????] - (.Microsoft Corporation - Windows Audio Device Graph Isolation.) - (6.1.7601.23471) = C:\Windows\System32\audiodg.exe [02/03/2017 23:43:59] CPU Usage:0 % --> Command Line : 1456 | [Owner : cap2north | Parent : 5256(explorer.exe) | 37.19 Mo] - (.SosVirus - QuickDiag.) - (20.6.18.1) = C:\Users\cap2north\Desktop\QuickDiag.exe [21/06/2018 22:55:41] CPU Usage:0 % --> Command Line : 1292 | [Owner : SYSTEM | Parent : 2888(SearchIndexer.exe) | 8.16 Mo] - (.Microsoft Corporation - Microsoft Windows Search Filter Host.) - (7.0.7601.23930) = C:\Windows\System32\SearchFilterHost.exe [19/11/2017 08:27:46] CPU Usage:0 % --> Command Line : 4576 | [Owner : NETWORK SERVICE | Parent : 928(svchost.exe) | 10.48 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (6.1.7601.17514) = C:\Windows\System32\wbem\WmiPrvSE.exe [21/11/2010 04:24:15] CPU Usage:0 % --> Command Line : 2840 | [Owner : SYSTEM | Parent : 928(svchost.exe) | 7.61 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (6.1.7601.17514) = C:\Windows\System32\wbem\WmiPrvSE.exe [21/11/2010 04:24:15] CPU Usage:0 % --> Command Line : 4840 | [Owner : LOCAL SERVICE | Parent : 756(services.exe) | 15.58 Mo] - (.Microsoft Corporation - Host Process for Windows Tasks.) - (6.1.7601.18010) = C:\Windows\System32\taskhost.exe [02/03/2017 20:07:33] CPU Usage:0 % --> Command Line : 5536 | [Owner : SYSTEM | Parent : 756(services.exe) | 3.5 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 00:31:13] CPU Usage:0 % --> Command Line : 5044 | [Owner : NETWORK SERVICE | Parent : 928(svchost.exe) | 7.74 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (6.1.7601.17514) = C:\Windows\SysWOW64\wbem\WmiPrvSE.exe [21/11/2010 04:24:27] CPU Usage:0 % --> Command Line : 3252 | [Owner : NETWORK SERVICE | Parent : 756(services.exe) | 13.69 Mo] - (.Microsoft Corporation - Microsoft Software Protection Platform Service.) - (6.1.7601.17514) = C:\Windows\System32\sppsvc.exe [21/11/2010 04:23:56] CPU Usage:0 % --> Command Line : ---------- | Locked Applications ---------- | Explorer.exe Hook (Microsoft Files Whitelisted) (..-..) - (0.0.0.0) -- :\Program Files\Common Files\microsoft shared\ink\tiptsf.dll (..-..) - (0.0.0.0) -- :\Program Files\Internet Explorer\ieproxy.dll (.NVIDIA Corporation.-.NVIDIA Display Shell Extension.) - (1.2.0.1) -- C:\Windows\system32\nvshext.dll (.Intel Corporation.-.igfxres Module.) - (8.15.10.4229) -- C:\Windows\system32\igfxrARA.lrc (.NVIDIA Corporation.-.NVIDIA NVAPI Library, Version 391.35.) - (23.21.13.9135) -- C:\Windows\system32\nvapi64.dll (..-..) - (0.0.0.0) -- :\Program Files\Windows Sidebar\sbdrop.dll (..-..) - (0.0.0.0) -- :\Program Files\WinRAR\rarext.dll (..-..) - (0.0.0.0) -- :\Program Files (x86)\PowerISO\PWRISOSH.DLL (..-..) - (0.0.0.0) -- :\Program Files\Notepad++\NppShell_06.dll (.NVIDIA Corporation.-.NVIDIA Shell Extensions.) - (6.14.13.9135) -- C:\Windows\system32\nv3dappshext.dll ---------- | Svchost.exe Hook (Microsoft Files Whitelisted) ---------- | ZeroAccess Check [HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\shell32.dll [HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll [HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\shell32.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll ---------- | Startings up Sidebar - (%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [HKU\S-1-5-19\SOFTWARE\...\Run]) - User: NT AUTHORITY\LOCAL SERVICE Sidebar - (%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [HKU\S-1-5-20\SOFTWARE\...\Run]) - User: NT AUTHORITY\NETWORK SERVICE CCleaner Monitoring - ("E:\Program Files\CCleaner\CCleaner64.exe" /MONITOR [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\SOFTWARE\...\Run]) - User: cap2north-PC\cap2north NETGEARGenie - ("E:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe" -mini -redirect [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\SOFTWARE\...\Run]) - User: cap2north-PC\cap2north CCleaner - ("E:\Program Files\CCleaner\CCleaner64.exe" /AUTO [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\SOFTWARE\...\Run]) - User: cap2north-PC\cap2north MouseDriver - (TiltWheelMouse.exe [HKLM\SOFTWARE\...\Run]) - User: Public IgfxTray - ("C:\Windows\system32\igfxtray.exe" [HKLM\SOFTWARE\...\Run]) - User: Public HotKeysCmds - ("C:\Windows\system32\hkcmd.exe" [HKLM\SOFTWARE\...\Run]) - User: Public Persistence - ("C:\Windows\system32\igfxpers.exe" [HKLM\SOFTWARE\...\Run]) - User: Public IAStorIcon - ("E:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "E:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60 [HKLM\SOFTWARE\...\Run]) - User: Public RtHDVCpl - (E:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [HKLM\SOFTWARE\...\Run]) - User: Public ProfilerU - (E:\Program Files\SmartTechnology\Software\ProfilerU.exe [HKLM\SOFTWARE\...\Run]) - User: Public SaiMfd - (E:\Program Files\SmartTechnology\Software\SaiMfd.exe [HKLM\SOFTWARE\...\Run]) - User: Public MSC - ("E:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [HKLM\SOFTWARE\...\Run]) - User: Public Flight Yoke System - (E:\Program Files\Logitech\Flight Yoke System\Yoke_Profiler.exe [HKLM\SOFTWARE\...\Run]) - User: Public [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\Microsoft\Command Processor] "CompletionChar"=9 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=9 [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\Microsoft\Windows\CurrentVersion\Run] "CCleaner Monitoring"="E:\Program Files\CCleaner\CCleaner64.exe" /MONITOR "NETGEARGenie"="E:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe" -mini -redirect "CCleaner"="E:\Program Files\CCleaner\CCleaner64.exe" /AUTO [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "Device"=Envoyer à OneNote 2013,winspool,nul: "UserSelectedDefault"=1 [HKLM\Software\Microsoft\Command Processor] "CompletionChar"=64 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=64 [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "MouseDriver"=TiltWheelMouse.exe "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "IAStorIcon"="E:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "E:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60 "RtHDVCpl"=E:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s "ProfilerU"=E:\Program Files\SmartTechnology\Software\ProfilerU.exe [22/09/2015 10:32:20] "SaiMfd"=E:\Program Files\SmartTechnology\Software\SaiMfd.exe [22/09/2015 10:32:28] "MSC"="E:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey "Flight Yoke System"=E:\Program Files\Logitech\Flight Yoke System\Yoke_Profiler.exe [17/05/2017 07:41:46] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "IconServiceLib"=IconCodecService.dll "DdeSendTimeout"=0 "DesktopHeapLogging"=1 "GDIProcessHandleQuota"=10000 "ShutdownWarningDialogTimeout"=4294967295 "USERNestedWindowLimit"=50 "USERPostMessageLimit"=10000 "USERProcessHandleQuota"=10000 ""=mnmsrvc "DeviceNotSelectedTimeout"=15 "Spooler"=yes "TransmissionRetryTimeout"=90 "AppInit_DLLs"= "LoadAppInit_DLLs"=0 [HKLM\Software\WOW6432Node\Microsoft\Command Processor] "CompletionChar"=64 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=64 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] "PWRISOVM.EXE"=e:\Program Files (x86)\PowerISO\PWRISOVM.EXE [12/04/2010 09:40:16] "DSATray"=E:\Program Files (x86)\Intel Driver Update Utility\DsaTray.exe [18/05/2017 14:10:12] "APSDaemon"="E:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "QuickTime Task"="E:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime "SunJavaUpdateSched"="E:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows] "IconServiceLib"=IconCodecService.dll "DdeSendTimeout"=0 "DesktopHeapLogging"=1 "GDIProcessHandleQuota"=10000 "ShutdownWarningDialogTimeout"=4294967295 "USERNestedWindowLimit"=50 "USERPostMessageLimit"=10000 "USERProcessHandleQuota"=10000 ""=mnmsrvc "DeviceNotSelectedTimeout"=15 "Spooler"=yes "TransmissionRetryTimeout"=90 "AppInit_DLLs"= "LoadAppInit_DLLs"=0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED} ---------- | Win.ini : ---------- | System.ini : ---------- | Tasks List Adobe Acrobat Update Task Adobe Flash Player PPAPI Notifier Adobe Flash Player Updater CCleaner Update CCleanerSkipUAC GoogleUpdateTaskMachineCore GoogleUpdateTaskMachineUA NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} USER_ESRV_SVC_QUEENCREEK {BD5A7306-0C9F-4A46-B490-C523796E60E8} ---------- | Startings up registry � Folder [HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\avast5] : "E:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui ---------- | Control - lsa - SecurityProviders - Session Manager - Terminal Server [HKLM\System\CurrentControlSet\Control] "PreshutdownOrder"=wuauserv gpsvc trustedinstaller "WaitToKillServiceTimeout"=200 "CurrentUser"=USERNAME "BootDriverFlags"=0 "ServiceControlManagerExtension"=%systemroot%\system32\scext.dll "SystemStartOptions"= NOEXECUTE=OPTIN "SystemBootDevice"=multi(0)disk(0)rdisk(0)partition(2) "FirmwareBootDevice"=multi(0)disk(0)rdisk(0)partition(1) [HKLM\System\CurrentControlSet\Control\lsa] "auditbaseobjects"=0 "auditbasedirectories"=0 "crashonauditfail"=0 "fullprivilegeauditing"=0x00 "Bounds"=0x0030000000200000 "LimitBlankPasswordUse"=1 "NoLmHash"=1 "Notification Packages"=scecli "Security Packages"=kerberos msv1_0 schannel wdigest tspkg pku2u "Authentication Packages"=msv1_0 "LsaPid"=780 "SecureBoot"=1 "ProductType"=6 "disabledomaincreds"=0 "everyoneincludesanonymous"=0 "forceguest"=0 "restrictanonymous"=0 "restrictanonymoussam"=1 [HKLM\System\CurrentControlSet\Control\SecurityProviders] "SecurityProviders"=credssp.dll [HKLM\System\CurrentControlSet\Control\Session Manager] "CriticalSectionTimeout"=2592000 "GlobalFlag"=0 "HeapDeCommitFreeBlockThreshold"=0 "HeapDeCommitTotalFreeThreshold"=0 "HeapSegmentCommit"=0 "HeapSegmentReserve"=0 "ProcessorControl"=2 "ResourceTimeoutCount"=648000 "BootExecute"=autocheck autochk * "ExcludeFromKnownDlls"= "ObjectDirectories"=\Windows \RPC Control "ProtectionMode"=1 "NumberOfInitialSessions"=2 "SetupExecute"= "AutoChkTimeOut"=5 [HKLM\System\CurrentControlSet\Control\Terminal Server] "RCDependentServices"=CertPropSvc SessionEnv "NotificationTimeOut"=0 "SnapshotMonitors"=1 "ProductVersion"=5.1 "AllowRemoteRPC"=0 "DelayConMgrTimeout"=0 "fDenyTSConnections"=1 "StartRCM"=0 "TSAdvertise"=0 "DeleteTempDirsOnExit"=1 "fSingleSessionPerUser"=1 "PerSessionTempDir"=0 "TSUserEnabled"=0 "InstanceID"=29f6d443-97b8-45f7-9e68-41c12cf "fCredentialLessLogonSupportedTSS"=1 "fCredentialLessLogonSupported"=1 "fCredentialLessLogonSupportedKMRDP"=1 ---------- | .LNK with Arguments ---------- | AppCertDlls ---------- | Dnsapi.dll C:\Windows\System32\dnsapi.dll -> OK : \drivers\etc\hosts C:\Windows\SysWOW64\dnsapi.dll -> OK : \drivers\etc\hosts ---------- | Policies | Registry [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Control Panel\Desktop] "ScreenSaveActive"=1 "ActiveWndTrackTimeout"=0 "BlockSendInputResets"=0 "CaretWidth"=1 "ClickLockTime"=1200 "CoolSwitchColumns"=7 "CoolSwitchRows"=3 "CursorBlinkRate"=530 "DockMoving"=1 "DragFromMaximize"=1 "DragFullWindows"=1 "DragHeight"=4 "DragWidth"=4 "FocusBorderHeight"=1 "FocusBorderWidth"=1 "FontSmoothing"=2 "FontSmoothingGamma"=0 "FontSmoothingOrientation"=1 "FontSmoothingType"=2 "ForegroundFlashCount"=7 "ForegroundLockTimeout"=0 "LeftOverlapChars"=3 "MenuShowDelay"=0 "PaintDesktopVersion"=0 "RightOverlapChars"=3 "SnapSizing"=1 "TileWallpaper"=0 "WallpaperOriginX"=0 "WallpaperOriginY"=0 "WallpaperStyle"=10 "WheelScrollChars"=1 "WheelScrollLines"=3 "WindowArrangementActive"=1 "UserPreferencesMask"=0x9E3E058012000000 "Wallpaper"= "Pattern Upgrade"=TRUE "HungAppTimeout"=200 "WaitToKillAppTimeout"=200 "AutoEndTasks"=1 "LogPixels"=96 [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoSimpleNetIDList"=1 "NoDriveTypeAutoRun"=221 "NoLowDiskSpaceChecks"=1 [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=0 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=0 [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\Microsoft\Windows\CurrentVersion\Explorer] "ExplorerStartupTraceRecorded"=1 "ShellState"=0x240000003028000000000000000000000000000001000000120000000000000022000000 "CleanShutdown"=0 "link"=0x1E000000 "EnableAutoTray"=0 "Browse For Folder Width"=1118 "Browse For Folder Height"=647 "DesktopProcess"=1 [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_SearchFiles"=2 "ServerAdminUI"=0 "Hidden"=1 "ShowCompColor"=1 "HideFileExt"=1 "DontPrettyPath"=0 "ShowInfoTip"=1 "HideIcons"=0 "MapNetDrvBtn"=0 "WebView"=1 "Filter"=0 "SuperHidden"=0 "SeparateProcess"=0 "AutoCheckSelect"=0 "IconsOnly"=0 "ShowTypeOverlay"=1 "ListviewAlphaSelect"=0 "ListviewShadow"=1 "TaskbarAnimations"=0 "StartMenuInit"=4 "Start_ShowMyGames"=0 "TaskbarSizeMove"=0 "DisablePreviewDesktop"=0 "TaskbarSmallIcons"=1 "TaskbarGlomLevel"=2 "Start_PowerButtonAction"=2 ""=0 "Start_MinMFU"=10 "Start_JumpListItems"=10 "AlwaysShowMenus"=1 "ExtendedUIHoverTime"=0 "DesktopLivePreviewHoverTime"=0 "nonetcrawling"=1 "NavPaneShowAllFolders"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableVirtualization"=1 "PromptOnSecureDesktop"=0 "ValidateAdminCodeSignatures"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "FilterAdministratorToken"=0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "ForceActiveDesktopOn"=0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoAddingComponents"=1 "NoComponents"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "CheckedValue"=1 "ValueName"=Hidden "DefaultValue"=2 "HKeyRoot"=2147483649 "HelpID"=shell.hlp#51105 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer] "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "BrowserCFCreator"={57f8510b-a5e2-41da-a8f0-8a5ae85dfffd} "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "IconUnderline"=2 "GlobalAssocChangedCounter"=90 "Max Cached Icons"=2000 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "TaskbarSizeMove"=0 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableVirtualization"=1 "PromptOnSecureDesktop"=0 "ValidateAdminCodeSignatures"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "FilterAdministratorToken"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "ForceActiveDesktopOn"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoAddingComponents"=1 "NoComponents"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "CheckedValue"=1 "ValueName"=Hidden "DefaultValue"=2 "HKeyRoot"=2147483649 "HelpID"=shell.hlp#51105 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer] "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "BrowserCFCreator"={57f8510b-a5e2-41da-a8f0-8a5ae85dfffd} "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "IconUnderline"=2 "GlobalAssocChangedCounter"=143 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "TaskbarSizeMove"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s ---------- | Winlogon [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin "BuildNumber"=7601 "FirstLogon"=0 "ParseAutoexec"=1 [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "ReportBootOk"=1 "Shell"=explorer.exe "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "Userinit"=C:\Windows\system32\userinit.exe, "VMApplet"=SystemPropertiesPerformance.exe /pagefile "AutoRestartShell"=1 "Background"=0 0 0 "CachedLogonsCount"=10 "DebugServerCommand"=no "ForceUnlockLogon"=0 "LegalNoticeCaption"= "LegalNoticeText"= "PasswordExpiryWarning"=5 "PowerdownAfterShutdown"=0 "ShutdownWithoutLogon"=0 "WinStationsDisabled"=0 "DisableCAD"=1 "scremoveoption"=0 "ShutdownFlags"=39 "AutoAdminLogon"=0 "DefaultUserName"=cap2north [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon] "ReportBootOk"=1 "Shell"=explorer.exe "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "DefaultDomainName"= "DefaultUserName"= "Userinit"=userinit.exe, "VMApplet"=SystemPropertiesPerformance.exe /pagefile "allocatecdroms"=0 ---------- | Associations [HKLM\Software\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\Classes\.com] ""=comfile [HKLM\Software\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.reg] ""=regfile [HKLM\Software\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\Classes\.scr] ""=scrfile [HKLM\Software\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\Classes\.bat] ""=batfile [HKLM\Software\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.cmd] ""=cmdfile [HKLM\Software\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.pif] ""=piffile [HKLM\Software\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.inf] ""=inffile [HKLM\Software\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\Classes\.url] ""=InternetShortcut [HKLM\Software\Classes\.lnk] ""=lnkfile [HKLM\Software\Classes\.hta] "PerceivedType"=text ""=htafile "Content Type"=application/hta [HKLM\Software\Classes\htafile\Shell\Open\Command] ""=C:\Windows\SysWOW64\mshta.exe "%1" %* [HKLM\Software\Classes\InternetShortcut] "NeverShowExt"= "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "EditFlags"=2 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "FriendlyTypeName"=@C:\Windows\System32\ieframe.dll,-10046 "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment [HKLM\Software\Classes\Application.Manifest] ""=Application Manifest "EditFlags"=65536 "BrowserFlags"=4096 "FriendlyTypeName"=@dfshim.dll,-200 [HKLM\Software\Classes\Application.Reference] "NeverShowExt"= ""=Application Reference "IsShortcut"= "EditFlags"=131072 "FriendlyTypeName"=@dfshim.dll,-201 [HKLM\Software\Classes\Folder] "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeLayoutPatternForSearch"=alpha "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay ""=Folder "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.ItemTypeText [HKLM\Software\WOW6432Node\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\WOW6432Node\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\WOW6432Node\Classes\.com] ""=comfile [HKLM\Software\WOW6432Node\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.reg] ""=regfile [HKLM\Software\WOW6432Node\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\WOW6432Node\Classes\.scr] ""=scrfile [HKLM\Software\WOW6432Node\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\WOW6432Node\Classes\.bat] ""=batfile [HKLM\Software\WOW6432Node\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.cmd] ""=cmdfile [HKLM\Software\WOW6432Node\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.pif] ""=piffile [HKLM\Software\WOW6432Node\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.inf] ""=inffile [HKLM\Software\WOW6432Node\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\WOW6432Node\Classes\.url] ""=InternetShortcut [HKLM\Software\WOW6432Node\Classes\.lnk] ""=lnkfile [HKLM\Software\WOW6432Node\Classes\.hta] "PerceivedType"=text ""=htafile "Content Type"=application/hta [HKLM\Software\WOW6432Node\Classes\htafile\Shell\Open\Command] ""=C:\Windows\SysWOW64\mshta.exe "%1" %* [HKLM\Software\WOW6432Node\Classes\InternetShortcut] "NeverShowExt"= "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "EditFlags"=2 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "FriendlyTypeName"=@C:\Windows\System32\ieframe.dll,-10046 "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment [HKLM\Software\WOW6432Node\Classes\Application.Manifest] ""=Application Manifest "EditFlags"=65536 "BrowserFlags"=4096 "FriendlyTypeName"=@dfshim.dll,-200 [HKLM\Software\WOW6432Node\Classes\Application.Reference] "NeverShowExt"= ""=Application Reference "IsShortcut"= "EditFlags"=131072 "FriendlyTypeName"=@dfshim.dll,-201 [HKLM\Software\WOW6432Node\Classes\Folder] "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeLayoutPatternForSearch"=alpha "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay ""=Folder "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.ItemTypeText [HKLM\Software\Clients\StartMenuInternet\Google Chrome\Shell\open\Command] ""="E:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [HKLM\Software\Clients\StartMenuInternet\Google Chrome\InstallInfo] "ReinstallCommand"="E:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""=E:\Program Files\Internet Explorer\iexplore.exe [09/01/2018 20:30:21] [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\Shell\open\Command] ""="E:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\InstallInfo] "ReinstallCommand"="E:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""=E:\Program Files\Internet Explorer\iexplore.exe [09/01/2018 20:30:21] [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall ---------- | AppcompatFlags [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted] "SIGN.MEDIA=AE4615B2 setup.exe"=1 "SIGN.MEDIA=75EF9B1D setup.exe"=1 "E:\FSX ALL\fsx orbx 2010\ORBX FTX Global Vector v1.20\FTX Global Vector v1.20 Setup.exe"=1 "E:\FSX ALL\Active Sky Next WXR T7\Active Sky Next.exe"=1 "E:\FSX ALL\Active Sky 2012\Active Sky 2012\ActiveSky2012_Install.exe"=1 "E:\FSX ALL\PMDG 737NGX\PMDG 737NGX\PMDG 737 8900 NGX(1).exe"=1 "E:\FSX ALL\PMDG 737NGX\PMDG 737NGX\PMDG 737 8900 NGX RTM.exe"=1 "E:\FSX ALL\PMDG_737_6700_NGX_3219_SP1c\PMDG 737 6700 NGX SP1c Update.exe"=1 "E:\FSX ALL\777\PMDG_777_200LRF300ER Sp1c\PMDG 777-200LRF Base Package RTM.exe"=1 "E:\FSX ALL\777\PMDG_777_200LRF300ER Sp1c\PMDG 777-200LRF SP1c Update.exe"=1 "E:\FSX ALL\777\PMDG_777_200LRF300ER Sp1c\PMDG 777-300ER Expansion.exe"=1 "E:\FSX ALL\Flyingway.com - AS_MEGA-AIRPORT-OSLO-2.0_FSX-P3D\Flyingway.com - AS_MEGA-AIRPORT-OSLO-2.0_FSX-P3D\AS_MEGA-AIRPORT-OSLO-2.0_FSX-P3D_V100.exe"=1 "E:\FSX ALL\Flyingway.com - EliteSimdesign FSX Oran Intl Airport DAOO\EliteSimdesign FSX Oran Intl Airport DAOO\EliteSimdesign - Oran Intl Airport DAOO FSX.exe"=1 "E:\FSX ALL\AS_AIRPORT-TOULOUSE-X_FSX_PREPAR3D_V101\AS_AIRPORT-TOULOUSE-X_FSX_PREPAR3D_V101.exe"=1 "E:\FSX ALL\AS_APPROACHING-INNSBRUCK_FSX_V120\AS_APPROACHING-INNSBRUCK_FSX_V120.exe"=1 "E:\FSX ALL\FSX Aerosoft MegaAirport MadridX.v1.0.0 BY 4XTMR\_FSX_.Aerosoft.-.Mega.Airport.Madrid.X.v1.0.0._Retail_(1)\AS_MEGA-AIRPORT-MADRID-BARAJAS_FSX_V100.exe"=1 "E:\FSX ALL\Madeira\Madeira\Aerosoft Madeira.exe"=1 "E:\FSX ALL\AeSo_Mega_Barcelona_v1.03\AS_MEGA-AIRPORT-BARCELONA-FSX-P3DV2_FSXSTEAM_V103.exe"=1 "E:\FSX ALL\AS-Kilimanjaro-101-FSX-P3D\HTKJ - Kilimanjaro 1.01 (Aerosoft).exe"=1 "E:\FSX ALL\EireSim-Alicante FSX.exe"=1 "SIGN.MEDIA=1A74F0 fr_office_professional_plus_2013_x32 bite\setup.exe"=1 "SIGN.MEDIA=8EF79662 setup.exe"=1 "E:\FSX ALL\GEX Europe 2.0\GEX Europe 2.0\GEXEuropeSetup.exe"=1 "E:\FSX ALL\rex\Flyingway.com - REX4TextureDirect\setup.exe"=1 "E:\FSX ALL\HiFi Flightware - Active Sky X\setup.exe"=1 "SIGN.MEDIA=71426 SETUP.EXE"=1 "E:\FSX ALL\Flyingway.com - ORBX FTX GLOBAL100\Flyingway.com - ORBX FTX GLOBAL100\OrbxFTXGlobal100.exe"=1 "D:\Program Files (x86)\IVAO\IvAp v2\mtl.exe"=1 "E:\FSX ALL\all p3d\p3d new\ftx_vec_130_prdv3\OrbxFTXGlobalVector130.exe"=1 "E:\FSX ALL\TSSB737CFM56-7B27V2FSX.exe"=1 "E:\FSX ALL\[WDOOO.COM]AS-Schiphol-104-FSX-P3D\EHAM - Amsterdam Schiphol 1.04 (Aerosoft).exe"=1 "E:\FSX ALL\SteveFX - DX10 Scenery Fixer v2.8\SteveFX - DX10 Scenery Fixer v2.8\DX10SceneryFixer v2.8.exe"=1 "E:\FSX ALL\FSX 2017 BY SKYLAX\FLightFX_V1.0\FLightFX_V1.0_Setup.exe"=1 "D:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\fsx.exe"=512 "SIGN.MEDIA=413380C0 gamedata.exe"=1 "SIGN.MEDIA=7C6617 LaunchCGS.exe"=1 "SIGN.MEDIA=215082C alqaqa\DVD & CD & ISO\VSO ConvertXtoDVD 5.3.0.1 Final\vsoConvertXtoDVD5_setup.exe"=1 "SIGN.MEDIA=A695987 alqaqa\DVD & CD & ISO\Nero.Burning.ROM.2015.v16.0.02700\Nero_BurningROM2015-16.0.02700.exe"=1 "SIGN.MEDIA=21C8A0 Adobe CS6\Set-up.exe"=1 "E:\torrent files nex 0808\terminé\QualityWings 787 Cracked\QualityWings_787_v1.0_FSX.exe"=1 "SIGN.MEDIA=937F2DA2 setup.exe"=1 "D:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\QualityWings\QW787\Dispatcher\QW787Dispatcher.exe"=1 "E:\FSX ALL\FSCREW PMDG 777_\FS2Crew PMDG 777.exe"=1 "E:\FSX ALL\FSUIPC4.939\Install FSUIPC4.exe"=1 "D:\FS2Crew - PMDG 737NGX Special Bundle Pack v.2.3.exe"=1 "E:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe"=33 "E:\Program Files (x86)\Realtek\NICDRV_8169\RTINSTALLER64.EXE"=1 "E:\Program Files (x86)\Intel Driver Update Utility\DSADesktopUI.exe"=1 "SIGN.MEDIA=3AFC7EC InstallTomTomHOME.exe"=1 "E:\torrent files nex 0808\terminé\737ImmersionSetup.exe"=1 "E:\torrent files nex 0808\terminé\FS2Crew RAAS Pro.exe"=1 "E:\torrent files nex 0808\terminé\HiFi Flightware - Active Sky X\setup.exe"=1 "E:\torrent files nex 0808\terminé\FS2Crew_NGX_Rebootv3.0\FS2Crew NGX Reboot.exe"=1 "E:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe"=8 [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted] "E:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe"=8 ---------- | IFEO ---------- | Mountpoints2 [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{100a89b0-99f0-11e7-ac9c-50e549e20a5d}] : I:\AutoRun.exe (AutoRun) [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{5dd77095-0124-11e7-a0c5-806e6f6e6963}] : I:\HiSuiteDownLoader.exe (AutoRun) [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{a4d033e5-fee4-11e7-8e92-50e549e20a5d}] : I:\HiSuiteDownLoader.exe (AutoRun) [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{c905c389-6ecb-11e7-9934-50e549e20a5d}] : I:\HiSuiteDownLoader.exe (AutoRun) [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{f6613fe2-52fd-11e8-b6d1-50e549e20a5d}] : I:\HiSuiteDownLoader.exe (AutoRun) ---------- | Windows [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "SwapMouseButtons"=#USR:Control Panel\Mouse "Beep"=#USR:Control Panel\Sound "DoubleClickSpeed"=#USR:Control Panel\Mouse "CoolSwitch"=USR:Control Panel\Desktop "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse ""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows "Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "SwapMouseButtons"=#USR:Control Panel\Mouse "Beep"=#USR:Control Panel\Sound "DoubleClickSpeed"=#USR:Control Panel\Mouse "CoolSwitch"=USR:Control Panel\Desktop "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems] "windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,1024 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ---------- | Security center [HKLM\SOFTWARE\Microsoft\Security Center] "cval"=1 [HKLM\SOFTWARE\Microsoft\Security Center\svc] "VistaSp1"=128920218544262440 "AntiVirusOverride"=0 "AntiSpywareOverride"=0 "FirewallOverride"=0 [HKLM\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=1 "DisableRoutinelyTakingAction"=0 "ProductStatus"=0 "InstallTime"=0xDC72BE898693D201 [HKLM\Software\WOW6432Node\Microsoft\Windows Defender] "DisableAntiSpyware"=0 "DisableRoutinelyTakingAction"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall"=1 ---------- | Safeboot [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MsMpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] ---------- | Winsock (Whitelist) ---------- | Hosts 127.0.0.1 secure.prepar3d.com 127.0.0.1 fs2.fs2crew.com # unchecky_begin # These rules were added by the Unchecky program in order to block advertising software modules 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com 0.0.0.0 media.opencandy.com 0.0.0.0 cdn.opencandy.com [66] More lines ---------- | Ping Pinging google.com [216.58.205.142] with 32 bytes of data: Reply from 216.58.205.142: bytes=32 time=73ms TTL=54 Reply from 216.58.205.142: bytes=32 time=66ms TTL=54 Reply from 216.58.205.142: bytes=32 time=67ms TTL=54 Reply from 216.58.205.142: bytes=32 time=65ms TTL=54 Ping statistics for 216.58.205.142: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 65ms, Maximum = 73ms, Average = 67ms ---------- | @ [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\Microsoft\Internet Explorer\Main] "Disable Script Debugger"=yes "Anchor Underline"=yes "Cache_Update_Frequency"=Once_Per_Session "Display Inline Images"=yes "Do404Search"=0x01000000 "Local Page"=C:\Windows\system32\blank.htm "Save_Session_History_On_Exit"=no "Show_FullURL"=no "Show_StatusBar"=yes "Show_ToolBar"=yes "Show_URLinStatusBar"=yes "Show_URLToolBar"=yes "Use_DlgBox_Colors"=yes "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "XMLHTTP"=1 "NoUpdateCheck"=1 "UseClearType"=no "Enable Browser Extensions"=yes "Play_Background_Sounds"=yes "Play_Animations"=yes "Start Page"=https://www.google.dz/?gws_rd=cr,ssl&ei=1aa4WKa7IYGg6AS3qKWQBg "Default_Page_URL"=http://www.dell.com "DisableFirstRunCustomize"=1 "CompatibilityFlags"=0 "FullScreen"=no "Window_Placement"=0x2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEF010000000000001C06000054030000 "NotifyDownloadComplete"=no "AlwaysShowMenus"=1 "Expand Alt Text"=no "Move System Caret"=no "NscSingleExpand"=0 "DisableScriptDebuggerIE"=yes "Error Dlg Displayed On Every Error"=no "Page_Transitions"=1 "UseThemes"=1 "EnableSearchPane"=0 "Force Offscreen Composition"=0 "AllowWindowReuse"=1 "Friendly http errors"=yes "SmoothScroll"=1 "Enable AutoImageResize"=yes "Show image placeholders"=0 "Print_Background"=no "AutoSearch"=4 "DOMStorage"=1 "IE11UpgradePageShownTime"=0x3036F6F8AC93D201 "OperationalData"=5 "ImageStoreRandomFolder"=qkznku6 "DownloadWindowPlacement"=0x2C0000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE10000009B010000330700009F030000 "Start Page_TIMESTAMP"=0x3D599C9044E6D301 "SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy"= "Use FormSuggest"=yes "DefSpellLang"=ar-DZ "StatusBarOther"=1 "AutoHide"=yes "SuppressScriptDebuggerDialog"=0 "HistoryViewType"=0x0000 "HistoryTopNSitesView"=20 "SearchBandMigrationVersion"=1 "SearchBandRestoreBarCount"=0 [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\Microsoft\Windows\CurrentVersion\Internet settings] "IE5_UA_Backup_Flag"=5.0 "User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32) "EmailName"=User@ "PrivDiscUiShown"=1 "EnableHttp1_1"=1 "WarnOnIntranet"=1 "MimeExclusionListForCache"=multipart/mixed multipart/x-mixed-replace multipart/x-byteranges "AutoConfigProxy"=wininet.dll "UseSchannelDirectly"=0x01000000 "WarnOnPost"=0x01000000 "UrlEncoding"=0 "SecureProtocols"=2688 "PrivacyAdvanced"=0 "ZonesSecurityUpgrade"=0x4471603EF493D201 "DisableCachingOfSSLPages"=0 "WarnonZoneCrossing"=0 "CertificateRevocation"=1 "EnableNegotiate"=1 "ProxyEnable"=0 "MigrateProxy"=1 "ProxyHttp1.1"=1 "ShowPunycode"=0 "EnablePunycode"=1 "DisableIDNPrompt"=0 "WarnonBadCertRecving"=1 "WarnOnPostRedirect"=1 "SyncMode5"=4 "MaxConnectionsPer1_0Server"=10 "MaxConnectionsPerServer"=10 [HKLM\Software\Microsoft\Internet Explorer\Main] "AutoHide"=yes "Security Risk Page"=about:SecurityRisk "Extensions Off Page"=about:NoAdd-ons "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Anchor_Visitation_Horizon"=0x01000000 "Cache_Percent_of_Disk"=0x0A000000 "Placeholder_Width"=0x1A000000 "Placeholder_Height"=0x1A000000 "Default_Secondary_Page_URL"= "Use_Async_DNS"=yes "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Local Page"=C:\Windows\System32\blank.htm "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "x86AppPath"=E:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [HKLM\Software\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "InPrivate"=res://ieframe.dll/inprivate_win7.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "Home"=270 "PostNotCached"=res://ieframe.dll/repost.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm "Compat"=res://mshtml.dll/compat.htm [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes] "mosaic"=http:// "www"=http:// "home"=http:// "ftp"=ftp:// [HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings] "EnablePunycode"=1 "CodeBaseSearchPath"=CODEBASE "WarnOnIntranet"=1 "MinorVersion"=0 "ActiveXCache"=C:\Windows\Downloaded Program Files [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Main] "AutoHide"=yes "Security Risk Page"=about:SecurityRisk "Extensions Off Page"=about:NoAdd-ons "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Anchor_Visitation_Horizon"=0x01000000 "Cache_Percent_of_Disk"=0x0A000000 "Placeholder_Width"=0x1A000000 "Placeholder_Height"=0x1A000000 "Default_Secondary_Page_URL"= "Use_Async_DNS"=yes "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Local Page"=C:\Windows\SysWOW64\blank.htm "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "Check_Associations"=yes "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "x86AppPath"=E:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "InPrivate"=res://ieframe.dll/inprivate_win7.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "Home"=270 "PostNotCached"=res://ieframe.dll/repost.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm "Compat"=res://mshtml.dll/compat.htm [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes] "mosaic"=http:// "www"=http:// "home"=http:// "ftp"=ftp:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet settings] "EnablePunycode"=1 "CodeBaseSearchPath"=CODEBASE "WarnOnIntranet"=1 "MinorVersion"=0 "ActiveXCache"=C:\Windows\Downloaded Program Files ---------- | Proxy ---------- | reparsepoint ---------- | Detection of offsets ---------- | Notify [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] : igfxdev.dll ---------- | Execution FileExts ---------- | SIOI | SEH | URLSH [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw] - {472083B0-C522-11CF-8763-00608CC02F24} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} -- %SystemRoot%\system32\EhStorShell.dll [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Offline Files] - {4E77131D-3629-431c-9818-C5679DC83E81} -- %SystemRoot%\System32\cscui.dll [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SharingPrivate] - {08244EE6-92F0-47f2-9FC9-929BAA2E7235} -- %SystemRoot%\system32\ntshrui.dll [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} -- %SystemRoot%\system32\EhStorShell.dll [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SharingPrivate] - {08244EE6-92F0-47f2-9FC9-929BAA2E7235} -- %SystemRoot%\system32\ntshrui.dll [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks] "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"= ---------- | Toolbar [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "Locked"=0 "ShowDiscussionButton"=Yes [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser] "ITBar7Layout64"=0x13000000000000000000000030000000100000001500000001000000000700005E010000060000000801000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000B1C218236549D4119B18009027A5CD4F0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 "ITBar7Height64"=21 "ITBar7Height"=25 "ITBar7Layout"=0x13000000000000000000000020000000100000001300000001000000800600005E010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=0xB1C218236549D4119B18009027A5CD4F [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} "DownloadRetries"=0 "KnownProvidersUpgradeTime"=0x8E59805EF493D201 "Version"=4 "UpgradeTime"=0x1C35865E2694D201 "DefaultPackCorrection"=1 "DefaultPackNTCorrection"=1 [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={6A1806CD-94D4-4689-BA73-E35EA1EA9990} [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={6A1806CD-94D4-4689-BA73-E35EA1EA9990} ---------- | Extensions [HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}] : (Se&nd to OneNote) - [] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}] : (OneNote Lin&ked Notes) - [] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}] : (Se&nd to OneNote) - [] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}] : (OneNote Lin&ked Notes) - [] ---------- | SearchScopes [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (Bing) - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 : [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}] - (Google) - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}] - (Google) - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}] - (Google) - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 : ---------- | Browser Helper Objects [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] -> (Office Document Cache Handler) : E:\PROGRA~3\MICROS~1\Office14\URLREDIR.DLL [06/03/2013 07:37:48] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] -> (Java(tm) Plug-In SSV Helper) : E:\Program Files (x86)\Java\jre1.8.0_171\bin\ssv.dll [19/04/2018 22:21:26] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] -> (Office Document Cache Handler) : E:\PROGRA~3\MICROS~1\Office14\URLREDIR.DLL [06/03/2013 07:37:48] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] -> (Java(tm) Plug-In 2 SSV Helper) : E:\Program Files (x86)\Java\jre1.8.0_171\bin\jp2ssv.dll [19/04/2018 22:21:26] ---------- | Chrome C:\Users\cap2north\AppData\Local\Google\Chrome\User Data\Default\extensions\aapocclcgogkmnckokdopfmhonfmgoek = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\cap2north\AppData\Local\Google\Chrome\User Data\Default\extensions\aohghmighlieiainnegkcijnfilokake = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\cap2north\AppData\Local\Google\Chrome\User Data\Default\extensions\apdfllckaahabafndbhieahigkjlhalf = : Google & co - https://drive.google.com/?usp=chrome_app - Google & co - [http://docs.google.com/http://drive.google.com/https://docs.google.com/https://drive.google.com/] - https://clients2.google.com/service/update2/crx C:\Users\cap2north\AppData\Local\Google\Chrome\User Data\Default\extensions\bkbeeeffjjeopflfhgeknacdieedcoml = : Protect yourself against online threats like phishing and malicious websites with real-time protection from Microsoft. - short_name: Windows Defender Browser Protection - https://clients2.google.com/service/update2/crx C:\Users\cap2north\AppData\Local\Google\Chrome\User Data\Default\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo = : Google & co - http://www.youtube.com - http://www.youtube.com - Google & co - http://clients2.google.com/service/update2/crx C:\Users\cap2north\AppData\Local\Google\Chrome\User Data\Default\extensions\efaidnbmnnnibpcajpcglclefindmkaj = : __MSG_web2pdfExtnDescription__ - __MSG_web2pdfExtnName__ - https://clients2.google.com/service/update2/crx C:\Users\cap2north\AppData\Local\Google\Chrome\User Data\Default\extensions\felcaaldnbdncclmgdcncolpebgiejap = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\cap2north\AppData\Local\Google\Chrome\User Data\Default\extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi = : __MSG_extDesc__ - __MSG_extName__ - https://clients2.google.com/service/update2/crx C:\Users\cap2north\AppData\Local\Google\Chrome\User Data\Default\extensions\nmmhkkegccagdldgiimedpiccmgmieda = : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx C:\Users\cap2north\AppData\Local\Google\Chrome\User Data\Default\extensions\pficdecjkdlnacnnbkociacmdbpmhdoc = : 350000+ hotels worldwide. Save up to 75% on hotels in over 41000 destinations worldwide! - http://www.booking.com/index.html?aid=342609 - Booking.com - [http://www.booking.com/index.html?aid=342609] - http://clients2.google.com/service/update2/crx C:\Users\cap2north\AppData\Local\Google\Chrome\User Data\Default\extensions\pjkljhegncpnkpknbcohdijeoejaedia = : Google & co - https://mail.google.com/mail/ca - Google & co - [*://mail.google.com/mail/ca] - http://clients2.google.com/service/update2/crx C:\Users\cap2north\AppData\Local\Google\Chrome\User Data\Default\extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm = : Provider for discovery and services for mirroring of Chrome Media Router - Chrome Media Router - 919648714761-55j965o0km033psv3i9qls5mo3qtdrb0.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx [HKLM\Software\Google\Chrome\Extensions\ngpampappnmepgilojfohadhhmbhlaek] [HKLM\Software\WOW6432Node\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj] ---------- | Opera ---------- | Firefox [HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE] - () : disabled [HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] - (Ag Player Plugin) : E:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0] - (Office Authorization plug-in for NPAPI browsers) : e:\progra~2\MICROS~3\Office14\NPAUTHZ.DLL [HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect] - () : E:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.171.2] - (Java™ Deployment Toolkit) : E:\Program Files (x86)\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.171.2] - (Oracle® Next Generation Java™ Plug-In) : E:\Program Files (x86)\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/GENUINE] - () : disabled [HKLM\Software\WOW6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] - (Ag Player Plugin) : E:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0] - (Office Authorization plug-in for NPAPI browsers) : E:\PROGRA~3\MICROS~1\Office14\NPAUTHZ.DLL [HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0] - (Microsoft SharePoint Plug-in for Firefox) : E:\PROGRA~3\MICROS~1\Office14\NPSPWRAP.DLL [HKLM\Software\WOW6432Node\MozillaPlugins\@nvidia.com/3DVision] - (NVIDIA stereo images plugin for Mozilla browsers) : E:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming] - (NVIDIA 3D Vision Streaming plugin for Mozilla browsers) : E:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3] - (Google Update) : E:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9] - (Google Update) : E:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.6] - (VLC Multimedia Plugin) : e:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [HKLM\Software\WOW6432Node\MozillaPlugins\Adobe Reader] - (Handles PDFs in-place in Firefox) : E:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll ---------- | DNS [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters] "DhcpNameServer"=192.168.1.1 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{ECF28BE1-6FA2-4DF2-BACA-F771DD252843}] "DhcpNameServer"=192.168.1.1 [HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{ECF28BE1-6FA2-4DF2-BACA-F771DD252843}] "DhcpNameServer"=192.168.1.1 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{ECF28BE1-6FA2-4DF2-BACA-F771DD252843}] "DhcpNameServer"=192.168.1.1 ---------- | Applications [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\SOFTWARE\Classes\Applications\IPE.EXE] : "E:\FSX LOG UTIL\IPP4.FRE\IPP4.FRE\PROGRAMS\IPE.EXE" "%1" [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\SOFTWARE\Classes\Applications\uTorrent.exe] : "C:\Users\cap2north\AppData\Roaming\uTorrent\uTorrent.exe" "%1" /SHELLASSOC [HKLM\SOFTWARE\Classes\Applications\ehshell.exe] : "C:\Windows\eHome\ehshell.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\iexplore.exe" %1 [HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\Classes\Applications\ois.exe] : E:\PROGRA~3\MICROS~1\Office14\OIS.EXE /shellOpen "%1" [HKLM\SOFTWARE\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1 [HKLM\SOFTWARE\Classes\Applications\vlc.exe] : "e:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file "%1" [HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\ehshell.exe] : "C:\Windows\eHome\ehshell.exe" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\iexplore.exe" %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\ois.exe] : E:\PROGRA~3\MICROS~1\Office14\OIS.EXE /shellOpen "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\vlc.exe] : "e:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" ---------- | SvcHost (Whitelist) [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost] "regsvc"=RemoteRegistry "DcomLaunch"=Power PlugPlay DcomLaunch "secsvcs"=WinDefend "bthsvcs"=bthserv "PeerDist"=PeerDistSvc "GPSvcGroup"=GPSvc [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost] "DcomLaunch"=Power PlugPlay DcomLaunch ---------- | SvcHost - Netsvcs (Whitelist) ---------- | Software [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\ActaLogic] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\Adobe] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\ALWIL Software] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\AppDataLow] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\Apple Computer, Inc.] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\Apple Inc.] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\Bitstream] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\BitTorrent] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\CAM Development] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\Canneverbe Limited] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\Chromium] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\Clients] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\Corel] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\Cygnus Solutions] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\Digital River] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\DownloadManager] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\FlightSimLabs] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\FSDreamTeam] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\FSXWX] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\Funduc Software Inc.] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\g3n-h@ckm@n] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\Gabest] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\Gabriel Topala] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\GNU] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\Google] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\Haali] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\HashTab] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\HiFi] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\Icaros] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\IM] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\IM Providers] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\Intel] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\JavaSoft] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\Leawo Software] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\Licenses] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\LightScribe] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\Lockheed Martin] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\LockheedMartin] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\Logitech] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\Macromedia] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\Malwarebytes] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\Microsoft] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\Mozilla] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\MPC-HC] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\MSI] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\Nero] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\NETGEAR] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\Netscape] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\NirSoft] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\NVIDIA Corporation] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\OAAmedia] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\OATmedia] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\ODBC] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\Oxford Aviation Training] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\paint.net] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\Piriform] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\Pixart] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\Policies] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\PowerISO] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\QtProject] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\Realtek] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\REX Game Studios] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\Saitek] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\ShowKey] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\Skype] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\SmartTechnology] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\SoftVTU] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\Sony Creative Software] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\sysinternals] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\TomTom] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\Toon Boom Animation Inc.] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\Toshiba Corporation] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\Trolltech] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\Unchecky] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\Unwinder] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\VS Revo Group] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\VSO] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\WinRAR] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\WinRAR SFX] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\Wow6432Node] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\SOFTWARE\AppDataLow\Software\Adobe] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\SOFTWARE\AppDataLow\Software\Microsoft] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\Microsoft\Windows\CurrentVersion] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\Microsoft\Windows\DWM] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\Microsoft\Windows\Shell] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\Microsoft\Windows\TabletPC] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\Microsoft\Windows\Windows Error Reporting] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\Adobe] [HKLM\Software\AGEIA Technologies] [HKLM\Software\Apple Inc.] [HKLM\Software\ATI Technologies] [HKLM\Software\Bitstream] [HKLM\Software\CBSTEST] [HKLM\Software\Clients] [HKLM\Software\Creative Tech] [HKLM\Software\Florenc] [HKLM\Software\Fortemedia] [HKLM\Software\g3n-h@ckm@n] [HKLM\Software\Google] [HKLM\Software\Huawei technologies] [HKLM\Software\Intel] [HKLM\Software\Khronos] [HKLM\Software\Logitech] [HKLM\Software\Macromedia] [HKLM\Software\Macrovision] [HKLM\Software\Microsoft] [HKLM\Software\Mozilla] [HKLM\Software\MozillaPlugins] [HKLM\Software\Notepad++] [HKLM\Software\Nuance] [HKLM\Software\NVIDIA Corporation] [HKLM\Software\ODBC] [HKLM\Software\paint.net] [HKLM\Software\Piriform] [HKLM\Software\Policies] [HKLM\Software\Realtek] [HKLM\Software\RegisteredApplications] [HKLM\Software\RTLSetup] [HKLM\Software\Saitek] [HKLM\Software\Sonic] [HKLM\Software\Sony Creative Software] [HKLM\Software\SRS Labs] [HKLM\Software\sysinternals] [HKLM\Software\Waves Audio] [HKLM\Software\WinRAR] [HKLM\Software\Wow6432Node] [HKLM\Software\Microsoft\Windows\CurrentVersion] [HKLM\Software\Microsoft\Windows\HTML Help] [HKLM\Software\Microsoft\Windows\ITStorage] [HKLM\Software\Microsoft\Windows\ScheduledDiagnostics] [HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\Microsoft\Windows\Tablet PC] [HKLM\Software\Microsoft\Windows\TabletPC] [HKLM\Software\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\Microsoft\Windows\Windows Search] [HKLM\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\AxInstSVGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\GPSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wcssvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport] [HKLM\Software\WOW6432Node\Adobe] [HKLM\Software\WOW6432Node\aerosoft] [HKLM\Software\WOW6432Node\AGEIA Technologies] [HKLM\Software\WOW6432Node\Aimersoft] [HKLM\Software\WOW6432Node\ALWIL Software] [HKLM\Software\WOW6432Node\Apple Computer, Inc.] [HKLM\Software\WOW6432Node\Apple Inc.] [HKLM\Software\WOW6432Node\Canneverbe Limited] [HKLM\Software\WOW6432Node\Caphyon] [HKLM\Software\WOW6432Node\CDDB] [HKLM\Software\WOW6432Node\Cygnus Solutions] [HKLM\Software\WOW6432Node\Data Fellows] [HKLM\Software\WOW6432Node\Digital River] [HKLM\Software\WOW6432Node\Flight One Software] [HKLM\Software\WOW6432Node\Flight1] [HKLM\Software\WOW6432Node\Florenc] [HKLM\Software\WOW6432Node\FlyTampa] [HKLM\Software\WOW6432Node\GNU] [HKLM\Software\WOW6432Node\Google] [HKLM\Software\WOW6432Node\HaaliMkx] [HKLM\Software\WOW6432Node\HiFi] [HKLM\Software\WOW6432Node\Huawei technologies] [HKLM\Software\WOW6432Node\InstallShield] [HKLM\Software\WOW6432Node\Intel] [HKLM\Software\WOW6432Node\Internet Download Manager] [HKLM\Software\WOW6432Node\IObit] [HKLM\Software\WOW6432Node\IVT Corporation] [HKLM\Software\WOW6432Node\JavaSoft] [HKLM\Software\WOW6432Node\JreMetrics] [HKLM\Software\WOW6432Node\Khronos] [HKLM\Software\WOW6432Node\KLCodecPack] [HKLM\Software\WOW6432Node\LAV] [HKLM\Software\WOW6432Node\Leawo Software] [HKLM\Software\WOW6432Node\Licenses] [HKLM\Software\WOW6432Node\Macromedia] [HKLM\Software\WOW6432Node\Macrovision] [HKLM\Software\WOW6432Node\Microsoft] [HKLM\Software\WOW6432Node\Mozilla] [HKLM\Software\WOW6432Node\MozillaPlugins] [HKLM\Software\WOW6432Node\MSI] [HKLM\Software\WOW6432Node\NDSoft] [HKLM\Software\WOW6432Node\Nero] [HKLM\Software\WOW6432Node\NETGEAR Genie] [HKLM\Software\WOW6432Node\Nuance] [HKLM\Software\WOW6432Node\NVIDIA Corporation] [HKLM\Software\WOW6432Node\ODBC] [HKLM\Software\WOW6432Node\OldProp Solutions Inc.] [HKLM\Software\WOW6432Node\OpenAL] [HKLM\Software\WOW6432Node\Oracle] [HKLM\Software\WOW6432Node\PMDG Simulations, LLC.] [HKLM\Software\WOW6432Node\PowerISO] [HKLM\Software\WOW6432Node\Realtek] [HKLM\Software\WOW6432Node\Saitek] [HKLM\Software\WOW6432Node\Skype] [HKLM\Software\WOW6432Node\SoftVTU] [HKLM\Software\WOW6432Node\Sony Creative Software] [HKLM\Software\WOW6432Node\Symantec] [HKLM\Software\WOW6432Node\The FlightSim Store] [HKLM\Software\WOW6432Node\TomTom] [HKLM\Software\WOW6432Node\Unchecky] [HKLM\Software\WOW6432Node\Unwinder] [HKLM\Software\WOW6432Node\VideoLAN] [HKLM\Software\WOW6432Node\VSO] [HKLM\Software\WOW6432Node\WiseCleaner] [HKLM\Software\WOW6432Node\Wow6432Node] [HKLM\Software\WOW6432Node\Clients] [HKLM\Software\WOW6432Node\Policies] [HKLM\Software\WOW6432Node\RegisteredApplications] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows\Help] [HKLM\Software\WOW6432Node\Microsoft\Windows\HTML Help] [HKLM\Software\WOW6432Node\Microsoft\Windows\ITStorage] [HKLM\Software\WOW6432Node\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Search] [HKLM\Software\WOW6432Node\Microsoft\Windows\Tablet PC] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\wcssvc] ---------- | Drives D: [26/10/2017 21:24:40] - |A| - (.-.) - [69217383] - (2.0.0.45) - D:\AeroSim B787 P3Dv3.RP1.exe [08/01/2018 18:39:23] - |A| - (.-.) - [362014977] - (2.0.0.44) - D:\FS2Crew - PMDG 737NGX Special Bundle Pack v.2.3.exe E: [07/11/2007 08:03:18] - |A| - (.(C) Microsoft Corporation. - UI Wrapper Resource DLL.) - [76304] - (9.0.21022.8) - E:\install.res.1028.dll [07/11/2007 08:03:18] - |A| - (.© Microsoft Corporation. Alle Rechte vorbehalten. - Ressourcen-DLL für UI-Wrapper.) - [96272] - (9.0.21022.8) - E:\install.res.1031.dll [07/11/2007 08:03:18] - |A| - (.© Microsoft Corporation. - UI Wrapper Resource DLL.) - [91152] - (9.0.21022.8) - E:\install.res.1033.dll [07/11/2007 08:03:18] - |A| - (.© Microsoft Corporation. Tous droits réservés. - UI Wrapper Resource DLL.) - [97296] - (9.0.21022.8) - E:\install.res.1036.dll [07/11/2007 08:03:18] - |A| - (.© Microsoft Corporation. Tutti i diritti riservati. - DLL di risorse del wrapper dell'interfaccia utente.) - [95248] - (9.0.21022.8) - E:\install.res.1040.dll [07/11/2007 08:03:18] - |A| - (.(C) Copyright Microsoft Corporation. - UI Wrapper Resource DLL.) - [81424] - (9.0.21022.8) - E:\install.res.1041.dll [07/11/2007 08:03:18] - |A| - (.(C) Microsoft Corporation. - UI 래퍼 리소스 DLL.) - [79888] - (9.0.21022.8) - E:\install.res.1042.dll [07/11/2007 08:03:18] - |A| - (.(C) Microsoft Corporation。保留所有权利。 - 用户界面包装资源 DLL.) - [75792] - (9.0.21022.8) - E:\install.res.2052.dll [07/11/2007 08:03:18] - |A| - (.© Microsoft Corporation. Reservados todos los derechos. - Archivo DLL de recursos del contenedor de la interfaz de usuario.) - [96272] - (9.0.21022.8) - E:\install.res.3082.dll [07/11/2007 08:03:18] - |A| - (.© Microsoft Corporation. - External Installer.) - [562688] - (9.0.21022.8) - E:\install.exe [07/11/2007 08:00:40] - |A| - (.-.) - [1110] - (0.0.0.0) - E:\globdata.ini [07/11/2007 08:00:40] - |A| - (.-.) - [843] - (0.0.0.0) - E:\install.ini H: ---------- | C: [14/07/2009 04:18:56] - |SHD| - [129] - C:\$Recycle.Bin [24/02/2017 21:47:45] - |HD| - [71115362] - C:\$SysReset [16/06/2018 11:37:05] - |D| - [5011] - C:\AdwCleaner [03/10/2017 20:08:38] - |SHD| - [59720] - C:\Config.Msi [14/07/2009 06:08:56] - |SHD| - [0] - C:\Documents and Settings [28/02/2017 23:31:07] - |D| - [281775] - C:\Drivers [28/02/2017 23:31:07] - |D| - [0] - C:\Hotfix [25/02/2017 07:13:51] - |D| - [0] - C:\Intel [05/06/2017 21:19:54] - |RHD| - [51376] - C:\MSOCache [MD5.D41D8CD98F00B204E9800998ECF8427E] - [01/03/2017 08:34:40] - |ASH| - (.-.) - [8503013376] - (0.0.0.0) - C:\pagefile.sys [14/07/2009 04:20:08] - |D| - [0] - C:\PerfLogs [14/07/2009 04:20:08] - |D| - [268126366] - C:\Program Files [14/07/2009 04:20:08] - |D| - [191117403] - C:\Program Files (x86) [14/07/2009 04:20:08] - |HD| - [2846942817] - C:\ProgramData [21/06/2018 22:58:51] - |D| - [68687] - C:\QuickDiag [MD5.40F8181F08B28C2AEB34D4241057BC8D] - [21/06/2018 23:00:11] - |A| - (.-.) - [121791] - (0.0.0.0) - C:\QuickDiag.txt [25/02/2017 07:15:18] - |SHD| - [172384274] - C:\Recovery [16/03/2012 04:56:31] - |SHD| - [11743701180] - C:\System Volume Information [14/07/2009 04:20:08] - |RD| - [4741459491] - C:\Users [14/07/2009 04:20:08] - |D| - [32701964934] - C:\Windows ---------- | C:\Windows [MD5.87E5AAE1AA9431EF1DDEDC46D2145BDB] - [02/06/2017 19:43:36] - |A| - (.-.) - [32] - (0.0.0.0) - C:\Windows\0 [14/07/2009 06:32:38] - |D| - [802] - C:\Windows\addins [14/07/2009 04:20:08] - |D| - [24146282] - C:\Windows\AppCompat [14/07/2009 04:20:08] - |D| - [10929666] - C:\Windows\AppPatch [14/07/2009 04:20:08] - |RSD| - [1568902003] - C:\Windows\assembly [04/10/2017 00:09:43] - |D| - [473600] - C:\Windows\ATPL Air Law [04/10/2017 00:11:23] - |D| - [473600] - C:\Windows\ATPL Mass and Balance [MD5.317CD1CE327B6520BF4EE007BCD39E61] - [21/11/2010 04:24:22] - |A| - (.© Microsoft Corporation. - Boot File Servicing Utility.) - [71168] - (6.1.7601.17514) - C:\Windows\bfsvc.exe [14/07/2009 04:20:09] - |D| - [29188318] - C:\Windows\Boot [MD5.C0EC3AA1462B29C023D17A9ECDA83BEA] - [14/07/2009 06:38:36] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\Windows\bootstat.dat [14/07/2009 04:20:09] - |D| - [2418176] - C:\Windows\Branding [MD5.05A4EA2682E31E97E0EBF431FE3E6587] - [04/03/2017 13:39:58] - |SH| - (.-.) - [61] - (0.0.0.0) - C:\Windows\cnerolf.bin [21/11/2010 08:17:10] - |D| - [0] - C:\Windows\CSC [MD5.9E136AAE1FF114E47BDF45A0345569A0] - [01/03/2017 08:33:50] - |RA| - (.-.) - [13] - (0.0.0.0) - C:\Windows\csup.txt [14/07/2009 04:20:09] - |D| - [2113488] - C:\Windows\Cursors [14/07/2009 05:45:54] - |D| - [1036] - C:\Windows\debug [MD5.D1E75542EC8D1B4851765A57AC63618E] - [02/12/2017 20:05:00] - |A| - (.-.) - [1908] - (0.0.0.0) - C:\Windows\diagerr.xml [14/07/2009 06:32:38] - |D| - [3003724] - C:\Windows\diagnostics [MD5.D1E75542EC8D1B4851765A57AC63618E] - [02/12/2017 20:05:00] - |A| - (.-.) - [1908] - (0.0.0.0) - C:\Windows\diagwrn.xml [14/07/2009 06:37:46] - |D| - [0] - C:\Windows\DigitalLocker [08/04/2017 19:26:57] - |D| - [642864128] - C:\Windows\Downloaded Installations [14/07/2009 06:32:38] - |D| - [65] - C:\Windows\Downloaded Program Files [21/11/2010 08:17:11] - |D| - [117959641] - C:\Windows\ehome [14/07/2009 06:37:46] - |D| - [110080] - C:\Windows\en-US [MD5.2A66E81AE941E54A237490FC35D387C8] - [05/06/2017 21:32:19] - |A| - (.-.) - [1945] - (0.0.0.0) - C:\Windows\epplauncher.mif [MD5.38AE1B3C38FAEF56FE4907922F0385BA] - [02/03/2017 20:24:49] - |A| - (.© Microsoft Corporation. - Windows Explorer.) - [3229696] - (6.1.7601.23537) - C:\Windows\explorer.exe [14/07/2009 04:20:09] - |RSD| - [722679515] - C:\Windows\Fonts [MD5.92BB2E9AA28542C685C59EFCBAC2490B] - [14/07/2009 00:22:13] - |A| - (.© Microsoft Corporation. - BitLocker Drive Encryption Servicing Utility.) - [15360] - (6.1.7600.16385) - C:\Windows\fveupdate.exe [14/07/2009 04:20:09] - |D| - [32090797] - C:\Windows\Globalization [14/07/2009 04:20:09] - |D| - [100931165] - C:\Windows\Help [MD5.A66E522F3CBFB8709EA37844922A002E] - [26/06/2017 17:16:20] - |A| - (.© Microsoft Corporation. - Microsoft Help and Support.) - [733696] - (6.1.7601.23834) - C:\Windows\HelpPane.exe [MD5.12589371C087A76B6E8E152939E59E98] - [08/05/2018 22:12:12] - |A| - (.© Microsoft Corporation. - Microsoft® HTML Help Executable.) - [16896] - (6.1.7601.24134) - C:\Windows\hh.exe [14/07/2009 04:20:09] - |D| - [143546732] - C:\Windows\IME [14/07/2009 04:20:10] - |D| - [151673817] - C:\Windows\inf [02/03/2017 22:35:50] - |SHD| - [5614794668] - C:\Windows\Installer [MD5.456462905091DB042141487FE030E3C9] - [03/10/2017 23:59:50] - |A| - (.Copyright © 2001 - 2002 Indigo Rose Corporation. All Rights Reserved - SUF60Runtime.) - [737280] - (6.0.1.4) - C:\Windows\iun6002.exe [14/07/2009 04:20:10] - |D| - [48371] - C:\Windows\L2Schemas [14/07/2009 04:20:10] - |D| - [0] - C:\Windows\LiveKernelReports [14/07/2009 04:20:10] - |D| - [90090491] - C:\Windows\Logs [14/07/2009 04:20:10] - |RSD| - [13327133] - C:\Windows\Media [MD5.23AF90D2355D8C83AA4567EF1763B467] - [14/07/2009 01:10:29] - |A| - (.-.) - [43131] - (0.0.0.0) - C:\Windows\mib.bin [14/07/2009 04:20:10] - |D| - [883290624] - C:\Windows\Microsoft.NET [02/03/2017 22:35:53] - |D| - [4206] - C:\Windows\Migration [06/04/2018 14:51:00] - |D| - [0] - C:\Windows\Minidump [14/07/2009 04:20:10] - |D| - [0] - C:\Windows\ModemLogs [MD5.B9FB94A8DA62711C6955825DEFB25C5A] - [14/07/2009 03:35:42] - |A| - (.-.) - [1405] - (0.0.0.0) - C:\Windows\msdfmap.ini [MD5.B32189BDFF6E577A92BAA61AD49264E6] - [02/03/2017 20:09:05] - |A| - (.© Microsoft Corporation. - Notepad.) - [193536] - (6.1.7601.18917) - C:\Windows\notepad.exe [MD5.74F28574BB8F61FFC7DD419FE6B6E0D5] - [30/03/2018 00:32:33] - |A| - (.-.) - [1951] - (0.0.0.0) - C:\Windows\NvContainerRecovery.bat [MD5.74F28574BB8F61FFC7DD419FE6B6E0D5] - [08/04/2017 18:10:02] - |A| - (.-.) - [1951] - (0.0.0.0) - C:\Windows\NvTelemetryContainerRecovery.bat [14/07/2009 06:32:38] - |D| - [65] - C:\Windows\Offline Web Pages [01/03/2017 08:34:09] - |D| - [29961] - C:\Windows\Panther [03/03/2017 16:07:54] - |D| - [0] - C:\Windows\PCHEALTH [14/07/2009 06:32:38] - |D| - [63923461] - C:\Windows\Performance [MD5.EA95875DB87F4C1126AB10BA3D0DC2CF] - [27/01/2018 19:42:47] - |A| - (.-.) - [56488] - (0.0.0.0) - C:\Windows\PFRO.log [14/07/2009 04:20:10] - |D| - [1109514] - C:\Windows\PLA [14/07/2009 04:20:10] - |D| - [4901065] - C:\Windows\PolicyDefinitions [04/10/2017 00:04:54] - |D| - [473600] - C:\Windows\PPL03 - Navigation and Radio Aids [01/03/2017 08:34:47] - |D| - [10842362] - C:\Windows\Prefetch [MD5.FFB8B91BD19E5BC10A3344AAF34880F3] - [21/11/2010 08:17:51] - |A| - (.-.) - [53551] - (0.0.0.0) - C:\Windows\Professional.xml [MD5.2E2C937846A0B8789E5E91739284D17A] - [14/07/2009 00:27:10] - |A| - (.© Microsoft Corporation. - Registry Editor.) - [427008] - (6.1.7600.16385) - C:\Windows\regedit.exe [14/07/2009 04:20:10] - |D| - [22588] - C:\Windows\Registration [13/12/2017 22:32:44] - |D| - [5524698] - C:\Windows\rescache [14/07/2009 04:20:10] - |D| - [1674534] - C:\Windows\Resources [MD5.A095B3E67C8EB8F2137EAC63687F2F5B] - [03/03/2017 10:51:02] - |A| - (.Copyright (C) 2016 Realtek Semiconductor Corp. - RtlExUpd DLL for setup utility function.) - [2839520] - (1.0.7.0) - C:\Windows\RtlExUpd.dll [14/07/2009 04:20:10] - |D| - [0] - C:\Windows\SchCache [14/07/2009 04:20:10] - |D| - [58021] - C:\Windows\schemas [14/07/2009 04:20:10] - |D| - [1070380] - C:\Windows\security [14/07/2009 05:45:47] - |D| - [51481458] - C:\Windows\ServiceProfiles [14/07/2009 04:20:10] - |D| - [141505588] - C:\Windows\servicing [14/07/2009 05:45:50] - |D| - [4038] - C:\Windows\Setup [MD5.D74E3C688AA4F552EB9F55CB8EA67170] - [21/06/2018 22:21:36] - |A| - (.-.) - [56] - (0.0.0.0) - C:\Windows\setupact.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - [21/06/2018 22:21:36] - |A| - (.-.) - [0] - (0.0.0.0) - C:\Windows\setuperr.log [02/06/2017 20:45:46] - |D| - [35886] - C:\Windows\SHELLNEW [02/03/2017 19:52:32] - |D| - [2939902683] - C:\Windows\SoftwareDistribution [14/07/2009 04:20:10] - |D| - [181014046] - C:\Windows\Speech [MD5.D01628AF9F7FB3F415B357D446FBE6D9] - [21/11/2010 04:24:16] - |A| - (.© Microsoft Corporation. - Print driver host for 32bit applications.) - [67072] - (6.1.7601.17514) - C:\Windows\splwow64.exe [MD5.9060C3C745E7B2D8E1A81DD061021546] - [14/07/2009 06:28:38] - |A| - (.-.) - [48201] - (0.0.0.0) - C:\Windows\Starter.xml [14/07/2009 04:20:10] - |D| - [0] - C:\Windows\system [MD5.286A9EDB379DC3423A528B0864A0F111] - [14/07/2009 03:34:57] - |A| - (.-.) - [219] - (0.0.0.0) - C:\Windows\system.ini [14/07/2009 04:20:10] - |D| - [5276794639] - C:\Windows\System32 [14/07/2009 04:20:14] - |D| - [1603184177] - C:\Windows\SysWOW64 [14/07/2009 04:20:14] - |D| - [15] - C:\Windows\TAPI [14/07/2009 04:20:14] - |D| - [32606] - C:\Windows\Tasks [14/07/2009 04:20:14] - |D| - [905440] - C:\Windows\Temp [14/07/2009 04:20:14] - |D| - [0] - C:\Windows\tracing [MD5.0BEA3F79A36B1F67B2CE0F595524C77C] - [10/06/2009 22:41:17] - |A| - (.- Twain Source Manager (Image Acquisition Interface).) - [94784] - (1.7.0.0) - C:\Windows\twain.dll [14/07/2009 06:32:38] - |D| - [6144] - C:\Windows\twain_32 [MD5.163A95975E1D8819E653AA3E961371CA] - [21/11/2010 04:25:10] - |A| - (.- Twain_32 Source Manager (Image Acquisition Interface).) - [51200] - (1.7.1.3) - C:\Windows\twain_32.dll [MD5.F36A271706EDD23C94956AFB56981184] - [13/07/2009 23:47:26] - |A| - (.- Twain_32.dll Client's 16-Bit Thunking Server.) - [49680] - (1.7.0.0) - C:\Windows\twunk_16.exe [MD5.0BD6E68F3EA0DD62CD86283D86895381] - [14/07/2009 01:14:40] - |A| - (.- Twain.dll Client's 32-Bit Thunking Server.) - [31232] - (1.7.1.0) - C:\Windows\twunk_32.exe [25/11/2017 17:22:08] - |D| - [32564] - C:\Windows\Ulead.dat [MD5.B2F05DD0A24FCE6778D608522DCA089E] - [25/11/2017 17:22:08] - |A| - (.-.) - [433] - (0.0.0.0) - C:\Windows\ULead32.ini [MD5.15BF115DB016415DFE435A84A71C9A51] - [01/01/1970 00:59:59] - |A| - (.-.) - [36] - (0.0.0.0) - C:\Windows\vb.ini [MD5.F5F5F500A20CB350BA5DE93BE7E8763F] - [01/03/2017 08:33:50] - |RAH| - (.-.) - [29] - (0.0.0.0) - C:\Windows\version [14/07/2009 04:20:14] - |D| - [12420] - C:\Windows\Vss [14/07/2009 04:20:14] - |D| - [44155055] - C:\Windows\Web [MD5.B31FFE3250040EE72E63CDA5A8A18EE6] - [14/07/2009 03:34:57] - |A| - (.-.) - [387] - (0.0.0.0) - C:\Windows\win.ini [MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - [14/07/2009 05:54:24] - |RAH| - (.-.) - [749] - (0.0.0.0) - C:\Windows\WindowsShell.Manifest [MD5.09B5E22D07F71E201598F63D6F93F665] - [19/06/2018 20:20:28] - |A| - (.-.) - [157149] - (0.0.0.0) - C:\Windows\WindowsUpdate.log [MD5.1D420D66250BCAAAED05724FB34008CF] - [14/07/2009 01:12:29] - |A| - (.© Microsoft Corporation. - Windows Winhlp32 Stub.) - [9728] - (6.1.7600.16385) - C:\Windows\winhlp32.exe [14/07/2009 04:20:14] - |D| - [12208871875] - C:\Windows\winsxs [MD5.DC17DD0189B0C36D863B4DD0A036C10F] - [10/06/2009 21:52:44] - |A| - (.-.) - [316640] - (0.0.0.0) - C:\Windows\WMSysPr9.prx [MD5.F8ED3B4B209E2CB49028E36CF06CA851] - [14/07/2009 00:56:28] - |A| - (.© Microsoft Corporation. - Windows Write.) - [10240] - (6.1.7600.16385) - C:\Windows\write.exe ---------- | C:\Windows\System32\GroupPolicy ---------- | Systemroot\System ---------- | Systemroot\Installer (Microsoft Files Whitelisted) [03/10/2017 19:52:38] - C:\Windows\Installer\106c80.msi : (Install/UnInstall PhysX Driver + Engines: 2.3.1/2/3; 2.4.0/1/4; 2.5.0/1/2/3/4; 2.6.0/1/2/3/4; 2.7.0/1/2/3/4/5/6; 2.8.0/1 - NVIDIA Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [03/10/2017 20:07:51] - C:\Windows\Installer\106e5d.msi : (Blank Project Template - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [25/05/2016 22:56:48] - C:\Windows\Installer\1a8904.msi : (Intel(R) ME UninstallLegacy - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [25/05/2016 22:57:56] - C:\Windows\Installer\1a890c.msi : (Intel(R) Management Engine Components - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/03/2015 09:41:29] - C:\Windows\Installer\1a8989.msi : ( - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [03/03/2017 09:55:50] - C:\Windows\Installer\1c4905.msi : (SSD Guru - Toshiba Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/05/2017 10:00:52] - C:\Windows\Installer\208e23.msi : (Flight Yoke System - Logitech) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [22/09/2015 11:11:14] - C:\Windows\Installer\23e103.msi : (Smart Technology Programming Software - Mad Catz) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [08/12/2015 15:03:34] - C:\Windows\Installer\263c4c8.msi : (Apple Application Support Installer - Apple Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [15/12/2015 15:18:36] - C:\Windows\Installer\263c4d4.msi : (QuickTime Installer - Apple Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [03/03/2017 15:25:04] - C:\Windows\Installer\266cd5.msi : (Google Update Helper - Google Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [15/01/2018 04:56:32] - C:\Windows\Installer\2b9386.msi : ( - dotPDN LLC) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [05/01/2018 15:56:01] - C:\Windows\Installer\334a6.msi : (NDSoft Constantine X Version 1.00 - NDSoft) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [09/12/2015 11:24:28] - C:\Windows\Installer\62f56.msi : (Saitek ProFlight Fsx Plugin - Saitek) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [19/05/2018 19:15:30] - C:\Windows\Installer\7d457.msi : (Google Update Helper - Google Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [01/02/2018 20:39:25] - C:\Windows\Installer\9dad9.msi : (Apple Software Update Installer - Apple Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [26/02/2018 18:46:21] - C:\Windows\Installer\aae1a.msi : (Adobe ARM Installer - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [12/02/2014 17:22:00] - C:\Windows\Installer\b4b7c.msi : (Blank Project Template - Etron Technology) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [21/11/2013 08:33:48] - C:\Windows\Installer\b4b84.msi : (Intel(R) Rapid Storage Technology - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [12/12/2012 13:18:57] - C:\Windows\Installer\d0e2c.msi : (Blank Project Template - Adobe) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [12/12/2012 13:18:57] - C:\Windows\Installer\d0e36.msi : (Blank Project Template - Adobe) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [18/05/2017 14:09:54] - C:\Windows\Installer\fd124d.msi : (.. - Intel) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [18/05/2017 14:10:16] - C:\Windows\Installer\fd1275.msi : (Intel(R) Driver Update Utility 2.8 - Intel) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [19/04/2018 22:21:17] - C:\Windows\Installer\fd81d.msi : (Java SE Runtime Environment 8 Update 171 - Oracle Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [19/04/2018 22:21:13] - C:\Windows\Installer\fd82e.msi : (Java Auto Updater - Oracle Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] ---------- | %System%\*.in* [14/07/2009 05:57:09] - [73] - C:\Windows\System32\desktop.ini [03/03/2017 11:49:05] - [16303] - C:\Windows\System32\ieuinit.inf [14/07/2009 06:13:15] - [800174] - C:\Windows\System32\PerfStringBackup.INI [10/06/2009 22:01:25] - [60124] - C:\Windows\System32\tcpmon.ini [09/01/2016 12:21:34] - [101] - C:\Windows\System32\ud-boot-time.ini [03/03/2017 11:49:05] - [16303] - C:\Windows\Syswow64\ieuinit.inf [14/07/2009 05:55:01] - [535] - C:\Windows\Syswow64\mapisvc.inf [02/03/2017 22:36:08] - [784040] - C:\Windows\Syswow64\PerfStringBackup.INI ---------- | Listing no Microsoft signed files (Not necessary Malwares) | system32 | Syswow64 | General scan [MD5.6A01A3C85007427C4C2B64D8AA8F66F9] - |A| - [09/01/2018 20:30:27] - (.-.) - [124.53 Ko] - (0.0.0.0) - C:\Windows\AppPatch\AppPatch64\sysmain.sdb [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:08] - [0 Ko] - C:\Windows\AppPatch\Custom\Custom64 [MD5.00000000000000000000000000000000] - |D| - [20/03/2018 22:28:24] - [884.22 Ko] - C:\Windows\Temp\B185F086-6B0F-4507-A52F-21537009865C186c.1d3c0926050f2dd [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [26/01/2018 22:55:16] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\System32\--debugoff [MD5.FE7330BD26AF07E677FA3B346F9AC4C6] - |A| - [26/01/2018 22:55:16] - (.-.) - [13.8 Ko] - (0.0.0.0) - C:\Windows\System32\--traceoff [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [02/06/2017 19:43:36] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\System32\0 [MD5.00000000000000000000000000000000] - |D| - [21/11/2010 08:06:51] - [0 Ko] - C:\Windows\System32\0409 [MD5.D41D8CD98F00B204E9800998ECF8427E] - |AH| - [14/07/2009 05:45:49] - (.-.) - [25.3 Ko] - (0.0.0.0) - C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [MD5.D41D8CD98F00B204E9800998ECF8427E] - |AH| - [14/07/2009 05:45:49] - (.-.) - [25.3 Ko] - (0.0.0.0) - C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:10] - [4987.5 Ko] - C:\Windows\System32\AdvancedInstallers [MD5.1A14F38467A96913E6F384C236EC0436] - |A| - [09/01/2016 12:21:34] - (.-.) - [0.05 Ko] - (0.0.0.0) - C:\Windows\System32\boot-config.cmd [MD5.0FED164573CE70AEE8C023B28789F326] - |A| - [09/01/2016 12:21:34] - (.-.) - [0.04 Ko] - (0.0.0.0) - C:\Windows\System32\boot-off.cmd [MD5.3281D38D182F1FDDA250705FB5310775] - |A| - [09/01/2016 12:21:34] - (.-.) - [0.04 Ko] - (0.0.0.0) - C:\Windows\System32\boot-on.cmd [MD5.8B1031C810AA66ADCBC45898FFD6D519] - |A| - [17/12/2016 05:20:58] - (.Copyright © 2007-2013 UltraDefrag Development Team - BootExecute Control program.) - [44 Ko] - (7.0.2.0) - C:\Windows\System32\bootexctrl.exe [MD5.F02F93D5AEC524052E4A37C1BB7CCF31] - |A| - [14/07/2009 02:20:24] - (.Copyright(C)Brother Industries Ltd.1997-2006 - Brother Multi Function CoInstaller.) - [19 Ko] - (1.0.0.20) - C:\Windows\System32\brcoinst.dll [MD5.7D00FF6A4315FDF4ACAFBB4EF157EA9F] - |A| - [14/07/2009 01:07:04] - (.Copyright (C) 2008 - Bthpan Context Handler.) - [91.5 Ko] - (1.0.0.1) - C:\Windows\System32\BthpanContextHandler.dll [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:10] - [96684.76 Ko] - C:\Windows\System32\catroot [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:10] - [30455.77 Ko] - C:\Windows\System32\catroot2 [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:10] - [14124.09 Ko] - C:\Windows\System32\CodeIntegrity [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:10] - [357 Ko] - C:\Windows\System32\com [MD5.00000000000000000000000000000000] - |SD| - [03/03/2017 17:41:57] - [4945.69 Ko] - C:\Windows\System32\CompatTel [MD5.755BFC56892C3ECCA0F02AAC5E0BD3B1] - |A| - [06/04/2018 15:08:07] - (.2013 © Real Sound Lab SIA, iSoft Solutions - CONEQ™ Media Suite APO GUI Library.) - [119.45 Ko] - (1.0.0.4) - C:\Windows\System32\CONEQMSAPOGUILibrary.dll [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:10] - [374289.95 Ko] - C:\Windows\System32\config [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:10] - [432 Ko] - C:\Windows\System32\cs-CZ [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:10] - [427.5 Ko] - C:\Windows\System32\da-DK [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:10] - [457.5 Ko] - C:\Windows\System32\de-DE [MD5.E5DAB93CEDA359435A05B11E4F4A4E5A] - |A| - [17/12/2016 05:20:46] - (.Copyright © 2007-2013 UltraDefrag Development Team - UltraDefrag native interface.) - [455.5 Ko] - (7.0.2.0) - C:\Windows\System32\defrag_native.exe [MD5.079B8AEB4A55BF8493BD1EC70285D920] - |ASH| - [14/07/2009 05:57:09] - (.-.) - [0.07 Ko] - (0.0.0.0) - C:\Windows\System32\desktop.ini [MD5.0C71AC33C7E2281E914CBECFE4BBCB95] - |A| - [31/12/2011 14:16:38] - (.- Microsoft® Forms DLL.) - [1552.78 Ko] - (15.0.3628.1000) - C:\Windows\System32\FM20.DLL [MD5.B062F368280585276C5B01A9B812CB86] - |A| - [31/12/2011 14:16:38] - (.- Microsoft® Forms International DLL.) - [31.31 Ko] - (15.0.3628.1000) - C:\Windows\System32\FM20enu.DLL [MD5.25B36C6788D9FBD0E39D4F057C8E434A] - |A| - [31/12/2011 14:30:48] - (.- Microsoft® Forms International DLL.) - [35.81 Ko] - (15.0.3628.1000) - C:\Windows\System32\FM20fra.DLL [MD5.74F15D8E063DAFE3984F2E377707299F] - |A| - [21/06/2018 22:21:31] - (.-.) - [5042.04 Ko] - (0.0.0.0) - C:\Windows\System32\FNTCACHE.DAT [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:11] - [454 Ko] - C:\Windows\System32\fr-FR [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 06:32:38] - [0 Ko] - C:\Windows\System32\FxsTmp [MD5.2AE808CB0D9A667B0CF41EA74B3B9BAC] - |A| - [10/06/2009 21:36:24] - (.-.) - [39.6 Ko] - (0.0.0.0) - C:\Windows\System32\gatherNetworkInfo.vbs [MD5.E67DA43B4CF8E15291E4F0D5C42EA1A0] - |A| - [01/06/2015 19:45:08] - (.-.) - [162.28 Ko] - (0.0.0.0) - C:\Windows\System32\Gfxres.ar-SA.resources [MD5.51470B9F0EFCBE5A80A8B501197CA0E2] - |A| - [01/06/2015 19:45:08] - (.-.) - [138.95 Ko] - (0.0.0.0) - C:\Windows\System32\Gfxres.cs-CZ.resources [MD5.A2BCCE562367DCDA44797A6431155E9D] - |A| - [01/06/2015 19:45:08] - (.-.) - [133.93 Ko] - (0.0.0.0) - C:\Windows\System32\Gfxres.da-DK.resources [MD5.2FC2E0417502F50636DE03818AC83E37] - |A| - [01/06/2015 19:45:08] - (.-.) - [143.94 Ko] - (0.0.0.0) - C:\Windows\System32\Gfxres.de-DE.resources [MD5.78C2B4C49F955534DDDFDCA2C46BE843] - |A| - [01/06/2015 19:45:08] - (.-.) - [205.18 Ko] - (0.0.0.0) - C:\Windows\System32\Gfxres.el-GR.resources [MD5.EBD3437D5EDB8404E1E86F2552F4E458] - |A| - [01/06/2015 19:45:08] - (.-.) - [129.51 Ko] - (0.0.0.0) - C:\Windows\System32\Gfxres.en-US.resources [MD5.1D724422FD031FC348380DF30565F378] - |A| - [01/06/2015 19:45:08] - (.-.) - [143.84 Ko] - (0.0.0.0) - C:\Windows\System32\Gfxres.es-ES.resources [MD5.167C2A4CF15A1A6A6192798B0BBA64B5] - |A| - [01/06/2015 19:45:08] - (.-.) - [138.68 Ko] - (0.0.0.0) - C:\Windows\System32\Gfxres.fi-FI.resources [MD5.F3EB742B8D75E8BAB4DB0271BEFBFA65] - |A| - [01/06/2015 19:45:08] - (.-.) - [142.08 Ko] - (0.0.0.0) - C:\Windows\System32\Gfxres.fr-FR.resources [MD5.1924F5EE8CCA6761850DA2A1FB5E9233] - |A| - [01/06/2015 19:45:08] - (.-.) - [155.28 Ko] - (0.0.0.0) - C:\Windows\System32\Gfxres.he-IL.resources [MD5.1AD276140AC09C73466542E197DFFBDC] - |A| - [01/06/2015 19:45:08] - (.-.) - [137.74 Ko] - (0.0.0.0) - C:\Windows\System32\Gfxres.hr-HR.resources [MD5.2FFAE506730EF37784F3667CA4EA121E] - |A| - [01/06/2015 19:45:08] - (.-.) - [140.56 Ko] - (0.0.0.0) - C:\Windows\System32\Gfxres.hu-HU.resources [MD5.2112A985F703196DB48042E2C3478849] - |A| - [01/06/2015 19:45:08] - (.-.) - [146.17 Ko] - (0.0.0.0) - C:\Windows\System32\Gfxres.it-IT.resources [MD5.3D16226F3B3C353C8DED165C93881CD7] - |A| - [01/06/2015 19:45:08] - (.-.) - [159.59 Ko] - (0.0.0.0) - C:\Windows\System32\Gfxres.ja-JP.resources [MD5.F848E84794792910171CB966CACD5869] - |A| - [01/06/2015 19:45:08] - (.-.) - [144.57 Ko] - (0.0.0.0) - C:\Windows\System32\Gfxres.ko-KR.resources [MD5.D4F9A73A2D7A53B33B79B25D2C7F54A8] - |A| - [01/06/2015 19:45:08] - (.-.) - [134.55 Ko] - (0.0.0.0) - C:\Windows\System32\Gfxres.nb-NO.resources [MD5.2CB895F3DD7239DF6785796E56FFF6EE] - |A| - [01/06/2015 19:45:08] - (.-.) - [140.64 Ko] - (0.0.0.0) - C:\Windows\System32\Gfxres.nl-NL.resources [MD5.C22FC0D4D4DA401026C55BCF142E9EAA] - |A| - [01/06/2015 19:45:10] - (.-.) - [139.37 Ko] - (0.0.0.0) - C:\Windows\System32\Gfxres.pl-PL.resources [MD5.61884D76B03DE138C45CE6BC826B261A] - |A| - [01/06/2015 19:45:10] - (.-.) - [140.88 Ko] - (0.0.0.0) - C:\Windows\System32\Gfxres.pt-BR.resources [MD5.0345103583BA5A28A74297C583D6B72B] - |A| - [01/06/2015 19:45:10] - (.-.) - [139.53 Ko] - (0.0.0.0) - C:\Windows\System32\Gfxres.pt-PT.resources [MD5.740CFD4AEDA63ED5A902C4012F634811] - |A| - [01/06/2015 19:45:10] - (.-.) - [142.58 Ko] - (0.0.0.0) - C:\Windows\System32\Gfxres.ro-RO.resources [MD5.3B98DE17467E57264FB67BAAE9FC99D1] - |A| - [01/06/2015 19:45:10] - (.-.) - [189.69 Ko] - (0.0.0.0) - C:\Windows\System32\Gfxres.ru-RU.resources [MD5.9AD3600A8802547DCA1395BF01F17D0C] - |A| - [01/06/2015 19:45:10] - (.-.) - [138.51 Ko] - (0.0.0.0) - C:\Windows\System32\Gfxres.sk-SK.resources [MD5.ABA254E3CD5D35E6BDC98E21B754E46B] - |A| - [01/06/2015 19:45:10] - (.-.) - [134.66 Ko] - (0.0.0.0) - C:\Windows\System32\Gfxres.sl-SI.resources [MD5.077B93A3728B0ED69F752D467EB5C432] - |A| - [01/06/2015 19:45:10] - (.-.) - [139.53 Ko] - (0.0.0.0) - C:\Windows\System32\Gfxres.sv-SE.resources [MD5.96AAA779DA7D78893479BD24969E7644] - |A| - [01/06/2015 19:45:10] - (.-.) - [218.42 Ko] - (0.0.0.0) - C:\Windows\System32\Gfxres.th-TH.resources [MD5.602AD24EE7F5C071C5F59EC6E510F10D] - |A| - [01/06/2015 19:45:10] - (.-.) - [141.25 Ko] - (0.0.0.0) - C:\Windows\System32\Gfxres.tr-TR.resources [MD5.93A5633BA17BBE1726871BD5EA2B15CD] - |A| - [01/06/2015 19:45:10] - (.-.) - [121.73 Ko] - (0.0.0.0) - C:\Windows\System32\Gfxres.zh-CN.resources [MD5.E5FC52A12691FB17D790C08E21150AEC] - |A| - [01/06/2015 19:45:10] - (.-.) - [123.34 Ko] - (0.0.0.0) - C:\Windows\System32\Gfxres.zh-TW.resources [MD5.12BCB2A86CB2570F3603D68AE695E970] - |A| - [01/06/2015 19:45:12] - (.-.) - [0.26 Ko] - (0.0.0.0) - C:\Windows\System32\GfxUI.exe.config [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:11] - [0 Ko] - C:\Windows\System32\GroupPolicy [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:11] - [0 Ko] - C:\Windows\System32\GroupPolicyUsers [MD5.91CD85F6CEAD6623871E02E1E2E8838F] - |A| - [17/12/2016 05:20:58] - (.Copyright © 2007-2013 UltraDefrag Development Team - Hibernate for Windows.) - [56 Ko] - (7.0.2.0) - C:\Windows\System32\hibernate4win.exe [MD5.CD045F046125A41997446608607F7030] - |A| - [01/06/2015 21:00:14] - (.-.) - [100.5 Ko] - (0.0.0.0) - C:\Windows\System32\IccLibDll_x64.dll [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:11] - [36.27 Ko] - C:\Windows\System32\icsxml [MD5.DAC891AF4E785599FB6B61B9230A2442] - |A| - [01/06/2015 21:00:14] - (.-.) - [107.5 Ko] - (0.0.0.0) - C:\Windows\System32\igdde64.dll [MD5.AEC4A6912397AF52F37FCB2888BE2324] - |A| - [01/06/2015 21:00:32] - (.Copyright (C) 2012 - CM Runtime Dynamic Link Library (DX11).) - [570.5 Ko] - (2.4.0.1020) - C:\Windows\System32\igfx11cmrt64.dll [MD5.EE70E7AE58A58C8C3E5AD956D3EF1ECB] - |A| - [01/06/2015 21:00:22] - (.Copyright (C) 2010 - 2011 - CM JIT Dynamic Link Library.) - [3437.5 Ko] - (2.4.0.1020) - C:\Windows\System32\igfxcmjit64.dll [MD5.07DE96D6460FDAEA968740F9D356E059] - |A| - [01/06/2015 21:01:14] - (.Copyright (C) 2010 - 2012 - CM Runtime Dynamic Link Library.) - [1042.67 Ko] - (2.4.0.1020) - C:\Windows\System32\igfxcmrt64.dll [MD5.F5490A23C96AC4C6C825B5392F7FAA40] - |A| - [01/06/2015 21:00:38] - (.Copyright (C) 2009 - Intel(R) Graphics Media Accelerator Driver Coinstaller.) - [122 Ko] - (1.2.30.0) - C:\Windows\System32\igfxCoIn_v4229.dll [MD5.94ACFB7075F0AAC101300B27DB5F0B39] - |A| - [01/06/2015 21:00:24] - (.-.) - [18 Ko] - (1.0.0.0) - C:\Windows\System32\IGFXDEVLib.dll [MD5.40DFD4CFB98AB5E4666B0F607CB64921] - |A| - [01/06/2015 19:46:56] - (.-.) - [1935.25 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxa64.cpa [MD5.828C46F74BB7248FF401471D072BB751] - |A| - [01/06/2015 19:46:56] - (.-.) - [1.05 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxa64.vp [MD5.55632EAD6A6C6708C6671D4622454EDB] - |A| - [01/06/2015 19:46:56] - (.-.) - [57.84 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxc64.vp [MD5.555B90CAEC4AE1D3140338CF2D16A11B] - |A| - [01/06/2015 19:46:58] - (.-.) - [57.72 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxc64_dev.vp [MD5.6FBF733E8ACB2F13407DD9582217F720] - |A| - [01/06/2015 19:46:58] - (.-.) - [58.01 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxg64.vp [MD5.ECE7DBF87A6E24AC8A680064FFAE5A58] - |A| - [01/06/2015 19:46:58] - (.-.) - [57.42 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxg64_dev.vp [MD5.48434EAFE70409D261DAF5AD244F03CA] - |A| - [01/06/2015 19:46:58] - (.-.) - [58.03 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxo64.vp [MD5.9D068CF01FC9A74EF3ACAEC779962B0C] - |A| - [01/06/2015 19:46:58] - (.-.) - [56.75 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxo64_dev.vp [MD5.E3C8007DCB44F6396FEEB14AFE348FD3] - |A| - [01/06/2015 19:46:58] - (.-.) - [16.68 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxs64.vp [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:11] - [36875.94 Ko] - C:\Windows\System32\IME [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:11] - [0 Ko] - C:\Windows\System32\inetsrv [MD5.AAA0C03BF54FC8A4E895B576861A9848] - |A| - [21/11/2010 04:07:41] - (.-.) - [29.12 Ko] - (0.0.0.0) - C:\Windows\System32\InstallPackage_ETW.Log [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:11] - [452 Ko] - C:\Windows\System32\it-IT [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:11] - [365 Ko] - C:\Windows\System32\ja-JP [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:11] - [360 Ko] - C:\Windows\System32\ko-KR [MD5.C1B7AB03AC2F3C990A40BC2E18E02CF1] - |A| - [14/07/2009 03:35:50] - (.-.) - [11687.04 Ko] - (0.0.0.0) - C:\Windows\System32\korwbrkr.lex [MD5.E89C001FB4D9E08CC7072CE774CDB999] - |A| - [21/11/2010 03:52:07] - (.-.) - [0.01 Ko] - (0.0.0.0) - C:\Windows\System32\LocalGroupAdminAdd.log [MD5.563C3703A9B57CC9B370A76D6173D09C] - |A| - [21/11/2010 03:52:08] - (.-.) - [0.05 Ko] - (0.0.0.0) - C:\Windows\System32\Local_LLU.log [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:11] - [2369.56 Ko] - C:\Windows\System32\LogFiles [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:11] - [165 Ko] - C:\Windows\System32\lt-LT [MD5.686A4716309C0EE09CE36C5E393B79AC] - |A| - [17/12/2016 05:20:56] - (.-.) - [393 Ko] - (0.0.0.0) - C:\Windows\System32\lua5.1a.dll [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:11] - [166 Ko] - C:\Windows\System32\lv-LV [MD5.00000000000000000000000000000000] - |D| - [03/03/2017 10:55:35] - [60995.49 Ko] - C:\Windows\System32\Macromed [MD5.7A495CA1402C2F9F5D035092AD808669] - |A| - [13/07/2009 21:17:48] - (.-.) - [0.85 Ko] - (0.0.0.0) - C:\Windows\System32\manage-bde.wsf [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:11] - [1981.88 Ko] - C:\Windows\System32\manifeststore [MD5.6C3157FD2E850739EDEA659D40D0977D] - |A| - [06/04/2018 15:08:11] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [322.8 Ko] - (2.2.9.0) - C:\Windows\System32\MaxxAudioAPO20.dll [MD5.82244FEFCFEB8B4D7CBC8212A614AB5A] - |A| - [06/04/2018 15:08:12] - (.Copyright © 1996-2014 -.) - [2002.13 Ko] - (4.1.1.0) - C:\Windows\System32\MaxxAudioEQ64.dll [MD5.EC18B901419E057C70574246489BF163] - |A| - [06/04/2018 15:08:14] - (.Copyright (c) 2006-2011 Creative Technology Ltd. - Creative Audio Processing Object Module.) - [892.59 Ko] - (1.0.62.0) - C:\Windows\System32\MBAPO64.dll [MD5.2D9E72889C4480A87A373B9C81CC506A] - |A| - [06/04/2018 15:08:14] - (.Copyright (c) 2006-2008 Creative Technology Ltd. - Creative Chaining Property Page Loader Module.) - [68.28 Ko] - (1.0.0.110) - C:\Windows\System32\MBPPCn64.dll [MD5.2AE429DBD757BDB48231A44E7606C60E] - |A| - [06/04/2018 15:08:14] - (.Copyright (c) 2006-2011 Creative Technology Ltd. - Creative Property Page Loader Module.) - [72.85 Ko] - (1.0.58.0) - C:\Windows\System32\MBppld64.dll [MD5.92631A6D0FF749A7DF53F2900F8AF171] - |A| - [06/04/2018 15:08:14] - (.Copyright (c) 2006-2010 Creative Technology Ltd. - Audio Processing Object Chaining Module.) - [400.42 Ko] - (1.0.0.270) - C:\Windows\System32\MBWrp64.dll [MD5.00000000000000000000000000000000] - |SD| - [14/07/2009 05:45:42] - [10.61 Ko] - C:\Windows\System32\Microsoft [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:11] - [3464.93 Ko] - C:\Windows\System32\migration [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:11] - [37830.93 Ko] - C:\Windows\System32\migwiz [MD5.39E801545FFF6230C80140E0F8A06629] - |A| - [14/07/2009 05:57:09] - (.-.) - [1.21 Ko] - (0.0.0.0) - C:\Windows\System32\migwiz.lnk [MD5.3214D6B1B7D9AA2C1C958705A9EEE990] - |A| - [19/12/2012 08:42:08] - (.Copyright (c) 2009 Pixart Imaging Inc. - pximouse.) - [154 Ko] - (1.0.0.1) - C:\Windows\System32\mousecpl.dll [MD5.00000000000000000000000000000000] - |D| - [03/03/2017 00:16:03] - [0 Ko] - C:\Windows\System32\MRT [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:11] - [4148.28 Ko] - C:\Windows\System32\Msdtc [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:11] - [11.33 Ko] - C:\Windows\System32\MUI [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:11] - [422.5 Ko] - C:\Windows\System32\nb-NO [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:11] - [640 Ko] - C:\Windows\System32\NDF [MD5.CD48AD912839B9FB6CCA5D4AA9B37500] - |A| - [13/07/2009 23:01:19] - (.-.) - [21.3 Ko] - (0.0.0.0) - C:\Windows\System32\NetTrace.PLA.Diagnostics.xml [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:11] - [136 Ko] - C:\Windows\System32\NetworkList [MD5.8E24A7BCAEF2045DA1FF29217622843E] - |A| - [21/11/2010 03:52:07] - (.-.) - [0.04 Ko] - (0.0.0.0) - C:\Windows\System32\Network_LLU.log [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:11] - [443.5 Ko] - C:\Windows\System32\nl-NL [MD5.1C96B3DA6ABE5E18B63C64DF75884F6A] - |A| - [14/07/2009 03:35:51] - (.-.) - [1.45 Ko] - (0.0.0.0) - C:\Windows\System32\noise.kor [MD5.F0F4DA57937F064881F751786244B7AF] - |A| - [30/03/2018 00:31:08] - (.-.) - [0.65 Ko] - (0.0.0.0) - C:\Windows\System32\nv-vk64.json [MD5.BED94E70C10EFF09AEF94D18CA7FF7F7] - |A| - [30/03/2018 00:32:47] - (.-.) - [7924.04 Ko] - (0.0.0.0) - C:\Windows\System32\nvcoproc.bin [MD5.1BAA5246AF741F83B5130C001BEE9DB0] - |A| - [30/03/2018 00:31:08] - (.-.) - [44.44 Ko] - (0.0.0.0) - C:\Windows\System32\nvinfo.pb [MD5.2901049544FDF863362FABA2363EB647] - |A| - [13/07/2009 21:24:21] - (.-.) - [0.82 Ko] - (0.0.0.0) - C:\Windows\System32\onlinesetup.cmd [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:11] - [14429.42 Ko] - C:\Windows\System32\oobe [MD5.2AD7B4F3C8D2BB686D231EDFF404B7A4] - |A| - [06/04/2018 15:34:32] - (.Copyright (C) 2000-2006 - Standard OpenAL(TM) Implementation.) - [120.02 Ko] - (6.14.357.24) - C:\Windows\System32\OpenAL32.dll [MD5.652F1F54E573AF4D59E0AE658376D077] - |A| - [17/03/2018 11:58:18] - (.Copyright © 2005-2010 CACE Technologies. Copyright © 1999-2005 NetGroup, Politecnico di Torino. - packet.dll (Vista) Dynamic Link Library.) - [103.52 Ko] - (4.1.0.2001) - C:\Windows\System32\packet.dll [MD5.064AA21BAA13F84273D12FA5A43FA46A] - |A| - [14/07/2009 03:36:59] - (.-.) - [123.39 Ko] - (0.0.0.0) - C:\Windows\System32\perfc009.dat [MD5.B7795BC96C1CEB86E04E8DC843E9C784] - |A| - [10/06/2009 21:33:35] - (.-.) - [113.56 Ko] - (0.0.0.0) - C:\Windows\System32\PerfCenterCpl.ico [MD5.7AAA3E23CE4C7845B112F7A79B110E60] - |A| - [14/07/2009 03:36:59] - (.-.) - [30.81 Ko] - (0.0.0.0) - C:\Windows\System32\perfd009.dat [MD5.BD5E8C883F648B7FA05700A549DD353F] - |A| - [14/07/2009 03:36:59] - (.-.) - [651.54 Ko] - (0.0.0.0) - C:\Windows\System32\perfh009.dat [MD5.8C2F99FAD9F6D9B5975BBC844F0EDBBA] - |A| - [14/07/2009 06:13:15] - (.-.) - [781.42 Ko] - (0.0.0.0) - C:\Windows\System32\PerfStringBackup.INI [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:11] - [439 Ko] - C:\Windows\System32\pl-PL [MD5.1DD626FE4DE2D4B710DD1360F404A54F] - |A| - [15/09/2017 09:53:26] - (.Copyright (C) 2001 - PrintBrm Application.) - [70 Ko] - (1.0.0.0) - C:\Windows\System32\PrintBrmUi.exe [MD5.00000000000000000000000000000000] - |D| - [21/11/2010 08:06:50] - [413.88 Ko] - C:\Windows\System32\Printing_Admin_Scripts [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:11] - [436 Ko] - C:\Windows\System32\pt-BR [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:11] - [438.5 Ko] - C:\Windows\System32\pt-PT [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:11] - [23.75 Ko] - C:\Windows\System32\ras [MD5.D518E801551E975B26ECA37E7E1D3086] - |A| - [06/04/2018 15:08:17] - (.© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DAA Control Panel x64.) - [314.17 Ko] - (6.0.6001.18) - C:\Windows\System32\RP3DAA64.dll [MD5.23212C53F5D8DE747F86463B3B5A183F] - |A| - [06/04/2018 15:08:17] - (.© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DHT Control Panel x64.) - [314.17 Ko] - (6.0.6001.18) - C:\Windows\System32\RP3DHT64.dll [MD5.AC1AA9F3B1D8FDF8882DC6AB8A10D64A] - |A| - [06/04/2018 15:08:17] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 COM DLL x64.) - [209.8 Ko] - (6.1.6001.33) - C:\Windows\System32\RTEED64A.dll [MD5.FFE5A1AD38CFF13815D962F228C237C8] - |A| - [06/04/2018 15:08:17] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 GFX APO x64.) - [86.27 Ko] - (6.1.6001.33) - C:\Windows\System32\RTEEG64A.dll [MD5.A75237F8A8BA4F19A7A8712FEE428A84] - |A| - [06/04/2018 15:08:17] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 LFX APO x64.) - [108.38 Ko] - (6.1.6001.33) - C:\Windows\System32\RTEEL64A.dll [MD5.44BAE5798495ADF0E3006DFCFD35373F] - |A| - [06/04/2018 15:08:17] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 Control Panel x64.) - [378.23 Ko] - (6.1.6001.33) - C:\Windows\System32\RTEEP64A.dll [MD5.AF47D6660569DFA46BC4E1CD21E1624B] - |A| - [28/09/2012 20:45:18] - (.-.) - [240.5 Ko] - (0.0.0.0) - C:\Windows\System32\rtvcvfw64.dll [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:11] - [434 Ko] - C:\Windows\System32\ru-RU [MD5.09E56673AF1A0E0FE97264790FCF0E3B] - |A| - [27/09/2017 11:19:55] - (.-.) - [871.12 Ko] - (0.0.0.0) - C:\Windows\System32\SaiC0bac.Dll [MD5.E4072094AACB091831714A2E440DCB6B] - |A| - [27/09/2017 11:19:55] - (.-.) - [15.62 Ko] - (0.0.0.0) - C:\Windows\System32\SaiC0bac_0402.dll [MD5.0C066DA4A589C5E920BDB3C7454CE6AD] - |A| - [27/09/2017 11:19:55] - (.-.) - [16.12 Ko] - (0.0.0.0) - C:\Windows\System32\SaiC0bac_05.dll [MD5.FB066F9AAFF596AC5A9CBE0E70C197D1] - |A| - [27/09/2017 11:19:55] - (.-.) - [17.12 Ko] - (0.0.0.0) - C:\Windows\System32\SaiC0bac_07.dll [MD5.F044F0A7AE07B5472D438C22B3622D2A] - |A| - [27/09/2017 11:19:55] - (.-.) - [16.12 Ko] - (0.0.0.0) - C:\Windows\System32\SaiC0bac_09.dll [MD5.B9962BE8F6F49BD518A911A213E53133] - |A| - [27/09/2017 11:19:55] - (.-.) - [17.12 Ko] - (0.0.0.0) - C:\Windows\System32\SaiC0bac_0A.dll [MD5.ADEDE1FAB02DD20B969ADFF4632D291A] - |A| - [27/09/2017 11:19:55] - (.-.) - [17.62 Ko] - (0.0.0.0) - C:\Windows\System32\SaiC0bac_0C.dll [MD5.DCB816626E8AC95CBD9CB4D563D66D7F] - |A| - [27/09/2017 11:19:55] - (.-.) - [17.12 Ko] - (0.0.0.0) - C:\Windows\System32\SaiC0bac_10.dll [MD5.9178B4AB6DF69DA7F1A8231DBC152244] - |A| - [27/09/2017 11:19:55] - (.-.) - [14.62 Ko] - (0.0.0.0) - C:\Windows\System32\SaiC0bac_11.dll [MD5.BCFE7177CDE7EBFF87BBE3EF64B32C1E] - |A| - [27/09/2017 11:19:55] - (.-.) - [14.12 Ko] - (0.0.0.0) - C:\Windows\System32\SaiC0bac_12.dll [MD5.1E159345EC66CAD25B19CED8B8FBC972] - |A| - [27/09/2017 11:19:55] - (.-.) - [16.62 Ko] - (0.0.0.0) - C:\Windows\System32\SaiC0bac_19.dll [MD5.7DA7EB047E6C14A2043F8598E3F52E2D] - |A| - [29/06/2007 14:49:14] - (.-.) - [3.85 Ko] - (0.0.0.0) - C:\Windows\System32\SaiD0BAC.pr0 [MD5.5C18CD22BE4628865FCB63337A6E5EF6] - |A| - [21/11/2010 04:24:25] - (.-.) - [10.18 Ko] - (0.0.0.0) - C:\Windows\System32\ScavengeSpace.xml [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:13] - [169.5 Ko] - C:\Windows\System32\sk-SK [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:13] - [166 Ko] - C:\Windows\System32\sl-SI [MD5.00000000000000000000000000000000] - |D| - [21/11/2010 08:06:51] - [37.8 Ko] - C:\Windows\System32\slmgr [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:13] - [19906.02 Ko] - C:\Windows\System32\SMI [MD5.C74D61FCA22F36791105D7878AF73572] - |A| - [10/06/2009 22:08:17] - (.-.) - [8.09 Ko] - (0.0.0.0) - C:\Windows\System32\spcinstrumentation.man [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:13] - [26875.5 Ko] - C:\Windows\System32\Speech [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:13] - [41257.05 Ko] - C:\Windows\System32\spool [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:13] - [2133.41 Ko] - C:\Windows\System32\spp [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:13] - [30.19 Ko] - C:\Windows\System32\sppui [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:13] - [170 Ko] - C:\Windows\System32\sr-Latn-CS [MD5.D5CBFC2DCAB04A9B3D0CDE38D65A3F9B] - |A| - [06/04/2018 15:08:20] - (.(c) 2007 SRS Labs, Inc. - COM object implementing SRS Headphone 360.) - [204.62 Ko] - (1.1.0.0) - C:\Windows\System32\SRSHP64.dll [MD5.E219852B87D0634EDE3B3B61C520B450] - |A| - [06/04/2018 15:08:20] - (.Copyright (c) 2006 SRS Labs, Inc.. - TruSurround HD and HD4 COM object for Windows.) - [216.76 Ko] - (1.1.4.0) - C:\Windows\System32\SRSTSH64.dll [MD5.0F4A688E07D9905E0EF9A3BB0D1E9A60] - |A| - [06/04/2018 15:08:20] - (.Copyright 2002 SRS Labs, Inc. - TruSurroundXT Module.) - [519.9 Ko] - (3.2.0.0) - C:\Windows\System32\SRSTSX64.dll [MD5.4F443A11503A87786D1B0FA818F70D07] - |A| - [06/04/2018 15:08:20] - (.(c) 2006 SRS Labs, Inc. - WOW HD COM object for Windows.) - [162.3 Ko] - (1.1.3.0) - C:\Windows\System32\SRSWOW64.dll [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:13] - [426.5 Ko] - C:\Windows\System32\sv-SE [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:13] - [137.38 Ko] - C:\Windows\System32\sysprep [MD5.5EC92F0EAE3CA59F647C3CA5AA7CB053] - |A| - [21/11/2010 04:24:36] - (.-.) - [339.75 Ko] - (0.0.0.0) - C:\Windows\System32\systemsf.ebd [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:13] - [354.51 Ko] - C:\Windows\System32\Tasks [MD5.47F22CAD4A16BB40153555D631546B94] - |A| - [10/06/2009 22:01:25] - (.-.) - [58.71 Ko] - (0.0.0.0) - C:\Windows\System32\tcpmon.ini [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:13] - [157 Ko] - C:\Windows\System32\th-TH [MD5.DB367E8C8F46C26A05BA982715CC0DB5] - |A| - [19/12/2012 08:42:10] - (.Copyright (c) 2009 Pixart Imaging Inc. - pximouse.) - [235.5 Ko] - (1.0.0.2) - C:\Windows\System32\TiltWheelMouse.exe [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:13] - [424 Ko] - C:\Windows\System32\tr-TR [MD5.0BE2764224CDD6761CA7E2F6049371EE] - |A| - [09/01/2016 12:21:34] - (.-.) - [2.21 Ko] - (0.0.0.0) - C:\Windows\System32\ud-boot-time.cmd [MD5.B3B4930A79F188C536E83BE1897C44AF] - |A| - [09/01/2016 12:21:34] - (.-.) - [0.1 Ko] - (0.0.0.0) - C:\Windows\System32\ud-boot-time.ini [MD5.67417484B3CC269275CA33DBBE48402B] - |A| - [17/12/2016 05:23:16] - (.Copyright © 2007-2016 UltraDefrag Development Team - UltraDefrag debugger.) - [174 Ko] - (7.0.2.0) - C:\Windows\System32\udefrag-dbg.exe [MD5.D52DBA2DEF71F5F26E28105BE44D98BD] - |A| - [17/12/2016 05:20:32] - (.Copyright © 2007-2015 UltraDefrag Development Team - UltraDefrag common procedures.) - [77.5 Ko] - (7.0.2.0) - C:\Windows\System32\udefrag.dll [MD5.7A1C5CBFD0922D24CE3995532069A044] - |A| - [17/12/2016 05:21:32] - (.Copyright © 2007-2016 UltraDefrag Development Team - UltraDefrag console interface.) - [1566 Ko] - (7.0.2.0) - C:\Windows\System32\udefrag.exe [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:13] - [166.5 Ko] - C:\Windows\System32\uk-UA [MD5.05F9840831C29F5BE93AD8BE810D5614] - |A| - [14/07/2009 05:45:37] - (.-.) - [18 Ko] - (0.0.0.0) - C:\Windows\System32\umstartup.etl [MD5.F736AA948D0C3CBCE212B7B2CB0EF115] - |A| - [14/07/2009 05:45:37] - (.-.) - [45 Ko] - (0.0.0.0) - C:\Windows\System32\umstartup000.etl [MD5.5450A69087D2F6955A253CB2BF86503C] - |A| - [08/12/2017 23:24:44] - (.Copyright (C) 2015-2017 - Vulkan Loader.) - [906.8 Ko] - (1.0.65.1) - C:\Windows\System32\vulkan-1-1-0-65-1.dll [MD5.5450A69087D2F6955A253CB2BF86503C] - |A| - [30/03/2018 00:33:02] - (.Copyright (C) 2015-2017 - Vulkan Loader.) - [906.8 Ko] - (1.0.65.1) - C:\Windows\System32\vulkan-1.dll [MD5.95253BF8F996BEA19BFA974F61277E87] - |A| - [08/12/2017 23:24:32] - (.-.) - [577.8 Ko] - (0.0.0.0) - C:\Windows\System32\vulkaninfo-1-1-0-65-1.exe [MD5.95253BF8F996BEA19BFA974F61277E87] - |A| - [30/03/2018 00:33:02] - (.-.) - [577.8 Ko] - (0.0.0.0) - C:\Windows\System32\vulkaninfo.exe [MD5.00000000000000000000000000000000] - |D| - [03/03/2017 00:27:40] - [1754.83 Ko] - C:\Windows\System32\Wat [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [46871.88 Ko] - C:\Windows\System32\wbem [MD5.00000000000000000000000000000000] - |D| - [21/11/2010 08:06:50] - [60.46 Ko] - C:\Windows\System32\WCN [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [34959.16 Ko] - C:\Windows\System32\wdi [MD5.6EDD021A8B6457DDE09DE7B7FA4E8C8B] - |A| - [13/07/2009 22:54:15] - (.-.) - [0.6 Ko] - (0.0.0.0) - C:\Windows\System32\WdsUnattendTemplate.xml [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [0 Ko] - C:\Windows\System32\wfp [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 06:32:38] - [0 Ko] - C:\Windows\System32\WinBioDatabase [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 06:32:38] - [73.5 Ko] - C:\Windows\System32\WinBioPlugIns [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 06:32:38] - [8665.44 Ko] - C:\Windows\System32\WindowsPowerShell [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [43328 Ko] - C:\Windows\System32\winevt [MD5.00000000000000000000000000000000] - |D| - [21/11/2010 08:06:51] - [99.06 Ko] - C:\Windows\System32\winrm [MD5.A2473CC88ABA67391CE7929E5C69E767] - |A| - [17/03/2018 11:58:18] - (.Copyright © 2005-2010 CACE Technologies. Copyright © 1999-2005 NetGroup, Politecnico di Torino. - wpcap.dll Dynamic Link Library - based on libpcap 1.0rel0b branch (20091008).) - [360.52 Ko] - (4.1.0.2001) - C:\Windows\System32\wpcap.dll [MD5.549347BCD4AACD63243D78E8F869DBB1] - |A| - [06/04/2018 15:34:32] - (.Copyright © 2008 - OpenAL32.) - [455.52 Ko] - (2.2.0.5) - C:\Windows\System32\wrap_oal.dll [MD5.36CC6972E4AC5EAD821DA8F56004C36C] - |A| - [17/12/2016 05:20:26] - (.Copyright © 2007-2013 UltraDefrag Development Team - ZenWINX library.) - [363 Ko] - (7.0.2.0) - C:\Windows\System32\zenwinx.dll [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [336.5 Ko] - C:\Windows\System32\zh-CN [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [258.5 Ko] - C:\Windows\System32\zh-HK [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [337 Ko] - C:\Windows\System32\zh-TW [MD5.00000000000000000000000000000000] - |D| - [21/11/2010 08:06:51] - [0 Ko] - C:\Windows\SysWOW64\0409 [MD5.873A1488B67B185C06E57E09D8A598C0] - |A| - [11/02/2014 10:11:16] - (.-.) - [266.74 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\Adpush.dll [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [2258.5 Ko] - C:\Windows\SysWOW64\AdvancedInstallers [MD5.98851BABE0ADD4E79B86433151DD2AF1] - |A| - [07/10/2008 09:13:20] - (.-.) - [57.27 Ko] - (8.9.25.0) - C:\Windows\SysWOW64\AgCPanelFrench.dll [MD5.143EC9C7D18154DBB0760C3FB653EF31] - |A| - [07/10/2008 09:13:20] - (.-.) - [57.27 Ko] - (8.9.26.0) - C:\Windows\SysWOW64\AgCPanelGerman.dll [MD5.7F816BA97FE0CE01ACB51D9DDC0F188A] - |A| - [07/10/2008 09:13:20] - (.-.) - [57.27 Ko] - (8.9.25.0) - C:\Windows\SysWOW64\AgCPanelJapanese.dll [MD5.D5BD2F5CE4CD83935B54C37E9CB47F22] - |A| - [07/10/2008 09:13:20] - (.-.) - [57.27 Ko] - (8.9.18.0) - C:\Windows\SysWOW64\AgCPanelKorean.dll [MD5.905386712352370426133C0CE0E428A5] - |A| - [07/10/2008 09:13:20] - (.-.) - [57.27 Ko] - (8.9.25.0) - C:\Windows\SysWOW64\AgCPanelPortugese.dll [MD5.FF6BCD4B9B2DEF42289341EB7C200599] - |A| - [07/10/2008 09:13:20] - (.-.) - [57.27 Ko] - (8.9.25.0) - C:\Windows\SysWOW64\AgCPanelSimplifiedChinese.dll [MD5.2733F70228CCA6D0E3162CF5E1DD5716] - |A| - [07/10/2008 09:13:20] - (.-.) - [57.27 Ko] - (8.9.25.0) - C:\Windows\SysWOW64\AgCPanelSpanish.dll [MD5.76AA46B94C490518412FBA431515EF9C] - |A| - [07/10/2008 09:13:20] - (.-.) - [57.27 Ko] - (8.9.25.0) - C:\Windows\SysWOW64\AgCPanelSwedish.dll [MD5.3EB00E82E0A3339E0B31220628E3D49D] - |A| - [07/10/2008 09:13:22] - (.-.) - [57.27 Ko] - (8.9.25.0) - C:\Windows\SysWOW64\AgCPanelTraditionalChinese.dll [MD5.00000000000000000000000000000000] - |D| - [03/10/2017 19:52:39] - [635.71 Ko] - C:\Windows\SysWOW64\AGEIA [MD5.00000000000000000000000000000000] - |SHD| - [08/04/2017 19:23:08] - [0 Ko] - C:\Windows\SysWOW64\AI_RecycleBin [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [201.5 Ko] - C:\Windows\SysWOW64\ar-SA [MD5.00000000000000000000000000000000] - |D| - [14/04/2018 16:47:03] - [773.53 Ko] - C:\Windows\SysWOW64\athan [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [173 Ko] - C:\Windows\SysWOW64\bg-BG [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [0 Ko] - C:\Windows\SysWOW64\catroot [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [0 Ko] - C:\Windows\SysWOW64\catroot2 [MD5.57741342CB514072D26EF56B9EF95C86] - |A| - [11/04/2013 11:55:56] - (.Copyright 1999 - 2007 - CDDBControl Core Module.) - [777.49 Ko] - (2.5.0.104) - C:\Windows\SysWOW64\CDDBControl.dll [MD5.99A44759C589DF319376B29724DFBAEB] - |A| - [11/04/2013 11:55:56] - (.Copyright © 2003-2007 - CddbLangDE.) - [101.49 Ko] - (2.5.0.104) - C:\Windows\SysWOW64\CddbLangDE.dll [MD5.889293D30D3F7A459EA4C00FAF006B1B] - |A| - [11/04/2013 11:55:56] - (.Copyright © 2003-2007 - CddbLangES.) - [101.49 Ko] - (2.5.0.104) - C:\Windows\SysWOW64\CddbLangES.dll [MD5.C69B5427BCCA7BD1ABEE933B9CD41989] - |A| - [11/04/2013 11:55:56] - (.Copyright © 2003-2007 - CddbLangFR.) - [101.49 Ko] - (2.5.0.104) - C:\Windows\SysWOW64\CddbLangFR.dll [MD5.1E4ADA579CF04AAE901F14970604078E] - |A| - [11/04/2013 11:55:56] - (.Copyright © 2003-2007 - CddbLangJA.) - [81.49 Ko] - (2.5.0.104) - C:\Windows\SysWOW64\CddbLangJA.dll [MD5.CDF4D8D1717F22F9BD5DFA9E44842757] - |A| - [11/04/2013 11:55:56] - (.Copyright © 2003-2007 - CddbLangRU.) - [165.49 Ko] - (2.5.0.104) - C:\Windows\SysWOW64\CddbLangRU.dll [MD5.F525176D64D23A4C4B27DD6BCCD96F4E] - |A| - [11/04/2013 11:55:56] - (.Copyright 2001 - 2007 - CDDBUIControl Module.) - [789.49 Ko] - (2.5.0.104) - C:\Windows\SysWOW64\CDDBUI.dll [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [302.5 Ko] - C:\Windows\SysWOW64\com [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [87673.72 Ko] - C:\Windows\SysWOW64\config [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [06/04/2018 11:40:00] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\config.nt [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [427.5 Ko] - C:\Windows\SysWOW64\cs-CZ [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [422.5 Ko] - C:\Windows\SysWOW64\da-DK [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [452 Ko] - C:\Windows\SysWOW64\de-DE [MD5.00000000000000000000000000000000] - |D| - [04/03/2017 14:08:37] - [0 Ko] - C:\Windows\SysWOW64\directx [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [4135 Ko] - C:\Windows\SysWOW64\Dism [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [3650.8 Ko] - C:\Windows\SysWOW64\drivers [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [1.05 Ko] - C:\Windows\SysWOW64\DriverStore [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [451.5 Ko] - C:\Windows\SysWOW64\el-GR [MD5.00000000000000000000000000000000] - |D| - [21/11/2010 08:06:51] - [1648 Ko] - C:\Windows\SysWOW64\en [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [32565.59 Ko] - C:\Windows\SysWOW64\en-US [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [443 Ko] - C:\Windows\SysWOW64\es-ES [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [160.5 Ko] - C:\Windows\SysWOW64\et-EE [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [425 Ko] - C:\Windows\SysWOW64\fi-FI [MD5.DB7F509C06B9407ABD08F024D134F98D] - |A| - [01/10/2012 20:31:20] - (.- Microsoft® Forms DLL.) - [1131.11 Ko] - (15.0.4420.1017) - C:\Windows\SysWOW64\FM20.DLL [MD5.2E3D0E3185C825AFE912F19FFE5B1CDD] - |A| - [01/10/2012 20:34:38] - (.- Microsoft® Forms International DLL.) - [31.14 Ko] - (15.0.4420.1017) - C:\Windows\SysWOW64\FM20ENU.DLL [MD5.8325226445ADCF543F32A9D887AF3916] - |A| - [01/10/2012 20:47:14] - (.- Microsoft® Forms International DLL.) - [35.14 Ko] - (15.0.4420.1017) - C:\Windows\SysWOW64\FM20FRA.DLL [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [449 Ko] - C:\Windows\SysWOW64\fr-FR [MD5.ADA72AB50C38E3C8D8E3F421E6D6D58E] - |A| - [03/11/2011 10:27:53] - (.-.) - [540 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\FS2AUDIO.dll [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 06:32:38] - [0 Ko] - C:\Windows\SysWOW64\FxsTmp [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [0 Ko] - C:\Windows\SysWOW64\GroupPolicy [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [0 Ko] - C:\Windows\SysWOW64\GroupPolicyUsers [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [191.5 Ko] - C:\Windows\SysWOW64\he-IL [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [168 Ko] - C:\Windows\SysWOW64\hr-HR [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [429 Ko] - C:\Windows\SysWOW64\hu-HU [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [36.27 Ko] - C:\Windows\SysWOW64\icsxml [MD5.F330471963CD293E14F91B7423311703] - |A| - [11/02/2014 10:12:00] - (.-.) - [303.74 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\IVTCredentialProvider.dll [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [361 Ko] - C:\Windows\SysWOW64\ja-JP [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [356.5 Ko] - C:\Windows\SysWOW64\ko-KR [MD5.C1B7AB03AC2F3C990A40BC2E18E02CF1] - |A| - [14/07/2009 03:35:50] - (.-.) - [11687.04 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\korwbrkr.lex [MD5.138DBA9A3CF3170A57F58F02271416D1] - |A| - [03/03/2017 10:44:55] - (.-.) - [0.03 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\log.txt [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 06:32:38] - [0 Ko] - C:\Windows\SysWOW64\LogFiles [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [165 Ko] - C:\Windows\SysWOW64\lt-LT [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [166 Ko] - C:\Windows\SysWOW64\lv-LV [MD5.00000000000000000000000000000000] - |D| - [03/03/2017 10:55:34] - [42084.99 Ko] - C:\Windows\SysWOW64\Macromed [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [1968.26 Ko] - C:\Windows\SysWOW64\manifeststore [MD5.98071B6EE16AA76DABFF377A5DC69C86] - |A| - [14/07/2009 05:55:01] - (.-.) - [0.52 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\mapisvc.inf [MD5.EFAB27C1AF25E009CB33CB9A56B3AF2C] - |A| - [06/04/2018 15:08:14] - (.Copyright (c) 2006-2011 Creative Technology Ltd. - Creative Audio Processing Object Module.) - [750.79 Ko] - (1.0.62.0) - C:\Windows\SysWOW64\MBAPO32.dll [MD5.00000000000000000000000000000000] - |SD| - [04/04/2017 18:57:05] - [0 Ko] - C:\Windows\SysWOW64\Microsoft [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [3178.93 Ko] - C:\Windows\SysWOW64\migration [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [32737.45 Ko] - C:\Windows\SysWOW64\migwiz [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [52.28 Ko] - C:\Windows\SysWOW64\Msdtc [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [11.33 Ko] - C:\Windows\SysWOW64\MUI [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [418 Ko] - C:\Windows\SysWOW64\nb-NO [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [0 Ko] - C:\Windows\SysWOW64\NDF [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [51 Ko] - C:\Windows\SysWOW64\NetworkList [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [438.5 Ko] - C:\Windows\SysWOW64\nl-NL [MD5.1C96B3DA6ABE5E18B63C64DF75884F6A] - |A| - [14/07/2009 03:35:50] - (.-.) - [1.45 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\noise.kor [MD5.086279344068D7029717526620409786] - |A| - [30/03/2018 00:31:08] - (.-.) - [0.65 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\nv-vk32.json [MD5.235355A8DD26903E75D5E812ECF50E53] - |A| - [06/04/2018 15:34:32] - (.Copyright (C) 2000-2006 - Standard OpenAL(TM) Implementation.) - [106.52 Ko] - (6.14.357.24) - C:\Windows\SysWOW64\OpenAL32.dll [MD5.1250BEF11BFA086F772CD2A273BC036E] - |A| - [17/03/2018 11:58:18] - (.Copyright © 2005-2010 CACE Technologies. Copyright © 1999-2005 NetGroup, Politecnico di Torino. - packet.dll (Vista) Dynamic Link Library.) - [94.52 Ko] - (4.1.0.2001) - C:\Windows\SysWOW64\packet.dll [MD5.B7795BC96C1CEB86E04E8DC843E9C784] - |A| - [10/06/2009 22:17:19] - (.-.) - [113.56 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\PerfCenterCpl.ico [MD5.508D70B04614EC79B5F584CFB61E26B4] - |A| - [02/03/2017 22:36:08] - (.-.) - [765.66 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\PerfStringBackup.INI [MD5.EE21928C80012525513D4D942248CA79] - |A| - [07/10/2008 09:13:30] - (.-.) - [193.27 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\physxcudart_20.dll [MD5.B3B92FE7AB4341A7CBB8D321A3C3982F] - |A| - [04/12/2008 09:28:20] - (.Copyright (C) 2008 - NVIDIA PhysX Device Module.) - [23.77 Ko] - (8.12.2.0) - C:\Windows\SysWOW64\PhysXDevice.dll [MD5.ADA72AB50C38E3C8D8E3F421E6D6D58E] - |A| - [07/03/2017 10:49:40] - (.-.) - [540 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\RAASAUDIO32.dll [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [23.75 Ko] - C:\Windows\SysWOW64\ras [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [0.64 Ko] - C:\Windows\SysWOW64\Recovery [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 06:32:38] - [0 Ko] - C:\Windows\SysWOW64\restore [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [169 Ko] - C:\Windows\SysWOW64\ro-RO [MD5.00000000000000000000000000000000] - |D| - [03/03/2017 10:51:14] - [4551.38 Ko] - C:\Windows\SysWOW64\RTCOM [MD5.03944ABAE856DC164BD167526E07E953] - |A| - [28/09/2012 20:45:08] - (.-.) - [241.5 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\rtvcvfw32.dll [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [429.5 Ko] - C:\Windows\SysWOW64\ru-RU [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [169.5 Ko] - C:\Windows\SysWOW64\sk-SK [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [166 Ko] - C:\Windows\SysWOW64\sl-SI [MD5.00000000000000000000000000000000] - |D| - [21/11/2010 08:06:51] - [37.8 Ko] - C:\Windows\SysWOW64\slmgr [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [2800 Ko] - C:\Windows\SysWOW64\Speech [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [1142.37 Ko] - C:\Windows\SysWOW64\spp [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [30.19 Ko] - C:\Windows\SysWOW64\sppui [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [170 Ko] - C:\Windows\SysWOW64\sr-Latn-CS [MD5.DC7A3BC0FC185CD68848DC6F7D7B026B] - |A| - [01/10/2017 22:11:29] - (. - Subclassing and Timer Assistant, modified for configurable message response, multi control support and bug fixed for timer errors..) - [40 Ko] - (1.1.0.3) - C:\Windows\SysWOW64\ssubtmr6.dll [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [421.5 Ko] - C:\Windows\SysWOW64\sv-SE [MD5.00000000000000000000000000000000] - |D| - [21/11/2010 08:06:51] - [0 Ko] - C:\Windows\SysWOW64\sysprep [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [0 Ko] - C:\Windows\SysWOW64\Tasks [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [157 Ko] - C:\Windows\SysWOW64\th-TH [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [419 Ko] - C:\Windows\SysWOW64\tr-TR [MD5.9DA47152D05EE4FC177A7AB5DDB9C236] - |A| - [01/10/2017 22:11:29] - (.-.) - [36 Ko] - (1.0.0.0) - C:\Windows\SysWOW64\trayicon_handler.ocx [MD5.60FEE6F524865950EF0A40D49F969320] - |A| - [02/10/2017 08:07:35] - (.-.) - [174.5 Ko] - (4.20.100.526) - C:\Windows\SysWOW64\unrar.dll [MD5.15BD0F8D507546F512EE5D73C3721FA8] - |A| - [14/07/2009 03:35:41] - (.Copyright © 2000 - vfpodbc.) - [20.05 Ko] - (1.0.2.0) - C:\Windows\SysWOW64\vfpodbc.dll [MD5.9B6662C9E6FE28223F8514570E9E96AD] - |A| - [11/02/2014 10:12:14] - (.-.) - [69.24 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\VMProtectSDK32.dll [MD5.ECAD282D3035068CFB021D159C91B514] - |A| - [08/12/2017 23:25:12] - (.Copyright (C) 2015-2017 - Vulkan Loader.) - [779.8 Ko] - (1.0.65.1) - C:\Windows\SysWOW64\vulkan-1-1-0-65-1.dll [MD5.ECAD282D3035068CFB021D159C91B514] - |A| - [30/03/2018 00:33:02] - (.Copyright (C) 2015-2017 - Vulkan Loader.) - [779.8 Ko] - (1.0.65.1) - C:\Windows\SysWOW64\vulkan-1.dll [MD5.35065D5FFEFB6886F77AA6A7E5DF901B] - |A| - [08/12/2017 23:25:00] - (.-.) - [479.3 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\vulkaninfo-1-1-0-65-1.exe [MD5.35065D5FFEFB6886F77AA6A7E5DF901B] - |A| - [30/03/2018 00:33:02] - (.-.) - [479.3 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\vulkaninfo.exe [MD5.00000000000000000000000000000000] - |D| - [03/03/2017 00:27:40] - [237.33 Ko] - C:\Windows\SysWOW64\Wat [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [9058.19 Ko] - C:\Windows\SysWOW64\wbem [MD5.00000000000000000000000000000000] - |D| - [21/11/2010 08:06:51] - [60.46 Ko] - C:\Windows\SysWOW64\WCN [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [101.23 Ko] - C:\Windows\SysWOW64\wdi [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 06:32:38] - [8539.71 Ko] - C:\Windows\SysWOW64\WindowsPowerShell [MD5.00000000000000000000000000000000] - |D| - [21/11/2010 08:06:51] - [99.06 Ko] - C:\Windows\SysWOW64\winrm [MD5.190FB481D293D85B507D071E75BCB05C] - |A| - [17/03/2018 11:58:18] - (.Copyright © 2005-2010 CACE Technologies. Copyright © 1999-2005 NetGroup, Politecnico di Torino. - wpcap.dll Dynamic Link Library - based on libpcap 1.0rel0b branch (20091008).) - [274.52 Ko] - (4.1.0.2001) - C:\Windows\SysWOW64\wpcap.dll [MD5.D494267BC169604FAC5E3679B9A97FED] - |A| - [06/04/2018 15:34:32] - (.Copyright © 2008 - OpenAL32.) - [434.52 Ko] - (2.2.0.5) - C:\Windows\SysWOW64\wrap_oal.dll [MD5.00000000000000000000000000000000] - |D| - [06/04/2018 15:33:59] - [137.65 Ko] - C:\Windows\SysWOW64\xlive [MD5.340292C12C3533CE83BDC694D27A261E] - |A| - [09/04/2011 18:55:28] - (.-.) - [175.06 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\xlive.dll.cat [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [333.5 Ko] - C:\Windows\SysWOW64\zh-CN [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [255.5 Ko] - C:\Windows\SysWOW64\zh-HK [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [334 Ko] - C:\Windows\SysWOW64\zh-TW ---------- | Shell Folders [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] "!Do not use this registry key"=Use the SHGetFolderPath or SHGetKnownFolderPath function instead "AppData"=C:\Users\cap2north\AppData\Roaming [02/03/2017 19:53:18] "Local AppData"=C:\Users\cap2north\AppData\Local [02/03/2017 19:53:18] "My Video"=E:\Users\cap2north\Videos [03/03/2017 10:07:26] "{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"=C:\Users\cap2north\AppData\Roaming\Microsoft\Windows\Libraries [02/03/2017 19:53:28] "My Pictures"=E:\Users\cap2north\Pictures [03/03/2017 10:07:10] "Desktop"=C:\Users\cap2north\Desktop [02/03/2017 19:53:18] "History"=C:\Users\cap2north\AppData\Local\Microsoft\Windows\History [02/03/2017 19:53:18] "NetHood"=C:\Users\cap2north\AppData\Roaming\Microsoft\Windows\Network Shortcuts [02/03/2017 19:53:18] "{56784854-C6CB-462B-8169-88E350ACB882}"=C:\Users\cap2north\Contacts [02/03/2017 19:53:21] "Cookies"=C:\Users\cap2north\AppData\Roaming\Microsoft\Windows\Cookies [02/03/2017 19:53:18] "Favorites"=C:\Users\cap2north\Favorites [02/03/2017 19:53:18] "SendTo"=C:\Users\cap2north\AppData\Roaming\Microsoft\Windows\SendTo [02/03/2017 19:53:18] "Start Menu"=C:\Users\cap2north\AppData\Roaming\Microsoft\Windows\Start Menu [02/03/2017 19:53:18] "My Music"=E:\Users\cap2north\Music [03/03/2017 10:06:57] "Programs"=C:\Users\cap2north\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [02/03/2017 19:53:18] "Recent"=C:\Users\cap2north\AppData\Roaming\Microsoft\Windows\Recent [02/03/2017 19:53:18] "CD Burning"=C:\Users\cap2north\AppData\Local\Microsoft\Windows\Burn\Burn [02/03/2017 19:53:32] "PrintHood"=C:\Users\cap2north\AppData\Roaming\Microsoft\Windows\Printer Shortcuts [02/03/2017 19:53:18] "{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}"=C:\Users\cap2north\Searches [02/03/2017 19:53:28] "{374DE290-123F-4565-9164-39C4925E467B}"=E:\Users\cap2north\Downloads [03/03/2017 10:05:56] "{A520A1A4-1780-4FF6-BD18-167343C5AF16}"=C:\Users\cap2north\AppData\LocalLow [02/03/2017 19:53:18] "Startup"=C:\Users\cap2north\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup "Administrative Tools"=C:\Users\cap2north\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [02/03/2017 19:53:28] "Personal"=E:\Users\cap2north\Documents [03/03/2017 10:06:39] "{BFB9D5E0-C6A9-404C-B2B2-AE6DB6AF4968}"=C:\Users\cap2north\Links [02/03/2017 19:53:18] "Cache"=C:\Users\cap2north\AppData\Local\Microsoft\Windows\Temporary Internet Files [02/03/2017 19:53:18] "Templates"=C:\Users\cap2north\AppData\Roaming\Microsoft\Windows\Templates [02/03/2017 19:53:18] "{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}"=C:\Users\cap2north\Saved Games [02/03/2017 19:53:18] "Fonts"=C:\Windows\Fonts [14/07/2009 04:20:09] [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders] "AppData"=%USERPROFILE%\AppData\Roaming "Cache"=%USERPROFILE%\AppData\Local\Microsoft\Windows\Temporary Internet Files "Cookies"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Cookies "Desktop"=%USERPROFILE%\Desktop "Favorites"=%USERPROFILE%\Favorites "History"=%USERPROFILE%\AppData\Local\Microsoft\Windows\History "Local AppData"=%USERPROFILE%\AppData\Local "My Music"=E:\Users\cap2north\Music [03/03/2017 10:06:57] "My Pictures"=E:\Users\cap2north\Pictures [03/03/2017 10:07:10] "My Video"=E:\Users\cap2north\Videos [03/03/2017 10:07:26] "NetHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Network Shortcuts "Personal"=E:\Users\cap2north\Documents [03/03/2017 10:06:39] "Programs"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs "Recent"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Recent "SendTo"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\SendTo "Startup"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup "Start Menu"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu "Templates"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Templates "{374DE290-123F-4565-9164-39C4925E467B}"=E:\Users\cap2north\Downloads [03/03/2017 10:05:56] "PrintHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Printer Shortcuts [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] "Common Desktop"=C:\Users\Public\Desktop [14/07/2009 04:20:08] "Common Start Menu"=C:\ProgramData\Microsoft\Windows\Start Menu [14/07/2009 04:20:08] "CommonVideo"=C:\Users\Public\Videos [14/07/2009 04:20:08] "CommonPictures"=C:\Users\Public\Pictures [14/07/2009 04:20:08] "Common Programs"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs [14/07/2009 04:20:08] "CommonMusic"=C:\Users\Public\Music [14/07/2009 04:20:08] "Common Administrative Tools"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [14/07/2009 06:32:38] "Common Startup"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup "Common Documents"=C:\Users\Public\Documents [14/07/2009 04:20:08] "OEM Links"=C:\ProgramData\OEM Links "Common Templates"=C:\ProgramData\Microsoft\Windows\Templates [14/07/2009 04:20:08] "Common AppData"=C:\ProgramData [14/07/2009 04:20:08] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders] "Common Desktop"=%PUBLIC%\Desktop "Common Documents"=%PUBLIC%\Documents "CommonPictures"=%PUBLIC%\Pictures "CommonMusic"=%PUBLIC%\Music "CommonVideo"=%PUBLIC%\Videos "{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"=%PUBLIC%\Downloads "Common Start Menu"=%ProgramData%\Microsoft\Windows\Start Menu "Common Programs"=%ProgramData%\Microsoft\Windows\Start Menu\Programs "Common Startup"=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup "Common AppData"=%ProgramData% "Common Templates"=%ProgramData%\Microsoft\Windows\Templates [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] "Common Desktop"=C:\Users\Public\Desktop [14/07/2009 04:20:08] "Common Start Menu"=C:\ProgramData\Microsoft\Windows\Start Menu [14/07/2009 04:20:08] "CommonVideo"=C:\Users\Public\Videos [14/07/2009 04:20:08] "CommonPictures"=C:\Users\Public\Pictures [14/07/2009 04:20:08] "Common Programs"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs [14/07/2009 04:20:08] "CommonMusic"=C:\Users\Public\Music [14/07/2009 04:20:08] "Common Administrative Tools"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [14/07/2009 06:32:38] "Common Startup"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup "Common Documents"=C:\Users\Public\Documents [14/07/2009 04:20:08] "OEM Links"=C:\ProgramData\OEM Links "Common Templates"=C:\ProgramData\Microsoft\Windows\Templates [14/07/2009 04:20:08] "Common AppData"=C:\ProgramData [14/07/2009 04:20:08] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders] "Common Desktop"=%PUBLIC%\Desktop "Common Documents"=%PUBLIC%\Documents "CommonPictures"=%PUBLIC%\Pictures "CommonMusic"=%PUBLIC%\Music "CommonVideo"=%PUBLIC%\Videos "{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"=%PUBLIC%\Downloads "Common Start Menu"=%ProgramData%\Microsoft\Windows\Start Menu "Common Programs"=%ProgramData%\Microsoft\Windows\Start Menu\Programs "Common Startup"=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup "Common AppData"=%ProgramData% "Common Templates"=%ProgramData%\Microsoft\Windows\Templates ---------- | [cap2north] [07/04/2017 20:01:09] - |D| - [402820] - C:\Users\cap2north\.gimp-2.8 [17/07/2017 23:25:26] - |D| - [315] - C:\Users\cap2north\.thumbnails [29/01/2018 21:42:27] - |D| - [0] - C:\Users\cap2north\ansel [02/03/2017 19:53:18] - |HD| - [1503034109] - C:\Users\cap2north\AppData [02/03/2017 19:53:18] - |SHD| - [0] - C:\Users\cap2north\Application Data [15/01/2018 21:27:46] - |A| - [297] - C:\Users\cap2north\Application Mover.cfg [02/03/2017 19:53:21] - |RD| - [45012] - C:\Users\cap2north\Contacts [02/03/2017 19:53:18] - |SHD| - [0] - C:\Users\cap2north\Cookies [02/03/2017 19:53:18] - |RD| - [314203658] - C:\Users\cap2north\Desktop [02/03/2017 19:53:18] - |RD| - [13941] - C:\Users\cap2north\Favorites [03/03/2017 09:44:34] - |D| - [1427176] - C:\Users\cap2north\Intel [02/03/2017 19:53:18] - |RD| - [8253399] - C:\Users\cap2north\Links [02/03/2017 19:53:18] - |SHD| - [0] - C:\Users\cap2north\Local Settings [02/03/2017 19:53:18] - |D| - [0] - C:\Users\cap2north\Music [02/03/2017 19:53:18] - |SHD| - [0] - C:\Users\cap2north\My Documents [02/03/2017 19:53:18] - |SHD| - [0] - C:\Users\cap2north\NetHood [02/03/2017 19:53:18] - |ASH| - [3670016] - C:\Users\cap2north\NTUSER.DAT [02/03/2017 19:53:18] - |ASH| - [262144] - C:\Users\cap2north\ntuser.dat.LOG1 [02/03/2017 19:53:18] - |ASH| - [0] - C:\Users\cap2north\ntuser.dat.LOG2 [02/03/2017 19:53:18] - |ASH| - [65536] - C:\Users\cap2north\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [02/03/2017 19:53:18] - |ASH| - [524288] - C:\Users\cap2north\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [02/03/2017 19:53:18] - |ASH| - [524288] - C:\Users\cap2north\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [02/03/2017 19:53:18] - |SH| - [20] - C:\Users\cap2north\ntuser.ini [02/03/2017 19:53:18] - |D| - [0] - C:\Users\cap2north\Pictures [02/03/2017 19:53:18] - |SHD| - [0] - C:\Users\cap2north\PrintHood [02/03/2017 19:53:18] - |SHD| - [0] - C:\Users\cap2north\Recent [02/03/2017 19:53:18] - |RD| - [282] - C:\Users\cap2north\Saved Games [02/03/2017 19:53:28] - |RD| - [1949] - C:\Users\cap2north\Searches [02/03/2017 19:53:18] - |SHD| - [0] - C:\Users\cap2north\SendTo [02/03/2017 19:53:18] - |SHD| - [0] - C:\Users\cap2north\Start Menu [02/03/2017 19:53:18] - |SHD| - [0] - C:\Users\cap2north\Templates [02/03/2017 19:53:18] - |D| - [0] - C:\Users\cap2north\Videos [02/03/2017 19:53:18] - |D| - [777855307] - C:\Users\cap2north\AppData\Local [02/03/2017 19:53:18] - |D| - [649323] - C:\Users\cap2north\AppData\LocalLow [02/03/2017 19:53:18] - |D| - [724529479] - C:\Users\cap2north\AppData\Roaming [03/03/2017 09:21:02] - |D| - [23632010] - C:\Users\cap2north\AppData\Local\Adobe [01/10/2017 22:29:08] - |D| - [82] - C:\Users\cap2north\AppData\Local\Aimersoft [04/10/2017 11:08:07] - |D| - [352] - C:\Users\cap2north\AppData\Local\Aiseesoft Studio [26/01/2018 22:42:45] - |D| - [0] - C:\Users\cap2north\AppData\Local\Apple [02/03/2017 19:53:18] - |SHD| - [0] - C:\Users\cap2north\AppData\Local\Application Data [03/02/2018 21:07:39] - |D| - [2347294] - C:\Users\cap2north\AppData\Local\Apps [21/01/2018 21:26:29] - |D| - [16804] - C:\Users\cap2north\AppData\Local\cache [03/03/2017 10:58:27] - |D| - [446642] - C:\Users\cap2north\AppData\Local\CEF [04/03/2017 12:14:04] - |D| - [0] - C:\Users\cap2north\AppData\Local\CrashDumps [03/02/2018 21:07:39] - |D| - [0] - C:\Users\cap2north\AppData\Local\Deployment [02/03/2017 19:55:26] - |D| - [0] - C:\Users\cap2north\AppData\Local\Diagnostics [21/01/2018 21:29:06] - |D| - [30956032] - C:\Users\cap2north\AppData\Local\Downloaded Installations [06/02/2018 20:54:11] - |D| - [6604184] - C:\Users\cap2north\AppData\Local\F-Secure [01/10/2017 22:02:56] - |D| - [2157744] - C:\Users\cap2north\AppData\Local\FlightSimLabs [07/04/2017 20:01:10] - |D| - [2481436] - C:\Users\cap2north\AppData\Local\fontconfig [06/02/2018 20:55:42] - |D| - [0] - C:\Users\cap2north\AppData\Local\FSDART [21/06/2018 22:00:55] - |A| - [150064] - C:\Users\cap2north\AppData\Local\GDIPFONTCACHEV1.DAT [07/04/2017 20:01:09] - |D| - [660] - C:\Users\cap2north\AppData\Local\gegl-0.2 [03/03/2017 15:25:57] - |D| - [146416267] - C:\Users\cap2north\AppData\Local\Google [17/07/2017 23:25:44] - |D| - [201] - C:\Users\cap2north\AppData\Local\gtk-2.0 [02/03/2017 19:53:18] - |SHD| - [0] - C:\Users\cap2north\AppData\Local\History [21/01/2018 22:23:19] - |D| - [6062] - C:\Users\cap2north\AppData\Local\Hisuite [03/10/2017 22:49:16] - |AH| - [5548925] - C:\Users\cap2north\AppData\Local\IconCache.db [03/03/2017 17:20:48] - |D| - [1937] - C:\Users\cap2north\AppData\Local\IsolatedStorage [02/03/2017 19:53:18] - |D| - [200235452] - C:\Users\cap2north\AppData\Local\Microsoft [11/07/2017 13:04:41] - |D| - [0] - C:\Users\cap2north\AppData\Local\Microsoft Game Studios [04/04/2017 19:20:06] - |D| - [0] - C:\Users\cap2north\AppData\Local\Microsoft Help [02/10/2017 07:49:36] - |D| - [335876] - C:\Users\cap2north\AppData\Local\Nero [17/03/2018 11:58:37] - |D| - [557052] - C:\Users\cap2north\AppData\Local\NETGEARGenie [03/03/2017 10:58:26] - |D| - [92246241] - C:\Users\cap2north\AppData\Local\NVIDIA [03/03/2017 10:58:26] - |D| - [168946029] - C:\Users\cap2north\AppData\Local\NVIDIA Corporation [21/10/2017 12:33:39] - |D| - [17748] - C:\Users\cap2north\AppData\Local\OCCT_-_Ocbase_-_Adrien_Me [08/04/2017 19:02:50] - |D| - [5552233] - C:\Users\cap2north\AppData\Local\Orbx [03/03/2017 15:08:06] - |D| - [128] - C:\Users\cap2north\AppData\Local\paint.net [19/01/2018 10:40:07] - |D| - [29112] - C:\Users\cap2north\AppData\Local\PickOut [03/03/2017 09:58:16] - |D| - [0] - C:\Users\cap2north\AppData\Local\Programs [30/03/2018 10:47:52] - |A| - [988] - C:\Users\cap2north\AppData\Local\recently-used.xbel [24/03/2017 18:22:48] - |A| - [7601] - C:\Users\cap2north\AppData\Local\Resmon.ResmonCfg [02/06/2017 20:16:58] - |D| - [5115842] - C:\Users\cap2north\AppData\Local\Skype [04/03/2017 14:31:43] - |D| - [2331] - C:\Users\cap2north\AppData\Local\SmartTechnology [03/03/2017 17:31:00] - |D| - [27959] - C:\Users\cap2north\AppData\Local\TA_Software [02/03/2017 19:53:18] - |D| - [5580136] - C:\Users\cap2north\AppData\Local\Temp [02/03/2017 19:53:18] - |SHD| - [0] - C:\Users\cap2north\AppData\Local\Temporary Internet Files [21/01/2018 21:11:12] - |D| - [78384476] - C:\Users\cap2north\AppData\Local\TomTom [26/01/2018 22:32:46] - |D| - [569] - C:\Users\cap2north\AppData\Local\Toon Boom Animation [02/03/2017 19:53:20] - |D| - [48838] - C:\Users\cap2north\AppData\Local\VirtualStore [03/03/2017 11:34:35] - |D| - [44032] - C:\Users\cap2north\AppData\LocalLow\Adobe [26/01/2018 22:42:21] - |D| - [361] - C:\Users\cap2north\AppData\LocalLow\Apple Computer [03/10/2017 21:13:56] - |D| - [82] - C:\Users\cap2north\AppData\LocalLow\IObit [02/03/2017 20:01:18] - |SD| - [588625] - C:\Users\cap2north\AppData\LocalLow\Microsoft [03/03/2017 10:56:36] - |D| - [16223] - C:\Users\cap2north\AppData\LocalLow\Sun [03/03/2017 09:00:37] - |D| - [2082371] - C:\Users\cap2north\AppData\Roaming\Adobe [03/10/2017 21:13:57] - |D| - [25476] - C:\Users\cap2north\AppData\Roaming\Apple Computer [02/10/2017 10:10:30] - |D| - [504] - C:\Users\cap2north\AppData\Roaming\Burnaware [30/09/2017 11:56:41] - |D| - [1701] - C:\Users\cap2north\AppData\Roaming\Canneverbe Limited [03/10/2017 20:16:46] - |D| - [0] - C:\Users\cap2north\AppData\Roaming\Corel [09/02/2018 16:09:16] - |D| - [0] - C:\Users\cap2north\AppData\Roaming\CVitae [08/01/2018 19:57:37] - |D| - [1078] - C:\Users\cap2north\AppData\Roaming\FS2Crew2010 [23/04/2018 23:09:09] - |D| - [0] - C:\Users\cap2north\AppData\Roaming\Google [27/02/2018 21:59:13] - |D| - [0] - C:\Users\cap2north\AppData\Roaming\HS_Software [02/03/2017 19:53:22] - |D| - [0] - C:\Users\cap2north\AppData\Roaming\Identities [16/06/2018 10:31:50] - |D| - [1006216] - C:\Users\cap2north\AppData\Roaming\IDM [03/10/2017 20:30:50] - |A| - [99384] - C:\Users\cap2north\AppData\Roaming\inst.exe [07/04/2017 11:59:34] - |D| - [0] - C:\Users\cap2north\AppData\Roaming\InstallShield [03/03/2017 09:44:46] - |D| - [1356] - C:\Users\cap2north\AppData\Roaming\Intel Corporation [03/10/2017 21:12:19] - |D| - [16017306] - C:\Users\cap2north\AppData\Roaming\IObit [22/07/2017 13:15:45] - |D| - [106412] - C:\Users\cap2north\AppData\Roaming\IVAO [02/10/2017 08:07:47] - |D| - [2593] - C:\Users\cap2north\AppData\Roaming\Leawo [09/03/2018 17:12:38] - |D| - [33] - C:\Users\cap2north\AppData\Roaming\Lockheed Martin [03/03/2017 10:56:19] - |D| - [2283] - C:\Users\cap2north\AppData\Roaming\Macromedia [02/03/2017 19:53:18] - |D| - [0] - C:\Users\cap2north\AppData\Roaming\Media Center Programs [02/03/2017 19:53:18] - |SD| - [17581698] - C:\Users\cap2north\AppData\Roaming\Microsoft [21/01/2018 21:21:32] - |D| - [0] - C:\Users\cap2north\AppData\Roaming\Mozilla [08/04/2017 19:25:41] - |D| - [0] - C:\Users\cap2north\AppData\Roaming\MPC-HC [21/03/2017 11:55:36] - |D| - [0] - C:\Users\cap2north\AppData\Roaming\NDSoft [01/10/2017 22:58:25] - |D| - [471565756] - C:\Users\cap2north\AppData\Roaming\Nero [03/03/2017 15:03:16] - |D| - [2417891] - C:\Users\cap2north\AppData\Roaming\Notepad++ [03/10/2017 20:30:50] - |A| - [7859] - C:\Users\cap2north\AppData\Roaming\pcouffin.cat [03/10/2017 20:30:50] - |A| - [1167] - C:\Users\cap2north\AppData\Roaming\pcouffin.inf [03/10/2017 20:30:50] - |A| - [55] - C:\Users\cap2north\AppData\Roaming\pcouffin.log [03/10/2017 20:30:50] - |A| - [82816] - C:\Users\cap2north\AppData\Roaming\pcouffin.sys [22/07/2017 18:05:26] - |D| - [156453293] - C:\Users\cap2north\AppData\Roaming\PMDG [02/10/2017 10:08:27] - |D| - [3991845] - C:\Users\cap2north\AppData\Roaming\PowerISO [21/10/2017 17:21:10] - |D| - [57] - C:\Users\cap2north\AppData\Roaming\QualityWings [01/08/2017 17:11:56] - |D| - [15248] - C:\Users\cap2north\AppData\Roaming\RAASPRO [12/04/2018 21:43:03] - |D| - [1617] - C:\Users\cap2north\AppData\Roaming\Rikoooo [07/04/2017 16:36:35] - |D| - [186568] - C:\Users\cap2north\AppData\Roaming\siw_tmp [02/06/2017 20:16:58] - |D| - [4507259] - C:\Users\cap2north\AppData\Roaming\Skype [03/03/2017 10:56:29] - |D| - [0] - C:\Users\cap2north\AppData\Roaming\Sun [22/07/2017 17:55:22] - |D| - [27474] - C:\Users\cap2north\AppData\Roaming\teamspeak2 [02/10/2017 08:07:49] - |D| - [1424712] - C:\Users\cap2north\AppData\Roaming\tiger-k [21/01/2018 21:21:32] - |D| - [4084319] - C:\Users\cap2north\AppData\Roaming\TomTom [03/03/2017 10:28:15] - |D| - [0] - C:\Users\cap2north\AppData\Roaming\Toshiba Corporation [04/08/2017 18:50:09] - |D| - [21239333] - C:\Users\cap2north\AppData\Roaming\uTorrent [21/03/2017 12:23:58] - |D| - [2050] - C:\Users\cap2north\AppData\Roaming\Virtuali [30/09/2017 11:58:08] - |D| - [89683] - C:\Users\cap2north\AppData\Roaming\vlc [03/10/2017 20:30:50] - |D| - [0] - C:\Users\cap2north\AppData\Roaming\Vso [02/03/2017 23:42:29] - |D| - [12] - C:\Users\cap2north\AppData\Roaming\WinRAR [11/07/2017 11:14:19] - |D| - [21502054] - C:\Users\cap2north\AppData\Roaming\Wise Registry Cleaner [02/03/2017 19:53:28] - |SH| - [174] - C:\Users\cap2north\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini [02/03/2017 19:53:18] - |RD| - [40834] - C:\Users\cap2north\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [04/08/2017 18:50:09] - |A| - [839] - C:\Users\cap2north\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk [02/03/2017 19:53:18] - |RD| - [14387] - C:\Users\cap2north\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [02/03/2017 19:53:28] - |RD| - [174] - C:\Users\cap2north\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [26/01/2018 20:59:58] - |D| - [776] - C:\Users\cap2north\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner [02/03/2017 19:53:28] - |SH| - [476] - C:\Users\cap2north\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini [29/01/2018 22:18:30] - |D| - [0] - C:\Users\cap2north\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DoremiSoft [22/12/2017 19:28:49] - |D| - [975] - C:\Users\cap2north\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ENB Series (FSX Ultra Relistic) [17/03/2018 20:13:37] - |D| - [4020] - C:\Users\cap2north\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flight One Software [22/07/2017 12:40:36] - |D| - [0] - C:\Users\cap2north\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [02/03/2017 19:53:29] - |A| - [1197] - C:\Users\cap2north\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [02/03/2017 19:53:18] - |RD| - [580] - C:\Users\cap2north\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [16/06/2018 17:04:52] - |D| - [5965] - C:\Users\cap2north\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner [22/07/2017 13:30:47] - |D| - [0] - C:\Users\cap2north\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Orbx [16/06/2018 17:05:21] - |D| - [6291] - C:\Users\cap2north\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner Statistics Server [22/12/2017 19:44:47] - |D| - [756] - C:\Users\cap2north\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Speccy [03/03/2017 09:56:00] - |D| - [1982] - C:\Users\cap2north\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Toshiba Corporation [02/03/2017 23:42:21] - |D| - [3255] - C:\Users\cap2north\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR ---------- | [Public] [14/07/2009 04:20:08] - |RHD| - [12506] - C:\Users\Public\Desktop [14/07/2009 05:54:24] - |ASH| - [174] - C:\Users\Public\desktop.ini [14/07/2009 04:20:08] - |RD| - [456] - C:\Users\Public\Documents [14/07/2009 04:20:08] - |RD| - [174] - C:\Users\Public\Downloads [14/07/2009 04:20:08] - |RHD| - [0] - C:\Users\Public\Favorites [14/07/2009 04:20:08] - |RHD| - [3992] - C:\Users\Public\Libraries [14/07/2009 04:20:08] - |RD| - [17440357] - C:\Users\Public\Music [14/07/2009 04:20:08] - |RD| - [7101480] - C:\Users\Public\Pictures [21/11/2010 08:16:58] - |RD| - [9699579] - C:\Users\Public\Recorded TV [14/07/2009 04:20:08] - |RD| - [26246732] - C:\Users\Public\Videos ---------- | C:\ProgramData [19/02/2018 19:07:30] - |D| - [23715] - C:\ProgramData\12bPilot [03/03/2017 10:53:15] - |D| - [260141776] - C:\ProgramData\Adobe [06/04/2018 11:39:53] - |D| - [170793] - C:\ProgramData\Alwil Software [26/01/2018 22:42:41] - |D| - [23815168] - C:\ProgramData\Apple [26/01/2018 22:42:50] - |D| - [28397568] - C:\ProgramData\Apple Computer [14/07/2009 06:08:56] - |SHD| - [0] - C:\ProgramData\Application Data [26/01/2018 21:01:14] - |D| - [368818] - C:\ProgramData\AVAST Software [03/10/2017 23:47:26] - |D| - [294531] - C:\ProgramData\Bitstream [30/09/2017 11:56:46] - |D| - [0] - C:\ProgramData\Canneverbe Limited [21/03/2017 11:55:50] - |D| - [1619428] - C:\ProgramData\Caphyon [06/04/2018 14:49:31] - |D| - [62674] - C:\ProgramData\Dbz5C1CB [14/07/2009 06:08:56] - |SHD| - [0] - C:\ProgramData\Desktop [14/07/2009 06:08:56] - |SHD| - [0] - C:\ProgramData\Documents [21/03/2017 11:48:05] - |D| - [1184520] - C:\ProgramData\Esellerate [06/02/2018 20:54:11] - |D| - [48786] - C:\ProgramData\F-Secure [14/07/2009 06:08:56] - |SHD| - [0] - C:\ProgramData\Favorites [04/03/2017 14:36:34] - |D| - [19708] - C:\ProgramData\FLEXnet [03/03/2017 09:44:44] - |D| - [36429667] - C:\ProgramData\Intel [03/10/2017 21:13:40] - |D| - [15849] - C:\ProgramData\IObit [02/10/2017 08:07:47] - |D| - [0] - C:\ProgramData\Leawo [26/01/2018 21:14:38] - |D| - [122] - C:\ProgramData\Licenses [02/10/2017 07:47:04] - |D| - [2820] - C:\ProgramData\LightScribe [01/08/2017 09:11:01] - |D| - [58608847] - C:\ProgramData\Lockheed Martin [04/08/2017 18:50:23] - |D| - [0] - C:\ProgramData\McAfee [14/07/2009 04:20:08] - |SD| - [1082753825] - C:\ProgramData\Microsoft [04/04/2017 19:20:06] - |D| - [55996] - C:\ProgramData\Microsoft Help [03/03/2017 17:20:46] - |A| - [105] - C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [02/10/2017 07:42:20] - |D| - [570971] - C:\ProgramData\Nero [02/03/2017 22:42:45] - |D| - [3724089] - C:\ProgramData\NVIDIA [02/03/2017 22:42:34] - |D| - [1097442659] - C:\ProgramData\NVIDIA Corporation [03/03/2017 10:56:17] - |D| - [72367951] - C:\ProgramData\Oracle [03/03/2017 10:25:15] - |D| - [73413562] - C:\ProgramData\Package Cache [03/10/2017 21:13:55] - |D| - [0] - C:\ProgramData\ProductData [10/10/2017 20:25:48] - |D| - [4278] - C:\ProgramData\Protexis64 [03/10/2017 23:05:39] - |D| - [1699] - C:\ProgramData\regid.1986-12.com.adobe [02/06/2017 20:16:53] - |D| - [41451520] - C:\ProgramData\Skype [04/03/2017 14:26:43] - |D| - [675123] - C:\ProgramData\SmartTechnology [14/07/2009 06:08:56] - |SHD| - [0] - C:\ProgramData\Start Menu [26/01/2018 21:14:38] - |AD| - [4] - C:\ProgramData\TEMP [14/07/2009 06:08:56] - |SHD| - [0] - C:\ProgramData\Templates [21/01/2018 21:21:45] - |D| - [34899] - C:\ProgramData\TomTom [03/03/2017 10:28:15] - |D| - [65] - C:\ProgramData\Toshiba Corporation [03/03/2017 09:15:14] - |D| - [2797] - C:\ProgramData\Unchecky [12/01/2018 18:47:47] - |D| - [0] - C:\ProgramData\Virtuali [03/10/2017 20:30:45] - |D| - [63213908] - C:\ProgramData\VSO [03/10/2017 21:13:41] - |D| - [0] - C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} ---------- | C:\ProgramData\Microsoft\Windows\Start Menu [14/07/2009 06:01:14] - |A| - [1282] - C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk [14/07/2009 05:49:40] - |ASH| - [442] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini [14/07/2009 04:20:08] - |RD| - [336463] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs [21/10/2017 17:19:02] - |D| - [4482] - C:\ProgramData\Microsoft\Windows\Start Menu\QualityWings [14/07/2009 05:49:40] - |A| - [1266] - C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs [14/07/2009 04:20:08] - |RD| - [41722] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories [11/04/2017 15:52:51] - |A| - [2441] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk [03/03/2017 10:53:39] - |A| - [2441] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk [14/07/2009 06:32:38] - |RD| - [21157] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [21/03/2017 11:31:04] - |D| - [79205] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aerosoft [26/01/2018 22:42:45] - |A| - [2519] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [03/03/2017 11:41:24] - |D| - [776] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [14/07/2009 05:54:23] - |SH| - [1130] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini [29/01/2018 22:18:30] - |D| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DoremiSoft [22/07/2017 14:27:38] - |D| - [2141] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flight One Software [21/03/2017 11:58:26] - |D| - [113] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlyTampa [21/06/2018 21:34:02] - |D| - [3273] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FS2Crew2012 [06/02/2018 21:59:09] - |D| - [11459] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FS2Crew2015 [24/02/2018 19:12:02] - |D| - [8440] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FsPassengersX [03/03/2017 16:19:40] - |D| - [1202] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games [16/06/2018 17:05:55] - |D| - [2521] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Geeks3D [07/04/2017 19:49:56] - |A| - [754] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk [03/02/2018 21:20:02] - |A| - [2044] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk [03/03/2017 09:44:44] - |RD| - [2150] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel [02/06/2017 19:10:54] - |D| - [2015] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility [25/04/2018 00:33:04] - |D| - [1762] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ISO to USB [22/07/2017 13:15:53] - |D| - [6813] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IVAO [03/03/2017 10:56:25] - |D| - [5993] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java [02/10/2017 08:07:35] - |D| - [22309] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack [14/07/2009 04:20:08] - |RD| - [4370] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance [01/03/2017 08:35:42] - |A| - [1345] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [06/04/2018 15:33:59] - |D| - [1027] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace [02/06/2017 20:47:07] - |D| - [28367] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [05/06/2017 21:32:09] - |A| - [1905] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [02/06/2017 20:13:26] - |D| - [1983] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [03/03/2017 09:58:37] - |D| - [2296] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC x64 [17/03/2018 11:58:22] - |A| - [1888] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR Genie.lnk [03/03/2017 15:03:17] - |D| - [696] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++ [02/03/2017 23:36:11] - |D| - [11830] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [03/03/2017 15:08:12] - |A| - [1044] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk [04/03/2017 14:48:58] - |D| - [6466] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PMDG Simulations [03/10/2017 23:51:03] - |D| - [3237] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO [26/01/2018 22:42:53] - |D| - [9169] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [22/07/2017 12:20:12] - |D| - [2694] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller [14/07/2009 05:57:08] - |A| - [767] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk [04/03/2017 14:26:43] - |D| - [5020] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Technology [16/06/2018 11:08:46] - |D| - [756] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy [22/07/2017 13:36:15] - |D| - [816] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Teamspeak2 RC2 [15/01/2018 21:26:17] - |D| - [2022] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tools [29/03/2018 22:42:45] - |A| - [712] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraDefrag.lnk [03/03/2017 09:15:14] - |D| - [1643] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky [07/02/2018 19:02:05] - |A| - [547] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uninstall .lnk [30/09/2017 11:58:01] - |D| - [4872] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [03/10/2017 20:30:49] - |D| - [6907] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO [14/07/2009 05:57:09] - |A| - [1352] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk [01/03/2017 08:35:42] - |A| - [765] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [14/07/2009 05:54:59] - |A| - [1210] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk [14/07/2009 05:57:06] - |A| - [986] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk [02/03/2017 23:42:21] - |D| - [3255] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [11/07/2017 11:13:47] - |D| - [890] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner [14/07/2009 05:57:08] - |A| - [1246] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk ---------- | E:\Program Files (x86) [19/02/2018 19:08:00] - |D| - [2605380] - E:\Program Files (x86)\Addon Manager [03/03/2017 10:53:35] - |D| - [283898271] - E:\Program Files (x86)\Adobe [15/01/2018 21:30:23] - |D| - [123226806] - E:\Program Files (x86)\AGEIA Technologies [15/02/2018 20:29:55] - |D| - [22774529] - E:\Program Files (x86)\AivlaSoft [01/02/2018 20:39:27] - |D| - [2743854] - E:\Program Files (x86)\Apple Software Update [14/04/2018 16:46:22] - |D| - [465485] - E:\Program Files (x86)\Athan [15/01/2018 21:30:27] - |D| - [451798291] - E:\Program Files (x86)\Common Files [14/07/2009 05:54:24] - |ASH| - [174] - E:\Program Files (x86)\desktop.ini [29/01/2018 22:18:30] - |D| - [0] - E:\Program Files (x86)\DoremiSoft [01/10/2017 22:11:29] - |D| - [0] - E:\Program Files (x86)\DVD Flick [15/01/2018 21:30:40] - |D| - [670822] - E:\Program Files (x86)\DX10SceneryFixer [05/02/2018 21:01:58] - |D| - [36505663] - E:\Program Files (x86)\effects [15/01/2018 21:30:40] - |D| - [393792] - E:\Program Files (x86)\Etron Technology [27/02/2018 21:18:58] - |D| - [7828576] - E:\Program Files (x86)\FlightSimLabs [30/01/2018 21:13:59] - |D| - [380] - E:\Program Files (x86)\FS Recorder for FSX [05/02/2018 21:01:59] - |D| - [25472] - E:\Program Files (x86)\gauges [16/06/2018 17:05:54] - |D| - [14703194] - E:\Program Files (x86)\Geeks3D [15/01/2018 21:30:40] - |D| - [427886674] - E:\Program Files (x86)\Google [15/01/2018 21:30:40] - |HD| - [758332261] - E:\Program Files (x86)\InstallShield Installation Information [15/01/2018 21:30:52] - |D| - [39171241] - E:\Program Files (x86)\Intel [15/01/2018 21:30:53] - |D| - [6297218] - E:\Program Files (x86)\Intel Driver Update Utility [16/06/2018 10:31:46] - |D| - [15604947] - E:\Program Files (x86)\Internet Download Manager [15/01/2018 21:30:54] - |D| - [10556401] - E:\Program Files (x86)\Internet Explorer [03/10/2017 21:13:35] - |D| - [16511744] - E:\Program Files (x86)\IObit [25/04/2018 00:33:04] - |D| - [5534583] - E:\Program Files (x86)\ISO to USB [15/01/2018 21:30:57] - |D| - [50] - E:\Program Files (x86)\IVT Corporation [15/01/2018 21:30:57] - |D| - [178958814] - E:\Program Files (x86)\Java [15/01/2018 21:31:04] - |D| - [47004325] - E:\Program Files (x86)\K-Lite Codec Pack [15/01/2018 21:31:07] - |D| - [39769547] - E:\Program Files (x86)\Microsoft Analysis Services [06/04/2018 15:33:58] - |D| - [9362570] - E:\Program Files (x86)\Microsoft Games for Windows - LIVE [04/04/2017 19:19:58] - |D| - [555350035] - E:\Program Files (x86)\Microsoft Office [15/01/2018 21:31:08] - |D| - [1527760] - E:\Program Files (x86)\Microsoft Security Client [15/01/2018 21:31:08] - |D| - [42892246] - E:\Program Files (x86)\Microsoft Silverlight [15/01/2018 21:31:11] - |D| - [890322] - E:\Program Files (x86)\Microsoft SQL Server [06/04/2018 15:33:34] - |D| - [11254757] - E:\Program Files (x86)\Microsoft XNA [15/01/2018 21:31:11] - |D| - [8175999] - E:\Program Files (x86)\Microsoft.NET [15/01/2018 21:31:11] - |D| - [25757] - E:\Program Files (x86)\MSBuild [16/06/2018 17:04:43] - |D| - [44341197] - E:\Program Files (x86)\MSI Afterburner [17/03/2018 11:58:12] - |D| - [129886844] - E:\Program Files (x86)\NETGEAR Genie [15/01/2018 21:31:11] - |D| - [307479196] - E:\Program Files (x86)\NVIDIA Corporation [21/10/2017 12:30:56] - |D| - [11] - E:\Program Files (x86)\OCCTPT [06/04/2018 15:34:32] - |D| - [809496] - E:\Program Files (x86)\OpenAL [15/01/2018 21:31:29] - |D| - [61685313] - E:\Program Files (x86)\PMDG Operations Center [03/10/2017 23:51:01] - |D| - [4085428] - E:\Program Files (x86)\PowerISO [26/01/2018 22:42:51] - |D| - [78148519] - E:\Program Files (x86)\QuickTime [15/01/2018 21:31:30] - |D| - [8413005] - E:\Program Files (x86)\Realtek [15/01/2018 21:31:31] - |D| - [36949761] - E:\Program Files (x86)\Reference Assemblies [16/06/2018 17:05:17] - |D| - [57177975] - E:\Program Files (x86)\RivaTuner Statistics Server [15/01/2018 21:31:33] - |D| - [9570763] - E:\Program Files (x86)\Saitek [05/02/2018 21:01:59] - |D| - [0] - E:\Program Files (x86)\SimObjects [21/01/2018 21:15:39] - |D| - [0] - E:\Program Files (x86)\TomTom DesktopSuite [15/01/2018 21:31:34] - |D| - [31383971] - E:\Program Files (x86)\Toshiba Corporation [02/10/2017 20:42:21] - |D| - [147704] - E:\Program Files (x86)\UltraISO [15/01/2018 21:31:38] - |D| - [5239468] - E:\Program Files (x86)\Unchecky [05/02/2018 21:01:58] - |A| - [85969] - E:\Program Files (x86)\Uninstal.exe [30/09/2017 11:57:55] - |D| - [129295970] - E:\Program Files (x86)\VideoLAN [03/10/2017 20:30:45] - |D| - [48723814] - E:\Program Files (x86)\VSO [30/03/2018 00:33:01] - |D| - [1735394] - E:\Program Files (x86)\VulkanRT [15/01/2018 21:31:41] - |D| - [512000] - E:\Program Files (x86)\Windows Defender [15/01/2018 21:31:41] - |D| - [6115840] - E:\Program Files (x86)\Windows Mail [15/01/2018 21:31:41] - |D| - [5008657] - E:\Program Files (x86)\Windows Media Player [15/01/2018 21:31:41] - |D| - [12061876] - E:\Program Files (x86)\Windows NT [15/01/2018 21:31:41] - |D| - [4394248] - E:\Program Files (x86)\Windows Photo Viewer [15/01/2018 21:31:42] - |D| - [189952] - E:\Program Files (x86)\Windows Portable Devices [15/01/2018 21:31:42] - |D| - [5990148] - E:\Program Files (x86)\Windows Sidebar [11/07/2017 11:13:45] - |D| - [8896988] - E:\Program Files (x86)\Wise ---------- | C:\Program Files [14/07/2009 04:20:08] - |D| - [54200367] - C:\Program Files\Common Files [14/07/2009 06:32:38] - |D| - [90245652] - C:\Program Files\DVD Maker [16/01/2018 19:13:13] - |D| - [11832] - C:\Program Files\Intel [14/07/2009 04:20:08] - |D| - [30252502] - C:\Program Files\Internet Explorer [05/06/2017 21:32:07] - |D| - [15247612] - C:\Program Files\Microsoft Security Client [14/07/2009 06:32:38] - |D| - [15849] - C:\Program Files\MSBuild [14/07/2009 06:32:38] - |D| - [34599107] - C:\Program Files\Reference Assemblies [14/07/2009 06:32:38] - |D| - [4016640] - C:\Program Files\Windows Defender [14/07/2009 04:20:08] - |D| - [6602240] - C:\Program Files\Windows Mail [14/07/2009 06:32:38] - |D| - [7665069] - C:\Program Files\Windows Media Player [14/07/2009 04:20:08] - |D| - [12491956] - C:\Program Files\Windows NT [14/07/2009 06:32:38] - |D| - [5492504] - C:\Program Files\Windows Photo Viewer [14/07/2009 06:32:38] - |D| - [244736] - C:\Program Files\Windows Portable Devices [14/07/2009 06:32:38] - |D| - [7040300] - C:\Program Files\Windows Sidebar ---------- | E:\Program Files (x86)\Common Files [15/01/2018 21:30:27] - |D| - [32520381] - E:\Program Files (x86)\Common Files\Adobe [15/01/2018 21:30:29] - |D| - [190200] - E:\Program Files (x86)\Common Files\Aimersoft [26/01/2018 22:42:41] - |D| - [66304366] - E:\Program Files (x86)\Common Files\Apple [15/01/2018 21:30:29] - |D| - [99992] - E:\Program Files (x86)\Common Files\DESIGNER [15/01/2018 21:30:29] - |D| - [1184520] - E:\Program Files (x86)\Common Files\eSellerate [15/01/2018 21:30:29] - |D| - [3355095] - E:\Program Files (x86)\Common Files\InstallShield [15/01/2018 21:30:29] - |D| - [48931724] - E:\Program Files (x86)\Common Files\Intel [15/01/2018 21:30:31] - |D| - [243682] - E:\Program Files (x86)\Common Files\Intel Corporation [19/04/2018 22:21:43] - |D| - [1948384] - E:\Program Files (x86)\Common Files\Java [15/01/2018 21:30:31] - |D| - [12559] - E:\Program Files (x86)\Common Files\LightScribe [15/01/2018 21:30:31] - |D| - [1046233] - E:\Program Files (x86)\Common Files\Macrovision Shared [15/01/2018 21:30:31] - |D| - [44483] - E:\Program Files (x86)\Common Files\Microsoft Games [15/01/2018 21:30:31] - |D| - [208550056] - E:\Program Files (x86)\Common Files\microsoft shared [19/04/2018 22:21:29] - |D| - [1369776] - E:\Program Files (x86)\Common Files\Oracle [15/01/2018 21:30:38] - |D| - [2702] - E:\Program Files (x86)\Common Files\Services [15/01/2018 21:30:38] - |D| - [41103783] - E:\Program Files (x86)\Common Files\SpeechEngines [15/01/2018 21:30:38] - |D| - [10765555] - E:\Program Files (x86)\Common Files\System [15/01/2018 21:30:39] - |D| - [34124800] - E:\Program Files (x86)\Common Files\Wise Installation Wizard ---------- | C:\Program Files\Common files [14/07/2009 04:20:08] - |D| - [41445948] - C:\Program Files\Common files\Microsoft Shared [14/07/2009 04:20:08] - |D| - [608768] - C:\Program Files\Common files\SpeechEngines [14/07/2009 04:20:08] - |D| - [12145651] - C:\Program Files\Common files\System ---------- | Tasks [MD5.00000000000000000000000000000000] - [03/10/2017 22:48:32] - |D| - [0] - C:\Windows\Tasks\ImCleanDisabled [MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [14/07/2009 06:08:49] - |AH| - [6] - C:\Windows\Tasks\SA.DAT [MD5.FD8376CC3F007B20CAD4753FCEC14543] - [14/07/2009 06:08:49] - |A| - [32600] - C:\Windows\Tasks\SCHEDLGU.TXT [MD5.65FF78EDDD84600EC10CFEF0DD25F712] - [03/03/2017 10:53:50] - |A| - [4476] - C:\Windows\System32\Tasks\Adobe Acrobat Update Task : E:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [MD5.01856A3414E844F4675E3819CA88C1DE] - [12/09/2017 11:44:57] - |A| - [4490] - C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier : C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_113_pepper.exe [MD5.945B206B6133B1ACA21AFA1DE7C0DE76] - [03/03/2017 10:55:41] - |A| - [4312] - C:\Windows\System32\Tasks\Adobe Flash Player Updater : C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [MD5.00000000000000000000000000000000] - [01/02/2018 20:39:27] - |D| - [3370] - C:\Windows\System32\Tasks\Apple [MD5.ABE74933F6B9E10D328FA865C4F96F13] - [26/01/2018 20:59:58] - |A| - [4128] - C:\Windows\System32\Tasks\CCleaner Update : E:\Program Files\CCleaner\CCUpdate.exe [MD5.0C244470301C423C5A90E499D3773C25] - [03/03/2017 11:41:24] - |A| - [2806] - C:\Windows\System32\Tasks\CCleanerSkipUAC : "E:\Program Files\CCleaner\CCleaner.exe" [MD5.136FD144850591B1CF8E312B173AC84A] - [03/02/2018 21:08:06] - |A| - [3148] - C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore : E:\Program Files (x86)\Google\Update\GoogleUpdate.exe [MD5.2AED6B276B6FC6584BF36C986A437000] - [03/02/2018 21:08:06] - |A| - [3276] - C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA : E:\Program Files (x86)\Google\Update\GoogleUpdate.exe [MD5.00000000000000000000000000000000] - [02/06/2017 19:10:21] - |D| - [4118] - C:\Windows\System32\Tasks\Intel [MD5.00000000000000000000000000000000] - [14/07/2009 04:20:13] - |D| - [268230] - C:\Windows\System32\Tasks\Microsoft [MD5.5CFF2BD6BDD4CCF68B013886F09426B8] - [20/03/2018 22:04:22] - |A| - [3940] - C:\Windows\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : E:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [MD5.FADF4FE680971E33F7EA0869221D05B0] - [03/03/2017 14:57:16] - |A| - [4146] - C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : E:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [MD5.74EBA05B6063417982B258198A70759B] - [01/06/2018 18:58:02] - |A| - [3790] - C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : "E:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe" [MD5.7E37021307540D0FF1C612E9ED2AFD43] - [01/06/2018 18:58:02] - |A| - [3798] - C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : E:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [MD5.B34705659B8E43E0AAD0C3CEAF2FF2AC] - [03/03/2017 10:57:57] - |A| - [3738] - C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : E:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [MD5.3041B99967AEA72709331CC7023C4966] - [03/03/2017 10:57:57] - |A| - [3494] - C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : E:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [MD5.25A73A1E0DAD0D6F68EAAF7B428A8DE5] - [03/03/2017 10:57:57] - |A| - [3730] - C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : E:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [MD5.41B1ADEBB1772F91DA0A25EA8A557EDE] - [01/06/2018 18:57:29] - |A| - [3792] - C:\Windows\System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : E:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [MD5.A73D755D3F7945AB7B1E145923281A18] - [01/06/2018 18:57:29] - |A| - [3792] - C:\Windows\System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : E:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [MD5.D5854A183AF8CEA02796253EF1188EA9] - [01/06/2018 18:57:29] - |A| - [3792] - C:\Windows\System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : E:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [MD5.300B34785C17FC4AEEB1D987E662E7A5] - [03/03/2017 10:57:57] - |A| - [3738] - C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : E:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [MD5.00000000000000000000000000000000] - [04/04/2017 19:20:03] - |D| - [4728] - C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform [MD5.4A54A265FF00A55FCFEE7504BD6F4DBF] - [02/06/2017 19:10:18] - |A| - [3210] - C:\Windows\System32\Tasks\USER_ESRV_SVC_QUEENCREEK : "C:\Windows\System32\Wscript.exe" [MD5.00000000000000000000000000000000] - [11/07/2017 11:13:47] - |D| - [3288] - C:\Windows\System32\Tasks\WiseCleaner [MD5.00000000000000000000000000000000] - [14/07/2009 06:09:57] - |D| - [4492] - C:\Windows\System32\Tasks\WPD [MD5.D9E8354433B20CC49D87840C700B4DF4] - [16/01/2018 19:45:52] - |A| - [3196] - C:\Windows\System32\Tasks\{BD5A7306-0C9F-4A46-B490-C523796E60E8} : C:\Windows\system32\pcalua.exe [MD5.00000000000000000000000000000000] - [14/07/2009 04:20:14] - |D| - [0] - C:\Windows\Syswow64\Tasks\Microsoft ---------- | Firewall [HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules] "Netlogon-NamedPipe-In"=v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|Name=@netlogon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010| "{234BB2B5-2321-4541-A8DC-CE6E2E535705}"=v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=808|App=C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe|Svc=NetTcpActivator|Name=@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelEvents.dll,-2000|Desc=@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelEvents.dll,-2001|EmbedCtxt=@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelEvents.dll,-2002| "{CDFD24CA-47DB-494A-9244-CB34ADD06C68}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Users\cap2north\AppData\Roaming\uTorrent\uTorrent.exe|Name=μTorrent (TCP-In)|Desc=Allow μTorrent network traffic with Edge Traversal|Edge=TRUE| "{E9196695-F22E-497B-8FBE-2AFEDA14521B}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Users\cap2north\AppData\Roaming\uTorrent\uTorrent.exe|Name=μTorrent (UDP-In)|Desc=Allow μTorrent network traffic with Edge Traversal|Edge=TRUE| "{2A72F091-C928-4531-9FDF-696A256CCE76}"=v2.10|Action=Allow|Active=TRUE|Dir=In|App=E:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe|Name=WebKit|Edge=TRUE| "TCP Query User{0825CEA3-2DB8-4EA3-80C3-44E12AE04A78}E:\program files (x86)\aivlasoft\efb\aivlasoft.efb.dataprovider.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=E:\program files (x86)\aivlasoft\efb\aivlasoft.efb.dataprovider.exe|Name=Electronic Flight Bag - DataProvider|Desc=Electronic Flight Bag - DataProvider|Defer=User| "UDP Query User{FA28A6BC-869B-42AD-9FA0-8ECE48E748AC}E:\program files (x86)\aivlasoft\efb\aivlasoft.efb.dataprovider.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=E:\program files (x86)\aivlasoft\efb\aivlasoft.efb.dataprovider.exe|Name=Electronic Flight Bag - DataProvider|Desc=Electronic Flight Bag - DataProvider|Defer=User| "TCP Query User{1DBB21ED-1BE1-47D5-9AB9-E1E2B17096BD}D:\program files (x86)\microsoft games\microsoft flight simulator x\fsx.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=D:\program files (x86)\microsoft games\microsoft flight simulator x\fsx.exe|Name=Microsoft Flight Simulator®|Desc=Microsoft Flight Simulator®|Defer=User| "UDP Query User{F101E32E-FEBB-4CB9-92F7-A3F089666130}D:\program files (x86)\microsoft games\microsoft flight simulator x\fsx.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=D:\program files (x86)\microsoft games\microsoft flight simulator x\fsx.exe|Name=Microsoft Flight Simulator®|Desc=Microsoft Flight Simulator®|Defer=User| "TCP Query User{D2DF4C14-E6B2-4DF4-B6D6-CB84F6B820D1}E:\program files (x86)\netgear genie\bin\netgeargenie.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=E:\program files (x86)\netgear genie\bin\netgeargenie.exe|Name=NETGEAR Genie|Desc=NETGEAR Genie|Defer=User| "UDP Query User{A11AB9C9-97BC-4EC9-AD96-9B78AE1089C7}E:\program files (x86)\netgear genie\bin\netgeargenie.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=E:\program files (x86)\netgear genie\bin\netgeargenie.exe|Name=NETGEAR Genie|Desc=NETGEAR Genie|Defer=User| "TCP Query User{C2E91642-4713-4173-9F6F-5851D9D51983}E:\program files (x86)\netgear genie\bin\netgeargenie.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=E:\program files (x86)\netgear genie\bin\netgeargenie.exe|Name=NETGEAR Genie|Desc=NETGEAR Genie|Defer=User| "UDP Query User{AF10A195-7577-4DDC-9F2F-4A7234174250}E:\program files (x86)\netgear genie\bin\netgeargenie.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=E:\program files (x86)\netgear genie\bin\netgeargenie.exe|Name=NETGEAR Genie|Desc=NETGEAR Genie|Defer=User| "{4596C84D-FA0E-4326-9CEB-71F601913E4D}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=E:\Program Files (x86)\Google\Chrome\Application\chrome.exe|Name=Google Chrome (mDNS-In)|Desc=Règle de trafic entrant pour Google Chrome autorisant le trafic mDNS|EmbedCtxt=Google Chrome| ---------- | Control\Class [HKLM\SYSTEM\CurrentControlSet\Control\Class\{0475BB51-5A02-4EE0-B36C-29040FAD2650}] : (nvlddmkm) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1264760F-A5C8-4BFE-B314-D56A7B44A362}] : (DXGKrnl) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{25DBCE51-6C8F-4A72-8A6D-B54C2B4FC835}] : (WCEUSBS) [] -> @%SystemRoot%\System32\SysClass.Dll,-3026 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{36FC9E60-C465-11CF-8056-444553540000}] : (USB) [] -> @%SystemRoot%\System32\SysClass.Dll,-3025 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4116F60B-25B3-4662-B732-99A6111EDC0B}] : (IPMIDRV) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{43675D81-502A-4A82-9F84-B75F418C5DEA}] : (Media Center Extender) [] -> @%SystemRoot%\system32\McxDriv.dll,-100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4658EE7E-F050-11D1-B6BD-00C04FA372A7}] : (PnpPrinters) [] -> @%systemroot%\system32\ntprint.dll,-1300 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{48721B56-6795-11D2-B1A8-0080C72E74A2}] : (Dot4) [] -> @%SystemRoot%\system32\sysclass.dll,-3023 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{49CE6AC8-6F86-11D2-B1E5-0080C72E74A2}] : (Dot4Print) [] -> @%SystemRoot%\system32\sysclass.dll,-3024 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}] : (CDROM) [] -> @%SystemRoot%\System32\StorProp.dll,-17001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E966-E325-11CE-BFC1-08002BE10318}] : (Computer) [] -> @%SystemRoot%\System32\SysClass.dll,-3000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}] : (DiskDrive) [] -> @%SystemRoot%\System32\StorProp.dll,-17000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}] : (Display) [] -> @DispCI.dll,-3100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}] : (fdc) [] -> @%SystemRoot%\System32\SysClass.Dll,-3013 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}] : (hdc) [] -> @%SystemRoot%\System32\SysClass.Dll,-3001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}] : (Keyboard) [] -> @%SystemRoot%\System32\SysClass.Dll,-3002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96C-E325-11CE-BFC1-08002BE10318}] : (MEDIA) [] -> @mmci.dll,-3000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}] : (Modem) [] -> @%SystemRoot%\System32\mdminst.dll,-14100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}] : (Monitor) [] -> @Montr_CI.dll,-3100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96F-E325-11CE-BFC1-08002BE10318}] : (Mouse) [] -> @%SystemRoot%\System32\SysClass.Dll,-3004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E970-E325-11CE-BFC1-08002BE10318}] : (MTD) [] -> @SysClass.Dll,-3021 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E971-E325-11CE-BFC1-08002BE10318}] : (MultiFunction) [] -> @%SystemRoot%\System32\SysClass.Dll,-3014 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}] : (Net) [] -> @NetCfgx.dll,-1502 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E973-E325-11CE-BFC1-08002BE10318}] : (NetClient) [] -> @NetCfgx.dll,-1504 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E974-E325-11CE-BFC1-08002BE10318}] : (NetService) [] -> @NetCfgx.dll,-1505 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E975-E325-11CE-BFC1-08002BE10318}] : (NetTrans) [] -> @NetCfgx.dll,-1503 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E977-E325-11CE-BFC1-08002BE10318}] : (PCMCIA) [] -> @%SystemRoot%\System32\SysClass.Dll,-3010 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E978-E325-11CE-BFC1-08002BE10318}] : (Ports) [] -> @%SystemRoot%\System32\msports.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E979-E325-11CE-BFC1-08002BE10318}] : (Printer) [] -> @%systemroot%\system32\ntprint.dll,-1004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}] : (SCSIAdapter) [] -> @%SystemRoot%\System32\SysClass.Dll,-3005 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E97D-E325-11CE-BFC1-08002BE10318}] : (System) [] -> @%SystemRoot%\System32\SysClass.Dll,-3008 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E97E-E325-11CE-BFC1-08002BE10318}] : (Unknown) [] -> @%SystemRoot%\System32\SysClass.Dll,-3009 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}] : (FloppyDisk) [] -> @%SystemRoot%\System32\SysClass.Dll,-3015 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50127DC3-0F36-415E-A6CC-4CB3BE910B65}] : (Processor) [] -> @%SystemRoot%\system32\procinst.dll,-100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50906CB8-BA12-11D1-BF5D-0000F805F530}] : (MultiPortSerial) [] -> @%SystemRoot%\system32\sysclass.dll,-3022 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5099944A-F6B9-4057-A056-8C550228544C}] : (Memory) [] -> @%SystemRoot%\System32\SysClass.Dll,-3018 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50DD5230-BA8A-11D1-BF5D-0000F805F530}] : (SmartCardReader) [] -> @StorProp.dll,-17002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5175D334-C371-4806-B3BA-71FD53C9258D}] : (Sensor) [] -> @%systemroot%\system32\SensorsCpl.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] : (VolumeSnapshot) [] -> @%SystemRoot%\System32\SysClass.Dll,-3011 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53D29EF7-377C-4D14-864B-EB3A85769359}] : (BiometricDevice) [] -> @%SystemRoot%\System32\SysClass.DLL,-3028 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{678DCF40-E2E6-11D5-8CD5-E960089EA00A}] : (Programming Support) [] -> @oem16.inf,%CLASSNAME%;Programming Support [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] : (1394) [] -> @%SystemRoot%\System32\SysClass.Dll,-3016 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC5-810F-11D0-BEC7-08002BE2092F}] : (Infrared) [] -> @NetCfgx.dll,-1501 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}] : (Image) [] -> @%systemroot%\system32\sti_ci.dll,-52 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6D807884-7D21-11CF-801C-08002BE10318}] : (TapeDrive) [] -> @%SystemRoot%\System32\SysClass.Dll,-3006 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6FAE73B7-B735-4B50-A0DA-0DC2484B1F1A}] : (nvlddmkm) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] : (Volume) [] -> @%SystemRoot%\System32\SysClass.Dll,-3007 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{72631E54-78A4-11D0-BCF7-00AA00B7B32A}] : (Battery) [] -> @%SystemRoot%\system32\batt.dll,-100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] : (HIDClass) [] -> @hid.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{78A1C341-4539-11D3-B88D-00C04FAD5171}] : (mfesapsn) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{7EBEFBC0-3200-11D2-B4C2-00A0C9697D07}] : (61883) [] -> @%SystemRoot%\System32\SysClass.Dll,-3019 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8ECC055D-047F-11D1-A537-0000F8753ED1}] : (LegacyDriver) [] -> @%SystemRoot%\System32\SysClass.Dll,-3003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{990A2BD7-E738-46C7-B26F-1CF8FB9F1391}] : (SmartCard) [] -> @sccls.dll,-300 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{997B5D8D-C442-4F2E-BAF3-9C8E671E9E21}] : (SideShow) [] -> @%systemroot%\system32\AuxiliaryDisplayClassInstaller.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{9B21FD3A-B1AB-4EB9-956F-E56ACFE78BCE}] : (Bluetooth Device) [] -> @oem40.inf,%BTUSBClassName%;Bluetooth USB [HKLM\SYSTEM\CurrentControlSet\Control\Class\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] : (SDHost) [] -> @%SystemRoot%\System32\SysClass.Dll,-3012 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{A3E32DBA-BA89-4F17-8386-2D0127FBD4CC}] : (rdpbus) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{A73C93F1-9727-4D1D-ACE1-0E333BA4E7DB}] : (nvlddmkm) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{ADE3BF14-6E52-40CC-9FCA-C513ECD959FD}] : (Programming Support Devices) [] -> @oem30.inf,%CLASSNAME%;Programming Support Devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{BC103702-DD72-406F-9B28-95C868337B59}] : (Transfer Cable) [] -> @%SystemRoot%\System32\migwiz\migres.dll,-20 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{C06FF265-AE09-48F0-812C-16753D7CBA83}] : (AVC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3027 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{CE5939AE-EBDE-11D0-B181-0000F8753EC4}] : (MediumChanger) [] -> @%SystemRoot%\System32\StorProp.dll,-17003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{D2DE069D-7286-420B-BAF8-225D700CE748}] : (Bluetooth Device) [] -> @oem44.inf,%BtBusClassName%;Bluetooth Device [HKLM\SYSTEM\CurrentControlSet\Control\Class\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] : (SBP2) [] -> @%SystemRoot%\System32\SysClass.Dll,-3017 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{D61CA365-5AF4-4486-998B-9DB4734C6CA3}] : (XnaComposite) [] -> @%SystemRoot%\system32\XInput9_1_0.dll,-1000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] : (SecurityDevices) [] -> @%SystemRoot%\System32\SysClass.Dll,-3020 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{DB4F6DDD-9C0E-45E4-9597-78DBBAD0F412}] : (SmartCardFilter) [] -> @sccls.dll,-301 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{E0CBF06C-CD8B-4647-BB8A-263B43F0F974}] : (Bluetooth) [] -> @%SystemRoot%\system32\bthci.dll,-4001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}] : (WPD) [] -> @wpd_ci.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5] -> elstrans.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) ---------- | Loaded modules (whitelist) [03/03/2017 14:48:02] - (4.7.0.0) - (PowerISO Computing, Inc. - PowerISO Virtual Drive) - C:\Windows\System32\Drivers\SCDEmu.SYS [30/03/2018 00:31:08] - (23.21.13.9135) - (NVIDIA Corporation - NVIDIA Windows Kernel Mode Driver, Version 391.35) - C:\Windows\system32\DRIVERS\nvlddmkm.sys [06/04/2018 15:08:52] - (10.0.0.352) - (Qualcomm Atheros Communications, Inc. - Qualcomm Atheros Extensible Wireless LAN device driver) - C:\Windows\system32\DRIVERS\athrx.sys [03/03/2017 09:37:33] - (0.0.0.119) - (Etron Technology Inc - Etron eXtensible Host Controller Driver.) - C:\Windows\System32\Drivers\EtronXHCI.sys [23/09/2015 10:36:48] - (7.0.44.1) - (Saitek - Smart Technology Helpers) - C:\Windows\system32\drivers\SaiBus.sys [29/01/2018 21:41:57] - (4.6.0.0) - (NVIDIA Corporation - NVIDIA Virtual Audio Driver) - C:\Windows\system32\drivers\nvvad64v.sys [01/06/2018 18:56:40] - (202.0.0.0) - (NVIDIA Corporation - Virtual USB Host Controller driver) - C:\Windows\system32\DRIVERS\nvvhci.sys [03/03/2017 09:37:33] - (0.0.0.119) - (Etron Technology Inc - Etron eXtensible Hub Driver.) - C:\Windows\System32\Drivers\EtronHub3.sys [23/09/2015 10:36:48] - (7.0.44.1) - (Saitek - Saitek Magic Mini Driver) - C:\Windows\system32\DRIVERS\SaiMini.sys [30/03/2018 00:31:08] - (1.3.36.6) - (NVIDIA Corporation - NVIDIA HDMI Audio Driver) - C:\Windows\system32\drivers\nvhda64v.sys [19/12/2012 08:42:10] - (0.0.0.0) - ( -) - C:\Windows\system32\DRIVERS\t_mouse.sys [12/04/2018 23:12:52] - (5.1.2.253) - (Adobe Systems Incorporated - Windows NT OpenType/Type 1 Font Driver) - C:\Windows\System32\ATMFD.DLL [17/03/2018 11:58:18] - (4.1.0.2001) - (CACE Technologies, Inc. - npf.sys (NT5/6 AMD64) Kernel Driver) - C:\Windows\system32\drivers\npf.sys ---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service R0 - [Kernel Driver] - ACPI (Microsoft ACPI Driver) -> system32\drivers\ACPI.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - amdxata () -> system32\drivers\amdxata.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - atapi (IDE Channel) -> system32\drivers\atapi.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - CLFS (@%SystemRoot%\system32\clfs.sys,-100) -> System32\CLFS.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - CNG () -> System32\Drivers\cng.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - Disk (Disk Driver) -> system32\drivers\disk.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) -> system32\drivers\fileinfo.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) -> system32\drivers\fltmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) -> System32\DRIVERS\fvevol.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) -> System32\drivers\hwpolicy.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - iaStorA () -> system32\DRIVERS\iaStorA.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - iaStorF () -> system32\DRIVERS\iaStorF.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - KSecDD () -> System32\Drivers\ksecdd.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - KSecPkg () -> System32\Drivers\ksecpkg.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) -> System32\drivers\mountmgr.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - MpFilter (Microsoft Malware Protection Driver) -> system32\DRIVERS\MpFilter.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - msahci () -> system32\drivers\msahci.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - msisadrv () -> system32\drivers\msisadrv.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - Mup (@%systemroot%\system32\drivers\mup.sys,-101) -> System32\Drivers\mup.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) -> system32\drivers\ndis.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) -> System32\drivers\partmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - pci (PCI Bus Driver) -> system32\drivers\pci.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - pcw (Performance Counters for Windows Driver) -> System32\drivers\pcw.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - rdyboost (ReadyBoost) -> System32\drivers\rdyboost.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - spldr (Security Processor Loader Driver) -> (?) - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - storflt (@%SystemRoot%\system32\vmstorfltres.dll,-1000) -> system32\drivers\vmstorfl.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - Tcpip (@%SystemRoot%\system32\tcpipcfg.dll,-50003) -> System32\drivers\tcpip.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - vdrvroot (Microsoft Virtual Drive Enumerator Driver) -> system32\drivers\vdrvroot.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volmgr (Volume Manager Driver) -> system32\drivers\volmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) -> System32\drivers\volmgrx.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volsnap (Storage volumes) -> system32\drivers\volsnap.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) -> system32\drivers\Wdf01000.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) -> \SystemRoot\system32\drivers\afd.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Beep (Beep) -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - blbdrive () -> system32\DRIVERS\blbdrive.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - cdrom (CD-ROM Driver) -> system32\DRIVERS\cdrom.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - CSC (@%systemroot%\system32\cscsvc.dll,-202) -> system32\drivers\csc.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - DfsC (@%systemroot%\system32\drivers\dfsc.sys,-101) -> System32\Drivers\dfsc.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - discache (@%systemroot%\system32\drivers\discache.sys,-102) -> System32\drivers\discache.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - Msfs () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - mssmbios (Microsoft System Management BIOS Driver) -> \SystemRoot\system32\drivers\mssmbios.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - NetBIOS (NetBIOS Interface) -> system32\DRIVERS\netbios.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - NetBT (@%SystemRoot%\system32\drivers\netbt.sys,-2) -> System32\DRIVERS\netbt.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - Npfs () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) -> system32\drivers\nsiproxy.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Null () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Psched (@%SystemRoot%\System32\drivers\pacer.sys,-101) -> system32\DRIVERS\pacer.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) -> system32\DRIVERS\rdbss.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - RDPCDD (@%systemroot%\system32\DRIVERS\RDPCDD.sys,-100) -> System32\DRIVERS\RDPCDD.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - RDPENCDD (@%systemroot%\system32\drivers\RDPENCDD.sys,-101) -> system32\drivers\rdpencdd.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - RDPREFMP (@%systemroot%\system32\drivers\RdpRefMp.sys,-101) -> system32\drivers\rdprefmp.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - SCDEmu () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Serial (Serial port driver) -> system32\DRIVERS\serial.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) -> system32\DRIVERS\tdx.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - TermDD (Terminal Device Driver) -> \SystemRoot\system32\drivers\termdd.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - VgaSave () -> \SystemRoot\System32\drivers\vga.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - vwififlt (Virtual WiFi Filter Driver) -> system32\DRIVERS\vwififlt.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Wanarpv6 (@%systemroot%\system32\rascfg.dll,-32012) -> system32\DRIVERS\wanarp.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - WfpLwf (WFP Lightweight Filter) -> system32\DRIVERS\wfplwf.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - lltdio (Link-Layer Topology Discovery Mapper I/O Driver) -> system32\DRIVERS\lltdio.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) -> \SystemRoot\system32\drivers\luafv.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - NPF (NetGroup Packet Filter Driver) -> \??\C:\Windows\system32\drivers\npf.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - PEAUTH (PEAUTH) -> system32\drivers\peauth.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - rspndr (Link-Layer Topology Discovery Responder) -> system32\DRIVERS\rspndr.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - tcpipreg (TCP/IP Registry Compatibility) -> System32\drivers\tcpipreg.sys - AcceptPause: False - AcceptStop: True ---------- | System files (Microsoft|Avast|Atheros|Adaptec|Brother|Intel Files whitelisted) [MD5.07F7F501AD50DE2BA2D5842D9B6D6155] - [04/10/2017 00:00:32] - (.© 2004 Macrovision Corporation - Macrovision SECURITY Driver.) - [159.81 Ko] - (4.0.60.0) - C:\Windows\Syswow64\Drivers\SECDRV.SYS ---------- | Uninstall (Whitelist) [HKU\S-1-5-21-2606610235-3133232790-489272381-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\737 Immersion] : (737 Immersion.-.) -> D:\Program Files (x86)\Uninstal.exe [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Application Mover (x64 Shareware)_is1] : (Application Mover (x64).-.Funduc Software Inc.) -> "e:\Program Files\AppMove\unins000.exe" ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\GIMP-2_is1] : (GIMP 2.8.10.-.The GIMP Team) -> "e:\Program Files\GIMP 2\uninst\unins000.exe" [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\HashTab] : (HashTab 6.0.0.34.-.Implbits Software) -> E:\Program Files\HashTab Shell Extension\uninst.exe [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{27DEA29A-222C-45F8-B70D-0A7B303FC71B}] : (Intel(R) Rapid Storage Technology.-.Intel Corporation) -> MsiExec.exe /I{27DEA29A-222C-45F8-B70D-0A7B303FC71B} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{50B1B4A6-746B-4706-A50D-8FBA9C086375}] : (Smart Technology Programming Software 7.0.44.1.-.Mad Catz) -> MsiExec.exe /X{50B1B4A6-746B-4706-A50D-8FBA9C086375} ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{7565710A-C97D-44A4-A030-768957F9F2C1}] : (...-.Intel) -> MsiExec.exe /I{7565710A-C97D-44A4-A030-768957F9F2C1} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{918582C7-0F0E-4FA1-A49C-65CA9864DDD8}] : (Saitek ProFlight Fsx Plugin 7.0.50.1.-.Saitek) -> MsiExec.exe /X{918582C7-0F0E-4FA1-A49C-65CA9864DDD8} ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel] : (NVIDIA Ansel.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel] : (NVIDIA Control Panel 391.35.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update] : (NVIDIA Update 31.2.0.0.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer] : (DisplayDriverAnalyzer.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv] : (NVIDIA SHIELD Streaming.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer] : (NVIDIA Install Application.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvBackend] : (NVIDIA Backend.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer] : (NVIDIA Container.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.ContainerTelemetryApiHelper] : (NVIDIA TelemetryApi helper for NvContainer.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.LocalSystem] : (NVIDIA LocalSystem Container.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.MessageBus] : (NVIDIA Message Bus for NvContainer.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NetworkService] : (NVIDIA NetworkService Container.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.Session] : (NVIDIA Session Container.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.User] : (NVIDIA User Container.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainer] : (NVIDIA Display Container.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainerLS] : (NVIDIA Display Container LS.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayPluginWatchdog] : (NVIDIA Display Watchdog Plugin.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplaySessionContainer] : (NVIDIA Display Session Container.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs] : (NVIDIA NodeJS.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvPlugin.Watchdog] : (NVIDIA Watchdog Plugin for NvContainer.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry] : (NVIDIA Telemetry Client.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetryContainer] : (NVIDIA Telemetry Container.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci] : (NVIDIA Virtual Host Controller.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_OSC] : (Nvidia Share.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay] : (NVIDIA ShadowPlay 3.14.0.139.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController] : (NVIDIA SHIELD Wireless Controller Driver.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core] : (NVIDIA Update Core.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver] : (NVIDIA Virtual Audio 4.06.0.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{CDCB07E6-AF55-4BF2-8908-46C93B8BFD1C}] : (Intel(R) ME UninstallLegacy.-.Intel Corporation) -> MsiExec.exe /I{CDCB07E6-AF55-4BF2-8908-46C93B8BFD1C} ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{D5D7A32F-831F-457F-95E8-812B279ED7FF}] : (Intel(R) Management Engine Components.-.Intel Corporation) -> MsiExec.exe /I{D5D7A32F-831F-457F-95E8-812B279ED7FF} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{E8FA8815-3817-4128-A814-E2EAC456ADF0}] : (paint.net.-.dotPDN LLC) -> MsiExec.exe /X{E8FA8815-3817-4128-A814-E2EAC456ADF0} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{EF8C0CD8-DEB3-4AD5-A4C2-45C270EFC6EA}] : (Flight Yoke System.-.Logitech) -> MsiExec.exe /I{EF8C0CD8-DEB3-4AD5-A4C2-45C270EFC6EA} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Ground Environment X Africa-Middle East1.0] : (Ground Environment X Africa-Middle East.-.Flight One Software) -> "D:\Program Files (x86)\Ground Environment X Africa-Middle East\uninstall.exe" "/U:d:\Program Files (x86)\Ground Environment X Africa-Middle East\Uninstall\uninstall.xml" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Ground Environment X Europe] : (Ground Environment X Europe.-.) -> D:\gexeurope\UninstalEurope.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield Uninstall Information] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IvAp-v2_is1] : (IvAp v2.0.2 (build 2773).-.IVAO) -> "d:\Program Files (x86)\IVAO\IvAp v2\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\RTMshadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}] : (Flight Simulator X.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SP1shadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}] : (Flight Simulator X Service Pack 1.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Teamspeak 2 RC2_is1] : (TeamSpeak 2 RC2.-.Dominating Bytes Design) -> "d:\Program Files (x86)\IVAO\IvAp v2\ts2\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\UNetbootin] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Wise Registry Cleaner_is1] : (Wise Registry Cleaner 9.45.-.WiseCleaner.com, Inc.) -> "e:\Program Files (x86)\Wise\Wise Registry Cleaner\unins000.exe" ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{08D2E121-7F6A-43EB-97FD-629B44903403}] : (Microsoft_VC90_CRT_x86.-.Adobe) -> MsiExec.exe /I{08D2E121-7F6A-43EB-97FD-629B44903403} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1C4551A6-4743-4093-91E4-1477CD655043}] : (NVIDIA PhysX.-.NVIDIA Corporation) -> MsiExec.exe /X{1C4551A6-4743-4093-91E4-1477CD655043} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F32180171F0}] : (Java 8 Update 171.-.Oracle Corporation) -> MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F32180171F0} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{3449D0CA-9D99-472B-B36C-A32A58AF18F5}] : (SSD Utility.-.Toshiba Corporation) -> MsiExec.exe /X{3449D0CA-9D99-472B-B36C-A32A58AF18F5} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{46F044A5-CE8B-4196-984E-5BD6525E361D}] : (Apple Application Support.-.Apple Inc.) -> MsiExec.exe /I{46F044A5-CE8B-4196-984E-5BD6525E361D} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}] : (Java Auto Updater.-.Oracle Corporation) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{56EC47AA-5813-4FF6-8E75-544026FBEA83}] : (Apple Software Update.-.Apple Inc.) -> MsiExec.exe /I{56EC47AA-5813-4FF6-8E75-544026FBEA83} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{582876EC-A178-44D4-9823-C10D6C62EAFF}] : (.-.) -> MsiExec /X{1C4551A6-4743-4093-91E4-1477CD655043} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}] : (Google Update Helper.-.Google Inc.) -> MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{7E3D3BC6-D640-410A-BA62-CF8F4E257AEC}] : (NDSoft Constantine X Version 1.00.-.NDSoft) -> MsiExec.exe /I{7E3D3BC6-D640-410A-BA62-CF8F4E257AEC} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{7f51bdb9-ee21-49ee-94d6-90afc321780e}] : (.-.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}] : (Microsoft_VC80_CRT_x86.-.Adobe) -> MsiExec.exe /I{92D58719-BBC1-4CC3-A08B-56C9E884CC2C} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}] : (Google Update Helper.-.Google Inc.) -> MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-0804-1033-1959-001824265200}] : (Adobe Refresh Manager.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-0804-1033-1959-001824265200} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}] : (Adobe Acrobat Reader DC - Français.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-AC0F074E4100} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{ce085a78-074e-4823-8dc1-8a721b94b76d}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1] : (VSO ConvertXToDVD.-.VSO Software) -> "e:\Program Files (x86)\VSO\ConvertX\5\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}] : (Intel(R) C++ Redistributables for Windows* on Intel(R) 64.-.Intel Corporation) -> MsiExec.exe /X{D2437C5C-2D8C-40D2-8059-689AD7239FA3} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}] : (Etron USB3.0 Host Controller.-.Etron Technology) -> MsiExec.exe /I{DFBB738C-71D8-4DC5-B8D2-D65C37680E27} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F3B4320C-C72B-46B3-96D7-0C38E37388B8}] : (.. ..-.Intel) -> MsiExec.exe /X{F3B4320C-C72B-46B3-96D7-0C38E37388B8} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}] : (QuickTime 7.-.Apple Inc.) -> MsiExec.exe /I{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C} ---------- | Ports ---------- | Installer [HKCR\Installer\Products\4EA42A62D9304AC4784BF2238110170F] : Java 8 Update 171 -> E:\Program Files (x86)\Java\jre1.8.0_171\\bin\javaws.exe [HKCR\Installer\Products\5188AF8E718382148A412EAE4C65DA0F] : paint.net -> C:\Windows\Installer\{E8FA8815-3817-4128-A814-E2EAC456ADF0}\_853F67D554F05449430E7E.exe [HKCR\Installer\Products\57DB95FFA664A5D4DA32AA8DC7F54DC4] : QuickTime 7 -> C:\Windows\Installer\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}\Installer.ico [HKCR\Installer\Products\5A440F64B8EC691489E4B56D25E563D1] : Apple Application Support -> C:\Windows\Installer\{46F044A5-CE8B-4196-984E-5BD6525E361D}\WinInstall.ico [HKCR\Installer\Products\6030E61781384634B8F8C04C9E73B6CA] : Analyseur et SDK MSXML 4.0 SP2 [HKCR\Installer\Products\68AB67CA408033019195008142622500] : Adobe Refresh Manager -> C:\Windows\Installer\{AC76BA86-0804-1033-1959-001824265200}\ARPPRODUCTICON.exe [HKCR\Installer\Products\68AB67CA7DA76301B744CAF070E41400] : Adobe Acrobat Reader DC - Français -> C:\Windows\Installer\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}\SC_Reader.ico [HKCR\Installer\Products\6A1554C134743904194E4177DC560534] : NVIDIA PhysX [HKCR\Installer\Products\6A4B1B05B64760745AD0F8ABC9803657] : Smart Technology Programming Software 7.0.44.1 [HKCR\Installer\Products\6CB3D3E7046DA014AB26FCF8E452A7CE] : NDSoft Constantine X Version 1.00 -> C:\Windows\Installer\{7E3D3BC6-D640-410A-BA62-CF8F4E257AEC}\NDSoftConstantineXSceneryConfigurator.exe [HKCR\Installer\Products\6E70BCDC55FA2FB49880649CB3B8DFC1] : Intel(R) ME UninstallLegacy [HKCR\Installer\Products\6E8A266FCD4F2A1409E1C8110F44DBCE] : MSXML 4.0 SP2 (KB973688) [HKCR\Installer\Products\7C285819E0F01AF44AC956AC8946DD8D] : Saitek ProFlight Fsx Plugin 7.0.50.1 [HKCR\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E] : Google Update Helper [HKCR\Installer\Products\A0175657D79C4A440A036798759F2F1C] : . . [HKCR\Installer\Products\A089CE062ADB6BC44A720BA745894BAC] : Google Update Helper [HKCR\Installer\Products\A92AED72C2228F547BD0A0B703F37CB1] : Intel(R) Rapid Storage Technology [HKCR\Installer\Products\AA74CE6531856FF4E857450462BFAE38] : Apple Software Update -> C:\Windows\Installer\{56EC47AA-5813-4FF6-8E75-544026FBEA83}\Installer.ico [HKCR\Installer\Products\C0234B3FB27C3B64697DC0833E37888B] : . . . -> C:\Windows\Installer\{F3B4320C-C72B-46B3-96D7-0C38E37388B8}\ProductIcon [HKCR\Installer\Products\C5C7342DC8D22D04089586A97D32F93A] : Intel(R) C++ Redistributables for Windows* on Intel(R) 64 -> C:\Windows\Installer\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}\ARPPRODUCTICON.exe [HKCR\Installer\Products\C837BBFD8D175CD48B2D6DC57386E072] : Etron USB3.0 Host Controller -> C:\Windows\Installer\{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}\ARPPRODUCTICON.exe [HKCR\Installer\Products\DDA39468D428E8B4DB27C8D5DC5CA217] : MSXML 4.0 SP2 (KB954430) [HKCR\Installer\Products\F23A7D5DF138F754598E18B272E97DFF] : Intel(R) Management Engine Components [HKCR\Installer\Products\F60730A4A66673047777F5728467D401] : Java Auto Updater ---------- | ADS ---------- | Drives ---------- | MBR 64 bits not supported by MBR.exe, Dump : C:\QuickDiag\MBR.Bin ---------- | 20 LastEventLog The program IEXPLORE.EXE version 11.0.9600.19036 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: a4c Start Time: 01d409a9beab5993 Termination Time: 0 Application Path: E:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Report Id: ------------ The program fsx.exe version 10.0.61637.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1550 Start Time: 01d409a5f06aca78 Termination Time: 0 Application Path: D:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\fsx.exe Report Id: 7e24bc61-759b-11e8-b494-50e549e20a5d ------------ Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. ------------ The program fsx.exe version 10.0.61637.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1aa0 Start Time: 01d409a485e17dd9 Termination Time: 0 Application Path: D:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\fsx.exe Report Id: e16380c5-7598-11e8-b499-50e549e20a5d ------------ The program fsx.exe version 10.0.61637.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1b50 Start Time: 01d409a302a88749 Termination Time: 0 Application Path: D:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\fsx.exe Report Id: 9823bc63-7597-11e8-b499-50e549e20a5d ------------ The program fsx.exe version 10.0.61637.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1034 Start Time: 01d409a256905700 Termination Time: 20 Application Path: D:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\fsx.exe Report Id: cf7e27bf-7595-11e8-b499-50e549e20a5d ------------ ------------ ------------ ------------ ------------ The device, \Device\Harddisk1\DR1, has a bad block. ------------ The device, \Device\Harddisk1\DR1, has a bad block. ------------ The device, \Device\Harddisk1\DR1, has a bad block. ------------ The device, \Device\Harddisk1\DR1, has a bad block. ------------ The device, \Device\Harddisk1\DR1, has a bad block. ------------ The device, \Device\Harddisk1\DR1, has a bad block. ------------ The device, \Device\Harddisk1\DR1, has a bad block. ------------ The device, \Device\Harddisk1\DR1, has a bad block. ------------ The device, \Device\Harddisk1\DR1, has a bad block. ------------ ----------( EOF)---------- - 3524 | 23:02:51