--------------- QuickDiag | g3n-h@ckm@n | V5_01.11.19.1 --------------- ----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 27/12/2019 23:07:43 Updated 01/11/2019 | 14:35 (GMT) by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Time Zone : (UTC+01:00) Bruxelles, Copenhague, Madrid, Paris [User (Administrator)] - [BEN] (S-1-5-21-3917520454-1897002642-3725866607-1001) System: Microsoft Windows 10 Famille - - (10.0.18363) - BuildType: Multiprocessor Free - OSLanguage: 1036 (040c) -> (1909) System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True Boot : Microsoft Windows 10 Famille|C:\WINDOWS|\Device\Harddisk0\Partition5 Boot : Normal boot PC: 10140 - LENOVO - IdNumber: ES14038083 - UUID: B6709D04-16C1-11E5-A98C-1F1F0BA21900 Processor : X64 - 3492 Mhz - Intel(R) Core(TM) i7-4770K CPU @ 3.50GHz IIKT26AUS - en|US|iso8859-1 - LENOVO - S/N: ES14038083 - IIKT26AUS - LENOVO - 1260 CoreTemp : 29.8 Celsius ----------| Quick ---------- | SoundDevice Realtek High Definition Audio - Status: OK - Manufacturer: Realtek - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0892&SUBSYS_17AA3681&REV_1003\4&AFF7042&0&0001 NVIDIA High Definition Audio - Status: OK - Manufacturer: NVIDIA - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10DE&DEV_0071&SUBSYS_10DE1131&REV_1001\5&7F29285&0&0001 NVIDIA Virtual Audio Device (Wave Extensible) (WDM) - Status: OK - Manufacturer: NVIDIA - PNPDeviceID: ROOT\UNNAMED_DEVICE\0000 ---------- | Video NVIDIA GeForce GTX 970 - Resolution: 1920x1080 - Colors: 4294967296 - RefreshRate: 143 - 32 Bits Per Pixel - DeviceID: VideoController1 - Drivers: C:\WINDOWS\System32\DriverStore\FileRepository\nv_desktop_ref4i.inf_amd64_8e9ea337ab83d6e3\nvldumdx.dll,C:\WINDOWS\System32\DriverStore\FileRepository\nv_desktop_ref4i.inf_amd64_8e9ea337ab83d6e3\nvldumdx.dll,C:\WINDOWS\System32\DriverStore\FileRepository\nv_desktop_ref4i.inf_amd64_8e9ea337ab83d6e3\nvldumdx.dll,C:\WINDOWS\System32\DriverStore\FileRepository\nv_desktop_ref4i.inf_amd64_8e9ea337ab83d6e3\nvldumdx.dll - PNPDeviceID: PCI\VEN_10DE&DEV_13C2&SUBSYS_113110DE&REV_A1\4&27F129E2&0&0008 - AdapterCompatibility: NVIDIA - RAM: -1048576 Inegrated Video Chipset DeviceName: NVIDIA GeForce GTX 970 - DriverVersion: 26.21.14.4166 - SpecificationVersion: 1025 ---------- | Codecs C:\WINDOWS\system32\MSYUV.DLL - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 27648 - Manufacturer: Microsoft Corporation - Status: OK C:\WINDOWS\system32\L3CODECA.ACM - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 92672 - Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK C:\WINDOWS\system32\IMAADP32.ACM - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 36920 - Manufacturer: Microsoft Corporation - Status: OK C:\WINDOWS\system32\MSVIDC32.DLL - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 39424 - Manufacturer: Microsoft Corporation - Status: OK C:\WINDOWS\system32\MSRLE32.DLL - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 17920 - Manufacturer: Microsoft Corporation - Status: OK C:\WINDOWS\system32\TSBYUV.DLL - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 16896 - Manufacturer: Microsoft Corporation - Status: OK C:\WINDOWS\system32\MSG711.ACM - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 26056 - Manufacturer: Microsoft Corporation - Status: OK C:\WINDOWS\system32\MSADP32.ACM - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 34808 - Manufacturer: Microsoft Corporation - Status: OK C:\WINDOWS\system32\IYUV_32.DLL - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 54272 - Manufacturer: Microsoft Corporation - Status: OK C:\WINDOWS\system32\MSGSM32.ACM - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 42600 - Manufacturer: Microsoft Corporation - Status: OK ---------- | Memory Pagefile = Total (MB) : 38482 | Free (MB) : 31945 Virtual = Total (MB) : 4194 | Free (MB) : 3891 Physical Memory (MB) -------------------- Total: 32716 Available: 27045 Cached: 26335 Free: 1199 Kernel Memory (MB) ------------------ Paged: 699 Nonpaged: 500 System ------ Handles: 73923 Processes: 172 Threads: 2380 ---------- | SID Users Administrateur : [S-1-5-21-3917520454-1897002642-3725866607-500] DefaultAccount : [S-1-5-21-3917520454-1897002642-3725866607-503] Invité : [S-1-5-21-3917520454-1897002642-3725866607-501] User : [S-1-5-21-3917520454-1897002642-3725866607-1001] WDAGUtilityAccount : [S-1-5-21-3917520454-1897002642-3725866607-504] Administrateurs : [S-1-5-32-544] Administrateurs Hyper-V : [S-1-5-32-578] IIS_IUSRS : [S-1-5-32-568] Invités : [S-1-5-32-546] Lecteurs des journaux d’événements : [S-1-5-32-573] System Managed Accounts Group : [S-1-5-32-581] Utilisateurs : [S-1-5-32-545] Utilisateurs de gestion à distance : [S-1-5-32-580] Utilisateurs de l’Analyseur de performances : [S-1-5-32-558] Utilisateurs du journal de performances : [S-1-5-32-559] Utilisateurs du modèle COM distribué : [S-1-5-32-562] WinRMRemoteWMIUsers__ : [S-1-5-21-3917520454-1897002642-3725866607-1000] ---------- | Drives C:\ -> [Fixed] | [Windows8_OS] | Total : 3699.27 Go | Free : 388 Go -> NTFS [RAID] Drive: 0 Cylinders: 486401 Tracks per Cylinder: 255 Sectors per Track: 63 Bytes per Sector: 512 Total Space: 4000792444928 bytes ---------- | Windows updates - Activation - License W.A.T : :) Test 1 : Windows Is Activated Volume License ---------- | Browsers IE : 11.0.18362.1 (© Microsoft Corporation. Tous droits réservés.) GC : 79.0.3945.88 (Copyright 2019 Google LLC.) Default : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" ---------- | FlashPlayer FlashPlayer ActiveX : 32.0.0.255 FlashPlayer Plugin : 32.0.0.142 ---------- | Security AV : Windows Defender Disabled AS : Avast Antivirus Enabled FW : WINDOWS Firewall WMI : OK WU: Windows Update Service [Manual(3)] = stopped AS: Windows Defender [Manual(3)] = stopped WMI: Windows Management Instrumentation [Auto(2)] = Running ---------- | Running processes 472 | [Owner : Système | Parent : 4(System) | ?????] - (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (10.0.18362.329) = C:\Windows\System32\smss.exe [03/10/2019 23:53:15] CPU Usage:0 % 740 | [Owner : Système | Parent : 732() | ?????] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (10.0.18362.1) = C:\Windows\System32\csrss.exe [19/03/2019 05:44:35] CPU Usage:0 % 832 | [Owner : Système | Parent : 732() | ?????] - (.Microsoft Corporation - Application de démarrage de Windows.) - (10.0.18362.387) = C:\Windows\System32\wininit.exe [04/10/2019 02:44:17] CPU Usage:0 % 844 | [Owner : Système | Parent : 824() | ?????] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (10.0.18362.1) = C:\Windows\System32\csrss.exe [19/03/2019 05:44:35] CPU Usage:0 % 908 | [Owner : Système | Parent : 832(wininit.exe) | ?????] - (.Microsoft Corporation - Applications Services et Contrôleur.) - (10.0.18362.535) = C:\Windows\System32\services.exe [12/12/2019 21:51:01] CPU Usage:0 % 924 | [Owner : Système | Parent : 832(wininit.exe) | 20.28 Mo] - (.Microsoft Corporation - Local Security Authority Process.) - (10.0.18362.1) = C:\Windows\System32\lsass.exe [19/03/2019 05:44:36] CPU Usage:0 % 1000 | [Owner : Système | Parent : 824() | 12.18 Mo] - (.Microsoft Corporation - Application d’ouverture de session Windows.) - (10.0.18362.449) = C:\Windows\System32\winlogon.exe [13/11/2019 16:12:00] CPU Usage:0 % 640 | [Owner : Système | Parent : 908(services.exe) | 4.01 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 05:44:33] CPU Usage:0 % 828 | [Owner : Système | Parent : 908(services.exe) | 27.57 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 05:44:33] CPU Usage:0 % 8 | [Owner : UMFD-0 | Parent : 832(wininit.exe) | 4.08 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.18362.535) = C:\Windows\System32\fontdrvhost.exe [12/12/2019 21:51:02] CPU Usage:0 % 720 | [Owner : UMFD-1 | Parent : 1000(winlogon.exe) | 16.12 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.18362.535) = C:\Windows\System32\fontdrvhost.exe [12/12/2019 21:51:02] CPU Usage:0 % 1100 | [Owner : SERVICE RÉSEAU | Parent : 908(services.exe) | 15.4 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 05:44:33] CPU Usage:0 % 1144 | [Owner : Système | Parent : 908(services.exe) | 8.49 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 05:44:33] CPU Usage:0 % 1228 | [Owner : DWM-1 | Parent : 1000(winlogon.exe) | 80.54 Mo] - (.Microsoft Corporation - Gestionnaire de fenêtres du Bureau.) - (10.0.18362.387) = C:\Windows\System32\dwm.exe [04/10/2019 02:44:14] CPU Usage:0 % 1360 | [Owner : SERVICE LOCAL | Parent : 908(services.exe) | 6.77 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 05:44:33] CPU Usage:0 % 1384 | [Owner : SERVICE LOCAL | Parent : 908(services.exe) | 6.1 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 05:44:33] CPU Usage:0 % 1440 | [Owner : Système | Parent : 908(services.exe) | 11.18 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 05:44:33] CPU Usage:0 % 1452 | [Owner : SERVICE LOCAL | Parent : 908(services.exe) | 12.36 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 05:44:33] CPU Usage:0 % 1472 | [Owner : Système | Parent : 908(services.exe) | 16.31 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 05:44:33] CPU Usage:0 % 1608 | [Owner : Système | Parent : 908(services.exe) | 6.09 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 05:44:33] CPU Usage:0 % 1628 | [Owner : Système | Parent : 908(services.exe) | 12.29 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 05:44:33] CPU Usage:0 % 1660 | [Owner : SERVICE LOCAL | Parent : 908(services.exe) | 17.96 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 05:44:33] CPU Usage:0 % 1784 | [Owner : SERVICE LOCAL | Parent : 908(services.exe) | 7.42 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 05:44:33] CPU Usage:0 % 1880 | [Owner : SERVICE LOCAL | Parent : 908(services.exe) | 9.33 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 05:44:33] CPU Usage:0 % 1928 | [Owner : SERVICE LOCAL | Parent : 908(services.exe) | 7.75 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 05:44:33] CPU Usage:0 % 1940 | [Owner : SERVICE LOCAL | Parent : 908(services.exe) | 11.88 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 05:44:33] CPU Usage:0 % 2028 | [Owner : Système | Parent : 908(services.exe) | 19.48 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.19.2722.8896) = C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [11/06/2017 21:38:56] CPU Usage:0 % 1348 | [Owner : SERVICE RÉSEAU | Parent : 908(services.exe) | 12.12 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 05:44:33] CPU Usage:0 % 1796 | [Owner : SERVICE RÉSEAU | Parent : 908(services.exe) | 9.72 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 05:44:33] CPU Usage:0 % 2164 | [Owner : SERVICE LOCAL | Parent : 908(services.exe) | 9.11 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 05:44:33] CPU Usage:0 % 2264 | [Owner : SERVICE LOCAL | Parent : 908(services.exe) | 7.52 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 05:44:33] CPU Usage:0 % 2368 | [Owner : Système | Parent : 908(services.exe) | 10.98 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 05:44:33] CPU Usage:0 % 2444 | [Owner : Système | Parent : 908(services.exe) | 167.89 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 05:44:33] CPU Usage:0 % 2452 | [Owner : Système | Parent : 908(services.exe) | 5.89 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 05:44:33] CPU Usage:0 % 2460 | [Owner : SERVICE LOCAL | Parent : 908(services.exe) | 7.94 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 05:44:33] CPU Usage:0 % 2468 | [Owner : Système | Parent : 908(services.exe) | ?????] - (.AVAST Software - Avast Antivirus remediation exe.) - (19.8.4793.0) = C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [08/10/2019 19:36:55] CPU Usage:0 % 2640 | [Owner : Système | Parent : 908(services.exe) | 8.51 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 05:44:33] CPU Usage:0 % 2664 | [Owner : Système | Parent : 908(services.exe) | 22.01 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 05:44:33] CPU Usage:0 % 2720 | [Owner : Système | Parent : 2028(NVDisplay.Container.exe) | 63.22 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.19.2722.8896) = C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [11/06/2017 21:38:56] CPU Usage:0 % 2836 | [Owner : Système | Parent : 908(services.exe) | 8.7 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 05:44:33] CPU Usage:0 % 2844 | [Owner : SERVICE LOCAL | Parent : 908(services.exe) | 9.08 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 05:44:33] CPU Usage:0 % 2796 | [Owner : Système | Parent : 828(svchost.exe) | 10.58 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.18362.1) = C:\Windows\System32\wbem\WmiPrvSE.exe [19/03/2019 05:44:00] CPU Usage:0 % 3148 | [Owner : SERVICE LOCAL | Parent : 908(services.exe) | 14.41 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 05:44:33] CPU Usage:0 % 3220 | [Owner : Système | Parent : 908(services.exe) | 18.28 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 05:44:33] CPU Usage:0 % 3532 | [Owner : User | Parent : 2368(svchost.exe) | 31.16 Mo] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.18362.1) = C:\Windows\System32\sihost.exe [19/03/2019 05:44:12] CPU Usage:0 % 3568 | [Owner : User | Parent : 908(services.exe) | 25.62 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 05:44:33] CPU Usage:0 % 3632 | [Owner : User | Parent : 908(services.exe) | 35.78 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 05:44:33] CPU Usage:0 % 3640 | [Owner : Système | Parent : 908(services.exe) | 13.85 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 05:44:33] CPU Usage:0 % 3848 | [Owner : Système | Parent : 908(services.exe) | 8.24 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 05:44:33] CPU Usage:0 % 3880 | [Owner : User | Parent : 3848(svchost.exe) | 22.41 Mo] - (.Microsoft Corporation - Chargeur CTF.) - (10.0.18362.1) = C:\Windows\System32\ctfmon.exe [19/03/2019 05:44:33] CPU Usage:0 % 4032 | [Owner : User | Parent : 1472(svchost.exe) | 15.87 Mo] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.18362.387) = C:\Windows\System32\taskhostw.exe [04/10/2019 02:44:15] CPU Usage:0 % 3076 | [Owner : SERVICE LOCAL | Parent : 908(services.exe) | 10.37 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 05:44:33] CPU Usage:0 % 3104 | [Owner : SERVICE LOCAL | Parent : 908(services.exe) | 6.67 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 05:44:33] CPU Usage:0 % 2820 | [Owner : Système | Parent : 908(services.exe) | 18.33 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 05:44:33] CPU Usage:0 % 4104 | [Owner : Système | Parent : 908(services.exe) | 14.84 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 05:44:33] CPU Usage:0 % 4128 | [Owner : Système | Parent : 908(services.exe) | ?????] - (.AVAST Software - Avast Antivirus Service.) - (19.8.4793.0) = C:\Program Files\AVAST Software\Avast\AvastSvc.exe [08/10/2019 19:36:55] CPU Usage:0 % 4376 | [Owner : Système | Parent : 908(services.exe) | 16 Mo] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.18362.476) = C:\Windows\System32\spoolsv.exe [13/11/2019 16:10:31] CPU Usage:0 % 4404 | [Owner : SERVICE LOCAL | Parent : 908(services.exe) | 20.28 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 05:44:33] CPU Usage:0 % 4452 | [Owner : Système | Parent : 908(services.exe) | 7.8 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 05:44:33] CPU Usage:0 % 4512 | [Owner : SERVICE RÉSEAU | Parent : 908(services.exe) | 8.45 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 05:44:33] CPU Usage:0 % 4540 | [Owner : SERVICE LOCAL | Parent : 908(services.exe) | 9.71 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 05:44:33] CPU Usage:0 % 4620 | [Owner : Système | Parent : 908(services.exe) | 7.03 Mo] - (.- The non-sucking service manager.) - (2.24.0.74) = C:\ProgramData\myCANAL\nssm.exe [10/12/2018 09:57:32] CPU Usage:0 % 4632 | [Owner : Système | Parent : 908(services.exe) | 3.52 Mo] - (.-.) - (0.0.0.0) = C:\Windows\jmesoft\Service.exe [19/06/2015 18:19:01] CPU Usage:0 % 4644 | [Owner : Système | Parent : 908(services.exe) | 33.85 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 05:44:33] CPU Usage:0 % 4660 | [Owner : Système | Parent : 908(services.exe) | 41.12 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.19.2734.4859) = C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [24/05/2018 20:24:23] CPU Usage:0 % 4668 | [Owner : Système | Parent : 908(services.exe) | 8.2 Mo] - (.Intel(R) Corporation - Intel(R) Capability Licensing Service Interface.) - (1.31.8.1) = C:\Program Files\Intel\iCLS Client\HeciServer.exe [27/08/2013 13:32:14] CPU Usage:0 % 4676 | [Owner : Système | Parent : 908(services.exe) | 6.36 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 05:44:33] CPU Usage:0 % 4688 | [Owner : SERVICE RÉSEAU | Parent : 908(services.exe) | 15.43 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 05:44:33] CPU Usage:0 % 4704 | [Owner : SERVICE LOCAL | Parent : 908(services.exe) | 33.31 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 05:44:33] CPU Usage:0 % 4712 | [Owner : Système | Parent : 908(services.exe) | 17.13 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 05:44:33] CPU Usage:0 % 4740 | [Owner : Système | Parent : 908(services.exe) | 6.92 Mo] - (.-.) - (0.0.0.0) = C:\Windows\SysWOW64\PnkBstrA.exe [09/01/2017 18:57:43] CPU Usage:0 % 4768 | [Owner : SERVICE LOCAL | Parent : 908(services.exe) | 6.71 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 05:44:33] CPU Usage:0 % 4776 | [Owner : Système | Parent : 908(services.exe) | 5.68 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 05:44:33] CPU Usage:0 % 4784 | [Owner : Système | Parent : 908(services.exe) | 20.77 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 05:44:33] CPU Usage:0 % 4792 | [Owner : Système | Parent : 908(services.exe) | 9.17 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 05:44:33] CPU Usage:0 % 4816 | [Owner : SERVICE LOCAL | Parent : 908(services.exe) | 18.15 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 05:44:33] CPU Usage:0 % 4892 | [Owner : Système | Parent : 908(services.exe) | 6.39 Mo] - (.Thrustmaster® - Thrustmaster® General Accessory Service.) - (1.0.7.0) = C:\Program Files (x86)\Thrustmaster\Thrustmaster FFB Driver\drivers\amd64\tmGAInstall.exe [18/10/2019 18:02:33] CPU Usage:0 % 5048 | [Owner : Système | Parent : 908(services.exe) | 7.31 Mo] - (.Sony Corporation - Device Information Provider.) - (10.5.1.5091) = C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [09/05/2018 12:42:18] CPU Usage:0 % 5108 | [Owner : SERVICE LOCAL | Parent : 4676(svchost.exe) | 5.34 Mo] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (10.0.18362.1) = C:\Windows\System32\dasHost.exe [19/03/2019 05:44:18] CPU Usage:0 % 5176 | [Owner : SERVICE LOCAL | Parent : 908(services.exe) | 5.51 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 05:44:33] CPU Usage:0 % 5372 | [Owner : Système | Parent : 4620(nssm.exe) | 10.2 Mo] - (.-.) - (0.0.0.0) = C:\ProgramData\myCANAL\myCANAL.Service.exe [24/01/2019 11:39:02] CPU Usage:0 % 5416 | [Owner : Système | Parent : 908(services.exe) | 12.28 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 05:44:33] CPU Usage:0 % 5428 | [Owner : Système | Parent : 5372(myCANAL.Service.exe) | 13.66 Mo] - (.Microsoft Corporation - Hôte de la fenêtre de la console.) - (10.0.18362.1) = C:\Windows\System32\conhost.exe [19/03/2019 05:44:30] CPU Usage:0 % 6104 | [Owner : Système | Parent : 4660(nvcontainer.exe) | 8.31 Mo] - (.Microsoft Corporation - Processus hôte Windows (Rundll32).) - (10.0.18362.1) = C:\Windows\System32\rundll32.exe [19/03/2019 05:45:05] CPU Usage:0 % 5140 | [Owner : SERVICE LOCAL | Parent : 908(services.exe) | 7.6 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 05:44:33] CPU Usage:0 % 6712 | [Owner : User | Parent : 4660(nvcontainer.exe) | 27.84 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.19.2734.4859) = C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [24/05/2018 20:24:23] CPU Usage:0 % 6732 | [Owner : User | Parent : 4660(nvcontainer.exe) | 64.24 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.19.2734.4859) = C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [24/05/2018 20:24:23] CPU Usage:0 % 6892 | [Owner : Système | Parent : 908(services.exe) | 18.72 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 05:44:33] CPU Usage:0 % 3784 | [Owner : User | Parent : 4660(nvcontainer.exe) | 14.09 Mo] - (.NVIDIA Corporation - NVIDIA ShadowPlay Helper.) - (3.20.1.57) = C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe [24/05/2018 20:24:42] CPU Usage:0 % 5724 | [Owner : User | Parent : 6712(nvcontainer.exe) | 67.36 Mo] - (.NVIDIA Corporation - NVIDIA Share.) - (73.3683.1933.5) = C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe [24/05/2018 20:24:36] CPU Usage:0 % 7272 | [Owner : Système | Parent : 908(services.exe) | 34.82 Mo] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.18362.449) = C:\Windows\System32\SearchIndexer.exe [13/11/2019 16:11:05] CPU Usage:0 % 8164 | [Owner : User | Parent : 5724(NVIDIA Share.exe) | 81.87 Mo] - (.NVIDIA Corporation - NVIDIA Share.) - (73.3683.1933.5) = C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe [24/05/2018 20:24:36] CPU Usage:0 % 7528 | [Owner : SERVICE LOCAL | Parent : 908(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 05:44:33] CPU Usage:0 % 1908 | [Owner : User | Parent : 7196() | 71.51 Mo] - (.Node.js - NVIDIA Web Helper Service.) - (11.13.0.0) = C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe [24/05/2018 20:24:30] CPU Usage:0 % 7676 | [Owner : User | Parent : 1908(NVIDIA Web Helper.exe) | 11.82 Mo] - (.Microsoft Corporation - Hôte de la fenêtre de la console.) - (10.0.18362.1) = C:\Windows\System32\conhost.exe [19/03/2019 05:44:30] CPU Usage:0 % 2340 | [Owner : User | Parent : 5724(NVIDIA Share.exe) | 84.03 Mo] - (.NVIDIA Corporation - NVIDIA Share.) - (73.3683.1933.5) = C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe [24/05/2018 20:24:36] CPU Usage:0 % 6844 | [Owner : User | Parent : 828(svchost.exe) | 5.9 Mo] - (.Microsoft Corporation - Host Process for Setting Synchronization.) - (10.0.18362.239) = C:\Windows\System32\SettingSyncHost.exe [03/10/2019 23:53:25] CPU Usage:0 % 4736 | [Owner : User | Parent : 828(svchost.exe) | 10.59 Mo] - (.Microsoft Corporation - Processus hôte Windows (Rundll32).) - (10.0.18362.1) = C:\Windows\System32\rundll32.exe [19/03/2019 05:45:05] CPU Usage:0 % 7228 | [Owner : User | Parent : 3464() | 165.09 Mo] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.18362.449) = C:\Windows\explorer.exe [13/11/2019 16:10:31] CPU Usage:0 % 4208 | [Owner : User | Parent : 908(services.exe) | 20.5 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 05:44:33] CPU Usage:0 % 3832 | [Owner : Système | Parent : 908(services.exe) | 11.17 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 05:44:33] CPU Usage:0 % 5452 | [Owner : User | Parent : 828(svchost.exe) | 9.85 Mo] - (.-.) - (8.55.0.131) = C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.55.131.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe [14/12/2019 20:21:30] CPU Usage:0 % 3648 | [Owner : User | Parent : 828(svchost.exe) | 51.95 Mo] - (.-.) - (1.19112.111.0) = C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19112.111.0_x64__8wekyb3d8bbwe\YourPhone.exe [26/12/2019 18:21:48] CPU Usage:0 % 8364 | [Owner : Système | Parent : 908(services.exe) | 20.4 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 05:44:33] CPU Usage:0 % 8228 | [Owner : User | Parent : 7228(explorer.exe) | 9.44 Mo] - (.Microsoft Corporation - Windows Security notification icon.) - (10.0.18362.1) = C:\Windows\System32\SecurityHealthSystray.exe [19/03/2019 05:44:23] CPU Usage:0 % 4232 | [Owner : Système | Parent : 908(services.exe) | ?????] - (.Microsoft Corporation - Windows Security Health Service.) - (4.18.1901.16384) = C:\Windows\System32\SecurityHealthService.exe [03/10/2019 23:53:15] CPU Usage:0 % 8600 | [Owner : User | Parent : 7228(explorer.exe) | 8.61 Mo] - (.- ChangeIcon MFC Application.) - (15.0.0.2) = C:\Windows\SysWOW64\UMonit64.exe [25/11/2016 23:42:53] CPU Usage:0 % 8664 | [Owner : User | Parent : 828(svchost.exe) | 36.07 Mo] - (.Microsoft Corporation - Application Frame Host.) - (10.0.18362.1) = C:\Windows\System32\ApplicationFrameHost.exe [19/03/2019 05:44:23] CPU Usage:0 % 9012 | [Owner : SERVICE LOCAL | Parent : 908(services.exe) | 11.32 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 05:44:33] CPU Usage:0 % 9036 | [Owner : User | Parent : 908(services.exe) | 21.33 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 05:44:33] CPU Usage:0 % 9284 | [Owner : Système | Parent : 908(services.exe) | 10.04 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 05:44:33] CPU Usage:0 % 9852 | [Owner : User | Parent : 8244() | 103.26 Mo] - (.AVAST Software - Avast Antivirus.) - (19.8.4793.0) = C:\Program Files\AVAST Software\Avast\AvastUI.exe [08/10/2019 19:37:10] CPU Usage:0 % 10772 | [Owner : SERVICE RÉSEAU | Parent : 908(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 05:44:33] CPU Usage:0 % 10884 | [Owner : Système | Parent : 3724() | 0.45 Mo] - (.AVAST Software - Avast Browser Update.) - (1.4.136.333) = C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler.exe [05/04/2018 16:21:36] CPU Usage:0 % 10124 | [Owner : User | Parent : 828(svchost.exe) | 9.2 Mo] - (.Microsoft Corporation - Component Package Support Server.) - (10.0.18362.1) = C:\Windows\System32\CompPkgSrv.exe [19/03/2019 05:43:47] CPU Usage:0 % 9156 | [Owner : User | Parent : 828(svchost.exe) | 7.57 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.18362.1) = C:\Windows\System32\RuntimeBroker.exe [19/03/2019 05:44:06] CPU Usage:0 % 10364 | [Owner : User | Parent : 3156() | 0.74 Mo] - (.Lenovo - Lenovo Solution Center Notifications.) - (1.1.0.0) = C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [24/08/2016 09:20:24] CPU Usage:0 % 10632 | [Owner : Système | Parent : 3724() | 0.38 Mo] - (.AVAST Software - Avast Browser Update.) - (1.4.136.333) = C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler64.exe [05/04/2018 16:21:36] CPU Usage:0 % 10656 | [Owner : Système | Parent : 908(services.exe) | 26.75 Mo] - (.- Lenovo System Update Service.) - (5.7.0.88) = C:\Program Files (x86)\Lenovo\System Update\SUService.exe [03/10/2019 16:19:57] CPU Usage:0 % 1692 | [Owner : Système | Parent : 908(services.exe) | 12.38 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 05:44:33] CPU Usage:0 % 11184 | [Owner : Système | Parent : 908(services.exe) | 54.67 Mo] - (.Intel Corporation - IAStorDataSvc.) - (15.2.0.1020) = C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [20/09/2016 11:04:30] CPU Usage:0 % 8232 | [Owner : Système | Parent : 3824() | 0.46 Mo] - (.Google LLC - Google Crash Handler.) - (1.3.35.421) = C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleCrashHandler.exe [14/12/2019 20:21:22] CPU Usage:0 % 10688 | [Owner : Système | Parent : 908(services.exe) | 6.59 Mo] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host Interface.) - (9.5.12.1682) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [19/06/2015 18:19:00] CPU Usage:0 % 9840 | [Owner : Système | Parent : 908(services.exe) | 12.4 Mo] - (.Intel Corporation - Intel(R) Local Management Service.) - (9.5.10.1628) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [25/11/2016 23:43:31] CPU Usage:0 % 1848 | [Owner : Système | Parent : 3824() | 0.38 Mo] - (.Google LLC - Google Crash Handler.) - (1.3.35.421) = C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleCrashHandler64.exe [14/12/2019 20:21:22] CPU Usage:0 % 8932 | [Owner : User | Parent : 828(svchost.exe) | 22.49 Mo] - (.Microsoft Corporation - Windows Security Health Host.) - (4.18.1901.16384) = C:\Windows\System32\SecurityHealthHost.exe [03/10/2019 23:53:15] CPU Usage:0 % 10536 | [Owner : User | Parent : 828(svchost.exe) | 69.24 Mo] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.18362.387) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [04/10/2019 02:44:15] CPU Usage:0 % 11760 | [Owner : Système | Parent : 908(services.exe) | ?????] - (.Microsoft Corporation - Service Broker du moniteur d'exécution System Guard.) - (10.0.18362.1) = C:\Windows\System32\SgrmBroker.exe [19/03/2019 05:45:32] CPU Usage:0 % 11892 | [Owner : Système | Parent : 908(services.exe) | 60.41 Mo] - (.Intel(R) Corporation - XtuService.) - (4.1.0.312) = C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe [29/10/2013 14:24:04] CPU Usage:0 % 10808 | [Owner : Système | Parent : 908(services.exe) | 8.01 Mo] - (.Intel Corporation - Intel(R) Integrated Clock Controller Service - Intel(R) ICCS.) - (1.0.0.1) = C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [19/06/2015 18:28:51] CPU Usage:0 % 8172 | [Owner : Système | Parent : 908(services.exe) | 6.48 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 05:44:33] CPU Usage:0 % 1724 | [Owner : Système | Parent : 908(services.exe) | 7.23 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 05:44:33] CPU Usage:0 % 8248 | [Owner : Système | Parent : 908(services.exe) | 8.09 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 05:44:33] CPU Usage:0 % 9896 | [Owner : SERVICE RÉSEAU | Parent : 908(services.exe) | 7.48 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 05:44:33] CPU Usage:0 % 5884 | [Owner : Système | Parent : 828(svchost.exe) | 10.87 Mo] - (.Microsoft Corporation - COM Surrogate.) - (10.0.18362.1) = C:\Windows\System32\dllhost.exe [19/03/2019 05:44:33] CPU Usage:0 % 12448 | [Owner : User | Parent : 828(svchost.exe) | 0.39 Mo] - (.-.) - (10.19101.1071.0) = C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19101.10711.0_x64__8wekyb3d8bbwe\Video.UI.exe [28/10/2019 23:39:00] CPU Usage:0 % 13032 | [Owner : User | Parent : 828(svchost.exe) | 50.08 Mo] - (.Microsoft Corporation - WindowsInternal.ComposableShell.Experiences.TextInput.InputApp.exe.) - (10.0.18362.329) = C:\Windows\SystemApps\InputApp_cw5n1h2txyewy\WindowsInternal.ComposableShell.Experiences.TextInput.InputApp.exe [03/10/2019 23:53:06] CPU Usage:0 % 8252 | [Owner : SERVICE LOCAL | Parent : 908(services.exe) | 9.86 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 05:44:33] CPU Usage:0 % 6848 | [Owner : User | Parent : 828(svchost.exe) | 1.5 Mo] - (.-.) - (3.36.1912.6003) = C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_3.36.6003.0_x64__8wekyb3d8bbwe\GameBar.exe [14/12/2019 23:41:32] CPU Usage:0 % 11756 | [Owner : User | Parent : 9852(AvastUI.exe) | 173.8 Mo] - (.AVAST Software - Avast Antivirus.) - (19.8.4793.0) = C:\Program Files\AVAST Software\Avast\AvastUI.exe [08/10/2019 19:37:10] CPU Usage:0 % 10856 | [Owner : User | Parent : 9852(AvastUI.exe) | 44.92 Mo] - (.AVAST Software - Avast Antivirus.) - (19.8.4793.0) = C:\Program Files\AVAST Software\Avast\AvastUI.exe [08/10/2019 19:37:10] CPU Usage:0 % 8300 | [Owner : User | Parent : 1924() | 330.9 Mo] - (.Mozilla Corporation - Firefox.) - (71.0.0.7275) = C:\Program Files\Mozilla Firefox\firefox.exe [05/03/2019 20:53:59] CPU Usage:0 % 11072 | [Owner : User | Parent : 8300(firefox.exe) | 129.57 Mo] - (.Mozilla Corporation - Firefox.) - (71.0.0.7275) = C:\Program Files\Mozilla Firefox\firefox.exe [05/03/2019 20:53:59] CPU Usage:0 % 8612 | [Owner : User | Parent : 8300(firefox.exe) | 499.49 Mo] - (.Mozilla Corporation - Firefox.) - (71.0.0.7275) = C:\Program Files\Mozilla Firefox\firefox.exe [05/03/2019 20:53:59] CPU Usage:1 % 1268 | [Owner : User | Parent : 8300(firefox.exe) | 61.9 Mo] - (.Mozilla Corporation - Firefox.) - (71.0.0.7275) = C:\Program Files\Mozilla Firefox\firefox.exe [05/03/2019 20:53:59] CPU Usage:0 % 3996 | [Owner : User | Parent : 7228(explorer.exe) | 167.58 Mo] - (.Ubisoft - Uplay launcher.) - (101.0.0.7178) = C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\upc.exe [26/11/2018 10:57:48] CPU Usage:0 % 9524 | [Owner : User | Parent : 3996(upc.exe) | 69.53 Mo] - (.Ubisoft - Uplay WebCore.) - (101.0.7178.0) = C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UplayWebCore.exe [26/11/2018 10:57:50] CPU Usage:0 % 9648 | [Owner : User | Parent : 7228(explorer.exe) | 99.62 Mo] - (.Intel(R) Corporation - Lenovo OneKey Overclocking.) - (4.1.0.312) = C:\Program Files (x86)\Lenovo\OneKey Overclocking\lokoc.exe [29/10/2013 14:23:12] CPU Usage:0 % 6364 | [Owner : SERVICE LOCAL | Parent : 908(services.exe) | 19.43 Mo] - (.Microsoft Corporation - PresentationFontCache.exe.) - (3.0.6920.9135) = C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe [03/10/2019 23:39:47] CPU Usage:0 % 8280 | [Owner : Système | Parent : 908(services.exe) | 8.8 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 05:44:33] CPU Usage:0 % 2696 | [Owner : User | Parent : 828(svchost.exe) | 104.85 Mo] - (.Microsoft Corporation - Paramètres.) - (10.0.18362.449) = C:\Windows\ImmersiveControlPanel\SystemSettings.exe [13/11/2019 16:15:27] CPU Usage:0 % 13104 | [Owner : Système | Parent : 908(services.exe) | ?????] - (.Malwarebytes - Malwarebytes Service.) - (3.2.0.874) = C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [27/12/2019 22:23:09] CPU Usage:0 % 5404 | [Owner : User | Parent : 13104(MBAMService.exe) | 36.42 Mo] - (.Malwarebytes - Malwarebytes Tray Application.) - (4.0.0.457) = C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [27/12/2019 22:23:08] CPU Usage:0 % 10208 | [Owner : Système | Parent : 908(services.exe) | 6 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 05:44:33] CPU Usage:0 % 5036 | [Owner : User | Parent : 10952() | 202.95 Mo] - (.Malwarebytes - Malwarebytes.) - (4.0.0.457) = C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe [27/12/2019 22:23:08] CPU Usage:0 % 8288 | [Owner : User | Parent : 828(svchost.exe) | 10.86 Mo] - (.Microsoft Corporation - COM Surrogate.) - (10.0.18362.1) = C:\Windows\System32\dllhost.exe [19/03/2019 05:44:33] CPU Usage:0 % 8332 | [Owner : User | Parent : 8300(firefox.exe) | 43.14 Mo] - (.Mozilla Corporation - Firefox.) - (71.0.0.7275) = C:\Program Files\Mozilla Firefox\firefox.exe [05/03/2019 20:53:59] CPU Usage:0 % 12296 | [Owner : Système | Parent : 908(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 05:44:33] CPU Usage:0 % 13232 | [Owner : User | Parent : 828(svchost.exe) | 36.45 Mo] - (.Microsoft Corporation - Windows Defender SmartScreen.) - (10.0.18362.1) = C:\Windows\System32\smartscreen.exe [19/03/2019 05:44:03] CPU Usage:0 % 10168 | [Owner : SERVICE RÉSEAU | Parent : 828(svchost.exe) | 10.98 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.18362.1) = C:\Windows\System32\wbem\WmiPrvSE.exe [19/03/2019 05:44:00] CPU Usage:0 % 12672 | [Owner : User | Parent : 5304() | 68.93 Mo] - (.SosVirus - QuickDiag.) - (1.11.19.1) = C:\Users\User\Downloads\QuickDiag(1).exe [27/12/2019 23:05:41] CPU Usage:0 % 11220 | [Owner : Système | Parent : 908(services.exe) | 5.98 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 05:44:33] CPU Usage:0 % 10544 | [Owner : SERVICE RÉSEAU | Parent : 828(svchost.exe) | 13.93 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.18362.1) = C:\Windows\SysWOW64\wbem\WmiPrvSE.exe [19/03/2019 05:45:12] CPU Usage:0 % ---------- | Locked Applications [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{f9e93b39-49d1-4179-9848-a5a2896955ea}] - () - (%systemroot%\system32\mrt.exe) ---------- | Policy Restrictions ---------- | Explorer.exe Modules (Microsoft Files Whitelisted) (.AVAST Software.-.Hook Library.) - (19.8.4793.0) -- C:\Program Files\AVAST Software\Avast\aswhook.dll (..-..) - (0.0.0.0) -- C:\WINDOWS\System32\UMPDC.dll (..-..) - (0.0.0.0) -- C:\Windows\System32\VirtualMonitorManager.dll (.NVIDIA Corporation.-.NVIDIA Driver Loader, Version 441.66.) - (26.21.14.4166) -- C:\WINDOWS\System32\DriverStore\FileRepository\nv_desktop_ref4i.inf_amd64_8e9ea337ab83d6e3\nvldumdx.dll (.NVIDIA Corporation.-.NVIDIA D3D10 Driver, Version 441.66.) - (26.21.14.4166) -- C:\WINDOWS\System32\DriverStore\FileRepository\nv_desktop_ref4i.inf_amd64_8e9ea337ab83d6e3\nvwgf2umx_cfg.dll (.AVAST Software.-.Avast Antivirus Shell Extension.) - (19.8.4793.0) -- C:\Program Files\AVAST Software\Avast\ashShell.dll (.AVAST Software.-.Avast Antivirus AAVM Remote Procedure Call Library.) - (19.8.4793.0) -- C:\Program Files\AVAST Software\Avast\AavmRpch.dll (.NVIDIA Corporation.-.NVIDIA NVAPI Library, Version 441.66.) - (26.21.14.4166) -- C:\WINDOWS\SYSTEM32\nvapi64.dll (..-..) - (0.0.0.0) -- C:\Windows\ShellExperiences\TileControl.dll (..-..) - (0.0.0.0) -- C:\Windows\ShellComponents\TaskFlowUI.dll (.NVIDIA Corporation.-.NVIDIA Display Shell Extension.) - (1.2.0.1) -- C:\WINDOWS\system32\nvshext.dll (.The ICU Project.-.ICU Combined Library.) - (63.1.0.0) -- C:\WINDOWS\SYSTEM32\icu.dll (.Malwarebytes.-.Malwarebytes.) - (3.0.0.79) -- C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll (.Alexander Roshal.-.WinRAR shell extension.) - (5.71.0.0) -- C:\Program Files\WinRAR\rarext.dll (.NVIDIA Corporation.-.NVIDIA Shell Extensions.) - (6.14.14.4166) -- C:\WINDOWS\system32\nv3dappshext.dll ---------- | Winlogon.exe Modules (Microsoft Files Whitelisted) (..-..) - (0.0.0.0) -- C:\WINDOWS\System32\UMPDC.dll ---------- | svchost.exe Modules (Microsoft Files Whitelisted) (..-..) - (0.0.0.0) -- C:\WINDOWS\System32\UMPDC.dll (.AVAST Software.-.Avast Antivirus AMSI COM object.) - (19.8.4793.0) -- C:\Program Files\AVAST Software\Avast\aswAMSI.dll (.AVAST Software.-.Avast Antivirus AAVM Remote Procedure Call Library.) - (19.8.4793.0) -- C:\Program Files\AVAST Software\Avast\AavmRpch.dll (.AVAST Software.-.Avast Antivirus dll loader.) - (19.8.4793.0) -- C:\Program Files\AVAST Software\Avast\dll_loader.dll (.SQLite Development Team.-.SQLite is a software library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine..) - (3.25.3.0) -- c:\windows\system32\winsqlite3.dll (.AVAST Software.-.Hook Library.) - (19.8.4793.0) -- C:\Program Files\AVAST Software\Avast\aswhook.dll (..-..) - (0.0.0.0) -- C:\Windows\System32\usocoreps.dll ---------- | ZeroAccess Check [HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll [HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll [HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll ---------- | Startings up OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-19\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE LOCAL OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-20\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE RÉSEAU GUDelayStartup - ("C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\...\Run]) - User: BEN\User uTorrent - ("C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\...\Run]) - User: BEN\User EADM - ("C:\Program Files (x86)\Origin\Origin.exe" -AutoStart [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\...\Run]) - User: BEN\User MyDriveConnect.exe - (C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe -startwithoutDA [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\...\Run]) - User: BEN\User CCleaner Smart Cleaning - ("C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\...\Run]) - User: BEN\User SecurityHealth - (%windir%\system32\SecurityHealthSystray.exe [HKLM\SOFTWARE\...\Run]) - User: Public RtHDVCpl - (C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [HKLM\SOFTWARE\...\Run]) - User: Public RtHDVBg_Dolby - ("C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4 [HKLM\SOFTWARE\...\Run]) - User: Public RtHDVBg_LENOVO_MICPKEY - ("C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /LENOVO_MICPKEY [HKLM\SOFTWARE\...\Run]) - User: Public AvastUI.exe - ("C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui [HKLM\SOFTWARE\...\Run]) - User: Public UMonit - (C:\WINDOWS\SysWOW64\UMonit64.exe [HKLM\SOFTWARE\...\Run]) - User: Public [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\Software\Microsoft\Command Processor] "CompletionChar"=9 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=9 [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\Software\Microsoft\Windows\CurrentVersion\Run] "GUDelayStartup"="C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun "uTorrent"="C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED "EADM"="C:\Program Files (x86)\Origin\Origin.exe" -AutoStart "MyDriveConnect.exe"=C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe -startwithoutDA "CCleaner Smart Cleaning"="C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run] "DAEMON Tools Lite Automount"=0x03000000A41DE46B836BD201 "Gadwin PrintScreen Pro (64-bit)"=0x020000000000000000000000 "OneDrive"=0x030000003C440B61836BD201 "uTorrent"=0x03000000441CC0418D01D301 "Steam"=0x03000000E57C9259836BD201 "CCleaner Monitoring"=0x020000000000000000000000 "GUDelayStartup"=0x03000000E1FF0713FDBBD401 "OneDriveSetup"=0x020000000000000000000000 "CCleaner Smart Cleaning"=0x020000000000000000000000 "msnmsgr"=0x020000000000000000000000 "iCloudServices"=0x020000000000000000000000 "GarminExpress"=0x020000000000000000000000 "MyDriveConnect.exe"=0x020000000000000000000000 "EADM"=0x020000000000000000000000 [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RunMRU] "a"="C:\Users\User\Desktop\4K Video Downloader.lnk"\1 "MRUList"=hkgjdifecba "b"="C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe"\1 "c"="C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe"\1 "d"=C:\Program Files\internet explorer\iexplore.exe et clique sur ENTER\1 "e"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"\1 "f"=HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WindowsNT\Winlogon\1 "g"=explore.exe\1 "h"=regedit\1 "i"=cmd.exe\1 "j"=shutdown.exe /r /o /f /t 00\1 "k"=explorer.exe\1 [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "Device"=HP Deskjet 6940 series,winspool,Ne04: "IsMRUEstablished"=1 "LegacyDefaultPrinterMode"=0 [HKLM\Software\Microsoft\Command Processor] "DefaultColor"=0 "EnableExtensions"=1 "CompletionChar"=64 "PathCompletionChar"=64 [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "SecurityHealth"=%windir%\system32\SecurityHealthSystray.exe "RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s "RtHDVBg_Dolby"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4 "RtHDVBg_LENOVO_MICPKEY"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /LENOVO_MICPKEY "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui "UMonit"=C:\WINDOWS\SysWOW64\UMonit64.exe [25/11/2016 23:42:53] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run] "SecurityHealth"=0x060000000000000000000000 "IAStorIcon"=0x020000000000000000000000 "RtHDVCpl"=0x0300000023828A68836BD201 "RtHDVBg_LENOVO_MICPKEY"=0x0300000066636067836BD201 "RtHDVBg_Dolby"=0x0300000011C9C724FDBBD401 "ShadowPlay"=0x020000000000000000000000 "UMonit"=0x020000000000000000000000 "Malwarebytes TrayApp"=0x020000000000000000000000 "AvastUI.exe"=0x020000000000000000000000 "iTunesHelper"=0x020000000000000000000000 "WindowsDefender"=0x020000000000000000000000 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32] "StereoLinksInstall"=0x020000000000000000000000 "AvastUI.exe"=0x020000000000000000000000 "BDRegion"=0x020000000000000000000000 "CLMLServer"=0x020000000000000000000000 "LVT"=0x020000000000000000000000 "jmekey"=0x020000000000000000000000 "Lenovo Silver Silk Wireless Keyboard"=0x020000000000000000000000 "UpdateP2GoShortCut"=0x020000000000000000000000 "RemoteControl10"=0x020000000000000000000000 "jmesoft"=0x020000000000000000000000 "PMBVolumeWatcher"=0x020000000000000000000000 "CompeGPSDev"=0x020000000000000000000000 [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] ""=mnmsrvc "AppInit_DLLs"= "DdeSendTimeout"=0 "DesktopHeapLogging"=1 "DeviceNotSelectedTimeout"=15 "DwmInputUsesIoCompletionPort"=1 "EnableDwmInputProcessing"=7 "GDIProcessHandleQuota"=10000 "IconServiceLib"=IconCodecService.dll "LoadAppInit_DLLs"=0 "NaturalInputHandler"=Ninput.dll "ShutdownWarningDialogTimeout"=4294967295 "Spooler"=yes "ThreadUnresponsiveLogTimeout"=500 "TransmissionRetryTimeout"=90 "USERNestedWindowLimit"=50 "USERPostMessageLimit"=10000 "USERProcessHandleQuota"=10000 "Win32kLastWriteTime"=1D5B12DDA1555BD [HKLM\Software\WOW6432Node\Microsoft\Command Processor] "CompletionChar"=9 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=9 [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows] ""=mnmsrvc "AppInit_DLLs"= "DdeSendTimeout"=0 "DesktopHeapLogging"=1 "DeviceNotSelectedTimeout"=15 "DwmInputUsesIoCompletionPort"=1 "EnableDwmInputProcessing"=7 "GDIProcessHandleQuota"=10000 "IconServiceLib"=IconCodecService.dll "LoadAppInit_DLLs"=0 "NaturalInputHandler"=Ninput.dll "ShutdownWarningDialogTimeout"=4294967295 "Spooler"=yes "ThreadUnresponsiveLogTimeout"=500 "TransmissionRetryTimeout"=90 "USERNestedWindowLimit"=50 "USERPostMessageLimit"=10000 "USERProcessHandleQuota"=10000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED} ---------- | Win.ini : ---------- | System.ini : ---------- | Tasks List Adobe Flash Player NPAPI Notifier Adobe Flash Player Updater Avast Emergency Update Avast Secure Browser Heartbeat Task (Hourly) Avast Secure Browser Heartbeat Task (Logon) AvastUpdateTaskMachineCore AvastUpdateTaskMachineUA CCleaner Update CCleanerSkipUAC DolbySelectorTask GoogleUpdateTaskMachineCore GoogleUpdateTaskMachineUA Microsoft_Hardware_Launch_ipoint_exe Microsoft_Hardware_Launch_itype_exe Microsoft_Hardware_Launch_mousekeyboardcenter_exe Microsoft_MKC_Logon_Task_ipoint.exe Microsoft_MKC_Logon_Task_itype.exe NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} OneDrive Standalone Update Task-S-1-5-21-3917520454-1897002642-3725866607-1001 Optimize Start Menu Cache Files-S-1-5-21-3917520454-1897002642-3725866607-1001 Optimize Start Menu Cache Files-S-1-5-21-3917520454-1897002642-3725866607-500 User_Feed_Synchronization-{900D2028-AFF2-47B8-B6F9-93F1198FE698} {D06BC99E-2779-4741-A96C-25397FFF11AE} ---------- | Startings up registry ¦ Folder ---------- | Control - lsa - SecurityProviders - Session Manager - Terminal Server [HKLM\System\CurrentControlSet\Control] "BootDriverFlags"=28 "CurrentUser"=USERNAME "EarlyStartServices"=RpcSs Power BrokerInfrastructure SystemEventsBroker DcomLaunch RpcEpMapper LSM AppIdSvc "PreshutdownOrder"=DeviceInstall UsoSvc gpsvc trustedinstaller "SvcHostSplitThresholdInKB"=3670016 "WaitToKillServiceTimeout"=2000 "SystemStartOptions"= NOEXECUTE=OPTIN NOVGA "SystemBootDevice"=multi(0)disk(0)rdisk(0)partition(5) "FirmwareBootDevice"=multi(0)disk(0)rdisk(0)partition(2) "LastBootSucceeded"=1 "LastBootShutdown"=1 "DirtyShutdownCount"=3 [HKLM\System\CurrentControlSet\Control\lsa] "auditbasedirectories"=0 "auditbaseobjects"=0 "Bounds"=0x0030000000200000 "crashonauditfail"=0 "fullprivilegeauditing"=0x00 "LimitBlankPasswordUse"=1 "NoLmHash"=1 "Security Packages"="" [27/01/2016 08:58:54] "Notification Packages"=scecli "Authentication Packages"=msv1_0 "disabledomaincreds"=0 "everyoneincludesanonymous"=0 "forceguest"=0 "LsaPid"=924 "ProductType"=3 "restrictanonymous"=0 "restrictanonymoussam"=1 "SamConnectedAccountsExist"=1 "SecureBoot"=1 [HKLM\System\CurrentControlSet\Control\SecurityProviders] "SecurityProviders"=credssp.dll [HKLM\System\CurrentControlSet\Control\Session Manager] "AutoChkTimeout"=8 "BootExecute"=autocheck autochk * "BootShell"=%SystemRoot%\system32\bootim.exe "CriticalSectionTimeout"=2592000 "ExcludeFromKnownDlls"= "GlobalFlag"=0 "GlobalFlag2"=0 "HeapDeCommitFreeBlockThreshold"=0 "HeapDeCommitTotalFreeThreshold"=0 "HeapSegmentCommit"=0 "HeapSegmentReserve"=0 "InitConsoleFlags"=0 "NumberOfInitialSessions"=2 "ObjectDirectories"=\Windows \RPC Control "ProcessorControl"=2 "ProtectionMode"=1 "RunLevelExecute"=WinInit ServiceControlManager "RunLevelValidate"=ServiceControlManager "SETUPEXECUTE"= "AutoChkSkipSystemPartition"=0 "ResourceTimeoutCount"=648000 "PendingFileRenameOperations"=\??\C:\Users\User\AppData\Local\Temp\_iu14D2N.tmp [HKLM\System\CurrentControlSet\Control\Terminal Server] "AllowRemoteRPC"=0 "DelayConMgrTimeout"=0 "DeleteTempDirsOnExit"=1 "fDenyTSConnections"=1 "fSingleSessionPerUser"=1 "NotificationTimeOut"=0 "PerSessionTempDir"=0 "ProductVersion"=5.1 "RCDependentServices"=CertPropSvc SessionEnv "SnapshotMonitors"=1 "StartRCM"=0 "TSUserEnabled"=0 "InstanceID"=24dda09b-670b-4038-b74e-8dc47c8 "GlassSessionId"=1 ---------- | .LNK with Arguments C:\Users\User\Desktop\AdsFix_Donate.lnk - Encrypted: False - Target: C:\Program Files (x86)\Internet Explorer\iexplore.exe - Args: (hxxps://paypal.me/genhackman) - Hidden: False - Status: OK ---------- | AppCertDlls ---------- | Dnsapi.dll C:\WINDOWS\System32\dnsapi.dll -> OK : \drivers\etc\hosts C:\WINDOWS\SysWOW64\dnsapi.dll -> OK : \drivers\etc\hosts ---------- | Policies | Registry [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\Control Panel\Desktop] "ActiveWndTrackTimeout"=0 "BlockSendInputResets"=0 "CaretTimeout"=5000 "CaretWidth"=1 "ClickLockTime"=1200 "CoolSwitchColumns"=7 "CoolSwitchRows"=3 "CursorBlinkRate"=530 "DockMoving"=1 "DragFromMaximize"=1 "DragFullWindows"=1 "DragHeight"=4 "DragWidth"=4 "FocusBorderHeight"=1 "FocusBorderWidth"=1 "FontSmoothing"=2 "FontSmoothingGamma"=0 "FontSmoothingOrientation"=1 "FontSmoothingType"=2 "ForegroundFlashCount"=7 "ForegroundLockTimeout"=200000 "LeftOverlapChars"=3 "MenuShowDelay"=400 "PaintDesktopVersion"=0 "Pattern"=0 "RightOverlapChars"=3 "ScreenSaveActive"=1 "SnapSizing"=1 "TileWallpaper"=0 "WallpaperOriginX"=0 "WallpaperOriginY"=0 "WallpaperStyle"=10 "WheelScrollChars"=3 "WheelScrollLines"=3 "WindowArrangementActive"=1 "MouseWheelRouting"=1 "WallPaper"=C:\Users\User\Desktop\Photos\Martinique\DSC01934.JPG [30/09/2019 19:59:08] "MouseMonitorEscapeSpeed"=0 "Win8DpiScaling"=0 "UserPreferencesMask"=0x9E1E078012000000 "AutoColorization"=0 "MaxVirtualDesktopDimension"=3840 "MaxMonitorDimension"=1920 "TranscodedImageCount"=1 "LastUpdated"=4294967295 "TranscodedImageCache"=0x7AC30100B0B37D0020140000180F0000004AE35CFC6AD50143003A005C00550073006500720073005C0055007300650072005C004400650073006B0074006F0070005C00500068006F0074006F0073005C004D0061007200740069006E0069007100750065005C00440053004300300031003900330034002E004A0050004700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 "ImageColor"=2800923209 "LogicalDPIOverride"=1 "DpiScalingVer"=4096 "EnablePerProcessSystemDPI"=1 "SCRNSAVE.EXE"=C:\WINDOWS\system32\Bubbles.scr [19/03/2019 05:45:47] "WaitToKillAppTimeout"=2000 "HungAppTimeout"=2000 [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"=0x0000C003 [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{018D5C66-4533-4307-9B53-224DE2ED1FE6}"=1 [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\Software\Microsoft\Windows\CurrentVersion\Explorer] "EdgeDesktopShortcutCreated"=1 "ShellState"=0x240000003428000000000000000000000000000001000000130000000000000062000000 "ExplorerStartupTraceRecorded"=1 "UserSignedIn"=1 "SlowContextMenuEntries"=0x16EC7DE90DA5BB49AE24CF682282E08D6A2500000114020000000000C000000000000046953000005D54A9A2C2A0B4429708A0B2BADD77C8763000001A58CE57B60C66429CA019364C90A0B35F1F0000AF75193DC6488E4FA182BE0E08FA86A9E1190000 "SIDUpdatedOnLibraries"=1 "LocalKnownFoldersMigrated"=1 "TelemetrySalt"=6 "GlobalAssocChangedCounter"=249 "FirstRunTelemetryComplete"=1 "AppReadinessLogonComplete"=1 "PostAppInstallTasksCompleted"=1 "Browse For Folder Width"=361 "Browse For Folder Height"=347 "link"=0x15000000 [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_SearchFiles"=2 "StoreAppsOnTaskbar"=1 "ServerAdminUI"=0 "Hidden"=2 "ShowCompColor"=1 "HideFileExt"=1 "DontPrettyPath"=0 "ShowInfoTip"=1 "HideIcons"=0 "MapNetDrvBtn"=0 "WebView"=1 "Filter"=0 "ShowSuperHidden"=0 "SeparateProcess"=0 "AutoCheckSelect"=0 "IconsOnly"=0 "ShowTypeOverlay"=1 "ShowStatusBar"=1 "ListviewAlphaSelect"=1 "ListviewShadow"=1 "TaskbarAnimations"=1 "StartMenuInit"=13 "ReindexedProfile"=1 "RTStartMenuNotificationDisplayCount"=0 "TaskbarStateLastRun"=0x28EA045E00000000 "TaskbarSizeMove"=1 "ShowTaskViewButton"=0 "TaskbarBadges"=1 "DontUsePowerShellOnWinX"=0 "ShowCortanaButton"=1 [HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers] "authenticodeenabled"=0 "DefaultLevel"=262144 "TransparentEnabled"=1 "PolicyScope"=0 "ExecutableTypes"=ADE ADP BAS BAT CHM CMD COM CPL CRT EXE HLP HTA INF INS ISP LNK MDB MDE MSC MSI MSP MST OCX PCD PIF REG SCR SHS URL VB WSC [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorUser"=3 "DSCAutomationHostEnabled"=2 "EnableCursorSuppression"=1 "EnableFullTrustStartupTasks"=2 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableUwpStartupTasks"=2 "EnableVirtualization"=1 "SupportFullTrustStartupTasks"=1 "SupportUwpStartupTasks"=1 "ValidateAdminCodeSignatures"=0 "ConsentPromptBehaviorAdmin"=0 "PromptOnSecureDesktop"=0 "undockwithoutlogon"=1 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "ForceActiveDesktopOn"=0 "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "NoRecentDocsHistory"=0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoAddingComponents"=1 "NoComponents"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "CheckedValue"=1 "DefaultValue"=2 "HKeyRoot"=2147483649 "Id"=2 "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "ValueName"=Hidden [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer] "ActiveSetupDisabled"=0 "ActiveSetupTaskOverride"=1 "AsyncRunOnce"=1 "AsyncUpdatePCSettings"=1 "DisableAppInstallsOnFirstLogon"=1 "DisableResolveStoreCategories"=1 "DisableUpgradeCleanup"=1 "EarlyAppResolverStart"=1 "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "FSIASleepTimeInMs"=60000 "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "IconUnderline"=2 "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "MachineOobeUpdates"=1 "NoWaitOnRoamingPayloads"=1 "TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd} "SmartScreenEnabled"=Warn "GlobalAssocChangedCounter"=12 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_TrackDocs"=1 "TaskbarSizeMove"=0 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s [HKLM\Software\WOW6432Node\Policies\Microsoft\Windows\Safer\CodeIdentifiers] "authenticodeenabled"=0 "DefaultLevel"=262144 "TransparentEnabled"=1 "PolicyScope"=0 "ExecutableTypes"=ADE ADP BAS BAT CHM CMD COM CPL CRT EXE HLP HTA INF INS ISP LNK MDB MDE MSC MSI MSP MST OCX PCD PIF REG SCR SHS URL VB WSC [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorUser"=3 "DSCAutomationHostEnabled"=2 "EnableCursorSuppression"=1 "EnableFullTrustStartupTasks"=2 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableUwpStartupTasks"=2 "EnableVirtualization"=1 "SupportFullTrustStartupTasks"=1 "SupportUwpStartupTasks"=1 "ValidateAdminCodeSignatures"=0 "ConsentPromptBehaviorAdmin"=0 "PromptOnSecureDesktop"=0 "undockwithoutlogon"=1 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer] "ForceActiveDesktopOn"=0 "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "NoRecentDocsHistory"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoAddingComponents"=1 "NoComponents"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "CheckedValue"=1 "DefaultValue"=2 "HKeyRoot"=2147483649 "Id"=2 "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "ValueName"=Hidden [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer] "ActiveSetupDisabled"=0 "ActiveSetupTaskOverride"=1 "AsyncRunOnce"=1 "AsyncUpdatePCSettings"=1 "DisableAppInstallsOnFirstLogon"=1 "DisableResolveStoreCategories"=1 "DisableUpgradeCleanup"=1 "EarlyAppResolverStart"=1 "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "FSIASleepTimeInMs"=60000 "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "IconUnderline"=2 "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "MachineOobeUpdates"=1 "NoWaitOnRoamingPayloads"=1 "TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd} "GlobalAssocChangedCounter"=9 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_TrackDocs"=1 "TaskbarSizeMove"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s ---------- | Winlogon [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin;OneDrive;Work Folders "BuildNumber"=18363 "FirstLogon"=0 "PUUActive"=0xCC727E61010004004D000E01CC8B0F009C7011009C701100D20000000200300035FA735F35864A00657D230017A40500F8B50200AEFB0200000000000000000035572100C5220000D211000000000000D16BB34FFBBCD501CC8B0F000000000001000000CC8B0F00BA4700001B4100009CBBC60000000000 "DP"=0xD200E800660004004D000000CC727E61C07F800000000000CD592F98F0BCD501436AB2FCDCBCD50155FD64000000000000000000029C0A000000000000000000EF3C2C000000000000000000000000000000000000000000000000000000F03F80510100E2F200808240114082505540AE4F018084000A2284159A22D71C004049C2610FCDD2E10FE14A0180B8065851B80658718162008020A0040720A8040F37B50080A1920548A19205482C0901C004242F000464AF00907600C08F31E8298F31E82B891A00408000022184004A33493B0180458819504F8A5950707D00809044E6429444E642 "ParseAutoexec"=1 "Shell"=%comspec% [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "AutoRestartShell"=1 "Background"=0 0 0 "CachedLogonsCount"=10 "DebugServerCommand"=no "DisableBackButton"=1 "EnableSIHostIntegration"=1 "ForceUnlockLogon"=0 "LegalNoticeCaption"= "LegalNoticeText"= "PasswordExpiryWarning"=5 "PowerdownAfterShutdown"=0 "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "ReportBootOk"=1 "ShellCritical"=0 "ShellInfrastructure"=sihost.exe "SiHostCritical"=0 "SiHostReadyTimeOut"=0 "SiHostRestartCountLimit"=0 "SiHostRestartTimeGap"=0 "VMApplet"=SystemPropertiesPerformance.exe /pagefile "WinStationsDisabled"=0 "scremoveoption"=0 "LastLogOffEndTimePerfCounter"=292612655839 "ShutdownFlags"=2147483815 "Userinit"=C:\Windows\system32\userinit.exe, "ShutdownWithoutLogon"=0 "DisableCad"=1 "EnableFirstLogonAnimation"=1 "AutoLogonSID"=S-1-5-21-3917520454-1897002642-3725866607-1001 "LastUsedUsername"=User "Shell"=explorer.exe [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon] "DefaultDomainName"= "DefaultUserName"= "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "Shell"=explorer.exe "ShellCritical"=0 "SiHostCritical"=0 "SiHostReadyTimeOut"=0 "SiHostRestartCountLimit"=0 "SiHostRestartTimeGap"=0 "Userinit"=C:\WINDOWS\system32\userinit.exe, ---------- | Associations [HKLM\Software\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\Classes\.com] ""=comfile [HKLM\Software\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.reg] ""=regfile [HKLM\Software\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\Classes\.scr] ""=scrfile [HKLM\Software\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\Classes\.bat] ""=batfile [HKLM\Software\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.cmd] ""=cmdfile [HKLM\Software\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.pif] ""=piffile [HKLM\Software\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.inf] ""=inffile [HKLM\Software\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\Classes\.url] ""=InternetShortcut [HKLM\Software\Classes\.lnk] ""=lnkfile [HKLM\Software\Classes\.hta] ""=htafile "Content Type"=application/hta "PerceivedType"=text [HKLM\Software\Classes\htafile\Shell\Open\Command] ""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* [HKLM\Software\Classes\InternetShortcut] "EditFlags"=2 "FriendlyTypeName"=@C:\WINDOWS\system32\ieframe.dll,-10046 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "NeverShowExt"= "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment ""=Raccourci Internet [HKLM\Software\Classes\Application.Manifest] ""=Application Manifest "BrowserFlags"=4096 "EditFlags"=4259840 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200 [HKLM\Software\Classes\Application.Reference] ""=Application Reference "EditFlags"=131072 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201 "IsShortcut"= "NeverShowExt"= [HKLM\Software\Classes\Folder] ""=Folder "AppUserModelID"=Microsoft.Windows.Explorer "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeLayoutPatternForSearch"=alpha "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.HomeGroupSharingStatus [HKLM\Software\WOW6432Node\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\WOW6432Node\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\WOW6432Node\Classes\.com] ""=comfile [HKLM\Software\WOW6432Node\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.reg] ""=regfile [HKLM\Software\WOW6432Node\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\WOW6432Node\Classes\.scr] ""=scrfile [HKLM\Software\WOW6432Node\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\WOW6432Node\Classes\.bat] ""=batfile [HKLM\Software\WOW6432Node\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.cmd] ""=cmdfile [HKLM\Software\WOW6432Node\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.pif] ""=piffile [HKLM\Software\WOW6432Node\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.inf] ""=inffile [HKLM\Software\WOW6432Node\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\WOW6432Node\Classes\.url] ""=InternetShortcut [HKLM\Software\WOW6432Node\Classes\.lnk] ""=lnkfile [HKLM\Software\WOW6432Node\Classes\.hta] ""=htafile "Content Type"=application/hta "PerceivedType"=text [HKLM\Software\WOW6432Node\Classes\htafile\Shell\Open\Command] ""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* [HKLM\Software\WOW6432Node\Classes\InternetShortcut] "EditFlags"=2 "FriendlyTypeName"=@C:\WINDOWS\system32\ieframe.dll,-10046 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "NeverShowExt"= "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment ""=Raccourci Internet [HKLM\Software\WOW6432Node\Classes\Application.Manifest] ""=Application Manifest "BrowserFlags"=4096 "EditFlags"=4259840 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200 [HKLM\Software\WOW6432Node\Classes\Application.Reference] ""=Application Reference "EditFlags"=131072 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201 "IsShortcut"= "NeverShowExt"= [HKLM\Software\WOW6432Node\Classes\Folder] ""=Folder "AppUserModelID"=Microsoft.Windows.Explorer "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeLayoutPatternForSearch"=alpha "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.HomeGroupSharingStatus [HKLM\Software\Clients\StartMenuInternet\Avast Secure Browser\Shell\open\Command] ""="C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" [HKLM\Software\Clients\StartMenuInternet\Avast Secure Browser\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" --make-default-browser [HKLM\Software\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\Shell\open\Command] ""="C:\Program Files\Mozilla Firefox\firefox.exe" [HKLM\Software\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\InstallInfo] "ReinstallCommand"="C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\Clients\StartMenuInternet\Google Chrome\Shell\open\Command] ""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [HKLM\Software\Clients\StartMenuInternet\Google Chrome\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""=C:\Program Files\Internet Explorer\iexplore.exe [19/03/2019 13:01:28] [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Avast Secure Browser\Shell\open\Command] ""="C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Avast Secure Browser\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" --make-default-browser [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\Shell\open\Command] ""="C:\Program Files\Mozilla Firefox\firefox.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\InstallInfo] "ReinstallCommand"="C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\Shell\open\Command] ""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""=C:\Program Files\Internet Explorer\iexplore.exe [19/03/2019 13:01:28] [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall ---------- | AppcompatFlags [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted] "C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exe"=32 "C:\DRIVERS\Realtek\f4etn04us17\setup.exe"=1 "C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\upc.exe"=32 "C:\Program Files (x86)\Realtek\Realtek Windows NIC Driver\RTINSTALLER64.EXE"=1 "C:\PROGRA~3\Lenovo\SYSTEM~2\session\REPOSI~1\K4ETNA~1\setup.exe"=1 "C:\Program Files (x86)\InstallShield Installation Information\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}\setup.exe"=33 [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store] "SIGN.MEDIA=85B78F0 Stery i bench\Benchmark\FurMark\FurMark.exe"=0x5341435001000000000000000700000028000000007232000F27330001000000000000000000030671220000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000E9FE3000000000000100000001000000 "SIGN.MEDIA=4B67FD2 StressME.exe"=0x534143500100000000000000070000002800000000841C000000000001000000000000000000030661220000975FD891C99ECE010000000000000000020000002800000000000000000000000000000000000000000000000000000045190000000000000100000001000000 "SIGN.MEDIA=4B67FD2 zamknij.bat"=0x5341435001000000000000000700000028000000006E05001C90050001000000000000000000010500100000B395E7CF049FCE010000000000000000 "C:\Program Files (x86)\Lenovo\OneKey Overclocking\lokoc.exe"=0x5341435001000000000000000700000028000000D03D0500CCC00500010000000000000000000206F1020000631F6E6F0EDED401000000000000000002000000A0000000000001060000002000000000000000000000000000000000890EDD2400000000A2000000A100000000000206000000200000000000000000000000000000000045CBA0000000000013000000000000000000000000000000000000000000000000000000000000001757F101000000002500000000000000000000000000004000000000000000000000000000000000AC000000000000000100000000000000 "C:\Program Files\AVAST Software\Avast\AvastUI.exe"=0x534143500100000000000000070000002800000068EA8A0013388B0001000000000000000000030600210000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000483CD101000000000100000001000000 "C:\Program Files\Lenovo\LVT\LJYZ.exe"=0x534143500100000000000000070000002800000060850D0048AA0D0001000000000000000000010671200000E63F486B2AA0D201000000000000000002000000500000000000000000000000000000000000000000000000000000009DA32200000000000900000005000000000000000000004000000000000000000000000000000000D0D40100000000000100000000000000 "C:\Program Files\DAEMON Tools Lite\uninst.exe"=0x5341435001000000000000000700000028000000F0A829000E252A0003000000000000000000030600210000975FD891C99ECE0100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000000000000000000000000000000000000000A3260000000000000100000001000000 "SIGN.MEDIA=AB8E6615 setup.exe"=0x534143500100000000000000070000002800000072980F000000000001000000000000000000020600010000975FD891C99ECE01000000000000000002000000280000000000000080000000000000000000000000000000000000007E140E00000000000100000001000000 "C:\Program Files (x86)\Batman Arkham Knight\Binaries\Win64\BatmanAK.exe"=0x53414350010000000000000005000000100000000000000000000000000000000000000007000000280000000074D3058527DB0501000000000000000000030673220000BFA2139DEDD1D301000000000000000002000000500000000000000000000000000000000000000000000000000000000E302D00000000000E00000001000000000000000000004000000000000000000000000000000000531C8000000000000B00000000000000 "C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe"=0x534143500100000000000000070000002800000050291400E430140001000000000000000000030600210000631F6E6F0EDED4010000000000000000020000002800000000000000000000000000000000000000000000000000000053DF4C1700000000EA020000EA020000 "C:\Users\User\Desktop\LENOVO\Lenovo Black Silk USB Keyboard driver\l68ea2a4_a.exe"=0x534143500100000000000000070000002800000080F01C004EA21D0001000000000000000000030600210000975FD891C99ECE0100000080000000000200000028000000000000000000000000000000000000000000000000000000646F0000000000000200000002000000 "C:\Program Files\NVIDIA Corporation\Control Panel Client\nvcplui.exe"=0x534143500100000000000000070000002800000090CA6800BD3B690001000000000000000000030673220000B395E7CF049FCE010000000000000000020000002800000000000000000000000000000000000000000000000000000034340900000000000300000003000000 "C:\Program Files\Dolby Digital Plus\ddpe.exe"=0x5341435001000000000000000700000028000000805309003D7F0900010000000000000000000206F5220000B395E7CF049FCE01000000000000000002000000280000000000000000000000000000000000000000000000000000003EED2B00000000000200000002000000 "C:\Users\User\Desktop\LENOVO\NVIDIA Discrete VGA Driver\g3vdo34us14.exe"=0x5341435001000000000000000700000028000000905292107EAB921001000000000000000000030600210000975FD891C99ECE0100000080000000000200000028000000000000000000000000000000000000000000000000000000BD130200000000000300000003000000 "C:\Users\User\Desktop\LENOVO\Realtek Audio Codec Driver\g7aud28us17.exe"=0x534143500100000000000000070000002800000050D86215C025631501000000000000000000020600010000975FD891C99ECE010000008000000000020000002800000000000000000000000000000000000000000000000000000053C70100000000000100000001000000 "C:\Users\User\Desktop\LENOVO\Realtek Audio driver\g7aud25us17.exe"=0x5341435001000000000000000700000028000000B80BE6128FF0E61201000000000000000000030600210000975FD891C99ECE010000008000000000020000002800000000000000000000000000000000000000000000000000000083D20000000000000100000001000000 "C:\Users\User\Desktop\LENOVO\Realtek Lan Driver\f4etn04us17.exe"=0x534143500100000000000000070000002800000058553A000A093B0001000000000000000000030600210000975FD891C99ECE0100000080000000000200000028000000000000000000000000000000000000000000000000000000580F0200000000000200000002000000 "C:\Users\User\Desktop\LENOVO\Taisol Cardreader Driver\h1100991.exe"=0x5341435001000000000000000700000028000000A8DD76008C06770001000000000000000000020600010000975FD891C99ECE01000000000000000002000000280000000000000000000000000000000000000000000000000000007AEC0500000000000100000001000000 "C:\Users\User\Desktop\LENOVO\TVSUBeat Patch for windows\tvsubeatpatch.exe"=0x534143500100000000000000070000002800000030652900F79E290001000000000000000000030600210000975FD891C99ECE01000000800000000002000000280000000000000000000000000000000000000000000000000000000B830000000000000200000002000000 "C:\Users\User\Desktop\LENOVO\Intel RST driver\u1rau09us17.exe"=0x5341435001000000000000000700000028000000D07CB4006EAAB40001000000000000000000030600210000975FD891C99ECE010000008000000000020000002800000000000000000000000000000000000000000000000000000084470100000000000100000001000000 "C:\Users\User\Desktop\LENOVO\Lenovo Silver Silk Keyboard Driver\h1100842.exe"=0x5341435001000000000000000700000028000000302E3A00C07D3A0001000000000000000000020600010000975FD891C99ECE01000000000000000002000000280000000000000000000000000000000000000000000000000000008C1C0100000000000100000001000000 "C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe"=0x534143500100000000000000070000002800000050FD9A00881B9B0001000000000000000000030673220000E78E163C2AA0D20100000000000000000200000028000000000000000000000080000000000000000000000000000000FCC03F00000000000A0000000A000000 "SIGN.MEDIA=D3C02AD1 setup.exe"=0x5341435001000000000000000700000028000000000C0B000000000001000000000000000000030600210000975FD891C99ECE01000000000000000002000000280000000000000000000000000000000000000000000000000000000B1F1500000000000100000001000000 "SIGN.MEDIA=BFD8D27A Setup.exe"=0x534143500100000000000000070000002800000085A211000000000001000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000008000000000000000000000000000000000000000DE060500000000000100000001000000 "C:\Program Files (x86)\Rise of the Tomb Raider\ROTTR.exe"=0x534143500100000000000000070000002800000000CAEE040000000001000000000000000000000A00210000D5B3B31A57DFD1010000000000000000020000005000000000000000000000500000000000000000000000000000000018569C00000000000B0000000A00000000000000000000100000000000000000000000000000000058BA8000000000000400000000000000 "C:\Program Files (x86)\Origin Games\Crysis 3\Bin32\Crysis3.exe"=0x534143500100000000000000070000002800000008BDA301C811A40101000000000000000000020671020000BFA2139DEDD1D301000000000000000002000000A0000000000000001000002000000000000000000000000000000000E5150100000000000300000003000000000000001000006000000000000000000000000000000000DFE90E00000000000100000000000000000000000000004000000000000000000000000000000000570900000000000001000000000000000000000000000000000000000000000000000000000000000E030000000000000100000000000000 "SIGN.MEDIA=DFEAC1C3 setup.exe"=0x534143500100000000000000070000002800000015731B00000000000100000000000000000003060021000033504C2B57DFD101000000000000000002000000280000000000000080000000000000000000000000000000000000003ED50400000000000100000001000000 "C:\Program Files (x86)\GRID Autosport\GRIDAutosport.exe"=0x5341435001000000000000000700000028000000008A07010000000001000000000000000000030671220000E63F486B2AA0D20100000000000000000200000050000000000000000000000000000000000000000000000000000000998B10000000000001000000010000000000000000000040000000000100000000000000000000004FAC0D00000000000200000000000000 "C:\Program Files (x86)\OpenOffice 4\program\soffice.exe"=0x5341435001000000000000000700000028000000001A9600A653960001000000000000000000000A71220000E63F486B2AA0D201000000000000000002000000280000000000000000000010000000000000000000000000000000003D883E00000000000400000004000000 "SIGN.MEDIA=8D1861F2 setup.exe"=0x5341435001000000000000000700000028000000995E0F00000000000100000000000000000003060021000033504C2B57DFD10100000000000000000200000028000000000000008000000000000000000000000000000000000000EFF10700000000000100000001000000 "C:\Program Files (x86)\OpenOffice 4\program\swriter.exe"=0x5341435001000000000000000700000028000000009601002029020001000000000000000000000A71220000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000EA7DC200000000002000000020000000 "C:\Program Files\Gadwin\Gadwin PrintScreenPro\PrintScreenPro64.exe"=0x5341435001000000000000000700000028000000A864EF004164F00001000000000000000000030673020000D5B3B31A57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000E4A2E11200000000C1000000C1000000 "C:\Program Files (x86)\METAL GEAR RISING REVENGEANCE\METAL GEAR RISING REVENGEANCE.exe"=0x534143500100000000000000070000002800000000029001000000000100000000000000000002067100000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000CAB40000000000000100000001000000 "C:\Program Files (x86)\ACE COMBAT ASSAULT HORIZON Enhanced Edition\Ace Combat_AH.exe"=0x534143500100000000000000010000000400000001000000070000002800000000AA9000A896970001000000000000000000010671020000631F6E6F0EDED4010000000000000000020000007800000000000000100000200000000000000000000000000000000083CA2B00000000000200000001000000000000000000004000000000010000000000000001000000C5E801000000000001000000000000000000000000000000000000000000000000000000000000000BE60000000000000100000000000000 "C:\Program Files (x86)\Call of Duty Black Ops III\BlackOps3.exe"=0x5341435001000000000000000500000010000000000000000000000000000000100000000700000028000000E8AF720292F3720201000000000000000000000A73220000DB80FDAC2839D301000000000000000002000000A0000000000000001000002000000000000000000000000000000000AAAE0100000000000300000002000000000000001000006000000000000000000000000000000000759A5000000000000400000000000000000000000000004000000000010000000000000000000000FD110100000000000100000000000000000000000000000000000000000000000000000000000000427F0000000000000100000000000000 "C:\Program Files (x86)\Call of Duty Black Ops III\BO3 Offline Modes Launcher.exe"=0x5341435001000000000000000700000028000000002205000000000001000000000000000000000AF122000033504C2B57DFD10100000000000000000500000010000000000000000000000000000000800000000200000028000000000000008000004000000000000000000000000000000000901C0000000000000100000001000000 "SIGN.MEDIA=AA8EF4D9 setup.exe"=0x5341435001000000000000000700000028000000B2060B000000000001000000000000000000000A0021000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000006D3C0D00000000000100000001000000 "SIGN.MEDIA=815C6C57 Setup.exe"=0x5341435001000000000000000700000028000000383960000000000001000000000000000000000A0021000033504C2B57DFD1010000000000000000020000002800000000000000800000000000000000000000000000000000000061270600000000000200000002000000 "C:\Program Files (x86)\Assassin's Creed Rogue\ACC.exe"=0x5341435001000000000000000700000028000000D85A0B042D9B0B0401000000000000000000000A73220000D5B3B31A57DFD101000000000000000002000000500000000000000010000020000000000000000000000000000000006B730000000000000100000001000000000000000000000000000000010000000000000000000000E8FA0700000000000200000000000000 "C:\Program Files (x86)\Assassins Creed Syndicate\ACS.exe"=0x5341435001000000000000000500000010000000000000000000000000000000000000000700000028000000E89E07020729080201000000000000000000000A00210000DB80FDAC2839D301000000000000000002000000500000000000000000000000000000000000000000000000000000006A8A0400000000000100000001000000000000000000004000000000000000000000000000000000445D0D00000000000100000000000000 "C:\Program Files (x86)\Batman Arkham Knight\Binaries\Win64\BatmanAK.com"=0x5341435001000000000000000700000028000000002E00007B6300000100000000000000000000067102000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000B2690100000000000100000001000000 "C:\Program Files (x86)\Lenovo\PowerDVD10\PDVDLaunchPolicy.exe"=0x5341435001000000000000000700000028000000D8B306004DC3060001000000000000000000010671020000631F6E6F0EDED4010000000000000000020000002800000000000000800000000000000000000000000000000000000030757D00000000003200000032000000 "C:\Program Files\CrystalDiskMark5\DiskMark64.exe"=0x5341435001000000000000000700000028000000B0DB3000CD8E310001000000000000000000000A00210000E78E163C2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000093020600000000000200000002000000 "SIGN.MEDIA=C09E2AB7 Setup.exe"=0x53414350010000000000000007000000280000005C1672000000000001000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000008000000000000000000000000000000000000000139D0500000000000100000001000000 "SIGN.MEDIA=EF95726C setup.exe"=0x5341435001000000000000000700000028000000DC3C3D00000000000100000000000000000001060001000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000B919EC01000000000100000001000000 "C:\Program Files (x86)\Call of Duty Modern Warfare Remastered\h1_sp64_ship.exe"=0x534143500100000000000000050000001000000000000000000000000000000020000000070000002800000010462301EF65230101000000000000000000000A73220000BFA2139DEDD1D3010000000000000000020000002800000000000000200000600000000000000000000000000000000012AF2701000000001200000012000000 "C:\Program Files (x86)\Lenovo\Power2Go\Power2Go.exe"=0x5341435001000000000000000700000028000000406E26004429270001000000000000000000020671220000631F6E6F0EDED401000000000000000002000000280000000000000000000000000002100000000000000000000000004610E100000000001100000011000000 "C:\Program Files\Dolby Digital Plus\ddp.exe"=0x534143500100000000000000070000002800000080BB0B0041C90B00010000000000000000000306F5020000D5B3B31A57DFD101000000000000000002000000500000000000000000000040000000000000000000000000000000002F000000000000000100000001000000000000000000000000000000000000000000000000000000D9030000000000000100000000000000 "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\OneKey Recovery.exe"=0x5341435001000000000000000700000028000000D82333000B78330001000000000000000000020673220000BFA2139DEDD1D301000000000000000002000000280000000000000000000050000000000000000000000000000000003F930500000000000400000004000000 "C:\Program Files (x86)\The Witcher 3 Wild Hunt\bin\x64\witcher3.exe"=0x53414350010000000000000007000000280000005074B3024055B40201000000000000000000000A73200000E78E163C2AA0D201000000000000000005000000100000000000000000000000000000001000000002000000780000000000000010000020000000000000000000000000000000004A78040000000000030000000300000000000000100000600000000000000000000000000000000041EBA3000000000002000000000000000000000000000040000000000100000000000000000000009E4E3B00000000000100000000000000 "C:\Program Files (x86)\InstallShield Installation Information\{9E3469A6-443A-452C-BF44-8D7CE3A9A7E2}\setup.exe"=0x5341435001000000000000000700000028000000B0F30600232007000100000000000000000000067102000033504C2B57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000005D2F0000000000000100000001000000 "C:\Program Files (x86)\Lenovo\SHAREit\Shareit.exe"=0x534143500100000000000000070000002800000000012E00719A2E00010000000000000000000306F102000033504C2B57DFD1010000000000000000020000002800000000000000000000000010000000000000000000000000000050820000000000000100000001000000 "C:\ProgramData\Package Cache\{1342b4c1-20ac-47d4-bb6f-3d94287c4f8e}\LenovoOC-Setup.exe"=0x534143500100000000000000070000002800000038C10600186707000100000000000000000001060001000033504C2B57DFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000091500000000000000200000002000000 "C:\Users\User\Desktop\LENOVO\SystemUpdateBeat\TVSUBeat.exe"=0x534143500100000000000000070000002800000020EA0600A205070001000000000000000000000AF122000033504C2B57DFD1010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000035190000000000000100000001000000 "C:\Program Files\CCleaner\CCleaner.exe"=0x534143500100000000000000070000002800000018094500C11845000100000000000000000003060021000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000F1040000000000000100000001000000 "C:\Program Files (x86)\Lenovo\Driver & Application Auto-installation\bpd.exe"=0x5341435001000000000000000700000028000000109D0D00A9BA0D0001000000000000000000020671220000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000C92A0A00000000000300000003000000 "C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe"=0x5341435001000000000000000700000028000000D0470000CC370100010000000000000000000206F102000033504C2B57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000001C180000000000000100000001000000 "C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe"=0x534143500100000000000000070000002800000010470000DA16010001000000000000000000000AF122000033504C2B57DFD10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000030A0000000000000100000001000000 "C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe"=0x5341435001000000000000000700000028000000D89D020011C002000100000000000000000002067122000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000001F000000000000000200000002000000 "C:\Program Files (x86)\R.G. Catalyst\Castlevania. Lords of Shadow - Ultimate Edition\bin\CastlevaniaLoSUE.exe"=0x53414350010000000000000007000000280000000094A100000000000100000000000000000002067102000033504C2B57DFD10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000D4F13100000000000200000002000000 "C:\Program Files (x86)\Far Cry 4\bin\FarCry4.exe"=0x5341435001000000000000000500000010000000000000000000000000000000100000000700000028000000D8620100E710020001000000000000000000030673000000DB80FDAC2839D30100000000000000000200000078000000000000001000002000000000000000000000000000000000C0211400000000000100000001000000000000001000006000000000000000000000000000000000F96C0200000000000100000000000000000000000000004000000000010000000000000000000000F0820900000000000100000000000000 "C:\Program Files (x86)\Far Cry 4\bin\IGE_WPF64.exe"=0x5341435001000000000000000700000028000000D80E160067281600010000000000000000000306F3020000D5B3B31A57DFD1010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000020000000000000000000000000063480000000000000100000001000000 "C:\Program Files (x86)\WRC 5 FIA World Rally Championship\WRC5.exe"=0x534143500100000000000000070000002800000000844100F84C420001000000000000000000000A71220000E63F486B2AA0D201000000000000000005000000100000000000000000000000000000000000000002000000500000000000000000000040000000000000000000000000000000003E1500000000000002000000010000000000000000000000000000000000000000000000000000005F050000000000000100000000000000 "SIGN.MEDIA=69B5E05D setup.exe"=0x5341435001000000000000000700000028000000CB100900000000000100000000000000000002060021000033504C2B57DFD101000000000000000005000000100000000000000000000000000000008000000002000000280000000000000080000000000000000000000000000000000000004DC50800000000000100000001000000 "C:\Program Files (x86)\Shadow Warrior\sw.exe"=0x534143500100000000000000070000002800000000507100C1D571000100000000000000000002067122000033504C2B57DFD1010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000028000800000000000100000001000000 "SIGN.MEDIA=9C94DBE8 setup.exe"=0x5341435001000000000000000700000028000000CE7A1400000000000100000000000000000002060001000033504C2B57DFD10100000000000000000200000028000000000000008000000000000000000000000000000000000000E4F00E00000000000100000001000000 "C:\Program Files (x86)\Total War ROME II\Rome2.exe"=0x534143500100000000000000070000002800000030EE0700CB4F08000100000000000000000002067102000033504C2B57DFD1010000000000000000050000001000000000000000000000000000000000000000020000005000000000000000000000400000000000000000000000000000000078DE210000000000020000000100000000000000000000000000000000000000000000000000000017FCBE00000000000100000000000000 "SIGN.MEDIA=543239B2 Setup.exe"=0x53414350010000000000000007000000280000007D4F0600000000000100000000000000000001060021000033504C2B57DFD101000000000000000002000000500000000000000080000000000000000000000000000000000000005AE50100000000000100000001000000000000000000000000000000000000000000000000000000B7A40100000000000100000000000000 "C:\Program Files\DriversCloud.com\DriversCloud.exe"=0x5341435001000000000000000700000028000000704867007307680001000000000000000000000A00210000D5B3B31A57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000688A0100000000000200000002000000 "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorUI.exe"=0x534143500100000000000000070000002800000038320A0040080B0001000000000000000000000AF1220000BFA2139DEDD1D3010000000000000000020000002800000000000000800000400000000000000000000000000000000084169B00000000000E0000000E000000 "SIGN.MEDIA=2C034DB9 setup.exe"=0x5341435001000000000000000700000028000000FD5C0900000000000100000000000000000003060001000033504C2B57DFD1010000000000000000020000002800000000000000800000000000000000000000000000000000000016D80C00000000000100000001000000 "C:\Program Files (x86)\Assassin's Creed Unity\ACU.exe"=0x5341435001000000000000000700000028000000D882F0019F26F10101000000000000000000030673020000D5B3B31A57DFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000093850500000000000100000001000000 "SIGN.MEDIA=727386 setup.exe"=0x5341435001000000000000000700000028000000B0C10F0065B710000100000000000000000001060021000033504C2B57DFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000035E49100000000000200000002000000 "C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe"=0x534143500100000000000000070000002800000038A20900104C0A0001000000000000000000000A73220000D5B3B31A57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000810F0000000000000200000002000000 "C:\Program Files (x86)\Mr DJ\Dragon Age Inquisition Deluxe Edition\DragonAgeInquisition.exe"=0x5341435001000000000000000700000028000000D00530046BF3300401000000000000000000000A73220000D5B3B31A57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000004FDAAC00000000000200000002000000 "SIGN.MEDIA=33094C4 OriginSetup.exe"=0x5341435001000000000000000700000028000000004266000000000001000000000000000000000A6120000033504C2B57DFD10100000000000000000100000004000000010000000500000010000000000000000000000000000000000800000200000050000000000000000008006000002000000000000000200000000000F70B0000000000000100000001000000000000000008004000002000000000000000200000000000BD1F0000000000000100000000000000 "SIGN.MEDIA=834358D1 setup.exe"=0x5341435001000000000000000700000028000000419009000000000001000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000008000000000000000000000000000000000000000B0994901000000000100000001000000 "C:\Program Files (x86)\Far Cry Primal\bin\FCPrimal.exe"=0x5341435001000000000000000700000028000000A84E49076C4C4A0701000000000000000000000A73220000E78E163C2AA0D20100000000000000000200000050000000000000000000000000000000000000000000000000000000F5DD6400000000000300000002000000000000000000004000000000000000000000000000000000BA021201000000000B00000000000000 "C:\Program Files (x86)\Watch_Dogs 2\bin\WatchDogs2.exe"=0x5341435001000000000000000700000028000000B8330800452C090001000000000000000000000A73200000D5B3B31A57DFD1010000000000000000050000001000000000000000000000000000000000000000020000005000000000000000000000400000000000000000000000000000000018EA19000000000007000000040000000000000000000000000000000000000000000000000000002B7B0000000000000100000000000000 "C:\Program Files (x86)\Watch_Dogs 2\bin\SplashScreen.exe"=0x5341435001000000000000000700000028000000B8E307002843080001000000000000000000000A73200000D5B3B31A57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000010000000000000000200000002000000 "C:\Program Files (x86)\Watch_Dogs 2\EasyAntiCheat\EasyAntiCheat_Setup.exe"=0x534143500100000000000000070000002800000010070600B79806000100000000000000000003060001000033504C2B57DFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000078130000000000000100000001000000 "SIGN.MEDIA=364A0C8B setup.exe"=0x5341435001000000000000000700000028000000E99241000000000001000000000000000000000A0021000033504C2B57DFD1010000000000000000020000002800000000000000800000000000000000000000000000000000000009321100000000000100000001000000 "C:\Program Files\Malwarebytes\Anti-Malware\assistant.exe"=0x5341435001000000000000000700000028000000D0030600738C060001000000000000000000000A71220000E63F486B2AA0D2010000000000000000020000002800000000000000000000400000000000000000000000000000000082070000000000001100000011000000 "C:\Program Files (x86)\Watch_Dogs 2\EAC.exe"=0x534143500100000000000000070000002800000010E301004850020001000000000000000000000A7122000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000006CAC0000000000000100000001000000 "C:\Program Files (x86)\Just Cause 3\JustCause3.exe"=0x534143500100000000000000070000002800000000849E070000000001000000000000000000000A73220000E78E163C2AA0D201000000000000000002000000A0000000000000001000006000000000000000000000000000000000D12328000000000001000000010000000000000010000020000000000000000000000000000000005FE5D90000000000010000000000000000000000000000000000000001000000000000000000000053E05B00000000000500000000000000000000000000004000000000000000000000000000000000B5F50B00000000000200000000000000 "C:\Program Files (x86)\Homefront The Revolution\Bin64\Homefront2_Release.exe"=0x534143500100000000000000070000002800000000707E0250A47E0201000000000000000000000A73220000D5B3B31A57DFD10100000000000000000200000050000000000000000000000000000000000000000000000000000000F33D000000000000020000000200000000000000000000400000000000000000000000000000000098C92100000000000200000000000000 "C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"=0x5341435001000000000000000700000028000000C84024000A35250001000000000000000000000A7122000033504C2B57DFD101000000000000000002000000280000000000000080000000000000000000000000000000000000008D000000000000000200000002000000 "C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uninstall.exe"=0x5341435001000000000000000700000028000000501303005BA5030001000000000000000000000A0021000033504C2B57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000001FFA0000000000000100000001000000 "C:\Program Files (x86)\Tom Clancys Rainbow Six Siege\RainbowSix.exe"=0x5341435001000000000000000700000028000000E882370271DC370201000000000000000000000A73220000D5B3B31A57DFD10100000000000000000200000050000000000000003000006000000000000000000000000000000000C17C210000000000010000000100000000000000200000600000000001000000000000000000000082F60400000000000100000000000000 "SIGN.MEDIA=26D28 OriginInstaller.exe"=0x534143500100000000000000070000002800000000DC080000000000010000000000000000000106F122000033504C2B57DFD101000000000000000002000000500000000000000080000000000000000000000000000000000000009E545B00000000000300000002000000000000000000000000000000000000000000000000000000787E0300000000000200000000000000 "C:\Program Files (x86)\Battlelog Web Plugins\uninstall.exe"=0x5341435001000000000000000700000028000000D14405004A893A000100000000000000000001060001000033504C2B57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000004F120000000000000100000001000000 "C:\Program Files (x86)\HITMAN - The Complete First Season\Launcher.exe"=0x5341435001000000000000000700000028000000C0401000EE58100001000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000050000000000000000000004000000000000000000000000000000000AA899900000000000500000001000000000000000000000000000000000000000000000000000000AF867E00000000000300000000000000 "SIGN.MEDIA=AEF6D488 Setup\MassEffectAndromeda.exe"=0x5341435001000000000000000700000028000000B0075C0867AD5C0801000000000000000000000A73220000D5B3B31A57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000930C0000000000000100000001000000 "SIGN.MEDIA=3378C6E OriginSetup.exe"=0x5341435001000000000000000700000028000000004266000000000001000000000000000000000A6120000033504C2B57DFD101000000000000000002000000280000000000000000080040000000000000000000000000000000008AF43300000000000100000001000000 "C:\Program Files (x86)\Mass Effect Andromeda\MassEffectAndromeda.exe"=0x534143500100000000000000050000001000000000000000000000000000000010000000070000002800000000DE5B0867AD5C0801000000000000000000000A73220000BFA2139DEDD1D30100000000000000000200000078000000000000001000002010000000000000000000000000000000B6D92100000000000300000002000000000000001000006010000000000000000000000000000000F04BA400000000000C0000000000000000000000000000400000000001000000000000000000000011F58300000000000500000000000000 "SIGN.MEDIA=801239D1 setup.exe"=0x53414350010000000000000007000000280000002CC50C000000000001000000000000000000000A0021000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000090511600000000000200000002000000 "C:\Program Files (x86)\Prey\Binaries\Danielle\x64\Release\Prey.exe"=0x534143500100000000000000070000002800000000903E0A783F3F0A01000000000000000000000A73220000D5B3B31A57DFD101000000000000000005000000100000000000000000000000000000000000000002000000500000000000000000000040000000000000000000000000000000006B97070000000000020000000100000000000000000000000000000000000000000000000000000044070000000000000100000000000000 "C:\Program Files (x86)\Prey\Binaries\Danielle\x64\Release\SSELauncher.exe"=0x5341435001000000000000000700000028000000008E03000000000001000000000000000000000AF5220000D5B3B31A57DFD101000000000000000005000000100000000000000000000000000000000000000002000000500000000000000000000040000000000000000000000000000000006C681100000000000300000002000000000000000000000000000000000000000000000000000000B2D94600000000001400000000000000 "C:\Program Files (x86)\Prey\Binaries\Danielle\x64\Release\SmartSteamEmu\SmartSteamLoader_x64.exe"=0x5341435001000000000000000700000028000000002A04007CA4040001000000000000000000000A73220000D5B3B31A57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000010270000000000000200000002000000 "C:\Program Files (x86)\Prey\Binaries\Danielle\x64\Release\SmartSteamEmu\SmartSteamLoader.exe"=0x5341435001000000000000000700000028000000008C0300CDD6030001000000000000000000000A7122000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000078C80500000000000200000002000000 "C:\Program Files (x86)\Prey\unins000.exe"=0x53414350010000000000000007000000280000005F6E2200000000000100000000000000000001060001000033504C2B57DFD1010000000000000000020000002800000000000000000000400002000000000000000000000000000094110000000000000100000001000000 "C:\Program Files (x86)\Sniper.Ghost.Warrior.3.SPE.Cracked\win_x64\SSELauncher.exe"=0x5341435001000000000000000700000028000000008E03000000000001000000000000000000000AF5220000D5B3B31A57DFD1010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000075380000000000000100000001000000 "C:\Program Files (x86)\Sniper.Ghost.Warrior.3.SPE.Cracked\win_x64\SGW3.exe"=0x534143500100000000000000050000001000000000000000000000000000000000000000070000002800000000CE7C0C55E87C0C01000000000000000000000A73220000BFA2139DEDD1D301000000000000000002000000500000000000000000000000000000000000000000000000000000007875360000000000070000000400000000000000000000400000000000000000000000000000000054F06100000000000500000000000000 "SIGN.MEDIA=280AE4C2 Setup.exe"=0x5341435001000000000000000700000028000000029519000000000001000000000000000000000A0021000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000003B590000000000000100000001000000 "C:\Program Files (x86)\Origin Games\Titanfall\Titanfall.exe"=0x534143500100000000000000070000002800000010F90600E821070001000000000000000000030673000000BFA2139DEDD1D30100000000000000000200000050000000000000000000000000000000000000000000000000000000CA2F0000000000000200000002000000000000000000004000000000000000000000000000000000F0550000000000000100000000000000 "SIGN.MEDIA=3372A12D stpdh2.exe"=0x534143500100000000000000070000002800000031E305000000000001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000008000000000000000000000000000000000000000A2124E00000000000100000001000000 "C:\Program Files (x86)\Origin Games\STAR WARS Battlefront\starwarsbattlefront.exe"=0x5341435001000000000000000700000028000000F828C10654A8C10601000000000000000000000A73220000BFA2139DEDD1D30100000000000000000200000028000000000000001000006000000000000000000000000000000000C2724B00000000000200000002000000 "C:\Program Files (x86)\Dishonored 2\Dishonored2.exe"=0x5341435001000000000000000700000028000000002EC8060000000001000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000050000000000000001000006000000000000000000000000000000000528CF000000000000500000005000000000000000000000000000000000000000000000000000000D50E4500000000000100000000000000 "C:\Program Files (x86)\Dishonored 2\stp-dh2.exe"=0x534143500100000000000000070000002800000000502B000000000001000000000000000000000A73220000DB80FDAC2839D301000000000000000002000000500000000000000000000040000000000000000000000000000000000D8D9E000000000017000000050000000000000000000000000000000100000000000000000000008C580E00000000000B00000000000000 "C:\Program Files\DAEMON Tools Lite\DTAgent.exe"=0x5341435001000000000000000700000028000000C0BA4D0064124E0001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000008F441600000000001F0000001F000000 "C:\Program Files\DAEMON Tools Lite\DTLauncher.exe"=0x5341435001000000000000000700000028000000C00C34009022340001000000000000000000000A73220000631F6E6F0EDED401000000000000000002000000500000000000000000000000000000000000000000000000000000002CEF450300000000210000001200000000000000000000400000000000000000000000000000000011410000000000000100000000000000 "C:\Program Files\DAEMON Tools Lite\DTLite.exe"=0x5341435001000000000000000700000028000000C00A2A00607F2A0001000000000000000000000A80210000E78E163C2AA0D201000000000000000002000000280000000000000000000000000000000000000000000000000000006D000000000000000200000002000000 "C:\Program Files (x86)\Pro Cycling Manager 2017\PCM64.exe"=0x534143500100000000000000050000001000000000000000000000000000000020000000070000002800000078B4FC005F19FD0001000000000000000000000A73220000BFA2139DEDD1D30100000000000000000200000028000000000000002000006000000000000000000000000000000000F9306800000000000D0000000D000000 "C:\Program Files (x86)\Pro Cycling Manager 2017\CrashReport.exe"=0x5341435001000000000000000700000028000000007E00000000000001000000000000000000000AF5220000E78E163C2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000DF214F00000000000100000001000000 "C:\Program Files\Tom Clancy's Ghost Recon Wildlands\stp-grw.exe"=0x534143500100000000000000050000001000000000000000000000000000000000000000070000002800000000960C000000000001000000000000000000000A73220000DB80FDAC2839D301000000000000000002000000500000000000000000000040000000000000000000000000000000009FA4F300000000002C000000010000000000000000000000000000000000000000000000000000006AB70701000000001600000000000000 "C:\Program Files (x86)\OpenOffice 4\program\scalc.exe"=0x534143500100000000000000070000002800000000960100CBD6010001000000000000000000000A71220000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000010535900000000000400000004000000 "C:\Program Files\Tom Clancy's Ghost Recon Wildlands\GRW.exe"=0x5341435001000000000000000700000028000000B05317088D0E180801000000000000000000000A73220000E78E163C2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000B83F0000000000000300000003000000 "C:\Program Files\Tom Clancy's Ghost Recon Wildlands\rungame.exe"=0x534143500100000000000000070000002800000000B202000000000001000000000000000000000A71220000E63F486B2AA0D2010000000000000000020000005000000000000000000000000000000000000000000000000000000056B0310000000000030000000300000000000000000000400000000000000000000000000000000080240000000000000200000000000000 "SIGN.MEDIA=3310A12D stp-grw.exe"=0x5341435001000000000000000700000028000000C41D06000000000001000000000000000000000A00210000E63F486B2AA0D201000000000000000005000000100000000000000000000000000000008000000002000000280000000000000080000000000000000000000000000000000000008C0D0000000000000200000002000000 "C:\Users\User\Desktop\HotSwap!.EXE"=0x5341435001000000000000000700000028000000003C03000000000001000000000000000000000A73220000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000E1836E01000000001C0000001C000000 "SIGN.MEDIA=FACF1B42 Titanfall.2.Update.v2.0.7.0-CODEX\Update\Setup.exe"=0x5341435001000000000000000700000028000000ECE038000000000001000000000000000000010600010000E63F486B2AA0D20100000080000000000200000028000000000000000000004000000000000000000000000000000000920E0100000000000100000001000000 "C:\Program Files (x86)\Titanfall 2\Titanfall2.exe"=0x534143500100000000000000070000002800000000BE1A0072FB1A0001000000000000000000000A73200000BFA2139DEDD1D3010000000000000000020000002800000000000000200000600000000000000000000000000000000061D99C00000000001000000010000000 "SIGN.MEDIA=3370BF2D stp-fifa17.exe"=0x534143500100000000000000070000002800000099DF05000000000001000000000000000000000A00210000E63F486B2AA0D20100000000000000000500000010000000000000000000000000000000800000000200000028000000000000008000000000000000000000000000000000000000DCB71600000000000200000002000000 "SIGN.MEDIA=68D0510F stp-fifa18.exe"=0x53414350010000000000000007000000280000000623CC000000000001000000000000000000010600010000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000BABE1E00000000000100000001000000 "C:\Program Files (x86)\BDReader\BDReader.exe"=0x5341435001000000000000000700000028000000007EDA007B9ADA0001000000000000000000030671000000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000F1A9EF00000000000600000006000000 "C:\Program Files (x86)\Call of Duty WWII\s2_sp64_ship.exe"=0x5341435001000000000000000700000028000000F015AE016DF8AE0101000000000000000000000A73220000E78E163C2AA0D201000000000000000002000000500000000000000000000040000000000000000000000000000000008BAED80200000000020000000100000000000000000000000000000000000000000000000000000048EE0000000000000200000000000000 "C:\Program Files (x86)\Call of Duty WWII\CoD_SP.exe"=0x53414350010000000000000005000000100000000000000000000000000000000000000007000000280000000010AE016DF8AE0101000000000000000000000A73220000BFA2139DEDD1D301000000000000000002000000500000000000000000000000000000000000000000000000000000001F86260000000000A400000004000000000000000000004000000000000000000000000000000000EFBD9E05000000002600000000000000 "C:\Windows\SysWOW64\Samsung_USB_Drivers\3\SSCDUninstall.exe"=0x5341435001000000000000000700000028000000A8140100001C010001000000000000000000000671200000E63F486B2AA0D2010000000000000000050000001000000000000000000000000000000000080000020000002800000000000000000800400000000000000000000000000000000091070000000000000400000004000000 "C:\Windows\SysWOW64\Samsung_USB_Drivers\5\SSSDUninstall.exe"=0x5341435001000000000000000700000028000000F8140100BF74010001000000000000000000000671200000E63F486B2AA0D201000000000000000005000000100000000000000000000000000000000008000002000000280000000000000000080040000000000000000000000000000000002F0D0000000000000400000004000000 "C:\Windows\SysWOW64\Samsung_USB_Drivers\2\SSM_Uninstall.exe"=0x5341435001000000000000000700000028000000081D01009B3F010001000000000000000000000671200000E63F486B2AA0D201000000000000000005000000100000000000000000000000000000000008000002000000280000000000000000080040000000000000000000000000000000006B1D0000000000000200000002000000 "C:\Windows\SysWOW64\Samsung_USB_Drivers\1\SS_Uninstall.exe"=0x5341435001000000000000000700000028000000081D01009D17020001000000000000000000000671200000E63F486B2AA0D2010000000000000000050000001000000000000000000000000000000000080000020000002800000000000000000800400000000000000000000000000000000082210000000000000200000002000000 "C:\Program Files (x86)\Rugby 18\Exe\Detect.exe"=0x5341435001000000000000000700000028000000001029000000000001000000000000000000000A71220000E63F486B2AA0D20100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000AC0D0000000000000100000001000000 "C:\Program Files (x86)\Rugby 18\Exe\Rugby18.exe"=0x53414350010000000000000005000000100000000000000000000000000000001000000007000000280000000056C7000000000001000000000000000000000A73220000BFA2139DEDD1D30100000000000000000200000078000000000000001000002000000000000000000000000000000000CF0F0000000000000100000001000000000000001000006000000000000000000000000000000000B2084A0000000000020000000000000000000000000000400000000001000000000000000000000029A02400000000000100000000000000 "C:\Program Files (x86)\InstallShield Installation Information\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}\Install.exe"=0x5341435001000000000000000700000028000000688A0000D02E010001000000000000000000000671000000E63F486B2AA0D2010000000000000000020000002800000000000000000800400000000000000000000000000000000054B90200000000000200000002000000 "C:\Program Files (x86)\GRID Autosport\GRIDAutosport_avx.exe"=0x534143500100000000000000070000002800000000A408010000000001000000000000000000030671220000E63F486B2AA0D2010000000000000000020000002800000000000000100000600000000000000000000000000000000036EB0100000000000100000001000000 "C:\Program Files (x86)\Dirt 4\dirt4.exe"=0x534143500100000000000000070000002800000000FC53010000000001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000050000000000000000000000000000000000000000000000000000000759603000000000001000000010000000000000000000040000000000000000000000000000000002BDFBB01000000000100000000000000 "C:\Program Files (x86)\Pro Evolution Soccer 2018\Settings.exe"=0x534143500100000000000000070000002800000020620D00BB0E0E0001000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000DF230100000000000200000002000000 "C:\Program Files (x86)\Pro Evolution Soccer 2018\PES2018.exe"=0x534143500100000000000000070000002800000000C26B0C0000000001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000005000000000000000000000000000000000000000000000000000000045D53400000000000500000005000000000000000000004000000000000000000000000000000000C6D93800000000000200000000000000 "C:\Program Files (x86)\Wolfenstein II The New Colossus\NewColossus_x64vk.exe"=0x5341435001000000000000000700000028000000D0CE6C030000000001000000000000000000000A73220000DB80FDAC2839D3010000000000000000020000002800000000000000200000600000000000000000000000000000000068DF3B01000000000300000003000000 "C:\GOG Games\Shadow Warrior 2\ShadowWarrior2.exe"=0x5341435001000000000000000200000050000000000000001000006000000000000000000000000000000000019E2500000000000100000001000000000000001000002000000000000000000000000000000000E1650600000000000100000000000000070000002800000000B0E9000000000001000000000000000000000A73220000BFA2139DEDD1D3010000000000000000 "C:\Program Files\Mozilla Firefox\pingsender.exe"=0x5341435001000000000000000700000028000000D0F7000096B9010001000000000000000000000A73200000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000DB0D0000000000002700000027000000 "C:\Program Files (x86)\Nioh Complete Edition\nioh_launcher.exe"=0x5341435001000000000000000700000028000000D0212700C5B8270001000000000000000000000A73220000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000BB267800000000000100000001000000 "C:\Program Files (x86)\Nioh Complete Edition\nioh.exe"=0x5341435001000000000000000700000028000000A0462102D885210201000000000000000000000A73220000DB80FDAC2839D30100000000000000000200000028000000000000002000006000000000000000000000000000000000544A0400000000000100000001000000 "SIGN.MEDIA=8D175A5D Setup.exe"=0x53414350010000000000000007000000280000009086A4000000000001000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000F17E1501000000000100000001000000 "C:\Program Files (x86)\Assassins Creed Origins\ACOrigins.exe"=0x5341435001000000000000000700000028000000A8F4510AE672520A01000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000050000000000000000000000000000000000000000000000000000000D03AEB00000000001200000008000000000000000000004000000000000000000000000000000000B6896F00000000000400000000000000 "C:\Program Files (x86)\Bkool Indoor\BkoolIndoor.exe"=0x534143500100000000000000070000002800000000B815010000000001000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000297E1700000000000100000001000000 "C:\Program Files (x86)\OpenOffice 4\program\simpress.exe"=0x534143500100000000000000070000002800000000960100472B020001000000000000000000000A71220000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000023E90100000000000300000003000000 "C:\Program Files (x86)\Rising Strom 2\Binaries\Win64\BsSndRpt64.exe"=0x5341435001000000000000000700000028000000D06106009E1B070001000000000000000000030673020000DB80FDAC2839D30100000000000000000200000028000000000000000000004000020000000000000000000000000000C91D0000000000000100000001000000 "C:\Program Files (x86)\Rising Strom 2\Binaries\Win64\RisingStorm2.exe"=0x5341435001000000000000000700000028000000289601008B9F010001000000000000000000000A71220000DB80FDAC2839D30100000000000000000200000050000000000000000000004000000000000000000000000000000000BB0F01000000000003000000020000000000000000000000000000000000000000000000000000003E2F0000000000000100000000000000 "C:\Program Files (x86)\Rising Strom 2\Binaries\Win64\VNGame.exe"=0x534143500100000000000000070000002800000000885201AD87530101000000000000000000000A73220000DB80FDAC2839D30100000000000000000200000050000000000000000000000000000000000000000000000000000000370900000000000001000000010000000000000000000040000000000000000000000000000000009A2A0000000000000100000000000000 "C:\Program Files (x86)\Rising Strom 2\Binaries\Win64\EasyAntiCheat\EasyAntiCheat_Setup.exe"=0x534143500100000000000000070000002800000028D605000CB0060001000000000000000000030600010000DB80FDAC2839D3010000000000000000020000002800000000000000000000400000000000000000000000000000000007420400000000000300000003000000 "C:\Program Files (x86)\NFSPayback\Setup\NeedForSpeedPayback.exe"=0x534143500100000000000000070000002800000000065C0ABD6A5C0A01000000000000000000000A73220000DB80FDAC2839D3010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000001000000000000000000000017F81800000000000100000001000000 "C:\Program Files (x86)\Windows Media Player\wmplayer.exe"=0x5341435001000000000000000700000028000000008C02007E0F030001000000010000000000000A61220000DB80FDAC2839D3010000000000000000 "C:\Program Files\CyberLink\PowerDirector10\PDR10.exe"=0x534143500100000000000000070000002800000008552C007D812C0001000000000000000000020673220000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000772B1000000000000400000004000000 "C:\Program Files (x86)\Lenovo\Power2Go\Power2GoExpress.exe"=0x5341435001000000000000000700000028000000400E29004C81290001000000000000000000020671220000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000010000000000000000000000000A4CB0F00000000000100000001000000 "C:\ProgramData\Sony Corporation\PMB\Installer\PMHOME.exe"=0x5341435001000000000000000700000028000000E867FA0063AAFA0001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000 "C:\Program Files (x86)\Glary Utilities 5\SoftwareUpdate.exe"=0x5341435001000000000000000700000028000000D0A70900D5500A0001000000000000000000000A71220000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000000000000000000000000000000000000000D4490800000000006900000069000000 "C:\Program Files (x86)\Origin Games\Battlefield 1\bf1.exe"=0x5341435001000000000000000700000028000000A891720C414B730C01000000000000000000000A73220000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000100000000200000050000000000000001000006000000000000000000000000000000000060C0000000000000100000001000000000000001000002000000000000000000000000000000000BD1F0000000000000100000000000000 "C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe"=0x5341435001000000000000000700000028000000E87BD00169C1D00101000000000000000000000A71220000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000BA302D00000000000300000003000000 "C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe"=0x5341435001000000000000000700000028000000E8392E0093682E0001000000000000000000000A71220000BFA2139DEDD1D30100000000000000000200000028000000000000008000000000000000000000000000000000000000C97E3B01000000001000000010000000 "C:\ProgramData\BlueStacks\Client\Bluestacks.exe"=0x5341435001000000000000000700000028000000084616005E72160001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000BCB19400000000000800000008000000 "C:\Program Files (x86)\Lenovo\System Update\tvsu.exe"=0x534143500100000000000000070000002800000068F706009FB1070001000000000000000000010600010000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000005B74D00000000000100000001000000 "C:\Program Files\Lenovo\Lenovo Diagnostics Tool\LenovoDiagnostics.exe"=0x5341435001000000000000000700000028000000186DB5001C9FB50001000000000000000000000A73220000BFA2139DEDD1D3010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000020A00500000000000400000004000000 "C:\Program Files (x86)\Steam\Steam.exe"=0x534143500100000000000000070000002800000020F730004B01310001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000005FC2400000000000300000003000000 "C:\Games\SoulCalibur 6\SoulcaliburVI\Binaries\Win64\SoulcaliburVI.exe"=0x5341435001000000000000000700000028000000207710140000000001000000000000000000000A73220000BFA2139DEDD1D3010000000000000000050000001000000000000000000000000000000020000000020000002800000000000000200000600000000000000000000000000000000044D36800000000000300000003000000 "C:\Program Files (x86)\IObit\IObit Uninstaller\AUpdate.exe"=0x53414350010000000000000005000000100000000000000000000000000000000000000007000000280000001081020089E9020001000000000000000000000A00210000631F6E6F0EDED401000000000000000002000000280000000000000000000000000000000000000000000000000000008E120000000000001200000012000000 "C:\Games\Assassins Creed Odyssey\ACOdyssey.exe"=0x5341435001000000000000000700000028000000C8C60811682A091101000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000050000000000000000000000000000000000000000000000000000000208820000000000004000000010000000000000000000040000000000000000000000000000000002CC61E00000000000200000000000000 "C:\Games\Assassins Creed Odyssey\Installer_Resources\Autorun.exe"=0x5341435001000000000000000700000028000000584F4600A645470001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000008000000000000000000000000000000000000000DE1E0100000000000100000001000000 "C:\Program Files (x86)\FIFA 19\unins000.exe"=0x5341435001000000000000000700000028000000815912000000000001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000F5130000000000000100000001000000 "C:\Program Files (x86)\FIFA 19\FIFA19_Trial.exe"=0x5341435001000000000000000700000028000000409F9B16222D9C1601000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000E6200000000000000300000003000000 "C:\Program Files (x86)\FIFA 19\Origin.Games.Reg.Tools.v1.1-3DM.exe"=0x534143500100000000000000070000002800000000A80F007982100001000000000000000000030600010000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000001E919601000000000400000004000000 "C:\Program Files (x86)\FIFA 19\FIFASetup\fifaconfig.exe"=0x53414350010000000000000007000000280000004079090003AB090001000000000000000000010600010000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000000C432C05000000000200000002000000 "C:\Program Files (x86)\Shadow Of The Tomb Raider\SOTTR.exe"=0x534143500100000000000000070000002800000000F6DA100000000001000000000000000000000A00210000BFA2139DEDD1D301000000000000000005000000100000000000000000000000000000000000000002000000500000000000000000000000000000000000000000000000000000005998F0000000000007000000030000000000000000000040000000000000000000000000000000001C309000000000000800000000000000 "C:\Program Files\Malwarebytes\Anti-Malware\malwarebytes_assistant.exe"=0x5341435001000000000000000700000028000000608F0E00358E0F0001000000000000000000000A71220000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000C31E0000000000000100000001000000 "C:\Program Files (x86)\FIFA 19\FIFA19.exe"=0x5341435001000000000000000700000028000000003075116103761101000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000050000000000000000000000000000000000000000000000000000000B360CB0000000000260000000F000000000000000000004000000000000000000000000000000000F6939A00000000000400000000000000 "C:\Program Files (x86)\Far Cry 5\Launcher.exe"=0x5341435001000000000000000700000028000000006002004945030001000000000000000000000A71200000BFA2139DEDD1D30100000000000000000200000050000000000000008000000000000000000000000000000000000000816A8700000000000B0000000B000000000000008000004000000000000000000000000000000000B5891D00000000000100000000000000 "C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\LocalBridge.exe"=0x534143500100000000000000070000002800000048B600006317010001000000000000000000000A73220000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000A42B0000000000000200000002000000 "C:\Program Files (x86)\Origin\legacyPM\OriginLegacyCLI.exe"=0x534143500100000000000000070000002800000038930C00A8070D0001000000000000000000010600010000631F6E6F0EDED401000000000000000002000000280000000000000000000000000000000000000000000000000000000A010000000000001300000013000000 "C:\Users\User\Downloads\eMule0.50a-Installer.exe"=0x53414350010000000000000007000000280000006BB633000000000001000000000000000000000671000000BFA2139DEDD1D30100000000000000000200000028000000000000000008004000000000000000000000000000000000E9370000000000000100000001000000 "C:\Program Files (x86)\eMule\emule.exe"=0x534143500100000000000000070000002800000000E057009157580001000000000000000000010671220000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000032DD8904000000000400000004000000 "C:\Users\User\Downloads\InstallMyDriveConnect.exe"=0x5341435001000000000000000700000028000000E8E1A6038A7FA70301000000000000000000010600010000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000232B0400000000000200000002000000 "C:\Program Files (x86)\MyDrive Connect\MDCDLLChecker.exe"=0x5341435001000000000000000700000028000000000802000000000001000000000000000000000A71220000BFA2139DEDD1D3010000000000000000 "C:\ProgramData\IObit\IObit Uninstaller\Downloader\un8\ASCSetup.exe.exe"=0x5341435001000000000000000700000028000000B08B8A0285888B0201000000000000000000000A00210000BFA2139DEDD1D3010000000000000000 "SIGN.MEDIA=3F8030 setup.exe"=0x5341435001000000000000000700000028000000083B0100871C020001000000000000000000000A00210000631F6E6F0EDED401000000000000000002000000280000000000000000000040000000000000000000000000000000005F130200000000000200000002000000 "C:\ProgramData\NVIDIA Corporation\Downloader\PostProcessing\GFE\a1b8f95e233fed392281175573cfcd07\setup.exe"=0x5341435001000000000000000700000028000000F053070092EF070001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000007EFF0000000000000100000001000000 "C:\Program Files (x86)\MEDION GoPal Assistant\GoPal_Assistant.exe"=0x534143500100000000000000070000002800000000CC02000000000001000000000000000000000A71220000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000008F9B0100000000000100000001000000 "C:\Program Files\windows nt\accessories\wordpad.exe"=0x5341435001000000000000000700000028000000008E4400221F450001000000010000000000000A73220000BFA2139DEDD1D3010000000000000000 "C:\Program Files\AVAST Software\Avast\wsc_proxy.exe"=0x5341435001000000000000000700000028000000A0E000000D93010001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000EEAB0700000000000100000001000000 "C:\Program Files (x86)\Origin Games\Battlefield V\bfv.exe"=0x53414350010000000000000007000000280000004063DA0E9B08DB0E01000000000000000000000A73220000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000A7EEE600000000000100000001000000 "C:\Users\User\AppData\Local\TomTom\HOME3\Updates\InstallTomTomMyDriveConnect_4_2_5_3770.exe"=0x5341435001000000000000000700000028000000A8912F04FF85300401000000000000000000010600010000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000004F4E0000000000000100000001000000 "C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe"=0x5341435001000000000000000700000028000000E8C020003B90210001000000000000000000000A71220000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000007D000000000000000200000002000000 "C:\Program Files (x86)\TwoNav Land\LAND.exe"=0x5341435001000000000000000700000028000000100363009D0F630001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000008A370000000000000100000001000000 "C:\Program Files (x86)\Lenovo\System Update\ConfigService.exe"=0x5341435001000000000000000700000028000000182F0100E810020001000000000000000000000A71220000631F6E6F0EDED401000000000000000002000000280000000000000000000000000000000000000000000000000000000E080000000000003B0000003B000000 "C:\Program Files (x86)\Lenovo\System Update\TvsuCommandLauncher.exe"=0x5341435001000000000000000700000028000000184F0000F7CB000001000000000000000000000A71220000631F6E6F0EDED40100000000000000000200000028000000000000008000000000000000000000000000000000000000448C0300000000006300000063000000 "C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe"=0x5341435001000000000000000700000028000000186F0000C0B2000001000000000000000000000A71220000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000904E4501000000003A0000003A000000 "C:\Program Files\4KDownload\4kvideodownloader\4kvideodownloader.exe"=0x53414350010000000000000007000000280000003017A501CD43A50101000000000000000000000A73220000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000FBE50000000000000100000001000000 "SIGN.MEDIA=D37FE2D1 setup.exe"=0x5341435001000000000000000700000028000000401C0D000000000001000000000000000000000A00210000631F6E6F0EDED401000000000000000002000000280000000000000000000000000000000000000000000000000000005E261F00000000000100000001000000 "C:\Program Files (x86)\Ace Combat 7 - Skies Unknown\Ace7Game.exe"=0x534143500100000000000000070000002800000000A684110000000001000000000000000000000A73200000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000DA65B900000000000900000009000000 "C:\Users\User\AppData\Local\Microsoft\OneDrive\19.174.0902.0013\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000789E0500CD91060001000000000000000000000A00210000631F6E6F0EDED4010000000100000000 "SIGN.MEDIA=CB71126D Setup.exe"=0x5341435001000000000000000700000028000000D086A4000000000001000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000643E3400000000000100000001000000 "C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe"=0x5341435001000000000000000700000028000000E8981E00CA3A1F0001000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000AF1F3100000000000700000007000000 "C:\ProgramData\NVIDIA Corporation\Downloader\a38c26e8cedf16bc38244aa77febc13a\GeForce_Experience_Update_v3.20.1.57_Official_B09EB8.exe"=0x5341435001000000000000000700000028000000C80A4507806E450701000000000000000000020600010000631F6E6F0EDED4010000000000000000020000002800000000000000000000000000000000000000000000000000000090681000000000000100000001000000 "C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe"=0x534143500100000000000000070000002800000028FA090076DD0A0001000000000000000000000A71200000631F6E6F0EDED40100000000000000000200000028000000000000008000000000000000000000000000000000000000923B0000000000000100000001000000 "C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe"=0x534143500100000000000000070000002800000060843200C7EC320001000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000E8030000000000000100000001000000 "C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe"=0x534143500100000000000000070000002800000028623200313E330001000000000000000000000A00210000631F6E6F0EDED401000000000000000002000000280000000000000000000000000000000000000000000000000000001DA12302000000005701000057010000 "C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe"=0x534143500100000000000000070000002800000088E80500878D060001000000000000000000000A71220000631F6E6F0EDED40100000000000000000200000028000000000000008000000000000000000000000000000000000000DD4B0000000000000200000002000000 "C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe"=0x534143500100000000000000070000002800000070A41C0064F91C0001000000000000000000000A00210000631F6E6F0EDED4010000000000000000 "C:\Program Files\Internet Explorer\iexplore.exe"=0x5341435001000000000000000700000028000000987A0C001EDE0C0001000000010000000000000A00210000631F6E6F0EDED4010000000000000000 "C:\Users\User\Downloads\adwcleaner_7.4.2.exe"=0x5341435001000000000000000700000028000000C84E7400267A740001000000000000000000000A00210000631F6E6F0EDED4010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000098650500000000000100000001000000 "C:\Users\User\AppData\Local\Molotov\Update.exe"=0x534143500100000000000000070000002800000000E61B000000000001000000000000000000000A00210000631F6E6F0EDED4010000000000000000020000002800000000000000000000400000000000000000000000000000000008160000000000000100000001000000 "C:\Users\User\Downloads\malwarebytes_3-7-1-2839_fr_215092.exe"=0x53414350010000000000000007000000280000004047D5031683D50301000000000000000000000A00210000631F6E6F0EDED4010000000000000000020000002800000000000000000000000000000000000000000000000000000076E00800000000000100000001000000 "C:\Users\User\Downloads\AdobeAIRInstaller.exe"=0x53414350010000000000000007000000280000005824B000CF5DB00001000000000000000000000A00210000631F6E6F0EDED4010000000000000000020000002800000000000000000000000000000000000000000000000000000008790000000000000100000001000000 "C:\Program Files\WinRAR\Uninstall.exe"=0x5341435001000000000000000700000028000000D8FC0500C6FE050001000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000F8030000000000000100000001000000 "C:\Users\User\Downloads\BlueStacks_App_Player_v4.100.20.1001.exe"=0x5341435001000000000000000700000028000000206E0D0030BB0D0001000000000000000000010600010000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000FB817B00000000000100000001000000 "C:\Users\User\Downloads\CCleaner_v5.55.7108.exe"=0x534143500100000000000000070000002800000008924301A8ED430101000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000004000000000000000000000000000000000C82E0500000000000100000001000000 "C:\Users\User\Downloads\VLC_Media_Player_(64bit)_v3.0.8.exe"=0x5341435001000000000000000700000028000000905681028E8E810201000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000004000000000000000000000000000000000D9850000000000000100000001000000 "C:\Program Files\VideoLAN\VLC\vlc.exe"=0x5341435001000000000000000700000028000000C80A0F00C3970F0001000000000000000000000600010000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000A8480200000000000500000005000000 "C:\Users\User\Downloads\adwcleaner-7-4 (1).exe"=0x5341435001000000000000000700000028000000C854740054F0740001000000000000000000000A00210000631F6E6F0EDED4010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000040460000000000000100000001000000 "C:\Users\User\Downloads\adwcleaner-7-4.exe"=0x5341435001000000000000000700000028000000C854740054F0740001000000000000000000000A00210000631F6E6F0EDED401000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000006F120000000000000100000001000000 "C:\Users\User\Downloads\adwcleaner_7.3.exe"=0x5341435001000000000000000700000028000000D0326B00387A6B0001000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000004000000000000000000000000000000000400C0100000000000100000001000000 "C:\Program Files (x86)\HITMAN - The Complete First Season\Retail\HITMAN.exe"=0x5341435001000000000000000700000028000000C0DC15050B59160501000000000000000000000A73220000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000BD050000000000000100000001000000 "C:\Program Files\WinRAR\WinRAR.exe"=0x5341435001000000000000000700000028000000D8BC220053DF220001000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000CABE5702000000000400000004000000 "C:\Program Files (x86)\Pro cycling manager2019\Pro Cycling Manager 2019\PCM64.exe"=0x534143500100000000000000070000002800000088030901972C090101000000000000000000000A73220000631F6E6F0EDED4010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000099182E00000000000200000002000000 "C:\Program Files (x86)\Pro cycling manager2019\Pro Cycling Manager 2019\SKIDROW.exe"=0x5341435001000000000000000700000028000000D14928020000000001000000000000000000000A71200000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000DB7D0000000000000100000001000000 "C:\Program Files (x86)\Pro Cycling Manager 2017\unins000.exe"=0x5341435001000000000000000700000028000000712518000000000001000000000000000000010600010000631F6E6F0EDED401000000000000000002000000280000000000000000000040000000000000000000000000000000001B540000000000000100000001000000 "C:\ProgramData\Malwarebytes\MBAMService\instlrupdate\MBSetup.exe"=0x534143500100000000000000070000002800000048BF1C00B54D1D0001000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000004000000000000000000000000000000000A39A1200000000000100000001000000 "C:\ProgramData\NVIDIA Corporation\Downloader\e3e2101415108ae0166ab883b3514c2e_extracted\setup.exe"=0x5341435001000000000000000700000028000000D0F207004E50080001000000000000000000000A00210000631F6E6F0EDED4010000000000000000 "C:\Program Files\BlueStacks\HD-RunApp.exe"=0x534143500100000000000000070000002800000008B60500622E060001000000000000000000000A75220000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000A3BF5300000000000300000003000000 "C:\Users\User\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"=0x5341435001000000000000000700000028000000685F170268B1170201000000000000000000000A00210000631F6E6F0EDED4010000000100000000 "C:\Users\User\AppData\Local\Microsoft\OneDrive\19.192.0926.0012\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000688F05001F71060001000000000000000000000A00210000631F6E6F0EDED4010000000100000000 "C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exe"=0x534143500100000000000000070000002800000040310700F997070001000000000000000000000A71220000631F6E6F0EDED4010000000000000000020000002800000000000000000000000400000000000000000000000000000054039708000000000200000002000000 "C:\ProgramData\NVIDIA Corporation\Downloader\4b0ea3866dc46a7beafed07700634fae_extracted\setup.exe"=0x534143500100000000000000070000002800000000F80700A595080001000000000000000000000A00210000631F6E6F0EDED401000000000000000002000000280000000000000080000040000000000000000000000000000000006A0B9B01000000000100000001000000 "C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's The Division 2\thedivision2launcher.exe"=0x5341435001000000000000000700000028000000C87402005A9D020001000000000000000000000A73220000631F6E6F0EDED40100000000000000000200000028000000000000000000000004000000000000000000000000000000C1A50100000000000100000001000000 "C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's The Division 2\EACLaunch.exe"=0x5341435001000000000000000700000028000000700C110026B1110001000000000000000000000A71220000631F6E6F0EDED40100000000000000000200000028000000000000008000000000000000000000000000000000000000224B0000000000000200000002000000 "C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's The Division 2\TheDivision2.exe"=0x5341435001000000000000000700000028000000C822EF0301DDEF0301000000000000000000000A00210000631F6E6F0EDED4010000000000000000020000002800000000000000000000000000000000000000000000000000000097B30200000000000600000006000000 "C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UplayService.exe"=0x534143500100000000000000070000002800000040735F00B7C15F0001000000000000000000000A71220000631F6E6F0EDED4010000000000000000020000002800000000000000800000000000000000000000000000000000000066090000000000000100000001000000 "C:\Program Files\Mozilla Firefox\updater.exe"=0x534143500100000000000000070000002800000020060600D967060001000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000004000000000000000000000000000000000F4280000000000000100000001000000 "C:\Program Files\Mozilla Firefox\firefox.exe"=0x5341435001000000000000000700000028000000C8A608006C11090001000000000000000000000A00210000631F6E6F0EDED4010000000100000000 "C:\ProgramData\Origin\SelfUpdate\Staged\OriginThinSetupInternal.exe"=0x534143500100000000000000070000002800000028755801A82E590101000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000BCBB0700000000000100000001000000 "C:\Program Files (x86)\Origin\OriginClientService.exe"=0x534143500100000000000000070000002800000030C52500DD22260001000000000000000000000A00210000631F6E6F0EDED4010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000000000000000000000000000000000000065040000000000000100000001000000 "C:\Program Files (x86)\Origin\OriginWebHelperService.exe"=0x5341435001000000000000000700000028000000382733001789330001000000000000000000010600010000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000F2040000000000000100000001000000 "C:\ProgramData\NVIDIA Corporation\Downloader\7198b5a2f380e93dc47ad2ea43088de3_extracted\setup.exe"=0x534143500100000000000000070000002800000080F2070008D8080001000000000000000000000A00210000631F6E6F0EDED4010000000000000000020000002800000000000000800000400000000000000000000000000000000079CD0F00000000000100000001000000 "C:\Program Files (x86)\Origin\Origin.exe"=0x534143500100000000000000070000002800000010E12F007D32300001000000000000000000000A00210000631F6E6F0EDED4010000000000000000020000002800000000000000000000000000000000000000000000000000000065454B0A000000000100000001000000 "C:\Users\User\Downloads\rrsetup(1).exe"=0x5341435001000000000000000700000028000000603A5C00D6645C0001000000000000000000010600010000631F6E6F0EDED40100000000000000000200000028000000000000000000004000000000000000000000000000000000C38A0500000000000100000001000000 "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"=0x5341435001000000000000000700000028000000F0031A00B6E01A0001000000000000000000000A00210000631F6E6F0EDED4010000000000000000020000002800000000000000000000000000000000000000000000000000000067010000000000000200000002000000 "C:\Users\User\Downloads\QuickDiag.exe"=0x534143500100000000000000070000002800000098315100875E510001000000000000000000000A00210000631F6E6F0EDED4010000000000000000020000002800000000000000000000400000000000000000000000000000000013F50900000000000200000002000000 "C:\Program Files\CCleaner\CCleaner64.exe"=0x534143500100000000000000070000002800000080A276011235770101000000000000000000000A00210000631F6E6F0EDED401000000000000000002000000280000000000000000000000000000000000000000000000000000006E000000000000000100000001000000 "C:\Users\User\Downloads\AdsFix.exe"=0x534143500100000000000000070000002800000098535B000FA85B0001000000000000000000000A00210000631F6E6F0EDED4010000000000000000020000002800000000000000000000400000000000000000000000000000000027160000000000000100000001000000 "C:\Users\User\Desktop\AdsFix.exe"=0x534143500100000000000000070000002800000098535B000FA85B0001000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000004000000000000000000000000000000000F8E3BC01000000000100000001000000 "C:\Program Files (x86)\Internet Explorer\iexplore.exe"=0x534143500100000000000000070000002800000098740C00F6B60C0001000000010000000000000A00210000631F6E6F0EDED4010000000000000000 "C:\Users\User\Downloads\Windows10Upgrade9252.exe"=0x5341435001000000000000000700000028000000788A5F000679600001000000000000000000000A00210000631F6E6F0EDED401000000000000000002000000280000000000000000000040000000000000000000000000000000002A2D0000000000000100000001000000 "C:\Windows10Upgrade\Windows10UpgraderApp.exe"=0x534143500100000000000000070000002800000050DB1D00AEC81E0001000000000000000000000A71220000631F6E6F0EDED401000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000000A0E0000000000000100000001000000 "C:\Users\User\Desktop\AdsFix(2).exe"=0x534143500100000000000000070000002800000098515B00D5455C0001000000000000000000000A00210000631F6E6F0EDED4010000000000000000050000001000000000000000000000000000000000000000020000005000000000000000000000400000000000000000000000000000000042520100000000000100000001000000000000002000006000000000000000000000000000000000B36E0E00000000000200000000000000 "C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\upc.exe"=0x534143500100000000000000070000002800000040C3DD0058A3DE0001000000000000000000000A71220000631F6E6F0EDED4010000000000000000 "C:\Users\User\Downloads\MBSetup.exe"=0x534143500100000000000000070000002800000048BF1C00B54D1D0001000000000000000000000A00210000631F6E6F0EDED4010000000000000000 "C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe"=0x53414350010000000000000007000000280000001050FD0021F8FD0001000000000000000000000A71220000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000BC000000000000000100000001000000 "C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe"=0x5341435001000000000000000700000028000000D00214007293140001000000000000000000000A00210000631F6E6F0EDED401000000000000000002000000280000000000000000000040000000000000000000000000000000006A250000000000000100000001000000 "C:\Program Files (x86)\Bkool Indoor\unins000.exe"=0x5341435001000000000000000700000028000000210A0B000000000001000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000004000000000000000000000000000000000751E0000000000000100000001000000 "C:\Users\User\Downloads\QuickDiag(1).exe"=0x534143500100000000000000070000002800000098315100875E510001000000000000000000000A00210000631F6E6F0EDED4010000000000000000 ---------- | IFEO ---------- | Mountpoints2 ---------- | Windows [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] ""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "Beep"=#USR:Control Panel\Sound "CoolSwitch"=USR:Control Panel\Desktop "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickSpeed"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse "Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SwapMouseButtons"=#USR:Control Panel\Mouse "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "Beep"=#USR:Control Panel\Sound "CoolSwitch"=USR:Control Panel\Desktop "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickSpeed"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SwapMouseButtons"=#USR:Control Panel\Mouse "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems] "windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ---------- | Security center [HKLM\SOFTWARE\Microsoft\Security Center] "cval"=1 [HKLM\SOFTWARE\Microsoft\Security Center\svc] "VistaSp1"=132146169014391875 [HKLM\SOFTWARE\Microsoft\Windows Defender] "ProductAppDataPath"=C:\ProgramData\Microsoft\Windows Defender "ProductIcon"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-100 "ProductLocalizedName"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-1000 "DisableAntiSpyware"=1 "RemediationExe"=%ProgramFiles%\Windows Defender\MSASCui.exe "ProductType"=2 "ProductStatus"=0 "InstallTime"=0x3F3DD0F0B2AAD001 "DisableAntiVirus"=1 "PassiveMode"=0 "InstallLocation"=C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\ "LastEnabledTime"=0x3A13671C40B8D501 "ManagedDefenderProductType"=0 "OOBEInstallTime"=0x22BF7C1A3E7AD501 "BackupLocation"=C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0 ---------- | Safeboot [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioSrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicDisplay.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicRender.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BrokerInfrastructure] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CBDHSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DeviceInstall] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dxgkrnl.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FsDepends.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudBus.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LSM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SerCx2.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SystemEventsBroker] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\usbaudio.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AudioEndpointBuilder] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AudioSrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicDisplay.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicRender.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BrokerInfrastructure] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CBDHSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DeviceInstall] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dxgkrnl.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\FsDepends.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HdAudAddService.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HdAudBus.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LSM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetSetupSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SerCx2.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmartcardSimulator] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SpbCx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SystemEventsBroker] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\uefi.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\usbaudio.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VirtualSmartcardReader] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wcmsvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinQuic] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96C-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}] ---------- | Winsock (Whitelist) ---------- | Hosts ---------- | Ping Envoi d'une requ?te 'ping' sur google.com [216.58.204.142] avec 32 octets de donn?es?: R?ponse de 216.58.204.142?: octets=32 temps=235 ms TTL=55 R?ponse de 216.58.204.142?: octets=32 temps=130 ms TTL=55 R?ponse de 216.58.204.142?: octets=32 temps=86 ms TTL=55 R?ponse de 216.58.204.142?: octets=32 temps=205 ms TTL=55 Statistiques Ping pour 216.58.204.142: Paquets?: envoy?s = 4, re?us = 4, perdus = 0 (perte 0%), Dur?e approximative des boucles en millisecondes : Minimum = 86ms, Maximum = 235ms, Moyenne = 164ms ---------- | @ [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\Software\Microsoft\Internet Explorer\Main] "Anchor Underline"=yes "Disable Script Debugger"=yes "DisableScriptDebuggerIE"=yes "Display Inline Images"=yes "Do404Search"=0x01000000 "Save_Session_History_On_Exit"=no "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Show_FullURL"=no "Show_StatusBar"=yes "Show_ToolBar"=yes "Show_URLinStatusBar"=yes "Show_URLToolBar"=yes "Use_DlgBox_Colors"=yes "UseClearType"=no "XMLHTTP"=1 "Cache_Update_Frequency"=Once_Per_Session "Local Page"=C:\WINDOWS\system32\blank.htm "NoUpdateCheck"=1 "Enable Browser Extensions"=yes "Play_Background_Sounds"=yes "Play_Animations"=yes "Start Page"=http://lenovo13.msn.com/?pc=LCJB "Default_Page_URL"=http://lenovo13.msn.com/?pc=LCJB "DisableFirstRunCustomize"=3 "Secondary Start Pages"=http://www.lenovo.com "Default_Secondary_Page_URL"=http://www.lenovo.com "OperationalData"=13 "CompatibilityFlags"=0 "FullScreen"=no "Window_Placement"=0x2C00000000000000010000000083FFFF0083FFFFFFFFFFFFFFFFFFFF3E0000003E0000005E030000BE020000 "ImageStoreRandomFolder"=g433dcc "IE10RunOncePerInstallCompleted"=1 "IE10RunOnceCompletionTime"=0xD4DDD982217AD501 "AutoHide"=yes "SearchBandMigrationVersion"=1 "Start Page_TIMESTAMP"=0x234C2E096269D301 "SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy"=0x01000000240000006342E8AEF2574D1CCF34913F813057AE78236DA313F771A52AE61E64D7167D574749934B020000001000000064582F48457872253262346373253364 [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\Software\Microsoft\Windows\CurrentVersion\Internet settings] "DisableCachingOfSSLPages"=0 "IE5_UA_Backup_Flag"=5.0 "PrivacyAdvanced"=1 "SecureProtocols"=2688 "CertificateRevocation"=1 "User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32) "ZonesSecurityUpgrade"=0xD4DDD982217AD501 "EmailName"=User@ "AutoConfigProxy"=wininet.dll "MimeExclusionListForCache"=multipart/mixed multipart/x-mixed-replace multipart/x-byteranges "WarnOnPost"=0x01000000 "UseSchannelDirectly"=0x01000000 "EnableHttp1_1"=1 "UrlEncoding"=0 "WarnonZoneCrossing"=0 "EnableNegotiate"=1 "MigrateProxy"=1 "ProxyEnable"=0 "LockDatabase"=132214236406390652 "ProxyHttp1.1"=1 "WarNonBadCertReceving"=1 "WarNonHTTPSToHTTPRedirect"=1 [HKLM\Software\Microsoft\Internet Explorer\Main] "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "AutoHide"=yes "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Anchor_Visitation_Horizon"=0x01000000 "Cache_Percent_of_Disk"=0x0A000000 "Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Secondary_Page_URL"= "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "Extensions Off Page"=about:NoAdd-ons "Local Page"=C:\Windows\System32\blank.htm "Placeholder_Height"=0x1A000000 "Placeholder_Width"=0x1A000000 "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Security Risk Page"=about:SecurityRisk "Use_Async_DNS"=yes "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE "TabProcGrowth"=Medium "DoNotTrack"=1 [HKLM\Software\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "Home"=270 "InPrivate"=res://ieframe.dll/inprivate.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "PostNotCached"=res://ieframe.dll/repost.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes] "ftp"=ftp:// "home"=http:// "mosaic"=http:// "www"=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings] "ActiveXCache"=C:\Windows\Downloaded Program Files "CodeBaseSearchPath"=CODEBASE "EnablePunycode"=1 "MinorVersion"=0 "WarnOnIntranet"=1 [HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings] "CallLegacyWCMPolicies"=0 [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Main] "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "AutoHide"=yes "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Anchor_Visitation_Horizon"=0x01000000 "Cache_Percent_of_Disk"=0x0A000000 "Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Secondary_Page_URL"= "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "Extensions Off Page"=about:NoAdd-ons "Local Page"=C:\WINDOWS\System32\blank.htm "Placeholder_Height"=0x1A000000 "Placeholder_Width"=0x1A000000 "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Security Risk Page"=about:SecurityRisk "Use_Async_DNS"=yes "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "Home"=270 "InPrivate"=res://ieframe.dll/inprivate.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "PostNotCached"=res://ieframe.dll/repost.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes] "ftp"=ftp:// "home"=http:// "mosaic"=http:// "www"=http:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet settings] "ActiveXCache"=C:\Windows\Downloaded Program Files "CodeBaseSearchPath"=CODEBASE "EnablePunycode"=1 "MinorVersion"=0 "WarnOnIntranet"=1 [HKLM\Software\WOW6432Node\Policies\Microsoft\Windows\CurrentVersion\Internet Settings] "CallLegacyWCMPolicies"=0 ---------- | Proxy ---------- | reparsepoint ---------- | Detection of offsets ---------- | Notify ---------- | Execution FileExts ---------- | SIOI | SEH | URLSH [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending)] - {056D528D-CE28-4194-9BA3-BA2E9197FF8C} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced)] - {05B38830-F4E9-4329-978B-1DD28605D202} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing)] - {0596C850-7BDD-4C9D-AFDF-873BE6890637} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6] - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7] - {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw] - {472083B0-C522-11CF-8763-00608CC02F24} -- C:\Program Files\AVAST Software\Avast\ashShell.dll [08/10/2019 19:36:56] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast] - {472083B0-C522-11CF-8763-00608CC02F24} -- C:\Program Files\AVAST Software\Avast\ashShell.dll [08/10/2019 19:36:56] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} -- C:\Windows\System32\EhStorShell.dll [19/03/2019 05:44:47] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending)] - {056D528D-CE28-4194-9BA3-BA2E9197FF8C} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced)] - {05B38830-F4E9-4329-978B-1DD28605D202} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing)] - {0596C850-7BDD-4C9D-AFDF-873BE6890637} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6] - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7] - {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} -- [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks] "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"= ---------- | Toolbar [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "Locked"=0 [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={C102D574-1FDB-4F55-9937-F9FB17E900C8} "KnownProvidersUpgradeTime"=0xD4DDD982217AD501 "DownloadRetries"=1 "Version"=5 "UpgradeTime"=0xD4DDD982217AD501 [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={C102D574-1FDB-4F55-9937-F9FB17E900C8} [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={C102D574-1FDB-4F55-9937-F9FB17E900C8} ---------- | Extensions ---------- | SearchScopes [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (Bing) - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 : [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C102D574-1FDB-4F55-9937-F9FB17E900C8}] - () - : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C102D574-1FDB-4F55-9937-F9FB17E900C8}] - (Bing) - http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{C102D574-1FDB-4F55-9937-F9FB17E900C8}] - (Bing) - http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB : ---------- | Browser Helper Objects [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}] -> () : ---------- | Chrome [HKLM\Software\WOW6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck] [HKLM\Software\WOW6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki] ---------- | Opera ---------- | Firefox [HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer] - (Adobe® Flash® Player 32.0.0.142 Plugin) : C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_142.dll [HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] - (Ag Player Plugin) : c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.4] - (VLC Multimedia Plugin) : C:\Program Files\VideoLAN\VLC\npvlc.dll [HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.6] - (VLC Multimedia Plugin) : C:\Program Files\VideoLAN\VLC\npvlc.dll [HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=3.0.1] - (VLC Multimedia Plugin) : C:\Program Files\VideoLAN\VLC\npvlc.dll [HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=3.0.3] - (VLC Multimedia Plugin) : C:\Program Files\VideoLAN\VLC\npvlc.dll [HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=3.0.4] - (VLC Multimedia Plugin) : C:\Program Files\VideoLAN\VLC\npvlc.dll [HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=3.0.8] - (VLC Multimedia Plugin) : C:\Program Files\VideoLAN\VLC\npvlc.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@adobe.com/FlashPlayer] - (Adobe® Flash® Player 32.0.0.142 Plugin) : C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_142.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@esn.me/esnsonar,version=0.70.4] - (ESN Sonar browser plugin) : C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@esn/esnlaunch,version=2.3.0] - () : C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5] - (Intel IPT WebApi plugin) : C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater] - (This plugin updates Intel WebAPI component) : C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] - (Ag Player Plugin) : c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll ---------- | DNS [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters] "DhcpNameServer"=192.168.1.1 192.168.1.1 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{1e457d99-5620-485a-bb52-c864ac1eb814}] "DhcpNameServer"=192.168.1.1 192.168.1.1 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{2dca1081-6fae-4070-ae67-869daf09a351}] "DhcpNameServer"=192.168.1.1 192.168.1.1 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{d20e2bdb-f2c5-4832-8ebf-f3b52c20e3c5}] "DhcpNameServer"=192.168.1.1 192.168.1.1 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{1e457d99-5620-485a-bb52-c864ac1eb814}] "DhcpNameServer"=192.168.1.1 192.168.1.1 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{2dca1081-6fae-4070-ae67-869daf09a351}] "DhcpNameServer"=192.168.1.1 192.168.1.1 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{d20e2bdb-f2c5-4832-8ebf-f3b52c20e3c5}] "DhcpNameServer"=192.168.1.1 192.168.1.1 ---------- | Applications [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Classes\Applications\DTLauncher.exe] : "C:\Program Files\DAEMON Tools Lite\DTLauncher.exe" "%1" [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Classes\Applications\uTorrent.exe] : "%APPDATA%\uTorrent\uTorrent.exe" "%1" [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Classes\Applications\WinRAR.exe] : "C:\Program Files\WinRAR\WinRAR.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 [HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1 [HKLM\SOFTWARE\Classes\Applications\titanfall2.exe] : "c:\program files (x86)\titanfall 2\titanfall2.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\vlc.exe] : "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "%1" [HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\titanfall2.exe] : "c:\program files (x86)\titanfall 2\titanfall2.exe" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\vlc.exe] : "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" ---------- | SvcHost (Whitelist) [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost] "DcomLaunch"=Power LSM BrokerInfrastructure PlugPlay DcomLaunch SystemEventsBroker DeviceInstall "rdxgroup"=RetailDemo "Camera"=FrameS "LocalServiceNoNetworkFirewall"=BFE mpssvc "diagnostics"=DiagSvc "AarSvcGroup"=AarSvc "PrintWorkflow"=PrintWorkflowUserSvc "wusvcs"=WaaSMedicSvc "BcastDVRUserService"=BcastDVRUserService "GraphicsPerfSvcGroup"=GraphicsPerfSvc "autoTimeSvc"=autoTimeSvc "ClipboardSvcGroup"=cbdhsvc "BthAppGroup"=BluetoothUserService "smbsvcs"=lanmanserver browser "DevicesFlow"=DeviceAssociationBrokerSvc DevicesFlowUserSvc DevicePickerUserSvc ConsentUxUserSvc [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost] "DcomLaunch"=DcomLaunch DeviceInstall "PrintWorkflow"=PrintWorkflowUserSvc "DevicesFlow"=DeviceAssociationBrokerSvc "smbsvcs"=lanmanserver ---------- | SvcHost - Netsvcs (Whitelist) ---------- | Software [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\Software\4kdownload.com] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\Software\AppDataLow] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\Software\Apple Computer, Inc.] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\Software\Apple Inc.] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\Software\AVAST Software] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\Software\BitTorrent] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\Software\Bkool] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\Software\BlueStacksInstaller] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\Software\Browser Cleanup] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\Software\Chromium] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\Software\Clients] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\Software\Crystal Dynamics] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\Software\Cyanide] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\Software\CyberLink] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\Software\Disc Soft] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\Software\DivXplayer] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\Software\DivXplayers] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\Software\Eidos Montreal] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\Software\ej-technologies] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\Software\Electronic Arts] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\Software\EMU] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\Software\eMule] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\Software\Epic Games] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\Software\Gadwin] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\Software\GOG.com] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\Software\Google] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\Software\Hewlett-Packard] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\Software\HotSwap!] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\Software\Icecream] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\Software\IM Providers] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\Software\Intel] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\Software\IO Interactive] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\Software\KoeiTecmo] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\Software\Lake] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\Software\Lavalys] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\Software\Lenovo] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\Software\Macromedia] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\Software\Malwarebytes] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\Software\MEDION] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\Software\Microsoft] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\Software\Mozilla] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\Software\Novawave Inc.] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\Software\NVIDIA Corporation] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\Software\Open Media LLC] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\Software\OpenAutomate] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\Software\OpenOffice] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\Software\Piriform] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\Software\Policies] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\Software\QtProject] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\Software\RegisteredApplications] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\Software\Sony Corporation] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\Software\SyncEngines] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\Software\The Creative Assembly] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\Software\Toggle] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\Software\TomTom] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\Software\Trolltech] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\Software\Ubisoft] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\Software\Unity] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\Software\Valve] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\Software\WinRAR] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\Software\WinRAR SFX] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\Software\Wow6432Node] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\Software\ZebHelpProcess Helper] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\AppDataLow\Software\Microsoft] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\Accessibility] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\Active Setup] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\ActiveMovie] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\ActiveSync] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\Assistance] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\AuthCookies] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\Avalon.Graphics] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\CalendarRT] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\Clipboard] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\ColorFiltering] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\Command Processor] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\CommsAPHost] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\ComPstUI] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\Connection Manager] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\ContactsRT] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\CTF] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\Device Center] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\DeviceDirectory] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\DirectInput] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\DirectShow] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\DirectX Diagnostic Tool] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\DusmSvc] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\Ease of Access] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\EventSystem] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\F12] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\FamilyStore] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\Fax] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\Feeds] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\FTP] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\GameBar] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\GameBarApi] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\IAM] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\IdentityCRL] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\Ieak] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\IME] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\Input] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\InputMethod] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\InputPersonalization] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\Installer] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\IntelliPoint] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\IntelliType Pro] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\Internet Connection Wizard] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\Internet Explorer] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\Keyboard] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\LanguageOverlay] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\MediaPlayer] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\Messaging] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\Microsoft Management Console] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\MicrosoftEdge] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\MPEG2Demultiplexer] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\MSF] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\MSNMessenger] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\Multimedia] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\Narrator] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\NGC] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\Notepad] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\Office] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\OneDrive] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\Osk] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\PaidWiFi] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\Payment] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\PeerNet] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\Personalization] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\Phone] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\Pim] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\PlayToReceiver] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\Poom] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\RAS AutoDial] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\Remote Assistance] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\RPM] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\ScreenMagnifier] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\Sensors] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\Shared] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\Shell] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\Silverlight] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\Siuf] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\SkyDrive] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\Speech] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\Speech Virtual] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\Speech_OneCore] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\Spelling] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\SQMClient] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\StorageLibrary] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\SystemCertificates] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\TabletTip] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\TelemetryClient] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\Terminal Server Client] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\TPG] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\UCCPlatform] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\Unified Store] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\Unistore] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\UNP] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\UserData] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\UserDataService] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\WAB] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\WcmSvc] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\wfs] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\Windows] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\Windows Defender Security Center] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\Windows Mail Setup] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\Windows NT] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\Windows Script] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\Windows Search] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\Windows Security Health] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\Wisp] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\XAML] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\XboxLive] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\SOFTWARE\Microsoft\RestartManager] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\Software\Microsoft\Windows\AssignedAccessConfiguration] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\Software\Microsoft\Windows\CurrentVersion] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\Software\Microsoft\Windows\DWM] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\Software\Microsoft\Windows\PrivacySettingsBeforeCreatorsUpdate] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\Software\Microsoft\Windows\Shell] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\Software\Microsoft\Windows\ShellNoRoam] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\Software\Microsoft\Windows\TabletPC] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\Software\Microsoft\Windows\Windows Error Reporting] [HKU\S-1-5-21-3917520454-1897002642-3725866607-1001\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\AGEIA Technologies] [HKLM\Software\Apple Inc.] [HKLM\Software\AVAST Software] [HKLM\Software\BioWare] [HKLM\Software\BlueStacks] [HKLM\Software\BlueStacksInstaller] [HKLM\Software\Clients] [HKLM\Software\CVSM] [HKLM\Software\cybelsoft] [HKLM\Software\CyberLink] [HKLM\Software\DefaultUserEnvironment] [HKLM\Software\Disc Soft] [HKLM\Software\Dolby] [HKLM\Software\DTS] [HKLM\Software\EA Games] [HKLM\Software\g3n-h@ckm@n] [HKLM\Software\Google] [HKLM\Software\Hewlett-Packard] [HKLM\Software\Intel] [HKLM\Software\Lenovo] [HKLM\Software\Macromedia] [HKLM\Software\Malwarebytes] [HKLM\Software\MCCI] [HKLM\Software\Microsoft] [HKLM\Software\Mozilla] [HKLM\Software\mozilla.org] [HKLM\Software\MozillaPlugins] [HKLM\Software\Nuance] [HKLM\Software\NVIDIA Corporation] [HKLM\Software\ODBC] [HKLM\Software\OEM] [HKLM\Software\Piriform] [HKLM\Software\Policies] [HKLM\Software\Realtek] [HKLM\Software\RegisteredApplications] [HKLM\Software\Respawn] [HKLM\Software\RTLSetup] [HKLM\Software\SonicFocus] [HKLM\Software\Thrustmaster] [HKLM\Software\VideoLAN] [HKLM\Software\WinRAR] [HKLM\Software\WOW6432Node] [HKLM\SOFTWARE\Microsoft\.NETFramework] [HKLM\SOFTWARE\Microsoft\AccountsControl] [HKLM\SOFTWARE\Microsoft\Active Setup] [HKLM\SOFTWARE\Microsoft\ActiveSync] [HKLM\SOFTWARE\Microsoft\ADs] [HKLM\SOFTWARE\Microsoft\Advanced INF Setup] [HKLM\SOFTWARE\Microsoft\ALG] [HKLM\SOFTWARE\Microsoft\AllUserInstallAgent] [HKLM\SOFTWARE\Microsoft\AMSI] [HKLM\SOFTWARE\Microsoft\Analog] [HKLM\SOFTWARE\Microsoft\AppServiceProtocols] [HKLM\SOFTWARE\Microsoft\ASP.NET] [HKLM\SOFTWARE\Microsoft\Assistance] [HKLM\SOFTWARE\Microsoft\AuthHost] [HKLM\SOFTWARE\Microsoft\BidInterface] [HKLM\SOFTWARE\Microsoft\BitLockerCsp] [HKLM\SOFTWARE\Microsoft\CallAndMessagingEnhancement] [HKLM\SOFTWARE\Microsoft\Cellular] [HKLM\SOFTWARE\Microsoft\Chkdsk] [HKLM\SOFTWARE\Microsoft\Clipboard] [HKLM\SOFTWARE\Microsoft\ClipboardServer] [HKLM\SOFTWARE\Microsoft\COM3] [HKLM\SOFTWARE\Microsoft\Command Processor] [HKLM\SOFTWARE\Microsoft\CommsAPHost] [HKLM\SOFTWARE\Microsoft\Composition] [HKLM\SOFTWARE\Microsoft\CoreShell] [HKLM\SOFTWARE\Microsoft\Cryptography] [HKLM\SOFTWARE\Microsoft\CTF] [HKLM\SOFTWARE\Microsoft\DataAccess] [HKLM\SOFTWARE\Microsoft\DataCollection] [HKLM\SOFTWARE\Microsoft\DataMarketplace] [HKLM\SOFTWARE\Microsoft\DataSharing] [HKLM\SOFTWARE\Microsoft\DDDS] [HKLM\SOFTWARE\Microsoft\DevDiv] [HKLM\SOFTWARE\Microsoft\Device Association Framework] [HKLM\SOFTWARE\Microsoft\Device Center] [HKLM\SOFTWARE\Microsoft\DeviceReg] [HKLM\SOFTWARE\Microsoft\DFP] [HKLM\SOFTWARE\Microsoft\Dfrg] [HKLM\SOFTWARE\Microsoft\DFS] [HKLM\SOFTWARE\Microsoft\DiagnosticLogCSP] [HKLM\SOFTWARE\Microsoft\DirectDraw] [HKLM\SOFTWARE\Microsoft\DirectInput] [HKLM\SOFTWARE\Microsoft\DirectMusic] [HKLM\SOFTWARE\Microsoft\DirectPlay8] [HKLM\SOFTWARE\Microsoft\DirectPlayNATHelp] [HKLM\SOFTWARE\Microsoft\DirectShow] [HKLM\SOFTWARE\Microsoft\DirectX] [HKLM\SOFTWARE\Microsoft\DownloadManager] [HKLM\SOFTWARE\Microsoft\Driver Signing] [HKLM\SOFTWARE\Microsoft\DRM] [HKLM\SOFTWARE\Microsoft\DusmSvc] [HKLM\SOFTWARE\Microsoft\DVDNavigator] [HKLM\SOFTWARE\Microsoft\DVR] [HKLM\SOFTWARE\Microsoft\DXP] [HKLM\SOFTWARE\Microsoft\EAPSIMMethods] [HKLM\SOFTWARE\Microsoft\Enrollment] [HKLM\SOFTWARE\Microsoft\Enrollments] [HKLM\SOFTWARE\Microsoft\EnterpriseCertificates] [HKLM\SOFTWARE\Microsoft\EnterpriseDataProtection] [HKLM\SOFTWARE\Microsoft\EnterpriseResourceManager] [HKLM\SOFTWARE\Microsoft\EventSounds] [HKLM\SOFTWARE\Microsoft\EventSystem] [HKLM\SOFTWARE\Microsoft\F12] [HKLM\SOFTWARE\Microsoft\FamilyStore] [HKLM\SOFTWARE\Microsoft\Fax] [HKLM\SOFTWARE\Microsoft\FaxServer] [HKLM\SOFTWARE\Microsoft\Feeds] [HKLM\SOFTWARE\Microsoft\FilePicker] [HKLM\SOFTWARE\Microsoft\FilterDS] [HKLM\SOFTWARE\Microsoft\FingerKB] [HKLM\SOFTWARE\Microsoft\FTH] [HKLM\SOFTWARE\Microsoft\Function Discovery] [HKLM\SOFTWARE\Microsoft\Fusion] [HKLM\SOFTWARE\Microsoft\FuzzyDS] [HKLM\SOFTWARE\Microsoft\GameOverlay] [HKLM\SOFTWARE\Microsoft\HTMLHelp] [HKLM\SOFTWARE\Microsoft\IdentityCRL] [HKLM\SOFTWARE\Microsoft\IdentityStore] [HKLM\SOFTWARE\Microsoft\IHDS] [HKLM\SOFTWARE\Microsoft\IMAPI] [HKLM\SOFTWARE\Microsoft\IME] [HKLM\SOFTWARE\Microsoft\IMEJP] [HKLM\SOFTWARE\Microsoft\IMEKR] [HKLM\SOFTWARE\Microsoft\IMETC] [HKLM\SOFTWARE\Microsoft\InProcLogger] [HKLM\SOFTWARE\Microsoft\Input] [HKLM\SOFTWARE\Microsoft\InputMethod] [HKLM\SOFTWARE\Microsoft\InputPersonalization] [HKLM\SOFTWARE\Microsoft\IntelliPoint] [HKLM\SOFTWARE\Microsoft\IntelliPoint IntelliType Pro Bluetooth] [HKLM\SOFTWARE\Microsoft\IntelliType Pro] [HKLM\SOFTWARE\Microsoft\Internet Account Manager] [HKLM\SOFTWARE\Microsoft\Internet Domains] [HKLM\SOFTWARE\Microsoft\Internet Explorer] [HKLM\SOFTWARE\Microsoft\IsoBurn] [HKLM\SOFTWARE\Microsoft\KGL] [HKLM\SOFTWARE\Microsoft\LanguageOverlay] [HKLM\SOFTWARE\Microsoft\LexiconUpdate] [HKLM\SOFTWARE\Microsoft\Location] [HKLM\SOFTWARE\Microsoft\Managed Desktop] [HKLM\SOFTWARE\Microsoft\MdmCommon] [HKLM\SOFTWARE\Microsoft\MdmDiagnostics] [HKLM\SOFTWARE\Microsoft\MediaEngine] [HKLM\SOFTWARE\Microsoft\MediaPlayer] [HKLM\SOFTWARE\Microsoft\MemoryDiagnostic] [HKLM\SOFTWARE\Microsoft\Messaging] [HKLM\SOFTWARE\Microsoft\MessengerService] [HKLM\SOFTWARE\Microsoft\Microsoft Camera Codec Pack] [HKLM\SOFTWARE\Microsoft\Microsoft SQL Server Compact Edition] [HKLM\SOFTWARE\Microsoft\MiracastReceiver] [HKLM\SOFTWARE\Microsoft\MMC] [HKLM\SOFTWARE\Microsoft\Mobile] [HKLM\SOFTWARE\Microsoft\MpSigStub] [HKLM\SOFTWARE\Microsoft\MSBuild] [HKLM\SOFTWARE\Microsoft\MSDE] [HKLM\SOFTWARE\Microsoft\MSDRM] [HKLM\SOFTWARE\Microsoft\MSDTC] [HKLM\SOFTWARE\Microsoft\MSF] [HKLM\SOFTWARE\Microsoft\MSIME] [HKLM\SOFTWARE\Microsoft\MSLicensing] [HKLM\SOFTWARE\Microsoft\MSMQ] [HKLM\SOFTWARE\Microsoft\MSN Apps] [HKLM\SOFTWARE\Microsoft\MTF] [HKLM\SOFTWARE\Microsoft\MTFFuzzyFactors] [HKLM\SOFTWARE\Microsoft\MTFInputType] [HKLM\SOFTWARE\Microsoft\MTFKeyboardMappings] [HKLM\SOFTWARE\Microsoft\Multimedia] [HKLM\SOFTWARE\Microsoft\Multivariant] [HKLM\SOFTWARE\Microsoft\NET Framework Setup] [HKLM\SOFTWARE\Microsoft\NetSh] [HKLM\SOFTWARE\Microsoft\Network] [HKLM\SOFTWARE\Microsoft\NetworkAccessProtection] [HKLM\SOFTWARE\Microsoft\Non-Driver Signing] [HKLM\SOFTWARE\Microsoft\Notepad] [HKLM\SOFTWARE\Microsoft\ODBC] [HKLM\SOFTWARE\Microsoft\OEM] [HKLM\SOFTWARE\Microsoft\Office] [HKLM\SOFTWARE\Microsoft\OfficeCSP] [HKLM\SOFTWARE\Microsoft\OfficeSoftwareProtectionPlatform] [HKLM\SOFTWARE\Microsoft\Ole] [HKLM\SOFTWARE\Microsoft\OnlineProviders] [HKLM\SOFTWARE\Microsoft\Outlook Express] [HKLM\SOFTWARE\Microsoft\Palm] [HKLM\SOFTWARE\Microsoft\Personalization] [HKLM\SOFTWARE\Microsoft\Phone] [HKLM\SOFTWARE\Microsoft\Photos] [HKLM\SOFTWARE\Microsoft\PIM] [HKLM\SOFTWARE\Microsoft\PLA] [HKLM\SOFTWARE\Microsoft\PlayReady] [HKLM\SOFTWARE\Microsoft\PlayToReceiver] [HKLM\SOFTWARE\Microsoft\PointOfService] [HKLM\SOFTWARE\Microsoft\Policies] [HKLM\SOFTWARE\Microsoft\PolicyManager] [HKLM\SOFTWARE\Microsoft\Poom] [HKLM\SOFTWARE\Microsoft\PowerShell] [HKLM\SOFTWARE\Microsoft\Print] [HKLM\SOFTWARE\Microsoft\Provisioning] [HKLM\SOFTWARE\Microsoft\PushRouter] [HKLM\SOFTWARE\Microsoft\RADAR] [HKLM\SOFTWARE\Microsoft\Ras] [HKLM\SOFTWARE\Microsoft\RAS AutoDial] [HKLM\SOFTWARE\Microsoft\RcsPresence] [HKLM\SOFTWARE\Microsoft\Reliability Analysis] [HKLM\SOFTWARE\Microsoft\Remediation] [HKLM\SOFTWARE\Microsoft\RemovalTools] [HKLM\SOFTWARE\Microsoft\rempl] [HKLM\SOFTWARE\Microsoft\RendezvousApps] [HKLM\SOFTWARE\Microsoft\Router] [HKLM\SOFTWARE\Microsoft\Rpc] [HKLM\SOFTWARE\Microsoft\SchedulingAgent] [HKLM\SOFTWARE\Microsoft\SDDS] [HKLM\SOFTWARE\Microsoft\Security Center] [HKLM\SOFTWARE\Microsoft\SecurityManager] [HKLM\SOFTWARE\Microsoft\SEMgr] [HKLM\SOFTWARE\Microsoft\Sensors] [HKLM\SOFTWARE\Microsoft\Settings] [HKLM\SOFTWARE\Microsoft\Shared Tools] [HKLM\SOFTWARE\Microsoft\Shared Tools Location] [HKLM\SOFTWARE\Microsoft\Shell] [HKLM\SOFTWARE\Microsoft\SideShow] [HKLM\SOFTWARE\Microsoft\sih] [HKLM\SOFTWARE\Microsoft\Silverlight] [HKLM\SOFTWARE\Microsoft\Siuf] [HKLM\SOFTWARE\Microsoft\SMB1Uninstall] [HKLM\SOFTWARE\Microsoft\Software] [HKLM\SOFTWARE\Microsoft\Speech] [HKLM\SOFTWARE\Microsoft\Speech_OneCore] [HKLM\SOFTWARE\Microsoft\SQMClient] [HKLM\SOFTWARE\Microsoft\StrongName] [HKLM\SOFTWARE\Microsoft\Sync Framework] [HKLM\SOFTWARE\Microsoft\Sysprep] [HKLM\SOFTWARE\Microsoft\SystemCertificates] [HKLM\SOFTWARE\Microsoft\SystemSettings] [HKLM\SOFTWARE\Microsoft\TableTextService] [HKLM\SOFTWARE\Microsoft\TabletTip] [HKLM\SOFTWARE\Microsoft\TaskFlowDataEngine] [HKLM\SOFTWARE\Microsoft\Tcpip] [HKLM\SOFTWARE\Microsoft\TelemetryClient] [HKLM\SOFTWARE\Microsoft\Terminal Server Client] [HKLM\SOFTWARE\Microsoft\TermServLicensing] [HKLM\SOFTWARE\Microsoft\TouchPrediction] [HKLM\SOFTWARE\Microsoft\TPG] [HKLM\SOFTWARE\Microsoft\Tpm] [HKLM\SOFTWARE\Microsoft\Tracing] [HKLM\SOFTWARE\Microsoft\Transaction Server] [HKLM\SOFTWARE\Microsoft\TV System Services] [HKLM\SOFTWARE\Microsoft\uDRM] [HKLM\SOFTWARE\Microsoft\Uev] [HKLM\SOFTWARE\Microsoft\Unified Store] [HKLM\SOFTWARE\Microsoft\Unistore] [HKLM\SOFTWARE\Microsoft\UNP] [HKLM\SOFTWARE\Microsoft\UPnP Control Point] [HKLM\SOFTWARE\Microsoft\UPnP Device Host] [HKLM\SOFTWARE\Microsoft\UserData] [HKLM\SOFTWARE\Microsoft\UserManager] [HKLM\SOFTWARE\Microsoft\Virtual Machine] [HKLM\SOFTWARE\Microsoft\VisualStudio] [HKLM\SOFTWARE\Microsoft\WAB] [HKLM\SOFTWARE\Microsoft\Wallet] [HKLM\SOFTWARE\Microsoft\Wbem] [HKLM\SOFTWARE\Microsoft\WcmSvc] [HKLM\SOFTWARE\Microsoft\WIMMount] [HKLM\SOFTWARE\Microsoft\Windows] [HKLM\SOFTWARE\Microsoft\Windows Defender] [HKLM\SOFTWARE\Microsoft\Windows Defender Security Center] [HKLM\SOFTWARE\Microsoft\Windows Desktop Search] [HKLM\SOFTWARE\Microsoft\Windows Mail] [HKLM\SOFTWARE\Microsoft\Windows Media Device Manager] [HKLM\SOFTWARE\Microsoft\Windows Media Foundation] [HKLM\SOFTWARE\Microsoft\Windows Media Player NSS] [HKLM\SOFTWARE\Microsoft\Windows Messaging Subsystem] [HKLM\SOFTWARE\Microsoft\Windows NT] [HKLM\SOFTWARE\Microsoft\Windows Performance Toolkit] [HKLM\SOFTWARE\Microsoft\Windows Phone] [HKLM\SOFTWARE\Microsoft\Windows Photo Viewer] [HKLM\SOFTWARE\Microsoft\Windows Portable Devices] [HKLM\SOFTWARE\Microsoft\Windows Script Host] [HKLM\SOFTWARE\Microsoft\Windows Search] [HKLM\SOFTWARE\Microsoft\Windows Security Health] [HKLM\SOFTWARE\Microsoft\Windows10Upgrader] [HKLM\SOFTWARE\Microsoft\WindowsRuntime] [HKLM\SOFTWARE\Microsoft\WindowsSelfHost] [HKLM\SOFTWARE\Microsoft\WindowsStore] [HKLM\SOFTWARE\Microsoft\WindowsUpdate] [HKLM\SOFTWARE\Microsoft\Wisp] [HKLM\SOFTWARE\Microsoft\WlanSvc] [HKLM\SOFTWARE\Microsoft\Wlpasvc] [HKLM\SOFTWARE\Microsoft\Wow64] [HKLM\SOFTWARE\Microsoft\WSDAPI] [HKLM\SOFTWARE\Microsoft\WwanSvc] [HKLM\SOFTWARE\Microsoft\XAML] [HKLM\SOFTWARE\Microsoft\XboxGameSaveStorage] [HKLM\SOFTWARE\Microsoft\XboxLive] [HKLM\Software\Microsoft\Windows\Autopilot] [HKLM\Software\Microsoft\Windows\ClickNote] [HKLM\Software\Microsoft\Windows\CurrentVersion] [HKLM\Software\Microsoft\Windows\Dwm] [HKLM\Software\Microsoft\Windows\DynamicManagement] [HKLM\Software\Microsoft\Windows\EnterpriseResourceManager] [HKLM\Software\Microsoft\Windows\Heat] [HKLM\Software\Microsoft\Windows\HTML Help] [HKLM\Software\Microsoft\Windows\ITStorage] [HKLM\Software\Microsoft\Windows\Notepad] [HKLM\Software\Microsoft\Windows\PrivacySettingsBeforeCreatorsUpdate] [HKLM\Software\Microsoft\Windows\ScheduledDiagnostics] [HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\Microsoft\Windows\Shell] [HKLM\Software\Microsoft\Windows\Tablet PC] [HKLM\Software\Microsoft\Windows\TabletPC] [HKLM\Software\Microsoft\Windows\UpdateApi] [HKLM\Software\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\Microsoft\Windows\Windows Search] [HKLM\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\AarSvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\autotimesvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\BcastDVRUserService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\btagservice] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\BthAppGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\Camera] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ClipboardSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\DevicesFlow] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\diagnostics] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\GraphicsPerfSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ICService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceHttp] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestrictedDhcpLmHosts] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetworkFirewall] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceDnsNla] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\print] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\PrintWorkflow] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\rdxgroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\RmSvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\UnistackSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\WepHostSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wsappx] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wusvcs] [HKLM\Software\WOW6432Node\Adguard] [HKLM\Software\WOW6432Node\Adobe] [HKLM\Software\WOW6432Node\AGEIA Technologies] [HKLM\Software\WOW6432Node\Amazon] [HKLM\Software\WOW6432Node\AVAST Software] [HKLM\Software\WOW6432Node\BioWare] [HKLM\Software\WOW6432Node\Bkool] [HKLM\Software\WOW6432Node\Borland] [HKLM\Software\WOW6432Node\CDDB] [HKLM\Software\WOW6432Node\Codemasters] [HKLM\Software\WOW6432Node\CompeGPS] [HKLM\Software\WOW6432Node\Crytek] [HKLM\Software\WOW6432Node\CyberLink] [HKLM\Software\WOW6432Node\EA Games] [HKLM\Software\WOW6432Node\EA Sports] [HKLM\Software\WOW6432Node\EasyAntiCheat] [HKLM\Software\WOW6432Node\Electronic Arts] [HKLM\Software\WOW6432Node\ESN Launcher] [HKLM\Software\WOW6432Node\ESN Sonar-0.70.4] [HKLM\Software\WOW6432Node\Genesys Logic] [HKLM\Software\WOW6432Node\GOG.com] [HKLM\Software\WOW6432Node\Google] [HKLM\Software\WOW6432Node\HITMAN - The Complete First Season] [HKLM\Software\WOW6432Node\Intel] [HKLM\Software\WOW6432Node\Khronos] [HKLM\Software\WOW6432Node\Lake] [HKLM\Software\WOW6432Node\Lenovo] [HKLM\Software\WOW6432Node\Macromedia] [HKLM\Software\WOW6432Node\Microsoft] [HKLM\Software\WOW6432Node\Mozilla] [HKLM\Software\WOW6432Node\MozillaPlugins] [HKLM\Software\WOW6432Node\Mr DJ] [HKLM\Software\WOW6432Node\Nuance] [HKLM\Software\WOW6432Node\NVIDIA Corporation] [HKLM\Software\WOW6432Node\ODBC] [HKLM\Software\WOW6432Node\OpenOffice] [HKLM\Software\WOW6432Node\Origin] [HKLM\Software\WOW6432Node\Origin Games] [HKLM\Software\WOW6432Node\Realtek] [HKLM\Software\WOW6432Node\Realtek Semiconductor Corp.] [HKLM\Software\WOW6432Node\Respawn] [HKLM\Software\WOW6432Node\RtWLan] [HKLM\Software\WOW6432Node\Sony Corporation] [HKLM\Software\WOW6432Node\Thrustmaster] [HKLM\Software\WOW6432Node\TomTom] [HKLM\Software\WOW6432Node\Ubisoft] [HKLM\Software\WOW6432Node\Valve] [HKLM\Software\WOW6432Node\WOW6432Node] [HKLM\Software\WOW6432Node\Clients] [HKLM\Software\WOW6432Node\Even Balance] [HKLM\Software\WOW6432Node\Policies] [HKLM\Software\WOW6432Node\RegisteredApplications] [HKLM\Software\WOW6432Node\Microsoft\.NETFramework] [HKLM\Software\WOW6432Node\Microsoft\Active Setup] [HKLM\Software\WOW6432Node\Microsoft\ADs] [HKLM\Software\WOW6432Node\Microsoft\Advanced INF Setup] [HKLM\Software\WOW6432Node\Microsoft\AMSI] [HKLM\Software\WOW6432Node\Microsoft\AppServiceProtocols] [HKLM\Software\WOW6432Node\Microsoft\ASP.NET] [HKLM\Software\WOW6432Node\Microsoft\Assistance] [HKLM\Software\WOW6432Node\Microsoft\AuthHost] [HKLM\Software\WOW6432Node\Microsoft\BidInterface] [HKLM\Software\WOW6432Node\Microsoft\BitLockerCsp] [HKLM\Software\WOW6432Node\Microsoft\ClipboardServer] [HKLM\Software\WOW6432Node\Microsoft\Command Processor] [HKLM\Software\WOW6432Node\Microsoft\Cryptography] [HKLM\Software\WOW6432Node\Microsoft\CTF] [HKLM\Software\WOW6432Node\Microsoft\DataAccess] [HKLM\Software\WOW6432Node\Microsoft\DevDiv] [HKLM\Software\WOW6432Node\Microsoft\Device Association Framework] [HKLM\Software\WOW6432Node\Microsoft\Direct3D] [HKLM\Software\WOW6432Node\Microsoft\DirectDraw] [HKLM\Software\WOW6432Node\Microsoft\DirectInput] [HKLM\Software\WOW6432Node\Microsoft\DirectMusic] [HKLM\Software\WOW6432Node\Microsoft\DirectPlay] [HKLM\Software\WOW6432Node\Microsoft\DirectPlay8] [HKLM\Software\WOW6432Node\Microsoft\DirectPlayNATHelp] [HKLM\Software\WOW6432Node\Microsoft\DirectShow] [HKLM\Software\WOW6432Node\Microsoft\DirectX] [HKLM\Software\WOW6432Node\Microsoft\DownloadManager] [HKLM\Software\WOW6432Node\Microsoft\DRM] [HKLM\Software\WOW6432Node\Microsoft\DVDNavigator] [HKLM\Software\WOW6432Node\Microsoft\DVR] [HKLM\Software\WOW6432Node\Microsoft\EAPSIMMethods] [HKLM\Software\WOW6432Node\Microsoft\ENROLLMENTS] [HKLM\Software\WOW6432Node\Microsoft\EnterpriseResourceManager] [HKLM\Software\WOW6432Node\Microsoft\Exchange] [HKLM\Software\WOW6432Node\Microsoft\F12] [HKLM\Software\WOW6432Node\Microsoft\Fax] [HKLM\Software\WOW6432Node\Microsoft\Feeds] [HKLM\Software\WOW6432Node\Microsoft\FilePicker] [HKLM\Software\WOW6432Node\Microsoft\Function Discovery] [HKLM\Software\WOW6432Node\Microsoft\Fusion] [HKLM\Software\WOW6432Node\Microsoft\GameOverlay] [HKLM\Software\WOW6432Node\Microsoft\HTMLHelp] [HKLM\Software\WOW6432Node\Microsoft\IdentityCRL] [HKLM\Software\WOW6432Node\Microsoft\IdentityStore] [HKLM\Software\WOW6432Node\Microsoft\IMAPI] [HKLM\Software\WOW6432Node\Microsoft\IME] [HKLM\Software\WOW6432Node\Microsoft\IMEJP] [HKLM\Software\WOW6432Node\Microsoft\IMEKR] [HKLM\Software\WOW6432Node\Microsoft\IMETC] [HKLM\Software\WOW6432Node\Microsoft\Immersive Browser] [HKLM\Software\WOW6432Node\Microsoft\InputMethod] [HKLM\Software\WOW6432Node\Microsoft\Internet Account Manager] [HKLM\Software\WOW6432Node\Microsoft\Internet Domains] [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer] [HKLM\Software\WOW6432Node\Microsoft\IsoBurn] [HKLM\Software\WOW6432Node\Microsoft\Jet] [HKLM\Software\WOW6432Node\Microsoft\Location] [HKLM\Software\WOW6432Node\Microsoft\MediaEngine] [HKLM\Software\WOW6432Node\Microsoft\MediaPlayer] [HKLM\Software\WOW6432Node\Microsoft\MessengerService] [HKLM\Software\WOW6432Node\Microsoft\Microsoft Camera Codec Pack] [HKLM\Software\WOW6432Node\Microsoft\Microsoft SQL Server Compact Edition] [HKLM\Software\WOW6432Node\Microsoft\MiracastReceiver] [HKLM\Software\WOW6432Node\Microsoft\MMC] [HKLM\Software\WOW6432Node\Microsoft\MSBuild] [HKLM\Software\WOW6432Node\Microsoft\MSDE] [HKLM\Software\WOW6432Node\Microsoft\MSDRM] [HKLM\Software\WOW6432Node\Microsoft\MSDTC] [HKLM\Software\WOW6432Node\Microsoft\MSF] [HKLM\Software\WOW6432Node\Microsoft\MSLicensing] [HKLM\Software\WOW6432Node\Microsoft\MSN Apps] [HKLM\Software\WOW6432Node\Microsoft\MTF] [HKLM\Software\WOW6432Node\Microsoft\Multimedia] [HKLM\Software\WOW6432Node\Microsoft\NET Framework Setup] [HKLM\Software\WOW6432Node\Microsoft\NetSh] [HKLM\Software\WOW6432Node\Microsoft\Network] [HKLM\Software\WOW6432Node\Microsoft\NetworkAccessProtection] [HKLM\Software\WOW6432Node\Microsoft\Notepad] [HKLM\Software\WOW6432Node\Microsoft\ODBC] [HKLM\Software\WOW6432Node\Microsoft\OEM] [HKLM\Software\WOW6432Node\Microsoft\Office] [HKLM\Software\WOW6432Node\Microsoft\Office Server] [HKLM\Software\WOW6432Node\Microsoft\OfficeSoftwareProtectionPlatform] [HKLM\Software\WOW6432Node\Microsoft\OnlineProviders] [HKLM\Software\WOW6432Node\Microsoft\Outlook Express] [HKLM\Software\WOW6432Node\Microsoft\Palm] [HKLM\Software\WOW6432Node\Microsoft\Photos] [HKLM\Software\WOW6432Node\Microsoft\PLA] [HKLM\Software\WOW6432Node\Microsoft\Policies] [HKLM\Software\WOW6432Node\Microsoft\PowerShell] [HKLM\Software\WOW6432Node\Microsoft\Print] [HKLM\Software\WOW6432Node\Microsoft\Provisioning] [HKLM\Software\WOW6432Node\Microsoft\RADAR] [HKLM\Software\WOW6432Node\Microsoft\RendezvousApps] [HKLM\Software\WOW6432Node\Microsoft\SchedulingAgent] [HKLM\Software\WOW6432Node\Microsoft\Security Center] [HKLM\Software\WOW6432Node\Microsoft\Sensors] [HKLM\Software\WOW6432Node\Microsoft\Shared Tools] [HKLM\Software\WOW6432Node\Microsoft\Shared Tools Location] [HKLM\Software\WOW6432Node\Microsoft\Silverlight] [HKLM\Software\WOW6432Node\Microsoft\SoftGrid] [HKLM\Software\WOW6432Node\Microsoft\Software] [HKLM\Software\WOW6432Node\Microsoft\SPEECH] [HKLM\Software\WOW6432Node\Microsoft\Speech_OneCore] [HKLM\Software\WOW6432Node\Microsoft\SQMClient] [HKLM\Software\WOW6432Node\Microsoft\Sync Framework] [HKLM\Software\WOW6432Node\Microsoft\SystemSettings] [HKLM\Software\WOW6432Node\Microsoft\TableTextService] [HKLM\Software\WOW6432Node\Microsoft\TabletTip] [HKLM\Software\WOW6432Node\Microsoft\Tcpip] [HKLM\Software\WOW6432Node\Microsoft\Terminal Server Client] [HKLM\Software\WOW6432Node\Microsoft\TouchPrediction] [HKLM\Software\WOW6432Node\Microsoft\TPG] [HKLM\Software\WOW6432Node\Microsoft\Tpm] [HKLM\Software\WOW6432Node\Microsoft\Tracing] [HKLM\Software\WOW6432Node\Microsoft\TV System Services] [HKLM\Software\WOW6432Node\Microsoft\uDRM] [HKLM\Software\WOW6432Node\Microsoft\Updates] [HKLM\Software\WOW6432Node\Microsoft\UPnP Control Point] [HKLM\Software\WOW6432Node\Microsoft\UPnP Device Host] [HKLM\Software\WOW6432Node\Microsoft\VisualStudio] [HKLM\Software\WOW6432Node\Microsoft\WAB] [HKLM\Software\WOW6432Node\Microsoft\WBEM] [HKLM\Software\WOW6432Node\Microsoft\WIMMount] [HKLM\Software\WOW6432Node\Microsoft\Windows] [HKLM\Software\WOW6432Node\Microsoft\Windows Desktop Search] [HKLM\Software\WOW6432Node\Microsoft\Windows Mail] [HKLM\Software\WOW6432Node\Microsoft\Windows Media Device Manager] [HKLM\Software\WOW6432Node\Microsoft\Windows Media Foundation] [HKLM\Software\WOW6432Node\Microsoft\Windows Media Player NSS] [HKLM\Software\WOW6432Node\Microsoft\Windows Messaging Subsystem] [HKLM\Software\WOW6432Node\Microsoft\Windows NT] [HKLM\Software\WOW6432Node\Microsoft\Windows Phone] [HKLM\Software\WOW6432Node\Microsoft\Windows Photo Viewer] [HKLM\Software\WOW6432Node\Microsoft\Windows Portable Devices] [HKLM\Software\WOW6432Node\Microsoft\Windows Script Host] [HKLM\Software\WOW6432Node\Microsoft\WindowsRuntime] [HKLM\Software\WOW6432Node\Microsoft\WindowsUpdate] [HKLM\Software\WOW6432Node\Microsoft\Wisp] [HKLM\Software\WOW6432Node\Microsoft\WlanSvc] [HKLM\Software\WOW6432Node\Microsoft\WSDAPI] [HKLM\Software\WOW6432Node\Microsoft\Cellular] [HKLM\Software\WOW6432Node\Microsoft\COM3] [HKLM\Software\WOW6432Node\Microsoft\DeviceReg] [HKLM\Software\WOW6432Node\Microsoft\DFS] [HKLM\Software\WOW6432Node\Microsoft\Driver Signing] [HKLM\Software\WOW6432Node\Microsoft\EnterpriseCertificates] [HKLM\Software\WOW6432Node\Microsoft\EventSystem] [HKLM\Software\WOW6432Node\Microsoft\FingerKB] [HKLM\Software\WOW6432Node\Microsoft\FuzzyDS] [HKLM\Software\WOW6432Node\Microsoft\Input] [HKLM\Software\WOW6432Node\Microsoft\LanguageOverlay] [HKLM\Software\WOW6432Node\Microsoft\Messaging] [HKLM\Software\WOW6432Node\Microsoft\MSMQ] [HKLM\Software\WOW6432Node\Microsoft\MTFFuzzyFactors] [HKLM\Software\WOW6432Node\Microsoft\MTFInputType] [HKLM\Software\WOW6432Node\Microsoft\MTFKeyboardMappings] [HKLM\Software\WOW6432Node\Microsoft\Non-Driver Signing] [HKLM\Software\WOW6432Node\Microsoft\Ole] [HKLM\Software\WOW6432Node\Microsoft\Phone] [HKLM\Software\WOW6432Node\Microsoft\Pim] [HKLM\Software\WOW6432Node\Microsoft\Poom] [HKLM\Software\WOW6432Node\Microsoft\Ras] [HKLM\Software\WOW6432Node\Microsoft\Rpc] [HKLM\Software\WOW6432Node\Microsoft\SecurityManager] [HKLM\Software\WOW6432Node\Microsoft\Semgr] [HKLM\Software\WOW6432Node\Microsoft\Shell] [HKLM\Software\WOW6432Node\Microsoft\SystemCertificates] [HKLM\Software\WOW6432Node\Microsoft\TermServLicensing] [HKLM\Software\WOW6432Node\Microsoft\Transaction Server] [HKLM\Software\WOW6432Node\Microsoft\Unified Store] [HKLM\Software\WOW6432Node\Microsoft\UserData] [HKLM\Software\WOW6432Node\Microsoft\Windows Search] [HKLM\Software\WOW6432Node\Microsoft\XAML] [HKLM\Software\WOW6432Node\Microsoft\Windows\ClickNote] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows\Dwm] [HKLM\Software\WOW6432Node\Microsoft\Windows\EnterpriseResourceManager] [HKLM\Software\WOW6432Node\Microsoft\Windows\Heat] [HKLM\Software\WOW6432Node\Microsoft\Windows\HTML Help] [HKLM\Software\WOW6432Node\Microsoft\Windows\ITStorage] [HKLM\Software\WOW6432Node\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\WOW6432Node\Microsoft\Windows\Tablet PC] [HKLM\Software\WOW6432Node\Microsoft\Windows\UpdateApi] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Search] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceHttp] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestrictedDhcpLmHosts] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetworkFirewall] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceDnsNla] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\PrintWorkflow] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\wusvcs] ---------- | Drives ---------- | C: [06/04/2017 22:35:18] - |HD| - [164562174] - C:\$AV_ASW [27/12/2019 08:30:22] - |SHD| - [4108200228] - C:\$RECYCLE.BIN [27/12/2019 12:33:47] - |HD| - [323983] - C:\$WINDOWS.~BT [27/12/2019 00:22:48] - |D| - [51498388716] - C:\AdsFix [MD5.F07D4C4F981235F3A5D874D37505F4BA] - [27/12/2019 08:26:39] - |A| - (.-.) - [26] - (0.0.0.0) - C:\AdsFix.txt [MD5.BCCD12BFB1DDFEC6C565375A24CFFDF2] - [27/12/2019 00:23:32] - |A| - (.-.) - [18444] - (0.0.0.0) - C:\AdsFix_27_12_2019_01_21_28.txt [05/11/2019 20:18:25] - |D| - [154068619] - C:\AdwCleaner [03/04/2014 20:14:58] - |SHD| - [18490764] - C:\Boot [MD5.55272FE96AD87017755FD82F7928FDA0] - [22/08/2013 16:44:03] - |RASH| - (.-.) - [398356] - (0.0.0.0) - C:\bootmgr [MD5.93B885ADFE0DA089CDF634904FD59F71] - [22/08/2013 16:44:04] - |ASH| - (.-.) - [1] - (0.0.0.0) - C:\BOOTNXT [03/12/2018 20:42:06] - |SHD| - [1593016] - C:\Config.Msi [22/08/2013 15:45:52] - |SHD| - [0] - C:\Documents and Settings [02/11/2016 08:27:44] - |D| - [2482942030] - C:\Drivers [29/10/2018 20:23:21] - |D| - [0] - C:\ESD [27/11/2018 08:32:37] - |D| - [66735623468] - C:\Games [11/12/2017 20:17:09] - |D| - [15484420987] - C:\GOG Games [MD5.8BCA4CC6C43DA9100FB8B6CB31136153] - [17/04/2018 19:44:18] - |A| - (.-.) - [1882] - (0.0.0.0) - C:\GUDownLoaddebug.txt [MD5.D41D8CD98F00B204E9800998ECF8427E] - [16/05/2018 19:16:07] - |ASH| - (.-.) - [13722165248] - (0.0.0.0) - C:\hiberfil.sys [19/06/2015 18:17:27] - |HD| - [3057388] - C:\Intel [25/11/2016 23:27:14] - |HD| - [22] - C:\Lenovo [MD5.D41D8CD98F00B204E9800998ECF8427E] - [27/01/2016 08:54:34] - |ASH| - (.-.) - [5100273664] - (0.0.0.0) - C:\pagefile.sys [19/03/2019 05:52:43] - |D| - [0] - C:\PerfLogs [19/03/2019 05:52:43] - |RD| - [79759230468] - C:\Program Files [19/03/2019 05:52:44] - |RD| - [2434705227321] - C:\Program Files (x86) [19/03/2019 05:52:44] - |HD| - [12610443722] - C:\ProgramData [26/12/2019 18:23:16] - |D| - [639024] - C:\QuickDiag [MD5.378E1819AD209D4355FD16E22E4FEA6F] - [27/12/2019 23:07:43] - |A| - (.-.) - [251519] - (0.0.0.0) - C:\QuickDiag.txt [MD5.C467C97944B6D77C759B6186508C25E8] - [26/12/2019 18:32:50] - |RAST| - (.-.) - [533580] - (0.0.0.0) - C:\QuickDiag_26_12_2019_18_32_50.txt [MD5.7AF11C48CB0BE1017653B9BBD609B83E] - [26/12/2019 18:43:24] - |RAST| - (.-.) - [533759] - (0.0.0.0) - C:\QuickDiag_26_12_2019_18_43_24.txt [02/12/2017 00:00:26] - |SHD| - [0] - C:\Recovery [MD5.D41D8CD98F00B204E9800998ECF8427E] - [27/01/2016 08:54:34] - |ASH| - (.-.) - [268435456] - (0.0.0.0) - C:\swapfile.sys [01/11/2016 21:35:19] - |D| - [16887969] - C:\SWTOOLS [27/01/2016 08:54:33] - |SHD| - [0] - C:\System Volume Information [05/11/2016 18:20:32] - |D| - [0] - C:\temp [19/03/2019 05:37:22] - |RD| - [900436330513] - C:\Users [19/03/2019 05:37:22] - |D| - [22883323192] - C:\Windows [04/10/2019 00:23:26] - |D| - [0] - C:\Windows.old [27/12/2019 12:20:26] - |D| - [20761870] - C:\Windows10Upgrade ---------- | C:\WINDOWS [19/03/2019 05:52:44] - |D| - [802] - C:\WINDOWS\addins [19/03/2019 05:52:44] - |D| - [16900561] - C:\WINDOWS\appcompat [19/03/2019 05:52:44] - |D| - [8771732] - C:\WINDOWS\apppatch [19/03/2019 05:52:44] - |D| - [0] - C:\WINDOWS\AppReadiness [19/03/2019 05:52:43] - |RSD| - [903618301] - C:\WINDOWS\assembly [MD5.12EBDA58437CD1EA7066FCB6455241D2] - [29/10/2016 16:33:50] - |A| - (.Copyright (c) 2014 AVAST Software - avast! Screen Saver stub.) - [53208] - (12.3.3154.0) - C:\WINDOWS\avastSS.scr [19/03/2019 05:52:44] - |D| - [785153] - C:\WINDOWS\bcastdvr [MD5.B75D52E7DBEEF44A2C3324A2CE0272C9] - [19/03/2019 05:43:47] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Utilitaire de service de fichier de démarrage.) - [73216] - (10.0.18362.1) - C:\WINDOWS\bfsvc.exe [19/03/2019 05:52:44] - |D| - [39550015] - C:\WINDOWS\Boot [MD5.5B4B0684F3A7A8085FA77E59C6A100EC] - [03/10/2019 23:58:41] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\WINDOWS\bootstat.dat [19/03/2019 05:52:44] - |D| - [2459128] - C:\WINDOWS\Branding [19/03/2019 05:37:22] - |D| - [0] - C:\WINDOWS\CbsTemp [19/03/2019 05:52:44] - |D| - [34141949] - C:\WINDOWS\Containers [MD5.1F334AC7713E228137147CBFBB7BC9AA] - [19/03/2019 13:03:26] - |A| - (.-.) - [33951] - (0.0.0.0) - C:\WINDOWS\Core.xml [MD5.0505315076F50DE128B8256927B94722] - [18/03/2014 10:38:21] - |A| - (.-.) - [35851] - (0.0.0.0) - C:\WINDOWS\CoreSingleLanguage.xml [MD5.0353ECCF94A1A4CCB666C07B1FA0F671] - [20/06/2015 03:49:04] - |A| - (.-.) - [10] - (0.0.0.0) - C:\WINDOWS\CSUP.TXT [19/03/2019 05:52:44] - |D| - [11501377] - C:\WINDOWS\Cursors [19/03/2019 05:52:44] - |D| - [2244] - C:\WINDOWS\debug [MD5.D1E75542EC8D1B4851765A57AC63618E] - [03/10/2019 23:52:20] - |A| - (.-.) - [1908] - (0.0.0.0) - C:\WINDOWS\diagerr.xml [19/03/2019 05:52:44] - |D| - [4558493] - C:\WINDOWS\diagnostics [19/03/2019 05:52:44] - |D| - [1915751] - C:\WINDOWS\DiagTrack [MD5.D1E75542EC8D1B4851765A57AC63618E] - [03/10/2019 23:52:20] - |A| - (.-.) - [1908] - (0.0.0.0) - C:\WINDOWS\diagwrn.xml [19/03/2019 13:00:40] - |D| - [0] - C:\WINDOWS\DigitalLocker [MD5.F7F75A4D77CF5BB4B6EF0013A4DF4FBE] - [22/11/2019 18:38:15] - |A| - (.-.) - [34950] - (0.0.0.0) - C:\WINDOWS\DirectX.log [19/06/2015 18:30:28] - |D| - [249124864] - C:\WINDOWS\Downloaded Installations [19/03/2019 05:52:44] - |SD| - [548929] - C:\WINDOWS\Downloaded Program Files [19/03/2019 05:52:44] - |HD| - [83712] - C:\WINDOWS\ELAMBKUP [19/03/2019 13:00:40] - |D| - [97792] - C:\WINDOWS\en-US [MD5.F452D4C5F066D5ED4A0E1CCCF3FDF318] - [19/06/2015 18:30:47] - |A| - (.-.) - [84] - (0.0.0.0) - C:\WINDOWS\executeBpd-64.bat [MD5.2A081429E51CE07908F7E03C08DE40A1] - [19/06/2015 18:30:47] - |A| - (.-.) - [78] - (0.0.0.0) - C:\WINDOWS\executeBpd.bat [MD5.4E196CEA0C9C46A7D656C67E52E8C7C7] - [13/11/2019 16:10:31] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [4615616] - (10.0.18362.449) - C:\WINDOWS\explorer.exe [19/03/2019 05:52:44] - |RSD| - [377291782] - C:\WINDOWS\Fonts [19/03/2019 13:00:40] - |D| - [110592] - C:\WINDOWS\fr-FR [19/03/2019 05:52:44] - |D| - [0] - C:\WINDOWS\GameBarPresenceWriter [19/03/2019 05:52:44] - |D| - [53145140] - C:\WINDOWS\Globalization [19/03/2019 05:52:44] - |D| - [72730547] - C:\WINDOWS\Help [MD5.67094590E3D57130C587CD6D8AFB6597] - [13/11/2019 16:14:03] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Aide et support Microsoft.) - [1059840] - (10.0.18362.449) - C:\WINDOWS\HelpPane.exe [MD5.DF73D52FDCE65F90A2E49EFB5248C77C] - [19/03/2019 05:45:38] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Exécutable de l’aide HTML Microsoft®.) - [18432] - (10.0.18362.1) - C:\WINDOWS\hh.exe [19/06/2015 18:30:48] - |D| - [535] - C:\WINDOWS\Icons [19/03/2019 05:52:44] - |D| - [29869] - C:\WINDOWS\IdentityCRL [19/03/2019 05:52:44] - |D| - [28824510] - C:\WINDOWS\IME [19/03/2019 05:52:44] - |RD| - [9280516] - C:\WINDOWS\ImmersiveControlPanel [19/03/2019 05:50:07] - |D| - [78494328] - C:\WINDOWS\INF [12/04/2018 00:38:21] - |D| - [0] - C:\WINDOWS\InfusedApps [19/03/2019 05:52:44] - |D| - [38126462] - C:\WINDOWS\InputMethod [19/03/2019 05:52:44] - |SHDC| - [888248144] - C:\WINDOWS\Installer [MD5.C45679056C03A8FCF06B639500C14BBB] - [07/12/2017 17:56:57] - |A| - (.-.) - [1895] - (0.0.0.0) - C:\WINDOWS\InstallUtil.InstallLog [19/06/2015 18:19:01] - |D| - [204800] - C:\WINDOWS\jmesoft [19/03/2019 05:52:44] - |D| - [94304] - C:\WINDOWS\L2Schemas [19/03/2019 05:52:44] - |HD| - [0] - C:\WINDOWS\LanguageOverlayCache [19/03/2019 05:52:44] - |D| - [0] - C:\WINDOWS\LiveKernelReports [19/03/2019 05:52:44] - |D| - [15303386] - C:\WINDOWS\Logs [19/03/2019 05:52:44] - |RSD| - [20063519] - C:\WINDOWS\Media [22/08/2013 16:36:31] - |D| - [1619968] - C:\WINDOWS\MediaViewer [MD5.EBD0C162DD920B233B973ACBA6487839] - [19/06/2015 18:31:03] - |A| - (.-.) - [2415341] - (0.0.0.0) - C:\WINDOWS\MFGSTAT.zip [MD5.23AF90D2355D8C83AA4567EF1763B467] - [19/03/2019 05:44:30] - |A| - (.-.) - [43131] - (0.0.0.0) - C:\WINDOWS\mib.bin [19/03/2019 05:52:43] - |RD| - [847437706] - C:\WINDOWS\Microsoft.NET [19/03/2019 05:52:44] - |D| - [3323] - C:\WINDOWS\Migration [19/03/2019 05:52:44] - |D| - [0] - C:\WINDOWS\ModemLogs [16/01/2017 11:47:39] - |HD| - [0] - C:\WINDOWS\msdownld.tmp [MD5.C386CF0AE6B40F0903467BB44BCECB28] - [19/06/2015 18:30:48] - |A| - (.-.) - [16958] - (0.0.0.0) - C:\WINDOWS\music_headphone_full.ico [MD5.F1139811BBF61362915958806AD30211] - [19/03/2019 05:45:00] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Bloc-notes.) - [181248] - (10.0.18362.1) - C:\WINDOWS\notepad.exe [MD5.74F28574BB8F61FFC7DD419FE6B6E0D5] - [11/06/2017 21:38:56] - |A| - (.-.) - [1951] - (0.0.0.0) - C:\WINDOWS\NvContainerRecovery.bat [19/03/2019 13:02:18] - |D| - [199472] - C:\WINDOWS\OCR [19/03/2019 05:52:44] - |RD| - [65] - C:\WINDOWS\Offline Web Pages [08/08/2019 18:28:10] - |DC| - [208893191] - C:\WINDOWS\Panther [19/03/2019 05:52:44] - |D| - [362373] - C:\WINDOWS\Performance [MD5.A5266FF33D255BF3FCB2C94F3B64156C] - [04/11/2016 18:25:39] - |A| - (.-.) - [1186250] - (0.0.0.0) - C:\WINDOWS\PFRO.log [19/03/2019 05:52:44] - |D| - [1283900] - C:\WINDOWS\PLA [19/03/2019 05:52:44] - |D| - [3661883] - C:\WINDOWS\PolicyDefinitions [03/10/2019 23:24:13] - |D| - [25403474] - C:\WINDOWS\Prefetch [19/03/2019 05:52:44] - |RD| - [1997306] - C:\WINDOWS\PrintDialog [MD5.09394999ADB19901C665454EE964B13C] - [03/11/2016 14:48:58] - |A| - (.-.) - [36] - (0.0.0.0) - C:\WINDOWS\progress.ini [19/03/2019 05:52:44] - |D| - [5920068] - C:\WINDOWS\Provisioning [MD5.29409008DF22243BB320333F9FD5C060] - [19/03/2019 05:45:47] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Éditeur du Registre.) - [358400] - (10.0.18362.1) - C:\WINDOWS\regedit.exe [19/03/2019 05:52:44] - |D| - [1117876] - C:\WINDOWS\Registration [MD5.EC8C831BEABF6EFDB076D4D278892C65] - [27/11/2016 00:01:39] - |A| - (.-.) - [773] - (0.0.0.0) - C:\WINDOWS\removeep.cmd [19/03/2019 05:52:44] - |D| - [9978696] - C:\WINDOWS\rescache [19/03/2019 05:52:44] - |D| - [5056687] - C:\WINDOWS\Resources [MD5.A095B3E67C8EB8F2137EAC63687F2F5B] - [19/06/2015 18:17:36] - |A| - (.Copyright (C) 2016 Realtek Semiconductor Corp. - RtlExUpd DLL for setup utility function.) - [2839520] - (1.0.7.0) - C:\WINDOWS\RtlExUpd.dll [MD5.E5DCAF3BA52C18B8C267B8525393750E] - [19/06/2015 18:18:07] - |A| - (.Copyright (C) 2012-2013 -.) - [48856] - (1.1004.1016.2013) - C:\WINDOWS\runSW.exe [19/03/2019 05:52:44] - |D| - [0] - C:\WINDOWS\SchCache [19/03/2019 05:52:44] - |D| - [122082] - C:\WINDOWS\schemas [19/03/2019 05:52:44] - |D| - [3869788] - C:\WINDOWS\security [03/10/2019 23:58:08] - |D| - [904070597] - C:\WINDOWS\ServiceProfiles [19/03/2019 05:52:44] - |D| - [4096] - C:\WINDOWS\ServiceState [19/03/2019 05:37:22] - |D| - [1306099211] - C:\WINDOWS\servicing [19/03/2019 05:56:38] - |D| - [46465] - C:\WINDOWS\Setup [MD5.D6FFD925FFA0583F8D7F63823A94B43C] - [07/11/2019 20:53:41] - |A| - (.-.) - [13187] - (0.0.0.0) - C:\WINDOWS\setupact.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - [07/11/2019 20:53:41] - |A| - (.-.) - [0] - (0.0.0.0) - C:\WINDOWS\setuperr.log [19/03/2019 05:52:44] - |D| - [7052288] - C:\WINDOWS\ShellComponents [19/03/2019 05:52:44] - |D| - [56043008] - C:\WINDOWS\ShellExperiences [19/03/2019 05:52:44] - |D| - [3070736] - C:\WINDOWS\SKB [19/06/2015 18:30:49] - |D| - [85508285] - C:\WINDOWS\SoftwareDistribution [19/03/2019 05:52:44] - |D| - [86040769] - C:\WINDOWS\Speech [19/03/2019 05:52:44] - |D| - [64004693] - C:\WINDOWS\Speech_OneCore [MD5.906E1DFC3A3A64D3452C5BA124AC9A4C] - [13/11/2019 16:10:31] - |A| - (.© Microsoft Corporation. - Print driver host for applications.) - [132608] - (10.0.18362.476) - C:\WINDOWS\splwow64.exe [MD5.0472CBB22FBC73D894BBCFEA0D4A9CE5] - [07/12/2017 17:56:56] - |A| - (.-.) - [88960] - (0.0.0.0) - C:\WINDOWS\suhotfix.exe [MD5.38019A97FF4C41D98C5DA732BF03C983] - [19/06/2015 18:18:07] - |A| - (.2012: (c) Realtek. By Karl - Switch USB2.0/USB3.0 for WinXP SP2+ ~ Win8.1.) - [422400] - (500.1025.324.2014) - C:\WINDOWS\SwUSB.exe [19/03/2019 05:52:44] - |D| - [31039] - C:\WINDOWS\System [MD5.286A9EDB379DC3423A528B0864A0F111] - [22/08/2013 14:25:43] - |A| - (.-.) - [219] - (0.0.0.0) - C:\WINDOWS\system.ini [19/03/2019 05:37:22] - |D| - [6290629824] - C:\WINDOWS\System32 [19/03/2019 05:52:45] - |D| - [210044831] - C:\WINDOWS\SystemApps [19/03/2019 05:52:46] - |D| - [188952525] - C:\WINDOWS\SystemResources [19/03/2019 05:52:46] - |D| - [1343160127] - C:\WINDOWS\SysWOW64 [19/03/2019 05:52:46] - |D| - [0] - C:\WINDOWS\TAPI [22/08/2013 16:36:30] - |D| - [6] - C:\WINDOWS\Tasks [19/03/2019 05:52:46] - |D| - [60915] - C:\WINDOWS\Temp [19/03/2019 05:52:46] - |D| - [13786112] - C:\WINDOWS\TextInput [22/08/2013 16:36:30] - |RD| - [0] - C:\WINDOWS\ToastData [19/03/2019 05:52:46] - |D| - [0] - C:\WINDOWS\tracing [19/03/2019 05:52:46] - |D| - [7680] - C:\WINDOWS\twain_32 [MD5.BC67755EBD59B2523C943F0D1A9982EF] - [19/03/2019 05:46:01] - |A| - (.- Gestionnaire de sources Twain_32 (Image Acquisition Interface).) - [64512] - (1.7.1.3) - C:\WINDOWS\twain_32.dll [02/10/2019 19:09:45] - |D| - [8332610] - C:\WINDOWS\UpdateAssistant [22/08/2013 16:36:30] - |D| - [0] - C:\WINDOWS\vpnplugins [19/03/2019 05:52:46] - |D| - [12420] - C:\WINDOWS\Vss [19/03/2019 05:52:46] - |D| - [33194] - C:\WINDOWS\WaaS [19/03/2019 05:52:46] - |D| - [18563704] - C:\WINDOWS\Web [MD5.60CDAF0811BF825164C0E246F4F5620D] - [22/08/2013 14:25:43] - |A| - (.-.) - [124] - (0.0.0.0) - C:\WINDOWS\win.ini [03/06/2017 19:19:17] - |D| - [45948703] - C:\WINDOWS\WindowsMobile [MD5.C844CA459F3B209329984772269B6E56] - [19/03/2019 05:44:30] - |RAH| - (.-.) - [670] - (0.0.0.0) - C:\WINDOWS\WindowsShell.Manifest [MD5.2CC83D93DD1DDE691158CF5E9882420B] - [07/11/2019 20:55:27] - |A| - (.-.) - [276] - (0.0.0.0) - C:\WINDOWS\WindowsUpdate.log [MD5.CAA192BFDFB5F2A131EBD649B7062DE3] - [19/03/2019 05:46:01] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Relais Windows Winhlp32.) - [11776] - (10.0.18362.1) - C:\WINDOWS\winhlp32.exe [19/03/2019 05:37:22] - |D| - [8264728628] - C:\WINDOWS\WinSxS [MD5.E7E4D8D7340DA6934B9EA81CBB21374C] - [19/03/2019 05:58:10] - |A| - (.-.) - [316640] - (0.0.0.0) - C:\WINDOWS\WMSysPr9.prx [MD5.1D27F61CC5D659247D2E0C111C5386DE] - [19/03/2019 05:45:54] - |A| - (.© Microsoft Corporation. - Windows Write.) - [11264] - (10.0.18362.1) - C:\WINDOWS\write.exe ---------- | C:\WINDOWS\System32\GroupPolicy ---------- | Systemroot\System ---------- | Systemroot\Installer (Microsoft Files Whitelisted) [14/08/2013 12:02:04] - C:\WINDOWS\Installer\15480d9.msi : (Blank Project Template - Lenovo) [Header ok : D0CF11E0A1B11AE10000000000000000] [23/11/2016 19:42:55] - C:\WINDOWS\Installer\183a2.msi : (Lenovo System Interface Foundation - Lenovo) [Header ok : D0CF11E0A1B11AE10000000000000000] [20/04/2016 17:06:44] - C:\WINDOWS\Installer\18ec3f.msi : (Blank Project Template - Lenovo) [Header ok : D0CF11E0A1B11AE10000000000000000] [16/12/2016 05:23:20] - C:\WINDOWS\Installer\1a0ccd18.msi : (PMB_ModeEditor - Sony Corporation) [Header ok : D0CF11E0A1B11AE10000000000000000] [16/06/2015 14:44:34] - C:\WINDOWS\Installer\1e5ba91.msi : (Intel(R) Chipset Device Software - Intel Corporation) [Header ok : D0CF11E0A1B11AE10000000000000000] [29/06/2019 06:39:46] - C:\WINDOWS\Installer\22edead1.msi : (MEDION GoPal Assistant 6.4.23.20004 - MEDION) [Header ok : D0CF11E0A1B11AE10000000000000000] [07/02/2013 18:57:16] - C:\WINDOWS\Installer\2bce7.msi : (Blank Project Template - CyberLink Corp.) [Header ok : D0CF11E0A1B11AE10000000000000000] [14/05/2013 03:53:15] - C:\WINDOWS\Installer\2c147.msi : (Blank Project Template - CyberLink Corp.) [Header ok : D0CF11E0A1B11AE10000000000000000] [02/07/2013 03:30:48] - C:\WINDOWS\Installer\2c3b2.msi : (Blank Project Template - CyberLink Corp.) [Header ok : D0CF11E0A1B11AE10000000000000000] [23/09/2013 10:55:34] - C:\WINDOWS\Installer\2d03b.msi : (Blank Project Template - CyberLink Corp.) [Header ok : D0CF11E0A1B11AE10000000000000000] [03/12/2013 06:37:04] - C:\WINDOWS\Installer\2da2f.msi : (Intel(R) Trusted Connect Service Client - Intel Corporation) [Header ok : D0CF11E0A1B11AE10000000000000000] [11/01/2018 21:55:30] - C:\WINDOWS\Installer\2e06be4.msi : (MergeModule_x86 - Sony Corporation) [Header ok : D0CF11E0A1B11AE10000000000000000] [19/12/2016 16:45:30] - C:\WINDOWS\Installer\32c79449.msi : (Hardware Detection DriversCloud.com - Cybelsoft) [Header ok : D0CF11E0A1B11AE10000000000000000] [27/09/2014 00:24:54] - C:\WINDOWS\Installer\3bc83.msi : (Dolby Digital Plus Advanced Audio - Dolby Laboratories Inc) [Header ok : D0CF11E0A1B11AE10000000000000000] [07/11/2012 09:30:52] - C:\WINDOWS\Installer\3bcf8c.msi : ( - Cisco Systems, Inc.) [Header ok : D0CF11E0A1B11AE10000000000000000] [07/11/2012 09:39:00] - C:\WINDOWS\Installer\3bcf93.msi : ( - Cisco Systems, Inc.) [Header ok : D0CF11E0A1B11AE10000000000000000] [07/11/2012 09:37:52] - C:\WINDOWS\Installer\3bcf9a.msi : ( - Cisco Systems, Inc.) [Header ok : D0CF11E0A1B11AE10000000000000000] [29/10/2013 14:25:32] - C:\WINDOWS\Installer\3ec1b.msi : (Lenovo OneKey Overclocking - Intel Corporation) [Header ok : D0CF11E0A1B11AE10000000000000000] [20/09/2016 11:06:08] - C:\WINDOWS\Installer\479ab35.msi : (Intel(R) Rapid Storage Technology - Intel Corporation) [Header ok : D0CF11E0A1B11AE10000000000000000] [29/09/2016 18:11:18] - C:\WINDOWS\Installer\49235c6.msi : (OpenOffice 4.1.3 - OpenOffice) [Header ok : D0CF11E0A1B11AE10000000000000000] [05/11/2016 18:40:32] - C:\WINDOWS\Installer\504dffc.msi : (Gadwin PrintScreenPro (64-Bit) - Gadwin Systems) [Header ok : D0CF11E0A1B11AE10000000000000000] [12/07/2012 05:30:20] - C:\WINDOWS\Installer\55170.msi : (Amazon Browser App - Amazon) [Header ok : D0CF11E0A1B11AE10000000000000000] [14/03/2013 04:24:03] - C:\WINDOWS\Installer\55178.msi : (Steam - Valve Corporation) [Header ok : D0CF11E0A1B11AE10000000000000000] [19/06/2015 18:30:40] - C:\WINDOWS\Installer\551df.msi : (Metric Collection SDK Redistributable - Lenovo Group Limited) [Header ok : D0CF11E0A1B11AE10000000000000000] [06/12/2016 22:58:44] - C:\WINDOWS\Installer\56e6e2b.msi : (MergeModule_x64 - Sony Corporation) [Header ok : D0CF11E0A1B11AE10000000000000000] [14/12/2019 20:21:21] - C:\WINDOWS\Installer\592306f.msi : (Google Update Helper - Google LLC) [Header ok : D0CF11E0A1B11AE10000000000000000] [20/03/2017 17:34:30] - C:\WINDOWS\Installer\6de8e61.msi : (Google Update Helper - Google Inc.) [Header ok : D0CF11E0A1B11AE10000000000000000] [01/10/2019 20:44:00] - C:\WINDOWS\Installer\9062196e.msi : (4K Video Downloader 4.9 Installer - Open Media LLC) [Header ok : D0CF11E0A1B11AE10000000000000000] [05/11/2019 21:04:47] - C:\WINDOWS\Installer\a0a5a.msi : (Adobe AIR Installer - Adobe) [Header ok : D0CF11E0A1B11AE10000000000000000] [01/11/2016 21:29:55] - C:\WINDOWS\Installer\d19c422.msi : (Lenovo Solution Center - Lenovo) [Header ok : D0CF11E0A1B11AE10000000000000000] [17/11/2018 22:35:47] - C:\WINDOWS\Installer\d35b8d.msi : (LENOVO~1|Lenovo Diagnostics Tool - Lenovo) [Header ok : D0CF11E0A1B11AE10000000000000000] [09/05/2018 12:53:36] - C:\WINDOWS\Installer\efe646a.msi : (PMB_ServiceUploader - Sony Corporation) [Header ok : D0CF11E0A1B11AE10000000000000000] [30/10/2016 08:47:49] - [53345280] - (.().-. - ()) - C:\WINDOWS\Installer\12a684.msp [11/04/2017 20:20:22] - [53348864] - (.().-. - ()) - C:\WINDOWS\Installer\2962903d.msp [28/06/2011 20:21:32] - [4637184] - (.().-. - ()) - C:\WINDOWS\Installer\2d233.msp [16/03/2017 21:09:18] - [53348864] - (.().-. - ()) - C:\WINDOWS\Installer\677c2c91.msp [15/06/2017 18:19:56] - [53350400] - (.().-. - ()) - C:\WINDOWS\Installer\9ecc7de.msp [16/01/2019 21:14:13] - [53014528] - (.().-. - ()) - C:\WINDOWS\Installer\a1f9493.msp [28/06/2011 20:27:28] - [4028928] - (.().-. - ()) - C:\WINDOWS\Installer\eaef.msp ---------- | %System%\*.in* [25/11/2016 23:42:53] - [213] - C:\WINDOWS\System32\IconCfg0.ini [19/03/2019 05:45:40] - [3329] - C:\WINDOWS\System32\ieuinit.inf [17/11/2016 19:46:54] - [20335] - C:\WINDOWS\System32\InstallUtil.InstallLog [03/10/2019 23:42:21] - [1773226] - C:\WINDOWS\System32\PerfStringBackup.INI [19/03/2019 05:45:00] - [60124] - C:\WINDOWS\System32\tcpmon.ini [19/03/2019 05:44:30] - [2404] - C:\WINDOWS\System32\WimBootCompress.ini [25/11/2016 23:42:53] - [17134] - C:\WINDOWS\Syswow64\GeneStor.INF [19/03/2019 05:46:01] - [3329] - C:\WINDOWS\Syswow64\ieuinit.inf [05/10/2017 20:15:23] - [1797] - C:\WINDOWS\Syswow64\InstallUtil.InstallLog [19/06/2015 18:17:02] - [1766590] - C:\WINDOWS\Syswow64\PerfStringBackup.INI [25/11/2016 23:42:53] - [771] - C:\WINDOWS\Syswow64\ProductName.ini [19/03/2019 05:45:19] - [2404] - C:\WINDOWS\Syswow64\WimBootCompress.ini [25/11/2016 23:42:53] - [1519] - C:\WINDOWS\Syswow64\_IconCfg0.ini ---------- | Listing no Microsoft signed files (Not necessary Malwares) | system32 | Syswow64 | General scan [MD5.862DEC5C27142824A394BC6464928F48] - |AT| - [27/12/2019 08:28:25] - (.-.) - [0.03 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\asw-2d5d0747-ecfd-4549-9951-6a0aca0a853f.tmp [MD5.35D07E7B0760EA443D2CA20FDEF9CD62] - |A| - [27/12/2019 08:32:40] - (.-.) - [2.81 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\AvastBrowser_installer.log [MD5.00000000000000000000000000000000] - |D| - [27/12/2019 08:29:57] - [0.35 Ko] - C:\WINDOWS\Temp\avast_ash2 [MD5.FD5EF1F2731FEF33E8AD7BDC640322BC] - |A| - [27/12/2019 08:30:09] - (.-.) - [20.76 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\battery-report.html [MD5.7586BF01894406B30BCCFDED7F2E778C] - |A| - [27/12/2019 08:30:06] - (.-.) - [2.19 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\battery-report.xml [MD5.705DB23B5D14922E8DC5410BD121927C] - |A| - [27/12/2019 08:33:26] - (.-.) - [2.34 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\chrome_installer.log [MD5.00000000000000000000000000000000] - |D| - [27/12/2019 08:33:01] - [0.04 Ko] - C:\WINDOWS\Temp\Crashpad [MD5.00000000000000000000000000000000] - |D| - [27/12/2019 21:03:41] - [0 Ko] - C:\WINDOWS\Temp\DiagTrack_alternativeTrace [MD5.00000000000000000000000000000000] - |D| - [27/12/2019 21:03:41] - [0 Ko] - C:\WINDOWS\Temp\DiagTrack_aot [MD5.00000000000000000000000000000000] - |D| - [27/12/2019 21:03:41] - [0 Ko] - C:\WINDOWS\Temp\DiagTrack_diag [MD5.00000000000000000000000000000000] - |D| - [27/12/2019 21:03:41] - [0 Ko] - C:\WINDOWS\Temp\DiagTrack_miniTrace [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [26/12/2019 18:53:45] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\FXSAPIDebugLogFile.txt [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [26/12/2019 18:53:45] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\FXSTIFFDebugLogFile.txt [MD5.77C1C73BD96D180C9ED302E7770569B5] - |A| - [27/12/2019 22:20:02] - (.-.) - [25.08 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\mbamiservice.log [MD5.BDC5CCEC79282BDC51520745532C12C8] - |A| - [27/12/2019 22:22:47] - (.-.) - [0.07 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\mb_errors10800.log [MD5.4826D04D04EAB0B46580C2FF10B0645A] - |A| - [27/12/2019 22:23:13] - (.-.) - [0.06 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\mb_errors12764.log [MD5.AB130FB4351B49E34DCBB3DFC14445DA] - |A| - [27/12/2019 16:26:40] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI1cb63.LOG [MD5.02AB41661390093226A71955A8797F4D] - |A| - [27/12/2019 03:13:53] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI1d540.LOG [MD5.EBF83F1DEF7CE206FEF482C0EE7E3C1E] - |A| - [27/12/2019 06:26:40] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI256dc.LOG [MD5.8A07C648D23444E5814850CC4598ED93] - |A| - [27/12/2019 11:26:40] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI2e54b.LOG [MD5.3B2D3F04781F5421DF2E93EA9174974F] - |A| - [27/12/2019 08:26:41] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI35fe.LOG [MD5.380437522DF55C62356FAE2965266158] - |A| - [27/12/2019 14:26:40] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI3ee63.LOG [MD5.6D5EC134872DF8EE28E9670856B92F2F] - |A| - [27/12/2019 01:13:53] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI3f811.LOG [MD5.C7BE178523FA831E787984A1C32FDB91] - |A| - [27/12/2019 04:26:40] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI4798d.LOG [MD5.E1A5699A393EC381A417841DE15A8AB7] - |A| - [27/12/2019 08:13:53] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI47e8b.LOG [MD5.AAA65CA32AF465613EBFD788E0273898] - |A| - [27/12/2019 09:26:41] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI50964.LOG [MD5.44E3819AE73EEB1CA17641ED5DC048EA] - |A| - [27/12/2019 21:26:41] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI5a64c.LOG [MD5.92117F4993B6A7141CB3CFC236241A33] - |A| - [27/12/2019 19:26:41] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI697ed.LOG [MD5.D5C3403B5F3B18919EE829D3DA2042DB] - |A| - [27/12/2019 02:26:40] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI69c9d.LOG [MD5.A01E003BB377A65BBBF26A9FB0C4E223] - |A| - [27/12/2019 06:13:53] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI69fd6.LOG [MD5.B6A1E190EF0E5F19A12B4CCDD28509E6] - |A| - [27/12/2019 17:26:40] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI8b8e9.LOG [MD5.5F13BCDAB39F199A36C136D5D9DCA094] - |A| - [27/12/2019 00:26:40] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI8bfad.LOG [MD5.42898E04E5C24D5458BA6E8FE0C73428] - |A| - [27/12/2019 04:13:53] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI8c381.LOG [MD5.847A1FAEB52B5AD91810F63FB5009843] - |A| - [27/12/2019 07:26:40] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI9454c.LOG [MD5.6E7CD04D2F138F9D3A36F09641D5597F] - |A| - [27/12/2019 12:26:40] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI9d409.LOG [MD5.FC48F8D649A095D92EF2C9BC2D0F7DA5] - |A| - [27/12/2019 15:26:40] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSIadd02.LOG [MD5.06D9EA232894EEC70BA895DF5680C894] - |A| - [27/12/2019 02:13:53] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSIae597.LOG [MD5.D0845AB84AEDFDF341F4CAEC95730883] - |A| - [27/12/2019 05:26:40] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSIb680d.LOG [MD5.EFA1C75DB9AB3A2F3CF2460458B62A22] - |A| - [27/12/2019 10:26:40] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSIbf6bb.LOG [MD5.84DBA0857100CA3D269FD6A932C7C566] - |A| - [27/12/2019 22:26:41] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSIc94ac.LOG [MD5.BD01062A7691BDCC51B0209A10E51913] - |A| - [27/12/2019 13:26:41] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSId013b.LOG [MD5.EE163A7E93C18D29BF2876FD91FB8C73] - |A| - [27/12/2019 20:26:41] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSId868c.LOG [MD5.7170A793B60A4DCD7B31AFAAF4E3E203] - |A| - [27/12/2019 03:26:40] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSId8b1d.LOG [MD5.53D539E9F4B0E0E445BA87F060207135] - |A| - [27/12/2019 07:13:53] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSId8f30.LOG [MD5.A76FD5C39B4BAE448395A90EE85CD675] - |A| - [27/12/2019 18:26:40] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSIfa892.LOG [MD5.7D733A46452A9717004B6F20BA8D374D] - |A| - [27/12/2019 01:26:40] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSIfae1d.LOG [MD5.214ACD6C3BE528435B1DF0313E35EF7A] - |A| - [27/12/2019 05:13:53] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSIfb211.LOG [MD5.00000000000000000000000000000000] - |D| - [27/12/2019 08:42:26] - [0 Ko] - C:\WINDOWS\Temp\tw-166c-1670-c87f0.tmp [MD5.00000000000000000000000000000000] - |D| - [27/12/2019 08:42:26] - [0 Ko] - C:\WINDOWS\Temp\tw-166c-1670-c8801.tmp [MD5.00000000000000000000000000000000] - |D| - [27/12/2019 08:42:26] - [0 Ko] - C:\WINDOWS\Temp\tw-166c-1670-c8803.tmp [MD5.00000000000000000000000000000000] - |D| - [27/12/2019 08:42:26] - [0 Ko] - C:\WINDOWS\Temp\tw-166c-1670-c8805.tmp [MD5.00000000000000000000000000000000] - |D| - [27/12/2019 08:42:26] - [0 Ko] - C:\WINDOWS\Temp\tw-166c-1670-c8807.tmp [MD5.00000000000000000000000000000000] - |D| - [27/12/2019 08:42:26] - [0 Ko] - C:\WINDOWS\Temp\tw-166c-1670-c8809.tmp [MD5.00000000000000000000000000000000] - |D| - [27/12/2019 08:42:26] - [0 Ko] - C:\WINDOWS\Temp\tw-166c-1670-c881b.tmp [MD5.00000000000000000000000000000000] - |D| - [27/12/2019 08:42:26] - [0 Ko] - C:\WINDOWS\Temp\tw-166c-1670-c881d.tmp [MD5.00000000000000000000000000000000] - |D| - [27/12/2019 08:42:26] - [0 Ko] - C:\WINDOWS\Temp\tw-166c-1670-c881f.tmp [MD5.00000000000000000000000000000000] - |D| - [27/12/2019 08:42:26] - [0 Ko] - C:\WINDOWS\Temp\tw-166c-1670-c8821.tmp [MD5.00000000000000000000000000000000] - |D| - [27/12/2019 08:42:26] - [0 Ko] - C:\WINDOWS\Temp\tw-166c-1670-c8833.tmp [MD5.00000000000000000000000000000000] - |D| - [27/12/2019 08:42:26] - [0 Ko] - C:\WINDOWS\Temp\tw-166c-1670-c8835.tmp [MD5.00000000000000000000000000000000] - |D| - [27/12/2019 08:42:26] - [0 Ko] - C:\WINDOWS\Temp\tw-166c-1670-c8837.tmp [MD5.00000000000000000000000000000000] - |D| - [27/12/2019 08:42:26] - [0 Ko] - C:\WINDOWS\Temp\tw-166c-1670-c8839.tmp [MD5.00000000000000000000000000000000] - |D| - [27/12/2019 08:42:26] - [0 Ko] - C:\WINDOWS\Temp\tw-166c-1670-c883b.tmp [MD5.00000000000000000000000000000000] - |D| - [27/12/2019 08:42:26] - [0 Ko] - C:\WINDOWS\Temp\tw-166c-1670-c884c.tmp [MD5.00000000000000000000000000000000] - |D| - [27/12/2019 08:42:26] - [0 Ko] - C:\WINDOWS\Temp\tw-166c-1670-c884e.tmp [MD5.00000000000000000000000000000000] - |D| - [27/12/2019 08:42:26] - [0 Ko] - C:\WINDOWS\Temp\tw-166c-1670-c8850.tmp [MD5.00000000000000000000000000000000] - |D| - [27/12/2019 08:42:26] - [0 Ko] - C:\WINDOWS\Temp\tw-166c-1670-c8852.tmp [MD5.00000000000000000000000000000000] - |D| - [27/12/2019 13:06:42] - [0 Ko] - C:\WINDOWS\Temp\tw-c34-1f24-ab708.tmp [MD5.00000000000000000000000000000000] - |D| - [27/12/2019 13:06:42] - [0 Ko] - C:\WINDOWS\Temp\tw-c34-1f24-ab70a.tmp [MD5.00000000000000000000000000000000] - |D| - [27/12/2019 13:06:42] - [0 Ko] - C:\WINDOWS\Temp\tw-c34-1f24-ab70c.tmp [MD5.00000000000000000000000000000000] - |D| - [27/12/2019 13:06:42] - [0 Ko] - C:\WINDOWS\Temp\tw-c34-1f24-ab71e.tmp [MD5.00000000000000000000000000000000] - |D| - [27/12/2019 13:06:42] - [0 Ko] - C:\WINDOWS\Temp\tw-c34-1f24-ab720.tmp [MD5.00000000000000000000000000000000] - |D| - [27/12/2019 13:06:42] - [0 Ko] - C:\WINDOWS\Temp\tw-c34-1f24-ab722.tmp [MD5.00000000000000000000000000000000] - |D| - [27/12/2019 13:06:42] - [0 Ko] - C:\WINDOWS\Temp\tw-c34-1f24-ab724.tmp [MD5.00000000000000000000000000000000] - |D| - [27/12/2019 13:06:42] - [0 Ko] - C:\WINDOWS\Temp\tw-c34-1f24-ab726.tmp [MD5.00000000000000000000000000000000] - |D| - [27/12/2019 13:06:42] - [0 Ko] - C:\WINDOWS\Temp\tw-c34-1f24-ab737.tmp [MD5.00000000000000000000000000000000] - |D| - [27/12/2019 13:06:42] - [0 Ko] - C:\WINDOWS\Temp\tw-c34-1f24-ab739.tmp [MD5.00000000000000000000000000000000] - |D| - [27/12/2019 13:06:42] - [0 Ko] - C:\WINDOWS\Temp\tw-c34-1f24-ab73b.tmp [MD5.00000000000000000000000000000000] - |D| - [27/12/2019 13:06:42] - [0 Ko] - C:\WINDOWS\Temp\tw-c34-1f24-ab73d.tmp [MD5.00000000000000000000000000000000] - |D| - [27/12/2019 13:06:42] - [0 Ko] - C:\WINDOWS\Temp\tw-c34-1f24-ab74f.tmp [MD5.00000000000000000000000000000000] - |D| - [27/12/2019 13:06:42] - [0 Ko] - C:\WINDOWS\Temp\tw-c34-1f24-ab751.tmp [MD5.00000000000000000000000000000000] - |D| - [27/12/2019 13:06:42] - [0 Ko] - C:\WINDOWS\Temp\tw-c34-1f24-ab753.tmp [MD5.00000000000000000000000000000000] - |D| - [27/12/2019 13:06:42] - [0 Ko] - C:\WINDOWS\Temp\tw-c34-1f24-ab755.tmp [MD5.00000000000000000000000000000000] - |D| - [27/12/2019 13:06:42] - [0 Ko] - C:\WINDOWS\Temp\tw-c34-1f24-ab757.tmp [MD5.00000000000000000000000000000000] - |D| - [27/12/2019 13:06:42] - [0 Ko] - C:\WINDOWS\Temp\tw-c34-1f24-ab769.tmp [MD5.00000000000000000000000000000000] - |D| - [27/12/2019 13:06:42] - [0 Ko] - C:\WINDOWS\Temp\tw-c34-1f24-ab76b.tmp [MD5.00000000000000000000000000000000] - |D| - [03/10/2019 23:36:17] - [0 Ko] - C:\WINDOWS\Temp\_avast_ [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 13:00:40] - [0 Ko] - C:\WINDOWS\System32\0409 [MD5.C652A5EA6545C98CE71684018E0640E7] - |A| - [19/03/2019 05:44:33] - (.-.) - [3.1 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@AdvancedKeySettingsNotification.png [MD5.D6F8DD9F561B8A67FFAC2BAD7E989770] - |A| - [19/03/2019 05:44:28] - (.-.) - [0.23 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@AppHelpToast.png [MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [19/03/2019 05:44:28] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@AudioToastIcon.png [MD5.8E4B25CC8E98F63DBD54176DFAB539E0] - |A| - [19/03/2019 05:44:03] - (.-.) - [0.44 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@BackgroundAccessToastIcon.png [MD5.3937359E324E15F6A7A7092D4DAEBD64] - |A| - [19/03/2019 05:44:47] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@bitlockertoastimage.png [MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [19/03/2019 05:44:47] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@EnrollmentToastIcon.png [MD5.C2A332DE50FE519DA21AFB8BD6E134F4] - |A| - [19/03/2019 05:44:52] - (.-.) - [0.55 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@language_notification_icon.png [MD5.A119D69B4C29845D3F8CE2E5638C8E65] - |A| - [19/03/2019 05:45:47] - (.-.) - [0.47 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@optionalfeatures.png [MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [19/03/2019 05:45:02] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@VpnToastIcon.png [MD5.79166EAF65485F1432DD72B72870026B] - |A| - [19/03/2019 05:45:32] - (.-.) - [190.86 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@windows-hello-V4.1.gif [MD5.13EF2C8D799F7B6E9D8E3D6BACB9C779] - |A| - [19/03/2019 05:45:32] - (.-.) - [0.7 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsHelloFaceToastIcon.png [MD5.F553B252FEC3134D4F5303D9B25298B3] - |A| - [19/03/2019 05:44:21] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsUpdateToastIcon.contrast-black.png [MD5.DAD405CBDE259DE527EBF71BCC28099C] - |A| - [19/03/2019 05:44:21] - (.-.) - [0.79 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsUpdateToastIcon.contrast-white.png [MD5.F553B252FEC3134D4F5303D9B25298B3] - |A| - [19/03/2019 05:44:21] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsUpdateToastIcon.png [MD5.DB71001FC261F6685BE410527DAE3942] - |A| - [19/03/2019 05:44:01] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WirelessDisplayToast.png [MD5.D0FCF781D0801ABF5F74B54E98076A5B] - |A| - [19/03/2019 05:44:12] - (.-.) - [0.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WwanNotificationIcon.png [MD5.85D91E478AF18125007C531227FF6E59] - |A| - [19/03/2019 05:44:12] - (.-.) - [0.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WwanSimLockIcon.png [MD5.31A16C523B62500F83C82217F056A538] - |A| - [19/03/2019 05:44:21] - (.-.) - [8.13 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ActiveHours.png [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [2751.51 Ko] - C:\WINDOWS\System32\AdvancedInstallers [MD5.0724FA8BCAF2725746F9BB4264989D96] - |A| - [19/03/2019 05:43:47] - (.-.) - [13 Ko] - (0.0.0.0) - C:\WINDOWS\System32\agentactivationruntimestarter.exe [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [5.97 Ko] - C:\WINDOWS\System32\am-et [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [0 Ko] - C:\WINDOWS\System32\AppLocker [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [2728.29 Ko] - C:\WINDOWS\System32\appraiser [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [355 Ko] - C:\WINDOWS\System32\ar-SA [MD5.A3FA2DD7B000AE0964395512E9C37E41] - |A| - [19/03/2019 05:45:35] - (.Copyright (c) libarchive authors - Windows-internal libarchive library.) - [607 Ko] - (3.3.2.0) - C:\WINDOWS\System32\archiveint.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\System32\as-IN [MD5.42FE37B90A47609B7A362660BCA5F3C4] - |A| - [10/10/2019 19:40:01] - (.Copyright (c) 2019 AVAST Software - Avast Antivirus start-up scanner.) - [347.38 Ko] - (19.8.4793.0) - C:\WINDOWS\System32\aswBoot.exe [MD5.C03F0062C0749CDB59A4D60862C3E83E] - |A| - [19/03/2019 05:43:47] - (.-.) - [134.86 Ko] - (0.0.0.0) - C:\WINDOWS\System32\AverageRoom.bin [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\System32\az-Latn-AZ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\System32\be-BY [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [348 Ko] - C:\WINDOWS\System32\bg-BG [MD5.705628497C0012302212A46ADD463E6E] - |A| - [19/03/2019 05:43:45] - (.-.) - [8.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.contrast-black.png [MD5.F63C615733A3337BF2BEA96C6EE9B568] - |A| - [19/03/2019 05:43:45] - (.-.) - [8.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.contrast-high.png [MD5.705628497C0012302212A46ADD463E6E] - |A| - [19/03/2019 05:43:45] - (.-.) - [8.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.contrast-white.png [MD5.DAF1DCB4AEE839A1965F4CC160C49A53] - |A| - [19/03/2019 05:43:45] - (.-.) - [8.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.png [MD5.28ECA83D7F9D10D69E969675D1FF6725] - |A| - [19/03/2019 05:43:45] - (.-.) - [1.29 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothSystemToastIcon.contrast-white.png [MD5.A620186FF1CDE4EE117FC4CAD648B9CC] - |A| - [19/03/2019 05:43:45] - (.-.) - [1.2 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\System32\bn-BD [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\System32\bn-IN [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [5891.38 Ko] - C:\WINDOWS\System32\Boot [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\System32\bs-Latn-BA [MD5.6CC5FAF5A7B51609D0D2A90AC1202918] - |A| - [19/03/2019 05:44:29] - (.Copyright (C) 2008 - Gestionnaire de contexte pour réseau personnel Bluetooth.) - [182 Ko] - (1.0.0.1) - C:\WINDOWS\System32\BthpanContextHandler.dll [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [0.1 Ko] - C:\WINDOWS\System32\Bthprops [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\System32\ca-ES [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\System32\ca-ES-valencia [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:37:22] - [66757 Ko] - C:\WINDOWS\System32\CatRoot [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [74044.36 Ko] - C:\WINDOWS\System32\catroot2 [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\System32\chr-CHER-US [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [11.19 Ko] - C:\WINDOWS\System32\CodeIntegrity [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [375 Ko] - C:\WINDOWS\System32\Com [MD5.535884123FABC2C15AA7DEC9834B55D4] - |A| - [19/03/2019 05:43:45] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ComputerToastIcon.contrast-white.png [MD5.89F92266DFC6F93961DFFBB2D6C61A15] - |A| - [19/03/2019 05:43:45] - (.-.) - [0.38 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ComputerToastIcon.png [MD5.6E14F444A2506049EEC25CB5EDFE0905] - |A| - [01/10/2018 22:47:35] - (.2013 © Real Sound Lab SIA, iSoft Solutions - CONEQ™ Media Suite APO GUI Library.) - [110.91 Ko] - (1.0.0.4) - C:\WINDOWS\System32\CONEQMSAPOGUILibrary.dll [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:37:22] - [278318.31 Ko] - C:\WINDOWS\System32\config [MD5.00000000000000000000000000000000] - |SD| - [19/03/2019 05:52:45] - [86.84 Ko] - C:\WINDOWS\System32\Configuration [MD5.FDCF1790F100879ADF8F8684018FAAC0] - |A| - [03/10/2019 23:53:03] - (.-.) - [232.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\containerdevicemanagement.dll [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [405.5 Ko] - C:\WINDOWS\System32\cs-CZ [MD5.2419907A0BB9A14F1871F0BDA7F65578] - |A| - [03/10/2019 23:53:35] - (.© 1996 - 2017 Daniel Stenberg, . - The curl executable.) - [411.5 Ko] - (7.55.1.0) - C:\WINDOWS\System32\curl.exe [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\System32\cy-GB [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [401.5 Ko] - C:\WINDOWS\System32\da-DK [MD5.B3E4FEC7C8AD9291722B49D0D63E6550] - |A| - [03/10/2019 23:52:48] - (.-.) - [146 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DataStoreCacheDumpTool.exe [MD5.00000000000000000000000000000000] - |D| - [03/11/2016 17:11:59] - [4347.34 Ko] - C:\WINDOWS\System32\DAX2 [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [277.94 Ko] - C:\WINDOWS\System32\DDFs [MD5.CAC823DDBB6E785DB76906BFCCFE55AF] - |A| - [01/10/2018 22:47:35] - (.©2014 Dolby Laboratories. - Dolby Digital Plus API x86.) - [255.34 Ko] - (7.6.5.1) - C:\WINDOWS\System32\DDPA64.dll [MD5.AEE27C741500BF38E93052DF736F5FAD] - |A| - [01/10/2018 22:47:35] - (.©2014 Dolby Laboratories. - Dolby Digital Plus API x86.) - [291.77 Ko] - (7.6.7.2) - C:\WINDOWS\System32\DDPA64F3.dll [MD5.018EFD4A9BF6FDA0F1AA3A6DE5712CD9] - |A| - [01/10/2018 22:47:35] - (.©2014 Dolby Laboratories. - Dolby Digital Plus COM DLL x86.) - [1894.34 Ko] - (7.6.5.1) - C:\WINDOWS\System32\DDPD64A.dll [MD5.F03945762D4F7DF6195095B538E5C6A2] - |A| - [01/10/2018 22:47:36] - (.©2014 Dolby Laboratories. - Dolby Digital Plus COM DLL x86.) - [1888.27 Ko] - (7.6.7.2) - C:\WINDOWS\System32\DDPD64AF3.dll [MD5.DE67ADEAC731C1ED3BD76527AB530BA5] - |A| - [01/10/2018 22:47:36] - (.©2014 Dolby Laboratories. - Dolby Digital Plus APO x86.) - [308.34 Ko] - (7.6.5.1) - C:\WINDOWS\System32\DDPO64A.dll [MD5.863B03900C286CDEB6B329CD6D0BB395] - |A| - [01/10/2018 22:47:36] - (.©2014 Dolby Laboratories. - Dolby Digital Plus APO x86.) - [341.77 Ko] - (7.6.7.2) - C:\WINDOWS\System32\DDPO64AF3.dll [MD5.C71D1DAFA22B5D3B71853783E5AA09D2] - |A| - [01/10/2018 22:47:36] - (.©2014 Dolby Laboratories. - Dolby DS1PC Control Panel x86.) - [6921.34 Ko] - (7.6.5.1) - C:\WINDOWS\System32\DDPP64A.dll [MD5.FB1F9765499981384AA360E9D3B2A2AA] - |A| - [01/10/2018 22:47:36] - (.©2014 Dolby Laboratories. - Dolby DS1PC Control Panel x86.) - [6109.27 Ko] - (7.6.7.2) - C:\WINDOWS\System32\DDPP64AF3.dll [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [456 Ko] - C:\WINDOWS\System32\de-DE [MD5.C04ED7B2794D40E8E777FD44ED44FC50] - |A| - [19/03/2019 05:44:03] - (.-.) - [0.36 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultAccountTile.png [MD5.618BA9E529EAB7E11DBA43469481835F] - |A| - [19/03/2019 05:43:47] - (.-.) - [4128.04 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultHrtfs.bin [MD5.664AA698FC0106A2B075A641E8DC6302] - |A| - [19/03/2019 05:49:38] - (.-.) - [0.84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultQuestions.json [MD5.6C22EC440786D5E1EA69E0D53C4F3B4B] - |A| - [19/03/2019 05:44:45] - (.-.) - [35 Ko] - (0.0.0.0) - C:\WINDOWS\System32\deploymentcsphelper.exe [MD5.851A9305E14B348CA0D9C7FB75391FDB] - |A| - [19/03/2019 05:44:21] - (.-.) - [272.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DesktopKeepOnToastImg.gif [MD5.4A6FA3C0EFD237F104E09A22883D9388] - |A| - [19/03/2019 05:44:25] - (.-.) - [3.85 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DetailedReading-Default.xml [MD5.DCF2510E0745720E543E84F5E921FCC0] - |A| - [18/03/2014 10:55:26] - (.-.) - [256.19 Ko] - (0.0.0.0) - C:\WINDOWS\System32\dfpinc.dat [MD5.00000000000000000000000000000000] - |SD| - [19/03/2019 05:52:45] - [917.5 Ko] - C:\WINDOWS\System32\DiagSvcs [MD5.173D1EB779621B66784DCABEDF9AFB4F] - |A| - [19/03/2019 05:44:18] - (.-.) - [82.77 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DiskSnapshot.conf [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [9703.6 Ko] - C:\WINDOWS\System32\Dism [MD5.6AB2B935BF38EB13CFCB9506223FD6E7] - |A| - [19/03/2019 05:43:45] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DisplaySystemToastIcon.contrast-white.png [MD5.FF004E0B30E5E4EC747B3D8EF6E3B89E] - |A| - [19/03/2019 05:43:45] - (.-.) - [0.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DisplaySystemToastIcon.png [MD5.1689D0E01CDD0DFF021ECF9D67CDD895] - |A| - [01/10/2018 22:47:36] - (.© 2015 Dolby Laboratories, Inc. - Dolby DAX2 APO Property Page.) - [922.84 Ko] - (0.4.0.19) - C:\WINDOWS\System32\DolbyDAX2APOProp.dll [MD5.2D6527EA6B43700FFE4D5E869D0217CA] - |A| - [01/10/2018 22:47:36] - (.© 2015 Dolby Laboratories, Inc. - Dolby DAX2 APO.) - [2403.84 Ko] - (0.4.0.19) - C:\WINDOWS\System32\DolbyDAX2APOv211.dll [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [2420.63 Ko] - C:\WINDOWS\System32\downlevel [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:51:55] - [157597.32 Ko] - C:\WINDOWS\System32\drivers [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [0 Ko] - C:\WINDOWS\System32\DriverState [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:37:22] - [2074564.69 Ko] - C:\WINDOWS\System32\DriverStore [MD5.C3F8294852FB20F1E03F4A0867100D4C] - |A| - [04/10/2019 02:44:55] - (.-.) - [0.31 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DrtmAuth1.bin [MD5.DC1864D247977386E3046B21B238728F] - |A| - [04/10/2019 02:44:55] - (.-.) - [0.31 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DrtmAuth10.bin [MD5.F5E7B12404FD058E87FFACC4D8ADBFF5] - |A| - [04/10/2019 02:44:55] - (.-.) - [0.31 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DrtmAuth11.bin [MD5.3B7F5ED89ED8860BE5480890010CFE48] - |A| - [04/10/2019 02:44:55] - (.-.) - [0.31 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DrtmAuth12.bin [MD5.ACA932E837044CCD3F76534E85B5E4FA] - |A| - [04/10/2019 02:44:55] - (.-.) - [0.31 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DrtmAuth2.bin [MD5.A1E025AD5275E77BE562B7FADFEF9A6D] - |A| - [04/10/2019 02:44:55] - (.-.) - [0.31 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DrtmAuth3.bin [MD5.1465663694A2FEE2631840D7D1244FB4] - |A| - [04/10/2019 02:44:55] - (.-.) - [0.31 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DrtmAuth4.bin [MD5.B616A3727148474D13AD0AC6508015CC] - |A| - [04/10/2019 02:44:55] - (.-.) - [0.31 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DrtmAuth5.bin [MD5.4E07AC9E6D18F2AF157498A6F33573B0] - |A| - [04/10/2019 02:44:55] - (.-.) - [0.31 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DrtmAuth6.bin [MD5.E13AFE8490D5272FE7D36148609390B3] - |A| - [04/10/2019 02:44:55] - (.-.) - [0.31 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DrtmAuth7.bin [MD5.25D97861D9C814B7E89A1DAF9E71C499] - |A| - [04/10/2019 02:44:55] - (.-.) - [0.31 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DrtmAuth8.bin [MD5.6944755C4B18463F32F9E9A0A9623475] - |A| - [04/10/2019 02:44:55] - (.-.) - [0.31 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DrtmAuth9.bin [MD5.00000000000000000000000000000000] - |SD| - [19/03/2019 05:52:45] - [214.5 Ko] - C:\WINDOWS\System32\dsc [MD5.8B5A737AD11EF45D9B1AEB4ED6884968] - |A| - [01/10/2018 22:47:36] - (.(c) DTS. - DTS Bass Enhancement COM DLL.) - [711.6 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSBassEnhancementDLL64.dll [MD5.21B38D4D86A87909491F690883AE6D1E] - |A| - [01/10/2018 22:47:36] - (.(c) DTS. - DTS Boost COM DLL.) - [1452.1 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSBoostDLL64.dll [MD5.FF31A2F57AAAB58DB78FCC961A58B206] - |A| - [01/10/2018 22:47:36] - (.(c) DTS. - DTS Gain Compensator COM DLL.) - [418.6 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSGainCompensatorDLL64.dll [MD5.BC0474E5476E5EA0D0E1AA5AC41E2061] - |A| - [01/10/2018 22:47:36] - (.(c) DTS. - DTS GFX APO.) - [237.1 Ko] - (1.0.0.3) - C:\WINDOWS\System32\DTSGFXAPO64.dll [MD5.3B8FB5376F5431C0101747D5138BCB9B] - |A| - [01/10/2018 22:47:36] - (.(c) DTS. - DTS GFX APO.) - [236.1 Ko] - (1.0.0.3) - C:\WINDOWS\System32\DTSGFXAPONS64.dll [MD5.B3977C8BA77559F4F8752AE8EB724C87] - |A| - [01/10/2018 22:47:36] - (.(c) DTS. - DTS LFX APO.) - [237.1 Ko] - (1.0.0.3) - C:\WINDOWS\System32\DTSLFXAPO64.dll [MD5.192A03A21636D3775CEE4C049C3BEB2A] - |A| - [01/10/2018 22:47:36] - (.(c) DTS. - DTS Limiter COM DLL.) - [422.6 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSLimiterDLL64.dll [MD5.2EF5442E8E7ED20F7634EEFB09640C8F] - |A| - [01/10/2018 22:47:36] - (.(c) DTS. - DTS NEO:PC COM DLL.) - [479.6 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSNeoPCDLL64.dll [MD5.F7C357462077156DC211AC2112FC8C53] - |A| - [01/10/2018 22:47:36] - (.(c) DTS. - DTS Surround Sensation Headphone COM DLL.) - [1531.6 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSS2HeadphoneDLL64.dll [MD5.F132C08BD8C58579B400DFAA71F34CFB] - |A| - [01/10/2018 22:47:36] - (.(c) DTS. - DTS Surround Sensation Speaker COM DLL.) - [1715.1 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSS2SpeakerDLL64.dll [MD5.9948969B2C1987B1D64789EFEB284A84] - |A| - [01/10/2018 22:47:36] - (.(c) DTS. - DTS Symmetry COM DLL.) - [695.6 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSSymmetryDLL64.dll [MD5.DE32448E6B40141C80DAABFF6FBE1744] - |A| - [01/10/2018 22:47:37] - (.(c) DTS. - DTS Voice Clarity COM DLL.) - [677.1 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSVoiceClarityDLL64.dll [MD5.1394A49F087BE158119BDC01965E7E6E] - |A| - [04/10/2019 02:44:14] - (.-.) - [2529.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\dwmscene.dll [MD5.DF84EB7B44D1414284BA384F0061D1DC] - |A| - [19/03/2019 05:43:47] - (.-.) - [728.08 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DynamicLong.bin [MD5.346870077DFD18867A9693C7A59AA3E6] - |A| - [19/03/2019 05:43:47] - (.-.) - [503.08 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DynamicMedium.bin [MD5.2BEC13D68312ADE8C0065D8BCC146D2F] - |A| - [19/03/2019 05:43:47] - (.-.) - [315.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DynamicShort.bin [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [461 Ko] - C:\WINDOWS\System32\el-GR [MD5.07AFFB1FDBB50CBE206B06B02CD4E1CA] - |A| - [03/11/2016 17:24:20] - (.-.) - [22.66 Ko] - (0.0.0.0) - C:\WINDOWS\System32\emptyregdb.dat [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 13:00:40] - [3369 Ko] - C:\WINDOWS\System32\en [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [326 Ko] - C:\WINDOWS\System32\en-GB [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [41613.81 Ko] - C:\WINDOWS\System32\en-US [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [436 Ko] - C:\WINDOWS\System32\es-ES [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [361.5 Ko] - C:\WINDOWS\System32\es-MX [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [320 Ko] - C:\WINDOWS\System32\et-EE [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\System32\eu-ES [MD5.00000000000000000000000000000000] - |SD| - [19/03/2019 05:52:45] - [16996.14 Ko] - C:\WINDOWS\System32\F12 [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\System32\fa-IR [MD5.4DED57BD7ACB9B0EBBE82034EC44645A] - |A| - [19/03/2019 05:44:39] - (.-.) - [43.22 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FeatureToastBulldogImg.png [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [7.11 Ko] - C:\WINDOWS\System32\ff-Adlm-SN [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [406.5 Ko] - C:\WINDOWS\System32\fi-FI [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\System32\fil-PH [MD5.2E9BEC7E1E343596E2E8CF142B36846E] - |A| - [03/10/2019 23:24:22] - (.-.) - [312.49 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FNTCACHE.DAT [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 13:00:40] - [3403.5 Ko] - C:\WINDOWS\System32\fr [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [371.5 Ko] - C:\WINDOWS\System32\fr-CA [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [46624.41 Ko] - C:\WINDOWS\System32\fr-FR [MD5.3C402FA88BB488B77A73428623B7825B] - |A| - [19/03/2019 05:45:49] - (.-.) - [167 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FsNVSDeviceSource.dll [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [0 Ko] - C:\WINDOWS\System32\FxsTmp [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\System32\ga-IE [MD5.41FD64AE28A0C932CA7B2A250993D675] - |A| - [19/03/2019 05:43:45] - (.-.) - [1.45 Ko] - (0.0.0.0) - C:\WINDOWS\System32\GameSystemToastIcon.contrast-white.png [MD5.6DC77FD8B062264AF1C6DA325ABB7010] - |A| - [19/03/2019 05:43:45] - (.-.) - [1.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\GameSystemToastIcon.png [MD5.2E6AF4D5BF6E31E728F409984C3045D4] - |A| - [19/03/2019 05:45:50] - (.-.) - [86.7 Ko] - (0.0.0.0) - C:\WINDOWS\System32\gatherNetworkInfo.vbs [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\System32\gd-GB [MD5.1CC832AEED2DD56A0259B0FFDC05D3D3] - |A| - [25/11/2016 23:42:53] - (.Copyright c 2003 - GeneIcon.) - [5500.5 Ko] - (1.2.0.0) - C:\WINDOWS\System32\GeneIcon.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\System32\gl-ES [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 16:36:31] - [0 Ko] - C:\WINDOWS\System32\GroupPolicy [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 16:36:31] - [0 Ko] - C:\WINDOWS\System32\GroupPolicyUsers [MD5.9E04178868C8EE9AE1E37CB116D0A62A] - |A| - [26/11/2016 08:37:30] - (.Copyright (C) 2014 - GeneStor co-installer.) - [125.02 Ko] - (1.0.0.1) - C:\WINDOWS\System32\GSCoinst.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\System32\gu-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\System32\ha-Latn-NG [MD5.EA99A87E98D995DE6E280CF85CEAD413] - |A| - [19/03/2019 05:43:45] - (.-.) - [1.21 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HandwritingSystemToastIcon.contrast-white.png [MD5.B8E586ED92DB703FFA480E254996160E] - |A| - [19/03/2019 05:43:45] - (.-.) - [0.89 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HandwritingSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [329.5 Ko] - C:\WINDOWS\System32\he-IL [MD5.6E9E9D56B192B2995493E529CFF2BBFE] - |A| - [19/03/2019 05:43:45] - (.-.) - [1.43 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadphoneSystemToastIcon.contrast-white.png [MD5.7F1E9502267F778F3A8139C35A352190] - |A| - [19/03/2019 05:43:45] - (.-.) - [1.09 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadphoneSystemToastIcon.png [MD5.202A07E4526B050E22624328E64E0470] - |A| - [19/03/2019 05:43:45] - (.-.) - [1.52 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadsetSystemToastIcon.contrast-white.png [MD5.1892ACC10CAC009BCAC146AD650ABA58] - |A| - [19/03/2019 05:43:45] - (.-.) - [1.17 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadsetSystemToastIcon.png [MD5.031713BFD5F30E63336D3CA5D2767BE9] - |A| - [19/03/2019 05:43:45] - (.-.) - [1.79 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HealthSystemToastIcon.contrast-white.png [MD5.C1BD7976C99830E33A713D02374054EC] - |A| - [19/03/2019 05:43:45] - (.-.) - [1.62 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HealthSystemToastIcon.png [MD5.D6F7FB7B9386E0A029DCCD11DD84B15A] - |A| - [19/03/2019 05:44:11] - (.-.) - [260 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeatCore.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\System32\hi-IN [MD5.7343F1A3B7BAC94625F2AD26887D80D2] - |A| - [01/10/2018 22:47:38] - (.© 2015 Dolby Laboratories, Inc. - Dolby DAX2 HiFi API.) - [341.34 Ko] - (0.4.0.21) - C:\WINDOWS\System32\HiFiDAX2API.dll [MD5.BA287DEB65C43E5EDD24A49871C0A3B2] - |A| - [07/05/2008 18:59:36] - (.-.) - [18.46 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HPEACLHN.HPI [MD5.53D8BBB236513133915E8206CC8E419F] - |A| - [07/05/2008 18:59:34] - (.Copyright (C) 1999 - LanguageMonitor.) - [34 Ko] - (61.53.25.9) - C:\WINDOWS\System32\HPZ3LLHN.DLL [MD5.C835670705596AE67EE7E0AE92A12071] - |A| - [07/05/2008 18:59:34] - (.Copyright (C) 1999 - LanguageMonitor.) - [47.5 Ko] - (61.53.25.9) - C:\WINDOWS\System32\HPZLLLHN.DLL [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [337 Ko] - C:\WINDOWS\System32\hr-HR [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [413.5 Ko] - C:\WINDOWS\System32\hu-HU [MD5.B4DE48A0333CD63B62CDC63B516D9902] - |A| - [19/03/2019 05:45:54] - (.-.) - [37.8 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HvSocket.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\System32\hy-AM [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 13:02:58] - [158.57 Ko] - C:\WINDOWS\System32\Hydrogen [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [5.36 Ko] - C:\WINDOWS\System32\ias [MD5.2E04011BC90C109679F5F9CC8F7147FD] - |A| - [25/11/2016 23:42:53] - (.-.) - [0.21 Ko] - (0.0.0.0) - C:\WINDOWS\System32\IconCfg0.ini [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [36.27 Ko] - C:\WINDOWS\System32\icsxml [MD5.2E977573411A099BD0213832B7442F0E] - |A| - [03/10/2019 23:53:00] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Combined Library.) - [2267 Ko] - (63.1.0.0) - C:\WINDOWS\System32\icu.dll [MD5.D2A4919E61E99157AD2DE994795C0F83] - |RA| - [19/03/2019 05:44:15] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU I18N DLL.) - [24.5 Ko] - (63.1.0.0) - C:\WINDOWS\System32\icuin.dll [MD5.003EEDD728E2952E23DB9F6516B9194A] - |RA| - [19/03/2019 05:44:15] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Common DLL.) - [29 Ko] - (63.1.0.0) - C:\WINDOWS\System32\icuuc.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\System32\id-ID [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\System32\ig-NG [MD5.8CE43FCE353B86A81F67014B6EEE5143] - |A| - [19/03/2019 05:43:45] - (.-.) - [195.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\IHDS.dll [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [25976.08 Ko] - C:\WINDOWS\System32\IME [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [0 Ko] - C:\WINDOWS\System32\inetsrv [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [6869.5 Ko] - C:\WINDOWS\System32\InputMethod [MD5.8DE9AE82152650C178BF1E24014E8503] - |A| - [19/03/2019 05:43:45] - (.-.) - [1.25 Ko] - (0.0.0.0) - C:\WINDOWS\System32\InputSystemToastIcon.contrast-white.png [MD5.0B9FBD6F3ED617CD36D042D3422F1C2B] - |A| - [19/03/2019 05:43:45] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\InputSystemToastIcon.png [MD5.5AD1B58C4631564DEB5A1E8DBE266A90] - |A| - [17/11/2016 19:46:54] - (.-.) - [19.86 Ko] - (0.0.0.0) - C:\WINDOWS\System32\InstallUtil.InstallLog [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [0 Ko] - C:\WINDOWS\System32\Ipmi [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\System32\is-IS [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [435 Ko] - C:\WINDOWS\System32\it-IT [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [325.09 Ko] - C:\WINDOWS\System32\ja-jp [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\System32\ka-GE [MD5.23AC7515B6D8A794BCC01B582F044078] - |A| - [19/03/2019 05:43:45] - (.-.) - [0.82 Ko] - (0.0.0.0) - C:\WINDOWS\System32\KeyboardSystemToastIcon.contrast-white.png [MD5.3DF873E16CCEA9B42857FB5FA085CB00] - |A| - [19/03/2019 05:43:45] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\KeyboardSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [532.61 Ko] - C:\WINDOWS\System32\Keywords [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\System32\kk-KZ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\System32\km-KH [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\System32\kn-IN [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [298 Ko] - C:\WINDOWS\System32\ko-KR [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\System32\kok-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\System32\ku-Arab-IQ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\System32\ky-KG [MD5.9451D4436E2EA67EB33FCC764E4AABED] - |A| - [19/03/2019 05:44:21] - (.-.) - [186.29 Ko] - (0.0.0.0) - C:\WINDOWS\System32\LaptopPlugInToastImg.gif [MD5.F0CC83E1BA7E24F9B3292160C28AECD7] - |A| - [19/03/2019 05:43:47] - (.-.) - [145.56 Ko] - (0.0.0.0) - C:\WINDOWS\System32\LargeRoom.bin [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\System32\lb-LU [MD5.9A6B161FF7A7901D337E2A3A25B3CA0B] - |A| - [19/06/2015 18:13:57] - (.-.) - [0.01 Ko] - (0.0.0.0) - C:\WINDOWS\System32\lendrvchk.scp [MD5.157FB82D7141B18624FF2D42190C97E1] - |A| - [19/03/2019 13:01:40] - (.-.) - [1572 Ko] - (2.6.5.1) - C:\WINDOWS\System32\libcrypto.dll [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [625.17 Ko] - C:\WINDOWS\System32\Licenses [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\System32\lo-LA [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [30610.88 Ko] - C:\WINDOWS\System32\LogFiles [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [335.5 Ko] - C:\WINDOWS\System32\lt-LT [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [333.5 Ko] - C:\WINDOWS\System32\lv-LV [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [58222.6 Ko] - C:\WINDOWS\System32\Macromed [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 13:02:25] - [32.68 Ko] - C:\WINDOWS\System32\MailContactsCalendarSync [MD5.75616F8DB5C092A8A50AFEC273859DD7] - |A| - [01/10/2018 22:47:39] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [311.34 Ko] - (2.2.9.0) - C:\WINDOWS\System32\MaxxAudioAPO20.dll [MD5.06080807E61471A18AD99F3E6FF3C9B5] - |A| - [01/10/2018 22:47:39] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [647.75 Ko] - (3.6.0.0) - C:\WINDOWS\System32\MaxxAudioAPO30.dll [MD5.71947A1775D4CBD9CBE580C6E97FF78E] - |A| - [01/01/2017 14:22:52] - (.Copyright (C) 2010-2013 - MaxxAudio APO Shell.) - [901.25 Ko] - (4.10.8.0) - C:\WINDOWS\System32\MaxxAudioAPOShell64.dll [MD5.E93ADE8C38CA41442FE60E844DED92AC] - |A| - [01/10/2018 22:47:39] - (.Copyright © 1996-2014 -.) - [1993.59 Ko] - (4.1.1.0) - C:\WINDOWS\System32\MaxxAudioEQ64.dll [MD5.1C17816C2382A01A6AC212A35D288E23] - |A| - [01/01/2017 14:22:52] - (.- Waves Realtek App.) - [1871.75 Ko] - (5.2.16.0) - C:\WINDOWS\System32\MaxxAudioRealtek264.dll [MD5.CB56F27AFF28FB9576C6FC79E6D14036] - |A| - [01/01/2017 14:22:52] - (.Copyright © 1996-2013 -.) - [13719.25 Ko] - (4.4.10.0) - C:\WINDOWS\System32\MaxxAudioRealtek64.dll [MD5.587A8CF457604D84266FF858CEB60223] - |A| - [01/10/2018 22:47:40] - (.© Waves Audio Ltd. - MaxxVolumeSD APO.) - [647.25 Ko] - (3.6.0.0) - C:\WINDOWS\System32\MaxxVolumeSDAPO.dll [MD5.B178DCBF725D542401B36B708409F959] - |A| - [14/10/2019 19:29:47] - (.-.) - [836.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MBR2GPT.EXE [MD5.F23EB28468FC8B62AF941308EC30387F] - |A| - [19/03/2019 05:43:45] - (.-.) - [1.25 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediaSystemToastIcon.contrast-white.png [MD5.6E27512E38D598E0A60F8E5ADCF032CD] - |A| - [19/03/2019 05:43:45] - (.-.) - [0.83 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediaSystemToastIcon.png [MD5.69D04DE701CF1E8CE69C65D1671D2B3F] - |A| - [19/03/2019 05:43:47] - (.-.) - [107.46 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediumRoom.bin [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\System32\mi-NZ [MD5.00000000000000000000000000000000] - |D| - [03/10/2019 23:58:08] - [1122.81 Ko] - C:\WINDOWS\System32\Microsoft [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [5319.2 Ko] - C:\WINDOWS\System32\migration [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [46633.82 Ko] - C:\WINDOWS\System32\migwiz [MD5.08749DCC252AE1148E3BEA32B3FFFBFC] - |A| - [19/03/2019 05:46:18] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MixedRealityRuntime.json [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\System32\mk-MK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\System32\ml-IN [MD5.C8BF077B236ED2803347BD95DE29BF68] - |A| - [19/03/2019 05:49:39] - (.-.) - [3.03 Ko] - (0.0.0.0) - C:\WINDOWS\System32\mmc.exe.config [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\System32\mn-MN [MD5.B43E43FFFDD0F06A6925C7C89594042B] - |A| - [19/03/2019 05:43:45] - (.-.) - [1.35 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MouseSystemToastIcon.contrast-white.png [MD5.5D2F0D3E50BF1129D260AC1405FF2A18] - |A| - [19/03/2019 05:43:45] - (.-.) - [1.06 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MouseSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\System32\mr-IN [MD5.00000000000000000000000000000000] - |D| - [01/11/2016 23:50:03] - [0 Ko] - C:\WINDOWS\System32\MRT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\System32\ms-MY [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [45.5 Ko] - C:\WINDOWS\System32\MSDRM [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [4276.28 Ko] - C:\WINDOWS\System32\MsDtc [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\System32\mt-MT [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [19.16 Ko] - C:\WINDOWS\System32\MUI [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [45.64 Ko] - C:\WINDOWS\System32\my-mm [MD5.6B1E196C4E5CB30D6FF99CFA8F1F071D] - |A| - [19/03/2019 05:44:28] - (.-.) - [28.7 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NarratorControlTemplates.xml [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [396.5 Ko] - C:\WINDOWS\System32\nb-NO [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [128 Ko] - C:\WINDOWS\System32\NDF [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\System32\ne-NP [MD5.1A486715AA5937A878A3FD3173EA8BAA] - |A| - [11/06/2017 21:36:19] - (.-.) - [249.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NetSetupMig.log [MD5.C146E873B22C3B300B21A859FE66C27A] - |A| - [19/03/2019 05:45:50] - (.-.) - [21.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NetTrace.PLA.Diagnostics.xml [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [51 Ko] - C:\WINDOWS\System32\networklist [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [431.5 Ko] - C:\WINDOWS\System32\nl-NL [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\System32\nn-NO [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\System32\nso-ZA [MD5.00000000000000000000000000000000] - |SD| - [19/03/2019 05:52:45] - [3781.5 Ko] - C:\WINDOWS\System32\Nui [MD5.CA73C8321216E19F093B84CB6593B8B0] - |A| - [11/06/2017 21:39:04] - (.-.) - [8593.82 Ko] - (0.0.0.0) - C:\WINDOWS\System32\nvcoproc.bin [MD5.BACFD032AAF507CDF1AC6B5706235208] - |A| - [05/09/2019 21:41:47] - (.-.) - [54.38 Ko] - (0.0.0.0) - C:\WINDOWS\System32\nvinfo.pb [MD5.E04972DEEC18D6D82DA9C7E2E51F3100] - |A| - [16/12/2019 23:42:47] - (.-.) - [660.75 Ko] - (0.0.0.0) - C:\WINDOWS\System32\nvofapi64.dll [MD5.2145E8D9F059A01AD670A8A0FE3B74BF] - |A| - [19/03/2019 13:02:58] - (.-.) - [18.46 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OEMDefaultAssociations.xml [MD5.69F492F69D2F54EFB307814AA51328E4] - |A| - [03/04/2014 20:14:45] - (.-.) - [56.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OEMLOGO.bmp [MD5.F3DC097E834C1A11F2BEDFD429C644A9] - |A| - [19/03/2019 05:44:21] - (.-.) - [0.41 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.contrast-black.png [MD5.BFE1CCA08FEFC8A3422F7DA615567D75] - |A| - [19/03/2019 05:44:21] - (.-.) - [0.43 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.contrast-white.png [MD5.F3DC097E834C1A11F2BEDFD429C644A9] - |A| - [19/03/2019 05:44:21] - (.-.) - [0.41 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.png [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [34772.94 Ko] - C:\WINDOWS\System32\oobe [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 13:01:40] - [3554.5 Ko] - C:\WINDOWS\System32\OpenSSH [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\System32\or-IN [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [3.81 Ko] - C:\WINDOWS\System32\osa-Osge-001 [MD5.459FB33AA2114A28C5932FEAA115B072] - |A| - [19/03/2019 05:43:47] - (.-.) - [45.82 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OutdoorAudioEnvironment.bin [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\System32\pa-Arab-PK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\System32\pa-IN [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [1746.67 Ko] - C:\WINDOWS\System32\PerceptionSimulation [MD5.A821A094FD06EF79C56D467E30C6644D] - |A| - [19/03/2019 05:55:38] - (.-.) - [130.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc009.dat [MD5.7FF4ED3B7629DA18AB985775D56BA519] - |A| - [19/03/2019 13:00:42] - (.-.) - [146.49 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc00C.dat [MD5.1E60BC5E525063B96078DF17FBD3C4E1] - |A| - [19/03/2019 05:55:38] - (.-.) - [32.64 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd009.dat [MD5.9F9AF8517189B0D61B2615007E071084] - |A| - [19/03/2019 13:00:42] - (.-.) - [39.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd00C.dat [MD5.E5BB32372EB6D56F560BD7B1DD2A40FD] - |A| - [19/03/2019 05:55:38] - (.-.) - [686.14 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh009.dat [MD5.79F09D42231CF4E4AF725FD14DA309C8] - |A| - [19/03/2019 13:00:42] - (.-.) - [773.38 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh00C.dat [MD5.959FC7D375182ABE04CFDF7B2C394C0A] - |A| - [03/10/2019 23:42:21] - (.-.) - [1731.67 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PerfStringBackup.INI [MD5.79D34E3B62076D4C875C748F5BE71ECA] - |A| - [19/03/2019 05:43:45] - (.-.) - [2.21 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PhoneSystemToastIcon.contrast-white.png [MD5.4D9495349D00D9AD907F227FF51F289F] - |A| - [19/03/2019 05:43:45] - (.-.) - [1.92 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PhoneSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [430 Ko] - C:\WINDOWS\System32\pl-PL [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [456.5 Ko] - C:\WINDOWS\System32\PointOfService [MD5.686E760C5AEA12E78A85B617B76D99A9] - |A| - [19/10/2012 03:52:32] - (.-.) - [3776.41 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PortChanger.exe [MD5.77D96999819206E9208DF12819E5DBA7] - |A| - [19/03/2019 05:44:12] - (.-.) - [42.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\pospaymentsworker.exe [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 13:00:41] - [973.95 Ko] - C:\WINDOWS\System32\Printing_Admin_Scripts [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [0 Ko] - C:\WINDOWS\System32\ProximityToast [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\System32\prs-AF [MD5.007893E8374C766471239EB291BA8C17] - |A| - [19/03/2019 05:44:00] - (.-.) - [4.05 Ko] - (0.0.0.0) - C:\WINDOWS\System32\psmodulediscoveryprovider.mof [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [424 Ko] - C:\WINDOWS\System32\pt-BR [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [426.5 Ko] - C:\WINDOWS\System32\pt-PT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\System32\quc-Latn-GT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\System32\quz-PE [MD5.8882AD10853E45402CABD3BAF48A7EFC] - |A| - [01/10/2018 22:47:40] - (.©2012 Dolby Laboratories. - Dolby PCEE4 ASL Analog x64.) - [121.27 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EEA64A.dll [MD5.0B5EF50E26CFD1E7BF01E32E053532B2] - |A| - [01/10/2018 22:47:40] - (.©2012 Dolby Laboratories. - Dolby PCEE4 COM DLL x64.) - [424.77 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EED64A.dll [MD5.01096663377134C41D618AF0E53A953E] - |A| - [01/10/2018 22:47:40] - (.©2012 Dolby Laboratories. - Dolby PCEE4 GFX APO x64.) - [73.27 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EEG64A.dll [MD5.D0EB28022A91A5C084E8A7DEBB08D8D2] - |A| - [01/10/2018 22:47:40] - (.©2012 Dolby Laboratories. - Dolby PCEE4 LFX APO x64.) - [138.27 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EEL64A.dll [MD5.03625A179B27362D3A90E3331AEBE95E] - |A| - [01/10/2018 22:47:40] - (.©2012 Dolby Laboratories. - Dolby PCEE4 Control Panel x64.) - [6996.27 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EEP64A.dll [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [23.75 Ko] - C:\WINDOWS\System32\ras [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [0 Ko] - C:\WINDOWS\System32\RasToast [MD5.2210F24EDC6E80B1D311B2C3641DE9FA] - |A| - [03/10/2019 23:53:40] - (.-.) - [1983.5 Ko] - (1.0.1907.17001) - C:\WINDOWS\System32\rdpnano.dll [MD5.D8D02FD6073373A537FC0C1024E7C6DA] - |A| - [19/03/2019 05:43:47] - (.-.) - [60.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\rdsxvmaudio.dll [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [2.26 Ko] - C:\WINDOWS\System32\Recovery [MD5.826549DF7B1333179BA8CA939B12DAD3] - |A| - [19/03/2019 05:43:45] - (.-.) - [1.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RemoteSystemToastIcon.contrast-white.png [MD5.B4DEEC96F9DF6961D5DE054F11BF9C2B] - |A| - [19/03/2019 05:43:45] - (.-.) - [1.1 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RemoteSystemToastIcon.png [MD5.1B7341B9AAFB4925790B5C37C10F285A] - |A| - [04/10/2019 02:44:54] - (.-.) - [107.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResBParser.dll [MD5.1FB4B6A26FEEF4A99B7D0ECD2ADDF075] - |A| - [19/03/2019 05:45:56] - (.-.) - [9.19 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriHMImageList [MD5.93915F385A4EED6C0FBEE364EA90CE56] - |A| - [19/03/2019 05:45:56] - (.-.) - [9.09 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriHMImageListLowCost [MD5.39BB5D2A5EC1CBDD722CAB7BDCEC41F5] - |A| - [19/03/2019 05:45:56] - (.-.) - [8.64 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriImageList [MD5.39A2449AFF6ABAD80B97EA7C7CEB3F8E] - |A| - [19/03/2019 05:45:56] - (.-.) - [8.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriImageListLowCost [MD5.831C579709F4761E4AB7053FCF4176EC] - |A| - [19/03/2019 05:44:21] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.contrast-black.png [MD5.DF286186041C6BF73C5DC21CEEEFFED5] - |A| - [19/03/2019 05:44:21] - (.-.) - [0.77 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.contrast-white.png [MD5.831C579709F4761E4AB7053FCF4176EC] - |A| - [19/03/2019 05:44:21] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.png [MD5.AE9FE55FED83149715734CB83339055A] - |A| - [19/03/2019 05:44:21] - (.-.) - [1.07 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartTonight_80.png [MD5.AE9FE55FED83149715734CB83339055A] - |A| - [19/03/2019 05:44:21] - (.-.) - [1.07 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartTonight_80_contrast-black.png [MD5.891AD355AB777A95695FC8A8A623A614] - |A| - [19/03/2019 05:44:21] - (.-.) - [0.98 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartTonight_80_contrast-white.png [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [0.07 Ko] - C:\WINDOWS\System32\restore [MD5.E9D4A333DF15D06C68AC4BFB9B6581CB] - |A| - [01/10/2018 22:47:41] - (.© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DAA Control Panel x64.) - [302.84 Ko] - (6.0.6001.18) - C:\WINDOWS\System32\RP3DAA64.dll [MD5.B6FE01558CC03F3866C9AD0ED19261D8] - |A| - [01/10/2018 22:47:41] - (.© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DHT Control Panel x64.) - [302.84 Ko] - (6.0.6001.18) - C:\WINDOWS\System32\RP3DHT64.dll [MD5.A6286A6C7A1BBFCBA17AA54384A21D1C] - |A| - [01/10/2018 22:47:42] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 COM DLL x64.) - [199.34 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEED64A.dll [MD5.6F4CD493196100EEF349D7132CECAFD9] - |A| - [01/10/2018 22:47:42] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 GFX APO x64.) - [76.84 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEEG64A.dll [MD5.ECAEC5FBBBEF8612AF0A866AFA5F7EF2] - |A| - [01/10/2018 22:47:42] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 LFX APO x64.) - [98.84 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEEL64A.dll [MD5.D0D0D82B7366E691275E433CD34F89B2] - |A| - [01/10/2018 22:47:42] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 Control Panel x64.) - [366.34 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEEP64A.dll [MD5.AA694008D3068ED546D9DF920BF5300D] - |A| - [19/03/2019 05:44:35] - (.-.) - [57.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\runexehelper.exe [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\System32\rw-RW [MD5.5C18CD22BE4628865FCB63337A6E5EF6] - |A| - [19/03/2019 05:46:39] - (.-.) - [10.18 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScavengeSpace.xml [MD5.2F24BC74DCB28FE032C1596755385917] - |A| - [19/03/2019 05:44:21] - (.-.) - [0.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.contrast-black.png [MD5.E72B1B6800DE45AA9AE7E10F899E5999] - |A| - [19/03/2019 05:44:21] - (.-.) - [0.54 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.contrast-white.png [MD5.2F24BC74DCB28FE032C1596755385917] - |A| - [19/03/2019 05:44:21] - (.-.) - [0.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\System32\sd-Arab-PK [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [6.92 Ko] - C:\WINDOWS\System32\SecureBootUpdates [MD5.A8308D2F3DDE0745E8B678BF69A2ECD0] - |A| - [19/03/2019 05:44:01] - (.-.) - [8 Ko] - (0.0.0.0) - C:\WINDOWS\System32\settings.dat [MD5.17ABCAD44A75C635583A238ED6333357] - |A| - [01/10/2018 22:47:43] - (.Copyright (c) 2006-2011 Synopsys, Inc. All Rights Reserved - SFAPO.DLL.) - [76.84 Ko] - (3.0.0.16) - C:\WINDOWS\System32\SFAPO64.dll [MD5.2C25AF115BDDC05D9A84D26227A08E63] - |A| - [01/10/2018 22:47:43] - (.Copyright (c) 2006-2011 Synopsys, Inc. All Rights Reserved - SFCOM.DLL.) - [79.34 Ko] - (3.0.0.16) - C:\WINDOWS\System32\SFCOM64.dll [MD5.7B3E9344FB43D799C6462227A0E65877] - |A| - [01/10/2018 22:47:43] - (.Copyright (c) 2006-2011 Synopsys, Inc. All Rights Reserved - SFNHK.DLL.) - [215.84 Ko] - (3.0.0.16) - C:\WINDOWS\System32\SFNHK64.dll [MD5.DAC275ABAAD2B689D7BB3685E4032072] - |A| - [19/03/2019 05:43:47] - (.-.) - [68.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SmallRoom.bin [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:37:22] - [13457.02 Ko] - C:\WINDOWS\System32\SMI [MD5.55121989BE7B289813D419BA0FDEE8B7] - |A| - [19/03/2019 05:44:21] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.contrast-black.png [MD5.E30B7D226E7B5B0EC2B9FC2316694ECC] - |A| - [19/03/2019 05:44:21] - (.-.) - [0.88 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.contrast-white.png [MD5.55121989BE7B289813D419BA0FDEE8B7] - |A| - [19/03/2019 05:44:21] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.png [MD5.DE3EAAF17BC934C77C4FC0C626EEA03B] - |A| - [19/03/2019 05:43:45] - (.-.) - [1.48 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SpeakersSystemToastIcon.contrast-white.png [MD5.3308374DB8D20CFDA4D4204E2B5E559E] - |A| - [19/03/2019 05:43:45] - (.-.) - [0.88 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SpeakersSystemToastIcon.png [MD5.CEDAB194F8B9DADA895371B4560B97F0] - |A| - [19/03/2019 05:45:54] - (.-.) - [38 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SpectrumSyncClient.dll [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [7680.8 Ko] - C:\WINDOWS\System32\Speech [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [12411.23 Ko] - C:\WINDOWS\System32\Speech_OneCore [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [96342.16 Ko] - C:\WINDOWS\System32\spool [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [5996.64 Ko] - C:\WINDOWS\System32\spp [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [23.61 Ko] - C:\WINDOWS\System32\sppui [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\System32\sq-AL [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\System32\sr-Cyrl-BA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\System32\sr-Cyrl-RS [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [0 Ko] - C:\WINDOWS\System32\sr-Latn-CS [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [454.73 Ko] - C:\WINDOWS\System32\sr-Latn-RS [MD5.DC9450258D80F46AEF8EF063A7C629B0] - |A| - [19/03/2019 05:45:56] - (.-.) - [19.03 Ko] - (0.0.0.0) - C:\WINDOWS\System32\srms-apr.dat [MD5.763BCEE61F573235E1C60E80438AC301] - |A| - [03/10/2019 23:53:40] - (.-.) - [57.45 Ko] - (0.0.0.0) - C:\WINDOWS\System32\srms.dat [MD5.A88BE9A6C4E646A2B2A1BD3A7F4B58E7] - |A| - [01/10/2018 22:47:43] - (.(c) 2007 SRS Labs, Inc. - COM object implementing SRS Headphone 360.) - [194.23 Ko] - (1.1.0.0) - C:\WINDOWS\System32\SRSHP64.dll [MD5.A028717B791416182959B325D5B40679] - |A| - [01/10/2018 22:47:43] - (.Copyright (c) 2006 SRS Labs, Inc.. - TruSurround HD and HD4 COM object for Windows.) - [206.23 Ko] - (1.1.4.0) - C:\WINDOWS\System32\SRSTSH64.dll [MD5.018D3D2478754AA411DE6DA6DE5F8F21] - |A| - [01/10/2018 22:47:43] - (.Copyright 2002 SRS Labs, Inc. - TruSurroundXT Module.) - [506.73 Ko] - (3.2.0.0) - C:\WINDOWS\System32\SRSTSX64.dll [MD5.2FCADCC14F8E540F6ADE4BF92BD8AEDD] - |A| - [01/10/2018 22:47:43] - (.(c) 2006 SRS Labs, Inc. - WOW HD COM object for Windows.) - [152.23 Ko] - (1.1.3.0) - C:\WINDOWS\System32\SRSWOW64.dll [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [51160 Ko] - C:\WINDOWS\System32\sru [MD5.EBF15D23B92DE845AC8C952AE9153492] - |A| - [19/03/2019 05:43:47] - (.-.) - [443 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ssdm.dll [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [403.5 Ko] - C:\WINDOWS\System32\sv-SE [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\System32\sw-KE [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:43] - [1398.13 Ko] - C:\WINDOWS\System32\Sysprep [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [947.28 Ko] - C:\WINDOWS\System32\SystemResetPlatform [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [10.73 Ko] - C:\WINDOWS\System32\ta-in [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [10.73 Ko] - C:\WINDOWS\System32\ta-lk [MD5.5F6B04A0EC5FE46FEEEC887406F63E57] - |A| - [19/03/2019 05:45:35] - (.Copyright (c) libarchive authors - bsdtar archive tool.) - [49.5 Ko] - (3.3.2.0) - C:\WINDOWS\System32\tar.exe [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [777.34 Ko] - C:\WINDOWS\System32\Tasks [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [752.1 Ko] - C:\WINDOWS\System32\Tasks_Migrated [MD5.D602CA245CC6774A0981B607F0675609] - |A| - [19/03/2019 05:45:00] - (.-.) - [58.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\tcpmon.ini [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\System32\te-IN [MD5.364B8B76EBB95762632341E49F26144D] - |A| - [03/10/2019 23:53:00] - (.-.) - [1798 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TextInputMethodFormatter.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\System32\tg-Cyrl-TJ [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [310.5 Ko] - C:\WINDOWS\System32\th-TH [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [5.97 Ko] - C:\WINDOWS\System32\ti-et [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\System32\tk-TM [MD5.AB29CDFD451411CC085DB37CDFF414E8] - |A| - [18/10/2019 18:02:35] - (.Copyright (C) 2005-2018 - Thrustmaster Shock-Force Feedback Control Panel.) - [289.5 Ko] - (2.8.1.0) - C:\WINDOWS\System32\tmffbcpl.dll [MD5.4576F99E8DEBEFDDF09D386419B2CD0E] - |A| - [18/10/2019 18:02:35] - (.Copyright (C) 2004-2015 - Thrustmaster Force Feedback Library.) - [40.5 Ko] - (2.5.2.0) - C:\WINDOWS\System32\tmffbdrv.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\System32\tn-ZA [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [394 Ko] - C:\WINDOWS\System32\tr-TR [MD5.B88B8D017386A00D7724519F475317A0] - |A| - [19/03/2019 05:43:54] - (.-.) - [10.33 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlan.xslt [MD5.2F05390B798363D51EBE65D6320CD45E] - |A| - [19/03/2019 05:43:54] - (.-.) - [1.65 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlanCredentials.xslt [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\System32\tt-RU [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\System32\ug-CN [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [337 Ko] - C:\WINDOWS\System32\uk-UA [MD5.B9A75ED4500DD953DF172FE6F63578E8] - |A| - [19/03/2019 05:43:49] - (.-.) - [53.67 Ko] - (0.0.0.0) - C:\WINDOWS\System32\umpdc.dll [MD5.FF6CE93BA6DDB1A7C2EB2D9CE529B69A] - |A| - [05/11/2019 19:36:39] - (.-.) - [57 Ko] - (0.0.0.0) - C:\WINDOWS\System32\umstartup.etl [MD5.00000000000000000000000000000000] - |SD| - [19/03/2019 05:52:45] - [1917.6 Ko] - C:\WINDOWS\System32\UNP [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\System32\ur-PK [MD5.C5051D8BC14B8A4C3C1F4F8CDA648C3F] - |A| - [04/10/2019 02:44:04] - (.-.) - [46.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\UsbPmApi.dll [MD5.4E4435ECE40F2712431685358296B48B] - |A| - [05/11/2019 19:36:39] - (.-.) - [2049 Ko] - (0.0.0.0) - C:\WINDOWS\System32\UserMgrLog.etl [MD5.BAB4BA3C107F89955FABD06688B232F0] - |A| - [03/10/2019 23:53:04] - (.-.) - [37 Ko] - (0.0.0.0) - C:\WINDOWS\System32\usocoreps.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\System32\uz-Latn-UZ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\System32\vi-VN [MD5.E9A66CB07CCDB9B99F084315E04FCBC7] - |A| - [19/03/2019 05:59:03] - (.-.) - [92.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\VirtualMonitorManager.dll [MD5.6651B57DA6B6740436A021419900FC00] - |A| - [16/12/2019 23:42:47] - (.Copyright (C) 2015-2019 - Vulkan Loader.) - [1053.91 Ko] - (1.1.126.0) - C:\WINDOWS\System32\vulkan-1-999-0-0-0.dll [MD5.6651B57DA6B6740436A021419900FC00] - |A| - [16/12/2019 23:42:47] - (.Copyright (C) 2015-2019 - Vulkan Loader.) - [1053.91 Ko] - (1.1.126.0) - C:\WINDOWS\System32\vulkan-1.dll [MD5.39FCE1BD81E0395909E2A43087076EC9] - |A| - [16/12/2019 23:42:47] - (.Copyright (C) 2015-2019 - Vulkan Info.) - [1688.91 Ko] - (1.1.126.0) - C:\WINDOWS\System32\vulkaninfo-1-999-0-0-0.exe [MD5.39FCE1BD81E0395909E2A43087076EC9] - |A| - [16/12/2019 23:42:47] - (.Copyright (C) 2015-2019 - Vulkan Info.) - [1688.91 Ko] - (1.1.126.0) - C:\WINDOWS\System32\vulkaninfo.exe [MD5.64B32F08C8D76901A728EB2F0BA65437] - |A| - [01/01/2017 14:22:54] - (.Copyright © 1996-2012 - General Library for Plug-Ins.) - [2053.75 Ko] - (4.4.3.0) - C:\WINDOWS\System32\WavesGUILib64.dll [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [148989.01 Ko] - C:\WINDOWS\System32\wbem [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 13:00:41] - [0 Ko] - C:\WINDOWS\System32\WCN [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [63020.22 Ko] - C:\WINDOWS\System32\WDI [MD5.6EDD021A8B6457DDE09DE7B7FA4E8C8B] - |A| - [19/03/2019 05:44:30] - (.-.) - [0.6 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WdsUnattendTemplate.xml [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 16:36:30] - [0 Ko] - C:\WINDOWS\System32\wfp [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [1.12 Ko] - C:\WINDOWS\System32\WinBioDatabase [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [49316.93 Ko] - C:\WINDOWS\System32\WinBioPlugIns [MD5.8B956E4F6378335CC19BE3296A6C9B7E] - |A| - [19/03/2019 05:44:11] - (.-.) - [122 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WindowsDefaultHeatProcessor.dll [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 16:36:31] - [14.53 Ko] - C:\WINDOWS\System32\WindowsInternal.Inbox.Media.Shared [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 16:36:31] - [27.59 Ko] - C:\WINDOWS\System32\WindowsInternal.Inbox.Shared [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [10691.08 Ko] - C:\WINDOWS\System32\WindowsPowerShell [MD5.28E98ED0B6B08B7F1D163FFD184B28AF] - |A| - [19/03/2019 05:44:39] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WindowsSecurityIcon.png [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [153048 Ko] - C:\WINDOWS\System32\winevt [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [6163.84 Ko] - C:\WINDOWS\System32\WinMetadata [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 13:00:41] - [207.67 Ko] - C:\WINDOWS\System32\winrm [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\System32\wo-SN [MD5.1B46E2E85D401A629966A8F62D9B0775] - |A| - [19/03/2019 05:43:52] - (.-.) - [9.91 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpcatltoast.png [MD5.C30C621748C66CE751B19B2788559A3E] - |A| - [19/03/2019 05:43:52] - (.-.) - [4.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpcmon.png [MD5.69FEC1494F4C454E994D27CA6750832B] - |A| - [19/03/2019 05:44:35] - (.-.) - [0.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpr.config.xml [MD5.2DE2D263D2C5739AB4A37C5616ABA671] - |A| - [19/03/2019 05:44:03] - (.-.) - [97 Ko] - (0.0.0.0) - C:\WINDOWS\System32\xboxgipsynthetic.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\System32\xh-ZA [MD5.F7B865265606C41B0E07779D3317E0A8] - |A| - [19/03/2019 05:44:21] - (.-.) - [0.61 Ko] - (0.0.0.0) - C:\WINDOWS\System32\X_80.contrast-black.png [MD5.6FF92221AF9D6CDF0966C4E44C367975] - |A| - [19/03/2019 05:44:21] - (.-.) - [0.57 Ko] - (0.0.0.0) - C:\WINDOWS\System32\X_80.contrast-white.png [MD5.F7B865265606C41B0E07779D3317E0A8] - |A| - [19/03/2019 05:44:21] - (.-.) - [0.61 Ko] - (0.0.0.0) - C:\WINDOWS\System32\X_80.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\System32\yo-NG [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [287.99 Ko] - C:\WINDOWS\System32\zh-CN [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [3 Ko] - C:\WINDOWS\System32\zh-HK [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [258 Ko] - C:\WINDOWS\System32\zh-TW [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\System32\zu-ZA [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 13:00:41] - [0 Ko] - C:\WINDOWS\SysWOW64\0409 [MD5.D6F8DD9F561B8A67FFAC2BAD7E989770] - |A| - [19/03/2019 05:45:19] - (.-.) - [0.23 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@AppHelpToast.png [MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [19/03/2019 05:45:19] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@AudioToastIcon.png [MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [19/03/2019 05:45:22] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@EnrollmentToastIcon.png [MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [19/03/2019 05:45:30] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@VpnToastIcon.png [MD5.DB71001FC261F6685BE410527DAE3942] - |A| - [19/03/2019 05:45:13] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@WirelessDisplayToast.png [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [1856.8 Ko] - C:\WINDOWS\SysWOW64\AdvancedInstallers [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\af-ZA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\am-ET [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [0 Ko] - C:\WINDOWS\SysWOW64\AppLocker [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [174 Ko] - C:\WINDOWS\SysWOW64\ar-SA [MD5.7230E04E6BD86FFE4E1034D9B3B893A3] - |A| - [19/03/2019 05:45:59] - (.Copyright (c) libarchive authors - Windows-internal libarchive library.) - [520 Ko] - (3.3.2.0) - C:\WINDOWS\SysWOW64\archiveint.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\as-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\az-Latn-AZ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\be-BY [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [147.5 Ko] - C:\WINDOWS\SysWOW64\bg-BG [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\bn-BD [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\bn-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\bs-Latn-BA [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [0.1 Ko] - C:\WINDOWS\SysWOW64\Bthprops [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\ca-ES [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\ca-ES-valencia [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [0 Ko] - C:\WINDOWS\SysWOW64\catroot [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\chr-CHER-US [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [322 Ko] - C:\WINDOWS\SysWOW64\Com [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [64.54 Ko] - C:\WINDOWS\SysWOW64\config [MD5.00000000000000000000000000000000] - |SD| - [19/03/2019 05:52:46] - [86.84 Ko] - C:\WINDOWS\SysWOW64\Configuration [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [206 Ko] - C:\WINDOWS\SysWOW64\cs-CZ [MD5.FDEF330575C8C8EAD815F58BB7A93ED3] - |A| - [19/06/2015 18:17:29] - (.Copyright 2011 - CSVer.) - [52 Ko] - (9.4.0.1026) - C:\WINDOWS\SysWOW64\CSVer.dll [MD5.1E02A122FE09272058FC1EF0B1B6265E] - |A| - [03/10/2019 23:53:42] - (.© 1996 - 2017 Daniel Stenberg, . - The curl executable.) - [377 Ko] - (7.55.1.0) - C:\WINDOWS\SysWOW64\curl.exe [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\cy-GB [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [207 Ko] - C:\WINDOWS\SysWOW64\da-DK [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [229 Ko] - C:\WINDOWS\SysWOW64\de-DE [MD5.C04ED7B2794D40E8E777FD44ED44FC50] - |A| - [19/03/2019 05:45:13] - (.-.) - [0.36 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\DefaultAccountTile.png [MD5.00000000000000000000000000000000] - |SD| - [19/03/2019 05:52:46] - [186 Ko] - C:\WINDOWS\SysWOW64\DiagSvcs [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [7675.73 Ko] - C:\WINDOWS\SysWOW64\Dism [MD5.1D8D73E1DCE28BF735A86D54EECE598D] - |A| - [20/02/2017 17:24:22] - (.Copyright © EasyAntiCheat Ltd 2016 - EasyAntiCheat Service.) - [373.54 Ko] - (4.0.0.0) - C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [231.5 Ko] - C:\WINDOWS\SysWOW64\el-GR [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 13:00:41] - [3118 Ko] - C:\WINDOWS\SysWOW64\en [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [135.5 Ko] - C:\WINDOWS\SysWOW64\en-GB [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [8133.73 Ko] - C:\WINDOWS\SysWOW64\en-US [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [219 Ko] - C:\WINDOWS\SysWOW64\es-ES [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [149.5 Ko] - C:\WINDOWS\SysWOW64\es-MX [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [135.5 Ko] - C:\WINDOWS\SysWOW64\et-EE [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\eu-ES [MD5.00000000000000000000000000000000] - |SD| - [19/03/2019 05:52:46] - [13060.65 Ko] - C:\WINDOWS\SysWOW64\F12 [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\fa-IR [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [208 Ko] - C:\WINDOWS\SysWOW64\fi-FI [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\fil-PH [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 13:00:41] - [3150 Ko] - C:\WINDOWS\SysWOW64\fr [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [153.5 Ko] - C:\WINDOWS\SysWOW64\fr-CA [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [8898.52 Ko] - C:\WINDOWS\SysWOW64\fr-FR [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [0 Ko] - C:\WINDOWS\SysWOW64\FxsTmp [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\ga-IE [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\gd-GB [MD5.CE6B18828214380ADC39DF6D37F3FC40] - |A| - [25/11/2016 23:42:53] - (.-.) - [16.73 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\GeneStor.INF [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\gl-ES [MD5.B873A5ABCFBC42B1BAC9EBE8741C6162] - |A| - [13/11/2019 16:15:30] - (.Copyright (C) 2019 - Gracenote SDK component.) - [244 Ko] - (3.9.511.0) - C:\WINDOWS\SysWOW64\gnsdk_fp.dll [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [0 Ko] - C:\WINDOWS\SysWOW64\GroupPolicy [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [0 Ko] - C:\WINDOWS\SysWOW64\GroupPolicyUsers [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\gu-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\ha-Latn-NG [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [166 Ko] - C:\WINDOWS\SysWOW64\he-IL [MD5.791F8E1C60E6466F93D792D375D8F1B5] - |A| - [19/03/2019 05:45:13] - (.-.) - [203.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\HeatCore.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\hi-IN [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [142.5 Ko] - C:\WINDOWS\SysWOW64\hr-HR [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [212.5 Ko] - C:\WINDOWS\SysWOW64\hu-HU [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\hy-AM [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [36.27 Ko] - C:\WINDOWS\SysWOW64\icsxml [MD5.659B216490380FBE2DC77DECC203E5ED] - |A| - [03/10/2019 23:53:28] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Combined Library.) - [1849.5 Ko] - (63.1.0.0) - C:\WINDOWS\SysWOW64\icu.dll [MD5.1EAD0C642EF0B2692D44A206CAD63C74] - |RA| - [19/03/2019 05:45:16] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU I18N DLL.) - [24 Ko] - (63.1.0.0) - C:\WINDOWS\SysWOW64\icuin.dll [MD5.9D459E0C31117F3A841D2EA00F7BC99C] - |RA| - [19/03/2019 05:45:16] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Common DLL.) - [28.5 Ko] - (63.1.0.0) - C:\WINDOWS\SysWOW64\icuuc.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\id-ID [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\ig-NG [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [21339.98 Ko] - C:\WINDOWS\SysWOW64\IME [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [0 Ko] - C:\WINDOWS\SysWOW64\inetsrv [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [213 Ko] - C:\WINDOWS\SysWOW64\InputMethod [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [1160 Ko] - C:\WINDOWS\SysWOW64\InstallShield [MD5.6513A50E19285F88D656350FFD0596D8] - |A| - [05/10/2017 20:15:23] - (.-.) - [1.75 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\InstallUtil.InstallLog [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [0 Ko] - C:\WINDOWS\SysWOW64\Ipmi [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\is-IS [MD5.EDD400CC92C6D43F98D3D3AFC97C2559] - |A| - [19/06/2015 18:18:07] - (.-.) - [440.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\ISSRemoveSP.exe [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [216.5 Ko] - C:\WINDOWS\SysWOW64\it-IT [MD5.FA2E1F09ED6C4C221E4513A7E815E13D] - |A| - [27/08/2013 13:00:08] - (.-.) - [1.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\IusEventLog.dll [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [154 Ko] - C:\WINDOWS\SysWOW64\ja-JP [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\ka-GE [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\kk-KZ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\km-KH [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\kn-IN [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [154.5 Ko] - C:\WINDOWS\SysWOW64\ko-KR [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\kok-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\ku-Arab-IQ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\ky-KG [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [18/08/2018 17:52:16] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\last.dump [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\lb-LU [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [625.17 Ko] - C:\WINDOWS\SysWOW64\Licenses [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\lo-LA [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [0 Ko] - C:\WINDOWS\SysWOW64\LogFiles [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [145.5 Ko] - C:\WINDOWS\SysWOW64\lt-LT [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [142 Ko] - C:\WINDOWS\SysWOW64\lv-LV [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [50390.5 Ko] - C:\WINDOWS\SysWOW64\Macromed [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 13:02:25] - [32.68 Ko] - C:\WINDOWS\SysWOW64\MailContactsCalendarSync [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\mi-NZ [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [2782.39 Ko] - C:\WINDOWS\SysWOW64\migration [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [812.8 Ko] - C:\WINDOWS\SysWOW64\migwiz [MD5.08749DCC252AE1148E3BEA32B3FFFBFC] - |A| - [19/03/2019 05:46:21] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\MixedRealityRuntime.json [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\mk-MK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\ml-IN [MD5.C8BF077B236ED2803347BD95DE29BF68] - |A| - [19/03/2019 05:49:45] - (.-.) - [3.03 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\mmc.exe.config [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\mn-MN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\mr-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\ms-MY [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [45.5 Ko] - C:\WINDOWS\SysWOW64\MSDRM [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [52.28 Ko] - C:\WINDOWS\SysWOW64\Msdtc [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\mt-MT [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [19.15 Ko] - C:\WINDOWS\SysWOW64\MUI [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [205.5 Ko] - C:\WINDOWS\SysWOW64\nb-NO [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [0 Ko] - C:\WINDOWS\SysWOW64\NDF [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\ne-NP [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [51 Ko] - C:\WINDOWS\SysWOW64\networklist [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [215.5 Ko] - C:\WINDOWS\SysWOW64\nl-NL [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\nn-NO [MD5.725C55394FA643CC3CF84E593CF1678B] - |A| - [25/11/2016 23:42:53] - (.-.) - [168.06 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\NoMSGuninstall.exe [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\nso-ZA [MD5.00000000000000000000000000000000] - |SD| - [19/03/2019 05:52:46] - [3781.5 Ko] - C:\WINDOWS\SysWOW64\Nui [MD5.7373A9E3AAFA0967C13B6101D0BEA127] - |A| - [16/12/2019 23:42:47] - (.-.) - [532.52 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\nvofapi.dll [MD5.B3B9C8925432FDA674ACCA908FE3CFDE] - |A| - [19/03/2019 06:00:31] - (.-.) - [36.79 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\OneDrive.ico [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [755.52 Ko] - C:\WINDOWS\SysWOW64\oobe [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\or-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\pa-Arab-PK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\pa-IN [MD5.044FE7E75DD1138867FCEC7D11D1C336] - |A| - [25/11/2016 23:42:53] - (.-.) - [2.62 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\parameter.log [MD5.8240EDCD8C2498240411AF51F04E4505] - |A| - [09/01/2017 18:57:42] - (.-.) - [3151.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\pbsvc.exe [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [79 Ko] - C:\WINDOWS\SysWOW64\PerceptionSimulation [MD5.35B176450CC2E3E692AE5B49C4ED08FC] - |A| - [19/06/2015 18:17:02] - (.-.) - [1725.19 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\PerfStringBackup.INI [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [216.5 Ko] - C:\WINDOWS\SysWOW64\pl-PL [MD5.205E1B699FD3F2F9B036EEA2EC30C620] - |A| - [09/01/2017 18:57:43] - (.-.) - [75.09 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\PnkBstrA.exe [MD5.B393797C7D28A589267EBDECC7B23300] - |A| - [09/01/2017 18:57:44] - (.-.) - [291.05 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\PnkBstrB.ex0 [MD5.B393797C7D28A589267EBDECC7B23300] - |A| - [09/01/2017 18:57:44] - (.-.) - [291.05 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\PnkBstrB.exe [MD5.B393797C7D28A589267EBDECC7B23300] - |A| - [10/01/2017 18:27:31] - (.-.) - [291.05 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\PnkBstrB.xtr [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 13:00:41] - [969.13 Ko] - C:\WINDOWS\SysWOW64\Printing_Admin_Scripts [MD5.CECBB5748F1989D85D52ED66AC86C10C] - |A| - [25/11/2016 23:42:53] - (.-.) - [0.75 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\ProductName.ini [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\prs-AF [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [214.5 Ko] - C:\WINDOWS\SysWOW64\pt-BR [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [215.5 Ko] - C:\WINDOWS\SysWOW64\pt-PT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\quc-Latn-GT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\quz-PE [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [23.75 Ko] - C:\WINDOWS\SysWOW64\ras [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [0 Ko] - C:\WINDOWS\SysWOW64\RasToast [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [0.82 Ko] - C:\WINDOWS\SysWOW64\Recovery [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [0 Ko] - C:\WINDOWS\SysWOW64\restore [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [147.5 Ko] - C:\WINDOWS\SysWOW64\ro-RO [MD5.00000000000000000000000000000000] - |D| - [11/06/2017 21:38:12] - [4428.66 Ko] - C:\WINDOWS\SysWOW64\RTCOM [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [214 Ko] - C:\WINDOWS\SysWOW64\ru-RU [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\rw-RW [MD5.00000000000000000000000000000000] - |D| - [18/08/2017 22:09:23] - [1895.69 Ko] - C:\WINDOWS\SysWOW64\Samsung_USB_Drivers [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\sd-Arab-PK [MD5.00000000000000000000000000000000] - |D| - [11/06/2017 21:38:37] - [0 Ko] - C:\WINDOWS\SysWOW64\sda [MD5.7753FC56F9CAC4B5AFDA3196DB654F21] - |A| - [17/08/2017 17:21:23] - (.Copyright © 2004-2010 MAPILab Ltd. & Add-in Express Ltd. - Security Manager Component for Microsoft Outlook allows to turn off and on Outlook Object Model Security Guard.) - [141.27 Ko] - (3.0.0.0) - C:\WINDOWS\SysWOW64\secman.dll [MD5.DC9450258D80F46AEF8EF063A7C629B0] - |A| - [19/03/2019 05:46:09] - (.-.) - [19.03 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\srms-apr.dat [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [0 Ko] - C:\WINDOWS\SysWOW64\sru [MD5.EC1C75518F1AFF370C27B0EB8B09E932] - |A| - [19/03/2019 05:45:07] - (.-.) - [323 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\ssdm.dll [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [207.5 Ko] - C:\WINDOWS\SysWOW64\sv-SE [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\sw-KE [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 13:00:41] - [0 Ko] - C:\WINDOWS\SysWOW64\sysprep [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\ta-IN [MD5.A3487FD8447683A4F74645C99E7CB255] - |A| - [19/03/2019 05:45:59] - (.Copyright (c) libarchive authors - bsdtar archive tool.) - [42.5 Ko] - (3.3.2.0) - C:\WINDOWS\SysWOW64\tar.exe [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [0 Ko] - C:\WINDOWS\SysWOW64\Tasks [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\te-IN [MD5.21C60C44D0511D809DD8A381C4CE4E4D] - |A| - [03/10/2019 23:53:27] - (.-.) - [1075.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\tg-Cyrl-TJ [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [129 Ko] - C:\WINDOWS\SysWOW64\th-TH [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\ti-ET [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\tk-TM [MD5.01926D5D1F82C06A0635DC417501014A] - |A| - [18/10/2019 18:02:20] - (.Copyright (C) 2005-2018 - Thrustmaster Shock-Force Feedback Control Panel.) - [249 Ko] - (2.8.1.0) - C:\WINDOWS\SysWOW64\tmffbcpl.dll [MD5.0AB0812747217687BDEE9C465879114B] - |A| - [18/10/2019 18:02:20] - (.Copyright (C) 2004-2015 - Thrustmaster Force Feedback Library.) - [35 Ko] - (2.5.2.0) - C:\WINDOWS\SysWOW64\tmffbdrv.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\tn-ZA [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [201 Ko] - C:\WINDOWS\SysWOW64\tr-TR [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\tt-RU [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\ug-CN [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [145 Ko] - C:\WINDOWS\SysWOW64\uk-UA [MD5.EDBD0648A97D4485E24F21C50F9FCB49] - |A| - [25/11/2016 23:42:53] - (.Copyright (C) 2008 - ChangeIcon MFC Application.) - [52.57 Ko] - (15.0.0.2) - C:\WINDOWS\SysWOW64\UMonit64.exe [MD5.6C0B99BB629982510C1DA46E47AE6F6D] - |A| - [19/03/2019 05:45:16] - (.-.) - [45.56 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\umpdc.dll [MD5.89237A73CDEA80FDE79B79C0C8B67758] - |A| - [18/08/2017 22:09:04] - (.-.) - [0.75 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\Uninstall.ico [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\ur-PK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\uz-Latn-UZ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\vi-VN [MD5.9C85E3073E01230C3DA6DE4D5263A795] - |A| - [16/12/2019 23:42:47] - (.Copyright (C) 2015-2019 - Vulkan Loader.) - [915.91 Ko] - (1.1.126.0) - C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll [MD5.9C85E3073E01230C3DA6DE4D5263A795] - |A| - [16/12/2019 23:42:47] - (.Copyright (C) 2015-2019 - Vulkan Loader.) - [915.91 Ko] - (1.1.126.0) - C:\WINDOWS\SysWOW64\vulkan-1.dll [MD5.0D422CD5761872B06D176DA6D5FA14FE] - |A| - [16/12/2019 23:42:47] - (.Copyright (C) 2015-2019 - Vulkan Info.) - [1298.41 Ko] - (1.1.126.0) - C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe [MD5.0D422CD5761872B06D176DA6D5FA14FE] - |A| - [16/12/2019 23:42:47] - (.Copyright (C) 2015-2019 - Vulkan Info.) - [1298.41 Ko] - (1.1.126.0) - C:\WINDOWS\SysWOW64\vulkaninfo.exe [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [18827.83 Ko] - C:\WINDOWS\SysWOW64\wbem [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 13:00:41] - [0 Ko] - C:\WINDOWS\SysWOW64\WCN [MD5.69E4DB68C3968DF92346FDF8477A3D1B] - |A| - [19/03/2019 05:45:13] - (.-.) - [104.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\WindowsDefaultHeatProcessor.dll [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [9453.72 Ko] - C:\WINDOWS\SysWOW64\WindowsPowerShell [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 13:00:41] - [207.67 Ko] - C:\WINDOWS\SysWOW64\winrm [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\wo-SN [MD5.246C62BF8A69AF9A9D1783F4548652BF] - |A| - [19/03/2019 05:45:13] - (.-.) - [62.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\xboxgipsynthetic.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\xh-ZA [MD5.00000000000000000000000000000000] - |D| - [09/12/2017 17:59:14] - [137.63 Ko] - C:\WINDOWS\SysWOW64\xlive [MD5.8056EE9DEC33FF32434FCD394AC710CE] - |A| - [06/11/2009 10:58:04] - (.-.) - [174.78 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\xlive.dll.cat [MD5.00000000000000000000000000000000] - |D| - [03/10/2019 23:40:02] - [10.16 Ko] - C:\WINDOWS\SysWOW64\XPSViewer [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\yo-NG [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [135.5 Ko] - C:\WINDOWS\SysWOW64\zh-CN [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\zh-HK [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [136 Ko] - C:\WINDOWS\SysWOW64\zh-TW [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\zu-ZA [MD5.1D76753B92395A1AE2C0652F64401735] - |A| - [25/11/2016 23:42:53] - (.-.) - [1.48 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\_IconCfg0.ini ---------- | C:\ProgramData [27/10/2017 17:30:20] - |D| - [45506018] - C:\ProgramData\Adguard [19/06/2015 18:30:27] - |D| - [1] - C:\ProgramData\Adobe [14/12/2017 18:35:38] - |D| - [439015764] - C:\ProgramData\Apple [14/12/2017 18:36:31] - |D| - [2145] - C:\ProgramData\Apple Computer [03/10/2019 23:55:24] - |SHD| - [0] - C:\ProgramData\Application Data [29/10/2016 16:30:33] - |D| - [958879597] - C:\ProgramData\AVAST Software [05/11/2019 23:11:57] - |D| - [5102958590] - C:\ProgramData\BlueStacks [27/01/2016 08:54:58] - |SHD| - [0] - C:\ProgramData\Bureau [04/11/2016 19:27:41] - |D| - [0] - C:\ProgramData\Codemasters [16/07/2016 12:47:48] - |D| - [0] - C:\ProgramData\Comms [19/06/2015 18:27:29] - |D| - [281003] - C:\ProgramData\CyberLink [30/10/2016 08:32:19] - |D| - [3566] - C:\ProgramData\DAEMON Tools Lite [30/06/2017 19:19:52] - |D| - [85] - C:\ProgramData\Dishonored 2 [03/10/2019 23:55:24] - |SHD| - [0] - C:\ProgramData\Documents [11/06/2017 21:38:20] - |A| - [0] - C:\ProgramData\DP45977C.lfl [31/12/2016 15:19:28] - |D| - [1902652] - C:\ProgramData\DriversCloud.com [04/11/2016 18:46:31] - |D| - [17210] - C:\ProgramData\Electronic Arts [28/03/2019 18:35:09] - |D| - [0] - C:\ProgramData\eMule [07/11/2017 19:38:58] - |D| - [94] - C:\ProgramData\fltk.org [27/10/2017 17:30:29] - |A| - [260] - C:\ProgramData\fontcacheev1.dat [28/11/2018 19:41:14] - |D| - [46924266] - C:\ProgramData\For Honor Data [17/02/2019 07:51:55] - |D| - [1148] - C:\ProgramData\Garmin [26/01/2019 18:21:46] - |D| - [15998] - C:\ProgramData\HP [26/11/2016 23:05:40] - |D| - [0] - C:\ProgramData\InstallShield [19/06/2015 18:16:51] - |D| - [70402058] - C:\ProgramData\Intel [08/11/2016 22:48:14] - |D| - [0] - C:\ProgramData\KONAMI [18/08/2017 22:09:57] - |A| - [0] - C:\ProgramData\LauncherAccess.dt [19/06/2015 18:30:19] - |D| - [1649258745] - C:\ProgramData\Lenovo [20/02/2017 18:15:07] - |D| - [34065127] - C:\ProgramData\Malwarebytes [19/06/2015 18:26:03] - |D| - [176] - C:\ProgramData\McAfee [27/01/2016 08:54:58] - |SHD| - [0] - C:\ProgramData\Menu Démarrer [19/03/2019 05:52:44] - |SD| - [938448513] - C:\ProgramData\Microsoft [03/10/2019 23:58:57] - |D| - [0] - C:\ProgramData\Microsoft OneDrive [27/01/2016 08:54:58] - |SHD| - [0] - C:\ProgramData\Modèles [05/02/2019 17:27:07] - |D| - [24272] - C:\ProgramData\Mozilla [03/11/2017 20:10:27] - |AD| - [15952796] - C:\ProgramData\myCANAL [28/10/2019 22:06:35] - |D| - [8192] - C:\ProgramData\Novabench [11/06/2017 21:38:56] - |D| - [71552995] - C:\ProgramData\NVIDIA [11/06/2017 21:38:50] - |D| - [2373652056] - C:\ProgramData\NVIDIA Corporation [01/01/2017 13:04:57] - |A| - [6973] - C:\ProgramData\NvTelemetryContainer.log [01/01/2017 13:04:57] - |A| - [3355] - C:\ProgramData\NvTelemetryContainer.log_backup1 [19/06/2015 18:28:35] - |D| - [10448] - C:\ProgramData\OneKey Recovery [09/12/2016 19:10:01] - |D| - [109439] - C:\ProgramData\Orbit [03/11/2016 23:04:46] - |D| - [659940915] - C:\ProgramData\Origin [19/06/2015 18:28:44] - |D| - [82250476] - C:\ProgramData\Package Cache [09/07/2018 20:22:43] - |D| - [335872] - C:\ProgramData\Packages [17/08/2017 19:33:23] - |D| - [468] - C:\ProgramData\Realtek [19/03/2019 05:52:44] - |D| - [999] - C:\ProgramData\regid.1991-06.com.microsoft [19/03/2019 05:52:44] - |D| - [0] - C:\ProgramData\SoftwareDistribution [06/12/2016 22:57:30] - |D| - [10195142] - C:\ProgramData\Sony Corporation [21/05/2019 19:30:40] - |D| - [47432946] - C:\ProgramData\SP_FT_Logs [25/11/2016 23:37:16] - |A| - [101] - C:\ProgramData\StartProcedure.bat [04/11/2016 19:27:33] - |D| - [4486093] - C:\ProgramData\Steam [04/02/2018 21:22:56] - |D| - [0] - C:\ProgramData\SWCUTemp [19/06/2015 18:27:12] - |D| - [0] - C:\ProgramData\Temp [02/08/2017 19:29:05] - |D| - [222736] - C:\ProgramData\Tom Clancy's Ghost Recon Wildlands [03/09/2019 20:14:16] - |D| - [35429207] - C:\ProgramData\TwoNav Land [20/11/2019 21:02:34] - |D| - [0] - C:\ProgramData\Ubisoft [19/03/2019 05:52:44] - |D| - [10615] - C:\ProgramData\USOPrivate [03/10/2019 23:28:41] - |D| - [20930560] - C:\ProgramData\USOShared [19/03/2019 13:02:58] - |D| - [0] - C:\ProgramData\WindowsHolographicDevices [26/05/2018 15:33:42] - |D| - [219032] - C:\ProgramData\X360CE [15/04/2019 20:27:03] - |D| - [0] - C:\ProgramData\{F86B0233-9A85-4589-8AAF-524CC4F8211B} ---------- | C:\ProgramData\Microsoft\Windows\Start Menu [19/03/2019 05:49:34] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini [27/01/2016 08:54:58] - |SHD| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programmes [19/03/2019 05:52:44] - |RD| - [245135] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs [19/03/2019 05:52:44] - |RD| - [1614] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility [19/03/2019 05:52:44] - |RD| - [14299] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories [17/10/2019 19:57:50] - |D| - [2734] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ace Combat 7 - Skies Unknown [19/03/2019 05:52:44] - |RD| - [22954] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [01/01/2017 13:38:55] - |A| - [890] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Assassin's Creed Unity.lnk [01/01/2017 13:59:39] - |A| - [890] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Assassins Creed Unity.lnk [27/12/2019 12:20:27] - |A| - [742] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Assistant Mise à jour de Windows 10.lnk [18/03/2019 20:39:46] - |A| - [2099] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Antivirus Gratuit.lnk [05/04/2018 16:24:12] - |A| - [2507] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk [30/10/2016 09:47:18] - |D| - [2761] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Batman Arkham Knight [22/04/2018 08:07:04] - |D| - [4473] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 1 [11/01/2019 23:07:56] - |D| - [4525] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield™ V [07/11/2017 19:38:41] - |D| - [2218] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BDReader [05/11/2019 22:36:08] - |A| - [2088] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks Multi-Instance Manager.lnk [05/11/2019 22:36:07] - |A| - [1775] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks.lnk [13/02/2017 00:24:46] - |D| - [1824] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\by.xatab [24/11/2016 08:53:53] - |D| - [2703] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Call of Duty Modern Warfare Remastered [30/11/2017 20:03:07] - |D| - [974] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [01/01/2017 12:47:46] - |A| - [2815] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Centre Souris et Claviers Microsoft.lnk [04/11/2016 07:53:17] - |D| - [5678] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crysis 3 [18/11/2016 19:42:41] - |D| - [3684] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskMark5 [26/11/2016 23:56:19] - |RD| - [1306] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDirector 10 [07/07/2017 17:03:56] - |D| - [955] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite [19/03/2019 05:49:34] - |SH| - [400] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini [02/12/2017 17:40:54] - |D| - [2260] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dirt 4 [22/06/2017 20:52:48] - |D| - [2267] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dishonored 2 [31/12/2016 15:19:29] - |D| - [3000] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriversCloud.com [28/03/2019 18:34:51] - |D| - [3200] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eMule [22/12/2018 21:48:34] - |D| - [2280] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Far Cry 5 [14/02/2017 07:30:34] - |D| - [2620] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Far Cry Primal [30/07/2019 19:51:41] - |D| - [5686] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 15 [05/03/2019 20:54:01] - |A| - [1016] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk [05/11/2016 18:40:47] - |D| - [2254] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gadwin [10/01/2017 17:31:06] - |D| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games [20/03/2017 17:37:48] - |A| - [2310] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk [04/11/2016 19:25:14] - |A| - [884] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GRID Autosport.lnk [21/03/2017 20:05:15] - |D| - [2291] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Homefront The Revolution [19/03/2019 05:46:39] - |RAS| - [2349] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk [14/12/2017 18:54:06] - |D| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMobie [01/01/2017 12:43:10] - |RD| - [2482] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel [20/03/2017 19:00:17] - |D| - [2035] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Just Cause 3 [03/09/2019 20:14:21] - |D| - [3306] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Land [19/06/2015 18:27:06] - |D| - [16725] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo [19/03/2019 05:52:44] - |D| - [170] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance [27/12/2019 22:23:31] - |D| - [4127] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes [03/06/2017 19:30:14] - |D| - [3723] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEDION GoPal Assistant [05/11/2016 18:07:12] - |A| - [1068] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\METAL GEAR RISING REVENGEANCE.lnk [09/12/2017 17:59:37] - |D| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE [30/10/2016 08:47:58] - |D| - [2313] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [16/01/2017 12:21:47] - |D| - [3158] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mr DJ [09/01/2018 18:51:45] - |D| - [2421] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nioh Complete Edition [10/01/2017 22:42:04] - |D| - [1476] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [28/11/2016 21:19:46] - |A| - [2811] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneKey Overclocking.lnk [05/11/2016 16:37:29] - |SD| - [7392] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.3 [03/11/2016 23:11:53] - |D| - [3469] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin [06/12/2016 23:10:44] - |D| - [6196] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMemories Home [22/05/2017 21:00:01] - |D| - [2860] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prey [07/12/2017 21:45:18] - |D| - [2676] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pro Evolution Soccer 2018 [07/11/2019 08:46:43] - |A| - [1329] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Repair.lnk [03/11/2016 12:25:58] - |D| - [2514] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rise of the Tomb Raider [09/12/2018 00:17:30] - |D| - [2661] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shadow Of The Tomb Raider [11/12/2017 20:20:52] - |D| - [2845] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shadow Warrior 2 [GOG.com] [24/12/2016 08:32:34] - |D| - [4697] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STAR WARS Battlefront [19/03/2019 05:52:44] - |RD| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp [19/06/2015 18:27:35] - |D| - [3547] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [19/03/2019 05:52:44] - |RD| - [1458] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools [18/10/2019 18:02:25] - |D| - [4435] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thrustmaster [24/12/2016 04:18:01] - |D| - [4395] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Titanfall [12/08/2017 13:08:12] - |D| - [2270] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Titanfall 2 [02/08/2017 19:20:16] - |D| - [2121] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tom Clancy's Ghost Recon Wildlands [30/03/2017 21:39:51] - |D| - [2567] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tom Clancys Rainbow Six Siege [27/08/2019 20:43:42] - |D| - [2286] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom [20/12/2016 20:44:49] - |A| - [864] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total War ROME II.lnk [17/04/2018 19:44:15] - |A| - [1338] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Update Detector.lnk [03/11/2016 18:46:58] - |D| - [5916] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [17/02/2017 22:51:19] - |D| - [2600] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Watch_Dogs 2 [30/10/2016 09:51:39] - |D| - [4477] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [19/12/2017 13:41:17] - |D| - [2630] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wolfenstein II The New Colossus [05/12/2017 13:30:51] - |D| - [2278] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WWE 2K18 ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [19/03/2019 05:49:34] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | C:\Program Files (x86) [05/11/2016 18:55:32] - |D| - [3639033] - C:\Program Files (x86)\7-Zip [17/10/2019 19:24:19] - |D| - [50107745146] - C:\Program Files (x86)\Ace Combat 7 - Skies Unknown [05/11/2016 18:55:48] - |D| - [12164768233] - C:\Program Files (x86)\ACE COMBAT ASSAULT HORIZON Enhanced Edition [19/06/2015 18:30:27] - |D| - [340996] - C:\Program Files (x86)\Adobe [19/06/2015 18:27:10] - |D| - [2445049] - C:\Program Files (x86)\Amazon [07/11/2016 22:17:59] - |D| - [83053] - C:\Program Files (x86)\Assassin's Creed Liberation HD [07/11/2016 22:18:02] - |D| - [12501211684] - C:\Program Files (x86)\Assassin's Creed Rogue [01/01/2017 13:38:55] - |AD| - [46463833309] - C:\Program Files (x86)\Assassin's Creed Unity [15/02/2018 08:24:58] - |D| - [59108666454] - C:\Program Files (x86)\Assassins Creed Origins [05/11/2016 18:58:28] - |D| - [53983920865] - C:\Program Files (x86)\Assassins Creed Syndicate [05/04/2018 16:21:35] - |D| - [438740518] - C:\Program Files (x86)\AVAST Software [30/10/2016 09:33:31] - |AD| - [55818906596] - C:\Program Files (x86)\Batman Arkham Knight [06/04/2017 20:09:48] - |AD| - [177803242] - C:\Program Files (x86)\Battlefield 4 [05/04/2017 21:46:23] - |AD| - [11486068] - C:\Program Files (x86)\Battlelog Web Plugins [07/11/2017 19:38:40] - |AD| - [15084449] - C:\Program Files (x86)\BDReader [22/12/2016 20:44:17] - |D| - [306404] - C:\Program Files (x86)\Bethesda Softworks [05/11/2016 19:04:48] - |D| - [1767400614] - C:\Program Files (x86)\BFH [22/02/2018 17:59:04] - |D| - [87782] - C:\Program Files (x86)\Bkool Indoor [05/11/2016 19:05:05] - |D| - [59443296108] - C:\Program Files (x86)\Call of Duty Black Ops III [12/11/2016 18:06:58] - |AD| - [81872866296] - C:\Program Files (x86)\Call of Duty Infinite Warfare [24/11/2016 08:42:10] - |AD| - [47719577373] - C:\Program Files (x86)\Call of Duty Modern Warfare Remastered [03/11/2017 03:22:06] - |D| - [47796564485] - C:\Program Files (x86)\Call of Duty WWII [07/11/2016 22:18:38] - |D| - [5271014782] - C:\Program Files (x86)\Capcom [30/11/2017 18:40:56] - |D| - [3558495] - C:\Program Files (x86)\Cisco [08/11/2016 00:03:07] - |D| - [619630] - C:\Program Files (x86)\Codemasters [19/03/2019 05:52:44] - |D| - [130197823] - C:\Program Files (x86)\Common Files [19/06/2015 18:27:29] - |D| - [11522862] - C:\Program Files (x86)\Cyberlink [19/03/2019 05:49:34] - |ASH| - [174] - C:\Program Files (x86)\desktop.ini [02/12/2017 17:30:45] - |D| - [38435529643] - C:\Program Files (x86)\Dirt 4 [22/06/2017 19:46:55] - |AD| - [45362514161] - C:\Program Files (x86)\Dishonored 2 [28/11/2018 19:41:00] - |D| - [2042080] - C:\Program Files (x86)\EasyAntiCheat [28/03/2019 18:34:50] - |D| - [10906334] - C:\Program Files (x86)\eMule [05/11/2016 19:05:15] - |D| - [29494609633] - C:\Program Files (x86)\Far Cry 4 [22/12/2018 21:29:45] - |D| - [46655189835] - C:\Program Files (x86)\Far Cry 5 [14/02/2017 07:22:28] - |AD| - [17872450116] - C:\Program Files (x86)\Far Cry Primal [03/01/2019 20:53:09] - |D| - [51013784096] - C:\Program Files (x86)\FIFA 19 [07/11/2016 22:18:46] - |D| - [9889573269] - C:\Program Files (x86)\Focus Home Interactive [11/06/2017 21:38:37] - |D| - [7687684] - C:\Program Files (x86)\Genesyslogic [20/03/2017 17:34:31] - |D| - [483820053] - C:\Program Files (x86)\Google [04/11/2016 19:22:19] - |AD| - [9897544494] - C:\Program Files (x86)\GRID Autosport [22/04/2017 21:01:32] - |AD| - [66039987698] - C:\Program Files (x86)\HITMAN - The Complete First Season [21/03/2017 18:09:36] - |AD| - [57779733734] - C:\Program Files (x86)\Homefront The Revolution [17/01/2017 21:37:11] - |AD| - [0] - C:\Program Files (x86)\Icecream Ebook Reader [19/06/2015 18:16:57] - |HD| - [189956355] - C:\Program Files (x86)\InstallShield Installation Information [19/06/2015 18:17:29] - |D| - [94093247] - C:\Program Files (x86)\Intel [19/03/2019 05:52:44] - |D| - [1992921] - C:\Program Files (x86)\Internet Explorer [20/03/2017 18:08:53] - |AD| - [56696610024] - C:\Program Files (x86)\Just Cause 3 [03/11/2016 18:17:12] - |D| - [40068088] - C:\Program Files (x86)\Konami Digital Entertainment [19/06/2015 18:27:20] - |D| - [480472699] - C:\Program Files (x86)\Lenovo [25/04/2017 16:30:57] - |AD| - [54875204019] - C:\Program Files (x86)\Mass Effect Andromeda [05/11/2016 19:34:27] - |D| - [242806272] - C:\Program Files (x86)\Medion [03/06/2017 19:30:13] - |AD| - [16040385] - C:\Program Files (x86)\MEDION GoPal Assistant [05/11/2016 19:13:30] - |AD| - [26432238152] - C:\Program Files (x86)\METAL GEAR RISING REVENGEANCE [30/10/2016 08:47:57] - |AD| - [42894550] - C:\Program Files (x86)\Microsoft Silverlight [19/06/2015 18:28:45] - |AD| - [3242367] - C:\Program Files (x86)\Microsoft SQL Server Compact Edition [19/06/2015 18:28:45] - |D| - [343335] - C:\Program Files (x86)\Microsoft Synchronization Services [19/03/2019 05:52:44] - |D| - [23935] - C:\Program Files (x86)\Microsoft.NET [05/03/2019 20:54:01] - |D| - [336459] - C:\Program Files (x86)\Mozilla Maintenance Service [16/01/2017 11:48:30] - |D| - [45220530188] - C:\Program Files (x86)\Mr DJ [03/10/2019 23:40:01] - |D| - [25757] - C:\Program Files (x86)\MSBuild [27/08/2019 20:43:36] - |D| - [203627087] - C:\Program Files (x86)\MyDrive Connect [14/04/2018 19:57:14] - |D| - [29403156263] - C:\Program Files (x86)\NFSPayback [09/01/2018 18:17:07] - |D| - [79428531201] - C:\Program Files (x86)\Nioh Complete Edition [11/06/2017 21:38:45] - |D| - [289877359] - C:\Program Files (x86)\NVIDIA Corporation [05/11/2016 16:37:13] - |AD| - [326647949] - C:\Program Files (x86)\OpenOffice 4 [03/11/2016 23:11:52] - |AD| - [405545573] - C:\Program Files (x86)\Origin [03/11/2016 23:15:15] - |D| - [326541258549] - C:\Program Files (x86)\Origin Games [22/05/2017 20:44:39] - |AD| - [27415415032] - C:\Program Files (x86)\Prey [19/11/2019 08:19:48] - |D| - [12545810146] - C:\Program Files (x86)\Pro cycling manager2019 [07/12/2017 21:39:24] - |D| - [26406569866] - C:\Program Files (x86)\Pro Evolution Soccer 2018 [07/11/2016 22:15:49] - |D| - [15951544393] - C:\Program Files (x86)\R.G. Catalyst [19/06/2015 18:16:57] - |D| - [53324967] - C:\Program Files (x86)\Realtek [19/06/2015 18:18:07] - |AD| - [5337198] - C:\Program Files (x86)\REALTEK PCIE Wireless LAN Driver [03/10/2019 23:40:01] - |D| - [38462721] - C:\Program Files (x86)\Reference Assemblies [03/11/2016 12:18:09] - |AD| - [33517643299] - C:\Program Files (x86)\Rise of the Tomb Raider [11/04/2018 22:32:42] - |D| - [16773727859] - C:\Program Files (x86)\Rising Strom 2 [07/11/2016 22:18:14] - |D| - [31422147379] - C:\Program Files (x86)\Rockstar Games [21/11/2017 21:46:47] - |D| - [12492595990] - C:\Program Files (x86)\Rugby 18 [08/12/2018 23:48:49] - |D| - [38043232107] - C:\Program Files (x86)\Shadow Of The Tomb Raider [07/11/2016 22:18:16] - |D| - [7287942376] - C:\Program Files (x86)\Shadow Warrior [07/05/2017 21:59:56] - |D| - [46972964120] - C:\Program Files (x86)\Sniper.Ghost.Warrior.3.SPE.Cracked [05/11/2016 19:06:24] - |D| - [1535601028] - C:\Program Files (x86)\Sony [07/11/2016 22:17:58] - |D| - [12361361191] - C:\Program Files (x86)\SQUARE ENIX [19/06/2015 18:27:35] - |AD| - [838950699] - C:\Program Files (x86)\Steam [19/06/2015 18:17:36] - |HD| - [0] - C:\Program Files (x86)\Temp [05/11/2016 19:06:34] - |D| - [26577206991] - C:\Program Files (x86)\The Witcher 3 Wild Hunt [18/10/2019 18:02:25] - |D| - [10996711] - C:\Program Files (x86)\Thrustmaster [12/08/2017 12:59:16] - |AD| - [67170134327] - C:\Program Files (x86)\Titanfall 2 [05/11/2016 19:06:40] - |AD| - [16250130012] - C:\Program Files (x86)\Tom Clancys Rainbow Six Siege [20/12/2016 20:29:36] - |AD| - [23757326031] - C:\Program Files (x86)\Total War ROME II [03/09/2019 20:14:16] - |D| - [67819271] - C:\Program Files (x86)\TwoNav Land [27/03/2017 16:46:13] - |D| - [306158782749] - C:\Program Files (x86)\Ubisoft [11/06/2017 21:38:53] - |HD| - [0] - C:\Program Files (x86)\Uninstall Information [20/03/2017 18:09:55] - |D| - [21851] - C:\Program Files (x86)\VulkanRT [17/02/2017 22:48:33] - |AD| - [28179921682] - C:\Program Files (x86)\Watch_Dogs 2 [19/03/2019 05:52:44] - |D| - [1794064] - C:\Program Files (x86)\Windows Defender [19/03/2019 05:52:44] - |D| - [625664] - C:\Program Files (x86)\Windows Mail [19/03/2019 13:02:58] - |D| - [3313005] - C:\Program Files (x86)\Windows Media Player [19/03/2019 13:02:58] - |D| - [39720] - C:\Program Files (x86)\Windows Multimedia Platform [19/03/2019 05:52:44] - |D| - [7610200] - C:\Program Files (x86)\Windows NT [19/03/2019 13:02:58] - |D| - [5320648] - C:\Program Files (x86)\Windows Photo Viewer [19/03/2019 13:02:58] - |D| - [39720] - C:\Program Files (x86)\Windows Portable Devices [19/03/2019 05:52:44] - |SHD| - [0] - C:\Program Files (x86)\Windows Sidebar [19/03/2019 05:52:44] - |D| - [2372645] - C:\Program Files (x86)\WindowsPowerShell [19/12/2017 12:44:12] - |D| - [47542015499] - C:\Program Files (x86)\Wolfenstein II The New Colossus [05/11/2016 19:08:34] - |D| - [39358061705] - C:\Program Files (x86)\Wolfenstein The Old Blood [05/11/2016 19:08:44] - |D| - [20099709341] - C:\Program Files (x86)\WRC 5 FIA World Rally Championship [05/12/2017 13:18:23] - |D| - [47152772027] - C:\Program Files (x86)\WWE 2K18 [16/11/2016 22:55:56] - |D| - [0] - C:\Program Files (x86)\ZHPFix ---------- | C:\Program Files [01/10/2019 20:44:52] - |D| - [86622591] - C:\Program Files\4KDownload [29/10/2016 16:31:16] - |D| - [1408749076] - C:\Program Files\AVAST Software [05/11/2019 23:11:51] - |D| - [113054409] - C:\Program Files\BlueStacks [30/11/2017 20:03:03] - |AD| - [50472088] - C:\Program Files\CCleaner [19/03/2019 05:52:43] - |D| - [81586397] - C:\Program Files\Common Files [22/04/2018 08:07:02] - |HD| - [1022902] - C:\Program Files\Common FilesEAInstaller [18/11/2016 19:42:41] - |AD| - [7768938] - C:\Program Files\CrystalDiskMark5 [26/11/2016 23:55:09] - |D| - [626244466] - C:\Program Files\CyberLink [07/07/2017 17:03:53] - |D| - [42867423] - C:\Program Files\DAEMON Tools Lite [19/03/2019 05:49:34] - |ASH| - [174] - C:\Program Files\desktop.ini [22/02/2018 17:59:30] - |D| - [1757568] - C:\Program Files\DIFX [03/10/2019 23:28:07] - |D| - [36299070] - C:\Program Files\Dolby Digital Plus [31/12/2016 15:19:28] - |AD| - [19748147] - C:\Program Files\DriversCloud.com [27/01/2016 08:54:58] - |SHD| - [0] - C:\Program Files\Fichiers communs [05/11/2016 18:40:47] - |D| - [15991066] - C:\Program Files\Gadwin [19/06/2015 18:16:50] - |D| - [44285251] - C:\Program Files\Intel [19/03/2019 05:52:44] - |D| - [2654140] - C:\Program Files\Internet Explorer [18/07/2018 20:25:31] - |D| - [0] - C:\Program Files\KeyboardNotification [19/06/2015 18:27:06] - |D| - [296421658] - C:\Program Files\Lenovo [20/02/2017 18:15:07] - |D| - [208704554] - C:\Program Files\Malwarebytes [01/01/2017 12:47:40] - |AD| - [73859518] - C:\Program Files\Microsoft Mouse and Keyboard Center [30/10/2016 08:47:57] - |AD| - [55728894] - C:\Program Files\Microsoft Silverlight [19/06/2015 18:28:48] - |AD| - [4421503] - C:\Program Files\Microsoft SQL Server Compact Edition [19/06/2015 18:28:48] - |D| - [343335] - C:\Program Files\Microsoft Synchronization Services [19/03/2019 05:52:44] - |D| - [0] - C:\Program Files\ModifiableWindowsApps [05/03/2019 20:53:57] - |D| - [206898028] - C:\Program Files\Mozilla Firefox [03/10/2019 23:40:01] - |D| - [25757] - C:\Program Files\MSBuild [11/06/2017 21:38:44] - |D| - [1974728423] - C:\Program Files\NVIDIA Corporation [11/06/2017 21:38:12] - |D| - [20870552] - C:\Program Files\Realtek [03/10/2019 23:40:01] - |D| - [36867241] - C:\Program Files\Reference Assemblies [17/11/2018 18:57:02] - |D| - [35861096] - C:\Program Files\rempl [02/08/2017 18:07:50] - |AD| - [71322703361] - C:\Program Files\Tom Clancy's Ghost Recon Wildlands [22/08/2013 15:47:10] - |HD| - [0] - C:\Program Files\Uninstall Information [18/04/2017 19:28:09] - |AD| - [26214400] - C:\Program Files\UNP [03/11/2016 18:46:50] - |D| - [177851046] - C:\Program Files\VideoLAN [19/03/2019 05:52:44] - |D| - [29960959] - C:\Program Files\Windows Defender [19/03/2019 05:52:44] - |D| - [636416] - C:\Program Files\Windows Mail [19/03/2019 13:02:58] - |D| - [4818321] - C:\Program Files\Windows Media Player [19/03/2019 13:02:58] - |D| - [47720] - C:\Program Files\Windows Multimedia Platform [19/03/2019 05:52:44] - |D| - [7946584] - C:\Program Files\Windows NT [19/03/2019 13:02:58] - |D| - [6138008] - C:\Program Files\Windows Photo Viewer [19/03/2019 13:02:58] - |D| - [47720] - C:\Program Files\Windows Portable Devices [19/03/2019 05:52:44] - |D| - [110373] - C:\Program Files\Windows Security [19/03/2019 05:52:44] - |SHD| - [4447102] - C:\Program Files\Windows Sidebar [19/03/2019 05:52:44] - |HD| - [2714605706] - C:\Program Files\WindowsApps [19/03/2019 05:52:44] - |D| - [2699677] - C:\Program Files\WindowsPowerShell [30/10/2016 09:51:34] - |AD| - [7148810] - C:\Program Files\WinRAR ---------- | C:\Program Files (x86)\Common Files [19/06/2015 18:30:27] - |AD| - [30866266] - C:\Program Files (x86)\Common Files\Adobe AIR [14/12/2017 18:35:38] - |D| - [0] - C:\Program Files (x86)\Common Files\Apple [29/10/2016 16:34:00] - |D| - [2] - C:\Program Files (x86)\Common Files\AV [22/11/2019 18:39:13] - |D| - [16791936] - C:\Program Files (x86)\Common Files\BattlEye [04/11/2016 07:53:16] - |HD| - [9148986] - C:\Program Files (x86)\Common Files\EAInstaller [19/06/2015 18:17:35] - |D| - [5082143] - C:\Program Files (x86)\Common Files\InstallShield [19/06/2015 18:17:03] - |D| - [264570] - C:\Program Files (x86)\Common Files\Intel Corporation [03/12/2018 20:38:59] - |D| - [0] - C:\Program Files (x86)\Common Files\IObit [19/06/2015 18:30:43] - |D| - [9779456] - C:\Program Files (x86)\Common Files\LENOVO [19/03/2019 05:52:44] - |D| - [44359115] - C:\Program Files (x86)\Common Files\Microsoft Shared [19/06/2015 18:18:42] - |D| - [196972] - C:\Program Files (x86)\Common Files\postureAgent [19/03/2019 05:52:44] - |D| - [2702] - C:\Program Files (x86)\Common Files\Services [19/06/2015 18:27:35] - |D| - [3989056] - C:\Program Files (x86)\Common Files\Steam [19/03/2019 05:52:44] - |D| - [9716619] - C:\Program Files (x86)\Common Files\System ---------- | C:\Program Files\Common files [14/12/2017 18:35:51] - |D| - [0] - C:\Program Files\Common files\Apple [29/10/2016 16:34:00] - |D| - [2] - C:\Program Files\Common files\AV [07/12/2017 18:08:59] - |D| - [1873288] - C:\Program Files\Common files\Avast Software [25/04/2017 17:05:27] - |HD| - [4863153] - C:\Program Files\Common files\EAInstaller [19/03/2019 05:52:43] - |D| - [64290953] - C:\Program Files\Common files\microsoft shared [19/03/2019 05:52:44] - |D| - [2702] - C:\Program Files\Common files\Services [19/03/2019 05:52:44] - |D| - [10556299] - C:\Program Files\Common files\System ---------- | Tasks [MD5.00000000000000000000000000000000] - [15/04/2019 20:27:00] - |D| - [0] - C:\WINDOWS\Tasks\ImCleanDisabled [MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [03/10/2019 23:55:00] - |AH| - [6] - C:\WINDOWS\Tasks\SA.DAT [MD5.8AA6C468629111C07C39CDA4F773B79F] - [03/10/2019 23:54:59] - |A| - [3924] - C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier : C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_142_Plugin.exe [MD5.E8A060C8F2205FEB16F967BD5A5C09AE] - [03/10/2019 23:54:59] - |A| - [3510] - C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater : C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [MD5.EC30AC3B4A0F851B59F75556C0FD157B] - [03/10/2019 23:54:59] - |A| - [4264] - C:\WINDOWS\System32\Tasks\Avast Emergency Update : C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [MD5.0631ACBBB8D3A47FC3F1168DBFFEEC4B] - [03/10/2019 23:54:59] - |A| - [3856] - C:\WINDOWS\System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) : C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [MD5.B7F45D11A051E9ED91976F4E32AB6634] - [03/10/2019 23:54:59] - |A| - [3272] - C:\WINDOWS\System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) : C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [MD5.00000000000000000000000000000000] - [03/10/2019 23:54:59] - |D| - [6962] - C:\WINDOWS\System32\Tasks\AVAST Software [MD5.01FB3CF4FFDE7EEDB66F052872EE69B0] - [03/10/2019 23:54:59] - |A| - [3332] - C:\WINDOWS\System32\Tasks\AvastUpdateTaskMachineCore : C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [MD5.7E237F2DF0AE670D093E951D04DDCCAD] - [03/10/2019 23:54:59] - |A| - [3556] - C:\WINDOWS\System32\Tasks\AvastUpdateTaskMachineUA : C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [MD5.64082D39E0AD71D33363C20582C93D8A] - [03/10/2019 23:54:59] - |A| - [2988] - C:\WINDOWS\System32\Tasks\CCleaner Update : C:\Program Files\CCleaner\CCUpdate.exe [MD5.45C5A7A02CE31BC93FB9556A0D6B0E65] - [03/10/2019 23:54:59] - |A| - [2220] - C:\WINDOWS\System32\Tasks\CCleanerSkipUAC : "C:\Program Files\CCleaner\CCleaner.exe" [MD5.6AD4CF3D349ACDA214B2147D2BA6C3E3] - [03/10/2019 23:54:59] - |A| - [2334] - C:\WINDOWS\System32\Tasks\DolbySelectorTask : %ProgramFiles%\Dolby Digital Plus\ddp.exe [MD5.9ECFEA108F213A0F3C7EA8F8446F1464] - [03/10/2019 23:54:59] - |A| - [3294] - C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [MD5.A7965877987E15203D1232B2700EE990] - [03/10/2019 23:54:59] - |A| - [3518] - C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [MD5.00000000000000000000000000000000] - [03/10/2019 23:54:59] - |D| - [21574] - C:\WINDOWS\System32\Tasks\Lenovo [MD5.00000000000000000000000000000000] - [19/03/2019 05:52:45] - |D| - [655624] - C:\WINDOWS\System32\Tasks\Microsoft [MD5.75448491F5F71F3E21920430CD4622B2] - [03/10/2019 23:55:00] - |A| - [2452] - C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe : c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [MD5.4568A011B33D9CA0C4E51CA7D7B550D6] - [03/10/2019 23:55:00] - |A| - [2448] - C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_itype_exe : c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [MD5.E5739F0834A4555BE82088DA24E8D228] - [03/10/2019 23:55:00] - |A| - [2504] - C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe : c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [MD5.F5EACDD39DBE1301B29177DF7D18574C] - [03/10/2019 23:55:00] - |A| - [2434] - C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe : c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [MD5.C9BA9C885481C26D6D492B8BA0015657] - [03/10/2019 23:55:00] - |A| - [2430] - C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe : c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [MD5.CE0E61838C45A2197B7A48BA49DEC62C] - [03/10/2019 23:55:00] - |A| - [3196] - C:\WINDOWS\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [MD5.2BDD5079598BA1BE14013D6C214185F5] - [03/10/2019 23:55:00] - |A| - [3398] - C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [MD5.D6E7E563512D61018992A38D791ADD11] - [03/10/2019 23:55:00] - |A| - [3152] - C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : "C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe" [MD5.4C16A7D7D4E05C74CF806CADB99C4205] - [03/10/2019 23:55:00] - |A| - [2914] - C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [MD5.B564BCC10599F1F4E45E4FC3ADC552FE] - [03/10/2019 23:55:00] - |A| - [2984] - C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [MD5.A416713998B405C15DF29DC980393AF6] - [03/10/2019 23:55:00] - |A| - [2744] - C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [MD5.5F883EAEB56981E0F48BCAEF99D5B973] - [03/10/2019 23:55:00] - |A| - [2948] - C:\WINDOWS\System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [MD5.4CDE793964A470F12FE9F58B0AAD589A] - [03/10/2019 23:55:00] - |A| - [2948] - C:\WINDOWS\System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [MD5.862A257979AC4CBA629A07F73BE32C90] - [03/10/2019 23:55:00] - |A| - [2948] - C:\WINDOWS\System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [MD5.00382E1A8F1680DEB7CEF84718D3FD80] - [03/10/2019 23:55:00] - |A| - [2948] - C:\WINDOWS\System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [MD5.DDE47906DC65F0C298783DD36296D8FE] - [03/10/2019 23:55:00] - |A| - [2862] - C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3917520454-1897002642-3725866607-1001 : %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe [MD5.9DF945EE23743DDF8AB14861B78B20D2] - [03/10/2019 23:55:00] - |A| - [3594] - C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1050727674-2070356693-977449066-500 : %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe [MD5.E6FCB52FFFB56508F16F9FEB67EA5DFB] - [03/10/2019 23:55:00] - |A| - [2812] - C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3917520454-1897002642-3725866607-1001 : %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe [MD5.C25CC57BA52C78BD53B7A8851E5BB0D9] - [03/10/2019 23:55:00] - |A| - [2380] - C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3917520454-1897002642-3725866607-500 : %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe [MD5.00000000000000000000000000000000] - [03/10/2019 23:55:00] - |D| - [3062] - C:\WINDOWS\System32\Tasks\S-1-5-21-3917520454-1897002642-3725866607-1001 [MD5.00000000000000000000000000000000] - [03/10/2019 23:55:00] - |D| - [9208] - C:\WINDOWS\System32\Tasks\TVT [MD5.CB90759F670480402CBC58CDE4E8BAB2] - [03/10/2019 23:55:00] - |A| - [3144] - C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{900D2028-AFF2-47B8-B6F9-93F1198FE698} : C:\WINDOWS\system32\msfeedssync.exe [MD5.00000000000000000000000000000000] - [03/10/2019 23:55:00] - |D| - [0] - C:\WINDOWS\System32\Tasks\WPD [MD5.BE938C2183762D9E535FFEA91E4D2057] - [03/10/2019 23:55:00] - |A| - [2254] - C:\WINDOWS\System32\Tasks\{D06BC99E-2779-4741-A96C-25397FFF11AE} : C:\WINDOWS\system32\pcalua.exe [MD5.00000000000000000000000000000000] - [19/03/2019 05:52:46] - |D| - [0] - C:\WINDOWS\Syswow64\Tasks\Microsoft ---------- | Firewall [HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules] "WiFiDirect-KM-Driver-In-TCP"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=System|Name=@wlansvc.dll,-37378|Desc=@wlansvc.dll,-37890|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "WiFiDirect-KM-Driver-Out-TCP"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=System|Name=@wlansvc.dll,-37379|Desc=@wlansvc.dll,-37891|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "WiFiDirect-KM-Driver-In-UDP"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=System|Name=@wlansvc.dll,-37380|Desc=@wlansvc.dll,-37892|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "WiFiDirect-KM-Driver-Out-UDP"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=System|Name=@wlansvc.dll,-37381|Desc=@wlansvc.dll,-37893|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "DeliveryOptimization-TCP-In"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-102|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE| "DeliveryOptimization-UDP-In"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-103|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE| "Netlogon-NamedPipe-In"=v2.30|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|Name=@netlogon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010| "Netlogon-TCP-RPC-In"=v2.30|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%SystemRoot%\System32\lsass.exe|Name=@netlogon.dll,-1008|Desc=@netlogon.dll,-1009|EmbedCtxt=@netlogon.dll,-1010| "WirelessDisplay-In-TCP"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10200|Desc=@wifidisplay.dll,-10201|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Out-TCP"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10202|Desc=@wifidisplay.dll,-10203|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Out-UDP"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10204|Desc=@wifidisplay.dll,-10205|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Infra-In-TCP"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7250|App=%systemroot%\system32\CastSrv.exe|Name=@wifidisplay.dll,-10206|Desc=@wifidisplay.dll,-10207|EmbedCtxt=@wifidisplay.dll,-100| "{E5BDFAB9-ACB8-450E-86B4-742D399A17C0}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=C:\Program Files (x86)\Lenovo\System Update\uncserver.exe|Name=TvsuUNCServer| "{A9ED1D57-12E1-4906-8DC3-41EF03F090FE}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=C:\Program Files (x86)\Lenovo\System Update\uncserver.exe|Name=TvsuUNCServer| "{23329668-6B47-4239-977C-E03D348AB249}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Public|App=C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe|Name=TomTom MyDrive Connect| "{B6B20C52-DD3B-4612-9A0B-892C872FFE00}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=3D Builder|Desc=3D Builder|LUOwn=S-1-5-21-3917520454-1897002642-3725866607-1001|AppPkgId=S-1-15-2-3995430443-3719053022-3339397951-2895237338-2437516106-1575886070-2755610054|EmbedCtxt=3D Builder|Platform=2:6:2|Platform2=GTEQ| "{0B2EB986-E6C7-46BE-9DF0-C132582A7ADD}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Name=3D Builder|Desc=3D Builder|LUOwn=S-1-5-21-3917520454-1897002642-3725866607-1001|AppPkgId=S-1-15-2-3995430443-3719053022-3339397951-2895237338-2437516106-1575886070-2755610054|EmbedCtxt=3D Builder|Platform=2:6:2|Platform2=GTEQ| "{6C955736-5DEE-458F-AD27-502F6D4B92E1}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Origin Games\FIFA 15\fifasetup\fifaconfig.exe|Name=EA SPORTS™ FIFA 15| "{AED070EE-F138-4F9A-845E-9FB0D7FD74E0}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Origin Games\FIFA 15\fifasetup\fifaconfig.exe|Name=EA SPORTS™ FIFA 15| "{EC75F309-E2D8-4411-B993-5DD5ABD46EBE}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Print 3D|Desc=Print 3D|LUOwn=S-1-5-21-3917520454-1897002642-3725866607-1001|AppPkgId=S-1-15-2-4177018473-2823706547-3652141868-2730301309-560159678-43221128-488844051|EmbedCtxt=Print 3D|Platform=2:6:2|Platform2=GTEQ| "{8650E1A0-FED5-4AA2-A7C1-72B0BE1DCE69}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Name=Print 3D|Desc=Print 3D|LUOwn=S-1-5-21-3917520454-1897002642-3725866607-1001|AppPkgId=S-1-15-2-4177018473-2823706547-3652141868-2730301309-560159678-43221128-488844051|EmbedCtxt=Print 3D|Platform=2:6:2|Platform2=GTEQ| "{D2659F82-7967-4FED-8026-683BA9291ABC}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-21-3917520454-1897002642-3725866607-1001|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2:6:2|Platform2=GTEQ| "UDP Query User{61D68006-74D9-412B-98D3-CC6A3D39BD80}C:\program files (x86)\emule\emule.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files (x86)\emule\emule.exe|Name=eMule|Desc=eMule|Defer=User| "TCP Query User{CD8D8082-B2EC-4AA9-B396-F314EAF86FD1}C:\program files (x86)\emule\emule.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files (x86)\emule\emule.exe|Name=eMule|Desc=eMule|Defer=User| "{8631ADC2-BBED-430D-A4E2-62AF8CE183A5}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Name=Xbox TCUI|Desc=Xbox TCUI|LUOwn=S-1-5-21-3917520454-1897002642-3725866607-1001|AppPkgId=S-1-15-2-2603511428-3224021693-1028932517-3941269705-3349582775-2312504883-4057327947|EmbedCtxt=Xbox TCUI|Platform=2:6:2|Platform2=GTEQ| "{C4F2DECC-E94B-4EC9-888C-C248D9D6F926}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Name=Enpass|Desc=Enpass|LUOwn=S-1-5-21-3917520454-1897002642-3725866607-1001|AppPkgId=S-1-15-2-1967885736-1455517788-1203166066-899794527-3106515945-2898599975-3280125973|EmbedCtxt=Enpass|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{6CB6800B-7B38-4696-A49E-3B20E26D03FD}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Name=Enpass|Desc=Enpass|LUOwn=S-1-5-21-3917520454-1897002642-3725866607-1001|AppPkgId=S-1-15-2-1967885736-1455517788-1203166066-899794527-3106515945-2898599975-3280125973|EmbedCtxt=Enpass|Platform=2:6:2|Platform2=GTEQ| "UDP Query User{FEF742D6-203F-4C16-97EB-A843CC44888B}C:\program files (x86)\ubisoft\ubisoft game launcher\games\forhonor\forhonor.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files (x86)\ubisoft\ubisoft game launcher\games\forhonor\forhonor.exe|Name=ForHonor|Desc=ForHonor|Defer=User| "TCP Query User{3C9A556F-81D5-450B-94AC-AF6A01310064}C:\program files (x86)\ubisoft\ubisoft game launcher\games\forhonor\forhonor.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files (x86)\ubisoft\ubisoft game launcher\games\forhonor\forhonor.exe|Name=ForHonor|Desc=ForHonor|Defer=User| "{A66762D1-B25C-4E4F-8951-58B415947C8C}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Windows\SysWOW64\PnkBstrB.exe|Name=PnkBstrB| "{33324E4E-E9F5-407F-81E1-558D0D721F51}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Windows\SysWOW64\PnkBstrB.exe|Name=PnkBstrB| "{E6D60FD1-6123-45D0-A622-F018728FD332}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Windows\SysWOW64\PnkBstrA.exe|Name=PnkBstrA| "{9C98F18A-82ED-45A9-B664-FF88F89E1945}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Windows\SysWOW64\PnkBstrA.exe|Name=PnkBstrA| "{8047A751-61A4-440F-B25D-B3AE6B34415C}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed III\AC3MP.exe|Name=AssassinsCreed3MP| "{524B77BB-AE65-4A2B-A44A-617180A02BFB}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed III\AC3MP.exe|Name=AssassinsCreed3MP| "{B553467F-5B69-4317-831A-CC22ADACC78D}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed III\AC3SP.exe|Name=AssassinsCreed3SP| "{72780597-691D-4011-8150-48772895D66F}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed III\AC3SP.exe|Name=AssassinsCreed3SP| "{815DC56B-430E-42B6-BCCF-DAFE8EC40292}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Name=Cute Cat of the Day|Desc=Cute Cat of the Day|LUOwn=S-1-5-21-3917520454-1897002642-3725866607-1001|AppPkgId=S-1-15-2-2616459601-1616848699-2641358334-3210721505-2004825461-2383131081-58187411|EmbedCtxt=Cute Cat of the Day|Platform=2:6:2|Platform2=GTEQ| "{D33E4E34-7227-498C-9F8E-97A542D8AD57}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Origin Games\Battlefield 1\bf1.exe|Name=Battlefield™ 1 (x64)| "{FDFB8285-F7D8-4F71-9F87-D55C837842FA}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Origin Games\Battlefield 1\bf1.exe|Name=Battlefield™ 1 (x64)| "{3E0668FA-FDFE-421B-8583-107AE116BB29}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Origin Games\Battlefield 1\bf1Trial.exe|Name=Battlefield™ 1 Trial (x64)| "{49EAB950-1C6E-4E70-A0AE-8AC746BA45B5}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Origin Games\Battlefield 1\bf1Trial.exe|Name=Battlefield™ 1 Trial (x64)| "{CB94C791-108C-474F-B05A-DDF15485FCED}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\CCleaner\CCUpdate.exe|Name=CCleaner Update| "{6709C57E-ED80-4845-8950-BD53D611209D}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\CCleaner\CCUpdate.exe|Name=CCleaner Update| "{A451B396-2F8D-440B-87F6-A4E8F2CED4B3}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Name=Twitter|Desc=Twitter|LUOwn=S-1-5-21-3917520454-1897002642-3725866607-1001|AppPkgId=S-1-15-2-1063257880-1914585122-1954150059-946145533-116938067-416079064-1690466945|EmbedCtxt=Twitter|Platform=2:6:2|Platform2=GTEQ| "{E8065C41-9B2B-4491-B0F9-05D59B715D6C}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Name=@{StormGeo.Storm_9.0.0.33_neutral__tr4kkrem4xkzp?ms-resource://StormGeo.Storm/resources/app_name}|Desc=@{StormGeo.Storm_9.0.0.33_neutral__tr4kkrem4xkzp?ms-resource://StormGeo.Storm/resources/app_name}|LUOwn=S-1-5-21-3917520454-1897002642-3725866607-1001|AppPkgId=S-1-15-2-954796649-3127597969-1642061650-1099793247-1687627694-2718604472-1740333007|EmbedCtxt=@{StormGeo.Storm_9.0.0.33_neutral__tr4kkrem4xkzp?ms-resource://StormGeo.Storm/resources/app_name}|Platform=2:6:2|Platform2=GTEQ| "{AF40E6BC-401C-42A9-936A-DFA07392F434}"=v2.27|Action=Allow|Active=TRUE|Dir=In|IF={0727731A-0A01-45BD-A74E-E9D6352E0683}|App=%systemroot%\system32\alg.exe|Name=@ipnathlp.dll,-140|Desc=@ipnathlp.dll,-140|EmbedCtxt=@ipnathlp.dll,-140| "{7A61A912-BF39-43E6-A9BA-6EE09318BE2F}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|IF={0727731A-0A01-45BD-A74E-E9D6352E0683}|App=%systemroot%\system32\svchost.exe|Svc=upnphost|Name=@ipnathlp.dll,-149|Desc=@ipnathlp.dll,-10148|EmbedCtxt=@ipnathlp.dll,-140| "{0591FB03-78C3-4C49-B9CB-64526A18C9CD}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=133:0|IF={0727731A-0A01-45BD-A74E-E9D6352E0683}|Name=@ipnathlp.dll,-148|Desc=@ipnathlp.dll,-10147|EmbedCtxt=@ipnathlp.dll,-140| "{9BA036BF-8163-4B3F-A2DF-8BFB258F35D8}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=547|IF={0727731A-0A01-45BD-A74E-E9D6352E0683}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-142|Desc=@ipnathlp.dll,-10141|EmbedCtxt=@ipnathlp.dll,-140| "{A3D12743-82BB-4511-B254-1D8D0A6D3180}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort=2869|IF={0727731A-0A01-45BD-A74E-E9D6352E0683}|App=System|Name=@ipnathlp.dll,-152|Desc=@ipnathlp.dll,-10151|EmbedCtxt=@ipnathlp.dll,-140| "{B196A4AE-DE98-402E-9B3C-69C6777F504A}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=2869|IF={0727731A-0A01-45BD-A74E-E9D6352E0683}|App=System|Name=@ipnathlp.dll,-146|Desc=@ipnathlp.dll,-10145|EmbedCtxt=@ipnathlp.dll,-140| "{6F3D13B0-CA8E-46B2-B1D4-AC68021CAC8A}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=1900|IF={0727731A-0A01-45BD-A74E-E9D6352E0683}|App=%systemroot%\system32\svchost.exe|Svc=ssdpsrv|Name=@ipnathlp.dll,-150|Desc=@ipnathlp.dll,-10150|EmbedCtxt=@ipnathlp.dll,-140| "{16D8772A-6F17-496C-824F-EFB66D4643C9}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=1900|IF={0727731A-0A01-45BD-A74E-E9D6352E0683}|App=%systemroot%\system32\svchost.exe|Svc=ssdpsrv|Name=@ipnathlp.dll,-147|Desc=@ipnathlp.dll,-10146|EmbedCtxt=@ipnathlp.dll,-140| "{AB94A549-B348-4F5D-B105-AD228BB7A9A6}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=53|IF={0727731A-0A01-45BD-A74E-E9D6352E0683}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-143|Desc=@ipnathlp.dll,-10142|EmbedCtxt=@ipnathlp.dll,-140| "{DF7C7490-A032-45C5-BB79-D8CB45CCA268}"=v2.27|Action=Allow|Active=TRUE|Dir=In|IF={0727731A-0A01-45BD-A74E-E9D6352E0683}|App=%systemroot%\system32\alg.exe|Name=@ipnathlp.dll,-140|Desc=@ipnathlp.dll,-140|EmbedCtxt=@ipnathlp.dll,-140| "{38E49F46-3E76-41B3-B48A-6B94C11F4F28}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|IF={0727731A-0A01-45BD-A74E-E9D6352E0683}|App=%systemroot%\system32\svchost.exe|Svc=upnphost|Name=@ipnathlp.dll,-149|Desc=@ipnathlp.dll,-10148|EmbedCtxt=@ipnathlp.dll,-140| "{914B97F8-D46D-4A49-AED3-95E0572D4C7F}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=133:0|IF={0727731A-0A01-45BD-A74E-E9D6352E0683}|Name=@ipnathlp.dll,-148|Desc=@ipnathlp.dll,-10147|EmbedCtxt=@ipnathlp.dll,-140| "{819D9806-3D7A-4A54-A3E2-3821A13AA628}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=547|IF={0727731A-0A01-45BD-A74E-E9D6352E0683}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-142|Desc=@ipnathlp.dll,-10141|EmbedCtxt=@ipnathlp.dll,-140| "{4CA4804C-AE26-42FC-A4D4-8F8578428A95}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort=2869|IF={0727731A-0A01-45BD-A74E-E9D6352E0683}|App=System|Name=@ipnathlp.dll,-152|Desc=@ipnathlp.dll,-10151|EmbedCtxt=@ipnathlp.dll,-140| "{700F6328-4932-40B4-A147-DCAD113999A0}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=2869|IF={0727731A-0A01-45BD-A74E-E9D6352E0683}|App=System|Name=@ipnathlp.dll,-146|Desc=@ipnathlp.dll,-10145|EmbedCtxt=@ipnathlp.dll,-140| "{7862F756-498D-4DB2-B78C-8ECB2F6B0598}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=1900|IF={0727731A-0A01-45BD-A74E-E9D6352E0683}|App=%systemroot%\system32\svchost.exe|Svc=ssdpsrv|Name=@ipnathlp.dll,-150|Desc=@ipnathlp.dll,-10150|EmbedCtxt=@ipnathlp.dll,-140| "{F7B26F0C-0551-4FF0-956D-45E12ED46355}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=1900|IF={0727731A-0A01-45BD-A74E-E9D6352E0683}|App=%systemroot%\system32\svchost.exe|Svc=ssdpsrv|Name=@ipnathlp.dll,-147|Desc=@ipnathlp.dll,-10146|EmbedCtxt=@ipnathlp.dll,-140| "{EFB1F5FF-D1C1-4C31-AA3D-72A43DD99120}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=53|IF={0727731A-0A01-45BD-A74E-E9D6352E0683}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-143|Desc=@ipnathlp.dll,-10142|EmbedCtxt=@ipnathlp.dll,-140| "{8F677D49-E0A5-4C76-B400-AE89B73E2B43}"=v2.27|Action=Allow|Active=TRUE|Dir=In|IF={0727731A-0A01-45BD-A74E-E9D6352E0683}|App=%systemroot%\system32\alg.exe|Name=@ipnathlp.dll,-140|Desc=@ipnathlp.dll,-140|EmbedCtxt=@ipnathlp.dll,-140| "{06A21952-DF80-4FFC-9747-9F5CCCAB8022}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|IF={0727731A-0A01-45BD-A74E-E9D6352E0683}|App=%systemroot%\system32\svchost.exe|Svc=upnphost|Name=@ipnathlp.dll,-149|Desc=@ipnathlp.dll,-10148|EmbedCtxt=@ipnathlp.dll,-140| "{42A66B7A-9189-4BF0-BE98-D6E81421BE18}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=133:0|IF={0727731A-0A01-45BD-A74E-E9D6352E0683}|Name=@ipnathlp.dll,-148|Desc=@ipnathlp.dll,-10147|EmbedCtxt=@ipnathlp.dll,-140| "{78CEB787-D172-44A7-99BC-FF138340ECBD}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=547|IF={0727731A-0A01-45BD-A74E-E9D6352E0683}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-142|Desc=@ipnathlp.dll,-10141|EmbedCtxt=@ipnathlp.dll,-140| "{4854A719-1C6A-4C91-ADF9-EC682446A34A}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort=2869|IF={0727731A-0A01-45BD-A74E-E9D6352E0683}|App=System|Name=@ipnathlp.dll,-152|Desc=@ipnathlp.dll,-10151|EmbedCtxt=@ipnathlp.dll,-140| "{CC21E634-3127-4B54-A607-3D98E93C8751}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=2869|IF={0727731A-0A01-45BD-A74E-E9D6352E0683}|App=System|Name=@ipnathlp.dll,-146|Desc=@ipnathlp.dll,-10145|EmbedCtxt=@ipnathlp.dll,-140| "{61948F40-910B-46A3-B2B8-2A10E74FEBB7}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=1900|IF={0727731A-0A01-45BD-A74E-E9D6352E0683}|App=%systemroot%\system32\svchost.exe|Svc=ssdpsrv|Name=@ipnathlp.dll,-150|Desc=@ipnathlp.dll,-10150|EmbedCtxt=@ipnathlp.dll,-140| "{AF2FF51A-8693-4048-965D-DC30C65D8F5D}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=1900|IF={0727731A-0A01-45BD-A74E-E9D6352E0683}|App=%systemroot%\system32\svchost.exe|Svc=ssdpsrv|Name=@ipnathlp.dll,-147|Desc=@ipnathlp.dll,-10146|EmbedCtxt=@ipnathlp.dll,-140| "{4D298298-4465-4702-9E3E-FAC6DA57FD95}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=53|IF={0727731A-0A01-45BD-A74E-E9D6352E0683}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-143|Desc=@ipnathlp.dll,-10142|EmbedCtxt=@ipnathlp.dll,-140| "{7EF5B326-A8EF-402F-BAA4-6EE049460EA5}"=v2.27|Action=Allow|Active=TRUE|Dir=In|IF={0727731A-0A01-45BD-A74E-E9D6352E0683}|App=%systemroot%\system32\alg.exe|Name=@ipnathlp.dll,-140|Desc=@ipnathlp.dll,-140|EmbedCtxt=@ipnathlp.dll,-140| "{A035795F-F500-4E9A-998B-2572A7DF7B72}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|IF={0727731A-0A01-45BD-A74E-E9D6352E0683}|App=%systemroot%\system32\svchost.exe|Svc=upnphost|Name=@ipnathlp.dll,-149|Desc=@ipnathlp.dll,-10148|EmbedCtxt=@ipnathlp.dll,-140| "{0B8FC1FA-4D8D-4025-B762-9A46AE8C678A}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=133:0|IF={0727731A-0A01-45BD-A74E-E9D6352E0683}|Name=@ipnathlp.dll,-148|Desc=@ipnathlp.dll,-10147|EmbedCtxt=@ipnathlp.dll,-140| "{EEC7D74E-D870-43FC-BF0A-FF7E6A4866FE}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=547|IF={0727731A-0A01-45BD-A74E-E9D6352E0683}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-142|Desc=@ipnathlp.dll,-10141|EmbedCtxt=@ipnathlp.dll,-140| "{DDD1436C-1FF2-4E2A-B46F-724136F27557}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort=2869|IF={0727731A-0A01-45BD-A74E-E9D6352E0683}|App=System|Name=@ipnathlp.dll,-152|Desc=@ipnathlp.dll,-10151|EmbedCtxt=@ipnathlp.dll,-140| "{B5D7C2BF-1D56-436B-A31F-4AC16ED9A9DA}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=2869|IF={0727731A-0A01-45BD-A74E-E9D6352E0683}|App=System|Name=@ipnathlp.dll,-146|Desc=@ipnathlp.dll,-10145|EmbedCtxt=@ipnathlp.dll,-140| "{F4068545-A470-4250-8DDC-B49B459DA72D}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=1900|IF={0727731A-0A01-45BD-A74E-E9D6352E0683}|App=%systemroot%\system32\svchost.exe|Svc=ssdpsrv|Name=@ipnathlp.dll,-150|Desc=@ipnathlp.dll,-10150|EmbedCtxt=@ipnathlp.dll,-140| "{1E680060-EF1E-493A-B824-1333B6C6EC52}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=1900|IF={0727731A-0A01-45BD-A74E-E9D6352E0683}|App=%systemroot%\system32\svchost.exe|Svc=ssdpsrv|Name=@ipnathlp.dll,-147|Desc=@ipnathlp.dll,-10146|EmbedCtxt=@ipnathlp.dll,-140| "{F3D302A8-BFFF-4E49-9A29-C2C838930289}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=53|IF={0727731A-0A01-45BD-A74E-E9D6352E0683}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-143|Desc=@ipnathlp.dll,-10142|EmbedCtxt=@ipnathlp.dll,-140| "{8F51FBBC-B5BB-4ED8-AAE4-70CBB4982B0E}"=v2.27|Action=Allow|Active=TRUE|Dir=In|IF={0727731A-0A01-45BD-A74E-E9D6352E0683}|App=%systemroot%\system32\alg.exe|Name=@ipnathlp.dll,-140|Desc=@ipnathlp.dll,-140|EmbedCtxt=@ipnathlp.dll,-140| "{73EA9120-3B96-44EA-9AF2-89611F2B99E3}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|IF={0727731A-0A01-45BD-A74E-E9D6352E0683}|App=%systemroot%\system32\svchost.exe|Svc=upnphost|Name=@ipnathlp.dll,-149|Desc=@ipnathlp.dll,-10148|EmbedCtxt=@ipnathlp.dll,-140| "{09F26D24-8D70-4B71-ABB2-A05479DDAFF0}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=133:0|IF={0727731A-0A01-45BD-A74E-E9D6352E0683}|Name=@ipnathlp.dll,-148|Desc=@ipnathlp.dll,-10147|EmbedCtxt=@ipnathlp.dll,-140| "{B419F875-6A08-450C-A4D9-4E5CF54DE135}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=547|IF={0727731A-0A01-45BD-A74E-E9D6352E0683}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-142|Desc=@ipnathlp.dll,-10141|EmbedCtxt=@ipnathlp.dll,-140| "{61923F09-0D64-458F-BB78-5F2754CA10D3}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort=2869|IF={0727731A-0A01-45BD-A74E-E9D6352E0683}|App=System|Name=@ipnathlp.dll,-152|Desc=@ipnathlp.dll,-10151|EmbedCtxt=@ipnathlp.dll,-140| "{B560488D-7476-45F0-A97B-B9918DDA9E8F}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=2869|IF={0727731A-0A01-45BD-A74E-E9D6352E0683}|App=System|Name=@ipnathlp.dll,-146|Desc=@ipnathlp.dll,-10145|EmbedCtxt=@ipnathlp.dll,-140| "{5B38A8CD-A77D-400F-8677-303919E49CF5}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=1900|IF={0727731A-0A01-45BD-A74E-E9D6352E0683}|App=%systemroot%\system32\svchost.exe|Svc=ssdpsrv|Name=@ipnathlp.dll,-150|Desc=@ipnathlp.dll,-10150|EmbedCtxt=@ipnathlp.dll,-140| "{626270DE-9169-4AFE-B4F2-0281BD418891}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=1900|IF={0727731A-0A01-45BD-A74E-E9D6352E0683}|App=%systemroot%\system32\svchost.exe|Svc=ssdpsrv|Name=@ipnathlp.dll,-147|Desc=@ipnathlp.dll,-10146|EmbedCtxt=@ipnathlp.dll,-140| "{17DE8D4D-27A6-466C-A954-118248D2B6F4}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=53|IF={0727731A-0A01-45BD-A74E-E9D6352E0683}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-143|Desc=@ipnathlp.dll,-10142|EmbedCtxt=@ipnathlp.dll,-140| "{6B4AFFA1-B7C4-4248-8EFE-05C3E50FBD4F}"=v2.27|Action=Allow|Active=TRUE|Dir=In|IF={0727731A-0A01-45BD-A74E-E9D6352E0683}|App=%systemroot%\system32\alg.exe|Name=@ipnathlp.dll,-140|Desc=@ipnathlp.dll,-140|EmbedCtxt=@ipnathlp.dll,-140| "{BF2B09FA-E019-4D43-A4FF-28CC5C8A3801}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|IF={0727731A-0A01-45BD-A74E-E9D6352E0683}|App=%systemroot%\system32\svchost.exe|Svc=upnphost|Name=@ipnathlp.dll,-149|Desc=@ipnathlp.dll,-10148|EmbedCtxt=@ipnathlp.dll,-140| "{FE82863A-BCD3-4E9B-9E96-4167170333B3}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=133:0|IF={0727731A-0A01-45BD-A74E-E9D6352E0683}|Name=@ipnathlp.dll,-148|Desc=@ipnathlp.dll,-10147|EmbedCtxt=@ipnathlp.dll,-140| "{948E6413-456C-40AA-A344-CC6DFB083654}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=547|IF={0727731A-0A01-45BD-A74E-E9D6352E0683}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-142|Desc=@ipnathlp.dll,-10141|EmbedCtxt=@ipnathlp.dll,-140| "{66232061-CD6C-432E-BE6D-A601460502AF}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort=2869|IF={0727731A-0A01-45BD-A74E-E9D6352E0683}|App=System|Name=@ipnathlp.dll,-152|Desc=@ipnathlp.dll,-10151|EmbedCtxt=@ipnathlp.dll,-140| "{EEB74150-A04A-43A6-AF56-4B3F32DBBCB4}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=2869|IF={0727731A-0A01-45BD-A74E-E9D6352E0683}|App=System|Name=@ipnathlp.dll,-146|Desc=@ipnathlp.dll,-10145|EmbedCtxt=@ipnathlp.dll,-140| "{F8D4D3BE-1730-4320-ACC1-579642EFB8D1}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=1900|IF={0727731A-0A01-45BD-A74E-E9D6352E0683}|App=%systemroot%\system32\svchost.exe|Svc=ssdpsrv|Name=@ipnathlp.dll,-150|Desc=@ipnathlp.dll,-10150|EmbedCtxt=@ipnathlp.dll,-140| "{25BAA78C-FC59-4FFB-BF3B-BC9B6E848DD4}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=1900|IF={0727731A-0A01-45BD-A74E-E9D6352E0683}|App=%systemroot%\system32\svchost.exe|Svc=ssdpsrv|Name=@ipnathlp.dll,-147|Desc=@ipnathlp.dll,-10146|EmbedCtxt=@ipnathlp.dll,-140| "{ED9A2F90-99B7-4C0E-9875-DA08665DE581}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=53|IF={0727731A-0A01-45BD-A74E-E9D6352E0683}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-143|Desc=@ipnathlp.dll,-10142|EmbedCtxt=@ipnathlp.dll,-140| "UDP Query User{386F13F9-8BD1-4491-A0B4-580F564E83BC}C:\program files (x86)\titanfall 2\titanfall2.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files (x86)\titanfall 2\titanfall2.exe|Name=Titanfall 2|Desc=Titanfall 2|Defer=User| "TCP Query User{10A10FCC-3E07-4D4A-BB77-E0B678228C94}C:\program files (x86)\titanfall 2\titanfall2.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files (x86)\titanfall 2\titanfall2.exe|Name=Titanfall 2|Desc=Titanfall 2|Defer=User| "UDP Query User{0CA5AE8F-9200-4EE2-8E45-FF154C7F683D}C:\program files\tom clancy's ghost recon wildlands\grw.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=C:\program files\tom clancy's ghost recon wildlands\grw.exe|Name=grw|Desc=grw|Defer=User| "TCP Query User{FBA81913-CF8A-4887-81E6-E19958EC4E2D}C:\program files\tom clancy's ghost recon wildlands\grw.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=C:\program files\tom clancy's ghost recon wildlands\grw.exe|Name=grw|Desc=grw|Defer=User| "UDP Query User{7A24F039-DD92-4DA6-8804-566670AD3809}C:\program files (x86)\pro cycling manager 2017\pcm64.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files (x86)\pro cycling manager 2017\pcm64.exe|Name=Pro Cycling Manager|Desc=Pro Cycling Manager|Defer=User| "TCP Query User{CA03F1D6-119A-486C-90B7-A7486CAB595A}C:\program files (x86)\pro cycling manager 2017\pcm64.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files (x86)\pro cycling manager 2017\pcm64.exe|Name=Pro Cycling Manager|Desc=Pro Cycling Manager|Defer=User| "{0F73D2E1-D6A4-40AC-9EF8-AEA7C2EEC346}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-21-3917520454-1897002642-3725866607-500|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2:6:2|Platform2=GTEQ| "{4282FE99-8560-4BC7-9576-5F3ED84E263F}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Name=CheckPoint.VPN|Desc=CheckPoint.VPN|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-3676279713-3632409675-756843784-3388909659-2454753834-4233625902-1413163418|EmbedCtxt=CheckPoint.VPN|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=CheckPoint.VPN|Desc=CheckPoint.VPN|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-3676279713-3632409675-756843784-3388909659-2454753834-4233625902-1413163418|EmbedCtxt=CheckPoint.VPN|Platform=2:6:2|Platform2=GTEQ| "{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{C:\Windows\WinStore\resources.pri?ms-resource://WinStore/resources/DisplayName}|Desc=@{C:\Windows\WinStore\resources.pri?ms-resource://WinStore/resources/Description}|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-2608634532-1453884237-1118350049-1925931850-670756941-1603938316-3764965493|EmbedCtxt=@{C:\Windows\WinStore\resources.pri?ms-resource://WinStore/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ| "{9E3D57FC-7C37-4424-9352-4831E97D029D}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=@{C:\Windows\WinStore\resources.pri?ms-resource://WinStore/resources/DisplayName}|Desc=@{C:\Windows\WinStore\resources.pri?ms-resource://WinStore/resources/Description}|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-2608634532-1453884237-1118350049-1925931850-670756941-1603938316-3764965493|EmbedCtxt=@{C:\Windows\WinStore\resources.pri?ms-resource://WinStore/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ| "{F77E5446-4378-4E99-8B7A-7061AAAEA193}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Name=f5.vpn.client|Desc=f5.vpn.client|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-3873129616-3864902477-3117653462-838095904-2337665935-1018217662-2152729480|EmbedCtxt=f5.vpn.client|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{F64300AD-D559-4000-BD45-0997BCC8E70A}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=f5.vpn.client|Desc=f5.vpn.client|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-3873129616-3864902477-3117653462-838095904-2337665935-1018217662-2152729480|EmbedCtxt=f5.vpn.client|Platform=2:6:2|Platform2=GTEQ| "{EC799E33-72BA-42D7-9127-DEFE68F9799D}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Name=JuniperNetworks.JunosPulseVpn|Desc=JuniperNetworks.JunosPulseVpn|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-413786399-3497379642-531169432-1175633435-3083429259-2317590812-1892764672|EmbedCtxt=JuniperNetworks.JunosPulseVpn|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{D6980480-941A-4DF6-AB81-3734ECD3D779}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=JuniperNetworks.JunosPulseVpn|Desc=JuniperNetworks.JunosPulseVpn|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-413786399-3497379642-531169432-1175633435-3083429259-2317590812-1892764672|EmbedCtxt=JuniperNetworks.JunosPulseVpn|Platform=2:6:2|Platform2=GTEQ| "{560448D6-095C-4907-B046-AC7F710701A7}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Name=SonicWALL.MobileConnect|Desc=SonicWALL.MobileConnect|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-1141404472-3582312691-3771565717-2155153689-4284170330-1053580937-782359393|EmbedCtxt=SonicWALL.MobileConnect|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=SonicWALL.MobileConnect|Desc=SonicWALL.MobileConnect|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-1141404472-3582312691-3771565717-2155153689-4284170330-1053580937-782359393|EmbedCtxt=SonicWALL.MobileConnect|Platform=2:6:2|Platform2=GTEQ| "{3F8A67EC-8A35-47CC-BAA9-29128BEEC953}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Origin Games\Crysis 3\Bin32\Crysis3.exe|Name=Crysis®3| "{70062535-6ECA-469F-BE30-DAB1145A7444}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Origin Games\Crysis 3\Bin32\Crysis3.exe|Name=Crysis®3| "TCP Query User{58944EA5-7767-4392-BF16-E3095862F3FB}C:\program files (x86)\call of duty black ops iii\blackops3.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files (x86)\call of duty black ops iii\blackops3.exe|Name=blackops3|Desc=blackops3| "UDP Query User{A0C9C297-B3C0-4EB0-8868-ED37F037DA9D}C:\program files (x86)\call of duty black ops iii\blackops3.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files (x86)\call of duty black ops iii\blackops3.exe|Name=blackops3|Desc=blackops3| "{6F411B8C-12C0-4396-98C3-2AC97819E92E}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (TCP-In) (User)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE| "{DE2812C1-E5A2-4EC9-A4EC-19D42700D1C8}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (TCP-Out) (User)|Desc=Allow µTorrent network traffic| "{5FCB21B1-F55D-4A06-BEEC-B4C3D326E55C}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (UDP-In) (User)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE| "{31179EFC-28FD-46CC-A7FD-C5DDB825BCE6}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (User)| "{E48FAA80-5427-4CD6-B68E-602E932D61E3}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (User)| "{C0DC0A9C-EEC3-45F2-979E-08DBDB822C14}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (UDP-Out) (User)|Desc=Allow µTorrent network traffic| "TCP Query User{C24B8EB3-D329-4DCD-9771-03048C768950}C:\program files (x86)\call of duty modern warfare remastered\h1_sp64_ship.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files (x86)\call of duty modern warfare remastered\h1_sp64_ship.exe|Name=Call of Duty: Modern Warfare Remastered|Desc=Call of Duty: Modern Warfare Remastered| "UDP Query User{9ECE75A5-DB63-46B5-B380-5220378E524F}C:\program files (x86)\call of duty modern warfare remastered\h1_sp64_ship.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files (x86)\call of duty modern warfare remastered\h1_sp64_ship.exe|Name=Call of Duty: Modern Warfare Remastered|Desc=Call of Duty: Modern Warfare Remastered| "{F91CBBAB-DE76-4799-A34E-8FF6675F3CF2}"=v2.26|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE|Name=CyberLink PowerDirector|Desc=CyberLink PowerDirector| "{00B28646-F37A-4ADB-9584-B9AD1F0B78C2}"=v2.26|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe|Name=CyberLink PowerDVD 10.0|Desc=CyberLink PowerDVD 10.0| "{812B9967-04E4-4008-A46F-8BF40BE18FDC}"=v2.26|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE|Name=CyberLink PowerDVD 10.0|Desc=CyberLink PowerDVD 10.0| "{23534307-BAD5-4BF6-8093-7038C787FD1C}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe|Name=SHAREit.exe| "{AA93D1CC-1FB8-45DB-A617-7EB9C3AAB136}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe|Name=SHAREit.exe| "TCP Query User{F73AA5B3-2DD6-4975-865A-713D727E7734}C:\program files (x86)\far cry 4\bin\farcry4.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files (x86)\far cry 4\bin\farcry4.exe|Name=Far Cry 4|Desc=Far Cry 4|Defer=User| "UDP Query User{90DAB780-B23A-42BE-B3A8-4F4B75AB057A}C:\program files (x86)\far cry 4\bin\farcry4.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files (x86)\far cry 4\bin\farcry4.exe|Name=Far Cry 4|Desc=Far Cry 4|Defer=User| "TCP Query User{22056B8A-AB1B-491F-9D42-903D4E8D8E81}C:\program files (x86)\total war rome ii\rome2.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files (x86)\total war rome ii\rome2.exe|Name=Total War: Rome II|Desc=Total War: Rome II|Defer=User| "UDP Query User{08CF0925-F6F0-47EA-BA8A-E3CA36C626C9}C:\program files (x86)\total war rome ii\rome2.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files (x86)\total war rome ii\rome2.exe|Name=Total War: Rome II|Desc=Total War: Rome II|Defer=User| "{B71659EE-0601-4311-A087-121B4AAE673E}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Origin Games\Titanfall\Titanfall.exe|Name=Titanfall™ (x64)| "{26079B79-A3D5-4F6C-B78D-BDAA82A6A32A}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Origin Games\Titanfall\Titanfall.exe|Name=Titanfall™ (x64)| "TCP Query User{4871A6EE-0656-4A65-975A-A15C904A0AAA}C:\program files (x86)\origin games\star wars battlefront\starwarsbattlefront.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files (x86)\origin games\star wars battlefront\starwarsbattlefront.exe|Name=STAR WARS™ Battlefront™|Desc=STAR WARS™ Battlefront™|Defer=User| "UDP Query User{11CC9ED0-6CF0-499F-9526-8FC90F38EFA2}C:\program files (x86)\origin games\star wars battlefront\starwarsbattlefront.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files (x86)\origin games\star wars battlefront\starwarsbattlefront.exe|Name=STAR WARS™ Battlefront™|Desc=STAR WARS™ Battlefront™|Defer=User| "{07F3DB5B-87BD-4701-A1BB-B9ED9EB18082}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=C:\Program Files\DriversCloud.com\DriversCloud.exe|Name=DriversCloud| "{C1ED7FD2-BB01-4475-8B24-A998F208A40C}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=C:\Program Files\DriversCloud.com\DriversCloud.exe|Name=DriversCloud| "{C96C8E38-CB8D-43B0-AB4D-6715C94C4068}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Mr DJ\Dragon Age Inquisition Deluxe Edition\DragonAgeInquisition.exe|Name=DragonAgeInquisition.exe| "{01E16232-A66F-44A7-AD75-C1AF038ABA9D}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Mr DJ\Dragon Age Inquisition Deluxe Edition\DragonAgeInquisition.exe|Name=DragonAgeInquisition.exe| "TCP Query User{0BAEC83A-957C-4018-BCB7-AA696D59D024}C:\program files (x86)\far cry primal\bin\fcprimal.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files (x86)\far cry primal\bin\fcprimal.exe|Name=Far Cry Primal|Desc=Far Cry Primal| "UDP Query User{6D3791F0-F974-4481-A4CD-01730ECDE8D6}C:\program files (x86)\far cry primal\bin\fcprimal.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files (x86)\far cry primal\bin\fcprimal.exe|Name=Far Cry Primal|Desc=Far Cry Primal| "TCP Query User{1A71F6C1-B34D-44FA-87D8-EF0ABAB10B71}C:\program files (x86)\homefront the revolution\bin64\homefront2_release.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files (x86)\homefront the revolution\bin64\homefront2_release.exe|Name=homefront2_release|Desc=homefront2_release|Defer=User| "UDP Query User{6ECDB5B6-7DD0-4B71-8E32-A85D20B4ECDC}C:\program files (x86)\homefront the revolution\bin64\homefront2_release.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files (x86)\homefront the revolution\bin64\homefront2_release.exe|Name=homefront2_release|Desc=homefront2_release|Defer=User| "{83000E9D-E5AC-4D06-995E-5B43E148A484}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's Ghost Recon Future Soldier\Future Soldier DX11.exe|Name=Future Soldier DX11| "{E16A2574-402B-4C3D-9048-050EEF62BD33}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's Ghost Recon Future Soldier\Future Soldier DX11.exe|Name=Future Soldier DX11| "{CFFF5E1E-AB1D-48AA-B51A-C90E73A5BFAC}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's Ghost Recon Future Soldier\Future Soldier DX9.exe|Name=Future Soldier DX9| "{00C998E6-375B-4C2C-9BC9-A8FEC92160FC}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's Ghost Recon Future Soldier\Future Soldier DX9.exe|Name=Future Soldier DX9| "TCP Query User{17697D3C-0F65-4ED3-903B-257FE19222A8}C:\program files (x86)\ubisoft\ubisoft game launcher\games\tom clancy's the division\thedivision.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files (x86)\ubisoft\ubisoft game launcher\games\tom clancy's the division\thedivision.exe|Name=Tom Clancy's The Division|Desc=Tom Clancy's The Division|Defer=User| "UDP Query User{8BE28941-1CD6-4B0C-B98D-770516813EAE}C:\program files (x86)\ubisoft\ubisoft game launcher\games\tom clancy's the division\thedivision.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files (x86)\ubisoft\ubisoft game launcher\games\tom clancy's the division\thedivision.exe|Name=Tom Clancy's The Division|Desc=Tom Clancy's The Division|Defer=User| "{2A6A024F-604E-4B0C-A621-21D93E651660}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe|Name=ESN Sonar Host Application| "{386F27EB-0CED-4EA9-B217-3762C9E8FB66}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe|Name=ESN Sonar Host Application| "{682FC460-7486-4577-811E-69AE492B940A}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Mass Effect Andromeda\MassEffectAndromedaTrial.exe|Name=Mass Effect™: Andromeda Trial (x64)| "{4281ECD0-8F29-4E32-8923-FF2836A8EA44}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Mass Effect Andromeda\MassEffectAndromedaTrial.exe|Name=Mass Effect™: Andromeda Trial (x64)| "{A1FF79C5-BA50-4BA6-AF6D-DBDC1D5CEE9F}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Mass Effect Andromeda\MassEffectAndromeda.exe|Name=Mass Effect™: Andromeda (x64)| "{0025743C-1544-4F26-BFEC-04A26CC94CE4}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Mass Effect Andromeda\MassEffectAndromeda.exe|Name=Mass Effect™: Andromeda (x64)| "TCP Query User{5603C85A-38A2-418D-9B66-92D170E93C34}C:\program files (x86)\prey\binaries\danielle\x64\release\prey.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files (x86)\prey\binaries\danielle\x64\release\prey.exe|Name=Prey|Desc=Prey|Defer=User| "UDP Query User{95174C76-4F96-4987-90C3-BE6036154671}C:\program files (x86)\prey\binaries\danielle\x64\release\prey.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files (x86)\prey\binaries\danielle\x64\release\prey.exe|Name=Prey|Desc=Prey|Defer=User| "TCP Query User{096371CE-B943-45D6-8A46-A3286C2F4139}C:\program files (x86)\sniper.ghost.warrior.3.spe.cracked\win_x64\sgw3.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files (x86)\sniper.ghost.warrior.3.spe.cracked\win_x64\sgw3.exe|Name=sgw3|Desc=sgw3|Defer=User| "UDP Query User{2F79B6FE-6360-4BA0-A0CD-0AE5ACD9DB4B}C:\program files (x86)\sniper.ghost.warrior.3.spe.cracked\win_x64\sgw3.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files (x86)\sniper.ghost.warrior.3.spe.cracked\win_x64\sgw3.exe|Name=sgw3|Desc=sgw3|Defer=User| "TCP Query User{DAF28FAD-87CF-412D-9F0F-8D259BE39160}C:\program files (x86)\pro evolution soccer 2018\pes2018.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files (x86)\pro evolution soccer 2018\pes2018.exe|Name=Pro Evolution Soccer 2018|Desc=Pro Evolution Soccer 2018|Defer=User| "UDP Query User{3731AA28-819C-4CE9-AC01-6BC818DD2821}C:\program files (x86)\pro evolution soccer 2018\pes2018.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files (x86)\pro evolution soccer 2018\pes2018.exe|Name=Pro Evolution Soccer 2018|Desc=Pro Evolution Soccer 2018|Defer=User| "{F1C92995-EC59-4579-A55D-3D87E604BAC6}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=9103|App=C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Steep\steep.exe|Name=STEEP| "TCP Query User{DC8920A8-CD0D-473F-95E4-E27357B390A0}C:\program files (x86)\bkool indoor\bkoolindoor.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files (x86)\bkool indoor\bkoolindoor.exe|Name=bkoolindoor|Desc=bkoolindoor|Defer=User| "UDP Query User{4A9063D7-7F27-42B8-ADEB-DAB5A126D500}C:\program files (x86)\bkool indoor\bkoolindoor.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files (x86)\bkool indoor\bkoolindoor.exe|Name=bkoolindoor|Desc=bkoolindoor|Defer=User| "{BCD3BFBE-4CBD-453F-8C6E-2FF5FFD80D2B}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-18|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2:6:2|Platform2=GTEQ| "{65EAB233-892B-44F2-BD37-6DF909B2AAF9}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Pay|Desc=Microsoft Pay|LUOwn=S-1-5-21-3917520454-1897002642-3725866607-1001|AppPkgId=S-1-15-2-567501097-281763132-502764112-1855211022-3143306454-2372101908-561929011|EmbedCtxt=Microsoft Pay|Platform=2:6:2|Platform2=GTEQ| "{9D621B10-48F4-456C-96DA-0232F48D96F9}"=v2.30|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files\BlueStacks\HD-Player.exe|Name=BlueStacks Service| "{0A11AEFD-8F02-4904-82AD-423C660A4FC5}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Shell Input Application|Desc=Shell Input Application|LUOwn=S-1-5-21-3917520454-1897002642-3725866607-1001|AppPkgId=S-1-15-2-3945102849-3632965805-3846928828-240845225-3300287824-62672950-817265009|EmbedCtxt=Shell Input Application|Platform=2:6:2|Platform2=GTEQ| "{6324989F-2CCF-4528-A3AB-5878ACE71566}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Ghost Recon Breakpoint\GRB_BE.exe|Name=GRB UDP| "{310EA92F-7EE3-4F4C-BA0D-4227D23EAC2C}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Ghost Recon Breakpoint\GRB_BE.exe|Name=GRB TCP| "{1DD73650-95D0-47B9-B6BE-DF998B5C14DC}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe|Name=Avast Secure Browser (mDNS-In)|Desc=Règle de trafic entrant pour Avast Secure Browser autorisant le trafic mDNS|EmbedCtxt=Avast Secure Browser| "{E73D1C7E-F81D-450B-BD7E-48F5B75402C0}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's The Division 2\TheDivision2.exe|Name=Tom Clancy's The Division® 2| "{EAAFBFE6-CFDC-4B87-94B9-D1ACB27C04D0}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-3917520454-1897002642-3725866607-1001|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ| "{DA0B65DD-4B07-4C29-BB08-57DE9819515E}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-3917520454-1897002642-3725866607-1001|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ| "{AAD18CB6-526B-40EF-81C5-820EDC1D0D2D}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox Game Bar Plugin|Desc=Xbox Game Bar Plugin|LUOwn=S-1-5-21-3917520454-1897002642-3725866607-1001|AppPkgId=S-1-15-2-1823635404-1364722122-2170562666-1762391777-2399050872-3465541734-3732476201|EmbedCtxt=Xbox Game Bar Plugin|Platform=2:6:2|Platform2=GTEQ| "{818F00E8-80C7-4E64-A40E-E14E631A9535}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox Game Bar|Desc=Xbox Game Bar|LUOwn=S-1-5-21-3917520454-1897002642-3725866607-1001|AppPkgId=S-1-15-2-1714399563-1326177402-2048222277-143663168-2151391019-765408921-4098702777|EmbedCtxt=Xbox Game Bar|Platform=2:6:2|Platform2=GTEQ| "{14FE2AC3-5C66-411F-B34F-CECC69DFA52F}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox Game Bar|Desc=Xbox Game Bar|LUOwn=S-1-5-21-3917520454-1897002642-3725866607-1001|AppPkgId=S-1-15-2-1714399563-1326177402-2048222277-143663168-2151391019-765408921-4098702777|EmbedCtxt=Xbox Game Bar|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{54BB0ED9-5C59-4132-9BF0-68A0F718F97E}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Drawboard PDF|Desc=Drawboard PDF|LUOwn=S-1-5-21-3917520454-1897002642-3725866607-1001|AppPkgId=S-1-15-2-322285978-2192210518-103585702-1010742177-1469442655-3072196753-4112280351|EmbedCtxt=Drawboard PDF|Platform=2:6:2|Platform2=GTEQ| "{DDC8331D-37A0-4503-86A2-3C8652D0C208}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Drawboard PDF|Desc=Drawboard PDF|LUOwn=S-1-5-21-3917520454-1897002642-3725866607-1001|AppPkgId=S-1-15-2-322285978-2192210518-103585702-1010742177-1469442655-3072196753-4112280351|EmbedCtxt=Drawboard PDF|Platform=2:6:2|Platform2=GTEQ| "{2D2ADFB7-7DFA-408C-A29B-F2F84BE0D7C7}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-3917520454-1897002642-3725866607-1001|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ| "{F05B2C18-0722-4172-9526-4906BCB5C469}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-3917520454-1897002642-3725866607-1001|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ| "{72FC9D46-D3D5-471C-994C-17020ACDDAE0}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Origin Games\Battlefield V\bfvTrial.exe|Name=Battlefield™ V Trial (x64)| "{5E20D5E9-AAFC-4765-B72D-E7E400E16623}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Origin Games\Battlefield V\bfvTrial.exe|Name=Battlefield™ V Trial (x64)| "{2576F4D3-95E9-4833-8A50-E64632CB64D3}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Origin Games\Battlefield V\bfv.exe|Name=Battlefield™ V (x64)| "{32374524-E67A-456E-B3AF-C40A47F90DDA}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Origin Games\Battlefield V\bfv.exe|Name=Battlefield™ V (x64)| "{E1F1CDB0-6595-4467-B7F3-FFE1C599E301}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files (x86)\Google\Chrome\Application\chrome.exe|Name=Google Chrome (mDNS-In)|Desc=Règle de trafic entrant pour Google Chrome autorisant le trafic mDNS|EmbedCtxt=Google Chrome| ---------- | Control\Class [HKLM\SYSTEM\CurrentControlSet\Control\Class\{05f5cfe2-4733-4950-a6bb-07aad01a3a84}] : (XboxComposite) [] -> @dc1-controller.inf,%ClassName%;Xbox Peripherals [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1264760F-A5C8-4BFE-B314-D56A7B44A362}] : (DXGKrnl) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{13e42dfa-85d9-424d-8646-28a70f864f9c}] : (RemotePosDevice) [] -> @remoteposdrv.inf,%ClassName%;POS Remote Device [HKLM\SYSTEM\CurrentControlSet\Control\Class\{14b62f50-3f15-11dd-ae16-0800200c9a66}] : (DigitalMediaDevices) [] -> @digitalmediadevice.inf,%ClassName%;Digital Media Devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}] : (PrintQueue) [] -> @printqueue.inf,%ClassName%;Print queues [HKLM\SYSTEM\CurrentControlSet\Control\Class\{25dbce51-6c8f-4a72-8a6d-b54c2b4fc835}] : (WCEUSBS) [] -> @%SystemRoot%\System32\SysClass.Dll,-3026 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{268c95a1-edfe-11d3-95c3-0010dc4050a5}] : (SecurityAccelerator) [] -> @c_sslaccel.inf,%ClassName%;Security accelerators [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2a9fe532-0cdc-44f9-9827-76192f2ca2fb}] : (HidMsr) [] -> @c_magneticstripereader.inf,%ClassName%;POS HID Magnetic Stripe Reader [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2db15374-706e-4131-a0c7-d7c78eb0289a}] : (SystemRecovery) [] -> @c_fssystemrecovery.inf,%ClassDesc%;FS System recovery filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2EA9B43F-3045-43B5-80F2-FD06C55FBB90}] : (vhdmp) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B648}] : (fvevol) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B649}] : (fvevol) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{36fc9e60-c465-11cf-8056-444553540000}] : (USB) [] -> @%SystemRoot%\System32\SysClass.Dll,-3025 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3e3f0674-c83c-4558-bb26-9820e1eba5c5}] : (ContentScreener) [] -> @c_fscontentscreener.inf,%ClassDesc%;FS Content screener filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{43675d81-502a-4a82-9f84-b75f418c5dea}] : (Media Center Extender) [] -> @c_mcx.inf,%ClassDesc%;Media Center Extenders [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4658ee7e-f050-11d1-b6bd-00c04fa372a7}] : (PnpPrinters) [] -> @%SystemRoot%\system32\ntprint.dll,-1300 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{48721b56-6795-11d2-b1a8-0080c72e74a2}] : (Dot4) [] -> @%SystemRoot%\system32\sysclass.dll,-3023 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{48d3ebc4-4cf8-48ff-b869-9c68ad42eb9f}] : (Replication) [] -> @c_fsreplication.inf,%ClassDesc%;FS Replication filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{49ce6ac8-6f86-11d2-b1e5-0080c72e74a2}] : (Dot4Print) [] -> @%SystemRoot%\system32\sysclass.dll,-3024 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e965-e325-11ce-bfc1-08002be10318}] : (CDROM) [] -> @%SystemRoot%\System32\StorProp.dll,-17001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e966-e325-11ce-bfc1-08002be10318}] : (Computer) [] -> @%SystemRoot%\System32\SysClass.dll,-3000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}] : (DiskDrive) [] -> @c_diskdrive.inf,%ClassDesc%;Disk drives [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}] : (Display) [] -> @c_display.inf,%ClassDesc%;Display adapters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e969-e325-11ce-bfc1-08002be10318}] : (FDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3013 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96a-e325-11ce-bfc1-08002be10318}] : (HDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96b-e325-11ce-bfc1-08002be10318}] : (Keyboard) [] -> @%SystemRoot%\System32\SysClass.Dll,-3002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96c-e325-11ce-bfc1-08002be10318}] : (MEDIA) [] -> @c_media.inf,%ClassDesc%;Sound, video and game controllers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}] : (Modem) [] -> @%SystemRoot%\System32\mdminst.dll,-14100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96e-e325-11ce-bfc1-08002be10318}] : (Monitor) [] -> @c_monitor.inf,%ClassDesc%;Monitors [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96f-e325-11ce-bfc1-08002be10318}] : (Mouse) [] -> @%SystemRoot%\System32\SysClass.Dll,-3004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e970-e325-11ce-bfc1-08002be10318}] : (MTD) [] -> @%SystemRoot%\System32\SysClass.Dll,-3021 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e971-e325-11ce-bfc1-08002be10318}] : (MultiFunction) [] -> @%SystemRoot%\System32\SysClass.Dll,-3014 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}] : (Net) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1502 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e973-e325-11ce-bfc1-08002be10318}] : (NetClient) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1504 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e974-e325-11ce-bfc1-08002be10318}] : (NetService) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1505 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e975-e325-11ce-bfc1-08002be10318}] : (NetTrans) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1503 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e977-e325-11ce-bfc1-08002be10318}] : (PCMCIA) [] -> @%SystemRoot%\System32\SysClass.Dll,-3010 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e978-e325-11ce-bfc1-08002be10318}] : (Ports) [] -> @%SystemRoot%\System32\msports.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e979-e325-11ce-bfc1-08002be10318}] : (Printer) [] -> @%SystemRoot%\system32\ntprint.dll,-1004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97b-e325-11ce-bfc1-08002be10318}] : (SCSIAdapter) [] -> @%SystemRoot%\System32\SysClass.Dll,-3005 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97d-e325-11ce-bfc1-08002be10318}] : (System) [] -> @%SystemRoot%\System32\SysClass.Dll,-3008 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97e-e325-11ce-bfc1-08002be10318}] : (Unknown) [] -> @%SystemRoot%\System32\SysClass.Dll,-3009 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e980-e325-11ce-bfc1-08002be10318}] : (FloppyDisk) [] -> @%SystemRoot%\System32\SysClass.Dll,-3015 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4fc9541c-0fe6-4480-a4f6-9495a0d17cd2}] : (HidLineDisplay) [] -> @c_linedisplay.inf,%ClassName%;POS Line Display [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50127dc3-0f36-415e-a6cc-4cb3be910b65}] : (Processor) [] -> @c_processor.inf,%ClassDesc%;Processors [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50906cb8-ba12-11d1-bf5d-0000f805f530}] : (MultiPortSerial) [] -> @%SystemRoot%\system32\sysclass.dll,-3022 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5099944a-f6b9-4057-a056-8c550228544c}] : (Memory) [] -> @%SystemRoot%\System32\SysClass.Dll,-3018 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50dd5230-ba8a-11d1-bf5d-0000f805f530}] : (SmartCardReader) [] -> @%SystemRoot%\System32\StorProp.dll,-17002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5175d334-c371-4806-b3ba-71fd53c9258d}] : (Sensor) [] -> @%SystemRoot%\system32\SensorsCpl.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{533c5b84-ec70-11d2-9505-00c04f79deaf}] : (VolumeSnapshot) [] -> @%SystemRoot%\System32\SysClass.Dll,-3011 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53487c23-680f-4585-acc3-1f10d6777e82}] : (SmrDisk) [] -> @c_smrdisk.inf,%ClassDesc%;Shingled magnetic recording disks [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53966cb1-4d46-4166-bf23-c522403cd495}] : (ScmDisk) [] -> @c_scmdisk.inf,%ClassDesc%;Persistent memory disks [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53b3cf03-8f5a-4788-91b6-d19ed9fcccbf}] : (SmrVolume) [] -> @c_smrvolume.inf,%ClassDesc%;Shingled magnetic recording volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53ccb149-e543-4c84-b6e0-bce4f6b7e806}] : (ScmVolume) [] -> @c_scmvolume.inf,%ClassDesc%;Storage Class Memory volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53d29ef7-377c-4d14-864b-eb3a85769359}] : (Biometric) [] -> @%SystemRoot%\System32\SysClass.DLL,-3028 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5630831c-06c9-4856-b327-f5d32586e060}] : (Proximity) [] -> @c_proximity.inf,%ClassDesc%;Proximity devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5989fce8-9cd0-467d-8a6a-5419e31529d4}] : (AudioProcessingObject) [] -> @c_apo.inf,%ClassDesc%;Audio Processing Objects (APOs) [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5aea001d-9372-4ed7-97f3-b79bf15a53c5}] : (OposLegacyDevice) [] -> @oposdrv.inf,%ClassName%;OPOS Legacy Device [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5c4c3332-344d-483c-8739-259e934c9cc8}] : (SoftwareComponent) [] -> @c_swcomponent.inf,%ClassDesc%;Software components [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5d1b9aaa-01e2-46af-849f-272b3f324c46}] : (FSFilterSystem) [] -> @c_fssystem.inf,%ClassDesc%;FS System filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{62f9c741-b25a-46ce-b54c-9bccce08b6f2}] : (SoftwareDevice) [] -> @c_swdevice.inf,%ClassDesc%;Software devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{645ad99b-1344-4316-837a-08a3e73db222}] : (PerceptionSimulation) [] -> @PerceptionSimulationSixDof.inf,%ClassName%;Perception Simulation Controllers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6a0a8e78-bba6-4fc4-a709-1e33cd09d67e}] : (PhysicalQuotaManagement) [] -> @c_fsphysicalquotamgmt.inf,%ClassDesc%;FS Physical quota management filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc1-810f-11d0-bec7-08002be2092f}] : (1394) [] -> @%SystemRoot%\System32\SysClass.Dll,-3016 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc5-810f-11d0-bec7-08002be2092f}] : (Infrared) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1501 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc6-810f-11d0-bec7-08002be2092f}] : (Image) [] -> @%SystemRoot%\system32\sti_ci.dll,-52 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6d807884-7d21-11cf-801c-08002be10318}] : (TapeDrive) [] -> @%SystemRoot%\System32\SysClass.Dll,-3006 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6FAE73B7-B735-4B50-A0DA-0DC2484B1F1A}] : (BasicDisplay) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{71a27cdd-812a-11d0-bec7-08002be2092f}] : (Volume) [] -> @c_volume.inf,%ClassDesc%;Storage volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{71aa14f8-6fad-4622-ad77-92bb9d7e6947}] : (ContinuousBackup) [] -> @c_fscontinuousbackup.inf,%ClassDesc%;FS Continuous backup filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{72631e54-78a4-11d0-bcf7-00aa00b7b32a}] : (Battery) [] -> @%SystemRoot%\system32\powrprof.dll,-611 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{745a17a0-74d3-11d0-b6fe-00a0c90f57da}] : (HIDClass) [] -> @%SystemRoot%\System32\hid.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{772e18f2-8925-4229-a5ac-6453cb482fda}] : (HidCashDrawer) [] -> @c_cashdrawer.inf,%ClassName%;POS Cash Drawer [HKLM\SYSTEM\CurrentControlSet\Control\Class\{7ebefbc0-3200-11d2-b4c2-00a0c9697d07}] : (61883) [] -> @%SystemRoot%\System32\SysClass.Dll,-3019 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{81C87465-DE07-4EFC-9D93-61E891D52FD2}] : (RdpVideoMiniport) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8496e87e-c0a1-4102-9d8d-bd9a9b8b07a9}] : (WDC_SAM) [] -> @oem26.inf,%WDC_SAM_ClassName%;WD Drive Management devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8503c911-a6c7-4919-8f79-5028f5866b0c}] : (QuotaManagement) [] -> @c_fsquotamgmt.inf,%ClassDesc%;FS Quota management filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{87ef9ad1-8f70-49ee-b215-ab1fcadcbe3c}] : (NetDriver) [] -> @c_netdriver.inf,%ClassDesc%;Universal Network Drivers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{88a1c342-4539-11d3-b88d-00c04fad5171}] : (TS_Generic) [] -> @ts_generic.inf,%TSClassName%;Generic Remote Desktop devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{88bae032-5a81-49f0-bc3d-a4ff138216d6}] : (USBDevice) [] -> @%SystemRoot%\System32\SysClass.Dll,-3029 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{89786ff1-9c12-402f-9c9e-17753c7f4375}] : (CopyProtection) [] -> @c_fscopyprotection.inf,%ClassDesc%;FS Copy protection filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8ecc055d-047f-11d1-a537-0000f8753ed1}] : (LegacyDriver) [] -> @%SystemRoot%\System32\SysClass.Dll,-3003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{990a2bd7-e738-46c7-b26f-1cf8fb9f1391}] : (SmartCard) [] -> @%SystemRoot%\System32\SysClass.DLL,-3031 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{9da2b80f-f89f-4a49-a5c2-511b085b9e8a}] : (EhStorSilo) [] -> @rawsilo.inf,%ClassName%;IEEE 1667 silo and control devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a588a4-c46f-4b37-b7ea-c82fe89870c6}] : (SDHost) [] -> @%SystemRoot%\System32\SysClass.Dll,-3012 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a701c0-a511-42ff-aa6c-06dc0395576f}] : (Encryption) [] -> @c_fsencryption.inf,%ClassDesc%;FS Encryption filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{A3E32DBA-BA89-4F17-8386-2D0127FBD4CC}] : (rdpbus) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{A73C93F1-9727-4D1D-ACE1-0E333BA4E7DB}] : (nvlddmkm) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b1d1a169-c54f-4379-81db-bee7d88d7454}] : (AntiVirus) [] -> @c_fsantivirus.inf,%ClassDesc%;FS Anti-virus filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b2728d24-ac56-42db-9e02-8edaf5db652f}] : (RDCamera) [] -> @rdcameradriver.inf,%ClassName%;Remote Desktop Camera devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b86dff51-a31e-4bac-b3cf-e8cfe75c9fc2}] : (ActivityMonitor) [] -> @c_fsactivitymonitor.inf,%ClassDesc%;FS Activity monitor filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{bbbe8734-08fa-4966-b6a6-4e5ad010cdd7}] : (USBFunctionController) [] -> @%SystemRoot%\System32\SysClass.Dll,-3030 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c06ff265-ae09-48f0-812c-16753d7cba83}] : (AVC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3027 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c166523c-fe0c-4a94-a586-f1a80cfbbf3e}] : (AudioEndpoint) [] -> @audioendpoint.inf,%ClassName%;Audio inputs and outputs [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c243ffbd-3afc-45e9-b3d3-2ba18bc7ebc5}] : (BarcodeScanner) [] -> @c_barcodescanner.inf,%ClassName%;POS Barcode Scanner [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c30ecea0-11ef-4ef9-b02e-6af81e6e65c0}] : (WSDPrintDevice) [] -> @wsdprint.inf,%ClassName%;WSD Print Provider [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c7bc9b22-21f0-4f0d-9bb6-66c229b8cd33}] : (POSPrinter) [] -> @c_receiptprinter.inf,%ClassName%;POS Receipt Printer [HKLM\SYSTEM\CurrentControlSet\Control\Class\{ca3e7ab9-b4c3-4ae6-8251-579ef933890f}] : (Camera) [] -> @c_camera.inf,%ClassDesc%;Cameras [HKLM\SYSTEM\CurrentControlSet\Control\Class\{cdcf0939-b75b-4630-bf76-80f7ba655884}] : (CFSMetadataServer) [] -> @c_fscfsmetadataserver.inf,%ClassDesc%;FS CFS metadata server filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{ce5939ae-ebde-11d0-b181-0000f8753ec4}] : (MediumChanger) [] -> @%SystemRoot%\System32\StorProp.dll,-17003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d02bc3da-0c8e-4945-9bd5-f1883c226c8c}] : (SecurityEnhancer) [] -> @c_fssecurityenhancer.inf,%ClassDesc%;FS Security enhancer filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d421b08e-6d16-41ca-9c4d-9147e5ac98e0}] : (Miracast) [] -> @miradisp.inf,%ClassName%;Miracast display devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d48179be-ec20-11d1-b6b8-00c04fa372a7}] : (SBP2) [] -> @%SystemRoot%\System32\SysClass.Dll,-3017 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d546500a-2aeb-45f6-9482-f4b1799c3177}] : (HSM) [] -> @c_fshsm.inf,%ClassDesc%;FS HSM filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d612553d-06b1-49ca-8938-e39ef80eb16f}] : (Holographic) [] -> @c_holographic.inf,%ClassName%;Mixed Reality devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d61ca365-5af4-4486-998b-9db4734c6ca3}] : (XnaComposite) [] -> @xusb22.inf,%XUSB22.ClassName%;Xbox 360 Peripherals [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d94ee5d8-d189-4994-83d2-f68d7d41b0e6}] : (SecurityDevices) [] -> @%SystemRoot%\System32\SysClass.Dll,-3020 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{db4f6ddd-9c0e-45e4-9597-78dbbad0f412}] : (SmartCardFilter) [] -> @%SystemRoot%\System32\SysClass.DLL,-3032 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e0cbf06c-cd8b-4647-bb8a-263b43f0f974}] : (Bluetooth) [] -> @%SystemRoot%\system32\bthci.dll,-4001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e2f84ce7-8efa-411c-aa69-97454ca4cb57}] : (Extension) [] -> @c_extension.inf,%ClassDesc%;Extensions [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e55fa6f9-128c-4d04-abab-630c74b1453a}] : (Infrastructure) [] -> @c_fsinfrastructure.inf,%ClassDesc%;FS Infrastructure filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e6f1aa1c-7f3b-4473-b2e8-c97d8ac71d53}] : (UCM) [] -> @c_ucm.inf,%ClassDesc%;USB Connector Managers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{eec5ad98-8080-425f-922a-dabf3de3f69a}] : (WPD) [] -> @%SystemRoot%\System32\wpd_ci.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f2e7dd72-6468-4e36-b6f1-6488f42c1b52}] : (Firmware) [] -> @c_firmware.inf,%ClassDesc%;Firmware [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f3586baf-b5aa-49b5-8d6c-0569284c639f}] : (Compression) [] -> @c_fscompression.inf,%ClassDesc%;FS Compression filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f75a86c0-10d8-4c3a-b233-ed60e4cdfaac}] : (Virtualization) [] -> @c_fsvirtualization.inf,%ClassDesc%;FS Virtualization filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f8ecafa6-66d1-41a5-899b-66585d7216b7}] : (OpenFileBackup) [] -> @c_fsopenfilebackup.inf,%ClassDesc%;FS Open file backup filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{fe8f1572-c67a-48c0-bbac-0b5c6d66cafb}] : (Undelete) [] -> @c_fsundelete.inf,%ClassDesc%;FS Undelete filters [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5] -> elstrans.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) ---------- | Loaded modules (whitelist) [16/12/2019 23:42:47] - (26.21.14.4166) - (NVIDIA Corporation - NVIDIA Windows Kernel Mode Driver, Version 441.66) - C:\WINDOWS\System32\DriverStore\FileRepository\nv_desktop_ref4i.inf_amd64_8e9ea337ab83d6e3\nvlddmkm.sys [26/11/2016 08:37:30] - (4.5.0.6) - (GenesysLogic - GeneStor) - C:\WINDOWS\system32\DRIVERS\GeneStor.sys [23/04/2019 19:54:44] - (4.13.0.0) - (NVIDIA Corporation - NVIDIA Virtual Audio Driver) - C:\WINDOWS\system32\drivers\nvvad64v.sys [05/09/2019 21:41:47] - (303.0.0.0) - (NVIDIA Corporation - Virtual USB Host Controller driver) - C:\WINDOWS\System32\drivers\nvvhci.sys [30/10/2016 08:33:02] - (3.4.0.0) - (Disc Soft Ltd - DAEMON Tools Lite Virtual USB Bus Driver) - C:\WINDOWS\System32\drivers\dtliteusbbus.sys [30/10/2016 08:32:53] - (5.28.0.0) - (Disc Soft Ltd - DAEMON Tools Lite Virtual SCSI Bus Driver) - C:\WINDOWS\System32\drivers\dtlitescsibus.sys [05/09/2019 21:41:47] - (1.3.38.21) - (NVIDIA Corporation - NVIDIA HDMI Audio Driver) - C:\WINDOWS\system32\drivers\nvhda64v.sys ---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service S0 - [Kernel Driver] - 3ware () -> System32\drivers\3ware.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - ACPI (@acpi.inf,%ACPI.SvcDesc%;Microsoft ACPI Driver) -> System32\drivers\ACPI.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - acpiex (Microsoft ACPIEx Driver) -> System32\Drivers\acpiex.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - ADP80XX () -> System32\drivers\ADP80XX.SYS - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdsata () -> System32\drivers\amdsata.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdsbs () -> System32\drivers\amdsbs.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdxata () -> System32\drivers\amdxata.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - arcsas (@arcsas.inf,%arcsas_ServiceName%;Adaptec SAS/SATA-II RAID Storport's Miniport Driver) -> System32\drivers\arcsas.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - aswArDisk (aswArDisk) -> system32\drivers\aswArDisk.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - aswbidsh (aswbidsh) -> system32\drivers\aswbidsh.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - aswbuniv (aswbuniv) -> system32\drivers\aswbuniv.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - aswElam (aswElam) -> system32\drivers\aswElam.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - aswRvrt (aswRvrt) -> system32\drivers\aswRvrt.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - aswVmm (aswVmm) -> system32\drivers\aswVmm.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - atapi (@mshdc.inf,%idechannel.DeviceDesc%;IDE Channel) -> System32\drivers\atapi.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - b06bdrv (@netbvbda.inf,%vbd_srv_desc%;QLogic Network Adapter VBD) -> System32\drivers\bxvbda.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - bttflt (@virtdisk.inf,%service_desc%;Microsoft Hyper-V VHDPMEM BTT Filter) -> System32\drivers\bttflt.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - cht4iscsi () -> System32\drivers\cht4sx64.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - CLFS (@%SystemRoot%\system32\drivers\clfs.sys,-100) -> System32\drivers\CLFS.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - CNG () -> System32\Drivers\cng.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - disk (@disk.inf,%disk_ServiceDesc%;Pilote de disque) -> System32\drivers\disk.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - ebdrv (@netevbda.inf,%vbd_srv_desc%;QLogic 10 Gigabit Ethernet Adapter VBD) -> System32\drivers\evbda.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - EhStorClass (@%SystemRoot%\system32\drivers\EhStorClass.sys,-100) -> System32\drivers\EhStorClass.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - EhStorTcgDrv (@ehstortcgdrv.inf,%EhStorTcgDrv.Desc%;Microsoft driver for storage devices supporting IEEE 1667 and TCG protocols) -> System32\drivers\EhStorTcgDrv.sys - AcceptPause: False - AcceptStop: False R0 - [File System Driver] - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) -> System32\drivers\fileinfo.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) -> system32\drivers\fltmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) -> System32\DRIVERS\fvevol.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - HpSAMD () -> System32\drivers\HpSAMD.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) -> System32\drivers\hwpolicy.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - iaStorA () -> System32\drivers\iaStorA.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - iaStorAVC (@iastorav.inf,%iaStorAVC.DeviceDesc%;Intel Chipset SATA RAID Controller) -> System32\drivers\iaStorAVC.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - iaStorV (@iastorv.inf,%*PNP0600.DeviceDesc%;Intel RAID Controller Windows 7) -> System32\drivers\iaStorV.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - intelide () -> System32\drivers\intelide.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - intelpep (@intelpep.inf,%INTELPEP.SVCDESC%;Intel(R) Power Engine Plug-in Driver) -> System32\drivers\intelpep.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - iorate (@%SystemRoot%\system32\drivers\iorate.sys,-101) -> system32\drivers\iorate.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - isapnp () -> System32\drivers\isapnp.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - ItSas35i () -> System32\drivers\ItSas35i.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - KSecDD () -> System32\Drivers\ksecdd.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - KSecPkg () -> System32\Drivers\ksecpkg.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - LSI_SAS () -> System32\drivers\lsi_sas.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SAS2i () -> System32\drivers\lsi_sas2i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SAS3i () -> System32\drivers\lsi_sas3i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SSS () -> System32\drivers\lsi_sss.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasas () -> System32\drivers\megasas.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasas2i () -> System32\drivers\MegaSas2i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasas35i () -> System32\drivers\megasas35i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasr () -> System32\drivers\megasr.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) -> System32\drivers\mountmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - msisadrv () -> System32\drivers\msisadrv.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - Mup (@%systemroot%\system32\drivers\mup.sys,-101) -> System32\Drivers\mup.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - mvumis () -> System32\drivers\mvumis.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) -> system32\drivers\ndis.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - nvraid () -> System32\drivers\nvraid.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - nvstor () -> System32\drivers\nvstor.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) -> System32\drivers\partmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - pci (@pci.inf,%pci_svcdesc%;Pilote de bus PCI) -> System32\drivers\pci.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - pciide () -> System32\drivers\pciide.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - pcmcia () -> System32\drivers\pcmcia.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - pcw (Performance Counters for Windows Driver) -> System32\drivers\pcw.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - pdc (@%SystemRoot%\system32\drivers\pdc.sys,-100) -> system32\drivers\pdc.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - percsas2i () -> System32\drivers\percsas2i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - percsas3i () -> System32\drivers\percsas3i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - Ramdisk (Windows RAM Disk Driver) -> system32\DRIVERS\ramdisk.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - rdyboost (ReadyBoost) -> System32\drivers\rdyboost.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - sbp2port (@sbp2.inf,%sbp2_ServiceDesc%;SBP-2 Transport/Protocol Bus Driver) -> System32\drivers\sbp2port.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - scmbus (@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver) -> System32\drivers\scmbus.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - SgrmAgent (@%SystemRoot%\System32\Drivers\SgrmAgent.sys,-1001) -> system32\drivers\SgrmAgent.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - SiSRaid2 () -> System32\drivers\SiSRaid2.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - SiSRaid4 () -> System32\drivers\sisraid4.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - SmartSAMD () -> System32\drivers\SmartSAMD.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - spaceport (@spaceport.inf,%Spaceport_ServiceDesc%;Storage Spaces Driver) -> System32\drivers\spaceport.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - stexstor () -> System32\drivers\stexstor.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storahci (@mshdc.inf,%storahci_ServiceDescription%;Microsoft Standard SATA AHCI Driver) -> System32\drivers\storahci.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storflt (@wstorflt.inf,%service_desc%;Microsoft Hyper-V Storage Accelerator) -> System32\drivers\vmstorfl.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - stornvme (@stornvme.inf,%StorNVMe_ServiceDesc%;Microsoft Standard NVM Express Driver) -> System32\drivers\stornvme.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storufs (@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver) -> System32\drivers\storufs.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storvsc () -> System32\drivers\storvsc.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - Tcpip (@%SystemRoot%\system32\drivers\tcpip.sys,-10001) -> System32\drivers\tcpip.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - vdrvroot (@vdrvroot.inf,%vdrvroot_svcdesc%;Microsoft Virtual Drive Enumerator) -> System32\drivers\vdrvroot.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - vmbus (@wvmbus.inf,%vmbus.SVCDESC%;Virtual Machine Bus) -> System32\drivers\vmbus.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - volmgr (@volmgr.inf,%volmgr_svcdesc%;Volume Manager Driver) -> System32\drivers\volmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) -> System32\drivers\volmgrx.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volsnap (@%SystemRoot%\system32\drivers\volsnap.sys,-100) -> System32\drivers\volsnap.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volume (@volume.inf,%VolumeServiceDesc%;Volume driver) -> System32\drivers\volume.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - vsmraid () -> System32\drivers\vsmraid.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - VSTXRAID (@vstxraid.inf,%Driver.DeviceDesc%;VIA StorX Storage RAID Controller Windows Driver) -> System32\drivers\vstxraid.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) -> system32\drivers\Wdf01000.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WFPLWFS (@%SystemRoot%\System32\drivers\wfplwfs.sys,-6000) -> System32\drivers\wfplwfs.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WindowsTrustedRT (Windows Trusted Execution Environment Class Extension) -> system32\drivers\WindowsTrustedRT.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WindowsTrustedRTProxy (@WindowsTrustedRTProxy.inf,%WindowsTrustedRTProxy.SVCDESC%;Microsoft Windows Trusted Runtime Secure Service) -> System32\drivers\WindowsTrustedRTProxy.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - Wof (Windows Overlay File System Filter Driver) -> (?) - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - MbamElam (MbamElam) -> system32\DRIVERS\MbamElam.sys - AcceptPause: False - AcceptStop: False R1 - [Kernel Driver] - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) -> \SystemRoot\system32\drivers\afd.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - afunix (afunix) -> \SystemRoot\system32\drivers\afunix.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - ahcache (@%systemroot%\system32\drivers\ahcache.sys,-102) -> system32\DRIVERS\ahcache.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - aswArPot (aswArPot) -> system32\drivers\aswArPot.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - aswbidsdriver (aswbidsdriver) -> system32\drivers\aswbidsdriver.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - aswHdsKe (aswHdsKe) -> system32\drivers\aswHdsKe.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - aswKbd (aswKbd) -> system32\drivers\aswKbd.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - aswRdr (aswRdr) -> system32\drivers\aswRdr2.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - aswSnx (aswSnx) -> system32\drivers\aswSnx.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - aswSP (aswSP) -> system32\drivers\aswSP.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - bam (@%SystemRoot%\system32\drivers\bam.sys,-100) -> system32\drivers\bam.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - BasicDisplay () -> \SystemRoot\System32\DriverStore\FileRepository\basicdisplay.inf_amd64_307898c750ba9e44\BasicDisplay.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - BasicRender () -> \SystemRoot\System32\DriverStore\FileRepository\basicrender.inf_amd64_ba2a8de08ea0d469\BasicRender.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Beep (Beep) -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - cdrom (@cdrom.inf,%cdrom_ServiceDesc%;CD-ROM Driver) -> \SystemRoot\System32\drivers\cdrom.sys - AcceptPause: False - AcceptStop: True S1 - [Kernel Driver] - dam (@%SystemRoot%\system32\drivers\dam.sys,-100) -> system32\drivers\dam.sys - AcceptPause: False - AcceptStop: False R1 - [File System Driver] - Dfsc (@%systemroot%\system32\wkssvc.dll,-1008) -> System32\Drivers\dfsc.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - DXGKrnl (LDDM Graphics Subsystem) -> \SystemRoot\System32\drivers\dxgkrnl.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - FileCrypt (@%systemroot%\system32\drivers\filecrypt.sys,-100) -> system32\drivers\filecrypt.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - GpuEnergyDrv (@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100) -> System32\drivers\gpuenergydrv.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - Msfs () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - mssmbios (@mssmbios.inf,%mssmbios_svcdesc%;Microsoft System Management BIOS Driver) -> \SystemRoot\System32\drivers\mssmbios.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - NetBIOS (@%windir%\system32\drivers\netbios.sys,-503) -> system32\drivers\netbios.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - NetBT (@%SystemRoot%\system32\drivers\netbt.sys,-2) -> System32\DRIVERS\netbt.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - Npfs () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - npsvctrig (@npsvctrig.inf,%NPSVCTRIG.SvcDisplayName%;Named pipe service trigger provider) -> \SystemRoot\System32\drivers\npsvctrig.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) -> system32\drivers\nsiproxy.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Null () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Psched (@%windir%\System32\drivers\pacer.sys,-101) -> System32\drivers\pacer.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) -> system32\DRIVERS\rdbss.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) -> \SystemRoot\system32\DRIVERS\tdx.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - vwififlt (@%SystemRoot%\System32\drivers\vwififlt.sys,-259) -> System32\drivers\vwififlt.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - aswMonFlt (aswMonFlt) -> system32\drivers\aswMonFlt.sys - AcceptPause: False - AcceptStop: True S2 - [Kernel Driver] - aswStm (aswStm) -> system32\drivers\aswStm.sys - AcceptPause: False - AcceptStop: False R2 - [File System Driver] - CldFlt (Windows Cloud Files Filter Driver) -> system32\drivers\cldflt.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - iocbios2 (iocbios2) -> \??\C:\Program Files (x86)\Intel\Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - lltdio (@%SystemRoot%\system32\lltdres.dll,-6) -> system32\drivers\lltdio.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) -> \SystemRoot\system32\drivers\luafv.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - MMCSS (@%systemroot%\system32\drivers\mmcss.sys,-100) -> \SystemRoot\system32\drivers\mmcss.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - MsLldp (@%SystemRoot%\system32\drivers\mslldp.sys,-200) -> system32\drivers\mslldp.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - Ndu (@%SystemRoot%\system32\drivers\Ndu.sys,-10001) -> system32\drivers\Ndu.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - PEAUTH (PEAUTH) -> system32\drivers\peauth.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - rspndr (@%SystemRoot%\system32\lltdres.dll,-5) -> system32\drivers\rspndr.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - srv (@%systemroot%\system32\srvsvc.dll,-102) -> System32\DRIVERS\srv.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - storqosflt (@%SystemRoot%\System32\drivers\storqosflt.sys,-101) -> system32\drivers\storqosflt.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - tcpipreg (TCP/IP Registry Compatibility) -> System32\drivers\tcpipreg.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - wanarp (@%systemroot%\system32\mprmsg.dll,-32011) -> System32\DRIVERS\wanarp.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - wcifs (@%systemroot%\system32\drivers\wcifs.sys,-100) -> \SystemRoot\system32\drivers\wcifs.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - MBAMChameleon (MBAMChameleon) -> \SystemRoot\System32\Drivers\MbamChameleon.sys - AcceptPause: False - AcceptStop: True ---------- | System files (Microsoft|Avast|Atheros|Adaptec|Brother|Intel Files whitelisted) ---------- | Uninstall (Whitelist) ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Dishonored 2_is1] : (Dishonored 2.-.) -> "C:\Program Files (x86)\Dishonored 2\unins000.exe" [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{05A331A8-339A-4FE3-94B7-59EE90797A84}] : (4K Video Downloader 4.9.-.Open Media LLC) -> MsiExec.exe /X{05A331A8-339A-4FE3-94B7-59EE90797A84} ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{12DCC5A7-0100-4433-B4FF-217A3C5DC83B}] : (MergeModule_x64.-.Sony Corporation) -> MsiExec.exe /I{12DCC5A7-0100-4433-B4FF-217A3C5DC83B} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{41A4E9B4-C041-42A3-8797-C49174201247}] : (Gadwin PrintScreenPro (64-Bit).-.Gadwin Systems) -> MsiExec.exe /X{41A4E9B4-C041-42A3-8797-C49174201247} ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{8C91A5EB-2C62-4A6D-8802-CC79FD2ED390}] : (Intel(R) Chipset Device Software.-.Intel Corporation) -> MsiExec.exe /I{8C91A5EB-2C62-4A6D-8802-CC79FD2ED390} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}] : (Dolby Digital Plus Advanced Audio.-.Dolby Laboratories Inc) -> MsiExec.exe /X{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2} ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel] : (NVIDIA Ansel.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel] : (Panneau de configuration NVIDIA 441.66.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus] : (NVIDIA Optimus Update 38.0.2.0.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update] : (Mises à jour NVIDIA 38.0.2.0.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv] : (NVIDIA SHIELD Streaming.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer] : (NVIDIA Install Application.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvAbHub] : (NVIDIA ABHub.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvBackend] : (NVIDIA Backend.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer] : (NVIDIA Container.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.ContainerTelemetryApiHelper] : (NVIDIA TelemetryApi helper for NvContainer.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.LocalSystem] : (NVIDIA LocalSystem Container.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.MessageBus] : (NVIDIA Message Bus for NvContainer.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NetworkService] : (NVIDIA NetworkService Container.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor] : (NVAPI Monitor plugin for NvContainer.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.Session] : (NVIDIA Session Container.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.User] : (NVIDIA User Container.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainer] : (NVIDIA Display Container.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainerLS] : (NVIDIA Display Container LS.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayPluginWatchdog] : (NVIDIA Display Watchdog Plugin.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplaySessionContainer] : (NVIDIA Display Session Container.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs] : (NVIDIA NodeJS.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvPlugin.Watchdog] : (NVIDIA Watchdog Plugin for NvContainer.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry] : (NVIDIA Telemetry Client.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci] : (NVIDIA Virtual Host Controller.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_OSC] : (Nvidia Share.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay] : (NVIDIA ShadowPlay 3.20.1.57.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController] : (NVIDIA SHIELD Wireless Controller Driver.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core] : (NVIDIA Update Core.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver] : (NVIDIA Virtual Audio 4.13.0.0.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B5E06417-A4AC-4225-B36E-7E34C91616E7}] : (Intel® Trusted Connect Service Client.-.Intel Corporation) -> MsiExec.exe /I{B5E06417-A4AC-4225-B36E-7E34C91616E7} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{D3536C71-00CD-457F-8624-CBD51FD43F1C}] : (DriversCloud.com (64 bits).-.Cybelsoft) -> MsiExec.exe /X{D3536C71-00CD-457F-8624-CBD51FD43F1C} ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{EBE12EC7-60DF-41C2-AAC8-0B2586F15C96}] : (Intel(R) Rapid Storage Technology.-.Intel Corporation) -> MsiExec.exe /I{EBE12EC7-60DF-41C2-AAC8-0B2586F15C96} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\1267008497_is1] : (Shadow Warrior 2 Pre-order Exclusive.-.GOG.com) -> "C:\GOG Games\Shadow Warrior 2\unins001.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\1434021265_is1] : (Shadow Warrior 2.-.GOG.com) -> "C:\GOG Games\Shadow Warrior 2\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Batman Arkham Knight - Patch FR 1.00] : (Batman Arkham Knight - Patch FR 1.00.-.TraductionJeux.com) -> C:\Program Files (x86)\Batman Arkham Knight\Uninstall.exe ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Dragon Age Inquisition - Patch FR 1.00] : (Dragon Age Inquisition - Patch FR 1.00.-.TraductionJeux.com) -> C:\Program Files (x86)\Mr DJ\Dragon Age Inquisition Deluxe Edition\Uninstall.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Dragon Age Inquisition Deluxe Edition_is1] : (Dragon Age Inquisition Deluxe Edition version 1.11.0.0.-.Mr DJ) -> "C:\Program Files (x86)\Mr DJ\Dragon Age Inquisition Deluxe Edition\Uninstall\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\HITMAN - The Complete First Season_is1] : (HITMAN - The Complete First Season - Version 1.9.0.-.RePack by VickNet) -> "C:\Program Files (x86)\HITMAN - The Complete First Season\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Homefront: The Revolution_is1] : (Homefront: The Revolution.-.) -> "C:\Program Files (x86)\Homefront The Revolution\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield Uninstall Information] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Nioh Complete Edition_is1] : (Nioh Complete Edition.-.) -> "C:\Program Files (x86)\Nioh Complete Edition\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\R1JJREF1dG9zcG9ydA==_is1] : (GRID Autosport.-.) -> "C:\Program Files (x86)\GRID Autosport\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SoulCalibur 6_is1] : (SoulCalibur 6.-.) -> "C:\Games\SoulCalibur 6\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Titanfall 2_is1] : (Titanfall 2.-.) -> "C:\Program Files (x86)\Titanfall 2\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{048298C9-A4D3-490B-9FF9-AB023A9238F3}] : (Steam.-.Valve Corporation) -> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}] : (Cisco PEAP Module.-.Cisco Systems, Inc.) -> MsiExec.exe /I{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{10E33ABF-D7FB-4F47-900A-7973854AB45A}] : (Adobe AIR.-.Adobe) -> MsiExec.exe /I{10E33ABF-D7FB-4F47-900A-7973854AB45A} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{2FF2DF80-5077-4608-AAE0-E2B3C254B1C6}_is1] : (BDReader version 1.03.-.Vincent Crocher) -> "C:\Program Files (x86)\BDReader\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{3E1679DA-5081-44AA-B4C2-BF8EE7E107E0}] : (OpenOffice 4.1.3.-.Apache Software Foundation) -> MsiExec.exe /I{3E1679DA-5081-44AA-B4C2-BF8EE7E107E0} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{42251A8D-C4AE-4D3B-8A50-948CB98A0969}] : (MergeModule_x86.-.Sony Corporation) -> MsiExec.exe /I{42251A8D-C4AE-4D3B-8A50-948CB98A0969} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}] : (Google Update Helper.-.Google LLC) -> MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}] : (Cisco EAP-FAST Module.-.Cisco Systems, Inc.) -> MsiExec.exe /I{64BF0187-F3D2-498B-99EA-163AF9AE6EC9} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{7D3A0097-9E0E-4073-801C-295BBDAEAED8}] : (PMB_ServiceUploader.-.Sony Corporation) -> MsiExec.exe /I{7D3A0097-9E0E-4073-801C-295BBDAEAED8} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}] : (Google Update Helper.-.Google Inc.) -> MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AF312B06-5C5C-468E-89B3-BE6DE2645722}] : (Cisco LEAP Module.-.Cisco Systems, Inc.) -> MsiExec.exe /I{AF312B06-5C5C-468E-89B3-BE6DE2645722} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{B0E33297-78B1-4B37-B8C1-39150F2DEE43}_is1] : (Watch_Dogs 2.-.Ubisoft) -> "C:\Program Files (x86)\Watch_Dogs 2\unins000.exe" ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{B88AD4F5-58A6-425D-9282-92228FEB7067}] : (Lenovo Silver Silk Wireless Keyboard.-.Lenovo) -> MsiExec.exe /X{B88AD4F5-58A6-425D-9282-92228FEB7067} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}] : (Metric Collection SDK 35.-.Lenovo Group Limited) -> MsiExec.exe /X{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{C4EC5C21-E459-4164-9776-BA456540C08D}_is1] : (Batman Arkham Knight version 1.0.-.Warner Bros) -> "C:\Program Files (x86)\Batman Arkham Knight\unins000.exe" ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{D36F60BF-365F-4839-8CDC-A9A002E1FBA9}] : (Lenovo OneKey Overclocking.-.Intel Corporation) -> MsiExec.exe /I{D36F60BF-365F-4839-8CDC-A9A002E1FBA9} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{D3981248-DBE7-4050-B666-A7FE5AFFC62C}] : (PlayMemories Home.-.Sony Corporation) -> MsiExec.exe /X{D3981248-DBE7-4050-B666-A7FE5AFFC62C} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{E95982CA-945F-41F2-B156-A603897AB242}] : (PMB_ModeEditor.-.Sony Corporation) -> MsiExec.exe /I{E95982CA-945F-41F2-B156-A603897AB242} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{ED1E7C2D-2BD8-4000-AD10-837ABB6A478F}_is1] : (Prey.-.Bethesda Softworks) -> "C:\Program Files (x86)\Prey\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{EFB308FF-269F-4255-B26E-93CBED85DA5A}] : (MEDION GoPal Assistant.-.MEDION) -> MsiExec.exe /X{EFB308FF-269F-4255-B26E-93CBED85DA5A} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F0E0FFCA-FCC6-4584-8940-DB5EDCD55AFB}_is1] : (Ace Combat 7 - Skies Unknown.-.BANDAI NAMCO) -> "C:\Program Files (x86)\Ace Combat 7 - Skies Unknown\unins000.exe" ---------- | Ports ---------- | Installer [HKCR\Installer\Products\0557EB4C1ECED7147A781062D61C5F6A] : UpdateAssistant [HKCR\Installer\Products\0B5B5B2C545249E44BAB45D8B40F1B69] : Metric Collection SDK 35 [HKCR\Installer\Products\17C6353DDC00F7546842BC5DF14DF3C1] : DriversCloud.com (64 bits) -> C:\WINDOWS\Installer\{D3536C71-00CD-457F-8624-CBD51FD43F1C}\maconfico [HKCR\Installer\Products\2D6F4B0BEA2FA1544969F6F2A698B723] : PowerDirector -> C:\WINDOWS\Installer\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}\ARPPRODUCTICON.exe [HKCR\Installer\Products\38E1FB04BE028D11795C00905C206085] : Power2Go -> C:\WINDOWS\Installer\{40BF1E83-20EB-11D8-97C5-0009C5020658}\ARPPRODUCTICON.exe [HKCR\Installer\Products\421D4F645E0221D4EB25CE71A7A7B424] : OneKey Recovery -> C:\WINDOWS\Installer\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}\ARPPRODUCTICON.exe [HKCR\Installer\Products\4B9E4A14140C3A2478794C1947022174] : Gadwin PrintScreenPro (64-Bit) -> C:\WINDOWS\Installer\{41A4E9B4-C041-42A3-8797-C49174201247}\ProductIcon [HKCR\Installer\Products\5AE8BD7C1C9CF8649BC0AC02C65A6CEB] : Lenovo Diagnostics Tool -> C:\WINDOWS\Installer\{C7DB8EA5-C9C1-468F-B90C-CA206CA5C6BE}\ARPPRODUCTICON.exe [HKCR\Installer\Products\5F4DA88B6A85D52429282922F8BE0776] : Lenovo Silver Silk Wireless Keyboard -> C:\WINDOWS\Installer\{B88AD4F5-58A6-425D-9282-92228FEB7067}\ARPPRODUCTICON.exe [HKCR\Installer\Products\60B213FAC5C5E864983BEBD62E467522] : Cisco LEAP Module [HKCR\Installer\Products\63ACBD2914B91DD449A1EA1D94DD730F] : Windows Mobile Device Center Driver Update -> C:\WINDOWS\Installer\{92DBCA36-9B41-4DD1-941A-AED149DD37F0}\WindowsMobileDeviceCenter.ico [HKCR\Installer\Products\6E0FE4A0219AEDC47A3FE6657E1CA3F2] : Cisco PEAP Module [HKCR\Installer\Products\71460E5BCA4A52243BE6E7439C61617E] : Intel® Trusted Connect Service Client [HKCR\Installer\Products\7810FB462D3FB89499AE61A39FEAE69C] : Cisco EAP-FAST Module [HKCR\Installer\Products\7900A3D7E0E9370408C192B5DBEAEA8D] : PMB_ServiceUploader [HKCR\Installer\Products\7A5CCD21001033444BFF12A7C3D58CB3] : MergeModule_x64 [HKCR\Installer\Products\7CE21EBEFD062C14AA8CB052681FC569] : Intel(R) Rapid Storage Technology [HKCR\Installer\Products\8421893D7EBD05046B667AEFA5FF6CC2] : PlayMemories Home [HKCR\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E] : Google Update Helper [HKCR\Installer\Products\9C8928403D4AB094F99FBA20A329833F] : Steam [HKCR\Installer\Products\A089CE062ADB6BC44A720BA745894BAC] : Google Update Helper [HKCR\Installer\Products\AC28959EF5492F141B656A3098A72B24] : PMB_ModeEditor [HKCR\Installer\Products\AD9761E31805AA444B2CFBE87E1E700E] : OpenOffice 4.1.3 -> C:\WINDOWS\Installer\{3E1679DA-5081-44AA-B4C2-BF8EE7E107E0}\soffice.ico [HKCR\Installer\Products\BE5A19C826C2D6A48820CC97DFE23D09] : Intel(R) Chipset Device Software [HKCR\Installer\Products\C9335768C821DD4438FBA0D5A6DB2879] : Lenovo System Update -> C:\Program Files (x86)\Lenovo\System Update\Tvsu.exe [HKCR\Installer\Products\D8A15224EA4CB3D4A80549C89BA89096] : MergeModule_x86 [HKCR\Installer\Products\DE532CED4A8571542A874CE1D8EABAB3] : PowerDVD -> C:\WINDOWS\Installer\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\ARPPRODUCTICON.exe [HKCR\Installer\Products\E128CD23D7A48784EB8E33F71A357D2F] : Update for Windows 10 for x64-based Systems (KB4023057) [HKCR\Installer\Products\EE05E855D2E5A9744A55A828161985B3] : Lenovo Solution Center -> C:\WINDOWS\Installer\{558E50EE-5E2D-479A-A455-8A826191583B}\ARPPRODUCTICON.exe [HKCR\Installer\Products\F36CFB0B70AEE91469B0F32BDED50D2B] : Dolby Digital Plus Advanced Audio -> C:\WINDOWS\Installer\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}\DolbyBlue.exe [HKCR\Installer\Products\FB06F63DF5639384C8CD9A0A201EBF9A] : Lenovo OneKey Overclocking [HKCR\Installer\Products\FBA33E01BF7D74F409A0973758A44BA5] : Adobe AIR [HKCR\Installer\Products\FF803BFEF96255242BE639BCDE58ADA5] : MEDION GoPal Assistant -> C:\WINDOWS\Installer\{EFB308FF-269F-4255-B26E-93CBED85DA5A}\DesktopIcon.exe ---------- | ADS ---------- | Drives ---------- | MBR 64 bits not supported by MBR.exe, Dump : C:\QuickDiag\MBR.Bin ---------- | 20 LastEventLog Nom de l’application défaillante backgroundTaskHost.exe, version : 10.0.18362.1, horodatage : 0x533f8404 Nom du module défaillant : twinapi.appcore.dll, version : 10.0.18362.1, horodatage : 0x42f071ca Code d’exception : 0xc000027b Décalage d’erreur : 0x00000000000d5cc8 ID du processus défaillant : 0x23f4 Heure de début de l’application défaillante : 0x01d5bd03333ac0f4 Chemin d’accès de l’application défaillante : C:\WINDOWS\system32\backgroundTaskHost.exe Chemin d’accès du module défaillant: C:\Windows\System32\twinapi.appcore.dll ID de rapport : bbbd8e48-5722-4798-b372-1a6368126837 Nom complet du package défaillant : Microsoft.MicrosoftOfficeHub_18.1910.1283.0_x64__8wekyb3d8bbwe ID de l’application relative au package défaillant : Microsoft.MicrosoftOfficeHub ------------ svchost (12296,R,98) TILEREPOSITORYS-1-5-18: L’erreur -1023 (0xfffffc01) s’est produite lors de l’ouverture d’un fichier journal C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. ------------ Nom de l’application défaillante CHXSmartScreen.exe, version : 10.0.18362.329, horodatage : 0x5d65fa38 Nom du module défaillant : edgehtml.dll, version : 11.0.18362.449, horodatage : 0x16d87cfd Code d’exception : 0x80070005 Décalage d’erreur : 0x0000000000547b8e ID du processus défaillant : 0xbfc Heure de début de l’application défaillante : 0x01d5bd01e3e042a5 Chemin d’accès de l’application défaillante : C:\WINDOWS\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe Chemin d’accès du module défaillant: C:\WINDOWS\SYSTEM32\edgehtml.dll ID de rapport : 53bd5421-ac5d-477c-9f92-ae87f303ce44 Nom complet du package défaillant : Microsoft.Windows.Apprep.ChxApp_1000.18362.449.0_neutral_neutral_cw5n1h2txyewy ID de l’application relative au package défaillant : App ------------ Nom de l’application défaillante CHXSmartScreen.exe, version : 10.0.18362.329, horodatage : 0x5d65fa38 Nom du module défaillant : edgehtml.dll, version : 11.0.18362.449, horodatage : 0x16d87cfd Code d’exception : 0x80070005 Décalage d’erreur : 0x0000000000547b8e ID du processus défaillant : 0x2bf0 Heure de début de l’application défaillante : 0x01d5bd01d43e78af Chemin d’accès de l’application défaillante : C:\WINDOWS\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe Chemin d’accès du module défaillant: C:\WINDOWS\SYSTEM32\edgehtml.dll ID de rapport : aaf6c75b-57a7-40b3-a5c0-c45dbe0399ca Nom complet du package défaillant : Microsoft.Windows.Apprep.ChxApp_1000.18362.449.0_neutral_neutral_cw5n1h2txyewy ID de l’application relative au package défaillant : App ------------ Nom de l’application défaillante backgroundTaskHost.exe, version : 10.0.18362.1, horodatage : 0x533f8404 Nom du module défaillant : twinapi.appcore.dll, version : 10.0.18362.1, horodatage : 0x42f071ca Code d’exception : 0xc000027b Décalage d’erreur : 0x00000000000d5cc8 ID du processus défaillant : 0x3180 Heure de début de l’application défaillante : 0x01d5bd0176431986 Chemin d’accès de l’application défaillante : C:\WINDOWS\system32\backgroundTaskHost.exe Chemin d’accès du module défaillant: C:\Windows\System32\twinapi.appcore.dll ID de rapport : 6e0b5397-e54b-4aee-a1cb-67c0c95a1ffc Nom complet du package défaillant : Microsoft.MicrosoftOfficeHub_18.1910.1283.0_x64__8wekyb3d8bbwe ID de l’application relative au package défaillant : Microsoft.MicrosoftOfficeHub ------------ Nom de l’application défaillante MicrosoftEdge.exe, version : 11.0.18362.476, horodatage : 0x5dbcf96f Nom du module défaillant : EMODEL.dll, version : 11.0.18362.535, horodatage : 0x5ddf5c33 Code d’exception : 0xc0000409 Décalage d’erreur : 0x00000000001c5873 ID du processus défaillant : 0x1df0 Heure de début de l’application défaillante : 0x01d5bcffef682355 Chemin d’accès de l’application défaillante : C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe Chemin d’accès du module défaillant: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\EMODEL.dll ID de rapport : 0ded6749-5805-455f-b098-ded154cd4937 Nom complet du package défaillant : Microsoft.MicrosoftEdge_44.18362.449.0_neutral__8wekyb3d8bbwe ID de l’application relative au package défaillant : MicrosoftEdge ------------ Nom de l’application défaillante backgroundTaskHost.exe, version : 10.0.18362.1, horodatage : 0x533f8404 Nom du module défaillant : twinapi.appcore.dll, version : 10.0.18362.1, horodatage : 0x42f071ca Code d’exception : 0xc000027b Décalage d’erreur : 0x00000000000d5cc8 ID du processus défaillant : 0x234 Heure de début de l’application défaillante : 0x01d5bcff49fb33ee Chemin d’accès de l’application défaillante : C:\WINDOWS\system32\backgroundTaskHost.exe Chemin d’accès du module défaillant: C:\Windows\System32\twinapi.appcore.dll ID de rapport : 2a37f573-c488-45c6-95fe-8f04073283c5 Nom complet du package défaillant : Microsoft.MicrosoftOfficeHub_18.1910.1283.0_x64__8wekyb3d8bbwe ID de l’application relative au package défaillant : Microsoft.MicrosoftOfficeHub ------------ svchost (2188,R,98) TILEREPOSITORYS-1-5-18: L’erreur -1023 (0xfffffc01) s’est produite lors de l’ouverture d’un fichier journal C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. ------------ svchost (1092,R,98) TILEREPOSITORYS-1-5-18: L’erreur -1023 (0xfffffc01) s’est produite lors de l’ouverture d’un fichier journal C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. ------------ svchost (5492,R,98) TILEREPOSITORYS-1-5-18: L’erreur -1023 (0xfffffc01) s’est produite lors de l’ouverture d’un fichier journal C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. ------------ Product: Avast Update Helper -- Error 1316. Le compte spécifié existe déjà. ------------ Nom de l’application défaillante backgroundTaskHost.exe, version : 10.0.18362.1, horodatage : 0x533f8404 Nom du module défaillant : twinapi.appcore.dll, version : 10.0.18362.1, horodatage : 0x42f071ca Code d’exception : 0xc000027b Décalage d’erreur : 0x00000000000d5cc8 ID du processus défaillant : 0x329c Heure de début de l’application défaillante : 0x01d5bcfc4a861720 Chemin d’accès de l’application défaillante : C:\WINDOWS\system32\backgroundTaskHost.exe Chemin d’accès du module défaillant: C:\Windows\System32\twinapi.appcore.dll ID de rapport : 6b8a7277-2dcb-421a-9982-5790102056d0 Nom complet du package défaillant : Microsoft.MicrosoftOfficeHub_18.1910.1283.0_x64__8wekyb3d8bbwe ID de l’application relative au package défaillant : Microsoft.MicrosoftOfficeHub ------------ Erreur lors de la mise à jour du statut (unknown) vers SECURITY_PRODUCT_STATE_ON. ------------ Security Center n'a pas pu valider l'appelant. Erreur DC040780. ------------ Nom de l’application défaillante StartMenuExperienceHost.exe, version : 0.0.0.0, horodatage : 0x5d65fb6a Nom du module défaillant : ucrtbase.dll, version : 10.0.18362.387, horodatage : 0x4361b720 Code d’exception : 0xc0000409 Décalage d’erreur : 0x000000000006db8e ID du processus défaillant : 0xe68 Heure de début de l’application défaillante : 0x01d5bcfbb853ebd1 Chemin d’accès de l’application défaillante : C:\WINDOWS\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe Chemin d’accès du module défaillant: C:\WINDOWS\System32\ucrtbase.dll ID de rapport : a2268fd0-1797-4dde-8fe0-b9d24e1d2359 Nom complet du package défaillant : Microsoft.Windows.StartMenuExperienceHost_10.0.18362.449_neutral_neutral_cw5n1h2txyewy ID de l’application relative au package défaillant : App ------------ Nom de l’application défaillante backgroundTaskHost.exe, version : 10.0.18362.1, horodatage : 0x533f8404 Nom du module défaillant : twinapi.appcore.dll, version : 10.0.18362.1, horodatage : 0x42f071ca Code d’exception : 0xc000027b Décalage d’erreur : 0x00000000000d5cc8 ID du processus défaillant : 0xd54 Heure de début de l’application défaillante : 0x01d5bcfb2cf07347 Chemin d’accès de l’application défaillante : C:\WINDOWS\system32\backgroundTaskHost.exe Chemin d’accès du module défaillant: C:\Windows\System32\twinapi.appcore.dll ID de rapport : d5c28135-66d5-4f0c-9e9b-6b8f2f1681f3 Nom complet du package défaillant : Microsoft.MicrosoftOfficeHub_18.1910.1283.0_x64__8wekyb3d8bbwe ID de l’application relative au package défaillant : Microsoft.MicrosoftOfficeHub ------------ Nom de l’application défaillante backgroundTaskHost.exe, version : 10.0.18362.1, horodatage : 0x533f8404 Nom du module défaillant : twinapi.appcore.dll, version : 10.0.18362.1, horodatage : 0x42f071ca Code d’exception : 0xc000027b Décalage d’erreur : 0x00000000000d5cc8 ID du processus défaillant : 0x31e8 Heure de début de l’application défaillante : 0x01d5bcf9148b632b Chemin d’accès de l’application défaillante : C:\WINDOWS\system32\backgroundTaskHost.exe Chemin d’accès du module défaillant: C:\Windows\System32\twinapi.appcore.dll ID de rapport : 54df179b-0c2d-4735-af4e-0a2366ab4f51 Nom complet du package défaillant : Microsoft.MicrosoftOfficeHub_18.1910.1283.0_x64__8wekyb3d8bbwe ID de l’application relative au package défaillant : Microsoft.MicrosoftOfficeHub ------------ svchost (10056,R,98) TILEREPOSITORYS-1-5-18: L’erreur -1023 (0xfffffc01) s’est produite lors de l’ouverture d’un fichier journal C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. ------------ Nom de l’application défaillante StartMenuExperienceHost.exe, version : 0.0.0.0, horodatage : 0x5d65fb6a Nom du module défaillant : StartTileData.dll, version : 10.0.18362.476, horodatage : 0x6cd9ef2a Code d’exception : 0xc0000005 Décalage d’erreur : 0x0000000000187a13 ID du processus défaillant : 0x2bf4 Heure de début de l’application défaillante : 0x01d5bcf7cc630e2d Chemin d’accès de l’application défaillante : C:\WINDOWS\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe Chemin d’accès du module défaillant: C:\WINDOWS\SYSTEM32\StartTileData.dll ID de rapport : 9cb1a1ce-32ab-444e-bb65-ad8fc6a31eb2 Nom complet du package défaillant : Microsoft.Windows.StartMenuExperienceHost_10.0.18362.449_neutral_neutral_cw5n1h2txyewy ID de l’application relative au package défaillant : App ------------ ----------( EOF)---------- - 5249 | 23:17:43