--------------- QuickDiag | g3n-h@ckm@n | V4_20.06.18.1 --------------- ----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 15/07/2018 23:37:29 Updated 20/06/2018 | 08:30 (GMT) by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Time Zone : (UTC+01:00) Bruxelles, Copenhague, Madrid, Paris [admin (Administrator)] - [DESKTOP-CDDJ7U6] (S-1-5-21-984768822-1242204556-3330448555-1001) System: Microsoft Windows 10 Famille - - (10.0.17134) - BuildType: Multiprocessor Free - OSLanguage: 1036 (040c) -> (1803) System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True Boot : Microsoft Windows 10 Famille|C:\WINDOWS|\Device\Harddisk0\Partition4 Boot : Normal boot PC: System Product Name - System manufacturer - IdNumber: System Serial Number - UUID: DC979E2A-F491-77CB-91FF-38D547123D78 Processor : X64 - 3504 Mhz - Intel(R) Core(TM) i5-6600K CPU @ 3.50GHz 2003 - fr|FR|iso8859-1 - American Megatrends Inc. - S/N: System Serial Number - 2003 - ALASKA - 1072009 CoreTemp : 29.8 Celsius ----------| Quick ---------- | SoundDevice Périphérique audio USB - Status: OK - Manufacturer: (USB Audio générique) - PNPDeviceID: USB\VID_0D8C&PID_013C&MI_00\6&31DC6313&0&0000 NVIDIA High Definition Audio - Status: OK - Manufacturer: NVIDIA - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10DE&DEV_0084&SUBSYS_10B01C03&REV_1001\5&24CC3484&0&0001 NVIDIA Virtual Audio Device (Wave Extensible) (WDM) - Status: OK - Manufacturer: NVIDIA - PNPDeviceID: ROOT\UNNAMED_DEVICE\0000 Realtek High Definition Audio - Status: OK - Manufacturer: Realtek - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0900&SUBSYS_104386AE&REV_1000\4&2DE74382&0&0001 VB-Audio VoiceMeeter VAIO - Status: OK - Manufacturer: VB-Audio Software - PNPDeviceID: ROOT\MEDIA\0000 ---------- | Video NVIDIA GeForce GTX 1060 6GB - Resolution: 1920x1080 - Colors: 4294967296 - RefreshRate: 60 - 32 Bits Per Pixel - DeviceID: VideoController1 - Drivers: C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_485c1c3102021986\nvldumdx.dll,C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_485c1c3102021986\nvldumdx.dll,C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_485c1c3102021986\nvldumdx.dll,C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_485c1c3102021986\nvldumdx.dll - PNPDeviceID: PCI\VEN_10DE&DEV_1C03&SUBSYS_1C0310B0&REV_A1\4&2D78AB8F&0&0008 - AdapterCompatibility: NVIDIA - RAM: -1048576 Inegrated Video Chipset DeviceName: NVIDIA GeForce GTX 1060 6GB - DriverVersion: 24.21.13.9836 - SpecificationVersion: 1025 ---------- | Codecs c:\windows\system32\ficvdec_x64.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 652288 - Manufacturer: - Status: OK c:\windows\system32\iyuv_32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 53760 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msg711.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 25408 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 28160 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msrle32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 17920 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\imaadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 36264 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 34696 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msgsm32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 42480 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\frapsv64.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 105984 - Manufacturer: Beepa P/L - Status: OK c:\windows\system32\tsbyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 16896 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\l3codeca.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 86016 - Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK c:\windows\system32\msvidc32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 39424 - Manufacturer: Microsoft Corporation - Status: OK ---------- | CPU CPU #1 value:0 % CPU #2 value:0 % CPU #3 value:0 % CPU #4 value:0 % Total Overall CPU Usage value:0 % ---------- | Network Intel[R] Ethernet Connection [2] I219-V : SENT:0 bytes/sec / RECVD:0 bytes/sec D-Link DWA-556 Xtreme N PCIe Desktop Adapter : SENT:0 bytes/sec / RECVD:0 bytes/sec Overall -> SEND Maxium:0 bytes/sec, / RECEIVE Maximum:0 bytes/sec Microsoft Kernel Debug Network Adapter - - Microsoft - Status: - PnPID : ROOT\KDNIC\0000 Intel(R) Ethernet Connection (2) I219-V - Ethernet 802.3 - Intel - Status: - PnPID : PCI\VEN_8086&DEV_15B8&SUBSYS_86721043&REV_31\3&11583659&0&FE D-Link DWA-556 Xtreme N PCIe Desktop Adapter - Ethernet 802.3 - Qualcomm Atheros Communications Inc. - Status: - PnPID : PCI\VEN_168C&DEV_0024&SUBSYS_3A701186&REV_01\4&1649F021&0&00DA Microsoft Wi-Fi Direct Virtual Adapter - Ethernet 802.3 - Microsoft - Status: - PnPID : {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP_WFD\5&1E40D841&0&11 Microsoft Wi-Fi Direct Virtual Adapter #2 - Ethernet 802.3 - Microsoft - Status: - PnPID : {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP_WFD\5&1E40D841&0&12 WAN Miniport (SSTP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_SSTPMINIPORT WAN Miniport (IKEv2) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_AGILEVPNMINIPORT WAN Miniport (L2TP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_L2TPMINIPORT WAN Miniport (PPTP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_PPTPMINIPORT WAN Miniport (PPPOE) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_PPPOEMINIPORT WAN Miniport (IP) - Ethernet 802.3 - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_NDISWANIP WAN Miniport (IPv6) - Ethernet 802.3 - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_NDISWANIPV6 WAN Miniport (Network Monitor) - Ethernet 802.3 - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_NDISWANBH ---------- | Memory RAM = Total (MB) : 16715 | Free (MB) : 13249 Pagefile = Total (MB) : 19206 | Free (MB) : 14275 Virtual = Total (MB) : 4194 | Free (MB) : 3925 Physical Memory 1 : Capacity: 8589934592 - DIMM_A2 - Posit.: 1 - Manufacturer: Corsair - PartNumber: CMK16GX4M2A2133C13 - S/N: 00000000 Physical Memory 3 : Capacity: 8589934592 - DIMM_B2 - Posit.: 2 - Manufacturer: Corsair - PartNumber: CMK16GX4M2A2133C13 - S/N: 00000000 ---------- | SID Users admin : [S-1-5-21-984768822-1242204556-3330448555-1001] Administrateur : [S-1-5-21-984768822-1242204556-3330448555-500] ASPNET : [S-1-5-21-984768822-1242204556-3330448555-1002] DefaultAccount : [S-1-5-21-984768822-1242204556-3330448555-503] defaultuser0 : [S-1-5-21-984768822-1242204556-3330448555-1000] Invité : [S-1-5-21-984768822-1242204556-3330448555-501] WDAGUtilityAccount : [S-1-5-21-984768822-1242204556-3330448555-504] Administrateurs : [S-1-5-32-544] IIS_IUSRS : [S-1-5-32-568] Invités : [S-1-5-32-546] Lecteurs des journaux d’événements : [S-1-5-32-573] System Managed Accounts Group : [S-1-5-32-581] Utilisateurs : [S-1-5-32-545] Utilisateurs de gestion à distance : [S-1-5-32-580] Utilisateurs de l’Analyseur de performances : [S-1-5-32-558] Utilisateurs du journal de performances : [S-1-5-32-559] Utilisateurs du modèle COM distribué : [S-1-5-32-562] ---------- | SystemAccounts Name: Tout le monde - SID: S-1-1-0 - SIDType: 5 - Status: OK Name: LOCAL - SID: S-1-2-0 - SIDType: 5 - Status: OK Name: CREATEUR PROPRIETAIRE - SID: S-1-3-0 - SIDType: 5 - Status: OK Name: GROUPE CREATEUR - SID: S-1-3-1 - SIDType: 5 - Status: OK Name: CREATOR OWNER SERVER - SID: S-1-3-2 - SIDType: 5 - Status: OK Name: CREATOR GROUP SERVER - SID: S-1-3-3 - SIDType: 5 - Status: OK Name: DROITS DU PROPRIÉTAIRE - SID: S-1-3-4 - SIDType: 5 - Status: OK Name: LIGNE - SID: S-1-5-1 - SIDType: 5 - Status: OK Name: RESEAU - SID: S-1-5-2 - SIDType: 5 - Status: OK Name: TACHE - SID: S-1-5-3 - SIDType: 5 - Status: OK Name: INTERACTIF - SID: S-1-5-4 - SIDType: 5 - Status: OK Name: SERVICE - SID: S-1-5-6 - SIDType: 5 - Status: OK Name: ANONYMOUS LOGON - SID: S-1-5-7 - SIDType: 5 - Status: OK Name: Proxy - SID: S-1-5-8 - SIDType: 5 - Status: OK Name: Système - SID: S-1-5-18 - SIDType: 5 - Status: OK Name: ENTERPRISE DOMAIN CONTROLLERS - SID: S-1-5-9 - SIDType: 5 - Status: OK Name: SELF - SID: S-1-5-10 - SIDType: 5 - Status: OK Name: Utilisateurs authentifiés - SID: S-1-5-11 - SIDType: 5 - Status: OK Name: RESTRICTED - SID: S-1-5-12 - SIDType: 5 - Status: OK Name: UTILISATEUR TERMINAL SERVER - SID: S-1-5-13 - SIDType: 5 - Status: OK Name: REMOTE INTERACTIVE LOGON - SID: S-1-5-14 - SIDType: 5 - Status: OK Name: IUSR - SID: S-1-5-17 - SIDType: 5 - Status: OK Name: SERVICE LOCAL - SID: S-1-5-19 - SIDType: 5 - Status: OK Name: SERVICE RÉSEAU - SID: S-1-5-20 - SIDType: 5 - Status: OK Name: BUILTIN - SID: S-1-5-32 - SIDType: 3 - Status: OK ---------- | Drives C:\ -> [Fixed] | [] | Total : 255.62 Go | Free : 141.8 Go -> NTFS (SSD) [SATA] D:\ -> [Fixed] | [Nouveau nom] | Total : 931.39 Go | Free : 214.65 Go -> NTFS [SATA] F:\ -> [Fixed] | [] | Total : 0.44 Go | Free : 0.04 Go -> NTFS (SSD) [SATA] Disk Usage Information [2 total Physical Disks] Physical Drive #0 [F:, C:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Physical Drive #1 [D:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Overall - Read Maximum:0 bytes/sec, Write Maximum:0 bytes/sec DeviceID: \\.\PHYSICALDRIVE1 - Status: OK - IDE - Fixed hard disk media - 1 Part. - PnPID : SCSI\DISK&VEN_ST1000DM&PROD_003-1SB102\4&39693902&0&000500 DeviceID: \\.\PHYSICALDRIVE0 - Status: OK - IDE - Fixed hard disk media - 3 Part. - PnPID : SCSI\DISK&VEN_CRUCIAL_&PROD_CT275MX300SSD1\4&39693902&0&000200 ---------- | Windows updates - Activation - License Test 1 : Windows Is Activated Test 2 : Possible Fixed Windows Volume License ---------- | Browsers IE : 11.0.17134.1 (© Microsoft Corporation. Tous droits réservés.) Default : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" ---------- | FlashPlayer FlashPlayer ActiveX : 30.0.0.134 FlashPlayer Plugin : 30.0.0.113 ---------- | Security AV : Malwarebytes Enabled AS : Avast Antivirus Enabled FW : WINDOWS Firewall WMI : OK WU: Windows Update Service [Manual(3)] = Running AS: Windows Defender [Manual(3)] = stopped WMI: Windows Management Instrumentation [Auto(2)] = Running ---------- | Running processes 440 | [Owner : Système | Parent : 4(System) | ?????] - (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (10.0.17134.1) = C:\Windows\System32\smss.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 632 | [Owner : Système | Parent : 600() | ?????] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (10.0.17134.1) = C:\Windows\System32\csrss.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 716 | [Owner : Système | Parent : 600() | ?????] - (.Microsoft Corporation - Application de démarrage de Windows.) - (10.0.17134.1) = C:\Windows\System32\wininit.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 780 | [Owner : Système | Parent : 716(wininit.exe) | ?????] - (.Microsoft Corporation - Applications Services et Contrôleur.) - (10.0.17134.1) = C:\Windows\System32\services.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 800 | [Owner : Système | Parent : 716(wininit.exe) | ?????] - (.Microsoft Corporation - Local Security Authority Process.) - (10.0.17134.1) = C:\Windows\System32\lsass.exe [12/04/2018 01:34:23] CPU Usage:0 % --> Command Line : 912 | [Owner : Système | Parent : 780(services.exe) | 3.88 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 920 | [Owner : UMFD-0 | Parent : 716(wininit.exe) | 4 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.17134.1) = C:\Windows\System32\fontdrvhost.exe [12/04/2018 01:34:24] CPU Usage:0 % --> Command Line : 936 | [Owner : Système | Parent : 780(services.exe) | 27.69 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 636 | [Owner : SERVICE RÉSEAU | Parent : 780(services.exe) | 13.51 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 712 | [Owner : Système | Parent : 780(services.exe) | 8.32 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 1164 | [Owner : Système | Parent : 780(services.exe) | 9.65 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 1184 | [Owner : SERVICE LOCAL | Parent : 780(services.exe) | 11.47 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 1228 | [Owner : Système | Parent : 780(services.exe) | 15.7 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 1252 | [Owner : Système | Parent : 780(services.exe) | 6.02 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 1280 | [Owner : Système | Parent : 780(services.exe) | 10.79 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 1304 | [Owner : SERVICE LOCAL | Parent : 780(services.exe) | 19.49 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 1392 | [Owner : SERVICE LOCAL | Parent : 780(services.exe) | 24.86 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 1456 | [Owner : Système | Parent : 780(services.exe) | 9.66 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 1488 | [Owner : SERVICE LOCAL | Parent : 780(services.exe) | 9.03 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 1572 | [Owner : SERVICE LOCAL | Parent : 780(services.exe) | 7.53 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 1584 | [Owner : Système | Parent : 780(services.exe) | 15.57 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.11.2431.7967) = C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [12/06/2017 12:32:42] CPU Usage:0 % --> Command Line : 1648 | [Owner : Système | Parent : 780(services.exe) | 12.79 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 1656 | [Owner : SERVICE LOCAL | Parent : 780(services.exe) | 7.83 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 1664 | [Owner : Système | Parent : 780(services.exe) | 5.71 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 1732 | [Owner : SERVICE RÉSEAU | Parent : 780(services.exe) | 11.17 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 1772 | [Owner : Système | Parent : 780(services.exe) | 9.19 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 1856 | [Owner : Système | Parent : 780(services.exe) | 8.12 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 1864 | [Owner : SERVICE LOCAL | Parent : 780(services.exe) | 18.61 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 1916 | [Owner : SERVICE LOCAL | Parent : 780(services.exe) | 9.42 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 2100 | [Owner : SERVICE RÉSEAU | Parent : 780(services.exe) | 9.7 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 2164 | [Owner : SERVICE LOCAL | Parent : 780(services.exe) | 13.18 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 2208 | [Owner : SERVICE LOCAL | Parent : 780(services.exe) | 7.36 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 2360 | [Owner : SERVICE LOCAL | Parent : 780(services.exe) | 6.4 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 2368 | [Owner : SERVICE LOCAL | Parent : 780(services.exe) | 12.7 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 2412 | [Owner : Système | Parent : 780(services.exe) | 14.39 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 2472 | [Owner : Système | Parent : 780(services.exe) | 15.14 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 2520 | [Owner : Système | Parent : 780(services.exe) | 13.96 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 2528 | [Owner : Système | Parent : 780(services.exe) | ?????] - (.AVAST Software - Avast Service.) - (18.4.3895.0) = D:\Program Files\AVAST Software\Avast\AvastSvc.exe [17/05/2018 18:42:42] CPU Usage:0 % --> Command Line : 2840 | [Owner : Système | Parent : 780(services.exe) | 6.21 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 2864 | [Owner : SERVICE LOCAL | Parent : 2840(svchost.exe) | 5.02 Mo] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (10.0.17134.1) = C:\Windows\System32\dasHost.exe [12/04/2018 01:34:12] CPU Usage:0 % --> Command Line : 3012 | [Owner : SERVICE LOCAL | Parent : 780(services.exe) | 7.42 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 2696 | [Owner : Système | Parent : 780(services.exe) | 14.16 Mo] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.17134.1) = C:\Windows\System32\spoolsv.exe [12/04/2018 01:34:41] CPU Usage:0 % --> Command Line : 3096 | [Owner : SERVICE RÉSEAU | Parent : 780(services.exe) | 8.04 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 3424 | [Owner : Système | Parent : 780(services.exe) | 7.9 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 3476 | [Owner : Système | Parent : 780(services.exe) | 27.02 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 3484 | [Owner : Système | Parent : 780(services.exe) | 7.38 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 3492 | [Owner : Système | Parent : 780(services.exe) | 17.27 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 3504 | [Owner : Système | Parent : 780(services.exe) | 26.17 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.11.2402.8583) = C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [05/07/2018 17:38:35] CPU Usage:0 % --> Command Line : 3512 | [Owner : SERVICE LOCAL | Parent : 780(services.exe) | 19.55 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 3528 | [Owner : Système | Parent : 780(services.exe) | 6.62 Mo] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - (1.824.27.2646) = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [21/03/2018 02:21:48] CPU Usage:0 % --> Command Line : 3536 | [Owner : SERVICE RÉSEAU | Parent : 780(services.exe) | 12.97 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 3544 | [Owner : Système | Parent : 780(services.exe) | 8.92 Mo] - (.Broadcom Corporation. - Bluetooth Radio Management Support.) - (12.0.0.8048) = C:\Windows\System32\BtwRSupportService.exe [27/03/2015 10:33:20] CPU Usage:0 % --> Command Line : 3556 | [Owner : Système | Parent : 780(services.exe) | 10.89 Mo] - (.Adobe Systems, Incorporated - Adobe Genuine Software Service.) - (5.0.0.950) = C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [11/05/2018 12:50:52] CPU Usage:0 % --> Command Line : 3564 | [Owner : Système | Parent : 780(services.exe) | 10.77 Mo] - (.Adobe Systems, Incorporated - Adobe Genuine Software Integrity Service.) - (5.0.0.950) = C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [20/08/2015 17:04:56] CPU Usage:0 % --> Command Line : 3572 | [Owner : SERVICE LOCAL | Parent : 780(services.exe) | 6.37 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 3580 | [Owner : SERVICE RÉSEAU | Parent : 780(services.exe) | 13.67 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.11.2393.9975) = C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [05/07/2018 17:38:11] CPU Usage:0 % --> Command Line : 3592 | [Owner : Système | Parent : 780(services.exe) | 8.73 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 3600 | [Owner : Système | Parent : 780(services.exe) | 8.83 Mo] - (.Broadcom Corporation. - Bluetooth Support Server.) - (12.0.0.2700) = D:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [28/09/2012 01:52:18] CPU Usage:0 % --> Command Line : 3640 | [Owner : Système | Parent : 780(services.exe) | ?????] - (.Microsoft Corporation - Windows Security Health Service.) - (4.13.17134.137) = C:\Windows\System32\SecurityHealthService.exe [12/07/2018 09:33:57] CPU Usage:0 % --> Command Line : 3732 | [Owner : SERVICE LOCAL | Parent : 780(services.exe) | 8.92 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 3764 | [Owner : Système | Parent : 780(services.exe) | 5.59 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 3772 | [Owner : Système | Parent : 780(services.exe) | 21.63 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 3864 | [Owner : Système | Parent : 780(services.exe) | 12.04 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 4076 | [Owner : Système | Parent : 780(services.exe) | 11.95 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 3812 | [Owner : SERVICE LOCAL | Parent : 780(services.exe) | 6.03 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 5012 | [Owner : Système | Parent : 780(services.exe) | 17.66 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 4952 | [Owner : SERVICE RÉSEAU | Parent : 780(services.exe) | 6.94 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 7004 | [Owner : Système | Parent : 780(services.exe) | 42.66 Mo] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.17134.1) = C:\Windows\System32\SearchIndexer.exe [12/04/2018 01:34:08] CPU Usage:0 % --> Command Line : 7484 | [Owner : SERVICE LOCAL | Parent : 780(services.exe) | 9.79 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 8116 | [Owner : Système | Parent : 780(services.exe) | ?????] - (.AVAST Software - Avast Behavior Shield.) - (18.4.3.28536) = D:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [17/05/2018 18:42:38] CPU Usage:0 % --> Command Line : 8400 | [Owner : Système | Parent : 936(svchost.exe) | 6.6 Mo] - (.Microsoft Corporation - Sink to receive asynchronous callbacks for WMI client application.) - (10.0.17134.1) = C:\Windows\System32\wbem\unsecapp.exe [12/04/2018 01:34:40] CPU Usage:0 % --> Command Line : 8732 | [Owner : SERVICE LOCAL | Parent : 780(services.exe) | 18.88 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 9452 | [Owner : Système | Parent : 780(services.exe) | 8.66 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 8912 | [Owner : SERVICE RÉSEAU | Parent : 780(services.exe) | 34.27 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 3968 | [Owner : Système | Parent : 780(services.exe) | ?????] - (.Microsoft Corporation - Service Broker du moniteur d'exécution System Guard.) - (10.0.17134.1) = C:\Windows\System32\SgrmBroker.exe [12/04/2018 01:34:04] CPU Usage:0 % --> Command Line : 10956 | [Owner : Système | Parent : 780(services.exe) | 12.26 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 11120 | [Owner : Système | Parent : 780(services.exe) | 38.14 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 10304 | [Owner : Système | Parent : 780(services.exe) | 9.89 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 10800 | [Owner : SERVICE LOCAL | Parent : 780(services.exe) | 13.28 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 10624 | [Owner : Système | Parent : 780(services.exe) | 11.93 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 6432 | [Owner : Système | Parent : 780(services.exe) | 15.88 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 1712 | [Owner : Système | Parent : 780(services.exe) | 6.32 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 10856 | [Owner : Système | Parent : 780(services.exe) | 9.62 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 3204 | [Owner : SERVICE LOCAL | Parent : 780(services.exe) | 10.57 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 9768 | [Owner : Système | Parent : 780(services.exe) | 8.3 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 7020 | [Owner : Système | Parent : 9872() | ?????] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (10.0.17134.1) = C:\Windows\System32\csrss.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 6024 | [Owner : Système | Parent : 9872() | 8.83 Mo] - (.Microsoft Corporation - Application d’ouverture de session Windows.) - (10.0.17134.165) = C:\Windows\System32\winlogon.exe [12/07/2018 09:33:54] CPU Usage:0 % --> Command Line : 11992 | [Owner : UMFD-3 | Parent : 6024(winlogon.exe) | 17.86 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.17134.1) = C:\Windows\System32\fontdrvhost.exe [12/04/2018 01:34:24] CPU Usage:0 % --> Command Line : 10300 | [Owner : DWM-3 | Parent : 6024(winlogon.exe) | 60.68 Mo] - (.Microsoft Corporation - Gestionnaire de fenêtres du Bureau.) - (10.0.17134.1) = C:\Windows\System32\dwm.exe [12/04/2018 01:34:19] CPU Usage:2 % --> Command Line : 13148 | [Owner : Système | Parent : 780(services.exe) | 7.06 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 9336 | [Owner : Système | Parent : 780(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 4616 | [Owner : Système | Parent : 780(services.exe) | 7.44 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 12724 | [Owner : Système | Parent : 1584(NVDisplay.Container.exe) | 27.87 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.11.2431.7967) = C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [12/06/2017 12:32:42] CPU Usage:0 % --> Command Line : 4416 | [Owner : admin | Parent : 3504(nvcontainer.exe) | 37.02 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.11.2402.8583) = C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [05/07/2018 17:38:35] CPU Usage:0 % --> Command Line : 11908 | [Owner : admin | Parent : 1456(svchost.exe) | 25.25 Mo] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.17134.1) = C:\Windows\System32\sihost.exe [12/04/2018 01:34:12] CPU Usage:0 % --> Command Line : 5708 | [Owner : admin | Parent : 780(services.exe) | 27.09 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 5380 | [Owner : admin | Parent : 780(services.exe) | 28.9 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 9292 | [Owner : admin | Parent : 1228(svchost.exe) | 15 Mo] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.17134.1) = C:\Windows\System32\taskhostw.exe [12/04/2018 01:34:37] CPU Usage:0 % --> Command Line : 4436 | [Owner : SERVICE LOCAL | Parent : 780(services.exe) | 7 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 10476 | [Owner : admin | Parent : 4136() | 118.11 Mo] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.17134.165) = C:\Windows\explorer.exe [12/07/2018 09:34:01] CPU Usage:0 % --> Command Line : 6492 | [Owner : SERVICE LOCAL | Parent : 780(services.exe) | 6.64 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 4972 | [Owner : admin | Parent : 936(svchost.exe) | 71.2 Mo] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.17134.1) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [12/04/2018 01:33:58] CPU Usage:0 % --> Command Line : 9208 | [Owner : Système | Parent : 780(services.exe) | 5.88 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 908 | [Owner : admin | Parent : 936(svchost.exe) | 114.49 Mo] - (.Microsoft Corporation - Search and Cortana application.) - (10.0.17134.165) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [12/07/2018 09:34:09] CPU Usage:0 % --> Command Line : 5744 | [Owner : admin | Parent : 936(svchost.exe) | 15.1 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.17134.1) = C:\Windows\System32\RuntimeBroker.exe [12/04/2018 01:34:06] CPU Usage:0 % --> Command Line : 5512 | [Owner : admin | Parent : 936(svchost.exe) | 21.94 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.17134.1) = C:\Windows\System32\RuntimeBroker.exe [12/04/2018 01:34:06] CPU Usage:0 % --> Command Line : 5604 | [Owner : admin | Parent : 3424(svchost.exe) | 14.97 Mo] - (.Microsoft Corporation - Chargeur CTF.) - (10.0.17134.1) = C:\Windows\System32\ctfmon.exe [12/04/2018 01:34:37] CPU Usage:0 % --> Command Line : 10332 | [Owner : admin | Parent : 936(svchost.exe) | 31.2 Mo] - (.Microsoft Corporation - Windows Defender SmartScreen.) - (10.0.17134.137) = C:\Windows\System32\smartscreen.exe [12/07/2018 09:34:00] CPU Usage:0 % --> Command Line : 244 | [Owner : admin | Parent : 936(svchost.exe) | 15.42 Mo] - (.-.) - (10.18052.1061.0) = C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18052.10711.0_x64__8wekyb3d8bbwe\Video.UI.exe [26/06/2018 18:41:35] CPU Usage:0 % --> Command Line : 1064 | [Owner : admin | Parent : 936(svchost.exe) | 13.72 Mo] - (.Microsoft Corporation - Host Process for Setting Synchronization.) - (10.0.17134.1) = C:\Windows\System32\SettingSyncHost.exe [12/04/2018 01:34:34] CPU Usage:0 % --> Command Line : 9528 | [Owner : admin | Parent : 936(svchost.exe) | 15.03 Mo] - (.-.) - (12.1815.209.0) = C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeHost.exe [22/05/2018 12:31:35] CPU Usage:0 % --> Command Line : 4820 | [Owner : admin | Parent : 3884() | 16.64 Mo] - (.Node.js - NVIDIA Web Helper Service.) - (6.12.2.0) = C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe [05/07/2018 17:38:37] CPU Usage:0 % --> Command Line : 5028 | [Owner : admin | Parent : 936(svchost.exe) | 26.77 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.17134.1) = C:\Windows\System32\RuntimeBroker.exe [12/04/2018 01:34:06] CPU Usage:0 % --> Command Line : 4880 | [Owner : admin | Parent : 4820(NVIDIA Web Helper.exe) | 8.76 Mo] - (.Microsoft Corporation - Hôte de la fenêtre de la console.) - (10.0.17134.1) = C:\Windows\System32\conhost.exe [12/04/2018 01:34:20] CPU Usage:0 % --> Command Line : 6852 | [Owner : admin | Parent : 780(services.exe) | 34.66 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 11624 | [Owner : admin | Parent : 936(svchost.exe) | 8.98 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.17134.1) = C:\Windows\System32\RuntimeBroker.exe [12/04/2018 01:34:06] CPU Usage:0 % --> Command Line : 11696 | [Owner : admin | Parent : 10476(explorer.exe) | 9.41 Mo] - (.Microsoft Corporation - Windows Defender notification icon.) - (4.13.17134.1) = C:\Program Files\Windows Defender\MSASCuiL.exe [12/04/2018 01:33:58] CPU Usage:0 % --> Command Line : 1716 | [Owner : admin | Parent : 10476(explorer.exe) | 19.16 Mo] - (.Druide informatique inc. - AgentAntidote.) - (8.3.367.12477) = D:\Program Files (x86)\Druide\Antidote 8\Programmes32\AgentAntidote.exe [15/04/2013 21:18:12] CPU Usage:0 % --> Command Line : 1400 | [Owner : admin | Parent : 10476(explorer.exe) | 37.17 Mo] - (.Druide informatique inc. - AgentAntidote.) - (8.3.367.12477) = D:\Program Files (x86)\Druide\Antidote 8\Programmes64\AgentAntidote.exe [15/04/2013 21:18:16] CPU Usage:0 % --> Command Line : 9076 | [Owner : admin | Parent : 6028() | 42.63 Mo] - (.AVAST Software - Avast Antivirus.) - (18.4.3895.327) = D:\Program Files\AVAST Software\Avast\AvastUI.exe [09/06/2018 16:52:58] CPU Usage:0 % --> Command Line : 9016 | [Owner : admin | Parent : 10476(explorer.exe) | 137.32 Mo] - (.Valve Corporation - Steam Client Bootstrapper.) - (4.55.34.56) = D:\Program Files (x86)\Steam\Steam.exe [09/06/2018 17:34:50] CPU Usage:0 % --> Command Line : 2464 | [Owner : admin | Parent : 10476(explorer.exe) | 12.58 Mo] - (.Broadcom Corporation. - Bluetooth Tray Application.) - (12.0.0.2700) = D:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [28/09/2012 01:52:02] CPU Usage:0 % --> Command Line : 9536 | [Owner : admin | Parent : 2500() | 13.1 Mo] - (.Oracle Corporation - Java Update Scheduler.) - (2.8.172.11) = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [28/03/2018 22:23:04] CPU Usage:0 % --> Command Line : 6968 | [Owner : admin | Parent : 2464(BTTray.exe) | 8 Mo] - (.Microsoft Corporation - Processus hôte Windows (Rundll32).) - (10.0.17134.1) = C:\Windows\SysWOW64\rundll32.exe [12/04/2018 01:34:59] CPU Usage:0 % --> Command Line : 236 | [Owner : admin | Parent : 9016(Steam.exe) | 56.75 Mo] - (.Valve Corporation - Steam Client WebHelper.) - (4.55.34.56) = D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe [09/06/2018 17:34:48] CPU Usage:0 % --> Command Line : 10492 | [Owner : admin | Parent : 236(steamwebhelper.exe) | 18.92 Mo] - (.Valve Corporation - Steam Client WebHelper.) - (4.55.34.56) = D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe [09/06/2018 17:34:48] CPU Usage:0 % --> Command Line : 12676 | [Owner : Système | Parent : 780(services.exe) | 12.73 Mo] - (.Valve Corporation - Steam Client Service.) - (4.55.34.56) = C:\Program Files (x86)\Common Files\Steam\SteamService.exe [25/11/2016 13:04:17] CPU Usage:0 % --> Command Line : 10232 | [Owner : admin | Parent : 236(steamwebhelper.exe) | 22.47 Mo] - (.Valve Corporation - Steam Client WebHelper.) - (4.55.34.56) = D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe [09/06/2018 17:34:48] CPU Usage:0 % --> Command Line : 5416 | [Owner : admin | Parent : 236(steamwebhelper.exe) | 36.61 Mo] - (.Valve Corporation - Steam Client WebHelper.) - (4.55.34.56) = D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe [09/06/2018 17:34:48] CPU Usage:0 % --> Command Line : 7320 | [Owner : admin | Parent : 936(svchost.exe) | 28.13 Mo] - (.Microsoft Corporation - Application Frame Host.) - (10.0.17134.1) = C:\Windows\System32\ApplicationFrameHost.exe [12/04/2018 01:34:18] CPU Usage:0 % --> Command Line : 6900 | [Owner : admin | Parent : 936(svchost.exe) | 164.61 Mo] - (.Microsoft Corporation - Microsoft Outlook.) - (16.0.9330.2136) = C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.9330.21365.0_x64__8wekyb3d8bbwe\HxOutlook.exe [29/06/2018 13:44:04] CPU Usage:0 % --> Command Line : 11380 | [Owner : admin | Parent : 936(svchost.exe) | 47.83 Mo] - (.Microsoft Corporation - Microsoft Outlook Communications.) - (16.0.9330.2136) = C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.9330.21365.0_x64__8wekyb3d8bbwe\HxTsr.exe [29/06/2018 13:44:04] CPU Usage:0 % --> Command Line : 7892 | [Owner : admin | Parent : 936(svchost.exe) | 15.19 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.17134.1) = C:\Windows\System32\RuntimeBroker.exe [12/04/2018 01:34:06] CPU Usage:0 % --> Command Line : 6704 | [Owner : admin | Parent : 5028(RuntimeBroker.exe) | 278.84 Mo] - (.Mozilla Corporation - Firefox.) - (61.0.1.6759) = C:\Program Files\Mozilla Firefox\firefox.exe [05/07/2018 20:34:45] CPU Usage:19 % --> Command Line : 11836 | [Owner : admin | Parent : 6704(firefox.exe) | 76.99 Mo] - (.Mozilla Corporation - Firefox.) - (61.0.1.6759) = C:\Program Files\Mozilla Firefox\firefox.exe [05/07/2018 20:34:45] CPU Usage:0 % --> Command Line : 3728 | [Owner : admin | Parent : 6704(firefox.exe) | 284.16 Mo] - (.Mozilla Corporation - Firefox.) - (61.0.1.6759) = C:\Program Files\Mozilla Firefox\firefox.exe [05/07/2018 20:34:45] CPU Usage:0 % --> Command Line : 11240 | [Owner : admin | Parent : 6704(firefox.exe) | 379.21 Mo] - (.Mozilla Corporation - Firefox.) - (61.0.1.6759) = C:\Program Files\Mozilla Firefox\firefox.exe [05/07/2018 20:34:45] CPU Usage:0 % --> Command Line : 8140 | [Owner : admin | Parent : 6704(firefox.exe) | 416.76 Mo] - (.Mozilla Corporation - Firefox.) - (61.0.1.6759) = C:\Program Files\Mozilla Firefox\firefox.exe [05/07/2018 20:34:45] CPU Usage:2 % --> Command Line : 2116 | [Owner : Système | Parent : 7004(SearchIndexer.exe) | 12.46 Mo] - (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) - (7.0.17134.1) = C:\Windows\System32\SearchProtocolHost.exe [12/04/2018 01:34:08] CPU Usage:0 % --> Command Line : 5648 | [Owner : Système | Parent : 7004(SearchIndexer.exe) | 6.43 Mo] - (.Microsoft Corporation - Microsoft Windows Search Filter Host.) - (7.0.17134.1) = C:\Windows\System32\SearchFilterHost.exe [12/04/2018 01:34:08] CPU Usage:0 % --> Command Line : 8696 | [Owner : SERVICE LOCAL | Parent : 2164(svchost.exe) | 12.77 Mo] - (.Microsoft Corporation - Isolation graphique de périphérique audio Windows.) - (10.0.17134.137) = C:\Windows\System32\audiodg.exe [12/07/2018 09:34:24] CPU Usage:0 % --> Command Line : 7064 | [Owner : admin | Parent : 10476(explorer.exe) | 43.82 Mo] - (.SosVirus - QuickDiag.) - (20.6.18.1) = C:\Users\admin\Desktop\QuickDiag.exe [15/07/2018 23:36:51] CPU Usage:0 % --> Command Line : 6516 | [Owner : Système | Parent : 936(svchost.exe) | 8.56 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.17134.1) = C:\Windows\System32\wbem\WmiPrvSE.exe [12/04/2018 01:34:40] CPU Usage:0 % --> Command Line : 9920 | [Owner : SERVICE RÉSEAU | Parent : 936(svchost.exe) | 9.8 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.17134.1) = C:\Windows\SysWOW64\wbem\WmiPrvSE.exe [12/04/2018 01:34:55] CPU Usage:0 % --> Command Line : ---------- | Locked Applications [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{f9e93b39-49d1-4179-9848-a5a2896955ea}] - () - (%systemroot%\system32\mrt.exe) ---------- | Explorer.exe Hook (Microsoft Files Whitelisted) (..-..) - (0.0.0.0) -- :\Program Files\AVAST Software\Avast\x64\aswhooka.dll (..-..) - (0.0.0.0) -- C:\Windows\System32\InputHost.dll (.NVIDIA Corporation.-.NVIDIA Driver Loader, Version 398.36.) - (24.21.13.9836) -- C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_485c1c3102021986\nvldumdx.dll (.NVIDIA Corporation.-.NVIDIA D3D10 Driver, Version 398.36.) - (24.21.13.9836) -- C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_485c1c3102021986\nvwgf2umx_cfg.dll (..-..) - (0.0.0.0) -- :\Program Files\AVAST Software\Avast\ashShA64.dll (..-..) - (0.0.0.0) -- C:\Windows\ShellExperiences\TileControl.dll (..-..) - (0.0.0.0) -- C:\Windows\ShellComponents\TaskFlowUI.dll (..-..) - (0.0.0.0) -- :\Program Files\WIDCOMM\Bluetooth Software\btmmhook.dll (..-..) - (0.0.0.0) -- :\Program Files (x86)\WinRAR\rarext64.dll (.Malwarebytes.-.Malwarebytes.) - (3.0.0.57) -- C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll (.NVIDIA Corporation.-.NVIDIA Shell Extensions.) - (6.14.13.9836) -- C:\WINDOWS\system32\nv3dappshext.dll (.NVIDIA Corporation.-.NVIDIA NVAPI Library, Version 398.36.) - (24.21.13.9836) -- C:\WINDOWS\system32\nvapi64.dll ---------- | Svchost.exe Hook (Microsoft Files Whitelisted) (.http://www.sqlite.org/copyright.html.-.SQLite is a software library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine..) - (3.21.0.0) -- C:\windows\system32\winsqlite3.dll (..-..) - (0.0.0.0) -- C:\Windows\System32\InputHost.dll (..-..) - (0.0.0.0) -- C:\Program Files\AVAST Software\Avast\x64\aswhooka.dll (..-..) - (0.0.0.0) -- C:\Program Files\AVAST Software\Avast\x64\aswhooka.dll (..-..) - (0.0.0.0) -- C:\Program Files\AVAST Software\Avast\x64\aswhooka.dll (..-..) - (0.0.0.0) -- C:\Program Files\AVAST Software\Avast\x64\aswhooka.dll (..-..) - (0.0.0.0) -- C:\Program Files\AVAST Software\Avast\x64\aswhooka.dll (..-..) - (0.0.0.0) -- C:\Program Files\AVAST Software\Avast\x64\aswhooka.dll (..-..) - (0.0.0.0) -- C:\Program Files\AVAST Software\Avast\x64\aswhooka.dll (..-..) - (0.0.0.0) -- C:\Program Files\AVAST Software\Avast\x64\aswhooka.dll (..-..) - (0.0.0.0) -- C:\Program Files\AVAST Software\Avast\x64\aswhooka.dll (..-..) - (0.0.0.0) -- C:\Program Files\AVAST Software\Avast\x64\aswhooka.dll (..-..) - (0.0.0.0) -- C:\Program Files\AVAST Software\Avast\x64\aswhooka.dll (..-..) - (0.0.0.0) -- C:\Program Files\AVAST Software\Avast\x64\aswhooka.dll (..-..) - (0.0.0.0) -- C:\Program Files\AVAST Software\Avast\x64\aswhooka.dll (..-..) - (0.0.0.0) -- C:\Program Files\AVAST Software\Avast\x64\aswhooka.dll (..-..) - (0.0.0.0) -- C:\Program Files\AVAST Software\Avast\x64\aswhooka.dll (..-..) - (0.0.0.0) -- C:\Program Files\AVAST Software\Avast\x64\aswhooka.dll (..-..) - (0.0.0.0) -- C:\Program Files\AVAST Software\Avast\x64\aswhooka.dll (..-..) - (0.0.0.0) -- C:\Program Files\AVAST Software\Avast\x64\aswhooka.dll (..-..) - (0.0.0.0) -- C:\Program Files\AVAST Software\Avast\x64\aswhooka.dll (..-..) - (0.0.0.0) -- C:\Program Files\AVAST Software\Avast\x64\aswhooka.dll ---------- | ZeroAccess Check [HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll [HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll [HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll ---------- | Startings up OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-19\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE LOCAL OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-20\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE RÉSEAU EvernoteClipper - (EvernoteClipper.lnk [Startup]) - User: DESKTOP-CDDJ7U6\admin OneDrive - ("C:\Users\admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\SOFTWARE\...\Run]) - User: DESKTOP-CDDJ7U6\admin Steam - ("D:\Program Files (x86)\Steam\steam.exe" -silent [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\SOFTWARE\...\Run]) - User: DESKTOP-CDDJ7U6\admin DAEMON Tools Lite Automount - ("C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\SOFTWARE\...\Run]) - User: DESKTOP-CDDJ7U6\admin Discord - (C:\Users\admin\AppData\Local\Discord\app-0.0.301\Discord.exe [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\SOFTWARE\...\Run]) - User: DESKTOP-CDDJ7U6\admin Bluetooth - (D:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [Common Startup]) - User: Public SecurityHealth - (%ProgramFiles%\Windows Defender\MSASCuiL.exe [HKLM\SOFTWARE\...\Run]) - User: Public RTHDVCPL - ("C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s [HKLM\SOFTWARE\...\Run]) - User: Public XboxStat - ("C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun [HKLM\SOFTWARE\...\Run]) - User: Public AgentAntidote32 - ("D:\Program Files (x86)\Druide\Antidote 8\Programmes32\AgentAntidote.exe" /LancementSession [HKLM\SOFTWARE\...\Run]) - User: Public AgentAntidote64 - ("D:\Program Files (x86)\Druide\Antidote 8\Programmes64\AgentAntidote.exe" /LancementSession [HKLM\SOFTWARE\...\Run]) - User: Public AvastUI.exe - ("D:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui [HKLM\SOFTWARE\...\Run]) - User: Public AdobeGCInvoker-1.0 - ("C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe" [HKLM\SOFTWARE\...\Run]) - User: Public Logitech Download Assistant - (C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [HKLM\SOFTWARE\...\Run]) - User: Public [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Microsoft\Command Processor] "CompletionChar"=9 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=9 [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Microsoft\Windows\CurrentVersion\Run] "OneDrive"="C:\Users\admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background "Steam"="D:\Program Files (x86)\Steam\steam.exe" -silent "DAEMON Tools Lite Automount"="C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun "Discord"=C:\Users\admin\AppData\Local\Discord\app-0.0.301\Discord.exe [05/05/2018 19:51:52] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run] "OneDrive"=0x0300000050BF872D1650D301 "DAEMON Tools Lite Automount"=0x0300000090E29003E312D401 "Steam"=0x020000000000000000000000 "Discord"=0x03000000A0474B06E312D401 "panda"=0x02000000000000000000000000000000 "panda_XP"=0x02000000000000000000000000000000 [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "Device"=Microsoft Print to PDF,winspool,Ne01: "IsMRUEstablished"=1 "LegacyDefaultPrinterMode"=0 [HKLM\Software\Microsoft\Command Processor] "DefaultColor"=0 "EnableExtensions"=1 "CompletionChar"=64 "PathCompletionChar"=64 [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "SecurityHealth"=%ProgramFiles%\Windows Defender\MSASCuiL.exe "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s "XboxStat"="C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun "AgentAntidote32"="D:\Program Files (x86)\Druide\Antidote 8\Programmes32\AgentAntidote.exe" /LancementSession "AgentAntidote64"="D:\Program Files (x86)\Druide\Antidote 8\Programmes64\AgentAntidote.exe" /LancementSession "AvastUI.exe"="D:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui "AdobeGCInvoker-1.0"="C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe" "Logitech Download Assistant"=C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run] "SecurityHealth"=0x060000000000000000000000 "WindowsDefender"=0x060000000000000000000000 "RTHDVCPL"=0x020000000000000000000000 "Logitech Download Assistant"=0x020000000000000000000000 "ShadowPlay"=0x020000000000000000000000 "XboxStat"=0x0300000040C57C381650D301 "AgentAntidote32"=0x020000000000000000000000 "AgentAntidote64"=0x020000000000000000000000 "AvastUI.exe"=0x020000000000000000000000 "AdobeAAMUpdater-1.0"=0x020000000000000000000000 "AdobeGCInvoker-1.0"=0x020000000000000000000000 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32] "StereoLinksInstall"=0x040000000000000000000000 "AvastUI.exe"=0x020000000000000000000000 "SunJavaUpdateSched"=0x020000000000000000000000 "Discord"=0x03000000A07447FBE212D401 "Panda Security URL Filtering"=0x020000000000000000000000 "PSUAMain"=0x92D66C0C90D66C0CC812CC0C "AdobeAAMUpdater-1.0"=0x03000000D01E32301650D301 [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] ""=mnmsrvc "AppInit_DLLs"= "DdeSendTimeout"=0 "DesktopHeapLogging"=1 "DeviceNotSelectedTimeout"=15 "DwmInputUsesIoCompletionPort"=1 "EnableDwmInputProcessing"=7 "GDIProcessHandleQuota"=10000 "IconServiceLib"=IconCodecService.dll "LoadAppInit_DLLs"=0 "NaturalInputHandler"=Ninput.dll "ShutdownWarningDialogTimeout"=4294967295 "Spooler"=yes "ThreadUnresponsiveLogTimeout"=500 "TransmissionRetryTimeout"=90 "USERNestedWindowLimit"=50 "USERPostMessageLimit"=10000 "USERProcessHandleQuota"=10000 "Win32kLastWriteTime"=1D3D1ED98C0F7D8 [HKLM\Software\WOW6432Node\Microsoft\Command Processor] "CompletionChar"=9 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=9 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] "Discord"=C:\ProgramData\SquirrelMachineInstalls\Discord.exe --checkInstall "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows] ""=mnmsrvc "AppInit_DLLs"= "DdeSendTimeout"=0 "DesktopHeapLogging"=1 "DeviceNotSelectedTimeout"=15 "DwmInputUsesIoCompletionPort"=1 "EnableDwmInputProcessing"=7 "GDIProcessHandleQuota"=10000 "IconServiceLib"=IconCodecService.dll "LoadAppInit_DLLs"=0 "NaturalInputHandler"=Ninput.dll "ShutdownWarningDialogTimeout"=4294967295 "Spooler"=yes "ThreadUnresponsiveLogTimeout"=500 "TransmissionRetryTimeout"=90 "USERNestedWindowLimit"=50 "USERPostMessageLimit"=10000 "USERProcessHandleQuota"=10000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED} ---------- | Win.ini : ---------- | System.ini : ---------- | Tasks List AdBlock Master Adobe Acrobat Update Task Adobe Flash Player NPAPI Notifier Adobe Flash Player Updater AdobeGCInvoker-1.0-DESKTOP-CDDJ7U6-admin Avast Emergency Update CCleaner Update CCleanerSkipUAC Driver Booster SkipUAC (admin) Microsoft Office 15 Sync Maintenance for DESKTOP-CDDJ7U6-admin DESKTOP-CDDJ7U6 NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} OneDrive Standalone Update Task-S-1-5-21-984768822-1242204556-3330448555-1001 User_Feed_Synchronization-{D72997FA-7E45-4607-A00B-E96138BB21CA} ---------- | Startings up registry ? Folder ---------- | Control - lsa - SecurityProviders - Session Manager - Terminal Server [HKLM\System\CurrentControlSet\Control] "BootDriverFlags"=28 "CurrentUser"=USERNAME "EarlyStartServices"=RpcSs Power BrokerInfrastructure SystemEventsBroker DcomLaunch RpcEpMapper LSM AppIdSvc "PreshutdownOrder"=UsoSvc DeviceInstall gpsvc trustedinstaller "SvcHostSplitThresholdInKB"=3670016 "WaitToKillServiceTimeout"=200 "SystemStartOptions"= NOEXECUTE=OPTIN "SystemBootDevice"=multi(0)disk(0)rdisk(0)partition(4) "FirmwareBootDevice"=multi(0)disk(0)rdisk(0)partition(2) "LastBootSucceeded"=1 "LastBootShutdown"=1 "DirtyShutdownCount"=4 [HKLM\System\CurrentControlSet\Control\lsa] "auditbasedirectories"=0 "auditbaseobjects"=0 "Bounds"=0x0030000000200000 "crashonauditfail"=0 "fullprivilegeauditing"=0x00 "LimitBlankPasswordUse"=1 "NoLmHash"=1 "Security Packages"="" [24/11/2016 09:51:02] "Notification Packages"=scecli "Authentication Packages"=msv1_0 "disabledomaincreds"=0 "everyoneincludesanonymous"=0 "forceguest"=0 "LsaPid"=800 "ProductType"=3 "restrictanonymous"=0 "restrictanonymoussam"=1 "SecureBoot"=1 [HKLM\System\CurrentControlSet\Control\SecurityProviders] "SecurityProviders"=credssp.dll [HKLM\System\CurrentControlSet\Control\Session Manager] "AutoChkTimeout"=8 "BootExecute"=autocheck autochk * "BootShell"=%SystemRoot%\system32\bootim.exe "CriticalSectionTimeout"=2592000 "ExcludeFromKnownDlls"= "GlobalFlag"=0 "HeapDeCommitFreeBlockThreshold"=0 "HeapDeCommitTotalFreeThreshold"=0 "HeapSegmentCommit"=0 "HeapSegmentReserve"=0 "InitConsoleFlags"=0 "NumberOfInitialSessions"=2 "ObjectDirectories"=\Windows \RPC Control "ProcessorControl"=2 "ProtectionMode"=1 "RunLevelExecute"=WinInit ServiceControlManager "RunLevelValidate"=ServiceControlManager "SETUPEXECUTE"= "AutoChkSkipSystemPartition"=0 "ResourceTimeoutCount"=648000 [HKLM\System\CurrentControlSet\Control\Terminal Server] "AllowRemoteRPC"=0 "DelayConMgrTimeout"=0 "DeleteTempDirsOnExit"=1 "fDenyTSConnections"=1 "fSingleSessionPerUser"=1 "NotificationTimeOut"=0 "PerSessionTempDir"=0 "ProductVersion"=5.1 "RCDependentServices"=CertPropSvc SessionEnv "SnapshotMonitors"=1 "StartRCM"=0 "TSUserEnabled"=0 "InstanceID"=e51c2b1c-a6c9-4c5a-b643-d3011fd "GlassSessionId"=3 ---------- | .LNK with Arguments ---------- | AppCertDlls ---------- | Dnsapi.dll C:\WINDOWS\System32\dnsapi.dll -> OK : \drivers\etc\hosts C:\WINDOWS\SysWOW64\dnsapi.dll -> OK : \drivers\etc\hosts ---------- | Policies | Registry [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Control Panel\Desktop] "ActiveWndTrackTimeout"=0 "BlockSendInputResets"=0 "CaretTimeout"=5000 "CaretWidth"=1 "ClickLockTime"=1200 "CoolSwitchColumns"=7 "CoolSwitchRows"=3 "CursorBlinkRate"=530 "DockMoving"=1 "DragFromMaximize"=1 "DragFullWindows"=1 "DragHeight"=4 "DragWidth"=4 "FocusBorderHeight"=1 "FocusBorderWidth"=1 "FontSmoothing"=2 "FontSmoothingGamma"=0 "FontSmoothingOrientation"=1 "FontSmoothingType"=2 "ForegroundFlashCount"=7 "ForegroundLockTimeout"=200000 "LeftOverlapChars"=3 "MenuShowDelay"=400 "MouseWheelRouting"=2 "PaintDesktopVersion"=0 "Pattern"=0 "RightOverlapChars"=3 "ScreenSaveActive"=1 "SnapSizing"=1 "TileWallpaper"=0 "WallPaper"=C:\Users\admin\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\blue-nebula-46192-3840x2160-1.jpg [08/07/2018 16:58:03] "WallpaperOriginX"=0 "WallpaperOriginY"=0 "WallpaperStyle"=10 "WheelScrollChars"=3 "WheelScrollLines"=3 "WindowArrangementActive"=1 "Win8DpiScaling"=0 "DpiScalingVer"=4096 "UserPreferencesMask"=0x9E1E078012000000 "MaxVirtualDesktopDimension"=2715 "MaxMonitorDimension"=1920 "TranscodedImageCount"=1 "LastUpdated"=4294967295 "TranscodedImageCache"=0x7AC3010057510A00000F000070080000B2AC2A0ECC16D40143003A005C00550073006500720073005C00610064006D0069006E005C0041007000700044006100740061005C004C006F00630061006C005C005000610063006B0061006700650073005C004D006900630072006F0073006F00660074002E00570069006E0064006F00770073002E00500068006F0074006F0073005F003800770065006B007900620033006400380062006200770065005C004C006F00630061006C00530074006100740065005C00500068006F0074006F0073004100700070004200610063006B00670072006F0075006E0064005C0062006C00750065002D006E006500620075006C0061002D00340036003100390032002D003300380034003000780032003100360030002D0031002E006A00700067000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 "Pattern Upgrade"=TRUE "WaitToKillAppTimeout"=200 "HungAppTimeout"=200 [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=0 "{018D5C66-4533-4307-9B53-224DE2ED1FE6}"=1 [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Microsoft\Windows\CurrentVersion\Explorer] "ShellState"=0x240000003D28000000000000000000000000000001000000130000000000000062000000 "ExplorerStartupTraceRecorded"=1 "UserSignedIn"=1 "SlowContextMenuEntries"=0x10901EF8A46ECE11A7FF00AA003CA9F69918000060B81DB4E464D2119906E49FADC173CAAA0300000114020000000000C000000000000046D304000005F7542848354C41A11393E27C808C852D10000016EC7DE90DA5BB49AE24CF682282E08D4A060000 "SIDUpdatedOnLibraries"=1 "LocalKnownFoldersMigrated"=1 "TelemetrySalt"=6 "GlobalAssocChangedCounter"=246 "FirstRunTelemetryComplete"=1 "AppReadinessLogonComplete"=1 "EdgeDesktopShortcutCreated"=1 "PostAppInstallTasksCompleted"=1 "Browse For Folder Width"=1269 "Browse For Folder Height"=592 "link"=0x18000000 "Reason Setting"=255 [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_SearchFiles"=2 "ServerAdminUI"=0 "Hidden"=1 "ShowCompColor"=1 "HideFileExt"=1 "DontPrettyPath"=0 "ShowInfoTip"=1 "HideIcons"=0 "MapNetDrvBtn"=0 "WebView"=1 "Filter"=0 "ShowSuperHidden"=0 "SeparateProcess"=0 "AutoCheckSelect"=0 "IconsOnly"=0 "ShowTypeOverlay"=1 "ShowStatusBar"=1 "ListviewAlphaSelect"=1 "ListviewShadow"=1 "TaskbarAnimations"=1 "StoreAppsOnTaskbar"=1 "StartMenuInit"=13 "ReindexedProfile"=1 "TaskbarStateLastRun"=0x8AE0445B00000000 "TaskbarSizeMove"=1 [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\WordWheelQuery] "MRUListEx"=0x00000000FFFFFFFF "0"=0x73006B007900720069006D000000 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "DSCAutomationHostEnabled"=2 "EnableCursorSuppression"=1 "EnableFullTrustStartupTasks"=2 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableUwpStartupTasks"=2 "EnableVirtualization"=1 "PromptOnSecureDesktop"=1 "SupportFullTrustStartupTasks"=1 "SupportUwpStartupTasks"=1 "ValidateAdminCodeSignatures"=0 "undockwithoutlogon"=1 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "ForceActiveDesktopOn"=0 "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "NoRecentDocsHistory"=0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoAddingComponents"=1 "NoComponents"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "CheckedValue"=1 "DefaultValue"=2 "HKeyRoot"=2147483649 "Id"=2 "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "ValueName"=Hidden [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer] "ActiveSetupDisabled"=0 "ActiveSetupTaskOverride"=1 "AsyncRunOnce"=1 "AsyncUpdatePCSettings"=1 "DisableAppInstallsOnFirstLogon"=1 "DisableResolveStoreCategories"=1 "DisableUpgradeCleanup"=1 "EarlyAppResolverStart"=1 "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "FSIASleepTimeInMs"=60000 "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "IconUnderline"=2 "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "MachineOobeUpdates"=1 "NoWaitOnRoamingPayloads"=1 "TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd} "SmartScreenEnabled"=RequireAdmin "GlobalAssocChangedCounter"=3 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_TrackDocs"=1 "TaskbarSizeMove"=0 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "DSCAutomationHostEnabled"=2 "EnableCursorSuppression"=1 "EnableFullTrustStartupTasks"=2 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableUwpStartupTasks"=2 "EnableVirtualization"=1 "PromptOnSecureDesktop"=1 "SupportFullTrustStartupTasks"=1 "SupportUwpStartupTasks"=1 "ValidateAdminCodeSignatures"=0 "undockwithoutlogon"=1 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer] "ForceActiveDesktopOn"=0 "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "NoRecentDocsHistory"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoAddingComponents"=1 "NoComponents"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "CheckedValue"=1 "DefaultValue"=2 "HKeyRoot"=2147483649 "Id"=2 "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "ValueName"=Hidden [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer] "ActiveSetupDisabled"=0 "ActiveSetupTaskOverride"=1 "AsyncRunOnce"=1 "AsyncUpdatePCSettings"=1 "DisableAppInstallsOnFirstLogon"=1 "DisableResolveStoreCategories"=1 "DisableUpgradeCleanup"=1 "EarlyAppResolverStart"=1 "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "FSIASleepTimeInMs"=60000 "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "IconUnderline"=2 "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "MachineOobeUpdates"=1 "NoWaitOnRoamingPayloads"=1 "TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd} "GlobalAssocChangedCounter"=37 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_TrackDocs"=1 "TaskbarSizeMove"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s ---------- | Winlogon [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin;OneDrive;Work Folders "PUUActive"=0x0EFB17D0040002005E00560136F30F003118110031181100D2000000020028000E1DDDA0072A46008FF41800986A0900FC380800A74E030000000000AC9513005C62000067060000F30C136C3D1CD401FBF66800000000000100000099443E00EE42000074DD00000FAD960000000000 "BuildNumber"=17134 "FirstLogon"=0 "DP"=0xD200E80062000200610000000EFB17D00000000000000000A75FA270831CD401A75FA270831CD401000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000F03F8051010019BE008084000249840902590C490180AB844008AB84400C888E00001C00341D1C00343D80C20080402040245038402460EE0080E2078C12EA078E5BA1D3008000C5803440C58074697C0080B65A600CB6DB684C0D4601805060405050604058F8E200804400640946846409C4CD00C0C410820ACE50A20AFB4D008008084F6308084F77 "ParseAutoexec"=1 [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "AutoRestartShell"=1 "Background"=0 0 0 "CachedLogonsCount"=10 "DebugServerCommand"=no "DefaultDomainName"= "DisableBackButton"=1 "EnableSIHostIntegration"=1 "ForceUnlockLogon"=0 "LegalNoticeCaption"= "LegalNoticeText"= "PasswordExpiryWarning"=5 "PowerdownAfterShutdown"=0 "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "ReportBootOk"=1 "Shell"=explorer.exe "ShellCritical"=0 "ShellInfrastructure"=sihost.exe "SiHostCritical"=0 "SiHostReadyTimeOut"=0 "SiHostRestartCountLimit"=0 "SiHostRestartTimeGap"=0 "VMApplet"=SystemPropertiesPerformance.exe /pagefile "WinStationsDisabled"=0 "scremoveoption"=0 "LastLogOffEndTimePerfCounter"=348784499852 "ShutdownFlags"=7 "Userinit"=C:\WINDOWS\System32\userinit.exe, "DisableCad"=1 "DisableLockWorkstation"=0 "AutoAdminLogon"=0 "DefaultUserName"=admin "IsConnectedAutoLogon"=0 "EnableFirstLogonAnimation"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon] "DefaultDomainName"= "DefaultUserName"= "EnableSIHostIntegration"=1 "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "Shell"=explorer.exe "ShellCritical"=0 "SiHostCritical"=0 "SiHostReadyTimeOut"=0 "SiHostRestartCountLimit"=0 "SiHostRestartTimeGap"=0 "Userinit"=C:\WINDOWS\system32\userinit.exe [12/04/2018 01:34:22] ---------- | Associations [HKLM\Software\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\Classes\.com] ""=comfile [HKLM\Software\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.reg] ""=regfile [HKLM\Software\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\Classes\.scr] ""=scrfile [HKLM\Software\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\Classes\.bat] ""=batfile [HKLM\Software\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.cmd] ""=cmdfile [HKLM\Software\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.pif] ""=piffile [HKLM\Software\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.inf] ""=inffile [HKLM\Software\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\Classes\.url] ""=InternetShortcut [HKLM\Software\Classes\.lnk] ""=lnkfile [HKLM\Software\Classes\.hta] ""=htafile "Content Type"=application/hta "PerceivedType"=text [HKLM\Software\Classes\htafile\Shell\Open\Command] ""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* [HKLM\Software\Classes\InternetShortcut] "EditFlags"=2 "FriendlyTypeName"=@C:\WINDOWS\system32\ieframe.dll,-10046 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "NeverShowExt"= "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment ""=Raccourci Internet [HKLM\Software\Classes\Application.Manifest] ""=Application Manifest "BrowserFlags"=4096 "EditFlags"=4259840 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200 [HKLM\Software\Classes\Application.Reference] ""=Application Reference "EditFlags"=131072 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201 "IsShortcut"= "NeverShowExt"= [HKLM\Software\Classes\Folder] ""=Folder "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeLayoutPatternForSearch"=alpha "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.HomeGroupSharingStatus [HKLM\Software\WOW6432Node\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\WOW6432Node\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\WOW6432Node\Classes\.com] ""=comfile [HKLM\Software\WOW6432Node\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.reg] ""=regfile [HKLM\Software\WOW6432Node\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\WOW6432Node\Classes\.scr] ""=scrfile [HKLM\Software\WOW6432Node\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\WOW6432Node\Classes\.bat] ""=batfile [HKLM\Software\WOW6432Node\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.cmd] ""=cmdfile [HKLM\Software\WOW6432Node\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.pif] ""=piffile [HKLM\Software\WOW6432Node\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.inf] ""=inffile [HKLM\Software\WOW6432Node\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\WOW6432Node\Classes\.url] ""=InternetShortcut [HKLM\Software\WOW6432Node\Classes\.lnk] ""=lnkfile [HKLM\Software\WOW6432Node\Classes\.hta] ""=htafile "Content Type"=application/hta "PerceivedType"=text [HKLM\Software\WOW6432Node\Classes\htafile\Shell\Open\Command] ""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* [HKLM\Software\WOW6432Node\Classes\InternetShortcut] "EditFlags"=2 "FriendlyTypeName"=@C:\WINDOWS\system32\ieframe.dll,-10046 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "NeverShowExt"= "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment ""=Raccourci Internet [HKLM\Software\WOW6432Node\Classes\Application.Manifest] ""=Application Manifest "BrowserFlags"=4096 "EditFlags"=4259840 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200 [HKLM\Software\WOW6432Node\Classes\Application.Reference] ""=Application Reference "EditFlags"=131072 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201 "IsShortcut"= "NeverShowExt"= [HKLM\Software\WOW6432Node\Classes\Folder] ""=Folder "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeLayoutPatternForSearch"=alpha "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.HomeGroupSharingStatus [HKLM\Software\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\Shell\open\Command] ""="C:\Program Files\Mozilla Firefox\firefox.exe" [HKLM\Software\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\InstallInfo] "ReinstallCommand"="C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""=C:\Program Files\Internet Explorer\iexplore.exe [12/04/2018 18:19:11] [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\Shell\open\Command] ""="C:\Program Files\Mozilla Firefox\firefox.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\InstallInfo] "ReinstallCommand"="C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""=C:\Program Files\Internet Explorer\iexplore.exe [12/04/2018 18:19:11] [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall ---------- | AppcompatFlags [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted] "D:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\upc.exe"=32 [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store] "SIGN.MEDIA=CCF62 Utils\Win10\UpdateInstaller.exe"=0x5341435001000000000000000700000028000000006606000000000001000000000000000000000A0021000033504C2B57DFD101000000800000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000007E050000000000000100000001000000 "SIGN.MEDIA=FEDD1FD8 Utils\tweak-ssd-v2-setup.exe"=0x5341435001000000000000000700000028000000D097D700C0D0D70001000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000554D0000000000000100000001000000 "SIGN.MEDIA=FEDD1FD8 Utils\375.95-desktop-win10-64bit-international-whql.exe"=0x5341435001000000000000000700000028000000D8F55917BF395A170100000000000000000002060001000033504C2B57DFD1010000000000000000 "C:\Users\admin\Downloads\Firefox Setup Stub 50.0.exe"=0x5341435001000000000000000700000028000000F8B70300B31B040001000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000E7FC1200000000000100000001000000 "C:\Users\admin\Downloads\avast_free_antivirus_setup_online.exe"=0x534143500100000000000000070000002800000080A96000747E610001000000000000000000000A0021000033504C2B57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000005D410A00000000000100000001000000 "C:\Users\admin\Downloads\uTorrent.exe"=0x5341435001000000000000000700000028000000C0AC2400001C250001000000000000000000000A0021000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000007F25CB00000000000200000002000000 "C:\Users\admin\Downloads\BitComet_1.44_setup.exe"=0x534143500100000000000000070000002800000060F6F8009371F90001000000000000000000000A0021000033504C2B57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000002DC3C300000000000100000001000000 "C:\Program Files\BitComet\BitComet.exe"=0x534143500100000000000000070000002800000078E60B0123840C0101000000000000000000000A73220000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000009E7A9A0A000000002A0100002A010000 "C:\Users\admin\Downloads\wrar540.exe"=0x5341435001000000000000000700000028000000C8181E00491A1E0001000000000000000000000A0021000033504C2B57DFD10100000080000000000200000028000000000000000000004000000000000000000000000000000000AF3E0000000000000100000001000000 "C:\Users\admin\Downloads\MinecraftInstaller.msi"=0x534143500100000000000000070000002800000000FE00009EC4010001000000000000000000010500100000D5B3B31A57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000FDAF0C00000000000200000002000000 "C:\Users\admin\Downloads\MinecraftMetro2033Installer.exe"=0x5341435001000000000000000700000028000000B3F9D03747C8060001000000000000000000000A7120000033504C2B57DFD101000000000000000002000000280000000000000000080040000000000000000000000000000000009E670100000000000300000003000000 "C:\Users\admin\Downloads\JavaSetup8u111.exe"=0x534143500100000000000000070000002800000040400B00A6CF0B0001000000000000000000000A7122000033504C2B57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000000FB30E00000000000200000002000000 "C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"=0x534143500100000000000000070000002800000000A04100B444420001000000010000000000000A7122000033504C2B57DFD1010000000000000000 "C:\Users\admin\Downloads\vlc-2.2.4-win32.exe"=0x534143500100000000000000070000002800000038E8D1015414D2010100000000000000000001060001000033504C2B57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000007C510000000000000100000001000000 "C:\Users\admin\Desktop\TechnicLauncher.exe"=0x5341435001000000000000000700000028000000C83E48000000000001000000000000000000000A71200000BFA2139DEDD1D30100000000000000000200000028000000000000008000000000000000000000000000000000000000B446AD00000000000900000009000000 "C:\Users\admin\Downloads\CurseClientSetup_[plugin-Minecraft].exe"=0x5341435001000000000000000700000028000000D88FFD04E89CFD040100000000000000000003060001000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000A4450000000000000100000001000000 "C:\Users\admin\Downloads\jdk-8u111-windows-x64.exe"=0x5341435001000000000000000700000028000000382E2A0C1E5E2A0C01000000000000000000000A73220000D5B3B31A57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000FFB80000000000000100000001000000 "SIGN.MEDIA=344308 setup.exe"=0x534143500100000000000000070000002800000060C70A0078C10B000100000000000000000000067100000033504C2B57DFD101000000000000000002000000280000000000000000080040000000000000000000000000000000006A2C0100000000000100000001000000 "C:\Users\admin\Downloads\DTLiteInstaller.exe"=0x5341435001000000000000000700000028000000688F0A0077280B000100000000000000000001060001000033504C2B57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000001DE90601000000000100000001000000 "C:\Program Files\DAEMON Tools Lite\DTAgent.exe"=0x5341435001000000000000000700000028000000C0BE4700E1EA470001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000B338000000000000AE000000AE000000 "SIGN.MEDIA=3053B74A setup.exe"=0x5341435001000000000000000700000028000000D83C3D00000000000100000000000000000001060001000033504C2B57DFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000039C80500000000000100000001000000 "C:\Users\admin\Desktop\VoidLauncher.exe"=0x5341435001000000000000000700000028000000146EC6010CBE040001000000000000000000000A7120000033504C2B57DFD10100000000000000000200000028000000000000008000000000000000000000000000000000000000D093E700000000000100000001000000 "SIGN.MEDIA=50AB9411 setup.exe"=0x53414350010000000000000007000000280000009B3959000000000001000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000C68B0000000000000100000001000000 "C:\Users\admin\Downloads\Nexus Mod Manager-0.63.11.exe"=0x5341435001000000000000000700000028000000F0846200768D620001000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000A3CA0000000000000100000001000000 "C:\Users\admin\Downloads\AutoHotkey_1.1.24.04_setup.exe"=0x5341435001000000000000000700000028000000CE952F00EF67010001000000000000000000000A0021000033504C2B57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000002E490000000000000100000001000000 "SIGN.MEDIA=7A301D80 setup.exe"=0x5341435001000000000000000700000028000000209B4B00000000000100000000000000000001060001000033504C2B57DFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000037CF0000000000000100000001000000 "C:\Program Files\DAEMON Tools Lite\DTLauncher.exe"=0x5341435001000000000000000700000028000000C00C30009BCC300001000000000000000000000A73220000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000B5618801000000001C0000001C000000 "SIGN.MEDIA=C0FAB4D setup.exe"=0x5341435001000000000000000700000028000000FA5F3400000000000100000000000000000001060001000033504C2B57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000004BFC0800000000000100000001000000 "SIGN.MEDIA=9025EF8C setup.exe"=0x534143500100000000000000070000002800000078624700000000000100000000000000000001060001000033504C2B57DFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000061981F00000000000100000001000000 "C:\Users\admin\AppData\Roaming\Curse Client\Bin\Curse.exe"=0x5341435001000000000000000700000028000000880D11008E9D110001000000000000000000000AF1220000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000B7E14800000000000400000004000000 "SIGN.MEDIA=834358D1 setup.exe"=0x5341435001000000000000000700000028000000419009000000000001000000000000000000000A0021000033504C2B57DFD101000000000000000002000000500000000000000000000000000000000000000000000000000000008CAF0600000000000200000001000000000000008000000000000000000000000000000000000000ED2B0B00000000000100000000000000 "C:\Users\admin\Downloads\VTMBup96fr.exe"=0x5341435001000000000000000700000028000000C479521A000000000100000000000000000002060001000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000455A2100000000000100000001000000 "C:\Users\admin\Downloads\setup-istripper.exe"=0x534143500100000000000000070000002800000070E6BE011813BF0101000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000A12D6400000000000200000002000000 "SIGN.MEDIA=EBB1698B setup.exe"=0x53414350010000000000000007000000280000001A7308000000000001000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000C5571700000000000200000002000000 "SIGN.MEDIA=246224DB Autorun.exe"=0x534143500100000000000000070000002800000000100B00000000000100000000000000000001057120000033504C2B57DFD1010000000000000000050000001000000000000000000000000000000080080000020000002800000000000000800800500000000000000000000000000000000064BB0600000000000200000002000000 "C:\Users\admin\Downloads\LotrBfMe2-65542-french.exe"=0x53414350010000000000000007000000280000004B569701000000000100000000000000000001055100000033504C2B57DFD10100000000000000000200000028000000000000000008005000000000000000000000000000000000033E0000000000000100000001000000 "C:\Users\admin\Downloads\BfME_Startup_Fixxer.exe"=0x534143500100000000000000070000002800000000A2010000000000010000000000000000000206F102000033504C2B57DFD101000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000001C250000000000000100000001000000 "SIGN.MEDIA=7B8F5483 setup.exe"=0x5341435001000000000000000700000028000000DBB22F00000000000100000000000000000001060001000033504C2B57DFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000052CD0000000000000100000001000000 "C:\Users\admin\Downloads\Apache_OpenOffice_4.1.3_Win_x86_install_fr.exe"=0x534143500100000000000000070000002800000066CAE3070000000001000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000F7A20000000000000100000001000000 "C:\Program Files (x86)\OpenOffice 4\program\swriter.exe"=0x5341435001000000000000000700000028000000009601002029020001000000000000000000000A71220000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000006016401000000004600000046000000 "C:\Users\admin\Downloads\UplayInstaller.exe"=0x5341435001000000000000000700000028000000E89DC50394EAC50301000000000000000000000A0021000033504C2B57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000007EFAE600000000000100000001000000 "SIGN.MEDIA=CFA38258 setup.exe"=0x5341435001000000000000000700000028000000D39288000000000001000000000000000000000A0021000033504C2B57DFD1010000000000000000020000002800000000000000800000000000000000000000000000000000000035E60100000000000100000001000000 "SIGN.MEDIA=841F0E46 setup.exe"=0x534143500100000000000000070000002800000085EE62000000000001000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000008000000000000000000000000000000000000000132A1600000000000100000001000000 "C:\Users\admin\Downloads\ccsetup527.exe"=0x534143500100000000000000070000002800000030528D00A9B48D0001000000000000000000000A0021000033504C2B57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000004258D702000000000100000001000000 "SIGN.MEDIA=67908F99 Setup.exe"=0x534143500100000000000000070000002800000063D814000000000001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000F63C0400000000000200000002000000 "SIGN.MEDIA=2706B6 Autorun.exe"=0x534143500100000000000000070000002800000000C20900000000000100000000000000000001067100000033504C2B57DFD10100000000000000000500000010000000000000000000000000000106A0000000020000002800000000000106A000006000000000000000000000000000000000841A0200000000000100000001000000 "C:\Program Files\NVIDIA Corporation\Control Panel Client\nvcplui.exe"=0x5341435001000000000000000700000028000000C089C200011EC30001000000000000000000000A73220000D5B3B31A57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000E23A0100000000000100000001000000 "C:\Users\admin\Downloads\dolphin-x64-5.0.exe"=0x534143500100000000000000070000002800000058E82601DA9927010100000000000000000001060001000033504C2B57DFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000049760000000000000100000001000000 "SIGN.MEDIA=157C00 Crack Setup.exe"=0x5341435001000000000000000700000028000000007C15000000000001000000000000000000000A7122000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000EF510200000000000100000001000000 "C:\Users\admin\Downloads\adwcleaner_6.044.exe"=0x5341435001000000000000000700000028000000D0833D00422A3E0001000000000000000000000A0021000033504C2B57DFD1010000000000000000 "D:\Program Files (x86)\Cheat 'O Matic\OMATIC.EXE"=0x5341435001000000000000000700000028000000009204000000000001000000000000000000010541200000BFA2139DEDD1D3010000000000000000050000001000000000000000000000000000000020000000020000007800000000000000200000600000020000000000000000000000000030CD5300000000001200000012000000000000000000004000000000000000000000000000000000CFDD2700000000000500000000000000000000000000000000000000000000000000000000000000C1012F00000000003E00000000000000 "D:\Program Files (x86)\Druide\Antidote 8\Programmes64\GesAnt.exe"=0x534143500100000000000000050000001000000000000000000000000000000000000000070000002800000000080700F372070001000000000000000000020673220000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000DB960800000000005802000058020000 "D:\Program Files (x86)\Druide\Antidote 8\Programmes64\Antidote.exe"=0x53414350010000000000000007000000280000000098670015AA670001000000000000000000020673020000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000001B588302000000001C0000001C000000 "SIGN.MEDIA=25AA007 autorun.exe"=0x534143500100000000000000070000002800000000B21700000000000100000000000000000000066120000033504C2B57DFD1010000000000000000020000002800000000000000800000000000000000000000000000000000000042940300000000000100000001000000 "C:\Program Files\Windows NT\Accessories\wordpad.exe"=0x534143500100000000000000070000002800000000AC44007880450001000000010000000000000A73220000D5B3B31A57DFD1010000000000000000 "SIGN.MEDIA=A5534DF setup.exe"=0x53414350010000000000000007000000280000008C3C3D00000000000100000000000000000001060001000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000F5E60000000000000100000001000000 "C:\Users\admin\Downloads\SkypeSetup.exe"=0x5341435001000000000000000700000028000000D8E518006643190001000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000626B0200000000000100000001000000 "C:\Users\admin\Downloads\hamachi.msi"=0x534143500100000000000000070000002800000000E40000F2B301000100000000000000000001050010000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000C7760000000000000100000001000000 "SIGN.MEDIA=3378C6E OriginSetup.exe"=0x5341435001000000000000000700000028000000004266000000000001000000000000000000000A61200000DB80FDAC2839D3010000000000000000020000002800000000000000000800400000000000000000000000000000000053BA1800000000000200000002000000 "C:\Users\admin\Downloads\OriginThinSetup.exe"=0x534143500100000000000000070000002800000000F74103384D420301000000000000000000000A0021000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000082500D00000000000100000001000000 "C:\Program Files\Common Files\EAInstaller\Mass Effect Andromeda\Cleanup.exe"=0x5341435001000000000000000700000028000000E0E90D0022110E0001000000000000000000020600010000DB80FDAC2839D30100000000000000000200000050000000000000000000004000000000000000000000000000000000A6280000000000000100000001000000000000000000000000000000000000000000000000000000041C0000000000000100000000000000 "SIGN.MEDIA=46CC62 OriginInstaller.exe"=0x534143500100000000000000070000002800000000DC080000000000010000000000000000000106F122000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000024B70800000000000100000001000000 "SIGN.MEDIA=D1FC9810 autorun.exe"=0x534143500100000000000000070000002800000088822F009F0030000100000000000000000000067102000033504C2B57DFD10100000000000000000200000028000000000000008000000000100200000000000000000000000000CB3F0600000000000300000003000000 "SIGN.MEDIA=157A22B0 Crack\keygen.exe"=0x5341435001000000000000000700000028000000000A0B00000000000100000000000000000001067122000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000C2400000000000000100000001000000 "SIGN.MEDIA=157A22B0 Crack\avatar_1.01_americas_europe.exe"=0x53414350010000000000000007000000280000005894B80ABFB3B80A0100000000000000000000067102000033504C2B57DFD1010000000000000000020000002800000000000000000000400010020000000000000000000000000065670000000000000200000002000000 "SIGN.MEDIA=A59A1DC9 setup.exe"=0x534143500100000000000000070000002800000003784100000000000100000000000000000001060001000033504C2B57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000001EF00300000000000100000001000000 "SIGN.MEDIA=36F4B3F4 setup.exe"=0x53414350010000000000000007000000280000008BAA0A00000000000100000000000000000003060001000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000008FD80300000000000100000001000000 "C:\Users\admin\Downloads\2010-10-16-Space_Hulk_Mod_1_3_0(1).exe"=0x534143500100000000000000070000002800000002E23D0C000000000100000000000000000001060001000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000005C9F0000000000000100000001000000 "SIGN.MEDIA=834C8CD1 setup.exe"=0x5341435001000000000000000700000028000000FCC40C000000000001000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000F8400F00000000000100000001000000 "SIGN.MEDIA=37AD8138 setup.exe"=0x5341435001000000000000000700000028000000FB774100000000000100000000000000000001060001000033504C2B57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000007F4A1200000000000100000001000000 "SIGN.MEDIA=E6CAF326 setup.exe"=0x5341435001000000000000000700000028000000B21B1C00000000000100000000000000000003060001000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000F1651300000000000100000001000000 "SIGN.MEDIA=752E883A Setup.exe"=0x5341435001000000000000000700000028000000ECC213000000000001000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000D36D0200000000000100000001000000 "C:\Users\admin\Downloads\NarutoZero.exe"=0x53414350010000000000000007000000280000006134AF27000000000100000000000000000001060001000033504C2B57DFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000074C40100000000000100000001000000 "C:\Program Files (x86)\OpenOffice 4\program\soffice.exe"=0x5341435001000000000000000700000028000000001A9600A653960001000000000000000000000A71220000E63F486B2AA0D2010000000000000000020000002800000000000000000000100000000000000000000000000000000037B80600000000000400000004000000 "C:\Users\admin\Downloads\setup-istripper_1fxiHbJDVm61ib5K.exe"=0x534143500100000000000000070000002800000088D2C9017F43CA0101000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000A1090400000000000100000001000000 "C:\Users\admin\Downloads\DiscordSetup.exe"=0x534143500100000000000000070000002800000000E821039A2222030100000000000000000003060001000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000009C0D0000000000000100000001000000 "C:\Users\admin\Downloads\DiscordSetup(1).exe"=0x534143500100000000000000070000002800000000E821039A2222030100000000000000000003060001000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000FD0A0000000000000100000001000000 "C:\Users\admin\Downloads\DiscordSetup(2).exe"=0x534143500100000000000000070000002800000000E821039A2222030100000000000000000003060001000033504C2B57DFD10100000000000000000200000050000000000000000000000000000000000000000000000000000000FE0700000000000001000000010000000000000000000040000000000000000000000000000000005E000000000000000100000000000000 "C:\Users\admin\Downloads\DiscordSetup(4).exe"=0x534143500100000000000000070000002800000000E821039A2222030100000000000000000003060001000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000480EE300000000000100000001000000 "C:\Users\admin\Downloads\NarutoOnline_fr_2.4.0.7171_oas.exe"=0x5341435001000000000000000700000028000000180C5102878051020100000000000000000001060001000033504C2B57DFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000042512300000000000100000001000000 "C:\Users\admin\Downloads\Install_ESO.exe"=0x5341435001000000000000000700000028000000407AED086CA6ED0801000000000000000000000A0021000033504C2B57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000003A2E3A00000000000100000001000000 "C:\Users\admin\Downloads\mb_warband_setup_1153(1).exe"=0x53414350010000000000000007000000280000002AB7A824000000000100000000000000000000067100000033504C2B57DFD10100000000000000000200000028000000000000000008004000000000000000000000000000000000A4A80000000000000100000001000000 "C:\Users\admin\Downloads\Nexus Mod Manager-0.63.14.exe"=0x534143500100000000000000070000002800000088486200CBF1620001000000000000000000000A0021000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000040EA0A00000000000100000001000000 "C:\Users\admin\Downloads\Install_ESO(1).exe"=0x5341435001000000000000000700000028000000407AED086CA6ED0801000000000000000000000A0021000033504C2B57DFD1010000000000000000 "SIGN.MEDIA=94606647 setup.exe"=0x5341435001000000000000000700000028000000D7784100000000000100000000000000000001060001000033504C2B57DFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000042961100000000000100000001000000 "SIGN.MEDIA=2422A120 setup.exe"=0x53414350010000000000000007000000280000006FCC2F00000000000100000000000000000001060001000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000D79E0500000000000100000001000000 "SIGN.MEDIA=78B20E58 setup.exe"=0x5341435001000000000000000700000028000000E0774100000000000100000000000000000001060001000033504C2B57DFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000028E90000000000000100000001000000 "SIGN.MEDIA=352DC357 setup.exe"=0x534143500100000000000000070000002800000000293B000000000001000000000000000000000A00210000E63F486B2AA0D201000000000000000002000000280000000000000000000000000000000000000000000000000000005D2A0300000000000200000002000000 "SIGN.MEDIA=42A8413B Setup.exe"=0x5341435001000000000000000700000028000000FCF50A000000000001000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000C4A00000000000000100000001000000 "SIGN.MEDIA=CA66C6F6 setup.exe"=0x53414350010000000000000007000000280000001B784100000000000100000000000000000001060001000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000C7410100000000000100000001000000 "SIGN.MEDIA=7D3E3734 Setup.exe"=0x534143500100000000000000070000002800000003F60A000000000001000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000B3300700000000000100000001000000 "SIGN.MEDIA=5E98614 setup.exe"=0x53414350010000000000000007000000280000005CFE0600000000000100000000000000000001060001000033504C2B57DFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000022DC0100000000000100000001000000 "C:\Users\admin\Downloads\setupLDD-PC-4_3_10.exe"=0x534143500100000000000000070000002800000050B76B1115F06B110100000000000000000000067102000033504C2B57DFD10100000000000000000200000028000000000000008000004000000000000000000000000000000000C9F60C00000000000100000001000000 "SIGN.MEDIA=DBE0AEA2 setup.exe"=0x534143500100000000000000070000002800000048A526021B2B27020100000000000000000003060001000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000B9500800000000000100000001000000 "C:\Users\admin\Downloads\crossout_launcher_1.0.3.11.exe"=0x534143500100000000000000070000002800000028534300B018440001000000000000000000000A0021000033504C2B57DFD1010000000000000000 "SIGN.MEDIA=A0AED4BA setup.exe"=0x5341435001000000000000000700000028000000D8550F000000000001000000000000000000010600010000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000E83A0300000000000200000002000000 "C:\Program Files\DAEMON Tools Lite\DTLite.exe"=0x5341435001000000000000000700000028000000C0B2280043D0280001000000000000000000000A80210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000A4053000000000003D0000003D000000 "SIGN.MEDIA=1B32B040 setup_legend_of_grimrock_1.0.0.6.exe"=0x53414350010000000000000007000000280000002CB0321B0000000001000000000000000000010661220000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000017C20000000000000100000001000000 "SIGN.MEDIA=1297139E setup.exe"=0x5341435001000000000000000700000028000000F85F34000000000001000000000000000000010600010000E63F486B2AA0D20100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000CE670100000000000300000003000000 "C:\Users\admin\Downloads\CK2-icefiremod_setup_1.3.2.exe"=0x5341435001000000000000000700000028000000CCD3AB0E0000000001000000000000000000000A00210000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000044760100000000000100000001000000 "SIGN.MEDIA=4086D74F setup.exe"=0x53414350010000000000000007000000280000005B5843000000000001000000000000000000000A00210000E63F486B2AA0D201000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000000000000000000000000000000000000008E1F0000000000000100000001000000 "SIGN.MEDIA=7F4CF27 setup.exe"=0x5341435001000000000000000700000028000000C63C3D000000000001000000000000000000010600010000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000ABC60000000000000100000001000000 "SIGN.MEDIA=25500873 setup.exe"=0x5341435001000000000000000700000028000000DABD09000000000001000000000000000000010600010000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000982D0000000000000100000001000000 "C:\Users\admin\Downloads\La Princesse Oubliée 3.7.2.exe"=0x53414350010000000000000007000000280000009DCB9F0E2D3A030001000000000000000000010671020000E63F486B2AA0D201000000000000000002000000280000000000000000000040000000000000000000000000000000005B9A0000000000000100000001000000 "C:\Users\admin\Downloads\paint-net\Paint.NET.3.5.10.Install.exe"=0x534143500100000000000000070000002800000000523900D488390001000000000000000000010600210000E63F486B2AA0D2010000000000000000020000002800000000000000000000500000000000000000000000000000000053E70000000000000100000001000000 "D:\Program Files\Paint.NET\PaintDotNet.exe"=0x534143500100000000000000070000002800000060420E0076760E0001000000000000000000010680210000E78E163C2AA0D2010000000000000000020000002800000000000000000000100000000000000000000000000000000032E30C00000000000200000002000000 "D:\Program Files (x86)\Steam\steamapps\common\FTL Faster Than Light\Slipstream Mod Manager v1.4-Win\modman.exe"=0x5341435001000000000000000700000028000000005C0000D126010001000000000000000000020671200000E63F486B2AA0D201000000000000000002000000280000000000000000000000001000000000000000000000000000007F2C0000000000000100000001000000 "C:\Program Files (x86)\Skype\Phone\Skype.exe"=0x5341435001000000000000000700000028000000E0F5A701CC87A80101000000000000000000000A00210000E63F486B2AA0D201000000000000000002000000280000000000000000000010000000000000000000000000000000002E780000000000000200000002000000 "C:\Users\admin\Downloads\PrtScrSetup.exe"=0x53414350010000000000000007000000280000005FC945000000000001000000000000000000020600010000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000018898102000000000100000001000000 "C:\Users\admin\Downloads\RPGVXAceFR-setup.exe"=0x534143500100000000000000070000002800000045BC840D0000000001000000000000000000010600010000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000CCA50200000000000100000001000000 "C:\Users\admin\Downloads\Unreal2_FrenchPatch13.exe"=0x53414350010000000000000007000000280000001202750A0000000001000000000000000000010671020000E63F486B2AA0D201000000800000000002000000280000000000000000000000000000000000000000000000000000005AD90300000000000100000001000000 "C:\Users\admin\Downloads\Floris254.exe"=0x5341435001000000000000000700000028000000468CF7460000000001000000000000000000010600010000E63F486B2AA0D201000000000000000002000000280000000000000000000000000000000000000000000000000000006D850300000000000100000001000000 "C:\Program Files (x86)\Origin\legacyPM\OriginLegacyCLI.exe"=0x534143500100000000000000070000002800000070AD0C00F9F30C0001000000000000000000010600010000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000020000000000000000600000006000000 "C:\Users\admin\Downloads\Install_ESO(2).exe"=0x5341435001000000000000000700000028000000B8CEF8089F22F90801000000000000000000000A00210000E63F486B2AA0D2010000000000000000020000002800000000000000000000400000000000000000000000000000000027400300000000000100000001000000 "D:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\upc.exe"=0x53414350010000000000000007000000280000005831860086D6860001000000000000000000000A71220000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000886E5301000000000100000001000000 "C:\Program Files\Microsoft Office\Office15\MSPUB.EXE"=0x53414350010000000000000007000000280000008852D700879DD70001000000000000000000010600010000BFA2139DEDD1D3010000009100000000 "C:\Program Files\Microsoft Office\Office15\WINWORD.EXE"=0x5341435001000000000000000700000028000000685E1D0042AA1D0001000000000000000000010600010000BFA2139DEDD1D3010000009100000000 "SIGN.MEDIA=2638B512 Win64\setup.exe"=0x5341435001000000000000000700000028000000F27741000000000001000000000000000000010600010000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000A9472400000000000100000001000000 "C:\Users\admin\Downloads\StarMade-starter.exe"=0x5341435001000000000000000700000028000000E86925005ED2250001000000000000000000000A71200000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000072390600000000000100000001000000 "SIGN.MEDIA=5080E10B setup.exe"=0x53414350010000000000000007000000280000001ABC09000000000001000000000000000000020600010000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000EE121000000000000100000001000000 "SIGN.MEDIA=28052 swgbg.exe"=0x5341435001000000000000000700000028000000008002000000000001000000000000000000010571200000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000040000000000000000000000000DE6C0100000000000300000003000000 "SIGN.MEDIA=28076 CloneCampaigns.exe"=0x5341435001000000000000000700000028000000008002000000000001000000000000000000010571200000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000004000000000000000000000000021E50D00000000000300000003000000 "C:\Program Files (x86)\Launcher MOD CSP-IRG\Launcher CSP-IRG.exe"=0x5341435001000000000000000700000028000000002609000000000001000000000000000000010680010000E63F486B2AA0D20100000000000000000200000028000000000000008000004000000000000000000000000000000000C7E21C00000000000800000008000000 "SIGN.MEDIA=167888E5 setup.exe"=0x5341435001000000000000000700000028000000C13C3D000000000001000000000000000000010600010000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000690F0500000000000100000001000000 "C:\Users\admin\Downloads\Diablo-III-Setup.exe"=0x5341435001000000000000000700000028000000F03B33003BBB330001000000000000000000000A00210000E63F486B2AA0D201000000000000000002000000280000000000000000000000000000000000000000000000000000007E42A000000000000100000001000000 "C:\Users\admin\Downloads\EpicGamesLauncherInstaller-5.0.1-3544582-fortnite-59c6b6659e864328881331c643f6a121.msi"=0x534143500100000000000000070000002800000000E80000D238010001000000000000000000010500100000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000B9590000000000000100000001000000 "C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe"=0x5341435001000000000000000700000028000000F0A51800CBE1180001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000BC680000000000000200000002000000 "SIGN.MEDIA=991E9B80 setup.exe"=0x53414350010000000000000007000000280000001C7841000000000001000000000000000000010600010000E63F486B2AA0D2010000000000000000020000002800000000000000000000400000000000000000000000000000000023D10500000000000100000001000000 "D:\Program Files (x86)\Steam\steamapps\common\MountBlade Warband\BattleSizer.exe"=0x5341435001000000000000000700000028000000A1CB0D000000000001000000000000000000010571000000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000020000000000000000000000000000A65C0000000000000600000006000000 "SIGN.MEDIA=9A1829A2 setup.exe"=0x534143500100000000000000070000002800000046CC2F000000000001000000000000000000010600010000E63F486B2AA0D201000000000000000002000000280000000000000000000040000000000000000000000000000000003FD20100000000000100000001000000 "C:\ProgramData\Origin\SelfUpdate\Staged\OriginThinSetupInternal.exe"=0x53414350010000000000000007000000280000005863430161B7430101000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000D73A0000000000000100000001000000 "C:\Users\admin\Downloads\forge-1.7.10-10.13.4.1558-1.7.10-installer-win.exe"=0x5341435001000000000000000700000028000000B3F33300DB06010001000000000000000000000A71200000E63F486B2AA0D201000000000000000002000000280000000000000000080040000000000000000000000000000000009EE50000000000000100000001000000 "SIGN.MEDIA=261E2CBE Autorun.exe"=0x534143500100000000000000070000002800000000D010000000000001000000000000000000010571200000E63F486B2AA0D2010000000000000000020000002800000000000000800000000000000000000000000000000000000011230800000000000100000001000000 "SIGN.MEDIA=27D540AC Autorun.exe"=0x534143500100000000000000070000002800000000D01000C735110001000000000000000000010571200000E63F486B2AA0D2010000000000000000020000002800000000000000800000000000000000000000000000000000000047890600000000000200000002000000 "SIGN.MEDIA=27A24870 Command and Conquer(TM) Generäle Die Stunde Null .msi"=0x53414350010000000000000007000000280000000002010013D4010001000000000000000000010500300000E78E163C2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000CC050000000000000100000001000000 "C:\Users\admin\Downloads\GeneralsZH-Patch104-french.exe"=0x5341435001000000000000000700000028000000D9FB18010000000001000000000000000000010551000000E63F486B2AA0D20100000080000000000500000010000000000000000000000000000000000800000200000028000000000000000008005000000000000000000000000000000000983A0000000000000300000003000000 "SIGN.MEDIA=8EDFC2E6 noautorun.exe"=0x5341435001000000000000000700000028000000009000000000000001000000000000000000010571200000E63F486B2AA0D201000000000000000002000000280000000000000000000000000000000000000000000000000000000F000000000000000100000001000000 "SIGN.MEDIA=27D540AC setup.exe"=0x5341435001000000000000000700000028000000D8FC4200250B430001000000000000000000010571200000E63F486B2AA0D20100000000000000000200000028000000000000000008004000000000000000000000000000000000E1ED0200000000000100000001000000 "C:\Users\admin\Downloads\CnC_SGU_setup_V2B1_131223.exe"=0x534143500100000000000000070000002800000004D287110000000001000000000000000000010600010000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000043B40200000000000200000002000000 "C:\Program Files (x86)\Common Files\InstallShield\Driver\7\Intel 32\IDriver.exe"=0x5341435001000000000000000700000028000000009009000000000001000000000000000000010571200000E63F486B2AA0D20100000000000000000200000028000000000000000008005000000000000000000000000000000000AF310000000000000200000002000000 "C:\Users\admin\Downloads\Star_Citizen_Launcher_Setup.exe"=0x534143500100000000000000070000002800000096CEA4060000000001000000000000000000000671000000E63F486B2AA0D2010000000000000000020000002800000000000000800800400000000000000000000000000000000002096E00000000000100000001000000 "C:\Program Files (x86)\Mozilla Firefox\minidump-analyzer.exe"=0x5341435001000000000000000700000028000000D015080085EC080001000000000000000000000A71200000E63F486B2AA0D201000000000000000002000000280000000000000000000000000000000000000000000000000000004E000000000000000500000005000000 "C:\Program Files (x86)\Origin\Origin.exe"=0x534143500100000000000000070000002800000040492F000B29300001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000B1217D00000000000200000002000000 "SIGN.MEDIA=2CF3B11B setup.exe"=0x5341435001000000000000000700000028000000F57741000000000001000000000000000000010600010000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000B94C0D00000000000100000001000000 "SIGN.MEDIA=EF33E7ED setup_absolver_1.02_118_(14540).exe"=0x534143500100000000000000070000002800000078460C0030140D0001000000000000000000000A00210000E63F486B2AA0D201000000000000000002000000280000000000000000000000000000000000000000000000000000006DCE0D00000000000100000001000000 "C:\Users\admin\Downloads\pfsx-setup-fr-10.12.1.exe"=0x534143500100000000000000070000002800000068BFA9000000000001000000000000000000000671000000E63F486B2AA0D20100000000000000000200000028000000000000000008004000000000000000000000000000000000C78D0700000000000100000001000000 "C:\Users\admin\Downloads\PLAYERUNKNOWNS BATTLEGROUNDS.exe"=0x5341435001000000000000000700000028000000A2678F005A51020001000000000000000000000A63200000E78E163C2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000093EE3200000000000100000001000000 "C:\Users\admin\Downloads\dolphin-x64-5.0(1).exe"=0x534143500100000000000000070000002800000058E82601DA99270101000000000000000000010600010000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000BD820000000000000100000001000000 "SIGN.MEDIA=82CE9 setup.exe"=0x5341435001000000000000000700000028000000E92C08000000000001000000000000000000000A00210000E63F486B2AA0D201000000000000000002000000280000000000000000000000000000000000000000000000000000003D413500000000000100000001000000 "SIGN.MEDIA=52638D0E setup.exe"=0x5341435001000000000000000700000028000000097841000000000001000000000000000000010600010000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000E0280100000000000100000001000000 "C:\Users\admin\Downloads\adwcleaner_7.0.2.1.exe"=0x5341435001000000000000000700000028000000D0DB7C00F1FE7C0001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000D9F50000000000000100000001000000 "C:\Users\admin\Downloads\Breaking_Point_Launcher.exe"=0x5341435001000000000000000700000028000000A760ED0124BF160001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000008000004000000000000000000000000000000000B4930000000000000100000001000000 "C:\Users\admin\Downloads\setup-istripper_3kpLqShy2NrdDngc.exe"=0x534143500100000000000000070000002800000040DECD012947CE0101000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000ACF11200000000000100000001000000 "SIGN.MEDIA=264C1FBC setup.exe"=0x534143500100000000000000070000002800000059DF2A000000000001000000000000000000010600010000E63F486B2AA0D2010000000000000000020000002800000000000000000000400000000000000000000000000000000010CF0500000000000100000001000000 "SIGN.MEDIA=DF934E9E setup.exe"=0x5341435001000000000000000700000028000000EE4C2D000000000001000000000000000000030600010000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000090EF0000000000000100000001000000 "D:\Program Files (x86)\FileZilla FTP Client\filezilla.exe"=0x5341435001000000000000000700000028000000A80EC800791BC80001000000000000000000000A00210000E78E163C2AA0D201000000000000000002000000280000000000000000000000000000000000000000000000000000005FD81700000000000800000008000000 "C:\Users\admin\Downloads\Evernote_6.7.4.5741.exe"=0x5341435001000000000000000700000028000000809D3C06C4833D0601000000000000000000000A71220000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000077247500000000000100000001000000 "D:\Program Files (x86)\Evernote\Evernote\Evernote.exe"=0x5341435001000000000000000700000028000000808D4801A60B490101000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000A20E5300000000000100000001000000 "C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE"=0x5341435001000000000000000700000028000000806C920151C7920101000000000000000000010600010000BFA2139DEDD1D3010000009100000000 "D:\RAM Cheat\RAMCheat.exe"=0x534143500100000000000000070000002800000000C201000000000001000000000000000000010541200000E63F486B2AA0D20100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000A4380000000000000100000001000000 "SIGN.MEDIA=A54B3968 setup.exe"=0x534143500100000000000000070000002800000008C83F000000000001000000000000000000030600010000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000369F0500000000000200000002000000 "SIGN.MEDIA=528D6BD0 setup.exe"=0x53414350010000000000000007000000280000007FF989000000000001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000F04F0100000000000100000001000000 "SIGN.MEDIA=9AD94 setup.exe"=0x5341435001000000000000000700000028000000C48D09000000000001000000000000000000030600210000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000067B40100000000000100000001000000 "SIGN.MEDIA=64125850 setup.exe"=0x5341435001000000000000000700000028000000AEEA94000000000001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000556E0100000000000100000001000000 "C:\Users\admin\Downloads\mb3-setup-35891.35891-3.2.2.2029-1.0.207-1.0.2899.exe"=0x5341435001000000000000000700000028000000D8BB3C0482643D0401000000000000000000000A00210000E63F486B2AA0D201000000000000000002000000280000000000000000000000000000000000000000000000000000006D980200000000000100000001000000 "C:\Users\admin\Downloads\ToolBarSD.exe"=0x5341435001000000000000000700000028000000EC3B05000000000001000000000000000000010571000000E63F486B2AA0D20100000000000000000500000010000000000000000000000000000000000800000200000028000000000000000008004000002000000000000000200000000000AD050000000000000200000002000000010000000400000001000000 "SIGN.MEDIA=98CD6FCD setup.exe"=0x5341435001000000000000000700000028000000726247000000000001000000000000000000010600010000E63F486B2AA0D2010000000000000000020000002800000000000000000000400000000000000000000000000000000021DE0C00000000000300000003000000 "SIGN.MEDIA=8D5ACFEA stp-mplus.exe"=0x53414350010000000000000007000000280000009423CC000000000001000000000000000000010600010000E63F486B2AA0D2010000000000000000020000002800000000000000000000400000000000000000000000000000000031810100000000000100000001000000 "C:\Users\admin\Downloads\setup.exe"=0x53414350010000000000000007000000280000002019260018A5260001000000000000000000010600010000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000792D0000000000000100000001000000 "D:\Fraps\fraps.exe"=0x534143500100000000000000070000002800000010C32800DD62290001000000000000000000000A71220000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000FA41AF01000000000600000006000000 "C:\Users\admin\Downloads\avast_free_antivirus_setup_online(1).exe"=0x5341435001000000000000000700000028000000F08B65007099650001000000000000000000000A00210000E63F486B2AA0D201000000000000000002000000280000000000000000000040000000000000000000000000000000000F290100000000000100000001000000 "C:\Users\admin\AppData\Local\vghd\bin\unins000.exe"=0x5341435001000000000000000700000028000000E0551200E6F8120001000000000000000000000A00210000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000074330000000000000100000001000000 "C:\Users\admin\Downloads\PANDAFREEAV.exe"=0x5341435001000000000000000700000028000000F8361E00C1531E0001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000F01B0100000000000200000002000000 "SIGN.MEDIA=EA3AA223 Setup.exe"=0x53414350010000000000000007000000280000005D6411000000000001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000C73F0700000000000100000001000000 "C:\Users\admin\Downloads\PANDAGP.exe"=0x534143500100000000000000070000002800000050BD1B00EBCF1B0001000000000000000000000A00210000E63F486B2AA0D2010000000000000000020000002800000000000000000000400000000000000000000000000000000099820100000000000200000002000000 "C:\Users\admin\Downloads\driverfusionfreesetup.exe"=0x5341435001000000000000000700000028000000632FA1010000000001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000E8590000000000000100000001000000 "C:\Users\admin\Downloads\driver-booster-5-0-3-360.exe"=0x5341435001000000000000000700000028000000802611017EF7110101000000000000000000000A00210000E63F486B2AA0D201000000000000000002000000280000000000000000000000000000000000000000000000000000002A510400000000000100000001000000 "D:\Program Files (x86)\Steam\steamapps\common\Stalker Call of Pripyat\bin\xrEngine.exe"=0x534143500100000000000000070000002800000018031E0068AA1E0001000000000000000000000671020000E63F486B2AA0D20100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000F76B0700000000000700000007000000 "SIGN.MEDIA=B8F41F64 setup.exe"=0x5341435001000000000000000700000028000000DE7741000000000001000000000000000000010600010000DB80FDAC2839D301000000000000000002000000280000000000000000000040000000000000000000000000000000002AE60000000000000200000002000000 "C:\Users\admin\Downloads\avast_free_antivirus_setup_online(3).exe"=0x5341435001000000000000000700000028000000F08B65007099650001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000A4530200000000000100000001000000 "C:\Users\admin\Desktop\Cold_Turkey_Writer_Free.exe"=0x5341435001000000000000000700000028000000C8BE04007865050001000000000000000000000AF1220000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000016260000000000000100000001000000 "SIGN.MEDIA=94B755A setup.exe"=0x53414350010000000000000007000000280000006E9764000000000001000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000DC2D0C00000000000200000002000000 "SIGN.MEDIA=53ABDD9D setup.exe"=0x5341435001000000000000000700000028000000EB7741000000000001000000000000000000010600010000E63F486B2AA0D2010000000000000000020000002800000000000000000000400000000000000000000000000000000090172400000000000100000001000000 "SIGN.MEDIA=8D05CAD3 setup.exe"=0x5341435001000000000000000700000028000000FF7741000000000001000000000000000000010600010000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000C5860300000000000100000001000000 "SIGN.MEDIA=8C39C8EB setup.exe"=0x5341435001000000000000000700000028000000357841000000000001000000000000000000010600010000E63F486B2AA0D201000000000000000002000000280000000000000000000040000000000000000000000000000000002F7B1300000000000200000002000000 "C:\ProgramData\NVIDIA Corporation\Downloader\a50344aae9f3f44da37094b3e01fbb44\GeForce_Experience_Update_v3.10.0.95.exe"=0x53414350010000000000000007000000280000003092DB04497FDC0401000000000000000000020600010000E63F486B2AA0D201000000800000000002000000280000000000000000000000000000000000000000000000000000008AD60000000000000100000001000000 "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe"=0x5341435001000000000000000700000028000000C0871700F5A1170001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000756C0000000000000100000001000000 "SIGN.MEDIA=1854E6E6 setup.exe"=0x53414350010000000000000007000000280000000C7841000000000001000000000000000000010600010000E63F486B2AA0D2010000000000000000020000002800000000000000000000400000000000000000000000000000000082BF0100000000000100000001000000 "C:\Program Files (x86)\Origin\OriginClientService.exe"=0x5341435001000000000000000700000028000000606520003235210001000000000000000000010600010000E63F486B2AA0D201000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000000000000000000000000000000000000004E000000000000000100000001000000 "C:\Program Files (x86)\Origin\OriginWebHelperService.exe"=0x534143500100000000000000070000002800000068D12D001CF02D0001000000000000000000010600010000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000039010000000000000100000001000000 "SIGN.MEDIA=82316899 setup.exe"=0x534143500100000000000000070000002800000000D213000000000001000000000000000000000A00210000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000024010100000000000100000001000000 "D:\Downloads\The Sims 4 [FitGirl Repack]\Verify BIN files before installation.bat"=0x5341435001000000000000000700000028000000002E04004ADD040001000000000000000000010500100000BFA2139DEDD1D3010000000000000000 "D:\Games\The Sims 4\Game\Bin\TS4.exe"=0x534143500100000000000000070000002800000000E64C01E9624D0101000000000000000000000A00210000DB80FDAC2839D301000000000000000002000000280000000000000020000060000000000000000000000000000000006A330200000000000200000002000000 "C:\Users\admin\Downloads\ovisetup.exe"=0x5341435001000000000000000700000028000000005E46000000000001000000000000000000000A00210000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000016260000000000000100000001000000 "C:\Users\admin\Downloads\ReShade_Setup_3.0.8.exe"=0x5341435001000000000000000700000028000000002640000000000001000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000309D0200000000000400000004000000 "D:\Games\The Sims 4\unins000.exe"=0x5341435001000000000000000700000028000000712117000000000001000000000000000000010600010000BFA2139DEDD1D301000000000000000002000000500000000000000000000040000000000000000000000000000000005E0D00000000000001000000010000000000000000000000000000000000000000000000000000004F1F0000000000000100000000000000 "SIGN.MEDIA=B959294E setup.exe"=0x5341435001000000000000000700000028000000A97F37000000000001000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000ACCE0300000000000200000002000000 "C:\Users\admin\Desktop\VehiPlan-1-2-1\VehiPlan.exe"=0x5341435001000000000000000700000028000000006005002AF4050001000000000000000000010571200000DB80FDAC2839D30100000000000000000200000028000000000201050000006000140000000000000000000000000000B1D20A00000000000400000004000000 "SIGN.MEDIA=C401FB5 setup.exe"=0x53414350010000000000000007000000280000008C6247000000000001000000000000000000010600010000DB80FDAC2839D3010000000000000000020000002800000000000000000000400000000000000000000000000000000023D60200000000000100000001000000 "SIGN.MEDIA=F08AFCB9 setup.exe"=0x53414350010000000000000007000000280000000C7841000000000001000000000000000000010600010000DB80FDAC2839D301000000000000000002000000280000000000000000000040000000000000000000000000000000003D590300000000000100000001000000 "SIGN.MEDIA=BB378DD7 setup.exe"=0x5341435001000000000000000700000028000000DE7741000000000001000000000000000000010600010000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000F5AE0500000000000100000001000000 "SIGN.MEDIA=A72B685 setup.exe"=0x534143500100000000000000070000002800000062CC2F000000000001000000000000000000010600010000DB80FDAC2839D3010000000000000000020000002800000000000000000000400000000000000000000000000000000043200800000000000100000001000000 "SIGN.MEDIA=2090DA47 setup.exe"=0x534143500100000000000000070000002800000053CC2F000000000001000000000000000000010600010000DB80FDAC2839D3010000000000000000020000002800000000000000000000400000000000000000000000000000000072E10100000000000100000001000000 "SIGN.MEDIA=DF379220 setup.exe"=0x534143500100000000000000070000002800000054A453000000000001000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000B10E0100000000000100000001000000 "SIGN.MEDIA=6B7FBA31 setup.exe"=0x534143500100000000000000070000002800000095011B000000000001000000000000000000030600010000DB80FDAC2839D301000000000000000002000000280000000000000000000000000002000000000000000000000000006D070B00000000000100000001000000 "C:\Program Files (x86)\VB\Voicemeeter\voicemeeter.exe"=0x5341435001000000000000000700000028000000183A3A0032F03A0001000000000000000000000A71220000DB80FDAC2839D301000000000000000002000000280000000000000000000000000000000000000000000000000000000AFD0400000000000400000004000000 "C:\Users\admin\AppData\Roaming\uTorrent\uTorrent.exe"=0x5341435001000000000000000700000028000000B83C1E00D2281F0001000000000000000000000A00210000DB80FDAC2839D3010000000000000000020000002800000000000000000000000000000000000000000000000000000056628D00000000000300000003000000 "D:\Program Files (x86)\MegaDev\MegaTrainerUltimate\MegaTrainerClient.exe"=0x53414350010000000000000007000000280000006044AD00FFBAAD0001000000000000000000000A75220000DB80FDAC2839D301000000000000000002000000280000000000000000000040000000000000000000000000000000000A791A00000000000100000001000000 "D:\Program Files\Roberts Space Industries\RSI Launcher\RSI Launcher.exe"=0x53414350010000000000000007000000280000002098E7045F50E80401000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000050000000000000000000000000000000000000000000000000000000E405EF0100000000070000000600000000000000000000400000000000000000000000000000000052020000000000000100000000000000 "SIGN.MEDIA=B4444B38 setup.exe"=0x5341435001000000000000000700000028000000BD9B4B000000000001000000000000000000010600010000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000784B0500000000000100000001000000 "SIGN.MEDIA=CB7EF726 setup.exe"=0x5341435001000000000000000700000028000000982E12000000000001000000000000000000020600010000DB80FDAC2839D3010000000000000000020000002800000000000000000000000000000000000000000000000000000070221300000000000300000003000000 "SIGN.MEDIA=C3365833 setup.exe"=0x5341435001000000000000000700000028000000646247000000000001000000000000000000010600010000DB80FDAC2839D301000000000000000002000000280000000000000000000040000000000000000000000000000000001D4A0900000000000100000001000000 "C:\Program Files (x86)\Mozilla Firefox\pingsender.exe"=0x5341435001000000000000000700000028000000D0F7000096B9010001000000000000000000000A73200000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000EF070000000000005100000051000000 "C:\Users\admin\Documents\Paradox Interactive\Crusader Kings II\mod\unins000.exe"=0x5341435001000000000000000700000028000000212C0B000000000001000000000000000000000A00210000DB80FDAC2839D301000000000000000002000000280000000000000000000040000000000000000000000000000000007C080000000000000100000001000000 "SIGN.MEDIA=5BE12 setup.exe"=0x5341435001000000000000000700000028000000004A04000000000001000000000000000000000A75220000DB80FDAC2839D301000000000000000002000000280000000000000000000040000000000000000000000000000000008AE00700000000000100000001000000 "SIGN.MEDIA=44F09388 Setup.exe"=0x534143500100000000000000070000002800000090751400F077140001000000000000000000010600210000DB80FDAC2839D301000000000000000002000000280000000000000000000000000000000000000000000000000000008DEF0400000000000100000001000000 "SIGN.MEDIA=2857E Crack\keygen.exe"=0x5341435001000000000000000700000028000000008002000000000001000000000000000000010671220000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000FDD50000000000000400000004000000 "SIGN.MEDIA=FCFA1F10 setup.exe"=0x53414350010000000000000007000000280000005B1E4D000000000001000000000000000000030600210000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000A2902200000000000100000001000000 "SIGN.MEDIA=FE71518E setup.exe"=0x5341435001000000000000000700000028000000BBAB5E000000000001000000000000000000030600010000DB80FDAC2839D301000000000000000002000000280000000000000000000000000000000000000000000000000000001E280900000000000100000001000000 "C:\Users\admin\AppData\Roaming\Curse Client\Bin\Twitch.exe"=0x534143500100000000000000070000002800000040EB1700433D180001000000000000000000000A71220000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000006E039A00000000000300000003000000 "SIGN.MEDIA=5BE20 setup.exe"=0x5341435001000000000000000700000028000000004A04000000000001000000000000000000000A75220000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000EC1A0300000000000100000001000000 "SIGN.MEDIA=27DF9EF0 setup.exe"=0x53414350010000000000000007000000280000001C7841000000000001000000000000000000010600010000DB80FDAC2839D3010000000000000000020000002800000000000000000000400000000000000000000000000000000064F62800000000000100000001000000 "C:\Program Files (x86)\Java\jre1.8.0_161\bin\javaw.exe"=0x534143500100000000000000070000002800000040EC02002775030001000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000759D3200000000000200000002000000 "SIGN.MEDIA=DB943EE9 SetAoEDE.exe"=0x534143500100000000000000070000002800000084DB34000000000001000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000E4FB1700000000000100000001000000 "SIGN.MEDIA=487C99A2 cdp-fbs.exe"=0x534143500100000000000000070000002800000086F5C8000000000001000000000000000000010600010000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000BBA90700000000000200000002000000 "SIGN.MEDIA=13A4EB27 setup.exe"=0x5341435001000000000000000700000028000000982652000000000001000000000000000000010600010000DB80FDAC2839D3010000000000000000020000002800000000000000000000400000000000000000000000000000000023DA0A00000000000100000001000000 "SIGN.MEDIA=517355B0 setup.exe"=0x534143500100000000000000070000002800000008AB13000000000001000000000000000000030600010000DB80FDAC2839D301000000000000000002000000280000000000000000000000000000000000000000000000000000004A952100000000000100000001000000 "SIGN.MEDIA=9029D58F setup_ghost_of_a_tale_634_(64bit)_(19329)_(g).exe"=0x534143500100000000000000070000002800000000F40C0061590D0001000000000000000000000A00010000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000A2D80C00000000000100000001000000 "D:\Program Files (x86)\Steam\steamapps\common\Hearts of Iron IV\Hearts of Iron IV V1.5.1 Trainer +23 MrAntiFun.EXE"=0x534143500100000000000000070000002800000000EA4C006311010001000000000000000000020671020000DB80FDAC2839D30100000000000000000200000028000000000000000000004002000000000000000000000000000000690DAC00000000000100000001000000 "SIGN.MEDIA=AEF6D488 Setup\MassEffectAndromeda.exe"=0x5341435001000000000000000700000028000000B0075C0867AD5C0801000000000000000000000A73220000DB80FDAC2839D301000000000000000002000000280000000000000000000000000000000000000000000000000000007B510000000000000100000001000000 "SIGN.MEDIA=A52DCF02 setup.exe"=0x5341435001000000000000000700000028000000982652000000000001000000000000000000010600010000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000A5530F00000000000100000001000000 "SIGN.MEDIA=99D29394 LotRIcon.exe"=0x5341435001000000000000000700000028000000008000000000000001000000000000000000010571200000DB80FDAC2839D3010000000000000000020000002800000000000000000000000000000000000000000000000000000000000000000000000200000002000000 "SIGN.MEDIA=99D29394 setup.exe"=0x534143500100000000000000070000002800000000B001000000000001000000000000000000010571200000DB80FDAC2839D3010000000000000000050000001000000000000000000000000000000000080000020000002800000000000000000800400000200000000000000020000000000022EA0300000000000400000004000000010000000400000001000000 "SIGN.MEDIA=99D29394 AutoRun.exe"=0x534143500100000000000000070000002800000000700A000000000001000000000000000000010571200000DB80FDAC2839D3010000000000000000020000002800000000000000800800500000000000000000000000000000000088D30100000000000100000001000000 "SIGN.MEDIA=6B6254A5 setup.exe"=0x5341435001000000000000000700000028000000952652000000000001000000000000000000010600010000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000E1690100000000000100000001000000 "SIGN.MEDIA=D003F451 setup.exe"=0x534143500100000000000000070000002800000011250C000000000001000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000F7460E00000000000100000001000000 "C:\Users\admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"=0x5341435001000000000000000700000028000000A01A8101BABB810101000000000000000000000A00210000DB80FDAC2839D3010000000100000000 "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"=0x5341435001000000000000000700000028000000180E120058A0120001000000000000000000000A71220000DB80FDAC2839D301000000000000000002000000280000000000000000000000000000000000000000000000000000001A010000000000000100000001000000 "SIGN.MEDIA=76FB6822 setup.exe"=0x5341435001000000000000000700000028000000A24D73000000000001000000000000000000010600010000DB80FDAC2839D301000000000000000002000000280000000000000000000040000000000000000000000000000000008AC70900000000000200000002000000 "C:\Users\admin\Desktop\Hearts of Iron IV V1.5.3 Trainer +23 MrAntiFun.EXE"=0x5341435001000000000000000700000028000000003C4D006311010001000000000000000000020671020000DB80FDAC2839D301000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040020000000000000000000000000000003F171E00000000000100000001000000 "SIGN.MEDIA=5FEDE0C6 setup.exe"=0x5341435001000000000000000700000028000000922652000000000001000000000000000000010600010000DB80FDAC2839D3010000000000000000020000002800000000000000000000400000000000000000000000000000000062840A00000000000100000001000000 "SIGN.MEDIA=88235948 setup.exe"=0x5341435001000000000000000700000028000000250925000000000001000000000000000000030600010000DB80FDAC2839D3010000000000000000020000002800000000000000000000000000000000000000000000000000000064760100000000000100000001000000 "SIGN.MEDIA=4D5EDDB8 setup.exe"=0x5341435001000000000000000700000028000000007C17000000000001000000000000000000030600010000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000A38F7200000000000100000001000000 "D:\Program Files (x86)\PlayStationNow\psnowlauncher.exe"=0x534143500100000000000000070000002800000070AA7600BFA2770001000000000000000000000A71220000BFA2139DEDD1D3010000000000000000 "C:\Users\admin\AppData\Local\WhatsApp\WhatsApp.exe"=0x5341435001000000000000000700000028000000682A0A0022FD0A0001000000000000000000000A00210000DB80FDAC2839D3010000000000000000020000002800000000000000000000000000000000000000000000000000000057030100000000000200000002000000 "D:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe"=0x53414350010000000000000007000000280000005018C602CA47C60201000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000003F023200000000000700000007000000 "SIGN.MEDIA=E4698A1D setup.exe"=0x53414350010000000000000007000000280000005E7938000000000001000000000000000000000A00210000DB80FDAC2839D3010000000000000000020000002800000000000000000000000000000000000000000000000000000060120300000000000100000001000000 "SIGN.MEDIA=77EA75FF setup.exe"=0x53414350010000000000000007000000280000002BB70F000000000001000000000000000000030600010000DB80FDAC2839D301000000000000000002000000280000000000000000000000000000000000000000000000000000001EBD1C00000000000100000001000000 "SIGN.MEDIA=A3795F15 setup.exe"=0x5341435001000000000000000700000028000000FF5F34000000000001000000000000000000010600010000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000EC140400000000000100000001000000 "SIGN.MEDIA=13B5C40C setup.exe"=0x5341435001000000000000000700000028000000629306000000000001000000000000000000030600210000DB80FDAC2839D301000000000000000002000000280000000000000000000000000000000000000000000000000000006C0F1800000000000100000001000000 "SIGN.MEDIA=38FC9EB8 setup_far_lone_sails_1.02_(20819).exe"=0x5341435001000000000000000700000028000000B89EFC38D89FFC3801000000000000000000000A00010000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000A3130100000000000100000001000000 "D:\Program Files (x86)\Zotero\zotero.exe"=0x5341435001000000000000000700000028000000389E0100D83A020001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000003E850000000000000100000001000000 "C:\Users\admin\AppData\Local\Discord\Update.exe"=0x5341435001000000000000000700000028000000583F17005341170001000000000000000000000A75220000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000000CF00401000000000A0000000A000000 "SIGN.MEDIA=F801AF78 setup.exe"=0x5341435001000000000000000700000028000000A02652000000000001000000000000000000010600010000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000F7C90000000000000100000001000000 "SIGN.MEDIA=D6000975 setup.exe"=0x534143500100000000000000070000002800000000B005000000000001000000000000000000000671020000BFA2139DEDD1D3010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400010020000000000000000000000000069760000000000000100000001000000 "SIGN.MEDIA=D6000975 FalloutLauncher.exe"=0x5341435001000000000000000700000028000000005018000000000001000000000000000000010671220000BFA2139DEDD1D30100000000000000000200000028000000000000008000001000000000000000000000000000000000632E0000000000000100000001000000 "SIGN.MEDIA=92D4D38 setup.exe"=0x5341435001000000000000000700000028000000DD9E00000000000001000000000000000000000671000000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000800000200000028000000000000000008004010100000000000000000000000000000B0360000000000000100000001000000 "SIGN.MEDIA=E0870735 setup.exe"=0x5341435001000000000000000700000028000000D6FA06000000000001000000000000000000010600210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000078170800000000000100000001000000 "C:\Program Files (x86)\Windows Media Player\wmplayer.exe"=0x5341435001000000000000000700000028000000008C02004C22030001000000010000000000000A61220000BFA2139DEDD1D3010000000000000000 "SIGN.MEDIA=B33A3774 Setup.exe"=0x53414350010000000000000007000000280000001C5026000000000001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000014650300000000000200000002000000 "SIGN.MEDIA=4E73A6A4 setup.exe"=0x53414350010000000000000007000000280000004E4D73000000000001000000000000000000010600010000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000020A90000000000000100000001000000 "SIGN.MEDIA=70087B34 setup.exe"=0x5341435001000000000000000700000028000000CF2652000000000001000000000000000000010600010000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000522A0C00000000000100000001000000 "SIGN.MEDIA=82FD2316 Game\GameFiles.part01.exe"=0x53414350010000000000000007000000280000000065CD1D0000000001000000000000000000020600010000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000800000000200000028000000000000008000000000000000000000000000000000000000B5520D00000000000300000003000000 "SIGN.MEDIA=3629CB96 Install.exe"=0x5341435001000000000000000700000028000000AB68FD000000000001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000DA1D0300000000000100000001000000 "SIGN.MEDIA=26B6F258 Setup\MirrorsEdgeCatalyst.exe"=0x5341435001000000000000000700000028000000B0853B0529493C0501000000000000000000000A73220000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000D53D0000000000000100000001000000 "SIGN.MEDIA=53A1BDC Crack\MirrorsEdgeCatalyst.exe"=0x5341435001000000000000000700000028000000006E3B0529493C0501000000000000000000000A73220000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000047090000000000000100000001000000 "SIGN.MEDIA=5C7E513 Office\setup.exe"=0x534143500100000000000000070000002800000078CB100089B2110001000000000000000000010600010000BFA2139DEDD1D301000000000000000002000000280000000000000000000050000000000000000000000000000000002BA80900000000000200000002000000 "C:\Users\admin\Desktop\MOD GTA\mods gta lspdfr\lspdfr031setup.exe"=0x534143500100000000000000070000002800000026B291020000000001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000FF280100000000000100000001000000 "SIGN.MEDIA=D6E05B40 setup.exe"=0x53414350010000000000000007000000280000004AE308000000000001000000000000000000010600210000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000002000000000000000000000000007E5F1200000000000200000002000000 "SIGN.MEDIA=FCD66215 setup.exe"=0x5341435001000000000000000700000028000000A52652000000000001000000000000000000010600010000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000D3B00300000000000100000001000000 "C:\Users\admin\AppData\Local\vghd\bin\vghd.exe"=0x5341435001000000000000000700000028000000001A35000000000001000000000000000000000A71220000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000518E0E00000000000100000001000000 "SIGN.MEDIA=E5CB0D9D setup.exe"=0x5341435001000000000000000700000028000000942652000000000001000000000000000000010600010000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000DDBD0100000000000100000001000000 "SIGN.MEDIA=EA67868 Autorun.exe"=0x534143500100000000000000070000002800000000F003000000000001000000000000000000010571200000BFA2139DEDD1D3010000000000000000020000002800000000000000800000000000000000000000000000000000000048CF0300000000000200000002000000 "SIGN.MEDIA=6734345 RunGame.exe"=0x5341435001000000000000000700000028000000008002000000000001000000000000000000010571200000BFA2139DEDD1D301000000000000000005000000100000000000000000000000000301050000000002000000A00000000003010500000060000000000000000000000000000000006D0000000000000001000000010000000002010500000060000000000000000000000000000000005E000000000000000100000000000000000000000000004000000000000000000000000000000000190100000000000002000000000000000000000000000000004000000000000000000000000000003F000000000000000300000000000000 "SIGN.MEDIA=34DD09E setup.exe"=0x53414350010000000000000007000000280000009D2652000000000001000000000000000000010600010000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000008AE61000000000000100000001000000 "D:\Program Files (x86)\Steam\Steam.exe"=0x534143500100000000000000070000002800000020D930004769310001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000C2D9A200000000004A0000004A000000 "SIGN.MEDIA=92D15D3D stp-unravel.exe"=0x5341435001000000000000000700000028000000509005000000000001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000847C0300000000000100000001000000 "C:\Users\admin\Desktop\MODS minecraft\forge-1.12.2-14.23.3.2669-installer-win.exe"=0x53414350010000000000000007000000280000007F494F00F4E3000001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000554D0000000000000200000002000000 "C:\Program Files\internet explorer\iexplore.exe"=0x534143500100000000000000070000002800000008910C0061C40C0001000000010000000000000A00210000BFA2139DEDD1D3010000000000000000 "C:\Users\admin\Desktop\MODS minecraft\liteloader-installer-1.12.2-00-SNAPSHOT.exe"=0x5341435001000000000000000700000028000000BCFF3F0034B8000001000000000000000000010600010000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000100000000000000000000000000000312C0000000000000100000001000000 "SIGN.MEDIA=1AA6B4A5 SetSoD2.exe"=0x53414350010000000000000007000000280000004A021C000000000001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000010B13800000000000100000001000000 "D:\Program Files (x86)\Steam\bin\steamservice.exe"=0x53414350010000000000000007000000280000002089190036B9190001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000001A5D0200000000000800000008000000 "SIGN.MEDIA=36D54F7 setup.exe"=0x5341435001000000000000000700000028000000F47741000000000001000000000000000000010600010000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000047CC0700000000000100000001000000 "SIGN.MEDIA=76FC8CA9 setup.exe"=0x5341435001000000000000000700000028000000CF7741000000000001000000000000000000010600010000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000056B60200000000000100000001000000 "SIGN.MEDIA=15D50C2B Setup.exe"=0x53414350010000000000000007000000280000000DF60A000000000001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000FD3E0000000000000100000001000000 "SIGN.MEDIA=13B8D5BC setup.exe"=0x5341435001000000000000000700000028000000D37741000000000001000000000000000000010600010000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000E06C0400000000000100000001000000 "SIGN.MEDIA=A54D2455 setup.exe"=0x5341435001000000000000000700000028000000885A8A000000000001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000A63F0400000000000100000001000000 "SIGN.MEDIA=11F40FF0 setup.exe"=0x5341435001000000000000000700000028000000E97741000000000001000000000000000000010600010000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000AB041C00000000000100000001000000 "SIGN.MEDIA=E7B478D3 setup.exe"=0x5341435001000000000000000700000028000000A9CC2F000000000001000000000000000000010600010000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000E1861E00000000000100000001000000 "SIGN.MEDIA=1CA2C93F Autorun.exe"=0x534143500100000000000000070000002800000044D001000000000001000000000000000000010571200000BFA2139DEDD1D301000000000000000002000000280000000000000080000000000000000000000000000000000000005AF90200000000000100000001000000 "SIGN.MEDIA=839A06E1 SetZTyUC.exe"=0x5341435001000000000000000700000028000000EDE308000000000001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000001EBD0500000000000200000002000000 "C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE"=0x5341435001000000000000000700000028000000284D0500AAA8050001000000000000000000000671020000BFA2139DEDD1D3010000000100000000 "D:\Program Files (x86)\Steam\steamapps\workshop\content\244450\1136257736\Settings.exe"=0x534143500100000000000000070000002800000000EA13000000000001000000000000000000000A75220000BFA2139DEDD1D30100000000000000000200000028000000000000000000000010000000000000000000000000000000FCD00000000000000100000001000000 "SIGN.MEDIA=B6214829 setup.exe"=0x53414350010000000000000007000000280000005F9B4B000000000001000000000000000000010600010000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000024DA0000000000000100000001000000 "SIGN.MEDIA=332BAF78 setup.exe"=0x53414350010000000000000007000000280000001A4E35000000000001000000000000000000030600010000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000043500000000000000100000001000000 "SIGN.MEDIA=C305FA7 AutoRun.exe"=0x5341435001000000000000000700000028000000007009000000000001000000000000000000010571200000BFA2139DEDD1D3010000000000000000020000002800000000000000800800500000000000000000000000000000000033850C00000000000100000001000000 "D:\Program Files (x86)\EA GAMES\LSDA Le Retour du Roi tm\ROTK.exe"=0x534143500100000000000000070000002800000000001A0048191A0001000000000000000000010571200000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000F86E1A00000000000100000001000000 "SIGN.MEDIA=83C40CD1 setup.exe"=0x53414350010000000000000007000000280000000AA70A000000000001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000050000000000000000000000000000000000000000000000000000000EAE00000000000000400000003000000000000000000004000000000000000000000000000000000F0330000000000000100000000000000 "SIGN.MEDIA=82C586B1 setup.exe"=0x5341435001000000000000000700000028000000974D73000000000001000000000000000000010600010000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000365A0000000000000100000001000000 "C:\Users\admin\Downloads\Shockwave_Installer_Slim.exe"=0x5341435001000000000000000700000028000000E0785F00FE49600001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000E6410100000000000100000001000000 "C:\Users\admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"=0x5341435001000000000000000700000028000000A05A8A01521F8B0101000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Users\admin\AppData\Local\Microsoft\OneDrive\18.091.0506.0007\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000A8E003002796040001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Program Files (x86)\Microsoft Office\Office12\POWERPNT.EXE"=0x5341435001000000000000000700000028000000301907002F59070001000000000000000000000671020000BFA2139DEDD1D3010000000100000000 "C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE"=0x534143500100000000000000070000002800000028FF1001D228110101000000000000000000000671020000BFA2139DEDD1D3010000000100000000 "SIGN.MEDIA=1C4E38DE setup.exe"=0x53414350010000000000000007000000280000006CBB0D000000000001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000061B10600000000000100000001000000 "D:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exe"=0x5341435001000000000000000700000028000000582F07002B33070001000000000000000000000A71220000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000C5EE2E00000000000100000001000000 "D:\Downloads\The Sims 4 [FitGirl Repack]\setup.exe"=0x53414350010000000000000007000000280000009D1F40000000000001000000000000000000010600010000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000006F851D00000000000100000001000000 "D:\Games\The Sims 4\Game\Bin\TS4_x64.exe"=0x5341435001000000000000000700000028000000006EBA012E27BB0101000000000000000000000A00210000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000200000000200000028000000000000002000006000000000000000000000000000000000EA096800000000000400000004000000 "C:\Program Files (x86)\Mozilla Firefox\updater.exe"=0x5341435001000000000000000700000028000000D05F050023AD050001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000F9150000000000000100000001000000 "C:\Program Files (x86)\Mozilla Firefox\firefox.exe"=0x5341435001000000000000000700000028000000D0EF0600CB2F070001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Users\admin\Downloads\Iron_Europe_1.0_Installer_moddb.exe"=0x5341435001000000000000000700000028000000A91FD9380000000001000000000000000000010600010000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000044100500000000000100000001000000 "C:\Users\admin\Downloads\Iron_Europe_1.21_patch.exe"=0x5341435001000000000000000700000028000000E94581050000000001000000000000000000010600010000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000002D780000000000000100000001000000 "C:\Users\admin\Downloads\Blood_and_Iron_Age_of_Imperialism_V3.0.exe"=0x534143500100000000000000070000002800000034248C530000000001000000000000000000030600010000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000005E980200000000000100000001000000 "C:\Users\admin\Downloads\North_and_South_First_Manassas_V1.1.exe"=0x5341435001000000000000000700000028000000401B963E0000000001000000000000000000030600010000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000006C810500000000000100000001000000 "D:\Downloads\brutal_legend_2.1.0.7\setup_brutal_legend_2.1.0.7.exe"=0x534143500100000000000000070000002800000048F614021C4B150201000000000000000000030600010000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000206B1000000000000100000001000000 "C:\Users\admin\Downloads\0.65.2-4-0-65-2.exe"=0x5341435001000000000000000700000028000000F0C762006814630001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000AAAC4C00000000000300000003000000 "C:\Program Files\Nexus Mod Manager\NexusClient.exe"=0x534143500100000000000000070000002800000030F231008E55320001000000000000000000000A75220000BFA2139DEDD1D30100000000000000000200000028000000000000000000000080000000000000000000000000000000EE1E0E00000000001800000018000000 "D:\Program Files (x86)\WinRAR\Uninstall.exe"=0x5341435001000000000000000700000028000000D8880500A554060001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000007D000000000000000100000001000000 "C:\Program Files\CCleaner\CCleaner64.exe"=0x5341435001000000000000000700000028000000D88918010B08190101000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000DA000000000000000E0000000E000000 "D:\Program Files (x86)\WinRAR\WinRAR.exe"=0x5341435001000000000000000700000028000000D8E82100B277220001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000BF520100000000000E0000000E000000 "D:\Downloads\Injustice.2-VOKSI\Binaries\Retail\Injustice2.exe"=0x5341435001000000000000000700000028000000005E700D193D420D01000000000000000000000A00210000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000050000000000000000000004000000000000000000000000000000000F13007000000000001000000010000000000000000000000000000000000000000000000000000006A0B0000000000000100000000000000 "SIGN.MEDIA=2DFD3943 setup.exe"=0x5341435001000000000000000700000028000000EB7741000000000001000000000000000000010600010000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000005B814400000000000100000001000000 "D:\Downloads\Dynasty.Warriors.9.v1.11.Incl.DLC\Dynasty.Warriors.9.Update.v1.04-CODEX\Update\Setup.exe"=0x5341435001000000000000000700000028000000C7BD74000000000001000000000000000000010600010000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000002A200000000000000100000001000000 "D:\Downloads\Dynasty.Warriors.9.v1.11.Incl.DLC\Dynasty.Warriors.9.Update.v1.05.incl.DLC-CODEX\Update\Setup.exe"=0x5341435001000000000000000700000028000000A9B874000000000001000000000000000000010600010000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000CED50000000000000100000001000000 "D:\Downloads\Dynasty.Warriors.9.v1.11.Incl.DLC\Dynasty.Warriors.9.Update.v1.06.incl.DLC-CODEX\Update\Setup.exe"=0x53414350010000000000000007000000280000009DB874000000000001000000000000000000010600010000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000BF1C0000000000000100000001000000 "D:\Downloads\Dynasty.Warriors.9.v1.11.Incl.DLC\Dynasty.Warriors.9.Update.v1.08.incl.DLC-CODEX\Update\Setup.exe"=0x5341435001000000000000000700000028000000A1B874000000000001000000000000000000010600010000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000008B220000000000000100000001000000 "D:\Downloads\Dynasty.Warriors.9.v1.11.Incl.DLC\Dynasty.Warriors.9.Update.v1.11.incl.DLC-CODEX\Update\Setup.exe"=0x53414350010000000000000007000000280000009DB874000000000001000000000000000000010600010000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000002A420000000000000100000001000000 "D:\Games\Dynasty Warriors 9\DW9.exe"=0x5341435001000000000000000700000028000000C0886B01D6026C0101000000000000000000000A73220000BFA2139DEDD1D301000000000000000002000000280000000000000020000060000000000000000000000000000000002EE65800000000000700000007000000 "D:\Games\Dynasty Warriors 9\Config.exe"=0x5341435001000000000000000700000028000000C08268000B48690001000000000000000000000A73220000BFA2139DEDD1D30100000000000000000200000050000000000000000000000000000000000000000000000000000000855F0000000000000500000004000000000000000000004000000000000000000000000000000000C2400000000000000100000000000000 "C:\Users\admin\Downloads\Xbox360_64Fra.exe"=0x53414350010000000000000007000000280000007849780015C1780001000000000000000000010571000000BFA2139DEDD1D3010000000000000000050000001000000000000000000000000000000080010000020000002800000000000000800100000086020000000000008000000000000040120000000000000100000001000000010000000400000001000000 "C:\Users\admin\Downloads\Mes_Drivers_3.0.4.exe"=0x534143500100000000000000070000002800000078C91800A0D8180001000000000000000000000A71220000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000D5280000000000000200000002000000 "D:\Games\Dynasty Warriors 9\unins000.exe"=0x5341435001000000000000000700000028000000712518000000000001000000000000000000010600010000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000002B200000000000000100000001000000 "C:\Users\admin\Downloads\398.46-desktop-notebook-win10-64bit-international.hf.exe"=0x534143500100000000000000070000002800000038AD7B1E5A5D7C1E01000000000000000000020600010000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000001B1C0500000000000100000001000000 "C:\Users\admin\Downloads\DriversCloud_Win.exe"=0x534143500100000000000000070000002800000030B503009AE5030001000000000000000000000671000000BFA2139DEDD1D30100000000000000000200000028000000000000000008004000000000000000000000000000000000EE650000000000000100000001000000 "C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe"=0x5341435001000000000000000700000028000000C0A70E0001070F0001000000000000000000000A71200000BFA2139DEDD1D30100000000000000000200000028000000000000008000000000000000000000000000000000000000DE020000000000000100000001000000 "C:\Users\admin\Downloads\Drivers_DESKTOP-CDDJ7U6.exe"=0x534143500100000000000000070000002800000078F01E00182B1F0001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000066660100000000000100000001000000 "C:\Users\admin\Downloads\398.36-desktop-win10-64bit-international-whql.exe"=0x5341435001000000000000000700000028000000C075D11EC7D8D11E01000000000000000000020600010000BFA2139DEDD1D3010000000000000000 "C:\Program Files\DriversCloud.com\DriversCloud.exe"=0x5341435001000000000000000700000028000000B8A86900F1686A0001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000F7250000000000000100000001000000 "C:\Users\admin\Downloads\adwcleaner_7.0.2.1(1).exe"=0x5341435001000000000000000700000028000000D0DB7C00F1FE7C0001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000BB000000000000000100000001000000 "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe"=0x534143500100000000000000070000002800000028B10D00152C0E0001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000002D100000000000000100000001000000 "SIGN.IE=04CA28 Firefox Installer.exe"=0x534143500100000000000000070000002800000028CA0400A33F050001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000036810000000000000100000001000000 "C:\Program Files\Mozilla Firefox\firefox.exe"=0x5341435001000000000000000700000028000000D0EF060058E7070001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "SIGN.MEDIA=C71BA8AF Setup.exe"=0x5341435001000000000000000700000028000000AF7912000000000001000000000000000000010600010000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000081A60000000000000100000001000000 "D:\Program Files (x86)\Bossa Studios\Surgeon Simulator - Anniversary Edition\ss2013_DirectToRift.exe"=0x534143500100000000000000070000002800000000B20100963B020001000000000000000000030671020000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000F8F40800000000000100000001000000 "D:\Program Files (x86)\Bossa Studios\Surgeon Simulator - Anniversary Edition\unins000.exe"=0x5341435001000000000000000700000028000000D9F50A000000000001000000000000000000010600010000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000200000000000000000000000000005D150000000000000100000001000000 "C:\Users\admin\Downloads\Rolistik1.1_setup.exe"=0x53414350010000000000000007000000280000005F724E000000000001000000000000000000000A41220000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000D6840200000000000100000001000000 "D:\Downloads\Oxygen.Not.Included\OxygenNotIncluded.exe"=0x5341435001000000000000000700000028000000006A5C010000000001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000096B61200000000000200000002000000 "SIGN.MEDIA=B1854B56 setup.exe"=0x5341435001000000000000000700000028000000B62652000000000001000000000000000000010600010000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000072730F00000000000100000001000000 "D:\Games\Red Faction Guerrilla ReMarstered\rfg.exe"=0x534143500100000000000000070000002800000000307C010000000001000000000000000000000A71200000BFA2139DEDD1D301000000000000000002000000280000000000000020000060000000000000000000000000000000001BB21A00000000000100000001000000 "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe"=0x5341435001000000000000000700000028000000C8480E0093B00E0001000000000000000000000600010000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000002D370000000000001200000012000000 "C:\Users\admin\Downloads\driver-fusion_3-0_fr_249310.exe"=0x5341435001000000000000000700000028000000FD2055000000000001000000000000000000030600010000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000340F0300000000000100000001000000 "D:\Program Files (x86)\Driver Fusion\DriverFusion.exe"=0x534143500100000000000000070000002800000000D287000000000001000000000000000000000A75220000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000B3B70100000000000100000001000000 "D:\Program Files (x86)\Driver Fusion\Uninstall.exe"=0x5341435001000000000000000700000028000000C07F01000000000001000000000000000000030600010000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400002000000000000000000000000000034140000000000000100000001000000 "D:\Downloads\Hellblade.Senuas.Sacrifice.GOG\setup_hellbladesenuassacrifice_1.0_(13932).exe"=0x5341435001000000000000000700000028000000B8370B00DF760B0001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000EFA61700000000000100000001000000 "D:\Program Files (x86)\HellbladeSenuasSacrifice\HellbladeGame\Binaries\Win64\HellbladeGame-Win64-Shipping.exe"=0x5341435001000000000000000700000028000000008E5004A6FE540401000000000000000000000A73200000BFA2139DEDD1D3010000000000000000020000002800000000000000100000200000000000000000000000000000000096800400000000000100000001000000 "D:\Downloads\THE DWARVES DIGITAL DELUXE EDITION\setup_the_dwarves_2.0.0.1.exe"=0x5341435001000000000000000700000028000000408321025326220201000000000000000000030600010000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000251D1200000000000100000001000000 "D:\Program Files (x86)\The Dwarves\Windows\Dwarves.exe"=0x5341435001000000000000000700000028000000009A01010000000001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000001000002000000000000000000000000000000000860F0C00000000000100000001000000 "D:\Games\Red Faction Guerrilla ReMarstered\unins000.exe"=0x5341435001000000000000000700000028000000712518000000000001000000000000000000010600010000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000002000000000000000000000000000098130000000000000100000001000000 "C:\Users\admin\Downloads\GameRangerSetup.exe"=0x5341435001000000000000000700000028000000B0BE0100D822020001000000000000000000000671020000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000024453200000000000200000002000000 "D:\Downloads\Warcraft III\Warcraft III\Frozen Throne.exe"=0x5341435001000000000000000700000028000000003004000000000001000000000000000000010571000000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000040000000000000000000000000000B8880000000000000200000002000000 "C:\Users\admin\Downloads\RuneScape-Setup.exe"=0x5341435001000000000000000700000028000000C8644B007D104C0001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000C7610000000000000100000001000000 "D:\Program Files\Jagex\RuneScape Launcher\RuneScape.exe"=0x5341435001000000000000000700000028000000985C7B0057EA7B0001000000000000000000000A73220000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000001BA40100000000000200000002000000 "C:\Users\admin\Downloads\War3TFT_124a_Francais.exe"=0x534143500100000000000000070000002800000071AF03040000000001000000000000000000010571000000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000B80B0000000000000100000001000000 "D:\Downloads\Warcraft III\Warcraft III\War3TFT_124a_Francais.exe"=0x534143500100000000000000070000002800000071AF03040000000001000000000000000000010571000000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000000D100000000000000100000001000000 "SIGN.IE=070F2D0 adwcleaner_7.2.1.exe"=0x5341435001000000000000000700000028000000D0F27000D8F0710001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000059060000000000000300000003000000 "SIGN.IE=02315038 setup.exe"=0x534143500100000000000000070000002800000038503102EB2C320201000000000000000000000A00210000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000000000000000000000000000000000000000B50E0000000000000100000001000000 "C:\Users\admin\Desktop\setup.exe"=0x534143500100000000000000070000002800000038503102EB2C320201000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000002B880000000000000300000003000000 "C:\Users\admin\Desktop\adwcleaner_7.2.1.exe"=0x5341435001000000000000000700000028000000D0F27000D8F0710001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000B35B0200000000001100000011000000 "C:\Users\admin\Downloads\setup-remove-ads.exe"=0x5341435001000000000000000700000028000000C06D13008462140001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000058280000000000000100000001000000 "D:\Program Files (x86)\AdBlock Master\AdBlock.exe"=0x5341435001000000000000000700000028000000007411000000000001000000000000000000000A75220000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000009620600000000000100000001000000 "C:\Program Files\RogueKiller\RogueKiller64.exe"=0x5341435001000000000000000700000028000000384E9D01E75E9D0101000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000044AD3200000000000F0000000F000000 "D:\Program Files\AVAST Software\Avast\AvastUI.exe"=0x5341435001000000000000000700000028000000D832B70013ACB70001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000007D000000000000000300000003000000 "C:\Users\admin\Downloads\ZHPDiag3.exe"=0x53414350010000000000000007000000280000008023300053CE300001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000004FB00B00000000000100000001000000 "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"=0x5341435001000000000000000700000028000000F0A522004741230001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000100000000000000000000000000000000030050000000000000100000001000000 "D:\Program Files (x86)\The Dwarves\unins000.exe"=0x5341435001000000000000000700000028000000404014005912150001000000000000000000030600010000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000291B0000000000000100000001000000 "D:\Program Files (x86)\Rolistik\unins000.exe"=0x5341435001000000000000000700000028000000D09D0A000000000001000000000000000000000A41220000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000A80B0000000000000100000001000000 "D:\Program Files (x86)\HellbladeSenuasSacrifice\unins000.exe"=0x534143500100000000000000070000002800000060361300C7B0130001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000004F120000000000000100000001000000 "D:\Program Files (x86)\Steam\steamapps\common\MountBlade Warband\Modules\Iron Europe\unins001.exe"=0x5341435001000000000000000700000028000000B5790B000000000001000000000000000000010600010000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000200000000000000000000000000002F0D0000000000000100000001000000 "D:\Program Files (x86)\AdBlock Master\unins000.exe"=0x5341435001000000000000000700000028000000A1FC0A000000000001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000AA100000000000000100000001000000 "C:\Users\admin\Downloads\MediaCreationTool1803.exe"=0x5341435001000000000000000700000028000000D8BB23013E3A240101000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000BBE40500000000000100000001000000 "G:\setup.exe"=0x5341435001000000000000000700000028000000083B0100871C020001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000053070000000000000100000001000000 "C:\Users\admin\Downloads\HousecallLauncher64.exe"=0x534143500100000000000000070000002800000028B52400BC55250001000000000000000000010673020000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000002FF64802000000000300000003000000 "C:\Users\admin\Downloads\spsetup128.exe"=0x5341435001000000000000000700000028000000083D4E00BA134F0001000000000000000000010600010000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000E2B51400000000000100000001000000 "D:\Program Files (x86)\Minecraft\MinecraftLauncher.exe"=0x534143500100000000000000070000002800000080D74F0235A7500201000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000008000000000000000000000000000000000000000A9CD0800000000000500000005000000 "SIGN.MEDIA=CD22EE90 setup.exe"=0x5341435001000000000000000700000028000000BA2652000000000001000000000000000000010600010000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000045690100000000000100000001000000 "D:\Games\Warhammer 40000 Gladius Relics of War\autorun.exe"=0x5341435001000000000000000700000028000000A83A6300562F640001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000A00000600000000000000000000000000000000082CE3D00000000000100000001000000 "C:\Users\admin\Downloads\ZHPDiag3(1).exe"=0x53414350010000000000000007000000280000008023300053CE300001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000028160000000000000100000001000000 "C:\Users\admin\AppData\Roaming\ZHP\ZHPDiag3.exe"=0x53414350010000000000000007000000280000008023300053CE300001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000007620300000000000300000003000000 "C:\Users\admin\Downloads\FRST64.exe"=0x534143500100000000000000070000002800000000D02400FA78250001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000AF1E0100000000000100000001000000 "C:\Program Files\Speccy\Speccy64.exe"=0x534143500100000000000000070000002800000018296C003F596C0001000000000000000000000A73220000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000016260000000000000100000001000000 "C:\Users\admin\Downloads\mb3-setup-consumer-3.5.1.2522-1.0.391-1.0.5889(1).exe"=0x534143500100000000000000070000002800000000FF7F045477800401000000000000000000000A00210000BFA2139DEDD1D3010000000000000000 "C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe"=0x5341435001000000000000000700000028000000D054B20060C2B20001000000000000000000000A71220000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000D6E60000000000000100000001000000 "C:\Users\admin\Desktop\FRST64.exe"=0x534143500100000000000000070000002800000000D02400FA78250001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000087420000000000000100000001000000 "C:\Users\admin\ZHPDiag3.exe"=0x534143500100000000000000070000002800000080253000B7E7300001000000000000000000000A00210000BFA2139DEDD1D301000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000008B0C0500000000000100000001000000 "C:\Program Files\Malwarebytes\Anti-Malware\malwarebytes_assistant.exe"=0x5341435001000000000000000700000028000000D05E0D00460F0E0001000000000000000000000A71220000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000006E000000000000000100000001000000 "D:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UplayService.exe"=0x534143500100000000000000070000002800000058FD2A0016CF2B0001000000000000000000000A71220000BFA2139DEDD1D301000000000000000002000000280000000000000080000000000000000000000000000000000000009D050000000000000100000001000000 "C:\Users\admin\Downloads\QuickDiag.exe"=0x534143500100000000000000070000002800000098093E00F9633E0001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000000C320000000000000100000001000000 "C:\Users\admin\Desktop\QuickDiag.exe"=0x534143500100000000000000070000002800000098093E00F9633E0001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000 ---------- | IFEO ---------- | Mountpoints2 ---------- | Windows [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] ""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "Beep"=#USR:Control Panel\Sound "CoolSwitch"=USR:Control Panel\Desktop "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickSpeed"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse "Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SwapMouseButtons"=#USR:Control Panel\Mouse "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf] ""=@SYS:DoesNotExist [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "Beep"=#USR:Control Panel\Sound "CoolSwitch"=USR:Control Panel\Desktop "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickSpeed"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SwapMouseButtons"=#USR:Control Panel\Mouse "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems] "windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ---------- | Security center [HKLM\SOFTWARE\Microsoft\Security Center] "cval"=1 [HKLM\SOFTWARE\Microsoft\Security Center\svc] "VistaSp1"=131710491242715439 [HKLM\SOFTWARE\Microsoft\Windows Defender] "ProductAppDataPath"=C:\ProgramData\Microsoft\Windows Defender "ProductIcon"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-100 "ProductLocalizedName"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-1000 "RemediationExe"=%ProgramFiles%\Windows Defender\MSASCui.exe "DisableAntiSpyware"=1 "ProductType"=2 "InstallTime"=0xC919C6062646D201 "InstallLocation"=C:\Program Files\Windows Defender\ "ProductStatus"=0 "OOBEInstallTime"=0xB91332585460D301 "ManagedDefenderProductType"=0 "DisableAntiVirus"=1 "LastEnabledTime"=0x362D5182888BD301 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall"=1 ---------- | Safeboot [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioSrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicDisplay.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicRender.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BrokerInfrastructure] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DeviceInstall] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dxgkrnl.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FsDepends.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudBus.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LSM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SerCx2.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SystemEventsBroker] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\usbaudio.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AudioEndpointBuilder] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AudioSrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicDisplay.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicRender.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BrokerInfrastructure] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DeviceInstall] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dxgkrnl.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\FsDepends.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HdAudAddService.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HdAudBus.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LSM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetSetupSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SerCx2.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmartcardSimulator] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SpbCx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SystemEventsBroker] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\uefi.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\usbaudio.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VirtualSmartcardReader] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wcmsvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96C-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}] ---------- | Winsock (Whitelist) [HKLM\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001] : AF_UNIX [HKLM\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001] : AF_UNIX [HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001] : AF_UNIX [HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001] : AF_UNIX ---------- | Hosts # AdBlock Master Database 13/07/2018 14:40:26 # Required software: "AdBlock Master" Version 1.0 or above. # Please check http://www.majorshare.com/ for more informations. # Developer: Gürkan Dilmen, Contact: dev@majorshare.com # Database 127.0.0.1 static.doubleclick.net 127.0.0.1 artemisaffiliates.com 127.0.0.1 www.artemisaffiliates.com 127.0.0.1 static.eu.criteo.net 127.0.0.1 images.nl.eu.criteo.net 127.0.0.1 cat.nl.eu.criteo.com 127.0.0.1 b.scorecardresearch.com 127.0.0.1 ls.hit.gemius.pl 127.0.0.1 static.criteo.net 127.0.0.1 cas.fr.eu.criteo.com 127.0.0.1 cas.nl.eu.criteo.com 127.0.0.1 googletagservices.com 127.0.0.1 www.googletagservices.com 127.0.0.1 securepubads.g.doubleclick.net 127.0.0.1 s0.2mdn.net 127.0.0.1 medyanet.cubecdn.net 127.0.0.1 app.medyanetads.com 127.0.0.1 cm.g.doubleclick.net 127.0.0.1 tpc.googlesyndication.com 127.0.0.1 encrypted-tbn3.gstatic.com 127.0.0.1 trgde.adocean.pl 127.0.0.1 fs2.directupload.net 127.0.0.1 pixel.quantserve.com [372] More lines ---------- | Ping Envoi d'une requ?te 'ping' sur google.com [216.58.209.238] avec 32 octets de donn?es?: R?ponse de 216.58.209.238?: octets=32 temps=14 ms TTL=53 R?ponse de 216.58.209.238?: octets=32 temps=14 ms TTL=53 R?ponse de 216.58.209.238?: octets=32 temps=14 ms TTL=53 R?ponse de 216.58.209.238?: octets=32 temps=14 ms TTL=53 Statistiques Ping pour 216.58.209.238: Paquets?: envoy?s = 4, re?us = 4, perdus = 0 (perte 0%), Dur?e approximative des boucles en millisecondes : Minimum = 14ms, Maximum = 14ms, Moyenne = 14ms ---------- | @ [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Microsoft\Internet Explorer\Main] "Anchor Underline"=yes "Cache_Update_Frequency"=yes "Disable Script Debugger"=yes "DisableScriptDebuggerIE"=yes "Display Inline Images"=yes "Do404Search"=0x01000000 "Local Page"=%11%\blank.htm "Save_Session_History_On_Exit"=no "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Show_FullURL"=no "Show_StatusBar"=yes "Show_ToolBar"=yes "Show_URLinStatusBar"=yes "Show_URLToolBar"=yes "Use_DlgBox_Colors"=yes "UseClearType"=no "XMLHTTP"=1 "Enable Browser Extensions"=yes "Play_Background_Sounds"=yes "Play_Animations"=yes "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "ImageStoreRandomFolder"=nlxx43s "OperationalData"=13 "CompatibilityFlags"=0 "FullScreen"=no "Window_Placement"=0x2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF2400000024000000D4040000C7020000 "Start Page_TIMESTAMP"=0x78CAED60C219D401 "SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy"= "IE10RunOnceLastShown"=1 "IE10RunOnceLastShown_TIMESTAMP"=0xCAB37113CC1AD401 "IE10TourShown"=1 "IE10TourShownTime"=0x9A6D10B8D1EDD301 "AutoHide"=yes "SearchBandMigrationVersion"=1 "DownloadWindowPlacement"=0x2C0000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF50020000F0000000D0040000D0020000 "IE11EdgeNotifyTime"=0x611486B68E14D401 "EdgeReminderRemainingCount"=5 [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Microsoft\Windows\CurrentVersion\Internet settings] "DisableCachingOfSSLPages"=0 "IE5_UA_Backup_Flag"=5.0 "PrivacyAdvanced"=1 "SecureProtocols"=2688 "CertificateRevocation"=1 "User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32) "ZonesSecurityUpgrade"=0x9A6D10B8D1EDD301 "WarnonZoneCrossing"=0 "EnableNegotiate"=1 "MigrateProxy"=1 "ProxyEnable"=0 "LockDatabase"=131761241628429835 [HKLM\Software\Microsoft\Internet Explorer\Main] "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "AutoHide"=yes "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Anchor_Visitation_Horizon"=0x01000000 "Cache_Percent_of_Disk"=0x0A000000 "Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Secondary_Page_URL"= "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "Extensions Off Page"=about:NoAdd-ons "Local Page"=C:\Windows\System32\blank.htm "Placeholder_Height"=0x1A000000 "Placeholder_Width"=0x1A000000 "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Security Risk Page"=about:SecurityRisk "Use_Async_DNS"=yes "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [HKLM\Software\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "Home"=270 "InPrivate"=res://ieframe.dll/inprivate.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "PostNotCached"=res://ieframe.dll/repost.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes] "ftp"=ftp:// "home"=http:// "mosaic"=http:// "www"=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings] "ActiveXCache"=C:\Windows\Downloaded Program Files "CodeBaseSearchPath"=CODEBASE "EnablePunycode"=1 "MinorVersion"=0 "WarnOnIntranet"=1 [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Main] "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "AutoHide"=yes "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Anchor_Visitation_Horizon"=0x01000000 "Cache_Percent_of_Disk"=0x0A000000 "Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Secondary_Page_URL"= "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "Extensions Off Page"=about:NoAdd-ons "Local Page"=C:\Windows\SysWOW64\blank.htm "Placeholder_Height"=0x1A000000 "Placeholder_Width"=0x1A000000 "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Security Risk Page"=about:SecurityRisk "Use_Async_DNS"=yes "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "Home"=270 "InPrivate"=res://ieframe.dll/inprivate.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "PostNotCached"=res://ieframe.dll/repost.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes] "ftp"=ftp:// "home"=http:// "mosaic"=http:// "www"=http:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet settings] "ActiveXCache"=C:\Windows\Downloaded Program Files "CodeBaseSearchPath"=CODEBASE "EnablePunycode"=1 "MinorVersion"=0 "WarnOnIntranet"=1 ---------- | Proxy ---------- | reparsepoint ---------- | Detection of offsets ---------- | Notify ---------- | Execution FileExts ---------- | SIOI | SEH | URLSH [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6] - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7] - {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro1 (ErrorConflict)] - {8BA85C75-763B-4103-94EB-9470F12FE0F7} -- C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [01/10/2012 20:37:16] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro2 (SyncInProgress)] - {CD55129A-B1A1-438E-A425-CEBC7DC684EE} -- C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [01/10/2012 20:37:16] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro3 (InSync)] - {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} -- C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [01/10/2012 20:37:16] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw] - {472083B0-C522-11CF-8763-00608CC02F24} -- D:\Program Files\AVAST Software\Avast\ashShA64.dll [17/05/2018 18:42:53] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast] - {472083B0-C522-11CF-8763-00608CC02F24} -- D:\Program Files\AVAST Software\Avast\ashShA64.dll [17/05/2018 18:42:53] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} -- C:\Windows\System32\EhStorShell.dll [12/04/2018 01:34:24] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6] - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7] - {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro1 (ErrorConflict)] - {8BA85C75-763B-4103-94EB-9470F12FE0F7} -- C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [01/10/2012 20:38:12] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro2 (SyncInProgress)] - {CD55129A-B1A1-438E-A425-CEBC7DC684EE} -- C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [01/10/2012 20:38:12] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro3 (InSync)] - {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} -- C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [01/10/2012 20:38:12] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks] "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"= ---------- | Toolbar [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "Locked"=1 "ShowDiscussionButton"=Yes [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} "KnownProvidersUpgradeTime"=0x9A6D10B8D1EDD301 "DownloadRetries"=1 "Version"=5 "UpgradeTime"=0x9A6D10B8D1EDD301 [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} ---------- | Extensions [HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}] : () - [] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] : (Cliquer pour appeler Lync) - [] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{A95fe080-8f5d-11d2-a20b-00aa003c157a}] : (@D:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101) - [] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}] : (&Envoyer à OneNote) - [] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] : (Cliquer pour appeler Lync) - [] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}] : () - [] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}] : () - [] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{A95fe080-8f5d-11d2-a20b-00aa003c157a}] : (@D:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101) - [] ---------- | SearchScopes [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (Bing) - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : ---------- | Browser Helper Objects [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] -> (Lync Browser Helper) : C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [01/10/2012 20:38:12] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] -> (Java(tm) Plug-In SSV Helper) : C:\Program Files (x86)\Java\jre1.8.0_172\bin\ssv.dll [03/07/2018 17:14:15] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}] -> (Microsoft SkyDrive Pro Browser Helper) : C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [01/10/2012 20:38:12] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] -> (Java(tm) Plug-In 2 SSV Helper) : C:\Program Files (x86)\Java\jre1.8.0_172\bin\jp2ssv.dll [03/07/2018 17:14:15] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] -> (Lync Browser Helper) : C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [01/10/2012 20:38:12] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] -> (Java(tm) Plug-In SSV Helper) : C:\Program Files (x86)\Java\jre1.8.0_172\bin\ssv.dll [03/07/2018 17:14:15] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{92EF2EAD-A7CE-4424-B0DB-499CF856608E}] -> (Evernote extension) : D:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [07/09/2017 13:39:36] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] -> (Office Document Cache Handler) : C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [01/10/2012 20:38:12] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}] -> (Microsoft SkyDrive Pro Browser Helper) : C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [01/10/2012 20:38:12] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] -> (Java(tm) Plug-In 2 SSV Helper) : C:\Program Files (x86)\Java\jre1.8.0_172\bin\jp2ssv.dll [03/07/2018 17:14:15] ---------- | Chrome [HKLM\Software\Google\Chrome\Extensions\fagakgcelolinfnkfgekcnedpaklfcok] [HKLM\Software\WOW6432Node\Google\Chrome\Extensions\fagakgcelolinfnkfgekcnedpaklfcok] [HKLM\Software\WOW6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki] ---------- | Opera ---------- | Firefox [HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer] - (Adobe® Flash® Player 30.0.0.113 Plugin) : C:\WINDOWS\system32\Macromed\Flash\NPSWF64_30_0_0_113.dll [HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.151.2] - (Java™ Deployment Toolkit) : C:\Program Files\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.151.2] - (Oracle® Next Generation Java™ Plug-In) : C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0] - (Microsoft SharePoint Plug-in for Firefox) : C:\Program Files\Microsoft Office\Office15\NPSPWRAP.DLL [HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect] - () : C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@adobe.com/FlashPlayer] - (Adobe® Flash® Player 30.0.0.113 Plugin) : C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_113.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer] - (Adobe Shockwave Player) : C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1234204.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.172.2] - (Java™ Deployment Toolkit) : C:\Program Files (x86)\Java\jre1.8.0_172\bin\dtplugin\npDeployJava1.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.172.2] - (Oracle® Next Generation Java™ Plug-In) : C:\Program Files (x86)\Java\jre1.8.0_172\bin\plugin2\npjp2.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0] - (Microsoft Lync Plug-in for Firefox) : C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0] - (Microsoft SharePoint Plug-in for Firefox) : C:\Program Files (x86)\Microsoft Office\Office15\NPSPWRAP.DLL [HKLM\Software\WOW6432Node\MozillaPlugins\@nvidia.com/3DVision] - (NVIDIA stereo images plugin for Mozilla browsers) : C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming] - (NVIDIA 3D Vision Streaming plugin for Mozilla browsers) : C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.4] - (VLC Multimedia Plugin) : C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.6] - (VLC Multimedia Plugin) : C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@videolan.org/vlc,version=3.0.0] - (VLC Multimedia Plugin) : C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@videolan.org/vlc,version=3.0.3] - (VLC Multimedia Plugin) : C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [HKLM\Software\WOW6432Node\MozillaPlugins\Adobe Reader] - (Handles PDFs in-place in Firefox) : C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\y6chkhay.Baba-1531385856784\Prefs.js user_pref("browser.startup.homepage", "https://www.ecosia.org/"); user_pref("browser.startup.homepage_override.buildID", "20180704003137"); user_pref("browser.startup.homepage_override.mstone", "61.0.1"); user_pref("devtools.webextensions.{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.enabled", true); user_pref("extensions.blocklist.lastModified", "Wed, 04 Jul 2018 15:01:28 GMT"); user_pref("extensions.blocklist.pingCountTotal", 4); user_pref("extensions.blocklist.pingCountVersion", 4); user_pref("extensions.databaseSchema", 26); user_pref("extensions.getAddons.cache.lastUpdate", 1531647668); user_pref("extensions.getAddons.databaseSchema", 5); user_pref("extensions.lastAppBuildId", "20180704003137"); user_pref("extensions.lastAppVersion", "61.0.1"); user_pref("extensions.lastPlatformVersion", "61.0.1"); user_pref("extensions.pendingOperations", false); user_pref("extensions.pocket.settings.test.panelSignUp", "control"); user_pref("extensions.systemAddonSet", "{\"schema\":1,\"addons\":{}}"); user_pref("extensions.ui.dictionary.hidden", true); user_pref("extensions.ui.lastCategory", "addons://list/extension"); user_pref("extensions.ui.locale.hidden", true); user_pref("extensions.webextensions.uuids", "{\"webcompat@mozilla.org\":\"aa1d3752-2bb0-44be-8cd4-0b8e213f44be\",\"screenshots@mozilla.org\":\"9e13b98f-62eb-4cd4-958e-dea3e2c1f151\",\"{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}\":\"865e5775-8d76-48b8-8454-299ef48da8ef\",\"{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\":\"5bddda96-7c2d-407c-858f-7e50a98e9138\",\"{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}\":\"076058a1-9090-4cc1-85b2-ebf7b0d15900\"}"); C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\zfjttotr.default\Prefs.js user_pref("browser.startup.homepage_override.buildID", "20180704003137"); user_pref("browser.startup.homepage_override.mstone", "61.0.1"); user_pref("extensions.blocklist.pingCountVersion", 0); user_pref("extensions.databaseSchema", 26); user_pref("extensions.getAddons.databaseSchema", 5); user_pref("extensions.lastAppVersion", "61.0.1"); user_pref("extensions.lastPlatformVersion", "61.0.1"); user_pref("extensions.pendingOperations", false); user_pref("extensions.systemAddonSet", "{\"schema\":1,\"addons\":{}}"); user_pref("extensions.webextensions.uuids", "{\"webcompat@mozilla.org\":\"9af86cfb-9964-4912-ae69-86149366f582\",\"screenshots@mozilla.org\":\"58526f37-18e6-4fdc-9853-7be64b0097d6\"}"); [Profile1] - Name=Baba -> Profiles/y6chkhay.Baba-1531385856784 ---------- | DNS [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters] "DhcpNameServer"=192.168.1.1 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{128a8e1f-b696-4702-8815-6e08cf317038}] "DhcpNameServer"=192.168.1.1 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{33a30c59-b1d4-4498-bbf6-2cb6c6804623}] "DhcpNameServer"=192.168.1.1 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{128a8e1f-b696-4702-8815-6e08cf317038}] "DhcpNameServer"=192.168.1.1 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{33a30c59-b1d4-4498-bbf6-2cb6c6804623}] "DhcpNameServer"=192.168.1.1 ---------- | Applications [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\SOFTWARE\Classes\Applications\BitComet.exe] : "C:\Program Files\BitComet\BitComet.exe" "%1" [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\SOFTWARE\Classes\Applications\DTLite.exe] : "C:\Program Files\DAEMON Tools Lite\DTLite.exe" "%1" [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\SOFTWARE\Classes\Applications\uTorrent.exe] : "C:\Users\admin\AppData\Roaming\uTorrent\uTorrent.exe" "%1" /SHELLASSOC [HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 [HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\Classes\Applications\ois.exe] : C:\PROGRA~2\MICROS~2\Office12\OIS.EXE /shellOpen "%1" [HKLM\SOFTWARE\Classes\Applications\vlc.exe] : "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file "%1" [HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\ois.exe] : C:\PROGRA~2\MICROS~2\Office12\OIS.EXE /shellOpen "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\vlc.exe] : "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" ---------- | SvcHost (Whitelist) [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost] "DcomLaunch"=Power LSM BrokerInfrastructure PlugPlay DcomLaunch DeviceInstall SystemEventsBroker "rdxgroup"=RetailDemo "wusvcs"=WaaSMedicSvc "BthAppGroup"=BluetoothUserService "BcastDVRUserService"=BcastDVRUserService "Camera"=FrameS "diagnostics"=DiagSvc "PrintWorkflow"=PrintWorkflowUserSvc "GraphicsPerfSvcGroup"=GraphicsPerfSvc "DevicesFlow"=DevicesFlowUserSvc DevicePickerUserSvc "smbsvcs"=lanmanserver browser [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost] "DcomLaunch"=PlugPlay DcomLaunch DeviceInstall "PrintWorkflow"=PrintWorkflowUserSvc "smbsvcs"=lanmanserver ---------- | SvcHost - Netsvcs (Whitelist) ---------- | Software [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\1C Multimedia] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\3rd Eye Studios] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\4A-Games] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\8 Points] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Adobe] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Aerosoft] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Airborne Games] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\AMPLITUDE Studios] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Apoapsis Studios] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\AppDataLow] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Arachnid Games] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\ASCII] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Audiosurf, LLC] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\AVAST Software] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Berserk Games] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Bethesda] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\BitComet] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\BitTorrent] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Blizzard Entertainment] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\BNE] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Bohemia Interactive] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Bohemia Interactive Studio] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Bossa Studios] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Browser Cleanup] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Bugsplat] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\CampoSanto] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Caphyon] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Carbomb Software] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\CCCP] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Cheat Engine] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Chromium] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\CitizenFX] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\CKAN] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Clarus Victoria] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Clients] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\CodeHorizon] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Coffee Powered Machine] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\CoGenMedia] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Contingent99] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Craneballs] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\cryptic] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Crystal Dynamics] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Curse] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Cyanide] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\CyberPhobX] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Daedalic Entertainment GmbH] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\DefaultCompany] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Digital Extremes] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Disc Soft] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\DoMyBest] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Drivers] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Druide informatique inc.] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Dry Cactus] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Eidos Montreal] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\ElAmigos] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Electronic Arts] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Eleon Game Studios] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Empyrean] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\EMU] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Enterbrain] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Epic Games] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\EpidemicLauncher] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\eugen systems] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Evernote] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Every Single Soldier] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Facepunch Studios LTD] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Falcom] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Fenix Fire Entertainment] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Firaxis] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\firefly studios] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\FiveM] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\FLEXlm License Manager] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Fraps3] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Frontier Developments] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Full Control] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\g3n-h@ckm@n] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Gaddy Games] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Gaijin] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\GameRanger] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\GameSpy] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Ghost Town Games] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\GNU] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\GOG.com] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Goldhawk Interactive] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Google] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\GSC Game World] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Haemimont Games] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Hinterland] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Iceberg Interactive] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\IM Providers] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Imagination Technologies] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Intel] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\inXile Entertainment] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\IO Interactive] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\IronOak Games] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Jagex] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\JavaSoft] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\JutsuGames] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\KADOKAWA] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\KING Art Games] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Kitfox Games] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\KK Game Studio] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Klei] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\KoeiTecmo] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Landfall] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Landfall West] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Larian Studios] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Lazy Bear Games] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Le Cartel Studio] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\League of Geeks] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Level-5 Inc.] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Ligos] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\LionShield] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\LionsShade] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Logic Artists] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\LogiShrd] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Ludeon Studios] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\LVGameDev LLC] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Macromedia] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\MalkyrsStudio] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Malwarebytes] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Marmalade Game Studio] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Microsoft] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Mindillusion] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Minecraft Projects] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Mirillis] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\MohawkGames] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Mojang] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\MountAndBladeWarbandKeys] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\MountAndBladeWarbandWFASKeys] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Mozilla] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\MozillaPlugins] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Ndemic Creations] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\NeoCore Games] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Netscape] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\NewTechnologyStudio] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\NilsJakrins] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\noio] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\NTSCorp] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\NVIDIA Corporation] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Obsidian Entertainment] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\ODBC] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Okomotive] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Ominux Games] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\OpenOffice] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Paint.NET] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Pathea] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Pathea Games] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Petroglyph] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\PhotoFiltre 7] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Piriform] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Pixellore] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Playdead] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\PlayWay SA] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Policies] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Popcannibal] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\ProtectedStorage] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\PrtScr] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\QtProject] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\RAC7] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Reality Twist GmbH] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Realmforge Studios GmbH] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Realtek] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Reconnect Software LTD] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Red Dot Games] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Red Thread Games] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Redbeet Interactive] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\RegisteredApplications] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Sauropod Studio] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\ScriptHookV] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\SecuROM] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\SEGA] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\SeithCG] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Si7 studio] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\SKS] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Skype] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\skypeapp-7db1e5c3b14c] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\skypeapp-9c95a1943593] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Sloclap] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\SmallGamesInfo] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Smartly Dressed Games] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\SOFF Games] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\SomaSim] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Sony Interactive Entertainment Network America LLC] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Spoon] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\SQUAD] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Square Enix] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Squeaky Wheel] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Stardock] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Stargate Modding] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Stdin2] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Strange Fire] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Strange Loop Games] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Strategiae] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Subterranean Games] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Suncrash] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\SUPERHOT_Team] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Swing Swing Submarine] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\sysinternals] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\System32] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Tangled Mess Games] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Team 17 Digital ltd.] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Team17 Digital Limited] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\TexMod] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\The Creative Assembly] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\The Fullbright Company] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\The Fun Pimps] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\The Irregular Corp] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\THEGFW] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Thunder Lotus Games] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Totalidea Software] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Totem] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Troika] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Trolltech] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\U-Play online] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Ubisoft] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\undefined] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Unity] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Unknown Worlds] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Unreal Technology] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Valve] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\VITALI KIRPU & QUADRO DELTA] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Warner Bros. Interactive Entertainment] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Weappy] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Widcomm] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\WinRAR] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\WinRAR SFX] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\WixSharp] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Wow6432Node] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\ZHP] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Zillion Whales] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\SOFTWARE\AppDataLow\Software\Killerfish Games] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\SOFTWARE\AppDataLow\Software\Microsoft] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Microsoft\Windows\CurrentVersion] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Microsoft\Windows\DWM] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Microsoft\Windows\PrivacySettingsBeforeCreatorsUpdate] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Microsoft\Windows\Shell] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Microsoft\Windows\TabletPC] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Microsoft\Windows\Windows Error Reporting] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Microsoft\Windows\Winlogon] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\Ada2] [HKLM\Software\AGEIA Technologies] [HKLM\Software\Apple Inc.] [HKLM\Software\ASIO] [HKLM\Software\Clients] [HKLM\Software\Disc Soft] [HKLM\Software\Druide informatique inc.] [HKLM\Software\FileZilla 3] [HKLM\Software\g3n-h@ckm@n] [HKLM\Software\Google] [HKLM\Software\IM Providers] [HKLM\Software\Intel] [HKLM\Software\JavaSoft] [HKLM\Software\JreMetrics] [HKLM\Software\Khronos] [HKLM\Software\Logishrd] [HKLM\Software\Macromedia] [HKLM\Software\Maxis] [HKLM\Software\MegaTrainerUltimate] [HKLM\Software\Microsoft] [HKLM\Software\Mozilla] [HKLM\Software\mozilla.org] [HKLM\Software\MozillaPlugins] [HKLM\Software\Nahimic] [HKLM\Software\Nuance] [HKLM\Software\NVIDIA Corporation] [HKLM\Software\ODBC] [HKLM\Software\OEM] [HKLM\Software\Paint.NET] [HKLM\Software\pandasecuritytb] [HKLM\Software\panda_url_filtering] [HKLM\Software\Partner] [HKLM\Software\Piriform] [HKLM\Software\Policies] [HKLM\Software\Realtek] [HKLM\Software\RegisteredApplications] [HKLM\Software\SRS Labs] [HKLM\Software\sysinternals] [HKLM\Software\VB-Audio] [HKLM\Software\Widcomm] [HKLM\Software\WOW6432Node] [HKLM\Software\Microsoft\Windows\ClickNote] [HKLM\Software\Microsoft\Windows\CurrentVersion] [HKLM\Software\Microsoft\Windows\Dwm] [HKLM\Software\Microsoft\Windows\DynamicManagement] [HKLM\Software\Microsoft\Windows\EnterpriseResourceManager] [HKLM\Software\Microsoft\Windows\Heat] [HKLM\Software\Microsoft\Windows\Help] [HKLM\Software\Microsoft\Windows\HTML Help] [HKLM\Software\Microsoft\Windows\ITStorage] [HKLM\Software\Microsoft\Windows\PrivacySettingsBeforeCreatorsUpdate] [HKLM\Software\Microsoft\Windows\ScheduledDiagnostics] [HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\Microsoft\Windows\Shell] [HKLM\Software\Microsoft\Windows\Tablet PC] [HKLM\Software\Microsoft\Windows\TabletPC] [HKLM\Software\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\Microsoft\Windows\Windows Search] [HKLM\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\BcastDVRUserService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\btagservice] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\BthAppGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\Camera] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\DevicesFlow] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\diagnostics] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\GraphicsPerfSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ICService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceHttp] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestrictedDhcpLmHosts] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetworkFirewall] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceDnsNla] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\print] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\PrintWorkflow] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\rdxgroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\RmSvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\UnistackSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\WepHostSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wsappx] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wusvcs] [HKLM\Software\WOW6432Node\3DMLAUNCHER] [HKLM\Software\WOW6432Node\Ada2] [HKLM\Software\WOW6432Node\Adobe] [HKLM\Software\WOW6432Node\AGEIA Technologies] [HKLM\Software\WOW6432Node\AppDataLow] [HKLM\Software\WOW6432Node\ASIO] [HKLM\Software\WOW6432Node\AVAST Software] [HKLM\Software\WOW6432Node\Bethesda Softworks] [HKLM\Software\WOW6432Node\Blizzard Entertainment] [HKLM\Software\WOW6432Node\bohemia interactive] [HKLM\Software\WOW6432Node\bohemia interactive studio] [HKLM\Software\WOW6432Node\Caphyon] [HKLM\Software\WOW6432Node\Druide informatique inc.] [HKLM\Software\WOW6432Node\EA Games] [HKLM\Software\WOW6432Node\EasyAntiCheat] [HKLM\Software\WOW6432Node\Electronic Arts] [HKLM\Software\WOW6432Node\Enterbrain] [HKLM\Software\WOW6432Node\Epic Games] [HKLM\Software\WOW6432Node\EpicGames] [HKLM\Software\WOW6432Node\Evernote] [HKLM\Software\WOW6432Node\FileZilla 3] [HKLM\Software\WOW6432Node\FileZilla Client] [HKLM\Software\WOW6432Node\Fraps] [HKLM\Software\WOW6432Node\GNU] [HKLM\Software\WOW6432Node\GOG.com] [HKLM\Software\WOW6432Node\Google] [HKLM\Software\WOW6432Node\GSC Game World] [HKLM\Software\WOW6432Node\IM Providers] [HKLM\Software\WOW6432Node\InstallShield] [HKLM\Software\WOW6432Node\Intel] [HKLM\Software\WOW6432Node\IObit] [HKLM\Software\WOW6432Node\JavaSoft] [HKLM\Software\WOW6432Node\JreMetrics] [HKLM\Software\WOW6432Node\Khronos] [HKLM\Software\WOW6432Node\LucasArts] [HKLM\Software\WOW6432Node\Macromedia] [HKLM\Software\WOW6432Node\Maxis] [HKLM\Software\WOW6432Node\MegaTrainerUltimate] [HKLM\Software\WOW6432Node\Microsoft] [HKLM\Software\WOW6432Node\Modulaatio Games] [HKLM\Software\WOW6432Node\Mojang] [HKLM\Software\WOW6432Node\Monte Cristo] [HKLM\Software\WOW6432Node\mount&blade warband] [HKLM\Software\WOW6432Node\mount&blade with fire and sword] [HKLM\Software\WOW6432Node\Mozilla] [HKLM\Software\WOW6432Node\mozilla.org] [HKLM\Software\WOW6432Node\MozillaPlugins] [HKLM\Software\WOW6432Node\Nuance] [HKLM\Software\WOW6432Node\NVIDIA Corporation] [HKLM\Software\WOW6432Node\ODBC] [HKLM\Software\WOW6432Node\OpenAL] [HKLM\Software\WOW6432Node\OpenOffice] [HKLM\Software\WOW6432Node\Oracle] [HKLM\Software\WOW6432Node\Origin] [HKLM\Software\WOW6432Node\Origin Games] [HKLM\Software\WOW6432Node\Panda Software] [HKLM\Software\WOW6432Node\pandasecuritytb] [HKLM\Software\WOW6432Node\PowerPivot] [HKLM\Software\WOW6432Node\Rockstar Games] [HKLM\Software\WOW6432Node\Skype] [HKLM\Software\WOW6432Node\Sony Interactive Entertainment Network America LLC] [HKLM\Software\WOW6432Node\Symantec] [HKLM\Software\WOW6432Node\Syton Entertainment] [HKLM\Software\WOW6432Node\THQ] [HKLM\Software\WOW6432Node\Treexy] [HKLM\Software\WOW6432Node\Turbine] [HKLM\Software\WOW6432Node\Ubisoft] [HKLM\Software\WOW6432Node\Unreal Technology] [HKLM\Software\WOW6432Node\Valve] [HKLM\Software\WOW6432Node\VehiPlan] [HKLM\Software\WOW6432Node\VideoLAN] [HKLM\Software\WOW6432Node\Volatile] [HKLM\Software\WOW6432Node\WinRAR] [HKLM\Software\WOW6432Node\WOW6432Node] [HKLM\Software\WOW6432Node\Zenimax_Online] [HKLM\Software\WOW6432Node\Zotero] [HKLM\Software\WOW6432Node\zotero.org] [HKLM\Software\WOW6432Node\Clients] [HKLM\Software\WOW6432Node\Policies] [HKLM\Software\WOW6432Node\RegisteredApplications] [HKLM\Software\WOW6432Node\Microsoft\Windows\ClickNote] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows\Dwm] [HKLM\Software\WOW6432Node\Microsoft\Windows\EnterpriseResourceManager] [HKLM\Software\WOW6432Node\Microsoft\Windows\Heat] [HKLM\Software\WOW6432Node\Microsoft\Windows\Help] [HKLM\Software\WOW6432Node\Microsoft\Windows\HTML Help] [HKLM\Software\WOW6432Node\Microsoft\Windows\ITStorage] [HKLM\Software\WOW6432Node\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\WOW6432Node\Microsoft\Windows\Tablet PC] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Search] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceHttp] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestrictedDhcpLmHosts] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetworkFirewall] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceDnsNla] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\PrintWorkflow] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\wusvcs] ---------- | Drives D: F: ---------- | C: [25/07/2017 12:45:53] - |HD| - [16533887] - C:\$AV_ASW [16/07/2016 13:47:47] - |SHD| - [38903] - C:\$Recycle.Bin [13/07/2018 14:51:23] - |HD| - [361096] - C:\$SysReset [13/07/2018 14:53:40] - |D| - [14681] - C:\$WINDOWS.~BT [27/05/2018 20:49:17] - |D| - [193126] - C:\Action! [10/06/2017 22:29:25] - |D| - [0] - C:\admin [04/03/2017 14:27:12] - |D| - [186288457] - C:\AdwCleaner [MD5.79B9D2263314FB764719CF6372B1D0C5] - [16/07/2016 14:58:18] - |RASH| - (.-.) - [384322] - (0.0.0.0) - C:\bootmgr [MD5.93B885ADFE0DA089CDF634904FD59F71] - [16/07/2016 14:58:19] - |ASH| - (.-.) - [1] - (0.0.0.0) - C:\BOOTNXT [17/11/2017 12:09:59] - |SHD| - [1426240] - C:\Config.Msi [MD5.73ADCD8A7909254AE55E1D57BEFA1056] - [16/06/2018 13:25:44] - |A| - (.-.) - [277] - (0.0.0.0) - C:\debugInstaller.txt [24/11/2016 09:41:25] - |SHD| - [0] - C:\Documents and Settings [27/11/2016 19:56:10] - |D| - [0] - C:\Downloads [13/07/2018 14:55:04] - |D| - [0] - C:\ESD [14/07/2018 00:17:46] - |D| - [141553140] - C:\FRST [MD5.D41D8CD98F00B204E9800998ECF8427E] - [17/05/2018 18:41:49] - |ASH| - (.-.) - [6846570496] - (0.0.0.0) - C:\hiberfil.sys [01/10/2017 13:30:19] - |D| - [36406] - C:\Intel [21/07/2017 14:36:16] - |RHD| - [1209815509] - C:\MSOCache [MD5.D41D8CD98F00B204E9800998ECF8427E] - [24/11/2016 09:40:19] - |ASH| - (.-.) - [2550136832] - (0.0.0.0) - C:\pagefile.sys [12/04/2018 01:38:20] - |D| - [0] - C:\PerfLogs [12/04/2018 01:38:20] - |RD| - [37219055385] - C:\Program Files [12/04/2018 01:38:20] - |RD| - [3452418614] - C:\Program Files (x86) [12/04/2018 01:38:20] - |HD| - [4865969922] - C:\ProgramData [15/07/2018 23:37:01] - |D| - [68685] - C:\QuickDiag [MD5.9B399040F84B4736A692E7F78698D0C4] - [15/07/2018 23:37:29] - |A| - (.-.) - [271950] - (0.0.0.0) - C:\QuickDiag.txt [18/11/2017 11:38:24] - |SHD| - [0] - C:\Recovery [27/08/2017 14:57:48] - |D| - [229845921] - C:\shadersmod.net [MD5.D41D8CD98F00B204E9800998ECF8427E] - [24/11/2016 09:40:19] - |ASH| - (.-.) - [16777216] - (0.0.0.0) - C:\swapfile.sys [24/11/2016 09:40:19] - |SHD| - [0] - C:\System Volume Information [03/10/2017 16:09:42] - |D| - [609881] - C:\ToolBar SD [11/04/2018 23:04:33] - |RD| - [68562626136] - C:\Users [11/04/2018 23:04:33] - |D| - [37472667244] - C:\Windows ---------- | C:\WINDOWS [12/04/2018 01:38:20] - |D| - [802] - C:\WINDOWS\addins [12/04/2018 01:38:20] - |D| - [11308886] - C:\WINDOWS\appcompat [12/04/2018 01:38:20] - |D| - [8315908] - C:\WINDOWS\apppatch [12/04/2018 01:38:20] - |D| - [0] - C:\WINDOWS\AppReadiness [12/04/2018 01:38:20] - |RSD| - [1056991101] - C:\WINDOWS\assembly [MD5.12EBDA58437CD1EA7066FCB6455241D2] - [25/11/2016 13:52:10] - |A| - (.Copyright (c) 2014 AVAST Software - avast! Screen Saver stub.) - [53208] - (12.3.3154.0) - C:\WINDOWS\avastSS.scr [12/04/2018 01:38:20] - |D| - [720353] - C:\WINDOWS\bcastdvr [MD5.178BA90AA13F6F834E5C060DC923FB55] - [12/04/2018 01:34:02] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Utilitaire de service de fichier de démarrage.) - [67072] - (10.0.17134.1) - C:\WINDOWS\bfsvc.exe [12/04/2018 01:38:20] - |D| - [38317930] - C:\WINDOWS\Boot [MD5.73F6456786AA245042C68955D194A32E] - [17/05/2018 19:36:09] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\WINDOWS\bootstat.dat [12/04/2018 01:38:21] - |D| - [2448984] - C:\WINDOWS\Branding [12/04/2018 01:30:02] - |D| - [0] - C:\WINDOWS\CbsTemp [MD5.A155FFABF2F04265A97274CCAB44D773] - [12/04/2018 18:23:39] - |A| - (.-.) - [35138] - (0.0.0.0) - C:\WINDOWS\Core.xml [12/04/2018 01:38:21] - |D| - [11482410] - C:\WINDOWS\Cursors [12/04/2018 01:38:21] - |D| - [0] - C:\WINDOWS\debug [MD5.0E359EF178B73AAAE2C6D6AC11B4FE15] - [17/05/2018 18:45:09] - |A| - (.-.) - [11433] - (0.0.0.0) - C:\WINDOWS\diagerr.xml [12/04/2018 01:38:21] - |D| - [4531043] - C:\WINDOWS\diagnostics [MD5.0E359EF178B73AAAE2C6D6AC11B4FE15] - [17/05/2018 18:45:09] - |A| - (.-.) - [11433] - (0.0.0.0) - C:\WINDOWS\diagwrn.xml [12/04/2018 18:18:37] - |D| - [0] - C:\WINDOWS\DigitalLocker [12/04/2018 01:38:21] - |SD| - [65] - C:\WINDOWS\Downloaded Program Files [12/04/2018 01:38:21] - |HD| - [44616] - C:\WINDOWS\ELAMBKUP [12/04/2018 18:18:37] - |D| - [0] - C:\WINDOWS\en-US [MD5.9DF0773126A630A9555127BD84085A7D] - [28/08/2017 00:31:26] - |A| - (.-.) - [979] - (0.0.0.0) - C:\WINDOWS\eReg.dat [MD5.E4A81EDDFF8B844D85C8B45354E4144E] - [12/07/2018 09:34:01] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [3932672] - (10.0.17134.165) - C:\WINDOWS\explorer.exe [12/04/2018 01:38:21] - |RSD| - [427028320] - C:\WINDOWS\Fonts [12/04/2018 18:18:37] - |D| - [109568] - C:\WINDOWS\fr-FR [12/04/2018 01:38:21] - |D| - [0] - C:\WINDOWS\GameBarPresenceWriter [12/04/2018 01:38:21] - |D| - [47788502] - C:\WINDOWS\Globalization [12/04/2018 01:38:21] - |D| - [71534478] - C:\WINDOWS\Help [MD5.FFD31D96B8D4BAB8B0F83E42B7430A54] - [12/07/2018 09:33:56] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Aide et support Microsoft.) - [1054720] - (10.0.17134.137) - C:\WINDOWS\HelpPane.exe [MD5.A50C9DF7603E2F1AEA6B54053794A326] - [12/04/2018 01:34:25] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Exécutable de l’aide HTML Microsoft®.) - [17920] - (10.0.17134.1) - C:\WINDOWS\hh.exe [12/04/2018 01:38:21] - |D| - [29869] - C:\WINDOWS\IdentityCRL [12/04/2018 01:38:21] - |D| - [28827030] - C:\WINDOWS\IME [12/04/2018 01:38:21] - |RD| - [8489793] - C:\WINDOWS\ImmersiveControlPanel [12/04/2018 01:36:48] - |D| - [112155044] - C:\WINDOWS\INF [12/04/2018 01:38:21] - |D| - [1392019087] - C:\WINDOWS\InfusedApps [12/04/2018 01:38:21] - |D| - [38137502] - C:\WINDOWS\InputMethod [12/04/2018 01:38:21] - |SHD| - [2969435710] - C:\WINDOWS\Installer [06/10/2017 21:43:31] - |D| - [0] - C:\WINDOWS\IObit [12/04/2018 01:38:21] - |D| - [94163] - C:\WINDOWS\L2Schemas [12/04/2018 01:38:21] - |HD| - [0] - C:\WINDOWS\LanguageOverlayCache [12/04/2018 01:38:21] - |D| - [0] - C:\WINDOWS\LiveKernelReports [11/04/2018 23:04:39] - |D| - [15311051] - C:\WINDOWS\Logs [12/04/2018 01:38:21] - |RSD| - [20486563] - C:\WINDOWS\media [MD5.23AF90D2355D8C83AA4567EF1763B467] - [12/04/2018 01:34:36] - |A| - (.-.) - [43131] - (0.0.0.0) - C:\WINDOWS\mib.bin [12/04/2018 01:38:20] - |RD| - [875208668] - C:\WINDOWS\Microsoft.NET [12/04/2018 01:38:21] - |D| - [3135] - C:\WINDOWS\Migration [12/04/2018 01:38:21] - |D| - [0] - C:\WINDOWS\ModemLogs [MD5.BB9A06B8F2DD9D24C77F389D7B2B58D2] - [12/04/2018 01:34:20] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Bloc-notes.) - [245760] - (10.0.17134.1) - C:\WINDOWS\notepad.exe [MD5.74F28574BB8F61FFC7DD419FE6B6E0D5] - [05/07/2018 17:38:01] - |A| - (.-.) - [1951] - (0.0.0.0) - C:\WINDOWS\NvContainerRecovery.bat [MD5.74F28574BB8F61FFC7DD419FE6B6E0D5] - [05/07/2018 17:38:11] - |A| - (.-.) - [1951] - (0.0.0.0) - C:\WINDOWS\NvTelemetryContainerRecovery.bat [12/04/2018 18:22:25] - |D| - [199472] - C:\WINDOWS\OCR [12/04/2018 01:38:21] - |RD| - [65] - C:\WINDOWS\Offline Web Pages [04/07/2018 13:00:23] - |D| - [72396] - C:\WINDOWS\Panther [11/06/2018 15:41:33] - |D| - [0] - C:\WINDOWS\PCHEALTH [12/04/2018 01:38:21] - |D| - [470270] - C:\WINDOWS\Performance [MD5.30A2BE28285BE986EB50FF802CD78BD4] - [04/07/2018 13:00:17] - |A| - (.-.) - [10638] - (0.0.0.0) - C:\WINDOWS\PFRO.log [12/04/2018 01:38:21] - |D| - [1136442] - C:\WINDOWS\PLA [12/04/2018 01:38:21] - |D| - [2821730] - C:\WINDOWS\PolicyDefinitions [17/05/2018 18:38:57] - |D| - [4748443] - C:\WINDOWS\Prefetch [12/04/2018 01:38:21] - |RD| - [1965014] - C:\WINDOWS\PrintDialog [12/04/2018 01:38:21] - |D| - [5261619] - C:\WINDOWS\Provisioning [MD5.AC91328EE5CFFBD695CE912F75F876F6] - [12/04/2018 01:34:34] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Éditeur du Registre.) - [336384] - (10.0.17134.1) - C:\WINDOWS\regedit.exe [12/04/2018 01:38:21] - |D| - [1117876] - C:\WINDOWS\Registration [12/04/2018 01:38:21] - |D| - [7884048] - C:\WINDOWS\rescache [12/04/2018 01:38:21] - |D| - [3823765] - C:\WINDOWS\Resources [12/04/2018 01:38:21] - |D| - [0] - C:\WINDOWS\SchCache [12/04/2018 01:38:21] - |D| - [122082] - C:\WINDOWS\schemas [12/04/2018 01:38:21] - |D| - [8462336] - C:\WINDOWS\security [17/05/2018 19:35:51] - |D| - [76166485] - C:\WINDOWS\ServiceProfiles [12/04/2018 01:38:21] - |D| - [0] - C:\WINDOWS\ServiceState [11/04/2018 23:04:33] - |D| - [86881503] - C:\WINDOWS\servicing [12/04/2018 01:41:20] - |D| - [42] - C:\WINDOWS\Setup [12/04/2018 01:38:21] - |D| - [6442496] - C:\WINDOWS\ShellComponents [12/04/2018 01:38:21] - |D| - [53633024] - C:\WINDOWS\ShellExperiences [08/01/2017 13:33:11] - |D| - [97307] - C:\WINDOWS\ShellNew [12/04/2018 18:19:39] - |D| - [3070736] - C:\WINDOWS\SKB [24/11/2016 09:50:58] - |D| - [651121279] - C:\WINDOWS\SoftwareDistribution [12/04/2018 01:38:21] - |D| - [86037185] - C:\WINDOWS\Speech [12/04/2018 01:38:21] - |D| - [63476142] - C:\WINDOWS\Speech_OneCore [MD5.8D59B31FF375059E3C32B17BF31A76D5] - [12/04/2018 01:34:41] - |A| - (.© Microsoft Corporation. - Print driver host for applications.) - [130560] - (10.0.17134.1) - C:\WINDOWS\splwow64.exe [12/04/2018 01:38:21] - |D| - [31039] - C:\WINDOWS\System [MD5.286A9EDB379DC3423A528B0864A0F111] - [16/07/2016 13:47:50] - |A| - (.-.) - [219] - (0.0.0.0) - C:\WINDOWS\system.ini [11/04/2018 23:04:33] - |D| - [19128660574] - C:\WINDOWS\System32 [12/04/2018 01:38:21] - |D| - [225271509] - C:\WINDOWS\SystemApps [12/04/2018 01:38:21] - |D| - [25650789] - C:\WINDOWS\SystemResources [11/04/2018 23:04:41] - |D| - [1564712373] - C:\WINDOWS\SysWOW64 [12/04/2018 01:38:21] - |D| - [0] - C:\WINDOWS\TAPI [16/07/2016 13:47:48] - |D| - [220] - C:\WINDOWS\Tasks [12/04/2018 01:38:21] - |D| - [1438620] - C:\WINDOWS\Temp [12/04/2018 01:38:21] - |D| - [13606400] - C:\WINDOWS\TextInput [12/04/2018 01:38:21] - |D| - [0] - C:\WINDOWS\tracing [12/04/2018 01:38:21] - |D| - [7680] - C:\WINDOWS\twain_32 [MD5.076387B253E6A381090F59EDBFC5EEF6] - [12/04/2018 01:34:53] - |A| - (.- Gestionnaire de sources Twain_32 (Image Acquisition Interface).) - [65536] - (1.7.1.3) - C:\WINDOWS\twain_32.dll [12/04/2018 01:38:21] - |D| - [12420] - C:\WINDOWS\Vss [11/04/2018 23:04:37] - |D| - [25810] - C:\WINDOWS\WaaS [12/04/2018 01:38:21] - |D| - [15729830] - C:\WINDOWS\Web [MD5.DA396A905E0D79329297EF130F2825BA] - [16/07/2016 13:47:50] - |A| - (.-.) - [76] - (0.0.0.0) - C:\WINDOWS\win.ini [MD5.C844CA459F3B209329984772269B6E56] - [12/04/2018 01:34:36] - |RAH| - (.-.) - [670] - (0.0.0.0) - C:\WINDOWS\WindowsShell.Manifest [MD5.2CC83D93DD1DDE691158CF5E9882420B] - [15/07/2018 13:22:51] - |A| - (.-.) - [276] - (0.0.0.0) - C:\WINDOWS\WindowsUpdate.log [MD5.EE1F0DE1ED3E8A5BF080B3497049969E] - [12/04/2018 01:34:52] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Relais Windows Winhlp32.) - [11776] - (10.0.17134.1) - C:\WINDOWS\winhlp32.exe [11/04/2018 23:04:33] - |D| - [8285258651] - C:\WINDOWS\WinSxS [MD5.E7E4D8D7340DA6934B9EA81CBB21374C] - [12/04/2018 01:33:56] - |A| - (.-.) - [316640] - (0.0.0.0) - C:\WINDOWS\WMSysPr9.prx [MD5.5266C61652051E9EF3A4D199001F6B17] - [12/04/2018 01:34:19] - |A| - (.© Microsoft Corporation. - Windows Write.) - [11264] - (10.0.17134.1) - C:\WINDOWS\write.exe ---------- | C:\WINDOWS\System32\GroupPolicy [06/10/2017 20:36:37] - |D| - [0] - C:\WINDOWS\System32\GroupPolicy\Machine [12/07/2018 12:23:19] - |D| - [0] - C:\WINDOWS\System32\GroupPolicy\User ---------- | Systemroot\System ---------- | Systemroot\Installer (Microsoft Files Whitelisted) [29/09/2016 19:11:18] - C:\WINDOWS\Installer\108cbb.msi : (OpenOffice 4.1.3 - OpenOffice) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/10/2017 21:38:20] - C:\WINDOWS\Installer\1480aa.msi : (Driver Fusion - Treexy) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [20/03/2017 11:49:38] - C:\WINDOWS\Installer\1542b4.msi : (Google Update Helper - Google Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/06/2018 13:29:30] - C:\WINDOWS\Installer\15741143.msi : (swMSM - Adobe Systems, Inc) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [03/07/2018 17:14:03] - C:\WINDOWS\Installer\1616aa3.msi : (Java SE Runtime Environment 8 Update 172 - Oracle Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [03/07/2018 17:14:38] - C:\WINDOWS\Installer\1616ab2.msi : (Java Auto Updater - Oracle Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/09/2012 07:58:56] - C:\WINDOWS\Installer\1ca24bf.msi : (WIDCOMM Bluetooth Profile Pack - Broadcom Corp.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [12/12/2016 21:45:00] - C:\WINDOWS\Installer\22e9e9a.msi : (Launcher MOD CSP-IRG - MOD CSP-IRG) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [25/06/2017 20:56:26] - C:\WINDOWS\Installer\24360d2.msi : ( - dotPDN LLC) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [05/03/2017 23:18:52] - C:\WINDOWS\Installer\26e17a1.msi : (Assistant de téléchargement - Druide informatique inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [15/02/2018 19:32:17] - C:\WINDOWS\Installer\442d8bb.msi : (Java SE Runtime Environment 8 Update 161 - Oracle Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [07/11/2017 09:18:52] - C:\WINDOWS\Installer\472f6682.msi : (SlimDX Runtime .NET 4.0 x64 (January 2012) - SlimDX Group) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [07/11/2017 09:18:52] - C:\WINDOWS\Installer\47f50e3d.msi : (SlimDX Runtime .NET 4.0 x86 (January 2012) - SlimDX Group) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [23/10/2017 19:22:42] - C:\WINDOWS\Installer\58828.msi : (Java SE Runtime Environment 8 Update 151 - Oracle Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [23/10/2017 19:22:37] - C:\WINDOWS\Installer\5882e.msi : (Java SE Runtime Environment 8 Update 151 - Oracle Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [29/11/2016 13:19:01] - C:\WINDOWS\Installer\69237b.msi : (Minecraft - Mojang) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/04/2018 08:26:39] - C:\WINDOWS\Installer\7d701e.msi : (PlayStation™Now - Sony Interactive Entertainment Network America LLC) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [11/12/2016 02:43:15] - C:\WINDOWS\Installer\88150b.msi : (Curse - Curse) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/07/2017 00:09:52] - C:\WINDOWS\Installer\a78310.msi : (Epic Games Launcher - Epic Games, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [19/11/2015 10:56:58] - C:\WINDOWS\Installer\a78315.msi : (Epic Games Launcher Prerequisites (x64) - Epic Games, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/03/2015 10:41:29] - C:\WINDOWS\Installer\d23433.msi : ( - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [14/12/2016 14:34:01] - C:\WINDOWS\Installer\e4e75f.msi : (Java SE Development Kit 8 Update 111 (64-bit) - Oracle Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [14/11/2017 21:13:16] - C:\WINDOWS\Installer\e5234.msi : (Skype - Skype Technologies S.A.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [12/07/2018 09:31:17] - C:\WINDOWS\Installer\f5a856f.msi : (Adobe ARM Installer - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] ---------- | %System%\*.in* [12/04/2018 01:33:56] - [3329] - C:\WINDOWS\System32\ieuinit.inf [17/05/2018 18:48:55] - [1766590] - C:\WINDOWS\System32\PerfStringBackup.INI [12/04/2018 01:34:33] - [60124] - C:\WINDOWS\System32\tcpmon.ini [12/04/2018 01:34:20] - [2404] - C:\WINDOWS\System32\WimBootCompress.ini [12/04/2018 01:34:00] - [3329] - C:\WINDOWS\Syswow64\ieuinit.inf [26/03/2017 19:46:40] - [7179864] - C:\WINDOWS\Syswow64\PerfStringBackup.INI [12/04/2018 01:34:49] - [2404] - C:\WINDOWS\Syswow64\WimBootCompress.ini ---------- | Listing no Microsoft signed files (Not necessary Malwares) | system32 | Syswow64 | General scan [MD5.C510751F36472786E3B3F8C149A24915] - |N| - [17/05/2018 18:42:03] - (.-.) - [1056.68 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\adobegc.log [MD5.00000000000000000000000000000000] - |D| - [13/07/2018 13:53:24] - [344.29 Ko] - C:\WINDOWS\Temp\avast_ash2 [MD5.22DA1EAD1ED82AB75B39971F00BC629E] - |A| - [15/07/2018 12:53:24] - (.-.) - [3.39 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MpCmdRun.log [MD5.1CBDE9E7F75CA9801F7745FF2E5DFC0A] - |A| - [12/07/2018 09:30:51] - (.-.) - [0.54 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\ScheduledHeartbeat.log [MD5.00000000000000000000000000000000] - |D| - [17/05/2018 18:42:03] - [0 Ko] - C:\WINDOWS\Temp\_avast_ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:18:38] - [0 Ko] - C:\WINDOWS\System32\0409 [MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [12/04/2018 01:34:20] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@AudioToastIcon.png [MD5.8E4B25CC8E98F63DBD54176DFAB539E0] - |A| - [12/04/2018 01:34:07] - (.-.) - [0.44 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@BackgroundAccessToastIcon.png [MD5.3937359E324E15F6A7A7092D4DAEBD64] - |A| - [12/04/2018 01:34:25] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@bitlockertoastimage.png [MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [12/04/2018 01:34:14] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@EnrollmentToastIcon.png [MD5.C2A332DE50FE519DA21AFB8BD6E134F4] - |A| - [12/04/2018 01:34:27] - (.-.) - [0.55 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@language_notification_icon.png [MD5.A119D69B4C29845D3F8CE2E5638C8E65] - |A| - [12/04/2018 01:34:32] - (.-.) - [0.47 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@optionalfeatures.png [MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [12/04/2018 01:34:33] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@VpnToastIcon.png [MD5.7AC3EA1A5175106ED6467FF0C5315541] - |A| - [12/04/2018 01:34:44] - (.-.) - [14.75 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WiFiNotificationIcon.png [MD5.79166EAF65485F1432DD72B72870026B] - |A| - [12/04/2018 01:34:04] - (.-.) - [190.86 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@windows-hello-V4.1.gif [MD5.13EF2C8D799F7B6E9D8E3D6BACB9C779] - |A| - [12/04/2018 01:34:04] - (.-.) - [0.7 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsHelloFaceToastIcon.png [MD5.F553B252FEC3134D4F5303D9B25298B3] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsUpdateToastIcon.contrast-black.png [MD5.DAD405CBDE259DE527EBF71BCC28099C] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.79 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsUpdateToastIcon.contrast-white.png [MD5.F553B252FEC3134D4F5303D9B25298B3] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsUpdateToastIcon.png [MD5.DB71001FC261F6685BE410527DAE3942] - |A| - [12/04/2018 01:34:20] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WirelessDisplayToast.png [MD5.D0FCF781D0801ABF5F74B54E98076A5B] - |A| - [12/04/2018 01:34:12] - (.-.) - [0.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WwanNotificationIcon.png [MD5.85D91E478AF18125007C531227FF6E59] - |A| - [12/04/2018 01:34:12] - (.-.) - [0.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WwanSimLockIcon.png [MD5.ECFB47321D759AC6015E613AEAF2BDCC] - |A| - [06/10/2017 21:46:41] - (.-.) - [115.8 Ko] - (0.0.0.0) - C:\WINDOWS\System32\AcpiServiceVnA64.dll [MD5.00000000000000000000000000000000] - |D| - [11/04/2018 23:04:39] - [2891.9 Ko] - C:\WINDOWS\System32\AdvancedInstallers [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\System32\af-ZA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [27.97 Ko] - C:\WINDOWS\System32\am-et [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\System32\AppLocker [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [2576.89 Ko] - C:\WINDOWS\System32\appraiser [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [345.5 Ko] - C:\WINDOWS\System32\ar-SA [MD5.B4F803BBEAFAD4DE89C6D3718E93F4F0] - |A| - [12/04/2018 01:34:15] - (.Copyright (c) libarchive authors - Windows-internal libarchive library.) - [602 Ko] - (3.3.2.0) - C:\WINDOWS\System32\archiveint.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30.5 Ko] - C:\WINDOWS\System32\as-IN [MD5.F4C05547920F091BA19D7971DB5CFF6C] - |A| - [17/05/2018 18:43:01] - (.Copyright (c) 2018 AVAST Software - Avast start-up scanner.) - [367.71 Ko] - (18.4.3895.0) - C:\WINDOWS\System32\aswBoot.exe [MD5.DC2AE009029AABE06996A37C2B729EFD] - |A| - [06/10/2017 21:46:41] - (.-.) - [102.84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\audioLibVc.dll [MD5.C03F0062C0749CDB59A4D60862C3E83E] - |A| - [12/04/2018 01:34:04] - (.-.) - [134.86 Ko] - (0.0.0.0) - C:\WINDOWS\System32\AverageRoom.bin [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\System32\az-Latn-AZ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\System32\be-BY [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [345.5 Ko] - C:\WINDOWS\System32\bg-BG [MD5.705628497C0012302212A46ADD463E6E] - |A| - [12/04/2018 01:34:02] - (.-.) - [8.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.contrast-black.png [MD5.F63C615733A3337BF2BEA96C6EE9B568] - |A| - [12/04/2018 01:34:02] - (.-.) - [8.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.contrast-high.png [MD5.705628497C0012302212A46ADD463E6E] - |A| - [12/04/2018 01:34:02] - (.-.) - [8.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.contrast-white.png [MD5.DAF1DCB4AEE839A1965F4CC160C49A53] - |A| - [12/04/2018 01:34:02] - (.-.) - [8.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.png [MD5.28ECA83D7F9D10D69E969675D1FF6725] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.29 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothSystemToastIcon.contrast-white.png [MD5.A620186FF1CDE4EE117FC4CAD648B9CC] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.2 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\System32\bn-BD [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\System32\bn-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [4832.2 Ko] - C:\WINDOWS\System32\Boot [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\System32\bs-Latn-BA [MD5.06DB0A736F8A78151518276F232669FC] - |A| - [12/04/2018 01:34:19] - (.Copyright (C) 2008 - Gestionnaire de contexte pour réseau personnel Bluetooth.) - [181 Ko] - (1.0.0.1) - C:\WINDOWS\System32\BthpanContextHandler.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0.1 Ko] - C:\WINDOWS\System32\Bthprops [MD5.535884123FABC2C15AA7DEC9834B55D4] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ComputerToastIcon.contrast-white.png [MD5.89F92266DFC6F93961DFFBB2D6C61A15] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.38 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ComputerToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [11/04/2018 23:04:33] - [275333.63 Ko] - C:\WINDOWS\System32\config [MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 01:38:21] - [53.11 Ko] - C:\WINDOWS\System32\Configuration [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [403.5 Ko] - C:\WINDOWS\System32\cs-CZ [MD5.BDEBD2FC4927DA00EEA263AF9CF8F7ED] - |A| - [12/04/2018 01:34:15] - (.© 1996 - 2017 Daniel Stenberg, . - The curl executable.) - [414.5 Ko] - (7.55.1.0) - C:\WINDOWS\System32\curl.exe [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [31.5 Ko] - C:\WINDOWS\System32\cy-GB [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [399 Ko] - C:\WINDOWS\System32\da-DK [MD5.4EDE94905F4910EA8CF91D4101DA198A] - |A| - [12/04/2018 01:34:04] - (.-.) - [138 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DataStoreCacheDumpTool.exe [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [217.6 Ko] - C:\WINDOWS\System32\DDFs [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [453 Ko] - C:\WINDOWS\System32\de-DE [MD5.C04ED7B2794D40E8E777FD44ED44FC50] - |A| - [12/04/2018 01:34:06] - (.-.) - [0.36 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultAccountTile.png [MD5.618BA9E529EAB7E11DBA43469481835F] - |A| - [12/04/2018 01:34:04] - (.-.) - [4128.04 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultHrtfs.bin [MD5.664AA698FC0106A2B075A641E8DC6302] - |A| - [12/04/2018 01:38:27] - (.-.) - [0.84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultQuestions.json [MD5.4A6FA3C0EFD237F104E09A22883D9388] - |A| - [12/04/2018 01:34:17] - (.-.) - [3.85 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DetailedReading-Default.xml [MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 01:38:21] - [923.5 Ko] - C:\WINDOWS\System32\DiagSvcs [MD5.12ACC91FA93C8BF82D4EF3FB779ECEF8] - |A| - [12/04/2018 01:34:24] - (.-.) - [80.27 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DiskSnapshot.conf [MD5.00000000000000000000000000000000] - |D| - [11/04/2018 23:04:37] - [9773.77 Ko] - C:\WINDOWS\System32\Dism [MD5.6AB2B935BF38EB13CFCB9506223FD6E7] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DisplaySystemToastIcon.contrast-white.png [MD5.FF004E0B30E5E4EC747B3D8EF6E3B89E] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DisplaySystemToastIcon.png [MD5.DF84EB7B44D1414284BA384F0061D1DC] - |A| - [12/04/2018 01:34:04] - (.-.) - [728.08 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DynamicLong.bin [MD5.346870077DFD18867A9693C7A59AA3E6] - |A| - [12/04/2018 01:34:04] - (.-.) - [503.08 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DynamicMedium.bin [MD5.2BEC13D68312ADE8C0065D8BCC146D2F] - |A| - [12/04/2018 01:34:04] - (.-.) - [315.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DynamicShort.bin [MD5.9734BDDABAD131D62E9B41126BD2D019] - |A| - [07/04/2016 03:36:28] - (.-.) - [3.06 Ko] - (0.0.0.0) - C:\WINDOWS\System32\e1d65x64.din [MD5.08C33E4AB904EC0960B0781ED26AE039] - |A| - [12/04/2018 01:33:52] - (.-.) - [2.04 Ko] - (0.0.0.0) - C:\WINDOWS\System32\edgehtmlpluginpolicy.bin [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [451.5 Ko] - C:\WINDOWS\System32\el-GR [MD5.01211D1A7446BE619A6BB381FAF5DDE6] - |A| - [12/06/2017 12:36:36] - (.-.) - [22.66 Ko] - (0.0.0.0) - C:\WINDOWS\System32\emptyregdb.dat [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:18:38] - [0 Ko] - C:\WINDOWS\System32\en [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [324 Ko] - C:\WINDOWS\System32\en-GB [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [2138.03 Ko] - C:\WINDOWS\System32\en-US [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [433.5 Ko] - C:\WINDOWS\System32\es-ES [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [358.5 Ko] - C:\WINDOWS\System32\es-MX [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [318.5 Ko] - C:\WINDOWS\System32\et-EE [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29 Ko] - C:\WINDOWS\System32\eu-ES [MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 01:38:21] - [17223.14 Ko] - C:\WINDOWS\System32\F12 [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\System32\fa-IR [MD5.4DBB768C8F7E49566670FF10A61726A3] - |A| - [12/07/2018 09:33:59] - (.-.) - [1278 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FaceProcessor.dll [MD5.F5A3997555DA1A4F7036D4E8B2FCB386] - |A| - [12/07/2018 09:33:55] - (.-.) - [530.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FaceProcessorCore.dll [MD5.BB0137476B1EC8B10CE944BF023C91F6] - |A| - [12/04/2018 01:34:04] - (.-.) - [1317.05 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FaceTrackerInternal.dll [MD5.4DED57BD7ACB9B0EBBE82034EC44645A] - |A| - [12/04/2018 01:34:41] - (.-.) - [43.22 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FeatureToastBulldogImg.png [MD5.E65D2A37B6D4445D0CD9234BA933475B] - |A| - [12/04/2018 01:33:53] - (.-.) - [72.96 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FeatureToastHeroImg.jpg [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [404.5 Ko] - C:\WINDOWS\System32\fi-FI [MD5.FEFF27B893E73212A95E7321222273A4] - |A| - [28/05/2013 22:23:14] - (.-.) - [637 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ficvdec_x64.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32.5 Ko] - C:\WINDOWS\System32\fil-PH [MD5.86177A958F4B9AD449C1EC7569DE2193] - |A| - [01/10/2012 20:35:42] - (.- Microsoft® Forms DLL.) - [1555.13 Ko] - (15.0.4420.1017) - C:\WINDOWS\System32\FM20.DLL [MD5.E44C360B261B0C35F175370F20D5DDCD] - |A| - [01/10/2012 20:38:12] - (.- Microsoft® Forms International DLL.) - [31.14 Ko] - (15.0.4420.1017) - C:\WINDOWS\System32\FM20ENU.DLL [MD5.2A7D873D71572E1EF6D0552BABC1B03E] - |A| - [01/10/2012 21:04:00] - (.- Microsoft® Forms International DLL.) - [35.16 Ko] - (15.0.4420.1017) - C:\WINDOWS\System32\FM20FRA.DLL [MD5.198339CC9B722A8EFD7C066D0C2DB30B] - |A| - [17/05/2018 18:38:33] - (.-.) - [446.32 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FNTCACHE.DAT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:18:38] - [3403 Ko] - C:\WINDOWS\System32\fr [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [369 Ko] - C:\WINDOWS\System32\fr-CA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [45635.5 Ko] - C:\WINDOWS\System32\fr-FR [MD5.4413DA3F90138EAC46FA23CADEBA826D] - |A| - [05/09/2015 10:09:14] - (.Copyright © Beepa P/L 2013 - Fraps.) - [103.5 Ko] - (3.5.99.15623) - C:\WINDOWS\System32\frapsv64.dll [MD5.E7104224FAD225D764248CDF0A85482E] - |A| - [24/08/2017 06:19:00] - (.Copyright © 2006-2017 FTDI Ltd. - FTDI USB Serial Converter Property Page Provider.) - [164.19 Ko] - (1.3.0.1) - C:\WINDOWS\System32\ftbusui.dll [MD5.39E2638AF413C84609BC851D942CCA8C] - |A| - [19/09/2017 11:38:12] - (.Copyright © 2004-2017 FTDI Ltd. - FTDI VCP CoInstaller.) - [73.21 Ko] - (2.1.3.1) - C:\WINDOWS\System32\ftcserco.dll [MD5.453A11B299E1C5A5214373008117EEFE] - |A| - [24/08/2017 06:19:04] - (.Copyright © 2001-2017 FTDI Ltd. - FTD2XX Dynamic Link Library.) - [307.19 Ko] - (3.2.14.0) - C:\WINDOWS\System32\ftd2xx.dll [MD5.230F5CE2185BA4DDAD0653D8F33C5BB4] - |A| - [24/08/2017 06:19:08] - (.Copyright © 2001-2017 FTDI Ltd. - FTDI Multi-Lingual Property Page Text Library.) - [268.18 Ko] - (1.5.2.1) - C:\WINDOWS\System32\FTLang.dll [MD5.6EEC15BFCB7B375632AEA62530C6777F] - |A| - [19/09/2017 11:38:24] - (.Copyright (c) 2000-2017 FTDI Ltd. - FTDI Virtual COM Port Property Page Provider.) - [63.71 Ko] - (2.12.28.1) - C:\WINDOWS\System32\ftserui2.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\System32\FxsTmp [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32.5 Ko] - C:\WINDOWS\System32\ga-IE [MD5.41FD64AE28A0C932CA7B2A250993D675] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.45 Ko] - (0.0.0.0) - C:\WINDOWS\System32\GameSystemToastIcon.contrast-white.png [MD5.6DC77FD8B062264AF1C6DA325ABB7010] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\GameSystemToastIcon.png [MD5.2E6AF4D5BF6E31E728F409984C3045D4] - |A| - [12/04/2018 01:34:39] - (.-.) - [86.7 Ko] - (0.0.0.0) - C:\WINDOWS\System32\gatherNetworkInfo.vbs [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [34 Ko] - C:\WINDOWS\System32\gd-GB [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [01/10/2017 13:30:19] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\System32\GfxValDisplayLog.bin [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [31 Ko] - C:\WINDOWS\System32\gl-ES [MD5.00000000000000000000000000000000] - |HD| - [16/07/2016 13:47:48] - [0 Ko] - C:\WINDOWS\System32\GroupPolicy [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [0 Ko] - C:\WINDOWS\System32\GroupPolicyUsers [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29 Ko] - C:\WINDOWS\System32\gu-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29 Ko] - C:\WINDOWS\System32\ha-Latn-NG [MD5.EA99A87E98D995DE6E280CF85CEAD413] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.21 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HandwritingSystemToastIcon.contrast-white.png [MD5.B8E586ED92DB703FFA480E254996160E] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.89 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HandwritingSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [327.5 Ko] - C:\WINDOWS\System32\he-IL [MD5.6E9E9D56B192B2995493E529CFF2BBFE] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.43 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadphoneSystemToastIcon.contrast-white.png [MD5.7F1E9502267F778F3A8139C35A352190] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.09 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadphoneSystemToastIcon.png [MD5.202A07E4526B050E22624328E64E0470] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.52 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadsetSystemToastIcon.contrast-white.png [MD5.1892ACC10CAC009BCAC146AD650ABA58] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.17 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadsetSystemToastIcon.png [MD5.031713BFD5F30E63336D3CA5D2767BE9] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.79 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HealthSystemToastIcon.contrast-white.png [MD5.C1BD7976C99830E33A713D02374054EC] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.62 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HealthSystemToastIcon.png [MD5.D6906D226393F94E7D8B3B2AC1E41D94] - |A| - [12/04/2018 01:34:10] - (.-.) - [247.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeatCore.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29 Ko] - C:\WINDOWS\System32\hi-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [335 Ko] - C:\WINDOWS\System32\hr-HR [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [411 Ko] - C:\WINDOWS\System32\hu-HU [MD5.E1712E7E7F912EC72EEDA318C3B25E25] - |A| - [12/04/2018 01:33:54] - (.-.) - [31 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HvSocket.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [27.5 Ko] - C:\WINDOWS\System32\hy-AM [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:20] - [160.64 Ko] - C:\WINDOWS\System32\hydrogen [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [5.36 Ko] - C:\WINDOWS\System32\ias [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [36.27 Ko] - C:\WINDOWS\System32\icsxml [MD5.CD591279F103D5E02F84ABD7ED450E57] - |RA| - [12/04/2018 01:34:12] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU I18N DLL.) - [1848 Ko] - (59.1.0.0) - C:\WINDOWS\System32\icuin.dll [MD5.4185EE055F39FD2D726A91E6A8A1A093] - |RA| - [12/04/2018 01:34:12] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Common DLL.) - [1311.5 Ko] - (59.1.0.0) - C:\WINDOWS\System32\icuuc.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\System32\id-ID [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [27 Ko] - C:\WINDOWS\System32\ig-NG [MD5.67B646C256190F118619C9D10AAE4B5C] - |A| - [12/04/2018 01:34:04] - (.-.) - [168 Ko] - (0.0.0.0) - C:\WINDOWS\System32\IHDS.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [25220 Ko] - C:\WINDOWS\System32\IME [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\System32\inetsrv [MD5.BB1480586B5C174900A1051CEB2B462F] - |A| - [12/04/2018 01:34:12] - (.-.) - [480.22 Ko] - (0.0.0.0) - C:\WINDOWS\System32\InputHost.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [6671.5 Ko] - C:\WINDOWS\System32\InputMethod [MD5.8DE9AE82152650C178BF1E24014E8503] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.25 Ko] - (0.0.0.0) - C:\WINDOWS\System32\InputSystemToastIcon.contrast-white.png [MD5.0B9FBD6F3ED617CD36D042D3422F1C2B] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\InputSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\System32\Ipmi [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29 Ko] - C:\WINDOWS\System32\is-IS [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [432.5 Ko] - C:\WINDOWS\System32\it-IT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [319.56 Ko] - C:\WINDOWS\System32\ja-jp [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\System32\ka-GE [MD5.23AC7515B6D8A794BCC01B582F044078] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.82 Ko] - (0.0.0.0) - C:\WINDOWS\System32\KeyboardSystemToastIcon.contrast-white.png [MD5.3DF873E16CCEA9B42857FB5FA085CB00] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\KeyboardSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\System32\kk-KZ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28 Ko] - C:\WINDOWS\System32\km-KH [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [31.5 Ko] - C:\WINDOWS\System32\kn-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [297 Ko] - C:\WINDOWS\System32\ko-KR [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29 Ko] - C:\WINDOWS\System32\kok-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\System32\ku-Arab-IQ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\System32\ky-KG [MD5.F0CC83E1BA7E24F9B3292160C28AECD7] - |A| - [12/04/2018 01:34:04] - (.-.) - [145.56 Ko] - (0.0.0.0) - C:\WINDOWS\System32\LargeRoom.bin [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [33 Ko] - C:\WINDOWS\System32\lb-LU [MD5.C15D2C94E3C94CEFE8DE6A9D36C35FD1] - |A| - [13/10/2016 22:55:18] - (.(C) 1991-2012 Logitech. - LDA Component Extensions (UNICODE).) - [2410.45 Ko] - (1.10.77.0) - C:\WINDOWS\System32\LdaCx2.dll [MD5.4F5120E44845A78D5920D2F0BDE0340F] - |A| - [12/04/2018 18:22:53] - (.-.) - [1953 Ko] - (2.6.4.0) - C:\WINDOWS\System32\libcrypto.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [559.86 Ko] - C:\WINDOWS\System32\Licenses [MD5.6FCFAF52ABBDB229A123A7402B2BC3E3] - |A| - [05/07/2018 17:33:51] - (.(C) 1998-2018 Logitech. - Logitech KMDF Co-Installer (UNICODE).) - [1810.62 Ko] - (5.92.28.0) - C:\WINDOWS\System32\LkmdfCoInst.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [27 Ko] - C:\WINDOWS\System32\lo-LA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [2106.82 Ko] - C:\WINDOWS\System32\LogFiles [MD5.1F1E9FBB7FE7A39A84A061F6EF7003B4] - |A| - [13/10/2016 22:55:24] - (.Copyright © 2010-2012 Logitech. All Rights Reserved - Logitech Download Assistant.) - [3850.45 Ko] - (1.10.77.0) - C:\WINDOWS\System32\LogiLDA.DLL [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [333 Ko] - C:\WINDOWS\System32\lt-LT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [331.5 Ko] - C:\WINDOWS\System32\lv-LV [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [58369.51 Ko] - C:\WINDOWS\System32\Macromed [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32.68 Ko] - C:\WINDOWS\System32\MailContactsCalendarSync [MD5.9F46840758431946CA096F8096B016B4] - |A| - [14/06/2018 16:03:49] - (.-.) - [790 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MBR2GPT.EXE [MD5.F23EB28468FC8B62AF941308EC30387F] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.25 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediaSystemToastIcon.contrast-white.png [MD5.6E27512E38D598E0A60F8E5ADCF032CD] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.83 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediaSystemToastIcon.png [MD5.69D04DE701CF1E8CE69C65D1671D2B3F] - |A| - [12/04/2018 01:34:04] - (.-.) - [107.46 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediumRoom.bin [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29 Ko] - C:\WINDOWS\System32\mi-NZ [MD5.00000000000000000000000000000000] - |D| - [17/05/2018 19:35:51] - [7.36 Ko] - C:\WINDOWS\System32\Microsoft [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [5564.47 Ko] - C:\WINDOWS\System32\migration [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [47362.99 Ko] - C:\WINDOWS\System32\migwiz [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\System32\mk-MK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32.5 Ko] - C:\WINDOWS\System32\ml-IN [MD5.D225B2044789A6059344503C1AE33347] - |A| - [12/04/2018 01:34:29] - (.-.) - [3.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\mmc.exe.config [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30.5 Ko] - C:\WINDOWS\System32\mn-MN [MD5.B43E43FFFDD0F06A6925C7C89594042B] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.35 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MouseSystemToastIcon.contrast-white.png [MD5.5D2F0D3E50BF1129D260AC1405FF2A18] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.06 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MouseSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\System32\mr-IN [MD5.00000000000000000000000000000000] - |D| - [24/11/2016 11:28:55] - [0 Ko] - C:\WINDOWS\System32\MRT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\System32\ms-MY [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [45.5 Ko] - C:\WINDOWS\System32\MSDRM [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [4340.28 Ko] - C:\WINDOWS\System32\MsDtc [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [31 Ko] - C:\WINDOWS\System32\mt-MT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [19.15 Ko] - C:\WINDOWS\System32\MUI [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [34.35 Ko] - C:\WINDOWS\System32\my-mm [MD5.02E55C4A660269C15F755CC2FF58F073] - |A| - [06/10/2017 21:46:45] - (.Copyright © 2013 Nahimic Inc. All rights reserved - Nahimic APO lfx dll.) - [5462.51 Ko] - (6.3.9600.17246) - C:\WINDOWS\System32\NAHIMICAPOlfx.dll [MD5.EB92FCA946E009B8DC614D9ED2B0CB2E] - |A| - [06/10/2017 21:46:46] - (.Copyright © 2013 Nahimic Inc. All rights reserved - Nahimic APO Settings Communication Dll.) - [980.33 Ko] - (1.0.0.14866) - C:\WINDOWS\System32\NahimicAPONSControl.dll [MD5.0537CFE215E65ADB1C41E5E7DA827187] - |A| - [06/10/2017 21:46:46] - (.Copyright © 2013 Nahimic Inc. All rights reserved - Nahimic APO lfx dll.) - [5799.71 Ko] - (6.3.9600.17246) - C:\WINDOWS\System32\NAHIMICV2apo.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [393.5 Ko] - C:\WINDOWS\System32\nb-NO [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [512 Ko] - C:\WINDOWS\System32\NDF [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [31.5 Ko] - C:\WINDOWS\System32\ne-NP [MD5.B7376DC6E0D6D9F4BA6F4D7737E7C28C] - |A| - [12/06/2017 12:32:17] - (.-.) - [93.32 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NetSetupMig.log [MD5.C146E873B22C3B300B21A859FE66C27A] - |A| - [12/04/2018 01:34:39] - (.-.) - [21.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NetTrace.PLA.Diagnostics.xml [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [51 Ko] - C:\WINDOWS\System32\networklist [MD5.191FCFC35E1A772CDBB7C554E8883B41] - |A| - [12/06/2017 12:32:45] - (.-.) - [8015.06 Ko] - (0.0.0.0) - C:\WINDOWS\System32\nvcoproc.bin [MD5.E14A86282521173F7014A46BD14ECE5E] - |A| - [09/11/2017 04:57:28] - (.-.) - [43.23 Ko] - (0.0.0.0) - C:\WINDOWS\System32\nvinfo.pb [MD5.1F8E72D18D9DF680D0E0E5AA10ECA760] - |A| - [12/04/2018 01:38:28] - (.-.) - [16.94 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OEMDefaultAssociations.xml [MD5.F3DC097E834C1A11F2BEDFD429C644A9] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.41 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.contrast-black.png [MD5.BFE1CCA08FEFC8A3422F7DA615567D75] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.43 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.contrast-white.png [MD5.F3DC097E834C1A11F2BEDFD429C644A9] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.41 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [15786.16 Ko] - C:\WINDOWS\System32\oobe [MD5.2AD7B4F3C8D2BB686D231EDFF404B7A4] - |A| - [25/01/2017 16:50:30] - (.Copyright (C) 2000-2006 - Standard OpenAL(TM) Implementation.) - [120.02 Ko] - (6.14.357.24) - C:\WINDOWS\System32\OpenAL32.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:54] - [3834.5 Ko] - C:\WINDOWS\System32\OpenSSH [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32.5 Ko] - C:\WINDOWS\System32\or-IN [MD5.459FB33AA2114A28C5932FEAA115B072] - |A| - [12/04/2018 01:34:04] - (.-.) - [45.82 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OutdoorAudioEnvironment.bin [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\System32\pa-Arab-PK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\System32\pa-IN [MD5.874B0871DA3EC061D1BF30423C1E165B] - |A| - [12/04/2018 01:34:43] - (.-.) - [48.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PerceptionSimulationInput.exe [MD5.2A43368ACD6E1484200F6EA70599F963] - |A| - [12/04/2018 01:40:29] - (.-.) - [129.59 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc009.dat [MD5.6DFD5CA9AE8BC352992FF6A250A03858] - |A| - [12/04/2018 18:18:42] - (.-.) - [145.82 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc00C.dat [MD5.1E60BC5E525063B96078DF17FBD3C4E1] - |A| - [12/04/2018 01:40:29] - (.-.) - [32.64 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd009.dat [MD5.9F9AF8517189B0D61B2615007E071084] - |A| - [12/04/2018 18:18:42] - (.-.) - [39.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd00C.dat [MD5.DB8A55133527DF8E9EA221324E230448] - |A| - [12/04/2018 01:40:29] - (.-.) - [683.36 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh009.dat [MD5.BAF40DF63D9E7A83F731E67C3CE2CF38] - |A| - [12/04/2018 18:18:42] - (.-.) - [771.28 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh00C.dat [MD5.41C40407BC7796A514EC4AF6DAAC47C8] - |A| - [17/05/2018 18:48:55] - (.-.) - [1725.19 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PerfStringBackup.INI [MD5.79D34E3B62076D4C875C748F5BE71ECA] - |A| - [12/04/2018 01:34:02] - (.-.) - [2.21 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PhoneSystemToastIcon.contrast-white.png [MD5.4D9495349D00D9AD907F227FF51F289F] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.92 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PhoneSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [420 Ko] - C:\WINDOWS\System32\pl-PL [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [682 Ko] - C:\WINDOWS\System32\PointOfService [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:18:39] - [420.74 Ko] - C:\WINDOWS\System32\Printing_Admin_Scripts [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\System32\ProximityToast [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30.5 Ko] - C:\WINDOWS\System32\prs-AF [MD5.007893E8374C766471239EB291BA8C17] - |A| - [12/04/2018 01:34:40] - (.-.) - [4.05 Ko] - (0.0.0.0) - C:\WINDOWS\System32\psmodulediscoveryprovider.mof [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [422 Ko] - C:\WINDOWS\System32\pt-BR [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [417.5 Ko] - C:\WINDOWS\System32\pt-PT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32.5 Ko] - C:\WINDOWS\System32\quc-Latn-GT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30.5 Ko] - C:\WINDOWS\System32\quz-PE [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [23.75 Ko] - C:\WINDOWS\System32\ras [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\System32\RasToast [MD5.5BBEA6A833CAE2CAB5E400D757998BBF] - |A| - [17/05/2018 19:34:53] - (.-.) - [1907.5 Ko] - (1.0.1802.7001) - C:\WINDOWS\System32\rdpnano.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [396249.72 Ko] - C:\WINDOWS\System32\Recovery [MD5.826549DF7B1333179BA8CA939B12DAD3] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RemoteSystemToastIcon.contrast-white.png [MD5.B4DEEC96F9DF6961D5DE054F11BF9C2B] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.1 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RemoteSystemToastIcon.png [MD5.93915F385A4EED6C0FBEE364EA90CE56] - |A| - [12/04/2018 01:34:43] - (.-.) - [9.09 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriHMImageList [MD5.39A2449AFF6ABAD80B97EA7C7CEB3F8E] - |A| - [12/04/2018 01:34:43] - (.-.) - [8.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriImageList [MD5.831C579709F4761E4AB7053FCF4176EC] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.contrast-black.png [MD5.DF286186041C6BF73C5DC21CEEEFFED5] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.77 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.contrast-white.png [MD5.831C579709F4761E4AB7053FCF4176EC] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0.07 Ko] - C:\WINDOWS\System32\restore [MD5.0F0CE558A9D992E8E0336E6ACB3FAF85] - |A| - [12/04/2018 01:34:04] - (.-.) - [51.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\runexehelper.exe [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\System32\rw-RW [MD5.5C18CD22BE4628865FCB63337A6E5EF6] - |A| - [12/04/2018 01:35:22] - (.-.) - [10.18 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScavengeSpace.xml [MD5.2F24BC74DCB28FE032C1596755385917] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.contrast-black.png [MD5.E72B1B6800DE45AA9AE7E10F899E5999] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.54 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.contrast-white.png [MD5.2F24BC74DCB28FE032C1596755385917] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\System32\sd-Arab-PK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [6.92 Ko] - C:\WINDOWS\System32\SecureBootUpdates [MD5.A8308D2F3DDE0745E8B678BF69A2ECD0] - |A| - [12/04/2018 01:34:39] - (.-.) - [8 Ko] - (0.0.0.0) - C:\WINDOWS\System32\settings.dat [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [2246 Ko] - C:\WINDOWS\System32\ShellExperiences [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [53.2 Ko] - C:\WINDOWS\System32\si-lk [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [339 Ko] - C:\WINDOWS\System32\sk-SK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [335.5 Ko] - C:\WINDOWS\System32\sl-SI [MD5.00000000000000000000000000000000] - |D| - [17/05/2018 18:38:34] - [23065.94 Ko] - C:\WINDOWS\System32\SleepStudy [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:18:39] - [52.14 Ko] - C:\WINDOWS\System32\slmgr [MD5.DAC275ABAAD2B689D7BB3685E4032072] - |A| - [12/04/2018 01:34:04] - (.-.) - [68.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SmallRoom.bin [MD5.00000000000000000000000000000000] - |D| - [11/04/2018 23:04:33] - [13441.02 Ko] - C:\WINDOWS\System32\SMI [MD5.55121989BE7B289813D419BA0FDEE8B7] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.contrast-black.png [MD5.E30B7D226E7B5B0EC2B9FC2316694ECC] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.88 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.contrast-white.png [MD5.55121989BE7B289813D419BA0FDEE8B7] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.png [MD5.DE3EAAF17BC934C77C4FC0C626EEA03B] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.48 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SpeakersSystemToastIcon.contrast-white.png [MD5.3308374DB8D20CFDA4D4204E2B5E559E] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.88 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SpeakersSystemToastIcon.png [MD5.3C238A27DD48D63F21CBB8AE6E4210BD] - |A| - [12/04/2018 01:34:41] - (.-.) - [37 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SpectrumSyncClient.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [7505.4 Ko] - C:\WINDOWS\System32\Speech [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [12220.67 Ko] - C:\WINDOWS\System32\Speech_OneCore [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [68823.55 Ko] - C:\WINDOWS\System32\spool [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [6619.42 Ko] - C:\WINDOWS\System32\spp [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [23.61 Ko] - C:\WINDOWS\System32\sppui [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30.5 Ko] - C:\WINDOWS\System32\sq-AL [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\System32\sr-Cyrl-BA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\System32\sr-Cyrl-RS [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [0 Ko] - C:\WINDOWS\System32\sr-Latn-CS [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [337 Ko] - C:\WINDOWS\System32\sr-Latn-RS [MD5.2E00E08420875FAE0B173C6A34C2A575] - |A| - [14/06/2018 16:03:48] - (.-.) - [18.28 Ko] - (0.0.0.0) - C:\WINDOWS\System32\srms-apr.dat [MD5.4FD560E994EDF0353835F3F9F506A62C] - |A| - [12/07/2018 09:33:53] - (.-.) - [57.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\srms.dat [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [37464 Ko] - C:\WINDOWS\System32\sru [MD5.8A02EF186BDC952CA75EFA689EC4F275] - |A| - [12/04/2018 01:34:04] - (.-.) - [434 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ssdm.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [401.5 Ko] - C:\WINDOWS\System32\sv-SE [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29 Ko] - C:\WINDOWS\System32\sw-KE [MD5.00000000000000000000000000000000] - |D| - [11/04/2018 23:04:37] - [1402.14 Ko] - C:\WINDOWS\System32\Sysprep [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [923.28 Ko] - C:\WINDOWS\System32\SystemResetPlatform [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [44.73 Ko] - C:\WINDOWS\System32\ta-in [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [10.73 Ko] - C:\WINDOWS\System32\ta-lk [MD5.9CD66B93520B6DD13C71EAEF487D7899] - |A| - [12/04/2018 01:34:16] - (.Copyright (c) libarchive authors - bsdtar archive tool.) - [49 Ko] - (3.3.2.0) - C:\WINDOWS\System32\tar.exe [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [655.73 Ko] - C:\WINDOWS\System32\Tasks [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [579.97 Ko] - C:\WINDOWS\System32\Tasks_Migrated [MD5.A82ACEAB3D343D1B46A09960874F5D9B] - |A| - [12/07/2018 09:33:54] - (.-.) - [1.28 Ko] - (0.0.0.0) - C:\WINDOWS\System32\tcbres.wim [MD5.D602CA245CC6774A0981B607F0675609] - |A| - [12/04/2018 01:34:33] - (.-.) - [58.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\tcpmon.ini [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\System32\te-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32 Ko] - C:\WINDOWS\System32\tg-Cyrl-TJ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [308.5 Ko] - C:\WINDOWS\System32\th-TH [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [22.5 Ko] - C:\WINDOWS\System32\ti-ET [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [27.5 Ko] - C:\WINDOWS\System32\tk-TM [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32.5 Ko] - C:\WINDOWS\System32\tn-ZA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [392.5 Ko] - C:\WINDOWS\System32\tr-TR [MD5.B88B8D017386A00D7724519F475317A0] - |A| - [12/04/2018 01:34:44] - (.-.) - [10.33 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlan.xslt [MD5.2F05390B798363D51EBE65D6320CD45E] - |A| - [12/04/2018 01:34:44] - (.-.) - [1.65 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlanCredentials.xslt [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\System32\tt-RU [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28 Ko] - C:\WINDOWS\System32\ug-CN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [334.5 Ko] - C:\WINDOWS\System32\uk-UA [MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 01:38:21] - [2716.9 Ko] - C:\WINDOWS\System32\UNP [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\System32\ur-PK [MD5.5B0D59652F66ABB715DC53C312B26BD0] - |A| - [12/04/2018 01:34:14] - (.-.) - [37 Ko] - (0.0.0.0) - C:\WINDOWS\System32\UsbPmApi.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32 Ko] - C:\WINDOWS\System32\uz-Latn-UZ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [31.5 Ko] - C:\WINDOWS\System32\vi-VN [MD5.79C3017E4269435193E078B61EDD5DE1] - |A| - [20/04/2018 17:30:06] - (.Copyright (C) 2015-2018 - Vulkan Loader.) - [938.8 Ko] - (1.1.73.0) - C:\WINDOWS\System32\vulkan-1-999-0-0-0.dll [MD5.79C3017E4269435193E078B61EDD5DE1] - |A| - [20/04/2018 17:30:06] - (.Copyright (C) 2015-2018 - Vulkan Loader.) - [938.8 Ko] - (1.1.73.0) - C:\WINDOWS\System32\vulkan-1.dll [MD5.041E19EC4A66F32383651A7C12070398] - |A| - [20/04/2018 17:29:52] - (.Copyright (C) 2015-2018 - Vulkan Info.) - [684.3 Ko] - (1.1.73.0) - C:\WINDOWS\System32\vulkaninfo-1-999-0-0-0.exe [MD5.041E19EC4A66F32383651A7C12070398] - |A| - [20/04/2018 17:29:52] - (.Copyright (C) 2015-2018 - Vulkan Info.) - [684.3 Ko] - (1.1.73.0) - C:\WINDOWS\System32\vulkaninfo.exe [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [87458.73 Ko] - C:\WINDOWS\System32\wbem [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:18:39] - [0 Ko] - C:\WINDOWS\System32\WCN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [149508.53 Ko] - C:\WINDOWS\System32\WDI [MD5.6EDD021A8B6457DDE09DE7B7FA4E8C8B] - |A| - [12/04/2018 01:34:19] - (.-.) - [0.6 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WdsUnattendTemplate.xml [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [1.12 Ko] - C:\WINDOWS\System32\WinBioDatabase [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [44134.66 Ko] - C:\WINDOWS\System32\WinBioPlugIns [MD5.A8E4E5DC56F9C3C514B945F94C3FE1BD] - |A| - [14/12/2016 14:34:32] - (.Copyright © 2017 - Java(TM) Platform SE binary.) - [107.56 Ko] - (8.0.1510.12) - C:\WINDOWS\System32\WindowsAccessBridge-64.dll [MD5.9FB33FC28587B322B6563F73A8F0CBBD] - |A| - [12/04/2018 01:34:10] - (.-.) - [123 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WindowsDefaultHeatProcessor.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [9771 Ko] - C:\WINDOWS\System32\WindowsPowerShell [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [148544 Ko] - C:\WINDOWS\System32\winevt [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [5569.42 Ko] - C:\WINDOWS\System32\WinMetadata [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:18:39] - [107.53 Ko] - C:\WINDOWS\System32\winrm [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [27.5 Ko] - C:\WINDOWS\System32\wo-SN [MD5.C30C621748C66CE751B19B2788559A3E] - |A| - [12/04/2018 01:34:42] - (.-.) - [4.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpcmon.png [MD5.A853BF78DA5ED707FC4430FBEA74CC15] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpr.config.xml [MD5.549347BCD4AACD63243D78E8F869DBB1] - |A| - [25/01/2017 16:50:30] - (.Copyright © 2008 - OpenAL32.) - [455.52 Ko] - (2.2.0.5) - C:\WINDOWS\System32\wrap_oal.dll [MD5.DE198ABE13B6E663E60E006E17CF68B1] - |A| - [12/04/2018 01:34:06] - (.-.) - [79.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\xboxgipsynthetic.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\System32\xh-ZA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\System32\yo-NG [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [286.99 Ko] - C:\WINDOWS\System32\zh-CN [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [3 Ko] - C:\WINDOWS\System32\zh-HK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [251.5 Ko] - C:\WINDOWS\System32\zh-TW [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\System32\zu-ZA [MD5.5C5A797761421CF9B72087F3BC8A5259] - |A| - [01/10/2017 13:30:19] - (.-.) - [0.18 Ko] - (0.0.0.0) - C:\WINDOWS\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat [MD5.1373F6562D5E4C715D5D3583E350093E] - |A| - [01/10/2017 13:30:19] - (.-.) - [0.2 Ko] - (0.0.0.0) - C:\WINDOWS\System32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:18:39] - [0 Ko] - C:\WINDOWS\SysWOW64\0409 [MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [12/04/2018 01:34:49] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@AudioToastIcon.png [MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [12/04/2018 01:34:48] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@EnrollmentToastIcon.png [MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [12/04/2018 01:34:59] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@VpnToastIcon.png [MD5.DB71001FC261F6685BE410527DAE3942] - |A| - [12/04/2018 01:34:49] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@WirelessDisplayToast.png [MD5.00000000000000000000000000000000] - |D| - [21/06/2018 20:15:09] - [10936.06 Ko] - C:\WINDOWS\SysWOW64\Adobe [MD5.00000000000000000000000000000000] - |D| - [11/04/2018 23:04:41] - [1900.9 Ko] - C:\WINDOWS\SysWOW64\AdvancedInstallers [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\SysWOW64\af-ZA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [22 Ko] - C:\WINDOWS\SysWOW64\am-ET [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\AppLocker [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [326.5 Ko] - C:\WINDOWS\SysWOW64\ar-SA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30.5 Ko] - C:\WINDOWS\SysWOW64\as-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\SysWOW64\az-Latn-AZ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\SysWOW64\be-BY [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [324 Ko] - C:\WINDOWS\SysWOW64\bg-BG [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\SysWOW64\bn-BD [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\SysWOW64\bn-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\SysWOW64\bs-Latn-BA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0.1 Ko] - C:\WINDOWS\SysWOW64\Bthprops [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30.5 Ko] - C:\WINDOWS\SysWOW64\ca-ES [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [31 Ko] - C:\WINDOWS\SysWOW64\ca-ES-valencia [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\catroot [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [23 Ko] - C:\WINDOWS\SysWOW64\chr-CHER-US [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [320.5 Ko] - C:\WINDOWS\SysWOW64\com [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [17.37 Ko] - C:\WINDOWS\SysWOW64\config [MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 01:38:21] - [53.11 Ko] - C:\WINDOWS\SysWOW64\Configuration [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [382 Ko] - C:\WINDOWS\SysWOW64\cs-CZ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [31.5 Ko] - C:\WINDOWS\SysWOW64\cy-GB [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [379 Ko] - C:\WINDOWS\SysWOW64\da-DK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [430.5 Ko] - C:\WINDOWS\SysWOW64\de-DE [MD5.C04ED7B2794D40E8E777FD44ED44FC50] - |A| - [12/04/2018 01:34:46] - (.-.) - [0.36 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\DefaultAccountTile.png [MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 01:38:21] - [205 Ko] - C:\WINDOWS\SysWOW64\DiagSvcs [MD5.00000000000000000000000000000000] - |D| - [17/06/2018 15:58:40] - [0 Ko] - C:\WINDOWS\SysWOW64\directx [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [7783.23 Ko] - C:\WINDOWS\SysWOW64\Dism [MD5.C9EB6CFE2A92A4F89993BE6A6F8A21BA] - |A| - [28/05/2013 22:22:50] - (.-.) - [626 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\ficvdec_x86.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32.5 Ko] - C:\WINDOWS\SysWOW64\fil-PH [MD5.A5E87703B0EC8DB7371117AF0E5554FA] - |A| - [20/03/2013 13:09:40] - (.Copyright © 1994-2004, Firelight Technologies Pty, Ltd. - FMOD.) - [344 Ko] - (3.7.3.0) - C:\WINDOWS\SysWOW64\fmod.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:18:40] - [3149.5 Ko] - C:\WINDOWS\SysWOW64\fr [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [346 Ko] - C:\WINDOWS\SysWOW64\fr-CA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [37155.15 Ko] - C:\WINDOWS\SysWOW64\fr-FR [MD5.E3E8F33F23C9847148DC6B7DA12D9240] - |A| - [05/09/2015 10:09:12] - (.Copyright © Beepa P/L 2013 - Fraps.) - [92 Ko] - (3.5.99.15623) - C:\WINDOWS\SysWOW64\frapsvid.dll [MD5.E25C832EC66F5918D7A1B0787675D6D8] - |A| - [24/08/2017 06:19:20] - (.Copyright © 2001-2017 FTDI Ltd. - FTD2XX Dynamic Link Library.) - [266.18 Ko] - (3.2.14.0) - C:\WINDOWS\SysWOW64\ftd2xx.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\FxsTmp [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32.5 Ko] - C:\WINDOWS\SysWOW64\ga-IE [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [34 Ko] - C:\WINDOWS\SysWOW64\gd-GB [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [31 Ko] - C:\WINDOWS\SysWOW64\gl-ES [MD5.1E91815C329345AD54FE08BF7A98F749] - |A| - [12/04/2018 18:19:16] - (.Copyright (C) 2017 - Gracenote SDK component.) - [4073.5 Ko] - (3.10.5.5585) - C:\WINDOWS\SysWOW64\gnsdk_fp.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\GroupPolicy [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\GroupPolicyUsers [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29 Ko] - C:\WINDOWS\SysWOW64\gu-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29 Ko] - C:\WINDOWS\SysWOW64\ha-Latn-NG [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [309.5 Ko] - C:\WINDOWS\SysWOW64\he-IL [MD5.B4242227EAA6B910E3D0B985816DB2E7] - |A| - [12/04/2018 01:34:45] - (.-.) - [218 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\HeatCore.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29 Ko] - C:\WINDOWS\SysWOW64\hi-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [314.5 Ko] - C:\WINDOWS\SysWOW64\hr-HR [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [389.5 Ko] - C:\WINDOWS\SysWOW64\hu-HU [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [27.5 Ko] - C:\WINDOWS\SysWOW64\hy-AM [MD5.17F5D3282D520EB2EA7C488AA6C57438] - |RA| - [12/04/2018 01:34:47] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU I18N DLL.) - [1594 Ko] - (59.1.0.0) - C:\WINDOWS\SysWOW64\icuin.dll [MD5.A456E020684366A0DB0714ABFB1B5A2A] - |RA| - [12/04/2018 01:34:47] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Common DLL.) - [1134 Ko] - (59.1.0.0) - C:\WINDOWS\SysWOW64\icuuc.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\SysWOW64\id-ID [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [27 Ko] - C:\WINDOWS\SysWOW64\ig-NG [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [20757.55 Ko] - C:\WINDOWS\SysWOW64\IME [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\inetsrv [MD5.9DDE110E76DD3D7FAA7282361069528E] - |A| - [12/04/2018 01:34:47] - (.-.) - [355.66 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\InputHost.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [215.5 Ko] - C:\WINDOWS\SysWOW64\InputMethod [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [1160 Ko] - C:\WINDOWS\SysWOW64\InstallShield [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\Ipmi [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29 Ko] - C:\WINDOWS\SysWOW64\is-IS [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [410.5 Ko] - C:\WINDOWS\SysWOW64\it-IT [MD5.94A8EBD816A366041F8CCF5AFD3AB7DE] - |A| - [24/07/2017 21:20:21] - (.-.) - [55 Ko] - (1.20.15.1) - C:\WINDOWS\SysWOW64\iyvu9_32.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [288 Ko] - C:\WINDOWS\SysWOW64\ja-JP [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\SysWOW64\ka-GE [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\SysWOW64\kk-KZ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28 Ko] - C:\WINDOWS\SysWOW64\km-KH [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [31.5 Ko] - C:\WINDOWS\SysWOW64\kn-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [283.5 Ko] - C:\WINDOWS\SysWOW64\ko-KR [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29 Ko] - C:\WINDOWS\SysWOW64\kok-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\SysWOW64\ku-Arab-IQ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\SysWOW64\ky-KG [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [11/06/2017 01:10:15] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\last.dump [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [33 Ko] - C:\WINDOWS\SysWOW64\lb-LU [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [559.86 Ko] - C:\WINDOWS\SysWOW64\Licenses [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [27 Ko] - C:\WINDOWS\SysWOW64\lo-LA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\LogFiles [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [313 Ko] - C:\WINDOWS\SysWOW64\lt-LT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [311.5 Ko] - C:\WINDOWS\SysWOW64\lv-LV [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [50423.94 Ko] - C:\WINDOWS\SysWOW64\Macromed [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32.68 Ko] - C:\WINDOWS\SysWOW64\MailContactsCalendarSync [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29 Ko] - C:\WINDOWS\SysWOW64\mi-NZ [MD5.00000000000000000000000000000000] - |SD| - [09/06/2018 17:34:15] - [0 Ko] - C:\WINDOWS\SysWOW64\Microsoft [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [2984.42 Ko] - C:\WINDOWS\SysWOW64\migration [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [827.4 Ko] - C:\WINDOWS\SysWOW64\migwiz [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\SysWOW64\mk-MK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32.5 Ko] - C:\WINDOWS\SysWOW64\ml-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30.5 Ko] - C:\WINDOWS\SysWOW64\mn-MN [MD5.209171E9B68CC75EC890214BA4F645D1] - |A| - [20/03/2013 13:09:40] - (.-.) - [259.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\MSCOMCTL32.oca [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [45.5 Ko] - C:\WINDOWS\SysWOW64\MSDRM [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [52.28 Ko] - C:\WINDOWS\SysWOW64\Msdtc [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [31 Ko] - C:\WINDOWS\SysWOW64\mt-MT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [23.15 Ko] - C:\WINDOWS\SysWOW64\MUI [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [374 Ko] - C:\WINDOWS\SysWOW64\nb-NO [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\NDF [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [31.5 Ko] - C:\WINDOWS\SysWOW64\ne-NP [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [51 Ko] - C:\WINDOWS\SysWOW64\networklist [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [400.5 Ko] - C:\WINDOWS\SysWOW64\nl-NL [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\SysWOW64\nn-NO [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30.5 Ko] - C:\WINDOWS\SysWOW64\nso-ZA [MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 01:38:21] - [3781.5 Ko] - C:\WINDOWS\SysWOW64\Nui [MD5.B3B9C8925432FDA674ACCA908FE3CFDE] - |A| - [12/04/2018 01:34:02] - (.-.) - [36.79 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\OneDrive.ico [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [685.69 Ko] - C:\WINDOWS\SysWOW64\oobe [MD5.235355A8DD26903E75D5E812ECF50E53] - |A| - [25/01/2017 16:50:30] - (.Copyright (C) 2000-2006 - Standard OpenAL(TM) Implementation.) - [106.52 Ko] - (6.14.357.24) - C:\WINDOWS\SysWOW64\OpenAL32.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32.5 Ko] - C:\WINDOWS\SysWOW64\or-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\SysWOW64\pa-Arab-PK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\SysWOW64\pa-IN [MD5.B8B16F0184BE36D774D20061F26E2D3A] - |A| - [26/03/2017 19:46:40] - (.-.) - [7011.59 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\PerfStringBackup.INI [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [397.5 Ko] - C:\WINDOWS\SysWOW64\pl-PL [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:18:40] - [420.74 Ko] - C:\WINDOWS\SysWOW64\Printing_Admin_Scripts [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30.5 Ko] - C:\WINDOWS\SysWOW64\prs-AF [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [400.5 Ko] - C:\WINDOWS\SysWOW64\pt-BR [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [395.5 Ko] - C:\WINDOWS\SysWOW64\pt-PT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32.5 Ko] - C:\WINDOWS\SysWOW64\quc-Latn-GT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30.5 Ko] - C:\WINDOWS\SysWOW64\quz-PE [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [23.75 Ko] - C:\WINDOWS\SysWOW64\ras [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\RasToast [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0.82 Ko] - C:\WINDOWS\SysWOW64\Recovery [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\restore [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [321 Ko] - C:\WINDOWS\SysWOW64\ro-RO [MD5.00000000000000000000000000000000] - |D| - [12/06/2017 12:32:51] - [2198.22 Ko] - C:\WINDOWS\SysWOW64\RTCOM [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [391 Ko] - C:\WINDOWS\SysWOW64\ru-RU [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\SysWOW64\rw-RW [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\SysWOW64\sd-Arab-PK [MD5.D10AE8F3084779B587C0AAB058776BDD] - |A| - [14/07/2018 05:49:04] - (.-.) - [320.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\SelfFolder.idc [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\SysWOW64\si-LK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [316.5 Ko] - C:\WINDOWS\SysWOW64\sk-SK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [314.5 Ko] - C:\WINDOWS\SysWOW64\sl-SI [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:18:40] - [52.14 Ko] - C:\WINDOWS\SysWOW64\slmgr [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\SMI [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [4133.4 Ko] - C:\WINDOWS\SysWOW64\Speech [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [8941.12 Ko] - C:\WINDOWS\SysWOW64\Speech_OneCore [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [1309.47 Ko] - C:\WINDOWS\SysWOW64\spp [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [23.61 Ko] - C:\WINDOWS\SysWOW64\sppui [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30.5 Ko] - C:\WINDOWS\SysWOW64\sq-AL [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\SysWOW64\sr-Cyrl-BA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\SysWOW64\sr-Cyrl-RS [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\sr-Latn-CS [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [316.5 Ko] - C:\WINDOWS\SysWOW64\sr-Latn-RS [MD5.2E00E08420875FAE0B173C6A34C2A575] - |A| - [14/06/2018 16:03:48] - (.-.) - [18.28 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\srms-apr.dat [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\sru [MD5.DC2DB04CA829CAD7910CE71263F68C90] - |A| - [12/04/2018 01:34:45] - (.-.) - [321.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\ssdm.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [381.5 Ko] - C:\WINDOWS\SysWOW64\sv-SE [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29 Ko] - C:\WINDOWS\SysWOW64\sw-KE [MD5.DDB91A659AE524E796208E64026FAE35] - |A| - [12/07/2018 11:29:49] - (.-.) - [0.31 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\swhealthex.log [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:18:40] - [0 Ko] - C:\WINDOWS\SysWOW64\sysprep [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [34 Ko] - C:\WINDOWS\SysWOW64\ta-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\Tasks [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\SysWOW64\te-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32 Ko] - C:\WINDOWS\SysWOW64\tg-Cyrl-TJ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [289.5 Ko] - C:\WINDOWS\SysWOW64\th-TH [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [22.5 Ko] - C:\WINDOWS\SysWOW64\ti-ET [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [27.5 Ko] - C:\WINDOWS\SysWOW64\tk-TM [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32.5 Ko] - C:\WINDOWS\SysWOW64\tn-ZA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [372.5 Ko] - C:\WINDOWS\SysWOW64\tr-TR [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\SysWOW64\tt-RU [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28 Ko] - C:\WINDOWS\SysWOW64\ug-CN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [314 Ko] - C:\WINDOWS\SysWOW64\uk-UA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\SysWOW64\ur-PK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32 Ko] - C:\WINDOWS\SysWOW64\uz-Latn-UZ [MD5.CC7C694B2BD1510C5AAE7374A5B52B92] - |A| - [03/02/1999 07:45:42] - (.-.) - [26.46 Ko] - (2.0.0.5215) - C:\WINDOWS\SysWOW64\VBAFR32.OLB [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [31.5 Ko] - C:\WINDOWS\SysWOW64\vi-VN [MD5.047160E9A985AE80F988902BB7B94D8C] - |A| - [20/04/2018 17:30:40] - (.Copyright (C) 2015-2018 - Vulkan Loader.) - [809.3 Ko] - (1.1.73.0) - C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll [MD5.047160E9A985AE80F988902BB7B94D8C] - |A| - [20/04/2018 17:30:40] - (.Copyright (C) 2015-2018 - Vulkan Loader.) - [809.3 Ko] - (1.1.73.0) - C:\WINDOWS\SysWOW64\vulkan-1.dll [MD5.3F4C946E1B5BA748BDFE02C004A8A2BA] - |A| - [20/04/2018 17:30:24] - (.Copyright (C) 2015-2018 - Vulkan Info.) - [577.3 Ko] - (1.1.73.0) - C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe [MD5.3F4C946E1B5BA748BDFE02C004A8A2BA] - |A| - [20/04/2018 17:30:24] - (.Copyright (C) 2015-2018 - Vulkan Info.) - [577.3 Ko] - (1.1.73.0) - C:\WINDOWS\SysWOW64\vulkaninfo.exe [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [15770.52 Ko] - C:\WINDOWS\SysWOW64\wbem [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:18:40] - [0 Ko] - C:\WINDOWS\SysWOW64\WCN [MD5.A8E4E5DC56F9C3C514B945F94C3FE1BD] - |A| - [23/10/2017 19:23:27] - (.Copyright © 2017 - Java(TM) Platform SE binary.) - [107.56 Ko] - (8.0.1510.12) - C:\WINDOWS\SysWOW64\WindowsAccessBridge-64.dll [MD5.F8A04B2ADF9693ADF0D70B966CA4498E] - |A| - [12/04/2018 01:34:45] - (.-.) - [109 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\WindowsDefaultHeatProcessor.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [8936.71 Ko] - C:\WINDOWS\SysWOW64\WindowsPowerShell [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [5569.41 Ko] - C:\WINDOWS\SysWOW64\WinMetadata [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:18:40] - [107.53 Ko] - C:\WINDOWS\SysWOW64\winrm [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [27.5 Ko] - C:\WINDOWS\SysWOW64\wo-SN [MD5.D494267BC169604FAC5E3679B9A97FED] - |A| - [25/01/2017 16:50:30] - (.Copyright © 2008 - OpenAL32.) - [434.52 Ko] - (2.2.0.5) - C:\WINDOWS\SysWOW64\wrap_oal.dll [MD5.62236256C14EBAB96F24E4F1D7049CA8] - |A| - [12/04/2018 01:34:45] - (.-.) - [54.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\xboxgipsynthetic.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\SysWOW64\xh-ZA [MD5.00000000000000000000000000000000] - |D| - [17/05/2018 19:33:50] - [10.16 Ko] - C:\WINDOWS\SysWOW64\XPSViewer [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\SysWOW64\yo-NG [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [245.5 Ko] - C:\WINDOWS\SysWOW64\zh-CN [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\zh-HK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [240.5 Ko] - C:\WINDOWS\SysWOW64\zh-TW [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\SysWOW64\zu-ZA ---------- | Shell Folders [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] "!Do not use this registry key"=Use the SHGetFolderPath or SHGetKnownFolderPath function instead "AppData"=C:\Users\admin\AppData\Roaming [17/05/2018 18:40:11] "Local AppData"=C:\Users\admin\AppData\Local [17/05/2018 18:40:11] "CD Burning"=C:\Users\admin\AppData\Local\Microsoft\Windows\Burn\Burn [17/05/2018 18:47:29] "{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"=C:\Users\admin\AppData\Roaming\Microsoft\Windows\Libraries [24/11/2016 09:54:34] "My Video"=C:\Users\admin\Videos [24/11/2016 09:51:02] "My Pictures"=C:\Users\admin\Pictures [24/11/2016 09:51:02] "Desktop"=C:\Users\admin\Desktop [24/11/2016 09:51:02] "History"=C:\Users\admin\AppData\Local\Microsoft\Windows\History [24/11/2016 09:51:02] "NetHood"=C:\Users\admin\AppData\Roaming\Microsoft\Windows\Network Shortcuts [17/05/2018 18:40:11] "{56784854-C6CB-462B-8169-88E350ACB882}"=C:\Users\admin\Contacts [24/11/2016 09:54:34] "{00BCFC5A-ED94-4E48-96A1-3F6217F21990}"=C:\Users\admin\AppData\Local\Microsoft\Windows\RoamingTiles [24/11/2016 09:54:34] "Cookies"=C:\Users\admin\AppData\Local\Microsoft\Windows\INetCookies [24/11/2016 09:51:02] "Favorites"=C:\Users\admin\Favorites [24/11/2016 09:51:02] "SendTo"=C:\Users\admin\AppData\Roaming\Microsoft\Windows\SendTo [24/11/2016 09:51:02] "Start Menu"=C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu [24/11/2016 09:51:02] "My Music"=C:\Users\admin\Music [24/11/2016 09:51:02] "Programs"=C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [24/11/2016 09:51:02] "Recent"=C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent [24/11/2016 09:51:02] "PrintHood"=C:\Users\admin\AppData\Roaming\Microsoft\Windows\Printer Shortcuts [17/05/2018 18:40:11] "{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}"=C:\Users\admin\Searches [24/11/2016 09:54:34] "{374DE290-123F-4565-9164-39C4925E467B}"=C:\Users\admin\Downloads [24/11/2016 09:51:02] "{A520A1A4-1780-4FF6-BD18-167343C5AF16}"=C:\Users\admin\AppData\LocalLow [24/11/2016 09:51:02] "Startup"=C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [24/11/2016 09:54:34] "Administrative Tools"=C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [24/11/2016 09:54:34] "Personal"=C:\Users\admin\Documents [24/11/2016 09:51:02] "{BFB9D5E0-C6A9-404C-B2B2-AE6DB6AF4968}"=C:\Users\admin\Links [24/11/2016 09:51:02] "Cache"=C:\Users\admin\AppData\Local\Microsoft\Windows\INetCache [17/05/2018 18:40:11] "Templates"=C:\Users\admin\AppData\Roaming\Microsoft\Windows\Templates [17/05/2018 18:40:11] "{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}"=C:\Users\admin\Saved Games [24/11/2016 09:51:02] "Fonts"=C:\WINDOWS\Fonts [12/04/2018 01:38:21] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders] "AppData"=%USERPROFILE%\AppData\Roaming "Cache"=C:\Users\admin\AppData\Local\Microsoft\Windows\INetCache [17/05/2018 18:40:11] "Cookies"=%USERPROFILE%\AppData\Local\Microsoft\Windows\INetCookies "Desktop"=%USERPROFILE%\Desktop "Favorites"=%USERPROFILE%\Favorites "History"=%USERPROFILE%\AppData\Local\Microsoft\Windows\History "Local AppData"=%USERPROFILE%\AppData\Local "My Music"=%USERPROFILE%\Music "My Pictures"=%USERPROFILE%\Pictures "My Video"=%USERPROFILE%\Videos "NetHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Network Shortcuts "Personal"=%USERPROFILE%\Documents "PrintHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Printer Shortcuts "Programs"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs "Recent"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Recent "SendTo"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\SendTo "Start Menu"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu "Startup"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup "Templates"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Templates "{374DE290-123F-4565-9164-39C4925E467B}"=%USERPROFILE%\Downloads [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] "Common Administrative Tools"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [12/04/2018 01:38:20] "Common AppData"=C:\ProgramData [12/04/2018 01:38:20] "Common Desktop"=C:\Users\Public\Desktop [16/07/2016 13:47:48] "Common Documents"=C:\Users\Public\Documents [16/07/2016 13:47:48] "Common Programs"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs [12/04/2018 01:38:20] "Common Start Menu"=C:\ProgramData\Microsoft\Windows\Start Menu [12/04/2018 01:38:20] "Common Startup"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [12/04/2018 01:38:20] "Common Templates"=C:\ProgramData\Microsoft\Windows\Templates [16/07/2016 13:47:48] "CommonMusic"=C:\Users\Public\Music [16/07/2016 13:47:48] "CommonPictures"=C:\Users\Public\Pictures [16/07/2016 13:47:48] "CommonVideo"=C:\Users\Public\Videos [16/07/2016 13:47:48] "OEM Links"=C:\ProgramData\OEM\Links [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders] "Common AppData"=%ProgramData% "Common Desktop"=%PUBLIC%\Desktop "Common Documents"=%PUBLIC%\Documents "Common Programs"=%ProgramData%\Microsoft\Windows\Start Menu\Programs "Common Start Menu"=%ProgramData%\Microsoft\Windows\Start Menu "Common Startup"=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup "Common Templates"=%ProgramData%\Microsoft\Windows\Templates "CommonMusic"=%PUBLIC%\Music "CommonPictures"=%PUBLIC%\Pictures "CommonVideo"=%PUBLIC%\Videos "{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"=%PUBLIC%\Downloads [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] "Common Administrative Tools"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [12/04/2018 01:38:20] "Common AppData"=C:\ProgramData [12/04/2018 01:38:20] "Common Desktop"=C:\Users\Public\Desktop [16/07/2016 13:47:48] "Common Documents"=C:\Users\Public\Documents [16/07/2016 13:47:48] "Common Programs"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs [12/04/2018 01:38:20] "Common Start Menu"=C:\ProgramData\Microsoft\Windows\Start Menu [12/04/2018 01:38:20] "Common Startup"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [12/04/2018 01:38:20] "Common Templates"=C:\ProgramData\Microsoft\Windows\Templates [16/07/2016 13:47:48] "CommonMusic"=C:\Users\Public\Music [16/07/2016 13:47:48] "CommonPictures"=C:\Users\Public\Pictures [16/07/2016 13:47:48] "CommonVideo"=C:\Users\Public\Videos [16/07/2016 13:47:48] "OEM Links"=C:\ProgramData\OEM\Links [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders] "Common AppData"=%ProgramData% "Common Desktop"=%PUBLIC%\Desktop "Common Documents"=%PUBLIC%\Documents "Common Programs"=%ProgramData%\Microsoft\Windows\Start Menu\Programs "Common Start Menu"=%ProgramData%\Microsoft\Windows\Start Menu "Common Startup"=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup "Common Templates"=%ProgramData%\Microsoft\Windows\Templates "CommonMusic"=%PUBLIC%\Music "CommonPictures"=%PUBLIC%\Pictures "CommonVideo"=%PUBLIC%\Videos "{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"=%PUBLIC%\Downloads ---------- | [admin] [12/04/2017 12:23:31] - |D| - [0] - C:\Users\admin\.Origin [12/04/2017 12:23:31] - |D| - [0] - C:\Users\admin\.QtWebEngineProcess [16/03/2017 18:55:15] - |RD| - [3235912] - C:\Users\admin\3D Objects [06/10/2017 23:20:40] - |D| - [0] - C:\Users\admin\ansel [17/05/2018 18:40:11] - |HD| - [13716940763] - C:\Users\admin\AppData [17/05/2018 18:40:11] - |SHD| - [0] - C:\Users\admin\Application Data [05/04/2018 17:13:20] - |D| - [10505] - C:\Users\admin\Cheathappens [24/11/2016 09:54:34] - |RD| - [412] - C:\Users\admin\Contacts [17/05/2018 18:40:11] - |SHD| - [0] - C:\Users\admin\Cookies [24/11/2016 09:51:02] - |RD| - [583132339] - C:\Users\admin\Desktop [24/11/2016 09:51:02] - |RD| - [11755543647] - C:\Users\admin\Documents [24/11/2016 09:51:02] - |RD| - [282] - C:\Users\admin\Downloads [20/09/2017 21:07:45] - |D| - [1736493] - C:\Users\admin\Evernote [24/11/2016 09:51:02] - |RD| - [690] - C:\Users\admin\Favorites [05/04/2018 14:36:54] - |D| - [0] - C:\Users\admin\FutureXGame [12/04/2018 01:34:52] - |N| - [59904] - C:\Users\admin\FxFyt.exe [28/05/2017 00:48:34] - |HD| - [0] - C:\Users\admin\InstallAnywhere [01/10/2017 13:30:21] - |SHD| - [25308] - C:\Users\admin\IntelGraphicsProfiles [24/11/2016 09:51:02] - |RD| - [1949] - C:\Users\admin\Links [05/01/2018 16:43:10] - |D| - [2654502] - C:\Users\admin\Lionhead Studios [17/05/2018 18:40:11] - |SHD| - [0] - C:\Users\admin\Local Settings [17/05/2018 18:40:11] - |SHD| - [0] - C:\Users\admin\Menu Démarrer [17/05/2018 18:40:11] - |SHD| - [0] - C:\Users\admin\Mes documents [18/11/2017 12:02:56] - |HD| - [3156288] - C:\Users\admin\MicrosoftEdgeBackups [17/05/2018 18:40:11] - |SHD| - [0] - C:\Users\admin\Modèles [24/11/2016 09:51:02] - |RD| - [20213645624] - C:\Users\admin\Music [17/05/2018 18:40:11] - |AH| - [6553600] - C:\Users\admin\NTUSER.DAT [17/05/2018 18:40:11] - |ASH| - [1662976] - C:\Users\admin\ntuser.dat.LOG1 [17/05/2018 18:40:11] - |ASH| - [1653760] - C:\Users\admin\ntuser.dat.LOG2 [17/05/2018 18:40:11] - |ASH| - [65536] - C:\Users\admin\NTUSER.DAT{1abadf53-59f9-11e8-8c9e-38d547123d78}.TM.blf [17/05/2018 18:40:11] - |ASH| - [524288] - C:\Users\admin\NTUSER.DAT{1abadf53-59f9-11e8-8c9e-38d547123d78}.TMContainer00000000000000000001.regtrans-ms [17/05/2018 18:40:11] - |ASH| - [524288] - C:\Users\admin\NTUSER.DAT{1abadf53-59f9-11e8-8c9e-38d547123d78}.TMContainer00000000000000000002.regtrans-ms [17/05/2018 18:45:35] - |SH| - [20] - C:\Users\admin\ntuser.ini [24/11/2016 09:55:54] - |RD| - [96] - C:\Users\admin\OneDrive [24/11/2016 09:51:02] - |RD| - [16306005822] - C:\Users\admin\Pictures [17/05/2018 18:40:11] - |SHD| - [0] - C:\Users\admin\Recent [24/11/2016 09:51:02] - |RD| - [120571221] - C:\Users\admin\Saved Games [24/11/2016 09:54:34] - |RD| - [1875] - C:\Users\admin\Searches [17/05/2018 18:40:11] - |SHD| - [0] - C:\Users\admin\SendTo [01/04/2017 15:19:34] - |D| - [385024] - C:\Users\admin\Tracing [24/11/2016 09:51:02] - |RD| - [732738230] - C:\Users\admin\Videos [17/05/2018 18:40:11] - |SHD| - [0] - C:\Users\admin\Voisinage d'impression [17/05/2018 18:40:11] - |SHD| - [0] - C:\Users\admin\Voisinage réseau [15/07/2018 11:44:25] - |A| - [3155328] - C:\Users\admin\ZHPDiag3.exe [12/11/2017 16:15:43] - |D| - [54987926] - C:\Users\admin\Zomboid [19/05/2018 20:59:20] - |D| - [8198122] - C:\Users\admin\Zotero [17/05/2018 18:40:11] - |D| - [4979339696] - C:\Users\admin\AppData\Local [24/11/2016 09:51:02] - |D| - [1622963504] - C:\Users\admin\AppData\LocalLow [17/05/2018 18:40:11] - |D| - [7114637563] - C:\Users\admin\AppData\Roaming [05/07/2018 14:24:06] - |HD| - [1632031] - C:\Users\admin\AppData\Local\$NtUninstallWIC$ [08/07/2018 10:22:53] - |HD| - [1632031] - C:\Users\admin\AppData\Local\1a8c3a8e-bf19-4ef3-adae-40e9f007b1b2 [09/12/2016 18:55:36] - |D| - [1124527] - C:\Users\admin\AppData\Local\2K Games [22/02/2018 17:54:25] - |D| - [4299] - C:\Users\admin\AppData\Local\4A Games [31/08/2017 19:05:20] - |D| - [139704] - C:\Users\admin\AppData\Local\Absolver [23/02/2017 18:07:58] - |D| - [2484] - C:\Users\admin\AppData\Local\AbzuGame [05/01/2017 15:37:38] - |D| - [9296881] - C:\Users\admin\AppData\Local\Adobe [02/06/2018 18:25:27] - |D| - [0] - C:\Users\admin\AppData\Local\ali213GameLauncher [30/04/2017 00:40:39] - |D| - [1495408] - C:\Users\admin\AppData\Local\Another Brick in the Mall [17/05/2018 18:40:11] - |SHD| - [0] - C:\Users\admin\AppData\Local\Application Data [05/09/2017 18:33:10] - |D| - [11221] - C:\Users\admin\AppData\Local\ArmA 2 [05/09/2017 18:52:54] - |D| - [0] - C:\Users\admin\AppData\Local\ArmA 2 OA [10/12/2016 21:41:30] - |D| - [36122996] - C:\Users\admin\AppData\Local\Arma 3 [10/12/2016 21:39:44] - |D| - [12417954] - C:\Users\admin\AppData\Local\Arma 3 Launcher [13/07/2018 19:03:23] - |A| - [143594] - C:\Users\admin\AppData\Local\ars.cache [27/05/2018 17:37:59] - |D| - [360138] - C:\Users\admin\AppData\Local\assembly [09/06/2018 20:07:58] - |D| - [228857] - C:\Users\admin\AppData\Local\AVGame [12/06/2018 13:56:32] - |D| - [1] - C:\Users\admin\AppData\Local\BattlEye [07/01/2017 18:55:56] - |D| - [17762] - C:\Users\admin\AppData\Local\Black_Tree_Gaming [28/07/2017 00:13:10] - |D| - [123] - C:\Users\admin\AppData\Local\Blizzard [27/07/2017 18:02:50] - |D| - [3215] - C:\Users\admin\AppData\Local\Blizzard Entertainment [10/12/2016 21:39:51] - |D| - [44168] - C:\Users\admin\AppData\Local\Bohemia_Interactive [01/08/2017 19:55:31] - |D| - [1101] - C:\Users\admin\AppData\Local\BrickRigs [27/02/2017 18:43:00] - |D| - [0] - C:\Users\admin\AppData\Local\Broadcom [23/06/2018 21:05:24] - |HD| - [1632031] - C:\Users\admin\AppData\Local\C.Framework [04/01/2018 16:13:36] - |D| - [1139] - C:\Users\admin\AppData\Local\CAPCOM [19/06/2018 18:18:16] - |HD| - [1632031] - C:\Users\admin\AppData\Local\CCleaner v9.18 [25/11/2016 13:42:33] - |D| - [11121083] - C:\Users\admin\AppData\Local\CEF [14/07/2018 01:30:08] - |A| - [379178] - C:\Users\admin\AppData\Local\census.cache [12/07/2018 09:28:16] - |HD| - [1632031] - C:\Users\admin\AppData\Local\Chrome Cleanup Tools [14/12/2016 10:24:44] - |D| - [40] - C:\Users\admin\AppData\Local\Chromium [24/11/2016 10:10:50] - |D| - [65540079] - C:\Users\admin\AppData\Local\Comms [24/11/2016 09:54:33] - |D| - [6706170] - C:\Users\admin\AppData\Local\ConnectedDevicesPlatform [24/11/2016 11:38:01] - |D| - [1900088] - C:\Users\admin\AppData\Local\CrashDumps [20/05/2018 14:39:47] - |D| - [2507796] - C:\Users\admin\AppData\Local\D3DSCache [31/05/2017 15:29:36] - |D| - [19173145] - C:\Users\admin\AppData\Local\Daedalic Entertainment GmbH [04/11/2017 16:49:16] - |D| - [2726] - C:\Users\admin\AppData\Local\DangerZone [25/11/2017 17:59:08] - |D| - [44] - C:\Users\admin\AppData\Local\Daybreak Game Company [29/08/2017 17:10:40] - |D| - [827472] - C:\Users\admin\AppData\Local\DayZ [12/06/2017 12:40:22] - |D| - [0] - C:\Users\admin\AppData\Local\DBG [20/08/2017 13:09:30] - |A| - [4608] - C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [30/09/2017 22:55:22] - |D| - [442] - C:\Users\admin\AppData\Local\Destructive_Creations [05/01/2017 18:52:35] - |D| - [0] - C:\Users\admin\AppData\Local\Diagnostics [17/02/2018 15:39:03] - |D| - [3862] - C:\Users\admin\AppData\Local\DigitalEntitlements [25/05/2017 15:50:18] - |D| - [399081870] - C:\Users\admin\AppData\Local\Discord [20/12/2016 17:56:12] - |D| - [1967] - C:\Users\admin\AppData\Local\Disc_Soft_Ltd [02/07/2018 22:00:04] - |D| - [430186] - C:\Users\admin\AppData\Local\Dontnod [29/04/2018 15:13:04] - |D| - [0] - C:\Users\admin\AppData\Local\Dovetail Games [10/07/2018 18:11:53] - |D| - [1048832] - C:\Users\admin\AppData\Local\dwarves [09/12/2016 22:09:16] - |D| - [120329] - C:\Users\admin\AppData\Local\ElevatedDiagnostics [30/09/2017 23:53:20] - |D| - [895] - C:\Users\admin\AppData\Local\EotU [28/07/2017 00:10:17] - |D| - [22167849] - C:\Users\admin\AppData\Local\EpicGamesLauncher [08/01/2017 01:13:30] - |D| - [2409] - C:\Users\admin\AppData\Local\Fallout4 [21/05/2018 21:03:15] - |D| - [2282] - C:\Users\admin\AppData\Local\Fallout4ModManager [21/05/2018 15:08:15] - |D| - [926] - C:\Users\admin\AppData\Local\FalloutNV [12/06/2018 14:41:48] - |D| - [174936] - C:\Users\admin\AppData\Local\FalloutShelter [12/06/2018 21:50:11] - |D| - [1461161] - C:\Users\admin\AppData\Local\FBS [27/02/2018 11:07:12] - |D| - [150029] - C:\Users\admin\AppData\Local\Fernbus [11/09/2017 20:05:53] - |D| - [14694] - C:\Users\admin\AppData\Local\FileZilla [31/05/2017 19:10:08] - |D| - [571] - C:\Users\admin\AppData\Local\FinchGame [18/01/2017 20:12:40] - |D| - [159794] - C:\Users\admin\AppData\Local\Fortify [28/07/2017 00:25:14] - |D| - [35282131] - C:\Users\admin\AppData\Local\FortniteGame [08/01/2017 21:24:42] - |D| - [5130] - C:\Users\admin\AppData\Local\Frontier Developments [08/01/2017 21:22:11] - |D| - [145813] - C:\Users\admin\AppData\Local\Frontier_Developments [02/03/2017 23:00:45] - |D| - [101529] - C:\Users\admin\AppData\Local\Funcom [26/03/2017 19:47:07] - |A| - [93] - C:\Users\admin\AppData\Local\fusioncache.dat [18/03/2018 22:03:30] - |D| - [0] - C:\Users\admin\AppData\Local\FXG [06/05/2018 20:52:17] - |D| - [146544] - C:\Users\admin\AppData\Local\Gaikai [13/04/2017 16:50:11] - |D| - [0] - C:\Users\admin\AppData\Local\Game Updater [20/08/2017 13:09:19] - |D| - [0] - C:\Users\admin\AppData\Local\GOG.com [20/03/2017 11:49:39] - |D| - [13419] - C:\Users\admin\AppData\Local\Google [27/04/2017 14:28:37] - |D| - [48] - C:\Users\admin\AppData\Local\Halo Wars [09/07/2018 12:22:24] - |D| - [9838] - C:\Users\admin\AppData\Local\HellbladeGame [24/01/2017 01:36:28] - |D| - [2419590] - C:\Users\admin\AppData\Local\Hinterland [17/05/2018 18:40:11] - |SHD| - [0] - C:\Users\admin\AppData\Local\Historique [13/07/2018 18:51:49] - |A| - [36] - C:\Users\admin\AppData\Local\housecall.guid.cache [07/07/2017 19:36:24] - |D| - [200006] - C:\Users\admin\AppData\Local\HyperLightDrifter [12/07/2018 13:19:35] - |AH| - [86663] - C:\Users\admin\AppData\Local\IconCache.db [30/03/2018 23:11:30] - |D| - [2852454] - C:\Users\admin\AppData\Local\Impero [04/07/2018 22:30:26] - |D| - [1239] - C:\Users\admin\AppData\Local\Injustice2 [12/12/2016 20:05:29] - |D| - [186319885] - C:\Users\admin\AppData\Local\Introversion [12/07/2018 10:24:12] - |D| - [7168] - C:\Users\admin\AppData\Local\Jagex [25/06/2017 11:00:47] - |D| - [5535053] - C:\Users\admin\AppData\Local\KADOKAWA [01/07/2018 10:47:08] - |HD| - [1632031] - C:\Users\admin\AppData\Local\KernelReports [16/06/2018 15:31:26] - |D| - [502] - C:\Users\admin\AppData\Local\LBA [05/04/2017 12:05:41] - |D| - [0] - C:\Users\admin\AppData\Local\LogMeIn [05/01/2017 15:44:27] - |D| - [0] - C:\Users\admin\AppData\Local\Macromedia [13/04/2017 16:51:42] - |D| - [13214062] - C:\Users\admin\AppData\Local\MassEffectModder [05/04/2018 13:03:57] - |D| - [4055] - C:\Users\admin\AppData\Local\Mass_Effect_Andromeda_(v1 [17/05/2018 18:40:11] - |D| - [576347272] - C:\Users\admin\AppData\Local\Microsoft [21/07/2017 14:36:21] - |D| - [0] - C:\Users\admin\AppData\Local\Microsoft Help [25/11/2016 12:43:07] - |D| - [75524] - C:\Users\admin\AppData\Local\MicrosoftEdge [28/11/2016 23:28:28] - |D| - [824] - C:\Users\admin\AppData\Local\Microsoft_&_Tunngle [26/06/2018 18:35:47] - |HD| - [1632031] - C:\Users\admin\AppData\Local\Miniport WDM Driver [27/05/2018 20:49:16] - |D| - [131112] - C:\Users\admin\AppData\Local\Mirillis [30/06/2017 22:27:43] - |D| - [3012] - C:\Users\admin\AppData\Local\mkw [25/11/2016 12:50:16] - |D| - [429120538] - C:\Users\admin\AppData\Local\Mozilla [30/09/2017 13:44:03] - |D| - [0] - C:\Users\admin\AppData\Local\My Games [12/06/2017 01:50:56] - |D| - [0] - C:\Users\admin\AppData\Local\Ndemic Creations [24/11/2016 10:36:18] - |D| - [0] - C:\Users\admin\AppData\Local\NetworkTiles [17/11/2017 23:13:58] - |D| - [0] - C:\Users\admin\AppData\Local\New Technology Studio [19/06/2018 19:09:19] - |D| - [3350] - C:\Users\admin\AppData\Local\NEW_CSD2_PS4Steam [06/10/2017 14:02:10] - |D| - [1215] - C:\Users\admin\AppData\Local\Nidhogg_2 [24/11/2016 11:37:52] - |D| - [758835977] - C:\Users\admin\AppData\Local\NVIDIA [24/11/2016 11:37:47] - |D| - [138923198] - C:\Users\admin\AppData\Local\NVIDIA Corporation [03/07/2018 11:15:15] - |D| - [976] - C:\Users\admin\AppData\Local\Oblivion [21/06/2018 15:39:47] - |HD| - [1632031] - C:\Users\admin\AppData\Local\Opera-12.8 [12/04/2017 12:23:26] - |D| - [205503735] - C:\Users\admin\AppData\Local\Origin [18/11/2017 11:47:10] - |D| - [381351760] - C:\Users\admin\AppData\Local\Packages [25/06/2017 20:56:09] - |D| - [0] - C:\Users\admin\AppData\Local\Paint.NET [11/06/2017 22:27:42] - |D| - [137345] - C:\Users\admin\AppData\Local\PAYDAY 2 [21/04/2018 15:46:18] - |D| - [0] - C:\Users\admin\AppData\Local\PlaceholderTileLogoFolder [23/06/2018 13:39:18] - |HD| - [1632031] - C:\Users\admin\AppData\Local\plugins [28/12/2016 02:05:29] - |D| - [0] - C:\Users\admin\AppData\Local\Programs [24/11/2016 09:54:36] - |D| - [28897044] - C:\Users\admin\AppData\Local\Publishers [15/04/2018 21:23:44] - |D| - [1009052] - C:\Users\admin\AppData\Local\PunkBuster [31/05/2017 23:21:25] - |D| - [76360] - C:\Users\admin\AppData\Local\Quadriga Games [31/12/2017 02:31:33] - |D| - [8171] - C:\Users\admin\AppData\Local\QuantumBreak [25/11/2017 21:47:00] - |D| - [4940] - C:\Users\admin\AppData\Local\Radline [31/08/2017 13:57:41] - |D| - [2522] - C:\Users\admin\AppData\Local\ROA2 [03/09/2017 16:14:38] - |D| - [0] - C:\Users\admin\AppData\Local\Rocket Bear Games [10/01/2017 18:12:26] - |D| - [80] - C:\Users\admin\AppData\Local\Rockstar Games [25/11/2017 17:59:08] - |D| - [0] - C:\Users\admin\AppData\Local\SCE [05/07/2018 22:31:29] - |D| - [23] - C:\Users\admin\AppData\Local\SKIDROW [10/04/2017 19:17:54] - |D| - [67584] - C:\Users\admin\AppData\Local\SkinSoft [29/05/2017 00:26:07] - |D| - [3832] - C:\Users\admin\AppData\Local\Skyrim [28/05/2017 17:39:07] - |D| - [833] - C:\Users\admin\AppData\Local\Skyrim Special Edition [06/05/2018 20:52:33] - |D| - [30862307] - C:\Users\admin\AppData\Local\Sony Interactive Entertainment Network America LLC [20/12/2016 20:21:49] - |D| - [2104490] - C:\Users\admin\AppData\Local\SpaceHulkGame [26/06/2017 22:34:07] - |D| - [3760] - C:\Users\admin\AppData\Local\speech [22/05/2017 17:46:57] - |D| - [86473] - C:\Users\admin\AppData\Local\SquirrelTemp [28/12/2016 02:16:33] - |D| - [2696] - C:\Users\admin\AppData\Local\Stardock [25/11/2016 13:42:33] - |D| - [764541176] - C:\Users\admin\AppData\Local\Steam [05/01/2017 15:17:21] - |D| - [326281] - C:\Users\admin\AppData\Local\StellarOverloadEA2 [05/09/2017 16:13:52] - |D| - [21595511] - C:\Users\admin\AppData\Local\StellarOverloadEA4 [20/05/2018 22:28:48] - |D| - [2074970] - C:\Users\admin\AppData\Local\StellarOverloadEA5 [13/06/2017 23:10:52] - |D| - [590] - C:\Users\admin\AppData\Local\SUPERHOT_Sp_z_o.o [17/05/2018 18:40:11] - |D| - [42497978] - C:\Users\admin\AppData\Local\Temp [17/05/2018 18:40:11] - |SHD| - [0] - C:\Users\admin\AppData\Local\Temporary Internet Files [27/05/2017 03:12:44] - |D| - [5639] - C:\Users\admin\AppData\Local\The Lord of the Rings Online [15/12/2017 16:45:59] - |D| - [17297] - C:\Users\admin\AppData\Local\TheDayAfter [18/03/2018 23:47:47] - |D| - [1855] - C:\Users\admin\AppData\Local\This_War_of_Mine_(v3.0.3) [26/06/2018 20:21:19] - |D| - [925] - C:\Users\admin\AppData\Local\THQ [24/11/2016 09:54:34] - |D| - [16797005] - C:\Users\admin\AppData\Local\TileDataLayer [20/08/2017 13:09:27] - |D| - [759] - C:\Users\admin\AppData\Local\TrailsOfColdSteel1 [06/10/2017 21:38:43] - |D| - [927] - C:\Users\admin\AppData\Local\Treexy [26/03/2017 19:47:07] - |D| - [3093119] - C:\Users\admin\AppData\Local\Turbine [15/05/2018 18:16:23] - |D| - [545838] - C:\Users\admin\AppData\Local\TurmoilSteam [26/11/2016 10:15:35] - |D| - [5206662] - C:\Users\admin\AppData\Local\Uber Entertainment [06/02/2017 20:24:59] - |D| - [4253] - C:\Users\admin\AppData\Local\Ubisoft Game Launcher [19/05/2017 12:17:41] - |D| - [0] - C:\Users\admin\AppData\Local\UNP [10/06/2018 13:05:45] - |D| - [13144] - C:\Users\admin\AppData\Local\Unravel [20/12/2016 20:21:49] - |D| - [297] - C:\Users\admin\AppData\Local\UnrealEngine [28/07/2017 00:10:18] - |D| - [0] - C:\Users\admin\AppData\Local\UnrealEngineLauncher [24/11/2016 09:54:34] - |D| - [0] - C:\Users\admin\AppData\Local\VirtualStore [31/03/2017 11:13:23] - |D| - [558652] - C:\Users\admin\AppData\Local\Warframe [23/02/2017 14:57:51] - |D| - [94208] - C:\Users\admin\AppData\Local\WB Games [30/04/2018 11:30:41] - |D| - [691395884] - C:\Users\admin\AppData\Local\WhatsApp [07/04/2018 12:20:45] - |D| - [10467471] - C:\Users\admin\AppData\Local\Windforge [02/07/2018 12:05:28] - |HD| - [1632031] - C:\Users\admin\AppData\Local\Windows Media Player [03/07/2018 10:39:48] - |HD| - [1632031] - C:\Users\admin\AppData\Local\Windows Media Player 11 [09/07/2018 00:16:30] - |HD| - [1632031] - C:\Users\admin\AppData\Local\Windows Workflow Foundation [10/07/2018 17:50:52] - |HD| - [1632031] - C:\Users\admin\AppData\Local\Windows.Config.Msi [15/06/2018 11:06:00] - |A| - [2] - C:\Users\admin\AppData\Local\WMI.ini [16/12/2017 18:45:12] - |D| - [1252738] - C:\Users\admin\AppData\Local\YlandsLauncher [13/07/2018 14:17:30] - |D| - [126322] - C:\Users\admin\AppData\Local\ZHP [19/05/2018 20:59:19] - |D| - [3201839] - C:\Users\admin\AppData\Local\Zotero [02/06/2018 16:31:49] - |D| - [23329] - C:\Users\admin\AppData\LocalLow\3rd Eye Studios [08/05/2017 13:17:32] - |D| - [606] - C:\Users\admin\AppData\LocalLow\8 Points [13/03/2017 21:47:10] - |D| - [44032] - C:\Users\admin\AppData\LocalLow\Adobe [31/05/2017 19:19:23] - |D| - [563] - C:\Users\admin\AppData\LocalLow\Aerosoft [26/05/2017 11:41:47] - |D| - [13067] - C:\Users\admin\AppData\LocalLow\Airborne Games [12/12/2016 21:24:07] - |D| - [0] - C:\Users\admin\AppData\LocalLow\AMPLITUDE Studios [05/10/2017 15:55:40] - |D| - [5264890] - C:\Users\admin\AppData\LocalLow\Apoapsis Studios [16/12/2017 20:20:39] - |D| - [86846] - C:\Users\admin\AppData\LocalLow\Arachnid Games [28/06/2018 01:11:55] - |D| - [213326] - C:\Users\admin\AppData\LocalLow\Audiosurf, LLC [08/05/2018 18:28:23] - |D| - [2920] - C:\Users\admin\AppData\LocalLow\Audiosurf_ LLC [11/02/2018 13:58:07] - |D| - [1185] - C:\Users\admin\AppData\LocalLow\Berserk Games [02/07/2018 19:33:38] - |D| - [3593226] - C:\Users\admin\AppData\LocalLow\CampoSanto [31/05/2017 18:50:08] - |D| - [1133] - C:\Users\admin\AppData\LocalLow\Carbomb Software [15/04/2018 15:35:37] - |D| - [73799] - C:\Users\admin\AppData\LocalLow\CCCP [25/05/2018 18:11:12] - |D| - [2591554] - C:\Users\admin\AppData\LocalLow\Clarus Victoria [15/10/2017 21:15:13] - |D| - [9639475] - C:\Users\admin\AppData\LocalLow\CodeHorizon [04/02/2017 00:42:52] - |D| - [29280] - C:\Users\admin\AppData\LocalLow\Coffee Powered Machine [27/05/2018 00:11:04] - |D| - [28166] - C:\Users\admin\AppData\LocalLow\Contingent99 [01/01/2018 18:11:33] - |D| - [3386575] - C:\Users\admin\AppData\LocalLow\Craneballs [31/05/2017 15:29:27] - |D| - [1200403] - C:\Users\admin\AppData\LocalLow\Daedalic Entertainment GmbH [25/11/2017 17:59:08] - |D| - [854849] - C:\Users\admin\AppData\LocalLow\Daybreak Game Company [27/09/2017 20:58:02] - |D| - [8975] - C:\Users\admin\AppData\LocalLow\DefaultCompany [19/04/2017 23:41:20] - |D| - [68904] - C:\Users\admin\AppData\LocalLow\DoMyBest [04/03/2017 14:53:06] - |D| - [262304] - C:\Users\admin\AppData\LocalLow\Dry Cactus [16/06/2018 16:45:30] - |D| - [32768] - C:\Users\admin\AppData\LocalLow\Eleon Game Studios [20/05/2018 15:36:13] - |D| - [1614434] - C:\Users\admin\AppData\LocalLow\Empyrean [20/09/2017 21:06:20] - |D| - [6] - C:\Users\admin\AppData\LocalLow\Evernote [07/10/2017 12:50:13] - |D| - [633] - C:\Users\admin\AppData\LocalLow\Every Single Soldier [26/11/2017 23:56:03] - |D| - [17297] - C:\Users\admin\AppData\LocalLow\Facepunch Studios LTD [09/05/2018 23:52:51] - |D| - [94893319] - C:\Users\admin\AppData\LocalLow\Failbetter Games [01/01/2018 18:35:05] - |D| - [1009] - C:\Users\admin\AppData\LocalLow\Fenix Fire Entertainment [01/10/2017 10:44:50] - |D| - [245144] - C:\Users\admin\AppData\LocalLow\Full Control [06/04/2018 18:09:54] - |D| - [374] - C:\Users\admin\AppData\LocalLow\Gaddy Games [13/08/2017 12:24:14] - |D| - [11749] - C:\Users\admin\AppData\LocalLow\Ghost Town Games [25/01/2017 13:53:53] - |D| - [672] - C:\Users\admin\AppData\LocalLow\Hinterland [04/03/2017 15:45:01] - |D| - [0] - C:\Users\admin\AppData\LocalLow\Iceberg Interactive [06/10/2017 21:43:17] - |D| - [177] - C:\Users\admin\AppData\LocalLow\IObit [03/09/2017 19:15:45] - |D| - [842] - C:\Users\admin\AppData\LocalLow\IronOak Games [18/03/2018 15:00:11] - |D| - [582] - C:\Users\admin\AppData\LocalLow\Jujubee S_A_ [12/06/2018 22:32:11] - |D| - [27673902] - C:\Users\admin\AppData\LocalLow\JutsuGames [12/06/2018 21:09:08] - |D| - [6865] - C:\Users\admin\AppData\LocalLow\Killerfish Games [08/10/2017 13:52:50] - |D| - [20797] - C:\Users\admin\AppData\LocalLow\Kitfox Games [06/02/2018 23:00:31] - |D| - [63798] - C:\Users\admin\AppData\LocalLow\KK Game Studio [15/06/2018 15:24:28] - |D| - [0] - C:\Users\admin\AppData\LocalLow\Klei [21/05/2018 18:14:28] - |D| - [2263] - C:\Users\admin\AppData\LocalLow\Landfall [27/10/2017 16:39:29] - |D| - [6707] - C:\Users\admin\AppData\LocalLow\Landfall West [11/06/2018 14:32:04] - |D| - [25583483] - C:\Users\admin\AppData\LocalLow\Lazy Bear Games [09/07/2017 19:15:51] - |D| - [21895555] - C:\Users\admin\AppData\LocalLow\League of Geeks [24/05/2017 20:59:22] - |D| - [795] - C:\Users\admin\AppData\LocalLow\LionShield [17/02/2018 16:45:19] - |D| - [1129648] - C:\Users\admin\AppData\LocalLow\LionsShade [30/04/2017 14:01:05] - |D| - [958] - C:\Users\admin\AppData\LocalLow\Logic Artists [25/11/2016 20:50:37] - |D| - [91891289] - C:\Users\admin\AppData\LocalLow\Ludeon Studios [18/03/2017 17:21:03] - |D| - [219] - C:\Users\admin\AppData\LocalLow\LVGameDev LLC [06/05/2018 18:35:40] - |D| - [99709] - C:\Users\admin\AppData\LocalLow\MalkyrsStudio [22/05/2018 18:51:40] - |D| - [851160] - C:\Users\admin\AppData\LocalLow\Marmalade Game Studio [24/11/2016 10:34:28] - |SD| - [308447] - C:\Users\admin\AppData\LocalLow\Microsoft [28/12/2016 02:16:29] - |D| - [0] - C:\Users\admin\AppData\LocalLow\MohawkGames [25/11/2016 12:50:32] - |D| - [9883648] - C:\Users\admin\AppData\LocalLow\Mozilla [16/06/2018 12:27:22] - |D| - [796] - C:\Users\admin\AppData\LocalLow\NilsJakrins [11/04/2017 15:48:43] - |D| - [890215] - C:\Users\admin\AppData\LocalLow\noio [17/05/2018 20:39:25] - |D| - [3643027] - C:\Users\admin\AppData\LocalLow\Okomotive [05/06/2018 19:00:46] - |D| - [2632] - C:\Users\admin\AppData\LocalLow\Ominux Games [14/12/2016 14:34:01] - |D| - [202871082] - C:\Users\admin\AppData\LocalLow\Oracle [08/05/2017 15:31:09] - |D| - [8687] - C:\Users\admin\AppData\LocalLow\Playdead [23/06/2018 18:17:55] - |D| - [39226] - C:\Users\admin\AppData\LocalLow\PlayWay SA [21/05/2018 12:54:07] - |D| - [1710695] - C:\Users\admin\AppData\LocalLow\Popcannibal [26/05/2017 11:40:35] - |D| - [1413] - C:\Users\admin\AppData\LocalLow\RAC7 [26/02/2018 18:37:59] - |D| - [0] - C:\Users\admin\AppData\LocalLow\Reconnect Software LTD [15/12/2017 16:50:30] - |D| - [181709] - C:\Users\admin\AppData\LocalLow\Red Dot Games [23/07/2017 00:28:15] - |D| - [2610224] - C:\Users\admin\AppData\LocalLow\Red Thread Games [24/05/2018 21:11:40] - |D| - [5204] - C:\Users\admin\AppData\LocalLow\Redbeet Interactive [20/03/2017 13:59:30] - |D| - [0] - C:\Users\admin\AppData\LocalLow\Sauropod Studio [31/03/2018 18:55:07] - |D| - [581] - C:\Users\admin\AppData\LocalLow\SeithCG [01/10/2017 15:51:21] - |D| - [576] - C:\Users\admin\AppData\LocalLow\Si7 studio [22/01/2017 00:40:41] - |D| - [221419] - C:\Users\admin\AppData\LocalLow\SKS [22/03/2017 18:10:29] - |D| - [2373] - C:\Users\admin\AppData\LocalLow\Smartly Dressed Games [05/09/2017 23:22:53] - |D| - [1619] - C:\Users\admin\AppData\LocalLow\SOFF Games [25/04/2017 12:32:54] - |D| - [564053] - C:\Users\admin\AppData\LocalLow\SomaSim [03/09/2017 12:16:04] - |D| - [8162632] - C:\Users\admin\AppData\LocalLow\Square Enix [12/06/2018 16:49:20] - |D| - [15577120] - C:\Users\admin\AppData\LocalLow\Squeaky Wheel [12/06/2017 01:47:18] - |D| - [0] - C:\Users\admin\AppData\LocalLow\Strange Fire [07/02/2018 19:47:33] - |D| - [8385] - C:\Users\admin\AppData\LocalLow\Strange Loop Games [31/05/2017 20:44:32] - |D| - [620] - C:\Users\admin\AppData\LocalLow\Strategiae [22/08/2017 18:33:21] - |D| - [696] - C:\Users\admin\AppData\LocalLow\Subterranean Games [29/11/2016 15:27:25] - |D| - [16211] - C:\Users\admin\AppData\LocalLow\Sun [06/05/2018 21:39:22] - |D| - [26306525] - C:\Users\admin\AppData\LocalLow\Suncrash [13/06/2017 23:10:55] - |D| - [5002] - C:\Users\admin\AppData\LocalLow\SUPERHOT_Team [11/09/2017 17:50:55] - |D| - [1183] - C:\Users\admin\AppData\LocalLow\Tangled Mess Games [22/08/2017 15:00:28] - |D| - [130312] - C:\Users\admin\AppData\LocalLow\Team 17 Digital ltd_ [08/12/2016 00:31:43] - |D| - [0] - C:\Users\admin\AppData\LocalLow\Temp [31/05/2018 00:59:05] - |D| - [0] - C:\Users\admin\AppData\LocalLow\The Fullbright Company [28/04/2018 12:51:02] - |D| - [11941] - C:\Users\admin\AppData\LocalLow\The Irregular Corp [17/01/2017 16:17:20] - |D| - [1489] - C:\Users\admin\AppData\LocalLow\Thunder Lotus Games [04/02/2017 00:01:08] - |D| - [1870306] - C:\Users\admin\AppData\LocalLow\U-Play online [04/07/2017 23:39:04] - |D| - [1053341683] - C:\Users\admin\AppData\LocalLow\Unity [23/02/2017 19:52:41] - |D| - [1460] - C:\Users\admin\AppData\LocalLow\Unknown Worlds [12/06/2017 12:49:49] - |D| - [261261] - C:\Users\admin\AppData\LocalLow\Weappy [08/10/2017 12:41:59] - |D| - [883491] - C:\Users\admin\AppData\LocalLow\Zillion Whales [21/12/2016 16:49:41] - |D| - [1250240513] - C:\Users\admin\AppData\Roaming\.crusadercraft [29/11/2016 15:28:31] - |D| - [1129215855] - C:\Users\admin\AppData\Roaming\.metro2033 [29/11/2016 13:53:24] - |D| - [997510302] - C:\Users\admin\AppData\Roaming\.minecraft [27/01/2017 01:00:08] - |D| - [0] - C:\Users\admin\AppData\Roaming\.mono [23/07/2017 01:03:54] - |D| - [89] - C:\Users\admin\AppData\Roaming\.StarMade [14/12/2016 12:39:24] - |D| - [488013769] - C:\Users\admin\AppData\Roaming\.technic [21/12/2016 16:33:47] - |D| - [393639594] - C:\Users\admin\AppData\Roaming\.VoidLauncher [25/01/2017 16:44:49] - |D| - [2344] - C:\Users\admin\AppData\Roaming\10tons [18/03/2018 21:26:59] - |D| - [338] - C:\Users\admin\AppData\Roaming\11bitstudios [29/07/2017 23:35:31] - |D| - [13810] - C:\Users\admin\AppData\Roaming\2K Sports [07/03/2018 20:56:17] - |D| - [33312] - C:\Users\admin\AppData\Roaming\7DaysToDie [24/11/2016 09:54:34] - |D| - [3909335] - C:\Users\admin\AppData\Roaming\Adobe [05/10/2017 15:55:48] - |D| - [0] - C:\Users\admin\AppData\Roaming\Apoapsis Studios [10/06/2017 18:03:16] - |D| - [10472] - C:\Users\admin\AppData\Roaming\Aurora [08/10/2017 14:53:31] - |D| - [8909755] - C:\Users\admin\AppData\Roaming\AVAST Software [27/11/2016 19:56:10] - |D| - [43467563] - C:\Users\admin\AppData\Roaming\BitComet [26/05/2017 00:15:12] - |D| - [139372789] - C:\Users\admin\AppData\Roaming\Brotsoft [17/02/2018 15:39:15] - |D| - [192] - C:\Users\admin\AppData\Roaming\CitizenFX [29/08/2017 20:55:45] - |D| - [4529852] - C:\Users\admin\AppData\Roaming\Command and Conquer 3 Tiberium Wars [29/09/2017 23:09:51] - |D| - [0] - C:\Users\admin\AppData\Roaming\Crystal Dynamics [14/12/2016 12:52:38] - |D| - [0] - C:\Users\admin\AppData\Roaming\Curse [14/12/2016 12:52:46] - |AD| - [480373610] - C:\Users\admin\AppData\Roaming\Curse Client [20/12/2016 17:55:29] - |D| - [0] - C:\Users\admin\AppData\Roaming\DAEMON Tools Lite [14/07/2017 00:27:42] - |D| - [8253578] - C:\Users\admin\AppData\Roaming\DarkSoulsII [22/05/2017 17:47:11] - |D| - [90128958] - C:\Users\admin\AppData\Roaming\discord [02/07/2018 18:12:35] - |D| - [48155] - C:\Users\admin\AppData\Roaming\Doublefine [05/03/2017 23:19:32] - |D| - [2537] - C:\Users\admin\AppData\Roaming\Druide [12/12/2016 22:26:28] - |D| - [203] - C:\Users\admin\AppData\Roaming\dvdcss [30/06/2017 22:27:42] - |D| - [0] - C:\Users\admin\AppData\Roaming\Editor [01/02/2017 19:31:57] - |D| - [0] - C:\Users\admin\AppData\Roaming\Eidos Montreal [10/06/2017 16:13:07] - |D| - [9165905] - C:\Users\admin\AppData\Roaming\electron-quick-start [07/01/2018 11:57:38] - |D| - [19714933] - C:\Users\admin\AppData\Roaming\Factorio [19/12/2016 19:54:01] - |D| - [5612480] - C:\Users\admin\AppData\Roaming\Fatshark [10/09/2017 23:20:52] - |D| - [19749] - C:\Users\admin\AppData\Roaming\FileZilla [18/01/2017 14:24:38] - |D| - [4133131] - C:\Users\admin\AppData\Roaming\FiraxisLive [08/01/2017 21:24:42] - |D| - [48] - C:\Users\admin\AppData\Roaming\Frontier Developments [06/10/2017 20:53:47] - |D| - [27594] - C:\Users\admin\AppData\Roaming\Full Control [26/05/2017 00:15:06] - |A| - [38043440] - C:\Users\admin\AppData\Roaming\gameboxsetup.exe [22/12/2016 20:28:22] - |D| - [96076819] - C:\Users\admin\AppData\Roaming\GameRanger [02/06/2018 18:16:50] - |D| - [37] - C:\Users\admin\AppData\Roaming\GameSparks [17/01/2017 23:34:56] - |D| - [53743] - C:\Users\admin\AppData\Roaming\Goldhawk Interactive [29/12/2017 16:39:32] - |D| - [1446087] - C:\Users\admin\AppData\Roaming\HelloGames [23/06/2018 00:17:17] - |D| - [571916] - C:\Users\admin\AppData\Roaming\Io Interactive [06/10/2017 21:42:50] - |D| - [404356] - C:\Users\admin\AppData\Roaming\IObit [29/11/2016 13:53:25] - |D| - [0] - C:\Users\admin\AppData\Roaming\java [08/07/2018 17:38:01] - |D| - [46796] - C:\Users\admin\AppData\Roaming\kaiko [26/02/2017 14:34:58] - |D| - [14569056] - C:\Users\admin\AppData\Roaming\Kalypso Media [14/01/2018 15:23:51] - |D| - [577891] - C:\Users\admin\AppData\Roaming\Knights Saves [25/07/2017 21:28:23] - |D| - [460019] - C:\Users\admin\AppData\Roaming\Launcher CSP-IRG [01/06/2017 22:18:51] - |D| - [831016995] - C:\Users\admin\AppData\Roaming\LEGO Company [02/01/2018 23:27:26] - |D| - [334749] - C:\Users\admin\AppData\Roaming\Lionhead Studios [05/01/2017 15:44:27] - |D| - [2177] - C:\Users\admin\AppData\Roaming\Macromedia [21/03/2017 19:33:11] - |D| - [190747332] - C:\Users\admin\AppData\Roaming\MedievalEngineers [17/05/2018 18:40:11] - |SD| - [11384544] - C:\Users\admin\AppData\Roaming\Microsoft [27/05/2018 20:49:18] - |D| - [20] - C:\Users\admin\AppData\Roaming\Mirillis [18/01/2017 14:22:49] - |D| - [33066] - C:\Users\admin\AppData\Roaming\ModLauncherWPF [06/10/2017 16:21:07] - |D| - [0] - C:\Users\admin\AppData\Roaming\Monopoly Plus [27/11/2016 18:25:19] - |D| - [154741] - C:\Users\admin\AppData\Roaming\Mount&Blade Warband [06/01/2017 21:28:16] - |D| - [4] - C:\Users\admin\AppData\Roaming\Mount&Blade With Fire and Sword [25/11/2016 12:50:16] - |D| - [67438820] - C:\Users\admin\AppData\Roaming\Mozilla [28/08/2017 01:40:55] - |D| - [2373] - C:\Users\admin\AppData\Roaming\Nidhogg [26/11/2016 10:15:38] - |D| - [32090530] - C:\Users\admin\AppData\Roaming\NVIDIA [04/02/2017 13:57:13] - |D| - [29528625] - C:\Users\admin\AppData\Roaming\OpenOffice [12/04/2017 12:30:50] - |D| - [21218] - C:\Users\admin\AppData\Roaming\Origin [06/10/2017 20:36:37] - |D| - [0] - C:\Users\admin\AppData\Roaming\Panda Security [11/05/2017 18:06:23] - |D| - [0] - C:\Users\admin\AppData\Roaming\Petroglyph [14/04/2018 13:16:25] - |D| - [2168] - C:\Users\admin\AppData\Roaming\PhotoFiltre 7 [05/03/2017 23:15:28] - |D| - [444588] - C:\Users\admin\AppData\Roaming\PixelPiracy [06/05/2018 20:52:32] - |D| - [72724804] - C:\Users\admin\AppData\Roaming\playstation-now [15/06/2018 15:36:18] - |D| - [413801] - C:\Users\admin\AppData\Roaming\Police Tactics Imperio [12/06/2018 21:15:30] - |D| - [913361] - C:\Users\admin\AppData\Roaming\Pro Cycling Manager 2017 [26/07/2017 14:15:28] - |D| - [41810028] - C:\Users\admin\AppData\Roaming\Promotion Software GmbH [01/01/2018 19:00:04] - |D| - [1423547] - C:\Users\admin\AppData\Roaming\rsilauncher [25/01/2017 16:50:31] - |D| - [2388246] - C:\Users\admin\AppData\Roaming\Running with rifles [06/10/2017 20:36:43] - |D| - [1150] - C:\Users\admin\AppData\Roaming\Search The Web [24/11/2016 10:35:06] - |D| - [76569795] - C:\Users\admin\AppData\Roaming\Skype [18/03/2017 17:21:05] - |D| - [2639] - C:\Users\admin\AppData\Roaming\SmartSteamEmu [06/05/2018 20:50:50] - |D| - [279] - C:\Users\admin\AppData\Roaming\Sony Interactive Entertainment Network America LLC [25/06/2017 01:11:36] - |D| - [54719234] - C:\Users\admin\AppData\Roaming\SpinTires [22/07/2017 15:30:58] - |D| - [0] - C:\Users\admin\AppData\Roaming\StarMade Launcher [07/12/2016 19:42:04] - |D| - [968247] - C:\Users\admin\AppData\Roaming\Steam [15/04/2018 16:07:55] - |D| - [65519005] - C:\Users\admin\AppData\Roaming\Stormworks [29/11/2016 15:27:25] - |D| - [0] - C:\Users\admin\AppData\Roaming\Sun [29/05/2017 13:37:49] - |D| - [2593] - C:\Users\admin\AppData\Roaming\Teeworlds [03/01/2017 18:23:53] - |D| - [108071741] - C:\Users\admin\AppData\Roaming\The Creative Assembly [08/04/2017 13:06:05] - |D| - [173206] - C:\Users\admin\AppData\Roaming\The Witness [04/09/2017 20:46:55] - |D| - [0] - C:\Users\admin\AppData\Roaming\The Zombie Infection [27/05/2018 19:21:45] - |D| - [0] - C:\Users\admin\AppData\Roaming\trainerv [28/05/2018 18:18:31] - |D| - [211773320] - C:\Users\admin\AppData\Roaming\Transport Fever [06/10/2017 21:38:20] - |D| - [0] - C:\Users\admin\AppData\Roaming\Treexy [26/02/2017 14:35:00] - |D| - [28954988] - C:\Users\admin\AppData\Roaming\Tropico 5 [20/03/2017 13:41:34] - |D| - [484221] - C:\Users\admin\AppData\Roaming\Trove [07/09/2017 10:39:55] - |D| - [10820] - C:\Users\admin\AppData\Roaming\Twitch [27/11/2016 19:44:18] - |D| - [17719198] - C:\Users\admin\AppData\Roaming\uTorrent [12/06/2018 12:59:47] - |D| - [88] - C:\Users\admin\AppData\Roaming\v5.Menace RP [12/12/2016 22:26:33] - |D| - [87909] - C:\Users\admin\AppData\Roaming\vlc [27/12/2017 21:25:38] - |A| - [4666] - C:\Users\admin\AppData\Roaming\VoiceMeeterDefault.xml [21/03/2017 16:51:46] - |D| - [8350130] - C:\Users\admin\AppData\Roaming\Warner Bros. Interactive Entertainment [22/05/2018 15:00:51] - |D| - [2293382] - C:\Users\admin\AppData\Roaming\WB Games [26/06/2017 11:58:33] - |D| - [410] - C:\Users\admin\AppData\Roaming\WesteradoDB [30/04/2018 11:30:24] - |D| - [11969930] - C:\Users\admin\AppData\Roaming\WhatsApp [27/11/2016 22:17:56] - |D| - [12] - C:\Users\admin\AppData\Roaming\WinRAR [14/07/2018 00:16:14] - |D| - [4264424] - C:\Users\admin\AppData\Roaming\ZHP [19/05/2018 20:59:19] - |D| - [11219482] - C:\Users\admin\AppData\Roaming\Zotero [24/11/2016 09:54:34] - |SH| - [174] - C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini [17/05/2018 18:40:11] - |SHD| - [0] - C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes [24/11/2016 09:51:02] - |RD| - [57306] - C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [27/11/2016 19:47:17] - |A| - [876] - C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk [17/05/2018 18:40:11] - |RD| - [3888] - C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility [17/05/2018 18:40:11] - |RD| - [2805] - C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [24/11/2016 09:54:34] - |RD| - [174] - C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [24/06/2017 20:34:06] - |D| - [1209] - C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AGOT [05/09/2017 18:33:08] - |D| - [1253] - C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive [17/05/2018 18:40:11] - |SH| - [264] - C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini [13/08/2017 11:33:33] - |D| - [0] - C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc [28/05/2018 14:42:29] - |A| - [2035] - C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FiveM Singleplayer.lnk [28/05/2018 14:42:29] - |A| - [2027] - C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FiveM.lnk [22/12/2016 20:28:22] - |A| - [1105] - C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameRanger.lnk [25/05/2017 15:27:37] - |D| - [2247] - C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc [29/12/2017 17:57:14] - |D| - [0] - C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iStripper [17/05/2018 18:40:11] - |D| - [170] - C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [28/05/2017 01:53:07] - |D| - [1559] - C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mount&Blade Warband [17/05/2018 18:40:11] - |A| - [2407] - C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk [14/04/2018 13:16:24] - |D| - [3292] - C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PhotoFiltre 7 [31/05/2017 23:21:13] - |D| - [0] - C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Quadriga Games [25/09/2017 19:58:31] - |A| - [597] - C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RAM Cheat.lnk [24/11/2016 09:54:34] - |RD| - [1010] - C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [17/05/2018 18:40:11] - |RD| - [3496] - C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools [28/05/2017 00:51:15] - |D| - [0] - C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Elder Scrolls Online [21/01/2017 22:12:44] - |D| - [1221] - C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Third Age - Total War 3.0 (Part 1of2) [21/01/2017 22:14:51] - |D| - [1221] - C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Third Age - Total War 3.0 (Part 2of2) [07/09/2017 10:39:48] - |A| - [990] - C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Twitch.lnk [06/02/2017 20:24:59] - |D| - [1957] - C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft [27/12/2017 21:19:57] - |D| - [9051] - C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VB Audio [30/04/2018 11:30:45] - |D| - [2275] - C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp [17/05/2018 18:40:11] - |RD| - [7754] - C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell [27/11/2016 22:17:40] - |D| - [3299] - C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [24/11/2016 09:54:34] - |SH| - [174] - C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini [20/09/2017 21:14:17] - |A| - [836] - C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk ---------- | [Public] [24/11/2016 09:54:34] - |RHD| - [196] - C:\Users\Public\AccountPictures [16/07/2016 13:47:48] - |RHD| - [30197] - C:\Users\Public\Desktop [12/04/2018 01:38:24] - |ASH| - [174] - C:\Users\Public\desktop.ini [16/07/2016 13:47:48] - |RD| - [125839275] - C:\Users\Public\Documents [16/07/2016 13:47:48] - |RD| - [174] - C:\Users\Public\Downloads [12/04/2018 01:38:20] - |RHD| - [1135] - C:\Users\Public\Libraries [16/07/2016 13:47:48] - |RD| - [380] - C:\Users\Public\Music [16/07/2016 13:47:48] - |RD| - [1263209] - C:\Users\Public\Pictures [16/07/2016 13:47:48] - |RD| - [380] - C:\Users\Public\Videos ---------- | C:\ProgramData [12/05/2017 00:39:40] - |D| - [0] - C:\ProgramData\.mono [13/03/2017 21:41:54] - |D| - [363522726] - C:\ProgramData\Adobe [08/12/2017 20:31:59] - |D| - [0] - C:\ProgramData\Age of Empires 3 [17/05/2018 18:45:25] - |SHD| - [0] - C:\ProgramData\Application Data [25/11/2016 12:54:24] - |D| - [370491213] - C:\ProgramData\AVAST Software [27/07/2017 18:01:05] - |D| - [14250198] - C:\ProgramData\Battle.net [27/07/2017 18:06:23] - |D| - [1420418] - C:\ProgramData\Blizzard Entertainment [10/12/2016 21:41:30] - |D| - [0] - C:\ProgramData\Bohemia Interactive [05/09/2017 18:52:54] - |D| - [0] - C:\ProgramData\Bohemia Interactive Studio [24/11/2016 09:41:25] - |SHD| - [0] - C:\ProgramData\Bureau [04/09/2017 20:47:30] - |D| - [1928684] - C:\ProgramData\Caphyon [03/05/2017 22:02:28] - |D| - [0] - C:\ProgramData\Codemasters [16/07/2016 13:47:48] - |D| - [0] - C:\ProgramData\Comms [20/12/2016 17:53:50] - |D| - [3020] - C:\ProgramData\DAEMON Tools Lite [17/05/2018 18:45:25] - |SHD| - [0] - C:\ProgramData\Documents [04/01/2018 23:28:26] - |SHD| - [34365] - C:\ProgramData\DSS [09/07/2017 21:18:33] - |D| - [0] - C:\ProgramData\Elder Scrolls Online [28/08/2017 01:03:40] - |D| - [2771] - C:\ProgramData\Electronic Arts [28/07/2017 00:10:10] - |D| - [35800534] - C:\ProgramData\Epic [23/12/2016 16:42:33] - |D| - [482953214] - C:\ProgramData\Firefly Studios [24/05/2018 23:27:31] - |D| - [8961702] - C:\ProgramData\For Honor Data [31/08/2017 18:33:02] - |D| - [705765] - C:\ProgramData\GOG.com [17/01/2017 23:34:56] - |D| - [0] - C:\ProgramData\Goldhawk Interactive [06/10/2017 21:43:17] - |D| - [201607205] - C:\ProgramData\IObit [12/07/2018 10:24:07] - |D| - [85560616] - C:\ProgramData\Jagex [09/05/2018 13:27:08] - |D| - [0] - C:\ProgramData\KONAMI [05/04/2017 12:05:41] - |D| - [0] - C:\ProgramData\LogMeIn [14/07/2018 10:50:57] - |D| - [91073996] - C:\ProgramData\Malwarebytes [01/01/2018 17:17:45] - |D| - [9805499] - C:\ProgramData\MegaTrainerUltimate [24/11/2016 09:41:25] - |SHD| - [0] - C:\ProgramData\Menu Démarrer [12/04/2018 01:38:20] - |SD| - [1329274295] - C:\ProgramData\Microsoft [21/07/2017 14:36:19] - |D| - [69174] - C:\ProgramData\Microsoft Help [17/05/2018 18:47:46] - |D| - [0] - C:\ProgramData\Microsoft OneDrive [21/07/2017 14:38:38] - |D| - [1905] - C:\ProgramData\Microsoft Toolkit [19/12/2016 19:54:03] - |A| - [141] - C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc [27/05/2018 20:49:18] - |D| - [20] - C:\ProgramData\Mirillis [24/11/2016 09:41:25] - |SHD| - [0] - C:\ProgramData\Modèles [06/10/2017 16:21:07] - |D| - [273064] - C:\ProgramData\Monopoly Plus [12/06/2017 12:32:42] - |D| - [4498053] - C:\ProgramData\NVIDIA [12/06/2017 12:32:40] - |D| - [1035521205] - C:\ProgramData\NVIDIA Corporation [29/11/2016 15:27:15] - |D| - [154899334] - C:\ProgramData\Oracle [02/05/2017 15:21:28] - |D| - [50821] - C:\ProgramData\Orbit [04/03/2017 14:09:39] - |D| - [439175053] - C:\ProgramData\Origin [24/11/2016 11:35:24] - |D| - [77838959] - C:\ProgramData\Package Cache [10/07/2018 18:30:30] - |D| - [0] - C:\ProgramData\Packages [06/10/2017 20:35:50] - |D| - [14412991] - C:\ProgramData\Panda Security [06/10/2017 20:37:01] - |D| - [17751517] - C:\ProgramData\panda_url_filtering [04/07/2017 22:49:56] - |D| - [259] - C:\ProgramData\Planet Coaster [06/10/2017 21:43:32] - |D| - [121] - C:\ProgramData\ProductData [25/06/2017 23:40:45] - |D| - [1703] - C:\ProgramData\regid.1986-12.com.adobe [12/04/2018 01:38:20] - |D| - [2060] - C:\ProgramData\regid.1991-06.com.microsoft [12/07/2018 11:32:51] - |D| - [6552155] - C:\ProgramData\RogueKiller [01/04/2017 15:19:30] - |D| - [45527040] - C:\ProgramData\Skype [28/05/2018 14:49:42] - |D| - [2220] - C:\ProgramData\Socialclub [12/04/2018 01:38:20] - |D| - [0] - C:\ProgramData\SoftwareDistribution [24/04/2017 23:53:38] - |D| - [1050] - C:\ProgramData\Solidshield [22/05/2017 18:24:04] - |D| - [52553728] - C:\ProgramData\SquirrelMachineInstalls [28/12/2016 02:16:33] - |D| - [4475380] - C:\ProgramData\Stardock [28/12/2016 02:16:31] - |D| - [9209143] - C:\ProgramData\Steam [06/10/2017 21:38:43] - |D| - [0] - C:\ProgramData\Treexy [25/01/2018 22:45:23] - |D| - [4170048] - C:\ProgramData\Twitch [12/04/2018 01:38:20] - |D| - [8098] - C:\ProgramData\USOPrivate [17/05/2018 18:40:59] - |D| - [1576960] - C:\ProgramData\USOShared [12/04/2018 18:23:20] - |D| - [0] - C:\ProgramData\WindowsHolographicDevices ---------- | C:\ProgramData\Microsoft\Windows\Start Menu [12/04/2018 01:38:24] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini [24/11/2016 09:41:25] - |SHD| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programmes [12/04/2018 01:38:20] - |RD| - [211856] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs [12/04/2018 01:38:20] - |RD| - [1614] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility [12/04/2018 01:38:20] - |RD| - [14299] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories [17/04/2017 11:58:58] - |A| - [2457] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk [13/03/2017 21:42:09] - |A| - [2457] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk [12/04/2018 01:38:20] - |RD| - [24631] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [05/03/2017 23:20:27] - |D| - [3601] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antidote [08/10/2017 14:53:28] - |A| - [1048] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Antivirus Gratuit.lnk [27/11/2016 19:55:33] - |D| - [2483] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitComet (64-bit) [30/05/2018 21:44:16] - |D| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Call of Duty Modern Warfare 2 [26/02/2017 11:37:59] - |D| - [963] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [28/08/2017 01:08:51] - |D| - [1741] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Command & Conquer Stargate Universe [20/12/2016 17:55:29] - |D| - [944] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite [12/04/2018 01:38:24] - |ASH| - [530] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini [06/10/2017 21:38:38] - |D| - [581] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Fusion [16/06/2018 13:38:34] - |D| - [6901] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES [20/09/2017 21:06:19] - |D| - [2541] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote [10/09/2017 23:19:48] - |D| - [1791] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client [05/07/2018 20:34:46] - |A| - [1005] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk [06/10/2017 19:47:46] - |D| - [975] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps [09/03/2017 17:02:19] - |D| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games [12/04/2018 01:35:21] - |RAS| - [2349] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk [12/07/2018 10:23:02] - |D| - [177] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jagex [29/11/2016 15:27:23] - |D| - [6886] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java [14/12/2016 14:34:11] - |D| - [2235] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit [25/07/2017 21:28:15] - |A| - [2631] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Launcher CSP-IRG.lnk [01/06/2017 22:17:26] - |D| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LEGO Company [27/05/2018 15:27:13] - |D| - [2008] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LSPD First Response [12/04/2018 01:38:20] - |D| - [170] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance [14/07/2018 10:51:01] - |D| - [3896] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes [01/01/2018 17:17:44] - |D| - [1152] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MegaTrainerUltimate [28/04/2017 15:32:03] - |D| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Metal Gear Solid V The Phantom Pain [21/07/2017 14:37:22] - |D| - [51889] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 [19/12/2016 20:19:05] - |D| - [6887] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Xbox 360 Accessories [29/11/2016 13:32:49] - |D| - [788] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft [27/05/2018 20:48:50] - |D| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mirillis [09/06/2018 17:30:24] - |D| - [4624] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Monte Cristo [03/07/2018 11:49:31] - |D| - [3122] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager [05/07/2018 17:38:39] - |D| - [6455] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [04/02/2017 13:57:00] - |SD| - [7392] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.3 [12/04/2017 12:30:37] - |D| - [3424] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin [25/06/2017 20:56:29] - |A| - [898] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk [06/05/2018 20:52:12] - |D| - [831] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayStation™Now [01/07/2017 13:58:39] - |D| - [1567] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrtScr [01/01/2018 18:59:58] - |D| - [1294] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roberts Space Industries [12/07/2018 11:32:31] - |D| - [917] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller [01/04/2017 15:19:32] - |D| - [2137] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [13/07/2018 19:16:08] - |D| - [935] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy [12/04/2018 01:38:20] - |RD| - [763] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp [25/11/2016 13:04:16] - |D| - [800] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [12/04/2018 01:38:20] - |RD| - [1458] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools [27/12/2017 21:19:57] - |D| - [8925] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VB Audio [12/12/2016 22:26:10] - |D| - [7188] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [13/07/2018 22:19:45] - |D| - [1766] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warhammer 40000 Gladius Relics of War [17/05/2018 18:40:58] - |A| - [1576] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk [27/11/2016 22:17:40] - |D| - [3299] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [19/05/2018 20:59:11] - |A| - [855] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zotero.lnk ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [27/02/2017 18:42:12] - |A| - [589] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [12/04/2018 01:38:24] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | C:\Program Files (x86) [03/09/2017 16:47:09] - |D| - [61066] - C:\Program Files (x86)\3dm_game_files [13/03/2017 21:42:04] - |D| - [283905951] - C:\Program Files (x86)\Adobe [12/04/2018 01:38:20] - |D| - [544584739] - C:\Program Files (x86)\Common Files [12/04/2018 01:38:24] - |ASH| - [174] - C:\Program Files (x86)\desktop.ini [05/03/2017 23:19:32] - |D| - [34583649] - C:\Program Files (x86)\Druide [24/05/2018 23:27:24] - |D| - [1638728] - C:\Program Files (x86)\EasyAntiCheat [23/12/2016 16:42:20] - |D| - [258] - C:\Program Files (x86)\GameSpy Arcade [31/03/2018 18:27:16] - |D| - [0] - C:\Program Files (x86)\GOG Galaxy [20/03/2017 11:49:39] - |D| - [0] - C:\Program Files (x86)\Google [28/08/2017 00:31:29] - |HD| - [7458051] - C:\Program Files (x86)\InstallShield Installation Information [01/10/2017 13:30:26] - |D| - [3583900] - C:\Program Files (x86)\Intel [12/04/2018 01:38:20] - |D| - [2007027] - C:\Program Files (x86)\Internet Explorer [29/11/2016 15:27:13] - |D| - [535353885] - C:\Program Files (x86)\Java [25/07/2017 21:28:15] - |D| - [4768082] - C:\Program Files (x86)\Launcher MOD CSP-IRG [21/07/2017 14:36:23] - |D| - [102815591] - C:\Program Files (x86)\Microsoft Analysis Services [15/01/2018 18:16:11] - |D| - [3637248] - C:\Program Files (x86)\Microsoft Chart Controls [21/07/2017 14:36:21] - |D| - [442655224] - C:\Program Files (x86)\Microsoft Office [21/07/2017 14:37:10] - |D| - [30160] - C:\Program Files (x86)\Microsoft SQL Server [11/06/2018 15:41:36] - |D| - [3178824] - C:\Program Files (x86)\Microsoft Works [25/01/2017 17:50:24] - |D| - [6076507] - C:\Program Files (x86)\Microsoft XNA [12/04/2018 01:38:20] - |D| - [8854863] - C:\Program Files (x86)\Microsoft.NET [27/05/2018 20:48:47] - |D| - [0] - C:\Program Files (x86)\Mirillis [24/04/2017 23:46:26] - |AD| - [279248] - C:\Program Files (x86)\Mozilla Firefox [05/07/2018 20:34:46] - |D| - [285647] - C:\Program Files (x86)\Mozilla Maintenance Service [17/05/2018 19:33:49] - |D| - [25757] - C:\Program Files (x86)\MSBuild [12/06/2017 12:32:37] - |D| - [314248300] - C:\Program Files (x86)\NVIDIA Corporation [25/01/2017 16:50:30] - |D| - [809496] - C:\Program Files (x86)\OpenAL [04/02/2017 13:56:55] - |AD| - [326647949] - C:\Program Files (x86)\OpenOffice 4 [12/04/2017 12:30:33] - |AD| - [372338568] - C:\Program Files (x86)\Origin [12/04/2017 12:38:19] - |D| - [0] - C:\Program Files (x86)\Origin Games [17/05/2018 19:33:49] - |D| - [38454529] - C:\Program Files (x86)\Reference Assemblies [10/01/2017 18:12:21] - |D| - [83008331] - C:\Program Files (x86)\Rockstar Games [01/04/2017 15:19:31] - |RD| - [92359749] - C:\Program Files (x86)\Skype [28/08/2017 01:08:26] - |D| - [809765] - C:\Program Files (x86)\Syton Entertainment [12/06/2017 12:32:41] - |HD| - [0] - C:\Program Files (x86)\Uninstall Information [27/12/2017 21:19:35] - |D| - [35224383] - C:\Program Files (x86)\VB [12/12/2016 22:26:05] - |D| - [181798040] - C:\Program Files (x86)\VideoLAN [05/07/2018 17:38:11] - |D| - [10852] - C:\Program Files (x86)\VulkanRT [12/04/2018 01:38:20] - |D| - [1780752] - C:\Program Files (x86)\Windows Defender [12/04/2018 01:38:20] - |D| - [625664] - C:\Program Files (x86)\Windows Mail [12/04/2018 18:19:21] - |D| - [3254215] - C:\Program Files (x86)\Windows Media Player [12/04/2018 01:38:20] - |D| - [40328] - C:\Program Files (x86)\Windows Multimedia Platform [12/04/2018 01:38:20] - |D| - [7556440] - C:\Program Files (x86)\windows nt [12/04/2018 01:38:20] - |D| - [5370120] - C:\Program Files (x86)\Windows Photo Viewer [12/04/2018 01:38:20] - |D| - [40328] - C:\Program Files (x86)\Windows Portable Devices [12/04/2018 01:38:20] - |SHD| - [0] - C:\Program Files (x86)\Windows Sidebar [12/04/2018 01:38:20] - |D| - [2251159] - C:\Program Files (x86)\WindowsPowerShell [28/05/2017 00:51:08] - |HD| - [5067] - C:\Program Files (x86)\Zero G Registry ---------- | C:\Program Files [27/11/2016 19:55:31] - |AD| - [29348041] - C:\Program Files\BitComet [26/02/2017 11:37:58] - |AD| - [37650872] - C:\Program Files\CCleaner [12/04/2018 01:38:20] - |D| - [412969308] - C:\Program Files\Common Files [20/12/2016 17:55:27] - |D| - [37567959] - C:\Program Files\DAEMON Tools Lite [12/04/2018 01:38:23] - |ASH| - [174] - C:\Program Files\desktop.ini [06/05/2018 20:52:11] - |D| - [1044968] - C:\Program Files\DIFX [24/11/2016 09:41:25] - |SHD| - [0] - C:\Program Files\Fichiers communs [01/10/2017 13:30:16] - |D| - [0] - C:\Program Files\Intel [12/04/2018 01:38:20] - |D| - [2639358] - C:\Program Files\internet explorer [14/12/2016 14:34:05] - |D| - [567955757] - C:\Program Files\Java [14/07/2018 10:50:57] - |D| - [162139669] - C:\Program Files\Malwarebytes [21/07/2017 14:36:23] - |D| - [120126431] - C:\Program Files\Microsoft Analysis Services [21/07/2017 14:36:20] - |AD| - [1307357745] - C:\Program Files\Microsoft Office [21/07/2017 14:37:01] - |D| - [35280] - C:\Program Files\Microsoft SQL Server [19/12/2016 20:19:05] - |AD| - [8087955] - C:\Program Files\Microsoft Xbox 360 Accessories [21/07/2017 14:37:10] - |D| - [678864] - C:\Program Files\Microsoft.NET [05/07/2018 20:34:44] - |D| - [152672377] - C:\Program Files\Mozilla Firefox [17/05/2018 19:33:49] - |D| - [25757] - C:\Program Files\MSBuild [03/07/2018 11:49:30] - |D| - [25839919] - C:\Program Files\Nexus Mod Manager [12/06/2017 12:32:37] - |D| - [2400693695] - C:\Program Files\NVIDIA Corporation [12/06/2017 12:32:51] - |D| - [17485144] - C:\Program Files\Realtek [17/05/2018 19:33:49] - |D| - [36854953] - C:\Program Files\Reference Assemblies [10/01/2017 18:12:14] - |D| - [157395115] - C:\Program Files\Rockstar Games [12/07/2018 11:32:28] - |D| - [52984128] - C:\Program Files\RogueKiller [13/07/2018 19:16:08] - |D| - [15217952] - C:\Program Files\Speccy [24/11/2016 09:40:32] - |HD| - [0] - C:\Program Files\Uninstall Information [19/05/2017 10:02:45] - |AD| - [6553600] - C:\Program Files\UNP [27/12/2017 21:19:48] - |D| - [1800502] - C:\Program Files\VB [12/04/2018 01:38:20] - |RD| - [19333067] - C:\Program Files\Windows Defender [12/04/2018 01:38:20] - |D| - [635392] - C:\Program Files\Windows Mail [12/04/2018 18:19:21] - |D| - [4783083] - C:\Program Files\Windows Media Player [12/04/2018 01:38:20] - |D| - [46576] - C:\Program Files\Windows Multimedia Platform [12/04/2018 01:38:20] - |D| - [7823192] - C:\Program Files\windows nt [12/04/2018 01:38:20] - |D| - [6170376] - C:\Program Files\Windows Photo Viewer [12/04/2018 01:38:20] - |D| - [46576] - C:\Program Files\Windows Portable Devices [12/04/2018 01:38:20] - |D| - [106165] - C:\Program Files\Windows Security [12/04/2018 01:38:20] - |SHD| - [0] - C:\Program Files\Windows Sidebar [12/04/2018 01:38:20] - |HD| - [31622483482] - C:\Program Files\WindowsApps [12/04/2018 01:38:20] - |D| - [2501953] - C:\Program Files\WindowsPowerShell ---------- | C:\Program Files (x86)\Common Files [13/03/2017 21:42:04] - |AD| - [124786392] - C:\Program Files (x86)\Common Files\Adobe [27/01/2017 13:17:07] - |D| - [0] - C:\Program Files (x86)\Common Files\AV [10/12/2016 21:41:20] - |D| - [31242872] - C:\Program Files (x86)\Common Files\BattlEye [11/06/2018 15:41:35] - |D| - [92976] - C:\Program Files (x86)\Common Files\DESIGNER [12/04/2018 01:34:52] - |N| - [59904] - C:\Program Files (x86)\Common Files\dOOulGlGIa.exe [12/04/2017 19:10:50] - |HD| - [9350] - C:\Program Files (x86)\Common Files\EAInstaller [28/08/2017 00:23:38] - |D| - [5179622] - C:\Program Files (x86)\Common Files\InstallShield [01/10/2017 13:30:15] - |D| - [0] - C:\Program Files (x86)\Common Files\Intel [03/07/2018 17:14:48] - |D| - [1948384] - C:\Program Files (x86)\Common Files\Java [12/04/2018 01:38:20] - |D| - [329923255] - C:\Program Files (x86)\Common Files\microsoft shared [03/07/2018 17:14:18] - |D| - [1370800] - C:\Program Files (x86)\Common Files\Oracle [12/04/2018 01:38:20] - |D| - [2702] - C:\Program Files (x86)\Common Files\Services [06/09/2017 14:03:16] - |AD| - [2574296] - C:\Program Files (x86)\Common Files\Skype [25/11/2016 13:04:17] - |D| - [3966016] - C:\Program Files (x86)\Common Files\Steam [24/07/2017 21:20:26] - |D| - [0] - C:\Program Files (x86)\Common Files\SWF Studio [12/04/2018 01:38:20] - |D| - [43428170] - C:\Program Files (x86)\Common Files\system ---------- | C:\Program Files\Common files [25/06/2017 23:39:40] - |D| - [247232] - C:\Program Files\Common files\Adobe [27/01/2017 13:17:07] - |D| - [0] - C:\Program Files\Common files\AV [06/12/2017 20:21:09] - |D| - [2010312] - C:\Program Files\Common files\Avast Software [21/07/2017 14:37:14] - |AD| - [14488] - C:\Program Files\Common files\DESIGNER [08/04/2017 17:23:23] - |HD| - [4779628] - C:\Program Files\Common files\EAInstaller [12/04/2018 01:38:20] - |D| - [395113359] - C:\Program Files\Common files\microsoft shared [12/04/2018 01:38:20] - |D| - [2702] - C:\Program Files\Common files\Services [12/04/2018 01:38:20] - |D| - [10801587] - C:\Program Files\Common files\system ---------- | Tasks [MD5.9B0476D240BFC4E4B5D166E1FA356746] - [12/07/2018 12:04:33] - |A| - [214] - C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job [MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [17/05/2018 18:45:23] - |AH| - [6] - C:\WINDOWS\Tasks\SA.DAT [MD5.4BE9533A5B4F2BC5106692528EB8475E] - [12/07/2018 11:20:50] - |A| - [3182] - C:\WINDOWS\System32\Tasks\AdBlock Master : D:\Program Files (x86)\AdBlock Master\AdBlock.exe [MD5.C8FE39A7A0367D7219D5E7CB8E459F27] - [17/05/2018 18:45:23] - |A| - [4562] - C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task : C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [MD5.2F54AF60A3C91B6497CD0940CDE045D0] - [19/06/2018 21:13:49] - |A| - [4750] - C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier : C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_113_Plugin.exe [MD5.5580E5FC38393D83B2404A5251AE6708] - [17/05/2018 18:45:23] - |A| - [4560] - C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater : C:\Windows\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [MD5.E78778888243F36EDFCE598FA95671B0] - [17/05/2018 18:45:23] - |A| - [2726] - C:\WINDOWS\System32\Tasks\AdobeGCInvoker-1.0-DESKTOP-CDDJ7U6-admin : C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [MD5.4AED268C667C91FA4229528AD567DF93] - [17/05/2018 18:45:23] - |A| - [4264] - C:\WINDOWS\System32\Tasks\Avast Emergency Update : D:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [MD5.00000000000000000000000000000000] - [17/05/2018 18:45:23] - |D| - [3988] - C:\WINDOWS\System32\Tasks\Avast Software [MD5.F89EA2D5CCF557E140D025BDE0726A23] - [03/07/2018 17:13:51] - |A| - [3936] - C:\WINDOWS\System32\Tasks\CCleaner Update : C:\Program Files\CCleaner\CCUpdate.exe [MD5.0CA4EE94A52ED58CE4F78400520841C9] - [17/05/2018 18:45:23] - |A| - [2218] - C:\WINDOWS\System32\Tasks\CCleanerSkipUAC : "C:\Program Files\CCleaner\CCleaner.exe" [MD5.12C20A737D9ED2A2439E55E6CCD5525E] - [17/05/2018 18:45:23] - |A| - [2276] - C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (admin) : D:\Program Files (x86)\IObit\Driver Booster\5.0.3\DriverBooster.exe [MD5.00000000000000000000000000000000] - [12/04/2018 01:38:21] - |D| - [575004] - C:\WINDOWS\System32\Tasks\Microsoft [MD5.FC787ADE5D59B3CEF29632972546F009] - [17/05/2018 18:45:23] - |A| - [5346] - C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for DESKTOP-CDDJ7U6-admin DESKTOP-CDDJ7U6 : C:\Program Files\Microsoft Office\Office15\MsoSync.exe [MD5.3FCF5E0D7D1D01D2FDE412AC20D2ED17] - [05/07/2018 17:38:37] - |A| - [4106] - C:\WINDOWS\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [MD5.213CC36ABEA99A751F6EA99143433B51] - [05/07/2018 17:38:37] - |A| - [4308] - C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [MD5.F55B2F72E563AB4B2C6F011BD0C0A3BC] - [05/07/2018 17:38:39] - |A| - [3976] - C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : "C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe" [MD5.9200A7AEAD4C78C61F5CA9964667C70D] - [05/07/2018 17:38:39] - |A| - [3940] - C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [MD5.8C8456B8171598971C73F775E9661172] - [05/07/2018 17:38:36] - |A| - [3894] - C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [MD5.4C1943F7A098FE04B84E9B3BDC3715BF] - [05/07/2018 17:38:36] - |A| - [3654] - C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [MD5.2D62DE7DD46269BF68D84A2724403FB5] - [05/07/2018 17:38:36] - |A| - [3858] - C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [MD5.C7DBA64EC38D0FC93FDA2E7538268795] - [05/07/2018 17:38:36] - |A| - [3926] - C:\WINDOWS\System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [MD5.2F4B9E842EA1C4D06006070698319052] - [05/07/2018 17:38:36] - |A| - [3926] - C:\WINDOWS\System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [MD5.3189EE5BABC0C8D0D420FF169C572B2E] - [05/07/2018 17:38:36] - |A| - [3926] - C:\WINDOWS\System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [MD5.09574C7581EE0362E2069462D8351BE8] - [05/07/2018 17:38:36] - |A| - [3866] - C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [MD5.00000000000000000000000000000000] - [27/05/2018 13:46:57] - |D| - [4522] - C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform [MD5.9FFC1512486646B52D9020200A2619E8] - [17/05/2018 18:45:23] - |A| - [3376] - C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-984768822-1242204556-3330448555-1001 : %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe [MD5.28DA067A595FE2094CEFEE8AAA5B85B3] - [17/05/2018 18:45:23] - |A| - [3378] - C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D72997FA-7E45-4607-A00B-E96138BB21CA} : C:\Windows\system32\msfeedssync.exe [MD5.00000000000000000000000000000000] - [12/04/2018 01:38:21] - |D| - [0] - C:\WINDOWS\Syswow64\Tasks\Microsoft ---------- | Firewall [HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules] "WiFiDirect-KM-Driver-In-TCP"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=System|Name=@wlansvc.dll,-37378|Desc=@wlansvc.dll,-37890|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "WiFiDirect-KM-Driver-Out-TCP"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=System|Name=@wlansvc.dll,-37379|Desc=@wlansvc.dll,-37891|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "WiFiDirect-KM-Driver-In-UDP"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=System|Name=@wlansvc.dll,-37380|Desc=@wlansvc.dll,-37892|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "WiFiDirect-KM-Driver-Out-UDP"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=System|Name=@wlansvc.dll,-37381|Desc=@wlansvc.dll,-37893|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "DeliveryOptimization-TCP-In"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-102|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE| "DeliveryOptimization-UDP-In"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-103|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE| "Netlogon-NamedPipe-In"=v2.28|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|Name=@netlogon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010| "Netlogon-TCP-RPC-In"=v2.28|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%SystemRoot%\System32\lsass.exe|Name=@netlogon.dll,-1008|Desc=@netlogon.dll,-1009|EmbedCtxt=@netlogon.dll,-1010| "WirelessDisplay-In-TCP"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10200|Desc=@wifidisplay.dll,-10201|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Out-TCP"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10202|Desc=@wifidisplay.dll,-10203|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Out-UDP"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10204|Desc=@wifidisplay.dll,-10205|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Infra-In-TCP"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7250|App=%systemroot%\system32\CastSrv.exe|Name=@wifidisplay.dll,-10206|Desc=@wifidisplay.dll,-10207|EmbedCtxt=@wifidisplay.dll,-100| "{AE5B2B74-B03E-4C99-8948-C704F5FFAFEF}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Public|App=D:\Program Files (x86)\PlayStationNow\unidater.exe|Name=PlayStationNow-Updater|EmbedCtxt=SonyInteractiveEntertainment| "{3F70611D-8C8D-4BAC-A883-F9A2828C4B58}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Public|App=D:\Program Files (x86)\PlayStationNow\psnowlauncher.exe|Name=PlayStationNow|EmbedCtxt=SonyInteractiveEntertainment| "{594DCC93-42A9-4516-89FD-415FE2A44BB0}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Name=Twitter|Desc=Twitter|LUOwn=S-1-5-21-984768822-1242204556-3330448555-1001|AppPkgId=S-1-15-2-1063257880-1914585122-1954150059-946145533-116938067-416079064-1690466945|EmbedCtxt=Twitter|Platform=2:6:2|Platform2=GTEQ| "{2C41C2BE-6566-4C03-BEB6-59F39D2995C3}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Name=3D Builder|Desc=3D Builder|LUOwn=S-1-5-21-984768822-1242204556-3330448555-1001|AppPkgId=S-1-15-2-3995430443-3719053022-3339397951-2895237338-2437516106-1575886070-2755610054|EmbedCtxt=3D Builder|Platform=2:6:2|Platform2=GTEQ| "{3C3C51ED-97E5-40AD-BDA4-FAFB326E3EC9}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Microsoft Sticky Notes|Desc=Microsoft Sticky Notes|LUOwn=S-1-5-21-984768822-1242204556-3330448555-1001|AppPkgId=S-1-15-2-3539788797-2700867667-1432428195-1581642-2885308443-3834444517-2495346167|EmbedCtxt=Microsoft Sticky Notes|Platform=2:6:2|Platform2=GTEQ| "{619CE8FA-B4D3-4E12-8CC5-945BE6587461}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Name=Microsoft Sticky Notes|Desc=Microsoft Sticky Notes|LUOwn=S-1-5-21-984768822-1242204556-3330448555-1001|AppPkgId=S-1-15-2-3539788797-2700867667-1432428195-1581642-2885308443-3834444517-2495346167|EmbedCtxt=Microsoft Sticky Notes|Platform=2:6:2|Platform2=GTEQ| "{E92285FE-F5C6-46F5-BFF6-D091FC5C88C1}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Print 3D|Desc=Print 3D|LUOwn=S-1-5-21-984768822-1242204556-3330448555-1001|AppPkgId=S-1-15-2-4177018473-2823706547-3652141868-2730301309-560159678-43221128-488844051|EmbedCtxt=Print 3D|Platform=2:6:2|Platform2=GTEQ| "{74308C42-745A-4E83-BAA7-493544900532}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Name=Print 3D|Desc=Print 3D|LUOwn=S-1-5-21-984768822-1242204556-3330448555-1001|AppPkgId=S-1-15-2-4177018473-2823706547-3652141868-2730301309-560159678-43221128-488844051|EmbedCtxt=Print 3D|Platform=2:6:2|Platform2=GTEQ| "{C1D56975-1612-4E3D-B910-C14360FE9D54}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Name=Shazam|Desc=Shazam|LUOwn=S-1-5-21-984768822-1242204556-3330448555-1001|AppPkgId=S-1-15-2-1940572943-773487002-3567438610-696913303-3687387132-1150951469-3481187039|EmbedCtxt=Shazam|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{911EE376-8EAB-4940-AACF-6FBD7F7072DA}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Name=Shazam|Desc=Shazam|LUOwn=S-1-5-21-984768822-1242204556-3330448555-1001|AppPkgId=S-1-15-2-1940572943-773487002-3567438610-696913303-3687387132-1150951469-3481187039|EmbedCtxt=Shazam|Platform=2:6:2|Platform2=GTEQ| "UDP Query User{81CE1427-B49E-47ED-9A01-1D494C398BAE}D:\program files\roberts space industries\starcitizen\live\bin64\starcitizen.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=D:\program files\roberts space industries\starcitizen\live\bin64\starcitizen.exe|Name=starcitizen|Desc=starcitizen|Defer=User| "TCP Query User{AB25CC57-4E80-404E-8B03-F231785AFB42}D:\program files\roberts space industries\starcitizen\live\bin64\starcitizen.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=D:\program files\roberts space industries\starcitizen\live\bin64\starcitizen.exe|Name=starcitizen|Desc=starcitizen|Defer=User| "{85FD3B4C-BA61-4D35-A697-F4D1D305895E}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Name=Xbox TCUI|Desc=Xbox TCUI|LUOwn=S-1-5-21-984768822-1242204556-3330448555-1001|AppPkgId=S-1-15-2-2603511428-3224021693-1028932517-3941269705-3349582775-2312504883-4057327947|EmbedCtxt=Xbox TCUI|Platform=2:6:2|Platform2=GTEQ| "{FA2B007F-962A-4ED4-99A6-2753B530BB87}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Name=Facebook|Desc=Facebook|LUOwn=S-1-5-21-984768822-1242204556-3330448555-1001|AppPkgId=S-1-15-2-3324467646-4197585051-1359281946-1224535466-457027138-2879639353-3757999841|EmbedCtxt=Facebook|Platform=2:6:2|Platform2=GTEQ| "{B6B1E0FD-9A4F-4AF4-A221-EEB3EE17B6C5}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|RPort=21025|Name=Starbound| "{2AC072C5-532A-4AB5-A997-1F5BC542E142}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Windows\SysWOW64\dplaysvr.exe|Name=DirectPlaySvr| "{AF315E92-5BB5-4E15-9B9A-763586E25508}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Windows\SysWOW64\dplaysvr.exe|Name=DirectPlaySvr| "UDP Query User{742A0FE0-6ECB-4E5C-8C47-AE340155CF74}C:\program files\bitcomet\bitcomet.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files\bitcomet\bitcomet.exe|Name=BitComet - a BitTorrent Client|Desc=BitComet - a BitTorrent Client|Defer=User| "TCP Query User{C2B57ACB-A21F-4BF8-8586-AD31628DFF3C}C:\program files\bitcomet\bitcomet.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files\bitcomet\bitcomet.exe|Name=BitComet - a BitTorrent Client|Desc=BitComet - a BitTorrent Client|Defer=User| "UDP Query User{8A239639-D5F7-4BCD-87FF-D952F997C9AA}C:\users\admin\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\admin\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe|Name=javaw|Desc=javaw|Defer=User| "TCP Query User{BCAE883D-0418-4CC9-A763-2E06540896ED}C:\users\admin\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\admin\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe|Name=javaw|Desc=javaw|Defer=User| "UDP Query User{FE4AC3C2-20F1-4AED-B9AE-1EFB699321EF}D:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=D:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe|Name=Java(TM) Platform SE binary|Desc=Java(TM) Platform SE binary|Defer=User| "TCP Query User{B3329AF9-C7CC-44EE-A4DF-D525EEA9652E}D:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=D:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe|Name=Java(TM) Platform SE binary|Desc=Java(TM) Platform SE binary|Defer=User| "UDP Query User{5C5091AE-5FD6-45C5-AD6B-D16A8384CD31}C:\program files\bitcomet\bitcomet.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files\bitcomet\bitcomet.exe|Name=BitComet - a BitTorrent Client|Desc=BitComet - a BitTorrent Client|Defer=User| "TCP Query User{3D828C06-8F7F-4A17-AD4C-4160F05F5A79}C:\program files\bitcomet\bitcomet.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files\bitcomet\bitcomet.exe|Name=BitComet - a BitTorrent Client|Desc=BitComet - a BitTorrent Client|Defer=User| "{C0D606D6-7C29-43A3-8D1A-3AF6A7766C3F}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Users\admin\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (UDP-In)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE| "{1EB0A025-2DE1-43E9-B3E8-779F25D756E1}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Users\admin\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (TCP-In)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE| "{405CE4DA-867B-41D7-9A00-522F66C81EA2}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Windows\SysWOW64\dplaysvr.exe|Name=DirectPlaySvr| "{88A5B1A4-B462-4694-A664-058B9031C815}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Windows\SysWOW64\dplaysvr.exe|Name=DirectPlaySvr| "TCP Query User{E98FB06A-AF27-45CE-8833-53346680C797}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe|Name=Visual Basic Command Line Compiler|Desc=Visual Basic Command Line Compiler|Defer=User| "UDP Query User{3F76070E-3A8C-4BF2-A014-94657224AF77}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe|Name=Visual Basic Command Line Compiler|Desc=Visual Basic Command Line Compiler|Defer=User| "{D46D393B-3ACB-42EF-9F04-194DA9AFC297}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|LPort=27107|Name=BitComet 27107 TCP| "{BFAC3E6E-5F5B-4030-9858-B0C4BE4ED1D0}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|LPort=27107|Name=BitComet 27107 UDP| "{88C13BC3-1BB0-4071-AD21-DB2E4DF7E3E0}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-18|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2:6:2|Platform2=GTEQ| "{CCF9D077-D283-4E47-AA91-E59C9A704EAE}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Pay|Desc=Microsoft Pay|LUOwn=S-1-5-21-984768822-1242204556-3330448555-1001|AppPkgId=S-1-15-2-567501097-281763132-502764112-1855211022-3143306454-2372101908-561929011|EmbedCtxt=Microsoft Pay|Platform=2:6:2|Platform2=GTEQ| "{58AE788A-EB1C-4872-9367-81153E5C0A91}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Win32WebViewHost|Desc=Win32WebViewHost|LUOwn=S-1-5-21-984768822-1242204556-3330448555-1001|AppPkgId=S-1-15-2-1310292540-1029022339-4008023048-2190398717-53961996-4257829345-603366646|EmbedCtxt=Win32WebViewHost|Platform=2:6:2|Platform2=GTEQ| "{734C96C1-672D-42FC-916A-F072409ADAF7}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Win32WebViewHost|Desc=Win32WebViewHost|LUOwn=S-1-5-21-984768822-1242204556-3330448555-1001|AppPkgId=S-1-15-2-1310292540-1029022339-4008023048-2190398717-53961996-4257829345-603366646|EmbedCtxt=Win32WebViewHost|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{65253579-8BD6-40B2-9DE0-BD3EA443738A}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Shell Input Application|Desc=Shell Input Application|LUOwn=S-1-5-21-984768822-1242204556-3330448555-1001|AppPkgId=S-1-15-2-3945102849-3632965805-3846928828-240845225-3300287824-62672950-817265009|EmbedCtxt=Shell Input Application|Platform=2:6:2|Platform2=GTEQ| "{A96C9C71-37FB-4BC9-BF82-BE251494DD68}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox gaming overlay|Desc=Xbox gaming overlay|LUOwn=S-1-5-21-984768822-1242204556-3330448555-1001|AppPkgId=S-1-15-2-1714399563-1326177402-2048222277-143663168-2151391019-765408921-4098702777|EmbedCtxt=Xbox gaming overlay|Platform=2:6:2|Platform2=GTEQ| "{E76F31B2-4D1B-4FC5-9C6D-C21894213B46}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox|Desc=Xbox|LUOwn=S-1-5-21-984768822-1242204556-3330448555-1001|AppPkgId=S-1-15-2-4153522205-3718366397-1353898457-1332184198-1210887116-3116787857-2103916698|EmbedCtxt=Xbox|Platform=2:6:2|Platform2=GTEQ| "{01DB784C-B11F-4E03-9894-5D33DDCA1096}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox|Desc=Xbox|LUOwn=S-1-5-21-984768822-1242204556-3330448555-1001|AppPkgId=S-1-15-2-4153522205-3718366397-1353898457-1332184198-1210887116-3116787857-2103916698|EmbedCtxt=Xbox|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "TCP Query User{FCFB4221-6D07-456B-9C3E-972D9EDE4D82}D:\program files (x86)\ubisoft\ubisoft game launcher\games\forhonor\forhonor.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=D:\program files (x86)\ubisoft\ubisoft game launcher\games\forhonor\forhonor.exe|Name=ForHonor|Desc=ForHonor|Defer=User| "UDP Query User{7E3B5D40-5A9F-467C-B95B-FFECA6AA18C1}D:\program files (x86)\ubisoft\ubisoft game launcher\games\forhonor\forhonor.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=D:\program files (x86)\ubisoft\ubisoft game launcher\games\forhonor\forhonor.exe|Name=ForHonor|Desc=ForHonor|Defer=User| "{1CC886E6-5051-4B7F-B612-A4F3F1C4D480}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=State of Decay 2|Desc=State of Decay 2|LUOwn=S-1-5-21-984768822-1242204556-3330448555-1001|AppPkgId=S-1-15-2-3987888652-3528555327-2573035136-536197088-2261871984-3751345758-3293871777|EmbedCtxt=State of Decay 2|Platform=2:6:2|Platform2=GTEQ| "{3D1A2831-7FC5-429E-ADD3-2433CD2F82D7}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=State of Decay 2|Desc=State of Decay 2|LUOwn=S-1-5-21-984768822-1242204556-3330448555-1001|AppPkgId=S-1-15-2-3987888652-3528555327-2573035136-536197088-2261871984-3751345758-3293871777|EmbedCtxt=State of Decay 2|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{7B44163A-2408-4285-A1FE-656EBE9B4CFD}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\msiexec.exe|Name=msiexec.exe|Desc=msiexec.exe| "{FD92DAE0-0AC2-45CA-B786-96494653D9D7}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Common Files\dOOulGlGIa.exe|Name=C:\Program Files (x86)\Common Files\dOOulGlGIa.exe|Desc=C:\Program Files (x86)\Common Files\dOOulGlGIa.exe| "{D27F195F-D887-4E65-9E9A-ADD8700463D0}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{808C7AF1-B3F8-428F-BFA6-B0107FFDB355}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{B8CC5A99-572D-4E08-BCCA-922BD29EE4E7}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{EC2A0769-BEA4-40BF-BD1F-A1A8EE7CF1DA}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{A80CB341-640B-42D0-9AF1-95F4D73D5E79}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{7CE91F87-BCDF-4AFA-B81C-ED5D2CA1B8A3}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{15533442-85ED-4282-9A51-54990C3E99DA}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{05CAC444-8043-49B6-A743-B0DD8565E30D}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{27B7F93B-38D5-46CD-9874-DEF775CDF435}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{08B4FFE3-065F-4742-9542-1A9173B0540A}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{F3D76103-F5DC-4E46-8E8E-A18056C76266}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{3D13E7A9-B2F2-4C05-9FBB-2F53F3C672D3}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{50521780-0A53-4A2F-A6C6-69C328E54372}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{8BFA9F4F-F37C-41E3-AE1F-D1D5041EEB87}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{41E96531-2F81-4361-AA39-585937A92F46}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{CD24AACC-6517-4D4C-8A81-F28CB91B5194}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{05D4571E-440C-4FAB-A922-644409EC5F51}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{BACD8C64-27B7-4FA9-B002-115E3C3A35AE}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\rundll32.exe|Name=rundll32.exe|Desc=rundll32.exe| "{6AD8CCE3-B954-4507-BB2D-40F9DA0BAA23}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{3F3D60BF-20F9-4AFE-B57C-734DAFDE0F45}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{8FA05B3A-B300-4CC1-9BEB-0F8B3FA0016E}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{61BB3502-BB94-4493-9935-5B5408380075}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{6C7E47D5-4702-406E-AFD8-7A8C8221638A}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\rundll32.exe|Name=rundll32.exe|Desc=rundll32.exe| "{EBBD1110-DEA9-4170-8143-879ACAA7C4EA}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{73B100E4-FECF-4487-ADB8-7755ACE8037C}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{EA59AA2B-041E-49E9-829E-E1CCDF7EBF12}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{08171BBB-D3F9-4073-9719-0B0D8D43CCDE}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{F00F9527-C5D8-4706-8D02-D7D8C329E8DA}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\rundll32.exe|Name=rundll32.exe|Desc=rundll32.exe| "{10004C8E-4024-471F-9B23-FF8A7CB1B629}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{BBB22B2B-141F-4960-BD23-CFA7785161EB}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{E7DFA401-A8B2-431E-9C28-600F8B433165}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{F2304511-C1E9-4251-AAC6-7813A93182B2}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{DB0D8A03-E892-4E73-B08C-9A78855FF7A2}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\rundll32.exe|Name=rundll32.exe|Desc=rundll32.exe| "{A63666F1-81E5-43D0-9C7B-1CB6370FBBDC}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{8B957F4D-3355-4D43-A9E4-4D01E7C95AE6}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{4F5FC91E-75A1-48F6-A46F-AAC1530063D3}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{B912A690-0173-4BCA-B342-9C7C3AE2EBE8}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{EA0C9059-331F-4BA2-BEAC-758D13F2F9DE}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\rundll32.exe|Name=rundll32.exe|Desc=rundll32.exe| "{6510CE1E-BE21-4121-A487-C85D25F15C55}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{10FBC064-5E44-4887-8755-8141BC47002A}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{9EF1A380-F0E0-48C5-9FAF-7FE4437D8354}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-984768822-1242204556-3330448555-1001|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ| "{1D235CC4-1E95-4BD6-A2C8-ED7F4834A19D}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{613427E8-A7AD-4D29-9A0A-DB9435B99526}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{53373755-0447-4FBC-A7D5-EE84BD106DE7}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\rundll32.exe|Name=rundll32.exe|Desc=rundll32.exe| "{C7FC408D-8E5D-40FD-A774-F59B31DC357B}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{DDF22609-4CBA-4A21-A25E-B536F0494EC9}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{9DE946F9-8FB3-4275-B555-F43200491F1D}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{391E7C95-E2B9-43F3-8BF1-2A477AB0781E}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{B000CED3-F95D-48F6-9CFE-26C56B693323}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\rundll32.exe|Name=rundll32.exe|Desc=rundll32.exe| "{EDD0D181-DD16-41DE-9C6C-9B0C464908D3}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{DE7A16E4-51F8-49B0-9651-043DBEF189DD}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{97A1471B-868D-47DB-9E45-5A92222E4042}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{5C0323E0-FD61-4F3D-9009-65225C545E67}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{AE3394C5-84D6-4293-8110-8498FB36F6F5}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\rundll32.exe|Name=rundll32.exe|Desc=rundll32.exe| "{2915436D-E5ED-441F-B58D-C6B16A3191FC}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{6658E40E-DD9C-494B-8C65-AB38BD7198B3}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{A555B96E-9BE9-4035-8D19-84361FBA0187}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{8E7B8A0D-4C03-4B17-9B88-8A7615E17BE7}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{3AC889CB-5226-4B7E-93E6-17EC5D94B40C}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\rundll32.exe|Name=rundll32.exe|Desc=rundll32.exe| "{AAFCC2D0-2BA5-45A3-BCEB-7665BBCCC649}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{CEFF287A-1C5D-4DAB-A1C1-79BF95697C6E}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{BD78FCDA-69B0-4D93-9970-46AD9E9BD28C}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{85824646-CA3F-4393-9EFE-C1AEDAECB5F0}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{7AAD3A30-782A-4A5A-8B47-9DF56A65138F}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{4F6B2C95-0C1F-4551-A817-AF7D738F1FB3}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\rundll32.exe|Name=rundll32.exe|Desc=rundll32.exe| "{7ABF3853-1F75-4FA4-BBB8-F5840A6FC77A}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{DE7EE8BE-2BC2-4AA3-A2E9-9B6B7A3A674A}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{504D237A-4EA9-4BE8-9D63-5E02B46BB5E6}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{409EE8D2-F4A8-4D8C-9123-ECD7AB301DBE}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{72BECDA1-AEAB-4BDF-B2AC-5CA174059E51}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\rundll32.exe|Name=rundll32.exe|Desc=rundll32.exe| "{104C0BDF-632F-4189-ACCF-B365901616DE}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{3ACDF23A-6F0F-4C92-A717-9CF5CA2B47B1}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{4E8D6DB7-42D3-4BD5-A51C-C96395D0DA19}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox Game bar|Desc=Xbox Game bar|LUOwn=S-1-5-21-984768822-1242204556-3330448555-1001|AppPkgId=S-1-15-2-1823635404-1364722122-2170562666-1762391777-2399050872-3465541734-3732476201|EmbedCtxt=Xbox Game bar|Platform=2:6:2|Platform2=GTEQ| "{37DE433D-C7E9-42B6-98ED-58133C33DB50}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{E7E3F2B5-12EC-4774-880D-D638FF5C951B}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{032497ED-E0F0-4876-AB7B-633148842C3F}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\rundll32.exe|Name=rundll32.exe|Desc=rundll32.exe| "{BAD35E4D-07EE-46BF-B83C-E58112967F30}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{7C9DA8E7-62CB-4906-B2B2-D82DD9C1A8C4}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{6ADAAC6D-5088-4010-9AD9-041818FFDCEA}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{EDA556A5-A885-4C4B-8C4E-FEAE801C5BB3}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{F858FB57-5DA4-4C79-B7E8-1B99C350639C}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\rundll32.exe|Name=rundll32.exe|Desc=rundll32.exe| "{5D12901A-67AC-4FE8-A226-EAACDA617173}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{0EF3368C-3EB6-4348-960A-50819D33E0E3}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{72764E5F-96D2-4BA3-A848-63E34C4761F8}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{EEE9056E-5A94-4F82-B23E-7272C4D397E8}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{A459C467-DA34-4A77-A0ED-B0566A1A41CC}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{B9ADB52F-B0E7-47F6-B85F-5619E6A46100}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "TCP Query User{39D30DC1-D501-4AE3-A801-419327D2C371}D:\games\the sims 4\game\bin\ts4.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=D:\games\the sims 4\game\bin\ts4.exe|Name=The Sims™ 4|Desc=The Sims™ 4|Defer=User| "UDP Query User{82E6C47D-9F47-4CAB-BB39-68E34DAF7551}D:\games\the sims 4\game\bin\ts4.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=D:\games\the sims 4\game\bin\ts4.exe|Name=The Sims™ 4|Desc=The Sims™ 4|Defer=User| "TCP Query User{A0AB00A2-F010-45C4-94F6-9421CE83DB23}D:\games\the sims 4\game\bin\ts4_x64.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=D:\games\the sims 4\game\bin\ts4_x64.exe|Name=The Sims™ 4|Desc=The Sims™ 4|Defer=User| "UDP Query User{18BFBC18-E8AE-4673-B05C-04C47CA756D5}D:\games\the sims 4\game\bin\ts4_x64.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=D:\games\the sims 4\game\bin\ts4_x64.exe|Name=The Sims™ 4|Desc=The Sims™ 4|Defer=User| "{803F7A92-6786-48C8-9B0E-A264304577A7}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\rundll32.exe|Name=rundll32.exe|Desc=rundll32.exe| "{7CBDE20F-6737-4726-98D0-5E7B147FD4EF}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{723EFEE5-04B0-43A6-AF16-E6635718C5AB}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{383A9E6F-00B8-442B-B9B2-EFFEA37FCFDA}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{78CC94C4-962B-4691-9DD1-EB94B603B4D0}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{9FDDF9A4-E903-4B9D-8EB4-67194684DA51}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\rundll32.exe|Name=rundll32.exe|Desc=rundll32.exe| "{4A4041F1-7F60-4DE5-AC22-B47378D20819}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{DA47932F-EDD6-4012-9F32-4F6ED2E702BA}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{8CD0FE5A-E211-4A76-95AC-AF5A3E0CBB06}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{AA896D9D-06B2-4278-8C3F-6F2A2875ABE0}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{CAAAFD48-742D-4E18-9062-EC7E8B6634E7}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\rundll32.exe|Name=rundll32.exe|Desc=rundll32.exe| "{45877CA0-A0B4-4A0B-BA6F-5B5365CA58BE}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{C1C820B5-E271-45E7-BB01-EE8868B9E5F0}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{50DCCFC7-36E9-4E2C-BBE5-213AEA83A4DF}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\rundll32.exe|Name=rundll32.exe|Desc=rundll32.exe| "{6F0BCEC5-8D11-4E60-95CA-CE53761D68B8}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{2E081617-7A4F-4B3B-B396-E8B92932F5F1}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{8C7538D1-6688-465B-B567-24D61D3E5839}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{DFC2624D-DBE5-4C6D-8414-139684C5BDBE}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{189C359B-F757-4465-A2E2-D6115665167B}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{92F80D14-23B6-4045-8D22-2CC59651465A}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{A9F41069-81D0-4274-8750-DA2035A09AB3}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\rundll32.exe|Name=rundll32.exe|Desc=rundll32.exe| "{03775A50-BD8E-4B25-9340-36BF58858287}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{D084B1A4-FFF7-48CB-BF3F-16B354C12C58}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{1F05A020-24EF-4FE3-985B-28939C835D4E}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{23E9B731-4194-4964-AD00-115C3016194C}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{27AE776B-07B9-43A7-9B1F-A9068ADB52DF}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\rundll32.exe|Name=rundll32.exe|Desc=rundll32.exe| "{180EFD2D-F0C4-42BC-833F-8F4B84C0A608}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{1D23C2D2-2CE9-438C-8BBA-17966E66D500}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{D5FA8BB5-9E66-44C5-BFE5-B4520333BCA1}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{7F94DB02-7DB9-4DEB-9562-29FF170ACFBD}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{5BD8136D-D3B5-4FCC-AB81-D81C28CFD8B7}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\rundll32.exe|Name=rundll32.exe|Desc=rundll32.exe| "{DF576B5F-EB0D-4645-B449-D6320E43CF04}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{4D34D197-1EB4-47B6-ACB9-7F774B65BF8F}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{A7A9AFFE-8DE2-4DEA-BC1E-338E6227CD51}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\CCleaner\CCUpdate.exe|Name=CCleaner Update| "{E144D384-B725-4BEE-8510-A80EB392D85F}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\CCleaner\CCUpdate.exe|Name=CCleaner Update| "{EC596DF0-A1DB-4C99-957D-3983F7D59E12}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\rundll32.exe|Name=rundll32.exe|Desc=rundll32.exe| "{C37656D8-624B-467F-98AF-D2851F68D963}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{FF5F7444-A76F-4871-956B-F83E6103D06E}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{B66AF723-45F7-400E-9F1D-3366C805AC2F}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{5926662E-E4B6-4CA6-B260-81135E0725DD}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{65F56B1C-164F-4FC0-9FB9-D3BCBE1D133B}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\rundll32.exe|Name=rundll32.exe|Desc=rundll32.exe| "{1E2371FA-D8EC-4B91-BABD-D8931AFF543B}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{6C923382-1C4F-4738-B835-42D71D9A4477}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{6E8D60E2-FB82-4ED1-A771-15F3DC4A32EA}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{EEA04ED2-5167-41DD-82F6-0BCCB42E12EF}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{D6F2930B-DF1D-4931-A7DE-DE60B0E8AFC8}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=C:\Program Files\DriversCloud.com\DriversCloud.exe|Name=DriversCloud| "{CFE8583D-7788-4A8B-B339-EE297226CF5B}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=C:\Program Files\DriversCloud.com\DriversCloud.exe|Name=DriversCloud| "{339AC2E0-9DD1-4F43-ADB1-F2F0820C1EAE}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\rundll32.exe|Name=rundll32.exe|Desc=rundll32.exe| "{2B5293EC-9DDE-4DD3-B45E-42C1B3E87399}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{ED418B81-1180-49A9-98B6-845E11AF74BD}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{F74BB726-0A3B-4762-805F-B7BBCC740DD0}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{02E52E24-DC09-442E-A712-751CD4E551DA}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{20BAE123-8095-43D9-9262-1FCD3ABC9C5A}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{E5C0ECCB-1778-420B-9D79-BC2F078D520D}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{16ADE022-8514-4AC7-BC74-490A0B20B1A9}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{B2E09F0B-EE1A-4FA7-A7BC-613C6FCF81D9}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\rundll32.exe|Name=rundll32.exe|Desc=rundll32.exe| "{9F77DC6F-9F72-4AD4-B4DC-81D2782EF34F}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{54BBA6D8-28ED-4757-97E7-082D2376ADC0}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{DF57BBF4-0896-45C4-A5AF-3F117B50DC81}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{110F3D51-F8D4-4E15-832D-4363B894001A}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "TCP Query User{638A745C-BF2A-4603-BED3-EC92679C403E}D:\program files (x86)\rolistik\rolistik.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=D:\program files (x86)\rolistik\rolistik.exe|Name=rolistik|Desc=rolistik|Defer=User| "UDP Query User{1AFC4BB6-C715-45C7-8A1B-EB70CD9DCC42}D:\program files (x86)\rolistik\rolistik.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=D:\program files (x86)\rolistik\rolistik.exe|Name=rolistik|Desc=rolistik|Defer=User| "TCP Query User{C6F043EC-4B71-4D75-9C3E-095B6E468F5A}D:\games\red faction guerrilla remarstered\rfg.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=D:\games\red faction guerrilla remarstered\rfg.exe|Name=rfg|Desc=rfg|Defer=User| "UDP Query User{55A5972F-24F5-47EA-9A6A-9DF6D0210506}D:\games\red faction guerrilla remarstered\rfg.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=D:\games\red faction guerrilla remarstered\rfg.exe|Name=rfg|Desc=rfg|Defer=User| "{901ECDE0-233D-4390-9038-D22D95C55216}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\rundll32.exe|Name=rundll32.exe|Desc=rundll32.exe| "{3948A2FD-BE40-49BB-8DC6-94F34DEECCC2}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{6C78370F-0978-4E27-AD10-6FE50FE3EF89}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{46E59DC0-9DAF-48D1-BE27-B7D77431FC3D}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{B08AEE73-E272-415C-9065-B05FA14581FA}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{F94B3E11-4039-4DE9-B7C3-0CA9D73B259D}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\rundll32.exe|Name=rundll32.exe|Desc=rundll32.exe| "{FE6CE138-5B5C-487F-A0EA-474D03B41F34}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{4C6B2BB3-142F-4D0F-A4CB-24D362ED4130}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{BBFF483B-2117-4B44-8B50-CA0D9B065303}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{D3F2265E-11F9-4A10-9768-C8A2A704652F}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{744EB68A-DDC2-4087-AFF2-10373D63D8CB}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\rundll32.exe|Name=rundll32.exe|Desc=rundll32.exe| "{0313F612-DB4D-4EE7-A738-F7990769CFD9}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{1084EBFF-1BCE-4952-8D66-06AAC6F8F497}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{D3CFDDE2-E79A-4F2B-AADD-71E07E4BD696}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\rundll32.exe|Name=rundll32.exe|Desc=rundll32.exe| "{0BE84121-260D-44BC-BCF9-C8288A624619}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{BF6F0399-46BC-4F15-ADB8-2DF3CD17C969}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{DBA8A1F2-E4B7-4534-8F30-0DC25682E25C}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\rundll32.exe|Name=rundll32.exe|Desc=rundll32.exe| "{482BC7DA-AC50-4D27-8B4F-0E4C794A290A}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{B56A9C0B-13BF-43FD-97E5-D23640A9D7BC}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{B7D83030-6549-422C-ACAE-A36C24019531}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{149AD369-9A41-483B-BE72-173D16F7406A}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{8C72F188-DBCB-4A3F-96E5-3A9EB2D1AFEB}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\rundll32.exe|Name=rundll32.exe|Desc=rundll32.exe| "{59ADDB46-5AE4-4594-92CD-4E5B5FE6DF6D}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{02654567-A9C8-4A3F-9CAD-498FBBF10911}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\rundll32.exe|Name=rundll32.exe|Desc=rundll32.exe| "{FDD3F0FE-4101-48F5-8698-7AD1A4CDB10C}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{B0625CDB-BC2B-4608-BA15-4B9F34A9EB6C}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{AD9BED90-C9EB-40C9-9327-09A3E29BD86B}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\rundll32.exe|Name=rundll32.exe|Desc=rundll32.exe| "{59938564-8655-4912-91BB-F0D877419893}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{10A2B662-C6AC-4A9C-BB40-E833A951CF38}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{9013665A-2707-4B0D-A322-35FFC21F4792}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\rundll32.exe|Name=rundll32.exe|Desc=rundll32.exe| "{32FCAC79-32EC-4D44-9252-8FEAB8D30C52}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{1F198405-F92E-410A-8CE3-7DBCB6041C60}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{A21A27B0-A326-46D4-9E83-B04940FF215B}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\rundll32.exe|Name=rundll32.exe|Desc=rundll32.exe| "{6EC7104A-5D10-4951-A5AC-D0F4D6117613}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{A908839B-FE2A-411E-B0A3-A166843208C3}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{FFD63306-2255-4109-BCB8-43823387163E}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\rundll32.exe|Name=rundll32.exe|Desc=rundll32.exe| "{12D7FA85-554E-4FFB-A25A-1164832A705F}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{A16EB91C-B2D5-4482-AE2C-24662C279086}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{B59128E8-13E7-46FB-850A-6137C6580553}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\rundll32.exe|Name=rundll32.exe|Desc=rundll32.exe| "{3D97084C-B7EB-40B8-853C-AEBB0D601EEE}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{42A1C7DF-52DE-442D-AE97-F5597B50FF62}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{637B1E2B-8DDE-4344-9C88-A410932B9D42}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\rundll32.exe|Name=rundll32.exe|Desc=rundll32.exe| "{0AD8DC34-5467-4C06-9AAA-FFFEDC7D52C8}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{B6F2D4E3-3847-43ED-B968-3D32E9F9A7EA}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{B3AFF236-27FC-4C74-9278-AD8189CF34B1}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\rundll32.exe|Name=rundll32.exe|Desc=rundll32.exe| "{91823AF5-7F89-4C93-BD5B-B10AC3C187ED}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\rundll32.exe|Name=rundll32.exe|Desc=rundll32.exe| "{2DE1F287-91ED-4DF1-AF47-015F6AAA72C4}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{45AEFDB0-FD8B-4DBA-A3C6-0282CDC6FC3E}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{D1BFCA41-850B-46C5-AB66-5F2520C86F18}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\rundll32.exe|Name=rundll32.exe|Desc=rundll32.exe| "{AED61BB1-3256-4B1D-8325-21F4D9EB4386}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{F75C1BF2-D188-4FC2-92B6-AA4FB6282118}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{C4EB6B8A-7D84-4B51-B65F-CB409DD34EC4}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\rundll32.exe|Name=rundll32.exe|Desc=rundll32.exe| "{94644671-E68C-46EF-8667-5990E8584212}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{414FAE11-C16A-4D3B-B079-95D892A8DC9E}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{60B6E889-8DF1-4838-B2C2-9A9DBC56BCA8}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\rundll32.exe|Name=rundll32.exe|Desc=rundll32.exe| "{440FA31C-AD89-4A35-877C-9DA6F095A430}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{496B35CA-ACAC-41C6-8D8E-A4CC7CBD09D9}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{6CAFFF12-CD76-43FA-A570-6A749433A9AA}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\rundll32.exe|Name=rundll32.exe|Desc=rundll32.exe| "{7DD014C4-96DD-4FC7-9DD3-C6D66BC0DA97}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{57563E4E-878A-4D37-8978-379F1F45CABA}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{C21C2542-F57C-44D8-A58C-7542C7EB9A75}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\rundll32.exe|Name=rundll32.exe|Desc=rundll32.exe| "{FFCAA253-4AD6-4B81-98F2-23AA64728BFC}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{B28D3C29-DE55-4381-A055-3684714780C2}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{F08C7215-CEA5-4D37-888C-6CE2B2CFED05}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{D6BD1EDB-2D33-4375-ADEC-FE5039B1E905}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{BFF4C8F9-B910-4AAA-BCB8-285A2ED98ECD}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{5C4CB40F-B188-4234-A13A-F6A786DD4678}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\rundll32.exe|Name=rundll32.exe|Desc=rundll32.exe| "{42EA9421-56FD-484C-B6DA-AD77C5E7D750}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{361B4AA8-AD08-46F1-B7B6-710C9D053E93}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\SysWOW64\svchost.exe|Name=svchost.exe|Desc=svchost.exe| "{C5533C2D-8B7B-4CEE-8272-61431501015E}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-984768822-1242204556-3330448555-1001|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ| "{4D836D80-FDA4-4662-9F5A-5760EFBC30E8}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-984768822-1242204556-3330448555-1001|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ| ---------- | Control\Class [HKLM\SYSTEM\CurrentControlSet\Control\Class\{05f5cfe2-4733-4950-a6bb-07aad01a3a84}] : (XboxComposite) [] -> @dc1-controller.inf,%ClassName%;Xbox Peripherals [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1264760F-A5C8-4BFE-B314-D56A7B44A362}] : (DXGKrnl) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{13e42dfa-85d9-424d-8646-28a70f864f9c}] : (RemotePosDevice) [] -> @remoteposdrv.inf,%ClassName%;POS Remote Device [HKLM\SYSTEM\CurrentControlSet\Control\Class\{14b62f50-3f15-11dd-ae16-0800200c9a66}] : (DigitalMediaDevices) [] -> @digitalmediadevice.inf,%ClassName%;Digital Media Devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}] : (PrintQueue) [] -> @printqueue.inf,%ClassName%;Print queues [HKLM\SYSTEM\CurrentControlSet\Control\Class\{25dbce51-6c8f-4a72-8a6d-b54c2b4fc835}] : (WCEUSBS) [] -> @%SystemRoot%\System32\SysClass.Dll,-3026 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{268c95a1-edfe-11d3-95c3-0010dc4050a5}] : (SecurityAccelerator) [] -> @c_sslaccel.inf,%ClassName%;Security accelerators [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2a9fe532-0cdc-44f9-9827-76192f2ca2fb}] : (HidMsr) [] -> @c_magneticstripereader.inf,%ClassName%;POS HID Magnetic Stripe Reader [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2db15374-706e-4131-a0c7-d7c78eb0289a}] : (SystemRecovery) [] -> @c_fssystemrecovery.inf,%ClassDesc%;FS System recovery filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B648}] : (fvevol) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B649}] : (fvevol) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{36fc9e60-c465-11cf-8056-444553540000}] : (USB) [] -> @%SystemRoot%\System32\SysClass.Dll,-3025 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3e3f0674-c83c-4558-bb26-9820e1eba5c5}] : (ContentScreener) [] -> @c_fscontentscreener.inf,%ClassDesc%;FS Content screener filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{43675d81-502a-4a82-9f84-b75f418c5dea}] : (Media Center Extender) [] -> @c_mcx.inf,%ClassDesc%;Media Center Extenders [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4658ee7e-f050-11d1-b6bd-00c04fa372a7}] : (PnpPrinters) [] -> @%SystemRoot%\system32\ntprint.dll,-1300 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{48721b56-6795-11d2-b1a8-0080c72e74a2}] : (Dot4) [] -> @%SystemRoot%\system32\sysclass.dll,-3023 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{48d3ebc4-4cf8-48ff-b869-9c68ad42eb9f}] : (Replication) [] -> @c_fsreplication.inf,%ClassDesc%;FS Replication filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{49ce6ac8-6f86-11d2-b1e5-0080c72e74a2}] : (Dot4Print) [] -> @%SystemRoot%\system32\sysclass.dll,-3024 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e965-e325-11ce-bfc1-08002be10318}] : (CDROM) [] -> @%SystemRoot%\System32\StorProp.dll,-17001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e966-e325-11ce-bfc1-08002be10318}] : (Computer) [] -> @%SystemRoot%\System32\SysClass.dll,-3000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}] : (DiskDrive) [] -> @c_diskdrive.inf,%ClassDesc%;Disk drives [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}] : (Display) [] -> @c_display.inf,%ClassDesc%;Display adapters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e969-e325-11ce-bfc1-08002be10318}] : (FDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3013 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96a-e325-11ce-bfc1-08002be10318}] : (HDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96b-e325-11ce-bfc1-08002be10318}] : (Keyboard) [] -> @%SystemRoot%\System32\SysClass.Dll,-3002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96c-e325-11ce-bfc1-08002be10318}] : (MEDIA) [] -> @%SystemRoot%\System32\mmci.dll,-3000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}] : (Modem) [] -> @%SystemRoot%\System32\mdminst.dll,-14100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96e-e325-11ce-bfc1-08002be10318}] : (Monitor) [] -> @c_monitor.inf,%ClassDesc%;Monitors [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96f-e325-11ce-bfc1-08002be10318}] : (Mouse) [] -> @%SystemRoot%\System32\SysClass.Dll,-3004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e970-e325-11ce-bfc1-08002be10318}] : (MTD) [] -> @%SystemRoot%\System32\SysClass.Dll,-3021 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e971-e325-11ce-bfc1-08002be10318}] : (MultiFunction) [] -> @%SystemRoot%\System32\SysClass.Dll,-3014 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}] : (Net) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1502 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e973-e325-11ce-bfc1-08002be10318}] : (NetClient) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1504 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e974-e325-11ce-bfc1-08002be10318}] : (NetService) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1505 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e975-e325-11ce-bfc1-08002be10318}] : (NetTrans) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1503 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e977-e325-11ce-bfc1-08002be10318}] : (PCMCIA) [] -> @%SystemRoot%\System32\SysClass.Dll,-3010 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e978-e325-11ce-bfc1-08002be10318}] : (Ports) [] -> @%SystemRoot%\System32\msports.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e979-e325-11ce-bfc1-08002be10318}] : (Printer) [] -> @%SystemRoot%\system32\ntprint.dll,-1004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97b-e325-11ce-bfc1-08002be10318}] : (SCSIAdapter) [] -> @%SystemRoot%\System32\SysClass.Dll,-3005 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97d-e325-11ce-bfc1-08002be10318}] : (System) [] -> @%SystemRoot%\System32\SysClass.Dll,-3008 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97e-e325-11ce-bfc1-08002be10318}] : (Unknown) [] -> @%SystemRoot%\System32\SysClass.Dll,-3009 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e980-e325-11ce-bfc1-08002be10318}] : (FloppyDisk) [] -> @%SystemRoot%\System32\SysClass.Dll,-3015 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4fc9541c-0fe6-4480-a4f6-9495a0d17cd2}] : (HidLineDisplay) [] -> @c_linedisplay.inf,%ClassName%;POS Line Display [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50127dc3-0f36-415e-a6cc-4cb3be910b65}] : (Processor) [] -> @c_processor.inf,%ClassDesc%;Processors [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50906cb8-ba12-11d1-bf5d-0000f805f530}] : (MultiPortSerial) [] -> @%SystemRoot%\system32\sysclass.dll,-3022 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5099944a-f6b9-4057-a056-8c550228544c}] : (Memory) [] -> @%SystemRoot%\System32\SysClass.Dll,-3018 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50dd5230-ba8a-11d1-bf5d-0000f805f530}] : (SmartCardReader) [] -> @%SystemRoot%\System32\StorProp.dll,-17002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5175d334-c371-4806-b3ba-71fd53c9258d}] : (Sensor) [] -> @%SystemRoot%\system32\SensorsCpl.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{533c5b84-ec70-11d2-9505-00c04f79deaf}] : (VolumeSnapshot) [] -> @%SystemRoot%\System32\SysClass.Dll,-3011 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53487c23-680f-4585-acc3-1f10d6777e82}] : (SmrDisk) [] -> @c_smrdisk.inf,%ClassDesc%;Shingled magnetic recording disks [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53966cb1-4d46-4166-bf23-c522403cd495}] : (ScmDisk) [] -> @c_scmdisk.inf,%ClassDesc%;Persistent memory disks [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53b3cf03-8f5a-4788-91b6-d19ed9fcccbf}] : (SmrVolume) [] -> @c_smrvolume.inf,%ClassDesc%;Shingled magnetic recording volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53ccb149-e543-4c84-b6e0-bce4f6b7e806}] : (ScmVolume) [] -> @c_scmvolume.inf,%ClassDesc%;Storage Class Memory volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53d29ef7-377c-4d14-864b-eb3a85769359}] : (Biometric) [] -> @%SystemRoot%\System32\SysClass.DLL,-3028 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5630831c-06c9-4856-b327-f5d32586e060}] : (Proximity) [] -> @c_proximity.inf,%ClassDesc%;Proximity devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5989fce8-9cd0-467d-8a6a-5419e31529d4}] : (AudioProcessingObject) [] -> @c_apo.inf,%ClassDesc%;Audio Processing Objects (APOs) [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5aea001d-9372-4ed7-97f3-b79bf15a53c5}] : (OposLegacyDevice) [] -> @oposdrv.inf,%ClassName%;OPOS Legacy Device [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5c4c3332-344d-483c-8739-259e934c9cc8}] : (SoftwareComponent) [] -> @c_swcomponent.inf,%ClassDesc%;Software components [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5d1b9aaa-01e2-46af-849f-272b3f324c46}] : (FSFilterSystem) [] -> @c_fssystem.inf,%ClassDesc%;FS System filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{62f9c741-b25a-46ce-b54c-9bccce08b6f2}] : (SoftwareDevice) [] -> @c_swdevice.inf,%ClassDesc%;Software devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{645ad99b-1344-4316-837a-08a3e73db222}] : (PerceptionSimulation) [] -> @PerceptionSimulationSixDof.inf,%ClassName%;Perception Simulation Controllers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6a0a8e78-bba6-4fc4-a709-1e33cd09d67e}] : (PhysicalQuotaManagement) [] -> @c_fsphysicalquotamgmt.inf,%ClassDesc%;FS Physical quota management filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc1-810f-11d0-bec7-08002be2092f}] : (1394) [] -> @%SystemRoot%\System32\SysClass.Dll,-3016 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc5-810f-11d0-bec7-08002be2092f}] : (Infrared) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1501 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc6-810f-11d0-bec7-08002be2092f}] : (Image) [] -> @%SystemRoot%\system32\sti_ci.dll,-52 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6d807884-7d21-11cf-801c-08002be10318}] : (TapeDrive) [] -> @%SystemRoot%\System32\SysClass.Dll,-3006 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6FAE73B7-B735-4B50-A0DA-0DC2484B1F1A}] : (BasicDisplay) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{71a27cdd-812a-11d0-bec7-08002be2092f}] : (Volume) [] -> @c_volume.inf,%ClassDesc%;Storage volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{71aa14f8-6fad-4622-ad77-92bb9d7e6947}] : (ContinuousBackup) [] -> @c_fscontinuousbackup.inf,%ClassDesc%;FS Continuous backup filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{72631e54-78a4-11d0-bcf7-00aa00b7b32a}] : (Battery) [] -> @%SystemRoot%\system32\powrprof.dll,-611 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{745a17a0-74d3-11d0-b6fe-00a0c90f57da}] : (HIDClass) [] -> @%SystemRoot%\System32\hid.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{772e18f2-8925-4229-a5ac-6453cb482fda}] : (HidCashDrawer) [] -> @c_cashdrawer.inf,%ClassName%;POS Cash Drawer [HKLM\SYSTEM\CurrentControlSet\Control\Class\{7ebefbc0-3200-11d2-b4c2-00a0c9697d07}] : (61883) [] -> @%SystemRoot%\System32\SysClass.Dll,-3019 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{81C87465-DE07-4EFC-9D93-61E891D52FD2}] : (RdpVideoMiniport) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8503c911-a6c7-4919-8f79-5028f5866b0c}] : (QuotaManagement) [] -> @c_fsquotamgmt.inf,%ClassDesc%;FS Quota management filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{87ef9ad1-8f70-49ee-b215-ab1fcadcbe3c}] : (NetDriver) [] -> @c_netdriver.inf,%ClassDesc%;Universal Network Drivers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{88a1c342-4539-11d3-b88d-00c04fad5171}] : (TS_Generic) [] -> @ts_generic.inf,%TSClassName%;Generic Remote Desktop devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{88bae032-5a81-49f0-bc3d-a4ff138216d6}] : (USBDevice) [] -> @%SystemRoot%\System32\SysClass.Dll,-3029 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{89786ff1-9c12-402f-9c9e-17753c7f4375}] : (CopyProtection) [] -> @c_fscopyprotection.inf,%ClassDesc%;FS Copy protection filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8ecc055d-047f-11d1-a537-0000f8753ed1}] : (LegacyDriver) [] -> @%SystemRoot%\System32\SysClass.Dll,-3003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{990a2bd7-e738-46c7-b26f-1cf8fb9f1391}] : (SmartCard) [] -> @%SystemRoot%\System32\SysClass.DLL,-3031 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{9da2b80f-f89f-4a49-a5c2-511b085b9e8a}] : (EhStorSilo) [] -> @rawsilo.inf,%ClassName%;IEEE 1667 silo and control devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a588a4-c46f-4b37-b7ea-c82fe89870c6}] : (SDHost) [] -> @%SystemRoot%\System32\SysClass.Dll,-3012 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a701c0-a511-42ff-aa6c-06dc0395576f}] : (Encryption) [] -> @c_fsencryption.inf,%ClassDesc%;FS Encryption filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{A3E32DBA-BA89-4F17-8386-2D0127FBD4CC}] : (rdpbus) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{A73C93F1-9727-4D1D-ACE1-0E333BA4E7DB}] : (nvlddmkm) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b1d1a169-c54f-4379-81db-bee7d88d7454}] : (AntiVirus) [] -> @c_fsantivirus.inf,%ClassDesc%;FS Anti-virus filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b2728d24-ac56-42db-9e02-8edaf5db652f}] : (RDCamera) [] -> @rdcameradriver.inf,%ClassName%;Remote Desktop Camera devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b86dff51-a31e-4bac-b3cf-e8cfe75c9fc2}] : (ActivityMonitor) [] -> @c_fsactivitymonitor.inf,%ClassDesc%;FS Activity monitor filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{bbbe8734-08fa-4966-b6a6-4e5ad010cdd7}] : (USBFunctionController) [] -> @%SystemRoot%\System32\SysClass.Dll,-3030 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c06ff265-ae09-48f0-812c-16753d7cba83}] : (AVC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3027 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c166523c-fe0c-4a94-a586-f1a80cfbbf3e}] : (AudioEndpoint) [] -> @audioendpoint.inf,%ClassName%;Audio inputs and outputs [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c243ffbd-3afc-45e9-b3d3-2ba18bc7ebc5}] : (BarcodeScanner) [] -> @c_barcodescanner.inf,%ClassName%;POS Barcode Scanner [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c30ecea0-11ef-4ef9-b02e-6af81e6e65c0}] : (WSDPrintDevice) [] -> @wsdprint.inf,%ClassName%;WSD Print Provider [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c7bc9b22-21f0-4f0d-9bb6-66c229b8cd33}] : (POSPrinter) [] -> @c_receiptprinter.inf,%ClassName%;POS Receipt Printer [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}] : (BluetoothVirtual) [] -> @oem14.inf,%BluetoothVirtualName%;Bluetooth Virtual Devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{ca3e7ab9-b4c3-4ae6-8251-579ef933890f}] : (Camera) [] -> @c_camera.inf,%ClassDesc%;Cameras [HKLM\SYSTEM\CurrentControlSet\Control\Class\{cdcf0939-b75b-4630-bf76-80f7ba655884}] : (CFSMetadataServer) [] -> @c_fscfsmetadataserver.inf,%ClassDesc%;FS CFS metadata server filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{ce5939ae-ebde-11d0-b181-0000f8753ec4}] : (MediumChanger) [] -> @%SystemRoot%\System32\StorProp.dll,-17003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d02bc3da-0c8e-4945-9bd5-f1883c226c8c}] : (SecurityEnhancer) [] -> @c_fssecurityenhancer.inf,%ClassDesc%;FS Security enhancer filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d421b08e-6d16-41ca-9c4d-9147e5ac98e0}] : (Miracast) [] -> @miradisp.inf,%ClassName%;Miracast display devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d48179be-ec20-11d1-b6b8-00c04fa372a7}] : (SBP2) [] -> @%SystemRoot%\System32\SysClass.Dll,-3017 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d546500a-2aeb-45f6-9482-f4b1799c3177}] : (HSM) [] -> @c_fshsm.inf,%ClassDesc%;FS HSM filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d612553d-06b1-49ca-8938-e39ef80eb16f}] : (Holographic) [] -> @c_holographic.inf,%ClassName%;Mixed Reality devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d61ca365-5af4-4486-998b-9db4734c6ca3}] : (XnaComposite) [] -> @xusb22.inf,%XUSB22.ClassName%;Xbox 360 Peripherals [HKLM\SYSTEM\CurrentControlSet\Control\Class\{D8F93C3F-0DCD-4039-813F-23EA296EBBEA}] : (FTDIBUS) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d94ee5d8-d189-4994-83d2-f68d7d41b0e6}] : (SecurityDevices) [] -> @%SystemRoot%\System32\SysClass.Dll,-3020 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{db4f6ddd-9c0e-45e4-9597-78dbbad0f412}] : (SmartCardFilter) [] -> @%SystemRoot%\System32\SysClass.DLL,-3032 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e0cbf06c-cd8b-4647-bb8a-263b43f0f974}] : (Bluetooth) [] -> @%SystemRoot%\system32\bthci.dll,-4001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e2f84ce7-8efa-411c-aa69-97454ca4cb57}] : (Extension) [] -> @c_extension.inf,%ClassDesc%;Extensions [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e55fa6f9-128c-4d04-abab-630c74b1453a}] : (Infrastructure) [] -> @c_fsinfrastructure.inf,%ClassDesc%;FS Infrastructure filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e6f1aa1c-7f3b-4473-b2e8-c97d8ac71d53}] : (UCM) [] -> @c_ucm.inf,%ClassDesc%;USB Connector Managers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{eec5ad98-8080-425f-922a-dabf3de3f69a}] : (WPD) [] -> @%SystemRoot%\System32\wpd_ci.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f2e7dd72-6468-4e36-b6f1-6488f42c1b52}] : (Firmware) [] -> @c_firmware.inf,%ClassDesc%;Firmware [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f3586baf-b5aa-49b5-8d6c-0569284c639f}] : (Compression) [] -> @c_fscompression.inf,%ClassDesc%;FS Compression filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f75a86c0-10d8-4c3a-b233-ed60e4cdfaac}] : (Virtualization) [] -> @c_fsvirtualization.inf,%ClassDesc%;FS Virtualization filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f8ecafa6-66d1-41a5-899b-66585d7216b7}] : (OpenFileBackup) [] -> @c_fsopenfilebackup.inf,%ClassDesc%;FS Open file backup filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{fe8f1572-c67a-48c0-bbac-0b5c6d66cafb}] : (Undelete) [] -> @c_fsundelete.inf,%ClassDesc%;FS Undelete filters [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5] -> elstrans.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) ---------- | Loaded modules (whitelist) [06/10/2017 21:43:17] - (8.98.0.0) - (REALiX(tm) - HWiNFO AMD64 Kernel Driver) - C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [05/07/2018 17:37:01] - (24.21.13.9836) - (NVIDIA Corporation - NVIDIA Windows Kernel Mode Driver, Version 398.36) - C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_485c1c3102021986\nvlddmkm.sys [06/10/2017 21:45:43] - (10.0.0.355) - (Qualcomm Atheros Communications, Inc. - Qualcomm Atheros Extensible Wireless LAN device driver) - C:\WINDOWS\System32\drivers\athw10x.sys [06/10/2017 21:45:14] - (15.8.2.5) - (ELAN Microelectronic Corp. - ELAN SMBus Driver) - C:\WINDOWS\System32\drivers\ETDSMBus.sys [05/07/2018 17:33:51] - (4.6.0.0) - (NVIDIA Corporation - NVIDIA Virtual Audio Driver) - C:\WINDOWS\system32\drivers\nvvad64v.sys [29/10/2017 11:52:27] - (202.0.0.0) - (NVIDIA Corporation - Virtual USB Host Controller driver) - C:\WINDOWS\System32\drivers\nvvhci.sys [20/12/2016 17:55:37] - (3.4.0.0) - (Disc Soft Ltd - DAEMON Tools Lite Virtual USB Bus Driver) - C:\WINDOWS\System32\drivers\dtliteusbbus.sys [20/12/2016 17:55:32] - (5.28.0.0) - (Disc Soft Ltd - DAEMON Tools Lite Virtual SCSI Bus Driver) - C:\WINDOWS\System32\drivers\dtlitescsibus.sys [27/12/2017 21:19:35] - (6.1.7600.16385) - (Windows (R) Win 7 DDK provider - VB Virtual Audio Device) - C:\WINDOWS\system32\DRIVERS\vbaudio_vmvaio64_win7.sys [09/11/2017 05:38:54] - (1.3.37.4) - (NVIDIA Corporation - NVIDIA HDMI Audio Driver) - C:\WINDOWS\system32\drivers\nvhda64v.sys ---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service S0 - [Kernel Driver] - 3ware () -> System32\drivers\3ware.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - ACPI (@acpi.inf,%ACPI.SvcDesc%;Microsoft ACPI Driver) -> System32\drivers\ACPI.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - acpiex (Microsoft ACPIEx Driver) -> System32\Drivers\acpiex.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - ADP80XX () -> System32\drivers\ADP80XX.SYS - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdsata () -> System32\drivers\amdsata.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdsbs () -> System32\drivers\amdsbs.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdxata () -> System32\drivers\amdxata.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - arcsas (@arcsas.inf,%arcsas_ServiceName%;Adaptec SAS/SATA-II RAID Storport's Miniport Driver) -> System32\drivers\arcsas.sys - AcceptPause: False - AcceptStop: False R0 - [File System Driver] - aswbidsh (aswbidsh) -> system32\drivers\aswbidsha.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - aswblog (aswblog) -> system32\drivers\aswbloga.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - aswbuniv (aswbuniv) -> system32\drivers\aswbuniva.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - aswRvrt (aswRvrt) -> system32\drivers\aswRvrt.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - aswVmm (aswVmm) -> system32\drivers\aswVmm.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - atapi (@mshdc.inf,%idechannel.DeviceDesc%;IDE Channel) -> System32\drivers\atapi.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - b06bdrv (@netbvbda.inf,%vbd_srv_desc%;QLogic Network Adapter VBD) -> System32\drivers\bxvbda.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - bttflt (@virtdisk.inf,%service_desc%;Microsoft Hyper-V VHDPMEM BTT Filter) -> System32\drivers\bttflt.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - cht4iscsi () -> System32\drivers\cht4sx64.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - CLFS (@%SystemRoot%\system32\drivers\clfs.sys,-100) -> System32\drivers\CLFS.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - CNG () -> System32\Drivers\cng.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - Disk (@disk.inf,%disk_ServiceDesc%;Disk Driver) -> System32\drivers\disk.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - ebdrv (@netevbda.inf,%vbd_srv_desc%;QLogic 10 Gigabit Ethernet Adapter VBD) -> System32\drivers\evbda.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - EhStorClass (@%SystemRoot%\system32\drivers\EhStorClass.sys,-100) -> System32\drivers\EhStorClass.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - EhStorTcgDrv (@ehstortcgdrv.inf,%EhStorTcgDrv.Desc%;Microsoft driver for storage devices supporting IEEE 1667 and TCG protocols) -> System32\drivers\EhStorTcgDrv.sys - AcceptPause: False - AcceptStop: False R0 - [File System Driver] - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) -> System32\drivers\fileinfo.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) -> system32\drivers\fltmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) -> System32\DRIVERS\fvevol.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - HpSAMD () -> System32\drivers\HpSAMD.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) -> System32\drivers\hwpolicy.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - iaStorA (@oem33.inf,%iaStorA.DeviceDesc%;Intel(R) Chipset SATA/PCIe RST Premium Controller) -> System32\drivers\iaStorA.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - iaStorAVC (@iastorav.inf,%iaStorAVC.DeviceDesc%;Intel Chipset SATA RAID Controller) -> System32\drivers\iaStorAVC.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - iaStorV (@iastorv.inf,%*PNP0600.DeviceDesc%;Intel RAID Controller Windows 7) -> System32\drivers\iaStorV.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - intelide () -> System32\drivers\intelide.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - intelpep (@intelpep.inf,%INTELPEP.SVCDESC%;Intel(R) Power Engine Plug-in Driver) -> System32\drivers\intelpep.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - iorate (@%SystemRoot%\system32\drivers\iorate.sys,-101) -> system32\drivers\iorate.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - isapnp () -> System32\drivers\isapnp.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - ItSas35i () -> System32\drivers\ItSas35i.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - KSecDD () -> System32\Drivers\ksecdd.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - KSecPkg () -> System32\Drivers\ksecpkg.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - LSI_SAS () -> System32\drivers\lsi_sas.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SAS2i () -> System32\drivers\lsi_sas2i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SAS3i () -> System32\drivers\lsi_sas3i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SSS () -> System32\drivers\lsi_sss.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasas () -> System32\drivers\megasas.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasas2i () -> System32\drivers\MegaSas2i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasas35i () -> System32\drivers\megasas35i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasr () -> System32\drivers\megasr.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) -> System32\drivers\mountmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - msisadrv () -> System32\drivers\msisadrv.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - Mup (@%systemroot%\system32\drivers\mup.sys,-101) -> System32\Drivers\mup.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - mvumis () -> System32\drivers\mvumis.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) -> system32\drivers\ndis.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - nvraid () -> System32\drivers\nvraid.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - nvstor () -> System32\drivers\nvstor.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) -> System32\drivers\partmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - pci (@pci.inf,%pci_svcdesc%;Pilote de bus PCI) -> System32\drivers\pci.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - pciide () -> System32\drivers\pciide.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - pcmcia () -> System32\drivers\pcmcia.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - pcw (Performance Counters for Windows Driver) -> System32\drivers\pcw.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - pdc (@%SystemRoot%\system32\drivers\pdc.sys,-100) -> system32\drivers\pdc.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - percsas2i () -> System32\drivers\percsas2i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - percsas3i () -> System32\drivers\percsas3i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - Ramdisk (Windows RAM Disk Driver) -> system32\DRIVERS\ramdisk.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - rdyboost (ReadyBoost) -> System32\drivers\rdyboost.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - sbp2port (@sbp2.inf,%sbp2_ServiceDesc%;SBP-2 Transport/Protocol Bus Driver) -> System32\drivers\sbp2port.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - scmbus (@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver) -> System32\drivers\scmbus.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - SgrmAgent (@%SystemRoot%\System32\Drivers\SgrmAgent.sys,-1001) -> system32\drivers\SgrmAgent.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - SiSRaid2 () -> System32\drivers\SiSRaid2.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - SiSRaid4 () -> System32\drivers\sisraid4.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - spaceport (@spaceport.inf,%Spaceport_ServiceDesc%;Storage Spaces Driver) -> System32\drivers\spaceport.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - stexstor () -> System32\drivers\stexstor.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storahci (@mshdc.inf,%storahci_ServiceDescription%;Microsoft Standard SATA AHCI Driver) -> System32\drivers\storahci.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storflt (@wstorflt.inf,%service_desc%;Microsoft Hyper-V Storage Accelerator) -> System32\drivers\vmstorfl.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - stornvme (@stornvme.inf,%StorNVMe_ServiceDesc%;Microsoft Standard NVM Express Driver) -> System32\drivers\stornvme.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storufs (@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver) -> System32\drivers\storufs.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storvsc () -> System32\drivers\storvsc.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - Tcpip (@%SystemRoot%\system32\drivers\tcpip.sys,-10001) -> System32\drivers\tcpip.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - vdrvroot (@vdrvroot.inf,%vdrvroot_svcdesc%;Microsoft Virtual Drive Enumerator) -> System32\drivers\vdrvroot.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - vmbus (@wvmbus.inf,%vmbus.SVCDESC%;Virtual Machine Bus) -> System32\drivers\vmbus.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - volmgr (@volmgr.inf,%volmgr_svcdesc%;Volume Manager Driver) -> System32\drivers\volmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) -> System32\drivers\volmgrx.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volsnap (@%SystemRoot%\system32\drivers\volsnap.sys,-100) -> System32\drivers\volsnap.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volume (@volume.inf,%VolumeServiceDesc%;Volume driver) -> System32\drivers\volume.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - vsmraid () -> System32\drivers\vsmraid.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - VSTXRAID (@vstxraid.inf,%Driver.DeviceDesc%;VIA StorX Storage RAID Controller Windows Driver) -> System32\drivers\vstxraid.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) -> system32\drivers\Wdf01000.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WFPLWFS (@%SystemRoot%\System32\drivers\wfplwfs.sys,-6000) -> System32\drivers\wfplwfs.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WindowsTrustedRT (Windows Trusted Execution Environment Class Extension) -> system32\drivers\WindowsTrustedRT.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WindowsTrustedRTProxy (@WindowsTrustedRTProxy.inf,%WindowsTrustedRTProxy.SVCDESC%;Microsoft Windows Trusted Runtime Secure Service) -> System32\drivers\WindowsTrustedRTProxy.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - Wof (Windows Overlay File System Filter Driver) -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) -> \SystemRoot\system32\drivers\afd.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - afunix (afunix) -> \SystemRoot\system32\drivers\afunix.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - ahcache (@%systemroot%\system32\drivers\ahcache.sys,-102) -> system32\DRIVERS\ahcache.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - aswArPot (aswArPot) -> system32\drivers\aswArPot.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - aswbidsdriver (aswbidsdriver) -> system32\drivers\aswbidsdrivera.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - aswHdsKe (aswHdsKe) -> system32\drivers\aswHdsKe.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - aswRdr (aswRdr) -> system32\drivers\aswRdr2.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - aswSnx (aswSnx) -> system32\drivers\aswSnx.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - aswSP (aswSP) -> system32\drivers\aswSP.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - bam (@%SystemRoot%\system32\drivers\bam.sys,-100) -> system32\drivers\bam.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - BasicDisplay () -> \SystemRoot\System32\drivers\BasicDisplay.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - BasicRender () -> \SystemRoot\System32\drivers\BasicRender.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Beep (Beep) -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - cdrom (@cdrom.inf,%cdrom_ServiceDesc%;CD-ROM Driver) -> \SystemRoot\System32\drivers\cdrom.sys - AcceptPause: False - AcceptStop: True S1 - [Kernel Driver] - dam (@%SystemRoot%\system32\drivers\dam.sys,-100) -> system32\drivers\dam.sys - AcceptPause: False - AcceptStop: False R1 - [File System Driver] - Dfsc (@%systemroot%\system32\wkssvc.dll,-1008) -> System32\Drivers\dfsc.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - DXGKrnl (LDDM Graphics Subsystem) -> \SystemRoot\System32\drivers\dxgkrnl.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - FileCrypt (@%systemroot%\system32\drivers\filecrypt.sys,-100) -> system32\drivers\filecrypt.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - GpuEnergyDrv (@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100) -> System32\drivers\gpuenergydrv.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - HWiNFO32 (HWiNFO32/64 Kernel Driver) -> \??\C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - Msfs () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - mssmbios (@mssmbios.inf,%mssmbios_svcdesc%;Microsoft System Management BIOS Driver) -> \SystemRoot\System32\drivers\mssmbios.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - NetBIOS (@%windir%\system32\drivers\netbios.sys,-503) -> system32\drivers\netbios.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - NetBT (@%SystemRoot%\system32\drivers\netbt.sys,-2) -> System32\DRIVERS\netbt.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - Npfs () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - npsvctrig (@npsvctrig.inf,%NPSVCTRIG.SvcDisplayName%;Named pipe service trigger provider) -> \SystemRoot\System32\drivers\npsvctrig.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) -> system32\drivers\nsiproxy.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Null () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Psched (@%windir%\System32\drivers\pacer.sys,-101) -> System32\drivers\pacer.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) -> system32\DRIVERS\rdbss.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) -> \SystemRoot\system32\DRIVERS\tdx.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - vwififlt (@%SystemRoot%\System32\drivers\vwififlt.sys,-259) -> System32\drivers\vwififlt.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - aswMonFlt (aswMonFlt) -> system32\drivers\aswMonFlt.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - aswStm (aswStm) -> system32\drivers\aswStm.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - CldFlt (Windows Cloud Files Filter Driver) -> system32\drivers\cldflt.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - lltdio (@%SystemRoot%\system32\lltdres.dll,-6) -> system32\drivers\lltdio.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) -> \SystemRoot\system32\drivers\luafv.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - MMCSS (@%systemroot%\system32\drivers\mmcss.sys,-100) -> \SystemRoot\system32\drivers\mmcss.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - MsLldp (@%SystemRoot%\system32\drivers\mslldp.sys,-200) -> system32\drivers\mslldp.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - Ndu (@%SystemRoot%\system32\drivers\Ndu.sys,-10001) -> system32\drivers\Ndu.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - PEAUTH (PEAUTH) -> system32\drivers\peauth.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - rspndr (@%SystemRoot%\system32\lltdres.dll,-5) -> system32\drivers\rspndr.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - srv (@%systemroot%\system32\srvsvc.dll,-102) -> System32\DRIVERS\srv.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - storqosflt (@%SystemRoot%\System32\drivers\storqosflt.sys,-101) -> system32\drivers\storqosflt.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - tcpipreg (TCP/IP Registry Compatibility) -> System32\drivers\tcpipreg.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - wanarp (@%systemroot%\system32\mprmsg.dll,-32011) -> System32\DRIVERS\wanarp.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - wcifs (@%systemroot%\system32\drivers\wcifs.sys,-100) -> \SystemRoot\system32\drivers\wcifs.sys - AcceptPause: False - AcceptStop: True ---------- | System files (Microsoft|Avast|Atheros|Adaptec|Brother|Intel Files whitelisted) ---------- | Uninstall (Whitelist) [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\GameRanger] : (GameRanger.-.GameRanger Technologies) -> C:\Users\admin\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe /uninstall [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\iStripper_is1] : (iStripper version 1.2.148.-.Totem Entertainment) -> "C:\Users\admin\AppData\Local\vghd\bin\unins000.exe" [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\New LEGO Digital Designer] : (.-.) -> [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{V-01}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F64180151F0}] : (Java 8 Update 151 (64-bit).-.Oracle Corporation) -> MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F64180151F0} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}] : (Paint.NET v3.5.10.-.dotPDN LLC) -> MsiExec.exe /X{529125EF-E3AC-4B74-97E6-F688A7C0F1C0} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{64A3A4F4-B792-11D6-A78A-00B0D0180111}] : (Java SE Development Kit 8 Update 111 (64-bit).-.Oracle Corporation) -> MsiExec.exe /X{64A3A4F4-B792-11D6-A78A-00B0D0180111} ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{66C5838F-B854-4A55-89E6-A6138747A4DF}] : (Epic Games Launcher Prerequisites (x64).-.Epic Games, Inc.) -> MsiExec.exe /X{66C5838F-B854-4A55-89E6-A6138747A4DF} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{A2199A06-89C4-4187-AA4A-3A9676FB799D}] : (SlimDX Runtime .NET 4.0 x64 (January 2012).-.SlimDX Group) -> MsiExec.exe /X{A2199A06-89C4-4187-AA4A-3A9676FB799D} ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel] : (NVIDIA Ansel.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel] : (Panneau de configuration NVIDIA 398.36.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus] : (NVIDIA Optimus Update 31.2.0.0.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update] : (Mises à jour NVIDIA 31.2.0.0.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer] : (DisplayDriverAnalyzer.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv] : (NVIDIA SHIELD Streaming.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer] : (NVIDIA Install Application.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvBackend] : (NVIDIA Backend.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer] : (NVIDIA Container.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.ContainerTelemetryApiHelper] : (NVIDIA TelemetryApi helper for NvContainer.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.LocalSystem] : (NVIDIA LocalSystem Container.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.MessageBus] : (NVIDIA Message Bus for NvContainer.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NetworkService] : (NVIDIA NetworkService Container.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.Session] : (NVIDIA Session Container.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.User] : (NVIDIA User Container.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainer] : (NVIDIA Display Container.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainerLS] : (NVIDIA Display Container LS.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayPluginWatchdog] : (NVIDIA Display Watchdog Plugin.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplaySessionContainer] : (NVIDIA Display Session Container.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs] : (NVIDIA NodeJS.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvPlugin.Watchdog] : (NVIDIA Watchdog Plugin for NvContainer.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry] : (NVIDIA Telemetry Client.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetryContainer] : (NVIDIA Telemetry Container.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci] : (NVIDIA Virtual Host Controller.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_OSC] : (Nvidia Share.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay] : (NVIDIA ShadowPlay 3.14.0.139.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController] : (NVIDIA SHIELD Wireless Controller Driver.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core] : (NVIDIA Update Core.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver] : (NVIDIA Virtual Audio 4.06.0.-.NVIDIA Corporation) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}] : (WIDCOMM Bluetooth Software.-.Broadcom Corporation) -> MsiExec.exe /X{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\12bbe590-c890-11d9-9669-0800200c9a66_is1] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\47f759c33d0cc269] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Call of Duty Infinite Warfare - Patch FR 1.0] : (.-.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Fraps] : (Fraps.-.) -> "D:\Fraps\uninstall.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield Uninstall Information] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\LogMeIn Hamachi] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Microsoft .NET Framework 1.1 (1033)] : (Microsoft .NET Framework 1.1.-.) -> msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Panda Devices Agent] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Panda Universal Agent Endpoint] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\pandasecuritytb] : (Panda Safe Web.-.Panda Security and Visicom Media Inc.) -> C:\Program Files (x86)\pandasecuritytb\uninstall.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\PrtScr_is1] : (PrtScr 1.7.-.FireStarter) -> "D:\Program Files (x86)\PrtScr\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\RAM Cheat] : (RAM Cheat.-.) -> D:\RAM Cheat\RAMCheat.exe uninst [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\The Elder Scrolls Online] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\VB:Voicemeeter {17359A74-1236-5467}] : (Voicemeeter, The Virtual Mixing Console.-.VB-Audio Software) -> C:\Program Files (x86)\VB\Voicemeeter\VoicemeeterProSetup.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Warhammer 40000 Gladius Relics of War_is1] : (Warhammer 40000 Gladius Relics of War.-.) -> "D:\Games\Warhammer 40000 Gladius Relics of War\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{09AAAB09-6DBA-4DD9-9865-54597D3FBCA8}] : (Antidote 8.-.Druide informatique inc.) -> MsiExec.exe /X{09AAAB09-6DBA-4DD9-9865-54597D3FBCA8} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{12790C5E-9426-4EF5-A9AC-8ADA8F31F465}] : (Launcher MOD CSP-IRG.-.MOD CSP-IRG) -> MsiExec.exe /I{12790C5E-9426-4EF5-A9AC-8ADA8F31F465} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1A61270A-9403-11E7-86C1-005056951CAD}] : (Evernote v. 6.7.4.-.Evernote Corp.) -> MsiExec.exe /X{1A61270A-9403-11E7-86C1-005056951CAD} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}] : (Minecraft.-.Mojang) -> MsiExec.exe /X{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{209339B5-F8A6-41A3-9114-FC0679B2BC6A}] : (Driver Fusion.-.Treexy) -> MsiExec.exe /I{209339B5-F8A6-41A3-9114-FC0679B2BC6A} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{2159EE5E-FFC8-4451-9A4F-E09C591FB2BC}] : (PlayStation™Now.-.Sony Interactive Entertainment Network America LLC) -> MsiExec.exe /X{2159EE5E-FFC8-4451-9A4F-E09C591FB2BC} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F32180151F0}] : (Java 8 Update 151.-.Oracle Corporation) -> MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F32180151F0} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F32180161F0}] : (Java 8 Update 161.-.Oracle Corporation) -> MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F32180161F0} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F32180172F0}] : (Java 8 Update 172.-.Oracle Corporation) -> MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F32180172F0} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}] : (Skype™ 7.40.-.Skype Technologies S.A.) -> MsiExec.exe /X{3B7E914A-93D5-4A29-92BB-AF8C3F66C431} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{3E1679DA-5081-44AA-B4C2-BF8EE7E107E0}] : (OpenOffice 4.1.3.-.Apache Software Foundation) -> MsiExec.exe /I{3E1679DA-5081-44AA-B4C2-BF8EE7E107E0} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{44A2E0CC-A3A2-45CA-A007-CB8BFBE7339E}] : (Epic Games Launcher.-.Epic Games, Inc.) -> MsiExec.exe /X{44A2E0CC-A3A2-45CA-A007-CB8BFBE7339E} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}] : (Java Auto Updater.-.Oracle Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{612C34C7-5E90-47D8-9B5C-0F717DD82726}] : (swMSM.-.Adobe Systems, Inc) -> MsiExec.exe /I{612C34C7-5E90-47D8-9B5C-0F717DD82726} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{68A5CFDB-E05C-46BC-B2EB-988D1E2C2444}_is1] : (MegaTrainer Ultimate version 1.4.8.1.-.MegaDev) -> "D:\Program Files (x86)\MegaDev\MegaTrainerUltimate\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{7EBD0E43-6AC0-4CA8-9990-00E50069AD29}] : (SlimDX Runtime .NET 4.0 x86 (January 2012).-.SlimDX Group) -> MsiExec.exe /X{7EBD0E43-6AC0-4CA8-9990-00E50069AD29} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{92154A3C-9BB7-49D7-A571-4EB6373FA5AD}] : (Assistant de téléchargement.-.Druide informatique inc.) -> MsiExec.exe /X{92154A3C-9BB7-49D7-A571-4EB6373FA5AD} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}] : (Google Update Helper.-.Google Inc.) -> MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-0804-1033-1959-001824272646}] : (Adobe Refresh Manager.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-0804-1033-1959-001824272646} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}] : (Adobe Acrobat Reader DC - Français.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-AC0F074E4100} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{BE027D62-0BFF-447A-82CB-B61A6EB030C3}_is1] : (CnC SGU Private Beta V2.0 TaGoAsRe B1-131223.-.Syton Entertainment) -> "C:\Program Files (x86)\Syton Entertainment\CnC Stargate Universe\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F36ED29E-33E1-48AB-95DA-2498AD41A9A0}] : (Curse.-.Curse) -> MsiExec.exe /X{F36ED29E-33E1-48AB-95DA-2498AD41A9A0} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{f761359c-9ced-45ae-9a51-9d6605cd55c4}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{V-01}] : (.-.) -> ---------- | Ports ---------- | Installer [HKCR\Installer\Products\30DE9D6CFCF60144C97B54AC82F5E911] : WIDCOMM Bluetooth Software -> C:\Windows\Installer\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}\ARPPRODUCTICON.exe [HKCR\Installer\Products\34E0DBE70CA68AC49909005E0096DA92] : SlimDX Runtime .NET 4.0 x86 (January 2012) -> C:\WINDOWS\Installer\{7EBD0E43-6AC0-4CA8-9990-00E50069AD29}\SdxIconBlack.exe [HKCR\Installer\Products\3ACB61C11CBE6F946832F8FB9BCC8C27] : Minecraft -> C:\Windows\Installer\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}\minecraft.ico [HKCR\Installer\Products\4EA42A62D9304AC4784BF2238110150F] : Java 8 Update 151 -> C:\Program Files (x86)\Java\jre1.8.0_151\\bin\javaws.exe [HKCR\Installer\Products\4EA42A62D9304AC4784BF2238110160F] : Java 8 Update 161 -> C:\Program Files (x86)\Java\jre1.8.0_161\\bin\javaws.exe [HKCR\Installer\Products\4EA42A62D9304AC4784BF2238110270F] : Java 8 Update 172 -> C:\Program Files (x86)\Java\jre1.8.0_172\\bin\javaws.exe [HKCR\Installer\Products\4EA42A62D9304AC4784BF2468110150F] : Java 8 Update 151 (64-bit) -> C:\Program Files\Java\jre1.8.0_151\\bin\javaws.exe [HKCR\Installer\Products\4F4A3A46297B6D117AA8000B0D811011] : Java SE Development Kit 8 Update 111 (64-bit) -> C:\Program Files\Java\jdk1.8.0_111\\bin\javaws.exe [HKCR\Installer\Products\5B9339026A8F3A141941CF60972BCBA6] : Driver Fusion -> C:\WINDOWS\Installer\{209339B5-F8A6-41A3-9114-FC0679B2BC6A}\logo_other.exe [HKCR\Installer\Products\60A9912A4C987814AAA4A36967BF97D9] : SlimDX Runtime .NET 4.0 x64 (January 2012) -> C:\WINDOWS\Installer\{A2199A06-89C4-4187-AA4A-3A9676FB799D}\SdxIconBlack.exe [HKCR\Installer\Products\68AB67CA408033019195008142726264] : Adobe Refresh Manager -> C:\WINDOWS\Installer\{AC76BA86-0804-1033-1959-001824272646}\ARPPRODUCTICON.exe [HKCR\Installer\Products\68AB67CA7DA76301B744CAF070E41400] : Adobe Acrobat Reader DC - Français -> C:\Windows\Installer\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}\SC_Reader.ico [HKCR\Installer\Products\7C43C21609E58D74B9C5F017D78D7262] : swMSM -> C:\WINDOWS\Installer\{612C34C7-5E90-47D8-9B5C-0F717DD82726}\ARPPRODUCTICON.exe [HKCR\Installer\Products\90BAAA90ABD69DD489564595D7F3CB8A] : Antidote 8 -> C:\Windows\Installer\{09AAAB09-6DBA-4DD9-9865-54597D3FBCA8}\ARPPRODUCTICON.exe [HKCR\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E] : Google Update Helper [HKCR\Installer\Products\A07216A130497E11681C00056559C1DA] : Evernote v. 6.7.4 -> C:\WINDOWS\Installer\{1A61270A-9403-11E7-86C1-005056951CAD}\Evernote.ico [HKCR\Installer\Products\A419E7B35D3992A429BBFAC8F3664C13] : Skype™ 7.40 -> C:\Windows\Installer\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}\SkypeIcon.exe [HKCR\Installer\Products\AD9761E31805AA444B2CFBE87E1E700E] : OpenOffice 4.1.3 -> C:\Windows\Installer\{3E1679DA-5081-44AA-B4C2-BF8EE7E107E0}\soffice.ico [HKCR\Installer\Products\C3A451297BB97D945A17E46B73F35ADA] : Assistant de téléchargement -> C:\Windows\Installer\{92154A3C-9BB7-49D7-A571-4EB6373FA5AD}\ARPPRODUCTICON.exe [HKCR\Installer\Products\CC0E2A442A3AAC540A70BCB8BF7E33E9] : Epic Games Launcher -> C:\WINDOWS\Installer\{44A2E0CC-A3A2-45CA-A007-CB8BFBE7339E}\Installer.ico [HKCR\Installer\Products\E5C0972162495FE49ACAA8ADF8134F56] : Launcher MOD CSP-IRG -> C:\WINDOWS\Installer\{12790C5E-9426-4EF5-A9AC-8ADA8F31F465}\_853F67D554F05449430E7E.exe [HKCR\Installer\Products\E5EE95128CFF1544A9F40EC995F12BCB] : PlayStation™Now -> C:\WINDOWS\Installer\{2159EE5E-FFC8-4451-9A4F-E09C591FB2BC}\psnow.exe [HKCR\Installer\Products\F60730A4A66673047777F5728467D401] : Java Auto Updater [HKCR\Installer\Products\F8385C66458B55A4986E6A3178744AFD] : Epic Games Launcher Prerequisites (x64) -> C:\WINDOWS\Installer\{66C5838F-B854-4A55-89E6-A6138747A4DF}\UnrealEngineLauncher.ico [HKCR\Installer\Products\FE521925CA3E47B4796E6F887A0C1F0C] : Paint.NET v3.5.10 -> C:\WINDOWS\Installer\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}\_853F67D554F05449430E7E.exe ---------- | ADS ---------- | Drives ---------- | MBR 64 bits not supported by MBR.exe, Dump : C:\QuickDiag\MBR.Bin ---------- | 20 LastEventLog Échec de la sauvegarde. Raison : une erreur d'écriture s'est produite à l'emplacement de sauvegarde (J:\). Erreur : Emplacement de sauvegarde introuvable ou non valide. Vérifiez-le en passant en revue vos paramètres de sauvegarde. (0x81000006). ------------ Nom de l’application défaillante ATKEX_cmd.exe, version : 0.0.0.0, horodatage : 0x00000000 Nom du module défaillant : KERNELBASE.dll, version : 10.0.17134.165, horodatage : 0xfa43f4b2 Code d’exception : 0x0eedfade Décalage d’erreur : 0x0010ddc2 ID du processus défaillant : 0x28bc Heure de début de l’application défaillante : 0x01d41c837855b7e6 Chemin d’accès de l’application défaillante : C:\Program Files\Realtek\Audio\HDA\ATKEX_cmd.exe Chemin d’accès du module défaillant: C:\WINDOWS\System32\KERNELBASE.dll ID de rapport : 56235f8e-231e-493e-a4ef-15efacae7c66 Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Nom de l’application défaillante ATKEX_cmd.exe, version : 0.0.0.0, horodatage : 0x00000000 Nom du module défaillant : KERNELBASE.dll, version : 10.0.17134.165, horodatage : 0xfa43f4b2 Code d’exception : 0x0eedfade Décalage d’erreur : 0x0010ddc2 ID du processus défaillant : 0x28bc Heure de début de l’application défaillante : 0x01d41c837855b7e6 Chemin d’accès de l’application défaillante : C:\Program Files\Realtek\Audio\HDA\ATKEX_cmd.exe Chemin d’accès du module défaillant: C:\WINDOWS\System32\KERNELBASE.dll ID de rapport : 6fb77941-856d-4f82-8270-55d1ca3d8b61 Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Nom de l’application défaillante ATKEX_cmd.exe, version : 0.0.0.0, horodatage : 0x00000000 Nom du module défaillant : KERNELBASE.dll, version : 10.0.17134.165, horodatage : 0xfa43f4b2 Code d’exception : 0x0eedfade Décalage d’erreur : 0x0010ddc2 ID du processus défaillant : 0xba0 Heure de début de l’application défaillante : 0x01d41c83770a25a3 Chemin d’accès de l’application défaillante : C:\Program Files\Realtek\Audio\HDA\ATKEX_cmd.exe Chemin d’accès du module défaillant: C:\WINDOWS\System32\KERNELBASE.dll ID de rapport : 76d6fab8-29d4-4696-af53-3bea05719dcb Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Nom de l’application défaillante ATKEX_cmd.exe, version : 0.0.0.0, horodatage : 0x00000000 Nom du module défaillant : KERNELBASE.dll, version : 10.0.17134.165, horodatage : 0xfa43f4b2 Code d’exception : 0x0eedfade Décalage d’erreur : 0x0010ddc2 ID du processus défaillant : 0xba0 Heure de début de l’application défaillante : 0x01d41c83770a25a3 Chemin d’accès de l’application défaillante : C:\Program Files\Realtek\Audio\HDA\ATKEX_cmd.exe Chemin d’accès du module défaillant: C:\WINDOWS\System32\KERNELBASE.dll ID de rapport : 08af5fd3-c644-426d-b60f-d8f87e10d0b0 Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ ------------ Nom de l’application défaillante ATKEX_cmd.exe, version : 0.0.0.0, horodatage : 0x00000000 Nom du module défaillant : KERNELBASE.dll, version : 10.0.17134.165, horodatage : 0xfa43f4b2 Code d’exception : 0x0eedfade Décalage d’erreur : 0x0010ddc2 ID du processus défaillant : 0xc24 Heure de début de l’application défaillante : 0x01d41c1f4a8199fa Chemin d’accès de l’application défaillante : C:\Program Files\Realtek\Audio\HDA\ATKEX_cmd.exe Chemin d’accès du module défaillant: C:\WINDOWS\System32\KERNELBASE.dll ID de rapport : da585a9a-8c11-4293-97d3-3484145ea2c8 Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Nom de l’application défaillante ATKEX_cmd.exe, version : 0.0.0.0, horodatage : 0x00000000 Nom du module défaillant : KERNELBASE.dll, version : 10.0.17134.165, horodatage : 0xfa43f4b2 Code d’exception : 0x0eedfade Décalage d’erreur : 0x0010ddc2 ID du processus défaillant : 0xc24 Heure de début de l’application défaillante : 0x01d41c1f4a8199fa Chemin d’accès de l’application défaillante : C:\Program Files\Realtek\Audio\HDA\ATKEX_cmd.exe Chemin d’accès du module défaillant: C:\WINDOWS\System32\KERNELBASE.dll ID de rapport : d8a5155d-a6fc-476f-addc-cc615a04da0d Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Nom de l’application défaillante ATKEX_cmd.exe, version : 0.0.0.0, horodatage : 0x00000000 Nom du module défaillant : KERNELBASE.dll, version : 10.0.17134.165, horodatage : 0xfa43f4b2 Code d’exception : 0x0eedfade Décalage d’erreur : 0x0010ddc2 ID du processus défaillant : 0x21d0 Heure de début de l’application défaillante : 0x01d41c1f4863c3fa Chemin d’accès de l’application défaillante : C:\Program Files\Realtek\Audio\HDA\ATKEX_cmd.exe Chemin d’accès du module défaillant: C:\WINDOWS\System32\KERNELBASE.dll ID de rapport : e72441b3-a476-4358-b5a1-d0a95bd44e77 Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Nom de l’application défaillante ATKEX_cmd.exe, version : 0.0.0.0, horodatage : 0x00000000 Nom du module défaillant : KERNELBASE.dll, version : 10.0.17134.165, horodatage : 0xfa43f4b2 Code d’exception : 0x0eedfade Décalage d’erreur : 0x0010ddc2 ID du processus défaillant : 0x21d0 Heure de début de l’application défaillante : 0x01d41c1f4863c3fa Chemin d’accès de l’application défaillante : C:\Program Files\Realtek\Audio\HDA\ATKEX_cmd.exe Chemin d’accès du module défaillant: C:\WINDOWS\System32\KERNELBASE.dll ID de rapport : d4f0e591-434e-4e41-bd8f-d26338bc57ff Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Nom de l’application défaillante Warhammer.exe, version : 1.6.0.0, horodatage : 0x59957b33 Nom du module défaillant : D3D12.dll_unloaded, version : 10.0.17134.112, horodatage : 0xf53046b0 Code d’exception : 0xc0000005 Décalage d’erreur : 0x0000000000034df0 ID du processus défaillant : 0x2a9c Heure de début de l’application défaillante : 0x01d41b5064176605 Chemin d’accès de l’application défaillante : D:\Program Files (x86)\Steam\steamapps\common\Total War WARHAMMER\Warhammer.exe Chemin d’accès du module défaillant: D3D12.dll ID de rapport : ae3dd390-8b57-4cde-a439-836367367c2e Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Nom de l’application défaillante ATKEX_cmd.exe, version : 0.0.0.0, horodatage : 0x00000000 Nom du module défaillant : KERNELBASE.dll, version : 10.0.17134.165, horodatage : 0xfa43f4b2 Code d’exception : 0x0eedfade Décalage d’erreur : 0x0010ddc2 ID du processus défaillant : 0x2664 Heure de début de l’application défaillante : 0x01d41b50297553e0 Chemin d’accès de l’application défaillante : C:\Program Files\Realtek\Audio\HDA\ATKEX_cmd.exe Chemin d’accès du module défaillant: C:\WINDOWS\System32\KERNELBASE.dll ID de rapport : 4f744dd0-8d24-427b-b1b3-1de5e45bac18 Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Nom de l’application défaillante ATKEX_cmd.exe, version : 0.0.0.0, horodatage : 0x00000000 Nom du module défaillant : KERNELBASE.dll, version : 10.0.17134.165, horodatage : 0xfa43f4b2 Code d’exception : 0x0eedfade Décalage d’erreur : 0x0010ddc2 ID du processus défaillant : 0x2664 Heure de début de l’application défaillante : 0x01d41b50297553e0 Chemin d’accès de l’application défaillante : C:\Program Files\Realtek\Audio\HDA\ATKEX_cmd.exe Chemin d’accès du module défaillant: C:\WINDOWS\System32\KERNELBASE.dll ID de rapport : 0f0caf27-2f55-4175-80e9-a236203da4a9 Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Nom de l’application défaillante ATKEX_cmd.exe, version : 0.0.0.0, horodatage : 0x00000000 Nom du module défaillant : KERNELBASE.dll, version : 10.0.17134.165, horodatage : 0xfa43f4b2 Code d’exception : 0x0eedfade Décalage d’erreur : 0x0010ddc2 ID du processus défaillant : 0x2458 Heure de début de l’application défaillante : 0x01d41b5027ea9d4b Chemin d’accès de l’application défaillante : C:\Program Files\Realtek\Audio\HDA\ATKEX_cmd.exe Chemin d’accès du module défaillant: C:\WINDOWS\System32\KERNELBASE.dll ID de rapport : ad225d38-6bd5-4a5d-8156-55b2a15f45ce Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Nom de l’application défaillante ATKEX_cmd.exe, version : 0.0.0.0, horodatage : 0x00000000 Nom du module défaillant : KERNELBASE.dll, version : 10.0.17134.165, horodatage : 0xfa43f4b2 Code d’exception : 0x0eedfade Décalage d’erreur : 0x0010ddc2 ID du processus défaillant : 0x2458 Heure de début de l’application défaillante : 0x01d41b5027ea9d4b Chemin d’accès de l’application défaillante : C:\Program Files\Realtek\Audio\HDA\ATKEX_cmd.exe Chemin d’accès du module défaillant: C:\WINDOWS\System32\KERNELBASE.dll ID de rapport : 0f980379-70da-4c74-8f0e-4affc1f745f0 Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Nom de l’application défaillante ATKEX_cmd.exe, version : 0.0.0.0, horodatage : 0x00000000 Nom du module défaillant : KERNELBASE.dll, version : 10.0.17134.165, horodatage : 0xfa43f4b2 Code d’exception : 0x0eedfade Décalage d’erreur : 0x0010ddc2 ID du processus défaillant : 0x6f4 Heure de début de l’application défaillante : 0x01d41b4f93a0704f Chemin d’accès de l’application défaillante : C:\Program Files\Realtek\Audio\HDA\ATKEX_cmd.exe Chemin d’accès du module défaillant: C:\WINDOWS\System32\KERNELBASE.dll ID de rapport : 0757fa43-bc64-45ab-ae32-2cdfa6dabb27 Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Nom de l’application défaillante ATKEX_cmd.exe, version : 0.0.0.0, horodatage : 0x00000000 Nom du module défaillant : KERNELBASE.dll, version : 10.0.17134.165, horodatage : 0xfa43f4b2 Code d’exception : 0x0eedfade Décalage d’erreur : 0x0010ddc2 ID du processus défaillant : 0x6f4 Heure de début de l’application défaillante : 0x01d41b4f93a0704f Chemin d’accès de l’application défaillante : C:\Program Files\Realtek\Audio\HDA\ATKEX_cmd.exe Chemin d’accès du module défaillant: C:\WINDOWS\System32\KERNELBASE.dll ID de rapport : 7948a3a1-c459-4fea-b11c-42809ccb853f Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Nom de l’application défaillante ATKEX_cmd.exe, version : 0.0.0.0, horodatage : 0x00000000 Nom du module défaillant : KERNELBASE.dll, version : 10.0.17134.165, horodatage : 0xfa43f4b2 Code d’exception : 0x0eedfade Décalage d’erreur : 0x0010ddc2 ID du processus défaillant : 0xb78 Heure de début de l’application défaillante : 0x01d41b4f924afb4c Chemin d’accès de l’application défaillante : C:\Program Files\Realtek\Audio\HDA\ATKEX_cmd.exe Chemin d’accès du module défaillant: C:\WINDOWS\System32\KERNELBASE.dll ID de rapport : 96f136f4-df50-4000-8453-6a7a4dea2602 Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Nom de l’application défaillante ATKEX_cmd.exe, version : 0.0.0.0, horodatage : 0x00000000 Nom du module défaillant : KERNELBASE.dll, version : 10.0.17134.165, horodatage : 0xfa43f4b2 Code d’exception : 0x0eedfade Décalage d’erreur : 0x0010ddc2 ID du processus défaillant : 0xb78 Heure de début de l’application défaillante : 0x01d41b4f924afb4c Chemin d’accès de l’application défaillante : C:\Program Files\Realtek\Audio\HDA\ATKEX_cmd.exe Chemin d’accès du module défaillant: C:\WINDOWS\System32\KERNELBASE.dll ID de rapport : 37b1fce4-6706-4976-9a4f-da193a84b371 Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ ----------( EOF)---------- - 5413 | 23:42:07