--------------- QuickDiag | g3n-h@ckm@n | V4_21.05.18.1 --------------- ----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 15/06/2018 20:03:32 Updated 21/05/2018 | 10.25 (GMT) by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Time Zone : (UTC+01:00) Bruxelles, Copenhague, Madrid, Paris [jeremy (Administrator)] - [JÉRÉMY] (S-1-5-21-3887153473-814642932-2301374465-1001) System: Microsoft Windows 10 Famille - - (10.0.16299) - BuildType: Multiprocessor Free - OSLanguage: 1036 (040c) -> (1709) System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True Boot : Microsoft Windows 10 Famille|C:\WINDOWS|\Device\Harddisk0\Partition4 Boot : Normal boot PC: X555LB - ASUSTeK COMPUTER INC. - IdNumber: F2N0CV25537307C - UUID: C82EC2DD-9F7C-0945-A9D3-74632AADF4BD Processor : X64 - 2397 Mhz - Intel(R) Core(TM) i7-5500U CPU @ 2.40GHz X555LB.204 - en|US|iso8859-1 - American Megatrends Inc. - S/N: F2N0CV25537307C - X555LB.204 - _ASUS_ - 1072009 CoreTemp : 29.8 Celsius ----------| Quick ---------- | SoundDevice Realtek High Definition Audio - Status: OK - Manufacturer: Realtek - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0233&SUBSYS_104319AD&REV_1000\4&20195F09&0&0001 NVIDIA Virtual Audio Device (Wave Extensible) (WDM) - Status: OK - Manufacturer: NVIDIA - PNPDeviceID: ROOT\UNNAMED_DEVICE\0000 Son Intel(R) pour écrans - Status: OK - Manufacturer: Intel(R) Corporation - PNPDeviceID: HDAUDIO\FUNC_01&VEN_8086&DEV_2808&SUBSYS_80860101&REV_1000\4&2ED2455B&0&0001 ---------- | Video NVIDIA GeForce 940M - Resolution: x - Colors: - RefreshRate: - Bits Per Pixel - DeviceID: VideoController1 - Drivers: C:\WINDOWS\System32\DriverStore\FileRepository\nvami.inf_amd64_c439a05226fc0e5c\nvldumdx.dll,C:\WINDOWS\System32\DriverStore\FileRepository\nvami.inf_amd64_c439a05226fc0e5c\nvldumdx.dll,C:\WINDOWS\System32\DriverStore\FileRepository\nvami.inf_amd64_c439a05226fc0e5c\nvldumdx.dll,C:\WINDOWS\System32\DriverStore\FileRepository\nvami.inf_amd64_c439a05226fc0e5c\nvldumdx.dll - PNPDeviceID: PCI\VEN_10DE&DEV_1347&SUBSYS_1A6D1043&REV_A2\4&375B0704&0&00E4 - AdapterCompatibility: NVIDIA - RAM: -2147483648 Intel(R) HD Graphics 5500 - Resolution: 1024x768 - Colors: 4294967296 - RefreshRate: 60 - 32 Bits Per Pixel - DeviceID: VideoController2 - Drivers: igdumdim64.dll,igd10iumd64.dll,igd10iumd64.dll,igd12umd64.dll - PNPDeviceID: PCI\VEN_8086&DEV_1616&SUBSYS_1A6D1043&REV_09\3&11583659&1&10 - AdapterCompatibility: Intel Corporation - RAM: 1073741824 Inegrated Video Chipset DeviceName: NVIDIA GeForce 940M - DriverVersion: 24.21.13.9793 - SpecificationVersion: 1025 ---------- | Codecs c:\windows\system32\l3codeca.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 84480 - Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK c:\windows\system32\msg711.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 25400 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\imaadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 34864 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msgsm32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 42480 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msvidc32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 38912 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 33296 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\iyuv_32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 53760 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 28672 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msrle32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 17920 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\tsbyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 16896 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\ff_vfw.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 92160 - Manufacturer: - Status: OK c:\windows\system32\frapsv64.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 105984 - Manufacturer: Beepa P/L - Status: OK ---------- | CPU CPU #1 value:0 % CPU #2 value:0 % CPU #3 value:7 % CPU #4 value:7 % Total Overall CPU Usage value:3 % ---------- | Network Realtek PCIe GBE Family Controller : SENT:0 bytes/sec / RECVD:0 bytes/sec Carte réseau Broadcom 802.11n : SENT:0 bytes/sec / RECVD:0 bytes/sec Overall -> SEND Maxium:3 bytes/sec, / RECEIVE Maximum:0 bytes/sec Microsoft Kernel Debug Network Adapter - - Microsoft - Status: - PnPID : ROOT\KDNIC\0000 Bluetooth Device (RFCOMM Protocol TDI) - - Microsoft - Status: - PnPID : BTH\MS_RFCOMM\6&6EF1875&2&0 WAN Miniport (L2TP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_L2TPMINIPORT WAN Miniport (PPTP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_PPTPMINIPORT WAN Miniport (PPPOE) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_PPPOEMINIPORT Bluetooth Device (Personal Area Network) - Ethernet 802.3 - Microsoft - Status: - PnPID : BTH\MS_BTHPAN\6&6EF1875&2&3 WAN Miniport (IPv6) - Ethernet 802.3 - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_NDISWANIPV6 WAN Miniport (Network Monitor) - Ethernet 802.3 - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_NDISWANBH WAN Miniport (IKEv2) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_AGILEVPNMINIPORT WAN Miniport (IP) - Ethernet 802.3 - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_NDISWANIP WAN Miniport (SSTP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_SSTPMINIPORT Carte réseau Broadcom 802.11n - Ethernet 802.3 - Broadcom - Status: - PnPID : PCI\VEN_14E4&DEV_4365&SUBSYS_667511AD&REV_01\000049FFFF8AD05300 Realtek PCIe GBE Family Controller - Ethernet 802.3 - Realtek - Status: - PnPID : PCI\VEN_10EC&DEV_8168&SUBSYS_200F1043&REV_10\25537307684CE00000 Microsoft Wi-Fi Direct Virtual Adapter - Ethernet 802.3 - Microsoft - Status: - PnPID : {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP_WFD\5&1FE736AF&9&24 NETGEAR WNA3100M N300 Wireless Mini USB Adapter - - - Status: - PnPID : avast! SecureLine TAP Adapter v3 - - TAP-Windows Provider V9 - Status: - PnPID : ROOT\NET\0000 ---------- | Memory RAM = Total (MB) : 8289 | Free (MB) : 4549 Pagefile = Total (MB) : 9600 | Free (MB) : 4875 Virtual = Total (MB) : 4194 | Free (MB) : 3872 Physical Memory 0 : Capacity: 4294967296 - ChannelA-DIMM0 - Posit.: - Manufacturer: Micron - PartNumber: MT41K512M8RH-125:E - S/N: 00000000 Physical Memory 1 : Capacity: 4294967296 - ChannelB-DIMM0 - Posit.: 1 - Manufacturer: Samsung - PartNumber: M471B5173DB0-YK0 - S/N: 93341BD6 ---------- | SID Users Administrateur : [S-1-5-21-3887153473-814642932-2301374465-500] DefaultAccount : [S-1-5-21-3887153473-814642932-2301374465-503] Invité : [S-1-5-21-3887153473-814642932-2301374465-501] jeremy : [S-1-5-21-3887153473-814642932-2301374465-1001] WDAGUtilityAccount : [S-1-5-21-3887153473-814642932-2301374465-504] Administrateurs : [S-1-5-32-544] IIS_IUSRS : [S-1-5-32-568] Invités : [S-1-5-32-546] Lecteurs des journaux d’événements : [S-1-5-32-573] System Managed Accounts Group : [S-1-5-32-581] Utilisateurs : [S-1-5-32-545] Utilisateurs de gestion à distance : [S-1-5-32-580] Utilisateurs de l’Analyseur de performances : [S-1-5-32-558] Utilisateurs du journal de performances : [S-1-5-32-559] Utilisateurs du modèle COM distribué : [S-1-5-32-562] WinRMRemoteWMIUsers__ : [S-1-5-21-3887153473-814642932-2301374465-1000] ---------- | SystemAccounts Name: Tout le monde - SID: S-1-1-0 - SIDType: 5 - Status: OK Name: LOCAL - SID: S-1-2-0 - SIDType: 5 - Status: OK Name: CREATEUR PROPRIETAIRE - SID: S-1-3-0 - SIDType: 5 - Status: OK Name: GROUPE CREATEUR - SID: S-1-3-1 - SIDType: 5 - Status: OK Name: CREATOR OWNER SERVER - SID: S-1-3-2 - SIDType: 5 - Status: OK Name: CREATOR GROUP SERVER - SID: S-1-3-3 - SIDType: 5 - Status: OK Name: DROITS DU PROPRIÉTAIRE - SID: S-1-3-4 - SIDType: 5 - Status: OK Name: LIGNE - SID: S-1-5-1 - SIDType: 5 - Status: OK Name: RESEAU - SID: S-1-5-2 - SIDType: 5 - Status: OK Name: TACHE - SID: S-1-5-3 - SIDType: 5 - Status: OK Name: INTERACTIF - SID: S-1-5-4 - SIDType: 5 - Status: OK Name: SERVICE - SID: S-1-5-6 - SIDType: 5 - Status: OK Name: ANONYMOUS LOGON - SID: S-1-5-7 - SIDType: 5 - Status: OK Name: Proxy - SID: S-1-5-8 - SIDType: 5 - Status: OK Name: Système - SID: S-1-5-18 - SIDType: 5 - Status: OK Name: ENTERPRISE DOMAIN CONTROLLERS - SID: S-1-5-9 - SIDType: 5 - Status: OK Name: SELF - SID: S-1-5-10 - SIDType: 5 - Status: OK Name: Utilisateurs authentifiés - SID: S-1-5-11 - SIDType: 5 - Status: OK Name: RESTRICTED - SID: S-1-5-12 - SIDType: 5 - Status: OK Name: UTILISATEUR TERMINAL SERVER - SID: S-1-5-13 - SIDType: 5 - Status: OK Name: REMOTE INTERACTIVE LOGON - SID: S-1-5-14 - SIDType: 5 - Status: OK Name: IUSR - SID: S-1-5-17 - SIDType: 5 - Status: OK Name: SERVICE LOCAL - SID: S-1-5-19 - SIDType: 5 - Status: OK Name: SERVICE RÉSEAU - SID: S-1-5-20 - SIDType: 5 - Status: OK Name: BUILTIN - SID: S-1-5-32 - SIDType: 3 - Status: OK ---------- | Drives C:\ -> [Fixed] | [OS] | Total : 372.6 Go | Free : 240.64 Go -> NTFS [SATA] D:\ -> [Fixed] | [Data] | Total : 542.8 Go | Free : 540.16 Go -> NTFS [SATA] Disk Usage Information [1 total Physical Disks] Physical Drive #0 [C:, D:] : Read:0 bytes/sec, Written:33,563 bytes/sec Max Read:0 bytes/sec, Max Write:33,563 bytes/sec Overall - Read Maximum:0 bytes/sec, Write Maximum:33,563 bytes/sec DeviceID: \\.\PHYSICALDRIVE0 - Status: OK - IDE - Fixed hard disk media - 5 Part. - PnPID : SCSI\DISK&VEN_HGST&PROD_HTS541010A9E6800\4&3AAF5741&0&000000 ---------- | Windows updates - Activation - License Test 1 : Windows Is Activated Test 2 : Possible Fixed Windows Volume License ---------- | Browsers IE : 11.0.16299.371 (© Microsoft Corporation. Tous droits réservés.) GC : 67.0.3396.87 (Copyright 2017 Google Inc.) Default : "C:\Program Files\Internet Explorer\iexplore.exe" ---------- | FlashPlayer FlashPlayer ActiveX : 30.0.0.113 FlashPlayer Plugin : 30.0.0.113 ---------- | Security AV : Windows Defender Disabled FW : Avast Antivirus Disabled WMI : OK WU: Windows Update Service [Manual(3)] = Running AS: Windows Defender [Manual(3)] = stopped WMI: Windows Management Instrumentation [Auto(2)] = Running ---------- | Running processes 488 | [Owner : Système | Parent : 4(System) | ?????] - (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (10.0.16299.15) = C:\WINDOWS\System32\smss.exe [29/09/2017 15:41:43] CPU Usage:0 % --> Command Line : 684 | [Owner : Système | Parent : 672() | ?????] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (10.0.16299.15) = C:\WINDOWS\System32\csrss.exe [29/09/2017 15:41:43] CPU Usage:0 % --> Command Line : 796 | [Owner : Système | Parent : 672() | ?????] - (.Microsoft Corporation - Application de démarrage de Windows.) - (10.0.16299.15) = C:\WINDOWS\System32\wininit.exe [29/09/2017 15:41:43] CPU Usage:0 % --> Command Line : 812 | [Owner : Système | Parent : 788() | ?????] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (10.0.16299.15) = C:\WINDOWS\System32\csrss.exe [29/09/2017 15:41:43] CPU Usage:0 % --> Command Line : 868 | [Owner : Système | Parent : 796(wininit.exe) | ?????] - (.Microsoft Corporation - Applications Services et Contrôleur.) - (10.0.16299.461) = C:\WINDOWS\System32\services.exe [07/06/2018 23:43:15] CPU Usage:0 % --> Command Line : 876 | [Owner : Système | Parent : 796(wininit.exe) | ?????] - (.Microsoft Corporation - Local Security Authority Process.) - (10.0.16299.15) = C:\WINDOWS\System32\lsass.exe [29/09/2017 15:41:43] CPU Usage:0 % --> Command Line : 984 | [Owner : Système | Parent : 788() | 8.71 Mo] - (.Microsoft Corporation - Application d’ouverture de session Windows.) - (10.0.16299.371) = C:\WINDOWS\System32\winlogon.exe [12/04/2018 08:03:36] CPU Usage:0 % --> Command Line : 372 | [Owner : Système | Parent : 868(services.exe) | 3.47 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\WINDOWS\System32\svchost.exe [29/09/2017 15:41:43] CPU Usage:0 % --> Command Line : 444 | [Owner : Système | Parent : 868(services.exe) | 26.73 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\WINDOWS\System32\svchost.exe [29/09/2017 15:41:43] CPU Usage:0 % --> Command Line : 592 | [Owner : SERVICE LOCAL | Parent : 868(services.exe) | 13.15 Mo] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (10.0.16299.15) = C:\WINDOWS\System32\WUDFHost.exe [29/09/2017 15:41:51] CPU Usage:0 % --> Command Line : 636 | [Owner : UMFD-1 | Parent : 984(winlogon.exe) | 7.72 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.16299.402) = C:\WINDOWS\System32\fontdrvhost.exe [09/05/2018 14:17:05] CPU Usage:0 % --> Command Line : 616 | [Owner : UMFD-0 | Parent : 796(wininit.exe) | 2.74 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.16299.402) = C:\WINDOWS\System32\fontdrvhost.exe [09/05/2018 14:17:05] CPU Usage:0 % --> Command Line : 1060 | [Owner : SERVICE RÉSEAU | Parent : 868(services.exe) | 11.43 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\WINDOWS\System32\svchost.exe [29/09/2017 15:41:43] CPU Usage:0 % --> Command Line : 1112 | [Owner : Système | Parent : 868(services.exe) | 6.91 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\WINDOWS\System32\svchost.exe [29/09/2017 15:41:43] CPU Usage:0 % --> Command Line : 1188 | [Owner : DWM-1 | Parent : 984(winlogon.exe) | 51.14 Mo] - (.Microsoft Corporation - Gestionnaire de fenêtres du Bureau.) - (10.0.16299.15) = C:\WINDOWS\System32\dwm.exe [29/09/2017 15:41:41] CPU Usage:0 % --> Command Line : 1344 | [Owner : SERVICE LOCAL | Parent : 868(services.exe) | 10.16 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\WINDOWS\System32\svchost.exe [29/09/2017 15:41:43] CPU Usage:0 % --> Command Line : 1384 | [Owner : Système | Parent : 868(services.exe) | 8.58 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\WINDOWS\System32\svchost.exe [29/09/2017 15:41:43] CPU Usage:0 % --> Command Line : 1420 | [Owner : SERVICE LOCAL | Parent : 868(services.exe) | 10.55 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\WINDOWS\System32\svchost.exe [29/09/2017 15:41:43] CPU Usage:0 % --> Command Line : 1580 | [Owner : SERVICE LOCAL | Parent : 868(services.exe) | 14.06 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\WINDOWS\System32\svchost.exe [29/09/2017 15:41:43] CPU Usage:0 % --> Command Line : 1612 | [Owner : Système | Parent : 868(services.exe) | 9.53 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\WINDOWS\System32\svchost.exe [29/09/2017 15:41:43] CPU Usage:0 % --> Command Line : 1636 | [Owner : SERVICE LOCAL | Parent : 868(services.exe) | 9.18 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\WINDOWS\System32\svchost.exe [29/09/2017 15:41:43] CPU Usage:0 % --> Command Line : 1672 | [Owner : Système | Parent : 868(services.exe) | 14.74 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\WINDOWS\System32\svchost.exe [29/09/2017 15:41:43] CPU Usage:0 % --> Command Line : 1732 | [Owner : Système | Parent : 868(services.exe) | 8.6 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\WINDOWS\System32\svchost.exe [29/09/2017 15:41:43] CPU Usage:0 % --> Command Line : 1784 | [Owner : SERVICE LOCAL | Parent : 868(services.exe) | 6.98 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\WINDOWS\System32\svchost.exe [29/09/2017 15:41:43] CPU Usage:0 % --> Command Line : 1836 | [Owner : Système | Parent : 868(services.exe) | 12.1 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.11.2374.2523) = C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [11/07/2017 17:03:26] CPU Usage:0 % --> Command Line : 1860 | [Owner : SERVICE LOCAL | Parent : 868(services.exe) | 6.89 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\WINDOWS\System32\svchost.exe [29/09/2017 15:41:43] CPU Usage:0 % --> Command Line : 1952 | [Owner : Système | Parent : 868(services.exe) | 5.33 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\WINDOWS\System32\svchost.exe [29/09/2017 15:41:43] CPU Usage:0 % --> Command Line : 1960 | [Owner : Système | Parent : 868(services.exe) | 87.83 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\WINDOWS\System32\svchost.exe [29/09/2017 15:41:43] CPU Usage:0 % --> Command Line : 1972 | [Owner : SERVICE LOCAL | Parent : 868(services.exe) | 7.28 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\WINDOWS\System32\svchost.exe [29/09/2017 15:41:43] CPU Usage:0 % --> Command Line : 1056 | [Owner : Système | Parent : 868(services.exe) | 8.68 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\WINDOWS\System32\svchost.exe [29/09/2017 15:41:43] CPU Usage:0 % --> Command Line : 1256 | [Owner : Système | Parent : 868(services.exe) | 7.92 Mo] - (.Intel Corporation - igfxCUIService Module.) - (6.15.10.4549) = C:\WINDOWS\System32\igfxCUIService.exe [30/11/2016 22:56:28] CPU Usage:0 % --> Command Line : 2056 | [Owner : Système | Parent : 868(services.exe) | 7.44 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\WINDOWS\System32\svchost.exe [29/09/2017 15:41:43] CPU Usage:0 % --> Command Line : 2064 | [Owner : SERVICE LOCAL | Parent : 868(services.exe) | 9.39 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\WINDOWS\System32\svchost.exe [29/09/2017 15:41:43] CPU Usage:0 % --> Command Line : 2104 | [Owner : Système | Parent : 868(services.exe) | 17.27 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\WINDOWS\System32\svchost.exe [29/09/2017 15:41:43] CPU Usage:0 % --> Command Line : 2176 | [Owner : Système | Parent : 868(services.exe) | 11.52 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\WINDOWS\System32\svchost.exe [29/09/2017 15:41:43] CPU Usage:0 % --> Command Line : 2220 | [Owner : SERVICE RÉSEAU | Parent : 868(services.exe) | 11.02 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\WINDOWS\System32\svchost.exe [29/09/2017 15:41:43] CPU Usage:0 % --> Command Line : 2408 | [Owner : SERVICE LOCAL | Parent : 868(services.exe) | 11.99 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\WINDOWS\System32\svchost.exe [29/09/2017 15:41:43] CPU Usage:0 % --> Command Line : 2448 | [Owner : Système | Parent : 1836(NVDisplay.Container.exe) | 26.44 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.11.2374.2523) = C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [11/07/2017 17:03:26] CPU Usage:0 % --> Command Line : 2532 | [Owner : SERVICE LOCAL | Parent : 868(services.exe) | 8.96 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\WINDOWS\System32\svchost.exe [29/09/2017 15:41:43] CPU Usage:0 % --> Command Line : 2552 | [Owner : SERVICE RÉSEAU | Parent : 868(services.exe) | 7.53 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\WINDOWS\System32\svchost.exe [29/09/2017 15:41:43] CPU Usage:0 % --> Command Line : 2560 | [Owner : SERVICE LOCAL | Parent : 868(services.exe) | 12.5 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\WINDOWS\System32\svchost.exe [29/09/2017 15:41:43] CPU Usage:0 % --> Command Line : 2568 | [Owner : SERVICE LOCAL | Parent : 868(services.exe) | 5.84 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\WINDOWS\System32\svchost.exe [29/09/2017 15:41:43] CPU Usage:0 % --> Command Line : 2816 | [Owner : SERVICE LOCAL | Parent : 868(services.exe) | 7.16 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\WINDOWS\System32\svchost.exe [29/09/2017 15:41:43] CPU Usage:0 % --> Command Line : 2892 | [Owner : SERVICE LOCAL | Parent : 868(services.exe) | 22.85 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\WINDOWS\System32\svchost.exe [29/09/2017 15:41:43] CPU Usage:0 % --> Command Line : 2920 | [Owner : Système | Parent : 868(services.exe) | 6.18 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\WINDOWS\System32\svchost.exe [29/09/2017 15:41:43] CPU Usage:0 % --> Command Line : 2948 | [Owner : Système | Parent : 868(services.exe) | 13.32 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\WINDOWS\System32\svchost.exe [29/09/2017 15:41:43] CPU Usage:0 % --> Command Line : 2992 | [Owner : Système | Parent : 868(services.exe) | 4.96 Mo] - (.ASUSTek Computer Inc. - ASLDR Service.) - (1.0.81.2) = C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe [26/03/2014 17:24:44] CPU Usage:0 % --> Command Line : 3000 | [Owner : Système | Parent : 868(services.exe) | ?????] - (.AVAST Software - Avast Service.) - (18.4.3895.0) = C:\Program Files\AVAST Software\Avast\AvastSvc.exe [08/06/2018 21:41:20] CPU Usage:0 % --> Command Line : 3016 | [Owner : Système | Parent : 868(services.exe) | 2.95 Mo] - (.ASUS - GFNEXSrv.) - (1.0.11.1) = C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [21/11/2011 16:19:50] CPU Usage:0 % --> Command Line : 3036 | [Owner : SERVICE LOCAL | Parent : 2920(svchost.exe) | 10.8 Mo] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (10.0.16299.15) = C:\WINDOWS\System32\dasHost.exe [29/09/2017 15:41:33] CPU Usage:0 % --> Command Line : 3044 | [Owner : Système | Parent : 868(services.exe) | 10.85 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\WINDOWS\System32\svchost.exe [29/09/2017 15:41:43] CPU Usage:0 % --> Command Line : 1656 | [Owner : Système | Parent : 868(services.exe) | 10.32 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\WINDOWS\System32\svchost.exe [29/09/2017 15:41:43] CPU Usage:0 % --> Command Line : 3076 | [Owner : SERVICE LOCAL | Parent : 868(services.exe) | 7.24 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\WINDOWS\System32\svchost.exe [29/09/2017 15:41:43] CPU Usage:0 % --> Command Line : 3804 | [Owner : Système | Parent : 868(services.exe) | 5.38 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\WINDOWS\System32\svchost.exe [29/09/2017 15:41:43] CPU Usage:0 % --> Command Line : 3896 | [Owner : SERVICE LOCAL | Parent : 868(services.exe) | 6.67 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\WINDOWS\System32\svchost.exe [29/09/2017 15:41:43] CPU Usage:0 % --> Command Line : 3928 | [Owner : SERVICE LOCAL | Parent : 868(services.exe) | 8.37 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\WINDOWS\System32\svchost.exe [29/09/2017 15:41:43] CPU Usage:0 % --> Command Line : 3936 | [Owner : SERVICE LOCAL | Parent : 868(services.exe) | 11.12 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\WINDOWS\System32\svchost.exe [29/09/2017 15:41:43] CPU Usage:0 % --> Command Line : 3968 | [Owner : SERVICE LOCAL | Parent : 868(services.exe) | 8.61 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\WINDOWS\System32\svchost.exe [29/09/2017 15:41:43] CPU Usage:0 % --> Command Line : 3544 | [Owner : SERVICE LOCAL | Parent : 868(services.exe) | 11.32 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\WINDOWS\System32\svchost.exe [29/09/2017 15:41:43] CPU Usage:0 % --> Command Line : 4376 | [Owner : Système | Parent : 868(services.exe) | 12.45 Mo] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.16299.371) = C:\WINDOWS\System32\spoolsv.exe [12/04/2018 08:03:18] CPU Usage:0 % --> Command Line : 4552 | [Owner : SERVICE RÉSEAU | Parent : 868(services.exe) | 7.61 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\WINDOWS\System32\svchost.exe [29/09/2017 15:41:43] CPU Usage:0 % --> Command Line : 4640 | [Owner : Système | Parent : 868(services.exe) | 30.22 Mo] - (.AVAST Software - Avast firewall service.) - (18.4.3895.0) = C:\Program Files\AVAST Software\Avast\afwServ.exe [11/06/2018 13:45:28] CPU Usage:0 % --> Command Line : 4744 | [Owner : Système | Parent : 868(services.exe) | 5.88 Mo] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - (1.824.26.5200) = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [09/02/2018 19:02:50] CPU Usage:0 % --> Command Line : 4768 | [Owner : Système | Parent : 868(services.exe) | 9.03 Mo] - (.- Wifi Service.) - (2.1.0.24) = C:\Program Files (x86)\NETGEAR\WNA3100M\WifiSvc.exe [28/12/2016 11:00:13] CPU Usage:0 % --> Command Line : 4788 | [Owner : Système | Parent : 868(services.exe) | 21.7 Mo] - (.ASUS Cloud Corporation - Asus WebStorage Windows Service.) - (1.0.0.0) = C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSWinService.exe [20/08/2014 07:14:40] CPU Usage:0 % --> Command Line : 4804 | [Owner : Système | Parent : 868(services.exe) | 6.51 Mo] - (.Broadcom Corporation. - Bluetooth Radio Management Support.) - (12.0.0.8048) = C:\WINDOWS\System32\BtwRSupportService.exe [08/12/2015 09:16:26] CPU Usage:0 % --> Command Line : 4812 | [Owner : Système | Parent : 868(services.exe) | 6.14 Mo] - (.Intel Corporation - Intel(R) Dynamic Platform and Thermal Framework.) - (8.1.10603.192) = C:\WINDOWS\SysWOW64\esif_uf.exe [13/02/2015 18:43:42] CPU Usage:0 % --> Command Line : 4820 | [Owner : Système | Parent : 868(services.exe) | 21.62 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.11.2402.8583) = C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [25/05/2018 12:27:33] CPU Usage:0 % --> Command Line : 4828 | [Owner : Système | Parent : 868(services.exe) | 5.03 Mo] - (.Dropbox, Inc. - Dropbox Service.) - (1.0.24.0) = C:\WINDOWS\System32\DbxSvc.exe [04/06/2018 12:18:30] CPU Usage:0 % --> Command Line : 4840 | [Owner : SERVICE LOCAL | Parent : 868(services.exe) | 22.31 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\WINDOWS\System32\svchost.exe [29/09/2017 15:41:43] CPU Usage:0 % --> Command Line : 4868 | [Owner : SERVICE LOCAL | Parent : 868(services.exe) | 6.74 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\WINDOWS\System32\svchost.exe [29/09/2017 15:41:43] CPU Usage:0 % --> Command Line : 4900 | [Owner : SERVICE RÉSEAU | Parent : 868(services.exe) | 12.48 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\WINDOWS\System32\svchost.exe [29/09/2017 15:41:43] CPU Usage:0 % --> Command Line : 4912 | [Owner : Système | Parent : 868(services.exe) | 25.19 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\WINDOWS\System32\svchost.exe [29/09/2017 15:41:43] CPU Usage:0 % --> Command Line : 4924 | [Owner : Système | Parent : 868(services.exe) | 6.33 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\WINDOWS\System32\svchost.exe [29/09/2017 15:41:43] CPU Usage:0 % --> Command Line : 4932 | [Owner : SERVICE RÉSEAU | Parent : 868(services.exe) | 11.95 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.11.2393.9975) = C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [11/07/2017 17:04:36] CPU Usage:0 % --> Command Line : 4940 | [Owner : SERVICE LOCAL | Parent : 868(services.exe) | 5.92 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\WINDOWS\System32\svchost.exe [29/09/2017 15:41:43] CPU Usage:0 % --> Command Line : 4952 | [Owner : Système | Parent : 868(services.exe) | 11.55 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\WINDOWS\System32\svchost.exe [29/09/2017 15:41:43] CPU Usage:0 % --> Command Line : 4960 | [Owner : Système | Parent : 868(services.exe) | 5.14 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\WINDOWS\System32\svchost.exe [29/09/2017 15:41:43] CPU Usage:0 % --> Command Line : 4968 | [Owner : Système | Parent : 868(services.exe) | 18.58 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\WINDOWS\System32\svchost.exe [29/09/2017 15:41:43] CPU Usage:0 % --> Command Line : 4976 | [Owner : Système | Parent : 868(services.exe) | 6.11 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\WINDOWS\System32\svchost.exe [29/09/2017 15:41:43] CPU Usage:0 % --> Command Line : 5092 | [Owner : Système | Parent : 868(services.exe) | 26.02 Mo] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.16299.402) = C:\WINDOWS\System32\SearchIndexer.exe [09/05/2018 14:17:05] CPU Usage:0 % --> Command Line : 4312 | [Owner : Système | Parent : 868(services.exe) | ?????] - (.Microsoft Corporation - Windows Security Health Service.) - (4.12.16299.309) = C:\WINDOWS\System32\SecurityHealthService.exe [14/03/2018 21:55:22] CPU Usage:0 % --> Command Line : 5204 | [Owner : SERVICE LOCAL | Parent : 868(services.exe) | 4.93 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\WINDOWS\System32\svchost.exe [29/09/2017 15:41:43] CPU Usage:0 % --> Command Line : 5524 | [Owner : Système | Parent : 868(services.exe) | 8.48 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\WINDOWS\System32\svchost.exe [29/09/2017 15:41:43] CPU Usage:0 % --> Command Line : 5588 | [Owner : Système | Parent : 868(services.exe) | 45.59 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\WINDOWS\System32\svchost.exe [29/09/2017 15:41:43] CPU Usage:0 % --> Command Line : 6440 | [Owner : SERVICE LOCAL | Parent : 868(services.exe) | 9.41 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\WINDOWS\System32\svchost.exe [29/09/2017 15:41:43] CPU Usage:0 % --> Command Line : 6940 | [Owner : SERVICE RÉSEAU | Parent : 868(services.exe) | 6.66 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\WINDOWS\System32\svchost.exe [29/09/2017 15:41:43] CPU Usage:0 % --> Command Line : 7120 | [Owner : SERVICE LOCAL | Parent : 868(services.exe) | 5.77 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\WINDOWS\System32\svchost.exe [29/09/2017 15:41:43] CPU Usage:0 % --> Command Line : 4112 | [Owner : SERVICE LOCAL | Parent : 868(services.exe) | 19.73 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\WINDOWS\System32\svchost.exe [29/09/2017 15:41:43] CPU Usage:0 % --> Command Line : 5448 | [Owner : Système | Parent : 2992(AsLdrSrv.exe) | 8.61 Mo] - (.ASUSTek Computer Inc. - HControl.) - (1.0.83.4) = C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe [26/05/2014 11:47:22] CPU Usage:0 % --> Command Line : 6412 | [Owner : jeremy | Parent : 4812(esif_uf.exe) | 4.41 Mo] - (.Intel Corporation - Intel(R) Dynamic Platform and Thermal Framework Utility Application.) - (8.1.10603.192) = C:\WINDOWS\Temp\DPTF\esif_assist_64.exe [15/06/2018 11:15:16] CPU Usage:0 % --> Command Line : 6628 | [Owner : jeremy | Parent : 4820(nvcontainer.exe) | 32.44 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.11.2402.8583) = C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [25/05/2018 12:27:33] CPU Usage:0 % --> Command Line : 3364 | [Owner : jeremy | Parent : 1732(svchost.exe) | 24.01 Mo] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.16299.15) = C:\WINDOWS\System32\sihost.exe [29/09/2017 15:41:31] CPU Usage:0 % --> Command Line : 6160 | [Owner : jeremy | Parent : 868(services.exe) | 20.66 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\WINDOWS\System32\svchost.exe [29/09/2017 15:41:43] CPU Usage:0 % --> Command Line : 5508 | [Owner : jeremy | Parent : 868(services.exe) | 30.62 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\WINDOWS\System32\svchost.exe [29/09/2017 15:41:43] CPU Usage:0 % --> Command Line : 7060 | [Owner : jeremy | Parent : 1672(svchost.exe) | 14.58 Mo] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.16299.15) = C:\WINDOWS\System32\taskhostw.exe [29/09/2017 15:42:01] CPU Usage:0 % --> Command Line : 7232 | [Owner : jeremy | Parent : 1672(svchost.exe) | 0.36 Mo] - (.ASUS - ACMON.) - (1.0.8.0) = C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [05/11/2014 14:44:30] CPU Usage:0 % --> Command Line : 7268 | [Owner : jeremy | Parent : 1672(svchost.exe) | 1.48 Mo] - (.ASUSTek Computer Inc. - ASUS USB Charger Plus.) - (4.0.2.0) = C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [11/09/2014 18:48:20] CPU Usage:0 % --> Command Line : 7384 | [Owner : SERVICE LOCAL | Parent : 868(services.exe) | 16.64 Mo] - (.Microsoft Corporation - PresentationFontCache.exe.) - (3.0.6920.8833) = C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe [02/02/2018 16:40:06] CPU Usage:0 % --> Command Line : 7500 | [Owner : Système | Parent : 868(services.exe) | 6.97 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\WINDOWS\System32\svchost.exe [29/09/2017 15:41:43] CPU Usage:0 % --> Command Line : 7564 | [Owner : Système | Parent : 868(services.exe) | 12.14 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\WINDOWS\System32\svchost.exe [29/09/2017 15:41:43] CPU Usage:0 % --> Command Line : 7612 | [Owner : jeremy | Parent : 7500(svchost.exe) | 12.55 Mo] - (.Microsoft Corporation - Chargeur CTF.) - (10.0.16299.15) = C:\WINDOWS\System32\ctfmon.exe [29/09/2017 15:42:00] CPU Usage:0 % --> Command Line : 7792 | [Owner : Système | Parent : 5448(HControl.exe) | 5.46 Mo] - (.ASUSTek Computer Inc. - KBFiltr.) - (1.0.67.1) = C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe [28/05/2012 12:04:48] CPU Usage:0 % --> Command Line : 7492 | [Owner : jeremy | Parent : 8188() | 126.26 Mo] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.16299.492) = C:\WINDOWS\explorer.exe [13/06/2018 13:11:10] CPU Usage:0 % --> Command Line : 7772 | [Owner : jeremy | Parent : 7728() | 6.77 Mo] - (.ASUSTek Computer Inc. - ATK Media.) - (2.0.20.2) = C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [23/06/2014 21:33:30] CPU Usage:0 % --> Command Line : 7816 | [Owner : jeremy | Parent : 7720() | 8.05 Mo] - (.ASUSTek Computer Inc. - ATKOSD2.) - (7.0.31.1) = C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [15/05/2014 17:23:42] CPU Usage:0 % --> Command Line : 2120 | [Owner : Système | Parent : 868(services.exe) | 9 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\WINDOWS\System32\svchost.exe [29/09/2017 15:41:43] CPU Usage:0 % --> Command Line : 8612 | [Owner : jeremy | Parent : 1672(svchost.exe) | 0.4 Mo] - (.Realtek Semiconductor - HD Audio Background Process.) - (1.0.0.222) = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [10/11/2015 07:19:30] CPU Usage:0 % --> Command Line : 8620 | [Owner : jeremy | Parent : 1672(svchost.exe) | 0.58 Mo] - (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) - (1.0.0.976) = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13/02/2015 18:52:01] CPU Usage:0 % --> Command Line : 8932 | [Owner : jeremy | Parent : 8480() | 10.07 Mo] - (.Intel Corporation - igfxEM Module.) - (6.15.10.4549) = C:\WINDOWS\System32\igfxEM.exe [30/11/2016 22:56:54] CPU Usage:0 % --> Command Line : 9064 | [Owner : jeremy | Parent : 8480() | 7.58 Mo] - (.Intel Corporation - igfxHK Module.) - (6.15.10.4549) = C:\WINDOWS\System32\igfxHK.exe [30/11/2016 22:57:14] CPU Usage:0 % --> Command Line : 4672 | [Owner : jeremy | Parent : 444(svchost.exe) | 58.29 Mo] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.16299.492) = C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [13/06/2018 13:11:02] CPU Usage:0 % --> Command Line : 8240 | [Owner : jeremy | Parent : 444(svchost.exe) | 23.87 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.16299.15) = C:\WINDOWS\System32\RuntimeBroker.exe [29/09/2017 15:41:25] CPU Usage:0 % --> Command Line : 8512 | [Owner : jeremy | Parent : 444(svchost.exe) | 55.9 Mo] - (.Microsoft Corporation - Search and Cortana application.) - (10.0.16299.492) = C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [13/06/2018 13:11:00] CPU Usage:0 % --> Command Line : 7896 | [Owner : jeremy | Parent : 444(svchost.exe) | 14.12 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.16299.15) = C:\WINDOWS\System32\RuntimeBroker.exe [29/09/2017 15:41:25] CPU Usage:0 % --> Command Line : 9040 | [Owner : SERVICE LOCAL | Parent : 868(services.exe) | 9.65 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\WINDOWS\System32\svchost.exe [29/09/2017 15:41:43] CPU Usage:0 % --> Command Line : 7260 | [Owner : jeremy | Parent : 444(svchost.exe) | 3.36 Mo] - (.Microsoft Corporation - Host Process for Setting Synchronization.) - (10.0.16299.492) = C:\WINDOWS\System32\SettingSyncHost.exe [13/06/2018 13:10:48] CPU Usage:0 % --> Command Line : 9768 | [Owner : jeremy | Parent : 444(svchost.exe) | 18.16 Mo] - (.Microsoft Corporation - System Settings Broker.) - (10.0.16299.15) = C:\WINDOWS\System32\SystemSettingsBroker.exe [29/09/2017 15:42:06] CPU Usage:0 % --> Command Line : 10124 | [Owner : SERVICE LOCAL | Parent : 868(services.exe) | 8.02 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\WINDOWS\System32\svchost.exe [29/09/2017 15:41:43] CPU Usage:0 % --> Command Line : 8792 | [Owner : jeremy | Parent : 868(services.exe) | 21.4 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\WINDOWS\System32\svchost.exe [29/09/2017 15:41:43] CPU Usage:0 % --> Command Line : 3888 | [Owner : Système | Parent : 868(services.exe) | 8.08 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\WINDOWS\System32\svchost.exe [29/09/2017 15:41:43] CPU Usage:0 % --> Command Line : 8344 | [Owner : jeremy | Parent : 9668() | 38.55 Mo] - (.AVAST Software - Avast Antivirus.) - (18.4.3895.327) = C:\Program Files\AVAST Software\Avast\AvastUI.exe [11/06/2018 13:46:30] CPU Usage:0 % --> Command Line : 5640 | [Owner : Système | Parent : 868(services.exe) | 5.42 Mo] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host Interface.) - (10.0.30.1054) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [06/01/2015 17:40:34] CPU Usage:0 % --> Command Line : 2076 | [Owner : Système | Parent : 6496() | 3.91 Mo] - (.Dropbox, Inc. - Dropbox Update.) - (1.3.27.73) = C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [09/04/2016 19:43:58] CPU Usage:0 % --> Command Line : 5624 | [Owner : Système | Parent : 868(services.exe) | 11.2 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\WINDOWS\System32\svchost.exe [29/09/2017 15:41:43] CPU Usage:0 % --> Command Line : 3692 | [Owner : Système | Parent : 868(services.exe) | 9.83 Mo] - (.Intel Corporation - Intel(R) Local Management Service.) - (10.0.35.1024) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [06/01/2015 17:40:36] CPU Usage:0 % --> Command Line : 10692 | [Owner : jeremy | Parent : 7252() | 1.56 Mo] - (.Node.js - NVIDIA Web Helper Service.) - (6.12.2.0) = C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe [25/05/2018 12:27:42] CPU Usage:0 % --> Command Line : 11084 | [Owner : jeremy | Parent : 10692(NVIDIA Web Helper.exe) | 0.12 Mo] - (.Microsoft Corporation - Console Window Host.) - (10.0.16299.15) = C:\WINDOWS\System32\conhost.exe [29/09/2017 15:41:45] CPU Usage:0 % --> Command Line : 8768 | [Owner : Système | Parent : 868(services.exe) | 12.67 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\WINDOWS\System32\svchost.exe [29/09/2017 15:41:43] CPU Usage:0 % --> Command Line : 3732 | [Owner : Système | Parent : 444(svchost.exe) | 5.95 Mo] - (.Microsoft Corporation - Sink to receive asynchronous callbacks for WMI client application.) - (10.0.16299.15) = C:\WINDOWS\System32\wbem\unsecapp.exe [29/09/2017 15:42:04] CPU Usage:0 % --> Command Line : 8940 | [Owner : jeremy | Parent : 7844() | 0.48 Mo] - (.AsusTek - ASUS Smart Gesture Loader.) - (1.0.51.0) = C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe [14/12/2015 14:45:10] CPU Usage:0 % --> Command Line : 11160 | [Owner : jeremy | Parent : 8940(AsusTPLoader.exe) | 0.52 Mo] - (.AsusTek - ASUS Smart Gesture Center.) - (1.0.0.84) = C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe [14/12/2015 14:45:04] CPU Usage:0 % --> Command Line : 7404 | [Owner : jeremy | Parent : 11160(AsusTPCenter.exe) | 0.2 Mo] - (.AsusTek - ASUS Smart Gesture Helper.) - (1.0.22.0) = C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe [14/12/2015 14:45:26] CPU Usage:0 % --> Command Line : 12228 | [Owner : jeremy | Parent : 444(svchost.exe) | 22.06 Mo] - (.Microsoft Corporation - Application Frame Host.) - (10.0.16299.15) = C:\WINDOWS\System32\ApplicationFrameHost.exe [29/09/2017 15:41:37] CPU Usage:0 % --> Command Line : 376 | [Owner : jeremy | Parent : 444(svchost.exe) | 44.98 Mo] - (.Microsoft Corporation - Paramètres.) - (10.0.16299.15) = C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [29/09/2017 15:43:11] CPU Usage:0 % --> Command Line : 8588 | [Owner : jeremy | Parent : 444(svchost.exe) | 17.3 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.16299.15) = C:\WINDOWS\System32\RuntimeBroker.exe [29/09/2017 15:41:25] CPU Usage:0 % --> Command Line : 5736 | [Owner : jeremy | Parent : 444(svchost.exe) | 66.34 Mo] - (.Microsoft Corporation - Microsoft Outlook.) - (16.0.9330.2091) = C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.9330.20915.0_x64__8wekyb3d8bbwe\HxOutlook.exe [31/05/2018 09:40:03] CPU Usage:0 % --> Command Line : 11816 | [Owner : jeremy | Parent : 444(svchost.exe) | 34.91 Mo] - (.Microsoft Corporation - Microsoft Outlook Communications.) - (16.0.9330.2091) = C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.9330.20915.0_x64__8wekyb3d8bbwe\HxTsr.exe [31/05/2018 09:40:03] CPU Usage:0 % --> Command Line : 1764 | [Owner : jeremy | Parent : 444(svchost.exe) | 10.64 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.16299.15) = C:\WINDOWS\System32\RuntimeBroker.exe [29/09/2017 15:41:25] CPU Usage:0 % --> Command Line : 7648 | [Owner : jeremy | Parent : 444(svchost.exe) | 9.06 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.16299.15) = C:\WINDOWS\System32\RuntimeBroker.exe [29/09/2017 15:41:25] CPU Usage:0 % --> Command Line : 3184 | [Owner : jeremy | Parent : 1672(svchost.exe) | 18 Mo] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.16299.15) = C:\WINDOWS\System32\taskhostw.exe [29/09/2017 15:42:01] CPU Usage:0 % --> Command Line : 9636 | [Owner : jeremy | Parent : 7492(explorer.exe) | 280.12 Mo] - (.Mozilla Corporation - Firefox.) - (60.0.2.6730) = C:\Program Files\Mozilla Firefox\firefox.exe [03/06/2018 21:44:48] CPU Usage:0 % --> Command Line : 212 | [Owner : jeremy | Parent : 9636(firefox.exe) | 69.24 Mo] - (.Mozilla Corporation - Firefox.) - (60.0.2.6730) = C:\Program Files\Mozilla Firefox\firefox.exe [03/06/2018 21:44:48] CPU Usage:0 % --> Command Line : 12268 | [Owner : jeremy | Parent : 9636(firefox.exe) | 127.13 Mo] - (.Mozilla Corporation - Firefox.) - (60.0.2.6730) = C:\Program Files\Mozilla Firefox\firefox.exe [03/06/2018 21:44:48] CPU Usage:0 % --> Command Line : 1604 | [Owner : jeremy | Parent : 9636(firefox.exe) | 241.65 Mo] - (.Mozilla Corporation - Firefox.) - (60.0.2.6730) = C:\Program Files\Mozilla Firefox\firefox.exe [03/06/2018 21:44:48] CPU Usage:0 % --> Command Line : 9516 | [Owner : jeremy | Parent : 9636(firefox.exe) | 310.07 Mo] - (.Mozilla Corporation - Firefox.) - (60.0.2.6730) = C:\Program Files\Mozilla Firefox\firefox.exe [03/06/2018 21:44:48] CPU Usage:0 % --> Command Line : 4612 | [Owner : Système | Parent : 868(services.exe) | 5.53 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\WINDOWS\System32\svchost.exe [29/09/2017 15:41:43] CPU Usage:0 % --> Command Line : 9384 | [Owner : Système | Parent : 868(services.exe) | 6.05 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\WINDOWS\System32\svchost.exe [29/09/2017 15:41:43] CPU Usage:0 % --> Command Line : 1572 | [Owner : SERVICE LOCAL | Parent : 2408(svchost.exe) | 12.23 Mo] - (.Microsoft Corporation - Isolation graphique de périphérique audio Windows.) - (10.0.16299.248) = C:\WINDOWS\System32\audiodg.exe [01/03/2018 18:28:57] CPU Usage:0 % --> Command Line : 6768 | [Owner : Système | Parent : 868(services.exe) | 6.85 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\WINDOWS\System32\svchost.exe [29/09/2017 15:41:43] CPU Usage:0 % --> Command Line : 8992 | [Owner : jeremy | Parent : 444(svchost.exe) | 16.11 Mo] - (.Microsoft Corporation - Windows Defender SmartScreen.) - (10.0.16299.492) = C:\WINDOWS\System32\smartscreen.exe [13/06/2018 13:11:06] CPU Usage:0 % --> Command Line : 5472 | [Owner : Système | Parent : 868(services.exe) | 11.41 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\WINDOWS\System32\svchost.exe [29/09/2017 15:41:43] CPU Usage:0 % --> Command Line : 2900 | [Owner : jeremy | Parent : 7492(explorer.exe) | 50.04 Mo] - (.SosVirus - QuickDiag.) - (21.5.18.1) = C:\Users\jeremy\Downloads\QuickDiag.exe [15/06/2018 19:49:52] CPU Usage:0 % --> Command Line : 9840 | [Owner : Système | Parent : 444(svchost.exe) | 8.86 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.16299.248) = C:\WINDOWS\System32\wbem\WmiPrvSE.exe [01/03/2018 18:26:54] CPU Usage:0 % --> Command Line : 4620 | [Owner : SERVICE RÉSEAU | Parent : 444(svchost.exe) | 9.72 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.16299.248) = C:\WINDOWS\SysWOW64\wbem\WmiPrvSE.exe [01/03/2018 18:26:48] CPU Usage:0 % --> Command Line : ---------- | MD5 [MD5.4617D41657001A296F45D026B774C485] - [13/06/2018 13:11:10] - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [3812.29 Ko] - (10.0.16299.492) : C:\WINDOWS\Explorer.exe [MD5.E08FE2DE3DDD22123247D49A11B4F53D] - [29/09/2017 15:41:33] - (.© Microsoft Corporation. Tous droits réservés. - Interpréteur de commandes Windows.) - [266.5 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\cmd.exe [MD5.4E043FE41901F1EA1B0FCCEF3C077C56] - [29/09/2017 15:41:43] - (.© Microsoft Corporation. Tous droits réservés. - Processus d’exécution client-serveur.) - [17.27 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\csrss.exe [MD5.5D94FA288F4BB230FE77BC67DE506257] - [29/09/2017 15:41:43] - (.© Microsoft Corporation. - COM Surrogate.) - [20.4 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\dllhost.exe [MD5.6B6F2549BF625F1059270147B9805400] - [09/05/2018 14:16:13] - (.© Microsoft Corporation. Tous droits réservés. - DLL du client API BASE Windows NT.) - [686.1 Ko] - (10.0.16299.431) : C:\WINDOWS\System32\Kernel32.dll [MD5.94E06D509D50807774F35BEE3163E806] - [29/09/2017 15:41:43] - (.© Microsoft Corporation. - Local Security Authority Process.) - [56.62 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\lsass.exe [MD5.6145D5B0781C11EF2142D3FA3763D26A] - [13/06/2018 13:10:48] - (.© Microsoft Corporation. - Distributed COM Services.) - [1090.5 Ko] - (10.0.16299.492) : C:\WINDOWS\System32\rpcss.dll [MD5.731A783A36A8E69A6434D19D98B12A09] - [29/09/2017 15:41:58] - (.© Microsoft Corporation. Tous droits réservés. - Processus hôte Windows (Rundll32).) - [69.5 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\rundll32.exe [MD5.8207DB785C4A1A8C901154D12DF6E38E] - [07/06/2018 23:43:15] - (.© Microsoft Corporation. Tous droits réservés. - Applications Services et Contrôleur.) - [602.34 Ko] - (10.0.16299.461) : C:\WINDOWS\System32\services.exe [MD5.440684C4F823AAE2CC587363F9C477A6] - [29/09/2017 15:41:43] - (.© Microsoft Corporation. Tous droits réservés. - Processus hôte pour les services Windows.) - [47.55 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\svchost.exe [MD5.0370364D4D8846B6CF316ABBB2EDB083] - [14/12/2017 03:38:58] - (.© Microsoft Corporation. Tous droits réservés. - DLL client de l’API uilisateur de Windows multi-utilisateurs.) - [1595.98 Ko] - (10.0.16299.125) : C:\WINDOWS\System32\user32.dll [MD5.755ED4FDBD7D6C3980610E26E527E2F5] - [29/09/2017 15:41:43] - (.© Microsoft Corporation. Tous droits réservés. - Application d’ouverture de session Userinit.) - [31.5 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\userinit.exe [MD5.BF3E1D9B2360C6BE4CC3094CD2DDC617] - [29/09/2017 15:41:43] - (.© Microsoft Corporation. Tous droits réservés. - Application de démarrage de Windows.) - [351.16 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\Wininit.exe [MD5.C67E7F605A830AA96A204ECCDC678FBC] - [12/04/2018 08:03:36] - (.© Microsoft Corporation. Tous droits réservés. - Application d’ouverture de session Windows.) - [699.5 Ko] - (10.0.16299.371) : C:\WINDOWS\System32\Winlogon.exe [MD5.9619C0D7DB55CC3A636A24A7D82B0C8E] - [12/04/2018 08:03:50] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de fonction connexe pour WinSock.) - [599.91 Ko] - (10.0.16299.371) : C:\WINDOWS\System32\Drivers\afd.sys [MD5.6191B9B2EE0E8CB957C683B9B341CC86] - [29/09/2017 15:41:03] - (.© Microsoft Corporation. - ATAPI IDE Miniport Driver.) - [27.9 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\Drivers\atapi.sys [MD5.B173197D8F7801F2225A357B166F264D] - [07/06/2018 23:42:59] - (.© Microsoft Corporation. - ATAPI Driver Extension.) - [189.9 Ko] - (10.0.16299.461) : C:\WINDOWS\System32\Drivers\ataport.sys [MD5.9E82A95D77AC78C84BA75FF896B060BF] - [29/09/2017 15:41:43] - (.© Microsoft Corporation. - CD-ROM File System Driver.) - [91 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\Drivers\cdfs.sys [MD5.6D83565C1652E80447EDEA6947FA89D7] - [29/09/2017 15:41:02] - (.© Microsoft Corporation. - SCSI CD-ROM Driver.) - [156 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\Drivers\cdrom.sys [MD5.D7E6591F3D2B9FB5C4F0D05D5CF3A9F8] - [07/06/2018 23:43:22] - (.© Microsoft Corporation. - DFS Namespace Client Driver.) - [147 Ko] - (10.0.16299.461) : C:\WINDOWS\System32\Drivers\dfsc.sys [MD5.99A34FD1F6431A10D8C3BB50E170D0F2] - [29/09/2017 15:40:59] - (.© Microsoft Corporation. - High Definition Audio Bus Driver.) - [84 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\Drivers\hdaudbus.sys [MD5.56FF074E50F9042FD2856AB3418F4B18] - [29/09/2017 15:41:08] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de port i8042.) - [103.5 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\Drivers\i8042prt.sys [MD5.7BEC2AF23F586EFF0DB4DBF4331B0C70] - [29/09/2017 15:41:33] - (.© Microsoft Corporation. - IP Network Address Translator.) - [209 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\Drivers\ipnat.sys [MD5.71729B1EE949E1B092CB5CB75CC63715] - [01/03/2018 18:28:57] - (.© Microsoft Corporation. Tous droits réservés. - Minirdr SMB Windows NT.) - [482.9 Ko] - (10.0.16299.248) : C:\WINDOWS\System32\Drivers\mrxsmb.sys [MD5.25D126EFFEC0B117DA4C81F7AE6C99FC] - [12/04/2018 08:03:45] - (.© Microsoft Corporation. Tous droits réservés. - NDIS (Network Driver Interface Specification).) - [1247.91 Ko] - (10.0.16299.371) : C:\WINDOWS\System32\Drivers\ndis.sys [MD5.E258CE8B8053518AF47610BC0486E915] - [07/06/2018 23:43:23] - (.© Microsoft Corporation. - MBT Transport driver.) - [309.5 Ko] - (10.0.16299.461) : C:\WINDOWS\System32\Drivers\netbt.sys [MD5.FDD87E943A52052CE6B732179895F353] - [13/06/2018 13:11:17] - (.© Microsoft Corporation. Tous droits réservés. - Pilote du système de fichiers NT.) - [2338.91 Ko] - (10.0.16299.492) : C:\WINDOWS\System32\Drivers\ntfs.sys [MD5.2E07EC2C1622F5E7B535D62DCD61F3AB] - [29/09/2017 15:41:03] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de port parallèle.) - [96.5 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\Drivers\parport.sys [MD5.E0220BB6580D34001D4D1D133052DAA4] - [29/09/2017 15:41:58] - (.© Microsoft Corporation. - RAS L2TP mini-port/call-manager driver.) - [104 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\Drivers\rasl2tp.sys [MD5.39886C19FB466BBF8AEC31E3E77C034C] - [12/04/2018 08:02:52] - (.© Microsoft Corporation. Tous droits réservés. - Redirecteur de périphérique de Microsoft RDP.) - [178.5 Ko] - (10.0.16299.371) : C:\WINDOWS\System32\Drivers\rdpdr.sys [MD5.AE5CA8D3D81DCC76C5FFF1CD60E48606] - [12/04/2018 08:03:45] - (.© Microsoft Corporation. Tous droits réservés. - Pilote TCP/IP.) - [2708.41 Ko] - (10.0.16299.334) : C:\WINDOWS\System32\Drivers\tcpip.sys [MD5.09125A12CAB5F8D5EAE9C83C25792FDD] - [12/04/2018 08:03:03] - (.© Microsoft Corporation. - TDI Translation Driver.) - [118.41 Ko] - (10.0.16299.371) : C:\WINDOWS\System32\Drivers\tdx.sys [MD5.5B27846CF4B1C21AFB3A35A8336BA02F] - [14/12/2017 03:39:01] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de cliché instantané du volume.) - [391.9 Ko] - (10.0.16299.125) : C:\WINDOWS\System32\Drivers\volsnap.sys ---------- | Locked Applications ---------- | Explorer.exe component call (Microsoft Files Whitelisted) (..-..) - (0.0.0.0) -- C:\WINDOWS\SYSTEM32\inputhost.dll (.Dropbox, Inc..-.Dropbox Shell Extension.) - (1.0.22.0) -- C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll (.AVAST Software.-.Avast Shell Extension.) - (18.4.3895.0) -- C:\Program Files\AVAST Software\Avast\ashShA64.dll (.Intel Corporation.-.User Mode Driver for Intel(R) Graphics Technology.) - (20.19.15.4549) -- C:\WINDOWS\SYSTEM32\igd10iumd64.dll (.Intel Corporation.-.Unified Shader Compiler for Intel(R) Graphics Accelerator.) - (20.19.15.4549) -- C:\WINDOWS\SYSTEM32\igdusc64.dll (.NVIDIA Corporation.-.NVIDIA NVAPI Library, Version 397.93.) - (24.21.13.9793) -- C:\WINDOWS\system32\nvapi64.dll (.Seiko Epson Corporation.-.Epson Easy Photo Print (TBL x64).) - (2.7.0.0) -- C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (.Malwarebytes.-.Malwarebytes.) - (3.0.0.26) -- C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll (.Alexander Roshal.-.WinRAR shell extension.) - (5.50.0.0) -- C:\Program Files\WinRAR\rarext.dll (.Glarysoft Ltd.-.Context Menu Handler.) - (5.0.0.16) -- C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll (.Foxit Corporation.-.ConvertToPDFShellExtension.) - (6.0.4.1129) -- C:\Program Files (x86)\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll (..-.ShellHandler for Notepad++ (64 bit).) - (0.1.0.0) -- C:\Program Files (x86)\Notepad++\NppShell_06.dll (.NVIDIA Corporation.-.NVIDIA Shell Extensions.) - (6.14.13.9793) -- C:\WINDOWS\system32\nv3dappshext.dll (.NVIDIA Corporation.-.NVIDIA French language resource library.) - (6.14.13.9793) -- C:\WINDOWS\SYSTEM32\Nv3DAppShExtR.dll ---------- | Svchost.exe component call (Microsoft Files Whitelisted) (.http://www.sqlite.org/copyright.html.-.SQLite is a software library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine..) - (3.19.3.0) -- C:\WINDOWS\System32\winsqlite3.dll (.Copyright (C) 2014 AVAST Software.-.Hook Library.) - (18.4.3.28536) -- C:\Program Files\AVAST Software\Avast\x64\aswhooka.dll ---------- | ZeroAccess Check [HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll [HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll [HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll ---------- | Startings up OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-19\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE LOCAL OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-20\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE RÉSEAU GUDelayStartup - ("C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\SOFTWARE\...\Run]) - User: JÉRÉMY\jeremy CCleaner Monitoring - ("C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\SOFTWARE\...\Run]) - User: JÉRÉMY\jeremy Akamai NetSession Interface - ("C:\Users\jeremy\AppData\Local\Akamai\netsession_win.exe" [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\SOFTWARE\...\Run]) - User: JÉRÉMY\jeremy EPLTarget\P0000000000000002 - (C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATINEE.EXE /EPT "EPLTarget\P0000000000000002" /M "XP-322 323 325 Series" [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\SOFTWARE\...\Run]) - User: JÉRÉMY\jeremy EPLTarget\P0000000000000001 - (C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATINEE.EXE /EPT "EPLTarget\P0000000000000001" /M "XP-322 323 325 Series" /EF "HKCU" [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\SOFTWARE\...\Run]) - User: JÉRÉMY\jeremy NETGEAR WNA3100M Genie - (C:\PROGRA~2\NETGEAR\WNA3100M\WNA3100M.exe [Common Startup]) - User: Public SecurityHealth - (%ProgramFiles%\Windows Defender\MSASCuiL.exe [HKLM\SOFTWARE\...\Run]) - User: Public IntelConnectCenter - ("C:\Program Files\Intel\ConnectCenter\bin\ICCLauncher.exe"/tasktrayonly [HKLM\SOFTWARE\...\Run]) - User: Public AvastUI.exe - ("C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui [HKLM\SOFTWARE\...\Run]) - User: Public [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\Microsoft\Command Processor] "CompletionChar"=9 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=9 [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\Microsoft\Windows\CurrentVersion\Run] "GUDelayStartup"="C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR "Akamai NetSession Interface"="C:\Users\jeremy\AppData\Local\Akamai\netsession_win.exe" "EPLTarget\P0000000000000002"=C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATINEE.EXE /EPT "EPLTarget\P0000000000000002" /M "XP-322 323 325 Series" "EPLTarget\P0000000000000001"=C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATINEE.EXE /EPT "EPLTarget\P0000000000000001" /M "XP-322 323 325 Series" /EF "HKCU" [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run] "EPLTarget\P0000000000000001"=0x030000004979B11D4F58D101 "EPLTarget\P0000000000000000"=0x0300000088EF6F1E4F58D101 "Steam"=0x03000000F5BD3DCBA614D101 "OneDrive"=0x03000000F5616F82D11BD101 "EADM"=0x03000000589CBA83D11BD101 "CCleaner Monitoring"=0x03000000D92BA4C77DBCD301 "Tomtomax MaxiBox"=0x0300000053F0301C4F58D101 "DAEMON Tools Lite Automount"=0x030000001011A1F4F587D301 "GUDelayStartup"=0x03000000F33E37D46788D201 "PCLink"=0x020000000000000000000000 "OpenDNS Updater"=0x030000000FCF3A53898CD201 "FreeMi UPnP Media Server"=0x0300000034D001E38CFAD201 "MyDriveConnect.exe"=0x030000008975021401EAD201 "EPLTarget\P0000000000000002"=0x03000000B0FC2CD7C2D4D301 "Akamai NetSession Interface"=0x03000000A0CCD1DBC2D4D301 [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "Device"=EPSON XP-322 323 325 Series,winspool,Ne04: "IsMRUEstablished"=1 "LegacyDefaultPrinterMode"=0 [HKLM\Software\Microsoft\Command Processor] "CompletionChar"=64 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=64 [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "SecurityHealth"=%ProgramFiles%\Windows Defender\MSASCuiL.exe "IntelConnectCenter"="C:\Program Files\Intel\ConnectCenter\bin\ICCLauncher.exe"/tasktrayonly "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run] "SecurityHealth"=0x0700000082439FCE7DBCD301 "AuditSHD"=0x040000000000000000000000 "NvBackend"=0x020000000000000000000000 "ShadowPlay"=0x020000000000000000000000 "COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}"=0x020000000000000000000000 "IntelConnectCenter"=0x03000000FFB7A24C898CD201 "Malwarebytes TrayApp"=0x030000006AEB2CDA7B80D201 "InstallerLauncher"=0x020000000000000000000000 "AvgUi"=0x020000000000000000000000 "AVGUI.exe"=0x020000000000000000000000 "XboxStat"=0x0300000013D8E21101EAD201 "WindowsDefender"=0x020000000000000000000000 "AvastUI.exe"=0x020000000000000000000000 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32] "WebStorage"=0x070000008195BDDC7B80D201 "SunJavaUpdateSched"=0x03000000AEEE7A56898CD201 "Aeria Ignite"=0x030000005E39FF7ED11BD101 "tvncontrol"=0x020000000000000000000000 "AvgUi"=0x020000000000000000000000 "EEventManager"=0x030000003069B258898CD201 "AVG_UI"=0x020000000000000000000000 "APSDaemon"=0x020000000000000000000000 "Avira SystrayStartTrigger"=0x020000000000000000000000 "avgnt"=0x020000000000000000000000 "Avira System Speedup User Starter"=0x020000000000000000000000 "Dropbox"=0x03000000960B34DBE79ED101 "SDTray"=0x020000000000000000000000 "AVGUI.exe"=0x020000000000000000000000 "Malwarebytes TrayApp"=0x03000000B0A17C35C403D301 "SecurityHealth"=0x03000000E0A8AAD2C2D4D301 "IntelConnectCenter"=0x03000000809CAEE0C2D4D301 "PSUAMain"=0x020000000000000000000000 [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] ""=mnmsrvc "AppInit_DLLs"= "DdeSendTimeout"=0 "DesktopHeapLogging"=1 "DeviceNotSelectedTimeout"=15 "DwmInputUsesIoCompletionPort"=1 "EnableDwmInputProcessing"=7 "EnableMitInputProcessing"=7 "GDIProcessHandleQuota"=10000 "IconServiceLib"=IconCodecService.dll "LoadAppInit_DLLs"=0 "NaturalInputHandler"=Ninput.dll "ShutdownWarningDialogTimeout"=4294967295 "Spooler"=yes "ThreadUnresponsiveLogTimeout"=500 "TransmissionRetryTimeout"=90 "USERNestedWindowLimit"=50 "USERPostMessageLimit"=10000 "USERProcessHandleQuota"=10000 "Win32kLastWriteTime"=1D33928A8E92551 [HKLM\Software\WOW6432Node\Microsoft\Command Processor] "CompletionChar"=64 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=64 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] "Dropbox"="C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows] ""=mnmsrvc "AppInit_DLLs"= "DdeSendTimeout"=0 "DesktopHeapLogging"=1 "DeviceNotSelectedTimeout"=15 "DwmInputUsesIoCompletionPort"=1 "EnableDwmInputProcessing"=7 "EnableMitInputProcessing"=7 "GDIProcessHandleQuota"=10000 "IconServiceLib"=IconCodecService.dll "LoadAppInit_DLLs"=0 "NaturalInputHandler"=Ninput.dll "ShutdownWarningDialogTimeout"=4294967295 "Spooler"=yes "ThreadUnresponsiveLogTimeout"=500 "TransmissionRetryTimeout"=90 "USERNestedWindowLimit"=50 "USERPostMessageLimit"=10000 "USERProcessHandleQuota"=10000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED} ---------- | Win.ini : ---------- | System.ini : ---------- | Tasks List Adobe Acrobat Update Task Adobe Flash Player NPAPI Notifier Adobe Flash Player Updater ASUS Demo App UpLoad ASUS Live Update1 ASUS Live Update2 ASUS Smart Gesture Launcher ASUS Splendid ACMON ASUS USB Charger Plus ATK Package 36D18D69AFC3 Avast Emergency Update CCleaner Update CCleanerSkipUAC DropboxUpdateTaskMachineCore DropboxUpdateTaskMachineUA EPSON XP-322 323 325 Series Update {061937A4-1252-4CDA-8340-9609D625E714} EPSON XP-322 323 325 Series Update {135922D8-FC24-49D1-8227-EE5218486486} EPSON XP-322 323 325 Series Update {1F263A31-0F4A-4230-8A96-7FB8D512D008} EPSON XP-322 323 325 Series Update {9198C81E-C3D3-413C-9DE5-415F0E38C17E} EPSON XP-322 323 325 Series Update {C2E4AE32-EA0D-4B06-A992-B7BCEDB65498} EPSON XP-322 323 325 Series Update {D30F6463-3F8E-46D1-807F-17E07B9FA58D} EPSON XP-322 323 325 Series Update {EFBE3288-4865-4B7E-B61F-BA87A62CC60C} EPSON XP-322 323 325 Series Update {F4E5FED7-3068-4DFC-B1AD-C6A925AED1B6} GlaryInitialize 5 GoogleUpdateTaskMachineCore GoogleUpdateTaskMachineUA GU5SkipUAC IntelBootstrapCCDashExe NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} OneDrive Standalone Update Task-S-1-5-21-3887153473-814642932-2301374465-1001 Optimize Start Menu Cache Files-S-1-5-21-3887153473-814642932-2301374465-1001 Optimize Start Menu Cache Files-S-1-5-21-3887153473-814642932-2301374465-500 RtHDVBg_ListenToDevice RTKCPL Update Checker {20FD4733-B18D-4235-B972-99DC88DEFC2A} {5DF6365C-8447-4055-BC32-F462DE0F2647} {724A91FF-A101-41C5-BB8E-3CC94A6ABEBA} {7416E589-E125-47C7-8459-9D34AA9C68D6} {7863FA96-E0D9-42B6-BF76-3DFCAAB1B812} {90822001-0998-4638-BE93-EFA872012EB8} {B0187C5E-0F09-4AD3-A249-5E436F578E22} {C6622151-1DA9-41C2-8A96-7386E3058EE8} {C8DA254C-F9FD-4FF1-91EB-5C01C6F7CFA8} {CE1A2A4B-5E86-4AAD-BE17-36C267483EC8} {FD7E497D-6E85-412E-89E3-A30AA4A6036C} ---------- | Startings up registry ? Folder ---------- | Control - lsa - SecurityProviders - Session Manager - Terminal Server [HKLM\System\CurrentControlSet\Control] "BootDriverFlags"=28 "CurrentUser"=USERNAME "EarlyStartServices"=RpcSs Power BrokerInfrastructure SystemEventsBroker DcomLaunch RpcEpMapper LSM AppIdSvc "PreshutdownOrder"=UsoSvc DeviceInstall gpsvc trustedinstaller "SvcHostSplitThresholdInKB"=3670016 "WaitToKillServiceTimeout"=200 "SystemStartOptions"= NOEXECUTE=OPTIN NOVGA "SystemBootDevice"=multi(0)disk(0)rdisk(0)partition(4) "FirmwareBootDevice"=multi(0)disk(0)rdisk(0)partition(1) "LastBootSucceeded"=1 "LastBootShutdown"=1 "DirtyShutdownCount"=18 [HKLM\System\CurrentControlSet\Control\lsa] "auditbasedirectories"=0 "auditbaseobjects"=0 "Bounds"=0x0030000000200000 "crashonauditfail"=0 "fullprivilegeauditing"=0x00 "LimitBlankPasswordUse"=1 "NoLmHash"=1 "Security Packages"="" [30/10/2015 17:37:40] "Notification Packages"=scecli "Authentication Packages"=msv1_0 "disabledomaincreds"=0 "everyoneincludesanonymous"=0 "forceguest"=0 "LsaPid"=876 "ProductType"=3 "restrictanonymous"=0 "restrictanonymoussam"=1 "SamConnectedAccountsExist"=1 "SecureBoot"=1 [HKLM\System\CurrentControlSet\Control\SecurityProviders] "SecurityProviders"=credssp.dll [HKLM\System\CurrentControlSet\Control\Session Manager] "AutoChkTimeout"=8 "BootExecute"=autocheck autochk * "BootShell"=%SystemRoot%\system32\bootim.exe "CriticalSectionTimeout"=2592000 "ExcludeFromKnownDlls"= "GlobalFlag"=0 "HeapDeCommitFreeBlockThreshold"=0 "HeapDeCommitTotalFreeThreshold"=0 "HeapSegmentCommit"=0 "HeapSegmentReserve"=0 "InitConsoleFlags"=0 "NumberOfInitialSessions"=2 "ObjectDirectories"=\Windows \RPC Control "ProcessorControl"=2 "ProtectionMode"=1 "ResourceTimeoutCount"=648000 "RunLevelExecute"=WinInit ServiceControlManager "RunLevelValidate"=ServiceControlManager "SETUPEXECUTE"= "AutoChkSkipSystemPartition"=0 [HKLM\System\CurrentControlSet\Control\Terminal Server] "AllowRemoteRPC"=0 "DelayConMgrTimeout"=0 "DeleteTempDirsOnExit"=0 "fDenyTSConnections"=1 "fSingleSessionPerUser"=1 "NotificationTimeOut"=0 "PerSessionTempDir"=0 "ProductVersion"=5.1 "RCDependentServices"=CertPropSvc SessionEnv "SnapshotMonitors"=1 "StartRCM"=0 "TSUserEnabled"=0 "InstanceID"=9f67e52d-4fec-43ad-81b3-ddd4d1c "GlassSessionId"=1 ---------- | .LNK with Arguments ---------- | AppCertDlls ---------- | Dnsapi.dll C:\WINDOWS\System32\dnsapi.dll -> OK : \drivers\etc\hosts C:\WINDOWS\SysWOW64\dnsapi.dll -> OK : \drivers\etc\hosts ---------- | Policies | Registry [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Control Panel\Desktop] "ActiveWndTrackTimeout"=0 "BlockSendInputResets"=0 "CaretTimeout"=5000 "CaretWidth"=1 "ClickLockTime"=1200 "CoolSwitchColumns"=7 "CoolSwitchRows"=3 "CursorBlinkRate"=530 "DockMoving"=1 "DragFromMaximize"=1 "DragFullWindows"=1 "DragHeight"=4 "DragWidth"=4 "FocusBorderHeight"=1 "FocusBorderWidth"=1 "FontSmoothing"=2 "FontSmoothingGamma"=0 "FontSmoothingOrientation"=1 "FontSmoothingType"=2 "ForegroundFlashCount"=7 "ForegroundLockTimeout"=200000 "LeftOverlapChars"=3 "MenuShowDelay"=400 "MouseWheelRouting"=2 "PaintDesktopVersion"=0 "Pattern"=0 "RightOverlapChars"=3 "ScreenSaveActive"=1 "SnapSizing"=1 "TileWallpaper"=0 "WallPaper"=c:\windows\web\wallpaper\windows\img0.jpg [29/09/2017 15:41:18] "WallpaperOriginX"=0 "WallpaperOriginY"=0 "WallpaperStyle"=10 "WheelScrollChars"=3 "WheelScrollLines"=3 "WindowArrangementActive"=1 "MouseMonitorEscapeSpeed"=0 "Win8DpiScaling"=0 "UserPreferencesMask"=0x9012078010000000 "AutoColorization"=1 "MaxVirtualDesktopDimension"=2944 "MaxMonitorDimension"=1920 "TranscodedImageCount"=1 "LastUpdated"=4294967295 "TranscodedImageCache"=0x7AC301002B73030080070000B00400008CF526A12839D30163003A005C00770069006E0064006F00770073005C007700650062005C00770061006C006C00700061007000650072005C00770069006E0064006F00770073005C0069006D00670030002E006A007000670000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 "ImageColor"=2940843252 "LockScreenAutoLockActive"=0 "PreferredUILanguages"=fr-FR "DpiScalingVer"=4096 "ScreenSaverIsSecure"=0 "ScreenSaveTimeOut"=60 "WaitToKillAppTimeout"=200 "HungAppTimeout"=200 [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDriveTypeAutoRun"=145 [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{E31EA727-12ED-4702-820C-4B6445F28E1A}"=1 "{018D5C66-4533-4307-9B53-224DE2ED1FE6}"=1 [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\Microsoft\Windows\CurrentVersion\Explorer] "ShellState"=0x240000003D28000000000000000000000000000001000000130000000000000062000000 "IconUnderline"=3 "ShowFrequent"=0 "ShowRecent"=0 "ExplorerStartupTraceRecorded"=1 "UserSignedIn"=1 "SIDUpdatedOnLibraries"=1 "LocalKnownFoldersMigrated"=1 "TelemetrySalt"=0 "GlobalAssocChangedCounter"=25 "FirstRunTelemetryComplete"=1 "AppReadinessLogonComplete"=1 "SlowContextMenuEntries"=0xFB9A790967ADD111ABCD00C04FC3093640D800006024B221EA3A6910A2DC08002B30309DB6EE00000114020000000000C000000000000046C5EE0000206BB9B11DDA3C4A92C17229B32F2326FABE0000BD0E0C47735D584D9CEDE91E22E23282F26C0000 "PostAppInstallTasksCompleted"=1 "Browse For Folder Width"=347 "Browse For Folder Height"=346 "link"=0x15000000 [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_SearchFiles"=2 "ServerAdminUI"=0 "StoreAppsOnTaskbar"=1 "EnableStartMenu"=1 "StartMenuInit"=13 "ReindexedProfile"=1 "Hidden"=0 "ShowCompColor"=1 "HideFileExt"=0 "DontPrettyPath"=0 "ShowInfoTip"=1 "MapNetDrvBtn"=0 "WebView"=1 "Filter"=0 "ShowSuperHidden"=0 "SeparateProcess"=0 "AutoCheckSelect"=0 "IconsOnly"=0 "ShowTypeOverlay"=1 "ShowStatusBar"=1 "TaskbarStateLastRun"=0xD0B61E5B00000000 "ShellViewReentered"=1 "HideIcons"=0 "LaunchTo"=1 "TaskbarSizeMove"=1 "DisablePreviewDesktop"=1 "TaskbarGlomLevel"=0 [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\WordWheelQuery] "MRUListEx"=0x0100000000000000FFFFFFFF "0"=0x72006500670065006400690074000000 "1"=0x70006500720069000000 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=0 "ConsentPromptBehaviorUser"=3 "DSCAutomationHostEnabled"=2 "EnableCursorSuppression"=1 "EnableFullTrustStartupTasks"=2 "EnableInstallerDetection"=1 "EnableLUA"=0 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableUwpStartupTasks"=2 "EnableVirtualization"=1 "PromptOnSecureDesktop"=0 "SupportFullTrustStartupTasks"=1 "SupportUwpStartupTasks"=1 "ValidateAdminCodeSignatures"=0 "undockwithoutlogon"=1 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "ForceActiveDesktopOn"=0 "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "NoRecentDocsHistory"=0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoAddingComponents"=1 "NoComponents"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "CheckedValue"=1 "DefaultValue"=2 "HKeyRoot"=2147483649 "Id"=2 "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "ValueName"=Hidden [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer] "ActiveSetupDisabled"=0 "ActiveSetupTaskOverride"=1 "AsyncRunOnce"=1 "AsyncUpdatePCSettings"=1 "DisableAppInstallsOnFirstLogon"=1 "DisableResolveStoreCategories"=1 "DisableUpgradeCleanup"=1 "EarlyAppResolverStart"=1 "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "FSIASleepTimeInMs"=60000 "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "IconUnderline"=2 "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "MachineOobeUpdates"=1 "NoWaitOnRoamingPayloads"=1 "TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd} "SmartScreenEnabled"=RequireAdmin "GlobalAssocChangedCounter"=197 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_TrackDocs"=1 "TaskbarSizeMove"=0 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=0 "ConsentPromptBehaviorUser"=3 "DSCAutomationHostEnabled"=2 "EnableCursorSuppression"=1 "EnableFullTrustStartupTasks"=2 "EnableInstallerDetection"=1 "EnableLUA"=0 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableUwpStartupTasks"=2 "EnableVirtualization"=1 "PromptOnSecureDesktop"=0 "SupportFullTrustStartupTasks"=1 "SupportUwpStartupTasks"=1 "ValidateAdminCodeSignatures"=0 "undockwithoutlogon"=1 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer] "ForceActiveDesktopOn"=0 "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "NoRecentDocsHistory"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoAddingComponents"=1 "NoComponents"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "CheckedValue"=1 "DefaultValue"=2 "HKeyRoot"=2147483649 "Id"=2 "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "ValueName"=Hidden [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer] "ActiveSetupDisabled"=0 "ActiveSetupTaskOverride"=1 "AsyncRunOnce"=1 "AsyncUpdatePCSettings"=1 "DisableAppInstallsOnFirstLogon"=1 "DisableResolveStoreCategories"=1 "DisableUpgradeCleanup"=1 "EarlyAppResolverStart"=1 "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "FSIASleepTimeInMs"=60000 "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "IconUnderline"=2 "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "MachineOobeUpdates"=1 "NoWaitOnRoamingPayloads"=1 "TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd} "GlobalAssocChangedCounter"=53 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_TrackDocs"=1 "TaskbarSizeMove"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s ---------- | Winlogon [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin;OneDrive;Work Folders "BuildNumber"=16299 "FirstLogon"=0 "PUUActive"=0xCF2B37B3020007003F00200105720D00181A0F00181A0F00D20000001C00450083640FCE1B532700101514000B530A00B3040A008C630000000000008CFE1300765100001F0200009A9AE50DCC04D4012FEF1D0000000000010000002FEF1D00AB3F000000000000 "DP"=0xD200E8004D0007003F000000CF2B37B30000000000000000FED684D8BB04D401FED684D8BB04D401000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000F03F805101006CDC008089684053A9686153C722000032008744F202875486C5008004811568068195680152000019102172391421761D22008058048D0A5C04AD0A44CE004004AC840604EC8C06773A008048B10C01C8B10C01837700C00800225028202258512501C02258A00122D8A40362FA008010C3940138CBD601BF0600808190003883D80838 "ParseAutoexec"=1 [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "AutoRestartShell"=1 "Background"=0 0 0 "CachedLogonsCount"=10 "DebugServerCommand"=no "DisableBackButton"=1 "EnableSIHostIntegration"=1 "ForceUnlockLogon"=0 "LegalNoticeCaption"= "LegalNoticeText"= "PasswordExpiryWarning"=5 "PowerdownAfterShutdown"=0 "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "ReportBootOk"=1 "Shell"=explorer.exe "ShellCritical"=0 "ShellInfrastructure"=sihost.exe "SiHostCritical"=0 "SiHostReadyTimeOut"=0 "SiHostRestartCountLimit"=0 "SiHostRestartTimeGap"=0 "VMApplet"=SystemPropertiesPerformance.exe /pagefile "WinStationsDisabled"=0 "scremoveoption"=0 "LastLogOffEndTimePerfCounter"=2745727185 "ShutdownFlags"=2147484839 "Userinit"=C:\WINDOWS\System32\Userinit.exe, "ShutdownWithoutLogon"=0 "DisableCad"=1 "EnableFirstLogonAnimation"=1 "AutoLogonSID"=S-1-5-21-3887153473-814642932-2301374465-1001 "LastUsedUsername"=jeremy "AutoAdminLogon"=1 "DefaultUserName"=jeremy "DefaultDomainName"=JÉRÉMY [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon] "DefaultDomainName"= "DefaultUserName"= "EnableSIHostIntegration"=1 "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "Shell"=explorer.exe "ShellCritical"=0 "SiHostCritical"=0 "SiHostReadyTimeOut"=0 "SiHostRestartCountLimit"=0 "SiHostRestartTimeGap"=0 "Userinit"=C:\WINDOWS\system32\userinit.exe, "AutoRestartShell"=1 ---------- | Associations [HKLM\Software\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\Classes\.com] ""=comfile [HKLM\Software\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.reg] ""=regfile [HKLM\Software\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\Classes\.scr] ""=scrfile [HKLM\Software\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\Classes\.bat] ""=batfile [HKLM\Software\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.cmd] ""=cmdfile [HKLM\Software\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.pif] ""=piffile [HKLM\Software\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.inf] ""=inffile [HKLM\Software\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\Classes\.url] ""=InternetShortcut [HKLM\Software\Classes\.lnk] ""=lnkfile [HKLM\Software\Classes\.hta] ""=htafile "Content Type"=application/hta "PerceivedType"=text [HKLM\Software\Classes\htafile\Shell\Open\Command] ""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* [HKLM\Software\Classes\InternetShortcut] "EditFlags"=2 "FriendlyTypeName"=@C:\WINDOWS\system32\ieframe.dll,-10046 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "NeverShowExt"= "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment ""=Raccourci Internet [HKLM\Software\Classes\Application.Manifest] ""=Application Manifest "BrowserFlags"=4096 "EditFlags"=4259840 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200 [HKLM\Software\Classes\Application.Reference] ""=Application Reference "EditFlags"=131072 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201 "IsShortcut"= "NeverShowExt"= [HKLM\Software\Classes\Folder] ""=Folder "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeLayoutPatternForSearch"=alpha "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.HomeGroupSharingStatus [HKLM\Software\WOW6432Node\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\WOW6432Node\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\WOW6432Node\Classes\.com] ""=comfile [HKLM\Software\WOW6432Node\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.reg] ""=regfile [HKLM\Software\WOW6432Node\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\WOW6432Node\Classes\.scr] ""=scrfile [HKLM\Software\WOW6432Node\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\WOW6432Node\Classes\.bat] ""=batfile [HKLM\Software\WOW6432Node\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.cmd] ""=cmdfile [HKLM\Software\WOW6432Node\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.pif] ""=piffile [HKLM\Software\WOW6432Node\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.inf] ""=inffile [HKLM\Software\WOW6432Node\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\WOW6432Node\Classes\.url] ""=InternetShortcut [HKLM\Software\WOW6432Node\Classes\.lnk] ""=lnkfile [HKLM\Software\WOW6432Node\Classes\.hta] ""=htafile "Content Type"=application/hta "PerceivedType"=text [HKLM\Software\WOW6432Node\Classes\htafile\Shell\Open\Command] ""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* [HKLM\Software\WOW6432Node\Classes\InternetShortcut] "EditFlags"=2 "FriendlyTypeName"=@C:\WINDOWS\system32\ieframe.dll,-10046 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "NeverShowExt"= "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment ""=Raccourci Internet [HKLM\Software\WOW6432Node\Classes\Application.Manifest] ""=Application Manifest "BrowserFlags"=4096 "EditFlags"=4259840 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200 [HKLM\Software\WOW6432Node\Classes\Application.Reference] ""=Application Reference "EditFlags"=131072 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201 "IsShortcut"= "NeverShowExt"= [HKLM\Software\WOW6432Node\Classes\Folder] ""=Folder "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeLayoutPatternForSearch"=alpha "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.HomeGroupSharingStatus [HKLM\Software\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\Shell\open\Command] ""="C:\Program Files\Mozilla Firefox\firefox.exe" [HKLM\Software\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\InstallInfo] "ReinstallCommand"="C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\Clients\StartMenuInternet\Google Chrome\Shell\open\Command] ""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [HKLM\Software\Clients\StartMenuInternet\Google Chrome\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""=C:\Program Files\Internet Explorer\iexplore.exe [12/04/2018 08:03:05] [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\Shell\open\Command] ""="C:\Program Files\Mozilla Firefox\firefox.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\InstallInfo] "ReinstallCommand"="C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\Shell\open\Command] ""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""=C:\Program Files\Internet Explorer\iexplore.exe [12/04/2018 08:03:05] [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall ---------- | AppcompatFlags [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted] "C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exe"=32 "C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\upc.exe"=32 "C:\eSupport\eDriver\Software\Bluetooth\Broadcom\Broadcom_BT_driver_(AW-NB107_NB111_CE123_CB160H_WCBN605BH)\Win8_64_Win81_64_12.0.0.9840\Setup.exe"=1 "C:\eSupport\eDriver\Software\Bluetooth\Broadcom\Broadcom_BT_driver_(AW-NB107_NB111_CE123_CB160H_WCBN605BH)\Win8_64_Win81_64_12.0.0.9840\Win64\setup.exe"=1 "C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe"=33 "C:\Program Files (x86)\Realtek\NICDRV_8169\RTINSTALLER64.EXE"=1 [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store] "C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe"=0x534143500100000000000000070000002800000038330600FEA3060001000000000000000000030600210000DB80FDAC2839D301000000000000000002000000280000000000000000000040000000000000000000000000000000004F73140D000000008B0300008B030000 "C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe"=0x5341435001000000000000000700000028000000383303007B45030001000000000000000000030671220000DB80FDAC2839D301000000000000000002000000280000000000000000000040000000000000000000000000000000004F73140D000000008F0300008F030000 "C:\eSupport\eDriver\AsInsWiz.exe"=0x534143500100000000000000070000002800000080183E00B6F13E00010000000000000000000206F102000033504C2B57DFD1010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400010020000000000000000000000000054860700000000000500000005000000 "C:\Program Files (x86)\ASUS\ASUS Screen Saver\ASUS Screen Saver.exe"=0x534143500100000000000000070000002800000018490500DF820500010000000000000000000306F5220000B395E7CF049FCE0100000000000000000200000028000000000000000000004000000000000000000000000000000000021F0000000000000100000001000000 "C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSDMgr.exe"=0x534143500100000000000000070000002800000038A30D00B8E50D0001000000000000000000030600210000975FD891C99ECE010000000000000000020000002800000000000000000000000000000000000000000000000000000078130000000000000100000001000000 "C:\Program Files\Windows Media Player\wmplayer.exe"=0x534143500100000000000000070000002800000000980200B357030001000000010000000000000A73220000EDA4DCB1B3BAD0010000000000000000 "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"=0x5341435001000000000000000700000028000000D84A1000798D100001000000000000000000000A712200006A920CE5B7BAD0010000000000000000020000002800000000000000000000000000000000000000000000000000000023020000000000000100000001000000 "C:\Program Files\Windows NT\Accessories\wordpad.exe"=0x534143500100000000000000070000002800000000F04400851F450001000000010000000000000A7322000059193B14E312D1010000000000000000 "C:\RomStation\Emulation\Playstation\pSX\psxfin.exe"=0x534143500100000000000000070000002800000000301D0018EC1D000100000000000000000000067120000019B4C529E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000008B6B0000000000000200000002000000 "SIGN.MEDIA=39A5000 Crack\AssassinsCreed_Dx9.exe"=0x534143500100000000000000070000002800000000507801A96A8F010100000000000000000000067122000019B4C529E312D101000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000001C0B0000000000000100000001000000 "SIGN.MEDIA=39A5000 Crack\AssassinsCreed_Dx10.exe"=0x5341435001000000000000000700000028000000000071012F4988010100000000000000000000067122000019B4C529E312D1010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000044070000000000000100000001000000 "SIGN.MEDIA=7FFFFF00 Files\install.msi"=0x53414350010000000000000007000000280000000002010066CD01000100000000000000000001050010000059193B14E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000018930000000000000100000001000000 "SIGN.MEDIA=1AEDF3E7 Files\Support\DirectX\DXSETUP.exe"=0x534143500100000000000000070000002800000058E70700743308000100000000000000000001067102000019B4C529E312D101000000000000000002000000280000000000000000000040000000000000000000000000000000001DD00100000000000100000001000000 "C:\Program Files (x86)\Epson Software\Epson Manual\Launcher\EPSMLAN.EXE"=0x5341435001000000000000000700000028000000F01D0900EAEC090001000000000000000000000A7120000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000DECF0100000000000100000001000000 "C:\Program Files (x86)\Epson Software\Easy Photo Print\EPQuicker.exe"=0x5341435001000000000000000700000028000000F00D0E0014010F0001000000000000000000000A7120000019B4C529E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000072500000000000000100000001000000 "C:\Windows\twain_32\escndv\escndv.exe"=0x534143500100000000000000050000001000000000000000000000000000000000000000070000002800000008EE0200C6C7030001000000000000000000010671200000DB80FDAC2839D3010000000000000000020000005000000000000000000000400000000000000000000000000000000054130100000000000500000005000000000000000000000000000000000000000000000000000000D2B70100000000001A00000000000000 "C:\Program Files (x86)\OpenOffice 4\program\soffice.exe"=0x5341435001000000000000000700000028000000001A9600AE40960001000000000000000000000A7122000033504C2B57DFD101000000000000000002000000280000000000000000000010000000000000000000000000000000001C0F3300000000001D0000001D000000 "C:\Program Files (x86)\OpenOffice 4\program\swriter.exe"=0x5341435001000000000000000700000028000000009601001759020001000000000000000000000A7122000019B4C529E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000008D7E0F00000000004400000044000000 "SIGN.MEDIA=2CBE686 Reg\setup.exe"=0x534143500100000000000000070000002800000000F60600332A07000100000000000000000000067122000019B4C529E312D10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000100200000000000000000000000000402E5300000000000400000004000000 "C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe"=0x5341435001000000000000000700000028000000A0E92400F972250001000000000000000000010600010000DB80FDAC2839D3010000000000000000020000002800000000000000000000400000020000000000000000000000000064710400000000000200000002000000 "C:\RomStation\Emulation\GameCube\Dolphin x64\Dolphin.exe"=0x53414350010000000000000007000000280000000070E4000000000001000000000000000000000A73220000D5B3B31A57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000005BE40200000000000200000002000000 "C:\RomStation\Emulation\GameCube\Dolphin x64\DSPTool.exe"=0x5341435001000000000000000700000028000000000C08000000000001000000000000000000000A73220000D5B3B31A57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000004F000000000000000100000001000000 "C:\Program Files (x86)\ICEpower\AudioWizard\AudioWizard.exe"=0x5341435001000000000000000700000028000000D0202B00D83A2B0001000000000000000000030671020000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000EE310000000000000500000005000000 "C:\Program Files (x86)\Windows Media Player\wmplayer.exe"=0x5341435001000000000000000700000028000000008C0200A563030001000000010000000000000A7122000033504C2B57DFD1010000000000000000 "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe"=0x534143500100000000000000070000002800000018621D00D3D51D00010000000000000000000206F1220000DB80FDAC2839D30100000000000000000200000050000000000000000000004000000000000000000000000000000000C3411601000000000300000003000000000000000000000000000000000000000000000000000000D9509200000000000800000000000000 "C:\Program Files (x86)\Microsoft Office\Office16\lync.exe"=0x5341435001000000000000000700000028000000C87C5601F95F570101000000000000000000000A7120000033504C2B57DFD1010000009000000000020000002800000000000000000000000000000000000000000000000000000097B20000000000000100000001000000 "SIGN.MEDIA=E6FBCE10 Batman Episode 1\Batman_win8.exe"=0x5341435001000000000000000700000028000000D08C07010000000001000000000000000000000A73220000D5B3B31A57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000012F80200000000000100000001000000 "C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPConfigure64.exe"=0x5341435001000000000000000700000028000000F05F0600B9C5060001000000000000000000000A73220000D5B3B31A57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000000F850000000000000100000001000000 "C:\Program Files\Windows Defender\MSASCui.exe"=0x534143500100000000000000070000002800000000D61300B300140001000000010000000000000A00210000D5B3B31A57DFD1010000000000000000 "C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe"=0x5341435001000000000000000700000028000000F0BD02003D42030001000000000000000000000A73220000DB80FDAC2839D301000000000000000002000000280000000000000000000040000000000000000000000000000000008D59140D000000009301000093010000 "C:\Program Files (x86)\ASUS\PC Link\PCLink.exe"=0x534143500100000000000000070000002800000010C509008BC6090001000000000000000000000A7122000033504C2B57DFD101000000000000000002000000280000000000000000000000040000100000000000000000000000006385A102000000000200000002000000 "C:\Program Files (x86)\ASUS\Share Link\ShareLink.exe"=0x5341435001000000000000000700000028000000105B22015AD9220101000000000000000000000AF5220000D5B3B31A57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000051480400000000000100000001000000 "C:\Program Files\Internet Explorer\iexplore.exe"=0x5341435001000000000000000700000028000000C0960C005DE50C0001000000010000000000000A00210000D5B3B31A57DFD1010000000000000000 "C:\Program Files (x86)\Notepad++\updater\gpup.exe"=0x5341435001000000000000000700000028000000002A040058E5040001000000000000000000000A7122000033504C2B57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000003F000000000000000100000001000000 "C:\Program Files (x86)\OpenOffice 4\program\sdraw.exe"=0x5341435001000000000000000700000028000000009601004252020001000000000000000000000A7122000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000402D2300000000000200000002000000 "C:\Program Files (x86)\Microsoft Office\Office16\OUTLOOK.EXE"=0x5341435001000000000000000700000028000000C86261019DE0610101000000000000000000000A0021000033504C2B57DFD1010000009100000000 "C:\Program Files (x86)\Notepad++\notepad++.exe"=0x5341435001000000000000000700000028000000B0A8220004E0220001000000000000000000000A0021000033504C2B57DFD10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000E2110000000000000300000003000000 "C:\Users\jeremy\AppData\Local\ZenMate\Update.exe"=0x534143500100000000000000070000002800000010261700CC87170001000000000000000000000A8021000033504C2B57DFD1010000008000000000020000002800000000000000000000000000000000000000000000000000000053091B00000000000800000008000000 "C:\Users\jeremy\AppData\Roaming\ZHP\ZHPCleaner.exe"=0x53414350010000000000000007000000280000000060260061A426000100000000000000000003060001000033504C2B57DFD10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000D5160D00000000000100000001000000 "C:\Program Files\Malwarebytes\Anti-Malware\assistant.exe"=0x5341435001000000000000000700000028000000D09B05008F7B060001000000000000000000000A7122000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000E4010000000000000500000005000000 "C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe"=0x5341435001000000000000000500000010000000000000000000000000000000000000000700000028000000F86A2A00079B2A0001000000000000000000000AF1220000DB80FDAC2839D30100000080000000000200000028000000000000000000004000000000000000000000000000000000D2384002000000000200000002000000 "C:\RomStation\Emulation\Super Nintendo\Snes9x\snes9x.exe"=0x534143500100000000000000070000002800000000484F000000000001000000000000000000000A73220000DB80FDAC2839D3010000000000000000020000002800000000000000000000000000000000000000000000000000000089AF0000000000000600000006000000 "C:\Users\jeremy\AppData\Roaming\ZHP\ZHPDiag3.exe"=0x5341435001000000000000000700000028000000002C290037D829000100000000000000000003060001000033504C2B57DFD10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000F5F70800000000000100000001000000 "SIGN.MEDIA=14420A2C setup.exe"=0x53414350010000000000000007000000280000005D624700000000000100000000000000000001060001000033504C2B57DFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000078350D00000000000600000006000000 "SIGN.MEDIA=8731600 autostart.exe"=0x534143500100000000000000070000002800000000C804009AA905000100000000000000000002067120000033504C2B57DFD1010000000000000000020000005000000000000000800000000000000000000000000000000000000052508700000000000100000001000000000000000000000000000000000000000000000000000000A9E90900000000000500000000000000 "C:\Program Files (x86)\NETGEAR\WNA3100M\DriverDataTool64.exe"=0x5341435001000000000000000700000028000000D80C0500F629050001000000000000000000030673020000D5B3B31A57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000B61B0000000000000100000001000000 "C:\ProgramData\NVIDIA Corporation\Downloader\latest\setup.exe"=0x5341435001000000000000000700000028000000787206005A80060001000000000000000000000A0021000033504C2B57DFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000013A00100000000000100000001000000 "D:\FF7 CrazySe7en Project\FF7 Remix C7Project.exe"=0x5341435001000000000000000700000028000000F6BE0F00000000000100000000000000000001060001000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000080CA0E00000000000200000002000000 "D:\FF7 CrazySe7en Project\Mise à jour OS\tm20decSetup.exe"=0x53414350010000000000000007000000280000001EB30100000000000100000000000000000001057100000033504C2B57DFD10100000000000000000100000004000000010000000500000010000000000000000000000000000000000800000200000028000000000000000008004000002000000000000000200000000000B2190000000000000200000002000000 "D:\FF7 CrazySe7en Project\Mise à jour OS\ffdshow_rev4422_20120409_x64.exe"=0x53414350010000000000000007000000280000008EF64C000000000001000000000000000000010600010000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000506D0000000000000200000002000000 "C:\Users\jeremy\AppData\Local\Molotov\Update.exe"=0x5341435001000000000000000700000028000000002A17000000000001000000000000000000000A80210000DB80FDAC2839D30100000080000000000200000050000000000000000000004000000000000000000000000000000000A50F89000000000012000000120000000000000000000000000000000000000000000000000000005DC58506000000009400000000000000 "SIGN.MEDIA=437B69E Yooka-Laylee\YookaLaylee64.exe"=0x534143500100000000000000070000002800000000AE44010000000001000000000000000000000A00210000D5B3B31A57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000117C0100000000000100000001000000 "SIGN.MEDIA=F92C499B Little Nightmares [FitGirl Repack]\setup.exe"=0x5341435001000000000000000700000028000000CE1B3D00000000000100000000000000000001060001000033504C2B57DFD101000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000005A200000000000000100000001000000 "C:\Program Files (x86)\ASUS\PC Link\PCLinkFileTransfer.exe"=0x53414350010000000000000007000000280000001039000032EB000001000000000000000000000AF522000033504C2B57DFD1010000000000000000020000002800000000000000000000000400001000000000000000000000000001808A01000000000100000001000000 "C:\Users\jeremy\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"=0x5341435001000000000000000700000028000000C8447B0131B57B0101000000000000000000000A0021000033504C2B57DFD1010000000100000000 "SIGN.MEDIA=1A1FDB1C setup.exe"=0x5341435001000000000000000700000028000000EB774100000000000100000000000000000001060001000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000C2EE1100000000000100000001000000 "C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE"=0x5341435001000000000000000700000028000000A84A9D0167ED9D0101000000000000000000000A0021000033504C2B57DFD1010000009100000000 "C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exe"=0x534143500100000000000000070000002800000058CD0600C896070001000000000000000000000A7122000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000DB080300000000000100000001000000 "SIGN.MEDIA=F77F4F2A setup.exe"=0x5341435001000000000000000700000028000000E3A40D00000000000100000000000000000001060021000033504C2B57DFD10100000000000000000200000050000000000000000000000000000000000000000000000000000000BF331100000000000100000001000000000000008000000000000000000000000000000000000000F9CF0200000000000100000000000000 "C:\Program Files (x86)\Square Enix\Deus Ex - Human Revolution\dxhr.exe"=0x5341435001000000000000000700000028000000206DCC00F8AECC000100000000000000000001067102000033504C2B57DFD101000000000000000002000000280000000000000000000090000000000000000000000000000000001D4C5200000000000800000008000000 "C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe"=0x5341435001000000000000000700000028000000C0B70E00B9C70E0001000000000000000000000A7120000033504C2B57DFD1010000000000000000020000002800000000000000800000000000000000000000000000000000000090020000000000000100000001000000 "SIGN.MEDIA=84160651 setup.exe"=0x5341435001000000000000000700000028000000C9774100000000000100000000000000000001060001000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000596C0600000000000100000001000000 "C:\Program Files (x86)\Square Soft, Inc\Final Fantasy VII\FF7Config.exe"=0x534143500100000000000000070000002800000000E60600000000000100000000000000000001057100000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000005B730000000000000100000001000000 "C:\Program Files (x86)\Square Soft, Inc\Final Fantasy VII\FF7Config.bat"=0x5341435001000000000000000700000028000000002A0400D11B050001000000000000000000010500100000DB80FDAC2839D3010000000000000000 "C:\Program Files (x86)\Square Soft, Inc\Final Fantasy VII\cdcheck.exe"=0x5341435001000000000000000700000028000000007000000000000001000000000000000000010571200000DB80FDAC2839D301000000000000000002000000280000000000000000000000000000000000000000000000000000007745E600000000000300000003000000 "C:\Program Files (x86)\Square Soft, Inc\Final Fantasy VII\Run FFVII-Remix-AChildren.bat"=0x5341435001000000000000000700000028000000002A0400D11B050001000000000000000000010500100000DB80FDAC2839D3010000000000000000 "C:\Program Files (x86)\Square Soft, Inc\Final Fantasy VII\ff7.exe"=0x534143500100000000000000050000001000000000000000000000000000000000000000070000002800000000E859000000000001000000000000000000010571000000DB80FDAC2839D30100000000000000000200000050000000000000000000001000000000000000000000000000000000408F0000000000000400000001000000000000000000005000020200000000000000000000000000BDB83C00000000001100000000000000 "C:\Program Files (x86)\Square Soft, Inc\Final Fantasy VII\64bitpostinstall.bat"=0x5341435001000000000000000700000028000000002A0400D11B050001000000000000000000010500100000DB80FDAC2839D3010000000000000000 "D:\FF7 CrazySe7en Project\Mise à jour OS\dxwebsetup.exe"=0x5341435001000000000000000700000028000000587504004CBE040001000000000000000000010571000000DB80FDAC2839D30100000000000000000200000028000000000000000008004000000000000000000000000000000000356F0000000000000100000001000000 "C:\RomStation\RomStation.exe"=0x534143500100000000000000070000002800000000D21F000000000001000000000000000000000A71220000DB80FDAC2839D3010000000000000000020000002800000000000000000000400000000000000000000000000000000021221000000000000400000004000000 "C:\Program Files\WinRAR\WinRAR.exe"=0x5341435001000000000000000700000028000000D8EA1700F637180001000000000000000000000A00210000DB80FDAC2839D3010000000000000000020000005000000000000000000000400000000000000000000000000000000008271C00000000001100000011000000000000000000000000000000000000000000000000000000F6980300000000000300000000000000 "C:\Program Files (x86)\Square Soft, Inc\Final Fantasy VII\Neo-Midgar.exe"=0x534143500100000000000000070000002800000000527D000000000001000000000000000000000A71220000DB80FDAC2839D3010000000000000000020000002800000000000000000000401000000000000000000000000000000021740100000000000800000008000000 "D:\ff7\FF7_v1_0_5.exe"=0x5341435001000000000000000700000028000000D003080084E0080001000000000000000000010600010000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000E3BE0500000000000100000001000000 "D:\ff7\FF7_GameConverter_0.10.exe"=0x5341435001000000000000000700000028000000EFC961000000000001000000000000000000010600010000DB80FDAC2839D30100000000000000000200000028000000000000008000004000000000000000000000000000000000E4650200000000000100000001000000 "C:\Program Files (x86)\Epson Software\Event Manager\EProjManager.exe"=0x5341435001000000000000000700000028000000F0EB120088B6130001000000000000000000000A71220000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000D16F0000000000000100000001000000 "C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe"=0x5341435001000000000000000700000028000000D0F79A00AF8E9B0001000000000000000000000A71220000DB80FDAC2839D301000000000000000002000000280000000000000000000040000000000000000000000000000000005E381C00000000000500000005000000 "D:\Games\Yooka-Laylee\YookaLaylee64.exe"=0x534143500100000000000000070000002800000000AE44010000000001000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000DEE30200000000000100000001000000 "C:\Program Files\CCleaner\CCleaner.exe"=0x5341435001000000000000000700000028000000F8BEC200183EC30001000000000000000000000A00210000DB80FDAC2839D301000000000000000002000000280000000000000000000040000000000000000000000000000000002B6E0000000000000200000002000000 "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe"=0x53414350010000000000000007000000280000004071360002F1360001000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000FD457400000000000100000001000000 "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe"=0x534143500100000000000000070000002800000010CDF6008C45F70001000000000000000000030600010000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000CC050000000000000100000001000000 "C:\Program Files (x86)\epson\MyEpson Portal\mep.exe"=0x5341435001000000000000000700000028000000D07C24007A40250001000000000000000000000A00210000DB80FDAC2839D301000000000000000002000000280000000000000000000040000000000000000000000000000000006C9E1200000000000100000001000000 "C:\Program Files (x86)\Microsoft Office\Office16\MSACCESS.EXE"=0x5341435001000000000000000700000028000000B09EF0002F4FF10001000000000000000000000A00210000DB80FDAC2839D3010000009100000000 "SIGN.MEDIA=769B26CE setup.exe"=0x534143500100000000000000070000002800000064209C000000000001000000000000000000030600010000DB80FDAC2839D30100000000000000000200000028000000000000000000004000020200000000000000000000000000A7920400000000000100000001000000 "C:\Program Files\FINAL FANTASY V\FFV_Launcher.exe"=0x5341435001000000000000000700000028000000101C6800D698620001000000000000000000000A71220000DB80FDAC2839D30100000000000000000200000028000000000000008000004000000040000000000000000000000000EEFEA200000000001200000012000000 "SIGN.MEDIA=4E435BB4 setup.exe"=0x5341435001000000000000000700000028000000906247000000000001000000000000000000010600010000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000D53C0100000000000100000001000000 "C:\Program Files (x86)\Steam\Steam.exe"=0x534143500100000000000000070000002800000020D33000D03F310001000000000000000000000A00210000DB80FDAC2839D301000000000000000002000000280000000000000000000040000000000000000000000000000000008EA94500000000000D0000000D000000 "C:\Program Files (x86)\Java\jre1.8.0_171\bin\ssvagent.exe"=0x5341435001000000000000000700000028000000C8E30000E0B8010001000000000000000000010600010000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000B9030000000000000100000001000000 "C:\Users\jeremy\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"=0x5341435001000000000000000700000028000000A0548501FEE6850101000000000000000000000A00210000DB80FDAC2839D3010000000100000000 "C:\Users\jeremy\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000A0E00300017A040001000000000000000000000A00210000DB80FDAC2839D3010000000100000000 "C:\Users\jeremy\Downloads\Mufibot-1.14.1-win32\Mufibot.exe"=0x534143500100000000000000070000002800000000C655000000000001000000000000000000000A71200000DB80FDAC2839D301000000000000000002000000280000000000000000000040000000000000000000000000000000001DBA6F00000000001E0000001E000000 "C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE"=0x5341435001000000000000000700000028000000A88A1D00563A1E0001000000000000000000000A00210000DB80FDAC2839D3010000009100000000 "C:\Program Files (x86)\Glary Utilities 5\upgrade.exe"=0x5341435001000000000000000700000028000000D0130100F8C1010001000000000000000000030671020000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000DEDE7500000000003300000033000000 "C:\Program Files (x86)\Glary Utilities 5\Integrator.exe"=0x5341435001000000000000000700000028000000D0F50D0048670E0001000000000000000000000A71220000DB80FDAC2839D301000000000000000002000000280000000000000000000040040000000000000000000000000000007531C501000000000200000002000000 "C:\Users\jeremy\Downloads\dofus.exe"=0x5341435001000000000000000700000028000000608662002955630001000000000000000000020600010000DB80FDAC2839D3010000000000000000020000002800000000000000000000400000000000000000000000000000000068DB2F00000000000200000002000000 "C:\Users\jeremy\AppData\Local\Ankama\Dofus\Dofus.exe"=0x5341435001000000000000000700000028000000608662002955630001000000000000000000020600010000DB80FDAC2839D301000000000000000002000000280000000000000000000040040000000000000000000000000000003E55F201000000009700000097000000 "C:\Program Files (x86)\Glary Utilities 5\SoftwareUpdate.exe"=0x5341435001000000000000000700000028000000D0A709001AB7090001000000000000000000000A71220000DB80FDAC2839D3010000000000000000020000002800000000000000000000400000000000000000000000000000000079370B01000000002800000028000000 "C:\Program Files (x86)\NETGEAR\WNA3100M\WNA3100M.exe"=0x5341435001000000000000000700000028000000E8487E0053437F0001000000000000000000000A71200000DB80FDAC2839D301000000000000000002000000280000000000000000000040000000000000000000000000000000003020A000000000000B0000000B000000 "C:\ProgramData\NVIDIA Corporation\Downloader\641ce1481194bca086021343e4eaeca8\GeForce_Experience_Update_v3.14.0.139_Official_F5B5E1.exe"=0x5341435001000000000000000700000028000000C8D86D053FAC6E0501000000000000000000020600010000DB80FDAC2839D3010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000401000000000000000000000000000000092EC0000000000000300000003000000 "C:\Program Files\CCleaner\CCleaner64.exe"=0x5341435001000000000000000700000028000000E83818016B4B180101000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000A8705D00000000000800000008000000 "C:\Users\jeremy\Downloads\ZedTV.exe"=0x5341435001000000000000000700000028000000F628E5000000000001000000000000000000000A00210000DB80FDAC2839D3010000000000000000020000002800000000000000000000400000000000000000000000000000000038750500000000000100000001000000 "C:\Program Files\VideoLAN\VLC\vlc.exe"=0x5341435001000000000000000700000028000000C8F20E00ACB30F0001000000000000000000000600010000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000E4090000000000000100000001000000 "C:\Users\jeremy\Downloads\Firefox Installer.exe"=0x534143500100000000000000070000002800000080C90400EE13050001000000000000000000000A00210000DB80FDAC2839D3010000000000000000020000002800000000000000000000400000000000000000000000000000000055130400000000000100000001000000 "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"=0x5341435001000000000000000700000028000000F09D220048F1220001000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000005000000000000000000000000000000000B3960000000000000200000002000000 "C:\Users\jeremy\Downloads\adwcleaner_7.1.1.exe"=0x5341435001000000000000000700000028000000D0F46E0049476F0001000000000000000000000A00210000DB80FDAC2839D3010000000000000000 "C:\Users\jeremy\AppData\Local\Discord\Update.exe"=0x5341435001000000000000000700000028000000583F17005341170001000000000000000000000A75220000DB80FDAC2839D301000000000000000002000000280000000000000000000040000000000000000000000000000000008C430B00000000000200000002000000 "C:\Program Files (x86)\ASUS\ASUS Device Activation\DevActSvc.exe"=0x534143500100000000000000070000002800000090F9040031D7050001000000000000000000000A71220000DB80FDAC2839D301000000000000000002000000280000000000000000000040000000000000000000000000000000004E000000000000000200000002000000 "C:\Program Files\Mozilla Firefox\firefox.exe"=0x5341435001000000000000000700000028000000D0C106002857070001000000000000000000000A00210000DB80FDAC2839D3010000000100000000 "C:\Users\jeremy\Downloads\avast_free_antivirus_setup_online_a2f.exe"=0x534143500100000000000000070000002800000060C56F00E78B700001000000000000000000000A00210000DB80FDAC2839D301000000000000000002000000280000000000000000000040000000000000000000000000000000001B671300000000000100000001000000 "C:\Windows10Upgrade\Windows10UpgraderApp.exe"=0x5341435001000000000000000700000028000000B0561C0078881C0001000000000000000000000A71220000DB80FDAC2839D30100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000B82D0000000000000100000001000000 "C:\Users\jeremy\AppData\Local\Temp\_avast_\avastTempInstaller_424675.exe"=0x5341435001000000000000000700000028000000703B0F00CD02100001000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000008000004000000000000000000000000000000000FECA0400000000000100000001000000 "C:\Users\jeremy\Downloads\flashplayer30_ka_install.exe"=0x5341435001000000000000000700000028000000F06112006603130001000000000000000000000A00210000DB80FDAC2839D3010000000000000000020000002800000000000000000000400000000000000000000000000000000049690000000000000100000001000000 "C:\Users\jeremy\Downloads\flashplayer30_xa_install.exe"=0x5341435001000000000000000700000028000000F06112006603130001000000000000000000000A00210000DB80FDAC2839D3010000000000000000020000002800000000000000000000400000000000000000000000000000000062C00000000000000100000001000000 "C:\Users\jeremy\Downloads\JavaSetup8u171.exe"=0x5341435001000000000000000700000028000000C8B51C00D5111D0001000000000000000000000A71220000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000922A0500000000000200000002000000 "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"=0x5341435001000000000000000700000028000000583D18008305190001000000000000000000000A00210000DB80FDAC2839D3010000000100000000 "C:\Users\jeremy\Downloads\FRST64.exe"=0x534143500100000000000000070000002800000000D22400E6DD240001000000000000000000000A00210000DB80FDAC2839D3010000000000000000020000002800000000000000000000400000000000000000000000000000000080680300000000000200000002000000 "C:\Program Files\AVAST Software\Avast\AvastUI.exe"=0x5341435001000000000000000700000028000000D832B70013ACB70001000000000000000000000A00210000DB80FDAC2839D301000000000000000002000000280000000000000000000040000000000000000000000000000000006D000000000000000200000002000000 "C:\Users\jeremy\Downloads\QuickDiag.exe"=0x5341435001000000000000000700000028000000A8FF3D000B1C3E0001000000000000000000000A00210000DB80FDAC2839D3010000000000000000020000002800000000000000000000400000000000000000000000000000000060C00700000000000100000001000000 ---------- | IFEO ---------- | Mountpoints2 ---------- | Windows [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] ""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "Beep"=#USR:Control Panel\Sound "CoolSwitch"=USR:Control Panel\Desktop "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickSpeed"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse "Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SwapMouseButtons"=#USR:Control Panel\Mouse "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf] ""=@SYS:DoesNotExist [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "Beep"=#USR:Control Panel\Sound "CoolSwitch"=USR:Control Panel\Desktop "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickSpeed"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SwapMouseButtons"=#USR:Control Panel\Mouse "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems] "windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ---------- | Security center [HKLM\SOFTWARE\Microsoft\Security Center] "cval"=1 [HKLM\SOFTWARE\Microsoft\Security Center\svc] "VistaSp1"=131620585502132028 [HKLM\SOFTWARE\Microsoft\Windows Defender] "ProductAppDataPath"=C:\ProgramData\Microsoft\Windows Defender "ProductIcon"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-100 "ProductLocalizedName"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-1000 "RemediationExe"=%ProgramFiles%\Windows Defender\MSASCui.exe "DisableAntiSpyware"=1 "ProductType"=2 "ManagedDefenderProductType"=0 "ProductStatus"=0 "InstallTime"=0x4BA30062A947D001 "DisableAntiVirus"=1 "InstallLocation"=C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\ "PassiveMode"=0 "LastEnabledTime"=0xDB5605762404D401 "BackupLocation"=C:\Program Files\Windows Defender [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall"=1 ---------- | Safeboot [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicDisplay.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicRender.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BrokerInfrastructure] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DeviceInstall] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dxgkrnl.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FsDepends.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LSM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SerCx2.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SystemEventsBroker] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicDisplay.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicRender.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BrokerInfrastructure] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DeviceInstall] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dxgkrnl.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\FsDepends.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LSM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetSetupSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SerCx2.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmartcardSimulator] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SpbCx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SystemEventsBroker] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TileDataModelSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\uefi.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VirtualSmartcardReader] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wcmsvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}] ---------- | Winsock (Whitelist) ---------- | Hosts 127.0.0.1 down.baidu2016.com 127.0.0.1 123.sogou.com 127.0.0.1 www.czzsyzgm.com 127.0.0.1 www.czzsyzxl.com [44] More lines ---------- | Ping Envoi d'une requ?te 'ping' sur google.com [216.58.204.110] avec 32 octets de donn?es?: R?ponse de 216.58.204.110?: octets=32 temps=21 ms TTL=55 R?ponse de 216.58.204.110?: octets=32 temps=20 ms TTL=55 R?ponse de 216.58.204.110?: octets=32 temps=21 ms TTL=55 R?ponse de 216.58.204.110?: octets=32 temps=37 ms TTL=55 Statistiques Ping pour 216.58.204.110: Paquets?: envoy?s = 4, re?us = 4, perdus = 0 (perte 0%), Dur?e approximative des boucles en millisecondes : Minimum = 20ms, Maximum = 37ms, Moyenne = 24ms ---------- | @ [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\Microsoft\Internet Explorer\Main] "Anchor Underline"=yes "Disable Script Debugger"=yes "DisableScriptDebuggerIE"=yes "Display Inline Images"=yes "Do404Search"=0x01000000 "Save_Session_History_On_Exit"=no "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Show_FullURL"=no "Show_StatusBar"=yes "Show_ToolBar"=yes "Show_URLinStatusBar"=yes "Show_URLToolBar"=yes "Use_DlgBox_Colors"=yes "UseClearType"=no "XMLHTTP"=1 "Cache_Update_Frequency"=Once_Per_Session "Local Page"=C:\Windows\system32\blank.htm "NoUpdateCheck"=0 "Enable Browser Extensions"=yes "Play_Background_Sounds"=yes "Play_Animations"=yes "DisableFirstRunCustomize"=3 "OperationalData"=13 "CompatibilityFlags"=0 "FullScreen"=no "Window_Placement"=0x2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE8010000300000003D05000088020000 "ImageStoreRandomFolder"=12m3ndv "IE10RunOncePerInstallCompleted"=1 "IE10RunOnceCompletionTime"=0xECA12AFDC5B4D301 "DownloadWindowPlacement"=0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 "ApplicationTileImmersiveActivation"=0 "AssociationActivationMode"=2 "EdgeSwitchingOSBuildNumber"=10586.th2_release.160104-1513 "Start Page_TIMESTAMP"=0x88D4C1C558F1D101 "SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy"=0x01000000480000006E1D1321110A7C7962683FC5D4069C2BF1A23AB3629335D2FF5CF2408904BEFC98D568F1CE86A6AE4E5E204B5E49563AAD55D8D78523C25DA1DF7953783CD9AB43C8D9B7787AE88B020000000E000000784E64364C504950433138253364 "SearchBandMigrationVersion"=1 "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\Microsoft\Windows\CurrentVersion\Internet settings] "DisableCachingOfSSLPages"=0 "IE5_UA_Backup_Flag"=5.0 "PrivacyAdvanced"=1 "SecureProtocols"=2688 "CertificateRevocation"=1 "User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32) "ZonesSecurityUpgrade"=0x6D8CD1CFDCEED301 "EmailName"=User@ "AutoConfigProxy"=wininet.dll "MimeExclusionListForCache"=multipart/mixed multipart/x-mixed-replace multipart/x-byteranges "WarnOnPost"=0x01000000 "UseSchannelDirectly"=0x01000000 "EnableHttp1_1"=1 "UrlEncoding"=0 "WarnonZoneCrossing"=0 "EnableNegotiate"=1 "MigrateProxy"=1 "ProxyEnable"=0 "ProxyOverride"= [HKLM\Software\Microsoft\Internet Explorer\Main] "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "AutoHide"=yes "Anchor_Visitation_Horizon"=0x01000000 "Cache_Percent_of_Disk"=0x0A000000 "Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Secondary_Page_URL"= "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "Extensions Off Page"=about:NoAdd-ons "Local Page"=C:\Windows\System32\blank.htm "Placeholder_Height"=0x1A000000 "Placeholder_Width"=0x1A000000 "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Security Risk Page"=about:SecurityRisk "Use_Async_DNS"=yes "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE "Start Page"=about:blank "DisableRandomFlighting"=0 "EnableLegacyEdgeSwitching"=1 "TabProcGrowth"=Medium "DoNotTrack"=1 [HKLM\Software\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "Home"=270 "InPrivate"=res://ieframe.dll/inprivate.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "PostNotCached"=res://ieframe.dll/repost.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes] "ftp"=ftp:// "home"=http:// "mosaic"=http:// "www"=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings] "ActiveXCache"=C:\Windows\Downloaded Program Files "CodeBaseSearchPath"=CODEBASE "EnablePunycode"=1 "MinorVersion"=0 "WarnOnIntranet"=1 [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Main] "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "AutoHide"=yes "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Anchor_Visitation_Horizon"=0x01000000 "Cache_Percent_of_Disk"=0x0A000000 "Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Secondary_Page_URL"= "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "Extensions Off Page"=about:NoAdd-ons "Local Page"=C:\Windows\SysWOW64\blank.htm "Placeholder_Height"=0x1A000000 "Placeholder_Width"=0x1A000000 "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Security Risk Page"=about:SecurityRisk "Use_Async_DNS"=yes "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "Home"=270 "InPrivate"=res://ieframe.dll/inprivate.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "PostNotCached"=res://ieframe.dll/repost.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes] "ftp"=ftp:// "home"=http:// "mosaic"=http:// "www"=http:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet settings] "ActiveXCache"=C:\Windows\Downloaded Program Files "CodeBaseSearchPath"=CODEBASE "EnablePunycode"=1 "MinorVersion"=0 "WarnOnIntranet"=1 ---------- | Proxy ---------- | reparsepoint ---------- | Detection of offsets ---------- | Notify ---------- | Execution FileExts ---------- | SIOI | SEH | URLSH [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt01] - {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} -- C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [06/06/2018 21:50:00] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt02] - {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} -- C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [06/06/2018 21:50:00] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt03] - {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} -- C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [06/06/2018 21:50:00] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt04] - {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} -- C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [06/06/2018 21:50:00] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt05] - {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} -- C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [06/06/2018 21:50:00] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt06] - {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} -- C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [06/06/2018 21:50:00] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt07] - {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} -- C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [06/06/2018 21:50:00] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt08] - {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} -- C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [06/06/2018 21:50:00] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt09] - {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} -- C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [06/06/2018 21:50:00] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt10] - {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} -- C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [06/06/2018 21:50:00] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6] - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro1 (ErrorConflict)] - {8BA85C75-763B-4103-94EB-9470F12FE0F7} -- C:\PROGRA~1\MICROS~2\Office16\GROOVEEX.DLL [15/05/2018 09:00:18] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro2 (SyncInProgress)] - {CD55129A-B1A1-438E-A425-CEBC7DC684EE} -- C:\PROGRA~1\MICROS~2\Office16\GROOVEEX.DLL [15/05/2018 09:00:18] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro3 (InSync)] - {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} -- C:\PROGRA~1\MICROS~2\Office16\GROOVEEX.DLL [15/05/2018 09:00:18] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\!AsusWSShellExt_B] - {6D4133E5-0742-4ADC-8A8C-9303440F7191} -- C:\Program Files (x86)\Common Files\AWS\2.1.11.399\ASUSWSShellExt64.dll [26/06/2013 05:26:20] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\!AsusWSShellExt_O] - {64174815-8D98-4CE6-8646-4C039977D809} -- C:\Program Files (x86)\Common Files\AWS\2.1.11.399\ASUSWSShellExt64.dll [26/06/2013 05:26:20] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\!AsusWSShellExt_U] - {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} -- C:\Program Files (x86)\Common Files\AWS\2.1.11.399\ASUSWSShellExt64.dll [26/06/2013 05:26:20] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw] - {472083B0-C522-11CF-8763-00608CC02F24} -- C:\Program Files\AVAST Software\Avast\ashShA64.dll [08/06/2018 21:41:31] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg] - {472083B0-C522-11CF-8763-00608CC02F24} -- C:\Program Files\AVAST Software\Avast\ashShA64.dll [08/06/2018 21:41:31] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} -- C:\Windows\System32\EhStorShell.dll [29/09/2017 15:41:47] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt01] - {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} -- C:\Program Files (x86)\Dropbox\Client\DropboxExt.22.0.dll [06/06/2018 21:50:00] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt02] - {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} -- C:\Program Files (x86)\Dropbox\Client\DropboxExt.22.0.dll [06/06/2018 21:50:00] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt03] - {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} -- C:\Program Files (x86)\Dropbox\Client\DropboxExt.22.0.dll [06/06/2018 21:50:00] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt04] - {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} -- C:\Program Files (x86)\Dropbox\Client\DropboxExt.22.0.dll [06/06/2018 21:50:00] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt05] - {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} -- C:\Program Files (x86)\Dropbox\Client\DropboxExt.22.0.dll [06/06/2018 21:50:00] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt06] - {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} -- C:\Program Files (x86)\Dropbox\Client\DropboxExt.22.0.dll [06/06/2018 21:50:00] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt07] - {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} -- C:\Program Files (x86)\Dropbox\Client\DropboxExt.22.0.dll [06/06/2018 21:50:00] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt08] - {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} -- C:\Program Files (x86)\Dropbox\Client\DropboxExt.22.0.dll [06/06/2018 21:50:00] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt09] - {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} -- C:\Program Files (x86)\Dropbox\Client\DropboxExt.22.0.dll [06/06/2018 21:50:00] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt10] - {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} -- C:\Program Files (x86)\Dropbox\Client\DropboxExt.22.0.dll [06/06/2018 21:50:00] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6] - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro1 (ErrorConflict)] - {8BA85C75-763B-4103-94EB-9470F12FE0F7} -- C:\PROGRA~2\MICROS~1\Office16\GROOVEEX.DLL [15/05/2018 08:58:50] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro2 (SyncInProgress)] - {CD55129A-B1A1-438E-A425-CEBC7DC684EE} -- C:\PROGRA~2\MICROS~1\Office16\GROOVEEX.DLL [15/05/2018 08:58:50] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro3 (InSync)] - {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} -- C:\PROGRA~2\MICROS~1\Office16\GROOVEEX.DLL [15/05/2018 08:58:50] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks] "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"= ---------- | Toolbar [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "Locked"=1 [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} "ShowSearchSuggestionsInAddressGlobal"=1 "KnownProvidersUpgradeTime"=0xECA12AFDC5B4D301 "Version"=5 "UpgradeTime"=0xECA12AFDC5B4D301 "DefaultPackCorrection"=1 "DefaultPackNTCorrection"=1 "DownloadRetries"=4 [HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{9421DD08-935F-4701-A9CA-22DF90AC4EA6}"=EPTBL "{b60873b9-51aa-4566-b2fc-c16de2ec8bff}"=Panda Safe Web [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Toolbar] "{b60873b9-51aa-4566-b2fc-c16de2ec8bff}"=Panda Safe Web [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} ---------- | Extensions [HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}] : (&Envoyer à OneNote) - [] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] : (@%CommonProgramFiles%\Microsoft Shared\Office16\oregres.dll,-430) - [] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}] : (Notes &liées OneNote) - [] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}] : (&Envoyer à OneNote) - [] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] : (@%CommonProgramFiles%\Microsoft Shared\Office16\oregres.dll,-430) - [] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}] : (Notes &liées OneNote) - [] ---------- | SearchScopes [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}] - (Bing) - https://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04 : [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}] - (Search The Web) - http://pandasecurity.mystart.com/results.php?pr=vmn&gen=ms&id=pandasecuritytb&v=4_3&idate=2018-05-27&ent=ch_675&q={searchTerms} : [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8EEAC88A-079B-4b2c-80C1-7836F79EB40A}] - (Yahoo! Search) - http://fr.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo : ---------- | Browser Helper Objects [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] -> (Skype for Business Browser Helper) : C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [11/04/2018 09:13:26] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b60873b9-51aa-4566-b2fc-c16de2ec8bff}] -> () : [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}] -> (Microsoft OneDrive for Business Browser Helper) : C:\PROGRA~2\MICROS~1\Office16\GROOVEEX.DLL [15/05/2018 08:58:50] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] -> (Skype for Business Browser Helper) : C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [11/04/2018 09:13:26] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] -> (Java(tm) Plug-In SSV Helper) : C:\Program Files (x86)\Java\jre1.8.0_171\bin\ssv.dll [15/06/2018 16:25:56] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b60873b9-51aa-4566-b2fc-c16de2ec8bff}] -> () : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}] -> (Microsoft OneDrive for Business Browser Helper) : C:\PROGRA~2\MICROS~1\Office16\GROOVEEX.DLL [15/05/2018 08:58:50] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] -> (Java(tm) Plug-In 2 SSV Helper) : C:\Program Files (x86)\Java\jre1.8.0_171\bin\jp2ssv.dll [15/06/2018 16:25:56] ---------- | Chrome C:\Users\jeremy\AppData\Local\Google\Chrome\User Data\Default\extensions\aohghmighlieiainnegkcijnfilokake = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\jeremy\AppData\Local\Google\Chrome\User Data\Default\extensions\apdfllckaahabafndbhieahigkjlhalf = : Google & co - https://drive.google.com/?usp=chrome_app - Google & co - [http://docs.google.com/http://drive.google.com/https://docs.google.com/https://drive.google.com/] - https://clients2.google.com/service/update2/crx C:\Users\jeremy\AppData\Local\Google\Chrome\User Data\Default\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo = : Google & co - http://www.youtube.com - http://www.youtube.com - Google & co - http://clients2.google.com/service/update2/crx C:\Users\jeremy\AppData\Local\Google\Chrome\User Data\Default\extensions\cfhdojbkjhnklbpkdaibdccddilifddb = : __MSG_description__ - short_name: __MSG_name__ - permissions:[tabs\u003Call_urls>contextMenuswebRequestwebRequestBlockingwebNavigationstorageunlimitedStoragenotifications] - https://clients2.google.com/service/update2/crx C:\Users\jeremy\AppData\Local\Google\Chrome\User Data\Default\extensions\efaidnbmnnnibpcajpcglclefindmkaj = : __MSG_web2pdfExtnDescription__ - __MSG_web2pdfExtnName__ - https://clients2.google.com/service/update2/crx C:\Users\jeremy\AppData\Local\Google\Chrome\User Data\Default\extensions\eofcbnmajmjmplflapaojjnihcjkigck = : __MSG_avastAppDesc__ - __MSG_avastAppName__ - https://clients2.google.com/service/update2/crx C:\Users\jeremy\AppData\Local\Google\Chrome\User Data\Default\extensions\fagakgcelolinfnkfgekcnedpaklfcok = : Panda Safe Web is the best tool to browse the Internet safely and quickly. It blocks malware blocks ads and tracking. - short_name: Panda Safe Web - https://clients2.google.com/service/update2/crx C:\Users\jeremy\AppData\Local\Google\Chrome\User Data\Default\extensions\ffjkhaeogkeelkioellpgcebmekedpag = : Aide à détecter les sites de confiance CM CIC et les tentatives de phishing - Barre de Confiance CM-CIC - permissions:[tabswebRequestwebRequestBlocking\u003Call_urls>cookies] - http://clients2.google.com/service/update2/crx C:\Users\jeremy\AppData\Local\Google\Chrome\User Data\Default\extensions\flliilndjeohchalpbbcdekjklbdgfkk = : __MSG_extDescription__ - __MSG_extName__ - https://clients2.google.com/service/update2/crx C:\Users\jeremy\AppData\Local\Google\Chrome\User Data\Default\extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi = : __MSG_extDesc__ - __MSG_extName__ - https://clients2.google.com/service/update2/crx C:\Users\jeremy\AppData\Local\Google\Chrome\User Data\Default\extensions\gomekmidlodglbbmalcneegieacbdmki = : Avast Browser Security and Web Reputation Plugin. - Avast Online Security - matches:[\u003Call_urls>] - https://clients2.google.com/service/update2/crx C:\Users\jeremy\AppData\Local\Google\Chrome\User Data\Default\extensions\khjilmcjipkeokomeekfnhkpbnhmgaje = : __MSG_extDescription__ - __MSG_extName__ - matches:[\u003Call_urls>] - https://clients2.google.com/service/update2/crx C:\Users\jeremy\AppData\Local\Google\Chrome\User Data\Default\extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl = : Quickly access Skype for Web and Share on Skype through your browser - Skype - https://clients2.google.com/service/update2/crx C:\Users\jeremy\AppData\Local\Google\Chrome\User Data\Default\extensions\nmmhkkegccagdldgiimedpiccmgmieda = : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx C:\Users\jeremy\AppData\Local\Google\Chrome\User Data\Default\extensions\pjkljhegncpnkpknbcohdijeoejaedia = : Google & co - https://mail.google.com/mail/ca - Google & co - [*://mail.google.com/mail/ca] - http://clients2.google.com/service/update2/crx C:\Users\jeremy\AppData\Local\Google\Chrome\User Data\Default\extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm = : Provider for discovery and services for mirroring of Chrome Media Router - Chrome Media Router - 919648714761-55j965o0km033psv3i9qls5mo3qtdrb0.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj] [HKLM\Software\Google\Chrome\Extensions\fagakgcelolinfnkfgekcnedpaklfcok] [HKLM\Software\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk] [HKLM\Software\Google\Chrome\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp] [HKLM\Software\Google\Chrome\Extensions\khjilmcjipkeokomeekfnhkpbnhmgaje] [HKLM\Software\WOW6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck] [HKLM\Software\WOW6432Node\Google\Chrome\Extensions\fagakgcelolinfnkfgekcnedpaklfcok] [HKLM\Software\WOW6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk] [HKLM\Software\WOW6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki] [HKLM\Software\WOW6432Node\Google\Chrome\Extensions\khjilmcjipkeokomeekfnhkpbnhmgaje] [HKLM\Software\WOW6432Node\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl] ---------- | Opera ---------- | Firefox [HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer] - (Adobe® Flash® Player 30.0.0.113 Plugin) : C:\WINDOWS\system32\Macromed\Flash\NPSWF64_30_0_0_113.dll [HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] - (Ag Player Plugin) : C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.1] - (VLC Multimedia Plugin) : C:\Program Files\VideoLAN\VLC\npvlc.dll [HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.4] - (VLC Multimedia Plugin) : C:\Program Files\VideoLAN\VLC\npvlc.dll [HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.6] - (VLC Multimedia Plugin) : C:\Program Files\VideoLAN\VLC\npvlc.dll [HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=3.0.1] - (VLC Multimedia Plugin) : C:\Program Files\VideoLAN\VLC\npvlc.dll [HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=3.0.2] - (VLC Multimedia Plugin) : C:\Program Files\VideoLAN\VLC\npvlc.dll [HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=3.0.3] - (VLC Multimedia Plugin) : C:\Program Files\VideoLAN\VLC\npvlc.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@adobe.com/FlashPlayer] - (Adobe® Flash® Player 30.0.0.113 Plugin) : C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_113.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56] - (Intel IPT WebApi plugin) : C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater] - (This plugin updates Intel WebAPI component) : C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.171.2] - (Java™ Deployment Toolkit) : C:\Program Files (x86)\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.171.2] - (Oracle® Next Generation Java™ Plug-In) : C:\Program Files (x86)\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0] - (Skype for Business Plug-in for Firefox) : C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] - (Ag Player Plugin) : C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0] - (Microsoft SharePoint Plug-in for Firefox) : C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [HKLM\Software\WOW6432Node\MozillaPlugins\Adobe Reader] - (Handles PDFs in-place in Firefox) : C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll C:\Users\jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\53x3han7.default-1485077277683-1527267865926\Prefs.js user_pref("browser.startup.homepage", "https://www.google.fr/"); user_pref("browser.startup.homepage_override.buildID", "20180516032328"); user_pref("browser.startup.homepage_override.mstone", "60.0.1"); user_pref("extensions.blocklist.lastModified", "Tue, 15 May 2018 10:57:42 GMT"); user_pref("extensions.blocklist.pingCountTotal", 2); user_pref("extensions.blocklist.pingCountVersion", 2); user_pref("extensions.databaseSchema", 24); user_pref("extensions.getAddons.cache.lastUpdate", 1527268381); user_pref("extensions.getAddons.databaseSchema", 5); user_pref("extensions.lastAppBuildId", "20180516032328"); user_pref("extensions.lastAppVersion", "60.0.1"); user_pref("extensions.lastPlatformVersion", "60.0.1"); user_pref("extensions.pendingOperations", false); user_pref("extensions.systemAddonSet", "{\"schema\":1,\"directory\":\"{b718d849-d01c-4315-a375-46a0cc66a997}\",\"addons\":{\"tls13-version-fallback-rollout-bug1462099@mozilla.org\":{\"version\":\"2.0\"}}}"); user_pref("extensions.ui.dictionary.hidden", true); user_pref("extensions.ui.experiment.hidden", true); user_pref("extensions.ui.lastCategory", "addons://list/plugin"); user_pref("extensions.ui.locale.hidden", true); user_pref("extensions.webextensions.uuids", "{\"screenshots@mozilla.org\":\"45e8d029-7ebc-4932-bb83-a2b6beed5b5d\",\"{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\":\"cf9c9d9d-972f-4cc1-ba95-07138b4fba31\"}"); user_pref("services.sync.extension-storage.lastSync", "0"); user_pref("services.sync.extension-storage.lastSyncLocal", "0"); C:\Users\jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\58nei795.default-1485077277683-1502707733425\Prefs.js user_pref("browser.search.defaultenginename", "Bing®"); user_pref("browser.search.selectedEngine", "Bing®"); user_pref("browser.startup.homepage", "https://www.google.fr/"); user_pref("browser.startup.homepage_override.buildID", "20180315233128"); user_pref("browser.startup.homepage_override.mstone", "59.0.1"); user_pref("e10s.rollout.cohort", "webextensions-multiBucket4"); user_pref("extensions.adblockplus.currentVersion", "2.9.1"); user_pref("extensions.adblockplus.notificationdata", "{\"lastCheck\":1510068005660,\"softExpiration\":1510170520449,\"hardExpiration\":1510240806091,\"data\":{\"notifications\":[],\"version\":\"201711071519-3/0\"},\"lastError\":0,\"downloadStatus\":\"synchronize_ok\",\"downloadCount\":40}"); user_pref("extensions.blocklist.pingCountTotal", 128); user_pref("extensions.blocklist.pingCountVersion", 2); user_pref("extensions.databaseSchema", 24); user_pref("extensions.e10s.rollout.blocklist", ""); user_pref("extensions.e10s.rollout.hasAddon", true); user_pref("extensions.e10s.rollout.policy", "50allmpc"); user_pref("extensions.e10sBlockedByAddons", false); user_pref("extensions.e10sMultiBlockedByAddons", false); user_pref("extensions.getAddons.cache.lastUpdate", 1521798042); user_pref("extensions.getAddons.databaseSchema", 5); user_pref("extensions.hotfix.lastVersion", "20170302.01"); user_pref("extensions.lastAppBuildId", "20180315233128"); user_pref("extensions.lastAppVersion", "59.0.1"); user_pref("extensions.lastPlatformVersion", "59.0.1"); user_pref("extensions.pendingOperations", false); user_pref("extensions.shield-recipe-client.first_run", false); user_pref("extensions.shield-recipe-client.startupExperimentMigrated", true); user_pref("extensions.shield-recipe-client.user_id", "4bce51fd-eeb1-4229-bf20-b7974916e322"); user_pref("extensions.systemAddonSet", "{\"schema\":1,\"directory\":\"{76a4353c-c958-4dd0-b675-cc59398c703d}\",\"addons\":{\"tls13-rollout-bug1442042@mozilla.org\":{\"version\":\"5.0\"}}}"); user_pref("extensions.ui.dictionary.hidden", true); user_pref("extensions.ui.experiment.hidden", true); user_pref("extensions.ui.lastCategory", "addons://list/plugin"); user_pref("extensions.ui.locale.hidden", true); user_pref("extensions.webextensions.uuids", "{\"{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\":\"70d47c2c-725f-4a8a-812a-47b460966b12\",\"application@itineraire.info\":\"03c36ef8-a4ed-4175-8317-d4e78c081e33\",\"screenshots@mozilla.org\":\"454b1406-17fb-4fa5-9a78-eed798c37fb4\"}"); user_pref("services.sync.extension-storage.lastSync", "0"); user_pref("services.sync.extension-storage.lastSyncLocal", "0"); C:\Users\jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\l79hp4m0.default-1485077277683\Prefs.js user_pref("browser.startup.homepage", "about:home"); user_pref("browser.startup.homepage_override.buildID", "20170504105526"); user_pref("browser.startup.homepage_override.mstone", "53.0.2"); user_pref("capability.policy.maonoscript.sites", "addons.mozilla.org afx.ms ajax.aspnetcdn.com ajax.googleapis.com bootstrapcdn.com code.jquery.com firstdata.com firstdata.lv gfx.ms google.com google.fr googlevideo.com gstatic.com hotmail.com kaspersky.com live.com live.net maps.googleapis.com mozilla.net netflix.com nflxext.com nflximg.com nflxvideo.net noscript.net outlook.com passport.com passport.net passportimages.com paypal.com paypalobjects.com persona.org securecode.com securesuite.net sfx.ms tinymce.cachefly.net wlxrs.com yahoo.com yahooapis.com yandex.st yimg.com youtube.com ytimg.com [System+Principal] about: about:addons about:blank about:blocked about:certerror about:config about:crashes about:feeds about:home about:memory about:neterror about:plugins about:pocket-saved about:pocket-signup about:preferences about:privatebrowsing about:sessionrestore about:srcdoc about:support blob: chrome: http://afx.ms http://bootstrapcdn.com http://firstdata.com http://firstdata.lv http://gfx.ms http://google.com http://google.fr http://googlevideo.com http://gstatic.com http://hotmail.com http://kaspersky.com http://live.com http://live.net http://mozilla.net http://netflix.com http://nflxext.com http://nflximg.com http://nflxvideo.net http://noscript.net http://outlook.com http://passport.com http://passport.net http://passportimages.com http://paypal.com http://paypalobjects.com http://persona.org http://securecode.com http://securesuite.net http://sfx.ms http://wlxrs.com http://www.jeuxvideo.com http://yahoo.com http://yahooapis.com http://yandex.st http://yimg.com http://youtube.com http://ytimg.com https://afx.ms https://bootstrapcdn.com https://firstdata.com https://firstdata.lv https://gfx.ms https://google.com https://google.fr https://googlevideo.com https://gstatic.com https://hotmail.com https://kaspersky.com https://live.com https://live.net https://mozilla.net https://netflix.com https://nflxext.com https://nflximg.com https://nflxvideo.net https://noscript.net https://outlook.com https://passport.com https://passport.net https://passportimages.com https://paypal.com https://paypalobjects.com https://persona.org https://securecode.com https://securesuite.net https://sfx.ms https://wlxrs.com https://yahoo.com https://yahooapis.com https://yandex.st https://yimg.com https://youtube.com https://ytimg.com mediasource: moz-extension: moz-safe-about: resource:"); user_pref("extensions.adblockplus.currentVersion", "2.8.2"); user_pref("extensions.adblockplus.notificationdata", "{\"lastCheck\":1494084734536,\"softExpiration\":1494174897662,\"hardExpiration\":1494061369252,\"data\":{\"notifications\":[],\"version\":\"201705040902\"},\"lastError\":1494078232361,\"downloadStatus\":\"synchronize_connection_error\",\"downloadCount\":55,\"shown\":[\"antiadblock\"]}"); user_pref("extensions.bdwteff.firstrun", true); user_pref("extensions.blocklist.pingCountTotal", 59); user_pref("extensions.blocklist.pingCountVersion", -1); user_pref("extensions.bootstrappedAddons", "{\"{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\":{\"version\":\"2.8.2\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\jeremy\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\l79hp4m0.default-1485077277683\\\\extensions\\\\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi\",\"multiprocessCompatible\":true,\"runInSafeMode\":false,\"dependencies\":[],\"hasEmbeddedWebExtension\":false},\"{DDC359D1-844A-42a7-9AA1-88A850A938A8}\":{\"version\":\"3.0.8\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\jeremy\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\l79hp4m0.default-1485077277683\\\\extensions\\\\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi\",\"multiprocessCompatible\":true,\"runInSafeMode\":false,\"dependencies\":[],\"hasEmbeddedWebExtension\":false},\"sdbx4@seedbox.fr\":{\"version\":\"4.0.1\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\jeremy\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\l79hp4m0.default-1485077277683\\\\extensions\\\\sdbx4@seedbox.fr.xpi\",\"multiprocessCompatible\":false,\"runInSafeMode\":false,\"dependencies\":[],\"hasEmbeddedWebExtension\":false},\"aushelper@mozilla.org\":{\"version\":\"2.0\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\aushelper@mozilla.org.xpi\",\"multiprocessCompatible\":true,\"runInSafeMode\":true,\"dependencies\":[],\"hasEmbeddedWebExtension\":false},\"e10srollout@mozilla.org\":{\"version\":\"1.14\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\e10srollout@mozilla.org.xpi\",\"multiprocessCompatible\":true,\"runInSafeMode\":true,\"dependencies\":[],\"hasEmbeddedWebExtension\":false},\"firefox@getpocket.com\":{\"version\":\"1.0.5\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\firefox@getpocket.com.xpi\",\"multiprocessCompatible\":true,\"runInSafeMode\":true,\"dependencies\":[],\"hasEmbeddedWebExtension\":false},\"webcompat@mozilla.org\":{\"version\":\"1.0\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\webcompat@mozilla.org.xpi\",\"multiprocessCompatible\":true,\"runInSafeMode\":true,\"dependencies\":[],\"hasEmbeddedWebExtension\":false}}"); user_pref("extensions.databaseSchema", 19); user_pref("extensions.dta.counter", 3); user_pref("extensions.dta.directory", "[\"C:\\\\Users\\\\jeremy\\\\Downloads\\\\\"]"); user_pref("extensions.dta.network.http.max-connections", 0); user_pref("extensions.dta.saveasmode", 0); user_pref("extensions.dta.version", "3.0"); user_pref("extensions.e10s.rollout.blocklist", "{dc572301-7619-498c-a57d-39143191b318};firefox@mega.co.nz"); user_pref("extensions.e10s.rollout.hasAddon", true); user_pref("extensions.e10s.rollout.policy", "50allmpc"); user_pref("extensions.e10sBlockedByAddons", true); user_pref("extensions.enabledAddons", "%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:53.0.2"); user_pref("extensions.getAddons.cache.lastUpdate", 1494078703); user_pref("extensions.getAddons.databaseSchema", 5); user_pref("extensions.googletranslatorforff.firstrun", false); user_pref("extensions.googletranslatorforff.targetlang", "fr"); user_pref("extensions.googletranslatorforff.toolbarbuttonplaced", true); user_pref("extensions.googletranslatorforff.version", "2.1"); user_pref("extensions.hotfix.lastVersion", "20170302.01"); user_pref("extensions.lastAppVersion", "53.0.2"); user_pref("extensions.lastPlatformVersion", "53.0.2"); user_pref("extensions.pendingOperations", false); user_pref("extensions.sdbx4@seedbox.fr.sdk.baseURI", "resource://sdbx4-at-seedbox-dot-fr/"); user_pref("extensions.sdbx4@seedbox.fr.sdk.domain", "sdbx4-at-seedbox-dot-fr"); user_pref("extensions.sdbx4@seedbox.fr.sdk.load.reason", "startup"); user_pref("extensions.sdbx4@seedbox.fr.sdk.rootURI", "jar:file:///C:/Users/jeremy/AppData/Roaming/Mozilla/Firefox/Profiles/l79hp4m0.default-1485077277683/extensions/sdbx4@seedbox.fr.xpi!/"); user_pref("extensions.sdbx4@seedbox.fr.sdk.version", "4.0.1"); user_pref("extensions.shield-recipe-client.api_url", "https://normandy.cdn.mozilla.net/api/v1"); user_pref("extensions.shield-recipe-client.dev_mode", false); user_pref("extensions.shield-recipe-client.enabled", true); user_pref("extensions.shield-recipe-client.logging.level", 50); user_pref("extensions.shield-recipe-client.startup_delay_seconds", 300); user_pref("extensions.shield-recipe-client.user_id", "8193aa98-ae1b-4dd7-9051-4ed9a8c933f9"); user_pref("extensions.systemAddonSet", "{\"schema\":1,\"addons\":{}}"); user_pref("extensions.ui.dictionary.hidden", true); user_pref("extensions.ui.experiment.hidden", true); user_pref("extensions.ui.lastCategory", "addons://list/extension"); user_pref("extensions.ui.locale.hidden", true); user_pref("extensions.xpiState", "{\"app-profile\":{\"sdbx4@seedbox.fr\":{\"d\":\"C:\\\\Users\\\\jeremy\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\l79hp4m0.default-1485077277683\\\\extensions\\\\sdbx4@seedbox.fr.xpi\",\"e\":true,\"v\":\"4.0.1\",\"st\":1485427089047},\"{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\":{\"d\":\"C:\\\\Users\\\\jeremy\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\l79hp4m0.default-1485077277683\\\\extensions\\\\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi\",\"e\":true,\"v\":\"2.8.2\",\"st\":1485079309814},\"{DDC359D1-844A-42a7-9AA1-88A850A938A8}\":{\"d\":\"C:\\\\Users\\\\jeremy\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\l79hp4m0.default-1485077277683\\\\extensions\\\\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi\",\"e\":true,\"v\":\"3.0.8\",\"st\":1485383287139}},\"app-system-defaults\":{\"aushelper@mozilla.org\":{\"d\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\aushelper@mozilla.org.xpi\",\"e\":true,\"v\":\"2.0\",\"st\":1494080626891},\"e10srollout@mozilla.org\":{\"d\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\e10srollout@mozilla.org.xpi\",\"e\":true,\"v\":\"1.14\",\"st\":1494080626891},\"firefox@getpocket.com\":{\"d\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\firefox@getpocket.com.xpi\",\"e\":true,\"v\":\"1.0.5\",\"st\":1494080626891},\"webcompat@mozilla.org\":{\"d\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\webcompat@mozilla.org.xpi\",\"e\":true,\"v\":\"1.0\",\"st\":1494080626875}},\"app-global\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"d\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi\",\"e\":true,\"v\":\"53.0.2\",\"st\":1494080626891}},\"winreg-app-global\":{\"e-webprint@epson.com\":{\"d\":\"C:\\\\Program Files (x86)\\\\Epson Software\\\\E-Web Print\\\\Firefox Add-on\",\"e\":false,\"v\":\"1.23.00\",\"st\":1453731178327,\"mt\":1432711826000}}}"); user_pref("network.proxy.ftp_port", 3128); user_pref("network.proxy.http", "pool268.seedbox.fr"); user_pref("network.proxy.http_port", 3128); user_pref("network.proxy.no_proxies_on", "localhost,127.0.0.1"); user_pref("network.proxy.socks_port", 3128); user_pref("network.proxy.ssl_port", 3128); user_pref("network.proxy.type", 0); C:\Users\jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\p87l74r0.default-1485077277683-1528055097141\Prefs.js user_pref("browser.startup.homepage", "https://www.google.fr/"); user_pref("browser.startup.homepage_override.buildID", "20180605171542"); user_pref("browser.startup.homepage_override.mstone", "60.0.2"); user_pref("extensions.blocklist.lastModified", "Thu, 07 Jun 2018 21:59:30 GMT"); user_pref("extensions.blocklist.pingCountTotal", 13); user_pref("extensions.blocklist.pingCountVersion", 9); user_pref("extensions.databaseSchema", 24); user_pref("extensions.getAddons.cache.lastUpdate", 1529079806); user_pref("extensions.getAddons.databaseSchema", 5); user_pref("extensions.lastAppBuildId", "20180605171542"); user_pref("extensions.lastAppVersion", "60.0.2"); user_pref("extensions.lastPlatformVersion", "60.0.2"); user_pref("extensions.pendingOperations", false); user_pref("extensions.systemAddonSet", "{\"schema\":1,\"directory\":\"{e628d836-b2cd-46c1-b2c5-584bfbe9d6c5}\",\"addons\":{\"tls13-version-fallback-rollout-bug1462099@mozilla.org\":{\"version\":\"3.0\"}}}"); user_pref("extensions.ui.dictionary.hidden", true); user_pref("extensions.ui.experiment.hidden", true); user_pref("extensions.ui.lastCategory", "addons://discover/"); user_pref("extensions.ui.locale.hidden", true); user_pref("extensions.webextensions.uuids", "{\"screenshots@mozilla.org\":\"9c195638-0b9d-4782-8ded-789e61cfa447\",\"{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\":\"b0c16567-82ba-484b-84fe-b6ff45dea20c\",\"sp@avast.com\":\"6fdfec24-f7aa-48a0-8c33-fd97c7492b76\",\"wrc@avast.com\":\"9cc242ba-215f-4ef0-bda4-576df5a8d853\",\"uBlock0@raymondhill.net\":\"3e12c285-1aff-463d-a0a9-c2baeb5a3c59\",\"{73a6fe31-595d-460b-a920-fcc0f8843232}\":\"33dc6daa-5ec2-490d-893b-0df85d647992\",\"{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}\":\"00081aca-5329-45bd-9d81-d2e15c502134\",\"jid1-r1tDuNiNb4SEww@jetpack\":\"4e756b55-cbf9-4fe7-a8e3-8425d44ce93f\"}"); user_pref("services.sync.extension-storage.lastSync", "0"); user_pref("services.sync.extension-storage.lastSyncLocal", "0"); [Profile0] - Name=default-1485077277683 -> Profiles/p87l74r0.default-1485077277683-1528055097141 ---------- | DNS [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters] "DhcpNameServer"=192.168.1.254 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{19074b3a-913c-4937-8ed2-07bcda465fe5}] "DhcpNameServer"=193.252.165.234 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{1d216b8f-dc26-4295-a200-0c6a9abb7da6}] "DhcpNameServer"=212.27.40.241 212.27.40.240 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{43acbf2c-10cb-441a-b8b0-daa59f86c5eb}] "NameServer"=77.234.40.79 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{4c2048e9-9422-4d84-860d-50c78d31f08b}] "DhcpNameServer"=109.0.66.20 109.0.66.10 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{54ea0a66-734d-45e7-adde-168fa7deb804}] "DhcpNameServer"=192.168.0.254 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{731b5f15-027d-4c6d-8088-a7bd3cb58e1f}] "DhcpNameServer"=192.168.1.254 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{7998e1ba-d401-441a-8f62-4d51f0755cc9}] "DhcpNameServer"=192.168.1.254 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{9b0cd89f-0d68-434b-8c6e-467c77b720f7}] "DhcpNameServer"=192.168.1.254 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{a6aceda7-759a-45fa-bc37-954ca87219ff}] "DhcpNameServer"=212.27.40.241 212.27.40.240 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{aa7a350a-892f-41dc-a014-eee85f83c07a}] "DhcpNameServer"=192.168.1.254 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{b2ab3784-a5bc-4a80-b9f3-0a864420a914}] "DhcpNameServer"=192.168.42.129 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{b4309d8a-ba1c-4c70-bdff-04c0c6c5c25f}] "DhcpNameServer"=192.168.1.254 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{cce4b688-9a3a-47a1-92dd-7a575febd554}] "DhcpNameServer"=192.168.1.254 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{d76e3279-abcb-4870-9f40-a78cc8bf63ca}] "DhcpNameServer"=192.168.1.254 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{e5c05653-7245-4fe9-b467-0facb3238f50}] "DhcpNameServer"=80.10.46.232 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{19074b3a-913c-4937-8ed2-07bcda465fe5}] "DhcpNameServer"=193.252.165.234 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{1d216b8f-dc26-4295-a200-0c6a9abb7da6}] "DhcpNameServer"=212.27.40.241 212.27.40.240 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{43acbf2c-10cb-441a-b8b0-daa59f86c5eb}] "NameServer"=77.234.40.79 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{4c2048e9-9422-4d84-860d-50c78d31f08b}] "DhcpNameServer"=109.0.66.20 109.0.66.10 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{54ea0a66-734d-45e7-adde-168fa7deb804}] "DhcpNameServer"=192.168.0.254 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{731b5f15-027d-4c6d-8088-a7bd3cb58e1f}] "DhcpNameServer"=192.168.1.254 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{7998e1ba-d401-441a-8f62-4d51f0755cc9}] "DhcpNameServer"=192.168.1.254 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{9b0cd89f-0d68-434b-8c6e-467c77b720f7}] "DhcpNameServer"=192.168.1.254 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{a6aceda7-759a-45fa-bc37-954ca87219ff}] "DhcpNameServer"=212.27.40.241 212.27.40.240 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{aa7a350a-892f-41dc-a014-eee85f83c07a}] "DhcpNameServer"=192.168.1.254 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{b2ab3784-a5bc-4a80-b9f3-0a864420a914}] "DhcpNameServer"=192.168.42.129 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{b4309d8a-ba1c-4c70-bdff-04c0c6c5c25f}] "DhcpNameServer"=192.168.1.254 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{cce4b688-9a3a-47a1-92dd-7a575febd554}] "DhcpNameServer"=192.168.1.254 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{d76e3279-abcb-4870-9f40-a78cc8bf63ca}] "DhcpNameServer"=192.168.1.254 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{e5c05653-7245-4fe9-b467-0facb3238f50}] "DhcpNameServer"=80.10.46.232 ---------- | Applications [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\SOFTWARE\Classes\Applications\::{52205FD8-5DFB-447D-801A-D0B52F2E83E1}] : "::{52205FD8-5DFB-447D-801A-D0B52F2E83E1}" %1 [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\SOFTWARE\Classes\Applications\snes9x.exe] : "C:\RomStation\Emulation\Super Nintendo\Snes9x\snes9x.exe" "%L" [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\SOFTWARE\Classes\Applications\soffice.exe] : "C:\Program Files (x86)\OpenOffice 4\program\soffice.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\chrome.exe] : "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" [HKLM\SOFTWARE\Classes\Applications\firefox.exe] : "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" [HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 [HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1 [HKLM\SOFTWARE\Classes\Applications\vlc.exe] : "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "%1" [HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\chrome.exe] : "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\firefox.exe] : "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\vlc.exe] : "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" ---------- | SvcHost (Whitelist) [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost] "DcomLaunch"=Power LSM BrokerInfrastructure PlugPlay DcomLaunch DeviceInstall SystemEventsBroker "rdxgroup"=RetailDemo "Camera"=FrameS "diagnostics"=DiagSvc "PrintWorkflow"=PrintWorkflowUserSvc "DevicesFlow"=DevicesFlowUserSvc "GraphicsPerfSvcGroup"=GraphicsPerfSvc "smbsvcs"=lanmanserver [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost] "DcomLaunch"=PlugPlay DcomLaunch DeviceInstall "PrintWorkflow"=PrintWorkflowUserSvc "smbsvcs"=lanmanserver ---------- | SvcHost - Netsvcs (Whitelist) ---------- | Software [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\7-Zip] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\Adobe] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\Aeria Games] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\Akamai] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\Andy] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\Ankama] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\AppDataLow] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\Apple Computer, Inc.] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\Apple Inc.] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\ASUS] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\AVAST Software] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\Avg] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\Avg Secure Update] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\AVG Web TuneUp] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\Avira] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\AviraSpeedup] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\BcmSetup] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\BitTorrent] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\Blizzard Entertainment] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\BlueStacks] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\Browser Cleanup] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\BVRP Software] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\Chromium] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\Clients] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\Crystal Dynamics] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\Disc Soft] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\Dropbox] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\DropboxUpdate] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\DSS] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\ECAREME] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\Eidos] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\Electronic Arts] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\Enterbrain] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\Epic Games] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\EPSON] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\epsxe] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\eSupport.com] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\Foxit Software] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\Frontier Developments] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\g3n-h@ckm@n] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\GameCenter] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\Glarysoft] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\GNU] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\GOG.com] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\Google] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\Haemimont Games] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\IM Providers] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\Intel] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\JavaSoft] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\Licenses] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\Macromedia] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\Malwarebytes] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\Microids] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\Microsoft] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\Mirage] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\Mozilla] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\MTK] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\MyComGames] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\NETGEAR] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\Netscape] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\NVIDIA Corporation] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\Nvizzio Creations] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\ODBC] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\OD_101713_227] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\OpenOffice] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\OpenVPN-GUI] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\Piriform] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\Playdead] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\Playtonic Ltd] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\Policies] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\ProtectedStorage] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\QtProject] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\Realtek] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\RegisteredApplications] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\Safer Networking Limited] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\Scarlet.Crush Productions] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\Sega] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\SEIKO EPSON CORPORATION] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\Skype] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\skypeapp-7e44838b63fd] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\Snes9x] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\Snowcastle Games] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\square-enix] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\SquareEnix] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\SyncEngines] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\sysinternals] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\System Requirements Lab] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\The Silicon Realms Toolworks] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\THEGFW] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\Tokyo RPG Factory] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\TokyoRPGFactory] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\Trolltech] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\Ubisoft] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\Unity] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\Valve] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\Vision Thing] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\Wargaming.net] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\WIDBTW] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\Widcomm] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\WinRAR] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\WinRAR SFX] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\Wow6432Node] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\ZHP] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\SOFTWARE\AppDataLow\Software\JavaSoft] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\SOFTWARE\AppDataLow\Software\Microsoft] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\Microsoft\Windows\CurrentVersion] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\Microsoft\Windows\DWM] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\Microsoft\Windows\PrivacySettingsBeforeCreatorsUpdate] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\Microsoft\Windows\Shell] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\Microsoft\Windows\TabletPC] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\Microsoft\Windows\Windows Error Reporting] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\Microsoft\Windows\Winlogon] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\Ada2] [HKLM\Software\AGEIA Technologies] [HKLM\Software\Agere] [HKLM\Software\ASUS] [HKLM\Software\AVG] [HKLM\Software\AVG Persistent] [HKLM\Software\BigNox] [HKLM\Software\Broadcom] [HKLM\Software\Clients] [HKLM\Software\COMODO] [HKLM\Software\Dell] [HKLM\Software\DellShared] [HKLM\Software\Disc Soft] [HKLM\Software\Dolby] [HKLM\Software\DTS] [HKLM\Software\ECAREME] [HKLM\Software\EPSON] [HKLM\Software\g3n-h@ckm@n] [HKLM\Software\GNU] [HKLM\Software\Google] [HKLM\Software\ICEpower] [HKLM\Software\Intel] [HKLM\Software\IPS] [HKLM\Software\JreMetrics] [HKLM\Software\Khronos] [HKLM\Software\Knowles] [HKLM\Software\Logitech] [HKLM\Software\LSI] [HKLM\Software\Macromedia] [HKLM\Software\Microsoft] [HKLM\Software\Mozilla] [HKLM\Software\mozilla.org] [HKLM\Software\MozillaPlugins] [HKLM\Software\Nahimic] [HKLM\Software\NETGEAR] [HKLM\Software\Nuance] [HKLM\Software\NVIDIA Corporation] [HKLM\Software\ODBC] [HKLM\Software\OEM] [HKLM\Software\Piriform] [HKLM\Software\Policies] [HKLM\Software\Realtek] [HKLM\Software\RegisteredApplications] [HKLM\Software\RTLSetup] [HKLM\Software\Software] [HKLM\Software\SonicFocus] [HKLM\Software\SoundResearch] [HKLM\Software\Square Soft, Inc.] [HKLM\Software\Synaptics] [HKLM\Software\sysinternals] [HKLM\Software\VideoLAN] [HKLM\Software\Volatile] [HKLM\Software\WIDCOMM] [HKLM\Software\WinRAR] [HKLM\Software\WOW6432Node] [HKLM\Software\{46577E3C-95B4-4f4f-B4A7-0C29D12FB15D}] [HKLM\Software\Microsoft\Windows\ClickNote] [HKLM\Software\Microsoft\Windows\CurrentVersion] [HKLM\Software\Microsoft\Windows\Dwm] [HKLM\Software\Microsoft\Windows\DynamicManagement] [HKLM\Software\Microsoft\Windows\EnterpriseResourceManager] [HKLM\Software\Microsoft\Windows\Heat] [HKLM\Software\Microsoft\Windows\HTML Help] [HKLM\Software\Microsoft\Windows\ITStorage] [HKLM\Software\Microsoft\Windows\PrivacySettingsBeforeCreatorsUpdate] [HKLM\Software\Microsoft\Windows\ScheduledDiagnostics] [HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\Microsoft\Windows\Shell] [HKLM\Software\Microsoft\Windows\Tablet PC] [HKLM\Software\Microsoft\Windows\TabletPC] [HKLM\Software\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\Microsoft\Windows\Windows Search] [HKLM\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\Camera] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\DevicesFlow] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\diagnostics] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\GraphicsPerfSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ICService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceHttp] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestrictedDhcpLmHosts] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetworkFirewall] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceDnsNla] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\print] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\PrintWorkflow] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\rdxgroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\RmSvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\UnistackSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\WepHostSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wsappx] [HKLM\Software\WOW6432Node\Ada2] [HKLM\Software\WOW6432Node\Adobe] [HKLM\Software\WOW6432Node\AGEIA Technologies] [HKLM\Software\WOW6432Node\Apple Inc.] [HKLM\Software\WOW6432Node\AROnline] [HKLM\Software\WOW6432Node\ASIO] [HKLM\Software\WOW6432Node\AsLdr] [HKLM\Software\WOW6432Node\ASUS] [HKLM\Software\WOW6432Node\AVAST Software] [HKLM\Software\WOW6432Node\AVG] [HKLM\Software\WOW6432Node\Avg Secure Update] [HKLM\Software\WOW6432Node\Avira] [HKLM\Software\WOW6432Node\Blizzard Entertainment] [HKLM\Software\WOW6432Node\BVRP Software] [HKLM\Software\WOW6432Node\Caphyon] [HKLM\Software\WOW6432Node\Comodo] [HKLM\Software\WOW6432Node\Cygwin] [HKLM\Software\WOW6432Node\DellShared] [HKLM\Software\WOW6432Node\Dropbox] [HKLM\Software\WOW6432Node\DropboxUpdate] [HKLM\Software\WOW6432Node\DSOnline] [HKLM\Software\WOW6432Node\ea games] [HKLM\Software\WOW6432Node\ECAREME] [HKLM\Software\WOW6432Node\EPSON] [HKLM\Software\WOW6432Node\FFOnline] [HKLM\Software\WOW6432Node\Foxit Software] [HKLM\Software\WOW6432Node\Fraps] [HKLM\Software\WOW6432Node\GlarySoft] [HKLM\Software\WOW6432Node\GOG.com] [HKLM\Software\WOW6432Node\Google] [HKLM\Software\WOW6432Node\HiRez Studios] [HKLM\Software\WOW6432Node\ICEpower] [HKLM\Software\WOW6432Node\IM Providers] [HKLM\Software\WOW6432Node\Intel] [HKLM\Software\WOW6432Node\JavaSoft] [HKLM\Software\WOW6432Node\JreMetrics] [HKLM\Software\WOW6432Node\Khronos] [HKLM\Software\WOW6432Node\Macromedia] [HKLM\Software\WOW6432Node\Malwarebytes' Anti-Malware] [HKLM\Software\WOW6432Node\Maxis] [HKLM\Software\WOW6432Node\McAfee] [HKLM\Software\WOW6432Node\McAfee.com] [HKLM\Software\WOW6432Node\Microsoft] [HKLM\Software\WOW6432Node\Mozilla] [HKLM\Software\WOW6432Node\mozilla.org] [HKLM\Software\WOW6432Node\MozillaPlugins] [HKLM\Software\WOW6432Node\NETGEAR] [HKLM\Software\WOW6432Node\Notepad++] [HKLM\Software\WOW6432Node\Nuance] [HKLM\Software\WOW6432Node\NVIDIA Corporation] [HKLM\Software\WOW6432Node\ODBC] [HKLM\Software\WOW6432Node\OpenOffice] [HKLM\Software\WOW6432Node\Oracle] [HKLM\Software\WOW6432Node\Origin] [HKLM\Software\WOW6432Node\Origin Games] [HKLM\Software\WOW6432Node\Panda Software] [HKLM\Software\WOW6432Node\pandasecuritytb] [HKLM\Software\WOW6432Node\Pokemon Uranium Team] [HKLM\Software\WOW6432Node\Realtek] [HKLM\Software\WOW6432Node\Realtek Semiconductor Corp.] [HKLM\Software\WOW6432Node\RtWLan] [HKLM\Software\WOW6432Node\Safer Networking Limited] [HKLM\Software\WOW6432Node\SERCOMM] [HKLM\Software\WOW6432Node\Skype] [HKLM\Software\WOW6432Node\SlimWare Utilities Inc] [HKLM\Software\WOW6432Node\Square Soft, Inc.] [HKLM\Software\WOW6432Node\SRS Labs] [HKLM\Software\WOW6432Node\SyncIntegrationClients] [HKLM\Software\WOW6432Node\ThinPrint] [HKLM\Software\WOW6432Node\TVInstallTemp] [HKLM\Software\WOW6432Node\Ubisoft] [HKLM\Software\WOW6432Node\Valve] [HKLM\Software\WOW6432Node\VMware, Inc.] [HKLM\Software\WOW6432Node\WildTangent] [HKLM\Software\WOW6432Node\WOW6432Node] [HKLM\Software\WOW6432Node\WSWNA3100M] [HKLM\Software\WOW6432Node\Yahoo] [HKLM\Software\WOW6432Node\Clients] [HKLM\Software\WOW6432Node\Policies] [HKLM\Software\WOW6432Node\RegisteredApplications] [HKLM\Software\WOW6432Node\Microsoft\Windows\ClickNote] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows\Dwm] [HKLM\Software\WOW6432Node\Microsoft\Windows\EnterpriseResourceManager] [HKLM\Software\WOW6432Node\Microsoft\Windows\Heat] [HKLM\Software\WOW6432Node\Microsoft\Windows\Help] [HKLM\Software\WOW6432Node\Microsoft\Windows\HTML Help] [HKLM\Software\WOW6432Node\Microsoft\Windows\ITStorage] [HKLM\Software\WOW6432Node\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\WOW6432Node\Microsoft\Windows\Tablet PC] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Search] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceHttp] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestrictedDhcpLmHosts] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetworkFirewall] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceDnsNla] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\PrintWorkflow] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] ---------- | Drives D: ---------- | C: [01/02/2018 20:16:13] - |HD| - [866959] - C:\$AV_AVG [02/02/2018 13:57:29] - |HD| - [194054] - C:\$GetCurrent [22/08/2013 17:36:31] - |SHD| - [387] - C:\$Recycle.Bin [14/06/2018 23:43:44] - |HD| - [337104] - C:\$SysReset [01/04/2017 12:37:51] - |AD| - [1363456] - C:\adb [22/02/2017 00:11:25] - |D| - [4944544711] - C:\AdwCleaner [05/09/2016 01:31:55] - |D| - [14838955943] - C:\AeriaGames [MD5.D41D8CD98F00B204E9800998ECF8427E] - [27/06/2016 16:44:31] - |A| - (.-.) - [0] - (0.0.0.0) - C:\autoexec.bat [MD5.10CBF8657109BC0EE0E0AC043652B0C1] - [18/02/2017 11:40:40] - |A| - (.-.) - [789] - (0.0.0.0) - C:\bdlog.txt [29/10/2014 16:13:20] - |SHD| - [18533132] - C:\Boot [MD5.0B17239B2E03F5AEA96929003CA22337] - [22/08/2013 17:44:03] - |RASH| - (.-.) - [404250] - (0.0.0.0) - C:\bootmgr [MD5.93B885ADFE0DA089CDF634904FD59F71] - [22/08/2013 17:44:04] - |ASH| - (.-.) - [1] - (0.0.0.0) - C:\BOOTNXT [MD5.3ACC4C897B1F9C7F2ECF2CD034B57E9F] - [02/03/2018 17:52:35] - |SH| - (.-.) - [72] - (0.0.0.0) - C:\bootTel.dat [15/03/2016 19:16:15] - |SHD| - [43755348] - C:\Config.Msi [30/07/2015 23:51:49] - |SHD| - [0] - C:\Documents and Settings [14/02/2015 02:21:21] - |D| - [3983613563] - C:\eSupport [13/06/2018 19:07:00] - |D| - [147657561] - C:\FRST [24/05/2018 19:29:04] - |D| - [2079742] - C:\GOG Games [MD5.D41D8CD98F00B204E9800998ECF8427E] - [19/05/2018 10:24:31] - |ASH| - (.-.) - [3395219456] - (0.0.0.0) - C:\hiberfil.sys [13/02/2015 18:43:41] - |HD| - [851155] - C:\Intel [MD5.E85A0604817CC7BA12642436D72C2834] - [07/04/2016 14:49:58] - |A| - (.-.) - [29842] - (0.0.0.0) - C:\License.rtf [10/09/2015 07:53:54] - |D| - [13214922] - C:\Logs [18/02/2017 11:26:10] - |D| - [18252] - C:\Microsoft [07/07/2016 12:05:47] - |RHD| - [856273131] - C:\MSOCache [17/01/2016 16:26:53] - |D| - [24797916] - C:\NvidiaLogging [MD5.D41D8CD98F00B204E9800998ECF8427E] - [19/05/2018 10:24:33] - |ASH| - (.-.) - [1342177280] - (0.0.0.0) - C:\pagefile.sys [29/09/2017 15:46:33] - |RD| - [8306741278] - C:\Program Files [29/09/2017 15:46:33] - |RD| - [14469059061] - C:\Program Files (x86) [29/09/2017 15:46:33] - |HD| - [8064467315] - C:\ProgramData [15/06/2018 19:50:34] - |D| - [581962] - C:\QuickDiag [MD5.10A7177AA328FDA9E946F0A656E9F4AD] - [15/06/2018 20:03:32] - |A| - (.-.) - [225577] - (0.0.0.0) - C:\QuickDiag.txt [MD5.917AADFBCBC9B82B9030BB17F941EC0C] - [15/06/2018 19:58:50] - |RA| - (.-.) - [494418] - (0.0.0.0) - C:\QuickDiag_15_06_2018_19_58_50.txt [02/02/2018 16:53:35] - |SHD| - [1166] - C:\Recovery [19/01/2016 17:42:33] - |AD| - [1220130628] - C:\RomStation [MD5.D41D8CD98F00B204E9800998ECF8427E] - [19/05/2018 10:24:33] - |ASH| - (.-.) - [268435456] - (0.0.0.0) - C:\swapfile.sys [14/02/2015 02:06:34] - |SHD| - [0] - C:\System Volume Information [29/09/2017 10:45:11] - |RD| - [28742833255] - C:\Users [29/09/2017 10:45:11] - |D| - [54413308474] - C:\WINDOWS [02/02/2018 13:57:11] - |D| - [21613592] - C:\Windows10Upgrade ---------- | C:\WINDOWS [29/09/2017 15:46:33] - |D| - [802] - C:\WINDOWS\addins [29/09/2017 15:46:33] - |D| - [16062134] - C:\WINDOWS\appcompat [29/09/2017 15:46:33] - |D| - [8191032] - C:\WINDOWS\apppatch [29/09/2017 15:46:33] - |D| - [0] - C:\WINDOWS\AppReadiness [MD5.187FFDF69B85ED54E36E4FB2FE5C9496] - [13/02/2015 19:22:31] - |A| - (.-.) - [26948] - (0.0.0.0) - C:\WINDOWS\AsChkDev.txt [MD5.CD552E5AD32FDC80F251538256F1E934] - [14/01/2015 04:25:26] - |A| - (.-.) - [23] - (0.0.0.0) - C:\WINDOWS\AsDCDVer.txt [MD5.6A75971FCC5C48AF2AE474C78072008B] - [29/10/2014 14:38:57] - |A| - (.-.) - [28] - (0.0.0.0) - C:\WINDOWS\AsHDIVer.txt [MD5.8C0D444A0789E33ED9326364CEDCF58E] - [14/02/2015 02:17:42] - |A| - (.-.) - [90] - (0.0.0.0) - C:\WINDOWS\AsPEToolVer.txt [29/09/2017 15:46:33] - |RSD| - [1165652024] - C:\WINDOWS\assembly [MD5.BDDD18A78ECC52FA2F90F8FBF20A033E] - [14/02/2015 02:17:42] - |A| - (.-.) - [54] - (0.0.0.0) - C:\WINDOWS\AsToolCDVer.txt [29/10/2014 13:43:39] - |AD| - [178891393] - C:\WINDOWS\ASUS [29/09/2017 15:46:33] - |D| - [692493] - C:\WINDOWS\bcastdvr [MD5.55F49769891E4DC7CAB3E293E1238888] - [29/09/2017 15:41:23] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Utilitaire de service de fichier de démarrage.) - [65536] - (10.0.16299.15) - C:\WINDOWS\bfsvc.exe [29/09/2017 15:46:33] - |D| - [38264380] - C:\WINDOWS\Boot [MD5.F3363173B54B85FA62417A7AFC34959E] - [02/02/2018 16:56:28] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\WINDOWS\bootstat.dat [29/09/2017 15:46:33] - |D| - [2448464] - C:\WINDOWS\Branding [MD5.9130CCE19B5DB3D2E31F9F789263FC4A] - [18/02/2017 11:04:48] - |A| - (.Copyright (c) 1999-2006 Microsoft Corporation - CAPICOM Module.) - [511328] - (2.1.0.2) - C:\WINDOWS\capicom.dll [29/09/2017 15:37:01] - |D| - [0] - C:\WINDOWS\CbsTemp [MD5.A155FFABF2F04265A97274CCAB44D773] - [30/09/2017 16:42:03] - |A| - (.-.) - [35138] - (0.0.0.0) - C:\WINDOWS\Core.xml [MD5.1E3D09CADD189E79160EBB9A7BABA3E4] - [29/10/2014 08:23:30] - |A| - (.-.) - [10] - (0.0.0.0) - C:\WINDOWS\csup.txt [29/09/2017 15:46:33] - |D| - [11482410] - C:\WINDOWS\Cursors [29/09/2017 15:46:33] - |D| - [26993363] - C:\WINDOWS\debug [29/09/2017 15:46:33] - |D| - [0] - C:\WINDOWS\DeliveryOptimization [MD5.4EC7DDE77607CD8251EF9F982DB934C0] - [02/02/2018 17:21:01] - |A| - (.-.) - [45723] - (0.0.0.0) - C:\WINDOWS\diagerr.xml [29/09/2017 15:46:33] - |D| - [4795199] - C:\WINDOWS\diagnostics [MD5.4EC7DDE77607CD8251EF9F982DB934C0] - [02/02/2018 17:21:01] - |A| - (.-.) - [45723] - (0.0.0.0) - C:\WINDOWS\diagwrn.xml [30/09/2017 16:40:03] - |D| - [0] - C:\WINDOWS\DigitalLocker [29/09/2017 15:46:33] - |SD| - [65] - C:\WINDOWS\Downloaded Program Files [29/09/2017 15:46:33] - |HD| - [44608] - C:\WINDOWS\ELAMBKUP [30/09/2017 16:40:03] - |D| - [0] - C:\WINDOWS\en-US [MD5.4617D41657001A296F45D026B774C485] - [13/06/2018 13:11:10] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [3903784] - (10.0.16299.492) - C:\WINDOWS\explorer.exe [MD5.E1FD9DE48AF5D7652AA31BBE914F54B8] - [26/02/2009 08:50:32] - |A| - (.-.) - [176] - (0.0.0.0) - C:\WINDOWS\explorer.exe.config [29/09/2017 15:46:33] - |RSD| - [395544244] - C:\WINDOWS\Fonts [30/09/2017 16:40:03] - |D| - [109568] - C:\WINDOWS\fr-FR [29/09/2017 15:46:33] - |D| - [0] - C:\WINDOWS\GameBarPresenceWriter [29/09/2017 15:46:33] - |D| - [46644122] - C:\WINDOWS\Globalization [29/09/2017 15:46:33] - |D| - [71701242] - C:\WINDOWS\Help [MD5.67422BB31C52F0E4697C2A413677E033] - [09/05/2018 14:16:11] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Aide et support Microsoft.) - [976896] - (10.0.16299.402) - C:\WINDOWS\HelpPane.exe [MD5.620517DFE23E0DEB918F70538DF8AD67] - [29/09/2017 15:41:47] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Exécutable de l’aide HTML Microsoft®.) - [17920] - (10.0.16299.15) - C:\WINDOWS\hh.exe [29/09/2017 15:46:33] - |D| - [173056880] - C:\WINDOWS\IME [29/09/2017 15:46:33] - |RD| - [7817000] - C:\WINDOWS\ImmersiveControlPanel [29/09/2017 15:44:34] - |D| - [82239441] - C:\WINDOWS\INF [29/09/2017 15:46:33] - |D| - [1540549621] - C:\WINDOWS\InfusedApps [29/09/2017 15:46:33] - |D| - [38118841] - C:\WINDOWS\InputMethod [29/09/2017 15:46:33] - |SHDC| - [19869412320] - C:\WINDOWS\Installer [29/09/2017 15:46:33] - |D| - [94163] - C:\WINDOWS\L2Schemas [29/09/2017 15:46:33] - |D| - [0] - C:\WINDOWS\LiveKernelReports [29/10/2014 13:24:07] - |D| - [6269410] - C:\WINDOWS\Log [29/09/2017 10:45:14] - |D| - [31802619] - C:\WINDOWS\Logs [29/09/2017 15:46:33] - |RSD| - [20331141] - C:\WINDOWS\media [22/08/2013 17:36:31] - |D| - [1619968] - C:\WINDOWS\MediaViewer [MD5.23AF90D2355D8C83AA4567EF1763B467] - [29/09/2017 15:42:00] - |A| - (.-.) - [43131] - (0.0.0.0) - C:\WINDOWS\mib.bin [29/09/2017 15:46:33] - |RD| - [829066889] - C:\WINDOWS\Microsoft.NET [29/09/2017 15:46:33] - |D| - [3298] - C:\WINDOWS\Migration [27/05/2018 17:01:59] - |D| - [0] - C:\WINDOWS\Minidump [29/09/2017 15:46:33] - |D| - [0] - C:\WINDOWS\ModemLogs [MD5.15750221BBFFA36C055D656C46899460] - [29/09/2017 15:41:38] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Bloc-notes.) - [246784] - (10.0.16299.15) - C:\WINDOWS\notepad.exe [MD5.74F28574BB8F61FFC7DD419FE6B6E0D5] - [19/08/2016 08:46:15] - |A| - (.-.) - [1951] - (0.0.0.0) - C:\WINDOWS\NvContainerRecovery.bat [MD5.74F28574BB8F61FFC7DD419FE6B6E0D5] - [16/12/2016 14:10:15] - |A| - (.-.) - [1951] - (0.0.0.0) - C:\WINDOWS\NvTelemetryContainerRecovery.bat [30/09/2017 16:40:54] - |D| - [199472] - C:\WINDOWS\OCR [29/09/2017 15:46:33] - |RD| - [65] - C:\WINDOWS\Offline Web Pages [19/03/2018 21:22:13] - |D| - [332670146] - C:\WINDOWS\Panther [12/04/2018 08:20:04] - |D| - [0] - C:\WINDOWS\PCHEALTH [29/09/2017 15:46:33] - |D| - [313782] - C:\WINDOWS\Performance [MD5.2E2617EEB10E8DFA25927A01E2CD96BE] - [14/06/2018 23:10:03] - |A| - (.-.) - [1048] - (0.0.0.0) - C:\WINDOWS\PFRO.log [29/09/2017 15:46:33] - |D| - [1136442] - C:\WINDOWS\PLA [29/09/2017 15:46:33] - |D| - [2764562] - C:\WINDOWS\PolicyDefinitions [02/02/2018 16:54:27] - |D| - [19023746] - C:\WINDOWS\Prefetch [29/09/2017 15:46:33] - |RD| - [2166035] - C:\WINDOWS\PrintDialog [MD5.09394999ADB19901C665454EE964B13C] - [02/02/2018 14:28:04] - |A| - (.-.) - [36] - (0.0.0.0) - C:\WINDOWS\progress.ini [29/09/2017 15:46:33] - |D| - [3890727] - C:\WINDOWS\Provisioning [MD5.14A3681D6247758B1F4880022ABEE0D7] - [29/09/2017 15:41:58] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Éditeur du Registre.) - [335872] - (10.0.16299.15) - C:\WINDOWS\regedit.exe [29/09/2017 15:46:33] - |D| - [1095288] - C:\WINDOWS\Registration [29/09/2017 15:46:33] - |D| - [10516984] - C:\WINDOWS\rescache [29/09/2017 15:46:33] - |D| - [4527433] - C:\WINDOWS\Resources [MD5.B4D0C11C897A403EBC11AE09547A0A35] - [16/02/2017 04:55:56] - |A| - (.Copyright (C) Realtek Semiconductor Corp. - RtCRU.) - [4340776] - (1.13.0.0) - C:\WINDOWS\RtCRU64.exe [MD5.656B1B3AB5F0A58C37C339AEF9621E1D] - [13/02/2015 18:51:53] - |A| - (.Copyright (C) 2014 Realtek Semiconductor Corp. - RtlExUpd DLL for setup utility function.) - [2825944] - (1.0.6.0) - C:\WINDOWS\RtlExUpd.dll [29/09/2017 15:46:33] - |D| - [0] - C:\WINDOWS\SchCache [29/09/2017 15:46:33] - |D| - [122082] - C:\WINDOWS\schemas [29/09/2017 15:46:33] - |D| - [8560640] - C:\WINDOWS\security [02/02/2018 16:43:38] - |D| - [45556263] - C:\WINDOWS\ServiceProfiles [29/09/2017 10:45:11] - |D| - [127065202] - C:\WINDOWS\servicing [29/09/2017 15:49:45] - |D| - [349] - C:\WINDOWS\Setup [29/09/2017 15:46:33] - |D| - [53789184] - C:\WINDOWS\ShellExperiences [30/10/2015 21:03:03] - |D| - [66023] - C:\WINDOWS\ShellNew [30/09/2017 16:40:41] - |D| - [3070736] - C:\WINDOWS\SKB [13/02/2015 18:34:07] - |D| - [9397146273] - C:\WINDOWS\SoftwareDistribution [29/09/2017 15:46:33] - |D| - [86037185] - C:\WINDOWS\Speech [29/09/2017 15:46:33] - |D| - [61728519] - C:\WINDOWS\Speech_OneCore [MD5.B3FBABDA876CFA2B4695471D5348F59F] - [29/09/2017 15:42:06] - |A| - (.© Microsoft Corporation. - Print driver host for applications.) - [130560] - (10.0.16299.15) - C:\WINDOWS\splwow64.exe [MD5.2664EEEE55F34BC4FAAA8EE41393D2CD] - [31/07/2015 00:25:21] - |A| - (.-.) - [31856] - (0.0.0.0) - C:\WINDOWS\Starter.xml [29/09/2017 15:46:33] - |D| - [31039] - C:\WINDOWS\System [MD5.286A9EDB379DC3423A528B0864A0F111] - [22/08/2013 15:25:43] - |A| - (.-.) - [219] - (0.0.0.0) - C:\WINDOWS\system.ini [29/09/2017 10:45:11] - |D| - [9831693917] - C:\WINDOWS\System32 [29/09/2017 15:46:34] - |D| - [199052722] - C:\WINDOWS\SystemApps [29/09/2017 15:46:34] - |D| - [24143266] - C:\WINDOWS\SystemResources [29/09/2017 10:45:15] - |D| - [1735608202] - C:\WINDOWS\SysWOW64 [29/09/2017 15:46:34] - |D| - [0] - C:\WINDOWS\TAPI [22/08/2013 17:36:30] - |D| - [9866] - C:\WINDOWS\Tasks [29/09/2017 15:46:34] - |D| - [65626817] - C:\WINDOWS\Temp [29/09/2017 15:46:34] - |D| - [13428736] - C:\WINDOWS\TextInput [22/08/2013 17:36:30] - |RD| - [0] - C:\WINDOWS\ToastData [29/09/2017 15:46:34] - |D| - [0] - C:\WINDOWS\tracing [29/09/2017 15:46:34] - |D| - [43075116] - C:\WINDOWS\twain_32 [MD5.F6C33A8A65C6AF007812EED398D783B2] - [29/09/2017 15:42:16] - |A| - (.- Gestionnaire de sources Twain_32 (Image Acquisition Interface).) - [65536] - (1.7.1.3) - C:\WINDOWS\twain_32.dll [02/02/2018 13:49:39] - |D| - [6297530] - C:\WINDOWS\UpdateAssistant [15/06/2017 19:37:27] - |SD| - [0] - C:\WINDOWS\UpdateAssistantV2 [22/08/2013 17:36:30] - |D| - [0] - C:\WINDOWS\vpnplugins [29/09/2017 15:46:34] - |D| - [12420] - C:\WINDOWS\Vss [29/09/2017 15:46:34] - |D| - [15729830] - C:\WINDOWS\Web [MD5.97D5072044363C2A7B4F6C5F07BC6089] - [22/08/2013 15:25:43] - |A| - (.-.) - [316] - (0.0.0.0) - C:\WINDOWS\win.ini [MD5.C844CA459F3B209329984772269B6E56] - [29/09/2017 15:41:58] - |RAH| - (.-.) - [670] - (0.0.0.0) - C:\WINDOWS\WindowsShell.Manifest [MD5.2CC83D93DD1DDE691158CF5E9882420B] - [14/06/2018 23:34:00] - |A| - (.-.) - [276] - (0.0.0.0) - C:\WINDOWS\WindowsUpdate.log [MD5.02BD03E57C66CB40AEDB7039E93E7CB0] - [29/09/2017 15:42:16] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Relais Windows Winhlp32.) - [11776] - (10.0.16299.15) - C:\WINDOWS\winhlp32.exe [29/09/2017 10:45:11] - |D| - [7735162839] - C:\WINDOWS\WinSxS [MD5.E7E4D8D7340DA6934B9EA81CBB21374C] - [29/09/2017 15:41:16] - |A| - (.-.) - [316640] - (0.0.0.0) - C:\WINDOWS\WMSysPr9.prx [MD5.0D5D4E344F5581C954355D7164DD4BE1] - [29/09/2017 15:41:38] - |A| - (.© Microsoft Corporation. - Windows Write.) - [11264] - (10.0.16299.15) - C:\WINDOWS\write.exe [MD5.A0145EEB9EDA56392B044D34CDC20E53] - [05/09/2016 13:40:58] - |A| - (.Copyright (c) 2006-2013 Wellbia.com Co., Ltd. - XIGNCODE3 System Guard.) - [36904] - (3.4.2.150) - C:\WINDOWS\xhunter1.sys ---------- | C:\WINDOWS\System32\GroupPolicy [MD5.6070AD36146328D074C7B5F60B0022F9] - [09/04/2016 16:22:40] - |A| - (.-.) - [165] - (0.0.0.0) - C:\WINDOWS\System32\GroupPolicy\GPT.INI [09/04/2016 16:22:40] - |D| - [592] - C:\WINDOWS\System32\GroupPolicy\Machine [09/04/2016 16:22:40] - |D| - [0] - C:\WINDOWS\System32\GroupPolicy\User ---------- | Systemroot\System ---------- | Systemroot\Installer (Microsoft Files Whitelisted) [16/03/2015 19:06:37] - C:\WINDOWS\Installer\10901c0.msi : (STCServ - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [16/03/2015 19:24:13] - C:\WINDOWS\Installer\10901c5.msi : (Intel® Connect Center - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [15/06/2018 16:25:27] - C:\WINDOWS\Installer\11bcdf1.msi : (Java SE Runtime Environment 8 Update 171 - Oracle Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [15/06/2018 16:25:17] - C:\WINDOWS\Installer\11bcdf6.msi : (Java Auto Updater - Oracle Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [07/11/2015 18:16:05] - C:\WINDOWS\Installer\17ba132.msi : (System Requirements Lab - Husdawg, LLC) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [05/09/2014 09:45:44] - C:\WINDOWS\Installer\1b574.msi : ( - ASUS) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [13/02/2015 19:04:36] - C:\WINDOWS\Installer\1bc2b.msi : (AudioWizard - ICEpower a/s) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [11/09/2014 10:48:42] - C:\WINDOWS\Installer\1bc35.msi : ( - ASUS) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [23/09/2014 04:59:10] - C:\WINDOWS\Installer\1c10d.msi : ( - ASUS) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [05/11/2014 06:45:30] - C:\WINDOWS\Installer\1c112.msi : ( - ASUS) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 13:28:54] - C:\WINDOWS\Installer\1e52bc16.msi : (Epson Event Manager - Seiko Epson Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/10/2014 12:19:28] - C:\WINDOWS\Installer\1e52bc1b.msi : (MyEpson Portal Setup - SEIKO EPSON CORPORATION) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [25/08/2015 01:00:00] - C:\WINDOWS\Installer\1e52bc20.msi : ( -) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/10/2015 18:20:56] - C:\WINDOWS\Installer\24f3d8.msi : (Epson Connect Printer Setup - SEIKO EPSON CORPORATION) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/01/2015 17:41:42] - C:\WINDOWS\Installer\26b76.msi : (Intel(R) ME UninstallLegacy - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/01/2015 17:42:24] - C:\WINDOWS\Installer\26b7b.msi : (Intel(R) Management Engine Components - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/01/2015 17:42:38] - C:\WINDOWS\Installer\26b82.msi : (Intel(R) Management Engine Components - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/01/2015 17:40:32] - C:\WINDOWS\Installer\26b87.msi : (Intel(R) Trusted Connect Service Client - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/08/2014 17:57:28] - C:\WINDOWS\Installer\27e23.msi : (Intel(R) Chipset Device Software - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/05/2015 04:38:02] - C:\WINDOWS\Installer\2b5d8f.msi : (Easy Photo Scan - Seiko Epson Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/02/2018 19:03:27] - C:\WINDOWS\Installer\2f21f858.msi : (Adobe ARM Installer - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [24/07/2014 03:22:22] - C:\WINDOWS\Installer\35d3f.msi : ( - ASUS) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/03/2015 10:41:29] - C:\WINDOWS\Installer\3e41cd.msi : ( - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [11/07/2014 05:24:20] - C:\WINDOWS\Installer\411e03.msi : (WIDCOMM Bluetooth Profile Pack - Broadcom Corp.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/01/2016 19:36:50] - C:\WINDOWS\Installer\428b4.msi : (Visual Studio 2012 x64 Redistributables - AVG Technologies) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/01/2016 19:36:52] - C:\WINDOWS\Installer\428b7.msi : (Visual Studio 2012 x86 Redistributables - AVG Technologies CZ, s.r.o.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [14/12/2015 14:46:18] - C:\WINDOWS\Installer\4782ea.msi : ( - ASUS) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [19/05/2018 10:28:58] - C:\WINDOWS\Installer\52fc8.msi : (Dropbox Update Helper - Dropbox, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [05/07/2017 04:45:00] - C:\WINDOWS\Installer\5b8e9c60.msi : (Epson Software Updater - SEIKO EPSON CORPORATION) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [20/11/2015 10:31:30] - C:\WINDOWS\Installer\5cb7245d.msi : ( - TomTom) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [02/09/2014 11:02:06] - C:\WINDOWS\Installer\796c4.msi : (Device Setup - ASUSTek Computer Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [05/06/2018 17:31:30] - C:\WINDOWS\Installer\98b4022.msi : ( - ASUSTeK COMPUTER INC.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [01/08/2016 10:39:54] - C:\WINDOWS\Installer\a58089f.msi : ( - ASUS) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [09/03/2015 16:12:42] - C:\WINDOWS\Installer\c40049.msi : (Epson Printer Connection Checker - SEIKO EPSON CORPORATION) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/05/2018 21:52:35] - C:\WINDOWS\Installer\d0528.msi : (Google Update Helper - Google Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [21/10/2015 17:37:24] - C:\WINDOWS\Installer\f31a1f3.msi : (OpenOffice 4.1.2 - OpenOffice) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] ---------- | %System%\*.in* [01/03/2018 18:26:42] - [3329] - C:\WINDOWS\System32\ieuinit.inf [02/02/2018 17:17:03] - [3328980] - C:\WINDOWS\System32\PerfStringBackup.INI [29/09/2017 15:41:57] - [60124] - C:\WINDOWS\System32\tcpmon.ini [29/09/2017 15:41:41] - [2307] - C:\WINDOWS\System32\WimBootCompress.ini [01/03/2018 18:26:42] - [3329] - C:\WINDOWS\Syswow64\ieuinit.inf [10/02/2016 20:57:28] - [2658948] - C:\WINDOWS\Syswow64\PerfStringBackup.INI [29/09/2017 15:42:13] - [2307] - C:\WINDOWS\Syswow64\WimBootCompress.ini ---------- | Listing no Microsoft signed files (Not necessary Malwares) | system32 | Syswow64 | General scan [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:33] - [0 Ko] - C:\WINDOWS\AppPatch\Custom\Custom64 [MD5.50A482B61CF112DA26D90E59075441B1] - |A| - [31/05/2018 15:02:03] - (.-.) - [32.42 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\1fedd7d9-6cc2-4866-916f-193ec8bd2a0a [MD5.00000000000000000000000000000000] - |D| - [14/06/2018 23:20:10] - [63502.88 Ko] - C:\WINDOWS\Temp\avast_ash2 [MD5.00000000000000000000000000000000] - |D| - [15/06/2018 11:15:29] - [0 Ko] - C:\WINDOWS\Temp\DiagTrack_alternativeTrace [MD5.00000000000000000000000000000000] - |D| - [15/06/2018 11:15:29] - [0 Ko] - C:\WINDOWS\Temp\DiagTrack_aot [MD5.00000000000000000000000000000000] - |D| - [15/06/2018 11:15:29] - [0 Ko] - C:\WINDOWS\Temp\DiagTrack_diag [MD5.00000000000000000000000000000000] - |D| - [15/06/2018 11:15:29] - [0 Ko] - C:\WINDOWS\Temp\DiagTrack_miniTrace [MD5.00000000000000000000000000000000] - |D| - [02/02/2018 16:57:47] - [501.49 Ko] - C:\WINDOWS\Temp\DPTF [MD5.D08F662F4F615D3E1D023A847EEA8EA9] - |A| - [14/06/2018 23:14:14] - (.-.) - [2.6 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20180614-231414-0.log [MD5.5EF21FF3B891A26CC2B6D4044CC56EA8] - |A| - [14/06/2018 23:30:03] - (.-.) - [2.6 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20180614-233003-0.log [MD5.DFF91ABE6C49612B2D7A4C9D4C5D5861] - |A| - [15/06/2018 11:15:16] - (.-.) - [2.6 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20180615-111516-0.log [MD5.AF1CB71BD833C450FEF7E1C0DB77BD92] - |A| - [12/06/2018 10:42:04] - (.-.) - [6.11 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MpCmdRun.log [MD5.00000000000000000000000000000000] - |D| - [14/06/2018 23:05:29] - [9.5 Ko] - C:\WINDOWS\Temp\SDIAG_0f2d786e-43ea-49be-b119-6cf19a028469 [MD5.00000000000000000000000000000000] - |D| - [14/06/2018 23:03:38] - [9.5 Ko] - C:\WINDOWS\Temp\SDIAG_9e78bcaf-e865-434e-8a03-533a8a744243 [MD5.00000000000000000000000000000000] - |D| - [14/06/2018 23:04:22] - [9.5 Ko] - C:\WINDOWS\Temp\SDIAG_af4a08c0-44d6-4a86-ab66-50d3bfd16a26 [MD5.00000000000000000000000000000000] - |D| - [14/06/2018 22:53:36] - [9.5 Ko] - C:\WINDOWS\Temp\SDIAG_c590ed96-f572-4538-8c6e-dd865805cdc5 [MD5.00000000000000000000000000000000] - |D| - [08/06/2018 21:43:14] - [0 Ko] - C:\WINDOWS\Temp\_avast_ [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:40:04] - [0 Ko] - C:\WINDOWS\System32\0409 [MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [29/09/2017 15:41:41] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@AudioToastIcon.png [MD5.8E4B25CC8E98F63DBD54176DFAB539E0] - |A| - [29/09/2017 15:41:27] - (.-.) - [0.44 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@BackgroundAccessToastIcon.png [MD5.3937359E324E15F6A7A7092D4DAEBD64] - |A| - [29/09/2017 15:41:47] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@bitlockertoastimage.png [MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [29/09/2017 15:41:33] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@EnrollmentToastIcon.png [MD5.C2A332DE50FE519DA21AFB8BD6E134F4] - |A| - [29/09/2017 15:41:50] - (.-.) - [0.55 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@language_notification_icon.png [MD5.2B7002E9C7EA6B436F3A0F7C305AACD8] - |A| - [19/05/2018 12:32:20] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@NotifierToastIcon.png [MD5.A119D69B4C29845D3F8CE2E5638C8E65] - |A| - [29/09/2017 15:41:56] - (.-.) - [0.47 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@optionalfeatures.png [MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [29/09/2017 15:41:58] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@VpnToastIcon.png [MD5.7AC3EA1A5175106ED6467FF0C5315541] - |A| - [29/09/2017 15:42:07] - (.-.) - [14.75 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WiFiNotificationIcon.png [MD5.13EF2C8D799F7B6E9D8E3D6BACB9C779] - |A| - [29/09/2017 15:41:33] - (.-.) - [0.7 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsHelloFaceToastIcon.png [MD5.F553B252FEC3134D4F5303D9B25298B3] - |A| - [29/09/2017 15:41:12] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsUpdateToastIcon.contrast-black.png [MD5.DAD405CBDE259DE527EBF71BCC28099C] - |A| - [29/09/2017 15:41:12] - (.-.) - [0.79 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsUpdateToastIcon.contrast-white.png [MD5.F553B252FEC3134D4F5303D9B25298B3] - |A| - [29/09/2017 15:41:12] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsUpdateToastIcon.png [MD5.DB71001FC261F6685BE410527DAE3942] - |A| - [29/09/2017 15:41:41] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WirelessDisplayToast.png [MD5.D0FCF781D0801ABF5F74B54E98076A5B] - |A| - [29/09/2017 15:41:31] - (.-.) - [0.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WwanNotificationIcon.png [MD5.85D91E478AF18125007C531227FF6E59] - |A| - [29/09/2017 15:41:31] - (.-.) - [0.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WwanSimLockIcon.png [MD5.7C25BB1748CE8270AAAE1794C8374E2F] - |A| - [10/11/2015 07:17:36] - (.-.) - [124.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\AcpiServiceVnA64.dll [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 10:45:14] - [2985.4 Ko] - C:\WINDOWS\System32\AdvancedInstallers [MD5.3523B5D5B79EC736B4416D3C9D591EC2] - |A| - [14/12/2015 11:41:42] - (.-.) - [55.62 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ASGCoInstaller_x64.dll [MD5.F4C05547920F091BA19D7971DB5CFF6C] - |A| - [11/06/2018 13:45:53] - (.Copyright (c) 2018 AVAST Software - Avast start-up scanner.) - [367.71 Ko] - (18.4.3895.0) - C:\WINDOWS\System32\aswBoot.exe [MD5.E1B4816FE534FD7686376E908E9A9279] - |A| - [10/11/2015 07:16:14] - (.-.) - [111.36 Ko] - (0.0.0.0) - C:\WINDOWS\System32\audioLibVc.dll [MD5.C03F0062C0749CDB59A4D60862C3E83E] - |A| - [29/09/2017 15:41:25] - (.-.) - [134.86 Ko] - (0.0.0.0) - C:\WINDOWS\System32\AverageRoom.bin [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [30 Ko] - C:\WINDOWS\System32\az-Latn-AZ [MD5.5712256A8FAB555CC50AEAC2A899A17A] - |A| - [29/09/2017 15:41:41] - (.Copyright (C) 2008 - Gestionnaire de contexte pour réseau personnel Bluetooth.) - [180.5 Ko] - (1.0.0.1) - C:\WINDOWS\System32\BthpanContextHandler.dll [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:33] - [0.1 Ko] - C:\WINDOWS\System32\Bthprops [MD5.64430E214B5B229D426D2D35538C402D] - |A| - [30/11/2016 02:56:14] - (.-.) - [366.38 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ColorImageEnhancement.wmv [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:33] - [358 Ko] - C:\WINDOWS\System32\com [MD5.D2ACA49254C32126E3B27855B9345D85] - |A| - [10/11/2015 07:18:02] - (.2013 © Real Sound Lab SIA, iSoft Solutions - CONEQ™ Media Suite APO GUI Library.) - [127.98 Ko] - (1.0.0.4) - C:\WINDOWS\System32\CONEQMSAPOGUILibrary.dll [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 10:45:11] - [447525.09 Ko] - C:\WINDOWS\System32\config [MD5.00000000000000000000000000000000] - |SD| - [29/09/2017 15:46:33] - [53.11 Ko] - C:\WINDOWS\System32\Configuration [MD5.82DF5576BDD96CE8DF5A06C0571EA463] - |A| - [30/11/2016 02:56:14] - (.-.) - [499.28 Ko] - (0.0.0.0) - C:\WINDOWS\System32\cp_resources.bin [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:33] - [346 Ko] - C:\WINDOWS\System32\cs-CZ [MD5.D1466A23303E325A6DB4B807F40FF9D5] - |A| - [10/11/2015 07:26:00] - (.©Conexant Systems Inc. - Conexant APO.) - [1586.69 Ko] - (1.31.0.0) - C:\WINDOWS\System32\CX64APO.dll [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [31.5 Ko] - C:\WINDOWS\System32\cy-GB [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:33] - [342 Ko] - C:\WINDOWS\System32\da-DK [MD5.A45B720B90F84A68AECB6E305C17B126] - |A| - [09/05/2018 14:16:06] - (.-.) - [83 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DataStoreCacheDumpTool.exe [MD5.00000000000000000000000000000000] - |D| - [17/03/2018 22:50:56] - [4347.34 Ko] - C:\WINDOWS\System32\DAX2 [MD5.0CE751A4B91D0EFD4DA259F1F0DC4477] - |A| - [04/06/2018 12:18:30] - (.Dropbox, Inc. - Dropbox Service.) - [49.83 Ko] - (1.0.24.0) - C:\WINDOWS\System32\DbxSvc.exe [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:33] - [203.41 Ko] - C:\WINDOWS\System32\DDFs [MD5.F225DAE9F9995A184A8152D400DAC761] - |A| - [10/11/2015 07:26:02] - (.©2014 Dolby Laboratories. - Dolby Digital Plus API x86.) - [277.3 Ko] - (7.6.5.1) - C:\WINDOWS\System32\DDPA64.dll [MD5.4DC30C4345B768B0D1BBB3FCA9BEE7EC] - |A| - [10/11/2015 07:26:04] - (.©2014 Dolby Laboratories. - Dolby Digital Plus API x86.) - [314.5 Ko] - (7.6.7.2) - C:\WINDOWS\System32\DDPA64F3.dll [MD5.07F3F00A938FE522D9AB9F286725EA43] - |A| - [10/11/2015 07:26:08] - (.©2014 Dolby Laboratories. - Dolby Digital Plus COM DLL x86.) - [1945.13 Ko] - (7.6.5.1) - C:\WINDOWS\System32\DDPD64A.dll [MD5.E41BA253C3891526903A0B85F8ACBD32] - |A| - [10/11/2015 07:26:12] - (.©2014 Dolby Laboratories. - Dolby Digital Plus COM DLL x86.) - [1939.06 Ko] - (7.6.7.2) - C:\WINDOWS\System32\DDPD64AF3.dll [MD5.B24F16CF0D14D4B2FA8B78878FC2E19D] - |A| - [10/11/2015 07:26:14] - (.©2014 Dolby Laboratories. - Dolby Digital Plus APO x86.) - [331.2 Ko] - (7.6.5.1) - C:\WINDOWS\System32\DDPO64A.dll [MD5.C6B3686441BECCB6711B29D6FD8E8CF1] - |A| - [10/11/2015 07:26:14] - (.©2014 Dolby Laboratories. - Dolby Digital Plus APO x86.) - [365.35 Ko] - (7.6.7.2) - C:\WINDOWS\System32\DDPO64AF3.dll [MD5.6587D74F22CAA77238374E577101B8A0] - |A| - [10/11/2015 07:18:22] - (.©2014 Dolby Laboratories. - Dolby DS1PC Control Panel x86.) - [6938.39 Ko] - (7.6.5.1) - C:\WINDOWS\System32\DDPP64A.dll [MD5.B6BE0D29F58906AC5D44E0360AACCC2F] - |A| - [10/11/2015 07:18:30] - (.©2014 Dolby Laboratories. - Dolby DS1PC Control Panel x86.) - [6126.33 Ko] - (7.6.7.2) - C:\WINDOWS\System32\DDPP64AF3.dll [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:33] - [386 Ko] - C:\WINDOWS\System32\de-DE [MD5.C04ED7B2794D40E8E777FD44ED44FC50] - |A| - [29/09/2017 15:41:26] - (.-.) - [0.36 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultAccountTile.png [MD5.618BA9E529EAB7E11DBA43469481835F] - |A| - [29/09/2017 15:41:25] - (.-.) - [4128.04 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultHrtfs.bin [MD5.664AA698FC0106A2B075A641E8DC6302] - |A| - [29/09/2017 15:46:41] - (.-.) - [0.84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultQuestions.json [MD5.46BBA24DEED94A68F244D5DBA4161948] - |A| - [30/07/2015 23:55:12] - (.-.) - [15.77 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DESKTOP-VRKVT78_Administrator_HistoryPrediction.bin [MD5.DCF2510E0745720E543E84F5E921FCC0] - |A| - [18/03/2014 17:28:04] - (.-.) - [256.19 Ko] - (0.0.0.0) - C:\WINDOWS\System32\dfpinc.dat [MD5.00000000000000000000000000000000] - |SD| - [29/09/2017 15:46:33] - [865 Ko] - C:\WINDOWS\System32\DiagSvcs [MD5.5FF3FA1BFBB0CD05534F650EA27A6651] - |A| - [29/09/2017 15:41:45] - (.-.) - [90.75 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DiskSnapshot.conf [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 10:45:13] - [8762.32 Ko] - C:\WINDOWS\System32\Dism [MD5.17FBCE91AEBA666E5BC2423C8EB34E8B] - |A| - [30/11/2016 02:56:14] - (.-.) - [812.19 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DisplayAudiox64.cab [MD5.29DF481E8D57BAEF15DC40AEBD2718D6] - |A| - [10/11/2015 07:18:34] - (.© 2015 Dolby Laboratories, Inc. - Dolby DAX2 APO Property Page.) - [939.89 Ko] - (0.4.0.19) - C:\WINDOWS\System32\DolbyDAX2APOProp.dll [MD5.BE6A182E7400AEB24FA5209E1160F1C2] - |A| - [10/11/2015 07:26:20] - (.© 2015 Dolby Laboratories, Inc. - Dolby DAX2 APO.) - [2396 Ko] - (0.4.0.19) - C:\WINDOWS\System32\DolbyDAX2APOv201.dll [MD5.9004DD7CA88B59D9E6CF168F202CC1D4] - |A| - [10/11/2015 07:26:24] - (.© 2015 Dolby Laboratories, Inc. - Dolby DAX2 APO.) - [2463.63 Ko] - (0.4.0.19) - C:\WINDOWS\System32\DolbyDAX2APOv211.dll [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 10:45:13] - [1127.34 Ko] - C:\WINDOWS\System32\downlevel [MD5.60E6C68CB0B797EDD0386A68526935A4] - |A| - [30/11/2016 02:56:14] - (.-.) - [0.91 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DPTopologyApp.exe.config [MD5.899E708E589C09700BFF1C73CB7D7002] - |A| - [30/11/2016 02:56:14] - (.-.) - [0.87 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DPTopologyAppv2_0.exe.config [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:04] - [169009.49 Ko] - C:\WINDOWS\System32\drivers [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 10:45:11] - [5108295.44 Ko] - C:\WINDOWS\System32\DriverStore [MD5.00000000000000000000000000000000] - |DC| - [06/08/2016 20:44:04] - [0 Ko] - C:\WINDOWS\System32\DRVSTORE [MD5.00000000000000000000000000000000] - |SD| - [29/09/2017 15:46:33] - [161.5 Ko] - C:\WINDOWS\System32\dsc [MD5.A50202ED99BAE8328BAED7AE4A4D7E80] - |A| - [10/11/2015 07:26:26] - (.(c) DTS. - DTS Bass Enhancement COM DLL.) - [741.43 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSBassEnhancementDLL64.dll [MD5.1FB87D32F22F7ED121A6CF9374951BE4] - |A| - [10/11/2015 07:26:30] - (.(c) DTS. - DTS Boost COM DLL.) - [1495.02 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSBoostDLL64.dll [MD5.7BB67553ECDE4F198B24015C37DF6CDD] - |A| - [10/11/2015 07:26:34] - (.(c) DTS. - DTS Gain Compensator COM DLL.) - [443.23 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSGainCompensatorDLL64.dll [MD5.E8ABB12A2BED5FF8739FEB0BF848E6BC] - |A| - [10/11/2015 07:26:34] - (.(c) DTS. - DTS GFX APO.) - [258.77 Ko] - (1.0.0.3) - C:\WINDOWS\System32\DTSGFXAPO64.dll [MD5.122F745EF0481AD2A8595DD616CCEBC7] - |A| - [10/11/2015 07:26:36] - (.(c) DTS. - DTS GFX APO.) - [257.78 Ko] - (1.0.0.3) - C:\WINDOWS\System32\DTSGFXAPONS64.dll [MD5.89D77B02ACFD5F4A15E60B64280E0531] - |A| - [10/11/2015 07:26:36] - (.(c) DTS. - DTS LFX APO.) - [258.71 Ko] - (1.0.0.3) - C:\WINDOWS\System32\DTSLFXAPO64.dll [MD5.805BC3D2F6626E867AA2BF84CF936CC3] - |A| - [10/11/2015 07:26:40] - (.(c) DTS. - DTS Limiter COM DLL.) - [447.3 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSLimiterDLL64.dll [MD5.0DAF62F4834AD3B062040EB7FDE4DE7F] - |A| - [10/11/2015 07:26:40] - (.(c) DTS. - DTS NEO:PC COM DLL.) - [505.36 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSNeoPCDLL64.dll [MD5.4D1A80900ED9A143756226BE2C8F569B] - |A| - [10/11/2015 07:26:44] - (.(c) DTS. - DTS Surround Sensation Headphone COM DLL.) - [1575.92 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSS2HeadphoneDLL64.dll [MD5.023F6DD6B319A64D0650D74B8D6523A9] - |A| - [10/11/2015 07:26:48] - (.(c) DTS. - DTS Surround Sensation Speaker COM DLL.) - [1762.66 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSS2SpeakerDLL64.dll [MD5.C7C8412C5F879DA4D7A15C98F5BAE66E] - |A| - [10/11/2015 07:26:52] - (.(c) DTS. - DTS Symmetry COM DLL.) - [725.16 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSSymmetryDLL64.dll [MD5.3E42EC7A358546B830C3B6664A9526E7] - |A| - [10/11/2015 07:26:54] - (.(c) DTS. - DTS GFX APO.) - [501.7 Ko] - (2.1.1.0) - C:\WINDOWS\System32\DTSU2PGFX64.dll [MD5.A69B54A5B877689C923233C0528F34B6] - |A| - [10/11/2015 07:26:56] - (.(c) DTS. - DTS LFX APO.) - [515.48 Ko] - (2.1.1.0) - C:\WINDOWS\System32\DTSU2PLFX64.dll [MD5.B38DFDAEAA0E28FCAFD2107A5B3D9011] - |A| - [10/11/2015 07:26:56] - (.(c) DTS. - DTS LFX APO.) - [430.43 Ko] - (2.1.1.0) - C:\WINDOWS\System32\DTSU2PREC64.dll [MD5.0E9BA224BF8A19B996DC69E07FE24ED7] - |A| - [10/11/2015 07:27:00] - (.(c) DTS. - DTS Voice Clarity COM DLL.) - [706.3 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSVoiceClarityDLL64.dll [MD5.DF84EB7B44D1414284BA384F0061D1DC] - |A| - [29/09/2017 15:41:25] - (.-.) - [728.08 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DynamicLong.bin [MD5.346870077DFD18867A9693C7A59AA3E6] - |A| - [29/09/2017 15:41:25] - (.-.) - [503.08 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DynamicMedium.bin [MD5.2BEC13D68312ADE8C0065D8BCC146D2F] - |A| - [29/09/2017 15:41:25] - (.-.) - [315.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DynamicShort.bin [MD5.4D1B8C9983D257EE86B6CC57C639E8E5] - |A| - [29/09/2017 15:41:12] - (.-.) - [3.38 Ko] - (0.0.0.0) - C:\WINDOWS\System32\edgehtmlpluginpolicy.bin [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:33] - [381.5 Ko] - C:\WINDOWS\System32\el-GR [MD5.9681C54778F1C5247CB6126F8BEAAF44] - |A| - [03/11/2015 14:19:08] - (.-.) - [22.66 Ko] - (0.0.0.0) - C:\WINDOWS\System32\emptyregdb.dat [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:40:04] - [0 Ko] - C:\WINDOWS\System32\en [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:33] - [271 Ko] - C:\WINDOWS\System32\en-GB [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:33] - [2169.03 Ko] - C:\WINDOWS\System32\en-US [MD5.BAC5074667751F72A9CE48CDC31BAC48] - |A| - [30/10/2015 18:28:27] - (.Copyright (C) 2007 SEIKO EPSON CORP. - E_GCINST.) - [10.5 Ko] - (1.0.0.6) - C:\WINDOWS\System32\E_GCINST.DLL [MD5.8159960E8BA20F1C4A4EBCF0DAEC60E5] - |A| - [30/10/2015 18:28:26] - (.Copyright (C) SEIKO EPSON CORPORATION 2005-2010. - ECBTEGB AMD64.) - [82 Ko] - (3.3.0.0) - C:\WINDOWS\System32\E_YD4BNEE.DLL [MD5.56BF5337352CF984CB367D053C7B28E3] - |A| - [30/10/2015 18:28:27] - (.Copyright (C) SEIKO EPSON CORPORATION 2005-2014. - EPSON Bi-directional Monitor AMD64.) - [175.5 Ko] - (4.5.0.0) - C:\WINDOWS\System32\E_YLMBNEE.DLL [MD5.00000000000000000000000000000000] - |SD| - [29/09/2017 15:46:33] - [28352.66 Ko] - C:\WINDOWS\System32\F12 [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [28.5 Ko] - C:\WINDOWS\System32\fa-IR [MD5.9576E963E56024AB319403C1FD86B5DA] - |A| - [13/06/2018 13:11:04] - (.-.) - [952.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FaceProcessor.dll [MD5.72166BD7CA6CCD71EE2DC7F72EC42862] - |A| - [13/06/2018 13:11:05] - (.-.) - [263.4 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FaceProcessorCore.dll [MD5.812CDFD967D2E82A3D24FCAA5784749D] - |A| - [29/09/2017 15:41:33] - (.-.) - [1325.65 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FaceTrackerInternal.dll [MD5.E65D2A37B6D4445D0CD9234BA933475B] - |A| - [01/03/2018 18:27:44] - (.-.) - [72.96 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FeatureToastHeroImg.jpg [MD5.36C8FB8BB53F4EB0999D6B4FB8D6B38E] - |A| - [02/02/2018 21:28:46] - (.Copyright © 2002-2012 - ffdshow VFW.) - [90 Ko] - (1.2.4422.0) - C:\WINDOWS\System32\ff_vfw.dll [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:33] - [346 Ko] - C:\WINDOWS\System32\fi-FI [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [32.5 Ko] - C:\WINDOWS\System32\fil-PH [MD5.A08B87CC51FB774ED45FDF4284B1974F] - |A| - [30/11/2016 02:56:14] - (.-.) - [626.49 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FilmModeDetection.wmv [MD5.3BA41E92CA57109313EC3948BA1ECF52] - |A| - [08/05/2018 09:39:12] - (.-.) - [414.54 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FNTCACHE.DAT [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:40:04] - [3403 Ko] - C:\WINDOWS\System32\fr [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:33] - [306.5 Ko] - C:\WINDOWS\System32\fr-CA [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:33] - [45060.6 Ko] - C:\WINDOWS\System32\fr-FR [MD5.434299BE3124ADC5B84233BF4CDCF157] - |A| - [22/12/2017 01:59:04] - (.Copyright © Beepa P/L 2013 - Fraps.) - [103.5 Ko] - (3.5.99.15625) - C:\WINDOWS\System32\frapsv64.dll [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:33] - [0 Ko] - C:\WINDOWS\System32\FxsTmp [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [32.5 Ko] - C:\WINDOWS\System32\ga-IE [MD5.D07F2281427BD098356EE74B6CB26B86] - |A| - [29/09/2017 15:42:03] - (.-.) - [89 Ko] - (0.0.0.0) - C:\WINDOWS\System32\gatherNetworkInfo.vbs [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [34 Ko] - C:\WINDOWS\System32\gd-GB [MD5.899E708E589C09700BFF1C73CB7D7002] - |A| - [30/11/2016 02:56:14] - (.-.) - [0.87 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxv2_0.exe.config [MD5.60E6C68CB0B797EDD0386A68526935A4] - |A| - [30/11/2016 02:56:14] - (.-.) - [0.91 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxv4_0.exe.config [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [26/01/2017 12:16:57] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\System32\GfxValDisplayLog.bin [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [31 Ko] - C:\WINDOWS\System32\gl-ES [MD5.00000000000000000000000000000000] - |HD| - [22/08/2013 17:36:31] - [0.74 Ko] - C:\WINDOWS\System32\GroupPolicy [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [0 Ko] - C:\WINDOWS\System32\GroupPolicyUsers [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [29 Ko] - C:\WINDOWS\System32\gu-IN [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [29 Ko] - C:\WINDOWS\System32\ha-Latn-NG [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:33] - [284 Ko] - C:\WINDOWS\System32\he-IL [MD5.4CD16A9C15397E1FAD5F19E35A13BE58] - |A| - [29/09/2017 15:41:27] - (.-.) - [215.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeatCore.dll [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [29 Ko] - C:\WINDOWS\System32\hi-IN [MD5.A433373F42E80A90E1C40BC8DCA356E2] - |A| - [10/11/2015 07:18:40] - (.© 2015 Dolby Laboratories, Inc. - Dolby DAX2 HiFi API.) - [358.39 Ko] - (0.4.0.21) - C:\WINDOWS\System32\HiFiDAX2API.dll [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:33] - [278 Ko] - C:\WINDOWS\System32\hr-HR [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:33] - [352.5 Ko] - C:\WINDOWS\System32\hu-HU [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [27.5 Ko] - C:\WINDOWS\System32\hy-AM [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:33] - [124.21 Ko] - C:\WINDOWS\System32\hydrogen [MD5.A565537F1580872AE5B95D0CA457D780] - |A| - [29/09/2017 15:41:23] - (.-.) - [44.4 Ko] - (0.0.0.0) - C:\WINDOWS\System32\hypervisor.mof [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:33] - [5.36 Ko] - C:\WINDOWS\System32\ias [MD5.B9C88C3C0CC5F879D9E99BBF98A5C3D9] - |A| - [13/02/2015 18:51:59] - (.Copyright (c) 2015, ICEpower a/s - ICEpower ICEsound audio effects.) - [344.19 Ko] - (1.0.0.15) - C:\WINDOWS\System32\ICEsoundAPO64.dll [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:33] - [36.27 Ko] - C:\WINDOWS\System32\icsxml [MD5.FC7A71725A4887AD88FB4A0B764FFBF4] - |RA| - [29/09/2017 15:41:30] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU I18N DLL.) - [1856 Ko] - (59.1.0.0) - C:\WINDOWS\System32\icuin.dll [MD5.FB96578635DB1CFC08871A599539349E] - |RA| - [29/09/2017 15:41:30] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Common DLL.) - [1309.5 Ko] - (59.1.0.0) - C:\WINDOWS\System32\icuuc.dll [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [28.5 Ko] - C:\WINDOWS\System32\id-ID [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [27 Ko] - C:\WINDOWS\System32\ig-NG [MD5.AB2D50B6F3C665B55C8E5A049D59E7CC] - |A| - [30/11/2016 02:56:18] - (.-.) - [5663.46 Ko] - (0.0.0.0) - C:\WINDOWS\System32\igdclbif.bin [MD5.B00A94D06A20B9B7382818E169613E9E] - |A| - [30/11/2016 22:56:42] - (.Copyright (C) 2012-2015 - MDF(CM) Runtime DX11 Dynamic Link Library.) - [178.7 Ko] - (5.0.0.1148) - C:\WINDOWS\System32\igfx11cmrt64.dll [MD5.7ACB75AA480D7F81A01C74241C866F4F] - |A| - [30/11/2016 22:56:18] - (.Copyright (C) 2010 - 2015 - MDF(CM) JIT Dynamic Link Library.) - [1553.51 Ko] - (5.0.0.1148) - C:\WINDOWS\System32\igfxcmjit64.dll [MD5.81583957ADAE0BD3B7E416C160C40E07] - |A| - [30/11/2016 22:56:50] - (.Copyright (C) 2010 - 2015 - MDF(CM) Runtime Dynamic Link Library.) - [179.7 Ko] - (5.0.0.1148) - C:\WINDOWS\System32\igfxcmrt64.dll [MD5.EF9390A03B2BDE2E6A24C71BEB5748F3] - |A| - [30/11/2016 22:56:22] - (.-.) - [267.01 Ko] - (0.0.0.0) - C:\WINDOWS\System32\igfxCPL.cpl [MD5.C3944847462CBEFAE479C31D938C1491] - |A| - [30/11/2016 22:56:32] - (.-.) - [101.01 Ko] - (0.0.0.0) - C:\WINDOWS\System32\igfxCUIServicePS.dll [MD5.B96A6C8002F307BCC2D35F9CD4DA287F] - |A| - [30/11/2016 22:56:38] - (.-.) - [82.51 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxDHLib.dll [MD5.B9F6958F071CC397BAF2A93F4993429D] - |A| - [30/11/2016 22:56:40] - (.-.) - [93.01 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxDHLibv2_0.dll [MD5.2452E415E1D8A64E26D7970EC882BC56] - |A| - [30/11/2016 22:56:46] - (.-.) - [28.51 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxDILib.dll [MD5.56A686346BD2B62A28DE9E30E85F67A2] - |A| - [30/11/2016 22:56:48] - (.-.) - [28.51 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxDILibv2_0.dll [MD5.D6919CD2FA3C0C794A062D3D266C8930] - |A| - [30/11/2016 22:56:58] - (.-.) - [27.01 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxEMLib.dll [MD5.2CD34AA6E9E3CBAFF25A9DB933FDD4EF] - |A| - [30/11/2016 22:57:00] - (.-.) - [27.01 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxEMLibv2_0.dll [MD5.849D49E4FE8FE71DA638E87FBF8C3CF9] - |A| - [30/11/2016 22:57:18] - (.-.) - [22.01 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxLHMLib.dll [MD5.014908E8B2E69BA6F1DED6897FCC7985] - |A| - [30/11/2016 22:57:24] - (.-.) - [22.01 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxLHMLibv2_0.dll [MD5.7136416D6203AABE347B418646B49359] - |A| - [30/11/2016 22:57:32] - (.-.) - [1002.96 Ko] - (0.0.0.0) - C:\WINDOWS\System32\igfxSDK.exe [MD5.B698EBBAC77D6E698F5550746F3E9A7D] - |A| - [30/11/2016 22:57:36] - (.-.) - [98.51 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxSDKLib.dll [MD5.3F97F0FE00548B1B271B2D9B5E769C00] - |A| - [30/11/2016 22:57:42] - (.-.) - [109.01 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxSDKLibv2_0.dll [MD5.63C36E3D97A3EA6B3A89B6075BD77925] - |A| - [30/11/2016 22:57:46] - (.-.) - [392.47 Ko] - (0.0.0.0) - C:\WINDOWS\System32\igfxTray.exe [MD5.6C0F36ABFE80433B352FA7748ED887BF] - |A| - [30/11/2016 02:56:20] - (.-.) - [2748 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxa64.cpa [MD5.0D3AF85E1F169395885151038ADE9317] - |A| - [30/11/2016 02:56:20] - (.-.) - [1.1 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxa64.vp [MD5.A0D0A10C8DA1B00A2EE378357F72BA90] - |A| - [30/11/2016 02:56:20] - (.-.) - [39.37 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxc64.vp [MD5.7B929507BB2C2A3FBD2956EC3515364C] - |A| - [30/11/2016 02:56:20] - (.-.) - [40.33 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxc64_dev.vp [MD5.1A8302994182D4FC003A71DC6D23EE81] - |A| - [30/11/2016 02:56:20] - (.-.) - [38.73 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxg64.vp [MD5.38FA402460982FE9A071BEC11C58B0D3] - |A| - [30/11/2016 02:56:20] - (.-.) - [38.87 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxg64_dev.vp [MD5.26526A63D35D8E4E19C46F920AAF48F2] - |A| - [30/11/2016 02:56:20] - (.-.) - [39.4 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxo64.vp [MD5.9CD97189D5A5E409BBEC1B28A8AFD428] - |A| - [30/11/2016 02:56:20] - (.-.) - [39.97 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxo64_dev.vp [MD5.43B54B93E36AD6D5842C33697D5B3F47] - |A| - [30/11/2016 02:56:20] - (.-.) - [4.75 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxs64.vp [MD5.19C3C8394B1A8EBE7CF61A8C0221C024] - |A| - [29/09/2017 15:41:25] - (.-.) - [168.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\IHDS.dll [MD5.3ED204C864E5CC3C78D3DBB707D102D1] - |A| - [30/11/2016 02:56:20] - (.-.) - [394.21 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ImageStabilization.wmv [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:33] - [24877.17 Ko] - C:\WINDOWS\System32\IME [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:33] - [0 Ko] - C:\WINDOWS\System32\inetsrv [MD5.B98C0E77C3C1034303C20843DE05455E] - |A| - [29/09/2017 15:41:31] - (.-.) - [180.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\InputHost.dll [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:33] - [6484 Ko] - C:\WINDOWS\System32\InputMethod [MD5.72652EDC712584F93088238767533BBC] - |A| - [30/11/2016 22:58:02] - (.Copyright (C) 2015 - IntelCpHDCPSvc Executable.) - [437.97 Ko] - (1.0.0.1) - C:\WINDOWS\System32\IntelCpHDCPSvc.exe [MD5.EE5C284485228230494662C005FE51D7] - |A| - [30/11/2016 22:59:00] - (.Copyright © The Khronos Group Inc 2014 - OpenCL Client DLL.) - [97.51 Ko] - (2.0.2.0) - C:\WINDOWS\System32\Intel_OpenCL_ICD64.dll [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:33] - [0 Ko] - C:\WINDOWS\System32\Ipmi [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [29 Ko] - C:\WINDOWS\System32\is-IS [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:33] - [371.5 Ko] - C:\WINDOWS\System32\it-IT [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:33] - [270.91 Ko] - C:\WINDOWS\System32\ja-jp [MD5.27FB603EA2DFBF48C97AA2AA1087B702] - |A| - [07/11/2015 11:14:10] - (.-.) - [15.77 Ko] - (0.0.0.0) - C:\WINDOWS\System32\JEREMY_jeremy_HistoryPrediction.bin [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [28.5 Ko] - C:\WINDOWS\System32\ka-GE [MD5.4A234698DCD22E053DC378906766CAB0] - |A| - [10/11/2015 07:27:20] - (.© Knowles Electronics. - Knowles HD Audio APO.) - [617.55 Ko] - (4.1105.6000.53) - C:\WINDOWS\System32\KAAPORT64.dll [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [28.5 Ko] - C:\WINDOWS\System32\kk-KZ [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [28 Ko] - C:\WINDOWS\System32\km-KH [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [31.5 Ko] - C:\WINDOWS\System32\kn-IN [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:33] - [262 Ko] - C:\WINDOWS\System32\ko-KR [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [29 Ko] - C:\WINDOWS\System32\kok-IN [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [29.5 Ko] - C:\WINDOWS\System32\ku-Arab-IQ [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [30 Ko] - C:\WINDOWS\System32\ky-KG [MD5.F0CC83E1BA7E24F9B3292160C28AECD7] - |A| - [29/09/2017 15:41:25] - (.-.) - [145.56 Ko] - (0.0.0.0) - C:\WINDOWS\System32\LargeRoom.bin [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [25/05/2018 16:49:48] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\System32\last.dump [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [33 Ko] - C:\WINDOWS\System32\lb-LU [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:33] - [212.14 Ko] - C:\WINDOWS\System32\Licenses [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [27 Ko] - C:\WINDOWS\System32\lo-LA [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:33] - [1445.76 Ko] - C:\WINDOWS\System32\LogFiles [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:33] - [274.5 Ko] - C:\WINDOWS\System32\lt-LT [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:33] - [276 Ko] - C:\WINDOWS\System32\lv-LV [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:33] - [58391.04 Ko] - C:\WINDOWS\System32\Macromed [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [32.68 Ko] - C:\WINDOWS\System32\MailContactsCalendarSync [MD5.03FFBAACF8CB6D3B4E98F5982AB9FE4F] - |A| - [10/11/2015 07:27:32] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [334.27 Ko] - (2.2.9.0) - C:\WINDOWS\System32\MaxxAudioAPO20.dll [MD5.9F96AB84F657819C8465D546584DB434] - |A| - [10/11/2015 07:27:34] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [676.81 Ko] - (3.6.0.0) - C:\WINDOWS\System32\MaxxAudioAPO30.dll [MD5.BA39E755F6EB490761FD44FF001D89BC] - |A| - [10/11/2015 07:27:36] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [1155.64 Ko] - (4.5.8.0) - C:\WINDOWS\System32\MaxxAudioAPO4064.dll [MD5.677495271C2C953FA8C61C59A521222D] - |A| - [10/11/2015 07:27:42] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [1202.41 Ko] - (5.6.5.0) - C:\WINDOWS\System32\MaxxAudioAPO5064.dll [MD5.A20FD68DCA84C34DD2B472016DA4E31F] - |A| - [10/11/2015 07:27:46] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [1383.65 Ko] - (6.1.14.0) - C:\WINDOWS\System32\MaxxAudioAPO6064.dll [MD5.28A8715ADDE420AC2E0D6B725FFC13F5] - |A| - [10/11/2015 07:27:50] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [2789.77 Ko] - (7.0.10.0) - C:\WINDOWS\System32\MaxxAudioAPO7064.dll [MD5.90EED55194B9490AA47368B95B1336FF] - |A| - [10/11/2015 07:18:46] - (.Copyright (C) 2010-2013 - MaxxAudio APO Shell.) - [918.3 Ko] - (4.10.8.0) - C:\WINDOWS\System32\MaxxAudioAPOShell64.dll [MD5.0F2BE80C7FD3F43296B1F40609536EC8] - |A| - [10/11/2015 07:18:50] - (.Copyright © 1996-2014 -.) - [2010.65 Ko] - (4.1.1.0) - C:\WINDOWS\System32\MaxxAudioEQ64.dll [MD5.A8D9D5AA9FBF5903583304AA52A472BD] - |A| - [10/11/2015 07:19:02] - (.Copyright © 1996-2013 -.) - [13736.3 Ko] - (4.4.10.0) - C:\WINDOWS\System32\MaxxAudioRealtek64.dll [MD5.200870625F8321C9979BF22594F6F917] - |A| - [10/11/2015 07:19:08] - (.© Waves Audio Ltd. - MaxxSpeech APO.) - [1300.17 Ko] - (1.1.4.0) - C:\WINDOWS\System32\MaxxSpeechAPO64.dll [MD5.6E9FFD6A504DE9EF1B31A444774FAAD3] - |A| - [10/11/2015 07:27:54] - (.© Waves Audio Ltd. - MaxxVoice APO.) - [991.83 Ko] - (2.6.2.0) - C:\WINDOWS\System32\MaxxVoiceAPO2064.dll [MD5.4507310C5FBD94A1D4A3DCFC24121E40] - |A| - [10/11/2015 07:28:16] - (.© Waves Audio Ltd. - MaxxVoice APO.) - [12933.52 Ko] - (3.1.14.0) - C:\WINDOWS\System32\MaxxVoiceAPO3064.dll [MD5.516E3877D1F664DDEE09632C2ADB434A] - |A| - [10/11/2015 07:28:28] - (.© Waves Audio Ltd. - MaxxVoice APO.) - [12801.34 Ko] - (4.0.19.0) - C:\WINDOWS\System32\MaxxVoiceAPO4064.dll [MD5.EA2C3B69763E16C270E28C4D48DA8606] - |A| - [10/11/2015 07:28:32] - (.© Waves Audio Ltd. - MaxxVolumeSD APO.) - [676.31 Ko] - (3.6.0.0) - C:\WINDOWS\System32\MaxxVolumeSDAPO.dll [MD5.B209D959831AEF092817ECF8756F71B3] - |A| - [29/09/2017 15:41:58] - (.-.) - [776 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MBR2GPT.EXE [MD5.69D04DE701CF1E8CE69C65D1671D2B3F] - |A| - [29/09/2017 15:41:25] - (.-.) - [107.46 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediumRoom.bin [MD5.DD96B3E8ECCC48FA528898F5853B1885] - |A| - [10/11/2015 07:29:04] - (.Copyright © 2013 Nahimic Inc. All rights reserved - Nahimic APO lfx dll.) - [5219.65 Ko] - (6.3.9600.17231) - C:\WINDOWS\System32\NAHIMICAPOlfx.dll [MD5.794099AF3559E4DC924616EBB4BF928C] - |A| - [10/11/2015 07:19:12] - (.Copyright © 2013 Nahimic Inc. All rights reserved - Nahimic APO Settings Communication Dll.) - [988.85 Ko] - (1.0.0.14866) - C:\WINDOWS\System32\NahimicAPONSControl.dll [MD5.3DEC3AEDE02D4CA0E8263EC8382CACA2] - |A| - [10/11/2015 07:29:10] - (.Copyright © 2013 Nahimic Inc. All rights reserved - Nahimic APO lfx dll.) - [5699.63 Ko] - (6.3.9600.16384) - C:\WINDOWS\System32\NAHIMICV2apo.dll [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [334 Ko] - C:\WINDOWS\System32\nb-NO [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [1600 Ko] - C:\WINDOWS\System32\NDF [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [31.5 Ko] - C:\WINDOWS\System32\ne-NP [MD5.0D9698A36331F5945C56EC901C9D8EC7] - |A| - [04/08/2016 23:23:45] - (.-.) - [142.82 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NetSetupMig.log [MD5.C146E873B22C3B300B21A859FE66C27A] - |A| - [29/09/2017 15:42:03] - (.-.) - [21.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NetTrace.PLA.Diagnostics.xml [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [51 Ko] - C:\WINDOWS\System32\networklist [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [359.5 Ko] - C:\WINDOWS\System32\nl-NL [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [28.5 Ko] - C:\WINDOWS\System32\nn-NO [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [30.5 Ko] - C:\WINDOWS\System32\nso-ZA [MD5.00000000000000000000000000000000] - |SD| - [29/09/2017 15:46:34] - [3781.5 Ko] - C:\WINDOWS\System32\Nui [MD5.E88A59F0DF485CF5EBAC22802CB9607F] - |A| - [11/07/2017 16:42:57] - (.-.) - [7994.24 Ko] - (0.0.0.0) - C:\WINDOWS\System32\nvcoproc.bin [MD5.E87AB1E25C65E242592B7E50ED0DC5B3] - |A| - [29/01/2018 20:25:21] - (.-.) - [43.24 Ko] - (0.0.0.0) - C:\WINDOWS\System32\nvinfo.pb [MD5.5D4A5E27D573738E0C8C8FF4C0715DAF] - |A| - [29/09/2017 15:46:43] - (.-.) - [17.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OEMDefaultAssociations.xml [MD5.F3DC097E834C1A11F2BEDFD429C644A9] - |A| - [29/09/2017 15:41:12] - (.-.) - [0.41 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.contrast-black.png [MD5.BFE1CCA08FEFC8A3422F7DA615567D75] - |A| - [29/09/2017 15:41:12] - (.-.) - [0.43 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.contrast-white.png [MD5.F3DC097E834C1A11F2BEDFD429C644A9] - |A| - [29/09/2017 15:41:12] - (.-.) - [0.41 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.png [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [26780.08 Ko] - C:\WINDOWS\System32\oobe [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [32.5 Ko] - C:\WINDOWS\System32\or-IN [MD5.459FB33AA2114A28C5932FEAA115B072] - |A| - [29/09/2017 15:41:25] - (.-.) - [45.82 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OutdoorAudioEnvironment.bin [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [28.5 Ko] - C:\WINDOWS\System32\pa-Arab-PK [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [30 Ko] - C:\WINDOWS\System32\pa-IN [MD5.6C27EA7AF9C0CA9C0C4AA2A2F6578FB7] - |A| - [29/09/2017 15:48:30] - (.-.) - [331.32 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc009.dat [MD5.94502932CD15D1E5B9AC5B0647F3EFBE] - |A| - [30/09/2017 16:40:07] - (.-.) - [371.06 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc00C.dat [MD5.1E60BC5E525063B96078DF17FBD3C4E1] - |A| - [29/09/2017 15:48:30] - (.-.) - [32.64 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd009.dat [MD5.9F9AF8517189B0D61B2615007E071084] - |A| - [30/09/2017 16:40:07] - (.-.) - [39.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd00C.dat [MD5.2DDF188838BCE63DD444E2FD072597B6] - |A| - [29/09/2017 15:48:30] - (.-.) - [968.84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh009.dat [MD5.1C7C4DE1F3F27B7E0A508703DA618CDC] - |A| - [30/09/2017 16:40:07] - (.-.) - [1554.32 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh00C.dat [MD5.2B372103B08CA14A4FD0A075886C6C7C] - |A| - [02/02/2018 17:17:03] - (.-.) - [3250.96 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PerfStringBackup.INI [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [358.5 Ko] - C:\WINDOWS\System32\pl-PL [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [673 Ko] - C:\WINDOWS\System32\PointOfService [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:40:05] - [420.42 Ko] - C:\WINDOWS\System32\Printing_Admin_Scripts [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [0 Ko] - C:\WINDOWS\System32\ProximityToast [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [30.5 Ko] - C:\WINDOWS\System32\prs-AF [MD5.007893E8374C766471239EB291BA8C17] - |A| - [29/09/2017 15:42:04] - (.-.) - [4.05 Ko] - (0.0.0.0) - C:\WINDOWS\System32\psmodulediscoveryprovider.mof [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [359.5 Ko] - C:\WINDOWS\System32\pt-BR [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [355 Ko] - C:\WINDOWS\System32\pt-PT [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [32.5 Ko] - C:\WINDOWS\System32\quc-Latn-GT [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [30.5 Ko] - C:\WINDOWS\System32\quz-PE [MD5.281A93DCFD5C6BACDB2379B58A45F7F7] - |A| - [10/11/2015 07:29:14] - (.©2012 Dolby Laboratories. - Dolby PCEE4 ASL Analog x64.) - [140.83 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EEA64A.dll [MD5.C1E8ED9C700AE5B263C0C7E8C0C9992D] - |A| - [10/11/2015 07:29:14] - (.©2012 Dolby Laboratories. - Dolby PCEE4 COM DLL x64.) - [449.67 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EED64A.dll [MD5.D6158C60ECE2BFDFEA3BAF88455E3048] - |A| - [10/11/2015 07:29:16] - (.©2012 Dolby Laboratories. - Dolby PCEE4 GFX APO x64.) - [91.98 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EEG64A.dll [MD5.EAB789885ACAD2AE0C95AFF87710EE28] - |A| - [10/11/2015 07:29:18] - (.©2012 Dolby Laboratories. - Dolby PCEE4 LFX APO x64.) - [158.18 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EEL64A.dll [MD5.96950DAD24C7D795C16484EE4C2E4F35] - |A| - [10/11/2015 07:19:26] - (.©2012 Dolby Laboratories. - Dolby PCEE4 Control Panel x64.) - [7013.32 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EEP64A.dll [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [23.75 Ko] - C:\WINDOWS\System32\ras [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [0 Ko] - C:\WINDOWS\System32\RasToast [MD5.692DC6EF573FFCDD9DFB55D1C783DB93] - |A| - [29/09/2017 15:41:23] - (.-.) - [0.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\removehypervisor.mof [MD5.E17EAD4E09FB96BD6DB717CB605B17F1] - |A| - [29/09/2017 15:42:06] - (.-.) - [8.86 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriHMImageList [MD5.8286304CD9A20E2A4621D931F1CEF5CB] - |A| - [29/09/2017 15:42:06] - (.-.) - [8.28 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriImageList [MD5.831C579709F4761E4AB7053FCF4176EC] - |A| - [29/09/2017 15:41:12] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.contrast-black.png [MD5.DF286186041C6BF73C5DC21CEEEFFED5] - |A| - [29/09/2017 15:41:12] - (.-.) - [0.77 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.contrast-white.png [MD5.831C579709F4761E4AB7053FCF4176EC] - |A| - [29/09/2017 15:41:12] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.png [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [0.07 Ko] - C:\WINDOWS\System32\restore [MD5.B45702E4B989B69C6AE729589C3F0324] - |A| - [13/02/2015 18:46:51] - (.-.) - [15.94 Ko] - (0.0.0.0) - C:\WINDOWS\System32\results.xml [MD5.32AE482396B4038AA3657ECFBC14B6F3] - |A| - [10/11/2015 07:29:30] - (.© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DAA Control Panel x64.) - [325.5 Ko] - (6.0.6001.18) - C:\WINDOWS\System32\RP3DAA64.dll [MD5.BD625119E1797DA6A7C2ACCF8D8B74D3] - |A| - [10/11/2015 07:29:32] - (.© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DHT Control Panel x64.) - [325.5 Ko] - (6.0.6001.18) - C:\WINDOWS\System32\RP3DHT64.dll [MD5.F65EB04D576D17BD8E86FDEA95618F69] - |A| - [16/02/2017 04:56:00] - (.Copyright (C) 2014 - RtCRX.) - [91.04 Ko] - (1.11.9600.0) - C:\WINDOWS\System32\RtCRX64.dll [MD5.11A47F6A3A2ABE79C5DC6A218685936C] - |A| - [10/11/2015 07:29:44] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 COM DLL x64.) - [220.24 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEED64A.dll [MD5.DAEF5E0675E0B4E21940C5AE7B7E1BF3] - |A| - [10/11/2015 07:29:44] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 GFX APO x64.) - [95.7 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEEG64A.dll [MD5.3657CF6BD0B571AB74333477BE63705D] - |A| - [10/11/2015 07:29:46] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 LFX APO x64.) - [117.91 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEEL64A.dll [MD5.5E566E0F23E06069132AAC97F5C3960F] - |A| - [10/11/2015 07:29:48] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 Control Panel x64.) - [390.13 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEEP64A.dll [MD5.A7DE764567C55BCC6D193270CCD1698F] - |A| - [13/06/2018 13:11:33] - (.-.) - [96 Ko] - (0.0.0.0) - C:\WINDOWS\System32\runexehelper.exe [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [29.5 Ko] - C:\WINDOWS\System32\rw-RW [MD5.5C18CD22BE4628865FCB63337A6E5EF6] - |A| - [29/09/2017 15:43:11] - (.-.) - [10.18 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScavengeSpace.xml [MD5.2F24BC74DCB28FE032C1596755385917] - |A| - [29/09/2017 15:41:12] - (.-.) - [0.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.contrast-black.png [MD5.E72B1B6800DE45AA9AE7E10F899E5999] - |A| - [29/09/2017 15:41:12] - (.-.) - [0.54 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.contrast-white.png [MD5.2F24BC74DCB28FE032C1596755385917] - |A| - [29/09/2017 15:41:12] - (.-.) - [0.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.png [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [30 Ko] - C:\WINDOWS\System32\sd-Arab-PK [MD5.01FAF85FA825F860553A642DFBD30454] - |A| - [14/08/2015 05:42:50] - (.-.) - [405.91 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SET7FB9.tmp [MD5.A8308D2F3DDE0745E8B678BF69A2ECD0] - |A| - [29/09/2017 15:42:04] - (.-.) - [8 Ko] - (0.0.0.0) - C:\WINDOWS\System32\settings.dat [MD5.0467876F353289CD3F25FF89C9A5C97C] - |A| - [10/11/2015 07:30:12] - (.Copyright (c) 2006-2011 Synopsys, Inc. All Rights Reserved - SFAPO.DLL.) - [95.64 Ko] - (3.0.0.16) - C:\WINDOWS\System32\SFAPO64.dll [MD5.7E8172B09A81E7E53F0E06F1AF19F330] - |A| - [10/11/2015 07:30:14] - (.Copyright (c) 2006-2011 Synopsys, Inc. All Rights Reserved - SFCOM.DLL.) - [98.21 Ko] - (3.0.0.16) - C:\WINDOWS\System32\SFCOM64.dll [MD5.7EA5D3C0AD7BCF645388F5F53D0525CF] - |A| - [10/11/2015 07:30:18] - (.Copyright (c) 2006-2011 Synopsys, Inc. All Rights Reserved - SFNHK.DLL.) - [237.1 Ko] - (3.0.0.16) - C:\WINDOWS\System32\SFNHK64.dll [MD5.5E203CA53CC22D28803656D1B4E22B3C] - |A| - [10/11/2015 07:30:26] - (.Copyright (C) 2013 DTS, Inc. - DTS Studio Sound.) - [955.3 Ko] - (3.1.38.0) - C:\WINDOWS\System32\sl3apo64.dll [MD5.BE5E487BA4F38C42069C8BBE2E7913F8] - |A| - [10/11/2015 07:30:30] - (.Copyright (C) 2011 SRS Labs, Inc. - SRS Labs.) - [1114.47 Ko] - (3.1.38.0) - C:\WINDOWS\System32\slcnt64.dll [MD5.00000000000000000000000000000000] - |D| - [02/02/2018 16:54:38] - [25226.48 Ko] - C:\WINDOWS\System32\SleepStudy [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:40:05] - [52.14 Ko] - C:\WINDOWS\System32\slmgr [MD5.3616A0B62E4993056F9D08C9BFB5AFE0] - |A| - [10/11/2015 07:21:24] - (.TODO: (c) . - TODO: .) - [261.73 Ko] - (1.0.0.1) - C:\WINDOWS\System32\slprp64.dll [MD5.C4B43F92E1C35145FDDBC38260661EB2] - |A| - [10/11/2015 07:30:40] - (.Copyright (C) 2013 DTS, Inc. - DTS Studio Sound.) - [747.21 Ko] - (3.1.38.0) - C:\WINDOWS\System32\sltech64.dll [MD5.DAC275ABAAD2B689D7BB3685E4032072] - |A| - [29/09/2017 15:41:25] - (.-.) - [68.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SmallRoom.bin [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 10:45:11] - [13377.02 Ko] - C:\WINDOWS\System32\SMI [MD5.55121989BE7B289813D419BA0FDEE8B7] - |A| - [29/09/2017 15:41:12] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.contrast-black.png [MD5.E30B7D226E7B5B0EC2B9FC2316694ECC] - |A| - [29/09/2017 15:41:12] - (.-.) - [0.88 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.contrast-white.png [MD5.55121989BE7B289813D419BA0FDEE8B7] - |A| - [29/09/2017 15:41:12] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.png [MD5.8D30AAF519A40D69F6BABFFD60C75E56] - |A| - [14/03/2018 21:55:02] - (.-.) - [37 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SpectrumSyncClient.dll [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [7488.9 Ko] - C:\WINDOWS\System32\Speech [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [12686.58 Ko] - C:\WINDOWS\System32\Speech_OneCore [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [129483.19 Ko] - C:\WINDOWS\System32\spool [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [8016.97 Ko] - C:\WINDOWS\System32\spp [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [23.61 Ko] - C:\WINDOWS\System32\sppui [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [30.5 Ko] - C:\WINDOWS\System32\sq-AL [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [29.5 Ko] - C:\WINDOWS\System32\sr-Cyrl-BA [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [29.5 Ko] - C:\WINDOWS\System32\sr-Cyrl-RS [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [0 Ko] - C:\WINDOWS\System32\sr-Latn-CS [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [397.73 Ko] - C:\WINDOWS\System32\sr-Latn-RS [MD5.DF04EA84D105EC10022F0D1F9486E87D] - |A| - [10/11/2015 07:30:48] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRAPO.DLL.) - [468.77 Ko] - (4.0.0.59) - C:\WINDOWS\System32\SRAPO64.dll [MD5.C32BD848B9C1B530CDE99EBCE4AA744C] - |A| - [10/11/2015 07:30:50] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRCOM.DLL.) - [344.66 Ko] - (4.0.0.59) - C:\WINDOWS\System32\SRCOM.dll [MD5.9F54C737976341BFE098BED79C8F203D] - |A| - [10/11/2015 07:30:50] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRCOM.DLL.) - [384.29 Ko] - (4.0.0.59) - C:\WINDOWS\System32\SRCOM64.dll [MD5.B461D2CE1D93ADAB10E0E5495A06E403] - |A| - [29/09/2017 15:42:07] - (.-.) - [16.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\srms-apr.dat [MD5.047BCF71FB0E5EC754437879E8DAA7F6] - |A| - [29/09/2017 15:42:00] - (.-.) - [56.38 Ko] - (0.0.0.0) - C:\WINDOWS\System32\srms.dat [MD5.D3362B83791CD2FA1FFFF0E0455D1C78] - |A| - [10/11/2015 07:30:56] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRRPTR.DLL.) - [1422.36 Ko] - (4.0.0.59) - C:\WINDOWS\System32\SRRPTR64.dll [MD5.2A3ED5DBB4458BC78D89E35BE4D1C02E] - |A| - [10/11/2015 07:30:56] - (.(c) 2007 SRS Labs, Inc. - COM object implementing SRS Headphone 360.) - [215 Ko] - (1.1.0.0) - C:\WINDOWS\System32\SRSHP64.dll [MD5.4B5A021912EC65511AA65A20AC63B10F] - |A| - [10/11/2015 07:30:58] - (.Copyright (c) 2006 SRS Labs, Inc.. - TruSurround HD and HD4 COM object for Windows.) - [227.28 Ko] - (1.1.4.0) - C:\WINDOWS\System32\SRSTSH64.dll [MD5.A1AC8EEA25B3817C185C5F378CEECEC2] - |A| - [10/11/2015 07:31:00] - (.Copyright 2002 SRS Labs, Inc. - TruSurroundXT Module.) - [533.05 Ko] - (3.2.0.0) - C:\WINDOWS\System32\SRSTSX64.dll [MD5.E37A864F4FE4273A23B59C100AE88E2C] - |A| - [10/11/2015 07:31:02] - (.(c) 2006 SRS Labs, Inc. - WOW HD COM object for Windows.) - [172.37 Ko] - (1.1.3.0) - C:\WINDOWS\System32\SRSWOW64.dll [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [24600 Ko] - C:\WINDOWS\System32\sru [MD5.1BA92CDCF58B0D7D298CC09799B4D431] - |A| - [29/09/2017 15:41:25] - (.-.) - [410 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ssdm.dll [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [341 Ko] - C:\WINDOWS\System32\sv-SE [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [29 Ko] - C:\WINDOWS\System32\sw-KE [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 10:45:13] - [1266.44 Ko] - C:\WINDOWS\System32\Sysprep [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [907.28 Ko] - C:\WINDOWS\System32\SystemResetPlatform [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [34 Ko] - C:\WINDOWS\System32\ta-IN [MD5.D602CA245CC6774A0981B607F0675609] - |A| - [29/09/2017 15:41:57] - (.-.) - [58.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\tcpmon.ini [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [30 Ko] - C:\WINDOWS\System32\te-IN [MD5.B88B8D017386A00D7724519F475317A0] - |A| - [29/09/2017 15:42:07] - (.-.) - [10.33 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlan.xslt [MD5.2F05390B798363D51EBE65D6320CD45E] - |A| - [29/09/2017 15:42:07] - (.-.) - [1.65 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlanCredentials.xslt [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [28.5 Ko] - C:\WINDOWS\System32\tt-RU [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [28 Ko] - C:\WINDOWS\System32\ug-CN [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [277.5 Ko] - C:\WINDOWS\System32\uk-UA [MD5.00000000000000000000000000000000] - |SD| - [29/09/2017 15:46:34] - [2739.52 Ko] - C:\WINDOWS\System32\UNP [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [29.5 Ko] - C:\WINDOWS\System32\ur-PK [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [32 Ko] - C:\WINDOWS\System32\uz-Latn-UZ [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [31.5 Ko] - C:\WINDOWS\System32\vi-VN [MD5.79C3017E4269435193E078B61EDD5DE1] - |A| - [20/04/2018 17:30:06] - (.Copyright (C) 2015-2018 - Vulkan Loader.) - [938.8 Ko] - (1.1.73.0) - C:\WINDOWS\System32\vulkan-1-999-0-0-0.dll [MD5.79C3017E4269435193E078B61EDD5DE1] - |A| - [20/04/2018 17:30:06] - (.Copyright (C) 2015-2018 - Vulkan Loader.) - [938.8 Ko] - (1.1.73.0) - C:\WINDOWS\System32\vulkan-1.dll [MD5.041E19EC4A66F32383651A7C12070398] - |A| - [20/04/2018 17:29:52] - (.Copyright (C) 2015-2018 - Vulkan Info.) - [684.3 Ko] - (1.1.73.0) - C:\WINDOWS\System32\vulkaninfo-1-999-0-0-0.exe [MD5.041E19EC4A66F32383651A7C12070398] - |A| - [20/04/2018 17:29:52] - (.Copyright (C) 2015-2018 - Vulkan Info.) - [684.3 Ko] - (1.1.73.0) - C:\WINDOWS\System32\vulkaninfo.exe [MD5.69B621631E9A3161CC5C6AF8DF0BB500] - |A| - [10/11/2015 07:21:32] - (.Copyright © 1996-2012 - General Library for Plug-Ins.) - [2069.65 Ko] - (4.4.5.0) - C:\WINDOWS\System32\WavesGUILib64.dll [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [94051.03 Ko] - C:\WINDOWS\System32\wbem [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:40:05] - [0 Ko] - C:\WINDOWS\System32\WCN [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [106604.05 Ko] - C:\WINDOWS\System32\WDI [MD5.6EDD021A8B6457DDE09DE7B7FA4E8C8B] - |A| - [29/09/2017 15:41:40] - (.-.) - [0.6 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WdsUnattendTemplate.xml [MD5.00000000000000000000000000000000] - |D| - [31/07/2015 00:42:06] - [0 Ko] - C:\WINDOWS\System32\wfp [MD5.39B36FC36B577FDD2CDCDDD1C6D1D422] - |A| - [10/09/2015 07:57:04] - (.-.) - [15.77 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WIN-TVAQ5U78ATO_Administrator_HistoryPrediction.bin [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [1.12 Ko] - C:\WINDOWS\System32\WinBioDatabase [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [80360.42 Ko] - C:\WINDOWS\System32\WinBioPlugIns [MD5.1E38A547C9380DAB0F0692E1EE9CC5B3] - |A| - [29/09/2017 15:41:27] - (.-.) - [102.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WindowsDefaultHeatProcessor.dll [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [14.53 Ko] - C:\WINDOWS\System32\WindowsInternal.Inbox.Media.Shared [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [27.59 Ko] - C:\WINDOWS\System32\WindowsInternal.Inbox.Shared [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [9437.01 Ko] - C:\WINDOWS\System32\WindowsPowerShell [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [158556 Ko] - C:\WINDOWS\System32\winevt [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [5286.48 Ko] - C:\WINDOWS\System32\WinMetadata [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:40:05] - [107.53 Ko] - C:\WINDOWS\System32\winrm [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [27.5 Ko] - C:\WINDOWS\System32\wo-SN [MD5.C30C621748C66CE751B19B2788559A3E] - |A| - [29/09/2017 15:42:07] - (.-.) - [4.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpcmon.png [MD5.D224E07A6F89FD14C3FD8A83127811CC] - |A| - [29/09/2017 15:41:43] - (.-.) - [0.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpr.config.xml [MD5.200BCDE9B44C32B1633B68A9AADA8AAA] - |A| - [29/09/2017 15:41:25] - (.-.) - [78 Ko] - (0.0.0.0) - C:\WINDOWS\System32\xboxgipsynthetic.dll [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [30 Ko] - C:\WINDOWS\System32\xh-ZA [MD5.1373F6562D5E4C715D5D3583E350093E] - |A| - [04/08/2016 23:27:29] - (.-.) - [0.2 Ko] - (0.0.0.0) - C:\WINDOWS\System32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:40:05] - [0 Ko] - C:\WINDOWS\SysWOW64\0409 [MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [29/09/2017 15:42:13] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@AudioToastIcon.png [MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [29/09/2017 15:42:11] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@EnrollmentToastIcon.png [MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [29/09/2017 15:42:24] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@VpnToastIcon.png [MD5.DB71001FC261F6685BE410527DAE3942] - |A| - [29/09/2017 15:42:13] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@WirelessDisplayToast.png [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 10:45:15] - [2001.4 Ko] - C:\WINDOWS\SysWOW64\AdvancedInstallers [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [29.5 Ko] - C:\WINDOWS\SysWOW64\af-ZA [MD5.00000000000000000000000000000000] - |SHD| - [05/11/2015 20:23:38] - [0 Ko] - C:\WINDOWS\SysWOW64\AI_RecycleBin [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [22 Ko] - C:\WINDOWS\SysWOW64\am-ET [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [0 Ko] - C:\WINDOWS\SysWOW64\AppLocker [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [280.5 Ko] - C:\WINDOWS\SysWOW64\ar-SA [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [30.5 Ko] - C:\WINDOWS\SysWOW64\as-IN [MD5.D37E6FB07F305019A25AEFDA2A0C3363] - |A| - [13/02/2015 19:13:02] - (.Copyright © 2013-2014 - WaveSim.) - [127.5 Ko] - (1.0.0.9032) - C:\WINDOWS\SysWOW64\ASUS.scr [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [30 Ko] - C:\WINDOWS\SysWOW64\az-Latn-AZ [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [29.5 Ko] - C:\WINDOWS\SysWOW64\be-BY [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [265.5 Ko] - C:\WINDOWS\SysWOW64\bg-BG [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [28.5 Ko] - C:\WINDOWS\SysWOW64\bn-BD [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [29.5 Ko] - C:\WINDOWS\SysWOW64\bn-IN [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [28.5 Ko] - C:\WINDOWS\SysWOW64\bs-Latn-BA [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [0.1 Ko] - C:\WINDOWS\SysWOW64\Bthprops [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [30.5 Ko] - C:\WINDOWS\SysWOW64\ca-ES [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [31 Ko] - C:\WINDOWS\SysWOW64\ca-ES-valencia [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [0 Ko] - C:\WINDOWS\SysWOW64\catroot [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [23 Ko] - C:\WINDOWS\SysWOW64\chr-CHER-US [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [315 Ko] - C:\WINDOWS\SysWOW64\com [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [08/02/2018 16:09:08] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\debug.log [MD5.C04ED7B2794D40E8E777FD44ED44FC50] - |A| - [29/09/2017 15:42:09] - (.-.) - [0.36 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\DefaultAccountTile.png [MD5.00000000000000000000000000000000] - |SD| - [29/09/2017 15:46:34] - [200.5 Ko] - C:\WINDOWS\SysWOW64\DiagSvcs [MD5.00000000000000000000000000000000] - |D| - [02/02/2018 21:28:56] - [0 Ko] - C:\WINDOWS\SysWOW64\directx [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [6896.81 Ko] - C:\WINDOWS\SysWOW64\Dism [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [1079.58 Ko] - C:\WINDOWS\SysWOW64\downlevel [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [3405.93 Ko] - C:\WINDOWS\SysWOW64\drivers [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [0.32 Ko] - C:\WINDOWS\SysWOW64\DriverStore [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [358.5 Ko] - C:\WINDOWS\SysWOW64\el-GR [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:40:05] - [0 Ko] - C:\WINDOWS\SysWOW64\en [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [251.5 Ko] - C:\WINDOWS\SysWOW64\en-GB [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [1533.03 Ko] - C:\WINDOWS\SysWOW64\en-US [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [349.5 Ko] - C:\WINDOWS\SysWOW64\es-ES [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [277 Ko] - C:\WINDOWS\SysWOW64\es-MX [MD5.BE7861E78B191952E4A7B42D841A09F5] - |A| - [31/07/2015 09:56:38] - (.- Microsoft® Forms DLL.) - [1251.16 Ko] - (16.0.4266.1001) - C:\WINDOWS\SysWOW64\FM20.DLL [MD5.21741C8E10CC665858F5DB5D67E09593] - |A| - [31/07/2015 10:00:32] - (.- Microsoft® Forms International DLL.) - [31.2 Ko] - (16.0.4266.1001) - C:\WINDOWS\SysWOW64\FM20ENU.DLL [MD5.42920D57AEE347A3A30EF697EB3B39AD] - |A| - [31/07/2015 10:15:14] - (.- Microsoft® Forms International DLL.) - [35.7 Ko] - (16.0.4266.1001) - C:\WINDOWS\SysWOW64\FM20FRA.DLL [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:40:05] - [3149.5 Ko] - C:\WINDOWS\SysWOW64\fr [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [284 Ko] - C:\WINDOWS\SysWOW64\fr-CA [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [37553.65 Ko] - C:\WINDOWS\SysWOW64\fr-FR [MD5.2D7855374D6381EC94597F38F51EE4D9] - |A| - [22/12/2017 01:59:00] - (.Copyright © Beepa P/L 2013 - Fraps.) - [92 Ko] - (3.5.99.15625) - C:\WINDOWS\SysWOW64\frapsvid.dll [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [0 Ko] - C:\WINDOWS\SysWOW64\FxsTmp [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [32.5 Ko] - C:\WINDOWS\SysWOW64\ga-IE [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [34 Ko] - C:\WINDOWS\SysWOW64\gd-GB [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [31 Ko] - C:\WINDOWS\SysWOW64\gl-ES [MD5.36082C855F3A0119951223A5C3028FA5] - |A| - [13/02/2015 18:48:39] - (.-.) - [6.32 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\Gms.log [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [0.01 Ko] - C:\WINDOWS\SysWOW64\GroupPolicy [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [0 Ko] - C:\WINDOWS\SysWOW64\GroupPolicyUsers [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [29 Ko] - C:\WINDOWS\SysWOW64\gu-IN [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [29 Ko] - C:\WINDOWS\SysWOW64\ha-Latn-NG [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [266.5 Ko] - C:\WINDOWS\SysWOW64\he-IL [MD5.3A7F920893FD6F49BC4CC07B72914013] - |A| - [29/09/2017 15:42:09] - (.-.) - [188.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\HeatCore.dll [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [29 Ko] - C:\WINDOWS\SysWOW64\hi-IN [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [258 Ko] - C:\WINDOWS\SysWOW64\hr-HR [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [331 Ko] - C:\WINDOWS\SysWOW64\hu-HU [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [27.5 Ko] - C:\WINDOWS\SysWOW64\hy-AM [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [36.27 Ko] - C:\WINDOWS\SysWOW64\icsxml [MD5.F0851D76262FF35F76156F628A04099B] - |RA| - [29/09/2017 15:42:11] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU I18N DLL.) - [1602.5 Ko] - (59.1.0.0) - C:\WINDOWS\SysWOW64\icuin.dll [MD5.40E2D734687DAF397D472B70FC305781] - |RA| - [29/09/2017 15:42:11] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Common DLL.) - [1131.5 Ko] - (59.1.0.0) - C:\WINDOWS\SysWOW64\icuuc.dll [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [28.5 Ko] - C:\WINDOWS\SysWOW64\id-ID [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [27 Ko] - C:\WINDOWS\SysWOW64\ig-NG [MD5.4F6BFC6464D620149C2BB60243C6A3B8] - |A| - [29/09/2017 15:42:11] - (.-.) - [146.33 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\InputHost.dll [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [218.5 Ko] - C:\WINDOWS\SysWOW64\InputMethod [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [1160 Ko] - C:\WINDOWS\SysWOW64\InstallShield [MD5.C2558938D3DFB45D63BB3FCEEC0AD7DA] - |A| - [30/11/2016 22:58:54] - (.Copyright © The Khronos Group Inc 2014 - OpenCL Client DLL.) - [101.51 Ko] - (2.0.2.0) - C:\WINDOWS\SysWOW64\Intel_OpenCL_ICD32.dll [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [0 Ko] - C:\WINDOWS\SysWOW64\Ipmi [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [29 Ko] - C:\WINDOWS\SysWOW64\is-IS [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [350 Ko] - C:\WINDOWS\SysWOW64\it-IT [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [24/03/2018 21:50:28] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\last.dump [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [33 Ko] - C:\WINDOWS\SysWOW64\lb-LU [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [212.14 Ko] - C:\WINDOWS\SysWOW64\Licenses [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [27 Ko] - C:\WINDOWS\SysWOW64\lo-LA [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [0 Ko] - C:\WINDOWS\SysWOW64\LogFiles [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [254.5 Ko] - C:\WINDOWS\SysWOW64\lt-LT [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [256 Ko] - C:\WINDOWS\SysWOW64\lv-LV [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [50465.75 Ko] - C:\WINDOWS\SysWOW64\Macromed [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [32.68 Ko] - C:\WINDOWS\SysWOW64\MailContactsCalendarSync [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [29 Ko] - C:\WINDOWS\SysWOW64\mi-NZ [MD5.00000000000000000000000000000000] - |SD| - [03/02/2018 21:30:49] - [0 Ko] - C:\WINDOWS\SysWOW64\Microsoft [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [3067.94 Ko] - C:\WINDOWS\SysWOW64\migration [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [815.4 Ko] - C:\WINDOWS\SysWOW64\migwiz [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [30 Ko] - C:\WINDOWS\SysWOW64\mk-MK [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [32.5 Ko] - C:\WINDOWS\SysWOW64\ml-IN [MD5.1E57EDCF4FD3F713CA5CB04AE7819D60] - |AH| - [25/05/2018 19:55:58] - (.-.) - [152.78 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\mlfcache.dat [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [30.5 Ko] - C:\WINDOWS\SysWOW64\mn-MN [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [29.5 Ko] - C:\WINDOWS\SysWOW64\mr-IN [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [30 Ko] - C:\WINDOWS\SysWOW64\ms-MY [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [45.5 Ko] - C:\WINDOWS\SysWOW64\MSDRM [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [52.28 Ko] - C:\WINDOWS\SysWOW64\Msdtc [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [31 Ko] - C:\WINDOWS\SysWOW64\mt-MT [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [19.15 Ko] - C:\WINDOWS\SysWOW64\MUI [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [315 Ko] - C:\WINDOWS\SysWOW64\nb-NO [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [0 Ko] - C:\WINDOWS\SysWOW64\NDF [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [31.5 Ko] - C:\WINDOWS\SysWOW64\ne-NP [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [51 Ko] - C:\WINDOWS\SysWOW64\networklist [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [338 Ko] - C:\WINDOWS\SysWOW64\nl-NL [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [28.5 Ko] - C:\WINDOWS\SysWOW64\nn-NO [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [30.5 Ko] - C:\WINDOWS\SysWOW64\nso-ZA [MD5.00000000000000000000000000000000] - |SD| - [29/09/2017 15:46:34] - [3781.5 Ko] - C:\WINDOWS\SysWOW64\Nui [MD5.F7F3E85925B33B1FCBB28799625024CF] - |A| - [10/02/2016 20:57:28] - (.-.) - [2596.63 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\PerfStringBackup.INI [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [336.5 Ko] - C:\WINDOWS\SysWOW64\pl-PL [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:40:06] - [420.42 Ko] - C:\WINDOWS\SysWOW64\Printing_Admin_Scripts [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [30.5 Ko] - C:\WINDOWS\SysWOW64\prs-AF [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [338.5 Ko] - C:\WINDOWS\SysWOW64\pt-BR [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [333.5 Ko] - C:\WINDOWS\SysWOW64\pt-PT [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [32.5 Ko] - C:\WINDOWS\SysWOW64\quc-Latn-GT [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [30.5 Ko] - C:\WINDOWS\SysWOW64\quz-PE [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [23.75 Ko] - C:\WINDOWS\SysWOW64\ras [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [0 Ko] - C:\WINDOWS\SysWOW64\RasToast [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [0.82 Ko] - C:\WINDOWS\SysWOW64\Recovery [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [0 Ko] - C:\WINDOWS\SysWOW64\restore [MD5.C32BD848B9C1B530CDE99EBCE4AA744C] - |A| - [10/11/2015 07:30:50] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRCOM.DLL.) - [344.66 Ko] - (4.0.0.59) - C:\WINDOWS\SysWOW64\SRCOM.dll [MD5.B461D2CE1D93ADAB10E0E5495A06E403] - |A| - [29/09/2017 15:42:27] - (.-.) - [16.74 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\srms-apr.dat [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [0 Ko] - C:\WINDOWS\SysWOW64\sru [MD5.30FE146E2F0712AFEEA1ECF3E0EA270C] - |A| - [29/09/2017 15:42:09] - (.-.) - [302 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\ssdm.dll [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [321.5 Ko] - C:\WINDOWS\SysWOW64\sv-SE [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [29 Ko] - C:\WINDOWS\SysWOW64\sw-KE [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:40:06] - [0 Ko] - C:\WINDOWS\SysWOW64\sysprep [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [34 Ko] - C:\WINDOWS\SysWOW64\ta-IN [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [0 Ko] - C:\WINDOWS\SysWOW64\Tasks [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [30 Ko] - C:\WINDOWS\SysWOW64\te-IN [MD5.EF134EF5FC02326FC7ED8660FEB2869B] - |A| - [27/05/2018 15:11:35] - (.-.) - [0.03 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\TestPSEvents_OK.log [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [32 Ko] - C:\WINDOWS\SysWOW64\tg-Cyrl-TJ [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [241 Ko] - C:\WINDOWS\SysWOW64\th-TH [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [22.5 Ko] - C:\WINDOWS\SysWOW64\ti-ET [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [27.5 Ko] - C:\WINDOWS\SysWOW64\tk-TM [MD5.4B0C0A8C960AF22761FB6A25D8A50DF2] - |A| - [23/01/2016 11:41:34] - (.Copyright © 2000-3 ON2 Technologies - VP6 VIDEO FOR WINDOWS CODEC.) - [437.26 Ko] - (6.0.6.4) - C:\WINDOWS\SysWOW64\vp6vfw.dll [MD5.047160E9A985AE80F988902BB7B94D8C] - |A| - [20/04/2018 17:30:40] - (.Copyright (C) 2015-2018 - Vulkan Loader.) - [809.3 Ko] - (1.1.73.0) - C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll [MD5.047160E9A985AE80F988902BB7B94D8C] - |A| - [20/04/2018 17:30:40] - (.Copyright (C) 2015-2018 - Vulkan Loader.) - [809.3 Ko] - (1.1.73.0) - C:\WINDOWS\SysWOW64\vulkan-1.dll [MD5.3F4C946E1B5BA748BDFE02C004A8A2BA] - |A| - [20/04/2018 17:30:24] - (.Copyright (C) 2015-2018 - Vulkan Info.) - [577.3 Ko] - (1.1.73.0) - C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe [MD5.3F4C946E1B5BA748BDFE02C004A8A2BA] - |A| - [20/04/2018 17:30:24] - (.Copyright (C) 2015-2018 - Vulkan Info.) - [577.3 Ko] - (1.1.73.0) - C:\WINDOWS\SysWOW64\vulkaninfo.exe [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [15650.22 Ko] - C:\WINDOWS\SysWOW64\wbem [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:40:06] - [0 Ko] - C:\WINDOWS\SysWOW64\WCN [MD5.ACC1181C0AA4D01B537F53A1CC33E766] - |A| - [29/09/2017 15:42:09] - (.-.) - [90 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\WindowsDefaultHeatProcessor.dll [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [8672.02 Ko] - C:\WINDOWS\SysWOW64\WindowsPowerShell [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [5286.49 Ko] - C:\WINDOWS\SysWOW64\WinMetadata [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:40:06] - [107.53 Ko] - C:\WINDOWS\SysWOW64\winrm [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [27.5 Ko] - C:\WINDOWS\SysWOW64\wo-SN [MD5.12D91C9A9837995A137ACE4B2E674918] - |A| - [29/09/2017 15:42:09] - (.-.) - [54.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\xboxgipsynthetic.dll [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [30 Ko] - C:\WINDOWS\SysWOW64\xh-ZA [MD5.00000000000000000000000000000000] - |D| - [02/02/2018 16:41:03] - [10.16 Ko] - C:\WINDOWS\SysWOW64\XPSViewer [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [29 Ko] - C:\WINDOWS\SysWOW64\yo-NG [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [220.5 Ko] - C:\WINDOWS\SysWOW64\zh-CN [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\zh-HK [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [214.5 Ko] - C:\WINDOWS\SysWOW64\zh-TW [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [30 Ko] - C:\WINDOWS\SysWOW64\zu-ZA ---------- | Shell Folders [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] "!Do not use this registry key"=Use the SHGetFolderPath or SHGetKnownFolderPath function instead "AppData"=C:\Users\jeremy\AppData\Roaming [02/02/2018 17:00:50] "Local AppData"=C:\Users\jeremy\AppData\Local [02/02/2018 17:00:50] "CD Burning"=C:\Users\jeremy\AppData\Local\Microsoft\Windows\Burn\Burn [02/02/2018 20:13:05] "{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"=C:\Users\jeremy\AppData\Roaming\Microsoft\Windows\Libraries [30/10/2015 17:42:40] "My Video"=C:\Users\jeremy\Videos [30/10/2015 17:37:40] "My Pictures"=C:\Users\jeremy\Pictures [30/10/2015 17:37:40] "Desktop"=C:\Users\jeremy\Desktop [30/10/2015 17:37:40] "History"=C:\Users\jeremy\AppData\Local\Microsoft\Windows\History [30/10/2015 17:37:40] "NetHood"=C:\Users\jeremy\AppData\Roaming\Microsoft\Windows\Network Shortcuts [02/02/2018 17:00:50] "{56784854-C6CB-462B-8169-88E350ACB882}"=C:\Users\jeremy\Contacts [30/10/2015 17:42:40] "{00BCFC5A-ED94-4E48-96A1-3F6217F21990}"=C:\Users\jeremy\AppData\Local\Microsoft\Windows\RoamingTiles [15/03/2018 21:18:41] "Cookies"=C:\Users\jeremy\AppData\Local\Microsoft\Windows\INetCookies [30/10/2015 17:37:40] "Favorites"=C:\Users\jeremy\Favorites [30/10/2015 17:37:40] "SendTo"=C:\Users\jeremy\AppData\Roaming\Microsoft\Windows\SendTo [04/08/2016 23:32:16] "Start Menu"=C:\Users\jeremy\AppData\Roaming\Microsoft\Windows\Start Menu [04/08/2016 23:32:16] "My Music"=C:\Users\jeremy\Music [30/10/2015 17:37:40] "Programs"=C:\Users\jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [07/02/2018 15:59:21] "Recent"=C:\Users\jeremy\AppData\Roaming\Microsoft\Windows\Recent [30/10/2015 17:37:40] "PrintHood"=C:\Users\jeremy\AppData\Roaming\Microsoft\Windows\Printer Shortcuts [02/02/2018 17:00:50] "{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}"=C:\Users\jeremy\Searches [30/10/2015 17:42:40] "{374DE290-123F-4565-9164-39C4925E467B}"=C:\Users\jeremy\Downloads [30/10/2015 17:37:40] "{A520A1A4-1780-4FF6-BD18-167343C5AF16}"=C:\Users\jeremy\AppData\LocalLow [30/10/2015 17:37:41] "Startup"=C:\Users\jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [06/03/2018 00:09:33] "Administrative Tools"=C:\Users\jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [06/03/2018 00:09:33] "Personal"=C:\Users\jeremy\Documents [30/10/2015 17:37:40] "{BFB9D5E0-C6A9-404C-B2B2-AE6DB6AF4968}"=C:\Users\jeremy\Links [30/10/2015 17:37:40] "Cache"=C:\Users\jeremy\AppData\Local\Microsoft\Windows\INetCache [02/02/2018 17:00:50] "Templates"=C:\Users\jeremy\AppData\Roaming\Microsoft\Windows\Templates [02/02/2018 17:00:50] "{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}"=C:\Users\jeremy\Saved Games [30/10/2015 17:37:40] "Fonts"=C:\WINDOWS\Fonts [29/09/2017 15:46:33] [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders] "AppData"=%USERPROFILE%\AppData\Roaming "Cache"=%USERPROFILE%\AppData\Local\Microsoft\Windows\INetCache "Cookies"=%USERPROFILE%\AppData\Local\Microsoft\Windows\INetCookies "Desktop"=%USERPROFILE%\Desktop "Favorites"=%USERPROFILE%\Favorites "History"=%USERPROFILE%\AppData\Local\Microsoft\Windows\History "Local AppData"=%USERPROFILE%\AppData\Local "My Music"=%USERPROFILE%\Music "My Pictures"=%USERPROFILE%\Pictures "My Video"=%USERPROFILE%\Videos "NetHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Network Shortcuts "Personal"=%USERPROFILE%\Documents "PrintHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Printer Shortcuts "Programs"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs "Recent"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Recent "SendTo"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\SendTo "Start Menu"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu "Startup"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup "Templates"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Templates "{374DE290-123F-4565-9164-39C4925E467B}"=%USERPROFILE%\Downloads "{339719B5-8C47-4894-94C2-D8F77ADD44A6}"=C:\Users\jeremy\OneDrive\Images "{767E6811-49CB-4273-87C2-20F355E1085B}"=C:\Users\jeremy\OneDrive\Images\Pellicule "{3B193882-D3AD-4EAB-965A-69829D1FB59F}"=E:\image\Saved Pictures "{AB5FB87B-7CE2-4F83-915D-550846C9537B}"=E:\image\Camera Roll [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] "Common Administrative Tools"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [29/09/2017 15:46:33] "Common AppData"=C:\ProgramData [29/09/2017 15:46:33] "Common Desktop"=C:\Users\Public\Desktop [22/08/2013 17:36:30] "Common Documents"=C:\Users\Public\Documents [22/08/2013 17:36:30] "Common Programs"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs [29/09/2017 15:46:33] "Common Start Menu"=C:\ProgramData\Microsoft\Windows\Start Menu [29/09/2017 15:46:33] "Common Startup"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [29/09/2017 15:46:33] "Common Templates"=C:\ProgramData\Microsoft\Windows\Templates [22/08/2013 17:36:30] "CommonMusic"=C:\Users\Public\Music [22/08/2013 17:36:30] "CommonPictures"=C:\Users\Public\Pictures [22/08/2013 17:36:30] "CommonVideo"=C:\Users\Public\Videos [22/08/2013 17:36:30] "OEM Links"=C:\ProgramData\OEM\Links [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders] "Common AppData"=%ProgramData% "Common Desktop"=%PUBLIC%\Desktop "Common Documents"=%PUBLIC%\Documents "Common Programs"=%ProgramData%\Microsoft\Windows\Start Menu\Programs "Common Start Menu"=%ProgramData%\Microsoft\Windows\Start Menu "Common Startup"=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup "Common Templates"=%ProgramData%\Microsoft\Windows\Templates "CommonMusic"=%PUBLIC%\Music "CommonPictures"=%PUBLIC%\Pictures "CommonVideo"=%PUBLIC%\Videos "{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"=%PUBLIC%\Downloads [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] "Common Administrative Tools"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [29/09/2017 15:46:33] "Common AppData"=C:\ProgramData [29/09/2017 15:46:33] "Common Desktop"=C:\Users\Public\Desktop [22/08/2013 17:36:30] "Common Documents"=C:\Users\Public\Documents [22/08/2013 17:36:30] "Common Programs"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs [29/09/2017 15:46:33] "Common Start Menu"=C:\ProgramData\Microsoft\Windows\Start Menu [29/09/2017 15:46:33] "Common Startup"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [29/09/2017 15:46:33] "Common Templates"=C:\ProgramData\Microsoft\Windows\Templates [22/08/2013 17:36:30] "CommonMusic"=C:\Users\Public\Music [22/08/2013 17:36:30] "CommonPictures"=C:\Users\Public\Pictures [22/08/2013 17:36:30] "CommonVideo"=C:\Users\Public\Videos [22/08/2013 17:36:30] "OEM Links"=C:\ProgramData\OEM\Links [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders] "Common AppData"=%ProgramData% "Common Desktop"=%PUBLIC%\Desktop "Common Documents"=%PUBLIC%\Documents "Common Programs"=%ProgramData%\Microsoft\Windows\Start Menu\Programs "Common Start Menu"=%ProgramData%\Microsoft\Windows\Start Menu "Common Startup"=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup "Common Templates"=%ProgramData%\Microsoft\Windows\Templates "CommonMusic"=%PUBLIC%\Music "CommonPictures"=%PUBLIC%\Pictures "CommonVideo"=%PUBLIC%\Videos "{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"=%PUBLIC%\Downloads ---------- | [jeremy] [10/02/2016 21:01:25] - |D| - [792533004] - C:\Users\jeremy\.android [16/03/2018 18:56:07] - |D| - [0] - C:\Users\jeremy\.Dropbox [31/10/2015 16:24:45] - |D| - [280] - C:\Users\jeremy\.oracle_jre_usage [16/03/2018 18:56:08] - |D| - [0] - C:\Users\jeremy\.QtWebEngineProcess [09/11/2015 14:00:53] - |A| - [491] - C:\Users\jeremy\.swfinfo [03/11/2015 16:26:12] - |RD| - [4796184] - C:\Users\jeremy\3D Objects [15/03/2018 11:08:30] - |D| - [0] - C:\Users\jeremy\ansel [02/02/2018 17:00:50] - |HD| - [7230312776] - C:\Users\jeremy\AppData [02/02/2018 17:00:50] - |SHD| - [0] - C:\Users\jeremy\Application Data [30/10/2015 17:42:40] - |RD| - [412] - C:\Users\jeremy\Contacts [02/02/2018 17:00:50] - |SHD| - [0] - C:\Users\jeremy\Cookies [30/10/2015 17:37:40] - |RD| - [3588766] - C:\Users\jeremy\Desktop [30/10/2015 17:37:40] - |RD| - [40329373] - C:\Users\jeremy\Documents [30/10/2015 17:37:40] - |RD| - [8710169] - C:\Users\jeremy\Downloads [09/04/2016 19:54:18] - |RD| - [12363820221] - C:\Users\jeremy\Dropbox [11/01/2017 15:43:52] - |D| - [3748157] - C:\Users\jeremy\Emulation [30/10/2015 17:37:40] - |RD| - [1262] - C:\Users\jeremy\Favorites [30/10/2015 17:41:51] - |SHD| - [25308] - C:\Users\jeremy\IntelGraphicsProfiles [30/10/2015 17:37:40] - |RD| - [4234] - C:\Users\jeremy\Links [02/02/2018 17:00:50] - |SHD| - [0] - C:\Users\jeremy\Local Settings [02/02/2018 17:00:50] - |SHD| - [0] - C:\Users\jeremy\Menu Démarrer [02/02/2018 17:00:50] - |SHD| - [0] - C:\Users\jeremy\Mes documents [02/02/2018 20:12:00] - |HD| - [456] - C:\Users\jeremy\MicrosoftEdgeBackups [02/02/2018 17:00:50] - |SHD| - [0] - C:\Users\jeremy\Modèles [30/10/2015 17:37:40] - |RD| - [120990] - C:\Users\jeremy\Music [06/08/2016 20:45:34] - |D| - [64461254] - C:\Users\jeremy\Nox_share [02/02/2018 17:00:50] - |AH| - [6291456] - C:\Users\jeremy\NTUSER.DAT [02/02/2018 17:00:50] - |ASH| - [1605632] - C:\Users\jeremy\ntuser.dat.LOG1 [02/02/2018 17:00:50] - |ASH| - [786432] - C:\Users\jeremy\ntuser.dat.LOG2 [02/02/2018 17:00:50] - |ASH| - [65536] - C:\Users\jeremy\NTUSER.DAT{e004f7a1-0828-11e8-accb-086266dd5e57}.TM.blf [02/02/2018 17:00:50] - |ASH| - [524288] - C:\Users\jeremy\NTUSER.DAT{e004f7a1-0828-11e8-accb-086266dd5e57}.TMContainer00000000000000000001.regtrans-ms [02/02/2018 17:00:50] - |ASH| - [524288] - C:\Users\jeremy\NTUSER.DAT{e004f7a1-0828-11e8-accb-086266dd5e57}.TMContainer00000000000000000002.regtrans-ms [02/02/2018 20:10:08] - |SH| - [20] - C:\Users\jeremy\ntuser.ini [30/10/2015 17:47:29] - |RAD| - [111164996] - C:\Users\jeremy\OneDrive [30/10/2015 17:37:40] - |RD| - [108024] - C:\Users\jeremy\Pictures [02/02/2018 17:00:50] - |SHD| - [0] - C:\Users\jeremy\Recent [30/10/2015 17:37:40] - |RD| - [6670144] - C:\Users\jeremy\Saved Games [30/10/2015 17:42:40] - |RD| - [3018] - C:\Users\jeremy\Searches [02/02/2018 17:00:50] - |SHD| - [0] - C:\Users\jeremy\SendTo [30/10/2015 18:33:59] - |A| - [0] - C:\Users\jeremy\Sti_Trace.log [06/11/2015 21:26:34] - |D| - [3244032] - C:\Users\jeremy\Tracing [30/10/2015 17:37:40] - |RD| - [694] - C:\Users\jeremy\Videos [06/08/2016 20:44:17] - |D| - [14669] - C:\Users\jeremy\vmlogs [02/02/2018 17:00:50] - |SHD| - [0] - C:\Users\jeremy\Voisinage d'impression [02/02/2018 17:00:50] - |SHD| - [0] - C:\Users\jeremy\Voisinage réseau [02/02/2018 17:00:50] - |D| - [5963654160] - C:\Users\jeremy\AppData\Local [30/10/2015 17:37:41] - |D| - [281333036] - C:\Users\jeremy\AppData\LocalLow [04/11/2015 17:28:19] - |A| - [245965] - C:\Users\jeremy\AppData\Localtransition_113e293eb82d111b3247bd519d92a668.ini [13/05/2018 22:17:36] - |A| - [13235] - C:\Users\jeremy\AppData\Localtransition_a62bd9d971d8b5df7c24461bc2a2bc07.ini [05/10/2016 23:37:11] - |A| - [229820] - C:\Users\jeremy\AppData\Localtransition_b9f57693294c6c6bfdc38cdb2968e8e3.ini [02/02/2018 17:00:50] - |D| - [984836560] - C:\Users\jeremy\AppData\Roaming [08/07/2016 14:42:41] - |D| - [1319646] - C:\Users\jeremy\AppData\Local\2K Games [30/10/2015 18:46:20] - |D| - [9488878] - C:\Users\jeremy\AppData\Local\Adobe [19/03/2018 18:45:10] - |D| - [0] - C:\Users\jeremy\AppData\Local\Aeria Games [19/03/2018 18:42:58] - |D| - [33821276] - C:\Users\jeremy\AppData\Local\Akamai [30/04/2018 20:51:28] - |D| - [2988603694] - C:\Users\jeremy\AppData\Local\Ankama [25/05/2018 19:54:05] - |D| - [28059802] - C:\Users\jeremy\AppData\Local\Apple Computer [02/02/2018 17:00:50] - |SHD| - [0] - C:\Users\jeremy\AppData\Local\Application Data [12/06/2018 21:58:12] - |D| - [372539] - C:\Users\jeremy\AppData\Local\AVAST Software [17/01/2016 19:29:14] - |D| - [67469192] - C:\Users\jeremy\AppData\Local\Avg [19/02/2017 11:00:23] - |D| - [16017911] - C:\Users\jeremy\AppData\Local\AvgSetupLog [16/03/2016 17:26:22] - |D| - [0] - C:\Users\jeremy\AppData\Local\Avira [02/10/2016 15:42:32] - |D| - [108650] - C:\Users\jeremy\AppData\Local\Blizzard [02/10/2016 15:23:07] - |D| - [264] - C:\Users\jeremy\AppData\Local\Blizzard Entertainment [04/07/2016 17:23:41] - |D| - [1052708] - C:\Users\jeremy\AppData\Local\Bluestacks [14/01/2017 14:32:21] - |AH| - [331] - C:\Users\jeremy\AppData\Local\CacheConfig.dat [16/02/2017 21:01:30] - |D| - [800] - C:\Users\jeremy\AppData\Local\CAPCOM [30/10/2015 17:58:36] - |D| - [9420808] - C:\Users\jeremy\AppData\Local\CEF [16/12/2016 14:11:16] - |D| - [40] - C:\Users\jeremy\AppData\Local\Chromium [03/11/2015 14:23:54] - |D| - [33591936] - C:\Users\jeremy\AppData\Local\Comms [05/08/2016 00:04:13] - |D| - [1916167] - C:\Users\jeremy\AppData\Local\ConnectedDevicesPlatform [31/03/2018 14:46:35] - |D| - [7089043] - C:\Users\jeremy\AppData\Local\CrashDumps [14/03/2018 20:51:13] - |D| - [0] - C:\Users\jeremy\AppData\Local\DBG [05/06/2018 19:48:12] - |D| - [1523545] - C:\Users\jeremy\AppData\Local\Discord [09/04/2016 16:27:25] - |D| - [11542] - C:\Users\jeremy\AppData\Local\Disc_Soft_Ltd [09/12/2015 13:47:29] - |D| - [27650048] - C:\Users\jeremy\AppData\Local\Downloaded Installations [09/04/2016 19:43:41] - |D| - [121238976] - C:\Users\jeremy\AppData\Local\Dropbox [19/01/2018 20:55:25] - |D| - [1608] - C:\Users\jeremy\AppData\Local\dxhr [30/10/2015 17:51:03] - |SHD| - [0] - C:\Users\jeremy\AppData\Local\EmieSiteList [30/10/2015 17:51:03] - |SHD| - [0] - C:\Users\jeremy\AppData\Local\EmieUserList [19/12/2016 12:20:19] - |D| - [1467078] - C:\Users\jeremy\AppData\Local\ESET [13/08/2017 17:26:54] - |D| - [67072] - C:\Users\jeremy\AppData\Local\Facebook [06/11/2015 12:57:23] - |D| - [65897] - C:\Users\jeremy\AppData\Local\FF4 [06/04/2018 16:34:00] - |D| - [260364] - C:\Users\jeremy\AppData\Local\FFV_Game [25/01/2017 00:45:12] - |D| - [137583] - C:\Users\jeremy\AppData\Local\FileZilla [07/09/2016 19:21:06] - |D| - [4166] - C:\Users\jeremy\AppData\Local\Frontier Developments [18/09/2016 22:49:56] - |D| - [650275] - C:\Users\jeremy\AppData\Local\game-debate [16/04/2017 09:49:25] - |D| - [207350808] - C:\Users\jeremy\AppData\Local\Google [30/10/2015 17:47:56] - |D| - [71] - C:\Users\jeremy\AppData\Local\GWX [11/01/2017 15:42:21] - |D| - [5056] - C:\Users\jeremy\AppData\Local\higan [01/10/2016 15:47:57] - |D| - [442] - C:\Users\jeremy\AppData\Local\HirezLauncherUI [02/02/2018 17:00:50] - |SHD| - [0] - C:\Users\jeremy\AppData\Local\Historique [11/01/2017 15:42:21] - |D| - [165] - C:\Users\jeremy\AppData\Local\icarus [27/05/2018 23:27:31] - |AH| - [145375] - C:\Users\jeremy\AppData\Local\IconCache.db [05/08/2016 00:14:30] - |AH| - [38566] - C:\Users\jeremy\AppData\Local\IconCache.db.backup [21/06/2016 12:55:40] - |D| - [1410] - C:\Users\jeremy\AppData\Local\Intel [23/01/2017 00:19:01] - |D| - [20311] - C:\Users\jeremy\AppData\Local\IsolatedStorage [02/02/2018 17:00:50] - |D| - [557165220] - C:\Users\jeremy\AppData\Local\Microsoft [07/06/2018 23:08:14] - |D| - [0] - C:\Users\jeremy\AppData\Local\Microsoft Help [03/11/2015 14:32:43] - |D| - [75524] - C:\Users\jeremy\AppData\Local\MicrosoftEdge [04/07/2016 13:13:42] - |D| - [4963065] - C:\Users\jeremy\AppData\Local\Mixxx [25/04/2018 20:10:52] - |D| - [1518081] - C:\Users\jeremy\AppData\Local\Molotov [30/10/2015 17:53:27] - |D| - [541404371] - C:\Users\jeremy\AppData\Local\Mozilla [14/03/2018 19:31:39] - |D| - [0] - C:\Users\jeremy\AppData\Local\NetworkTiles [06/08/2016 20:42:59] - |D| - [276330] - C:\Users\jeremy\AppData\Local\Nox [11/07/2017 16:43:16] - |D| - [155567623] - C:\Users\jeremy\AppData\Local\NVIDIA [11/07/2017 17:09:27] - |D| - [38845233] - C:\Users\jeremy\AppData\Local\NVIDIA Corporation [07/07/2016 12:29:25] - |D| - [1539] - C:\Users\jeremy\AppData\Local\OfficeBSCache-MyComputer [02/02/2018 17:01:52] - |D| - [113933807] - C:\Users\jeremy\AppData\Local\Packages [18/09/2016 14:36:58] - |D| - [200992] - C:\Users\jeremy\AppData\Local\PC Link [10/12/2015 10:28:27] - |D| - [108005] - C:\Users\jeremy\AppData\Local\PoolNationFX [10/07/2016 19:30:27] - |D| - [377379881] - C:\Users\jeremy\AppData\Local\Profiles [15/03/2018 15:25:00] - |D| - [0] - C:\Users\jeremy\AppData\Local\Programs [03/11/2015 14:27:03] - |D| - [973297] - C:\Users\jeremy\AppData\Local\Publishers [20/10/2016 18:55:10] - |A| - [218] - C:\Users\jeremy\AppData\Local\recently-used.xbel [19/03/2018 19:13:22] - |A| - [7597] - C:\Users\jeremy\AppData\Local\resmon.resmoncfg [18/09/2016 14:40:12] - |D| - [34181] - C:\Users\jeremy\AppData\Local\Share Link [03/06/2017 20:36:40] - |D| - [40796] - C:\Users\jeremy\AppData\Local\SirenGame [08/07/2016 14:44:13] - |D| - [4] - C:\Users\jeremy\AppData\Local\SKIDROW [12/06/2018 22:01:39] - |D| - [568] - C:\Users\jeremy\AppData\Local\SlimWare Utilities Inc [23/05/2017 18:13:55] - |D| - [940] - C:\Users\jeremy\AppData\Local\speech [23/01/2017 00:18:50] - |D| - [38445] - C:\Users\jeremy\AppData\Local\SquirrelTemp [30/10/2015 17:58:36] - |D| - [508016328] - C:\Users\jeremy\AppData\Local\Steam [20/10/2016 20:45:22] - |D| - [128522] - C:\Users\jeremy\AppData\Local\storage [30/12/2015 17:18:41] - |D| - [6382] - C:\Users\jeremy\AppData\Local\Stéphane_Mitermite [02/02/2018 17:00:50] - |D| - [29166458] - C:\Users\jeremy\AppData\Local\Temp [02/02/2018 17:00:50] - |SHD| - [0] - C:\Users\jeremy\AppData\Local\Temporary Internet Files [03/11/2015 14:23:06] - |D| - [18462937] - C:\Users\jeremy\AppData\Local\TileDataLayer [09/12/2015 13:48:44] - |D| - [1960695] - C:\Users\jeremy\AppData\Local\TomTom [18/09/2016 19:22:29] - |D| - [30730] - C:\Users\jeremy\AppData\Local\Ubisoft [13/07/2016 10:20:54] - |D| - [3455] - C:\Users\jeremy\AppData\Local\Ubisoft Game Launcher [10/07/2017 18:47:30] - |D| - [0] - C:\Users\jeremy\AppData\Local\UNP [10/12/2015 10:28:27] - |D| - [81] - C:\Users\jeremy\AppData\Local\UnrealEngine [30/10/2015 17:42:09] - |D| - [52824456] - C:\Users\jeremy\AppData\Local\VirtualStore [20/03/2018 16:39:48] - |D| - [20480] - C:\Users\jeremy\AppData\Local\Windows Live [23/01/2017 12:48:18] - |D| - [1523876] - C:\Users\jeremy\AppData\Local\ZenMate [30/10/2015 18:49:42] - |D| - [46080] - C:\Users\jeremy\AppData\LocalLow\Adobe [09/04/2016 16:42:55] - |D| - [361] - C:\Users\jeremy\AppData\LocalLow\Apple Computer [02/10/2016 15:42:36] - |D| - [840] - C:\Users\jeremy\AppData\LocalLow\Blizzard Entertainment [30/10/2015 17:50:05] - |SHD| - [0] - C:\Users\jeremy\AppData\LocalLow\EmieSiteList [30/10/2015 17:51:53] - |SHD| - [0] - C:\Users\jeremy\AppData\LocalLow\EmieUserList [16/04/2017 09:50:33] - |D| - [84880] - C:\Users\jeremy\AppData\LocalLow\Google [20/04/2017 21:54:03] - |D| - [679292] - C:\Users\jeremy\AppData\LocalLow\Microids [30/10/2015 17:37:42] - |SD| - [1862766] - C:\Users\jeremy\AppData\LocalLow\Microsoft [14/03/2018 17:16:12] - |D| - [0] - C:\Users\jeremy\AppData\LocalLow\Mozilla [31/10/2015 02:19:42] - |D| - [54392626] - C:\Users\jeremy\AppData\LocalLow\Nvizzio Creations [31/10/2015 16:21:45] - |D| - [220639232] - C:\Users\jeremy\AppData\LocalLow\Oracle [16/07/2016 11:04:09] - |D| - [2108] - C:\Users\jeremy\AppData\LocalLow\Playdead [15/03/2018 21:40:37] - |D| - [102271] - C:\Users\jeremy\AppData\LocalLow\Playtonic Ltd [05/12/2016 19:25:15] - |D| - [117933] - C:\Users\jeremy\AppData\LocalLow\Snowcastle Games [07/02/2018 22:14:11] - |D| - [2937152] - C:\Users\jeremy\AppData\LocalLow\SquareEnix [31/10/2015 16:24:46] - |D| - [467495] - C:\Users\jeremy\AppData\LocalLow\Sun [29/05/2018 15:01:51] - |D| - [0] - C:\Users\jeremy\AppData\LocalLow\Temp [30/10/2015 17:42:11] - |D| - [5084836] - C:\Users\jeremy\AppData\Roaming\Adobe [05/11/2015 20:23:27] - |D| - [108544] - C:\Users\jeremy\AppData\Roaming\Aeria Games & Entertainment [10/02/2016 20:54:28] - |D| - [60431] - C:\Users\jeremy\AppData\Roaming\Andy [04/11/2015 17:46:47] - |D| - [1005] - C:\Users\jeremy\AppData\Roaming\AnkamaCertificates [04/11/2015 17:46:13] - |D| - [5089] - C:\Users\jeremy\AppData\Roaming\app [09/04/2016 18:24:39] - |D| - [417706] - C:\Users\jeremy\AppData\Roaming\Apple Computer [21/11/2015 12:07:58] - |D| - [1601] - C:\Users\jeremy\AppData\Roaming\Atari [09/04/2016 16:45:50] - |A| - [78450] - C:\Users\jeremy\AppData\Roaming\AtoutClicTV Prefs cm1 [08/06/2018 22:21:55] - |D| - [9320087] - C:\Users\jeremy\AppData\Roaming\AVAST Software [01/04/2017 10:05:16] - |D| - [36] - C:\Users\jeremy\AppData\Roaming\Battle.net [18/02/2017 11:03:30] - |D| - [73] - C:\Users\jeremy\AppData\Roaming\Bitdefender [07/02/2017 22:17:38] - |D| - [40480] - C:\Users\jeremy\AppData\Roaming\Citra [26/01/2016 11:49:04] - |D| - [3002] - C:\Users\jeremy\AppData\Roaming\Citra team [05/06/2016 17:20:14] - |D| - [28664] - C:\Users\jeremy\AppData\Roaming\Crystal Dynamics [04/11/2015 17:46:11] - |A| - [113] - C:\Users\jeremy\AppData\Roaming\D2Info0 [06/10/2016 00:10:54] - |A| - [121] - C:\Users\jeremy\AppData\Roaming\D2Info1 [14/03/2018 22:34:03] - |D| - [0] - C:\Users\jeremy\AppData\Roaming\DAEMON Tools Lite [20/10/2016 18:52:25] - |D| - [16081] - C:\Users\jeremy\AppData\Roaming\deluge [10/07/2016 18:50:28] - |D| - [6144] - C:\Users\jeremy\AppData\Roaming\Desktop [05/06/2018 19:48:28] - |D| - [68258358] - C:\Users\jeremy\AppData\Roaming\discord [13/06/2018 12:47:20] - |D| - [51340301] - C:\Users\jeremy\AppData\Roaming\Dofus [13/06/2018 18:19:39] - |D| - [75] - C:\Users\jeremy\AppData\Roaming\Dofus-2 [15/06/2018 11:19:26] - |D| - [75] - C:\Users\jeremy\AppData\Roaming\Dofus-3 [04/11/2015 17:46:11] - |A| - [8] - C:\Users\jeremy\AppData\Roaming\DofusAppId0_1 [12/11/2015 11:18:07] - |A| - [8] - C:\Users\jeremy\AppData\Roaming\DofusAppId0_2 [13/09/2016 15:42:09] - |A| - [8] - C:\Users\jeremy\AppData\Roaming\DofusAppId0_3 [22/09/2016 00:55:51] - |A| - [8] - C:\Users\jeremy\AppData\Roaming\DofusAppId0_4 [06/10/2016 00:10:54] - |A| - [8] - C:\Users\jeremy\AppData\Roaming\DofusAppId1_1 [16/10/2016 11:35:03] - |A| - [8] - C:\Users\jeremy\AppData\Roaming\DofusAppId1_2 [09/04/2016 19:44:46] - |D| - [742072] - C:\Users\jeremy\AppData\Roaming\Dropbox [24/04/2016 19:40:30] - |D| - [203] - C:\Users\jeremy\AppData\Roaming\dvdcss [30/10/2015 18:38:11] - |D| - [8442] - C:\Users\jeremy\AppData\Roaming\EPSON [25/01/2017 00:45:12] - |D| - [45190] - C:\Users\jeremy\AppData\Roaming\FileZilla [15/03/2018 14:04:30] - |D| - [0] - C:\Users\jeremy\AppData\Roaming\Frontier Developments [09/06/2016 22:38:18] - |D| - [4662464] - C:\Users\jeremy\AppData\Roaming\GlarySoft [14/03/2018 17:16:25] - |D| - [0] - C:\Users\jeremy\AppData\Roaming\Google [17/05/2018 22:24:26] - |D| - [0] - C:\Users\jeremy\AppData\Roaming\InstallShield [21/06/2016 20:20:12] - |D| - [4677] - C:\Users\jeremy\AppData\Roaming\Kalypso Media [07/09/2016 19:21:17] - |D| - [564592] - C:\Users\jeremy\AppData\Roaming\Launchpad [03/07/2016 20:54:17] - |D| - [2] - C:\Users\jeremy\AppData\Roaming\livestreamer [07/02/2017 12:26:12] - |D| - [13972] - C:\Users\jeremy\AppData\Roaming\Logishrd [30/10/2015 17:44:04] - |D| - [2433] - C:\Users\jeremy\AppData\Roaming\Macromedia [02/02/2018 17:00:50] - |SD| - [53246163] - C:\Users\jeremy\AppData\Roaming\Microsoft [23/07/2017 16:36:37] - |D| - [345875645] - C:\Users\jeremy\AppData\Roaming\Molotov [30/10/2015 17:53:27] - |D| - [198475687] - C:\Users\jeremy\AppData\Roaming\Mozilla [09/05/2018 18:50:04] - |D| - [69632] - C:\Users\jeremy\AppData\Roaming\Mufibot [30/12/2015 13:37:50] - |D| - [4811659] - C:\Users\jeremy\AppData\Roaming\Notepad++ [30/12/2015 12:56:39] - |D| - [6651] - C:\Users\jeremy\AppData\Roaming\OpenDNS Updater [05/04/2016 08:58:21] - |D| - [23630180] - C:\Users\jeremy\AppData\Roaming\OpenOffice [27/05/2018 14:59:57] - |D| - [0] - C:\Users\jeremy\AppData\Roaming\Panda Security [04/11/2015 17:46:13] - |D| - [5427] - C:\Users\jeremy\AppData\Roaming\Reg [06/10/2016 00:10:56] - |D| - [0] - C:\Users\jeremy\AppData\Roaming\RegBETA [27/05/2018 15:01:08] - |D| - [1150] - C:\Users\jeremy\AppData\Roaming\Search The Web [30/10/2015 18:20:22] - |D| - [88566981] - C:\Users\jeremy\AppData\Roaming\Skype [14/06/2016 10:54:40] - |A| - [165] - C:\Users\jeremy\AppData\Roaming\sp_data.sys [21/06/2016 20:20:10] - |D| - [3098626] - C:\Users\jeremy\AppData\Roaming\Steam [15/06/2018 16:26:11] - |D| - [0] - C:\Users\jeremy\AppData\Roaming\Sun [15/11/2015 12:15:33] - |D| - [35308] - C:\Users\jeremy\AppData\Roaming\TeamViewer [05/11/2016 17:51:10] - |D| - [91810] - C:\Users\jeremy\AppData\Roaming\Theta [09/12/2015 13:48:44] - |D| - [490736] - C:\Users\jeremy\AppData\Roaming\TomTom [27/06/2017 21:12:04] - |D| - [8889304] - C:\Users\jeremy\AppData\Roaming\tor [24/01/2017 23:36:34] - |D| - [3590] - C:\Users\jeremy\AppData\Roaming\transmission [18/09/2016 14:55:50] - |D| - [5658000] - C:\Users\jeremy\AppData\Roaming\Tropico 4 [21/06/2016 20:20:14] - |D| - [47328559] - C:\Users\jeremy\AppData\Roaming\Tropico 5 [02/10/2016 20:33:23] - |D| - [182978] - C:\Users\jeremy\AppData\Roaming\Ubisoft [19/12/2016 12:26:12] - |D| - [91988] - C:\Users\jeremy\AppData\Roaming\uplay [07/11/2015 21:11:14] - |D| - [94432] - C:\Users\jeremy\AppData\Roaming\vlc [03/04/2018 15:37:43] - |D| - [15464] - C:\Users\jeremy\AppData\Roaming\Wargaming.net [30/10/2015 17:49:05] - |D| - [2177587] - C:\Users\jeremy\AppData\Roaming\WebStorage [10/07/2016 19:33:45] - |D| - [104] - C:\Users\jeremy\AppData\Roaming\WildTangent [05/10/2016 18:16:07] - |D| - [12] - C:\Users\jeremy\AppData\Roaming\WinRAR [24/01/2017 12:29:07] - |D| - [61173355] - C:\Users\jeremy\AppData\Roaming\ZHP [30/10/2015 17:42:40] - |SH| - [174] - C:\Users\jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini [15/05/2018 14:20:13] - |A| - [1159] - C:\Users\jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Dofus.lnk [02/02/2018 17:00:50] - |SHD| - [0] - C:\Users\jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes [07/02/2018 15:59:21] - |RD| - [5445] - C:\Users\jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [06/03/2018 00:09:04] - |RD| - [1403] - C:\Users\jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [06/03/2018 00:09:33] - |RD| - [174] - C:\Users\jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [07/02/2018 15:59:21] - |SH| - [174] - C:\Users\jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini [05/06/2018 19:48:29] - |D| - [0] - C:\Users\jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc [18/02/2018 22:07:03] - |D| - [0] - C:\Users\jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Molotov [20/03/2018 11:55:03] - |A| - [2450] - C:\Users\jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk [06/03/2018 00:09:33] - |RD| - [174] - C:\Users\jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [10/04/2018 20:03:25] - |D| - [1070] - C:\Users\jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam [06/03/2018 00:09:33] - |SH| - [174] - C:\Users\jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | [Public] [10/09/2015 07:54:19] - |RHD| - [120706] - C:\Users\Public\AccountPictures [13/02/2015 19:13:01] - |D| - [10193] - C:\Users\Public\ASUS [22/08/2013 17:36:30] - |RHD| - [19381] - C:\Users\Public\Desktop [29/09/2017 15:46:38] - |ASH| - [174] - C:\Users\Public\desktop.ini [22/08/2013 17:36:30] - |RD| - [30851352] - C:\Users\Public\Documents [22/08/2013 17:36:30] - |RD| - [174] - C:\Users\Public\Downloads [29/09/2017 15:46:33] - |RHD| - [1135] - C:\Users\Public\Libraries [22/08/2013 17:36:30] - |RD| - [380] - C:\Users\Public\Music [06/11/2015 10:53:51] - |A| - [8192] - C:\Users\Public\NTUSER.DAT [06/11/2015 10:53:51] - |A| - [16384] - C:\Users\Public\NTUSER.DAT.LOG1 [06/11/2015 10:53:51] - |A| - [8192] - C:\Users\Public\NTUSER.DAT.LOG2 [06/11/2015 10:53:51] - |ASH| - [65536] - C:\Users\Public\NTUSER.DAT{5b790ccb-8309-11e5-8272-acb57dadbd3e}.TM.blf [06/11/2015 10:53:51] - |ASH| - [524288] - C:\Users\Public\NTUSER.DAT{5b790ccb-8309-11e5-8272-acb57dadbd3e}.TMContainer00000000000000000001.regtrans-ms [06/11/2015 10:53:51] - |ASH| - [524288] - C:\Users\Public\NTUSER.DAT{5b790ccb-8309-11e5-8272-acb57dadbd3e}.TMContainer00000000000000000002.regtrans-ms [22/08/2013 17:36:30] - |RD| - [380] - C:\Users\Public\Pictures [22/08/2013 17:36:30] - |RD| - [380] - C:\Users\Public\Videos ---------- | [TEMP] [24/01/2018 19:42:43] - |HD| - [2782] - C:\Users\TEMP\AppData [24/01/2018 19:42:44] - |D| - [2782] - C:\Users\TEMP\AppData\Local [24/01/2018 19:43:17] - |D| - [2782] - C:\Users\TEMP\AppData\Local\ConnectedDevicesPlatform ---------- | C:\ProgramData [30/10/2015 18:47:36] - |D| - [493029744] - C:\ProgramData\Adobe [06/11/2015 10:01:15] - |D| - [4266206901] - C:\ProgramData\Aeria Games [18/02/2017 10:48:03] - |A| - [47190] - C:\ProgramData\agent.1487407669.bdinstall.bin [18/02/2017 11:40:17] - |A| - [20418] - C:\ProgramData\agent.1487410811.bdinstall.bin [21/02/2017 23:14:41] - |A| - [29036] - C:\ProgramData\agent.1487711675.bdinstall.bin [25/05/2018 19:53:48] - |D| - [0] - C:\ProgramData\Apple Computer [02/02/2018 17:23:53] - |SHD| - [0] - C:\ProgramData\Application Data [19/09/2016 10:52:56] - |D| - [3052] - C:\ProgramData\ASUS Smart Gesture [29/10/2014 08:25:41] - |D| - [2282] - C:\ProgramData\ASUS WebStorage [29/10/2014 08:25:13] - |D| - [12618] - C:\ProgramData\ASUSLogos [08/06/2018 21:22:12] - |D| - [89056220] - C:\ProgramData\AVAST Software [17/01/2016 19:36:36] - |AD| - [10958571] - C:\ProgramData\Avg [17/01/2016 19:42:27] - |D| - [2779024] - C:\ProgramData\Avg_Update_0615piz [15/03/2016 19:25:29] - |D| - [12887841] - C:\ProgramData\Avira [02/10/2016 15:21:33] - |D| - [18171434] - C:\ProgramData\Battle.net [18/02/2017 10:55:08] - |D| - [643011] - C:\ProgramData\Bitdefender [02/10/2016 15:23:02] - |D| - [26708] - C:\ProgramData\Blizzard Entertainment [03/11/2015 14:21:36] - |SHD| - [0] - C:\ProgramData\Bureau [09/04/2016 16:39:17] - |D| - [28] - C:\ProgramData\BVRP Software [18/02/2017 11:07:25] - |A| - [402519] - C:\ProgramData\cl.1487408071.bdinstall.bin [18/02/2017 11:44:25] - |A| - [217737] - C:\ProgramData\cl.uninstall.1487410819.bdinstall.bin [17/01/2016 19:36:37] - |HD| - [480] - C:\ProgramData\Common Files [09/04/2016 16:20:35] - |D| - [3756] - C:\ProgramData\DAEMON Tools Lite [02/02/2018 17:23:53] - |SHD| - [0] - C:\ProgramData\Documents [04/08/2016 23:27:44] - |A| - [0] - C:\ProgramData\DP45977C.lfl [09/04/2016 19:43:41] - |D| - [18818830] - C:\ProgramData\Dropbox [30/10/2015 18:28:09] - |D| - [13614523] - C:\ProgramData\EPSON [09/06/2016 22:40:12] - |D| - [6716149] - C:\ProgramData\Glarysoft [24/05/2018 19:29:43] - |D| - [715360] - C:\ProgramData\GOG.com [05/06/2018 18:03:57] - |D| - [18794] - C:\ProgramData\Hotspot Shield [13/02/2015 18:43:56] - |D| - [143969803] - C:\ProgramData\Intel [23/01/2016 11:50:26] - |D| - [4080] - C:\ProgramData\Logs [27/06/2016 16:55:18] - |D| - [239192456] - C:\ProgramData\Malwarebytes [01/03/2018 12:47:59] - |D| - [8673856] - C:\ProgramData\MB3CoreBackup [13/02/2015 19:13:14] - |D| - [6217434] - C:\ProgramData\McAfee [03/11/2015 14:21:36] - |SHD| - [0] - C:\ProgramData\Menu Démarrer [29/09/2017 15:46:33] - |SD| - [1182585571] - C:\ProgramData\Microsoft [07/07/2016 12:08:59] - |D| - [13700] - C:\ProgramData\Microsoft Help [02/02/2018 20:13:20] - |D| - [0] - C:\ProgramData\Microsoft OneDrive [03/11/2015 14:21:36] - |SHD| - [0] - C:\ProgramData\Modèles [09/04/2016 18:24:26] - |A| - [290] - C:\ProgramData\ntuser.pol [11/07/2017 16:43:09] - |D| - [24798763] - C:\ProgramData\NVIDIA [04/08/2016 23:25:39] - |D| - [1091978328] - C:\ProgramData\NVIDIA Corporation [16/12/2016 14:11:15] - |A| - [6776] - C:\ProgramData\NvTelemetryContainer.log [16/12/2016 14:11:15] - |A| - [11774] - C:\ProgramData\NvTelemetryContainer.log_backup1 [31/10/2015 16:24:28] - |D| - [154919836] - C:\ProgramData\Oracle [01/10/2016 18:22:19] - |D| - [678535] - C:\ProgramData\Orbit [06/11/2015 21:37:09] - |D| - [463846] - C:\ProgramData\Origin [29/10/2014 08:25:55] - |D| - [62001868] - C:\ProgramData\Package Cache [27/05/2018 14:40:00] - |D| - [11411866] - C:\ProgramData\Panda Security [27/05/2018 15:01:28] - |D| - [3209837] - C:\ProgramData\panda_url_filtering [29/09/2017 15:46:33] - |D| - [1065] - C:\ProgramData\regid.1991-06.com.microsoft [29/10/2014 08:25:14] - |A| - [256] - C:\ProgramData\SetStretch.cmd [29/10/2014 08:25:14] - |A| - [24576] - C:\ProgramData\SetStretch.exe [29/10/2014 08:25:14] - |A| - [103] - C:\ProgramData\SetStretch.VBS [04/08/2016 23:24:36] - |D| - [57078294] - C:\ProgramData\SetupTPDriver [29/10/2014 08:25:50] - |D| - [124006400] - C:\ProgramData\Skype [25/01/2016 16:13:15] - |D| - [645] - C:\ProgramData\Sony Corporation [08/09/2016 09:06:39] - |D| - [13462523] - C:\ProgramData\Spybot - Search & Destroy [11/03/2017 15:47:00] - |D| - [1647839] - C:\ProgramData\SP_FT_Logs [20/06/2016 17:48:23] - |D| - [4223] - C:\ProgramData\Steam [07/11/2015 18:16:10] - |D| - [69] - C:\ProgramData\SystemRequirementsLab [23/01/2016 11:50:24] - |D| - [4] - C:\ProgramData\TEMP [23/01/2016 11:04:58] - |D| - [425] - C:\ProgramData\Ubisoft [25/01/2016 16:13:19] - |D| - [4680] - C:\ProgramData\UDL [30/10/2015 17:42:51] - |D| - [21] - C:\ProgramData\USBChargerPlus [29/09/2017 15:46:33] - |D| - [8888] - C:\ProgramData\USOPrivate [02/02/2018 17:05:54] - |D| - [3330048] - C:\ProgramData\USOShared [25/05/2018 19:13:03] - |D| - [38] - C:\ProgramData\Verimatrix [10/02/2016 20:56:49] - |AD| - [339] - C:\ProgramData\VMware [22/01/2017 11:31:23] - |D| - [1754] - C:\ProgramData\VS Revo Group [29/10/2014 08:25:41] - |D| - [2282] - C:\ProgramData\WebStorage [29/10/2014 08:26:52] - |D| - [371998] - C:\ProgramData\WildTangent [08/06/2018 01:26:53] - |D| - [0] - C:\ProgramData\WindowsHolographicDevices ---------- | C:\ProgramData\Microsoft\Windows\Start Menu [29/09/2017 15:46:38] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini [03/11/2015 14:21:36] - |SHD| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programmes [29/09/2017 15:46:33] - |RD| - [220346] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs [07/07/2016 12:12:43] - |A| - [2668] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk [29/09/2017 15:46:33] - |RD| - [1614] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility [29/09/2017 15:46:33] - |RD| - [14299] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories [15/04/2017 15:59:44] - |A| - [2457] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk [30/10/2015 18:48:15] - |A| - [2457] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk [29/09/2017 15:46:33] - |RD| - [21770] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [05/09/2016 08:25:17] - |D| - [2121] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AeriaGames [29/10/2014 08:25:42] - |D| - [19464] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS [11/06/2018 13:46:33] - |A| - [1981] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Internet Security.lnk [17/01/2016 12:58:30] - |D| - [965] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [29/09/2017 15:46:38] - |SH| - [530] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini [06/06/2018 21:50:25] - |D| - [1314] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox [30/10/2015 18:21:11] - |D| - [5326] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON [30/10/2015 18:27:11] - |D| - [9413] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software [07/07/2016 12:12:43] - |A| - [2660] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk [02/02/2018 21:28:46] - |D| - [8889] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow x64 [06/04/2018 16:23:53] - |A| - [647] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FINAL FANTASY V.lnk [02/02/2018 00:24:06] - |D| - [17969] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Final Fantasy VII [03/06/2018 21:44:52] - |A| - [1007] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk [29/10/2014 08:26:55] - |RD| - [95] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games [11/07/2017 12:33:10] - |D| - [3468] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5 [11/07/2017 12:33:10] - |A| - [1163] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk [18/04/2017 11:13:29] - |A| - [2301] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk [13/02/2015 19:05:09] - |D| - [2685] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICEpower [29/09/2017 15:43:11] - |RAS| - [2349] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk [13/02/2015 18:45:27] - |RD| - [1548] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel [18/09/2016 14:40:37] - |RD| - [2496] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Connect Center [13/02/2015 18:45:25] - |A| - [724] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel(R) HD Graphics Control Panel.lnk [15/06/2018 16:26:00] - |D| - [6892] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java [29/09/2017 15:46:33] - |D| - [170] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance [01/03/2018 12:48:16] - |D| - [3900] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes [31/10/2015 17:20:16] - |D| - [2300] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [26/02/2017 14:39:47] - |D| - [3607] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR WNA3100M Genie [30/12/2015 13:37:53] - |D| - [1068] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++ [25/05/2018 12:27:53] - |D| - [1463] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [07/07/2016 12:12:43] - |A| - [2674] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive Entreprise.lnk [07/07/2016 12:12:43] - |A| - [2660] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk [04/04/2016 18:19:12] - |SD| - [7392] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.2 [19/01/2016 16:07:40] - |RD| - [19744] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outils Microsoft Office 2016 [07/07/2016 12:12:43] - |A| - [2741] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk [07/07/2016 12:12:43] - |A| - [2654] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk [07/07/2016 12:12:43] - |A| - [2640] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk [13/02/2015 18:52:38] - |D| - [1967] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realtek [19/01/2016 17:43:17] - |D| - [1409] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RomStation [07/07/2016 12:12:43] - |A| - [2668] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype Entreprise 2016.lnk [29/09/2017 15:46:33] - |RD| - [1396] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp [17/07/2017 20:05:47] - |HD| - [1102] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup-Disabled [30/10/2015 17:55:58] - |D| - [1053] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [29/09/2017 15:46:33] - |RD| - [1458] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools [30/10/2015 21:03:03] - |RHD| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC [07/11/2015 10:39:14] - |D| - [5862] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [02/02/2018 13:57:16] - |A| - [813] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Update Assistant.lnk [02/02/2018 17:04:22] - |A| - [1576] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk [05/10/2016 18:23:25] - |D| - [4089] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [07/07/2016 12:12:43] - |A| - [2668] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [29/09/2017 15:46:38] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini [17/05/2018 22:26:23] - |A| - [1222] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA3100M Genie.lnk ---------- | C:\Program Files (x86) [30/10/2015 18:47:57] - |D| - [283898271] - C:\Program Files (x86)\Adobe [05/09/2016 08:25:17] - |D| - [3024351] - C:\Program Files (x86)\Aeria Games [04/08/2016 23:25:36] - |D| - [256240398] - C:\Program Files (x86)\ASUS [05/08/2017 10:49:43] - |D| - [6852408] - C:\Program Files (x86)\AVG [29/09/2017 15:46:33] - |D| - [494356783] - C:\Program Files (x86)\Common Files [29/09/2017 15:46:37] - |ASH| - [174] - C:\Program Files (x86)\desktop.ini [09/04/2016 19:43:57] - |D| - [573079301] - C:\Program Files (x86)\Dropbox [30/10/2015 18:24:50] - |D| - [19010516] - C:\Program Files (x86)\epson [30/10/2015 18:21:10] - |AD| - [175730826] - C:\Program Files (x86)\Epson Software [29/10/2014 08:26:17] - |AD| - [13726336] - C:\Program Files (x86)\Foxit PhantomPDF [11/07/2017 12:32:56] - |D| - [51908164] - C:\Program Files (x86)\Glary Utilities 5 [14/04/2016 09:22:32] - |D| - [416845095] - C:\Program Files (x86)\Google [01/10/2016 15:43:13] - |AD| - [11] - C:\Program Files (x86)\Hi-Rez Studios [13/02/2015 19:05:09] - |D| - [8702640] - C:\Program Files (x86)\ICEpower [13/02/2015 18:51:54] - |HD| - [57535162] - C:\Program Files (x86)\InstallShield Installation Information [13/02/2015 18:43:42] - |D| - [42638069] - C:\Program Files (x86)\Intel [21/06/2016 12:55:10] - |AD| - [2551] - C:\Program Files (x86)\Intel Driver Update Utility [29/09/2017 15:46:33] - |D| - [2016373] - C:\Program Files (x86)\Internet Explorer [15/06/2018 16:25:29] - |D| - [178958814] - C:\Program Files (x86)\Java [07/07/2016 12:09:00] - |D| - [92316465] - C:\Program Files (x86)\Microsoft Analysis Services [31/10/2015 01:59:25] - |D| - [1670519] - C:\Program Files (x86)\Microsoft ASP.NET [29/10/2014 08:19:44] - |AD| - [1707633924] - C:\Program Files (x86)\Microsoft Office [31/10/2015 17:19:38] - |AD| - [42892246] - C:\Program Files (x86)\Microsoft Silverlight [07/07/2016 12:10:40] - |D| - [21696] - C:\Program Files (x86)\Microsoft SQL Server [29/09/2017 15:46:33] - |D| - [8929119] - C:\Program Files (x86)\Microsoft.NET [11/11/2015 19:07:24] - |D| - [109640] - C:\Program Files (x86)\MotionInJoy [16/11/2016 21:09:32] - |AD| - [476128] - C:\Program Files (x86)\Mozilla Firefox [03/06/2018 21:44:52] - |D| - [286035] - C:\Program Files (x86)\Mozilla Maintenance Service [02/02/2018 16:41:03] - |D| - [25757] - C:\Program Files (x86)\MSBuild [23/05/2017 12:57:58] - |AD| - [2169041] - C:\Program Files (x86)\MyDrive Connect [28/12/2016 11:00:07] - |D| - [29187920] - C:\Program Files (x86)\NETGEAR [30/12/2015 13:37:50] - |D| - [6954119] - C:\Program Files (x86)\Notepad++ [11/07/2017 16:43:10] - |D| - [278224696] - C:\Program Files (x86)\NVIDIA Corporation [04/04/2016 18:18:25] - |AD| - [326547768] - C:\Program Files (x86)\OpenOffice 4 [06/11/2015 21:53:44] - |D| - [104152] - C:\Program Files (x86)\Origin Games [27/05/2018 14:57:11] - |D| - [0] - C:\Program Files (x86)\Panda Security [13/02/2015 18:51:55] - |D| - [150060102] - C:\Program Files (x86)\Realtek [02/02/2018 16:41:03] - |D| - [38454529] - C:\Program Files (x86)\Reference Assemblies [19/01/2018 20:20:39] - |D| - [868465181] - C:\Program Files (x86)\Square Enix [02/02/2018 00:10:05] - |D| - [7046459316] - C:\Program Files (x86)\Square Soft, Inc [30/10/2015 17:55:58] - |D| - [920710327] - C:\Program Files (x86)\Steam [30/10/2015 18:03:56] - |AD| - [648704] - C:\Program Files (x86)\SystemRequirementsLab [13/02/2015 18:51:54] - |HD| - [0] - C:\Program Files (x86)\Temp [23/05/2017 12:58:09] - |D| - [22486] - C:\Program Files (x86)\TomTom International B.V [13/07/2016 10:20:51] - |D| - [340263532] - C:\Program Files (x86)\Ubisoft [02/02/2018 16:57:18] - |HD| - [0] - C:\Program Files (x86)\Uninstall Information [29/05/2018 17:42:10] - |D| - [10868] - C:\Program Files (x86)\VulkanRT [29/09/2017 15:46:33] - |D| - [1794312] - C:\Program Files (x86)\Windows Defender [29/09/2017 15:46:33] - |D| - [627712] - C:\Program Files (x86)\Windows Mail [30/09/2017 16:40:33] - |D| - [3295175] - C:\Program Files (x86)\Windows Media Player [29/09/2017 15:46:33] - |D| - [42960] - C:\Program Files (x86)\Windows Multimedia Platform [29/09/2017 15:46:33] - |D| - [7569090] - C:\Program Files (x86)\windows nt [29/09/2017 15:46:33] - |D| - [5358896] - C:\Program Files (x86)\Windows Photo Viewer [29/09/2017 15:46:33] - |D| - [42960] - C:\Program Files (x86)\Windows Portable Devices [29/09/2017 15:46:33] - |SHD| - [0] - C:\Program Files (x86)\Windows Sidebar [29/09/2017 15:46:33] - |D| - [3157443] - C:\Program Files (x86)\WindowsPowerShell ---------- | C:\Program Files [08/06/2018 21:23:57] - |D| - [1153329727] - C:\Program Files\AVAST Software [13/02/2015 18:59:05] - |D| - [40420419] - C:\Program Files\Broadcom [17/01/2016 12:58:18] - |AD| - [37672554] - C:\Program Files\CCleaner [29/09/2017 15:46:33] - |D| - [140007759] - C:\Program Files\Common Files [29/09/2017 15:46:37] - |ASH| - [174] - C:\Program Files\desktop.ini [13/02/2015 18:55:53] - |D| - [5916488] - C:\Program Files\DIFX [02/02/2018 21:28:46] - |D| - [16015859] - C:\Program Files\ffdshow [03/11/2015 14:21:37] - |SHD| - [0] - C:\Program Files\Fichiers communs [06/04/2018 16:23:52] - |D| - [1250928619] - C:\Program Files\FINAL FANTASY V [04/08/2016 23:27:13] - |AD| - [77197075] - C:\Program Files\Intel [29/09/2017 15:46:33] - |D| - [2639960] - C:\Program Files\internet explorer [24/01/2017 13:23:21] - |D| - [154764563] - C:\Program Files\Malwarebytes [07/07/2016 12:08:31] - |D| - [21655697] - C:\Program Files\Microsoft Office [31/10/2015 17:19:38] - |AD| - [55725526] - C:\Program Files\Microsoft Silverlight [03/06/2018 21:44:46] - |D| - [150680791] - C:\Program Files\Mozilla Firefox [02/02/2018 16:41:03] - |D| - [25757] - C:\Program Files\MSBuild [11/07/2017 16:41:53] - |D| - [2080805797] - C:\Program Files\NVIDIA Corporation [24/01/2017 23:01:00] - |D| - [1336] - C:\Program Files\OpenVPN [04/08/2016 23:27:24] - |D| - [45217087] - C:\Program Files\Realtek [02/02/2018 16:41:03] - |D| - [36854953] - C:\Program Files\Reference Assemblies [29/09/2017 20:50:15] - |AD| - [8183723] - C:\Program Files\rempl [19/03/2018 20:10:56] - |D| - [0] - C:\Program Files\SUPERAntiSpyware [04/08/2016 23:25:07] - |HD| - [0] - C:\Program Files\Uninstall Information [10/07/2017 18:45:44] - |AD| - [6553600] - C:\Program Files\UNP [07/11/2015 10:38:43] - |D| - [172148668] - C:\Program Files\VideoLAN [13/02/2015 19:00:40] - |D| - [209857595] - C:\Program Files\WIDCOMM [29/09/2017 15:46:33] - |RD| - [17900385] - C:\Program Files\Windows Defender [29/09/2017 15:46:33] - |D| - [638976] - C:\Program Files\Windows Mail [30/09/2017 16:40:33] - |D| - [4825067] - C:\Program Files\Windows Media Player [29/09/2017 15:46:33] - |D| - [49680] - C:\Program Files\Windows Multimedia Platform [29/09/2017 15:46:33] - |D| - [7836866] - C:\Program Files\windows nt [29/09/2017 15:46:33] - |D| - [6137656] - C:\Program Files\Windows Photo Viewer [29/09/2017 15:46:33] - |D| - [49688] - C:\Program Files\Windows Portable Devices [29/09/2017 15:46:33] - |D| - [96941] - C:\Program Files\Windows Security [29/09/2017 15:46:33] - |SHD| - [0] - C:\Program Files\Windows Sidebar [29/09/2017 15:46:33] - |HD| - [2593146077] - C:\Program Files\WindowsApps [29/09/2017 15:46:33] - |D| - [3409831] - C:\Program Files\WindowsPowerShell [05/10/2016 18:23:19] - |AD| - [6046384] - C:\Program Files\WinRAR ---------- | C:\Program Files (x86)\Common Files [30/10/2015 18:47:57] - |AD| - [9430811] - C:\Program Files (x86)\Common Files\Adobe [29/10/2014 08:25:38] - |D| - [4072970] - C:\Program Files (x86)\Common Files\AWS [07/07/2016 12:11:11] - |AD| - [14552] - C:\Program Files (x86)\Common Files\DESIGNER [04/08/2016 23:27:07] - |D| - [68080827] - C:\Program Files (x86)\Common Files\Intel [15/06/2018 16:26:15] - |D| - [1948384] - C:\Program Files (x86)\Common Files\Java [10/02/2017 01:52:03] - |D| - [0] - C:\Program Files (x86)\Common Files\McAfee [29/09/2017 15:46:33] - |D| - [393468090] - C:\Program Files (x86)\Common Files\microsoft shared [15/06/2018 16:26:01] - |D| - [1369776] - C:\Program Files (x86)\Common Files\Oracle [13/02/2015 18:43:58] - |D| - [204796] - C:\Program Files (x86)\Common Files\PostureAgent [29/09/2017 15:46:33] - |D| - [2702] - C:\Program Files (x86)\Common Files\Services [30/10/2015 17:55:59] - |D| - [5506400] - C:\Program Files (x86)\Common Files\Steam [29/09/2017 15:46:33] - |D| - [10257475] - C:\Program Files (x86)\Common Files\system [20/03/2018 16:39:47] - |D| - [0] - C:\Program Files (x86)\Common Files\Windows Live ---------- | C:\Program Files\Common files [08/09/2016 09:10:13] - |D| - [1839304] - C:\Program Files\Common files\AV [08/06/2018 21:41:41] - |D| - [2010312] - C:\Program Files\Common files\AVAST Software [21/12/2017 19:22:22] - |D| - [3950016] - C:\Program Files\Common files\AVG [30/10/2015 18:29:45] - |D| - [152640] - C:\Program Files\Common files\EPSON [07/02/2017 12:26:18] - |D| - [0] - C:\Program Files\Common files\LogiShrd [10/02/2017 01:52:03] - |D| - [0] - C:\Program Files\Common files\McAfee [29/09/2017 15:46:33] - |D| - [121846182] - C:\Program Files\Common files\microsoft shared [29/09/2017 15:46:33] - |D| - [2702] - C:\Program Files\Common files\Services [29/09/2017 15:46:33] - |D| - [10206603] - C:\Program Files\Common files\system ---------- | Tasks [MD5.F716A972465F569316CFA0E0C8A44FF2] - [09/04/2016 19:43:58] - |A| - [1196] - C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job [MD5.6C11B87ECB82F00CAEB700919CC4F6FD] - [09/04/2016 19:43:58] - |A| - [1200] - C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job [MD5.B6C0A7BA56ECCB81B7A25DEE291C861E] - [30/10/2015 18:30:54] - |A| - [933] - C:\WINDOWS\Tasks\EPSON XP-322 323 325 Series Update {061937A4-1252-4CDA-8340-9609D625E714}.job [MD5.C2D966341596EB9D8138CB44C222C838] - [25/04/2016 10:16:08] - |A| - [933] - C:\WINDOWS\Tasks\EPSON XP-322 323 325 Series Update {135922D8-FC24-49D1-8227-EE5218486486}.job [MD5.CC7C2FDA5AE4FEDDFF5D6D86D929E7D2] - [06/10/2017 16:49:34] - |A| - [933] - C:\WINDOWS\Tasks\EPSON XP-322 323 325 Series Update {1F263A31-0F4A-4230-8A96-7FB8D512D008}.job [MD5.168ADE9183E0A5CD44A4A7FF199E9C2E] - [30/10/2015 18:29:45] - |A| - [933] - C:\WINDOWS\Tasks\EPSON XP-322 323 325 Series Update {9198C81E-C3D3-413C-9DE5-415F0E38C17E}.job [MD5.8B451A0324B599CDB2684A4C7EFF3034] - [06/11/2015 14:10:04] - |A| - [933] - C:\WINDOWS\Tasks\EPSON XP-322 323 325 Series Update {C2E4AE32-EA0D-4B06-A992-B7BCEDB65498}.job [MD5.81A8F359DFAC4D22993210B475A6588F] - [05/04/2018 15:59:50] - |A| - [933] - C:\WINDOWS\Tasks\EPSON XP-322 323 325 Series Update {D30F6463-3F8E-46D1-807F-17E07B9FA58D}.job [MD5.92F669F8C7D4432EF8FD5F8D1989EE4D] - [09/06/2016 12:10:30] - |A| - [933] - C:\WINDOWS\Tasks\EPSON XP-322 323 325 Series Update {EFBE3288-4865-4B7E-B61F-BA87A62CC60C}.job [MD5.6803554D6CAF04ED01573F6035B3AC49] - [26/02/2018 14:50:06] - |A| - [933] - C:\WINDOWS\Tasks\EPSON XP-322 323 325 Series Update {F4E5FED7-3068-4DFC-B1AD-C6A925AED1B6}.job [MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [02/02/2018 17:22:10] - |AH| - [6] - C:\WINDOWS\Tasks\SA.DAT [MD5.8B1AE9EA427AC70E22C6AFEFB0F87173] - [02/02/2018 17:22:09] - |A| - [3542] - C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task : C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [MD5.0D7882768950BACCE18EC0A6BA8362B8] - [05/06/2018 22:03:07] - |A| - [4744] - C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier : C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_113_Plugin.exe [MD5.26831D7AEC67E073A8FEA57BDB31F88A] - [02/02/2018 17:22:09] - |A| - [4560] - C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater : C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [MD5.00000000000000000000000000000000] - [02/02/2018 17:22:09] - |D| - [2168] - C:\WINDOWS\System32\Tasks\ASUS [MD5.E1A3598C7456B45A30498AF62F77C98A] - [02/02/2018 17:22:09] - |A| - [11774] - C:\WINDOWS\System32\Tasks\ASUS Demo App UpLoad : C:\Program Files (x86)\ASUS\ASUS Screen Saver\Utility\WakeUp.exe [MD5.887A62B3749C469C0B97C9D4B4FFBD65] - [01/03/2018 13:04:05] - |A| - [3550] - C:\WINDOWS\System32\Tasks\ASUS Live Update1 : C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [MD5.C503AF9C50D00F5D8845F5558B501F3B] - [02/02/2018 17:22:09] - |A| - [3540] - C:\WINDOWS\System32\Tasks\ASUS Live Update2 : C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [MD5.88BF4D72E48A5C7C3260EB6A5C56AEBB] - [02/02/2018 17:22:09] - |A| - [2862] - C:\WINDOWS\System32\Tasks\ASUS Smart Gesture Launcher : C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [MD5.BE925D7558133DE5E44652C7D60A596F] - [02/02/2018 17:22:09] - |A| - [2250] - C:\WINDOWS\System32\Tasks\ASUS Splendid ACMON : C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [MD5.7A3310C2136C98AE3194E31A87F217CF] - [02/02/2018 17:22:09] - |A| - [2188] - C:\WINDOWS\System32\Tasks\ASUS USB Charger Plus : "C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe" [MD5.28518B962353F3A54A8A98E693FEDD33] - [02/02/2018 17:22:09] - |A| - [2950] - C:\WINDOWS\System32\Tasks\ATK Package 36D18D69AFC3 : "C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe" [MD5.CB2BDCAEDAB5069731ED0BFA3A2E999F] - [08/06/2018 21:42:19] - |A| - [4264] - C:\WINDOWS\System32\Tasks\Avast Emergency Update : C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [MD5.00000000000000000000000000000000] - [08/06/2018 21:43:13] - |D| - [3988] - C:\WINDOWS\System32\Tasks\Avast Software [MD5.00000000000000000000000000000000] - [02/02/2018 17:22:09] - |D| - [3914] - C:\WINDOWS\System32\Tasks\AVG [MD5.7AC0EAB9B560920A2FDB31265D976AEF] - [02/02/2018 17:22:09] - |A| - [4210] - C:\WINDOWS\System32\Tasks\CCleaner Update : C:\Program Files\CCleaner\CCUpdate.exe [MD5.532E962FBA79EEA15B33794F172E912E] - [02/02/2018 17:22:09] - |A| - [2218] - C:\WINDOWS\System32\Tasks\CCleanerSkipUAC : "C:\Program Files\CCleaner\CCleaner.exe" [MD5.D41D8CD98F00B204E9800998ECF8427E] - [02/02/2018 17:22:09] - |A| - [0] - C:\WINDOWS\System32\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82} : "C:\Program Files\CCleaner\CCleaner.exe" [MD5.00000000000000000000000000000000] - [02/02/2018 17:22:09] - |D| - [14906] - C:\WINDOWS\System32\Tasks\COMODO [MD5.057DEC12D4A148D2357FECECC5C20A85] - [02/02/2018 17:22:09] - |A| - [4030] - C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore : C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [MD5.042E835D80A9598DD87F2D12D81CC7D6] - [02/02/2018 17:22:09] - |A| - [4262] - C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA : C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [MD5.6C9B0458B3F38DEF1990BE7E4E95492A] - [02/02/2018 17:22:09] - |A| - [3488] - C:\WINDOWS\System32\Tasks\EPSON XP-322 323 325 Series Update {061937A4-1252-4CDA-8340-9609D625E714} : C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSNEE.EXE [MD5.5502A67D53D0926A16D3BFE5A00EAF9A] - [02/02/2018 17:22:09] - |A| - [3560] - C:\WINDOWS\System32\Tasks\EPSON XP-322 323 325 Series Update {135922D8-FC24-49D1-8227-EE5218486486} : C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSNEE.EXE [MD5.55E9E32AD0F3497FB6EB4C12DB4E41D7] - [02/02/2018 17:22:09] - |A| - [3560] - C:\WINDOWS\System32\Tasks\EPSON XP-322 323 325 Series Update {1F263A31-0F4A-4230-8A96-7FB8D512D008} : C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSNEE.EXE [MD5.1430F92087A9603529B0FE795325354A] - [02/02/2018 17:22:09] - |A| - [3488] - C:\WINDOWS\System32\Tasks\EPSON XP-322 323 325 Series Update {9198C81E-C3D3-413C-9DE5-415F0E38C17E} : C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSNEE.EXE [MD5.B20740B23F0ACD2F24F27FEC343B0F63] - [02/02/2018 17:22:09] - |A| - [3560] - C:\WINDOWS\System32\Tasks\EPSON XP-322 323 325 Series Update {C2E4AE32-EA0D-4B06-A992-B7BCEDB65498} : C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSNEE.EXE [MD5.19EAD2555E2ED3D3F70F1C468705F0B6] - [05/04/2018 15:59:51] - |A| - [3560] - C:\WINDOWS\System32\Tasks\EPSON XP-322 323 325 Series Update {D30F6463-3F8E-46D1-807F-17E07B9FA58D} : C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSNEE.EXE [MD5.647A3C8EABFEC844E9C36B0F18B5E8F8] - [02/02/2018 17:22:09] - |A| - [3560] - C:\WINDOWS\System32\Tasks\EPSON XP-322 323 325 Series Update {EFBE3288-4865-4B7E-B61F-BA87A62CC60C} : C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSNEE.EXE [MD5.47C719DF089F0D4F3D74A0C700BF19A5] - [26/02/2018 14:50:06] - |A| - [3560] - C:\WINDOWS\System32\Tasks\EPSON XP-322 323 325 Series Update {F4E5FED7-3068-4DFC-B1AD-C6A925AED1B6} : C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSNEE.EXE [MD5.756700714D6C5F16A3DC34A47AE51BE3] - [02/02/2018 17:22:09] - |A| - [3380] - C:\WINDOWS\System32\Tasks\GlaryInitialize 5 : C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [MD5.EB657E3529E971D677F30478363AB534] - [02/02/2018 17:22:09] - |A| - [3464] - C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [MD5.B5E9B4E4E9F885B32440A922EEB95FC6] - [02/02/2018 17:22:09] - |A| - [3588] - C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [MD5.8D28129E98B814EA84AD90859F92708F] - [02/02/2018 17:22:09] - |A| - [3026] - C:\WINDOWS\System32\Tasks\GU5SkipUAC : C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [MD5.DD4E04ACAEB91AF5D873F8BF365EA482] - [02/02/2018 17:22:09] - |A| - [2636] - C:\WINDOWS\System32\Tasks\IntelBootstrapCCDashExe : C:\Program Files\Intel\ConnectCenter\bin\ICCLauncher.exe [MD5.00000000000000000000000000000000] - [02/02/2018 17:22:09] - |D| - [0] - C:\WINDOWS\System32\Tasks\McAfee [MD5.00000000000000000000000000000000] - [29/09/2017 15:46:34] - |D| - [595992] - C:\WINDOWS\System32\Tasks\Microsoft [MD5.3FCF5E0D7D1D01D2FDE412AC20D2ED17] - [31/03/2018 14:40:53] - |A| - [4106] - C:\WINDOWS\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [MD5.6CD7EB293D39C441C46FCC221D20B567] - [02/02/2018 17:22:09] - |A| - [4308] - C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [MD5.F55B2F72E563AB4B2C6F011BD0C0A3BC] - [25/05/2018 12:27:53] - |A| - [3976] - C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : "C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe" [MD5.9200A7AEAD4C78C61F5CA9964667C70D] - [25/05/2018 12:27:54] - |A| - [3940] - C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [MD5.CA47777D9CBF2B9E215DD6646FA2F95A] - [02/02/2018 17:22:09] - |A| - [3894] - C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [MD5.4C1943F7A098FE04B84E9B3BDC3715BF] - [02/02/2018 17:22:09] - |A| - [3654] - C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [MD5.2D62DE7DD46269BF68D84A2724403FB5] - [02/02/2018 17:22:09] - |A| - [3858] - C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [MD5.A185C1D3FCA5B6BD64BED82288B7B83F] - [25/05/2018 12:27:35] - |A| - [3926] - C:\WINDOWS\System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [MD5.2F9DF56C866F30C3EBA861256C76F122] - [25/05/2018 12:27:35] - |A| - [3926] - C:\WINDOWS\System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [MD5.568A72EF3081C4256F2EAF4CA31F43CA] - [25/05/2018 12:27:35] - |A| - [3926] - C:\WINDOWS\System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [MD5.5EBD8A991E77F3573B0E7F4757639921] - [02/02/2018 17:22:09] - |A| - [3866] - C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [MD5.5F6267E03B130B425CA90C65FB70E705] - [02/02/2018 17:22:09] - |A| - [3360] - C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3887153473-814642932-2301374465-1001 : %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe [MD5.3B9CDF09FD3BB7245B7407139A7375AC] - [02/02/2018 17:22:09] - |A| - [2938] - C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3887153473-814642932-2301374465-1001 : %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe [MD5.708EC6FF53ABF9EA59E74DFAC3F3E560] - [02/02/2018 17:22:09] - |A| - [2876] - C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3887153473-814642932-2301374465-500 : %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe [MD5.266F1CFB80AD80D459FD3EBBF8204452] - [17/03/2018 22:51:19] - |A| - [3260] - C:\WINDOWS\System32\Tasks\RtHDVBg_ListenToDevice : "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" [MD5.EC2DAFC8707F821CC226463831303B9D] - [02/02/2018 17:22:09] - |A| - [3194] - C:\WINDOWS\System32\Tasks\RTKCPL : "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [MD5.00000000000000000000000000000000] - [02/02/2018 17:22:09] - |D| - [0] - C:\WINDOWS\System32\Tasks\Safer-Networking [MD5.72A2572151B2F97C0895DCA366842D79] - [02/02/2018 17:22:09] - |A| - [2968] - C:\WINDOWS\System32\Tasks\Update Checker : C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [MD5.00000000000000000000000000000000] - [02/02/2018 17:22:09] - |D| - [0] - C:\WINDOWS\System32\Tasks\WPD [MD5.4744006833D2FAC95FA28DF5830A4DF4] - [02/02/2018 17:22:09] - |A| - [2238] - C:\WINDOWS\System32\Tasks\{20FD4733-B18D-4235-B972-99DC88DEFC2A} : "c:\program files (x86)\mozilla firefox\firefox.exe" [MD5.38128F9D01095BF089A987D2433B063E] - [02/02/2018 17:22:09] - |A| - [2416] - C:\WINDOWS\System32\Tasks\{5DF6365C-8447-4055-BC32-F462DE0F2647} : C:\WINDOWS\system32\pcalua.exe [MD5.D9C7E793CE56F30E422901975E9B9F67] - [02/02/2018 17:22:09] - |A| - [2210] - C:\WINDOWS\System32\Tasks\{724A91FF-A101-41C5-BB8E-3CC94A6ABEBA} : "c:\windows\system32\launchwinapp.exe" [MD5.42D5767E1D264F4964A35243B8ECFE22] - [02/02/2018 17:22:09] - |A| - [2238] - C:\WINDOWS\System32\Tasks\{7416E589-E125-47C7-8459-9D34AA9C68D6} : "c:\program files (x86)\mozilla firefox\firefox.exe" [MD5.81D6E272ED6C56067115AA2BFCA5DC6C] - [02/02/2018 17:22:09] - |A| - [2210] - C:\WINDOWS\System32\Tasks\{7863FA96-E0D9-42B6-BF76-3DFCAAB1B812} : "c:\windows\system32\launchwinapp.exe" [MD5.5A9239C8A9E0781A16FE62ADF8D43579] - [02/02/2018 17:22:09] - |A| - [2238] - C:\WINDOWS\System32\Tasks\{90822001-0998-4638-BE93-EFA872012EB8} : "c:\program files (x86)\mozilla firefox\firefox.exe" [MD5.D7DB549E7A8940F2A9546C33A069FEE7] - [02/02/2018 17:22:09] - |A| - [2238] - C:\WINDOWS\System32\Tasks\{B0187C5E-0F09-4AD3-A249-5E436F578E22} : "c:\program files (x86)\mozilla firefox\firefox.exe" [MD5.A32C13C5A2E6DF9A642AF527014E4258] - [02/02/2018 17:22:09] - |A| - [2244] - C:\WINDOWS\System32\Tasks\{C6622151-1DA9-41C2-8A96-7386E3058EE8} : C:\WINDOWS\system32\pcalua.exe [MD5.D22F19B7FBB3A30F2F529AE25D938D2D] - [02/02/2018 17:22:09] - |A| - [2238] - C:\WINDOWS\System32\Tasks\{C8DA254C-F9FD-4FF1-91EB-5C01C6F7CFA8} : "c:\program files (x86)\mozilla firefox\firefox.exe" [MD5.33E3213C126115488AAA00160A53AFA4] - [02/02/2018 17:22:09] - |A| - [2224] - C:\WINDOWS\System32\Tasks\{CE1A2A4B-5E86-4AAD-BE17-36C267483EC8} : C:\WINDOWS\system32\pcalua.exe [MD5.0392B0E9CAF580473C43AADFB500DBD7] - [02/02/2018 17:22:09] - |A| - [2238] - C:\WINDOWS\System32\Tasks\{FD7E497D-6E85-412E-89E3-A30AA4A6036C} : "c:\program files (x86)\mozilla firefox\firefox.exe" [MD5.00000000000000000000000000000000] - [29/09/2017 15:46:34] - |D| - [0] - C:\WINDOWS\Syswow64\Tasks\Microsoft ---------- | Firewall [HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules] "WiFiDirect-KM-Driver-In-TCP"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=System|Name=@wlansvc.dll,-37378|Desc=@wlansvc.dll,-37890|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "WiFiDirect-KM-Driver-Out-TCP"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=System|Name=@wlansvc.dll,-37379|Desc=@wlansvc.dll,-37891|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "WiFiDirect-KM-Driver-In-UDP"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=System|Name=@wlansvc.dll,-37380|Desc=@wlansvc.dll,-37892|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "WiFiDirect-KM-Driver-Out-UDP"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=System|Name=@wlansvc.dll,-37381|Desc=@wlansvc.dll,-37893|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "DeliveryOptimization-TCP-In"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-102|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE| "DeliveryOptimization-UDP-In"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-103|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE| "Netlogon-NamedPipe-In"=v2.27|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|Name=@netlogon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010| "Netlogon-TCP-RPC-In"=v2.27|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%SystemRoot%\System32\lsass.exe|Name=@netlogon.dll,-1008|Desc=@netlogon.dll,-1009|EmbedCtxt=@netlogon.dll,-1010| "WirelessDisplay-In-TCP"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10200|Desc=@wifidisplay.dll,-10201|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Out-TCP"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10202|Desc=@wifidisplay.dll,-10203|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Out-UDP"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10204|Desc=@wifidisplay.dll,-10205|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Infra-In-TCP"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7250|App=%systemroot%\system32\CastSrv.exe|Name=@wifidisplay.dll,-10206|Desc=@wifidisplay.dll,-10207|EmbedCtxt=@wifidisplay.dll,-100| "{F0C1F0BE-CC84-4D5E-B272-BB89B6B63962}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Name=Dropbox mobile|Desc=Dropbox mobile|LUOwn=S-1-5-21-3887153473-814642932-2301374465-1001|AppPkgId=S-1-15-2-3329495488-3766287967-3311680903-3840278674-3880346992-1675827823-914238617|EmbedCtxt=Dropbox mobile|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{2B9E9A54-81C6-4A49-AD1F-F7EC4995849E}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Name=Dropbox mobile|Desc=Dropbox mobile|LUOwn=S-1-5-21-3887153473-814642932-2301374465-1001|AppPkgId=S-1-15-2-3329495488-3766287967-3311680903-3840278674-3880346992-1675827823-914238617|EmbedCtxt=Dropbox mobile|Platform=2:6:2|Platform2=GTEQ| "{993A44EE-9CEE-4E6C-A429-59BDE1081F28}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Name=Sway|Desc=Sway|LUOwn=S-1-5-21-3887153473-814642932-2301374465-1001|AppPkgId=S-1-15-2-584073948-3292409011-2882754242-2237763630-1999038865-1049037702-4080706152|EmbedCtxt=Sway|Platform=2:6:2|Platform2=GTEQ| "UDP Query User{12B8C3FA-2D06-4426-A939-23E40CC16C2C}E:\yooka-laylee\yookalaylee64.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=E:\yooka-laylee\yookalaylee64.exe|Name=yookalaylee64|Desc=yookalaylee64|Defer=User| "TCP Query User{3E2956C2-E550-45D1-861E-DAC323C9E2FC}E:\yooka-laylee\yookalaylee64.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=E:\yooka-laylee\yookalaylee64.exe|Name=yookalaylee64|Desc=yookalaylee64|Defer=User| "{A2F5752B-B590-4AC6-A543-72B815E0C709}"=v2.26|Action=Allow|Active=TRUE|Dir=In|IF={D08D0BAB-E5A7-4B74-9197-E031D6B2F37F}|App=%systemroot%\system32\alg.exe|Name=@ipnathlp.dll,-140|Desc=@ipnathlp.dll,-140|EmbedCtxt=@ipnathlp.dll,-140| "{C5B8DCBD-81D0-4C20-9BB1-66F0AD774157}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|IF={D08D0BAB-E5A7-4B74-9197-E031D6B2F37F}|App=%systemroot%\system32\svchost.exe|Svc=upnphost|Name=@ipnathlp.dll,-149|Desc=@ipnathlp.dll,-10148|EmbedCtxt=@ipnathlp.dll,-140| "{762E87B4-3A1E-423A-934E-1F112413696C}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=133:0|IF={D08D0BAB-E5A7-4B74-9197-E031D6B2F37F}|Name=@ipnathlp.dll,-148|Desc=@ipnathlp.dll,-10147|EmbedCtxt=@ipnathlp.dll,-140| "{4DE6D7AB-6FC8-464D-8CD3-0023B24EDBD7}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=547|IF={D08D0BAB-E5A7-4B74-9197-E031D6B2F37F}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-142|Desc=@ipnathlp.dll,-10141|EmbedCtxt=@ipnathlp.dll,-140| "{55942783-8378-42AD-B22B-8DBEF78BE7EC}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort=2869|IF={D08D0BAB-E5A7-4B74-9197-E031D6B2F37F}|App=System|Name=@ipnathlp.dll,-152|Desc=@ipnathlp.dll,-10151|EmbedCtxt=@ipnathlp.dll,-140| "{FA9C03F5-45F5-49E2-A7BF-1CF3061679B4}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=2869|IF={D08D0BAB-E5A7-4B74-9197-E031D6B2F37F}|App=System|Name=@ipnathlp.dll,-146|Desc=@ipnathlp.dll,-10145|EmbedCtxt=@ipnathlp.dll,-140| "{B5760025-A078-456F-B8D4-944D2F1C43FC}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=1900|IF={D08D0BAB-E5A7-4B74-9197-E031D6B2F37F}|App=%systemroot%\system32\svchost.exe|Svc=ssdpsrv|Name=@ipnathlp.dll,-150|Desc=@ipnathlp.dll,-10150|EmbedCtxt=@ipnathlp.dll,-140| "{CA18BE07-D220-4A79-9431-F50E335276E2}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=1900|IF={D08D0BAB-E5A7-4B74-9197-E031D6B2F37F}|App=%systemroot%\system32\svchost.exe|Svc=ssdpsrv|Name=@ipnathlp.dll,-147|Desc=@ipnathlp.dll,-10146|EmbedCtxt=@ipnathlp.dll,-140| "{2FA765C0-FF74-4E6A-A1E1-217A5E33E63D}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=53|IF={D08D0BAB-E5A7-4B74-9197-E031D6B2F37F}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-143|Desc=@ipnathlp.dll,-10142|EmbedCtxt=@ipnathlp.dll,-140| "{DD4867B9-87C3-4FE1-B89D-46327CDE8BCF}"=v2.26|Action=Allow|Active=TRUE|Dir=In|IF={D08D0BAB-E5A7-4B74-9197-E031D6B2F37F}|App=%systemroot%\system32\alg.exe|Name=@ipnathlp.dll,-140|Desc=@ipnathlp.dll,-140|EmbedCtxt=@ipnathlp.dll,-140| "{1BBEFCF8-E217-4924-A795-2FEAF4825A20}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|IF={D08D0BAB-E5A7-4B74-9197-E031D6B2F37F}|App=%systemroot%\system32\svchost.exe|Svc=upnphost|Name=@ipnathlp.dll,-149|Desc=@ipnathlp.dll,-10148|EmbedCtxt=@ipnathlp.dll,-140| "{F9805576-66C5-488A-9357-22CDF1878B54}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=133:0|IF={D08D0BAB-E5A7-4B74-9197-E031D6B2F37F}|Name=@ipnathlp.dll,-148|Desc=@ipnathlp.dll,-10147|EmbedCtxt=@ipnathlp.dll,-140| "{EEEA824A-0CCF-4D3D-8739-9DC40D184314}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=547|IF={D08D0BAB-E5A7-4B74-9197-E031D6B2F37F}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-142|Desc=@ipnathlp.dll,-10141|EmbedCtxt=@ipnathlp.dll,-140| "{4B04F835-DBEA-403D-A227-1AC77672CEAC}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort=2869|IF={D08D0BAB-E5A7-4B74-9197-E031D6B2F37F}|App=System|Name=@ipnathlp.dll,-152|Desc=@ipnathlp.dll,-10151|EmbedCtxt=@ipnathlp.dll,-140| "{9F47B3D6-A0FD-4B10-8BAC-647BBE19493E}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=2869|IF={D08D0BAB-E5A7-4B74-9197-E031D6B2F37F}|App=System|Name=@ipnathlp.dll,-146|Desc=@ipnathlp.dll,-10145|EmbedCtxt=@ipnathlp.dll,-140| "{68E30052-2EA0-43E9-B47D-E51CFC4E875C}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=1900|IF={D08D0BAB-E5A7-4B74-9197-E031D6B2F37F}|App=%systemroot%\system32\svchost.exe|Svc=ssdpsrv|Name=@ipnathlp.dll,-150|Desc=@ipnathlp.dll,-10150|EmbedCtxt=@ipnathlp.dll,-140| "{1E8CC615-41DE-446A-8027-F8F527BC1A76}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=1900|IF={D08D0BAB-E5A7-4B74-9197-E031D6B2F37F}|App=%systemroot%\system32\svchost.exe|Svc=ssdpsrv|Name=@ipnathlp.dll,-147|Desc=@ipnathlp.dll,-10146|EmbedCtxt=@ipnathlp.dll,-140| "{C291118B-1860-4747-BA3E-49D5A539DBA5}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=53|IF={D08D0BAB-E5A7-4B74-9197-E031D6B2F37F}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-143|Desc=@ipnathlp.dll,-10142|EmbedCtxt=@ipnathlp.dll,-140| "{748F8D49-EBD7-436B-83D5-026307C7D96D}"=v2.26|Action=Allow|Active=TRUE|Dir=In|IF={D08D0BAB-E5A7-4B74-9197-E031D6B2F37F}|App=%systemroot%\system32\alg.exe|Name=@ipnathlp.dll,-140|Desc=@ipnathlp.dll,-140|EmbedCtxt=@ipnathlp.dll,-140| "{F7435C80-F7FE-418F-8ECA-098B619FB57F}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|IF={D08D0BAB-E5A7-4B74-9197-E031D6B2F37F}|App=%systemroot%\system32\svchost.exe|Svc=upnphost|Name=@ipnathlp.dll,-149|Desc=@ipnathlp.dll,-10148|EmbedCtxt=@ipnathlp.dll,-140| "{8554E521-4918-4870-BB12-7BDA3527D2D6}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=133:0|IF={D08D0BAB-E5A7-4B74-9197-E031D6B2F37F}|Name=@ipnathlp.dll,-148|Desc=@ipnathlp.dll,-10147|EmbedCtxt=@ipnathlp.dll,-140| "{7456487A-A10D-4CAC-847E-1325F7C52534}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=547|IF={D08D0BAB-E5A7-4B74-9197-E031D6B2F37F}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-142|Desc=@ipnathlp.dll,-10141|EmbedCtxt=@ipnathlp.dll,-140| "{E24A261C-D303-4B78-911D-7185EFD921BD}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort=2869|IF={D08D0BAB-E5A7-4B74-9197-E031D6B2F37F}|App=System|Name=@ipnathlp.dll,-152|Desc=@ipnathlp.dll,-10151|EmbedCtxt=@ipnathlp.dll,-140| "{E7ADBA73-35FC-42B3-8F3D-7E16F653A9B2}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=2869|IF={D08D0BAB-E5A7-4B74-9197-E031D6B2F37F}|App=System|Name=@ipnathlp.dll,-146|Desc=@ipnathlp.dll,-10145|EmbedCtxt=@ipnathlp.dll,-140| "{0B490BFF-682A-4565-A987-A30E21F35166}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=1900|IF={D08D0BAB-E5A7-4B74-9197-E031D6B2F37F}|App=%systemroot%\system32\svchost.exe|Svc=ssdpsrv|Name=@ipnathlp.dll,-150|Desc=@ipnathlp.dll,-10150|EmbedCtxt=@ipnathlp.dll,-140| "{33D3F0B3-6176-4C3F-9B24-5B2591049C11}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=1900|IF={D08D0BAB-E5A7-4B74-9197-E031D6B2F37F}|App=%systemroot%\system32\svchost.exe|Svc=ssdpsrv|Name=@ipnathlp.dll,-147|Desc=@ipnathlp.dll,-10146|EmbedCtxt=@ipnathlp.dll,-140| "{4988F6BC-D19F-44EA-A940-78D8DA4D4CF9}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=53|IF={D08D0BAB-E5A7-4B74-9197-E031D6B2F37F}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-143|Desc=@ipnathlp.dll,-10142|EmbedCtxt=@ipnathlp.dll,-140| "{4C8F0479-BF2B-4CE4-BF69-612ED77CC1D4}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=57007|App=C:\Program Files\Intel\STCServ\STCServ.exe|Name=Intel STC Service Connections| "{FE26D7C8-8178-4851-AFB3-A61CCC1C4E46}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files\Intel\STCServ\STCServ.exe|Name=Intel STC Service Discovery| "{4ABCD66D-AB76-40BB-A077-BAB4DF54C864}"=v2.26|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\ASUS\Share Link\ShareLink.exe|Name=ShareLink| "{F4CA5C3D-CC33-40AC-9524-ED90164EDBA6}"=v2.26|Action=Allow|Active=TRUE|Dir=In|RA4=LocalSubnet|RA6=LocalSubnet|App=C:\Program Files\Intel\STCServ\STCServ.exe|Name=Intel(R) STC Service|Edge=TRUE| "{B49C9DAA-F708-4A4D-83C4-72C8C587B881}"=v2.26|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\ASUS\PC Link\PCLinkService.exe|Name=PCLinkService| "{ADA70AA8-53E3-4E1E-A928-A3BDE219CC19}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Name=ASUS WebStorage|Desc=ASUS WebStorage|LUOwn=S-1-5-21-3887153473-814642932-2301374465-1001|AppPkgId=S-1-15-2-2379699041-582217313-309184701-132115402-2983263408-230732246-1589285292|EmbedCtxt=ASUS WebStorage|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{9C5567E3-7EE8-481A-AD07-87EB728F8F89}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Name=ASUS WebStorage|Desc=ASUS WebStorage|LUOwn=S-1-5-21-3887153473-814642932-2301374465-1001|AppPkgId=S-1-15-2-2379699041-582217313-309184701-132115402-2983263408-230732246-1589285292|EmbedCtxt=ASUS WebStorage|Platform=2:6:2|Platform2=GTEQ| "{97ABE08B-89D8-45E6-986E-312BB9BF436B}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Name=ASUS Welcome|Desc=ASUS Welcome|LUOwn=S-1-5-21-3887153473-814642932-2301374465-1001|AppPkgId=S-1-15-2-1791334737-3644637894-912171476-726613620-3748997741-2897954968-3492054033|EmbedCtxt=ASUS Welcome|Platform=2:6:2|Platform2=GTEQ| "UDP Query User{A67E1CC6-CC39-4616-9484-344C5B482C79}C:\program files\videolan\vlc\vlc.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files\videolan\vlc\vlc.exe|Name=VLC media player|Desc=VLC media player|Defer=User| "TCP Query User{911F0552-D902-40A5-8366-3C387D80DB0C}C:\program files\videolan\vlc\vlc.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files\videolan\vlc\vlc.exe|Name=VLC media player|Desc=VLC media player|Defer=User| "{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=SonicWALL.MobileConnect|Desc=SonicWALL.MobileConnect|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-1141404472-3582312691-3771565717-2155153689-4284170330-1053580937-782359393|EmbedCtxt=SonicWALL.MobileConnect|Platform=2:6:2|Platform2=GTEQ| "{560448D6-095C-4907-B046-AC7F710701A7}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Name=SonicWALL.MobileConnect|Desc=SonicWALL.MobileConnect|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-1141404472-3582312691-3771565717-2155153689-4284170330-1053580937-782359393|EmbedCtxt=SonicWALL.MobileConnect|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{D6980480-941A-4DF6-AB81-3734ECD3D779}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=JuniperNetworks.JunosPulseVpn|Desc=JuniperNetworks.JunosPulseVpn|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-413786399-3497379642-531169432-1175633435-3083429259-2317590812-1892764672|EmbedCtxt=JuniperNetworks.JunosPulseVpn|Platform=2:6:2|Platform2=GTEQ| "{EC799E33-72BA-42D7-9127-DEFE68F9799D}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Name=JuniperNetworks.JunosPulseVpn|Desc=JuniperNetworks.JunosPulseVpn|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-413786399-3497379642-531169432-1175633435-3083429259-2317590812-1892764672|EmbedCtxt=JuniperNetworks.JunosPulseVpn|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{F64300AD-D559-4000-BD45-0997BCC8E70A}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=f5.vpn.client|Desc=f5.vpn.client|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-3873129616-3864902477-3117653462-838095904-2337665935-1018217662-2152729480|EmbedCtxt=f5.vpn.client|Platform=2:6:2|Platform2=GTEQ| "{F77E5446-4378-4E99-8B7A-7061AAAEA193}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Name=f5.vpn.client|Desc=f5.vpn.client|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-3873129616-3864902477-3117653462-838095904-2337665935-1018217662-2152729480|EmbedCtxt=f5.vpn.client|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=CheckPoint.VPN|Desc=CheckPoint.VPN|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-3676279713-3632409675-756843784-3388909659-2454753834-4233625902-1413163418|EmbedCtxt=CheckPoint.VPN|Platform=2:6:2|Platform2=GTEQ| "{4282FE99-8560-4BC7-9576-5F3ED84E263F}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Name=CheckPoint.VPN|Desc=CheckPoint.VPN|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-3676279713-3632409675-756843784-3388909659-2454753834-4233625902-1413163418|EmbedCtxt=CheckPoint.VPN|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{7599D70E-1709-432E-B9A5-143C9C8C8B8C}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-21-3887153473-814642932-2301374465-500|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2:6:2|Platform2=GTEQ| "{E0898B12-B189-4A10-9559-141C33FDA4EC}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-21-3887153473-814642932-2301374465-500|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2:6:2|Platform2=GTEQ| "{B014F44A-3294-49AC-B375-98F2933570CF}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe|Name=Epson Connect Printer Setup| "{E4DAA94D-16B9-423A-93EB-D40B050AF000}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe|Name=Epson Connect Printer Setup| "{3F2A8257-4699-4233-B4AD-8A893C197605}"=v2.24|Action=Allow|Active=TRUE|Dir=Out|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-21-3887153473-814642932-2301374465-500|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2:6:2|Platform2=GTEQ| "{1E326BA2-29B7-49CC-AAB4-F0F781DAD97C}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=2968|App=C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe|Name=EEventManager Application|EmbedCtxt=EEventManager.exe - Push Scan Discovery|Edge=TRUE|Defer=App| "{3FCDE11D-E543-478A-A0B0-FE58BA026784}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=2968|App=C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe|Name=EEventManager Application|EmbedCtxt=EEventManager.exe - Push Scan Discovery|Edge=TRUE|Defer=App| "{F8CCCEED-8473-410A-AEC4-ECF904C1893D}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe|Name=Epson Connect Printer Setup| "{AC078800-EF65-441F-BBB2-D143D8CFE69D}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe|Name=Epson Connect Printer Setup| "{427D6BD7-C479-4826-8FDB-5B7B0CE977DF}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-18|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2:6:2|Platform2=GTEQ| "{CA37949E-B377-4675-B9A6-1EC6560C93F8}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox TCUI|Desc=Xbox TCUI|LUOwn=S-1-5-21-3887153473-814642932-2301374465-1001|AppPkgId=S-1-15-2-2603511428-3224021693-1028932517-3941269705-3349582775-2312504883-4057327947|EmbedCtxt=Xbox TCUI|Platform=2:6:2|Platform2=GTEQ| "{AFB071A3-75BE-4C06-8CA4-421CE4FA046C}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=53|IF={2792A7A1-9D3C-4C51-BFAB-FC9B41377509}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-143|Desc=@ipnathlp.dll,-10142|EmbedCtxt=@ipnathlp.dll,-140| "{7ACAEA67-8975-4CFD-8819-4D3BEFF65C62}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=1900|IF={2792A7A1-9D3C-4C51-BFAB-FC9B41377509}|App=%systemroot%\system32\svchost.exe|Svc=ssdpsrv|Name=@ipnathlp.dll,-147|Desc=@ipnathlp.dll,-10146|EmbedCtxt=@ipnathlp.dll,-140| "{B8A5EC5F-E471-47F2-B601-81A056D9E306}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|RPort=1900|IF={2792A7A1-9D3C-4C51-BFAB-FC9B41377509}|App=%systemroot%\system32\svchost.exe|Svc=ssdpsrv|Name=@ipnathlp.dll,-150|Desc=@ipnathlp.dll,-10150|EmbedCtxt=@ipnathlp.dll,-140| "{3DBA9530-0F01-4F62-8D9E-77516D4BD988}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=2869|IF={2792A7A1-9D3C-4C51-BFAB-FC9B41377509}|App=System|Name=@ipnathlp.dll,-146|Desc=@ipnathlp.dll,-10145|EmbedCtxt=@ipnathlp.dll,-140| "{3273CAB0-A134-47C9-B6B0-1660ED341A37}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RPort=2869|IF={2792A7A1-9D3C-4C51-BFAB-FC9B41377509}|App=System|Name=@ipnathlp.dll,-152|Desc=@ipnathlp.dll,-10151|EmbedCtxt=@ipnathlp.dll,-140| "{9D714B0D-627E-480E-BD43-F9C663CA08D1}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=547|IF={2792A7A1-9D3C-4C51-BFAB-FC9B41377509}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-142|Desc=@ipnathlp.dll,-10141|EmbedCtxt=@ipnathlp.dll,-140| "{80ABDCAD-F340-41BE-B374-8EDFCDD3C1BC}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|Profile=Private|Profile=Public|ICMP6=133:0|IF={2792A7A1-9D3C-4C51-BFAB-FC9B41377509}|Name=@ipnathlp.dll,-148|Desc=@ipnathlp.dll,-10147|EmbedCtxt=@ipnathlp.dll,-140| "{74F07C04-4319-4D43-BB93-A713307795E8}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|IF={2792A7A1-9D3C-4C51-BFAB-FC9B41377509}|App=%systemroot%\system32\svchost.exe|Svc=upnphost|Name=@ipnathlp.dll,-149|Desc=@ipnathlp.dll,-10148|EmbedCtxt=@ipnathlp.dll,-140| "{43998D66-FF05-4781-8952-A70CAD42A834}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|IF={2792A7A1-9D3C-4C51-BFAB-FC9B41377509}|App=%systemroot%\system32\alg.exe|Name=@ipnathlp.dll,-140|Desc=@ipnathlp.dll,-140|EmbedCtxt=@ipnathlp.dll,-140| "TCP Query User{69803E22-AA7C-4D2D-AF5D-4FC5F0803DE9}D:\games\yooka-laylee\yookalaylee64.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=D:\games\yooka-laylee\yookalaylee64.exe|Name=yookalaylee64|Desc=yookalaylee64|Defer=User| "UDP Query User{B50CE2A2-475A-486B-A6D5-1E709E9060CA}D:\games\yooka-laylee\yookalaylee64.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=D:\games\yooka-laylee\yookalaylee64.exe|Name=yookalaylee64|Desc=yookalaylee64|Defer=User| "TCP Query User{47497EEA-0856-406C-A11E-A13867A5720F}C:\users\jeremy\appdata\local\akamai\netsession_win.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\jeremy\appdata\local\akamai\netsession_win.exe|Name=netsession_win.exe|Desc=netsession_win.exe|Defer=User| "UDP Query User{A33AF49A-E4A1-403B-90F1-E20D51700126}C:\users\jeremy\appdata\local\akamai\netsession_win.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\jeremy\appdata\local\akamai\netsession_win.exe|Name=netsession_win.exe|Desc=netsession_win.exe|Defer=User| "TCP Query User{D05C3210-772C-4033-A915-D9452EC2C3BE}C:\users\jeremy\appdata\local\akamai\netsession_win.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\jeremy\appdata\local\akamai\netsession_win.exe|Name=netsession_win.exe|Desc=netsession_win.exe|Defer=User| "UDP Query User{2999483C-0CBD-4094-9450-675902ECBC5B}C:\users\jeremy\appdata\local\akamai\netsession_win.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\jeremy\appdata\local\akamai\netsession_win.exe|Name=netsession_win.exe|Desc=netsession_win.exe|Defer=User| "{8E10D13A-A002-43C0-BD3E-E624703453ED}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Print 3D|Desc=Print 3D|LUOwn=S-1-5-21-3887153473-814642932-2301374465-1001|AppPkgId=S-1-15-2-4177018473-2823706547-3652141868-2730301309-560159678-43221128-488844051|EmbedCtxt=Print 3D|Platform=2:6:2|Platform2=GTEQ| "{53A815D2-5C7A-44CA-A285-1C780699FEDB}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Print 3D|Desc=Print 3D|LUOwn=S-1-5-21-3887153473-814642932-2301374465-1001|AppPkgId=S-1-15-2-4177018473-2823706547-3652141868-2730301309-560159678-43221128-488844051|EmbedCtxt=Print 3D|Platform=2:6:2|Platform2=GTEQ| "{6C4264D0-F73F-4302-A92C-C48EEF380B9F}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Sticky Notes|Desc=Microsoft Sticky Notes|LUOwn=S-1-5-21-3887153473-814642932-2301374465-1001|AppPkgId=S-1-15-2-3539788797-2700867667-1432428195-1581642-2885308443-3834444517-2495346167|EmbedCtxt=Microsoft Sticky Notes|Platform=2:6:2|Platform2=GTEQ| "{B381C981-3154-42D4-ADAB-43F1711D25CA}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Microsoft Sticky Notes|Desc=Microsoft Sticky Notes|LUOwn=S-1-5-21-3887153473-814642932-2301374465-1001|AppPkgId=S-1-15-2-3539788797-2700867667-1432428195-1581642-2885308443-3834444517-2495346167|EmbedCtxt=Microsoft Sticky Notes|Platform=2:6:2|Platform2=GTEQ| "{91B4C413-0900-448D-A00A-B289A8BBA7D7}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Pay|Desc=Microsoft Pay|LUOwn=S-1-5-21-3887153473-814642932-2301374465-1001|AppPkgId=S-1-15-2-567501097-281763132-502764112-1855211022-3143306454-2372101908-561929011|EmbedCtxt=Microsoft Pay|Platform=2:6:2|Platform2=GTEQ| "{037BF48F-113B-4EA9-8FD4-CFFDFFB56F93}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=3D Builder|Desc=3D Builder|LUOwn=S-1-5-21-3887153473-814642932-2301374465-1001|AppPkgId=S-1-15-2-3995430443-3719053022-3339397951-2895237338-2437516106-1575886070-2755610054|EmbedCtxt=3D Builder|Platform=2:6:2|Platform2=GTEQ| "{21D7C870-B548-46A4-BB0C-AC9B731D5441}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=53|IF={2792A7A1-9D3C-4C51-BFAB-FC9B41377509}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-143|Desc=@ipnathlp.dll,-10142|EmbedCtxt=@ipnathlp.dll,-140| "{A66CC685-571C-4B0C-B34B-953970ECDE57}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=1900|IF={2792A7A1-9D3C-4C51-BFAB-FC9B41377509}|App=%systemroot%\system32\svchost.exe|Svc=ssdpsrv|Name=@ipnathlp.dll,-147|Desc=@ipnathlp.dll,-10146|EmbedCtxt=@ipnathlp.dll,-140| "{0520F4F1-4B3A-468C-9E02-DA3A97A865C6}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|RPort=1900|IF={2792A7A1-9D3C-4C51-BFAB-FC9B41377509}|App=%systemroot%\system32\svchost.exe|Svc=ssdpsrv|Name=@ipnathlp.dll,-150|Desc=@ipnathlp.dll,-10150|EmbedCtxt=@ipnathlp.dll,-140| "{728385BB-95D1-49A0-A9A2-C174B7BB6537}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=2869|IF={2792A7A1-9D3C-4C51-BFAB-FC9B41377509}|App=System|Name=@ipnathlp.dll,-146|Desc=@ipnathlp.dll,-10145|EmbedCtxt=@ipnathlp.dll,-140| "{AB23A08C-3126-4367-B1C0-6CC43C701519}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RPort=2869|IF={2792A7A1-9D3C-4C51-BFAB-FC9B41377509}|App=System|Name=@ipnathlp.dll,-152|Desc=@ipnathlp.dll,-10151|EmbedCtxt=@ipnathlp.dll,-140| "{0F38FD50-69C7-4837-9E34-A1340C4AE908}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=547|IF={2792A7A1-9D3C-4C51-BFAB-FC9B41377509}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-142|Desc=@ipnathlp.dll,-10141|EmbedCtxt=@ipnathlp.dll,-140| "{5102D9AA-7E18-49C9-AB76-4A6EFCDD991C}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|Profile=Private|Profile=Public|ICMP6=133:0|IF={2792A7A1-9D3C-4C51-BFAB-FC9B41377509}|Name=@ipnathlp.dll,-148|Desc=@ipnathlp.dll,-10147|EmbedCtxt=@ipnathlp.dll,-140| "{DBAB5677-F171-4958-89E6-A106C3F03771}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|IF={2792A7A1-9D3C-4C51-BFAB-FC9B41377509}|App=%systemroot%\system32\svchost.exe|Svc=upnphost|Name=@ipnathlp.dll,-149|Desc=@ipnathlp.dll,-10148|EmbedCtxt=@ipnathlp.dll,-140| "{7EF9A9F7-F4E0-4123-9BA3-BC13F08AEE4A}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|IF={2792A7A1-9D3C-4C51-BFAB-FC9B41377509}|App=%systemroot%\system32\alg.exe|Name=@ipnathlp.dll,-140|Desc=@ipnathlp.dll,-140|EmbedCtxt=@ipnathlp.dll,-140| "{9890B631-96D1-4778-8F83-602C0D16DB29}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=53|IF={2792A7A1-9D3C-4C51-BFAB-FC9B41377509}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-143|Desc=@ipnathlp.dll,-10142|EmbedCtxt=@ipnathlp.dll,-140| "{003ACFB3-93BE-4D0B-AA16-20697099456C}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=1900|IF={2792A7A1-9D3C-4C51-BFAB-FC9B41377509}|App=%systemroot%\system32\svchost.exe|Svc=ssdpsrv|Name=@ipnathlp.dll,-147|Desc=@ipnathlp.dll,-10146|EmbedCtxt=@ipnathlp.dll,-140| "{E2F486B0-84AC-4496-A235-BC9272939614}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|RPort=1900|IF={2792A7A1-9D3C-4C51-BFAB-FC9B41377509}|App=%systemroot%\system32\svchost.exe|Svc=ssdpsrv|Name=@ipnathlp.dll,-150|Desc=@ipnathlp.dll,-10150|EmbedCtxt=@ipnathlp.dll,-140| "{85F0A738-49C3-4C0E-AB84-A96CAA2A9BB3}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=2869|IF={2792A7A1-9D3C-4C51-BFAB-FC9B41377509}|App=System|Name=@ipnathlp.dll,-146|Desc=@ipnathlp.dll,-10145|EmbedCtxt=@ipnathlp.dll,-140| "{A37802E6-0CE6-40CF-88CE-C0AA530FCC20}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RPort=2869|IF={2792A7A1-9D3C-4C51-BFAB-FC9B41377509}|App=System|Name=@ipnathlp.dll,-152|Desc=@ipnathlp.dll,-10151|EmbedCtxt=@ipnathlp.dll,-140| "{0A47CC3E-742F-4A01-9C18-760F9CBFCE4A}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=547|IF={2792A7A1-9D3C-4C51-BFAB-FC9B41377509}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-142|Desc=@ipnathlp.dll,-10141|EmbedCtxt=@ipnathlp.dll,-140| "{E4CD12D1-A16B-4992-A249-6B30D1B2EE8E}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|Profile=Private|Profile=Public|ICMP6=133:0|IF={2792A7A1-9D3C-4C51-BFAB-FC9B41377509}|Name=@ipnathlp.dll,-148|Desc=@ipnathlp.dll,-10147|EmbedCtxt=@ipnathlp.dll,-140| "{4A542414-D436-45BA-BBDA-D3DD6414FF8E}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|IF={2792A7A1-9D3C-4C51-BFAB-FC9B41377509}|App=%systemroot%\system32\svchost.exe|Svc=upnphost|Name=@ipnathlp.dll,-149|Desc=@ipnathlp.dll,-10148|EmbedCtxt=@ipnathlp.dll,-140| "{F29B19D6-FEED-41F7-BE02-1598AFB598E6}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|IF={2792A7A1-9D3C-4C51-BFAB-FC9B41377509}|App=%systemroot%\system32\alg.exe|Name=@ipnathlp.dll,-140|Desc=@ipnathlp.dll,-140|EmbedCtxt=@ipnathlp.dll,-140| "{AC21DA6F-3124-454F-B8E9-0EA0051BFE21}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=53|IF={2792A7A1-9D3C-4C51-BFAB-FC9B41377509}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-143|Desc=@ipnathlp.dll,-10142|EmbedCtxt=@ipnathlp.dll,-140| "{52EC5584-C340-41F3-B818-A7942E321600}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=1900|IF={2792A7A1-9D3C-4C51-BFAB-FC9B41377509}|App=%systemroot%\system32\svchost.exe|Svc=ssdpsrv|Name=@ipnathlp.dll,-147|Desc=@ipnathlp.dll,-10146|EmbedCtxt=@ipnathlp.dll,-140| "{DC497B38-7B30-4226-8F1B-E65E475B865F}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|RPort=1900|IF={2792A7A1-9D3C-4C51-BFAB-FC9B41377509}|App=%systemroot%\system32\svchost.exe|Svc=ssdpsrv|Name=@ipnathlp.dll,-150|Desc=@ipnathlp.dll,-10150|EmbedCtxt=@ipnathlp.dll,-140| "{99696336-2736-47D3-A91A-BDA57FC68A9E}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=2869|IF={2792A7A1-9D3C-4C51-BFAB-FC9B41377509}|App=System|Name=@ipnathlp.dll,-146|Desc=@ipnathlp.dll,-10145|EmbedCtxt=@ipnathlp.dll,-140| "{241EDF85-0146-433C-B115-E585AF7D0491}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RPort=2869|IF={2792A7A1-9D3C-4C51-BFAB-FC9B41377509}|App=System|Name=@ipnathlp.dll,-152|Desc=@ipnathlp.dll,-10151|EmbedCtxt=@ipnathlp.dll,-140| "{73667479-981B-4FC3-B84F-1AD0FD2DC78B}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=547|IF={2792A7A1-9D3C-4C51-BFAB-FC9B41377509}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-142|Desc=@ipnathlp.dll,-10141|EmbedCtxt=@ipnathlp.dll,-140| "{43BAD822-3920-49CB-8BD7-9C1C20B41F77}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|Profile=Private|Profile=Public|ICMP6=133:0|IF={2792A7A1-9D3C-4C51-BFAB-FC9B41377509}|Name=@ipnathlp.dll,-148|Desc=@ipnathlp.dll,-10147|EmbedCtxt=@ipnathlp.dll,-140| "{BE8204BB-3883-4675-998C-A6249748FCAE}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|IF={2792A7A1-9D3C-4C51-BFAB-FC9B41377509}|App=%systemroot%\system32\svchost.exe|Svc=upnphost|Name=@ipnathlp.dll,-149|Desc=@ipnathlp.dll,-10148|EmbedCtxt=@ipnathlp.dll,-140| "{9835B215-B4B0-48A9-AD19-7497FA5D1534}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|IF={2792A7A1-9D3C-4C51-BFAB-FC9B41377509}|App=%systemroot%\system32\alg.exe|Name=@ipnathlp.dll,-140|Desc=@ipnathlp.dll,-140|EmbedCtxt=@ipnathlp.dll,-140| "{D4DDF42F-91E7-48CE-A950-6D11008193BE}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox|Desc=Xbox|LUOwn=S-1-5-21-3887153473-814642932-2301374465-1001|AppPkgId=S-1-15-2-4153522205-3718366397-1353898457-1332184198-1210887116-3116787857-2103916698|EmbedCtxt=Xbox|Platform=2:6:2|Platform2=GTEQ| "{0D013D1A-68F0-4690-B71A-7876EF0D26EF}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox|Desc=Xbox|LUOwn=S-1-5-21-3887153473-814642932-2301374465-1001|AppPkgId=S-1-15-2-4153522205-3718366397-1353898457-1332184198-1210887116-3116787857-2103916698|EmbedCtxt=Xbox|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{A5ED4437-7728-48E3-B0C5-510B11FF8D69}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\CCleaner\CCUpdate.exe|Name=CCleaner Update| "{634511E8-C692-471F-A751-DFB8DC479EC5}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\CCleaner\CCUpdate.exe|Name=CCleaner Update| "{CFC0DA2D-026F-4D78-887D-7090619DDC81}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Flipboard|Desc=Flipboard|LUOwn=S-1-5-21-3887153473-814642932-2301374465-1001|AppPkgId=S-1-15-2-864994224-3030340628-3329202063-153121207-2255414721-17657611-2370319705|EmbedCtxt=Flipboard|Platform=2:6:2|Platform2=GTEQ| "{54F80FB6-B6D0-47D3-A025-3602082E6E25}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-3887153473-814642932-2301374465-1001|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ| "{E56480E2-EA07-4360-A55E-4EF3D55A7D56}"=v2.27|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Dropbox\Client\Dropbox.exe|Name=Dropbox| "{BC0BEDBA-49AC-44D6-815C-B07E29B006E4}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Fresh Paint|Desc=Fresh Paint|LUOwn=S-1-5-21-3887153473-814642932-2301374465-1001|AppPkgId=S-1-15-2-753205055-3642759886-2300710532-466079404-1496176425-3605778055-1481226570|EmbedCtxt=Fresh Paint|Platform=2:6:2|Platform2=GTEQ| "{C86131CD-EC3F-4396-97A8-EED00DCABDEF}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox Game bar|Desc=Xbox Game bar|LUOwn=S-1-5-21-3887153473-814642932-2301374465-1001|AppPkgId=S-1-15-2-1823635404-1364722122-2170562666-1762391777-2399050872-3465541734-3732476201|EmbedCtxt=Xbox Game bar|Platform=2:6:2|Platform2=GTEQ| "{7CA8D111-F8E0-464D-A7E3-E5E509EB36C7}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files (x86)\Google\Chrome\Application\chrome.exe|Name=Google Chrome (mDNS-In)|Desc=Règle de trafic entrant pour Google Chrome autorisant le trafic mDNS|EmbedCtxt=Google Chrome| "{C6F51A34-259A-4419-9C18-35F876C0F72C}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-21-3887153473-814642932-2301374465-1001|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2:6:2|Platform2=GTEQ| "{B06D0D86-9766-4453-A111-0217F4B8FBD8}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Shell Input Application|Desc=Shell Input Application|LUOwn=S-1-5-21-3887153473-814642932-2301374465-1001|AppPkgId=S-1-15-2-3945102849-3632965805-3846928828-240845225-3300287824-62672950-817265009|EmbedCtxt=Shell Input Application|Platform=2:6:2|Platform2=GTEQ| "{E667B969-8020-4D9E-B53F-440A6C3C1C0A}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-3887153473-814642932-2301374465-1001|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ| "{2B896011-F69F-4435-B95E-4EA0193D8067}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-3887153473-814642932-2301374465-1001|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ| ---------- | Control\Class [HKLM\SYSTEM\CurrentControlSet\Control\Class\{05f5cfe2-4733-4950-a6bb-07aad01a3a84}] : (XboxComposite) [] -> @dc1-controller.inf,%ClassName%;Xbox Peripherals [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1264760F-A5C8-4BFE-B314-D56A7B44A362}] : (DXGKrnl) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{13e42dfa-85d9-424d-8646-28a70f864f9c}] : (RemotePosDevice) [] -> @remoteposdrv.inf,%ClassName%;POS Remote Device [HKLM\SYSTEM\CurrentControlSet\Control\Class\{14b62f50-3f15-11dd-ae16-0800200c9a66}] : (DigitalMediaDevices) [] -> @digitalmediadevice.inf,%ClassName%;Digital Media Devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1E1EDBFB-642E-48AF-A602-8EE25DB9D1FC}] : (PSINFile) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}] : (PrintQueue) [] -> @printqueue.inf,%ClassName%;Print queues [HKLM\SYSTEM\CurrentControlSet\Control\Class\{25dbce51-6c8f-4a72-8a6d-b54c2b4fc835}] : (WCEUSBS) [] -> @%SystemRoot%\System32\SysClass.Dll,-3026 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{268c95a1-edfe-11d3-95c3-0010dc4050a5}] : (SecurityAccelerator) [] -> @c_sslaccel.inf,%ClassName%;Security accelerators [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2a9fe532-0cdc-44f9-9827-76192f2ca2fb}] : (HidMsr) [] -> @c_magneticstripereader.inf,%ClassName%;POS HID Magnetic Stripe Reader [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2db15374-706e-4131-a0c7-d7c78eb0289a}] : (SystemRecovery) [] -> @c_fssystemrecovery.inf,%ClassDesc%;FS System recovery filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2EA9B43F-3045-43B5-80F2-FD06C55FBB90}] : (vhdmp) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B648}] : (fvevol) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B649}] : (fvevol) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{36fc9e60-c465-11cf-8056-444553540000}] : (USB) [] -> @%SystemRoot%\System32\SysClass.Dll,-3025 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3e3f0674-c83c-4558-bb26-9820e1eba5c5}] : (ContentScreener) [] -> @c_fscontentscreener.inf,%ClassDesc%;FS Content screener filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3f966bd9-fa04-4ec5-991c-d326973b5128}] : (AndroidUsbDeviceClass) [] -> @oem5.inf,%ClassName%;ASUS Android Device [HKLM\SYSTEM\CurrentControlSet\Control\Class\{43675d81-502a-4a82-9f84-b75f418c5dea}] : (Media Center Extender) [] -> @c_mcx.inf,%ClassDesc%;Media Center Extenders [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4658ee7e-f050-11d1-b6bd-00c04fa372a7}] : (PnpPrinters) [] -> @%SystemRoot%\system32\ntprint.dll,-1300 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{48721b56-6795-11d2-b1a8-0080c72e74a2}] : (Dot4) [] -> @%SystemRoot%\system32\sysclass.dll,-3023 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{48d3ebc4-4cf8-48ff-b869-9c68ad42eb9f}] : (Replication) [] -> @c_fsreplication.inf,%ClassDesc%;FS Replication filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{49ce6ac8-6f86-11d2-b1e5-0080c72e74a2}] : (Dot4Print) [] -> @%SystemRoot%\system32\sysclass.dll,-3024 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e965-e325-11ce-bfc1-08002be10318}] : (CDROM) [] -> @%SystemRoot%\System32\StorProp.dll,-17001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e966-e325-11ce-bfc1-08002be10318}] : (Computer) [] -> @%SystemRoot%\System32\SysClass.dll,-3000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}] : (DiskDrive) [] -> @c_diskdrive.inf,%ClassDesc%;Disk drives [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}] : (Display) [] -> @c_display.inf,%ClassDesc%;Display adapters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e969-e325-11ce-bfc1-08002be10318}] : (FDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3013 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96a-e325-11ce-bfc1-08002be10318}] : (HDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96b-e325-11ce-bfc1-08002be10318}] : (Keyboard) [] -> @%SystemRoot%\System32\SysClass.Dll,-3002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96c-e325-11ce-bfc1-08002be10318}] : (MEDIA) [] -> @%SystemRoot%\System32\mmci.dll,-3000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}] : (Modem) [] -> @%SystemRoot%\System32\mdminst.dll,-14100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96e-e325-11ce-bfc1-08002be10318}] : (Monitor) [] -> @c_monitor.inf,%ClassDesc%;Monitors [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96f-e325-11ce-bfc1-08002be10318}] : (Mouse) [] -> @%SystemRoot%\System32\SysClass.Dll,-3004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e970-e325-11ce-bfc1-08002be10318}] : (MTD) [] -> @%SystemRoot%\System32\SysClass.Dll,-3021 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e971-e325-11ce-bfc1-08002be10318}] : (MultiFunction) [] -> @%SystemRoot%\System32\SysClass.Dll,-3014 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}] : (Net) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1502 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e973-e325-11ce-bfc1-08002be10318}] : (NetClient) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1504 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e974-e325-11ce-bfc1-08002be10318}] : (NetService) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1505 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e975-e325-11ce-bfc1-08002be10318}] : (NetTrans) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1503 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e977-e325-11ce-bfc1-08002be10318}] : (PCMCIA) [] -> @%SystemRoot%\System32\SysClass.Dll,-3010 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e978-e325-11ce-bfc1-08002be10318}] : (Ports) [] -> @%SystemRoot%\System32\msports.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e979-e325-11ce-bfc1-08002be10318}] : (Printer) [] -> @%SystemRoot%\system32\ntprint.dll,-1004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97b-e325-11ce-bfc1-08002be10318}] : (SCSIAdapter) [] -> @%SystemRoot%\System32\SysClass.Dll,-3005 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97d-e325-11ce-bfc1-08002be10318}] : (System) [] -> @%SystemRoot%\System32\SysClass.Dll,-3008 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97e-e325-11ce-bfc1-08002be10318}] : (Unknown) [] -> @%SystemRoot%\System32\SysClass.Dll,-3009 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e980-e325-11ce-bfc1-08002be10318}] : (FloppyDisk) [] -> @%SystemRoot%\System32\SysClass.Dll,-3015 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4fc9541c-0fe6-4480-a4f6-9495a0d17cd2}] : (HidLineDisplay) [] -> @c_linedisplay.inf,%ClassName%;POS Line Display [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50127dc3-0f36-415e-a6cc-4cb3be910b65}] : (Processor) [] -> @c_processor.inf,%ClassDesc%;Processors [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50906cb8-ba12-11d1-bf5d-0000f805f530}] : (MultiPortSerial) [] -> @%SystemRoot%\system32\sysclass.dll,-3022 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5099944a-f6b9-4057-a056-8c550228544c}] : (Memory) [] -> @%SystemRoot%\System32\SysClass.Dll,-3018 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50dd5230-ba8a-11d1-bf5d-0000f805f530}] : (SmartCardReader) [] -> @%SystemRoot%\System32\StorProp.dll,-17002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5175d334-c371-4806-b3ba-71fd53c9258d}] : (Sensor) [] -> @%SystemRoot%\system32\SensorsCpl.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{533c5b84-ec70-11d2-9505-00c04f79deaf}] : (VolumeSnapshot) [] -> @%SystemRoot%\System32\SysClass.Dll,-3011 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53487c23-680f-4585-acc3-1f10d6777e82}] : (SmrDisk) [] -> @c_smrdisk.inf,%ClassDesc%;Shingled magnetic recording disks [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53966cb1-4d46-4166-bf23-c522403cd495}] : (ScmDisk) [] -> @c_scmdisk.inf,%ClassDesc%;Persistent memory disks [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53b3cf03-8f5a-4788-91b6-d19ed9fcccbf}] : (SmrVolume) [] -> @c_smrvolume.inf,%ClassDesc%;Shingled magnetic recording volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53ccb149-e543-4c84-b6e0-bce4f6b7e806}] : (ScmVolume) [] -> @c_scmvolume.inf,%ClassDesc%;Storage Class Memory volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53d29ef7-377c-4d14-864b-eb3a85769359}] : (Biometric) [] -> @%SystemRoot%\System32\SysClass.DLL,-3028 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5630831c-06c9-4856-b327-f5d32586e060}] : (Proximity) [] -> @c_proximity.inf,%ClassDesc%;Proximity devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5989fce8-9cd0-467d-8a6a-5419e31529d4}] : (AudioProcessingObject) [] -> @c_apo.inf,%ClassDesc%;Audio Processing Objects (APOs) [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5aea001d-9372-4ed7-97f3-b79bf15a53c5}] : (OposLegacyDevice) [] -> @oposdrv.inf,%ClassName%;OPOS Legacy Device [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5c4c3332-344d-483c-8739-259e934c9cc8}] : (SoftwareComponent) [] -> @c_swcomponent.inf,%ClassDesc%;Software components [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5d1b9aaa-01e2-46af-849f-272b3f324c46}] : (FSFilterSystem) [] -> @c_fssystem.inf,%ClassDesc%;FS System filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{62f9c741-b25a-46ce-b54c-9bccce08b6f2}] : (SoftwareDevice) [] -> @c_swdevice.inf,%ClassDesc%;Software devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{645ad99b-1344-4316-837a-08a3e73db222}] : (PerceptionSimulation) [] -> @PerceptionSimulationSixDof.inf,%ClassName%;Perception Simulation Controllers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6a0a8e78-bba6-4fc4-a709-1e33cd09d67e}] : (PhysicalQuotaManagement) [] -> @c_fsphysicalquotamgmt.inf,%ClassDesc%;FS Physical quota management filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc1-810f-11d0-bec7-08002be2092f}] : (1394) [] -> @%SystemRoot%\System32\SysClass.Dll,-3016 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc5-810f-11d0-bec7-08002be2092f}] : (Infrared) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1501 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc6-810f-11d0-bec7-08002be2092f}] : (Image) [] -> @%SystemRoot%\system32\sti_ci.dll,-52 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6d807884-7d21-11cf-801c-08002be10318}] : (TapeDrive) [] -> @%SystemRoot%\System32\SysClass.Dll,-3006 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6FAE73B7-B735-4B50-A0DA-0DC2484B1F1A}] : (BasicDisplay) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{71a27cdd-812a-11d0-bec7-08002be2092f}] : (Volume) [] -> @c_volume.inf,%ClassDesc%;Storage volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{71aa14f8-6fad-4622-ad77-92bb9d7e6947}] : (ContinuousBackup) [] -> @c_fscontinuousbackup.inf,%ClassDesc%;FS Continuous backup filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{72631e54-78a4-11d0-bcf7-00aa00b7b32a}] : (Battery) [] -> @%SystemRoot%\system32\powrprof.dll,-611 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{74132997-900D-482A-9F2C-68C4E4F68132}] : (PSINProt) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{745a17a0-74d3-11d0-b6fe-00a0c90f57da}] : (HIDClass) [] -> @%SystemRoot%\System32\hid.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{772e18f2-8925-4229-a5ac-6453cb482fda}] : (HidCashDrawer) [] -> @c_cashdrawer.inf,%ClassName%;POS Cash Drawer [HKLM\SYSTEM\CurrentControlSet\Control\Class\{7ebefbc0-3200-11d2-b4c2-00a0c9697d07}] : (61883) [] -> @%SystemRoot%\System32\SysClass.Dll,-3019 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{81C87465-DE07-4EFC-9D93-61E891D52FD2}] : (RdpVideoMiniport) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8503c911-a6c7-4919-8f79-5028f5866b0c}] : (QuotaManagement) [] -> @c_fsquotamgmt.inf,%ClassDesc%;FS Quota management filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{87ef9ad1-8f70-49ee-b215-ab1fcadcbe3c}] : (NetDriver) [] -> @c_netdriver.inf,%ClassDesc%;Universal Network Drivers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{88a1c342-4539-11d3-b88d-00c04fad5171}] : (TS_Generic) [] -> @ts_generic.inf,%TSClassName%;Generic Remote Desktop devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{88bae032-5a81-49f0-bc3d-a4ff138216d6}] : (USBDevice) [] -> @%SystemRoot%\System32\SysClass.Dll,-3029 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{89786ff1-9c12-402f-9c9e-17753c7f4375}] : (CopyProtection) [] -> @c_fscopyprotection.inf,%ClassDesc%;FS Copy protection filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8ecc055d-047f-11d1-a537-0000f8753ed1}] : (LegacyDriver) [] -> @%SystemRoot%\System32\SysClass.Dll,-3003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{990a2bd7-e738-46c7-b26f-1cf8fb9f1391}] : (SmartCard) [] -> @%SystemRoot%\System32\SysClass.DLL,-3031 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{9da2b80f-f89f-4a49-a5c2-511b085b9e8a}] : (EhStorSilo) [] -> @rawsilo.inf,%ClassName%;IEEE 1667 silo and control devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a588a4-c46f-4b37-b7ea-c82fe89870c6}] : (SDHost) [] -> @%SystemRoot%\System32\SysClass.Dll,-3012 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a701c0-a511-42ff-aa6c-06dc0395576f}] : (Encryption) [] -> @c_fsencryption.inf,%ClassDesc%;FS Encryption filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{A3E32DBA-BA89-4F17-8386-2D0127FBD4CC}] : (rdpbus) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{A73C93F1-9727-4D1D-ACE1-0E333BA4E7DB}] : (nvlddmkm) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b1d1a169-c54f-4379-81db-bee7d88d7454}] : (AntiVirus) [] -> @c_fsantivirus.inf,%ClassDesc%;FS Anti-virus filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b86dff51-a31e-4bac-b3cf-e8cfe75c9fc2}] : (ActivityMonitor) [] -> @c_fsactivitymonitor.inf,%ClassDesc%;FS Activity monitor filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{bbbe8734-08fa-4966-b6a6-4e5ad010cdd7}] : (USBFunctionController) [] -> @%SystemRoot%\System32\SysClass.Dll,-3030 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{BC4A8197-8B77-4253-8670-1526DCB2CA08}] : (PSINReg) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c06ff265-ae09-48f0-812c-16753d7cba83}] : (AVC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3027 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c166523c-fe0c-4a94-a586-f1a80cfbbf3e}] : (AudioEndpoint) [] -> @audioendpoint.inf,%ClassName%;Audio inputs and outputs [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c243ffbd-3afc-45e9-b3d3-2ba18bc7ebc5}] : (BarcodeScanner) [] -> @c_barcodescanner.inf,%ClassName%;POS Barcode Scanner [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c3077fcd-9c3c-482f-9317-460712f23efd}] : (DPTF) [] -> @oem23.inf,%ClassName%;Intel(R) Dynamic Platform and Thermal Framework [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c30ecea0-11ef-4ef9-b02e-6af81e6e65c0}] : (WSDPrintDevice) [] -> @wsdprint.inf,%ClassName%;WSD Print Provider [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c7bc9b22-21f0-4f0d-9bb6-66c229b8cd33}] : (POSPrinter) [] -> @c_receiptprinter.inf,%ClassName%;POS Receipt Printer [HKLM\SYSTEM\CurrentControlSet\Control\Class\{ca3e7ab9-b4c3-4ae6-8251-579ef933890f}] : (Camera) [] -> @c_camera.inf,%ClassDesc%;Cameras [HKLM\SYSTEM\CurrentControlSet\Control\Class\{cdcf0939-b75b-4630-bf76-80f7ba655884}] : (CFSMetadataServer) [] -> @c_fscfsmetadataserver.inf,%ClassDesc%;FS CFS metadata server filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{ce5939ae-ebde-11d0-b181-0000f8753ec4}] : (MediumChanger) [] -> @%SystemRoot%\System32\StorProp.dll,-17003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d02bc3da-0c8e-4945-9bd5-f1883c226c8c}] : (SecurityEnhancer) [] -> @c_fssecurityenhancer.inf,%ClassDesc%;FS Security enhancer filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d421b08e-6d16-41ca-9c4d-9147e5ac98e0}] : (Miracast) [] -> @miradisp.inf,%ClassName%;Miracast display devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d48179be-ec20-11d1-b6b8-00c04fa372a7}] : (SBP2) [] -> @%SystemRoot%\System32\SysClass.Dll,-3017 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d546500a-2aeb-45f6-9482-f4b1799c3177}] : (HSM) [] -> @c_fshsm.inf,%ClassDesc%;FS HSM filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d612553d-06b1-49ca-8938-e39ef80eb16f}] : (Holographic) [] -> @c_holographic.inf,%ClassName%;Mixed Reality devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d61ca365-5af4-4486-998b-9db4734c6ca3}] : (XnaComposite) [] -> @xusb22.inf,%XUSB22.ClassName%;Xbox 360 Peripherals [HKLM\SYSTEM\CurrentControlSet\Control\Class\{D6CD03D8-AC95-4EE2-ABA5-DBC70B014E75}] : (PSINProc) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{D7FDC164-2F5B-4D33-931D-7CF4B9500039}] : (PSINAflt) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d94ee5d8-d189-4994-83d2-f68d7d41b0e6}] : (SecurityDevices) [] -> @%SystemRoot%\System32\SysClass.Dll,-3020 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{db4f6ddd-9c0e-45e4-9597-78dbbad0f412}] : (SmartCardFilter) [] -> @%SystemRoot%\System32\SysClass.DLL,-3032 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e0cbf06c-cd8b-4647-bb8a-263b43f0f974}] : (Bluetooth) [] -> @%SystemRoot%\system32\bthci.dll,-4001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e2f84ce7-8efa-411c-aa69-97454ca4cb57}] : (Extension) [] -> @c_extension.inf,%ClassDesc%;Extensions [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e55fa6f9-128c-4d04-abab-630c74b1453a}] : (Infrastructure) [] -> @c_fsinfrastructure.inf,%ClassDesc%;FS Infrastructure filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{eec5ad98-8080-425f-922a-dabf3de3f69a}] : (WPD) [] -> @%SystemRoot%\System32\wpd_ci.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f2e7dd72-6468-4e36-b6f1-6488f42c1b52}] : (Firmware) [] -> @c_firmware.inf,%ClassDesc%;Firmware [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f3586baf-b5aa-49b5-8d6c-0569284c639f}] : (Compression) [] -> @c_fscompression.inf,%ClassDesc%;FS Compression filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f75a86c0-10d8-4c3a-b233-ed60e4cdfaac}] : (Virtualization) [] -> @c_fsvirtualization.inf,%ClassDesc%;FS Virtualization filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f8ecafa6-66d1-41a5-899b-66585d7216b7}] : (OpenFileBackup) [] -> @c_fsopenfilebackup.inf,%ClassDesc%;FS Open file backup filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{fe8f1572-c67a-48c0-bbac-0b5c6d66cafb}] : (Undelete) [] -> @c_fsundelete.inf,%ClassDesc%;FS Undelete filters [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5] -> elstrans.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) ---------- | Loaded modules (whitelist) [06/08/2016 20:44:15] - (4.3.12.0) - (BigNox Corporation - VirtualBox USB Monitor Driver) - C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys [11/07/2017 12:33:08] - (1.1.0.263) - (Glarysoft Ltd - The driver for the Startup Manager tool) - C:\WINDOWS\System32\drivers\GUBootStartup.sys [02/07/2013 18:45:52] - (1.0.6.1) - (ASUSTek Computer Inc. - ATK WMIACPI Utility) - C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [11/09/2014 18:48:20] - (6.1.7600.16385) - (ASUSTek Computer Inc. - ASUS Charger driver) - C:\WINDOWS\system32\DRIVERS\AiCharger.sys [29/05/2018 17:38:28] - (24.21.13.9793) - (NVIDIA Corporation - NVIDIA Windows Kernel Mode Driver, Version 397.93) - C:\WINDOWS\System32\DriverStore\FileRepository\nvami.inf_amd64_c439a05226fc0e5c\nvlddmkm.sys [14/01/2015 04:25:14] - (1.0.0.1) - ( - Keyboard Filter Driver) - C:\WINDOWS\System32\drivers\kbfiltr.sys [24/11/2017 00:19:50] - (1.0.0.8) - (ASUS - HID minidriver for ASUS Wireless Radio Control) - C:\WINDOWS\System32\drivers\AsRadioControl.sys [24/01/2018 13:08:39] - (4.6.0.0) - (NVIDIA Corporation - NVIDIA Virtual Audio Driver) - C:\WINDOWS\system32\drivers\nvvad64v.sys [29/01/2018 20:25:21] - (202.0.0.0) - (NVIDIA Corporation - Virtual USB Host Controller driver) - C:\WINDOWS\System32\drivers\nvvhci.sys [06/05/2017 20:33:14] - (1.0.0.103) - (Scarlet.Crush Productions - Scp Virtual Bus Driver) - C:\WINDOWS\System32\drivers\ScpVBus.sys [16/02/2017 04:56:04] - (10.0.14393.31233) - (Realsil Semiconductor Corporation - RTS USB READER Driver) - C:\WINDOWS\system32\Drivers\RtsUer.sys [02/07/2009 19:36:14] - (1.0.9.1) - (ASUS - Memory mapping Driver) - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys ---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service S0 - [Kernel Driver] - 3ware () -> System32\drivers\3ware.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - ACPI (@acpi.inf,%ACPI.SvcDesc%;Microsoft ACPI Driver) -> System32\drivers\ACPI.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - acpiex (Microsoft ACPIEx Driver) -> System32\Drivers\acpiex.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - ADP80XX () -> System32\drivers\ADP80XX.SYS - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdsata () -> System32\drivers\amdsata.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdsbs () -> System32\drivers\amdsbs.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdxata () -> System32\drivers\amdxata.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - arcsas (@arcsas.inf,%arcsas_ServiceName%;Adaptec SAS/SATA-II RAID Storport's Miniport Driver) -> System32\drivers\arcsas.sys - AcceptPause: False - AcceptStop: False R0 - [File System Driver] - aswbidsh (aswbidsh) -> system32\drivers\aswbidsha.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - aswblog (aswblog) -> system32\drivers\aswbloga.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - aswbuniv (aswbuniv) -> system32\drivers\aswbuniva.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - aswRvrt (aswRvrt) -> system32\drivers\aswRvrt.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - aswVmm (aswVmm) -> system32\drivers\aswVmm.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - atapi (@mshdc.inf,%idechannel.DeviceDesc%;IDE Channel) -> System32\drivers\atapi.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - b06bdrv (@netbvbda.inf,%vbd_srv_desc%;QLogic Network Adapter VBD) -> System32\drivers\bxvbda.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - bttflt (@virtdisk.inf,%service_desc%;Microsoft Hyper-V VHDPMEM BTT Filter) -> System32\drivers\bttflt.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - cht4iscsi () -> System32\drivers\cht4sx64.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - CLFS (@%SystemRoot%\system32\drivers\clfs.sys,-100) -> System32\drivers\CLFS.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - CNG () -> System32\Drivers\cng.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - Disk (@disk.inf,%disk_ServiceDesc%;Pilote de disque) -> System32\drivers\disk.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - ebdrv (@netevbda.inf,%vbd_srv_desc%;QLogic 10 Gigabit Ethernet Adapter VBD) -> System32\drivers\evbda.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - EhStorClass (@%SystemRoot%\system32\drivers\EhStorClass.sys,-100) -> System32\drivers\EhStorClass.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - EhStorTcgDrv (@ehstortcgdrv.inf,%EhStorTcgDrv.Desc%;Microsoft driver for storage devices supporting IEEE 1667 and TCG protocols) -> System32\drivers\EhStorTcgDrv.sys - AcceptPause: False - AcceptStop: False R0 - [File System Driver] - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) -> System32\drivers\fileinfo.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) -> system32\drivers\fltmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) -> System32\DRIVERS\fvevol.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - HpSAMD () -> System32\drivers\HpSAMD.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) -> System32\drivers\hwpolicy.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - iaStorA () -> System32\drivers\iaStorA.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - iaStorAV (@iastorav.inf,%iaStorAV.DeviceDesc%;Intel(R) SATA RAID Controller Windows) -> System32\drivers\iaStorAV.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - iaStorV (@iastorv.inf,%*PNP0600.DeviceDesc%;Intel RAID Controller Windows 7) -> System32\drivers\iaStorV.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - IntelHSWPcc () -> System32\drivers\IntelPcc.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - intelide () -> System32\drivers\intelide.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - intelpep (@intelpep.inf,%INTELPEP.SVCDESC%;Intel(R) Power Engine Plug-in Driver) -> System32\drivers\intelpep.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - iorate (@%SystemRoot%\system32\drivers\iorate.sys,-101) -> system32\drivers\iorate.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - isapnp () -> System32\drivers\isapnp.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - KSecDD () -> System32\Drivers\ksecdd.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - KSecPkg () -> System32\Drivers\ksecpkg.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - LSI_SAS () -> System32\drivers\lsi_sas.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SAS2i () -> System32\drivers\lsi_sas2i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SAS3i () -> System32\drivers\lsi_sas3i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SSS () -> System32\drivers\lsi_sss.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasas () -> System32\drivers\megasas.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasas2i () -> System32\drivers\MegaSas2i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasr () -> System32\drivers\megasr.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - mfeelamk (McAfee Inc. mfeelamk) -> system32\drivers\mfeelamk.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) -> System32\drivers\mountmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - msisadrv () -> System32\drivers\msisadrv.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - Mup (@%systemroot%\system32\drivers\mup.sys,-101) -> System32\Drivers\mup.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - mvumis () -> System32\drivers\mvumis.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) -> system32\drivers\ndis.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - nvraid () -> System32\drivers\nvraid.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - nvstor () -> System32\drivers\nvstor.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) -> System32\drivers\partmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - pci (@pci.inf,%pci_svcdesc%;Pilote de bus PCI) -> System32\drivers\pci.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - pciide () -> System32\drivers\pciide.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - pcmcia () -> System32\drivers\pcmcia.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - pcw (Performance Counters for Windows Driver) -> System32\drivers\pcw.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - pdc (@%SystemRoot%\system32\drivers\pdc.sys,-100) -> system32\drivers\pdc.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - percsas2i () -> System32\drivers\percsas2i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - percsas3i () -> System32\drivers\percsas3i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - Ramdisk (Windows RAM Disk Driver) -> system32\DRIVERS\ramdisk.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - rdyboost (ReadyBoost) -> System32\drivers\rdyboost.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - sbp2port (@sbp2.inf,%sbp2_ServiceDesc%;SBP-2 Transport/Protocol Bus Driver) -> System32\drivers\sbp2port.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - scmbus (@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver) -> System32\drivers\scmbus.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - SiSRaid2 () -> System32\drivers\SiSRaid2.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - SiSRaid4 () -> System32\drivers\sisraid4.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - spaceport (@spaceport.inf,%Spaceport_ServiceDesc%;Storage Spaces Driver) -> System32\drivers\spaceport.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - stexstor () -> System32\drivers\stexstor.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storahci (@mshdc.inf,%storahci_ServiceDescription%;Microsoft Standard SATA AHCI Driver) -> System32\drivers\storahci.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storflt (@wstorflt.inf,%service_desc%;Microsoft Hyper-V Storage Accelerator) -> System32\drivers\vmstorfl.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - stornvme (@stornvme.inf,%StorNVMe_ServiceDesc%;Microsoft Standard NVM Express Driver) -> System32\drivers\stornvme.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storufs (@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver) -> System32\drivers\storufs.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storvsc () -> System32\drivers\storvsc.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - Tcpip (@%SystemRoot%\system32\drivers\tcpip.sys,-10001) -> System32\drivers\tcpip.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - vdrvroot (@vdrvroot.inf,%vdrvroot_svcdesc%;Microsoft Virtual Drive Enumerator) -> System32\drivers\vdrvroot.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - vmbus (@wvmbus.inf,%vmbus.SVCDESC%;Virtual Machine Bus) -> System32\drivers\vmbus.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - volmgr (@volmgr.inf,%volmgr_svcdesc%;Volume Manager Driver) -> System32\drivers\volmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) -> System32\drivers\volmgrx.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volsnap (@%SystemRoot%\system32\drivers\volsnap.sys,-100) -> System32\drivers\volsnap.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volume (@volume.inf,%VolumeServiceDesc%;Volume driver) -> System32\drivers\volume.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - vsmraid () -> System32\drivers\vsmraid.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - VSTXRAID (@vstxraid.inf,%Driver.DeviceDesc%;VIA StorX Storage RAID Controller Windows Driver) -> System32\drivers\vstxraid.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) -> system32\drivers\Wdf01000.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WFPLWFS (@%SystemRoot%\System32\drivers\wfplwfs.sys,-6000) -> System32\drivers\wfplwfs.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WindowsTrustedRT (Windows Trusted Execution Environment Class Extension) -> system32\drivers\WindowsTrustedRT.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WindowsTrustedRTProxy (@WindowsTrustedRTProxy.inf,%WindowsTrustedRTProxy.SVCDESC%;Microsoft Windows Trusted Runtime Secure Service) -> System32\drivers\WindowsTrustedRTProxy.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - Wof (Windows Overlay File System Filter Driver) -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) -> \SystemRoot\system32\drivers\afd.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - ahcache (@%systemroot%\system32\drivers\ahcache.sys,-102) -> system32\DRIVERS\ahcache.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - aswArPot (aswArPot) -> system32\drivers\aswArPot.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - aswbidsdriver (aswbidsdriver) -> system32\drivers\aswbidsdrivera.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - aswNetSec (aswNetSec) -> system32\drivers\aswNetSec.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - aswRdr (aswRdr) -> system32\drivers\aswRdr2.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - aswSnx (aswSnx) -> system32\drivers\aswSnx.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - aswSP (aswSP) -> system32\drivers\aswSP.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - ATKWMIACPIIO (ATKWMIACPI Driver) -> \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - bam (@%SystemRoot%\system32\drivers\bam.sys,-100) -> system32\drivers\bam.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - BasicDisplay () -> \SystemRoot\System32\drivers\BasicDisplay.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - BasicRender () -> \SystemRoot\System32\drivers\BasicRender.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Beep (Beep) -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - cdrom (@cdrom.inf,%cdrom_ServiceDesc%;CD-ROM Driver) -> \SystemRoot\System32\drivers\cdrom.sys - AcceptPause: False - AcceptStop: True S1 - [Kernel Driver] - dam (@%SystemRoot%\system32\drivers\dam.sys,-100) -> system32\drivers\dam.sys - AcceptPause: False - AcceptStop: False R1 - [File System Driver] - Dfsc (@%systemroot%\system32\wkssvc.dll,-1008) -> System32\Drivers\dfsc.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - FileCrypt (@%systemroot%\system32\drivers\filecrypt.sys,-100) -> system32\drivers\filecrypt.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - GpuEnergyDrv (@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100) -> System32\drivers\gpuenergydrv.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - GUBootStartup (GUBootStartup) -> \??\C:\WINDOWS\System32\drivers\GUBootStartup.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - Msfs () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - mssmbios (@mssmbios.inf,%mssmbios_svcdesc%;Microsoft System Management BIOS Driver) -> \SystemRoot\System32\drivers\mssmbios.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - NetBIOS (@%windir%\system32\drivers\netbios.sys,-503) -> system32\drivers\netbios.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - NetBT (@%SystemRoot%\system32\drivers\netbt.sys,-2) -> System32\DRIVERS\netbt.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - Npfs () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - npsvctrig (@npsvctrig.inf,%NPSVCTRIG.SvcDisplayName%;Named pipe service trigger provider) -> \SystemRoot\System32\drivers\npsvctrig.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) -> system32\drivers\nsiproxy.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Null () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Psched (@%windir%\System32\drivers\pacer.sys,-101) -> System32\drivers\pacer.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) -> system32\DRIVERS\rdbss.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) -> \SystemRoot\system32\DRIVERS\tdx.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - VBoxUSBMon (VirtualBox USB Monitor Driver) -> \SystemRoot\system32\DRIVERS\VBoxUSBMon.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - vwififlt (@%SystemRoot%\System32\drivers\vwififlt.sys,-259) -> System32\drivers\vwififlt.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - ASMMAP64 (ASMMAP64) -> \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - aswMonFlt (aswMonFlt) -> system32\drivers\aswMonFlt.sys - AcceptPause: False - AcceptStop: True S2 - [Kernel Driver] - aswStm (aswStm) -> system32\drivers\aswStm.sys - AcceptPause: False - AcceptStop: False R2 - [File System Driver] - CldFlt (Windows Cloud Files Filter Driver) -> system32\drivers\cldflt.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - lltdio (@%SystemRoot%\system32\lltdres.dll,-6) -> system32\drivers\lltdio.sys - AcceptPause: False - AcceptStop: True S2 - [File System Driver] - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) -> \SystemRoot\system32\drivers\luafv.sys - AcceptPause: False - AcceptStop: False R2 - [Kernel Driver] - MMCSS (@%systemroot%\system32\drivers\mmcss.sys,-100) -> \SystemRoot\system32\drivers\mmcss.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - MsLldp (@%SystemRoot%\system32\drivers\mslldp.sys,-200) -> system32\drivers\mslldp.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - Ndu (@%SystemRoot%\system32\drivers\Ndu.sys,-10001) -> system32\drivers\Ndu.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - PEAUTH (PEAUTH) -> system32\drivers\peauth.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - rspndr (@%SystemRoot%\system32\lltdres.dll,-5) -> system32\drivers\rspndr.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - storqosflt (@%SystemRoot%\System32\drivers\storqosflt.sys,-101) -> system32\drivers\storqosflt.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - tcpipreg (TCP/IP Registry Compatibility) -> System32\drivers\tcpipreg.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - wanarp (@%systemroot%\system32\mprmsg.dll,-32011) -> System32\DRIVERS\wanarp.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - wcifs (@%systemroot%\system32\drivers\wcifs.sys,-100) -> \SystemRoot\system32\drivers\wcifs.sys - AcceptPause: False - AcceptStop: True ---------- | System files (Microsoft|Avast|Atheros|Adaptec|Brother|Intel Files whitelisted) ---------- | Uninstall (Whitelist) [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Akamai] : (Akamai NetSession Interface.-.Akamai Technologies, Inc) -> "C:\Users\jeremy\AppData\Local\Akamai\uninstall.exe" [HKU\S-1-5-21-3887153473-814642932-2301374465-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Google Chrome] : (.-.) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{1B444AF9-1DBE-4884-8F35-969BEFCF69A8}] : (Intel® Trusted Connect Service Client.-.Intel Corporation) -> MsiExec.exe /I{1B444AF9-1DBE-4884-8F35-969BEFCF69A8} ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{3F94FE8B-BD63-4E8C-9F08-602BE1961E1D}] : (Intel(R) Management Engine Components.-.Intel Corporation) -> MsiExec.exe /I{3F94FE8B-BD63-4E8C-9F08-602BE1961E1D} ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{7A267678-A258-471B-9035-A51E068531C8}] : (Intel(R) ME UninstallLegacy.-.Intel Corporation) -> MsiExec.exe /I{7A267678-A258-471B-9035-A51E068531C8} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}] : (Visual Studio 2012 x64 Redistributables.-.AVG Technologies) -> MsiExec.exe /I{8C775E70-A791-4DA8-BCC3-6AB7136F4484} ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{A954D353-9DAF-4916-8E71-F1E959EBCD1E}] : (STCServ.-.Intel Corporation) -> MsiExec.exe /I{A954D353-9DAF-4916-8E71-F1E959EBCD1E} ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel] : (NVIDIA Ansel.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel] : (Panneau de configuration NVIDIA 397.93.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus] : (NVIDIA Optimus Update 31.2.0.0.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update] : (Mises à jour NVIDIA 31.2.0.0.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer] : (DisplayDriverAnalyzer.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv] : (NVIDIA SHIELD Streaming.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer] : (NVIDIA Install Application.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvBackend] : (NVIDIA Backend.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer] : (NVIDIA Container.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.ContainerTelemetryApiHelper] : (NVIDIA TelemetryApi helper for NvContainer.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.LocalSystem] : (NVIDIA LocalSystem Container.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.MessageBus] : (NVIDIA Message Bus for NvContainer.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NetworkService] : (NVIDIA NetworkService Container.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.Session] : (NVIDIA Session Container.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.User] : (NVIDIA User Container.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainer] : (NVIDIA Display Container.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainerLS] : (NVIDIA Display Container LS.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayPluginWatchdog] : (NVIDIA Display Watchdog Plugin.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplaySessionContainer] : (NVIDIA Display Session Container.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs] : (NVIDIA NodeJS.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvPlugin.Watchdog] : (NVIDIA Watchdog Plugin for NvContainer.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry] : (NVIDIA Telemetry Client.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetryContainer] : (NVIDIA Telemetry Container.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci] : (NVIDIA Virtual Host Controller.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_OSC] : (Nvidia Share.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay] : (NVIDIA ShadowPlay 3.14.0.139.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController] : (NVIDIA SHIELD Wireless Controller Driver.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core] : (NVIDIA Update Core.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver] : (NVIDIA Virtual Audio 4.06.0.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{BD667C75-0EDD-4073-A406-A6DD9C3016EB}] : (Intel(R) Chipset Device Software.-.Intel Corporation) -> MsiExec.exe /I{BD667C75-0EDD-4073-A406-A6DD9C3016EB} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}] : (WIDCOMM Bluetooth Software.-.Broadcom Corporation) -> MsiExec.exe /X{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11} ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{DFD2C0B0-664C-4383-B348-2F531462EBAD}] : (Intel® CCF Manager.-.Intel Corporation) -> MsiExec.exe /X{DFD2C0B0-664C-4383-B348-2F531462EBAD} ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{E4E75758-4648-4802-87D3-29E3F874B260}] : (Intel(R) Management Engine Components.-.Intel Corporation) -> MsiExec.exe /I{E4E75758-4648-4802-87D3-29E3F874B260} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Aeria Ignite] : (Aeria Ignite.-.Aeria Games & Entertainment) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Aeria Ignite 1.13.3296] : (.-.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Glary Utilities 5] : (Glary Utilities 5.97.-.Glarysoft Ltd) -> C:\Program Files (x86)\Glary Utilities 5\uninst.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MyEpson Portal] : (MyEpson Portal.-.SEIKO EPSON Corporation) -> MsiExec.exe /I{3361D415-BA35-4143-B301-661991BA6219} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\PydioSync 1.2.9] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WildTangent wildgames Master Uninstall] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{083E4B17-EF54-4FD6-A3C8-CA2069FC1315}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{0969AF05-4FF6-4C00-9406-43599238DE0D}] : (ASUS Splendid Video Enhancement Technology.-.ASUS) -> MsiExec.exe /X{0969AF05-4FF6-4C00-9406-43599238DE0D} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{099218A5-A723-43DC-8DB5-6173656A1E94}] : (Dropbox Update Helper.-.Dropbox, Inc.) -> MsiExec.exe /I{099218A5-A723-43DC-8DB5-6173656A1E94} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}] : (ASUS Screen Saver.-.ASUS) -> MsiExec.exe /I{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{17FA0444-A025-43B9-862C-81AE6307C2F2}] : (Epson Event Manager.-.Seiko Epson Corporation) -> MsiExec.exe /X{17FA0444-A025-43B9-862C-81AE6307C2F2} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{18BD67B4-2BB3-4D1B-A33A-1B57A3BB7A1C}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{196BB40D-1578-3D01-B289-BEFC77A11A1E}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1A6DED1E-A024-455D-AA82-203D6B3B0CBC}] : (Easy Photo Scan.-.Seiko Epson Corporation) -> MsiExec.exe /X{1A6DED1E-A024-455D-AA82-203D6B3B0CBC} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1F07F2C7-596F-4F34-B805-2C61A3E50E5A}] : (Device Setup.-.ASUSTek Computer Inc.) -> MsiExec.exe /I{1F07F2C7-596F-4F34-B805-2C61A3E50E5A} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{24942ED8-8C6C-4C43-BB7E-5A3F488B88D7}_is1] : (Final Fantasy VII CrazySe7en Project version 1.1.-.Altimit, Inc.) -> "C:\Program Files (x86)\Square Soft, Inc\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F32180171F0}] : (Java 8 Update 171.-.Oracle Corporation) -> MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F32180171F0} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83218065F0}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83218066F0}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83218071F0}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83218073F0}] : (.-.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{3361D415-BA35-4143-B301-661991BA6219}] : (MyEpson Portal.-.SEIKO EPSON CORPORATION) -> MsiExec.exe /I{3361D415-BA35-4143-B301-661991BA6219} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{34CE35A5-BC22-4045-9F05-6C411D3A74DB}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{40C98ADC-A44D-401E-BDDD-5094E4CF7D09}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{4412F224-3849-4461-A3E9-DEEF8D252790}] : (Visual Studio C++ 10.0 Runtime.-.TomTom International B.V.) -> MsiExec.exe /I{4412F224-3849-4461-A3E9-DEEF8D252790} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{48F22622-1CC2-4A83-9C1E-644DD96F832D}] : (.-.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}] : (Java Auto Updater.-.Oracle Corporation) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}] : (ASUS Smart Gesture.-.ASUS) -> MsiExec.exe /I{4D3286A6-F6AB-498A-82A4-E4F040529F3D} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}] : (AudioWizard.-.ICEpower a/s) -> MsiExec.exe /X{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}] : (Realtek Card Reader.-.Realtek Semiconductor Corp.) -> C:\WINDOWS\RtCRU64.exe /u ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}] : (Google Update Helper.-.Google Inc.) -> MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{6A0549A9-1B96-498C-ACBC-3943001FEB19}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{6AF775D8-E2DD-4D8B-9636-D0F6992B7A1A}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{7BE20D33-EAE9-4E85-870F-204F65E04F89}] : (Epson Printer Connection Checker.-.SEIKO EPSON CORPORATION) -> MsiExec.exe /X{7BE20D33-EAE9-4E85-870F-204F65E04F89} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}] : (Manuels EPSON.-.SEIKO EPSON CORPORATION) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{8F21291E-0444-4B1D-B9F9-4370A73E346D}] : (WinFlash.-.ASUS) -> MsiExec.exe /X{8F21291E-0444-4B1D-B9F9-4370A73E346D} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{90150000-0138-0409-0000-0000000FF1CE}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{90160000-008C-0000-0000-0000000FF1CE}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{90160000-008C-040C-0000-0000000FF1CE}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}] : (Visual Studio 2012 x86 Redistributables.-.AVG Technologies CZ, s.r.o.) -> MsiExec.exe /I{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{9C4B0706-9F9A-47BF-B417-0A111FC52B04}] : (ASUS Device Activation.-.ASUSTeK COMPUTER INC.) -> MsiExec.exe /X{9C4B0706-9F9A-47BF-B417-0A111FC52B04} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}] : (ASUS USB Charger Plus.-.ASUS) -> MsiExec.exe /X{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}] : (ATK Package.-.ASUS) -> MsiExec.exe /I{AB5C933E-5C7D-4D30-B314-9C83A49B94BE} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-0804-1033-1959-001824161310}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-0804-1033-1959-001824166751}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-0804-1033-1959-001824184103}] : (.-.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-0804-1033-1959-001824265200}] : (Adobe Refresh Manager.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-0804-1033-1959-001824265200} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}] : (Adobe Acrobat Reader DC - Français.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-AC0F074E4100} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{B55DB65D-EF6E-4E04-89D5-B03603BF681B}] : (Epson Software Updater.-.SEIKO EPSON CORPORATION) -> MsiExec.exe /X{B55DB65D-EF6E-4E04-89D5-B03603BF681B} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{CC271E78-C6BD-4842-95BB-F5E09BA8A176}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}] : (Epson Connect Printer Setup.-.SEIKO EPSON CORPORATION) -> MsiExec.exe /X{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{DCB1B348-C94E-4D6D-8CE0-7D9DA5CF663E}] : (OpenOffice 4.1.2.-.Apache Software Foundation) -> MsiExec.exe /I{DCB1B348-C94E-4D6D-8CE0-7D9DA5CF663E} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F89CDED6-B1F1-489F-BA44-698BF6A737C2}] : (System Requirements Lab.-.Husdawg, LLC) -> MsiExec.exe /I{F89CDED6-B1F1-489F-BA44-698BF6A737C2} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F99FC179-EA67-4BBC-8955-BDDA0CB94B88}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}] : (ASUS Live Update.-.ASUS) -> MsiExec.exe /X{FA540E67-095C-4A1B-97BA-4D547DEC9AF4} ---------- | Ports ---------- | Installer [HKCR\Installer\Products\06E070C796783674BB8D57732AA8064D] : UpdateAssistant [HKCR\Installer\Products\07E577C8197A8AD4CB3CA67B31F64448] : Visual Studio 2012 x64 Redistributables [HKCR\Installer\Products\0B0C2DFDC46638343B84F2354126BEDA] : Intel® CCF Manager -> C:\WINDOWS\Installer\{DFD2C0B0-664C-4383-B348-2F531462EBAD}\ARPPRODUCTICON.exe [HKCR\Installer\Products\2A077E75FAB2AAC4AB3ADB98E622453D] : AudioWizard -> C:\Windows\Installer\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}\ARPPRODUCTICON.exe [HKCR\Installer\Products\30DE9D6CFCF60144C97B54AC82F5E911] : WIDCOMM Bluetooth Software -> C:\Windows\Installer\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}\ARPPRODUCTICON.exe [HKCR\Installer\Products\33D02EB79EAE58E478F002F4560EF498] : Epson Printer Connection Checker -> C:\WINDOWS\Installer\{7BE20D33-EAE9-4E85-870F-204F65E04F89}\icon.ico [HKCR\Installer\Products\353D459AFAD96194E8171F9E95BEDCE1] : STCServ [HKCR\Installer\Products\422F2144948316443A9EEDFED8527209] : Visual Studio C++ 10.0 Runtime [HKCR\Installer\Products\4440AF71520A9B3468C218EA36702C2F] : Epson Event Manager -> C:\WINDOWS\Installer\{17FA0444-A025-43B9-862C-81AE6307C2F2}\icon.exe [HKCR\Installer\Products\4EA42A62D9304AC4784BF2238110170F] : Java 8 Update 171 -> C:\Program Files (x86)\Java\jre1.8.0_171\\bin\javaws.exe [HKCR\Installer\Products\50FA96906FF400C4496034952983EDD0] : ASUS Splendid Video Enhancement Technology -> C:\Windows\Installer\{0969AF05-4FF6-4C00-9406-43599238DE0D}\_853F67D554F05449430E7E.exe [HKCR\Installer\Products\514D163353AB34143B10669119AB2691] : MyEpson Portal [HKCR\Installer\Products\57C766DBDDE037044A606ADDC90361BE] : Intel(R) Chipset Device Software [HKCR\Installer\Products\5A812990327ACD34D85B163756A6E149] : Dropbox Update Helper [HKCR\Installer\Products\5E3E958AF26CAFB4FAD1B2590E1366FA] : ASUS USB Charger Plus -> C:\Windows\Installer\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}\_853F67D554F05449430E7E.exe [HKCR\Installer\Products\6070B4C9A9F9FB744B71A011F15CB240] : ASUS Device Activation -> C:\WINDOWS\Installer\{9C4B0706-9F9A-47BF-B417-0A111FC52B04}\MyIcon [HKCR\Installer\Products\68AB67CA408033019195008142622500] : Adobe Refresh Manager -> C:\WINDOWS\Installer\{AC76BA86-0804-1033-1959-001824265200}\ARPPRODUCTICON.exe [HKCR\Installer\Products\68AB67CA7DA76301B744CAF070E41400] : Adobe Acrobat Reader DC - Français -> C:\Windows\Installer\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}\SC_Reader.ico [HKCR\Installer\Products\6A6823D4BA6FA894284A4E0F0425F9D3] : ASUS Smart Gesture -> C:\WINDOWS\Installer\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}\_853F67D554F05449430E7E.exe [HKCR\Installer\Products\6DEDC98F1F1BF984AB4496B86F7A732C] : System Requirements Lab [HKCR\Installer\Products\76E045AFC590B1A479ABD445D7CEA94F] : ASUS Live Update -> C:\WINDOWS\Installer\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}\MyIcon2 [HKCR\Installer\Products\7C2F70F1F69543F48B50C2163A5EE0A5] : Device Setup -> C:\windows\Installer\{1F07F2C7-596F-4F34-B805-2C61A3E50E5A}\_6FEFF9B68218417F98F549.exe [HKCR\Installer\Products\843B1BCDE49CD6D4C80ED7D95AFC66E3] : OpenOffice 4.1.2 -> C:\WINDOWS\Installer\{DCB1B348-C94E-4D6D-8CE0-7D9DA5CF663E}\soffice.ico [HKCR\Installer\Products\85757E4E84642084783D923E8F472B06] : Intel(R) Management Engine Components [HKCR\Installer\Products\876762A7852AB17409535AE16058138C] : Intel(R) ME UninstallLegacy [HKCR\Installer\Products\8FDEEBF0AF033AF43BF19C7C7E8EFD2A] : ASUS Screen Saver -> C:\Windows\Installer\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}\_853F67D554F05449430E7E.exe [HKCR\Installer\Products\9FA444B1EBD14884F85369B9FEFC968A] : Intel® Trusted Connect Service Client [HKCR\Installer\Products\A089CE062ADB6BC44A720BA745894BAC] : Google Update Helper [HKCR\Installer\Products\A91FFE89BA03B4E49B340FB6C136BE8F] : Visual Studio 2012 x86 Redistributables [HKCR\Installer\Products\B031D0CA9088521418F16687399B6044] : Update for Windows 10 for x64-based Systems (KB4023057) [HKCR\Installer\Products\B15D1B9D65BED014EA5BC1FCCAB4C6C8] : Epson Connect Printer Setup -> C:\Windows\Installer\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}\ARPPRODUCTICON.exe [HKCR\Installer\Products\B1CCEC48FE121B14A919E327E4D5993D] : Manuels EPSON -> C:\WINDOWS\Installer\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}\EPSMICO.ICO [HKCR\Installer\Products\B8EF49F336DBC8E4F98006B21E69E1D1] : Intel(R) Management Engine Components [HKCR\Installer\Products\D139E7FE48CDB174D86B8A3385904547] : [HKCR\Installer\Products\D56BD55BE6FE40E4985D0B6330FB86B1] : Epson Software Updater -> C:\WINDOWS\Installer\{B55DB65D-EF6E-4E04-89D5-B03603BF681B}\icon.ico [HKCR\Installer\Products\E19212F84440D1B49B9F34077AE343D6] : WinFlash -> C:\Windows\Installer\{8F21291E-0444-4B1D-B9F9-4370A73E346D}\MyIcon [HKCR\Installer\Products\E1DED6A1420AD554AA2802D3B6B3C0CB] : Easy Photo Scan -> C:\Windows\Installer\{1A6DED1E-A024-455D-AA82-203D6B3B0CBC}\icon.exe [HKCR\Installer\Products\E339C5BAD7C503D43B41C9384AB949EB] : ATK Package -> C:\Windows\Installer\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}\_6FEFF9B68218417F98F549.exe [HKCR\Installer\Products\F60730A4A66673047777F5728467D401] : Java Auto Updater ---------- | ADS ---------- | Drives ---------- | MBR 64 bits not supported by MBR.exe, Dump : C:\QuickDiag\MBR.Bin ---------- | 20 LastEventLog Le programme Dofus.exe version 0.0.0.0 a cessé d'interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l'historique du problème dans le panneau de configuration Sécurité et maintenance. ID de processus : 2bcc Heure de début : 01d40489f4b34cd7 Heure de fin : 48 Chemin d'accès de l'application : C:\Users\jeremy\AppData\Local\Ankama\Dofus\app\Dofus.exe ID de rapport : 4c426c5e-304e-4588-babe-438684be5d7b Nom complet du package défaillant : ID de l'application relative au package défaillant : ------------ Nom de l’application défaillante SystemSettingsAdminFlows.exe, version : 10.0.16299.248, horodatage : 0xafb91cd8 Nom du module défaillant : ntdll.dll, version : 10.0.16299.492, horodatage : 0x1ef3a73c Code d’exception : 0xc0000374 Décalage d’erreur : 0x00000000000f842b ID du processus défaillant : 0xfd8 Heure de début de l’application défaillante : 0x01d40428c4355ba5 Chemin d’accès de l’application défaillante : C:\WINDOWS\system32\SystemSettingsAdminFlows.exe Chemin d’accès du module défaillant: C:\WINDOWS\SYSTEM32\ntdll.dll ID de rapport : e9ce4ad8-640b-4d71-9e8c-1ee5076f3b0b Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Nom de l’application défaillante bad_module_info, version : 0.0.0.0, horodatage : 0x00000000 Nom du module défaillant : unknown, version : 0.0.0.0, horodatage : 0x00000000 Code d’exception : 0xc00001a5 Décalage d’erreur : 0x6c5c91c0 ID du processus défaillant : 0x1d98 Heure de début de l’application défaillante : 0x01d40424e94b222e Chemin d’accès de l’application défaillante : bad_module_info Chemin d’accès du module défaillant: unknown ID de rapport : 80e0d710-ea1d-426f-a25a-23eda414dba1 Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Les paramètres d’autorisation propres à l’application n’accordent pas l’autorisation Local Activation pour l’application serveur COM avec le CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} et l’APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} au SID AUTORITE NT\SERVICE LOCAL de l’utilisateur (S-1-5-19) depuis l’adresse LocalHost (avec LRPC) s’exécutant dans le SID Non disponible du conteneur d’applications (Non disponible). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants. ------------ Les paramètres d’autorisation propres à l’application n’accordent pas l’autorisation Local Activation pour l’application serveur COM avec le CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} et l’APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} au SID AUTORITE NT\SERVICE LOCAL de l’utilisateur (S-1-5-19) depuis l’adresse LocalHost (avec LRPC) s’exécutant dans le SID Non disponible du conteneur d’applications (Non disponible). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants. ------------ Les paramètres d’autorisation propres à l’application n’accordent pas l’autorisation Local Activation pour l’application serveur COM avec le CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} et l’APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} au SID AUTORITE NT\SERVICE LOCAL de l’utilisateur (S-1-5-19) depuis l’adresse LocalHost (avec LRPC) s’exécutant dans le SID Non disponible du conteneur d’applications (Non disponible). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants. ------------ Les paramètres d’autorisation propres à l’application n’accordent pas l’autorisation Local Activation pour l’application serveur COM avec le CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} et l’APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} au SID AUTORITE NT\SERVICE LOCAL de l’utilisateur (S-1-5-19) depuis l’adresse LocalHost (avec LRPC) s’exécutant dans le SID Non disponible du conteneur d’applications (Non disponible). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants. ------------ Les paramètres d’autorisation propres à l’application n’accordent pas l’autorisation Local Activation pour l’application serveur COM avec le CLSID {8BC3F05E-D86B-11D0-A075-00C04FB68820} et l’APPID {8BC3F05E-D86B-11D0-A075-00C04FB68820} au SID JÉRÉMY\jeremy de l’utilisateur (S-1-5-21-3887153473-814642932-2301374465-1001) depuis l’adresse LocalHost (avec LRPC) s’exécutant dans le SID Microsoft.Windows.ContentDeliveryManager_10.0.16299.15_neutral_neutral_cw5n1h2txyewy du conteneur d’applications (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants. ------------ Le service Intel(R) Common Connectivity Framework n’a pas pu démarrer en raison de l’erreur : Le service n’a pas répondu assez vite à la demande de lancement ou de contrôle. ------------ Le dépassement de délai (30000 millisecondes) a été atteint lors de l’attente de la connexion du service Intel(R) Common Connectivity Framework. ------------ Le service Intel(R) Management and Security Application Local Management Service est en attente de démarrage. ------------ Les paramètres d’autorisation propres à l’application n’accordent pas l’autorisation Local Activation pour l’application serveur COM avec le CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} et l’APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} au SID AUTORITE NT\SERVICE LOCAL de l’utilisateur (S-1-5-19) depuis l’adresse LocalHost (avec LRPC) s’exécutant dans le SID Non disponible du conteneur d’applications (Non disponible). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants. ------------ Les paramètres d’autorisation propres à l’application n’accordent pas l’autorisation Local Activation pour l’application serveur COM avec le CLSID {8BC3F05E-D86B-11D0-A075-00C04FB68820} et l’APPID {8BC3F05E-D86B-11D0-A075-00C04FB68820} au SID JÉRÉMY\jeremy de l’utilisateur (S-1-5-21-3887153473-814642932-2301374465-1001) depuis l’adresse LocalHost (avec LRPC) s’exécutant dans le SID Microsoft.Windows.ContentDeliveryManager_10.0.16299.15_neutral_neutral_cw5n1h2txyewy du conteneur d’applications (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants. ------------ Les paramètres d’autorisation propres à l’application n’accordent pas l’autorisation Local Activation pour l’application serveur COM avec le CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} et l’APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} au SID AUTORITE NT\SERVICE LOCAL de l’utilisateur (S-1-5-19) depuis l’adresse LocalHost (avec LRPC) s’exécutant dans le SID Non disponible du conteneur d’applications (Non disponible). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants. ------------ Les paramètres d’autorisation propres à l’application n’accordent pas l’autorisation Local Activation pour l’application serveur COM avec le CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} et l’APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} au SID AUTORITE NT\SERVICE LOCAL de l’utilisateur (S-1-5-19) depuis l’adresse LocalHost (avec LRPC) s’exécutant dans le SID Non disponible du conteneur d’applications (Non disponible). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants. ------------ Les paramètres d’autorisation propres à l’application n’accordent pas l’autorisation Local Activation pour l’application serveur COM avec le CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} et l’APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} au SID AUTORITE NT\SERVICE LOCAL de l’utilisateur (S-1-5-19) depuis l’adresse LocalHost (avec LRPC) s’exécutant dans le SID Non disponible du conteneur d’applications (Non disponible). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants. ------------ Les paramètres d’autorisation propres à l’application n’accordent pas l’autorisation Local Activation pour l’application serveur COM avec le CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} et l’APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} au SID AUTORITE NT\SERVICE LOCAL de l’utilisateur (S-1-5-19) depuis l’adresse LocalHost (avec LRPC) s’exécutant dans le SID Non disponible du conteneur d’applications (Non disponible). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants. ------------ Les paramètres d’autorisation propres à l’application n’accordent pas l’autorisation Local Activation pour l’application serveur COM avec le CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} et l’APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} au SID AUTORITE NT\SERVICE LOCAL de l’utilisateur (S-1-5-19) depuis l’adresse LocalHost (avec LRPC) s’exécutant dans le SID Non disponible du conteneur d’applications (Non disponible). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants. ------------ Les paramètres d’autorisation propres à l’application n’accordent pas l’autorisation Local Activation pour l’application serveur COM avec le CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} et l’APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} au SID AUTORITE NT\SERVICE LOCAL de l’utilisateur (S-1-5-19) depuis l’adresse LocalHost (avec LRPC) s’exécutant dans le SID Non disponible du conteneur d’applications (Non disponible). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants. ------------ ----------( EOF)---------- - 4979 | 20:08:34