--------------- QuickDiag | g3n-h@ckm@n | V4_30.08.18.1 --------------- ----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 30/08/2018 23:40:57 Updated 30/08/2018 | 03:10 (GMT) by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Time Zone : (UTC+01:00) Bruxelles, Copenhague, Madrid, Paris [admin (Administrator)] - [DESKTOP-CDDJ7U6] (S-1-5-21-984768822-1242204556-3330448555-1001) System: Microsoft Windows 10 Famille - - (10.0.17134) - BuildType: Multiprocessor Free - OSLanguage: 1036 (040c) -> (1803) System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True Boot : Microsoft Windows 10 Famille|C:\WINDOWS|\Device\Harddisk0\Partition4 Boot : Normal boot PC: System Product Name - System manufacturer - IdNumber: System Serial Number - UUID: DC979E2A-F491-77CB-91FF-38D547123D78 Processor : X64 - 3504 Mhz - Intel(R) Core(TM) i5-6600K CPU @ 3.50GHz 2003 - fr|FR|iso8859-1 - American Megatrends Inc. - S/N: System Serial Number - 2003 - ALASKA - 1072009 CoreTemp : 29.8 Celsius ----------| Quick ---------- | SoundDevice Périphérique audio USB - Status: OK - Manufacturer: (USB Audio générique) - PNPDeviceID: USB\VID_0D8C&PID_013C&MI_00\6&2E6EAAFB&0&0000 NVIDIA High Definition Audio - Status: OK - Manufacturer: NVIDIA - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10DE&DEV_0084&SUBSYS_10B01C03&REV_1001\5&24CC3484&0&0001 NVIDIA Virtual Audio Device (Wave Extensible) (WDM) - Status: OK - Manufacturer: NVIDIA - PNPDeviceID: ROOT\UNNAMED_DEVICE\0000 Realtek High Definition Audio - Status: OK - Manufacturer: Realtek - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0900&SUBSYS_104386AE&REV_1000\4&2DE74382&0&0001 VB-Audio VoiceMeeter VAIO - Status: OK - Manufacturer: VB-Audio Software - PNPDeviceID: ROOT\MEDIA\0000 ---------- | Video NVIDIA GeForce GTX 1060 6GB - Resolution: 1920x1080 - Colors: 4294967296 - RefreshRate: 60 - 32 Bits Per Pixel - DeviceID: VideoController1 - Drivers: C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_52ac7eb8f32780d5\nvldumdx.dll,C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_52ac7eb8f32780d5\nvldumdx.dll,C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_52ac7eb8f32780d5\nvldumdx.dll,C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_52ac7eb8f32780d5\nvldumdx.dll - PNPDeviceID: PCI\VEN_10DE&DEV_1C03&SUBSYS_1C0310B0&REV_A1\4&2D78AB8F&0&0008 - AdapterCompatibility: NVIDIA - RAM: -1048576 Inegrated Video Chipset DeviceName: NVIDIA GeForce GTX 1060 6GB - DriverVersion: 24.21.13.9882 - SpecificationVersion: 1025 ---------- | Codecs c:\windows\system32\ficvdec_x64.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 652288 - Manufacturer: - Status: OK c:\windows\system32\msvidc32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 39424 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\l3codeca.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 86016 - Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK c:\windows\system32\msrle32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 17920 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msg711.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 25408 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\frapsv64.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 105984 - Manufacturer: Beepa P/L - Status: OK c:\windows\system32\imaadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 36264 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msgsm32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 42480 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\iyuv_32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 53760 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\tsbyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 16896 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 34696 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 28160 - Manufacturer: Microsoft Corporation - Status: OK ---------- | CPU CPU #1 value:1 % CPU #2 value:1 % CPU #3 value:1 % CPU #4 value:13 % Total Overall CPU Usage value:4 % ---------- | Network Intel[R] Ethernet Connection [2] I219-V : SENT:0 bytes/sec / RECVD:0 bytes/sec D-Link DWA-556 Xtreme N PCIe Desktop Adapter : SENT:0 bytes/sec / RECVD:0 bytes/sec Overall -> SEND Maxium:4 bytes/sec, / RECEIVE Maximum:0 bytes/sec Microsoft Kernel Debug Network Adapter - - Microsoft - Status: - PnPID : ROOT\KDNIC\0000 WAN Miniport (IKEv2) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_AGILEVPNMINIPORT WAN Miniport (L2TP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_L2TPMINIPORT WAN Miniport (PPTP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_PPTPMINIPORT WAN Miniport (PPPOE) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_PPPOEMINIPORT WAN Miniport (IP) - Ethernet 802.3 - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_NDISWANIP WAN Miniport (IPv6) - Ethernet 802.3 - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_NDISWANIPV6 WAN Miniport (Network Monitor) - Ethernet 802.3 - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_NDISWANBH D-Link DWA-556 Xtreme N PCIe Desktop Adapter - Ethernet 802.3 - Qualcomm Atheros Communications Inc. - Status: - PnPID : PCI\VEN_168C&DEV_0024&SUBSYS_3A701186&REV_01\4&1649F021&0&00DA Microsoft Wi-Fi Direct Virtual Adapter - Ethernet 802.3 - Microsoft - Status: - PnPID : {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP_WFD\5&1E40D841&1&13 Microsoft Wi-Fi Direct Virtual Adapter #2 - Ethernet 802.3 - Microsoft - Status: - PnPID : {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP_WFD\5&1E40D841&1&14 WAN Miniport (SSTP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_SSTPMINIPORT Intel(R) Ethernet Connection (2) I219-V - Ethernet 802.3 - Intel - Status: - PnPID : PCI\VEN_8086&DEV_15B8&SUBSYS_86721043&REV_31\3&11583659&0&FE ---------- | Memory RAM = Total (MB) : 16715 | Free (MB) : 14841 Pagefile = Total (MB) : 19206 | Free (MB) : 16107 Virtual = Total (MB) : 4194 | Free (MB) : 3910 Physical Memory 1 : Capacity: 8589934592 - DIMM_A2 - Posit.: 1 - Manufacturer: Corsair - PartNumber: CMK16GX4M2A2133C13 - S/N: 00000000 Physical Memory 3 : Capacity: 8589934592 - DIMM_B2 - Posit.: 2 - Manufacturer: Corsair - PartNumber: CMK16GX4M2A2133C13 - S/N: 00000000 ---------- | SID Users admin : [S-1-5-21-984768822-1242204556-3330448555-1001] Administrateur : [S-1-5-21-984768822-1242204556-3330448555-500] ASPNET : [S-1-5-21-984768822-1242204556-3330448555-1002] DefaultAccount : [S-1-5-21-984768822-1242204556-3330448555-503] defaultuser0 : [S-1-5-21-984768822-1242204556-3330448555-1000] Invité : [S-1-5-21-984768822-1242204556-3330448555-501] WDAGUtilityAccount : [S-1-5-21-984768822-1242204556-3330448555-504] Administrateurs : [S-1-5-32-544] IIS_IUSRS : [S-1-5-32-568] Invités : [S-1-5-32-546] Lecteurs des journaux d’événements : [S-1-5-32-573] System Managed Accounts Group : [S-1-5-32-581] Utilisateurs : [S-1-5-32-545] Utilisateurs de gestion à distance : [S-1-5-32-580] Utilisateurs de l’Analyseur de performances : [S-1-5-32-558] Utilisateurs du journal de performances : [S-1-5-32-559] Utilisateurs du modèle COM distribué : [S-1-5-32-562] ---------- | SystemAccounts Name: Tout le monde - SID: S-1-1-0 - SIDType: 5 - Status: OK Name: LOCAL - SID: S-1-2-0 - SIDType: 5 - Status: OK Name: CREATEUR PROPRIETAIRE - SID: S-1-3-0 - SIDType: 5 - Status: OK Name: GROUPE CREATEUR - SID: S-1-3-1 - SIDType: 5 - Status: OK Name: CREATOR OWNER SERVER - SID: S-1-3-2 - SIDType: 5 - Status: OK Name: CREATOR GROUP SERVER - SID: S-1-3-3 - SIDType: 5 - Status: OK Name: DROITS DU PROPRIÉTAIRE - SID: S-1-3-4 - SIDType: 5 - Status: OK Name: LIGNE - SID: S-1-5-1 - SIDType: 5 - Status: OK Name: RESEAU - SID: S-1-5-2 - SIDType: 5 - Status: OK Name: TACHE - SID: S-1-5-3 - SIDType: 5 - Status: OK Name: INTERACTIF - SID: S-1-5-4 - SIDType: 5 - Status: OK Name: SERVICE - SID: S-1-5-6 - SIDType: 5 - Status: OK Name: ANONYMOUS LOGON - SID: S-1-5-7 - SIDType: 5 - Status: OK Name: Proxy - SID: S-1-5-8 - SIDType: 5 - Status: OK Name: Système - SID: S-1-5-18 - SIDType: 5 - Status: OK Name: ENTERPRISE DOMAIN CONTROLLERS - SID: S-1-5-9 - SIDType: 5 - Status: OK Name: SELF - SID: S-1-5-10 - SIDType: 5 - Status: OK Name: Utilisateurs authentifiés - SID: S-1-5-11 - SIDType: 5 - Status: OK Name: RESTRICTED - SID: S-1-5-12 - SIDType: 5 - Status: OK Name: UTILISATEUR TERMINAL SERVER - SID: S-1-5-13 - SIDType: 5 - Status: OK Name: REMOTE INTERACTIVE LOGON - SID: S-1-5-14 - SIDType: 5 - Status: OK Name: IUSR - SID: S-1-5-17 - SIDType: 5 - Status: OK Name: SERVICE LOCAL - SID: S-1-5-19 - SIDType: 5 - Status: OK Name: SERVICE RÉSEAU - SID: S-1-5-20 - SIDType: 5 - Status: OK Name: BUILTIN - SID: S-1-5-32 - SIDType: 3 - Status: OK ---------- | Drives C:\ -> [Fixed] | [] | Total : 255.62 Go | Free : 114.11 Go -> NTFS (SSD) [SATA] D:\ -> [Fixed] | [Nouveau nom] | Total : 931.39 Go | Free : 74.34 Go -> NTFS [SATA] F:\ -> [Fixed] | [] | Total : 0.44 Go | Free : 0.04 Go -> NTFS (SSD) [SATA] Disk Usage Information [2 total Physical Disks] Physical Drive #0 [F:, C:] : Read:15,748,896 bytes/sec, Written:4,143,454 bytes/sec Max Read:15,748,896 bytes/sec, Max Write:4,143,454 bytes/sec Physical Drive #1 [D:] : Read:1,256,226 bytes/sec, Written:0 bytes/sec Max Read:1,256,226 bytes/sec, Max Write:0 bytes/sec Overall - Read Maximum:15,748,896 bytes/sec, Write Maximum:4,143,454 bytes/sec DeviceID: \\.\PHYSICALDRIVE1 - Status: OK - IDE - Fixed hard disk media - 1 Part. - PnPID : SCSI\DISK&VEN_ST1000DM&PROD_003-1SB102\4&39693902&0&000500 DeviceID: \\.\PHYSICALDRIVE0 - Status: OK - IDE - Fixed hard disk media - 3 Part. - PnPID : SCSI\DISK&VEN_CRUCIAL_&PROD_CT275MX300SSD1\4&39693902&0&000200 ---------- | Windows updates - Activation - License Test 1 : Windows Is Activated Test 2 : Possible Fixed Windows Volume License ---------- | Browsers IE : 11.0.17134.1 (© Microsoft Corporation. Tous droits réservés.) Default : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" ---------- | FlashPlayer FlashPlayer ActiveX : 30.0.0.154 FlashPlayer Plugin : 30.0.0.113 ---------- | Security AV : Malwarebytes Disabled FW : WINDOWS Firewall WMI : OK WU: Windows Update Service [Auto(2)] = Running AS: Windows Defender [Manual(3)] = stopped WMI: Windows Management Instrumentation [Auto(2)] = Running ---------- | Running processes 424 | [Owner : Système | Parent : 4(System) | ?????] - (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (10.0.17134.1) = C:\Windows\System32\smss.exe [12/04/2018 01:34:22] CPU Usage:0 % 608 | [Owner : Système | Parent : 584() | ?????] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (10.0.17134.1) = C:\Windows\System32\csrss.exe [12/04/2018 01:34:22] CPU Usage:0 % 696 | [Owner : Système | Parent : 584() | ?????] - (.Microsoft Corporation - Application de démarrage de Windows.) - (10.0.17134.1) = C:\Windows\System32\wininit.exe [12/04/2018 01:34:22] CPU Usage:0 % 712 | [Owner : Système | Parent : 688() | ?????] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (10.0.17134.1) = C:\Windows\System32\csrss.exe [12/04/2018 01:34:22] CPU Usage:0 % 764 | [Owner : Système | Parent : 696(wininit.exe) | ?????] - (.Microsoft Corporation - Applications Services et Contrôleur.) - (10.0.17134.191) = C:\Windows\System32\services.exe [02/08/2018 14:44:45] CPU Usage:0 % 784 | [Owner : Système | Parent : 696(wininit.exe) | ?????] - (.Microsoft Corporation - Local Security Authority Process.) - (10.0.17134.1) = C:\Windows\System32\lsass.exe [12/04/2018 01:34:23] CPU Usage:0 % 892 | [Owner : Système | Parent : 764(services.exe) | 3.93 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % 900 | [Owner : UMFD-0 | Parent : 696(wininit.exe) | 4.05 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.17134.228) = C:\Windows\System32\fontdrvhost.exe [14/08/2018 19:42:13] CPU Usage:0 % 916 | [Owner : Système | Parent : 764(services.exe) | 23.96 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % 984 | [Owner : Système | Parent : 688() | 10.08 Mo] - (.Microsoft Corporation - Application d’ouverture de session Windows.) - (10.0.17134.165) = C:\Windows\System32\winlogon.exe [12/07/2018 09:33:54] CPU Usage:0 % 356 | [Owner : UMFD-1 | Parent : 984(winlogon.exe) | 14.83 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.17134.228) = C:\Windows\System32\fontdrvhost.exe [14/08/2018 19:42:13] CPU Usage:0 % 588 | [Owner : SERVICE RÉSEAU | Parent : 764(services.exe) | 11.16 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % 716 | [Owner : Système | Parent : 764(services.exe) | 8.04 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % 1052 | [Owner : DWM-1 | Parent : 984(winlogon.exe) | 50.16 Mo] - (.Microsoft Corporation - Gestionnaire de fenêtres du Bureau.) - (10.0.17134.1) = C:\Windows\System32\dwm.exe [12/04/2018 01:34:19] CPU Usage:0 % 1124 | [Owner : Système | Parent : 764(services.exe) | 7.55 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % 1196 | [Owner : Système | Parent : 764(services.exe) | 9.65 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % 1232 | [Owner : SERVICE LOCAL | Parent : 764(services.exe) | 19.21 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % 1240 | [Owner : SERVICE LOCAL | Parent : 764(services.exe) | 11.16 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % 1256 | [Owner : Système | Parent : 764(services.exe) | 15.12 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % 1280 | [Owner : Système | Parent : 764(services.exe) | 10.56 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % 1328 | [Owner : Système | Parent : 764(services.exe) | 6.06 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % 1352 | [Owner : SERVICE LOCAL | Parent : 764(services.exe) | 16.98 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % 1424 | [Owner : SERVICE LOCAL | Parent : 764(services.exe) | 8.24 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % 1512 | [Owner : Système | Parent : 764(services.exe) | 9.35 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % 1536 | [Owner : SERVICE LOCAL | Parent : 764(services.exe) | 7.56 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % 1648 | [Owner : Système | Parent : 764(services.exe) | 15.94 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.11.2431.7967) = C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [12/06/2017 12:32:42] CPU Usage:0 % 1664 | [Owner : SERVICE RÉSEAU | Parent : 764(services.exe) | 11.66 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % 1688 | [Owner : SERVICE LOCAL | Parent : 764(services.exe) | 9.91 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % 1720 | [Owner : Système | Parent : 764(services.exe) | 12.27 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % 1728 | [Owner : Système | Parent : 764(services.exe) | 5.79 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % 1748 | [Owner : SERVICE LOCAL | Parent : 764(services.exe) | 7.75 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % 1836 | [Owner : SERVICE LOCAL | Parent : 764(services.exe) | 9.25 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % 1928 | [Owner : Système | Parent : 764(services.exe) | 9.2 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % 2000 | [Owner : Système | Parent : 764(services.exe) | 8.24 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % 2008 | [Owner : SERVICE LOCAL | Parent : 764(services.exe) | 6.94 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % 1700 | [Owner : Système | Parent : 1648(NVDisplay.Container.exe) | 26.89 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.11.2431.7967) = C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [12/06/2017 12:32:42] CPU Usage:0 % 2224 | [Owner : SERVICE LOCAL | Parent : 764(services.exe) | 12.41 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % 2280 | [Owner : Système | Parent : 764(services.exe) | 11.54 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % 2336 | [Owner : SERVICE LOCAL | Parent : 764(services.exe) | 12.48 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % 2344 | [Owner : SERVICE LOCAL | Parent : 764(services.exe) | 6.45 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % 2352 | [Owner : SERVICE RÉSEAU | Parent : 764(services.exe) | 8.44 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % 2420 | [Owner : Système | Parent : 764(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % 2468 | [Owner : SERVICE LOCAL | Parent : 764(services.exe) | 7.34 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % 2572 | [Owner : Système | Parent : 764(services.exe) | 15.84 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % 2632 | [Owner : Système | Parent : 764(services.exe) | 11.84 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % 2648 | [Owner : Système | Parent : 764(services.exe) | ?????] - (.AVAST Software - Avast Service.) - (18.5.3931.0) = D:\Program Files\AVAST Software\Avast\AvastSvc.exe [18/07/2018 00:50:53] CPU Usage:0 % 2836 | [Owner : Système | Parent : 764(services.exe) | 6.24 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % 2876 | [Owner : SERVICE LOCAL | Parent : 2836(svchost.exe) | 5.22 Mo] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (10.0.17134.1) = C:\Windows\System32\dasHost.exe [12/04/2018 01:34:12] CPU Usage:0 % 2996 | [Owner : admin | Parent : 1512(svchost.exe) | 24.38 Mo] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.17134.1) = C:\Windows\System32\sihost.exe [12/04/2018 01:34:12] CPU Usage:0 % 3012 | [Owner : admin | Parent : 764(services.exe) | 25.79 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % 2320 | [Owner : admin | Parent : 764(services.exe) | 31.42 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % 2704 | [Owner : SERVICE LOCAL | Parent : 764(services.exe) | 7.58 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % 2088 | [Owner : admin | Parent : 1256(svchost.exe) | 11.98 Mo] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.17134.1) = C:\Windows\System32\taskhostw.exe [12/04/2018 01:34:37] CPU Usage:0 % 3156 | [Owner : Système | Parent : 764(services.exe) | 8.07 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % 3184 | [Owner : admin | Parent : 3156(svchost.exe) | 13.79 Mo] - (.Microsoft Corporation - Chargeur CTF.) - (10.0.17134.1) = C:\Windows\System32\ctfmon.exe [12/04/2018 01:34:37] CPU Usage:0 % 3312 | [Owner : admin | Parent : 3272() | 100.83 Mo] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.17134.165) = C:\Windows\explorer.exe [12/07/2018 09:34:01] CPU Usage:0 % 3424 | [Owner : Système | Parent : 764(services.exe) | 14.28 Mo] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.17134.1) = C:\Windows\System32\spoolsv.exe [12/04/2018 01:34:41] CPU Usage:0 % 3504 | [Owner : SERVICE RÉSEAU | Parent : 764(services.exe) | 8.09 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % 3592 | [Owner : Système | Parent : 764(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % 3656 | [Owner : Système | Parent : 764(services.exe) | 7.48 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % 3664 | [Owner : SERVICE RÉSEAU | Parent : 764(services.exe) | 9.82 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % 3672 | [Owner : Système | Parent : 764(services.exe) | 16.93 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % 3680 | [Owner : SERVICE LOCAL | Parent : 764(services.exe) | 15.8 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % 3688 | [Owner : Système | Parent : 764(services.exe) | 21.23 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % 3700 | [Owner : Système | Parent : 764(services.exe) | 8.68 Mo] - (.LogMeIn, Inc. - LMIGuardianSvc.) - (10.1.0.1742) = C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [27/05/2016 14:04:16] CPU Usage:0 % 3708 | [Owner : Système | Parent : 764(services.exe) | 9.1 Mo] - (.Broadcom Corporation. - Bluetooth Radio Management Support.) - (12.0.0.8048) = C:\Windows\System32\BtwRSupportService.exe [27/03/2015 10:33:20] CPU Usage:0 % 3720 | [Owner : Système | Parent : 764(services.exe) | 15.5 Mo] - (.McAfee, Inc. - McAfee WebAdvisor.) - (4.0.7.208) = C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [15/08/2018 17:14:45] CPU Usage:0 % 3732 | [Owner : Système | Parent : 764(services.exe) | 6.66 Mo] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - (1.824.27.2646) = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [21/03/2018 02:21:48] CPU Usage:0 % 3744 | [Owner : SERVICE LOCAL | Parent : 764(services.exe) | 6.52 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % 3756 | [Owner : Système | Parent : 764(services.exe) | 26.43 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.11.2402.8583) = C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [05/07/2018 17:38:35] CPU Usage:0 % 3768 | [Owner : Système | Parent : 764(services.exe) | 10.83 Mo] - (.Adobe Systems, Incorporated - Adobe Genuine Software Integrity Service.) - (5.0.0.950) = C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [20/08/2015 17:04:56] CPU Usage:0 % 3776 | [Owner : Système | Parent : 764(services.exe) | 8.01 Mo] - (.Adobe Systems, Incorporated - Adobe Genuine Software Service.) - (5.0.0.950) = C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [11/05/2018 12:50:52] CPU Usage:0 % 3784 | [Owner : SERVICE RÉSEAU | Parent : 764(services.exe) | 13.7 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.11.2393.9975) = C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [05/07/2018 17:38:11] CPU Usage:0 % 3820 | [Owner : Système | Parent : 764(services.exe) | 8.95 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % 3852 | [Owner : Système | Parent : 764(services.exe) | ?????] - (.Microsoft Corporation - Windows Security Health Service.) - (4.13.17134.191) = C:\Windows\System32\SecurityHealthService.exe [02/08/2018 14:44:46] CPU Usage:0 % 3872 | [Owner : Système | Parent : 764(services.exe) | 8.97 Mo] - (.Broadcom Corporation. - Bluetooth Support Server.) - (12.0.0.2700) = D:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [28/09/2012 01:52:18] CPU Usage:0 % 3920 | [Owner : SERVICE LOCAL | Parent : 764(services.exe) | 7.78 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % 4000 | [Owner : Système | Parent : 764(services.exe) | 5.55 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % 4064 | [Owner : SERVICE LOCAL | Parent : 764(services.exe) | 6.61 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % 4080 | [Owner : Système | Parent : 764(services.exe) | 16.74 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % 4108 | [Owner : SERVICE RÉSEAU | Parent : 764(services.exe) | 7.07 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % 4320 | [Owner : Système | Parent : 764(services.exe) | 12.74 Mo] - (.LogMeIn Inc. - Hamachi Client Tunneling Engine.) - (2.2.0.607) = C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [30/05/2018 10:15:52] CPU Usage:0 % 4380 | [Owner : Système | Parent : 764(services.exe) | 12.08 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % 4524 | [Owner : SERVICE LOCAL | Parent : 764(services.exe) | 5.42 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % 4536 | [Owner : Système | Parent : 764(services.exe) | 15.74 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % 4600 | [Owner : Système | Parent : 764(services.exe) | 12.39 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % 5056 | [Owner : admin | Parent : 3720(mcsacore.exe) | 10.41 Mo] - (.McAfee, Inc. - McAfee WebAdvisor.) - (4.0.7.208) = C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe [15/08/2018 17:14:46] CPU Usage:0 % 5220 | [Owner : SERVICE LOCAL | Parent : 764(services.exe) | 6.35 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % 5788 | [Owner : admin | Parent : 3756(nvcontainer.exe) | 36.02 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.11.2402.8583) = C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [05/07/2018 17:38:35] CPU Usage:0 % 5872 | [Owner : Système | Parent : 764(services.exe) | 14.4 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % 5400 | [Owner : Système | Parent : 764(services.exe) | 5.66 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % 5824 | [Owner : admin | Parent : 916(svchost.exe) | 66.39 Mo] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.17134.1) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [12/04/2018 01:33:58] CPU Usage:0 % 7132 | [Owner : SERVICE LOCAL | Parent : 764(services.exe) | 9.92 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % 6368 | [Owner : admin | Parent : 916(svchost.exe) | 1.9 Mo] - (.-.) - (12.1815.210.0) = C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe [17/07/2018 10:35:22] CPU Usage:0 % 2560 | [Owner : SERVICE LOCAL | Parent : 764(services.exe) | 6.74 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % 6376 | [Owner : admin | Parent : 916(svchost.exe) | 5.64 Mo] - (.Microsoft Corporation - Host Process for Setting Synchronization.) - (10.0.17134.1) = C:\Windows\System32\SettingSyncHost.exe [12/04/2018 01:34:34] CPU Usage:0 % 6876 | [Owner : admin | Parent : 3088() | 8.45 Mo] - (.Node.js - NVIDIA Web Helper Service.) - (6.12.2.0) = C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe [05/07/2018 17:38:37] CPU Usage:0 % 5364 | [Owner : admin | Parent : 6876(NVIDIA Web Helper.exe) | 1.56 Mo] - (.Microsoft Corporation - Hôte de la fenêtre de la console.) - (10.0.17134.1) = C:\Windows\System32\conhost.exe [12/04/2018 01:34:20] CPU Usage:0 % 7372 | [Owner : SERVICE LOCAL | Parent : 764(services.exe) | 16.88 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % 8028 | [Owner : SERVICE LOCAL | Parent : 764(services.exe) | 9.74 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % 8868 | [Owner : admin | Parent : 764(services.exe) | 22 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % 9060 | [Owner : Système | Parent : 916(svchost.exe) | 6.92 Mo] - (.Microsoft Corporation - Sink to receive asynchronous callbacks for WMI client application.) - (10.0.17134.1) = C:\Windows\System32\wbem\unsecapp.exe [12/04/2018 01:34:40] CPU Usage:0 % 9128 | [Owner : admin | Parent : 916(svchost.exe) | 4.13 Mo] - (.-.) - (10.18071.1181.0) = C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18071.11811.0_x64__8wekyb3d8bbwe\Video.UI.exe [10/08/2018 22:52:35] CPU Usage:0 % 8396 | [Owner : admin | Parent : 3312(explorer.exe) | 9.32 Mo] - (.Microsoft Corporation - Windows Defender notification icon.) - (4.13.17134.1) = C:\Program Files\Windows Defender\MSASCuiL.exe [12/04/2018 01:33:58] CPU Usage:0 % 2100 | [Owner : admin | Parent : 3312(explorer.exe) | 18.91 Mo] - (.Druide informatique inc. - AgentAntidote.) - (8.3.367.12477) = D:\Program Files (x86)\Druide\Antidote 8\Programmes32\AgentAntidote.exe [15/04/2013 21:18:12] CPU Usage:0 % 6352 | [Owner : admin | Parent : 3312(explorer.exe) | 36.61 Mo] - (.Druide informatique inc. - AgentAntidote.) - (8.3.367.12477) = D:\Program Files (x86)\Druide\Antidote 8\Programmes64\AgentAntidote.exe [15/04/2013 21:18:16] CPU Usage:0 % 7272 | [Owner : Système | Parent : 764(services.exe) | 8.07 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % 5600 | [Owner : admin | Parent : 3312(explorer.exe) | 13.95 Mo] - (.Logitech Inc. - Logitech WingMan Event Monitor.) - (5.10.127.0) = C:\Program Files\Logitech\Gaming Software\LWEMon.exe [14/06/2010 16:18:10] CPU Usage:0 % 8404 | [Owner : admin | Parent : 8236() | 48.21 Mo] - (.AVAST Software - Avast Antivirus.) - (18.5.3931.358) = D:\Program Files\AVAST Software\Avast\AvastUI.exe [09/08/2018 17:22:28] CPU Usage:0 % 8932 | [Owner : admin | Parent : 8864() | 13.01 Mo] - (.Oracle Corporation - Java Update Scheduler.) - (2.8.172.11) = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [28/03/2018 22:23:04] CPU Usage:0 % 8324 | [Owner : admin | Parent : 3312(explorer.exe) | 12.47 Mo] - (.Broadcom Corporation. - Bluetooth Tray Application.) - (12.0.0.2700) = D:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [28/09/2012 01:52:02] CPU Usage:0 % 8752 | [Owner : admin | Parent : 8324(BTTray.exe) | 7.89 Mo] - (.Microsoft Corporation - Processus hôte Windows (Rundll32).) - (10.0.17134.1) = C:\Windows\SysWOW64\rundll32.exe [12/04/2018 01:34:59] CPU Usage:0 % 4076 | [Owner : SERVICE RÉSEAU | Parent : 764(services.exe) | 22.3 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % 5860 | [Owner : Système | Parent : 764(services.exe) | ?????] - (.Microsoft Corporation - Service Broker du moniteur d'exécution System Guard.) - (10.0.17134.1) = C:\Windows\System32\SgrmBroker.exe [12/04/2018 01:34:04] CPU Usage:0 % 7504 | [Owner : Système | Parent : 764(services.exe) | 28.15 Mo] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.17134.228) = C:\Windows\System32\SearchIndexer.exe [14/08/2018 19:42:14] CPU Usage:2 % 7364 | [Owner : Système | Parent : 764(services.exe) | 10.8 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % 5236 | [Owner : Système | Parent : 916(svchost.exe) | 8.86 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.17134.1) = C:\Windows\System32\wbem\WmiPrvSE.exe [12/04/2018 01:34:40] CPU Usage:0 % 5176 | [Owner : Système | Parent : 764(services.exe) | 6.8 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % 10132 | [Owner : admin | Parent : 8932(jusched.exe) | 14.31 Mo] - (.Oracle Corporation - Java Update Checker.) - (2.8.172.11) = C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe [28/03/2018 22:22:40] CPU Usage:0 % 9428 | [Owner : admin | Parent : 916(svchost.exe) | 21.3 Mo] - (.Microsoft Corporation - Windows Defender SmartScreen.) - (10.0.17134.137) = C:\Windows\System32\smartscreen.exe [12/07/2018 09:34:00] CPU Usage:0 % 3888 | [Owner : Système | Parent : 764(services.exe) | 6.21 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % 9660 | [Owner : SERVICE LOCAL | Parent : 2224(svchost.exe) | 11.49 Mo] - (.Microsoft Corporation - Isolation graphique de périphérique audio Windows.) - (10.0.17134.137) = C:\Windows\System32\audiodg.exe [12/07/2018 09:34:24] CPU Usage:0 % 8568 | [Owner : admin | Parent : 3312(explorer.exe) | 46.26 Mo] - (.SosVirus - QuickDiag.) - (30.8.18.1) = C:\Users\admin\Desktop\quickdiag_V4_30.08.18.1.exe [30/08/2018 20:33:41] CPU Usage:0 % 9736 | [Owner : SERVICE RÉSEAU | Parent : 916(svchost.exe) | 11.74 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.17134.1) = C:\Windows\System32\wbem\WmiPrvSE.exe [12/04/2018 01:34:40] CPU Usage:0 % 8676 | [Owner : admin | Parent : 3312(explorer.exe) | 217.82 Mo] - (.Mozilla Corporation - Firefox.) - (61.0.2.6793) = C:\Program Files\Mozilla Firefox\firefox.exe [05/07/2018 20:34:45] CPU Usage:0 % 10004 | [Owner : admin | Parent : 8676(firefox.exe) | 38.87 Mo] - (.Mozilla Corporation - Firefox.) - (61.0.2.6793) = C:\Program Files\Mozilla Firefox\firefox.exe [05/07/2018 20:34:45] CPU Usage:0 % 7232 | [Owner : admin | Parent : 8676(firefox.exe) | 185.89 Mo] - (.Mozilla Corporation - Firefox.) - (61.0.2.6793) = C:\Program Files\Mozilla Firefox\firefox.exe [05/07/2018 20:34:45] CPU Usage:0 % 10136 | [Owner : admin | Parent : 8676(firefox.exe) | 210.81 Mo] - (.Mozilla Corporation - Firefox.) - (61.0.2.6793) = C:\Program Files\Mozilla Firefox\firefox.exe [05/07/2018 20:34:45] CPU Usage:0 % 2716 | [Owner : SERVICE RÉSEAU | Parent : 916(svchost.exe) | 9.67 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.17134.1) = C:\Windows\SysWOW64\wbem\WmiPrvSE.exe [12/04/2018 01:34:55] CPU Usage:0 % 9308 | [Owner : admin | Parent : 8676(firefox.exe) | 52.84 Mo] - (.Mozilla Corporation - Firefox.) - (61.0.2.6793) = C:\Program Files\Mozilla Firefox\firefox.exe [05/07/2018 20:34:45] CPU Usage:0 % ---------- | Locked Applications ---------- | Explorer.exe Modules (Microsoft Files Whitelisted) (..-..) - (0.0.0.0) -- C:\Windows\System32\InputHost.dll (.NVIDIA Corporation.-.NVIDIA Driver Loader, Version 398.82.) - (24.21.13.9882) -- C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_52ac7eb8f32780d5\nvldumdx.dll (.NVIDIA Corporation.-.NVIDIA D3D10 Driver, Version 398.82.) - (24.21.13.9882) -- C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_52ac7eb8f32780d5\nvwgf2umx_cfg.dll (.AVAST Software.-.Avast Shell Extension.) - (18.5.3931.0) -- D:\Program Files\AVAST Software\Avast\ashShA64.dll (..-..) - (0.0.0.0) -- C:\Windows\ShellExperiences\TileControl.dll (..-..) - (0.0.0.0) -- C:\Windows\ShellComponents\TaskFlowUI.dll (.Broadcom Corporation..-.Multimedia Keys Hook DLL.) - (12.0.0.2700) -- D:\Program Files\WIDCOMM\Bluetooth Software\btmmhook.dll ---------- | Winlogon.exe Modules (Microsoft Files Whitelisted) ---------- | svchost.exe Modules (Microsoft Files Whitelisted) (.SQLite Development Team.-.SQLite is a software library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine..) - (3.21.0.0) -- c:\windows\system32\winsqlite3.dll (..-..) - (0.0.0.0) -- C:\Windows\System32\InputHost.dll (.AVAST Software.-.Hook Library.) - (18.5.4.134) -- D:\Program Files\AVAST Software\Avast\x64\aswhooka.dll ---------- | ZeroAccess Check [HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll [HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll [HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll ---------- | Startings up OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-19\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE LOCAL OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-20\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE RÉSEAU EvernoteClipper - (EvernoteClipper.lnk [Startup]) - User: DESKTOP-CDDJ7U6\admin Steam - ("D:\Program Files (x86)\Steam\steam.exe" -silent [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\SOFTWARE\...\Run]) - User: DESKTOP-CDDJ7U6\admin DAEMON Tools Lite Automount - ("C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\SOFTWARE\...\Run]) - User: DESKTOP-CDDJ7U6\admin Discord - (C:\Users\admin\AppData\Local\Discord\app-0.0.301\Discord.exe [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\SOFTWARE\...\Run]) - User: DESKTOP-CDDJ7U6\admin Bluetooth - (D:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [Common Startup]) - User: Public SecurityHealth - (%ProgramFiles%\Windows Defender\MSASCuiL.exe [HKLM\SOFTWARE\...\Run]) - User: Public RTHDVCPL - ("C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s [HKLM\SOFTWARE\...\Run]) - User: Public XboxStat - ("C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun [HKLM\SOFTWARE\...\Run]) - User: Public AgentAntidote32 - ("D:\Program Files (x86)\Druide\Antidote 8\Programmes32\AgentAntidote.exe" /LancementSession [HKLM\SOFTWARE\...\Run]) - User: Public AgentAntidote64 - ("D:\Program Files (x86)\Druide\Antidote 8\Programmes64\AgentAntidote.exe" /LancementSession [HKLM\SOFTWARE\...\Run]) - User: Public AvastUI.exe - ("D:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui [HKLM\SOFTWARE\...\Run]) - User: Public AdobeGCInvoker-1.0 - ("C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe" [HKLM\SOFTWARE\...\Run]) - User: Public Logitech Download Assistant - (C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [HKLM\SOFTWARE\...\Run]) - User: Public Start WingMan Profiler - (C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui [HKLM\SOFTWARE\...\Run]) - User: Public [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Microsoft\Command Processor] "CompletionChar"=9 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=9 [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Microsoft\Windows\CurrentVersion\Run] "Steam"="D:\Program Files (x86)\Steam\steam.exe" -silent "DAEMON Tools Lite Automount"="C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun "Discord"=C:\Users\admin\AppData\Local\Discord\app-0.0.301\Discord.exe [16/07/2018 23:24:03] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run] "OneDrive"=0x0300000050BF872D1650D301 "DAEMON Tools Lite Automount"=0x0300000090E29003E312D401 "Steam"=0x020000000000000000000000 "Discord"=0x03000000A0474B06E312D401 [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RunMRU] "a"=cmd\1 "MRUList"=a [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "Device"=Microsoft Print to PDF,winspool,Ne01: "IsMRUEstablished"=1 "LegacyDefaultPrinterMode"=0 [HKLM\Software\Microsoft\Command Processor] "DefaultColor"=0 "EnableExtensions"=1 "CompletionChar"=64 "PathCompletionChar"=64 [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "SecurityHealth"=%ProgramFiles%\Windows Defender\MSASCuiL.exe "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s "XboxStat"="C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun "AgentAntidote32"="D:\Program Files (x86)\Druide\Antidote 8\Programmes32\AgentAntidote.exe" /LancementSession "AgentAntidote64"="D:\Program Files (x86)\Druide\Antidote 8\Programmes64\AgentAntidote.exe" /LancementSession "AvastUI.exe"="D:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui "AdobeGCInvoker-1.0"="C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe" "Logitech Download Assistant"=C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch "Start WingMan Profiler"=C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run] "SecurityHealth"=0x060000000000000000000000 "WindowsDefender"=0x060000000000000000000000 "RTHDVCPL"=0x020000000000000000000000 "Logitech Download Assistant"=0x03000000D0278EAC6A23D401 "ShadowPlay"=0x020000000000000000000000 "XboxStat"=0x0300000040C57C381650D301 "AgentAntidote32"=0x020000000000000000000000 "AgentAntidote64"=0x020000000000000000000000 "AvastUI.exe"=0x020000000000000000000000 "AdobeAAMUpdater-1.0"=0x020000000000000000000000 "AdobeGCInvoker-1.0"=0x020000000000000000000000 "Start WingMan Profiler"=0x020000000000000000000000 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32] "StereoLinksInstall"=0x040000000000000000000000 "AvastUI.exe"=0x020000000000000000000000 "SunJavaUpdateSched"=0x020000000000000000000000 "Discord"=0x020000000000000000000000 "AdobeAAMUpdater-1.0"=0x03000000D01E32301650D301 "LogMeIn Hamachi Ui"=0x03000000C090EDAD6A23D401 [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] ""=mnmsrvc "AppInit_DLLs"= "DdeSendTimeout"=0 "DesktopHeapLogging"=1 "DeviceNotSelectedTimeout"=15 "DwmInputUsesIoCompletionPort"=1 "EnableDwmInputProcessing"=7 "GDIProcessHandleQuota"=10000 "IconServiceLib"=IconCodecService.dll "LoadAppInit_DLLs"=0 "NaturalInputHandler"=Ninput.dll "ShutdownWarningDialogTimeout"=4294967295 "Spooler"=yes "ThreadUnresponsiveLogTimeout"=500 "TransmissionRetryTimeout"=90 "USERNestedWindowLimit"=50 "USERPostMessageLimit"=10000 "USERProcessHandleQuota"=10000 "Win32kLastWriteTime"=1D3D1ED98C0F7D8 [HKLM\Software\WOW6432Node\Microsoft\Command Processor] "CompletionChar"=9 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=9 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] "Discord"=C:\ProgramData\SquirrelMachineInstalls\Discord.exe --checkInstall "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "LogMeIn Hamachi Ui"="D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows] ""=mnmsrvc "AppInit_DLLs"= "DdeSendTimeout"=0 "DesktopHeapLogging"=1 "DeviceNotSelectedTimeout"=15 "DwmInputUsesIoCompletionPort"=1 "EnableDwmInputProcessing"=7 "GDIProcessHandleQuota"=10000 "IconServiceLib"=IconCodecService.dll "LoadAppInit_DLLs"=0 "NaturalInputHandler"=Ninput.dll "ShutdownWarningDialogTimeout"=4294967295 "Spooler"=yes "ThreadUnresponsiveLogTimeout"=500 "TransmissionRetryTimeout"=90 "USERNestedWindowLimit"=50 "USERPostMessageLimit"=10000 "USERProcessHandleQuota"=10000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED} ---------- | Win.ini : ---------- | System.ini : ---------- | Tasks List Adobe Acrobat Update Task Adobe Flash Player NPAPI Notifier Adobe Flash Player Updater AdobeGCInvoker-1.0-DESKTOP-CDDJ7U6-admin Avast Emergency Update CCleaner Update CCleanerSkipUAC Microsoft Office 15 Sync Maintenance for DESKTOP-CDDJ7U6-admin DESKTOP-CDDJ7U6 NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} User_Feed_Synchronization-{D72997FA-7E45-4607-A00B-E96138BB21CA} ---------- | Startings up registry ? Folder ---------- | Control - lsa - SecurityProviders - Session Manager - Terminal Server [HKLM\System\CurrentControlSet\Control] "BootDriverFlags"=28 "CurrentUser"=USERNAME "EarlyStartServices"=RpcSs Power BrokerInfrastructure SystemEventsBroker DcomLaunch RpcEpMapper LSM AppIdSvc "PreshutdownOrder"=UsoSvc DeviceInstall gpsvc trustedinstaller "SvcHostSplitThresholdInKB"=3670016 "WaitToKillServiceTimeout"=200 "SystemStartOptions"= NOEXECUTE=OPTIN "SystemBootDevice"=multi(0)disk(0)rdisk(0)partition(4) "FirmwareBootDevice"=multi(0)disk(0)rdisk(0)partition(2) "LastBootSucceeded"=1 "LastBootShutdown"=1 "DirtyShutdownCount"=6 [HKLM\System\CurrentControlSet\Control\lsa] "auditbasedirectories"=0 "auditbaseobjects"=0 "Bounds"=0x0030000000200000 "crashonauditfail"=0 "fullprivilegeauditing"=0x00 "LimitBlankPasswordUse"=1 "NoLmHash"=1 "Security Packages"="" [24/11/2016 09:51:02] "Notification Packages"=scecli "Authentication Packages"=msv1_0 "disabledomaincreds"=0 "everyoneincludesanonymous"=0 "forceguest"=0 "LsaPid"=784 "ProductType"=3 "restrictanonymous"=0 "restrictanonymoussam"=1 "SecureBoot"=1 [HKLM\System\CurrentControlSet\Control\SecurityProviders] "SecurityProviders"=credssp.dll [HKLM\System\CurrentControlSet\Control\Session Manager] "AutoChkTimeout"=8 "BootExecute"=autocheck autochk * "BootShell"=%SystemRoot%\system32\bootim.exe "CriticalSectionTimeout"=2592000 "ExcludeFromKnownDlls"= "GlobalFlag"=0 "HeapDeCommitFreeBlockThreshold"=0 "HeapDeCommitTotalFreeThreshold"=0 "HeapSegmentCommit"=0 "HeapSegmentReserve"=0 "InitConsoleFlags"=0 "NumberOfInitialSessions"=2 "ObjectDirectories"=\Windows \RPC Control "ProcessorControl"=2 "ProtectionMode"=1 "RunLevelExecute"=WinInit ServiceControlManager "RunLevelValidate"=ServiceControlManager "SETUPEXECUTE"= "AutoChkSkipSystemPartition"=0 "ResourceTimeoutCount"=648000 "PendingFileRenameOperations"=\??\D:\Program Files\AVAST Software\Avast\setup\New_1206092d\aswOfferTool.exe \??\D:\Program Files\AVAST Software\Avast\setup\New_1206092d\avBugReport.exe \??\D:\Program Files\AVAST Software\Avast\setup\New_1206092d\AvDump32.exe \??\D:\Program Files\AVAST Software\Avast\setup\New_1206092d\AvDump64.exe \??\D:\Program Files\AVAST Software\Avast\setup\New_1206092d\HTMLayout.dll \??\D:\Program Files\AVAST Software\Avast\setup\New_1206092d\Instup.dll \??\D:\Program Files\AVAST Software\Avast\setup\New_1206092d\instup.exe \??\D:\Program Files\AVAST Software\Avast\setup\New_1206092d\ \??\D:\Program Files\AVAST Software\Avast\asw9825dc915976f6ad.tmp !\??\D:\Program Files\AVAST Software\Avast\SecurityProductInformation.ini \??\C:\WINDOWS\system32\drivers\asw1d0ffdcd590775f4.tmp \??\C:\WINDOWS\system32\drivers\asw110a1ea606c0e3b7.tmp \??\C:\WINDOWS\system32\drivers\aswe01fa0981749c830.tmp \??\C:\WINDOWS\system32\drivers\aswa4f1e7870209c154.tmp \??\C:\WINDOWS\system32\drivers\asw6b0046678cf4e79d.tmp \??\C:\WINDOWS\system32\drivers\aswc98d96e562c827ee.tmp \??\C:\WINDOWS\system32\drivers\asw 99649e363f610cd.tmp \??\C:\WINDOWS\system32\drivers\asw211604606e063e33.tmp \??\C:\WINDOWS\system32\drivers\aswcfb7f882b9e88034.tmp \??\C:\WINDOWS\system32\drivers\aswb45d8ecb52c59312.tmp \??\C:\WINDOWS\system32\drivers\asw91bce43816656a37.tmp \??\C:\WINDOWS\system32\drivers\aswe12dff5fc2bb1b53.tmp \??\C:\WINDOWS\system32\drivers\asw5835920be83f232b.tmp \??\C:\WINDOWS\system32\drivers\asw 89ff10c76efc942.tmp \??\C:\WINDOWS\system32\drivers\asw9b2510341732b27c.tmp \??\D:\Program Files\AVAST Software\Avast\setup\Reboot.txt \??\D:\Program Files\AVAST Software\Avast\setup\Reboot.txt \??\D:\Program Files\AVAST Software\Avast\setup\Reboot.txt \??\D:\Program Files\AVAST Software\Avast\setup \??\D:\Program Files\AVAST Software\Avast \??\D:\Program Files\AVAST Software \??\D:\Program Files \??\D:\ [HKLM\System\CurrentControlSet\Control\Terminal Server] "AllowRemoteRPC"=0 "DelayConMgrTimeout"=0 "DeleteTempDirsOnExit"=1 "fDenyTSConnections"=1 "fSingleSessionPerUser"=1 "NotificationTimeOut"=0 "PerSessionTempDir"=0 "ProductVersion"=5.1 "RCDependentServices"=CertPropSvc SessionEnv "SnapshotMonitors"=1 "StartRCM"=0 "TSUserEnabled"=0 "InstanceID"=f78608d0-4ff2-4bd4-845b-57502eb "GlassSessionId"=1 ---------- | .LNK with Arguments c:\$recycle.bin\s-1-5-21-984768822-1242204556-3330448555-1001\$r8mj4by.lnk - Encrypted: False - Target: C:\Program Files (x86)\Internet Explorer\iexplore.exe - Args: (hxxps://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=S3AQ8V3XRWWYN) - Hidden: False - Status: OK c:\$recycle.bin\s-1-5-21-984768822-1242204556-3330448555-1001\$rf3hepq.lnk - Encrypted: False - Target: C:\Program Files (x86)\Internet Explorer\iexplore.exe - Args: (hxxps://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=S3AQ8V3XRWWYN) - Hidden: False - Status: OK ---------- | AppCertDlls ---------- | Dnsapi.dll C:\WINDOWS\System32\dnsapi.dll -> OK : \drivers\etc\hosts C:\WINDOWS\SysWOW64\dnsapi.dll -> OK : \drivers\etc\hosts ---------- | Policies | Registry [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Control Panel\Desktop] "ActiveWndTrackTimeout"=0 "BlockSendInputResets"=0 "CaretTimeout"=5000 "CaretWidth"=1 "ClickLockTime"=1200 "CoolSwitchColumns"=7 "CoolSwitchRows"=3 "CursorBlinkRate"=530 "DockMoving"=1 "DragFromMaximize"=1 "DragFullWindows"=1 "DragHeight"=4 "DragWidth"=4 "FocusBorderHeight"=1 "FocusBorderWidth"=1 "FontSmoothing"=2 "FontSmoothingGamma"=0 "FontSmoothingOrientation"=1 "FontSmoothingType"=2 "ForegroundFlashCount"=7 "ForegroundLockTimeout"=200000 "LeftOverlapChars"=3 "MenuShowDelay"=400 "MouseWheelRouting"=2 "PaintDesktopVersion"=0 "Pattern"=0 "RightOverlapChars"=3 "ScreenSaveActive"=1 "SnapSizing"=1 "TileWallpaper"=0 "WallPaper"=D:\admin\Pictures\546555.jpg [18/08/2018 10:41:51] "WallpaperOriginX"=0 "WallpaperOriginY"=0 "WallpaperStyle"=10 "WheelScrollChars"=3 "WheelScrollLines"=3 "WindowArrangementActive"=1 "Win8DpiScaling"=0 "DpiScalingVer"=4096 "UserPreferencesMask"=0x9E1E078012000000 "MaxVirtualDesktopDimension"=2715 "MaxMonitorDimension"=1920 "TranscodedImageCount"=1 "LastUpdated"=4294967295 "TranscodedImageCache"=0x7AC30100F2CE0C00000F000070080000B3F7351BCF36D40144003A005C00610064006D0069006E005C00500069006300740075007200650073005C003500340036003500350035002E006A0070006700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 "Pattern Upgrade"=TRUE "WaitToKillAppTimeout"=200 "HungAppTimeout"=200 [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=0 [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Microsoft\Windows\CurrentVersion\Explorer] "ShellState"=0x240000003D28000000000000000000000000000001000000130000000000000062000000 "ExplorerStartupTraceRecorded"=1 "UserSignedIn"=1 "SlowContextMenuEntries"=0x10901EF8A46ECE11A7FF00AA003CA9F6991800001A58CE57B60C66429CA019364C90A0B3750400000114020000000000C000000000000046D304000005F7542848354C41A11393E27C808C852D10000016EC7DE90DA5BB49AE24CF682282E08D4A060000 "SIDUpdatedOnLibraries"=1 "LocalKnownFoldersMigrated"=1 "TelemetrySalt"=6 "GlobalAssocChangedCounter"=314 "FirstRunTelemetryComplete"=1 "AppReadinessLogonComplete"=1 "EdgeDesktopShortcutCreated"=1 "PostAppInstallTasksCompleted"=1 "Browse For Folder Width"=1269 "Browse For Folder Height"=592 "link"=0x1B000000 "Reason Setting"=255 [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_SearchFiles"=2 "ServerAdminUI"=0 "Hidden"=1 "ShowCompColor"=1 "HideFileExt"=1 "DontPrettyPath"=0 "ShowInfoTip"=1 "HideIcons"=0 "MapNetDrvBtn"=0 "WebView"=1 "Filter"=0 "ShowSuperHidden"=0 "SeparateProcess"=0 "AutoCheckSelect"=0 "IconsOnly"=0 "ShowTypeOverlay"=1 "ShowStatusBar"=1 "ListviewAlphaSelect"=1 "ListviewShadow"=1 "TaskbarAnimations"=1 "StoreAppsOnTaskbar"=1 "StartMenuInit"=13 "ReindexedProfile"=1 "TaskbarStateLastRun"=0x93B2855B00000000 "TaskbarSizeMove"=1 [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\WordWheelQuery] "MRUListEx"=0x0400000001000000030000000200000000000000FFFFFFFF "0"=0x73006B007900720069006D000000 "2"=0x6400690073000000 "3"=0x6F006E0065002000640072006900760065000000 "1"=0x64006900730063006F00720064000000 "4"=0x73006C006D00670072002E007600620073000000 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "DSCAutomationHostEnabled"=2 "EnableCursorSuppression"=1 "EnableFullTrustStartupTasks"=2 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableUwpStartupTasks"=2 "EnableVirtualization"=1 "PromptOnSecureDesktop"=1 "SupportFullTrustStartupTasks"=1 "SupportUwpStartupTasks"=1 "ValidateAdminCodeSignatures"=0 "undockwithoutlogon"=1 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "ForceActiveDesktopOn"=0 "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "NoRecentDocsHistory"=0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoAddingComponents"=1 "NoComponents"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "CheckedValue"=1 "DefaultValue"=2 "HKeyRoot"=2147483649 "Id"=2 "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "ValueName"=Hidden [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer] "ActiveSetupDisabled"=0 "ActiveSetupTaskOverride"=1 "AsyncRunOnce"=1 "AsyncUpdatePCSettings"=1 "DisableAppInstallsOnFirstLogon"=1 "DisableResolveStoreCategories"=1 "DisableUpgradeCleanup"=1 "EarlyAppResolverStart"=1 "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "FSIASleepTimeInMs"=60000 "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "IconUnderline"=2 "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "MachineOobeUpdates"=1 "NoWaitOnRoamingPayloads"=1 "TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd} "SmartScreenEnabled"=RequireAdmin "GlobalAssocChangedCounter"=12 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_TrackDocs"=1 "TaskbarSizeMove"=0 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "DSCAutomationHostEnabled"=2 "EnableCursorSuppression"=1 "EnableFullTrustStartupTasks"=2 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableUwpStartupTasks"=2 "EnableVirtualization"=1 "PromptOnSecureDesktop"=1 "SupportFullTrustStartupTasks"=1 "SupportUwpStartupTasks"=1 "ValidateAdminCodeSignatures"=0 "undockwithoutlogon"=1 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer] "ForceActiveDesktopOn"=0 "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "NoRecentDocsHistory"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoAddingComponents"=1 "NoComponents"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "CheckedValue"=1 "DefaultValue"=2 "HKeyRoot"=2147483649 "Id"=2 "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "ValueName"=Hidden [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer] "ActiveSetupDisabled"=0 "ActiveSetupTaskOverride"=1 "AsyncRunOnce"=1 "AsyncUpdatePCSettings"=1 "DisableAppInstallsOnFirstLogon"=1 "DisableResolveStoreCategories"=1 "DisableUpgradeCleanup"=1 "EarlyAppResolverStart"=1 "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "FSIASleepTimeInMs"=60000 "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "IconUnderline"=2 "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "MachineOobeUpdates"=1 "NoWaitOnRoamingPayloads"=1 "TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd} "GlobalAssocChangedCounter"=49 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_TrackDocs"=1 "TaskbarSizeMove"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s ---------- | Winlogon [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin;OneDrive;Work Folders "PUUActive"=0x0EFB17D004000400A9008D022BE71C003F5E1F003F5E1F00D200000002004D000E1DDDA0F2C87600109B31009D2B1100A5830D00123806000000000099FF2500BECC0000260D00001631E240A940D401F0EA750000000000010000008E384B00EE420000C40C000026A3450000000000 "BuildNumber"=17134 "FirstLogon"=0 "DP"=0xD200E800C4000400AB0000000EFB17D034C67200000000001631E240A940D4012EC082BD9740D401C6D551000000000000000000000000008970040000000000722728000000000000000000000000000000000000000000000000000000F03F8051010019BE008084000249840902590C490180AB844008AB84400C888E00001C00341D1C00343D80C20080402040245038402460EE0080E2078C12EA078E5BA1D3008000C5803440C58074697C0080B65A600CB6DB684C0D4601805060405050604058F8E200804400640946846409C4CD00C0C410820ACE50A20AFB4D008008084F6308084F77 "ParseAutoexec"=1 [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "AutoRestartShell"=1 "Background"=0 0 0 "CachedLogonsCount"=10 "DebugServerCommand"=no "DefaultDomainName"= "DisableBackButton"=1 "EnableSIHostIntegration"=1 "ForceUnlockLogon"=0 "LegalNoticeCaption"= "LegalNoticeText"= "PasswordExpiryWarning"=5 "PowerdownAfterShutdown"=0 "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "ReportBootOk"=1 "Shell"=explorer.exe "ShellCritical"=0 "ShellInfrastructure"=sihost.exe "SiHostCritical"=0 "SiHostReadyTimeOut"=0 "SiHostRestartCountLimit"=0 "SiHostRestartTimeGap"=0 "VMApplet"=SystemPropertiesPerformance.exe /pagefile "WinStationsDisabled"=0 "scremoveoption"=0 "LastLogOffEndTimePerfCounter"=105506951650 "ShutdownFlags"=39 "Userinit"=C:\WINDOWS\System32\userinit.exe, "DisableCad"=1 "DisableLockWorkstation"=0 "AutoAdminLogon"=0 "DefaultUserName"=admin "IsConnectedAutoLogon"=0 "EnableFirstLogonAnimation"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon] "DefaultDomainName"= "DefaultUserName"= "EnableSIHostIntegration"=1 "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "Shell"=explorer.exe "ShellCritical"=0 "SiHostCritical"=0 "SiHostReadyTimeOut"=0 "SiHostRestartCountLimit"=0 "SiHostRestartTimeGap"=0 "Userinit"=C:\WINDOWS\system32\userinit.exe [12/04/2018 01:34:22] ---------- | Associations [HKLM\Software\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\Classes\.com] ""=comfile [HKLM\Software\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.reg] ""=regfile [HKLM\Software\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\Classes\.scr] ""=scrfile [HKLM\Software\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\Classes\.bat] ""=batfile [HKLM\Software\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.cmd] ""=cmdfile [HKLM\Software\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.pif] ""=piffile [HKLM\Software\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.inf] ""=inffile [HKLM\Software\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\Classes\.url] ""=InternetShortcut [HKLM\Software\Classes\.lnk] ""=lnkfile [HKLM\Software\Classes\.hta] ""=htafile "Content Type"=application/hta "PerceivedType"=text [HKLM\Software\Classes\htafile\Shell\Open\Command] ""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* [HKLM\Software\Classes\InternetShortcut] "EditFlags"=2 "FriendlyTypeName"=@C:\WINDOWS\system32\ieframe.dll,-10046 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "NeverShowExt"= "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment ""=Raccourci Internet [HKLM\Software\Classes\Application.Manifest] ""=Application Manifest "BrowserFlags"=4096 "EditFlags"=4259840 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200 [HKLM\Software\Classes\Application.Reference] ""=Application Reference "EditFlags"=131072 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201 "IsShortcut"= "NeverShowExt"= [HKLM\Software\Classes\Folder] ""=Folder "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeLayoutPatternForSearch"=alpha "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.HomeGroupSharingStatus [HKLM\Software\WOW6432Node\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\WOW6432Node\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\WOW6432Node\Classes\.com] ""=comfile [HKLM\Software\WOW6432Node\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.reg] ""=regfile [HKLM\Software\WOW6432Node\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\WOW6432Node\Classes\.scr] ""=scrfile [HKLM\Software\WOW6432Node\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\WOW6432Node\Classes\.bat] ""=batfile [HKLM\Software\WOW6432Node\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.cmd] ""=cmdfile [HKLM\Software\WOW6432Node\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.pif] ""=piffile [HKLM\Software\WOW6432Node\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.inf] ""=inffile [HKLM\Software\WOW6432Node\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\WOW6432Node\Classes\.url] ""=InternetShortcut [HKLM\Software\WOW6432Node\Classes\.lnk] ""=lnkfile [HKLM\Software\WOW6432Node\Classes\.hta] ""=htafile "Content Type"=application/hta "PerceivedType"=text [HKLM\Software\WOW6432Node\Classes\htafile\Shell\Open\Command] ""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* [HKLM\Software\WOW6432Node\Classes\InternetShortcut] "EditFlags"=2 "FriendlyTypeName"=@C:\WINDOWS\system32\ieframe.dll,-10046 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "NeverShowExt"= "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment ""=Raccourci Internet [HKLM\Software\WOW6432Node\Classes\Application.Manifest] ""=Application Manifest "BrowserFlags"=4096 "EditFlags"=4259840 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200 [HKLM\Software\WOW6432Node\Classes\Application.Reference] ""=Application Reference "EditFlags"=131072 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201 "IsShortcut"= "NeverShowExt"= [HKLM\Software\WOW6432Node\Classes\Folder] ""=Folder "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeLayoutPatternForSearch"=alpha "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.HomeGroupSharingStatus [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\Shell\open\Command] ""="C:\Program Files\Mozilla Firefox\firefox.exe" [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\InstallInfo] "ReinstallCommand"="C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\Shell\open\Command] ""="C:\Program Files\Mozilla Firefox\firefox.exe" [HKLM\Software\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\InstallInfo] "ReinstallCommand"="C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""=C:\Program Files\Internet Explorer\iexplore.exe [12/04/2018 18:19:11] [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\Shell\open\Command] ""="C:\Program Files\Mozilla Firefox\firefox.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\InstallInfo] "ReinstallCommand"="C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""=C:\Program Files\Internet Explorer\iexplore.exe [12/04/2018 18:19:11] [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall ---------- | AppcompatFlags [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted] "D:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\upc.exe"=32 [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store] "SIGN.MEDIA=CCF62 Utils\Win10\UpdateInstaller.exe"=0x5341435001000000000000000700000028000000006606000000000001000000000000000000000A0021000033504C2B57DFD101000000800000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000007E050000000000000100000001000000 "SIGN.MEDIA=FEDD1FD8 Utils\tweak-ssd-v2-setup.exe"=0x5341435001000000000000000700000028000000D097D700C0D0D70001000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000554D0000000000000100000001000000 "SIGN.MEDIA=FEDD1FD8 Utils\375.95-desktop-win10-64bit-international-whql.exe"=0x5341435001000000000000000700000028000000D8F55917BF395A170100000000000000000002060001000033504C2B57DFD1010000000000000000 "C:\Users\admin\Downloads\Firefox Setup Stub 50.0.exe"=0x5341435001000000000000000700000028000000F8B70300B31B040001000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000E7FC1200000000000100000001000000 "C:\Users\admin\Downloads\avast_free_antivirus_setup_online.exe"=0x534143500100000000000000070000002800000080A96000747E610001000000000000000000000A0021000033504C2B57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000005D410A00000000000100000001000000 "C:\Users\admin\Downloads\uTorrent.exe"=0x5341435001000000000000000700000028000000C0AC2400001C250001000000000000000000000A0021000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000007F25CB00000000000200000002000000 "C:\Users\admin\Downloads\BitComet_1.44_setup.exe"=0x534143500100000000000000070000002800000060F6F8009371F90001000000000000000000000A0021000033504C2B57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000002DC3C300000000000100000001000000 "C:\Program Files\BitComet\BitComet.exe"=0x534143500100000000000000070000002800000078E60B0123840C0101000000000000000000000A73220000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000009E7A9A0A000000004601000046010000 "C:\Users\admin\Downloads\wrar540.exe"=0x5341435001000000000000000700000028000000C8181E00491A1E0001000000000000000000000A0021000033504C2B57DFD10100000080000000000200000028000000000000000000004000000000000000000000000000000000AF3E0000000000000100000001000000 "C:\Users\admin\Downloads\MinecraftInstaller.msi"=0x534143500100000000000000070000002800000000FE00009EC4010001000000000000000000010500100000D5B3B31A57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000FDAF0C00000000000200000002000000 "C:\Users\admin\Downloads\MinecraftMetro2033Installer.exe"=0x5341435001000000000000000700000028000000B3F9D03747C8060001000000000000000000000A7120000033504C2B57DFD101000000000000000002000000280000000000000000080040000000000000000000000000000000009E670100000000000300000003000000 "C:\Users\admin\Downloads\JavaSetup8u111.exe"=0x534143500100000000000000070000002800000040400B00A6CF0B0001000000000000000000000A7122000033504C2B57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000000FB30E00000000000200000002000000 "C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"=0x534143500100000000000000070000002800000000A04100B444420001000000010000000000000A7122000033504C2B57DFD1010000000000000000 "C:\Users\admin\Downloads\vlc-2.2.4-win32.exe"=0x534143500100000000000000070000002800000038E8D1015414D2010100000000000000000001060001000033504C2B57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000007C510000000000000100000001000000 "C:\Users\admin\Desktop\TechnicLauncher.exe"=0x5341435001000000000000000700000028000000C83E48000000000001000000000000000000000A71200000BFA2139DEDD1D30100000000000000000200000028000000000000008000000000000000000000000000000000000000B446AD00000000000900000009000000 "C:\Users\admin\Downloads\CurseClientSetup_[plugin-Minecraft].exe"=0x5341435001000000000000000700000028000000D88FFD04E89CFD040100000000000000000003060001000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000A4450000000000000100000001000000 "C:\Users\admin\Downloads\jdk-8u111-windows-x64.exe"=0x5341435001000000000000000700000028000000382E2A0C1E5E2A0C01000000000000000000000A73220000D5B3B31A57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000FFB80000000000000100000001000000 "SIGN.MEDIA=344308 setup.exe"=0x534143500100000000000000070000002800000060C70A0078C10B000100000000000000000000067100000033504C2B57DFD101000000000000000002000000280000000000000000080040000000000000000000000000000000006A2C0100000000000100000001000000 "C:\Users\admin\Downloads\DTLiteInstaller.exe"=0x5341435001000000000000000700000028000000688F0A0077280B000100000000000000000001060001000033504C2B57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000001DE90601000000000100000001000000 "C:\Program Files\DAEMON Tools Lite\DTAgent.exe"=0x5341435001000000000000000700000028000000C0BE4700E1EA470001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000B338000000000000B6000000B6000000 "SIGN.MEDIA=3053B74A setup.exe"=0x5341435001000000000000000700000028000000D83C3D00000000000100000000000000000001060001000033504C2B57DFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000039C80500000000000100000001000000 "C:\Users\admin\Desktop\VoidLauncher.exe"=0x5341435001000000000000000700000028000000146EC6010CBE040001000000000000000000000A7120000033504C2B57DFD10100000000000000000200000028000000000000008000000000000000000000000000000000000000D093E700000000000100000001000000 "SIGN.MEDIA=50AB9411 setup.exe"=0x53414350010000000000000007000000280000009B3959000000000001000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000C68B0000000000000100000001000000 "C:\Users\admin\Downloads\Nexus Mod Manager-0.63.11.exe"=0x5341435001000000000000000700000028000000F0846200768D620001000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000A3CA0000000000000100000001000000 "C:\Users\admin\Downloads\AutoHotkey_1.1.24.04_setup.exe"=0x5341435001000000000000000700000028000000CE952F00EF67010001000000000000000000000A0021000033504C2B57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000002E490000000000000100000001000000 "SIGN.MEDIA=7A301D80 setup.exe"=0x5341435001000000000000000700000028000000209B4B00000000000100000000000000000001060001000033504C2B57DFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000037CF0000000000000100000001000000 "C:\Program Files\DAEMON Tools Lite\DTLauncher.exe"=0x5341435001000000000000000700000028000000C00C30009BCC300001000000000000000000000A73220000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000566F2502000000002700000027000000 "SIGN.MEDIA=C0FAB4D setup.exe"=0x5341435001000000000000000700000028000000FA5F3400000000000100000000000000000001060001000033504C2B57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000004BFC0800000000000100000001000000 "SIGN.MEDIA=9025EF8C setup.exe"=0x534143500100000000000000070000002800000078624700000000000100000000000000000001060001000033504C2B57DFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000061981F00000000000100000001000000 "C:\Users\admin\AppData\Roaming\Curse Client\Bin\Curse.exe"=0x5341435001000000000000000700000028000000880D11008E9D110001000000000000000000000AF1220000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000B7E14800000000000400000004000000 "SIGN.MEDIA=834358D1 setup.exe"=0x5341435001000000000000000700000028000000419009000000000001000000000000000000000A0021000033504C2B57DFD101000000000000000002000000500000000000000000000000000000000000000000000000000000008CAF0600000000000200000001000000000000008000000000000000000000000000000000000000ED2B0B00000000000100000000000000 "C:\Users\admin\Downloads\VTMBup96fr.exe"=0x5341435001000000000000000700000028000000C479521A000000000100000000000000000002060001000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000455A2100000000000100000001000000 "SIGN.MEDIA=EBB1698B setup.exe"=0x53414350010000000000000007000000280000001A7308000000000001000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000C5571700000000000200000002000000 "SIGN.MEDIA=246224DB Autorun.exe"=0x534143500100000000000000070000002800000000100B00000000000100000000000000000001057120000033504C2B57DFD1010000000000000000050000001000000000000000000000000000000080080000020000002800000000000000800800500000000000000000000000000000000064BB0600000000000200000002000000 "C:\Users\admin\Downloads\LotrBfMe2-65542-french.exe"=0x53414350010000000000000007000000280000004B569701000000000100000000000000000001055100000033504C2B57DFD10100000000000000000200000028000000000000000008005000000000000000000000000000000000033E0000000000000100000001000000 "C:\Users\admin\Downloads\BfME_Startup_Fixxer.exe"=0x534143500100000000000000070000002800000000A2010000000000010000000000000000000206F102000033504C2B57DFD101000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000001C250000000000000100000001000000 "SIGN.MEDIA=7B8F5483 setup.exe"=0x5341435001000000000000000700000028000000DBB22F00000000000100000000000000000001060001000033504C2B57DFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000052CD0000000000000100000001000000 "C:\Users\admin\Downloads\Apache_OpenOffice_4.1.3_Win_x86_install_fr.exe"=0x534143500100000000000000070000002800000066CAE3070000000001000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000F7A20000000000000100000001000000 "C:\Program Files (x86)\OpenOffice 4\program\swriter.exe"=0x5341435001000000000000000700000028000000009601002029020001000000000000000000000A71220000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000006016401000000004700000047000000 "C:\Users\admin\Downloads\UplayInstaller.exe"=0x5341435001000000000000000700000028000000E89DC50394EAC50301000000000000000000000A0021000033504C2B57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000007EFAE600000000000100000001000000 "SIGN.MEDIA=CFA38258 setup.exe"=0x5341435001000000000000000700000028000000D39288000000000001000000000000000000000A0021000033504C2B57DFD1010000000000000000020000002800000000000000800000000000000000000000000000000000000035E60100000000000100000001000000 "SIGN.MEDIA=841F0E46 setup.exe"=0x534143500100000000000000070000002800000085EE62000000000001000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000008000000000000000000000000000000000000000132A1600000000000100000001000000 "C:\Users\admin\Downloads\ccsetup527.exe"=0x534143500100000000000000070000002800000030528D00A9B48D0001000000000000000000000A0021000033504C2B57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000004258D702000000000100000001000000 "SIGN.MEDIA=67908F99 Setup.exe"=0x534143500100000000000000070000002800000063D814000000000001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000F63C0400000000000200000002000000 "SIGN.MEDIA=2706B6 Autorun.exe"=0x534143500100000000000000070000002800000000C20900000000000100000000000000000001067100000033504C2B57DFD10100000000000000000500000010000000000000000000000000000106A0000000020000002800000000000106A000006000000000000000000000000000000000841A0200000000000100000001000000 "C:\Program Files\NVIDIA Corporation\Control Panel Client\nvcplui.exe"=0x5341435001000000000000000700000028000000C089C200011EC30001000000000000000000000A73220000D5B3B31A57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000E23A0100000000000100000001000000 "C:\Users\admin\Downloads\dolphin-x64-5.0.exe"=0x534143500100000000000000070000002800000058E82601DA9927010100000000000000000001060001000033504C2B57DFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000049760000000000000100000001000000 "SIGN.MEDIA=157C00 Crack Setup.exe"=0x5341435001000000000000000700000028000000007C15000000000001000000000000000000000A7122000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000EF510200000000000100000001000000 "C:\Users\admin\Downloads\adwcleaner_6.044.exe"=0x5341435001000000000000000700000028000000D0833D00422A3E0001000000000000000000000A0021000033504C2B57DFD1010000000000000000 "D:\Program Files (x86)\Cheat 'O Matic\OMATIC.EXE"=0x5341435001000000000000000700000028000000009204000000000001000000000000000000010541200000BFA2139DEDD1D3010000000000000000050000001000000000000000000000000000000020000000020000007800000000000000200000600000020000000000000000000000000030CD5300000000001200000012000000000000000000004000000000000000000000000000000000CFDD2700000000000500000000000000000000000000000000000000000000000000000000000000C1012F00000000003E00000000000000 "D:\Program Files (x86)\Druide\Antidote 8\Programmes64\GesAnt.exe"=0x534143500100000000000000050000001000000000000000000000000000000000000000070000002800000000080700F372070001000000000000000000020673220000BFA2139DEDD1D30100000000000000000200000028000000000000000000000010000000000000000000000000000000DB96080000000000A2020000A2020000 "D:\Program Files (x86)\Druide\Antidote 8\Programmes64\Antidote.exe"=0x53414350010000000000000007000000280000000098670015AA670001000000000000000000020673020000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000753BF402000000001F0000001F000000 "SIGN.MEDIA=25AA007 autorun.exe"=0x534143500100000000000000070000002800000000B21700000000000100000000000000000000066120000033504C2B57DFD1010000000000000000020000002800000000000000800000000000000000000000000000000000000042940300000000000100000001000000 "C:\Program Files\Windows NT\Accessories\wordpad.exe"=0x534143500100000000000000070000002800000000AC44007880450001000000010000000000000A73220000D5B3B31A57DFD1010000000000000000 "SIGN.MEDIA=A5534DF setup.exe"=0x53414350010000000000000007000000280000008C3C3D00000000000100000000000000000001060001000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000F5E60000000000000100000001000000 "C:\Users\admin\Downloads\SkypeSetup.exe"=0x5341435001000000000000000700000028000000D8E518006643190001000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000626B0200000000000100000001000000 "C:\Users\admin\Downloads\hamachi.msi"=0x5341435001000000000000000700000028000000000201002508010001000000000000000000010500100000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000031110100000000000200000002000000 "SIGN.MEDIA=3378C6E OriginSetup.exe"=0x5341435001000000000000000700000028000000004266000000000001000000000000000000000A61200000DB80FDAC2839D3010000000000000000020000002800000000000000000800400000000000000000000000000000000053BA1800000000000200000002000000 "C:\Users\admin\Downloads\OriginThinSetup.exe"=0x534143500100000000000000070000002800000000F74103384D420301000000000000000000000A0021000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000082500D00000000000100000001000000 "C:\Program Files\Common Files\EAInstaller\Mass Effect Andromeda\Cleanup.exe"=0x5341435001000000000000000700000028000000E0E90D0022110E0001000000000000000000020600010000DB80FDAC2839D30100000000000000000200000050000000000000000000004000000000000000000000000000000000A6280000000000000100000001000000000000000000000000000000000000000000000000000000041C0000000000000100000000000000 "SIGN.MEDIA=46CC62 OriginInstaller.exe"=0x534143500100000000000000070000002800000000DC080000000000010000000000000000000106F122000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000024B70800000000000100000001000000 "SIGN.MEDIA=D1FC9810 autorun.exe"=0x534143500100000000000000070000002800000088822F009F0030000100000000000000000000067102000033504C2B57DFD10100000000000000000200000028000000000000008000000000100200000000000000000000000000CB3F0600000000000300000003000000 "SIGN.MEDIA=157A22B0 Crack\keygen.exe"=0x5341435001000000000000000700000028000000000A0B00000000000100000000000000000001067122000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000C2400000000000000100000001000000 "SIGN.MEDIA=157A22B0 Crack\avatar_1.01_americas_europe.exe"=0x53414350010000000000000007000000280000005894B80ABFB3B80A0100000000000000000000067102000033504C2B57DFD1010000000000000000020000002800000000000000000000400010020000000000000000000000000065670000000000000200000002000000 "SIGN.MEDIA=A59A1DC9 setup.exe"=0x534143500100000000000000070000002800000003784100000000000100000000000000000001060001000033504C2B57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000001EF00300000000000100000001000000 "SIGN.MEDIA=36F4B3F4 setup.exe"=0x53414350010000000000000007000000280000008BAA0A00000000000100000000000000000003060001000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000008FD80300000000000100000001000000 "C:\Users\admin\Downloads\2010-10-16-Space_Hulk_Mod_1_3_0(1).exe"=0x534143500100000000000000070000002800000002E23D0C000000000100000000000000000001060001000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000005C9F0000000000000100000001000000 "SIGN.MEDIA=834C8CD1 setup.exe"=0x5341435001000000000000000700000028000000FCC40C000000000001000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000F8400F00000000000100000001000000 "SIGN.MEDIA=37AD8138 setup.exe"=0x5341435001000000000000000700000028000000FB774100000000000100000000000000000001060001000033504C2B57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000007F4A1200000000000100000001000000 "SIGN.MEDIA=E6CAF326 setup.exe"=0x5341435001000000000000000700000028000000B21B1C00000000000100000000000000000003060001000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000F1651300000000000100000001000000 "SIGN.MEDIA=752E883A Setup.exe"=0x5341435001000000000000000700000028000000ECC213000000000001000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000D36D0200000000000100000001000000 "C:\Users\admin\Downloads\NarutoZero.exe"=0x53414350010000000000000007000000280000006134AF27000000000100000000000000000001060001000033504C2B57DFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000074C40100000000000100000001000000 "C:\Program Files (x86)\OpenOffice 4\program\soffice.exe"=0x5341435001000000000000000700000028000000001A9600A653960001000000000000000000000A71220000E63F486B2AA0D2010000000000000000020000002800000000000000000000100000000000000000000000000000000037B80600000000000400000004000000 "C:\Users\admin\Downloads\DiscordSetup(1).exe"=0x534143500100000000000000070000002800000000E821039A2222030100000000000000000003060001000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000FD0A0000000000000100000001000000 "C:\Users\admin\Downloads\DiscordSetup(2).exe"=0x534143500100000000000000070000002800000000E821039A2222030100000000000000000003060001000033504C2B57DFD10100000000000000000200000050000000000000000000000000000000000000000000000000000000FE0700000000000001000000010000000000000000000040000000000000000000000000000000005E000000000000000100000000000000 "C:\Users\admin\Downloads\DiscordSetup(4).exe"=0x534143500100000000000000070000002800000000E821039A2222030100000000000000000003060001000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000480EE300000000000100000001000000 "C:\Users\admin\Downloads\NarutoOnline_fr_2.4.0.7171_oas.exe"=0x5341435001000000000000000700000028000000180C5102878051020100000000000000000001060001000033504C2B57DFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000042512300000000000100000001000000 "C:\Users\admin\Downloads\Install_ESO.exe"=0x5341435001000000000000000700000028000000407AED086CA6ED0801000000000000000000000A0021000033504C2B57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000003A2E3A00000000000100000001000000 "C:\Users\admin\Downloads\mb_warband_setup_1153(1).exe"=0x53414350010000000000000007000000280000002AB7A824000000000100000000000000000000067100000033504C2B57DFD10100000000000000000200000028000000000000000008004000000000000000000000000000000000A4A80000000000000100000001000000 "C:\Users\admin\Downloads\Nexus Mod Manager-0.63.14.exe"=0x534143500100000000000000070000002800000088486200CBF1620001000000000000000000000A0021000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000040EA0A00000000000100000001000000 "C:\Users\admin\Downloads\Install_ESO(1).exe"=0x5341435001000000000000000700000028000000407AED086CA6ED0801000000000000000000000A0021000033504C2B57DFD1010000000000000000 "SIGN.MEDIA=94606647 setup.exe"=0x5341435001000000000000000700000028000000D7784100000000000100000000000000000001060001000033504C2B57DFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000042961100000000000100000001000000 "SIGN.MEDIA=2422A120 setup.exe"=0x53414350010000000000000007000000280000006FCC2F00000000000100000000000000000001060001000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000D79E0500000000000100000001000000 "SIGN.MEDIA=78B20E58 setup.exe"=0x5341435001000000000000000700000028000000E0774100000000000100000000000000000001060001000033504C2B57DFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000028E90000000000000100000001000000 "SIGN.MEDIA=352DC357 setup.exe"=0x534143500100000000000000070000002800000000293B000000000001000000000000000000000A00210000E63F486B2AA0D201000000000000000002000000280000000000000000000000000000000000000000000000000000005D2A0300000000000200000002000000 "SIGN.MEDIA=42A8413B Setup.exe"=0x5341435001000000000000000700000028000000FCF50A000000000001000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000C4A00000000000000100000001000000 "SIGN.MEDIA=CA66C6F6 setup.exe"=0x53414350010000000000000007000000280000001B784100000000000100000000000000000001060001000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000C7410100000000000100000001000000 "SIGN.MEDIA=7D3E3734 Setup.exe"=0x534143500100000000000000070000002800000003F60A000000000001000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000B3300700000000000100000001000000 "SIGN.MEDIA=5E98614 setup.exe"=0x53414350010000000000000007000000280000005CFE0600000000000100000000000000000001060001000033504C2B57DFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000022DC0100000000000100000001000000 "C:\Users\admin\Downloads\setupLDD-PC-4_3_10.exe"=0x534143500100000000000000070000002800000050B76B1115F06B110100000000000000000000067102000033504C2B57DFD10100000000000000000200000028000000000000008000004000000000000000000000000000000000C9F60C00000000000100000001000000 "SIGN.MEDIA=DBE0AEA2 setup.exe"=0x534143500100000000000000070000002800000048A526021B2B27020100000000000000000003060001000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000B9500800000000000100000001000000 "C:\Users\admin\Downloads\crossout_launcher_1.0.3.11.exe"=0x534143500100000000000000070000002800000028534300B018440001000000000000000000000A0021000033504C2B57DFD1010000000000000000 "SIGN.MEDIA=A0AED4BA setup.exe"=0x5341435001000000000000000700000028000000D8550F000000000001000000000000000000010600010000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000E83A0300000000000200000002000000 "C:\Program Files\DAEMON Tools Lite\DTLite.exe"=0x5341435001000000000000000700000028000000C0B2280043D0280001000000000000000000000A80210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000DC6D2501000000004100000041000000 "SIGN.MEDIA=1B32B040 setup_legend_of_grimrock_1.0.0.6.exe"=0x53414350010000000000000007000000280000002CB0321B0000000001000000000000000000010661220000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000017C20000000000000100000001000000 "SIGN.MEDIA=1297139E setup.exe"=0x5341435001000000000000000700000028000000F85F34000000000001000000000000000000010600010000E63F486B2AA0D20100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000CE670100000000000300000003000000 "C:\Users\admin\Downloads\CK2-icefiremod_setup_1.3.2.exe"=0x5341435001000000000000000700000028000000CCD3AB0E0000000001000000000000000000000A00210000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000044760100000000000100000001000000 "SIGN.MEDIA=4086D74F setup.exe"=0x53414350010000000000000007000000280000005B5843000000000001000000000000000000000A00210000E63F486B2AA0D201000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000000000000000000000000000000000000008E1F0000000000000100000001000000 "SIGN.MEDIA=7F4CF27 setup.exe"=0x5341435001000000000000000700000028000000C63C3D000000000001000000000000000000010600010000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000ABC60000000000000100000001000000 "SIGN.MEDIA=25500873 setup.exe"=0x5341435001000000000000000700000028000000DABD09000000000001000000000000000000010600010000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000982D0000000000000100000001000000 "C:\Users\admin\Downloads\La Princesse Oubliée 3.7.2.exe"=0x53414350010000000000000007000000280000009DCB9F0E2D3A030001000000000000000000010671020000E63F486B2AA0D201000000000000000002000000280000000000000000000040000000000000000000000000000000005B9A0000000000000100000001000000 "C:\Users\admin\Downloads\paint-net\Paint.NET.3.5.10.Install.exe"=0x534143500100000000000000070000002800000000523900D488390001000000000000000000010600210000E63F486B2AA0D2010000000000000000020000002800000000000000000000500000000000000000000000000000000053E70000000000000100000001000000 "D:\Program Files\Paint.NET\PaintDotNet.exe"=0x534143500100000000000000070000002800000060420E0076760E0001000000000000000000010680210000E78E163C2AA0D2010000000000000000020000002800000000000000000000100000000000000000000000000000000032E30C00000000000200000002000000 "D:\Program Files (x86)\Steam\steamapps\common\FTL Faster Than Light\Slipstream Mod Manager v1.4-Win\modman.exe"=0x5341435001000000000000000700000028000000005C0000D126010001000000000000000000020671200000E63F486B2AA0D201000000000000000002000000280000000000000000000000001000000000000000000000000000007F2C0000000000000100000001000000 "C:\Program Files (x86)\Skype\Phone\Skype.exe"=0x5341435001000000000000000700000028000000E0F5A701CC87A80101000000000000000000000A00210000E63F486B2AA0D201000000000000000002000000280000000000000000000010000000000000000000000000000000002E780000000000000200000002000000 "C:\Users\admin\Downloads\PrtScrSetup.exe"=0x53414350010000000000000007000000280000005FC945000000000001000000000000000000020600010000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000018898102000000000100000001000000 "C:\Users\admin\Downloads\RPGVXAceFR-setup.exe"=0x534143500100000000000000070000002800000045BC840D0000000001000000000000000000010600010000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000CCA50200000000000100000001000000 "C:\Users\admin\Downloads\Unreal2_FrenchPatch13.exe"=0x53414350010000000000000007000000280000001202750A0000000001000000000000000000010671020000E63F486B2AA0D201000000800000000002000000280000000000000000000000000000000000000000000000000000005AD90300000000000100000001000000 "C:\Users\admin\Downloads\Floris254.exe"=0x5341435001000000000000000700000028000000468CF7460000000001000000000000000000010600010000E63F486B2AA0D201000000000000000002000000280000000000000000000000000000000000000000000000000000006D850300000000000100000001000000 "C:\Program Files (x86)\Origin\legacyPM\OriginLegacyCLI.exe"=0x534143500100000000000000070000002800000070AD0C00F9F30C0001000000000000000000010600010000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000020000000000000000600000006000000 "C:\Users\admin\Downloads\Install_ESO(2).exe"=0x5341435001000000000000000700000028000000B8CEF8089F22F90801000000000000000000000A00210000E63F486B2AA0D2010000000000000000020000002800000000000000000000400000000000000000000000000000000027400300000000000100000001000000 "D:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\upc.exe"=0x53414350010000000000000007000000280000005831860086D6860001000000000000000000000A71220000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000886E5301000000000100000001000000 "C:\Program Files\Microsoft Office\Office15\MSPUB.EXE"=0x53414350010000000000000007000000280000008852D700879DD70001000000000000000000010600010000BFA2139DEDD1D3010000009100000000 "C:\Program Files\Microsoft Office\Office15\WINWORD.EXE"=0x5341435001000000000000000700000028000000685E1D0042AA1D0001000000000000000000010600010000BFA2139DEDD1D3010000009100000000 "SIGN.MEDIA=2638B512 Win64\setup.exe"=0x5341435001000000000000000700000028000000F27741000000000001000000000000000000010600010000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000A9472400000000000100000001000000 "C:\Users\admin\Downloads\StarMade-starter.exe"=0x5341435001000000000000000700000028000000E86925005ED2250001000000000000000000000A71200000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000072390600000000000100000001000000 "SIGN.MEDIA=5080E10B setup.exe"=0x53414350010000000000000007000000280000001ABC09000000000001000000000000000000020600010000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000EE121000000000000100000001000000 "SIGN.MEDIA=28052 swgbg.exe"=0x5341435001000000000000000700000028000000008002000000000001000000000000000000010571200000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000040000000000000000000000000DE6C0100000000000300000003000000 "SIGN.MEDIA=28076 CloneCampaigns.exe"=0x5341435001000000000000000700000028000000008002000000000001000000000000000000010571200000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000004000000000000000000000000021E50D00000000000300000003000000 "C:\Program Files (x86)\Launcher MOD CSP-IRG\Launcher CSP-IRG.exe"=0x5341435001000000000000000700000028000000002609000000000001000000000000000000010680010000E63F486B2AA0D20100000000000000000200000028000000000000008000004000000000000000000000000000000000C7E21C00000000000800000008000000 "SIGN.MEDIA=167888E5 setup.exe"=0x5341435001000000000000000700000028000000C13C3D000000000001000000000000000000010600010000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000690F0500000000000100000001000000 "C:\Users\admin\Downloads\Diablo-III-Setup.exe"=0x5341435001000000000000000700000028000000F03B33003BBB330001000000000000000000000A00210000E63F486B2AA0D201000000000000000002000000280000000000000000000000000000000000000000000000000000007E42A000000000000100000001000000 "C:\Users\admin\Downloads\EpicGamesLauncherInstaller-5.0.1-3544582-fortnite-59c6b6659e864328881331c643f6a121.msi"=0x534143500100000000000000070000002800000000E80000D238010001000000000000000000010500100000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000B9590000000000000100000001000000 "C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe"=0x5341435001000000000000000700000028000000F0A51800CBE1180001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000BC680000000000000200000002000000 "SIGN.MEDIA=991E9B80 setup.exe"=0x53414350010000000000000007000000280000001C7841000000000001000000000000000000010600010000E63F486B2AA0D2010000000000000000020000002800000000000000000000400000000000000000000000000000000023D10500000000000100000001000000 "D:\Program Files (x86)\Steam\steamapps\common\MountBlade Warband\BattleSizer.exe"=0x5341435001000000000000000700000028000000A1CB0D000000000001000000000000000000010571000000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000020000000000000000000000000000A65C0000000000000600000006000000 "SIGN.MEDIA=9A1829A2 setup.exe"=0x534143500100000000000000070000002800000046CC2F000000000001000000000000000000010600010000E63F486B2AA0D201000000000000000002000000280000000000000000000040000000000000000000000000000000003FD20100000000000100000001000000 "C:\ProgramData\Origin\SelfUpdate\Staged\OriginThinSetupInternal.exe"=0x53414350010000000000000007000000280000005863430161B7430101000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000D73A0000000000000100000001000000 "C:\Users\admin\Downloads\forge-1.7.10-10.13.4.1558-1.7.10-installer-win.exe"=0x5341435001000000000000000700000028000000B3F33300DB06010001000000000000000000000A71200000E63F486B2AA0D201000000000000000002000000280000000000000000080040000000000000000000000000000000009EE50000000000000100000001000000 "SIGN.MEDIA=261E2CBE Autorun.exe"=0x534143500100000000000000070000002800000000D010000000000001000000000000000000010571200000E63F486B2AA0D2010000000000000000020000002800000000000000800000000000000000000000000000000000000011230800000000000100000001000000 "SIGN.MEDIA=27D540AC Autorun.exe"=0x534143500100000000000000070000002800000000D01000C735110001000000000000000000010571200000E63F486B2AA0D2010000000000000000020000002800000000000000800000000000000000000000000000000000000047890600000000000200000002000000 "SIGN.MEDIA=27A24870 Command and Conquer(TM) Generäle Die Stunde Null .msi"=0x53414350010000000000000007000000280000000002010013D4010001000000000000000000010500300000E78E163C2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000CC050000000000000100000001000000 "C:\Users\admin\Downloads\GeneralsZH-Patch104-french.exe"=0x5341435001000000000000000700000028000000D9FB18010000000001000000000000000000010551000000E63F486B2AA0D20100000080000000000500000010000000000000000000000000000000000800000200000028000000000000000008005000000000000000000000000000000000983A0000000000000300000003000000 "SIGN.MEDIA=8EDFC2E6 noautorun.exe"=0x5341435001000000000000000700000028000000009000000000000001000000000000000000010571200000E63F486B2AA0D201000000000000000002000000280000000000000000000000000000000000000000000000000000000F000000000000000100000001000000 "SIGN.MEDIA=27D540AC setup.exe"=0x5341435001000000000000000700000028000000D8FC4200250B430001000000000000000000010571200000E63F486B2AA0D20100000000000000000200000028000000000000000008004000000000000000000000000000000000E1ED0200000000000100000001000000 "C:\Users\admin\Downloads\CnC_SGU_setup_V2B1_131223.exe"=0x534143500100000000000000070000002800000004D287110000000001000000000000000000010600010000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000043B40200000000000200000002000000 "C:\Program Files (x86)\Common Files\InstallShield\Driver\7\Intel 32\IDriver.exe"=0x5341435001000000000000000700000028000000009009000000000001000000000000000000010571200000E63F486B2AA0D20100000000000000000200000028000000000000000008005000000000000000000000000000000000AF310000000000000200000002000000 "C:\Users\admin\Downloads\Star_Citizen_Launcher_Setup.exe"=0x534143500100000000000000070000002800000096CEA4060000000001000000000000000000000671000000E63F486B2AA0D2010000000000000000020000002800000000000000800800400000000000000000000000000000000002096E00000000000100000001000000 "C:\Program Files (x86)\Mozilla Firefox\minidump-analyzer.exe"=0x5341435001000000000000000700000028000000D015080085EC080001000000000000000000000A71200000E63F486B2AA0D201000000000000000002000000280000000000000000000000000000000000000000000000000000004E000000000000000500000005000000 "C:\Program Files (x86)\Origin\Origin.exe"=0x534143500100000000000000070000002800000040492F000B29300001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000B1217D00000000000200000002000000 "SIGN.MEDIA=2CF3B11B setup.exe"=0x5341435001000000000000000700000028000000F57741000000000001000000000000000000010600010000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000B94C0D00000000000100000001000000 "SIGN.MEDIA=EF33E7ED setup_absolver_1.02_118_(14540).exe"=0x534143500100000000000000070000002800000078460C0030140D0001000000000000000000000A00210000E63F486B2AA0D201000000000000000002000000280000000000000000000000000000000000000000000000000000006DCE0D00000000000100000001000000 "C:\Users\admin\Downloads\pfsx-setup-fr-10.12.1.exe"=0x534143500100000000000000070000002800000068BFA9000000000001000000000000000000000671000000E63F486B2AA0D20100000000000000000200000028000000000000000008004000000000000000000000000000000000C78D0700000000000100000001000000 "C:\Users\admin\Downloads\PLAYERUNKNOWNS BATTLEGROUNDS.exe"=0x5341435001000000000000000700000028000000A2678F005A51020001000000000000000000000A63200000E78E163C2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000093EE3200000000000100000001000000 "C:\Users\admin\Downloads\dolphin-x64-5.0(1).exe"=0x534143500100000000000000070000002800000058E82601DA99270101000000000000000000010600010000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000BD820000000000000100000001000000 "SIGN.MEDIA=82CE9 setup.exe"=0x5341435001000000000000000700000028000000E92C08000000000001000000000000000000000A00210000E63F486B2AA0D201000000000000000002000000280000000000000000000000000000000000000000000000000000003D413500000000000100000001000000 "SIGN.MEDIA=52638D0E setup.exe"=0x5341435001000000000000000700000028000000097841000000000001000000000000000000010600010000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000E0280100000000000100000001000000 "C:\Users\admin\Downloads\adwcleaner_7.0.2.1.exe"=0x5341435001000000000000000700000028000000D0DB7C00F1FE7C0001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000D9F50000000000000100000001000000 "C:\Users\admin\Downloads\Breaking_Point_Launcher.exe"=0x5341435001000000000000000700000028000000A760ED0124BF160001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000008000004000000000000000000000000000000000B4930000000000000100000001000000 "SIGN.MEDIA=264C1FBC setup.exe"=0x534143500100000000000000070000002800000059DF2A000000000001000000000000000000010600010000E63F486B2AA0D2010000000000000000020000002800000000000000000000400000000000000000000000000000000010CF0500000000000100000001000000 "SIGN.MEDIA=DF934E9E setup.exe"=0x5341435001000000000000000700000028000000EE4C2D000000000001000000000000000000030600010000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000090EF0000000000000100000001000000 "D:\Program Files (x86)\FileZilla FTP Client\filezilla.exe"=0x5341435001000000000000000700000028000000A80EC800791BC80001000000000000000000000A00210000E78E163C2AA0D201000000000000000002000000280000000000000000000000000000000000000000000000000000005FD81700000000000800000008000000 "C:\Users\admin\Downloads\Evernote_6.7.4.5741.exe"=0x5341435001000000000000000700000028000000809D3C06C4833D0601000000000000000000000A71220000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000077247500000000000100000001000000 "D:\Program Files (x86)\Evernote\Evernote\Evernote.exe"=0x5341435001000000000000000700000028000000808D4801A60B490101000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000A20E5300000000000100000001000000 "C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE"=0x5341435001000000000000000700000028000000806C920151C7920101000000000000000000010600010000BFA2139DEDD1D3010000009100000000 "D:\RAM Cheat\RAMCheat.exe"=0x534143500100000000000000070000002800000000C201000000000001000000000000000000010541200000E63F486B2AA0D20100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000A4380000000000000100000001000000 "SIGN.MEDIA=A54B3968 setup.exe"=0x534143500100000000000000070000002800000008C83F000000000001000000000000000000030600010000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000369F0500000000000200000002000000 "SIGN.MEDIA=528D6BD0 setup.exe"=0x53414350010000000000000007000000280000007FF989000000000001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000F04F0100000000000100000001000000 "SIGN.MEDIA=9AD94 setup.exe"=0x5341435001000000000000000700000028000000C48D09000000000001000000000000000000030600210000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000067B40100000000000100000001000000 "SIGN.MEDIA=64125850 setup.exe"=0x5341435001000000000000000700000028000000AEEA94000000000001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000556E0100000000000100000001000000 "C:\Users\admin\Downloads\mb3-setup-35891.35891-3.2.2.2029-1.0.207-1.0.2899.exe"=0x5341435001000000000000000700000028000000D8BB3C0482643D0401000000000000000000000A00210000E63F486B2AA0D201000000000000000002000000280000000000000000000000000000000000000000000000000000006D980200000000000100000001000000 "C:\Users\admin\Downloads\ToolBarSD.exe"=0x5341435001000000000000000700000028000000EC3B05000000000001000000000000000000010571000000E63F486B2AA0D20100000000000000000500000010000000000000000000000000000000000800000200000028000000000000000008004000002000000000000000200000000000AD050000000000000200000002000000010000000400000001000000 "SIGN.MEDIA=98CD6FCD setup.exe"=0x5341435001000000000000000700000028000000726247000000000001000000000000000000010600010000E63F486B2AA0D2010000000000000000020000002800000000000000000000400000000000000000000000000000000021DE0C00000000000300000003000000 "SIGN.MEDIA=8D5ACFEA stp-mplus.exe"=0x53414350010000000000000007000000280000009423CC000000000001000000000000000000010600010000E63F486B2AA0D2010000000000000000020000002800000000000000000000400000000000000000000000000000000031810100000000000100000001000000 "C:\Users\admin\Downloads\avast_free_antivirus_setup_online(1).exe"=0x5341435001000000000000000700000028000000F08B65007099650001000000000000000000000A00210000E63F486B2AA0D201000000000000000002000000280000000000000000000040000000000000000000000000000000000F290100000000000100000001000000 "C:\Users\admin\Downloads\PANDAFREEAV.exe"=0x5341435001000000000000000700000028000000F8361E00C1531E0001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000F01B0100000000000200000002000000 "SIGN.MEDIA=EA3AA223 Setup.exe"=0x53414350010000000000000007000000280000005D6411000000000001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000C73F0700000000000100000001000000 "C:\Users\admin\Downloads\PANDAGP.exe"=0x534143500100000000000000070000002800000050BD1B00EBCF1B0001000000000000000000000A00210000E63F486B2AA0D2010000000000000000020000002800000000000000000000400000000000000000000000000000000099820100000000000200000002000000 "C:\Users\admin\Downloads\driverfusionfreesetup.exe"=0x5341435001000000000000000700000028000000632FA1010000000001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000E8590000000000000100000001000000 "D:\Program Files (x86)\Steam\steamapps\common\Stalker Call of Pripyat\bin\xrEngine.exe"=0x534143500100000000000000070000002800000018031E0068AA1E0001000000000000000000000671020000E63F486B2AA0D20100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000F76B0700000000000700000007000000 "SIGN.MEDIA=B8F41F64 setup.exe"=0x5341435001000000000000000700000028000000DE7741000000000001000000000000000000010600010000DB80FDAC2839D301000000000000000002000000280000000000000000000040000000000000000000000000000000002AE60000000000000200000002000000 "C:\Users\admin\Downloads\avast_free_antivirus_setup_online(3).exe"=0x5341435001000000000000000700000028000000F08B65007099650001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000A4530200000000000100000001000000 "C:\Users\admin\Desktop\Cold_Turkey_Writer_Free.exe"=0x5341435001000000000000000700000028000000C8BE04007865050001000000000000000000000AF1220000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000016260000000000000100000001000000 "SIGN.MEDIA=94B755A setup.exe"=0x53414350010000000000000007000000280000006E9764000000000001000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000DC2D0C00000000000200000002000000 "SIGN.MEDIA=53ABDD9D setup.exe"=0x5341435001000000000000000700000028000000EB7741000000000001000000000000000000010600010000E63F486B2AA0D2010000000000000000020000002800000000000000000000400000000000000000000000000000000090172400000000000100000001000000 "SIGN.MEDIA=8D05CAD3 setup.exe"=0x5341435001000000000000000700000028000000FF7741000000000001000000000000000000010600010000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000C5860300000000000100000001000000 "SIGN.MEDIA=8C39C8EB setup.exe"=0x5341435001000000000000000700000028000000357841000000000001000000000000000000010600010000E63F486B2AA0D201000000000000000002000000280000000000000000000040000000000000000000000000000000002F7B1300000000000200000002000000 "C:\ProgramData\NVIDIA Corporation\Downloader\a50344aae9f3f44da37094b3e01fbb44\GeForce_Experience_Update_v3.10.0.95.exe"=0x53414350010000000000000007000000280000003092DB04497FDC0401000000000000000000020600010000E63F486B2AA0D201000000800000000002000000280000000000000000000000000000000000000000000000000000008AD60000000000000100000001000000 "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe"=0x5341435001000000000000000700000028000000C0871700F5A1170001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000756C0000000000000100000001000000 "SIGN.MEDIA=1854E6E6 setup.exe"=0x53414350010000000000000007000000280000000C7841000000000001000000000000000000010600010000E63F486B2AA0D2010000000000000000020000002800000000000000000000400000000000000000000000000000000082BF0100000000000100000001000000 "C:\Program Files (x86)\Origin\OriginClientService.exe"=0x5341435001000000000000000700000028000000606520003235210001000000000000000000010600010000E63F486B2AA0D201000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000000000000000000000000000000000000004E000000000000000100000001000000 "C:\Program Files (x86)\Origin\OriginWebHelperService.exe"=0x534143500100000000000000070000002800000068D12D001CF02D0001000000000000000000010600010000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000039010000000000000100000001000000 "SIGN.MEDIA=82316899 setup.exe"=0x534143500100000000000000070000002800000000D213000000000001000000000000000000000A00210000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000024010100000000000100000001000000 "D:\Downloads\The Sims 4 [FitGirl Repack]\Verify BIN files before installation.bat"=0x5341435001000000000000000700000028000000002E04004ADD040001000000000000000000010500100000BFA2139DEDD1D3010000000000000000 "D:\Games\The Sims 4\Game\Bin\TS4.exe"=0x534143500100000000000000070000002800000000E64C01E9624D0101000000000000000000000A00210000DB80FDAC2839D301000000000000000002000000280000000000000020000060000000000000000000000000000000006A330200000000000200000002000000 "C:\Users\admin\Downloads\ovisetup.exe"=0x5341435001000000000000000700000028000000005E46000000000001000000000000000000000A00210000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000016260000000000000100000001000000 "C:\Users\admin\Downloads\ReShade_Setup_3.0.8.exe"=0x5341435001000000000000000700000028000000002640000000000001000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000309D0200000000000400000004000000 "D:\Games\The Sims 4\unins000.exe"=0x5341435001000000000000000700000028000000712117000000000001000000000000000000010600010000BFA2139DEDD1D301000000000000000002000000500000000000000000000040000000000000000000000000000000005E0D00000000000001000000010000000000000000000000000000000000000000000000000000004F1F0000000000000100000000000000 "SIGN.MEDIA=B959294E setup.exe"=0x5341435001000000000000000700000028000000A97F37000000000001000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000ACCE0300000000000200000002000000 "C:\Users\admin\Desktop\VehiPlan-1-2-1\VehiPlan.exe"=0x5341435001000000000000000700000028000000006005002AF4050001000000000000000000010571200000DB80FDAC2839D30100000000000000000200000028000000000201050000006000140000000000000000000000000000B1D20A00000000000400000004000000 "SIGN.MEDIA=C401FB5 setup.exe"=0x53414350010000000000000007000000280000008C6247000000000001000000000000000000010600010000DB80FDAC2839D3010000000000000000020000002800000000000000000000400000000000000000000000000000000023D60200000000000100000001000000 "SIGN.MEDIA=F08AFCB9 setup.exe"=0x53414350010000000000000007000000280000000C7841000000000001000000000000000000010600010000DB80FDAC2839D301000000000000000002000000280000000000000000000040000000000000000000000000000000003D590300000000000100000001000000 "SIGN.MEDIA=BB378DD7 setup.exe"=0x5341435001000000000000000700000028000000DE7741000000000001000000000000000000010600010000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000F5AE0500000000000100000001000000 "SIGN.MEDIA=A72B685 setup.exe"=0x534143500100000000000000070000002800000062CC2F000000000001000000000000000000010600010000DB80FDAC2839D3010000000000000000020000002800000000000000000000400000000000000000000000000000000043200800000000000100000001000000 "SIGN.MEDIA=2090DA47 setup.exe"=0x534143500100000000000000070000002800000053CC2F000000000001000000000000000000010600010000DB80FDAC2839D3010000000000000000020000002800000000000000000000400000000000000000000000000000000072E10100000000000100000001000000 "SIGN.MEDIA=DF379220 setup.exe"=0x534143500100000000000000070000002800000054A453000000000001000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000B10E0100000000000100000001000000 "SIGN.MEDIA=6B7FBA31 setup.exe"=0x534143500100000000000000070000002800000095011B000000000001000000000000000000030600010000DB80FDAC2839D301000000000000000002000000280000000000000000000000000002000000000000000000000000006D070B00000000000100000001000000 "C:\Program Files (x86)\VB\Voicemeeter\voicemeeter.exe"=0x5341435001000000000000000700000028000000183A3A0032F03A0001000000000000000000000A71220000DB80FDAC2839D301000000000000000002000000280000000000000000000000000000000000000000000000000000000AFD0400000000000400000004000000 "C:\Users\admin\AppData\Roaming\uTorrent\uTorrent.exe"=0x5341435001000000000000000700000028000000B83C1E00D2281F0001000000000000000000000A00210000DB80FDAC2839D3010000000000000000020000002800000000000000000000000000000000000000000000000000000056628D00000000000300000003000000 "D:\Program Files (x86)\MegaDev\MegaTrainerUltimate\MegaTrainerClient.exe"=0x53414350010000000000000007000000280000006044AD00FFBAAD0001000000000000000000000A75220000DB80FDAC2839D301000000000000000002000000280000000000000000000040000000000000000000000000000000000A791A00000000000100000001000000 "D:\Program Files\Roberts Space Industries\RSI Launcher\RSI Launcher.exe"=0x53414350010000000000000007000000280000002098E7045F50E80401000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000050000000000000000000000000000000000000000000000000000000E405EF0100000000070000000600000000000000000000400000000000000000000000000000000052020000000000000100000000000000 "SIGN.MEDIA=B4444B38 setup.exe"=0x5341435001000000000000000700000028000000BD9B4B000000000001000000000000000000010600010000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000784B0500000000000100000001000000 "SIGN.MEDIA=CB7EF726 setup.exe"=0x5341435001000000000000000700000028000000982E12000000000001000000000000000000020600010000DB80FDAC2839D3010000000000000000020000002800000000000000000000000000000000000000000000000000000070221300000000000300000003000000 "SIGN.MEDIA=C3365833 setup.exe"=0x5341435001000000000000000700000028000000646247000000000001000000000000000000010600010000DB80FDAC2839D301000000000000000002000000280000000000000000000040000000000000000000000000000000001D4A0900000000000100000001000000 "C:\Program Files (x86)\Mozilla Firefox\pingsender.exe"=0x5341435001000000000000000700000028000000D0F7000096B9010001000000000000000000000A73200000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000EF070000000000005100000051000000 "C:\Users\admin\Documents\Paradox Interactive\Crusader Kings II\mod\unins000.exe"=0x5341435001000000000000000700000028000000212C0B000000000001000000000000000000000A00210000DB80FDAC2839D301000000000000000002000000280000000000000000000040000000000000000000000000000000007C080000000000000100000001000000 "SIGN.MEDIA=5BE12 setup.exe"=0x5341435001000000000000000700000028000000004A04000000000001000000000000000000000A75220000DB80FDAC2839D301000000000000000002000000280000000000000000000040000000000000000000000000000000008AE00700000000000100000001000000 "SIGN.MEDIA=44F09388 Setup.exe"=0x534143500100000000000000070000002800000090751400F077140001000000000000000000010600210000DB80FDAC2839D301000000000000000002000000280000000000000000000000000000000000000000000000000000008DEF0400000000000100000001000000 "SIGN.MEDIA=2857E Crack\keygen.exe"=0x5341435001000000000000000700000028000000008002000000000001000000000000000000010671220000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000FDD50000000000000400000004000000 "SIGN.MEDIA=FCFA1F10 setup.exe"=0x53414350010000000000000007000000280000005B1E4D000000000001000000000000000000030600210000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000A2902200000000000100000001000000 "SIGN.MEDIA=FE71518E setup.exe"=0x5341435001000000000000000700000028000000BBAB5E000000000001000000000000000000030600010000DB80FDAC2839D301000000000000000002000000280000000000000000000000000000000000000000000000000000001E280900000000000100000001000000 "C:\Users\admin\AppData\Roaming\Curse Client\Bin\Twitch.exe"=0x534143500100000000000000070000002800000040EB1700433D180001000000000000000000000A71220000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000006E039A00000000000300000003000000 "SIGN.MEDIA=5BE20 setup.exe"=0x5341435001000000000000000700000028000000004A04000000000001000000000000000000000A75220000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000EC1A0300000000000100000001000000 "SIGN.MEDIA=27DF9EF0 setup.exe"=0x53414350010000000000000007000000280000001C7841000000000001000000000000000000010600010000DB80FDAC2839D3010000000000000000020000002800000000000000000000400000000000000000000000000000000064F62800000000000100000001000000 "C:\Program Files (x86)\Java\jre1.8.0_161\bin\javaw.exe"=0x534143500100000000000000070000002800000040EC02002775030001000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000759D3200000000000200000002000000 "SIGN.MEDIA=DB943EE9 SetAoEDE.exe"=0x534143500100000000000000070000002800000084DB34000000000001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000E4FB1700000000000400000004000000 "SIGN.MEDIA=487C99A2 cdp-fbs.exe"=0x534143500100000000000000070000002800000086F5C8000000000001000000000000000000010600010000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000BBA90700000000000200000002000000 "SIGN.MEDIA=13A4EB27 setup.exe"=0x5341435001000000000000000700000028000000982652000000000001000000000000000000010600010000DB80FDAC2839D3010000000000000000020000002800000000000000000000400000000000000000000000000000000023DA0A00000000000100000001000000 "SIGN.MEDIA=517355B0 setup.exe"=0x534143500100000000000000070000002800000008AB13000000000001000000000000000000030600010000DB80FDAC2839D301000000000000000002000000280000000000000000000000000000000000000000000000000000004A952100000000000100000001000000 "SIGN.MEDIA=9029D58F setup_ghost_of_a_tale_634_(64bit)_(19329)_(g).exe"=0x534143500100000000000000070000002800000000F40C0061590D0001000000000000000000000A00010000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000A2D80C00000000000100000001000000 "D:\Program Files (x86)\Steam\steamapps\common\Hearts of Iron IV\Hearts of Iron IV V1.5.1 Trainer +23 MrAntiFun.EXE"=0x534143500100000000000000070000002800000000EA4C006311010001000000000000000000020671020000DB80FDAC2839D30100000000000000000200000028000000000000000000004002000000000000000000000000000000690DAC00000000000100000001000000 "SIGN.MEDIA=AEF6D488 Setup\MassEffectAndromeda.exe"=0x5341435001000000000000000700000028000000B0075C0867AD5C0801000000000000000000000A73220000DB80FDAC2839D301000000000000000002000000280000000000000000000000000000000000000000000000000000007B510000000000000100000001000000 "SIGN.MEDIA=A52DCF02 setup.exe"=0x5341435001000000000000000700000028000000982652000000000001000000000000000000010600010000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000A5530F00000000000100000001000000 "SIGN.MEDIA=99D29394 LotRIcon.exe"=0x5341435001000000000000000700000028000000008000000000000001000000000000000000010571200000DB80FDAC2839D3010000000000000000020000002800000000000000000000000000000000000000000000000000000000000000000000000200000002000000 "SIGN.MEDIA=99D29394 setup.exe"=0x534143500100000000000000070000002800000000B001000000000001000000000000000000010571200000DB80FDAC2839D3010000000000000000050000001000000000000000000000000000000000080000020000002800000000000000000800400000200000000000000020000000000022EA0300000000000400000004000000010000000400000001000000 "SIGN.MEDIA=99D29394 AutoRun.exe"=0x534143500100000000000000070000002800000000700A000000000001000000000000000000010571200000DB80FDAC2839D3010000000000000000020000002800000000000000800800500000000000000000000000000000000088D30100000000000100000001000000 "SIGN.MEDIA=6B6254A5 setup.exe"=0x5341435001000000000000000700000028000000952652000000000001000000000000000000010600010000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000E1690100000000000100000001000000 "SIGN.MEDIA=D003F451 setup.exe"=0x534143500100000000000000070000002800000011250C000000000001000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000F7460E00000000000100000001000000 "C:\Users\admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"=0x5341435001000000000000000700000028000000A01A8101BABB810101000000000000000000000A00210000DB80FDAC2839D3010000000100000000 "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"=0x5341435001000000000000000700000028000000180E120058A0120001000000000000000000000A71220000DB80FDAC2839D301000000000000000002000000280000000000000000000000000000000000000000000000000000001A010000000000000100000001000000 "SIGN.MEDIA=76FB6822 setup.exe"=0x5341435001000000000000000700000028000000A24D73000000000001000000000000000000010600010000DB80FDAC2839D301000000000000000002000000280000000000000000000040000000000000000000000000000000008AC70900000000000200000002000000 "C:\Users\admin\Desktop\Hearts of Iron IV V1.5.3 Trainer +23 MrAntiFun.EXE"=0x5341435001000000000000000700000028000000003C4D006311010001000000000000000000020671020000DB80FDAC2839D301000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040020000000000000000000000000000003F171E00000000000100000001000000 "SIGN.MEDIA=5FEDE0C6 setup.exe"=0x5341435001000000000000000700000028000000922652000000000001000000000000000000010600010000DB80FDAC2839D3010000000000000000020000002800000000000000000000400000000000000000000000000000000062840A00000000000100000001000000 "SIGN.MEDIA=88235948 setup.exe"=0x5341435001000000000000000700000028000000250925000000000001000000000000000000030600010000DB80FDAC2839D3010000000000000000020000002800000000000000000000000000000000000000000000000000000064760100000000000100000001000000 "SIGN.MEDIA=4D5EDDB8 setup.exe"=0x5341435001000000000000000700000028000000007C17000000000001000000000000000000030600010000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000A38F7200000000000100000001000000 "D:\Program Files (x86)\PlayStationNow\psnowlauncher.exe"=0x534143500100000000000000070000002800000070AA7600BFA2770001000000000000000000000A71220000BFA2139DEDD1D3010000000000000000 "C:\Users\admin\AppData\Local\WhatsApp\WhatsApp.exe"=0x5341435001000000000000000700000028000000682A0A0022FD0A0001000000000000000000000A00210000DB80FDAC2839D3010000000000000000020000002800000000000000000000000000000000000000000000000000000057030100000000000200000002000000 "D:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe"=0x53414350010000000000000007000000280000005018C602CA47C60201000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000003F023200000000000700000007000000 "SIGN.MEDIA=E4698A1D setup.exe"=0x53414350010000000000000007000000280000005E7938000000000001000000000000000000000A00210000DB80FDAC2839D3010000000000000000020000002800000000000000000000000000000000000000000000000000000060120300000000000100000001000000 "SIGN.MEDIA=77EA75FF setup.exe"=0x53414350010000000000000007000000280000002BB70F000000000001000000000000000000030600010000DB80FDAC2839D301000000000000000002000000280000000000000000000000000000000000000000000000000000001EBD1C00000000000100000001000000 "SIGN.MEDIA=A3795F15 setup.exe"=0x5341435001000000000000000700000028000000FF5F34000000000001000000000000000000010600010000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000EC140400000000000100000001000000 "SIGN.MEDIA=13B5C40C setup.exe"=0x5341435001000000000000000700000028000000629306000000000001000000000000000000030600210000DB80FDAC2839D301000000000000000002000000280000000000000000000000000000000000000000000000000000006C0F1800000000000100000001000000 "SIGN.MEDIA=38FC9EB8 setup_far_lone_sails_1.02_(20819).exe"=0x5341435001000000000000000700000028000000B89EFC38D89FFC3801000000000000000000000A00010000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000A3130100000000000100000001000000 "D:\Program Files (x86)\Zotero\zotero.exe"=0x5341435001000000000000000700000028000000389E0100D83A020001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000003E850000000000000100000001000000 "C:\Users\admin\AppData\Local\Discord\Update.exe"=0x5341435001000000000000000700000028000000583F17005341170001000000000000000000000A75220000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000013287501000000001400000014000000 "SIGN.MEDIA=F801AF78 setup.exe"=0x5341435001000000000000000700000028000000A02652000000000001000000000000000000010600010000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000F7C90000000000000100000001000000 "SIGN.MEDIA=D6000975 setup.exe"=0x534143500100000000000000070000002800000000B005000000000001000000000000000000000671020000BFA2139DEDD1D3010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400010020000000000000000000000000069760000000000000100000001000000 "SIGN.MEDIA=D6000975 FalloutLauncher.exe"=0x5341435001000000000000000700000028000000005018000000000001000000000000000000010671220000BFA2139DEDD1D30100000000000000000200000028000000000000008000001000000000000000000000000000000000632E0000000000000100000001000000 "SIGN.MEDIA=92D4D38 setup.exe"=0x5341435001000000000000000700000028000000DD9E00000000000001000000000000000000000671000000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000800000200000028000000000000000008004010100000000000000000000000000000B0360000000000000100000001000000 "SIGN.MEDIA=E0870735 setup.exe"=0x5341435001000000000000000700000028000000D6FA06000000000001000000000000000000010600210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000078170800000000000100000001000000 "C:\Program Files (x86)\Windows Media Player\wmplayer.exe"=0x5341435001000000000000000700000028000000008C02004C22030001000000010000000000000A61220000BFA2139DEDD1D3010000000000000000 "SIGN.MEDIA=B33A3774 Setup.exe"=0x53414350010000000000000007000000280000001C5026000000000001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000014650300000000000200000002000000 "SIGN.MEDIA=4E73A6A4 setup.exe"=0x53414350010000000000000007000000280000004E4D73000000000001000000000000000000010600010000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000020A90000000000000100000001000000 "SIGN.MEDIA=70087B34 setup.exe"=0x5341435001000000000000000700000028000000CF2652000000000001000000000000000000010600010000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000522A0C00000000000100000001000000 "SIGN.MEDIA=82FD2316 Game\GameFiles.part01.exe"=0x53414350010000000000000007000000280000000065CD1D0000000001000000000000000000020600010000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000800000000200000028000000000000008000000000000000000000000000000000000000B5520D00000000000300000003000000 "SIGN.MEDIA=3629CB96 Install.exe"=0x5341435001000000000000000700000028000000AB68FD000000000001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000DA1D0300000000000100000001000000 "SIGN.MEDIA=26B6F258 Setup\MirrorsEdgeCatalyst.exe"=0x5341435001000000000000000700000028000000B0853B0529493C0501000000000000000000000A73220000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000D53D0000000000000100000001000000 "SIGN.MEDIA=53A1BDC Crack\MirrorsEdgeCatalyst.exe"=0x5341435001000000000000000700000028000000006E3B0529493C0501000000000000000000000A73220000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000047090000000000000100000001000000 "SIGN.MEDIA=5C7E513 Office\setup.exe"=0x534143500100000000000000070000002800000078CB100089B2110001000000000000000000010600010000BFA2139DEDD1D301000000000000000002000000280000000000000000000050000000000000000000000000000000002BA80900000000000200000002000000 "C:\Users\admin\Desktop\MOD GTA\mods gta lspdfr\lspdfr031setup.exe"=0x534143500100000000000000070000002800000026B291020000000001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000FF280100000000000100000001000000 "SIGN.MEDIA=D6E05B40 setup.exe"=0x53414350010000000000000007000000280000004AE308000000000001000000000000000000010600210000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000002000000000000000000000000007E5F1200000000000200000002000000 "SIGN.MEDIA=FCD66215 setup.exe"=0x5341435001000000000000000700000028000000A52652000000000001000000000000000000010600010000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000D3B00300000000000100000001000000 "SIGN.MEDIA=E5CB0D9D setup.exe"=0x5341435001000000000000000700000028000000942652000000000001000000000000000000010600010000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000DDBD0100000000000100000001000000 "SIGN.MEDIA=EA67868 Autorun.exe"=0x534143500100000000000000070000002800000000F003000000000001000000000000000000010571200000BFA2139DEDD1D3010000000000000000020000002800000000000000800000000000000000000000000000000000000048CF0300000000000200000002000000 "SIGN.MEDIA=6734345 RunGame.exe"=0x5341435001000000000000000700000028000000008002000000000001000000000000000000010571200000BFA2139DEDD1D301000000000000000005000000100000000000000000000000000301050000000002000000A00000000003010500000060000000000000000000000000000000006D0000000000000001000000010000000002010500000060000000000000000000000000000000005E000000000000000100000000000000000000000000004000000000000000000000000000000000190100000000000002000000000000000000000000000000004000000000000000000000000000003F000000000000000300000000000000 "SIGN.MEDIA=34DD09E setup.exe"=0x53414350010000000000000007000000280000009D2652000000000001000000000000000000010600010000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000008AE61000000000000100000001000000 "SIGN.MEDIA=92D15D3D stp-unravel.exe"=0x5341435001000000000000000700000028000000509005000000000001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000847C0300000000000100000001000000 "C:\Users\admin\Desktop\MODS minecraft\forge-1.12.2-14.23.3.2669-installer-win.exe"=0x53414350010000000000000007000000280000007F494F00F4E3000001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000554D0000000000000200000002000000 "C:\Program Files\internet explorer\iexplore.exe"=0x534143500100000000000000070000002800000008910C0061C40C0001000000010000000000000A00210000BFA2139DEDD1D3010000000000000000 "C:\Users\admin\Desktop\MODS minecraft\liteloader-installer-1.12.2-00-SNAPSHOT.exe"=0x5341435001000000000000000700000028000000BCFF3F0034B8000001000000000000000000010600010000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000100000000000000000000000000000312C0000000000000100000001000000 "SIGN.MEDIA=1AA6B4A5 SetSoD2.exe"=0x53414350010000000000000007000000280000004A021C000000000001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000010B13800000000000100000001000000 "SIGN.MEDIA=36D54F7 setup.exe"=0x5341435001000000000000000700000028000000F47741000000000001000000000000000000010600010000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000047CC0700000000000100000001000000 "SIGN.MEDIA=76FC8CA9 setup.exe"=0x5341435001000000000000000700000028000000CF7741000000000001000000000000000000010600010000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000056B60200000000000100000001000000 "SIGN.MEDIA=15D50C2B Setup.exe"=0x53414350010000000000000007000000280000000DF60A000000000001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000FD3E0000000000000100000001000000 "SIGN.MEDIA=13B8D5BC setup.exe"=0x5341435001000000000000000700000028000000D37741000000000001000000000000000000010600010000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000E06C0400000000000100000001000000 "SIGN.MEDIA=A54D2455 setup.exe"=0x5341435001000000000000000700000028000000885A8A000000000001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000A63F0400000000000100000001000000 "SIGN.MEDIA=11F40FF0 setup.exe"=0x5341435001000000000000000700000028000000E97741000000000001000000000000000000010600010000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000AB041C00000000000100000001000000 "SIGN.MEDIA=E7B478D3 setup.exe"=0x5341435001000000000000000700000028000000A9CC2F000000000001000000000000000000010600010000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000E1861E00000000000100000001000000 "SIGN.MEDIA=1CA2C93F Autorun.exe"=0x534143500100000000000000070000002800000044D001000000000001000000000000000000010571200000BFA2139DEDD1D301000000000000000002000000280000000000000080000000000000000000000000000000000000005AF90200000000000100000001000000 "SIGN.MEDIA=839A06E1 SetZTyUC.exe"=0x5341435001000000000000000700000028000000EDE308000000000001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000001EBD0500000000000200000002000000 "C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE"=0x5341435001000000000000000700000028000000284D0500AAA8050001000000000000000000000671020000BFA2139DEDD1D3010000000100000000 "D:\Program Files (x86)\Steam\steamapps\workshop\content\244450\1136257736\Settings.exe"=0x534143500100000000000000070000002800000000EA13000000000001000000000000000000000A75220000BFA2139DEDD1D30100000000000000000200000028000000000000000000000010000000000000000000000000000000FCD00000000000000100000001000000 "SIGN.MEDIA=B6214829 setup.exe"=0x53414350010000000000000007000000280000005F9B4B000000000001000000000000000000010600010000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000024DA0000000000000100000001000000 "SIGN.MEDIA=332BAF78 setup.exe"=0x53414350010000000000000007000000280000001A4E35000000000001000000000000000000030600010000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000043500000000000000100000001000000 "SIGN.MEDIA=C305FA7 AutoRun.exe"=0x5341435001000000000000000700000028000000007009000000000001000000000000000000010571200000BFA2139DEDD1D3010000000000000000020000002800000000000000800800500000000000000000000000000000000033850C00000000000100000001000000 "D:\Program Files (x86)\EA GAMES\LSDA Le Retour du Roi tm\ROTK.exe"=0x534143500100000000000000070000002800000000001A0048191A0001000000000000000000010571200000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000F86E1A00000000000100000001000000 "SIGN.MEDIA=83C40CD1 setup.exe"=0x53414350010000000000000007000000280000000AA70A000000000001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000050000000000000000000000000000000000000000000000000000000EAE00000000000000400000003000000000000000000004000000000000000000000000000000000F0330000000000000100000000000000 "SIGN.MEDIA=82C586B1 setup.exe"=0x5341435001000000000000000700000028000000974D73000000000001000000000000000000010600010000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000365A0000000000000100000001000000 "C:\Users\admin\Downloads\Shockwave_Installer_Slim.exe"=0x5341435001000000000000000700000028000000E0785F00FE49600001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000E6410100000000000100000001000000 "C:\Users\admin\AppData\Local\Microsoft\OneDrive\18.091.0506.0007\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000A8E003002796040001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Program Files (x86)\Microsoft Office\Office12\POWERPNT.EXE"=0x5341435001000000000000000700000028000000301907002F59070001000000000000000000000671020000BFA2139DEDD1D3010000000100000000 "C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE"=0x534143500100000000000000070000002800000028FF1001D228110101000000000000000000000671020000BFA2139DEDD1D3010000000100000000 "SIGN.MEDIA=1C4E38DE setup.exe"=0x53414350010000000000000007000000280000006CBB0D000000000001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000061B10600000000000100000001000000 "D:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exe"=0x5341435001000000000000000700000028000000582F07002B33070001000000000000000000000A71220000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000C5EE2E00000000000100000001000000 "D:\Downloads\The Sims 4 [FitGirl Repack]\setup.exe"=0x53414350010000000000000007000000280000009D1F40000000000001000000000000000000010600010000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000006F851D00000000000100000001000000 "D:\Games\The Sims 4\Game\Bin\TS4_x64.exe"=0x5341435001000000000000000700000028000000006EBA012E27BB0101000000000000000000000A00210000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000200000000200000028000000000000002000006000000000000000000000000000000000EA096800000000000400000004000000 "C:\Program Files (x86)\Mozilla Firefox\updater.exe"=0x5341435001000000000000000700000028000000D05F050023AD050001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000F9150000000000000100000001000000 "C:\Program Files (x86)\Mozilla Firefox\firefox.exe"=0x5341435001000000000000000700000028000000D0EF0600CB2F070001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Users\admin\Downloads\Iron_Europe_1.0_Installer_moddb.exe"=0x5341435001000000000000000700000028000000A91FD9380000000001000000000000000000010600010000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000044100500000000000100000001000000 "C:\Users\admin\Downloads\Iron_Europe_1.21_patch.exe"=0x5341435001000000000000000700000028000000E94581050000000001000000000000000000010600010000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000002D780000000000000100000001000000 "C:\Users\admin\Downloads\Blood_and_Iron_Age_of_Imperialism_V3.0.exe"=0x534143500100000000000000070000002800000034248C530000000001000000000000000000030600010000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000005E980200000000000100000001000000 "C:\Users\admin\Downloads\North_and_South_First_Manassas_V1.1.exe"=0x5341435001000000000000000700000028000000401B963E0000000001000000000000000000030600010000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000006C810500000000000100000001000000 "D:\Downloads\brutal_legend_2.1.0.7\setup_brutal_legend_2.1.0.7.exe"=0x534143500100000000000000070000002800000048F614021C4B150201000000000000000000030600010000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000206B1000000000000100000001000000 "C:\Users\admin\Downloads\0.65.2-4-0-65-2.exe"=0x5341435001000000000000000700000028000000F0C762006814630001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000AAAC4C00000000000300000003000000 "C:\Program Files\Nexus Mod Manager\NexusClient.exe"=0x534143500100000000000000070000002800000030F231008E55320001000000000000000000000A75220000BFA2139DEDD1D30100000000000000000200000028000000000000000000000080000000000000000000000000000000EE1E0E00000000001800000018000000 "D:\Program Files (x86)\WinRAR\Uninstall.exe"=0x5341435001000000000000000700000028000000D8880500A554060001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000007D000000000000000100000001000000 "C:\Program Files\CCleaner\CCleaner64.exe"=0x5341435001000000000000000700000028000000D88918010B08190101000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000D4010000000000002800000028000000 "D:\Program Files (x86)\WinRAR\WinRAR.exe"=0x5341435001000000000000000700000028000000D8E82100B277220001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000000000000000000000000000000000000000ED0F1E00000000002A0000002A000000 "D:\Downloads\Injustice.2-VOKSI\Binaries\Retail\Injustice2.exe"=0x5341435001000000000000000700000028000000005E700D193D420D01000000000000000000000A00210000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000050000000000000000000004000000000000000000000000000000000F13007000000000001000000010000000000000000000000000000000000000000000000000000006A0B0000000000000100000000000000 "SIGN.MEDIA=2DFD3943 setup.exe"=0x5341435001000000000000000700000028000000EB7741000000000001000000000000000000010600010000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000005B814400000000000100000001000000 "D:\Downloads\Dynasty.Warriors.9.v1.11.Incl.DLC\Dynasty.Warriors.9.Update.v1.04-CODEX\Update\Setup.exe"=0x5341435001000000000000000700000028000000C7BD74000000000001000000000000000000010600010000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000002A200000000000000100000001000000 "D:\Downloads\Dynasty.Warriors.9.v1.11.Incl.DLC\Dynasty.Warriors.9.Update.v1.05.incl.DLC-CODEX\Update\Setup.exe"=0x5341435001000000000000000700000028000000A9B874000000000001000000000000000000010600010000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000CED50000000000000100000001000000 "D:\Downloads\Dynasty.Warriors.9.v1.11.Incl.DLC\Dynasty.Warriors.9.Update.v1.06.incl.DLC-CODEX\Update\Setup.exe"=0x53414350010000000000000007000000280000009DB874000000000001000000000000000000010600010000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000BF1C0000000000000100000001000000 "D:\Downloads\Dynasty.Warriors.9.v1.11.Incl.DLC\Dynasty.Warriors.9.Update.v1.08.incl.DLC-CODEX\Update\Setup.exe"=0x5341435001000000000000000700000028000000A1B874000000000001000000000000000000010600010000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000008B220000000000000100000001000000 "D:\Downloads\Dynasty.Warriors.9.v1.11.Incl.DLC\Dynasty.Warriors.9.Update.v1.11.incl.DLC-CODEX\Update\Setup.exe"=0x53414350010000000000000007000000280000009DB874000000000001000000000000000000010600010000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000002A420000000000000100000001000000 "D:\Games\Dynasty Warriors 9\DW9.exe"=0x5341435001000000000000000700000028000000C0886B01D6026C0101000000000000000000000A73220000BFA2139DEDD1D301000000000000000002000000280000000000000020000060000000000000000000000000000000002EE65800000000000700000007000000 "D:\Games\Dynasty Warriors 9\Config.exe"=0x5341435001000000000000000700000028000000C08268000B48690001000000000000000000000A73220000BFA2139DEDD1D30100000000000000000200000050000000000000000000000000000000000000000000000000000000855F0000000000000500000004000000000000000000004000000000000000000000000000000000C2400000000000000100000000000000 "C:\Users\admin\Downloads\Xbox360_64Fra.exe"=0x53414350010000000000000007000000280000007849780015C1780001000000000000000000010571000000BFA2139DEDD1D3010000000000000000050000001000000000000000000000000000000080010000020000002800000000000000800100000086020000000000008000000000000040120000000000000100000001000000010000000400000001000000 "C:\Users\admin\Downloads\Mes_Drivers_3.0.4.exe"=0x534143500100000000000000070000002800000078C91800A0D8180001000000000000000000000A71220000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000D5280000000000000200000002000000 "D:\Games\Dynasty Warriors 9\unins000.exe"=0x5341435001000000000000000700000028000000712518000000000001000000000000000000010600010000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000002B200000000000000100000001000000 "C:\Users\admin\Downloads\398.46-desktop-notebook-win10-64bit-international.hf.exe"=0x534143500100000000000000070000002800000038AD7B1E5A5D7C1E01000000000000000000020600010000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000001B1C0500000000000100000001000000 "C:\Users\admin\Downloads\DriversCloud_Win.exe"=0x534143500100000000000000070000002800000030B503009AE5030001000000000000000000000671000000BFA2139DEDD1D30100000000000000000200000028000000000000000008004000000000000000000000000000000000EE650000000000000100000001000000 "C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe"=0x5341435001000000000000000700000028000000C0A70E0001070F0001000000000000000000000A71200000BFA2139DEDD1D30100000000000000000200000028000000000000008000000000000000000000000000000000000000DE020000000000000100000001000000 "C:\Users\admin\Downloads\Drivers_DESKTOP-CDDJ7U6.exe"=0x534143500100000000000000070000002800000078F01E00182B1F0001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000066660100000000000100000001000000 "C:\Users\admin\Downloads\398.36-desktop-win10-64bit-international-whql.exe"=0x5341435001000000000000000700000028000000C075D11EC7D8D11E01000000000000000000020600010000BFA2139DEDD1D3010000000000000000 "C:\Program Files\DriversCloud.com\DriversCloud.exe"=0x5341435001000000000000000700000028000000B8A86900F1686A0001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000F7250000000000000100000001000000 "C:\Users\admin\Downloads\adwcleaner_7.0.2.1(1).exe"=0x5341435001000000000000000700000028000000D0DB7C00F1FE7C0001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000BB000000000000000100000001000000 "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe"=0x534143500100000000000000070000002800000028B10D00152C0E0001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000002D100000000000000100000001000000 "SIGN.IE=04CA28 Firefox Installer.exe"=0x534143500100000000000000070000002800000028CA0400A33F050001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000036810000000000000100000001000000 "SIGN.MEDIA=C71BA8AF Setup.exe"=0x5341435001000000000000000700000028000000AF7912000000000001000000000000000000010600010000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000081A60000000000000100000001000000 "D:\Program Files (x86)\Bossa Studios\Surgeon Simulator - Anniversary Edition\ss2013_DirectToRift.exe"=0x534143500100000000000000070000002800000000B20100963B020001000000000000000000030671020000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000F8F40800000000000100000001000000 "D:\Program Files (x86)\Bossa Studios\Surgeon Simulator - Anniversary Edition\unins000.exe"=0x5341435001000000000000000700000028000000D9F50A000000000001000000000000000000010600010000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000200000000000000000000000000005D150000000000000100000001000000 "C:\Users\admin\Downloads\Rolistik1.1_setup.exe"=0x53414350010000000000000007000000280000005F724E000000000001000000000000000000000A41220000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000D6840200000000000100000001000000 "D:\Downloads\Oxygen.Not.Included\OxygenNotIncluded.exe"=0x5341435001000000000000000700000028000000006A5C010000000001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000096B61200000000000200000002000000 "SIGN.MEDIA=B1854B56 setup.exe"=0x5341435001000000000000000700000028000000B62652000000000001000000000000000000010600010000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000072730F00000000000100000001000000 "D:\Games\Red Faction Guerrilla ReMarstered\rfg.exe"=0x534143500100000000000000070000002800000000307C010000000001000000000000000000000A71200000BFA2139DEDD1D301000000000000000002000000280000000000000020000060000000000000000000000000000000001BB21A00000000000100000001000000 "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe"=0x5341435001000000000000000700000028000000C8480E0093B00E0001000000000000000000000600010000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000001E93300000000001300000013000000 "C:\Users\admin\Downloads\driver-fusion_3-0_fr_249310.exe"=0x5341435001000000000000000700000028000000FD2055000000000001000000000000000000030600010000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000340F0300000000000100000001000000 "D:\Program Files (x86)\Driver Fusion\DriverFusion.exe"=0x534143500100000000000000070000002800000000D287000000000001000000000000000000000A75220000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000B3B70100000000000100000001000000 "D:\Program Files (x86)\Driver Fusion\Uninstall.exe"=0x5341435001000000000000000700000028000000C07F01000000000001000000000000000000030600010000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400002000000000000000000000000000034140000000000000100000001000000 "D:\Downloads\Hellblade.Senuas.Sacrifice.GOG\setup_hellbladesenuassacrifice_1.0_(13932).exe"=0x5341435001000000000000000700000028000000B8370B00DF760B0001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000EFA61700000000000200000002000000 "D:\Program Files (x86)\HellbladeSenuasSacrifice\HellbladeGame\Binaries\Win64\HellbladeGame-Win64-Shipping.exe"=0x5341435001000000000000000700000028000000008E5004A6FE540401000000000000000000000A73200000BFA2139DEDD1D3010000000000000000020000002800000000000000100000200000000000000000000000000000000055902500000000000200000002000000 "D:\Downloads\THE DWARVES DIGITAL DELUXE EDITION\setup_the_dwarves_2.0.0.1.exe"=0x5341435001000000000000000700000028000000408321025326220201000000000000000000030600010000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000251D1200000000000100000001000000 "D:\Program Files (x86)\The Dwarves\Windows\Dwarves.exe"=0x5341435001000000000000000700000028000000009A01010000000001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000001000002000000000000000000000000000000000860F0C00000000000100000001000000 "D:\Games\Red Faction Guerrilla ReMarstered\unins000.exe"=0x5341435001000000000000000700000028000000712518000000000001000000000000000000010600010000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000002000000000000000000000000000098130000000000000100000001000000 "C:\Users\admin\Downloads\GameRangerSetup.exe"=0x5341435001000000000000000700000028000000B0BE0100D822020001000000000000000000000671020000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000024453200000000000200000002000000 "D:\Downloads\Warcraft III\Warcraft III\Frozen Throne.exe"=0x5341435001000000000000000700000028000000003004000000000001000000000000000000010571000000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000040000000000000000000000000000B8880000000000000200000002000000 "C:\Users\admin\Downloads\RuneScape-Setup.exe"=0x5341435001000000000000000700000028000000C8644B007D104C0001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000C7610000000000000100000001000000 "D:\Program Files\Jagex\RuneScape Launcher\RuneScape.exe"=0x5341435001000000000000000700000028000000985C7B0057EA7B0001000000000000000000000A73220000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000001BA40100000000000200000002000000 "C:\Users\admin\Downloads\War3TFT_124a_Francais.exe"=0x534143500100000000000000070000002800000071AF03040000000001000000000000000000010571000000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000B80B0000000000000100000001000000 "D:\Downloads\Warcraft III\Warcraft III\War3TFT_124a_Francais.exe"=0x534143500100000000000000070000002800000071AF03040000000001000000000000000000010571000000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000000D100000000000000100000001000000 "SIGN.IE=070F2D0 adwcleaner_7.2.1.exe"=0x5341435001000000000000000700000028000000D0F27000D8F0710001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000059060000000000000300000003000000 "SIGN.IE=02315038 setup.exe"=0x534143500100000000000000070000002800000038503102EB2C320201000000000000000000000A00210000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000000000000000000000000000000000000000B50E0000000000000100000001000000 "C:\Users\admin\Desktop\setup.exe"=0x534143500100000000000000070000002800000038503102EB2C320201000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000002B880000000000000300000003000000 "C:\Users\admin\Desktop\adwcleaner_7.2.1.exe"=0x5341435001000000000000000700000028000000D0F27000D8F0710001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000B35B0200000000001200000012000000 "C:\Users\admin\Downloads\setup-remove-ads.exe"=0x5341435001000000000000000700000028000000C06D13008462140001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000058280000000000000100000001000000 "D:\Program Files (x86)\AdBlock Master\AdBlock.exe"=0x5341435001000000000000000700000028000000007411000000000001000000000000000000000A75220000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000009620600000000000100000001000000 "C:\Program Files\RogueKiller\RogueKiller64.exe"=0x5341435001000000000000000700000028000000384E9D01E75E9D0101000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000044AD3200000000001200000012000000 "D:\Program Files\AVAST Software\Avast\AvastUI.exe"=0x5341435001000000000000000700000028000000D832B70013ACB70001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000007D000000000000000300000003000000 "C:\Users\admin\Downloads\ZHPDiag3.exe"=0x53414350010000000000000007000000280000008023300053CE300001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000004FB00B00000000000100000001000000 "D:\Program Files (x86)\The Dwarves\unins000.exe"=0x5341435001000000000000000700000028000000404014005912150001000000000000000000030600010000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000291B0000000000000100000001000000 "D:\Program Files (x86)\Rolistik\unins000.exe"=0x5341435001000000000000000700000028000000D09D0A000000000001000000000000000000000A41220000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000A80B0000000000000100000001000000 "D:\Program Files (x86)\HellbladeSenuasSacrifice\unins000.exe"=0x534143500100000000000000070000002800000060361300C7B0130001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000050000000000000000000000000000000000000000000000000000000AA1D00000000000001000000010000000000000000000040000000000000000000000000000000004F120000000000000100000000000000 "D:\Program Files (x86)\Steam\steamapps\common\MountBlade Warband\Modules\Iron Europe\unins001.exe"=0x5341435001000000000000000700000028000000B5790B000000000001000000000000000000010600010000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000200000000000000000000000000002F0D0000000000000100000001000000 "D:\Program Files (x86)\AdBlock Master\unins000.exe"=0x5341435001000000000000000700000028000000A1FC0A000000000001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000AA100000000000000100000001000000 "C:\Users\admin\Downloads\MediaCreationTool1803.exe"=0x5341435001000000000000000700000028000000D8BB23013E3A240101000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000BBE40500000000000100000001000000 "G:\setup.exe"=0x5341435001000000000000000700000028000000083B0100871C020001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000053070000000000000100000001000000 "C:\Users\admin\Downloads\HousecallLauncher64.exe"=0x534143500100000000000000070000002800000028B52400BC55250001000000000000000000010673020000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000002FF64802000000000300000003000000 "C:\Users\admin\Downloads\spsetup128.exe"=0x5341435001000000000000000700000028000000083D4E00BA134F0001000000000000000000010600010000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000E2B51400000000000100000001000000 "SIGN.MEDIA=CD22EE90 setup.exe"=0x5341435001000000000000000700000028000000BA2652000000000001000000000000000000010600010000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000045690100000000000100000001000000 "D:\Games\Warhammer 40000 Gladius Relics of War\autorun.exe"=0x5341435001000000000000000700000028000000A83A6300562F640001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000A00000600000000000000000000000000000000082CE3D00000000000100000001000000 "C:\Users\admin\Downloads\ZHPDiag3(1).exe"=0x53414350010000000000000007000000280000008023300053CE300001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000028160000000000000100000001000000 "C:\Users\admin\AppData\Roaming\ZHP\ZHPDiag3.exe"=0x53414350010000000000000007000000280000008023300053CE300001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000007620300000000000300000003000000 "C:\Users\admin\Downloads\FRST64.exe"=0x534143500100000000000000070000002800000000D02400FA78250001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000AF1E0100000000000100000001000000 "C:\Program Files\Speccy\Speccy64.exe"=0x534143500100000000000000070000002800000018296C003F596C0001000000000000000000000A73220000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000016260000000000000100000001000000 "C:\Users\admin\Downloads\mb3-setup-consumer-3.5.1.2522-1.0.391-1.0.5889(1).exe"=0x534143500100000000000000070000002800000000FF7F045477800401000000000000000000000A00210000BFA2139DEDD1D3010000000000000000 "C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe"=0x5341435001000000000000000700000028000000D054B20060C2B20001000000000000000000000A71220000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000C1760100000000000300000003000000 "C:\Users\admin\ZHPDiag3.exe"=0x534143500100000000000000070000002800000080253000B7E7300001000000000000000000000A00210000BFA2139DEDD1D301000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000008B0C0500000000000200000002000000 "C:\Program Files\Malwarebytes\Anti-Malware\malwarebytes_assistant.exe"=0x5341435001000000000000000700000028000000D05E0D00460F0E0001000000000000000000000A71220000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000006E000000000000000400000004000000 "D:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UplayService.exe"=0x534143500100000000000000070000002800000058FD2A0016CF2B0001000000000000000000000A71220000BFA2139DEDD1D301000000000000000002000000280000000000000080000000000000000000000000000000000000009D050000000000000100000001000000 "C:\Users\admin\Downloads\QuickDiag.exe"=0x534143500100000000000000070000002800000098093E00F9633E0001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000000C320000000000000100000001000000 "C:\Users\admin\Desktop\QuickDiag.exe"=0x534143500100000000000000070000002800000098093E00F9633E0001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000003E580400000000000100000001000000 "C:\Users\admin\Downloads\Launcher_Caminelot_v3.exe"=0x5341435001000000000000000700000028000000266B0B00375A010001000000000000000000000A71200000BFA2139DEDD1D30100000000000000000200000028000000000000008000000000000000000000000000000000000000960A0F00000000000400000004000000 "SIGN.MEDIA=D0289251 setup.exe"=0x5341435001000000000000000700000028000000E77D0D000000000001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000A6D20900000000000100000001000000 "D:\Program Files (x86)\Pro Evolution Soccer 2018\Settings.exe"=0x534143500100000000000000070000002800000020620D00BB0E0E0001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000034630200000000000300000003000000 "D:\Program Files (x86)\Pro Evolution Soccer 2018\PES2018.exe"=0x534143500100000000000000070000002800000000C26B0C0000000001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000C75C2400000000000400000004000000 "C:\Users\admin\Downloads\forge-1.12.2-14.23.4.2703-installer-win.exe"=0x534143500100000000000000070000002800000089934F006D97010001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000D1480000000000000200000002000000 "C:\Program Files (x86)\Java\jre1.8.0_172\bin\javaw.exe"=0x5341435001000000000000000700000028000000C8EF0200A99A030001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000BF310300000000000800000008000000 "C:\Users\admin\Downloads\DiscordSetup.exe"=0x534143500100000000000000070000002800000058A99403C786950301000000000000000000030600010000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000001D7C9900000000000100000001000000 "C:\Users\admin\Downloads\JavaSetup8u171.exe"=0x5341435001000000000000000700000028000000C8B51C00D5111D0001000000000000000000000A71220000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000046730100000000000100000001000000 "D:\Games\Warhammer 40000 Gladius Relics of War\unins000.exe"=0x5341435001000000000000000700000028000000712518000000000001000000000000000000010600010000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000008E2C0000000000000100000001000000 "C:\Users\admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"=0x5341435001000000000000000700000028000000A08A8C01AF838D0101000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Users\admin\AppData\Local\Microsoft\OneDrive\18.111.0603.0006\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000A0F60300D140040001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "SIGN.MEDIA=495A5733 setup.exe"=0x5341435001000000000000000700000028000000674D73000000000001000000000000000000010600010000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000D6FA0100000000000100000001000000 "D:\Games\Northgard Svafnir Clan of the Snake\Northgard.exe"=0x534143500100000000000000070000002800000000D206000000000001000000000000000000000A71220000BFA2139DEDD1D30100000000000000000200000028000000000000002000006000000000000000000000000000000000100F2500000000000100000001000000 "D:\Games\Northgard Svafnir Clan of the Snake\unins000.exe"=0x5341435001000000000000000700000028000000712518000000000001000000000000000000010600010000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000200000000000000000000000000000B130000000000000100000001000000 "D:\Downloads\Total.War.Saga.Thrones.of.Britannia-VOKSI\Total War Saga Thrones of Britannia\Thrones.exe"=0x534143500100000000000000070000002800000000661D0A0000000001000000000000000000000A71220000BFA2139DEDD1D3010000000000000000050000001000000000000000000000000000000000000000020000005000000000000000000000400000000000000000000000000000000062AC0C00000000000100000001000000000000000000000000000000000000000000000000000000EC050000000000000100000000000000 "C:\Users\admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe"=0x5341435001000000000000000700000028000000A0E0180098BC190001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Users\admin\AppData\Local\Microsoft\OneDrive\18.111.0603.0006\OneDriveSetup.exe"=0x5341435001000000000000000700000028000000A08A8C01AF838D0103000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "D:\Downloads\Depraved.Early.Access\DepravedLauncher.exe"=0x5341435001000000000000000700000028000000003200000000000001000000000000000000000A75220000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000178E0000000000000100000001000000 "D:\Downloads\Depraved.Early.Access\Depraved.exe"=0x534143500100000000000000070000002800000000D665010000000001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000002DA43500000000000100000001000000 "D:\Downloads\Injustice.2\Injustice.2.Steam.Clean.Files.Build.22052018\Binaries\Retail\Injustice2.exe"=0x5341435001000000000000000700000028000000005E700D193D420D01000000000000000000000A00210000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000050000000000000000000004000000000000000000000000000000000A9460100000000000200000001000000000000000000000000000000000000000000000000000000FF070000000000000200000000000000 "SIGN.MEDIA=CE176BC AutoPlay.exe"=0x534143500100000000000000070000002800000000300F00C1B30F0001000000000000000000000671200000BFA2139DEDD1D30100000000000000000200000028000000000000008000000000100200000000000000000000000000E7FB0600000000000200000002000000 "SIGN.MEDIA=134D572 Crack\Soulstorm.exe"=0x534143500100000000000000070000002800000072D53401AC93530001000000000000000000000671200000BFA2139DEDD1D3010000000000000000020000002800000000000000000000100000000000000000000000000000000030050000000000000100000001000000 "D:\Program Files (x86)\THQ\Dawn of War - Soulstorm\Soulstorm.exe"=0x534143500100000000000000070000002800000072D53401AC93530001000000000000000000000671200000BFA2139DEDD1D301000000000000000002000000500000000000000000000010000000000000000000000000000000003C154C00000000000A00000009000000000000000000005000000000000000000000000000000000F6AE0800000000000100000000000000 "D:\Program Files (x86)\THQ\Dawn of War - Soulstorm\GraphicsConfig.exe"=0x534143500100000000000000070000002800000000E02A0054872B0001000000000000000000000671200000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000020000000000000000000000000007380000000000000100000001000000 "C:\Users\admin\Downloads\UA-THB-v1.88.5-Full.exe"=0x5341435001000000000000000700000028000000D7EF82780000000001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000012280500000000000100000001000000 "D:\Program Files (x86)\THQ\Dawn of War - Soulstorm\4gb_patch.exe"=0x534143500100000000000000070000002800000000B000000000000001000000000000000000010671220000BFA2139DEDD1D301000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000005A470000000000000100000001000000 "D:\Program Files (x86)\PhotoFiltre 7\PhotoFiltre7.exe"=0x5341435001000000000000000700000028000000001435000000000001000000000000000000000A61200000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000032130500000000000200000002000000 "SIGN.MEDIA=9A087D60 setup.exe"=0x53414350010000000000000007000000280000008A2752000000000001000000000000000000010600010000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000005C190500000000000300000003000000 "C:\Users\admin\Desktop\adsfix_V5_24.07.18.1.exe"=0x5341435001000000000000000700000028000000985957003862570001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000EFEE0100000000000800000008000000 "D:\Games\No Mans Sky NEXT\unins000.exe"=0x5341435001000000000000000700000028000000712518000000000001000000000000000000010600010000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000020000000000000000000000000000841E0000000000000300000003000000 "C:\Users\admin\Desktop\FRST64.exe"=0x534143500100000000000000070000002800000000D02400D3E0240001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000AEC30000000000000100000001000000 "D:\Downloads\newerasouldowtr-ch\SoulStorm Trainer.exe"=0x5341435001000000000000000700000028000000004212000000000001000000000000000000000671200000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000008CF75600000000000300000003000000 "C:\Users\admin\Desktop\FixWin10\FixWin 10.0.1.0\FixWin 10.exe"=0x5341435001000000000000000700000028000000005C04000000000001000000000000000000000A75220000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000035F70900000000000300000003000000 "C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\Office Setup Controller\SETUP.EXE"=0x534143500100000000000000070000002800000030B50600FF1E070003000000000000000000000671020000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000055010700000000000100000001000000 "D:\Program Files (x86)\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe"=0x5341435001000000000000000700000028000000082A0B0003E20B0001000000000000000000000A71200000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000003C030000000000000100000001000000 "C:\Users\admin\Downloads\Tyranid_Mod_0.5b2_Installer.exe"=0x53414350010000000000000007000000280000005C713C040000000001000000000000000000000671020000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000009E400100000000000100000001000000 "SIGN.MEDIA=41CD9775 Setup.exe"=0x5341435001000000000000000700000028000000E87115000FA9150001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000004C270400000000000100000001000000 "D:\Program Files (x86)\Farming Simulator 2017\FarmingSimulator2017.exe"=0x534143500100000000000000070000002800000018E940000F85410001000000000000000000000A71220000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000C450BE00000000000600000006000000 "D:\Program Files\TruckersMP Launcher\Launcher.exe"=0x534143500100000000000000070000002800000000F603000000000001000000000000000000000A73220000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000007DCD3C00000000000700000007000000 "C:\Users\admin\Downloads\lgs510_x64.exe"=0x53414350010000000000000007000000280000009065F500E33FF60001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000 "C:\Users\admin\Desktop\lgs510_x64.exe"=0x53414350010000000000000007000000280000009065F500E33FF60001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000D16F0000000000000100000001000000 "D:\Downloads\3DMGAME-American.Truck.Simulator.v1.31.2s.Incl.DLC.Multi23.Cracked-3DM\3DMGAME-American.Truck.Simulator.v1.31.2s.Incl.DLC.Multi23.Cracked-3DM\American Truck Simulator\bin\win_x86\amtrucks.exe"=0x5341435001000000000000000700000028000000681BED001DEBED0001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000DF5F0100000000000100000001000000 "C:\Program Files\Mozilla Firefox\firefox.exe"=0x5341435001000000000000000700000028000000D0EF06003AF8060001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Users\admin\Downloads\setup.exe"=0x5341435001000000000000000700000028000000C0C72500F872260001000000000000000000010600010000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000C8250000000000000200000002000000 "D:\Fraps\fraps.exe"=0x534143500100000000000000070000002800000010792800FD39290001000000000000000000000A71220000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000007D5D6700000000000100000001000000 "D:\Downloads\3DMGAME-Train.Sim.World.CSX.Heavy.Haul.v1.4.Cracked-BALDMAN\3DMGAME-Train.Sim.World.CSX.Heavy.Haul.v1.4.Cracked-BALDMAN\Train Sim World - CSX Heavy Haul\TS2Prototype.exe"=0x5341435001000000000000000700000028000000006E01007EF7010001000000000000000000000A73200000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000008F3B0400000000000100000001000000 "D:\Downloads\No Mans Sky NEXT - CODEX\codex-no.mans.sky.next.update.v1.51\Update\Setup.exe"=0x53414350010000000000000007000000280000002B6275000000000001000000000000000000010600010000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000004EAD0200000000000100000001000000 "D:\Downloads\No Mans Sky NEXT - CODEX\codex-no.mans.sky.next.update.v1.52\Update\Setup.exe"=0x5341435001000000000000000700000028000000935F75000000000001000000000000000000010600010000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000001CA20000000000000100000001000000 "D:\Downloads\No Mans Sky NEXT - CODEX\codex-no.mans.sky.next.update.v1.52.2\Update\Setup.exe"=0x5341435001000000000000000700000028000000935F75000000000001000000000000000000010600010000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000BDC30000000000000100000001000000 "D:\Downloads\No Mans Sky NEXT - CODEX\codex-no.mans.sky.next.update.v1.53\Update\Setup.exe"=0x5341435001000000000000000700000028000000B45F75000000000001000000000000000000010600010000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000004D0F0100000000000100000001000000 "D:\Games\No Mans Sky NEXT\Binaries\NMS.exe"=0x5341435001000000000000000700000028000000D0762002BE611E0201000000000000000000000A73220000BFA2139DEDD1D3010000000000000000020000002800000000000000200000600000000000000000000000000000000085860000000000000200000002000000 "C:\Users\admin\AppData\Local\Temp\62a1eaca-92c5-4f33-b7ce-4cfa0a070e7d\setup.exe"=0x5341435001000000000000000700000028000000A07907007051080001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000008000004000000000000000000000000000000000EBCF1200000000000100000001000000 "SIGN.MEDIA=31CDC2AB setup.exe"=0x5341435001000000000000000700000028000000E02652000000000001000000000000000000010600010000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000286E0400000000000100000001000000 "D:\Games\We Happy Few\GlimpseGame\Binaries\Win64\GlimpseGame.exe"=0x534143500100000000000000070000002800000000BEA003F135A10301000000000000000000000A73200000BFA2139DEDD1D30100000000000000000200000028000000000000002000006000000000000000000000000000000000D0BA1800000000000100000001000000 "D:\Games\We Happy Few\unins000.exe"=0x5341435001000000000000000700000028000000712518000000000001000000000000000000010600010000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000200000000000000000000000000009E120000000000000100000001000000 "C:\Users\admin\Downloads\FileZilla_3.35.2_win64-setup_bundled.exe"=0x5341435001000000000000000700000028000000D8F585003DA8860001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000004D3B0800000000000100000001000000 "D:\Program Files (x86)\Steam\steamapps\common\pCars\pCARS64.exe"=0x5341435001000000000000000700000028000000D01699010000000001000000000000000000000A73220000BFA2139DEDD1D3010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000028010000000000000100000001000000 "D:\Program Files (x86)\Minecraft\MinecraftLauncher.exe"=0x534143500100000000000000070000002800000080FF5002219D510201000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000008000000000000000000000000000000000000000C7E70F00000000000200000002000000 "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"=0x5341435001000000000000000700000028000000F0A32200C503230001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000001000000000000000000000000000000000BACC2A00000000001100000011000000 "C:\Users\admin\Downloads\vxlsetup.exe"=0x5341435001000000000000000700000028000000A06410007F81100001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000 "C:\Program Files (x86)\NCH Software\Voxal\voxal.exe"=0x5341435001000000000000000700000028000000A0D2200053EE200001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000B6AC0100000000000200000002000000 "D:\Program Files (x86)\Steam\bin\steamservice.exe"=0x534143500100000000000000070000002800000020B1190007F7190001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000007C080000000000000100000001000000 "C:\Users\admin\UniversalApps\Age of Empires Definitive Edition\AoEDE.exe"=0x534143500100000000000000070000002800000000B0A9000000000001000000000000000000000A73200000BFA2139DEDD1D30100000000000000000200000050000000000000000000004000000000000000000000000000000000F30900000000000002000000020000000000000000000000100000000000000000000000000000007A0B0000000000000200000000000000 "C:\Users\admin\UniversalApps\Age of Empires Definitive Edition\unins000.exe"=0x53414350010000000000000007000000280000004BC512000000000001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000035190000000000000100000001000000 "SIGN.MEDIA=6B23E4B2 Install.exe"=0x53414350010000000000000007000000280000008868FD000000000001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000035760100000000000100000001000000 "SIGN.MEDIA=14765A4 THE_UNIV\THE_UNIV.EXE"=0x534143500100000000000000070000002800000000EE09000000000001000000000000000000000A00010000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000001050000000000000200000002000000 "D:\Games\Two Point Hospital\TPH.exe"=0x534143500100000000000000070000002800000000E609000000000001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000091A4000000000000300000003000000 "D:\Downloads\The.Universim.Early.Access\The Universim\The Universim.exe"=0x534143500100000000000000070000002800000000EE09000000000001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000012C2B00000000000300000003000000 "C:\Users\admin\Desktop\AdsFix.exe"=0x5341435001000000000000000700000028000000985D5700106F570001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000106200000600000000000000000000000000000000097402401000000000200000002000000 "C:\Users\admin\Desktop\quickdiag_V4_30.08.18.1.exe"=0x5341435001000000000000000700000028000000981D4A0083494A0001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000004D050700000000000300000003000000 "D:\Program Files (x86)\Steam\Steam.exe"=0x534143500100000000000000070000002800000020F330009AB9310001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000003E000000000000000200000002000000 ---------- | IFEO ---------- | Mountpoints2 ---------- | Windows [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] ""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "Beep"=#USR:Control Panel\Sound "CoolSwitch"=USR:Control Panel\Desktop "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickSpeed"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse "Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SwapMouseButtons"=#USR:Control Panel\Mouse "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf] ""=@SYS:DoesNotExist [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "Beep"=#USR:Control Panel\Sound "CoolSwitch"=USR:Control Panel\Desktop "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickSpeed"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SwapMouseButtons"=#USR:Control Panel\Mouse "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems] "windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ---------- | Security center [HKLM\SOFTWARE\Microsoft\Security Center] "cval"=1 [HKLM\SOFTWARE\Microsoft\Security Center\svc] "VistaSp1"=131710491242715439 [HKLM\SOFTWARE\Microsoft\Windows Defender] "ProductAppDataPath"=C:\ProgramData\Microsoft\Windows Defender "ProductIcon"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-100 "ProductLocalizedName"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-1000 "RemediationExe"=%ProgramFiles%\Windows Defender\MSASCui.exe "DisableAntiSpyware"=1 "ProductType"=2 "InstallTime"=0xC919C6062646D201 "InstallLocation"=C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\ "ProductStatus"=0 "OOBEInstallTime"=0xB91332585460D301 "ManagedDefenderProductType"=0 "DisableAntiVirus"=1 "LastEnabledTime"=0x46361FA76140D401 "BackupLocation"=C:\Program Files\Windows Defender [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall"=1 ---------- | Safeboot [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioSrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicDisplay.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicRender.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BrokerInfrastructure] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DeviceInstall] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dxgkrnl.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FsDepends.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudBus.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LSM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SerCx2.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SystemEventsBroker] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\usbaudio.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AudioEndpointBuilder] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AudioSrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicDisplay.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicRender.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BrokerInfrastructure] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DeviceInstall] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dxgkrnl.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\FsDepends.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HdAudAddService.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HdAudBus.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LSM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetSetupSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SerCx2.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmartcardSimulator] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SpbCx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SystemEventsBroker] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\uefi.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\usbaudio.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VirtualSmartcardReader] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wcmsvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96C-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}] ---------- | Winsock (Whitelist) [HKLM\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001] : AF_UNIX [HKLM\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001] : AF_UNIX [HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001] : AF_UNIX [HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001] : AF_UNIX ---------- | Hosts # AdBlock Master Database 13/07/2018 14:40:26 # Required software: "AdBlock Master" Version 1.0 or above. # Please check http://www.majorshare.com/ for more informations. # Developer: Gürkan Dilmen, Contact: dev@majorshare.com # Database 127.0.0.1 static.doubleclick.net 127.0.0.1 artemisaffiliates.com 127.0.0.1 www.artemisaffiliates.com 127.0.0.1 static.eu.criteo.net 127.0.0.1 images.nl.eu.criteo.net 127.0.0.1 cat.nl.eu.criteo.com 127.0.0.1 b.scorecardresearch.com 127.0.0.1 ls.hit.gemius.pl 127.0.0.1 static.criteo.net 127.0.0.1 cas.fr.eu.criteo.com 127.0.0.1 cas.nl.eu.criteo.com 127.0.0.1 googletagservices.com 127.0.0.1 www.googletagservices.com 127.0.0.1 securepubads.g.doubleclick.net 127.0.0.1 s0.2mdn.net 127.0.0.1 medyanet.cubecdn.net 127.0.0.1 app.medyanetads.com 127.0.0.1 cm.g.doubleclick.net 127.0.0.1 tpc.googlesyndication.com 127.0.0.1 encrypted-tbn3.gstatic.com 127.0.0.1 trgde.adocean.pl 127.0.0.1 fs2.directupload.net 127.0.0.1 pixel.quantserve.com [372] More lines ---------- | Ping Envoi d'une requ?te 'ping' sur google.com [172.217.21.78] avec 32 octets de donn?es?: R?ponse de 172.217.21.78?: octets=32 temps=17 ms TTL=54 R?ponse de 172.217.21.78?: octets=32 temps=16 ms TTL=54 R?ponse de 172.217.21.78?: octets=32 temps=25 ms TTL=54 R?ponse de 172.217.21.78?: octets=32 temps=16 ms TTL=54 Statistiques Ping pour 172.217.21.78: Paquets?: envoy?s = 4, re?us = 4, perdus = 0 (perte 0%), Dur?e approximative des boucles en millisecondes : Minimum = 16ms, Maximum = 25ms, Moyenne = 18ms ---------- | @ [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Microsoft\Internet Explorer\Main] "Anchor Underline"=yes "Cache_Update_Frequency"=yes "Disable Script Debugger"=yes "DisableScriptDebuggerIE"=yes "Display Inline Images"=yes "Do404Search"=0x01000000 "Local Page"=%11%\blank.htm "Save_Session_History_On_Exit"=no "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Show_FullURL"=no "Show_StatusBar"=yes "Show_ToolBar"=yes "Show_URLinStatusBar"=yes "Show_URLToolBar"=yes "Use_DlgBox_Colors"=yes "UseClearType"=no "XMLHTTP"=1 "Enable Browser Extensions"=yes "Play_Background_Sounds"=yes "Play_Animations"=yes "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "ImageStoreRandomFolder"=nlxx43s "OperationalData"=13 "CompatibilityFlags"=0 "FullScreen"=no "Window_Placement"=0x2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF2400000024000000D4040000C7020000 "Start Page_TIMESTAMP"=0x78CAED60C219D401 "SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy"= "IE10RunOnceLastShown"=1 "IE10RunOnceLastShown_TIMESTAMP"=0xCAB37113CC1AD401 "IE10TourShown"=1 "IE10TourShownTime"=0x9A6D10B8D1EDD301 "AutoHide"=yes "SearchBandMigrationVersion"=1 "DownloadWindowPlacement"=0x2C0000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF50020000F0000000D0040000D0020000 "IE11EdgeNotifyTime"=0x611486B68E14D401 "EdgeReminderRemainingCount"=5 [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Microsoft\Windows\CurrentVersion\Internet settings] "DisableCachingOfSSLPages"=0 "IE5_UA_Backup_Flag"=5.0 "PrivacyAdvanced"=1 "SecureProtocols"=2688 "CertificateRevocation"=1 "User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32) "ZonesSecurityUpgrade"=0x9A6D10B8D1EDD301 "WarnonZoneCrossing"=0 "EnableNegotiate"=1 "MigrateProxy"=1 "ProxyEnable"=0 "LockDatabase"=131799227133015022 [HKLM\Software\Microsoft\Internet Explorer\Main] "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "AutoHide"=yes "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Anchor_Visitation_Horizon"=0x01000000 "Cache_Percent_of_Disk"=0x0A000000 "Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Secondary_Page_URL"= "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "Extensions Off Page"=about:NoAdd-ons "Local Page"=C:\Windows\System32\blank.htm "Placeholder_Height"=0x1A000000 "Placeholder_Width"=0x1A000000 "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Security Risk Page"=about:SecurityRisk "Use_Async_DNS"=yes "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [HKLM\Software\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "Home"=270 "InPrivate"=res://ieframe.dll/inprivate.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "PostNotCached"=res://ieframe.dll/repost.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes] "ftp"=ftp:// "home"=http:// "mosaic"=http:// "www"=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings] "ActiveXCache"=C:\Windows\Downloaded Program Files "CodeBaseSearchPath"=CODEBASE "EnablePunycode"=1 "MinorVersion"=0 "WarnOnIntranet"=1 [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Main] "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "AutoHide"=yes "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Anchor_Visitation_Horizon"=0x01000000 "Cache_Percent_of_Disk"=0x0A000000 "Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Secondary_Page_URL"= "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "Extensions Off Page"=about:NoAdd-ons "Local Page"=C:\Windows\SysWOW64\blank.htm "Placeholder_Height"=0x1A000000 "Placeholder_Width"=0x1A000000 "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Security Risk Page"=about:SecurityRisk "Use_Async_DNS"=yes "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "Home"=270 "InPrivate"=res://ieframe.dll/inprivate.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "PostNotCached"=res://ieframe.dll/repost.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes] "ftp"=ftp:// "home"=http:// "mosaic"=http:// "www"=http:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet settings] "ActiveXCache"=C:\Windows\Downloaded Program Files "CodeBaseSearchPath"=CODEBASE "EnablePunycode"=1 "MinorVersion"=0 "WarnOnIntranet"=1 ---------- | Proxy ---------- | reparsepoint ---------- | Detection of offsets ---------- | Notify ---------- | Execution FileExts ---------- | SIOI | SEH | URLSH [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro1 (ErrorConflict)] - {8BA85C75-763B-4103-94EB-9470F12FE0F7} -- C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [01/10/2012 20:37:16] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro2 (SyncInProgress)] - {CD55129A-B1A1-438E-A425-CEBC7DC684EE} -- C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [01/10/2012 20:37:16] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro3 (InSync)] - {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} -- C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [01/10/2012 20:37:16] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw] - {472083B0-C522-11CF-8763-00608CC02F24} -- D:\Program Files\AVAST Software\Avast\ashShA64.dll [18/07/2018 00:51:17] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast] - {472083B0-C522-11CF-8763-00608CC02F24} -- D:\Program Files\AVAST Software\Avast\ashShA64.dll [18/07/2018 00:51:17] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} -- C:\Windows\System32\EhStorShell.dll [12/04/2018 01:34:24] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro1 (ErrorConflict)] - {8BA85C75-763B-4103-94EB-9470F12FE0F7} -- C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [01/10/2012 20:38:12] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro2 (SyncInProgress)] - {CD55129A-B1A1-438E-A425-CEBC7DC684EE} -- C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [01/10/2012 20:38:12] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro3 (InSync)] - {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} -- C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [01/10/2012 20:38:12] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks] "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"= ---------- | Toolbar [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "Locked"=0 "ShowDiscussionButton"=Yes [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "KnownProvidersUpgradeTime"=0x9A6D10B8D1EDD301 "DownloadRetries"=1 "Version"=5 "UpgradeTime"=0x9A6D10B8D1EDD301 ---------- | Extensions [HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}] : () - [] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] : (Cliquer pour appeler Lync) - [] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{48A61126-9A19-4C50-A214-FF08CB94995C}] : (McAfee WebAdvisor) - [] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}] : (Notes &liées OneNote) - [] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{A95fe080-8f5d-11d2-a20b-00aa003c157a}] : (@D:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101) - [] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] : (Cliquer pour appeler Lync) - [] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{48A61126-9A19-4C50-A214-FF08CB94995C}] : (McAfee WebAdvisor) - [] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}] : (Notes &liées OneNote) - [] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{A95fe080-8f5d-11d2-a20b-00aa003c157a}] : (@D:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101) - [] ---------- | SearchScopes ---------- | Browser Helper Objects [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] -> (Lync Browser Helper) : C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [01/10/2012 20:38:12] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}] -> (McAfee WebAdvisor) : c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll [15/08/2018 17:14:46] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] -> (Office Document Cache Handler) : C:\PROGRA~2\MICROS~2\Office15\URLREDIR.DLL [01/10/2012 20:38:12] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}] -> (Microsoft SkyDrive Pro Browser Helper) : C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [01/10/2012 20:38:12] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] -> (Lync Browser Helper) : C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [01/10/2012 20:38:12] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] -> (Java(tm) Plug-In SSV Helper) : C:\Program Files (x86)\Java\jre1.8.0_172\bin\ssv.dll [03/07/2018 17:14:15] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{92EF2EAD-A7CE-4424-B0DB-499CF856608E}] -> (Evernote extension) : D:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [07/09/2017 13:39:36] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}] -> (McAfee WebAdvisor) : c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll [15/08/2018 17:14:46] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] -> (Office Document Cache Handler) : C:\PROGRA~2\MICROS~2\Office15\URLREDIR.DLL [01/10/2012 20:38:12] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}] -> (Microsoft SkyDrive Pro Browser Helper) : C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [01/10/2012 20:38:12] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] -> (Java(tm) Plug-In 2 SSV Helper) : C:\Program Files (x86)\Java\jre1.8.0_172\bin\jp2ssv.dll [03/07/2018 17:14:15] ---------- | Chrome [HKLM\Software\WOW6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki] ---------- | Opera ---------- | Firefox [HKLM\Software\mozilla\Firefox\Extensions] "{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"=C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [HKLM\Software\WOW6432Node\mozilla\Firefox\Extensions] "{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"=C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer] - (Adobe® Flash® Player 30.0.0.113 Plugin) : C:\WINDOWS\system32\Macromed\Flash\NPSWF64_30_0_0_113.dll [HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0] - (Microsoft SharePoint Plug-in for Firefox) : C:\Program Files\Microsoft Office\Office15\NPSPWRAP.DLL [HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect] - () : C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@adobe.com/FlashPlayer] - (Adobe® Flash® Player 30.0.0.113 Plugin) : C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_113.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer] - (Adobe Shockwave Player) : C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1234204.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.172.2] - (Java™ Deployment Toolkit) : C:\Program Files (x86)\Java\jre1.8.0_172\bin\dtplugin\npDeployJava1.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.172.2] - (Oracle® Next Generation Java™ Plug-In) : C:\Program Files (x86)\Java\jre1.8.0_172\bin\plugin2\npjp2.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0] - (Microsoft Lync Plug-in for Firefox) : C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0] - (Microsoft SharePoint Plug-in for Firefox) : C:\Program Files (x86)\Microsoft Office\Office15\NPSPWRAP.DLL [HKLM\Software\WOW6432Node\MozillaPlugins\@nvidia.com/3DVision] - (NVIDIA stereo images plugin for Mozilla browsers) : C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming] - (NVIDIA 3D Vision Streaming plugin for Mozilla browsers) : C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.4] - (VLC Multimedia Plugin) : C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.6] - (VLC Multimedia Plugin) : C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@videolan.org/vlc,version=3.0.0] - (VLC Multimedia Plugin) : C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@videolan.org/vlc,version=3.0.3] - (VLC Multimedia Plugin) : C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [HKLM\Software\WOW6432Node\MozillaPlugins\Adobe Reader] - (Handles PDFs in-place in Firefox) : C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\y6chkhay.Baba-1531385856784\Prefs.js user_pref("browser.startup.homepage", "https://www.ecosia.org/"); user_pref("browser.startup.homepage_override.buildID", "20180807170231"); user_pref("browser.startup.homepage_override.mstone", "61.0.2"); user_pref("devtools.webextensions.{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.enabled", true); user_pref("extensions.blocklist.lastModified", "Wed, 29 Aug 2018 17:46:12 GMT"); user_pref("extensions.blocklist.pingCountTotal", 38); user_pref("extensions.blocklist.pingCountVersion", 18); user_pref("extensions.databaseSchema", 26); user_pref("extensions.getAddons.cache.lastUpdate", 1535658353); user_pref("extensions.getAddons.databaseSchema", 5); user_pref("extensions.lastAppBuildId", "20180807170231"); user_pref("extensions.lastAppVersion", "61.0.2"); user_pref("extensions.lastPlatformVersion", "61.0.2"); user_pref("extensions.pendingOperations", false); user_pref("extensions.pocket.settings.test.panelSignUp", "control"); user_pref("extensions.systemAddonSet", "{\"schema\":1,\"addons\":{}}"); user_pref("extensions.ui.dictionary.hidden", true); user_pref("extensions.ui.lastCategory", "addons://list/extension"); user_pref("extensions.ui.locale.hidden", true); user_pref("extensions.webextensions.uuids", "{\"webcompat@mozilla.org\":\"aa1d3752-2bb0-44be-8cd4-0b8e213f44be\",\"screenshots@mozilla.org\":\"9e13b98f-62eb-4cd4-958e-dea3e2c1f151\",\"{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\":\"5bddda96-7c2d-407c-858f-7e50a98e9138\",\"{4ED1F68A-5463-4931-9384-8FFF5ED91D92}\":\"831ce746-84c3-4bfa-8526-1335bca7135d\",\"wrc@avast.com\":\"be912aaa-f2df-4856-aa11-552d9809b680\"}"); C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\zfjttotr.default\Prefs.js user_pref("browser.startup.homepage_override.buildID", "20180704003137"); user_pref("browser.startup.homepage_override.mstone", "61.0.1"); user_pref("extensions.blocklist.pingCountVersion", 0); user_pref("extensions.databaseSchema", 26); user_pref("extensions.getAddons.databaseSchema", 5); user_pref("extensions.lastAppVersion", "61.0.1"); user_pref("extensions.lastPlatformVersion", "61.0.1"); user_pref("extensions.pendingOperations", false); user_pref("extensions.systemAddonSet", "{\"schema\":1,\"addons\":{}}"); user_pref("extensions.webextensions.uuids", "{\"webcompat@mozilla.org\":\"9af86cfb-9964-4912-ae69-86149366f582\",\"screenshots@mozilla.org\":\"58526f37-18e6-4fdc-9853-7be64b0097d6\"}"); [Profile1] - Name=Baba -> Profiles/y6chkhay.Baba-1531385856784 ---------- | DNS [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters] "DhcpNameServer"=192.168.1.254 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{6f01d2aa-7510-428f-8197-c389679c2d62}] "DhcpNameServer"=192.168.1.254 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{a309cb0d-c7cb-4978-a0b5-b9d814cdc63b}] "DhcpNameServer"=192.168.1.254 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{6f01d2aa-7510-428f-8197-c389679c2d62}] "DhcpNameServer"=192.168.1.254 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{a309cb0d-c7cb-4978-a0b5-b9d814cdc63b}] "DhcpNameServer"=192.168.1.254 ---------- | Applications [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\SOFTWARE\Classes\Applications\BitComet.exe] : "C:\Program Files\BitComet\BitComet.exe" "%1" [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\SOFTWARE\Classes\Applications\DTLite.exe] : "C:\Program Files\DAEMON Tools Lite\DTLite.exe" "%1" [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\SOFTWARE\Classes\Applications\uTorrent.exe] : "C:\Users\admin\AppData\Roaming\uTorrent\uTorrent.exe" "%1" /SHELLASSOC [HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 [HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\Classes\Applications\vlc.exe] : "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file "%1" [HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\vlc.exe] : "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" ---------- | SvcHost (Whitelist) [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost] "DcomLaunch"=Power LSM BrokerInfrastructure PlugPlay DcomLaunch DeviceInstall SystemEventsBroker "rdxgroup"=RetailDemo "wusvcs"=WaaSMedicSvc "BthAppGroup"=BluetoothUserService "BcastDVRUserService"=BcastDVRUserService "Camera"=FrameS "diagnostics"=DiagSvc "PrintWorkflow"=PrintWorkflowUserSvc "GraphicsPerfSvcGroup"=GraphicsPerfSvc "DevicesFlow"=DevicesFlowUserSvc DevicePickerUserSvc "smbsvcs"=lanmanserver browser [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost] "DcomLaunch"=PlugPlay DcomLaunch DeviceInstall "PrintWorkflow"=PrintWorkflowUserSvc "smbsvcs"=lanmanserver ---------- | SvcHost - Netsvcs (Whitelist) ---------- | Software [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\1C Multimedia] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\3rd Eye Studios] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\4A-Games] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\8 Points] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Adobe] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Aerosoft] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Airborne Games] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\AMPLITUDE Studios] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Apoapsis Studios] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\AppDataLow] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Arachnid Games] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\ASCII] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Audiosurf, LLC] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\AVAST Software] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Berserk Games] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Bethesda] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\BitComet] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\BitTorrent] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Blizzard Entertainment] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\BNE] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Bohemia Interactive] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Bohemia Interactive Studio] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Bossa Studios] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Browser Cleanup] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Bugsplat] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\CampoSanto] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Carbomb Software] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\CCCP] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Cheat Engine] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Chromium] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\CitizenFX] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\CKAN] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Clarus Victoria] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Clients] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\CodeHorizon] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Coffee Powered Machine] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\CoGenMedia] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Contingent99] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Craneballs] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\cryptic] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Crystal Dynamics] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Crytivo Games Inc.] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Curse] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Cyanide] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\CyberPhobX] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Daedalic Entertainment GmbH] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\DefaultCompany] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Digital Extremes] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Disc Soft] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Discord] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\DoMyBest] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Drivers] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Druide informatique inc.] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Dry Cactus] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Eidos Montreal] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\ElAmigos] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Electronic Arts] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Eleon Game Studios] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Empyrean] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\EMU] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Enterbrain] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Epic Games] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\EpidemicLauncher] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\eugen systems] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Evernote] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Every Single Soldier] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Evil Bite] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Facepunch Studios LTD] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Falcom] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Fenix Fire Entertainment] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Firaxis] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\firefly studios] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\FiveM] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\FLEXlm License Manager] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Fraps3] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Frontier Developments] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Full Control] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\g3n-h@ckm@n] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Gaddy Games] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Gaijin] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\GameRanger] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\GameSpy] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Ghost Town Games] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\GNU] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\GOG.com] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Goldhawk Interactive] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Google] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\GSC Game World] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Haemimont Games] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Hinterland] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Iceberg Interactive] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\IM Providers] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Imagination Technologies] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Intel] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\inXile Entertainment] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\IO Interactive] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\IronOak Games] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Jagex] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\JavaSoft] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\JutsuGames] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\KADOKAWA] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\KING Art Games] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Kitfox Games] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\KK Game Studio] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Klei] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\KoeiTecmo] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Landfall] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Landfall West] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Larian Studios] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Lazy Bear Games] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Le Cartel Studio] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\League of Geeks] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Level-5 Inc.] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Ligos] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\LionShield] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\LionsShade] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Logic Artists] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\LogiShrd] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Logitech] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Ludeon Studios] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\LVGameDev LLC] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Macromedia] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\MalkyrsStudio] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Malwarebytes] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Marmalade Game Studio] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Microsoft] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Mindillusion] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Minecraft Projects] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Mirillis] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\MohawkGames] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Mojang] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\MountAndBladeWarbandKeys] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\MountAndBladeWarbandWFASKeys] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Mozilla] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\MozillaPlugins] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Ndemic Creations] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\NeoCore Games] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Netscape] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\NewTechnologyStudio] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\NilsJakrins] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\noio] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\NTSCorp] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\NVIDIA Corporation] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Obsidian Entertainment] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\ODBC] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Okomotive] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Ominux Games] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\OpenOffice] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Paint.NET] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Pathea] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Pathea Games] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Petroglyph] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\PhotoFiltre 7] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Piriform] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Pixellore] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Playdead] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\PlayWay SA] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Policies] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Popcannibal] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\ProtectedStorage] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\PrtScr] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\QtProject] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\RAC7] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Reality Twist GmbH] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Realmforge Studios GmbH] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Realtek] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Reconnect Software LTD] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Red Dot Games] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Red Thread Games] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Redbeet Interactive] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\RegisteredApplications] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Sauropod Studio] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\ScriptHookV] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\SecuROM] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\SEGA] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\SeithCG] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Si7 studio] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\SKS] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Skype] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\skypeapp-7db1e5c3b14c] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\skypeapp-9c95a1943593] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Sloclap] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\SmallGamesInfo] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Smartly Dressed Games] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\SOFF Games] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\SomaSim] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Sony Interactive Entertainment Network America LLC] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Spoon] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\SQUAD] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Square Enix] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Stardock] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Stargate Modding] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Stdin2] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Strange Fire] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Strange Loop Games] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Strategiae] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Subterranean Games] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Suncrash] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\SUPERHOT_Team] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Swing Swing Submarine] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\sysinternals] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\System32] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Tangled Mess Games] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Team 17 Digital ltd.] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Team17 Digital Limited] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\TexMod] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\The Creative Assembly] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\The Fullbright Company] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\The Fun Pimps] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\The Irregular Corp] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\THEGFW] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Thunder Lotus Games] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Totalidea Software] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Troika] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Trolltech] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Two Point Studios] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\U-Play online] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Ubisoft] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Unity] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Unknown Worlds] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Unreal Technology] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Valve] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\VITALI KIRPU & QUADRO DELTA] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Warner Bros. Interactive Entertainment] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Weappy] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Widcomm] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\WinRAR] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\WinRAR SFX] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\WixSharp] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Wow6432Node] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\ZHP] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Zillion Whales] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\SOFTWARE\AppDataLow\Software\Adobe] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\SOFTWARE\AppDataLow\Software\Killerfish Games] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\SOFTWARE\AppDataLow\Software\Microsoft] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Microsoft\Windows\CurrentVersion] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Microsoft\Windows\DWM] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Microsoft\Windows\PrivacySettingsBeforeCreatorsUpdate] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Microsoft\Windows\Shell] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Microsoft\Windows\TabletPC] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Microsoft\Windows\Windows Error Reporting] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Microsoft\Windows\Winlogon] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\Ada2] [HKLM\Software\AdsFix] [HKLM\Software\AGEIA Technologies] [HKLM\Software\Apple Inc.] [HKLM\Software\ASIO] [HKLM\Software\Clients] [HKLM\Software\Disc Soft] [HKLM\Software\Druide informatique inc.] [HKLM\Software\FileZilla 3] [HKLM\Software\g3n-h@ckm@n] [HKLM\Software\Google] [HKLM\Software\IM Providers] [HKLM\Software\Intel] [HKLM\Software\JavaSoft] [HKLM\Software\JreMetrics] [HKLM\Software\Khronos] [HKLM\Software\Logishrd] [HKLM\Software\Logitech] [HKLM\Software\LogMeIn, Inc.] [HKLM\Software\Macromedia] [HKLM\Software\Maxis] [HKLM\Software\McAfee] [HKLM\Software\MegaTrainerUltimate] [HKLM\Software\Microsoft] [HKLM\Software\Mozilla] [HKLM\Software\mozilla.org] [HKLM\Software\MozillaPlugins] [HKLM\Software\Nahimic] [HKLM\Software\NCH Swift Sound] [HKLM\Software\Nuance] [HKLM\Software\NVIDIA Corporation] [HKLM\Software\ODBC] [HKLM\Software\OEM] [HKLM\Software\Paint.NET] [HKLM\Software\Partner] [HKLM\Software\Piriform] [HKLM\Software\Policies] [HKLM\Software\Realtek] [HKLM\Software\RegisteredApplications] [HKLM\Software\SiteAdvisor] [HKLM\Software\SRS Labs] [HKLM\Software\sysinternals] [HKLM\Software\TruckersMP] [HKLM\Software\VB-Audio] [HKLM\Software\Widcomm] [HKLM\Software\WOW6432Node] [HKLM\Software\Microsoft\Windows\ClickNote] [HKLM\Software\Microsoft\Windows\CurrentVersion] [HKLM\Software\Microsoft\Windows\Dwm] [HKLM\Software\Microsoft\Windows\DynamicManagement] [HKLM\Software\Microsoft\Windows\EnterpriseResourceManager] [HKLM\Software\Microsoft\Windows\Heat] [HKLM\Software\Microsoft\Windows\Help] [HKLM\Software\Microsoft\Windows\HTML Help] [HKLM\Software\Microsoft\Windows\ITStorage] [HKLM\Software\Microsoft\Windows\PrivacySettingsBeforeCreatorsUpdate] [HKLM\Software\Microsoft\Windows\ScheduledDiagnostics] [HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\Microsoft\Windows\Shell] [HKLM\Software\Microsoft\Windows\Tablet PC] [HKLM\Software\Microsoft\Windows\TabletPC] [HKLM\Software\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\Microsoft\Windows\Windows Search] [HKLM\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\BcastDVRUserService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\btagservice] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\BthAppGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\Camera] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\DevicesFlow] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\diagnostics] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\GraphicsPerfSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ICService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceHttp] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestrictedDhcpLmHosts] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetworkFirewall] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceDnsNla] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\print] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\PrintWorkflow] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\rdxgroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\RmSvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\UnistackSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\WepHostSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wsappx] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wusvcs] [HKLM\Software\WOW6432Node\3DMLAUNCHER] [HKLM\Software\WOW6432Node\Ada2] [HKLM\Software\WOW6432Node\Adobe] [HKLM\Software\WOW6432Node\AGEIA Technologies] [HKLM\Software\WOW6432Node\AppDataLow] [HKLM\Software\WOW6432Node\ASIO] [HKLM\Software\WOW6432Node\AVAST Software] [HKLM\Software\WOW6432Node\Bethesda Softworks] [HKLM\Software\WOW6432Node\Blizzard Entertainment] [HKLM\Software\WOW6432Node\bohemia interactive] [HKLM\Software\WOW6432Node\bohemia interactive studio] [HKLM\Software\WOW6432Node\Druide informatique inc.] [HKLM\Software\WOW6432Node\EA Games] [HKLM\Software\WOW6432Node\EasyAntiCheat] [HKLM\Software\WOW6432Node\Electronic Arts] [HKLM\Software\WOW6432Node\Enterbrain] [HKLM\Software\WOW6432Node\Epic Games] [HKLM\Software\WOW6432Node\EpicGames] [HKLM\Software\WOW6432Node\Evernote] [HKLM\Software\WOW6432Node\FileZilla 3] [HKLM\Software\WOW6432Node\FileZilla Client] [HKLM\Software\WOW6432Node\Fraps] [HKLM\Software\WOW6432Node\GNU] [HKLM\Software\WOW6432Node\GOG.com] [HKLM\Software\WOW6432Node\Google] [HKLM\Software\WOW6432Node\GSC Game World] [HKLM\Software\WOW6432Node\IM Providers] [HKLM\Software\WOW6432Node\InstallShield] [HKLM\Software\WOW6432Node\Intel] [HKLM\Software\WOW6432Node\JavaSoft] [HKLM\Software\WOW6432Node\JreMetrics] [HKLM\Software\WOW6432Node\Khronos] [HKLM\Software\WOW6432Node\LogMeIn Hamachi] [HKLM\Software\WOW6432Node\LucasArts] [HKLM\Software\WOW6432Node\Macromedia] [HKLM\Software\WOW6432Node\Maxis] [HKLM\Software\WOW6432Node\McAfee] [HKLM\Software\WOW6432Node\MegaTrainerUltimate] [HKLM\Software\WOW6432Node\Microsoft] [HKLM\Software\WOW6432Node\Modulaatio Games] [HKLM\Software\WOW6432Node\Mojang] [HKLM\Software\WOW6432Node\Monte Cristo] [HKLM\Software\WOW6432Node\mount&blade warband] [HKLM\Software\WOW6432Node\Mozilla] [HKLM\Software\WOW6432Node\mozilla.org] [HKLM\Software\WOW6432Node\MozillaPlugins] [HKLM\Software\WOW6432Node\Nuance] [HKLM\Software\WOW6432Node\NVIDIA Corporation] [HKLM\Software\WOW6432Node\ODBC] [HKLM\Software\WOW6432Node\OpenAL] [HKLM\Software\WOW6432Node\OpenOffice] [HKLM\Software\WOW6432Node\Oracle] [HKLM\Software\WOW6432Node\Origin] [HKLM\Software\WOW6432Node\Origin Games] [HKLM\Software\WOW6432Node\PowerPivot] [HKLM\Software\WOW6432Node\Rockstar Games] [HKLM\Software\WOW6432Node\SiteAdvisor] [HKLM\Software\WOW6432Node\Skype] [HKLM\Software\WOW6432Node\Sony Interactive Entertainment Network America LLC] [HKLM\Software\WOW6432Node\Syton Entertainment] [HKLM\Software\WOW6432Node\THQ] [HKLM\Software\WOW6432Node\Treexy] [HKLM\Software\WOW6432Node\Turbine] [HKLM\Software\WOW6432Node\Ubisoft] [HKLM\Software\WOW6432Node\Unreal Technology] [HKLM\Software\WOW6432Node\Valve] [HKLM\Software\WOW6432Node\VehiPlan] [HKLM\Software\WOW6432Node\VideoLAN] [HKLM\Software\WOW6432Node\Volatile] [HKLM\Software\WOW6432Node\WinRAR] [HKLM\Software\WOW6432Node\WOW6432Node] [HKLM\Software\WOW6432Node\Zenimax_Online] [HKLM\Software\WOW6432Node\Zotero] [HKLM\Software\WOW6432Node\zotero.org] [HKLM\Software\WOW6432Node\Clients] [HKLM\Software\WOW6432Node\Policies] [HKLM\Software\WOW6432Node\RegisteredApplications] [HKLM\Software\WOW6432Node\Microsoft\Windows\ClickNote] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows\Dwm] [HKLM\Software\WOW6432Node\Microsoft\Windows\EnterpriseResourceManager] [HKLM\Software\WOW6432Node\Microsoft\Windows\Heat] [HKLM\Software\WOW6432Node\Microsoft\Windows\Help] [HKLM\Software\WOW6432Node\Microsoft\Windows\HTML Help] [HKLM\Software\WOW6432Node\Microsoft\Windows\ITStorage] [HKLM\Software\WOW6432Node\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\WOW6432Node\Microsoft\Windows\Tablet PC] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Search] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceHttp] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestrictedDhcpLmHosts] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetworkFirewall] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceDnsNla] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\PrintWorkflow] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\wusvcs] ---------- | Drives D: F: [07/11/2007 08:03:18] - |A| - (.(C) Microsoft Corporation. - UI Wrapper Resource DLL.) - [76304] - (9.0.21022.8) - F:\install.res.1028.dll [07/11/2007 08:03:18] - |A| - (.© Microsoft Corporation. Alle Rechte vorbehalten. - Ressourcen-DLL für UI-Wrapper.) - [96272] - (9.0.21022.8) - F:\install.res.1031.dll [07/11/2007 08:03:18] - |A| - (.© Microsoft Corporation. - UI Wrapper Resource DLL.) - [91152] - (9.0.21022.8) - F:\install.res.1033.dll [07/11/2007 08:03:18] - |A| - (.© Microsoft Corporation. Tous droits réservés. - UI Wrapper Resource DLL.) - [97296] - (9.0.21022.8) - F:\install.res.1036.dll [07/11/2007 08:03:18] - |A| - (.© Microsoft Corporation. Tutti i diritti riservati. - DLL di risorse del wrapper dell'interfaccia utente.) - [95248] - (9.0.21022.8) - F:\install.res.1040.dll [07/11/2007 08:03:18] - |A| - (.(C) Copyright Microsoft Corporation. - UI Wrapper Resource DLL.) - [81424] - (9.0.21022.8) - F:\install.res.1041.dll [07/11/2007 08:03:18] - |A| - (.(C) Microsoft Corporation. - UI ?? ??? DLL.) - [79888] - (9.0.21022.8) - F:\install.res.1042.dll [07/11/2007 08:03:18] - |A| - (.(C) Microsoft Corporation???????? - ???????? DLL.) - [75792] - (9.0.21022.8) - F:\install.res.2052.dll [07/11/2007 08:03:18] - |A| - (.© Microsoft Corporation. Reservados todos los derechos. - Archivo DLL de recursos del contenedor de la interfaz de usuario.) - [96272] - (9.0.21022.8) - F:\install.res.3082.dll [07/11/2007 08:03:18] - |A| - (.© Microsoft Corporation. - External Installer.) - [562688] - (9.0.21022.8) - F:\install.exe [07/11/2007 08:00:40] - |A| - (.-.) - [1110] - (0.0.0.0) - F:\globdata.ini [07/11/2007 08:00:40] - |A| - (.-.) - [843] - (0.0.0.0) - F:\install.ini ---------- | C: [25/07/2017 12:45:53] - |HD| - [16533887] - C:\$AV_ASW [16/07/2016 13:47:47] - |SHD| - [6875333] - C:\$Recycle.Bin [13/07/2018 14:51:23] - |HD| - [361096] - C:\$SysReset [13/07/2018 14:53:40] - |D| - [14681] - C:\$WINDOWS.~BT [27/05/2018 20:49:17] - |D| - [193126] - C:\Action! [10/06/2017 22:29:25] - |D| - [0] - C:\admin [20/08/2018 18:29:37] - |D| - [282627104] - C:\AdsFix [MD5.CC9C5517C7622D9315C73818FA6FFD3C] - [20/08/2018 18:31:35] - |A| - (.-.) - [25514] - (0.0.0.0) - C:\AdsFix.txt [04/03/2017 14:27:12] - |D| - [186289943] - C:\AdwCleaner [MD5.79B9D2263314FB764719CF6372B1D0C5] - [16/07/2016 14:58:18] - |RASH| - (.-.) - [384322] - (0.0.0.0) - C:\bootmgr [MD5.93B885ADFE0DA089CDF634904FD59F71] - [16/07/2016 14:58:19] - |ASH| - (.-.) - [1] - (0.0.0.0) - C:\BOOTNXT [17/11/2017 12:09:59] - |SHD| - [1426240] - C:\Config.Msi [MD5.73ADCD8A7909254AE55E1D57BEFA1056] - [16/06/2018 13:25:44] - |A| - (.-.) - [277] - (0.0.0.0) - C:\debugInstaller.txt [24/11/2016 09:41:25] - |SHD| - [0] - C:\Documents and Settings [27/11/2016 19:56:10] - |D| - [0] - C:\Downloads [13/07/2018 14:55:04] - |D| - [0] - C:\ESD [14/07/2018 00:17:46] - |D| - [142105037] - C:\FRST [01/10/2017 13:30:19] - |D| - [36406] - C:\Intel [21/07/2017 14:36:16] - |RHD| - [846036376] - C:\MSOCache [MD5.D41D8CD98F00B204E9800998ECF8427E] - [24/11/2016 09:40:19] - |ASH| - (.-.) - [2550136832] - (0.0.0.0) - C:\pagefile.sys [12/04/2018 01:38:20] - |D| - [0] - C:\PerfLogs [12/04/2018 01:38:20] - |RD| - [41730593780] - C:\Program Files [12/04/2018 01:38:20] - |RD| - [2751670032] - C:\Program Files (x86) [12/04/2018 01:38:20] - |HD| - [5350202178] - C:\ProgramData [15/07/2018 23:37:01] - |D| - [384916194] - C:\QuickDiag [MD5.47BF875702B1CEA0FEEC78EF2D6FBDE9] - [30/08/2018 23:40:57] - |A| - (.-.) - [282201] - (0.0.0.0) - C:\QuickDiag.txt [MD5.EB4D27A62862A9BC4D9E641CC0E098B1] - [15/07/2018 23:42:07] - |RA| - (.-.) - [553677] - (0.0.0.0) - C:\QuickDiag_15_07_2018_23_42_07.txt [MD5.DA22C47BFFF343E0E1CAF1985FC7AF86] - [30/08/2018 20:43:59] - |RA| - (.-.) - [897689] - (0.0.0.0) - C:\QuickDiag_30_08_2018_20_43_59.txt [MD5.3B80DE30782A38FECC888E2C31983F4D] - [30/08/2018 21:11:03] - |RA| - (.-.) - [579623] - (0.0.0.0) - C:\QuickDiag_30_08_2018_21_11_03.txt [18/11/2017 11:38:24] - |SHD| - [0] - C:\Recovery [27/08/2017 14:57:48] - |D| - [229845921] - C:\shadersmod.net [MD5.D41D8CD98F00B204E9800998ECF8427E] - [24/11/2016 09:40:19] - |ASH| - (.-.) - [16777216] - (0.0.0.0) - C:\swapfile.sys [24/11/2016 09:40:19] - |SHD| - [0] - C:\System Volume Information [11/04/2018 23:04:33] - |RD| - [109428507107] - C:\Users [01/08/2018 09:19:55] - |D| - [296] - C:\UWT [11/04/2018 23:04:33] - |D| - [39969325000] - C:\Windows ---------- | C:\WINDOWS [12/04/2018 01:38:20] - |D| - [802] - C:\WINDOWS\addins [12/04/2018 01:38:20] - |D| - [13834358] - C:\WINDOWS\appcompat [12/04/2018 01:38:20] - |D| - [8315908] - C:\WINDOWS\apppatch [12/04/2018 01:38:20] - |D| - [0] - C:\WINDOWS\AppReadiness [12/04/2018 01:38:20] - |RSD| - [1145524113] - C:\WINDOWS\assembly [MD5.12EBDA58437CD1EA7066FCB6455241D2] - [25/11/2016 13:52:10] - |A| - (.Copyright (c) 2014 AVAST Software - avast! Screen Saver stub.) - [53208] - (12.3.3154.0) - C:\WINDOWS\avastSS.scr [12/04/2018 01:38:20] - |D| - [720353] - C:\WINDOWS\bcastdvr [MD5.178BA90AA13F6F834E5C060DC923FB55] - [12/04/2018 01:34:02] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Utilitaire de service de fichier de démarrage.) - [67072] - (10.0.17134.1) - C:\WINDOWS\bfsvc.exe [12/04/2018 01:38:20] - |D| - [38319346] - C:\WINDOWS\Boot [MD5.C6BA97B4E1CBD4044C6F3081C58123E7] - [17/05/2018 19:36:09] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\WINDOWS\bootstat.dat [12/04/2018 01:38:21] - |D| - [2448984] - C:\WINDOWS\Branding [12/04/2018 01:30:02] - |D| - [0] - C:\WINDOWS\CbsTemp [MD5.A155FFABF2F04265A97274CCAB44D773] - [12/04/2018 18:23:39] - |A| - (.-.) - [35138] - (0.0.0.0) - C:\WINDOWS\Core.xml [12/04/2018 01:38:21] - |D| - [11482410] - C:\WINDOWS\Cursors [12/04/2018 01:38:21] - |D| - [0] - C:\WINDOWS\debug [MD5.0E359EF178B73AAAE2C6D6AC11B4FE15] - [17/05/2018 18:45:09] - |A| - (.-.) - [11433] - (0.0.0.0) - C:\WINDOWS\diagerr.xml [12/04/2018 01:38:21] - |D| - [4530019] - C:\WINDOWS\diagnostics [MD5.0E359EF178B73AAAE2C6D6AC11B4FE15] - [17/05/2018 18:45:09] - |A| - (.-.) - [11433] - (0.0.0.0) - C:\WINDOWS\diagwrn.xml [12/04/2018 18:18:37] - |D| - [0] - C:\WINDOWS\DigitalLocker [12/04/2018 01:38:21] - |SD| - [65] - C:\WINDOWS\Downloaded Program Files [12/04/2018 01:38:21] - |HD| - [59976] - C:\WINDOWS\ELAMBKUP [12/04/2018 18:18:37] - |D| - [0] - C:\WINDOWS\en-US [MD5.9DF0773126A630A9555127BD84085A7D] - [28/08/2017 00:31:26] - |A| - (.-.) - [979] - (0.0.0.0) - C:\WINDOWS\eReg.dat [MD5.E4A81EDDFF8B844D85C8B45354E4144E] - [12/07/2018 09:34:01] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [3932672] - (10.0.17134.165) - C:\WINDOWS\explorer.exe [12/04/2018 01:38:21] - |RSD| - [427341200] - C:\WINDOWS\Fonts [12/04/2018 18:18:37] - |D| - [109568] - C:\WINDOWS\fr-FR [12/04/2018 01:38:21] - |D| - [0] - C:\WINDOWS\GameBarPresenceWriter [12/04/2018 01:38:21] - |D| - [47788657] - C:\WINDOWS\Globalization [12/04/2018 01:38:21] - |D| - [71534478] - C:\WINDOWS\Help [MD5.FFD31D96B8D4BAB8B0F83E42B7430A54] - [12/07/2018 09:33:56] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Aide et support Microsoft.) - [1054720] - (10.0.17134.137) - C:\WINDOWS\HelpPane.exe [MD5.A50C9DF7603E2F1AEA6B54053794A326] - [12/04/2018 01:34:25] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Exécutable de l’aide HTML Microsoft®.) - [17920] - (10.0.17134.1) - C:\WINDOWS\hh.exe [12/04/2018 01:38:21] - |D| - [29869] - C:\WINDOWS\IdentityCRL [12/04/2018 01:38:21] - |D| - [28827030] - C:\WINDOWS\IME [12/04/2018 01:38:21] - |RD| - [8489793] - C:\WINDOWS\ImmersiveControlPanel [12/04/2018 01:36:48] - |D| - [116466298] - C:\WINDOWS\INF [12/04/2018 01:38:21] - |D| - [1392019087] - C:\WINDOWS\InfusedApps [12/04/2018 01:38:21] - |D| - [38137502] - C:\WINDOWS\InputMethod [12/04/2018 01:38:21] - |SHD| - [2730308362] - C:\WINDOWS\Installer [06/10/2017 21:43:31] - |D| - [0] - C:\WINDOWS\IObit [12/04/2018 01:38:21] - |D| - [94163] - C:\WINDOWS\L2Schemas [12/04/2018 01:38:21] - |HD| - [0] - C:\WINDOWS\LanguageOverlayCache [12/04/2018 01:38:21] - |D| - [0] - C:\WINDOWS\LiveKernelReports [11/04/2018 23:04:39] - |D| - [4688022] - C:\WINDOWS\Logs [12/04/2018 01:38:21] - |RSD| - [20486563] - C:\WINDOWS\media [MD5.23AF90D2355D8C83AA4567EF1763B467] - [12/04/2018 01:34:36] - |A| - (.-.) - [43131] - (0.0.0.0) - C:\WINDOWS\mib.bin [12/04/2018 01:38:20] - |RD| - [875271040] - C:\WINDOWS\Microsoft.NET [12/04/2018 01:38:21] - |D| - [3135] - C:\WINDOWS\Migration [12/04/2018 01:38:21] - |D| - [0] - C:\WINDOWS\ModemLogs [MD5.BB9A06B8F2DD9D24C77F389D7B2B58D2] - [12/04/2018 01:34:20] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Bloc-notes.) - [245760] - (10.0.17134.1) - C:\WINDOWS\notepad.exe [MD5.74F28574BB8F61FFC7DD419FE6B6E0D5] - [05/07/2018 17:38:01] - |A| - (.-.) - [1951] - (0.0.0.0) - C:\WINDOWS\NvContainerRecovery.bat [MD5.74F28574BB8F61FFC7DD419FE6B6E0D5] - [05/07/2018 17:38:11] - |A| - (.-.) - [1951] - (0.0.0.0) - C:\WINDOWS\NvTelemetryContainerRecovery.bat [12/04/2018 18:22:25] - |D| - [199472] - C:\WINDOWS\OCR [12/04/2018 01:38:21] - |RD| - [65] - C:\WINDOWS\Offline Web Pages [04/07/2018 13:00:23] - |D| - [218415] - C:\WINDOWS\Panther [27/08/2018 12:08:10] - |D| - [0] - C:\WINDOWS\PCHEALTH [12/04/2018 01:38:21] - |D| - [470270] - C:\WINDOWS\Performance [MD5.5194B7D649C264FBCF5E42C96E2F773A] - [04/07/2018 13:00:17] - |A| - (.-.) - [50776] - (0.0.0.0) - C:\WINDOWS\PFRO.log [12/04/2018 01:38:21] - |D| - [1136442] - C:\WINDOWS\PLA [12/04/2018 01:38:21] - |D| - [2821730] - C:\WINDOWS\PolicyDefinitions [17/05/2018 18:38:57] - |D| - [5597245] - C:\WINDOWS\Prefetch [12/04/2018 01:38:21] - |RD| - [1965018] - C:\WINDOWS\PrintDialog [12/04/2018 01:38:21] - |D| - [5261619] - C:\WINDOWS\Provisioning [MD5.AC91328EE5CFFBD695CE912F75F876F6] - [12/04/2018 01:34:34] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Éditeur du Registre.) - [336384] - (10.0.17134.1) - C:\WINDOWS\regedit.exe [12/04/2018 01:38:21] - |D| - [1117876] - C:\WINDOWS\Registration [12/04/2018 01:38:21] - |D| - [9098104] - C:\WINDOWS\rescache [12/04/2018 01:38:21] - |D| - [3823765] - C:\WINDOWS\Resources [12/04/2018 01:38:21] - |D| - [0] - C:\WINDOWS\SchCache [12/04/2018 01:38:21] - |D| - [122082] - C:\WINDOWS\schemas [12/04/2018 01:38:21] - |D| - [8464398] - C:\WINDOWS\security [17/05/2018 19:35:51] - |D| - [55107567] - C:\WINDOWS\ServiceProfiles [12/04/2018 01:38:21] - |D| - [0] - C:\WINDOWS\ServiceState [11/04/2018 23:04:33] - |D| - [111039499] - C:\WINDOWS\servicing [12/04/2018 01:41:20] - |D| - [42] - C:\WINDOWS\Setup [MD5.9F1B496BE31F351E8448E15DCB8B16D0] - [28/08/2018 20:01:20] - |A| - (.-.) - [617] - (0.0.0.0) - C:\WINDOWS\setupact.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - [28/08/2018 20:01:20] - |A| - (.-.) - [0] - (0.0.0.0) - C:\WINDOWS\setuperr.log [12/04/2018 01:38:21] - |D| - [6442496] - C:\WINDOWS\ShellComponents [12/04/2018 01:38:21] - |D| - [53630976] - C:\WINDOWS\ShellExperiences [08/01/2017 13:33:11] - |D| - [59904] - C:\WINDOWS\ShellNew [12/04/2018 18:19:39] - |D| - [3070736] - C:\WINDOWS\SKB [24/11/2016 09:50:58] - |D| - [965845249] - C:\WINDOWS\SoftwareDistribution [12/04/2018 01:38:21] - |D| - [86037185] - C:\WINDOWS\Speech [12/04/2018 01:38:21] - |D| - [63476142] - C:\WINDOWS\Speech_OneCore [MD5.8D59B31FF375059E3C32B17BF31A76D5] - [12/04/2018 01:34:41] - |A| - (.© Microsoft Corporation. - Print driver host for applications.) - [130560] - (10.0.17134.1) - C:\WINDOWS\splwow64.exe [12/04/2018 01:38:21] - |D| - [31039] - C:\WINDOWS\System [MD5.286A9EDB379DC3423A528B0864A0F111] - [16/07/2016 13:47:50] - |A| - (.-.) - [219] - (0.0.0.0) - C:\WINDOWS\system.ini [11/04/2018 23:04:33] - |D| - [19858934062] - C:\WINDOWS\System32 [12/04/2018 01:38:21] - |D| - [225278122] - C:\WINDOWS\SystemApps [12/04/2018 01:38:21] - |D| - [25650125] - C:\WINDOWS\SystemResources [11/04/2018 23:04:41] - |D| - [1564312809] - C:\WINDOWS\SysWOW64 [12/04/2018 01:38:21] - |D| - [0] - C:\WINDOWS\TAPI [16/07/2016 13:47:48] - |D| - [220] - C:\WINDOWS\Tasks [12/04/2018 01:38:21] - |D| - [380854] - C:\WINDOWS\Temp [12/04/2018 01:38:21] - |D| - [13610496] - C:\WINDOWS\TextInput [12/04/2018 01:38:21] - |D| - [0] - C:\WINDOWS\tracing [12/04/2018 01:38:21] - |D| - [7680] - C:\WINDOWS\twain_32 [MD5.076387B253E6A381090F59EDBFC5EEF6] - [12/04/2018 01:34:53] - |A| - (.- Gestionnaire de sources Twain_32 (Image Acquisition Interface).) - [65536] - (1.7.1.3) - C:\WINDOWS\twain_32.dll [12/04/2018 01:38:21] - |D| - [12420] - C:\WINDOWS\Vss [11/04/2018 23:04:37] - |D| - [25814] - C:\WINDOWS\WaaS [12/04/2018 01:38:21] - |D| - [15729830] - C:\WINDOWS\Web [MD5.DA396A905E0D79329297EF130F2825BA] - [16/07/2016 13:47:50] - |A| - (.-.) - [76] - (0.0.0.0) - C:\WINDOWS\win.ini [MD5.C844CA459F3B209329984772269B6E56] - [12/04/2018 01:34:36] - |RAH| - (.-.) - [670] - (0.0.0.0) - C:\WINDOWS\WindowsShell.Manifest [MD5.2CC83D93DD1DDE691158CF5E9882420B] - [28/08/2018 11:55:37] - |A| - (.-.) - [276] - (0.0.0.0) - C:\WINDOWS\WindowsUpdate.log [MD5.EE1F0DE1ED3E8A5BF080B3497049969E] - [12/04/2018 01:34:52] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Relais Windows Winhlp32.) - [11776] - (10.0.17134.1) - C:\WINDOWS\winhlp32.exe [11/04/2018 23:04:33] - |D| - [9887044385] - C:\WINDOWS\WinSxS [MD5.E7E4D8D7340DA6934B9EA81CBB21374C] - [12/04/2018 01:33:56] - |A| - (.-.) - [316640] - (0.0.0.0) - C:\WINDOWS\WMSysPr9.prx [MD5.5266C61652051E9EF3A4D199001F6B17] - [12/04/2018 01:34:19] - |A| - (.© Microsoft Corporation. - Windows Write.) - [11264] - (10.0.17134.1) - C:\WINDOWS\write.exe ---------- | C:\WINDOWS\System32\GroupPolicy [06/10/2017 20:36:37] - |D| - [0] - C:\WINDOWS\System32\GroupPolicy\Machine [12/07/2018 12:23:19] - |D| - [0] - C:\WINDOWS\System32\GroupPolicy\User ---------- | Systemroot\System ---------- | Systemroot\Installer (Microsoft Files Whitelisted) [29/09/2016 19:11:18] - C:\WINDOWS\Installer\108cbb.msi : (OpenOffice 4.1.3 - OpenOffice) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [16/07/2018 23:07:02] - C:\WINDOWS\Installer\11e4038.msi : (LogMeIn Hamachi Installer - LogMeIn, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [14/06/2010 16:42:14] - C:\WINDOWS\Installer\14167940.msi : (Logitech Gaming Software 5.10 - Logitech) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [16/07/2018 23:49:40] - C:\WINDOWS\Installer\144bff1.msi : (Java SE Runtime Environment 8 Update 171 - Oracle Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/10/2017 21:38:20] - C:\WINDOWS\Installer\1480aa.msi : (Driver Fusion - Treexy) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [20/03/2017 11:49:38] - C:\WINDOWS\Installer\1542b4.msi : (Google Update Helper - Google Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/06/2018 13:29:30] - C:\WINDOWS\Installer\15741143.msi : (swMSM - Adobe Systems, Inc) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [03/07/2018 17:14:03] - C:\WINDOWS\Installer\1616aa3.msi : (Java SE Runtime Environment 8 Update 172 - Oracle Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [03/07/2018 17:14:38] - C:\WINDOWS\Installer\1616ab2.msi : (Java Auto Updater - Oracle Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [24/01/2008 01:31:40] - C:\WINDOWS\Installer\1c52ca2b.msi : (Blank Project Template - THQ) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/09/2012 07:58:56] - C:\WINDOWS\Installer\1ca24bf.msi : (WIDCOMM Bluetooth Profile Pack - Broadcom Corp.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [12/12/2016 21:45:00] - C:\WINDOWS\Installer\22e9e9a.msi : (Launcher MOD CSP-IRG - MOD CSP-IRG) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [25/06/2017 20:56:26] - C:\WINDOWS\Installer\24360d2.msi : ( - dotPDN LLC) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [05/03/2017 23:18:52] - C:\WINDOWS\Installer\26e17a1.msi : (Assistant de téléchargement - Druide informatique inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [07/11/2017 09:18:52] - C:\WINDOWS\Installer\472f6682.msi : (SlimDX Runtime .NET 4.0 x64 (January 2012) - SlimDX Group) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [07/11/2017 09:18:52] - C:\WINDOWS\Installer\47f50e3d.msi : (SlimDX Runtime .NET 4.0 x86 (January 2012) - SlimDX Group) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [29/11/2016 13:19:01] - C:\WINDOWS\Installer\69237b.msi : (Minecraft - Mojang) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/04/2018 08:26:39] - C:\WINDOWS\Installer\7d701e.msi : (PlayStation™Now - Sony Interactive Entertainment Network America LLC) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [11/12/2016 02:43:15] - C:\WINDOWS\Installer\88150b.msi : (Curse - Curse) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/07/2017 00:09:52] - C:\WINDOWS\Installer\a78310.msi : (Epic Games Launcher - Epic Games, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/03/2015 10:41:29] - C:\WINDOWS\Installer\d23433.msi : ( - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [12/01/2016 17:51:46] - C:\WINDOWS\Installer\e070c6.msi : (UE4 Prerequisites (x64) - Epic Games, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [14/12/2016 14:34:01] - C:\WINDOWS\Installer\e4e75f.msi : (Java SE Development Kit 8 Update 111 (64-bit) - Oracle Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [14/11/2017 21:13:16] - C:\WINDOWS\Installer\e5234.msi : (Skype - Skype Technologies S.A.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [12/07/2018 09:31:17] - C:\WINDOWS\Installer\f5a856f.msi : (Adobe ARM Installer - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] ---------- | %System%\*.in* [12/04/2018 01:33:56] - [3329] - C:\WINDOWS\System32\ieuinit.inf [17/05/2018 18:48:55] - [1766590] - C:\WINDOWS\System32\PerfStringBackup.INI [12/04/2018 01:34:33] - [60124] - C:\WINDOWS\System32\tcpmon.ini [12/04/2018 01:34:20] - [2404] - C:\WINDOWS\System32\WimBootCompress.ini [12/04/2018 01:34:00] - [3329] - C:\WINDOWS\Syswow64\ieuinit.inf [26/03/2017 19:46:40] - [7179864] - C:\WINDOWS\Syswow64\PerfStringBackup.INI [12/04/2018 01:34:49] - [2404] - C:\WINDOWS\Syswow64\WimBootCompress.ini ---------- | Listing no Microsoft signed files (Not necessary Malwares) | system32 | Syswow64 | General scan [MD5.1209586747FB45C82B3A2BBD056B876C] - |A| - [30/08/2018 15:00:54] - (.-.) - [24.61 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\adobegc.log [MD5.00000000000000000000000000000000] - |D| - [30/08/2018 15:01:35] - [344.29 Ko] - C:\WINDOWS\Temp\avast_ash2 [MD5.00000000000000000000000000000000] - |D| - [30/08/2018 23:35:02] - [0 Ko] - C:\WINDOWS\Temp\DiagTrack_alternativeTrace [MD5.00000000000000000000000000000000] - |D| - [30/08/2018 23:35:02] - [0 Ko] - C:\WINDOWS\Temp\DiagTrack_aot [MD5.00000000000000000000000000000000] - |D| - [30/08/2018 23:35:02] - [0 Ko] - C:\WINDOWS\Temp\DiagTrack_diag [MD5.00000000000000000000000000000000] - |D| - [30/08/2018 23:35:02] - [0 Ko] - C:\WINDOWS\Temp\DiagTrack_miniTrace [MD5.525BE1D3F2309417BB5D27837C99888A] - |A| - [30/08/2018 15:00:54] - (.-.) - [1.73 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\HamachiSetup.log [MD5.11135CADC6B5768B700F6F547708C684] - |A| - [30/08/2018 15:02:04] - (.-.) - [3.94 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MpCmdRun.log [MD5.DA4A42993F1FC479D81A7ED8BCC0478A] - |A| - [30/08/2018 07:33:18] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\ScheduledHeartbeat.log [MD5.00000000000000000000000000000000] - |D| - [17/05/2018 18:42:03] - [0 Ko] - C:\WINDOWS\Temp\_avast_ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:18:38] - [0 Ko] - C:\WINDOWS\System32\0409 [MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [12/04/2018 01:34:20] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@AudioToastIcon.png [MD5.8E4B25CC8E98F63DBD54176DFAB539E0] - |A| - [12/04/2018 01:34:07] - (.-.) - [0.44 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@BackgroundAccessToastIcon.png [MD5.3937359E324E15F6A7A7092D4DAEBD64] - |A| - [12/04/2018 01:34:25] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@bitlockertoastimage.png [MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [12/04/2018 01:34:14] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@EnrollmentToastIcon.png [MD5.C2A332DE50FE519DA21AFB8BD6E134F4] - |A| - [12/04/2018 01:34:27] - (.-.) - [0.55 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@language_notification_icon.png [MD5.A119D69B4C29845D3F8CE2E5638C8E65] - |A| - [12/04/2018 01:34:32] - (.-.) - [0.47 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@optionalfeatures.png [MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [12/04/2018 01:34:33] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@VpnToastIcon.png [MD5.7AC3EA1A5175106ED6467FF0C5315541] - |A| - [12/04/2018 01:34:44] - (.-.) - [14.75 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WiFiNotificationIcon.png [MD5.79166EAF65485F1432DD72B72870026B] - |A| - [12/04/2018 01:34:04] - (.-.) - [190.86 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@windows-hello-V4.1.gif [MD5.13EF2C8D799F7B6E9D8E3D6BACB9C779] - |A| - [12/04/2018 01:34:04] - (.-.) - [0.7 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsHelloFaceToastIcon.png [MD5.F553B252FEC3134D4F5303D9B25298B3] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsUpdateToastIcon.contrast-black.png [MD5.DAD405CBDE259DE527EBF71BCC28099C] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.79 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsUpdateToastIcon.contrast-white.png [MD5.F553B252FEC3134D4F5303D9B25298B3] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsUpdateToastIcon.png [MD5.DB71001FC261F6685BE410527DAE3942] - |A| - [12/04/2018 01:34:20] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WirelessDisplayToast.png [MD5.D0FCF781D0801ABF5F74B54E98076A5B] - |A| - [12/04/2018 01:34:12] - (.-.) - [0.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WwanNotificationIcon.png [MD5.85D91E478AF18125007C531227FF6E59] - |A| - [12/04/2018 01:34:12] - (.-.) - [0.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WwanSimLockIcon.png [MD5.ECFB47321D759AC6015E613AEAF2BDCC] - |A| - [06/10/2017 21:46:41] - (.-.) - [115.8 Ko] - (0.0.0.0) - C:\WINDOWS\System32\AcpiServiceVnA64.dll [MD5.00000000000000000000000000000000] - |D| - [11/04/2018 23:04:39] - [2891.9 Ko] - C:\WINDOWS\System32\AdvancedInstallers [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\System32\af-ZA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [27.97 Ko] - C:\WINDOWS\System32\am-et [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\System32\AppLocker [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [2576.89 Ko] - C:\WINDOWS\System32\appraiser [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [345.5 Ko] - C:\WINDOWS\System32\ar-SA [MD5.B4F803BBEAFAD4DE89C6D3718E93F4F0] - |A| - [12/04/2018 01:34:15] - (.Copyright (c) libarchive authors - Windows-internal libarchive library.) - [602 Ko] - (3.3.2.0) - C:\WINDOWS\System32\archiveint.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30.5 Ko] - C:\WINDOWS\System32\as-IN [MD5.E79F0A8AF6BD52FCCDDCBAA3D33DC691] - |A| - [30/08/2018 23:36:39] - (.Copyright (c) 2018 AVAST Software - Avast start-up scanner.) - [370.71 Ko] - (18.6.3983.0) - C:\WINDOWS\System32\aswBoot.exe [MD5.DC2AE009029AABE06996A37C2B729EFD] - |A| - [06/10/2017 21:46:41] - (.-.) - [102.84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\audioLibVc.dll [MD5.C03F0062C0749CDB59A4D60862C3E83E] - |A| - [12/04/2018 01:34:04] - (.-.) - [134.86 Ko] - (0.0.0.0) - C:\WINDOWS\System32\AverageRoom.bin [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\System32\az-Latn-AZ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\System32\be-BY [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [345.5 Ko] - C:\WINDOWS\System32\bg-BG [MD5.705628497C0012302212A46ADD463E6E] - |A| - [12/04/2018 01:34:02] - (.-.) - [8.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.contrast-black.png [MD5.F63C615733A3337BF2BEA96C6EE9B568] - |A| - [12/04/2018 01:34:02] - (.-.) - [8.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.contrast-high.png [MD5.705628497C0012302212A46ADD463E6E] - |A| - [12/04/2018 01:34:02] - (.-.) - [8.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.contrast-white.png [MD5.DAF1DCB4AEE839A1965F4CC160C49A53] - |A| - [12/04/2018 01:34:02] - (.-.) - [8.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.png [MD5.28ECA83D7F9D10D69E969675D1FF6725] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.29 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothSystemToastIcon.contrast-white.png [MD5.A620186FF1CDE4EE117FC4CAD648B9CC] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.2 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\System32\bn-BD [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\System32\bn-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [4832.22 Ko] - C:\WINDOWS\System32\Boot [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\System32\bs-Latn-BA [MD5.06DB0A736F8A78151518276F232669FC] - |A| - [12/04/2018 01:34:19] - (.Copyright (C) 2008 - Gestionnaire de contexte pour réseau personnel Bluetooth.) - [181 Ko] - (1.0.0.1) - C:\WINDOWS\System32\BthpanContextHandler.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0.1 Ko] - C:\WINDOWS\System32\Bthprops [MD5.535884123FABC2C15AA7DEC9834B55D4] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ComputerToastIcon.contrast-white.png [MD5.89F92266DFC6F93961DFFBB2D6C61A15] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.38 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ComputerToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [11/04/2018 23:04:33] - [267000.32 Ko] - C:\WINDOWS\System32\config [MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 01:38:21] - [53.11 Ko] - C:\WINDOWS\System32\Configuration [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [403.5 Ko] - C:\WINDOWS\System32\cs-CZ [MD5.BDEBD2FC4927DA00EEA263AF9CF8F7ED] - |A| - [12/04/2018 01:34:15] - (.© 1996 - 2017 Daniel Stenberg, . - The curl executable.) - [414.5 Ko] - (7.55.1.0) - C:\WINDOWS\System32\curl.exe [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [31.5 Ko] - C:\WINDOWS\System32\cy-GB [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [399 Ko] - C:\WINDOWS\System32\da-DK [MD5.4EDE94905F4910EA8CF91D4101DA198A] - |A| - [12/04/2018 01:34:04] - (.-.) - [138 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DataStoreCacheDumpTool.exe [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [217.6 Ko] - C:\WINDOWS\System32\DDFs [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [453 Ko] - C:\WINDOWS\System32\de-DE [MD5.C04ED7B2794D40E8E777FD44ED44FC50] - |A| - [12/04/2018 01:34:06] - (.-.) - [0.36 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultAccountTile.png [MD5.618BA9E529EAB7E11DBA43469481835F] - |A| - [12/04/2018 01:34:04] - (.-.) - [4128.04 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultHrtfs.bin [MD5.664AA698FC0106A2B075A641E8DC6302] - |A| - [12/04/2018 01:38:27] - (.-.) - [0.84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultQuestions.json [MD5.4A6FA3C0EFD237F104E09A22883D9388] - |A| - [12/04/2018 01:34:17] - (.-.) - [3.85 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DetailedReading-Default.xml [MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 01:38:21] - [923.5 Ko] - C:\WINDOWS\System32\DiagSvcs [MD5.12ACC91FA93C8BF82D4EF3FB779ECEF8] - |A| - [12/04/2018 01:34:24] - (.-.) - [80.27 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DiskSnapshot.conf [MD5.00000000000000000000000000000000] - |D| - [11/04/2018 23:04:37] - [9773.77 Ko] - C:\WINDOWS\System32\Dism [MD5.6AB2B935BF38EB13CFCB9506223FD6E7] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DisplaySystemToastIcon.contrast-white.png [MD5.FF004E0B30E5E4EC747B3D8EF6E3B89E] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DisplaySystemToastIcon.png [MD5.DF84EB7B44D1414284BA384F0061D1DC] - |A| - [12/04/2018 01:34:04] - (.-.) - [728.08 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DynamicLong.bin [MD5.346870077DFD18867A9693C7A59AA3E6] - |A| - [12/04/2018 01:34:04] - (.-.) - [503.08 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DynamicMedium.bin [MD5.2BEC13D68312ADE8C0065D8BCC146D2F] - |A| - [12/04/2018 01:34:04] - (.-.) - [315.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DynamicShort.bin [MD5.9734BDDABAD131D62E9B41126BD2D019] - |A| - [07/04/2016 03:36:28] - (.-.) - [3.06 Ko] - (0.0.0.0) - C:\WINDOWS\System32\e1d65x64.din [MD5.08C33E4AB904EC0960B0781ED26AE039] - |A| - [12/04/2018 01:33:52] - (.-.) - [2.04 Ko] - (0.0.0.0) - C:\WINDOWS\System32\edgehtmlpluginpolicy.bin [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [451.5 Ko] - C:\WINDOWS\System32\el-GR [MD5.01211D1A7446BE619A6BB381FAF5DDE6] - |A| - [12/06/2017 12:36:36] - (.-.) - [22.66 Ko] - (0.0.0.0) - C:\WINDOWS\System32\emptyregdb.dat [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:18:38] - [0 Ko] - C:\WINDOWS\System32\en [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [324 Ko] - C:\WINDOWS\System32\en-GB [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [2138.03 Ko] - C:\WINDOWS\System32\en-US [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [433.5 Ko] - C:\WINDOWS\System32\es-ES [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [358.5 Ko] - C:\WINDOWS\System32\es-MX [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [318.5 Ko] - C:\WINDOWS\System32\et-EE [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29 Ko] - C:\WINDOWS\System32\eu-ES [MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 01:38:21] - [17125.14 Ko] - C:\WINDOWS\System32\F12 [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\System32\fa-IR [MD5.4DBB768C8F7E49566670FF10A61726A3] - |A| - [12/07/2018 09:33:59] - (.-.) - [1278 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FaceProcessor.dll [MD5.F5A3997555DA1A4F7036D4E8B2FCB386] - |A| - [12/07/2018 09:33:55] - (.-.) - [530.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FaceProcessorCore.dll [MD5.BB0137476B1EC8B10CE944BF023C91F6] - |A| - [12/04/2018 01:34:04] - (.-.) - [1317.05 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FaceTrackerInternal.dll [MD5.4DED57BD7ACB9B0EBBE82034EC44645A] - |A| - [12/04/2018 01:34:41] - (.-.) - [43.22 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FeatureToastBulldogImg.png [MD5.E65D2A37B6D4445D0CD9234BA933475B] - |A| - [12/04/2018 01:33:53] - (.-.) - [72.96 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FeatureToastHeroImg.jpg [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [404.5 Ko] - C:\WINDOWS\System32\fi-FI [MD5.FEFF27B893E73212A95E7321222273A4] - |A| - [28/05/2013 22:23:14] - (.-.) - [637 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ficvdec_x64.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32.5 Ko] - C:\WINDOWS\System32\fil-PH [MD5.86177A958F4B9AD449C1EC7569DE2193] - |A| - [01/10/2012 20:35:42] - (.- Microsoft® Forms DLL.) - [1555.13 Ko] - (15.0.4420.1017) - C:\WINDOWS\System32\FM20.DLL [MD5.E44C360B261B0C35F175370F20D5DDCD] - |A| - [01/10/2012 20:38:12] - (.- Microsoft® Forms International DLL.) - [31.14 Ko] - (15.0.4420.1017) - C:\WINDOWS\System32\FM20ENU.DLL [MD5.2A7D873D71572E1EF6D0552BABC1B03E] - |A| - [01/10/2012 21:04:00] - (.- Microsoft® Forms International DLL.) - [35.16 Ko] - (15.0.4420.1017) - C:\WINDOWS\System32\FM20FRA.DLL [MD5.164F5F879E40395D265F36D8EAE6A783] - |A| - [17/05/2018 18:38:33] - (.-.) - [445.31 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FNTCACHE.DAT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:18:38] - [3403 Ko] - C:\WINDOWS\System32\fr [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [369 Ko] - C:\WINDOWS\System32\fr-CA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [45637.5 Ko] - C:\WINDOWS\System32\fr-FR [MD5.434299BE3124ADC5B84233BF4CDCF157] - |A| - [22/12/2017 01:59:04] - (.Copyright © Beepa P/L 2013 - Fraps.) - [103.5 Ko] - (3.5.99.15625) - C:\WINDOWS\System32\frapsv64.dll [MD5.E7104224FAD225D764248CDF0A85482E] - |A| - [24/08/2017 06:19:00] - (.Copyright © 2006-2017 FTDI Ltd. - FTDI USB Serial Converter Property Page Provider.) - [164.19 Ko] - (1.3.0.1) - C:\WINDOWS\System32\ftbusui.dll [MD5.39E2638AF413C84609BC851D942CCA8C] - |A| - [19/09/2017 11:38:12] - (.Copyright © 2004-2017 FTDI Ltd. - FTDI VCP CoInstaller.) - [73.21 Ko] - (2.1.3.1) - C:\WINDOWS\System32\ftcserco.dll [MD5.453A11B299E1C5A5214373008117EEFE] - |A| - [24/08/2017 06:19:04] - (.Copyright © 2001-2017 FTDI Ltd. - FTD2XX Dynamic Link Library.) - [307.19 Ko] - (3.2.14.0) - C:\WINDOWS\System32\ftd2xx.dll [MD5.230F5CE2185BA4DDAD0653D8F33C5BB4] - |A| - [24/08/2017 06:19:08] - (.Copyright © 2001-2017 FTDI Ltd. - FTDI Multi-Lingual Property Page Text Library.) - [268.18 Ko] - (1.5.2.1) - C:\WINDOWS\System32\FTLang.dll [MD5.6EEC15BFCB7B375632AEA62530C6777F] - |A| - [19/09/2017 11:38:24] - (.Copyright (c) 2000-2017 FTDI Ltd. - FTDI Virtual COM Port Property Page Provider.) - [63.71 Ko] - (2.12.28.1) - C:\WINDOWS\System32\ftserui2.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\System32\FxsTmp [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32.5 Ko] - C:\WINDOWS\System32\ga-IE [MD5.41FD64AE28A0C932CA7B2A250993D675] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.45 Ko] - (0.0.0.0) - C:\WINDOWS\System32\GameSystemToastIcon.contrast-white.png [MD5.6DC77FD8B062264AF1C6DA325ABB7010] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\GameSystemToastIcon.png [MD5.2E6AF4D5BF6E31E728F409984C3045D4] - |A| - [12/04/2018 01:34:39] - (.-.) - [86.7 Ko] - (0.0.0.0) - C:\WINDOWS\System32\gatherNetworkInfo.vbs [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [34 Ko] - C:\WINDOWS\System32\gd-GB [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [01/10/2017 13:30:19] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\System32\GfxValDisplayLog.bin [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [31 Ko] - C:\WINDOWS\System32\gl-ES [MD5.00000000000000000000000000000000] - |HD| - [16/07/2016 13:47:48] - [0 Ko] - C:\WINDOWS\System32\GroupPolicy [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [0 Ko] - C:\WINDOWS\System32\GroupPolicyUsers [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29 Ko] - C:\WINDOWS\System32\gu-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29 Ko] - C:\WINDOWS\System32\ha-Latn-NG [MD5.EA99A87E98D995DE6E280CF85CEAD413] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.21 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HandwritingSystemToastIcon.contrast-white.png [MD5.B8E586ED92DB703FFA480E254996160E] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.89 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HandwritingSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [327.5 Ko] - C:\WINDOWS\System32\he-IL [MD5.6E9E9D56B192B2995493E529CFF2BBFE] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.43 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadphoneSystemToastIcon.contrast-white.png [MD5.7F1E9502267F778F3A8139C35A352190] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.09 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadphoneSystemToastIcon.png [MD5.202A07E4526B050E22624328E64E0470] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.52 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadsetSystemToastIcon.contrast-white.png [MD5.1892ACC10CAC009BCAC146AD650ABA58] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.17 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadsetSystemToastIcon.png [MD5.031713BFD5F30E63336D3CA5D2767BE9] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.79 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HealthSystemToastIcon.contrast-white.png [MD5.C1BD7976C99830E33A713D02374054EC] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.62 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HealthSystemToastIcon.png [MD5.D6906D226393F94E7D8B3B2AC1E41D94] - |A| - [12/04/2018 01:34:10] - (.-.) - [247.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeatCore.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29 Ko] - C:\WINDOWS\System32\hi-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [335 Ko] - C:\WINDOWS\System32\hr-HR [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [411 Ko] - C:\WINDOWS\System32\hu-HU [MD5.E1712E7E7F912EC72EEDA318C3B25E25] - |A| - [12/04/2018 01:33:54] - (.-.) - [31 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HvSocket.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [27.5 Ko] - C:\WINDOWS\System32\hy-AM [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:20] - [160.64 Ko] - C:\WINDOWS\System32\hydrogen [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [5.36 Ko] - C:\WINDOWS\System32\ias [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [36.27 Ko] - C:\WINDOWS\System32\icsxml [MD5.CD591279F103D5E02F84ABD7ED450E57] - |RA| - [12/04/2018 01:34:12] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU I18N DLL.) - [1848 Ko] - (59.1.0.0) - C:\WINDOWS\System32\icuin.dll [MD5.4185EE055F39FD2D726A91E6A8A1A093] - |RA| - [12/04/2018 01:34:12] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Common DLL.) - [1311.5 Ko] - (59.1.0.0) - C:\WINDOWS\System32\icuuc.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\System32\id-ID [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [27 Ko] - C:\WINDOWS\System32\ig-NG [MD5.67B646C256190F118619C9D10AAE4B5C] - |A| - [12/04/2018 01:34:04] - (.-.) - [168 Ko] - (0.0.0.0) - C:\WINDOWS\System32\IHDS.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [25220 Ko] - C:\WINDOWS\System32\IME [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\System32\inetsrv [MD5.BB1480586B5C174900A1051CEB2B462F] - |A| - [12/04/2018 01:34:12] - (.-.) - [480.22 Ko] - (0.0.0.0) - C:\WINDOWS\System32\InputHost.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [6671.5 Ko] - C:\WINDOWS\System32\InputMethod [MD5.8DE9AE82152650C178BF1E24014E8503] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.25 Ko] - (0.0.0.0) - C:\WINDOWS\System32\InputSystemToastIcon.contrast-white.png [MD5.0B9FBD6F3ED617CD36D042D3422F1C2B] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\InputSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\System32\Ipmi [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29 Ko] - C:\WINDOWS\System32\is-IS [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [432.5 Ko] - C:\WINDOWS\System32\it-IT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [319.56 Ko] - C:\WINDOWS\System32\ja-jp [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\System32\ka-GE [MD5.23AC7515B6D8A794BCC01B582F044078] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.82 Ko] - (0.0.0.0) - C:\WINDOWS\System32\KeyboardSystemToastIcon.contrast-white.png [MD5.3DF873E16CCEA9B42857FB5FA085CB00] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\KeyboardSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\System32\kk-KZ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28 Ko] - C:\WINDOWS\System32\km-KH [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [31.5 Ko] - C:\WINDOWS\System32\kn-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [297 Ko] - C:\WINDOWS\System32\ko-KR [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29 Ko] - C:\WINDOWS\System32\kok-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\System32\ku-Arab-IQ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\System32\ky-KG [MD5.F0CC83E1BA7E24F9B3292160C28AECD7] - |A| - [12/04/2018 01:34:04] - (.-.) - [145.56 Ko] - (0.0.0.0) - C:\WINDOWS\System32\LargeRoom.bin [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [33 Ko] - C:\WINDOWS\System32\lb-LU [MD5.C15D2C94E3C94CEFE8DE6A9D36C35FD1] - |A| - [13/10/2016 22:55:18] - (.(C) 1991-2012 Logitech. - LDA Component Extensions (UNICODE).) - [2410.45 Ko] - (1.10.77.0) - C:\WINDOWS\System32\LdaCx2.dll [MD5.4F5120E44845A78D5920D2F0BDE0340F] - |A| - [12/04/2018 18:22:53] - (.-.) - [1953 Ko] - (2.6.4.0) - C:\WINDOWS\System32\libcrypto.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [559.86 Ko] - C:\WINDOWS\System32\Licenses [MD5.6FCFAF52ABBDB229A123A7402B2BC3E3] - |A| - [05/07/2018 17:33:51] - (.(C) 1998-2018 Logitech. - Logitech KMDF Co-Installer (UNICODE).) - [1810.62 Ko] - (5.92.28.0) - C:\WINDOWS\System32\LkmdfCoInst.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [27 Ko] - C:\WINDOWS\System32\lo-LA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [3600.83 Ko] - C:\WINDOWS\System32\LogFiles [MD5.1F1E9FBB7FE7A39A84A061F6EF7003B4] - |A| - [13/10/2016 22:55:24] - (.Copyright © 2010-2012 Logitech. All Rights Reserved - Logitech Download Assistant.) - [3850.45 Ko] - (1.10.77.0) - C:\WINDOWS\System32\LogiLDA.DLL [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [333 Ko] - C:\WINDOWS\System32\lt-LT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [331.5 Ko] - C:\WINDOWS\System32\lv-LV [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [58398.68 Ko] - C:\WINDOWS\System32\Macromed [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32.68 Ko] - C:\WINDOWS\System32\MailContactsCalendarSync [MD5.9F46840758431946CA096F8096B016B4] - |A| - [14/06/2018 16:03:49] - (.-.) - [790 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MBR2GPT.EXE [MD5.F23EB28468FC8B62AF941308EC30387F] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.25 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediaSystemToastIcon.contrast-white.png [MD5.6E27512E38D598E0A60F8E5ADCF032CD] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.83 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediaSystemToastIcon.png [MD5.69D04DE701CF1E8CE69C65D1671D2B3F] - |A| - [12/04/2018 01:34:04] - (.-.) - [107.46 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediumRoom.bin [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29 Ko] - C:\WINDOWS\System32\mi-NZ [MD5.00000000000000000000000000000000] - |D| - [17/05/2018 19:35:51] - [8.27 Ko] - C:\WINDOWS\System32\Microsoft [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [5564.46 Ko] - C:\WINDOWS\System32\migration [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [47362.99 Ko] - C:\WINDOWS\System32\migwiz [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\System32\mk-MK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32.5 Ko] - C:\WINDOWS\System32\ml-IN [MD5.D225B2044789A6059344503C1AE33347] - |A| - [12/04/2018 01:34:29] - (.-.) - [3.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\mmc.exe.config [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30.5 Ko] - C:\WINDOWS\System32\mn-MN [MD5.B43E43FFFDD0F06A6925C7C89594042B] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.35 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MouseSystemToastIcon.contrast-white.png [MD5.5D2F0D3E50BF1129D260AC1405FF2A18] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.06 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MouseSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\System32\mr-IN [MD5.00000000000000000000000000000000] - |D| - [24/11/2016 11:28:55] - [0 Ko] - C:\WINDOWS\System32\MRT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\System32\ms-MY [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [45.5 Ko] - C:\WINDOWS\System32\MSDRM [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [4340.28 Ko] - C:\WINDOWS\System32\MsDtc [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [31 Ko] - C:\WINDOWS\System32\mt-MT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [19.15 Ko] - C:\WINDOWS\System32\MUI [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [34.35 Ko] - C:\WINDOWS\System32\my-mm [MD5.02E55C4A660269C15F755CC2FF58F073] - |A| - [06/10/2017 21:46:45] - (.Copyright © 2013 Nahimic Inc. All rights reserved - Nahimic APO lfx dll.) - [5462.51 Ko] - (6.3.9600.17246) - C:\WINDOWS\System32\NAHIMICAPOlfx.dll [MD5.EB92FCA946E009B8DC614D9ED2B0CB2E] - |A| - [06/10/2017 21:46:46] - (.Copyright © 2013 Nahimic Inc. All rights reserved - Nahimic APO Settings Communication Dll.) - [980.33 Ko] - (1.0.0.14866) - C:\WINDOWS\System32\NahimicAPONSControl.dll [MD5.0537CFE215E65ADB1C41E5E7DA827187] - |A| - [06/10/2017 21:46:46] - (.Copyright © 2013 Nahimic Inc. All rights reserved - Nahimic APO lfx dll.) - [5799.71 Ko] - (6.3.9600.17246) - C:\WINDOWS\System32\NAHIMICV2apo.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [393.5 Ko] - C:\WINDOWS\System32\nb-NO [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [512 Ko] - C:\WINDOWS\System32\NDF [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [31.5 Ko] - C:\WINDOWS\System32\ne-NP [MD5.B7376DC6E0D6D9F4BA6F4D7737E7C28C] - |A| - [12/06/2017 12:32:17] - (.-.) - [93.32 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NetSetupMig.log [MD5.C146E873B22C3B300B21A859FE66C27A] - |A| - [12/04/2018 01:34:39] - (.-.) - [21.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NetTrace.PLA.Diagnostics.xml [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [51 Ko] - C:\WINDOWS\System32\networklist [MD5.1DFAB44ECDD4F6D189ED65968585B599] - |A| - [12/06/2017 12:32:45] - (.-.) - [8060.32 Ko] - (0.0.0.0) - C:\WINDOWS\System32\nvcoproc.bin [MD5.80BF96E6A4199698FFA4DF91968F7466] - |A| - [09/11/2017 04:57:28] - (.-.) - [43.23 Ko] - (0.0.0.0) - C:\WINDOWS\System32\nvinfo.pb [MD5.1F8E72D18D9DF680D0E0E5AA10ECA760] - |A| - [12/04/2018 01:38:28] - (.-.) - [16.94 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OEMDefaultAssociations.xml [MD5.F3DC097E834C1A11F2BEDFD429C644A9] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.41 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.contrast-black.png [MD5.BFE1CCA08FEFC8A3422F7DA615567D75] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.43 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.contrast-white.png [MD5.F3DC097E834C1A11F2BEDFD429C644A9] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.41 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [15786.16 Ko] - C:\WINDOWS\System32\oobe [MD5.2AD7B4F3C8D2BB686D231EDFF404B7A4] - |A| - [25/01/2017 16:50:30] - (.Copyright (C) 2000-2006 - Standard OpenAL(TM) Implementation.) - [120.02 Ko] - (6.14.357.24) - C:\WINDOWS\System32\OpenAL32.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:54] - [3834.5 Ko] - C:\WINDOWS\System32\OpenSSH [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32.5 Ko] - C:\WINDOWS\System32\or-IN [MD5.459FB33AA2114A28C5932FEAA115B072] - |A| - [12/04/2018 01:34:04] - (.-.) - [45.82 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OutdoorAudioEnvironment.bin [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\System32\pa-Arab-PK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\System32\pa-IN [MD5.874B0871DA3EC061D1BF30423C1E165B] - |A| - [12/04/2018 01:34:43] - (.-.) - [48.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PerceptionSimulationInput.exe [MD5.8A4FADC8581E07AE66A65E1B71478B5B] - |A| - [12/04/2018 01:40:29] - (.-.) - [129.59 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc009.dat [MD5.A2D6C69D038D40870BC9BE2CC9EEFFEA] - |A| - [12/04/2018 18:18:42] - (.-.) - [145.82 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc00C.dat [MD5.1E60BC5E525063B96078DF17FBD3C4E1] - |A| - [12/04/2018 01:40:29] - (.-.) - [32.64 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd009.dat [MD5.9F9AF8517189B0D61B2615007E071084] - |A| - [12/04/2018 18:18:42] - (.-.) - [39.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd00C.dat [MD5.0AF99B45EF0DB18D074E3513285295A4] - |A| - [12/04/2018 01:40:29] - (.-.) - [683.36 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh009.dat [MD5.7AC3C78C8924A90B97132D81E6E6291B] - |A| - [12/04/2018 18:18:42] - (.-.) - [771.28 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh00C.dat [MD5.4475321CDE509A5A95E1AD60666F0F94] - |A| - [17/05/2018 18:48:55] - (.-.) - [1725.19 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PerfStringBackup.INI [MD5.79D34E3B62076D4C875C748F5BE71ECA] - |A| - [12/04/2018 01:34:02] - (.-.) - [2.21 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PhoneSystemToastIcon.contrast-white.png [MD5.4D9495349D00D9AD907F227FF51F289F] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.92 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PhoneSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [420 Ko] - C:\WINDOWS\System32\pl-PL [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [682 Ko] - C:\WINDOWS\System32\PointOfService [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:18:39] - [420.74 Ko] - C:\WINDOWS\System32\Printing_Admin_Scripts [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\System32\ProximityToast [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30.5 Ko] - C:\WINDOWS\System32\prs-AF [MD5.007893E8374C766471239EB291BA8C17] - |A| - [12/04/2018 01:34:40] - (.-.) - [4.05 Ko] - (0.0.0.0) - C:\WINDOWS\System32\psmodulediscoveryprovider.mof [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [422 Ko] - C:\WINDOWS\System32\pt-BR [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [417.5 Ko] - C:\WINDOWS\System32\pt-PT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32.5 Ko] - C:\WINDOWS\System32\quc-Latn-GT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30.5 Ko] - C:\WINDOWS\System32\quz-PE [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [23.75 Ko] - C:\WINDOWS\System32\ras [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\System32\RasToast [MD5.5BBEA6A833CAE2CAB5E400D757998BBF] - |A| - [17/05/2018 19:34:53] - (.-.) - [1907.5 Ko] - (1.0.1802.7001) - C:\WINDOWS\System32\rdpnano.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [396249.72 Ko] - C:\WINDOWS\System32\Recovery [MD5.826549DF7B1333179BA8CA939B12DAD3] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RemoteSystemToastIcon.contrast-white.png [MD5.B4DEEC96F9DF6961D5DE054F11BF9C2B] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.1 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RemoteSystemToastIcon.png [MD5.93915F385A4EED6C0FBEE364EA90CE56] - |A| - [12/04/2018 01:34:43] - (.-.) - [9.09 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriHMImageList [MD5.39A2449AFF6ABAD80B97EA7C7CEB3F8E] - |A| - [12/04/2018 01:34:43] - (.-.) - [8.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriImageList [MD5.831C579709F4761E4AB7053FCF4176EC] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.contrast-black.png [MD5.DF286186041C6BF73C5DC21CEEEFFED5] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.77 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.contrast-white.png [MD5.831C579709F4761E4AB7053FCF4176EC] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0.07 Ko] - C:\WINDOWS\System32\restore [MD5.0F0CE558A9D992E8E0336E6ACB3FAF85] - |A| - [12/04/2018 01:34:04] - (.-.) - [51.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\runexehelper.exe [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\System32\rw-RW [MD5.5C18CD22BE4628865FCB63337A6E5EF6] - |A| - [12/04/2018 01:35:22] - (.-.) - [10.18 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScavengeSpace.xml [MD5.2F24BC74DCB28FE032C1596755385917] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.contrast-black.png [MD5.E72B1B6800DE45AA9AE7E10F899E5999] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.54 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.contrast-white.png [MD5.2F24BC74DCB28FE032C1596755385917] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\System32\sd-Arab-PK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [6.92 Ko] - C:\WINDOWS\System32\SecureBootUpdates [MD5.A8308D2F3DDE0745E8B678BF69A2ECD0] - |A| - [12/04/2018 01:34:39] - (.-.) - [8 Ko] - (0.0.0.0) - C:\WINDOWS\System32\settings.dat [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [2246 Ko] - C:\WINDOWS\System32\ShellExperiences [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [53.2 Ko] - C:\WINDOWS\System32\si-lk [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [339 Ko] - C:\WINDOWS\System32\sk-SK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [335.5 Ko] - C:\WINDOWS\System32\sl-SI [MD5.00000000000000000000000000000000] - |D| - [17/05/2018 18:38:34] - [49947.73 Ko] - C:\WINDOWS\System32\SleepStudy [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:18:39] - [52.14 Ko] - C:\WINDOWS\System32\slmgr [MD5.DAC275ABAAD2B689D7BB3685E4032072] - |A| - [12/04/2018 01:34:04] - (.-.) - [68.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SmallRoom.bin [MD5.00000000000000000000000000000000] - |D| - [11/04/2018 23:04:33] - [13433.02 Ko] - C:\WINDOWS\System32\SMI [MD5.55121989BE7B289813D419BA0FDEE8B7] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.contrast-black.png [MD5.E30B7D226E7B5B0EC2B9FC2316694ECC] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.88 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.contrast-white.png [MD5.55121989BE7B289813D419BA0FDEE8B7] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.png [MD5.DE3EAAF17BC934C77C4FC0C626EEA03B] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.48 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SpeakersSystemToastIcon.contrast-white.png [MD5.3308374DB8D20CFDA4D4204E2B5E559E] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.88 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SpeakersSystemToastIcon.png [MD5.3C238A27DD48D63F21CBB8AE6E4210BD] - |A| - [12/04/2018 01:34:41] - (.-.) - [37 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SpectrumSyncClient.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [7505.4 Ko] - C:\WINDOWS\System32\Speech [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [12220.67 Ko] - C:\WINDOWS\System32\Speech_OneCore [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [72184.18 Ko] - C:\WINDOWS\System32\spool [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [6563.63 Ko] - C:\WINDOWS\System32\spp [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [23.61 Ko] - C:\WINDOWS\System32\sppui [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30.5 Ko] - C:\WINDOWS\System32\sq-AL [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\System32\sr-Cyrl-BA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\System32\sr-Cyrl-RS [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [0 Ko] - C:\WINDOWS\System32\sr-Latn-CS [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [337 Ko] - C:\WINDOWS\System32\sr-Latn-RS [MD5.2E00E08420875FAE0B173C6A34C2A575] - |A| - [14/06/2018 16:03:48] - (.-.) - [18.28 Ko] - (0.0.0.0) - C:\WINDOWS\System32\srms-apr.dat [MD5.4FD560E994EDF0353835F3F9F506A62C] - |A| - [12/07/2018 09:33:53] - (.-.) - [57.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\srms.dat [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [40536 Ko] - C:\WINDOWS\System32\sru [MD5.8A02EF186BDC952CA75EFA689EC4F275] - |A| - [12/04/2018 01:34:04] - (.-.) - [434 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ssdm.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [401.5 Ko] - C:\WINDOWS\System32\sv-SE [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29 Ko] - C:\WINDOWS\System32\sw-KE [MD5.00000000000000000000000000000000] - |D| - [11/04/2018 23:04:37] - [1402.16 Ko] - C:\WINDOWS\System32\Sysprep [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [923.28 Ko] - C:\WINDOWS\System32\SystemResetPlatform [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [44.73 Ko] - C:\WINDOWS\System32\ta-in [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [10.73 Ko] - C:\WINDOWS\System32\ta-lk [MD5.9CD66B93520B6DD13C71EAEF487D7899] - |A| - [12/04/2018 01:34:16] - (.Copyright (c) libarchive authors - bsdtar archive tool.) - [49 Ko] - (3.3.2.0) - C:\WINDOWS\System32\tar.exe [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [636.43 Ko] - C:\WINDOWS\System32\Tasks [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [579.97 Ko] - C:\WINDOWS\System32\Tasks_Migrated [MD5.3FD03A130DAF033DFB0EB93228286810] - |A| - [14/08/2018 19:42:11] - (.-.) - [1.28 Ko] - (0.0.0.0) - C:\WINDOWS\System32\tcbres.wim [MD5.D602CA245CC6774A0981B607F0675609] - |A| - [12/04/2018 01:34:33] - (.-.) - [58.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\tcpmon.ini [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\System32\te-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32 Ko] - C:\WINDOWS\System32\tg-Cyrl-TJ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [308.5 Ko] - C:\WINDOWS\System32\th-TH [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [22.5 Ko] - C:\WINDOWS\System32\ti-ET [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [27.5 Ko] - C:\WINDOWS\System32\tk-TM [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32.5 Ko] - C:\WINDOWS\System32\tn-ZA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [392.5 Ko] - C:\WINDOWS\System32\tr-TR [MD5.B88B8D017386A00D7724519F475317A0] - |A| - [12/04/2018 01:34:44] - (.-.) - [10.33 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlan.xslt [MD5.2F05390B798363D51EBE65D6320CD45E] - |A| - [12/04/2018 01:34:44] - (.-.) - [1.65 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlanCredentials.xslt [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\System32\tt-RU [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28 Ko] - C:\WINDOWS\System32\ug-CN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [334.5 Ko] - C:\WINDOWS\System32\uk-UA [MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 01:38:21] - [2716.96 Ko] - C:\WINDOWS\System32\UNP [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\System32\ur-PK [MD5.5B0D59652F66ABB715DC53C312B26BD0] - |A| - [12/04/2018 01:34:14] - (.-.) - [37 Ko] - (0.0.0.0) - C:\WINDOWS\System32\UsbPmApi.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32 Ko] - C:\WINDOWS\System32\uz-Latn-UZ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [31.5 Ko] - C:\WINDOWS\System32\vi-VN [MD5.79C3017E4269435193E078B61EDD5DE1] - |A| - [20/04/2018 17:30:06] - (.Copyright (C) 2015-2018 - Vulkan Loader.) - [938.8 Ko] - (1.1.73.0) - C:\WINDOWS\System32\vulkan-1-999-0-0-0.dll [MD5.79C3017E4269435193E078B61EDD5DE1] - |A| - [20/04/2018 17:30:06] - (.Copyright (C) 2015-2018 - Vulkan Loader.) - [938.8 Ko] - (1.1.73.0) - C:\WINDOWS\System32\vulkan-1.dll [MD5.041E19EC4A66F32383651A7C12070398] - |A| - [20/04/2018 17:29:52] - (.Copyright (C) 2015-2018 - Vulkan Info.) - [684.3 Ko] - (1.1.73.0) - C:\WINDOWS\System32\vulkaninfo-1-999-0-0-0.exe [MD5.041E19EC4A66F32383651A7C12070398] - |A| - [20/04/2018 17:29:52] - (.Copyright (C) 2015-2018 - Vulkan Info.) - [684.3 Ko] - (1.1.73.0) - C:\WINDOWS\System32\vulkaninfo.exe [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [87458.81 Ko] - C:\WINDOWS\System32\wbem [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:18:39] - [0 Ko] - C:\WINDOWS\System32\WCN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [130441.85 Ko] - C:\WINDOWS\System32\WDI [MD5.6EDD021A8B6457DDE09DE7B7FA4E8C8B] - |A| - [12/04/2018 01:34:19] - (.-.) - [0.6 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WdsUnattendTemplate.xml [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [1.12 Ko] - C:\WINDOWS\System32\WinBioDatabase [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [44134.66 Ko] - C:\WINDOWS\System32\WinBioPlugIns [MD5.9FB33FC28587B322B6563F73A8F0CBBD] - |A| - [12/04/2018 01:34:10] - (.-.) - [123 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WindowsDefaultHeatProcessor.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [9771 Ko] - C:\WINDOWS\System32\WindowsPowerShell [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [165844 Ko] - C:\WINDOWS\System32\winevt [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [5569.42 Ko] - C:\WINDOWS\System32\WinMetadata [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:18:39] - [107.53 Ko] - C:\WINDOWS\System32\winrm [MD5.F92C9F9F9FF08AE25A3CFA99329457B3] - |A| - [27/04/2010 16:57:18] - (.© 1999-2010 Logitech. - Logitech Force Feedback Driver.) - [321.07 Ko] - (5.9.129.0) - C:\WINDOWS\System32\WmJoyFrc.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [27.5 Ko] - C:\WINDOWS\System32\wo-SN [MD5.C30C621748C66CE751B19B2788559A3E] - |A| - [12/04/2018 01:34:42] - (.-.) - [4.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpcmon.png [MD5.A853BF78DA5ED707FC4430FBEA74CC15] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpr.config.xml [MD5.549347BCD4AACD63243D78E8F869DBB1] - |A| - [25/01/2017 16:50:30] - (.Copyright © 2008 - OpenAL32.) - [455.52 Ko] - (2.2.0.5) - C:\WINDOWS\System32\wrap_oal.dll [MD5.DE198ABE13B6E663E60E006E17CF68B1] - |A| - [12/04/2018 01:34:06] - (.-.) - [79.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\xboxgipsynthetic.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\System32\xh-ZA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29 Ko] - C:\WINDOWS\System32\yo-NG [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [286.99 Ko] - C:\WINDOWS\System32\zh-CN [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [3 Ko] - C:\WINDOWS\System32\zh-HK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [251.5 Ko] - C:\WINDOWS\System32\zh-TW [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\System32\zu-ZA [MD5.5C5A797761421CF9B72087F3BC8A5259] - |A| - [01/10/2017 13:30:19] - (.-.) - [0.18 Ko] - (0.0.0.0) - C:\WINDOWS\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat [MD5.1373F6562D5E4C715D5D3583E350093E] - |A| - [01/10/2017 13:30:19] - (.-.) - [0.2 Ko] - (0.0.0.0) - C:\WINDOWS\System32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:18:39] - [0 Ko] - C:\WINDOWS\SysWOW64\0409 [MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [12/04/2018 01:34:49] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@AudioToastIcon.png [MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [12/04/2018 01:34:48] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@EnrollmentToastIcon.png [MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [12/04/2018 01:34:59] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@VpnToastIcon.png [MD5.DB71001FC261F6685BE410527DAE3942] - |A| - [12/04/2018 01:34:49] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@WirelessDisplayToast.png [MD5.00000000000000000000000000000000] - |D| - [21/06/2018 20:15:09] - [10936.06 Ko] - C:\WINDOWS\SysWOW64\Adobe [MD5.00000000000000000000000000000000] - |D| - [11/04/2018 23:04:41] - [1900.9 Ko] - C:\WINDOWS\SysWOW64\AdvancedInstallers [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\SysWOW64\af-ZA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [22 Ko] - C:\WINDOWS\SysWOW64\am-ET [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\AppLocker [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [326.5 Ko] - C:\WINDOWS\SysWOW64\ar-SA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30.5 Ko] - C:\WINDOWS\SysWOW64\as-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\SysWOW64\az-Latn-AZ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\SysWOW64\be-BY [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [324 Ko] - C:\WINDOWS\SysWOW64\bg-BG [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\SysWOW64\bn-BD [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\SysWOW64\bn-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\SysWOW64\bs-Latn-BA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0.1 Ko] - C:\WINDOWS\SysWOW64\Bthprops [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30.5 Ko] - C:\WINDOWS\SysWOW64\ca-ES [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [31 Ko] - C:\WINDOWS\SysWOW64\ca-ES-valencia [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\catroot [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [23 Ko] - C:\WINDOWS\SysWOW64\chr-CHER-US [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [320.5 Ko] - C:\WINDOWS\SysWOW64\com [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [20.5 Ko] - C:\WINDOWS\SysWOW64\config [MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 01:38:21] - [53.11 Ko] - C:\WINDOWS\SysWOW64\Configuration [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [382 Ko] - C:\WINDOWS\SysWOW64\cs-CZ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [31.5 Ko] - C:\WINDOWS\SysWOW64\cy-GB [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [379 Ko] - C:\WINDOWS\SysWOW64\da-DK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [430.5 Ko] - C:\WINDOWS\SysWOW64\de-DE [MD5.C04ED7B2794D40E8E777FD44ED44FC50] - |A| - [12/04/2018 01:34:46] - (.-.) - [0.36 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\DefaultAccountTile.png [MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 01:38:21] - [205 Ko] - C:\WINDOWS\SysWOW64\DiagSvcs [MD5.00000000000000000000000000000000] - |D| - [17/06/2018 15:58:40] - [0 Ko] - C:\WINDOWS\SysWOW64\directx [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [7783.23 Ko] - C:\WINDOWS\SysWOW64\Dism [MD5.C9EB6CFE2A92A4F89993BE6A6F8A21BA] - |A| - [28/05/2013 22:22:50] - (.-.) - [626 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\ficvdec_x86.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32.5 Ko] - C:\WINDOWS\SysWOW64\fil-PH [MD5.A5E87703B0EC8DB7371117AF0E5554FA] - |A| - [20/03/2013 13:09:40] - (.Copyright © 1994-2004, Firelight Technologies Pty, Ltd. - FMOD.) - [344 Ko] - (3.7.3.0) - C:\WINDOWS\SysWOW64\fmod.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:18:40] - [3149.5 Ko] - C:\WINDOWS\SysWOW64\fr [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [346 Ko] - C:\WINDOWS\SysWOW64\fr-CA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [37156.15 Ko] - C:\WINDOWS\SysWOW64\fr-FR [MD5.2D7855374D6381EC94597F38F51EE4D9] - |A| - [22/12/2017 01:59:00] - (.Copyright © Beepa P/L 2013 - Fraps.) - [92 Ko] - (3.5.99.15625) - C:\WINDOWS\SysWOW64\frapsvid.dll [MD5.E25C832EC66F5918D7A1B0787675D6D8] - |A| - [24/08/2017 06:19:20] - (.Copyright © 2001-2017 FTDI Ltd. - FTD2XX Dynamic Link Library.) - [266.18 Ko] - (3.2.14.0) - C:\WINDOWS\SysWOW64\ftd2xx.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\FxsTmp [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32.5 Ko] - C:\WINDOWS\SysWOW64\ga-IE [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [34 Ko] - C:\WINDOWS\SysWOW64\gd-GB [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [31 Ko] - C:\WINDOWS\SysWOW64\gl-ES [MD5.1E91815C329345AD54FE08BF7A98F749] - |A| - [12/04/2018 18:19:16] - (.Copyright (C) 2017 - Gracenote SDK component.) - [4073.5 Ko] - (3.10.5.5585) - C:\WINDOWS\SysWOW64\gnsdk_fp.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\GroupPolicy [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\GroupPolicyUsers [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29 Ko] - C:\WINDOWS\SysWOW64\gu-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29 Ko] - C:\WINDOWS\SysWOW64\ha-Latn-NG [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [309.5 Ko] - C:\WINDOWS\SysWOW64\he-IL [MD5.B4242227EAA6B910E3D0B985816DB2E7] - |A| - [12/04/2018 01:34:45] - (.-.) - [218 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\HeatCore.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29 Ko] - C:\WINDOWS\SysWOW64\hi-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [314.5 Ko] - C:\WINDOWS\SysWOW64\hr-HR [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [389.5 Ko] - C:\WINDOWS\SysWOW64\hu-HU [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [27.5 Ko] - C:\WINDOWS\SysWOW64\hy-AM [MD5.17F5D3282D520EB2EA7C488AA6C57438] - |RA| - [12/04/2018 01:34:47] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU I18N DLL.) - [1594 Ko] - (59.1.0.0) - C:\WINDOWS\SysWOW64\icuin.dll [MD5.A456E020684366A0DB0714ABFB1B5A2A] - |RA| - [12/04/2018 01:34:47] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Common DLL.) - [1134 Ko] - (59.1.0.0) - C:\WINDOWS\SysWOW64\icuuc.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\SysWOW64\id-ID [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [27 Ko] - C:\WINDOWS\SysWOW64\ig-NG [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [20757.55 Ko] - C:\WINDOWS\SysWOW64\IME [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\inetsrv [MD5.9DDE110E76DD3D7FAA7282361069528E] - |A| - [12/04/2018 01:34:47] - (.-.) - [355.66 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\InputHost.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [215.5 Ko] - C:\WINDOWS\SysWOW64\InputMethod [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [1160 Ko] - C:\WINDOWS\SysWOW64\InstallShield [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\Ipmi [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29 Ko] - C:\WINDOWS\SysWOW64\is-IS [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [410.5 Ko] - C:\WINDOWS\SysWOW64\it-IT [MD5.94A8EBD816A366041F8CCF5AFD3AB7DE] - |A| - [24/07/2017 21:20:21] - (.-.) - [55 Ko] - (1.20.15.1) - C:\WINDOWS\SysWOW64\iyvu9_32.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [288 Ko] - C:\WINDOWS\SysWOW64\ja-JP [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\SysWOW64\ka-GE [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\SysWOW64\kk-KZ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28 Ko] - C:\WINDOWS\SysWOW64\km-KH [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [31.5 Ko] - C:\WINDOWS\SysWOW64\kn-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [283.5 Ko] - C:\WINDOWS\SysWOW64\ko-KR [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29 Ko] - C:\WINDOWS\SysWOW64\kok-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\SysWOW64\ku-Arab-IQ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\SysWOW64\ky-KG [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [11/06/2017 01:10:15] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\last.dump [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [33 Ko] - C:\WINDOWS\SysWOW64\lb-LU [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [559.86 Ko] - C:\WINDOWS\SysWOW64\Licenses [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [27 Ko] - C:\WINDOWS\SysWOW64\lo-LA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\LogFiles [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [313 Ko] - C:\WINDOWS\SysWOW64\lt-LT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [311.5 Ko] - C:\WINDOWS\SysWOW64\lv-LV [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [50447.18 Ko] - C:\WINDOWS\SysWOW64\Macromed [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32.68 Ko] - C:\WINDOWS\SysWOW64\MailContactsCalendarSync [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29 Ko] - C:\WINDOWS\SysWOW64\mi-NZ [MD5.00000000000000000000000000000000] - |SD| - [09/06/2018 17:34:15] - [0 Ko] - C:\WINDOWS\SysWOW64\Microsoft [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [2984.42 Ko] - C:\WINDOWS\SysWOW64\migration [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [827.4 Ko] - C:\WINDOWS\SysWOW64\migwiz [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\SysWOW64\mk-MK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32.5 Ko] - C:\WINDOWS\SysWOW64\ml-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30.5 Ko] - C:\WINDOWS\SysWOW64\mn-MN [MD5.209171E9B68CC75EC890214BA4F645D1] - |A| - [20/03/2013 13:09:40] - (.-.) - [259.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\MSCOMCTL32.oca [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [45.5 Ko] - C:\WINDOWS\SysWOW64\MSDRM [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [52.28 Ko] - C:\WINDOWS\SysWOW64\Msdtc [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [31 Ko] - C:\WINDOWS\SysWOW64\mt-MT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [23.15 Ko] - C:\WINDOWS\SysWOW64\MUI [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [374 Ko] - C:\WINDOWS\SysWOW64\nb-NO [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\NDF [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [31.5 Ko] - C:\WINDOWS\SysWOW64\ne-NP [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [51 Ko] - C:\WINDOWS\SysWOW64\networklist [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [400.5 Ko] - C:\WINDOWS\SysWOW64\nl-NL [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\SysWOW64\nn-NO [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30.5 Ko] - C:\WINDOWS\SysWOW64\nso-ZA [MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 01:38:21] - [3781.5 Ko] - C:\WINDOWS\SysWOW64\Nui [MD5.B3B9C8925432FDA674ACCA908FE3CFDE] - |A| - [12/04/2018 01:34:02] - (.-.) - [36.79 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\OneDrive.ico [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [685.69 Ko] - C:\WINDOWS\SysWOW64\oobe [MD5.235355A8DD26903E75D5E812ECF50E53] - |A| - [25/01/2017 16:50:30] - (.Copyright (C) 2000-2006 - Standard OpenAL(TM) Implementation.) - [106.52 Ko] - (6.14.357.24) - C:\WINDOWS\SysWOW64\OpenAL32.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32.5 Ko] - C:\WINDOWS\SysWOW64\or-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\SysWOW64\pa-Arab-PK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\SysWOW64\pa-IN [MD5.B8B16F0184BE36D774D20061F26E2D3A] - |A| - [26/03/2017 19:46:40] - (.-.) - [7011.59 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\PerfStringBackup.INI [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [397.5 Ko] - C:\WINDOWS\SysWOW64\pl-PL [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:18:40] - [420.74 Ko] - C:\WINDOWS\SysWOW64\Printing_Admin_Scripts [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30.5 Ko] - C:\WINDOWS\SysWOW64\prs-AF [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [400.5 Ko] - C:\WINDOWS\SysWOW64\pt-BR [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [395.5 Ko] - C:\WINDOWS\SysWOW64\pt-PT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32.5 Ko] - C:\WINDOWS\SysWOW64\quc-Latn-GT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30.5 Ko] - C:\WINDOWS\SysWOW64\quz-PE [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [23.75 Ko] - C:\WINDOWS\SysWOW64\ras [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\RasToast [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0.82 Ko] - C:\WINDOWS\SysWOW64\Recovery [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\restore [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [321 Ko] - C:\WINDOWS\SysWOW64\ro-RO [MD5.00000000000000000000000000000000] - |D| - [12/06/2017 12:32:51] - [2198.22 Ko] - C:\WINDOWS\SysWOW64\RTCOM [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [391 Ko] - C:\WINDOWS\SysWOW64\ru-RU [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\SysWOW64\rw-RW [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\SysWOW64\sd-Arab-PK [MD5.D10AE8F3084779B587C0AAB058776BDD] - |A| - [14/07/2018 05:49:04] - (.-.) - [320.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\SelfFolder.idc [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\SysWOW64\si-LK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [316.5 Ko] - C:\WINDOWS\SysWOW64\sk-SK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [314.5 Ko] - C:\WINDOWS\SysWOW64\sl-SI [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:18:40] - [52.14 Ko] - C:\WINDOWS\SysWOW64\slmgr [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\SMI [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [4133.4 Ko] - C:\WINDOWS\SysWOW64\Speech [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [8941.12 Ko] - C:\WINDOWS\SysWOW64\Speech_OneCore [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [1309.47 Ko] - C:\WINDOWS\SysWOW64\spp [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [23.61 Ko] - C:\WINDOWS\SysWOW64\sppui [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30.5 Ko] - C:\WINDOWS\SysWOW64\sq-AL [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\SysWOW64\sr-Cyrl-BA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\SysWOW64\sr-Cyrl-RS [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\sr-Latn-CS [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [316.5 Ko] - C:\WINDOWS\SysWOW64\sr-Latn-RS [MD5.2E00E08420875FAE0B173C6A34C2A575] - |A| - [14/06/2018 16:03:48] - (.-.) - [18.28 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\srms-apr.dat [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\sru [MD5.DC2DB04CA829CAD7910CE71263F68C90] - |A| - [12/04/2018 01:34:45] - (.-.) - [321.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\ssdm.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [381.5 Ko] - C:\WINDOWS\SysWOW64\sv-SE [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29 Ko] - C:\WINDOWS\SysWOW64\sw-KE [MD5.DDB91A659AE524E796208E64026FAE35] - |A| - [12/07/2018 11:29:49] - (.-.) - [0.31 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\swhealthex.log [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:18:40] - [0 Ko] - C:\WINDOWS\SysWOW64\sysprep [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [34 Ko] - C:\WINDOWS\SysWOW64\ta-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\Tasks [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\SysWOW64\te-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32 Ko] - C:\WINDOWS\SysWOW64\tg-Cyrl-TJ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [289.5 Ko] - C:\WINDOWS\SysWOW64\th-TH [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [22.5 Ko] - C:\WINDOWS\SysWOW64\ti-ET [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [27.5 Ko] - C:\WINDOWS\SysWOW64\tk-TM [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32.5 Ko] - C:\WINDOWS\SysWOW64\tn-ZA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [372.5 Ko] - C:\WINDOWS\SysWOW64\tr-TR [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\SysWOW64\tt-RU [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28 Ko] - C:\WINDOWS\SysWOW64\ug-CN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [314 Ko] - C:\WINDOWS\SysWOW64\uk-UA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\SysWOW64\ur-PK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32 Ko] - C:\WINDOWS\SysWOW64\uz-Latn-UZ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [31.5 Ko] - C:\WINDOWS\SysWOW64\vi-VN [MD5.047160E9A985AE80F988902BB7B94D8C] - |A| - [20/04/2018 17:30:40] - (.Copyright (C) 2015-2018 - Vulkan Loader.) - [809.3 Ko] - (1.1.73.0) - C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll [MD5.047160E9A985AE80F988902BB7B94D8C] - |A| - [20/04/2018 17:30:40] - (.Copyright (C) 2015-2018 - Vulkan Loader.) - [809.3 Ko] - (1.1.73.0) - C:\WINDOWS\SysWOW64\vulkan-1.dll [MD5.3F4C946E1B5BA748BDFE02C004A8A2BA] - |A| - [20/04/2018 17:30:24] - (.Copyright (C) 2015-2018 - Vulkan Info.) - [577.3 Ko] - (1.1.73.0) - C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe [MD5.3F4C946E1B5BA748BDFE02C004A8A2BA] - |A| - [20/04/2018 17:30:24] - (.Copyright (C) 2015-2018 - Vulkan Info.) - [577.3 Ko] - (1.1.73.0) - C:\WINDOWS\SysWOW64\vulkaninfo.exe [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [15770.52 Ko] - C:\WINDOWS\SysWOW64\wbem [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:18:40] - [0 Ko] - C:\WINDOWS\SysWOW64\WCN [MD5.F8A04B2ADF9693ADF0D70B966CA4498E] - |A| - [12/04/2018 01:34:45] - (.-.) - [109 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\WindowsDefaultHeatProcessor.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [8936.71 Ko] - C:\WINDOWS\SysWOW64\WindowsPowerShell [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [5569.41 Ko] - C:\WINDOWS\SysWOW64\WinMetadata [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:18:40] - [107.53 Ko] - C:\WINDOWS\SysWOW64\winrm [MD5.B5CD782B6F7F477C615464E900B16909] - |A| - [27/04/2010 14:02:12] - (.© 1999-2010 Logitech. - Logitech Force Feedback Driver.) - [249.57 Ko] - (5.9.129.0) - C:\WINDOWS\SysWOW64\WmJoyF32.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [27.5 Ko] - C:\WINDOWS\SysWOW64\wo-SN [MD5.D494267BC169604FAC5E3679B9A97FED] - |A| - [25/01/2017 16:50:30] - (.Copyright © 2008 - OpenAL32.) - [434.52 Ko] - (2.2.0.5) - C:\WINDOWS\SysWOW64\wrap_oal.dll [MD5.62236256C14EBAB96F24E4F1D7049CA8] - |A| - [12/04/2018 01:34:45] - (.-.) - [54.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\xboxgipsynthetic.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\SysWOW64\xh-ZA [MD5.00000000000000000000000000000000] - |D| - [17/05/2018 19:33:50] - [10.16 Ko] - C:\WINDOWS\SysWOW64\XPSViewer [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29 Ko] - C:\WINDOWS\SysWOW64\yo-NG [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [245.5 Ko] - C:\WINDOWS\SysWOW64\zh-CN [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\zh-HK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [240.5 Ko] - C:\WINDOWS\SysWOW64\zh-TW [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\SysWOW64\zu-ZA ---------- | Shell Folders [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] "!Do not use this registry key"=Use the SHGetFolderPath or SHGetKnownFolderPath function instead "AppData"=C:\Users\admin\AppData\Roaming [17/05/2018 18:40:11] "Local AppData"=C:\Users\admin\AppData\Local [17/05/2018 18:40:11] "CD Burning"=C:\Users\admin\AppData\Local\Microsoft\Windows\Burn\Burn [17/05/2018 18:47:29] "{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"=C:\Users\admin\AppData\Roaming\Microsoft\Windows\Libraries [24/11/2016 09:54:34] "My Video"=C:\Users\admin\Videos [24/11/2016 09:51:02] "My Pictures"=C:\Users\admin\Pictures [24/11/2016 09:51:02] "Desktop"=C:\Users\admin\Desktop [24/11/2016 09:51:02] "History"=C:\Users\admin\AppData\Local\Microsoft\Windows\History [24/11/2016 09:51:02] "NetHood"=C:\Users\admin\AppData\Roaming\Microsoft\Windows\Network Shortcuts [17/05/2018 18:40:11] "{56784854-C6CB-462B-8169-88E350ACB882}"=C:\Users\admin\Contacts [24/11/2016 09:54:34] "{00BCFC5A-ED94-4E48-96A1-3F6217F21990}"=C:\Users\admin\AppData\Local\Microsoft\Windows\RoamingTiles [24/11/2016 09:54:34] "Cookies"=C:\Users\admin\AppData\Local\Microsoft\Windows\INetCookies [24/11/2016 09:51:02] "Favorites"=C:\Users\admin\Favorites [24/11/2016 09:51:02] "SendTo"=C:\Users\admin\AppData\Roaming\Microsoft\Windows\SendTo [24/11/2016 09:51:02] "Start Menu"=C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu [24/11/2016 09:51:02] "My Music"=C:\Users\admin\Music [24/11/2016 09:51:02] "Programs"=C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [24/11/2016 09:51:02] "Recent"=C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent [24/11/2016 09:51:02] "PrintHood"=C:\Users\admin\AppData\Roaming\Microsoft\Windows\Printer Shortcuts [17/05/2018 18:40:11] "{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}"=C:\Users\admin\Searches [24/11/2016 09:54:34] "{374DE290-123F-4565-9164-39C4925E467B}"=C:\Users\admin\Downloads [24/11/2016 09:51:02] "{A520A1A4-1780-4FF6-BD18-167343C5AF16}"=C:\Users\admin\AppData\LocalLow [24/11/2016 09:51:02] "Startup"=C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [24/11/2016 09:54:34] "Administrative Tools"=C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [24/11/2016 09:54:34] "Personal"=C:\Users\admin\Documents [24/11/2016 09:51:02] "{BFB9D5E0-C6A9-404C-B2B2-AE6DB6AF4968}"=C:\Users\admin\Links [24/11/2016 09:51:02] "Cache"=C:\Users\admin\AppData\Local\Microsoft\Windows\INetCache [17/05/2018 18:40:11] "Templates"=C:\Users\admin\AppData\Roaming\Microsoft\Windows\Templates [17/05/2018 18:40:11] "{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}"=C:\Users\admin\Saved Games [24/11/2016 09:51:02] "Fonts"=C:\WINDOWS\Fonts [12/04/2018 01:38:21] [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders] "AppData"=%USERPROFILE%\AppData\Roaming "Cache"=C:\Users\admin\AppData\Local\Microsoft\Windows\INetCache [17/05/2018 18:40:11] "Cookies"=%USERPROFILE%\AppData\Local\Microsoft\Windows\INetCookies "Desktop"=%USERPROFILE%\Desktop "Favorites"=%USERPROFILE%\Favorites "History"=%USERPROFILE%\AppData\Local\Microsoft\Windows\History "Local AppData"=%USERPROFILE%\AppData\Local "My Music"=%USERPROFILE%\Music "My Pictures"=%USERPROFILE%\Pictures "My Video"=%USERPROFILE%\Videos "NetHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Network Shortcuts "Personal"=%USERPROFILE%\Documents "PrintHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Printer Shortcuts "Programs"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs "Recent"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Recent "SendTo"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\SendTo "Start Menu"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu "Startup"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup "Templates"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Templates "{374DE290-123F-4565-9164-39C4925E467B}"=%USERPROFILE%\Downloads "{3B193882-D3AD-4EAB-965A-69829D1FB59F}"=%USERPROFILE%\Desktop\BASTIEN perso\IMAGES\Saved Pictures "{AB5FB87B-7CE2-4F83-915D-550846C9537B}"=%USERPROFILE%\Desktop\BASTIEN perso\IMAGES\Camera Roll [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] "Common Administrative Tools"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [12/04/2018 01:38:20] "Common AppData"=C:\ProgramData [12/04/2018 01:38:20] "Common Desktop"=C:\Users\Public\Desktop [16/07/2016 13:47:48] "Common Documents"=C:\Users\Public\Documents [16/07/2016 13:47:48] "Common Programs"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs [12/04/2018 01:38:20] "Common Start Menu"=C:\ProgramData\Microsoft\Windows\Start Menu [12/04/2018 01:38:20] "Common Startup"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [12/04/2018 01:38:20] "Common Templates"=C:\ProgramData\Microsoft\Windows\Templates [16/07/2016 13:47:48] "CommonMusic"=C:\Users\Public\Music [16/07/2016 13:47:48] "CommonPictures"=C:\Users\Public\Pictures [16/07/2016 13:47:48] "CommonVideo"=C:\Users\Public\Videos [16/07/2016 13:47:48] "OEM Links"=C:\ProgramData\OEM\Links [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders] "Common AppData"=%ProgramData% "Common Desktop"=%PUBLIC%\Desktop "Common Documents"=%PUBLIC%\Documents "Common Programs"=%ProgramData%\Microsoft\Windows\Start Menu\Programs "Common Start Menu"=%ProgramData%\Microsoft\Windows\Start Menu "Common Startup"=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup "Common Templates"=%ProgramData%\Microsoft\Windows\Templates "CommonMusic"=%PUBLIC%\Music "CommonPictures"=%PUBLIC%\Pictures "CommonVideo"=%PUBLIC%\Videos "{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"=%PUBLIC%\Downloads [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] "Common Administrative Tools"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [12/04/2018 01:38:20] "Common AppData"=C:\ProgramData [12/04/2018 01:38:20] "Common Desktop"=C:\Users\Public\Desktop [16/07/2016 13:47:48] "Common Documents"=C:\Users\Public\Documents [16/07/2016 13:47:48] "Common Programs"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs [12/04/2018 01:38:20] "Common Start Menu"=C:\ProgramData\Microsoft\Windows\Start Menu [12/04/2018 01:38:20] "Common Startup"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [12/04/2018 01:38:20] "Common Templates"=C:\ProgramData\Microsoft\Windows\Templates [16/07/2016 13:47:48] "CommonMusic"=C:\Users\Public\Music [16/07/2016 13:47:48] "CommonPictures"=C:\Users\Public\Pictures [16/07/2016 13:47:48] "CommonVideo"=C:\Users\Public\Videos [16/07/2016 13:47:48] "OEM Links"=C:\ProgramData\OEM\Links [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders] "Common AppData"=%ProgramData% "Common Desktop"=%PUBLIC%\Desktop "Common Documents"=%PUBLIC%\Documents "Common Programs"=%ProgramData%\Microsoft\Windows\Start Menu\Programs "Common Start Menu"=%ProgramData%\Microsoft\Windows\Start Menu "Common Startup"=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup "Common Templates"=%ProgramData%\Microsoft\Windows\Templates "CommonMusic"=%PUBLIC%\Music "CommonPictures"=%PUBLIC%\Pictures "CommonVideo"=%PUBLIC%\Videos "{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"=%PUBLIC%\Downloads ---------- | [admin] [12/04/2017 12:23:31] - |D| - [0] - C:\Users\admin\.Origin [12/04/2017 12:23:31] - |D| - [0] - C:\Users\admin\.QtWebEngineProcess [16/03/2017 18:55:15] - |RD| - [3235912] - C:\Users\admin\3D Objects [06/10/2017 23:20:40] - |D| - [0] - C:\Users\admin\ansel [17/05/2018 18:40:11] - |HD| - [13333949130] - C:\Users\admin\AppData [17/05/2018 18:40:11] - |SHD| - [0] - C:\Users\admin\Application Data [05/04/2018 17:13:20] - |D| - [10505] - C:\Users\admin\Cheathappens [24/11/2016 09:54:34] - |RD| - [412] - C:\Users\admin\Contacts [17/05/2018 18:40:11] - |SHD| - [0] - C:\Users\admin\Cookies [24/11/2016 09:51:02] - |RD| - [76986085927] - C:\Users\admin\Desktop [24/11/2016 09:51:02] - |RD| - [11009086896] - C:\Users\admin\Documents [24/11/2016 09:51:02] - |RD| - [2343072531] - C:\Users\admin\Downloads [20/09/2017 21:07:45] - |D| - [1736493] - C:\Users\admin\Evernote [24/11/2016 09:51:02] - |RD| - [690] - C:\Users\admin\Favorites [05/04/2018 14:36:54] - |D| - [0] - C:\Users\admin\FutureXGame [28/05/2017 00:48:34] - |HD| - [0] - C:\Users\admin\InstallAnywhere [01/10/2017 13:30:21] - |SHD| - [25308] - C:\Users\admin\IntelGraphicsProfiles [24/11/2016 09:51:02] - |RD| - [1949] - C:\Users\admin\Links [05/01/2018 16:43:10] - |D| - [2654502] - C:\Users\admin\Lionhead Studios [17/05/2018 18:40:11] - |SHD| - [0] - C:\Users\admin\Local Settings [17/05/2018 18:40:11] - |SHD| - [0] - C:\Users\admin\Menu Démarrer [17/05/2018 18:40:11] - |SHD| - [0] - C:\Users\admin\Mes documents [18/11/2017 12:02:56] - |HD| - [3156288] - C:\Users\admin\MicrosoftEdgeBackups [17/05/2018 18:40:11] - |SHD| - [0] - C:\Users\admin\Modèles [24/11/2016 09:51:02] - |RD| - [748685] - C:\Users\admin\Music [17/05/2018 18:40:11] - |AH| - [6815744] - C:\Users\admin\NTUSER.DAT [17/05/2018 18:40:11] - |ASH| - [1718272] - C:\Users\admin\ntuser.dat.LOG1 [17/05/2018 18:40:11] - |ASH| - [16384] - C:\Users\admin\ntuser.dat.LOG2 [17/05/2018 18:40:11] - |ASH| - [65536] - C:\Users\admin\NTUSER.DAT{1abadf53-59f9-11e8-8c9e-38d547123d78}.TM.blf [17/05/2018 18:40:11] - |ASH| - [524288] - C:\Users\admin\NTUSER.DAT{1abadf53-59f9-11e8-8c9e-38d547123d78}.TMContainer00000000000000000001.regtrans-ms [17/05/2018 18:40:11] - |ASH| - [524288] - C:\Users\admin\NTUSER.DAT{1abadf53-59f9-11e8-8c9e-38d547123d78}.TMContainer00000000000000000002.regtrans-ms [17/05/2018 18:45:35] - |SH| - [20] - C:\Users\admin\ntuser.ini [24/11/2016 09:55:54] - |RD| - [96] - C:\Users\admin\OneDrive [24/11/2016 09:51:02] - |RD| - [21743813] - C:\Users\admin\Pictures [17/05/2018 18:40:11] - |SHD| - [0] - C:\Users\admin\Recent [24/11/2016 09:51:02] - |RD| - [120571221] - C:\Users\admin\Saved Games [24/11/2016 09:54:34] - |RD| - [1875] - C:\Users\admin\Searches [17/05/2018 18:40:11] - |SHD| - [0] - C:\Users\admin\SendTo [01/04/2017 15:19:34] - |D| - [385024] - C:\Users\admin\Tracing [29/08/2018 21:41:17] - |D| - [0] - C:\Users\admin\UniversalApps [24/11/2016 09:51:02] - |RD| - [694] - C:\Users\admin\Videos [17/05/2018 18:40:11] - |SHD| - [0] - C:\Users\admin\Voisinage d'impression [17/05/2018 18:40:11] - |SHD| - [0] - C:\Users\admin\Voisinage réseau [12/11/2017 16:15:43] - |D| - [54987926] - C:\Users\admin\Zomboid [19/05/2018 20:59:20] - |D| - [8198122] - C:\Users\admin\Zotero [17/05/2018 18:40:11] - |D| - [4747059020] - C:\Users\admin\AppData\Local [24/11/2016 09:51:02] - |D| - [1630691494] - C:\Users\admin\AppData\LocalLow [17/05/2018 18:40:11] - |D| - [6956198616] - C:\Users\admin\AppData\Roaming [05/07/2018 14:24:06] - |HD| - [1632031] - C:\Users\admin\AppData\Local\$NtUninstallWIC$ [09/12/2016 18:55:36] - |D| - [1124527] - C:\Users\admin\AppData\Local\2K Games [22/02/2018 17:54:25] - |D| - [4299] - C:\Users\admin\AppData\Local\4A Games [31/08/2017 19:05:20] - |D| - [139704] - C:\Users\admin\AppData\Local\Absolver [23/02/2017 18:07:58] - |D| - [2484] - C:\Users\admin\AppData\Local\AbzuGame [05/01/2017 15:37:38] - |D| - [9542722] - C:\Users\admin\AppData\Local\Adobe [02/06/2018 18:25:27] - |D| - [0] - C:\Users\admin\AppData\Local\ali213GameLauncher [30/04/2017 00:40:39] - |D| - [1495408] - C:\Users\admin\AppData\Local\Another Brick in the Mall [17/05/2018 18:40:11] - |SHD| - [0] - C:\Users\admin\AppData\Local\Application Data [05/09/2017 18:33:10] - |D| - [11221] - C:\Users\admin\AppData\Local\ArmA 2 [05/09/2017 18:52:54] - |D| - [0] - C:\Users\admin\AppData\Local\ArmA 2 OA [10/12/2016 21:41:30] - |D| - [36122996] - C:\Users\admin\AppData\Local\Arma 3 [10/12/2016 21:39:44] - |D| - [12417954] - C:\Users\admin\AppData\Local\Arma 3 Launcher [13/07/2018 19:03:23] - |A| - [143594] - C:\Users\admin\AppData\Local\ars.cache [27/05/2018 17:37:59] - |D| - [360138] - C:\Users\admin\AppData\Local\assembly [09/06/2018 20:07:58] - |D| - [228857] - C:\Users\admin\AppData\Local\AVGame [12/06/2018 13:56:32] - |D| - [2] - C:\Users\admin\AppData\Local\BattlEye [07/01/2017 18:55:56] - |D| - [17762] - C:\Users\admin\AppData\Local\Black_Tree_Gaming [28/07/2017 00:13:10] - |D| - [123] - C:\Users\admin\AppData\Local\Blizzard [27/07/2017 18:02:50] - |D| - [3215] - C:\Users\admin\AppData\Local\Blizzard Entertainment [10/12/2016 21:39:51] - |D| - [44168] - C:\Users\admin\AppData\Local\Bohemia_Interactive [01/08/2017 19:55:31] - |D| - [1101] - C:\Users\admin\AppData\Local\BrickRigs [27/02/2017 18:43:00] - |D| - [0] - C:\Users\admin\AppData\Local\Broadcom [23/06/2018 21:05:24] - |HD| - [1632031] - C:\Users\admin\AppData\Local\C.Framework [04/01/2018 16:13:36] - |D| - [1139] - C:\Users\admin\AppData\Local\CAPCOM [19/06/2018 18:18:16] - |HD| - [1632031] - C:\Users\admin\AppData\Local\CCleaner v9.18 [25/11/2016 13:42:33] - |D| - [14312437] - C:\Users\admin\AppData\Local\CEF [14/07/2018 01:30:08] - |A| - [379178] - C:\Users\admin\AppData\Local\census.cache [12/07/2018 09:28:16] - |HD| - [1632031] - C:\Users\admin\AppData\Local\Chrome Cleanup Tools [24/11/2016 10:10:50] - |D| - [49978638] - C:\Users\admin\AppData\Local\Comms [24/11/2016 09:54:33] - |D| - [6748024] - C:\Users\admin\AppData\Local\ConnectedDevicesPlatform [24/11/2016 11:38:01] - |D| - [33739293] - C:\Users\admin\AppData\Local\CrashDumps [20/05/2018 14:39:47] - |D| - [411208] - C:\Users\admin\AppData\Local\D3DSCache [31/05/2017 15:29:36] - |D| - [19173145] - C:\Users\admin\AppData\Local\Daedalic Entertainment GmbH [04/11/2017 16:49:16] - |D| - [2726] - C:\Users\admin\AppData\Local\DangerZone [25/11/2017 17:59:08] - |D| - [44] - C:\Users\admin\AppData\Local\Daybreak Game Company [29/08/2017 17:10:40] - |D| - [827472] - C:\Users\admin\AppData\Local\DayZ [12/06/2017 12:40:22] - |D| - [0] - C:\Users\admin\AppData\Local\DBG [20/08/2017 13:09:30] - |A| - [4608] - C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [30/09/2017 22:55:22] - |D| - [442] - C:\Users\admin\AppData\Local\Destructive_Creations [05/01/2017 18:52:35] - |D| - [6290774] - C:\Users\admin\AppData\Local\Diagnostics [17/02/2018 15:39:03] - |D| - [3862] - C:\Users\admin\AppData\Local\DigitalEntitlements [16/07/2018 23:24:02] - |D| - [186340125] - C:\Users\admin\AppData\Local\Discord [20/12/2016 17:56:12] - |D| - [1964] - C:\Users\admin\AppData\Local\Disc_Soft_Ltd [02/07/2018 22:00:04] - |D| - [430186] - C:\Users\admin\AppData\Local\Dontnod [29/04/2018 15:13:04] - |D| - [0] - C:\Users\admin\AppData\Local\Dovetail Games [10/07/2018 18:11:53] - |D| - [1048832] - C:\Users\admin\AppData\Local\dwarves [09/12/2016 22:09:16] - |D| - [1939040] - C:\Users\admin\AppData\Local\ElevatedDiagnostics [30/09/2017 23:53:20] - |D| - [895] - C:\Users\admin\AppData\Local\EotU [28/07/2017 00:10:17] - |D| - [22167849] - C:\Users\admin\AppData\Local\EpicGamesLauncher [08/01/2017 01:13:30] - |D| - [2409] - C:\Users\admin\AppData\Local\Fallout4 [21/05/2018 21:03:15] - |D| - [2282] - C:\Users\admin\AppData\Local\Fallout4ModManager [21/05/2018 15:08:15] - |D| - [926] - C:\Users\admin\AppData\Local\FalloutNV [12/06/2018 14:41:48] - |D| - [174936] - C:\Users\admin\AppData\Local\FalloutShelter [12/06/2018 21:50:11] - |D| - [1461161] - C:\Users\admin\AppData\Local\FBS [27/02/2018 11:07:12] - |D| - [150029] - C:\Users\admin\AppData\Local\Fernbus [11/09/2017 20:05:53] - |D| - [17053] - C:\Users\admin\AppData\Local\FileZilla [31/05/2017 19:10:08] - |D| - [571] - C:\Users\admin\AppData\Local\FinchGame [18/01/2017 20:12:40] - |D| - [159794] - C:\Users\admin\AppData\Local\Fortify [28/07/2017 00:25:14] - |D| - [35282131] - C:\Users\admin\AppData\Local\FortniteGame [08/01/2017 21:24:42] - |D| - [5130] - C:\Users\admin\AppData\Local\Frontier Developments [08/01/2017 21:22:11] - |D| - [145813] - C:\Users\admin\AppData\Local\Frontier_Developments [02/03/2017 23:00:45] - |D| - [101529] - C:\Users\admin\AppData\Local\Funcom [26/03/2017 19:47:07] - |A| - [93] - C:\Users\admin\AppData\Local\fusioncache.dat [18/03/2018 22:03:30] - |D| - [0] - C:\Users\admin\AppData\Local\FXG [06/05/2018 20:52:17] - |D| - [146544] - C:\Users\admin\AppData\Local\Gaikai [13/04/2017 16:50:11] - |D| - [0] - C:\Users\admin\AppData\Local\Game Updater [20/08/2017 13:09:19] - |D| - [0] - C:\Users\admin\AppData\Local\GOG.com [20/03/2017 11:49:39] - |D| - [13419] - C:\Users\admin\AppData\Local\Google [27/04/2017 14:28:37] - |D| - [48] - C:\Users\admin\AppData\Local\Halo Wars [09/07/2018 12:22:24] - |D| - [223336] - C:\Users\admin\AppData\Local\HellbladeGame [24/01/2017 01:36:28] - |D| - [2419590] - C:\Users\admin\AppData\Local\Hinterland [17/05/2018 18:40:11] - |SHD| - [0] - C:\Users\admin\AppData\Local\Historique [13/07/2018 18:51:49] - |A| - [36] - C:\Users\admin\AppData\Local\housecall.guid.cache [07/07/2017 19:36:24] - |D| - [200006] - C:\Users\admin\AppData\Local\HyperLightDrifter [12/07/2018 13:19:35] - |AH| - [108943] - C:\Users\admin\AppData\Local\IconCache.db [30/03/2018 23:11:30] - |D| - [2852454] - C:\Users\admin\AppData\Local\Impero [04/07/2018 22:30:26] - |D| - [1239] - C:\Users\admin\AppData\Local\Injustice2 [12/12/2016 20:05:29] - |D| - [186319885] - C:\Users\admin\AppData\Local\Introversion [12/07/2018 10:24:12] - |D| - [7168] - C:\Users\admin\AppData\Local\Jagex [25/06/2017 11:00:47] - |D| - [5535053] - C:\Users\admin\AppData\Local\KADOKAWA [01/07/2018 10:47:08] - |HD| - [1632031] - C:\Users\admin\AppData\Local\KernelReports [16/06/2018 15:31:26] - |D| - [502] - C:\Users\admin\AppData\Local\LBA [08/08/2018 20:15:13] - |D| - [1194] - C:\Users\admin\AppData\Local\Logitech [05/04/2017 12:05:41] - |D| - [0] - C:\Users\admin\AppData\Local\LogMeIn [16/07/2018 23:08:18] - |D| - [9443] - C:\Users\admin\AppData\Local\LogMeIn Hamachi [05/01/2017 15:44:27] - |D| - [0] - C:\Users\admin\AppData\Local\Macromedia [13/04/2017 16:51:42] - |D| - [13214062] - C:\Users\admin\AppData\Local\MassEffectModder [05/04/2018 13:03:57] - |D| - [4055] - C:\Users\admin\AppData\Local\Mass_Effect_Andromeda_(v1 [17/05/2018 18:40:11] - |D| - [494049725] - C:\Users\admin\AppData\Local\Microsoft [21/07/2017 14:36:21] - |D| - [0] - C:\Users\admin\AppData\Local\Microsoft Help [25/11/2016 12:43:07] - |D| - [75524] - C:\Users\admin\AppData\Local\MicrosoftEdge [28/11/2016 23:28:28] - |D| - [824] - C:\Users\admin\AppData\Local\Microsoft_&_Tunngle [26/06/2018 18:35:47] - |HD| - [1632031] - C:\Users\admin\AppData\Local\Miniport WDM Driver [27/05/2018 20:49:16] - |D| - [131112] - C:\Users\admin\AppData\Local\Mirillis [30/06/2017 22:27:43] - |D| - [3012] - C:\Users\admin\AppData\Local\mkw [25/11/2016 12:50:16] - |D| - [383243016] - C:\Users\admin\AppData\Local\Mozilla [30/09/2017 13:44:03] - |D| - [0] - C:\Users\admin\AppData\Local\My Games [12/06/2017 01:50:56] - |D| - [0] - C:\Users\admin\AppData\Local\Ndemic Creations [24/11/2016 10:36:18] - |D| - [0] - C:\Users\admin\AppData\Local\NetworkTiles [17/11/2017 23:13:58] - |D| - [0] - C:\Users\admin\AppData\Local\New Technology Studio [19/06/2018 19:09:19] - |D| - [3350] - C:\Users\admin\AppData\Local\NEW_CSD2_PS4Steam [06/10/2017 14:02:10] - |D| - [1215] - C:\Users\admin\AppData\Local\Nidhogg_2 [24/11/2016 11:37:52] - |D| - [841237634] - C:\Users\admin\AppData\Local\NVIDIA [24/11/2016 11:37:47] - |D| - [155152812] - C:\Users\admin\AppData\Local\NVIDIA Corporation [03/07/2018 11:15:15] - |D| - [976] - C:\Users\admin\AppData\Local\Oblivion [21/06/2018 15:39:47] - |HD| - [1632031] - C:\Users\admin\AppData\Local\Opera-12.8 [12/04/2017 12:23:26] - |D| - [205503735] - C:\Users\admin\AppData\Local\Origin [18/11/2017 11:47:10] - |D| - [343746183] - C:\Users\admin\AppData\Local\Packages [25/06/2017 20:56:09] - |D| - [0] - C:\Users\admin\AppData\Local\Paint.NET [11/06/2017 22:27:42] - |D| - [137345] - C:\Users\admin\AppData\Local\PAYDAY 2 [21/04/2018 15:46:18] - |D| - [0] - C:\Users\admin\AppData\Local\PlaceholderTileLogoFolder [23/06/2018 13:39:18] - |HD| - [1632031] - C:\Users\admin\AppData\Local\plugins [28/12/2016 02:05:29] - |D| - [0] - C:\Users\admin\AppData\Local\Programs [24/11/2016 09:54:36] - |D| - [28897044] - C:\Users\admin\AppData\Local\Publishers [15/04/2018 21:23:44] - |D| - [1009052] - C:\Users\admin\AppData\Local\PunkBuster [31/05/2017 23:21:25] - |D| - [76360] - C:\Users\admin\AppData\Local\Quadriga Games [31/12/2017 02:31:33] - |D| - [8171] - C:\Users\admin\AppData\Local\QuantumBreak [25/11/2017 21:47:00] - |D| - [4940] - C:\Users\admin\AppData\Local\Radline [31/08/2017 13:57:41] - |D| - [2522] - C:\Users\admin\AppData\Local\ROA2 [03/09/2017 16:14:38] - |D| - [0] - C:\Users\admin\AppData\Local\Rocket Bear Games [10/01/2017 18:12:26] - |D| - [80] - C:\Users\admin\AppData\Local\Rockstar Games [25/11/2017 17:59:08] - |D| - [0] - C:\Users\admin\AppData\Local\SCE [05/07/2018 22:31:29] - |D| - [23] - C:\Users\admin\AppData\Local\SKIDROW [10/04/2017 19:17:54] - |D| - [67584] - C:\Users\admin\AppData\Local\SkinSoft [29/05/2017 00:26:07] - |D| - [3832] - C:\Users\admin\AppData\Local\Skyrim [28/05/2017 17:39:07] - |D| - [833] - C:\Users\admin\AppData\Local\Skyrim Special Edition [06/05/2018 20:52:33] - |D| - [30862307] - C:\Users\admin\AppData\Local\Sony Interactive Entertainment Network America LLC [20/12/2016 20:21:49] - |D| - [2104490] - C:\Users\admin\AppData\Local\SpaceHulkGame [26/06/2017 22:34:07] - |D| - [3760] - C:\Users\admin\AppData\Local\speech [22/05/2017 17:46:57] - |D| - [103217] - C:\Users\admin\AppData\Local\SquirrelTemp [28/12/2016 02:16:33] - |D| - [2696] - C:\Users\admin\AppData\Local\Stardock [25/11/2016 13:42:33] - |D| - [725793763] - C:\Users\admin\AppData\Local\Steam [05/01/2017 15:17:21] - |D| - [326281] - C:\Users\admin\AppData\Local\StellarOverloadEA2 [05/09/2017 16:13:52] - |D| - [21595511] - C:\Users\admin\AppData\Local\StellarOverloadEA4 [20/05/2018 22:28:48] - |D| - [2074970] - C:\Users\admin\AppData\Local\StellarOverloadEA5 [13/06/2017 23:10:52] - |D| - [590] - C:\Users\admin\AppData\Local\SUPERHOT_Sp_z_o.o [17/05/2018 18:40:11] - |D| - [79172596] - C:\Users\admin\AppData\Local\Temp [17/05/2018 18:40:11] - |SHD| - [0] - C:\Users\admin\AppData\Local\Temporary Internet Files [27/05/2017 03:12:44] - |D| - [5639] - C:\Users\admin\AppData\Local\The Lord of the Rings Online [15/12/2017 16:45:59] - |D| - [17297] - C:\Users\admin\AppData\Local\TheDayAfter [18/03/2018 23:47:47] - |D| - [1855] - C:\Users\admin\AppData\Local\This_War_of_Mine_(v3.0.3) [26/06/2018 20:21:19] - |D| - [925] - C:\Users\admin\AppData\Local\THQ [24/11/2016 09:54:34] - |D| - [16797005] - C:\Users\admin\AppData\Local\TileDataLayer [20/08/2017 13:09:27] - |D| - [759] - C:\Users\admin\AppData\Local\TrailsOfColdSteel1 [06/10/2017 21:38:43] - |D| - [927] - C:\Users\admin\AppData\Local\Treexy [02/08/2018 04:51:20] - |D| - [25270071] - C:\Users\admin\AppData\Local\TslGame [26/03/2017 19:47:07] - |D| - [3093119] - C:\Users\admin\AppData\Local\Turbine [15/05/2018 18:16:23] - |D| - [545838] - C:\Users\admin\AppData\Local\TurmoilSteam [26/11/2016 10:15:35] - |D| - [5206662] - C:\Users\admin\AppData\Local\Uber Entertainment [06/02/2017 20:24:59] - |D| - [4253] - C:\Users\admin\AppData\Local\Ubisoft Game Launcher [19/05/2017 12:17:41] - |D| - [0] - C:\Users\admin\AppData\Local\UNP [10/06/2018 13:05:45] - |D| - [13144] - C:\Users\admin\AppData\Local\Unravel [20/12/2016 20:21:49] - |D| - [324] - C:\Users\admin\AppData\Local\UnrealEngine [28/07/2017 00:10:18] - |D| - [0] - C:\Users\admin\AppData\Local\UnrealEngineLauncher [24/11/2016 09:54:34] - |D| - [0] - C:\Users\admin\AppData\Local\VirtualStore [31/03/2017 11:13:23] - |D| - [558652] - C:\Users\admin\AppData\Local\Warframe [23/02/2017 14:57:51] - |D| - [94208] - C:\Users\admin\AppData\Local\WB Games [30/04/2018 11:30:41] - |D| - [691395884] - C:\Users\admin\AppData\Local\WhatsApp [07/04/2018 12:20:45] - |D| - [10467471] - C:\Users\admin\AppData\Local\Windforge [02/07/2018 12:05:28] - |HD| - [1632031] - C:\Users\admin\AppData\Local\Windows Media Player [03/07/2018 10:39:48] - |HD| - [1632031] - C:\Users\admin\AppData\Local\Windows Media Player 11 [09/07/2018 00:16:30] - |HD| - [1632031] - C:\Users\admin\AppData\Local\Windows Workflow Foundation [10/07/2018 17:50:52] - |HD| - [1632031] - C:\Users\admin\AppData\Local\Windows.Config.Msi [16/12/2017 18:45:12] - |D| - [1252738] - C:\Users\admin\AppData\Local\YlandsLauncher [13/07/2018 14:17:30] - |D| - [126322] - C:\Users\admin\AppData\Local\ZHP [19/05/2018 20:59:19] - |D| - [3201839] - C:\Users\admin\AppData\Local\Zotero [02/06/2018 16:31:49] - |D| - [23329] - C:\Users\admin\AppData\LocalLow\3rd Eye Studios [08/05/2017 13:17:32] - |D| - [606] - C:\Users\admin\AppData\LocalLow\8 Points [13/03/2017 21:47:10] - |D| - [44032] - C:\Users\admin\AppData\LocalLow\Adobe [31/05/2017 19:19:23] - |D| - [563] - C:\Users\admin\AppData\LocalLow\Aerosoft [26/05/2017 11:41:47] - |D| - [13067] - C:\Users\admin\AppData\LocalLow\Airborne Games [12/12/2016 21:24:07] - |D| - [0] - C:\Users\admin\AppData\LocalLow\AMPLITUDE Studios [05/10/2017 15:55:40] - |D| - [5264890] - C:\Users\admin\AppData\LocalLow\Apoapsis Studios [16/12/2017 20:20:39] - |D| - [86846] - C:\Users\admin\AppData\LocalLow\Arachnid Games [28/06/2018 01:11:55] - |D| - [213326] - C:\Users\admin\AppData\LocalLow\Audiosurf, LLC [08/05/2018 18:28:23] - |D| - [2920] - C:\Users\admin\AppData\LocalLow\Audiosurf_ LLC [11/02/2018 13:58:07] - |D| - [1185] - C:\Users\admin\AppData\LocalLow\Berserk Games [02/07/2018 19:33:38] - |D| - [3593226] - C:\Users\admin\AppData\LocalLow\CampoSanto [31/05/2017 18:50:08] - |D| - [1133] - C:\Users\admin\AppData\LocalLow\Carbomb Software [15/04/2018 15:35:37] - |D| - [73799] - C:\Users\admin\AppData\LocalLow\CCCP [25/05/2018 18:11:12] - |D| - [2591554] - C:\Users\admin\AppData\LocalLow\Clarus Victoria [15/10/2017 21:15:13] - |D| - [9639475] - C:\Users\admin\AppData\LocalLow\CodeHorizon [04/02/2017 00:42:52] - |D| - [29280] - C:\Users\admin\AppData\LocalLow\Coffee Powered Machine [27/05/2018 00:11:04] - |D| - [28166] - C:\Users\admin\AppData\LocalLow\Contingent99 [01/01/2018 18:11:33] - |D| - [3386575] - C:\Users\admin\AppData\LocalLow\Craneballs [29/08/2018 23:55:39] - |D| - [36785] - C:\Users\admin\AppData\LocalLow\Crytivo Games Inc_ [31/05/2017 15:29:27] - |D| - [1200403] - C:\Users\admin\AppData\LocalLow\Daedalic Entertainment GmbH [25/11/2017 17:59:08] - |D| - [854849] - C:\Users\admin\AppData\LocalLow\Daybreak Game Company [27/09/2017 20:58:02] - |D| - [8975] - C:\Users\admin\AppData\LocalLow\DefaultCompany [19/04/2017 23:41:20] - |D| - [68904] - C:\Users\admin\AppData\LocalLow\DoMyBest [04/03/2017 14:53:06] - |D| - [262304] - C:\Users\admin\AppData\LocalLow\Dry Cactus [16/06/2018 16:45:30] - |D| - [32768] - C:\Users\admin\AppData\LocalLow\Eleon Game Studios [20/05/2018 15:36:13] - |D| - [1614434] - C:\Users\admin\AppData\LocalLow\Empyrean [20/09/2017 21:06:20] - |D| - [6] - C:\Users\admin\AppData\LocalLow\Evernote [07/10/2017 12:50:13] - |D| - [633] - C:\Users\admin\AppData\LocalLow\Every Single Soldier [22/07/2018 23:08:08] - |D| - [4299376] - C:\Users\admin\AppData\LocalLow\Evil Bite [26/11/2017 23:56:03] - |D| - [17297] - C:\Users\admin\AppData\LocalLow\Facepunch Studios LTD [09/05/2018 23:52:51] - |D| - [94893319] - C:\Users\admin\AppData\LocalLow\Failbetter Games [01/01/2018 18:35:05] - |D| - [1009] - C:\Users\admin\AppData\LocalLow\Fenix Fire Entertainment [01/10/2017 10:44:50] - |D| - [245144] - C:\Users\admin\AppData\LocalLow\Full Control [06/04/2018 18:09:54] - |D| - [374] - C:\Users\admin\AppData\LocalLow\Gaddy Games [13/08/2017 12:24:14] - |D| - [15134] - C:\Users\admin\AppData\LocalLow\Ghost Town Games [25/01/2017 13:53:53] - |D| - [672] - C:\Users\admin\AppData\LocalLow\Hinterland [04/03/2017 15:45:01] - |D| - [0] - C:\Users\admin\AppData\LocalLow\Iceberg Interactive [03/09/2017 19:15:45] - |D| - [842] - C:\Users\admin\AppData\LocalLow\IronOak Games [18/03/2018 15:00:11] - |D| - [582] - C:\Users\admin\AppData\LocalLow\Jujubee S_A_ [12/06/2018 22:32:11] - |D| - [27673902] - C:\Users\admin\AppData\LocalLow\JutsuGames [12/06/2018 21:09:08] - |D| - [6865] - C:\Users\admin\AppData\LocalLow\Killerfish Games [08/10/2017 13:52:50] - |D| - [20797] - C:\Users\admin\AppData\LocalLow\Kitfox Games [06/02/2018 23:00:31] - |D| - [63798] - C:\Users\admin\AppData\LocalLow\KK Game Studio [15/06/2018 15:24:28] - |D| - [0] - C:\Users\admin\AppData\LocalLow\Klei [21/05/2018 18:14:28] - |D| - [2263] - C:\Users\admin\AppData\LocalLow\Landfall [27/10/2017 16:39:29] - |D| - [6707] - C:\Users\admin\AppData\LocalLow\Landfall West [11/06/2018 14:32:04] - |D| - [25583483] - C:\Users\admin\AppData\LocalLow\Lazy Bear Games [09/07/2017 19:15:51] - |D| - [21895555] - C:\Users\admin\AppData\LocalLow\League of Geeks [24/05/2017 20:59:22] - |D| - [795] - C:\Users\admin\AppData\LocalLow\LionShield [17/02/2018 16:45:19] - |D| - [1129648] - C:\Users\admin\AppData\LocalLow\LionsShade [30/04/2017 14:01:05] - |D| - [958] - C:\Users\admin\AppData\LocalLow\Logic Artists [25/11/2016 20:50:37] - |D| - [91895395] - C:\Users\admin\AppData\LocalLow\Ludeon Studios [18/03/2017 17:21:03] - |D| - [219] - C:\Users\admin\AppData\LocalLow\LVGameDev LLC [06/05/2018 18:35:40] - |D| - [99709] - C:\Users\admin\AppData\LocalLow\MalkyrsStudio [22/05/2018 18:51:40] - |D| - [851160] - C:\Users\admin\AppData\LocalLow\Marmalade Game Studio [24/11/2016 10:34:28] - |SD| - [205891] - C:\Users\admin\AppData\LocalLow\Microsoft [28/12/2016 02:16:29] - |D| - [0] - C:\Users\admin\AppData\LocalLow\MohawkGames [25/11/2016 12:50:32] - |D| - [5627904] - C:\Users\admin\AppData\LocalLow\Mozilla [16/06/2018 12:27:22] - |D| - [796] - C:\Users\admin\AppData\LocalLow\NilsJakrins [11/04/2017 15:48:43] - |D| - [890215] - C:\Users\admin\AppData\LocalLow\noio [17/05/2018 20:39:25] - |D| - [3643027] - C:\Users\admin\AppData\LocalLow\Okomotive [05/06/2018 19:00:46] - |D| - [2632] - C:\Users\admin\AppData\LocalLow\Ominux Games [14/12/2016 14:34:01] - |D| - [202871082] - C:\Users\admin\AppData\LocalLow\Oracle [08/05/2017 15:31:09] - |D| - [8687] - C:\Users\admin\AppData\LocalLow\Playdead [23/06/2018 18:17:55] - |D| - [39226] - C:\Users\admin\AppData\LocalLow\PlayWay SA [21/05/2018 12:54:07] - |D| - [1710695] - C:\Users\admin\AppData\LocalLow\Popcannibal [26/05/2017 11:40:35] - |D| - [1413] - C:\Users\admin\AppData\LocalLow\RAC7 [26/02/2018 18:37:59] - |D| - [0] - C:\Users\admin\AppData\LocalLow\Reconnect Software LTD [15/12/2017 16:50:30] - |D| - [181709] - C:\Users\admin\AppData\LocalLow\Red Dot Games [23/07/2017 00:28:15] - |D| - [2610224] - C:\Users\admin\AppData\LocalLow\Red Thread Games [24/05/2018 21:11:40] - |D| - [5204] - C:\Users\admin\AppData\LocalLow\Redbeet Interactive [20/03/2017 13:59:30] - |D| - [0] - C:\Users\admin\AppData\LocalLow\Sauropod Studio [31/03/2018 18:55:07] - |D| - [581] - C:\Users\admin\AppData\LocalLow\SeithCG [01/10/2017 15:51:21] - |D| - [576] - C:\Users\admin\AppData\LocalLow\Si7 studio [22/01/2017 00:40:41] - |D| - [221419] - C:\Users\admin\AppData\LocalLow\SKS [22/03/2017 18:10:29] - |D| - [2373] - C:\Users\admin\AppData\LocalLow\Smartly Dressed Games [05/09/2017 23:22:53] - |D| - [1619] - C:\Users\admin\AppData\LocalLow\SOFF Games [25/04/2017 12:32:54] - |D| - [564053] - C:\Users\admin\AppData\LocalLow\SomaSim [03/09/2017 12:16:04] - |D| - [8162632] - C:\Users\admin\AppData\LocalLow\Square Enix [12/06/2018 16:49:20] - |D| - [15577120] - C:\Users\admin\AppData\LocalLow\Squeaky Wheel [12/06/2017 01:47:18] - |D| - [0] - C:\Users\admin\AppData\LocalLow\Strange Fire [07/02/2018 19:47:33] - |D| - [8385] - C:\Users\admin\AppData\LocalLow\Strange Loop Games [31/05/2017 20:44:32] - |D| - [620] - C:\Users\admin\AppData\LocalLow\Strategiae [22/08/2017 18:33:21] - |D| - [696] - C:\Users\admin\AppData\LocalLow\Subterranean Games [29/11/2016 15:27:25] - |D| - [15782] - C:\Users\admin\AppData\LocalLow\Sun [06/05/2018 21:39:22] - |D| - [26306525] - C:\Users\admin\AppData\LocalLow\Suncrash [13/06/2017 23:10:55] - |D| - [5002] - C:\Users\admin\AppData\LocalLow\SUPERHOT_Team [11/09/2017 17:50:55] - |D| - [1183] - C:\Users\admin\AppData\LocalLow\Tangled Mess Games [22/08/2017 15:00:28] - |D| - [130312] - C:\Users\admin\AppData\LocalLow\Team 17 Digital ltd_ [08/12/2016 00:31:43] - |D| - [0] - C:\Users\admin\AppData\LocalLow\Temp [31/05/2018 00:59:05] - |D| - [0] - C:\Users\admin\AppData\LocalLow\The Fullbright Company [28/04/2018 12:51:02] - |D| - [11941] - C:\Users\admin\AppData\LocalLow\The Irregular Corp [17/01/2017 16:17:20] - |D| - [1489] - C:\Users\admin\AppData\LocalLow\Thunder Lotus Games [29/08/2018 22:44:23] - |D| - [7743244] - C:\Users\admin\AppData\LocalLow\Two Point Studios [04/02/2017 00:01:08] - |D| - [1870306] - C:\Users\admin\AppData\LocalLow\U-Play online [04/07/2017 23:39:04] - |D| - [1053341683] - C:\Users\admin\AppData\LocalLow\Unity [23/02/2017 19:52:41] - |D| - [1460] - C:\Users\admin\AppData\LocalLow\Unknown Worlds [12/06/2017 12:49:49] - |D| - [261261] - C:\Users\admin\AppData\LocalLow\Weappy [08/10/2017 12:41:59] - |D| - [883491] - C:\Users\admin\AppData\LocalLow\Zillion Whales [16/07/2018 17:21:59] - |D| - [243362802] - C:\Users\admin\AppData\Roaming\.Caminelot [21/12/2016 16:49:41] - |D| - [1250240513] - C:\Users\admin\AppData\Roaming\.crusadercraft [29/11/2016 15:28:31] - |D| - [1129215855] - C:\Users\admin\AppData\Roaming\.metro2033 [29/11/2016 13:53:24] - |D| - [477219013] - C:\Users\admin\AppData\Roaming\.minecraft [27/01/2017 01:00:08] - |D| - [0] - C:\Users\admin\AppData\Roaming\.mono [23/07/2017 01:03:54] - |D| - [89] - C:\Users\admin\AppData\Roaming\.StarMade [14/12/2016 12:39:24] - |D| - [488013769] - C:\Users\admin\AppData\Roaming\.technic [21/12/2016 16:33:47] - |D| - [393639594] - C:\Users\admin\AppData\Roaming\.VoidLauncher [25/01/2017 16:44:49] - |D| - [2344] - C:\Users\admin\AppData\Roaming\10tons [18/03/2018 21:26:59] - |D| - [338] - C:\Users\admin\AppData\Roaming\11bitstudios [29/07/2017 23:35:31] - |D| - [13810] - C:\Users\admin\AppData\Roaming\2K Sports [07/03/2018 20:56:17] - |D| - [33312] - C:\Users\admin\AppData\Roaming\7DaysToDie [24/11/2016 09:54:34] - |D| - [3909335] - C:\Users\admin\AppData\Roaming\Adobe [05/10/2017 15:55:48] - |D| - [0] - C:\Users\admin\AppData\Roaming\Apoapsis Studios [10/06/2017 18:03:16] - |D| - [10472] - C:\Users\admin\AppData\Roaming\Aurora [08/10/2017 14:53:31] - |D| - [8910471] - C:\Users\admin\AppData\Roaming\AVAST Software [27/11/2016 19:56:10] - |D| - [46091474] - C:\Users\admin\AppData\Roaming\BitComet [26/05/2017 00:15:12] - |D| - [139372789] - C:\Users\admin\AppData\Roaming\Brotsoft [17/02/2018 15:39:15] - |D| - [192] - C:\Users\admin\AppData\Roaming\CitizenFX [29/08/2017 20:55:45] - |D| - [4529852] - C:\Users\admin\AppData\Roaming\Command and Conquer 3 Tiberium Wars [29/09/2017 23:09:51] - |D| - [0] - C:\Users\admin\AppData\Roaming\Crystal Dynamics [14/12/2016 12:52:38] - |D| - [0] - C:\Users\admin\AppData\Roaming\Curse [14/12/2016 12:52:46] - |AD| - [480373610] - C:\Users\admin\AppData\Roaming\Curse Client [20/12/2016 17:55:29] - |D| - [85] - C:\Users\admin\AppData\Roaming\DAEMON Tools Lite [14/07/2017 00:27:42] - |D| - [8253578] - C:\Users\admin\AppData\Roaming\DarkSoulsII [22/05/2017 17:47:11] - |D| - [186412314] - C:\Users\admin\AppData\Roaming\discord [02/07/2018 18:12:35] - |D| - [48155] - C:\Users\admin\AppData\Roaming\Doublefine [05/03/2017 23:19:32] - |D| - [2537] - C:\Users\admin\AppData\Roaming\Druide [12/12/2016 22:26:28] - |D| - [203] - C:\Users\admin\AppData\Roaming\dvdcss [30/06/2017 22:27:42] - |D| - [0] - C:\Users\admin\AppData\Roaming\Editor [01/02/2017 19:31:57] - |D| - [0] - C:\Users\admin\AppData\Roaming\Eidos Montreal [10/06/2017 16:13:07] - |D| - [20683452] - C:\Users\admin\AppData\Roaming\electron-quick-start [07/01/2018 11:57:38] - |D| - [19714933] - C:\Users\admin\AppData\Roaming\Factorio [19/12/2016 19:54:01] - |D| - [5612480] - C:\Users\admin\AppData\Roaming\Fatshark [10/09/2017 23:20:52] - |D| - [19681] - C:\Users\admin\AppData\Roaming\FileZilla [18/01/2017 14:24:38] - |D| - [4133131] - C:\Users\admin\AppData\Roaming\FiraxisLive [08/01/2017 21:24:42] - |D| - [48] - C:\Users\admin\AppData\Roaming\Frontier Developments [06/10/2017 20:53:47] - |D| - [27594] - C:\Users\admin\AppData\Roaming\Full Control [26/05/2017 00:15:06] - |A| - [38043440] - C:\Users\admin\AppData\Roaming\gameboxsetup.exe [22/12/2016 20:28:22] - |D| - [96076819] - C:\Users\admin\AppData\Roaming\GameRanger [02/06/2018 18:16:50] - |D| - [37] - C:\Users\admin\AppData\Roaming\GameSparks [17/01/2017 23:34:56] - |D| - [53743] - C:\Users\admin\AppData\Roaming\Goldhawk Interactive [29/12/2017 16:39:32] - |D| - [3250995] - C:\Users\admin\AppData\Roaming\HelloGames [23/06/2018 00:17:17] - |D| - [571916] - C:\Users\admin\AppData\Roaming\Io Interactive [06/10/2017 21:42:50] - |D| - [404356] - C:\Users\admin\AppData\Roaming\IObit [29/11/2016 13:53:25] - |D| - [0] - C:\Users\admin\AppData\Roaming\java [08/07/2018 17:38:01] - |D| - [46796] - C:\Users\admin\AppData\Roaming\kaiko [26/02/2017 14:34:58] - |D| - [14569056] - C:\Users\admin\AppData\Roaming\Kalypso Media [14/01/2018 15:23:51] - |D| - [577891] - C:\Users\admin\AppData\Roaming\Knights Saves [25/07/2017 21:28:23] - |D| - [460019] - C:\Users\admin\AppData\Roaming\Launcher CSP-IRG [01/06/2017 22:18:51] - |D| - [831016995] - C:\Users\admin\AppData\Roaming\LEGO Company [02/01/2018 23:27:26] - |D| - [334749] - C:\Users\admin\AppData\Roaming\Lionhead Studios [08/08/2018 13:54:16] - |D| - [7252] - C:\Users\admin\AppData\Roaming\Logishrd [08/08/2018 13:54:16] - |D| - [0] - C:\Users\admin\AppData\Roaming\Logitech [05/01/2017 15:44:27] - |D| - [2177] - C:\Users\admin\AppData\Roaming\Macromedia [21/03/2017 19:33:11] - |D| - [190747332] - C:\Users\admin\AppData\Roaming\MedievalEngineers [17/05/2018 18:40:11] - |SD| - [11362781] - C:\Users\admin\AppData\Roaming\Microsoft [27/05/2018 20:49:18] - |D| - [20] - C:\Users\admin\AppData\Roaming\Mirillis [18/01/2017 14:22:49] - |D| - [33066] - C:\Users\admin\AppData\Roaming\ModLauncherWPF [06/10/2017 16:21:07] - |D| - [0] - C:\Users\admin\AppData\Roaming\Monopoly Plus [27/11/2016 18:25:19] - |D| - [154741] - C:\Users\admin\AppData\Roaming\Mount&Blade Warband [06/01/2017 21:28:16] - |D| - [4] - C:\Users\admin\AppData\Roaming\Mount&Blade With Fire and Sword [25/11/2016 12:50:16] - |D| - [70402535] - C:\Users\admin\AppData\Roaming\Mozilla [21/08/2018 10:24:17] - |D| - [505437] - C:\Users\admin\AppData\Roaming\NCH Software [28/08/2017 01:40:55] - |D| - [2373] - C:\Users\admin\AppData\Roaming\Nidhogg [26/11/2016 10:15:38] - |D| - [34710592] - C:\Users\admin\AppData\Roaming\NVIDIA [04/02/2017 13:57:13] - |D| - [29536583] - C:\Users\admin\AppData\Roaming\OpenOffice [12/04/2017 12:30:50] - |D| - [21218] - C:\Users\admin\AppData\Roaming\Origin [11/05/2017 18:06:23] - |D| - [0] - C:\Users\admin\AppData\Roaming\Petroglyph [14/04/2018 13:16:25] - |D| - [2452] - C:\Users\admin\AppData\Roaming\PhotoFiltre 7 [05/03/2017 23:15:28] - |D| - [444588] - C:\Users\admin\AppData\Roaming\PixelPiracy [06/05/2018 20:52:32] - |D| - [72724804] - C:\Users\admin\AppData\Roaming\playstation-now [15/06/2018 15:36:18] - |D| - [413801] - C:\Users\admin\AppData\Roaming\Police Tactics Imperio [12/06/2018 21:15:30] - |D| - [913361] - C:\Users\admin\AppData\Roaming\Pro Cycling Manager 2017 [26/07/2017 14:15:28] - |D| - [41810028] - C:\Users\admin\AppData\Roaming\Promotion Software GmbH [01/01/2018 19:00:04] - |D| - [1423547] - C:\Users\admin\AppData\Roaming\rsilauncher [25/01/2017 16:50:31] - |D| - [2388246] - C:\Users\admin\AppData\Roaming\Running with rifles [06/10/2017 20:36:43] - |D| - [1150] - C:\Users\admin\AppData\Roaming\Search The Web [24/11/2016 10:35:06] - |D| - [76569795] - C:\Users\admin\AppData\Roaming\Skype [18/03/2017 17:21:05] - |D| - [2639] - C:\Users\admin\AppData\Roaming\SmartSteamEmu [06/05/2018 20:50:50] - |D| - [279] - C:\Users\admin\AppData\Roaming\Sony Interactive Entertainment Network America LLC [25/06/2017 01:11:36] - |D| - [54719234] - C:\Users\admin\AppData\Roaming\SpinTires [22/07/2017 15:30:58] - |D| - [0] - C:\Users\admin\AppData\Roaming\StarMade Launcher [07/12/2016 19:42:04] - |D| - [968247] - C:\Users\admin\AppData\Roaming\Steam [15/04/2018 16:07:55] - |D| - [65519005] - C:\Users\admin\AppData\Roaming\Stormworks [29/11/2016 15:27:25] - |D| - [0] - C:\Users\admin\AppData\Roaming\Sun [29/05/2017 13:37:49] - |D| - [2593] - C:\Users\admin\AppData\Roaming\Teeworlds [03/01/2017 18:23:53] - |D| - [108250798] - C:\Users\admin\AppData\Roaming\The Creative Assembly [08/04/2017 13:06:05] - |D| - [173206] - C:\Users\admin\AppData\Roaming\The Witness [04/09/2017 20:46:55] - |D| - [0] - C:\Users\admin\AppData\Roaming\The Zombie Infection [21/08/2018 10:24:23] - |A| - [1167] - C:\Users\admin\AppData\Roaming\trace_FilterInstaller.1.txt [21/08/2018 10:24:23] - |A| - [905] - C:\Users\admin\AppData\Roaming\trace_FilterInstaller.txt [21/08/2018 10:24:23] - |A| - [0] - C:\Users\admin\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt [27/05/2018 19:21:45] - |D| - [0] - C:\Users\admin\AppData\Roaming\trainerv [28/05/2018 18:18:31] - |D| - [211773320] - C:\Users\admin\AppData\Roaming\Transport Fever [06/10/2017 21:38:20] - |D| - [0] - C:\Users\admin\AppData\Roaming\Treexy [26/02/2017 14:35:00] - |D| - [28954988] - C:\Users\admin\AppData\Roaming\Tropico 5 [20/03/2017 13:41:34] - |D| - [484221] - C:\Users\admin\AppData\Roaming\Trove [07/09/2017 10:39:55] - |D| - [10820] - C:\Users\admin\AppData\Roaming\Twitch [27/11/2016 19:44:18] - |D| - [17719198] - C:\Users\admin\AppData\Roaming\uTorrent [12/06/2018 12:59:47] - |D| - [88] - C:\Users\admin\AppData\Roaming\v5.Menace RP [12/12/2016 22:26:33] - |D| - [87989] - C:\Users\admin\AppData\Roaming\vlc [27/12/2017 21:25:38] - |A| - [4666] - C:\Users\admin\AppData\Roaming\VoiceMeeterDefault.xml [21/03/2017 16:51:46] - |D| - [8350130] - C:\Users\admin\AppData\Roaming\Warner Bros. Interactive Entertainment [22/05/2018 15:00:51] - |D| - [2293382] - C:\Users\admin\AppData\Roaming\WB Games [26/06/2017 11:58:33] - |D| - [410] - C:\Users\admin\AppData\Roaming\WesteradoDB [30/04/2018 11:30:24] - |D| - [11969930] - C:\Users\admin\AppData\Roaming\WhatsApp [27/11/2016 22:17:56] - |D| - [12] - C:\Users\admin\AppData\Roaming\WinRAR [14/07/2018 00:16:14] - |D| - [4259387] - C:\Users\admin\AppData\Roaming\ZHP [19/05/2018 20:59:19] - |D| - [11219482] - C:\Users\admin\AppData\Roaming\Zotero [24/11/2016 09:54:34] - |SH| - [174] - C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini [17/05/2018 18:40:11] - |SHD| - [0] - C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes [24/11/2016 09:51:02] - |RD| - [58516] - C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [27/11/2016 19:47:17] - |A| - [876] - C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk [17/05/2018 18:40:11] - |RD| - [3888] - C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility [17/05/2018 18:40:11] - |RD| - [2805] - C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [24/11/2016 09:54:34] - |RD| - [174] - C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [24/06/2017 20:34:06] - |D| - [1209] - C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AGOT [05/09/2017 18:33:08] - |D| - [1253] - C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive [17/05/2018 18:40:11] - |SH| - [264] - C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini [13/08/2017 11:33:33] - |D| - [2247] - C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc [28/05/2018 14:42:29] - |A| - [2035] - C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FiveM Singleplayer.lnk [28/05/2018 14:42:29] - |A| - [2027] - C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FiveM.lnk [22/12/2016 20:28:22] - |A| - [1105] - C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameRanger.lnk [25/05/2017 15:27:37] - |D| - [2247] - C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc [17/05/2018 18:40:11] - |D| - [170] - C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [30/08/2018 23:35:02] - |A| - [1370] - C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\McAfee WebAdvisor.lnk [28/05/2017 01:53:07] - |D| - [1559] - C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mount&Blade Warband [14/04/2018 13:16:24] - |D| - [3292] - C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PhotoFiltre 7 [31/05/2017 23:21:13] - |D| - [0] - C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Quadriga Games [25/09/2017 19:58:31] - |A| - [597] - C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RAM Cheat.lnk [24/11/2016 09:54:34] - |RD| - [1010] - C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [17/05/2018 18:40:11] - |RD| - [3496] - C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools [28/05/2017 00:51:15] - |D| - [0] - C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Elder Scrolls Online [21/01/2017 22:12:44] - |D| - [1221] - C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Third Age - Total War 3.0 (Part 1of2) [21/01/2017 22:14:51] - |D| - [1221] - C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Third Age - Total War 3.0 (Part 2of2) [07/09/2017 10:39:48] - |A| - [990] - C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Twitch.lnk [06/02/2017 20:24:59] - |D| - [1957] - C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft [27/12/2017 21:19:57] - |D| - [9051] - C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VB Audio [30/04/2018 11:30:45] - |D| - [2275] - C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp [17/05/2018 18:40:11] - |RD| - [7754] - C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell [27/11/2016 22:17:40] - |D| - [3299] - C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [24/11/2016 09:54:34] - |SH| - [174] - C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini [20/09/2017 21:14:17] - |A| - [836] - C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk ---------- | [Public] [24/11/2016 09:54:34] - |RHD| - [196] - C:\Users\Public\AccountPictures [16/07/2016 13:47:48] - |RHD| - [33936] - C:\Users\Public\Desktop [12/04/2018 01:38:24] - |ASH| - [174] - C:\Users\Public\desktop.ini [16/07/2016 13:47:48] - |RD| - [125839562] - C:\Users\Public\Documents [16/07/2016 13:47:48] - |RD| - [174] - C:\Users\Public\Downloads [12/04/2018 01:38:20] - |RHD| - [1135] - C:\Users\Public\Libraries [16/07/2016 13:47:48] - |RD| - [380] - C:\Users\Public\Music [16/07/2016 13:47:48] - |RD| - [1263209] - C:\Users\Public\Pictures [16/07/2016 13:47:48] - |RD| - [380] - C:\Users\Public\Videos ---------- | C:\ProgramData [12/05/2017 00:39:40] - |D| - [0] - C:\ProgramData\.mono [13/03/2017 21:41:54] - |D| - [363522726] - C:\ProgramData\Adobe [08/12/2017 20:31:59] - |D| - [0] - C:\ProgramData\Age of Empires 3 [17/05/2018 18:45:25] - |SHD| - [0] - C:\ProgramData\Application Data [25/11/2016 12:54:24] - |D| - [401451411] - C:\ProgramData\AVAST Software [27/07/2017 18:01:05] - |D| - [14250198] - C:\ProgramData\Battle.net [27/07/2017 18:06:23] - |D| - [1420418] - C:\ProgramData\Blizzard Entertainment [10/12/2016 21:41:30] - |D| - [0] - C:\ProgramData\Bohemia Interactive [05/09/2017 18:52:54] - |D| - [0] - C:\ProgramData\Bohemia Interactive Studio [24/11/2016 09:41:25] - |SHD| - [0] - C:\ProgramData\Bureau [03/05/2017 22:02:28] - |D| - [0] - C:\ProgramData\Codemasters [16/07/2016 13:47:48] - |D| - [0] - C:\ProgramData\Comms [20/12/2016 17:53:50] - |D| - [3020] - C:\ProgramData\DAEMON Tools Lite [17/05/2018 18:45:25] - |SHD| - [0] - C:\ProgramData\Documents [04/01/2018 23:28:26] - |SHD| - [34365] - C:\ProgramData\DSS [09/07/2017 21:18:33] - |D| - [0] - C:\ProgramData\Elder Scrolls Online [28/08/2017 01:03:40] - |D| - [2771] - C:\ProgramData\Electronic Arts [28/07/2017 00:10:10] - |D| - [35800534] - C:\ProgramData\Epic [23/12/2016 16:42:33] - |D| - [482953214] - C:\ProgramData\Firefly Studios [24/05/2018 23:27:31] - |D| - [8961702] - C:\ProgramData\For Honor Data [31/08/2017 18:33:02] - |D| - [705765] - C:\ProgramData\GOG.com [17/01/2017 23:34:56] - |D| - [0] - C:\ProgramData\Goldhawk Interactive [12/07/2018 10:24:07] - |D| - [85560616] - C:\ProgramData\Jagex [09/05/2018 13:27:08] - |D| - [0] - C:\ProgramData\KONAMI [05/04/2017 12:05:41] - |D| - [0] - C:\ProgramData\LogMeIn [14/07/2018 10:50:57] - |D| - [105293913] - C:\ProgramData\Malwarebytes [15/08/2018 17:14:12] - |D| - [261982] - C:\ProgramData\McAfee [01/01/2018 17:17:45] - |D| - [9805499] - C:\ProgramData\MegaTrainerUltimate [24/11/2016 09:41:25] - |SHD| - [0] - C:\ProgramData\Menu Démarrer [12/04/2018 01:38:20] - |SD| - [1510902155] - C:\ProgramData\Microsoft [21/07/2017 14:36:19] - |D| - [69174] - C:\ProgramData\Microsoft Help [17/05/2018 18:47:46] - |D| - [25] - C:\ProgramData\Microsoft OneDrive [19/12/2016 19:54:03] - |A| - [141] - C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc [27/05/2018 20:49:18] - |D| - [20] - C:\ProgramData\Mirillis [24/11/2016 09:41:25] - |SHD| - [0] - C:\ProgramData\Modèles [06/10/2017 16:21:07] - |D| - [273064] - C:\ProgramData\Monopoly Plus [12/06/2017 12:32:42] - |D| - [4455245] - C:\ProgramData\NVIDIA [12/06/2017 12:32:40] - |D| - [1528845674] - C:\ProgramData\NVIDIA Corporation [29/11/2016 15:27:15] - |D| - [72369217] - C:\ProgramData\Oracle [02/05/2017 15:21:28] - |D| - [50821] - C:\ProgramData\Orbit [04/03/2017 14:09:39] - |D| - [439321033] - C:\ProgramData\Origin [24/11/2016 11:35:24] - |D| - [119211367] - C:\ProgramData\Package Cache [10/07/2018 18:30:30] - |D| - [0] - C:\ProgramData\Packages [04/07/2017 22:49:56] - |D| - [259] - C:\ProgramData\Planet Coaster [06/10/2017 21:43:32] - |D| - [121] - C:\ProgramData\ProductData [25/06/2017 23:40:45] - |D| - [1703] - C:\ProgramData\regid.1986-12.com.adobe [12/04/2018 01:38:20] - |D| - [2060] - C:\ProgramData\regid.1991-06.com.microsoft [12/07/2018 11:32:51] - |D| - [6969814] - C:\ProgramData\RogueKiller [01/04/2017 15:19:30] - |D| - [45527040] - C:\ProgramData\Skype [28/05/2018 14:49:42] - |D| - [2220] - C:\ProgramData\Socialclub [12/04/2018 01:38:20] - |D| - [0] - C:\ProgramData\SoftwareDistribution [24/04/2017 23:53:38] - |D| - [1050] - C:\ProgramData\Solidshield [22/05/2017 18:24:04] - |D| - [52553728] - C:\ProgramData\SquirrelMachineInstalls [28/12/2016 02:16:33] - |D| - [4475380] - C:\ProgramData\Stardock [28/12/2016 02:16:31] - |D| - [9209143] - C:\ProgramData\Steam [06/10/2017 21:38:43] - |D| - [0] - C:\ProgramData\Treexy [03/08/2018 12:32:30] - |D| - [38719198] - C:\ProgramData\TruckersMP [25/01/2018 22:45:23] - |D| - [4170048] - C:\ProgramData\Twitch [12/04/2018 01:38:20] - |D| - [9387] - C:\ProgramData\USOPrivate [17/05/2018 18:40:59] - |D| - [3035136] - C:\ProgramData\USOShared [12/04/2018 18:23:20] - |D| - [0] - C:\ProgramData\WindowsHolographicDevices ---------- | C:\ProgramData\Microsoft\Windows\Start Menu [12/04/2018 01:38:24] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini [24/11/2016 09:41:25] - |SHD| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programmes [12/04/2018 01:38:20] - |RD| - [225960] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs [02/08/2018 12:14:09] - |D| - [1392] - C:\ProgramData\Microsoft\Windows\Start Menu\Tyranid Mod for Soulstorm ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs [12/04/2018 01:38:20] - |RD| - [1614] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility [12/04/2018 01:38:20] - |RD| - [14299] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories [17/04/2017 11:58:58] - |A| - [2457] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk [13/03/2017 21:42:09] - |A| - [2457] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk [12/04/2018 01:38:20] - |RD| - [24631] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [05/03/2017 23:20:27] - |D| - [3601] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antidote [08/10/2017 14:53:28] - |A| - [1048] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Antivirus Gratuit.lnk [27/11/2016 19:55:33] - |D| - [2483] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitComet (64-bit) [30/05/2018 21:44:16] - |D| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Call of Duty Modern Warfare 2 [26/02/2017 11:37:59] - |D| - [963] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [28/08/2017 01:08:51] - |D| - [1741] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Command & Conquer Stargate Universe [20/12/2016 17:55:29] - |D| - [944] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite [12/04/2018 01:38:24] - |ASH| - [530] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini [06/10/2017 21:38:38] - |D| - [581] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Fusion [16/06/2018 13:38:34] - |D| - [6901] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES [20/09/2017 21:06:19] - |D| - [2541] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote [02/08/2018 15:40:25] - |D| - [2927] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Farming Simulator 2017 [10/09/2017 23:19:48] - |D| - [1791] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client [05/07/2018 20:34:46] - |A| - [1005] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk [10/08/2018 12:29:40] - |D| - [1220] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps [09/03/2017 17:02:19] - |D| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games [12/04/2018 01:35:21] - |RAS| - [2349] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk [12/07/2018 10:23:02] - |D| - [177] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jagex [29/11/2016 15:27:23] - |D| - [6886] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java [14/12/2016 14:34:11] - |D| - [2235] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit [25/07/2017 21:28:15] - |A| - [2631] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Launcher CSP-IRG.lnk [01/06/2017 22:17:26] - |D| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LEGO Company [08/08/2018 13:54:29] - |D| - [2679] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech [16/07/2018 23:07:40] - |D| - [2421] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [27/05/2018 15:27:13] - |D| - [2008] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LSPD First Response [12/04/2018 01:38:20] - |D| - [170] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance [14/07/2018 10:51:01] - |D| - [3896] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes [01/01/2018 17:17:44] - |D| - [1152] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MegaTrainerUltimate [28/04/2017 15:32:03] - |D| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Metal Gear Solid V The Phantom Pain [21/07/2017 14:37:22] - |D| - [51889] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 [19/12/2016 20:19:05] - |D| - [6887] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Xbox 360 Accessories [29/11/2016 13:32:49] - |D| - [788] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft [27/05/2018 20:48:50] - |D| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mirillis [09/06/2018 17:30:24] - |D| - [4624] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Monte Cristo [03/07/2018 11:49:31] - |D| - [3122] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager [05/07/2018 17:38:39] - |D| - [6599] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [04/02/2017 13:57:00] - |SD| - [7392] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.3 [12/04/2017 12:30:37] - |D| - [3424] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin [25/06/2017 20:56:29] - |A| - [898] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk [06/05/2018 20:52:12] - |D| - [831] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayStation™Now [16/07/2018 17:48:49] - |D| - [1978] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pro Evolution Soccer 2018 [01/07/2017 13:58:39] - |D| - [1567] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrtScr [01/01/2018 18:59:58] - |D| - [1294] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roberts Space Industries [12/07/2018 11:32:31] - |D| - [917] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller [01/04/2017 15:19:32] - |D| - [2137] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [13/07/2018 19:16:08] - |D| - [935] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy [12/04/2018 01:38:20] - |RD| - [763] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp [25/11/2016 13:04:16] - |D| - [800] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [12/04/2018 01:38:20] - |RD| - [1458] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools [23/07/2018 12:48:07] - |D| - [3689] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ [03/08/2018 10:54:01] - |D| - [803] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TruckersMP Launcher [02/08/2018 12:14:09] - |D| - [984] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tyranid Mod for Soulstorm [27/12/2017 21:19:57] - |D| - [8925] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VB Audio [12/12/2016 22:26:10] - |D| - [7188] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [17/05/2018 18:40:58] - |A| - [1576] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk [27/11/2016 22:17:40] - |D| - [3299] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [19/05/2018 20:59:11] - |A| - [855] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zotero.lnk ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [27/02/2017 18:42:12] - |A| - [589] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [12/04/2018 01:38:24] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | C:\Program Files (x86) [03/09/2017 16:47:09] - |D| - [61066] - C:\Program Files (x86)\3dm_game_files [13/03/2017 21:42:04] - |D| - [283906799] - C:\Program Files (x86)\Adobe [12/04/2018 01:38:20] - |D| - [328074260] - C:\Program Files (x86)\Common Files [12/04/2018 01:38:24] - |ASH| - [174] - C:\Program Files (x86)\desktop.ini [05/03/2017 23:19:32] - |D| - [34583649] - C:\Program Files (x86)\Druide [24/05/2018 23:27:24] - |D| - [1637192] - C:\Program Files (x86)\EasyAntiCheat [23/12/2016 16:42:20] - |D| - [258] - C:\Program Files (x86)\GameSpy Arcade [31/03/2018 18:27:16] - |D| - [0] - C:\Program Files (x86)\GOG Galaxy [20/03/2017 11:49:39] - |D| - [0] - C:\Program Files (x86)\Google [28/08/2017 00:31:29] - |HD| - [16440266] - C:\Program Files (x86)\InstallShield Installation Information [01/10/2017 13:30:26] - |D| - [3583900] - C:\Program Files (x86)\Intel [12/04/2018 01:38:20] - |D| - [2007027] - C:\Program Files (x86)\Internet Explorer [29/11/2016 15:27:13] - |D| - [357954072] - C:\Program Files (x86)\Java [25/07/2017 21:28:15] - |D| - [4768082] - C:\Program Files (x86)\Launcher MOD CSP-IRG [16/07/2018 23:07:40] - |D| - [6241641] - C:\Program Files (x86)\LogMeIn Hamachi [15/08/2018 17:14:44] - |D| - [25364637] - C:\Program Files (x86)\McAfee [21/07/2017 14:36:23] - |D| - [102815591] - C:\Program Files (x86)\Microsoft Analysis Services [15/01/2018 18:16:11] - |D| - [3637248] - C:\Program Files (x86)\Microsoft Chart Controls [21/07/2017 14:36:21] - |D| - [98365963] - C:\Program Files (x86)\Microsoft Office [21/07/2017 14:37:10] - |D| - [30160] - C:\Program Files (x86)\Microsoft SQL Server [25/01/2017 17:50:24] - |D| - [6076507] - C:\Program Files (x86)\Microsoft XNA [12/04/2018 01:38:20] - |D| - [8854863] - C:\Program Files (x86)\Microsoft.NET [27/05/2018 20:48:47] - |D| - [0] - C:\Program Files (x86)\Mirillis [24/04/2017 23:46:26] - |AD| - [279248] - C:\Program Files (x86)\Mozilla Firefox [05/07/2018 20:34:46] - |D| - [289734] - C:\Program Files (x86)\Mozilla Maintenance Service [17/05/2018 19:33:49] - |D| - [25757] - C:\Program Files (x86)\MSBuild [12/06/2017 12:32:37] - |D| - [314281948] - C:\Program Files (x86)\NVIDIA Corporation [25/01/2017 16:50:30] - |D| - [809496] - C:\Program Files (x86)\OpenAL [04/02/2017 13:56:55] - |AD| - [326647949] - C:\Program Files (x86)\OpenOffice 4 [12/04/2017 12:30:33] - |AD| - [372338568] - C:\Program Files (x86)\Origin [12/04/2017 12:38:19] - |D| - [0] - C:\Program Files (x86)\Origin Games [17/05/2018 19:33:49] - |D| - [38454529] - C:\Program Files (x86)\Reference Assemblies [10/01/2017 18:12:21] - |D| - [83008331] - C:\Program Files (x86)\Rockstar Games [01/04/2017 15:19:31] - |RD| - [92359749] - C:\Program Files (x86)\Skype [28/08/2017 01:08:26] - |D| - [809765] - C:\Program Files (x86)\Syton Entertainment [12/06/2017 12:32:41] - |HD| - [0] - C:\Program Files (x86)\Uninstall Information [27/12/2017 21:19:35] - |D| - [35224383] - C:\Program Files (x86)\VB [12/12/2016 22:26:05] - |D| - [181798040] - C:\Program Files (x86)\VideoLAN [05/07/2018 17:38:11] - |D| - [15091] - C:\Program Files (x86)\VulkanRT [12/04/2018 01:38:20] - |D| - [1780768] - C:\Program Files (x86)\Windows Defender [12/04/2018 01:38:20] - |D| - [625664] - C:\Program Files (x86)\Windows Mail [12/04/2018 18:19:21] - |D| - [3254215] - C:\Program Files (x86)\Windows Media Player [12/04/2018 01:38:20] - |D| - [40328] - C:\Program Files (x86)\Windows Multimedia Platform [12/04/2018 01:38:20] - |D| - [7556440] - C:\Program Files (x86)\windows nt [12/04/2018 01:38:20] - |D| - [5370120] - C:\Program Files (x86)\Windows Photo Viewer [12/04/2018 01:38:20] - |D| - [40328] - C:\Program Files (x86)\Windows Portable Devices [12/04/2018 01:38:20] - |SHD| - [0] - C:\Program Files (x86)\Windows Sidebar [12/04/2018 01:38:20] - |D| - [2251159] - C:\Program Files (x86)\WindowsPowerShell [28/05/2017 00:51:08] - |HD| - [5067] - C:\Program Files (x86)\Zero G Registry ---------- | C:\Program Files [27/11/2016 19:55:31] - |AD| - [29348041] - C:\Program Files\BitComet [26/02/2017 11:37:58] - |AD| - [37650872] - C:\Program Files\CCleaner [12/04/2018 01:38:20] - |D| - [410189379] - C:\Program Files\Common Files [20/12/2016 17:55:27] - |D| - [37567959] - C:\Program Files\DAEMON Tools Lite [12/04/2018 01:38:23] - |ASH| - [174] - C:\Program Files\desktop.ini [06/05/2018 20:52:11] - |D| - [1044968] - C:\Program Files\DIFX [24/11/2016 09:41:25] - |SHD| - [0] - C:\Program Files\Fichiers communs [01/10/2017 13:30:16] - |D| - [0] - C:\Program Files\Intel [12/04/2018 01:38:20] - |D| - [2639358] - C:\Program Files\internet explorer [14/12/2016 14:34:05] - |D| - [369688079] - C:\Program Files\Java [08/08/2018 13:54:29] - |D| - [14782557] - C:\Program Files\Logitech [14/07/2018 10:50:57] - |D| - [162139669] - C:\Program Files\Malwarebytes [21/07/2017 14:36:23] - |D| - [120126431] - C:\Program Files\Microsoft Analysis Services [21/07/2017 14:36:20] - |AD| - [1306217371] - C:\Program Files\Microsoft Office [21/07/2017 14:37:01] - |D| - [35280] - C:\Program Files\Microsoft SQL Server [19/12/2016 20:19:05] - |AD| - [8087955] - C:\Program Files\Microsoft Xbox 360 Accessories [21/07/2017 14:37:10] - |D| - [678864] - C:\Program Files\Microsoft.NET [05/07/2018 20:34:44] - |D| - [153159927] - C:\Program Files\Mozilla Firefox [17/05/2018 19:33:49] - |D| - [25757] - C:\Program Files\MSBuild [03/07/2018 11:49:30] - |D| - [25839919] - C:\Program Files\Nexus Mod Manager [12/06/2017 12:32:37] - |D| - [2840395245] - C:\Program Files\NVIDIA Corporation [12/06/2017 12:32:51] - |D| - [17485144] - C:\Program Files\Realtek [17/05/2018 19:33:49] - |D| - [36854953] - C:\Program Files\Reference Assemblies [10/01/2017 18:12:14] - |D| - [157395115] - C:\Program Files\Rockstar Games [12/07/2018 11:32:28] - |D| - [52984128] - C:\Program Files\RogueKiller [13/07/2018 19:16:08] - |D| - [15217952] - C:\Program Files\Speccy [24/11/2016 09:40:32] - |HD| - [0] - C:\Program Files\Uninstall Information [19/05/2017 10:02:45] - |AD| - [6553600] - C:\Program Files\UNP [27/12/2017 21:19:48] - |D| - [1800502] - C:\Program Files\VB [12/04/2018 01:38:20] - |RD| - [32777691] - C:\Program Files\Windows Defender [12/04/2018 01:38:20] - |D| - [635392] - C:\Program Files\Windows Mail [12/04/2018 18:19:21] - |D| - [4783083] - C:\Program Files\Windows Media Player [12/04/2018 01:38:20] - |D| - [46576] - C:\Program Files\Windows Multimedia Platform [12/04/2018 01:38:20] - |D| - [7823192] - C:\Program Files\windows nt [12/04/2018 01:38:20] - |D| - [6170376] - C:\Program Files\Windows Photo Viewer [12/04/2018 01:38:20] - |D| - [46576] - C:\Program Files\Windows Portable Devices [12/04/2018 01:38:20] - |D| - [106165] - C:\Program Files\Windows Security [12/04/2018 01:38:20] - |SHD| - [0] - C:\Program Files\Windows Sidebar [12/04/2018 01:38:20] - |HD| - [35867793577] - C:\Program Files\WindowsApps [12/04/2018 01:38:20] - |D| - [2501953] - C:\Program Files\WindowsPowerShell ---------- | C:\Program Files (x86)\Common Files [13/03/2017 21:42:04] - |AD| - [124786392] - C:\Program Files (x86)\Common Files\Adobe [27/01/2017 13:17:07] - |D| - [0] - C:\Program Files (x86)\Common Files\AV [10/12/2016 21:41:20] - |D| - [38153056] - C:\Program Files (x86)\Common Files\BattlEye [12/04/2017 19:10:50] - |HD| - [9350] - C:\Program Files (x86)\Common Files\EAInstaller [28/08/2017 00:23:38] - |D| - [5179622] - C:\Program Files (x86)\Common Files\InstallShield [01/10/2017 13:30:15] - |D| - [0] - C:\Program Files (x86)\Common Files\Intel [03/07/2018 17:14:48] - |D| - [1948384] - C:\Program Files (x86)\Common Files\Java [15/08/2018 17:14:47] - |D| - [1031928] - C:\Program Files (x86)\Common Files\McAfee [12/04/2018 01:38:20] - |D| - [132798631] - C:\Program Files (x86)\Common Files\microsoft shared [03/07/2018 17:14:18] - |D| - [1370800] - C:\Program Files (x86)\Common Files\Oracle [12/04/2018 01:38:20] - |D| - [2702] - C:\Program Files (x86)\Common Files\Services [06/09/2017 14:03:16] - |AD| - [2574296] - C:\Program Files (x86)\Common Files\Skype [25/11/2016 13:04:17] - |D| - [3989056] - C:\Program Files (x86)\Common Files\Steam [24/07/2017 21:20:26] - |D| - [0] - C:\Program Files (x86)\Common Files\SWF Studio [12/04/2018 01:38:20] - |D| - [16230043] - C:\Program Files (x86)\Common Files\system ---------- | C:\Program Files\Common files [25/06/2017 23:39:40] - |D| - [247232] - C:\Program Files\Common files\Adobe [27/01/2017 13:17:07] - |D| - [0] - C:\Program Files\Common files\AV [06/12/2017 20:21:09] - |D| - [2022264] - C:\Program Files\Common files\Avast Software [21/07/2017 14:37:14] - |AD| - [14488] - C:\Program Files\Common files\DESIGNER [08/04/2017 17:23:23] - |HD| - [4779628] - C:\Program Files\Common files\EAInstaller [08/08/2018 13:54:29] - |D| - [1506543] - C:\Program Files\Common files\Logitech [12/04/2018 01:38:20] - |D| - [390814935] - C:\Program Files\Common files\microsoft shared [12/04/2018 01:38:20] - |D| - [2702] - C:\Program Files\Common files\Services [12/04/2018 01:38:20] - |D| - [10801587] - C:\Program Files\Common files\system ---------- | Tasks [MD5.9B0476D240BFC4E4B5D166E1FA356746] - [12/07/2018 12:04:33] - |A| - [214] - C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job [MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [17/05/2018 18:45:23] - |AH| - [6] - C:\WINDOWS\Tasks\SA.DAT [MD5.C8FE39A7A0367D7219D5E7CB8E459F27] - [17/05/2018 18:45:23] - |A| - [4562] - C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task : C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [MD5.2F54AF60A3C91B6497CD0940CDE045D0] - [19/06/2018 21:13:49] - |A| - [4750] - C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier : C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_113_Plugin.exe [MD5.5580E5FC38393D83B2404A5251AE6708] - [17/05/2018 18:45:23] - |A| - [4560] - C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater : C:\Windows\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [MD5.E78778888243F36EDFCE598FA95671B0] - [17/05/2018 18:45:23] - |A| - [2726] - C:\WINDOWS\System32\Tasks\AdobeGCInvoker-1.0-DESKTOP-CDDJ7U6-admin : C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [MD5.32F611DBDBEF07AC03D5FE854E955F2A] - [17/05/2018 18:45:23] - |A| - [3990] - C:\WINDOWS\System32\Tasks\Avast Emergency Update : D:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [MD5.00000000000000000000000000000000] - [17/05/2018 18:45:23] - |D| - [3990] - C:\WINDOWS\System32\Tasks\Avast Software [MD5.2644AC9836A2990567EC8A270CCF06EB] - [03/07/2018 17:13:51] - |A| - [4210] - C:\WINDOWS\System32\Tasks\CCleaner Update : C:\Program Files\CCleaner\CCUpdate.exe [MD5.0CA4EE94A52ED58CE4F78400520841C9] - [17/05/2018 18:45:23] - |A| - [2218] - C:\WINDOWS\System32\Tasks\CCleanerSkipUAC : "C:\Program Files\CCleaner\CCleaner.exe" [MD5.00000000000000000000000000000000] - [12/04/2018 01:38:21] - |D| - [564070] - C:\WINDOWS\System32\Tasks\Microsoft [MD5.7684B16B746A0874BC014A2BBE8FF10A] - [17/05/2018 18:45:23] - |A| - [5346] - C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for DESKTOP-CDDJ7U6-admin DESKTOP-CDDJ7U6 : C:\Program Files\Microsoft Office\Office15\MsoSync.exe [MD5.00000000000000000000000000000000] - [21/08/2018 10:24:25] - |D| - [0] - C:\WINDOWS\System32\Tasks\NCH Software [MD5.3FCF5E0D7D1D01D2FDE412AC20D2ED17] - [05/07/2018 17:38:37] - |A| - [4106] - C:\WINDOWS\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [MD5.213CC36ABEA99A751F6EA99143433B51] - [05/07/2018 17:38:37] - |A| - [4308] - C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [MD5.F55B2F72E563AB4B2C6F011BD0C0A3BC] - [05/07/2018 17:38:39] - |A| - [3976] - C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : "C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe" [MD5.9200A7AEAD4C78C61F5CA9964667C70D] - [05/07/2018 17:38:39] - |A| - [3940] - C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [MD5.8C8456B8171598971C73F775E9661172] - [05/07/2018 17:38:36] - |A| - [3894] - C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [MD5.4C1943F7A098FE04B84E9B3BDC3715BF] - [05/07/2018 17:38:36] - |A| - [3654] - C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [MD5.2D62DE7DD46269BF68D84A2724403FB5] - [05/07/2018 17:38:36] - |A| - [3858] - C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [MD5.C7DBA64EC38D0FC93FDA2E7538268795] - [05/07/2018 17:38:36] - |A| - [3926] - C:\WINDOWS\System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [MD5.2F4B9E842EA1C4D06006070698319052] - [05/07/2018 17:38:36] - |A| - [3926] - C:\WINDOWS\System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [MD5.3189EE5BABC0C8D0D420FF169C572B2E] - [05/07/2018 17:38:36] - |A| - [3926] - C:\WINDOWS\System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [MD5.09574C7581EE0362E2069462D8351BE8] - [05/07/2018 17:38:36] - |A| - [3866] - C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [MD5.00000000000000000000000000000000] - [27/05/2018 13:46:57] - |D| - [4522] - C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform [MD5.28DA067A595FE2094CEFEE8AAA5B85B3] - [17/05/2018 18:45:23] - |A| - [3378] - C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D72997FA-7E45-4607-A00B-E96138BB21CA} : C:\Windows\system32\msfeedssync.exe [MD5.00000000000000000000000000000000] - [12/04/2018 01:38:21] - |D| - [0] - C:\WINDOWS\Syswow64\Tasks\Microsoft ---------- | Firewall [HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules] ""= "{F8D36B9E-AA1C-4725-A593-6B0824C67355}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=D:\Program Files\AVAST Software\Avast\AvEmUpdate.exe|Name=Avast Emergency Update| "{F3CB2DC8-32A4-49D1-8814-01777DBFE122}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=D:\Program Files\AVAST Software\Avast\AvEmUpdate.exe|Name=Avast Emergency Update| ---------- | Control\Class [HKLM\SYSTEM\CurrentControlSet\Control\Class\{05f5cfe2-4733-4950-a6bb-07aad01a3a84}] : (XboxComposite) [] -> @dc1-controller.inf,%ClassName%;Xbox Peripherals [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1264760F-A5C8-4BFE-B314-D56A7B44A362}] : (DXGKrnl) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{13e42dfa-85d9-424d-8646-28a70f864f9c}] : (RemotePosDevice) [] -> @remoteposdrv.inf,%ClassName%;POS Remote Device [HKLM\SYSTEM\CurrentControlSet\Control\Class\{14b62f50-3f15-11dd-ae16-0800200c9a66}] : (DigitalMediaDevices) [] -> @digitalmediadevice.inf,%ClassName%;Digital Media Devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}] : (PrintQueue) [] -> @printqueue.inf,%ClassName%;Print queues [HKLM\SYSTEM\CurrentControlSet\Control\Class\{25dbce51-6c8f-4a72-8a6d-b54c2b4fc835}] : (WCEUSBS) [] -> @%SystemRoot%\System32\SysClass.Dll,-3026 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{268c95a1-edfe-11d3-95c3-0010dc4050a5}] : (SecurityAccelerator) [] -> @c_sslaccel.inf,%ClassName%;Security accelerators [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2a9fe532-0cdc-44f9-9827-76192f2ca2fb}] : (HidMsr) [] -> @c_magneticstripereader.inf,%ClassName%;POS HID Magnetic Stripe Reader [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2db15374-706e-4131-a0c7-d7c78eb0289a}] : (SystemRecovery) [] -> @c_fssystemrecovery.inf,%ClassDesc%;FS System recovery filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B648}] : (fvevol) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B649}] : (fvevol) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{36fc9e60-c465-11cf-8056-444553540000}] : (USB) [] -> @%SystemRoot%\System32\SysClass.Dll,-3025 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3e3f0674-c83c-4558-bb26-9820e1eba5c5}] : (ContentScreener) [] -> @c_fscontentscreener.inf,%ClassDesc%;FS Content screener filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{43675d81-502a-4a82-9f84-b75f418c5dea}] : (Media Center Extender) [] -> @c_mcx.inf,%ClassDesc%;Media Center Extenders [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4658ee7e-f050-11d1-b6bd-00c04fa372a7}] : (PnpPrinters) [] -> @%SystemRoot%\system32\ntprint.dll,-1300 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{48721b56-6795-11d2-b1a8-0080c72e74a2}] : (Dot4) [] -> @%SystemRoot%\system32\sysclass.dll,-3023 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{48d3ebc4-4cf8-48ff-b869-9c68ad42eb9f}] : (Replication) [] -> @c_fsreplication.inf,%ClassDesc%;FS Replication filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{49ce6ac8-6f86-11d2-b1e5-0080c72e74a2}] : (Dot4Print) [] -> @%SystemRoot%\system32\sysclass.dll,-3024 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e965-e325-11ce-bfc1-08002be10318}] : (CDROM) [] -> @%SystemRoot%\System32\StorProp.dll,-17001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e966-e325-11ce-bfc1-08002be10318}] : (Computer) [] -> @%SystemRoot%\System32\SysClass.dll,-3000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}] : (DiskDrive) [] -> @c_diskdrive.inf,%ClassDesc%;Disk drives [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}] : (Display) [] -> @c_display.inf,%ClassDesc%;Display adapters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e969-e325-11ce-bfc1-08002be10318}] : (FDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3013 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96a-e325-11ce-bfc1-08002be10318}] : (HDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96b-e325-11ce-bfc1-08002be10318}] : (Keyboard) [] -> @%SystemRoot%\System32\SysClass.Dll,-3002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96c-e325-11ce-bfc1-08002be10318}] : (MEDIA) [] -> @%SystemRoot%\System32\mmci.dll,-3000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}] : (Modem) [] -> @%SystemRoot%\System32\mdminst.dll,-14100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96e-e325-11ce-bfc1-08002be10318}] : (Monitor) [] -> @c_monitor.inf,%ClassDesc%;Monitors [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96f-e325-11ce-bfc1-08002be10318}] : (Mouse) [] -> @%SystemRoot%\System32\SysClass.Dll,-3004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e970-e325-11ce-bfc1-08002be10318}] : (MTD) [] -> @%SystemRoot%\System32\SysClass.Dll,-3021 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e971-e325-11ce-bfc1-08002be10318}] : (MultiFunction) [] -> @%SystemRoot%\System32\SysClass.Dll,-3014 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}] : (Net) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1502 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e973-e325-11ce-bfc1-08002be10318}] : (NetClient) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1504 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e974-e325-11ce-bfc1-08002be10318}] : (NetService) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1505 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e975-e325-11ce-bfc1-08002be10318}] : (NetTrans) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1503 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e977-e325-11ce-bfc1-08002be10318}] : (PCMCIA) [] -> @%SystemRoot%\System32\SysClass.Dll,-3010 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e978-e325-11ce-bfc1-08002be10318}] : (Ports) [] -> @%SystemRoot%\System32\msports.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e979-e325-11ce-bfc1-08002be10318}] : (Printer) [] -> @%SystemRoot%\system32\ntprint.dll,-1004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97b-e325-11ce-bfc1-08002be10318}] : (SCSIAdapter) [] -> @%SystemRoot%\System32\SysClass.Dll,-3005 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97d-e325-11ce-bfc1-08002be10318}] : (System) [] -> @%SystemRoot%\System32\SysClass.Dll,-3008 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97e-e325-11ce-bfc1-08002be10318}] : (Unknown) [] -> @%SystemRoot%\System32\SysClass.Dll,-3009 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e980-e325-11ce-bfc1-08002be10318}] : (FloppyDisk) [] -> @%SystemRoot%\System32\SysClass.Dll,-3015 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4fc9541c-0fe6-4480-a4f6-9495a0d17cd2}] : (HidLineDisplay) [] -> @c_linedisplay.inf,%ClassName%;POS Line Display [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50127dc3-0f36-415e-a6cc-4cb3be910b65}] : (Processor) [] -> @c_processor.inf,%ClassDesc%;Processors [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50906cb8-ba12-11d1-bf5d-0000f805f530}] : (MultiPortSerial) [] -> @%SystemRoot%\system32\sysclass.dll,-3022 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5099944a-f6b9-4057-a056-8c550228544c}] : (Memory) [] -> @%SystemRoot%\System32\SysClass.Dll,-3018 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50dd5230-ba8a-11d1-bf5d-0000f805f530}] : (SmartCardReader) [] -> @%SystemRoot%\System32\StorProp.dll,-17002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5175d334-c371-4806-b3ba-71fd53c9258d}] : (Sensor) [] -> @%SystemRoot%\system32\SensorsCpl.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{533c5b84-ec70-11d2-9505-00c04f79deaf}] : (VolumeSnapshot) [] -> @%SystemRoot%\System32\SysClass.Dll,-3011 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53487c23-680f-4585-acc3-1f10d6777e82}] : (SmrDisk) [] -> @c_smrdisk.inf,%ClassDesc%;Shingled magnetic recording disks [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53966cb1-4d46-4166-bf23-c522403cd495}] : (ScmDisk) [] -> @c_scmdisk.inf,%ClassDesc%;Persistent memory disks [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53b3cf03-8f5a-4788-91b6-d19ed9fcccbf}] : (SmrVolume) [] -> @c_smrvolume.inf,%ClassDesc%;Shingled magnetic recording volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53ccb149-e543-4c84-b6e0-bce4f6b7e806}] : (ScmVolume) [] -> @c_scmvolume.inf,%ClassDesc%;Storage Class Memory volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53d29ef7-377c-4d14-864b-eb3a85769359}] : (Biometric) [] -> @%SystemRoot%\System32\SysClass.DLL,-3028 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5630831c-06c9-4856-b327-f5d32586e060}] : (Proximity) [] -> @c_proximity.inf,%ClassDesc%;Proximity devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5989fce8-9cd0-467d-8a6a-5419e31529d4}] : (AudioProcessingObject) [] -> @c_apo.inf,%ClassDesc%;Audio Processing Objects (APOs) [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5aea001d-9372-4ed7-97f3-b79bf15a53c5}] : (OposLegacyDevice) [] -> @oposdrv.inf,%ClassName%;OPOS Legacy Device [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5c4c3332-344d-483c-8739-259e934c9cc8}] : (SoftwareComponent) [] -> @c_swcomponent.inf,%ClassDesc%;Software components [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5d1b9aaa-01e2-46af-849f-272b3f324c46}] : (FSFilterSystem) [] -> @c_fssystem.inf,%ClassDesc%;FS System filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{62f9c741-b25a-46ce-b54c-9bccce08b6f2}] : (SoftwareDevice) [] -> @c_swdevice.inf,%ClassDesc%;Software devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{645ad99b-1344-4316-837a-08a3e73db222}] : (PerceptionSimulation) [] -> @PerceptionSimulationSixDof.inf,%ClassName%;Perception Simulation Controllers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6a0a8e78-bba6-4fc4-a709-1e33cd09d67e}] : (PhysicalQuotaManagement) [] -> @c_fsphysicalquotamgmt.inf,%ClassDesc%;FS Physical quota management filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc1-810f-11d0-bec7-08002be2092f}] : (1394) [] -> @%SystemRoot%\System32\SysClass.Dll,-3016 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc5-810f-11d0-bec7-08002be2092f}] : (Infrared) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1501 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc6-810f-11d0-bec7-08002be2092f}] : (Image) [] -> @%SystemRoot%\system32\sti_ci.dll,-52 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6d807884-7d21-11cf-801c-08002be10318}] : (TapeDrive) [] -> @%SystemRoot%\System32\SysClass.Dll,-3006 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6FAE73B7-B735-4B50-A0DA-0DC2484B1F1A}] : (BasicDisplay) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{71a27cdd-812a-11d0-bec7-08002be2092f}] : (Volume) [] -> @c_volume.inf,%ClassDesc%;Storage volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{71aa14f8-6fad-4622-ad77-92bb9d7e6947}] : (ContinuousBackup) [] -> @c_fscontinuousbackup.inf,%ClassDesc%;FS Continuous backup filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{72631e54-78a4-11d0-bcf7-00aa00b7b32a}] : (Battery) [] -> @%SystemRoot%\system32\powrprof.dll,-611 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{745a17a0-74d3-11d0-b6fe-00a0c90f57da}] : (HIDClass) [] -> @%SystemRoot%\System32\hid.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{772e18f2-8925-4229-a5ac-6453cb482fda}] : (HidCashDrawer) [] -> @c_cashdrawer.inf,%ClassName%;POS Cash Drawer [HKLM\SYSTEM\CurrentControlSet\Control\Class\{78A1C341-4539-11D3-B88D-00C04FAD5171}] : (mfesapsn) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{7ebefbc0-3200-11d2-b4c2-00a0c9697d07}] : (61883) [] -> @%SystemRoot%\System32\SysClass.Dll,-3019 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{81C87465-DE07-4EFC-9D93-61E891D52FD2}] : (RdpVideoMiniport) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8503c911-a6c7-4919-8f79-5028f5866b0c}] : (QuotaManagement) [] -> @c_fsquotamgmt.inf,%ClassDesc%;FS Quota management filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{87ef9ad1-8f70-49ee-b215-ab1fcadcbe3c}] : (NetDriver) [] -> @c_netdriver.inf,%ClassDesc%;Universal Network Drivers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{88a1c342-4539-11d3-b88d-00c04fad5171}] : (TS_Generic) [] -> @ts_generic.inf,%TSClassName%;Generic Remote Desktop devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{88bae032-5a81-49f0-bc3d-a4ff138216d6}] : (USBDevice) [] -> @%SystemRoot%\System32\SysClass.Dll,-3029 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{89786ff1-9c12-402f-9c9e-17753c7f4375}] : (CopyProtection) [] -> @c_fscopyprotection.inf,%ClassDesc%;FS Copy protection filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8ecc055d-047f-11d1-a537-0000f8753ed1}] : (LegacyDriver) [] -> @%SystemRoot%\System32\SysClass.Dll,-3003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{990a2bd7-e738-46c7-b26f-1cf8fb9f1391}] : (SmartCard) [] -> @%SystemRoot%\System32\SysClass.DLL,-3031 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{9da2b80f-f89f-4a49-a5c2-511b085b9e8a}] : (EhStorSilo) [] -> @rawsilo.inf,%ClassName%;IEEE 1667 silo and control devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a588a4-c46f-4b37-b7ea-c82fe89870c6}] : (SDHost) [] -> @%SystemRoot%\System32\SysClass.Dll,-3012 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a701c0-a511-42ff-aa6c-06dc0395576f}] : (Encryption) [] -> @c_fsencryption.inf,%ClassDesc%;FS Encryption filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{A3E32DBA-BA89-4F17-8386-2D0127FBD4CC}] : (rdpbus) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{A73C93F1-9727-4D1D-ACE1-0E333BA4E7DB}] : (nvlddmkm) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b1d1a169-c54f-4379-81db-bee7d88d7454}] : (AntiVirus) [] -> @c_fsantivirus.inf,%ClassDesc%;FS Anti-virus filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b2728d24-ac56-42db-9e02-8edaf5db652f}] : (RDCamera) [] -> @rdcameradriver.inf,%ClassName%;Remote Desktop Camera devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b86dff51-a31e-4bac-b3cf-e8cfe75c9fc2}] : (ActivityMonitor) [] -> @c_fsactivitymonitor.inf,%ClassDesc%;FS Activity monitor filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{bbbe8734-08fa-4966-b6a6-4e5ad010cdd7}] : (USBFunctionController) [] -> @%SystemRoot%\System32\SysClass.Dll,-3030 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c06ff265-ae09-48f0-812c-16753d7cba83}] : (AVC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3027 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c166523c-fe0c-4a94-a586-f1a80cfbbf3e}] : (AudioEndpoint) [] -> @audioendpoint.inf,%ClassName%;Audio inputs and outputs [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c243ffbd-3afc-45e9-b3d3-2ba18bc7ebc5}] : (BarcodeScanner) [] -> @c_barcodescanner.inf,%ClassName%;POS Barcode Scanner [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c30ecea0-11ef-4ef9-b02e-6af81e6e65c0}] : (WSDPrintDevice) [] -> @wsdprint.inf,%ClassName%;WSD Print Provider [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c7bc9b22-21f0-4f0d-9bb6-66c229b8cd33}] : (POSPrinter) [] -> @c_receiptprinter.inf,%ClassName%;POS Receipt Printer [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}] : (BluetoothVirtual) [] -> @oem14.inf,%BluetoothVirtualName%;Bluetooth Virtual Devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{ca3e7ab9-b4c3-4ae6-8251-579ef933890f}] : (Camera) [] -> @c_camera.inf,%ClassDesc%;Cameras [HKLM\SYSTEM\CurrentControlSet\Control\Class\{cdcf0939-b75b-4630-bf76-80f7ba655884}] : (CFSMetadataServer) [] -> @c_fscfsmetadataserver.inf,%ClassDesc%;FS CFS metadata server filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{ce5939ae-ebde-11d0-b181-0000f8753ec4}] : (MediumChanger) [] -> @%SystemRoot%\System32\StorProp.dll,-17003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d02bc3da-0c8e-4945-9bd5-f1883c226c8c}] : (SecurityEnhancer) [] -> @c_fssecurityenhancer.inf,%ClassDesc%;FS Security enhancer filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d421b08e-6d16-41ca-9c4d-9147e5ac98e0}] : (Miracast) [] -> @miradisp.inf,%ClassName%;Miracast display devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d48179be-ec20-11d1-b6b8-00c04fa372a7}] : (SBP2) [] -> @%SystemRoot%\System32\SysClass.Dll,-3017 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d546500a-2aeb-45f6-9482-f4b1799c3177}] : (HSM) [] -> @c_fshsm.inf,%ClassDesc%;FS HSM filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d612553d-06b1-49ca-8938-e39ef80eb16f}] : (Holographic) [] -> @c_holographic.inf,%ClassName%;Mixed Reality devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d61ca365-5af4-4486-998b-9db4734c6ca3}] : (XnaComposite) [] -> @xusb22.inf,%XUSB22.ClassName%;Xbox 360 Peripherals [HKLM\SYSTEM\CurrentControlSet\Control\Class\{D8F93C3F-0DCD-4039-813F-23EA296EBBEA}] : (FTDIBUS) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d94ee5d8-d189-4994-83d2-f68d7d41b0e6}] : (SecurityDevices) [] -> @%SystemRoot%\System32\SysClass.Dll,-3020 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{db4f6ddd-9c0e-45e4-9597-78dbbad0f412}] : (SmartCardFilter) [] -> @%SystemRoot%\System32\SysClass.DLL,-3032 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e0cbf06c-cd8b-4647-bb8a-263b43f0f974}] : (Bluetooth) [] -> @%SystemRoot%\system32\bthci.dll,-4001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e2f84ce7-8efa-411c-aa69-97454ca4cb57}] : (Extension) [] -> @c_extension.inf,%ClassDesc%;Extensions [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e55fa6f9-128c-4d04-abab-630c74b1453a}] : (Infrastructure) [] -> @c_fsinfrastructure.inf,%ClassDesc%;FS Infrastructure filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e6f1aa1c-7f3b-4473-b2e8-c97d8ac71d53}] : (UCM) [] -> @c_ucm.inf,%ClassDesc%;USB Connector Managers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{eec5ad98-8080-425f-922a-dabf3de3f69a}] : (WPD) [] -> @%SystemRoot%\System32\wpd_ci.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f2e7dd72-6468-4e36-b6f1-6488f42c1b52}] : (Firmware) [] -> @c_firmware.inf,%ClassDesc%;Firmware [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f3586baf-b5aa-49b5-8d6c-0569284c639f}] : (Compression) [] -> @c_fscompression.inf,%ClassDesc%;FS Compression filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f75a86c0-10d8-4c3a-b233-ed60e4cdfaac}] : (Virtualization) [] -> @c_fsvirtualization.inf,%ClassDesc%;FS Virtualization filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f8ecafa6-66d1-41a5-899b-66585d7216b7}] : (OpenFileBackup) [] -> @c_fsopenfilebackup.inf,%ClassDesc%;FS Open file backup filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{fe8f1572-c67a-48c0-bbac-0b5c6d66cafb}] : (Undelete) [] -> @c_fsundelete.inf,%ClassDesc%;FS Undelete filters [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5] -> elstrans.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) ---------- | Loaded modules (whitelist) [06/10/2017 21:43:17] - (8.98.0.0) - (REALiX(tm) - HWiNFO AMD64 Kernel Driver) - C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [14/08/2018 11:59:18] - (24.21.13.9882) - (NVIDIA Corporation - NVIDIA Windows Kernel Mode Driver, Version 398.82) - C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_52ac7eb8f32780d5\nvlddmkm.sys [06/10/2017 21:45:43] - (10.0.0.355) - (Qualcomm Atheros Communications, Inc. - Qualcomm Atheros Extensible Wireless LAN device driver) - C:\WINDOWS\System32\drivers\athw10x.sys [06/10/2017 21:45:14] - (15.8.2.5) - (ELAN Microelectronic Corp. - ELAN SMBus Driver) - C:\WINDOWS\System32\drivers\ETDSMBus.sys [05/07/2018 17:33:51] - (4.6.0.0) - (NVIDIA Corporation - NVIDIA Virtual Audio Driver) - C:\WINDOWS\system32\drivers\nvvad64v.sys [29/10/2017 11:52:27] - (302.0.0.0) - (NVIDIA Corporation - Virtual USB Host Controller driver) - C:\WINDOWS\System32\drivers\nvvhci.sys [20/12/2016 17:55:37] - (3.4.0.0) - (Disc Soft Ltd - DAEMON Tools Lite Virtual USB Bus Driver) - C:\WINDOWS\System32\drivers\dtliteusbbus.sys [20/12/2016 17:55:32] - (5.28.0.0) - (Disc Soft Ltd - DAEMON Tools Lite Virtual SCSI Bus Driver) - C:\WINDOWS\System32\drivers\dtlitescsibus.sys [27/12/2017 21:19:35] - (6.1.7600.16385) - (Windows (R) Win 7 DDK provider - VB Virtual Audio Device) - C:\WINDOWS\system32\DRIVERS\vbaudio_vmvaio64_win7.sys [09/11/2017 05:38:54] - (1.3.37.4) - (NVIDIA Corporation - NVIDIA HDMI Audio Driver) - C:\WINDOWS\system32\drivers\nvhda64v.sys [15/08/2018 17:14:45] - (1.0.0.115) - (McAfee, Inc. - McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys ---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service S0 - [Kernel Driver] - 3ware () -> System32\drivers\3ware.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - ACPI (@acpi.inf,%ACPI.SvcDesc%;Microsoft ACPI Driver) -> System32\drivers\ACPI.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - acpiex (Microsoft ACPIEx Driver) -> System32\Drivers\acpiex.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - ADP80XX () -> System32\drivers\ADP80XX.SYS - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdsata () -> System32\drivers\amdsata.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdsbs () -> System32\drivers\amdsbs.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdxata () -> System32\drivers\amdxata.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - arcsas (@arcsas.inf,%arcsas_ServiceName%;Adaptec SAS/SATA-II RAID Storport's Miniport Driver) -> System32\drivers\arcsas.sys - AcceptPause: False - AcceptStop: False R0 - [File System Driver] - aswbidsh (aswbidsh) -> system32\drivers\aswbidsha.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - aswblog (aswblog) -> system32\drivers\aswbloga.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - aswbuniv (aswbuniv) -> system32\drivers\aswbuniva.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - aswElam (aswElam) -> system32\drivers\aswElam.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - aswRvrt (aswRvrt) -> system32\drivers\aswRvrt.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - aswVmm (aswVmm) -> system32\drivers\aswVmm.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - atapi (@mshdc.inf,%idechannel.DeviceDesc%;IDE Channel) -> System32\drivers\atapi.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - b06bdrv (@netbvbda.inf,%vbd_srv_desc%;QLogic Network Adapter VBD) -> System32\drivers\bxvbda.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - bttflt (@virtdisk.inf,%service_desc%;Microsoft Hyper-V VHDPMEM BTT Filter) -> System32\drivers\bttflt.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - cht4iscsi () -> System32\drivers\cht4sx64.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - CLFS (@%SystemRoot%\system32\drivers\clfs.sys,-100) -> System32\drivers\CLFS.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - CNG () -> System32\Drivers\cng.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - Disk (@disk.inf,%disk_ServiceDesc%;Disk Driver) -> System32\drivers\disk.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - ebdrv (@netevbda.inf,%vbd_srv_desc%;QLogic 10 Gigabit Ethernet Adapter VBD) -> System32\drivers\evbda.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - EhStorClass (@%SystemRoot%\system32\drivers\EhStorClass.sys,-100) -> System32\drivers\EhStorClass.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - EhStorTcgDrv (@ehstortcgdrv.inf,%EhStorTcgDrv.Desc%;Microsoft driver for storage devices supporting IEEE 1667 and TCG protocols) -> System32\drivers\EhStorTcgDrv.sys - AcceptPause: False - AcceptStop: False R0 - [File System Driver] - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) -> System32\drivers\fileinfo.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) -> system32\drivers\fltmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) -> System32\DRIVERS\fvevol.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - HpSAMD () -> System32\drivers\HpSAMD.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) -> System32\drivers\hwpolicy.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - iaStorA (@oem33.inf,%iaStorA.DeviceDesc%;Intel(R) Chipset SATA/PCIe RST Premium Controller) -> System32\drivers\iaStorA.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - iaStorAVC (@iastorav.inf,%iaStorAVC.DeviceDesc%;Intel Chipset SATA RAID Controller) -> System32\drivers\iaStorAVC.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - iaStorV (@iastorv.inf,%*PNP0600.DeviceDesc%;Intel RAID Controller Windows 7) -> System32\drivers\iaStorV.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - intelide () -> System32\drivers\intelide.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - intelpep (@intelpep.inf,%INTELPEP.SVCDESC%;Intel(R) Power Engine Plug-in Driver) -> System32\drivers\intelpep.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - iorate (@%SystemRoot%\system32\drivers\iorate.sys,-101) -> system32\drivers\iorate.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - isapnp () -> System32\drivers\isapnp.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - ItSas35i () -> System32\drivers\ItSas35i.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - KSecDD () -> System32\Drivers\ksecdd.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - KSecPkg () -> System32\Drivers\ksecpkg.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - LSI_SAS () -> System32\drivers\lsi_sas.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SAS2i () -> System32\drivers\lsi_sas2i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SAS3i () -> System32\drivers\lsi_sas3i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SSS () -> System32\drivers\lsi_sss.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasas () -> System32\drivers\megasas.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasas2i () -> System32\drivers\MegaSas2i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasas35i () -> System32\drivers\megasas35i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasr () -> System32\drivers\megasr.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) -> System32\drivers\mountmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - msisadrv () -> System32\drivers\msisadrv.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - Mup (@%systemroot%\system32\drivers\mup.sys,-101) -> System32\Drivers\mup.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - mvumis () -> System32\drivers\mvumis.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) -> system32\drivers\ndis.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - nvraid () -> System32\drivers\nvraid.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - nvstor () -> System32\drivers\nvstor.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) -> System32\drivers\partmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - pci (@pci.inf,%pci_svcdesc%;Pilote de bus PCI) -> System32\drivers\pci.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - pciide () -> System32\drivers\pciide.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - pcmcia () -> System32\drivers\pcmcia.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - pcw (Performance Counters for Windows Driver) -> System32\drivers\pcw.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - pdc (@%SystemRoot%\system32\drivers\pdc.sys,-100) -> system32\drivers\pdc.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - percsas2i () -> System32\drivers\percsas2i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - percsas3i () -> System32\drivers\percsas3i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - Ramdisk (Windows RAM Disk Driver) -> system32\DRIVERS\ramdisk.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - rdyboost (ReadyBoost) -> System32\drivers\rdyboost.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - sbp2port (@sbp2.inf,%sbp2_ServiceDesc%;SBP-2 Transport/Protocol Bus Driver) -> System32\drivers\sbp2port.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - scmbus (@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver) -> System32\drivers\scmbus.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - SgrmAgent (@%SystemRoot%\System32\Drivers\SgrmAgent.sys,-1001) -> system32\drivers\SgrmAgent.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - SiSRaid2 () -> System32\drivers\SiSRaid2.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - SiSRaid4 () -> System32\drivers\sisraid4.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - spaceport (@spaceport.inf,%Spaceport_ServiceDesc%;Storage Spaces Driver) -> System32\drivers\spaceport.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - stexstor () -> System32\drivers\stexstor.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storahci (@mshdc.inf,%storahci_ServiceDescription%;Microsoft Standard SATA AHCI Driver) -> System32\drivers\storahci.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storflt (@wstorflt.inf,%service_desc%;Microsoft Hyper-V Storage Accelerator) -> System32\drivers\vmstorfl.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - stornvme (@stornvme.inf,%StorNVMe_ServiceDesc%;Microsoft Standard NVM Express Driver) -> System32\drivers\stornvme.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storufs (@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver) -> System32\drivers\storufs.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storvsc () -> System32\drivers\storvsc.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - Tcpip (@%SystemRoot%\system32\drivers\tcpip.sys,-10001) -> System32\drivers\tcpip.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - vdrvroot (@vdrvroot.inf,%vdrvroot_svcdesc%;Microsoft Virtual Drive Enumerator) -> System32\drivers\vdrvroot.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - vmbus (@wvmbus.inf,%vmbus.SVCDESC%;Virtual Machine Bus) -> System32\drivers\vmbus.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - volmgr (@volmgr.inf,%volmgr_svcdesc%;Volume Manager Driver) -> System32\drivers\volmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) -> System32\drivers\volmgrx.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volsnap (@%SystemRoot%\system32\drivers\volsnap.sys,-100) -> System32\drivers\volsnap.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volume (@volume.inf,%VolumeServiceDesc%;Volume driver) -> System32\drivers\volume.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - vsmraid () -> System32\drivers\vsmraid.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - VSTXRAID (@vstxraid.inf,%Driver.DeviceDesc%;VIA StorX Storage RAID Controller Windows Driver) -> System32\drivers\vstxraid.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) -> system32\drivers\Wdf01000.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WFPLWFS (@%SystemRoot%\System32\drivers\wfplwfs.sys,-6000) -> System32\drivers\wfplwfs.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WindowsTrustedRT (Windows Trusted Execution Environment Class Extension) -> system32\drivers\WindowsTrustedRT.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WindowsTrustedRTProxy (@WindowsTrustedRTProxy.inf,%WindowsTrustedRTProxy.SVCDESC%;Microsoft Windows Trusted Runtime Secure Service) -> System32\drivers\WindowsTrustedRTProxy.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - Wof (Windows Overlay File System Filter Driver) -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) -> \SystemRoot\system32\drivers\afd.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - afunix (afunix) -> \SystemRoot\system32\drivers\afunix.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - ahcache (@%systemroot%\system32\drivers\ahcache.sys,-102) -> system32\DRIVERS\ahcache.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - aswArPot (aswArPot) -> system32\drivers\aswArPot.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - aswbidsdriver (aswbidsdriver) -> system32\drivers\aswbidsdrivera.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - aswHdsKe (aswHdsKe) -> system32\drivers\aswHdsKe.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - aswRdr (aswRdr) -> system32\drivers\aswRdr2.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - aswSnx (aswSnx) -> system32\drivers\aswSnx.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - aswSP (aswSP) -> system32\drivers\aswSP.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - bam (@%SystemRoot%\system32\drivers\bam.sys,-100) -> system32\drivers\bam.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - BasicDisplay () -> \SystemRoot\System32\drivers\BasicDisplay.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - BasicRender () -> \SystemRoot\System32\drivers\BasicRender.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Beep (Beep) -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - cdrom (@cdrom.inf,%cdrom_ServiceDesc%;CD-ROM Driver) -> \SystemRoot\System32\drivers\cdrom.sys - AcceptPause: False - AcceptStop: True S1 - [Kernel Driver] - dam (@%SystemRoot%\system32\drivers\dam.sys,-100) -> system32\drivers\dam.sys - AcceptPause: False - AcceptStop: False R1 - [File System Driver] - Dfsc (@%systemroot%\system32\wkssvc.dll,-1008) -> System32\Drivers\dfsc.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - DXGKrnl (LDDM Graphics Subsystem) -> \SystemRoot\System32\drivers\dxgkrnl.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - FileCrypt (@%systemroot%\system32\drivers\filecrypt.sys,-100) -> system32\drivers\filecrypt.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - GpuEnergyDrv (@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100) -> System32\drivers\gpuenergydrv.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - HWiNFO32 (HWiNFO32/64 Kernel Driver) -> \??\C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - Msfs () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - mssmbios (@mssmbios.inf,%mssmbios_svcdesc%;Microsoft System Management BIOS Driver) -> \SystemRoot\System32\drivers\mssmbios.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - NetBIOS (@%windir%\system32\drivers\netbios.sys,-503) -> system32\drivers\netbios.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - NetBT (@%SystemRoot%\system32\drivers\netbt.sys,-2) -> System32\DRIVERS\netbt.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - Npfs () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - npsvctrig (@npsvctrig.inf,%NPSVCTRIG.SvcDisplayName%;Named pipe service trigger provider) -> \SystemRoot\System32\drivers\npsvctrig.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) -> system32\drivers\nsiproxy.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Null () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Psched (@%windir%\System32\drivers\pacer.sys,-101) -> System32\drivers\pacer.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) -> system32\DRIVERS\rdbss.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) -> \SystemRoot\system32\DRIVERS\tdx.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - vwififlt (@%SystemRoot%\System32\drivers\vwififlt.sys,-259) -> System32\drivers\vwififlt.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - aswMonFlt (aswMonFlt) -> system32\drivers\aswMonFlt.sys - AcceptPause: False - AcceptStop: True S2 - [Kernel Driver] - aswStm (aswStm) -> system32\drivers\aswStm.sys - AcceptPause: False - AcceptStop: False R2 - [File System Driver] - CldFlt (Windows Cloud Files Filter Driver) -> system32\drivers\cldflt.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - lltdio (@%SystemRoot%\system32\lltdres.dll,-6) -> system32\drivers\lltdio.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) -> \SystemRoot\system32\drivers\luafv.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - MMCSS (@%systemroot%\system32\drivers\mmcss.sys,-100) -> \SystemRoot\system32\drivers\mmcss.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - MsLldp (@%SystemRoot%\system32\drivers\mslldp.sys,-200) -> system32\drivers\mslldp.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - Ndu (@%SystemRoot%\system32\drivers\Ndu.sys,-10001) -> system32\drivers\Ndu.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - PEAUTH (PEAUTH) -> system32\drivers\peauth.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - rspndr (@%SystemRoot%\system32\lltdres.dll,-5) -> system32\drivers\rspndr.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - srv (@%systemroot%\system32\srvsvc.dll,-102) -> System32\DRIVERS\srv.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - storqosflt (@%SystemRoot%\System32\drivers\storqosflt.sys,-101) -> system32\drivers\storqosflt.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - tcpipreg (TCP/IP Registry Compatibility) -> System32\drivers\tcpipreg.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - wcifs (@%systemroot%\system32\drivers\wcifs.sys,-100) -> \SystemRoot\system32\drivers\wcifs.sys - AcceptPause: False - AcceptStop: True ---------- | System files (Microsoft|Avast|Atheros|Adaptec|Brother|Intel Files whitelisted) ---------- | Uninstall (Whitelist) [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\GameRanger] : (GameRanger.-.GameRanger Technologies) -> C:\Users\admin\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe /uninstall [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\New LEGO Digital Designer] : (.-.) -> [HKU\S-1-5-21-984768822-1242204556-3330448555-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{V-01}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SKIDROW - Two Point Hospital] : (Two Point Hospital.-.SKIDROW) -> D:\games\Two Point Hospital\uninstall.exe [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{1444D2EE-C7AD-44A8-844F-2634B49353D1}] : (Logitech Gaming Software 5.10.-.Logitech) -> MsiExec.exe /X{1444D2EE-C7AD-44A8-844F-2634B49353D1} ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{36EAD5CF-44EF-4FCF-8BE1-D96C4835D7A4}] : (UE4 Prerequisites (x64).-.Epic Games, Inc.) -> MsiExec.exe /X{36EAD5CF-44EF-4FCF-8BE1-D96C4835D7A4} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}] : (Paint.NET v3.5.10.-.dotPDN LLC) -> MsiExec.exe /X{529125EF-E3AC-4B74-97E6-F688A7C0F1C0} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{64A3A4F4-B792-11D6-A78A-00B0D0180111}] : (Java SE Development Kit 8 Update 111 (64-bit).-.Oracle Corporation) -> MsiExec.exe /X{64A3A4F4-B792-11D6-A78A-00B0D0180111} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{A2199A06-89C4-4187-AA4A-3A9676FB799D}] : (SlimDX Runtime .NET 4.0 x64 (January 2012).-.SlimDX Group) -> MsiExec.exe /X{A2199A06-89C4-4187-AA4A-3A9676FB799D} ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel] : (NVIDIA Ansel.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel] : (Panneau de configuration NVIDIA 398.82.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus] : (NVIDIA Optimus Update 31.2.0.0.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update] : (Mises à jour NVIDIA 31.2.0.0.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer] : (DisplayDriverAnalyzer.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv] : (NVIDIA SHIELD Streaming.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer] : (NVIDIA Install Application.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvBackend] : (NVIDIA Backend.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer] : (NVIDIA Container.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.ContainerTelemetryApiHelper] : (NVIDIA TelemetryApi helper for NvContainer.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.LocalSystem] : (NVIDIA LocalSystem Container.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.MessageBus] : (NVIDIA Message Bus for NvContainer.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NetworkService] : (NVIDIA NetworkService Container.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.Session] : (NVIDIA Session Container.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.User] : (NVIDIA User Container.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainer] : (NVIDIA Display Container.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainerLS] : (NVIDIA Display Container LS.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayPluginWatchdog] : (NVIDIA Display Watchdog Plugin.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplaySessionContainer] : (NVIDIA Display Session Container.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs] : (NVIDIA NodeJS.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvPlugin.Watchdog] : (NVIDIA Watchdog Plugin for NvContainer.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry] : (NVIDIA Telemetry Client.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetryContainer] : (NVIDIA Telemetry Container.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci] : (NVIDIA Virtual Host Controller.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_OSC] : (Nvidia Share.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay] : (NVIDIA ShadowPlay 3.14.0.139.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController] : (NVIDIA SHIELD Wireless Controller Driver.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core] : (NVIDIA Update Core.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver] : (NVIDIA Virtual Audio 4.06.0.-.NVIDIA Corporation) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}] : (WIDCOMM Bluetooth Software.-.Broadcom Corporation) -> MsiExec.exe /X{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\12bbe590-c890-11d9-9669-0800200c9a66_is1] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\47f759c33d0cc269] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Call of Duty Infinite Warfare - Patch FR 1.0] : (.-.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Fraps] : (Fraps.-.) -> "D:\Fraps\uninstall.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield Uninstall Information] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\LogMeIn Hamachi] : (LogMeIn Hamachi.-.LogMeIn, Inc.) -> C:\WINDOWS\SysWOW64\\msiexec.exe /i {892DB406-ADF8-4C30-9840-8438AF5B8763} REMOVE=ALL [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Microsoft .NET Framework 1.1 (1033)] : (Microsoft .NET Framework 1.1.-.) -> msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\PrtScr_is1] : (PrtScr 1.7.-.FireStarter) -> "D:\Program Files (x86)\PrtScr\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\RAM Cheat] : (RAM Cheat.-.) -> D:\RAM Cheat\RAMCheat.exe uninst [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\The Elder Scrolls Online] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Tyranid Mod 0.5b2 for Soulstorm] : (Tyranid Mod 0.5b2 for Soulstorm.-.) -> D:\Program Files (x86)\THQ\Dawn of War - Soulstorm\TyranidsUninstall.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\VB:Voicemeeter {17359A74-1236-5467}] : (Voicemeeter, The Virtual Mixing Console.-.VB-Audio Software) -> C:\Program Files (x86)\VB\Voicemeeter\VoicemeeterProSetup.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{09AAAB09-6DBA-4DD9-9865-54597D3FBCA8}] : (Antidote 8.-.Druide informatique inc.) -> MsiExec.exe /X{09AAAB09-6DBA-4DD9-9865-54597D3FBCA8} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{12790C5E-9426-4EF5-A9AC-8ADA8F31F465}] : (Launcher MOD CSP-IRG.-.MOD CSP-IRG) -> MsiExec.exe /I{12790C5E-9426-4EF5-A9AC-8ADA8F31F465} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1A61270A-9403-11E7-86C1-005056951CAD}] : (Evernote v. 6.7.4.-.Evernote Corp.) -> MsiExec.exe /X{1A61270A-9403-11E7-86C1-005056951CAD} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}] : (Minecraft.-.Mojang) -> MsiExec.exe /X{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{209339B5-F8A6-41A3-9114-FC0679B2BC6A}] : (Driver Fusion.-.Treexy) -> MsiExec.exe /I{209339B5-F8A6-41A3-9114-FC0679B2BC6A} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{2159EE5E-FFC8-4451-9A4F-E09C591FB2BC}] : (PlayStation™Now.-.Sony Interactive Entertainment Network America LLC) -> MsiExec.exe /X{2159EE5E-FFC8-4451-9A4F-E09C591FB2BC} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F32180171F0}] : (Java 8 Update 171.-.Oracle Corporation) -> MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F32180171F0} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F32180172F0}] : (Java 8 Update 172.-.Oracle Corporation) -> MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F32180172F0} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{34B9B494-EF4A-4592-87A8-BE40D0442E86}] : (Dawn of War - Soulstorm.-.THQ) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}] : (Skype™ 7.40.-.Skype Technologies S.A.) -> MsiExec.exe /X{3B7E914A-93D5-4A29-92BB-AF8C3F66C431} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{3E1679DA-5081-44AA-B4C2-BF8EE7E107E0}] : (OpenOffice 4.1.3.-.Apache Software Foundation) -> MsiExec.exe /I{3E1679DA-5081-44AA-B4C2-BF8EE7E107E0} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{44A2E0CC-A3A2-45CA-A007-CB8BFBE7339E}] : (Epic Games Launcher.-.Epic Games, Inc.) -> MsiExec.exe /X{44A2E0CC-A3A2-45CA-A007-CB8BFBE7339E} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}] : (Java Auto Updater.-.Oracle Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{612C34C7-5E90-47D8-9B5C-0F717DD82726}] : (swMSM.-.Adobe Systems, Inc) -> MsiExec.exe /I{612C34C7-5E90-47D8-9B5C-0F717DD82726} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{68A5CFDB-E05C-46BC-B2EB-988D1E2C2444}_is1] : (MegaTrainer Ultimate version 1.4.8.1.-.MegaDev) -> "D:\Program Files (x86)\MegaDev\MegaTrainerUltimate\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{7EBD0E43-6AC0-4CA8-9990-00E50069AD29}] : (SlimDX Runtime .NET 4.0 x86 (January 2012).-.SlimDX Group) -> MsiExec.exe /X{7EBD0E43-6AC0-4CA8-9990-00E50069AD29} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{892DB406-ADF8-4C30-9840-8438AF5B8763}] : (LogMeIn Hamachi.-.LogMeIn, Inc.) -> MsiExec.exe /I{892DB406-ADF8-4C30-9840-8438AF5B8763} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{92154A3C-9BB7-49D7-A571-4EB6373FA5AD}] : (Assistant de téléchargement.-.Druide informatique inc.) -> MsiExec.exe /X{92154A3C-9BB7-49D7-A571-4EB6373FA5AD} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}] : (Google Update Helper.-.Google Inc.) -> MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-0804-1033-1959-001824272646}] : (Adobe Refresh Manager.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-0804-1033-1959-001824272646} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}] : (Adobe Acrobat Reader DC - Français.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-AC0F074E4100} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{BE027D62-0BFF-447A-82CB-B61A6EB030C3}_is1] : (CnC SGU Private Beta V2.0 TaGoAsRe B1-131223.-.Syton Entertainment) -> "C:\Program Files (x86)\Syton Entertainment\CnC Stargate Universe\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F36ED29E-33E1-48AB-95DA-2498AD41A9A0}] : (Curse.-.Curse) -> MsiExec.exe /X{F36ED29E-33E1-48AB-95DA-2498AD41A9A0} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{f761359c-9ced-45ae-9a51-9d6605cd55c4}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{V-01}] : (.-.) -> ---------- | Ports ---------- | Installer [HKCR\Installer\Products\30DE9D6CFCF60144C97B54AC82F5E911] : WIDCOMM Bluetooth Software -> C:\Windows\Installer\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}\ARPPRODUCTICON.exe [HKCR\Installer\Products\34E0DBE70CA68AC49909005E0096DA92] : SlimDX Runtime .NET 4.0 x86 (January 2012) -> C:\WINDOWS\Installer\{7EBD0E43-6AC0-4CA8-9990-00E50069AD29}\SdxIconBlack.exe [HKCR\Installer\Products\3ACB61C11CBE6F946832F8FB9BCC8C27] : Minecraft -> C:\Windows\Installer\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}\minecraft.ico [HKCR\Installer\Products\494B9B43A4FE2954788AEB040D44E268] : Dawn of War - Soulstorm [HKCR\Installer\Products\4EA42A62D9304AC4784BF2238110170F] : Java 8 Update 171 -> C:\Program Files (x86)\Java\jre1.8.0_171\\bin\javaws.exe [HKCR\Installer\Products\4EA42A62D9304AC4784BF2238110270F] : Java 8 Update 172 -> C:\Program Files (x86)\Java\jre1.8.0_172\\bin\javaws.exe [HKCR\Installer\Products\4F4A3A46297B6D117AA8000B0D811011] : Java SE Development Kit 8 Update 111 (64-bit) -> C:\Program Files\Java\jdk1.8.0_111\\bin\javaws.exe [HKCR\Installer\Products\5B9339026A8F3A141941CF60972BCBA6] : Driver Fusion -> C:\WINDOWS\Installer\{209339B5-F8A6-41A3-9114-FC0679B2BC6A}\logo_other.exe [HKCR\Installer\Products\604BD2988FDA03C489044883FAB57836] : LogMeIn Hamachi [HKCR\Installer\Products\60A9912A4C987814AAA4A36967BF97D9] : SlimDX Runtime .NET 4.0 x64 (January 2012) -> C:\WINDOWS\Installer\{A2199A06-89C4-4187-AA4A-3A9676FB799D}\SdxIconBlack.exe [HKCR\Installer\Products\68AB67CA408033019195008142726264] : Adobe Refresh Manager -> C:\WINDOWS\Installer\{AC76BA86-0804-1033-1959-001824272646}\ARPPRODUCTICON.exe [HKCR\Installer\Products\68AB67CA7DA76301B744CAF070E41400] : Adobe Acrobat Reader DC - Français -> C:\Windows\Installer\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}\SC_Reader.ico [HKCR\Installer\Products\7C43C21609E58D74B9C5F017D78D7262] : swMSM -> C:\WINDOWS\Installer\{612C34C7-5E90-47D8-9B5C-0F717DD82726}\ARPPRODUCTICON.exe [HKCR\Installer\Products\90BAAA90ABD69DD489564595D7F3CB8A] : Antidote 8 -> C:\Windows\Installer\{09AAAB09-6DBA-4DD9-9865-54597D3FBCA8}\ARPPRODUCTICON.exe [HKCR\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E] : Google Update Helper [HKCR\Installer\Products\A07216A130497E11681C00056559C1DA] : Evernote v. 6.7.4 -> C:\WINDOWS\Installer\{1A61270A-9403-11E7-86C1-005056951CAD}\Evernote.ico [HKCR\Installer\Products\A419E7B35D3992A429BBFAC8F3664C13] : Skype™ 7.40 -> C:\Windows\Installer\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}\SkypeIcon.exe [HKCR\Installer\Products\AD9761E31805AA444B2CFBE87E1E700E] : OpenOffice 4.1.3 -> C:\Windows\Installer\{3E1679DA-5081-44AA-B4C2-BF8EE7E107E0}\soffice.ico [HKCR\Installer\Products\C3A451297BB97D945A17E46B73F35ADA] : Assistant de téléchargement -> C:\Windows\Installer\{92154A3C-9BB7-49D7-A571-4EB6373FA5AD}\ARPPRODUCTICON.exe [HKCR\Installer\Products\CC0E2A442A3AAC540A70BCB8BF7E33E9] : Epic Games Launcher -> C:\WINDOWS\Installer\{44A2E0CC-A3A2-45CA-A007-CB8BFBE7339E}\Installer.ico [HKCR\Installer\Products\E5C0972162495FE49ACAA8ADF8134F56] : Launcher MOD CSP-IRG -> C:\WINDOWS\Installer\{12790C5E-9426-4EF5-A9AC-8ADA8F31F465}\_853F67D554F05449430E7E.exe [HKCR\Installer\Products\E5EE95128CFF1544A9F40EC995F12BCB] : PlayStation™Now -> C:\WINDOWS\Installer\{2159EE5E-FFC8-4451-9A4F-E09C591FB2BC}\psnow.exe [HKCR\Installer\Products\EE2D4441DA7C8A4448F462434B39351D] : Logitech Gaming Software 5.10 -> C:\WINDOWS\Installer\{1444D2EE-C7AD-44A8-844F-2634B49353D1}\ARPPRODUCTICON.exe [HKCR\Installer\Products\F60730A4A66673047777F5728467D401] : Java Auto Updater [HKCR\Installer\Products\FC5DAE63FE44FCF4B81E9DC684537D4A] : UE4 Prerequisites (x64) -> C:\WINDOWS\Installer\{36EAD5CF-44EF-4FCF-8BE1-D96C4835D7A4}\Setup.ico [HKCR\Installer\Products\FE521925CA3E47B4796E6F887A0C1F0C] : Paint.NET v3.5.10 -> C:\WINDOWS\Installer\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}\_853F67D554F05449430E7E.exe ---------- | ADS ---------- | Drives ---------- | MBR 64 bits not supported by MBR.exe, Dump : C:\QuickDiag\MBR.Bin ---------- | 20 LastEventLog Error: Failed to add firewall exception for D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe ------------ Nom de l’application défaillante ATKEX_cmd.exe, version : 0.0.0.0, horodatage : 0x00000000 Nom du module défaillant : KERNELBASE.dll, version : 10.0.17134.165, horodatage : 0xfa43f4b2 Code d’exception : 0x0eedfade Décalage d’erreur : 0x0010ddc2 ID du processus défaillant : 0x5c0 Heure de début de l’application défaillante : 0x01d440a959cb5768 Chemin d’accès de l’application défaillante : C:\Program Files\Realtek\Audio\HDA\ATKEX_cmd.exe Chemin d’accès du module défaillant: C:\WINDOWS\System32\KERNELBASE.dll ID de rapport : eaa59823-e329-43a3-96a6-a4de8d942699 Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Nom de l’application défaillante ATKEX_cmd.exe, version : 0.0.0.0, horodatage : 0x00000000 Nom du module défaillant : KERNELBASE.dll, version : 10.0.17134.165, horodatage : 0xfa43f4b2 Code d’exception : 0x0eedfade Décalage d’erreur : 0x0010ddc2 ID du processus défaillant : 0x5c0 Heure de début de l’application défaillante : 0x01d440a959cb5768 Chemin d’accès de l’application défaillante : C:\Program Files\Realtek\Audio\HDA\ATKEX_cmd.exe Chemin d’accès du module défaillant: C:\WINDOWS\System32\KERNELBASE.dll ID de rapport : a1117f73-c098-4499-93a1-f8cda4253928 Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Nom de l’application défaillante backgroundTaskHost.exe, version : 10.0.17134.1, horodatage : 0xcb43d9c5 Nom du module défaillant : twinapi.appcore.dll, version : 10.0.17134.137, horodatage : 0xb5d50228 Code d’exception : 0xc000027b Décalage d’erreur : 0x000000000009cad5 ID du processus défaillant : 0x214c Heure de début de l’application défaillante : 0x01d440a9559f640e Chemin d’accès de l’application défaillante : C:\WINDOWS\system32\backgroundTaskHost.exe Chemin d’accès du module défaillant: C:\Windows\System32\twinapi.appcore.dll ID de rapport : 718939c5-977e-4686-8496-c6fa685e320c Nom complet du package défaillant : Microsoft.Wallet_2.2.18065.0_x64__8wekyb3d8bbwe ID de l’application relative au package défaillant : App ------------ Nom de l’application défaillante ATKEX_cmd.exe, version : 0.0.0.0, horodatage : 0x00000000 Nom du module défaillant : KERNELBASE.dll, version : 10.0.17134.165, horodatage : 0xfa43f4b2 Code d’exception : 0x0eedfade Décalage d’erreur : 0x0010ddc2 ID du processus défaillant : 0x200c Heure de début de l’application défaillante : 0x01d440a958009d23 Chemin d’accès de l’application défaillante : C:\Program Files\Realtek\Audio\HDA\ATKEX_cmd.exe Chemin d’accès du module défaillant: C:\WINDOWS\System32\KERNELBASE.dll ID de rapport : 40f50bcc-fdad-4b35-a174-4395ae09d1a3 Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Nom de l’application défaillante ATKEX_cmd.exe, version : 0.0.0.0, horodatage : 0x00000000 Nom du module défaillant : KERNELBASE.dll, version : 10.0.17134.165, horodatage : 0xfa43f4b2 Code d’exception : 0x0eedfade Décalage d’erreur : 0x0010ddc2 ID du processus défaillant : 0x200c Heure de début de l’application défaillante : 0x01d440a958009d23 Chemin d’accès de l’application défaillante : C:\Program Files\Realtek\Audio\HDA\ATKEX_cmd.exe Chemin d’accès du module défaillant: C:\WINDOWS\System32\KERNELBASE.dll ID de rapport : 196b111e-2eff-477c-aa0f-07dbcc9d70f5 Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Nom de l’application défaillante backgroundTaskHost.exe, version : 10.0.17134.1, horodatage : 0xcb43d9c5 Nom du module défaillant : biwinrt.dll, version : 10.0.17134.1, horodatage : 0x695175ab Code d’exception : 0xc000027b Décalage d’erreur : 0x000000000000e5b7 ID du processus défaillant : 0x2180 Heure de début de l’application défaillante : 0x01d440a955a10885 Chemin d’accès de l’application défaillante : C:\WINDOWS\system32\backgroundTaskHost.exe Chemin d’accès du module défaillant: C:\Windows\System32\biwinrt.dll ID de rapport : 8bf2bde4-4bd4-4166-8366-2edd54a0030e Nom complet du package défaillant : Microsoft.Windows.Cortana_1.10.7.17134_neutral_neutral_cw5n1h2txyewy ID de l’application relative au package défaillant : CortanaUI ------------ Nom de l’application défaillante backgroundTaskHost.exe, version : 10.0.17134.1, horodatage : 0xcb43d9c5 Nom du module défaillant : twinapi.appcore.dll, version : 10.0.17134.137, horodatage : 0xb5d50228 Code d’exception : 0xc000027b Décalage d’erreur : 0x000000000009cad5 ID du processus défaillant : 0x18d8 Heure de début de l’application défaillante : 0x01d440a95052fa7d Chemin d’accès de l’application défaillante : C:\WINDOWS\system32\backgroundTaskHost.exe Chemin d’accès du module défaillant: C:\Windows\System32\twinapi.appcore.dll ID de rapport : 56a4ab73-ea96-49f3-9dff-e290556e1239 Nom complet du package défaillant : Microsoft.People_10.1807.2131.0_x64__8wekyb3d8bbwe ID de l’application relative au package défaillant : x4c7a3b7dy2188y46d4ya362y19ac5a5805e5x ------------ Nom de l’application défaillante backgroundTaskHost.exe, version : 10.0.17134.1, horodatage : 0xcb43d9c5 Nom du module défaillant : biwinrt.dll, version : 10.0.17134.1, horodatage : 0x695175ab Code d’exception : 0xc000027b Décalage d’erreur : 0x000000000000e5b7 ID du processus défaillant : 0x18d8 Heure de début de l’application défaillante : 0x01d440a95052fa7d Chemin d’accès de l’application défaillante : C:\WINDOWS\system32\backgroundTaskHost.exe Chemin d’accès du module défaillant: C:\Windows\System32\biwinrt.dll ID de rapport : 1c2607c1-034d-4b66-b0c8-c49615cd9450 Nom complet du package défaillant : Microsoft.People_10.1807.2131.0_x64__8wekyb3d8bbwe ID de l’application relative au package défaillant : x4c7a3b7dy2188y46d4ya362y19ac5a5805e5x ------------ Nom de l’application défaillante ShellExperienceHost.exe, version : 10.0.17134.1, horodatage : 0x5ace103a Nom du module défaillant : Windows.UI.Xaml.dll, version : 10.0.17134.81, horodatage : 0x4f4899f8 Code d’exception : 0xc000027b Décalage d’erreur : 0x00000000006a4e02 ID du processus défaillant : 0x2bf8 Heure de début de l’application défaillante : 0x01d44062abfed09a Chemin d’accès de l’application défaillante : C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe Chemin d’accès du module défaillant: C:\Windows\System32\Windows.UI.Xaml.dll ID de rapport : 03fab7e4-b64e-4c69-b50c-03e7029903f6 Nom complet du package défaillant : Microsoft.Windows.ShellExperienceHost_10.0.17134.112_neutral_neutral_cw5n1h2txyewy ID de l’application relative au package défaillant : App ------------ Nom de l’application défaillante CHXSmartScreen.exe, version : 10.0.17134.1, horodatage : 0x5ace1159 Nom du module défaillant : edgehtml.dll, version : 11.0.17134.228, horodatage : 0x5b38eec2 Code d’exception : 0x80070005 Décalage d’erreur : 0x0000000000519919 ID du processus défaillant : 0x13e4 Heure de début de l’application défaillante : 0x01d44090285e2b77 Chemin d’accès de l’application défaillante : C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe Chemin d’accès du module défaillant: C:\WINDOWS\SYSTEM32\edgehtml.dll ID de rapport : 94af8bbc-289f-4f38-99d0-550a9c9ededf Nom complet du package défaillant : Microsoft.Windows.Apprep.ChxApp_1000.17134.1.0_neutral_neutral_cw5n1h2txyewy ID de l’application relative au package défaillant : App ------------ Erreur lors de la mise à jour du statut (unknown) vers SECURITY_PRODUCT_STATE_ON. ------------ Erreur lors de la mise à jour du statut (unknown) vers SECURITY_PRODUCT_STATE_ON. ------------ Nom de l’application défaillante CHXSmartScreen.exe, version : 10.0.17134.1, horodatage : 0x5ace1159 Nom du module défaillant : edgehtml.dll, version : 11.0.17134.228, horodatage : 0x5b38eec2 Code d’exception : 0x80070005 Décalage d’erreur : 0x0000000000519919 ID du processus défaillant : 0x12e0 Heure de début de l’application défaillante : 0x01d44090048bc62b Chemin d’accès de l’application défaillante : C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe Chemin d’accès du module défaillant: C:\WINDOWS\SYSTEM32\edgehtml.dll ID de rapport : d5f8b902-7510-426f-909c-ddb8bc59c705 Nom complet du package défaillant : Microsoft.Windows.Apprep.ChxApp_1000.17134.1.0_neutral_neutral_cw5n1h2txyewy ID de l’application relative au package défaillant : App ------------ Nom de l’application défaillante CHXSmartScreen.exe, version : 10.0.17134.1, horodatage : 0x5ace1159 Nom du module défaillant : edgehtml.dll, version : 11.0.17134.228, horodatage : 0x5b38eec2 Code d’exception : 0x80070005 Décalage d’erreur : 0x0000000000519919 ID du processus défaillant : 0x2744 Heure de début de l’application défaillante : 0x01d4408fff9c8894 Chemin d’accès de l’application défaillante : C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe Chemin d’accès du module défaillant: C:\WINDOWS\SYSTEM32\edgehtml.dll ID de rapport : d10b7ff2-ab3c-4818-829a-81802262583c Nom complet du package défaillant : Microsoft.Windows.Apprep.ChxApp_1000.17134.1.0_neutral_neutral_cw5n1h2txyewy ID de l’application relative au package défaillant : App ------------ Nom de l’application défaillante ShellExperienceHost.exe, version : 10.0.17134.1, horodatage : 0x5ace103a Nom du module défaillant : twinapi.appcore.dll, version : 10.0.17134.137, horodatage : 0xb5d50228 Code d’exception : 0xc000027b Décalage d’erreur : 0x000000000009cad5 ID du processus défaillant : 0xe84 Heure de début de l’application défaillante : 0x01d440617bdb1775 Chemin d’accès de l’application défaillante : C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe Chemin d’accès du module défaillant: C:\Windows\System32\twinapi.appcore.dll ID de rapport : d358ba7c-f538-4558-a223-1b1cd3415ff7 Nom complet du package défaillant : Microsoft.Windows.ShellExperienceHost_10.0.17134.112_neutral_neutral_cw5n1h2txyewy ID de l’application relative au package défaillant : App ------------ Nom de l’application défaillante ATKEX_cmd.exe, version : 0.0.0.0, horodatage : 0x00000000 Nom du module défaillant : KERNELBASE.dll, version : 10.0.17134.165, horodatage : 0xfa43f4b2 Code d’exception : 0x0eedfade Décalage d’erreur : 0x0010ddc2 ID du processus défaillant : 0x22ec Heure de début de l’application défaillante : 0x01d4406185982703 Chemin d’accès de l’application défaillante : C:\Program Files\Realtek\Audio\HDA\ATKEX_cmd.exe Chemin d’accès du module défaillant: C:\WINDOWS\System32\KERNELBASE.dll ID de rapport : b9605564-f75f-4fcf-9ca4-f47bb3e345b7 Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Nom de l’application défaillante ATKEX_cmd.exe, version : 0.0.0.0, horodatage : 0x00000000 Nom du module défaillant : KERNELBASE.dll, version : 10.0.17134.165, horodatage : 0xfa43f4b2 Code d’exception : 0x0eedfade Décalage d’erreur : 0x0010ddc2 ID du processus défaillant : 0x22ec Heure de début de l’application défaillante : 0x01d4406185982703 Chemin d’accès de l’application défaillante : C:\Program Files\Realtek\Audio\HDA\ATKEX_cmd.exe Chemin d’accès du module défaillant: C:\WINDOWS\System32\KERNELBASE.dll ID de rapport : ff2423c0-a9fa-4c0e-91ac-d0b785bb0f16 Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Nom de l’application défaillante ATKEX_cmd.exe, version : 0.0.0.0, horodatage : 0x00000000 Nom du module défaillant : KERNELBASE.dll, version : 10.0.17134.165, horodatage : 0xfa43f4b2 Code d’exception : 0x0eedfade Décalage d’erreur : 0x0010ddc2 ID du processus défaillant : 0x211c Heure de début de l’application défaillante : 0x01d44061830cbd49 Chemin d’accès de l’application défaillante : C:\Program Files\Realtek\Audio\HDA\ATKEX_cmd.exe Chemin d’accès du module défaillant: C:\WINDOWS\System32\KERNELBASE.dll ID de rapport : 7c3b0681-a8fe-43ee-879c-df081f2e77eb Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ ----------( EOF)---------- - 5237 | 23:45:34