--------------- QuickDiag | g3n-h@ckm@n | V4_31.08.18.1 --------------- ----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 03/09/2018 23:22:45 Updated 31/08/2018 | 22:20 (GMT) by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Time Zone : (UTC+01:00) Bruxelles, Copenhague, Madrid, Paris [Sophie (Administrator)] - [DESKTOP-UILF1JK] (S-1-5-21-2641057836-2379893348-9070863-1001) System: Microsoft Windows 10 Professionnel - - (10.0.17134) - BuildType: Multiprocessor Free - OSLanguage: 1036 (040c) -> (1803) System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True Boot : Microsoft Windows 10 Professionnel|C:\WINDOWS|\Device\Harddisk1\Partition2 Boot : Normal boot PC: To Be Filled By O.E.M. - To Be Filled By O.E.M. - IdNumber: To Be Filled By O.E.M. - UUID: 61C28570-1F7B-0000-0000-000000000000 Processor : X64 - 3593 Mhz - AMD Ryzen 5 2400G with Radeon Vega Graphics BIOS Date: 04/19/18 17:01:27 Ver: 05.0000D - - American Megatrends Inc. - S/N: To Be Filled By O.E.M. - P4.60 - ALASKA - 1072009 CoreTemp : ? Celsius ----------| Quick ---------- | SoundDevice AMD High Definition Audio Device - Status: OK - Manufacturer: Advanced Micro Devices - PNPDeviceID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1007\5&14BACE15&0&0001 Realtek High Definition Audio - Status: OK - Manufacturer: Realtek - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10EC&DEV_1220&SUBSYS_18491221&REV_1000\5&167800ED&0&0001 ---------- | Video AMD Radeon(TM) RX Vega 11 Graphics - Resolution: 1920x1200 - Colors: 4294967296 - RefreshRate: 60 - 32 Bits Per Pixel - DeviceID: VideoController1 - Drivers: C:\WINDOWS\System32\DriverStore\FileRepository\c0328911.inf_amd64_a81756cbffedb936\B328940\aticfx64.dll,C:\WINDOWS\System32\DriverStore\FileRepository\c0328911.inf_amd64_a81756cbffedb936\B328940\aticfx64.dll,C:\WINDOWS\System32\DriverStore\FileRepository\c0328911.inf_amd64_a81756cbffedb936\B328940\aticfx64.dll,C:\WINDOWS\System32\DriverStore\FileRepository\c0328911.inf_amd64_a81756cbffedb936\B328940\amdxc64.dll - PNPDeviceID: PCI\VEN_1002&DEV_15DD&SUBSYS_15DD1002&REV_C6\4&28056CF2&0&0041 - AdapterCompatibility: Advanced Micro Devices, Inc. - RAM: 1073741824 Inegrated Video Chipset DeviceName: AMD Radeon(TM) RX Vega 11 Graphics - DriverVersion: 8.14.1.6564 - SpecificationVersion: 1025 ---------- | Codecs c:\windows\system32\imaadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 36264 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 28160 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msvidc32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 39424 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 34696 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\iyuv_32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 53760 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\tsbyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 16896 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\l3codeca.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 86016 - Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK c:\windows\system32\msgsm32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 42480 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msrle32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 17920 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msg711.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 25408 - Manufacturer: Microsoft Corporation - Status: OK ---------- | CPU ---------- | Network Microsoft Kernel Debug Network Adapter - - Microsoft - Status: - PnPID : ROOT\KDNIC\0000 Intel(R) Dual Band Wireless-AC 3168 - Ethernet 802.3 - Intel Corporation - Status: - PnPID : PCI\VEN_8086&DEV_24FB&SUBSYS_21108086&REV_10\F894C2FFFFFF3CE600 Intel(R) I211 Gigabit Network Connection - Ethernet 802.3 - Intel Corporation - Status: - PnPID : PCI\VEN_8086&DEV_1539&SUBSYS_15391849&REV_03\7085C2FFFF617B1F00 Microsoft Wi-Fi Direct Virtual Adapter - Ethernet 802.3 - Microsoft - Status: - PnPID : {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP_WFD\7&10BC7250&0&11 Bluetooth Device (RFCOMM Protocol TDI) - - Microsoft - Status: - PnPID : BTH\MS_RFCOMM\7&AA21106&0&0 Microsoft Wi-Fi Direct Virtual Adapter #2 - Ethernet 802.3 - Microsoft - Status: - PnPID : {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP_WFD\7&10BC7250&0&12 Bluetooth Device (Personal Area Network) - Ethernet 802.3 - Microsoft - Status: - PnPID : BTH\MS_BTHPAN\7&AA21106&0&2 WAN Miniport (SSTP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_SSTPMINIPORT WAN Miniport (IKEv2) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_AGILEVPNMINIPORT WAN Miniport (L2TP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_L2TPMINIPORT WAN Miniport (PPTP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_PPTPMINIPORT WAN Miniport (PPPOE) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_PPPOEMINIPORT WAN Miniport (IP) - Ethernet 802.3 - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_NDISWANIP WAN Miniport (IPv6) - Ethernet 802.3 - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_NDISWANIPV6 WAN Miniport (Network Monitor) - Ethernet 802.3 - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_NDISWANBH RAS Async Adapter - Réseau étendu (WAN) - Microsoft - Status: - PnPID : SW\{EEAB7790-C514-11D1-B42B-00805FC1270E}\ASYNCMAC ---------- | Memory RAM = Total (MB) : 15653 | Free (MB) : 8623 Pagefile = Total (MB) : 18013 | Free (MB) : 8670 Virtual = Total (MB) : 4194 | Free (MB) : 3884 Physical Memory 0 : Capacity: 8589934592 - DIMM 0 - Posit.: - Manufacturer: Unknown - PartNumber: CMR16GX4M2A2666C16 - S/N: 00000000 Physical Memory 1 : Capacity: 8589934592 - DIMM 0 - Posit.: - Manufacturer: Unknown - PartNumber: CMR16GX4M2A2666C16 - S/N: 00000000 ---------- | SID Users Administrateur : [S-1-5-21-2641057836-2379893348-9070863-500] DefaultAccount : [S-1-5-21-2641057836-2379893348-9070863-503] Invité : [S-1-5-21-2641057836-2379893348-9070863-501] Sophie : [S-1-5-21-2641057836-2379893348-9070863-1001] WDAGUtilityAccount : [S-1-5-21-2641057836-2379893348-9070863-504] Administrateurs : [S-1-5-32-544] Administrateurs Hyper-V : [S-1-5-32-578] Duplicateurs : [S-1-5-32-552] IIS_IUSRS : [S-1-5-32-568] Invités : [S-1-5-32-546] Lecteurs des journaux d’événements : [S-1-5-32-573] Opérateurs d'assistance de contrôle d'accès : [S-1-5-32-579] Opérateurs de chiffrement : [S-1-5-32-569] Opérateurs de configuration réseau : [S-1-5-32-556] Opérateurs de sauvegarde : [S-1-5-32-551] System Managed Accounts Group : [S-1-5-32-581] Utilisateurs : [S-1-5-32-545] Utilisateurs avec pouvoir : [S-1-5-32-547] Utilisateurs de gestion à distance : [S-1-5-32-580] Utilisateurs de l’Analyseur de performances : [S-1-5-32-558] Utilisateurs du Bureau à distance : [S-1-5-32-555] Utilisateurs du journal de performances : [S-1-5-32-559] Utilisateurs du modèle COM distribué : [S-1-5-32-562] ---------- | SystemAccounts Name: Tout le monde - SID: S-1-1-0 - SIDType: 5 - Status: OK Name: LOCAL - SID: S-1-2-0 - SIDType: 5 - Status: OK Name: CREATEUR PROPRIETAIRE - SID: S-1-3-0 - SIDType: 5 - Status: OK Name: GROUPE CREATEUR - SID: S-1-3-1 - SIDType: 5 - Status: OK Name: CREATOR OWNER SERVER - SID: S-1-3-2 - SIDType: 5 - Status: OK Name: CREATOR GROUP SERVER - SID: S-1-3-3 - SIDType: 5 - Status: OK Name: DROITS DU PROPRIÉTAIRE - SID: S-1-3-4 - SIDType: 5 - Status: OK Name: LIGNE - SID: S-1-5-1 - SIDType: 5 - Status: OK Name: RESEAU - SID: S-1-5-2 - SIDType: 5 - Status: OK Name: TACHE - SID: S-1-5-3 - SIDType: 5 - Status: OK Name: INTERACTIF - SID: S-1-5-4 - SIDType: 5 - Status: OK Name: SERVICE - SID: S-1-5-6 - SIDType: 5 - Status: OK Name: ANONYMOUS LOGON - SID: S-1-5-7 - SIDType: 5 - Status: OK Name: Proxy - SID: S-1-5-8 - SIDType: 5 - Status: OK Name: Système - SID: S-1-5-18 - SIDType: 5 - Status: OK Name: ENTERPRISE DOMAIN CONTROLLERS - SID: S-1-5-9 - SIDType: 5 - Status: OK Name: SELF - SID: S-1-5-10 - SIDType: 5 - Status: OK Name: Utilisateurs authentifiés - SID: S-1-5-11 - SIDType: 5 - Status: OK Name: RESTRICTED - SID: S-1-5-12 - SIDType: 5 - Status: OK Name: UTILISATEUR TERMINAL SERVER - SID: S-1-5-13 - SIDType: 5 - Status: OK Name: REMOTE INTERACTIVE LOGON - SID: S-1-5-14 - SIDType: 5 - Status: OK Name: IUSR - SID: S-1-5-17 - SIDType: 5 - Status: OK Name: SERVICE LOCAL - SID: S-1-5-19 - SIDType: 5 - Status: OK Name: SERVICE RÉSEAU - SID: S-1-5-20 - SIDType: 5 - Status: OK Name: BUILTIN - SID: S-1-5-32 - SIDType: 3 - Status: OK ---------- | Drives C:\ -> [Fixed] | [] | Total : 464.8 Go | Free : 413.14 Go -> NTFS (SSD) D:\ -> [Fixed] | [Stockage] | Total : 1663.01 Go | Free : 794.49 Go -> NTFS [SATA] E:\ -> [Fixed] | [Temp] | Total : 199.56 Go | Free : 148.71 Go -> NTFS [SATA] DeviceID: \\.\PHYSICALDRIVE0 - Status: OK - IDE - Fixed hard disk media - 3 Part. - PnPID : SCSI\DISK&VEN_WDC&PROD_WD2002FAEX-007BA\5&344E788A&0&000000 DeviceID: \\.\PHYSICALDRIVE1 - Status: OK - SCSI - Fixed hard disk media - 3 Part. - PnPID : SCSI\DISK&VEN_NVME&PROD_SAMSUNG_SSD_960\5&2B57B086&0&000000 ---------- | Windows updates - Activation - License W.A.T : :) Test 1 : Windows Is Activated Volume License ---------- | Browsers IE : 11.0.17134.1 (© Microsoft Corporation. Tous droits réservés.) GC : 68.0.3440.106 (Copyright 2017 Google Inc.) Default : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" ---------- | FlashPlayer FlashPlayer ActiveX : 30.0.0.154 FlashPlayer Plugin : 30.0.0.154 ---------- | Security AV : Windows Defender Enabled AS : Windows Defender Enabled FW : WINDOWS Firewall WMI : OK WU: Windows Update Service [Manual(3)] = stopped AS: Windows Defender [Auto(2)] = Running WMI: Windows Management Instrumentation [Auto(2)] = Running ---------- | Running processes 432 | [Owner : Système | Parent : 4(System) | ?????] - (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (10.0.17134.1) = C:\Windows\System32\smss.exe [12/04/2018 01:34:22] 588 | [Owner : Système | Parent : 580() | ?????] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (10.0.17134.1) = C:\Windows\System32\csrss.exe [12/04/2018 01:34:22] 700 | [Owner : Système | Parent : 580() | ?????] - (.Microsoft Corporation - Application de démarrage de Windows.) - (10.0.17134.1) = C:\Windows\System32\wininit.exe [12/04/2018 01:34:22] 792 | [Owner : Système | Parent : 700(wininit.exe) | ?????] - (.Microsoft Corporation - Applications Services et Contrôleur.) - (10.0.17134.191) = C:\Windows\System32\services.exe [15/08/2018 14:51:11] 852 | [Owner : Système | Parent : 700(wininit.exe) | 10.51 Mo] - (.Microsoft Corporation - Local Security Authority Process.) - (10.0.17134.1) = C:\Windows\System32\lsass.exe [12/04/2018 01:34:23] 1008 | [Owner : Système | Parent : 792(services.exe) | 0.62 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] 100 | [Owner : Système | Parent : 792(services.exe) | 19.45 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] 392 | [Owner : UMFD-0 | Parent : 700(wininit.exe) | 0.72 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.17134.228) = C:\Windows\System32\fontdrvhost.exe [15/08/2018 14:51:11] 692 | [Owner : SERVICE RÉSEAU | Parent : 792(services.exe) | 49.64 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] 1032 | [Owner : Système | Parent : 792(services.exe) | 3.52 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] 1284 | [Owner : Système | Parent : 792(services.exe) | 4.68 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] 1340 | [Owner : Système | Parent : 792(services.exe) | 8.57 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] 1388 | [Owner : Système | Parent : 792(services.exe) | 5.27 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] 1484 | [Owner : SERVICE LOCAL | Parent : 792(services.exe) | 14.87 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] 1492 | [Owner : SERVICE LOCAL | Parent : 792(services.exe) | 4.52 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] 1500 | [Owner : SERVICE LOCAL | Parent : 792(services.exe) | 13.15 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] 1632 | [Owner : Système | Parent : 792(services.exe) | 5.16 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] 1684 | [Owner : Système | Parent : 792(services.exe) | 5.93 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.2.0.0) = C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [01/06/2018 20:03:35] 1724 | [Owner : SERVICE LOCAL | Parent : 792(services.exe) | 4.66 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] 1792 | [Owner : Système | Parent : 792(services.exe) | 1.21 Mo] - (.AMD - AMD External Events Service Module.) - (24.20.11016.4) = C:\Windows\System32\DriverStore\FileRepository\c0328911.inf_amd64_a81756cbffedb936\B328940\atiesrxx.exe [22/05/2018 16:54:24] 1824 | [Owner : SERVICE LOCAL | Parent : 792(services.exe) | 3.82 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] 1892 | [Owner : SERVICE RÉSEAU | Parent : 792(services.exe) | 6.96 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] 2020 | [Owner : SERVICE LOCAL | Parent : 792(services.exe) | 5.59 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] 1456 | [Owner : Système | Parent : 792(services.exe) | 1.8 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] 2108 | [Owner : SERVICE LOCAL | Parent : 792(services.exe) | 3.48 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] 2116 | [Owner : SERVICE LOCAL | Parent : 792(services.exe) | 2.03 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] 2228 | [Owner : SERVICE LOCAL | Parent : 792(services.exe) | 1.84 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] 2268 | [Owner : Système | Parent : 792(services.exe) | 3.08 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] 2324 | [Owner : SERVICE LOCAL | Parent : 792(services.exe) | 4.05 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] 2332 | [Owner : Système | Parent : 792(services.exe) | 4.04 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] 2340 | [Owner : Système | Parent : 792(services.exe) | 1.17 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] 2440 | [Owner : SERVICE LOCAL | Parent : 2268(svchost.exe) | 14.8 Mo] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (10.0.17134.1) = C:\Windows\System32\dasHost.exe [12/04/2018 01:34:12] 2524 | [Owner : Système | Parent : 792(services.exe) | 4.8 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] 2568 | [Owner : Système | Parent : 792(services.exe) | 2.75 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] 2576 | [Owner : SERVICE LOCAL | Parent : 792(services.exe) | 2.66 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] 2800 | [Owner : SERVICE LOCAL | Parent : 792(services.exe) | 7.23 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] 2860 | [Owner : Système | Parent : 792(services.exe) | 16.56 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] 2908 | [Owner : SERVICE LOCAL | Parent : 792(services.exe) | 4.37 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] 3016 | [Owner : SERVICE RÉSEAU | Parent : 792(services.exe) | 4.49 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] 3024 | [Owner : SERVICE LOCAL | Parent : 792(services.exe) | 2.07 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] 2252 | [Owner : SERVICE LOCAL | Parent : 792(services.exe) | 5.32 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] 3196 | [Owner : Système | Parent : 792(services.exe) | 4.55 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] 3252 | [Owner : Système | Parent : 792(services.exe) | 4.12 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] 3312 | [Owner : Système | Parent : 792(services.exe) | 4.12 Mo] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.17134.1) = C:\Windows\System32\spoolsv.exe [12/04/2018 01:34:41] 3396 | [Owner : SERVICE RÉSEAU | Parent : 792(services.exe) | 2.86 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] 3652 | [Owner : SERVICE LOCAL | Parent : 792(services.exe) | 3.18 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] 3660 | [Owner : Système | Parent : 792(services.exe) | 1.27 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] 3668 | [Owner : SERVICE RÉSEAU | Parent : 792(services.exe) | 6.98 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] 3676 | [Owner : Système | Parent : 792(services.exe) | 12.8 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] 3684 | [Owner : Système | Parent : 792(services.exe) | 13.71 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] 3692 | [Owner : Système | Parent : 792(services.exe) | 1.4 Mo] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - (1.824.27.2646) = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [21/03/2018 02:21:48] 3700 | [Owner : Système | Parent : 792(services.exe) | 2.07 Mo] - (.Intel Corporation - Intel(R) Wireless Bluetooth(R) iBtSiva Service.) - (20.50.1.2) = C:\Windows\System32\ibtsiva.exe [19/04/2018 20:54:48] 3708 | [Owner : SERVICE RÉSEAU | Parent : 792(services.exe) | 2.35 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] 3720 | [Owner : Système | Parent : 792(services.exe) | 19.42 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] 3728 | [Owner : Système | Parent : 792(services.exe) | ?????] - (.Microsoft Corporation - Antimalware Service Executable.) - (4.18.1807.18075) = C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1807.18075-0\MsMpEng.exe [31/07/2018 12:18:56] 3740 | [Owner : SERVICE LOCAL | Parent : 792(services.exe) | 19.62 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] 3768 | [Owner : Système | Parent : 792(services.exe) | ?????] - (.Microsoft Corporation - Windows Security Health Service.) - (4.13.17134.191) = C:\Windows\System32\SecurityHealthService.exe [15/08/2018 14:51:13] 3856 | [Owner : Système | Parent : 792(services.exe) | 3.66 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] 3948 | [Owner : SERVICE LOCAL | Parent : 792(services.exe) | 0.92 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] 2668 | [Owner : Système | Parent : 792(services.exe) | 7.04 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] 4100 | [Owner : SERVICE LOCAL | Parent : 792(services.exe) | 1.29 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] 4324 | [Owner : Système | Parent : 792(services.exe) | 5.48 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] 4804 | [Owner : Système | Parent : 792(services.exe) | 44.59 Mo] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.17134.228) = C:\Windows\System32\SearchIndexer.exe [15/08/2018 14:51:13] 5148 | [Owner : SERVICE RÉSEAU | Parent : 792(services.exe) | ?????] - (.Microsoft Corporation - Microsoft Network Realtime Inspection Service.) - (4.18.1807.18075) = C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1807.18075-0\NisSrv.exe [31/07/2018 12:18:56] 5464 | [Owner : SERVICE RÉSEAU | Parent : 792(services.exe) | 3.69 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] 1396 | [Owner : Système | Parent : 792(services.exe) | 1.99 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] 1236 | [Owner : SERVICE LOCAL | Parent : 792(services.exe) | 10.88 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] 6212 | [Owner : Système | Parent : 792(services.exe) | 6.33 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] 6288 | [Owner : Système | Parent : 792(services.exe) | 2.82 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] 6324 | [Owner : Système | Parent : 792(services.exe) | 6.31 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] 7928 | [Owner : SERVICE LOCAL | Parent : 792(services.exe) | 7.1 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] 8148 | [Owner : Système | Parent : 792(services.exe) | 4.85 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] 5708 | [Owner : Système | Parent : 5568() | 1.15 Mo] - (.Google Inc. - Google Crash Handler.) - (1.3.33.17) = C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe [22/05/2018 11:18:42] 5588 | [Owner : Système | Parent : 5568() | 0.95 Mo] - (.Google Inc. - Google Crash Handler.) - (1.3.33.17) = C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe [22/05/2018 11:18:42] 9016 | [Owner : Système | Parent : 792(services.exe) | 19.23 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] 6044 | [Owner : Système | Parent : 792(services.exe) | 2.8 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] 1696 | [Owner : Système | Parent : 792(services.exe) | ?????] - (.Microsoft Corporation - Service Broker du moniteur d'exécution System Guard.) - (10.0.17134.1) = C:\Windows\System32\SgrmBroker.exe [12/04/2018 01:34:04] 1812 | [Owner : Système | Parent : 792(services.exe) | 3.61 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] 9960 | [Owner : SERVICE LOCAL | Parent : 792(services.exe) | 4 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] 9860 | [Owner : Système | Parent : 792(services.exe) | 1.09 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] 9312 | [Owner : SERVICE LOCAL | Parent : 792(services.exe) | 4.74 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] 9344 | [Owner : SERVICE RÉSEAU | Parent : 100(svchost.exe) | 14.4 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.17134.1) = C:\Windows\System32\wbem\WmiPrvSE.exe [12/04/2018 01:34:40] 1540 | [Owner : Système | Parent : 100(svchost.exe) | 6.7 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.17134.1) = C:\Windows\System32\wbem\WmiPrvSE.exe [12/04/2018 01:34:40] 7656 | [Owner : Système | Parent : 792(services.exe) | 0.87 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] 6620 | [Owner : Système | Parent : 792(services.exe) | 2.14 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] 6796 | [Owner : SERVICE LOCAL | Parent : 792(services.exe) | 3.66 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] 14112 | [Owner : Système | Parent : 792(services.exe) | 4.31 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] 864 | [Owner : Système | Parent : 6668() | ?????] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (10.0.17134.1) = C:\Windows\System32\csrss.exe [12/04/2018 01:34:22] 12664 | [Owner : Système | Parent : 6668() | 3.04 Mo] - (.Microsoft Corporation - Application d’ouverture de session Windows.) - (10.0.17134.165) = C:\Windows\System32\winlogon.exe [13/07/2018 08:18:40] 8124 | [Owner : UMFD-5 | Parent : 12664(winlogon.exe) | 4.43 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.17134.228) = C:\Windows\System32\fontdrvhost.exe [15/08/2018 14:51:11] 8960 | [Owner : DWM-5 | Parent : 12664(winlogon.exe) | 64.64 Mo] - (.Microsoft Corporation - Gestionnaire de fenêtres du Bureau.) - (10.0.17134.1) = C:\Windows\System32\dwm.exe [12/04/2018 01:34:19] 13140 | [Owner : Système | Parent : 1684(NVDisplay.Container.exe) | 8.16 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.2.0.0) = C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [01/06/2018 20:03:35] 16556 | [Owner : Système | Parent : 1792(atiesrxx.exe) | 3.86 Mo] - (.AMD - AMD External Events Client Module.) - (24.20.11016.4) = C:\Windows\System32\DriverStore\FileRepository\c0328911.inf_amd64_a81756cbffedb936\B328940\atieclxx.exe [22/05/2018 16:54:24] 9984 | [Owner : Sophie | Parent : 1632(svchost.exe) | 17.01 Mo] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.17134.1) = C:\Windows\System32\sihost.exe [12/04/2018 01:34:12] 14368 | [Owner : Sophie | Parent : 792(services.exe) | 11.23 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] 16240 | [Owner : Sophie | Parent : 792(services.exe) | 16.33 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] 12828 | [Owner : Sophie | Parent : 1340(svchost.exe) | 7.49 Mo] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.17134.1) = C:\Windows\System32\taskhostw.exe [12/04/2018 01:34:37] 9832 | [Owner : Sophie | Parent : 3412() | 193.85 Mo] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.17134.165) = C:\Windows\explorer.exe [13/07/2018 08:18:49] 11116 | [Owner : Sophie | Parent : 100(svchost.exe) | 51.29 Mo] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.17134.1) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [12/04/2018 01:33:58] 9612 | [Owner : Sophie | Parent : 100(svchost.exe) | 84.67 Mo] - (.Microsoft Corporation - Search and Cortana application.) - (10.0.17134.228) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [15/08/2018 14:51:24] 3588 | [Owner : Sophie | Parent : 100(svchost.exe) | 6.62 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.17134.1) = C:\Windows\System32\RuntimeBroker.exe [12/04/2018 01:34:06] 9004 | [Owner : Sophie | Parent : 100(svchost.exe) | 10.48 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.17134.1) = C:\Windows\System32\RuntimeBroker.exe [12/04/2018 01:34:06] 6600 | [Owner : Sophie | Parent : 100(svchost.exe) | 0.2 Mo] - (.-.) - (12.1815.210.0) = C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe [17/07/2018 07:37:41] 6728 | [Owner : Sophie | Parent : 1396(svchost.exe) | 18.8 Mo] - (.Microsoft Corporation - Chargeur CTF.) - (10.0.17134.1) = C:\Windows\System32\ctfmon.exe [12/04/2018 01:34:37] 15296 | [Owner : Sophie | Parent : 100(svchost.exe) | 10.63 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.17134.1) = C:\Windows\System32\RuntimeBroker.exe [12/04/2018 01:34:06] 13008 | [Owner : Sophie | Parent : 10576() | 8.47 Mo] - (.Advanced Micro Devices, Inc. - Radeon Settings: Host Application.) - (10.1.2.1717) = C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [16/05/2018 15:21:22] 2704 | [Owner : Sophie | Parent : 100(svchost.exe) | 1.84 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.17134.1) = C:\Windows\System32\RuntimeBroker.exe [12/04/2018 01:34:06] 9784 | [Owner : Sophie | Parent : 16396() | 18.12 Mo] - (.Advanced Micro Devices, Inc. - AMD ReLive: Host Application.) - (10.1.1.1717) = C:\Program Files\AMD\CNext\CNext\amddvr.exe [16/05/2018 15:20:52] 3564 | [Owner : Sophie | Parent : 9784(amddvr.exe) | 1.61 Mo] - (.Advanced Micro Devices, Inc. - AMD ReLive: Desktop Overlay.) - (10.1.1.1717) = C:\Program Files\AMD\CNext\CNext\amdow.exe [16/05/2018 15:20:54] 15880 | [Owner : Sophie | Parent : 9832(explorer.exe) | 2.74 Mo] - (.Microsoft Corporation - Windows Defender notification icon.) - (4.13.17134.1) = C:\Program Files\Windows Defender\MSASCuiL.exe [12/04/2018 01:33:58] 12952 | [Owner : Sophie | Parent : 9832(explorer.exe) | 8.69 Mo] - (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) - (1.0.0.1062) = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [22/05/2018 12:05:56] 13256 | [Owner : Sophie | Parent : 9832(explorer.exe) | 18.57 Mo] - (.Logitech, Inc. - Logitech SetPoint Event Manager (UNICODE).) - (6.68.250.0) = C:\Program Files\Logitech\SetPointP\SetPoint.exe [18/05/2018 03:37:48] 15504 | [Owner : Sophie | Parent : 13256(SetPoint.exe) | 7.04 Mo] - (.Logitech, Inc. - Logitech KHAL Main Process.) - (5.92.117.0) = C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe [16/05/2018 20:15:56] 2916 | [Owner : Sophie | Parent : 9832(explorer.exe) | 5.62 Mo] - (.- CDA Server.) - (1.62.0.0) = C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [08/09/2014 13:39:36] 16196 | [Owner : Sophie | Parent : 100(svchost.exe) | 5.87 Mo] - (.Microsoft Corporation - COM Surrogate.) - (10.0.17134.1) = C:\Windows\System32\dllhost.exe [12/04/2018 01:34:22] 10480 | [Owner : Sophie | Parent : 9832(explorer.exe) | 68.57 Mo] - (.Corsair Components, Inc. - Corsair LINK 4.) - (4.9.7.35) = C:\Program Files (x86)\CorsairLink4\CorsairLink4.exe [30/03/2018 15:50:24] 7524 | [Owner : Sophie | Parent : 792(services.exe) | 3.68 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] 1924 | [Owner : Sophie | Parent : 100(svchost.exe) | 54.86 Mo] - (.-.) - (2018.18071.15310.0) = C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18071.15310.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe [31/08/2018 11:21:09] 15876 | [Owner : Sophie | Parent : 100(svchost.exe) | 73.72 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.17134.1) = C:\Windows\System32\RuntimeBroker.exe [12/04/2018 01:34:06] 9372 | [Owner : Sophie | Parent : 100(svchost.exe) | 14.76 Mo] - (.Microsoft Corporation - Application Frame Host.) - (10.0.17134.1) = C:\Windows\System32\ApplicationFrameHost.exe [12/04/2018 01:34:18] 8348 | [Owner : Sophie | Parent : 100(svchost.exe) | 1.63 Mo] - (.Microsoft Corporation - Store.) - (11807.1001.13.0) = C:\Program Files\WindowsApps\Microsoft.WindowsStore_11807.1001.13.0_x64__8wekyb3d8bbwe\WinStore.App.exe [01/08/2018 11:28:18] 6724 | [Owner : Sophie | Parent : 100(svchost.exe) | 7.34 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.17134.1) = C:\Windows\System32\RuntimeBroker.exe [12/04/2018 01:34:06] 9972 | [Owner : Sophie | Parent : 9832(explorer.exe) | 86.73 Mo] - (.Microsoft Corporation - Windows Live Mail.) - (16.4.3528.331) = C:\Program Files (x86)\Windows Live\Mail\wlmail.exe [31/03/2014 21:36:38] 10884 | [Owner : Système | Parent : 792(services.exe) | 9.45 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] 15272 | [Owner : Sophie | Parent : 100(svchost.exe) | 4.99 Mo] - (.Microsoft Corporation - Windows Live Communications Platform.) - (16.4.3528.331) = C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [31/03/2014 21:30:22] 936 | [Owner : Sophie | Parent : 100(svchost.exe) | 7 Mo] - (.Microsoft Corporation - System Settings Broker.) - (10.0.17134.1) = C:\Windows\System32\SystemSettingsBroker.exe [12/04/2018 01:34:43] 15860 | [Owner : SERVICE LOCAL | Parent : 792(services.exe) | 2.87 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] 14640 | [Owner : SERVICE LOCAL | Parent : 792(services.exe) | 4.69 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] 12372 | [Owner : Système | Parent : 792(services.exe) | 2.18 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] 12940 | [Owner : Sophie | Parent : 9832(explorer.exe) | 150.26 Mo] - (.Corel, Inc. - Corel PaintShop Pro X8 (32-bit).) - (18.0.0.2) = C:\Program Files (x86)\Corel\Corel PaintShop Pro X8\Corel PaintShop Pro.exe [09/07/2015 21:29:32] 14048 | [Owner : Sophie | Parent : 9972(wlmail.exe) | 396.3 Mo] - (.Mozilla Corporation - Firefox.) - (61.0.2.6793) = C:\Program Files\Mozilla Firefox\firefox.exe [26/05/2018 19:54:21] 13504 | [Owner : Sophie | Parent : 14048(firefox.exe) | 55.01 Mo] - (.Mozilla Corporation - Firefox.) - (61.0.2.6793) = C:\Program Files\Mozilla Firefox\firefox.exe [26/05/2018 19:54:21] 9368 | [Owner : Sophie | Parent : 14048(firefox.exe) | 870.26 Mo] - (.Mozilla Corporation - Firefox.) - (61.0.2.6793) = C:\Program Files\Mozilla Firefox\firefox.exe [26/05/2018 19:54:21] 11324 | [Owner : Sophie | Parent : 14048(firefox.exe) | 1017.94 Mo] - (.Mozilla Corporation - Firefox.) - (61.0.2.6793) = C:\Program Files\Mozilla Firefox\firefox.exe [26/05/2018 19:54:21] 11128 | [Owner : Sophie | Parent : 14048(firefox.exe) | 424.63 Mo] - (.Mozilla Corporation - Firefox.) - (61.0.2.6793) = C:\Program Files\Mozilla Firefox\firefox.exe [26/05/2018 19:54:21] 5832 | [Owner : Sophie | Parent : 14048(firefox.exe) | 510.75 Mo] - (.Mozilla Corporation - Firefox.) - (61.0.2.6793) = C:\Program Files\Mozilla Firefox\firefox.exe [26/05/2018 19:54:21] 15976 | [Owner : Sophie | Parent : 14048(firefox.exe) | 507.48 Mo] - (.Mozilla Corporation - Firefox.) - (61.0.2.6793) = C:\Program Files\Mozilla Firefox\firefox.exe [26/05/2018 19:54:21] 16812 | [Owner : Système | Parent : 792(services.exe) | 185.88 Mo] - (.Malwarebytes - Malwarebytes Service.) - (3.1.0.667) = C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [03/09/2018 15:19:27] 16816 | [Owner : Sophie | Parent : 16812(MBAMService.exe) | 20.75 Mo] - (.Malwarebytes - Malwarebytes Tray Application.) - (3.1.0.1594) = C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [03/09/2018 15:19:25] 10196 | [Owner : Sophie | Parent : 100(svchost.exe) | 19.67 Mo] - (.Microsoft Corporation - COM Surrogate.) - (10.0.17134.1) = C:\Windows\System32\dllhost.exe [12/04/2018 01:34:22] 8116 | [Owner : Sophie | Parent : 9832(explorer.exe) | 5.6 Mo] - (.Microsoft Corporation - Bloc-notes.) - (10.0.17134.1) = C:\Windows\System32\notepad.exe [12/04/2018 01:34:32] 14532 | [Owner : Sophie | Parent : 100(svchost.exe) | 2.81 Mo] - (.Microsoft Corporation - Paramètres.) - (10.0.17134.112) = C:\Windows\ImmersiveControlPanel\SystemSettings.exe [13/07/2018 08:18:41] 4124 | [Owner : Système | Parent : 792(services.exe) | 55.74 Mo] - (.Corsair Components, Inc. - Corsair LINK 4 Service.) - (4.9.7.35) = C:\Program Files (x86)\CorsairLink4\CorsairLink4.Service.exe [30/03/2018 15:48:32] 8208 | [Owner : SERVICE LOCAL | Parent : 792(services.exe) | 6.72 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] 15508 | [Owner : Sophie | Parent : 100(svchost.exe) | 37.85 Mo] - (.Microsoft Corporation - Windows Defender SmartScreen.) - (10.0.17134.137) = C:\Windows\System32\smartscreen.exe [13/07/2018 08:18:49] 10168 | [Owner : SERVICE LOCAL | Parent : 2800(svchost.exe) | 16.82 Mo] - (.Microsoft Corporation - Isolation graphique de périphérique audio Windows.) - (10.0.17134.137) = C:\Windows\System32\audiodg.exe [13/07/2018 08:18:44] 16076 | [Owner : Système | Parent : 792(services.exe) | 6.48 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 01:34:22] 9772 | [Owner : Sophie | Parent : 100(svchost.exe) | 6.51 Mo] - (.Microsoft Corporation - COM Surrogate.) - (10.0.17134.1) = C:\Windows\System32\dllhost.exe [12/04/2018 01:34:22] 10896 | [Owner : Système | Parent : 4804(SearchIndexer.exe) | 11.3 Mo] - (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) - (7.0.17134.228) = C:\Windows\System32\SearchProtocolHost.exe [15/08/2018 14:51:10] 16792 | [Owner : Système | Parent : 4804(SearchIndexer.exe) | 6.05 Mo] - (.Microsoft Corporation - Microsoft Windows Search Filter Host.) - (7.0.17134.1) = C:\Windows\System32\SearchFilterHost.exe [12/04/2018 01:34:08] 892 | [Owner : Sophie | Parent : 9832(explorer.exe) | 44.11 Mo] - (.SosVirus - QuickDiag.) - (31.8.18.1) = D:\Bureau\QuickDiag.exe [03/09/2018 23:21:46] 3796 | [Owner : SERVICE RÉSEAU | Parent : 100(svchost.exe) | 9.79 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.17134.1) = C:\Windows\SysWOW64\wbem\WmiPrvSE.exe [12/04/2018 01:34:55] 6256 | [Owner : SERVICE RÉSEAU | Parent : 792(services.exe) | ?????] - (.Microsoft Corporation - Service de la plateforme de protection logicielle Microsoft.) - (10.0.17134.112) = C:\Windows\System32\sppsvc.exe [13/07/2018 08:18:57] ---------- | Locked Applications ---------- | Explorer.exe Modules (Microsoft Files Whitelisted) (..-..) - (0.0.0.0) -- C:\Windows\System32\InputHost.dll (.Advanced Micro Devices, Inc. .-.aticfx64.dll.) - (24.20.11016.4) -- C:\WINDOWS\System32\DriverStore\FileRepository\c0328911.inf_amd64_a81756cbffedb936\B328940\aticfx64.dll (.Advanced Micro Devices, Inc. .-.atiuxpag.dll.) - (24.20.11016.4) -- C:\WINDOWS\System32\DriverStore\FileRepository\c0328911.inf_amd64_a81756cbffedb936\B328940\atiuxp64.dll (.Advanced Micro Devices, Inc. .-.atidxx64.dll.) - (24.20.11016.4) -- C:\WINDOWS\System32\DriverStore\FileRepository\c0328911.inf_amd64_a81756cbffedb936\B328940\atidxx64.dll (.Advanced Micro Devices, Inc..-.AMD DVR.) - (1.0.0.0) -- C:\WINDOWS\SYSTEM32\amdihk64.dll (.CherubicSoft.-.SageThumbs Shell Extension.) - (2.0.0.23) -- C:\Program Files (x86)\SageThumbs\64\SageThumbs.dll (.XnView.-.GFL SDK.) - (3.11.0.0) -- C:\Program Files (x86)\SageThumbs\64\libgfl340.dll (.CherubicSoft.-.SQLite3 Library.) - (3.8.5.0) -- C:\Program Files (x86)\SageThumbs\64\sqlite3.dll (.XnView.-.GFLE SDK.) - (3.11.0.0) -- C:\Program Files (x86)\SageThumbs\64\libgfle340.dll (..-..) - (0.0.0.0) -- C:\Windows\ShellExperiences\TileControl.dll (..-..) - (0.0.0.0) -- C:\Windows\ShellComponents\TaskFlowUI.dll (.Samsung Electronics Co., Ltd..-.CDAKEYMonitor for Smart Capture 32bit.) - (1.7.0.0) -- C:\Program Files (x86)\Samsung\Easy Printer Manager\SmartScreenPrint\CDAKEYMonitor64.dll (.Malwarebytes.-.Malwarebytes.) - (3.0.0.57) -- C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll (.Igor Pavlov.-.7-Zip Shell Extension.) - (16.4.0.0) -- C:\Program Files\7-Zip\7-zip.dll (.NVIDIA Corporation.-.NVIDIA Shell Extensions.) - (6.14.13.9135) -- C:\WINDOWS\system32\nv3dappshext.dll ---------- | Winlogon.exe Modules (Microsoft Files Whitelisted) ---------- | svchost.exe Modules (Microsoft Files Whitelisted) (.SQLite Development Team.-.SQLite is a software library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine..) - (3.21.0.0) -- C:\WINDOWS\System32\winsqlite3.dll ---------- | ZeroAccess Check [HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll [HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll [HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll ---------- | Startings up OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-19\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE LOCAL OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-20\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE RÉSEAU CorsairLink4 - (C:\Program Files (x86)\CorsairLink4\CorsairLink4.exe -startup [HKU\S-1-5-21-2641057836-2379893348-9070863-1001\SOFTWARE\...\Run]) - User: DESKTOP-UILF1JK\Sophie SecurityHealth - (%ProgramFiles%\Windows Defender\MSASCuiL.exe [HKLM\SOFTWARE\...\Run]) - User: Public RTHDVCPL - ("C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s [HKLM\SOFTWARE\...\Run]) - User: Public Corel Update Helper - ("C:\Program Files\Corel\Corel PaintShop Pro X8 (64-bit)\pua.exe" /t [HKLM\SOFTWARE\...\Run]) - User: Public EvtMgr6 - (C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [HKLM\SOFTWARE\...\Run]) - User: Public CDAServer - (C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [HKLM\SOFTWARE\...\Run]) - User: Public [HKU\S-1-5-21-2641057836-2379893348-9070863-1001\Software\Microsoft\Command Processor] "CompletionChar"=9 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=9 [HKU\S-1-5-21-2641057836-2379893348-9070863-1001\Software\Microsoft\Windows\CurrentVersion\Run] "CorsairLink4"=C:\Program Files (x86)\CorsairLink4\CorsairLink4.exe -startup [HKU\S-1-5-21-2641057836-2379893348-9070863-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "Device"=SEC30CDA7A81C8F,winspool,Ne00: "IsMRUEstablished"=1 "LegacyDefaultPrinterMode"=0 [HKLM\Software\Microsoft\Command Processor] "DefaultColor"=0 "EnableExtensions"=1 "CompletionChar"=64 "PathCompletionChar"=64 [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "SecurityHealth"=%ProgramFiles%\Windows Defender\MSASCuiL.exe "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s "Corel Update Helper"="C:\Program Files\Corel\Corel PaintShop Pro X8 (64-bit)\pua.exe" /t "EvtMgr6"=C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming "CDAServer"=C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [08/09/2014 13:39:36] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run] "SecurityHealth"=0x040000000000000000000000 "RTHDVCPL"=0x040000000000000000000000 "EvtMgr6"=0x040000000000000000000000 "Corel Update Helper"=0x040000000000000000000000 [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] ""=mnmsrvc "AppInit_DLLs"= "DdeSendTimeout"=0 "DesktopHeapLogging"=1 "DeviceNotSelectedTimeout"=15 "DwmInputUsesIoCompletionPort"=1 "EnableDwmInputProcessing"=7 "GDIProcessHandleQuota"=10000 "IconServiceLib"=IconCodecService.dll "LoadAppInit_DLLs"=0 "NaturalInputHandler"=Ninput.dll "ShutdownWarningDialogTimeout"=4294967295 "Spooler"=yes "ThreadUnresponsiveLogTimeout"=500 "TransmissionRetryTimeout"=90 "USERNestedWindowLimit"=50 "USERPostMessageLimit"=10000 "USERProcessHandleQuota"=10000 "Win32kLastWriteTime"=1D3D1ED98C0F7D8 [HKLM\Software\WOW6432Node\Microsoft\Command Processor] "CompletionChar"=9 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=9 [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows] ""=mnmsrvc "AppInit_DLLs"= "DdeSendTimeout"=0 "DesktopHeapLogging"=1 "DeviceNotSelectedTimeout"=15 "DwmInputUsesIoCompletionPort"=1 "EnableDwmInputProcessing"=7 "GDIProcessHandleQuota"=10000 "IconServiceLib"=IconCodecService.dll "LoadAppInit_DLLs"=0 "NaturalInputHandler"=Ninput.dll "ShutdownWarningDialogTimeout"=4294967295 "Spooler"=yes "ThreadUnresponsiveLogTimeout"=500 "TransmissionRetryTimeout"=90 "USERNestedWindowLimit"=50 "USERPostMessageLimit"=10000 "USERProcessHandleQuota"=10000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED} ---------- | Wininit.ini : [rename] NUL= ---------- | Win.ini : ---------- | System.ini : ---------- | Tasks List Adobe Acrobat Update Task Adobe Flash Player NPAPI Notifier Adobe Flash Player Updater GoogleUpdateTaskMachineCore GoogleUpdateTaskMachineUA OneDrive Standalone Update Task-S-1-5-21-2641057836-2379893348-9070863-1001 StartCN StartDVR ---------- | Startings up registry ? Folder ---------- | Control - lsa - SecurityProviders - Session Manager - Terminal Server [HKLM\System\CurrentControlSet\Control] "BootDriverFlags"=28 "CurrentUser"=USERNAME "EarlyStartServices"=RpcSs Power BrokerInfrastructure SystemEventsBroker DcomLaunch RpcEpMapper LSM AppIdSvc "PreshutdownOrder"=UsoSvc DeviceInstall gpsvc trustedinstaller "SvcHostSplitThresholdInKB"=3670016 "WaitToKillServiceTimeout"=200 "SystemStartOptions"= NOEXECUTE=OPTIN "SystemBootDevice"=multi(0)disk(0)rdisk(0)partition(2) "FirmwareBootDevice"=multi(0)disk(0)rdisk(0)partition(1) "LastBootSucceeded"=1 "LastBootShutdown"=1 "DirtyShutdownCount"=34 [HKLM\System\CurrentControlSet\Control\lsa] "auditbasedirectories"=0 "auditbaseobjects"=0 "Bounds"=0x0030000000200000 "crashonauditfail"=0 "fullprivilegeauditing"=0x00 "LimitBlankPasswordUse"=1 "NoLmHash"=1 "Security Packages"="" [30/10/2011 11:00:50] "Notification Packages"=scecli "Authentication Packages"=msv1_0 "disabledomaincreds"=0 "everyoneincludesanonymous"=0 "forceguest"=0 "LsaPid"=852 "ProductType"=6 "restrictanonymous"=0 "restrictanonymoussam"=1 "SecureBoot"=1 "LsaCfgFlagsDefault"=0 [HKLM\System\CurrentControlSet\Control\SecurityProviders] "SecurityProviders"=credssp.dll [HKLM\System\CurrentControlSet\Control\Session Manager] "AutoChkTimeout"=8 "BootExecute"=autocheck autochk * "BootShell"=%SystemRoot%\system32\bootim.exe "CriticalSectionTimeout"=2592000 "ExcludeFromKnownDlls"= "GlobalFlag"=0 "HeapDeCommitFreeBlockThreshold"=0 "HeapDeCommitTotalFreeThreshold"=0 "HeapSegmentCommit"=0 "HeapSegmentReserve"=0 "InitConsoleFlags"=0 "NumberOfInitialSessions"=2 "ObjectDirectories"=\Windows \RPC Control "ProcessorControl"=2 "ProtectionMode"=1 "RunLevelExecute"=WinInit ServiceControlManager "RunLevelValidate"=ServiceControlManager "SETUPEXECUTE"= "AutoChkSkipSystemPartition"=0 "ResourceTimeoutCount"=648000 [HKLM\System\CurrentControlSet\Control\Terminal Server] "AllowRemoteRPC"=0 "DelayConMgrTimeout"=0 "DeleteTempDirsOnExit"=1 "fDenyTSConnections"=1 "fSingleSessionPerUser"=1 "NotificationTimeOut"=0 "PerSessionTempDir"=0 "ProductVersion"=5.1 "RCDependentServices"=CertPropSvc SessionEnv "SnapshotMonitors"=1 "StartRCM"=0 "TSUserEnabled"=0 "RailShowallNotifyIcons"=1 "RDPVGCInstalled"=1 "InstanceID"=63aadba6-82d0-4ceb-8b1c-64070d4 "GlassSessionId"=5 ---------- | .LNK with Arguments ---------- | AppCertDlls ---------- | Dnsapi.dll C:\WINDOWS\System32\dnsapi.dll -> OK : \drivers\etc\hosts C:\WINDOWS\SysWOW64\dnsapi.dll -> OK : \drivers\etc\hosts ---------- | Policies | Registry [HKU\S-1-5-21-2641057836-2379893348-9070863-1001\Control Panel\Desktop] "ActiveWndTrackTimeout"=0 "BlockSendInputResets"=0 "CaretTimeout"=5000 "CaretWidth"=2 "ClickLockTime"=1200 "CoolSwitchColumns"=7 "CoolSwitchRows"=3 "CursorBlinkRate"=530 "DockMoving"=1 "DragFromMaximize"=1 "DragFullWindows"=1 "DragHeight"=4 "DragWidth"=4 "FocusBorderHeight"=1 "FocusBorderWidth"=1 "FontSmoothing"=2 "FontSmoothingGamma"=0 "FontSmoothingOrientation"=1 "FontSmoothingType"=2 "ForegroundFlashCount"=7 "ForegroundLockTimeout"=200000 "LeftOverlapChars"=3 "MenuShowDelay"=400 "MouseWheelRouting"=2 "PaintDesktopVersion"=0 "Pattern"=0 "RightOverlapChars"=3 "ScreenSaveActive"=1 "SnapSizing"=1 "TileWallpaper"=0 "WallPaper"=C:\Users\Sophie\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper [27/05/2018 22:18:08] "WallpaperOriginX"=0 "WallpaperOriginY"=0 "WallpaperStyle"=10 "WheelScrollChars"=3 "WindowArrangementActive"=1 "WheelScrollLines"=2 "Win8DpiScaling"=0 "DpiScalingVer"=4096 "UserPreferencesMask"=0x9E1E078012000000 "MaxVirtualDesktopDimension"=3840 "MaxMonitorDimension"=1920 "TranscodedImageCount"=2 "LastUpdated"=0 "TranscodedImageCache"=0x7AC301000403100080070000B0040000008F87D42D1DCD0143003A005C00550073006500720073005C0053006F0070006800690065005C0041007000700044006100740061005C004C006F00630061006C005C004D006900630072006F0073006F00660074005C00570069006E0064006F00770073005C005400680065006D00650073005C004600750074007500720069007300740069005C004400650073006B0074006F0070004200610063006B00670072006F0075006E0064005C003800730070006800650072006900630061006C007700650062002E006A0070006700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 "AutoColorization"=0 "ImageColor"=2952507225 "TranscodedImageCache_004"=0x7AC30100D7C40B0080070000B004000000BF124F6F7ECC0143003A005C00550073006500720073005C0053006F0070006800690065005C0041007000700044006100740061005C004C006F00630061006C005C004D006900630072006F0073006F00660074005C00570069006E0064006F00770073005C005400680065006D00650073005C0046006900730068005C004400650073006B0074006F0070004200610063006B00670072006F0075006E0064005C00740072006F0070006900630061006C00660069007300680039002E006A00700067000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005C005C003F005C0044004900530050004C00410059002300490056004D0036003100330032002300350026003100350039003900360062003000620026003100260055004900440032003600320023007B00650036006600300037006200350066002D0065006500390037002D0034006100390030002D0062003000370036002D003300330066003500370062006600340065006100610037007D0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 "TranscodedImageCache_003"=0x7AC301002E750D0080070000B004000000E987646F7ECC0143003A005C00550073006500720073005C0053006F0070006800690065005C0041007000700044006100740061005C004C006F00630061006C005C004D006900630072006F0073006F00660074005C00570069006E0064006F00770073005C005400680065006D00650073005C0046006900730068005C004400650073006B0074006F0070004200610063006B00670072006F0075006E0064005C00740072006F0070006900630061006C00660069007300680032002E006A00700067000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005C005C003F005C0044004900530050004C00410059002300490056004D0035003600300038002300350026003100350039003900360062003000620026003100260055004900440032003600300023007B00650036006600300037006200350066002D0065006500390037002D0034006100390030002D0062003000370036002D003300330066003500370062006600340065006100610037007D0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 "TranscodedImageCache_000"=0x7AC301000403100080070000B0040000008F87D42D1DCD0143003A005C00550073006500720073005C0053006F0070006800690065005C0041007000700044006100740061005C004C006F00630061006C005C004D006900630072006F0073006F00660074005C00570069006E0064006F00770073005C005400680065006D00650073005C004600750074007500720069007300740069005C004400650073006B0074006F0070004200610063006B00670072006F0075006E0064005C003800730070006800650072006900630061006C007700650062002E006A007000670000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005C005C003F005C0044004900530050004C00410059002300490056004D0035003600300038002300350026003100350039003900360062003000620026003100260055004900440032003600300023007B00650036006600300037006200350066002D0065006500390037002D0034006100390030002D0062003000370036002D003300330066003500370062006600340065006100610037007D0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 "TranscodedImageCache_001"=0x7AC30100B31E0E0080070000B0040000005025EB4A21CD0143003A005C00550073006500720073005C0053006F0070006800690065005C0041007000700044006100740061005C004C006F00630061006C005C004D006900630072006F0073006F00660074005C00570069006E0064006F00770073005C005400680065006D00650073005C004600750074007500720069007300740069005C004400650073006B0074006F0070004200610063006B00670072006F0075006E0064005C00360069006E007400650072006C006F0063006B0065006400700069006E0077006800650065006C0073002E006A0070006700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005C005C003F005C0044004900530050004C00410059002300490056004D0036003100330032002300350026003100350039003900360062003000620026003100260055004900440032003600320023007B00650036006600300037006200350066002D0065006500390037002D0034006100390030002D0062003000370036002D003300330066003500370062006600340065006100610037007D0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 "WaitToKillAppTimeout"=200 "HungAppTimeout"=200 [HKU\S-1-5-21-2641057836-2379893348-9070863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{018D5C66-4533-4307-9B53-224DE2ED1FE6}"=1 [HKU\S-1-5-21-2641057836-2379893348-9070863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer] "ShowFrequent"=0 "ShellState"=0x240000003B2800000000000000000000000000000100000013000000000000004A000000 "ExplorerStartupTraceRecorded"=1 "UserSignedIn"=1 "SlowContextMenuEntries"=0xEE984C473DCFF54180E34AAB0AB04301921400005D54A9A2C2A0B4429708A0B2BADD77C8A13B00000114020000000000C0000000000000462B2500008549D87AB487164ABE588B72A5B390F7A30C0000690F1723C1408A27100000010002000083190000 "SIDUpdatedOnLibraries"=1 "LocalKnownFoldersMigrated"=1 "TelemetrySalt"=4 "GlobalAssocChangedCounter"=517 "FirstRunTelemetryComplete"=1 "AppReadinessLogonComplete"=1 "EdgeDesktopShortcutCreated"=1 "PostAppInstallTasksCompleted"=1 "link"=0x1E000000 "ScreenshotIndex"=17 [HKU\S-1-5-21-2641057836-2379893348-9070863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_SearchFiles"=2 "ServerAdminUI"=0 "Hidden"=1 "ShowCompColor"=1 "HideFileExt"=0 "DontPrettyPath"=0 "ShowInfoTip"=1 "HideIcons"=0 "MapNetDrvBtn"=0 "WebView"=1 "Filter"=0 "ShowSuperHidden"=0 "SeparateProcess"=0 "AutoCheckSelect"=1 "IconsOnly"=0 "ShowTypeOverlay"=0 "ShowStatusBar"=1 "StoreAppsOnTaskbar"=1 "ListviewAlphaSelect"=1 "ListviewShadow"=1 "TaskbarAnimations"=1 "StartMenuInit"=13 "TaskbarStateLastRun"=0xF3A1875B00000000 "ReindexedProfile"=1 "ShowEncryptCompressedColor"=1 "Start_TrackDocs"=0 "Start_TrackProgs"=0 "NavPaneShowAllFolders"=0 "HideMergeConflicts"=0 [HKU\S-1-5-21-2641057836-2379893348-9070863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\WordWheelQuery] "0"=0x620075006E006E0079000000 "MRUListEx"=0x3500000034000000330000003200000031000000300000002F0000002E0000002D0000002B0000002C0000002A000000290000002800000027000000260000002500000024000000230000002200000021000000200000001F0000001E0000001D0000001C0000001B0000001A000000190000001800000017000000160000001500000014000000130000001100000012000000100000000F0000000E0000000D0000000C0000000B0000000A00000009000000080000000700000006000000050000000400000003000000020000000100000000000000FFFFFFFF "1"=0x6A006F007200640073000000 "2"=0x4A006F007200640073006B006F00740074000000 "3"=0x730075006E0020006B00690073007300650064000000 "4"=0x63006F00720065006C0020007500700064006100740065002000680065006C007000650072000000 "5"=0x62006F006E006E0065007300200076006100630061006E006300650073000000 "6"=0x620065006100630068000000 "7"=0x6300680065007600650075000000 "8"=0x660065006D006D006500200073006500780079000000 "9"=0x6D0069006E00690020006B00690074000000 "10"=0x500053004D006100720031003800620074000000 "11"=0x640065000000 "12"=0x6400680065000000 "13"=0x32003000310031000000 "14"=0x730069000000 "15"=0x6500610073007900630061007000740075007200650020006D0061006E0061006700650072002F0020007000720069006E007400730063007200650065006E000000 "16"=0x700069006500720072006F000000 "18"=0x61006E006E0065000000 "17"=0x72006900630065000000 "19"=0x7100750061006E007400690063006F000000 "20"=0x6A006100700070000000 "21"=0x6400650061006E000000 "22"=0x620075007300730069000000 "23"=0x68006F006F0064000000 "24"=0x6200650065000000 "25"=0x72006F00620073006F006E000000 "26"=0x6D00610072006B00200072006F00620073006F006E000000 "27"=0x7400750074006F000000 "28"=0x74006800610066000000 "29"=0x6C006100720069007300730061000000 "30"=0x74006900670072006500200062006C0061006E0063000000 "31"=0x3200300031003800200036000000 "32"=0x63006800650076006500750078002000760065007200740073000000 "33"=0x63006800650076006500750078000000 "34"=0x660061006300750072000000 "35"=0x6600610063007400750072006500200066007200650065000000 "36"=0x66006100630074007500720065000000 "37"=0x6C0075007A000000 "38"=0x64000000 "39"=0x64007200610067000000 "40"=0x6C006F006500760065006E000000 "41"=0x6E0061006F006D0069000000 "42"=0x610072000000 "44"=0x65006D0062006F00730073000000 "43"=0x5500730065007200200044006500660069006E00650064002000460069006C007400650072000000 "45"=0x63006800610070000000 "46"=0x72006F00620069006E00200068006F00640064002E0064006F00630078000000 "47"=0x72006F00620069006E00200068006F00620062002E0064006F00630078000000 "48"=0x63006F006F006B000000 "49"=0x6300680065000000 "50"=0x6600720061006E00690065000000 "51"=0x760069006E0074006100670065000000 "52"=0x700061007200690073000000 "53"=0x320030003100380030003700320030005F003200310032003400300031000000 [HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers] "authenticodeenabled"=0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "DSCAutomationHostEnabled"=2 "EnableCursorSuppression"=1 "EnableFullTrustStartupTasks"=2 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableUwpStartupTasks"=2 "EnableVirtualization"=1 "PromptOnSecureDesktop"=1 "SupportFullTrustStartupTasks"=1 "SupportUwpStartupTasks"=1 "ValidateAdminCodeSignatures"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "ForceActiveDesktopOn"=0 "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "NoRecentDocsHistory"=0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoAddingComponents"=1 "NoComponents"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "CheckedValue"=1 "DefaultValue"=2 "HKeyRoot"=2147483649 "Id"=2 "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "ValueName"=Hidden [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer] "ActiveSetupDisabled"=0 "ActiveSetupTaskOverride"=1 "AsyncRunOnce"=1 "AsyncUpdatePCSettings"=1 "DisableAppInstallsOnFirstLogon"=1 "DisableResolveStoreCategories"=1 "DisableUpgradeCleanup"=1 "EarlyAppResolverStart"=1 "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "FSIASleepTimeInMs"=60000 "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "IconUnderline"=2 "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "MachineOobeUpdates"=1 "NoWaitOnRoamingPayloads"=1 "TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd} "AccessDeniedDialog"={100B4FC8-74C1-470F-B1B7-DD7B6BAE79BD} "GlobalAssocChangedCounter"=7 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_TrackDocs"=1 "TaskbarSizeMove"=0 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s [HKLM\Software\WOW6432Node\Policies\Microsoft\Windows\Safer\CodeIdentifiers] "authenticodeenabled"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "DSCAutomationHostEnabled"=2 "EnableCursorSuppression"=1 "EnableFullTrustStartupTasks"=2 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableUwpStartupTasks"=2 "EnableVirtualization"=1 "PromptOnSecureDesktop"=1 "SupportFullTrustStartupTasks"=1 "SupportUwpStartupTasks"=1 "ValidateAdminCodeSignatures"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer] "ForceActiveDesktopOn"=0 "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "NoRecentDocsHistory"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoAddingComponents"=1 "NoComponents"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "CheckedValue"=1 "DefaultValue"=2 "HKeyRoot"=2147483649 "Id"=2 "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "ValueName"=Hidden [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer] "ActiveSetupDisabled"=0 "ActiveSetupTaskOverride"=1 "AsyncRunOnce"=1 "AsyncUpdatePCSettings"=1 "DisableAppInstallsOnFirstLogon"=1 "DisableResolveStoreCategories"=1 "DisableUpgradeCleanup"=1 "EarlyAppResolverStart"=1 "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "FSIASleepTimeInMs"=60000 "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "IconUnderline"=2 "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "MachineOobeUpdates"=1 "NoWaitOnRoamingPayloads"=1 "TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd} "AccessDeniedDialog"={100B4FC8-74C1-470F-B1B7-DD7B6BAE79BD} "GlobalAssocChangedCounter"=18 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_TrackDocs"=1 "TaskbarSizeMove"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s ---------- | Winlogon [HKU\S-1-5-21-2641057836-2379893348-9070863-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin;OneDrive;Work Folders "PUUActive"=0x0EFB17D002001A007E004102A7151500FF521500FF521500D200000003004300AA2FFEFFEF7F6600C6411B00F3DC0C00CA400C007EBE0000000000005C161600376D000069050000735EE692C743D401699915000000000001000000A7151500EE42000025030000F2241A0100000000 "BuildNumber"=17134 "FirstLogon"=0 "DP"=0xD200E800D4001A007D0000000EFB17D00000000000000000735EE692C743D401735EE692C743D401000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000F03F80510100DB97008059800741598027437432018035D6FA0035D6FA082D020000411C10014B1E1005727300809416A608DC16A608D4B5000001350E2125370E21A22100802324F0046324F2244D2E0040084210024846100620EE008046030270462B0274C31601804280801042849411FD21018001281A4B41285A5B16620080F00C0011F02C0451 "ParseAutoexec"=1 [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "AutoRestartShell"=1 "Background"=0 0 0 "CachedLogonsCount"=10 "DebugServerCommand"=no "DisableBackButton"=1 "EnableSIHostIntegration"=1 "ForceUnlockLogon"=0 "LegalNoticeCaption"= "LegalNoticeText"= "PasswordExpiryWarning"=5 "PowerdownAfterShutdown"=0 "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "ReportBootOk"=1 "Shell"=explorer.exe "ShellCritical"=0 "ShellInfrastructure"=sihost.exe "SiHostCritical"=0 "SiHostReadyTimeOut"=0 "SiHostRestartCountLimit"=0 "SiHostRestartTimeGap"=0 "VMApplet"=SystemPropertiesPerformance.exe /pagefile "WinStationsDisabled"=0 "scremoveoption"=0 "LastLogOffEndTimePerfCounter"=1098696878415 "ShutdownFlags"=2147483687 "Userinit"=C:\Windows\system32\userinit.exe, "DisableCad"=1 "DisableLockWorkstation"=0 "EnableFirstLogonAnimation"=1 "AutoLogonSID"=S-1-5-21-2641057836-2379893348-9070863-1001 "LastUsedUsername"=Sophie [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon] "DefaultDomainName"= "DefaultUserName"= "EnableSIHostIntegration"=1 "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "Shell"=explorer.exe "ShellCritical"=0 "SiHostCritical"=0 "SiHostReadyTimeOut"=0 "SiHostRestartCountLimit"=0 "SiHostRestartTimeGap"=0 ---------- | Associations [HKLM\Software\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\Classes\.com] ""=comfile [HKLM\Software\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.reg] ""=regfile [HKLM\Software\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\Classes\.scr] ""=SageThumbsImage.scr "SageThumbs.bak"=scrfile "PerceivedType"=image "Content Type"=image/scr [HKLM\Software\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\Classes\.bat] ""=batfile [HKLM\Software\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.cmd] ""=cmdfile [HKLM\Software\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.pif] ""=piffile [HKLM\Software\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.inf] ""=inffile [HKLM\Software\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\Classes\.url] ""=InternetShortcut [HKLM\Software\Classes\.lnk] ""=lnkfile [HKLM\Software\Classes\.hta] ""=htafile "Content Type"=application/hta "PerceivedType"=text [HKLM\Software\Classes\htafile\Shell\Open\Command] ""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* [HKLM\Software\Classes\InternetShortcut] "EditFlags"=2 "FriendlyTypeName"=@C:\WINDOWS\system32\ieframe.dll,-10046 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "NeverShowExt"= "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment ""=Raccourci Internet [HKLM\Software\Classes\Application.Manifest] ""=Application Manifest "BrowserFlags"=4096 "EditFlags"=4259840 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200 [HKLM\Software\Classes\Application.Reference] ""=Application Reference "EditFlags"=131072 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201 "IsShortcut"= "NeverShowExt"= [HKLM\Software\Classes\Folder] ""=Folder "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeLayoutPatternForSearch"=alpha "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.HomeGroupSharingStatus [HKLM\Software\WOW6432Node\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\WOW6432Node\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\WOW6432Node\Classes\.com] ""=comfile [HKLM\Software\WOW6432Node\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.reg] ""=regfile [HKLM\Software\WOW6432Node\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\WOW6432Node\Classes\.scr] ""=SageThumbsImage.scr "SageThumbs.bak"=scrfile "PerceivedType"=image "Content Type"=image/scr [HKLM\Software\WOW6432Node\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\WOW6432Node\Classes\.bat] ""=batfile [HKLM\Software\WOW6432Node\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.cmd] ""=cmdfile [HKLM\Software\WOW6432Node\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.pif] ""=piffile [HKLM\Software\WOW6432Node\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.inf] ""=inffile [HKLM\Software\WOW6432Node\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\WOW6432Node\Classes\.url] ""=InternetShortcut [HKLM\Software\WOW6432Node\Classes\.lnk] ""=lnkfile [HKLM\Software\WOW6432Node\Classes\.hta] ""=htafile "Content Type"=application/hta "PerceivedType"=text [HKLM\Software\WOW6432Node\Classes\htafile\Shell\Open\Command] ""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* [HKLM\Software\WOW6432Node\Classes\InternetShortcut] "EditFlags"=2 "FriendlyTypeName"=@C:\WINDOWS\system32\ieframe.dll,-10046 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "NeverShowExt"= "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment ""=Raccourci Internet [HKLM\Software\WOW6432Node\Classes\Application.Manifest] ""=Application Manifest "BrowserFlags"=4096 "EditFlags"=4259840 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200 [HKLM\Software\WOW6432Node\Classes\Application.Reference] ""=Application Reference "EditFlags"=131072 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201 "IsShortcut"= "NeverShowExt"= [HKLM\Software\WOW6432Node\Classes\Folder] ""=Folder "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeLayoutPatternForSearch"=alpha "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.HomeGroupSharingStatus [HKU\S-1-5-21-2641057836-2379893348-9070863-1001\Software\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\Shell\open\Command] ""="C:\Program Files\Mozilla Firefox\firefox.exe" [HKU\S-1-5-21-2641057836-2379893348-9070863-1001\Software\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\InstallInfo] "ReinstallCommand"="C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\Shell\open\Command] ""="C:\Program Files\Mozilla Firefox\firefox.exe" [HKLM\Software\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\InstallInfo] "ReinstallCommand"="C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\Clients\StartMenuInternet\Google Chrome\Shell\open\Command] ""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [HKLM\Software\Clients\StartMenuInternet\Google Chrome\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""=C:\Program Files\Internet Explorer\iexplore.exe [12/04/2018 18:19:51] [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\Shell\open\Command] ""="C:\Program Files\Mozilla Firefox\firefox.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\InstallInfo] "ReinstallCommand"="C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\Shell\open\Command] ""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""=C:\Program Files\Internet Explorer\iexplore.exe [12/04/2018 18:19:51] [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall ---------- | AppcompatFlags [HKU\S-1-5-21-2641057836-2379893348-9070863-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store] "C:\Users\Sophie\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000787C03003765040001000000000000000000000A00210000E63F486B2AA0D2010000000100000000 "C:\Users\Sophie\Downloads\ChromeSetup.exe"=0x53414350010000000000000007000000280000005841110043DD110001000000000000000000000A00210000E63F486B2AA0D2010000008100000000 "C:\Users\Sophie\AppData\Local\Temp\GUM9166.tmp\GoogleUpdateSetup.exe"=0x53414350010000000000000007000000280000005841110043DD110001000000000000000000000A00210000E63F486B2AA0D2010000008000000000020000002800000000000000000000400000000000000000000000000000000016D10100000000000100000001000000 "C:\Users\Sophie\Downloads\Allin1(v17.40.3301-WHQL)\Setup.exe"=0x534143500100000000000000070000002800000088B10A00E3CE0A0001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000E97F0100000000000100000001000000 "C:\Users\Sophie\Downloads\Audio(v8067_FF10)\Setup.exe"=0x5341435001000000000000000700000028000000E03B1200D01B130001000000000000000000030600010000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000E5760000000000000100000001000000 "C:\Users\Sophie\Downloads\Intel_Lan(v21.1)\Autorun.exe"=0x534143500100000000000000070000002800000078D40000928C010001000000000000000000000A80210000E78E163C2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000EB1A0000000000000100000001000000 "C:\Users\Sophie\Downloads\Corsair LINK Installer v4.9.7.35.exe"=0x534143500100000000000000070000002800000090A48A02294D8B0201000000000000000000000A00210000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000056390200000000000100000001000000 "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe"=0x534143500100000000000000050000001000000000000000000000000000000000000000070000002800000000A20101EB91020101000000000000000000030600010000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000CCB3BE03000000005100000051000000 "C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe"=0x534143500100000000000000070000002800000088F788009005890001000000000000000000000A00210000E78E163C2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000140F0000000000000100000001000000 "C:\Users\Sophie\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000A0E00300017A040001000000000000000000000A00210000E63F486B2AA0D2010000000100000000 "C:\Users\Sophie\Downloads\MPC-HC.1.7.13.x64.exe"=0x53414350010000000000000007000000280000000074D8001CDED80001000000000000000000000A00210000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000047A00000000000000100000001000000 "C:\Program Files\MPC-HC\mpc-hc64.exe"=0x5341435001000000000000000700000028000000F032C100B62BC20001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000078000000000000000000001200000000000000000000000000000000006C480200000000B7000000B7000000000000000000000000000000000000000000000000000000515800000000000005000000000000000000000000000040000000000000000000000000000000004BBC0000000000000100000000000000 "D:\Téléchargements\Firefox Installer.exe"=0x534143500100000000000000070000002800000080C90400EE13050001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000C12F0200000000000100000001000000 "D:\Téléchargements\logiciels\sagethumbs_2.0.0.22_setup.exe"=0x53414350010000000000000007000000280000008C0022000000000001000000000000000000030600010000E63F486B2AA0D2010000000000000000020000002800000000000000000000400000000000000000000000000000000024FB0100000000000100000001000000 "D:\Téléchargements\logiciels\pthsetup.exe"=0x534143500100000000000000070000002800000094EE04000000000001000000000000000000010571000000E63F486B2AA0D201000000000000000002000000280000000000000000080040000000000000000000000000000000007B510000000000000100000001000000 "D:\Téléchargements\SetPoint6.68.250_64.exe"=0x534143500100000000000000070000002800000028630505278D050501000000000000000000010600010000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000008794C101000000000100000001000000 "C:\Users\Sophie\AppData\Roaming\Logishrd\SetClean\LDConfig.exe"=0x5341435001000000000000000700000028000000508A0100FD0F020001000000000000000000010673220000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000009C000000000000000200000002000000 "E:\Temp\Temp1_scriptedit.zip\script_edit.exe"=0x5341435001000000000000000700000028000000A1EC12000000000001000000000000000000010571000000E63F486B2AA0D201000000000000000002000000280000000000000000000000400400000000000040000000000000000B140200000000000100000001000000010000000400000001000000 "C:\Program Files\Common Files\LogiShrd\CDDRV3\LDConfig.exe"=0x5341435001000000000000000700000028000000888E0100918C020001000000000000000000000A73220000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000020000000000000000B0100000B010000 "C:\Program Files\Common Files\LogiShrd\sp6\LU1\LULnchr.exe"=0x5341435001000000000000000700000028000000186905005920060001000000000000000000020671220000BFA2139DEDD1D30100000080000000000500000010000000000000000000000000000000000000000200000028000000000000000000000000000000000000000000000000000000D9920000000000000D0100000D010000 "D:\Téléchargements\readerdc_fr_xa_crd_install.exe"=0x5341435001000000000000000700000028000000F86D12000459130001000000000000000000000A00210000E63F486B2AA0D201000000000000000002000000280000000000000000000000000000000000000000000000000000008A200300000000000100000001000000 "D:\Téléchargements\XnViewMP-win-x64.exe"=0x5341435001000000000000000700000028000000480C8702B1FD870201000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000E7F80000000000000100000001000000 "D:\Téléchargements\Puppy.exe"=0x5341435001000000000000000700000028000000C09104006893040001000000000000000000010571200000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000012390000000000000100000001000000 "D:\Téléchargements\logiciels\7z1604-x64.exe"=0x5341435001000000000000000700000028000000CE1415000000000001000000000000000000000A00210000E63F486B2AA0D2010000000000000000020000002800000000000000000000400000000000000000000000000000000074260000000000000100000001000000 "D:\Téléchargements\logiciels\FontViewerPortable_3.86_Dev_Test_2.paf.exe"=0x53414350010000000000000007000000280000009FEC0B000000000001000000000000000000010600010000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000450C0000000000000100000001000000 "D:\Téléchargements\logiciels\install\script_edit.exe"=0x5341435001000000000000000700000028000000A1EC12000000000001000000000000000000010571000000E63F486B2AA0D20100000000000000000200000028000000000000000000000040040000000000004000000000000000D3860000000000000100000001000000010000000400000001000000 "D:\Téléchargements\logiciels\theflorist_3269260.exe"=0x5341435001000000000000000700000028000000AD104C009A83080001000000000000000000020661220000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000059690000000000000100000001000000 "D:\Téléchargements\logiciels\PSP X8\PaintShopProX8_SP1.exe"=0x534143500100000000000000070000002800000070E0160B612D170B01000000000000000000030600010000E63F486B2AA0D2010000000000000000020000002800000000000000000000000010000000000000000000000000000060250200000000000200000002000000 "D:\Téléchargements\logiciels\PSP X8\PSPX8_PF.exe"=0x5341435001000000000000000700000028000000208A1812D041191201000000000000000000030600010000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000061410600000000000100000001000000 "SIGN.MEDIA=912C715 Jeux_Windows7_pour_Windows10.exe"=0x5341435001000000000000000700000028000000DFEB2A090000000001000000000000000000000671000000E63F486B2AA0D2010000000000000000 "C:\Program Files\Corel\Corel PaintShop Pro X8 (64-bit)\Corel PaintShop Pro.exe"=0x5341435001000000000000000700000028000000381D9C00573E9C0001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000050000000000000000000000000000000000000000000000000000000019DAB02000000005D0000005700000000000000000000400000000000000000000000000000000007DA0600000000000300000000000000 "F:\ma sauvegarde\Documents\captvty\Captvty.exe"=0x534143500100000000000000070000002800000000243A000000000001000000000000000000000AF1220000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000785C0000000000000100000001000000 "D:\Téléchargements\Apache_OpenOffice_4.1.5_Win_x86_install_fr.exe"=0x5341435001000000000000000700000028000000B84FE4070000000001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000005B7A0100000000000200000002000000 "C:\Program Files\XnViewMP\xnviewmp.exe"=0x53414350010000000000000007000000280000000004BA000000000001000000000000000000000A73220000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000068CD0200000000000800000008000000 "D:\Téléchargements\SyncBack_Setup.exe"=0x53414350010000000000000007000000280000008824860112D1860101000000000000000000000A00210000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000003BC0200000000000200000002000000 "D:\Téléchargements\SyncBack_Setup (1).exe"=0x53414350010000000000000007000000280000008824860112D1860101000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000435D0000000000000100000001000000 "C:\Program Files (x86)\OpenOffice 4\program\soffice.exe"=0x5341435001000000000000000700000028000000001A96004393960001000000000000000000000A71220000BFA2139DEDD1D3010000000000000000020000002800000000000000000000100000000000000000000000000000000006160400000000000600000006000000 "C:\Program Files (x86)\OpenOffice 4\program\scalc.exe"=0x534143500100000000000000070000002800000000960100847F020001000000000000000000000A71220000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000AB5FA102000000000C0000000C000000 "C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe"=0x534143500100000000000000070000002800000000F60C0024390D0001000000000000000000010673000000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000006F1D690100000000B1000000B1000000 "D:\Téléchargements\radeon-adrenalin-18.5.1-minimalsetup-180522_web.exe"=0x5341435001000000000000000700000028000000E82874022A65740201000000000000000000000A00210000BFA2139DEDD1D3010000000000000000 "D:\Téléchargements\tripeaks_solitaire.exe"=0x5341435001000000000000000700000028000000442D39000000000001000000000000000000010571000000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000FF280100000000000100000001000000 "C:\Program Files\internet explorer\iexplore.exe"=0x534143500100000000000000070000002800000008910C0061C40C0001000000010000000000000A00210000BFA2139DEDD1D3010000000000000000 "D:\Téléchargements\puzzle_maya_73bfab087c0b0550b94a07634ffc1aee.exe"=0x5341435001000000000000000700000028000000990B09000000000001000000000000000000000A61200000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000FE6A1700000000000100000001000000 "D:\Téléchargements\puzzle_maya_16430fb866862f5125d053cdb25f3df3.exe"=0x5341435001000000000000000700000028000000C36009000000000001000000000000000000000A61200000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000019161700000000000100000001000000 "D:\Documents\OnePlayer\Pat1\OP_patience1.exe"=0x53414350010000000000000007000000280000004AFB1E000000000001000000000000000000010571200000BFA2139DEDD1D3010000000000000000050000001000000000000000000000000000000000000000020000005000000000000000000000000004000000000000000000000000000027D30800000000001E00000004000000000000000000004000000000000000000000000000000000F9CA0500000000000300000000000000 "D:\Téléchargements\logiciels\FontViewerPortable\FontViewerPortable.exe"=0x5341435001000000000000000700000028000000C9E302000000000001000000000000000000010600210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000E5060000000000000100000001000000 "C:\Program Files\Microsoft Games\Hearts\Hearts.exe"=0x534143500100000000000000070000002800000000BA0B00BF270C0001000000000000000000010673000000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000086510100000000000100000001000000 "C:\Program Files (x86)\2BrightSparks\SyncBackFree\unins000.exe"=0x534143500100000000000000070000002800000038A613009511140003000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000D5420000000000000300000003000000 "C:\Program Files\windows nt\accessories\wordpad.exe"=0x5341435001000000000000000700000028000000008E44000FC6440001000000010000000000000A63220000BFA2139DEDD1D3010000000000000000 "C:\Program Files (x86)\OpenOffice 4\program\sbase.exe"=0x534143500100000000000000070000002800000000960100F6D3010001000000000000000000000A71220000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000F9150000000000000100000001000000 "C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe"=0x534143500100000000000000070000002800000000340D0097D60D0001000000000000000000010673000000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000077F57100000000003D0000003D000000 "C:\Program Files (x86)\OpenOffice 4\program\swriter.exe"=0x5341435001000000000000000700000028000000009601004538020001000000000000000000000A71220000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000025E60100000000000F0000000F000000 "C:\Program Files\Windows Mail\wab.exe"=0x534143500100000000000000070000002800000000E80700BA7C080001000000010000000000000A73220000BFA2139DEDD1D3010000000000000000 "C:\Program Files\XnViewMP\unins000.exe"=0x534143500100000000000000070000002800000068901400DD9E140003000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000F21E0000000000000100000001000000 "D:\Téléchargements\XnView-win.exe"=0x5341435001000000000000000700000028000000C0D055007295560001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000094E40000000000000100000001000000 "C:\Program Files (x86)\XnView\xnview.exe"=0x534143500100000000000000070000002800000048B262000E15630001000000000000000000000A71220000BFA2139DEDD1D3010000000000000000020000005000000000000000000000000000000000000000000000000000000071600300000000001E0000001B00000000000000000000400000000000000000000000000000000053010100000000000100000000000000 "D:\Documents\My PSP Files\Modules externes\Alien Skin snap art\Setup.exe"=0x534143500100000000000000070000002800000008139E0062E99E0001000000000000000000010571000000BFA2139DEDD1D30100000000000000000200000028000000000000000008004000000000000000000000000000000000EF710100000000000100000001000000 "C:\Program Files\NVIDIA Corporation\Control Panel Client\nvcplui.exe"=0x5341435001000000000000000700000028000000C0D5CF0001D3D00001000000000000000000000A73220000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000055260000000000000100000001000000 "C:\Program Files\Logitech\SetPointP\SetPoint.exe"=0x534143500100000000000000070000002800000088B22F008EEC2F0001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000AC000000000000000100000001000000 "C:\Program Files\Common Files\LogiShrd\Unifying\DJCUHost.exe"=0x534143500100000000000000070000002800000018F305008465060001000000000000000000030673220000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000D7050100000000000100000001000000 "C:\Program Files\Logitech\SetPointP\LogiAppBroker.exe"=0x534143500100000000000000070000002800000088DC05009E80060001000000000000000000000A73220000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000CD533D03000000000600000006000000 "C:\Program Files\PSP Thumbnail Handler\Setup.exe"=0x5341435001000000000000000700000028000000007003000000000003000000000000000000000673000000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000005E270000000000000100000001000000 "C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe"=0x534143500100000000000000070000002800000000800C0069820C0001000000000000000000010673000000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000B85DE800000000004700000047000000 "D:\Téléchargements\pthsetup.exe"=0x534143500100000000000000070000002800000094EE04000000000001000000000000000000010571000000BFA2139DEDD1D30100000000000000000200000028000000000000000008004000000000000000000000000000000000E7F80000000000000200000002000000 "C:\Program Files (x86)\Corel\Corel PaintShop Pro X8\Corel PaintShop Pro.exe"=0x534143500100000000000000070000002800000038419B0026BD9B0001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000050000000000000000000000000000000000000000000000000000000A0216803000000001C01000010010000000000000000004000000000000000000000000000000000BA5DE100000000000200000000000000 "D:\Téléchargements\logiciels\belatout531.exe"=0x534143500100000000000000070000002800000041B525000000000001000000000000000000000A41200000BFA2139DEDD1D3010000000000000000020000002800000000000000000800400000000000000000000000000000000075810000000000000100000001000000 "C:\Program Files (x86)\Jeux de cartes\Bel Atout\belatout.exe"=0x5341435001000000000000000700000028000000005219000000000001000000000000000000000A41200000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000D8F80D00000000001E0000001E000000 "C:\Program Files (x86)\Alien Skin\Settings Router\Settings Router.exe"=0x5341435001000000000000000700000028000000005004000000000001000000000000000000010571200000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000020200000000000000000000000000937C0000000000001900000019000000 "D:\Documents\My PSP Files\Modules externes\AlienSkin_EyeCandy5_Impact\fo-ec5i.exe"=0x5341435001000000000000000700000028000000D37389000000000001000000000000000000010571200000BFA2139DEDD1D30100000000000000000200000028000000000000000008004000000000000000000000000000000000790D0100000000000100000001000000 "D:\Documents\My PSP Files\Modules externes\Ulead effect particle\Pp10f.exe"=0x5341435001000000000000000700000028000000001223006067230001000000000000000000010571000000BFA2139DEDD1D301000000000000000002000000280000000000000000080040000000000000000000000000000000005BED0400000000000100000001000000 "D:\Documents\My PSP Files\Modules externes\Nick Software Color effex 3.0\CEP-3.0-Complete-rev3.1.exe"=0x5341435001000000000000000700000028000000C0E05F00C29E600001000000000000000000000671020000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000F03C0200000000000100000001000000 "C:\Users\Sophie\AppData\Local\Microsoft\OneDrive\18.091.0506.0007\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000A8E003002796040001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe"=0x5341435001000000000000000700000028000000002E0D007B040E0001000000000000000000010673000000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000002DEA0100000000000200000002000000 "D:\Téléchargements\logiciels\office 2007\SETUP.EXE"=0x534143500100000000000000070000002800000030110700C7F8070001000000000000000000000671020000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000E1AB0300000000000100000001000000 "D:\Documents\My PSP Files\Modules externes\Xenofex 1.1\Adobe, Photoshop Plugin Xenofex 1.1.exe"=0x5341435001000000000000000700000028000000118A08000000000001000000000000000000010571200000BFA2139DEDD1D301000000000000000005000000100000000000000000000000000000000008000002000000280000000000000000080040000000000000000000000000000000006AB70000000000000100000001000000 "D:\Documents\My PSP Files\Modules externes\xenofex2\fo-axen2.exe"=0x5341435001000000000000000700000028000000328C40000000000001000000000000000000010571200000BFA2139DEDD1D301000000000000000002000000280000000000000000080040000000000000000000000000000000007AA90100000000000100000001000000 "D:\Téléchargements\logiciels\install\FontViewerPortable\FontViewerPortable.exe"=0x5341435001000000000000000700000028000000C9E302000000000001000000000000000000010600210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000598DDE02000000000900000009000000 "D:\Téléchargements\logiciels\install\animation_shop\setup.exe"=0x5341435001000000000000000700000028000000007003000000000001000000000000000000010571200000BFA2139DEDD1D3010000000000000000020000002800000000000000000800400000000000000000000000000000000025C50000000000000100000001000000 "D:\Téléchargements\logiciels\install\Script Edit\Script Edit.exe"=0x5341435001000000000000000700000028000000004C10000000000001000000000000000000010551200000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000040000000000000000000000000000DE310000000000000100000001000000 "C:\Program Files\7-Zip\7z.exe"=0x534143500100000000000000070000002800000000D206000000000001000000000000000000000A73200000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000008D000000000000001700000017000000 "D:\Téléchargements\logiciels\install\Script Edit\script_edit.exe"=0x5341435001000000000000000700000028000000A1EC12000000000001000000000000000000010571200000BFA2139DEDD1D3010000000000000000010000000400000001000000020000005000000000000000200800600000000000000000000000000000000043C00000000000000100000001000000000000000000000040040000000000004000000000000000C3B50000000000000100000000000000 "D:\Téléchargements\logiciels\FMPatcher\FMPatcherSetup.exe"=0x5341435001000000000000000700000028000000E09406000000000001000000000000000000000641220000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000C97A0100000000000100000001000000 "C:\Program Files (x86)\FMPatcher\FMPatcher.exe"=0x5341435001000000000000000700000028000000006205000000000001000000000000000000000641200000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000800000200000028000000000000000008004000000000000000000000000000000000BC077E00000000000100000001000000 "D:\Téléchargements\wlsetup-web-15.4.3555.0308.exe"=0x534143500100000000000000070000002800000068B11300A415140001000000000000000000010671020000BFA2139DEDD1D3010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000036670000000000000100000001000000 "D:\Téléchargements\wlsetup-all.exe"=0x5341435001000000000000000700000028000000B09C4C0856434D0801000000000000000000030671020000BFA2139DEDD1D301000000000000000002000000280000000000000000000050000000000000000000000000000000001DC20200000000000100000001000000 "C:\Program Files (x86)\Windows Live\Mail\wlmail.exe"=0x5341435001000000000000000700000028000000C88E01004EE2010001000000000000000000030671220000BFA2139DEDD1D3010000000000000000020000005000000000000000000000000000000000000000000000000000000069F65003000000008700000067000000000000000000004000000000000000000000000000000000F3340800000000000100000000000000 "C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLED.EXE"=0x534143500100000000000000070000002800000010E70000EEE0010001000000000000000000000671020000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000C6900000000000000300000003000000 "D:\Téléchargements\IE11-Windows6.1-x64-fr-fr.exe"=0x5341435001000000000000000700000028000000D0AE7A0397167B0301000000000000000000020600010000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000711C0000000000000100000001000000 "C:\Program Files (x86)\Internet Explorer\iexplore.exe"=0x5341435001000000000000000700000028000000088D0C00ACE60C0001000000010000000000000A00210000BFA2139DEDD1D3010000000000000000 "C:\Program Files\7-Zip\7zFM.exe"=0x534143500100000000000000070000002800000000CE0C000000000001000000000000000000000A73200000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000003B97250000000000DD000000DD000000 "D:\Téléchargements\logiciels\Thunderbird Setup 52.8.0.exe"=0x534143500100000000000000070000002800000050DE6C02FDF76C0201000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000036330000000000000100000001000000 "C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE"=0x5341435001000000000000000700000028000000C874180156D2180101000000000000000000000A71220000BFA2139DEDD1D3010000000100000000 "C:\AMD\radeon-software-adrenalin-18.7.1-minimalsetup-180712_64bit\Bin64\RadeonInstaller.exe"=0x5341435001000000000000000700000028000000884DC00134AEC00101000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000004A19700000000000100000001000000 "C:\Program Files (x86)\CorsairLink4\CorsairLink4.exe"=0x5341435001000000000000000700000028000000D0389E01FFC29E0101000000000000000000000A75200000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000F9F66800000000000100000001000000 "C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE"=0x5341435001000000000000000700000028000000D0CCC5007F3CC60001000000000000000000000A71220000BFA2139DEDD1D3010000000100000000 "C:\Program Files\7-Zip\7zG.exe"=0x5341435001000000000000000700000028000000007408000000000001000000000000000000000A73200000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000006F1F0000000000000100000001000000 "D:\Téléchargements\SmartSwitchPC.exe"=0x5341435001000000000000000700000028000000A0487302558B730201000000000000000000000A71220000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000006A9E0500000000000100000001000000 "C:\Program Files (x86)\InstallShield Installation Information\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}\setup.exe"=0x5341435001000000000000000700000028000000003812007936120003000000000000000000020600010000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000048EE0000000000000100000001000000 "C:\Program Files (x86)\Samsung\USB Drivers\Uninstall.exe"=0x5341435001000000000000000700000028000000606E1700F7EC170003000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000900000000000000000000000000000000052650000000000000200000002000000 "D:\Téléchargements\logiciels\samsung\EWS_V3.70.18.0.exe"=0x5341435001000000000000000700000028000000400342007568420001000000000000000000010600010000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000021330100000000000100000001000000 "D:\Téléchargements\logiciels\samsung\M2070_Series_WIN_EDC_V1.06.46_CDV1.25.exe"=0x534143500100000000000000070000002800000058412001F68C200101000000000000000000010600010000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000692D0000000000000100000001000000 "D:\Téléchargements\logiciels\samsung\M2070_Series_WIN_EPM_V1.06.00.08_CDV1.25.exe"=0x5341435001000000000000000700000028000000F8CD7C021DD77C0201000000000000000000010600010000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000005B660000000000000100000001000000 "D:\Téléchargements\logiciels\samsung\SamsungUniversalPrintDriver3_03.exe"=0x53414350010000000000000007000000280000003063960182B1960101000000000000000000010600010000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000B12F0200000000000100000001000000 "D:\Documents\My PSP Files\Modules externes\Alien Skin\Alien Skin Eye Candy 5.1 Nature\Eye Candy Nature.exe"=0x534143500100000000000000070000002800000088EE66000000000001000000000000000000010571200000BFA2139DEDD1D30100000000000000000200000028000000000000000008004000000000000000000000000000000000B76A0200000000000100000001000000 "D:\Téléchargements\Zedeo_Install.exe"=0x53414350010000000000000007000000280000005734A3010000000001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000DEE17F01000000000100000001000000 "C:\Users\Sophie\AppData\Local\Microsoft\OneDrive\18.111.0603.0006\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000A0F60300D140040001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "D:\Documents\apophysis\Apophysis-2.09.exe"=0x534143500100000000000000070000002800000000CC13000000000001000000000000000000010661200000BFA2139DEDD1D301000000000000000002000000280000000000000000000000001002000000000000000000000000000B8EC201000000000200000002000000 "C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE"=0x5341435001000000000000000700000028000000C06406006E16070001000000000000000000000A71220000BFA2139DEDD1D3010000000100000000 "D:\Documents\My PSP Files\Modules externes\KPT Collection\Register\Registration.exe"=0x5341435001000000000000000700000028000000000005000000000001000000000000000000010571200000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000822E0000000000000200000002000000 "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"=0x5341435001000000000000000700000028000000583F1600D7E2160001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "D:\Téléchargements\tb_free.exe"=0x5341435001000000000000000700000028000000C0A07404214C750401000000000000000000000A00210000BFA2139DEDD1D301000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000003A780400000000000100000001000000 "D:\Documents\captvty\Captvty.exe"=0x534143500100000000000000070000002800000000EE3A000000000001000000000000000000000A71220000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000075798700000000000800000008000000 "C:\Program Files (x86)\Microsoft Office\Office12\POWERPNT.EXE"=0x5341435001000000000000000700000028000000F01A080089E5080001000000000000000000000A71220000BFA2139DEDD1D3010000000100000000 "C:\AMD\radeon-adrenalin-18.5.1-minimalsetup-180522_64bit\Bin64\RadeonInstaller.exe"=0x5341435001000000000000000700000028000000882BBF017F22C00101000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000054220200000000000100000001000000 "C:\Program Files\AMD\CNext\CNext\amddvr.exe"=0x534143500100000000000000070000002800000088611C002E5F1D0001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000FCC5BE03000000001B0000001B000000 "D:\Téléchargements\flashplayer30_xa_install.exe"=0x5341435001000000000000000700000028000000F06112006603130001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000BC8F0000000000000100000001000000 "C:\Users\Sophie\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"=0x5341435001000000000000000700000028000000A0B09301B75E940101000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Users\Sophie\AppData\Local\Microsoft\OneDrive\18.131.0701.0007\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000A80204003EA4040001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Program Files\Mozilla Firefox\firefox.exe"=0x5341435001000000000000000700000028000000D0EF06003AF8060001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Program Files (x86)\Jasc Software Inc\Animation Shop 3\Anim.exe"=0x534143500100000000000000070000002800000000E02E000000000001000000000000000000010571200000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000040000000000000000000000000000DF7A8102000000000200000002000000 "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"=0x5341435001000000000000000700000028000000F0A32200C503230001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000010000000000000000000000000000000004E79DC02000000000800000008000000 "D:\Documents\My PSP Files\Modules externes\Kpt6full_plugin\auto95\AutoRun.exe"=0x5341435001000000000000000700000028000000005C04000000000001000000000000000000010571200000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000030105800000000200000078000000000301058000006000000000000000000000000000000000D34C01000000000001000000010000000000000080000040100000000000000000000000000000004005000000000000010000000000000000000000800000001010000000000000000000000000000095090000000000000200000000000000 "D:\Téléchargements\Kpt6full_plugin\auto95\AutoRun.exe"=0x5341435001000000000000000700000028000000005C04000000000001000000000000000000010571200000BFA2139DEDD1D301000000000000000002000000280000000000000080000000101000000000000000000000000000008D050000000000000100000001000000 "D:\Téléchargements\ebook_reader_setup.exe"=0x53414350010000000000000007000000280000003882C201EB6CC30101000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000050200200000000000100000001000000 "C:\Program Files (x86)\Icecream Ebook Reader\ebookreader.exe"=0x5341435001000000000000000700000028000000B8564C004C6E4C0001000000000000000000000A71220000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000084422500000000000800000008000000 "D:\Téléchargements\GoogleEarthProSetup.exe"=0x53414350010000000000000007000000280000005841110043DD110001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000045D90100000000000100000001000000 "C:\Program Files (x86)\Zedeo\ZDO.exe"=0x534143500100000000000000070000002800000000780F008D38100001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000004CD60000000000000200000002000000 "C:\Program Files\Google\Google Earth Pro\client\googleearth.exe"=0x534143500100000000000000070000002800000058B51B001AB91B0001000000000000000000000A73220000BFA2139DEDD1D30100000000000000000200000028000000000000000000001000000000000000000000000000000000298C0200000000000100000001000000 "D:\Téléchargements\mb3-setup-consumer-3.5.1.2522-1.0.441-1.0.6609.exe"=0x534143500100000000000000070000002800000060C4BA04CDF9BA0401000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000F4310200000000000100000001000000 "C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe"=0x534143500100000000000000070000002800000050C97B0044867C0001000000000000000000000A71220000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000DFA60000000000000100000001000000 "D:\Bureau\QuickDiag.exe"=0x534143500100000000000000070000002800000098214A00D8C84A0001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000 ---------- | IFEO ---------- | Mountpoints2 ---------- | Windows [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] ""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "Beep"=#USR:Control Panel\Sound "CoolSwitch"=USR:Control Panel\Desktop "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickSpeed"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse "Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SwapMouseButtons"=#USR:Control Panel\Mouse "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "Beep"=#USR:Control Panel\Sound "CoolSwitch"=USR:Control Panel\Desktop "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickSpeed"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SwapMouseButtons"=#USR:Control Panel\Mouse "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems] "windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ---------- | Security center [HKLM\SOFTWARE\Microsoft\Security Center] "cval"=1 [HKLM\SOFTWARE\Microsoft\Security Center\svc] "VistaSp1"=131719237266539176 [HKLM\SOFTWARE\Microsoft\Windows Defender] "ProductAppDataPath"=C:\ProgramData\Microsoft\Windows Defender "ProductIcon"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-100 "ProductLocalizedName"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-1000 "RemediationExe"=%ProgramFiles%\Windows Defender\MSASCui.exe "DisableAntiSpyware"=0 "ProductType"=2 "InstallTime"=0x376EF6D6E7F1D301 "InstallLocation"=C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\ "ProductStatus"=0 "OOBEInstallTime"=0x395481CBF7F5D301 "ManagedDefenderProductType"=0 "BackupLocation"=C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0 "DisableAntiVirus"=0 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall"=1 ---------- | Safeboot [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioSrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicDisplay.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicRender.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BrokerInfrastructure] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DeviceInstall] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dxgkrnl.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FsDepends.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudBus.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LSM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SerCx2.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SystemEventsBroker] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\usbaudio.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AudioEndpointBuilder] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AudioSrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicDisplay.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicRender.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BrokerInfrastructure] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DeviceInstall] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dxgkrnl.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\FsDepends.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HdAudAddService.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HdAudBus.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LSM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetSetupSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SerCx2.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmartcardSimulator] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SpbCx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SystemEventsBroker] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\uefi.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\usbaudio.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VirtualSmartcardReader] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wcmsvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96C-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}] ---------- | Winsock (Whitelist) [HKLM\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001] : AF_UNIX [HKLM\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001] : AF_UNIX [HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001] : AF_UNIX [HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001] : AF_UNIX ---------- | Hosts ---------- | Ping Envoi d'une requ?te 'ping' sur google.com [172.217.18.206] avec 32 octets de donn?es?: R?ponse de 172.217.18.206?: octets=32 temps=10 ms TTL=57 R?ponse de 172.217.18.206?: octets=32 temps=10 ms TTL=57 R?ponse de 172.217.18.206?: octets=32 temps=10 ms TTL=57 R?ponse de 172.217.18.206?: octets=32 temps=9 ms TTL=57 Statistiques Ping pour 172.217.18.206: Paquets?: envoy?s = 4, re?us = 4, perdus = 0 (perte 0%), Dur?e approximative des boucles en millisecondes : Minimum = 9ms, Maximum = 10ms, Moyenne = 9ms ---------- | @ [HKU\S-1-5-21-2641057836-2379893348-9070863-1001\Software\Microsoft\Internet Explorer\Main] "Anchor Underline"=yes "Cache_Update_Frequency"=yes "Disable Script Debugger"=yes "DisableScriptDebuggerIE"=yes "Display Inline Images"=yes "Do404Search"=0x01000000 "Local Page"=%11%\blank.htm "Save_Session_History_On_Exit"=no "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Show_FullURL"=no "Show_StatusBar"=yes "Show_ToolBar"=yes "Show_URLinStatusBar"=yes "Show_URLToolBar"=yes "Use_DlgBox_Colors"=yes "UseClearType"=no "XMLHTTP"=1 "Enable Browser Extensions"=yes "Play_Background_Sounds"=yes "Play_Animations"=yes "Start Page"=https://www.google.com/ "ImageStoreRandomFolder"=wmc3tlf "OperationalData"=13 "CompatibilityFlags"=0 "SearchBandMigrationVersion"=1 "FullScreen"=no "Window_Placement"=0x2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF2A0000002A0000005B07000066040000 "Start Page_TIMESTAMP"=0xCC9C77036E17D401 "SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy"= "IE10RunOnceLastShown"=1 "IE10RunOnceLastShown_TIMESTAMP"=0x384F7B14BA30D401 "IE10TourShown"=1 "IE10TourShownTime"=0x5E5193ABF0F5D301 "IE11EdgeNotifyTime"=0xBBB9FF869B34D401 "EdgeReminderRemainingCount"=4 "News Feed First Run Experience"=0 "DownloadWindowPlacement"=0x2C0000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD7010000E7000000F70400003F030000 "IE10RunOncePerInstallCompleted"=1 "IE10RunOnceCompletionTime"=0x5E5193ABF0F5D301 [HKU\S-1-5-21-2641057836-2379893348-9070863-1001\Software\Microsoft\Windows\CurrentVersion\Internet settings] "DisableCachingOfSSLPages"=0 "IE5_UA_Backup_Flag"=5.0 "PrivacyAdvanced"=1 "SecureProtocols"=2688 "CertificateRevocation"=1 "User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32) "ZonesSecurityUpgrade"=0x5E5193ABF0F5D301 "WarnonZoneCrossing"=0 "EnableNegotiate"=1 "MigrateProxy"=1 "ProxyEnable"=0 "MaxConnectionsPerServer"=10 [HKLM\Software\Microsoft\Internet Explorer\Main] "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "AutoHide"=yes "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Anchor_Visitation_Horizon"=0x01000000 "Cache_Percent_of_Disk"=0x0A000000 "Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Secondary_Page_URL"= "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "Extensions Off Page"=about:NoAdd-ons "Local Page"=C:\Windows\System32\blank.htm "Placeholder_Height"=0x1A000000 "Placeholder_Width"=0x1A000000 "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Security Risk Page"=about:SecurityRisk "Use_Async_DNS"=yes "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [HKLM\Software\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "Home"=270 "InPrivate"=res://ieframe.dll/inprivate.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "PostNotCached"=res://ieframe.dll/repost.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes] "ftp"=ftp:// "home"=http:// "mosaic"=http:// "www"=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings] "ActiveXCache"=C:\Windows\Downloaded Program Files "CodeBaseSearchPath"=CODEBASE "EnablePunycode"=1 "MinorVersion"=0 "WarnOnIntranet"=1 [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Main] "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "AutoHide"=yes "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Anchor_Visitation_Horizon"=0x01000000 "Cache_Percent_of_Disk"=0x0A000000 "Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Secondary_Page_URL"= "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "Extensions Off Page"=about:NoAdd-ons "Local Page"=C:\Windows\SysWOW64\blank.htm "Placeholder_Height"=0x1A000000 "Placeholder_Width"=0x1A000000 "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Security Risk Page"=about:SecurityRisk "Use_Async_DNS"=yes "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "Home"=270 "InPrivate"=res://ieframe.dll/inprivate.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "PostNotCached"=res://ieframe.dll/repost.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes] "ftp"=ftp:// "home"=http:// "mosaic"=http:// "www"=http:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet settings] "ActiveXCache"=C:\Windows\Downloaded Program Files "CodeBaseSearchPath"=CODEBASE "EnablePunycode"=1 "MinorVersion"=0 "WarnOnIntranet"=1 ---------- | Proxy ---------- | reparsepoint ---------- | Detection of offsets ---------- | Notify [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn] : "c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll ---------- | Execution FileExts ---------- | SIOI | SEH | URLSH [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6] - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7] - {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} -- C:\Windows\System32\EhStorShell.dll [12/04/2018 01:34:24] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Offline Files] - {4E77131D-3629-431c-9818-C5679DC83E81} -- %SystemRoot%\System32\cscui.dll [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6] - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7] - {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} -- [HKU\S-1-5-21-2641057836-2379893348-9070863-1001\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks] "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"= ---------- | Toolbar [HKU\S-1-5-21-2641057836-2379893348-9070863-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "Locked"=1 "ShowDiscussionButton"=Yes [HKU\S-1-5-21-2641057836-2379893348-9070863-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} "KnownProvidersUpgradeTime"=0x5E5193ABF0F5D301 "Version"=5 "UpgradeTime"=0x5E5193ABF0F5D301 [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} ---------- | Extensions [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}] : () - [] ---------- | SearchScopes [HKU\S-1-5-21-2641057836-2379893348-9070863-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (Bing) - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : ---------- | Browser Helper Objects [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF949550-9094-4807-95EC-D1C317803333}] -> (Logitech SetPoint) : C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [18/05/2018 03:32:30] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF949550-9094-4807-95EC-D1C317803333}] -> (Logitech SetPoint) : C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [18/05/2018 03:32:30] ---------- | Chrome C:\Users\Sophie\AppData\Local\Google\Chrome\User Data\Default\extensions\aapocclcgogkmnckokdopfmhonfmgoek = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\Sophie\AppData\Local\Google\Chrome\User Data\Default\extensions\aohghmighlieiainnegkcijnfilokake = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\Sophie\AppData\Local\Google\Chrome\User Data\Default\extensions\apdfllckaahabafndbhieahigkjlhalf = : Google & co - https://drive.google.com/?usp=chrome_app - Google & co - [http://docs.google.com/http://drive.google.com/https://docs.google.com/https://drive.google.com/] - https://clients2.google.com/service/update2/crx C:\Users\Sophie\AppData\Local\Google\Chrome\User Data\Default\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo = : Google & co - http://www.youtube.com - http://www.youtube.com - Google & co - http://clients2.google.com/service/update2/crx C:\Users\Sophie\AppData\Local\Google\Chrome\User Data\Default\extensions\felcaaldnbdncclmgdcncolpebgiejap = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\Sophie\AppData\Local\Google\Chrome\User Data\Default\extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi = : __MSG_extDesc__ - __MSG_extName__ - https://clients2.google.com/service/update2/crx C:\Users\Sophie\AppData\Local\Google\Chrome\User Data\Default\extensions\nmmhkkegccagdldgiimedpiccmgmieda = : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx C:\Users\Sophie\AppData\Local\Google\Chrome\User Data\Default\extensions\pjkljhegncpnkpknbcohdijeoejaedia = : Google & co - https://mail.google.com/mail/ca - Google & co - [*://mail.google.com/mail/ca] - http://clients2.google.com/service/update2/crx C:\Users\Sophie\AppData\Local\Google\Chrome\User Data\Default\extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm = : Provider for discovery and services for mirroring of Chrome Media Router - Chrome Media Router - 919648714761-55j965o0km033psv3i9qls5mo3qtdrb0.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx ---------- | Opera ---------- | Firefox C:\Users\Sophie\AppData\Roaming\Mozilla\Firefox\Profiles\kpiu4qeu.default\Extensions\@addonsignalspam.xpi C:\Users\Sophie\AppData\Roaming\Mozilla\Firefox\Profiles\kpiu4qeu.default\Extensions\firefox@ghostery.com.xpi C:\Users\Sophie\AppData\Roaming\Mozilla\Firefox\Profiles\kpiu4qeu.default\Extensions\jid1-P34HaABBBpOerQ@jetpack.xpi C:\Users\Sophie\AppData\Roaming\Mozilla\Firefox\Profiles\kpiu4qeu.default\Extensions\uBlock0@raymondhill.net.xpi C:\Users\Sophie\AppData\Roaming\Mozilla\Firefox\Profiles\kpiu4qeu.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}.xpi C:\Users\Sophie\AppData\Roaming\Mozilla\Firefox\Profiles\kpiu4qeu.default\Extensions\{84380428-8c9d-4bdf-913d-b2c34d6562d9}.xpi C:\Users\Sophie\AppData\Roaming\Mozilla\Firefox\Profiles\kpiu4qeu.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [HKLM\Software\WOW6432Node\mozilla\Firefox\Extensions] "{F003DA68-8256-4b37-A6C4-350FA04494DF}"=C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer] - (Adobe® Flash® Player 30.0.0.154 Plugin) : C:\WINDOWS\system32\Macromed\Flash\NPSWF64_30_0_0_154.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@adobe.com/FlashPlayer] - (Adobe® Flash® Player 30.0.0.154 Plugin) : C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_154.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@nvidia.com/3DVision] - (NVIDIA stereo images plugin for Mozilla browsers) : C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming] - (NVIDIA 3D Vision Streaming plugin for Mozilla browsers) : C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [HKLM\Software\WOW6432Node\MozillaPlugins\Adobe Reader] - (Handles PDFs in-place in Firefox) : C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll C:\Users\Sophie\AppData\Roaming\Mozilla\Firefox\Profiles\kpiu4qeu.default\Prefs.js user_pref("browser.startup.homepage", "https://www.google.com/"); user_pref("browser.startup.homepage_override.buildID", "20180807170231"); user_pref("browser.startup.homepage_override.mstone", "61.0.2"); user_pref("devtools.webextensions.{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.enabled", true); user_pref("extensions.blocklist.lastModified", "Fri, 31 Aug 2018 08:50:00 GMT"); user_pref("extensions.blocklist.pingCountTotal", 76); user_pref("extensions.blocklist.pingCountVersion", 21); user_pref("extensions.databaseSchema", 26); user_pref("extensions.getAddons.cache.lastUpdate", 1535962996); user_pref("extensions.getAddons.databaseSchema", 5); user_pref("extensions.lastAppBuildId", "20180807170231"); user_pref("extensions.lastAppVersion", "61.0.2"); user_pref("extensions.lastPlatformVersion", "61.0.2"); user_pref("extensions.pendingOperations", false); user_pref("extensions.systemAddonSet", "{\"schema\":1,\"addons\":{}}"); user_pref("extensions.ui.dictionary.hidden", true); user_pref("extensions.ui.experiment.hidden", true); user_pref("extensions.ui.lastCategory", "addons://list/theme"); user_pref("extensions.ui.locale.hidden", true); user_pref("extensions.webextensions.uuids", "{\"screenshots@mozilla.org\":\"6f6ee4c0-d912-4027-8dca-96f79f4a689a\",\"{84380428-8c9d-4bdf-913d-b2c34d6562d9}\":\"483b46ed-f860-4536-99da-fe9188b5dcfa\",\"jid1-P34HaABBBpOerQ@jetpack\":\"f7ea90a5-63e1-4a61-af37-64d6cba56b03\",\"{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\":\"f6dc4aad-56ec-4f1d-8a76-19fb4a4925f7\",\"firefox@ghostery.com\":\"0f6aa45c-a9e4-4969-9f91-630be02b5532\",\"@addonsignalspam\":\"8f2a1bc4-611e-4e7e-90af-b6209efadbe5\",\"webcompat@mozilla.org\":\"8966d047-0217-4cf6-b457-47c428265988\",\"simple-tab-groups@drive4ik\":\"f9fddf49-fa5a-4787-9ee1-3c7200972c93\",\"{5384767E-00D9-40E9-B72F-9CC39D655D6F}\":\"2d12b6b1-1c65-4802-b24b-34829f71ffe8\",\"uBlock0@raymondhill.net\":\"ce2f7cb4-9ef7-4e76-aff1-fc1e374de3d4\"}"); C:\Users\Sophie\AppData\Roaming\Mozilla\Firefox\Profiles\kpiu4qeu.default [Profile0] - Name=default -> Profiles/kpiu4qeu.default ---------- | DNS [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters] "DhcpNameServer"=192.168.0.254 80.67.169.40 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{369d40ed-2fa7-448d-9e74-70f5a61ef1eb}] "DhcpNameServer"=192.168.0.254 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{61e51b66-7922-4c47-a9c1-b2a1aaccc933}] "DhcpNameServer"=192.168.0.254 80.67.169.40 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{369d40ed-2fa7-448d-9e74-70f5a61ef1eb}] "DhcpNameServer"=192.168.0.254 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{61e51b66-7922-4c47-a9c1-b2a1aaccc933}] "DhcpNameServer"=192.168.0.254 80.67.169.40 ---------- | Applications [HKU\S-1-5-21-2641057836-2379893348-9070863-1001\SOFTWARE\Classes\Applications\7z.exe] : "C:\Program Files\7-Zip\7z.exe" "%1" [HKU\S-1-5-21-2641057836-2379893348-9070863-1001\SOFTWARE\Classes\Applications\7zFM.exe] : "C:\Program Files\7-Zip\7zFM.exe" "%1" [HKU\S-1-5-21-2641057836-2379893348-9070863-1001\SOFTWARE\Classes\Applications\7zG.exe] : "C:\Program Files\7-Zip\7zG.exe" "%1" [HKU\S-1-5-21-2641057836-2379893348-9070863-1001\SOFTWARE\Classes\Applications\firefox.exe] : "C:\Program Files\Mozilla Firefox\firefox.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\Corel PaintShop Pro.exe] : "C:\Program Files\Corel\Corel PaintShop Pro X8 (64-bit)\Corel PaintShop Pro.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 [HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\Classes\Applications\ois.exe] : C:\PROGRA~2\MICROS~1\Office12\OIS.EXE /shellOpen "%1" [HKLM\SOFTWARE\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1 [HKLM\SOFTWARE\Classes\Applications\provtool.exe] : "%SystemRoot%\System32\provtool.exe" "%1" /source ShellOpen [HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" [HKLM\SOFTWARE\Classes\Applications\xnview.exe] : "C:\Program Files (x86)\XnView\xnview.exe" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\Corel PaintShop Pro.exe] : "C:\Program Files\Corel\Corel PaintShop Pro X8 (64-bit)\Corel PaintShop Pro.exe" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\ois.exe] : C:\PROGRA~2\MICROS~1\Office12\OIS.EXE /shellOpen "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\provtool.exe] : "%SystemRoot%\System32\provtool.exe" "%1" /source ShellOpen [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\xnview.exe] : "C:\Program Files (x86)\XnView\xnview.exe" ---------- | SvcHost (Whitelist) [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost] "DcomLaunch"=Power LSM BrokerInfrastructure PlugPlay DcomLaunch DeviceInstall SystemEventsBroker "rdxgroup"=RetailDemo "wusvcs"=WaaSMedicSvc "BthAppGroup"=BluetoothUserService "BcastDVRUserService"=BcastDVRUserService "Camera"=FrameS "diagnostics"=DiagSvc "PrintWorkflow"=PrintWorkflowUserSvc "GraphicsPerfSvcGroup"=GraphicsPerfSvc "DevicesFlow"=DevicesFlowUserSvc DevicePickerUserSvc "smbsvcs"=lanmanserver browser "PeerDist"=PeerDistSvc "AssignedAccessManagerSvc"=AssignedAccessManagerSvc [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost] "DcomLaunch"=PlugPlay DcomLaunch DeviceInstall "PrintWorkflow"=PrintWorkflowUserSvc "smbsvcs"=lanmanserver ---------- | SvcHost - Netsvcs (Whitelist) ---------- | Software [HKU\S-1-5-21-2641057836-2379893348-9070863-1001\Software\2BrightSparks] [HKU\S-1-5-21-2641057836-2379893348-9070863-1001\Software\7-Zip] [HKU\S-1-5-21-2641057836-2379893348-9070863-1001\Software\Adobe] [HKU\S-1-5-21-2641057836-2379893348-9070863-1001\Software\Alien Skin] [HKU\S-1-5-21-2641057836-2379893348-9070863-1001\Software\AMD] [HKU\S-1-5-21-2641057836-2379893348-9070863-1001\Software\Apophysis 2.0] [HKU\S-1-5-21-2641057836-2379893348-9070863-1001\Software\AppDataLow] [HKU\S-1-5-21-2641057836-2379893348-9070863-1001\Software\ATI] [HKU\S-1-5-21-2641057836-2379893348-9070863-1001\Software\ATS-FFormula] [HKU\S-1-5-21-2641057836-2379893348-9070863-1001\Software\calibre] [HKU\S-1-5-21-2641057836-2379893348-9070863-1001\Software\Chromium] [HKU\S-1-5-21-2641057836-2379893348-9070863-1001\Software\Clients] [HKU\S-1-5-21-2641057836-2379893348-9070863-1001\Software\Corel] [HKU\S-1-5-21-2641057836-2379893348-9070863-1001\Software\Flaming Pear PV] [HKU\S-1-5-21-2641057836-2379893348-9070863-1001\Software\g3n-h@ckm@n] [HKU\S-1-5-21-2641057836-2379893348-9070863-1001\Software\Google] [HKU\S-1-5-21-2641057836-2379893348-9070863-1001\Software\I.C.NET Software GmbH] [HKU\S-1-5-21-2641057836-2379893348-9070863-1001\Software\Icecream] [HKU\S-1-5-21-2641057836-2379893348-9070863-1001\Software\Jasc] [HKU\S-1-5-21-2641057836-2379893348-9070863-1001\Software\LogiShrd] [HKU\S-1-5-21-2641057836-2379893348-9070863-1001\Software\Logitech] [HKU\S-1-5-21-2641057836-2379893348-9070863-1001\Software\Macromedia] [HKU\S-1-5-21-2641057836-2379893348-9070863-1001\Software\Malwarebytes] [HKU\S-1-5-21-2641057836-2379893348-9070863-1001\Software\Microsoft] [HKU\S-1-5-21-2641057836-2379893348-9070863-1001\Software\Mozilla] [HKU\S-1-5-21-2641057836-2379893348-9070863-1001\Software\MPC-HC] [HKU\S-1-5-21-2641057836-2379893348-9070863-1001\Software\Netscape] [HKU\S-1-5-21-2641057836-2379893348-9070863-1001\Software\Nik Software] [HKU\S-1-5-21-2641057836-2379893348-9070863-1001\Software\Nik_Soft] [HKU\S-1-5-21-2641057836-2379893348-9070863-1001\Software\NVIDIA Corporation] [HKU\S-1-5-21-2641057836-2379893348-9070863-1001\Software\ODBC] [HKU\S-1-5-21-2641057836-2379893348-9070863-1001\Software\OpenOffice] [HKU\S-1-5-21-2641057836-2379893348-9070863-1001\Software\Policies] [HKU\S-1-5-21-2641057836-2379893348-9070863-1001\Software\QtProject] [HKU\S-1-5-21-2641057836-2379893348-9070863-1001\Software\Realtek] [HKU\S-1-5-21-2641057836-2379893348-9070863-1001\Software\RegisteredApplications] [HKU\S-1-5-21-2641057836-2379893348-9070863-1001\Software\SageThumbs] [HKU\S-1-5-21-2641057836-2379893348-9070863-1001\Software\SAMSUNG] [HKU\S-1-5-21-2641057836-2379893348-9070863-1001\Software\Script Edit] [HKU\S-1-5-21-2641057836-2379893348-9070863-1001\Software\SNMP] [HKU\S-1-5-21-2641057836-2379893348-9070863-1001\Software\SSPrint] [HKU\S-1-5-21-2641057836-2379893348-9070863-1001\Software\SSScan] [HKU\S-1-5-21-2641057836-2379893348-9070863-1001\Software\sysinternals] [HKU\S-1-5-21-2641057836-2379893348-9070863-1001\Software\ThePluginSite] [HKU\S-1-5-21-2641057836-2379893348-9070863-1001\Software\VanDerLee] [HKU\S-1-5-21-2641057836-2379893348-9070863-1001\Software\Wow6432Node] [HKU\S-1-5-21-2641057836-2379893348-9070863-1001\Software\XnView] [HKU\S-1-5-21-2641057836-2379893348-9070863-1001\SOFTWARE\AppDataLow\Software\Microsoft] [HKU\S-1-5-21-2641057836-2379893348-9070863-1001\Software\Microsoft\Windows\CurrentVersion] [HKU\S-1-5-21-2641057836-2379893348-9070863-1001\Software\Microsoft\Windows\DWM] [HKU\S-1-5-21-2641057836-2379893348-9070863-1001\Software\Microsoft\Windows\Shell] [HKU\S-1-5-21-2641057836-2379893348-9070863-1001\Software\Microsoft\Windows\TabletPC] [HKU\S-1-5-21-2641057836-2379893348-9070863-1001\Software\Microsoft\Windows\Windows Error Reporting] [HKU\S-1-5-21-2641057836-2379893348-9070863-1001\Software\Microsoft\Windows\Winlogon] [HKU\S-1-5-21-2641057836-2379893348-9070863-1001\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\7-Zip] [HKLM\Software\Alienware] [HKLM\Software\AMD] [HKLM\Software\AMDDVR] [HKLM\Software\ATI] [HKLM\Software\ATI Technologies] [HKLM\Software\Clients] [HKLM\Software\Common Desktop Agent] [HKLM\Software\Corel] [HKLM\Software\Fortemedia] [HKLM\Software\g3n-h@ckm@n] [HKLM\Software\Google] [HKLM\Software\INextUUID] [HKLM\Software\Intel] [HKLM\Software\Khronos] [HKLM\Software\Logitech] [HKLM\Software\Macromedia] [HKLM\Software\Microsoft] [HKLM\Software\Mozilla] [HKLM\Software\mozilla.org] [HKLM\Software\MozillaPlugins] [HKLM\Software\Nuance] [HKLM\Software\NVIDIA Corporation] [HKLM\Software\ODBC] [HKLM\Software\OEM] [HKLM\Software\Partner] [HKLM\Software\Policies] [HKLM\Software\Realtek] [HKLM\Software\RegisteredApplications] [HKLM\Software\Samsung] [HKLM\Software\SRS Labs] [HKLM\Software\SSPrint] [HKLM\Software\sysinternals] [HKLM\Software\Volatile] [HKLM\Software\WOW6432Node] [HKLM\Software\XnViewMP] [HKLM\Software\Microsoft\Windows\AssignedAccessConfiguration] [HKLM\Software\Microsoft\Windows\AssignedAccessCsp] [HKLM\Software\Microsoft\Windows\ClickNote] [HKLM\Software\Microsoft\Windows\CurrentVersion] [HKLM\Software\Microsoft\Windows\Dwm] [HKLM\Software\Microsoft\Windows\DynamicManagement] [HKLM\Software\Microsoft\Windows\EnterpriseResourceManager] [HKLM\Software\Microsoft\Windows\Heat] [HKLM\Software\Microsoft\Windows\HTML Help] [HKLM\Software\Microsoft\Windows\ITStorage] [HKLM\Software\Microsoft\Windows\ScheduledDiagnostics] [HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\Microsoft\Windows\Shell] [HKLM\Software\Microsoft\Windows\Tablet PC] [HKLM\Software\Microsoft\Windows\TabletPC] [HKLM\Software\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\Microsoft\Windows\Windows Search] [HKLM\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\AssignedAccessManagerSvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\BcastDVRUserService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\btagservice] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\BthAppGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\Camera] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\DevicesFlow] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\diagnostics] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\GraphicsPerfSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ICService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceHttp] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestrictedDhcpLmHosts] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetworkFirewall] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceDnsNla] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\print] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\PrintWorkflow] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\rdxgroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\RmSvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\UnistackSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\WepHostSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wsappx] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wusvcs] [HKLM\Software\WOW6432Node\2BrightSparks] [HKLM\Software\WOW6432Node\Adobe] [HKLM\Software\WOW6432Node\Alien Skin] [HKLM\Software\WOW6432Node\AMD] [HKLM\Software\WOW6432Node\Andromeda] [HKLM\Software\WOW6432Node\ATI] [HKLM\Software\WOW6432Node\ATI Technologies] [HKLM\Software\WOW6432Node\AUEP] [HKLM\Software\WOW6432Node\Common Desktop Agent] [HKLM\Software\WOW6432Node\Corel] [HKLM\Software\WOW6432Node\Corsair Components, Inc.] [HKLM\Software\WOW6432Node\EaseUS Todo Backup] [HKLM\Software\WOW6432Node\Google] [HKLM\Software\WOW6432Node\Intel] [HKLM\Software\WOW6432Node\Jasc] [HKLM\Software\WOW6432Node\Khronos] [HKLM\Software\WOW6432Node\Logitech] [HKLM\Software\WOW6432Node\Macromedia] [HKLM\Software\WOW6432Node\Microsoft] [HKLM\Software\WOW6432Node\Mozilla] [HKLM\Software\WOW6432Node\MozillaPlugins] [HKLM\Software\WOW6432Node\Nik Software] [HKLM\Software\WOW6432Node\Nuance] [HKLM\Software\WOW6432Node\NVIDIA Corporation] [HKLM\Software\WOW6432Node\ODBC] [HKLM\Software\WOW6432Node\OpenOffice] [HKLM\Software\WOW6432Node\Realtek] [HKLM\Software\WOW6432Node\Realtek Semiconductor Corp.] [HKLM\Software\WOW6432Node\Samsung] [HKLM\Software\WOW6432Node\Ulead Systems] [HKLM\Software\WOW6432Node\Volatile] [HKLM\Software\WOW6432Node\WOW6432Node] [HKLM\Software\WOW6432Node\XnView] [HKLM\Software\WOW6432Node\Clients] [HKLM\Software\WOW6432Node\Policies] [HKLM\Software\WOW6432Node\RegisteredApplications] [HKLM\Software\WOW6432Node\Microsoft\Windows\ClickNote] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows\Dwm] [HKLM\Software\WOW6432Node\Microsoft\Windows\EnterpriseResourceManager] [HKLM\Software\WOW6432Node\Microsoft\Windows\Heat] [HKLM\Software\WOW6432Node\Microsoft\Windows\Help] [HKLM\Software\WOW6432Node\Microsoft\Windows\HTML Help] [HKLM\Software\WOW6432Node\Microsoft\Windows\ITStorage] [HKLM\Software\WOW6432Node\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\WOW6432Node\Microsoft\Windows\Tablet PC] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Search] [HKLM\Software\WOW6432Node\Microsoft\Windows\xnview.exe] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceHttp] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestrictedDhcpLmHosts] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetworkFirewall] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceDnsNla] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\PrintWorkflow] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\wusvcs] ---------- | Drives D: E: ---------- | C: [18/03/2017 23:03:28] - |SHD| - [40605] - C:\$Recycle.Bin [07/08/2018 08:47:58] - |D| - [0] - C:\6749525315573233238 [06/06/2018 16:14:40] - |D| - [25241139] - C:\Alien Skin [28/05/2018 11:49:34] - |D| - [2221572112] - C:\AMD [MD5.907F8EFD9E023CE06F781C29B4C65532] - [06/06/2018 08:29:44] - |SH| - (.-.) - [80] - (0.0.0.0) - C:\bootTel.dat [07/08/2018 08:47:46] - |SHD| - [282536] - C:\Config.Msi [22/05/2018 18:14:53] - |SHD| - [0] - C:\Documents and Settings [MD5.D41D8CD98F00B204E9800998ECF8427E] - [27/05/2018 21:38:25] - |ASH| - (.-.) - [6411636736] - (0.0.0.0) - C:\hiberfil.sys [27/06/2018 15:21:39] - |RHD| - [529670008] - C:\MSOCache [12/04/2018 01:38:20] - |D| - [0] - C:\PerfLogs [03/06/2018 10:32:25] - |D| - [14761564] - C:\plugin [12/04/2018 01:38:20] - |RD| - [5725470854] - C:\Program Files [12/04/2018 01:38:20] - |RD| - [3014318587] - C:\Program Files (x86) [12/04/2018 01:38:20] - |HD| - [2792298181] - C:\ProgramData [03/09/2018 23:22:36] - |D| - [68686] - C:\QuickDiag [MD5.8D42AC8ACF787E884181D20A4273699A] - [03/09/2018 23:22:45] - |A| - (.-.) - [181517] - (0.0.0.0) - C:\QuickDiag.txt [27/05/2018 21:42:08] - |SHD| - [0] - C:\Recovery [MD5.D41D8CD98F00B204E9800998ECF8427E] - [22/05/2018 18:13:28] - |ASH| - (.-.) - [268435456] - (0.0.0.0) - C:\swapfile.sys [22/05/2018 18:13:27] - |SHD| - [0] - C:\System Volume Information [11/04/2018 23:04:33] - |RD| - [6658300708] - C:\Users [11/04/2018 23:04:33] - |D| - [31120611435] - C:\Windows [27/06/2018 22:31:24] - |D| - [5943337] - C:\Xenofex 2 ---------- | C:\WINDOWS [12/04/2018 01:38:20] - |D| - [802] - C:\WINDOWS\addins [22/05/2018 11:22:09] - |D| - [20480] - C:\WINDOWS\AMDTAs [12/04/2018 01:38:20] - |D| - [10086379] - C:\WINDOWS\appcompat [12/04/2018 01:38:20] - |D| - [8343160] - C:\WINDOWS\apppatch [12/04/2018 01:38:20] - |D| - [0] - C:\WINDOWS\AppReadiness [12/04/2018 01:38:20] - |RD| - [967511180] - C:\WINDOWS\assembly [12/04/2018 01:38:20] - |D| - [720353] - C:\WINDOWS\bcastdvr [MD5.178BA90AA13F6F834E5C060DC923FB55] - [12/04/2018 01:34:02] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Utilitaire de service de fichier de démarrage.) - [67072] - (10.0.17134.1) - C:\WINDOWS\bfsvc.exe [12/04/2018 18:24:11] - |SHD| - [580179] - C:\WINDOWS\BitLockerDiscoveryVolumeContents [12/04/2018 01:38:20] - |D| - [38319346] - C:\WINDOWS\Boot [MD5.BF5F882A0113BD3E5C9B4A51AF71940E] - [27/05/2018 22:34:26] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\WINDOWS\bootstat.dat [12/04/2018 01:38:21] - |D| - [2448984] - C:\WINDOWS\Branding [12/04/2018 01:30:02] - |D| - [0] - C:\WINDOWS\CbsTemp [MD5.88AD6EBF3A41628AFEE0E6808045D0F6] - [27/05/2018 21:38:41] - |A| - (.-.) - [8041] - (0.0.0.0) - C:\WINDOWS\comsetup.log [12/04/2018 18:41:55] - |D| - [46617300] - C:\WINDOWS\Containers [22/05/2018 18:16:54] - |D| - [0] - C:\WINDOWS\CSC [MD5.17664088D345E947EBB9B73277E9F99E] - [06/06/2018 19:08:12] - |A| - (.Copyright © Microsoft Corp. 1992-94 - Ctl3D 3D Windows Control.) - [26832] - (2.26.0.0) - C:\WINDOWS\CTL3DV2.DLL [12/04/2018 01:38:21] - |D| - [11482410] - C:\WINDOWS\Cursors [MD5.DA87ACCA24484CA8D8D386594D87BAC4] - [26/05/2018 17:30:15] - |A| - (.-.) - [3077] - (0.0.0.0) - C:\WINDOWS\DDACLSys.log [12/04/2018 01:38:21] - |D| - [3724505] - C:\WINDOWS\debug [MD5.99F5D5BBD351694638DF3C0CC4A919A3] - [27/05/2018 21:42:00] - |A| - (.-.) - [7623] - (0.0.0.0) - C:\WINDOWS\diagerr.xml [12/04/2018 01:38:21] - |D| - [4531848] - C:\WINDOWS\diagnostics [MD5.99F5D5BBD351694638DF3C0CC4A919A3] - [27/05/2018 21:42:00] - |A| - (.-.) - [7623] - (0.0.0.0) - C:\WINDOWS\diagwrn.xml [12/04/2018 18:19:18] - |D| - [0] - C:\WINDOWS\DigitalLocker [12/04/2018 01:38:21] - |SD| - [65] - C:\WINDOWS\Downloaded Program Files [MD5.0981A129EFE6AB57521AD2394FF41209] - [22/05/2018 12:10:40] - |A| - (.-.) - [16072] - (0.0.0.0) - C:\WINDOWS\DPINST.LOG [MD5.FF78FE3B988F54E7F9675122B9618883] - [12/04/2018 01:40:39] - |A| - (.-.) - [4179] - (0.0.0.0) - C:\WINDOWS\DtcInstall.log [12/04/2018 01:38:21] - |HD| - [44616] - C:\WINDOWS\ELAMBKUP [12/04/2018 18:19:18] - |D| - [0] - C:\WINDOWS\en-US [MD5.E4A81EDDFF8B844D85C8B45354E4144E] - [13/07/2018 08:18:49] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [3932672] - (10.0.17134.165) - C:\WINDOWS\explorer.exe [12/04/2018 01:38:21] - |RSD| - [421185044] - C:\WINDOWS\Fonts [12/04/2018 18:19:18] - |D| - [109568] - C:\WINDOWS\fr-FR [12/04/2018 01:38:21] - |D| - [0] - C:\WINDOWS\GameBarPresenceWriter [12/04/2018 01:38:21] - |D| - [47788657] - C:\WINDOWS\Globalization [12/04/2018 01:38:21] - |D| - [71526356] - C:\WINDOWS\Help [MD5.FFD31D96B8D4BAB8B0F83E42B7430A54] - [13/07/2018 08:18:42] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Aide et support Microsoft.) - [1054720] - (10.0.17134.137) - C:\WINDOWS\HelpPane.exe [MD5.A50C9DF7603E2F1AEA6B54053794A326] - [12/04/2018 01:34:25] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Exécutable de l’aide HTML Microsoft®.) - [17920] - (10.0.17134.1) - C:\WINDOWS\hh.exe [12/04/2018 01:38:21] - |D| - [29869] - C:\WINDOWS\IdentityCRL [MD5.D8DD07AE0E42FC72156950BEE65E9659] - [09/07/2018 12:11:02] - |A| - (.-.) - [1186] - (0.0.0.0) - C:\WINDOWS\IE11_main.log [12/04/2018 01:38:21] - |D| - [28827030] - C:\WINDOWS\IME [12/04/2018 01:38:21] - |RD| - [8489793] - C:\WINDOWS\ImmersiveControlPanel [MD5.78CF41BA71D5761F64459D0F69554E46] - [06/06/2018 19:08:12] - |A| - (.-.) - [9136] - (0.0.0.0) - C:\WINDOWS\INETWH16.DLL [MD5.6580F8D19CC1392EA7A77D72AEA91505] - [06/06/2018 19:08:12] - |A| - (.-.) - [35328] - (0.0.0.0) - C:\WINDOWS\INETWH32.DLL [12/04/2018 01:36:48] - |D| - [69676474] - C:\WINDOWS\INF [12/04/2018 01:38:21] - |D| - [1385663596] - C:\WINDOWS\InfusedApps [12/04/2018 01:38:21] - |D| - [38137502] - C:\WINDOWS\InputMethod [12/04/2018 01:38:21] - |SHD| - [2601801965] - C:\WINDOWS\Installer [MD5.7D159657656B72BF2C24C295026E64EE] - [06/06/2018 19:03:30] - |A| - (.Copyright© 1990-1997 InstallShield Software Corporation Phone : (847) 240-9111 - InstallShield® unInstaller.) - [317440] - (5.0.225.0) - C:\WINDOWS\IsUninst.exe [12/04/2018 01:38:21] - |D| - [94163] - C:\WINDOWS\L2Schemas [12/04/2018 01:38:21] - |HD| - [0] - C:\WINDOWS\LanguageOverlayCache [MD5.2EADAC7DBF3DE704288563C145FEF731] - [27/05/2018 02:58:55] - |A| - (.-.) - [14868] - (0.0.0.0) - C:\WINDOWS\LDPINST.LOG [12/04/2018 01:38:21] - |D| - [1339915329] - C:\WINDOWS\LiveKernelReports [MD5.E1A10E51B047386B30B519EAEA86048A] - [27/05/2018 02:59:02] - |A| - (.-.) - [2846] - (0.0.0.0) - C:\WINDOWS\LkmdfCoInst.log [11/04/2018 23:04:39] - |D| - [43719588] - C:\WINDOWS\Logs [12/04/2018 01:38:21] - |RSD| - [20486563] - C:\WINDOWS\media [MD5.23AF90D2355D8C83AA4567EF1763B467] - [12/04/2018 01:34:36] - |A| - (.-.) - [43131] - (0.0.0.0) - C:\WINDOWS\mib.bin [28/05/2018 10:04:03] - |D| - [143115268] - C:\WINDOWS\Microsoft Antimalware [12/04/2018 01:38:20] - |RD| - [805758125] - C:\WINDOWS\Microsoft.NET [12/04/2018 01:38:21] - |D| - [3677] - C:\WINDOWS\Migration [27/05/2018 22:25:39] - |D| - [0] - C:\WINDOWS\Minidump [12/04/2018 01:38:21] - |D| - [0] - C:\WINDOWS\ModemLogs [09/06/2018 09:15:07] - |D| - [2004] - C:\WINDOWS\MSSecurityNi [09/06/2018 09:15:07] - |D| - [2004] - C:\WINDOWS\MSSecurityNS [06/06/2018 19:08:12] - |D| - [78544] - C:\WINDOWS\Noslip [MD5.BB9A06B8F2DD9D24C77F389D7B2B58D2] - [12/04/2018 01:34:20] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Bloc-notes.) - [245760] - (10.0.17134.1) - C:\WINDOWS\notepad.exe [MD5.1023C4553FC09D1D215B96345287458A] - [28/05/2018 11:30:00] - |A| - (.-.) - [217998] - (0.0.0.0) - C:\WINDOWS\ntbtlog.txt [MD5.74F28574BB8F61FFC7DD419FE6B6E0D5] - [01/06/2018 20:03:35] - |A| - (.-.) - [1951] - (0.0.0.0) - C:\WINDOWS\NvContainerRecovery.bat [12/04/2018 18:23:03] - |D| - [199472] - C:\WINDOWS\OCR [12/04/2018 01:38:21] - |RD| - [65] - C:\WINDOWS\Offline Web Pages [22/05/2018 12:59:33] - |DC| - [324313472] - C:\WINDOWS\Panther [27/06/2018 15:23:11] - |D| - [0] - C:\WINDOWS\PCHEALTH [12/04/2018 01:38:21] - |D| - [584287] - C:\WINDOWS\Performance [MD5.847214CD43C15880C76E483DD479EC43] - [22/05/2018 12:13:22] - |A| - (.-.) - [85808] - (0.0.0.0) - C:\WINDOWS\PFRO.log [12/04/2018 01:38:21] - |D| - [1136442] - C:\WINDOWS\PLA [12/04/2018 01:38:21] - |D| - [7206237] - C:\WINDOWS\PolicyDefinitions [27/05/2018 21:36:36] - |D| - [4676463] - C:\WINDOWS\Prefetch [12/04/2018 01:38:21] - |RD| - [1965018] - C:\WINDOWS\PrintDialog [MD5.37BAA0C11BDFD8E54594E9C923CDF25E] - [12/04/2018 18:24:39] - |A| - (.-.) - [36112] - (0.0.0.0) - C:\WINDOWS\Professional.xml [06/06/2018 19:08:12] - |D| - [4273] - C:\WINDOWS\Profiles [12/04/2018 01:38:21] - |D| - [5261619] - C:\WINDOWS\Provisioning [MD5.AC91328EE5CFFBD695CE912F75F876F6] - [12/04/2018 01:34:34] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Éditeur du Registre.) - [336384] - (10.0.17134.1) - C:\WINDOWS\regedit.exe [12/04/2018 01:38:21] - |D| - [1095144] - C:\WINDOWS\Registration [12/04/2018 18:24:11] - |D| - [0] - C:\WINDOWS\RemotePackages [12/04/2018 01:38:21] - |D| - [7036464] - C:\WINDOWS\rescache [12/04/2018 01:38:21] - |D| - [4023649] - C:\WINDOWS\Resources [MD5.A095B3E67C8EB8F2137EAC63687F2F5B] - [22/05/2018 12:05:50] - |A| - (.Copyright (C) 2016 Realtek Semiconductor Corp. - RtlExUpd DLL for setup utility function.) - [2839520] - (1.0.7.0) - C:\WINDOWS\RtlExUpd.dll [12/04/2018 01:38:21] - |D| - [0] - C:\WINDOWS\SchCache [12/04/2018 01:38:21] - |D| - [189322] - C:\WINDOWS\schemas [12/04/2018 01:38:21] - |D| - [10357869] - C:\WINDOWS\security [27/05/2018 22:34:00] - |D| - [70386581] - C:\WINDOWS\ServiceProfiles [12/04/2018 01:38:21] - |D| - [0] - C:\WINDOWS\ServiceState [11/04/2018 23:04:33] - |D| - [121866158] - C:\WINDOWS\servicing [MD5.D011DB647083CEA5B72F4FB0395EA48B] - [06/06/2018 19:08:12] - |A| - (.-.) - [4528] - (0.0.0.0) - C:\WINDOWS\SETBROWS.EXE [12/04/2018 01:41:20] - |D| - [42] - C:\WINDOWS\Setup [MD5.D41D8CD98F00B204E9800998ECF8427E] - [29/06/2018 15:31:45] - |A| - (.-.) - [0] - (0.0.0.0) - C:\WINDOWS\setuperr.log [12/04/2018 01:38:21] - |D| - [6442496] - C:\WINDOWS\ShellComponents [12/04/2018 01:38:21] - |D| - [53630976] - C:\WINDOWS\ShellExperiences [27/06/2018 15:21:52] - |D| - [97307] - C:\WINDOWS\SHELLNEW [12/04/2018 18:20:18] - |D| - [3070736] - C:\WINDOWS\SKB [22/05/2018 18:15:06] - |D| - [1868484831] - C:\WINDOWS\SoftwareDistribution [12/04/2018 01:38:21] - |D| - [86037185] - C:\WINDOWS\Speech [12/04/2018 01:38:21] - |D| - [63476142] - C:\WINDOWS\Speech_OneCore [MD5.8D59B31FF375059E3C32B17BF31A76D5] - [12/04/2018 01:34:41] - |A| - (.© Microsoft Corporation. - Print driver host for applications.) - [130560] - (10.0.17134.1) - C:\WINDOWS\splwow64.exe [12/04/2018 01:38:21] - |D| - [1874315] - C:\WINDOWS\System [MD5.286A9EDB379DC3423A528B0864A0F111] - [18/03/2017 23:03:33] - |A| - (.-.) - [219] - (0.0.0.0) - C:\WINDOWS\system.ini [11/04/2018 23:04:33] - |D| - [7193999491] - C:\WINDOWS\System32 [12/04/2018 01:38:21] - |D| - [226902207] - C:\WINDOWS\SystemApps [12/04/2018 01:38:21] - |D| - [25650125] - C:\WINDOWS\SystemResources [11/04/2018 23:04:41] - |D| - [1442869593] - C:\WINDOWS\SysWOW64 [12/04/2018 01:38:21] - |D| - [0] - C:\WINDOWS\TAPI [18/03/2017 23:03:29] - |D| - [220] - C:\WINDOWS\Tasks [12/04/2018 01:38:21] - |D| - [220396] - C:\WINDOWS\Temp [12/04/2018 01:38:21] - |D| - [13610496] - C:\WINDOWS\TextInput [12/04/2018 01:38:21] - |D| - [0] - C:\WINDOWS\tracing [12/04/2018 01:38:21] - |D| - [7680] - C:\WINDOWS\twain_32 [MD5.076387B253E6A381090F59EDBFC5EEF6] - [12/04/2018 01:34:53] - |A| - (.- Gestionnaire de sources Twain_32 (Image Acquisition Interface).) - [65536] - (1.7.1.3) - C:\WINDOWS\twain_32.dll [22/05/2018 12:52:52] - |SD| - [0] - C:\WINDOWS\UpdateAssistantV2 [12/04/2018 01:38:21] - |D| - [12420] - C:\WINDOWS\Vss [11/04/2018 23:04:37] - |D| - [25814] - C:\WINDOWS\WaaS [12/04/2018 01:38:21] - |D| - [15729830] - C:\WINDOWS\Web [MD5.DAA6AAD525D12F8985695B882301336F] - [18/03/2017 23:03:33] - |A| - (.-.) - [167] - (0.0.0.0) - C:\WINDOWS\win.ini [MD5.C844CA459F3B209329984772269B6E56] - [12/04/2018 01:34:36] - |RAH| - (.-.) - [670] - (0.0.0.0) - C:\WINDOWS\WindowsShell.Manifest [MD5.2CC83D93DD1DDE691158CF5E9882420B] - [22/05/2018 18:15:06] - |A| - (.-.) - [276] - (0.0.0.0) - C:\WINDOWS\WindowsUpdate.log [MD5.EE1F0DE1ED3E8A5BF080B3497049969E] - [12/04/2018 01:34:52] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Relais Windows Winhlp32.) - [11776] - (10.0.17134.1) - C:\WINDOWS\winhlp32.exe [MD5.8FD34B5993DA764786D13DA952EC4123] - [06/06/2018 19:08:23] - |A| - (.-.) - [16] - (0.0.0.0) - C:\WINDOWS\Wininit.ini [11/04/2018 23:04:33] - |D| - [11427381313] - C:\WINDOWS\WinSxS [MD5.E7E4D8D7340DA6934B9EA81CBB21374C] - [12/04/2018 01:33:56] - |A| - (.-.) - [316640] - (0.0.0.0) - C:\WINDOWS\WMSysPr9.prx [MD5.5266C61652051E9EF3A4D199001F6B17] - [12/04/2018 01:34:19] - |A| - (.© Microsoft Corporation. - Windows Write.) - [11264] - (10.0.17134.1) - C:\WINDOWS\write.exe [MD5.3483CFEFDC3C02E2FC01FEC84603351C] - [06/06/2018 19:08:23] - |A| - (.-.) - [24] - (0.0.0.0) - C:\WINDOWS\Xwdupv.ns ---------- | C:\WINDOWS\System32\GroupPolicy ---------- | Systemroot\System [16/04/2009 19:02:56] - |A| - [253952] - C:\WINDOWS\System\at.asp (Copyright © Microsoft Corp. 1981-1994) - (Microsoft® C Runtime Library) [16/04/2009 19:03:38] - |A| - [57344] - C:\WINDOWS\System\icmfilter.dll (Copyright 1998) - (icmfilter Module) [16/04/2009 19:03:24] - |A| - [343040] - C:\WINDOWS\System\msvcrt.dll (© Microsoft Corporation.) - (Windows NT CRT DLL) [16/04/2009 19:02:46] - |A| - [210944] - C:\WINDOWS\System\MSVCRT10.DLL () - () [16/04/2009 19:03:46] - |A| - [210944] - C:\WINDOWS\System\MSVCRT10.DLX () - () [16/04/2009 19:03:14] - |A| - [253952] - C:\WINDOWS\System\msvcrt20.dll (Copyright © Microsoft Corp. 1981-1994) - (Microsoft® C Runtime Library) [16/04/2009 19:03:52] - |A| - [61440] - C:\WINDOWS\System\msvcrt40.dll (© Microsoft Corporation.) - (VC 4.x CRT DLL (Forwarded to msvcrt.dll)) [16/04/2009 19:04:00] - |A| - [385100] - C:\WINDOWS\System\MSVCRTD.DLL (Copyright (C) Microsoft Corp. 1981-1998) - (Microsoft (R) C Runtime Library) [16/04/2009 19:03:28] - |A| - [32768] - C:\WINDOWS\System\plugin.dll (Copyright © Adobe Systems, Inc. 1989-1996) - (Photoshop Plugin Utilities) [16/04/2009 19:02:28] - |A| - [33792] - C:\WINDOWS\System\_ISREG32.DLL (Copyright © 1995) - (_isreg32) ---------- | Systemroot\Installer (Microsoft Files Whitelisted) [30/10/2014 09:04:40] - C:\WINDOWS\Installer\103407.msi : ( - Samsung Electronics Co.,Ltd) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [26/07/2016 12:57:50] - C:\WINDOWS\Installer\10340d.msi : ( -) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [12/12/2017 05:24:08] - C:\WINDOWS\Installer\1205d4.msi : (OpenOffice 4.1.5 - OpenOffice) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/03/2015 10:41:29] - C:\WINDOWS\Installer\174ab4.msi : ( - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [12/07/2018 08:10:23] - C:\WINDOWS\Installer\1793fab9.msi : (Adobe ARM Installer - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [22/05/2018 11:18:41] - C:\WINDOWS\Installer\1847e4.msi : (Google Update Helper - Google Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [29/08/2018 15:33:20] - C:\WINDOWS\Installer\1a8676b.msi : (Google Earth Pro - Google) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [12/07/2018 00:32:58] - C:\WINDOWS\Installer\277e1e8.msi : (AMD Problem Report Wizard (64 bit) - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [12/07/2018 00:34:26] - C:\WINDOWS\Installer\277e1ee.msi : (AMD User Experience Program Installer - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [22/05/2018 11:43:22] - C:\WINDOWS\Installer\2c2375.msi : (OEM Application Profile - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [22/05/2018 11:43:28] - C:\WINDOWS\Installer\2c237a.msi : (Balanced - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [11/07/2015 00:59:50] - C:\WINDOWS\Installer\3226f9.msi : (Setup - Corel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [11/07/2015 01:07:18] - C:\WINDOWS\Installer\322700.msi : (PSPPContent - Corel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [11/07/2015 01:07:00] - C:\WINDOWS\Installer\322703.msi : (PSPPHelp - Corel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [11/07/2015 01:00:06] - C:\WINDOWS\Installer\322706.msi : (Blank Project Template - Corel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [11/07/2015 01:00:20] - C:\WINDOWS\Installer\32270d.msi : (Blank Project Template - Corel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [11/07/2015 00:59:24] - C:\WINDOWS\Installer\322710.msi : (ICA - Corel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/09/2004 21:09:50] - C:\WINDOWS\Installer\38e8cd6.msi : (Animation Shop 3 - Nathan Gaida) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/03/2018 15:53:50] - C:\WINDOWS\Installer\433f38.msi : (Corsair LINK 4 - Corsair Components, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [22/05/2018 13:14:46] - C:\WINDOWS\Installer\6720c52a.msi : (AMD Settings - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [22/05/2018 13:23:42] - C:\WINDOWS\Installer\6720c531.msi : (AMD Settings - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [13/09/2017 12:43:16] - C:\WINDOWS\Installer\6720c53e.msi : (Branding - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] ---------- | %System%\*.in* [12/04/2018 01:33:56] - [3329] - C:\WINDOWS\System32\ieuinit.inf [27/05/2018 21:41:02] - [5938] - C:\WINDOWS\System32\PerfStringBackup.INI [12/04/2018 01:34:33] - [60124] - C:\WINDOWS\System32\tcpmon.ini [12/04/2018 01:34:20] - [2404] - C:\WINDOWS\System32\WimBootCompress.ini [12/04/2018 01:34:00] - [3329] - C:\WINDOWS\Syswow64\ieuinit.inf [16/07/2018 23:28:01] - [5876] - C:\WINDOWS\Syswow64\PerfStringBackup.INI [12/04/2018 01:34:49] - [2404] - C:\WINDOWS\Syswow64\WimBootCompress.ini ---------- | Listing no Microsoft signed files (Not necessary Malwares) | system32 | Syswow64 | General scan [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:20] - [2.06 Ko] - C:\WINDOWS\AppPatch\Custom\Custom64 [MD5.00000000000000000000000000000000] - |D| - [03/09/2018 22:49:14] - [51.59 Ko] - C:\WINDOWS\Temp\cpuz146 [MD5.31FF12A4D4AFE0E500A0B7C899D193D6] - |A| - [17/08/2018 11:21:41] - (.-.) - [94.01 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MpCmdRun.log [MD5.000EE54580F269812DF011CC1AC0D13E] - |A| - [28/08/2018 12:07:06] - (.-.) - [69.63 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MpSigStub.log [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:19:19] - [0 Ko] - C:\WINDOWS\System32\0409 [MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [12/04/2018 01:34:20] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@AudioToastIcon.png [MD5.8E4B25CC8E98F63DBD54176DFAB539E0] - |A| - [12/04/2018 01:34:07] - (.-.) - [0.44 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@BackgroundAccessToastIcon.png [MD5.3937359E324E15F6A7A7092D4DAEBD64] - |A| - [12/04/2018 01:34:25] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@bitlockertoastimage.png [MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [12/04/2018 01:34:14] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@EnrollmentToastIcon.png [MD5.C2A332DE50FE519DA21AFB8BD6E134F4] - |A| - [12/04/2018 01:34:27] - (.-.) - [0.55 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@language_notification_icon.png [MD5.2B7002E9C7EA6B436F3A0F7C305AACD8] - |N| - [22/05/2018 12:17:53] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@NotifierToastIcon.png [MD5.A119D69B4C29845D3F8CE2E5638C8E65] - |A| - [12/04/2018 01:34:32] - (.-.) - [0.47 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@optionalfeatures.png [MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [12/04/2018 01:34:33] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@VpnToastIcon.png [MD5.7AC3EA1A5175106ED6467FF0C5315541] - |A| - [12/04/2018 01:34:44] - (.-.) - [14.75 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WiFiNotificationIcon.png [MD5.79166EAF65485F1432DD72B72870026B] - |A| - [12/04/2018 01:34:04] - (.-.) - [190.86 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@windows-hello-V4.1.gif [MD5.13EF2C8D799F7B6E9D8E3D6BACB9C779] - |A| - [12/04/2018 01:34:04] - (.-.) - [0.7 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsHelloFaceToastIcon.png [MD5.F553B252FEC3134D4F5303D9B25298B3] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsUpdateToastIcon.contrast-black.png [MD5.DAD405CBDE259DE527EBF71BCC28099C] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.79 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsUpdateToastIcon.contrast-white.png [MD5.F553B252FEC3134D4F5303D9B25298B3] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsUpdateToastIcon.png [MD5.DB71001FC261F6685BE410527DAE3942] - |A| - [12/04/2018 01:34:20] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WirelessDisplayToast.png [MD5.D0FCF781D0801ABF5F74B54E98076A5B] - |A| - [12/04/2018 01:34:12] - (.-.) - [0.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WwanNotificationIcon.png [MD5.85D91E478AF18125007C531227FF6E59] - |A| - [12/04/2018 01:34:12] - (.-.) - [0.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WwanSimLockIcon.png [MD5.00000000000000000000000000000000] - |D| - [11/04/2018 23:04:39] - [2891.9 Ko] - C:\WINDOWS\System32\AdvancedInstallers [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29.5 Ko] - C:\WINDOWS\System32\af-ZA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [27.97 Ko] - C:\WINDOWS\System32\am-et [MD5.4200282D0D87A9BE44A1825773EA24A1] - |A| - [13/01/2018 00:14:48] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon AMD AVE Driver Component.) - [127.57 Ko] - (24.20.11016.4) - C:\WINDOWS\System32\amdave64.dll [MD5.F46FCD5B5AA079E551CA4EBA57ABD4A3] - |A| - [13/01/2018 00:15:30] - (.-.) - [435.37 Ko] - (0.0.0.0) - C:\WINDOWS\System32\amdgfxinfo64.dll [MD5.28B60DF19E2557B4DBA5FEDFB97748AF] - |A| - [13/01/2018 00:15:02] - (.Copyright (C) 2013 - Universal Adapter for Adobe.) - [181.39 Ko] - (24.20.11016.4) - C:\WINDOWS\System32\amdhcp64.dll [MD5.D4BFFB23E5460A829BF87C734513C324] - |A| - [16/05/2018 15:25:54] - (.Copyright (C) 2018 Advanced Micro Devices, Inc. - AMD DVR.) - [152.04 Ko] - (1.0.0.0) - C:\WINDOWS\System32\amdihk64.dll [MD5.E80CD58AC07AD5BE76B54DC35F44E2A6] - |A| - [22/05/2018 13:13:10] - (.-.) - [33.69 Ko] - (0.0.0.0) - C:\WINDOWS\System32\AMDKernelEvents.man [MD5.BF64EAE5CBA377D692E29B7C376A4621] - |A| - [13/01/2018 00:15:38] - (.Advanced Micro Devices, Inc. Copyright (C) 2015 - LiquidVR SDK 1.0.) - [854.37 Ko] - (1.0.13.0) - C:\WINDOWS\System32\amdlvr64.dll [MD5.1CD544A90F59479DE3C181C2A29348F4] - |A| - [13/01/2018 00:15:50] - (.Copyright (c) 2013 Advanced Micro Devices, Inc. - Radeon MCL Universal Driver.) - [539.37 Ko] - (1.6.0.0) - C:\WINDOWS\System32\amdmcl64.dll [MD5.DE98A0DCAF5BA922BBE1FB025266F71D] - |A| - [13/01/2018 00:15:02] - (.-.) - [535.93 Ko] - (0.0.0.0) - C:\WINDOWS\System32\amdmiracast.dll [MD5.26110F125BA5210A8035B9892E617563] - |A| - [13/01/2018 00:15:10] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon PCOM Universal Driver.) - [118.52 Ko] - (24.20.11016.4) - C:\WINDOWS\System32\amdpcom64.dll [MD5.786A30F547311152EE038DF5751DABE0] - |A| - [08/11/2017 01:21:34] - (.Copyright (c) 2013 - 2017 Advanced Micro Devices, Inc. - amdtee_api dll.) - [28.01 Ko] - (4.5.0.0) - C:\WINDOWS\System32\amdtee_api.dll [MD5.6FCD3A5E3409F41C194565D6930A8904] - |A| - [13/01/2018 00:16:30] - (.Copyright (C) 2014-2017 AMD Inc. - amdxcstub64.dll.) - [110.86 Ko] - (8.18.10.234) - C:\WINDOWS\System32\amdxc64.dll [MD5.60CFFF94F068EFB0151F97DF7A3E3C45] - |A| - [13/01/2018 00:16:48] - (.Advanced Micro Devices, Inc. Copyright (C) 2017 - Advanced Media Framework.) - [3063.37 Ko] - (1.4.7.0) - C:\WINDOWS\System32\amfrt64.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\System32\AppLocker [MD5.00000000000000000000000000000000] - |D| - [14/08/2018 18:37:31] - [0 Ko] - C:\WINDOWS\System32\appmgmt [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [2576.89 Ko] - C:\WINDOWS\System32\appraiser [MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 18:24:11] - [287.58 Ko] - C:\WINDOWS\System32\AppV [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [345.5 Ko] - C:\WINDOWS\System32\ar-SA [MD5.B4F803BBEAFAD4DE89C6D3718E93F4F0] - |A| - [12/04/2018 01:34:15] - (.Copyright (c) libarchive authors - Windows-internal libarchive library.) - [602 Ko] - (3.3.2.0) - C:\WINDOWS\System32\archiveint.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [30.5 Ko] - C:\WINDOWS\System32\as-IN [MD5.563E95BB4F825A9C512068C17844A25F] - |A| - [13/01/2018 00:16:54] - (.© 2004 Advanced Micro Devices, Inc. - eRecord Message Resource File.) - [67.37 Ko] - (24.20.11016.4) - C:\WINDOWS\System32\ati2erec.dll [MD5.F45DFD99BB4D41C70250ADB32397CC0A] - |A| - [13/01/2018 00:16:58] - (.Copyright (C) 2008-2018 Advanced Micro Devices, Inc. - ADL.) - [1442.87 Ko] - (24.20.11016.4) - C:\WINDOWS\System32\atiadlxx.dll [MD5.1DAF70F28AD1A5FA3843BF671588DBFA] - |A| - [12/01/2018 23:40:36] - (.-.) - [869.85 Ko] - (0.0.0.0) - C:\WINDOWS\System32\atiapfxx.blb [MD5.BC84CF0AB6D93E87AACB709AAD7DEC54] - |A| - [13/01/2018 00:17:18] - (.Copyright (C) 1998-2012 AMD Inc. - aticfxstub64.dll.) - [150.49 Ko] - (8.17.10.1613) - C:\WINDOWS\System32\aticfx64.dll [MD5.DDAB687EF0DA840959F23DF4A5EF836D] - |A| - [22/05/2018 16:54:20] - (.2002-2012 - Graphics DEM.) - [456.37 Ko] - (4.5.6710.24619) - C:\WINDOWS\System32\atidemgy.dll [MD5.2EF52C930E164A8D9FBC99CA37980538] - |A| - [13/01/2018 00:17:26] - (.-.) - [116.87 Ko] - (0.0.0.0) - C:\WINDOWS\System32\atidxx64.dll [MD5.8F916C2CD1F1F45ACDE6D09436D0FFB3] - |A| - [13/01/2018 00:17:30] - (.-.) - [404.86 Ko] - (0.0.0.0) - C:\WINDOWS\System32\atieah64.exe [MD5.5156F6C26829D8C77079256071A19E4B] - |A| - [13/01/2018 00:17:34] - (.Copyright © 2008-2009 AMD - AMD External Events Client Module.) - [696.37 Ko] - (24.20.11016.4) - C:\WINDOWS\System32\atieclxx.exe [MD5.6C7A424369A7E98C772362F644371599] - |A| - [13/01/2018 00:17:44] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atigktxx.dll.) - [229.37 Ko] - (24.20.11016.4) - C:\WINDOWS\System32\atig6txx.dll [MD5.5E7805C752D2571973FFE2D6BD4532CE] - |A| - [13/01/2018 00:15:38] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon PCOM Universal Driver.) - [118.52 Ko] - (24.20.11016.4) - C:\WINDOWS\System32\atimpc64.dll [MD5.90F2B427AE81202B40E467278CAB2ED4] - |A| - [13/01/2018 00:17:52] - (.Copyright ? 2009 AMD - Multi-language DPPE DLL.) - [121.37 Ko] - (24.20.11016.4) - C:\WINDOWS\System32\atimuixx.dll [MD5.9DB0F5DBEA9877E0CEB5D2882A975F0C] - |A| - [13/01/2018 00:18:08] - (.Copyright (c) 2010 Advanced Micro Devices, Inc. - Radeon spu api dll.) - [153.37 Ko] - (24.20.11016.4) - C:\WINDOWS\System32\atisamu64.dll [MD5.FF5B888AF2E7B6744F744315D4375313] - |A| - [12/01/2018 23:40:38] - (.-.) - [3357.06 Ko] - (0.0.0.0) - C:\WINDOWS\System32\atiumd6a.cap [MD5.7C163EDE63854539828F5B2C1BC529FD] - |A| - [12/01/2018 23:40:38] - (.-.) - [153.46 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ativvsva.dat [MD5.219D7091DD1D93728392337FE9C7ADD6] - |A| - [12/01/2018 23:40:38] - (.-.) - [200.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ativvsvl.dat [MD5.C03F0062C0749CDB59A4D60862C3E83E] - |A| - [12/04/2018 01:34:04] - (.-.) - [134.86 Ko] - (0.0.0.0) - C:\WINDOWS\System32\AverageRoom.bin [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [30 Ko] - C:\WINDOWS\System32\az-Latn-AZ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29.5 Ko] - C:\WINDOWS\System32\be-BY [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [345.5 Ko] - C:\WINDOWS\System32\bg-BG [MD5.705628497C0012302212A46ADD463E6E] - |A| - [12/04/2018 01:34:02] - (.-.) - [8.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.contrast-black.png [MD5.F63C615733A3337BF2BEA96C6EE9B568] - |A| - [12/04/2018 01:34:02] - (.-.) - [8.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.contrast-high.png [MD5.705628497C0012302212A46ADD463E6E] - |A| - [12/04/2018 01:34:02] - (.-.) - [8.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.contrast-white.png [MD5.DAF1DCB4AEE839A1965F4CC160C49A53] - |A| - [12/04/2018 01:34:02] - (.-.) - [8.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.png [MD5.28ECA83D7F9D10D69E969675D1FF6725] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.29 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothSystemToastIcon.contrast-white.png [MD5.A620186FF1CDE4EE117FC4CAD648B9CC] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.2 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [28.5 Ko] - C:\WINDOWS\System32\bn-BD [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29.5 Ko] - C:\WINDOWS\System32\bn-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [4832.22 Ko] - C:\WINDOWS\System32\Boot [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [28.5 Ko] - C:\WINDOWS\System32\bs-Latn-BA [MD5.06DB0A736F8A78151518276F232669FC] - |A| - [12/04/2018 01:34:19] - (.Copyright (C) 2008 - Gestionnaire de contexte pour réseau personnel Bluetooth.) - [181 Ko] - (1.0.0.1) - C:\WINDOWS\System32\BthpanContextHandler.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0.1 Ko] - C:\WINDOWS\System32\Bthprops [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [30.5 Ko] - C:\WINDOWS\System32\ca-ES [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [31 Ko] - C:\WINDOWS\System32\ca-ES-valencia [MD5.6794D9D442E31DC5E95BDF65F37E4386] - |A| - [14/07/2009 03:25:22] - (.Copyright (C) 2006 - CardGames Resources.) - [6068.5 Ko] - (1.0.0.1) - C:\WINDOWS\System32\CardGames.dll [MD5.00000000000000000000000000000000] - |D| - [11/04/2018 23:04:33] - [84433.31 Ko] - C:\WINDOWS\System32\CatRoot [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [33206.56 Ko] - C:\WINDOWS\System32\catroot2 [MD5.2E53389E559CAA5168DAE23E1D38A08D] - |A| - [08/09/2014 13:37:32] - (.Copyright © 2010. - CDA Print Provider.) - [70.5 Ko] - (1.62.0.0) - C:\WINDOWS\System32\CDASpl.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [23 Ko] - C:\WINDOWS\System32\chr-CHER-US [MD5.20E55A4038A97CC4B948632F6E605224] - |A| - [13/01/2018 00:18:18] - (.-.) - [343.36 Ko] - (0.0.0.0) - C:\WINDOWS\System32\clinfo.exe [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [3080.46 Ko] - C:\WINDOWS\System32\CodeIntegrity [MD5.981790D8E91EEB0E7C0DFFB611489CDB] - |A| - [22/05/2018 16:54:38] - (.AMD. - CoInstaller DLL.) - [1211.87 Ko] - (1.0.5.9) - C:\WINDOWS\System32\coinst_18.10.dll [MD5.398C97CCBBB07FCEFF8DC6C2B52CA49C] - |A| - [12/07/2018 17:31:34] - (.AMD. - CoInstaller DLL.) - [1215.48 Ko] - (1.0.5.9) - C:\WINDOWS\System32\coinst_18.20.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [368 Ko] - C:\WINDOWS\System32\com [MD5.535884123FABC2C15AA7DEC9834B55D4] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ComputerToastIcon.contrast-white.png [MD5.89F92266DFC6F93961DFFBB2D6C61A15] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.38 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ComputerToastIcon.png [MD5.1B3470741602B9D4BCC42B51EA417A74] - |A| - [22/05/2018 12:05:53] - (.2013 © Real Sound Lab SIA, iSoft Solutions - CONEQ™ Media Suite APO GUI Library.) - [119.45 Ko] - (1.0.0.4) - C:\WINDOWS\System32\CONEQMSAPOGUILibrary.dll [MD5.00000000000000000000000000000000] - |D| - [11/04/2018 23:04:33] - [269076.09 Ko] - C:\WINDOWS\System32\config [MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 01:38:21] - [53.11 Ko] - C:\WINDOWS\System32\Configuration [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [408 Ko] - C:\WINDOWS\System32\cs-CZ [MD5.BDEBD2FC4927DA00EEA263AF9CF8F7ED] - |A| - [12/04/2018 01:34:15] - (.© 1996 - 2017 Daniel Stenberg, . - The curl executable.) - [414.5 Ko] - (7.55.1.0) - C:\WINDOWS\System32\curl.exe [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [31.5 Ko] - C:\WINDOWS\System32\cy-GB [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [403.5 Ko] - C:\WINDOWS\System32\da-DK [MD5.4EDE94905F4910EA8CF91D4101DA198A] - |A| - [12/04/2018 01:34:04] - (.-.) - [138 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DataStoreCacheDumpTool.exe [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [217.6 Ko] - C:\WINDOWS\System32\DDFs [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [458 Ko] - C:\WINDOWS\System32\de-DE [MD5.C04ED7B2794D40E8E777FD44ED44FC50] - |A| - [12/04/2018 01:34:06] - (.-.) - [0.36 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultAccountTile.png [MD5.618BA9E529EAB7E11DBA43469481835F] - |A| - [12/04/2018 01:34:04] - (.-.) - [4128.04 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultHrtfs.bin [MD5.664AA698FC0106A2B075A641E8DC6302] - |A| - [12/04/2018 01:38:27] - (.-.) - [0.84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultQuestions.json [MD5.4A6FA3C0EFD237F104E09A22883D9388] - |A| - [12/04/2018 01:34:17] - (.-.) - [3.85 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DetailedReading-Default.xml [MD5.2BEBA7543544495139ED54D0A96B15EB] - |A| - [13/01/2018 00:18:28] - (.-.) - [467.37 Ko] - (0.0.0.0) - C:\WINDOWS\System32\dgtrayicon.exe [MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 01:38:21] - [923.5 Ko] - C:\WINDOWS\System32\DiagSvcs [MD5.12ACC91FA93C8BF82D4EF3FB779ECEF8] - |A| - [12/04/2018 01:34:24] - (.-.) - [80.27 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DiskSnapshot.conf [MD5.00000000000000000000000000000000] - |D| - [11/04/2018 23:04:37] - [9773.77 Ko] - C:\WINDOWS\System32\Dism [MD5.6AB2B935BF38EB13CFCB9506223FD6E7] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DisplaySystemToastIcon.contrast-white.png [MD5.FF004E0B30E5E4EC747B3D8EF6E3B89E] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DisplaySystemToastIcon.png [MD5.DC7CD64469E7E115E4A16F8FADA7145D] - |N| - [17/07/2018 17:38:41] - (.Copyright (C) 2014 - DlgSearchEngine Dynamic Link Library.) - [2781 Ko] - (1.1.0.31) - C:\WINDOWS\System32\DlgSearchEngine.dll [MD5.DF84EB7B44D1414284BA384F0061D1DC] - |A| - [12/04/2018 01:34:04] - (.-.) - [728.08 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DynamicLong.bin [MD5.346870077DFD18867A9693C7A59AA3E6] - |A| - [12/04/2018 01:34:04] - (.-.) - [503.08 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DynamicMedium.bin [MD5.2BEC13D68312ADE8C0065D8BCC146D2F] - |A| - [12/04/2018 01:34:04] - (.-.) - [315.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DynamicShort.bin [MD5.08C33E4AB904EC0960B0781ED26AE039] - |A| - [12/04/2018 01:33:52] - (.-.) - [2.04 Ko] - (0.0.0.0) - C:\WINDOWS\System32\edgehtmlpluginpolicy.bin [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [456.5 Ko] - C:\WINDOWS\System32\el-GR [MD5.D94EBEDC3B03B6A1A4681E45D9DC840B] - |A| - [27/05/2018 21:40:03] - (.-.) - [22.57 Ko] - (0.0.0.0) - C:\WINDOWS\System32\emptyregdb.dat [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:19:19] - [0 Ko] - C:\WINDOWS\System32\en [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [324 Ko] - C:\WINDOWS\System32\en-GB [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [2179 Ko] - C:\WINDOWS\System32\en-US [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [438.5 Ko] - C:\WINDOWS\System32\es-ES [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [358.5 Ko] - C:\WINDOWS\System32\es-MX [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [318.5 Ko] - C:\WINDOWS\System32\et-EE [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29 Ko] - C:\WINDOWS\System32\eu-ES [MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 01:38:21] - [17895.14 Ko] - C:\WINDOWS\System32\F12 [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [28.5 Ko] - C:\WINDOWS\System32\fa-IR [MD5.4DBB768C8F7E49566670FF10A61726A3] - |A| - [13/07/2018 08:18:47] - (.-.) - [1278 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FaceProcessor.dll [MD5.F5A3997555DA1A4F7036D4E8B2FCB386] - |A| - [13/07/2018 08:18:41] - (.-.) - [530.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FaceProcessorCore.dll [MD5.BB0137476B1EC8B10CE944BF023C91F6] - |A| - [12/04/2018 01:34:04] - (.-.) - [1317.05 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FaceTrackerInternal.dll [MD5.4DED57BD7ACB9B0EBBE82034EC44645A] - |A| - [12/04/2018 01:34:41] - (.-.) - [43.22 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FeatureToastBulldogImg.png [MD5.E65D2A37B6D4445D0CD9234BA933475B] - |A| - [12/04/2018 01:33:53] - (.-.) - [72.96 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FeatureToastHeroImg.jpg [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [409 Ko] - C:\WINDOWS\System32\fi-FI [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [32.5 Ko] - C:\WINDOWS\System32\fil-PH [MD5.2A2F5B637ADB0B6F095904779FB712B1] - |A| - [27/05/2018 21:36:06] - (.-.) - [423.54 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FNTCACHE.DAT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:19:19] - [3490 Ko] - C:\WINDOWS\System32\fr [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [369 Ko] - C:\WINDOWS\System32\fr-CA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [47322.38 Ko] - C:\WINDOWS\System32\fr-FR [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\System32\FxsTmp [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [32.5 Ko] - C:\WINDOWS\System32\ga-IE [MD5.F6F1BCB9A1DECB63ECCB3B3F4A6599A9] - |A| - [13/01/2018 00:18:32] - (.-.) - [446.37 Ko] - (0.0.0.0) - C:\WINDOWS\System32\GameManager64.dll [MD5.41FD64AE28A0C932CA7B2A250993D675] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.45 Ko] - (0.0.0.0) - C:\WINDOWS\System32\GameSystemToastIcon.contrast-white.png [MD5.6DC77FD8B062264AF1C6DA325ABB7010] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\GameSystemToastIcon.png [MD5.2E6AF4D5BF6E31E728F409984C3045D4] - |A| - [12/04/2018 01:34:39] - (.-.) - [86.7 Ko] - (0.0.0.0) - C:\WINDOWS\System32\gatherNetworkInfo.vbs [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [34 Ko] - C:\WINDOWS\System32\gd-GB [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [31 Ko] - C:\WINDOWS\System32\gl-ES [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\System32\GroupPolicy [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\System32\GroupPolicyUsers [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29 Ko] - C:\WINDOWS\System32\gu-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29 Ko] - C:\WINDOWS\System32\ha-Latn-NG [MD5.EA99A87E98D995DE6E280CF85CEAD413] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.21 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HandwritingSystemToastIcon.contrast-white.png [MD5.B8E586ED92DB703FFA480E254996160E] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.89 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HandwritingSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [327.5 Ko] - C:\WINDOWS\System32\he-IL [MD5.6E9E9D56B192B2995493E529CFF2BBFE] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.43 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadphoneSystemToastIcon.contrast-white.png [MD5.7F1E9502267F778F3A8139C35A352190] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.09 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadphoneSystemToastIcon.png [MD5.202A07E4526B050E22624328E64E0470] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.52 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadsetSystemToastIcon.contrast-white.png [MD5.1892ACC10CAC009BCAC146AD650ABA58] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.17 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadsetSystemToastIcon.png [MD5.031713BFD5F30E63336D3CA5D2767BE9] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.79 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HealthSystemToastIcon.contrast-white.png [MD5.C1BD7976C99830E33A713D02374054EC] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.62 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HealthSystemToastIcon.png [MD5.D6906D226393F94E7D8B3B2AC1E41D94] - |A| - [12/04/2018 01:34:10] - (.-.) - [247.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeatCore.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29 Ko] - C:\WINDOWS\System32\hi-IN [MD5.7B7859030FF4D38A912A7BCC4A1B3B5E] - |N| - [18/03/2017 22:59:09] - (.-.) - [14 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HolographicShareInterop.ProxyStub.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [335 Ko] - C:\WINDOWS\System32\hr-HR [MD5.D2B2595A20A200A66616ACFD7073D803] - |A| - [13/01/2018 00:18:42] - (.-.) - [269.87 Ko] - (0.0.0.0) - C:\WINDOWS\System32\hsa-thunk64.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [416 Ko] - C:\WINDOWS\System32\hu-HU [MD5.E1712E7E7F912EC72EEDA318C3B25E25] - |A| - [12/04/2018 01:33:54] - (.-.) - [31 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HvSocket.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [27.5 Ko] - C:\WINDOWS\System32\hy-AM [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:24:11] - [185.05 Ko] - C:\WINDOWS\System32\hydrogen [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [5.36 Ko] - C:\WINDOWS\System32\ias [MD5.D55C4338DE29B2E9E025AAE3E61C7A58] - |A| - [16/04/2009 19:03:38] - (.Copyright 1998 - icmfilter Module.) - [56 Ko] - (1.0.0.1) - C:\WINDOWS\System32\icmfilter.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [36.27 Ko] - C:\WINDOWS\System32\icsxml [MD5.CD591279F103D5E02F84ABD7ED450E57] - |RA| - [12/04/2018 01:34:12] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU I18N DLL.) - [1848 Ko] - (59.1.0.0) - C:\WINDOWS\System32\icuin.dll [MD5.4185EE055F39FD2D726A91E6A8A1A093] - |RA| - [12/04/2018 01:34:12] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Common DLL.) - [1311.5 Ko] - (59.1.0.0) - C:\WINDOWS\System32\icuuc.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [28.5 Ko] - C:\WINDOWS\System32\id-ID [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [27 Ko] - C:\WINDOWS\System32\ig-NG [MD5.67B646C256190F118619C9D10AAE4B5C] - |A| - [12/04/2018 01:34:04] - (.-.) - [168 Ko] - (0.0.0.0) - C:\WINDOWS\System32\IHDS.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [25220 Ko] - C:\WINDOWS\System32\IME [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\System32\inetsrv [MD5.BB1480586B5C174900A1051CEB2B462F] - |A| - [12/04/2018 01:34:12] - (.-.) - [480.22 Ko] - (0.0.0.0) - C:\WINDOWS\System32\InputHost.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [6671.5 Ko] - C:\WINDOWS\System32\InputMethod [MD5.8DE9AE82152650C178BF1E24014E8503] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.25 Ko] - (0.0.0.0) - C:\WINDOWS\System32\InputSystemToastIcon.contrast-white.png [MD5.0B9FBD6F3ED617CD36D042D3422F1C2B] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\InputSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\System32\Ipmi [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29 Ko] - C:\WINDOWS\System32\is-IS [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [437 Ko] - C:\WINDOWS\System32\it-IT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [323.56 Ko] - C:\WINDOWS\System32\ja-jp [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [28.5 Ko] - C:\WINDOWS\System32\ka-GE [MD5.F2A46A097884ED624E83EDB21D6E7BA9] - |A| - [22/05/2018 13:13:22] - (.-.) - [118.55 Ko] - (0.0.0.0) - C:\WINDOWS\System32\kapp_ci.sbin [MD5.5BDC2CB17898FF2792C2F6E3D05F5CD4] - |A| - [22/05/2018 13:13:22] - (.-.) - [114.33 Ko] - (0.0.0.0) - C:\WINDOWS\System32\kapp_si.sbin [MD5.23AC7515B6D8A794BCC01B582F044078] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.82 Ko] - (0.0.0.0) - C:\WINDOWS\System32\KeyboardSystemToastIcon.contrast-white.png [MD5.3DF873E16CCEA9B42857FB5FA085CB00] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\KeyboardSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [28.5 Ko] - C:\WINDOWS\System32\kk-KZ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [28 Ko] - C:\WINDOWS\System32\km-KH [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [31.5 Ko] - C:\WINDOWS\System32\kn-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [301 Ko] - C:\WINDOWS\System32\ko-KR [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29 Ko] - C:\WINDOWS\System32\kok-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29.5 Ko] - C:\WINDOWS\System32\ku-Arab-IQ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [30 Ko] - C:\WINDOWS\System32\ky-KG [MD5.F0CC83E1BA7E24F9B3292160C28AECD7] - |A| - [12/04/2018 01:34:04] - (.-.) - [145.56 Ko] - (0.0.0.0) - C:\WINDOWS\System32\LargeRoom.bin [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [33 Ko] - C:\WINDOWS\System32\lb-LU [MD5.4F5120E44845A78D5920D2F0BDE0340F] - |A| - [12/04/2018 18:23:31] - (.-.) - [1953 Ko] - (2.6.4.0) - C:\WINDOWS\System32\libcrypto.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [559.86 Ko] - C:\WINDOWS\System32\Licenses [MD5.6FCFAF52ABBDB229A123A7402B2BC3E3] - |A| - [14/04/2018 06:15:24] - (.(C) 1998-2018 Logitech. - Logitech KMDF Co-Installer (UNICODE).) - [1810.62 Ko] - (5.92.28.0) - C:\WINDOWS\System32\LkmdfCoInst.dll [MD5.A2967AAEE6EA7EA7692A2DB737AD52E1] - |A| - [14/04/2018 06:15:28] - (.(C) 1998-2018 Logitech. - Logitech Bluetooth Co-Installer (UNICODE).) - [61.62 Ko] - (5.92.28.0) - C:\WINDOWS\System32\LMouFiltCoInst.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [27 Ko] - C:\WINDOWS\System32\lo-LA [MD5.10DA7720D2B8A683930DF25B9CAE4AA0] - |N| - [18/03/2017 22:59:09] - (.-.) - [30 Ko] - (0.0.0.0) - C:\WINDOWS\System32\LockdownUtil.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [2600.2 Ko] - C:\WINDOWS\System32\LogFiles [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [333 Ko] - C:\WINDOWS\System32\lt-LT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [331.5 Ko] - C:\WINDOWS\System32\lv-LV [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [58396.5 Ko] - C:\WINDOWS\System32\Macromed [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [32.68 Ko] - C:\WINDOWS\System32\MailContactsCalendarSync [MD5.7A495CA1402C2F9F5D035092AD808669] - |A| - [12/04/2018 01:35:23] - (.-.) - [0.85 Ko] - (0.0.0.0) - C:\WINDOWS\System32\manage-bde.wsf [MD5.F4A5486505D4BB71D68EB61F130BE629] - |A| - [13/01/2018 00:18:46] - (.Copyright (C) 2013 AMD Inc. - Mantle loader.) - [175.87 Ko] - (24.20.11016.4) - C:\WINDOWS\System32\mantle64.dll [MD5.B529752140B9070C8BD38A61703CE022] - |A| - [13/01/2018 00:18:52] - (.Copyright (C) 2013 AMD Inc. - Mantle extension library.) - [155.87 Ko] - (24.20.11016.4) - C:\WINDOWS\System32\mantleaxl64.dll [MD5.EC5A97EEE593020E935A7980257036DE] - |A| - [22/05/2018 12:05:55] - (.Copyright (c) 2006-2017 Creative Technology Ltd. - Creative Audio Processing Object Module.) - [1958.75 Ko] - (1.2.16.132) - C:\WINDOWS\System32\MBAPO264.dll [MD5.9F46840758431946CA096F8096B016B4] - |A| - [13/07/2018 08:18:44] - (.-.) - [790 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MBR2GPT.EXE [MD5.D45CFEB149B6856B6E2E529D3B737E23] - |A| - [22/05/2018 12:05:55] - (.Copyright (c) 2006-2010 Creative Technology Ltd. - Audio Processing Object Chaining Module.) - [400.42 Ko] - (1.0.0.270) - C:\WINDOWS\System32\MBWrp64.dll [MD5.F23EB28468FC8B62AF941308EC30387F] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.25 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediaSystemToastIcon.contrast-white.png [MD5.6E27512E38D598E0A60F8E5ADCF032CD] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.83 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediaSystemToastIcon.png [MD5.69D04DE701CF1E8CE69C65D1671D2B3F] - |A| - [12/04/2018 01:34:04] - (.-.) - [107.46 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediumRoom.bin [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29 Ko] - C:\WINDOWS\System32\mi-NZ [MD5.00000000000000000000000000000000] - |D| - [27/05/2018 22:34:01] - [2.79 Ko] - C:\WINDOWS\System32\Microsoft [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [6765.65 Ko] - C:\WINDOWS\System32\migration [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [47362.99 Ko] - C:\WINDOWS\System32\migwiz [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [30 Ko] - C:\WINDOWS\System32\mk-MK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [32.5 Ko] - C:\WINDOWS\System32\ml-IN [MD5.D225B2044789A6059344503C1AE33347] - |A| - [12/04/2018 01:34:29] - (.-.) - [3.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\mmc.exe.config [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [30.5 Ko] - C:\WINDOWS\System32\mn-MN [MD5.B43E43FFFDD0F06A6925C7C89594042B] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.35 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MouseSystemToastIcon.contrast-white.png [MD5.5D2F0D3E50BF1129D260AC1405FF2A18] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.06 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MouseSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29.5 Ko] - C:\WINDOWS\System32\mr-IN [MD5.00000000000000000000000000000000] - |D| - [22/05/2018 12:46:03] - [0 Ko] - C:\WINDOWS\System32\MRT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [30 Ko] - C:\WINDOWS\System32\ms-MY [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [45.5 Ko] - C:\WINDOWS\System32\MSDRM [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [4196.28 Ko] - C:\WINDOWS\System32\MsDtc [MD5.DF252F37880142ED5574C2BE4DADF5A7] - |A| - [16/04/2009 19:02:46] - (.-.) - [206 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MSVCRT10.DLL [MD5.DF252F37880142ED5574C2BE4DADF5A7] - |A| - [16/04/2009 19:03:46] - (.-.) - [206 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MSVCRT10.DLX [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [31 Ko] - C:\WINDOWS\System32\mt-MT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [19.15 Ko] - C:\WINDOWS\System32\MUI [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [34.35 Ko] - C:\WINDOWS\System32\my-mm [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [398 Ko] - C:\WINDOWS\System32\nb-NO [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [768 Ko] - C:\WINDOWS\System32\NDF [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [31.5 Ko] - C:\WINDOWS\System32\ne-NP [MD5.DF4FC545DE15A48EBA026053D0833D08] - |A| - [27/05/2018 21:36:07] - (.-.) - [36.78 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NetSetupMig.log [MD5.C146E873B22C3B300B21A859FE66C27A] - |A| - [12/04/2018 01:34:39] - (.-.) - [21.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NetTrace.PLA.Diagnostics.xml [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [51 Ko] - C:\WINDOWS\System32\networklist [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [427 Ko] - C:\WINDOWS\System32\nl-NL [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [28.5 Ko] - C:\WINDOWS\System32\nn-NO [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [30.5 Ko] - C:\WINDOWS\System32\nso-ZA [MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 01:38:21] - [3781.5 Ko] - C:\WINDOWS\System32\Nui [MD5.BED94E70C10EFF09AEF94D18CA7FF7F7] - |A| - [01/06/2018 20:03:44] - (.-.) - [7924.04 Ko] - (0.0.0.0) - C:\WINDOWS\System32\nvcoproc.bin [MD5.D2715E724478FAE559968916BD7DCADA] - |A| - [09/11/2017 03:57:28] - (.-.) - [47.27 Ko] - (0.0.0.0) - C:\WINDOWS\System32\nvinfo.pb [MD5.1F8E72D18D9DF680D0E0E5AA10ECA760] - |A| - [12/04/2018 01:38:28] - (.-.) - [16.94 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OEMDefaultAssociations.xml [MD5.F3DC097E834C1A11F2BEDFD429C644A9] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.41 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.contrast-black.png [MD5.BFE1CCA08FEFC8A3422F7DA615567D75] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.43 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.contrast-white.png [MD5.F3DC097E834C1A11F2BEDFD429C644A9] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.41 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [15786.16 Ko] - C:\WINDOWS\System32\oobe [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:32] - [3834.5 Ko] - C:\WINDOWS\System32\OpenSSH [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [32.5 Ko] - C:\WINDOWS\System32\or-IN [MD5.459FB33AA2114A28C5932FEAA115B072] - |A| - [12/04/2018 01:34:04] - (.-.) - [45.82 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OutdoorAudioEnvironment.bin [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [28.5 Ko] - C:\WINDOWS\System32\pa-Arab-PK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [30 Ko] - C:\WINDOWS\System32\pa-IN [MD5.874B0871DA3EC061D1BF30423C1E165B] - |A| - [12/04/2018 01:34:43] - (.-.) - [48.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PerceptionSimulationInput.exe [MD5.CEA997535E845EE480067E1DA0828736] - |A| - [12/04/2018 01:40:29] - (.-.) - [244.89 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc009.dat [MD5.6E07A62157AA1A98E7F56C0891B01B71] - |A| - [12/04/2018 18:19:23] - (.-.) - [276.41 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc00C.dat [MD5.1E60BC5E525063B96078DF17FBD3C4E1] - |A| - [12/04/2018 01:40:29] - (.-.) - [32.64 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd009.dat [MD5.9F9AF8517189B0D61B2615007E071084] - |A| - [12/04/2018 18:19:23] - (.-.) - [39.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd00C.dat [MD5.9BACAB042C7A8EC7510E592620446A87] - |A| - [12/04/2018 01:40:29] - (.-.) - [820.12 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh009.dat [MD5.AC5052B138DED727C9F2A455F8A4A49F] - |A| - [12/04/2018 18:19:23] - (.-.) - [1210.57 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh00C.dat [MD5.D553939D8E50627C5AC788E83A493F76] - |A| - [27/05/2018 21:41:02] - (.-.) - [5.8 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PerfStringBackup.INI [MD5.79D34E3B62076D4C875C748F5BE71ECA] - |A| - [12/04/2018 01:34:02] - (.-.) - [2.21 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PhoneSystemToastIcon.contrast-white.png [MD5.4D9495349D00D9AD907F227FF51F289F] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.92 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PhoneSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [424.5 Ko] - C:\WINDOWS\System32\pl-PL [MD5.007893E8374C766471239EB291BA8C17] - |A| - [12/04/2018 01:34:40] - (.-.) - [4.05 Ko] - (0.0.0.0) - C:\WINDOWS\System32\psmodulediscoveryprovider.mof [MD5.9C646924F625F373CE8A10BE15597004] - |A| - [12/06/2017 05:07:18] - (.AMD. - CoInstaller DLL.) - [103.98 Ko] - (1.0.5.9) - C:\WINDOWS\System32\pspcoins.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [427 Ko] - C:\WINDOWS\System32\pt-BR [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [422 Ko] - C:\WINDOWS\System32\pt-PT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [32.5 Ko] - C:\WINDOWS\System32\quc-Latn-GT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [30.5 Ko] - C:\WINDOWS\System32\quz-PE [MD5.02EE39F479A973500BFBDF04F90ECB92] - |A| - [13/01/2018 00:19:02] - (.(c) Advanced Micro Devices, Inc. - AMD RapidFire.) - [552.37 Ko] - (1.2.0.15) - C:\WINDOWS\System32\Rapidfire64.dll [MD5.947E7F6D531366925B4C5FD15D5B4BA6] - |A| - [13/01/2018 00:19:06] - (.(c) Advanced Micro Devices, Inc. - AMD Rapid Fire Server.) - [44.37 Ko] - (1.2.0.15) - C:\WINDOWS\System32\RapidFireServer64.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [23.75 Ko] - C:\WINDOWS\System32\ras [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\System32\RasToast [MD5.5BBEA6A833CAE2CAB5E400D757998BBF] - |A| - [27/05/2018 22:32:46] - (.-.) - [1907.5 Ko] - (1.0.1802.7001) - C:\WINDOWS\System32\rdpnano.dll [MD5.0BF1E2262C95164A0B244174167FBD85] - |A| - [12/04/2018 01:35:13] - (.Copyright (C) 2009 - RemoteFX Helper.) - [104.5 Ko] - (1.1.0.0) - C:\WINDOWS\System32\RDVGHelper.exe [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [386953.82 Ko] - C:\WINDOWS\System32\Recovery [MD5.826549DF7B1333179BA8CA939B12DAD3] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RemoteSystemToastIcon.contrast-white.png [MD5.B4DEEC96F9DF6961D5DE054F11BF9C2B] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.1 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RemoteSystemToastIcon.png [MD5.93915F385A4EED6C0FBEE364EA90CE56] - |A| - [12/04/2018 01:34:43] - (.-.) - [9.09 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriHMImageList [MD5.39A2449AFF6ABAD80B97EA7C7CEB3F8E] - |A| - [12/04/2018 01:34:43] - (.-.) - [8.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriImageList [MD5.831C579709F4761E4AB7053FCF4176EC] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.contrast-black.png [MD5.DF286186041C6BF73C5DC21CEEEFFED5] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.77 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.contrast-white.png [MD5.831C579709F4761E4AB7053FCF4176EC] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0.07 Ko] - C:\WINDOWS\System32\restore [MD5.C8BD787BF67C15A5EE268C7D02C6C498] - |A| - [22/05/2018 12:05:56] - (.© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DAA Control Panel x64.) - [314.17 Ko] - (6.0.6001.18) - C:\WINDOWS\System32\RP3DAA64.dll [MD5.959F8782540A70EFCC7392A8CA4B848E] - |A| - [22/05/2018 12:05:56] - (.© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DHT Control Panel x64.) - [314.17 Ko] - (6.0.6001.18) - C:\WINDOWS\System32\RP3DHT64.dll [MD5.4382212E0331AD59084E0540410B34C9] - |A| - [22/05/2018 12:05:57] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 COM DLL x64.) - [209.8 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEED64A.dll [MD5.24B84DF85FE8CA370798BEEC1F29FDA1] - |A| - [22/05/2018 12:05:57] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 GFX APO x64.) - [86.27 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEEG64A.dll [MD5.A464F3B13F8E0FAE1457F045F621F0FF] - |A| - [22/05/2018 12:05:57] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 LFX APO x64.) - [108.38 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEEL64A.dll [MD5.4C698ADD548A38528AEDEC790B12DB78] - |A| - [22/05/2018 12:05:57] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 Control Panel x64.) - [378.23 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEEP64A.dll [MD5.0F0CE558A9D992E8E0336E6ACB3FAF85] - |A| - [12/04/2018 01:34:04] - (.-.) - [51.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\runexehelper.exe [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29.5 Ko] - C:\WINDOWS\System32\rw-RW [MD5.56B23318DE09559AE0A7EA51F068AC3B] - |A| - [12/01/2018 23:40:40] - (.-.) - [150.77 Ko] - (0.0.0.0) - C:\WINDOWS\System32\samu_krnl_ci.sbin [MD5.A769B352B827590EA4CCAC16E6269E33] - |A| - [12/01/2018 23:40:40] - (.-.) - [135.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\samu_krnl_isv_ci.sbin [MD5.BE4936FC24948E7900778C41D5F24DD3] - |A| - [15/02/2016 21:02:16] - (.Copyright 2012 - Samsung Electronics.) - [228.87 Ko] - (1.0.0.6) - C:\WINDOWS\System32\SBuySupplies.exe [MD5.5C18CD22BE4628865FCB63337A6E5EF6] - |A| - [12/04/2018 01:35:22] - (.-.) - [10.18 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScavengeSpace.xml [MD5.2F24BC74DCB28FE032C1596755385917] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.contrast-black.png [MD5.E72B1B6800DE45AA9AE7E10F899E5999] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.54 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.contrast-white.png [MD5.2F24BC74DCB28FE032C1596755385917] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [30 Ko] - C:\WINDOWS\System32\sd-Arab-PK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [6.92 Ko] - C:\WINDOWS\System32\SecureBootUpdates [MD5.C57F4832E6CAF23A767815C5DB461866] - |A| - [13/01/2018 00:16:58] - (.Copyright (C) 2008-2018 Advanced Micro Devices, Inc. - ADL.) - [1458.97 Ko] - (24.20.12019.1010) - C:\WINDOWS\System32\SET428E.tmp [MD5.F45DFD99BB4D41C70250ADB32397CC0A] - |A| - [13/01/2018 00:16:58] - (.Copyright (C) 2008-2018 Advanced Micro Devices, Inc. - ADL.) - [1442.87 Ko] - (24.20.11016.4) - C:\WINDOWS\System32\SET5CB9.tmp [MD5.A8308D2F3DDE0745E8B678BF69A2ECD0] - |A| - [12/04/2018 01:34:39] - (.-.) - [8 Ko] - (0.0.0.0) - C:\WINDOWS\System32\settings.dat [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [2246 Ko] - C:\WINDOWS\System32\ShellExperiences [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [53.2 Ko] - C:\WINDOWS\System32\si-lk [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [339 Ko] - C:\WINDOWS\System32\sk-SK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [335.5 Ko] - C:\WINDOWS\System32\sl-SI [MD5.00000000000000000000000000000000] - |D| - [27/05/2018 21:36:06] - [88890.52 Ko] - C:\WINDOWS\System32\SleepStudy [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:19:20] - [52.14 Ko] - C:\WINDOWS\System32\slmgr [MD5.DAC275ABAAD2B689D7BB3685E4032072] - |A| - [12/04/2018 01:34:04] - (.-.) - [68.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SmallRoom.bin [MD5.00000000000000000000000000000000] - |D| - [11/04/2018 23:04:33] - [13441.02 Ko] - C:\WINDOWS\System32\SMI [MD5.55121989BE7B289813D419BA0FDEE8B7] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.contrast-black.png [MD5.E30B7D226E7B5B0EC2B9FC2316694ECC] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.88 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.contrast-white.png [MD5.55121989BE7B289813D419BA0FDEE8B7] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.png [MD5.DE3EAAF17BC934C77C4FC0C626EEA03B] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.48 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SpeakersSystemToastIcon.contrast-white.png [MD5.3308374DB8D20CFDA4D4204E2B5E559E] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.88 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SpeakersSystemToastIcon.png [MD5.3C238A27DD48D63F21CBB8AE6E4210BD] - |A| - [12/04/2018 01:34:41] - (.-.) - [37 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SpectrumSyncClient.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [7505.4 Ko] - C:\WINDOWS\System32\Speech [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [12300.37 Ko] - C:\WINDOWS\System32\Speech_OneCore [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [192047.14 Ko] - C:\WINDOWS\System32\spool [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [13117.46 Ko] - C:\WINDOWS\System32\spp [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [31.94 Ko] - C:\WINDOWS\System32\sppui [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [30.5 Ko] - C:\WINDOWS\System32\sq-AL [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29.5 Ko] - C:\WINDOWS\System32\sr-Cyrl-BA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29.5 Ko] - C:\WINDOWS\System32\sr-Cyrl-RS [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [337 Ko] - C:\WINDOWS\System32\sr-Latn-RS [MD5.2E00E08420875FAE0B173C6A34C2A575] - |A| - [27/05/2018 22:32:48] - (.-.) - [18.28 Ko] - (0.0.0.0) - C:\WINDOWS\System32\srms-apr.dat [MD5.4FD560E994EDF0353835F3F9F506A62C] - |A| - [13/07/2018 08:18:39] - (.-.) - [57.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\srms.dat [MD5.D2113D44F19096EEDD76CD3DDD188ADB] - |A| - [22/05/2018 12:05:59] - (.(c) 2007 SRS Labs, Inc. - COM object implementing SRS Headphone 360.) - [214.99 Ko] - (1.1.0.0) - C:\WINDOWS\System32\SRSHP64.dll [MD5.86BEF53CCFDC198100747B9D73B1850A] - |A| - [22/05/2018 12:05:59] - (.Copyright (c) 2006 SRS Labs, Inc.. - TruSurround HD and HD4 COM object for Windows.) - [216.77 Ko] - (1.1.4.0) - C:\WINDOWS\System32\SRSTSH64.dll [MD5.DC2B7D0BF6522F20BE5D0564FF73FB4F] - |A| - [22/05/2018 12:05:59] - (.Copyright 2002 SRS Labs, Inc. - TruSurroundXT Module.) - [519.9 Ko] - (3.2.0.0) - C:\WINDOWS\System32\SRSTSX64.dll [MD5.445626D653D4C6FA67196CECD8832D84] - |A| - [22/05/2018 12:05:59] - (.(c) 2006 SRS Labs, Inc. - WOW HD COM object for Windows.) - [162.3 Ko] - (1.1.3.0) - C:\WINDOWS\System32\SRSWOW64.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [34072 Ko] - C:\WINDOWS\System32\sru [MD5.4A0E4F3F234BF24F7657CF184AE77437] - |A| - [30/10/2014 08:59:42] - (.- Device Monitor.) - [85.5 Ko] - (1.6.2.0) - C:\WINDOWS\System32\ssdevm64.dll [MD5.8A02EF186BDC952CA75EFA689EC4F275] - |A| - [12/04/2018 01:34:04] - (.-.) - [434 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ssdm.dll [MD5.4B16688EDD7FF1E5B7EAC811E95438DC] - |A| - [30/10/2014 08:59:42] - (.Copyright Samsung Electronics 2001 - USB Device.) - [42.5 Ko] - (1.0.0.0) - C:\WINDOWS\System32\ssusbp64.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [406 Ko] - C:\WINDOWS\System32\sv-SE [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29 Ko] - C:\WINDOWS\System32\sw-KE [MD5.20C4FE2B130D9F0C92D7629E71AFBB66] - |A| - [12/04/2018 01:35:10] - (.-.) - [1.68 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SyncAppvPublishingServer.vbs [MD5.00000000000000000000000000000000] - |D| - [11/04/2018 23:04:37] - [1410.58 Ko] - C:\WINDOWS\System32\Sysprep [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [923.28 Ko] - C:\WINDOWS\System32\SystemResetPlatform [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [44.73 Ko] - C:\WINDOWS\System32\ta-in [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [10.73 Ko] - C:\WINDOWS\System32\ta-lk [MD5.9CD66B93520B6DD13C71EAEF487D7899] - |A| - [12/04/2018 01:34:16] - (.Copyright (c) libarchive authors - bsdtar archive tool.) - [49 Ko] - (3.3.2.0) - C:\WINDOWS\System32\tar.exe [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [571.11 Ko] - C:\WINDOWS\System32\Tasks [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [520.29 Ko] - C:\WINDOWS\System32\Tasks_Migrated [MD5.3FD03A130DAF033DFB0EB93228286810] - |A| - [15/08/2018 14:51:09] - (.-.) - [1.28 Ko] - (0.0.0.0) - C:\WINDOWS\System32\tcbres.wim [MD5.D602CA245CC6774A0981B607F0675609] - |A| - [12/04/2018 01:34:33] - (.-.) - [58.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\tcpmon.ini [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [30 Ko] - C:\WINDOWS\System32\te-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [32 Ko] - C:\WINDOWS\System32\tg-Cyrl-TJ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [308.5 Ko] - C:\WINDOWS\System32\th-TH [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [22.5 Ko] - C:\WINDOWS\System32\ti-ET [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [27.5 Ko] - C:\WINDOWS\System32\tk-TM [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [32.5 Ko] - C:\WINDOWS\System32\tn-ZA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [397 Ko] - C:\WINDOWS\System32\tr-TR [MD5.B88B8D017386A00D7724519F475317A0] - |A| - [12/04/2018 01:34:44] - (.-.) - [10.33 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlan.xslt [MD5.2F05390B798363D51EBE65D6320CD45E] - |A| - [12/04/2018 01:34:44] - (.-.) - [1.65 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlanCredentials.xslt [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [28.5 Ko] - C:\WINDOWS\System32\tt-RU [MD5.D200497DD3A24F138123F0EB6C385D1D] - |A| - [12/04/2018 01:35:10] - (.-.) - [0.14 Ko] - (0.0.0.0) - C:\WINDOWS\System32\UevAppMonitor.exe.config [MD5.4AAEE8D86EC81DA2A1514ABC77E71F57] - |A| - [12/04/2018 01:35:10] - (.-.) - [3.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\UevCustomActionTypes.tlb [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [28 Ko] - C:\WINDOWS\System32\ug-CN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [334.5 Ko] - C:\WINDOWS\System32\uk-UA [MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 01:38:21] - [2716.96 Ko] - C:\WINDOWS\System32\UNP [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29.5 Ko] - C:\WINDOWS\System32\ur-PK [MD5.87D70CBC98FE1DD581712EB999BFF276] - |A| - [15/02/2016 21:01:40] - (.Copyright (C) 2004 Co., Ltd. - SSCoInst.) - [96.02 Ko] - (1.0.0.4) - C:\WINDOWS\System32\us008ci.dll [MD5.0D7EFDE2DDE7D2D4EAF1EF406F483206] - |A| - [15/02/2016 21:02:16] - (.- UPD Co-Installer.) - [162.87 Ko] - (3.0.0.2) - C:\WINDOWS\System32\us008ci.exe [MD5.6E4186AAF7E33C57E93EA3B02C4B5E79] - |A| - [15/02/2016 21:01:54] - (.- Language Monitor for Status Monitor.) - [30.52 Ko] - (1.4.9.0) - C:\WINDOWS\System32\us008lm.dll [MD5.FC21BF5A1667FC745FE53D05DA4CB8A2] - |A| - [17/07/2018 17:38:41] - (.Copyright (C) 2004 Co., Ltd. - SSCoInst.) - [87.5 Ko] - (1.0.0.4) - C:\WINDOWS\System32\us013ci.dll [MD5.36B6FE3848FEB51F719389CA758278A2] - |A| - [17/07/2018 17:38:41] - (.- UPD Co-Installer.) - [154.31 Ko] - (3.0.0.2) - C:\WINDOWS\System32\us013ci.exe [MD5.DBAB523742E598670B37A65B16528CE1] - |A| - [17/07/2018 17:38:41] - (.- Language Monitor for Status Monitor.) - [22 Ko] - (1.4.9.0) - C:\WINDOWS\System32\us013lm.dll [MD5.5B0D59652F66ABB715DC53C312B26BD0] - |A| - [12/04/2018 01:34:14] - (.-.) - [37 Ko] - (0.0.0.0) - C:\WINDOWS\System32\UsbPmApi.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [32 Ko] - C:\WINDOWS\System32\uz-Latn-UZ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [31.5 Ko] - C:\WINDOWS\System32\vi-VN [MD5.08BD2F7A762134BF86645BBA219A6B98] - |A| - [14/09/2017 01:19:50] - (.Copyright (C) 2015-2017 - Vulkan Loader.) - [905.8 Ko] - (1.0.61.0) - C:\WINDOWS\System32\vulkan-1-1-0-61-0.dll [MD5.5450A69087D2F6955A253CB2BF86503C] - |A| - [09/12/2017 00:24:44] - (.Copyright (C) 2015-2017 - Vulkan Loader.) - [906.8 Ko] - (1.0.65.1) - C:\WINDOWS\System32\vulkan-1-1-0-65-1.dll [MD5.5BBC56240C406AC2615AEDA365DBE115] - |A| - [02/03/2018 04:03:42] - (.Copyright (C) 2015-2017 - Vulkan Loader.) - [937.8 Ko] - (1.1.70.0) - C:\WINDOWS\System32\vulkan-1-1-1-70-0.dll [MD5.5BBC56240C406AC2615AEDA365DBE115] - |A| - [22/05/2018 11:45:28] - (.Copyright (C) 2015-2017 - Vulkan Loader.) - [937.8 Ko] - (1.1.70.0) - C:\WINDOWS\System32\vulkan-1.dll [MD5.6DC78B9184771F60544B9D0CC42076B3] - |A| - [14/09/2017 01:19:38] - (.-.) - [577.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\vulkaninfo-1-1-0-61-0.exe [MD5.95253BF8F996BEA19BFA974F61277E87] - |A| - [09/12/2017 00:24:32] - (.-.) - [577.8 Ko] - (0.0.0.0) - C:\WINDOWS\System32\vulkaninfo-1-1-0-65-1.exe [MD5.4E08923AD6265C8E319EC93DCF68AD3C] - |A| - [02/03/2018 04:03:32] - (.-.) - [667.8 Ko] - (0.0.0.0) - C:\WINDOWS\System32\vulkaninfo-1-1-1-70-0.exe [MD5.4E08923AD6265C8E319EC93DCF68AD3C] - |A| - [22/05/2018 11:45:28] - (.-.) - [667.8 Ko] - (0.0.0.0) - C:\WINDOWS\System32\vulkaninfo.exe [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [91335.79 Ko] - C:\WINDOWS\System32\wbem [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:19:20] - [0 Ko] - C:\WINDOWS\System32\WCN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [119700.22 Ko] - C:\WINDOWS\System32\WDI [MD5.6EDD021A8B6457DDE09DE7B7FA4E8C8B] - |A| - [12/04/2018 01:34:19] - (.-.) - [0.6 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WdsUnattendTemplate.xml [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [1.12 Ko] - C:\WINDOWS\System32\WinBioDatabase [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [44134.66 Ko] - C:\WINDOWS\System32\WinBioPlugIns [MD5.9FB33FC28587B322B6563F73A8F0CBBD] - |A| - [12/04/2018 01:34:10] - (.-.) - [123 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WindowsDefaultHeatProcessor.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [10945.88 Ko] - C:\WINDOWS\System32\WindowsPowerShell [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [161476 Ko] - C:\WINDOWS\System32\winevt [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [5569.42 Ko] - C:\WINDOWS\System32\WinMetadata [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:19:20] - [107.53 Ko] - C:\WINDOWS\System32\winrm [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [27.5 Ko] - C:\WINDOWS\System32\wo-SN [MD5.C30C621748C66CE751B19B2788559A3E] - |A| - [12/04/2018 01:34:42] - (.-.) - [4.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpcmon.png [MD5.A853BF78DA5ED707FC4430FBEA74CC15] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpr.config.xml [MD5.DE198ABE13B6E663E60E006E17CF68B1] - |A| - [12/04/2018 01:34:06] - (.-.) - [79.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\xboxgipsynthetic.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [30 Ko] - C:\WINDOWS\System32\xh-ZA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29 Ko] - C:\WINDOWS\System32\yo-NG [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [290.49 Ko] - C:\WINDOWS\System32\zh-CN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [255 Ko] - C:\WINDOWS\System32\zh-TW [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [30 Ko] - C:\WINDOWS\System32\zu-ZA [MD5.845CA3BED77989EC9422318869500D82] - |A| - [16/04/2009 19:02:28] - (.Copyright © 1995 - _isreg32.) - [33 Ko] - (1.0.0.1) - C:\WINDOWS\System32\_ISREG32.DLL [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:19:20] - [0 Ko] - C:\WINDOWS\SysWOW64\0409 [MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [12/04/2018 01:34:49] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@AudioToastIcon.png [MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [12/04/2018 01:34:48] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@EnrollmentToastIcon.png [MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [12/04/2018 01:34:59] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@VpnToastIcon.png [MD5.DB71001FC261F6685BE410527DAE3942] - |A| - [12/04/2018 01:34:49] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@WirelessDisplayToast.png [MD5.00000000000000000000000000000000] - |D| - [11/04/2018 23:04:41] - [1900.9 Ko] - C:\WINDOWS\SysWOW64\AdvancedInstallers [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29.5 Ko] - C:\WINDOWS\SysWOW64\af-ZA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [22 Ko] - C:\WINDOWS\SysWOW64\am-ET [MD5.04FC4FEC7CE7E4FF802E8B183FA3B329] - |A| - [13/01/2018 00:14:46] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon AMD AVE Driver Component.) - [112.84 Ko] - (24.20.11016.4) - C:\WINDOWS\SysWOW64\amdave32.dll [MD5.E98EB1DEF4E50236353EF7C14D450158] - |A| - [13/01/2018 00:15:30] - (.-.) - [352.87 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\amdgfxinfo32.dll [MD5.E583F61B1BE101677B27C4AC905FFC18] - |A| - [13/01/2018 00:14:56] - (.Copyright (C) 2013 - Universal Adapter for Adobe.) - [160.04 Ko] - (24.20.11016.4) - C:\WINDOWS\SysWOW64\amdhcp32.dll [MD5.A38BCA00FE00189EA02E2496153BA91F] - |A| - [16/05/2018 15:25:54] - (.Copyright (C) 2018 Advanced Micro Devices, Inc. - AMD DVR.) - [123.88 Ko] - (1.0.0.0) - C:\WINDOWS\SysWOW64\amdihk32.dll [MD5.088D7EE33B0CEB5B835BC4D367E9D2E8] - |A| - [13/01/2018 00:15:36] - (.Advanced Micro Devices, Inc. Copyright (C) 2015 - LiquidVR SDK 1.0.) - [686.37 Ko] - (1.0.13.0) - C:\WINDOWS\SysWOW64\amdlvr32.dll [MD5.3B17D80AA4CBC28D2CACE76E5E894D1E] - |A| - [13/01/2018 00:15:46] - (.Copyright (c) 2013 Advanced Micro Devices, Inc. - Radeon MCL Universal Driver.) - [373.37 Ko] - (1.6.0.0) - C:\WINDOWS\SysWOW64\amdmcl32.dll [MD5.7CCA21DCFBCED7C341D30F02CF9D37F4] - |A| - [13/01/2018 00:15:06] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon PCOM Universal Driver.) - [99.6 Ko] - (24.20.11016.4) - C:\WINDOWS\SysWOW64\amdpcom32.dll [MD5.A1BBFA218CB6A5E5AF274B86763C6571] - |A| - [08/11/2017 01:21:30] - (.Copyright (c) 2013 - 2017 Advanced Micro Devices, Inc. - amdtee_api dll.) - [22.51 Ko] - (4.5.0.0) - C:\WINDOWS\SysWOW64\amdtee_api.dll [MD5.83EC26C96AA65234DE67237074EACD84] - |A| - [13/01/2018 00:16:30] - (.Copyright (C) 2014-2017 AMD Inc. - amdxcstub32.dll.) - [96.37 Ko] - (8.18.10.234) - C:\WINDOWS\SysWOW64\amdxc32.dll [MD5.CB3E9FA9DBA66FAD46A93D364A356323] - |A| - [13/01/2018 00:16:44] - (.Advanced Micro Devices, Inc. Copyright (C) 2017 - Advanced Media Framework.) - [2671.37 Ko] - (1.4.7.0) - C:\WINDOWS\SysWOW64\amfrt32.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\AppLocker [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [326.5 Ko] - C:\WINDOWS\SysWOW64\ar-SA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [30.5 Ko] - C:\WINDOWS\SysWOW64\as-IN [MD5.2191C4E7E66D198D75529776F4003089] - |A| - [13/01/2018 00:17:02] - (.Copyright (C) 2008-2018 Advanced Micro Devices, Inc. - ADL.) - [1043.37 Ko] - (24.20.11016.4) - C:\WINDOWS\SysWOW64\atiadlxx.dll [MD5.2191C4E7E66D198D75529776F4003089] - |A| - [13/01/2018 00:17:02] - (.Copyright (C) 2008-2018 Advanced Micro Devices, Inc. - ADL.) - [1043.37 Ko] - (24.20.11016.4) - C:\WINDOWS\SysWOW64\atiadlxy.dll [MD5.1DAF70F28AD1A5FA3843BF671588DBFA] - |A| - [12/01/2018 23:40:36] - (.-.) - [869.85 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\atiapfxx.blb [MD5.05A70A8EA67634CE39DCB7A9FFEB6D85] - |A| - [13/01/2018 00:17:18] - (.Copyright (C) 1998-2012 AMD Inc. - aticfxstub32.dll.) - [141.95 Ko] - (8.17.10.1613) - C:\WINDOWS\SysWOW64\aticfx32.dll [MD5.F2FB9E6B3A7526D0594B7D8F968C7861] - |A| - [13/01/2018 00:17:20] - (.-.) - [100.37 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\atidxx32.dll [MD5.606C3DFE481015BDB746B14BAD92EC6E] - |A| - [13/01/2018 00:17:26] - (.-.) - [326.86 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\atieah32.exe [MD5.8EDFABD7A94BD2E691F78C10FA470528] - |A| - [13/01/2018 00:17:48] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atigktxx.dll.) - [200.36 Ko] - (24.20.11016.4) - C:\WINDOWS\SysWOW64\atigktxx.dll [MD5.AFCDDB8894F6E1EBE4B594BCD97E6883] - |A| - [13/01/2018 00:15:38] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon PCOM Universal Driver.) - [99.6 Ko] - (24.20.11016.4) - C:\WINDOWS\SysWOW64\atimpc32.dll [MD5.DF160BCBA21A4519A9C8130831B33D30] - |A| - [13/01/2018 00:18:04] - (.Copyright (c) 2010 Advanced Micro Devices, Inc. - Radeon spu api dll.) - [129.87 Ko] - (24.20.11016.4) - C:\WINDOWS\SysWOW64\atisamu32.dll [MD5.919A94F188CFE0914330B0F423A25510] - |A| - [12/01/2018 23:40:38] - (.-.) - [3390.02 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\atiumdva.cap [MD5.7C163EDE63854539828F5B2C1BC529FD] - |A| - [12/01/2018 23:40:38] - (.-.) - [153.46 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\ativvsva.dat [MD5.219D7091DD1D93728392337FE9C7ADD6] - |A| - [12/01/2018 23:40:38] - (.-.) - [200.15 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\ativvsvl.dat [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [30 Ko] - C:\WINDOWS\SysWOW64\az-Latn-AZ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29.5 Ko] - C:\WINDOWS\SysWOW64\be-BY [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [324 Ko] - C:\WINDOWS\SysWOW64\bg-BG [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [28.5 Ko] - C:\WINDOWS\SysWOW64\bn-BD [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29.5 Ko] - C:\WINDOWS\SysWOW64\bn-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [28.5 Ko] - C:\WINDOWS\SysWOW64\bs-Latn-BA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0.1 Ko] - C:\WINDOWS\SysWOW64\Bthprops [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [30.5 Ko] - C:\WINDOWS\SysWOW64\ca-ES [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [31 Ko] - C:\WINDOWS\SysWOW64\ca-ES-valencia [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\catroot [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [23 Ko] - C:\WINDOWS\SysWOW64\chr-CHER-US [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [320.5 Ko] - C:\WINDOWS\SysWOW64\com [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [8.87 Ko] - C:\WINDOWS\SysWOW64\config [MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 01:38:21] - [53.11 Ko] - C:\WINDOWS\SysWOW64\Configuration [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [382 Ko] - C:\WINDOWS\SysWOW64\cs-CZ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [31.5 Ko] - C:\WINDOWS\SysWOW64\cy-GB [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [379 Ko] - C:\WINDOWS\SysWOW64\da-DK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [430.5 Ko] - C:\WINDOWS\SysWOW64\de-DE [MD5.C04ED7B2794D40E8E777FD44ED44FC50] - |A| - [12/04/2018 01:34:46] - (.-.) - [0.36 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\DefaultAccountTile.png [MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 01:38:21] - [205 Ko] - C:\WINDOWS\SysWOW64\DiagSvcs [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [7783.23 Ko] - C:\WINDOWS\SysWOW64\Dism [MD5.B1DE81FF5D362BCAEC51316175FB5E39] - |N| - [17/07/2018 17:38:41] - (.Copyright (C) 2014 - DlgSearchEngine Dynamic Link Library.) - [2045.5 Ko] - (1.1.0.31) - C:\WINDOWS\SysWOW64\DlgSearchEngine.dll [MD5.8FEDF6B8FF7972AC1B315183E1FF033A] - |A| - [13/01/2018 00:18:28] - (.-.) - [356.87 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\GameManager32.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [34 Ko] - C:\WINDOWS\SysWOW64\gd-GB [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [31 Ko] - C:\WINDOWS\SysWOW64\gl-ES [MD5.1E91815C329345AD54FE08BF7A98F749] - |A| - [12/04/2018 18:19:56] - (.Copyright (C) 2017 - Gracenote SDK component.) - [4073.5 Ko] - (3.10.5.5585) - C:\WINDOWS\SysWOW64\gnsdk_fp.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\GroupPolicy [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\GroupPolicyUsers [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29 Ko] - C:\WINDOWS\SysWOW64\gu-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29 Ko] - C:\WINDOWS\SysWOW64\ha-Latn-NG [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [309.5 Ko] - C:\WINDOWS\SysWOW64\he-IL [MD5.B4242227EAA6B910E3D0B985816DB2E7] - |A| - [12/04/2018 01:34:45] - (.-.) - [218 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\HeatCore.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29 Ko] - C:\WINDOWS\SysWOW64\hi-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [314.5 Ko] - C:\WINDOWS\SysWOW64\hr-HR [MD5.A6EDCA765DB2F72E5845DC83C58C63EF] - |A| - [13/01/2018 00:18:36] - (.-.) - [236.37 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\hsa-thunk.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [389.5 Ko] - C:\WINDOWS\SysWOW64\hu-HU [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [27.5 Ko] - C:\WINDOWS\SysWOW64\hy-AM [MD5.D55C4338DE29B2E9E025AAE3E61C7A58] - |A| - [16/04/2009 19:03:38] - (.Copyright 1998 - icmfilter Module.) - [56 Ko] - (1.0.0.1) - C:\WINDOWS\SysWOW64\icmfilter.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [36.27 Ko] - C:\WINDOWS\SysWOW64\icsxml [MD5.17F5D3282D520EB2EA7C488AA6C57438] - |RA| - [12/04/2018 01:34:47] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU I18N DLL.) - [1594 Ko] - (59.1.0.0) - C:\WINDOWS\SysWOW64\icuin.dll [MD5.A456E020684366A0DB0714ABFB1B5A2A] - |RA| - [12/04/2018 01:34:47] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Common DLL.) - [1134 Ko] - (59.1.0.0) - C:\WINDOWS\SysWOW64\icuuc.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [28.5 Ko] - C:\WINDOWS\SysWOW64\id-ID [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [27 Ko] - C:\WINDOWS\SysWOW64\ig-NG [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [20757.55 Ko] - C:\WINDOWS\SysWOW64\IME [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\inetsrv [MD5.9DDE110E76DD3D7FAA7282361069528E] - |A| - [12/04/2018 01:34:47] - (.-.) - [355.66 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\InputHost.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [215.5 Ko] - C:\WINDOWS\SysWOW64\InputMethod [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [1160 Ko] - C:\WINDOWS\SysWOW64\InstallShield [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\Ipmi [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29 Ko] - C:\WINDOWS\SysWOW64\is-IS [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [410.5 Ko] - C:\WINDOWS\SysWOW64\it-IT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [288 Ko] - C:\WINDOWS\SysWOW64\ja-JP [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [28.5 Ko] - C:\WINDOWS\SysWOW64\ka-GE [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [28.5 Ko] - C:\WINDOWS\SysWOW64\kk-KZ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [28 Ko] - C:\WINDOWS\SysWOW64\km-KH [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [31.5 Ko] - C:\WINDOWS\SysWOW64\kn-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [283.5 Ko] - C:\WINDOWS\SysWOW64\ko-KR [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29 Ko] - C:\WINDOWS\SysWOW64\kok-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29.5 Ko] - C:\WINDOWS\SysWOW64\ku-Arab-IQ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [30 Ko] - C:\WINDOWS\SysWOW64\ky-KG [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [33 Ko] - C:\WINDOWS\SysWOW64\lb-LU [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [559.86 Ko] - C:\WINDOWS\SysWOW64\Licenses [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [27 Ko] - C:\WINDOWS\SysWOW64\lo-LA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\LogFiles [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [313 Ko] - C:\WINDOWS\SysWOW64\lt-LT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [311.5 Ko] - C:\WINDOWS\SysWOW64\lv-LV [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [50437.25 Ko] - C:\WINDOWS\SysWOW64\Macromed [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [32.68 Ko] - C:\WINDOWS\SysWOW64\MailContactsCalendarSync [MD5.A20197041C70A45A218AE317E5A350B2] - |A| - [13/01/2018 00:18:42] - (.Copyright (C) 2013 AMD Inc. - Mantle loader.) - [146.87 Ko] - (24.20.11016.4) - C:\WINDOWS\SysWOW64\mantle32.dll [MD5.80B3BF688D5E76D8B6120885F7A53A1A] - |A| - [13/01/2018 00:18:46] - (.Copyright (C) 2013 AMD Inc. - Mantle extension library.) - [131.87 Ko] - (24.20.11016.4) - C:\WINDOWS\SysWOW64\mantleaxl32.dll [MD5.142CEA080899BA8A1AD23D2E54E7934B] - |A| - [22/05/2018 12:05:55] - (.Copyright (c) 2006-2017 Creative Technology Ltd. - Creative Audio Processing Object Module.) - [1705.27 Ko] - (1.2.16.132) - C:\WINDOWS\SysWOW64\MBAPO232.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29 Ko] - C:\WINDOWS\SysWOW64\mi-NZ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [2984.42 Ko] - C:\WINDOWS\SysWOW64\migration [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [827.4 Ko] - C:\WINDOWS\SysWOW64\migwiz [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [30 Ko] - C:\WINDOWS\SysWOW64\mk-MK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [32.5 Ko] - C:\WINDOWS\SysWOW64\ml-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [30.5 Ko] - C:\WINDOWS\SysWOW64\mn-MN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29.5 Ko] - C:\WINDOWS\SysWOW64\mr-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [30 Ko] - C:\WINDOWS\SysWOW64\ms-MY [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [45.5 Ko] - C:\WINDOWS\SysWOW64\MSDRM [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [52.28 Ko] - C:\WINDOWS\SysWOW64\Msdtc [MD5.DF252F37880142ED5574C2BE4DADF5A7] - |A| - [16/04/2009 19:02:46] - (.-.) - [206 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\MSVCRT10.DLL [MD5.DF252F37880142ED5574C2BE4DADF5A7] - |A| - [16/04/2009 19:03:46] - (.-.) - [206 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\MSVCRT10.DLX [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [31 Ko] - C:\WINDOWS\SysWOW64\mt-MT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [19.15 Ko] - C:\WINDOWS\SysWOW64\MUI [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [374 Ko] - C:\WINDOWS\SysWOW64\nb-NO [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\NDF [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [31.5 Ko] - C:\WINDOWS\SysWOW64\ne-NP [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [51 Ko] - C:\WINDOWS\SysWOW64\networklist [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [400.5 Ko] - C:\WINDOWS\SysWOW64\nl-NL [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [28.5 Ko] - C:\WINDOWS\SysWOW64\nn-NO [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [30.5 Ko] - C:\WINDOWS\SysWOW64\nso-ZA [MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 01:38:21] - [3781.5 Ko] - C:\WINDOWS\SysWOW64\Nui [MD5.B3B9C8925432FDA674ACCA908FE3CFDE] - |A| - [12/04/2018 01:34:02] - (.-.) - [36.79 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\OneDrive.ico [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [685.69 Ko] - C:\WINDOWS\SysWOW64\oobe [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [32.5 Ko] - C:\WINDOWS\SysWOW64\or-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [28.5 Ko] - C:\WINDOWS\SysWOW64\pa-Arab-PK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [30 Ko] - C:\WINDOWS\SysWOW64\pa-IN [MD5.A75097E4F1362589CACA3847336BCF46] - |A| - [16/07/2018 23:28:01] - (.-.) - [5.74 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\PerfStringBackup.INI [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [397.5 Ko] - C:\WINDOWS\SysWOW64\pl-PL [MD5.36DA0BE98B0E486AB5DE5F027E5D4221] - |A| - [13/01/2018 00:18:58] - (.(c) Advanced Micro Devices, Inc. - AMD RapidFire.) - [465.37 Ko] - (1.2.0.15) - C:\WINDOWS\SysWOW64\Rapidfire.dll [MD5.0950B2B3811294CEDA696113A57E6B4C] - |A| - [13/01/2018 00:19:02] - (.(c) Advanced Micro Devices, Inc. - AMD Rapid Fire Server.) - [41.37 Ko] - (1.2.0.15) - C:\WINDOWS\SysWOW64\RapidFireServer.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [23.75 Ko] - C:\WINDOWS\SysWOW64\ras [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\RasToast [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0.82 Ko] - C:\WINDOWS\SysWOW64\Recovery [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\restore [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [321 Ko] - C:\WINDOWS\SysWOW64\ro-RO [MD5.00000000000000000000000000000000] - |D| - [22/05/2018 12:06:07] - [2205.07 Ko] - C:\WINDOWS\SysWOW64\RTCOM [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [391 Ko] - C:\WINDOWS\SysWOW64\ru-RU [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29.5 Ko] - C:\WINDOWS\SysWOW64\rw-RW [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [30 Ko] - C:\WINDOWS\SysWOW64\sd-Arab-PK [MD5.7753FC56F9CAC4B5AFDA3196DB654F21] - |A| - [17/07/2018 17:06:19] - (.Copyright © 2004-2010 MAPILab Ltd. & Add-in Express Ltd. - Security Manager Component for Microsoft Outlook allows to turn off and on Outlook Object Model Security Guard.) - [141.27 Ko] - (3.0.0.0) - C:\WINDOWS\SysWOW64\secman.dll [MD5.ED754C385305A0E05BE0CFC265BD68C8] - |A| - [13/01/2018 00:17:02] - (.Copyright (C) 2008-2018 Advanced Micro Devices, Inc. - ADL.) - [1053.98 Ko] - (24.20.12019.1010) - C:\WINDOWS\SysWOW64\SET449B.tmp [MD5.2191C4E7E66D198D75529776F4003089] - |A| - [13/01/2018 00:17:02] - (.Copyright (C) 2008-2018 Advanced Micro Devices, Inc. - ADL.) - [1043.37 Ko] - (24.20.11016.4) - C:\WINDOWS\SysWOW64\SET5DBD.tmp [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29.5 Ko] - C:\WINDOWS\SysWOW64\si-LK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [316.5 Ko] - C:\WINDOWS\SysWOW64\sk-SK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [314.5 Ko] - C:\WINDOWS\SysWOW64\sl-SI [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:19:21] - [52.14 Ko] - C:\WINDOWS\SysWOW64\slmgr [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\SMI [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [4133.4 Ko] - C:\WINDOWS\SysWOW64\Speech [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [9020.82 Ko] - C:\WINDOWS\SysWOW64\Speech_OneCore [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [1772.09 Ko] - C:\WINDOWS\SysWOW64\spp [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [31.94 Ko] - C:\WINDOWS\SysWOW64\sppui [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [30.5 Ko] - C:\WINDOWS\SysWOW64\sq-AL [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29.5 Ko] - C:\WINDOWS\SysWOW64\sr-Cyrl-BA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29.5 Ko] - C:\WINDOWS\SysWOW64\sr-Cyrl-RS [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [316.5 Ko] - C:\WINDOWS\SysWOW64\sr-Latn-RS [MD5.2E00E08420875FAE0B173C6A34C2A575] - |A| - [27/05/2018 22:32:49] - (.-.) - [18.28 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\srms-apr.dat [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\sru [MD5.A96D4F5EE92301ABCF9B614B6359D2AF] - |A| - [30/10/2014 08:59:42] - (.- Device Monitor.) - [92 Ko] - (1.6.2.0) - C:\WINDOWS\SysWOW64\ssdevm.dll [MD5.DC2DB04CA829CAD7910CE71263F68C90] - |A| - [12/04/2018 01:34:45] - (.-.) - [321.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\ssdm.dll [MD5.D7F4BAF51DBEE3DC9EAF51BEE5B8F94B] - |A| - [30/10/2014 08:59:42] - (.Copyright Samsung Electronics 2001 - USB Device.) - [48 Ko] - (0.6.0.0) - C:\WINDOWS\SysWOW64\ssusbpn.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [381.5 Ko] - C:\WINDOWS\SysWOW64\sv-SE [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29 Ko] - C:\WINDOWS\SysWOW64\sw-KE [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:19:21] - [0 Ko] - C:\WINDOWS\SysWOW64\sysprep [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [34 Ko] - C:\WINDOWS\SysWOW64\ta-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\Tasks [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [30 Ko] - C:\WINDOWS\SysWOW64\te-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [32 Ko] - C:\WINDOWS\SysWOW64\tg-Cyrl-TJ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [289.5 Ko] - C:\WINDOWS\SysWOW64\th-TH [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [22.5 Ko] - C:\WINDOWS\SysWOW64\ti-ET [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [27.5 Ko] - C:\WINDOWS\SysWOW64\tk-TM [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [32.5 Ko] - C:\WINDOWS\SysWOW64\tn-ZA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [372.5 Ko] - C:\WINDOWS\SysWOW64\tr-TR [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [28.5 Ko] - C:\WINDOWS\SysWOW64\tt-RU [MD5.01E96A85B337B702AE2BC7F838AE7B65] - |A| - [12/04/2018 01:35:13] - (.-.) - [3.34 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\UevCustomActionTypes.tlb [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [28 Ko] - C:\WINDOWS\SysWOW64\ug-CN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [314 Ko] - C:\WINDOWS\SysWOW64\uk-UA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29.5 Ko] - C:\WINDOWS\SysWOW64\ur-PK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [32 Ko] - C:\WINDOWS\SysWOW64\uz-Latn-UZ [MD5.CC7C694B2BD1510C5AAE7374A5B52B92] - |A| - [03/02/1999 07:45:42] - (.-.) - [26.46 Ko] - (2.0.0.5215) - C:\WINDOWS\SysWOW64\VBAFR32.OLB [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [31.5 Ko] - C:\WINDOWS\SysWOW64\vi-VN [MD5.15D2B42B2348686B01B751B29E7CCE1F] - |A| - [12/04/2018 01:35:13] - (.-.) - [33.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\vmstaging.dll [MD5.4687C05E2980F0FA45AD49BB5805CBDA] - |A| - [14/09/2017 01:20:30] - (.Copyright (C) 2015-2017 - Vulkan Loader.) - [779.3 Ko] - (1.0.61.0) - C:\WINDOWS\SysWOW64\vulkan-1-1-0-61-0.dll [MD5.ECAD282D3035068CFB021D159C91B514] - |A| - [09/12/2017 00:25:12] - (.Copyright (C) 2015-2017 - Vulkan Loader.) - [779.8 Ko] - (1.0.65.1) - C:\WINDOWS\SysWOW64\vulkan-1-1-0-65-1.dll [MD5.768180716EE376D2FD512DAF4ABFAE1E] - |A| - [02/03/2018 04:04:08] - (.Copyright (C) 2015-2017 - Vulkan Loader.) - [808.8 Ko] - (1.1.70.0) - C:\WINDOWS\SysWOW64\vulkan-1-1-1-70-0.dll [MD5.768180716EE376D2FD512DAF4ABFAE1E] - |A| - [22/05/2018 11:45:28] - (.Copyright (C) 2015-2017 - Vulkan Loader.) - [808.8 Ko] - (1.1.70.0) - C:\WINDOWS\SysWOW64\vulkan-1.dll [MD5.03DEC18E91E9EEFC96FEEFB61C40F8A1] - |A| - [14/09/2017 01:20:14] - (.-.) - [478.8 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\vulkaninfo-1-1-0-61-0.exe [MD5.35065D5FFEFB6886F77AA6A7E5DF901B] - |A| - [09/12/2017 00:25:00] - (.-.) - [479.3 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\vulkaninfo-1-1-0-65-1.exe [MD5.1C72AB64394A2DAE512A701B1F574F3D] - |A| - [02/03/2018 04:03:58] - (.-.) - [562.3 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\vulkaninfo-1-1-1-70-0.exe [MD5.1C72AB64394A2DAE512A701B1F574F3D] - |A| - [22/05/2018 11:45:28] - (.-.) - [562.3 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\vulkaninfo.exe [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [17270.82 Ko] - C:\WINDOWS\SysWOW64\wbem [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:19:21] - [0 Ko] - C:\WINDOWS\SysWOW64\WCN [MD5.F8A04B2ADF9693ADF0D70B966CA4498E] - |A| - [12/04/2018 01:34:45] - (.-.) - [109 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\WindowsDefaultHeatProcessor.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [10271.69 Ko] - C:\WINDOWS\SysWOW64\WindowsPowerShell [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [5569.41 Ko] - C:\WINDOWS\SysWOW64\WinMetadata [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:19:21] - [107.53 Ko] - C:\WINDOWS\SysWOW64\winrm [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [27.5 Ko] - C:\WINDOWS\SysWOW64\wo-SN [MD5.62236256C14EBAB96F24E4F1D7049CA8] - |A| - [12/04/2018 01:34:45] - (.-.) - [54.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\xboxgipsynthetic.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [30 Ko] - C:\WINDOWS\SysWOW64\xh-ZA [MD5.00000000000000000000000000000000] - |D| - [05/07/2018 14:55:53] - [10.16 Ko] - C:\WINDOWS\SysWOW64\XPSViewer [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29 Ko] - C:\WINDOWS\SysWOW64\yo-NG [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [245.5 Ko] - C:\WINDOWS\SysWOW64\zh-CN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [240.5 Ko] - C:\WINDOWS\SysWOW64\zh-TW [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [30 Ko] - C:\WINDOWS\SysWOW64\zu-ZA [MD5.845CA3BED77989EC9422318869500D82] - |A| - [16/04/2009 19:02:28] - (.Copyright © 1995 - _isreg32.) - [33 Ko] - (1.0.0.1) - C:\WINDOWS\SysWOW64\_ISREG32.DLL ---------- | Shell Folders [HKU\S-1-5-21-2641057836-2379893348-9070863-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] "!Do not use this registry key"=Use the SHGetFolderPath or SHGetKnownFolderPath function instead "AppData"=C:\Users\Sophie\AppData\Roaming [27/05/2018 21:37:17] "Local AppData"=C:\Users\Sophie\AppData\Local [27/05/2018 21:37:17] "CD Burning"=C:\Users\Sophie\AppData\Local\Microsoft\Windows\Burn\Burn [27/05/2018 22:21:19] "{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"=C:\Users\Sophie\AppData\Roaming\Microsoft\Windows\Libraries [22/05/2018 18:17:33] "My Video"=C:\Users\Sophie\Videos [22/05/2018 18:17:00] "My Pictures"=D:\Images [29/10/2011 23:13:09] "Desktop"=D:\Bureau [30/10/2011 11:00:50] "History"=C:\Users\Sophie\AppData\Local\Microsoft\Windows\History [22/05/2018 18:17:00] "NetHood"=C:\Users\Sophie\AppData\Roaming\Microsoft\Windows\Network Shortcuts [27/05/2018 21:37:17] "{56784854-C6CB-462B-8169-88E350ACB882}"=C:\Users\Sophie\Contacts [22/05/2018 18:17:33] "{00BCFC5A-ED94-4E48-96A1-3F6217F21990}"=C:\Users\Sophie\AppData\Local\Microsoft\Windows\RoamingTiles [22/05/2018 18:17:33] "Cookies"=C:\Users\Sophie\AppData\Local\Microsoft\Windows\INetCookies [22/05/2018 18:17:00] "Favorites"=C:\Users\Sophie\Favorites [22/05/2018 18:17:00] "SendTo"=C:\Users\Sophie\AppData\Roaming\Microsoft\Windows\SendTo [22/05/2018 18:17:00] "Start Menu"=C:\Users\Sophie\AppData\Roaming\Microsoft\Windows\Start Menu [22/05/2018 18:17:00] "My Music"=C:\Users\Sophie\Music [22/05/2018 18:17:00] "Programs"=C:\Users\Sophie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [22/05/2018 18:17:00] "Recent"=C:\Users\Sophie\AppData\Roaming\Microsoft\Windows\Recent [22/05/2018 18:17:00] "PrintHood"=C:\Users\Sophie\AppData\Roaming\Microsoft\Windows\Printer Shortcuts [27/05/2018 21:37:17] "{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}"=C:\Users\Sophie\Searches [22/05/2018 18:17:33] "{374DE290-123F-4565-9164-39C4925E467B}"=D:\Téléchargements [24/07/2013 13:56:45] "{A520A1A4-1780-4FF6-BD18-167343C5AF16}"=C:\Users\Sophie\AppData\LocalLow [22/05/2018 18:17:00] "Startup"=C:\Users\Sophie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [22/05/2018 18:17:33] "Administrative Tools"=C:\Users\Sophie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [22/05/2018 18:17:33] "Personal"=D:\Documents [29/10/2011 19:22:34] "{BFB9D5E0-C6A9-404C-B2B2-AE6DB6AF4968}"=C:\Users\Sophie\Links [22/05/2018 18:17:00] "Cache"=C:\Users\Sophie\AppData\Local\Microsoft\Windows\INetCache [27/05/2018 21:37:17] "Templates"=C:\Users\Sophie\AppData\Roaming\Microsoft\Windows\Templates [27/05/2018 21:37:17] "{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}"=C:\Users\Sophie\Saved Games [22/05/2018 18:17:00] "Fonts"=C:\WINDOWS\Fonts [12/04/2018 01:38:21] [HKU\S-1-5-21-2641057836-2379893348-9070863-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders] "AppData"=%USERPROFILE%\AppData\Roaming "Cache"=%USERPROFILE%\AppData\Local\Microsoft\Windows\INetCache "Cookies"=%USERPROFILE%\AppData\Local\Microsoft\Windows\INetCookies "Favorites"=%USERPROFILE%\Favorites "History"=%USERPROFILE%\AppData\Local\Microsoft\Windows\History "Local AppData"=%USERPROFILE%\AppData\Local "My Music"=%USERPROFILE%\Music "My Video"=%USERPROFILE%\Videos "NetHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Network Shortcuts "PrintHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Printer Shortcuts "Programs"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs "Recent"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Recent "SendTo"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\SendTo "Start Menu"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu "Startup"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup "Templates"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Templates "{374DE290-123F-4565-9164-39C4925E467B}"=D:\Téléchargements [24/07/2013 13:56:45] "Desktop"=D:\Bureau [30/10/2011 11:00:50] "My Pictures"=D:\Images [29/10/2011 23:13:09] "Personal"=D:\Documents [29/10/2011 19:22:34] "{F42EE2D3-909F-4907-8871-4C22FC0BF756}"=D:\Documents [29/10/2011 19:22:34] "{0DDD015D-B06C-45D5-8C4C-F59713854639}"=D:\Images [29/10/2011 23:13:09] "{7D83EE9B-2244-4E70-B1F5-5393042AF1E4}"=D:\Téléchargements [24/07/2013 13:56:45] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] "Common Administrative Tools"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [12/04/2018 01:38:20] "Common AppData"=C:\ProgramData [12/04/2018 01:38:20] "Common Desktop"=C:\Users\Public\Desktop [18/03/2017 23:03:29] "Common Documents"=C:\Users\Public\Documents [18/03/2017 23:03:29] "Common Programs"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs [12/04/2018 01:38:20] "Common Start Menu"=C:\ProgramData\Microsoft\Windows\Start Menu [12/04/2018 01:38:20] "Common Startup"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [12/04/2018 01:38:20] "Common Templates"=C:\ProgramData\Microsoft\Windows\Templates [18/03/2017 23:03:29] "CommonMusic"=C:\Users\Public\Music [18/03/2017 23:03:29] "CommonPictures"=C:\Users\Public\Pictures [18/03/2017 23:03:29] "CommonVideo"=C:\Users\Public\Videos [18/03/2017 23:03:29] "OEM Links"=C:\ProgramData\OEM\Links [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders] "Common AppData"=%ProgramData% "Common Desktop"=%PUBLIC%\Desktop "Common Documents"=%PUBLIC%\Documents "Common Programs"=%ProgramData%\Microsoft\Windows\Start Menu\Programs "Common Start Menu"=%ProgramData%\Microsoft\Windows\Start Menu "Common Startup"=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup "Common Templates"=%ProgramData%\Microsoft\Windows\Templates "CommonMusic"=%PUBLIC%\Music "CommonPictures"=%PUBLIC%\Pictures "CommonVideo"=%PUBLIC%\Videos "{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"=%PUBLIC%\Downloads [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] "Common Administrative Tools"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [12/04/2018 01:38:20] "Common AppData"=C:\ProgramData [12/04/2018 01:38:20] "Common Desktop"=C:\Users\Public\Desktop [18/03/2017 23:03:29] "Common Documents"=C:\Users\Public\Documents [18/03/2017 23:03:29] "Common Programs"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs [12/04/2018 01:38:20] "Common Start Menu"=C:\ProgramData\Microsoft\Windows\Start Menu [12/04/2018 01:38:20] "Common Startup"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [12/04/2018 01:38:20] "Common Templates"=C:\ProgramData\Microsoft\Windows\Templates [18/03/2017 23:03:29] "CommonMusic"=C:\Users\Public\Music [18/03/2017 23:03:29] "CommonPictures"=C:\Users\Public\Pictures [18/03/2017 23:03:29] "CommonVideo"=C:\Users\Public\Videos [18/03/2017 23:03:29] "OEM Links"=C:\ProgramData\OEM\Links [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders] "Common AppData"=%ProgramData% "Common Desktop"=%PUBLIC%\Desktop "Common Documents"=%PUBLIC%\Documents "Common Programs"=%ProgramData%\Microsoft\Windows\Start Menu\Programs "Common Start Menu"=%ProgramData%\Microsoft\Windows\Start Menu "Common Startup"=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup "Common Templates"=%ProgramData%\Microsoft\Windows\Templates "CommonMusic"=%PUBLIC%\Music "CommonPictures"=%PUBLIC%\Pictures "CommonVideo"=%PUBLIC%\Videos "{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"=%PUBLIC%\Downloads ---------- | [Public] [22/05/2018 18:17:33] - |RHD| - [196] - C:\Users\Public\AccountPictures [18/03/2017 23:03:29] - |RHD| - [8887] - C:\Users\Public\Desktop [12/04/2018 01:38:24] - |ASH| - [174] - C:\Users\Public\desktop.ini [18/03/2017 23:03:29] - |RD| - [278] - C:\Users\Public\Documents [18/03/2017 23:03:29] - |RD| - [174] - C:\Users\Public\Downloads [12/04/2018 01:38:20] - |RHD| - [1135] - C:\Users\Public\Libraries [18/03/2017 23:03:29] - |RD| - [380] - C:\Users\Public\Music [18/03/2017 23:03:29] - |RD| - [1263209] - C:\Users\Public\Pictures [18/03/2017 23:03:29] - |RD| - [380] - C:\Users\Public\Videos ---------- | [Sophie] [28/08/2018 18:09:59] - |D| - [5951518] - C:\Users\Sophie\.ebookreader [27/05/2018 22:17:56] - |RD| - [298] - C:\Users\Sophie\3D Objects [27/05/2018 21:37:17] - |HD| - [3843662751] - C:\Users\Sophie\AppData [27/05/2018 21:37:17] - |SHD| - [0] - C:\Users\Sophie\Application Data [22/05/2018 18:17:33] - |RD| - [412] - C:\Users\Sophie\Contacts [27/05/2018 21:37:17] - |SHD| - [0] - C:\Users\Sophie\Cookies [27/05/2018 22:17:57] - |RD| - [282] - C:\Users\Sophie\Desktop [27/05/2018 22:17:57] - |RD| - [282] - C:\Users\Sophie\Documents [27/05/2018 22:17:57] - |RD| - [282] - C:\Users\Sophie\Downloads [22/05/2018 18:17:00] - |RD| - [690] - C:\Users\Sophie\Favorites [22/05/2018 18:17:00] - |RD| - [1912] - C:\Users\Sophie\Links [27/05/2018 21:37:17] - |SHD| - [0] - C:\Users\Sophie\Local Settings [27/05/2018 21:37:17] - |SHD| - [0] - C:\Users\Sophie\Menu Démarrer [27/05/2018 21:37:17] - |SHD| - [0] - C:\Users\Sophie\Mes documents [27/05/2018 22:18:21] - |HD| - [2642545] - C:\Users\Sophie\MicrosoftEdgeBackups [27/05/2018 21:37:17] - |SHD| - [0] - C:\Users\Sophie\Modèles [22/05/2018 18:17:00] - |RD| - [504] - C:\Users\Sophie\Music [27/05/2018 21:37:17] - |AH| - [4718592] - C:\Users\Sophie\NTUSER.DAT [27/05/2018 21:37:17] - |ASH| - [1781760] - C:\Users\Sophie\ntuser.dat.LOG1 [27/05/2018 21:37:17] - |ASH| - [1211392] - C:\Users\Sophie\ntuser.dat.LOG2 [27/05/2018 21:37:17] - |ASH| - [65536] - C:\Users\Sophie\NTUSER.DAT{912c3715-61ed-11e8-99ba-7085c2617b1f}.TM.blf [27/05/2018 21:37:17] - |ASH| - [524288] - C:\Users\Sophie\NTUSER.DAT{912c3715-61ed-11e8-99ba-7085c2617b1f}.TMContainer00000000000000000001.regtrans-ms [27/05/2018 21:37:18] - |ASH| - [524288] - C:\Users\Sophie\NTUSER.DAT{912c3715-61ed-11e8-99ba-7085c2617b1f}.TMContainer00000000000000000002.regtrans-ms [27/05/2018 22:17:53] - |SH| - [20] - C:\Users\Sophie\ntuser.ini [22/05/2018 18:19:00] - |RD| - [97] - C:\Users\Sophie\OneDrive [27/05/2018 22:17:57] - |RD| - [384] - C:\Users\Sophie\Pictures [27/05/2018 21:37:17] - |SHD| - [0] - C:\Users\Sophie\Recent [22/05/2018 18:17:00] - |RD| - [365] - C:\Users\Sophie\Saved Games [22/05/2018 18:17:33] - |RD| - [1868] - C:\Users\Sophie\Searches [27/05/2018 21:37:17] - |SHD| - [0] - C:\Users\Sophie\SendTo [22/05/2018 18:17:00] - |RD| - [504] - C:\Users\Sophie\Videos [27/05/2018 21:37:17] - |SHD| - [0] - C:\Users\Sophie\Voisinage d'impression [27/05/2018 21:37:17] - |SHD| - [0] - C:\Users\Sophie\Voisinage réseau [27/05/2018 21:37:17] - |D| - [3419211220] - C:\Users\Sophie\AppData\Local [22/05/2018 18:17:00] - |D| - [154190795] - C:\Users\Sophie\AppData\LocalLow [27/05/2018 21:37:17] - |D| - [270260736] - C:\Users\Sophie\AppData\Roaming [27/05/2018 05:18:13] - |D| - [1796808] - C:\Users\Sophie\AppData\Local\Adobe [22/05/2018 11:45:46] - |D| - [1059446] - C:\Users\Sophie\AppData\Local\AMD [27/05/2018 21:37:17] - |SHD| - [0] - C:\Users\Sophie\AppData\Local\Application Data [27/05/2018 15:35:04] - |D| - [0] - C:\Users\Sophie\AppData\Local\Apps [28/05/2018 11:55:42] - |D| - [0] - C:\Users\Sophie\AppData\Local\ATI [31/07/2018 00:02:58] - |D| - [0] - C:\Users\Sophie\AppData\Local\calibre-cache [27/05/2018 05:19:40] - |D| - [0] - C:\Users\Sophie\AppData\Local\CEF [22/05/2018 18:26:58] - |D| - [25190404] - C:\Users\Sophie\AppData\Local\Comms [22/05/2018 18:17:32] - |D| - [4521135] - C:\Users\Sophie\AppData\Local\ConnectedDevicesPlatform [27/05/2018 09:21:38] - |D| - [103372123] - C:\Users\Sophie\AppData\Local\Corel PaintShop Pro [28/08/2018 18:09:59] - |D| - [0] - C:\Users\Sophie\AppData\Local\CrashRpt [28/05/2018 11:56:37] - |D| - [916356] - C:\Users\Sophie\AppData\Local\D3DSCache [22/05/2018 12:07:14] - |D| - [0] - C:\Users\Sophie\AppData\Local\DBG [22/05/2018 18:30:47] - |D| - [67144] - C:\Users\Sophie\AppData\Local\Diagnostics [06/06/2018 16:18:29] - |D| - [0] - C:\Users\Sophie\AppData\Local\ElevatedDiagnostics [21/07/2018 10:37:02] - |A| - [97992] - C:\Users\Sophie\AppData\Local\GDIPFONTCACHEV1.DAT [22/05/2018 11:18:36] - |D| - [160733766] - C:\Users\Sophie\AppData\Local\Google [27/05/2018 21:37:17] - |SHD| - [0] - C:\Users\Sophie\AppData\Local\Historique [28/08/2018 18:09:59] - |D| - [2871] - C:\Users\Sophie\AppData\Local\Icecream [01/06/2018 23:33:14] - |AH| - [156897] - C:\Users\Sophie\AppData\Local\IconCache.db [05/06/2018 09:10:02] - |D| - [2409637] - C:\Users\Sophie\AppData\Local\LiveCraft [03/06/2018 15:19:31] - |D| - [0] - C:\Users\Sophie\AppData\Local\Logishrd [03/09/2018 15:19:51] - |D| - [0] - C:\Users\Sophie\AppData\Local\mbam [27/05/2018 21:37:17] - |D| - [1464751886] - C:\Users\Sophie\AppData\Local\Microsoft [27/05/2018 22:58:53] - |D| - [897194] - C:\Users\Sophie\AppData\Local\Microsoft Games [27/06/2018 15:21:49] - |D| - [106180] - C:\Users\Sophie\AppData\Local\Microsoft Help [22/05/2018 11:17:28] - |D| - [75524] - C:\Users\Sophie\AppData\Local\MicrosoftEdge [26/05/2018 19:54:24] - |D| - [383116042] - C:\Users\Sophie\AppData\Local\Mozilla [22/05/2018 18:17:33] - |D| - [222267118] - C:\Users\Sophie\AppData\Local\Packages [22/05/2018 12:23:50] - |D| - [0] - C:\Users\Sophie\AppData\Local\PeerDistRepub [28/05/2018 15:29:07] - |D| - [0] - C:\Users\Sophie\AppData\Local\PlaceholderTileLogoFolder [26/05/2018 16:00:34] - |D| - [0] - C:\Users\Sophie\AppData\Local\Programs [22/05/2018 18:17:36] - |D| - [679199] - C:\Users\Sophie\AppData\Local\Publishers [22/05/2018 11:44:47] - |D| - [2650321] - C:\Users\Sophie\AppData\Local\RadeonInstaller [27/05/2018 02:53:12] - |A| - [993802240] - C:\Users\Sophie\AppData\Local\SageThumbs.db3 [27/05/2018 09:04:53] - |D| - [4476589] - C:\Users\Sophie\AppData\Local\Screentime [27/05/2018 22:19:14] - |D| - [940] - C:\Users\Sophie\AppData\Local\speech [27/05/2018 21:37:17] - |D| - [32339570] - C:\Users\Sophie\AppData\Local\Temp [27/05/2018 21:37:17] - |SHD| - [0] - C:\Users\Sophie\AppData\Local\Temporary Internet Files [22/05/2018 18:17:32] - |D| - [11755520] - C:\Users\Sophie\AppData\Local\TileDataLayer [22/05/2018 18:17:33] - |D| - [1299475] - C:\Users\Sophie\AppData\Local\VirtualStore [05/07/2018 14:57:03] - |D| - [20480] - C:\Users\Sophie\AppData\Local\Windows Live [05/07/2018 14:58:12] - |D| - [648363] - C:\Users\Sophie\AppData\Local\Windows Live Writer [05/07/2018 11:28:48] - |D| - [0] - C:\Users\Sophie\AppData\Local\{36FE1CB7-CBC6-4284-87E3-EF14DFD6DA7F} [27/05/2018 05:19:37] - |D| - [2553019] - C:\Users\Sophie\AppData\LocalLow\Adobe [12/08/2018 19:11:58] - |D| - [0] - C:\Users\Sophie\AppData\LocalLow\AMD [29/08/2018 15:33:26] - |D| - [150407883] - C:\Users\Sophie\AppData\LocalLow\Google [22/05/2018 11:16:43] - |SD| - [1229893] - C:\Users\Sophie\AppData\LocalLow\Microsoft [26/05/2018 19:54:25] - |D| - [0] - C:\Users\Sophie\AppData\LocalLow\Mozilla [22/05/2018 18:17:33] - |D| - [15654] - C:\Users\Sophie\AppData\Roaming\Adobe [05/06/2018 19:44:08] - |D| - [89478] - C:\Users\Sophie\AppData\Roaming\Alien Skin [28/05/2018 11:55:42] - |D| - [0] - C:\Users\Sophie\AppData\Roaming\ATI [31/07/2018 00:01:32] - |D| - [370862] - C:\Users\Sophie\AppData\Roaming\calibre [27/05/2018 09:21:43] - |D| - [5691632] - C:\Users\Sophie\AppData\Roaming\Corel [05/07/2018 14:58:10] - |D| - [0] - C:\Users\Sophie\AppData\Roaming\Identities [18/08/2018 11:23:31] - |D| - [0] - C:\Users\Sophie\AppData\Roaming\Jasc [27/05/2018 02:58:08] - |D| - [222842] - C:\Users\Sophie\AppData\Roaming\Logishrd [27/05/2018 02:58:08] - |D| - [33302] - C:\Users\Sophie\AppData\Roaming\Logitech [27/05/2018 09:05:03] - |D| - [3198] - C:\Users\Sophie\AppData\Roaming\Macromedia [27/05/2018 21:37:17] - |SD| - [3635048] - C:\Users\Sophie\AppData\Roaming\Microsoft [26/05/2018 19:54:25] - |D| - [191517034] - C:\Users\Sophie\AppData\Roaming\Mozilla [26/05/2018 16:02:42] - |D| - [140] - C:\Users\Sophie\AppData\Roaming\MPC-HC [27/05/2018 22:45:34] - |D| - [12444097] - C:\Users\Sophie\AppData\Roaming\OpenOffice [02/07/2018 18:37:32] - |D| - [3878292] - C:\Users\Sophie\AppData\Roaming\Samsung [03/06/2018 15:18:48] - |D| - [11776] - C:\Users\Sophie\AppData\Roaming\sp6_log [27/05/2018 09:21:38] - |D| - [37568] - C:\Users\Sophie\AppData\Roaming\Ulead Systems [05/07/2018 14:58:12] - |D| - [295] - C:\Users\Sophie\AppData\Roaming\Windows Live Writer [03/06/2018 08:57:20] - |D| - [4014074] - C:\Users\Sophie\AppData\Roaming\XnView [27/05/2018 16:36:18] - |D| - [3092789] - C:\Users\Sophie\AppData\Roaming\XnViewMP [19/07/2018 15:09:44] - |D| - [45137047] - C:\Users\Sophie\AppData\Roaming\Zedeo [22/05/2018 18:17:33] - |SH| - [174] - C:\Users\Sophie\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini [27/05/2018 21:37:17] - |SHD| - [0] - C:\Users\Sophie\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes [22/05/2018 18:17:00] - |RD| - [29575] - C:\Users\Sophie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [27/05/2018 21:37:17] - |RD| - [3888] - C:\Users\Sophie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility [27/05/2018 21:37:17] - |RD| - [2921] - C:\Users\Sophie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [22/05/2018 18:17:33] - |RD| - [174] - C:\Users\Sophie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [27/05/2018 21:37:17] - |SH| - [264] - C:\Users\Sophie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini [18/07/2018 10:06:05] - |A| - [883] - C:\Users\Sophie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Eye Candy 5 Nature Manual.lnk [30/06/2018 08:08:42] - |A| - [1767] - C:\Users\Sophie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FontViewerPortable.exe - Raccourci.lnk [27/05/2018 21:37:17] - |D| - [170] - C:\Users\Sophie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [27/05/2018 21:37:17] - |A| - [2406] - C:\Users\Sophie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk [28/05/2018 15:54:19] - |A| - [878] - C:\Users\Sophie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OP_patience1.lnk [27/05/2018 08:59:49] - |A| - [279] - C:\Users\Sophie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Panneau de configuration.lnk [02/07/2018 11:22:32] - |D| - [3829] - C:\Users\Sophie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Script Edit [22/05/2018 18:17:33] - |RD| - [174] - C:\Users\Sophie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [27/05/2018 21:37:17] - |RD| - [3496] - C:\Users\Sophie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools [27/05/2018 21:37:17] - |RD| - [7754] - C:\Users\Sophie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell [27/06/2018 22:31:25] - |A| - [692] - C:\Users\Sophie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Xenofex 2 Manual.lnk [22/05/2018 18:17:33] - |SH| - [174] - C:\Users\Sophie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | C:\ProgramData [27/05/2018 05:19:03] - |D| - [285858340] - C:\ProgramData\Adobe [21/07/2018 20:21:47] - |D| - [2885823] - C:\ProgramData\AMD [27/05/2018 21:42:08] - |SHD| - [0] - C:\ProgramData\Application Data [28/05/2018 11:55:42] - |D| - [0] - C:\ProgramData\ATI [22/05/2018 18:14:53] - |SHD| - [0] - C:\ProgramData\Bureau [22/05/2018 12:10:40] - |D| - [201988077] - C:\ProgramData\CLink4 [27/05/2018 09:20:47] - |D| - [226594399] - C:\ProgramData\Corel [27/05/2018 21:42:08] - |SHD| - [0] - C:\ProgramData\Documents [27/05/2018 02:58:47] - |D| - [23848568] - C:\ProgramData\Logishrd [03/09/2018 15:19:24] - |D| - [86327660] - C:\ProgramData\Malwarebytes [22/05/2018 18:14:53] - |SHD| - [0] - C:\ProgramData\Menu Démarrer [12/04/2018 01:38:20] - |SD| - [1881252808] - C:\ProgramData\Microsoft [27/06/2018 15:21:48] - |D| - [65250] - C:\ProgramData\Microsoft Help [27/05/2018 22:21:32] - |D| - [0] - C:\ProgramData\Microsoft OneDrive [22/05/2018 18:14:53] - |SHD| - [0] - C:\ProgramData\Modèles [01/06/2018 20:03:35] - |D| - [2862508] - C:\ProgramData\NVIDIA [01/06/2018 20:03:23] - |D| - [3086279] - C:\ProgramData\NVIDIA Corporation [22/05/2018 11:45:25] - |D| - [73034022] - C:\ProgramData\Package Cache [19/07/2018 11:46:43] - |D| - [0] - C:\ProgramData\Packages [12/04/2018 01:38:20] - |D| - [993] - C:\ProgramData\regid.1991-06.com.microsoft [02/07/2018 18:30:17] - |D| - [1673235] - C:\ProgramData\Samsung [12/04/2018 01:38:20] - |D| - [0] - C:\ProgramData\SoftwareDistribution [14/07/2018 19:09:32] - |A| - [60] - C:\ProgramData\SoftwareUpdateTemp.xml [12/04/2018 01:38:20] - |D| - [7070] - C:\ProgramData\USOPrivate [27/05/2018 21:40:37] - |D| - [4739072] - C:\ProgramData\USOShared [12/04/2018 18:24:11] - |D| - [0] - C:\ProgramData\WindowsHolographicDevices ---------- | C:\ProgramData\Microsoft\Windows\Start Menu [12/04/2018 01:38:24] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini [22/05/2018 18:14:53] - |SHD| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programmes [12/04/2018 01:38:20] - |RD| - [167000] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs [14/07/2018 19:11:53] - |D| - [3026] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\##ID_STRING16## [27/05/2018 08:08:58] - |D| - [1557] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [12/04/2018 01:38:20] - |RD| - [1614] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility [12/04/2018 01:38:20] - |RD| - [14299] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories [27/05/2018 05:19:21] - |A| - [2457] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk [12/04/2018 01:38:20] - |RD| - [24294] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [07/08/2018 08:47:56] - |D| - [2003] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Settings [09/06/2018 09:15:08] - |D| - [6792] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Color Efex Pro 3.0 Complete [27/05/2018 09:20:45] - |D| - [3735] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel PaintShop Pro X8 [22/05/2018 12:10:41] - |D| - [2503] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corsair LINK 4 [12/04/2018 01:38:24] - |SH| - [670] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini [26/05/2018 19:54:24] - |A| - [1005] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk [05/07/2018 09:08:16] - |D| - [2249] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FM Patcher [27/05/2018 09:30:13] - |D| - [5878] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games [22/05/2018 11:20:39] - |A| - [2299] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk [29/08/2018 15:33:23] - |A| - [2253] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk [28/08/2018 18:08:41] - |D| - [1260] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Icecream Ebook Reader [12/04/2018 01:35:21] - |RAS| - [2349] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk [30/06/2018 08:06:13] - |D| - [3774] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jasc Software [04/06/2018 16:47:23] - |D| - [1178] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jeux de cartes [27/05/2018 02:58:53] - |D| - [2386] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech [12/04/2018 01:38:20] - |D| - [170] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance [03/09/2018 15:19:31] - |D| - [3896] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes [27/06/2018 15:23:38] - |D| - [32512] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [01/06/2018 20:05:26] - |D| - [4994] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [27/05/2018 22:45:19] - |SD| - [7392] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.5 [27/05/2018 02:53:08] - |D| - [11575] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SageThumbs [17/07/2018 17:34:58] - |RD| - [11027] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers [12/04/2018 01:38:20] - |RD| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp [12/04/2018 01:38:20] - |RD| - [1458] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools [05/07/2018 14:57:21] - |A| - [1358] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk [27/05/2018 21:37:44] - |A| - [1576] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk [03/06/2018 08:56:39] - |D| - [2253] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XnView [19/07/2018 15:09:49] - |D| - [1034] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zedeo ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [12/04/2018 01:38:24] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | C:\Program Files (x86) [27/05/2018 05:19:15] - |D| - [283906799] - C:\Program Files (x86)\Adobe [03/06/2018 10:32:26] - |D| - [282624] - C:\Program Files (x86)\Alien Skin [22/05/2018 11:46:14] - |AD| - [62232354] - C:\Program Files (x86)\AMD [12/04/2018 01:38:20] - |D| - [381978712] - C:\Program Files (x86)\Common Files [27/05/2018 09:20:29] - |D| - [240627626] - C:\Program Files (x86)\Corel [22/05/2018 12:10:40] - |AD| - [59192760] - C:\Program Files (x86)\CorsairLink4 [12/04/2018 01:38:24] - |ASH| - [174] - C:\Program Files (x86)\desktop.ini [05/07/2018 09:08:16] - |D| - [1045987] - C:\Program Files (x86)\FMPatcher [22/05/2018 11:18:42] - |D| - [465835588] - C:\Program Files (x86)\Google [28/08/2018 18:08:38] - |D| - [97612274] - C:\Program Files (x86)\Icecream Ebook Reader [22/05/2018 12:05:52] - |HD| - [10094360] - C:\Program Files (x86)\InstallShield Installation Information [12/04/2018 01:38:20] - |D| - [2007027] - C:\Program Files (x86)\Internet Explorer [30/06/2018 08:06:13] - |D| - [17027222] - C:\Program Files (x86)\Jasc Software Inc [04/06/2018 16:47:23] - |D| - [8095486] - C:\Program Files (x86)\Jeux de cartes [27/06/2018 15:21:48] - |D| - [585363297] - C:\Program Files (x86)\Microsoft Office [27/06/2018 15:23:17] - |D| - [14904] - C:\Program Files (x86)\Microsoft Visual Studio [27/06/2018 15:23:20] - |D| - [3726168] - C:\Program Files (x86)\Microsoft Works [12/04/2018 01:38:20] - |D| - [23935] - C:\Program Files (x86)\Microsoft.NET [26/05/2018 19:54:24] - |D| - [300868] - C:\Program Files (x86)\Mozilla Maintenance Service [27/06/2018 15:23:18] - |D| - [26521] - C:\Program Files (x86)\MSBuild [09/06/2018 09:15:07] - |D| - [14662140] - C:\Program Files (x86)\Nik Software [01/06/2018 20:03:20] - |D| - [30192524] - C:\Program Files (x86)\NVIDIA Corporation [27/05/2018 22:45:10] - |D| - [326710907] - C:\Program Files (x86)\OpenOffice 4 [22/05/2018 12:05:53] - |D| - [3574313] - C:\Program Files (x86)\Realtek [05/07/2018 14:55:52] - |D| - [38454529] - C:\Program Files (x86)\Reference Assemblies [27/05/2018 02:53:08] - |AD| - [5540424] - C:\Program Files (x86)\SageThumbs [17/07/2018 17:06:15] - |D| - [182277364] - C:\Program Files (x86)\Samsung [22/05/2018 12:05:50] - |HD| - [0] - C:\Program Files (x86)\Temp [06/06/2018 19:08:12] - |D| - [2850368] - C:\Program Files (x86)\Ulead Particle.Plugin [22/05/2018 11:45:27] - |D| - [5835254] - C:\Program Files (x86)\VulkanRT [12/04/2018 01:38:20] - |D| - [1780768] - C:\Program Files (x86)\Windows Defender [05/07/2018 14:57:15] - |D| - [67769950] - C:\Program Files (x86)\Windows Live [12/04/2018 01:38:20] - |D| - [625664] - C:\Program Files (x86)\Windows Mail [12/04/2018 18:20:01] - |D| - [3254215] - C:\Program Files (x86)\Windows Media Player [12/04/2018 01:38:20] - |D| - [40328] - C:\Program Files (x86)\Windows Multimedia Platform [12/04/2018 01:38:20] - |D| - [7556440] - C:\Program Files (x86)\windows nt [12/04/2018 01:38:20] - |D| - [5370120] - C:\Program Files (x86)\Windows Photo Viewer [12/04/2018 01:38:20] - |D| - [40328] - C:\Program Files (x86)\Windows Portable Devices [12/04/2018 01:38:20] - |SHD| - [0] - C:\Program Files (x86)\Windows Sidebar [12/04/2018 01:38:20] - |D| - [2251159] - C:\Program Files (x86)\WindowsPowerShell [03/06/2018 08:56:38] - |D| - [20491595] - C:\Program Files (x86)\XnView [19/07/2018 15:09:44] - |D| - [75645511] - C:\Program Files (x86)\Zedeo ---------- | C:\Program Files [27/05/2018 08:08:58] - |AD| - [4990738] - C:\Program Files\7-Zip [22/05/2018 11:44:45] - |AD| - [307129756] - C:\Program Files\AMD [12/04/2018 01:38:20] - |D| - [135781523] - C:\Program Files\Common Files [27/05/2018 09:20:57] - |D| - [222408507] - C:\Program Files\Corel [12/04/2018 01:38:23] - |ASH| - [174] - C:\Program Files\desktop.ini [22/05/2018 12:10:41] - |D| - [1040384] - C:\Program Files\DIFX [22/05/2018 18:14:53] - |SHD| - [0] - C:\Program Files\Fichiers communs [29/08/2018 15:33:21] - |D| - [219154687] - C:\Program Files\Google [12/04/2018 01:38:20] - |D| - [2639358] - C:\Program Files\internet explorer [03/06/2018 15:19:04] - |D| - [62752106] - C:\Program Files\Logitech [03/09/2018 15:19:24] - |D| - [169160773] - C:\Program Files\Malwarebytes [27/05/2018 09:30:13] - |RD| - [19011747] - C:\Program Files\Microsoft Games [27/06/2018 15:22:01] - |D| - [593814] - C:\Program Files\Microsoft Office [26/05/2018 19:54:20] - |AD| - [153160673] - C:\Program Files\Mozilla Firefox [26/05/2018 16:01:02] - |AD| - [49376793] - C:\Program Files\MPC-HC [05/07/2018 14:55:52] - |D| - [25757] - C:\Program Files\MSBuild [01/06/2018 20:03:20] - |D| - [1073846746] - C:\Program Files\NVIDIA Corporation [27/05/2018 02:54:15] - |D| - [580261] - C:\Program Files\PSP Thumbnail Handler [22/05/2018 12:06:07] - |D| - [36238336] - C:\Program Files\Realtek [05/07/2018 14:55:52] - |D| - [36854953] - C:\Program Files\Reference Assemblies [22/05/2018 12:45:57] - |AD| - [5454478] - C:\Program Files\rempl [02/07/2018 11:23:30] - |D| - [1300395] - C:\Program Files\Script Edit [22/05/2018 18:13:41] - |HD| - [0] - C:\Program Files\Uninstall Information [12/04/2018 01:38:20] - |RD| - [19336699] - C:\Program Files\Windows Defender [12/04/2018 18:24:11] - |D| - [11869512] - C:\Program Files\Windows Defender Advanced Threat Protection [05/07/2018 14:57:17] - |D| - [52928] - C:\Program Files\Windows Live [12/04/2018 01:38:20] - |D| - [635392] - C:\Program Files\Windows Mail [12/04/2018 18:20:01] - |D| - [4783083] - C:\Program Files\Windows Media Player [12/04/2018 01:38:20] - |D| - [46576] - C:\Program Files\Windows Multimedia Platform [12/04/2018 01:38:20] - |D| - [7823192] - C:\Program Files\windows nt [12/04/2018 01:38:20] - |D| - [6170376] - C:\Program Files\Windows Photo Viewer [12/04/2018 01:38:20] - |D| - [46576] - C:\Program Files\Windows Portable Devices [12/04/2018 01:38:20] - |D| - [106165] - C:\Program Files\Windows Security [12/04/2018 01:38:20] - |SHD| - [0] - C:\Program Files\Windows Sidebar [12/04/2018 01:38:20] - |HD| - [3170596443] - C:\Program Files\WindowsApps [12/04/2018 01:38:20] - |D| - [2501953] - C:\Program Files\WindowsPowerShell ---------- | C:\Program Files (x86)\Common Files [27/05/2018 05:19:15] - |AD| - [9436443] - C:\Program Files (x86)\Common Files\Adobe [17/07/2018 17:36:03] - |D| - [402656] - C:\Program Files (x86)\Common Files\Common Desktop Agent [13/07/2018 08:31:10] - |D| - [99992] - C:\Program Files (x86)\Common Files\DESIGNER [12/04/2018 01:38:20] - |D| - [231044287] - C:\Program Files (x86)\Common Files\microsoft shared [17/07/2018 17:35:47] - |D| - [12502319] - C:\Program Files (x86)\Common Files\Scan Process Machine [12/04/2018 01:38:20] - |D| - [2702] - C:\Program Files (x86)\Common Files\Services [12/04/2018 01:38:20] - |D| - [43615847] - C:\Program Files (x86)\Common Files\system [05/07/2018 14:56:19] - |D| - [84874466] - C:\Program Files (x86)\Common Files\Windows Live ---------- | C:\Program Files\Common files [22/05/2018 11:45:44] - |D| - [39535264] - C:\Program Files\Common files\ATI Technologies [17/07/2018 17:36:03] - |D| - [515808] - C:\Program Files\Common files\Common Desktop Agent [27/05/2018 02:58:16] - |D| - [40473456] - C:\Program Files\Common files\LogiShrd [12/04/2018 01:38:20] - |D| - [44989322] - C:\Program Files\Common files\microsoft shared [12/04/2018 01:38:20] - |D| - [2702] - C:\Program Files\Common files\Services [12/04/2018 01:38:20] - |D| - [10264971] - C:\Program Files\Common files\system ---------- | Tasks [MD5.FF290071B877B623A8E7D4FAD34EF8AC] - [28/05/2018 11:30:02] - |A| - [214] - C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job [MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [27/05/2018 21:42:06] - |AH| - [6] - C:\WINDOWS\Tasks\SA.DAT [MD5.00000000000000000000000000000000] - [27/05/2018 21:42:06] - |D| - [0] - C:\WINDOWS\System32\Tasks\2BrightSparks [MD5.727E74A10FE8E054710EA9B7996939A6] - [27/05/2018 21:42:06] - |A| - [4562] - C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task : C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [MD5.0D9CFE7DC50F08F16524011F6D8DA5E2] - [12/08/2018 18:46:36] - |A| - [4762] - C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier : C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_154_Plugin.exe [MD5.1A5990B09D787A23EBEC98620E35C346] - [12/08/2018 18:46:36] - |A| - [4594] - C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater : C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [MD5.3033114D6E877ED2F323B0B9D0A8AA3F] - [27/05/2018 21:42:06] - |A| - [3292] - C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [MD5.D3CB33AFEE782BA8D9E0950DED7704CF] - [27/05/2018 21:42:06] - |A| - [3516] - C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [MD5.00000000000000000000000000000000] - [12/04/2018 01:38:21] - |D| - [554486] - C:\WINDOWS\System32\Tasks\Microsoft [MD5.11F689877EC8654AEDAE0A9872CBDF11] - [27/05/2018 21:42:06] - |A| - [3374] - C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2641057836-2379893348-9070863-1001 : %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe [MD5.C968AAE0BFD7B8F955F6B323CBCF9DE5] - [07/08/2018 08:47:54] - |A| - [3160] - C:\WINDOWS\System32\Tasks\StartCN : "C:\Program Files\AMD\CNext\CNext\cncmd.exe" [MD5.7B5C41A3A530F3E0B62656ED02541F3C] - [07/08/2018 08:47:54] - |A| - [3074] - C:\WINDOWS\System32\Tasks\StartDVR : "C:\Program Files\AMD\CNext\CNext\dvrcmd.exe" [MD5.00000000000000000000000000000000] - [12/04/2018 01:38:21] - |D| - [0] - C:\WINDOWS\Syswow64\Tasks\Microsoft ---------- | Firewall [HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules] "WiFiDirect-KM-Driver-In-TCP"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=System|Name=@wlansvc.dll,-37378|Desc=@wlansvc.dll,-37890|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "WiFiDirect-KM-Driver-Out-TCP"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=System|Name=@wlansvc.dll,-37379|Desc=@wlansvc.dll,-37891|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "WiFiDirect-KM-Driver-In-UDP"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=System|Name=@wlansvc.dll,-37380|Desc=@wlansvc.dll,-37892|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "WiFiDirect-KM-Driver-Out-UDP"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=System|Name=@wlansvc.dll,-37381|Desc=@wlansvc.dll,-37893|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "DeliveryOptimization-TCP-In"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-102|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE| "DeliveryOptimization-UDP-In"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-103|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE| "Netlogon-NamedPipe-In"=v2.28|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|Name=@netlogon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010| "Netlogon-TCP-RPC-In"=v2.28|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%SystemRoot%\System32\lsass.exe|Name=@netlogon.dll,-1008|Desc=@netlogon.dll,-1009|EmbedCtxt=@netlogon.dll,-1010| "WirelessDisplay-In-TCP"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10200|Desc=@wifidisplay.dll,-10201|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Out-TCP"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10202|Desc=@wifidisplay.dll,-10203|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Out-UDP"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10204|Desc=@wifidisplay.dll,-10205|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Infra-In-TCP"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7250|App=%systemroot%\system32\CastSrv.exe|Name=@wifidisplay.dll,-10206|Desc=@wifidisplay.dll,-10207|EmbedCtxt=@wifidisplay.dll,-100| "{DFD4145B-DBD3-4C11-AE94-6FE6527A722D}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Name=Plex|Desc=Plex|LUOwn=S-1-5-21-2641057836-2379893348-9070863-1001|AppPkgId=S-1-15-2-663319984-3691977918-1341348298-2599563705-1202581887-3444832810-199907587|EmbedCtxt=Plex|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{2C13B52B-770F-476F-BF9D-951C045EF300}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Name=Plex|Desc=Plex|LUOwn=S-1-5-21-2641057836-2379893348-9070863-1001|AppPkgId=S-1-15-2-663319984-3691977918-1341348298-2599563705-1202581887-3444832810-199907587|EmbedCtxt=Plex|Platform=2:6:2|Platform2=GTEQ| "{C5B9C473-CDFA-4CAB-8F1E-63AA3D776A7B}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Microsoft Sticky Notes|Desc=Microsoft Sticky Notes|LUOwn=S-1-5-21-2641057836-2379893348-9070863-1001|AppPkgId=S-1-15-2-3539788797-2700867667-1432428195-1581642-2885308443-3834444517-2495346167|EmbedCtxt=Microsoft Sticky Notes|Platform=2:6:2|Platform2=GTEQ| "{A140679A-9E58-4FDB-980A-191C8B6682F0}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Name=Microsoft Sticky Notes|Desc=Microsoft Sticky Notes|LUOwn=S-1-5-21-2641057836-2379893348-9070863-1001|AppPkgId=S-1-15-2-3539788797-2700867667-1432428195-1581642-2885308443-3834444517-2495346167|EmbedCtxt=Microsoft Sticky Notes|Platform=2:6:2|Platform2=GTEQ| "{92547F29-4886-4B4E-A8EC-E9842D3F4F24}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Name=3D Builder|Desc=3D Builder|LUOwn=S-1-5-21-2641057836-2379893348-9070863-1001|AppPkgId=S-1-15-2-3995430443-3719053022-3339397951-2895237338-2437516106-1575886070-2755610054|EmbedCtxt=3D Builder|Platform=2:6:2|Platform2=GTEQ| "{E98D90C3-AB5B-4306-AB0F-005388C50D09}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Autodesk SketchBook|Desc=Autodesk SketchBook|LUOwn=S-1-5-21-2641057836-2379893348-9070863-1001|AppPkgId=S-1-15-2-1047515161-358678321-1182485124-675918906-21415711-1529155774-789380781|EmbedCtxt=Autodesk SketchBook|Platform=2:6:2|Platform2=GTEQ| "{B3157E8B-19EC-4225-B48F-0D7B1D5E0165}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Name=Autodesk SketchBook|Desc=Autodesk SketchBook|LUOwn=S-1-5-21-2641057836-2379893348-9070863-1001|AppPkgId=S-1-15-2-1047515161-358678321-1182485124-675918906-21415711-1529155774-789380781|EmbedCtxt=Autodesk SketchBook|Platform=2:6:2|Platform2=GTEQ| "{64807124-653E-4074-B84B-D06177375A60}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-18|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2:6:2|Platform2=GTEQ| "{669D270C-3D98-4BD7-A362-711453492430}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Win32WebViewHost|Desc=Win32WebViewHost|LUOwn=S-1-5-21-2641057836-2379893348-9070863-1001|AppPkgId=S-1-15-2-1310292540-1029022339-4008023048-2190398717-53961996-4257829345-603366646|EmbedCtxt=Win32WebViewHost|Platform=2:6:2|Platform2=GTEQ| "{22F64680-9491-438A-848C-C126A209EFD0}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Win32WebViewHost|Desc=Win32WebViewHost|LUOwn=S-1-5-21-2641057836-2379893348-9070863-1001|AppPkgId=S-1-15-2-1310292540-1029022339-4008023048-2190398717-53961996-4257829345-603366646|EmbedCtxt=Win32WebViewHost|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{6753D733-E14B-4C86-A91A-5E0904BA1102}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Shell Input Application|Desc=Shell Input Application|LUOwn=S-1-5-21-2641057836-2379893348-9070863-1001|AppPkgId=S-1-15-2-3945102849-3632965805-3846928828-240845225-3300287824-62672950-817265009|EmbedCtxt=Shell Input Application|Platform=2:6:2|Platform2=GTEQ| "{073A094D-5FF5-47FD-965E-E99B9B263969}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Pay|Desc=Microsoft Pay|LUOwn=S-1-5-21-2641057836-2379893348-9070863-1001|AppPkgId=S-1-15-2-567501097-281763132-502764112-1855211022-3143306454-2372101908-561929011|EmbedCtxt=Microsoft Pay|Platform=2:6:2|Platform2=GTEQ| "{DF8B7797-BD7F-4850-A270-F5062CA41799}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox TCUI|Desc=Xbox TCUI|LUOwn=S-1-5-21-2641057836-2379893348-9070863-1001|AppPkgId=S-1-15-2-2603511428-3224021693-1028932517-3941269705-3349582775-2312504883-4057327947|EmbedCtxt=Xbox TCUI|Platform=2:6:2|Platform2=GTEQ| "{4110CF87-FCCF-4D20-88C3-DAF477174D85}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Print 3D|Desc=Print 3D|LUOwn=S-1-5-21-2641057836-2379893348-9070863-1001|AppPkgId=S-1-15-2-4177018473-2823706547-3652141868-2730301309-560159678-43221128-488844051|EmbedCtxt=Print 3D|Platform=2:6:2|Platform2=GTEQ| "{CAEC9737-F855-40B0-AA8D-D7C77152D203}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Print 3D|Desc=Print 3D|LUOwn=S-1-5-21-2641057836-2379893348-9070863-1001|AppPkgId=S-1-15-2-4177018473-2823706547-3652141868-2730301309-560159678-43221128-488844051|EmbedCtxt=Print 3D|Platform=2:6:2|Platform2=GTEQ| "{A1428BEE-BB42-4339-B156-DBF38AB4E0B5}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Samsung Printer Experience|Desc=Samsung Printer Experience|LUOwn=S-1-5-21-2641057836-2379893348-9070863-1001|AppPkgId=S-1-15-2-199443308-783181745-3731900621-737618142-274797140-2538204478-2503832961|EmbedCtxt=Samsung Printer Experience|Platform=2:6:2|Platform2=GTEQ| "{3B5F78B0-2129-46F9-865E-E80DB44AE3FB}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Samsung Printer Experience|Desc=Samsung Printer Experience|LUOwn=S-1-5-21-2641057836-2379893348-9070863-1001|AppPkgId=S-1-15-2-199443308-783181745-3731900621-737618142-274797140-2538204478-2503832961|EmbedCtxt=Samsung Printer Experience|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{B50264D6-0365-4879-8C89-22E358D1AD00}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Public|IFType=Wireless|Name=Samsung Printer Experience|Desc=Samsung Printer Experience|LUOwn=S-1-5-21-2641057836-2379893348-9070863-1001|AppPkgId=S-1-15-2-199443308-783181745-3731900621-737618142-274797140-2538204478-2503832961|EmbedCtxt=Samsung Printer Experience|Platform=2:6:2|Platform2=GTEQ|TTK2_22=WFDDevices| "{61E8E5B1-B721-465F-8C76-41505B6A652B}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Public|IFType=Wireless|Name=Samsung Printer Experience|Desc=Samsung Printer Experience|LUOwn=S-1-5-21-2641057836-2379893348-9070863-1001|AppPkgId=S-1-15-2-199443308-783181745-3731900621-737618142-274797140-2538204478-2503832961|EmbedCtxt=Samsung Printer Experience|Platform=2:6:2|Platform2=GTEQ|TTK2_22=WFDDevices| "{385D2E86-0E6A-411E-ADDF-3B6381A36C67}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe|Name=Windows Live Communications Platform|Edge=TRUE| "{E35B3F78-D4F0-4718-9548-8CA2388A5642}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|Name=Windows Live Communications Platform (UPnP)| "{E4832B7C-565E-41CF-A63E-CED32A580D89}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|Name=Windows Live Communications Platform (SSDP)| "{B40BC877-E663-45D5-9ABF-9B5DE7E46929}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Candy Crush Soda Saga|Desc=Candy Crush Soda Saga|LUOwn=S-1-5-21-2641057836-2379893348-9070863-1001|AppPkgId=S-1-15-2-3055884410-2067824683-223899546-422323478-2359388318-2114876276-1379654078|EmbedCtxt=Candy Crush Soda Saga|Platform=2:6:2|Platform2=GTEQ| "{1F705869-C127-4EAE-8D24-C6968AEEB948}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe|Name=Samsung Easy Document Creator| "{544E7671-C817-45F4-A1A0-EAF43A0616F9}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe|Name=Samsung Easy Document Creator| "{16D4827E-E979-4BDA-92FE-4541F8893CE6}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe|Name=CDA Server| "{9D265FC7-D901-4484-964B-C15AAB5CC045}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe|Name=CDA Server| "{2CC1636E-7C4F-4761-89C3-E918C3A0D922}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Private|App=C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe|Name=Easy Printer Manager| "{4D907471-1620-496A-AF4B-47B49B75B749}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Private|App=C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe|Name=EPM Order Supplies | "{B87DBE75-9958-46C6-B3A8-F76E6E1BA29D}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Private|App=C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe|Name=EPM Alert | "{7CBC375E-28DA-4B4B-B4BF-71A25A2976C6}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Private|App=C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe|Name=Samsung uninstaller | "{8C503481-CD63-4542-995F-66EC590D0F95}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Private|App=C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe|Name=EPM CDA Scan2PC| "{7A7837F3-440A-4953-AD06-37864C461FB2}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Private|App=C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\ScanProcess.exe|Name=EPM ScanProcess| "{5D7366F7-9E7A-4C41-BACF-3BE75A5CE2EA}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Private|App=C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\Scan2PCNotify.exe|Name=EPM Scan2PCNotify| "{D64C9026-C5A0-4CF9-BBF6-0E9940CF9AB9}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{A278AB0D.MarchofEmpires_3.4.0.7_x86__h6adky7gbf63m?ms-resource://A278AB0D.MarchofEmpires/Resources/MarchOfEmpires}|Desc=@{A278AB0D.MarchofEmpires_3.4.0.7_x86__h6adky7gbf63m?ms-resource://A278AB0D.MarchofEmpires/Resources/MarchOfEmpires}|LUOwn=S-1-5-21-2641057836-2379893348-9070863-1001|AppPkgId=S-1-15-2-792116756-2163651165-1029707900-2144380252-3717869303-3061844081-355238664|EmbedCtxt=@{A278AB0D.MarchofEmpires_3.4.0.7_x86__h6adky7gbf63m?ms-resource://A278AB0D.MarchofEmpires/Resources/MarchOfEmpires}|Platform=2:6:2|Platform2=GTEQ| "{F1A4E21E-2160-452E-9EAF-A5B623975498}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{A278AB0D.MarchofEmpires_3.4.0.7_x86__h6adky7gbf63m?ms-resource://A278AB0D.MarchofEmpires/Resources/MarchOfEmpires}|Desc=@{A278AB0D.MarchofEmpires_3.4.0.7_x86__h6adky7gbf63m?ms-resource://A278AB0D.MarchofEmpires/Resources/MarchOfEmpires}|LUOwn=S-1-5-21-2641057836-2379893348-9070863-1001|AppPkgId=S-1-15-2-792116756-2163651165-1029707900-2144380252-3717869303-3061844081-355238664|EmbedCtxt=@{A278AB0D.MarchofEmpires_3.4.0.7_x86__h6adky7gbf63m?ms-resource://A278AB0D.MarchofEmpires/Resources/MarchOfEmpires}|Platform=2:6:2|Platform2=GTEQ| "{AD945480-D21C-42A9-BEB2-678941473DDB}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{king.com.BubbleWitch3Saga_4.8.4.0_x86__kgqvnymyfvs32?ms-resource://king.com.BubbleWitch3Saga/Resources/AppName}|Desc=@{king.com.BubbleWitch3Saga_4.8.4.0_x86__kgqvnymyfvs32?ms-resource://king.com.BubbleWitch3Saga/Resources/AppName}|LUOwn=S-1-5-21-2641057836-2379893348-9070863-1001|AppPkgId=S-1-15-2-2480992608-1527340332-3131305588-448447103-1026586663-3117074242-2125591980|EmbedCtxt=@{king.com.BubbleWitch3Saga_4.8.4.0_x86__kgqvnymyfvs32?ms-resource://king.com.BubbleWitch3Saga/Resources/AppName}|Platform=2:6:2|Platform2=GTEQ| "{802E8294-4CEA-4DFF-9D2D-8ED4B5F42D2C}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files (x86)\Google\Chrome\Application\chrome.exe|Name=Google Chrome (mDNS-In)|Desc=Règle de trafic entrant pour Google Chrome autorisant le trafic mDNS|EmbedCtxt=Google Chrome| "{4B826DAB-EF63-41B9-ADE0-492F0B59131B}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox|Desc=Xbox|LUOwn=S-1-5-21-2641057836-2379893348-9070863-1001|AppPkgId=S-1-15-2-4153522205-3718366397-1353898457-1332184198-1210887116-3116787857-2103916698|EmbedCtxt=Xbox|Platform=2:6:2|Platform2=GTEQ| "{0DD748AA-E662-4DA1-BA32-E1B142403C21}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox|Desc=Xbox|LUOwn=S-1-5-21-2641057836-2379893348-9070863-1001|AppPkgId=S-1-15-2-4153522205-3718366397-1353898457-1332184198-1210887116-3116787857-2103916698|EmbedCtxt=Xbox|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{279026B5-742B-4E37-85D7-E7A3FA86AB89}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-2641057836-2379893348-9070863-1001|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ| "{250C45B9-BB7A-4864-AEE2-BB9D4F2C1C20}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-2641057836-2379893348-9070863-1001|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ| "{6EBF3767-E21D-4808-ACB7-0F4397DFE4FD}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox gaming overlay|Desc=Xbox gaming overlay|LUOwn=S-1-5-21-2641057836-2379893348-9070863-1001|AppPkgId=S-1-15-2-1714399563-1326177402-2048222277-143663168-2151391019-765408921-4098702777|EmbedCtxt=Xbox gaming overlay|Platform=2:6:2|Platform2=GTEQ| "{B96516C2-C580-4F31-A621-BB28B68B8994}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-2641057836-2379893348-9070863-1001|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ| "{CB18D670-9D01-45C8-95DB-D066A0ADFF85}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-2641057836-2379893348-9070863-1001|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ| "{167DF595-0912-45FD-8E48-706A8DBA5FDF}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Minecraft for Windows 10|Desc=Minecraft for Windows 10|LUOwn=S-1-5-21-2641057836-2379893348-9070863-1001|AppPkgId=S-1-15-2-1958404141-86561845-1752920682-3514627264-368642714-62675701-733520436|EmbedCtxt=Minecraft for Windows 10|Platform=2:6:2|Platform2=GTEQ| "{40C20FB3-03EF-4EB4-BC75-3579ED0999C1}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Minecraft for Windows 10|Desc=Minecraft for Windows 10|LUOwn=S-1-5-21-2641057836-2379893348-9070863-1001|AppPkgId=S-1-15-2-1958404141-86561845-1752920682-3514627264-368642714-62675701-733520436|EmbedCtxt=Minecraft for Windows 10|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{A584A777-0901-40DE-BC97-E112555DD2F9}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox Game bar|Desc=Xbox Game bar|LUOwn=S-1-5-21-2641057836-2379893348-9070863-1001|AppPkgId=S-1-15-2-1823635404-1364722122-2170562666-1762391777-2399050872-3465541734-3732476201|EmbedCtxt=Xbox Game bar|Platform=2:6:2|Platform2=GTEQ| ---------- | Control\Class [HKLM\SYSTEM\CurrentControlSet\Control\Class\{05f5cfe2-4733-4950-a6bb-07aad01a3a84}] : (XboxComposite) [] -> @dc1-controller.inf,%ClassName%;Xbox Peripherals [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1264760F-A5C8-4BFE-B314-D56A7B44A362}] : (DXGKrnl) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{13e42dfa-85d9-424d-8646-28a70f864f9c}] : (RemotePosDevice) [] -> @remoteposdrv.inf,%ClassName%;POS Remote Device [HKLM\SYSTEM\CurrentControlSet\Control\Class\{14b62f50-3f15-11dd-ae16-0800200c9a66}] : (DigitalMediaDevices) [] -> @digitalmediadevice.inf,%ClassName%;Digital Media Devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}] : (PrintQueue) [] -> @printqueue.inf,%ClassName%;Print queues [HKLM\SYSTEM\CurrentControlSet\Control\Class\{23D661C0-CCE6-4E43-98A4-19969D3C25AD}] : (PXGX112) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{25dbce51-6c8f-4a72-8a6d-b54c2b4fc835}] : (WCEUSBS) [] -> @%SystemRoot%\System32\SysClass.Dll,-3026 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{268c95a1-edfe-11d3-95c3-0010dc4050a5}] : (SecurityAccelerator) [] -> @c_sslaccel.inf,%ClassName%;Security accelerators [HKLM\SYSTEM\CurrentControlSet\Control\Class\{281922b1-a910-451e-adb1-0b5567f1edb1}] : (BTDFU) [] -> @oem19.inf,%BTWClassName%;Périphériques Bluetooth [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2a9fe532-0cdc-44f9-9827-76192f2ca2fb}] : (HidMsr) [] -> @c_magneticstripereader.inf,%ClassName%;POS HID Magnetic Stripe Reader [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2db15374-706e-4131-a0c7-d7c78eb0289a}] : (SystemRecovery) [] -> @c_fssystemrecovery.inf,%ClassDesc%;FS System recovery filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2EA9B43F-3045-43B5-80F2-FD06C55FBB90}] : (vhdmp) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B648}] : (fvevol) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B649}] : (fvevol) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{36fc9e60-c465-11cf-8056-444553540000}] : (USB) [] -> @%SystemRoot%\System32\SysClass.Dll,-3025 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3e3f0674-c83c-4558-bb26-9820e1eba5c5}] : (ContentScreener) [] -> @c_fscontentscreener.inf,%ClassDesc%;FS Content screener filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3f966bd9-fa04-4ec5-991c-d326973b5128}] : (AndroidUsbDeviceClass) [] -> @oem28.inf,%ClassName%;SAMSUNG Android Phone [HKLM\SYSTEM\CurrentControlSet\Control\Class\{43675d81-502a-4a82-9f84-b75f418c5dea}] : (Media Center Extender) [] -> @c_mcx.inf,%ClassDesc%;Media Center Extenders [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4658ee7e-f050-11d1-b6bd-00c04fa372a7}] : (PnpPrinters) [] -> @%SystemRoot%\system32\ntprint.dll,-1300 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{48721b56-6795-11d2-b1a8-0080c72e74a2}] : (Dot4) [] -> @%SystemRoot%\system32\sysclass.dll,-3023 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{48d3ebc4-4cf8-48ff-b869-9c68ad42eb9f}] : (Replication) [] -> @c_fsreplication.inf,%ClassDesc%;FS Replication filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{49ce6ac8-6f86-11d2-b1e5-0080c72e74a2}] : (Dot4Print) [] -> @%SystemRoot%\system32\sysclass.dll,-3024 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e965-e325-11ce-bfc1-08002be10318}] : (CDROM) [] -> @%SystemRoot%\System32\StorProp.dll,-17001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e966-e325-11ce-bfc1-08002be10318}] : (Computer) [] -> @%SystemRoot%\System32\SysClass.dll,-3000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}] : (DiskDrive) [] -> @c_diskdrive.inf,%ClassDesc%;Disk drives [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}] : (Display) [] -> @c_display.inf,%ClassDesc%;Display adapters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e969-e325-11ce-bfc1-08002be10318}] : (FDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3013 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96a-e325-11ce-bfc1-08002be10318}] : (HDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96b-e325-11ce-bfc1-08002be10318}] : (Keyboard) [] -> @%SystemRoot%\System32\SysClass.Dll,-3002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96c-e325-11ce-bfc1-08002be10318}] : (MEDIA) [] -> @%SystemRoot%\System32\mmci.dll,-3000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}] : (Modem) [] -> @%SystemRoot%\System32\mdminst.dll,-14100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96e-e325-11ce-bfc1-08002be10318}] : (Monitor) [] -> @c_monitor.inf,%ClassDesc%;Monitors [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96f-e325-11ce-bfc1-08002be10318}] : (Mouse) [] -> @%SystemRoot%\System32\SysClass.Dll,-3004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e970-e325-11ce-bfc1-08002be10318}] : (MTD) [] -> @%SystemRoot%\System32\SysClass.Dll,-3021 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e971-e325-11ce-bfc1-08002be10318}] : (MultiFunction) [] -> @%SystemRoot%\System32\SysClass.Dll,-3014 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}] : (Net) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1502 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e973-e325-11ce-bfc1-08002be10318}] : (NetClient) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1504 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e974-e325-11ce-bfc1-08002be10318}] : (NetService) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1505 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e975-e325-11ce-bfc1-08002be10318}] : (NetTrans) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1503 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e977-e325-11ce-bfc1-08002be10318}] : (PCMCIA) [] -> @%SystemRoot%\System32\SysClass.Dll,-3010 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e978-e325-11ce-bfc1-08002be10318}] : (Ports) [] -> @%SystemRoot%\System32\msports.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e979-e325-11ce-bfc1-08002be10318}] : (Printer) [] -> @%SystemRoot%\system32\ntprint.dll,-1004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97b-e325-11ce-bfc1-08002be10318}] : (SCSIAdapter) [] -> @%SystemRoot%\System32\SysClass.Dll,-3005 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97d-e325-11ce-bfc1-08002be10318}] : (System) [] -> @%SystemRoot%\System32\SysClass.Dll,-3008 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97e-e325-11ce-bfc1-08002be10318}] : (Unknown) [] -> @%SystemRoot%\System32\SysClass.Dll,-3009 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e980-e325-11ce-bfc1-08002be10318}] : (FloppyDisk) [] -> @%SystemRoot%\System32\SysClass.Dll,-3015 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4fc9541c-0fe6-4480-a4f6-9495a0d17cd2}] : (HidLineDisplay) [] -> @c_linedisplay.inf,%ClassName%;POS Line Display [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50127dc3-0f36-415e-a6cc-4cb3be910b65}] : (Processor) [] -> @c_processor.inf,%ClassDesc%;Processors [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50906cb8-ba12-11d1-bf5d-0000f805f530}] : (MultiPortSerial) [] -> @%SystemRoot%\system32\sysclass.dll,-3022 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5099944a-f6b9-4057-a056-8c550228544c}] : (Memory) [] -> @%SystemRoot%\System32\SysClass.Dll,-3018 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50dd5230-ba8a-11d1-bf5d-0000f805f530}] : (SmartCardReader) [] -> @%SystemRoot%\System32\StorProp.dll,-17002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5175d334-c371-4806-b3ba-71fd53c9258d}] : (Sensor) [] -> @%SystemRoot%\system32\SensorsCpl.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{533c5b84-ec70-11d2-9505-00c04f79deaf}] : (VolumeSnapshot) [] -> @%SystemRoot%\System32\SysClass.Dll,-3011 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53487c23-680f-4585-acc3-1f10d6777e82}] : (SmrDisk) [] -> @c_smrdisk.inf,%ClassDesc%;Shingled magnetic recording disks [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53966cb1-4d46-4166-bf23-c522403cd495}] : (ScmDisk) [] -> @c_scmdisk.inf,%ClassDesc%;Persistent memory disks [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53b3cf03-8f5a-4788-91b6-d19ed9fcccbf}] : (SmrVolume) [] -> @c_smrvolume.inf,%ClassDesc%;Shingled magnetic recording volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53ccb149-e543-4c84-b6e0-bce4f6b7e806}] : (ScmVolume) [] -> @c_scmvolume.inf,%ClassDesc%;Storage Class Memory volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53d29ef7-377c-4d14-864b-eb3a85769359}] : (Biometric) [] -> @%SystemRoot%\System32\SysClass.DLL,-3028 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5630831c-06c9-4856-b327-f5d32586e060}] : (Proximity) [] -> @c_proximity.inf,%ClassDesc%;Proximity devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5989fce8-9cd0-467d-8a6a-5419e31529d4}] : (AudioProcessingObject) [] -> @c_apo.inf,%ClassDesc%;Audio Processing Objects (APOs) [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5aea001d-9372-4ed7-97f3-b79bf15a53c5}] : (OposLegacyDevice) [] -> @oposdrv.inf,%ClassName%;OPOS Legacy Device [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5c4c3332-344d-483c-8739-259e934c9cc8}] : (SoftwareComponent) [] -> @c_swcomponent.inf,%ClassDesc%;Software components [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5d1b9aaa-01e2-46af-849f-272b3f324c46}] : (FSFilterSystem) [] -> @c_fssystem.inf,%ClassDesc%;FS System filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{62f9c741-b25a-46ce-b54c-9bccce08b6f2}] : (SoftwareDevice) [] -> @c_swdevice.inf,%ClassDesc%;Software devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{645ad99b-1344-4316-837a-08a3e73db222}] : (PerceptionSimulation) [] -> @PerceptionSimulationSixDof.inf,%ClassName%;Perception Simulation Controllers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6a0a8e78-bba6-4fc4-a709-1e33cd09d67e}] : (PhysicalQuotaManagement) [] -> @c_fsphysicalquotamgmt.inf,%ClassDesc%;FS Physical quota management filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc1-810f-11d0-bec7-08002be2092f}] : (1394) [] -> @%SystemRoot%\System32\SysClass.Dll,-3016 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc5-810f-11d0-bec7-08002be2092f}] : (Infrared) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1501 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc6-810f-11d0-bec7-08002be2092f}] : (Image) [] -> @%SystemRoot%\system32\sti_ci.dll,-52 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6d807884-7d21-11cf-801c-08002be10318}] : (TapeDrive) [] -> @%SystemRoot%\System32\SysClass.Dll,-3006 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6FAE73B7-B735-4B50-A0DA-0DC2484B1F1A}] : (BasicDisplay) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{71a27cdd-812a-11d0-bec7-08002be2092f}] : (Volume) [] -> @c_volume.inf,%ClassDesc%;Storage volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{71aa14f8-6fad-4622-ad77-92bb9d7e6947}] : (ContinuousBackup) [] -> @c_fscontinuousbackup.inf,%ClassDesc%;FS Continuous backup filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{72631e54-78a4-11d0-bcf7-00aa00b7b32a}] : (Battery) [] -> @%SystemRoot%\system32\powrprof.dll,-611 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{745a17a0-74d3-11d0-b6fe-00a0c90f57da}] : (HIDClass) [] -> @%SystemRoot%\System32\hid.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{772e18f2-8925-4229-a5ac-6453cb482fda}] : (HidCashDrawer) [] -> @c_cashdrawer.inf,%ClassName%;POS Cash Drawer [HKLM\SYSTEM\CurrentControlSet\Control\Class\{7ebefbc0-3200-11d2-b4c2-00a0c9697d07}] : (61883) [] -> @%SystemRoot%\System32\SysClass.Dll,-3019 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{81C87465-DE07-4EFC-9D93-61E891D52FD2}] : (RdpVideoMiniport) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8503c911-a6c7-4919-8f79-5028f5866b0c}] : (QuotaManagement) [] -> @c_fsquotamgmt.inf,%ClassDesc%;FS Quota management filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{87ef9ad1-8f70-49ee-b215-ab1fcadcbe3c}] : (NetDriver) [] -> @c_netdriver.inf,%ClassDesc%;Universal Network Drivers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{88a1c342-4539-11d3-b88d-00c04fad5171}] : (TS_Generic) [] -> @ts_generic.inf,%TSClassName%;Generic Remote Desktop devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{88bae032-5a81-49f0-bc3d-a4ff138216d6}] : (USBDevice) [] -> @%SystemRoot%\System32\SysClass.Dll,-3029 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{89786ff1-9c12-402f-9c9e-17753c7f4375}] : (CopyProtection) [] -> @c_fscopyprotection.inf,%ClassDesc%;FS Copy protection filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8ecc055d-047f-11d1-a537-0000f8753ed1}] : (LegacyDriver) [] -> @%SystemRoot%\System32\SysClass.Dll,-3003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{990a2bd7-e738-46c7-b26f-1cf8fb9f1391}] : (SmartCard) [] -> @%SystemRoot%\System32\SysClass.DLL,-3031 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{9da2b80f-f89f-4a49-a5c2-511b085b9e8a}] : (EhStorSilo) [] -> @rawsilo.inf,%ClassName%;IEEE 1667 silo and control devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a588a4-c46f-4b37-b7ea-c82fe89870c6}] : (SDHost) [] -> @%SystemRoot%\System32\SysClass.Dll,-3012 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a701c0-a511-42ff-aa6c-06dc0395576f}] : (Encryption) [] -> @c_fsencryption.inf,%ClassDesc%;FS Encryption filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{A3E32DBA-BA89-4F17-8386-2D0127FBD4CC}] : (rdpbus) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{A73C93F1-9727-4D1D-ACE1-0E333BA4E7DB}] : (nvlddmkm) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b1d1a169-c54f-4379-81db-bee7d88d7454}] : (AntiVirus) [] -> @c_fsantivirus.inf,%ClassDesc%;FS Anti-virus filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b2728d24-ac56-42db-9e02-8edaf5db652f}] : (RDCamera) [] -> @rdcameradriver.inf,%ClassName%;Remote Desktop Camera devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b86dff51-a31e-4bac-b3cf-e8cfe75c9fc2}] : (ActivityMonitor) [] -> @c_fsactivitymonitor.inf,%ClassDesc%;FS Activity monitor filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{bbbe8734-08fa-4966-b6a6-4e5ad010cdd7}] : (USBFunctionController) [] -> @%SystemRoot%\System32\SysClass.Dll,-3030 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c06ff265-ae09-48f0-812c-16753d7cba83}] : (AVC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3027 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c166523c-fe0c-4a94-a586-f1a80cfbbf3e}] : (AudioEndpoint) [] -> @audioendpoint.inf,%ClassName%;Audio inputs and outputs [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c243ffbd-3afc-45e9-b3d3-2ba18bc7ebc5}] : (BarcodeScanner) [] -> @c_barcodescanner.inf,%ClassName%;POS Barcode Scanner [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c30ecea0-11ef-4ef9-b02e-6af81e6e65c0}] : (WSDPrintDevice) [] -> @wsdprint.inf,%ClassName%;WSD Print Provider [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c7bc9b22-21f0-4f0d-9bb6-66c229b8cd33}] : (POSPrinter) [] -> @c_receiptprinter.inf,%ClassName%;POS Receipt Printer [HKLM\SYSTEM\CurrentControlSet\Control\Class\{ca3e7ab9-b4c3-4ae6-8251-579ef933890f}] : (Camera) [] -> @c_camera.inf,%ClassDesc%;Cameras [HKLM\SYSTEM\CurrentControlSet\Control\Class\{cdcf0939-b75b-4630-bf76-80f7ba655884}] : (CFSMetadataServer) [] -> @c_fscfsmetadataserver.inf,%ClassDesc%;FS CFS metadata server filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{ce5939ae-ebde-11d0-b181-0000f8753ec4}] : (MediumChanger) [] -> @%SystemRoot%\System32\StorProp.dll,-17003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d02bc3da-0c8e-4945-9bd5-f1883c226c8c}] : (SecurityEnhancer) [] -> @c_fssecurityenhancer.inf,%ClassDesc%;FS Security enhancer filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d41dd63a-1395-4419-ae14-a534f5f2ad29}] : (DriverInterface) [] -> DriverInterface [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d421b08e-6d16-41ca-9c4d-9147e5ac98e0}] : (Miracast) [] -> @miradisp.inf,%ClassName%;Miracast display devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d48179be-ec20-11d1-b6b8-00c04fa372a7}] : (SBP2) [] -> @%SystemRoot%\System32\SysClass.Dll,-3017 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d546500a-2aeb-45f6-9482-f4b1799c3177}] : (HSM) [] -> @c_fshsm.inf,%ClassDesc%;FS HSM filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d612553d-06b1-49ca-8938-e39ef80eb16f}] : (Holographic) [] -> @c_holographic.inf,%ClassName%;Mixed Reality devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d61ca365-5af4-4486-998b-9db4734c6ca3}] : (XnaComposite) [] -> @xusb22.inf,%XUSB22.ClassName%;Xbox 360 Peripherals [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d94ee5d8-d189-4994-83d2-f68d7d41b0e6}] : (SecurityDevices) [] -> @%SystemRoot%\System32\SysClass.Dll,-3020 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{DA89094D-4B35-4D92-ABF3-9808A44B6E59}] : (LHidFilt) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{db4f6ddd-9c0e-45e4-9597-78dbbad0f412}] : (SmartCardFilter) [] -> @%SystemRoot%\System32\SysClass.DLL,-3032 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e0cbf06c-cd8b-4647-bb8a-263b43f0f974}] : (Bluetooth) [] -> @%SystemRoot%\system32\bthci.dll,-4001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e2f84ce7-8efa-411c-aa69-97454ca4cb57}] : (Extension) [] -> @c_extension.inf,%ClassDesc%;Extensions [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e55fa6f9-128c-4d04-abab-630c74b1453a}] : (Infrastructure) [] -> @c_fsinfrastructure.inf,%ClassDesc%;FS Infrastructure filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e6f1aa1c-7f3b-4473-b2e8-c97d8ac71d53}] : (UCM) [] -> @c_ucm.inf,%ClassDesc%;USB Connector Managers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{eec5ad98-8080-425f-922a-dabf3de3f69a}] : (WPD) [] -> @%SystemRoot%\System32\wpd_ci.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f2e7dd72-6468-4e36-b6f1-6488f42c1b52}] : (Firmware) [] -> @c_firmware.inf,%ClassDesc%;Firmware [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f3586baf-b5aa-49b5-8d6c-0569284c639f}] : (Compression) [] -> @c_fscompression.inf,%ClassDesc%;FS Compression filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f75a86c0-10d8-4c3a-b233-ed60e4cdfaac}] : (Virtualization) [] -> @c_fsvirtualization.inf,%ClassDesc%;FS Virtualization filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f8ecafa6-66d1-41a5-899b-66585d7216b7}] : (OpenFileBackup) [] -> @c_fsopenfilebackup.inf,%ClassDesc%;FS Open file backup filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{fe8f1572-c67a-48c0-bbac-0b5c6d66cafb}] : (Undelete) [] -> @c_fsundelete.inf,%ClassDesc%;FS Undelete filters [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5] -> elstrans.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) ---------- | Loaded modules (whitelist) [22/05/2018 12:05:55] - (6.10.0.8) - (Creative Technology Ltd. - Creative Audio Driver) - C:\WINDOWS\system32\drivers\MBfilt64.sys [30/10/2014 08:59:42] - (1.0.0.0) - (Samsung Electronics - Port Contention Driver) - C:\WINDOWS\system32\Drivers\SSPORT.sys [03/09/2018 22:49:14] - (1.0.4.6) - (CPUID - CPUID Driver) - C:\WINDOWS\temp\cpuz146\cpuz146_x64.sys ---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service S0 - [Kernel Driver] - 3ware () -> System32\drivers\3ware.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - ACPI (@acpi.inf,%ACPI.SvcDesc%;Microsoft ACPI Driver) -> System32\drivers\ACPI.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - acpiex (Microsoft ACPIEx Driver) -> System32\Drivers\acpiex.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - ADP80XX () -> System32\drivers\ADP80XX.SYS - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - amdpsp (@oem10.inf,%amdpsp.SVCDESC%;AMD PSP Service) -> System32\drivers\amdpsp.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - amdsata () -> System32\drivers\amdsata.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdsbs () -> System32\drivers\amdsbs.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdxata () -> System32\drivers\amdxata.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - arcsas (@arcsas.inf,%arcsas_ServiceName%;Adaptec SAS/SATA-II RAID Storport's Miniport Driver) -> System32\drivers\arcsas.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - atapi (@mshdc.inf,%idechannel.DeviceDesc%;IDE Channel) -> System32\drivers\atapi.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - b06bdrv (@netbvbda.inf,%vbd_srv_desc%;QLogic Network Adapter VBD) -> System32\drivers\bxvbda.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - bttflt (@virtdisk.inf,%service_desc%;Microsoft Hyper-V VHDPMEM BTT Filter) -> System32\drivers\bttflt.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - cht4iscsi () -> System32\drivers\cht4sx64.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - CLFS (@%SystemRoot%\system32\drivers\clfs.sys,-100) -> System32\drivers\CLFS.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - CNG () -> System32\Drivers\cng.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - Disk (@disk.inf,%disk_ServiceDesc%;Disk Driver) -> System32\drivers\disk.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - ebdrv (@netevbda.inf,%vbd_srv_desc%;QLogic 10 Gigabit Ethernet Adapter VBD) -> System32\drivers\evbda.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - EhStorClass (@%SystemRoot%\system32\drivers\EhStorClass.sys,-100) -> System32\drivers\EhStorClass.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - EhStorTcgDrv (@ehstortcgdrv.inf,%EhStorTcgDrv.Desc%;Microsoft driver for storage devices supporting IEEE 1667 and TCG protocols) -> System32\drivers\EhStorTcgDrv.sys - AcceptPause: False - AcceptStop: False R0 - [File System Driver] - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) -> System32\drivers\fileinfo.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) -> system32\drivers\fltmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) -> System32\DRIVERS\fvevol.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - HpSAMD () -> System32\drivers\HpSAMD.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) -> System32\drivers\hwpolicy.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - iaStorAVC (@iastorav.inf,%iaStorAVC.DeviceDesc%;Intel Chipset SATA RAID Controller) -> System32\drivers\iaStorAVC.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - iaStorV (@iastorv.inf,%*PNP0600.DeviceDesc%;Intel RAID Controller Windows 7) -> System32\drivers\iaStorV.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - intelide () -> System32\drivers\intelide.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - intelpep (@intelpep.inf,%INTELPEP.SVCDESC%;Intel(R) Power Engine Plug-in Driver) -> System32\drivers\intelpep.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - iorate (@%SystemRoot%\system32\drivers\iorate.sys,-101) -> system32\drivers\iorate.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - isapnp () -> System32\drivers\isapnp.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - ItSas35i () -> System32\drivers\ItSas35i.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - KSecDD () -> System32\Drivers\ksecdd.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - KSecPkg () -> System32\Drivers\ksecpkg.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - LSI_SAS () -> System32\drivers\lsi_sas.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SAS2i () -> System32\drivers\lsi_sas2i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SAS3i () -> System32\drivers\lsi_sas3i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SSS () -> System32\drivers\lsi_sss.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasas () -> System32\drivers\megasas.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasas2i () -> System32\drivers\MegaSas2i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasas35i () -> System32\drivers\megasas35i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasr () -> System32\drivers\megasr.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) -> System32\drivers\mountmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - msisadrv () -> System32\drivers\msisadrv.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - MsSecFlt (@%SystemRoot%\System32\Drivers\mssecflt.sys,-1001) -> system32\drivers\mssecflt.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - Mup (@%systemroot%\system32\drivers\mup.sys,-101) -> System32\Drivers\mup.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - mvumis () -> System32\drivers\mvumis.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) -> system32\drivers\ndis.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - nvraid () -> System32\drivers\nvraid.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - nvstor () -> System32\drivers\nvstor.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) -> System32\drivers\partmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - pci (@pci.inf,%pci_svcdesc%;PCI Bus Driver) -> System32\drivers\pci.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - pciide () -> System32\drivers\pciide.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - pcmcia () -> System32\drivers\pcmcia.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - pcw (Performance Counters for Windows Driver) -> System32\drivers\pcw.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - pdc (@%SystemRoot%\system32\drivers\pdc.sys,-100) -> system32\drivers\pdc.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - percsas2i () -> System32\drivers\percsas2i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - percsas3i () -> System32\drivers\percsas3i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - Ramdisk (Windows RAM Disk Driver) -> system32\DRIVERS\ramdisk.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - rdyboost (ReadyBoost) -> System32\drivers\rdyboost.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - sbp2port (@sbp2.inf,%sbp2_ServiceDesc%;SBP-2 Transport/Protocol Bus Driver) -> System32\drivers\sbp2port.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - scmbus (@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver) -> System32\drivers\scmbus.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - SgrmAgent (@%SystemRoot%\System32\Drivers\SgrmAgent.sys,-1001) -> system32\drivers\SgrmAgent.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - SiSRaid2 () -> System32\drivers\SiSRaid2.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - SiSRaid4 () -> System32\drivers\sisraid4.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - spaceport (@spaceport.inf,%Spaceport_ServiceDesc%;Storage Spaces Driver) -> System32\drivers\spaceport.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - stexstor () -> System32\drivers\stexstor.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - storahci (@mshdc.inf,%storahci_ServiceDescription%;Microsoft Standard SATA AHCI Driver) -> System32\drivers\storahci.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - storflt (@wstorflt.inf,%service_desc%;Microsoft Hyper-V Storage Accelerator) -> System32\drivers\vmstorfl.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - stornvme (@stornvme.inf,%StorNVMe_ServiceDesc%;Microsoft Standard NVM Express Driver) -> System32\drivers\stornvme.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - storufs (@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver) -> System32\drivers\storufs.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storvsc () -> System32\drivers\storvsc.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - Tcpip (@%SystemRoot%\system32\drivers\tcpip.sys,-10001) -> System32\drivers\tcpip.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - vdrvroot (@vdrvroot.inf,%vdrvroot_svcdesc%;Microsoft Virtual Drive Enumerator) -> System32\drivers\vdrvroot.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - vmbus (@wvmbus.inf,%vmbus.SVCDESC%;Virtual Machine Bus) -> System32\drivers\vmbus.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - volmgr (@volmgr.inf,%volmgr_svcdesc%;Volume Manager Driver) -> System32\drivers\volmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) -> System32\drivers\volmgrx.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volsnap (@%SystemRoot%\system32\drivers\volsnap.sys,-100) -> System32\drivers\volsnap.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volume (@volume.inf,%VolumeServiceDesc%;Volume driver) -> System32\drivers\volume.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - vsmraid () -> System32\drivers\vsmraid.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - VSTXRAID (@vstxraid.inf,%Driver.DeviceDesc%;VIA StorX Storage RAID Controller Windows Driver) -> System32\drivers\vstxraid.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - WdBoot (@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-390) -> system32\drivers\wd\WdBoot.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) -> system32\drivers\Wdf01000.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - WdFilter (@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-330) -> system32\drivers\wd\WdFilter.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WFPLWFS (@%SystemRoot%\System32\drivers\wfplwfs.sys,-6000) -> System32\drivers\wfplwfs.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WindowsTrustedRT (Windows Trusted Execution Environment Class Extension) -> system32\drivers\WindowsTrustedRT.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WindowsTrustedRTProxy (@WindowsTrustedRTProxy.inf,%WindowsTrustedRTProxy.SVCDESC%;Microsoft Windows Trusted Runtime Secure Service) -> System32\drivers\WindowsTrustedRTProxy.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - Wof (Windows Overlay File System Filter Driver) -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) -> \SystemRoot\system32\drivers\afd.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - afunix (afunix) -> \SystemRoot\system32\drivers\afunix.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - ahcache (@%systemroot%\system32\drivers\ahcache.sys,-102) -> system32\DRIVERS\ahcache.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - bam (@%SystemRoot%\system32\drivers\bam.sys,-100) -> system32\drivers\bam.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - BasicDisplay () -> \SystemRoot\System32\drivers\BasicDisplay.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - BasicRender () -> \SystemRoot\System32\drivers\BasicRender.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Beep (Beep) -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - cdrom (@cdrom.inf,%cdrom_ServiceDesc%;CD-ROM Driver) -> \SystemRoot\System32\drivers\cdrom.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - CSC (@%systemroot%\system32\cscsvc.dll,-202) -> system32\drivers\csc.sys - AcceptPause: False - AcceptStop: True S1 - [Kernel Driver] - dam (@%SystemRoot%\system32\drivers\dam.sys,-100) -> system32\drivers\dam.sys - AcceptPause: False - AcceptStop: False R1 - [File System Driver] - Dfsc (@%systemroot%\system32\wkssvc.dll,-1008) -> System32\Drivers\dfsc.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - DXGKrnl (LDDM Graphics Subsystem) -> \SystemRoot\System32\drivers\dxgkrnl.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - FileCrypt (@%systemroot%\system32\drivers\filecrypt.sys,-100) -> system32\drivers\filecrypt.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - GpuEnergyDrv (@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100) -> System32\drivers\gpuenergydrv.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - Msfs () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - mssmbios (@mssmbios.inf,%mssmbios_svcdesc%;Microsoft System Management BIOS Driver) -> \SystemRoot\System32\drivers\mssmbios.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - NetBIOS (@%windir%\system32\drivers\netbios.sys,-503) -> system32\drivers\netbios.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - NetBT (@%SystemRoot%\system32\drivers\netbt.sys,-2) -> System32\DRIVERS\netbt.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - Npfs () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - npsvctrig (@npsvctrig.inf,%NPSVCTRIG.SvcDisplayName%;Named pipe service trigger provider) -> \SystemRoot\System32\drivers\npsvctrig.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) -> system32\drivers\nsiproxy.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Null () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Psched (@%windir%\System32\drivers\pacer.sys,-101) -> System32\drivers\pacer.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) -> system32\DRIVERS\rdbss.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) -> \SystemRoot\system32\DRIVERS\tdx.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - vwififlt (@%SystemRoot%\System32\drivers\vwififlt.sys,-259) -> System32\drivers\vwififlt.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - ESProtectionDriver (Malwarebytes Anti-Exploit) -> \??\C:\WINDOWS\system32\drivers\mbae64.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - CldFlt (Windows Cloud Files Filter Driver) -> system32\drivers\cldflt.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - lltdio (@%SystemRoot%\system32\lltdres.dll,-6) -> system32\drivers\lltdio.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) -> \SystemRoot\system32\drivers\luafv.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - MMCSS (@%systemroot%\system32\drivers\mmcss.sys,-100) -> \SystemRoot\system32\drivers\mmcss.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - mrxsmb10 (@%systemroot%\system32\wkssvc.dll,-1004) -> system32\DRIVERS\mrxsmb10.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - MsLldp (@%SystemRoot%\system32\drivers\mslldp.sys,-200) -> system32\drivers\mslldp.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - Ndu (@%SystemRoot%\system32\drivers\Ndu.sys,-10001) -> system32\drivers\Ndu.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - PEAUTH (PEAUTH) -> system32\drivers\peauth.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - rspndr (@%SystemRoot%\system32\lltdres.dll,-5) -> system32\drivers\rspndr.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - srv (@%systemroot%\system32\srvsvc.dll,-102) -> System32\DRIVERS\srv.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - SSPORT (SSPORT) -> \??\C:\WINDOWS\system32\Drivers\SSPORT.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - storqosflt (@%SystemRoot%\System32\drivers\storqosflt.sys,-101) -> system32\drivers\storqosflt.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - tcpipreg (TCP/IP Registry Compatibility) -> System32\drivers\tcpipreg.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - wanarp (@%systemroot%\system32\mprmsg.dll,-32011) -> System32\DRIVERS\wanarp.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - wcifs (@%systemroot%\system32\drivers\wcifs.sys,-100) -> \SystemRoot\system32\drivers\wcifs.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - MBAMChameleon (MBAMChameleon) -> \SystemRoot\System32\Drivers\MbamChameleon.sys - AcceptPause: False - AcceptStop: True ---------- | System files (Microsoft|Avast|Atheros|Adaptec|Brother|Intel Files whitelisted) ---------- | Uninstall (Whitelist) [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SageThumbs] : (SageThumbs 2.0.0.23.-.Cherubic Software) -> C:\Program Files (x86)\SageThumbs\Uninst.exe [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{031A0E14-0413-4C97-9772-2639B782F46F}] : (Common Desktop Agent.-.OEM) -> MsiExec.exe /X{031A0E14-0413-4C97-9772-2639B782F46F} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{2086A549-ED96-4dc9-BBE3-0538AB29ABEC}] : (PSP Thumbnail Handler.-.Bot Productions) -> C:\Program Files\PSP Thumbnail Handler\Setup.exe /uninstall ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{5D5788DA-BC9C-C201-5622-7593C9EC3F37}] : (AMD Radeon Settings.-.##COMPANY_NAME##) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{7314174C-890C-436C-BD2D-61F284755FD0}] : (AMD Settings - Branding.-.Advanced Micro Devices, Inc.) -> MsiExec.exe /I{7314174C-890C-436C-BD2D-61F284755FD0} ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{842A3E2E-15B2-4D49-A50F-05964CA93374}] : (IPM_PSP_COM64.-.Corel Corporation) -> MsiExec.exe /I{842A3E2E-15B2-4D49-A50F-05964CA93374} ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{88CFC59F-1491-4359-819F-87DFAFF9CCF4}] : (PSPPro64.-.Corel Corporation) -> MsiExec.exe /I{88CFC59F-1491-4359-819F-87DFAFF9CCF4} ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel] : (NVIDIA Ansel.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel] : (Panneau de configuration NVIDIA 391.35.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer] : (NVIDIA Install Application.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainer] : (NVIDIA Display Container.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainerLS] : (NVIDIA Display Container LS.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayPluginWatchdog] : (NVIDIA Display Watchdog Plugin.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplaySessionContainer] : (NVIDIA Display Session Container.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{DF447219-F785-566D-3469-4CE3B7BD28C8}] : (AMD Problem Report Wizard.-.##COMPANY_NAME##) -> MsiExec.exe /X{DF447219-F785-566D-3469-4CE3B7BD28C8} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{F914BC59-918A-498F-B2E3-B274C9CB48A8}] : (Google Earth Pro.-.Google) -> MsiExec.exe /I{F914BC59-918A-498F-B2E3-B274C9CB48A8} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Color Efex Pro 3.0 Complete] : (Color Efex Pro 3.0 Complete.-.Nik Software, Inc.) -> C:\Program Files (x86)\Nik Software\Plug-Ins\Nik Software\Color Efex Pro 3.0 Complete\uninstall.exe ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\EyeCandy5Impact] : (Alien Skin Eye Candy 5 Impact.-.) -> C:\ALIENS~1\EYECAN~1\Unwise32.exe C:\ALIENS~1\EYECAN~1\INSTALL.LOG [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\EyeCandy5Nature] : (Alien Skin Eye Candy 5 Nature.-.) -> C:\ALIENS~1\EYECAN~2\Unwise32.exe C:\ALIENS~1\EYECAN~2\INSTALL.LOG [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\FM Patcher_is1] : (FM Patcher 1.01.-.AFH Systems & The Plugin Site) -> "C:\Program Files (x86)\FMPatcher\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield Uninstall Information] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Script Edit] : (Script Edit.-.) -> c:\program files\Script Edit\Uninstal.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Snap Art] : (Alien Skin Snap Art.-.) -> C:\plugin\ALIENS~1\SNAPAR~1\Unwise32.exe C:\plugin\ALIENS~1\SNAPAR~1\INSTALL.LOG [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Ulead Particle.Plugin 1.0] : (Ulead Particle.Plugin 1.0.-.) -> C:\WINDOWS\IsUninst.exe -f"C:\Program Files (x86)\Ulead Particle.Plugin\Pp10f.isu" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Xenofex2] : (Alien Skin Xenofex 2.0.-.) -> C:\XENOFE~1\UNWISE.EXE C:\XENOFE~1\INSTALL.LOG [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{095074AE-E4BD-41EC-AE78-21969805AB7C}_is1] : (Zedeo version 1.3.0.-.ZedSoft) -> "C:\Program Files (x86)\Zedeo\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{155C4F2E-7381-4B80-B258-FD0600C9C46B}] : (OpenOffice 4.1.5.-.Apache Software Foundation) -> MsiExec.exe /I{155C4F2E-7381-4B80-B258-FD0600C9C46B} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{43E7B753-7E2F-B151-091C-79043C1DBB94}] : (AMD User Experience Program Installer.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}] : (Google Update Helper.-.Google Inc.) -> MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{6A71FF08-821F-0268-73D6-19EB22764625}] : (AMD Settings.-.Advanced Micro Devices, Inc.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{7C4196CA-CA41-4F34-9C08-7724E7705D52}] : (Jasc Animation Shop 3.-.Nom de votre société) -> MsiExec.exe /I{7C4196CA-CA41-4F34-9C08-7724E7705D52} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{7F5DCD33-1039-C3B2-9538-B645B65BBA63}] : (OEM Application Profile.-.Nom de votre société) -> MsiExec.exe /X{7F5DCD33-1039-C3B2-9538-B645B65BBA63} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{80A28CA4-189A-4EB2-9F76-7845A0A83D2A}] : (IPM_PSP_COM.-.Corel Corporation) -> MsiExec.exe /I{80A28CA4-189A-4EB2-9F76-7845A0A83D2A} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{8239357B-E792-4EEB-9F8B-F2535730A315}] : (Corel PaintShop Pro X8.-.Corel Corporation) -> MsiExec.exe /I{8239357B-E792-4EEB-9F8B-F2535730A315} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{85C69B9B-F9BD-4A60-BD83-F2B7E081ED39}] : (ICA.-.Corel Corporation) -> MsiExec.exe /I{85C69B9B-F9BD-4A60-BD83-F2B7E081ED39} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{88340123-2A5C-48D4-98C1-58C18D12F09C}] : (PSPPHelp.-.Corel Corporation) -> MsiExec.exe /I{88340123-2A5C-48D4-98C1-58C18D12F09C} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{89E018D8-558F-4051-BB26-64DD9B90DF68}] : (PSPPContent.-.Corel Corporation) -> MsiExec.exe /I{89E018D8-558F-4051-BB26-64DD9B90DF68} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{8BFA76B5-47DD-4C88-9C9B-7407019F0E13}] : (Setup.-.Nom de votre société) -> MsiExec.exe /I{8BFA76B5-47DD-4C88-9C9B-7407019F0E13} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-0804-1033-1959-001824272646}] : (Adobe Refresh Manager.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-0804-1033-1959-001824272646} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}] : (Adobe Acrobat Reader DC - Français.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-AC0F074E4100} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{B6B5F07C-88D5-49D3-A1A7-A6D4BC37DCCC}] : (SNS Upload for Easy Document Creator.-.Samsung Electronics Co.,Ltd) -> MsiExec.exe /I{B6B5F07C-88D5-49D3-A1A7-A6D4BC37DCCC} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{D97F4B31-5A7D-4A07-AC85-16D64FAB93E1}] : (Corsair LINK 4.-.Corsair Components, Inc.) -> MsiExec.exe /X{D97F4B31-5A7D-4A07-AC85-16D64FAB93E1} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{EFD0705E-598B-46D4-8D5B-4539431764B8}] : (Balanced.-.Nom de votre société) -> MsiExec.exe /X{EFD0705E-598B-46D4-8D5B-4539431764B8} ---------- | Ports ---------- | Installer [HKCR\Installer\Products\13B4F79DD7A570A4CA58616DF4BA391E] : Corsair LINK 4 [HKCR\Installer\Products\32104388C5A24D84891C851CD8210FC9] : PSPPHelp -> C:\Windows\Installer\{88340123-2A5C-48D4-98C1-58C18D12F09C}\ARPPRODUCTICON.exe [HKCR\Installer\Products\357B7E34F2E7151B90C19740C3D1BB49] : AMD User Experience Program Installer -> C:\WINDOWS\Installer\{43E7B753-7E2F-B151-091C-79043C1DBB94}\ARPPRODUCTICON.exe [HKCR\Installer\Products\4AC82A08A9812BE4F96787540A8AD3A2] : IPM_PSP_COM -> C:\Windows\Installer\{80A28CA4-189A-4EB2-9F76-7845A0A83D2A}\ARPPRODUCTICON.exe [HKCR\Installer\Products\52744B0D6663D294EB6F85A741DBB99D] : MSVCRT_amd64 [HKCR\Installer\Products\5B67AFB8DD7488C4C9B9477010F9E031] : Setup -> C:\Windows\Installer\{8BFA76B5-47DD-4C88-9C9B-7407019F0E13}\ARPPRODUCTICON.exe [HKCR\Installer\Products\68AB67CA408033019195008142726264] : Adobe Refresh Manager -> C:\WINDOWS\Installer\{AC76BA86-0804-1033-1959-001824272646}\ARPPRODUCTICON.exe [HKCR\Installer\Products\68AB67CA7DA76301B744CAF070E41400] : Adobe Acrobat Reader DC - Français -> C:\Windows\Installer\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}\SC_Reader.ico [HKCR\Installer\Products\7BD4C90EC03660F46A13E87A329932FA] : D3DX10 [HKCR\Installer\Products\807E9EB00CD53694C9DFA05A9190E097] : Junk Mail filter update [HKCR\Installer\Products\80FF17A6F1288620376D91BE22676452] : AMD Settings -> C:\WINDOWS\Installer\{6A71FF08-821F-0268-73D6-19EB22764625}\ARPPRODUCTICON.exe [HKCR\Installer\Products\8CDD41E806AE81E43B3E917301D4B5AD] : MSVCRT110 [HKCR\Installer\Products\8D810E98F8551504BB6246DDB909FD86] : PSPPContent -> C:\Windows\Installer\{89E018D8-558F-4051-BB26-64DD9B90DF68}\ARPPRODUCTICON.exe [HKCR\Installer\Products\912744FD587FD6654396C43E7BDB828C] : AMD Problem Report Wizard -> C:\WINDOWS\Installer\{DF447219-F785-566D-3469-4CE3B7BD28C8}\ARPPRODUCTICON.exe [HKCR\Installer\Products\95CB419FA819F8942B3E2B479CBC848A] : Google Earth Pro -> C:\WINDOWS\Installer\{F914BC59-918A-498F-B2E3-B274C9CB48A8}\MainIcon.ico [HKCR\Installer\Products\A089CE062ADB6BC44A720BA745894BAC] : Google Update Helper [HKCR\Installer\Products\A6C64DD86500CEF47BA082BB611A1FF1] : MSVCRT [HKCR\Installer\Products\AC6914C714AC43F4C98077427E07D525] : Jasc Animation Shop 3 -> C:\WINDOWS\Installer\{7C4196CA-CA41-4F34-9C08-7724E7705D52}\ARPPRODUCTICON.exe [HKCR\Installer\Products\AD8875D5C9CB102C652257399CCEF373] : AMD Radeon Settings -> C:\WINDOWS\Installer\{5D5788DA-BC9C-C201-5622-7593C9EC3F37}\ARPPRODUCTICON.exe [HKCR\Installer\Products\B7539328297EBEE4F9B82F3575033A51] : Corel PaintShop Pro X8 -> C:\Windows\Installer\{8239357B-E792-4EEB-9F8B-F2535730A315}\ARPPRODUCTICON.exe [HKCR\Installer\Products\B9B96C58DB9F06A4DB382F7B0E18DE93] : ICA -> C:\Windows\Installer\{85C69B9B-F9BD-4A60-BD83-F2B7E081ED39}\ARPPRODUCTICON.exe [HKCR\Installer\Products\B9FB157332F56794AA26B14F7D19CDEF] : Photo Common [HKCR\Installer\Products\C4714137C098C634DBD2162F4857F50D] : AMD Settings - Branding -> C:\WINDOWS\Installer\{7314174C-890C-436C-BD2D-61F284755FD0}\ARPPRODUCTICON.exe [HKCR\Installer\Products\C70F5B6B5D883D941A7A6A4DCB73CDCC] : SNS Upload for Easy Document Creator [HKCR\Installer\Products\E2E3A2482B5194D45AF05069C49A3347] : IPM_PSP_COM64 -> C:\Windows\Installer\{842A3E2E-15B2-4D49-A50F-05964CA93374}\ARPPRODUCTICON.exe [HKCR\Installer\Products\E2F4C551183708B42B85DF60009C4CB6] : OpenOffice 4.1.5 -> C:\WINDOWS\Installer\{155C4F2E-7381-4B80-B258-FD0600C9C46B}\soffice.ico [HKCR\Installer\Products\E5070DFEB8954D64D8B554933471468B] : Balanced -> C:\Windows\Installer\{EFD0705E-598B-46D4-8D5B-4539431764B8}\ARPPRODUCTICON.exe [HKCR\Installer\Products\EE7B900551A832A44B40513ED120AD76] : Update for Windows 10 for x64-based Systems (KB4023057) [HKCR\Installer\Products\F187AF9E08E3993428A5DAE3112CC877] : MSVCRT110_amd64 [HKCR\Installer\Products\F95CFC881941953418F978FDFA9FCC4F] : PSPPro64 -> C:\Windows\Installer\{88CFC59F-1491-4359-819F-87DFAFF9CCF4}\ARPPRODUCTICON.exe ---------- | ADS ---------- | Drives ---------- | MBR 64 bits not supported by MBR.exe, Dump : C:\QuickDiag\MBR.Bin ---------- | 20 LastEventLog Le programme firefox.exe version 61.0.2.6793 a cessé d'interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l'historique du problème dans le panneau de configuration Sécurité et maintenance. ID de processus : 1a20 Heure de début : 01d443782e134092 Heure de fin : 4294967295 Chemin d'accès de l'application : C:\Program Files\Mozilla Firefox\firefox.exe ID de rapport : b6f240df-d26e-4754-85b3-6e06d19c5b32 Nom complet du package défaillant : ID de l'application relative au package défaillant : ------------ Le programme firefox.exe version 61.0.2.6793 a cessé d'interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l'historique du problème dans le panneau de configuration Sécurité et maintenance. ID de processus : 151c Heure de début : 01d44377e70577e9 Heure de fin : 4294967295 Chemin d'accès de l'application : C:\Program Files\Mozilla Firefox\firefox.exe ID de rapport : c1cb1841-cf80-4fab-ae7b-ede90a05184a Nom complet du package défaillant : ID de l'application relative au package défaillant : ------------ Le programme firefox.exe version 61.0.2.6793 a cessé d'interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l'historique du problème dans le panneau de configuration Sécurité et maintenance. ID de processus : 294c Heure de début : 01d44377c2c23ee3 Heure de fin : 4294967295 Chemin d'accès de l'application : C:\Program Files\Mozilla Firefox\firefox.exe ID de rapport : 1c42c3f8-e22e-43a7-9193-5b7b2c474967 Nom complet du package défaillant : ID de l'application relative au package défaillant : ------------ Le programme firefox.exe version 61.0.2.6793 a cessé d'interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l'historique du problème dans le panneau de configuration Sécurité et maintenance. ID de processus : 3568 Heure de début : 01d44377b3b99a9d Heure de fin : 4294967295 Chemin d'accès de l'application : C:\Program Files\Mozilla Firefox\firefox.exe ID de rapport : 709bfa13-0a85-4fbd-9ff0-20334aa3d762 Nom complet du package défaillant : ID de l'application relative au package défaillant : ------------ Le programme firefox.exe version 61.0.2.6793 a cessé d'interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l'historique du problème dans le panneau de configuration Sécurité et maintenance. ID de processus : 1314 Heure de début : 01d4435ebb9d6968 Heure de fin : 4294967295 Chemin d'accès de l'application : C:\Program Files\Mozilla Firefox\firefox.exe ID de rapport : db6d6210-789d-4c9e-9b5a-eaf8c7fa83e1 Nom complet du package défaillant : ID de l'application relative au package défaillant : ------------ Le programme firefox.exe version 61.0.2.6793 a cessé d'interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l'historique du problème dans le panneau de configuration Sécurité et maintenance. ID de processus : f50 Heure de début : 01d441c3c1885286 Heure de fin : 4294967295 Chemin d'accès de l'application : C:\Program Files\Mozilla Firefox\firefox.exe ID de rapport : f4a811b4-1cf7-4966-bc9a-881e04bd1c6c Nom complet du package défaillant : ID de l'application relative au package défaillant : ------------ Performance Counters are not configured for this system,So Performance Profile Client is not starting. ------------ Windows ne parvient pas à charger la DLL de compteur extensible rdyboost. Le premier mot (DWORD) de la section Données contient le code d’erreur Windows. ------------ Échec de la procédure d’ouverture pour le service « BITS » dans la DLL « C:\Windows\System32\bitsperf.dll ». Les données de performance de ce service ne seront pas disponibles. Le premier mot (DWORD) de la section Données contient le code d’erreur. ------------ Performance Counters are not configured for this system,So Performance Profile Client is not starting. ------------ Performance Counters are not configured for this system,So Performance Profile Client is not starting. ------------ Windows ne parvient pas à charger la DLL de compteur extensible rdyboost. Le premier mot (DWORD) de la section Données contient le code d’erreur Windows. ------------ Échec de la procédure d’ouverture pour le service « BITS » dans la DLL « C:\Windows\System32\bitsperf.dll ». Les données de performance de ce service ne seront pas disponibles. Le premier mot (DWORD) de la section Données contient le code d’erreur. ------------ Nom de l’application défaillante AutoRun.exe_AUTORUN Application, version : 1.0.0.1, horodatage : 0x33bf60d5 Nom du module défaillant : AutoRun.exe, version : 1.0.0.1, horodatage : 0x33bf60d5 Code d’exception : 0xc0000005 Décalage d’erreur : 0x0001b648 ID du processus défaillant : 0x3f30 Heure de début de l’application défaillante : 0x01d43dd3f18e16dc Chemin d’accès de l’application défaillante : D:\Téléchargements\Kpt6full_plugin\auto95\AutoRun.exe Chemin d’accès du module défaillant: D:\Téléchargements\Kpt6full_plugin\auto95\AutoRun.exe ID de rapport : e8f38d34-cafa-4fd4-9fec-d9f0493d69ee Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Nom de l’application défaillante AutoRun.exe_AUTORUN Application, version : 1.0.0.1, horodatage : 0x33bf60d5 Nom du module défaillant : AutoRun.exe, version : 1.0.0.1, horodatage : 0x33bf60d5 Code d’exception : 0xc0000005 Décalage d’erreur : 0x0001b648 ID du processus défaillant : 0xa50 Heure de début de l’application défaillante : 0x01d43dd3d95f482e Chemin d’accès de l’application défaillante : D:\Documents\My PSP Files\Modules externes\Kpt6full_plugin\auto95\AutoRun.exe Chemin d’accès du module défaillant: D:\Documents\My PSP Files\Modules externes\Kpt6full_plugin\auto95\AutoRun.exe ID de rapport : 4db23c18-c1d0-4ce0-9d23-f4c2086b2eb1 Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Nom de l’application défaillante AutoRun.exe_AUTORUN Application, version : 1.0.0.1, horodatage : 0x33bf60d5 Nom du module défaillant : AutoRun.exe, version : 1.0.0.1, horodatage : 0x33bf60d5 Code d’exception : 0xc0000005 Décalage d’erreur : 0x0001b648 ID du processus défaillant : 0x1570 Heure de début de l’application défaillante : 0x01d43dd3d4efc4b7 Chemin d’accès de l’application défaillante : D:\Documents\My PSP Files\Modules externes\Kpt6full_plugin\auto95\AutoRun.exe Chemin d’accès du module défaillant: D:\Documents\My PSP Files\Modules externes\Kpt6full_plugin\auto95\AutoRun.exe ID de rapport : 1f4b2152-ba31-4bab-b74e-344d2160734c Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Nom de l’application défaillante AutoRun.exe_AUTORUN Application, version : 1.0.0.1, horodatage : 0x33bf60d5 Nom du module défaillant : AutoRun.exe, version : 1.0.0.1, horodatage : 0x33bf60d5 Code d’exception : 0xc0000005 Décalage d’erreur : 0x0001b648 ID du processus défaillant : 0x39a0 Heure de début de l’application défaillante : 0x01d43dd3ce1fdec1 Chemin d’accès de l’application défaillante : D:\Documents\My PSP Files\Modules externes\Kpt6full_plugin\auto95\AutoRun.exe Chemin d’accès du module défaillant: D:\Documents\My PSP Files\Modules externes\Kpt6full_plugin\auto95\AutoRun.exe ID de rapport : 7729e1b6-41dc-40a3-af18-ba2fda089264 Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Nom de l’application défaillante Corel PaintShop Pro.exe, version : 18.0.0.2, horodatage : 0x567287f0 Nom du module défaillant : CoreMemory.dll, version : 18.0.0.2, horodatage : 0x56727ba3 Code d’exception : 0xc0000005 Décalage d’erreur : 0x0000597d ID du processus défaillant : 0x1984 Heure de début de l’application défaillante : 0x01d43b746feb4204 Chemin d’accès de l’application défaillante : C:\Program Files (x86)\Corel\Corel PaintShop Pro X8\Corel PaintShop Pro.exe Chemin d’accès du module défaillant: C:\Program Files (x86)\Corel\Corel PaintShop Pro X8\CoreMemory.dll ID de rapport : 93954ebb-d16d-4c22-ac57-b4ae39ea567c Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Échec de la création d’un point de restauration (Processus = C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17134.165_none_eaf410441d6d7311\TiWorker.exe -Embedding ; Description = Programme d’installation pour les modules Windows ; Erreur = 0x81000101). ------------ ----------( EOF)---------- - 4228 | 23:27:37