--------------- QuickDiag | g3n-h@ckm@n | V4_31.08.18.1 --------------- ----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 03/12/2018 18:25:29 Updated 31/08/2018 | 22:20 (GMT) by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Time Zone : (UTC+01:00) Bruxelles, Copenhague, Madrid, Paris [Aurélie (Administrator)] - [DESKTOP-QACPS1A] (S-1-5-21-1346661418-3917707748-2786925825-1001) System: Microsoft Windows 10 Famille - - (10.0.17134) - BuildType: Multiprocessor Free - OSLanguage: 1036 (040c) -> (1803) System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True Boot : Microsoft Windows 10 Famille|C:\WINDOWS|\Device\Harddisk0\Partition3 Boot : Normal boot PC: V221ID - ASUSTeK COMPUTER INC. - IdNumber: H7PTCJ000208 - UUID: E861425C-289E-1F4E-8A3D-F684F0154D8A Processor : X64 - 1997 Mhz - Intel(R) Celeron(R) CPU J3355 @ 2.00GHz 0607 - en|US|iso8859-1 - American Megatrends Inc. - S/N: H7PTCJ000208 - 0607 - _ASUS_ - 1072009 CoreTemp : 40 Celsius ----------| Quick ---------- | SoundDevice Realtek High Definition Audio - Status: OK - Manufacturer: Realtek - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0295&SUBSYS_10433000&REV_1000\4&279E884A&0&0001 Son Intel(R) pour écrans - Status: OK - Manufacturer: Intel(R) Corporation - PNPDeviceID: HDAUDIO\FUNC_01&VEN_8086&DEV_280A&SUBSYS_80860101&REV_1000\4&279E884A&0&0201 ---------- | Video Intel(R) HD Graphics - Resolution: 1920x1080 - Colors: 4294967296 - RefreshRate: 60 - 32 Bits Per Pixel - DeviceID: VideoController1 - Drivers: C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7a99cee8a1a412a6\igdumdim64.dll,C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7a99cee8a1a412a6\igd10iumd64.dll,C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7a99cee8a1a412a6\igd10iumd64.dll,C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7a99cee8a1a412a6\igd12umd64.dll - PNPDeviceID: PCI\VEN_8086&DEV_5A85&SUBSYS_15F01043&REV_0B\3&11583659&1&10 - AdapterCompatibility: Intel Corporation - RAM: 1073741824 Inegrated Video Chipset DeviceName: Intel(R) HD Graphics - DriverVersion: 21.20.16.4534 - SpecificationVersion: 1025 ---------- | Codecs c:\windows\system32\iyuv_32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 53760 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msrle32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 17920 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msvidc32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 39424 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 28160 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\tsbyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 16896 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msg711.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 25408 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\l3codeca.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 86016 - Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK c:\windows\system32\msgsm32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 42480 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 34696 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\imaadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 36264 - Manufacturer: Microsoft Corporation - Status: OK ---------- | CPU CPU #1 value:32 % CPU #2 value:25 % Total Overall CPU Usage value:29 % ---------- | Network Realtek PCIe GBE Family Controller : SENT:0 bytes/sec / RECVD:0 bytes/sec Qualcomm Atheros AR956x Wireless Network Adapter : SENT:15,489 bytes/sec / RECVD:15,489 bytes/sec Overall -> SEND Maxium:29 bytes/sec, / RECEIVE Maximum:15,489 bytes/sec Microsoft Kernel Debug Network Adapter - - Microsoft - Status: - PnPID : ROOT\KDNIC\0000 Qualcomm Atheros AR956x Wireless Network Adapter - Ethernet 802.3 - Qualcomm Atheros Communications Inc. - Status: - PnPID : PCI\VEN_168C&DEV_0036&SUBSYS_21821A3B&REV_01\4&1966E47E&0&009B Realtek PCIe GBE Family Controller - Ethernet 802.3 - Realtek - Status: - PnPID : PCI\VEN_10EC&DEV_8168&SUBSYS_205F1043&REV_11\01000000684CE00000 Microsoft Wi-Fi Direct Virtual Adapter - Ethernet 802.3 - Microsoft - Status: - PnPID : {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP_WFD\5&3B95D1A4&0&11 Microsoft Wi-Fi Direct Virtual Adapter #2 - Ethernet 802.3 - Microsoft - Status: - PnPID : {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP_WFD\5&3B95D1A4&0&12 WAN Miniport (SSTP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_SSTPMINIPORT WAN Miniport (IKEv2) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_AGILEVPNMINIPORT WAN Miniport (L2TP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_L2TPMINIPORT WAN Miniport (PPTP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_PPTPMINIPORT WAN Miniport (PPPOE) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_PPPOEMINIPORT WAN Miniport (IP) - Ethernet 802.3 - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_NDISWANIP WAN Miniport (IPv6) - Ethernet 802.3 - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_NDISWANIPV6 WAN Miniport (Network Monitor) - Ethernet 802.3 - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_NDISWANBH Apple Mobile Device Ethernet - - - Status: - PnPID : ---------- | Memory RAM = Total (MB) : 4015 | Free (MB) : 1055 Pagefile = Total (MB) : 5391 | Free (MB) : 1944 Virtual = Total (MB) : 4194 | Free (MB) : 3908 Physical Memory 0 : Capacity: 4294967296 - ChannelA-DIMM0 - Posit.: 1 - Manufacturer: 0000 - PartNumber: - S/N: 00000000 ---------- | SID Users Administrateur : [S-1-5-21-1346661418-3917707748-2786925825-500] Aurélie : [S-1-5-21-1346661418-3917707748-2786925825-1001] DefaultAccount : [S-1-5-21-1346661418-3917707748-2786925825-503] defaultuser0 : [S-1-5-21-1346661418-3917707748-2786925825-1000] Invité : [S-1-5-21-1346661418-3917707748-2786925825-501] WDAGUtilityAccount : [S-1-5-21-1346661418-3917707748-2786925825-504] Administrateurs : [S-1-5-32-544] IIS_IUSRS : [S-1-5-32-568] Invités : [S-1-5-32-546] Lecteurs des journaux d’événements : [S-1-5-32-573] System Managed Accounts Group : [S-1-5-32-581] Utilisateurs : [S-1-5-32-545] Utilisateurs de gestion à distance : [S-1-5-32-580] Utilisateurs de l’Analyseur de performances : [S-1-5-32-558] Utilisateurs du journal de performances : [S-1-5-32-559] Utilisateurs du modèle COM distribué : [S-1-5-32-562] ---------- | SystemAccounts Name: Tout le monde - SID: S-1-1-0 - SIDType: 5 - Status: OK Name: LOCAL - SID: S-1-2-0 - SIDType: 5 - Status: OK Name: CREATEUR PROPRIETAIRE - SID: S-1-3-0 - SIDType: 5 - Status: OK Name: GROUPE CREATEUR - SID: S-1-3-1 - SIDType: 5 - Status: OK Name: CREATOR OWNER SERVER - SID: S-1-3-2 - SIDType: 5 - Status: OK Name: CREATOR GROUP SERVER - SID: S-1-3-3 - SIDType: 5 - Status: OK Name: DROITS DU PROPRIÉTAIRE - SID: S-1-3-4 - SIDType: 5 - Status: OK Name: LIGNE - SID: S-1-5-1 - SIDType: 5 - Status: OK Name: RESEAU - SID: S-1-5-2 - SIDType: 5 - Status: OK Name: TACHE - SID: S-1-5-3 - SIDType: 5 - Status: OK Name: INTERACTIF - SID: S-1-5-4 - SIDType: 5 - Status: OK Name: SERVICE - SID: S-1-5-6 - SIDType: 5 - Status: OK Name: ANONYMOUS LOGON - SID: S-1-5-7 - SIDType: 5 - Status: OK Name: Proxy - SID: S-1-5-8 - SIDType: 5 - Status: OK Name: Système - SID: S-1-5-18 - SIDType: 5 - Status: OK Name: ENTERPRISE DOMAIN CONTROLLERS - SID: S-1-5-9 - SIDType: 5 - Status: OK Name: SELF - SID: S-1-5-10 - SIDType: 5 - Status: OK Name: Utilisateurs authentifiés - SID: S-1-5-11 - SIDType: 5 - Status: OK Name: RESTRICTED - SID: S-1-5-12 - SIDType: 5 - Status: OK Name: UTILISATEUR TERMINAL SERVER - SID: S-1-5-13 - SIDType: 5 - Status: OK Name: REMOTE INTERACTIVE LOGON - SID: S-1-5-14 - SIDType: 5 - Status: OK Name: IUSR - SID: S-1-5-17 - SIDType: 5 - Status: OK Name: SERVICE LOCAL - SID: S-1-5-19 - SIDType: 5 - Status: OK Name: SERVICE RÉSEAU - SID: S-1-5-20 - SIDType: 5 - Status: OK Name: BUILTIN - SID: S-1-5-32 - SIDType: 3 - Status: OK ---------- | Drives C:\ -> [Fixed] | [OS] | Total : 930.75 Go | Free : 585.73 Go -> NTFS [SATA] Disk Usage Information [1 total Physical Disks] Physical Drive #0 [C:] : Read:5,598,508 bytes/sec, Written:0 bytes/sec Max Read:5,598,508 bytes/sec, Max Write:0 bytes/sec Overall - Read Maximum:5,598,508 bytes/sec, Write Maximum:0 bytes/sec DeviceID: \\.\PHYSICALDRIVE0 - Status: OK - IDE - Fixed hard disk media - 3 Part. - PnPID : SCSI\DISK&VEN_TOSHIBA&PROD_MQ01ABD100\4&2B587514&0&000000 ---------- | Windows updates - Activation - License W.A.T : :) Test 1 : Windows Is Activated Test 2 : Windows Is Activated Test 3 : Possible Fixed Windows Volume License ---------- | Browsers IE : 11.0.17134.1 (© Microsoft Corporation. Tous droits réservés.) FF : 63.0.3.6892 (©Firefox and Mozilla Developers; available under the MPL 2 license.) Default : "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "" ---------- | FlashPlayer FlashPlayer ActiveX : 31.0.0.153 ---------- | Security AV : Windows Defender Disabled FW : WINDOWS Firewall WMI : OK WU: Windows Update Service [Manual(3)] = Running AS: Windows Defender [Manual(3)] = stopped WMI: Windows Management Instrumentation [Auto(2)] = Running ---------- | Running processes 416 | [Owner : Système | Parent : 4(System) | ?????] - (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (10.0.17134.1) = C:\Windows\System32\smss.exe [12/04/2018 00:34:22] CPU Usage:0 % 652 | [Owner : Système | Parent : 636() | ?????] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (10.0.17134.1) = C:\Windows\System32\csrss.exe [12/04/2018 00:34:22] CPU Usage:0 % 736 | [Owner : Système | Parent : 636() | ?????] - (.Microsoft Corporation - Application de démarrage de Windows.) - (10.0.17134.1) = C:\Windows\System32\wininit.exe [12/04/2018 00:34:22] CPU Usage:0 % 808 | [Owner : Système | Parent : 736(wininit.exe) | ?????] - (.Microsoft Corporation - Applications Services et Contrôleur.) - (10.0.17134.191) = C:\Windows\System32\services.exe [17/08/2018 10:18:14] CPU Usage:0 % 840 | [Owner : Système | Parent : 736(wininit.exe) | ?????] - (.Microsoft Corporation - Local Security Authority Process.) - (10.0.17134.376) = C:\Windows\System32\lsass.exe [19/11/2018 16:16:27] CPU Usage:0 % 944 | [Owner : UMFD-0 | Parent : 736(wininit.exe) | 3.09 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.17134.376) = C:\Windows\System32\fontdrvhost.exe [19/11/2018 16:16:53] CPU Usage:0 % 952 | [Owner : Système | Parent : 808(services.exe) | 3.43 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 992 | [Owner : SERVICE LOCAL | Parent : 808(services.exe) | 10.34 Mo] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (10.0.17134.1) = C:\Windows\System32\WUDFHost.exe [12/04/2018 00:34:28] CPU Usage:0 % 60 | [Owner : Système | Parent : 808(services.exe) | 25.67 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 604 | [Owner : SERVICE RÉSEAU | Parent : 808(services.exe) | 12.97 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 864 | [Owner : Système | Parent : 808(services.exe) | 7.74 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 1296 | [Owner : SERVICE LOCAL | Parent : 808(services.exe) | 18.84 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 1356 | [Owner : Système | Parent : 808(services.exe) | 9.22 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 1416 | [Owner : Système | Parent : 808(services.exe) | 14.42 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 1496 | [Owner : Système | Parent : 808(services.exe) | 5.52 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 1544 | [Owner : Système | Parent : 808(services.exe) | 10.11 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 1552 | [Owner : SERVICE LOCAL | Parent : 808(services.exe) | 11.07 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 1572 | [Owner : SERVICE LOCAL | Parent : 808(services.exe) | 18.71 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 1684 | [Owner : Système | Parent : 808(services.exe) | 9.08 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 1720 | [Owner : SERVICE LOCAL | Parent : 808(services.exe) | 8.35 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 1804 | [Owner : SERVICE LOCAL | Parent : 808(services.exe) | 7.08 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 1940 | [Owner : SERVICE RÉSEAU | Parent : 808(services.exe) | 11.64 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 1996 | [Owner : Système | Parent : 808(services.exe) | 73.43 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 2004 | [Owner : Système | Parent : 808(services.exe) | 5.34 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 2012 | [Owner : SERVICE LOCAL | Parent : 808(services.exe) | 7.36 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 2088 | [Owner : Système | Parent : 808(services.exe) | 8.84 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 2120 | [Owner : SERVICE LOCAL | Parent : 808(services.exe) | 9.15 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 2128 | [Owner : Système | Parent : 808(services.exe) | 7.36 Mo] - (.Intel Corporation - igfxCUIService Module.) - (6.15.10.4534) = C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7a99cee8a1a412a6\igfxCUIService.exe [27/10/2016 05:07:32] CPU Usage:0 % 2196 | [Owner : Système | Parent : 808(services.exe) | 7.2 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 2204 | [Owner : SERVICE LOCAL | Parent : 808(services.exe) | 17.32 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 2316 | [Owner : SERVICE LOCAL | Parent : 808(services.exe) | 11.48 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 2384 | [Owner : SERVICE RÉSEAU | Parent : 808(services.exe) | 7.9 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 2396 | [Owner : SERVICE LOCAL | Parent : 808(services.exe) | 5.76 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 2404 | [Owner : SERVICE LOCAL | Parent : 808(services.exe) | 11.45 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 2424 | [Owner : Système | Parent : 808(services.exe) | 14.63 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 2584 | [Owner : SERVICE LOCAL | Parent : 808(services.exe) | 6.96 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 2592 | [Owner : SERVICE LOCAL | Parent : 808(services.exe) | 9.31 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 2688 | [Owner : Système | Parent : 808(services.exe) | 14.56 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 2724 | [Owner : Système | Parent : 808(services.exe) | ?????] - (.AVAST Software - Avast Service.) - (18.8.4084.0) = C:\Program Files\AVAST Software\Avast\AvastSvc.exe [22/11/2018 19:53:07] CPU Usage:0 % 2732 | [Owner : Système | Parent : 808(services.exe) | 13.04 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 3016 | [Owner : Système | Parent : 808(services.exe) | 16.34 Mo] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.17134.1) = C:\Windows\System32\spoolsv.exe [12/04/2018 00:34:41] CPU Usage:0 % 3024 | [Owner : Système | Parent : 808(services.exe) | 5.44 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 3108 | [Owner : SERVICE RÉSEAU | Parent : 808(services.exe) | 7.44 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 3264 | [Owner : Système | Parent : 808(services.exe) | 9.98 Mo] - (.Apple Inc. - MobileDeviceService.) - (17.423.0.31) = C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [27/11/2017 14:50:32] CPU Usage:0 % 3272 | [Owner : Système | Parent : 808(services.exe) | 6.61 Mo] - (.Windows (R) Win 7 DDK provider - Windows Setup API.) - (6.2.9200.16384) = C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [26/08/2016 02:12:00] CPU Usage:0 % 3280 | [Owner : Système | Parent : 808(services.exe) | 5.87 Mo] - (.Apple Inc. - Bonjour Service.) - (3.1.0.1) = C:\Program Files\Bonjour\mDNSResponder.exe [12/08/2015 16:03:42] CPU Usage:0 % 3288 | [Owner : Système | Parent : 808(services.exe) | 5.92 Mo] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - (1.824.29.8644) = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [13/08/2018 23:27:08] CPU Usage:0 % 3296 | [Owner : Système | Parent : 808(services.exe) | 6.25 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 3332 | [Owner : Système | Parent : 808(services.exe) | 37.51 Mo] - (.Microsoft Corporation - Microsoft Office Click-to-Run (SxS).) - (16.0.11029.20079) = C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe [04/07/2017 17:24:45] CPU Usage:0 % 3360 | [Owner : Système | Parent : 808(services.exe) | 6.23 Mo] - (.Intel Corporation - IntelCpHDCPSvc Executable.) - (1.0.0.1) = C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7a99cee8a1a412a6\IntelCpHDCPSvc.exe [27/10/2016 05:08:35] CPU Usage:0 % 3368 | [Owner : SERVICE RÉSEAU | Parent : 808(services.exe) | 12.26 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 3376 | [Owner : Système | Parent : 808(services.exe) | 22.91 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 3408 | [Owner : SERVICE LOCAL | Parent : 808(services.exe) | 20.54 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 3416 | [Owner : Système | Parent : 808(services.exe) | 5.48 Mo] - (.Intel Corporation - Intel(R) Dynamic Platform and Thermal Framework.) - (8.2.11000.2996) = C:\Windows\System32\Intel\DPTF\esif_uf.exe [07/11/2016 08:24:40] CPU Usage:0 % 3456 | [Owner : Système | Parent : 808(services.exe) | 16.36 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 3564 | [Owner : Système | Parent : 808(services.exe) | 8.18 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 3592 | [Owner : SERVICE LOCAL | Parent : 808(services.exe) | 5.78 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 3612 | [Owner : Système | Parent : 808(services.exe) | ?????] - (.Microsoft Corporation - Windows Security Health Service.) - (4.13.17134.191) = C:\Windows\System32\SecurityHealthService.exe [17/08/2018 10:18:28] CPU Usage:0 % 3620 | [Owner : SERVICE LOCAL | Parent : 808(services.exe) | 7.44 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 3628 | [Owner : Système | Parent : 808(services.exe) | 13.4 Mo] - (.TeamViewer GmbH - TeamViewer 11.) - (11.0.59518.0) = C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11/11/2016 09:17:42] CPU Usage:0 % 3668 | [Owner : Système | Parent : 808(services.exe) | 5.12 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 3684 | [Owner : Système | Parent : 808(services.exe) | 19.98 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 4056 | [Owner : Système | Parent : 808(services.exe) | 29.58 Mo] - (.Malwarebytes - Malwarebytes Service.) - (3.2.0.704) = C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [27/09/2018 19:24:10] CPU Usage:0 % 4084 | [Owner : Système | Parent : 808(services.exe) | 11.46 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 3500 | [Owner : SERVICE LOCAL | Parent : 808(services.exe) | 4.95 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 4188 | [Owner : Système | Parent : 808(services.exe) | 10.87 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 4268 | [Owner : Système | Parent : 808(services.exe) | 9.62 Mo] - (.Intel Corporation - IntelCpHeciSvc Executable.) - (9.0.31.9015) = C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7a99cee8a1a412a6\IntelCpHeciSvc.exe [27/10/2016 05:08:39] CPU Usage:0 % 4484 | [Owner : SERVICE RÉSEAU | Parent : 808(services.exe) | 6.64 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 5284 | [Owner : SERVICE LOCAL | Parent : 808(services.exe) | 10.41 Mo] - (.Microsoft Corporation - PresentationFontCache.exe.) - (3.0.6920.8931) = C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe [09/06/2018 10:21:50] CPU Usage:0 % 5572 | [Owner : Système | Parent : 808(services.exe) | 7.44 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 5672 | [Owner : SERVICE LOCAL | Parent : 808(services.exe) | 9.47 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 5856 | [Owner : Système | Parent : 808(services.exe) | 9.55 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 6300 | [Owner : Système | Parent : 808(services.exe) | 13.98 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 6824 | [Owner : Système | Parent : 60(svchost.exe) | 6.54 Mo] - (.Microsoft Corporation - Sink to receive asynchronous callbacks for WMI client application.) - (10.0.17134.1) = C:\Windows\System32\wbem\unsecapp.exe [12/04/2018 00:34:40] CPU Usage:0 % 6892 | [Owner : SERVICE LOCAL | Parent : 808(services.exe) | 15.86 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 2952 | [Owner : Système | Parent : 808(services.exe) | 5.95 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 7916 | [Owner : SERVICE LOCAL | Parent : 808(services.exe) | 10.07 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 6540 | [Owner : Système | Parent : 808(services.exe) | 11.29 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 8668 | [Owner : Système | Parent : 808(services.exe) | 5.32 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 8716 | [Owner : Système | Parent : 808(services.exe) | 8 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 9108 | [Owner : Système | Parent : 808(services.exe) | 7.67 Mo] - (.Apple Inc. - iPod Service.) - (12.7.2.60) = C:\Program Files\iPod\bin\iPodService.exe [11/12/2017 12:00:00] CPU Usage:0 % 6856 | [Owner : SERVICE RÉSEAU | Parent : 808(services.exe) | 15.79 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 5884 | [Owner : Système | Parent : 808(services.exe) | 40 Mo] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.17134.407) = C:\Windows\System32\SearchIndexer.exe [19/11/2018 16:17:05] CPU Usage:0 % 2808 | [Owner : Système | Parent : 808(services.exe) | 22.34 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 3692 | [Owner : Système | Parent : 808(services.exe) | 18.12 Mo] - (.-.) - (0.0.0.0) = C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe [20/02/2018 18:36:04] CPU Usage:0 % 8576 | [Owner : Système | Parent : 808(services.exe) | 8.09 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 3080 | [Owner : Système | Parent : 808(services.exe) | 5.68 Mo] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host Interface.) - (3.0.10.1129) = C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe [25/08/2016 21:10:02] CPU Usage:0 % 3880 | [Owner : Système | Parent : 808(services.exe) | 8.26 Mo] - (.Microsoft Corporation - sedsvc.) - (10.0.17134.1000) = C:\Program Files\rempl\sedsvc.exe [08/11/2018 22:37:38] CPU Usage:0 % 1856 | [Owner : Système | Parent : 808(services.exe) | ?????] - (.Microsoft Corporation - Service Broker du moniteur d'exécution System Guard.) - (10.0.17134.1) = C:\Windows\System32\SgrmBroker.exe [12/04/2018 00:34:04] CPU Usage:0 % 9348 | [Owner : SERVICE LOCAL | Parent : 808(services.exe) | 7.26 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 1676 | [Owner : Système | Parent : 808(services.exe) | 21.22 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 7660 | [Owner : Système | Parent : 5024() | ?????] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (10.0.17134.1) = C:\Windows\System32\csrss.exe [12/04/2018 00:34:22] CPU Usage:0 % 2880 | [Owner : Système | Parent : 5024() | 8.34 Mo] - (.Microsoft Corporation - Application d’ouverture de session Windows.) - (10.0.17134.319) = C:\Windows\System32\winlogon.exe [10/10/2018 17:29:12] CPU Usage:0 % 6152 | [Owner : UMFD-2 | Parent : 2880(winlogon.exe) | 5.92 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.17134.376) = C:\Windows\System32\fontdrvhost.exe [19/11/2018 16:16:53] CPU Usage:0 % 3488 | [Owner : DWM-2 | Parent : 2880(winlogon.exe) | 60.08 Mo] - (.Microsoft Corporation - Gestionnaire de fenêtres du Bureau.) - (10.0.17134.1) = C:\Windows\System32\dwm.exe [12/04/2018 00:34:19] CPU Usage:0 % 5292 | [Owner : Système | Parent : 808(services.exe) | 6.66 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 9000 | [Owner : Système | Parent : 808(services.exe) | 7.1 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 6200 | [Owner : Système | Parent : 1416(svchost.exe) | 1.82 Mo] - (.Microsoft Corporation - sedlauncher.) - (10.0.17134.1000) = C:\Program Files\rempl\sedlauncher.exe [08/11/2018 22:37:38] CPU Usage:0 % 2044 | [Owner : Aurélie | Parent : 4056(MBAMService.exe) | 37.07 Mo] - (.Malwarebytes - Malwarebytes Tray Application.) - (3.1.0.1644) = C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [05/01/2018 23:05:38] CPU Usage:0 % 8984 | [Owner : Aurélie | Parent : 3416(esif_uf.exe) | 3.54 Mo] - (.Intel Corporation - Intel(R) Dynamic Platform and Thermal Framework Utility Application.) - (8.2.11000.2996) = C:\Windows\Temp\DPTF\esif_assist_64.exe [21/11/2018 10:43:17] CPU Usage:0 % 9516 | [Owner : Aurélie | Parent : 1684(svchost.exe) | 24.83 Mo] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.17134.1) = C:\Windows\System32\sihost.exe [12/04/2018 00:34:12] CPU Usage:0 % 1272 | [Owner : Aurélie | Parent : 808(services.exe) | 17.69 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 8252 | [Owner : Aurélie | Parent : 808(services.exe) | 31.76 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 8184 | [Owner : Aurélie | Parent : 1416(svchost.exe) | 19.44 Mo] - (.ASUSTek Computer Inc - ASUS GIFTBOX.) - (7.5.24.0) = C:\Program Files (x86)\ASUS\Giftbox\Asusgiftbox.exe [03/07/2017 10:51:42] CPU Usage:0 % 7992 | [Owner : Aurélie | Parent : 1416(svchost.exe) | 15.08 Mo] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.17134.1) = C:\Windows\System32\taskhostw.exe [12/04/2018 00:34:37] CPU Usage:0 % 6336 | [Owner : Aurélie | Parent : 1416(svchost.exe) | 2.11 Mo] - (.ASUSTeK Computer Inc. - Handle ASUS All-In-One any event test.) - (1.0.1.2) = C:\Program Files (x86)\ASUS\ASUS Key Suite\AsKeySuite.exe [04/07/2017 17:24:32] CPU Usage:0 % 7272 | [Owner : Aurélie | Parent : 1608() | 12.32 Mo] - (.Intel Corporation - igfxEM Module.) - (6.15.10.4534) = C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7a99cee8a1a412a6\igfxEM.exe [27/10/2016 05:07:55] CPU Usage:0 % 10024 | [Owner : Aurélie | Parent : 1644() | 116.32 Mo] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.17134.165) = C:\Windows\explorer.exe [11/07/2018 14:35:13] CPU Usage:0 % 2776 | [Owner : Aurélie | Parent : 60(svchost.exe) | 49.83 Mo] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.17134.1) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [12/04/2018 00:33:58] CPU Usage:0 % 9220 | [Owner : Aurélie | Parent : 60(svchost.exe) | 70.8 Mo] - (.Microsoft Corporation - Search and Cortana application.) - (10.0.17134.407) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [19/11/2018 16:20:17] CPU Usage:0 % 984 | [Owner : Aurélie | Parent : 60(svchost.exe) | 22.93 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.17134.1) = C:\Windows\System32\RuntimeBroker.exe [12/04/2018 00:34:06] CPU Usage:0 % 448 | [Owner : SERVICE RÉSEAU | Parent : 60(svchost.exe) | 14.56 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.17134.1) = C:\Windows\System32\wbem\WmiPrvSE.exe [12/04/2018 00:34:40] CPU Usage:0 % 9616 | [Owner : Aurélie | Parent : 60(svchost.exe) | 15.45 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.17134.1) = C:\Windows\System32\RuntimeBroker.exe [12/04/2018 00:34:06] CPU Usage:0 % 9956 | [Owner : Aurélie | Parent : 60(svchost.exe) | 43.69 Mo] - (.Microsoft Corporation - Windows Defender SmartScreen.) - (10.0.17134.137) = C:\Windows\System32\smartscreen.exe [11/07/2018 14:35:12] CPU Usage:0 % 10076 | [Owner : Aurélie | Parent : 5572(svchost.exe) | 14.4 Mo] - (.Microsoft Corporation - Chargeur CTF.) - (10.0.17134.1) = C:\Windows\System32\ctfmon.exe [12/04/2018 00:34:37] CPU Usage:0 % 6736 | [Owner : Aurélie | Parent : 60(svchost.exe) | 32.84 Mo] - (.Microsoft Corporation - SkypeApp.) - (8.34.0.81) = C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x64__kzf8qxf38zg5c\SkypeApp.exe [14/11/2018 11:26:08] CPU Usage:0 % 8992 | [Owner : Aurélie | Parent : 60(svchost.exe) | 18.62 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.17134.1) = C:\Windows\System32\RuntimeBroker.exe [12/04/2018 00:34:06] CPU Usage:0 % 3520 | [Owner : Aurélie | Parent : 8184(Asusgiftbox.exe) | 0.33 Mo] - (.ASUSTek Computer Inc - ASUS GIFTBOX.) - (7.5.24.0) = C:\Program Files (x86)\ASUS\Giftbox\Asusgiftbox.exe [03/07/2017 10:51:42] CPU Usage:0 % 1632 | [Owner : Aurélie | Parent : 1416(svchost.exe) | 1.81 Mo] - (.Realtek Semiconductor - HD Audio Background Process.) - (1.0.0.251) = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [04/07/2017 16:57:28] CPU Usage:0 % 7084 | [Owner : Aurélie | Parent : 1416(svchost.exe) | 1.12 Mo] - (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) - (1.0.584.0) = C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [04/07/2017 16:57:33] CPU Usage:0 % 6816 | [Owner : Aurélie | Parent : 10024(explorer.exe) | 9.12 Mo] - (.Microsoft Corporation - Windows Defender notification icon.) - (4.13.17134.1) = C:\Program Files\Windows Defender\MSASCuiL.exe [12/04/2018 00:33:58] CPU Usage:0 % 4212 | [Owner : Aurélie | Parent : 10024(explorer.exe) | 14.96 Mo] - (.Apple Inc. - iTunesHelper.) - (12.7.2.60) = C:\Program Files\iTunes\iTunesHelper.exe [11/12/2017 12:00:00] CPU Usage:0 % 7528 | [Owner : Aurélie | Parent : 10024(explorer.exe) | 67.34 Mo] - (.Microsoft Corporation - Microsoft OneDrive.) - (18.212.1021.8) = C:\Users\Aurélie\AppData\Local\Microsoft\OneDrive\OneDrive.exe [13/12/2017 19:57:19] CPU Usage:0 % 8724 | [Owner : Aurélie | Parent : 10024(explorer.exe) | 7.45 Mo] - (.Spotify Ltd - SpotifyWebHelper.) - (1.0.69.336) = C:\Users\Aurélie\AppData\Roaming\Spotify\SpotifyWebHelper.exe [16/12/2017 14:17:16] CPU Usage:0 % 8024 | [Owner : Aurélie | Parent : 60(svchost.exe) | 10.47 Mo] - (.-.) - (8.34.0.81) = C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe [14/11/2018 11:26:08] CPU Usage:0 % 9652 | [Owner : Aurélie | Parent : 10024(explorer.exe) | 88.21 Mo] - (.Garmin Ltd. or its subsidiaries - Garmin Express.) - (6.9.1.0) = C:\Program Files (x86)\Garmin\Express\express.exe [24/10/2018 15:18:34] CPU Usage:0 % 8308 | [Owner : Aurélie | Parent : 60(svchost.exe) | 31.8 Mo] - (.-.) - (10.18082.1381.0) = C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x64__8wekyb3d8bbwe\Video.UI.exe [27/10/2018 10:54:14] CPU Usage:0 % 2660 | [Owner : Aurélie | Parent : 60(svchost.exe) | 14.75 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.17134.1) = C:\Windows\System32\RuntimeBroker.exe [12/04/2018 00:34:06] CPU Usage:0 % 9388 | [Owner : Aurélie | Parent : 4396() | 26.4 Mo] - (.AVAST Software - Avast Antivirus.) - (18.8.4084.408) = C:\Program Files\AVAST Software\Avast\AvastUI.exe [22/11/2018 19:53:22] CPU Usage:0 % 9876 | [Owner : Aurélie | Parent : 9652(express.exe) | 28.79 Mo] - (.The CefSharp Authors - CefSharp.BrowserSubprocess.) - (57.0.0.0) = C:\Program Files (x86)\Garmin\Express\CefSharp.BrowserSubprocess.exe [18/04/2017 05:45:18] CPU Usage:0 % 9696 | [Owner : Aurélie | Parent : 808(services.exe) | 11.98 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 2536 | [Owner : Aurélie | Parent : 60(svchost.exe) | 9.22 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.17134.1) = C:\Windows\System32\RuntimeBroker.exe [12/04/2018 00:34:06] CPU Usage:0 % 9724 | [Owner : Système | Parent : 60(svchost.exe) | 9.63 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.17134.1) = C:\Windows\System32\wbem\WmiPrvSE.exe [12/04/2018 00:34:40] CPU Usage:0 % 1952 | [Owner : Aurélie | Parent : 60(svchost.exe) | 6.96 Mo] - (.Microsoft Corporation - Sink to receive asynchronous callbacks for WMI client application.) - (10.0.17134.1) = C:\Windows\System32\wbem\unsecapp.exe [12/04/2018 00:34:40] CPU Usage:0 % 8408 | [Owner : Aurélie | Parent : 10024(explorer.exe) | 217.4 Mo] - (.Mozilla Corporation - Firefox.) - (63.0.3.6892) = C:\Program Files (x86)\Mozilla Firefox\firefox.exe [15/12/2017 10:33:15] CPU Usage:7 % 5888 | [Owner : Aurélie | Parent : 8408(firefox.exe) | 42.44 Mo] - (.Mozilla Corporation - Firefox.) - (63.0.3.6892) = C:\Program Files (x86)\Mozilla Firefox\firefox.exe [15/12/2017 10:33:15] CPU Usage:0 % 7624 | [Owner : Aurélie | Parent : 8408(firefox.exe) | 223.78 Mo] - (.Mozilla Corporation - Firefox.) - (63.0.3.6892) = C:\Program Files (x86)\Mozilla Firefox\firefox.exe [15/12/2017 10:33:15] CPU Usage:4 % 3304 | [Owner : Aurélie | Parent : 8408(firefox.exe) | 193.51 Mo] - (.Mozilla Corporation - Firefox.) - (63.0.3.6892) = C:\Program Files (x86)\Mozilla Firefox\firefox.exe [15/12/2017 10:33:15] CPU Usage:0 % 10504 | [Owner : Aurélie | Parent : 1416(svchost.exe) | 2.28 Mo] - (.ASUS - ACMON.) - (1.0.8.0) = C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [12/10/2016 22:17:10] CPU Usage:0 % 10664 | [Owner : Aurélie | Parent : 5308() | 32.95 Mo] - (.ASUSTeK Computer Inc. - ASUS Live Update.) - (3.4.3.0) = C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [01/08/2016 10:35:42] CPU Usage:0 % 10996 | [Owner : SERVICE LOCAL | Parent : 808(services.exe) | 5.69 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 6440 | [Owner : Aurélie | Parent : 8408(firefox.exe) | 81.9 Mo] - (.Mozilla Corporation - Firefox.) - (63.0.3.6892) = C:\Program Files (x86)\Mozilla Firefox\firefox.exe [15/12/2017 10:33:15] CPU Usage:0 % 7180 | [Owner : Aurélie | Parent : 8184(Asusgiftbox.exe) | 7.84 Mo] - (.ASUSTek Computer Inc - ASUS GIFTBOX.) - (7.5.24.0) = C:\Program Files (x86)\ASUS\Giftbox\Asusgiftbox.exe [03/07/2017 10:51:42] CPU Usage:0 % 10436 | [Owner : Aurélie | Parent : 8184(Asusgiftbox.exe) | 37.66 Mo] - (.ASUSTek Computer Inc - ASUS GIFTBOX.) - (7.5.24.0) = C:\Program Files (x86)\ASUS\Giftbox\Asusgiftbox.exe [03/07/2017 10:51:42] CPU Usage:0 % 1704 | [Owner : Aurélie | Parent : 10024(explorer.exe) | 23.66 Mo] - (.Microsoft Corporation - Microsoft Office Click-to-Run (SxS).) - (16.0.11029.20079) = C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe [04/07/2017 17:24:45] CPU Usage:0 % 6768 | [Owner : Système | Parent : 3332(OfficeClickToRun.exe) | 60.01 Mo] - (.Microsoft Corporation - Microsoft Office Click-to-Run (SxS).) - (16.0.11029.20079) = C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe [04/07/2017 17:24:45] CPU Usage:18 % 2824 | [Owner : Aurélie | Parent : 10436(Asusgiftbox.exe) | 1.82 Mo] - (.Microsoft Corporation - Interpréteur de commandes Windows.) - (10.0.17134.1) = C:\Windows\SysWOW64\cmd.exe [12/04/2018 00:34:49] CPU Usage:0 % 10276 | [Owner : Aurélie | Parent : 2824(cmd.exe) | 4.31 Mo] - (.Microsoft Corporation - Hôte de la fenêtre de la console.) - (10.0.17134.1) = C:\Windows\System32\conhost.exe [12/04/2018 00:34:20] CPU Usage:0 % 10304 | [Owner : Aurélie | Parent : 10436(Asusgiftbox.exe) | 1.75 Mo] - (.Microsoft Corporation - Interpréteur de commandes Windows.) - (10.0.17134.1) = C:\Windows\SysWOW64\cmd.exe [12/04/2018 00:34:49] CPU Usage:0 % 7500 | [Owner : Aurélie | Parent : 10304(cmd.exe) | 4.2 Mo] - (.Microsoft Corporation - Hôte de la fenêtre de la console.) - (10.0.17134.1) = C:\Windows\System32\conhost.exe [12/04/2018 00:34:20] CPU Usage:0 % 9300 | [Owner : Aurélie | Parent : 10304(cmd.exe) | 32.36 Mo] - (.Microsoft Corporation - Windows PowerShell.) - (10.0.17134.1) = C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe [12/04/2018 00:35:27] CPU Usage:0 % 7700 | [Owner : Aurélie | Parent : 2824(cmd.exe) | 31.32 Mo] - (.Microsoft Corporation - Windows PowerShell.) - (10.0.17134.1) = C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe [12/04/2018 00:35:27] CPU Usage:0 % 8892 | [Owner : Aurélie | Parent : 2824(cmd.exe) | 1.34 Mo] - (.Microsoft Corporation - Utilitaire de recherche de chaînes (grep).) - (10.0.17134.1) = C:\Windows\SysWOW64\find.exe [12/04/2018 00:34:47] CPU Usage:0 % 8440 | [Owner : SERVICE LOCAL | Parent : 2316(svchost.exe) | 15.56 Mo] - (.Microsoft Corporation - Isolation graphique de périphérique audio Windows.) - (10.0.17134.407) = C:\Windows\System32\audiodg.exe [19/11/2018 16:16:50] CPU Usage:0 % 9416 | [Owner : Aurélie | Parent : 10024(explorer.exe) | 46.58 Mo] - (.SosVirus - QuickDiag.) - (31.8.18.1) = C:\Users\Aurélie\Desktop\QuickDiag.exe [03/12/2018 18:23:15] CPU Usage:0 % 3812 | [Owner : SERVICE RÉSEAU | Parent : 60(svchost.exe) | 9.99 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.17134.1) = C:\Windows\SysWOW64\wbem\WmiPrvSE.exe [12/04/2018 00:34:55] CPU Usage:0 % ---------- | Locked Applications [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{f9e93b39-49d1-4179-9848-a5a2896955ea}] - () - (%systemroot%\system32\mrt.exe) ---------- | Explorer.exe Modules (Microsoft Files Whitelisted) (.AVAST Software.-.Hook Library.) - (18.8.4.1339) -- C:\Program Files\AVAST Software\Avast\x64\aswhooka.dll (..-..) - (0.0.0.0) -- C:\Windows\System32\InputHost.dll (.AVAST Software.-.Avast Shell Extension.) - (18.8.4084.0) -- C:\Program Files\AVAST Software\Avast\ashShA64.dll (.Intel Corporation.-.User Mode Driver for Intel(R) Graphics Technology.) - (21.20.16.4534) -- C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7a99cee8a1a412a6\igd10iumd64.dll (.Intel Corporation.-.Intel Graphics Shader Compiler for Intel(R) Graphics Accelerator.) - (21.20.16.4534) -- C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7a99cee8a1a412a6\igc64.dll (..-..) - (0.0.0.0) -- C:\Windows\ShellExperiences\TileControl.dll (..-..) - (0.0.0.0) -- C:\Windows\ShellComponents\TaskFlowUI.dll (.Intel Corporation.-.igfxDTCM Module.) - (6.15.10.4534) -- C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7a99cee8a1a412a6\igfxDTCM.dll (.Intel Corporation.-.igfxDH Module.) - (6.15.10.4534) -- C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7a99cee8a1a412a6\igfxDH.dll (.Intel Corporation.-.igfxLHM Module.) - (6.15.10.4534) -- C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7a99cee8a1a412a6\igfxLHM.dll (.Intel Corporation.-.igfxDI Module.) - (6.15.10.4534) -- C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7a99cee8a1a412a6\igfxDI.dll (.Malwarebytes.-.Malwarebytes.) - (3.0.0.57) -- C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll ---------- | Winlogon.exe Modules (Microsoft Files Whitelisted) (.AVAST Software.-.Hook Library.) - (18.8.4.1339) -- C:\Program Files\AVAST Software\Avast\x64\aswhooka.dll ---------- | svchost.exe Modules (Microsoft Files Whitelisted) (.SQLite Development Team.-.SQLite is a software library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine..) - (3.21.0.0) -- c:\windows\system32\winsqlite3.dll (..-..) - (0.0.0.0) -- C:\Windows\System32\InputHost.dll (.AVAST Software.-.Hook Library.) - (18.8.4.1339) -- C:\Program Files\AVAST Software\Avast\x64\aswhooka.dll ---------- | ZeroAccess Check [HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll [HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll [HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll ---------- | Startings up OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-19\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE LOCAL OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-20\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE RÉSEAU OneDrive - ("C:\Users\Aurélie\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background [HKU\S-1-5-21-1346661418-3917707748-2786925825-1001\SOFTWARE\...\Run]) - User: DESKTOP-QACPS1A\Aurélie Spotify Web Helper - (C:\Users\Aurélie\AppData\Roaming\Spotify\SpotifyWebHelper.exe --autostart [HKU\S-1-5-21-1346661418-3917707748-2786925825-1001\SOFTWARE\...\Run]) - User: DESKTOP-QACPS1A\Aurélie Epson Stylus SX218 - (C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGDE.EXE /FU "C:\Windows\TEMP\E_S3928.tmp" /EF "HKCU" [HKU\S-1-5-21-1346661418-3917707748-2786925825-1001\SOFTWARE\...\Run]) - User: DESKTOP-QACPS1A\Aurélie GarminExpressTrayApp - ("C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" [HKU\S-1-5-21-1346661418-3917707748-2786925825-1001\SOFTWARE\...\Run]) - User: DESKTOP-QACPS1A\Aurélie GarminExpress - ("C:\Program Files (x86)\Garmin\Express\express.exe" /minimized [HKU\S-1-5-21-1346661418-3917707748-2786925825-1001\SOFTWARE\...\Run]) - User: DESKTOP-QACPS1A\Aurélie SecurityHealth - (%ProgramFiles%\Windows Defender\MSASCuiL.exe [HKLM\SOFTWARE\...\Run]) - User: Public AvastUI.exe - ("C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui [HKLM\SOFTWARE\...\Run]) - User: Public iTunesHelper - ("C:\Program Files\iTunes\iTunesHelper.exe" [HKLM\SOFTWARE\...\Run]) - User: Public Windows Mobile Device Center - (%windir%\WindowsMobile\wmdc.exe [HKLM\SOFTWARE\...\Run]) - User: Public [HKU\S-1-5-21-1346661418-3917707748-2786925825-1001\Software\Microsoft\Command Processor] "CompletionChar"=9 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=9 [HKU\S-1-5-21-1346661418-3917707748-2786925825-1001\Software\Microsoft\Windows\CurrentVersion\Run] "OneDrive"="C:\Users\Aurélie\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background "Spotify Web Helper"=C:\Users\Aurélie\AppData\Roaming\Spotify\SpotifyWebHelper.exe --autostart "Epson Stylus SX218"=C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGDE.EXE /FU "C:\Windows\TEMP\E_S3928.tmp" /EF "HKCU" "GarminExpressTrayApp"="C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" "GarminExpress"="C:\Program Files (x86)\Garmin\Express\express.exe" /minimized [HKU\S-1-5-21-1346661418-3917707748-2786925825-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Application Restart #0"=C:\Program Files (x86)\ASUS\Giftbox\Asusgiftbox.exe --no-displaying-insecure-content --disable-devtools --disable-raf-throttling --user-data-dir="C:\Users\Aurélie\AppData\Local\ASUS GIFTBOX\User Data" --no-sandbox --flag-switches-begin --flag-switches-end --nwapp="C:\Program Files (x86)\ASUS\Giftbox" --restore-last-session [HKU\S-1-5-21-1346661418-3917707748-2786925825-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run] "OneDrive"=0x020000000000000000000000 "Spotify Web Helper"=0x020000000000000000000000 "Epson Stylus SX218"=0x020000000000000000000000 "GarminExpressTrayApp"=0x020000000000000000000000 "GarminExpress"=0x020000000000000000000000 [HKU\S-1-5-21-1346661418-3917707748-2786925825-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "Device"=Epson Stylus SX218,winspool,Ne03: "IsMRUEstablished"=1 "LegacyDefaultPrinterMode"=1 [HKLM\Software\Microsoft\Command Processor] "DefaultColor"=0 "EnableExtensions"=1 "CompletionChar"=64 "PathCompletionChar"=64 [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "SecurityHealth"=%ProgramFiles%\Windows Defender\MSASCuiL.exe "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" "Windows Mobile Device Center"=%windir%\WindowsMobile\wmdc.exe [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run] "SecurityHealth"=0x060000000000000000000000 "WindowsDefender"=0x040000000000000000000000 "AvastUI.exe"=0x020000000000000000000000 "iTunesHelper"=0x020000000000000000000000 "Windows Mobile Device Center"=0x020000000000000000000000 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32] "AsInstCD"=0x020000000000000000000000 "SysVContoller32"=0x020000000000000000000000 [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] ""=mnmsrvc "AppInit_DLLs"= "DdeSendTimeout"=0 "DesktopHeapLogging"=1 "DeviceNotSelectedTimeout"=15 "DwmInputUsesIoCompletionPort"=1 "EnableDwmInputProcessing"=7 "GDIProcessHandleQuota"=10000 "IconServiceLib"=IconCodecService.dll "LoadAppInit_DLLs"=0 "NaturalInputHandler"=Ninput.dll "ShutdownWarningDialogTimeout"=4294967295 "Spooler"=yes "ThreadUnresponsiveLogTimeout"=500 "TransmissionRetryTimeout"=90 "USERNestedWindowLimit"=50 "USERPostMessageLimit"=10000 "USERProcessHandleQuota"=10000 "Win32kLastWriteTime"=1D3D1ED98C0F7D8 [HKLM\Software\WOW6432Node\Microsoft\Command Processor] "CompletionChar"=9 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=9 [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows] ""=mnmsrvc "AppInit_DLLs"= "DdeSendTimeout"=0 "DesktopHeapLogging"=1 "DeviceNotSelectedTimeout"=15 "DwmInputUsesIoCompletionPort"=1 "EnableDwmInputProcessing"=7 "GDIProcessHandleQuota"=10000 "IconServiceLib"=IconCodecService.dll "LoadAppInit_DLLs"=0 "NaturalInputHandler"=Ninput.dll "ShutdownWarningDialogTimeout"=4294967295 "Spooler"=yes "ThreadUnresponsiveLogTimeout"=500 "TransmissionRetryTimeout"=90 "USERNestedWindowLimit"=50 "USERPostMessageLimit"=10000 "USERProcessHandleQuota"=10000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED} ---------- | Win.ini : ---------- | System.ini : ---------- | Tasks List Adobe Acrobat Update Task ASUS Live Update1 ASUS Live Update2 ASUS Splendid ACMON Avast Emergency Update GarminUpdaterTask Intel PTT EK Recertification OneDrive Standalone Update Task-S-1-5-21-1346661418-3917707748-2786925825-1001 RtHDVBg_ListenToDevice RTKCPL Update Checker WpsExternal_20161111081738 WpsKtpcntrQingTask_Administrator ---------- | Startings up registry ? Folder ---------- | Control - lsa - SecurityProviders - Session Manager - Terminal Server [HKLM\System\CurrentControlSet\Control] "BootDriverFlags"=28 "CurrentUser"=USERNAME "EarlyStartServices"=RpcSs Power BrokerInfrastructure SystemEventsBroker DcomLaunch RpcEpMapper LSM AppIdSvc "PreshutdownOrder"=UsoSvc DeviceInstall gpsvc trustedinstaller "SvcHostSplitThresholdInKB"=3670016 "WaitToKillServiceTimeout"=200 "SystemStartOptions"= NOEXECUTE=OPTIN NOVGA "SystemBootDevice"=multi(0)disk(0)rdisk(0)partition(3) "FirmwareBootDevice"=multi(0)disk(0)rdisk(0)partition(1) "LastBootSucceeded"=1 "LastBootShutdown"=0 "DirtyShutdownCount"=13 [HKLM\System\CurrentControlSet\Control\lsa] "auditbasedirectories"=0 "auditbaseobjects"=0 "Bounds"=0x0030000000200000 "crashonauditfail"=0 "fullprivilegeauditing"=0x00 "LimitBlankPasswordUse"=1 "NoLmHash"=1 "Security Packages"="" [13/12/2017 19:48:06] "Notification Packages"=scecli "Authentication Packages"=msv1_0 "disabledomaincreds"=0 "everyoneincludesanonymous"=0 "forceguest"=0 "LsaPid"=840 "ProductType"=3 "restrictanonymous"=0 "restrictanonymoussam"=1 "SecureBoot"=1 [HKLM\System\CurrentControlSet\Control\SecurityProviders] "SecurityProviders"=credssp.dll [HKLM\System\CurrentControlSet\Control\Session Manager] "AutoChkTimeout"=8 "BootExecute"=autocheck autochk * "BootShell"=%SystemRoot%\system32\bootim.exe "CriticalSectionTimeout"=2592000 "ExcludeFromKnownDlls"= "GlobalFlag"=0 "HeapDeCommitFreeBlockThreshold"=0 "HeapDeCommitTotalFreeThreshold"=0 "HeapSegmentCommit"=0 "HeapSegmentReserve"=0 "InitConsoleFlags"=0 "NumberOfInitialSessions"=2 "ObjectDirectories"=\Windows \RPC Control "ProcessorControl"=2 "ProtectionMode"=1 "RunLevelExecute"=WinInit ServiceControlManager "RunLevelValidate"=ServiceControlManager "SETUPEXECUTE"= "AutoChkSkipSystemPartition"=0 "ResourceTimeoutCount"=648000 [HKLM\System\CurrentControlSet\Control\Terminal Server] "AllowRemoteRPC"=0 "DelayConMgrTimeout"=0 "DeleteTempDirsOnExit"=1 "fDenyTSConnections"=1 "fSingleSessionPerUser"=1 "NotificationTimeOut"=0 "PerSessionTempDir"=0 "ProductVersion"=5.1 "RCDependentServices"=CertPropSvc SessionEnv "SnapshotMonitors"=1 "StartRCM"=0 "TSUserEnabled"=0 "InstanceID"=09a17d65-55fb-4c4d-9036-5b669f5 "GlassSessionId"=2 ---------- | .LNK with Arguments ---------- | AppCertDlls ---------- | Dnsapi.dll C:\WINDOWS\System32\dnsapi.dll -> OK : \drivers\etc\hosts C:\WINDOWS\SysWOW64\dnsapi.dll -> OK : \drivers\etc\hosts ---------- | Policies | Registry [HKU\S-1-5-21-1346661418-3917707748-2786925825-1001\Control Panel\Desktop] "ActiveWndTrackTimeout"=0 "BlockSendInputResets"=0 "CaretTimeout"=5000 "CaretWidth"=1 "ClickLockTime"=1200 "CoolSwitchColumns"=7 "CoolSwitchRows"=3 "CursorBlinkRate"=530 "DockMoving"=1 "DragFromMaximize"=1 "DragFullWindows"=1 "DragHeight"=4 "DragWidth"=4 "FocusBorderHeight"=1 "FocusBorderWidth"=1 "FontSmoothing"=2 "FontSmoothingGamma"=0 "FontSmoothingOrientation"=1 "FontSmoothingType"=2 "ForegroundFlashCount"=7 "ForegroundLockTimeout"=200000 "LeftOverlapChars"=3 "MenuShowDelay"=400 "MouseWheelRouting"=2 "PaintDesktopVersion"=0 "Pattern"=0 "RightOverlapChars"=3 "ScreenSaveActive"=1 "SnapSizing"=1 "TileWallpaper"=0 "WallPaper"=c:\windows\web\wallpaper\windows\img0.jpg [12/04/2018 00:33:58] "WallpaperOriginX"=0 "WallpaperOriginY"=0 "WallpaperStyle"=10 "WheelScrollChars"=3 "WheelScrollLines"=3 "WindowArrangementActive"=1 "Win8DpiScaling"=0 "DpiScalingVer"=4096 "UserPreferencesMask"=0x9E1E078012000000 "MaxVirtualDesktopDimension"=1920 "MaxMonitorDimension"=1920 "TranscodedImageCount"=1 "LastUpdated"=4294967295 "TranscodedImageCache"=0x7AC301002B73030080070000B0040000F5DD7690EDD1D30163003A005C00770069006E0064006F00770073005C007700650062005C00770061006C006C00700061007000650072005C00770069006E0064006F00770073005C0069006D00670030002E006A007000670000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 "WaitToKillAppTimeout"=200 "HungAppTimeout"=200 [HKU\S-1-5-21-1346661418-3917707748-2786925825-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{018D5C66-4533-4307-9B53-224DE2ED1FE6}"=1 [HKU\S-1-5-21-1346661418-3917707748-2786925825-1001\Software\Microsoft\Windows\CurrentVersion\Explorer] "ShellState"=0x240000003428000000000000000000000000000001000000130000000000000062000000 "ExplorerStartupTraceRecorded"=1 "UserSignedIn"=1 "SlowContextMenuEntries"=0xB083204722C5CF11876300608CC02F24231C00008549D87AB487164ABE588B72A5B390F7731900006024B221EA3A6910A2DC08002B30309D2E22000005F7542848354C41A11393E27C808C85CE1700000114020000000000C000000000000046A3190000 "SIDUpdatedOnLibraries"=1 "LocalKnownFoldersMigrated"=1 "TelemetrySalt"=5 "GlobalAssocChangedCounter"=616 "FirstRunTelemetryComplete"=1 "AppReadinessLogonComplete"=1 "EdgeDesktopShortcutCreated"=1 "PostAppInstallTasksCompleted"=1 "link"=0x1E000000 [HKU\S-1-5-21-1346661418-3917707748-2786925825-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_SearchFiles"=2 "ServerAdminUI"=0 "Hidden"=2 "ShowCompColor"=1 "HideFileExt"=1 "DontPrettyPath"=0 "ShowInfoTip"=1 "HideIcons"=0 "MapNetDrvBtn"=0 "WebView"=1 "Filter"=0 "ShowSuperHidden"=0 "SeparateProcess"=0 "AutoCheckSelect"=0 "IconsOnly"=0 "ShowTypeOverlay"=1 "ShowStatusBar"=1 "ListviewAlphaSelect"=1 "ListviewShadow"=1 "TaskbarAnimations"=1 "StoreAppsOnTaskbar"=1 "StartMenuInit"=13 "TaskbarStateLastRun"=0x6421045C00000000 "ReindexedProfile"=1 [HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers] "authenticodeenabled"=0 "DefaultLevel"=262144 "TransparentEnabled"=1 "PolicyScope"=0 "ExecutableTypes"=ADE ADP BAS BAT CHM CMD COM CPL CRT EXE HLP HTA INF INS ISP LNK MDB MDE MSC MSI MSP MST OCX PCD PIF REG SCR SHS URL VB WSC [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "DSCAutomationHostEnabled"=2 "EnableCursorSuppression"=1 "EnableFullTrustStartupTasks"=2 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableUwpStartupTasks"=2 "EnableVirtualization"=1 "PromptOnSecureDesktop"=1 "SupportFullTrustStartupTasks"=1 "SupportUwpStartupTasks"=1 "ValidateAdminCodeSignatures"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "ForceActiveDesktopOn"=0 "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "NoRecentDocsHistory"=0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoAddingComponents"=1 "NoComponents"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "CheckedValue"=1 "DefaultValue"=2 "HKeyRoot"=2147483649 "Id"=2 "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "ValueName"=Hidden [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer] "ActiveSetupDisabled"=0 "ActiveSetupTaskOverride"=1 "AsyncRunOnce"=1 "AsyncUpdatePCSettings"=1 "DisableAppInstallsOnFirstLogon"=1 "DisableResolveStoreCategories"=1 "DisableUpgradeCleanup"=1 "EarlyAppResolverStart"=1 "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "FSIASleepTimeInMs"=60000 "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "IconUnderline"=2 "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "MachineOobeUpdates"=1 "NoWaitOnRoamingPayloads"=1 "TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd} "SmartScreenEnabled"=RequireAdmin [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_TrackDocs"=1 "TaskbarSizeMove"=0 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s [HKLM\Software\WOW6432Node\Policies\Microsoft\Windows\Safer\CodeIdentifiers] "authenticodeenabled"=0 "DefaultLevel"=262144 "TransparentEnabled"=1 "PolicyScope"=0 "ExecutableTypes"=ADE ADP BAS BAT CHM CMD COM CPL CRT EXE HLP HTA INF INS ISP LNK MDB MDE MSC MSI MSP MST OCX PCD PIF REG SCR SHS URL VB WSC [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "DSCAutomationHostEnabled"=2 "EnableCursorSuppression"=1 "EnableFullTrustStartupTasks"=2 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableUwpStartupTasks"=2 "EnableVirtualization"=1 "PromptOnSecureDesktop"=1 "SupportFullTrustStartupTasks"=1 "SupportUwpStartupTasks"=1 "ValidateAdminCodeSignatures"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer] "ForceActiveDesktopOn"=0 "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "NoRecentDocsHistory"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoAddingComponents"=1 "NoComponents"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "CheckedValue"=1 "DefaultValue"=2 "HKeyRoot"=2147483649 "Id"=2 "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "ValueName"=Hidden [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer] "ActiveSetupDisabled"=0 "ActiveSetupTaskOverride"=1 "AsyncRunOnce"=1 "AsyncUpdatePCSettings"=1 "DisableAppInstallsOnFirstLogon"=1 "DisableResolveStoreCategories"=1 "DisableUpgradeCleanup"=1 "EarlyAppResolverStart"=1 "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "FSIASleepTimeInMs"=60000 "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "IconUnderline"=2 "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "MachineOobeUpdates"=1 "NoWaitOnRoamingPayloads"=1 "TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd} "GlobalAssocChangedCounter"=8 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_TrackDocs"=1 "TaskbarSizeMove"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s ---------- | Winlogon [HKU\S-1-5-21-1346661418-3917707748-2786925825-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin;OneDrive;Work Folders "PUUActive"=0x0EFB17D0030009008600CB01C67F0C00D7980D00D7980D00D200000002002000E7ADAE4E8A9ADD0087EA40008ECA0500E2FC04003D0701000000000092953F002DB50000CF080000433C4B1C898AD40178711600000000000100000078711600EE420000B625000094E1F20000000000 "BuildNumber"=17134 "FirstLogon"=0 "DP"=0xD200E800C7000900880000000EFB17D0000000000000000004C6A4432C8BD40104C6A4432C8BD401000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000F03F8051010098520040080015080C081508387E0000384980023D49C0025E53008000190606009906063BC00000D2412803D2412833221C018010024C5A10825C5A6447004050C52C0858C52C08912B01004401C241C511C24185B2000053EC050253ED0D02742701808085012391852B33A5B100008DA81608AFA81608964301800012C810009AD911 [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "AutoRestartShell"=1 "Background"=0 0 0 "CachedLogonsCount"=10 "DebugServerCommand"=no "DefaultDomainName"= "DisableBackButton"=1 "EnableSIHostIntegration"=1 "ForceUnlockLogon"=0 "LegalNoticeCaption"= "LegalNoticeText"= "PasswordExpiryWarning"=5 "PowerdownAfterShutdown"=0 "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "ReportBootOk"=1 "Shell"=explorer.exe "ShellCritical"=0 "ShellInfrastructure"=sihost.exe "SiHostCritical"=0 "SiHostReadyTimeOut"=0 "SiHostRestartCountLimit"=0 "SiHostRestartTimeGap"=0 "VMApplet"=SystemPropertiesPerformance.exe /pagefile "WinStationsDisabled"=0 "scremoveoption"=0 "LastLogOffEndTimePerfCounter"=4001152846 "ShutdownFlags"=2147483883 "Userinit"=c:\windows\system32\userinit.exe, "DisableCad"=1 "DisableLockWorkstation"=0 "AutoAdminLogon"=0 "DefaultUserName"=Aurélie "IsConnectedAutoLogon"=0 "EnableFirstLogonAnimation"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon] "DefaultDomainName"= "DefaultUserName"= "EnableSIHostIntegration"=1 "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "Shell"=explorer.exe "ShellCritical"=0 "SiHostCritical"=0 "SiHostReadyTimeOut"=0 "SiHostRestartCountLimit"=0 "SiHostRestartTimeGap"=0 "Userinit"=C:\WINDOWS\system32\userinit.exe [12/04/2018 00:34:22] ---------- | Associations [HKLM\Software\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\Classes\.com] ""=comfile [HKLM\Software\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.reg] ""=regfile [HKLM\Software\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\Classes\.scr] ""=scrfile [HKLM\Software\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\Classes\.bat] ""=batfile [HKLM\Software\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.cmd] ""=cmdfile [HKLM\Software\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.pif] ""=piffile [HKLM\Software\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.inf] ""=inffile [HKLM\Software\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\Classes\.url] ""=InternetShortcut [HKLM\Software\Classes\.lnk] ""=lnkfile [HKLM\Software\Classes\.hta] ""=htafile "Content Type"=application/hta "PerceivedType"=text [HKLM\Software\Classes\htafile\Shell\Open\Command] ""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* [HKLM\Software\Classes\InternetShortcut] "EditFlags"=2 "FriendlyTypeName"=@C:\WINDOWS\system32\ieframe.dll,-10046 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "NeverShowExt"= "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment ""=Raccourci Internet [HKLM\Software\Classes\Application.Manifest] ""=Application Manifest "BrowserFlags"=4096 "EditFlags"=4259840 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200 [HKLM\Software\Classes\Application.Reference] ""=Application Reference "EditFlags"=131072 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201 "IsShortcut"= "NeverShowExt"= [HKLM\Software\Classes\Folder] ""=Folder "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeLayoutPatternForSearch"=alpha "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.HomeGroupSharingStatus [HKLM\Software\WOW6432Node\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\WOW6432Node\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\WOW6432Node\Classes\.com] ""=comfile [HKLM\Software\WOW6432Node\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.reg] ""=regfile [HKLM\Software\WOW6432Node\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\WOW6432Node\Classes\.scr] ""=scrfile [HKLM\Software\WOW6432Node\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\WOW6432Node\Classes\.bat] ""=batfile [HKLM\Software\WOW6432Node\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.cmd] ""=cmdfile [HKLM\Software\WOW6432Node\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.pif] ""=piffile [HKLM\Software\WOW6432Node\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.inf] ""=inffile [HKLM\Software\WOW6432Node\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\WOW6432Node\Classes\.url] ""=InternetShortcut [HKLM\Software\WOW6432Node\Classes\.lnk] ""=lnkfile [HKLM\Software\WOW6432Node\Classes\.hta] ""=htafile "Content Type"=application/hta "PerceivedType"=text [HKLM\Software\WOW6432Node\Classes\htafile\Shell\Open\Command] ""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* [HKLM\Software\WOW6432Node\Classes\InternetShortcut] "EditFlags"=2 "FriendlyTypeName"=@C:\WINDOWS\system32\ieframe.dll,-10046 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "NeverShowExt"= "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment ""=Raccourci Internet [HKLM\Software\WOW6432Node\Classes\Application.Manifest] ""=Application Manifest "BrowserFlags"=4096 "EditFlags"=4259840 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200 [HKLM\Software\WOW6432Node\Classes\Application.Reference] ""=Application Reference "EditFlags"=131072 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201 "IsShortcut"= "NeverShowExt"= [HKLM\Software\WOW6432Node\Classes\Folder] ""=Folder "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeLayoutPatternForSearch"=alpha "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.HomeGroupSharingStatus [HKU\S-1-5-21-1346661418-3917707748-2786925825-1001\Software\Clients\StartMenuInternet\Firefox-E7CF176E110C211B\Shell\open\Command] ""="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [HKU\S-1-5-21-1346661418-3917707748-2786925825-1001\Software\Clients\StartMenuInternet\Firefox-E7CF176E110C211B\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\Clients\StartMenuInternet\Firefox-E7CF176E110C211B\Shell\open\Command] ""="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [HKLM\Software\Clients\StartMenuInternet\Firefox-E7CF176E110C211B\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""=C:\Program Files\Internet Explorer\iexplore.exe [12/04/2018 17:19:11] [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Firefox-E7CF176E110C211B\Shell\open\Command] ""="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Firefox-E7CF176E110C211B\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""=C:\Program Files\Internet Explorer\iexplore.exe [12/04/2018 17:19:11] [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall ---------- | AppcompatFlags [HKU\S-1-5-21-1346661418-3917707748-2786925825-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store] "C:\Users\Aurélie\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C0BA02005C1F030001000000000000000000000A0021000033504C2B57DFD1010000000100000000 "C:\Users\Aurélie\Downloads\avast_free_antivirus_setup_online (1).exe"=0x5341435001000000000000000700000028000000F08B65007099650001000000000000000000000A0021000033504C2B57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000004FBD2C00000000000200000002000000 "C:\Users\Aurélie\Downloads\Firefox_Setup_57.0.1_fr-FR.exe"=0x5341435001000000000000000700000028000000001A290288112A0201000000000000000000000A0021000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000080FB0800000000000100000001000000 "C:\Program Files\mcafee\msc\mcuihost.exe"=0x5341435001000000000000000700000028000000C0E21000E2C2110001000000000000000000000A00210000D5B3B31A57DFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000060A50500000000000100000001000000 "C:\Program Files\AVAST Software\Avast\AvastUI.exe"=0x5341435001000000000000000700000028000000B0F68C00CE1F8D0001000000000000000000000A0021000033504C2B57DFD1010000000000000000 "C:\Users\Aurélie\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C89C0300B381040001000000000000000000000A7120000033504C2B57DFD1010000000100000000 "C:\Users\Aurélie\Downloads\SpotifySetup.exe"=0x5341435001000000000000000700000028000000F0110B0069A20B0001000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000F66C7900000000000100000001000000 "C:\Users\Aurélie\Downloads\epson326211eu.exe"=0x53414350010000000000000007000000280000000050B9000000000001000000000000000000000671020000BFA2139DEDD1D3010000000000000000020000002800000000000000800000400000000000000000000000000000000028590100000000000400000004000000 "C:\Users\Aurélie\Downloads\epson375002eu.exe"=0x534143500100000000000000070000002800000000BA03010000000001000000000000000000010571000000DB80FDAC2839D3010000000000000000010000000400000001000000020000007800000000000000800800600000000000000000000000000000000016D305000000000001000000010000000000000000000000000010000000000000001000000000008C15000000000000010000000000000000000000800800400000000000000000000000000000000039650200000000000100000000000000 "C:\Users\Aurélie\Downloads\GoPro_Quik-WinInstaller-2.5.1.462.exe"=0x534143500100000000000000070000002800000098DE6A092FDC6B0901000000000000000000000A0021000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000007DA10400000000000100000001000000 "C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.8809.7600.0_x86__8wekyb3d8bbwe\Office16\OfficeHubWin32.exe"=0x5341435001000000000000000700000028000000A8021800C252180001000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000986E0000000000000100000001000000 "C:\Program Files\Windows NT\Accessories\wordpad.exe"=0x534143500100000000000000070000002800000000AA44008CBE440001000000010000000000000A73220000D5B3B31A57DFD1010000000000000000 "C:\Users\Aurélie\Downloads\Setup.X64.fr-fr_O365ProPlusRetail_01685eb3-f71e-428d-892e-7e6aebd9fb9b_TX_DB_b_32_.exe"=0x534143500100000000000000070000002800000020336A0060536A0001000000000000000000000A00210000D5B3B31A57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000024225B00000000000300000003000000 "C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe"=0x5341435001000000000000000700000028000000A8301001ADA8100101000000000000000000000A00210000D5B3B31A57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000726D5500000000000200000002000000 "C:\Users\Aurélie\Downloads\AcroRdrDC1701220093_fr_FR.exe"=0x5341435001000000000000000700000028000000F0A10207A355030701000000000000000000000A7122000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000AAED0700000000000100000001000000 "C:\Users\Aurélie\Downloads\iTunes64Setup.exe"=0x53414350010000000000000007000000280000004881C10FBF18C20F01000000000000000000000A00210000D5B3B31A57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000009F5D0700000000000100000001000000 "C:\Users\Aurélie\AppData\Local\Temp\IXP401.TMP\SetupAdmin.exe"=0x5341435001000000000000000700000028000000480D02006093020001000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000B6E20200000000000100000001000000 "C:\Windows\System32\UNPUXWorker.exe"=0x534143500100000000000000070000002800000060570100D7A3010001000000000000000000000A73220000D5B3B31A57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000004E000000000000000200000002000000 "C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.8830.7600.0_x64__8wekyb3d8bbwe\Office16\OfficeHubWin32.exe"=0x5341435001000000000000000700000028000000A8381E0089FB1E0001000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000EDC80000000000000200000002000000 "C:\Users\Aurélie\Downloads\windows-movie-maker-2016-multi.exe"=0x53414350010000000000000007000000280000007BD6D1040000000001000000000000000000000A0021000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000069C81200000000000100000001000000 "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe"=0x5341435001000000000000000700000028000000C0DC010044B6020001000000000000000000030671220000BFA2139DEDD1D301000000000000000002000000280000000000000000000010000000000000000000000000000000003856100E000000002400000024000000 "C:\Users\Aurélie\Downloads\DeepBurner1.exe"=0x5341435001000000000000000700000028000000A1BF2A000000000001000000000000000000000A4120000033504C2B57DFD10100000000000000000200000028000000000000000008004000000000000000000000000000000000B1C50000000000000100000001000000 "C:\Program Files (x86)\Astonsoft\DeepBurner\DeepBurner.exe"=0x5341435001000000000000000700000028000000000E39000000000001000000000000000000000671200000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000200000000000000000000000000F50A4A00000000000200000002000000 "C:\Users\Aurélie\Downloads\keylogger_8-1-2-2060_en_58744.exe"=0x5341435001000000000000000700000028000000D05B8C00279A8C000100000000000000000002060001000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000BDCC0500000000000100000001000000 "C:\Users\Aurélie\Downloads\refog-keylogger-serial-full-version-crack_92c-234___.exe"=0x5341435001000000000000000700000028000000E8531600FCDF160001000000000000000000000A00210000DB80FDAC2839D3010000000000000000020000002800000000000000000000400000000000000000000000000000000094C40E00000000000100000001000000 "C:\Windows\SysWOW64\MPK\unins000.exe"=0x534143500100000000000000070000002800000038F11100DEA3120001000000000000000000020600010000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000D3450000000000000100000001000000 "C:\Users\Aurélie\Downloads\familykeylogger\FamilyKeyLogger-setup.exe"=0x5341435001000000000000000700000028000000AB1E08000000000001000000000000000000000671000000DB80FDAC2839D30100000000000000000200000028000000000000000008004000000000000000000000000000000000EC640500000000000100000001000000 "C:\Program Files (x86)\Mozilla Firefox\minidump-analyzer.exe"=0x5341435001000000000000000700000028000000D01108003E60080001000000000000000000000A71200000DB80FDAC2839D3010000000000000000020000002800000000000000000000000000000000000000000000000000000067010000000000000100000001000000 "C:\Users\Aurélie\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\mb3-setup-35891.35891-3.3.1.2183-1.0.262-1.0.3374.exe"=0x5341435001000000000000000700000028000000D84EF7044010F80401000000000000000000000A00210000DB80FDAC2839D301000000000000000002000000280000000000000000000000000000000000000000000000000000005D723900000000000200000002000000 "C:\Program Files (x86)\ASUS\Giftbox\Asusgiftbox.exe"=0x5341435001000000000000000700000028000000080410005CFC100001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000001F670500000000001000000010000000 "C:\Program Files (x86)\Mozilla Firefox\pingsender.exe"=0x5341435001000000000000000700000028000000D0D70000A880010001000000000000000000000A71200000DB80FDAC2839D301000000000000000002000000280000000000000000000000000000000000000000000000000000003B180000000000002F0000002F000000 "C:\Users\Aurélie\Downloads\Thunderbird Setup 52.5.2.exe"=0x5341435001000000000000000700000028000000C83F6C02B9356D0201000000000000000000000A00210000DB80FDAC2839D3010000000000000000020000002800000000000000000000000000000000000000000000000000000074350E00000000000100000001000000 "C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe"=0x5341435001000000000000000700000028000000D02D09001BC4090001000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000C6290200000000000100000001000000 "C:\Users\Aurélie\Downloads\audacity-win-2-1-2.exe"=0x5341435001000000000000000700000028000000F94E94010000000001000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000456F0300000000000100000001000000 "C:\Program Files (x86)\Mozilla Thunderbird\uninstall\helper.exe"=0x534143500100000000000000070000002800000068840D00BD980D0003000000000000000000030600010000DB80FDAC2839D3010000000000000000020000002800000000000000000000000000000000000000000000000000000094450000000000000100000001000000 "C:\Users\Aurélie\AppData\Local\Microsoft\OneDrive\17.3.7294.0108\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000A0A203006855040001000000000000000000000A71200000DB80FDAC2839D3010000000100000000 "C:\Users\Aurélie\AppData\Local\Temp\rkfree_setup_226_password_123\rkfree_setup_226.exe"=0x5341435001000000000000000700000028000000A023190080141A0001000000000000000000000A00210000DB80FDAC2839D301000000000000000002000000280000000000000000000040000000000000000000000000000000001577D900000000000100000001000000 "C:\Windows\System32\rvlkl.exe"=0x5341435001000000000000000700000028000000A0430800763E090001000000000000000000000A00210000DB80FDAC2839D301000000000000000002000000280000000000000000000040000000000000000000000000000000009198EB0C000000000D0000000D000000 "C:\Users\Aurélie\AppData\Local\Microsoft\OneDrive\17.005.0107.0008\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000A0AC03001457040001000000000000000000000A71200000DB80FDAC2839D3010000000100000000 "C:\ProgramData\Package Cache\{61e0a1fe-56a8-4a70-8dd1-06e9c22fa02b}\QuikForDesktop.exe"=0x534143500100000000000000070000002800000010F20D0039BF0E0001000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000669C0200000000000100000001000000 "C:\Users\Aurélie\Downloads\GoPro_Quik-WinInstaller-2.5.2.633.exe"=0x5341435001000000000000000700000028000000E8746C091BD86C0901000000000000000000000A00210000DB80FDAC2839D3010000000000000000020000002800000000000000000000000000000000000000000000000000000099D90300000000000100000001000000 "C:\Program Files\GoPro\GoPro Desktop App\GoPro Quik.exe"=0x5341435001000000000000000700000028000000B8DB66006E27670001000000000000000000000A73220000DB80FDAC2839D301000000000000000002000000280000000002000600000060100000000000000000000000000000008F170000000000000100000001000000 "C:\Users\Aurélie\Downloads\GoProStudioPC-2-0-0-285.exe"=0x534143500100000000000000070000002800000070A70107DB19020701000000000000000000010600010000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000E7C70600000000000100000001000000 "C:\Program Files (x86)\GoPro\Tools\GoPro Studio.exe"=0x534143500100000000000000070000002800000000026600C536660001000000000000000000020671000000DB80FDAC2839D30100000000000000000200000028000000000000000000000000100000000000000000000000000000AE3A0200000000000100000001000000 "C:\Program Files (x86)\GoPro\GoPro Studio\uninst.exe"=0x5341435001000000000000000700000028000000752F0200DB19020701000000000000000000010600010000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000CE580000000000000100000001000000 "C:\Users\Aurélie\AppData\Local\Microsoft\OneDrive\18.025.0204.0009\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000A0AE0300F24D040001000000000000000000000A71200000DB80FDAC2839D3010000000100000000 "C:\Program Files (x86)\Audacity\audacity.exe"=0x534143500100000000000000070000002800000000B88D000000000001000000000000000000000A71220000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000073215307000000001600000016000000 "C:\Users\Aurélie\AppData\Local\Microsoft\OneDrive\18.044.0301.0006\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000A0BC0300204F040001000000000000000000000A00210000DB80FDAC2839D3010000000100000000 "C:\Program Files\Microsoft Office\root\Office16\MSACCESS.EXE"=0x5341435001000000000000000700000028000000A8AA3901C13F3A0101000000000000000000000A00210000DB80FDAC2839D3010000009100000000 "C:\ProgramData\Malwarebytes\MBAMService\instlrupdate\mb3-setup-consumer-3.4.5.2467-1.0.342-1.0.4514.exe"=0x534143500100000000000000070000002800000008C149046F384A0401000000000000000000000A00210000DB80FDAC2839D3010000000000000000020000002800000000000000000000400000000000000000000000000000000050260100000000000100000001000000 "C:\Program Files\Malwarebytes\Anti-Malware\malwarebytes_assistant.exe"=0x5341435001000000000000000700000028000000205B0D00121E0E0001000000000000000000000A71220000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000EA000000000000000100000001000000 "C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe"=0x534143500100000000000000070000002800000020ADA800352EA90001000000000000000000000A71220000DB80FDAC2839D3010000000000000000020000002800000000000000000000000000000000000000000000000000000006B00000000000000100000001000000 "C:\Users\Aurélie\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000A0E00300017A040001000000000000000000000A00210000DB80FDAC2839D3010000000100000000 "C:\Users\Aurélie\Downloads\captvty-2.7.6-autoextract.exe"=0x5341435001000000000000000700000028000000F412A7000EAB020001000000000000000000010600010000DB80FDAC2839D301000000000000000002000000280000000000000000000000000000000000000000000000000000004CFD0000000000000100000001000000 "C:\Users\Aurélie\Downloads\testdisk-7.0.win\testdisk-7.0\testdisk_win.exe"=0x53414350010000000000000007000000280000000EDA08000000000001000000000000000000000A61220000DB80FDAC2839D30100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000DA08AB00000000000200000002000000 "C:\Users\Aurélie\Downloads\testdisk-7.0.win\testdisk-7.0\photorec_win.exe"=0x53414350010000000000000007000000280000000E6A09000000000001000000000000000000000A61220000DB80FDAC2839D301000000000000000002000000280000000000000000000040000000000000000000000000000000002A553A0B000000000200000002000000 "C:\Users\Aurélie\AppData\Local\Microsoft\OneDrive\18.091.0506.0003\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000A0E00300C327040001000000000000000000000A00210000DB80FDAC2839D3010000000100000000 "C:\Program Files (x86)\ASUS\ASUS Live Update\Temp\1\Setup.exe"=0x534143500100000000000000070000002800000090070200E479020001000000000000000000000A71220000DB80FDAC2839D3010000000000000000020000002800000000000000000000000000000000000000000000000000000060600000000000000200000002000000 "C:\Users\Aurélie\AppData\Local\Microsoft\OneDrive\18.091.0506.0006\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000A0E00300534A040001000000000000000000000A00210000DB80FDAC2839D3010000000100000000 "C:\Users\Aurélie\Desktop\Captvty\Captvty.exe"=0x534143500100000000000000070000002800000000903A000000000001000000000000000000000A71220000DB80FDAC2839D3010000000000000000020000002800000000000000000000000000000000000000000000000000000077570000000000000100000001000000 "C:\Program Files (x86)\ASUS\ASUS Device Activation\DevActSvc.exe"=0x534143500100000000000000070000002800000090F9040031D7050001000000000000000000000A71220000DB80FDAC2839D301000000000000000002000000280000000000000000000000000000000000000000000000000000000A010000000000000200000002000000 "C:\Users\Aurélie\Videos\Captvty\Captvty.exe"=0x534143500100000000000000070000002800000000903A000000000001000000000000000000000A71220000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000C6398E04000000000100000001000000 "C:\Users\Aurélie\AppData\Local\Microsoft\OneDrive\18.091.0506.0007\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000A8E003002796040001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Users\Aurélie\AppData\Local\Microsoft\OneDrive\18.111.0603.0004\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000A0F603000E59040001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Users\Aurélie\AppData\Local\Microsoft\OneDrive\18.111.0603.0006\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000A0F60300D140040001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\ProgramData\Malwarebytes\MBAMService\instlrupdate\mb3-setup-consumer-3.5.1.2522-1.0.365-1.0.5292.exe"=0x534143500100000000000000070000002800000048D48F04B690900401000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000BF520100000000000100000001000000 "C:\Users\Aurélie\Downloads\vppsetup.exe"=0x534143500100000000000000070000002800000078065500B6DE550001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000E10F7900000000000100000001000000 "C:\Users\Aurélie\Downloads\emsa_trial.exe"=0x534143500100000000000000070000002800000078D35101FB2D520101000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000F3330600000000000300000003000000 "C:\Program Files (x86)\EaseUS\EaseUS MobiSaver for Android\bin\EMS4Android.exe"=0x534143500100000000000000070000002800000010531600E646170001000000000000000000000A71220000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000004E90100000000000200000002000000 "C:\Program Files (x86)\EaseUS\EaseUS MobiSaver for Android\unins000.exe"=0x534143500100000000000000070000002800000010A31A00CE061B0003000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000002FC28302000000000200000002000000 "C:\Users\Aurélie\Downloads\ems_free.exe"=0x5341435001000000000000000700000028000000A83B9B01038C9B0101000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000005EF3FE03000000000100000001000000 "C:\Program Files (x86)\EaseUS\EaseUS MobiMover\bin\MobiMoverUI.exe"=0x5341435001000000000000000700000028000000E008480087FD480001000000000000000000000A71220000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000491E7900000000000300000003000000 "C:\Program Files (x86)\EaseUS\EaseUS MobiSaver\bin\DPRLoader.exe"=0x5341435001000000000000000700000028000000E0C200001D31010001000000000000000000000A71220000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000065BD3F01000000000100000001000000 "C:\Program Files (x86)\EaseUS\EaseUS MobiMover\unins000.exe"=0x5341435001000000000000000700000028000000E01C12005723120003000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000F3467901000000000100000001000000 "C:\Users\Aurélie\AppData\Local\Microsoft\OneDrive\18.131.0701.0007\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000A80204003EA4040001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Users\Aurélie\AppData\Roaming\Spotify\Spotify.exe"=0x53414350010000000000000007000000280000009091410156F1410101000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000100000000000000000000000000000000078262000000000000100000001000000 "C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe"=0x5341435001000000000000000700000028000000C830020092FC020001000000000000000000030671220000BFA2139DEDD1D30100000000000000000200000028000000000000000000001000000000000000000000000000000000107C0B00000000000100000001000000 "C:\ProgramData\Package Cache\{3e534d41-dcc4-4f51-9858-70dd42beb3d5}\GarminExpressInstaller.exe"=0x5341435001000000000000000700000028000000607710004F17110001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000012F50900000000000100000001000000 "C:\Users\Aurélie\Downloads\GarminExpress.exe"=0x534143500100000000000000070000002800000078092505CD50250501000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000006D585E02000000000100000001000000 "C:\Program Files\Microsoft Office\root\Office16\MSPUB.EXE"=0x5341435001000000000000000700000028000000A050D2002DC7D20001000000000000000000000A00210000BFA2139DEDD1D3010000009100000000 "C:\Users\Aurélie\AppData\Local\Microsoft\OneDrive\18.151.0729.0006\FileSyncConfig.exe"=0x534143500100000000000000070000002800000020F80300EE6C040001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Windows\System32\spool\drivers\x64\3\E_GUPA30.EXE"=0x5341435001000000000000000700000028000000E06F0700C744080001000000000000000000000673020000BFA2139DEDD1D301000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000004EFA0000000000000300000003000000 "SIGN.MEDIA=7D8A40F Reussir_son_entree_en_grammaire_CE1_PC.exe"=0x534143500100000000000000070000002800000013EED3070000000001000000000000000000010600010000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000F9080D00000000000100000001000000 "C:\Program Files (x86)\Editions_Retz\Reussir_son_entree_en_grammaire_CE1\Reussir_son_entree_en_grammaire_CE1.exe"=0x534143500100000000000000070000002800000018056F090000000001000000000000000000030600010000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000009B800300000000000200000002000000 "SIGN.MEDIA=E1411F2 Reussir_production_ecrits_CE1_PC.exe"=0x5341435001000000000000000700000028000000CE5B1F0E0000000001000000000000000000010600010000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000053B20100000000000100000001000000 "C:\Program Files (x86)\Editions_Retz\Reussir_production_ecrits_CE1\Reussir_production_ecrits_CE1.exe"=0x5341435001000000000000000700000028000000859E4A0F0000000001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000027971C00000000000C0000000C000000 "C:\Users\Aurélie\AppData\Local\Temp\{ED1B01EA-82E3-4BD7-A035-B4EF6A99D1CB}\.be\GarminExpressInstaller.exe"=0x5341435001000000000000000700000028000000D0761000C456110001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000049B0400000000000100000001000000 "C:\Users\Aurélie\AppData\Local\Microsoft\OneDrive\18.151.0729.0012\FileSyncConfig.exe"=0x534143500100000000000000070000002800000020F30300A795040001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\ProgramData\Malwarebytes\MBAMService\instlrupdate\mb3-setup-consumer-3.6.1.2711-1.0.463-1.0.6913.exe"=0x5341435001000000000000000700000028000000F80AC504F0EDC50401000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000056C30200000000000100000001000000 "C:\Program Files (x86)\NCH Software\VideoPad\videopad.exe"=0x534143500100000000000000070000002800000078BA53001239540001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000008F70200000000000100000001000000 "C:\Users\Aurélie\AppData\Local\Microsoft\OneDrive\18.172.0826.0010\FileSyncConfig.exe"=0x53414350010000000000000007000000280000006010040082C7040001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Program Files\iTunes\iTunes.exe"=0x534143500100000000000000070000002800000038176402F30C650201000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000010000000000000000000000000000000000E720100000000000100000001000000 "C:\Program Files (x86)\Windows Media Player\wmplayer.exe"=0x5341435001000000000000000700000028000000008C02004C22030001000000010000000000000A61220000BFA2139DEDD1D3010000000000000000 "C:\Users\Aurélie\AppData\Local\Temp\{B707195E-EC0F-4795-B8EC-945091DACB21}\.be\GarminExpressInstaller.exe"=0x534143500100000000000000070000002800000050761000B31D110001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000006EB50800000000000100000001000000 "C:\Program Files (x86)\Garmin\Express\express.exe"=0x534143500100000000000000070000002800000040EAD5015828D60101000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000007D1A0000000000000700000007000000 "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"=0x5341435001000000000000000700000028000000F0852500C3CA250001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000100000000000000000000000000000000083950800000000000200000002000000 "C:\Users\Aurélie\AppData\Local\Microsoft\OneDrive\18.192.0920.0012\FileSyncConfig.exe"=0x534143500100000000000000070000002800000020350400AD0B050001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Users\Aurélie\AppData\Local\Microsoft\OneDrive\18.192.0920.0015\FileSyncConfig.exe"=0x534143500100000000000000070000002800000060340400A607050001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE"=0x534143500100000000000000070000002800000018DF1C0030961D0001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Program Files (x86)\Mozilla Firefox\firefox.exe"=0x5341435001000000000000000700000028000000D0DD06005560070001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Users\Aurélie\Downloads\epson630619eu.exe"=0x5341435001000000000000000700000028000000D0770B001B470C0001000000000000000000010600010000BFA2139DEDD1D30100000000000000000200000028000000000000008000000000000000000000000000000000000000001A0000000000000200000002000000 "C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE"=0x5341435001000000000000000700000028000000507C5B0318C75B0301000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Program Files (x86)\epson\escndv\setup\setup.exe"=0x534143500100000000000000070000002800000060D50400E55A050001000000000000000000010600210000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000AD820000000000000100000001000000 "C:\Windows\twain_32\escndv\escndv.exe"=0x5341435001000000000000000700000028000000006002000000000001000000000000000000000671200000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000065040000000000000200000002000000 "C:\Program Files\Windows Photo Viewer\ImagingDevices.exe"=0x534143500100000000000000070000002800000008990100C4EF010001000000010000000000000A63220000BFA2139DEDD1D3010000000000000000 "C:\Users\Aurélie\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"=0x534143500100000000000000070000002800000020E9B40187F2B40101000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Users\Aurélie\AppData\Local\Microsoft\OneDrive\18.212.1021.0008\FileSyncConfig.exe"=0x53414350010000000000000007000000280000002031040026BC040001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE"=0x5341435001000000000000000700000028000000080F1E00658B1E0001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe"=0x5341435001000000000000000700000028000000A0309300F0B3930001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000AA4E0700000000000100000001000000 "C:\Users\Aurélie\Desktop\QuickDiag.exe"=0x534143500100000000000000070000002800000098214A00D8C84A0001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000 ---------- | IFEO ---------- | Mountpoints2 ---------- | Windows [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] ""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "Beep"=#USR:Control Panel\Sound "CoolSwitch"=USR:Control Panel\Desktop "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickSpeed"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse "Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SwapMouseButtons"=#USR:Control Panel\Mouse "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "Beep"=#USR:Control Panel\Sound "CoolSwitch"=USR:Control Panel\Desktop "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickSpeed"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SwapMouseButtons"=#USR:Control Panel\Mouse "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems] "windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ---------- | Security center [HKLM\SOFTWARE\Microsoft\Security Center] "cval"=1 [HKLM\SOFTWARE\Microsoft\Security Center\svc] "VistaSp1"=131730098920698448 [HKLM\SOFTWARE\Microsoft\Windows Defender] "ProductAppDataPath"=C:\ProgramData\Microsoft\Windows Defender "ProductIcon"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-100 "ProductLocalizedName"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-1000 "RemediationExe"=%ProgramFiles%\Windows Defender\MSASCui.exe "DisableAntiSpyware"=1 "TrustedImageIdentifier"={V221ID00-0000-0000-0000-000000000000} "ProductType"=2 "InstallLocation"=C:\Program Files\Windows Defender\ "ProductStatus"=0 "InstallTime"=0xA69F3798DBF4D201 "OOBEInstallTime"=0xCBB38A8E4374D301 "DisableAntiVirus"=1 "LastEnabledTime"=0x4D8741CC7D76D401 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall"=1 ---------- | Safeboot [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioSrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicDisplay.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicRender.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BrokerInfrastructure] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DeviceInstall] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dxgkrnl.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FsDepends.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudBus.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LSM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SerCx2.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SystemEventsBroker] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\usbaudio.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AudioEndpointBuilder] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AudioSrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicDisplay.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicRender.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BrokerInfrastructure] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DeviceInstall] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dxgkrnl.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\FsDepends.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HdAudAddService.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HdAudBus.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LSM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetSetupSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SerCx2.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmartcardSimulator] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SpbCx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SystemEventsBroker] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\uefi.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\usbaudio.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VirtualSmartcardReader] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wcmsvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96C-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}] ---------- | Winsock (Whitelist) [HKLM\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001] : AF_UNIX [HKLM\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001] : AF_UNIX [HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001] : AF_UNIX [HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001] : AF_UNIX ---------- | Hosts [31] More lines ---------- | Ping Envoi d'une requ?te 'ping' sur google.com [216.58.204.110] avec 32 octets de donn?es?: R?ponse de 216.58.204.110?: octets=32 temps=16 ms TTL=56 R?ponse de 216.58.204.110?: octets=32 temps=18 ms TTL=56 R?ponse de 216.58.204.110?: octets=32 temps=17 ms TTL=56 R?ponse de 216.58.204.110?: octets=32 temps=16 ms TTL=56 Statistiques Ping pour 216.58.204.110: Paquets?: envoy?s = 4, re?us = 4, perdus = 0 (perte 0%), Dur?e approximative des boucles en millisecondes : Minimum = 16ms, Maximum = 18ms, Moyenne = 16ms ---------- | @ [HKU\S-1-5-21-1346661418-3917707748-2786925825-1001\Software\Microsoft\Internet Explorer\Main] "Anchor Underline"=yes "Cache_Update_Frequency"=yes "Disable Script Debugger"=yes "DisableScriptDebuggerIE"=yes "Display Inline Images"=yes "Do404Search"=0x01000000 "Local Page"=%11%\blank.htm "Save_Session_History_On_Exit"=no "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Show_FullURL"=no "Show_StatusBar"=yes "Show_ToolBar"=yes "Show_URLinStatusBar"=yes "Show_URLToolBar"=yes "Use_DlgBox_Colors"=yes "UseClearType"=no "XMLHTTP"=1 "Enable Browser Extensions"=yes "Play_Background_Sounds"=yes "Play_Animations"=yes "Start Page"=http://asus17win10.msn.com/?pc=ASTE "Default_Page_URL"=http://asus17win10.msn.com/?pc=ASTE "DisableFirstRunCustomize"=3 "ImageStoreRandomFolder"=7h42kt2 "AutoHide"=yes [HKU\S-1-5-21-1346661418-3917707748-2786925825-1001\Software\Microsoft\Windows\CurrentVersion\Internet settings] "DisableCachingOfSSLPages"=0 "IE5_UA_Backup_Flag"=5.0 "PrivacyAdvanced"=1 "SecureProtocols"=2688 "CertificateRevocation"=1 "User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32) "EnableNegotiate"=1 "MigrateProxy"=1 "ProxyEnable"=0 "ZonesSecurityUpgrade"=0x3E9396AAC4FFD301 "WarnonZoneCrossing"=0 "ProxyOverride"=*.local [HKLM\Software\Microsoft\Internet Explorer\Main] "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "AutoHide"=yes "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Anchor_Visitation_Horizon"=0x01000000 "Cache_Percent_of_Disk"=0x0A000000 "Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Secondary_Page_URL"= "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "Extensions Off Page"=about:NoAdd-ons "Local Page"=C:\Windows\System32\blank.htm "Placeholder_Height"=0x1A000000 "Placeholder_Width"=0x1A000000 "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Security Risk Page"=about:SecurityRisk "Use_Async_DNS"=yes "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE "TabProcGrowth"=Medium [HKLM\Software\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "Home"=270 "InPrivate"=res://ieframe.dll/inprivate.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "PostNotCached"=res://ieframe.dll/repost.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes] "ftp"=ftp:// "home"=http:// "mosaic"=http:// "www"=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings] "ActiveXCache"=C:\Windows\Downloaded Program Files "CodeBaseSearchPath"=CODEBASE "EnablePunycode"=1 "MinorVersion"=0 "WarnOnIntranet"=1 [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Main] "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "AutoHide"=yes "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Anchor_Visitation_Horizon"=0x01000000 "Cache_Percent_of_Disk"=0x0A000000 "Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Secondary_Page_URL"= "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "Extensions Off Page"=about:NoAdd-ons "Local Page"=C:\Windows\SysWOW64\blank.htm "Placeholder_Height"=0x1A000000 "Placeholder_Width"=0x1A000000 "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Security Risk Page"=about:SecurityRisk "Use_Async_DNS"=yes "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "Home"=270 "InPrivate"=res://ieframe.dll/inprivate.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "PostNotCached"=res://ieframe.dll/repost.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes] "ftp"=ftp:// "home"=http:// "mosaic"=http:// "www"=http:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet settings] "ActiveXCache"=C:\Windows\Downloaded Program Files "CodeBaseSearchPath"=CODEBASE "EnablePunycode"=1 "MinorVersion"=0 "WarnOnIntranet"=1 ---------- | Proxy ---------- | reparsepoint ---------- | Detection of offsets ---------- | Notify ---------- | Execution FileExts [HKU\S-1-5-21-1346661418-3917707748-2786925825-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vpj] "VideoPad.BAK"=NCH.VideoPad.vpj ---------- | SIOI | SEH | URLSH [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6] - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7] - {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw] - {472083B0-C522-11CF-8763-00608CC02F24} -- C:\Program Files\AVAST Software\Avast\ashShA64.dll [22/11/2018 19:53:26] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} -- C:\Windows\System32\EhStorShell.dll [12/04/2018 00:34:24] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6] - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7] - {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} -- [HKU\S-1-5-21-1346661418-3917707748-2786925825-1001\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks] "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"= ---------- | Toolbar [HKU\S-1-5-21-1346661418-3917707748-2786925825-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "Locked"=1 [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} ---------- | Extensions [HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}] : (Se&nd to OneNote) - [] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] : (Lync Click to Call) - [] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}] : (OneNote Lin&ked Notes) - [] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}] : (Se&nd to OneNote) - [] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}] : () - [] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}] : (@C:\WINDOWS\WindowsMobile\INetRepl.dll,-223) - [] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] : (Lync Click to Call) - [] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}] : (OneNote Lin&ked Notes) - [] ---------- | SearchScopes [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (Bing) - http://www.bing.com/search?q={searchTerms}&form=PRASU1&src=IE11TR&pc=ASTE : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (Bing) - http://www.bing.com/search?q={searchTerms}&form=PRASU1&src=IE11TR&pc=ASTE : ---------- | Browser Helper Objects [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] -> (Skype for Business Browser Helper) : C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [04/07/2017 17:31:08] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] -> (Skype for Business Browser Helper) : C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [04/07/2017 17:31:08] ---------- | Chrome ---------- | Opera ---------- | Firefox [HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0] - (Microsoft SharePoint Plug-in for Firefox) : C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0] - (Microsoft Lync Plug-in for Firefox) : C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0] - (Microsoft SharePoint Plug-in for Firefox) : C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331] - (WLPG Install MIME type) : C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [HKLM\Software\WOW6432Node\MozillaPlugins\Adobe Reader] - (Handles PDFs in-place in Firefox) : C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll C:\Users\Aurélie\AppData\Roaming\Mozilla\Firefox\Profiles\mkli3845.default\Prefs.js user_pref("app.normandy.startupRolloutPrefs.extensions.fxmonitor.enabled", true); user_pref("browser.startup.homepage_override.buildID", "20181114214635"); user_pref("browser.startup.homepage_override.mstone", "63.0.3"); user_pref("devtools.webextensions.{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.enabled", true); user_pref("e10s.rollout.cohort", "webextensions-multiBucket4"); user_pref("extensions.blocklist.lastModified", "Mon, 26 Nov 2018 14:19:56 GMT"); user_pref("extensions.blocklist.pingCountTotal", 205); user_pref("extensions.blocklist.pingCountVersion", 11); user_pref("extensions.databaseSchema", 27); user_pref("extensions.e10s.rollout.blocklist", ""); user_pref("extensions.e10s.rollout.hasAddon", true); user_pref("extensions.e10s.rollout.policy", "50allmpc"); user_pref("extensions.e10sBlockedByAddons", false); user_pref("extensions.e10sMultiBlockedByAddons", false); user_pref("extensions.getAddons.cache.lastUpdate", 1543858422); user_pref("extensions.getAddons.databaseSchema", 5); user_pref("extensions.lastAppBuildId", "20181114214635"); user_pref("extensions.lastAppVersion", "63.0.3"); user_pref("extensions.lastPlatformVersion", "63.0.3"); user_pref("extensions.pendingOperations", false); user_pref("extensions.pocket.settings.test.panelSignUp", "control"); user_pref("extensions.systemAddonSet", "{\"schema\":1,\"directory\":\"{aa23c5f2-3942-4a1f-98d1-7729879b8b81}\",\"addons\":{\"fxmonitor@mozilla.org\":{\"version\":\"2.8\"}}}"); user_pref("extensions.ui.dictionary.hidden", true); user_pref("extensions.ui.experiment.hidden", true); user_pref("extensions.ui.lastCategory", "addons://list/plugin"); user_pref("extensions.ui.locale.hidden", true); user_pref("extensions.webextensions.uuids", "{\"{4ED1F68A-5463-4931-9384-8FFF5ED91D92}\":\"b390fdbf-84ac-4f16-a378-a191060da745\",\"screenshots@mozilla.org\":\"210c251c-3c24-497c-a057-9eeada457acd\",\"{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\":\"cb858017-005f-4df7-8da2-e3ae9b767241\",\"wrc@avast.com\":\"2ba2c5f6-156b-421f-988c-d09027a3c8ab\",\"webcompat@mozilla.org\":\"a82dccef-dd79-4b58-9bad-f459e8064b0b\",\"{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\":\"1003b1d0-356e-43bf-8626-a7a83cdb08ab\",\"formautofill@mozilla.org\":\"2b39b510-2f6e-4ab6-9d05-c01a6c0db94c\",\"fxmonitor@mozilla.org\":\"63486cb2-65f2-4748-8076-8a827884b15a\"}"); [Profile0] - Name=default -> Profiles/mkli3845.default ---------- | DNS [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters] "DhcpNameServer"=192.168.1.254 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{0a30939e-86d4-4ad2-aafb-db3e5beac112}] "DhcpNameServer"=192.168.1.254 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{9ed75fa5-e6c1-49de-8720-92f453534a0e}] "DhcpNameServer"=172.20.10.1 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{a538ca50-d250-4955-bcd1-1de9b92ab410}] "DhcpNameServer"=172.20.10.1 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{bfc3e945-1c8b-4067-b279-350153e66d68}] "DhcpNameServer"=192.168.1.254 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{0a30939e-86d4-4ad2-aafb-db3e5beac112}] "DhcpNameServer"=192.168.1.254 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{9ed75fa5-e6c1-49de-8720-92f453534a0e}] "DhcpNameServer"=172.20.10.1 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{a538ca50-d250-4955-bcd1-1de9b92ab410}] "DhcpNameServer"=172.20.10.1 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{bfc3e945-1c8b-4067-b279-350153e66d68}] "DhcpNameServer"=192.168.1.254 ---------- | Applications [HKU\S-1-5-21-1346661418-3917707748-2786925825-1001\SOFTWARE\Classes\Applications\GoPro Quik.exe] : "C:\Program Files\GoPro\GoPro Desktop App\GoPro Quik.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\doxillion.exe] : "C:\Program Files (x86)\NCH Software\Doxillion\doxillion.exe" "%L" [HKLM\SOFTWARE\Classes\Applications\et.exe] : "C:\Program Files (x86)\Kingsoft\WPS Office\10.1.0.5644\office6\et.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 [HKLM\SOFTWARE\Classes\Applications\iTunes.exe] : "C:\Program Files\iTunes\iTunes.exe" /open "%L" [HKLM\SOFTWARE\Classes\Applications\MovieMaker.exe] : "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\Classes\Applications\provtool.exe] : "%SystemRoot%\System32\provtool.exe" "%1" /source ShellOpen [HKLM\SOFTWARE\Classes\Applications\videopad.exe] : "C:\Program Files (x86)\NCH Software\VideoPad\videopad.exe" "%L" [HKLM\SOFTWARE\Classes\Applications\WLXPhotoViewer.dll] : "C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe" /LaunchPhotoViewer /v "%1" [HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" [HKLM\SOFTWARE\Classes\Applications\wpp.exe] : "C:\Program Files (x86)\Kingsoft\WPS Office\10.1.0.5644\office6\wpp.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\wps.exe] : "C:\Program Files (x86)\Kingsoft\WPS Office\10.1.0.5644\office6\wps.exe" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\doxillion.exe] : "C:\Program Files (x86)\NCH Software\Doxillion\doxillion.exe" "%L" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\et.exe] : "C:\Program Files (x86)\Kingsoft\WPS Office\10.1.0.5644\office6\et.exe" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iTunes.exe] : "C:\Program Files\iTunes\iTunes.exe" /open "%L" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\MovieMaker.exe] : "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\provtool.exe] : "%SystemRoot%\System32\provtool.exe" "%1" /source ShellOpen [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\videopad.exe] : "C:\Program Files (x86)\NCH Software\VideoPad\videopad.exe" "%L" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\WLXPhotoViewer.dll] : "C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe" /LaunchPhotoViewer /v "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wpp.exe] : "C:\Program Files (x86)\Kingsoft\WPS Office\10.1.0.5644\office6\wpp.exe" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wps.exe] : "C:\Program Files (x86)\Kingsoft\WPS Office\10.1.0.5644\office6\wps.exe" "%1" ---------- | SvcHost (Whitelist) [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost] "DcomLaunch"=Power LSM BrokerInfrastructure PlugPlay DcomLaunch DeviceInstall SystemEventsBroker "rdxgroup"=RetailDemo "wusvcs"=WaaSMedicSvc "BthAppGroup"=BluetoothUserService "BcastDVRUserService"=BcastDVRUserService "Camera"=FrameS "diagnostics"=DiagSvc "PrintWorkflow"=PrintWorkflowUserSvc "GraphicsPerfSvcGroup"=GraphicsPerfSvc "DevicesFlow"=DevicesFlowUserSvc DevicePickerUserSvc "smbsvcs"=lanmanserver browser [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost] "DcomLaunch"=PlugPlay DcomLaunch DeviceInstall "PrintWorkflow"=PrintWorkflowUserSvc "smbsvcs"=lanmanserver ---------- | SvcHost - Netsvcs (Whitelist) ---------- | Software [HKU\S-1-5-21-1346661418-3917707748-2786925825-1001\Software\Adobe] [HKU\S-1-5-21-1346661418-3917707748-2786925825-1001\Software\AppDataLow] [HKU\S-1-5-21-1346661418-3917707748-2786925825-1001\Software\Apple Computer, Inc.] [HKU\S-1-5-21-1346661418-3917707748-2786925825-1001\Software\Apple Inc.] [HKU\S-1-5-21-1346661418-3917707748-2786925825-1001\Software\ASProtect] [HKU\S-1-5-21-1346661418-3917707748-2786925825-1001\Software\Astonsoft] [HKU\S-1-5-21-1346661418-3917707748-2786925825-1001\Software\ASUS] [HKU\S-1-5-21-1346661418-3917707748-2786925825-1001\Software\Avast Software] [HKU\S-1-5-21-1346661418-3917707748-2786925825-1001\Software\Browser Cleanup] [HKU\S-1-5-21-1346661418-3917707748-2786925825-1001\Software\Chromium] [HKU\S-1-5-21-1346661418-3917707748-2786925825-1001\Software\CineForm] [HKU\S-1-5-21-1346661418-3917707748-2786925825-1001\Software\Clients] [HKU\S-1-5-21-1346661418-3917707748-2786925825-1001\Software\EaseUS] [HKU\S-1-5-21-1346661418-3917707748-2786925825-1001\Software\EPSON] [HKU\S-1-5-21-1346661418-3917707748-2786925825-1001\Software\g3n-h@ckm@n] [HKU\S-1-5-21-1346661418-3917707748-2786925825-1001\Software\Garmin] [HKU\S-1-5-21-1346661418-3917707748-2786925825-1001\Software\Google] [HKU\S-1-5-21-1346661418-3917707748-2786925825-1001\Software\GoPro] [HKU\S-1-5-21-1346661418-3917707748-2786925825-1001\Software\IM Providers] [HKU\S-1-5-21-1346661418-3917707748-2786925825-1001\Software\Intel] [HKU\S-1-5-21-1346661418-3917707748-2786925825-1001\Software\Mail.Ru] [HKU\S-1-5-21-1346661418-3917707748-2786925825-1001\Software\Malwarebytes] [HKU\S-1-5-21-1346661418-3917707748-2786925825-1001\Software\Microsoft] [HKU\S-1-5-21-1346661418-3917707748-2786925825-1001\Software\Mozilla] [HKU\S-1-5-21-1346661418-3917707748-2786925825-1001\Software\NCH Software] [HKU\S-1-5-21-1346661418-3917707748-2786925825-1001\Software\NCH Swift Sound] [HKU\S-1-5-21-1346661418-3917707748-2786925825-1001\Software\Netscape] [HKU\S-1-5-21-1346661418-3917707748-2786925825-1001\Software\nwjs] [HKU\S-1-5-21-1346661418-3917707748-2786925825-1001\Software\ODBC] [HKU\S-1-5-21-1346661418-3917707748-2786925825-1001\Software\Policies] [HKU\S-1-5-21-1346661418-3917707748-2786925825-1001\Software\QtProject] [HKU\S-1-5-21-1346661418-3917707748-2786925825-1001\Software\Realtek] [HKU\S-1-5-21-1346661418-3917707748-2786925825-1001\Software\RegisteredApplications] [HKU\S-1-5-21-1346661418-3917707748-2786925825-1001\Software\Spotify] [HKU\S-1-5-21-1346661418-3917707748-2786925825-1001\Software\sysinternals] [HKU\S-1-5-21-1346661418-3917707748-2786925825-1001\Software\Wow6432Node] [HKU\S-1-5-21-1346661418-3917707748-2786925825-1001\SOFTWARE\AppDataLow\Software\Microsoft] [HKU\S-1-5-21-1346661418-3917707748-2786925825-1001\Software\Microsoft\Windows\CurrentVersion] [HKU\S-1-5-21-1346661418-3917707748-2786925825-1001\Software\Microsoft\Windows\DWM] [HKU\S-1-5-21-1346661418-3917707748-2786925825-1001\Software\Microsoft\Windows\PrivacySettingsBeforeCreatorsUpdate] [HKU\S-1-5-21-1346661418-3917707748-2786925825-1001\Software\Microsoft\Windows\Shell] [HKU\S-1-5-21-1346661418-3917707748-2786925825-1001\Software\Microsoft\Windows\TabletPC] [HKU\S-1-5-21-1346661418-3917707748-2786925825-1001\Software\Microsoft\Windows\Windows Error Reporting] [HKU\S-1-5-21-1346661418-3917707748-2786925825-1001\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\Agere] [HKLM\Software\Apple Computer, Inc.] [HKLM\Software\Apple Inc.] [HKLM\Software\ASUS] [HKLM\Software\Atheros] [HKLM\Software\Clients] [HKLM\Software\Dolby] [HKLM\Software\DTS] [HKLM\Software\EPSON] [HKLM\Software\Fortemedia] [HKLM\Software\g3n-h@ckm@n] [HKLM\Software\Google] [HKLM\Software\GoPro] [HKLM\Software\ICEpower] [HKLM\Software\IM Providers] [HKLM\Software\Intel] [HKLM\Software\IPS] [HKLM\Software\Khronos] [HKLM\Software\Knowles] [HKLM\Software\LSI] [HKLM\Software\Macromedia] [HKLM\Software\Microsoft] [HKLM\Software\Mozilla] [HKLM\Software\MozillaPlugins] [HKLM\Software\Nahimic] [HKLM\Software\Nuance] [HKLM\Software\ODBC] [HKLM\Software\OEM] [HKLM\Software\Partner] [HKLM\Software\Policies] [HKLM\Software\Realtek] [HKLM\Software\RegisteredApplications] [HKLM\Software\RTLSetup] [HKLM\Software\SonicFocus] [HKLM\Software\SoundResearch] [HKLM\Software\SRS Labs] [HKLM\Software\SyncIntegrationClients] [HKLM\Software\sysinternals] [HKLM\Software\Waves Audio] [HKLM\Software\WOW6432Node] [HKLM\Software\Yamaha APO] [HKLM\Software\Microsoft\Windows\ClickNote] [HKLM\Software\Microsoft\Windows\CurrentVersion] [HKLM\Software\Microsoft\Windows\Dwm] [HKLM\Software\Microsoft\Windows\DynamicManagement] [HKLM\Software\Microsoft\Windows\EnterpriseResourceManager] [HKLM\Software\Microsoft\Windows\Heat] [HKLM\Software\Microsoft\Windows\HTML Help] [HKLM\Software\Microsoft\Windows\ITStorage] [HKLM\Software\Microsoft\Windows\PrivacySettingsBeforeCreatorsUpdate] [HKLM\Software\Microsoft\Windows\ScheduledDiagnostics] [HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\Microsoft\Windows\Shell] [HKLM\Software\Microsoft\Windows\Tablet PC] [HKLM\Software\Microsoft\Windows\TabletPC] [HKLM\Software\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\Microsoft\Windows\Windows Search] [HKLM\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\BcastDVRUserService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\btagservice] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\BthAppGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\Camera] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\DevicesFlow] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\diagnostics] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\GraphicsPerfSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ICService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceHttp] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestrictedDhcpLmHosts] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetworkFirewall] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceDnsNla] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\print] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\PrintWorkflow] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\rdxgroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\RmSvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\UnistackSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\WepHostSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wsappx] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wusvcs] [HKLM\Software\WOW6432Node\Adobe] [HKLM\Software\WOW6432Node\Apple Inc.] [HKLM\Software\WOW6432Node\ASUS] [HKLM\Software\WOW6432Node\Atheros] [HKLM\Software\WOW6432Node\AVAST Software] [HKLM\Software\WOW6432Node\Chromium] [HKLM\Software\WOW6432Node\Cygwin] [HKLM\Software\WOW6432Node\EaseUS] [HKLM\Software\WOW6432Node\EPSON] [HKLM\Software\WOW6432Node\Garmin] [HKLM\Software\WOW6432Node\Google] [HKLM\Software\WOW6432Node\GoPro] [HKLM\Software\WOW6432Node\Intel] [HKLM\Software\WOW6432Node\Khronos] [HKLM\Software\WOW6432Node\Kingsoft] [HKLM\Software\WOW6432Node\Lame For Audacity] [HKLM\Software\WOW6432Node\Macromedia] [HKLM\Software\WOW6432Node\McAfee] [HKLM\Software\WOW6432Node\Microsoft] [HKLM\Software\WOW6432Node\Mozilla] [HKLM\Software\WOW6432Node\mozilla.org] [HKLM\Software\WOW6432Node\MozillaPlugins] [HKLM\Software\WOW6432Node\NCH Software] [HKLM\Software\WOW6432Node\NCH Swift Sound] [HKLM\Software\WOW6432Node\Nuance] [HKLM\Software\WOW6432Node\ODBC] [HKLM\Software\WOW6432Node\OpenAL] [HKLM\Software\WOW6432Node\Qualcomm Atheros] [HKLM\Software\WOW6432Node\Realtek] [HKLM\Software\WOW6432Node\Realtek Semiconductor Corp.] [HKLM\Software\WOW6432Node\SAXP21] [HKLM\Software\WOW6432Node\SRS Labs] [HKLM\Software\WOW6432Node\SuppHelpDir] [HKLM\Software\WOW6432Node\TeamViewer] [HKLM\Software\WOW6432Node\WOW6432Node] [HKLM\Software\WOW6432Node\Clients] [HKLM\Software\WOW6432Node\Policies] [HKLM\Software\WOW6432Node\RegisteredApplications] [HKLM\Software\WOW6432Node\Microsoft\Windows\ClickNote] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows\Dwm] [HKLM\Software\WOW6432Node\Microsoft\Windows\EnterpriseResourceManager] [HKLM\Software\WOW6432Node\Microsoft\Windows\Heat] [HKLM\Software\WOW6432Node\Microsoft\Windows\HTML Help] [HKLM\Software\WOW6432Node\Microsoft\Windows\ITStorage] [HKLM\Software\WOW6432Node\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\WOW6432Node\Microsoft\Windows\Tablet PC] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Search] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceHttp] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestrictedDhcpLmHosts] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetworkFirewall] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceDnsNla] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\PrintWorkflow] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\wusvcs] ---------- | Drives ---------- | C: [05/01/2018 17:22:13] - |HD| - [2845508] - C:\$AV_ASW [16/07/2016 12:47:47] - |SHD| - [1957] - C:\$Recycle.Bin [11/11/2016 17:06:48] - |SHD| - [18613132] - C:\Boot [MD5.E714F4FC5A455C843B4E7B496260E9A0] - [16/07/2016 13:58:18] - |RASH| - (.-.) - [389400] - (0.0.0.0) - C:\bootmgr [MD5.93B885ADFE0DA089CDF634904FD59F71] - [16/07/2016 13:58:19] - |ASH| - (.-.) - [1] - (0.0.0.0) - C:\BOOTNXT [MD5.408F1A82BF22BED2899CBF9EB24533BF] - [04/07/2017 18:09:56] - |AH| - (.-.) - [9668] - (0.0.0.0) - C:\devlist.txt [05/01/2018 16:21:36] - |SHD| - [0] - C:\Documents and Settings [31/07/2018 23:09:41] - |D| - [0] - C:\EaseUS MobiSaver iCloud Backup [05/07/2017 00:36:00] - |D| - [1875688257] - C:\eSupport [MD5.01224851F19C9423A1D7E06F44DBFB6A] - [04/07/2017 18:09:56] - |AH| - (.-.) - [9] - (0.0.0.0) - C:\Finish.log [06/01/2018 00:15:36] - |D| - [2766] - C:\Garmin [MD5.D41D8CD98F00B204E9800998ECF8427E] - [09/06/2018 10:03:58] - |ASH| - (.-.) - [1644634112] - (0.0.0.0) - C:\hiberfil.sys [04/07/2017 16:52:55] - |HD| - [580449] - C:\Intel [MD5.800B746FDC4D80469AFC7E5E9B510C9C] - [01/12/2006 23:37:14] - |A| - (.© Microsoft Corporation. - Microsoft® Debug Information Accessor.) - [904704] - (8.0.50727.762) - C:\msdia80.dll [MD5.D41D8CD98F00B204E9800998ECF8427E] - [04/07/2017 16:37:42] - |ASH| - (.-.) - [1409286144] - (0.0.0.0) - C:\pagefile.sys [12/04/2018 00:38:20] - |D| - [0] - C:\PerfLogs [12/04/2018 00:38:20] - |RD| - [8891340813] - C:\Program Files [12/04/2018 00:38:20] - |RD| - [3124296759] - C:\Program Files (x86) [12/04/2018 00:38:20] - |HD| - [9198498160] - C:\ProgramData [03/12/2018 18:25:14] - |D| - [68685] - C:\QuickDiag [MD5.52E8D6CEBFFDC62450CB03F6D3BF325A] - [03/12/2018 18:25:29] - |A| - (.-.) - [167127] - (0.0.0.0) - C:\QuickDiag.txt [11/11/2016 09:08:20] - |SHD| - [3335908469] - C:\Recovery [MD5.D41D8CD98F00B204E9800998ECF8427E] - [04/07/2017 16:37:43] - |ASH| - (.-.) - [268435456] - (0.0.0.0) - C:\swapfile.sys [05/07/2017 00:12:34] - |SHD| - [0] - C:\System Volume Information [11/04/2018 22:04:33] - |RD| - [324189782778] - C:\Users [11/04/2018 22:04:33] - |D| - [28630879207] - C:\Windows ---------- | C:\WINDOWS [12/04/2018 00:38:20] - |D| - [802] - C:\WINDOWS\addins [12/04/2018 00:38:20] - |D| - [11782633] - C:\WINDOWS\appcompat [12/04/2018 00:38:20] - |D| - [8318774] - C:\WINDOWS\apppatch [12/04/2018 00:38:20] - |D| - [0] - C:\WINDOWS\AppReadiness [MD5.F3B25701FE362EC84616A93A45CE9998] - [05/07/2017 00:36:00] - |A| - (.-.) - [2] - (0.0.0.0) - C:\WINDOWS\AsCDProc.log [MD5.1E6D40D9FA540545CD947DB502425B3A] - [07/11/2016 08:27:00] - |A| - (.-.) - [23] - (0.0.0.0) - C:\WINDOWS\AsDCDVer.txt [MD5.2F836303E64423025E9A5B6D2F57C855] - [11/11/2016 17:06:05] - |A| - (.-.) - [28] - (0.0.0.0) - C:\WINDOWS\AsHDIVer.txt [MD5.A74704427AB6AABDCAFC2050DE126BD0] - [04/07/2017 17:24:31] - |A| - (.-.) - [168] - (0.0.0.0) - C:\WINDOWS\AsKeySuite.log [MD5.FFFC81F77E2E26AA5F281FB2E52B7A44] - [20/02/2017 04:08:32] - |A| - (.-.) - [80] - (0.0.0.0) - C:\WINDOWS\ASOFSVer.txt [MD5.6F68E6D6D12E0E897BE49AF40F1D8952] - [05/07/2017 00:37:00] - |A| - (.-.) - [96] - (0.0.0.0) - C:\WINDOWS\AsPEToolVer.txt [12/04/2018 00:38:20] - |RSD| - [944448774] - C:\WINDOWS\assembly [MD5.BF45B0D5BEB1865C39E0EC0417776ACF] - [05/07/2017 00:37:00] - |A| - (.-.) - [55] - (0.0.0.0) - C:\WINDOWS\AsToolCDVer.txt [11/11/2016 17:06:05] - |AD| - [395090380] - C:\WINDOWS\ASUS [12/04/2018 00:38:20] - |D| - [720353] - C:\WINDOWS\bcastdvr [MD5.178BA90AA13F6F834E5C060DC923FB55] - [12/04/2018 00:34:02] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Utilitaire de service de fichier de démarrage.) - [67072] - (10.0.17134.1) - C:\WINDOWS\bfsvc.exe [12/04/2018 00:38:20] - |D| - [38315462] - C:\WINDOWS\Boot [MD5.16BB35D0411B074FDE9ED4CBD4699590] - [09/06/2018 10:37:17] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\WINDOWS\bootstat.dat [12/04/2018 00:38:21] - |D| - [2448984] - C:\WINDOWS\Branding [12/04/2018 00:30:02] - |D| - [0] - C:\WINDOWS\CbsTemp [MD5.86899F4098C3A1B68B6C2CB714236424] - [09/06/2018 10:07:36] - |A| - (.-.) - [18473] - (0.0.0.0) - C:\WINDOWS\comsetup.log [MD5.A155FFABF2F04265A97274CCAB44D773] - [12/04/2018 17:23:39] - |A| - (.-.) - [35138] - (0.0.0.0) - C:\WINDOWS\Core.xml [MD5.D6CE3EEAB0B72F8014E62C728CEA5605] - [16/07/2016 23:54:59] - |A| - (.-.) - [33498] - (0.0.0.0) - C:\WINDOWS\CoreSingleLanguage.xml [MD5.BFE1FA1F2118D29A9BD60705CE26F34A] - [11/11/2016 09:09:30] - |A| - (.-.) - [12] - (0.0.0.0) - C:\WINDOWS\csup.txt [12/04/2018 00:38:21] - |D| - [11482410] - C:\WINDOWS\Cursors [MD5.B85F078EA3CEE5415AD41AC27DACA0CA] - [03/06/2018 17:05:19] - |A| - (.-.) - [1310] - (0.0.0.0) - C:\WINDOWS\DDACLSys.log [12/04/2018 00:38:21] - |D| - [16783647] - C:\WINDOWS\debug [MD5.0E359EF178B73AAAE2C6D6AC11B4FE15] - [09/06/2018 10:23:39] - |A| - (.-.) - [11433] - (0.0.0.0) - C:\WINDOWS\diagerr.xml [12/04/2018 00:38:21] - |D| - [4607251] - C:\WINDOWS\diagnostics [MD5.0E359EF178B73AAAE2C6D6AC11B4FE15] - [09/06/2018 10:23:39] - |A| - (.-.) - [11433] - (0.0.0.0) - C:\WINDOWS\diagwrn.xml [12/04/2018 17:18:37] - |D| - [0] - C:\WINDOWS\DigitalLocker [12/04/2018 00:38:21] - |SD| - [65] - C:\WINDOWS\Downloaded Program Files [MD5.AD5054AF87D073D057E833EEDB50C63B] - [05/03/2018 16:46:11] - |A| - (.-.) - [4422] - (0.0.0.0) - C:\WINDOWS\DPINST.LOG [MD5.CBAEE28F3A34D64431F136DDF659B256] - [07/11/2016 08:21:33] - |A| - (.-.) - [6126] - (0.0.0.0) - C:\WINDOWS\DriverCD_Template.txt [MD5.D0246EF80C47D5BF66D4761D7FF43E3B] - [12/04/2018 00:40:39] - |A| - (.-.) - [4179] - (0.0.0.0) - C:\WINDOWS\DtcInstall.log [12/04/2018 00:38:21] - |HD| - [59976] - C:\WINDOWS\ELAMBKUP [24/12/2017 10:13:28] - |D| - [116936] - C:\WINDOWS\en [12/04/2018 17:18:37] - |D| - [0] - C:\WINDOWS\en-US [MD5.E4A81EDDFF8B844D85C8B45354E4144E] - [11/07/2018 14:35:13] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [3932672] - (10.0.17134.165) - C:\WINDOWS\explorer.exe [12/04/2018 00:38:21] - |RSD| - [377475384] - C:\WINDOWS\Fonts [12/04/2018 17:18:37] - |D| - [109568] - C:\WINDOWS\fr-FR [12/04/2018 00:38:21] - |D| - [0] - C:\WINDOWS\GameBarPresenceWriter [12/04/2018 00:38:21] - |D| - [47788657] - C:\WINDOWS\Globalization [12/04/2018 00:38:21] - |D| - [961999] - C:\WINDOWS\Help [MD5.FFD31D96B8D4BAB8B0F83E42B7430A54] - [11/07/2018 14:34:03] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Aide et support Microsoft.) - [1054720] - (10.0.17134.137) - C:\WINDOWS\HelpPane.exe [MD5.A50C9DF7603E2F1AEA6B54053794A326] - [12/04/2018 00:34:25] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Exécutable de l’aide HTML Microsoft®.) - [17920] - (10.0.17134.1) - C:\WINDOWS\hh.exe [12/04/2018 00:38:21] - |D| - [29869] - C:\WINDOWS\IdentityCRL [12/04/2018 00:38:21] - |D| - [28827030] - C:\WINDOWS\IME [12/04/2018 00:38:21] - |RD| - [8489793] - C:\WINDOWS\ImmersiveControlPanel [12/04/2018 00:36:48] - |D| - [73170063] - C:\WINDOWS\INF [12/04/2018 00:38:21] - |D| - [1430618553] - C:\WINDOWS\InfusedApps [12/04/2018 00:38:21] - |D| - [38137502] - C:\WINDOWS\InputMethod [MD5.2DDC0B4CFB94821F3AB2335A2D738053] - [04/07/2017 16:46:48] - |A| - (.-.) - [1946906] - (0.0.0.0) - C:\WINDOWS\Inst.log [12/04/2018 00:38:21] - |SHD| - [1712185514] - C:\WINDOWS\Installer [MD5.6B478A7986F158BEA855EE92CF39B3D2] - [04/07/2017 17:24:32] - |A| - (.-.) - [408142] - (0.0.0.0) - C:\WINDOWS\InstantOn.ico [MD5.7B539805604AF6C02558E080EA9FFF12] - [04/07/2017 17:43:19] - |A| - (.-.) - [696] - (0.0.0.0) - C:\WINDOWS\Inst_AsModelCopy.log [MD5.B992E4122ECF33285E25618951FB6F2E] - [04/07/2017 16:48:20] - |A| - (.-.) - [12926] - (0.0.0.0) - C:\WINDOWS\Inst_CMD.log [MD5.DD7D6884C1E68479482BC151B9023FF1] - [04/07/2017 16:50:21] - |A| - (.-.) - [1562262] - (0.0.0.0) - C:\WINDOWS\Inst_Device.log [12/04/2018 00:38:21] - |D| - [94163] - C:\WINDOWS\L2Schemas [12/04/2018 00:38:21] - |HD| - [0] - C:\WINDOWS\LanguageOverlayCache [12/04/2018 00:38:21] - |D| - [857559836] - C:\WINDOWS\LiveKernelReports [11/11/2016 16:29:24] - |D| - [123951171] - C:\WINDOWS\Log [11/04/2018 22:04:39] - |D| - [23880580] - C:\WINDOWS\Logs [12/04/2018 00:38:21] - |RSD| - [20486563] - C:\WINDOWS\media [MD5.23AF90D2355D8C83AA4567EF1763B467] - [12/04/2018 00:34:36] - |A| - (.-.) - [43131] - (0.0.0.0) - C:\WINDOWS\mib.bin [12/04/2018 00:38:20] - |RD| - [801437736] - C:\WINDOWS\Microsoft.NET [12/04/2018 00:38:21] - |D| - [3135] - C:\WINDOWS\Migration [18/11/2018 20:49:25] - |D| - [786432] - C:\WINDOWS\Minidump [12/04/2018 00:38:21] - |D| - [0] - C:\WINDOWS\ModemLogs [MD5.BB9A06B8F2DD9D24C77F389D7B2B58D2] - [12/04/2018 00:34:20] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Bloc-notes.) - [245760] - (10.0.17134.1) - C:\WINDOWS\notepad.exe [12/04/2018 17:22:25] - |D| - [199472] - C:\WINDOWS\OCR [12/04/2018 00:38:21] - |RD| - [65] - C:\WINDOWS\Offline Web Pages [04/07/2017 16:59:35] - |D| - [0] - C:\WINDOWS\Options [24/05/2018 19:57:54] - |DC| - [611823941] - C:\WINDOWS\Panther [12/04/2018 00:38:21] - |D| - [759689] - C:\WINDOWS\Performance [MD5.463479040804DEA78548A5331A216580] - [11/11/2016 09:20:21] - |A| - (.-.) - [293130] - (0.0.0.0) - C:\WINDOWS\PFRO.log [12/04/2018 00:38:21] - |D| - [1136442] - C:\WINDOWS\PLA [12/04/2018 00:38:21] - |D| - [2821730] - C:\WINDOWS\PolicyDefinitions [09/06/2018 09:51:37] - |D| - [25220289] - C:\WINDOWS\Prefetch [12/04/2018 00:38:21] - |RD| - [1965014] - C:\WINDOWS\PrintDialog [12/04/2018 00:38:21] - |D| - [5267376] - C:\WINDOWS\Provisioning [MD5.AC91328EE5CFFBD695CE912F75F876F6] - [12/04/2018 00:34:34] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Éditeur du Registre.) - [336384] - (10.0.17134.1) - C:\WINDOWS\regedit.exe [12/04/2018 00:38:21] - |D| - [1117876] - C:\WINDOWS\Registration [12/04/2018 00:38:21] - |D| - [13008528] - C:\WINDOWS\rescache [12/04/2018 00:38:21] - |D| - [3792245] - C:\WINDOWS\Resources [MD5.A095B3E67C8EB8F2137EAC63687F2F5B] - [04/07/2017 16:57:10] - |A| - (.Copyright (C) 2016 Realtek Semiconductor Corp. - RtlExUpd DLL for setup utility function.) - [2839520] - (1.0.7.0) - C:\WINDOWS\RtlExUpd.dll [12/04/2018 00:38:21] - |D| - [0] - C:\WINDOWS\SchCache [12/04/2018 00:38:21] - |D| - [122082] - C:\WINDOWS\schemas [12/04/2018 00:38:21] - |D| - [6345872] - C:\WINDOWS\security [09/06/2018 10:35:23] - |D| - [1708484615] - C:\WINDOWS\ServiceProfiles [12/04/2018 00:38:21] - |D| - [0] - C:\WINDOWS\ServiceState [11/04/2018 22:04:33] - |D| - [120583708] - C:\WINDOWS\servicing [12/04/2018 00:41:20] - |D| - [42] - C:\WINDOWS\Setup [MD5.D41D8CD98F00B204E9800998ECF8427E] - [17/07/2018 16:18:25] - |A| - (.-.) - [0] - (0.0.0.0) - C:\WINDOWS\setuperr.log [12/04/2018 00:38:21] - |D| - [6442496] - C:\WINDOWS\ShellComponents [12/04/2018 00:38:21] - |D| - [53632512] - C:\WINDOWS\ShellExperiences [12/04/2018 17:19:39] - |D| - [3070736] - C:\WINDOWS\SKB [04/07/2017 16:48:10] - |D| - [357289762] - C:\WINDOWS\SoftwareDistribution [12/04/2018 00:38:21] - |D| - [86037185] - C:\WINDOWS\Speech [12/04/2018 00:38:21] - |D| - [63476142] - C:\WINDOWS\Speech_OneCore [MD5.8D59B31FF375059E3C32B17BF31A76D5] - [12/04/2018 00:34:41] - |A| - (.© Microsoft Corporation. - Print driver host for applications.) - [130560] - (10.0.17134.1) - C:\WINDOWS\splwow64.exe [12/04/2018 00:38:21] - |D| - [31039] - C:\WINDOWS\System [MD5.286A9EDB379DC3423A528B0864A0F111] - [16/07/2016 12:47:50] - |A| - (.-.) - [219] - (0.0.0.0) - C:\WINDOWS\system.ini [11/04/2018 22:04:33] - |D| - [5793146168] - C:\WINDOWS\System32 [12/04/2018 00:38:21] - |D| - [244719560] - C:\WINDOWS\SystemApps [12/04/2018 00:38:21] - |D| - [25650173] - C:\WINDOWS\SystemResources [11/04/2018 22:04:41] - |D| - [1412455878] - C:\WINDOWS\SysWOW64 [12/04/2018 00:38:21] - |D| - [0] - C:\WINDOWS\TAPI [16/07/2016 12:47:48] - |D| - [1196] - C:\WINDOWS\Tasks [12/04/2018 00:38:21] - |D| - [2335513] - C:\WINDOWS\Temp [12/04/2018 00:38:21] - |D| - [13610496] - C:\WINDOWS\TextInput [MD5.CE1B20297683C1F0FDBF62AD73A5A24F] - [04/07/2017 17:24:33] - |A| - (.-.) - [84992] - (0.0.0.0) - C:\WINDOWS\Thumbs.db [12/04/2018 00:38:21] - |D| - [0] - C:\WINDOWS\tracing [12/04/2018 00:38:21] - |D| - [19204183] - C:\WINDOWS\twain_32 [MD5.076387B253E6A381090F59EDBFC5EEF6] - [12/04/2018 00:34:53] - |A| - (.- Gestionnaire de sources Twain_32 (Image Acquisition Interface).) - [65536] - (1.7.1.3) - C:\WINDOWS\twain_32.dll [16/12/2017 16:35:25] - |SD| - [0] - C:\WINDOWS\UpdateAssistantV2 [MD5.D9007C6B4415261AB45C22B011C1FE83] - [04/07/2017 17:24:33] - |A| - (.ASUSTeK Computer Inc. - InstallShield Helper.) - [196608] - (1.0.1.7) - C:\WINDOWS\UpdateHelper.dll [12/04/2018 00:38:21] - |D| - [12420] - C:\WINDOWS\Vss [11/04/2018 22:04:37] - |D| - [25818] - C:\WINDOWS\WaaS [12/04/2018 00:38:21] - |D| - [15729830] - C:\WINDOWS\Web [MD5.23CF8138F49416231807E6DE371FB9E6] - [16/07/2016 12:47:50] - |A| - (.-.) - [92] - (0.0.0.0) - C:\WINDOWS\win.ini [30/04/2018 20:46:32] - |D| - [27949476] - C:\WINDOWS\WindowsMobile [MD5.C844CA459F3B209329984772269B6E56] - [12/04/2018 00:34:36] - |RAH| - (.-.) - [670] - (0.0.0.0) - C:\WINDOWS\WindowsShell.Manifest [MD5.2CC83D93DD1DDE691158CF5E9882420B] - [11/11/2016 09:09:31] - |A| - (.-.) - [276] - (0.0.0.0) - C:\WINDOWS\WindowsUpdate.log [MD5.EE1F0DE1ED3E8A5BF080B3497049969E] - [12/04/2018 00:34:52] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Relais Windows Winhlp32.) - [11776] - (10.0.17134.1) - C:\WINDOWS\winhlp32.exe [11/04/2018 22:04:33] - |D| - [11008927287] - C:\WINDOWS\WinSxS [MD5.907AE50A03DEEC4CFFDC70EA3D5AD4D8] - [31/03/2014 21:34:22] - |A| - (.© 2012 Microsoft Corporation. - Photo Gallery Screen Saver.) - [322248] - (16.4.3528.331) - C:\WINDOWS\WLXPGSS.SCR [MD5.E7E4D8D7340DA6934B9EA81CBB21374C] - [12/04/2018 00:33:56] - |A| - (.-.) - [316640] - (0.0.0.0) - C:\WINDOWS\WMSysPr9.prx [MD5.5266C61652051E9EF3A4D199001F6B17] - [12/04/2018 00:34:19] - |A| - (.© Microsoft Corporation. - Windows Write.) - [11264] - (10.0.17134.1) - C:\WINDOWS\write.exe ---------- | C:\WINDOWS\System32\GroupPolicy [05/01/2018 17:21:39] - |D| - [0] - C:\WINDOWS\System32\GroupPolicy\Machine [05/01/2018 17:21:39] - |D| - [0] - C:\WINDOWS\System32\GroupPolicy\User ---------- | Systemroot\System ---------- | Systemroot\Installer (Microsoft Files Whitelisted) [17/03/2015 09:41:29] - C:\WINDOWS\Installer\1215715.msi : ( - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [12/10/2016 15:23:46] - C:\WINDOWS\Installer\12a0b.msi : ( - ASUS) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [19/09/2018 09:16:36] - C:\WINDOWS\Installer\1301ae69.msi : (Adobe ARM Installer - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [11/12/2017 11:03:28] - C:\WINDOWS\Installer\1457c7.msi : (Apple Application Support Installer - Apple Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [11/12/2017 11:03:30] - C:\WINDOWS\Installer\1457cc.msi : (Apple Application Support Installer - Apple Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2017 14:35:10] - C:\WINDOWS\Installer\1457d1.msi : ([ProductName] Installer - Apple Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [29/11/2017 04:08:42] - C:\WINDOWS\Installer\1457d6.msi : (Apple Mobile Device Support Installer - Apple Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2017 14:35:40] - C:\WINDOWS\Installer\1457db.msi : (Apple Software Update Installer - Apple Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [03/10/2016 19:16:02] - C:\WINDOWS\Installer\1855a.msi : (Intel(R) Chipset Device Software - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [02/09/2016 09:40:44] - C:\WINDOWS\Installer\1b65d.msi : ( - ASUS) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [25/08/2016 23:18:22] - C:\WINDOWS\Installer\2f2f4.msi : (Intel(R) Trusted Execution Engine Driver - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [25/08/2016 23:18:22] - C:\WINDOWS\Installer\2f2f8.msi : (Intel(R) TXE Storage Proxy Driver - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [23/05/2016 21:51:38] - C:\WINDOWS\Installer\2f30c.msi : (Intel(R) Trusted Connect Service Client - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [25/08/2016 23:18:18] - C:\WINDOWS\Installer\2f310.msi : (Intel(R) Trusted Execution Engine - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [16/06/2016 07:10:32] - C:\WINDOWS\Installer\2f314.msi : ( - ASUS) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [05/06/2018 16:31:30] - C:\WINDOWS\Installer\491bd18c.msi : ( - ASUSTeK COMPUTER INC.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [04/07/2017 17:02:03] - C:\WINDOWS\Installer\5f681.msi : (Blank Project Template - InstallShield) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [18/08/2016 03:25:16] - C:\WINDOWS\Installer\5f685.msi : (Blank Project Template - Alcor Micro Corp.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [24/10/2018 15:18:02] - C:\WINDOWS\Installer\60060041.msi : (Elevated Installer - Garmin Ltd or its subsidiaries) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [24/10/2018 15:17:50] - C:\WINDOWS\Installer\60060045.msi : (ANT Drivers Installer x64 - Garmin Ltd or its subsidiaries) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [07/07/2016 08:35:07] - C:\WINDOWS\Installer\7b808.msi : (Device Setup - ASUSTek COMPUTER INC.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [01/08/2016 03:39:54] - C:\WINDOWS\Installer\dbeb.msi : ( - ASUS) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [04/07/2017 17:16:29] - C:\WINDOWS\Installer\dbfb.msi : (AudioWizard - ICEpower a/s) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [12/08/2016 10:19:18] - C:\WINDOWS\Installer\dbff.msi : ( - ASUSTeK COMPUTER INC.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] ---------- | %System%\*.in* [08/04/2016 08:48:18] - [41952] - C:\WINDOWS\System32\AmUStor.ini [04/07/2017 16:59:36] - [436353] - C:\WINDOWS\System32\athw10x.inf [12/04/2018 00:33:56] - [3329] - C:\WINDOWS\System32\ieuinit.inf [09/06/2018 10:12:43] - [1766590] - C:\WINDOWS\System32\PerfStringBackup.INI [12/04/2018 00:34:33] - [60124] - C:\WINDOWS\System32\tcpmon.ini [12/04/2018 00:34:20] - [2404] - C:\WINDOWS\System32\WimBootCompress.ini [12/04/2018 00:34:00] - [3329] - C:\WINDOWS\Syswow64\ieuinit.inf [12/04/2018 00:34:49] - [2404] - C:\WINDOWS\Syswow64\WimBootCompress.ini ---------- | Listing no Microsoft signed files (Not necessary Malwares) | system32 | Syswow64 | General scan [MD5.BA9B9CA29D4928E06676FDB3E5ED5CF8] - |A| - [25/11/2018 18:49:41] - (.-.) - [10.09 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-QACPS1A-20181125-1849.log [MD5.149E4637D1C12A290FE969CA96E0E3BB] - |A| - [25/11/2018 18:50:09] - (.-.) - [15.86 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-QACPS1A-20181125-1850.log [MD5.DABADFF4DB6EBFADA1B94D59E5C559B9] - |A| - [25/11/2018 19:05:48] - (.-.) - [11.32 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-QACPS1A-20181125-1905.log [MD5.531014926DE6CBAB7204285CA1132C31] - |A| - [25/11/2018 19:12:13] - (.-.) - [9.21 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-QACPS1A-20181125-1912.log [MD5.D1F9CBBEEDC64B0A620F2795CBC55EFF] - |A| - [25/11/2018 19:17:00] - (.-.) - [10.66 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-QACPS1A-20181125-1917.log [MD5.7481BAFFBC2EB63963CCCEE6CC4DF43F] - |A| - [25/11/2018 19:43:12] - (.-.) - [10.63 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-QACPS1A-20181125-1943.log [MD5.E9E9A82F2FC15F3449B162520408F49E] - |A| - [25/11/2018 21:51:01] - (.-.) - [11.35 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-QACPS1A-20181125-2151.log [MD5.73BA149EAF08AB624A07E85FB1836AAF] - |A| - [26/11/2018 19:19:26] - (.-.) - [16.27 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-QACPS1A-20181126-1919.log [MD5.6D98C883F60681092FB653AFAD6D4552] - |A| - [26/11/2018 19:19:27] - (.-.) - [10.27 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-QACPS1A-20181126-1919a.log [MD5.FD965C062A7BDA9798DECD5DEBDE79BE] - |A| - [26/11/2018 19:40:35] - (.-.) - [10.66 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-QACPS1A-20181126-1940.log [MD5.72862F69A3E9CC0813FE7BD893A305BC] - |A| - [26/11/2018 20:29:11] - (.-.) - [10.28 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-QACPS1A-20181126-2029.log [MD5.2129C590B18413944A69C202D46751E7] - |A| - [26/11/2018 20:55:02] - (.-.) - [10.28 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-QACPS1A-20181126-2055.log [MD5.7FCFDF921B359B8D755D211C687BF52C] - |A| - [27/11/2018 17:56:27] - (.-.) - [5.69 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-QACPS1A-20181127-1756.log [MD5.461E2362E6429BC9627ADA7E7208AE7C] - |A| - [27/11/2018 17:56:46] - (.-.) - [9.75 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-QACPS1A-20181127-1756a.log [MD5.C8DE89B8BA90809A177E934807810768] - |A| - [27/11/2018 18:02:45] - (.-.) - [10.22 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-QACPS1A-20181127-1802.log [MD5.209B9B8A5C1EB6AF21216F68CB4BEFD6] - |A| - [28/11/2018 14:26:25] - (.-.) - [15.32 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-QACPS1A-20181128-1426.log [MD5.BE931027FD14349EC922B5C6A4EE6347] - |A| - [28/11/2018 14:26:25] - (.-.) - [9.74 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-QACPS1A-20181128-1426a.log [MD5.53489923BFEE585CC515B5D42EBC3517] - |A| - [28/11/2018 14:32:33] - (.-.) - [11.02 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-QACPS1A-20181128-1432.log [MD5.9B405DAED118BDC93A3BDD23ACB5BEB7] - |A| - [28/11/2018 15:48:36] - (.-.) - [10.28 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-QACPS1A-20181128-1548.log [MD5.80312511CF8C2E9036355CBE2FACAD4A] - |A| - [28/11/2018 16:09:35] - (.-.) - [11.54 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-QACPS1A-20181128-1609.log [MD5.011322E515501E39685359367643BC7A] - |A| - [28/11/2018 17:54:37] - (.-.) - [4.24 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-QACPS1A-20181128-1754.log [MD5.E27813EBC8A7FBD4C59A5C313FDA52F8] - |A| - [28/11/2018 19:16:51] - (.-.) - [10.77 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-QACPS1A-20181128-1916.log [MD5.1F4954CEA68885D64EC6A35DC531898D] - |A| - [28/11/2018 19:43:05] - (.-.) - [10.28 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-QACPS1A-20181128-1943.log [MD5.2255021062F43B2FFE260C2F0B98ED3E] - |A| - [29/11/2018 18:05:44] - (.-.) - [8.67 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-QACPS1A-20181129-1805.log [MD5.3B9985CD145D183BFFAA50B8890AA2B3] - |A| - [29/11/2018 18:32:41] - (.-.) - [15.32 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-QACPS1A-20181129-1832.log [MD5.BD31DF31B021657D79876EE30E75B31F] - |A| - [29/11/2018 18:40:32] - (.-.) - [15.54 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-QACPS1A-20181129-1840.log [MD5.E4E0AC5A3C0404CF1B2145B5E5DD019E] - |A| - [29/11/2018 18:46:36] - (.-.) - [10.25 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-QACPS1A-20181129-1846.log [MD5.04538B221D340A0BD53CAB7F5DAB6D85] - |A| - [29/11/2018 19:00:57] - (.-.) - [13.43 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-QACPS1A-20181129-1900.log [MD5.65825CD791824F8D9037824449664B0A] - |A| - [29/11/2018 19:06:43] - (.-.) - [10.25 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-QACPS1A-20181129-1906.log [MD5.44DF585925F200D7245749B7C62EEABC] - |A| - [29/11/2018 19:14:57] - (.-.) - [13.96 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-QACPS1A-20181129-1914.log [MD5.91DA5DAAF17E4CF642CFEF5D03FF88AE] - |A| - [29/11/2018 19:21:41] - (.-.) - [10.6 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-QACPS1A-20181129-1921.log [MD5.6333B68336543AFFB0B9A2F691D14008] - |A| - [29/11/2018 19:31:31] - (.-.) - [13.43 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-QACPS1A-20181129-1931.log [MD5.8FC6A0EE00E94CBC424D95A222D6F3E8] - |A| - [29/11/2018 19:37:37] - (.-.) - [10.6 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-QACPS1A-20181129-1937.log [MD5.099D9C8584617FD7C5F904A35B067BE1] - |A| - [29/11/2018 20:23:35] - (.-.) - [17.35 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-QACPS1A-20181129-2023.log [MD5.41AC4F84BCA3008A4784ED0727BA9E43] - |A| - [29/11/2018 20:30:25] - (.-.) - [9.21 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-QACPS1A-20181129-2030.log [MD5.B1EE6B4DD18B9677E48BA9D55FD5C1F4] - |A| - [29/11/2018 21:27:19] - (.-.) - [10.28 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-QACPS1A-20181129-2127.log [MD5.4D08AA084387CEEDD5177384E103375D] - |A| - [29/11/2018 21:32:25] - (.-.) - [157.63 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-QACPS1A-20181129-2132.log [MD5.698FF28AE1CD286043A3710742E40CA3] - |A| - [29/11/2018 21:38:29] - (.-.) - [10.61 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-QACPS1A-20181129-2138.log [MD5.B96FF8CB6FE360E4BCD570F7045ACC34] - |A| - [29/11/2018 22:16:53] - (.-.) - [11.55 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-QACPS1A-20181129-2216.log [MD5.888D339A5E11C4032CC24677C557A42E] - |A| - [02/12/2018 15:06:41] - (.-.) - [9.74 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-QACPS1A-20181202-1506.log [MD5.6B0B69A521C471C97336FC5A89692DA8] - |A| - [02/12/2018 15:06:41] - (.-.) - [15.32 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-QACPS1A-20181202-1506a.log [MD5.34E00D089B32EC99A3E27CDBD937495B] - |A| - [02/12/2018 15:21:27] - (.-.) - [255.33 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-QACPS1A-20181202-1521.log [MD5.635EC70ABCC913E2C767229D75772954] - |A| - [02/12/2018 16:11:47] - (.-.) - [10.61 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-QACPS1A-20181202-1611.log [MD5.72A536A910A7CA66E51B363E37B1935A] - |A| - [02/12/2018 16:20:59] - (.-.) - [10.66 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-QACPS1A-20181202-1620.log [MD5.36446C994A466FFEF3C6EED8B2775A6B] - |A| - [02/12/2018 16:39:17] - (.-.) - [213.55 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-QACPS1A-20181202-1639.log [MD5.02B9AD8C29EDAECECAE41AD2F7A612E6] - |A| - [02/12/2018 16:40:29] - (.-.) - [11.93 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-QACPS1A-20181202-1640.log [MD5.A8FE406B835A08CE64BF2D88ED7E7A70] - |A| - [02/12/2018 16:41:06] - (.-.) - [34.52 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-QACPS1A-20181202-1641.log [MD5.CC0E4CDFF5B33E26D1C81A9BF2B1485B] - |A| - [02/12/2018 16:55:08] - (.-.) - [10.28 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-QACPS1A-20181202-1655.log [MD5.6BBEC122048E69A5715A06526B900FBE] - |A| - [02/12/2018 17:04:10] - (.-.) - [11.32 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-QACPS1A-20181202-1704.log [MD5.F954533429C2EBDF36FCA936DB71AD31] - |A| - [02/12/2018 17:13:14] - (.-.) - [10.62 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-QACPS1A-20181202-1713.log [MD5.A898DCC93CCFD8C326C6C2E997F9ED75] - |A| - [02/12/2018 18:14:05] - (.-.) - [10.23 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-QACPS1A-20181202-1814.log [MD5.C0486A2F6C0FEC39BF93C79407E41E25] - |A| - [02/12/2018 18:21:47] - (.-.) - [10.65 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-QACPS1A-20181202-1821.log [MD5.FE72803E96ED01393A89F846F8FB0270] - |A| - [02/12/2018 18:39:56] - (.-.) - [11.34 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-QACPS1A-20181202-1839.log [MD5.9CF53A7DF245405B5D5C876A591833C5] - |A| - [02/12/2018 18:52:38] - (.-.) - [11.02 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-QACPS1A-20181202-1852.log [MD5.75EE4F989ABEA5A8B6976AA6C0EE8219] - |A| - [02/12/2018 19:12:25] - (.-.) - [10.25 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-QACPS1A-20181202-1912.log [MD5.87BB2C15EF1F48E1307DC7901ABB496F] - |A| - [02/12/2018 20:15:31] - (.-.) - [11.68 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-QACPS1A-20181202-2015.log [MD5.BC93F6E10D4D52EE2E363CDBCC90F470] - |A| - [02/12/2018 20:21:50] - (.-.) - [13.47 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-QACPS1A-20181202-2021.log [MD5.F13321FA014F38BB5116930C640C91C7] - |A| - [02/12/2018 20:27:27] - (.-.) - [10.28 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-QACPS1A-20181202-2027.log [MD5.857F01FA1B9CC5E2800750B5EE112CBE] - |A| - [02/12/2018 20:37:12] - (.-.) - [13.47 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-QACPS1A-20181202-2037.log [MD5.2B5D898104C2CE29BAAFB75E3D298EEC] - |A| - [02/12/2018 20:43:23] - (.-.) - [10.66 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-QACPS1A-20181202-2043.log [MD5.686D15CCB056E796940C4B04B73291D2] - |A| - [02/12/2018 20:50:21] - (.-.) - [16.11 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-QACPS1A-20181202-2050.log [MD5.60FD2B0265714B8AE7CD81BD4D61CA13] - |A| - [02/12/2018 21:21:12] - (.-.) - [10.61 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-QACPS1A-20181202-2121.log [MD5.3512D590D4C060C52140B821252BF11C] - |A| - [02/12/2018 21:27:12] - (.-.) - [14.47 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-QACPS1A-20181202-2127.log [MD5.ADDDE2FB131512B3BA98DB3364C50E51] - |A| - [02/12/2018 21:32:28] - (.-.) - [10.81 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-QACPS1A-20181202-2132.log [MD5.36340F0643B69B733CD6038998C2E0CB] - |A| - [02/12/2018 22:11:01] - (.-.) - [10.81 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-QACPS1A-20181202-2210.log [MD5.DC0A98559556F3E050DCDC6D2DF10C3C] - |A| - [02/12/2018 22:17:31] - (.-.) - [92.58 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-QACPS1A-20181202-2217.log [MD5.E282CF1CD2040DEFEC67BF22E5A185FF] - |A| - [02/12/2018 22:23:03] - (.-.) - [10.58 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-QACPS1A-20181202-2223.log [MD5.D8B1040F63A73AC59FA213D572DA9356] - |A| - [03/12/2018 18:23:11] - (.-.) - [8.63 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-QACPS1A-20181203-1823.log [MD5.B44CE593DF5DE8DF68A59B545411F87C] - |A| - [03/12/2018 18:23:53] - (.-.) - [15.71 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-QACPS1A-20181203-1823a.log [MD5.BCFD40216809804676E29715283AFFD5] - |A| - [03/12/2018 18:24:35] - (.-.) - [66.1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-QACPS1A-20181203-1824.log [MD5.00000000000000000000000000000000] - |D| - [02/12/2018 22:17:34] - [0 Ko] - C:\WINDOWS\Temp\DiagTrack_alternativeTrace [MD5.00000000000000000000000000000000] - |D| - [02/12/2018 22:17:34] - [0 Ko] - C:\WINDOWS\Temp\DiagTrack_aot [MD5.00000000000000000000000000000000] - |D| - [02/12/2018 22:17:34] - [0 Ko] - C:\WINDOWS\Temp\DiagTrack_diag [MD5.00000000000000000000000000000000] - |D| - [02/12/2018 22:17:34] - [0 Ko] - C:\WINDOWS\Temp\DiagTrack_miniTrace [MD5.00000000000000000000000000000000] - |D| - [09/06/2018 09:52:46] - [778.18 Ko] - C:\WINDOWS\Temp\DPTF [MD5.C5CCFB025A9CF88E5717B2A0992BBBC0] - |A| - [02/12/2018 15:31:38] - (.-.) - [18.12 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\HighPerformancePlan.log [MD5.A8D01C184E8A59616BC635336D89BB77] - |A| - [29/11/2018 18:40:29] - (.-.) - [2.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20181129-184029-0.log [MD5.E492581809DF5334477BCD24BC6F0458] - |A| - [29/11/2018 19:01:03] - (.-.) - [2.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20181129-190102-0.log [MD5.6150E617671E103AACF189F68FA0CC16] - |A| - [29/11/2018 19:14:57] - (.-.) - [2.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20181129-191457-0.log [MD5.23DA14A33E71DEA6029787677A0B6E65] - |A| - [29/11/2018 19:31:35] - (.-.) - [2.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20181129-193135-0.log [MD5.F423537E754D09F9C855DF07CB4F1C16] - |A| - [29/11/2018 20:23:41] - (.-.) - [2.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20181129-202341-0.log [MD5.FFBF0EB02541D0D1B0C78D78791E11C1] - |A| - [29/11/2018 21:32:31] - (.-.) - [2.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20181129-213231-0.log [MD5.F8E072D218536DECCB23F91B05BB1AC9] - |A| - [02/12/2018 20:21:58] - (.-.) - [2.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20181202-202158-0.log [MD5.E3D4D3C78117D3F912BC8A95043F26FD] - |A| - [02/12/2018 20:37:19] - (.-.) - [2.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20181202-203719-0.log [MD5.D31CFF6F716C2FA9CCF95BCE331617B2] - |A| - [02/12/2018 20:50:30] - (.-.) - [2.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20181202-205030-0.log [MD5.2421DC480C4C248D20642B0AACD851B0] - |A| - [02/12/2018 21:27:24] - (.-.) - [2.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20181202-212724-0.log [MD5.DEB6545B8DD6576A1D7FFB7EC6B9BB68] - |A| - [02/12/2018 22:17:59] - (.-.) - [2.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20181202-221759-0.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [29/11/2018 18:40:33] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(20181129184033D50).log [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [29/11/2018 19:00:57] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(20181129190057CA4).log [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [29/11/2018 19:14:58] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(20181129191458D44).log [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [29/11/2018 19:31:31] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(20181129193131CEC).log [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [29/11/2018 20:23:36] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(20181129202336D0C).log [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [02/12/2018 16:39:18] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(2018120216391717F8).log [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [02/12/2018 20:21:52] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(20181202202152CEC).log [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [02/12/2018 20:37:16] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(20181202203716D3C).log [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [02/12/2018 20:50:24] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(20181202205024D10).log [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [02/12/2018 21:27:14] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(20181202212714D1C).log [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [02/12/2018 22:17:33] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(20181202221733D04).log [MD5.38ECDEDFF4CEB5EB378BE3B51584C4CC] - |A| - [02/12/2018 15:31:37] - (.-.) - [0.1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PowerPlan.log [MD5.00000000000000000000000000000000] - |D| - [09/06/2018 10:05:09] - [0 Ko] - C:\WINDOWS\Temp\_avast_ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:18:38] - [0 Ko] - C:\WINDOWS\System32\0409 [MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [12/04/2018 00:34:20] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@AudioToastIcon.png [MD5.8E4B25CC8E98F63DBD54176DFAB539E0] - |A| - [12/04/2018 00:34:07] - (.-.) - [0.44 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@BackgroundAccessToastIcon.png [MD5.3937359E324E15F6A7A7092D4DAEBD64] - |A| - [12/04/2018 00:34:25] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@bitlockertoastimage.png [MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [12/04/2018 00:34:14] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@EnrollmentToastIcon.png [MD5.C2A332DE50FE519DA21AFB8BD6E134F4] - |A| - [12/04/2018 00:34:27] - (.-.) - [0.55 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@language_notification_icon.png [MD5.A119D69B4C29845D3F8CE2E5638C8E65] - |A| - [12/04/2018 00:34:32] - (.-.) - [0.47 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@optionalfeatures.png [MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [12/04/2018 00:34:33] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@VpnToastIcon.png [MD5.7AC3EA1A5175106ED6467FF0C5315541] - |A| - [12/04/2018 00:34:44] - (.-.) - [14.75 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WiFiNotificationIcon.png [MD5.79166EAF65485F1432DD72B72870026B] - |A| - [12/04/2018 00:34:04] - (.-.) - [190.86 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@windows-hello-V4.1.gif [MD5.13EF2C8D799F7B6E9D8E3D6BACB9C779] - |A| - [12/04/2018 00:34:04] - (.-.) - [0.7 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsHelloFaceToastIcon.png [MD5.F553B252FEC3134D4F5303D9B25298B3] - |A| - [12/04/2018 00:33:53] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsUpdateToastIcon.contrast-black.png [MD5.DAD405CBDE259DE527EBF71BCC28099C] - |A| - [12/04/2018 00:33:53] - (.-.) - [0.79 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsUpdateToastIcon.contrast-white.png [MD5.F553B252FEC3134D4F5303D9B25298B3] - |A| - [12/04/2018 00:33:53] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsUpdateToastIcon.png [MD5.DB71001FC261F6685BE410527DAE3942] - |A| - [12/04/2018 00:34:20] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WirelessDisplayToast.png [MD5.D0FCF781D0801ABF5F74B54E98076A5B] - |A| - [12/04/2018 00:34:12] - (.-.) - [0.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WwanNotificationIcon.png [MD5.85D91E478AF18125007C531227FF6E59] - |A| - [12/04/2018 00:34:12] - (.-.) - [0.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WwanSimLockIcon.png [MD5.2CF5702D595641A1836183C7ED5D3D86] - |A| - [04/07/2017 16:57:17] - (.-.) - [115.81 Ko] - (0.0.0.0) - C:\WINDOWS\System32\AcpiServiceVnA64.dll [MD5.00000000000000000000000000000000] - |D| - [11/04/2018 22:04:39] - [2891.9 Ko] - C:\WINDOWS\System32\AdvancedInstallers [MD5.3A35DB5593F0337EBB28D4BDBA05C064] - |A| - [22/11/2013 03:53:22] - (.-.) - [1052 Ko] - (0.0.0.0) - C:\WINDOWS\System32\AmRdrIco.icl [MD5.391AFE878ECE5DC2EE1A9F193D6F5877] - |A| - [08/04/2016 08:48:18] - (.-.) - [40.97 Ko] - (0.0.0.0) - C:\WINDOWS\System32\AmUStor.ini [MD5.B4F803BBEAFAD4DE89C6D3718E93F4F0] - |A| - [12/04/2018 00:34:15] - (.Copyright (c) libarchive authors - Windows-internal libarchive library.) - [602 Ko] - (3.3.2.0) - C:\WINDOWS\System32\archiveint.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [30.5 Ko] - C:\WINDOWS\System32\as-IN [MD5.2739541E40911430031AA9FA92165C14] - |A| - [22/11/2018 19:53:44] - (.Copyright (c) 2018 AVAST Software - Avast start-up scanner.) - [369.71 Ko] - (18.8.4084.0) - C:\WINDOWS\System32\aswBoot.exe [MD5.8840EC88A65EBDA9398BF19905888A77] - |A| - [04/07/2017 16:59:35] - (.-.) - [92.93 Ko] - (0.0.0.0) - C:\WINDOWS\System32\athw10x.cat [MD5.67ED43B6B02A3CC847C30B63EA085688] - |A| - [04/07/2017 16:59:36] - (.-.) - [426.13 Ko] - (0.0.0.0) - C:\WINDOWS\System32\athw10x.inf [MD5.C620BA04BEF23496D85B91050425E581] - |A| - [04/07/2017 16:59:36] - (.Copyright (C) 2001-2010 Qualcomm Atheros Communications, Inc. - Qualcomm Atheros Extensible Wireless LAN device driver.) - [4217.43 Ko] - (10.0.0.345) - C:\WINDOWS\System32\athw10x.sys [MD5.BE8E4A0C9D6ED244DC3088E2274DBD4F] - |A| - [04/07/2017 16:57:18] - (.-.) - [102.84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\audioLibVc.dll [MD5.C03F0062C0749CDB59A4D60862C3E83E] - |A| - [12/04/2018 00:34:04] - (.-.) - [134.86 Ko] - (0.0.0.0) - C:\WINDOWS\System32\AverageRoom.bin [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [30 Ko] - C:\WINDOWS\System32\az-Latn-AZ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [29.5 Ko] - C:\WINDOWS\System32\be-BY [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [345.5 Ko] - C:\WINDOWS\System32\bg-BG [MD5.705628497C0012302212A46ADD463E6E] - |A| - [12/04/2018 00:34:02] - (.-.) - [8.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.contrast-black.png [MD5.F63C615733A3337BF2BEA96C6EE9B568] - |A| - [12/04/2018 00:34:02] - (.-.) - [8.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.contrast-high.png [MD5.705628497C0012302212A46ADD463E6E] - |A| - [12/04/2018 00:34:02] - (.-.) - [8.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.contrast-white.png [MD5.DAF1DCB4AEE839A1965F4CC160C49A53] - |A| - [12/04/2018 00:34:02] - (.-.) - [8.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.png [MD5.28ECA83D7F9D10D69E969675D1FF6725] - |A| - [12/04/2018 00:34:02] - (.-.) - [1.29 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothSystemToastIcon.contrast-white.png [MD5.A620186FF1CDE4EE117FC4CAD648B9CC] - |A| - [12/04/2018 00:34:02] - (.-.) - [1.2 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [28.5 Ko] - C:\WINDOWS\System32\bn-BD [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [29.5 Ko] - C:\WINDOWS\System32\bn-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [4831.1 Ko] - C:\WINDOWS\System32\Boot [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [28.5 Ko] - C:\WINDOWS\System32\bs-Latn-BA [MD5.06DB0A736F8A78151518276F232669FC] - |A| - [12/04/2018 00:34:19] - (.Copyright (C) 2008 - Gestionnaire de contexte pour réseau personnel Bluetooth.) - [181 Ko] - (1.0.0.1) - C:\WINDOWS\System32\BthpanContextHandler.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [0.1 Ko] - C:\WINDOWS\System32\Bthprops [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [30.5 Ko] - C:\WINDOWS\System32\ca-ES [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [31 Ko] - C:\WINDOWS\System32\ca-ES-valencia [MD5.18281F504814E029D65203E17DB173FF] - |A| - [12/07/2013 05:05:06] - (.-.) - [0.01 Ko] - (0.0.0.0) - C:\WINDOWS\System32\CardDetect6339.bin [MD5.F19289062E5CCEEA718A72CFE9F7354D] - |A| - [07/09/2015 04:15:06] - (.-.) - [0.01 Ko] - (0.0.0.0) - C:\WINDOWS\System32\CardDetect6361.bin [MD5.8D2D7DF5BBD593088EDF373FE87F3E72] - |A| - [09/08/2013 04:06:44] - (.-.) - [0.01 Ko] - (0.0.0.0) - C:\WINDOWS\System32\CardDetect6362.bin [MD5.B00577BC5FAFAAA1D611F379D0098096] - |A| - [15/12/2010 04:27:26] - (.-.) - [0.01 Ko] - (0.0.0.0) - C:\WINDOWS\System32\CardDetect6366.bin [MD5.DDDA2489940138D5F68F156EF016836D] - |A| - [07/09/2015 04:14:22] - (.-.) - [0.01 Ko] - (0.0.0.0) - C:\WINDOWS\System32\CardDetect6420.bin [MD5.FCF5AF2016ADF65A97B579A67730F1B6] - |A| - [28/06/2012 13:19:06] - (.-.) - [0.01 Ko] - (0.0.0.0) - C:\WINDOWS\System32\CardDetect6485.bin [MD5.00000000000000000000000000000000] - |D| - [11/04/2018 22:04:33] - [68012.23 Ko] - C:\WINDOWS\System32\CatRoot [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [43872.28 Ko] - C:\WINDOWS\System32\catroot2 [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [23 Ko] - C:\WINDOWS\System32\chr-CHER-US [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [3154.2 Ko] - C:\WINDOWS\System32\CodeIntegrity [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [368 Ko] - C:\WINDOWS\System32\com [MD5.535884123FABC2C15AA7DEC9834B55D4] - |A| - [12/04/2018 00:34:02] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ComputerToastIcon.contrast-white.png [MD5.89F92266DFC6F93961DFFBB2D6C61A15] - |A| - [12/04/2018 00:34:02] - (.-.) - [0.38 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ComputerToastIcon.png [MD5.F4E67750E1F44A194AA5570CD35C797F] - |A| - [04/07/2017 16:57:18] - (.2013 © Real Sound Lab SIA, iSoft Solutions - CONEQ™ Media Suite APO GUI Library.) - [119.45 Ko] - (1.0.0.4) - C:\WINDOWS\System32\CONEQMSAPOGUILibrary.dll [MD5.00000000000000000000000000000000] - |D| - [11/04/2018 22:04:33] - [330996.82 Ko] - C:\WINDOWS\System32\config [MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 00:38:21] - [53.11 Ko] - C:\WINDOWS\System32\Configuration [MD5.0E7CCD69215CA3615CDF824D81D82D1B] - |A| - [27/10/2016 04:32:37] - (.-.) - [547.13 Ko] - (0.0.0.0) - C:\WINDOWS\System32\cp_resources.bin [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [403.5 Ko] - C:\WINDOWS\System32\cs-CZ [MD5.BDEBD2FC4927DA00EEA263AF9CF8F7ED] - |A| - [12/04/2018 00:34:15] - (.© 1996 - 2017 Daniel Stenberg, . - The curl executable.) - [414.5 Ko] - (7.55.1.0) - C:\WINDOWS\System32\curl.exe [MD5.267D7DB40663956D0F597D52D8D5DFE9] - |A| - [04/07/2017 16:57:18] - (.©Conexant Systems Inc. - Conexant APO.) - [1580.34 Ko] - (1.65.0.0) - C:\WINDOWS\System32\CX64APO.dll [MD5.E6144571FB7D07D04A34752306B11FB2] - |A| - [04/07/2017 16:57:18] - (.©Conexant Systems Inc. - Conexant MFX APO Proxy.) - [1493.3 Ko] - (1.2.0.0) - C:\WINDOWS\System32\CX64Proxy.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [31.5 Ko] - C:\WINDOWS\System32\cy-GB [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [399 Ko] - C:\WINDOWS\System32\da-DK [MD5.48E51DAA9278C41213957795D439A274] - |A| - [19/11/2018 16:16:04] - (.-.) - [138 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DataStoreCacheDumpTool.exe [MD5.00000000000000000000000000000000] - |D| - [04/07/2017 16:58:12] - [11634.97 Ko] - C:\WINDOWS\System32\DAX2 [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [217.6 Ko] - C:\WINDOWS\System32\DDFs [MD5.DB17FD6C5D8E1E2BD2BD7C3375DCED77] - |A| - [04/07/2017 16:57:19] - (.©2014 Dolby Laboratories. - Dolby Digital Plus API x86.) - [266.33 Ko] - (7.6.5.1) - C:\WINDOWS\System32\DDPA64.dll [MD5.A0F011CE8253E68F1D1DB4E19AB4713B] - |A| - [04/07/2017 16:57:19] - (.©2014 Dolby Laboratories. - Dolby Digital Plus API x86.) - [303.15 Ko] - (7.6.7.2) - C:\WINDOWS\System32\DDPA64F3.dll [MD5.60AE6DEA6761EE1C2B1BAC84F9CC40F5] - |A| - [04/07/2017 16:57:19] - (.©2014 Dolby Laboratories. - Dolby Digital Plus COM DLL x86.) - [1919.74 Ko] - (7.6.5.1) - C:\WINDOWS\System32\DDPD64A.dll [MD5.2D1B5A842E263E2B463A9CF7E7340994] - |A| - [04/07/2017 16:57:19] - (.©2014 Dolby Laboratories. - Dolby Digital Plus COM DLL x86.) - [1913.68 Ko] - (7.6.7.2) - C:\WINDOWS\System32\DDPD64AF3.dll [MD5.DC710DFE4F9A0CC0EC3BD4F3EF005A26] - |A| - [04/07/2017 16:57:19] - (.©2014 Dolby Laboratories. - Dolby Digital Plus APO x86.) - [319.78 Ko] - (7.6.5.1) - C:\WINDOWS\System32\DDPO64A.dll [MD5.638F1BF271357AFDAAF32CB08793E78A] - |A| - [04/07/2017 16:57:19] - (.©2014 Dolby Laboratories. - Dolby Digital Plus APO x86.) - [353.57 Ko] - (7.6.7.2) - C:\WINDOWS\System32\DDPO64AF3.dll [MD5.65D24171340FE0CFF796EA74B27125FC] - |A| - [04/07/2017 16:57:19] - (.©2014 Dolby Laboratories. - Dolby DS1PC Control Panel x86.) - [6929.88 Ko] - (7.6.5.1) - C:\WINDOWS\System32\DDPP64A.dll [MD5.F73F17DBCFADE649B0EE7A22E8A121E0] - |A| - [04/07/2017 16:57:19] - (.©2014 Dolby Laboratories. - Dolby DS1PC Control Panel x86.) - [6117.81 Ko] - (7.6.7.2) - C:\WINDOWS\System32\DDPP64AF3.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [453 Ko] - C:\WINDOWS\System32\de-DE [MD5.C04ED7B2794D40E8E777FD44ED44FC50] - |A| - [12/04/2018 00:34:06] - (.-.) - [0.36 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultAccountTile.png [MD5.618BA9E529EAB7E11DBA43469481835F] - |A| - [12/04/2018 00:34:04] - (.-.) - [4128.04 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultHrtfs.bin [MD5.664AA698FC0106A2B075A641E8DC6302] - |A| - [12/04/2018 00:38:27] - (.-.) - [0.84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultQuestions.json [MD5.851A9305E14B348CA0D9C7FB75391FDB] - |A| - [19/11/2018 16:18:04] - (.-.) - [272.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DesktopKeepOnToastImg.gif [MD5.4A6FA3C0EFD237F104E09A22883D9388] - |A| - [12/04/2018 00:34:17] - (.-.) - [3.85 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DetailedReading-Default.xml [MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 00:38:21] - [923.5 Ko] - C:\WINDOWS\System32\DiagSvcs [MD5.12ACC91FA93C8BF82D4EF3FB779ECEF8] - |A| - [12/04/2018 00:34:24] - (.-.) - [80.27 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DiskSnapshot.conf [MD5.00000000000000000000000000000000] - |D| - [11/04/2018 22:04:37] - [9781.27 Ko] - C:\WINDOWS\System32\Dism [MD5.6AB2B935BF38EB13CFCB9506223FD6E7] - |A| - [12/04/2018 00:34:02] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DisplaySystemToastIcon.contrast-white.png [MD5.FF004E0B30E5E4EC747B3D8EF6E3B89E] - |A| - [12/04/2018 00:34:02] - (.-.) - [0.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DisplaySystemToastIcon.png [MD5.ECD63F33C96FD023F093E2FEB4CCA7F9] - |A| - [11/04/2018 12:43:43] - (.-.) - [5449.25 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Doc1.docx [MD5.6AF234DBB1EE0339AC5282556C0DE384] - |A| - [04/07/2017 16:57:20] - (.© 2016 Dolby Laboratories, Inc. - Dolby DAX2 APO Property Page.) - [1107.02 Ko] - (0.7.5.31) - C:\WINDOWS\System32\DolbyDAX2APOProp.dll [MD5.E07F0BB41E9FD11A69F7FF215ADAF98F] - |A| - [04/07/2017 16:57:20] - (.© 2016 Dolby Laboratories, Inc. - Dolby DAX2 APO.) - [2387.4 Ko] - (0.7.5.31) - C:\WINDOWS\System32\DolbyDAX2APOv201.dll [MD5.6FF5452AB0A1070415D3B0DCA7C47FC9] - |A| - [04/07/2017 16:57:20] - (.© 2016 Dolby Laboratories, Inc. - Dolby DAX2 APO.) - [5221.69 Ko] - (0.7.5.31) - C:\WINDOWS\System32\DolbyDAX2APOv211.dll [MD5.00000000000000000000000000000000] - |D| - [11/04/2018 22:04:37] - [2404.09 Ko] - C:\WINDOWS\System32\downlevel [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:37:59] - [114930.14 Ko] - C:\WINDOWS\System32\drivers [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [0 Ko] - C:\WINDOWS\System32\DriverState [MD5.00000000000000000000000000000000] - |D| - [11/04/2018 22:04:33] - [1492581.39 Ko] - C:\WINDOWS\System32\DriverStore [MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 00:38:21] - [161.5 Ko] - C:\WINDOWS\System32\dsc [MD5.DED2E881E83CF3C488572A0DE72D8016] - |A| - [04/07/2017 16:57:20] - (.(c) DTS. - DTS Bass Enhancement COM DLL.) - [726.53 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSBassEnhancementDLL64.dll [MD5.D36577120FA2D26B8F11CD987CBBBE08] - |A| - [04/07/2017 16:57:20] - (.(c) DTS. - DTS Boost COM DLL.) - [1473.57 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSBoostDLL64.dll [MD5.2A960A246A59A476CEE9512A76A470F3] - |A| - [04/07/2017 16:57:20] - (.(c) DTS. - DTS Gain Compensator COM DLL.) - [430.93 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSGainCompensatorDLL64.dll [MD5.4B8318C7E4AB4C108BA44F657289B311] - |A| - [04/07/2017 16:57:20] - (.(c) DTS. - DTS GFX APO.) - [247.95 Ko] - (1.0.0.3) - C:\WINDOWS\System32\DTSGFXAPO64.dll [MD5.1ED63F2C6A7968AD94CD67EE90A400A4] - |A| - [04/07/2017 16:57:20] - (.(c) DTS. - DTS GFX APO.) - [246.95 Ko] - (1.0.0.3) - C:\WINDOWS\System32\DTSGFXAPONS64.dll [MD5.44137BD31C662893ECD6AC85928E9361] - |A| - [04/07/2017 16:57:20] - (.(c) DTS. - DTS LFX APO.) - [247.92 Ko] - (1.0.0.3) - C:\WINDOWS\System32\DTSLFXAPO64.dll [MD5.F747462ABE0E11DC6A3160C8E0292701] - |A| - [04/07/2017 16:57:20] - (.(c) DTS. - DTS Limiter COM DLL.) - [434.96 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSLimiterDLL64.dll [MD5.8A6EB675BCF9FA993483F438891CA868] - |A| - [04/07/2017 16:57:20] - (.(c) DTS. - DTS NEO:PC COM DLL.) - [492.49 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSNeoPCDLL64.dll [MD5.C0B37FCB449F6DA8779E94C56DBE575D] - |A| - [04/07/2017 16:57:21] - (.(c) DTS. - DTS Surround Sensation Headphone COM DLL.) - [1553.77 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSS2HeadphoneDLL64.dll [MD5.D1B9B7AF535CCFE69CC6D5AF8C7A0AB7] - |A| - [04/07/2017 16:57:21] - (.(c) DTS. - DTS Surround Sensation Speaker COM DLL.) - [1738.89 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSS2SpeakerDLL64.dll [MD5.D211A991EB7BC178209C01BECAB164C9] - |A| - [04/07/2017 16:57:21] - (.(c) DTS. - DTS Symmetry COM DLL.) - [710.39 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSSymmetryDLL64.dll [MD5.1D43EA9D5B6693B952F053229F453763] - |A| - [04/07/2017 16:57:21] - (.(c) DTS. - DTS GFX APO.) - [488.83 Ko] - (2.1.1.0) - C:\WINDOWS\System32\DTSU2PGFX64.dll [MD5.0A44D5408A7F46671E6D0A2302DD7AA0] - |A| - [04/07/2017 16:57:21] - (.(c) DTS. - DTS LFX APO.) - [502.47 Ko] - (2.1.1.0) - C:\WINDOWS\System32\DTSU2PLFX64.dll [MD5.F55C8EB5BB7D66543FECBEFB0D2DC0BE] - |A| - [04/07/2017 16:57:21] - (.(c) DTS. - DTS LFX APO.) - [418.2 Ko] - (2.1.1.0) - C:\WINDOWS\System32\DTSU2PREC64.dll [MD5.C5013D18DFDCE9001BCC5A46A83E872C] - |A| - [04/07/2017 16:57:21] - (.(c) DTS. - DTS Voice Clarity COM DLL.) - [691.71 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSVoiceClarityDLL64.dll [MD5.DF84EB7B44D1414284BA384F0061D1DC] - |A| - [12/04/2018 00:34:04] - (.-.) - [728.08 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DynamicLong.bin [MD5.346870077DFD18867A9693C7A59AA3E6] - |A| - [12/04/2018 00:34:04] - (.-.) - [503.08 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DynamicMedium.bin [MD5.2BEC13D68312ADE8C0065D8BCC146D2F] - |A| - [12/04/2018 00:34:04] - (.-.) - [315.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DynamicShort.bin [MD5.08C33E4AB904EC0960B0781ED26AE039] - |A| - [12/04/2018 00:33:52] - (.-.) - [2.04 Ko] - (0.0.0.0) - C:\WINDOWS\System32\edgehtmlpluginpolicy.bin [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [451.5 Ko] - C:\WINDOWS\System32\el-GR [MD5.4238FE95980E8D970A360DD6B6690DE1] - |A| - [05/01/2018 16:17:50] - (.-.) - [22.66 Ko] - (0.0.0.0) - C:\WINDOWS\System32\emptyregdb.dat [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:18:38] - [0 Ko] - C:\WINDOWS\System32\en [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [324 Ko] - C:\WINDOWS\System32\en-GB [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [2138.53 Ko] - C:\WINDOWS\System32\en-US [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [433.5 Ko] - C:\WINDOWS\System32\es-ES [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [358.5 Ko] - C:\WINDOWS\System32\es-MX [MD5.053B93AEC39E5F83B13066A4924AB307] - |A| - [19/11/2018 15:27:49] - (.Copyright (C) SEIKO EPSON CORP. 2005 - EPSON Scanner device co-installer.) - [17 Ko] - (1.3.0.1) - C:\WINDOWS\System32\esxcdev.dll [MD5.BAC5074667751F72A9CE48CDC31BAC48] - |A| - [16/12/2017 14:26:01] - (.Copyright (C) 2007 SEIKO EPSON CORP. - E_GCINST.) - [10.5 Ko] - (1.0.0.6) - C:\WINDOWS\System32\E_GCINST.DLL [MD5.225B67EE62F582B3BEFC5DAF72E8FAA2] - |A| - [16/12/2017 14:25:56] - (.Copyright (C) SEIKO EPSON CORPORATION 2005-2009. - ECBTEGB AMD64.) - [86 Ko] - (3.1.0.0) - C:\WINDOWS\System32\E_IBCBGDE.DLL [MD5.059B16DB7FD14D38B7F4E312D793B972] - |A| - [16/12/2017 14:25:58] - (.Copyright (C) SEIKO EPSON CORPORATION 2005-2008. - EPSON Bi-directional Monitor AMD64.) - [116 Ko] - (3.0.0.0) - C:\WINDOWS\System32\E_ILMGDE.DLL [MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 00:38:21] - [17125.14 Ko] - C:\WINDOWS\System32\F12 [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [28.5 Ko] - C:\WINDOWS\System32\fa-IR [MD5.4DBB768C8F7E49566670FF10A61726A3] - |A| - [11/07/2018 14:34:49] - (.-.) - [1278 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FaceProcessor.dll [MD5.F5A3997555DA1A4F7036D4E8B2FCB386] - |A| - [11/07/2018 14:33:50] - (.-.) - [530.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FaceProcessorCore.dll [MD5.BB0137476B1EC8B10CE944BF023C91F6] - |A| - [12/04/2018 00:34:04] - (.-.) - [1317.05 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FaceTrackerInternal.dll [MD5.4DED57BD7ACB9B0EBBE82034EC44645A] - |A| - [12/04/2018 00:34:41] - (.-.) - [43.22 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FeatureToastBulldogImg.png [MD5.E65D2A37B6D4445D0CD9234BA933475B] - |A| - [12/04/2018 00:33:53] - (.-.) - [72.96 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FeatureToastHeroImg.jpg [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [404.5 Ko] - C:\WINDOWS\System32\fi-FI [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [32.5 Ko] - C:\WINDOWS\System32\fil-PH [MD5.A4E40E4EA05A8F27ADC3BA717F417B13] - |A| - [09/06/2018 09:49:38] - (.-.) - [405.17 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FNTCACHE.DAT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:18:38] - [3403 Ko] - C:\WINDOWS\System32\fr [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [369 Ko] - C:\WINDOWS\System32\fr-CA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [45667.5 Ko] - C:\WINDOWS\System32\fr-FR [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [0 Ko] - C:\WINDOWS\System32\FxsTmp [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [32.5 Ko] - C:\WINDOWS\System32\ga-IE [MD5.41FD64AE28A0C932CA7B2A250993D675] - |A| - [12/04/2018 00:34:02] - (.-.) - [1.45 Ko] - (0.0.0.0) - C:\WINDOWS\System32\GameSystemToastIcon.contrast-white.png [MD5.6DC77FD8B062264AF1C6DA325ABB7010] - |A| - [12/04/2018 00:34:02] - (.-.) - [1.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\GameSystemToastIcon.png [MD5.2E6AF4D5BF6E31E728F409984C3045D4] - |A| - [12/04/2018 00:34:39] - (.-.) - [86.7 Ko] - (0.0.0.0) - C:\WINDOWS\System32\gatherNetworkInfo.vbs [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [34 Ko] - C:\WINDOWS\System32\gd-GB [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [04/07/2017 16:54:51] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\System32\GfxValDisplayLog.bin [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [31 Ko] - C:\WINDOWS\System32\gl-ES [MD5.00000000000000000000000000000000] - |HD| - [16/07/2016 12:47:48] - [0 Ko] - C:\WINDOWS\System32\GroupPolicy [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [0 Ko] - C:\WINDOWS\System32\GroupPolicyUsers [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [29 Ko] - C:\WINDOWS\System32\gu-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [29 Ko] - C:\WINDOWS\System32\ha-Latn-NG [MD5.EA99A87E98D995DE6E280CF85CEAD413] - |A| - [12/04/2018 00:34:02] - (.-.) - [1.21 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HandwritingSystemToastIcon.contrast-white.png [MD5.B8E586ED92DB703FFA480E254996160E] - |A| - [12/04/2018 00:34:02] - (.-.) - [0.89 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HandwritingSystemToastIcon.png [MD5.F9A4181463C7AFE07625D2CBDCCD1426] - |A| - [04/07/2017 16:57:22] - (.(c) 2016 Harman. - Harman APO Interface.) - [150.75 Ko] - (1.2.0.0) - C:\WINDOWS\System32\HarmanAudioInterface.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [327.5 Ko] - C:\WINDOWS\System32\he-IL [MD5.6E9E9D56B192B2995493E529CFF2BBFE] - |A| - [12/04/2018 00:34:02] - (.-.) - [1.43 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadphoneSystemToastIcon.contrast-white.png [MD5.7F1E9502267F778F3A8139C35A352190] - |A| - [12/04/2018 00:34:02] - (.-.) - [1.09 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadphoneSystemToastIcon.png [MD5.202A07E4526B050E22624328E64E0470] - |A| - [12/04/2018 00:34:02] - (.-.) - [1.52 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadsetSystemToastIcon.contrast-white.png [MD5.1892ACC10CAC009BCAC146AD650ABA58] - |A| - [12/04/2018 00:34:02] - (.-.) - [1.17 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadsetSystemToastIcon.png [MD5.031713BFD5F30E63336D3CA5D2767BE9] - |A| - [12/04/2018 00:34:02] - (.-.) - [1.79 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HealthSystemToastIcon.contrast-white.png [MD5.C1BD7976C99830E33A713D02374054EC] - |A| - [12/04/2018 00:34:02] - (.-.) - [1.62 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HealthSystemToastIcon.png [MD5.D6906D226393F94E7D8B3B2AC1E41D94] - |A| - [12/04/2018 00:34:10] - (.-.) - [247.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeatCore.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [29 Ko] - C:\WINDOWS\System32\hi-IN [MD5.0EEC6668CA85298C3ED36E9AABFF5664] - |A| - [04/07/2017 16:57:22] - (.© 2016 Dolby Laboratories, Inc. - Dolby DAX2 HiFi API.) - [369.52 Ko] - (0.7.5.65) - C:\WINDOWS\System32\HiFiDAX2API.dll [MD5.A95B4CEAE9B1CDC0C8114461F8286E9E] - |A| - [04/07/2017 16:57:22] - (.© Harman. - Audio by Harman APO.) - [351.91 Ko] - (1.4.0.0) - C:\WINDOWS\System32\HMClariFi.dll [MD5.34DCCABADA8E0AE7FAAD428A05D7124E] - |A| - [04/07/2017 16:57:22] - (.© Harman. - Audio by Harman APO.) - [186.46 Ko] - (1.4.0.0) - C:\WINDOWS\System32\HMEQ.dll [MD5.E979C820996928F531A3C39635DA0838] - |A| - [04/07/2017 16:57:22] - (.© Harman. - Audio by Harman APO.) - [186.47 Ko] - (1.4.0.0) - C:\WINDOWS\System32\HMEQ_Voice.dll [MD5.06512B99BF0DC4675A337333DB5675FC] - |A| - [04/07/2017 16:57:23] - (.© Harman. - Audio by Harman APO.) - [199.07 Ko] - (1.4.0.0) - C:\WINDOWS\System32\HMHVS.dll [MD5.1B16D301F103445A2CE1BD412B19CB89] - |A| - [04/07/2017 16:57:23] - (.© Harman. - Audio by Harman APO.) - [175.39 Ko] - (1.4.0.0) - C:\WINDOWS\System32\HMLimiter.dll [MD5.EBD2629C49B9DF09638ED1FAA20BDC8C] - |A| - [04/07/2017 16:57:23] - (.?Harman. - Audio by Harman APO UI.) - [406.75 Ko] - (1.4.0.0) - C:\WINDOWS\System32\HMUI.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [335 Ko] - C:\WINDOWS\System32\hr-HR [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [411 Ko] - C:\WINDOWS\System32\hu-HU [MD5.E1712E7E7F912EC72EEDA318C3B25E25] - |A| - [12/04/2018 00:33:54] - (.-.) - [31 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HvSocket.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [27.5 Ko] - C:\WINDOWS\System32\hy-AM [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:20] - [160.64 Ko] - C:\WINDOWS\System32\hydrogen [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [5.36 Ko] - C:\WINDOWS\System32\ias [MD5.8FCC8E98BE47FF981955CEF7894A8989] - |A| - [04/07/2017 16:57:23] - (.Copyright (c) 2016, ICEpower a/s - ICEpower ICEsound audio effects.) - [461.24 Ko] - (1.0.0.20) - C:\WINDOWS\System32\ICEsoundAPO64.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [36.27 Ko] - C:\WINDOWS\System32\icsxml [MD5.CD591279F103D5E02F84ABD7ED450E57] - |RA| - [12/04/2018 00:34:12] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU I18N DLL.) - [1848 Ko] - (59.1.0.0) - C:\WINDOWS\System32\icuin.dll [MD5.4185EE055F39FD2D726A91E6A8A1A093] - |RA| - [12/04/2018 00:34:12] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Common DLL.) - [1311.5 Ko] - (59.1.0.0) - C:\WINDOWS\System32\icuuc.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [28.5 Ko] - C:\WINDOWS\System32\id-ID [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [27 Ko] - C:\WINDOWS\System32\ig-NG [MD5.2686C0E14D14B2CE8C4C97783C2E0841] - |A| - [27/10/2016 05:07:29] - (.-.) - [265.03 Ko] - (0.0.0.0) - C:\WINDOWS\System32\igfxCPL.cpl [MD5.67B646C256190F118619C9D10AAE4B5C] - |A| - [12/04/2018 00:34:04] - (.-.) - [168 Ko] - (0.0.0.0) - C:\WINDOWS\System32\IHDS.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [25220 Ko] - C:\WINDOWS\System32\IME [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [0 Ko] - C:\WINDOWS\System32\inetsrv [MD5.BB1480586B5C174900A1051CEB2B462F] - |A| - [12/04/2018 00:34:12] - (.-.) - [480.22 Ko] - (0.0.0.0) - C:\WINDOWS\System32\InputHost.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [6671.5 Ko] - C:\WINDOWS\System32\InputMethod [MD5.8DE9AE82152650C178BF1E24014E8503] - |A| - [12/04/2018 00:34:02] - (.-.) - [1.25 Ko] - (0.0.0.0) - C:\WINDOWS\System32\InputSystemToastIcon.contrast-white.png [MD5.0B9FBD6F3ED617CD36D042D3422F1C2B] - |A| - [12/04/2018 00:34:02] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\InputSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [04/07/2017 17:09:34] - [13791.88 Ko] - C:\WINDOWS\System32\Intel [MD5.C8C7875D6251D5A6F90E0350CCB171C8] - |A| - [27/10/2016 05:08:32] - (.Copyright © The Khronos Group Inc 2014 - OpenCL Client DLL.) - [111.03 Ko] - (2.1.0.0) - C:\WINDOWS\System32\Intel_OpenCL_ICD64.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [0 Ko] - C:\WINDOWS\System32\Ipmi [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [29 Ko] - C:\WINDOWS\System32\is-IS [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [432.5 Ko] - C:\WINDOWS\System32\it-IT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [319.56 Ko] - C:\WINDOWS\System32\ja-jp [MD5.7C16B8B6BC1D6DBDC6A75EFEA746A3A6] - |A| - [04/07/2017 16:57:23] - (.© Knowles Electronics. - Knowles HD Audio APO.) - [603.7 Ko] - (4.1105.6000.53) - C:\WINDOWS\System32\KAAPORT64.dll [MD5.23AC7515B6D8A794BCC01B582F044078] - |A| - [12/04/2018 00:34:02] - (.-.) - [0.82 Ko] - (0.0.0.0) - C:\WINDOWS\System32\KeyboardSystemToastIcon.contrast-white.png [MD5.3DF873E16CCEA9B42857FB5FA085CB00] - |A| - [12/04/2018 00:34:02] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\KeyboardSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [28.5 Ko] - C:\WINDOWS\System32\kk-KZ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [28 Ko] - C:\WINDOWS\System32\km-KH [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [31.5 Ko] - C:\WINDOWS\System32\kn-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [297 Ko] - C:\WINDOWS\System32\ko-KR [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [29 Ko] - C:\WINDOWS\System32\kok-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [29.5 Ko] - C:\WINDOWS\System32\ku-Arab-IQ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [30 Ko] - C:\WINDOWS\System32\ky-KG [MD5.9451D4436E2EA67EB33FCC764E4AABED] - |A| - [19/11/2018 16:20:25] - (.-.) - [186.29 Ko] - (0.0.0.0) - C:\WINDOWS\System32\LaptopPlugInToastImg.gif [MD5.F0CC83E1BA7E24F9B3292160C28AECD7] - |A| - [12/04/2018 00:34:04] - (.-.) - [145.56 Ko] - (0.0.0.0) - C:\WINDOWS\System32\LargeRoom.bin [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [33 Ko] - C:\WINDOWS\System32\lb-LU [MD5.4F5120E44845A78D5920D2F0BDE0340F] - |A| - [12/04/2018 17:22:53] - (.-.) - [1953 Ko] - (2.6.4.0) - C:\WINDOWS\System32\libcrypto.dll [MD5.FD38FE34F0B3BF016B39C12FB00BA845] - |A| - [04/07/2017 16:57:24] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [322.82 Ko] - (2.2.9.0) - C:\WINDOWS\System32\MaxxAudioAPO20.dll [MD5.BFC152BE6A8219775F226BA34F07F822] - |A| - [04/07/2017 16:57:24] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [662.29 Ko] - (3.6.0.0) - C:\WINDOWS\System32\MaxxAudioAPO30.dll [MD5.1177677EB6CF405A5C29478183C889D8] - |A| - [04/07/2017 16:57:24] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [1138.83 Ko] - (4.5.8.0) - C:\WINDOWS\System32\MaxxAudioAPO4064.dll [MD5.D8B82A0F027CAAF2D8B3AA073136B864] - |A| - [04/07/2017 16:57:24] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [1185.22 Ko] - (5.6.5.0) - C:\WINDOWS\System32\MaxxAudioAPO5064.dll [MD5.9EDAE2A4E0FD46D88A26BA3FE2AED696] - |A| - [04/07/2017 16:57:24] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [1389.58 Ko] - (6.1.17.0) - C:\WINDOWS\System32\MaxxAudioAPO6064.dll [MD5.E848B548C412B6466872490D7B19DC0D] - |A| - [04/07/2017 16:57:24] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [2758.89 Ko] - (7.0.10.0) - C:\WINDOWS\System32\MaxxAudioAPO7064.dll [MD5.E7E5B468B52D3B3EB009CA32348F9A25] - |A| - [04/07/2017 16:57:24] - (.Copyright (C) 2010-2013 - MaxxAudio APO Shell.) - [909.79 Ko] - (4.10.8.0) - C:\WINDOWS\System32\MaxxAudioAPOShell64.dll [MD5.E23FDA2E0EEB696BA03E6982F33C893A] - |A| - [04/07/2017 16:57:24] - (.Copyright © 1996-2014 -.) - [2002.13 Ko] - (4.1.1.0) - C:\WINDOWS\System32\MaxxAudioEQ64.dll [MD5.1ECD3D45AAF87662809DAC17818F1A4D] - |A| - [04/07/2017 16:57:24] - (.Copyright © 1996-2013 -.) - [13727.79 Ko] - (4.4.10.0) - C:\WINDOWS\System32\MaxxAudioRealtek64.dll [MD5.B43EC48327CA1A2E0E4437FB8780A276] - |A| - [04/07/2017 16:57:24] - (.© Waves Audio Ltd. - MaxxSpeech APO.) - [1291.66 Ko] - (1.1.4.0) - C:\WINDOWS\System32\MaxxSpeechAPO64.dll [MD5.D9EBA6136858EA66FEE1F6CC8C78A981] - |A| - [04/07/2017 16:57:24] - (.© Waves Audio Ltd. - MaxxVoice APO.) - [976.42 Ko] - (2.6.2.0) - C:\WINDOWS\System32\MaxxVoiceAPO2064.dll [MD5.003CFD61410BCC7228D44E2E44FDC219] - |A| - [04/07/2017 16:57:24] - (.© Waves Audio Ltd. - MaxxVoice APO.) - [12815.02 Ko] - (3.1.14.0) - C:\WINDOWS\System32\MaxxVoiceAPO3064.dll [MD5.D9B098859FCB45618B5B17987AEC0DD5] - |A| - [04/07/2017 16:57:25] - (.© Waves Audio Ltd. - MaxxVoice APO.) - [12683.94 Ko] - (4.0.19.0) - C:\WINDOWS\System32\MaxxVoiceAPO4064.dll [MD5.5988DC2263369477C33D14553A45B1A2] - |A| - [04/07/2017 16:57:26] - (.© Waves Audio Ltd. - MaxxVolumeSD APO.) - [661.79 Ko] - (3.6.0.0) - C:\WINDOWS\System32\MaxxVolumeSDAPO.dll [MD5.9F46840758431946CA096F8096B016B4] - |A| - [13/06/2018 20:33:18] - (.-.) - [790 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MBR2GPT.EXE [MD5.F23EB28468FC8B62AF941308EC30387F] - |A| - [12/04/2018 00:34:02] - (.-.) - [1.25 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediaSystemToastIcon.contrast-white.png [MD5.6E27512E38D598E0A60F8E5ADCF032CD] - |A| - [12/04/2018 00:34:02] - (.-.) - [0.83 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediaSystemToastIcon.png [MD5.69D04DE701CF1E8CE69C65D1671D2B3F] - |A| - [12/04/2018 00:34:04] - (.-.) - [107.46 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediumRoom.bin [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [29 Ko] - C:\WINDOWS\System32\mi-NZ [MD5.00000000000000000000000000000000] - |D| - [09/06/2018 10:35:23] - [7.36 Ko] - C:\WINDOWS\System32\Microsoft [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [5571.5 Ko] - C:\WINDOWS\System32\migration [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [47362.99 Ko] - C:\WINDOWS\System32\migwiz [MD5.D225B2044789A6059344503C1AE33347] - |A| - [12/04/2018 00:34:29] - (.-.) - [3.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\mmc.exe.config [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [30.5 Ko] - C:\WINDOWS\System32\mn-MN [MD5.B43E43FFFDD0F06A6925C7C89594042B] - |A| - [12/04/2018 00:34:02] - (.-.) - [1.35 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MouseSystemToastIcon.contrast-white.png [MD5.5D2F0D3E50BF1129D260AC1405FF2A18] - |A| - [12/04/2018 00:34:02] - (.-.) - [1.06 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MouseSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [29.5 Ko] - C:\WINDOWS\System32\mr-IN [MD5.00000000000000000000000000000000] - |D| - [16/12/2017 14:11:16] - [0 Ko] - C:\WINDOWS\System32\MRT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [30 Ko] - C:\WINDOWS\System32\ms-MY [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [45.5 Ko] - C:\WINDOWS\System32\MSDRM [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [4276.28 Ko] - C:\WINDOWS\System32\MsDtc [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [31 Ko] - C:\WINDOWS\System32\mt-MT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [19.15 Ko] - C:\WINDOWS\System32\MUI [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [34.35 Ko] - C:\WINDOWS\System32\my-mm [MD5.3C75E4D95D98B3ACA7D494D1A5F4E98F] - |A| - [04/07/2017 16:57:26] - (.Copyright © 2013 Nahimic Inc. All rights reserved - Nahimic APO lfx dll.) - [5462.52 Ko] - (6.3.9600.17246) - C:\WINDOWS\System32\NAHIMICAPOlfx.dll [MD5.EEED9BDDE2FA6936202AD3E323C17699] - |A| - [04/07/2017 16:57:27] - (.Copyright © 2013 Nahimic Inc. All rights reserved - Nahimic APO Settings Communication Dll.) - [980.34 Ko] - (1.0.0.14866) - C:\WINDOWS\System32\NahimicAPONSControl.dll [MD5.375AED22FFE0812128F80DDAD356696C] - |A| - [04/07/2017 16:57:27] - (.Copyright © 2013 Nahimic Inc. All rights reserved - Nahimic APO lfx dll.) - [5657.74 Ko] - (6.3.9600.17246) - C:\WINDOWS\System32\NAHIMICV2apo.dll [MD5.092A78B10A9ABEEC63D93FFA211E5DFB] - |A| - [04/07/2017 16:57:27] - (.Copyright © 2013 Nahimic Inc. All rights reserved - Nahimic APO lfx dll.) - [6052.88 Ko] - (6.3.9600.17246) - C:\WINDOWS\System32\NAHIMICV3apo.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [393.5 Ko] - C:\WINDOWS\System32\nb-NO [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [384 Ko] - C:\WINDOWS\System32\NDF [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [31.5 Ko] - C:\WINDOWS\System32\ne-NP [MD5.AAA9C3C1A1EC9CE8DFE791663AF65188] - |A| - [05/01/2018 15:49:54] - (.-.) - [81.2 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NetSetupMig.log [MD5.C146E873B22C3B300B21A859FE66C27A] - |A| - [12/04/2018 00:34:39] - (.-.) - [21.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NetTrace.PLA.Diagnostics.xml [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [51 Ko] - C:\WINDOWS\System32\networklist [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [422.5 Ko] - C:\WINDOWS\System32\nl-NL [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [28.5 Ko] - C:\WINDOWS\System32\nn-NO [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [30.5 Ko] - C:\WINDOWS\System32\nso-ZA [MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 00:38:21] - [3781.5 Ko] - C:\WINDOWS\System32\Nui [MD5.1F8E72D18D9DF680D0E0E5AA10ECA760] - |A| - [12/04/2018 00:38:28] - (.-.) - [16.94 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OEMDefaultAssociations.xml [MD5.F3DC097E834C1A11F2BEDFD429C644A9] - |A| - [12/04/2018 00:33:53] - (.-.) - [0.41 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.contrast-black.png [MD5.BFE1CCA08FEFC8A3422F7DA615567D75] - |A| - [12/04/2018 00:33:53] - (.-.) - [0.43 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.contrast-white.png [MD5.F3DC097E834C1A11F2BEDFD429C644A9] - |A| - [12/04/2018 00:33:53] - (.-.) - [0.41 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [27613.44 Ko] - C:\WINDOWS\System32\oobe [MD5.2AD7B4F3C8D2BB686D231EDFF404B7A4] - |A| - [16/12/2017 14:57:24] - (.Copyright (C) 2000-2006 - Standard OpenAL(TM) Implementation.) - [120.02 Ko] - (6.14.357.24) - C:\WINDOWS\System32\OpenAL32.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:54] - [3834.5 Ko] - C:\WINDOWS\System32\OpenSSH [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [32.5 Ko] - C:\WINDOWS\System32\or-IN [MD5.459FB33AA2114A28C5932FEAA115B072] - |A| - [12/04/2018 00:34:04] - (.-.) - [45.82 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OutdoorAudioEnvironment.bin [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [28.5 Ko] - C:\WINDOWS\System32\pa-Arab-PK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [30 Ko] - C:\WINDOWS\System32\pa-IN [MD5.874B0871DA3EC061D1BF30423C1E165B] - |A| - [12/04/2018 00:34:43] - (.-.) - [48.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PerceptionSimulationInput.exe [MD5.A3A8C190D114972191BBC725C4BE0D9E] - |A| - [12/04/2018 00:40:29] - (.-.) - [130 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc009.dat [MD5.54F85D3027E1C9033C96CBDF7A92A9A3] - |A| - [12/04/2018 17:18:42] - (.-.) - [146.23 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc00C.dat [MD5.1E60BC5E525063B96078DF17FBD3C4E1] - |A| - [12/04/2018 00:40:29] - (.-.) - [32.64 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd009.dat [MD5.9F9AF8517189B0D61B2615007E071084] - |A| - [12/04/2018 17:18:42] - (.-.) - [39.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd00C.dat [MD5.5371973E9D3F3B9D860686FE33B3B8DD] - |A| - [12/04/2018 00:40:29] - (.-.) - [684.76 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh009.dat [MD5.642B31766C615047ED3ABBB034E35D64] - |A| - [12/04/2018 17:18:42] - (.-.) - [772.68 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh00C.dat [MD5.706FD89B12E7B84F0FF263A0E85D5DE0] - |A| - [09/06/2018 10:12:43] - (.-.) - [1725.19 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PerfStringBackup.INI [MD5.79D34E3B62076D4C875C748F5BE71ECA] - |A| - [12/04/2018 00:34:02] - (.-.) - [2.21 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PhoneSystemToastIcon.contrast-white.png [MD5.4D9495349D00D9AD907F227FF51F289F] - |A| - [12/04/2018 00:34:02] - (.-.) - [1.92 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PhoneSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [420 Ko] - C:\WINDOWS\System32\pl-PL [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [682 Ko] - C:\WINDOWS\System32\PointOfService [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:18:39] - [420.74 Ko] - C:\WINDOWS\System32\Printing_Admin_Scripts [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [0 Ko] - C:\WINDOWS\System32\ProximityToast [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [30.5 Ko] - C:\WINDOWS\System32\prs-AF [MD5.007893E8374C766471239EB291BA8C17] - |A| - [12/04/2018 00:34:40] - (.-.) - [4.05 Ko] - (0.0.0.0) - C:\WINDOWS\System32\psmodulediscoveryprovider.mof [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [422 Ko] - C:\WINDOWS\System32\pt-BR [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [417.5 Ko] - C:\WINDOWS\System32\pt-PT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [32.5 Ko] - C:\WINDOWS\System32\quc-Latn-GT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [30.5 Ko] - C:\WINDOWS\System32\quz-PE [MD5.12491BFC2AF2878EE56DF338A0D56B37] - |A| - [04/07/2017 16:57:27] - (.©2012 Dolby Laboratories. - Dolby PCEE4 ASL Analog x64.) - [131.05 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EEA64A.dll [MD5.376167684E94534C86055782614AE3E1] - |A| - [04/07/2017 16:57:27] - (.©2012 Dolby Laboratories. - Dolby PCEE4 COM DLL x64.) - [437.23 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EED64A.dll [MD5.FC5E7EBB0032838B5905473641B556ED] - |A| - [04/07/2017 16:57:27] - (.©2012 Dolby Laboratories. - Dolby PCEE4 GFX APO x64.) - [82.63 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EEG64A.dll [MD5.730FA013C85BD56FBCC6BFB9AF273D44] - |A| - [04/07/2017 16:57:27] - (.©2012 Dolby Laboratories. - Dolby PCEE4 LFX APO x64.) - [148.23 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EEL64A.dll [MD5.C17E26DAB80CFC127EBE9F6AC2DB063E] - |A| - [04/07/2017 16:57:27] - (.©2012 Dolby Laboratories. - Dolby PCEE4 Control Panel x64.) - [7004.8 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EEP64A.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [23.75 Ko] - C:\WINDOWS\System32\ras [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [0 Ko] - C:\WINDOWS\System32\RasToast [MD5.5BBEA6A833CAE2CAB5E400D757998BBF] - |A| - [09/06/2018 10:29:40] - (.-.) - [1907.5 Ko] - (1.0.1802.7001) - C:\WINDOWS\System32\rdpnano.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [389147.37 Ko] - C:\WINDOWS\System32\Recovery [MD5.826549DF7B1333179BA8CA939B12DAD3] - |A| - [12/04/2018 00:34:02] - (.-.) - [1.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RemoteSystemToastIcon.contrast-white.png [MD5.B4DEEC96F9DF6961D5DE054F11BF9C2B] - |A| - [12/04/2018 00:34:02] - (.-.) - [1.1 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RemoteSystemToastIcon.png [MD5.93915F385A4EED6C0FBEE364EA90CE56] - |A| - [12/04/2018 00:34:43] - (.-.) - [9.09 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriHMImageList [MD5.39A2449AFF6ABAD80B97EA7C7CEB3F8E] - |A| - [12/04/2018 00:34:43] - (.-.) - [8.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriImageList [MD5.831C579709F4761E4AB7053FCF4176EC] - |A| - [12/04/2018 00:33:53] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.contrast-black.png [MD5.DF286186041C6BF73C5DC21CEEEFFED5] - |A| - [12/04/2018 00:33:53] - (.-.) - [0.77 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.contrast-white.png [MD5.831C579709F4761E4AB7053FCF4176EC] - |A| - [12/04/2018 00:33:53] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [0.07 Ko] - C:\WINDOWS\System32\restore [MD5.B4B37D60F026F12AFB506B168B96E87B] - |A| - [04/07/2017 16:56:38] - (.-.) - [15.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\results.xml [MD5.3CCC69BA05C72998DA7A8A0499E237ED] - |A| - [04/07/2017 16:57:32] - (.© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DAA Control Panel x64.) - [314.18 Ko] - (6.0.6001.18) - C:\WINDOWS\System32\RP3DAA64.dll [MD5.F6D134A287ED0CA412BBD9AAFFF32EC4] - |A| - [04/07/2017 16:57:32] - (.© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DHT Control Panel x64.) - [314.18 Ko] - (6.0.6001.18) - C:\WINDOWS\System32\RP3DHT64.dll [MD5.3678621370C9BB1750213B02CA93150A] - |A| - [04/07/2017 16:57:33] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 COM DLL x64.) - [209.8 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEED64A.dll [MD5.A1C2AA154323EF793A7C1D4909287B6F] - |A| - [04/07/2017 16:57:33] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 GFX APO x64.) - [86.28 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEEG64A.dll [MD5.BF8A9A867C52C37952679D374510EBA1] - |A| - [04/07/2017 16:57:33] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 LFX APO x64.) - [108.38 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEEL64A.dll [MD5.1639AE1D21F9D77A3C5A5C90000B2BE5] - |A| - [04/07/2017 16:57:33] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 Control Panel x64.) - [378.24 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEEP64A.dll [MD5.BA34CA469FE48B13922CD7A07A4A904A] - |A| - [10/10/2018 17:28:31] - (.-.) - [51.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\runexehelper.exe [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [29.5 Ko] - C:\WINDOWS\System32\rw-RW [MD5.5C18CD22BE4628865FCB63337A6E5EF6] - |A| - [12/04/2018 00:35:22] - (.-.) - [10.18 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScavengeSpace.xml [MD5.2F24BC74DCB28FE032C1596755385917] - |A| - [12/04/2018 00:33:53] - (.-.) - [0.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.contrast-black.png [MD5.E72B1B6800DE45AA9AE7E10F899E5999] - |A| - [12/04/2018 00:33:53] - (.-.) - [0.54 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.contrast-white.png [MD5.2F24BC74DCB28FE032C1596755385917] - |A| - [12/04/2018 00:33:53] - (.-.) - [0.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [30 Ko] - C:\WINDOWS\System32\sd-Arab-PK [MD5.A8308D2F3DDE0745E8B678BF69A2ECD0] - |A| - [12/04/2018 00:34:39] - (.-.) - [8 Ko] - (0.0.0.0) - C:\WINDOWS\System32\settings.dat [MD5.3070234AD2FFEBDEF1579B134C39825F] - |A| - [04/07/2017 16:57:36] - (.Copyright (c) 2006-2011 Synopsys, Inc. All Rights Reserved - SFAPO.DLL.) - [86.26 Ko] - (3.0.0.16) - C:\WINDOWS\System32\SFAPO64.dll [MD5.D7C72504A35836BB0DBC16D00F822143] - |A| - [04/07/2017 16:57:36] - (.Copyright (c) 2006-2011 Synopsys, Inc. All Rights Reserved - SFCOM.DLL.) - [88.79 Ko] - (3.0.0.16) - C:\WINDOWS\System32\SFCOM64.dll [MD5.7079714C327EC1B4F69C2C86DFAF011E] - |A| - [04/07/2017 16:57:37] - (.Copyright (c) 2006-2011 Synopsys, Inc. All Rights Reserved - SFNHK.DLL.) - [226.48 Ko] - (3.0.0.16) - C:\WINDOWS\System32\SFNHK64.dll [MD5.ABA4DCCC26018681F1D07D0F56432EC0] - |A| - [04/07/2017 16:57:37] - (.Copyright (C) 2016 DTS, Inc. - DTS Universal APO DLL.) - [1017.33 Ko] - (3.5.12.0) - C:\WINDOWS\System32\sl3apo64.dll [MD5.001333ADB66DD37778C2AB54501B72B1] - |A| - [04/07/2017 16:57:37] - (.Copyright (C) 2016 DTS, Inc. - DTS APO Controller DLL.) - [2152.1 Ko] - (3.5.12.0) - C:\WINDOWS\System32\slcnt64.dll [MD5.00000000000000000000000000000000] - |D| - [09/06/2018 09:49:44] - [25077.43 Ko] - C:\WINDOWS\System32\SleepStudy [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:18:39] - [52.14 Ko] - C:\WINDOWS\System32\slmgr [MD5.75574C0F657A4132A60CDC2D3E63F0D1] - |A| - [04/07/2017 16:57:37] - (.TODO: (c) . - TODO: .) - [252.8 Ko] - (1.0.0.1) - C:\WINDOWS\System32\slprp64.dll [MD5.0DE0C70BCB3D54147FE97EB424B0F405] - |A| - [04/07/2017 16:57:37] - (.Copyright (C) 2016 DTS, Inc. - DTS APO Technology DLL.) - [2643.42 Ko] - (3.5.12.0) - C:\WINDOWS\System32\sltech64.dll [MD5.DAC275ABAAD2B689D7BB3685E4032072] - |A| - [12/04/2018 00:34:04] - (.-.) - [68.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SmallRoom.bin [MD5.00000000000000000000000000000000] - |D| - [11/04/2018 22:04:33] - [13377.02 Ko] - C:\WINDOWS\System32\SMI [MD5.55121989BE7B289813D419BA0FDEE8B7] - |A| - [12/04/2018 00:33:53] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.contrast-black.png [MD5.E30B7D226E7B5B0EC2B9FC2316694ECC] - |A| - [12/04/2018 00:33:53] - (.-.) - [0.88 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.contrast-white.png [MD5.55121989BE7B289813D419BA0FDEE8B7] - |A| - [12/04/2018 00:33:53] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.png [MD5.DE3EAAF17BC934C77C4FC0C626EEA03B] - |A| - [12/04/2018 00:34:02] - (.-.) - [1.48 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SpeakersSystemToastIcon.contrast-white.png [MD5.3308374DB8D20CFDA4D4204E2B5E559E] - |A| - [12/04/2018 00:34:02] - (.-.) - [0.88 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SpeakersSystemToastIcon.png [MD5.3C238A27DD48D63F21CBB8AE6E4210BD] - |A| - [12/04/2018 00:34:41] - (.-.) - [37 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SpectrumSyncClient.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [7505.4 Ko] - C:\WINDOWS\System32\Speech [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [12220.17 Ko] - C:\WINDOWS\System32\Speech_OneCore [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [95678.54 Ko] - C:\WINDOWS\System32\spool [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [16142.45 Ko] - C:\WINDOWS\System32\spp [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [23.61 Ko] - C:\WINDOWS\System32\sppui [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [30.5 Ko] - C:\WINDOWS\System32\sq-AL [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [29.5 Ko] - C:\WINDOWS\System32\sr-Cyrl-BA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [29.5 Ko] - C:\WINDOWS\System32\sr-Cyrl-RS [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [0 Ko] - C:\WINDOWS\System32\sr-Latn-CS [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [337 Ko] - C:\WINDOWS\System32\sr-Latn-RS [MD5.DC8E08DEFD54FCCCD4D22CE8D8361981] - |A| - [04/07/2017 16:57:37] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRAPO.DLL.) - [456.22 Ko] - (4.0.0.59) - C:\WINDOWS\System32\SRAPO64.dll [MD5.481756DE37B2AFB074675C2FCB965ECA] - |A| - [04/07/2017 16:57:37] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRCOM.DLL.) - [333.16 Ko] - (4.0.0.59) - C:\WINDOWS\System32\SRCOM.dll [MD5.587D74A791909A6C3CB59C53C1A28757] - |A| - [04/07/2017 16:57:37] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRCOM.DLL.) - [372.48 Ko] - (4.0.0.59) - C:\WINDOWS\System32\SRCOM64.dll [MD5.2E00E08420875FAE0B173C6A34C2A575] - |A| - [09/06/2018 10:29:47] - (.-.) - [18.28 Ko] - (0.0.0.0) - C:\WINDOWS\System32\srms-apr.dat [MD5.4FD560E994EDF0353835F3F9F506A62C] - |A| - [11/07/2018 14:32:47] - (.-.) - [57.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\srms.dat [MD5.7F912CB7FEA1E06EEDF73E02A51F977C] - |A| - [04/07/2017 16:57:37] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRRPTR.DLL.) - [1401.51 Ko] - (4.0.0.59) - C:\WINDOWS\System32\SRRPTR64.dll [MD5.3429128A86B39E769B6901D002003C45] - |A| - [04/07/2017 16:57:38] - (.(c) 2007 SRS Labs, Inc. - COM object implementing SRS Headphone 360.) - [204.63 Ko] - (1.1.0.0) - C:\WINDOWS\System32\SRSHP64.dll [MD5.A1835C9D9F0493B91E41D3FC1C3CD6E5] - |A| - [04/07/2017 16:57:38] - (.Copyright (c) 2006 SRS Labs, Inc.. - TruSurround HD and HD4 COM object for Windows.) - [216.77 Ko] - (1.1.4.0) - C:\WINDOWS\System32\SRSTSH64.dll [MD5.3548C39E1CBEED6B5914E46502D3B3B4] - |A| - [04/07/2017 16:57:38] - (.Copyright 2002 SRS Labs, Inc. - TruSurroundXT Module.) - [519.91 Ko] - (3.2.0.0) - C:\WINDOWS\System32\SRSTSX64.dll [MD5.155352EE2342D5554D2637B3DCBD7F42] - |A| - [04/07/2017 16:57:38] - (.(c) 2006 SRS Labs, Inc. - WOW HD COM object for Windows.) - [162.31 Ko] - (1.1.3.0) - C:\WINDOWS\System32\SRSWOW64.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [36248 Ko] - C:\WINDOWS\System32\sru [MD5.8A02EF186BDC952CA75EFA689EC4F275] - |A| - [12/04/2018 00:34:04] - (.-.) - [434 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ssdm.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [401.5 Ko] - C:\WINDOWS\System32\sv-SE [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [29 Ko] - C:\WINDOWS\System32\sw-KE [MD5.00000000000000000000000000000000] - |D| - [11/04/2018 22:04:37] - [1402.24 Ko] - C:\WINDOWS\System32\Sysprep [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [923.28 Ko] - C:\WINDOWS\System32\SystemResetPlatform [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [44.73 Ko] - C:\WINDOWS\System32\ta-in [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [10.73 Ko] - C:\WINDOWS\System32\ta-lk [MD5.9CD66B93520B6DD13C71EAEF487D7899] - |A| - [12/04/2018 00:34:16] - (.Copyright (c) libarchive authors - bsdtar archive tool.) - [49 Ko] - (3.3.2.0) - C:\WINDOWS\System32\tar.exe [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [633.92 Ko] - C:\WINDOWS\System32\Tasks [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [595.78 Ko] - C:\WINDOWS\System32\Tasks_Migrated [MD5.80E3B6E01A8ACC2FD43B1529BBE83049] - |A| - [19/11/2018 16:16:07] - (.-.) - [1.28 Ko] - (0.0.0.0) - C:\WINDOWS\System32\tcbres.wim [MD5.D602CA245CC6774A0981B607F0675609] - |A| - [12/04/2018 00:34:33] - (.-.) - [58.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\tcpmon.ini [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [30 Ko] - C:\WINDOWS\System32\te-IN [MD5.F96FE6BC5B57C9F3BD5458D0923C43FE] - |A| - [04/07/2017 16:57:38] - (.Copyright © 2016 Toshiba Client Solutions Co., Ltd. - TOSHIBA Audio Source Filtering APO.) - [939.58 Ko] - (2.1.0.0) - C:\WINDOWS\System32\tosasfapo64.dll [MD5.89AF45AE583EC1070A02EE10378C5D3C] - |A| - [04/07/2017 16:57:38] - (.Copyright © 2016 Toshiba Client Solutions Co., Ltd. - TOSHIBA Earphone Audio Enhancement APO.) - [436.7 Ko] - (2.1.0.0) - C:\WINDOWS\System32\toseaeapo64.dll [MD5.2747589D7A9B4B4FB3D8635EEE7D57DF] - |A| - [04/07/2017 16:57:38] - (.Copyright © 2016 Toshiba Client Solutions Co., Ltd. - TOSHIBA Speaker Audio Enhancement APO.) - [1306.3 Ko] - (2.1.1.0) - C:\WINDOWS\System32\tossaeapo64.dll [MD5.E71B829A7873DC1878E31985B68FF733] - |A| - [04/07/2017 16:57:38] - (.Copyright © 2016 Toshiba Client Solutions Co., Ltd. - TOSHIBA Speaker Audio Enhancement Maximizer.) - [587.06 Ko] - (1.1.1.1) - C:\WINDOWS\System32\tossaemaxapo64.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [392.5 Ko] - C:\WINDOWS\System32\tr-TR [MD5.B88B8D017386A00D7724519F475317A0] - |A| - [12/04/2018 00:34:44] - (.-.) - [10.33 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlan.xslt [MD5.2F05390B798363D51EBE65D6320CD45E] - |A| - [12/04/2018 00:34:44] - (.-.) - [1.65 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlanCredentials.xslt [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [28.5 Ko] - C:\WINDOWS\System32\tt-RU [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [28 Ko] - C:\WINDOWS\System32\ug-CN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [334.5 Ko] - C:\WINDOWS\System32\uk-UA [MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 00:38:21] - [2716.96 Ko] - C:\WINDOWS\System32\UNP [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [29.5 Ko] - C:\WINDOWS\System32\ur-PK [MD5.5B0D59652F66ABB715DC53C312B26BD0] - |A| - [12/04/2018 00:34:14] - (.-.) - [37 Ko] - (0.0.0.0) - C:\WINDOWS\System32\UsbPmApi.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [32 Ko] - C:\WINDOWS\System32\uz-Latn-UZ [MD5.7A5D88141101B0F21EBA327DEB4E2034] - |A| - [26/06/2012 01:29:26] - (.-.) - [0.63 Ko] - (0.0.0.0) - C:\WINDOWS\System32\VendorCmd6435.bin [MD5.75917ED591F6CB5CCE74E473612D3B9F] - |A| - [13/07/2012 04:03:12] - (.-.) - [0.03 Ko] - (0.0.0.0) - C:\WINDOWS\System32\VendorCmd6465.bin [MD5.75917ED591F6CB5CCE74E473612D3B9F] - |A| - [13/07/2012 04:03:14] - (.-.) - [0.03 Ko] - (0.0.0.0) - C:\WINDOWS\System32\VendorCmd6485.bin [MD5.1F69B4D3E2344B5FB6C52BCEB1204412] - |A| - [11/04/2016 11:54:44] - (.-.) - [0.12 Ko] - (0.0.0.0) - C:\WINDOWS\System32\VendorCmd6485_SetSSC.bin [MD5.00FFA554245DD9B7B8F8246262149E71] - |A| - [25/06/2013 10:38:16] - (.-.) - [0.03 Ko] - (0.0.0.0) - C:\WINDOWS\System32\VendorCommand_MS1bit.bin [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [31.5 Ko] - C:\WINDOWS\System32\vi-VN [MD5.298FCFD9877153E5B3C954171481AB96] - |A| - [04/07/2017 16:57:38] - (.Copyright © 1996-2012 - General Library for Plug-Ins.) - [2061.13 Ko] - (4.4.5.0) - C:\WINDOWS\System32\WavesGUILib64.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [94907.04 Ko] - C:\WINDOWS\System32\wbem [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:18:39] - [0 Ko] - C:\WINDOWS\System32\WCN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [98001.54 Ko] - C:\WINDOWS\System32\WDI [MD5.6EDD021A8B6457DDE09DE7B7FA4E8C8B] - |A| - [12/04/2018 00:34:19] - (.-.) - [0.6 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WdsUnattendTemplate.xml [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [1.12 Ko] - C:\WINDOWS\System32\WinBioDatabase [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [44134.66 Ko] - C:\WINDOWS\System32\WinBioPlugIns [MD5.9FB33FC28587B322B6563F73A8F0CBBD] - |A| - [12/04/2018 00:34:10] - (.-.) - [123 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WindowsDefaultHeatProcessor.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [9747.49 Ko] - C:\WINDOWS\System32\WindowsPowerShell [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [209892 Ko] - C:\WINDOWS\System32\winevt [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [5569.42 Ko] - C:\WINDOWS\System32\WinMetadata [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:18:39] - [107.53 Ko] - C:\WINDOWS\System32\winrm [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [27.5 Ko] - C:\WINDOWS\System32\wo-SN [MD5.C30C621748C66CE751B19B2788559A3E] - |A| - [12/04/2018 00:34:42] - (.-.) - [4.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpcmon.png [MD5.A853BF78DA5ED707FC4430FBEA74CC15] - |A| - [12/04/2018 00:34:02] - (.-.) - [0.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpr.config.xml [MD5.549347BCD4AACD63243D78E8F869DBB1] - |A| - [16/12/2017 14:57:24] - (.Copyright © 2008 - OpenAL32.) - [455.52 Ko] - (2.2.0.5) - C:\WINDOWS\System32\wrap_oal.dll [MD5.DE198ABE13B6E663E60E006E17CF68B1] - |A| - [12/04/2018 00:34:06] - (.-.) - [79.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\xboxgipsynthetic.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [30 Ko] - C:\WINDOWS\System32\xh-ZA [MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [12/04/2018 00:34:49] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@AudioToastIcon.png [MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [12/04/2018 00:34:48] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@EnrollmentToastIcon.png [MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [12/04/2018 00:34:59] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@VpnToastIcon.png [MD5.DB71001FC261F6685BE410527DAE3942] - |A| - [12/04/2018 00:34:49] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@WirelessDisplayToast.png [MD5.00000000000000000000000000000000] - |D| - [11/04/2018 22:04:41] - [1900.9 Ko] - C:\WINDOWS\SysWOW64\AdvancedInstallers [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [29.5 Ko] - C:\WINDOWS\SysWOW64\af-ZA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [22 Ko] - C:\WINDOWS\SysWOW64\am-ET [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\AppLocker [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [326.5 Ko] - C:\WINDOWS\SysWOW64\ar-SA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [30.5 Ko] - C:\WINDOWS\SysWOW64\as-IN [MD5.04CB7EDF3477C06954154C7DE94D26DF] - |A| - [04/07/2017 17:24:39] - (.-.) - [4.68 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\AsPowerCfg.log [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [30 Ko] - C:\WINDOWS\SysWOW64\az-Latn-AZ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [29.5 Ko] - C:\WINDOWS\SysWOW64\be-BY [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [324 Ko] - C:\WINDOWS\SysWOW64\bg-BG [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [28.5 Ko] - C:\WINDOWS\SysWOW64\bn-BD [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [29.5 Ko] - C:\WINDOWS\SysWOW64\bn-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [28.5 Ko] - C:\WINDOWS\SysWOW64\bs-Latn-BA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [0.1 Ko] - C:\WINDOWS\SysWOW64\Bthprops [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [30.5 Ko] - C:\WINDOWS\SysWOW64\ca-ES [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [31 Ko] - C:\WINDOWS\SysWOW64\ca-ES-valencia [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\catroot [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [23 Ko] - C:\WINDOWS\SysWOW64\chr-CHER-US [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [320.5 Ko] - C:\WINDOWS\SysWOW64\com [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [92784.52 Ko] - C:\WINDOWS\SysWOW64\config [MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 00:38:21] - [53.11 Ko] - C:\WINDOWS\SysWOW64\Configuration [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [382 Ko] - C:\WINDOWS\SysWOW64\cs-CZ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [31.5 Ko] - C:\WINDOWS\SysWOW64\cy-GB [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [379 Ko] - C:\WINDOWS\SysWOW64\da-DK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [430.5 Ko] - C:\WINDOWS\SysWOW64\de-DE [MD5.C04ED7B2794D40E8E777FD44ED44FC50] - |A| - [12/04/2018 00:34:46] - (.-.) - [0.36 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\DefaultAccountTile.png [MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 00:38:21] - [205 Ko] - C:\WINDOWS\SysWOW64\DiagSvcs [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [7791.13 Ko] - C:\WINDOWS\SysWOW64\Dism [MD5.1E91815C329345AD54FE08BF7A98F749] - |A| - [12/04/2018 17:19:16] - (.Copyright (C) 2017 - Gracenote SDK component.) - [4073.5 Ko] - (3.10.5.5585) - C:\WINDOWS\SysWOW64\gnsdk_fp.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [0.01 Ko] - C:\WINDOWS\SysWOW64\GroupPolicy [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\GroupPolicyUsers [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [29 Ko] - C:\WINDOWS\SysWOW64\gu-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [29 Ko] - C:\WINDOWS\SysWOW64\ha-Latn-NG [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [309.5 Ko] - C:\WINDOWS\SysWOW64\he-IL [MD5.B4242227EAA6B910E3D0B985816DB2E7] - |A| - [12/04/2018 00:34:45] - (.-.) - [218 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\HeatCore.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [29 Ko] - C:\WINDOWS\SysWOW64\hi-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [314.5 Ko] - C:\WINDOWS\SysWOW64\hr-HR [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [389.5 Ko] - C:\WINDOWS\SysWOW64\hu-HU [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [27.5 Ko] - C:\WINDOWS\SysWOW64\hy-AM [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [36.27 Ko] - C:\WINDOWS\SysWOW64\icsxml [MD5.17F5D3282D520EB2EA7C488AA6C57438] - |RA| - [12/04/2018 00:34:47] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU I18N DLL.) - [1594 Ko] - (59.1.0.0) - C:\WINDOWS\SysWOW64\icuin.dll [MD5.A456E020684366A0DB0714ABFB1B5A2A] - |RA| - [12/04/2018 00:34:47] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Common DLL.) - [1134 Ko] - (59.1.0.0) - C:\WINDOWS\SysWOW64\icuuc.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [28.5 Ko] - C:\WINDOWS\SysWOW64\id-ID [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [27 Ko] - C:\WINDOWS\SysWOW64\ig-NG [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [20757.55 Ko] - C:\WINDOWS\SysWOW64\IME [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\inetsrv [MD5.9DDE110E76DD3D7FAA7282361069528E] - |A| - [12/04/2018 00:34:47] - (.-.) - [355.66 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\InputHost.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [215.5 Ko] - C:\WINDOWS\SysWOW64\InputMethod [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [1160 Ko] - C:\WINDOWS\SysWOW64\InstallShield [MD5.F11F74761912ECDCEA1C1F8D19CD79EA] - |A| - [27/10/2016 05:08:30] - (.Copyright © The Khronos Group Inc 2014 - OpenCL Client DLL.) - [102.03 Ko] - (2.1.0.0) - C:\WINDOWS\SysWOW64\Intel_OpenCL_ICD32.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\Ipmi [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [11/07/2018 16:43:16] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\last.dump [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [33 Ko] - C:\WINDOWS\SysWOW64\lb-LU [MD5.C63241EE8F4F3422CD232BA0C996375D] - |A| - [27/10/2016 05:10:42] - (.-.) - [138.02 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\libEGL.dll [MD5.17EBC4BF8640DA0323B5AA2C8EF99D84] - |A| - [27/10/2016 05:10:44] - (.-.) - [99.02 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\libGLESv1_CM.dll [MD5.F8AD913D058BFA55B76E919994E9253A] - |A| - [27/10/2016 05:10:46] - (.-.) - [109.53 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\libGLESv2.dll [MD5.B3B9C8925432FDA674ACCA908FE3CFDE] - |A| - [12/04/2018 00:34:02] - (.-.) - [36.79 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\OneDrive.ico [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [685.69 Ko] - C:\WINDOWS\SysWOW64\oobe [MD5.235355A8DD26903E75D5E812ECF50E53] - |A| - [16/12/2017 14:57:23] - (.Copyright (C) 2000-2006 - Standard OpenAL(TM) Implementation.) - [106.52 Ko] - (6.14.357.24) - C:\WINDOWS\SysWOW64\OpenAL32.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [32.5 Ko] - C:\WINDOWS\SysWOW64\or-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [28.5 Ko] - C:\WINDOWS\SysWOW64\pa-Arab-PK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [30 Ko] - C:\WINDOWS\SysWOW64\pa-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [397.5 Ko] - C:\WINDOWS\SysWOW64\pl-PL [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:18:40] - [420.74 Ko] - C:\WINDOWS\SysWOW64\Printing_Admin_Scripts [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [30.5 Ko] - C:\WINDOWS\SysWOW64\prs-AF [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [400.5 Ko] - C:\WINDOWS\SysWOW64\pt-BR [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [395.5 Ko] - C:\WINDOWS\SysWOW64\pt-PT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [32.5 Ko] - C:\WINDOWS\SysWOW64\quc-Latn-GT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [30.5 Ko] - C:\WINDOWS\SysWOW64\quz-PE [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [23.75 Ko] - C:\WINDOWS\SysWOW64\ras [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\RasToast [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [0.82 Ko] - C:\WINDOWS\SysWOW64\Recovery [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\restore [MD5.481756DE37B2AFB074675C2FCB965ECA] - |A| - [04/07/2017 16:57:37] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRCOM.DLL.) - [333.16 Ko] - (4.0.0.59) - C:\WINDOWS\SysWOW64\SRCOM.dll [MD5.2E00E08420875FAE0B173C6A34C2A575] - |A| - [09/06/2018 10:29:57] - (.-.) - [18.28 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\srms-apr.dat [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\sru [MD5.DC2DB04CA829CAD7910CE71263F68C90] - |A| - [12/04/2018 00:34:45] - (.-.) - [321.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\ssdm.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [381.5 Ko] - C:\WINDOWS\SysWOW64\sv-SE [MD5.00000000000000000000000000000000] - |HD| - [05/01/2018 17:37:48] - [216.39 Ko] - C:\WINDOWS\SysWOW64\svcl32 [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [29 Ko] - C:\WINDOWS\SysWOW64\sw-KE [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:18:40] - [0 Ko] - C:\WINDOWS\SysWOW64\sysprep [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [34 Ko] - C:\WINDOWS\SysWOW64\ta-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\Tasks [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [30 Ko] - C:\WINDOWS\SysWOW64\te-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [32 Ko] - C:\WINDOWS\SysWOW64\tg-Cyrl-TJ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [289.5 Ko] - C:\WINDOWS\SysWOW64\th-TH [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [22.5 Ko] - C:\WINDOWS\SysWOW64\ti-ET [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [27.5 Ko] - C:\WINDOWS\SysWOW64\tk-TM [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [32.5 Ko] - C:\WINDOWS\SysWOW64\tn-ZA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [372.5 Ko] - C:\WINDOWS\SysWOW64\tr-TR [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [28.5 Ko] - C:\WINDOWS\SysWOW64\tt-RU [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [28 Ko] - C:\WINDOWS\SysWOW64\ug-CN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [314 Ko] - C:\WINDOWS\SysWOW64\uk-UA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [29.5 Ko] - C:\WINDOWS\SysWOW64\ur-PK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [32 Ko] - C:\WINDOWS\SysWOW64\uz-Latn-UZ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [31.5 Ko] - C:\WINDOWS\SysWOW64\vi-VN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [15735.62 Ko] - C:\WINDOWS\SysWOW64\wbem [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:18:40] - [0 Ko] - C:\WINDOWS\SysWOW64\WCN [MD5.F8A04B2ADF9693ADF0D70B966CA4498E] - |A| - [12/04/2018 00:34:45] - (.-.) - [109 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\WindowsDefaultHeatProcessor.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [8910.7 Ko] - C:\WINDOWS\SysWOW64\WindowsPowerShell [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [5569.41 Ko] - C:\WINDOWS\SysWOW64\WinMetadata [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:18:40] - [107.53 Ko] - C:\WINDOWS\SysWOW64\winrm [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [27.5 Ko] - C:\WINDOWS\SysWOW64\wo-SN [MD5.D494267BC169604FAC5E3679B9A97FED] - |A| - [16/12/2017 14:57:24] - (.Copyright © 2008 - OpenAL32.) - [434.52 Ko] - (2.2.0.5) - C:\WINDOWS\SysWOW64\wrap_oal.dll [MD5.62236256C14EBAB96F24E4F1D7049CA8] - |A| - [12/04/2018 00:34:45] - (.-.) - [54.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\xboxgipsynthetic.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [30 Ko] - C:\WINDOWS\SysWOW64\xh-ZA [MD5.00000000000000000000000000000000] - |D| - [09/06/2018 10:22:21] - [10.16 Ko] - C:\WINDOWS\SysWOW64\XPSViewer [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [29 Ko] - C:\WINDOWS\SysWOW64\yo-NG [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [245.5 Ko] - C:\WINDOWS\SysWOW64\zh-CN [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\zh-HK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [240.5 Ko] - C:\WINDOWS\SysWOW64\zh-TW [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [30 Ko] - C:\WINDOWS\SysWOW64\zu-ZA ---------- | Shell Folders [HKU\S-1-5-21-1346661418-3917707748-2786925825-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] "!Do not use this registry key"=Use the SHGetFolderPath or SHGetKnownFolderPath function instead "AppData"=C:\Users\Aurélie\AppData\Roaming [09/06/2018 09:56:11] "Local AppData"=C:\Users\Aurélie\AppData\Local [09/06/2018 09:56:11] "CD Burning"=C:\Users\Aurélie\AppData\Local\Microsoft\Windows\Burn\Burn [09/06/2018 13:25:56] "{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"=C:\Users\Aurélie\AppData\Roaming\Microsoft\Windows\Libraries [13/12/2017 19:50:09] "My Video"=C:\Users\Aurélie\Videos [13/12/2017 19:48:06] "My Pictures"=C:\Users\Aurélie\Pictures [13/12/2017 19:48:06] "Desktop"=C:\Users\Aurélie\Desktop [13/12/2017 19:48:06] "History"=C:\Users\Aurélie\AppData\Local\Microsoft\Windows\History [13/12/2017 19:48:06] "NetHood"=C:\Users\Aurélie\AppData\Roaming\Microsoft\Windows\Network Shortcuts [09/06/2018 09:56:11] "{56784854-C6CB-462B-8169-88E350ACB882}"=C:\Users\Aurélie\Contacts [13/12/2017 19:50:10] "{00BCFC5A-ED94-4E48-96A1-3F6217F21990}"=C:\Users\Aurélie\AppData\Local\Microsoft\Windows\RoamingTiles [13/12/2017 19:50:10] "Cookies"=C:\Users\Aurélie\AppData\Local\Microsoft\Windows\INetCookies [13/12/2017 19:48:06] "Favorites"=C:\Users\Aurélie\Favorites [13/12/2017 19:48:06] "SendTo"=C:\Users\Aurélie\AppData\Roaming\Microsoft\Windows\SendTo [13/12/2017 19:48:06] "Start Menu"=C:\Users\Aurélie\AppData\Roaming\Microsoft\Windows\Start Menu [13/12/2017 19:48:06] "My Music"=C:\Users\Aurélie\Music [13/12/2017 19:48:06] "Programs"=C:\Users\Aurélie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [13/12/2017 19:48:06] "Recent"=C:\Users\Aurélie\AppData\Roaming\Microsoft\Windows\Recent [13/12/2017 19:48:06] "PrintHood"=C:\Users\Aurélie\AppData\Roaming\Microsoft\Windows\Printer Shortcuts [09/06/2018 09:56:11] "{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}"=C:\Users\Aurélie\Searches [13/12/2017 19:50:10] "{374DE290-123F-4565-9164-39C4925E467B}"=C:\Users\Aurélie\Downloads [13/12/2017 19:48:06] "{A520A1A4-1780-4FF6-BD18-167343C5AF16}"=C:\Users\Aurélie\AppData\LocalLow [13/12/2017 19:48:07] "Startup"=C:\Users\Aurélie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [13/12/2017 19:50:10] "Administrative Tools"=C:\Users\Aurélie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [13/12/2017 19:50:11] "Personal"=C:\Users\Aurélie\Documents [13/12/2017 19:48:06] "{BFB9D5E0-C6A9-404C-B2B2-AE6DB6AF4968}"=C:\Users\Aurélie\Links [13/12/2017 19:48:06] "Cache"=C:\Users\Aurélie\AppData\Local\Microsoft\Windows\INetCache [09/06/2018 09:56:11] "Templates"=C:\Users\Aurélie\AppData\Roaming\Microsoft\Windows\Templates [09/06/2018 09:56:11] "{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}"=C:\Users\Aurélie\Saved Games [13/12/2017 19:48:06] "Fonts"=C:\WINDOWS\Fonts [12/04/2018 00:38:21] [HKU\S-1-5-21-1346661418-3917707748-2786925825-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders] "AppData"=%USERPROFILE%\AppData\Roaming "Cache"=%USERPROFILE%\AppData\Local\Microsoft\Windows\INetCache "Cookies"=%USERPROFILE%\AppData\Local\Microsoft\Windows\INetCookies "Desktop"=%USERPROFILE%\Desktop "Favorites"=%USERPROFILE%\Favorites "History"=%USERPROFILE%\AppData\Local\Microsoft\Windows\History "Local AppData"=%USERPROFILE%\AppData\Local "My Music"=%USERPROFILE%\Music "My Pictures"=%USERPROFILE%\Pictures "My Video"=%USERPROFILE%\Videos "NetHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Network Shortcuts "Personal"=%USERPROFILE%\Documents "PrintHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Printer Shortcuts "Programs"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs "Recent"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Recent "SendTo"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\SendTo "Start Menu"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu "Startup"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup "Templates"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Templates "{374DE290-123F-4565-9164-39C4925E467B}"=%USERPROFILE%\Downloads [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] "Common Administrative Tools"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [12/04/2018 00:38:20] "Common AppData"=C:\ProgramData [12/04/2018 00:38:20] "Common Desktop"=C:\Users\Public\Desktop [16/07/2016 12:47:48] "Common Documents"=C:\Users\Public\Documents [16/07/2016 12:47:48] "Common Programs"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs [12/04/2018 00:38:20] "Common Start Menu"=C:\ProgramData\Microsoft\Windows\Start Menu [12/04/2018 00:38:20] "Common Startup"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [12/04/2018 00:38:20] "Common Templates"=C:\ProgramData\Microsoft\Windows\Templates [16/07/2016 12:47:48] "CommonMusic"=C:\Users\Public\Music [16/07/2016 12:47:48] "CommonPictures"=C:\Users\Public\Pictures [16/07/2016 12:47:48] "CommonVideo"=C:\Users\Public\Videos [16/07/2016 12:47:48] "OEM Links"=C:\ProgramData\OEM\Links [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders] "Common AppData"=%ProgramData% "Common Desktop"=%PUBLIC%\Desktop "Common Documents"=%PUBLIC%\Documents "Common Programs"=%ProgramData%\Microsoft\Windows\Start Menu\Programs "Common Start Menu"=%ProgramData%\Microsoft\Windows\Start Menu "Common Startup"=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup "Common Templates"=%ProgramData%\Microsoft\Windows\Templates "CommonMusic"=%PUBLIC%\Music "CommonPictures"=%PUBLIC%\Pictures "CommonVideo"=%PUBLIC%\Videos "{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"=%PUBLIC%\Downloads [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] "Common Administrative Tools"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [12/04/2018 00:38:20] "Common AppData"=C:\ProgramData [12/04/2018 00:38:20] "Common Desktop"=C:\Users\Public\Desktop [16/07/2016 12:47:48] "Common Documents"=C:\Users\Public\Documents [16/07/2016 12:47:48] "Common Programs"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs [12/04/2018 00:38:20] "Common Start Menu"=C:\ProgramData\Microsoft\Windows\Start Menu [12/04/2018 00:38:20] "Common Startup"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [12/04/2018 00:38:20] "Common Templates"=C:\ProgramData\Microsoft\Windows\Templates [16/07/2016 12:47:48] "CommonMusic"=C:\Users\Public\Music [16/07/2016 12:47:48] "CommonPictures"=C:\Users\Public\Pictures [16/07/2016 12:47:48] "CommonVideo"=C:\Users\Public\Videos [16/07/2016 12:47:48] "OEM Links"=C:\ProgramData\OEM\Links [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders] "Common AppData"=%ProgramData% "Common Desktop"=%PUBLIC%\Desktop "Common Documents"=%PUBLIC%\Documents "Common Programs"=%ProgramData%\Microsoft\Windows\Start Menu\Programs "Common Start Menu"=%ProgramData%\Microsoft\Windows\Start Menu "Common Startup"=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup "Common Templates"=%ProgramData%\Microsoft\Windows\Templates "CommonMusic"=%PUBLIC%\Music "CommonPictures"=%PUBLIC%\Pictures "CommonVideo"=%PUBLIC%\Videos "{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"=%PUBLIC%\Downloads ---------- | [Aurélie] [16/12/2017 14:59:17] - |D| - [0] - C:\Users\Aurélie\.GoPro [05/01/2018 16:23:37] - |RD| - [298] - C:\Users\Aurélie\3D Objects [09/06/2018 09:56:11] - |HD| - [8838353489] - C:\Users\Aurélie\AppData [09/06/2018 09:56:12] - |SHD| - [0] - C:\Users\Aurélie\Application Data [13/12/2017 19:50:10] - |RD| - [412] - C:\Users\Aurélie\Contacts [09/06/2018 09:56:12] - |SHD| - [0] - C:\Users\Aurélie\Cookies [13/12/2017 19:48:06] - |RD| - [59165681884] - C:\Users\Aurélie\Desktop [13/12/2017 19:48:06] - |RD| - [31264778515] - C:\Users\Aurélie\Documents [13/12/2017 19:48:06] - |RD| - [470445549] - C:\Users\Aurélie\Downloads [13/12/2017 19:48:06] - |RD| - [1329] - C:\Users\Aurélie\Favorites [13/12/2017 19:49:31] - |SHD| - [25308] - C:\Users\Aurélie\IntelGraphicsProfiles [13/12/2017 19:48:06] - |RD| - [1973] - C:\Users\Aurélie\Links [09/06/2018 09:56:12] - |SHD| - [0] - C:\Users\Aurélie\Local Settings [09/06/2018 09:56:12] - |SHD| - [0] - C:\Users\Aurélie\Menu Démarrer [09/06/2018 09:56:12] - |SHD| - [0] - C:\Users\Aurélie\Mes documents [05/01/2018 16:25:03] - |HD| - [0] - C:\Users\Aurélie\MicrosoftEdgeBackups [09/06/2018 09:56:12] - |SHD| - [0] - C:\Users\Aurélie\Modèles [13/12/2017 19:48:06] - |RD| - [2232614325] - C:\Users\Aurélie\Music [09/06/2018 09:56:11] - |AH| - [7864320] - C:\Users\Aurélie\NTUSER.DAT [09/06/2018 09:56:12] - |ASH| - [1934336] - C:\Users\Aurélie\ntuser.dat.LOG1 [09/06/2018 09:56:12] - |ASH| - [663552] - C:\Users\Aurélie\ntuser.dat.LOG2 [09/06/2018 09:56:12] - |ASH| - [65536] - C:\Users\Aurélie\NTUSER.DAT{5bf05bee-6bca-11e8-b8c0-902134b7162c}.TM.blf [09/06/2018 09:56:12] - |ASH| - [524288] - C:\Users\Aurélie\NTUSER.DAT{5bf05bee-6bca-11e8-b8c0-902134b7162c}.TMContainer00000000000000000001.regtrans-ms [09/06/2018 09:56:12] - |ASH| - [524288] - C:\Users\Aurélie\NTUSER.DAT{5bf05bee-6bca-11e8-b8c0-902134b7162c}.TMContainer00000000000000000002.regtrans-ms [09/06/2018 10:26:46] - |SH| - [20] - C:\Users\Aurélie\ntuser.ini [13/12/2017 19:57:20] - |RD| - [98] - C:\Users\Aurélie\OneDrive [13/12/2017 19:48:06] - |RD| - [198296048558] - C:\Users\Aurélie\Pictures [09/06/2018 09:56:12] - |SHD| - [0] - C:\Users\Aurélie\Recent [13/12/2017 19:48:06] - |RD| - [282] - C:\Users\Aurélie\Saved Games [13/12/2017 19:50:10] - |RD| - [1879] - C:\Users\Aurélie\Searches [09/06/2018 09:56:12] - |SHD| - [0] - C:\Users\Aurélie\SendTo [20/12/2017 13:31:17] - |A| - [0] - C:\Users\Aurélie\Sti_Trace.log [13/12/2017 19:48:06] - |RD| - [14654511324] - C:\Users\Aurélie\Videos [09/06/2018 09:56:12] - |SHD| - [0] - C:\Users\Aurélie\Voisinage d'impression [09/06/2018 09:56:12] - |SHD| - [0] - C:\Users\Aurélie\Voisinage réseau [09/06/2018 09:56:11] - |D| - [1555908240] - C:\Users\Aurélie\AppData\Local [13/12/2017 19:48:07] - |D| - [2573996] - C:\Users\Aurélie\AppData\LocalLow [09/06/2018 09:56:11] - |D| - [7279871253] - C:\Users\Aurélie\AppData\Roaming [17/12/2017 20:31:34] - |D| - [842726] - C:\Users\Aurélie\AppData\Local\Adobe [18/12/2017 18:43:20] - |D| - [0] - C:\Users\Aurélie\AppData\Local\Apple [23/12/2017 16:51:27] - |D| - [64243] - C:\Users\Aurélie\AppData\Local\Apple Computer [09/06/2018 09:56:12] - |SHD| - [0] - C:\Users\Aurélie\AppData\Local\Application Data [13/12/2017 19:52:01] - |D| - [41812078] - C:\Users\Aurélie\AppData\Local\ASUS GIFTBOX [21/01/2018 10:23:46] - |D| - [0] - C:\Users\Aurélie\AppData\Local\Audacity [27/06/2018 14:36:53] - |D| - [12624] - C:\Users\Aurélie\AppData\Local\AVAST Software [15/12/2017 12:08:05] - |D| - [0] - C:\Users\Aurélie\AppData\Local\CEF [13/12/2017 20:08:23] - |D| - [32727044] - C:\Users\Aurélie\AppData\Local\Comms [05/01/2018 16:23:02] - |D| - [3107999] - C:\Users\Aurélie\AppData\Local\ConnectedDevicesPlatform [27/06/2018 19:39:29] - |D| - [12211688] - C:\Users\Aurélie\AppData\Local\CrashDumps [15/12/2017 20:33:56] - |D| - [6983734] - C:\Users\Aurélie\AppData\Local\Crashpad [11/07/2018 16:18:45] - |D| - [68516] - C:\Users\Aurélie\AppData\Local\D3DSCache [05/01/2018 17:37:55] - |D| - [0] - C:\Users\Aurélie\AppData\Local\DBG [15/12/2017 09:49:02] - |D| - [64274] - C:\Users\Aurélie\AppData\Local\Diagnostics [15/02/2018 08:55:19] - |D| - [319919] - C:\Users\Aurélie\AppData\Local\ElevatedDiagnostics [23/08/2018 10:20:36] - |D| - [160] - C:\Users\Aurélie\AppData\Local\Garmin [20/12/2017 20:12:27] - |D| - [12324] - C:\Users\Aurélie\AppData\Local\Garmin_Ltd._or_its_subsid [16/12/2017 14:57:39] - |D| - [4674136] - C:\Users\Aurélie\AppData\Local\GoPro [09/06/2018 09:56:12] - |SHD| - [0] - C:\Users\Aurélie\AppData\Local\Historique [09/06/2018 15:59:05] - |AH| - [26703] - C:\Users\Aurélie\AppData\Local\IconCache.db [05/01/2018 17:21:37] - |D| - [1593376] - C:\Users\Aurélie\AppData\Local\Mail.Ru [27/09/2018 19:26:27] - |D| - [776360] - C:\Users\Aurélie\AppData\Local\mbam [27/09/2018 19:25:06] - |D| - [235676] - C:\Users\Aurélie\AppData\Local\mbamtray [09/06/2018 09:56:11] - |D| - [951179116] - C:\Users\Aurélie\AppData\Local\Microsoft [13/12/2017 20:13:32] - |D| - [73646] - C:\Users\Aurélie\AppData\Local\MicrosoftEdge [15/12/2017 10:33:40] - |D| - [39173481] - C:\Users\Aurélie\AppData\Local\Mozilla [13/12/2017 19:52:57] - |D| - [0] - C:\Users\Aurélie\AppData\Local\NetworkTiles [05/01/2018 15:59:25] - |D| - [238807241] - C:\Users\Aurélie\AppData\Local\Packages [09/06/2018 12:27:03] - |D| - [6068] - C:\Users\Aurélie\AppData\Local\PlaceholderTileLogoFolder [24/12/2017 10:10:13] - |D| - [0] - C:\Users\Aurélie\AppData\Local\Programs [13/12/2017 19:50:32] - |D| - [0] - C:\Users\Aurélie\AppData\Local\Publishers [06/09/2018 20:04:10] - |D| - [598896] - C:\Users\Aurélie\AppData\Local\Reussir_production_ecrits_CE1 [05/09/2018 20:40:01] - |D| - [33280] - C:\Users\Aurélie\AppData\Local\Reussir_son_entree_en_grammaire_CE1 [11/03/2018 22:21:24] - |D| - [1880] - C:\Users\Aurélie\AppData\Local\speech [16/12/2017 14:17:28] - |D| - [125231399] - C:\Users\Aurélie\AppData\Local\Spotify [09/06/2018 09:56:11] - |D| - [79630769] - C:\Users\Aurélie\AppData\Local\Temp [09/06/2018 09:56:12] - |SHD| - [0] - C:\Users\Aurélie\AppData\Local\Temporary Internet Files [17/01/2018 22:23:59] - |D| - [3629255] - C:\Users\Aurélie\AppData\Local\Thunderbird [13/12/2017 19:49:35] - |D| - [12009629] - C:\Users\Aurélie\AppData\Local\TileDataLayer [18/12/2017 18:53:39] - |D| - [0] - C:\Users\Aurélie\AppData\Local\UNP [13/12/2017 19:49:53] - |D| - [0] - C:\Users\Aurélie\AppData\Local\VirtualStore [17/12/2017 20:31:34] - |D| - [2450374] - C:\Users\Aurélie\AppData\LocalLow\Adobe [13/12/2017 19:51:14] - |SD| - [123622] - C:\Users\Aurélie\AppData\LocalLow\Microsoft [15/12/2017 10:33:42] - |D| - [0] - C:\Users\Aurélie\AppData\LocalLow\Mozilla [20/12/2017 13:33:00] - |D| - [0] - C:\Users\Aurélie\AppData\LocalLow\Temp [13/12/2017 19:50:03] - |D| - [51661] - C:\Users\Aurélie\AppData\Roaming\Adobe [18/12/2017 18:47:10] - |D| - [6792985613] - C:\Users\Aurélie\AppData\Roaming\Apple Computer [21/01/2018 10:23:46] - |D| - [4169] - C:\Users\Aurélie\AppData\Roaming\Audacity [15/12/2017 12:08:14] - |D| - [6706923] - C:\Users\Aurélie\AppData\Roaming\AVAST Software [26/12/2017 19:10:12] - |D| - [11832] - C:\Users\Aurélie\AppData\Roaming\DeepBurner [20/12/2017 20:12:12] - |D| - [0] - C:\Users\Aurélie\AppData\Roaming\Garmin [05/03/2018 16:46:58] - |D| - [71483653] - C:\Users\Aurélie\AppData\Roaming\GoPro [05/01/2018 17:21:21] - |D| - [114900459] - C:\Users\Aurélie\AppData\Roaming\ICQ [13/12/2017 19:54:45] - |D| - [628] - C:\Users\Aurélie\AppData\Roaming\Macromedia [09/06/2018 09:56:11] - |SD| - [50191771] - C:\Users\Aurélie\AppData\Roaming\Microsoft [01/08/2018 19:41:38] - |D| - [0] - C:\Users\Aurélie\AppData\Roaming\MobiMoverUI [15/12/2017 10:33:39] - |D| - [58137934] - C:\Users\Aurélie\AppData\Roaming\Mozilla [19/07/2018 14:45:16] - |D| - [2352377] - C:\Users\Aurélie\AppData\Roaming\NCH Software [17/12/2017 21:06:29] - |D| - [76] - C:\Users\Aurélie\AppData\Roaming\Skype [16/12/2017 14:04:24] - |D| - [162535771] - C:\Users\Aurélie\AppData\Roaming\Spotify [13/12/2017 19:55:12] - |A| - [182] - C:\Users\Aurélie\AppData\Roaming\sp_data.sys [31/07/2018 23:20:03] - |D| - [4176] - C:\Users\Aurélie\AppData\Roaming\SystemAcCrux [17/01/2018 22:23:59] - |D| - [20504028] - C:\Users\Aurélie\AppData\Roaming\Thunderbird [13/12/2017 19:50:10] - |SH| - [174] - C:\Users\Aurélie\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini [09/06/2018 09:56:12] - |SHD| - [0] - C:\Users\Aurélie\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes [13/12/2017 19:48:06] - |RD| - [32585] - C:\Users\Aurélie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [09/06/2018 09:56:11] - |RD| - [3888] - C:\Users\Aurélie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility [09/06/2018 09:56:11] - |RD| - [2931] - C:\Users\Aurélie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [13/12/2017 19:50:11] - |RD| - [174] - C:\Users\Aurélie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [09/06/2018 09:56:11] - |SH| - [264] - C:\Users\Aurélie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini [05/09/2018 20:39:17] - |D| - [8420] - C:\Users\Aurélie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Editions_Retz [13/12/2017 19:52:23] - |A| - [1053] - C:\Users\Aurélie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fonctionnalités optionnelles.lnk [09/06/2018 09:56:11] - |D| - [170] - C:\Users\Aurélie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [09/06/2018 09:56:11] - |A| - [2413] - C:\Users\Aurélie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk [16/12/2017 14:17:22] - |A| - [1848] - C:\Users\Aurélie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk [13/12/2017 19:50:10] - |RD| - [174] - C:\Users\Aurélie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [09/06/2018 09:56:11] - |RD| - [3496] - C:\Users\Aurélie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools [09/06/2018 09:56:11] - |RD| - [7754] - C:\Users\Aurélie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell [13/12/2017 19:50:10] - |SH| - [174] - C:\Users\Aurélie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | [Public] [04/07/2017 16:46:46] - |RHD| - [60532] - C:\Users\Public\AccountPictures [05/03/2018 16:46:25] - |D| - [3605522] - C:\Users\Public\CineForm [16/07/2016 12:47:48] - |RHD| - [7323] - C:\Users\Public\Desktop [12/04/2018 00:38:24] - |ASH| - [174] - C:\Users\Public\desktop.ini [16/07/2016 12:47:48] - |RD| - [278] - C:\Users\Public\Documents [16/07/2016 12:47:48] - |RD| - [174] - C:\Users\Public\Downloads [12/04/2018 00:38:20] - |RHD| - [1135] - C:\Users\Public\Libraries [16/07/2016 12:47:48] - |RD| - [380] - C:\Users\Public\Music [16/07/2016 12:47:48] - |RD| - [380] - C:\Users\Public\Pictures [16/07/2016 12:47:48] - |RD| - [380] - C:\Users\Public\Videos ---------- | C:\ProgramData [17/12/2017 20:02:17] - |D| - [283922468] - C:\ProgramData\Adobe [04/07/2017 17:03:02] - |D| - [1120108] - C:\ProgramData\AmUStor [18/12/2017 18:40:46] - |D| - [117628883] - C:\ProgramData\Apple [18/12/2017 18:45:39] - |D| - [162024137] - C:\ProgramData\Apple Computer [09/06/2018 10:25:27] - |SHD| - [0] - C:\ProgramData\Application Data [15/12/2017 10:29:14] - |D| - [156011509] - C:\ProgramData\AVAST Software [05/01/2018 16:21:37] - |SHD| - [0] - C:\ProgramData\Bureau [16/07/2016 12:47:48] - |D| - [0] - C:\ProgramData\Comms [09/06/2018 10:25:27] - |SHD| - [0] - C:\ProgramData\Documents [04/07/2017 16:58:16] - |A| - [0] - C:\ProgramData\DP45977C.lfl [01/08/2018 19:41:35] - |D| - [0] - C:\ProgramData\EMM [16/12/2017 14:25:28] - |D| - [8680939] - C:\ProgramData\EPSON [20/12/2017 20:11:31] - |D| - [262232415] - C:\ProgramData\Garmin [04/07/2017 17:10:04] - |D| - [42590095] - C:\ProgramData\Intel [11/11/2016 09:17:35] - |D| - [28501] - C:\ProgramData\Kingsoft [05/01/2018 17:21:36] - |D| - [38] - C:\ProgramData\Mail.Ru [05/01/2018 23:05:37] - |D| - [62915519] - C:\ProgramData\Malwarebytes [04/07/2017 17:16:47] - |D| - [3000] - C:\ProgramData\McAfee [05/01/2018 16:21:37] - |SHD| - [0] - C:\ProgramData\Menu Démarrer [12/04/2018 00:38:20] - |SD| - [7810104685] - C:\ProgramData\Microsoft [09/06/2018 13:26:12] - |D| - [0] - C:\ProgramData\Microsoft OneDrive [05/01/2018 16:21:37] - |SHD| - [0] - C:\ProgramData\Modèles [19/07/2018 14:45:04] - |D| - [149680] - C:\ProgramData\NCH Software [04/07/2017 16:50:32] - |D| - [286672102] - C:\ProgramData\Package Cache [24/06/2018 21:07:27] - |D| - [0] - C:\ProgramData\Packages [04/07/2017 16:59:28] - |D| - [21029] - C:\ProgramData\Qualcomm Atheros [12/04/2018 00:38:20] - |D| - [4218] - C:\ProgramData\regid.1991-06.com.microsoft [28/01/2018 18:08:52] - |D| - [0] - C:\ProgramData\rvlkl [12/04/2018 00:38:20] - |D| - [0] - C:\ProgramData\SoftwareDistribution [25/03/2018 16:37:38] - |D| - [0] - C:\ProgramData\SWCUTemp [12/04/2018 00:38:20] - |D| - [14497] - C:\ProgramData\USOPrivate [09/06/2018 09:54:17] - |D| - [4374528] - C:\ProgramData\USOShared [12/04/2018 17:23:20] - |D| - [0] - C:\ProgramData\WindowsHolographicDevices ---------- | C:\ProgramData\Microsoft\Windows\Start Menu [12/04/2018 00:38:24] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini [05/01/2018 16:21:37] - |SHD| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programmes [12/04/2018 00:38:20] - |RD| - [155288] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs [03/10/2018 11:03:16] - |A| - [2474] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk [12/04/2018 00:38:20] - |RD| - [1614] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility [12/04/2018 00:38:20] - |RD| - [14299] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories [17/12/2017 20:04:09] - |A| - [2457] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk [12/04/2018 00:38:20] - |RD| - [21770] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [18/12/2017 18:43:17] - |A| - [2535] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [04/07/2017 17:14:43] - |D| - [4348] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS [11/11/2016 09:17:17] - |A| - [2123] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS GIFTBOX.lnk [21/01/2018 10:23:40] - |A| - [1094] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk [15/12/2017 11:59:40] - |A| - [1981] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Antivirus Gratuit.lnk [26/12/2017 19:09:38] - |D| - [3529] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DeepBurner [12/04/2018 00:38:24] - |ASH| - [530] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini [03/10/2018 11:05:20] - |A| - [1269] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Doxillion - Convertisseur de documents.lnk [31/07/2018 23:09:03] - |D| - [2788] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS MobiSaver [16/12/2017 14:24:14] - |D| - [4815] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON [03/10/2018 11:03:17] - |A| - [2447] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk [15/12/2017 10:33:28] - |A| - [1234] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk [29/10/2018 10:47:32] - |D| - [2164] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin [05/03/2018 16:14:28] - |D| - [906] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GoPro [04/07/2017 17:16:34] - |D| - [2685] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICEpower [12/04/2018 00:35:21] - |RAS| - [2349] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk [18/12/2017 18:46:46] - |D| - [4077] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [12/04/2018 00:38:20] - |D| - [170] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance [27/09/2018 19:24:19] - |D| - [3900] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes [24/12/2017 10:12:56] - |A| - [1380] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk [03/10/2018 11:03:18] - |A| - [2447] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk [03/10/2018 11:03:18] - |D| - [18054] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outils Microsoft Office [13/12/2017 19:50:59] - |D| - [7829] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outils Microsoft Office 2016 [03/10/2018 11:03:20] - |A| - [2435] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk [24/12/2017 10:13:05] - |A| - [1449] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk [03/10/2018 11:03:21] - |A| - [2474] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk [03/10/2018 11:03:22] - |A| - [2397] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk [04/07/2017 16:58:24] - |D| - [1959] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realtek [03/10/2018 11:03:23] - |A| - [2548] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype Entreprise.lnk [12/04/2018 00:38:20] - |RD| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp [12/04/2018 00:38:20] - |RD| - [1458] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools [11/11/2016 09:17:43] - |A| - [1114] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk [19/07/2018 14:45:09] - |A| - [1255] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoPad - Logiciel de montage vidéo.lnk [09/06/2018 09:59:53] - |A| - [1576] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk [30/04/2018 20:46:59] - |A| - [2435] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mobile Device Center.lnk [24/12/2017 10:10:44] - |D| - [2304] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker [03/10/2018 11:03:23] - |A| - [2457] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk [11/11/2016 09:17:37] - |D| - [11985] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WPS Office ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [12/04/2018 00:38:24] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | C:\Program Files (x86) [17/12/2017 20:03:32] - |D| - [333731405] - C:\Program Files (x86)\Adobe [04/07/2017 17:03:03] - |AD| - [1256057] - C:\Program Files (x86)\AmUStor [18/12/2017 18:43:16] - |AD| - [4060366] - C:\Program Files (x86)\Apple Software Update [26/12/2017 19:09:36] - |D| - [7996929] - C:\Program Files (x86)\Astonsoft [11/11/2016 09:17:14] - |D| - [210892006] - C:\Program Files (x86)\ASUS [21/01/2018 10:23:25] - |D| - [59592460] - C:\Program Files (x86)\Audacity [04/07/2017 17:02:07] - |AD| - [1108924] - C:\Program Files (x86)\Bluetooth Suite [18/12/2017 18:42:44] - |AD| - [631715] - C:\Program Files (x86)\Bonjour [05/03/2018 16:46:26] - |D| - [8258560] - C:\Program Files (x86)\CineForm [12/04/2018 00:38:20] - |D| - [277806078] - C:\Program Files (x86)\Common Files [12/04/2018 00:38:24] - |ASH| - [174] - C:\Program Files (x86)\desktop.ini [31/07/2018 22:51:47] - |D| - [114260339] - C:\Program Files (x86)\EaseUS [05/09/2018 20:38:39] - |D| - [454963057] - C:\Program Files (x86)\Editions_Retz [16/12/2017 14:24:09] - |D| - [8326676] - C:\Program Files (x86)\epson [23/08/2018 10:08:53] - |D| - [178727923] - C:\Program Files (x86)\Garmin [05/03/2018 16:46:02] - |D| - [0] - C:\Program Files (x86)\GoPro [04/07/2017 17:16:33] - |D| - [7536362] - C:\Program Files (x86)\ICEpower [04/07/2017 16:57:11] - |HD| - [81085371] - C:\Program Files (x86)\InstallShield Installation Information [04/07/2017 16:55:01] - |D| - [16575921] - C:\Program Files (x86)\Intel [12/04/2018 00:38:20] - |D| - [1996453] - C:\Program Files (x86)\Internet Explorer [11/11/2016 09:17:19] - |D| - [452660965] - C:\Program Files (x86)\Kingsoft [27/05/2018 22:35:54] - |D| - [1615220] - C:\Program Files (x86)\Lame For Audacity [11/11/2016 09:17:35] - |D| - [0] - C:\Program Files (x86)\Microsoft Office [24/12/2017 10:12:33] - |AD| - [1829877] - C:\Program Files (x86)\Microsoft SQL Server Compact Edition [12/04/2018 00:38:20] - |D| - [8175999] - C:\Program Files (x86)\Microsoft.NET [15/12/2017 10:33:14] - |AD| - [167974128] - C:\Program Files (x86)\Mozilla Firefox [15/12/2017 10:33:27] - |D| - [336512] - C:\Program Files (x86)\Mozilla Maintenance Service [09/06/2018 10:22:19] - |D| - [25757] - C:\Program Files (x86)\MSBuild [19/07/2018 14:44:56] - |D| - [28371418] - C:\Program Files (x86)\NCH Software [16/12/2017 14:57:24] - |D| - [809496] - C:\Program Files (x86)\OpenAL [04/07/2017 16:59:55] - |AD| - [236899] - C:\Program Files (x86)\Qualcomm Atheros [05/03/2018 16:46:07] - |D| - [0] - C:\Program Files (x86)\QuickTime [04/07/2017 16:57:12] - |D| - [152416200] - C:\Program Files (x86)\Realtek [09/06/2018 10:22:19] - |D| - [38458625] - C:\Program Files (x86)\Reference Assemblies [11/11/2016 09:17:40] - |AD| - [65249104] - C:\Program Files (x86)\TeamViewer [04/07/2017 16:57:11] - |HD| - [0] - C:\Program Files (x86)\Temp [05/01/2018 16:10:24] - |HD| - [0] - C:\Program Files (x86)\Uninstall Information [12/04/2018 00:38:20] - |D| - [1781008] - C:\Program Files (x86)\Windows Defender [24/12/2017 10:10:22] - |AD| - [283501815] - C:\Program Files (x86)\Windows Live [12/04/2018 00:38:20] - |D| - [625664] - C:\Program Files (x86)\Windows Mail [12/04/2018 17:19:21] - |D| - [3255239] - C:\Program Files (x86)\Windows Media Player [24/12/2017 10:10:22] - |AD| - [132907682] - C:\Program Files (x86)\Windows Movie Maker [12/04/2018 00:38:20] - |D| - [40328] - C:\Program Files (x86)\Windows Multimedia Platform [12/04/2018 00:38:20] - |D| - [7556440] - C:\Program Files (x86)\windows nt [12/04/2018 00:38:20] - |D| - [5370120] - C:\Program Files (x86)\Windows Photo Viewer [12/04/2018 00:38:20] - |D| - [40328] - C:\Program Files (x86)\Windows Portable Devices [12/04/2018 00:38:20] - |SHD| - [0] - C:\Program Files (x86)\Windows Sidebar [12/04/2018 00:38:20] - |D| - [2251159] - C:\Program Files (x86)\WindowsPowerShell ---------- | C:\Program Files [15/12/2017 10:30:27] - |D| - [1037049305] - C:\Program Files\AVAST Software [18/12/2017 18:42:44] - |AD| - [615066] - C:\Program Files\Bonjour [12/04/2018 00:38:20] - |D| - [321413497] - C:\Program Files\Common Files [12/04/2018 00:38:23] - |ASH| - [174] - C:\Program Files\desktop.ini [20/12/2017 20:12:22] - |D| - [1387904] - C:\Program Files\DIFX [05/01/2018 16:21:37] - |SHD| - [0] - C:\Program Files\Fichiers communs [05/03/2018 16:14:08] - |D| - [342293327] - C:\Program Files\GoPro [04/07/2017 16:50:45] - |D| - [64277986] - C:\Program Files\Intel [12/04/2018 00:38:20] - |D| - [2628272] - C:\Program Files\internet explorer [18/12/2017 18:46:45] - |D| - [4027195] - C:\Program Files\iPod [18/12/2017 18:45:39] - |AD| - [392940872] - C:\Program Files\iTunes [05/01/2018 23:05:37] - |D| - [167838673] - C:\Program Files\Malwarebytes [04/07/2017 17:17:11] - |AD| - [2824] - C:\Program Files\mcafee [04/07/2017 17:24:49] - |AD| - [3398834908] - C:\Program Files\Microsoft Office [04/07/2017 17:24:47] - |D| - [8752960] - C:\Program Files\Microsoft Office 15 [09/06/2018 10:22:19] - |D| - [25757] - C:\Program Files\MSBuild [04/07/2017 16:58:04] - |D| - [48476842] - C:\Program Files\Realtek [09/06/2018 10:22:19] - |D| - [36859049] - C:\Program Files\Reference Assemblies [13/12/2017 19:55:05] - |AD| - [14358246] - C:\Program Files\rempl [11/11/2016 09:07:39] - |HD| - [0] - C:\Program Files\Uninstall Information [16/12/2017 11:55:52] - |AD| - [2359296] - C:\Program Files\UNP [12/04/2018 00:38:20] - |RD| - [19338651] - C:\Program Files\Windows Defender [24/12/2017 10:13:10] - |D| - [52928] - C:\Program Files\Windows Live [12/04/2018 00:38:20] - |D| - [635392] - C:\Program Files\Windows Mail [12/04/2018 17:19:21] - |D| - [4784107] - C:\Program Files\Windows Media Player [12/04/2018 00:38:20] - |D| - [46576] - C:\Program Files\Windows Multimedia Platform [12/04/2018 00:38:20] - |D| - [7823192] - C:\Program Files\windows nt [12/04/2018 00:38:20] - |D| - [6170376] - C:\Program Files\Windows Photo Viewer [12/04/2018 00:38:20] - |D| - [46576] - C:\Program Files\Windows Portable Devices [12/04/2018 00:38:20] - |D| - [106165] - C:\Program Files\Windows Security [12/04/2018 00:38:20] - |SHD| - [0] - C:\Program Files\Windows Sidebar [12/04/2018 00:38:20] - |HD| - [3005694584] - C:\Program Files\WindowsApps [12/04/2018 00:38:20] - |D| - [2501953] - C:\Program Files\WindowsPowerShell ---------- | C:\Program Files (x86)\Common Files [17/12/2017 20:03:32] - |AD| - [23540404] - C:\Program Files (x86)\Common Files\Adobe [18/12/2017 18:40:46] - |D| - [146184049] - C:\Program Files (x86)\Common Files\Apple [04/07/2017 17:02:08] - |D| - [66458] - C:\Program Files (x86)\Common Files\Atheros [04/07/2017 17:24:30] - |D| - [1155061] - C:\Program Files (x86)\Common Files\InstallShield [04/07/2017 16:54:46] - |D| - [75315317] - C:\Program Files (x86)\Common Files\Intel [12/04/2018 00:38:20] - |D| - [21990844] - C:\Program Files (x86)\Common Files\microsoft shared [12/04/2018 00:38:20] - |D| - [2702] - C:\Program Files (x86)\Common Files\Services [12/04/2018 00:38:20] - |D| - [9551243] - C:\Program Files (x86)\Common Files\system [24/12/2017 10:14:09] - |D| - [0] - C:\Program Files (x86)\Common Files\Windows Live ---------- | C:\Program Files\Common files [18/12/2017 18:41:59] - |D| - [165177806] - C:\Program Files\Common files\Apple [15/12/2017 11:59:27] - |D| - [6058944] - C:\Program Files\Common files\Avast Software [21/10/2018 09:57:22] - |D| - [23832] - C:\Program Files\Common files\DESIGNER [16/12/2017 14:28:50] - |D| - [294912] - C:\Program Files\Common files\EPSON [04/07/2017 17:16:55] - |D| - [1375360] - C:\Program Files\Common files\McAfee [12/04/2018 00:38:20] - |D| - [137331830] - C:\Program Files\Common files\microsoft shared [04/07/2017 17:02:07] - |D| - [883140] - C:\Program Files\Common files\QCA_Bluetooth [12/04/2018 00:38:20] - |D| - [2702] - C:\Program Files\Common files\Services [12/04/2018 00:38:20] - |D| - [10264971] - C:\Program Files\Common files\system ---------- | Tasks [MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [09/06/2018 10:24:50] - |AH| - [6] - C:\WINDOWS\Tasks\SA.DAT [MD5.924EEE21DFF42C0A7C0BAF05E02F1E9F] - [11/11/2016 09:17:38] - |A| - [448] - C:\WINDOWS\Tasks\WpsExternal_20161111081738.job [MD5.F267282685F4209E125450009D4DDA09] - [11/11/2016 09:17:35] - |A| - [742] - C:\WINDOWS\Tasks\WpsKtpcntrQingTask_Administrator.job [MD5.1FE62AB8EF8841220FD7A086F0DC4772] - [09/06/2018 10:24:49] - |A| - [3482] - C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task : C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [MD5.00000000000000000000000000000000] - [09/06/2018 10:24:49] - |D| - [2600] - C:\WINDOWS\System32\Tasks\Apple [MD5.00000000000000000000000000000000] - [09/06/2018 10:24:49] - |D| - [4798] - C:\WINDOWS\System32\Tasks\ASUS [MD5.5F9CA2E81084A3FF6C8AD050475ED123] - [26/11/2018 19:18:12] - |A| - [3550] - C:\WINDOWS\System32\Tasks\ASUS Live Update1 : C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [MD5.FB28E79C5C140F8E5B1CDA7DAABDA309] - [09/06/2018 10:24:49] - |A| - [3540] - C:\WINDOWS\System32\Tasks\ASUS Live Update2 : C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [MD5.9639A737051A40D9FCA074DF54963522] - [09/06/2018 10:24:49] - |A| - [1984] - C:\WINDOWS\System32\Tasks\ASUS Splendid ACMON : C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [MD5.00000000000000000000000000000000] - [09/06/2018 10:24:49] - |D| - [1968] - C:\WINDOWS\System32\Tasks\ASUSTek Computer Inc [MD5.EAA78409FA9E865927E60000E57316D4] - [09/06/2018 10:24:49] - |A| - [3990] - C:\WINDOWS\System32\Tasks\Avast Emergency Update : C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [MD5.00000000000000000000000000000000] - [09/06/2018 10:24:49] - |D| - [4086] - C:\WINDOWS\System32\Tasks\Avast Software [MD5.7E31D590DFC4C2188455BB6CDDFADCDA] - [23/08/2018 10:08:52] - |A| - [2702] - C:\WINDOWS\System32\Tasks\GarminUpdaterTask : C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [MD5.C973258790D58C3F09B8949AC67BAB46] - [09/06/2018 10:24:49] - |A| - [3134] - C:\WINDOWS\System32\Tasks\Intel PTT EK Recertification : "C:\Program Files\Intel\TXE Components\iCLS\IntelPTTEKRecertification.exe" [MD5.00000000000000000000000000000000] - [12/04/2018 00:38:21] - |D| - [596542] - C:\WINDOWS\System32\Tasks\Microsoft [MD5.00000000000000000000000000000000] - [19/07/2018 14:46:46] - |D| - [0] - C:\WINDOWS\System32\Tasks\NCH Software [MD5.D601F3549CFF20A5A9830FE21038746F] - [09/06/2018 10:24:50] - |A| - [2860] - C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1346661418-3917707748-2786925825-1001 : %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe [MD5.C4DEFE179456697578CC4A86444DE4F5] - [09/06/2018 10:24:50] - |A| - [2346] - C:\WINDOWS\System32\Tasks\RtHDVBg_ListenToDevice : "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" [MD5.4C6CC4303327A6B6000033C426FAA5C8] - [09/06/2018 10:24:50] - |A| - [2282] - C:\WINDOWS\System32\Tasks\RTKCPL : "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" [MD5.72A2572151B2F97C0895DCA366842D79] - [09/06/2018 10:24:50] - |A| - [2968] - C:\WINDOWS\System32\Tasks\Update Checker : C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [MD5.3D8BE5F6C3598064C69FE35638944E04] - [09/06/2018 10:24:50] - |A| - [3028] - C:\WINDOWS\System32\Tasks\WpsExternal_20161111081738 : C:\Program Files (x86)\Kingsoft\WPS Office\ksolaunch.exe [MD5.0964A75DDA6C16EE35B021855E9609D7] - [09/06/2018 10:24:50] - |A| - [3270] - C:\WINDOWS\System32\Tasks\WpsKtpcntrQingTask_Administrator : C:\Program Files (x86)\Kingsoft\WPS Office\10.1.0.5644\office6\ktpcntr.exe [MD5.00000000000000000000000000000000] - [12/04/2018 00:38:21] - |D| - [0] - C:\WINDOWS\Syswow64\Tasks\Microsoft ---------- | Firewall [HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules] "WiFiDirect-KM-Driver-In-TCP"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=System|Name=@wlansvc.dll,-37378|Desc=@wlansvc.dll,-37890|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "WiFiDirect-KM-Driver-Out-TCP"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=System|Name=@wlansvc.dll,-37379|Desc=@wlansvc.dll,-37891|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "WiFiDirect-KM-Driver-In-UDP"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=System|Name=@wlansvc.dll,-37380|Desc=@wlansvc.dll,-37892|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "WiFiDirect-KM-Driver-Out-UDP"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=System|Name=@wlansvc.dll,-37381|Desc=@wlansvc.dll,-37893|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "DeliveryOptimization-TCP-In"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-102|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE| "DeliveryOptimization-UDP-In"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-103|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE| "Netlogon-NamedPipe-In"=v2.28|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|Name=@netlogon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010| "Netlogon-TCP-RPC-In"=v2.28|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%SystemRoot%\System32\lsass.exe|Name=@netlogon.dll,-1008|Desc=@netlogon.dll,-1009|EmbedCtxt=@netlogon.dll,-1010| "WirelessDisplay-In-TCP"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10200|Desc=@wifidisplay.dll,-10201|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Out-TCP"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10202|Desc=@wifidisplay.dll,-10203|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Out-UDP"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10204|Desc=@wifidisplay.dll,-10205|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Infra-In-TCP"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7250|App=%systemroot%\system32\CastSrv.exe|Name=@wifidisplay.dll,-10206|Desc=@wifidisplay.dll,-10207|EmbedCtxt=@wifidisplay.dll,-100| "{3E6A1FC9-EF97-451A-B0BD-A44DCB2DC10E}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=%SystemRoot%\system32\svchost.exe|Svc=WcesComm|Name=@%systemroot%\WindowsMobile\wmdcBase.exe,-4016|Desc=@%systemroot%\WindowsMobile\wmdcBase.exe,-14016|EmbedCtxt=@%systemroot%\WindowsMobile\wmdcBase.exe,-4014| "{7C8F256F-9FB4-4C42-B3B6-F09AE0860BBD}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=%SystemRoot%\system32\svchost.exe|Svc=WcesComm|Name=@%systemroot%\WindowsMobile\wmdcBase.exe,-4016|Desc=@%systemroot%\WindowsMobile\wmdcBase.exe,-14016|EmbedCtxt=@%systemroot%\WindowsMobile\wmdcBase.exe,-4014| "{BD7434FD-D6CA-439B-81CF-8F504E4A837E}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LA4=127.0.0.1|App=%SystemRoot%\system32\svchost.exe|Svc=WcesComm|Name=@%systemroot%\WindowsMobile\wmdcBase.exe,-4002|Desc=@%systemroot%\WindowsMobile\wmdcBase.exe,-14002|EmbedCtxt=@%systemroot%\WindowsMobile\wmdcBase.exe,-4014| "{AA999182-1B04-49D1-AA00-2FCB078AD94A}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=%SystemRoot%\system32\svchost.exe|Svc=RapiMgr|Name=@%systemroot%\WindowsMobile\wmdcBase.exe,-4016|Desc=@%systemroot%\WindowsMobile\wmdcBase.exe,-14016|EmbedCtxt=@%systemroot%\WindowsMobile\wmdcBase.exe,-4014| "{D7D69799-D6DD-4026-80E0-B36F9C9DF63B}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=%SystemRoot%\system32\svchost.exe|Svc=RapiMgr|Name=@%systemroot%\WindowsMobile\wmdcBase.exe,-4016|Desc=@%systemroot%\WindowsMobile\wmdcBase.exe,-14016|EmbedCtxt=@%systemroot%\WindowsMobile\wmdcBase.exe,-4014| "{83A0C87D-6110-4D6B-B6BA-45CA0E761C5D}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Name=MyASUS-Service Center|Desc=MyASUS-Service Center|LUOwn=S-1-5-21-1346661418-3917707748-2786925825-1001|AppPkgId=S-1-15-2-545957056-798866350-1522785379-2444689802-67236901-3270837419-2293412403|EmbedCtxt=MyASUS-Service Center|Platform=2:6:2|Platform2=GTEQ| "{6C787E88-A0A9-4D8D-973D-AB3A3A59E9CB}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Name=RAR Opener|Desc=RAR Opener|LUOwn=S-1-5-21-1346661418-3917707748-2786925825-1001|AppPkgId=S-1-15-2-763371656-3803523123-1237537815-206218304-3662548687-1890980813-2411609970|EmbedCtxt=RAR Opener|Platform=2:6:2|Platform2=GTEQ| "{8788D4FB-464E-46C2-A23C-7EFBC86C81C8}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Program Files\GoPro\GoPro Desktop App\GoProLauncher.exe|Name=GoPro Launcher|Edge=TRUE| "{10D07014-DFB1-4D29-A65E-628E2648C936}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Program Files\GoPro\GoPro Desktop App\GoProIDService.exe|Name=GoPro ID Service|Edge=TRUE| "{345B3687-968A-47F8-9F4D-2AC697DC49C1}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Program Files\GoPro\GoPro Desktop App\GoProMsgBus.exe|Name=GoPro Messaging|Edge=TRUE| "{E75F2059-ED9D-472F-8A83-8F4198DCB661}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Program Files\GoPro\GoPro Desktop App\GoPro Quik.exe|Name=GoPro Desktop App|Edge=TRUE| "{1D7F9334-448C-4DF7-B254-FBCABF46295C}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Name=Xbox TCUI|Desc=Xbox TCUI|LUOwn=S-1-5-21-1346661418-3917707748-2786925825-1001|AppPkgId=S-1-15-2-2603511428-3224021693-1028932517-3941269705-3349582775-2312504883-4057327947|EmbedCtxt=Xbox TCUI|Platform=2:6:2|Platform2=GTEQ| "{90839865-C252-423B-9462-8FF039173977}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\TeamViewer\TeamViewer.exe|Name=Teamviewer Remote Control Application| "{330795B2-535F-4A6E-81A3-514B70F3AFF1}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\TeamViewer\TeamViewer.exe|Name=Teamviewer Remote Control Application| "{8354D7DE-F9E7-4178-8ADB-B3D4A7529C8D}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe|Name=Teamviewer Remote Control Service| "{B181FC74-6B2B-43A3-8C9F-5D26C2088844}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe|Name=Teamviewer Remote Control Service| "{FF06543E-C736-4045-922D-F4ED2EF93DF7}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-21-1346661418-3917707748-2786925825-500|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2:6:2|Platform2=GTEQ| "TCP Query User{81697323-6BE1-4534-9B49-7AFE01186A8E}C:\users\aurélie\appdata\roaming\spotify\spotify.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\aurélie\appdata\roaming\spotify\spotify.exe|Name=spotify.exe|Desc=spotify.exe|Defer=User| "UDP Query User{EF065E8D-AF55-4311-999E-FA12498DE79C}C:\users\aurélie\appdata\roaming\spotify\spotify.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\aurélie\appdata\roaming\spotify\spotify.exe|Name=spotify.exe|Desc=spotify.exe|Defer=User| "{8089BBA6-5237-4393-90F1-EA1FE91FF74B}"=v2.26|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\aurélie\appdata\roaming\spotify\spotify.exe|Name=spotify.exe|Desc=spotify.exe| "{24ED30EB-3ED4-4FC9-9384-4DA7BE525D6C}"=v2.26|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\aurélie\appdata\roaming\spotify\spotify.exe|Name=spotify.exe|Desc=spotify.exe| "{7C390112-0192-42AF-B74E-503762C2DFE8}"=v2.26|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe|Name=Apple Push Service|Edge=TRUE| "{A9AFF65E-1AA6-4BD0-A254-BCA062656AA2}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\Bonjour\mDNSResponder.exe|Name=Service Bonjour| "{A97E5402-C5BA-45C7-9FA4-A5AA477200FA}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\Bonjour\mDNSResponder.exe|Name=Service Bonjour| "{A73F7520-48A6-4F24-83F8-2780B37E1450}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Bonjour\mDNSResponder.exe|Name=Service Bonjour| "{4CED102A-BA7B-439B-AF8B-992ABD5A38F0}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Bonjour\mDNSResponder.exe|Name=Service Bonjour| "{51E9B1C5-2FA0-43F1-BAB1-728E04F2D30E}"=v2.26|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe|Name=Windows Live Communications Platform|Edge=TRUE| "{D470679B-D69E-4B0F-B9D5-5567876D9401}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|Name=Windows Live Communications Platform (UPnP)| "{E92273A2-A0C2-4FCE-9E79-A7DCBEED2784}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|Name=Windows Live Communications Platform (SSDP)| "{3CA41C1F-778F-43E0-A22A-208730EEBFCF}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-18|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2:6:2|Platform2=GTEQ| "{78FCB0D3-2BF8-4585-9B6F-FD68873409E5}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Pay|Desc=Microsoft Pay|LUOwn=S-1-5-21-1346661418-3917707748-2786925825-1001|AppPkgId=S-1-15-2-567501097-281763132-502764112-1855211022-3143306454-2372101908-561929011|EmbedCtxt=Microsoft Pay|Platform=2:6:2|Platform2=GTEQ| "{D678857F-72B4-499F-9750-792E0BE2CD46}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Win32WebViewHost|Desc=Win32WebViewHost|LUOwn=S-1-5-21-1346661418-3917707748-2786925825-1001|AppPkgId=S-1-15-2-1310292540-1029022339-4008023048-2190398717-53961996-4257829345-603366646|EmbedCtxt=Win32WebViewHost|Platform=2:6:2|Platform2=GTEQ| "{CCB6E15F-CE27-49D3-A909-B3074C451D6D}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Win32WebViewHost|Desc=Win32WebViewHost|LUOwn=S-1-5-21-1346661418-3917707748-2786925825-1001|AppPkgId=S-1-15-2-1310292540-1029022339-4008023048-2190398717-53961996-4257829345-603366646|EmbedCtxt=Win32WebViewHost|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{556A3B1B-8042-4193-BFE9-E6318C69CA63}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Shell Input Application|Desc=Shell Input Application|LUOwn=S-1-5-21-1346661418-3917707748-2786925825-1001|AppPkgId=S-1-15-2-3945102849-3632965805-3846928828-240845225-3300287824-62672950-817265009|EmbedCtxt=Shell Input Application|Platform=2:6:2|Platform2=GTEQ| "{685440C1-919E-416B-A233-E8D571B1695B}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox|Desc=Xbox|LUOwn=S-1-5-21-1346661418-3917707748-2786925825-1001|AppPkgId=S-1-15-2-4153522205-3718366397-1353898457-1332184198-1210887116-3116787857-2103916698|EmbedCtxt=Xbox|Platform=2:6:2|Platform2=GTEQ| "{C508CAE9-4FCA-428B-9179-64B055835523}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox|Desc=Xbox|LUOwn=S-1-5-21-1346661418-3917707748-2786925825-1001|AppPkgId=S-1-15-2-4153522205-3718366397-1353898457-1332184198-1210887116-3116787857-2103916698|EmbedCtxt=Xbox|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{7399C231-64EF-48A6-9955-4FFFC5D6919A}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Print 3D|Desc=Print 3D|LUOwn=S-1-5-21-1346661418-3917707748-2786925825-1001|AppPkgId=S-1-15-2-4177018473-2823706547-3652141868-2730301309-560159678-43221128-488844051|EmbedCtxt=Print 3D|Platform=2:6:2|Platform2=GTEQ| "{0937DF65-D83F-4A3E-9091-817C92152297}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Print 3D|Desc=Print 3D|LUOwn=S-1-5-21-1346661418-3917707748-2786925825-1001|AppPkgId=S-1-15-2-4177018473-2823706547-3652141868-2730301309-560159678-43221128-488844051|EmbedCtxt=Print 3D|Platform=2:6:2|Platform2=GTEQ| "{0376A2CB-FB2C-46B9-A42C-04EE2D3EA208}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=3D Builder|Desc=3D Builder|LUOwn=S-1-5-21-1346661418-3917707748-2786925825-1001|AppPkgId=S-1-15-2-3995430443-3719053022-3339397951-2895237338-2437516106-1575886070-2755610054|EmbedCtxt=3D Builder|Platform=2:6:2|Platform2=GTEQ| "{B0882BF2-5880-489D-8FAD-5247DC692D36}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{king.com.BubbleWitch3Saga_4.12.7.0_x86__kgqvnymyfvs32?ms-resource://king.com.BubbleWitch3Saga/Resources/AppName}|Desc=@{king.com.BubbleWitch3Saga_4.12.7.0_x86__kgqvnymyfvs32?ms-resource://king.com.BubbleWitch3Saga/Resources/AppName}|LUOwn=S-1-5-21-1346661418-3917707748-2786925825-1001|AppPkgId=S-1-15-2-2480992608-1527340332-3131305588-448447103-1026586663-3117074242-2125591980|EmbedCtxt=@{king.com.BubbleWitch3Saga_4.12.7.0_x86__kgqvnymyfvs32?ms-resource://king.com.BubbleWitch3Saga/Resources/AppName}|Platform=2:6:2|Platform2=GTEQ| "{20666CE0-F0F0-4DBB-9185-2EB4052A241E}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox gaming overlay|Desc=Xbox gaming overlay|LUOwn=S-1-5-21-1346661418-3917707748-2786925825-1001|AppPkgId=S-1-15-2-1714399563-1326177402-2048222277-143663168-2151391019-765408921-4098702777|EmbedCtxt=Xbox gaming overlay|Platform=2:6:2|Platform2=GTEQ| "{48E0034E-98FF-4E06-852E-74129D935263}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Minecraft for Windows 10|Desc=Minecraft for Windows 10|LUOwn=S-1-5-21-1346661418-3917707748-2786925825-1001|AppPkgId=S-1-15-2-1958404141-86561845-1752920682-3514627264-368642714-62675701-733520436|EmbedCtxt=Minecraft for Windows 10|Platform=2:6:2|Platform2=GTEQ| "{CC4DDB77-45AE-431C-AB44-0025C6EDEAD7}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Minecraft for Windows 10|Desc=Minecraft for Windows 10|LUOwn=S-1-5-21-1346661418-3917707748-2786925825-1001|AppPkgId=S-1-15-2-1958404141-86561845-1752920682-3514627264-368642714-62675701-733520436|EmbedCtxt=Minecraft for Windows 10|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{7EB1FA64-EF00-4FF6-B366-D2E7E96BDE62}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Autodesk SketchBook|Desc=Autodesk SketchBook|LUOwn=S-1-5-21-1346661418-3917707748-2786925825-1001|AppPkgId=S-1-15-2-1047515161-358678321-1182485124-675918906-21415711-1529155774-789380781|EmbedCtxt=Autodesk SketchBook|Platform=2:6:2|Platform2=GTEQ| "{0867C646-9CE9-4DCA-8A52-65FD604D19A1}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Autodesk SketchBook|Desc=Autodesk SketchBook|LUOwn=S-1-5-21-1346661418-3917707748-2786925825-1001|AppPkgId=S-1-15-2-1047515161-358678321-1182485124-675918906-21415711-1529155774-789380781|EmbedCtxt=Autodesk SketchBook|Platform=2:6:2|Platform2=GTEQ| "{3D4AC955-45AC-400D-90BC-250BE5DB5578}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Candy Crush Soda Saga|Desc=Candy Crush Soda Saga|LUOwn=S-1-5-21-1346661418-3917707748-2786925825-1001|AppPkgId=S-1-15-2-3055884410-2067824683-223899546-422323478-2359388318-2114876276-1379654078|EmbedCtxt=Candy Crush Soda Saga|Platform=2:6:2|Platform2=GTEQ| "{0BC7444D-A32E-4078-8EAC-7897BA38AC6D}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe|Name=Avast Emergency Update| "{A528362B-710C-4A06-A990-AA3B7E2FE2B4}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe|Name=Avast Emergency Update| "{4854A2B2-7CF8-40ED-858B-368AAB84FAC6}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-1346661418-3917707748-2786925825-1001|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ| "{7CB59D67-B786-4755-BAA0-333250571956}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-1346661418-3917707748-2786925825-1001|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ| "{9A815F59-3705-4148-B911-4C0B7078E390}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{A278AB0D.MarchofEmpires_3.6.2.3_x86__h6adky7gbf63m?ms-resource://A278AB0D.MarchofEmpires/Resources/MarchOfEmpires}|Desc=@{A278AB0D.MarchofEmpires_3.6.2.3_x86__h6adky7gbf63m?ms-resource://A278AB0D.MarchofEmpires/Resources/MarchOfEmpires}|LUOwn=S-1-5-21-1346661418-3917707748-2786925825-1001|AppPkgId=S-1-15-2-792116756-2163651165-1029707900-2144380252-3717869303-3061844081-355238664|EmbedCtxt=@{A278AB0D.MarchofEmpires_3.6.2.3_x86__h6adky7gbf63m?ms-resource://A278AB0D.MarchofEmpires/Resources/MarchOfEmpires}|Platform=2:6:2|Platform2=GTEQ| "{482F6165-C58A-4D09-B22E-51704D722B89}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{A278AB0D.MarchofEmpires_3.6.2.3_x86__h6adky7gbf63m?ms-resource://A278AB0D.MarchofEmpires/Resources/MarchOfEmpires}|Desc=@{A278AB0D.MarchofEmpires_3.6.2.3_x86__h6adky7gbf63m?ms-resource://A278AB0D.MarchofEmpires/Resources/MarchOfEmpires}|LUOwn=S-1-5-21-1346661418-3917707748-2786925825-1001|AppPkgId=S-1-15-2-792116756-2163651165-1029707900-2144380252-3717869303-3061844081-355238664|EmbedCtxt=@{A278AB0D.MarchofEmpires_3.6.2.3_x86__h6adky7gbf63m?ms-resource://A278AB0D.MarchofEmpires/Resources/MarchOfEmpires}|Platform=2:6:2|Platform2=GTEQ| "{999BEF3F-6F65-485C-9EAE-CB3BD8F28D8D}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Netflix|Desc=Netflix|LUOwn=S-1-5-21-1346661418-3917707748-2786925825-1001|AppPkgId=S-1-15-2-444797119-353723001-3522112724-563070080-1809981734-922308773-1844997097|EmbedCtxt=Netflix|Platform=2:6:2|Platform2=GTEQ| "{D85197E6-0504-4530-B3F3-F26938809896}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Netflix|Desc=Netflix|LUOwn=S-1-5-21-1346661418-3917707748-2786925825-1001|AppPkgId=S-1-15-2-444797119-353723001-3522112724-563070080-1809981734-922308773-1844997097|EmbedCtxt=Netflix|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{B6E38982-98F1-487C-BA4B-7AC56C8E6E6C}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-1346661418-3917707748-2786925825-1001|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ| "{8CDFB13B-BED0-49BF-A5FD-9A586C967B62}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-1346661418-3917707748-2786925825-1001|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ| "{3620DC1B-C5BF-4237-8F26-C3D207DEFD82}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox Game bar|Desc=Xbox Game bar|LUOwn=S-1-5-21-1346661418-3917707748-2786925825-1001|AppPkgId=S-1-15-2-1823635404-1364722122-2170562666-1762391777-2399050872-3465541734-3732476201|EmbedCtxt=Xbox Game bar|Platform=2:6:2|Platform2=GTEQ| "{0ABCCF66-6670-4E99-A147-1D38D9F36EB1}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Sticky Notes|Desc=Microsoft Sticky Notes|LUOwn=S-1-5-21-1346661418-3917707748-2786925825-1001|AppPkgId=S-1-15-2-3539788797-2700867667-1432428195-1581642-2885308443-3834444517-2495346167|EmbedCtxt=Microsoft Sticky Notes|Platform=2:6:2|Platform2=GTEQ| "{E3C00EBB-982C-46E4-8E88-3327731203C1}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Microsoft Sticky Notes|Desc=Microsoft Sticky Notes|LUOwn=S-1-5-21-1346661418-3917707748-2786925825-1001|AppPkgId=S-1-15-2-3539788797-2700867667-1432428195-1581642-2885308443-3834444517-2495346167|EmbedCtxt=Microsoft Sticky Notes|Platform=2:6:2|Platform2=GTEQ| ---------- | Control\Class [HKLM\SYSTEM\CurrentControlSet\Control\Class\{05f5cfe2-4733-4950-a6bb-07aad01a3a84}] : (XboxComposite) [] -> @dc1-controller.inf,%ClassName%;Xbox Peripherals [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1264760F-A5C8-4BFE-B314-D56A7B44A362}] : (DXGKrnl) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{13e42dfa-85d9-424d-8646-28a70f864f9c}] : (RemotePosDevice) [] -> @remoteposdrv.inf,%ClassName%;POS Remote Device [HKLM\SYSTEM\CurrentControlSet\Control\Class\{14b62f50-3f15-11dd-ae16-0800200c9a66}] : (DigitalMediaDevices) [] -> @digitalmediadevice.inf,%ClassName%;Digital Media Devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}] : (PrintQueue) [] -> @printqueue.inf,%ClassName%;Print queues [HKLM\SYSTEM\CurrentControlSet\Control\Class\{25dbce51-6c8f-4a72-8a6d-b54c2b4fc835}] : (WCEUSBS) [] -> @%SystemRoot%\System32\SysClass.Dll,-3026 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{268c95a1-edfe-11d3-95c3-0010dc4050a5}] : (SecurityAccelerator) [] -> @c_sslaccel.inf,%ClassName%;Security accelerators [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2a9fe532-0cdc-44f9-9827-76192f2ca2fb}] : (HidMsr) [] -> @c_magneticstripereader.inf,%ClassName%;POS HID Magnetic Stripe Reader [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2db15374-706e-4131-a0c7-d7c78eb0289a}] : (SystemRecovery) [] -> @c_fssystemrecovery.inf,%ClassDesc%;FS System recovery filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B648}] : (fvevol) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B649}] : (fvevol) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{36fc9e60-c465-11cf-8056-444553540000}] : (USB) [] -> @%SystemRoot%\System32\SysClass.Dll,-3025 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3e3f0674-c83c-4558-bb26-9820e1eba5c5}] : (ContentScreener) [] -> @c_fscontentscreener.inf,%ClassDesc%;FS Content screener filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{43675d81-502a-4a82-9f84-b75f418c5dea}] : (Media Center Extender) [] -> @c_mcx.inf,%ClassDesc%;Media Center Extenders [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4658ee7e-f050-11d1-b6bd-00c04fa372a7}] : (PnpPrinters) [] -> @%SystemRoot%\system32\ntprint.dll,-1300 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{48721b56-6795-11d2-b1a8-0080c72e74a2}] : (Dot4) [] -> @%SystemRoot%\system32\sysclass.dll,-3023 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{48d3ebc4-4cf8-48ff-b869-9c68ad42eb9f}] : (Replication) [] -> @c_fsreplication.inf,%ClassDesc%;FS Replication filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{49ce6ac8-6f86-11d2-b1e5-0080c72e74a2}] : (Dot4Print) [] -> @%SystemRoot%\system32\sysclass.dll,-3024 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e965-e325-11ce-bfc1-08002be10318}] : (CDROM) [] -> @%SystemRoot%\System32\StorProp.dll,-17001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e966-e325-11ce-bfc1-08002be10318}] : (Computer) [] -> @%SystemRoot%\System32\SysClass.dll,-3000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}] : (DiskDrive) [] -> @c_diskdrive.inf,%ClassDesc%;Disk drives [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}] : (Display) [] -> @c_display.inf,%ClassDesc%;Display adapters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e969-e325-11ce-bfc1-08002be10318}] : (FDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3013 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96a-e325-11ce-bfc1-08002be10318}] : (HDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96b-e325-11ce-bfc1-08002be10318}] : (Keyboard) [] -> @%SystemRoot%\System32\SysClass.Dll,-3002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96c-e325-11ce-bfc1-08002be10318}] : (MEDIA) [] -> @%SystemRoot%\System32\mmci.dll,-3000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}] : (Modem) [] -> @%SystemRoot%\System32\mdminst.dll,-14100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96e-e325-11ce-bfc1-08002be10318}] : (Monitor) [] -> @c_monitor.inf,%ClassDesc%;Monitors [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96f-e325-11ce-bfc1-08002be10318}] : (Mouse) [] -> @%SystemRoot%\System32\SysClass.Dll,-3004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e970-e325-11ce-bfc1-08002be10318}] : (MTD) [] -> @%SystemRoot%\System32\SysClass.Dll,-3021 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e971-e325-11ce-bfc1-08002be10318}] : (MultiFunction) [] -> @%SystemRoot%\System32\SysClass.Dll,-3014 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}] : (Net) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1502 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e973-e325-11ce-bfc1-08002be10318}] : (NetClient) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1504 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e974-e325-11ce-bfc1-08002be10318}] : (NetService) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1505 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e975-e325-11ce-bfc1-08002be10318}] : (NetTrans) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1503 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e977-e325-11ce-bfc1-08002be10318}] : (PCMCIA) [] -> @%SystemRoot%\System32\SysClass.Dll,-3010 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e978-e325-11ce-bfc1-08002be10318}] : (Ports) [] -> @%SystemRoot%\System32\msports.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e979-e325-11ce-bfc1-08002be10318}] : (Printer) [] -> @%SystemRoot%\system32\ntprint.dll,-1004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97b-e325-11ce-bfc1-08002be10318}] : (SCSIAdapter) [] -> @%SystemRoot%\System32\SysClass.Dll,-3005 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97d-e325-11ce-bfc1-08002be10318}] : (System) [] -> @%SystemRoot%\System32\SysClass.Dll,-3008 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97e-e325-11ce-bfc1-08002be10318}] : (Unknown) [] -> @%SystemRoot%\System32\SysClass.Dll,-3009 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e980-e325-11ce-bfc1-08002be10318}] : (FloppyDisk) [] -> @%SystemRoot%\System32\SysClass.Dll,-3015 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4fc9541c-0fe6-4480-a4f6-9495a0d17cd2}] : (HidLineDisplay) [] -> @c_linedisplay.inf,%ClassName%;POS Line Display [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50127dc3-0f36-415e-a6cc-4cb3be910b65}] : (Processor) [] -> @c_processor.inf,%ClassDesc%;Processors [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50906cb8-ba12-11d1-bf5d-0000f805f530}] : (MultiPortSerial) [] -> @%SystemRoot%\system32\sysclass.dll,-3022 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5099944a-f6b9-4057-a056-8c550228544c}] : (Memory) [] -> @%SystemRoot%\System32\SysClass.Dll,-3018 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50dd5230-ba8a-11d1-bf5d-0000f805f530}] : (SmartCardReader) [] -> @%SystemRoot%\System32\StorProp.dll,-17002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5175d334-c371-4806-b3ba-71fd53c9258d}] : (Sensor) [] -> @%SystemRoot%\system32\SensorsCpl.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{533c5b84-ec70-11d2-9505-00c04f79deaf}] : (VolumeSnapshot) [] -> @%SystemRoot%\System32\SysClass.Dll,-3011 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53487c23-680f-4585-acc3-1f10d6777e82}] : (SmrDisk) [] -> @c_smrdisk.inf,%ClassDesc%;Shingled magnetic recording disks [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53966cb1-4d46-4166-bf23-c522403cd495}] : (ScmDisk) [] -> @c_scmdisk.inf,%ClassDesc%;Persistent memory disks [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53b3cf03-8f5a-4788-91b6-d19ed9fcccbf}] : (SmrVolume) [] -> @c_smrvolume.inf,%ClassDesc%;Shingled magnetic recording volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53ccb149-e543-4c84-b6e0-bce4f6b7e806}] : (ScmVolume) [] -> @c_scmvolume.inf,%ClassDesc%;Storage Class Memory volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53d29ef7-377c-4d14-864b-eb3a85769359}] : (Biometric) [] -> @%SystemRoot%\System32\SysClass.DLL,-3028 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5630831c-06c9-4856-b327-f5d32586e060}] : (Proximity) [] -> @c_proximity.inf,%ClassDesc%;Proximity devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5989fce8-9cd0-467d-8a6a-5419e31529d4}] : (AudioProcessingObject) [] -> @c_apo.inf,%ClassDesc%;Audio Processing Objects (APOs) [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5aea001d-9372-4ed7-97f3-b79bf15a53c5}] : (OposLegacyDevice) [] -> @oposdrv.inf,%ClassName%;OPOS Legacy Device [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5c4c3332-344d-483c-8739-259e934c9cc8}] : (SoftwareComponent) [] -> @c_swcomponent.inf,%ClassDesc%;Software components [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5d1b9aaa-01e2-46af-849f-272b3f324c46}] : (FSFilterSystem) [] -> @c_fssystem.inf,%ClassDesc%;FS System filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{62f9c741-b25a-46ce-b54c-9bccce08b6f2}] : (SoftwareDevice) [] -> @c_swdevice.inf,%ClassDesc%;Software devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{645ad99b-1344-4316-837a-08a3e73db222}] : (PerceptionSimulation) [] -> @PerceptionSimulationSixDof.inf,%ClassName%;Perception Simulation Controllers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6a0a8e78-bba6-4fc4-a709-1e33cd09d67e}] : (PhysicalQuotaManagement) [] -> @c_fsphysicalquotamgmt.inf,%ClassDesc%;FS Physical quota management filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc1-810f-11d0-bec7-08002be2092f}] : (1394) [] -> @%SystemRoot%\System32\SysClass.Dll,-3016 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc5-810f-11d0-bec7-08002be2092f}] : (Infrared) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1501 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc6-810f-11d0-bec7-08002be2092f}] : (Image) [] -> @%SystemRoot%\system32\sti_ci.dll,-52 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6d807884-7d21-11cf-801c-08002be10318}] : (TapeDrive) [] -> @%SystemRoot%\System32\SysClass.Dll,-3006 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6FAE73B7-B735-4B50-A0DA-0DC2484B1F1A}] : (BasicDisplay) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{71a27cdd-812a-11d0-bec7-08002be2092f}] : (Volume) [] -> @c_volume.inf,%ClassDesc%;Storage volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{71aa14f8-6fad-4622-ad77-92bb9d7e6947}] : (ContinuousBackup) [] -> @c_fscontinuousbackup.inf,%ClassDesc%;FS Continuous backup filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{72631e54-78a4-11d0-bcf7-00aa00b7b32a}] : (Battery) [] -> @%SystemRoot%\system32\powrprof.dll,-611 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{745a17a0-74d3-11d0-b6fe-00a0c90f57da}] : (HIDClass) [] -> @%SystemRoot%\System32\hid.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{772e18f2-8925-4229-a5ac-6453cb482fda}] : (HidCashDrawer) [] -> @c_cashdrawer.inf,%ClassName%;POS Cash Drawer [HKLM\SYSTEM\CurrentControlSet\Control\Class\{78a1c341-4539-11d3-b88d-00c04fad5171}] : (Universal Serial Bus devices) [] -> @oem17.inf,%ClassName%;Universal Serial Bus devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{7ebefbc0-3200-11d2-b4c2-00a0c9697d07}] : (61883) [] -> @%SystemRoot%\System32\SysClass.Dll,-3019 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{81C87465-DE07-4EFC-9D93-61E891D52FD2}] : (RdpVideoMiniport) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8503c911-a6c7-4919-8f79-5028f5866b0c}] : (QuotaManagement) [] -> @c_fsquotamgmt.inf,%ClassDesc%;FS Quota management filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{87ef9ad1-8f70-49ee-b215-ab1fcadcbe3c}] : (NetDriver) [] -> @c_netdriver.inf,%ClassDesc%;Universal Network Drivers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{88a1c342-4539-11d3-b88d-00c04fad5171}] : (TS_Generic) [] -> @ts_generic.inf,%TSClassName%;Generic Remote Desktop devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{88bae032-5a81-49f0-bc3d-a4ff138216d6}] : (USBDevice) [] -> @%SystemRoot%\System32\SysClass.Dll,-3029 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{89786ff1-9c12-402f-9c9e-17753c7f4375}] : (CopyProtection) [] -> @c_fscopyprotection.inf,%ClassDesc%;FS Copy protection filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8ecc055d-047f-11d1-a537-0000f8753ed1}] : (LegacyDriver) [] -> @%SystemRoot%\System32\SysClass.Dll,-3003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{990a2bd7-e738-46c7-b26f-1cf8fb9f1391}] : (SmartCard) [] -> @%SystemRoot%\System32\SysClass.DLL,-3031 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{9da2b80f-f89f-4a49-a5c2-511b085b9e8a}] : (EhStorSilo) [] -> @rawsilo.inf,%ClassName%;IEEE 1667 silo and control devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a588a4-c46f-4b37-b7ea-c82fe89870c6}] : (SDHost) [] -> @%SystemRoot%\System32\SysClass.Dll,-3012 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a701c0-a511-42ff-aa6c-06dc0395576f}] : (Encryption) [] -> @c_fsencryption.inf,%ClassDesc%;FS Encryption filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{A3E32DBA-BA89-4F17-8386-2D0127FBD4CC}] : (rdpbus) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b1d1a169-c54f-4379-81db-bee7d88d7454}] : (AntiVirus) [] -> @c_fsantivirus.inf,%ClassDesc%;FS Anti-virus filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b2728d24-ac56-42db-9e02-8edaf5db652f}] : (RDCamera) [] -> @rdcameradriver.inf,%ClassName%;Remote Desktop Camera devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b86dff51-a31e-4bac-b3cf-e8cfe75c9fc2}] : (ActivityMonitor) [] -> @c_fsactivitymonitor.inf,%ClassDesc%;FS Activity monitor filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{bbbe8734-08fa-4966-b6a6-4e5ad010cdd7}] : (USBFunctionController) [] -> @%SystemRoot%\System32\SysClass.Dll,-3030 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c06ff265-ae09-48f0-812c-16753d7cba83}] : (AVC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3027 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c166523c-fe0c-4a94-a586-f1a80cfbbf3e}] : (AudioEndpoint) [] -> @audioendpoint.inf,%ClassName%;Audio inputs and outputs [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c243ffbd-3afc-45e9-b3d3-2ba18bc7ebc5}] : (BarcodeScanner) [] -> @c_barcodescanner.inf,%ClassName%;POS Barcode Scanner [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c3077fcd-9c3c-482f-9317-460712f23efd}] : (DPTF) [] -> @oem22.inf,%ClassName%;Intel(R) Dynamic Platform and Thermal Framework [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c30ecea0-11ef-4ef9-b02e-6af81e6e65c0}] : (WSDPrintDevice) [] -> @wsdprint.inf,%ClassName%;WSD Print Provider [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c7bc9b22-21f0-4f0d-9bb6-66c229b8cd33}] : (POSPrinter) [] -> @c_receiptprinter.inf,%ClassName%;POS Receipt Printer [HKLM\SYSTEM\CurrentControlSet\Control\Class\{ca3e7ab9-b4c3-4ae6-8251-579ef933890f}] : (Camera) [] -> @c_camera.inf,%ClassDesc%;Cameras [HKLM\SYSTEM\CurrentControlSet\Control\Class\{cdcf0939-b75b-4630-bf76-80f7ba655884}] : (CFSMetadataServer) [] -> @c_fscfsmetadataserver.inf,%ClassDesc%;FS CFS metadata server filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{ce5939ae-ebde-11d0-b181-0000f8753ec4}] : (MediumChanger) [] -> @%SystemRoot%\System32\StorProp.dll,-17003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d02bc3da-0c8e-4945-9bd5-f1883c226c8c}] : (SecurityEnhancer) [] -> @c_fssecurityenhancer.inf,%ClassDesc%;FS Security enhancer filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d421b08e-6d16-41ca-9c4d-9147e5ac98e0}] : (Miracast) [] -> @miradisp.inf,%ClassName%;Miracast display devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d48179be-ec20-11d1-b6b8-00c04fa372a7}] : (SBP2) [] -> @%SystemRoot%\System32\SysClass.Dll,-3017 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d546500a-2aeb-45f6-9482-f4b1799c3177}] : (HSM) [] -> @c_fshsm.inf,%ClassDesc%;FS HSM filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d612553d-06b1-49ca-8938-e39ef80eb16f}] : (Holographic) [] -> @c_holographic.inf,%ClassName%;Mixed Reality devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d61ca365-5af4-4486-998b-9db4734c6ca3}] : (XnaComposite) [] -> @xusb22.inf,%XUSB22.ClassName%;Xbox 360 Peripherals [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d94ee5d8-d189-4994-83d2-f68d7d41b0e6}] : (SecurityDevices) [] -> @%SystemRoot%\System32\SysClass.Dll,-3020 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{db4f6ddd-9c0e-45e4-9597-78dbbad0f412}] : (SmartCardFilter) [] -> @%SystemRoot%\System32\SysClass.DLL,-3032 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e0cbf06c-cd8b-4647-bb8a-263b43f0f974}] : (Bluetooth) [] -> @%SystemRoot%\system32\bthci.dll,-4001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e2f84ce7-8efa-411c-aa69-97454ca4cb57}] : (Extension) [] -> @c_extension.inf,%ClassDesc%;Extensions [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e55fa6f9-128c-4d04-abab-630c74b1453a}] : (Infrastructure) [] -> @c_fsinfrastructure.inf,%ClassDesc%;FS Infrastructure filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e6f1aa1c-7f3b-4473-b2e8-c97d8ac71d53}] : (UCM) [] -> @c_ucm.inf,%ClassDesc%;USB Connector Managers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{eb781aaf-9c70-4523-a5df-642a87eca567}] : (libusb-win32 devices) [] -> libusb-win32 devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{eec5ad98-8080-425f-922a-dabf3de3f69a}] : (WPD) [] -> @%SystemRoot%\System32\wpd_ci.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f2e7dd72-6468-4e36-b6f1-6488f42c1b52}] : (Firmware) [] -> @c_firmware.inf,%ClassDesc%;Firmware [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f3586baf-b5aa-49b5-8d6c-0569284c639f}] : (Compression) [] -> @c_fscompression.inf,%ClassDesc%;FS Compression filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f75a86c0-10d8-4c3a-b233-ed60e4cdfaac}] : (Virtualization) [] -> @c_fsvirtualization.inf,%ClassDesc%;FS Virtualization filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f8ecafa6-66d1-41a5-899b-66585d7216b7}] : (OpenFileBackup) [] -> @c_fsopenfilebackup.inf,%ClassDesc%;FS Open file backup filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{fe8f1572-c67a-48c0-bbac-0b5c6d66cafb}] : (Undelete) [] -> @c_fsundelete.inf,%ClassDesc%;FS Undelete filters [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5] -> elstrans.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) ---------- | Loaded modules (whitelist) [02/07/2013 16:45:54] - (1.0.6.1) - (ASUSTek Computer Inc. - ATK WMIACPI Utility) - C:\Program Files (x86)\ASUS\ATK WMIACPI\atkwmiacpi64.sys [04/07/2017 16:59:36] - (10.0.0.345) - (Qualcomm Atheros Communications, Inc. - Qualcomm Atheros Extensible Wireless LAN device driver) - C:\WINDOWS\System32\drivers\athw10x.sys [26/08/2016 02:10:42] - (10.0.1.11) - (Qualcomm Atheros - Qualcomm Atheros BtFilter Driver) - C:\WINDOWS\system32\DRIVERS\btfilter.sys ---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service S0 - [Kernel Driver] - 3ware () -> System32\drivers\3ware.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - ACPI (@acpi.inf,%ACPI.SvcDesc%;Microsoft ACPI Driver) -> System32\drivers\ACPI.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - acpiex (Microsoft ACPIEx Driver) -> System32\Drivers\acpiex.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - ADP80XX () -> System32\drivers\ADP80XX.SYS - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdsata () -> System32\drivers\amdsata.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdsbs () -> System32\drivers\amdsbs.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdxata () -> System32\drivers\amdxata.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - arcsas (@arcsas.inf,%arcsas_ServiceName%;Adaptec SAS/SATA-II RAID Storport's Miniport Driver) -> System32\drivers\arcsas.sys - AcceptPause: False - AcceptStop: False R0 - [File System Driver] - aswbidsh (aswbidsh) -> system32\drivers\aswbidsha.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - aswblog (aswblog) -> system32\drivers\aswbloga.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - aswbuniv (aswbuniv) -> system32\drivers\aswbuniva.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - aswElam (aswElam) -> system32\drivers\aswElam.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - aswRvrt (aswRvrt) -> system32\drivers\aswRvrt.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - aswVmm (aswVmm) -> system32\drivers\aswVmm.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - atapi (@mshdc.inf,%idechannel.DeviceDesc%;IDE Channel) -> System32\drivers\atapi.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - b06bdrv (@netbvbda.inf,%vbd_srv_desc%;QLogic Network Adapter VBD) -> System32\drivers\bxvbda.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - bttflt (@virtdisk.inf,%service_desc%;Microsoft Hyper-V VHDPMEM BTT Filter) -> System32\drivers\bttflt.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - cht4iscsi () -> System32\drivers\cht4sx64.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - CLFS (@%SystemRoot%\system32\drivers\clfs.sys,-100) -> System32\drivers\CLFS.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - CNG () -> System32\Drivers\cng.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - Disk (@disk.inf,%disk_ServiceDesc%;Disk Driver) -> System32\drivers\disk.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - ebdrv (@netevbda.inf,%vbd_srv_desc%;QLogic 10 Gigabit Ethernet Adapter VBD) -> System32\drivers\evbda.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - EhStorClass (@%SystemRoot%\system32\drivers\EhStorClass.sys,-100) -> System32\drivers\EhStorClass.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - EhStorTcgDrv (@ehstortcgdrv.inf,%EhStorTcgDrv.Desc%;Microsoft driver for storage devices supporting IEEE 1667 and TCG protocols) -> System32\drivers\EhStorTcgDrv.sys - AcceptPause: False - AcceptStop: False R0 - [File System Driver] - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) -> System32\drivers\fileinfo.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) -> system32\drivers\fltmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) -> System32\DRIVERS\fvevol.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - HpSAMD () -> System32\drivers\HpSAMD.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) -> System32\drivers\hwpolicy.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - iaStorAVC (@iastorav.inf,%iaStorAVC.DeviceDesc%;Intel Chipset SATA RAID Controller) -> System32\drivers\iaStorAVC.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - iaStorV (@iastorv.inf,%*PNP0600.DeviceDesc%;Intel RAID Controller Windows 7) -> System32\drivers\iaStorV.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - intelide () -> System32\drivers\intelide.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - intelpep (@intelpep.inf,%INTELPEP.SVCDESC%;Intel(R) Power Engine Plug-in Driver) -> System32\drivers\intelpep.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - iorate (@%SystemRoot%\system32\drivers\iorate.sys,-101) -> system32\drivers\iorate.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - isapnp () -> System32\drivers\isapnp.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - ItSas35i () -> System32\drivers\ItSas35i.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - KSecDD () -> System32\Drivers\ksecdd.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - KSecPkg () -> System32\Drivers\ksecpkg.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - LSI_SAS () -> System32\drivers\lsi_sas.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SAS2i () -> System32\drivers\lsi_sas2i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SAS3i () -> System32\drivers\lsi_sas3i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SSS () -> System32\drivers\lsi_sss.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasas () -> System32\drivers\megasas.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasas2i () -> System32\drivers\MegaSas2i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasas35i () -> System32\drivers\megasas35i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasr () -> System32\drivers\megasr.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) -> System32\drivers\mountmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - msisadrv () -> System32\drivers\msisadrv.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - Mup (@%systemroot%\system32\drivers\mup.sys,-101) -> System32\Drivers\mup.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - mvumis () -> System32\drivers\mvumis.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) -> system32\drivers\ndis.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - nvraid () -> System32\drivers\nvraid.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - nvstor () -> System32\drivers\nvstor.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) -> System32\drivers\partmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - pci (@pci.inf,%pci_svcdesc%;Pilote de bus PCI) -> System32\drivers\pci.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - pciide () -> System32\drivers\pciide.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - pcmcia () -> System32\drivers\pcmcia.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - pcw (Performance Counters for Windows Driver) -> System32\drivers\pcw.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - pdc (@%SystemRoot%\system32\drivers\pdc.sys,-100) -> system32\drivers\pdc.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - percsas2i () -> System32\drivers\percsas2i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - percsas3i () -> System32\drivers\percsas3i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - Ramdisk (Windows RAM Disk Driver) -> system32\DRIVERS\ramdisk.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - rdyboost (ReadyBoost) -> System32\drivers\rdyboost.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - sbp2port (@sbp2.inf,%sbp2_ServiceDesc%;SBP-2 Transport/Protocol Bus Driver) -> System32\drivers\sbp2port.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - scmbus (@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver) -> System32\drivers\scmbus.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - SgrmAgent (@%SystemRoot%\System32\Drivers\SgrmAgent.sys,-1001) -> system32\drivers\SgrmAgent.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - SiSRaid2 () -> System32\drivers\SiSRaid2.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - SiSRaid4 () -> System32\drivers\sisraid4.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - spaceport (@spaceport.inf,%Spaceport_ServiceDesc%;Storage Spaces Driver) -> System32\drivers\spaceport.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - stexstor () -> System32\drivers\stexstor.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - storahci (@mshdc.inf,%storahci_ServiceDescription%;Microsoft Standard SATA AHCI Driver) -> System32\drivers\storahci.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - storflt (@wstorflt.inf,%service_desc%;Microsoft Hyper-V Storage Accelerator) -> System32\drivers\vmstorfl.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - stornvme (@stornvme.inf,%StorNVMe_ServiceDesc%;Microsoft Standard NVM Express Driver) -> System32\drivers\stornvme.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storufs (@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver) -> System32\drivers\storufs.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storvsc () -> System32\drivers\storvsc.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - Tcpip (@%SystemRoot%\system32\drivers\tcpip.sys,-10001) -> System32\drivers\tcpip.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - vdrvroot (@vdrvroot.inf,%vdrvroot_svcdesc%;Microsoft Virtual Drive Enumerator) -> System32\drivers\vdrvroot.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - vmbus (@wvmbus.inf,%vmbus.SVCDESC%;Virtual Machine Bus) -> System32\drivers\vmbus.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - volmgr (@volmgr.inf,%volmgr_svcdesc%;Volume Manager Driver) -> System32\drivers\volmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) -> System32\drivers\volmgrx.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volsnap (@%SystemRoot%\system32\drivers\volsnap.sys,-100) -> System32\drivers\volsnap.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volume (@volume.inf,%VolumeServiceDesc%;Volume driver) -> System32\drivers\volume.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - vsmraid () -> System32\drivers\vsmraid.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - VSTXRAID (@vstxraid.inf,%Driver.DeviceDesc%;VIA StorX Storage RAID Controller Windows Driver) -> System32\drivers\vstxraid.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) -> system32\drivers\Wdf01000.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WFPLWFS (@%SystemRoot%\System32\drivers\wfplwfs.sys,-6000) -> System32\drivers\wfplwfs.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WindowsTrustedRT (Windows Trusted Execution Environment Class Extension) -> system32\drivers\WindowsTrustedRT.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WindowsTrustedRTProxy (@WindowsTrustedRTProxy.inf,%WindowsTrustedRTProxy.SVCDESC%;Microsoft Windows Trusted Runtime Secure Service) -> System32\drivers\WindowsTrustedRTProxy.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - Wof (Windows Overlay File System Filter Driver) -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) -> \SystemRoot\system32\drivers\afd.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - afunix (afunix) -> \SystemRoot\system32\drivers\afunix.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - ahcache (@%systemroot%\system32\drivers\ahcache.sys,-102) -> system32\DRIVERS\ahcache.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - aswArPot (aswArPot) -> system32\drivers\aswArPot.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - aswbidsdriver (aswbidsdriver) -> system32\drivers\aswbidsdrivera.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - aswHdsKe (aswHdsKe) -> system32\drivers\aswHdsKe.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - aswKbd (aswKbd) -> system32\drivers\aswKbd.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - aswRdr (aswRdr) -> system32\drivers\aswRdr2.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - aswSnx (aswSnx) -> system32\drivers\aswSnx.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - aswSP (aswSP) -> system32\drivers\aswSP.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - ATKWMIACPIIO (ATKWMIACPI Driver) -> \??\C:\Program Files (x86)\ASUS\ATK WMIACPI\atkwmiacpi64.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - bam (@%SystemRoot%\system32\drivers\bam.sys,-100) -> system32\drivers\bam.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - BasicDisplay () -> \SystemRoot\System32\drivers\BasicDisplay.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - BasicRender () -> \SystemRoot\System32\drivers\BasicRender.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Beep (Beep) -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - cdrom (@cdrom.inf,%cdrom_ServiceDesc%;CD-ROM Driver) -> \SystemRoot\System32\drivers\cdrom.sys - AcceptPause: False - AcceptStop: True S1 - [Kernel Driver] - dam (@%SystemRoot%\system32\drivers\dam.sys,-100) -> system32\drivers\dam.sys - AcceptPause: False - AcceptStop: False R1 - [File System Driver] - Dfsc (@%systemroot%\system32\wkssvc.dll,-1008) -> System32\Drivers\dfsc.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - DXGKrnl (LDDM Graphics Subsystem) -> \SystemRoot\System32\drivers\dxgkrnl.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - FileCrypt (@%systemroot%\system32\drivers\filecrypt.sys,-100) -> system32\drivers\filecrypt.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - GpuEnergyDrv (@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100) -> System32\drivers\gpuenergydrv.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - Msfs () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - mssmbios (@mssmbios.inf,%mssmbios_svcdesc%;Microsoft System Management BIOS Driver) -> \SystemRoot\System32\drivers\mssmbios.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - NetBIOS (@%windir%\system32\drivers\netbios.sys,-503) -> system32\drivers\netbios.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - NetBT (@%SystemRoot%\system32\drivers\netbt.sys,-2) -> System32\DRIVERS\netbt.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - Npfs () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - npsvctrig (@npsvctrig.inf,%NPSVCTRIG.SvcDisplayName%;Named pipe service trigger provider) -> \SystemRoot\System32\drivers\npsvctrig.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) -> system32\drivers\nsiproxy.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Null () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Psched (@%windir%\System32\drivers\pacer.sys,-101) -> System32\drivers\pacer.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) -> system32\DRIVERS\rdbss.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) -> \SystemRoot\system32\DRIVERS\tdx.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - vwififlt (@%SystemRoot%\System32\drivers\vwififlt.sys,-259) -> System32\drivers\vwififlt.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - aswMonFlt (aswMonFlt) -> system32\drivers\aswMonFlt.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - aswStm (aswStm) -> system32\drivers\aswStm.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - CldFlt (Windows Cloud Files Filter Driver) -> system32\drivers\cldflt.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - lltdio (@%SystemRoot%\system32\lltdres.dll,-6) -> system32\drivers\lltdio.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) -> \SystemRoot\system32\drivers\luafv.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - MMCSS (@%systemroot%\system32\drivers\mmcss.sys,-100) -> \SystemRoot\system32\drivers\mmcss.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - MsLldp (@%SystemRoot%\system32\drivers\mslldp.sys,-200) -> system32\drivers\mslldp.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - Ndu (@%SystemRoot%\system32\drivers\Ndu.sys,-10001) -> system32\drivers\Ndu.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - PEAUTH (PEAUTH) -> system32\drivers\peauth.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - rspndr (@%SystemRoot%\system32\lltdres.dll,-5) -> system32\drivers\rspndr.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - srv (@%systemroot%\system32\srvsvc.dll,-102) -> System32\DRIVERS\srv.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - storqosflt (@%SystemRoot%\System32\drivers\storqosflt.sys,-101) -> system32\drivers\storqosflt.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - tcpipreg (TCP/IP Registry Compatibility) -> System32\drivers\tcpipreg.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - wanarp (@%systemroot%\system32\mprmsg.dll,-32011) -> System32\DRIVERS\wanarp.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - wcifs (@%systemroot%\system32\drivers\wcifs.sys,-100) -> \SystemRoot\system32\drivers\wcifs.sys - AcceptPause: False - AcceptStop: True ---------- | System files (Microsoft|Avast|Atheros|Adaptec|Brother|Intel Files whitelisted) ---------- | Uninstall (Whitelist) [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Intel Security Software Manager] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{4C61E52C-8D3A-4B91-885B-9E7346C05197}] : (Intel® Trusted Connect Service Client.-.Intel Corporation) -> MsiExec.exe /I{4C61E52C-8D3A-4B91-885B-9E7346C05197} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}] : (Bonjour.-.Apple Inc.) -> MsiExec.exe /X{56DDDFB8-7F79-4480-89D5-25E1F52AB28F} ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{777EA93E-0A40-4F3F-89B9-714B892EB63E}] : (Intel(R) Trusted Execution Engine.-.Intel Corporation) -> MsiExec.exe /I{777EA93E-0A40-4F3F-89B9-714B892EB63E} ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{78D9CF6F-9917-485B-BC90-5D4C0EC0344B}] : (GoPro Quik.-.GoPro, Inc.) -> MsiExec.exe /X{78D9CF6F-9917-485B-BC90-5D4C0EC0344B} ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{81520FC5-3518-40E9-9803-70CE8A801D07}] : (Intel(R) Chipset Device Software.-.Intel Corporation) -> MsiExec.exe /I{81520FC5-3518-40E9-9803-70CE8A801D07} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{A84A4FB1-D703-48DB-89E0-68B6499D2801}] : (Qualcomm Atheros Bluetooth Suite (64).-.Qualcomm Atheros) -> MsiExec.exe /X{A84A4FB1-D703-48DB-89E0-68B6499D2801} ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{ADD11C17-A09A-4E65-9BE7-DF21AE15AAD8}] : (Intel(R) TXE Storage Proxy Driver.-.Intel Corporation) -> MsiExec.exe /I{ADD11C17-A09A-4E65-9BE7-DF21AE15AAD8} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{BD6778C5-6FA5-492A-ADD6-E706339C2A7B}] : (Apple Mobile Device Support.-.Apple Inc.) -> MsiExec.exe /I{BD6778C5-6FA5-492A-ADD6-E706339C2A7B} ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{D559687A-60C5-4786-9429-C21EC195789D}] : (ANT Drivers Installer x64.-.Garmin Ltd or its subsidiaries) -> MsiExec.exe /I{D559687A-60C5-4786-9429-C21EC195789D} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{F0C4B709-8BF4-4A72-B527-12E7BF5482F8}] : (Apple Application Support (64 bits).-.Apple Inc.) -> MsiExec.exe /I{F0C4B709-8BF4-4A72-B527-12E7BF5482F8} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{F3D76007-5A86-4D79-AFF5-103760F02B60}] : (iTunes.-.Apple Inc.) -> MsiExec.exe /I{F3D76007-5A86-4D79-AFF5-103760F02B60} ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{F4055BFD-7A72-4B3F-BF12-20031B6DDBD1}] : (Intel(R) Trusted Execution Engine Driver.-.Intel Corporation) -> MsiExec.exe /I{F4055BFD-7A72-4B3F-BF12-20031B6DDBD1} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\AmUStor] : (.-.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield Uninstall Information] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{04768366-F421-4BA5-8423-B84F644B5249}] : (ASUS HiPost.-.ASUS) -> MsiExec.exe /I{04768366-F421-4BA5-8423-B84F644B5249} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{0969AF05-4FF6-4C00-9406-43599238DE0D}] : (ASUS Splendid Video Enhancement Technology.-.ASUS) -> MsiExec.exe /X{0969AF05-4FF6-4C00-9406-43599238DE0D} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{0BF90608-2F95-4C7C-9A85-E90E0CAF4FE9}] : (Elevated Installer.-.Garmin Ltd or its subsidiaries) -> MsiExec.exe /I{0BF90608-2F95-4C7C-9A85-E90E0CAF4FE9} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}] : (AudioWizard.-.ICEpower a/s) -> MsiExec.exe /X{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{8D6B05E0-F457-408C-9D13-549334D8FAE1}] : (Device Setup.-.ASUSTek COMPUTER INC.) -> MsiExec.exe /I{8D6B05E0-F457-408C-9D13-549334D8FAE1} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{8F21291E-0444-4B1D-B9F9-4370A73E346D}] : (WinFlash.-.ASUSTeK COMPUTER INC.) -> MsiExec.exe /X{8F21291E-0444-4B1D-B9F9-4370A73E346D} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{95D0EADA-5123-41C0-931A-F37946BC0E8E}] : (Garmin Express.-.Garmin Ltd or its subsidiaries) -> MsiExec.exe /I{95D0EADA-5123-41C0-931A-F37946BC0E8E} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{9C4B0706-9F9A-47BF-B417-0A111FC52B04}] : (ASUS Device Activation.-.ASUSTeK COMPUTER INC.) -> MsiExec.exe /X{9C4B0706-9F9A-47BF-B417-0A111FC52B04} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AB4E4E64-6DA2-4E43-969E-83ACB1F57BB6}] : (Alcor Micro USB Card Reader Driver.-.Alcor Micro Corp.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-0804-1033-1959-001824298644}] : (Adobe Refresh Manager.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-0804-1033-1959-001824298644} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}] : (Adobe Acrobat Reader DC - Français.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-AC0F074E4100} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{BC7C46A4-D7A7-48EC-A98C-32A7762B5EFA}] : (Apple Application Support (32 bits).-.Apple Inc.) -> MsiExec.exe /I{BC7C46A4-D7A7-48EC-A98C-32A7762B5EFA} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}] : (Apple Software Update.-.Apple Inc.) -> MsiExec.exe /I{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{DFBA9C7C-2BCF-4E4C-9D09-E4A6B3AAF7E2}] : (ATK WMIACPI Utility.-.ASUS) -> MsiExec.exe /I{DFBA9C7C-2BCF-4E4C-9D09-E4A6B3AAF7E2} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}] : (ASUS Live Update.-.ASUS) -> MsiExec.exe /X{FA540E67-095C-4A1B-97BA-4D547DEC9AF4} ---------- | Ports ---------- | Installer [HKCR\Installer\Products\00006109C80000000100000000F01FEC] : Office 16 Click-to-Run Extensibility Component [HKCR\Installer\Products\00006109C800C0400100000000F01FEC] : Office 16 Click-to-Run Localization Component [HKCR\Installer\Products\00006109E70000000100000000F01FEC] : Office 16 Click-to-Run Licensing Component [HKCR\Installer\Products\0E50B6D8754FC804D9314539438DAF1E] : Device Setup -> C:\windows\Installer\{8D6B05E0-F457-408C-9D13-549334D8FAE1}\_6FEFF9B68218417F98F549.exe [HKCR\Installer\Products\0EFF299C23CA9AF4CBA91F36B7E956D5] : Photo Gallery [HKCR\Installer\Products\1BF4A48A307DBD84980E866B94D98210] : Qualcomm Atheros Bluetooth Suite (64) -> C:\Windows\Installer\{A84A4FB1-D703-48DB-89E0-68B6499D2801}\ARPPRODUCTICON.exe [HKCR\Installer\Products\2A077E75FAB2AAC4AB3ADB98E622453D] : AudioWizard -> C:\Windows\Installer\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}\ARPPRODUCTICON.exe [HKCR\Installer\Products\46E4E4BA2AD634E469E938CA1B5FB76B] : Alcor Micro USB Card Reader Driver -> C:\Windows\Installer\{AB4E4E64-6DA2-4E43-969E-83ACB1F57BB6}\ARPPRODUCTICON.exe [HKCR\Installer\Products\4A64C7CB7A7DCE849AC8237A67B2E5AF] : Apple Application Support (32 bits) -> C:\Windows\Installer\{BC7C46A4-D7A7-48EC-A98C-32A7762B5EFA}\WinInstall.ico [HKCR\Installer\Products\50FA96906FF400C4496034952983EDD0] : ASUS Splendid Video Enhancement Technology -> C:\Windows\Installer\{0969AF05-4FF6-4C00-9406-43599238DE0D}\_853F67D554F05449430E7E.exe [HKCR\Installer\Products\5C8776DB5AF6A294DA6D7E6033C9A2B7] : Apple Mobile Device Support -> C:\Windows\Installer\{BD6778C5-6FA5-492A-ADD6-E706339C2A7B}\Installer.ico [HKCR\Installer\Products\5CF0251881539E04893007ECA808D170] : Intel(R) Chipset Device Software [HKCR\Installer\Products\6070B4C9A9F9FB744B71A011F15CB240] : ASUS Device Activation -> C:\WINDOWS\Installer\{9C4B0706-9F9A-47BF-B417-0A111FC52B04}\MyIcon [HKCR\Installer\Products\66386740124F5AB448328BF446B42594] : ASUS HiPost -> C:\Windows\Installer\{04768366-F421-4BA5-8423-B84F644B5249}\_853F67D554F05449430E7E.exe [HKCR\Installer\Products\68AB67CA408033019195008142926844] : Adobe Refresh Manager -> C:\WINDOWS\Installer\{AC76BA86-0804-1033-1959-001824298644}\ARPPRODUCTICON.exe [HKCR\Installer\Products\68AB67CA7DA76301B744CAF070E41400] : Adobe Acrobat Reader DC - Français -> C:\Windows\Installer\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}\SC_Reader.ico [HKCR\Installer\Products\70067D3F68A597D4FA5F0173060FB206] : iTunes -> C:\Windows\Installer\{F3D76007-5A86-4D79-AFF5-103760F02B60}\Installer.ico [HKCR\Installer\Products\71C11DDAA90A56E4B97EFD12EA51AA8D] : Intel(R) TXE Storage Proxy Driver [HKCR\Installer\Products\76E045AFC590B1A479ABD445D7CEA94F] : ASUS Live Update -> C:\Windows\Installer\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}\MyIcon2 [HKCR\Installer\Products\7BD4C90EC03660F46A13E87A329932FA] : D3DX10 [HKCR\Installer\Products\7DEDDF5C7CED4B84FA8DFD8B0ADF91A9] : Update for Windows 10 for x64-based Systems (KB4023057) [HKCR\Installer\Products\80609FB059F2C7C4A9589EE0C0FAF49E] : Elevated Installer -> C:\WINDOWS\Installer\{0BF90608-2F95-4C7C-9A85-E90E0CAF4FE9}\express.ico [HKCR\Installer\Products\8BFDDD6597F70844985D521E5FA22BF8] : Bonjour -> C:\Windows\Installer\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}\Bonjour.ico [HKCR\Installer\Products\8CDD41E806AE81E43B3E917301D4B5AD] : MSVCRT110 [HKCR\Installer\Products\907B4C0F4FB827A45B72217EFB45288F] : Apple Application Support (64 bits) -> C:\Windows\Installer\{F0C4B709-8BF4-4A72-B527-12E7BF5482F8}\WinInstall.ico [HKCR\Installer\Products\96530F83636A3FC4DBED30C2C8523140] : Movie Maker [HKCR\Installer\Products\99E80CA9B0328e74791254777B1F42AE] : [HKCR\Installer\Products\A2DFBB1CDDCB3B54C8B066DB3494078A] : Apple Software Update -> C:\Windows\Installer\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}\Installer.ico [HKCR\Installer\Products\A6C64DD86500CEF47BA082BB611A1FF1] : MSVCRT [HKCR\Installer\Products\A75F0AACC8AB8DA4AA303FB2E0F46532] : Photo Common [HKCR\Installer\Products\A786955D5C06687449922CE11C5987D9] : ANT Drivers Installer x64 [HKCR\Installer\Products\ADAE0D5932150C1439A13F9764CBE0E8] : Garmin Express [HKCR\Installer\Products\B4EB76DD26E75124FA3A1F328A003A98] : Movie Maker [HKCR\Installer\Products\C25E16C4A3D819B488B5E937640C1579] : Intel® Trusted Connect Service Client [HKCR\Installer\Products\C7C9ABFDFCB2C4E4D9904E6A3BAA7F2E] : ATK WMIACPI Utility -> C:\Windows\Installer\{DFBA9C7C-2BCF-4E4C-9D09-E4A6B3AAF7E2}\_6FEFF9B68218417F98F549.exe [HKCR\Installer\Products\DC276626FCFB9A94EAEFBAF0DEB3CFB5] : Gestionnaire pour appareils Windows Mobile -> C:\WINDOWS\Installer\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}\wmdc.exe [HKCR\Installer\Products\DFB5504F27A7F3B4FB210230B1D6BD1D] : Intel(R) Trusted Execution Engine Driver [HKCR\Installer\Products\E19212F84440D1B49B9F34077AE343D6] : WinFlash -> C:\Windows\Installer\{8F21291E-0444-4B1D-B9F9-4370A73E346D}\MyIcon [HKCR\Installer\Products\E39AE77704A0F3F4989B17B498E26BE3] : Intel(R) Trusted Execution Engine [HKCR\Installer\Products\E66BAA708174D2242981A4BFC329A217] : Photo Gallery [HKCR\Installer\Products\F6FC9D877199B584CB09D5C4E00C43B4] : GoPro Quik -> C:\WINDOWS\Installer\{78D9CF6F-9917-485B-BC90-5D4C0EC0344B}\AppIcon.exe ---------- | ADS ---------- | Drives ---------- | MBR 64 bits not supported by MBR.exe, Dump : C:\QuickDiag\MBR.Bin ---------- | 20 LastEventLog Impossible d’ajouter le couple de modifications codé en dur « http -> http » au moteur : Non implémenté. Le vérificateur d’orthographe reste disponible. ------------ Task Scheduling Error: m->NextScheduledSPRetry 15500 ------------ Task Scheduling Error: m->NextScheduledEvent 15500 ------------ Task Scheduling Error: Continuously busy for more than a second ------------ Impossible d’ajouter le couple de modifications codé en dur « http -> http » au moteur : Non implémenté. Le vérificateur d’orthographe reste disponible. ------------ Nom de l’application défaillante UpdateChecker.exe, version : 0.0.0.0, horodatage : 0x576b4ce8 Nom du module défaillant : alvupdt.dll, version : 1.0.0.10, horodatage : 0x579eb55e Code d’exception : 0xc0000005 Décalage d’erreur : 0x0001c346 ID du processus défaillant : 0xa18 Heure de début de l’application défaillante : 0x01d488051d0e67fc Chemin d’accès de l’application défaillante : C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe Chemin d’accès du module défaillant: C:\Program Files (x86)\ASUS\ASUS Live Update\alvupdt.dll ID de rapport : e6440d2f-afbc-42e1-a736-59cd6771d70a Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Task Scheduling Error: m->NextScheduledSPRetry 15766 ------------ Task Scheduling Error: m->NextScheduledEvent 15766 ------------ Task Scheduling Error: Continuously busy for more than a second ------------ Task Scheduling Error: m->NextScheduledSPRetry 11547 ------------ Task Scheduling Error: m->NextScheduledEvent 11547 ------------ Task Scheduling Error: Continuously busy for more than a second ------------ Task Scheduling Error: m->NextScheduledSPRetry 9641 ------------ Task Scheduling Error: m->NextScheduledEvent 9641 ------------ Task Scheduling Error: Continuously busy for more than a second ------------ Task Scheduling Error: m->NextScheduledSPRetry 5875 ------------ Task Scheduling Error: m->NextScheduledEvent 5875 ------------ Task Scheduling Error: Continuously busy for more than a second ------------ Task Scheduling Error: m->NextScheduledSPRetry 3688 ------------ ----------( EOF)---------- - 4138 | 18:43:16