--------------- QuickDiag | g3n-h@ckm@n | V4_20.06.18.1 --------------- ----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 21/06/2018 12:35:11 Updated 20/06/2018 | 08:30 (GMT) by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Time Zone : (UTC+01:00) Bruxelles, Copenhague, Madrid, Paris [Anaïs (Administrator)] - [DESKTOP-B9A6OIH] (S-1-5-21-496730697-2844734673-1435591839-1001) System: Microsoft Windows 10 Famille - - (10.0.17134) - BuildType: Multiprocessor Free - OSLanguage: 1036 (040c) -> (1803) System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True Boot : Microsoft Windows 10 Famille|C:\WINDOWS|\Device\Harddisk0\Partition3 Boot : Normal boot PC: HP Pavilion Notebook - HP - IdNumber: 5CD5500W20 - UUID: 35444335-3035-5730-3230-DC4A3EE1DDBA Processor : X64 - 2195 Mhz - Intel(R) Core(TM) i3-5020U CPU @ 2.20GHz F.74 - en|US|iso8859-1,0 - Insyde - S/N: 5CD5500W20 - F.74 - HPQOEM - 1 CoreTemp : 43 Celsius ----------| Quick ---------- | SoundDevice Realtek High Definition Audio - Status: OK - Manufacturer: Realtek - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0290&SUBSYS_103C809A&REV_1000\4&29FBECFC&0&0001 ---------- | Video AMD Radeon (TM) R7 M360 - Resolution: x - Colors: - RefreshRate: - Bits Per Pixel - DeviceID: VideoController1 - Drivers: aticfx64.dll,aticfx64.dll,aticfx64.dll,amdxc64.dll - PNPDeviceID: PCI\VEN_1002&DEV_6900&SUBSYS_809A103C&REV_81\4&1578D2B5&0&00E4 - AdapterCompatibility: Advanced Micro Devices, Inc. - RAM: -2147483648 Intel(R) HD Graphics 5500 - Resolution: 1600x900 - Colors: 4294967296 - RefreshRate: 60 - 32 Bits Per Pixel - DeviceID: VideoController2 - Drivers: igdumdim64.dll,igd10iumd64.dll,igd10iumd64.dll,igd12umd64.dll - PNPDeviceID: PCI\VEN_8086&DEV_1616&SUBSYS_809A103C&REV_09\3&11583659&1&10 - AdapterCompatibility: Intel Corporation - RAM: 1073741824 Inegrated Video Chipset DeviceName: AMD Radeon (TM) R7 M360 - DriverVersion: 8.14.01.6463 - SpecificationVersion: 1025 ---------- | Codecs c:\windows\system32\l3codeca.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 86016 - Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK c:\windows\system32\tsbyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 16896 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 28160 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msgsm32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 42480 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 34696 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msg711.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 25408 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msvidc32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 39424 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msrle32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 17920 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\imaadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 36264 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\iyuv_32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 53760 - Manufacturer: Microsoft Corporation - Status: OK ---------- | CPU CPU #1 value:3 % CPU #2 value:0 % CPU #3 value:0 % CPU #4 value:0 % Total Overall CPU Usage value:0 % ---------- | Network Realtek PCIe FE Family Controller : SENT:0 bytes/sec / RECVD:0 bytes/sec Broadcom BCM43142 802.11 bgn Wi-Fi M.2 Adapter : SENT:5,105 bytes/sec / RECVD:5,105 bytes/sec Overall -> SEND Maxium:0 bytes/sec, / RECEIVE Maximum:5,105 bytes/sec Microsoft Kernel Debug Network Adapter - - Microsoft - Status: - PnPID : ROOT\KDNIC\0000 Broadcom BCM43142 802.11 bgn Wi-Fi M.2 Adapter - Ethernet 802.3 - Broadcom - Status: - PnPID : PCI\VEN_14E4&DEV_4365&SUBSYS_804A103C&REV_01\0000C7FFFFED606D00 Realtek PCIe FE Family Controller - Ethernet 802.3 - Realtek - Status: - PnPID : PCI\VEN_10EC&DEV_8136&SUBSYS_809A103C&REV_0A\4&35B957B2&0&00E3 Microsoft Wi-Fi Direct Virtual Adapter #4 - Ethernet 802.3 - Microsoft - Status: - PnPID : {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP_WFD\5&106DD4F4&1&11 Microsoft Wi-Fi Direct Virtual Adapter - Ethernet 802.3 - Microsoft - Status: - PnPID : {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP_WFD\5&106DD4F4&1&12 Bluetooth Device (RFCOMM Protocol TDI) - - Microsoft - Status: - PnPID : BTH\MS_RFCOMM\6&15BCAE26&0&0 Bluetooth Device (Personal Area Network) - Ethernet 802.3 - Microsoft - Status: - PnPID : BTH\MS_BTHPAN\6&15BCAE26&0&2 WAN Miniport (SSTP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_SSTPMINIPORT WAN Miniport (IKEv2) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_AGILEVPNMINIPORT WAN Miniport (L2TP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_L2TPMINIPORT WAN Miniport (PPTP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_PPTPMINIPORT WAN Miniport (PPPOE) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_PPPOEMINIPORT WAN Miniport (IP) - Ethernet 802.3 - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_NDISWANIP WAN Miniport (IPv6) - Ethernet 802.3 - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_NDISWANIPV6 WAN Miniport (Network Monitor) - Ethernet 802.3 - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_NDISWANBH RAS Async Adapter - Réseau étendu (WAN) - Microsoft - Status: - PnPID : SW\{EEAB7790-C514-11D1-B42B-00805FC1270E}\ASYNCMAC ---------- | Memory RAM = Total (MB) : 4115 | Free (MB) : 518 Pagefile = Total (MB) : 10406 | Free (MB) : 4223 Virtual = Total (MB) : 4194 | Free (MB) : 3911 Physical Memory 0 : Capacity: 4294967296 - Bottom-Slot 1(left) - Posit.: 1 - Manufacturer: Micron - PartNumber: 8KTF51264HZ-1G6N1 - S/N: 16200613 ---------- | SID Users Administrateur : [S-1-5-21-496730697-2844734673-1435591839-500] Anaïs : [S-1-5-21-496730697-2844734673-1435591839-1001] DefaultAccount : [S-1-5-21-496730697-2844734673-1435591839-503] Invité : [S-1-5-21-496730697-2844734673-1435591839-501] WDAGUtilityAccount : [S-1-5-21-496730697-2844734673-1435591839-504] Administrateurs : [S-1-5-32-544] IIS_IUSRS : [S-1-5-32-568] Invités : [S-1-5-32-546] Lecteurs des journaux d’événements : [S-1-5-32-573] System Managed Accounts Group : [S-1-5-32-581] Utilisateurs : [S-1-5-32-545] Utilisateurs de gestion à distance : [S-1-5-32-580] Utilisateurs de l’Analyseur de performances : [S-1-5-32-558] Utilisateurs du journal de performances : [S-1-5-32-559] Utilisateurs du modèle COM distribué : [S-1-5-32-562] ---------- | SystemAccounts Name: Tout le monde - SID: S-1-1-0 - SIDType: 5 - Status: OK Name: LOCAL - SID: S-1-2-0 - SIDType: 5 - Status: OK Name: CREATEUR PROPRIETAIRE - SID: S-1-3-0 - SIDType: 5 - Status: OK Name: GROUPE CREATEUR - SID: S-1-3-1 - SIDType: 5 - Status: OK Name: CREATOR OWNER SERVER - SID: S-1-3-2 - SIDType: 5 - Status: OK Name: CREATOR GROUP SERVER - SID: S-1-3-3 - SIDType: 5 - Status: OK Name: DROITS DU PROPRIÉTAIRE - SID: S-1-3-4 - SIDType: 5 - Status: OK Name: LIGNE - SID: S-1-5-1 - SIDType: 5 - Status: OK Name: RESEAU - SID: S-1-5-2 - SIDType: 5 - Status: OK Name: TACHE - SID: S-1-5-3 - SIDType: 5 - Status: OK Name: INTERACTIF - SID: S-1-5-4 - SIDType: 5 - Status: OK Name: SERVICE - SID: S-1-5-6 - SIDType: 5 - Status: OK Name: ANONYMOUS LOGON - SID: S-1-5-7 - SIDType: 5 - Status: OK Name: Proxy - SID: S-1-5-8 - SIDType: 5 - Status: OK Name: Système - SID: S-1-5-18 - SIDType: 5 - Status: OK Name: ENTERPRISE DOMAIN CONTROLLERS - SID: S-1-5-9 - SIDType: 5 - Status: OK Name: SELF - SID: S-1-5-10 - SIDType: 5 - Status: OK Name: Utilisateurs authentifiés - SID: S-1-5-11 - SIDType: 5 - Status: OK Name: RESTRICTED - SID: S-1-5-12 - SIDType: 5 - Status: OK Name: UTILISATEUR TERMINAL SERVER - SID: S-1-5-13 - SIDType: 5 - Status: OK Name: REMOTE INTERACTIVE LOGON - SID: S-1-5-14 - SIDType: 5 - Status: OK Name: IUSR - SID: S-1-5-17 - SIDType: 5 - Status: OK Name: SERVICE LOCAL - SID: S-1-5-19 - SIDType: 5 - Status: OK Name: SERVICE RÉSEAU - SID: S-1-5-20 - SIDType: 5 - Status: OK Name: BUILTIN - SID: S-1-5-32 - SIDType: 3 - Status: OK ---------- | Drives C:\ -> [Fixed] | [Windows] | Total : 910.52 Go | Free : 457.59 Go -> NTFS [SATA] D:\ -> [Fixed] | [RECOVERY] | Total : 19.62 Go | Free : 2.23 Go -> NTFS [SATA] Disk Usage Information [1 total Physical Disks] Physical Drive #0 [C:, D:] : Read:780,872 bytes/sec, Written:1,919,643 bytes/sec Max Read:780,872 bytes/sec, Max Write:1,919,643 bytes/sec Overall - Read Maximum:780,872 bytes/sec, Write Maximum:1,919,643 bytes/sec DeviceID: \\.\PHYSICALDRIVE0 - Status: OK - IDE - Fixed hard disk media - 4 Part. - PnPID : SCSI\DISK&VEN_HGST&PROD_HTS541010A9E680\4&12248278&0&000000 ---------- | Windows updates - Activation - License Test 1 : Windows Is Activated Test 2 : Possible Fixed Windows Test 3 : Possible Fixed Windows Volume License ---------- | Browsers IE : 11.0.17134.1 (© Microsoft Corporation. Tous droits réservés.) Default : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" ---------- | FlashPlayer FlashPlayer ActiveX : 30.0.0.113 ---------- | Security AV : Windows Defender Disabled FW : WINDOWS Firewall WMI : OK WU: Windows Update Service [Manual(3)] = Running AS: Windows Defender [Manual(3)] = stopped WMI: Windows Management Instrumentation [Auto(2)] = Running ---------- | Running processes 428 | [Owner : Système | Parent : 4(System) | ?????] - (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (10.0.17134.1) = C:\Windows\System32\smss.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 636 | [Owner : Système | Parent : 624() | ?????] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (10.0.17134.1) = C:\Windows\System32\csrss.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 740 | [Owner : Système | Parent : 624() | ?????] - (.Microsoft Corporation - Application de démarrage de Windows.) - (10.0.17134.1) = C:\Windows\System32\wininit.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 764 | [Owner : Système | Parent : 732() | ?????] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (10.0.17134.1) = C:\Windows\System32\csrss.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 804 | [Owner : Système | Parent : 740(wininit.exe) | ?????] - (.Microsoft Corporation - Applications Services et Contrôleur.) - (10.0.17134.1) = C:\Windows\System32\services.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 824 | [Owner : Système | Parent : 740(wininit.exe) | ?????] - (.Microsoft Corporation - Local Security Authority Process.) - (10.0.17134.1) = C:\Windows\System32\lsass.exe [12/04/2018 01:34:23] CPU Usage:0 % --> Command Line : 916 | [Owner : Système | Parent : 804(services.exe) | 0.78 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 928 | [Owner : UMFD-0 | Parent : 740(wininit.exe) | 0.6 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.17134.1) = C:\Windows\System32\fontdrvhost.exe [12/04/2018 01:34:24] CPU Usage:0 % --> Command Line : 940 | [Owner : Système | Parent : 804(services.exe) | 18.64 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 948 | [Owner : SERVICE LOCAL | Parent : 804(services.exe) | 5.23 Mo] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (10.0.17134.1) = C:\Windows\System32\WUDFHost.exe [12/04/2018 01:34:28] CPU Usage:0 % --> Command Line : 576 | [Owner : SERVICE RÉSEAU | Parent : 804(services.exe) | 9.4 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 628 | [Owner : Système | Parent : 804(services.exe) | 3.12 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 1048 | [Owner : Système | Parent : 732() | 4.1 Mo] - (.Microsoft Corporation - Application d’ouverture de session Windows.) - (10.0.17134.1) = C:\Windows\System32\winlogon.exe [12/04/2018 01:34:23] CPU Usage:0 % --> Command Line : 1116 | [Owner : UMFD-1 | Parent : 1048(winlogon.exe) | 3.42 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.17134.1) = C:\Windows\System32\fontdrvhost.exe [12/04/2018 01:34:24] CPU Usage:0 % --> Command Line : 1184 | [Owner : DWM-1 | Parent : 1048(winlogon.exe) | 30.54 Mo] - (.Microsoft Corporation - Gestionnaire de fenêtres du Bureau.) - (10.0.17134.1) = C:\Windows\System32\dwm.exe [12/04/2018 01:34:19] CPU Usage:0 % --> Command Line : 1240 | [Owner : SERVICE LOCAL | Parent : 804(services.exe) | 3.27 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 1252 | [Owner : SERVICE LOCAL | Parent : 804(services.exe) | 1.93 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 1300 | [Owner : Système | Parent : 804(services.exe) | 3.76 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 1332 | [Owner : Système | Parent : 804(services.exe) | 8.04 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 1368 | [Owner : SERVICE LOCAL | Parent : 804(services.exe) | 4.44 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 1456 | [Owner : Système | Parent : 804(services.exe) | 1.59 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 1500 | [Owner : Système | Parent : 804(services.exe) | 5.06 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 1592 | [Owner : SERVICE LOCAL | Parent : 804(services.exe) | 12.38 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 1608 | [Owner : SERVICE LOCAL | Parent : 804(services.exe) | 2.31 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 1636 | [Owner : SERVICE LOCAL | Parent : 804(services.exe) | 8.11 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 1672 | [Owner : Système | Parent : 804(services.exe) | 2.04 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 1712 | [Owner : Système | Parent : 804(services.exe) | 4.95 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 1760 | [Owner : SERVICE LOCAL | Parent : 804(services.exe) | 3.23 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 1824 | [Owner : Système | Parent : 804(services.exe) | 4.31 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 1888 | [Owner : SERVICE LOCAL | Parent : 804(services.exe) | 3.4 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 1920 | [Owner : SERVICE LOCAL | Parent : 804(services.exe) | 1.91 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 1936 | [Owner : SERVICE LOCAL | Parent : 1672(svchost.exe) | 7.47 Mo] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (10.0.17134.1) = C:\Windows\System32\dasHost.exe [12/04/2018 01:34:12] CPU Usage:0 % --> Command Line : 1988 | [Owner : Système | Parent : 804(services.exe) | 5.14 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 288 | [Owner : Système | Parent : 804(services.exe) | 1.28 Mo] - (.AMD - AMD External Events Service Module.) - (6.14.11.1199) = C:\Windows\System32\atiesrxx.exe [08/12/2015 19:53:26] CPU Usage:0 % --> Command Line : 2060 | [Owner : Système | Parent : 288(atiesrxx.exe) | 4.15 Mo] - (.AMD - AMD External Events Client Module.) - (6.14.11.1199) = C:\Windows\System32\atieclxx.exe [08/12/2015 19:53:26] CPU Usage:0 % --> Command Line : 2072 | [Owner : SERVICE RÉSEAU | Parent : 804(services.exe) | 7.65 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 2088 | [Owner : Système | Parent : 804(services.exe) | 24.73 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 2100 | [Owner : SERVICE LOCAL | Parent : 804(services.exe) | 3.4 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 2112 | [Owner : Système | Parent : 804(services.exe) | 1.11 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 2204 | [Owner : Système | Parent : 804(services.exe) | 4.93 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 2248 | [Owner : SERVICE LOCAL | Parent : 804(services.exe) | 5.37 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 2272 | [Owner : Système | Parent : 804(services.exe) | 3.52 Mo] - (.Intel Corporation - igfxCUIService Module.) - (6.15.10.4549) = C:\Windows\System32\igfxCUIService.exe [13/01/2017 20:37:28] CPU Usage:0 % --> Command Line : 2380 | [Owner : Système | Parent : 804(services.exe) | 2.68 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 2388 | [Owner : SERVICE LOCAL | Parent : 804(services.exe) | 3.18 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 2416 | [Owner : SERVICE LOCAL | Parent : 804(services.exe) | 3.45 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 2516 | [Owner : SERVICE LOCAL | Parent : 804(services.exe) | 4.7 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 2532 | [Owner : Système | Parent : 804(services.exe) | 12.46 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 2648 | [Owner : SERVICE LOCAL | Parent : 804(services.exe) | 7.34 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 2732 | [Owner : Système | Parent : 804(services.exe) | 9.15 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 2784 | [Owner : Système | Parent : 804(services.exe) | 2.93 Mo] - (.Realtek Semiconductor - Realtek Audio Service.) - (1.0.0.67) = C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [08/12/2015 19:46:31] CPU Usage:0 % --> Command Line : 3004 | [Owner : SERVICE LOCAL | Parent : 804(services.exe) | 2.3 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 3012 | [Owner : SERVICE LOCAL | Parent : 804(services.exe) | 5.52 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 3020 | [Owner : SERVICE RÉSEAU | Parent : 804(services.exe) | 8.53 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 1932 | [Owner : SERVICE LOCAL | Parent : 804(services.exe) | 3.66 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 3156 | [Owner : Système | Parent : 804(services.exe) | 7.78 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 3188 | [Owner : Système | Parent : 2784(RtkAudioService64.exe) | 2.41 Mo] - (.Realtek Semiconductor - HD Audio Background Process.) - (1.0.0.222) = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [08/12/2015 19:46:17] CPU Usage:0 % --> Command Line : 3236 | [Owner : Système | Parent : 804(services.exe) | 4.44 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 3308 | [Owner : Système | Parent : 3156(svchost.exe) | 1.5 Mo] - (.Microsoft Corporation - Infrastructure d’extensibilité pour les services réseau Windows sans fil 802.11.) - (10.0.17134.1) = C:\Windows\System32\wlanext.exe [12/04/2018 01:34:43] CPU Usage:0 % --> Command Line : 3336 | [Owner : Système | Parent : 3308(wlanext.exe) | 1.03 Mo] - (.Microsoft Corporation - Hôte de la fenêtre de la console.) - (10.0.17134.1) = C:\Windows\System32\conhost.exe [12/04/2018 01:34:20] CPU Usage:0 % --> Command Line : 3528 | [Owner : Système | Parent : 804(services.exe) | 11.67 Mo] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.17134.1) = C:\Windows\System32\spoolsv.exe [12/04/2018 01:34:41] CPU Usage:0 % --> Command Line : 3620 | [Owner : SERVICE RÉSEAU | Parent : 804(services.exe) | 2.7 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 3776 | [Owner : Système | Parent : 804(services.exe) | 2.46 Mo] - (.Apple Inc. - MobileDeviceService.) - (423.50.213.1) = C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [27/04/2018 12:30:08] CPU Usage:0 % --> Command Line : 3784 | [Owner : Système | Parent : 804(services.exe) | 1.27 Mo] - (.Broadcom Corporation. - Bluetooth Radio Management Support.) - (12.0.0.8048) = C:\Windows\System32\BtwRSupportService.exe [07/10/2016 01:32:10] CPU Usage:0 % --> Command Line : 3792 | [Owner : Système | Parent : 804(services.exe) | 2.12 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 3808 | [Owner : Système | Parent : 804(services.exe) | 18.54 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 3816 | [Owner : Système | Parent : 804(services.exe) | 1.26 Mo] - (.Intel Corporation - Intel(R) Dynamic Platform and Thermal Framework.) - (8.1.10603.192) = C:\Windows\SysWOW64\esif_uf.exe [08/12/2015 19:50:35] CPU Usage:0 % --> Command Line : 3824 | [Owner : SERVICE RÉSEAU | Parent : 804(services.exe) | 8.12 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 3848 | [Owner : SERVICE LOCAL | Parent : 804(services.exe) | 15.92 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 3856 | [Owner : Système | Parent : 804(services.exe) | 17.24 Mo] - (.Microsoft Corporation - Microsoft Office Click-to-Run (SxS).) - (16.0.9330.2124) = C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe [24/10/2016 05:49:54] CPU Usage:0 % --> Command Line : 3936 | [Owner : Système | Parent : 804(services.exe) | 1.16 Mo] - (.- RichVideo Module.) - (2.0.1.7413) = C:\Program Files\CyberLink\Shared files\RichVideo64.exe [08/12/2015 20:17:54] CPU Usage:0 % --> Command Line : 3948 | [Owner : SERVICE RÉSEAU | Parent : 804(services.exe) | 1.84 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 3960 | [Owner : SERVICE LOCAL | Parent : 804(services.exe) | 5.2 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 3976 | [Owner : Système | Parent : 804(services.exe) | 2.11 Mo] - (.-.) - (0.0.0.0) = C:\Program Files\AVAST Software\SecureLine\vpnsvc.exe [06/10/2016 15:04:35] CPU Usage:0 % --> Command Line : 3988 | [Owner : Système | Parent : 804(services.exe) | 3.74 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 4004 | [Owner : Système | Parent : 804(services.exe) | ?????] - (.Microsoft Corporation - Windows Security Health Service.) - (4.13.17134.1) = C:\Windows\System32\SecurityHealthService.exe [12/04/2018 01:34:41] CPU Usage:0 % --> Command Line : 3996 | [Owner : Système | Parent : 804(services.exe) | 4.98 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 4032 | [Owner : SERVICE LOCAL | Parent : 804(services.exe) | 6.68 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 4048 | [Owner : Système | Parent : 804(services.exe) | 1.7 Mo] - (.Synaptics Incorporated - 64-bit Synaptics Pointing Enhance Service.) - (19.3.31.31) = C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [18/08/2017 02:23:54] CPU Usage:0 % --> Command Line : 3204 | [Owner : Système | Parent : 804(services.exe) | 1.47 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 3636 | [Owner : Système | Parent : 804(services.exe) | 13.76 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 556 | [Owner : Système | Parent : 804(services.exe) | 6.16 Mo] - (.Wondershare - Wondershare Passport.) - (2.4.2.223) = C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\WsAppService.exe [25/07/2017 13:27:25] CPU Usage:0 % --> Command Line : 2664 | [Owner : Système | Parent : 804(services.exe) | 4.79 Mo] - (.Safer-Networking Ltd. - Spybot-S&D 2 Scanner Service.) - (2.7.64.219) = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [18/06/2018 23:59:45] CPU Usage:0 % --> Command Line : 4260 | [Owner : SERVICE LOCAL | Parent : 804(services.exe) | 1.22 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 4376 | [Owner : Système | Parent : 804(services.exe) | 1.93 Mo] - (.Safer-Networking Ltd. - Windows Security Center integration..) - (2.7.64.3) = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [18/06/2018 23:59:52] CPU Usage:0 % --> Command Line : 4632 | [Owner : Système | Parent : 804(services.exe) | 3.19 Mo] - (.Safer-Networking Ltd. - Spybot-S&D 2 Background update service.) - (2.7.64.82) = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [18/06/2018 23:59:50] CPU Usage:0 % --> Command Line : 4700 | [Owner : Système | Parent : 804(services.exe) | 5.04 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 4724 | [Owner : SERVICE LOCAL | Parent : 804(services.exe) | 1.1 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 5044 | [Owner : Système | Parent : 804(services.exe) | 5.52 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 4332 | [Owner : SERVICE RÉSEAU | Parent : 804(services.exe) | 3.22 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 6056 | [Owner : Anaïs | Parent : 1712(svchost.exe) | 17.23 Mo] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.17134.1) = C:\Windows\System32\sihost.exe [12/04/2018 01:34:12] CPU Usage:0 % --> Command Line : 6104 | [Owner : Anaïs | Parent : 3816(esif_uf.exe) | 1.06 Mo] - (.Intel Corporation - Intel(R) Dynamic Platform and Thermal Framework Utility Application.) - (8.1.10603.192) = C:\Windows\Temp\DPTF\esif_assist_64.exe [19/06/2018 20:36:53] CPU Usage:0 % --> Command Line : 5308 | [Owner : SERVICE LOCAL | Parent : 804(services.exe) | 2.98 Mo] - (.Microsoft Corporation - PresentationFontCache.exe.) - (3.0.6920.8931) = C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe [05/06/2018 14:59:58] CPU Usage:0 % --> Command Line : 5632 | [Owner : Anaïs | Parent : 5312() | 88.48 Mo] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.17134.1) = C:\Windows\explorer.exe [12/04/2018 01:34:44] CPU Usage:0 % --> Command Line : 3604 | [Owner : Anaïs | Parent : 804(services.exe) | 8.98 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 5996 | [Owner : Anaïs | Parent : 804(services.exe) | 20.88 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 6160 | [Owner : Système | Parent : 1332(svchost.exe) | 0.89 Mo] - (.Dropbox, Inc. - Dropbox Update.) - (1.3.27.73) = C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [25/10/2016 18:07:44] CPU Usage:0 % --> Command Line : 6208 | [Owner : Anaïs | Parent : 1332(svchost.exe) | 9.38 Mo] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.17134.1) = C:\Windows\System32\taskhostw.exe [12/04/2018 01:34:37] CPU Usage:0 % --> Command Line : 6392 | [Owner : Système | Parent : 804(services.exe) | 1.46 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 6440 | [Owner : Anaïs | Parent : 6392(svchost.exe) | 7.77 Mo] - (.Microsoft Corporation - Chargeur CTF.) - (10.0.17134.1) = C:\Windows\System32\ctfmon.exe [12/04/2018 01:34:37] CPU Usage:0 % --> Command Line : 6580 | [Owner : Anaïs | Parent : 4048(SynTPEnhService.exe) | 7.41 Mo] - (.Synaptics Incorporated - Synaptics TouchPad 64-bit Enhancements.) - (19.3.31.31) = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [18/08/2017 02:23:52] CPU Usage:0 % --> Command Line : 6712 | [Owner : Système | Parent : 804(services.exe) | 2.82 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 6772 | [Owner : Anaïs | Parent : 6616() | 0.91 Mo] - (.Synaptics Incorporated - Synaptics Pointing Device Helper.) - (19.3.31.31) = C:\Program Files\Synaptics\SynTP\SynTPHelper.exe [18/08/2017 02:23:54] CPU Usage:0 % --> Command Line : 6780 | [Owner : Système | Parent : 804(services.exe) | 5.55 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 7040 | [Owner : Anaïs | Parent : 6884() | 4.72 Mo] - (.Intel Corporation - igfxEM Module.) - (6.15.10.4549) = C:\Windows\System32\igfxEM.exe [13/01/2017 20:37:46] CPU Usage:0 % --> Command Line : 7048 | [Owner : Anaïs | Parent : 6884() | 1.75 Mo] - (.Intel Corporation - igfxHK Module.) - (6.15.10.4549) = C:\Windows\System32\igfxHK.exe [13/01/2017 20:37:54] CPU Usage:0 % --> Command Line : 2924 | [Owner : SERVICE LOCAL | Parent : 804(services.exe) | 9.62 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 7252 | [Owner : Système | Parent : 804(services.exe) | 7.28 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 7892 | [Owner : Anaïs | Parent : 1332(svchost.exe) | 0.88 Mo] - (.Hewlett-Packard Development Company, L.P. - HP CoolSense.) - (2.2.0.51) = C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [21/05/2015 15:19:18] CPU Usage:0 % --> Command Line : 8060 | [Owner : Anaïs | Parent : 940(svchost.exe) | 31.17 Mo] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.17134.1) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [12/04/2018 01:33:58] CPU Usage:0 % --> Command Line : 6340 | [Owner : Anaïs | Parent : 940(svchost.exe) | 30.05 Mo] - (.Microsoft Corporation - Search and Cortana application.) - (10.0.17134.112) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [13/06/2018 00:54:18] CPU Usage:0 % --> Command Line : 4084 | [Owner : Anaïs | Parent : 940(svchost.exe) | 11.08 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.17134.1) = C:\Windows\System32\RuntimeBroker.exe [12/04/2018 01:34:06] CPU Usage:0 % --> Command Line : 6232 | [Owner : Anaïs | Parent : 940(svchost.exe) | 12.37 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.17134.1) = C:\Windows\System32\RuntimeBroker.exe [12/04/2018 01:34:06] CPU Usage:0 % --> Command Line : 5812 | [Owner : SERVICE LOCAL | Parent : 804(services.exe) | 6.24 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 3868 | [Owner : Anaïs | Parent : 940(svchost.exe) | 0.14 Mo] - (.Microsoft Corporation - Office Hub Task Host.) - (16.0.9328.1700) = C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.9328.1700.0_x64__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe [14/05/2018 23:01:27] CPU Usage:0 % --> Command Line : 3844 | [Owner : Anaïs | Parent : 940(svchost.exe) | 0.05 Mo] - (.-.) - (12.1815.209.0) = C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeHost.exe [23/05/2018 13:06:39] CPU Usage:0 % --> Command Line : 8808 | [Owner : Système | Parent : 940(svchost.exe) | 3.53 Mo] - (.Microsoft Corporation - Sink to receive asynchronous callbacks for WMI client application.) - (10.0.17134.1) = C:\Windows\System32\wbem\unsecapp.exe [12/04/2018 01:34:40] CPU Usage:0 % --> Command Line : 7860 | [Owner : Anaïs | Parent : 940(svchost.exe) | 0.5 Mo] - (.-.) - (10.18041.1461.0) = C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18041.14611.0_x64__8wekyb3d8bbwe\Video.UI.exe [31/05/2018 21:10:55] CPU Usage:0 % --> Command Line : 7844 | [Owner : Anaïs | Parent : 5632(explorer.exe) | 3.36 Mo] - (.Microsoft Corporation - Windows Defender notification icon.) - (4.13.17134.1) = C:\Program Files\Windows Defender\MSASCuiL.exe [12/04/2018 01:33:58] CPU Usage:0 % --> Command Line : 8604 | [Owner : Anaïs | Parent : 5632(explorer.exe) | 4.05 Mo] - (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) - (1.0.495.0) = C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [08/12/2015 19:46:32] CPU Usage:0 % --> Command Line : 1488 | [Owner : Anaïs | Parent : 940(svchost.exe) | 17.22 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.17134.1) = C:\Windows\System32\RuntimeBroker.exe [12/04/2018 01:34:06] CPU Usage:0 % --> Command Line : 2580 | [Owner : Anaïs | Parent : 804(services.exe) | 8.49 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 5008 | [Owner : Anaïs | Parent : 5632(explorer.exe) | 16.19 Mo] - (.Microsoft Corporation - Microsoft OneDrive.) - (18.65.329.2) = C:\Users\Anaïs\AppData\Local\Microsoft\OneDrive\OneDrive.exe [06/10/2016 15:06:22] CPU Usage:0 % --> Command Line : 1860 | [Owner : Anaïs | Parent : 6540() | 60.5 Mo] - (.AVAST Software - Avast Antivirus.) - (18.4.3895.327) = C:\Program Files\AVAST Software\Avast\AvastUI.exe [08/06/2018 20:39:13] CPU Usage:0 % --> Command Line : 8668 | [Owner : Anaïs | Parent : 5632(explorer.exe) | 28.19 Mo] - (.Skype Technologies S.A. - Skype.) - (7.41.0.101) = C:\Program Files (x86)\Skype\Phone\Skype.exe [13/03/2018 16:39:58] CPU Usage:0 % --> Command Line : 9280 | [Owner : Anaïs | Parent : 940(svchost.exe) | 1.72 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.17134.1) = C:\Windows\System32\RuntimeBroker.exe [12/04/2018 01:34:06] CPU Usage:0 % --> Command Line : 9500 | [Owner : Système | Parent : 804(services.exe) | 17.22 Mo] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.17134.1) = C:\Windows\System32\SearchIndexer.exe [12/04/2018 01:34:08] CPU Usage:0 % --> Command Line : 9584 | [Owner : Système | Parent : 804(services.exe) | 17.03 Mo] - (.HP Inc. - HP Support Solutions Framework Service.) - (8.9.18.3) = C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [04/07/2016 07:12:08] CPU Usage:0 % --> Command Line : 9836 | [Owner : Anaïs | Parent : 5632(explorer.exe) | 7.4 Mo] - (.Hewlett-Packard Development Company, LP - ScanToPCActivationApp.) - (32.3.198.49673) = C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe [21/07/2014 16:25:12] CPU Usage:0 % --> Command Line : 9936 | [Owner : Anaïs | Parent : 940(svchost.exe) | 6.79 Mo] - (.Hewlett-Packard Development Company, LP - HPNetworkCommunicatorCom.) - (32.3.198.49673) = C:\Program Files\HP\HP Officejet 4630 series\Bin\HPNetworkCommunicatorCom.exe [21/07/2014 16:12:08] CPU Usage:0 % --> Command Line : 10036 | [Owner : Anaïs | Parent : 9868() | 3.41 Mo] - (.Hewlett-Packard Development Company, L.P. - HP Message Service.) - (1.4.5.0) = C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [19/08/2015 13:12:12] CPU Usage:0 % --> Command Line : 10080 | [Owner : Anaïs | Parent : 9868() | 1.7 Mo] - (.Hewlett-Packard - hpwuSchd Application.) - (80.1.1.0) = C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [30/05/2013 14:50:10] CPU Usage:0 % --> Command Line : 10140 | [Owner : Système | Parent : 940(svchost.exe) | 6.74 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.17134.1) = C:\Windows\System32\wbem\WmiPrvSE.exe [12/04/2018 01:34:40] CPU Usage:0 % --> Command Line : 10232 | [Owner : Anaïs | Parent : 9868() | 8.29 Mo] - (.Safer-Networking Ltd. - Spybot - Search & Destroy tray access.) - (2.7.64.129) = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [18/06/2018 23:59:43] CPU Usage:0 % --> Command Line : 7788 | [Owner : Anaïs | Parent : 9884() | 7.48 Mo] - (.Piriform Ltd - CCleaner.) - (5.43.151.6522) = C:\Program Files\CCleaner\CCleaner64.exe [24/05/2018 19:51:02] CPU Usage:0 % --> Command Line : 9564 | [Owner : Système | Parent : 804(services.exe) | 17.38 Mo] - (.HP Inc. - HP Touchpoint Analytics Client Service.) - (4.0.2.1439) = C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [16/11/2017 21:07:20] CPU Usage:0 % --> Command Line : 7208 | [Owner : Anaïs | Parent : 940(svchost.exe) | 2.51 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.17134.1) = C:\Windows\System32\RuntimeBroker.exe [12/04/2018 01:34:06] CPU Usage:0 % --> Command Line : 1364 | [Owner : Anaïs | Parent : 5632(explorer.exe) | 232.52 Mo] - (.Google Inc. - Google Chrome.) - (68.0.3440.25) = C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe [19/06/2018 19:55:40] CPU Usage:4 % --> Command Line : 8392 | [Owner : Anaïs | Parent : 1364(chrome.exe) | 1.82 Mo] - (.Google Inc. - Google Chrome.) - (68.0.3440.25) = C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe [19/06/2018 19:55:40] CPU Usage:0 % --> Command Line : 8388 | [Owner : Anaïs | Parent : 1364(chrome.exe) | 1.45 Mo] - (.Google Inc. - Google Chrome.) - (68.0.3440.25) = C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe [19/06/2018 19:55:40] CPU Usage:0 % --> Command Line : 2552 | [Owner : Anaïs | Parent : 1364(chrome.exe) | 155.33 Mo] - (.Google Inc. - Google Chrome.) - (68.0.3440.25) = C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe [19/06/2018 19:55:40] CPU Usage:0 % --> Command Line : 10332 | [Owner : Anaïs | Parent : 1364(chrome.exe) | 328.69 Mo] - (.Google Inc. - Google Chrome.) - (68.0.3440.25) = C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe [19/06/2018 19:55:40] CPU Usage:0 % --> Command Line : 10416 | [Owner : Anaïs | Parent : 1364(chrome.exe) | 7.68 Mo] - (.Google Inc. - Google Chrome.) - (68.0.3440.25) = C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe [19/06/2018 19:55:40] CPU Usage:0 % --> Command Line : 10564 | [Owner : Anaïs | Parent : 1364(chrome.exe) | 68.27 Mo] - (.Google Inc. - Google Chrome.) - (68.0.3440.25) = C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe [19/06/2018 19:55:40] CPU Usage:0 % --> Command Line : 7180 | [Owner : Système | Parent : 804(services.exe) | 5.75 Mo] - (.Intel Corporation - IAStorDataSvc.) - (14.5.2.1088) = C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [22/07/2015 11:49:06] CPU Usage:0 % --> Command Line : 11004 | [Owner : Système | Parent : 804(services.exe) | 16.31 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 11828 | [Owner : Système | Parent : 804(services.exe) | 4 Mo] - (.Hewlett-Packard Company - HP Software Framework WMI Service.) - (6.5.6.1) = C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [28/04/2015 16:39:48] CPU Usage:0 % --> Command Line : 11940 | [Owner : Anaïs | Parent : 940(svchost.exe) | 9.97 Mo] - (.Microsoft Corporation - Application Frame Host.) - (10.0.17134.1) = C:\Windows\System32\ApplicationFrameHost.exe [12/04/2018 01:34:18] CPU Usage:0 % --> Command Line : 12024 | [Owner : Système | Parent : 804(services.exe) | 0.91 Mo] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host Interface.) - (11.0.0.1163) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [14/08/2015 03:11:34] CPU Usage:0 % --> Command Line : 8696 | [Owner : Anaïs | Parent : 940(svchost.exe) | 3.74 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.17134.1) = C:\Windows\System32\RuntimeBroker.exe [12/04/2018 01:34:06] CPU Usage:0 % --> Command Line : 6628 | [Owner : Système | Parent : 804(services.exe) | ?????] - (.Microsoft Corporation - Service Broker du moniteur d'exécution System Guard.) - (10.0.17134.1) = C:\Windows\System32\SgrmBroker.exe [12/04/2018 01:34:04] CPU Usage:0 % --> Command Line : 1060 | [Owner : Anaïs | Parent : 940(svchost.exe) | 4.76 Mo] - (.-.) - (2018.18041.15530.0) = C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe [09/06/2018 17:17:43] CPU Usage:0 % --> Command Line : 11648 | [Owner : Anaïs | Parent : 940(svchost.exe) | 4.56 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.17134.1) = C:\Windows\System32\RuntimeBroker.exe [12/04/2018 01:34:06] CPU Usage:0 % --> Command Line : 11676 | [Owner : Anaïs | Parent : 1364(chrome.exe) | 122.96 Mo] - (.Google Inc. - Google Chrome.) - (68.0.3440.25) = C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe [19/06/2018 19:55:40] CPU Usage:0 % --> Command Line : 10604 | [Owner : Système | Parent : 804(services.exe) | 4.48 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 7128 | [Owner : Anaïs | Parent : 1364(chrome.exe) | 22.41 Mo] - (.BitTorrent Inc. - µTorrent.) - (3.5.3.44428) = C:\Users\Anaïs\AppData\Roaming\uTorrent\uTorrent.exe [09/10/2016 18:33:23] CPU Usage:0 % --> Command Line : 10572 | [Owner : Anaïs | Parent : 7128(uTorrent.exe) | 10.06 Mo] - (.BitTorrent Inc. - WebHelper.) - (1.0.0.44428) = C:\Users\Anaïs\AppData\Roaming\uTorrent\updates\3.5.3_44428\utorrentie.exe [24/05/2018 16:23:20] CPU Usage:0 % --> Command Line : 1896 | [Owner : Anaïs | Parent : 7128(uTorrent.exe) | 64.93 Mo] - (.BitTorrent Inc. - WebHelper.) - (1.0.0.44428) = C:\Users\Anaïs\AppData\Roaming\uTorrent\updates\3.5.3_44428\utorrentie.exe [24/05/2018 16:23:20] CPU Usage:2 % --> Command Line : 2148 | [Owner : Anaïs | Parent : 5632(explorer.exe) | 8.28 Mo] - (.VideoLAN - VLC media player.) - (3.0.3.0) = C:\Program Files (x86)\VideoLAN\VLC\vlc.exe [29/05/2018 21:56:40] CPU Usage:0 % --> Command Line : 10864 | [Owner : Anaïs | Parent : 804(services.exe) | 1.38 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 2680 | [Owner : Anaïs | Parent : 940(svchost.exe) | 4.16 Mo] - (.Microsoft Corporation - Aide et support Microsoft.) - (10.0.17134.1) = C:\Windows\HelpPane.exe [12/04/2018 01:34:25] CPU Usage:0 % --> Command Line : 9484 | [Owner : Anaïs | Parent : 804(services.exe) | 1.3 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 12008 | [Owner : Anaïs | Parent : 940(svchost.exe) | 0 Mo] - (.Microsoft Corporation - Paramètres.) - (10.0.17134.112) = C:\Windows\ImmersiveControlPanel\SystemSettings.exe [13/06/2018 00:50:09] CPU Usage:0 % --> Command Line : 8992 | [Owner : Anaïs | Parent : 940(svchost.exe) | 0.45 Mo] - (.Microsoft Corporation - Microsoft Edge.) - (11.0.17134.112) = C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe [13/06/2018 00:54:22] CPU Usage:0 % --> Command Line : 3572 | [Owner : Anaïs | Parent : 940(svchost.exe) | 1.4 Mo] - (.Microsoft Corporation - Browser_Broker.) - (11.0.17134.1) = C:\Windows\System32\browser_broker.exe [12/04/2018 01:33:53] CPU Usage:0 % --> Command Line : 11624 | [Owner : Anaïs | Parent : 940(svchost.exe) | 1.14 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.17134.1) = C:\Windows\System32\RuntimeBroker.exe [12/04/2018 01:34:06] CPU Usage:0 % --> Command Line : 9272 | [Owner : Anaïs | Parent : 940(svchost.exe) | 0.14 Mo] - (.Microsoft Corporation - Microsoft Edge Content Process.) - (11.0.17134.112) = C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe [13/06/2018 00:50:11] CPU Usage:0 % --> Command Line : 11388 | [Owner : Anaïs | Parent : 940(svchost.exe) | 0.2 Mo] - (.Microsoft Corporation - Microsoft Edge Content Process.) - (11.0.17134.112) = C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe [13/06/2018 00:50:11] CPU Usage:0 % --> Command Line : 10716 | [Owner : Système | Parent : 804(services.exe) | 7.53 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 12752 | [Owner : Anaïs | Parent : 940(svchost.exe) | 8.47 Mo] - (.Microsoft Corporation - Photo Gallery.) - (16.4.3528.331) = C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe [31/03/2014 21:34:22] CPU Usage:0 % --> Command Line : 13044 | [Owner : Anaïs | Parent : 940(svchost.exe) | 9.72 Mo] - (.Microsoft Corporation - Photo Gallery.) - (16.4.3528.331) = C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe [31/03/2014 21:34:22] CPU Usage:0 % --> Command Line : 2804 | [Owner : Système | Parent : 804(services.exe) | 2.76 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 12760 | [Owner : SERVICE RÉSEAU | Parent : 804(services.exe) | 10.98 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 5688 | [Owner : Système | Parent : 804(services.exe) | 5.25 Mo] - (.Dropbox, Inc. - Dropbox Service.) - (1.0.24.0) = C:\Windows\System32\DbxSvc.exe [18/06/2018 12:23:28] CPU Usage:0 % --> Command Line : 13580 | [Owner : Anaïs | Parent : 12972() | 45.69 Mo] - (.Dropbox, Inc. - Dropbox.) - (52.4.58.0) = C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [20/06/2018 20:09:30] CPU Usage:0 % --> Command Line : 12400 | [Owner : Anaïs | Parent : 13580(Dropbox.exe) | 7.81 Mo] - (.Dropbox, Inc. - Dropbox.) - (52.4.58.0) = C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [20/06/2018 20:09:30] CPU Usage:0 % --> Command Line : 12308 | [Owner : Anaïs | Parent : 13580(Dropbox.exe) | 6.91 Mo] - (.Dropbox, Inc. - Dropbox.) - (52.4.58.0) = C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [20/06/2018 20:09:30] CPU Usage:0 % --> Command Line : 12316 | [Owner : Anaïs | Parent : 1364(chrome.exe) | 72.86 Mo] - (.Google Inc. - Google Chrome.) - (68.0.3440.25) = C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe [19/06/2018 19:55:40] CPU Usage:0 % --> Command Line : 11584 | [Owner : Anaïs | Parent : 1364(chrome.exe) | 126.26 Mo] - (.Google Inc. - Google Chrome.) - (68.0.3440.25) = C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe [19/06/2018 19:55:40] CPU Usage:0 % --> Command Line : 5036 | [Owner : Système | Parent : 804(services.exe) | ?????] - (.AVAST Software - Avast Service.) - (18.4.3895.0) = C:\Program Files\AVAST Software\Avast\AvastSvc.exe [19/05/2018 00:37:30] CPU Usage:0 % --> Command Line : 4648 | [Owner : Système | Parent : 804(services.exe) | 6.34 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 1220 | [Owner : SERVICE LOCAL | Parent : 804(services.exe) | 5.12 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 6844 | [Owner : SERVICE LOCAL | Parent : 804(services.exe) | 8.02 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 9728 | [Owner : Système | Parent : 804(services.exe) | 6.59 Mo] - (.Hewlett-Packard Development Company, L.P. - HP WMI Service.) - (1.4.1.0) = C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [17/08/2015 17:13:02] CPU Usage:0 % --> Command Line : 7244 | [Owner : Anaïs | Parent : 1364(chrome.exe) | 26.52 Mo] - (.Google Inc. - Google Chrome.) - (68.0.3440.25) = C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe [19/06/2018 19:55:40] CPU Usage:0 % --> Command Line : 7352 | [Owner : Anaïs | Parent : 1364(chrome.exe) | 126.74 Mo] - (.Google Inc. - Google Chrome.) - (68.0.3440.25) = C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe [19/06/2018 19:55:40] CPU Usage:0 % --> Command Line : 10344 | [Owner : Anaïs | Parent : 1364(chrome.exe) | 167.03 Mo] - (.Google Inc. - Google Chrome.) - (68.0.3440.25) = C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe [19/06/2018 19:55:40] CPU Usage:0 % --> Command Line : 13824 | [Owner : Anaïs | Parent : 1364(chrome.exe) | 89.61 Mo] - (.Google Inc. - Google Chrome.) - (68.0.3440.25) = C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe [19/06/2018 19:55:40] CPU Usage:0 % --> Command Line : 1968 | [Owner : Anaïs | Parent : 1364(chrome.exe) | 169.1 Mo] - (.Google Inc. - Google Chrome.) - (68.0.3440.25) = C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe [19/06/2018 19:55:40] CPU Usage:0 % --> Command Line : 8860 | [Owner : Anaïs | Parent : 1364(chrome.exe) | 47.49 Mo] - (.Google Inc. - Google Chrome.) - (68.0.3440.25) = C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe [19/06/2018 19:55:40] CPU Usage:0 % --> Command Line : 2912 | [Owner : Anaïs | Parent : 1364(chrome.exe) | 80.55 Mo] - (.Google Inc. - Google Chrome.) - (68.0.3440.25) = C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe [19/06/2018 19:55:40] CPU Usage:0 % --> Command Line : 11588 | [Owner : Anaïs | Parent : 1364(chrome.exe) | 213 Mo] - (.Google Inc. - Google Chrome.) - (68.0.3440.25) = C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe [19/06/2018 19:55:40] CPU Usage:4 % --> Command Line : 4584 | [Owner : Anaïs | Parent : 940(svchost.exe) | 45.04 Mo] - (.Microsoft Corporation - Windows Defender SmartScreen.) - (10.0.17134.1) = C:\Windows\System32\smartscreen.exe [12/04/2018 01:34:06] CPU Usage:0 % --> Command Line : 7424 | [Owner : Anaïs | Parent : 1860(AvastUI.exe) | 101.68 Mo] - (.AVAST Software - Avast Antivirus.) - (18.4.3895.327) = C:\Program Files\AVAST Software\Avast\AvastUI.exe [08/06/2018 20:39:13] CPU Usage:0 % --> Command Line : 4176 | [Owner : Système | Parent : 804(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 13788 | [Owner : SERVICE LOCAL | Parent : 2648(svchost.exe) | 19.65 Mo] - (.Microsoft Corporation - Isolation graphique de périphérique audio Windows.) - (10.0.17134.112) = C:\Windows\System32\audiodg.exe [13/06/2018 00:52:46] CPU Usage:0 % --> Command Line : 10124 | [Owner : Anaïs | Parent : 1364(chrome.exe) | 52.18 Mo] - (.SosVirus - QuickDiag.) - (20.6.18.1) = C:\Users\Anaïs\Desktop\QuickDiag.exe [21/06/2018 12:33:55] CPU Usage:0 % --> Command Line : 14240 | [Owner : Système | Parent : 804(services.exe) | 5.61 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] CPU Usage:0 % --> Command Line : 10044 | [Owner : SERVICE RÉSEAU | Parent : 940(svchost.exe) | 9.96 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.17134.1) = C:\Windows\SysWOW64\wbem\WmiPrvSE.exe [12/04/2018 01:34:55] CPU Usage:0 % --> Command Line : ---------- | Locked Applications [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{f9e93b39-49d1-4179-9848-a5a2896955ea}] - () - (%systemroot%\system32\mrt.exe) ---------- | Explorer.exe Hook (Microsoft Files Whitelisted) (..-..) - (0.0.0.0) -- C:\Windows\System32\InputHost.dll (.HP Inc..-.HP DeskBand.) - (8.2.2.0) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFTaskbar.dll (..-..) - (0.0.0.0) -- C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll differs from file image: (..-..) - (0.0.0.0) -- : Mon Jun 18 12:15:10 2018 (..-..) - (0.0.0.0) -- : Mon Jun 04 12:12:20 2018 (.Dropbox, Inc..-.Dropbox Shell Extension.) - (1.0.22.0) -- C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll (.AVAST Software.-.Avast Shell Extension.) - (18.4.3895.0) -- C:\Program Files\AVAST Software\Avast\ashShA64.dll (.Intel Corporation.-.User Mode Driver for Intel(R) Graphics Technology.) - (20.19.15.4549) -- C:\WINDOWS\SYSTEM32\igd10iumd64.dll (.Intel Corporation.-.Unified Shader Compiler for Intel(R) Graphics Accelerator.) - (20.19.15.4549) -- C:\WINDOWS\SYSTEM32\igdusc64.dll (..-..) - (0.0.0.0) -- C:\Windows\ShellExperiences\TileControl.dll (..-..) - (0.0.0.0) -- C:\Windows\ShellComponents\TaskFlowUI.dll ---------- | Svchost.exe Hook (Microsoft Files Whitelisted) (.http://www.sqlite.org/copyright.html.-.SQLite is a software library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine..) - (3.21.0.0) -- C:\windows\system32\winsqlite3.dll (.© Copyright 2010 Hewlett-Packard Company.-.Hewlett-Packard WIA 2.0 scanner driver.) - (31.0.189.0) -- C:\WINDOWS\system32\HPWia2_OJ4630.dll (.Copyright (C) Hewlett-Packard Co. 2011.-.HPScanTRDrv Module.) - (31.0.1150.42326) -- C:\WINDOWS\system32\HPScanTRDrv_OJ4630.dll (.Copyright (C) 2014 AVAST Software.-.Hook Library.) - (18.4.3.28536) -- C:\Program Files\AVAST Software\Avast\x64\aswhooka.dll ---------- | ZeroAccess Check [HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll [HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll [HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll ---------- | Startings up OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-19\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE LOCAL OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-20\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE RÉSEAU EOS Utility - (EOS Utility.lnk [Startup]) - User: DESKTOP-B9A6OIH\Anaïs OneDrive - ("C:\Users\Anaïs\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background [HKU\S-1-5-21-496730697-2844734673-1435591839-1001\SOFTWARE\...\Run]) - User: DESKTOP-B9A6OIH\Anaïs Skype - ("C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [HKU\S-1-5-21-496730697-2844734673-1435591839-1001\SOFTWARE\...\Run]) - User: DESKTOP-B9A6OIH\Anaïs CCleaner Monitoring - ("C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR [HKU\S-1-5-21-496730697-2844734673-1435591839-1001\SOFTWARE\...\Run]) - User: DESKTOP-B9A6OIH\Anaïs HP Officejet 4630 series (NET) - ("C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN43D2P1P005Y0:NW" -scfn "HP Officejet 4630 series (NET)" -AutoStart 1 [HKU\S-1-5-21-496730697-2844734673-1435591839-1001\SOFTWARE\...\Run]) - User: DESKTOP-B9A6OIH\Anaïs SecurityHealth - (%ProgramFiles%\Windows Defender\MSASCuiL.exe [HKLM\SOFTWARE\...\Run]) - User: Public RTHDVCPL - ("C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s [HKLM\SOFTWARE\...\Run]) - User: Public AvastUI.exe - ("C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui [HKLM\SOFTWARE\...\Run]) - User: Public [HKU\S-1-5-21-496730697-2844734673-1435591839-1001\Software\Microsoft\Command Processor] "CompletionChar"=9 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=9 [HKU\S-1-5-21-496730697-2844734673-1435591839-1001\Software\Microsoft\Windows\CurrentVersion\Run] "OneDrive"="C:\Users\Anaïs\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR "HP Officejet 4630 series (NET)"="C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN43D2P1P005Y0:NW" -scfn "HP Officejet 4630 series (NET)" -AutoStart 1 [HKU\S-1-5-21-496730697-2844734673-1435591839-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run] "OneDriveSetup"=0x020000000000000000000000 "OneDrive"=0x020000000000000000000000 "Skype"=0x020000000000000000000000 "CCleaner Monitoring"=0x020000000000000000000000 "HP Officejet 4630 series (NET)"=0x020000000000000000000000 "uTorrent"=0x020000000000000000000000 "AvastBrowserAutoLaunch_C0C3F9BB020D185D015A394CF007E69F"=0x020000000000000000000000 [HKU\S-1-5-21-496730697-2844734673-1435591839-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "Device"=HP Officejet 4630 series (réseau),winspool,Ne02: "IsMRUEstablished"=1 "LegacyDefaultPrinterMode"=1 [HKLM\Software\Microsoft\Command Processor] "DefaultColor"=0 "EnableExtensions"=1 "CompletionChar"=64 "PathCompletionChar"=64 [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "SecurityHealth"=%ProgramFiles%\Windows Defender\MSASCuiL.exe "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run] "SecurityHealth"=0x040000000000000000000000 "RTHDVCPL"=0x040000000000000000000000 "RUNFBI"=0x040000000000000000000000 "SynTPEnh"=0x040000000000000000000000 "AvastUI.exe"=0x020000000000000000000000 "WindowsDefender"=0x020000000000000000000000 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32] "StartCCC"=0x040000000000000000000000 "HPMessageService"=0x040000000000000000000000 "AccelerometerSysTrayApplet"=0x040000000000000000000000 "PowerDVD14Agent"=0x040000000000000000000000 "mcpltui_exe"=0x040000000000000000000000 "HP Software Update"=0x020000000000000000000000 "Dropbox"=0x020000000000000000000000 "HPRadioMgr"=0x020000000000000000000000 "SDTray"=0x020000000000000000000000 [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] ""=mnmsrvc "AppInit_DLLs"= "DdeSendTimeout"=0 "DesktopHeapLogging"=1 "DeviceNotSelectedTimeout"=15 "DwmInputUsesIoCompletionPort"=1 "EnableDwmInputProcessing"=7 "GDIProcessHandleQuota"=10000 "IconServiceLib"=IconCodecService.dll "LoadAppInit_DLLs"=0 "NaturalInputHandler"=Ninput.dll "ShutdownWarningDialogTimeout"=4294967295 "Spooler"=yes "ThreadUnresponsiveLogTimeout"=500 "TransmissionRetryTimeout"=90 "USERNestedWindowLimit"=50 "USERPostMessageLimit"=10000 "USERProcessHandleQuota"=10000 "Win32kLastWriteTime"=1D3D1ED98C0F7D8 [HKLM\Software\WOW6432Node\Microsoft\Command Processor] "CompletionChar"=9 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=9 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun "HPMessageService"=C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [19/08/2015 13:12:12] "HP Software Update"=C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [30/05/2013 14:50:10] "Dropbox"="C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup "SDTray"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows] ""=mnmsrvc "AppInit_DLLs"= "DdeSendTimeout"=0 "DesktopHeapLogging"=1 "DeviceNotSelectedTimeout"=15 "DwmInputUsesIoCompletionPort"=1 "EnableDwmInputProcessing"=7 "GDIProcessHandleQuota"=10000 "IconServiceLib"=IconCodecService.dll "LoadAppInit_DLLs"=0 "NaturalInputHandler"=Ninput.dll "ShutdownWarningDialogTimeout"=4294967295 "Spooler"=yes "ThreadUnresponsiveLogTimeout"=500 "TransmissionRetryTimeout"=90 "USERNestedWindowLimit"=50 "USERPostMessageLimit"=10000 "USERProcessHandleQuota"=10000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED} ---------- | Wininit.ini : [rename] nul=c:\tempjunk4411.tmp c:\tempjunk4411.tmp=C:\Users\Anaïs\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GW3UGDN3\skype.com\#ui\preferences.sol ---------- | Win.ini : ---------- | System.ini : ---------- | Tasks List Avast Emergency Update Avast SecureLine avast! SL Update CCleaner Update CCleanerSkipUAC DropboxOEM DropboxUpdateTaskMachineCore DropboxUpdateTaskMachineUA GoogleUpdateTaskMachineCore GoogleUpdateTaskMachineUA HP AR Program Upload - 1ad74647107942a6ba3ecb2482d7cf9f47f971b04f474a92bdc0b4edf95827b7 HP AR Program Upload - 4292118b0f684235b1a6165ff3e2545d52196a6e63574b73bb40f400377a3437 HP AR Program Upload - 9c5d31c22e214926b267f9d404af62627c30844fc6b548ad91b550d03d01da19 HP AR Program Upload - a9417186da5646bf814c5c0b8063fec1990917da76b448e6877145c353b79e41 HPCeeScheduleForAnaïs HPCustParticipation HP Officejet 4630 series OneDrive Standalone Update Task-S-1-5-21-496730697-2844734673-1435591839-1001 User_Feed_Synchronization-{F802EBD8-B661-4C98-BDA5-8933F7832C36} ---------- | Startings up registry ? Folder ---------- | Control - lsa - SecurityProviders - Session Manager - Terminal Server [HKLM\System\CurrentControlSet\Control] "BootDriverFlags"=28 "CurrentUser"=USERNAME "EarlyStartServices"=RpcSs Power BrokerInfrastructure SystemEventsBroker DcomLaunch RpcEpMapper LSM AppIdSvc "PreshutdownOrder"=UsoSvc DeviceInstall gpsvc trustedinstaller "SvcHostSplitThresholdInKB"=3670016 "WaitToKillServiceTimeout"=200 "SystemStartOptions"= NOEXECUTE=OPTIN NOVGA "SystemBootDevice"=multi(0)disk(0)rdisk(0)partition(3) "FirmwareBootDevice"=multi(0)disk(0)rdisk(0)partition(1) "LastBootSucceeded"=1 "LastBootShutdown"=1 "DirtyShutdownCount"=1 [HKLM\System\CurrentControlSet\Control\lsa] "auditbasedirectories"=0 "auditbaseobjects"=0 "Bounds"=0x0030000000200000 "crashonauditfail"=0 "LimitBlankPasswordUse"=1 "NoLmHash"=1 "Security Packages"="" [06/10/2016 15:01:38] "Notification Packages"=scecli "Authentication Packages"=msv1_0 "disabledomaincreds"=0 "everyoneincludesanonymous"=0 "forceguest"=0 "fullprivilegeauditing"=0x80 "LsaPid"=824 "ProductType"=3 "restrictanonymous"=0 "restrictanonymoussam"=1 "SecureBoot"=1 [HKLM\System\CurrentControlSet\Control\SecurityProviders] "SecurityProviders"=credssp.dll [HKLM\System\CurrentControlSet\Control\Session Manager] "AutoChkTimeout"=8 "BootExecute"=autocheck autochk * sdnclean64.exe "BootShell"=%SystemRoot%\system32\bootim.exe "CriticalSectionTimeout"=2592000 "ExcludeFromKnownDlls"= "GlobalFlag"=0 "HeapDeCommitFreeBlockThreshold"=0 "HeapDeCommitTotalFreeThreshold"=0 "HeapSegmentCommit"=0 "HeapSegmentReserve"=0 "InitConsoleFlags"=0 "NumberOfInitialSessions"=2 "ObjectDirectories"=\Windows \RPC Control "ProcessorControl"=2 "ProtectionMode"=1 "RunLevelExecute"=WinInit ServiceControlManager "RunLevelValidate"=ServiceControlManager "SETUPEXECUTE"= "AutoChkSkipSystemPartition"=0 "ResourceTimeoutCount"=648000 "PendingFileRenameOperations"=\??\C:\Program Files (x86)\Dropbox\OldBinaries [HKLM\System\CurrentControlSet\Control\Terminal Server] "AllowRemoteRPC"=0 "DelayConMgrTimeout"=0 "DeleteTempDirsOnExit"=1 "fDenyTSConnections"=1 "fSingleSessionPerUser"=1 "NotificationTimeOut"=0 "PerSessionTempDir"=0 "ProductVersion"=5.1 "RCDependentServices"=CertPropSvc SessionEnv "SnapshotMonitors"=1 "StartRCM"=0 "TSUserEnabled"=0 "InstanceID"=af11c245-6243-4d6e-859f-4dadd37 "GlassSessionId"=1 ---------- | .LNK with Arguments c:\hp\hpqware\startmenulink\all\all\booking.com.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.booking.com/index.html?aid=398438&label=square) - Hidden: False - Status: OK c:\hp\hpqware\taskbar\tripadvisor.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://js.redirect.hp.com/jumpstation?bd=all&c=none&locale=all&pf=cnnb&s=TripAdvisor_iefav&tp=iefavs) - Hidden: False - Status: OK ---------- | AppCertDlls ---------- | Dnsapi.dll C:\WINDOWS\System32\dnsapi.dll -> OK : \drivers\etc\hosts C:\WINDOWS\SysWOW64\dnsapi.dll -> OK : \drivers\etc\hosts ---------- | Policies | Registry [HKU\S-1-5-21-496730697-2844734673-1435591839-1001\Control Panel\Desktop] "ActiveWndTrackTimeout"=0 "BlockSendInputResets"=0 "CaretTimeout"=5000 "CaretWidth"=1 "ClickLockTime"=1200 "CoolSwitchColumns"=7 "CoolSwitchRows"=3 "CursorBlinkRate"=530 "DockMoving"=1 "DragFromMaximize"=1 "DragFullWindows"=1 "DragHeight"=4 "DragWidth"=4 "FocusBorderHeight"=1 "FocusBorderWidth"=1 "FontSmoothing"=2 "FontSmoothingGamma"=0 "FontSmoothingOrientation"=1 "FontSmoothingType"=2 "ForegroundFlashCount"=7 "ForegroundLockTimeout"=200000 "LeftOverlapChars"=3 "MenuShowDelay"=400 "MouseWheelRouting"=2 "PaintDesktopVersion"=0 "Pattern"=0 "RightOverlapChars"=3 "ScreenSaveActive"=1 "SnapSizing"=1 "TileWallpaper"=0 "WallPaper"=C:\windows\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg [08/12/2015 20:30:41] "WallpaperOriginX"=0 "WallpaperOriginY"=0 "WallpaperStyle"=10 "WheelScrollChars"=3 "WheelScrollLines"=3 "WindowArrangementActive"=1 "Win8DpiScaling"=0 "DpiScalingVer"=4096 "UserPreferencesMask"=0x9E1E078012000000 "MaxVirtualDesktopDimension"=1600 "MaxMonitorDimension"=1600 "TranscodedImageCount"=2 "LastUpdated"=4294967295 "TranscodedImageCache"=0x7AC30100C65A13004006000084030000461E2E8BE631D10143003A005C00770069006E0064006F00770073005C007700650062005C00770061006C006C00700061007000650072005C004800650077006C006500740074002D005000610063006B0061007200640020004200610063006B00670072006F0075006E00640073005C006200610063006B00670072006F0075006E006400440065006600610075006C0074002E006A007000670000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 "WaitToKillAppTimeout"=200 "HungAppTimeout"=200 [HKU\S-1-5-21-496730697-2844734673-1435591839-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{E31EA727-12ED-4702-820C-4B6445F28E1A}"=1 "{018D5C66-4533-4307-9B53-224DE2ED1FE6}"=1 [HKU\S-1-5-21-496730697-2844734673-1435591839-1001\Software\Microsoft\Windows\CurrentVersion\Explorer] "ShellState"=0x240000003428000000000000000000000000000001000000130000000000000062000000 "ExplorerStartupTraceRecorded"=1 "UserSignedIn"=1 "SlowContextMenuEntries"=0x60631744BF2BC14E93CE384B8681A0BCD81D0000EE21215E0003D4118D3B4445535400003C100000B083204722C5CF11876300608CC02F24F71800000114020000000000C000000000000046A93200005D54A9A2C2A0B4429708A0B2BADD77C82D100000 "SIDUpdatedOnLibraries"=1 "LocalKnownFoldersMigrated"=1 "TelemetrySalt"=5 "GlobalAssocChangedCounter"=80 "FirstRunTelemetryComplete"=1 "AppReadinessLogonComplete"=1 "EdgeDesktopShortcutCreated"=1 "PostAppInstallTasksCompleted"=1 [HKU\S-1-5-21-496730697-2844734673-1435591839-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_SearchFiles"=2 "ServerAdminUI"=0 "Hidden"=2 "ShowCompColor"=1 "HideFileExt"=1 "DontPrettyPath"=0 "ShowInfoTip"=1 "HideIcons"=0 "MapNetDrvBtn"=0 "WebView"=1 "Filter"=0 "ShowSuperHidden"=0 "SeparateProcess"=0 "AutoCheckSelect"=0 "IconsOnly"=0 "ShowTypeOverlay"=1 "ShowStatusBar"=1 "ListviewAlphaSelect"=1 "ListviewShadow"=1 "TaskbarAnimations"=1 "StoreAppsOnTaskbar"=1 "EnableStartMenu"=1 "StartMenuInit"=13 "ReindexedProfile"=1 "TaskbarStateLastRun"=0xC4DC2A5B00000000 "DisablePreviewDesktop"=0 [HKU\S-1-5-21-496730697-2844734673-1435591839-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\WordWheelQuery] "MRUListEx"=0x020000000100000000000000FFFFFFFF "0"=0x680065006C00700061006E0065000000 "1"=0x680065006C007000700061006E0065000000 "2"=0x620065006E00760065000000 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "DSCAutomationHostEnabled"=2 "EnableCursorSuppression"=1 "EnableFullTrustStartupTasks"=2 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableUwpStartupTasks"=2 "EnableVirtualization"=1 "PromptOnSecureDesktop"=1 "SupportFullTrustStartupTasks"=1 "SupportUwpStartupTasks"=1 "ValidateAdminCodeSignatures"=0 "undockwithoutlogon"=1 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "ForceActiveDesktopOn"=0 "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "NoRecentDocsHistory"=0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoAddingComponents"=1 "NoComponents"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "CheckedValue"=1 "DefaultValue"=2 "HKeyRoot"=2147483649 "Id"=2 "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "ValueName"=Hidden [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer] "ActiveSetupDisabled"=0 "ActiveSetupTaskOverride"=1 "AsyncRunOnce"=1 "AsyncUpdatePCSettings"=1 "DisableAppInstallsOnFirstLogon"=1 "DisableResolveStoreCategories"=1 "DisableUpgradeCleanup"=1 "EarlyAppResolverStart"=1 "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "FSIASleepTimeInMs"=60000 "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "IconUnderline"=2 "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "MachineOobeUpdates"=1 "NoWaitOnRoamingPayloads"=1 "TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd} "SmartScreenEnabled"=RequireAdmin "GlobalAssocChangedCounter"=4 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_TrackDocs"=1 "TaskbarSizeMove"=0 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "DSCAutomationHostEnabled"=2 "EnableCursorSuppression"=1 "EnableFullTrustStartupTasks"=2 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableUwpStartupTasks"=2 "EnableVirtualization"=1 "PromptOnSecureDesktop"=1 "SupportFullTrustStartupTasks"=1 "SupportUwpStartupTasks"=1 "ValidateAdminCodeSignatures"=0 "undockwithoutlogon"=1 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer] "ForceActiveDesktopOn"=0 "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "NoRecentDocsHistory"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoAddingComponents"=1 "NoComponents"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "CheckedValue"=1 "DefaultValue"=2 "HKeyRoot"=2147483649 "Id"=2 "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "ValueName"=Hidden [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer] "ActiveSetupDisabled"=0 "ActiveSetupTaskOverride"=1 "AsyncRunOnce"=1 "AsyncUpdatePCSettings"=1 "DisableAppInstallsOnFirstLogon"=1 "DisableResolveStoreCategories"=1 "DisableUpgradeCleanup"=1 "EarlyAppResolverStart"=1 "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "FSIASleepTimeInMs"=60000 "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "IconUnderline"=2 "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "MachineOobeUpdates"=1 "NoWaitOnRoamingPayloads"=1 "TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd} "GlobalAssocChangedCounter"=13 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_TrackDocs"=1 "TaskbarSizeMove"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s ---------- | Winlogon [HKU\S-1-5-21-496730697-2844734673-1435591839-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin;OneDrive;Work Folders "PUUActive"=0x0EFB17D0040000000A0060008C9B06009954080099540800D200000002000900204EE39A1AFE1300A64B0E00D54F0200EB1302008F880000000000008B0A0E007D0800000F0200005DF1A7004B09D4018D2271000000000001000000EE894F00EE420000131E000030D5D30000000000 "BuildNumber"=17134 "FirstLogon"=0 "DP"=0xD200E800280000000A0000000EFB17D000000000000000001A32F0AD2A09D4011A32F0AD2A09D401000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000F03F80510100320B000088011C0C8C011C0C4F0800802410320B6416320B4C9200400F9518010FF5980314CD00804023140A50B3151AC42701000C8248400E8248512A3F01C00302085103020C51432C0180129186471293864F55F400808060020180E04209206D0000014046010140560199FC00801149881451799A140C5800004320022153666661 "ParseAutoexec"=1 [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "AutoRestartShell"=1 "Background"=0 0 0 "CachedLogonsCount"=10 "DebugServerCommand"=no "DefaultDomainName"= "DisableBackButton"=1 "EnableSIHostIntegration"=1 "ForceUnlockLogon"=0 "LegalNoticeCaption"= "LegalNoticeText"= "PasswordExpiryWarning"=5 "PowerdownAfterShutdown"=0 "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "ReportBootOk"=1 "Shell"=explorer.exe "ShellCritical"=0 "ShellInfrastructure"=sihost.exe "SiHostCritical"=0 "SiHostReadyTimeOut"=0 "SiHostRestartCountLimit"=0 "SiHostRestartTimeGap"=0 "VMApplet"=SystemPropertiesPerformance.exe /pagefile "WinStationsDisabled"=0 "scremoveoption"=0 "LastLogOffEndTimePerfCounter"=157287028408 "ShutdownFlags"=39 "Userinit"=C:\Windows\system32\userinit.exe, "DisableCad"=1 "DisableLockWorkstation"=0 "AutoAdminLogon"=0 "DefaultUserName"=Anaïs "EnableFirstLogonAnimation"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon] "DefaultDomainName"= "DefaultUserName"= "EnableSIHostIntegration"=1 "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "Shell"=explorer.exe "ShellCritical"=0 "SiHostCritical"=0 "SiHostReadyTimeOut"=0 "SiHostRestartCountLimit"=0 "SiHostRestartTimeGap"=0 ---------- | Associations [HKLM\Software\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\Classes\.com] ""=comfile [HKLM\Software\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.reg] ""=regfile [HKLM\Software\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\Classes\.scr] ""=scrfile [HKLM\Software\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\Classes\.bat] ""=batfile [HKLM\Software\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.cmd] ""=cmdfile [HKLM\Software\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.pif] ""=piffile [HKLM\Software\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.inf] ""=inffile [HKLM\Software\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\Classes\.url] ""=InternetShortcut [HKLM\Software\Classes\.lnk] ""=lnkfile [HKLM\Software\Classes\.hta] ""=htafile "Content Type"=application/hta "PerceivedType"=text [HKLM\Software\Classes\htafile\Shell\Open\Command] ""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* [HKLM\Software\Classes\InternetShortcut] "EditFlags"=2 "FriendlyTypeName"=@C:\WINDOWS\system32\ieframe.dll,-10046 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "NeverShowExt"= "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment ""=Raccourci Internet [HKLM\Software\Classes\Application.Manifest] ""=Application Manifest "BrowserFlags"=4096 "EditFlags"=4259840 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200 [HKLM\Software\Classes\Application.Reference] ""=Application Reference "EditFlags"=131072 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201 "IsShortcut"= "NeverShowExt"= [HKLM\Software\Classes\Folder] ""=Folder "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeLayoutPatternForSearch"=alpha "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.HomeGroupSharingStatus [HKLM\Software\WOW6432Node\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\WOW6432Node\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\WOW6432Node\Classes\.com] ""=comfile [HKLM\Software\WOW6432Node\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.reg] ""=regfile [HKLM\Software\WOW6432Node\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\WOW6432Node\Classes\.scr] ""=scrfile [HKLM\Software\WOW6432Node\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\WOW6432Node\Classes\.bat] ""=batfile [HKLM\Software\WOW6432Node\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.cmd] ""=cmdfile [HKLM\Software\WOW6432Node\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.pif] ""=piffile [HKLM\Software\WOW6432Node\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.inf] ""=inffile [HKLM\Software\WOW6432Node\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\WOW6432Node\Classes\.url] ""=InternetShortcut [HKLM\Software\WOW6432Node\Classes\.lnk] ""=lnkfile [HKLM\Software\WOW6432Node\Classes\.hta] ""=htafile "Content Type"=application/hta "PerceivedType"=text [HKLM\Software\WOW6432Node\Classes\htafile\Shell\Open\Command] ""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* [HKLM\Software\WOW6432Node\Classes\InternetShortcut] "EditFlags"=2 "FriendlyTypeName"=@C:\WINDOWS\system32\ieframe.dll,-10046 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "NeverShowExt"= "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment ""=Raccourci Internet [HKLM\Software\WOW6432Node\Classes\Application.Manifest] ""=Application Manifest "BrowserFlags"=4096 "EditFlags"=4259840 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200 [HKLM\Software\WOW6432Node\Classes\Application.Reference] ""=Application Reference "EditFlags"=131072 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201 "IsShortcut"= "NeverShowExt"= [HKLM\Software\WOW6432Node\Classes\Folder] ""=Folder "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeLayoutPatternForSearch"=alpha "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.HomeGroupSharingStatus [HKLM\Software\Clients\StartMenuInternet\Google Chrome Beta\Shell\open\Command] ""="C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe" [HKLM\Software\Clients\StartMenuInternet\Google Chrome Beta\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe" --make-default-browser [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""=C:\Program Files\Internet Explorer\iexplore.exe [12/04/2018 18:19:11] [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome Beta\Shell\open\Command] ""="C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome Beta\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe" --make-default-browser [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""=C:\Program Files\Internet Explorer\iexplore.exe [12/04/2018 18:19:11] [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall ---------- | AppcompatFlags [HKU\S-1-5-21-496730697-2844734673-1435591839-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store] "C:\Users\Anaïs\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C03802000BA5020001000000000000000000000A002100000261329FFFBAD0010000000100000000 "C:\Users\Anaïs\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C8BA020001D3020001000000000000000000000A002100000261329FFFBAD0010000000100000000 "C:\Users\Anaïs\Downloads\ChromeSetup.exe"=0x5341435001000000000000000700000028000000A04110008862100001000000000000000000000A002100000261329FFFBAD0010000008100000000 "C:\Users\Anaïs\AppData\Local\Temp\GUMBFE4.tmp\GoogleUpdateSetup.exe"=0x5341435001000000000000000700000028000000A04110008862100001000000000000000000000A002100000261329FFFBAD00100000080000000000200000028000000000000000000004000000000000000000000000000000000F0951200000000000100000001000000 "C:\Users\Anaïs\Downloads\avast_free_antivirus_setup_online.exe"=0x534143500100000000000000070000002800000080A96000747E610001000000000000000000000A002100000261329FFFBAD001000000000000000002000000280000000000000000000040000000000000000000000000000000008D201600000000000100000001000000 "C:\Users\Anaïs\Downloads\SkypeSetupFull.exe"=0x534143500100000000000000070000002800000080347D02643A7D0201000000000000000000000A002100000261329FFFBAD0010000000000000000020000002800000000000000000000400000000000000000000000000000000017FD3B03000000000100000001000000 "C:\Users\Anaïs\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C0AC02007050030001000000000000000000000A002100000261329FFFBAD0010000000100000000 "C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.143\Installer\setup.exe"=0x534143500100000000000000070000002800000068121800CA64180003000000000000000000000A00210000078CBF8EFFBAD00100000000000000000200000028000000000000000000000000000000000000000000000000000000EC460000000000000100000001000000 "C:\Users\Anaïs\Downloads\ChromeSetup (1).exe"=0x5341435001000000000000000700000028000000A04110008862100001000000000000000000000A002100000261329FFFBAD001000000800000000002000000280000000000000000000000000000000000000000000000000000002C000400000000000100000001000000 "C:\Users\Anaïs\Downloads\winrar-32-bits_5-40_fr_9632.exe"=0x5341435001000000000000000700000028000000A0941F00732C200001000000000000000000000A002100000261329FFFBAD0010000000000000000020000002800000000000000000000400000000000000000000000000000000017A30300000000000100000001000000 "C:\Users\Anaïs\Downloads\wrar540fr.exe"=0x5341435001000000000000000700000028000000A0941F00732C200001000000000000000000000A002100000261329FFFBAD0010000008000000000020000002800000000000000000000400000000000000000000000000000000039A50000000000000200000002000000 "C:\Program Files (x86)\WinRAR\WinRAR.exe"=0x534143500100000000000000070000002800000090E316006B2B170001000000000000000000000A002100000261329FFFBAD001000000000000000002000000280000000000000000000000000000000000000000000000000000000E180300000000000200000002000000 "C:\Users\Anaïs\Downloads\winrar-x64-540fr.exe"=0x534143500100000000000000070000002800000058D92200119C230001000000000000000000000A00210000078CBF8EFFBAD0010000000000000000020000002800000000000000000000400000000000000000000000000000000005480000000000000100000001000000 "C:\Program Files\WinRAR\WinRAR.exe"=0x534143500100000000000000070000002800000090AB1700BE9B180001000000000000000000000A00210000E78E163C2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000A19C1B08000000002E0000002E000000 "C:\Users\Anaïs\Downloads\wlsetup-web.exe"=0x5341435001000000000000000700000028000000C8FC12002F9D1300010000000000000000000306710200000261329FFFBAD00100000000000000000200000028000000000000000000005000000000000000000000000000000000E56C0300000000000100000001000000 "C:\Users\Anaïs\Downloads\uTorrent.exe"=0x5341435001000000000000000700000028000000C03E2400C6FB240001000000000000000000000A0021000087BC4419B208D20100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000128E0100000000000100000001000000 "C:\Users\Anaïs\Downloads\vlc-2.2.4-win32.exe"=0x534143500100000000000000070000002800000038E8D1015414D2010100000000000000000001060001000087BC4419B208D20100000000000000000200000028000000000000000000004000000000000000000000000000000000284C0100000000000100000001000000 "C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe"=0x534143500100000000000000070000002800000070CD0700CE86080001000000000000000000000AF122000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000B56E0909000000000400000004000000 "C:\Users\Anaïs\AppData\Local\Temp\7ZipSfx.000\HPSupportSolutionsFramework.exe"=0x534143500100000000000000070000002800000040CC9100BFA8920001000000000000000000000A80210000D4377A5AB208D20100000000000000000200000028000000000000000000004000000000000000000000000000000000D3600200000000000100000001000000 "C:\Users\Anaïs\AppData\Local\Temp\7zS7DD6\Setup.exe"=0x534143500100000000000000070000002800000008541A0060F01A000100000000000000000001060001000087BC4419B208D2010000000000000000020000002800000000000000000000000000000000000000000000000000000053B50400000000000100000001000000 "C:\Program Files\HP\HP Officejet 4630 series\Bin\HP Officejet 4630 series.exe"=0x534143500100000000000000050000001000000000000000000000000000000000000000070000002800000008EA610029E6620001000000000000000000030673220000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000531F1B08000000005400000054000000 "C:\Users\Anaïs\Downloads\adwcleaner_6.021.exe"=0x5341435001000000000000000700000028000000401E3B00175B3B0001000000000000000000000A002100003457EA2DBE1AD2010000000000000000020000002800000000000000000000400000000000000000000000000000000007410200000000000100000001000000 "C:\Users\Anaïs\Desktop\spybot-search-destroy_2-4-03-05-2016_fr_10965.exe"=0x5341435001000000000000000700000028000000A8ECC5025E02C602010000000000000000000306000100003457EA2DBE1AD20100000000000000000200000028000000000000000000000000000000000000000000000000000000BCFB0200000000000100000001000000 "C:\Program Files\mcafee\msc\mcuihost.exe"=0x5341435001000000000000000700000028000000D8FC100091ED110003000000000000000000000A00210000FDD45162C11AD201000000000000000002000000280000000000000000000000000000000000000000000000000000001A170500000000000100000001000000 "C:\Users\Anaïs\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C0AC02007050030001000000000000000000000A0021000033504C2B57DFD1010000000100000000 "C:\Program Files (x86)\Spybot - Search & Destroy 2\unins000.exe"=0x5341435001000000000000000700000028000000306F13008FBA13000300000000000000000003060001000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000249E0000000000000200000002000000 "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe"=0x5341435001000000000000000700000028000000908E5D0026D65D0001000000000000000000000A7122000033504C2B57DFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000081E71700000000000600000006000000 "C:\Users\Anaïs\Downloads\spybot-2.4.exe"=0x5341435001000000000000000700000028000000A8ECC5025E02C6020100000000000000000003060001000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000B7F51D09000000000100000001000000 "C:\Users\Anaïs\Downloads\ZHPDiag3 (1).exe"=0x534143500100000000000000070000002800000000F624004FBA25000100000000000000000003060001000033504C2B57DFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000074BBA604000000000100000001000000 "C:\Program Files (x86)\Microsoft Office\Office15\FIRSTRUN.EXE"=0x5341435001000000000000000700000028000000A81A0F006C6B0F0001000000000000000000000A7120000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000EDBE9101000000000700000007000000 "C:\Users\Anaïs\Downloads\ZHPFix.exe"=0x534143500100000000000000070000002800000051BC35000000000001000000000000000000000A4122000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000127A0000000000000100000001000000 "C:\Program Files (x86)\ZHPFix\ZHPhep.exe"=0x534143500100000000000000070000002800000000421D00000000000100000000000000000002067122000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000003F70300000000000200000002000000 "C:\Users\Anaïs\AppData\Roaming\ZHP\ZHPDiag3.exe"=0x534143500100000000000000070000002800000000F624004FBA25000100000000000000000003060001000033504C2B57DFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000061A80100000000000200000002000000 "C:\Users\Anaïs\ZHPDiag3.exe"=0x534143500100000000000000070000002800000000FE2400BBC225000100000000000000000003060001000033504C2B57DFD10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000ECA70900000000000100000001000000 "C:\Users\Anaïs\Desktop\FRST64.exe"=0x534143500100000000000000070000002800000000BC2400DB4A250001000000000000000000000A00210000D5B3B31A57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000005D250600000000000100000001000000 "C:\Users\Anaïs\AppData\Local\Temp\GUMA2EE.tmp\DropboxUpdate.exe"=0x5341435001000000000000000700000028000000282F0200CE9B02000100000000000000000001060001000033504C2B57DFD10100000080000000000200000028000000000000000000004000000000000000000000000000000000376F1000000000000100000001000000 "C:\Users\Anaïs\Desktop\logiciels et programmes divers\FRST64.exe"=0x534143500100000000000000070000002800000000BC2400DB4A250001000000000000000000000A00210000D5B3B31A57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000B4076D02000000000100000001000000 "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.exe"=0x5341435001000000000000000700000028000000C8DE0400BA30050001000000000000000000000AF5220000DB80FDAC2839D301000000000000000002000000280000000000000000000000000000000000000000000000000000007E800A0D000000000300000003000000 "C:\Users\Anaïs\Desktop\logiciels et programmes divers\pf7-setup-fr-7.2.1.exe"=0x534143500100000000000000070000002800000004614F00000000000100000000000000000000067100000033504C2B57DFD101000000000000000002000000280000000000000000080040000000000000000000000000000000001D7A0B00000000000100000001000000 "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe"=0x5341435001000000000000000700000028000000C0DC010044B6020001000000000000000000030671220000DB80FDAC2839D301000000000000000002000000280000000000000000000010000000000000000000000000000000008683F60F000000002400000024000000 "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Tasks.exe"=0x53414350010000000000000007000000280000002050000072C8000001000000000000000000000AF122000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000DBD30000000000000100000001000000 "C:\Program Files (x86)\PhotoFiltre 7\PhotoFiltre7.exe"=0x5341435001000000000000000700000028000000001435000000000001000000000000000000000A61200000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000F4C4B40F000000002600000026000000 "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Solutions\HPSAObjectMetrics.exe"=0x534143500100000000000000070000002800000020B400009F43010001000000000000000000000AF5220000D5B3B31A57DFD101000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000000000000000000000000000000000000001C250000000000000100000001000000 "C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe"=0x534143500100000000000000070000002800000028380C00EB0E0D0001000000000000000000000A00210000DB80FDAC2839D301000000000000000002000000500000000000000000000012000000000000000000000000000000005B1D7F03000000000100000001000000000000000000000000000000000000000000000000000000A4A6AF08000000000400000000000000 "C:\Users\Anaïs\AppData\Local\Temp\GUMD6EC.tmp\DropboxUpdate.exe"=0x5341435001000000000000000700000028000000282F0200CE9B02000100000000000000000001060001000033504C2B57DFD1010000008000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000004F70300000000000100000001000000 "C:\Users\Anaïs\Desktop\DropboxInstaller.exe"=0x534143500100000000000000070000002800000098810A009ABD0A000100000000000000000001060001000033504C2B57DFD101000000800000000005000000100000000000000000000000000000000000000002000000280000000000000000000000000000000000000000000000000000002ABE0100000000000200000002000000 "C:\Users\Anaïs\AppData\Local\Temp\7zS7030\Setup.exe"=0x534143500100000000000000070000002800000008541A0060F01A000100000000000000000001060001000033504C2B57DFD1010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000000000000000000000000000000000000084BE0200000000000100000001000000 "C:\Users\Anaïs\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000E07E03004B44040001000000000000000000000A0021000033504C2B57DFD1010000000100000000 "C:\Users\Anaïs\AppData\Local\Temp\7zS3F2C\Setup.exe"=0x534143500100000000000000070000002800000008541A0060F01A000100000000000000000001060001000033504C2B57DFD10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000000000000000000000000000000000000000F6550200000000000100000001000000 "C:\Users\Anaïs\AppData\Local\Temp\7zS3FF6\Setup.exe"=0x534143500100000000000000070000002800000008541A0060F01A000100000000000000000001060001000033504C2B57DFD101000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000000000000000000000000000000000000002B200000000000000100000001000000 "C:\Users\Anaïs\Downloads\HP Downloads\HP Print and Scan Doctor pour Windows - HPPSdr.exe"=0x5341435001000000000000000700000028000000C8AC7000F10571000100000000000000000001060001000033504C2B57DFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000008C20000000000000100000001000000 "C:\Users\Anaïs\Desktop\OJ4630_Basicx64_198.exe"=0x5341435001000000000000000700000028000000A0AF990293289A020100000000000000000001060001000033504C2B57DFD101000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000000000000000000000000000000000000008AC30100000000000100000001000000 "C:\Users\Anaïs\Desktop\OJ4630_R1543A.exe"=0x5341435001000000000000000700000028000000E88A3600F85237000100000000000000000001060001000033504C2B57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000009FA10000000000000100000001000000 "C:\Users\Anaïs\Desktop\HPPSdr.exe"=0x5341435001000000000000000700000028000000C8AC7000F10571000100000000000000000001060001000033504C2B57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000006F350500000000000100000001000000 "C:\Program Files (x86)\WildTangent Games\App\GameConsole-wt.exe"=0x5341435001000000000000000700000028000000200020008E3820000100000000000000000001060001000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000007A330200000000000100000001000000 "C:\Users\Anaïs\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D87E030025C1030001000000000000000000000A0021000033504C2B57DFD1010000000100000000 "C:\Users\Anaïs\AppData\Local\Microsoft\OneDrive\17.3.6798.0207\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D88003007F30040001000000000000000000000A0021000033504C2B57DFD1010000000100000000 "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe"=0x53414350010000000000000007000000280000005848B0014584B00101000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000C86E0000000000000100000001000000 "C:\Users\Anaïs\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D88203009CF3030001000000000000000000000A0021000033504C2B57DFD1010000000100000000 "C:\Users\Anaïs\AppData\Local\Temp\CanonOFI_TEMP\Data\SOFTWARE\Install\UniversalInstaller.exe"=0x5341435001000000000000000700000028000000F8391200E9B6120001000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000F17D0200000000000100000001000000 "C:\Program Files (x86)\Canon\EOS Utility\EOS Utility.exe"=0x5341435001000000000000000700000028000000F0631800367A180001000000000000000000000AF120000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000027579405000000000100000001000000 "C:\Program Files (x86)\Canon\EOS Utility\EU2\EOS Utility 2.exe"=0x534143500100000000000000070000002800000000D01902B0B71A0201000000000000000000000AF122000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000078430200000000000100000001000000 "C:\Program Files\Windows NT\Accessories\wordpad.exe"=0x534143500100000000000000070000002800000000AA440006DE440001000000010000000000000A73220000D5B3B31A57DFD1010000000000000000 "C:\Users\Anaïs\Desktop\Setup.X86.fr-FR_O365HomePremRetail_027b5636-e108-4e7c-903f-ba52c22f4cf7_TX_DB_.exe"=0x534143500100000000000000070000002800000038653E009CF73E0001000000000000000000000A0021000033504C2B57DFD10100000000000000000200000050000000000000000000004000000000000000000000000000000000D3550600000000000300000002000000000000000000000000000000000000000000000000000000DB1A0000000000000100000000000000 "C:\Users\Anaïs\Desktop\logiciels et programmes divers\Setup.X86.fr-FR_O365HomePremRetail_027b5636-e108-4e7c-903f-ba52c22f4cf7_TX_DB_.exe"=0x534143500100000000000000070000002800000038653E009CF73E0001000000000000000000000A0021000033504C2B57DFD10100000000000000000200000050000000000000000000000000000000000000000000000000000000047F0D00000000000200000002000000000000000000004000000000000000000000000000000000B0430000000000000100000000000000 "C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe"=0x5341435001000000000000000700000028000000C8EA3D0045E03E0001000000000000000000000A00210000D5B3B31A57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000003B1D0A00000000000300000003000000 "C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.8107.7600.0_x64__8wekyb3d8bbwe\Office16\OfficeHubWin32.exe"=0x5341435001000000000000000700000028000000C0A81E00ABC11E0001000000000000000000000A73200000D5B3B31A57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000055340200000000000100000001000000 "C:\Program Files (x86)\WildGames\Uninstall.exe"=0x5341435001000000000000000700000028000000500A0A0024FF0A000300000000000000000003067122000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000CF030200000000000100000001000000 "C:\Users\Anaïs\AppData\Local\WhatsApp\Update.exe"=0x534143500100000000000000070000002800000010A51D002D141E0001000000000000000000000A8021000033504C2B57DFD101000000800000000002000000280000000000000000000000000000000000000000000000000000009F170000000000000200000002000000 "C:\Program Files (x86)\CyberLink\PowerDVD14\PDVDLP.exe"=0x534143500100000000000000070000002800000018950600C4D5060001000000000000000000000A71220000E63F486B2AA0D2010000000000000000020000002800000000000000800000000000000000000000000000000000000084B0030B000000001000000010000000 "C:\Users\Anaïs\Desktop\mobilego_setup_full818.exe"=0x53414350010000000000000007000000280000009010120026CD120001000000000000000000000A0021000033504C2B57DFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000073840D00000000000100000001000000 "C:\Program Files (x86)\Wondershare\MobileGo\unins000.exe"=0x53414350010000000000000007000000280000003810150009EE15000300000000000000000003060001000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000BD050000000000000100000001000000 "C:\Windows\System32\UNPUXWorker.exe"=0x534143500100000000000000070000002800000060570100D7A3010001000000000000000000000A73220000D5B3B31A57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000006D000000000000000200000002000000 "C:\Users\Anaïs\Desktop\chrome_cleanup_tool.exe"=0x5341435001000000000000000700000028000000789A3D00DA013E0001000000000000000000000A0021000033504C2B57DFD10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000E4930000000000000100000001000000 "C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE"=0x5341435001000000000000000700000028000000C88E03009A74040001000000000000000000000A73220000D5B3B31A57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000004E0D0000000000000100000001000000 "C:\Users\Anaïs\AppData\Local\Temp\7zS39DB\Setup.exe"=0x534143500100000000000000070000002800000008541A0060F01A000100000000000000000001060001000033504C2B57DFD10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000000000000000000000000000000000000000631F1300000000000100000001000000 "C:\Users\Anaïs\AppData\Local\Temp\7zS3C10\FileExtractor.exe"=0x5341435001000000000000000700000028000000184C2100EFB721000100000000000000000001060001000033504C2B57DFD1010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400002000000000000000000000000000075110000000000000100000001000000 "C:\Users\Anaïs\Desktop\drivers imprimante.exe"=0x5341435001000000000000000700000028000000288A280A9DEF280A0100000000000000000001060001000033504C2B57DFD101000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000000000000000000000000000000000000004CFDD900000000000100000001000000 "C:\Program Files (x86)\Skype\Phone\Skype.exe"=0x5341435001000000000000000700000028000000D0AFA801110EA90101000000000000000000000A0021000033504C2B57DFD101000000000000000002000000280000000000000000000010000000000000000000000000000000008D0D0000000000000100000001000000 "C:\Users\Anaïs\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"=0x5341435001000000000000000700000028000000D0A474012679750101000000000000000000000A00210000E63F486B2AA0D2010000000100000000 "C:\Users\Anaïs\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000787C03003765040001000000000000000000000A00210000E63F486B2AA0D2010000000100000000 "C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE"=0x5341435001000000000000000700000028000000C0982B0278D12B0201000000000000000000000A00210000E63F486B2AA0D2010000009100000000 "C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"=0x5341435001000000000000000700000028000000607E0300CBB7030001000000000000000000030600010000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000001BE91050000000004A0000004A000000 "C:\Program Files (x86)\Windows Media Player\wmplayer.exe"=0x5341435001000000000000000700000028000000008C0200FD5A030001000000010000000000000A61220000E63F486B2AA0D2010000000000000000 "C:\Users\Anaïs\AppData\Local\Microsoft\OneDrive\17.3.7073.1013\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C80E0400AEA6040001000000000000000000000A71200000E63F486B2AA0D2010000000100000000 "C:\Users\Anaïs\Desktop\7z1604-x64.exe"=0x5341435001000000000000000700000028000000CE1415000000000001000000000000000000000A00210000E63F486B2AA0D2010000000000000000020000002800000000000000000000400000000000000000000000000000000016C20700000000000200000002000000 "C:\Program Files\7-Zip\7z.exe"=0x534143500100000000000000070000002800000000D206000000000001000000000000000000000A73200000E78E163C2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000058010000000000000100000001000000 "C:\Users\Anaïs\AppData\Local\Microsoft\OneDrive\17.3.7074.1023\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C80E0400B6AD040001000000000000000000000A71200000E63F486B2AA0D2010000000100000000 "C:\Users\Anaïs\AppData\Local\Microsoft\OneDrive\17.3.7076.1026\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C80E040067ED040001000000000000000000000A71200000E63F486B2AA0D2010000000100000000 "C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe"=0x5341435001000000000000000700000028000000C830020092FC020001000000000000000000030671220000DB80FDAC2839D301000000000000000002000000280000000000000000000010000000000000000000000000000000006BA1FD09000000000800000008000000 "C:\Users\Anaïs\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C89C0300B381040001000000000000000000000A71200000E63F486B2AA0D2010000000100000000 "C:\Users\Anaïs\AppData\Local\Apowersoft\Apowersoft Online Launcher\Apowersoft Online Launcher.exe"=0x534143500100000000000000070000002800000098EA08002718090001000000000000000000000A80210000E63F486B2AA0D2010000000000000000020000002800000000000000800000400000000000000000000000000000000047417314000000000100000001000000 "C:\Users\Anaïs\Desktop\apowersoft-online-launcher.exe"=0x534143500100000000000000070000002800000018441A009FBC1A0001000000000000000000000A00210000E63F486B2AA0D201000000000000000002000000280000000000000080000000000000000000000000000000000000000DE30000000000000100000001000000 "C:\Users\Anaïs\Desktop\video-converter-studio.exe"=0x534143500100000000000000070000002800000050FF4602020E470201000000000000000000000A00210000E63F486B2AA0D201000000000000000002000000280000000000000000000000000000000000000000000000000000003E110500000000000100000001000000 "C:\Program Files (x86)\Apowersoft\Video Converter Studio\Video Converter Studio.exe"=0x53414350010000000000000007000000280000009856950066C9950001000000000000000000000A80210000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000063210000000000000200000002000000 "C:\Users\Anaïs\Desktop\adwcleaner_7.0.7.0.exe"=0x534143500100000000000000070000002800000020397D00063F7D0001000000000000000000000A00210000DB80FDAC2839D3010000000000000000020000002800000000000000000000400000000000000000000000000000000018A30300000000000100000001000000 "C:\Users\Anaïs\Desktop\ccsetup539.exe"=0x5341435001000000000000000700000028000000C8FCAA008ECEAB0001000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000FE720300000000000100000001000000 "C:\Users\Anaïs\AppData\Local\Microsoft\OneDrive\17.3.7294.0108\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000A0A203006855040001000000000000000000000A71200000DB80FDAC2839D3010000000100000000 "C:\Users\Anaïs\Desktop\ccsetup540.exe"=0x5341435001000000000000000700000028000000A02AAB00BC01AC0001000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000D478794C000000000100000001000000 "C:\Users\Anaïs\AppData\Local\Microsoft\OneDrive\17.005.0107.0008\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000A0AC03001457040001000000000000000000000A71200000DB80FDAC2839D3010000000100000000 "C:\Users\Anaïs\AppData\Local\Microsoft\OneDrive\18.025.0204.0009\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000A0AE0300F24D040001000000000000000000000A71200000DB80FDAC2839D3010000000100000000 "C:\Users\Anaïs\Desktop\ccsetup541pro.exe"=0x5341435001000000000000000700000028000000C0F7E9003E73EA0001000000000000000000000A00210000DB80FDAC2839D301000000000000000002000000280000000000000000000040000000000000000000000000000000004EB1AB00000000000100000001000000 "C:\Users\Anaïs\AppData\Local\Microsoft\OneDrive\18.044.0301.0006\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000A0BC0300204F040001000000000000000000000A00210000DB80FDAC2839D3010000000100000000 "C:\Users\Anaïs\AppData\Local\Temp\7zS4F21\FileExtractor.exe"=0x5341435001000000000000000700000028000000184C2100EFB7210001000000000000000000010600010000DB80FDAC2839D3010000000000000000020000002800000000000000800000400002000000000000000000000000000090D60200000000000100000001000000 "C:\Program Files (x86)\HP\Diagnostics\PSDR\HPPSDr.exe"=0x5341435001000000000000000700000028000000E054A900842BAA0001000000000000000000010600010000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000C1C4F800000000000300000003000000 "C:\Users\Anaïs\Downloads\ReneeUndeleter_Latest.exe"=0x5341435001000000000000000700000028000000283CA000BA4EA00001000000000000000000030600010000DB80FDAC2839D30100000000000000000200000028000000000000000000000000020200000000000000000000000000F3160000000000000100000001000000 "C:\Users\Anaïs\Desktop\ccsetup542.exe"=0x5341435001000000000000000700000028000000E84CF10087C3F10001000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000050000000000000000000004000000000000000000000000000000000443BF60A000000000100000001000000000000000000000000000000000000000000000000000000C9C90300000000000100000000000000 "C:\Program Files\WinRAR\Uninstall.exe"=0x5341435001000000000000000700000028000000D8900300DD61040001000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000A4040000000000000100000001000000 "C:\Users\Anaïs\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"=0x5341435001000000000000000700000028000000A0548501FEE6850101000000000000000000000A00210000DB80FDAC2839D3010000000100000000 "C:\Users\Anaïs\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000A0E00300017A040001000000000000000000000A00210000DB80FDAC2839D3010000000100000000 "C:\Users\Anaïs\Downloads\OJ4630_198.exe"=0x5341435001000000000000000700000028000000288A280A9DEF280A01000000000000000000010600010000DB80FDAC2839D30100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000000000000000000000000000000000000000AC5E1A00000000000100000001000000 "C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE"=0x5341435001000000000000000700000028000000B09A1D00DCA41D0001000000000000000000000A00210000DB80FDAC2839D3010000009100000000 "C:\Users\Anaïs\Downloads\ccsetup542.exe"=0x5341435001000000000000000700000028000000384BF100B385F10001000000000000000000000A00210000DB80FDAC2839D3010000000000000000 "C:\Users\Anaïs\AppData\Local\Temp\7zS0F1047C9\GenericSetup.exe"=0x5341435001000000000000000700000028000000F8520100F4B7010001000000000000000000000A00210000DB80FDAC2839D3010000000000000000 "C:\Users\Anaïs\AppData\Roaming\uTorrent\uTorrent.exe"=0x5341435001000000000000000700000028000000B8531E007EDB1E0001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000D3110000000000000400000004000000 "C:\Users\Anaïs\Downloads\ccsetup543 (1).exe"=0x534143500100000000000000070000002800000078AEF10053F8F10001000000000000000000000A00210000DB80FDAC2839D3010000000000000000 "C:\Users\Anaïs\AppData\Local\Temp\7zS30AC\Setup.exe"=0x534143500100000000000000070000002800000008541A0060F01A0001000000000000000000010600010000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000C4572100000000000100000001000000 "C:\Program Files\CCleaner\CCleaner64.exe"=0x5341435001000000000000000700000028000000E83818016B4B180101000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000055040000000000000300000003000000 "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe"=0x5341435001000000000000000700000028000000C8480E0093B00E0001000000000000000000000600010000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000003103A50E000000000100000001000000 "C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe"=0x534143500100000000000000070000002800000088971B0008871C0001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000752B0000000000000100000001000000 "C:\Program Files (x86)\AVAST Software\Browser\AvastBrowserUninstall.exe"=0x5341435001000000000000000700000028000000906128002998280001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000CC960B00000000000100000001000000 "C:\Program Files (x86)\ZHPFix\unins000.exe"=0x5341435001000000000000000700000028000000D0990A000000000001000000000000000000000A41220000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000E1190000000000000100000001000000 "C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUninst.exe"=0x5341435001000000000000000700000028000000B03F6C001D0A6D0001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000E0550000000000000100000001000000 "C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanionInstaller.exe"=0x534143500100000000000000070000002800000068FC0400A074050001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000DD4E0300000000000200000002000000 "C:\Users\Anaïs\AppData\Local\Temp\SkypeSetup.exe"=0x5341435001000000000000000700000028000000C8BD81030669820301000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000001260100000000000100000001000000 "C:\Users\Anaïs\Desktop\iTunes64Setup.exe"=0x5341435001000000000000000700000028000000485B3A10B4323B1001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000069F90C00000000000100000001000000 "C:\Users\Anaïs\AppData\Local\Temp\IXP998.TMP\SetupAdmin.exe"=0x5341435001000000000000000700000028000000480D02007BAF020001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000044290300000000000100000001000000 "C:\Program Files\AVAST Software\Avast\AvastUI.exe"=0x5341435001000000000000000700000028000000D832B70013ACB70001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000A00F0000000000000300000003000000 "C:\Users\Anaïs\Desktop\ReimageRepair.exe"=0x5341435001000000000000000700000028000000F03C0900DF52090001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000002E292200000000000100000001000000 "C:\Users\Anaïs\Desktop\adwcleaner_7.2.0 (1).exe"=0x5341435001000000000000000700000028000000D07E70009876710001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000FF0F0300000000000100000001000000 "C:\Program Files\Reimage\Reimage Repair\uninst.exe"=0x534143500100000000000000070000002800000058B30C00352C0D0001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000AF520100000000000100000001000000 "C:\Users\Anaïs\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\ChromeSetup (3).exe"=0x53414350010000000000000007000000280000005841110043DD110001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000001D750400000000000100000001000000 "C:\Users\Anaïs\Desktop\spybotsd-2.7.64.0.exe"=0x5341435001000000000000000700000028000000B0C12A04336E2B0401000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000050000000000000000000004000000000000000000000000000000000F80A5C0400000000010000000100000000000000000000000000000000000000000000000000000091501C03000000000500000000000000 "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe"=0x5341435001000000000000000700000028000000D0656B00F5FA6B0001000000000000000000000A71220000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000996E0000000000000200000002000000 "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe"=0x534143500100000000000000070000002800000090C274009221750001000000000000000000000A71220000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000D5EF1403000000000100000001000000 "C:\Users\Anaïs\Desktop\ResetBrowser.exe"=0x534143500100000000000000070000002800000000C21800410A190001000000000000000000030600010000BFA2139DEDD1D3010000000000000000 "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe"=0x534143500100000000000000070000002800000080BE6D0018B46E0001000000000000000000000A71220000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000004AD80100000000000100000001000000 "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"=0x5341435001000000000000000700000028000000583F1600F9DA160001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe"=0x5341435001000000000000000700000028000000A80E84007D26840001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000027C40400000000000200000002000000 "C:\Users\Anaïs\Desktop\logiciels et programmes divers\ResetBrowser.exe"=0x534143500100000000000000070000002800000000C21800410A190001000000000000000000030600010000BFA2139DEDD1D301000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000006BE81400000000000200000002000000 "C:\Users\Anaïs\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\ChromeSetup (1).exe"=0x53414350010000000000000007000000280000005841110043DD110001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000024B40200000000000100000001000000 "C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe"=0x534143500100000000000000070000002800000058131800678D180001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Users\Anaïs\Desktop\QuickDiag.exe"=0x534143500100000000000000070000002800000098093E00F9633E0001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000 ---------- | IFEO ---------- | Mountpoints2 ---------- | Windows [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] ""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "Beep"=#USR:Control Panel\Sound "CoolSwitch"=USR:Control Panel\Desktop "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickSpeed"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse "Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SwapMouseButtons"=#USR:Control Panel\Mouse "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "Beep"=#USR:Control Panel\Sound "CoolSwitch"=USR:Control Panel\Desktop "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickSpeed"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SwapMouseButtons"=#USR:Control Panel\Mouse "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems] "windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ---------- | Security center [HKLM\SOFTWARE\Microsoft\Security Center] "cval"=1 [HKLM\SOFTWARE\Microsoft\Security Center\svc] "VistaSp1"=131727303865743591 [HKLM\SOFTWARE\Microsoft\Windows Defender] "ProductAppDataPath"=C:\ProgramData\Microsoft\Windows Defender "ProductIcon"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-100 "ProductLocalizedName"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-1000 "RemediationExe"=%ProgramFiles%\Windows Defender\MSASCui.exe "DisableAntiSpyware"=1 "TrustedImageIdentifier"=15WW3CGT601#SABF#DABF "ProductType"=2 "ManagedDefenderProductType"=0 "ProductStatus"=0 "DisableAntiVirus"=1 "InstallTime"=0x97CB1A48E931D101 "InstallLocation"=C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\ "LastEnabledTime"=0x564105ADA9FCD301 "BackupLocation"=C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall"=1 ---------- | Safeboot [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioSrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicDisplay.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicRender.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BrokerInfrastructure] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DeviceInstall] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dxgkrnl.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FsDepends.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudBus.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LSM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SerCx2.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SystemEventsBroker] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\usbaudio.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AudioEndpointBuilder] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AudioSrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicDisplay.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicRender.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BrokerInfrastructure] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DeviceInstall] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dxgkrnl.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\FsDepends.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HdAudAddService.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HdAudBus.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LSM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetSetupSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SerCx2.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmartcardSimulator] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SpbCx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SystemEventsBroker] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\uefi.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\usbaudio.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VirtualSmartcardReader] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wcmsvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96C-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}] ---------- | Winsock (Whitelist) [HKLM\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001] : AF_UNIX [HKLM\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001] : AF_UNIX [HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001] : AF_UNIX [HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001] : AF_UNIX ---------- | Hosts 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com [15513] More lines ---------- | Ping Envoi d'une requ?te 'ping' sur google.com [216.58.209.238] avec 32 octets de donn?es?: R?ponse de 216.58.209.238?: octets=32 temps=60 ms TTL=54 R?ponse de 216.58.209.238?: octets=32 temps=30 ms TTL=54 D?lai d'attente de la demande d?pass?. R?ponse de 216.58.209.238?: octets=32 temps=26 ms TTL=54 Statistiques Ping pour 216.58.209.238: Paquets?: envoy?s = 4, re?us = 3, perdus = 1 (perte 25%), Dur?e approximative des boucles en millisecondes : Minimum = 26ms, Maximum = 60ms, Moyenne = 38ms ---------- | @ [HKU\S-1-5-21-496730697-2844734673-1435591839-1001\Software\Microsoft\Internet Explorer\Main] "Anchor Underline"=yes "Cache_Update_Frequency"=yes "Disable Script Debugger"=yes "DisableScriptDebuggerIE"=yes "Display Inline Images"=yes "Do404Search"=0x01000000 "Local Page"=%11%\blank.htm "Save_Session_History_On_Exit"=no "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Show_FullURL"=no "Show_StatusBar"=yes "Show_ToolBar"=yes "Show_URLinStatusBar"=yes "Show_URLToolBar"=yes "Use_DlgBox_Colors"=yes "UseClearType"=no "XMLHTTP"=1 "Enable Browser Extensions"=yes "Play_Background_Sounds"=yes "Play_Animations"=yes "Default_Page_URL"=http://hp15-comm.msn.com/?pc=HRTE "ApplicationTileImmersiveActivation"=0 "AssociationActivationMode"=2 "OperationalData"=13 "EdgeSwitchingOSBuildNumber"=10240.th1.150916-2039 "CompatibilityFlags"=0 "FullScreen"=no "Window_Placement"=0x2C00000002000000010000000083FFFF0083FFFFFFFFFFFFFFFFFFFF580000005800000040040000B0020000 "ImageStoreRandomFolder"=eivt7hc "Start Page_TIMESTAMP"=0x6EAAA071A62DD201 "SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy"= "IE10RunOnceLastShown"=1 "IE10RunOnceLastShown_TIMESTAMP"=0x6F5F4674A62DD201 "IE10TourShown"=1 "IE10TourShownTime"=0x69FAB93CA4A0D201 "DownloadWindowPlacement"=0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 "IE10RunOncePerInstallCompleted"=1 "IE10RunOnceCompletionTime"=0x69FAB93CA4A0D201 [HKU\S-1-5-21-496730697-2844734673-1435591839-1001\Software\Microsoft\Windows\CurrentVersion\Internet settings] "DisableCachingOfSSLPages"=0 "IE5_UA_Backup_Flag"=5.0 "PrivacyAdvanced"=1 "SecureProtocols"=2688 "CertificateRevocation"=1 "User Agent"=Mozilla/4.0 (compatible; MSIE; Win32) "ZonesSecurityUpgrade"=0x2F13F8D0C9FCD301 "WarnonZoneCrossing"=0 "EnableNegotiate"=1 "MigrateProxy"=1 "ProxyEnable"=0 "LockDatabase"=131736782356761489 [HKLM\Software\Microsoft\Internet Explorer\Main] "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "AutoHide"=yes "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Anchor_Visitation_Horizon"=0x01000000 "Cache_Percent_of_Disk"=0x0A000000 "Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Secondary_Page_URL"= "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "Extensions Off Page"=about:NoAdd-ons "Local Page"=C:\Windows\System32\blank.htm "Placeholder_Height"=0x1A000000 "Placeholder_Width"=0x1A000000 "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Security Risk Page"=about:SecurityRisk "Use_Async_DNS"=yes "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE "DisableRandomFlighting"=0 "EnableLegacyEdgeSwitching"=1 [HKLM\Software\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "Home"=270 "InPrivate"=res://ieframe.dll/inprivate.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "PostNotCached"=res://ieframe.dll/repost.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes] "ftp"=ftp:// "home"=http:// "mosaic"=http:// "www"=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings] "ActiveXCache"=C:\Windows\Downloaded Program Files "CodeBaseSearchPath"=CODEBASE "EnablePunycode"=1 "MinorVersion"=0 "WarnOnIntranet"=1 [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Main] "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "AutoHide"=yes "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Anchor_Visitation_Horizon"=0x01000000 "Cache_Percent_of_Disk"=0x0A000000 "Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Secondary_Page_URL"= "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "Extensions Off Page"=about:NoAdd-ons "Local Page"=C:\Windows\SysWOW64\blank.htm "Placeholder_Height"=0x1A000000 "Placeholder_Width"=0x1A000000 "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Security Risk Page"=about:SecurityRisk "Use_Async_DNS"=yes "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "Home"=270 "InPrivate"=res://ieframe.dll/inprivate.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "PostNotCached"=res://ieframe.dll/repost.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes] "ftp"=ftp:// "home"=http:// "mosaic"=http:// "www"=http:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet settings] "ActiveXCache"=C:\Windows\Downloaded Program Files "CodeBaseSearchPath"=CODEBASE "EnablePunycode"=1 "MinorVersion"=0 "WarnOnIntranet"=1 ---------- | Proxy ---------- | reparsepoint ---------- | Detection of offsets ---------- | Notify [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon] : SDWinLogon.dll ---------- | Execution FileExts ---------- | SIOI | SEH | URLSH [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt01] - {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} -- C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [20/06/2018 20:09:30] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt02] - {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} -- C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [20/06/2018 20:09:30] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt03] - {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} -- C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [20/06/2018 20:09:30] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt04] - {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} -- C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [20/06/2018 20:09:30] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt05] - {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} -- C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [20/06/2018 20:09:30] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt06] - {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} -- C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [20/06/2018 20:09:30] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt07] - {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} -- C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [20/06/2018 20:09:30] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt08] - {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} -- C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [20/06/2018 20:09:30] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt09] - {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} -- C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [20/06/2018 20:09:30] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt10] - {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} -- C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [20/06/2018 20:09:30] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6] - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7] - {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw] - {472083B0-C522-11CF-8763-00608CC02F24} -- C:\Program Files\AVAST Software\Avast\ashShA64.dll [19/05/2018 00:37:53] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast] - {472083B0-C522-11CF-8763-00608CC02F24} -- C:\Program Files\AVAST Software\Avast\ashShA64.dll [19/05/2018 00:37:53] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} -- C:\Windows\System32\EhStorShell.dll [12/04/2018 01:34:24] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt01] - {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} -- C:\Program Files (x86)\Dropbox\Client\DropboxExt.22.0.dll [20/06/2018 20:09:30] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt02] - {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} -- C:\Program Files (x86)\Dropbox\Client\DropboxExt.22.0.dll [20/06/2018 20:09:30] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt03] - {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} -- C:\Program Files (x86)\Dropbox\Client\DropboxExt.22.0.dll [20/06/2018 20:09:30] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt04] - {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} -- C:\Program Files (x86)\Dropbox\Client\DropboxExt.22.0.dll [20/06/2018 20:09:30] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt05] - {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} -- C:\Program Files (x86)\Dropbox\Client\DropboxExt.22.0.dll [20/06/2018 20:09:30] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt06] - {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} -- C:\Program Files (x86)\Dropbox\Client\DropboxExt.22.0.dll [20/06/2018 20:09:30] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt07] - {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} -- C:\Program Files (x86)\Dropbox\Client\DropboxExt.22.0.dll [20/06/2018 20:09:30] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt08] - {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} -- C:\Program Files (x86)\Dropbox\Client\DropboxExt.22.0.dll [20/06/2018 20:09:30] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt09] - {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} -- C:\Program Files (x86)\Dropbox\Client\DropboxExt.22.0.dll [20/06/2018 20:09:30] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt10] - {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} -- C:\Program Files (x86)\Dropbox\Client\DropboxExt.22.0.dll [20/06/2018 20:09:30] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6] - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7] - {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} -- [HKU\S-1-5-21-496730697-2844734673-1435591839-1001\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks] "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"= ---------- | Toolbar [HKU\S-1-5-21-496730697-2844734673-1435591839-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "Locked"=1 [HKU\S-1-5-21-496730697-2844734673-1435591839-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} "KnownProvidersUpgradeTime"=0x69FAB93CA4A0D201 "Version"=5 "UpgradeTime"=0x69FAB93CA4A0D201 [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} ---------- | Extensions [HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{22CC3EBD-C286-43aa-B8E6-06B115F74162}] : (HP Smart Print) - [] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}] : (Se&nd to OneNote) - [] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] : (Lync Click to Call) - [] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}] : (OneNote Lin&ked Notes) - [] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{A95fe080-8f5d-11d2-a20b-00aa003c157a}] : (@C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101) - [] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{22CC3EBD-C286-43aa-B8E6-06B115F74162}] : (HP Smart Print) - [] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{25510184-5A38-4A99-B273-DCA8EEF6CD08}] : (@C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102) - [] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}] : (Se&nd to OneNote) - [] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}] : (OneNote Lin&ked Notes) - [] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{A95fe080-8f5d-11d2-a20b-00aa003c157a}] : (@C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101) - [] ---------- | SearchScopes [HKU\S-1-5-21-496730697-2844734673-1435591839-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (Bing) - http://www.bing.com/search?pc=COSP&ptag=D052418-A5AF4E3D53C&form=CONBDF&conlogo=CT3335878&q={searchTerms} : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (Bing) - http://www.bing.com/search?q={searchTerms}&form=PRHPR1&src=IE11TR&pc=HRTS : ---------- | Browser Helper Objects [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] -> () : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{92EF2EAD-A7CE-4424-B0DB-499CF856608E}] -> (Evernote extension) : C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [01/07/2015 18:35:48] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}] -> (HP Network Check Helper) : C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [06/05/2015 02:32:58] ---------- | Chrome [HKLM\Software\WOW6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck] [HKLM\Software\WOW6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki] [HKLM\Software\WOW6432Node\Google\Chrome\Extensions\jkfpchpiljkaemlpmpebnglgkomamfeo] [HKLM\Software\WOW6432Node\Google\Chrome\Extensions\nladljmabboanhihfkjacnnkgjhnokhj] ---------- | Opera ---------- | Firefox [HKLM\Software\WOW6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer] - (Adobe Shockwave Player) : C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1233203.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68] - (Intel IPT WebApi plugin) : C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater] - (This plugin updates Intel WebAPI component) : C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0] - (Microsoft SharePoint Plug-in for Firefox) : C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331] - (WLPG Install MIME type) : C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.4] - (VLC Multimedia Plugin) : C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.5.1] - (VLC Multimedia Plugin) : C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.6] - (VLC Multimedia Plugin) : C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.8] - (VLC Multimedia Plugin) : C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@videolan.org/vlc,version=3.0.2] - (VLC Multimedia Plugin) : C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@videolan.org/vlc,version=3.0.3] - (VLC Multimedia Plugin) : C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll ---------- | DNS [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters] "DhcpNameServer"=192.168.1.1 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{82cc9ec4-3657-4b03-8ac6-1e1c4d37158e}] "DhcpNameServer"=192.168.1.1 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{c1d301d9-ddb8-4faf-b154-ac2ab29f69eb}] "DhcpNameServer"=192.168.1.1 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{82cc9ec4-3657-4b03-8ac6-1e1c4d37158e}] "DhcpNameServer"=192.168.1.1 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{c1d301d9-ddb8-4faf-b154-ac2ab29f69eb}] "DhcpNameServer"=192.168.1.1 ---------- | Applications [HKU\S-1-5-21-496730697-2844734673-1435591839-1001\SOFTWARE\Classes\Applications\7z.exe] : "C:\Program Files\7-Zip\7z.exe" "%1" [HKU\S-1-5-21-496730697-2844734673-1435591839-1001\SOFTWARE\Classes\Applications\PhotoFiltre7.exe] : "C:\Program Files (x86)\PhotoFiltre 7\PhotoFiltre7.exe" "%1" [HKU\S-1-5-21-496730697-2844734673-1435591839-1001\SOFTWARE\Classes\Applications\uTorrent.exe] : "C:\Users\Anaïs\AppData\Roaming\uTorrent\uTorrent.exe" "%1" /SHELLASSOC [HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 [HKLM\SOFTWARE\Classes\Applications\MovieMaker.exe] : "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\MSOXMLED.EXE] : "C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE" "%1" [HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\Classes\Applications\provtool.exe] : "%SystemRoot%\System32\provtool.exe" "%1" /source ShellOpen [HKLM\SOFTWARE\Classes\Applications\vlc.exe] : "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file "%1" [HKLM\SOFTWARE\Classes\Applications\WLXPhotoViewer.dll] : "C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe" /LaunchPhotoViewer /v "%1" [HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\MovieMaker.exe] : "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\MSOXMLED.EXE] : "C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\provtool.exe] : "%SystemRoot%\System32\provtool.exe" "%1" /source ShellOpen [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\vlc.exe] : "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\WLXPhotoViewer.dll] : "C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe" /LaunchPhotoViewer /v "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" ---------- | SvcHost (Whitelist) [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost] "DcomLaunch"=Power LSM BrokerInfrastructure PlugPlay DcomLaunch DeviceInstall SystemEventsBroker "rdxgroup"=RetailDemo "wusvcs"=WaaSMedicSvc "BthAppGroup"=BluetoothUserService "BcastDVRUserService"=BcastDVRUserService "Camera"=FrameS "diagnostics"=DiagSvc "PrintWorkflow"=PrintWorkflowUserSvc "GraphicsPerfSvcGroup"=GraphicsPerfSvc "DevicesFlow"=DevicesFlowUserSvc DevicePickerUserSvc "smbsvcs"=lanmanserver browser "iissvcs"=w3svc was [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost] "DcomLaunch"=PlugPlay DcomLaunch DeviceInstall "PrintWorkflow"=PrintWorkflowUserSvc "smbsvcs"=lanmanserver "iissvcs"=w3svc was ---------- | SvcHost - Netsvcs (Whitelist) ---------- | Software [HKU\S-1-5-21-496730697-2844734673-1435591839-1001\Software\7-Zip] [HKU\S-1-5-21-496730697-2844734673-1435591839-1001\Software\Adobe] [HKU\S-1-5-21-496730697-2844734673-1435591839-1001\Software\Apowersoft] [HKU\S-1-5-21-496730697-2844734673-1435591839-1001\Software\AppDataLow] [HKU\S-1-5-21-496730697-2844734673-1435591839-1001\Software\Apple Computer, Inc.] [HKU\S-1-5-21-496730697-2844734673-1435591839-1001\Software\Apple Inc.] [HKU\S-1-5-21-496730697-2844734673-1435591839-1001\Software\ATI] [HKU\S-1-5-21-496730697-2844734673-1435591839-1001\Software\AVAST Software] [HKU\S-1-5-21-496730697-2844734673-1435591839-1001\Software\BitTorrent] [HKU\S-1-5-21-496730697-2844734673-1435591839-1001\Software\Browser Cleanup] [HKU\S-1-5-21-496730697-2844734673-1435591839-1001\Software\Bytescout] [HKU\S-1-5-21-496730697-2844734673-1435591839-1001\Software\Canon_Inc_IC] [HKU\S-1-5-21-496730697-2844734673-1435591839-1001\Software\Chromium] [HKU\S-1-5-21-496730697-2844734673-1435591839-1001\Software\CyberLink] [HKU\S-1-5-21-496730697-2844734673-1435591839-1001\Software\Dropbox] [HKU\S-1-5-21-496730697-2844734673-1435591839-1001\Software\DropboxUpdate] [HKU\S-1-5-21-496730697-2844734673-1435591839-1001\Software\g3n-h@ckm@n] [HKU\S-1-5-21-496730697-2844734673-1435591839-1001\Software\Google] [HKU\S-1-5-21-496730697-2844734673-1435591839-1001\Software\Hewlett-Packard] [HKU\S-1-5-21-496730697-2844734673-1435591839-1001\Software\HP] [HKU\S-1-5-21-496730697-2844734673-1435591839-1001\Software\I.R.I.S.] [HKU\S-1-5-21-496730697-2844734673-1435591839-1001\Software\IM Providers] [HKU\S-1-5-21-496730697-2844734673-1435591839-1001\Software\Intel] [HKU\S-1-5-21-496730697-2844734673-1435591839-1001\Software\Iris] [HKU\S-1-5-21-496730697-2844734673-1435591839-1001\Software\Lavasoft] [HKU\S-1-5-21-496730697-2844734673-1435591839-1001\Software\Local AppWizard-Generated Applications] [HKU\S-1-5-21-496730697-2844734673-1435591839-1001\Software\LogiShrd] [HKU\S-1-5-21-496730697-2844734673-1435591839-1001\Software\Macromedia] [HKU\S-1-5-21-496730697-2844734673-1435591839-1001\Software\Microsoft] [HKU\S-1-5-21-496730697-2844734673-1435591839-1001\Software\Mine] [HKU\S-1-5-21-496730697-2844734673-1435591839-1001\Software\Netscape] [HKU\S-1-5-21-496730697-2844734673-1435591839-1001\Software\ODBC] [HKU\S-1-5-21-496730697-2844734673-1435591839-1001\Software\PhotoFiltre 7] [HKU\S-1-5-21-496730697-2844734673-1435591839-1001\Software\Piriform] [HKU\S-1-5-21-496730697-2844734673-1435591839-1001\Software\Policies] [HKU\S-1-5-21-496730697-2844734673-1435591839-1001\Software\ProtectedStorage] [HKU\S-1-5-21-496730697-2844734673-1435591839-1001\Software\Realtek] [HKU\S-1-5-21-496730697-2844734673-1435591839-1001\Software\RegisteredApplications] [HKU\S-1-5-21-496730697-2844734673-1435591839-1001\Software\Safer Networking Limited] [HKU\S-1-5-21-496730697-2844734673-1435591839-1001\Software\Skype] [HKU\S-1-5-21-496730697-2844734673-1435591839-1001\Software\skypeapp-a43d3f73cab5] [HKU\S-1-5-21-496730697-2844734673-1435591839-1001\Software\skypeapp-d4adb8a1585f] [HKU\S-1-5-21-496730697-2844734673-1435591839-1001\Software\Synaptics] [HKU\S-1-5-21-496730697-2844734673-1435591839-1001\Software\sysinternals] [HKU\S-1-5-21-496730697-2844734673-1435591839-1001\Software\Visan] [HKU\S-1-5-21-496730697-2844734673-1435591839-1001\Software\WinRAR] [HKU\S-1-5-21-496730697-2844734673-1435591839-1001\Software\WinRAR SFX] [HKU\S-1-5-21-496730697-2844734673-1435591839-1001\Software\Wondershare] [HKU\S-1-5-21-496730697-2844734673-1435591839-1001\Software\Wow6432Node] [HKU\S-1-5-21-496730697-2844734673-1435591839-1001\Software\ZebHelpProcess Helper] [HKU\S-1-5-21-496730697-2844734673-1435591839-1001\SOFTWARE\AppDataLow\Software\Adobe] [HKU\S-1-5-21-496730697-2844734673-1435591839-1001\SOFTWARE\AppDataLow\Software\Microsoft] [HKU\S-1-5-21-496730697-2844734673-1435591839-1001\Software\Microsoft\Windows\CurrentVersion] [HKU\S-1-5-21-496730697-2844734673-1435591839-1001\Software\Microsoft\Windows\DWM] [HKU\S-1-5-21-496730697-2844734673-1435591839-1001\Software\Microsoft\Windows\PrivacySettingsBeforeCreatorsUpdate] [HKU\S-1-5-21-496730697-2844734673-1435591839-1001\Software\Microsoft\Windows\Shell] [HKU\S-1-5-21-496730697-2844734673-1435591839-1001\Software\Microsoft\Windows\TabletPC] [HKU\S-1-5-21-496730697-2844734673-1435591839-1001\Software\Microsoft\Windows\Windows Error Reporting] [HKU\S-1-5-21-496730697-2844734673-1435591839-1001\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\7-Zip] [HKLM\Software\AMD] [HKLM\Software\Apple Computer, Inc.] [HKLM\Software\Apple Inc.] [HKLM\Software\ATI] [HKLM\Software\ATI Technologies] [HKLM\Software\Broadcom] [HKLM\Software\Canon_Inc_IC] [HKLM\Software\Clients] [HKLM\Software\CyberLink] [HKLM\Software\Dell] [HKLM\Software\g3n-h@ckm@n] [HKLM\Software\Google] [HKLM\Software\Hewlett-Packard] [HKLM\Software\HP] [HKLM\Software\IM Providers] [HKLM\Software\InstalledOptions] [HKLM\Software\Intel] [HKLM\Software\Khronos] [HKLM\Software\Logishrd] [HKLM\Software\Macromedia] [HKLM\Software\Microsoft] [HKLM\Software\Mozilla] [HKLM\Software\MozillaPlugins] [HKLM\Software\Nuance] [HKLM\Software\ODBC] [HKLM\Software\OEM] [HKLM\Software\Partner] [HKLM\Software\Piriform] [HKLM\Software\Policies] [HKLM\Software\Realtek] [HKLM\Software\RegisteredApplications] [HKLM\Software\RTLSetup] [HKLM\Software\Safer Networking Limited] [HKLM\Software\SonicFocus] [HKLM\Software\SoundResearch] [HKLM\Software\SRS Labs] [HKLM\Software\Synaptics] [HKLM\Software\sysinternals] [HKLM\Software\WinRAR] [HKLM\Software\WOW6432Node] [HKLM\Software\Microsoft\Windows\ClickNote] [HKLM\Software\Microsoft\Windows\CurrentVersion] [HKLM\Software\Microsoft\Windows\Dwm] [HKLM\Software\Microsoft\Windows\DynamicManagement] [HKLM\Software\Microsoft\Windows\EnterpriseResourceManager] [HKLM\Software\Microsoft\Windows\Heat] [HKLM\Software\Microsoft\Windows\HTML Help] [HKLM\Software\Microsoft\Windows\ITStorage] [HKLM\Software\Microsoft\Windows\PrivacySettingsBeforeCreatorsUpdate] [HKLM\Software\Microsoft\Windows\ScheduledDiagnostics] [HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\Microsoft\Windows\Shell] [HKLM\Software\Microsoft\Windows\Tablet PC] [HKLM\Software\Microsoft\Windows\TabletPC] [HKLM\Software\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\Microsoft\Windows\Windows Search] [HKLM\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\apphost] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\BcastDVRUserService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\btagservice] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\BthAppGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\Camera] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\DevicesFlow] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\diagnostics] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\GraphicsPerfSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ICService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\iissvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceHttp] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestrictedDhcpLmHosts] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetworkFirewall] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceDnsNla] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\print] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\PrintWorkflow] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\rdxgroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\RmSvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\UnistackSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\WepHostSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wsappx] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wusvcs] [HKLM\Software\WOW6432Node\Adobe] [HKLM\Software\WOW6432Node\AppDataLow] [HKLM\Software\WOW6432Node\Apple Inc.] [HKLM\Software\WOW6432Node\ATI] [HKLM\Software\WOW6432Node\ATI Technologies] [HKLM\Software\WOW6432Node\AVAST Software] [HKLM\Software\WOW6432Node\Canon] [HKLM\Software\WOW6432Node\Canon_Inc_IC] [HKLM\Software\WOW6432Node\Caphyon] [HKLM\Software\WOW6432Node\CyberLink] [HKLM\Software\WOW6432Node\Dropbox] [HKLM\Software\WOW6432Node\DropboxUpdate] [HKLM\Software\WOW6432Node\Evernote] [HKLM\Software\WOW6432Node\Google] [HKLM\Software\WOW6432Node\Hewlett-Packard] [HKLM\Software\WOW6432Node\HP] [HKLM\Software\WOW6432Node\IM Providers] [HKLM\Software\WOW6432Node\Insyde] [HKLM\Software\WOW6432Node\Intel] [HKLM\Software\WOW6432Node\Khronos] [HKLM\Software\WOW6432Node\Lavasoft] [HKLM\Software\WOW6432Node\LogMeInRescueCallingCard] [HKLM\Software\WOW6432Node\LogMeInRescueCallingCards] [HKLM\Software\WOW6432Node\Macromedia] [HKLM\Software\WOW6432Node\McAfee] [HKLM\Software\WOW6432Node\Microsoft] [HKLM\Software\WOW6432Node\Mozilla] [HKLM\Software\WOW6432Node\MozillaPlugins] [HKLM\Software\WOW6432Node\Nuance] [HKLM\Software\WOW6432Node\ODBC] [HKLM\Software\WOW6432Node\Piriform] [HKLM\Software\WOW6432Node\Realtek] [HKLM\Software\WOW6432Node\Realtek Semiconductor Corp.] [HKLM\Software\WOW6432Node\RocketLife] [HKLM\Software\WOW6432Node\Safer Networking Limited] [HKLM\Software\WOW6432Node\Skype] [HKLM\Software\WOW6432Node\SyncIntegrationClients] [HKLM\Software\WOW6432Node\VideoLAN] [HKLM\Software\WOW6432Node\Visan] [HKLM\Software\WOW6432Node\Volatile] [HKLM\Software\WOW6432Node\WafCX] [HKLM\Software\WOW6432Node\WinRAR] [HKLM\Software\WOW6432Node\Wondershare] [HKLM\Software\WOW6432Node\WOW6432Node] [HKLM\Software\WOW6432Node\Clients] [HKLM\Software\WOW6432Node\Policies] [HKLM\Software\WOW6432Node\RegisteredApplications] [HKLM\Software\WOW6432Node\Microsoft\Windows\ClickNote] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows\Dwm] [HKLM\Software\WOW6432Node\Microsoft\Windows\EnterpriseResourceManager] [HKLM\Software\WOW6432Node\Microsoft\Windows\Heat] [HKLM\Software\WOW6432Node\Microsoft\Windows\HTML Help] [HKLM\Software\WOW6432Node\Microsoft\Windows\ITStorage] [HKLM\Software\WOW6432Node\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\WOW6432Node\Microsoft\Windows\Tablet PC] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Search] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\iissvcs] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceHttp] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestrictedDhcpLmHosts] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetworkFirewall] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceDnsNla] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\PrintWorkflow] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\wusvcs] ---------- | Drives D: [09/12/2015 04:19:05] - |RASH| - (.-.) - [55] - (0.0.0.0) - D:\RP.ini ---------- | C: [07/04/2017 11:09:59] - |HD| - [2144691] - C:\$AV_ASW [10/07/2015 13:04:22] - |SHD| - [13578704343] - C:\$Recycle.Bin [19/10/2016 14:13:11] - |D| - [2404613] - C:\AdwCleaner [MD5.93B885ADFE0DA089CDF634904FD59F71] - [10/07/2015 15:20:06] - |ASH| - (.-.) - [1] - (0.0.0.0) - C:\BOOTNXT [10/07/2015 14:21:38] - |SHD| - [0] - C:\Documents and Settings [25/10/2016 13:48:24] - |D| - [121751954] - C:\FRST [MD5.D41D8CD98F00B204E9800998ECF8427E] - [06/06/2018 05:25:19] - |ASH| - (.-.) - [1685381120] - (0.0.0.0) - C:\hiberfil.sys [25/09/2015 16:06:41] - |HD| - [21016295] - C:\hp [05/06/2018 15:03:58] - |D| - [217063] - C:\inetpub [08/12/2015 19:50:37] - |D| - [212351] - C:\Intel [MD5.D41D8CD98F00B204E9800998ECF8427E] - [08/12/2015 20:48:52] - |ASH| - (.-.) - [6442450944] - (0.0.0.0) - C:\pagefile.sys [12/04/2018 01:38:20] - |D| - [0] - C:\PerfLogs [12/04/2018 01:38:20] - |RD| - [6382139695] - C:\Program Files [12/04/2018 01:38:20] - |RD| - [7185236767] - C:\Program Files (x86) [12/04/2018 01:38:20] - |HD| - [4481859408] - C:\ProgramData [21/06/2018 12:35:03] - |D| - [68685] - C:\QuickDiag [MD5.B7BCE7C15DD2B2E2D821EC176ADD5261] - [21/06/2018 12:35:11] - |A| - (.-.) - [196646] - (0.0.0.0) - C:\QuickDiag.txt [16/07/2015 08:01:32] - |SHD| - [8267181279] - C:\Recovery [MD5.D41D8CD98F00B204E9800998ECF8427E] - [02/12/2015 05:05:05] - |ASH| - (.-.) - [268435456] - (0.0.0.0) - C:\swapfile.sys [06/08/2015 17:21:44] - |D| - [4242025429] - C:\SWSetup [02/12/2015 05:05:03] - |SHD| - [0] - C:\System Volume Information [06/08/2015 17:21:45] - |AHD| - [166958823] - C:\SYSTEM.SAV [11/04/2018 23:04:33] - |RD| - [405130316511] - C:\Users [11/04/2018 23:04:33] - |D| - [26103929217] - C:\Windows ---------- | C:\WINDOWS [12/04/2018 01:38:20] - |D| - [802] - C:\WINDOWS\addins [12/04/2018 01:38:20] - |D| - [5679188] - C:\WINDOWS\appcompat [12/04/2018 01:38:20] - |D| - [8315140] - C:\WINDOWS\apppatch [12/04/2018 01:38:20] - |D| - [0] - C:\WINDOWS\AppReadiness [12/04/2018 01:38:20] - |RSD| - [1031890274] - C:\WINDOWS\assembly [MD5.12EBDA58437CD1EA7066FCB6455241D2] - [06/10/2016 15:34:50] - |A| - (.Copyright (c) 2014 AVAST Software - avast! Screen Saver stub.) - [53208] - (12.3.3154.0) - C:\WINDOWS\avastSS.scr [12/04/2018 01:38:20] - |D| - [720353] - C:\WINDOWS\bcastdvr [MD5.178BA90AA13F6F834E5C060DC923FB55] - [12/04/2018 01:34:02] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Utilitaire de service de fichier de démarrage.) - [67072] - (10.0.17134.1) - C:\WINDOWS\bfsvc.exe [12/04/2018 01:38:20] - |D| - [38317952] - C:\WINDOWS\Boot [MD5.F8DE0B59AAB01D084E73888AB1C6F669] - [05/06/2018 15:37:52] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\WINDOWS\bootstat.dat [12/04/2018 01:38:21] - |D| - [2448984] - C:\WINDOWS\Branding [12/04/2018 01:30:02] - |D| - [0] - C:\WINDOWS\CbsTemp [MD5.A155FFABF2F04265A97274CCAB44D773] - [12/04/2018 18:23:39] - |A| - (.-.) - [35138] - (0.0.0.0) - C:\WINDOWS\Core.xml [MD5.7B4A26DCC09222DE4763DF989DEB6743] - [10/07/2015 15:16:28] - |A| - (.-.) - [31816] - (0.0.0.0) - C:\WINDOWS\CoreSingleLanguage.xml [MD5.91F4DE21B92150CFACE3320BDCE05F4B] - [02/12/2015 13:50:43] - |A| - (.-.) - [12] - (0.0.0.0) - C:\WINDOWS\CSUP.txt [12/04/2018 01:38:21] - |D| - [11482410] - C:\WINDOWS\Cursors [12/04/2018 01:38:21] - |D| - [3004463] - C:\WINDOWS\debug [MD5.99F5D5BBD351694638DF3C0CC4A919A3] - [06/06/2018 05:44:19] - |A| - (.-.) - [7623] - (0.0.0.0) - C:\WINDOWS\diagerr.xml [12/04/2018 01:38:21] - |D| - [4531043] - C:\WINDOWS\diagnostics [MD5.99F5D5BBD351694638DF3C0CC4A919A3] - [06/06/2018 05:44:19] - |A| - (.-.) - [7623] - (0.0.0.0) - C:\WINDOWS\diagwrn.xml [12/04/2018 18:18:37] - |D| - [0] - C:\WINDOWS\DigitalLocker [12/04/2018 01:38:21] - |SD| - [65] - C:\WINDOWS\Downloaded Program Files [12/04/2018 01:38:21] - |HD| - [44616] - C:\WINDOWS\ELAMBKUP [12/04/2018 18:18:37] - |D| - [0] - C:\WINDOWS\en-US [MD5.AD5296B280E8F522A8A897C96BAB0E1D] - [12/04/2018 01:34:44] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [3933184] - (10.0.17134.1) - C:\WINDOWS\explorer.exe [12/04/2018 01:38:21] - |RSD| - [380396260] - C:\WINDOWS\Fonts [08/10/2016 04:53:46] - |D| - [117440] - C:\WINDOWS\fr [12/04/2018 18:18:37] - |D| - [109568] - C:\WINDOWS\fr-FR [12/04/2018 01:38:21] - |D| - [0] - C:\WINDOWS\GameBarPresenceWriter [12/04/2018 01:38:21] - |D| - [47788502] - C:\WINDOWS\Globalization [12/04/2018 01:38:21] - |D| - [3395849] - C:\WINDOWS\Help [MD5.B8A76FE97CECCE9233FE87BCDFA9088E] - [12/04/2018 01:34:25] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Aide et support Microsoft.) - [1054720] - (10.0.17134.1) - C:\WINDOWS\HelpPane.exe [08/12/2015 20:12:49] - |D| - [43936248] - C:\WINDOWS\Hewlett-Packard [MD5.A50C9DF7603E2F1AEA6B54053794A326] - [12/04/2018 01:34:25] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Exécutable de l’aide HTML Microsoft®.) - [17920] - (10.0.17134.1) - C:\WINDOWS\hh.exe [12/04/2018 01:38:21] - |D| - [29869] - C:\WINDOWS\IdentityCRL [12/04/2018 01:38:21] - |D| - [28827030] - C:\WINDOWS\IME [12/04/2018 01:38:21] - |RD| - [8489793] - C:\WINDOWS\ImmersiveControlPanel [12/04/2018 01:36:48] - |D| - [109879237] - C:\WINDOWS\INF [12/04/2018 01:38:21] - |D| - [1578956676] - C:\WINDOWS\InfusedApps [12/04/2018 01:38:21] - |D| - [38137502] - C:\WINDOWS\InputMethod [MD5.FB1F46900FBE595AA662E86E5C460FC1] - [06/10/2016 15:02:18] - |A| - (.-.) - [205] - (0.0.0.0) - C:\WINDOWS\insFileSpec [12/04/2018 01:38:21] - |SHD| - [744154817] - C:\WINDOWS\Installer [12/04/2018 01:38:21] - |D| - [94163] - C:\WINDOWS\L2Schemas [12/04/2018 01:38:21] - |HD| - [0] - C:\WINDOWS\LanguageOverlayCache [12/04/2018 01:38:21] - |D| - [768270336] - C:\WINDOWS\LiveKernelReports [11/04/2018 23:04:39] - |D| - [47033365] - C:\WINDOWS\Logs [12/04/2018 01:38:21] - |RSD| - [20486563] - C:\WINDOWS\media [MD5.23AF90D2355D8C83AA4567EF1763B467] - [12/04/2018 01:34:36] - |A| - (.-.) - [43131] - (0.0.0.0) - C:\WINDOWS\mib.bin [12/04/2018 01:38:20] - |RD| - [802770916] - C:\WINDOWS\Microsoft.NET [12/04/2018 01:38:21] - |D| - [3135] - C:\WINDOWS\Migration [12/04/2018 01:38:21] - |D| - [0] - C:\WINDOWS\ModemLogs [MD5.BB9A06B8F2DD9D24C77F389D7B2B58D2] - [12/04/2018 01:34:20] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Bloc-notes.) - [245760] - (10.0.17134.1) - C:\WINDOWS\notepad.exe [12/04/2018 18:22:25] - |D| - [199472] - C:\WINDOWS\OCR [12/04/2018 01:38:21] - |RD| - [65] - C:\WINDOWS\Offline Web Pages [05/06/2018 11:09:16] - |DC| - [208645778] - C:\WINDOWS\Panther [12/04/2018 01:38:21] - |D| - [359884] - C:\WINDOWS\Performance [MD5.D1C11B8356240252CEFCA760BE2BCC26] - [21/10/2016 16:35:07] - |A| - (.-.) - [423346] - (0.0.0.0) - C:\WINDOWS\PFRO.log [12/04/2018 01:38:21] - |D| - [1136442] - C:\WINDOWS\PLA [12/04/2018 01:38:21] - |D| - [2821730] - C:\WINDOWS\PolicyDefinitions [06/06/2018 05:13:54] - |D| - [20142842] - C:\WINDOWS\Prefetch [12/04/2018 01:38:21] - |RD| - [1965014] - C:\WINDOWS\PrintDialog [12/04/2018 01:38:21] - |D| - [5220115] - C:\WINDOWS\Provisioning [MD5.AC91328EE5CFFBD695CE912F75F876F6] - [12/04/2018 01:34:34] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Éditeur du Registre.) - [336384] - (10.0.17134.1) - C:\WINDOWS\regedit.exe [12/04/2018 01:38:21] - |D| - [1095288] - C:\WINDOWS\registration [12/04/2018 01:38:21] - |D| - [5067216] - C:\WINDOWS\rescache [12/04/2018 01:38:21] - |D| - [3623961] - C:\WINDOWS\Resources [MD5.429D9EEB1DA2386625DF4601CC1C875A] - [08/12/2015 19:45:31] - |A| - (.Copyright (C) 2015 Realtek Semiconductor Corp. - RtlExUpd DLL for setup utility function.) - [2825944] - (1.0.6.5) - C:\WINDOWS\RtlExUpd.dll [12/04/2018 01:38:21] - |D| - [0] - C:\WINDOWS\SchCache [12/04/2018 01:38:21] - |D| - [122082] - C:\WINDOWS\schemas [12/04/2018 01:38:21] - |D| - [8413184] - C:\WINDOWS\security [05/06/2018 15:35:28] - |D| - [53932129] - C:\WINDOWS\ServiceProfiles [12/04/2018 01:38:21] - |D| - [0] - C:\WINDOWS\ServiceState [11/04/2018 23:04:33] - |D| - [72260053] - C:\WINDOWS\servicing [12/04/2018 01:41:20] - |D| - [42] - C:\WINDOWS\Setup [12/04/2018 01:38:21] - |D| - [6442496] - C:\WINDOWS\ShellComponents [12/04/2018 01:38:21] - |D| - [53633024] - C:\WINDOWS\ShellExperiences [12/04/2018 18:19:39] - |D| - [3070736] - C:\WINDOWS\SKB [06/10/2016 13:31:58] - |D| - [155701549] - C:\WINDOWS\SoftwareDistribution [12/04/2018 01:38:21] - |D| - [86037185] - C:\WINDOWS\Speech [12/04/2018 01:38:21] - |D| - [63476142] - C:\WINDOWS\Speech_OneCore [MD5.8D59B31FF375059E3C32B17BF31A76D5] - [12/04/2018 01:34:41] - |A| - (.© Microsoft Corporation. - Print driver host for applications.) - [130560] - (10.0.17134.1) - C:\WINDOWS\splwow64.exe [12/04/2018 01:38:21] - |D| - [31039] - C:\WINDOWS\System [MD5.286A9EDB379DC3423A528B0864A0F111] - [10/07/2015 13:04:27] - |A| - (.-.) - [219] - (0.0.0.0) - C:\WINDOWS\system.ini [11/04/2018 23:04:33] - |D| - [8416861092] - C:\WINDOWS\System32 [12/04/2018 01:38:21] - |D| - [225242213] - C:\WINDOWS\SystemApps [12/04/2018 01:38:21] - |D| - [25650717] - C:\WINDOWS\SystemResources [11/04/2018 23:04:41] - |D| - [1669244580] - C:\WINDOWS\SysWOW64 [12/04/2018 01:38:21] - |D| - [0] - C:\WINDOWS\TAPI [10/07/2015 13:04:23] - |D| - [2798] - C:\WINDOWS\Tasks [12/04/2018 01:38:21] - |D| - [3913810] - C:\WINDOWS\Temp [12/04/2018 01:38:21] - |D| - [13606400] - C:\WINDOWS\TextInput [12/04/2018 01:38:21] - |D| - [0] - C:\WINDOWS\tracing [12/04/2018 01:38:21] - |D| - [5110314] - C:\WINDOWS\twain_32 [MD5.076387B253E6A381090F59EDBFC5EEF6] - [12/04/2018 01:34:53] - |A| - (.- Gestionnaire de sources Twain_32 (Image Acquisition Interface).) - [65536] - (1.7.1.3) - C:\WINDOWS\twain_32.dll [14/06/2017 14:31:20] - |SD| - [0] - C:\WINDOWS\UpdateAssistantV2 [12/04/2018 01:38:21] - |D| - [12420] - C:\WINDOWS\Vss [11/04/2018 23:04:37] - |D| - [25810] - C:\WINDOWS\WaaS [12/04/2018 01:38:21] - |D| - [16998252] - C:\WINDOWS\Web [MD5.60CDAF0811BF825164C0E246F4F5620D] - [10/07/2015 13:04:27] - |A| - (.-.) - [124] - (0.0.0.0) - C:\WINDOWS\win.ini [MD5.C844CA459F3B209329984772269B6E56] - [12/04/2018 01:34:36] - |RAH| - (.-.) - [670] - (0.0.0.0) - C:\WINDOWS\WindowsShell.Manifest [MD5.2CC83D93DD1DDE691158CF5E9882420B] - [17/06/2018 14:37:08] - |A| - (.-.) - [276] - (0.0.0.0) - C:\WINDOWS\WindowsUpdate.log [MD5.EE1F0DE1ED3E8A5BF080B3497049969E] - [12/04/2018 01:34:52] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Relais Windows Winhlp32.) - [11776] - (10.0.17134.1) - C:\WINDOWS\winhlp32.exe [MD5.994A9385AF4C95DE63F64E6B0BAAD432] - [21/10/2016 16:34:07] - |A| - (.-.) - [167] - (0.0.0.0) - C:\WINDOWS\wininit.ini [11/04/2018 23:04:33] - |D| - [9234540634] - C:\WINDOWS\WinSxS [MD5.907AE50A03DEEC4CFFDC70EA3D5AD4D8] - [31/03/2014 21:34:22] - |A| - (.© 2012 Microsoft Corporation. Tous droits réservés. - Écran de veille de la Galerie de photos.) - [322248] - (16.4.3528.331) - C:\WINDOWS\WLXPGSS.SCR [MD5.E7E4D8D7340DA6934B9EA81CBB21374C] - [12/04/2018 01:33:56] - |A| - (.-.) - [316640] - (0.0.0.0) - C:\WINDOWS\WMSysPr9.prx [MD5.5266C61652051E9EF3A4D199001F6B17] - [12/04/2018 01:34:19] - |A| - (.© Microsoft Corporation. - Windows Write.) - [11264] - (10.0.17134.1) - C:\WINDOWS\write.exe ---------- | C:\WINDOWS\System32\GroupPolicy ---------- | Systemroot\System ---------- | Systemroot\Installer (Microsoft Files Whitelisted) [17/06/2018 11:09:47] - C:\WINDOWS\Installer\13191ff3.msi : (Skype - Skype Technologies S.A.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [22/05/2015 00:20:35] - C:\WINDOWS\Installer\149c9.msi : ( - Hewlett-Packard) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [05/02/2015 10:53:08] - C:\WINDOWS\Installer\149ce.msi : (swMSM - Adobe Systems, Inc) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [02/10/2012 04:27:55] - C:\WINDOWS\Installer\19ff8.msi : ( - Hewlett-Packard Company) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [09/07/2015 10:19:18] - C:\WINDOWS\Installer\19ffd.msi : (HP ePrint Windows Driver - HP) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [20/08/2015 03:23:03] - C:\WINDOWS\Installer\1a012.msi : ( - © 2008-2015 Hewlett-Packard Development Compay, L.P.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [10/09/2015 03:30:20] - C:\WINDOWS\Installer\1a062.msi : (Blank Project Template - Macrovision Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [04/08/2015 02:16:44] - C:\WINDOWS\Installer\1a067.msi : ( - Hewlett-Packard) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [08/12/2015 20:12:58] - C:\WINDOWS\Installer\1a070.msi : (Evernote v. 5.8.13 - Evernote Corp.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [03/07/2015 19:57:37] - C:\WINDOWS\Installer\1a075.msi : (Dropbox 25 GB - Dropbox, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [09/09/2015 21:36:24] - C:\WINDOWS\Installer\1a0a9.msi : (Blank Project Template - Macrovision Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [20/05/2018 09:38:49] - C:\WINDOWS\Installer\1bc964cf.msi : (7-Zip (x64 edition) Package - Igor Pavlov) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [01/02/2013 23:53:16] - C:\WINDOWS\Installer\1e742.msi : ( - Hewlett-Packard Company) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [22/05/2018 22:05:58] - C:\WINDOWS\Installer\2bbb92.msi : (Apple Application Support Installer - Apple Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [22/05/2018 22:06:04] - C:\WINDOWS\Installer\2bbb97.msi : (Apple Application Support Installer - Apple Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [08/05/2018 16:53:58] - C:\WINDOWS\Installer\2bbbc8.msi : (Apple Mobile Device Support Installer - Apple Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [27/04/2018 01:54:00] - C:\WINDOWS\Installer\2bbbcd.msi : (Apple Software Update Installer - Apple Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [19/06/2018 13:12:30] - C:\WINDOWS\Installer\2d83f1e.msi : (Google Chrome Installer - Google, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [19/06/2018 13:19:13] - C:\WINDOWS\Installer\2e4428d.msi : (Google Update Helper - Google Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [20/05/2018 11:40:10] - C:\WINDOWS\Installer\58b75.msi : (Dropbox Update Helper - Dropbox, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [11/10/2016 10:10:15] - C:\WINDOWS\Installer\775326a.msi : (HP Support Solutions Framework - HP Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [22/07/2014 03:38:47] - C:\WINDOWS\Installer\789b9de.msi : (HP Update - Hewlett-Packard) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [22/07/2014 03:38:49] - C:\WINDOWS\Installer\789b9e4.msi : (I.R.I.S. OCR - HP) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [22/07/2014 03:38:50] - C:\WINDOWS\Installer\789b9ea.msi : (HP Officejet 4630 series Get product specific help to easily troubleshoot and fix problems. - Hewlett Packard) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [22/07/2014 03:38:51] - C:\WINDOWS\Installer\789b9f0.msi : (Product Improvement Study for HP Officejet 4630 series - Hewlett-Packard Co.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [22/07/2014 03:38:42] - C:\WINDOWS\Installer\9f88034.msi : (HP Officejet 4630 series Basic Device Software - Hewlett-Packard Co.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [14/07/2015 14:51:48] - C:\WINDOWS\Installer\b16d2.msi : (Intel(R) Chipset Device Software - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [14/08/2015 03:23:14] - C:\WINDOWS\Installer\b16d7.msi : (Intel(R) ME UninstallLegacy - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [14/08/2015 03:24:44] - C:\WINDOWS\Installer\b16dc.msi : (Intel(R) Management Engine Components - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [14/08/2015 03:25:04] - C:\WINDOWS\Installer\b16e3.msi : (Intel(R) Management Engine Components - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [22/05/2015 18:27:22] - C:\WINDOWS\Installer\b16e8.msi : (Intel(R) Trusted Connect Service Client - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [21/07/2015 15:41:45] - C:\WINDOWS\Installer\b1712.msi : (AMD Catalyst Install Manager Installer (64 bit) - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [21/07/2015 15:41:40] - C:\WINDOWS\Installer\b171c.msi : (Branding - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [21/07/2015 15:41:43] - C:\WINDOWS\Installer\b1721.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [21/07/2015 15:41:43] - C:\WINDOWS\Installer\b1726.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [21/07/2015 15:41:43] - C:\WINDOWS\Installer\b172b.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [21/07/2015 15:41:43] - C:\WINDOWS\Installer\b1730.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [21/07/2015 15:41:43] - C:\WINDOWS\Installer\b1735.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [21/07/2015 15:41:43] - C:\WINDOWS\Installer\b173a.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [21/07/2015 15:41:43] - C:\WINDOWS\Installer\b173f.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [21/07/2015 15:41:43] - C:\WINDOWS\Installer\b1744.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [21/07/2015 15:41:43] - C:\WINDOWS\Installer\b1749.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [21/07/2015 15:41:43] - C:\WINDOWS\Installer\b174e.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [21/07/2015 15:41:43] - C:\WINDOWS\Installer\b1753.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [21/07/2015 15:41:43] - C:\WINDOWS\Installer\b1758.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [21/07/2015 15:41:43] - C:\WINDOWS\Installer\b175d.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [21/07/2015 15:41:43] - C:\WINDOWS\Installer\b1762.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [21/07/2015 15:41:44] - C:\WINDOWS\Installer\b1767.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [21/07/2015 15:41:44] - C:\WINDOWS\Installer\b176c.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [21/07/2015 15:41:44] - C:\WINDOWS\Installer\b1771.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [21/07/2015 15:41:44] - C:\WINDOWS\Installer\b1776.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [21/07/2015 15:41:44] - C:\WINDOWS\Installer\b177b.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [21/07/2015 15:41:44] - C:\WINDOWS\Installer\b1780.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [21/07/2015 15:41:44] - C:\WINDOWS\Installer\b1785.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [21/07/2015 15:41:44] - C:\WINDOWS\Installer\b178a.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [21/07/2015 15:41:44] - C:\WINDOWS\Installer\b178f.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [21/07/2015 15:41:44] - C:\WINDOWS\Installer\b1794.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [21/07/2015 15:41:43] - C:\WINDOWS\Installer\b179a.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [25/07/2015 12:11:10] - C:\WINDOWS\Installer\b17a5.msi : (Intel(R) Rapid Storage Technology - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [23/01/2017 16:04:45] - C:\WINDOWS\Installer\b5ff7f5.msi : (Broadcom Bluetooth Drivers - Broadcom Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [08/12/2015 19:39:05] - C:\WINDOWS\Installer\c6fb.msi : (HP Support Assistant - Hewlett-Packard Company) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [08/12/2015 19:41:15] - C:\WINDOWS\Installer\c700.msi : (Blank Project Template - Hewlett-Packard) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [20/07/2015 17:26:44] - C:\WINDOWS\Installer\c705.msi : (Blank Project Template - Hewlett-Packard) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] ---------- | %System%\*.in* [12/04/2018 01:33:56] - [3329] - C:\WINDOWS\System32\ieuinit.inf [06/06/2018 05:18:36] - [1971076] - C:\WINDOWS\System32\PerfStringBackup.INI [12/04/2018 01:34:33] - [60124] - C:\WINDOWS\System32\tcpmon.ini [12/04/2018 01:34:20] - [2404] - C:\WINDOWS\System32\WimBootCompress.ini [12/04/2018 01:34:00] - [3329] - C:\WINDOWS\Syswow64\ieuinit.inf [24/09/2017 04:58:32] - [1967654] - C:\WINDOWS\Syswow64\PerfStringBackup.INI [12/04/2018 01:34:49] - [2404] - C:\WINDOWS\Syswow64\WimBootCompress.ini ---------- | Listing no Microsoft signed files (Not necessary Malwares) | system32 | Syswow64 | General scan [MD5.7D2845DC19988537E4A19FBFF506DBEC] - |A| - [18/06/2018 00:21:59] - (.-.) - [29.55 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\chrome_installer.log [MD5.00000000000000000000000000000000] - |D| - [12/06/2018 12:56:55] - [0.04 Ko] - C:\WINDOWS\Temp\Crashpad [MD5.00000000000000000000000000000000] - |D| - [21/06/2018 04:27:57] - [1890.35 Ko] - C:\WINDOWS\Temp\CR_7CE9C.tmp [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [16/06/2018 13:48:50] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-B9A6OIH-20180616-1348.log [MD5.619CF4688F7C907B4A3E6FCEF0BE938F] - |A| - [16/06/2018 21:48:22] - (.-.) - [11.17 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-B9A6OIH-20180616-2148.log [MD5.5461E5E4068B652F99543656DE2AB189] - |A| - [16/06/2018 22:56:34] - (.-.) - [11.17 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-B9A6OIH-20180616-2256.log [MD5.6A8DDEA8D564D569E9F44F7105D25D6D] - |A| - [17/06/2018 05:05:49] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-B9A6OIH-20180617-0505.log [MD5.5D55B0E21BDF7F02B3D717937F9FF045] - |A| - [17/06/2018 07:00:56] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-B9A6OIH-20180617-0700.log [MD5.3CBD28C743ACA2ABBA025F554DB0580A] - |A| - [17/06/2018 07:32:58] - (.-.) - [11.89 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-B9A6OIH-20180617-0732.log [MD5.25FB4865B2DD36DC64C2541686BF2241] - |A| - [17/06/2018 07:51:35] - (.-.) - [7.2 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-B9A6OIH-20180617-0751.log [MD5.6E7BD83B2EE3D19B0378949BF848BF36] - |A| - [17/06/2018 08:06:59] - (.-.) - [11.17 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-B9A6OIH-20180617-0806.log [MD5.A0BC2F2E772E9DC509F85C81DF9B9098] - |A| - [17/06/2018 09:03:16] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-B9A6OIH-20180617-0903.log [MD5.665058445077C7A26C66B058C7FB7956] - |A| - [17/06/2018 09:54:36] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-B9A6OIH-20180617-0954.log [MD5.FA75B1200DC8B31D8E348575D4BDDE0C] - |A| - [17/06/2018 10:02:51] - (.-.) - [21.61 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-B9A6OIH-20180617-1002.log [MD5.7A28F8BAE65173D043B81D6D3F1F7E90] - |A| - [17/06/2018 11:15:37] - (.-.) - [10.58 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-B9A6OIH-20180617-1115.log [MD5.E18488E9EE36F5CA4AC8AF3F031FE31F] - |A| - [17/06/2018 11:23:29] - (.-.) - [11.17 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-B9A6OIH-20180617-1123.log [MD5.28C8BF57B659C63EEF324520AF50E7A9] - |A| - [17/06/2018 12:38:24] - (.-.) - [11.17 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-B9A6OIH-20180617-1238.log [MD5.E9E8C582C200B94107314F8B84BB79DC] - |A| - [17/06/2018 12:52:36] - (.-.) - [11.17 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-B9A6OIH-20180617-1252.log [MD5.113F9A7F0B15FDB2A8BD306BAA194D56] - |A| - [17/06/2018 14:32:20] - (.-.) - [12.12 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-B9A6OIH-20180617-1432.log [MD5.E1697A2FC450C2B059E82D097E22C419] - |A| - [17/06/2018 14:34:09] - (.-.) - [12.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-B9A6OIH-20180617-1434.log [MD5.6B4EBA214F4DA2FEC860DF9ABC1D58AC] - |A| - [17/06/2018 14:42:56] - (.-.) - [11.17 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-B9A6OIH-20180617-1442.log [MD5.A1F2917DBC0B0213B7A1C1C2514F079C] - |A| - [17/06/2018 16:01:18] - (.-.) - [12.96 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-B9A6OIH-20180617-1601.log [MD5.7084255E85F981C5AE408CB551392F12] - |A| - [17/06/2018 16:21:02] - (.-.) - [11.15 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-B9A6OIH-20180617-1620.log [MD5.7BD319D6975656DEA8E868834D7BC17C] - |A| - [17/06/2018 18:38:27] - (.-.) - [11.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-B9A6OIH-20180617-1838.log [MD5.0372F4D2874EBF9E5DFF37976C148A56] - |A| - [17/06/2018 18:44:08] - (.-.) - [85.25 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-B9A6OIH-20180617-1844.log [MD5.9BDDF41DD4822280AA3B420FEC4E1F85] - |A| - [17/06/2018 18:46:12] - (.-.) - [11.17 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-B9A6OIH-20180617-1846.log [MD5.98E15F404BCFFA461859F6827A9B8918] - |A| - [18/06/2018 09:44:33] - (.-.) - [6.44 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-B9A6OIH-20180618-0944.log [MD5.64B5FAEB57E629603093FB996A439AEF] - |A| - [18/06/2018 09:44:33] - (.-.) - [11.17 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-B9A6OIH-20180618-0944a.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [18/06/2018 10:12:44] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-B9A6OIH-20180618-1012.log [MD5.0A7629C8CFA6751DBDE21576E178E223] - |A| - [18/06/2018 11:30:50] - (.-.) - [20.86 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-B9A6OIH-20180618-1130.log [MD5.3397085F2D8B16F15FCE749FE6734C88] - |A| - [18/06/2018 11:32:01] - (.-.) - [98.61 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-B9A6OIH-20180618-1132.log [MD5.3EB209C5DBF4FBA226B1949CA499FC8E] - |A| - [18/06/2018 11:41:27] - (.-.) - [152.3 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-B9A6OIH-20180618-1141.log [MD5.DA811CB6DBCF1448D19E59B8EFE454D2] - |A| - [18/06/2018 11:42:01] - (.-.) - [9.81 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-B9A6OIH-20180618-1142.log [MD5.F591B9B2DC8DD64A4CE011BB5DBFDF6E] - |A| - [18/06/2018 11:42:15] - (.-.) - [33.07 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-B9A6OIH-20180618-1142a.log [MD5.FC32522BE39C10A9A4D459D309FA455B] - |A| - [18/06/2018 12:52:42] - (.-.) - [11.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-B9A6OIH-20180618-1252.log [MD5.9885817523335241961E8C89D40708D4] - |A| - [18/06/2018 14:58:10] - (.-.) - [11.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-B9A6OIH-20180618-1458.log [MD5.CE72FD66BD4E66571CDD0F8529E969E9] - |A| - [18/06/2018 17:19:09] - (.-.) - [11.17 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-B9A6OIH-20180618-1719.log [MD5.CCEF7CDD4A029C847C0DEA23E0AB1913] - |A| - [18/06/2018 23:31:48] - (.-.) - [11.15 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-B9A6OIH-20180618-2331.log [MD5.ADED2F1C0C58E25583B22E4AB3B04997] - |A| - [18/06/2018 23:56:29] - (.-.) - [59.43 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-B9A6OIH-20180618-2356.log [MD5.5CEC9C2328E54648A1D92CACF4E42F01] - |A| - [19/06/2018 00:03:07] - (.-.) - [11.17 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-B9A6OIH-20180619-0003.log [MD5.1E4349CCA845E642925244A011682A5A] - |A| - [19/06/2018 03:00:29] - (.-.) - [11.15 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-B9A6OIH-20180619-0300.log [MD5.54E9B0A41765A52A0BB3CBD324602808] - |A| - [19/06/2018 04:00:08] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-B9A6OIH-20180619-0400.log [MD5.F4225F3C92F3FF80FD86A5458EA4336B] - |A| - [19/06/2018 04:06:15] - (.-.) - [2.46 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-B9A6OIH-20180619-0406.log [MD5.89B151A5DACE5E73871F9F1F9DF34793] - |A| - [19/06/2018 04:23:23] - (.-.) - [11.55 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-B9A6OIH-20180619-0423.log [MD5.4BB14AFEB6A8BAA41D69420278C7A7CE] - |A| - [19/06/2018 04:54:38] - (.-.) - [11.92 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-B9A6OIH-20180619-0454.log [MD5.5145746A4A6FA408E1FF7D7B394C64BA] - |A| - [19/06/2018 05:33:26] - (.-.) - [11.17 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-B9A6OIH-20180619-0533.log [MD5.7C4F6E7864C6A9FA74124414A4738B56] - |A| - [19/06/2018 05:43:47] - (.-.) - [11.91 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-B9A6OIH-20180619-0543.log [MD5.2F5318817C2FE4B8575B41DE8559BB09] - |A| - [19/06/2018 05:54:45] - (.-.) - [11.89 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-B9A6OIH-20180619-0554.log [MD5.DF20A2AA2283F9C1A61A4CF72459ED6D] - |A| - [19/06/2018 06:51:09] - (.-.) - [11.15 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-B9A6OIH-20180619-0651.log [MD5.A4FCAB046C92294642BA71D26492A30A] - |A| - [19/06/2018 07:52:14] - (.-.) - [11.17 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-B9A6OIH-20180619-0752.log [MD5.0EFA82F90CBC470FDF960283FAD5C18A] - |A| - [19/06/2018 07:59:46] - (.-.) - [2.3 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-B9A6OIH-20180619-0759.log [MD5.E8C846685D8CA193794FFF1CC15C0CD3] - |A| - [19/06/2018 08:03:59] - (.-.) - [11.86 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-B9A6OIH-20180619-0803.log [MD5.3B3C990AE5F36856584008ED95F3B790] - |A| - [19/06/2018 08:20:11] - (.-.) - [11.55 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-B9A6OIH-20180619-0820.log [MD5.47BE0D728091A2F25D3456AA7B690DDF] - |A| - [19/06/2018 09:29:25] - (.-.) - [11.15 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-B9A6OIH-20180619-0929.log [MD5.00888A85A6F860A222D73A1308C1ACF2] - |A| - [19/06/2018 16:45:52] - (.-.) - [19.75 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-B9A6OIH-20180619-1645.log [MD5.9574DEDF76AC271DC485BB429C909908] - |A| - [19/06/2018 16:46:49] - (.-.) - [54.48 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-B9A6OIH-20180619-1646.log [MD5.DA134F963DB489986D21D03D9DD423C2] - |A| - [19/06/2018 17:27:37] - (.-.) - [11.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-B9A6OIH-20180619-1727.log [MD5.6F20A8A51AE62603E6C549715E60D792] - |A| - [19/06/2018 17:54:31] - (.-.) - [11.17 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-B9A6OIH-20180619-1754.log [MD5.05DB36B479CEFD6AA6ACEF41166D544A] - |A| - [19/06/2018 20:36:55] - (.-.) - [47.22 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-B9A6OIH-20180619-2036.log [MD5.FA8016EE716E0374100E162BC832A5BC] - |A| - [19/06/2018 20:47:06] - (.-.) - [11.17 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-B9A6OIH-20180619-2047.log [MD5.667EEAE73D5AA18E3CA1337133D20D06] - |A| - [19/06/2018 21:50:00] - (.-.) - [11.55 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-B9A6OIH-20180619-2150.log [MD5.B4984156FB5691F0E5D3B8135603FA54] - |A| - [19/06/2018 22:14:31] - (.-.) - [11.17 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-B9A6OIH-20180619-2214.log [MD5.A3711E55BB7F2B4656A596E6C99F207E] - |A| - [19/06/2018 22:58:27] - (.-.) - [11.12 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-B9A6OIH-20180619-2258.log [MD5.0121312BD0D08C8F154D52299250DE3C] - |A| - [19/06/2018 23:04:22] - (.-.) - [11.92 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-B9A6OIH-20180619-2304.log [MD5.D2DC752040627A664FD35BBE0E976B6F] - |A| - [19/06/2018 23:44:10] - (.-.) - [11.17 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-B9A6OIH-20180619-2344.log [MD5.8A726C6B56D66A12C2407AB51D19014E] - |A| - [20/06/2018 02:50:43] - (.-.) - [11.15 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-B9A6OIH-20180620-0250.log [MD5.7EE601C2032681C58CD3A6560BD41BC4] - |A| - [20/06/2018 03:51:31] - (.-.) - [11.15 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-B9A6OIH-20180620-0351.log [MD5.248066867305B522755C42D1FBD8BF9D] - |A| - [20/06/2018 04:00:10] - (.-.) - [6.83 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-B9A6OIH-20180620-0400.log [MD5.B45AF480AC9695940FD1E645AED43DCC] - |A| - [20/06/2018 07:23:30] - (.-.) - [2.52 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-B9A6OIH-20180620-0723.log [MD5.2D6A5943FDC360E5D1126F270D3C5D3A] - |A| - [20/06/2018 08:24:23] - (.-.) - [11.17 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-B9A6OIH-20180620-0824.log [MD5.BC27009045EA0281B1AFB52BEE59AD69] - |A| - [20/06/2018 18:57:46] - (.-.) - [21.24 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-B9A6OIH-20180620-1857.log [MD5.26DF9EF1AF82044E5026A237A553DB84] - |A| - [20/06/2018 22:01:25] - (.-.) - [11.17 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-B9A6OIH-20180620-2201.log [MD5.8BBF9187B60A15F833B2A01EEEC0BC58] - |A| - [20/06/2018 22:26:09] - (.-.) - [11.17 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-B9A6OIH-20180620-2226.log [MD5.B794E5D3101A57739AB5607AE3C932A9] - |A| - [20/06/2018 23:14:45] - (.-.) - [11.15 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-B9A6OIH-20180620-2314.log [MD5.074361FBF49E494FD7FA64135BA811D2] - |A| - [20/06/2018 23:19:49] - (.-.) - [11.89 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-B9A6OIH-20180620-2319.log [MD5.F2EAC96161E9D119DF0C026EFD3C2E2C] - |A| - [21/06/2018 00:30:45] - (.-.) - [11.17 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-B9A6OIH-20180621-0030.log [MD5.3D672088317EAF660FD018F034FF43D5] - |A| - [21/06/2018 02:26:20] - (.-.) - [11.17 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-B9A6OIH-20180621-0226.log [MD5.203899EA4C6B38BAADF508A274747BDE] - |A| - [21/06/2018 04:00:08] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-B9A6OIH-20180621-0400.log [MD5.E8770FED11B32C3A0C53F23ACCCC927F] - |A| - [21/06/2018 04:56:03] - (.-.) - [11.17 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-B9A6OIH-20180621-0456.log [MD5.3A0F0AA731BD1B6E2C4F1134F36BDFE3] - |A| - [21/06/2018 07:23:30] - (.-.) - [6.83 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-B9A6OIH-20180621-0723.log [MD5.8CFE26CD90B5FAA64AD17F703AF4139F] - |A| - [21/06/2018 08:05:12] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-B9A6OIH-20180621-0805.log [MD5.0EFF055523AC244B89E2A9392A5D7682] - |A| - [21/06/2018 08:33:07] - (.-.) - [11.55 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-B9A6OIH-20180621-0833.log [MD5.BCCD61274F829BB1C6A3B782672E9EE5] - |A| - [21/06/2018 10:34:16] - (.-.) - [11.55 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-B9A6OIH-20180621-1034.log [MD5.15D9F7479BDEAF9A47EE06DFA9107FA5] - |A| - [21/06/2018 12:00:12] - (.-.) - [11.17 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-B9A6OIH-20180621-1200.log [MD5.00000000000000000000000000000000] - |D| - [06/06/2018 05:17:06] - [501.49 Ko] - C:\WINDOWS\Temp\DPTF [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [19/06/2018 20:44:15] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\FXSAPIDebugLogFile.txt [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [19/06/2018 20:44:14] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\FXSTIFFDebugLogFile.txt [MD5.00000000000000000000000000000000] - |D| - [13/06/2018 18:12:47] - [0 Ko] - C:\WINDOWS\Temp\HP [MD5.00000000000000000000000000000000] - |D| - [19/06/2018 20:44:12] - [91.37 Ko] - C:\WINDOWS\Temp\HP Support Framework [MD5.D48BED467AE85815EC35F23C1E0AFD94] - |A| - [17/06/2018 11:21:45] - (.-.) - [2.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20180617-112145-0.log [MD5.972C181EBE7FF5C5C612009CE0FA611B] - |A| - [17/06/2018 14:38:14] - (.-.) - [2.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20180617-143814-0.log [MD5.5D1466D2998E7BF3742914C4B779D484] - |A| - [17/06/2018 16:05:32] - (.-.) - [2.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20180617-160532-0.log [MD5.EC406AADB40C41B04B5833D904A7DC18] - |A| - [17/06/2018 18:36:10] - (.-.) - [2.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20180617-183610-0.log [MD5.ED41B2CC1A0F534E4FCA6323A8B7A33F] - |A| - [18/06/2018 23:59:38] - (.-.) - [2.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20180618-235938-0.log [MD5.2F7869F70C06989A8F31032B888F3D32] - |A| - [19/06/2018 20:39:12] - (.-.) - [2.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20180619-203912-0.log [MD5.00000000000000000000000000000000] - |D| - [18/06/2018 11:31:26] - [17.3 Ko] - C:\WINDOWS\Temp\OfficeC2R65D383B1-E870-4242-A1F0-21DEE4FB51AC [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [17/06/2018 11:15:40] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(20180617111540FCC).log [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [17/06/2018 14:32:21] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(2018061714322131DC).log [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [19/06/2018 20:36:56] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(20180619203656F10).log [MD5.1EEC6F1F59E6B48F936ACDFB0D661B34] - |A| - [18/06/2018 23:44:35] - (.-.) - [0.34 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TSpybotUpdaterThread.log [MD5.00000000000000000000000000000000] - |D| - [06/06/2018 05:26:39] - [0 Ko] - C:\WINDOWS\Temp\_avast_ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:18:38] - [0 Ko] - C:\WINDOWS\System32\0409 [MD5.3B871F67A673C90F2EA93C391B6577A7] - |A| - [08/12/2015 20:44:44] - (.-.) - [15.77 Ko] - (0.0.0.0) - C:\WINDOWS\System32\7N0C99R45NS0O_Administrator_HistoryPrediction.bin [MD5.94FEA34B24D807AF4614839208E8261C] - |A| - [08/12/2015 21:40:54] - (.-.) - [15.77 Ko] - (0.0.0.0) - C:\WINDOWS\System32\8IC6SVNCE13C7_Administrator_HistoryPrediction.bin [MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [12/04/2018 01:34:20] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@AudioToastIcon.png [MD5.8E4B25CC8E98F63DBD54176DFAB539E0] - |A| - [12/04/2018 01:34:07] - (.-.) - [0.44 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@BackgroundAccessToastIcon.png [MD5.3937359E324E15F6A7A7092D4DAEBD64] - |A| - [12/04/2018 01:34:25] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@bitlockertoastimage.png [MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [12/04/2018 01:34:14] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@EnrollmentToastIcon.png [MD5.C2A332DE50FE519DA21AFB8BD6E134F4] - |A| - [12/04/2018 01:34:27] - (.-.) - [0.55 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@language_notification_icon.png [MD5.A119D69B4C29845D3F8CE2E5638C8E65] - |A| - [12/04/2018 01:34:32] - (.-.) - [0.47 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@optionalfeatures.png [MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [12/04/2018 01:34:33] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@VpnToastIcon.png [MD5.7AC3EA1A5175106ED6467FF0C5315541] - |A| - [12/04/2018 01:34:44] - (.-.) - [14.75 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WiFiNotificationIcon.png [MD5.79166EAF65485F1432DD72B72870026B] - |A| - [12/04/2018 01:34:04] - (.-.) - [190.86 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@windows-hello-V4.1.gif [MD5.13EF2C8D799F7B6E9D8E3D6BACB9C779] - |A| - [12/04/2018 01:34:04] - (.-.) - [0.7 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsHelloFaceToastIcon.png [MD5.F553B252FEC3134D4F5303D9B25298B3] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsUpdateToastIcon.contrast-black.png [MD5.DAD405CBDE259DE527EBF71BCC28099C] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.79 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsUpdateToastIcon.contrast-white.png [MD5.F553B252FEC3134D4F5303D9B25298B3] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsUpdateToastIcon.png [MD5.DB71001FC261F6685BE410527DAE3942] - |A| - [12/04/2018 01:34:20] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WirelessDisplayToast.png [MD5.D0FCF781D0801ABF5F74B54E98076A5B] - |A| - [12/04/2018 01:34:12] - (.-.) - [0.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WwanNotificationIcon.png [MD5.85D91E478AF18125007C531227FF6E59] - |A| - [12/04/2018 01:34:12] - (.-.) - [0.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WwanSimLockIcon.png [MD5.00000000000000000000000000000000] - |D| - [11/04/2018 23:04:39] - [2891.9 Ko] - C:\WINDOWS\System32\AdvancedInstallers [MD5.8330AD388F2A6A036DE0B36812B303D5] - |A| - [08/12/2015 19:53:19] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon AMD AVE Driver Component.) - [105.26 Ko] - (8.4.6.0) - C:\WINDOWS\System32\amdave64.dll [MD5.47ED16DA806EDC944F87A8BF3209FA3D] - |A| - [08/12/2015 19:53:19] - (.-.) - [163.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\amde31a.dat [MD5.E3F0E6D4F450D73A5C114770C9405EA2] - |A| - [08/12/2015 19:53:19] - (.-.) - [200 Ko] - (0.0.0.0) - C:\WINDOWS\System32\amdgfxinfo64.dll [MD5.2852182EBEE311D00079F3C8E33D2DEE] - |A| - [08/12/2015 19:53:19] - (.Copyright (C) 2013 - Universal Adapter for Adobe.) - [138.47 Ko] - (1.0.0.1) - C:\WINDOWS\System32\amdhcp64.dll [MD5.D28A70F741CD6E8723D369A8DCB05552] - |A| - [08/12/2015 19:53:19] - (.-.) - [131.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\amdhdl64.dll [MD5.E7129DD863D220A38F5603AC3F8A501E] - |A| - [08/12/2015 19:53:19] - (.-.) - [811.05 Ko] - (0.0.0.0) - C:\WINDOWS\System32\amdicdxx.dat [MD5.672A020FF8D365B9571A045985F40664] - |A| - [08/12/2015 19:53:19] - (.-.) - [447.73 Ko] - (0.0.0.0) - C:\WINDOWS\System32\amdmiracast.dll [MD5.EE03567AE78F598AF39D9A0409E82C59] - |A| - [08/12/2015 19:53:19] - (.Copyright (c) 2013 Advanced Micro Devices, Inc. - Radeon MMOCL Universal Driver.) - [49.5 Ko] - (1.6.0.0) - C:\WINDOWS\System32\amdmmcl6.dll [MD5.9A3B06D30A72E32646ABE116065D8540] - |A| - [08/12/2015 19:53:20] - (.Copyright (C) 2011 Advanced Micro Devices Inc. - AMD COMPILER OpenCL 1.1 Compiler.) - [26890.5 Ko] - (0.8.0.0) - C:\WINDOWS\System32\amdocl12cl64.dll [MD5.EFA67BC9662F389EE9A37D6212D0BC28] - |A| - [08/12/2015 19:53:21] - (.Copyright (C) 2011 Advanced Micro Devices Inc. - AMD Accelerated Parallel Processing OpenCL 2.0 Runtime.) - [46663.5 Ko] - (10.0.1800.7) - C:\WINDOWS\System32\amdocl64.dll [MD5.ECC9D68F5BEF5CD67BE2D2F758661980] - |A| - [08/12/2015 19:53:22] - (.-.) - [1159.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\amdocl_as64.exe [MD5.DD3E0FE46F9AB3F9A339F4DD3B2B2E4C] - |A| - [08/12/2015 19:53:23] - (.-.) - [1037.01 Ko] - (0.0.0.0) - C:\WINDOWS\System32\amdocl_ld64.exe [MD5.369A3688F28FAF74641232F73ADD75E6] - |A| - [08/12/2015 19:53:23] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon PCOM Universal Driver.) - [76.59 Ko] - (8.14.10.23) - C:\WINDOWS\System32\amdpcom64.dll [MD5.0524EE7441E0326B8A3315AAAAFDBBF5] - |A| - [08/12/2015 19:53:23] - (.Copyright (C) 2014-2015 AMD Inc. - amdxc64.dll.) - [8889 Ko] - (8.18.10.40) - C:\WINDOWS\System32\amdxc64.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\System32\AppLocker [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [2535.95 Ko] - C:\WINDOWS\System32\appraiser [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [345.5 Ko] - C:\WINDOWS\System32\ar-SA [MD5.B4F803BBEAFAD4DE89C6D3718E93F4F0] - |A| - [12/04/2018 01:34:15] - (.Copyright (c) libarchive authors - Windows-internal libarchive library.) - [602 Ko] - (3.3.2.0) - C:\WINDOWS\System32\archiveint.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30.5 Ko] - C:\WINDOWS\System32\as-IN [MD5.F4C05547920F091BA19D7971DB5CFF6C] - |A| - [05/06/2018 15:41:28] - (.Copyright (c) 2018 AVAST Software - Avast start-up scanner.) - [367.71 Ko] - (18.4.3895.0) - C:\WINDOWS\System32\aswBoot.exe [MD5.B1555FC60CE75FCF44C084B7930F020C] - |A| - [08/12/2015 19:53:24] - (.Copyright (C) 2008-2014 Advanced Micro Devices, Inc. - ADL.) - [1218.5 Ko] - (7.15.20.1301) - C:\WINDOWS\System32\atiadlxx.dll [MD5.D303D90C05B52F874357AD47ADFF13E1] - |A| - [08/12/2015 19:53:24] - (.-.) - [645.42 Ko] - (0.0.0.0) - C:\WINDOWS\System32\atiapfxx.blb [MD5.C66FB1654B3D716D140B78CAE5B37F66] - |A| - [08/12/2015 19:53:24] - (.Copyright (C) 2009 Advanced Micro Devices, Inc. - atiapfxx Application.) - [358.5 Ko] - (6.14.10.1001) - C:\WINDOWS\System32\atiapfxx.exe [MD5.6E83FC0E5134245A57D2F6510FBB4A86] - |A| - [08/12/2015 19:53:24] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL compiler runtime.) - [54.5 Ko] - (6.14.10.1848) - C:\WINDOWS\System32\aticalcl64.dll [MD5.EB05E375FE9EA84A5044FB94959182BD] - |A| - [08/12/2015 19:53:24] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL DD.) - [15348.5 Ko] - (6.14.10.1848) - C:\WINDOWS\System32\aticaldd64.dll [MD5.E24A6A55D23A8F53A165B3B4DB7FAABB] - |A| - [08/12/2015 19:53:25] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL runtime.) - [61 Ko] - (6.14.10.1848) - C:\WINDOWS\System32\aticalrt64.dll [MD5.2AD5F7384AED05194C37C4407944610C] - |A| - [08/12/2015 19:53:25] - (.Copyright (C) 1998-2012 AMD Inc. - aticfx64.dll.) - [1408.83 Ko] - (8.17.10.1401) - C:\WINDOWS\System32\aticfx64.dll [MD5.A30F2D6A9129EB12D00FFB1444466CE5] - |A| - [08/12/2015 19:53:25] - (.2002-2012 - Graphics DEM.) - [432 Ko] - (4.5.5665.36486) - C:\WINDOWS\System32\atidemgy.dll [MD5.DAF01E05601363D7CB62D33FAD518166] - |A| - [08/12/2015 19:53:25] - (.Copyright (C) 1998-2011 AMD Inc. - atidxx64.dll.) - [11665.13 Ko] - (8.17.10.625) - C:\WINDOWS\System32\atidxx64.dll [MD5.4975455DA8E7C4CCEE70E5407A680AB0] - |A| - [08/12/2015 19:53:26] - (.-.) - [156.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\atieah64.exe [MD5.47EC0CF260FD2DF60C18A90146BE1402] - |A| - [08/12/2015 19:53:26] - (.Copyright © 2008-2009 AMD - AMD External Events Client Module.) - [656.5 Ko] - (6.14.11.1199) - C:\WINDOWS\System32\atieclxx.exe [MD5.DAAB3D59C97881214353F8B16B3AA22F] - |A| - [08/12/2015 19:53:26] - (.Copyright © 2008-2009 AMD - AMD External Events Service Module.) - [240 Ko] - (6.14.11.1199) - C:\WINDOWS\System32\atiesrxx.exe [MD5.E87658EA9D0C3349DD4E51C9D61F9340] - |A| - [08/12/2015 19:53:26] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiglpxx.dll.) - [73.5 Ko] - (8.14.1.6463) - C:\WINDOWS\System32\atig6pxx.dll [MD5.71BB871122409F36EEF7D8638D7B9053] - |A| - [08/12/2015 19:53:26] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atigktxx.dll.) - [153 Ko] - (8.14.1.6463) - C:\WINDOWS\System32\atig6txx.dll [MD5.E924E0A50514739BCB6CCD1DA3596EFB] - |A| - [08/12/2015 19:53:26] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiglpxx.dll.) - [68 Ko] - (8.14.1.6463) - C:\WINDOWS\System32\atiglpxx.dll [MD5.079EFFD5BECB418FE6596229B28D7324] - |A| - [08/12/2015 19:53:26] - (.-.) - [720.13 Ko] - (0.0.0.0) - C:\WINDOWS\System32\atiicdxx.dat [MD5.9ADC057BEB61492C68D2058C1F24C368] - |A| - [08/12/2015 19:53:26] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon PCOM Universal Driver.) - [76.59 Ko] - (8.14.10.23) - C:\WINDOWS\System32\atimpc64.dll [MD5.FA7C71D8C8EBEDD08E82682BC0B541E5] - |A| - [08/12/2015 19:53:26] - (.Copyright ? 2009 AMD - Multi-language DPPE DLL.) - [29 Ko] - (6.14.10.1002) - C:\WINDOWS\System32\atimuixx.dll [MD5.6B41D8E9AC5C55BBE5FC4ACE6A6C87A4] - |A| - [08/12/2015 19:53:26] - (.Copyright (C) 1998-2011 Advanced Micro Devices, Inc. - AMD OpenGL driver.) - [30029.5 Ko] - (6.14.10.13397) - C:\WINDOWS\System32\atio6axx.dll [MD5.A6BAAA6608A9B00220E9D5C023FC53D1] - |A| - [08/12/2015 19:53:27] - (.Copyright (C) 2008 - ATIODCLI Application.) - [50 Ko] - (1.0.0.1) - C:\WINDOWS\System32\ATIODCLI.exe [MD5.463FFBD3350E3EB57F7D5746EBD233CA] - |A| - [08/12/2015 19:53:27] - (.Copyright (C) 2008 - ATIODE Application.) - [325 Ko] - (1.0.0.1) - C:\WINDOWS\System32\ATIODE.exe [MD5.33C09F02E02909C79BF726D3CF2DF46F] - |A| - [08/12/2015 19:53:27] - (.Copyright (c) 2010 Advanced Micro Devices, Inc. - Radeon spu api dll.) - [87 Ko] - (7.1.0.1) - C:\WINDOWS\System32\atisamu64.dll [MD5.B063AECF5CF3F6E8E0BF4625F2DA4C97] - |A| - [08/12/2015 19:53:27] - (.Copy Right © 2012 Advanced Micro Devices, Inc - TMM Clone Control Module.) - [186.5 Ko] - (6.14.11.25) - C:\WINDOWS\System32\atitmm64.dll [MD5.803B29AD74B6BABE914AFAC160E2B470] - |A| - [08/12/2015 19:53:27] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiu9pag.dll.) - [117.33 Ko] - (8.14.1.6463) - C:\WINDOWS\System32\atiu9p64.dll [MD5.3AD64A464E9D8973B080993A5AD2270F] - |A| - [08/12/2015 19:53:27] - (.Copyright (C) 1998-2011 AMD Inc. - atiumd64.dll.) - [8580.12 Ko] - (9.14.10.1128) - C:\WINDOWS\System32\atiumd64.dll [MD5.24B60C0D5544D18408FEE1445D021C8E] - |A| - [08/12/2015 19:53:27] - (.-.) - [3357.06 Ko] - (0.0.0.0) - C:\WINDOWS\System32\atiumd6a.cap [MD5.79942BC2D784F9549AF682FB80D22788] - |A| - [08/12/2015 19:53:28] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon Video Acceleration Universal Driver.) - [8683.73 Ko] - (8.14.10.513) - C:\WINDOWS\System32\atiumd6a.dll [MD5.0129FF6C835B244DA9D96821F010EE1C] - |A| - [08/12/2015 19:53:28] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiuxpag.dll.) - [148.49 Ko] - (8.14.1.6463) - C:\WINDOWS\System32\atiuxp64.dll [MD5.882F611E60B50298FBA1D01286B9EAB5] - |A| - [08/12/2015 19:53:28] - (.-.) - [98.45 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ativce02.dat [MD5.BB61FA3E859ACCC43A1077FF83775979] - |A| - [08/12/2015 19:53:28] - (.-.) - [165.19 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ativce03.dat [MD5.5EBC73A78E5903E7CE6F6B25E4A6BE8F] - |A| - [08/12/2015 19:53:28] - (.-.) - [228.93 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ativvaxy_cik.dat [MD5.C55D2CBC17AAE1FBAC9135E7C31A4D31] - |A| - [08/12/2015 19:53:28] - (.-.) - [227.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ativvaxy_cik_nd.dat [MD5.0770A5AB5218E6D3134A7A7239B9A216] - |A| - [08/12/2015 19:53:28] - (.-.) - [249.81 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ativvaxy_cz_nd.dat [MD5.A81F68A0D3387A06182EFA3880D3F0BD] - |A| - [08/12/2015 19:53:28] - (.-.) - [245 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ativvaxy_FJ.dat [MD5.7EE8F6853798F7A900DB15F3054A0277] - |A| - [08/12/2015 19:53:28] - (.-.) - [243.25 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ativvaxy_FJ_nd.dat [MD5.11355CAC5334C8999211C09CAAE194EF] - |A| - [08/12/2015 19:53:29] - (.-.) - [315.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ativvaxy_vi.dat [MD5.3544D6AF6E0C9783C2CF6FA9CE42D520] - |A| - [08/12/2015 19:53:29] - (.-.) - [313.67 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ativvaxy_vi_nd.dat [MD5.7C163EDE63854539828F5B2C1BC529FD] - |A| - [08/12/2015 19:53:29] - (.-.) - [153.46 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ativvsva.dat [MD5.219D7091DD1D93728392337FE9C7ADD6] - |A| - [08/12/2015 19:53:29] - (.-.) - [200.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ativvsvl.dat [MD5.C03F0062C0749CDB59A4D60862C3E83E] - |A| - [12/04/2018 01:34:04] - (.-.) - [134.86 Ko] - (0.0.0.0) - C:\WINDOWS\System32\AverageRoom.bin [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\System32\az-Latn-AZ [MD5.705628497C0012302212A46ADD463E6E] - |A| - [12/04/2018 01:34:02] - (.-.) - [8.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.contrast-black.png [MD5.F63C615733A3337BF2BEA96C6EE9B568] - |A| - [12/04/2018 01:34:02] - (.-.) - [8.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.contrast-high.png [MD5.705628497C0012302212A46ADD463E6E] - |A| - [12/04/2018 01:34:02] - (.-.) - [8.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.contrast-white.png [MD5.DAF1DCB4AEE839A1965F4CC160C49A53] - |A| - [12/04/2018 01:34:02] - (.-.) - [8.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.png [MD5.28ECA83D7F9D10D69E969675D1FF6725] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.29 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothSystemToastIcon.contrast-white.png [MD5.A620186FF1CDE4EE117FC4CAD648B9CC] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.2 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\System32\bn-BD [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\System32\bn-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [4832.22 Ko] - C:\WINDOWS\System32\Boot [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\System32\bs-Latn-BA [MD5.06DB0A736F8A78151518276F232669FC] - |A| - [12/04/2018 01:34:19] - (.Copyright (C) 2008 - Gestionnaire de contexte pour réseau personnel Bluetooth.) - [181 Ko] - (1.0.0.1) - C:\WINDOWS\System32\BthpanContextHandler.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0.1 Ko] - C:\WINDOWS\System32\Bthprops [MD5.FD190EE8FA9786C09AAA4B459A7B79EA] - |A| - [08/12/2015 19:53:29] - (.-.) - [229.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\clinfo.exe [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [3779.05 Ko] - C:\WINDOWS\System32\CodeIntegrity [MD5.4A794C8BAA0D43B22EAFE9AEE4963E02] - |A| - [08/12/2015 19:53:29] - (.AMD. - CoInstaller DLL.) - [845.5 Ko] - (1.0.5.9) - C:\WINDOWS\System32\coinst_15.20.dll [MD5.64430E214B5B229D426D2D35538C402D] - |A| - [13/01/2017 16:28:14] - (.-.) - [366.38 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ColorImageEnhancement.wmv [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [368 Ko] - C:\WINDOWS\System32\com [MD5.535884123FABC2C15AA7DEC9834B55D4] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ComputerToastIcon.contrast-white.png [MD5.89F92266DFC6F93961DFFBB2D6C61A15] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.38 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ComputerToastIcon.png [MD5.7D6DC2A726B58D010C7EDDCC531AC763] - |A| - [08/12/2015 19:45:41] - (.2013 © Real Sound Lab SIA, iSoft Solutions - CONEQ™ Media Suite APO GUI Library.) - [119.46 Ko] - (1.0.0.4) - C:\WINDOWS\System32\CONEQMSAPOGUILibrary.dll [MD5.00000000000000000000000000000000] - |D| - [11/04/2018 23:04:33] - [308024.44 Ko] - C:\WINDOWS\System32\config [MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 01:38:21] - [53.11 Ko] - C:\WINDOWS\System32\Configuration [MD5.82DF5576BDD96CE8DF5A06C0571EA463] - |A| - [13/01/2017 16:28:14] - (.-.) - [499.28 Ko] - (0.0.0.0) - C:\WINDOWS\System32\cp_resources.bin [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [403.5 Ko] - C:\WINDOWS\System32\cs-CZ [MD5.BDEBD2FC4927DA00EEA263AF9CF8F7ED] - |A| - [12/04/2018 01:34:15] - (.© 1996 - 2017 Daniel Stenberg, . - The curl executable.) - [414.5 Ko] - (7.55.1.0) - C:\WINDOWS\System32\curl.exe [MD5.1BA2433CF449163585B4FB0AB516161C] - |A| - [08/12/2015 19:45:42] - (.©Conexant Systems Inc. - Conexant APO.) - [1564.41 Ko] - (1.31.0.0) - C:\WINDOWS\System32\CX64APO.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [31.5 Ko] - C:\WINDOWS\System32\cy-GB [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [399 Ko] - C:\WINDOWS\System32\da-DK [MD5.4EDE94905F4910EA8CF91D4101DA198A] - |A| - [12/04/2018 01:34:04] - (.-.) - [138 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DataStoreCacheDumpTool.exe [MD5.E3F625ECEDF4DFB92F1782679492CD40] - |A| - [18/06/2018 12:23:28] - (.Dropbox, Inc. - Dropbox Service.) - [49.83 Ko] - (1.0.24.0) - C:\WINDOWS\System32\DbxSvc.exe [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [217.6 Ko] - C:\WINDOWS\System32\DDFs [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [453 Ko] - C:\WINDOWS\System32\de-DE [MD5.C04ED7B2794D40E8E777FD44ED44FC50] - |A| - [12/04/2018 01:34:06] - (.-.) - [0.36 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultAccountTile.png [MD5.618BA9E529EAB7E11DBA43469481835F] - |A| - [12/04/2018 01:34:04] - (.-.) - [4128.04 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultHrtfs.bin [MD5.664AA698FC0106A2B075A641E8DC6302] - |A| - [12/04/2018 01:38:27] - (.-.) - [0.84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultQuestions.json [MD5.70FA0370B43062B88161E5441B7A14E9] - |A| - [06/10/2016 15:01:32] - (.-.) - [15.77 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DESKTOP-B9A6OIH_defaultuser0_HistoryPrediction.bin [MD5.74CBFD8DD24538D3E5E24305905841F1] - |A| - [10/07/2015 14:22:52] - (.-.) - [15.77 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DESKTOP-M7P1NB6_Administrator_HistoryPrediction.bin [MD5.4A6FA3C0EFD237F104E09A22883D9388] - |A| - [12/04/2018 01:34:17] - (.-.) - [3.85 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DetailedReading-Default.xml [MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 01:38:21] - [923.5 Ko] - C:\WINDOWS\System32\DiagSvcs [MD5.12ACC91FA93C8BF82D4EF3FB779ECEF8] - |A| - [12/04/2018 01:34:24] - (.-.) - [80.27 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DiskSnapshot.conf [MD5.00000000000000000000000000000000] - |D| - [11/04/2018 23:04:37] - [9773.77 Ko] - C:\WINDOWS\System32\Dism [MD5.17FBCE91AEBA666E5BC2423C8EB34E8B] - |A| - [13/01/2017 16:28:14] - (.-.) - [812.19 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DisplayAudiox64.cab [MD5.6AB2B935BF38EB13CFCB9506223FD6E7] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DisplaySystemToastIcon.contrast-white.png [MD5.FF004E0B30E5E4EC747B3D8EF6E3B89E] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DisplaySystemToastIcon.png [MD5.60E6C68CB0B797EDD0386A68526935A4] - |A| - [13/01/2017 16:28:14] - (.-.) - [0.91 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DPTopologyApp.exe.config [MD5.899E708E589C09700BFF1C73CB7D7002] - |A| - [13/01/2017 16:28:14] - (.-.) - [0.87 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DPTopologyAppv2_0.exe.config [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:37:59] - [144889.66 Ko] - C:\WINDOWS\System32\drivers [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\System32\DriverState [MD5.00000000000000000000000000000000] - |D| - [11/04/2018 23:04:33] - [3708049.09 Ko] - C:\WINDOWS\System32\DriverStore [MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 01:38:21] - [161.5 Ko] - C:\WINDOWS\System32\dsc [MD5.DF84EB7B44D1414284BA384F0061D1DC] - |A| - [12/04/2018 01:34:04] - (.-.) - [728.08 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DynamicLong.bin [MD5.346870077DFD18867A9693C7A59AA3E6] - |A| - [12/04/2018 01:34:04] - (.-.) - [503.08 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DynamicMedium.bin [MD5.2BEC13D68312ADE8C0065D8BCC146D2F] - |A| - [12/04/2018 01:34:04] - (.-.) - [315.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DynamicShort.bin [MD5.08C33E4AB904EC0960B0781ED26AE039] - |A| - [12/04/2018 01:33:52] - (.-.) - [2.04 Ko] - (0.0.0.0) - C:\WINDOWS\System32\edgehtmlpluginpolicy.bin [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [451.5 Ko] - C:\WINDOWS\System32\el-GR [MD5.44A96701974749026BDC1D90A15E13A9] - |A| - [21/10/2016 15:19:12] - (.-.) - [22.66 Ko] - (0.0.0.0) - C:\WINDOWS\System32\emptyregdb.dat [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:18:38] - [0 Ko] - C:\WINDOWS\System32\en [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [324 Ko] - C:\WINDOWS\System32\en-GB [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [2141.03 Ko] - C:\WINDOWS\System32\en-US [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [433.5 Ko] - C:\WINDOWS\System32\es-ES [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [358.5 Ko] - C:\WINDOWS\System32\es-MX [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [318.5 Ko] - C:\WINDOWS\System32\et-EE [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29 Ko] - C:\WINDOWS\System32\eu-ES [MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 01:38:21] - [17223.14 Ko] - C:\WINDOWS\System32\F12 [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\System32\fa-IR [MD5.BA1979B438A6CD4B458E082E524A5D4A] - |A| - [12/04/2018 01:34:04] - (.-.) - [1279.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FaceProcessor.dll [MD5.BBF29A467B7BA9F6CD1BFAD45CF1C52F] - |A| - [12/04/2018 01:34:04] - (.-.) - [530.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FaceProcessorCore.dll [MD5.BB0137476B1EC8B10CE944BF023C91F6] - |A| - [12/04/2018 01:34:04] - (.-.) - [1317.05 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FaceTrackerInternal.dll [MD5.4DED57BD7ACB9B0EBBE82034EC44645A] - |A| - [12/04/2018 01:34:41] - (.-.) - [43.22 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FeatureToastBulldogImg.png [MD5.E65D2A37B6D4445D0CD9234BA933475B] - |A| - [12/04/2018 01:33:53] - (.-.) - [72.96 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FeatureToastHeroImg.jpg [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [404.5 Ko] - C:\WINDOWS\System32\fi-FI [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32.5 Ko] - C:\WINDOWS\System32\fil-PH [MD5.A08B87CC51FB774ED45FDF4284B1974F] - |A| - [13/01/2017 16:28:14] - (.-.) - [626.49 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FilmModeDetection.wmv [MD5.60AB676B280E8168D259972701DE7158] - |A| - [06/06/2018 05:12:09] - (.-.) - [409.81 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FNTCACHE.DAT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:18:38] - [3403 Ko] - C:\WINDOWS\System32\fr [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [369 Ko] - C:\WINDOWS\System32\fr-CA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [45633 Ko] - C:\WINDOWS\System32\fr-FR [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\System32\FxsTmp [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32.5 Ko] - C:\WINDOWS\System32\ga-IE [MD5.41FD64AE28A0C932CA7B2A250993D675] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.45 Ko] - (0.0.0.0) - C:\WINDOWS\System32\GameSystemToastIcon.contrast-white.png [MD5.6DC77FD8B062264AF1C6DA325ABB7010] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\GameSystemToastIcon.png [MD5.2E6AF4D5BF6E31E728F409984C3045D4] - |A| - [12/04/2018 01:34:39] - (.-.) - [86.7 Ko] - (0.0.0.0) - C:\WINDOWS\System32\gatherNetworkInfo.vbs [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [34 Ko] - C:\WINDOWS\System32\gd-GB [MD5.899E708E589C09700BFF1C73CB7D7002] - |A| - [13/01/2017 16:28:14] - (.-.) - [0.87 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxv2_0.exe.config [MD5.60E6C68CB0B797EDD0386A68526935A4] - |A| - [13/01/2017 16:28:14] - (.-.) - [0.91 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxv4_0.exe.config [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [24/09/2017 04:56:44] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\System32\GfxValDisplayLog.bin [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [31 Ko] - C:\WINDOWS\System32\gl-ES [MD5.00000000000000000000000000000000] - |D| - [10/07/2015 13:04:22] - [0 Ko] - C:\WINDOWS\System32\GroupPolicy [MD5.00000000000000000000000000000000] - |D| - [10/07/2015 13:04:22] - [0 Ko] - C:\WINDOWS\System32\GroupPolicyUsers [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29 Ko] - C:\WINDOWS\System32\gu-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29 Ko] - C:\WINDOWS\System32\ha-Latn-NG [MD5.EA99A87E98D995DE6E280CF85CEAD413] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.21 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HandwritingSystemToastIcon.contrast-white.png [MD5.B8E586ED92DB703FFA480E254996160E] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.89 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HandwritingSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [327.5 Ko] - C:\WINDOWS\System32\he-IL [MD5.6E9E9D56B192B2995493E529CFF2BBFE] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.43 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadphoneSystemToastIcon.contrast-white.png [MD5.7F1E9502267F778F3A8139C35A352190] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.09 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadphoneSystemToastIcon.png [MD5.202A07E4526B050E22624328E64E0470] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.52 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadsetSystemToastIcon.contrast-white.png [MD5.1892ACC10CAC009BCAC146AD650ABA58] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.17 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadsetSystemToastIcon.png [MD5.031713BFD5F30E63336D3CA5D2767BE9] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.79 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HealthSystemToastIcon.contrast-white.png [MD5.C1BD7976C99830E33A713D02374054EC] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.62 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HealthSystemToastIcon.png [MD5.D6906D226393F94E7D8B3B2AC1E41D94] - |A| - [12/04/2018 01:34:10] - (.-.) - [247.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeatCore.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29 Ko] - C:\WINDOWS\System32\hi-IN [MD5.46E37851E6600B9D3096381116D5F603] - |A| - [08/12/2015 20:06:05] - (.© Copyright 2015 HPDC LP - Port Monitor Server DLL.) - [422.51 Ko] - (0.3.1282.16493) - C:\WINDOWS\System32\hpbprtmon.dll [MD5.8E3C8CF4E8393DE8446A240F3B226DC7] - |A| - [08/12/2015 20:06:05] - (.© Copyright 2015 HPDC LP - Port Monitor UI DLL.) - [234.01 Ko] - (0.3.1282.16493) - C:\WINDOWS\System32\hpbprtmonui.dll [MD5.921D87ABD6A8D260687175469236342C] - |A| - [08/12/2015 20:06:05] - (.© Copyright 2015 HPDC LP - Real Port Monitor DLL.) - [411.01 Ko] - (0.3.1282.16493) - C:\WINDOWS\System32\hpbrprtmon.dll [MD5.A8136A939B69FA0A0DE11D986E3A1522] - |A| - [02/12/2015 05:36:08] - (.Copyright (C) 2014 -.) - [132 Ko] - (1.3.0.1) - C:\WINDOWS\System32\HPMUIDir.exe [MD5.14352F6468E9B5DA4A27281B8B7AB3C4] - |A| - [08/12/2015 19:53:29] - (.-.) - [100.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\hsa-thunk64.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [411 Ko] - C:\WINDOWS\System32\hu-HU [MD5.E1712E7E7F912EC72EEDA318C3B25E25] - |A| - [12/04/2018 01:33:54] - (.-.) - [31 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HvSocket.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [27.5 Ko] - C:\WINDOWS\System32\hy-AM [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:20] - [160.64 Ko] - C:\WINDOWS\System32\hydrogen [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [5.36 Ko] - C:\WINDOWS\System32\ias [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [36.27 Ko] - C:\WINDOWS\System32\icsxml [MD5.CD591279F103D5E02F84ABD7ED450E57] - |RA| - [12/04/2018 01:34:12] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU I18N DLL.) - [1848 Ko] - (59.1.0.0) - C:\WINDOWS\System32\icuin.dll [MD5.4185EE055F39FD2D726A91E6A8A1A093] - |RA| - [12/04/2018 01:34:12] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Common DLL.) - [1311.5 Ko] - (59.1.0.0) - C:\WINDOWS\System32\icuuc.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\System32\id-ID [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [27 Ko] - C:\WINDOWS\System32\ig-NG [MD5.AB2D50B6F3C665B55C8E5A049D59E7CC] - |A| - [13/01/2017 16:28:14] - (.-.) - [5663.46 Ko] - (0.0.0.0) - C:\WINDOWS\System32\igdclbif.bin [MD5.F66A734B20E715C067B7B9EA15539DDB] - |A| - [13/01/2017 20:36:48] - (.Copyright (C) 2012-2015 - MDF(CM) Runtime DX11 Dynamic Link Library.) - [178.69 Ko] - (5.0.0.1148) - C:\WINDOWS\System32\igfx11cmrt64.dll [MD5.DF717D6CD91CA0E97C4129D4A79B6231] - |A| - [13/01/2017 20:37:24] - (.Copyright (C) 2010 - 2015 - MDF(CM) JIT Dynamic Link Library.) - [1553.5 Ko] - (5.0.0.1148) - C:\WINDOWS\System32\igfxcmjit64.dll [MD5.F5757FED3AF175F5CA07DD2219F119E6] - |A| - [13/01/2017 20:36:52] - (.Copyright (C) 2010 - 2015 - MDF(CM) Runtime Dynamic Link Library.) - [179.69 Ko] - (5.0.0.1148) - C:\WINDOWS\System32\igfxcmrt64.dll [MD5.79BACE0ED2A693781C8025E59E9C544E] - |A| - [13/01/2017 20:37:26] - (.-.) - [267 Ko] - (0.0.0.0) - C:\WINDOWS\System32\igfxCPL.cpl [MD5.01EF3BFB167E6464BF647F8E1CE3BE2F] - |A| - [13/01/2017 20:37:30] - (.-.) - [101 Ko] - (0.0.0.0) - C:\WINDOWS\System32\igfxCUIServicePS.dll [MD5.6B28B138CA5928ECEF100164C8F36A37] - |A| - [13/01/2017 20:37:36] - (.-.) - [82.5 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxDHLib.dll [MD5.A0283A94EC42CB348EF148F403A7B01E] - |A| - [13/01/2017 20:37:38] - (.-.) - [93 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxDHLibv2_0.dll [MD5.52CB99C4BC907EDCB88C4457640ED762] - |A| - [13/01/2017 20:37:42] - (.-.) - [28.5 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxDILib.dll [MD5.41D47DD6C98C9D4D9F8428A7A578E565] - |A| - [13/01/2017 20:37:42] - (.-.) - [28.5 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxDILibv2_0.dll [MD5.3E299C05BDA14151D1BB565F644939CB] - |A| - [13/01/2017 20:37:46] - (.-.) - [27 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxEMLib.dll [MD5.A733064A8F550D51CE0526C60CB9AC34] - |A| - [13/01/2017 20:37:48] - (.-.) - [27 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxEMLibv2_0.dll [MD5.C46961628940DEEEDC3BE26A4BA84C0C] - |A| - [13/01/2017 20:38:00] - (.-.) - [22 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxLHMLib.dll [MD5.0A489BB58E75E90BEB62E49CF04C4120] - |A| - [13/01/2017 20:38:04] - (.-.) - [22 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxLHMLibv2_0.dll [MD5.00BAE456592EA1ECC846790014527D26] - |A| - [13/01/2017 20:38:06] - (.-.) - [1002.96 Ko] - (0.0.0.0) - C:\WINDOWS\System32\igfxSDK.exe [MD5.4122CCB566E1ADC3DDF568218D55A3FD] - |A| - [13/01/2017 20:38:10] - (.-.) - [98.5 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxSDKLib.dll [MD5.DEE40DAF4FB1DC8A2FCCF984C3385A5F] - |A| - [13/01/2017 20:38:14] - (.-.) - [109 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxSDKLibv2_0.dll [MD5.D18B48BE354E4C7F6DE066A387903D2A] - |A| - [13/01/2017 20:38:16] - (.-.) - [392.46 Ko] - (0.0.0.0) - C:\WINDOWS\System32\igfxTray.exe [MD5.6C0F36ABFE80433B352FA7748ED887BF] - |A| - [13/01/2017 16:28:16] - (.-.) - [2748 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxa64.cpa [MD5.0D3AF85E1F169395885151038ADE9317] - |A| - [13/01/2017 16:28:16] - (.-.) - [1.1 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxa64.vp [MD5.A0D0A10C8DA1B00A2EE378357F72BA90] - |A| - [13/01/2017 16:28:16] - (.-.) - [39.37 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxc64.vp [MD5.7B929507BB2C2A3FBD2956EC3515364C] - |A| - [13/01/2017 16:28:16] - (.-.) - [40.33 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxc64_dev.vp [MD5.1A8302994182D4FC003A71DC6D23EE81] - |A| - [13/01/2017 16:28:16] - (.-.) - [38.73 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxg64.vp [MD5.38FA402460982FE9A071BEC11C58B0D3] - |A| - [13/01/2017 16:28:16] - (.-.) - [38.87 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxg64_dev.vp [MD5.26526A63D35D8E4E19C46F920AAF48F2] - |A| - [13/01/2017 16:28:16] - (.-.) - [39.4 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxo64.vp [MD5.9CD97189D5A5E409BBEC1B28A8AFD428] - |A| - [13/01/2017 16:28:16] - (.-.) - [39.97 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxo64_dev.vp [MD5.43B54B93E36AD6D5842C33697D5B3F47] - |A| - [13/01/2017 16:28:16] - (.-.) - [4.75 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxs64.vp [MD5.67B646C256190F118619C9D10AAE4B5C] - |A| - [12/04/2018 01:34:04] - (.-.) - [168 Ko] - (0.0.0.0) - C:\WINDOWS\System32\IHDS.dll [MD5.3ED204C864E5CC3C78D3DBB707D102D1] - |A| - [13/01/2017 16:28:16] - (.-.) - [394.21 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ImageStabilization.wmv [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [25220 Ko] - C:\WINDOWS\System32\IME [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [4841.76 Ko] - C:\WINDOWS\System32\inetsrv [MD5.BB1480586B5C174900A1051CEB2B462F] - |A| - [12/04/2018 01:34:12] - (.-.) - [480.22 Ko] - (0.0.0.0) - C:\WINDOWS\System32\InputHost.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [6671.5 Ko] - C:\WINDOWS\System32\InputMethod [MD5.8DE9AE82152650C178BF1E24014E8503] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.25 Ko] - (0.0.0.0) - C:\WINDOWS\System32\InputSystemToastIcon.contrast-white.png [MD5.0B9FBD6F3ED617CD36D042D3422F1C2B] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\InputSystemToastIcon.png [MD5.A292AF75496FA416B9AE72DD1BA2DB69] - |A| - [13/01/2017 20:38:20] - (.Copyright (C) 2015 - IntelCpHDCPSvc Executable.) - [437.96 Ko] - (1.0.0.1) - C:\WINDOWS\System32\IntelCpHDCPSvc.exe [MD5.85F2C81B7255EA73439D2E30C9A46A0A] - |A| - [13/01/2017 20:38:58] - (.Copyright © The Khronos Group Inc 2014 - OpenCL Client DLL.) - [97.5 Ko] - (2.0.2.0) - C:\WINDOWS\System32\Intel_OpenCL_ICD64.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\System32\Ipmi [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29 Ko] - C:\WINDOWS\System32\is-IS [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [432.5 Ko] - C:\WINDOWS\System32\it-IT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [319.56 Ko] - C:\WINDOWS\System32\ja-jp [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\System32\ka-GE [MD5.FC4555CE754EA1BF4D3A7B9B09FF6378] - |A| - [08/12/2015 19:53:29] - (.-.) - [46.55 Ko] - (0.0.0.0) - C:\WINDOWS\System32\kapp_ci.sbin [MD5.AC174CB728E8C766670FDF606144D73A] - |A| - [08/12/2015 19:53:29] - (.-.) - [42.39 Ko] - (0.0.0.0) - C:\WINDOWS\System32\kapp_si.sbin [MD5.23AC7515B6D8A794BCC01B582F044078] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.82 Ko] - (0.0.0.0) - C:\WINDOWS\System32\KeyboardSystemToastIcon.contrast-white.png [MD5.3DF873E16CCEA9B42857FB5FA085CB00] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\KeyboardSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\System32\kk-KZ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28 Ko] - C:\WINDOWS\System32\km-KH [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [31.5 Ko] - C:\WINDOWS\System32\kn-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [297 Ko] - C:\WINDOWS\System32\ko-KR [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29 Ko] - C:\WINDOWS\System32\kok-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\System32\ku-Arab-IQ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\System32\ky-KG [MD5.F0CC83E1BA7E24F9B3292160C28AECD7] - |A| - [12/04/2018 01:34:04] - (.-.) - [145.56 Ko] - (0.0.0.0) - C:\WINDOWS\System32\LargeRoom.bin [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [33 Ko] - C:\WINDOWS\System32\lb-LU [MD5.C15D2C94E3C94CEFE8DE6A9D36C35FD1] - |A| - [13/10/2016 22:55:18] - (.(C) 1991-2012 Logitech. - LDA Component Extensions (UNICODE).) - [2410.45 Ko] - (1.10.77.0) - C:\WINDOWS\System32\LdaCx2.dll [MD5.4F5120E44845A78D5920D2F0BDE0340F] - |A| - [12/04/2018 18:22:53] - (.-.) - [1953 Ko] - (2.6.4.0) - C:\WINDOWS\System32\libcrypto.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [559.86 Ko] - C:\WINDOWS\System32\Licenses [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [27 Ko] - C:\WINDOWS\System32\lo-LA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [20183.71 Ko] - C:\WINDOWS\System32\LogFiles [MD5.1F1E9FBB7FE7A39A84A061F6EF7003B4] - |A| - [13/10/2016 22:55:24] - (.Copyright © 2010-2012 Logitech. All Rights Reserved - Logitech Download Assistant.) - [3850.45 Ko] - (1.10.77.0) - C:\WINDOWS\System32\LogiLDA.DLL [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [333 Ko] - C:\WINDOWS\System32\lt-LT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [331.5 Ko] - C:\WINDOWS\System32\lv-LV [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [30036.57 Ko] - C:\WINDOWS\System32\Macromed [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32.68 Ko] - C:\WINDOWS\System32\MailContactsCalendarSync [MD5.9F46840758431946CA096F8096B016B4] - |A| - [13/06/2018 00:50:04] - (.-.) - [790 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MBR2GPT.EXE [MD5.F23EB28468FC8B62AF941308EC30387F] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.25 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediaSystemToastIcon.contrast-white.png [MD5.6E27512E38D598E0A60F8E5ADCF032CD] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.83 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediaSystemToastIcon.png [MD5.69D04DE701CF1E8CE69C65D1671D2B3F] - |A| - [12/04/2018 01:34:04] - (.-.) - [107.46 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediumRoom.bin [MD5.D225B2044789A6059344503C1AE33347] - |A| - [12/04/2018 01:34:29] - (.-.) - [3.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\mmc.exe.config [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30.5 Ko] - C:\WINDOWS\System32\mn-MN [MD5.B43E43FFFDD0F06A6925C7C89594042B] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.35 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MouseSystemToastIcon.contrast-white.png [MD5.5D2F0D3E50BF1129D260AC1405FF2A18] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.06 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MouseSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\System32\mr-IN [MD5.00000000000000000000000000000000] - |D| - [07/10/2016 16:06:35] - [0 Ko] - C:\WINDOWS\System32\MRT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\System32\ms-MY [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [45.5 Ko] - C:\WINDOWS\System32\MSDRM [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [4308.28 Ko] - C:\WINDOWS\System32\MsDtc [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [31 Ko] - C:\WINDOWS\System32\mt-MT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [19.15 Ko] - C:\WINDOWS\System32\MUI [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [34.35 Ko] - C:\WINDOWS\System32\my-mm [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [393.5 Ko] - C:\WINDOWS\System32\nb-NO [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [768 Ko] - C:\WINDOWS\System32\NDF [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [31.5 Ko] - C:\WINDOWS\System32\ne-NP [MD5.DDB097426896CC63B0EDA9E4DC64B120] - |A| - [24/09/2017 04:53:19] - (.-.) - [138.09 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NetSetupMig.log [MD5.C146E873B22C3B300B21A859FE66C27A] - |A| - [12/04/2018 01:34:39] - (.-.) - [21.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NetTrace.PLA.Diagnostics.xml [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [51 Ko] - C:\WINDOWS\System32\networklist [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [422.5 Ko] - C:\WINDOWS\System32\nl-NL [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\System32\nn-NO [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30.5 Ko] - C:\WINDOWS\System32\nso-ZA [MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 01:38:21] - [3781.5 Ko] - C:\WINDOWS\System32\Nui [MD5.1F8E72D18D9DF680D0E0E5AA10ECA760] - |A| - [12/04/2018 01:38:28] - (.-.) - [16.94 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OEMDefaultAssociations.xml [MD5.F3DC097E834C1A11F2BEDFD429C644A9] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.41 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.contrast-black.png [MD5.BFE1CCA08FEFC8A3422F7DA615567D75] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.43 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.contrast-white.png [MD5.F3DC097E834C1A11F2BEDFD429C644A9] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.41 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [22731.88 Ko] - C:\WINDOWS\System32\oobe [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:54] - [3834.5 Ko] - C:\WINDOWS\System32\OpenSSH [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32.5 Ko] - C:\WINDOWS\System32\or-IN [MD5.459FB33AA2114A28C5932FEAA115B072] - |A| - [12/04/2018 01:34:04] - (.-.) - [45.82 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OutdoorAudioEnvironment.bin [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\System32\pa-Arab-PK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\System32\pa-IN [MD5.899A5BF1669610CDB78D322AC8D9358B] - |A| - [10/12/2017 00:05:22] - (.Copyright © 2010-2013 Riverbed Technology, Inc. Copyright © 2005-2010 CACE Technologies. Copyright © 1999-2005 NetGroup, Politecnico di Torino. - packet.dll (Vista) Dynamic Link Library.) - [105.24 Ko] - (4.1.0.2980) - C:\WINDOWS\System32\Packet.dll [MD5.874B0871DA3EC061D1BF30423C1E165B] - |A| - [12/04/2018 01:34:43] - (.-.) - [48.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PerceptionSimulationInput.exe [MD5.2413728C224F49E5696DBC014A98D45B] - |A| - [12/04/2018 01:40:29] - (.-.) - [155.82 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc009.dat [MD5.42FCA8E73E40BFAFC4BA0F03D9F7CBAA] - |A| - [12/04/2018 18:18:42] - (.-.) - [178.77 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc00C.dat [MD5.1E60BC5E525063B96078DF17FBD3C4E1] - |A| - [12/04/2018 01:40:29] - (.-.) - [32.64 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd009.dat [MD5.9F9AF8517189B0D61B2615007E071084] - |A| - [12/04/2018 18:18:42] - (.-.) - [39.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd00C.dat [MD5.61E2FB918AD62A44053AA38F96370BAE] - |A| - [12/04/2018 01:40:29] - (.-.) - [749.01 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh009.dat [MD5.9DAE95513A291A8309969E364A8E9A31] - |A| - [12/04/2018 18:18:42] - (.-.) - [847.12 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh00C.dat [MD5.882A4E15C273AC8CCEFA27440CDE1AC6] - |A| - [06/06/2018 05:18:36] - (.-.) - [1924.88 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PerfStringBackup.INI [MD5.79D34E3B62076D4C875C748F5BE71ECA] - |A| - [12/04/2018 01:34:02] - (.-.) - [2.21 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PhoneSystemToastIcon.contrast-white.png [MD5.4D9495349D00D9AD907F227FF51F289F] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.92 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PhoneSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [420 Ko] - C:\WINDOWS\System32\pl-PL [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [682 Ko] - C:\WINDOWS\System32\PointOfService [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:18:39] - [420.74 Ko] - C:\WINDOWS\System32\Printing_Admin_Scripts [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\System32\ProximityToast [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30.5 Ko] - C:\WINDOWS\System32\prs-AF [MD5.007893E8374C766471239EB291BA8C17] - |A| - [12/04/2018 01:34:40] - (.-.) - [4.05 Ko] - (0.0.0.0) - C:\WINDOWS\System32\psmodulediscoveryprovider.mof [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [422 Ko] - C:\WINDOWS\System32\pt-BR [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [417.5 Ko] - C:\WINDOWS\System32\pt-PT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32.5 Ko] - C:\WINDOWS\System32\quc-Latn-GT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30.5 Ko] - C:\WINDOWS\System32\quz-PE [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [23.75 Ko] - C:\WINDOWS\System32\ras [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\System32\RasToast [MD5.5BBEA6A833CAE2CAB5E400D757998BBF] - |A| - [05/06/2018 15:22:43] - (.-.) - [1907.5 Ko] - (1.0.1802.7001) - C:\WINDOWS\System32\rdpnano.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [522032.6 Ko] - C:\WINDOWS\System32\Recovery [MD5.826549DF7B1333179BA8CA939B12DAD3] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RemoteSystemToastIcon.contrast-white.png [MD5.B4DEEC96F9DF6961D5DE054F11BF9C2B] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.1 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RemoteSystemToastIcon.png [MD5.93915F385A4EED6C0FBEE364EA90CE56] - |A| - [12/04/2018 01:34:43] - (.-.) - [9.09 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriHMImageList [MD5.39A2449AFF6ABAD80B97EA7C7CEB3F8E] - |A| - [12/04/2018 01:34:43] - (.-.) - [8.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriImageList [MD5.831C579709F4761E4AB7053FCF4176EC] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.contrast-black.png [MD5.DF286186041C6BF73C5DC21CEEEFFED5] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.77 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.contrast-white.png [MD5.831C579709F4761E4AB7053FCF4176EC] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0.07 Ko] - C:\WINDOWS\System32\restore [MD5.1DCF7127C66E778695DC6B4FBEA2CBAE] - |A| - [08/12/2015 20:01:36] - (.-.) - [16.05 Ko] - (0.0.0.0) - C:\WINDOWS\System32\results.xml [MD5.D38E08B0111536E0F6C78063C577CB8E] - |A| - [08/12/2015 19:46:26] - (.© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DAA Control Panel x64.) - [314.18 Ko] - (6.0.6001.18) - C:\WINDOWS\System32\RP3DAA64.dll [MD5.7BF10580FFAC53CDAA7F472F3B5C42C2] - |A| - [08/12/2015 19:46:27] - (.© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DHT Control Panel x64.) - [314.18 Ko] - (6.0.6001.18) - C:\WINDOWS\System32\RP3DHT64.dll [MD5.EABD549516BF670A684743EEE6A1ADA9] - |A| - [08/12/2015 19:56:44] - (.Copyright (C) 2014 - RtCRX.) - [81.21 Ko] - (1.11.9600.0) - C:\WINDOWS\System32\RtCRX64.dll [MD5.3267EF15FA163DD24D30246A1D8E8347] - |A| - [08/12/2015 19:46:31] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 COM DLL x64.) - [211.29 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEED64A.dll [MD5.80179CE11F100CB11218A1E92C5CF555] - |A| - [08/12/2015 19:46:31] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 GFX APO x64.) - [86.28 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEEG64A.dll [MD5.3125513C6051E1294278C8757E6CC402] - |A| - [08/12/2015 19:46:31] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 LFX APO x64.) - [108.39 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEEL64A.dll [MD5.E4C131FEA9692653586677874AFB6B87] - |A| - [08/12/2015 19:46:31] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 Control Panel x64.) - [379.73 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEEP64A.dll [MD5.0F0CE558A9D992E8E0336E6ACB3FAF85] - |A| - [12/04/2018 01:34:04] - (.-.) - [51.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\runexehelper.exe [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\System32\rw-RW [MD5.534611F1C8EAA4FF960EB0043EA03B04] - |A| - [08/12/2015 19:53:29] - (.-.) - [136.95 Ko] - (0.0.0.0) - C:\WINDOWS\System32\samu_krnl_ci.sbin [MD5.A769B352B827590EA4CCAC16E6269E33] - |A| - [08/12/2015 19:53:29] - (.-.) - [135.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\samu_krnl_isv_ci.sbin [MD5.5C18CD22BE4628865FCB63337A6E5EF6] - |A| - [12/04/2018 01:35:22] - (.-.) - [10.18 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScavengeSpace.xml [MD5.2F24BC74DCB28FE032C1596755385917] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.contrast-black.png [MD5.E72B1B6800DE45AA9AE7E10F899E5999] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.54 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.contrast-white.png [MD5.2F24BC74DCB28FE032C1596755385917] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\System32\sd-Arab-PK [MD5.C7DBD12C17A53F10E791769025953B34] - |A| - [18/06/2018 23:59:46] - (.Copyright © 2008-2018 Safer-Networking Limited. -.) - [31.41 Ko] - (2.7.64.1001) - C:\WINDOWS\System32\sdnclean64.exe [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [6.92 Ko] - C:\WINDOWS\System32\SecureBootUpdates [MD5.5E5445D0A23626EF004479D4370DF13C] - |A| - [11/10/2016 23:37:56] - (.© Copyright 2015 HP Development Company, L.P. - HP Service.) - [37.82 Ko] - (6.0.19.1) - C:\WINDOWS\System32\SETEFCE.tmp [MD5.CE518417EB33F7A1B7588659F3E66E8A] - |A| - [11/10/2016 23:37:52] - (.© Copyright 2015 HP Development Company, L.P. - HP Mobile Data Protection User Mode DLL.) - [52 Ko] - (6.0.19.1) - C:\WINDOWS\System32\SETF175.tmp [MD5.A8308D2F3DDE0745E8B678BF69A2ECD0] - |A| - [12/04/2018 01:34:39] - (.-.) - [8 Ko] - (0.0.0.0) - C:\WINDOWS\System32\settings.dat [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [2246 Ko] - C:\WINDOWS\System32\ShellExperiences [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [53.2 Ko] - C:\WINDOWS\System32\si-lk [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [339 Ko] - C:\WINDOWS\System32\sk-SK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [335.5 Ko] - C:\WINDOWS\System32\sl-SI [MD5.0242A9AD4A538C215074C141266F15EA] - |A| - [08/12/2015 19:46:39] - (.Copyright (C) 2013 DTS, Inc. - DTS Studio Sound.) - [938.5 Ko] - (3.1.38.0) - C:\WINDOWS\System32\sl3apo64.dll [MD5.69498901AD5B855240B597DC712B3861] - |A| - [08/12/2015 19:46:39] - (.Copyright (C) 2011 SRS Labs, Inc. - SRS Labs.) - [1097.82 Ko] - (3.1.38.0) - C:\WINDOWS\System32\slcnt64.dll [MD5.00000000000000000000000000000000] - |D| - [06/06/2018 05:12:14] - [14033.47 Ko] - C:\WINDOWS\System32\SleepStudy [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:18:39] - [52.14 Ko] - C:\WINDOWS\System32\slmgr [MD5.E2391FB60D98B573EA028E312EC771FB] - |A| - [08/12/2015 19:46:40] - (.TODO: (c) . - TODO: .) - [253.21 Ko] - (1.0.0.1) - C:\WINDOWS\System32\slprp64.dll [MD5.8DD49D75B337D9668DEB48CB0B2CDF09] - |A| - [08/12/2015 19:46:40] - (.Copyright (C) 2013 DTS, Inc. - DTS Studio Sound.) - [733.69 Ko] - (3.1.38.0) - C:\WINDOWS\System32\sltech64.dll [MD5.DAC275ABAAD2B689D7BB3685E4032072] - |A| - [12/04/2018 01:34:04] - (.-.) - [68.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SmallRoom.bin [MD5.00000000000000000000000000000000] - |D| - [11/04/2018 23:04:33] - [13377.02 Ko] - C:\WINDOWS\System32\SMI [MD5.55121989BE7B289813D419BA0FDEE8B7] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.contrast-black.png [MD5.E30B7D226E7B5B0EC2B9FC2316694ECC] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.88 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.contrast-white.png [MD5.55121989BE7B289813D419BA0FDEE8B7] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.png [MD5.DE3EAAF17BC934C77C4FC0C626EEA03B] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.48 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SpeakersSystemToastIcon.contrast-white.png [MD5.3308374DB8D20CFDA4D4204E2B5E559E] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.88 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SpeakersSystemToastIcon.png [MD5.3C238A27DD48D63F21CBB8AE6E4210BD] - |A| - [12/04/2018 01:34:41] - (.-.) - [37 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SpectrumSyncClient.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [7505.4 Ko] - C:\WINDOWS\System32\Speech [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [12220.67 Ko] - C:\WINDOWS\System32\Speech_OneCore [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [182765.43 Ko] - C:\WINDOWS\System32\spool [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [8838.09 Ko] - C:\WINDOWS\System32\spp [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [23.61 Ko] - C:\WINDOWS\System32\sppui [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30.5 Ko] - C:\WINDOWS\System32\sq-AL [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\System32\sr-Cyrl-BA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\System32\sr-Cyrl-RS [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [0 Ko] - C:\WINDOWS\System32\sr-Latn-CS [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [337 Ko] - C:\WINDOWS\System32\sr-Latn-RS [MD5.38799717176E346B59BFC3DA3B75ADA8] - |A| - [08/12/2015 19:46:41] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRAPO.DLL.) - [457.7 Ko] - (4.0.0.59) - C:\WINDOWS\System32\SRAPO64.dll [MD5.60E7C264DF5C1CBEAD754DD5AA7F6838] - |A| - [08/12/2015 19:46:41] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRCOM.DLL.) - [333.16 Ko] - (4.0.0.59) - C:\WINDOWS\System32\SRCOM.dll [MD5.6FB6F057182FA34CE7EC0FA307386CFB] - |A| - [08/12/2015 19:46:41] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRCOM.DLL.) - [373.96 Ko] - (4.0.0.59) - C:\WINDOWS\System32\SRCOM64.dll [MD5.2E00E08420875FAE0B173C6A34C2A575] - |A| - [05/06/2018 15:25:10] - (.-.) - [18.28 Ko] - (0.0.0.0) - C:\WINDOWS\System32\srms-apr.dat [MD5.7E1751B71990C70D1AC08BD7983E6594] - |A| - [12/04/2018 01:34:35] - (.-.) - [56.94 Ko] - (0.0.0.0) - C:\WINDOWS\System32\srms.dat [MD5.3192FD557AE09862849DAF37AD816C88] - |A| - [08/12/2015 19:46:41] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRRPTR.DLL.) - [1401.52 Ko] - (4.0.0.59) - C:\WINDOWS\System32\SRRPTR64.dll [MD5.00000000000000000000000000000000] - |D| - [24/09/2017 04:57:36] - [2272.23 Ko] - C:\WINDOWS\System32\SRSLabs [MD5.AE4F4BFF5856572A383066226619950B] - |A| - [08/12/2015 19:46:42] - (.Copyright 2002 SRS Labs, Inc. - TruSurroundXT Module.) - [519.91 Ko] - (3.2.0.0) - C:\WINDOWS\System32\SRSTSX64.dll [MD5.983FBBFBA1E6F6E58EB2DF2C95386BD0] - |A| - [08/12/2015 19:46:42] - (.(c) 2006 SRS Labs, Inc. - WOW HD COM object for Windows.) - [162.31 Ko] - (1.1.3.0) - C:\WINDOWS\System32\SRSWOW64.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [82648 Ko] - C:\WINDOWS\System32\sru [MD5.8A02EF186BDC952CA75EFA689EC4F275] - |A| - [12/04/2018 01:34:04] - (.-.) - [434 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ssdm.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [401.5 Ko] - C:\WINDOWS\System32\sv-SE [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29 Ko] - C:\WINDOWS\System32\sw-KE [MD5.CA146D554527E03EE97CB539DD19D848] - |A| - [18/08/2017 02:23:50] - (.Copyright (C) Synaptics Incorporated 1996-2017 - SynCOM.) - [796.59 Ko] - (19.3.31.31) - C:\WINDOWS\System32\SynCOM.dll [MD5.4B6E766A42B94C14D7A6EB091679D73D] - |A| - [18/08/2017 02:23:52] - (.Copyright (C) Synaptics Incorporated 1996-2017 - SynTPAPI.) - [282.59 Ko] - (19.3.31.31) - C:\WINDOWS\System32\SynTPAPI.dll [MD5.4CD9468F7C3F936DA8078EB54F3D5ADF] - |A| - [28/07/2015 06:29:26] - (.Copyright (C) Synaptics Incorporated 1996-2015 - Synaptics Pointing Device Driver Co-Installer.) - [242.66 Ko] - (19.0.12.97) - C:\WINDOWS\System32\SynTPCo31-1.dll [MD5.39BB5755AF40C45A89CD021AFA50B91B] - |A| - [07/10/2016 01:29:17] - (.Copyright (C) Synaptics Incorporated 1996-2015 - Synaptics Pointing Device Driver Co-Installer.) - [289.62 Ko] - (19.2.4.0) - C:\WINDOWS\System32\SynTPCo41.dll [MD5.A26472F6B435386B807525434F775902] - |A| - [27/12/2016 03:38:32] - (.Copyright (C) Synaptics Incorporated 1996-2016 - Synaptics Pointing Device Driver Co-Installer.) - [339.09 Ko] - (19.3.11.45) - C:\WINDOWS\System32\SynTPCo54.dll [MD5.A52459D3D0D67115C4B770F8FAA261CB] - |A| - [18/08/2017 02:23:52] - (.Copyright (C) Synaptics Incorporated 1996-2017 - Synaptics Pointing Device Driver Co-Installer.) - [342.59 Ko] - (19.3.31.31) - C:\WINDOWS\System32\SynTPCo59.dll [MD5.00000000000000000000000000000000] - |D| - [11/04/2018 23:04:37] - [1403.61 Ko] - C:\WINDOWS\System32\Sysprep [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [923.28 Ko] - C:\WINDOWS\System32\SystemResetPlatform [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [44.73 Ko] - C:\WINDOWS\System32\ta-in [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [10.73 Ko] - C:\WINDOWS\System32\ta-lk [MD5.9CD66B93520B6DD13C71EAEF487D7899] - |A| - [12/04/2018 01:34:16] - (.Copyright (c) libarchive authors - bsdtar archive tool.) - [49 Ko] - (3.3.2.0) - C:\WINDOWS\System32\tar.exe [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [692.74 Ko] - C:\WINDOWS\System32\Tasks [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [682.17 Ko] - C:\WINDOWS\System32\Tasks_Migrated [MD5.1C72A12766A5EE7B09DEFBEDE5C9DE4A] - |A| - [13/06/2018 00:49:49] - (.-.) - [1.28 Ko] - (0.0.0.0) - C:\WINDOWS\System32\tcbres.wim [MD5.D602CA245CC6774A0981B607F0675609] - |A| - [12/04/2018 01:34:33] - (.-.) - [58.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\tcpmon.ini [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\System32\te-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32 Ko] - C:\WINDOWS\System32\tg-Cyrl-TJ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [308.5 Ko] - C:\WINDOWS\System32\th-TH [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [22.5 Ko] - C:\WINDOWS\System32\ti-ET [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [27.5 Ko] - C:\WINDOWS\System32\tk-TM [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32.5 Ko] - C:\WINDOWS\System32\tn-ZA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [392.5 Ko] - C:\WINDOWS\System32\tr-TR [MD5.B88B8D017386A00D7724519F475317A0] - |A| - [12/04/2018 01:34:44] - (.-.) - [10.33 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlan.xslt [MD5.2F05390B798363D51EBE65D6320CD45E] - |A| - [12/04/2018 01:34:44] - (.-.) - [1.65 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlanCredentials.xslt [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\System32\tt-RU [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28 Ko] - C:\WINDOWS\System32\ug-CN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [334.5 Ko] - C:\WINDOWS\System32\uk-UA [MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 01:38:21] - [2716.9 Ko] - C:\WINDOWS\System32\UNP [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\System32\ur-PK [MD5.5B0D59652F66ABB715DC53C312B26BD0] - |A| - [12/04/2018 01:34:14] - (.-.) - [37 Ko] - (0.0.0.0) - C:\WINDOWS\System32\UsbPmApi.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32 Ko] - C:\WINDOWS\System32\uz-Latn-UZ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [31.5 Ko] - C:\WINDOWS\System32\vi-VN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [89482.46 Ko] - C:\WINDOWS\System32\wbem [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:18:39] - [0 Ko] - C:\WINDOWS\System32\WCN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [97949.11 Ko] - C:\WINDOWS\System32\WDI [MD5.6EDD021A8B6457DDE09DE7B7FA4E8C8B] - |A| - [12/04/2018 01:34:19] - (.-.) - [0.6 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WdsUnattendTemplate.xml [MD5.00000000000000000000000000000000] - |D| - [10/07/2015 13:04:22] - [0 Ko] - C:\WINDOWS\System32\wfp [MD5.BE24D8A2B65D06AD632B2DD734B6B244] - |A| - [02/12/2015 05:58:38] - (.-.) - [15.77 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WIN-2NAT5TTM887_Administrator_HistoryPrediction.bin [MD5.42EFB26460CE82D0263CF033FA667DE4] - |A| - [08/12/2015 19:36:12] - (.-.) - [15.77 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WIN-JEABITAN89Q_Administrator_HistoryPrediction.bin [MD5.C153BF527BD0485095657CE1CE329A72] - |A| - [08/12/2015 21:28:56] - (.-.) - [15.77 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WIN-KRD8HFN3PAR_Administrator_HistoryPrediction.bin [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [1.12 Ko] - C:\WINDOWS\System32\WinBioDatabase [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [44134.61 Ko] - C:\WINDOWS\System32\WinBioPlugIns [MD5.9FB33FC28587B322B6563F73A8F0CBBD] - |A| - [12/04/2018 01:34:10] - (.-.) - [123 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WindowsDefaultHeatProcessor.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [9741.73 Ko] - C:\WINDOWS\System32\WindowsPowerShell [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [93236 Ko] - C:\WINDOWS\System32\winevt [MD5.A22ABA17A7CDB323C4336DD01CA38DF6] - |A| - [16/07/2015 08:11:31] - (.-.) - [15.77 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WINHEWL-FG8KVR8_Administrator_HistoryPrediction.bin [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [5569.42 Ko] - C:\WINDOWS\System32\WinMetadata [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:18:39] - [107.53 Ko] - C:\WINDOWS\System32\winrm [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [27.5 Ko] - C:\WINDOWS\System32\wo-SN [MD5.A672F1CF00FA5AC3F4F59577F77D8C86] - |A| - [10/12/2017 00:05:22] - (.Copyright © 2010-2013 Riverbed Technology, Inc. Copyright © 2005-2010 CACE Technologies. Copyright © 1999-2005 NetGroup, Politecnico di Torino. - wpcap.dll Dynamic Link Library - based on libpcap 1.0rel0b branch (20091008).) - [361.74 Ko] - (4.1.0.2980) - C:\WINDOWS\System32\wpcap.dll [MD5.C30C621748C66CE751B19B2788559A3E] - |A| - [12/04/2018 01:34:42] - (.-.) - [4.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpcmon.png [MD5.A853BF78DA5ED707FC4430FBEA74CC15] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpr.config.xml [MD5.DE198ABE13B6E663E60E006E17CF68B1] - |A| - [12/04/2018 01:34:06] - (.-.) - [79.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\xboxgipsynthetic.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\System32\xh-ZA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29 Ko] - C:\WINDOWS\System32\yo-NG [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [286.99 Ko] - C:\WINDOWS\System32\zh-CN [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [3 Ko] - C:\WINDOWS\System32\zh-HK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [251.5 Ko] - C:\WINDOWS\System32\zh-TW [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\System32\zu-ZA [MD5.5C5A797761421CF9B72087F3BC8A5259] - |A| - [24/09/2017 04:56:54] - (.-.) - [0.18 Ko] - (0.0.0.0) - C:\WINDOWS\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat [MD5.1373F6562D5E4C715D5D3583E350093E] - |A| - [24/09/2017 04:56:54] - (.-.) - [0.2 Ko] - (0.0.0.0) - C:\WINDOWS\System32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:18:39] - [0 Ko] - C:\WINDOWS\SysWOW64\0409 [MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [12/04/2018 01:34:49] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@AudioToastIcon.png [MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [12/04/2018 01:34:48] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@EnrollmentToastIcon.png [MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [12/04/2018 01:34:59] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@VpnToastIcon.png [MD5.DB71001FC261F6685BE410527DAE3942] - |A| - [12/04/2018 01:34:49] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@WirelessDisplayToast.png [MD5.00000000000000000000000000000000] - |AD| - [02/12/2015 05:36:33] - [42996.12 Ko] - C:\WINDOWS\SysWOW64\Adobe [MD5.00000000000000000000000000000000] - |D| - [11/04/2018 23:04:41] - [1900.9 Ko] - C:\WINDOWS\SysWOW64\AdvancedInstallers [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\SysWOW64\af-ZA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [22 Ko] - C:\WINDOWS\SysWOW64\am-ET [MD5.C79CA499BA8BB55E54F9705DCE52E6D1] - |A| - [08/12/2015 19:53:19] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon AMD AVE Driver Component.) - [98.21 Ko] - (8.4.6.0) - C:\WINDOWS\SysWOW64\amdave32.dll [MD5.DCCD6D33C90518A03FA62B98F0CB23DF] - |A| - [08/12/2015 19:53:19] - (.-.) - [185.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\amdgfxinfo32.dll [MD5.4A694F8A071A36F77A3656CA1F59734F] - |A| - [08/12/2015 19:53:19] - (.Copyright (C) 2013 - Universal Adapter for Adobe.) - [125.38 Ko] - (1.0.0.1) - C:\WINDOWS\SysWOW64\amdhcp32.dll [MD5.633CC38EB5E55E042D7811A13685C8D1] - |A| - [08/12/2015 19:53:19] - (.-.) - [120.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\amdhdl32.dll [MD5.B3CC6BA5BC2B0464CECC14E85C88E762] - |A| - [08/12/2015 19:53:19] - (.Copyright (c) 2013 Advanced Micro Devices, Inc. - Radeon MMOCL Universal Driver.) - [38.5 Ko] - (1.6.0.0) - C:\WINDOWS\SysWOW64\amdmmcl.dll [MD5.4BE0774C7786FBAE55E2F5D2664C59B6] - |A| - [08/12/2015 19:53:19] - (.Copyright (C) 2011 Advanced Micro Devices Inc. - AMD Accelerated Parallel Processing OpenCL 2.0 Runtime.) - [38784.5 Ko] - (10.0.1800.7) - C:\WINDOWS\SysWOW64\amdocl.dll [MD5.9AC551C37A477239553F571FBA05C33F] - |A| - [08/12/2015 19:53:19] - (.Copyright (C) 2011 Advanced Micro Devices Inc. - AMD COMPILER OpenCL 1.1 Compiler.) - [21795.5 Ko] - (0.8.0.0) - C:\WINDOWS\SysWOW64\amdocl12cl.dll [MD5.56B986D13C74903FE27B71BA85C76037] - |A| - [08/12/2015 19:53:22] - (.-.) - [972.01 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\amdocl_as32.exe [MD5.28F4F5BAC73505F71B8AEC95B7FBE1DD] - |A| - [08/12/2015 19:53:22] - (.-.) - [780.01 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\amdocl_ld32.exe [MD5.48C45AF9BFE39217A50E3AB721A86039] - |A| - [08/12/2015 19:53:23] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon PCOM Universal Driver.) - [70.02 Ko] - (8.14.10.23) - C:\WINDOWS\SysWOW64\amdpcom32.dll [MD5.B2FE8305EE071E01A713F079609FD75B] - |A| - [08/12/2015 19:53:23] - (.Copyright (C) 2014-2015 AMD Inc. - amdxc32.dll.) - [7325 Ko] - (8.18.10.40) - C:\WINDOWS\SysWOW64\amdxc32.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\AppLocker [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [326.5 Ko] - C:\WINDOWS\SysWOW64\ar-SA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30.5 Ko] - C:\WINDOWS\SysWOW64\as-IN [MD5.9AE83C567468C5373831520B148B544B] - |A| - [08/12/2015 19:53:24] - (.Copyright (C) 2008-2014 Advanced Micro Devices, Inc. - ADL.) - [905 Ko] - (7.15.20.1301) - C:\WINDOWS\SysWOW64\atiadlxx.dll [MD5.9AE83C567468C5373831520B148B544B] - |A| - [08/12/2015 19:53:24] - (.Copyright (C) 2008-2014 Advanced Micro Devices, Inc. - ADL.) - [905 Ko] - (7.15.20.1301) - C:\WINDOWS\SysWOW64\atiadlxy.dll [MD5.D303D90C05B52F874357AD47ADFF13E1] - |A| - [08/12/2015 19:53:24] - (.-.) - [645.42 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\atiapfxx.blb [MD5.9F81225B4179F88ABDCAB9F395B3B1FB] - |A| - [08/12/2015 19:53:24] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL compiler runtime.) - [48 Ko] - (6.14.10.1848) - C:\WINDOWS\SysWOW64\aticalcl.dll [MD5.00E0C2B4BD65687F68B3DBC1EDCB4B9D] - |A| - [08/12/2015 19:53:24] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL DD.) - [13967 Ko] - (6.14.10.1848) - C:\WINDOWS\SysWOW64\aticaldd.dll [MD5.BA1C4D058C70050852F3C3264EEFE6DD] - |A| - [08/12/2015 19:53:25] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL runtime.) - [51 Ko] - (6.14.10.1848) - C:\WINDOWS\SysWOW64\aticalrt.dll [MD5.D012F8B9F4718112A7E3E0A7A3030A1D] - |A| - [08/12/2015 19:53:25] - (.Copyright (C) 1998-2012 AMD Inc. - aticfx32.dll.) - [1164.4 Ko] - (8.17.10.1401) - C:\WINDOWS\SysWOW64\aticfx32.dll [MD5.2D4E22A4E2B8D678E92B20C8E3AD7704] - |A| - [08/12/2015 19:53:25] - (.Copyright (C) 1998-2011 AMD Inc. - atidxx32.dll.) - [9854.57 Ko] - (8.17.10.625) - C:\WINDOWS\SysWOW64\atidxx32.dll [MD5.FCC23CB40DC5CBF271CCDE2759666D39] - |A| - [08/12/2015 19:53:26] - (.-.) - [140.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\atieah32.exe [MD5.2ACBE8E1575809EEC600C5AB0D979241] - |A| - [08/12/2015 19:53:26] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atigktxx.dll.) - [138.5 Ko] - (8.14.1.6463) - C:\WINDOWS\SysWOW64\atigktxx.dll [MD5.E924E0A50514739BCB6CCD1DA3596EFB] - |A| - [08/12/2015 19:53:26] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiglpxx.dll.) - [68 Ko] - (8.14.1.6463) - C:\WINDOWS\SysWOW64\atiglpxx.dll [MD5.00AF8195D4EDBA34E531B7F1E907E277] - |A| - [08/12/2015 19:53:26] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon PCOM Universal Driver.) - [70.02 Ko] - (8.14.10.23) - C:\WINDOWS\SysWOW64\atimpc32.dll [MD5.E8668E782335A2F0F26B9BB1BC99FF70] - |A| - [08/12/2015 19:53:27] - (.Copyright (C) 1998-2011 Advanced Micro Devices, Inc. - AMD OpenGL driver.) - [24705 Ko] - (6.14.10.13397) - C:\WINDOWS\SysWOW64\atioglxx.dll [MD5.64A0869F18560CD529120ADE00155C3E] - |A| - [08/12/2015 19:54:21] - (.-.) - [3.83 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\atipblup.dat [MD5.C9B88EF2CF9796049B50D460B0EE1E2F] - |A| - [08/12/2015 19:53:27] - (.Copyright (c) 2010 Advanced Micro Devices, Inc. - Radeon spu api dll.) - [79 Ko] - (7.1.0.1) - C:\WINDOWS\SysWOW64\atisamu32.dll [MD5.EBF56F86EBF4F332B5A6F8A0C94D6A28] - |A| - [08/12/2015 19:53:27] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiu9pag.dll.) - [100.21 Ko] - (8.14.1.6463) - C:\WINDOWS\SysWOW64\atiu9pag.dll [MD5.BD5ECF6041B582DF0215B0F813A65EBF] - |A| - [08/12/2015 19:53:28] - (.Copyright (C) 1998-2011 AMD Inc. - atiumdag.dll.) - [7235.29 Ko] - (9.14.10.1128) - C:\WINDOWS\SysWOW64\atiumdag.dll [MD5.D7F122E9016BC22AF70558628453B8EF] - |A| - [08/12/2015 19:53:28] - (.-.) - [3390.02 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\atiumdva.cap [MD5.241252DB505AE41BEA0B7D2A2A9477FB] - |A| - [08/12/2015 19:53:28] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon Video Acceleration Universal Driver.) - [7742.77 Ko] - (8.14.10.513) - C:\WINDOWS\SysWOW64\atiumdva.dll [MD5.F83C267C8F2000A95D7FA6C601AFEC40] - |A| - [08/12/2015 19:53:28] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiuxpag.dll.) - [129.9 Ko] - (8.14.1.6463) - C:\WINDOWS\SysWOW64\atiuxpag.dll [MD5.7C163EDE63854539828F5B2C1BC529FD] - |A| - [08/12/2015 19:53:29] - (.-.) - [153.46 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\ativvsva.dat [MD5.219D7091DD1D93728392337FE9C7ADD6] - |A| - [08/12/2015 19:53:29] - (.-.) - [200.15 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\ativvsvl.dat [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\SysWOW64\az-Latn-AZ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\SysWOW64\be-BY [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [324 Ko] - C:\WINDOWS\SysWOW64\bg-BG [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\SysWOW64\bn-BD [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\SysWOW64\bn-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\SysWOW64\bs-Latn-BA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0.1 Ko] - C:\WINDOWS\SysWOW64\Bthprops [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30.5 Ko] - C:\WINDOWS\SysWOW64\ca-ES [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [31 Ko] - C:\WINDOWS\SysWOW64\ca-ES-valencia [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\catroot [MD5.9AA08EA19836F1E27770A200A67920A9] - |A| - [08/12/2015 19:54:51] - (.-.) - [55.43 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\CCCInstall_201512081854512264.log [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [23 Ko] - C:\WINDOWS\SysWOW64\chr-CHER-US [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [320.5 Ko] - C:\WINDOWS\SysWOW64\com [MD5.C04ED7B2794D40E8E777FD44ED44FC50] - |A| - [12/04/2018 01:34:46] - (.-.) - [0.36 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\DefaultAccountTile.png [MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 01:38:21] - [205 Ko] - C:\WINDOWS\SysWOW64\DiagSvcs [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [7783.23 Ko] - C:\WINDOWS\SysWOW64\Dism [MD5.0902754B4F3041FD31673CB63B34012D] - |A| - [25/07/2017 13:27:25] - (.-.) - [0.23 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\dllhost.exe.config [MD5.26B0F12F9A4C267AF5B2DA35F87A6EFA] - |A| - [13/10/2016 13:43:06] - (.-.) - [0.05 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\DOErrors.log [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [2503.91 Ko] - C:\WINDOWS\SysWOW64\downlevel [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [3434.93 Ko] - C:\WINDOWS\SysWOW64\drivers [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0.32 Ko] - C:\WINDOWS\SysWOW64\DriverStore [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [428 Ko] - C:\WINDOWS\SysWOW64\el-GR [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:18:39] - [0 Ko] - C:\WINDOWS\SysWOW64\en [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [304 Ko] - C:\WINDOWS\SysWOW64\en-GB [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [1558.03 Ko] - C:\WINDOWS\SysWOW64\en-US [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [411.5 Ko] - C:\WINDOWS\SysWOW64\es-ES [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [336.5 Ko] - C:\WINDOWS\SysWOW64\es-MX [MD5.1E91815C329345AD54FE08BF7A98F749] - |A| - [12/04/2018 18:19:16] - (.Copyright (C) 2017 - Gracenote SDK component.) - [4073.5 Ko] - (3.10.5.5585) - C:\WINDOWS\SysWOW64\gnsdk_fp.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\GroupPolicy [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\GroupPolicyUsers [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29 Ko] - C:\WINDOWS\SysWOW64\gu-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29 Ko] - C:\WINDOWS\SysWOW64\ha-Latn-NG [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [309.5 Ko] - C:\WINDOWS\SysWOW64\he-IL [MD5.B4242227EAA6B910E3D0B985816DB2E7] - |A| - [12/04/2018 01:34:45] - (.-.) - [218 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\HeatCore.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29 Ko] - C:\WINDOWS\SysWOW64\hi-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [314.5 Ko] - C:\WINDOWS\SysWOW64\hr-HR [MD5.EF526D5DE6BEA3EF9D66177422346CF8] - |A| - [08/12/2015 19:53:29] - (.-.) - [100 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\hsa-thunk.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [389.5 Ko] - C:\WINDOWS\SysWOW64\hu-HU [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [27.5 Ko] - C:\WINDOWS\SysWOW64\hy-AM [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [36.27 Ko] - C:\WINDOWS\SysWOW64\icsxml [MD5.17F5D3282D520EB2EA7C488AA6C57438] - |RA| - [12/04/2018 01:34:47] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU I18N DLL.) - [1594 Ko] - (59.1.0.0) - C:\WINDOWS\SysWOW64\icuin.dll [MD5.A456E020684366A0DB0714ABFB1B5A2A] - |RA| - [12/04/2018 01:34:47] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Common DLL.) - [1134 Ko] - (59.1.0.0) - C:\WINDOWS\SysWOW64\icuuc.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\SysWOW64\id-ID [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [27 Ko] - C:\WINDOWS\SysWOW64\ig-NG [MD5.9DDE110E76DD3D7FAA7282361069528E] - |A| - [12/04/2018 01:34:47] - (.-.) - [355.66 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\InputHost.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [215.5 Ko] - C:\WINDOWS\SysWOW64\InputMethod [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [1160 Ko] - C:\WINDOWS\SysWOW64\InstallShield [MD5.8AC7267A63E46012272095B800D29C40] - |A| - [13/01/2017 20:38:56] - (.Copyright © The Khronos Group Inc 2014 - OpenCL Client DLL.) - [101.5 Ko] - (2.0.2.0) - C:\WINDOWS\SysWOW64\Intel_OpenCL_ICD32.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\Ipmi [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29 Ko] - C:\WINDOWS\SysWOW64\is-IS [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [410.5 Ko] - C:\WINDOWS\SysWOW64\it-IT [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [29/08/2017 22:11:48] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\last.dump [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [33 Ko] - C:\WINDOWS\SysWOW64\lb-LU [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [559.86 Ko] - C:\WINDOWS\SysWOW64\Licenses [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [27 Ko] - C:\WINDOWS\SysWOW64\lo-LA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\LogFiles [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [313 Ko] - C:\WINDOWS\SysWOW64\lt-LT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [311.5 Ko] - C:\WINDOWS\SysWOW64\lv-LV [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [24583.01 Ko] - C:\WINDOWS\SysWOW64\Macromed [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32.68 Ko] - C:\WINDOWS\SysWOW64\MailContactsCalendarSync [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29 Ko] - C:\WINDOWS\SysWOW64\mi-NZ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [3347.31 Ko] - C:\WINDOWS\SysWOW64\migration [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [827.4 Ko] - C:\WINDOWS\SysWOW64\migwiz [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\SysWOW64\mk-MK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32.5 Ko] - C:\WINDOWS\SysWOW64\ml-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30.5 Ko] - C:\WINDOWS\SysWOW64\mn-MN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\SysWOW64\mr-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\SysWOW64\ms-MY [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [45.5 Ko] - C:\WINDOWS\SysWOW64\MSDRM [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [52.28 Ko] - C:\WINDOWS\SysWOW64\Msdtc [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [31 Ko] - C:\WINDOWS\SysWOW64\mt-MT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [19.15 Ko] - C:\WINDOWS\SysWOW64\MUI [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [374 Ko] - C:\WINDOWS\SysWOW64\nb-NO [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\NDF [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [31.5 Ko] - C:\WINDOWS\SysWOW64\ne-NP [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [51 Ko] - C:\WINDOWS\SysWOW64\networklist [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [400.5 Ko] - C:\WINDOWS\SysWOW64\nl-NL [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\SysWOW64\nn-NO [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30.5 Ko] - C:\WINDOWS\SysWOW64\nso-ZA [MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 01:38:21] - [3781.5 Ko] - C:\WINDOWS\SysWOW64\Nui [MD5.B3B9C8925432FDA674ACCA908FE3CFDE] - |A| - [12/04/2018 01:34:02] - (.-.) - [36.79 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\OneDrive.ico [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [685.69 Ko] - C:\WINDOWS\SysWOW64\oobe [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32.5 Ko] - C:\WINDOWS\SysWOW64\or-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\SysWOW64\pa-Arab-PK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\SysWOW64\pa-IN [MD5.86316BE34481C1ED5B792169312673FD] - |A| - [10/12/2017 00:05:22] - (.Copyright © 2010-2013 Riverbed Technology, Inc. Copyright © 2005-2010 CACE Technologies. Copyright © 1999-2005 NetGroup, Politecnico di Torino. - packet.dll (Vista) Dynamic Link Library.) - [95.74 Ko] - (4.1.0.2980) - C:\WINDOWS\SysWOW64\Packet.dll [MD5.761BAC7DA4B6F945C68025375AB6C65D] - |A| - [24/09/2017 04:58:32] - (.-.) - [1921.54 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\PerfStringBackup.INI [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [397.5 Ko] - C:\WINDOWS\SysWOW64\pl-PL [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:18:40] - [420.74 Ko] - C:\WINDOWS\SysWOW64\Printing_Admin_Scripts [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30.5 Ko] - C:\WINDOWS\SysWOW64\prs-AF [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [400.5 Ko] - C:\WINDOWS\SysWOW64\pt-BR [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [395.5 Ko] - C:\WINDOWS\SysWOW64\pt-PT [MD5.F04A90F917BA10AE2DCBE859870F4DEA] - |A| - [10/12/2017 00:05:21] - (.-.) - [52.05 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\pthreadVC.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32.5 Ko] - C:\WINDOWS\SysWOW64\quc-Latn-GT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30.5 Ko] - C:\WINDOWS\SysWOW64\quz-PE [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [23.75 Ko] - C:\WINDOWS\SysWOW64\ras [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\RasToast [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0.82 Ko] - C:\WINDOWS\SysWOW64\Recovery [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\restore [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [321 Ko] - C:\WINDOWS\SysWOW64\ro-RO [MD5.60E7C264DF5C1CBEAD754DD5AA7F6838] - |A| - [08/12/2015 19:46:41] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRCOM.DLL.) - [333.16 Ko] - (4.0.0.59) - C:\WINDOWS\SysWOW64\SRCOM.dll [MD5.2E00E08420875FAE0B173C6A34C2A575] - |A| - [05/06/2018 15:25:36] - (.-.) - [18.28 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\srms-apr.dat [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\sru [MD5.DC2DB04CA829CAD7910CE71263F68C90] - |A| - [12/04/2018 01:34:45] - (.-.) - [321.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\ssdm.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [381.5 Ko] - C:\WINDOWS\SysWOW64\sv-SE [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29 Ko] - C:\WINDOWS\SysWOW64\sw-KE [MD5.5AC4694C49BC95E92FB7656C7C10278B] - |A| - [18/08/2017 02:23:50] - (.Copyright (C) Synaptics Incorporated 1996-2017 - SynCOM.) - [427.09 Ko] - (19.3.31.31) - C:\WINDOWS\SysWOW64\SynCom.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:18:40] - [0 Ko] - C:\WINDOWS\SysWOW64\sysprep [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [34 Ko] - C:\WINDOWS\SysWOW64\ta-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\Tasks [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\SysWOW64\te-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32 Ko] - C:\WINDOWS\SysWOW64\tg-Cyrl-TJ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [289.5 Ko] - C:\WINDOWS\SysWOW64\th-TH [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [22.5 Ko] - C:\WINDOWS\SysWOW64\ti-ET [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [27.5 Ko] - C:\WINDOWS\SysWOW64\tk-TM [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32.5 Ko] - C:\WINDOWS\SysWOW64\tn-ZA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [372.5 Ko] - C:\WINDOWS\SysWOW64\tr-TR [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\SysWOW64\tt-RU [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28 Ko] - C:\WINDOWS\SysWOW64\ug-CN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [314 Ko] - C:\WINDOWS\SysWOW64\uk-UA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\SysWOW64\ur-PK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32 Ko] - C:\WINDOWS\SysWOW64\uz-Latn-UZ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [31.5 Ko] - C:\WINDOWS\SysWOW64\vi-VN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [15770.52 Ko] - C:\WINDOWS\SysWOW64\wbem [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:18:40] - [0 Ko] - C:\WINDOWS\SysWOW64\WCN [MD5.F8A04B2ADF9693ADF0D70B966CA4498E] - |A| - [12/04/2018 01:34:45] - (.-.) - [109 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\WindowsDefaultHeatProcessor.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [9182.81 Ko] - C:\WINDOWS\SysWOW64\WindowsPowerShell [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [5569.41 Ko] - C:\WINDOWS\SysWOW64\WinMetadata [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:18:40] - [107.53 Ko] - C:\WINDOWS\SysWOW64\winrm [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [27.5 Ko] - C:\WINDOWS\SysWOW64\wo-SN [MD5.4633B298D57014627831CCAC89A2C50B] - |A| - [10/12/2017 00:05:22] - (.Copyright © 2010-2013 Riverbed Technology, Inc. Copyright © 2005-2010 CACE Technologies. Copyright © 1999-2005 NetGroup, Politecnico di Torino. - wpcap.dll Dynamic Link Library - based on libpcap 1.0rel0b branch (20091008).) - [275.74 Ko] - (4.1.0.2980) - C:\WINDOWS\SysWOW64\wpcap.dll [MD5.62236256C14EBAB96F24E4F1D7049CA8] - |A| - [12/04/2018 01:34:45] - (.-.) - [54.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\xboxgipsynthetic.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\SysWOW64\xh-ZA [MD5.00000000000000000000000000000000] - |D| - [05/06/2018 15:02:54] - [10.16 Ko] - C:\WINDOWS\SysWOW64\XPSViewer [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29 Ko] - C:\WINDOWS\SysWOW64\yo-NG [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [245.5 Ko] - C:\WINDOWS\SysWOW64\zh-CN [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\zh-HK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [240.5 Ko] - C:\WINDOWS\SysWOW64\zh-TW [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\SysWOW64\zu-ZA ---------- | Shell Folders [HKU\S-1-5-21-496730697-2844734673-1435591839-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] "!Do not use this registry key"=Use the SHGetFolderPath or SHGetKnownFolderPath function instead "AppData"=C:\Users\Anaïs\AppData\Roaming [06/06/2018 05:19:20] "Local AppData"=C:\Users\Anaïs\AppData\Local [06/06/2018 05:19:20] "CD Burning"=C:\Users\Anaïs\AppData\Local\Microsoft\Windows\Burn\Burn [06/06/2018 09:08:18] "{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"=C:\Users\Anaïs\AppData\Roaming\Microsoft\Windows\Libraries [06/10/2016 15:02:07] "My Video"=C:\Users\Anaïs\Videos [06/10/2016 15:01:38] "My Pictures"=C:\Users\Anaïs\Pictures [06/10/2016 15:01:38] "Desktop"=C:\Users\Anaïs\Desktop [06/10/2016 15:01:38] "History"=C:\Users\Anaïs\AppData\Local\Microsoft\Windows\History [06/10/2016 15:01:38] "NetHood"=C:\Users\Anaïs\AppData\Roaming\Microsoft\Windows\Network Shortcuts [06/06/2018 05:19:20] "{56784854-C6CB-462B-8169-88E350ACB882}"=C:\Users\Anaïs\Contacts [06/10/2016 15:02:07] "{00BCFC5A-ED94-4E48-96A1-3F6217F21990}"=C:\Users\Anaïs\AppData\Local\Microsoft\Windows\RoamingTiles [06/10/2016 15:02:07] "Cookies"=C:\Users\Anaïs\AppData\Local\Microsoft\Windows\INetCookies [06/10/2016 15:01:38] "Favorites"=C:\Users\Anaïs\Favorites [06/10/2016 15:01:38] "SendTo"=C:\Users\Anaïs\AppData\Roaming\Microsoft\Windows\SendTo [21/10/2016 15:05:54] "Start Menu"=C:\Users\Anaïs\AppData\Roaming\Microsoft\Windows\Start Menu [21/10/2016 15:05:54] "My Music"=C:\Users\Anaïs\Music [06/10/2016 15:01:38] "Programs"=C:\Users\Anaïs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [21/10/2016 15:05:54] "Recent"=C:\Users\Anaïs\AppData\Roaming\Microsoft\Windows\Recent [06/10/2016 15:01:38] "PrintHood"=C:\Users\Anaïs\AppData\Roaming\Microsoft\Windows\Printer Shortcuts [06/06/2018 05:19:20] "{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}"=C:\Users\Anaïs\Searches [06/10/2016 15:02:07] "{374DE290-123F-4565-9164-39C4925E467B}"=C:\Users\Anaïs\Downloads [06/10/2016 15:01:38] "{A520A1A4-1780-4FF6-BD18-167343C5AF16}"=C:\Users\Anaïs\AppData\LocalLow [06/10/2016 15:01:40] "Startup"=C:\Users\Anaïs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [06/10/2016 15:02:08] "Administrative Tools"=C:\Users\Anaïs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [06/10/2016 15:02:08] "Personal"=C:\Users\Anaïs\Documents [06/10/2016 15:01:38] "{BFB9D5E0-C6A9-404C-B2B2-AE6DB6AF4968}"=C:\Users\Anaïs\Links [06/10/2016 15:01:38] "Cache"=C:\Users\Anaïs\AppData\Local\Microsoft\Windows\INetCache [06/06/2018 05:19:20] "Templates"=C:\Users\Anaïs\AppData\Roaming\Microsoft\Windows\Templates [06/06/2018 05:19:20] "{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}"=C:\Users\Anaïs\Saved Games [06/10/2016 15:01:38] "Fonts"=C:\WINDOWS\Fonts [12/04/2018 01:38:21] [HKU\S-1-5-21-496730697-2844734673-1435591839-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders] "AppData"=%USERPROFILE%\AppData\Roaming "Cache"=%USERPROFILE%\AppData\Local\Microsoft\Windows\INetCache "Cookies"=%USERPROFILE%\AppData\Local\Microsoft\Windows\INetCookies "Desktop"=%USERPROFILE%\Desktop "Favorites"=%USERPROFILE%\Favorites "History"=%USERPROFILE%\AppData\Local\Microsoft\Windows\History "Local AppData"=%USERPROFILE%\AppData\Local "My Music"=%USERPROFILE%\Music "My Pictures"=%USERPROFILE%\Pictures "My Video"=%USERPROFILE%\Videos "NetHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Network Shortcuts "Personal"=%USERPROFILE%\Documents "PrintHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Printer Shortcuts "Programs"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs "Recent"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Recent "SendTo"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\SendTo "Start Menu"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu "Startup"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup "Templates"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Templates "{374DE290-123F-4565-9164-39C4925E467B}"=%USERPROFILE%\Downloads [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] "Common Administrative Tools"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [12/04/2018 01:38:20] "Common AppData"=C:\ProgramData [12/04/2018 01:38:20] "Common Desktop"=C:\Users\Public\Desktop [10/07/2015 13:04:22] "Common Documents"=C:\Users\Public\Documents [10/07/2015 13:04:22] "Common Programs"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs [12/04/2018 01:38:20] "Common Start Menu"=C:\ProgramData\Microsoft\Windows\Start Menu [12/04/2018 01:38:20] "Common Startup"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [12/04/2018 01:38:20] "Common Templates"=C:\ProgramData\Microsoft\Windows\Templates [10/07/2015 13:04:22] "CommonMusic"=C:\Users\Public\Music [10/07/2015 13:04:22] "CommonPictures"=C:\Users\Public\Pictures [10/07/2015 13:04:22] "CommonVideo"=C:\Users\Public\Videos [10/07/2015 13:04:22] "OEM Links"=C:\ProgramData\OEM\Links [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders] "Common AppData"=%ProgramData% "Common Desktop"=%PUBLIC%\Desktop "Common Documents"=%PUBLIC%\Documents "Common Programs"=%ProgramData%\Microsoft\Windows\Start Menu\Programs "Common Start Menu"=%ProgramData%\Microsoft\Windows\Start Menu "Common Startup"=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup "Common Templates"=%ProgramData%\Microsoft\Windows\Templates "CommonMusic"=%PUBLIC%\Music "CommonPictures"=%PUBLIC%\Pictures "CommonVideo"=%PUBLIC%\Videos "{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"=%PUBLIC%\Downloads [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] "Common Administrative Tools"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [12/04/2018 01:38:20] "Common AppData"=C:\ProgramData [12/04/2018 01:38:20] "Common Desktop"=C:\Users\Public\Desktop [10/07/2015 13:04:22] "Common Documents"=C:\Users\Public\Documents [10/07/2015 13:04:22] "Common Programs"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs [12/04/2018 01:38:20] "Common Start Menu"=C:\ProgramData\Microsoft\Windows\Start Menu [12/04/2018 01:38:20] "Common Startup"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [12/04/2018 01:38:20] "Common Templates"=C:\ProgramData\Microsoft\Windows\Templates [10/07/2015 13:04:22] "CommonMusic"=C:\Users\Public\Music [10/07/2015 13:04:22] "CommonPictures"=C:\Users\Public\Pictures [10/07/2015 13:04:22] "CommonVideo"=C:\Users\Public\Videos [10/07/2015 13:04:22] "OEM Links"=C:\ProgramData\OEM\Links [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders] "Common AppData"=%ProgramData% "Common Desktop"=%PUBLIC%\Desktop "Common Documents"=%PUBLIC%\Documents "Common Programs"=%ProgramData%\Microsoft\Windows\Start Menu\Programs "Common Start Menu"=%ProgramData%\Microsoft\Windows\Start Menu "Common Startup"=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup "Common Templates"=%ProgramData%\Microsoft\Windows\Templates "CommonMusic"=%PUBLIC%\Music "CommonPictures"=%PUBLIC%\Pictures "CommonVideo"=%PUBLIC%\Videos "{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"=%PUBLIC%\Downloads ---------- | [Anaïs] [25/07/2017 13:27:05] - |D| - [2420] - C:\Users\Anaïs\.android [20/12/2017 15:43:21] - |RD| - [298] - C:\Users\Anaïs\3D Objects [06/06/2018 05:19:20] - |HD| - [3529804929] - C:\Users\Anaïs\AppData [06/06/2018 05:19:20] - |SHD| - [0] - C:\Users\Anaïs\Application Data [06/10/2016 15:02:07] - |RD| - [412] - C:\Users\Anaïs\Contacts [06/06/2018 05:19:20] - |SHD| - [0] - C:\Users\Anaïs\Cookies [06/10/2016 15:01:38] - |RD| - [480597140] - C:\Users\Anaïs\Desktop [06/10/2016 15:01:38] - |RD| - [199898371473] - C:\Users\Anaïs\Documents [06/10/2016 15:01:38] - |RD| - [20033867557] - C:\Users\Anaïs\Downloads [25/10/2016 18:27:45] - |RD| - [2500872152] - C:\Users\Anaïs\Dropbox [06/10/2016 15:01:38] - |RD| - [402] - C:\Users\Anaïs\Favorites [06/10/2016 15:01:42] - |SHD| - [25308] - C:\Users\Anaïs\IntelGraphicsProfiles [06/10/2016 15:01:38] - |RD| - [1963] - C:\Users\Anaïs\Links [06/06/2018 05:19:20] - |SHD| - [0] - C:\Users\Anaïs\Local Settings [06/06/2018 05:19:20] - |SHD| - [0] - C:\Users\Anaïs\Menu Démarrer [06/06/2018 05:19:20] - |SHD| - [0] - C:\Users\Anaïs\Mes documents [20/12/2017 15:44:44] - |HD| - [4203315] - C:\Users\Anaïs\MicrosoftEdgeBackups [06/06/2018 05:19:20] - |SHD| - [0] - C:\Users\Anaïs\Modèles [06/10/2016 15:01:38] - |RD| - [1054256945] - C:\Users\Anaïs\Music [06/06/2018 05:19:20] - |AH| - [9961472] - C:\Users\Anaïs\NTUSER.DAT [06/06/2018 05:19:20] - |ASH| - [2490368] - C:\Users\Anaïs\ntuser.dat.LOG1 [06/06/2018 05:19:20] - |ASH| - [2097152] - C:\Users\Anaïs\ntuser.dat.LOG2 [06/06/2018 05:19:20] - |ASH| - [65536] - C:\Users\Anaïs\NTUSER.DAT{baf0dc28-693f-11e8-ab66-dc4a3ee1ddba}.TM.blf [06/06/2018 05:19:20] - |ASH| - [524288] - C:\Users\Anaïs\NTUSER.DAT{baf0dc28-693f-11e8-ab66-dc4a3ee1ddba}.TMContainer00000000000000000001.regtrans-ms [06/06/2018 05:19:20] - |ASH| - [524288] - C:\Users\Anaïs\NTUSER.DAT{baf0dc28-693f-11e8-ab66-dc4a3ee1ddba}.TMContainer00000000000000000002.regtrans-ms [06/06/2018 05:49:56] - |SH| - [20] - C:\Users\Anaïs\ntuser.ini [06/10/2016 15:06:22] - |RD| - [96] - C:\Users\Anaïs\OneDrive [06/10/2016 15:01:38] - |RD| - [166508401127] - C:\Users\Anaïs\Pictures [06/06/2018 05:19:20] - |SHD| - [0] - C:\Users\Anaïs\Recent [06/10/2016 15:01:38] - |RD| - [282] - C:\Users\Anaïs\Saved Games [06/10/2016 15:02:07] - |RD| - [1875] - C:\Users\Anaïs\Searches [06/06/2018 05:19:20] - |SHD| - [0] - C:\Users\Anaïs\SendTo [07/10/2016 16:23:12] - |D| - [247947264] - C:\Users\Anaïs\Tracing [06/10/2016 15:01:38] - |RD| - [6310028905] - C:\Users\Anaïs\Videos [06/06/2018 05:19:20] - |SHD| - [0] - C:\Users\Anaïs\Voisinage d'impression [06/06/2018 05:19:20] - |SHD| - [0] - C:\Users\Anaïs\Voisinage réseau [25/10/2016 07:15:18] - |A| - [2424320] - C:\Users\Anaïs\ZHPDiag3.exe [06/06/2018 05:19:20] - |D| - [3044672547] - C:\Users\Anaïs\AppData\Local [06/10/2016 15:01:40] - |D| - [6176695] - C:\Users\Anaïs\AppData\LocalLow [06/06/2018 05:19:20] - |D| - [479128210] - C:\Users\Anaïs\AppData\Roaming [09/12/2017 23:51:55] - |D| - [40571834] - C:\Users\Anaïs\AppData\Local\Apowersoft [17/06/2018 12:05:52] - |D| - [0] - C:\Users\Anaïs\AppData\Local\Apple [17/06/2018 12:14:49] - |D| - [957063] - C:\Users\Anaïs\AppData\Local\Apple Computer [06/06/2018 05:19:20] - |SHD| - [0] - C:\Users\Anaïs\AppData\Local\Application Data [06/11/2016 23:33:48] - |D| - [54345] - C:\Users\Anaïs\AppData\Local\ATI [13/05/2017 19:06:23] - |D| - [21839] - C:\Users\Anaïs\AppData\Local\CANON_INC [06/10/2016 15:36:29] - |D| - [0] - C:\Users\Anaïs\AppData\Local\CEF [19/10/2016 14:44:03] - |D| - [32727064] - C:\Users\Anaïs\AppData\Local\Comms [24/09/2017 05:29:42] - |D| - [1105169] - C:\Users\Anaïs\AppData\Local\ConnectedDevicesPlatform [06/10/2016 15:04:36] - |D| - [341582105] - C:\Users\Anaïs\AppData\Local\CyberLink [24/09/2017 05:56:37] - |D| - [0] - C:\Users\Anaïs\AppData\Local\DBG [07/10/2016 16:28:03] - |D| - [1499901] - C:\Users\Anaïs\AppData\Local\Diagnostics [25/10/2016 18:07:39] - |D| - [25167095] - C:\Users\Anaïs\AppData\Local\Dropbox [06/10/2016 15:02:52] - |D| - [1962] - C:\Users\Anaïs\AppData\Local\DropboxOEM [24/10/2016 12:22:13] - |D| - [0] - C:\Users\Anaïs\AppData\Local\ElevatedDiagnostics [06/10/2016 15:09:17] - |D| - [527305352] - C:\Users\Anaïs\AppData\Local\Google [06/10/2016 15:02:12] - |D| - [30409] - C:\Users\Anaïs\AppData\Local\Hewlett-Packard [06/06/2018 05:19:20] - |SHD| - [0] - C:\Users\Anaïs\AppData\Local\Historique [11/10/2016 10:32:18] - |D| - [308896] - C:\Users\Anaïs\AppData\Local\HP [06/10/2016 15:05:01] - |D| - [3131] - C:\Users\Anaïs\AppData\Local\HP_Inc [13/06/2018 18:03:40] - |AH| - [130208] - C:\Users\Anaïs\AppData\Local\IconCache.db [06/06/2018 05:19:20] - |D| - [1338404428] - C:\Users\Anaïs\AppData\Local\Microsoft [06/10/2016 15:07:27] - |D| - [75524] - C:\Users\Anaïs\AppData\Local\MicrosoftEdge [07/10/2016 01:46:40] - |D| - [0] - C:\Users\Anaïs\AppData\Local\NetworkTiles [20/12/2017 15:18:13] - |D| - [398957256] - C:\Users\Anaïs\AppData\Local\Packages [06/06/2018 07:50:10] - |D| - [0] - C:\Users\Anaïs\AppData\Local\PlaceholderTileLogoFolder [19/10/2016 14:23:50] - |D| - [0] - C:\Users\Anaïs\AppData\Local\Programs [06/10/2016 15:02:51] - |D| - [162274] - C:\Users\Anaïs\AppData\Local\Publishers [17/12/2016 07:42:25] - |D| - [940] - C:\Users\Anaïs\AppData\Local\speech [19/05/2017 21:58:01] - |D| - [6452] - C:\Users\Anaïs\AppData\Local\SquirrelTemp [06/06/2018 05:19:20] - |D| - [19106482] - C:\Users\Anaïs\AppData\Local\Temp [06/06/2018 05:19:20] - |SHD| - [0] - C:\Users\Anaïs\AppData\Local\Temporary Internet Files [06/10/2016 15:01:43] - |D| - [14635278] - C:\Users\Anaïs\AppData\Local\TileDataLayer [08/07/2017 08:08:09] - |D| - [0] - C:\Users\Anaïs\AppData\Local\UNP [06/10/2016 15:01:47] - |D| - [41523] - C:\Users\Anaïs\AppData\Local\VirtualStore [19/05/2017 21:58:35] - |D| - [301582545] - C:\Users\Anaïs\AppData\Local\WhatsApp [08/10/2016 04:50:45] - |D| - [233472] - C:\Users\Anaïs\AppData\Local\Windows Live [06/10/2016 15:01:56] - |SD| - [5423031] - C:\Users\Anaïs\AppData\LocalLow\Microsoft [17/05/2017 18:22:36] - |D| - [0] - C:\Users\Anaïs\AppData\LocalLow\Temp [12/05/2017 20:01:48] - |D| - [753664] - C:\Users\Anaïs\AppData\LocalLow\uTorrent [06/10/2016 15:02:00] - |D| - [0] - C:\Users\Anaïs\AppData\Roaming\Adobe [09/12/2017 23:52:11] - |D| - [139554] - C:\Users\Anaïs\AppData\Roaming\Apowersoft [17/06/2018 12:14:49] - |D| - [131070] - C:\Users\Anaïs\AppData\Roaming\Apple Computer [06/11/2016 23:33:48] - |D| - [0] - C:\Users\Anaïs\AppData\Roaming\ATI [06/10/2016 15:36:11] - |D| - [21834803] - C:\Users\Anaïs\AppData\Roaming\AVAST Software [13/05/2017 19:01:00] - |D| - [0] - C:\Users\Anaïs\AppData\Roaming\canon [13/05/2017 19:08:17] - |D| - [133388] - C:\Users\Anaïs\AppData\Roaming\Canon_Inc_IC [02/11/2016 11:25:52] - |D| - [0] - C:\Users\Anaïs\AppData\Roaming\CyberLink [25/10/2016 18:21:37] - |D| - [909476] - C:\Users\Anaïs\AppData\Roaming\Dropbox [08/10/2016 19:45:28] - |D| - [151765837] - C:\Users\Anaïs\AppData\Roaming\DropboxOEM [03/11/2017 18:55:44] - |D| - [458] - C:\Users\Anaïs\AppData\Roaming\dvdcss [19/06/2018 20:03:39] - |D| - [0] - C:\Users\Anaïs\AppData\Roaming\Google [06/10/2016 15:05:19] - |D| - [4098] - C:\Users\Anaïs\AppData\Roaming\Hewlett-Packard [25/07/2017 13:29:16] - |D| - [4096] - C:\Users\Anaïs\AppData\Roaming\HMYGSetting [29/12/2016 10:41:26] - |D| - [94711] - C:\Users\Anaïs\AppData\Roaming\HPPSDr [11/10/2016 10:34:30] - |D| - [33053] - C:\Users\Anaïs\AppData\Roaming\HpUpdate [06/10/2016 15:07:47] - |D| - [710] - C:\Users\Anaïs\AppData\Roaming\Macromedia [06/06/2018 05:19:20] - |SD| - [51507675] - C:\Users\Anaïs\AppData\Roaming\Microsoft [15/11/2016 08:24:34] - |D| - [2492] - C:\Users\Anaïs\AppData\Roaming\PhotoFiltre 7 [07/10/2016 15:09:15] - |D| - [164283556] - C:\Users\Anaïs\AppData\Roaming\Skype [06/10/2016 15:01:42] - |D| - [0] - C:\Users\Anaïs\AppData\Roaming\Synaptics [09/10/2016 18:31:40] - |D| - [64786305] - C:\Users\Anaïs\AppData\Roaming\uTorrent [09/10/2016 18:38:12] - |D| - [90209] - C:\Users\Anaïs\AppData\Roaming\vlc [19/05/2017 21:59:51] - |D| - [4526689] - C:\Users\Anaïs\AppData\Roaming\WhatsApp [31/12/2016 14:15:11] - |D| - [67415] - C:\Users\Anaïs\AppData\Roaming\WildTangent [07/10/2016 20:06:08] - |D| - [12] - C:\Users\Anaïs\AppData\Roaming\WinRAR [25/07/2017 13:27:05] - |D| - [15705416] - C:\Users\Anaïs\AppData\Roaming\Wondershare [23/10/2016 15:25:30] - |D| - [3107187] - C:\Users\Anaïs\AppData\Roaming\ZHP [06/10/2016 15:02:07] - |SH| - [174] - C:\Users\Anaïs\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini [06/06/2018 05:19:20] - |SHD| - [0] - C:\Users\Anaïs\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes [21/10/2016 15:05:54] - |RD| - [32558] - C:\Users\Anaïs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [09/10/2016 18:33:25] - |A| - [883] - C:\Users\Anaïs\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk [06/06/2018 05:19:20] - |RD| - [3888] - C:\Users\Anaïs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility [06/06/2018 05:19:20] - |RD| - [2932] - C:\Users\Anaïs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [06/10/2016 15:02:08] - |RD| - [174] - C:\Users\Anaïs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [06/06/2018 05:19:20] - |SH| - [264] - C:\Users\Anaïs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini [06/06/2018 05:19:20] - |D| - [170] - C:\Users\Anaïs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [06/06/2018 05:19:20] - |A| - [1105] - C:\Users\Anaïs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk [15/11/2016 08:24:30] - |D| - [4704] - C:\Users\Anaïs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PhotoFiltre 7 [06/10/2016 15:02:08] - |RD| - [1407] - C:\Users\Anaïs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [06/06/2018 05:19:20] - |RD| - [3496] - C:\Users\Anaïs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools [19/05/2017 21:59:56] - |D| - [2259] - C:\Users\Anaïs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp [06/06/2018 05:19:20] - |RD| - [7754] - C:\Users\Anaïs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell [07/10/2016 20:02:21] - |D| - [4405] - C:\Users\Anaïs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [06/10/2016 15:02:08] - |SH| - [174] - C:\Users\Anaïs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini [13/05/2017 19:04:12] - |A| - [1233] - C:\Users\Anaïs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EOS Utility.lnk ---------- | [Public] [16/07/2015 08:05:03] - |RHD| - [196] - C:\Users\Public\AccountPictures [06/10/2016 16:17:37] - |D| - [4071] - C:\Users\Public\CyberLink [10/07/2015 13:04:22] - |AHD| - [2494] - C:\Users\Public\Desktop [12/04/2018 01:38:24] - |ASH| - [174] - C:\Users\Public\desktop.ini [10/07/2015 13:04:22] - |RD| - [59454842] - C:\Users\Public\Documents [10/07/2015 13:04:22] - |RD| - [174] - C:\Users\Public\Downloads [12/04/2018 01:38:20] - |RHD| - [1135] - C:\Users\Public\Libraries [10/07/2015 13:04:22] - |RD| - [380] - C:\Users\Public\Music [21/10/2016 04:31:36] - |A| - [8192] - C:\Users\Public\NTUSER.DAT [21/10/2016 04:31:36] - |A| - [8192] - C:\Users\Public\NTUSER.DAT.LOG1 [21/10/2016 04:31:36] - |A| - [8192] - C:\Users\Public\NTUSER.DAT.LOG2 [21/10/2016 04:31:36] - |ASH| - [65536] - C:\Users\Public\NTUSER.DAT{69bf42e7-95f7-11e6-9bde-606dc7ed23de}.TM.blf [21/10/2016 04:31:36] - |ASH| - [524288] - C:\Users\Public\NTUSER.DAT{69bf42e7-95f7-11e6-9bde-606dc7ed23de}.TMContainer00000000000000000001.regtrans-ms [21/10/2016 04:31:36] - |ASH| - [524288] - C:\Users\Public\NTUSER.DAT{69bf42e7-95f7-11e6-9bde-606dc7ed23de}.TMContainer00000000000000000002.regtrans-ms [10/07/2015 13:04:22] - |RD| - [380] - C:\Users\Public\Pictures [10/07/2015 13:04:22] - |RD| - [380] - C:\Users\Public\Videos ---------- | C:\ProgramData [11/10/2016 10:33:46] - |A| - [57] - C:\ProgramData\Ament.ini [10/12/2017 00:05:12] - |D| - [0] - C:\ProgramData\Apowersoft [08/12/2015 20:06:18] - |D| - [118894850] - C:\ProgramData\Apple [17/06/2018 12:12:21] - |D| - [555] - C:\ProgramData\Apple Computer [06/06/2018 05:47:19] - |SHD| - [0] - C:\ProgramData\Application Data [06/11/2016 23:33:48] - |D| - [186] - C:\ProgramData\ATI [08/12/2015 20:09:17] - |D| - [564114518] - C:\ProgramData\AVAST Software [06/10/2016 13:31:05] - |SHD| - [0] - C:\ProgramData\Bureau [13/05/2017 19:00:52] - |D| - [350702] - C:\ProgramData\Canon_Inc_IC [16/07/2016 13:47:48] - |D| - [0] - C:\ProgramData\Comms [08/12/2015 20:10:34] - |D| - [509809836] - C:\ProgramData\CyberLink [06/06/2018 05:47:19] - |SHD| - [0] - C:\ProgramData\Documents [25/10/2016 18:07:38] - |D| - [64337190] - C:\ProgramData\Dropbox [08/12/2015 19:40:56] - |D| - [12029475] - C:\ProgramData\Hewlett-Packard [08/12/2015 20:07:17] - |AD| - [123972612] - C:\ProgramData\HP [11/10/2016 10:34:52] - |AD| - [2888316] - C:\ProgramData\HP Photo Creations [16/11/2016 19:16:19] - |D| - [2064464] - C:\ProgramData\install_backup [08/12/2015 19:57:32] - |D| - [1196237] - C:\ProgramData\install_clap [08/12/2015 19:50:13] - |D| - [46876156] - C:\ProgramData\Intel [08/12/2015 20:20:33] - |D| - [176] - C:\ProgramData\McAfee [06/10/2016 13:31:05] - |SHD| - [0] - C:\ProgramData\Menu Démarrer [12/04/2018 01:38:20] - |SD| - [2874787373] - C:\ProgramData\Microsoft [06/06/2018 09:08:32] - |D| - [0] - C:\ProgramData\Microsoft OneDrive [06/10/2016 13:31:05] - |SHD| - [0] - C:\ProgramData\Modèles [08/12/2015 19:49:50] - |D| - [32288131] - C:\ProgramData\Package Cache [12/04/2018 01:38:20] - |D| - [5298] - C:\ProgramData\regid.1991-06.com.microsoft [07/10/2016 16:15:30] - |D| - [89014272] - C:\ProgramData\Skype [12/04/2018 01:38:20] - |D| - [0] - C:\ProgramData\SoftwareDistribution [19/10/2016 14:24:21] - |D| - [561150] - C:\ProgramData\Spybot - Search & Destroy [08/12/2015 19:49:39] - |D| - [133388] - C:\ProgramData\SRS Labs [08/12/2015 19:57:32] - |D| - [38184] - C:\ProgramData\SUPPORTDIR [08/12/2015 20:01:22] - |D| - [1878] - C:\ProgramData\Synaptics [08/12/2015 19:57:35] - |D| - [764648] - C:\ProgramData\Temp [12/04/2018 01:38:20] - |D| - [11474] - C:\ProgramData\USOPrivate [06/06/2018 05:16:45] - |D| - [1200128] - C:\ProgramData\USOShared [11/10/2016 10:34:52] - |D| - [95268] - C:\ProgramData\Visan [08/12/2015 20:13:20] - |D| - [1054461] - C:\ProgramData\WildTangent [12/04/2018 18:23:20] - |D| - [0] - C:\ProgramData\WindowsHolographicDevices [25/07/2017 13:27:35] - |D| - [428393] - C:\ProgramData\Wondershare [08/12/2015 19:39:05] - |D| - [34940380] - C:\ProgramData\{C6FA530F-BB98-4D9F-BA00-45FD0698077C} ---------- | C:\ProgramData\Microsoft\Windows\Start Menu [12/04/2018 01:38:24] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini [06/10/2016 13:31:05] - |SHD| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programmes [12/04/2018 01:38:20] - |RD| - [172411] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs [30/10/2017 08:42:54] - |D| - [1789] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [24/10/2016 06:16:32] - |A| - [2521] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk [12/04/2018 01:38:20] - |RD| - [1614] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility [12/04/2018 01:38:20] - |RD| - [14299] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories [12/04/2018 01:38:20] - |RD| - [21770] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [08/12/2015 19:54:46] - |D| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center [10/12/2017 00:05:29] - |D| - [2857] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apowersoft [17/06/2018 12:05:50] - |A| - [2535] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [21/03/2017 12:59:01] - |A| - [1986] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Antivirus Gratuit.lnk [13/05/2017 19:01:37] - |D| - [10021] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities [25/01/2018 16:38:40] - |D| - [970] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [16/11/2016 19:19:26] - |A| - [2304] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Power Media Player 14.lnk [12/04/2018 01:38:24] - |ASH| - [530] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini [20/06/2018 20:10:13] - |D| - [1319] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox [08/12/2015 20:15:47] - |D| - [2131] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 25 GB [11/10/2016 10:34:37] - |A| - [1010] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Enregistrement OCR I.R.I.S..lnk [24/10/2016 06:16:33] - |A| - [2494] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk [08/12/2015 20:13:52] - |RD| - [17987] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games [08/12/2015 20:05:29] - |D| - [10177] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP [08/12/2015 19:41:39] - |RD| - [4998] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support [02/12/2015 05:36:51] - |A| - [1434] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Welcome.lnk [12/04/2018 01:35:21] - |RAS| - [2349] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk [12/04/2018 01:38:20] - |D| - [170] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance [08/10/2016 04:53:40] - |A| - [1385] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk [24/09/2017 04:57:45] - |D| - [6351] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos [24/10/2016 06:16:33] - |A| - [2494] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk [24/10/2016 06:16:33] - |D| - [2702] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outils Microsoft Office 2016 [24/10/2016 06:16:33] - |A| - [2188] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk [08/10/2016 04:53:34] - |A| - [1454] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk [24/10/2016 06:16:33] - |A| - [2521] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk [08/12/2015 19:58:58] - |RD| - [5126] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools [24/10/2016 06:16:34] - |A| - [2444] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk [08/12/2015 20:09:23] - |RD| - [1160] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection [15/03/2017 20:02:55] - |D| - [2144] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [18/06/2018 23:59:52] - |D| - [11608] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 [18/06/2018 23:59:54] - |A| - [1467] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk [12/04/2018 01:38:20] - |RD| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp [12/04/2018 01:38:20] - |RD| - [1458] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools [19/06/2018 19:55:40] - |A| - [2361] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Version bêta de Google Chrome.lnk [09/10/2016 18:37:42] - |D| - [7230] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [06/06/2018 05:22:15] - |A| - [1519] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk [07/10/2016 20:17:12] - |A| - [2523] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker 2.6.lnk [07/10/2016 20:02:21] - |D| - [4333] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [24/10/2016 06:16:34] - |A| - [2504] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [12/04/2018 01:38:24] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | C:\Program Files (x86) [10/12/2017 00:05:12] - |D| - [93981891] - C:\Program Files (x86)\Apowersoft [17/06/2018 12:05:49] - |D| - [4057910] - C:\Program Files (x86)\Apple Software Update [08/12/2015 19:54:21] - |AD| - [111000915] - C:\Program Files (x86)\ATI Technologies [13/05/2017 19:01:38] - |D| - [412294595] - C:\Program Files (x86)\Canon [12/04/2018 01:38:20] - |D| - [373231514] - C:\Program Files (x86)\Common Files [08/12/2015 19:58:04] - |D| - [1007893557] - C:\Program Files (x86)\CyberLink [12/04/2018 01:38:24] - |ASH| - [174] - C:\Program Files (x86)\desktop.ini [08/12/2015 20:15:47] - |D| - [304321760] - C:\Program Files (x86)\Dropbox [08/12/2015 20:13:04] - |D| - [243409394] - C:\Program Files (x86)\Evernote [06/10/2016 15:09:22] - |D| - [672627254] - C:\Program Files (x86)\Google [02/12/2015 05:35:46] - |AD| - [147915983] - C:\Program Files (x86)\Hewlett-Packard [08/12/2015 20:07:18] - |AD| - [101900567] - C:\Program Files (x86)\HP [11/10/2016 10:34:52] - |D| - [451059] - C:\Program Files (x86)\HP Photo Creations [08/12/2015 19:40:52] - |HD| - [100149612] - C:\Program Files (x86)\InstallShield Installation Information [24/09/2017 04:57:24] - |D| - [35314656] - C:\Program Files (x86)\Intel [12/04/2018 01:38:20] - |D| - [2007031] - C:\Program Files (x86)\Internet Explorer [08/12/2015 20:24:15] - |AD| - [2701824187] - C:\Program Files (x86)\Microsoft Office [08/10/2016 04:52:32] - |AD| - [1829877] - C:\Program Files (x86)\Microsoft SQL Server Compact Edition [12/04/2018 01:38:20] - |D| - [8175999] - C:\Program Files (x86)\Microsoft.NET [07/10/2016 20:17:11] - |D| - [9336778] - C:\Program Files (x86)\Movie Maker 2.6 [05/06/2018 15:02:50] - |D| - [25757] - C:\Program Files (x86)\MSBuild [08/12/2015 19:58:58] - |D| - [16012283] - C:\Program Files (x86)\NSIS Uninstall Information [02/12/2015 05:36:44] - |RD| - [1559222] - C:\Program Files (x86)\Online Services [15/11/2016 08:24:29] - |D| - [8331623] - C:\Program Files (x86)\PhotoFiltre 7 [08/12/2015 19:45:38] - |D| - [21307020] - C:\Program Files (x86)\Realtek [05/06/2018 15:02:50] - |D| - [38454529] - C:\Program Files (x86)\Reference Assemblies [15/03/2017 20:02:53] - |RD| - [91917941] - C:\Program Files (x86)\Skype [19/10/2016 14:24:17] - |AD| - [354067539] - C:\Program Files (x86)\Spybot - Search & Destroy 2 [08/12/2015 19:45:35] - |HD| - [0] - C:\Program Files (x86)\Temp [21/10/2016 15:15:32] - |HD| - [0] - C:\Program Files (x86)\Uninstall Information [09/10/2016 18:37:22] - |D| - [181807774] - C:\Program Files (x86)\VideoLAN [08/12/2015 20:13:21] - |D| - [21673383] - C:\Program Files (x86)\WildTangent Games [12/04/2018 01:38:20] - |D| - [1780752] - C:\Program Files (x86)\Windows Defender [08/10/2016 04:51:55] - |AD| - [85195019] - C:\Program Files (x86)\Windows Live [12/04/2018 01:38:20] - |D| - [625664] - C:\Program Files (x86)\Windows Mail [12/04/2018 18:19:21] - |D| - [3254215] - C:\Program Files (x86)\Windows Media Player [12/04/2018 01:38:20] - |D| - [40328] - C:\Program Files (x86)\Windows Multimedia Platform [12/04/2018 01:38:20] - |D| - [7556440] - C:\Program Files (x86)\windows nt [12/04/2018 01:38:20] - |D| - [5370120] - C:\Program Files (x86)\Windows Photo Viewer [12/04/2018 01:38:20] - |D| - [40328] - C:\Program Files (x86)\Windows Portable Devices [12/04/2018 01:38:20] - |SHD| - [0] - C:\Program Files (x86)\Windows Sidebar [12/04/2018 01:38:20] - |D| - [3157459] - C:\Program Files (x86)\WindowsPowerShell [07/10/2016 20:02:07] - |AD| - [3165056] - C:\Program Files (x86)\WinRAR [25/07/2017 13:27:05] - |D| - [8179751] - C:\Program Files (x86)\Wondershare [25/10/2016 07:00:13] - |AD| - [0] - C:\Program Files (x86)\ZHPFix ---------- | C:\Program Files [30/10/2017 08:42:53] - |AD| - [5173720] - C:\Program Files\7-Zip [24/09/2017 04:57:10] - |D| - [35205602] - C:\Program Files\AMD [08/12/2015 20:09:17] - |D| - [1076163723] - C:\Program Files\AVAST Software [08/12/2015 19:56:16] - |D| - [46353877] - C:\Program Files\Broadcom [13/05/2017 19:01:30] - |D| - [139919303] - C:\Program Files\Canon [25/01/2018 16:38:38] - |D| - [37671888] - C:\Program Files\CCleaner [12/04/2018 01:38:20] - |D| - [305978616] - C:\Program Files\Common Files [08/12/2015 20:11:50] - |D| - [1438427059] - C:\Program Files\CyberLink [12/04/2018 01:38:23] - |ASH| - [174] - C:\Program Files\desktop.ini [06/10/2016 13:31:05] - |SHD| - [0] - C:\Program Files\Fichiers communs [02/12/2015 05:35:45] - |D| - [34456060] - C:\Program Files\Hewlett-Packard [08/12/2015 20:05:21] - |D| - [424309529] - C:\Program Files\HP [24/09/2017 04:56:39] - |D| - [79896312] - C:\Program Files\Intel [12/04/2018 01:38:20] - |D| - [2639362] - C:\Program Files\internet explorer [24/10/2016 05:49:59] - |D| - [9057632] - C:\Program Files\Microsoft Office 15 [05/06/2018 15:02:49] - |D| - [25757] - C:\Program Files\MSBuild [08/12/2015 20:07:59] - |RD| - [18071] - C:\Program Files\Online Services [24/09/2017 04:57:32] - |D| - [37444230] - C:\Program Files\Realtek [05/06/2018 15:02:49] - |D| - [36854953] - C:\Program Files\Reference Assemblies [24/09/2017 04:57:27] - |D| - [144492353] - C:\Program Files\Synaptics [24/09/2017 04:58:01] - |HD| - [0] - C:\Program Files\Uninstall Information [07/07/2017 23:40:33] - |AD| - [6422528] - C:\Program Files\UNP [12/04/2018 01:38:20] - |RD| - [19333067] - C:\Program Files\Windows Defender [12/04/2018 01:38:20] - |D| - [635392] - C:\Program Files\Windows Mail [12/04/2018 18:19:21] - |D| - [4783083] - C:\Program Files\Windows Media Player [12/04/2018 01:38:20] - |D| - [46576] - C:\Program Files\Windows Multimedia Platform [12/04/2018 01:38:20] - |D| - [7823192] - C:\Program Files\windows nt [12/04/2018 01:38:20] - |D| - [6170376] - C:\Program Files\Windows Photo Viewer [12/04/2018 01:38:20] - |D| - [46576] - C:\Program Files\Windows Portable Devices [12/04/2018 01:38:20] - |D| - [106165] - C:\Program Files\Windows Security [12/04/2018 01:38:20] - |SHD| - [0] - C:\Program Files\Windows Sidebar [12/04/2018 01:38:20] - |HD| - [2472936757] - C:\Program Files\WindowsApps [12/04/2018 01:38:20] - |D| - [3409847] - C:\Program Files\WindowsPowerShell [07/10/2016 20:12:26] - |D| - [6339195] - C:\Program Files\WinRAR ---------- | C:\Program Files (x86)\Common Files [17/06/2018 12:02:48] - |D| - [151887751] - C:\Program Files (x86)\Common Files\Apple [28/01/2017 03:35:27] - |D| - [1531] - C:\Program Files (x86)\Common Files\AV [13/05/2017 19:01:29] - |D| - [5294118] - C:\Program Files (x86)\Common Files\Canon_Inc_IC [18/06/2018 11:43:34] - |D| - [24240] - C:\Program Files (x86)\Common Files\DESIGNER [24/09/2017 04:56:28] - |D| - [68080603] - C:\Program Files (x86)\Common Files\Intel [08/12/2015 19:58:05] - |D| - [243736] - C:\Program Files (x86)\Common Files\Intel Corporation [12/04/2018 01:38:20] - |D| - [20486522] - C:\Program Files (x86)\Common Files\microsoft shared [08/12/2015 20:12:33] - |D| - [1488873] - C:\Program Files (x86)\Common Files\Nikon [12/04/2018 01:38:20] - |D| - [2702] - C:\Program Files (x86)\Common Files\Services [17/06/2018 11:10:31] - |D| - [2574280] - C:\Program Files (x86)\Common Files\Skype [12/04/2018 01:38:20] - |D| - [9551243] - C:\Program Files (x86)\Common Files\system [08/10/2016 04:50:29] - |D| - [113595915] - C:\Program Files (x86)\Common Files\Windows Live ---------- | C:\Program Files\Common files [17/06/2018 12:03:28] - |D| - [171504868] - C:\Program Files\Common files\Apple [23/10/2016 05:53:34] - |D| - [1840835] - C:\Program Files\Common files\AV [06/12/2017 17:37:15] - |D| - [2010312] - C:\Program Files\Common files\Avast Software [12/04/2018 01:38:20] - |D| - [120354928] - C:\Program Files\Common files\microsoft shared [12/04/2018 01:38:20] - |D| - [2702] - C:\Program Files\Common files\Services [12/04/2018 01:38:20] - |D| - [10264971] - C:\Program Files\Common files\system ---------- | Tasks [MD5.B34AF5483A475B25C10BF93BDD939C83] - [25/10/2016 18:07:44] - |A| - [1212] - C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job [MD5.1F2350B37F23F9597BAF239B4670B0C0] - [25/10/2016 18:07:45] - |A| - [1216] - C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job [MD5.A1B5AFB0A5A1E75BBBF9A3FBA18DF43E] - [16/11/2017 21:22:00] - |A| - [364] - C:\WINDOWS\Tasks\HPCeeScheduleForAnaïs.job [MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [06/06/2018 05:46:24] - |AH| - [6] - C:\WINDOWS\Tasks\SA.DAT [MD5.00000000000000000000000000000000] - [17/06/2018 12:05:54] - |D| - [3510] - C:\WINDOWS\System32\Tasks\Apple [MD5.F1B73D48DC7B05E5A47A23B0E8AA6B38] - [06/06/2018 05:46:23] - |A| - [4264] - C:\WINDOWS\System32\Tasks\Avast Emergency Update : C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [MD5.387519F0B419270EAB60BCD110F9FFAD] - [06/06/2018 05:46:23] - |A| - [2654] - C:\WINDOWS\System32\Tasks\Avast SecureLine : C:\Program Files\AVAST Software\SecureLine\SecureLine.exe [MD5.00000000000000000000000000000000] - [06/06/2018 05:46:23] - |D| - [6864] - C:\WINDOWS\System32\Tasks\AVAST Software [MD5.9217EB4504D253D0918744BE4CE095EF] - [06/06/2018 05:46:23] - |A| - [3132] - C:\WINDOWS\System32\Tasks\avast! SL Update : C:\Program Files\AVAST Software\SecureLine\SLUpdate.exe [MD5.9A7E77E7B4E9E1A4346803816D799DCB] - [06/06/2018 05:46:23] - |A| - [4210] - C:\WINDOWS\System32\Tasks\CCleaner Update : C:\Program Files\CCleaner\CCUpdate.exe [MD5.211F9312B529D978EB86A8E538F0CDE4] - [06/06/2018 05:46:23] - |A| - [2218] - C:\WINDOWS\System32\Tasks\CCleanerSkipUAC : "C:\Program Files\CCleaner\CCleaner.exe" [MD5.1E899CAC4724FCC26F49A69731AF5406] - [06/06/2018 05:46:23] - |A| - [2172] - C:\WINDOWS\System32\Tasks\DropboxOEM : "%ProgramFiles(x86)%\Dropbox\DropboxOEM\DropboxOEM.exe" [MD5.D2863747F1D5FF6146D7FADF26902369] - [06/06/2018 05:46:23] - |A| - [3506] - C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore : C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [MD5.21187BFAC59CFCD1BD2F8B05F205F216] - [06/06/2018 05:46:23] - |A| - [3730] - C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA : C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [MD5.6AB88555D6249CDFBD494EEA1FEBA9F4] - [19/06/2018 13:12:48] - |A| - [3464] - C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [MD5.8E683C07CC3D8DAF1BB44335DF2FF646] - [19/06/2018 13:12:49] - |A| - [3588] - C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [MD5.00000000000000000000000000000000] - [06/06/2018 05:46:23] - |D| - [35852] - C:\WINDOWS\System32\Tasks\Hewlett-Packard [MD5.0345B8EBDE2070481C048D5A89662F4F] - [06/06/2018 05:46:23] - |A| - [3050] - C:\WINDOWS\System32\Tasks\HP AR Program Upload - 1ad74647107942a6ba3ecb2482d7cf9f47f971b04f474a92bdc0b4edf95827b7 : C:\Program Files\HP\HP Officejet 4630 series\bin\HPRewards.exe [MD5.2BC254D2209B3E19AEB6A84866DA576B] - [06/06/2018 05:46:23] - |A| - [3050] - C:\WINDOWS\System32\Tasks\HP AR Program Upload - 4292118b0f684235b1a6165ff3e2545d52196a6e63574b73bb40f400377a3437 : C:\Program Files\HP\HP Officejet 4630 series\bin\HPRewards.exe [MD5.9F5CF02C436B61D2BC4B0F203D02F4D3] - [06/06/2018 05:46:23] - |A| - [3050] - C:\WINDOWS\System32\Tasks\HP AR Program Upload - 9c5d31c22e214926b267f9d404af62627c30844fc6b548ad91b550d03d01da19 : C:\Program Files\HP\HP Officejet 4630 series\bin\HPRewards.exe [MD5.8608C4FE47DA55D03AC971018B3482AA] - [06/06/2018 05:46:23] - |A| - [3050] - C:\WINDOWS\System32\Tasks\HP AR Program Upload - a9417186da5646bf814c5c0b8063fec1990917da76b448e6877145c353b79e41 : C:\Program Files\HP\HP Officejet 4630 series\bin\HPRewards.exe [MD5.6EC85478CF57BDE20D5F342A17737DF4] - [06/06/2018 05:46:23] - |A| - [3256] - C:\WINDOWS\System32\Tasks\HPCeeScheduleForAnaïs : C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [MD5.A2F3EC5D46F24E0B97B8E4B1FCB8998E] - [06/06/2018 05:46:23] - |A| - [2714] - C:\WINDOWS\System32\Tasks\HPCustParticipation HP Officejet 4630 series : "C:\Program Files\HP\HP Officejet 4630 series\Bin\HPCustPartic.exe" [MD5.00000000000000000000000000000000] - [12/04/2018 01:38:21] - |D| - [592398] - C:\WINDOWS\System32\Tasks\Microsoft [MD5.ED296BDB093E8B2FA6BFE92715B03EF4] - [06/06/2018 05:46:23] - |A| - [2856] - C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-496730697-2844734673-1435591839-1001 : %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe [MD5.00000000000000000000000000000000] - [06/06/2018 05:46:23] - |D| - [12602] - C:\WINDOWS\System32\Tasks\Safer-Networking [MD5.5FA411125EF3286E8B87E2B45F69FCDC] - [06/06/2018 05:46:23] - |A| - [4176] - C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{F802EBD8-B661-4C98-BDA5-8933F7832C36} : C:\WINDOWS\system32\msfeedssync.exe [MD5.00000000000000000000000000000000] - [12/04/2018 01:38:21] - |D| - [0] - C:\WINDOWS\Syswow64\Tasks\Microsoft ---------- | Firewall [HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules] "WiFiDirect-KM-Driver-In-TCP"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=System|Name=@wlansvc.dll,-37378|Desc=@wlansvc.dll,-37890|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "WiFiDirect-KM-Driver-Out-TCP"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=System|Name=@wlansvc.dll,-37379|Desc=@wlansvc.dll,-37891|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "WiFiDirect-KM-Driver-In-UDP"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=System|Name=@wlansvc.dll,-37380|Desc=@wlansvc.dll,-37892|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "WiFiDirect-KM-Driver-Out-UDP"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=System|Name=@wlansvc.dll,-37381|Desc=@wlansvc.dll,-37893|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "DeliveryOptimization-TCP-In"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-102|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE| "DeliveryOptimization-UDP-In"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-103|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE| "Netlogon-NamedPipe-In"=v2.28|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|Name=@netlogon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010| "Netlogon-TCP-RPC-In"=v2.28|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%SystemRoot%\System32\lsass.exe|Name=@netlogon.dll,-1008|Desc=@netlogon.dll,-1009|EmbedCtxt=@netlogon.dll,-1010| "WirelessDisplay-In-TCP"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10200|Desc=@wifidisplay.dll,-10201|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Out-TCP"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10202|Desc=@wifidisplay.dll,-10203|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Out-UDP"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10204|Desc=@wifidisplay.dll,-10205|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Infra-In-TCP"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7250|App=%systemroot%\system32\CastSrv.exe|Name=@wifidisplay.dll,-10206|Desc=@wifidisplay.dll,-10207|EmbedCtxt=@wifidisplay.dll,-100| "{8B0CB3B8-492D-4857-9C93-DEBD1EC2C874}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\CCleaner\CCUpdate.exe|Name=CCleaner Update| "{E8A299B3-30A2-4D0A-A3F3-39C76C85C386}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\CCleaner\CCUpdate.exe|Name=CCleaner Update| "{30F58BE8-A10F-4D4C-8FAA-35733FD1112D}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Anaïs\AppData\Local\Temp\7zS2A46\HPDiagnosticCoreUI.exe|Name=HPSAPS| "{E008718D-8503-40B0-BA31-BCF78D363D33}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Anaïs\AppData\Local\Temp\7zS2A46\HPDiagnosticCoreUI.exe|Name=HPSAPS| "{07CC4393-F886-46C9-96D3-75F0768367BA}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=5357|Name=Port TCP WS-Eventing 5357| "{26655C48-9909-4867-AAE2-8DB71F9DF546}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Name=Xbox|Desc=Xbox|LUOwn=S-1-5-21-496730697-2844734673-1435591839-1001|AppPkgId=S-1-15-2-4153522205-3718366397-1353898457-1332184198-1210887116-3116787857-2103916698|EmbedCtxt=Xbox|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{3278FE39-862A-482A-8472-E3419A31A39A}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Name=Xbox|Desc=Xbox|LUOwn=S-1-5-21-496730697-2844734673-1435591839-1001|AppPkgId=S-1-15-2-4153522205-3718366397-1353898457-1332184198-1210887116-3116787857-2103916698|EmbedCtxt=Xbox|Platform=2:6:2|Platform2=GTEQ| "{394FED42-CE4E-4B52-A513-BAB449175185}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Anaïs\AppData\Local\Temp\7zS45D2\HPDiagnosticCoreUI.exe|Name=HPSAPS| "{DCBB0A62-394E-4B41-9385-7399D67391C9}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Anaïs\AppData\Local\Temp\7zS45D2\HPDiagnosticCoreUI.exe|Name=HPSAPS| "{BA798A96-AB54-41A2-A1B3-0A9540C68D9E}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Name=HP Smart|Desc=HP Smart|LUOwn=S-1-5-21-496730697-2844734673-1435591839-1001|AppPkgId=S-1-15-2-744533573-2444454674-265863901-3215465728-4115286053-1341080355-789689510|EmbedCtxt=HP Smart|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{B7CE0D51-30A4-49C9-96FE-D972F9787D87}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Name=HP Smart|Desc=HP Smart|LUOwn=S-1-5-21-496730697-2844734673-1435591839-1001|AppPkgId=S-1-15-2-744533573-2444454674-265863901-3215465728-4115286053-1341080355-789689510|EmbedCtxt=HP Smart|Platform=2:6:2|Platform2=GTEQ| "{569CAEDA-5E34-4AA2-9295-A91CEFE2D0C5}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Anaïs\AppData\Local\Temp\7zS522E\HPDiagnosticCoreUI.exe|Name=HPSAPS| "{929A3108-0EDF-4958-A54F-8F0A4F7E1317}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Anaïs\AppData\Local\Temp\7zS522E\HPDiagnosticCoreUI.exe|Name=HPSAPS| "{97665533-79B8-499C-B91B-A853E71CC41A}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Anaïs\AppData\Local\Temp\7zS4F21\HPDiagnosticCoreUI.exe|Name=HPSAPS| "{C199E2E8-94A0-438E-8AA3-4674725FA4A1}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Anaïs\AppData\Local\Temp\7zS4F21\HPDiagnosticCoreUI.exe|Name=HPSAPS| "{4D34ED05-22CB-42EC-BD60-1DB0387D6D71}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Name=3D Builder|Desc=3D Builder|LUOwn=S-1-5-21-496730697-2844734673-1435591839-1001|AppPkgId=S-1-15-2-3995430443-3719053022-3339397951-2895237338-2437516106-1575886070-2755610054|EmbedCtxt=3D Builder|Platform=2:6:2|Platform2=GTEQ| "{FB20BC8B-5EEE-4849-ADA3-2D893381005E}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Microsoft Sticky Notes|Desc=Microsoft Sticky Notes|LUOwn=S-1-5-21-496730697-2844734673-1435591839-1001|AppPkgId=S-1-15-2-3539788797-2700867667-1432428195-1581642-2885308443-3834444517-2495346167|EmbedCtxt=Microsoft Sticky Notes|Platform=2:6:2|Platform2=GTEQ| "{36B43412-F314-4A92-95D6-17B7F931394E}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Name=Microsoft Sticky Notes|Desc=Microsoft Sticky Notes|LUOwn=S-1-5-21-496730697-2844734673-1435591839-1001|AppPkgId=S-1-15-2-3539788797-2700867667-1432428195-1581642-2885308443-3834444517-2495346167|EmbedCtxt=Microsoft Sticky Notes|Platform=2:6:2|Platform2=GTEQ| "{B3A4C857-D3D4-40F3-8498-4B39D990DEFF}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Print 3D|Desc=Print 3D|LUOwn=S-1-5-21-496730697-2844734673-1435591839-1001|AppPkgId=S-1-15-2-4177018473-2823706547-3652141868-2730301309-560159678-43221128-488844051|EmbedCtxt=Print 3D|Platform=2:6:2|Platform2=GTEQ| "{160BB340-C017-4725-9EE7-2D7C05E83985}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Name=Print 3D|Desc=Print 3D|LUOwn=S-1-5-21-496730697-2844734673-1435591839-1001|AppPkgId=S-1-15-2-4177018473-2823706547-3652141868-2730301309-560159678-43221128-488844051|EmbedCtxt=Print 3D|Platform=2:6:2|Platform2=GTEQ| "{C90F685B-CCC9-45FC-9996-3B0D25FCA8D0}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-18|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2:6:2|Platform2=GTEQ| "{67A56E1A-3D39-455B-87F9-E30114C950D9}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Anaïs\AppData\Local\Temp\7zS252D\HPDiagnosticCoreUI.exe|Name=HPSAPS| "{3116E4DA-63AE-48C3-8C75-366D7E02C2A0}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Anaïs\AppData\Local\Temp\7zS252D\HPDiagnosticCoreUI.exe|Name=HPSAPS| "{A9A97B5F-1AA6-49E1-8828-95E3D90890F0}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Anaïs\AppData\Local\Temp\7zS237C\HPDiagnosticCoreUI.exe|Name=HPSAPS| "{6FCD2F3D-8490-430F-81B4-A0E4CEA6F3CC}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Anaïs\AppData\Local\Temp\7zS237C\HPDiagnosticCoreUI.exe|Name=HPSAPS| "{B7A2332A-CAE6-4323-AAE3-3B202356E80C}"=v2.26|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files (x86)\wondershare\mobilego\mobilegoservice.exe|Name=MobileGoService|Desc=MobileGoService| "{12BD9CAB-2414-4863-8E07-5AAA8BE40A26}"=v2.26|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files (x86)\wondershare\mobilego\mobilegoservice.exe|Name=MobileGoService|Desc=MobileGoService| "UDP Query User{96FA2D0F-5A32-4A0C-A3F7-39762B0DC1EE}C:\program files (x86)\wondershare\mobilego\mobilegoservice.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files (x86)\wondershare\mobilego\mobilegoservice.exe|Name=MobileGoService|Desc=MobileGoService|Defer=User| "TCP Query User{35C56D6E-AD54-49F4-A550-5958AD85BB49}C:\program files (x86)\wondershare\mobilego\mobilegoservice.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files (x86)\wondershare\mobilego\mobilegoservice.exe|Name=MobileGoService|Desc=MobileGoService|Defer=User| "{F42F8697-AF2B-43DD-A73F-1EC969E5010B}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Anaïs\AppData\Local\Temp\7zS001D\HPDiagnosticCoreUI.exe|Name=HPSAPS| "{B0721750-CD1F-469E-B8FB-DE3E268513B4}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Anaïs\AppData\Local\Temp\7zS001D\HPDiagnosticCoreUI.exe|Name=HPSAPS| "{A3F2B5D6-95BE-4277-B7DD-166ED1107BE1}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Anaïs\AppData\Local\Temp\7zS198D\HPDiagnosticCoreUI.exe|Name=HPSAPS| "{5313BEC2-B9F9-4EA1-A27D-62C80F52A5CD}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Anaïs\AppData\Local\Temp\7zS198D\HPDiagnosticCoreUI.exe|Name=HPSAPS| "{AB890AF7-B340-44DE-955D-FA8EB75FDA39}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Users\Anaïs\AppData\Local\Temp\7zS1840\HPDiagnosticCoreUI.exe|Name=HPSAPS| "{50ADFF2F-03A8-41CA-82DC-8CCADB30D3F9}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Users\Anaïs\AppData\Local\Temp\7zS1840\HPDiagnosticCoreUI.exe|Name=HPSAPS| "{771C0937-99CD-47BA-BB57-5BE796339A26}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=C:\Program Files (x86)\Canon\EOS Utility\EOSUPNPSV.exe|Name=Canon EOS UPNP Detector| "{D1B829ED-988C-424E-A8C0-E77C831756BF}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=C:\Program Files (x86)\Canon\EOS Utility\EOSUPNPSV.exe|Name=Canon EOS UPNP Detector| "{FD2A998A-47F1-4342-84EA-CF1B61F963DA}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Name=HP LOUNGE|Desc=HP Lounge|LUOwn=S-1-5-21-496730697-2844734673-1435591839-1001|AppPkgId=S-1-15-2-285658676-2969362761-3479356617-995572392-3740418970-106352598-405418177|EmbedCtxt=HP LOUNGE|Platform=2:6:2|Platform2=GTEQ| "{D68EBD2F-D243-43A9-B729-C5978A939BE3}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Anaïs\AppData\Local\Temp\7zS11BE\HPDiagnosticCoreUI.exe|Name=HPSAPS| "{8A47CA11-B532-49C3-A084-C434343BE223}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Anaïs\AppData\Local\Temp\7zS11BE\HPDiagnosticCoreUI.exe|Name=HPSAPS| "UDP Query User{2416B2C0-88FF-49DE-B0D9-558E6FA3F495}C:\users\anaïs\appdata\local\temp\7zs1124\enterprisedu.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\anaïs\appdata\local\temp\7zs1124\enterprisedu.exe|Name=enterprisedu.exe|Desc=enterprisedu.exe|Defer=User| "TCP Query User{F68FB75C-5706-491A-B97C-961161BAA3A3}C:\users\anaïs\appdata\local\temp\7zs1124\enterprisedu.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\anaïs\appdata\local\temp\7zs1124\enterprisedu.exe|Name=enterprisedu.exe|Desc=enterprisedu.exe|Defer=User| "{326978BD-0DD1-42C9-8560-C60C0E27802B}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Anaïs\AppData\Local\Temp\7zS42FC\HPDiagnosticCoreUI.exe|Name=HPSAPS| "{8134BF0E-744D-4647-9C90-E2DF061AF06C}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Anaïs\AppData\Local\Temp\7zS42FC\HPDiagnosticCoreUI.exe|Name=HPSAPS| "{1BA9BD61-8B60-4346-B0E6-84D457E9CB3A}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Anaïs\AppData\Local\Temp\7zS245B\HPDiagnosticCoreUI.exe|Name=HPSAPS| "{2B665682-3D1C-4BFA-8E9E-BDF10E1E7034}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Anaïs\AppData\Local\Temp\7zS245B\HPDiagnosticCoreUI.exe|Name=HPSAPS| "{69A97E35-B995-4D98-92C3-EFA6CC5ADE03}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Anaïs\AppData\Local\Temp\7zS2117\HPDiagnosticCoreUI.exe|Name=HPSAPS| "{671362EC-5B24-4DF2-8C34-A5C2578A939B}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Anaïs\AppData\Local\Temp\7zS2117\HPDiagnosticCoreUI.exe|Name=HPSAPS| "{CB6925E0-A6A1-4779-A75A-0B603F211C86}"=v2.26|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe|Name=CyberLink PowerDVD 14.0|Desc=CyberLink PowerDVD 14.0| "{09F31C93-4B73-4F0B-A31A-5EDDD2BFB1FA}"=v2.26|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe|Name=CyberLink PowerDVD14 Movie Module|Desc=CyberLink PowerDVD14 Movie Module| "{ECD55C5C-2C0C-4CB9-AF77-8D71A7DC3548}"=v2.26|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe|Name=CyberLink PowerDVD14 Agent|Desc=CyberLink PowerDVD14 Agent| "{79B964A5-FDC1-4720-A027-E3CEA06E1DB3}"=v2.26|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe|Name=CyberLink PowerDVD 14 Media Server Service|Desc=CyberLink Media Server| "{48F54BAE-2C7C-48C5-A0AB-AB220C66B914}"=v2.26|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe|Name=CyberLink PowerDVD14|Desc=CyberLink PowerDVD14| "UDP Query User{E0D27F81-9C2C-4CC9-88A4-7CB1C96EDDB0}C:\program files (x86)\hewlett-packard\hp support framework\resources\hppsdr\hpdiagnosticcoreui.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files (x86)\hewlett-packard\hp support framework\resources\hppsdr\hpdiagnosticcoreui.exe|Name=HP Print and Scan Doctor 4.9|Desc=HP Print and Scan Doctor 4.9|Defer=User| "TCP Query User{ECE26CDB-89DF-4D59-9D7B-B95E95797780}C:\program files (x86)\hewlett-packard\hp support framework\resources\hppsdr\hpdiagnosticcoreui.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files (x86)\hewlett-packard\hp support framework\resources\hppsdr\hpdiagnosticcoreui.exe|Name=HP Print and Scan Doctor 4.9|Desc=HP Print and Scan Doctor 4.9|Defer=User| "{3027E571-A8C0-4EAE-B8E2-8958F98DD78E}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe|Name=HPSAPS| "{8F2BA881-0F74-466C-AD65-EBEB356B5698}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe|Name=HPSAPS| "{610D7CAD-76C2-41BE-810E-BC5B2B1557EF}"=v2.24|Action=Allow|Active=TRUE|Dir=Out|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-21-496730697-2844734673-1435591839-500|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2:6:2|Platform2=GTEQ| "{F9DD4D85-9A62-46E6-8C35-AF603ED0AFC6}"=v2.24|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe|Name=Windows Live Communications Platform|Edge=TRUE| "{44D72B88-4ADE-4F46-995F-72548B585E87}"=v2.24|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|Name=Windows Live Communications Platform (UPnP)| "{6C51DA5F-A384-45C7-8728-0AE276457806}"=v2.24|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|Name=Windows Live Communications Platform (SSDP)| "{C7F53430-19E2-4A69-8228-B4547A6817DE}"=v2.24|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Users\Anaïs\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (TCP-In) (Anaïs)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE| "{601CDCCE-662A-4757-A9E5-DCEEEDBD5A52}"=v2.24|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=C:\Users\Anaïs\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (TCP-Out) (Anaïs)|Desc=Allow µTorrent network traffic| "{486E34F7-F9C7-40BA-8238-2F1CD81F3A08}"=v2.24|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Users\Anaïs\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (UDP-In) (Anaïs)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE| "{CD30CD86-EE4E-4CC8-84D2-48C4CC25AA7D}"=v2.24|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Users\Anaïs\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (Anaïs)| "{47F69F3D-8D22-44DD-9CF9-D8693D1DDAF8}"=v2.24|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Users\Anaïs\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (Anaïs)| "{FAE03230-EECF-4AF2-A529-1F2FF137FF10}"=v2.24|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=C:\Users\Anaïs\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (UDP-Out) (Anaïs)|Desc=Allow µTorrent network traffic| "{F8DD5DFD-4BD4-4A2B-8B44-D74392AE95A7}"=v2.27|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\Anaïs\AppData\Local\Apowersoft\Online Video Converter\Online Video Converter.exe|Name=Online Video Converter| "{D8A245E9-BBB4-4992-AD90-8F0C891BD7BF}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\Anaïs\AppData\Local\Apowersoft\Online Video Converter\Online Video Converter.exe|Name=Online Video Converter| "{F76D00FC-CB3D-4A75-94AF-614B7702B318}"=v2.27|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Apowersoft\Video Converter Studio\Video Converter Studio.exe|Name=Video Converter Studio| "{DE83EEF9-C27C-4AAC-8FD7-462A8932FBC1}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\Apowersoft\Video Converter Studio\Video Converter Studio.exe|Name=Video Converter Studio| "{22A9F103-E8A0-4A6A-8A44-291FCF9CE5DB}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-18|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2:6:2|Platform2=GTEQ| "{26E8E29B-452F-46B7-AB6C-7469744CBCCE}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Pay|Desc=Microsoft Pay|LUOwn=S-1-5-21-496730697-2844734673-1435591839-1001|AppPkgId=S-1-15-2-567501097-281763132-502764112-1855211022-3143306454-2372101908-561929011|EmbedCtxt=Microsoft Pay|Platform=2:6:2|Platform2=GTEQ| "{C6AE3711-96D7-48EB-B1DF-A85662714BD8}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Win32WebViewHost|Desc=Win32WebViewHost|LUOwn=S-1-5-21-496730697-2844734673-1435591839-1001|AppPkgId=S-1-15-2-1310292540-1029022339-4008023048-2190398717-53961996-4257829345-603366646|EmbedCtxt=Win32WebViewHost|Platform=2:6:2|Platform2=GTEQ| "{3FC78FA2-1FA0-4C7E-BDC1-D27401E65FEE}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Win32WebViewHost|Desc=Win32WebViewHost|LUOwn=S-1-5-21-496730697-2844734673-1435591839-1001|AppPkgId=S-1-15-2-1310292540-1029022339-4008023048-2190398717-53961996-4257829345-603366646|EmbedCtxt=Win32WebViewHost|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{A694F26B-D7D0-4A3B-B7F4-A06B204C26C3}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Shell Input Application|Desc=Shell Input Application|LUOwn=S-1-5-21-496730697-2844734673-1435591839-1001|AppPkgId=S-1-15-2-3945102849-3632965805-3846928828-240845225-3300287824-62672950-817265009|EmbedCtxt=Shell Input Application|Platform=2:6:2|Platform2=GTEQ| "{6F7FC35C-1A80-42A4-B121-D52B8EB3E107}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox gaming overlay|Desc=Xbox gaming overlay|LUOwn=S-1-5-21-496730697-2844734673-1435591839-1001|AppPkgId=S-1-15-2-1714399563-1326177402-2048222277-143663168-2151391019-765408921-4098702777|EmbedCtxt=Xbox gaming overlay|Platform=2:6:2|Platform2=GTEQ| "{72166DBC-08CC-4A98-9061-E5EF33796719}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox Game bar|Desc=Xbox Game bar|LUOwn=S-1-5-21-496730697-2844734673-1435591839-1001|AppPkgId=S-1-15-2-1823635404-1364722122-2170562666-1762391777-2399050872-3465541734-3732476201|EmbedCtxt=Xbox Game bar|Platform=2:6:2|Platform2=GTEQ| "{E8EB6452-2294-4126-AAEE-9888ADDA8C28}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-496730697-2844734673-1435591839-1001|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ| "{05D3B653-8FE7-4903-AF90-ED5B0103B6A2}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-496730697-2844734673-1435591839-1001|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ| "{6A71DE0F-B0B1-4B41-A44B-8A568AF90AE4}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe|Name=Apple Push Service|Edge=TRUE| "{AAC8FDC0-34F1-492A-AB32-DF44049C0210}"=v2.28|Action=Block|Active=TRUE|Dir=Out|RA4=59.36.96.132|RA4=61.129.75.124|RA4=64.28.184.5|RA4=64.124.222.176|RA4=65.19.154.90|RA4=65.75.151.192|RA4=66.117.14.138|RA4=66.230.138.44|RA4=66.230.175.129|RA4=66.250.74.150|RA4=69.31.131.82|RA4=69.50.171.122|RA4=81.95.146.147|RA4=82.98.235.61|RA4=85.249.22.240|RA4=85.255.117.157|RA4=85.255.117.243|RA4=193.125.201.50|RA4=205.209.152.121|RA4=206.161.124.98|RA4=206.161.207.102|RA4=207.226.162.34|RA4=207.226.164.171|RA4=207.226.164.195|RA4=208.64.26.150|RA4=209.66.122.203|RA4=213.21.215.186|RA4=213.131.225.2|RA4=216.65.3.68|RA4=216.152.240.10|RA4=216.152.240.13|RA4=216.152.240.14|RA4=216.195.44.106|RA4=216.255.179.234|RA4=221.130.176.199|RA4=222.208.183.14|Name=Spybot IP Immunization|Desc=Prevents access to malware computers by IP address for the following list of produts. Cimuz CN.wAQdN188 CoolWWWSearch Elitum.EliteBar Goldun KillSec MasterConnector PremiumSearch Smitfraud-C. SpywareQuake SubSearch VirtuMonde Win32.Small.ddx WMF Exploit Zlob.DNSChanger Zlob.PornMagPass |EmbedCtxt=Spybot 3| "{913F3CE1-F11A-4FA8-95CB-E9A8EB1A37CC}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Dropbox\Client\Dropbox.exe|Name=Dropbox| "{C161E5C2-B6D3-4496-B92F-4A10793B1263}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe|Name=Version bêta de Google Chrome (mDNS-In)|Desc=Règle de trafic entrant pour la version bêta de Google Chrome autorisant le trafic mDNS.|EmbedCtxt=Version bêta de Google Chrome| [HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\standardprofile\authorizedapplications\list] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"=C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe"=C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe"=C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe"=C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service ---------- | Control\Class [HKLM\SYSTEM\CurrentControlSet\Control\Class\{05f5cfe2-4733-4950-a6bb-07aad01a3a84}] : (XboxComposite) [] -> @dc1-controller.inf,%ClassName%;Xbox Peripherals [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1264760F-A5C8-4BFE-B314-D56A7B44A362}] : (DXGKrnl) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{13e42dfa-85d9-424d-8646-28a70f864f9c}] : (RemotePosDevice) [] -> @remoteposdrv.inf,%ClassName%;POS Remote Device [HKLM\SYSTEM\CurrentControlSet\Control\Class\{14b62f50-3f15-11dd-ae16-0800200c9a66}] : (DigitalMediaDevices) [] -> @digitalmediadevice.inf,%ClassName%;Digital Media Devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}] : (PrintQueue) [] -> @printqueue.inf,%ClassName%;Print queues [HKLM\SYSTEM\CurrentControlSet\Control\Class\{25dbce51-6c8f-4a72-8a6d-b54c2b4fc835}] : (WCEUSBS) [] -> @%SystemRoot%\System32\SysClass.Dll,-3026 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{268c95a1-edfe-11d3-95c3-0010dc4050a5}] : (SecurityAccelerator) [] -> @c_sslaccel.inf,%ClassName%;Security accelerators [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2a9fe532-0cdc-44f9-9827-76192f2ca2fb}] : (HidMsr) [] -> @c_magneticstripereader.inf,%ClassName%;POS HID Magnetic Stripe Reader [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2db15374-706e-4131-a0c7-d7c78eb0289a}] : (SystemRecovery) [] -> @c_fssystemrecovery.inf,%ClassDesc%;FS System recovery filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B648}] : (fvevol) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B649}] : (fvevol) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{36fc9e60-c465-11cf-8056-444553540000}] : (USB) [] -> @%SystemRoot%\System32\SysClass.Dll,-3025 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3e3f0674-c83c-4558-bb26-9820e1eba5c5}] : (ContentScreener) [] -> @c_fscontentscreener.inf,%ClassDesc%;FS Content screener filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3f966bd9-fa04-4ec5-991c-d326973b5128}] : (AndroidUsbDeviceClass) [] -> @oem24.inf,%ClassName%;SAMSUNG Android Phone [HKLM\SYSTEM\CurrentControlSet\Control\Class\{43675d81-502a-4a82-9f84-b75f418c5dea}] : (Media Center Extender) [] -> @c_mcx.inf,%ClassDesc%;Media Center Extenders [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4658ee7e-f050-11d1-b6bd-00c04fa372a7}] : (PnpPrinters) [] -> @%SystemRoot%\system32\ntprint.dll,-1300 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{48721b56-6795-11d2-b1a8-0080c72e74a2}] : (Dot4) [] -> @%SystemRoot%\system32\sysclass.dll,-3023 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{48d3ebc4-4cf8-48ff-b869-9c68ad42eb9f}] : (Replication) [] -> @c_fsreplication.inf,%ClassDesc%;FS Replication filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{49ce6ac8-6f86-11d2-b1e5-0080c72e74a2}] : (Dot4Print) [] -> @%SystemRoot%\system32\sysclass.dll,-3024 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e965-e325-11ce-bfc1-08002be10318}] : (CDROM) [] -> @%SystemRoot%\System32\StorProp.dll,-17001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e966-e325-11ce-bfc1-08002be10318}] : (Computer) [] -> @%SystemRoot%\System32\SysClass.dll,-3000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}] : (DiskDrive) [] -> @c_diskdrive.inf,%ClassDesc%;Disk drives [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}] : (Display) [] -> @c_display.inf,%ClassDesc%;Display adapters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e969-e325-11ce-bfc1-08002be10318}] : (FDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3013 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96a-e325-11ce-bfc1-08002be10318}] : (HDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96b-e325-11ce-bfc1-08002be10318}] : (Keyboard) [] -> @%SystemRoot%\System32\SysClass.Dll,-3002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96c-e325-11ce-bfc1-08002be10318}] : (MEDIA) [] -> @%SystemRoot%\System32\mmci.dll,-3000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}] : (Modem) [] -> @%SystemRoot%\System32\mdminst.dll,-14100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96e-e325-11ce-bfc1-08002be10318}] : (Monitor) [] -> @c_monitor.inf,%ClassDesc%;Monitors [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96f-e325-11ce-bfc1-08002be10318}] : (Mouse) [] -> @%SystemRoot%\System32\SysClass.Dll,-3004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e970-e325-11ce-bfc1-08002be10318}] : (MTD) [] -> @%SystemRoot%\System32\SysClass.Dll,-3021 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e971-e325-11ce-bfc1-08002be10318}] : (MultiFunction) [] -> @%SystemRoot%\System32\SysClass.Dll,-3014 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}] : (Net) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1502 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e973-e325-11ce-bfc1-08002be10318}] : (NetClient) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1504 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e974-e325-11ce-bfc1-08002be10318}] : (NetService) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1505 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e975-e325-11ce-bfc1-08002be10318}] : (NetTrans) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1503 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e977-e325-11ce-bfc1-08002be10318}] : (PCMCIA) [] -> @%SystemRoot%\System32\SysClass.Dll,-3010 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e978-e325-11ce-bfc1-08002be10318}] : (Ports) [] -> @%SystemRoot%\System32\msports.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e979-e325-11ce-bfc1-08002be10318}] : (Printer) [] -> @%SystemRoot%\system32\ntprint.dll,-1004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97b-e325-11ce-bfc1-08002be10318}] : (SCSIAdapter) [] -> @%SystemRoot%\System32\SysClass.Dll,-3005 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97d-e325-11ce-bfc1-08002be10318}] : (System) [] -> @%SystemRoot%\System32\SysClass.Dll,-3008 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97e-e325-11ce-bfc1-08002be10318}] : (Unknown) [] -> @%SystemRoot%\System32\SysClass.Dll,-3009 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e980-e325-11ce-bfc1-08002be10318}] : (FloppyDisk) [] -> @%SystemRoot%\System32\SysClass.Dll,-3015 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4fc9541c-0fe6-4480-a4f6-9495a0d17cd2}] : (HidLineDisplay) [] -> @c_linedisplay.inf,%ClassName%;POS Line Display [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50127dc3-0f36-415e-a6cc-4cb3be910b65}] : (Processor) [] -> @c_processor.inf,%ClassDesc%;Processors [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50906cb8-ba12-11d1-bf5d-0000f805f530}] : (MultiPortSerial) [] -> @%SystemRoot%\system32\sysclass.dll,-3022 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5099944a-f6b9-4057-a056-8c550228544c}] : (Memory) [] -> @%SystemRoot%\System32\SysClass.Dll,-3018 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50dd5230-ba8a-11d1-bf5d-0000f805f530}] : (SmartCardReader) [] -> @%SystemRoot%\System32\StorProp.dll,-17002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5175d334-c371-4806-b3ba-71fd53c9258d}] : (Sensor) [] -> @%SystemRoot%\system32\SensorsCpl.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{533c5b84-ec70-11d2-9505-00c04f79deaf}] : (VolumeSnapshot) [] -> @%SystemRoot%\System32\SysClass.Dll,-3011 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53487c23-680f-4585-acc3-1f10d6777e82}] : (SmrDisk) [] -> @c_smrdisk.inf,%ClassDesc%;Shingled magnetic recording disks [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53966cb1-4d46-4166-bf23-c522403cd495}] : (ScmDisk) [] -> @c_scmdisk.inf,%ClassDesc%;Persistent memory disks [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53b3cf03-8f5a-4788-91b6-d19ed9fcccbf}] : (SmrVolume) [] -> @c_smrvolume.inf,%ClassDesc%;Shingled magnetic recording volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53ccb149-e543-4c84-b6e0-bce4f6b7e806}] : (ScmVolume) [] -> @c_scmvolume.inf,%ClassDesc%;Storage Class Memory volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53d29ef7-377c-4d14-864b-eb3a85769359}] : (Biometric) [] -> @%SystemRoot%\System32\SysClass.DLL,-3028 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5630831c-06c9-4856-b327-f5d32586e060}] : (Proximity) [] -> @c_proximity.inf,%ClassDesc%;Proximity devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5989fce8-9cd0-467d-8a6a-5419e31529d4}] : (AudioProcessingObject) [] -> @c_apo.inf,%ClassDesc%;Audio Processing Objects (APOs) [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5aea001d-9372-4ed7-97f3-b79bf15a53c5}] : (OposLegacyDevice) [] -> @oposdrv.inf,%ClassName%;OPOS Legacy Device [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5c4c3332-344d-483c-8739-259e934c9cc8}] : (SoftwareComponent) [] -> @c_swcomponent.inf,%ClassDesc%;Software components [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5d1b9aaa-01e2-46af-849f-272b3f324c46}] : (FSFilterSystem) [] -> @c_fssystem.inf,%ClassDesc%;FS System filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{62f9c741-b25a-46ce-b54c-9bccce08b6f2}] : (SoftwareDevice) [] -> @c_swdevice.inf,%ClassDesc%;Software devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{645ad99b-1344-4316-837a-08a3e73db222}] : (PerceptionSimulation) [] -> @PerceptionSimulationSixDof.inf,%ClassName%;Perception Simulation Controllers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6a0a8e78-bba6-4fc4-a709-1e33cd09d67e}] : (PhysicalQuotaManagement) [] -> @c_fsphysicalquotamgmt.inf,%ClassDesc%;FS Physical quota management filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc1-810f-11d0-bec7-08002be2092f}] : (1394) [] -> @%SystemRoot%\System32\SysClass.Dll,-3016 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc5-810f-11d0-bec7-08002be2092f}] : (Infrared) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1501 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc6-810f-11d0-bec7-08002be2092f}] : (Image) [] -> @%SystemRoot%\system32\sti_ci.dll,-52 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6d807884-7d21-11cf-801c-08002be10318}] : (TapeDrive) [] -> @%SystemRoot%\System32\SysClass.Dll,-3006 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6FAE73B7-B735-4B50-A0DA-0DC2484B1F1A}] : (BasicDisplay) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{71a27cdd-812a-11d0-bec7-08002be2092f}] : (Volume) [] -> @c_volume.inf,%ClassDesc%;Storage volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{71aa14f8-6fad-4622-ad77-92bb9d7e6947}] : (ContinuousBackup) [] -> @c_fscontinuousbackup.inf,%ClassDesc%;FS Continuous backup filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{72631e54-78a4-11d0-bcf7-00aa00b7b32a}] : (Battery) [] -> @%SystemRoot%\system32\powrprof.dll,-611 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{745a17a0-74d3-11d0-b6fe-00a0c90f57da}] : (HIDClass) [] -> @%SystemRoot%\System32\hid.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{772e18f2-8925-4229-a5ac-6453cb482fda}] : (HidCashDrawer) [] -> @c_cashdrawer.inf,%ClassName%;POS Cash Drawer [HKLM\SYSTEM\CurrentControlSet\Control\Class\{7ebefbc0-3200-11d2-b4c2-00a0c9697d07}] : (61883) [] -> @%SystemRoot%\System32\SysClass.Dll,-3019 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{81C87465-DE07-4EFC-9D93-61E891D52FD2}] : (RdpVideoMiniport) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8503c911-a6c7-4919-8f79-5028f5866b0c}] : (QuotaManagement) [] -> @c_fsquotamgmt.inf,%ClassDesc%;FS Quota management filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{87ef9ad1-8f70-49ee-b215-ab1fcadcbe3c}] : (NetDriver) [] -> @c_netdriver.inf,%ClassDesc%;Universal Network Drivers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{88a1c342-4539-11d3-b88d-00c04fad5171}] : (TS_Generic) [] -> @ts_generic.inf,%TSClassName%;Generic Remote Desktop devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{88bae032-5a81-49f0-bc3d-a4ff138216d6}] : (USBDevice) [] -> @%SystemRoot%\System32\SysClass.Dll,-3029 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{89786ff1-9c12-402f-9c9e-17753c7f4375}] : (CopyProtection) [] -> @c_fscopyprotection.inf,%ClassDesc%;FS Copy protection filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8ecc055d-047f-11d1-a537-0000f8753ed1}] : (LegacyDriver) [] -> @%SystemRoot%\System32\SysClass.Dll,-3003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{990a2bd7-e738-46c7-b26f-1cf8fb9f1391}] : (SmartCard) [] -> @%SystemRoot%\System32\SysClass.DLL,-3031 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{9da2b80f-f89f-4a49-a5c2-511b085b9e8a}] : (EhStorSilo) [] -> @rawsilo.inf,%ClassName%;IEEE 1667 silo and control devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a588a4-c46f-4b37-b7ea-c82fe89870c6}] : (SDHost) [] -> @%SystemRoot%\System32\SysClass.Dll,-3012 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a701c0-a511-42ff-aa6c-06dc0395576f}] : (Encryption) [] -> @c_fsencryption.inf,%ClassDesc%;FS Encryption filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{A3E32DBA-BA89-4F17-8386-2D0127FBD4CC}] : (rdpbus) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b1d1a169-c54f-4379-81db-bee7d88d7454}] : (AntiVirus) [] -> @c_fsantivirus.inf,%ClassDesc%;FS Anti-virus filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b2728d24-ac56-42db-9e02-8edaf5db652f}] : (RDCamera) [] -> @rdcameradriver.inf,%ClassName%;Remote Desktop Camera devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b86dff51-a31e-4bac-b3cf-e8cfe75c9fc2}] : (ActivityMonitor) [] -> @c_fsactivitymonitor.inf,%ClassDesc%;FS Activity monitor filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{bbbe8734-08fa-4966-b6a6-4e5ad010cdd7}] : (USBFunctionController) [] -> @%SystemRoot%\System32\SysClass.Dll,-3030 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c06ff265-ae09-48f0-812c-16753d7cba83}] : (AVC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3027 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c166523c-fe0c-4a94-a586-f1a80cfbbf3e}] : (AudioEndpoint) [] -> @audioendpoint.inf,%ClassName%;Audio inputs and outputs [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c243ffbd-3afc-45e9-b3d3-2ba18bc7ebc5}] : (BarcodeScanner) [] -> @c_barcodescanner.inf,%ClassName%;POS Barcode Scanner [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c3077fcd-9c3c-482f-9317-460712f23efd}] : (DPTF) [] -> @oem49.inf,%ClassName%;Intel(R) Dynamic Platform and Thermal Framework [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c30ecea0-11ef-4ef9-b02e-6af81e6e65c0}] : (WSDPrintDevice) [] -> @wsdprint.inf,%ClassName%;WSD Print Provider [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c7bc9b22-21f0-4f0d-9bb6-66c229b8cd33}] : (POSPrinter) [] -> @c_receiptprinter.inf,%ClassName%;POS Receipt Printer [HKLM\SYSTEM\CurrentControlSet\Control\Class\{ca3e7ab9-b4c3-4ae6-8251-579ef933890f}] : (Camera) [] -> @c_camera.inf,%ClassDesc%;Cameras [HKLM\SYSTEM\CurrentControlSet\Control\Class\{cdcf0939-b75b-4630-bf76-80f7ba655884}] : (CFSMetadataServer) [] -> @c_fscfsmetadataserver.inf,%ClassDesc%;FS CFS metadata server filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{ce5939ae-ebde-11d0-b181-0000f8753ec4}] : (MediumChanger) [] -> @%SystemRoot%\System32\StorProp.dll,-17003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d02bc3da-0c8e-4945-9bd5-f1883c226c8c}] : (SecurityEnhancer) [] -> @c_fssecurityenhancer.inf,%ClassDesc%;FS Security enhancer filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d421b08e-6d16-41ca-9c4d-9147e5ac98e0}] : (Miracast) [] -> @miradisp.inf,%ClassName%;Miracast display devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d48179be-ec20-11d1-b6b8-00c04fa372a7}] : (SBP2) [] -> @%SystemRoot%\System32\SysClass.Dll,-3017 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d546500a-2aeb-45f6-9482-f4b1799c3177}] : (HSM) [] -> @c_fshsm.inf,%ClassDesc%;FS HSM filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d612553d-06b1-49ca-8938-e39ef80eb16f}] : (Holographic) [] -> @c_holographic.inf,%ClassName%;Mixed Reality devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d61ca365-5af4-4486-998b-9db4734c6ca3}] : (XnaComposite) [] -> @xusb22.inf,%XUSB22.ClassName%;Xbox 360 Peripherals [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d94ee5d8-d189-4994-83d2-f68d7d41b0e6}] : (SecurityDevices) [] -> @%SystemRoot%\System32\SysClass.Dll,-3020 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{db4f6ddd-9c0e-45e4-9597-78dbbad0f412}] : (SmartCardFilter) [] -> @%SystemRoot%\System32\SysClass.DLL,-3032 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{E004269C-D387-4461-B955-25A64CFE23CE}] : (amdkmdag) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e0cbf06c-cd8b-4647-bb8a-263b43f0f974}] : (Bluetooth) [] -> @%SystemRoot%\system32\bthci.dll,-4001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e2f84ce7-8efa-411c-aa69-97454ca4cb57}] : (Extension) [] -> @c_extension.inf,%ClassDesc%;Extensions [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e55fa6f9-128c-4d04-abab-630c74b1453a}] : (Infrastructure) [] -> @c_fsinfrastructure.inf,%ClassDesc%;FS Infrastructure filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e6f1aa1c-7f3b-4473-b2e8-c97d8ac71d53}] : (UCM) [] -> @c_ucm.inf,%ClassDesc%;USB Connector Managers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{eec5ad98-8080-425f-922a-dabf3de3f69a}] : (WPD) [] -> @%SystemRoot%\System32\wpd_ci.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f2e7dd72-6468-4e36-b6f1-6488f42c1b52}] : (Firmware) [] -> @c_firmware.inf,%ClassDesc%;Firmware [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f3586baf-b5aa-49b5-8d6c-0569284c639f}] : (Compression) [] -> @c_fscompression.inf,%ClassDesc%;FS Compression filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f72fe0d4-cbcb-407d-8814-9ed673d0dd6b}] : (USB) [] -> @oem51.inf,%ClassName%;ADB Interface [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f75a86c0-10d8-4c3a-b233-ed60e4cdfaac}] : (Virtualization) [] -> @c_fsvirtualization.inf,%ClassDesc%;FS Virtualization filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f8ecafa6-66d1-41a5-899b-66585d7216b7}] : (OpenFileBackup) [] -> @c_fsopenfilebackup.inf,%ClassDesc%;FS Open file backup filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{fe8f1572-c67a-48c0-bbac-0b5c6d66cafb}] : (Undelete) [] -> @c_fsundelete.inf,%ClassDesc%;FS Undelete filters [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5] -> elstrans.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) ---------- | Loaded modules (whitelist) [18/12/2017 15:00:58] - (7.0.1.1) - (HP - HP Disk Filter - SATA/RAID) - C:\WINDOWS\System32\drivers\hpdskflt.sys [18/08/2017 02:23:52] - (19.3.31.31) - (Synaptics Incorporated - Synaptics Touchpad Win64 Driver) - C:\WINDOWS\system32\DRIVERS\SynTP.sys [24/09/2017 04:58:03] - (19.3.31.31) - (Synaptics Incorporated - Synaptics SMBus Driver) - C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [18/12/2017 15:00:56] - (7.0.1.1) - (HP - HP Accelerometer) - C:\WINDOWS\System32\drivers\Accelerometer.sys [02/02/2018 13:01:50] - (2.1.3.1) - (HP - HP Wireless Button Driver) - C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [08/12/2015 19:58:59] - (1.1.0.8031) - (CyberLink Corporation - CyberLink WebCam Virtual Driver) - C:\WINDOWS\system32\DRIVERS\clwvd6.sys [10/12/2017 00:05:23] - (4.1.0.2980) - (Riverbed Technology, Inc. - npf.sys (NT5/6 AMD64) Kernel Driver) - C:\WINDOWS\system32\drivers\npf.sys ---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service S0 - [Kernel Driver] - 3ware () -> System32\drivers\3ware.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - ACPI (@acpi.inf,%ACPI.SvcDesc%;Microsoft ACPI Driver) -> System32\drivers\ACPI.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - acpiex (Microsoft ACPIEx Driver) -> System32\Drivers\acpiex.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - ADP80XX () -> System32\drivers\ADP80XX.SYS - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdsata () -> System32\drivers\amdsata.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdsbs () -> System32\drivers\amdsbs.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdxata () -> System32\drivers\amdxata.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - arcsas (@arcsas.inf,%arcsas_ServiceName%;Adaptec SAS/SATA-II RAID Storport's Miniport Driver) -> System32\drivers\arcsas.sys - AcceptPause: False - AcceptStop: False R0 - [File System Driver] - aswbidsh (aswbidsh) -> system32\drivers\aswbidsha.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - aswblog (aswblog) -> system32\drivers\aswbloga.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - aswbuniv (aswbuniv) -> system32\drivers\aswbuniva.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - aswRvrt (aswRvrt) -> system32\drivers\aswRvrt.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - aswVmm (aswVmm) -> system32\drivers\aswVmm.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - atapi (@mshdc.inf,%idechannel.DeviceDesc%;IDE Channel) -> System32\drivers\atapi.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - b06bdrv (@netbvbda.inf,%vbd_srv_desc%;QLogic Network Adapter VBD) -> System32\drivers\bxvbda.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - bttflt (@virtdisk.inf,%service_desc%;Microsoft Hyper-V VHDPMEM BTT Filter) -> System32\drivers\bttflt.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - cht4iscsi () -> System32\drivers\cht4sx64.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - CLFS (@%SystemRoot%\system32\drivers\clfs.sys,-100) -> System32\drivers\CLFS.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - CNG () -> System32\Drivers\cng.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - Disk (@disk.inf,%disk_ServiceDesc%;Disk Driver) -> System32\drivers\disk.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - ebdrv (@netevbda.inf,%vbd_srv_desc%;QLogic 10 Gigabit Ethernet Adapter VBD) -> System32\drivers\evbda.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - EhStorClass (@%SystemRoot%\system32\drivers\EhStorClass.sys,-100) -> System32\drivers\EhStorClass.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - EhStorTcgDrv (@ehstortcgdrv.inf,%EhStorTcgDrv.Desc%;Microsoft driver for storage devices supporting IEEE 1667 and TCG protocols) -> System32\drivers\EhStorTcgDrv.sys - AcceptPause: False - AcceptStop: False R0 - [File System Driver] - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) -> System32\drivers\fileinfo.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) -> system32\drivers\fltmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) -> System32\DRIVERS\fvevol.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - hpdskflt (@oem4.inf,%service_desc%;HP Filter) -> System32\drivers\hpdskflt.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - HpSAMD () -> System32\drivers\HpSAMD.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) -> System32\drivers\hwpolicy.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - iaStorA () -> System32\drivers\iaStorA.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - iaStorAVC (@iastorav.inf,%iaStorAVC.DeviceDesc%;Intel Chipset SATA RAID Controller) -> System32\drivers\iaStorAVC.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - iaStorV (@iastorv.inf,%*PNP0600.DeviceDesc%;Intel RAID Controller Windows 7) -> System32\drivers\iaStorV.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - IntelHSWPcc () -> System32\drivers\IntelPcc.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - intelide () -> System32\drivers\intelide.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - intelpep (@intelpep.inf,%INTELPEP.SVCDESC%;Intel(R) Power Engine Plug-in Driver) -> System32\drivers\intelpep.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - iorate (@%SystemRoot%\system32\drivers\iorate.sys,-101) -> system32\drivers\iorate.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - isapnp () -> System32\drivers\isapnp.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - ItSas35i () -> System32\drivers\ItSas35i.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - KSecDD () -> System32\Drivers\ksecdd.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - KSecPkg () -> System32\Drivers\ksecpkg.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - LSI_SAS () -> System32\drivers\lsi_sas.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SAS2i () -> System32\drivers\lsi_sas2i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SAS3i () -> System32\drivers\lsi_sas3i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SSS () -> System32\drivers\lsi_sss.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasas () -> System32\drivers\megasas.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasas2i () -> System32\drivers\MegaSas2i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasas35i () -> System32\drivers\megasas35i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasr () -> System32\drivers\megasr.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) -> System32\drivers\mountmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - msisadrv () -> System32\drivers\msisadrv.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - Mup (@%systemroot%\system32\drivers\mup.sys,-101) -> System32\Drivers\mup.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - mvumis () -> System32\drivers\mvumis.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) -> system32\drivers\ndis.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - nvraid () -> System32\drivers\nvraid.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - nvstor () -> System32\drivers\nvstor.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) -> System32\drivers\partmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - pci (@pci.inf,%pci_svcdesc%;Pilote de bus PCI) -> System32\drivers\pci.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - pciide () -> System32\drivers\pciide.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - pcmcia () -> System32\drivers\pcmcia.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - pcw (Performance Counters for Windows Driver) -> System32\drivers\pcw.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - pdc (@%SystemRoot%\system32\drivers\pdc.sys,-100) -> system32\drivers\pdc.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - percsas2i () -> System32\drivers\percsas2i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - percsas3i () -> System32\drivers\percsas3i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - Ramdisk (Windows RAM Disk Driver) -> system32\DRIVERS\ramdisk.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - rdyboost (ReadyBoost) -> System32\drivers\rdyboost.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - sbp2port (@sbp2.inf,%sbp2_ServiceDesc%;SBP-2 Transport/Protocol Bus Driver) -> System32\drivers\sbp2port.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - scmbus (@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver) -> System32\drivers\scmbus.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - SgrmAgent (@%SystemRoot%\System32\Drivers\SgrmAgent.sys,-1001) -> system32\drivers\SgrmAgent.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - SiSRaid2 () -> System32\drivers\SiSRaid2.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - SiSRaid4 () -> System32\drivers\sisraid4.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - spaceport (@spaceport.inf,%Spaceport_ServiceDesc%;Storage Spaces Driver) -> System32\drivers\spaceport.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - stexstor () -> System32\drivers\stexstor.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storahci (@mshdc.inf,%storahci_ServiceDescription%;Microsoft Standard SATA AHCI Driver) -> System32\drivers\storahci.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storflt (@wstorflt.inf,%service_desc%;Microsoft Hyper-V Storage Accelerator) -> System32\drivers\vmstorfl.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - stornvme (@stornvme.inf,%StorNVMe_ServiceDesc%;Microsoft Standard NVM Express Driver) -> System32\drivers\stornvme.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storufs (@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver) -> System32\drivers\storufs.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storvsc () -> System32\drivers\storvsc.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - Tcpip (@%SystemRoot%\system32\drivers\tcpip.sys,-10001) -> System32\drivers\tcpip.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - vdrvroot (@vdrvroot.inf,%vdrvroot_svcdesc%;Microsoft Virtual Drive Enumerator) -> System32\drivers\vdrvroot.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - vmbus (@wvmbus.inf,%vmbus.SVCDESC%;Virtual Machine Bus) -> System32\drivers\vmbus.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - volmgr (@volmgr.inf,%volmgr_svcdesc%;Volume Manager Driver) -> System32\drivers\volmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) -> System32\drivers\volmgrx.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volsnap (@%SystemRoot%\system32\drivers\volsnap.sys,-100) -> System32\drivers\volsnap.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volume (@volume.inf,%VolumeServiceDesc%;Volume driver) -> System32\drivers\volume.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - vsmraid () -> System32\drivers\vsmraid.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - VSTXRAID (@vstxraid.inf,%Driver.DeviceDesc%;VIA StorX Storage RAID Controller Windows Driver) -> System32\drivers\vstxraid.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) -> system32\drivers\Wdf01000.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WFPLWFS (@%SystemRoot%\System32\drivers\wfplwfs.sys,-6000) -> System32\drivers\wfplwfs.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WindowsTrustedRT (Windows Trusted Execution Environment Class Extension) -> system32\drivers\WindowsTrustedRT.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WindowsTrustedRTProxy (@WindowsTrustedRTProxy.inf,%WindowsTrustedRTProxy.SVCDESC%;Microsoft Windows Trusted Runtime Secure Service) -> System32\drivers\WindowsTrustedRTProxy.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - Wof (Windows Overlay File System Filter Driver) -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) -> \SystemRoot\system32\drivers\afd.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - afunix (afunix) -> \SystemRoot\system32\drivers\afunix.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - ahcache (@%systemroot%\system32\drivers\ahcache.sys,-102) -> system32\DRIVERS\ahcache.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - aswArPot (aswArPot) -> system32\drivers\aswArPot.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - aswbidsdriver (aswbidsdriver) -> system32\drivers\aswbidsdrivera.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - aswHdsKe (aswHdsKe) -> system32\drivers\aswHdsKe.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - aswRdr (aswRdr) -> system32\drivers\aswRdr2.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - aswSnx (aswSnx) -> system32\drivers\aswSnx.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - aswSP (aswSP) -> system32\drivers\aswSP.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - bam (@%SystemRoot%\system32\drivers\bam.sys,-100) -> system32\drivers\bam.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - BasicDisplay () -> \SystemRoot\System32\drivers\BasicDisplay.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - BasicRender () -> \SystemRoot\System32\drivers\BasicRender.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Beep (Beep) -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - cdrom (@cdrom.inf,%cdrom_ServiceDesc%;CD-ROM Driver) -> \SystemRoot\System32\drivers\cdrom.sys - AcceptPause: False - AcceptStop: True S1 - [Kernel Driver] - dam (@%SystemRoot%\system32\drivers\dam.sys,-100) -> system32\drivers\dam.sys - AcceptPause: False - AcceptStop: False R1 - [File System Driver] - Dfsc (@%systemroot%\system32\wkssvc.dll,-1008) -> System32\Drivers\dfsc.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - DXGKrnl (LDDM Graphics Subsystem) -> \SystemRoot\System32\drivers\dxgkrnl.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - FileCrypt (@%systemroot%\system32\drivers\filecrypt.sys,-100) -> system32\drivers\filecrypt.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - GpuEnergyDrv (@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100) -> System32\drivers\gpuenergydrv.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - Msfs () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - mssmbios (@mssmbios.inf,%mssmbios_svcdesc%;Microsoft System Management BIOS Driver) -> \SystemRoot\System32\drivers\mssmbios.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - NetBIOS (@%windir%\system32\drivers\netbios.sys,-503) -> system32\drivers\netbios.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - NetBT (@%SystemRoot%\system32\drivers\netbt.sys,-2) -> System32\DRIVERS\netbt.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - Npfs () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - npsvctrig (@npsvctrig.inf,%NPSVCTRIG.SvcDisplayName%;Named pipe service trigger provider) -> \SystemRoot\System32\drivers\npsvctrig.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) -> system32\drivers\nsiproxy.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Null () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Psched (@%windir%\System32\drivers\pacer.sys,-101) -> System32\drivers\pacer.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) -> system32\DRIVERS\rdbss.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) -> \SystemRoot\system32\DRIVERS\tdx.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - vwififlt (@%SystemRoot%\System32\drivers\vwififlt.sys,-259) -> System32\drivers\vwififlt.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - aswMonFlt (aswMonFlt) -> system32\drivers\aswMonFlt.sys - AcceptPause: False - AcceptStop: True S2 - [Kernel Driver] - aswStm (aswStm) -> system32\drivers\aswStm.sys - AcceptPause: False - AcceptStop: False R2 - [File System Driver] - CldFlt (Windows Cloud Files Filter Driver) -> system32\drivers\cldflt.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - lltdio (@%SystemRoot%\system32\lltdres.dll,-6) -> system32\drivers\lltdio.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) -> \SystemRoot\system32\drivers\luafv.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - MMCSS (@%systemroot%\system32\drivers\mmcss.sys,-100) -> \SystemRoot\system32\drivers\mmcss.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - MsLldp (@%SystemRoot%\system32\drivers\mslldp.sys,-200) -> system32\drivers\mslldp.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - Ndu (@%SystemRoot%\system32\drivers\Ndu.sys,-10001) -> system32\drivers\Ndu.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - npf (NetGroup Packet Filter Driver) -> \??\C:\WINDOWS\system32\drivers\npf.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - PEAUTH (PEAUTH) -> system32\drivers\peauth.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - rspndr (@%SystemRoot%\system32\lltdres.dll,-5) -> system32\drivers\rspndr.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - srv (@%systemroot%\system32\srvsvc.dll,-102) -> System32\DRIVERS\srv.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - storqosflt (@%SystemRoot%\System32\drivers\storqosflt.sys,-101) -> system32\drivers\storqosflt.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - tcpipreg (TCP/IP Registry Compatibility) -> System32\drivers\tcpipreg.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - wanarp (@%systemroot%\system32\mprmsg.dll,-32011) -> System32\DRIVERS\wanarp.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - wcifs (@%systemroot%\system32\drivers\wcifs.sys,-100) -> \SystemRoot\system32\drivers\wcifs.sys - AcceptPause: False - AcceptStop: True ---------- | System files (Microsoft|Avast|Atheros|Adaptec|Brother|Intel Files whitelisted) ---------- | Uninstall (Whitelist) [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Broadcom Wireless Utility] : (.-.) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{0A1B4690-E176-4533-8058-939480AEE1D0}] : (Broadcom Bluetooth Drivers.-.Broadcom Corporation) -> MsiExec.exe /X{0A1B4690-E176-4533-8058-939480AEE1D0} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{23170F69-40C1-2702-1805-000001000000}] : (7-Zip 18.05 (x64 edition).-.Igor Pavlov) -> MsiExec.exe /I{23170F69-40C1-2702-1805-000001000000} ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{303C5CD6-2525-49C5-9E49-DBD92F9F63BD}] : (Intel(R) Rapid Storage Technology.-.Intel Corporation) -> MsiExec.exe /I{303C5CD6-2525-49C5-9E49-DBD92F9F63BD} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{3AAC8F9A-340C-4783-AC57-324C14CAFDB7}] : (Étude pour l'amélioration du produit HP Officejet 4630 series.-.Hewlett-Packard Co.) -> MsiExec.exe /I{3AAC8F9A-340C-4783-AC57-324C14CAFDB7} ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{3BC36736-66B5-4C48-AF0A-C41C335ABCB0}] : (HP ePrint Windows Driver.-.HP) -> MsiExec.exe /I{3BC36736-66B5-4C48-AF0A-C41C335ABCB0} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}] : (Energy Star.-.Hewlett-Packard Company) -> MsiExec.exe /I{465CA2B6-98AF-4E77-BE22-A908C34BB9EC} ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{55398EAC-F58E-4F19-B553-BDF8B9EFD839}] : (Intel(R) Chipset Device Software.-.Intel Corporation) -> MsiExec.exe /I{55398EAC-F58E-4F19-B553-BDF8B9EFD839} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{64695C4A-C68F-46B5-A734-50EBF124A68E}] : (Apple Mobile Device Support.-.Apple Inc.) -> MsiExec.exe /I{64695C4A-C68F-46B5-A734-50EBF124A68E} ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}] : (DisableMSDefender.-.Hewlett-Packard Company) -> MsiExec.exe /I{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2} ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{7D84E343-A23D-451C-B123-0195B2D903A6}] : (Intel® Trusted Connect Service Client.-.Intel Corporation) -> MsiExec.exe /I{7D84E343-A23D-451C-B123-0195B2D903A6} ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{94BC10B9-159A-44E8-BEA1-34BF765FEA58}] : (Intel(R) ME UninstallLegacy.-.Intel Corporation) -> MsiExec.exe /I{94BC10B9-159A-44E8-BEA1-34BF765FEA58} ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{A5536A08-5A7F-4330-8947-0372B500A3BD}] : (Intel(R) Management Engine Components.-.Intel Corporation) -> MsiExec.exe /I{A5536A08-5A7F-4330-8947-0372B500A3BD} ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{C6C06C9F-B452-4C7A-AB83-F5931AB9B372}] : (Intel(R) Management Engine Components.-.Intel Corporation) -> MsiExec.exe /I{C6C06C9F-B452-4C7A-AB83-F5931AB9B372} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{C8087B7C-8496-45BE-92FB-91D31EB73969}] : (Apple Application Support (64 bits).-.Apple Inc.) -> MsiExec.exe /I{C8087B7C-8496-45BE-92FB-91D31EB73969} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{D1E8F2D7-7794-4245-B286-87ED86C1893C}] : (HP Registration Service.-.Hewlett-Packard) -> MsiExec.exe /X{D1E8F2D7-7794-4245-B286-87ED86C1893C} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{D54EFEF9-E95A-3745-612D-DDE05CAB7627}] : (AMD Catalyst Install Manager.-.Advanced Micro Devices, Inc.) -> msiexec /q/x{D54EFEF9-E95A-3745-612D-DDE05CAB7627} REBOOT=ReallySuppress [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{F117E4F6-F88D-44E6-AC71-8CF825DA742A}] : (Logiciel de base du périphérique HP Officejet 4630 series.-.Hewlett-Packard Co.) -> MsiExec.exe /I{F117E4F6-F88D-44E6-AC71-8CF825DA742A} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield Uninstall Information] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{099218A5-A723-43DC-8DB5-6173656A1E94}] : (Dropbox Update Helper.-.Dropbox, Inc.) -> MsiExec.exe /I{099218A5-A723-43DC-8DB5-6173656A1E94} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{0BF39653-BCBC-6F5D-7A02-CD65794CBD90}] : (CCC Help Turkish.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{0DCDE88F-BCAB-88D9-F617-B02551CC9A43}] : (CCC Help Swedish.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{128B16D9-361C-E3C4-5FC7-52FE1A2931F0}] : (CCC Help Greek.-.Advanced Micro Devices, Inc.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1504CF6F-8139-497F-86FC-46174B67CF7F}] : (HP CoolSense.-.Hewlett-Packard Company) -> MsiExec.exe /I{1504CF6F-8139-497F-86FC-46174B67CF7F} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1A13FE59-6F7E-44DC-9AA7-2D7B9E08C2D4}] : (HP System Event Utility.-.Hewlett-Packard Company) -> MsiExec.exe /I{1A13FE59-6F7E-44DC-9AA7-2D7B9E08C2D4} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1E020AEF-B9B6-2370-6D9C-0C4D52C1D40A}] : (CCC Help Italian.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{22F0FBB7-D73F-34E3-AEBB-762CDFDA80AA}] : (AMD Catalyst Control Center.-.Nom de votre société) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{266C3504-AEEB-62B5-BA41-98B83DE3043D}] : (CCC Help Korean.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{2A889025-8E66-C570-09F8-CABF7FDA44EB}] : (CCC Help Danish.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{3301BC3E-10F5-ED62-8DEC-7D56CFD20EAD}] : (CCC Help Chinese Standard.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{3414200D-699F-510D-A5DA-7D8E19469F5F}] : (Catalyst Control Center - Branding.-.Advanced Micro Devices, Inc.) -> MsiExec.exe /I{3414200D-699F-510D-A5DA-7D8E19469F5F} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{3B3ADEA8-CBC4-3E91-A55F-15714F5EE914}] : (CCC Help Hungarian.-.Advanced Micro Devices, Inc.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}] : (Skype™ 7.41.-.Skype Technologies S.A.) -> MsiExec.exe /X{3B7E914A-93D5-4A29-92BB-AF8C3F66C431} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{3BE931D3-A971-49FA-828E-DEA8859D1DB2}] : (CCC Help German.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{3DAFE5FC-450E-3DC8-FCF6-B4D6020FB7A3}] : (Catalyst Control Center Graphics Previews Common.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{43DE4E5C-D931-5011-C475-E938A266D75D}] : (Catalyst Control Center Localization All.-.Advanced Micro Devices, Inc.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{446AA6E0-104D-40FB-A18A-A3431AED2F14}] : (HP Support Solutions Framework.-.HP Inc.) -> MsiExec.exe /X{446AA6E0-104D-40FB-A18A-A3431AED2F14} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{49BBBAFD-CB20-8434-A476-CEED63464BCE}] : (CCC Help Norwegian.-.Advanced Micro Devices, Inc.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{597A58EC-42D6-4940-8739-FB94491B013C}] : (Dropbox 25 GB.-.Dropbox, Inc.) -> MsiExec.exe /I{597A58EC-42D6-4940-8739-FB94491B013C} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{598A79C8-597B-6C13-1EA2-AA4780F690BA}] : (CCC Help Dutch.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}] : (Google Update Helper.-.Google Inc.) -> MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{612C34C7-5E90-47D8-9B5C-0F717DD82726}] : (swMSM.-.Adobe Systems, Inc) -> MsiExec.exe /I{612C34C7-5E90-47D8-9B5C-0F717DD82726} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{64BAA990-F1FC-4145-A7B1-E41FBBC9DA47}] : (HP Recovery Manager.-.Hewlett-Packard) -> MsiExec.exe /I{64BAA990-F1FC-4145-A7B1-E41FBBC9DA47} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{6799E46F-0923-0893-9ABF-59D739BFBADE}] : (CCC Help Portuguese.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{76189063-1DF7-1AAE-B3D8-1424B4766837}] : (CCC Help French.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{7892CC8D-FC6C-C7BF-F07F-8712166B2D5C}] : (CCC Help Czech.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{81C5A4C8-278F-D2AE-B085-85BF44B6675F}] : (CCC Help Russian.-.Advanced Micro Devices, Inc.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{86433BBF-C29D-3A08-8910-98EFF6C4A15C}] : (Google Chrome.-.Google, Inc.) -> MsiExec.exe /X{86433BBF-C29D-3A08-8910-98EFF6C4A15C} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}] : (HP Update.-.Hewlett-Packard) -> MsiExec.exe /X{912D30CF-F39E-4B31-AD9A-123C6B794EE2} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A229420E-204B-11E5-B844-0050569584E9}] : (Evernote v. 5.8.13.-.Evernote Corp.) -> MsiExec.exe /X{A229420E-204B-11E5-B844-0050569584E9} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A30EA700-5515-48F0-88B0-9E99DC356B88}] : (Apple Software Update.-.Apple Inc.) -> MsiExec.exe /I{A30EA700-5515-48F0-88B0-9E99DC356B88} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A7ABA9E4-ACC2-3EAC-C8B6-9AB79456D014}] : (CCC Help Finnish.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A9111534-1134-C118-00D5-68645B738D00}] : (CCC Help Polish.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AAE9578D-573F-6807-3AA5-07AEEF9A32C9}] : (CCC Help Spanish.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AFDB3205-6F75-1EBA-9F4F-537105BC3DF4}] : (CCC Help English.-.Advanced Micro Devices, Inc.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1] : (Spybot - Search & Destroy.-.Safer-Networking Ltd.) -> "C:\Program Files (x86)\Spybot - Search & Destroy 2\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{B4B7FD8F-06FC-E277-4F29-8F75F8281D8F}] : (OEM Application Profile.-.Nom de votre société) -> MsiExec.exe /X{B4B7FD8F-06FC-E277-4F29-8F75F8281D8F} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{C56BA005-F02C-461B-ACA5-A0CE3E32578F}] : (Apple Application Support (32 bits).-.Apple Inc.) -> MsiExec.exe /I{C56BA005-F02C-461B-ACA5-A0CE3E32578F} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{C9EF1AAF-B542-41C8-A537-1142DA5D4AEC}] : (HP Customer Experience Enhancements.-.Hewlett-Packard) -> MsiExec.exe /X{C9EF1AAF-B542-41C8-A537-1142DA5D4AEC} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{CA3FCE8E-7C5E-FB74-30FC-F52D79BA6848}] : (CCC Help Japanese.-.Advanced Micro Devices, Inc.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}] : (I.R.I.S. OCR.-.HP) -> MsiExec.exe /I{CA6BCA2F-EDEB-408F-850B-31404BE16A61} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{DFF4D5A6-BA35-123E-987D-20C747B51045}] : (PX Profile Update.-.AMD) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{ED0692F7-850B-4D42-A447-FB8411139C31}] : (HP Officejet 4630 series Aide.-.Hewlett Packard) -> MsiExec.exe /I{ED0692F7-850B-4D42-A447-FB8411139C31} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F471DD40-5507-C584-F89D-DC3F78E0E555}] : (CCC Help Chinese Traditional.-.Advanced Micro Devices, Inc.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{f761359c-9ced-45ae-9a51-9d6605cd55c4}] : (.-.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F8B93EDC-B9EB-4F5A-F687-810125F9EC30}] : (CCC Help Thai.-.Advanced Micro Devices, Inc.) -> ---------- | Ports ---------- | Installer [HKCR\Installer\Products\00006109C80000000000000000F01FEC] : Office 16 Click-to-Run Extensibility Component [HKCR\Installer\Products\00006109C800C0400000000000F01FEC] : Office 16 Click-to-Run Localization Component [HKCR\Installer\Products\00006109DD0000000100000000F01FEC] : Office 16 Click-to-Run Extensibility Component 64-bit Registration [HKCR\Installer\Products\00006109F80000000100000000F01FEC] : Office 16 Click-to-Run Licensing Component [HKCR\Installer\Products\003E8C234BDB8934292C9E7B8D2A33BD] : [HKCR\Installer\Products\007AE03A51550F84880BE999CD53B688] : Apple Software Update -> C:\WINDOWS\Installer\{A30EA700-5515-48F0-88B0-9E99DC356B88}\Installer.ico [HKCR\Installer\Products\04DD174F7055485C8FD9CDF3870E5E55] : CCC Help Chinese Traditional -> c:\windows\Installer\{F471DD40-5507-C584-F89D-DC3F78E0E555}\ARPPRODUCTICON.exe [HKCR\Installer\Products\0964B1A0671E33540885394908EA1E0D] : Broadcom Bluetooth Drivers -> c:\windows\Installer\{0A1B4690-E176-4533-8058-939480AEE1D0}\ARPPRODUCTICON.exe [HKCR\Installer\Products\099AAB46CF1F54147A1B4EF1BB9CAD74] : HP Recovery Manager -> c:\windows\Installer\{64BAA990-F1FC-4145-A7B1-E41FBBC9DA47}\_853F67D554F05449430E7E.exe [HKCR\Installer\Products\0A93EF4767BFDC7448AB192EBB1BE72F] : DisableMSDefender [HKCR\Installer\Products\0E6AA644D401BF041AA83A34A1DEF241] : HP Support Solutions Framework -> C:\windows\Installer\{446AA6E0-104D-40FB-A18A-A3431AED2F14}\icon.ico [HKCR\Installer\Products\343E48D7D32AC1541B3210592B9D306A] : Intel® Trusted Connect Service Client [HKCR\Installer\Products\35693FB0CBCBD5F6A720DC5697C4DB09] : CCC Help Turkish -> c:\windows\Installer\{0BF39653-BCBC-6F5D-7A02-CD65794CBD90}\ARPPRODUCTICON.exe [HKCR\Installer\Products\360981677FD1EAA13B8D41424B678673] : CCC Help French -> c:\windows\Installer\{76189063-1DF7-1AAE-B3D8-1424B4766837}\ARPPRODUCTICON.exe [HKCR\Installer\Products\3D139EB3179AAF9428E8ED8A58D9D12B] : CCC Help German -> c:\windows\Installer\{3BE931D3-A971-49FA-828E-DEA8859D1DB2}\ARPPRODUCTICON.exe [HKCR\Installer\Products\4053C662BEEA5B26AB14898BD33E40D3] : CCC Help Korean -> c:\windows\Installer\{266C3504-AEEB-62B5-BA41-98B83DE3043D}\ARPPRODUCTICON.exe [HKCR\Installer\Products\4351119A4311811C005D8646B537D800] : CCC Help Polish -> c:\windows\Installer\{A9111534-1134-C118-00D5-68645B738D00}\ARPPRODUCTICON.exe [HKCR\Installer\Products\4E9ABA7A2CCACAE38C6BA97B49650D41] : CCC Help Finnish -> c:\windows\Installer\{A7ABA9E4-ACC2-3EAC-C8B6-9AB79456D014}\ARPPRODUCTICON.exe [HKCR\Installer\Products\500AB65CC20FB164CA5A0AECE32375F8] : Apple Application Support (32 bits) -> C:\WINDOWS\Installer\{C56BA005-F02C-461B-ACA5-A0CE3E32578F}\WinInstall.ico [HKCR\Installer\Products\5023BDFA57F6ABE1F9F4351750CBD34F] : CCC Help English -> c:\windows\Installer\{AFDB3205-6F75-1EBA-9F4F-537105BC3DF4}\ARPPRODUCTICON.exe [HKCR\Installer\Products\520988A266E8075C908FACFBF7AD44BE] : CCC Help Danish -> c:\windows\Installer\{2A889025-8E66-C570-09F8-CABF7FDA44EB}\ARPPRODUCTICON.exe [HKCR\Installer\Products\5286461E193D0A2439AA72AF18D00A39] : PowerDirector -> c:\windows\Installer\{E1646825-D391-42A0-93AA-27FA810DA093}\ARPPRODUCTICON.exe [HKCR\Installer\Products\5A812990327ACD34D85B163756A6E149] : Dropbox Update Helper [HKCR\Installer\Products\5CE454A5A7125a24C81ED2ED4C7EE010] : PhotoDirector -> c:\windows\Installer\{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}\ARPPRODUCTICON.exe [HKCR\Installer\Products\63763CB35B6684C4FAA04CC133A5CB0B] : HP ePrint Windows Driver [HKCR\Installer\Products\69A46712847638B4987EA70536FB51C6] : Movie Maker [HKCR\Installer\Products\6B2AC564FA8977E4EB229A803CB49BCE] : Energy Star -> c:\windows\Installer\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}\_853F67D554F05449430E7E.exe [HKCR\Installer\Products\6DC5C30352525C94E994BD9DF2F936DB] : Intel(R) Rapid Storage Technology [HKCR\Installer\Products\6F4E711FD88F6E44CA17C88F52AD47A2] : Logiciel de base du périphérique HP Officejet 4630 series -> C:\WINDOWS\Installer\{F117E4F6-F88D-44E6-AC71-8CF825DA742A}\ARP_Icon [HKCR\Installer\Products\7BBF0F22F37D3E43EABB67C2FDAD08AA] : AMD Catalyst Control Center -> c:\windows\Installer\{22F0FBB7-D73F-34E3-AEBB-762CDFDA80AA}\ARPPRODUCTICON.exe [HKCR\Installer\Products\7BD4C90EC03660F46A13E87A329932FA] : D3DX10 [HKCR\Installer\Products\7C43C21609E58D74B9C5F017D78D7262] : swMSM -> C:\windows\Installer\{612C34C7-5E90-47D8-9B5C-0F717DD82726}\ARPPRODUCTICON.exe [HKCR\Installer\Products\7D2F8E1D497754242B6878DE681C98C3] : HP Registration Service -> c:\windows\Installer\{D1E8F2D7-7794-4245-B286-87ED86C1893C}\ARPPRODUCTICON.exe [HKCR\Installer\Products\7F2960DEB05824D44A74BF481131C913] : HP Officejet 4630 series Aide -> C:\windows\Installer\{ED0692F7-850B-4D42-A447-FB8411139C31}\ARP_Icon [HKCR\Installer\Products\80A6355AF7A50334987430275B003ADB] : Intel(R) Management Engine Components [HKCR\Installer\Products\8AEDA3B34CBC19E35AF55117F4E59E41] : CCC Help Hungarian -> c:\windows\Installer\{3B3ADEA8-CBC4-3E91-A55F-15714F5EE914}\ARPPRODUCTICON.exe [HKCR\Installer\Products\8C4A5C18F872EA2D0B5858FB446B76F5] : CCC Help Russian -> c:\windows\Installer\{81C5A4C8-278F-D2AE-B085-85BF44B6675F}\ARPPRODUCTICON.exe [HKCR\Installer\Products\8C97A895B79531C6E12AAA74086F09AB] : CCC Help Dutch -> c:\windows\Installer\{598A79C8-597B-6C13-1EA2-AA4780F690BA}\ARPPRODUCTICON.exe [HKCR\Installer\Products\8CDD41E806AE81E43B3E917301D4B5AD] : MSVCRT110 [HKCR\Installer\Products\95EF31A1E7F6CD44A97AD2B7E9802C4D] : HP System Event Utility -> c:\windows\Installer\{1A13FE59-6F7E-44DC-9AA7-2D7B9E08C2D4}\_853F67D554F05449430E7E.exe [HKCR\Installer\Products\96F071321C0420728150000010000000] : 7-Zip 18.05 (x64 edition) [HKCR\Installer\Products\99E80CA9B0328e74791254777B1F42AE] : [HKCR\Installer\Products\9B01CB49A9518E44EB1A43FB67F5AE85] : Intel(R) ME UninstallLegacy [HKCR\Installer\Products\9D61B821C1634C3EF57C25EFA192130F] : CCC Help Greek -> c:\windows\Installer\{128B16D9-361C-E3C4-5FC7-52FE1A2931F0}\ARPPRODUCTICON.exe [HKCR\Installer\Products\9FEFE45DA59E547316D2DD0EC5BA6772] : AMD Catalyst Install Manager -> c:\windows\Installer\{D54EFEF9-E95A-3745-612D-DDE05CAB7627}\ARPPRODUCTICON.exe [HKCR\Installer\Products\A089CE062ADB6BC44A720BA745894BAC] : Google Update Helper [HKCR\Installer\Products\A419E7B35D3992A429BBFAC8F3664C13] : Skype™ 7.41 -> C:\WINDOWS\Installer\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}\SkypeIcon.exe [HKCR\Installer\Products\A4C59646F86C5B647A4305BE1F426AE8] : Apple Mobile Device Support -> C:\WINDOWS\Installer\{64695C4A-C68F-46B5-A734-50EBF124A68E}\Installer.ico [HKCR\Installer\Products\A6C64DD86500CEF47BA082BB611A1FF1] : MSVCRT [HKCR\Installer\Products\A9F8CAA3C0433874CA7523C441ACDF7B] : Étude pour l'amélioration du produit HP Officejet 4630 series -> C:\windows\Installer\{3AAC8F9A-340C-4783-AC57-324C14CAFDB7}\ARP_Icon [HKCR\Installer\Products\B474BE166A764F741B7B838615AB3B0D] : HP Support Assistant -> C:\windows\Installer\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}\ARPPRODUCTICON.exe [HKCR\Installer\Products\B4EB76DD26E75124FA3A1F328A003A98] : Movie Maker [HKCR\Installer\Products\B9FB157332F56794AA26B14F7D19CDEF] : Photo Common [HKCR\Installer\Products\C5E4ED34139D11054C579E832A667DD5] : Catalyst Control Center Localization All -> c:\windows\Installer\{43DE4E5C-D931-5011-C475-E938A266D75D}\ARPPRODUCTICON.exe [HKCR\Installer\Products\C7B7808C6948EB5429BF193DE17B9396] : Apple Application Support (64 bits) -> C:\WINDOWS\Installer\{C8087B7C-8496-45BE-92FB-91D31EB73969}\WinInstall.ico [HKCR\Installer\Products\CAE89355E85F91F45B35DB8F9BFE8D93] : Intel(R) Chipset Device Software [HKCR\Installer\Products\CDE39B8FBE9BA5F46F781810529FCE03] : CCC Help Thai -> c:\windows\Installer\{F8B93EDC-B9EB-4F5A-F687-810125F9EC30}\ARPPRODUCTICON.exe [HKCR\Installer\Products\CE85A7956D2404947893BF4994B110C3] : Dropbox 25 GB -> C:\windows\Installer\{597A58EC-42D6-4940-8739-FB94491B013C}\DropboxOEM.exe [HKCR\Installer\Products\CF5EFAD3E0548CD3CF6F4B6D20F07B3A] : Catalyst Control Center Graphics Previews Common -> c:\windows\Installer\{3DAFE5FC-450E-3DC8-FCF6-B4D6020FB7A3}\ARPPRODUCTICON.exe [HKCR\Installer\Products\D0024143F996D0155AADD7E89164F9F5] : Catalyst Control Center - Branding -> c:\windows\Installer\{3414200D-699F-510D-A5DA-7D8E19469F5F}\ARPPRODUCTICON.exe [HKCR\Installer\Products\D8759EAAF3757086A35A70EAFEA9239C] : CCC Help Spanish -> c:\windows\Installer\{AAE9578D-573F-6807-3AA5-07AEEF9A32C9}\ARPPRODUCTICON.exe [HKCR\Installer\Products\D8CC2987C6CFFB7C0FF7782161B6D2C5] : CCC Help Czech -> c:\windows\Installer\{7892CC8D-FC6C-C7BF-F07F-8712166B2D5C}\ARPPRODUCTICON.exe [HKCR\Installer\Products\DFABBB9402BC43484A67ECDE3664B4EC] : CCC Help Norwegian -> c:\windows\Installer\{49BBBAFD-CB20-8434-A476-CEED63464BCE}\ARPPRODUCTICON.exe [HKCR\Installer\Products\E024922AB4025E118B4400056559489E] : Evernote v. 5.8.13 -> C:\windows\Installer\{A229420E-204B-11E5-B844-0050569584E9}\Evernote.ico [HKCR\Installer\Products\E3CB10335F0126DED8CED765FC2DE0DA] : CCC Help Chinese Standard -> c:\windows\Installer\{3301BC3E-10F5-ED62-8DEC-7D56CFD20EAD}\ARPPRODUCTICON.exe [HKCR\Installer\Products\E66BAA708174D2242981A4BFC329A217] : Photo Gallery [HKCR\Installer\Products\E6DDEC9A2974e394BB538DD6E281A8A5] : [HKCR\Installer\Products\E8ECF3ACE5C747BF03CF5FD297AB8684] : CCC Help Japanese -> c:\windows\Installer\{CA3FCE8E-7C5E-FB74-30FC-F52D79BA6848}\ARPPRODUCTICON.exe [HKCR\Installer\Products\F187AF9E08E3993428A5DAE3112CC877] : MSVCRT110_amd64 [HKCR\Installer\Products\F2ACB6ACBEDEF80458B01304B41EA616] : I.R.I.S. OCR -> C:\windows\Installer\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}\ARP_Icon [HKCR\Installer\Products\F45FAD3B52BD6854E91F692DB41B0488] : Windows Movie Maker 2.6 [HKCR\Installer\Products\F64E997632903980A9FB957D93FBABED] : CCC Help Portuguese -> c:\windows\Installer\{6799E46F-0923-0893-9ABF-59D739BFBADE}\ARPPRODUCTICON.exe [HKCR\Installer\Products\F6FC40519318F79468CF6471B476FCF7] : HP CoolSense -> c:\windows\Installer\{1504CF6F-8139-497F-86FC-46174B67CF7F}\_853F67D554F05449430E7E.exe [HKCR\Installer\Products\F88EDCD0BACB9D886F710B5215CCA934] : CCC Help Swedish -> c:\windows\Installer\{0DCDE88F-BCAB-88D9-F617-B02551CC9A43}\ARPPRODUCTICON.exe [HKCR\Installer\Products\F9C60C6C254BA7C4BA385F39A19B3B27] : Intel(R) Management Engine Components [HKCR\Installer\Products\FAA1FE9C245B8C145A731124ADD5A4CE] : HP Customer Experience Enhancements -> C:\windows\Installer\{C9EF1AAF-B542-41C8-A537-1142DA5D4AEC}\ARPPRODUCTICON.exe [HKCR\Installer\Products\FBB33468D92C80A3980189FE6F4C1AC5] : Google Chrome [HKCR\Installer\Products\FC03D219E93F13B4DAA921C3B697E42E] : HP Update -> C:\windows\Installer\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}\ARPPRODUCTICON.exe [HKCR\Installer\Products\FEA020E16B9B0732D6C9C0D4251C4DA0] : CCC Help Italian -> c:\windows\Installer\{1E020AEF-B9B6-2370-6D9C-0C4D52C1D40A}\ARPPRODUCTICON.exe [HKCR\Installer\Products\FF43B934E47F70845B2EB4575815ADB6] : Galerie de photos ---------- | ADS ---------- | Drives ---------- | MBR 64 bits not supported by MBR.exe, Dump : C:\QuickDiag\MBR.Bin ---------- | 20 LastEventLog ------------ ------------ Une erreur non spécifiée s’est produite au cours de la restauration du système : (réinitial nickel). Informations supplémentaires : 0x80070005. ------------ ATI EEU PnP start/stop failed ------------ ATI EEU PnP start/stop failed ------------ Erreur du service de cliché instantané des volumes : erreur lors de l’appel de la routine QueryFullProcessImageNameW. hr = 0x80070006, Descripteur non valide . Opération : Opération asynchrone en cours d’exécution Contexte : État actuel: DoSnapshotSet ------------ ------------ ATI EEU PnP start/stop failed ------------ ATI EEU PnP start/stop failed ------------ Le programme SDScan.exe version 2.7.64.191 a cessé d'interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l'historique du problème dans le panneau de configuration Sécurité et maintenance. ID de processus : 15ec Heure de début : 01d4074d8720d98b Heure de fin : 18 Chemin d'accès de l'application : C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe ID de rapport : 5b71d919-63f2-4343-93b5-095cabefb8cd Nom complet du package défaillant : ID de l'application relative au package défaillant : ------------ ATI EEU PnP start/stop failed ------------ ------------ ATI EEU PnP start/stop failed ------------ Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10603.192) TYPE: ERROR DPTF Build Version: 8.1.10603.192 DPTF Build Date: Aug 7 2015 10:44:44 Source File: ..\..\..\..\Sources\Policies\PolicyLib\PolicyBase.cpp @ line 673 Executing Function: PolicyBase::takeControlOfOsc Message: Failed to acquire OSC: Failure during execution of _OSC: DPTF Build Version: 8.1.10603.192 DPTF Build Date: Aug 7 2015 10:44:44 Source File: ..\..\..\Sources\Manager\EsifServices.cpp @ line 473 Executing Function: EsifServices::primitiveExecuteSet Message: Error returned from ESIF services interface function call Participant: NoParticipant Domain: NoDomain ESIF Primitive: SET_OPERATING_SYSTEM_CAPABILITIES [93] ESIF Instance: 255 ESIF Return Code: ESIF_E_UNSUPPORTED_ACTION_TYPE [1202] Policy: Critical Policy [0] ------------ ATI EEU PnP start/stop failed ------------ Une erreur non spécifiée s’est produite au cours de la restauration du système : (Windows Update). Informations supplémentaires : 0x80070005. ------------ ATI EEU PnP start/stop failed ------------ ATI EEU PnP start/stop failed ------------ ATI EEU PnP start/stop failed ------------ ----------( EOF)---------- - 4524 | 13:01:11