--------------- QuickDiag | g3n-h@ckm@n | V5_27.02.19.1 --------------- ----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 17/03/2019 16:34:59 Updated 27/02/2019 | 11:10 (GMT) by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Time Zone : (UTC+01:00) Bruxelles, Copenhague, Madrid, Paris [famille penaib (Administrator)] - [DESKTOP-GCRG7F9] (S-1-5-21-2558606646-2195665510-3164333630-1002) System: Microsoft Windows 10 Famille - - (10.0.17134) - BuildType: Multiprocessor Free - OSLanguage: 1036 (040c) -> (1803) System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True Boot : Microsoft Windows 10 Famille|C:\WINDOWS|\Device\Harddisk0\Partition3 Boot : Normal boot PC: MS-7996 - MSI - IdNumber: Default string - UUID: 00000000-0000-0000-0000-4CCC6A439E34 Processor : X64 - 3696 Mhz - Intel(R) Core(TM) i3-6100 CPU @ 3.70GHz 2.50 - - American Megatrends Inc. - S/N: Default string - 2.50 - ALASKA - 1072009 CoreTemp : 29.8 Celsius ----------| Quick ---------- | SoundDevice NVIDIA High Definition Audio - Status: OK - Manufacturer: NVIDIA - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10DE&DEV_0072&SUBSYS_10B01402&REV_1001\5&2BE1EFBA&0&0001 NVIDIA Virtual Audio Device (Wave Extensible) (WDM) - Status: OK - Manufacturer: NVIDIA - PNPDeviceID: ROOT\UNNAMED_DEVICE\0000 Realtek High Definition Audio - Status: OK - Manufacturer: Realtek - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0887&SUBSYS_1462F996&REV_1003\4&34661159&0&0001 ---------- | Video NVIDIA GeForce GTX 950 - Resolution: 1680x1050 - Colors: 4294967296 - RefreshRate: 59 - 32 Bits Per Pixel - DeviceID: VideoController1 - Drivers: C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_2e7fa54192fe16d0\nvldumdx.dll,C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_2e7fa54192fe16d0\nvldumdx.dll,C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_2e7fa54192fe16d0\nvldumdx.dll,C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_2e7fa54192fe16d0\nvldumdx.dll - PNPDeviceID: PCI\VEN_10DE&DEV_1402&SUBSYS_140210B0&REV_A1\4&1AE457E0&0&0008 - AdapterCompatibility: NVIDIA - RAM: -2147483648 Inegrated Video Chipset DeviceName: NVIDIA GeForce GTX 950 - DriverVersion: 23.21.13.8813 - SpecificationVersion: 1025 ---------- | Codecs c:\windows\system32\tsbyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 16896 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 34696 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\iyuv_32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 53760 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msvidc32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 39424 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\l3codeca.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 86016 - Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK c:\windows\system32\msg711.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 25408 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msrle32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 17920 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msgsm32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 42480 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\imaadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 36264 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 28160 - Manufacturer: Microsoft Corporation - Status: OK ---------- | CPU CPU #1 value:5 % CPU #2 value:11 % CPU #3 value:29 % CPU #4 value:64 % Total Overall CPU Usage value:27 % ---------- | Network Realtek PCIe GBE Family Controller : SENT:0 bytes/sec / RECVD:0 bytes/sec N300 USB Network Adapter : SENT:582 bytes/sec / RECVD:582 bytes/sec Overall -> SEND Maxium:27 bytes/sec, / RECEIVE Maximum:582 bytes/sec Microsoft Kernel Debug Network Adapter - - Microsoft - Status: - PnPID : ROOT\KDNIC\0000 Realtek PCIe GBE Family Controller - Ethernet 802.3 - Realtek - Status: - PnPID : PCI\VEN_10EC&DEV_8168&SUBSYS_79961462&REV_15\4&1C0E5B7D&0&00E0 N300 USB Network Adapter - Ethernet 802.3 - Belkin International, Inc. - Status: - PnPID : USB\VID_050D&PID_2103\00E04C000001 Microsoft Wi-Fi Direct Virtual Adapter - Ethernet 802.3 - Microsoft - Status: - PnPID : {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP_WFD\6&FDD6453&0&11 Microsoft Wi-Fi Direct Virtual Adapter #2 - Ethernet 802.3 - Microsoft - Status: - PnPID : {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP_WFD\6&FDD6453&0&12 WAN Miniport (SSTP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_SSTPMINIPORT WAN Miniport (IKEv2) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_AGILEVPNMINIPORT WAN Miniport (L2TP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_L2TPMINIPORT WAN Miniport (PPTP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_PPTPMINIPORT WAN Miniport (PPPOE) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_PPPOEMINIPORT WAN Miniport (IP) - Ethernet 802.3 - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_NDISWANIP WAN Miniport (IPv6) - Ethernet 802.3 - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_NDISWANIPV6 WAN Miniport (Network Monitor) - Ethernet 802.3 - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_NDISWANBH RAS Async Adapter - - - Status: - PnPID : TAP-Windows Adapter V9 - Ethernet 802.3 - TAP-Windows Provider V9 - Status: - PnPID : ROOT\NET\0001 ---------- | Memory RAM = Total (MB) : 8351 | Free (MB) : 5063 Pagefile = Total (MB) : 10120 | Free (MB) : 6782 Virtual = Total (MB) : 4194 | Free (MB) : 3879 Physical Memory 0 : Capacity: 8589934592 - ChannelA-DIMM0 - Posit.: 0 - Manufacturer: 0420 - PartNumber: F4-2400C15-8GNT - S/N: 00000000 ---------- | SID Users Administrateur : [S-1-5-21-2558606646-2195665510-3164333630-500] DefaultAccount : [S-1-5-21-2558606646-2195665510-3164333630-503] famille penaib : [S-1-5-21-2558606646-2195665510-3164333630-1002] Invité : [S-1-5-21-2558606646-2195665510-3164333630-501] WDAGUtilityAccount : [S-1-5-21-2558606646-2195665510-3164333630-504] Administrateurs : [S-1-5-32-544] IIS_IUSRS : [S-1-5-32-568] Invités : [S-1-5-32-546] Lecteurs des journaux d’événements : [S-1-5-32-573] System Managed Accounts Group : [S-1-5-32-581] Utilisateurs : [S-1-5-32-545] Utilisateurs de gestion à distance : [S-1-5-32-580] Utilisateurs de l’Analyseur de performances : [S-1-5-32-558] Utilisateurs du journal de performances : [S-1-5-32-559] Utilisateurs du modèle COM distribué : [S-1-5-32-562] ---------- | SystemAccounts Name: Tout le monde - SID: S-1-1-0 - SIDType: 5 - Status: OK Name: LOCAL - SID: S-1-2-0 - SIDType: 5 - Status: OK Name: CREATEUR PROPRIETAIRE - SID: S-1-3-0 - SIDType: 5 - Status: OK Name: GROUPE CREATEUR - SID: S-1-3-1 - SIDType: 5 - Status: OK Name: CREATOR OWNER SERVER - SID: S-1-3-2 - SIDType: 5 - Status: OK Name: CREATOR GROUP SERVER - SID: S-1-3-3 - SIDType: 5 - Status: OK Name: DROITS DU PROPRIÉTAIRE - SID: S-1-3-4 - SIDType: 5 - Status: OK Name: LIGNE - SID: S-1-5-1 - SIDType: 5 - Status: OK Name: RESEAU - SID: S-1-5-2 - SIDType: 5 - Status: OK Name: TACHE - SID: S-1-5-3 - SIDType: 5 - Status: OK Name: INTERACTIF - SID: S-1-5-4 - SIDType: 5 - Status: OK Name: SERVICE - SID: S-1-5-6 - SIDType: 5 - Status: OK Name: ANONYMOUS LOGON - SID: S-1-5-7 - SIDType: 5 - Status: OK Name: Proxy - SID: S-1-5-8 - SIDType: 5 - Status: OK Name: Système - SID: S-1-5-18 - SIDType: 5 - Status: OK Name: ENTERPRISE DOMAIN CONTROLLERS - SID: S-1-5-9 - SIDType: 5 - Status: OK Name: SELF - SID: S-1-5-10 - SIDType: 5 - Status: OK Name: Utilisateurs authentifiés - SID: S-1-5-11 - SIDType: 5 - Status: OK Name: RESTRICTED - SID: S-1-5-12 - SIDType: 5 - Status: OK Name: UTILISATEUR TERMINAL SERVER - SID: S-1-5-13 - SIDType: 5 - Status: OK Name: REMOTE INTERACTIVE LOGON - SID: S-1-5-14 - SIDType: 5 - Status: OK Name: IUSR - SID: S-1-5-17 - SIDType: 5 - Status: OK Name: SERVICE LOCAL - SID: S-1-5-19 - SIDType: 5 - Status: OK Name: SERVICE RÉSEAU - SID: S-1-5-20 - SIDType: 5 - Status: OK Name: BUILTIN - SID: S-1-5-32 - SIDType: 3 - Status: OK ---------- | Drives C:\ -> [Fixed] | [Windows] | Total : 118.19 Go | Free : 3.75 Go -> NTFS (SSD) [SATA] E:\ -> [Fixed] | [Nouveau nom] | Total : 931.39 Go | Free : 382.05 Go -> NTFS [SATA] Disk Usage Information [2 total Physical Disks] Physical Drive #0 [C:] : Read:0 bytes/sec, Written:512,917 bytes/sec Max Read:0 bytes/sec, Max Write:512,917 bytes/sec Physical Drive #1 [E:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Overall - Read Maximum:0 bytes/sec, Write Maximum:512,917 bytes/sec DeviceID: \\.\PHYSICALDRIVE0 - Status: OK - IDE - Fixed hard disk media - 3 Part. - PnPID : SCSI\DISK&VEN_LDLC___&PROD_\4&7042F81&0&000000 DeviceID: \\.\PHYSICALDRIVE1 - Status: OK - IDE - Fixed hard disk media - 1 Part. - PnPID : SCSI\DISK&VEN_WD_____&PROD_WD10EZEX-00WN4A0\4&7042F81&0&010000 ---------- | Windows updates - Activation - License W.A.T : :) Test 1 : Windows Is Activated Test 2 : Possible Fixed Windows Volume License ---------- | Browsers IE : 11.0.17134.1 (© Microsoft Corporation. Tous droits réservés.) GC : 72.0.3626.121 (Copyright 2018 Google Inc.) Default : "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "" ---------- | FlashPlayer FlashPlayer ActiveX : 29.0.0.140 ---------- | Security AS : Windows Defender Disabled FW : Kaspersky Free Disabled WMI : OK WU: Windows Update Service [Manual(3)] = Running AS: Windows Defender [Manual(3)] = stopped WMI: Windows Management Instrumentation [Auto(2)] = Running ---------- | Running processes 488 | [Owner : Système | Parent : 4(System) | ?????] - (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (10.0.17134.1) = C:\Windows\System32\smss.exe [12/04/2018 00:34:22] CPU Usage:0 % 744 | [Owner : Système | Parent : 724() | ?????] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (10.0.17134.1) = C:\Windows\System32\csrss.exe [12/04/2018 00:34:22] CPU Usage:0 % 848 | [Owner : Système | Parent : 832() | ?????] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (10.0.17134.1) = C:\Windows\System32\csrss.exe [12/04/2018 00:34:22] CPU Usage:0 % 876 | [Owner : Système | Parent : 724() | ?????] - (.Microsoft Corporation - Application de démarrage de Windows.) - (10.0.17134.1) = C:\Windows\System32\wininit.exe [12/04/2018 00:34:22] CPU Usage:0 % 956 | [Owner : Système | Parent : 832() | 10.14 Mo] - (.Microsoft Corporation - Application d’ouverture de session Windows.) - (10.0.17134.165) = C:\Windows\System32\winlogon.exe [05/09/2018 23:32:33] CPU Usage:0 % 976 | [Owner : Système | Parent : 876(wininit.exe) | ?????] - (.Microsoft Corporation - Applications Services et Contrôleur.) - (10.0.17134.191) = C:\Windows\System32\services.exe [05/09/2018 23:32:41] CPU Usage:0 % 1016 | [Owner : Système | Parent : 876(wininit.exe) | 17.63 Mo] - (.Microsoft Corporation - Local Security Authority Process.) - (10.0.17134.1) = C:\Windows\System32\lsass.exe [12/04/2018 00:34:23] CPU Usage:0 % 852 | [Owner : Système | Parent : 976(services.exe) | 3.92 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 676 | [Owner : Système | Parent : 976(services.exe) | 24.88 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 704 | [Owner : UMFD-0 | Parent : 876(wininit.exe) | 13.1 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.17134.228) = C:\Windows\System32\fontdrvhost.exe [05/09/2018 23:32:42] CPU Usage:0 % 1032 | [Owner : UMFD-1 | Parent : 956(winlogon.exe) | 43.82 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.17134.228) = C:\Windows\System32\fontdrvhost.exe [05/09/2018 23:32:42] CPU Usage:0 % 1132 | [Owner : SERVICE RÉSEAU | Parent : 976(services.exe) | 13.98 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 1184 | [Owner : Système | Parent : 976(services.exe) | 8.15 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 1248 | [Owner : DWM-1 | Parent : 956(winlogon.exe) | 54.08 Mo] - (.Microsoft Corporation - Gestionnaire de fenêtres du Bureau.) - (10.0.17134.1) = C:\Windows\System32\dwm.exe [12/04/2018 00:34:19] CPU Usage:0 % 1328 | [Owner : Système | Parent : 976(services.exe) | 7.5 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 1340 | [Owner : Système | Parent : 976(services.exe) | 12.57 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 1452 | [Owner : Système | Parent : 976(services.exe) | 9.63 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 1484 | [Owner : Système | Parent : 976(services.exe) | 15.07 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 1520 | [Owner : SERVICE LOCAL | Parent : 976(services.exe) | 10.96 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 1528 | [Owner : SERVICE LOCAL | Parent : 976(services.exe) | 19.63 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 1552 | [Owner : SERVICE LOCAL | Parent : 976(services.exe) | 21.43 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 1600 | [Owner : Système | Parent : 976(services.exe) | 10.64 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 1620 | [Owner : Système | Parent : 976(services.exe) | 5.96 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 1816 | [Owner : SERVICE LOCAL | Parent : 976(services.exe) | 8.81 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 1848 | [Owner : SERVICE LOCAL | Parent : 976(services.exe) | 7.63 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 1880 | [Owner : Système | Parent : 976(services.exe) | 12.34 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 1888 | [Owner : Système | Parent : 976(services.exe) | 9.23 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 1976 | [Owner : Système | Parent : 976(services.exe) | 10.7 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.2.0.0) = C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [08/02/2017 23:30:19] CPU Usage:0 % 2044 | [Owner : SERVICE RÉSEAU | Parent : 976(services.exe) | 11.93 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 2080 | [Owner : Système | Parent : 976(services.exe) | 11.81 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 2088 | [Owner : Système | Parent : 976(services.exe) | 5.84 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 2100 | [Owner : SERVICE LOCAL | Parent : 976(services.exe) | 9.5 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 2112 | [Owner : SERVICE LOCAL | Parent : 976(services.exe) | 7.89 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 2128 | [Owner : Système | Parent : 976(services.exe) | 7.55 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 2152 | [Owner : Système | Parent : 1976(NVDisplay.Container.exe) | 23.67 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.2.0.0) = C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [08/02/2017 23:30:19] CPU Usage:0 % 2312 | [Owner : Système | Parent : 976(services.exe) | 8.27 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 2388 | [Owner : SERVICE LOCAL | Parent : 976(services.exe) | 7.83 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 2396 | [Owner : Système | Parent : 976(services.exe) | 8.14 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 2524 | [Owner : SERVICE LOCAL | Parent : 976(services.exe) | 10.22 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 2656 | [Owner : SERVICE LOCAL | Parent : 976(services.exe) | 12.37 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 2728 | [Owner : SERVICE LOCAL | Parent : 976(services.exe) | 6.66 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 2736 | [Owner : SERVICE RÉSEAU | Parent : 976(services.exe) | 8.59 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 2744 | [Owner : SERVICE LOCAL | Parent : 976(services.exe) | 12.64 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 2848 | [Owner : Système | Parent : 976(services.exe) | 14.08 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 2924 | [Owner : SERVICE LOCAL | Parent : 976(services.exe) | 7.46 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 2992 | [Owner : Système | Parent : 976(services.exe) | 16.27 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 3028 | [Owner : Système | Parent : 976(services.exe) | 13.72 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 2464 | [Owner : Système | Parent : 976(services.exe) | 16.77 Mo] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.17134.1) = C:\Windows\System32\spoolsv.exe [12/04/2018 00:34:41] CPU Usage:0 % 3096 | [Owner : SERVICE RÉSEAU | Parent : 976(services.exe) | 8.07 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 3104 | [Owner : Système | Parent : 976(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 3316 | [Owner : Système | Parent : 976(services.exe) | 17.04 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 3328 | [Owner : Système | Parent : 976(services.exe) | 28.14 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 3336 | [Owner : SERVICE RÉSEAU | Parent : 976(services.exe) | 10.3 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 3352 | [Owner : SERVICE LOCAL | Parent : 976(services.exe) | 16.72 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 3372 | [Owner : Système | Parent : 976(services.exe) | 6.68 Mo] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - (1.824.31.1644) = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [16/12/2018 19:29:48] CPU Usage:0 % 3384 | [Owner : Système | Parent : 976(services.exe) | 8.97 Mo] - (.Adobe Systems Incorporated - Adobe Update Service.) - (4.1.1.202) = C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [04/06/2017 06:19:38] CPU Usage:0 % 3396 | [Owner : Système | Parent : 976(services.exe) | 9.46 Mo] - (.NVIDIA Corporation - NVIDIA GeForce ExperienceService.) - (2.11.3.5) = C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [02/08/2016 11:45:42] CPU Usage:0 % 3420 | [Owner : Système | Parent : 976(services.exe) | 28.1 Mo] - (.McAfee, Inc. - McAfee WebAdvisor.) - (4.1.0.19) = C:\Program Files\McAfee\WebAdvisor\servicehost.exe [20/02/2019 12:57:05] CPU Usage:0 % 3436 | [Owner : SERVICE LOCAL | Parent : 976(services.exe) | 6.5 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 3460 | [Owner : Système | Parent : 976(services.exe) | 52.2 Mo] - (.GleenHook - Security Client.) - (2.7.0.0) = C:\Windows\SecSrv\secmgr.exe [17/06/2016 16:38:56] CPU Usage:0 % 3468 | [Owner : Système | Parent : 976(services.exe) | 8.43 Mo] - (.NVIDIA Corporation - NVIDIA Network Service.) - (2.4.13.69) = C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [02/08/2016 11:45:08] CPU Usage:0 % 3476 | [Owner : Système | Parent : 976(services.exe) | 32.1 Mo] - (.Microsoft Corporation - Microsoft Office Click-to-Run (SxS).) - (16.0.9226.2156) = C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe [05/02/2016 17:16:13] CPU Usage:0 % 3516 | [Owner : Système | Parent : 976(services.exe) | 11.32 Mo] - (.Adobe Systems, Incorporated - Adobe Genuine Software Service.) - (6.2.0.190) = C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [11/05/2018 11:50:52] CPU Usage:0 % 3528 | [Owner : Système | Parent : 976(services.exe) | 14.58 Mo] - (.Adobe Systems, Incorporated - Adobe Genuine Software Integrity Service.) - (6.2.0.190) = C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [26/09/2016 12:55:26] CPU Usage:0 % 3536 | [Owner : Système | Parent : 976(services.exe) | 5.63 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 3544 | [Owner : SERVICE LOCAL | Parent : 976(services.exe) | 11.03 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 3552 | [Owner : Système | Parent : 976(services.exe) | 7.43 Mo] - (.Reason Software Company Inc. - Unchecky Service.) - (1.2.0.0) = C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [27/08/2017 13:39:09] CPU Usage:0 % 3580 | [Owner : Système | Parent : 976(services.exe) | ?????] - (.Microsoft Corporation - Windows Security Health Service.) - (4.13.17134.191) = C:\Windows\System32\SecurityHealthService.exe [05/09/2018 23:32:48] CPU Usage:0 % 3588 | [Owner : SERVICE LOCAL | Parent : 976(services.exe) | 13.57 Mo] - (.Electronic Arts - OriginWebHelperService.) - (10.5.21.179) = C:\Program Files (x86)\Origin\OriginWebHelperService.exe [18/11/2017 17:09:45] CPU Usage:0 % 3596 | [Owner : Système | Parent : 976(services.exe) | 21.37 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 3612 | [Owner : Système | Parent : 976(services.exe) | 8.9 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 3852 | [Owner : SERVICE RÉSEAU | Parent : 976(services.exe) | 7.1 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 4076 | [Owner : SERVICE LOCAL | Parent : 976(services.exe) | 5.45 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 4116 | [Owner : Système | Parent : 976(services.exe) | 12.93 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 4176 | [Owner : Système | Parent : 976(services.exe) | 5.82 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 4232 | [Owner : Système | Parent : 976(services.exe) | 12.65 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 5076 | [Owner : Système | Parent : 976(services.exe) | 70.34 Mo] - (.Bitex Group LTD -.) - (3.0.0.8) = C:\Windows\SecSrv\prx.exe [14/11/2016 00:58:58] CPU Usage:0 % 4156 | [Owner : SERVICE RÉSEAU | Parent : 676(svchost.exe) | 14.44 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.17134.1) = C:\Windows\System32\wbem\WmiPrvSE.exe [12/04/2018 00:34:40] CPU Usage:0 % 5348 | [Owner : Système | Parent : 976(services.exe) | 31.23 Mo] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.17134.228) = C:\Windows\System32\SearchIndexer.exe [05/09/2018 23:32:49] CPU Usage:0 % 5952 | [Owner : famille penaib | Parent : 3420(servicehost.exe) | 49.51 Mo] - (.McAfee, Inc. - McAfee WebAdvisor.) - (4.1.0.19) = C:\Program Files\McAfee\WebAdvisor\uihost.exe [20/02/2019 12:57:05] CPU Usage:0 % 5960 | [Owner : famille penaib | Parent : 3552(unchecky_svc.exe) | 9.08 Mo] - (.Reason Software Company Inc. - Unchecky Background Process.) - (1.2.0.0) = C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe [27/08/2017 13:39:09] CPU Usage:0 % 5124 | [Owner : famille penaib | Parent : 1888(svchost.exe) | 26.72 Mo] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.17134.1) = C:\Windows\System32\sihost.exe [12/04/2018 00:34:12] CPU Usage:0 % 1660 | [Owner : famille penaib | Parent : 976(services.exe) | 16.06 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 6224 | [Owner : famille penaib | Parent : 976(services.exe) | 41.54 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 6288 | [Owner : famille penaib | Parent : 1484(svchost.exe) | 30.47 Mo] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.17134.1) = C:\Windows\System32\taskhostw.exe [12/04/2018 00:34:37] CPU Usage:0 % 6380 | [Owner : Système | Parent : 976(services.exe) | 19.24 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 6424 | [Owner : Système | Parent : 3460(secmgr.exe) | 10.09 Mo] - (.GleenHook - winmvt.exe.) - (2.6.0.0) = C:\Windows\SecSrv\winmvt32.exe [14/11/2016 00:58:58] CPU Usage:0 % 6548 | [Owner : SERVICE LOCAL | Parent : 976(services.exe) | 6.36 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 6616 | [Owner : Système | Parent : 976(services.exe) | 8.12 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 6724 | [Owner : famille penaib | Parent : 6616(svchost.exe) | 14.79 Mo] - (.Microsoft Corporation - Chargeur CTF.) - (10.0.17134.1) = C:\Windows\System32\ctfmon.exe [12/04/2018 00:34:37] CPU Usage:0 % 7032 | [Owner : famille penaib | Parent : 6976() | 133.52 Mo] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.17134.165) = C:\Windows\explorer.exe [05/09/2018 23:33:12] CPU Usage:0 % 7592 | [Owner : famille penaib | Parent : 676(svchost.exe) | 97.71 Mo] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.17134.1) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [12/04/2018 00:33:58] CPU Usage:0 % 7788 | [Owner : famille penaib | Parent : 676(svchost.exe) | 116.58 Mo] - (.Microsoft Corporation - Search and Cortana application.) - (10.0.17134.228) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [05/09/2018 23:33:23] CPU Usage:0 % 8140 | [Owner : famille penaib | Parent : 676(svchost.exe) | 29.62 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.17134.1) = C:\Windows\System32\RuntimeBroker.exe [12/04/2018 00:34:06] CPU Usage:0 % 8276 | [Owner : famille penaib | Parent : 676(svchost.exe) | 20.54 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.17134.1) = C:\Windows\System32\RuntimeBroker.exe [12/04/2018 00:34:06] CPU Usage:0 % 8604 | [Owner : famille penaib | Parent : 676(svchost.exe) | 41.34 Mo] - (.Microsoft Corporation - Windows Defender SmartScreen.) - (10.0.17134.137) = C:\Windows\System32\smartscreen.exe [05/09/2018 23:33:07] CPU Usage:0 % 8684 | [Owner : SERVICE LOCAL | Parent : 976(services.exe) | 13.38 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 9080 | [Owner : famille penaib | Parent : 676(svchost.exe) | 26.85 Mo] - (.-.) - (12.1815.210.0) = C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe [06/09/2018 00:24:59] CPU Usage:0 % 9088 | [Owner : Système | Parent : 976(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 9208 | [Owner : famille penaib | Parent : 676(svchost.exe) | 24.63 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.17134.1) = C:\Windows\System32\RuntimeBroker.exe [12/04/2018 00:34:06] CPU Usage:0 % 9520 | [Owner : Système | Parent : 6272() | 1.05 Mo] - (.Google Inc. - Google Crash Handler.) - (1.3.33.23) = C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe [20/12/2018 15:58:52] CPU Usage:0 % 9792 | [Owner : famille penaib | Parent : 676(svchost.exe) | 12.47 Mo] - (.-.) - (10.18071.1181.0) = C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18071.11811.0_x64__8wekyb3d8bbwe\Video.UI.exe [06/09/2018 00:27:19] CPU Usage:0 % 9860 | [Owner : Système | Parent : 6272() | 0.46 Mo] - (.Google Inc. - Google Crash Handler.) - (1.3.33.23) = C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe [20/12/2018 15:58:52] CPU Usage:0 % 10000 | [Owner : famille penaib | Parent : 976(services.exe) | 24.56 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 10132 | [Owner : SERVICE LOCAL | Parent : 976(services.exe) | 14.44 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 10024 | [Owner : famille penaib | Parent : 7032(explorer.exe) | 9.3 Mo] - (.Microsoft Corporation - Windows Defender notification icon.) - (4.13.17134.1) = C:\Program Files\Windows Defender\MSASCuiL.exe [12/04/2018 00:33:58] CPU Usage:0 % 8572 | [Owner : famille penaib | Parent : 7032(explorer.exe) | 12.84 Mo] - (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) - (1.0.483.0) = C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [02/08/2016 21:37:27] CPU Usage:0 % 10272 | [Owner : SERVICE LOCAL | Parent : 976(services.exe) | 6.76 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 10348 | [Owner : famille penaib | Parent : 676(svchost.exe) | 8.23 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.17134.1) = C:\Windows\System32\RuntimeBroker.exe [12/04/2018 00:34:06] CPU Usage:0 % 10428 | [Owner : famille penaib | Parent : 676(svchost.exe) | 16.24 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.17134.1) = C:\Windows\System32\RuntimeBroker.exe [12/04/2018 00:34:06] CPU Usage:0 % 10496 | [Owner : Système | Parent : 976(services.exe) | 5.72 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 10540 | [Owner : Système | Parent : 976(services.exe) | 7.91 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 10548 | [Owner : famille penaib | Parent : 7032(explorer.exe) | 21.1 Mo] - (.NVIDIA Corporation - NVIDIA Backend.) - (20.16.5.0) = C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [02/08/2016 11:45:41] CPU Usage:0 % 11036 | [Owner : Système | Parent : 976(services.exe) | 33.49 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 11100 | [Owner : SERVICE RÉSEAU | Parent : 976(services.exe) | 33.12 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 9556 | [Owner : famille penaib | Parent : 7032(explorer.exe) | 50.62 Mo] - (.Microsoft Corporation - Microsoft OneDrive.) - (19.12.121.11) = C:\Users\famille penaib\AppData\Local\Microsoft\OneDrive\OneDrive.exe [13/08/2016 14:40:45] CPU Usage:0 % 11260 | [Owner : Système | Parent : 976(services.exe) | 14.46 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 11432 | [Owner : famille penaib | Parent : 7032(explorer.exe) | 16.98 Mo] - (.Hewlett-Packard Development Company, LP - ScanToPCActivationApp.) - (36.0.72.54013) = C:\Program Files\HP\HP ENVY 4520 series\Bin\ScanToPCActivationApp.exe [09/03/2015 13:47:52] CPU Usage:0 % 11552 | [Owner : famille penaib | Parent : 676(svchost.exe) | 12.17 Mo] - (.Hewlett-Packard Development Company, LP - HPNetworkCommunicatorCom.) - (36.0.72.54013) = C:\Program Files\HP\HP ENVY 4520 series\Bin\HPNetworkCommunicatorCom.exe [09/03/2015 13:20:52] CPU Usage:0 % 888 | [Owner : famille penaib | Parent : 7032(explorer.exe) | 55.18 Mo] - (.Microsoft Corporation - Internet Explorer.) - (11.0.17134.1) = C:\Program Files\internet explorer\iexplore.exe [12/04/2018 17:19:11] CPU Usage:0 % 11232 | [Owner : famille penaib | Parent : 888(iexplore.exe) | 241.28 Mo] - (.Microsoft Corporation - Internet Explorer.) - (11.0.17134.1) = C:\Program Files (x86)\Internet Explorer\iexplore.exe [12/04/2018 17:19:11] CPU Usage:8 % 1652 | [Owner : famille penaib | Parent : 11020() | 67.97 Mo] - (.Adobe Systems Incorporated - Adobe Creative Cloud.) - (4.1.1.202) = C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [04/06/2017 06:19:38] CPU Usage:0 % 11980 | [Owner : famille penaib | Parent : 1652(Creative Cloud.exe) | 11.56 Mo] - (.Adobe Systems Incorporated - Adobe IPC Broker.) - (5.4.0.12) = C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe [14/02/2017 10:41:16] CPU Usage:0 % 12176 | [Owner : famille penaib | Parent : 888(iexplore.exe) | 122.28 Mo] - (.Microsoft Corporation - Internet Explorer.) - (11.0.17134.1) = C:\Program Files (x86)\Internet Explorer\iexplore.exe [12/04/2018 17:19:11] CPU Usage:0 % 12096 | [Owner : famille penaib | Parent : 888(iexplore.exe) | 272.66 Mo] - (.Microsoft Corporation - Internet Explorer.) - (11.0.17134.1) = C:\Program Files (x86)\Internet Explorer\iexplore.exe [12/04/2018 17:19:11] CPU Usage:0 % 8732 | [Owner : famille penaib | Parent : 11020() | 8.03 Mo] - (.Oracle Corporation - Java Update Scheduler.) - (2.8.131.11) = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [15/03/2017 01:43:06] CPU Usage:0 % 13036 | [Owner : famille penaib | Parent : 1652(Creative Cloud.exe) | 44.72 Mo] - (.Adobe Systems Incorporated - Creative Cloud.) - (4.1.1.202) = C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe [04/06/2017 06:19:38] CPU Usage:0 % 13100 | [Owner : famille penaib | Parent : 1652(Creative Cloud.exe) | 59.18 Mo] - (.Adobe Systems Incorporated - Adobe CEF Helper.) - (4.1.1.202) = C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe [04/06/2017 06:19:38] CPU Usage:0 % 12564 | [Owner : famille penaib | Parent : 13036(Adobe Desktop Service.exe) | 29.69 Mo] - (.- Core Sync.) - (2.4.1.509) = C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe [15/05/2017 01:38:02] CPU Usage:0 % 12684 | [Owner : famille penaib | Parent : 13036(Adobe Desktop Service.exe) | 5.96 Mo] - (.Adobe Systems Incorporated - CCXProcess.) - (2.0.0.384) = C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe [04/06/2017 06:47:46] CPU Usage:0 % 11096 | [Owner : famille penaib | Parent : 12684(CCXProcess.exe) | 59.98 Mo] - (.Node.js - Node.js: Server-side JavaScript.) - (6.9.2.0) = C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe [19/12/2016 16:35:00] CPU Usage:0 % 13296 | [Owner : famille penaib | Parent : 11096(node.exe) | 8.45 Mo] - (.Microsoft Corporation - Hôte de la fenêtre de la console.) - (10.0.17134.1) = C:\Windows\System32\conhost.exe [12/04/2018 00:34:20] CPU Usage:0 % 12568 | [Owner : famille penaib | Parent : 1652(Creative Cloud.exe) | 62.76 Mo] - (.Adobe Systems Incorporated - Adobe CEF Helper.) - (4.1.1.202) = C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe [04/06/2017 06:19:38] CPU Usage:0 % 13700 | [Owner : SERVICE LOCAL | Parent : 2656(svchost.exe) | 15.51 Mo] - (.Microsoft Corporation - Isolation graphique de périphérique audio Windows.) - (10.0.17134.137) = C:\Windows\System32\audiodg.exe [05/09/2018 23:32:54] CPU Usage:0 % 6712 | [Owner : SERVICE LOCAL | Parent : 976(services.exe) | 8.66 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 6008 | [Owner : famille penaib | Parent : 676(svchost.exe) | 30.32 Mo] - (.Microsoft Corporation - Office Hub Task Host.) - (16.0.10314.33875) = C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.0_x64__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe [06/09/2018 00:33:35] CPU Usage:0 % 14028 | [Owner : famille penaib | Parent : 676(svchost.exe) | 12.12 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.17134.1) = C:\Windows\System32\RuntimeBroker.exe [12/04/2018 00:34:06] CPU Usage:0 % 3112 | [Owner : famille penaib | Parent : 676(svchost.exe) | 14.81 Mo] - (.Adobe Systems Incorporated - Adobe® Flash® Player Utility.) - (29.0.0.140) = C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe [12/04/2018 00:33:52] CPU Usage:0 % 1464 | [Owner : famille penaib | Parent : 676(svchost.exe) | 10.87 Mo] - (.Microsoft Corporation - COM Surrogate.) - (10.0.17134.1) = C:\Windows\System32\dllhost.exe [12/04/2018 00:34:22] CPU Usage:0 % 8384 | [Owner : Système | Parent : 976(services.exe) | 18.48 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 14332 | [Owner : SERVICE LOCAL | Parent : 976(services.exe) | 7.28 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 10356 | [Owner : Système | Parent : 976(services.exe) | 47.12 Mo] - (.HP Inc. - HP Support Solutions Framework Service.) - (8.10.49.21) = C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [04/07/2016 06:12:08] CPU Usage:0 % 12276 | [Owner : Système | Parent : 976(services.exe) | ?????] - (.Microsoft Corporation - Service Broker du moniteur d'exécution System Guard.) - (10.0.17134.1) = C:\Windows\System32\SgrmBroker.exe [12/04/2018 00:34:04] CPU Usage:0 % 10424 | [Owner : SERVICE LOCAL | Parent : 976(services.exe) | 9.84 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 8820 | [Owner : Système | Parent : 5348(SearchIndexer.exe) | 11.13 Mo] - (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) - (7.0.17134.228) = C:\Windows\System32\SearchProtocolHost.exe [05/09/2018 23:32:39] CPU Usage:0 % 12256 | [Owner : Système | Parent : 5348(SearchIndexer.exe) | 6.12 Mo] - (.Microsoft Corporation - Microsoft Windows Search Filter Host.) - (7.0.17134.1) = C:\Windows\System32\SearchFilterHost.exe [12/04/2018 00:34:08] CPU Usage:0 % 2548 | [Owner : Système | Parent : 976(services.exe) | 8.5 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 7384 | [Owner : famille penaib | Parent : 11036(svchost.exe) | 11.19 Mo] - (.Microsoft Corporation - MusNotifyIcon.exe.) - (10.0.17134.137) = C:\Windows\System32\MusNotifyIcon.exe [05/09/2018 23:32:40] CPU Usage:0 % 3656 | [Owner : famille penaib | Parent : 676(svchost.exe) | 26.36 Mo] - (.Microsoft Corporation - Application Frame Host.) - (10.0.17134.1) = C:\Windows\System32\ApplicationFrameHost.exe [12/04/2018 00:34:18] CPU Usage:0 % 13300 | [Owner : famille penaib | Parent : 676(svchost.exe) | 75.56 Mo] - (.Microsoft Corporation - Paramètres.) - (10.0.17134.112) = C:\Windows\ImmersiveControlPanel\SystemSettings.exe [05/09/2018 23:32:38] CPU Usage:0 % 14044 | [Owner : famille penaib | Parent : 976(services.exe) | 11.66 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 3568 | [Owner : Système | Parent : 976(services.exe) | 14.4 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 7872 | [Owner : Système | Parent : 976(services.exe) | 6.16 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe [12/04/2018 00:34:22] CPU Usage:0 % 11440 | [Owner : famille penaib | Parent : 7032(explorer.exe) | 60.98 Mo] - (.SosVirus - QuickDiag.) - (27.2.19.1) = C:\Users\famille penaib\Downloads\QuickDiag (1).exe [17/03/2019 16:33:39] CPU Usage:0 % 2672 | [Owner : Système | Parent : 676(svchost.exe) | 8.4 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.17134.1) = C:\Windows\System32\wbem\WmiPrvSE.exe [12/04/2018 00:34:40] CPU Usage:0 % 13176 | [Owner : SERVICE RÉSEAU | Parent : 676(svchost.exe) | 9.53 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.17134.1) = C:\Windows\SysWOW64\wbem\WmiPrvSE.exe [12/04/2018 00:34:55] CPU Usage:0 % ---------- | Locked Applications [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{f9e93b39-49d1-4179-9848-a5a2896955ea}] - () - (%systemroot%\system32\mrt.exe) ---------- | Explorer.exe Modules (Microsoft Files Whitelisted) (.HP Inc..-.HP DeskBand.) - (8.2.4.0) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFTaskbar.dll (..-..) - (0.0.0.0) -- C:\Windows\System32\InputHost.dll (.NVIDIA Corporation.-.NVIDIA Driver Loader, Version 388.13.) - (23.21.13.8813) -- C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_2e7fa54192fe16d0\nvldumdx.dll (.NVIDIA Corporation.-.NVIDIA D3D10 Driver, Version 388.13.) - (23.21.13.8813) -- C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_2e7fa54192fe16d0\nvwgf2umx_cfg.dll (..-.Core Sync.) - (2.4.1.525) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll (.NVIDIA Corporation.-.NVIDIA Capture Server Proxy.) - (2.11.3.5) -- C:\WINDOWS\system32\nvspcap64.dll (..-..) - (0.0.0.0) -- C:\Windows\ShellExperiences\TileControl.dll (..-..) - (0.0.0.0) -- C:\Windows\ShellComponents\TaskFlowUI.dll ---------- | Winlogon.exe Modules (Microsoft Files Whitelisted) ---------- | svchost.exe Modules (Microsoft Files Whitelisted) (.SQLite Development Team.-.SQLite is a software library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine..) - (3.21.0.0) -- c:\windows\system32\winsqlite3.dll (.Hewlett-Packard.-.Hewlett-Packard WIA 2.0 scanner driver.) - (36.0.153.24158) -- C:\WINDOWS\system32\HPWia2_EN4520.dll (.Hewlett-Packard Development Company, LP.-.HPScanTRDrv Module.) - (36.0.34.53151) -- C:\WINDOWS\system32\HPScanTRDrv_EN4520.dll (..-..) - (0.0.0.0) -- C:\Windows\System32\InputHost.dll (..-..) - (0.0.0.0) -- c:\windows\system32\FaceProcessor.dll (..-..) - (0.0.0.0) -- c:\windows\system32\FaceProcessorCore.dll (..-..) - (0.0.0.0) -- c:\windows\system32\FaceTrackerInternal.dll ---------- | ZeroAccess Check [HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll [HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll [HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll ---------- | Startings up OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-19\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE LOCAL OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-20\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE RÉSEAU Xfire - (Xfire.lnk [Startup]) - User: DESKTOP-GCRG7F9\famille penaib OneDrive - ("C:\Users\famille penaib\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\SOFTWARE\...\Run]) - User: DESKTOP-GCRG7F9\famille penaib Steam - ("C:\Program Files (x86)\Steam\steam.exe" -silent [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\SOFTWARE\...\Run]) - User: DESKTOP-GCRG7F9\famille penaib HP ENVY 4520 series (NET) - ("C:\Program Files\HP\HP ENVY 4520 series\Bin\ScanToPCActivationApp.exe" -deviceID "TH5BG3K18Y0660:NW" -scfn "HP ENVY 4520 series (NET)" -AutoStart 1 [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\SOFTWARE\...\Run]) - User: DESKTOP-GCRG7F9\famille penaib BlueStacks Agent - (C:\Program Files (x86)\BlueStacks\HD-Agent.exe [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\SOFTWARE\...\Run]) - User: DESKTOP-GCRG7F9\famille penaib EADM - ("C:\Program Files (x86)\Origin\Origin.exe" -AutoStart [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\SOFTWARE\...\Run]) - User: DESKTOP-GCRG7F9\famille penaib SecurityHealth - (%ProgramFiles%\Windows Defender\MSASCuiL.exe [HKLM\SOFTWARE\...\Run]) - User: Public RTHDVCPL - ("C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s [HKLM\SOFTWARE\...\Run]) - User: Public NvBackend - ("C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [HKLM\SOFTWARE\...\Run]) - User: Public ShadowPlay - ("C:\windows\system32\rundll32.exe" C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart [HKLM\SOFTWARE\...\Run]) - User: Public AdobeAAMUpdater-1.0 - ("C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [HKLM\SOFTWARE\...\Run]) - User: Public AdobeGCInvoker-1.0 - ("C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe" [HKLM\SOFTWARE\...\Run]) - User: Public [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\Microsoft\Command Processor] "CompletionChar"=9 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=9 [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\Microsoft\Windows\CurrentVersion\Run] "OneDrive"="C:\Users\famille penaib\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background "Steam"="C:\Program Files (x86)\Steam\steam.exe" -silent "HP ENVY 4520 series (NET)"="C:\Program Files\HP\HP ENVY 4520 series\Bin\ScanToPCActivationApp.exe" -deviceID "TH5BG3K18Y0660:NW" -scfn "HP ENVY 4520 series (NET)" -AutoStart 1 "BlueStacks Agent"=C:\Program Files (x86)\BlueStacks\HD-Agent.exe [06/05/2017 13:56:01] "EADM"="C:\Program Files (x86)\Origin\Origin.exe" -AutoStart [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run] "OneDrive"=0x020000000000000000000000 "HP ENVY 4520 series (NET)"=0x020000000000000000000000 "Steam"=0x020000000000000000000000 "CCleaner Monitoring"=0x020000000000000000000000 "BlueStacks Agent"=0x0300000049AFB7B1254CD301 "EADM"=0x020000000000000000000000 "WallpaperHd"=0x020000000000000000000000 [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RunMRU] "a"=msconfig\1 "MRUList"=ba "b"=regedit\1 [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "Device"=HP ENVY 4520 series (réseau),winspool,Ne02: "IsMRUEstablished"=1 "LegacyDefaultPrinterMode"=1 [HKLM\Software\Microsoft\Command Processor] "DefaultColor"=0 "EnableExtensions"=1 "CompletionChar"=64 "PathCompletionChar"=64 [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "SecurityHealth"=%ProgramFiles%\Windows Defender\MSASCuiL.exe "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s "NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" "ShadowPlay"="C:\windows\system32\rundll32.exe" C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart "AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" "AdobeGCInvoker-1.0"="C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe" [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run] "SecurityHealth"=0x060000000000000000000000 "RTHDVCPL"=0x060000000000000000000000 "NvBackend"=0x020000000000000000000000 "ShadowPlay"=0x020000000000000000000000 "AdobeAAMUpdater-1.0"=0x020000000000000000000000 "AvastUI.exe"=0x020000000000000000000000 "AdobeGCInvoker-1.0"=0x020000000000000000000000 "WinZip UN"=0x020000000000000000000000 "WinZip PreLoader"=0x020000000000000000000000 "WinZip FAH"=0x020000000000000000000000 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32] "SunJavaUpdateSched"=0x020000000000000000000000 "Adobe Creative Cloud"=0x020000000000000000000000 "AVGUI.exe"=0x020000000000000000000000 [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] ""=mnmsrvc "AppInit_DLLs"= "DdeSendTimeout"=0 "DesktopHeapLogging"=1 "DeviceNotSelectedTimeout"=15 "DwmInputUsesIoCompletionPort"=1 "EnableDwmInputProcessing"=7 "GDIProcessHandleQuota"=10000 "IconServiceLib"=IconCodecService.dll "LoadAppInit_DLLs"=0 "NaturalInputHandler"=Ninput.dll "ShutdownWarningDialogTimeout"=4294967295 "Spooler"=yes "ThreadUnresponsiveLogTimeout"=500 "TransmissionRetryTimeout"=90 "USERNestedWindowLimit"=50 "USERPostMessageLimit"=10000 "USERProcessHandleQuota"=10000 "Win32kLastWriteTime"=1D3D1ED98C0F7D8 [HKLM\Software\WOW6432Node\Microsoft\Command Processor] "CompletionChar"=9 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=9 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe Creative Cloud"="C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "AVGUI.exe"="C:\Program Files\AVG\Antivirus\AvLaunch.exe" /gui [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows] ""=mnmsrvc "AppInit_DLLs"= "DdeSendTimeout"=0 "DesktopHeapLogging"=1 "DeviceNotSelectedTimeout"=15 "DwmInputUsesIoCompletionPort"=1 "EnableDwmInputProcessing"=7 "GDIProcessHandleQuota"=10000 "IconServiceLib"=IconCodecService.dll "LoadAppInit_DLLs"=0 "NaturalInputHandler"=Ninput.dll "ShutdownWarningDialogTimeout"=4294967295 "Spooler"=yes "ThreadUnresponsiveLogTimeout"=500 "TransmissionRetryTimeout"=90 "USERNestedWindowLimit"=50 "USERPostMessageLimit"=10000 "USERProcessHandleQuota"=10000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED} ---------- | Win.ini : ---------- | System.ini : ---------- | Tasks List Adobe Acrobat Update Task AdobeAAMUpdater-1.0-DESKTOP-GCRG7F9-famille penaib AdobeGCInvoker-1.0-DESKTOP-GCRG7F9-famille penaib CCleanerSkipUAC GoogleUpdateTaskMachineCore GoogleUpdateTaskMachineUA HPCeeScheduleForfamille penaib OneDrive Standalone Update Task-S-1-5-21-2558606646-2195665510-3164333630-1002 Opera scheduled Autoupdate 1549109994 User_Feed_Synchronization-{1778857C-5434-4BE8-8CE2-140E4B404218} Win Tonic Win Tonic_Logon {9A7AEA18-34EC-432B-B90B-D8C5EFC13F29} ---------- | Startings up registry ¦ Folder ---------- | Control - lsa - SecurityProviders - Session Manager - Terminal Server [HKLM\System\CurrentControlSet\Control] "BootDriverFlags"=28 "CurrentUser"=USERNAME "EarlyStartServices"=RpcSs Power BrokerInfrastructure SystemEventsBroker DcomLaunch RpcEpMapper LSM AppIdSvc "PreshutdownOrder"=UsoSvc DeviceInstall gpsvc trustedinstaller "SvcHostSplitThresholdInKB"=3670016 "WaitToKillServiceTimeout"=2000 "SystemStartOptions"= NOEXECUTE=OPTIN "SystemBootDevice"=multi(0)disk(0)rdisk(0)partition(3) "FirmwareBootDevice"=multi(0)disk(0)rdisk(0)partition(1) "LastBootSucceeded"=1 "LastBootShutdown"=1 "DirtyShutdownCount"=25 [HKLM\System\CurrentControlSet\Control\lsa] "auditbasedirectories"=0 "auditbaseobjects"=0 "Bounds"=0x0030000000200000 "crashonauditfail"=0 "LimitBlankPasswordUse"=1 "NoLmHash"=1 "Security Packages"="" [13/08/2016 14:39:01] "Notification Packages"=scecli "Authentication Packages"=msv1_0 "disabledomaincreds"=0 "everyoneincludesanonymous"=0 "forceguest"=0 "fullprivilegeauditing"=0xC0 "LsaPid"=1016 "ProductType"=3 "restrictanonymous"=0 "restrictanonymoussam"=1 "SecureBoot"=1 [HKLM\System\CurrentControlSet\Control\SecurityProviders] "SecurityProviders"=credssp.dll [HKLM\System\CurrentControlSet\Control\Session Manager] "AutoChkTimeout"=8 "BootExecute"=autocheck autochk * "BootShell"=%SystemRoot%\system32\bootim.exe "CriticalSectionTimeout"=2592000 "ExcludeFromKnownDlls"= "GlobalFlag"=0 "HeapDeCommitFreeBlockThreshold"=0 "HeapDeCommitTotalFreeThreshold"=0 "HeapSegmentCommit"=0 "HeapSegmentReserve"=0 "InitConsoleFlags"=0 "NumberOfInitialSessions"=2 "ObjectDirectories"=\Windows \RPC Control "ProcessorControl"=2 "ProtectionMode"=1 "RunLevelExecute"=WinInit ServiceControlManager "RunLevelValidate"=ServiceControlManager "SETUPEXECUTE"= "AutoChkSkipSystemPartition"=0 "ResourceTimeoutCount"=648000 [HKLM\System\CurrentControlSet\Control\Terminal Server] "AllowRemoteRPC"=0 "DelayConMgrTimeout"=0 "DeleteTempDirsOnExit"=1 "fDenyTSConnections"=1 "fSingleSessionPerUser"=1 "NotificationTimeOut"=0 "PerSessionTempDir"=0 "ProductVersion"=5.1 "RCDependentServices"=CertPropSvc SessionEnv "SnapshotMonitors"=1 "StartRCM"=0 "TSUserEnabled"=0 "InstanceID"=69565c2e-bbe7-46f1-a5e0-27bb9af "GlassSessionId"=1 ---------- | .LNK with Arguments ---------- | AppCertDlls ---------- | Dnsapi.dll C:\WINDOWS\System32\dnsapi.dll -> OK : \drivers\etc\hosts C:\WINDOWS\SysWOW64\dnsapi.dll -> OK : \drivers\etc\hosts ---------- | Policies | Registry [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Control Panel\Desktop] "ActiveWndTrackTimeout"=0 "BlockSendInputResets"=0 "CaretTimeout"=5000 "CaretWidth"=1 "ClickLockTime"=1200 "CoolSwitchColumns"=7 "CoolSwitchRows"=3 "CursorBlinkRate"=530 "DockMoving"=1 "DragFromMaximize"=1 "DragFullWindows"=1 "DragHeight"=4 "DragWidth"=4 "FocusBorderHeight"=1 "FocusBorderWidth"=1 "FontSmoothing"=2 "FontSmoothingGamma"=0 "FontSmoothingOrientation"=1 "FontSmoothingType"=2 "ForegroundFlashCount"=7 "ForegroundLockTimeout"=200000 "LeftOverlapChars"=3 "MenuShowDelay"=400 "MouseWheelRouting"=2 "PaintDesktopVersion"=0 "Pattern"=0 "RightOverlapChars"=3 "ScreenSaveActive"=1 "SnapSizing"=1 "TileWallpaper"=0 "WallPaper"=C:\windows\web\wallpaper\Windows\img0.jpg [12/04/2018 00:33:58] "WallpaperOriginX"=0 "WallpaperOriginY"=0 "WallpaperStyle"=10 "WheelScrollChars"=3 "WheelScrollLines"=3 "WindowArrangementActive"=1 "Win8DpiScaling"=0 "DpiScalingVer"=4096 "UserPreferencesMask"=0x9E1E078012000000 "MaxVirtualDesktopDimension"=1680 "MaxMonitorDimension"=1680 "TranscodedImageCount"=1 "LastUpdated"=4294967295 "TranscodedImageCache"=0x7AC301002B73030080070000B0040000F5DD7690EDD1D30143003A005C00770069006E0064006F00770073005C007700650062005C00770061006C006C00700061007000650072005C00570069006E0064006F00770073005C0069006D00670030002E006A007000670000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 "PreferredUILanguages"=fr-FR "WaitToKillAppTimeout"=2000 "HungAppTimeout"=2000 [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{0E270DAA-1BE6-48F2-AC49-4A370362EFA3}"=1 "{018D5C66-4533-4307-9B53-224DE2ED1FE6}"=1 [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\Microsoft\Windows\CurrentVersion\Explorer] "ShellState"=0x240000003D28000000000000000000000000000001000000130000000000000062000000 "ExplorerStartupTraceRecorded"=1 "UserSignedIn"=1 "SlowContextMenuEntries"=0xB183204722C5CF11876300608CC02F24D007000048AD48FFC7746042B385FAEB80947450EC2C0000FB9A790967ADD111ABCD00C04FC30936910F00006024B221EA3A6910A2DC08002B30309DA1070000217977A3D3CF6B4A89BF08E6B95716E8140F0000 "SIDUpdatedOnLibraries"=1 "LocalKnownFoldersMigrated"=1 "TelemetrySalt"=2 "GlobalAssocChangedCounter"=499 "FirstRunTelemetryComplete"=1 "AppReadinessLogonComplete"=1 "PostAppInstallTasksCompleted"=1 "link"=0x15000000 [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_SearchFiles"=2 "ServerAdminUI"=0 "Hidden"=1 "ShowCompColor"=1 "HideFileExt"=1 "DontPrettyPath"=0 "ShowInfoTip"=1 "HideIcons"=0 "MapNetDrvBtn"=0 "WebView"=1 "Filter"=0 "ShowSuperHidden"=0 "SeparateProcess"=0 "AutoCheckSelect"=0 "IconsOnly"=0 "ShowTypeOverlay"=1 "ShowStatusBar"=1 "ListviewAlphaSelect"=1 "ListviewShadow"=1 "TaskbarAnimations"=1 "StoreAppsOnTaskbar"=1 "EnableStartMenu"=1 "StartMenuInit"=13 "ReindexedProfile"=1 "TaskbarStateLastRun"=0x8B43855C00000000 [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\WordWheelQuery] "MRUListEx"=0x0400000003000000020000000100000000000000FFFFFFFF "0"=0x6D006100630072006F006E000000 "1"=0x700072006500730069000000 "2"=0x6E006F007500760065006C006C0065000000 "3"=0x6D0069006E000000 "4"=0x6D006100730073000000 [HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers] "authenticodeenabled"=0 "DefaultLevel"=262144 "TransparentEnabled"=1 "PolicyScope"=0 "ExecutableTypes"=ADE ADP BAS BAT CHM CMD COM CPL CRT EXE HLP HTA INF INS ISP LNK MDB MDE MSC MSI MSP MST OCX PCD PIF REG SCR SHS URL VB WSC [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "DSCAutomationHostEnabled"=2 "EnableCursorSuppression"=1 "EnableFullTrustStartupTasks"=2 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableUwpStartupTasks"=2 "EnableVirtualization"=1 "PromptOnSecureDesktop"=1 "SupportFullTrustStartupTasks"=1 "SupportUwpStartupTasks"=1 "ValidateAdminCodeSignatures"=0 "undockwithoutlogon"=1 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "ForceActiveDesktopOn"=0 "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "NoRecentDocsHistory"=0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoAddingComponents"=1 "NoComponents"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "CheckedValue"=1 "DefaultValue"=2 "HKeyRoot"=2147483649 "Id"=2 "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "ValueName"=Hidden [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer] "ActiveSetupDisabled"=0 "ActiveSetupTaskOverride"=1 "AsyncRunOnce"=1 "AsyncUpdatePCSettings"=1 "DisableAppInstallsOnFirstLogon"=1 "DisableResolveStoreCategories"=1 "DisableUpgradeCleanup"=1 "EarlyAppResolverStart"=1 "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "FSIASleepTimeInMs"=60000 "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "IconUnderline"=2 "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "MachineOobeUpdates"=1 "NoWaitOnRoamingPayloads"=1 "TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd} "SmartScreenEnabled"=Warn "GlobalAssocChangedCounter"=6 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_TrackDocs"=1 "TaskbarSizeMove"=0 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s [HKLM\Software\WOW6432Node\Policies\Microsoft\Windows\Safer\CodeIdentifiers] "authenticodeenabled"=0 "DefaultLevel"=262144 "TransparentEnabled"=1 "PolicyScope"=0 "ExecutableTypes"=ADE ADP BAS BAT CHM CMD COM CPL CRT EXE HLP HTA INF INS ISP LNK MDB MDE MSC MSI MSP MST OCX PCD PIF REG SCR SHS URL VB WSC [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "DSCAutomationHostEnabled"=2 "EnableCursorSuppression"=1 "EnableFullTrustStartupTasks"=2 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableUwpStartupTasks"=2 "EnableVirtualization"=1 "PromptOnSecureDesktop"=1 "SupportFullTrustStartupTasks"=1 "SupportUwpStartupTasks"=1 "ValidateAdminCodeSignatures"=0 "undockwithoutlogon"=1 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer] "ForceActiveDesktopOn"=0 "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "NoRecentDocsHistory"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoAddingComponents"=1 "NoComponents"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "CheckedValue"=1 "DefaultValue"=2 "HKeyRoot"=2147483649 "Id"=2 "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "ValueName"=Hidden [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer] "ActiveSetupDisabled"=0 "ActiveSetupTaskOverride"=1 "AsyncRunOnce"=1 "AsyncUpdatePCSettings"=1 "DisableAppInstallsOnFirstLogon"=1 "DisableResolveStoreCategories"=1 "DisableUpgradeCleanup"=1 "EarlyAppResolverStart"=1 "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "FSIASleepTimeInMs"=60000 "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "IconUnderline"=2 "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "MachineOobeUpdates"=1 "NoWaitOnRoamingPayloads"=1 "TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd} "GlobalAssocChangedCounter"=16 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_TrackDocs"=1 "TaskbarSizeMove"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s ---------- | Winlogon [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin;OneDrive;Work Folders "PUUActive"=0x0EFB17D002001800E300E40239CE1F00F5EF2100F5EF2100D200000002003400285AEFCBD0612E01EA4C66005D9E160060530F008E020F0000000000ACD52B006E870000BF0700007F9610A3D6DCD4015D07330000000000010000005D073300EE42000059000000E9C0010000000000 "BuildNumber"=17134 "FirstLogon"=0 "DP"=0xD200E80028011800E10000000EFB17D006263800000000009C91915ED6DCD401678943CDCDDCD401CC010F002C78070000000000C7A90100000000000000000080AE00000000000000000000000000000000000000000000000000000000F03F80510100F3D60080A604A230A685BA31A92101C0202B2201202B6201AF2301C02856004C2B76004C6A890080A0842B28A084AB290D290180A0C0423AE0C04A3E223B01800040044000DD8444C23E00802000A1402009A152964B01008CA2421ACCE2423EB94D018003A0024843A0024B6A53008005F0130825F293085B780080C1009003FB429803 "ParseAutoexec"=1 [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "AutoRestartShell"=1 "Background"=0 0 0 "CachedLogonsCount"=10 "DebugServerCommand"=no "DefaultDomainName"= "DisableBackButton"=1 "EnableSIHostIntegration"=1 "ForceUnlockLogon"=0 "LegalNoticeCaption"= "LegalNoticeText"= "PasswordExpiryWarning"=5 "PowerdownAfterShutdown"=0 "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "ReportBootOk"=1 "Shell"=explorer.exe "ShellCritical"=0 "ShellInfrastructure"=sihost.exe "SiHostCritical"=0 "SiHostReadyTimeOut"=0 "SiHostRestartCountLimit"=0 "SiHostRestartTimeGap"=0 "Userinit"=C:\WINDOWS\system32\userinit.exe, "VMApplet"=SystemPropertiesPerformance.exe /pagefile "WinStationsDisabled"=0 "scremoveoption"=0 "LastLogOffEndTimePerfCounter"=13332650540 "ShutdownFlags"=135 "AutoAdminLogon"=0 "DefaultUserName"=famille penaib "DisableCad"=1 "DisableLockWorkstation"=0 "EnableFirstLogonAnimation"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon] "DefaultDomainName"= "DefaultUserName"= "EnableSIHostIntegration"=1 "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "Shell"=explorer.exe "ShellCritical"=0 "SiHostCritical"=0 "SiHostReadyTimeOut"=0 "SiHostRestartCountLimit"=0 "SiHostRestartTimeGap"=0 ---------- | Associations [HKLM\Software\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\Classes\.com] ""=comfile [HKLM\Software\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.reg] ""=regfile [HKLM\Software\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\Classes\.scr] ""=scrfile [HKLM\Software\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\Classes\.bat] ""=batfile [HKLM\Software\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.cmd] ""=cmdfile [HKLM\Software\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.pif] ""=piffile [HKLM\Software\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.inf] ""=inffile [HKLM\Software\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\Classes\.url] ""=InternetShortcut [HKLM\Software\Classes\.lnk] ""=lnkfile [HKLM\Software\Classes\.hta] ""=htafile "Content Type"=application/hta "PerceivedType"=text [HKLM\Software\Classes\htafile\Shell\Open\Command] ""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* [HKLM\Software\Classes\InternetShortcut] "EditFlags"=2 "FriendlyTypeName"=@C:\WINDOWS\system32\ieframe.dll,-10046 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "NeverShowExt"= "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment ""=Raccourci Internet [HKLM\Software\Classes\Application.Manifest] ""=Application Manifest "BrowserFlags"=4096 "EditFlags"=4259840 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200 [HKLM\Software\Classes\Application.Reference] ""=Application Reference "EditFlags"=131072 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201 "IsShortcut"= "NeverShowExt"= [HKLM\Software\Classes\Folder] ""=Folder "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeLayoutPatternForSearch"=alpha "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.HomeGroupSharingStatus [HKLM\Software\WOW6432Node\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\WOW6432Node\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\WOW6432Node\Classes\.com] ""=comfile [HKLM\Software\WOW6432Node\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.reg] ""=regfile [HKLM\Software\WOW6432Node\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\WOW6432Node\Classes\.scr] ""=scrfile [HKLM\Software\WOW6432Node\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\WOW6432Node\Classes\.bat] ""=batfile [HKLM\Software\WOW6432Node\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.cmd] ""=cmdfile [HKLM\Software\WOW6432Node\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.pif] ""=piffile [HKLM\Software\WOW6432Node\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.inf] ""=inffile [HKLM\Software\WOW6432Node\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\WOW6432Node\Classes\.url] ""=InternetShortcut [HKLM\Software\WOW6432Node\Classes\.lnk] ""=lnkfile [HKLM\Software\WOW6432Node\Classes\.hta] ""=htafile "Content Type"=application/hta "PerceivedType"=text [HKLM\Software\WOW6432Node\Classes\htafile\Shell\Open\Command] ""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* [HKLM\Software\WOW6432Node\Classes\InternetShortcut] "EditFlags"=2 "FriendlyTypeName"=@C:\WINDOWS\system32\ieframe.dll,-10046 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "NeverShowExt"= "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment ""=Raccourci Internet [HKLM\Software\WOW6432Node\Classes\Application.Manifest] ""=Application Manifest "BrowserFlags"=4096 "EditFlags"=4259840 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200 [HKLM\Software\WOW6432Node\Classes\Application.Reference] ""=Application Reference "EditFlags"=131072 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201 "IsShortcut"= "NeverShowExt"= [HKLM\Software\WOW6432Node\Classes\Folder] ""=Folder "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeLayoutPatternForSearch"=alpha "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.HomeGroupSharingStatus [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\Shell\open\Command] ""="C:\Program Files\Mozilla Firefox\firefox.exe" [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\InstallInfo] "ReinstallCommand"="C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\Clients\StartMenuInternet\OperaStable\Shell\open\Command] ""="C:\Users\famille penaib\AppData\Local\Programs\Opera\Launcher.exe" [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\Clients\StartMenuInternet\OperaStable\InstallInfo] "ReinstallCommand"="C:\Users\famille penaib\AppData\Local\Programs\Opera\Launcher.exe" --makedefaultbrowser [HKLM\Software\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\Shell\open\Command] ""="C:\Program Files\Mozilla Firefox\firefox.exe" [HKLM\Software\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\InstallInfo] "ReinstallCommand"="C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\Clients\StartMenuInternet\Google Chrome\Shell\open\Command] ""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [HKLM\Software\Clients\StartMenuInternet\Google Chrome\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""=C:\Program Files\Internet Explorer\iexplore.exe [12/04/2018 17:19:11] [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\Shell\open\Command] ""="C:\Program Files\Mozilla Firefox\firefox.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\InstallInfo] "ReinstallCommand"="C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\Shell\open\Command] ""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""=C:\Program Files\Internet Explorer\iexplore.exe [12/04/2018 17:19:11] [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall ---------- | AppcompatFlags [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted] "C:\Users\famille penaib\AppData\Local\Programs\Opera\Launcher.exe"=32 [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store] "E:\SteamLibrary\steamapps\common\SimCity 4 Deluxe\Apps\SimCity 4.exe"=0x5341435001000000000000000700000028000000003078003BAA78000100000000000000000001067100000019B4C529E312D10100000000000000000200000028000000000000000000001000020200000000000000000000000000FC0A0000000000000100000001000000 "SIGN.MEDIA=E0DC69 AutoPlay.exe"=0x534143500100000000000000070000002800000000100F007E430F000100000000000000000000067120000019B4C529E312D10100000000000000000200000028000000000000008000000000000000000000000000000000000000826C0400000000000100000001000000 "SIGN.MEDIA=B75C6FB9 AutoPlay.exe"=0x534143500100000000000000070000002800000000000F00197D0F000100000000000000000001057120000019B4C529E312D10100000000000000000200000028000000000000008000000000000000000000000000000000000000FD470500000000000100000001000000 "SIGN.MEDIA=1369DF64 Autoplay.exe"=0x534143500100000000000000070000002800000000300F00C1B30F000100000000000000000000067120000019B4C529E312D101000000000000000002000000280000000000000080000000000000000000000000000000000000003EDF2C00000000000100000001000000 "C:\Program Files (x86)\THQ\Dawn of War - Soulstorm\Soulstorm.exe"=0x534143500100000000000000070000002800000000709500AC9353000100000000000000000000067120000033504C2B57DFD101000000C0000000000200000050000000000000000000001000000000000000000000000000000000CF89280000000000180000000A0000000000000000000050000000000000000000000000000000001F292F00000000000200000000000000 "C:\Program Files (x86)\THQ\Dawn Of War\W40k.exe"=0x534143500100000000000000070000002800000000163000000000000100000000000000000001057120000033504C2B57DFD10100000000000000000200000028000000000000000000000000040000000000000000000000000000A63B0900000000000400000004000000 "C:\Program Files (x86)\Xfire\Xfire.exe"=0x534143500100000000000000020000002800000000000000000000000000000000000000000000000000000020000000000000000100000001000000070000002800000050472B001E282C000100000000000000000000067120000033504C2B57DFD1010000000000000000 "SIGN.MEDIA=1BA200 LAUNCHER\Launcher.exe"=0x534143500100000000000000070000002800000000A21B00000000000100000000000000000001057120000019B4C529E312D10100000000000000000100000004000000010000000500000010000000000000000000000000030105800000000200000050000000000301058000006000000000000000000000000000000000AF1A06000000000001000000010000000000000080000000000420000000000000002000000000009A460400000000000100000000000000 "C:\Program Files\HP\HP ENVY 4520 series\Bin\hpqDTSS.exe"=0x534143500100000000000000070000002800000008386A0089FA6A0001000000000000000000000A73220000D5B3B31A57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000B8C50200000000000200000002000000 "SIGN.MEDIA=11BF000 Setup_v2.7.0.msi"=0x534143500100000000000000070000002800000000FE00009EC4010001000000000000000000010500100000D5B3B31A57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000DFF80500000000000100000001000000 "C:\Program Files (x86)\THQ\Dawn Of War\WinterAssault.exe"=0x5341435001000000000000000700000028000000003C0200000000000100000000000000000001057120000033504C2B57DFD1010000000000000000020000002800000000000000000000000020000000000000000000000000000077440100000000000100000001000000 "C:\Program Files\HP\HP ENVY 4520 series\Bin\HP ENVY 4520 series.exe"=0x534143500100000000000000070000002800000008E06E0068326F0001000000000000000000000A73220000DB80FDAC2839D301000000000000000002000000280000000000000000000000100000000000000000000000000000006C562100000000000C0000000C000000 "C:\Program Files (x86)\FormatFactory\FormatFactory.exe"=0x5341435001000000000000000700000028000000801660007B4A600001000000000000000000000A7122000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000EDCAEF08000000000600000006000000 "E:\Overwatch\Overwatch Launcher.exe"=0x534143500100000000000000050000001000000000000000000000000000000080000000070000002800000030602D00CBBA2D0001000000000000000000010600010000BFA2139DEDD1D301000000000000000002000000280000000000000080000000101000000000000000000000000000002BDCDC0C000000003300000033000000 "C:\Program Files\VideoLAN\VLC\vlc.exe"=0x5341435001000000000000000700000028000000C02502004B47020001000000000000000000000A63220000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000C7A78E00000000002B0000002B000000 "C:\Program Files (x86)\Movie Maker 2.6\MOVIEMK.exe"=0x534143500100000000000000070000002800000000F83100A6DE32000100000000000000000000067120000033504C2B57DFD101000000000000000002000000280000000000000000000000000002000000000000000000000000000A2F0B00000000000200000002000000 "C:\Program Files\Adobe\Adobe Premiere Pro CC 2017\Adobe Premiere Pro.exe"=0x5341435001000000000000000700000028000000E8AA1900EEDA190001000000000000000000000A73220000D5B3B31A57DFD101000000000000000002000000500000000000000000000000000000000000000000000000000000003D644202000000001300000012000000000000000000004000000000000000000000000000000000A9AD4100000000000200000000000000 "C:\Users\famille penaib\Downloads\JRT.exe"=0x53414350010000000000000007000000280000004060190006D619000100000000000000000001067102000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000AE6D0000000000000200000002000000 "C:\Program Files\RogueKiller\RogueKiller64.exe"=0x534143500100000000000000070000002800000048648A0161D38A0101000000000000000000000A00210000D5B3B31A57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000C95C1300000000000400000004000000 "C:\Program Files\AVAST Software\Avast\AvastUI.exe"=0x534143500100000000000000070000002800000068EA8A0013388B0001000000000000000000000A0021000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000029010000000000000200000002000000 "C:\Program Files (x86)\NCH Software\VideoPad\videopad.exe"=0x5341435001000000000000000700000028000000A83C4B00581F4C0001000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000BB530700000000000400000004000000 "C:\Program Files (x86)\4KDownload\4kvideodownloader\4kvideodownloader.exe"=0x53414350010000000000000007000000280000000037E8007B4CE80001000000000000000000000A6120000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000098840F00000000001500000015000000 "C:\Program Files\AVAST Software\SZBrowser\launcher.exe"=0x5341435001000000000000000700000028000000D8F30B003EE90C0001000000000000000000000A0021000033504C2B57DFD101000000000000000002000000280000000000000080000000000000000000000000000000000000004E630000000000000100000001000000 "C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\MSOXMLED.EXE"=0x5341435001000000000000000700000028000000C062030051C7030001000000000000000000000A7122000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000C00F0000000000000100000001000000 "E:\SteamLibrary\steamapps\common\Skyrim\TESV.exe"=0x534143500100000000000000070000002800000030071301D9B313010100000000000000000002067102000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000039130000000000000200000002000000 "C:\Users\famille penaib\Downloads\cdbxp_setup_4.5.7.6499.exe"=0x5341435001000000000000000700000028000000C01A5F00963F5F000100000000000000000003060001000033504C2B57DFD101000000000000000002000000500000000000000000000000000000000000000000000000000000006A180000000000000200000002000000000000000000004000000000000000000000000000000000CB630000000000000100000000000000 "C:\Program Files (x86)\CDBurnerXP\cdbxpp.exe"=0x534143500100000000000000070000002800000070B41A0079001B0001000000000000000000000A8021000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000AE5D1100000000000100000001000000 "SIGN.MEDIA=7E026A6 Apache_OpenOffice_4.1.3_Win_x86_install_fr.exe"=0x534143500100000000000000070000002800000066CAE3070000000001000000000000000000000A0021000033504C2B57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000008B780000000000000100000001000000 "C:\Program Files (x86)\OpenOffice 4\program\soffice.exe"=0x5341435001000000000000000700000028000000001A9600A653960001000000000000000000000A71220000DB80FDAC2839D3010000000000000000020000002800000000000000000000100000000000000000000000000000000038486F00000000003600000036000000 "C:\Program Files (x86)\OpenOffice 4\program\swriter.exe"=0x5341435001000000000000000700000028000000009601002029020001000000000000000000000A71220000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000007D8A1700000000004600000046000000 "C:\Program Files (x86)\OpenOffice 4\program\simpress.exe"=0x534143500100000000000000070000002800000000960100472B020001000000000000000000000A7122000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000008FFF4800000000000D0000000D000000 "C:\Users\famille penaib\Downloads\antikey\ak10.3.3.msi"=0x534143500100000000000000070000002800000000FE00009EC4010001000000000000000000010500100000D5B3B31A57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000510F0000000000000200000002000000 "C:\Users\famille penaib\Downloads\premiumsetup.exe"=0x534143500100000000000000070000002800000048DF9F00917FA0000100000000000000000003060001000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000F1670000000000000100000001000000 "C:\Users\famille penaib\Downloads\rkfree_setup_210_password_123\rkfree_setup_210.exe"=0x534143500100000000000000070000002800000048BA17005E89180001000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000A44D0300000000000100000001000000 "C:\TechnicLauncher.exe"=0x5341435001000000000000000700000028000000403F48000000000001000000000000000000000A7120000033504C2B57DFD101000000000000000002000000280000000000000080000000000000000000000000000000000000001A1B0000000000000300000003000000 "E:\SteamLibrary\steamapps\common\RPG Maker MV\nwjs-win\Game.exe"=0x53414350010000000000000007000000280000000080C40272C6C40201000000000000000000000A0021000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000067010000000000000100000001000000 "C:\Program Files (x86)\BlueStacks\BlueStacks.exe"=0x5341435001000000000000000700000028000000380A0B0071630B0001000000000000000000000AF122000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000061390300000000000200000002000000 "E:\SteamLibrary\steamapps\common\PAYDAY 2\payday2_win32_release.exe"=0x5341435001000000000000000700000028000000009679000000000001000000000000000000000A7120000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000054260000000000000200000002000000 "C:\Program Files (x86)\HP\Diagnostics\PSDR\HPPSDr.exe"=0x5341435001000000000000000700000028000000C8AC7000F10571000100000000000000000001060001000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000A6C62200000000000300000003000000 "SIGN.MEDIA=9005E LaunchBF.exe"=0x534143500100000000000000070000002800000000000900000000000100000000000000000001057120000033504C2B57DFD101000000000000000002000000280000000000000080000010000000000000000000000000000000002A635000000000000A0000000A000000 "E:\SteamLibrary\steamapps\common\RPG Maker MV\RPGMV.exe"=0x534143500100000000000000070000002800000000B81B010000000001000000000000000000000A7122000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000039A70400000000000100000001000000 "C:\Users\famille penaib\AppData\Local\Roblox\Versions\version-7b8ced67462c404f\RobloxPlayerLauncher.exe"=0x534143500100000000000000070000002800000038EC0C00C30B0D0001000000000000000000000A71220000BFA2139DEDD1D301000000000000000002000000280000000000000080000000000000000000000000000000000000005F5F0800000000000200000002000000 "C:\Users\famille penaib\Downloads\forge-1.7.10-10.13.4.1614-1.7.10-installer-win.exe"=0x534143500100000000000000070000002800000065F73300B8E5000001000000000000000000000A7120000033504C2B57DFD101000000000000000002000000280000000000000000080040000000000000000000000000000000001FDA0100000000000100000001000000 "C:\Users\famille penaib\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"=0x5341435001000000000000000700000028000000D0F2A6017F93A70101000000000000000000000A0021000033504C2B57DFD1010000000100000000 "C:\Users\famille penaib\AppData\Local\Microsoft\OneDrive\17.3.6943.0625\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D0960300F48A040001000000000000000000000A7120000033504C2B57DFD1010000000100000000 "C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE"=0x5341435001000000000000000700000028000000303C1C00CA4C1C0001000000000000000000000A0021000033504C2B57DFD1010000009100000000 "SIGN.IE=07CE5C8 adwcleaner_7.0.1.0.exe"=0x5341435001000000000000000700000028000000C8E57C00C3187D0001000000000000000000000A0021000033504C2B57DFD1010000000000000000 "C:\Users\famille penaib\Downloads\ccsetup533.exe"=0x5341435001000000000000000700000028000000486995001FC5950001000000000000000000000A0021000033504C2B57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000009AF20400000000000100000001000000 "C:\Users\famille penaib\Downloads\unchecky_setup.exe"=0x5341435001000000000000000700000028000000A0BE14002E3015000100000000000000000003060001000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000066160000000000000100000001000000 "C:\Users\famille penaib\AppData\Local\Apps\2.0\MB82MPHY.391\J1C9P828.XMK\prog...app_baa8013a79450f71_0001.0003_a714e86e7606a065\clickonce_bootstrap.exe"=0x5341435001000000000000000700000028000000503C0000320F010001000000000000000000000A8021000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000003AF50400000000000200000002000000 "C:\Program Files\Windows Defender\MSASCui.exe"=0x534143500100000000000000070000002800000000D613004BF1130001000000010000000000000A00210000D5B3B31A57DFD1010000000000000000 "C:\Program Files\CCleaner\CCleaner64.exe"=0x5341435001000000000000000700000028000000D80696008120960001000000000000000000000A00210000D5B3B31A57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000BF020000000000000300000003000000 "SIGN.IE=01B5048 JRT.exe"=0x534143500100000000000000070000002800000048501B0027F11B000100000000000000000001067102000033504C2B57DFD1010000000000000000 "C:\Users\famille penaib\AppData\Local\Temp\{213596F4-C004-4CBD-8C89-0D67431B074D}\GoogleUpdateSetup.exe"=0x534143500100000000000000070000002800000060A50B00BABE0B000100000000000000000001060001000033504C2B57DFD10100000080000000000200000028000000000000000000004000000000000000000000000000000000788B0300000000000100000001000000 "C:\Users\famille penaib\Downloads\chrome_cleanup_tool.exe"=0x534143500100000000000000070000002800000078D83B0085283C0001000000000000000000000A0021000033504C2B57DFD10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000000000000000000000000000000000000000AF3E0000000000000100000001000000 "C:\Users\famille penaib\AppData\Local\Microsoft\OneDrive\17.3.6966.0824\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D0B00300CDA9040001000000000000000000000A7120000033504C2B57DFD1010000000100000000 "C:\Users\famille penaib\Documents\MinecraftInstaller.msi"=0x534143500100000000000000070000002800000000FE00009EC4010001000000000000000000010500100000D5B3B31A57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000006D1A0000000000000100000001000000 "C:\Users\famille penaib\Desktop\algoboxwin64usb\algobox.exe"=0x5341435001000000000000000700000028000000009625000000000001000000000000000000000A73220000D5B3B31A57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000558C2A00000000000200000002000000 "C:\Users\famille penaib\Desktop\regressi-setup.exe"=0x53414350010000000000000007000000280000007331F100CBEC02000100000000000000000001060001000033504C2B57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000004E7D0000000000000600000006000000 "C:\Program Files (x86)\Evariste\Regressi\Regressi.exe"=0x5341435001000000000000000700000028000000001473000000000001000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000D707C502000000000B0000000B000000 "C:\Users\famille penaib\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D0E20300117A040001000000000000000000000A7120000033504C2B57DFD1010000000100000000 "C:\Program Files\Windows NT\Accessories\wordpad.exe"=0x534143500100000000000000070000002800000000AA44008CBE440001000000010000000000000A73220000D5B3B31A57DFD1010000000000000000 "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe"=0x534143500100000000000000070000002800000060B82400878E250001000000000000000000000A0021000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000005E000000000000000100000001000000 "C:\Users\famille penaib\AppData\Local\Roblox\Versions\version-b599faecd378419d\RobloxStudioLauncherBeta.exe"=0x5341435001000000000000000700000028000000C05C0C0032020D0001000000000000000000000A7122000033504C2B57DFD101000000000000000002000000280000000000000080000000000000000000000000000000000000007E0C0B00000000000100000001000000 "C:\Users\famille penaib\AppData\Local\Roblox\Versions\version-9d61f1aeed344b1a\RobloxStudioLauncherBeta.exe"=0x5341435001000000000000000700000028000000C0840C007BA70C0001000000000000000000000A7122000033504C2B57DFD1010000000000000000020000002800000000000000800000000000000000000000000000000000000082990300000000000100000001000000 "C:\Users\famille penaib\Documents\HijackThisPortable_2.0.5_English.paf.exe"=0x5341435001000000000000000700000028000000F8F6090020130A000100000000000000000001060001000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000008BB50200000000000100000001000000 "E:\SteamLibrary\steamapps\common\Hello Neighbor Alpha Access\HelloNeighbor.exe"=0x5341435001000000000000000700000028000000007E0500D06E030001000000000000000000000A73200000D5B3B31A57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000E2FE0000000000000100000001000000 "E:\SteamLibrary\steamapps\common\Hello Neighbor Alpha Access\HelloNeighbor\Binaries\Win64\HelloNeighbor-Win64-Shipping.exe"=0x534143500100000000000000070000002800000000323603E908330301000000000000000000000A73220000D5B3B31A57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000050D70100000000000200000002000000 "E:\SteamLibrary\steamapps\common\Hello Neighbor Alpha Access\Engine\Extras\Redist\en-us\UE4PrereqSetup_x64.exe"=0x534143500100000000000000070000002800000030BE62020FEA62020100000000000000000003060001000033504C2B57DFD10100000000000000000200000028000000000000000000000000020200000000000000000000000000230F0000000000000100000001000000 "C:\Program Files (x86)\Steam\steamerrorreporter.exe"=0x534143500100000000000000070000002800000020D70700BE13080001000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000EB270000000000000100000001000000 "C:\Users\famille penaib\AppData\Local\Microsoft\OneDrive\17.3.7073.1013\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C80E0400AEA6040001000000000000000000000A7120000033504C2B57DFD1010000000100000000 "C:\Users\famille penaib\AppData\Local\Microsoft\OneDrive\17.3.7074.1023\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C80E0400B6AD040001000000000000000000000A7120000033504C2B57DFD1010000000100000000 "C:\Users\famille penaib\Downloads\Firefox Installer.exe"=0x534143500100000000000000070000002800000028C00300759D040001000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000BD8D5800000000000100000001000000 "C:\Program Files\Gramblr\gramblr.exe"=0x53414350010000000000000007000000280000005094B3001CCAB30003000000000000000000000A73200000D5B3B31A57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000006E000000000000000100000001000000 "C:\Users\famille penaib\AppData\Local\Microsoft\OneDrive\17.3.7076.1026\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C80E040067ED040001000000000000000000000A7120000033504C2B57DFD1010000000100000000 "SIGN.IE=06C418 Paladium.exe"=0x534143500100000000000000070000002800000018C40600A0DD000001000000000000000000000A7120000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000009F6D0000000000000100000001000000 "C:\Users\famille penaib\Downloads\Paladium (1).exe"=0x534143500100000000000000070000002800000018C40600A0DD000001000000000000000000000A7120000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000055A22200000000000100000001000000 "C:\Users\famille penaib\Downloads\Paladium (2).exe"=0x534143500100000000000000070000002800000018C40600A0DD000001000000000000000000000A7120000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000BA101700000000000100000001000000 "SIGN.MEDIA=DD75E613 AutoRun.exe"=0x534143500100000000000000070000002800000040D932005BEF32000100000000000000000002060001000033504C2B57DFD1010000000000000000020000002800000000000000800000000000000000000000000000000000000004C20100000000000600000006000000 "C:\ProgramData\Origin\SelfUpdate\StagedUpdate\UpdateTool.exe"=0x53414350010000000000000007000000280000005093040068B6040001000000000000000000000A7122000033504C2B57DFD101000000800000000002000000280000000000000000000040000000000000000000000000000000001FAC0000000000000100000001000000 "C:\Program Files (x86)\Java\jre1.8.0_131\bin\java.exe"=0x534143500100000000000000070000002800000040EA02006577030001000000000000000000000A0021000033504C2B57DFD1010000000000000000020000002800000000000000000000100000000000000000000000000000000096010000000000000100000001000000 "C:\Users\famille penaib\Downloads\zoek.exe"=0x5341435001000000000000000700000028000000000C1400000000000100000000000000000001067102000033504C2B57DFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000084223D00000000000200000002000000 "C:\Program Files\AVAST Software\Avast\setup\instup.exe"=0x5341435001000000000000000700000028000000581B15000000000001000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000A3B00000000000000100000001000000 "SIGN.MEDIA=191F4C50 kfa18.0.0.405abfr_13241.exe"=0x534143500100000000000000070000002800000030502400C41E250001000000000000000000000A0021000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000009EA04000000000000200000002000000 "E:\Dawn of War - Soulstorm\Soulstorm.exe"=0x534143500100000000000000070000002800000000709500AC9353000100000000000000000000067120000033504C2B57DFD101000000C0000000000200000028000000000000000000001000000000000000000000000000000000E0B91900000000000300000003000000 "C:\Users\famille penaib\Desktop\Paladium.exe"=0x534143500100000000000000070000002800000018C40600A0DD000001000000000000000000000A71200000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000499C1F00000000001700000017000000 "C:\Users\famille penaib\Desktop\c371de7fe7ded6a2eda5\Sc4v10272plus2Trainer-iMSDOX.exe"=0x534143500100000000000000070000002800000000660000000000000100000000000000000001057100000033504C2B57DFD10100000000000000000200000028000000000000000000000000200000000000000000000000000000C1D20000000000000100000001000000 "C:\Users\famille penaib\Desktop\CheatEngine67.exe"=0x5341435001000000000000000700000028000000183FB900E75BB90001000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000678A0800000000000100000001000000 "C:\Program Files (x86)\Cheat Engine 6.7\Cheat Engine.exe"=0x5341435001000000000000000700000028000000882805004BA3050001000000000000000000000A61220000BFA2139DEDD1D30100000000000000000200000028000000000000000000004002000000000000000000000000000000B5BE2900000000002000000020000000 "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe"=0x534143500100000000000000070000002800000070BF1600131A170001000000000000000000000AF5220000D5B3B31A57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000007C490000000000000100000001000000 "C:\Users\famille penaib\AppData\Local\Temp\7zS2393\FileExtractor.exe"=0x53414350010000000000000007000000280000007045210091C421000100000000000000000001060001000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000A5B40100000000000100000001000000 "C:\Users\famille penaib\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C89C0300B381040001000000000000000000000A7120000033504C2B57DFD1010000000100000000 "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avpui.exe"=0x5341435001000000000000000700000028000000281B0500D32F050001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000 "C:\Program Files (x86)\Origin\legacyPM\OriginLegacyCLI.exe"=0x534143500100000000000000070000002800000070AD0C00F9F30C0001000000000000000000010600010000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000004E000000000000000500000005000000 "SIGN.IE=0126DF8 readerdc_fr_ra_crd_install.exe"=0x5341435001000000000000000700000028000000F86D12000459130001000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000A8B70D00000000000100000001000000 "C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE"=0x5341435001000000000000000700000028000000A89A1D00D1241E0001000000000000000000000A00210000DB80FDAC2839D3010000009100000000 "C:\ProgramData\Battle.net\Agent\Agent.5985\Agent.exe"=0x5341435001000000000000000700000028000000E8B7420007C5420001000000000000000000000A00210000DB80FDAC2839D3010000000000000000020000002800000000000000800000400000000000000000000000000000000014242101000000000100000001000000 "SIGN.IE=0134B60 OperaSetup.exe"=0x5341435001000000000000000700000028000000604B13007368130001000000000000000000000A00210000DB80FDAC2839D301000000000000000002000000280000000000000000000000000000000000000000000000000000001B4E0100000000000100000001000000 "C:\Program Files\Mozilla Firefox\pingsender.exe"=0x5341435001000000000000000700000028000000D0F700007939010001000000000000000000000A73200000DB80FDAC2839D301000000000000000002000000280000000000000000000000000000000000000000000000000000006C150000000000000800000008000000 "C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe"=0x5341435001000000000000000700000028000000C8474E0111CF4E0101000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000E254B210000000001900000019000000 "C:\Users\famille penaib\AppData\Local\Microsoft\OneDrive\17.3.7294.0108\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000A0A203006855040001000000000000000000000A71200000DB80FDAC2839D3010000000100000000 "C:\Users\famille penaib\AppData\Local\Microsoft\OneDrive\17.005.0107.0008\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000A0AC03001457040001000000000000000000000A71200000DB80FDAC2839D3010000000100000000 "C:\Users\famille penaib\Downloads\Nexus Mod Manager-0.63.14.exe"=0x534143500100000000000000070000002800000088486200CBF1620001000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000E2540100000000000100000001000000 "C:\Program Files\Nexus Mod Manager\NexusClient.exe"=0x534143500100000000000000070000002800000098F731001AE7320001000000000000000000000A75220000BFA2139DEDD1D30100000000000000000200000028000000000000000000000080000000000000000000000000000000B9DD7400000000001700000017000000 "C:\Users\famille penaib\AppData\Local\Microsoft\OneDrive\18.025.0204.0009\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000A0AE0300F24D040001000000000000000000000A71200000DB80FDAC2839D3010000000100000000 "C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE"=0x5341435001000000000000000700000028000000B00C4E02B2544E0201000000000000000000000A00210000DB80FDAC2839D3010000009100000000 "C:\Program Files\Mozilla Firefox\firefox.exe"=0x5341435001000000000000000700000028000000D0BB06007814070001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Users\famille penaib\AppData\Local\Microsoft\OneDrive\18.044.0301.0006\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000A0BC0300204F040001000000000000000000000A00210000DB80FDAC2839D3010000000100000000 "C:\Users\famille penaib\AppData\Local\Temp\7zS1091\FileExtractor.exe"=0x53414350010000000000000007000000280000007045210091C4210001000000000000000000010600010000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000374C0100000000000100000001000000 "C:\Users\famille penaib\AppData\Local\Temp\7zS10A4\FileExtractor.exe"=0x53414350010000000000000007000000280000007045210091C4210001000000000000000000010600010000DB80FDAC2839D30100000000000000000200000028000000000000000000004000020000000000000000000000000000AB080000000000000100000001000000 "C:\Users\famille penaib\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000A0E00300017A040001000000000000000000000A00210000DB80FDAC2839D3010000000100000000 "C:\Program Files (x86)\Origin\OriginThinSetupInternal.exe"=0x5341435001000000000000000700000028000000406D4A0102934A0101000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000F2740000000000000100000001000000 "C:\Users\famille penaib\AppData\Local\Temp\7zS5B42\FileExtractor.exe"=0x53414350010000000000000007000000280000007045210091C4210001000000000000000000010600010000DB80FDAC2839D3010000000000000000020000002800000000000000000000400000000000000000000000000000000064190000000000000100000001000000 "C:\Users\famille penaib\AppData\Local\Temp\7zS5C92\FileExtractor.exe"=0x53414350010000000000000007000000280000007045210091C4210001000000000000000000010600010000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000A6D00500000000000100000001000000 "C:\Program Files\internet explorer\iexplore.exe"=0x534143500100000000000000070000002800000008910C0061C40C0001000000010000000000000A00210000BFA2139DEDD1D3010000000000000000 "C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe"=0x5341435001000000000000000700000028000000B0B68200E7D3820001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000031DA1202000000008500000085000000 "C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe"=0x5341435001000000000000000700000028000000A8DA2E016B402F0101000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000C770CD06000000003900000039000000 "C:\Program Files (x86)\Windows Media Player\wmplayer.exe"=0x5341435001000000000000000700000028000000008C02004C22030001000000010000000000000A61220000BFA2139DEDD1D3010000000000000000 "SIGN.IE=01BF0245 Totally+Accurate+Battle+Simulator.exe"=0x53414350010000000000000007000000280000004502BF010000000001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000A4724E00000000000100000001000000 "C:\Program Files (x86)\Totally Accurate Battle Simulator\TotallyAccurateBattleSimulator.exe"=0x534143500100000000000000070000002800000000BC14010000000001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000002C1A5300000000000B0000000B000000 "C:\Users\famille penaib\AppData\Local\Microsoft\OneDrive\18.091.0506.0007\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000A8E003002796040001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Program Files (x86)\LucasArts\Star Wars Battlefront\LaunchBF.exe"=0x5341435001000000000000000700000028000000000009000000000001000000000000000000010571200000BFA2139DEDD1D3010000000000000000020000002800000000000000800000100020000000000000000000000000000096850100000000000100000001000000 "E:\SteamLibrary\steamapps\common\Company of Heroes 2\RelicCoH2.exe"=0x5341435001000000000000000700000028000000F07990021317910201000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000039060000000000000100000001000000 "E:\SteamLibrary\steamapps\common\Team Fortress 2\hl2.exe"=0x5341435001000000000000000700000028000000202102006B66020001000000000000000000030600010000BFA2139DEDD1D30100000000000000000200000028000000000000000000009000020200000000000000000000000000640C0000000000000100000001000000 "C:\ProgramData\Origin\SelfUpdate\Staged\OriginThinSetupInternal.exe"=0x534143500100000000000000070000002800000038114B016AAC4B0101000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000048A00000000000000100000001000000 "C:\Program Files (x86)\Origin\OriginClientService.exe"=0x5341435001000000000000000700000028000000409921001A08220001000000000000000000010600010000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000048010000000000000100000001000000 "C:\Program Files (x86)\Origin\OriginWebHelperService.exe"=0x534143500100000000000000070000002800000048E12E00F3B62F0001000000000000000000010600010000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000CC000000000000000100000001000000 "C:\Program Files (x86)\Steam\bin\steamservice.exe"=0x53414350010000000000000007000000280000002089190036B9190001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000060310000000000000100000001000000 "C:\Program Files (x86)\Origin\Origin.exe"=0x534143500100000000000000070000002800000028672F00B93E300001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000423EC607000000007E0000007E000000 "C:\Program Files (x86)\Origin Games\Mass Effect 3\Binaries\Win32\MassEffect3.exe"=0x53414350010000000000000007000000280000006083550148DF550101000000000000000000010671020000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000092420100000000000600000006000000 "C:\Users\famille penaib\AppData\Local\Microsoft\OneDrive\18.131.0701.0007\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000A80204003EA4040001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\ProgramData\Battle.net\Agent\Agent.6383\Agent.exe"=0x5341435001000000000000000700000028000000E8514C0096924C0001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000800000000200000028000000000000008000004000000000000000000000000000000000BE885100000000000100000001000000 "C:\Users\famille penaib\AppData\Local\Microsoft\OneDrive\18.151.0729.0006\FileSyncConfig.exe"=0x534143500100000000000000070000002800000020F80300EE6C040001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Users\famille penaib\AppData\Local\Microsoft\OneDrive\18.151.0729.0012\FileSyncConfig.exe"=0x534143500100000000000000070000002800000020F30300A795040001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Users\famille penaib\AppData\Local\Roblox\Versions\version-aa7aa6ffd6814f65\RobloxPlayerLauncher.exe"=0x534143500100000000000000070000002800000038080C0056CD0C0001000000000000000000000A71220000BFA2139DEDD1D3010000000000000000020000002800000000000000800000000000000000000000000000000000000054790700000000000B0000000B000000 "C:\Users\famille penaib\AppData\Local\Roblox\Versions\version-8ef03b85fc3e4eab\RobloxPlayerLauncher.exe"=0x534143500100000000000000070000002800000038661100B22F120001000000000000000000000A71220000BFA2139DEDD1D30100000000000000000200000028000000000000008000000000000000000000000000000000000000577D9200000000001900000019000000 "C:\Users\famille penaib\AppData\Local\Microsoft\OneDrive\18.172.0826.0010\FileSyncConfig.exe"=0x53414350010000000000000007000000280000006010040082C7040001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Users\famille penaib\AppData\Local\Roblox\Versions\version-fe1202c4dac345c1\RobloxPlayerLauncher.exe"=0x5341435001000000000000000700000028000000C0DC1100BD32120001000000000000000000000A71220000BFA2139DEDD1D30100000000000000000200000028000000000000008000000000000000000000000000000000000000DFCD1700000000000A0000000A000000 "C:\Program Files (x86)\Minecraft\MinecraftLauncher.exe"=0x534143500100000000000000070000002800000080F750023006510201000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000080000000000000000000000000000000000000002B03B104000000004300000043000000 "C:\Users\famille penaib\AppData\Local\Roblox\Versions\version-7319e86bce9645c7\RobloxPlayerLauncher.exe"=0x534143500100000000000000070000002800000038EA110040EE110001000000000000000000000A71220000BFA2139DEDD1D3010000000000000000020000002800000000000000800000000000000000000000000000000000000061704100000000001000000010000000 "C:\Users\famille penaib\AppData\Local\Roblox\Versions\version-6b6322fbab184fa5\RobloxPlayerLauncher.exe"=0x534143500100000000000000070000002800000038DE1100862A120001000000000000000000000A71220000BFA2139DEDD1D30100000000000000000200000028000000000000008000000000000000000000000000000000000000C6DE7A00000000002700000027000000 "C:\Users\famille penaib\AppData\Local\Microsoft\OneDrive\18.192.0920.0015\FileSyncConfig.exe"=0x534143500100000000000000070000002800000060340400A607050001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Users\famille penaib\AppData\Local\Roblox\Versions\version-a7710e65dcce4d7f\RobloxPlayerLauncher.exe"=0x534143500100000000000000070000002800000038E4110005CD120001000000000000000000000A71220000BFA2139DEDD1D30100000000000000000200000028000000000000008000000000000000000000000000000000000000870C8600000000002100000021000000 "C:\Users\famille penaib\AppData\Local\Roblox\Versions\version-ed3fed41a70f490b\RobloxPlayerLauncher.exe"=0x534143500100000000000000070000002800000038E21100BE15120001000000000000000000000A71220000BFA2139DEDD1D30100000000000000000200000028000000000000008000000000000000000000000000000000000000ABAD9600000000001100000011000000 "C:\Users\famille penaib\AppData\Local\Microsoft\OneDrive\18.212.1021.0008\FileSyncConfig.exe"=0x53414350010000000000000007000000280000002031040026BC040001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Users\famille penaib\AppData\Local\Roblox\Versions\version-4507abe13b6a4bcc\RobloxPlayerLauncher.exe"=0x534143500100000000000000070000002800000038E21100B047120001000000000000000000000A71220000BFA2139DEDD1D30100000000000000000200000028000000000000008000000000000000000000000000000000000000C4C38200000000002300000023000000 "C:\Users\famille penaib\AppData\Local\Roblox\Versions\RobloxStudioLauncherBeta.exe"=0x5341435001000000000000000700000028000000C0C21100F3E3110001000000000000000000000A71220000BFA2139DEDD1D3010000000000000000020000002800000000000000800000000000000000000000000000000000000064670000000000000100000001000000 "C:\Users\famille penaib\AppData\Local\Roblox\Versions\version-d38201d3e9f24c12\RobloxPlayerLauncher.exe"=0x534143500100000000000000070000002800000038E41100935D120001000000000000000000000A71220000BFA2139DEDD1D301000000000000000002000000280000000000000080000000000000000000000000000000000000009F309200000000003200000032000000 "C:\Users\famille penaib\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\FileSyncConfig.exe"=0x534143500100000000000000070000002800000020570400F14C050001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Users\famille penaib\AppData\Local\Roblox\Versions\version-d7fb0bbc5a344665\RobloxPlayerLauncher.exe"=0x534143500100000000000000070000002800000038DE11005CB0120001000000000000000000000A71220000BFA2139DEDD1D3010000000000000000020000002800000000000000800000000000000000000000000000000000000003612600000000000D0000000D000000 "C:\Users\famille penaib\Desktop\TechnicLauncher.exe"=0x5341435001000000000000000700000028000000D8D648000000000001000000000000000000000A71200000BFA2139DEDD1D30100000000000000000200000028000000000000008000000000000000000000000000000000000000877D9200000000000800000008000000 "C:\Users\famille penaib\AppData\Local\Roblox\Versions\version-34cd937254c64560\RobloxPlayerLauncher.exe"=0x534143500100000000000000070000002800000038CA1100B064120001000000000000000000000A71220000BFA2139DEDD1D3010000000000000000020000002800000000000000800000000000000000000000000000000000000073CC1800000000000A0000000A000000 "C:\Users\famille penaib\AppData\Local\Microsoft\OneDrive\18.240.1202.0004\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000386B0400903D050001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"=0x5341435001000000000000000700000028000000F08D2600FE4E270001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000001000000000000000000000000000000000F00C0000000000000100000001000000 "C:\Users\famille penaib\Downloads\OperaSetup.exe"=0x5341435001000000000000000700000028000000E0EE2000F317210001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000 "C:\Program Files (x86)\Java\jre1.8.0_131\bin\javacpl.exe"=0x53414350010000000000000007000000280000004012010063B6010001000000000000000000010600010000BFA2139DEDD1D301000000000000000002000000280000000000000000000000001000000000000000000000000000008E190100000000000100000001000000 "C:\Users\famille penaib\AppData\Local\Roblox\Versions\version-d8ff748edf7e47d8\RobloxPlayerLauncher.exe"=0x534143500100000000000000070000002800000038B6110067B1120001000000000000000000000A71220000BFA2139DEDD1D3010000000000000000020000002800000000000000800000000000000000000000000000000000000086CF0300000000000B0000000B000000 "C:\Users\famille penaib\AppData\Local\Temp\jre-8u201-windows-au.exe"=0x534143500100000000000000070000002800000060211E0080801E0001000000000000000000000A71220000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000EDBB0000000000000100000001000000 "C:\Users\famille penaib\Downloads\AutoClicker.exe"=0x53414350010000000000000007000000280000001B090C00A1AD0C0001000000000000000000000A71220000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000790CFC00000000001300000013000000 "C:\Users\famille penaib\AppData\Local\Roblox\Versions\version-c2f4870ea77341cc\RobloxPlayerLauncher.exe"=0x534143500100000000000000070000002800000038B61100054E120001000000000000000000000A71220000BFA2139DEDD1D3010000000000000000 "C:\Users\famille penaib\AppData\Local\Microsoft\OneDrive\19.002.0107.0008\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000308104006ACC040001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Users\famille penaib\AppData\Local\Roblox\Versions\version-956696c38c0d4bb4\RobloxPlayerLauncher.exe"=0x534143500100000000000000070000002800000038B41100E333120001000000000000000000000A71220000BFA2139DEDD1D30100000000000000000200000028000000000000008000000000000000000000000000000000000000F9AC5C00000000000900000009000000 "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"=0x5341435001000000000000000700000028000000183E1200B2D0120001000000000000000000000A71220000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000039010000000000000100000001000000 "C:\Users\famille penaib\Downloads\AutoHotkey_1.1.30.01_setup.exe"=0x5341435001000000000000000700000028000000E72D3500E967010001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000FA5D0100000000000200000002000000 "C:\Program Files\AutoHotkey\AutoHotkey.exe"=0x534143500100000000000000070000002800000000AC0D000000000001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000033020000000000000200000002000000 "C:\Users\famille penaib\Downloads\actionaz_V6GVjF_2704739681.exe"=0x5341435001000000000000000700000028000000EE5425000000000001000000000000000000010600010000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000006A4BCE01000000000200000002000000 "C:\Users\famille penaib\AppData\Local\Temp\CloseFAH.exe"=0x5341435001000000000000000700000028000000406801003755020001000000000000000000000A71220000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000AB000000000000000200000002000000 "C:\Users\famille penaib\AppData\Local\Programs\Opera\58.0.3135.65\opera.exe"=0x534143500100000000000000070000002800000058781800251A190001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Program Files\Win Tonic\wtc.exe"=0x534143500100000000000000070000002800000080D07000D3A4710001000000000000000000000A75220000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000A41E0000000000000600000006000000 "C:\Users\famille penaib\AppData\Local\Programs\Opera\launcher.exe"=0x5341435001000000000000000700000028000000585C16009104170001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000 "C:\Program Files (x86)\Steam\Steam.exe"=0x5341435001000000000000000700000028000000200130008A36300001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000A6010000000000002B0000002B000000 "C:\Users\famille penaib\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"=0x53414350010000000000000007000000280000006038B901D60FBA0101000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Users\famille penaib\AppData\Local\Microsoft\OneDrive\19.012.0121.0011\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000308D04008E97040001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Users\famille penaib\AppData\Local\Roblox\Versions\version-2505596358be4228\RobloxPlayerLauncher.exe"=0x5341435001000000000000000700000028000000C0B811003682120001000000000000000000000A71220000BFA2139DEDD1D301000000000000000002000000280000000000000080000000000000000000000000000000000000004DD39E00000000000200000002000000 "C:\Program Files\Actiona\actiona.exe"=0x534143500100000000000000070000002800000030040900FB07090001000000000000000000000A73220000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000030460A00000000000300000003000000 "C:\Users\famille penaib\AppData\Local\Roblox\Versions\version-fa3736abe3ad403d\RobloxPlayerLauncher.exe"=0x534143500100000000000000070000002800000038FA1100C041120001000000000000000000000A71220000BFA2139DEDD1D301000000000000000002000000280000000000000080000000000000000000000000000000000000007CBE7000000000000100000001000000 "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"=0x5341435001000000000000000700000028000000F00F1A00F6EC1A0001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Program Files\AVG\Antivirus\setup\instup.exe"=0x5341435001000000000000000700000028000000B0611C002B821C0001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000374C0100000000000100000001000000 "C:\Program Files\ByteFence\Uninstall.exe"=0x5341435001000000000000000700000028000000FA29010091B9DB0001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000005BD00100000000000100000001000000 "C:\Users\famille penaib\Downloads\QuickDiag (1).exe"=0x534143500100000000000000070000002800000098F74E00B9194F0001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000 ---------- | IFEO ---------- | Mountpoints2 ---------- | Windows [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] ""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "Beep"=#USR:Control Panel\Sound "CoolSwitch"=USR:Control Panel\Desktop "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickSpeed"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse "Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SwapMouseButtons"=#USR:Control Panel\Mouse "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "Beep"=#USR:Control Panel\Sound "CoolSwitch"=USR:Control Panel\Desktop "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickSpeed"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SwapMouseButtons"=#USR:Control Panel\Mouse "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems] "windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ---------- | Security center [HKLM\SOFTWARE\Microsoft\Security Center] "cval"=1 [HKLM\SOFTWARE\Microsoft\Security Center\svc] "VistaSp1"=131711420953551256 [HKLM\SOFTWARE\Microsoft\Windows Defender] "ProductAppDataPath"=C:\ProgramData\Microsoft\Windows Defender "ProductIcon"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-100 "ProductLocalizedName"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-1000 "RemediationExe"=%ProgramFiles%\Windows Defender\MSASCui.exe "DisableAntiSpyware"=1 "ProductType"=2 "ManagedDefenderProductType"=0 "ProductStatus"=0 "InstallTime"=0xC76CC1E4B2ECD101 "OOBEInstallTime"=0x9E9E66BD7419D201 "InstallLocation"=C:\Program Files\Windows Defender\ "DisableAntiVirus"=1 "PassiveMode"=0 "LastEnabledTime"=0xDE0E64E06AC8D401 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall"=1 ---------- | Safeboot [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioSrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicDisplay.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicRender.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BrokerInfrastructure] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DeviceInstall] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dxgkrnl.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FsDepends.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudBus.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LSM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SerCx2.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SystemEventsBroker] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\usbaudio.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AudioEndpointBuilder] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AudioSrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicDisplay.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicRender.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BrokerInfrastructure] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DeviceInstall] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dxgkrnl.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\FsDepends.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HdAudAddService.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HdAudBus.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LSM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetSetupSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SerCx2.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmartcardSimulator] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SpbCx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SystemEventsBroker] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\uefi.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\usbaudio.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VirtualSmartcardReader] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wcmsvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96C-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}] ---------- | Winsock (Whitelist) ---------- | Hosts # unchecky_begin # These rules were added by the Unchecky program in order to block advertising software modules 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com 0.0.0.0 media.opencandy.com 0.0.0.0 cdn.opencandy.com 0.0.0.0 tracking.opencandy.com 0.0.0.0 api.opencandy.com [64] More lines ---------- | Ping Envoi d'une requ?te 'ping' sur google.com [216.58.209.238] avec 32 octets de donn?es?: R?ponse de 216.58.209.238?: octets=32 temps=17 ms TTL=52 R?ponse de 216.58.209.238?: octets=32 temps=16 ms TTL=52 R?ponse de 216.58.209.238?: octets=32 temps=16 ms TTL=52 R?ponse de 216.58.209.238?: octets=32 temps=16 ms TTL=52 Statistiques Ping pour 216.58.209.238: Paquets?: envoy?s = 4, re?us = 4, perdus = 0 (perte 0%), Dur?e approximative des boucles en millisecondes : Minimum = 16ms, Maximum = 17ms, Moyenne = 16ms ---------- | @ [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\Microsoft\Internet Explorer\Main] "Anchor Underline"=yes "Cache_Update_Frequency"=Once_Per_Session "Disable Script Debugger"=yes "DisableScriptDebuggerIE"=yes "Display Inline Images"=yes "Do404Search"=0x01000000 "Local Page"=C:\WINDOWS\system32\blank.htm "Save_Session_History_On_Exit"=no "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Show_FullURL"=no "Show_StatusBar"=yes "Show_ToolBar"=yes "Show_URLinStatusBar"=yes "Show_URLToolBar"=yes "Use_DlgBox_Colors"=yes "UseClearType"=no "XMLHTTP"=1 "Enable Browser Extensions"=yes "Play_Background_Sounds"=yes "Play_Animations"=yes "Start Page"=http://www.accueil-nav.com/ "Default_Page_URL"=http://www.oem15.msn.com/?pc=NMTE "DisableFirstRunCustomize"=3 "Default_Secondary_Page_URL"=http://www.ldlc.com "ApplicationTileImmersiveActivation"=0 "AssociationActivationMode"=2 "ImageStoreRandomFolder"=ysvv53g "OperationalData"=13 "EdgeSwitchingOSBuildNumber"=10586.th2_release.160104-1513 "CompatibilityFlags"=0 "FullScreen"=no "Window_Placement"=0x2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0000000000000000200300003A020000 "Start Page_TIMESTAMP"=0xE9F65E8763D7D401 "SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy"= "IE10RunOncePerInstallCompleted"=1 "IE10RunOnceCompletionTime"=0x4FE6C752CDEED301 "DownloadWindowPlacement"=0x2C0000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF100400000101000090060000E1020000 "SuppressScriptDebuggerDialog"=0 "Use FormSuggest"=no "SearchBandMigrationVersion"=1 "HistoryViewType"=0x0000 "HistoryTopNSitesView"=20 "AutoHide"=yes "NotifyDownloadComplete"=yes "StatusBarOther"=1 "StartPageCache"=1 "RunOnceHasShown"=1 "RunOnceComplete"=1 "SearchMigrated"=0 "NoUpdateCheck"=1 [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\Microsoft\Windows\CurrentVersion\Internet settings] "DisableCachingOfSSLPages"=0 "IE5_UA_Backup_Flag"=5.0 "PrivacyAdvanced"=1 "SecureProtocols"=2688 "CertificateRevocation"=1 "User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32) "ZonesSecurityUpgrade"=0x4FE6C752CDEED301 "WarnonZoneCrossing"=0 "EnableNegotiate"=1 "MigrateProxy"=1 "ProxyEnable"=0 [HKLM\Software\Microsoft\Internet Explorer\Main] "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "AutoHide"=yes "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Anchor_Visitation_Horizon"=0x01000000 "Cache_Percent_of_Disk"=0x0A000000 "Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Secondary_Page_URL"= "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "Extensions Off Page"=about:NoAdd-ons "Local Page"=C:\Windows\System32\blank.htm "Placeholder_Height"=0x1A000000 "Placeholder_Width"=0x1A000000 "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Security Risk Page"=about:SecurityRisk "Use_Async_DNS"=yes "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE "TabProcGrowth"=Medium [HKLM\Software\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "Home"=270 "InPrivate"=res://ieframe.dll/inprivate.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "PostNotCached"=res://ieframe.dll/repost.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes] "ftp"=ftp:// "home"=http:// "mosaic"=http:// "www"=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings] "ActiveXCache"=C:\Windows\Downloaded Program Files "CodeBaseSearchPath"=CODEBASE "EnablePunycode"=1 "MinorVersion"=0 "WarnOnIntranet"=1 "Configuration!PartnerSearchCode"=NMTE [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Main] "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "AutoHide"=yes "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Anchor_Visitation_Horizon"=0x01000000 "Cache_Percent_of_Disk"=0x0A000000 "Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Secondary_Page_URL"= "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "Extensions Off Page"=about:NoAdd-ons "Local Page"=C:\Windows\SysWOW64\blank.htm "Placeholder_Height"=0x1A000000 "Placeholder_Width"=0x1A000000 "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Security Risk Page"=about:SecurityRisk "Use_Async_DNS"=yes "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "Home"=270 "InPrivate"=res://ieframe.dll/inprivate.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "PostNotCached"=res://ieframe.dll/repost.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes] "ftp"=ftp:// "home"=http:// "mosaic"=http:// "www"=http:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet settings] "ActiveXCache"=C:\Windows\Downloaded Program Files "CodeBaseSearchPath"=CODEBASE "EnablePunycode"=1 "MinorVersion"=0 "WarnOnIntranet"=1 ---------- | Proxy ---------- | reparsepoint ---------- | Detection of offsets ---------- | Notify ---------- | Execution FileExts ---------- | SIOI | SEH | URLSH [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ AccExtIco1] - {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [26/05/2017 02:18:36] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ AccExtIco2] - {853B7E05-C47D-4985-909A-D0DC5C6D7303} -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [26/05/2017 02:18:36] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ AccExtIco3] - {42D38F2E-98E9-4382-B546-E24E4D6D04BB} -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [26/05/2017 02:18:36] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6] - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7] - {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw] - {472083B0-C522-11CF-8763-00608CC02F24} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast] - {472083B0-C522-11CF-8763-00608CC02F24} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg] - {472083B0-C522-11CF-8763-00608CC02F24} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} -- C:\Windows\System32\EhStorShell.dll [12/04/2018 00:34:24] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6] - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7] - {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} -- [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks] "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"= ---------- | Toolbar [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "Locked"=0 [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser] "ITBar7Layout"=0x13000000000000000000000030000000100000001500000001000000800600005E010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 "ITBar7Height"=21 [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={FCD6C8AA-FD14-4238-8027-AE784CA13666} "KnownProvidersUpgradeTime"=0x4FE6C752CDEED301 "DownloadRetries"=2 "Version"=5 "UpgradeTime"=0x4FE6C752CDEED301 [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={12604FFF-7AE0-4C61-A6E8-709C33155855} [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={12604FFF-7AE0-4C61-A6E8-709C33155855} ---------- | Extensions [HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}] : (Se&nd to OneNote) - [] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] : (Lync Click to Call) - [] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{48A61126-9A19-4C50-A214-FF08CB94995C}] : (McAfee WebAdvisor) - [] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}] : (OneNote Lin&ked Notes) - [] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}] : (Se&nd to OneNote) - [] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{48A61126-9A19-4C50-A214-FF08CB94995C}] : (McAfee WebAdvisor) - [] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}] : (OneNote Lin&ked Notes) - [] ---------- | SearchScopes [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (Bing) - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 : [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{12604FFF-7AE0-4C61-A6E8-709C33155855}] - (Bing) - http://www.bing.com/search?q={searchTerms}&form=PRNAM1&src=IE11TR&pc=NMTE : [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF}] - (Amazon) - https://www.amazon.fr/gp/bit/amazonserp/ref=bit_bds-p10_serp_ie_fr_display?ie=UTF8&tagbase=bds-p10&tbrId=v1_abb-channel-10_57feb251_1201_1401_20160822_FR_ie_ds_&tag=bds-p10-serp-fr-ie-21&query={searchTerms} : [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C2FB16E9-B89F-4D05-9A8C-38E23915997C}] - (Yahoo Search) - https://fr.search.yahoo.com/search?p={searchTerms}&intl=fr&fr=yset_ie_syc_oracle&type=orcl_default&partnerexternal-oracle=external-oracle : [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FCD6C8AA-FD14-4238-8027-AE784CA13666}] - (Recherche) - http://www.accueil-nav.com/search?q={searchTerms} : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{12604FFF-7AE0-4C61-A6E8-709C33155855}] - (Bing) - http://www.bing.com/search?q={searchTerms}&form=PRNAM1&src=IE11TR&pc=NMTE : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{12604FFF-7AE0-4C61-A6E8-709C33155855}] - (Bing) - http://www.bing.com/search?q={searchTerms}&form=PRNAM1&src=IE11TR&pc=NMTE : ---------- | Browser Helper Objects [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] -> () : [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}] -> (McAfee WebAdvisor) : C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [20/02/2019 12:57:06] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] -> (Java(tm) Plug-In SSV Helper) : C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [12/07/2017 13:56:50] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}] -> (McAfee WebAdvisor) : C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [20/02/2019 12:57:06] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] -> (Java(tm) Plug-In 2 SSV Helper) : C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [12/07/2017 13:56:49] ---------- | Chrome C:\Users\famille penaib\AppData\Local\Google\Chrome\User Data\Default\extensions\aapocclcgogkmnckokdopfmhonfmgoek = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\famille penaib\AppData\Local\Google\Chrome\User Data\Default\extensions\aohghmighlieiainnegkcijnfilokake = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\famille penaib\AppData\Local\Google\Chrome\User Data\Default\extensions\apdfllckaahabafndbhieahigkjlhalf = : Google & co - https://drive.google.com/?usp=chrome_app - Google & co - [http://docs.google.com/http://drive.google.com/https://docs.google.com/https://drive.google.com/] - https://clients2.google.com/service/update2/crx C:\Users\famille penaib\AppData\Local\Google\Chrome\User Data\Default\extensions\blngdeeenccpfjbkolalandfmiinhkak = : ByteFence Secure Browsing protects you from browsing to malicious URLs and allows you to safely search the web - version_name: 10.1.3.90 - permissions:[managementcookiescontextMenusbookmarkstopSiteswebRequestwebRequestBlockingtabswebNavigationstorageunlimitedStoragedownloadsnotificationsalarms\u003Call_urls>] - https://clients2.google.com/service/update2/crx C:\Users\famille penaib\AppData\Local\Google\Chrome\User Data\Default\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo = : Google & co - http://www.youtube.com - http://www.youtube.com - Google & co - http://clients2.google.com/service/update2/crx C:\Users\famille penaib\AppData\Local\Google\Chrome\User Data\Default\extensions\felcaaldnbdncclmgdcncolpebgiejap = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\famille penaib\AppData\Local\Google\Chrome\User Data\Default\extensions\fheoggkfdfchfphceeifdbepaooicaho = : __MSG_res_PRODUCT_NAME_TRADEMARKED__ - __MSG_res_PRODUCT_NAME_TRADEMARKED__ - permissions:[tabs\u003Call_urls>downloadsnativeMessagingwebRequeststoragewebRequestBlocking] - https://clients2.google.com/service/update2/crx C:\Users\famille penaib\AppData\Local\Google\Chrome\User Data\Default\extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi = : __MSG_extDesc__ - __MSG_extName__ - https://clients2.google.com/service/update2/crx C:\Users\famille penaib\AppData\Local\Google\Chrome\User Data\Default\extensions\nmmhkkegccagdldgiimedpiccmgmieda = : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx C:\Users\famille penaib\AppData\Local\Google\Chrome\User Data\Default\extensions\pdpcpceofkopegffcdnffeenbfdldock = : With Secured Search you can safely search the web! Use the secured/malicious shields to safely navigate to your desired contents. - version_name: 10.1.3.121 - permissions:[managementcookiescontextMenusbookmarkstopSiteswebRequestwebRequestBlockingtabswebNavigationstorageunlimitedStoragedownloadsnotificationsalarms\u003Call_urls>] - https://clients2.google.com/service/update2/crx C:\Users\famille penaib\AppData\Local\Google\Chrome\User Data\Default\extensions\pjkljhegncpnkpknbcohdijeoejaedia = : Google & co - https://mail.google.com/mail/ca - Google & co - [*://mail.google.com/mail/ca] - http://clients2.google.com/service/update2/crx C:\Users\famille penaib\AppData\Local\Google\Chrome\User Data\Default\extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm = : Provider for discovery and services for mirroring of Chrome Media Router - Chrome Media Router - 919648714761-55j965o0km033psv3i9qls5mo3qtdrb0.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\Google\Chrome\Extensions\pdpcpceofkopegffcdnffeenbfdldock] [HKLM\Software\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho] [HKLM\Software\Google\Chrome\Extensions\mchjnmdbdlkdbfliogedbnpnanfjnolk] [HKLM\Software\Google\Chrome\Extensions\pdpcpceofkopegffcdnffeenbfdldock] [HKLM\Software\WOW6432Node\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho] ---------- | Opera ---------- | Firefox [HKLM\Software\mozilla\Firefox\Extensions] "light_plugin_A07576A3CEBC4A72A8CF2C925907DB05@kaspersky.com"=C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\FFExt\light_plugin_firefox\addon.xpi "{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"=C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [HKLM\Software\WOW6432Node\mozilla\Firefox\Extensions] "light_plugin_A07576A3CEBC4A72A8CF2C925907DB05@kaspersky.com"=C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\FFExt\light_plugin_firefox\addon.xpi "{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"=C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.4] - (VLC Multimedia Plugin) : C:\Program Files\VideoLAN\VLC\npvlc.dll [HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect] - () : C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.131.2] - (Java™ Deployment Toolkit) : C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.131.2] - (Oracle® Next Generation Java™ Plug-In) : C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0] - (Microsoft SharePoint Plug-in for Firefox) : C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [HKLM\Software\WOW6432Node\MozillaPlugins\Adobe Reader] - (Handles PDFs in-place in Firefox) : C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [HKLM\Software\WOW6432Node\MozillaPlugins\adobe.com/AdobeAAMDetect] - () : C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll C:\Users\famille penaib\AppData\Roaming\Mozilla\Firefox\Profiles\62965y1v.default\Prefs.js user_pref("browser.startup.homepage", "http://www.accueil-nav.com/"); user_pref("browser.startup.homepage_override.buildID", "20180315233128"); user_pref("browser.startup.homepage_override.mstone", "59.0.1"); user_pref("e10s.rollout.cohort", "webextensions-multiBucket4"); user_pref("extensions.blocklist.pingCountTotal", 4); user_pref("extensions.blocklist.pingCountVersion", 3); user_pref("extensions.bootstrappedAddons", "{\"light_plugin_448EC0843447455C9DA355B3C2811D6A@kaspersky.com\":{\"version\":\"5.1.94.24d-20171109154438\",\"type\":\"webextension\",\"multiprocessCompatible\":false,\"descriptor\":\"C:\\\\Program Files (x86)\\\\Kaspersky Lab\\\\Kaspersky Free 18.0.0\\\\FFExt\\\\light_plugin_firefox\\\\addon.xpi\"}}"); user_pref("extensions.databaseSchema", 24); user_pref("extensions.e10s.rollout.blocklist", ""); user_pref("extensions.e10s.rollout.hasAddon", true); user_pref("extensions.e10s.rollout.policy", "50allmpc"); user_pref("extensions.e10sBlockedByAddons", false); user_pref("extensions.e10sMultiBlockedByAddons", false); user_pref("extensions.getAddons.cache.lastUpdate", 1514819664); user_pref("extensions.getAddons.databaseSchema", 5); user_pref("extensions.lastAppBuildId", "20180315233128"); user_pref("extensions.lastAppVersion", "59.0.1"); user_pref("extensions.lastPlatformVersion", "59.0.1"); user_pref("extensions.pendingOperations", false); user_pref("extensions.shield-recipe-client.first_run", false); user_pref("extensions.shield-recipe-client.startupExperimentMigrated", true); user_pref("extensions.shield-recipe-client.startupExperimentPrefs.geo.provider.ms-windows-location", true); user_pref("extensions.shield-recipe-client.user_id", "3c8ac6c6-9c30-4fbb-86f1-014ba3bc019d"); user_pref("extensions.systemAddonSet", "{\"schema\":1,\"addons\":{}}"); user_pref("extensions.webextensions.uuids", "{\"screenshots@mozilla.org\":\"2f21f765-2b9e-4037-b0ae-4d0e8e1cb743\",\"light_plugin_448EC0843447455C9DA355B3C2811D6A@kaspersky.com\":\"6c03867a-e3f4-4cff-abe0-a29bbb9856c4\",\"{4ED1F68A-5463-4931-9384-8FFF5ED91D92}\":\"c282f3f4-4998-4efe-b020-0144e98798a4\"}"); [Profile0] - Name=default -> Profiles/62965y1v.default ---------- | DNS [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters] "DhcpNameServer"=192.168.1.1 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{427ab548-ef2c-4e13-ae3a-012da8d96bdd}] "DhcpNameServer"=192.168.1.1 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{b51cee87-fc0d-462c-b37f-97a474df95f9}] "DhcpNameServer"=10.200.2.250 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{427ab548-ef2c-4e13-ae3a-012da8d96bdd}] "DhcpNameServer"=192.168.1.1 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{b51cee87-fc0d-462c-b37f-97a474df95f9}] "DhcpNameServer"=10.200.2.250 ---------- | Applications [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\SOFTWARE\Classes\Applications\opera.exe] : "C:\Users\famille penaib\AppData\Local\Programs\Opera\Launcher.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 [HKLM\SOFTWARE\Classes\Applications\MSOXMLED.EXE] : "C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE" "%1" [HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\Classes\Applications\provtool.exe] : "%SystemRoot%\System32\provtool.exe" "%1" /source ShellOpen [HKLM\SOFTWARE\Classes\Applications\videopad.exe] : "C:\Program Files (x86)\NCH Software\VideoPad\videopad.exe" "%L" [HKLM\SOFTWARE\Classes\Applications\vlc.exe] : "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "%1" [HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\MSOXMLED.EXE] : "C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\provtool.exe] : "%SystemRoot%\System32\provtool.exe" "%1" /source ShellOpen [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\videopad.exe] : "C:\Program Files (x86)\NCH Software\VideoPad\videopad.exe" "%L" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\vlc.exe] : "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" ---------- | SvcHost (Whitelist) [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost] "DcomLaunch"=Power LSM BrokerInfrastructure PlugPlay DcomLaunch DeviceInstall SystemEventsBroker "rdxgroup"=RetailDemo "wusvcs"=WaaSMedicSvc "BthAppGroup"=BluetoothUserService "BcastDVRUserService"=BcastDVRUserService "Camera"=FrameS "diagnostics"=DiagSvc "PrintWorkflow"=PrintWorkflowUserSvc "GraphicsPerfSvcGroup"=GraphicsPerfSvc "DevicesFlow"=DevicesFlowUserSvc DevicePickerUserSvc "smbsvcs"=lanmanserver [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost] "DcomLaunch"=PlugPlay DcomLaunch DeviceInstall "PrintWorkflow"=PrintWorkflowUserSvc "smbsvcs"=lanmanserver ---------- | SvcHost - Netsvcs (Whitelist) ---------- | Software [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\4kdownload.com] [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\7-Zip] [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\Actiona] [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\Adobe] [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\Algobox] [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\AppDataLow] [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\AVAST Software] [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\AVG] [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\BitTorrent] [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\Blizzard Entertainment] [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\Browser Cleanup] [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\BugSplat] [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\Canneverbe Limited] [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\Cheat Engine] [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\Chromium] [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\Clients] [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\DefaultCompany] [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\Electronic Arts] [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\Epic Games] [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\FreeReign] [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\FreeTime] [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\g3n-h@ckm@n] [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\Google] [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\Hewlett-Packard] [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\HotspotShield] [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\HP] [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\JavaSoft] [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\KADOKAWA] [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\KasperskyLab] [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\Landfall] [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\LucasArts] [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\Macromedia] [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\Malwarebytes] [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\McAfee] [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\Microsoft] [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\Mojang] [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\Monomi Park] [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\Mozilla] [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\MozillaPlugins] [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\MyComGames] [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\NCH Software] [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\NCH Swift Sound] [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\Netscape] [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\NVIDIA Corporation] [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\nwjs] [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\ODBC] [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\OpenOffice] [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\Opera Software] [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\pctonics.com] [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\Piriform] [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\Policies] [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\QtProject] [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\Realtek] [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\RegisteredApplications] [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\Regressi] [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\Roblox] [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\ROBLOX Corporation] [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\Robot Gentleman] [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\Safer Networking Limited] [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\SecuROM] [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\sysinternals] [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\Trolltech] [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\Unchecky] [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\undefined] [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\Unity] [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\upjers GmbH] [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\Valve] [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\WixSharp] [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\Wow6432Node] [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\Xfire] [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\SOFTWARE\AppDataLow\Software\Amazon] [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\SOFTWARE\AppDataLow\Software\Microsoft] [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\Microsoft\Windows\CurrentVersion] [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\Microsoft\Windows\DWM] [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\Microsoft\Windows\PrivacySettingsBeforeCreatorsUpdate] [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\Microsoft\Windows\Shell] [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\Microsoft\Windows\TabletPC] [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\Microsoft\Windows\Windows Error Reporting] [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\7-Zip] [HKLM\Software\Adobe] [HKLM\Software\AGEIA Technologies] [HKLM\Software\Algobox] [HKLM\Software\AVG] [HKLM\Software\Canon] [HKLM\Software\cGN0b25pY3MuY29t] [HKLM\Software\Clients] [HKLM\Software\Dolby] [HKLM\Software\DTS] [HKLM\Software\g3n-h@ckm@n] [HKLM\Software\Google] [HKLM\Software\HP] [HKLM\Software\Intel] [HKLM\Software\KasperskyLab] [HKLM\Software\Khronos] [HKLM\Software\Knowles] [HKLM\Software\Macromedia] [HKLM\Software\Maxis] [HKLM\Software\McAfee] [HKLM\Software\Microsoft] [HKLM\Software\Minnetonka Audio Software] [HKLM\Software\Mozilla] [HKLM\Software\mozilla.org] [HKLM\Software\MozillaPlugins] [HKLM\Software\Nahimic] [HKLM\Software\Nuance] [HKLM\Software\NVIDIA Corporation] [HKLM\Software\ODBC] [HKLM\Software\OEM] [HKLM\Software\Partner] [HKLM\Software\pctonics.com] [HKLM\Software\Piriform] [HKLM\Software\Policies] [HKLM\Software\Realtek] [HKLM\Software\RegisteredApplications] [HKLM\Software\SonicFocus] [HKLM\Software\SoundResearch] [HKLM\Software\Spyshelter] [HKLM\Software\SRS Labs] [HKLM\Software\sysinternals] [HKLM\Software\TAP-Windows] [HKLM\Software\VideoLAN] [HKLM\Software\Waves Audio] [HKLM\Software\WOW6432Node] [HKLM\Software\wtc-pr] [HKLM\Software\Yamaha APO] [HKLM\Software\Microsoft\Windows\ClickNote] [HKLM\Software\Microsoft\Windows\CurrentVersion] [HKLM\Software\Microsoft\Windows\Dwm] [HKLM\Software\Microsoft\Windows\DynamicManagement] [HKLM\Software\Microsoft\Windows\EnterpriseResourceManager] [HKLM\Software\Microsoft\Windows\Heat] [HKLM\Software\Microsoft\Windows\HTML Help] [HKLM\Software\Microsoft\Windows\ITStorage] [HKLM\Software\Microsoft\Windows\PrivacySettingsBeforeCreatorsUpdate] [HKLM\Software\Microsoft\Windows\ScheduledDiagnostics] [HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\Microsoft\Windows\Shell] [HKLM\Software\Microsoft\Windows\Tablet PC] [HKLM\Software\Microsoft\Windows\TabletPC] [HKLM\Software\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\Microsoft\Windows\Windows Search] [HKLM\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\BcastDVRUserService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\btagservice] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\BthAppGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\Camera] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\DevicesFlow] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\diagnostics] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\GraphicsPerfSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ICService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceHttp] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestrictedDhcpLmHosts] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetworkFirewall] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceDnsNla] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\print] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\PrintWorkflow] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\rdxgroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\RmSvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\UnistackSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\WepHostSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wsappx] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wusvcs] [HKLM\Software\WOW6432Node\Adobe] [HKLM\Software\WOW6432Node\AGEIA Technologies] [HKLM\Software\WOW6432Node\Algobox] [HKLM\Software\WOW6432Node\Amazon] [HKLM\Software\WOW6432Node\AppDataLow] [HKLM\Software\WOW6432Node\AutoHotkey] [HKLM\Software\WOW6432Node\AVAST Software] [HKLM\Software\WOW6432Node\AVG] [HKLM\Software\WOW6432Node\bethesda softworks] [HKLM\Software\WOW6432Node\BioWare] [HKLM\Software\WOW6432Node\Blizzard Entertainment] [HKLM\Software\WOW6432Node\BlueStacks] [HKLM\Software\WOW6432Node\Canneverbe Limited] [HKLM\Software\WOW6432Node\Canon] [HKLM\Software\WOW6432Node\EasyAntiCheat] [HKLM\Software\WOW6432Node\electronic arts] [HKLM\Software\WOW6432Node\Google] [HKLM\Software\WOW6432Node\Hewlett-Packard] [HKLM\Software\WOW6432Node\HotspotShield] [HKLM\Software\WOW6432Node\HP] [HKLM\Software\WOW6432Node\Intel] [HKLM\Software\WOW6432Node\JavaSoft] [HKLM\Software\WOW6432Node\JreMetrics] [HKLM\Software\WOW6432Node\KADOKAWA] [HKLM\Software\WOW6432Node\KasperskyLab] [HKLM\Software\WOW6432Node\Khronos] [HKLM\Software\WOW6432Node\LogMeInRescueCallingCard] [HKLM\Software\WOW6432Node\LogMeInRescueCallingCards] [HKLM\Software\WOW6432Node\LucasArts] [HKLM\Software\WOW6432Node\Macromedia] [HKLM\Software\WOW6432Node\maxis] [HKLM\Software\WOW6432Node\McAfee NGI] [HKLM\Software\WOW6432Node\Microsoft] [HKLM\Software\WOW6432Node\MimarSinan] [HKLM\Software\WOW6432Node\Mojang] [HKLM\Software\WOW6432Node\Mozilla] [HKLM\Software\WOW6432Node\MozillaPlugins] [HKLM\Software\WOW6432Node\NCH Software] [HKLM\Software\WOW6432Node\NCH Swift Sound] [HKLM\Software\WOW6432Node\Nuance] [HKLM\Software\WOW6432Node\NVIDIA Corporation] [HKLM\Software\WOW6432Node\ODBC] [HKLM\Software\WOW6432Node\OpenOffice] [HKLM\Software\WOW6432Node\Origin] [HKLM\Software\WOW6432Node\Origin Games] [HKLM\Software\WOW6432Node\SRS Labs] [HKLM\Software\WOW6432Node\SyncIntegrationClients] [HKLM\Software\WOW6432Node\THQ] [HKLM\Software\WOW6432Node\TrendMicro] [HKLM\Software\WOW6432Node\Unchecky] [HKLM\Software\WOW6432Node\Valve] [HKLM\Software\WOW6432Node\WOW6432Node] [HKLM\Software\WOW6432Node\Xfire] [HKLM\Software\WOW6432Node\Yahoo] [HKLM\Software\WOW6432Node\Clients] [HKLM\Software\WOW6432Node\Policies] [HKLM\Software\WOW6432Node\RegisteredApplications] [HKLM\Software\WOW6432Node\Microsoft\Windows\ClickNote] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows\Dwm] [HKLM\Software\WOW6432Node\Microsoft\Windows\EnterpriseResourceManager] [HKLM\Software\WOW6432Node\Microsoft\Windows\Heat] [HKLM\Software\WOW6432Node\Microsoft\Windows\HTML Help] [HKLM\Software\WOW6432Node\Microsoft\Windows\ITStorage] [HKLM\Software\WOW6432Node\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\WOW6432Node\Microsoft\Windows\Tablet PC] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Search] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceHttp] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestrictedDhcpLmHosts] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetworkFirewall] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceDnsNla] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\PrintWorkflow] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\wusvcs] ---------- | Drives E: [15/01/2017 18:59:46] - |A| - (.-.) - [830] - (0.0.0.0) - E:\Nouveau dossier - Raccourci (2).lnk [15/01/2017 18:59:36] - |A| - (.-.) - [830] - (0.0.0.0) - E:\Nouveau dossier - Raccourci.lnk [01/12/2006 23:37:14] - |A| - (.© Microsoft Corporation. - Microsoft® Debug Information Accessor.) - [904704] - (8.0.50727.762) - E:\msdia80.dll [06/05/2017 13:55:14] - |A| - (.Copyright (c) BlueStack Systems Inc. - BlueStacks Thin Installer.) - [339493640] - (0.0.0.0) - E:\BlueStacks2_native_214ed1ec9137522bd7b43ca0f497bda8.exe [17/01/2017 13:11:58] - |A| - (.2001-2014 Canneverbe Limited - CDBurnerXP .) - [6232768] - (4.5.7.6499) - E:\cdbxp_setup_4.5.7.6499.exe [05/09/2017 17:35:08] - |A| - (.Copyright 2015 Google Inc. - Chrome Cleanup Tool.) - [3922040] - (21.120.1.0) - E:\chrome_cleanup_tool.exe [01/11/2017 12:50:02] - |A| - (.Mozilla - Firefox.) - [245800] - (4.42.0.0) - E:\Firefox Installer.exe [12/07/2017 14:00:35] - |A| - (.-.) - [3405669] - (0.0.0.0) - E:\forge-1.7.10-10.13.4.1614-1.7.10-installer-win.exe [17/10/2017 20:49:39] - |A| - (.PortableApps.com Installer Copyright 2007-2012 PortableApps.com. - HijackThis Portable.) - [653048] - (2.0.5.0) - E:\HijackThisPortable_2.0.5_English.paf.exe [22/02/2017 13:55:11] - |A| - (.- Junkware Removal Tool.) - [1663040] - (8.1.0.0) - E:\JRT.exe [13/11/2017 17:44:06] - |A| - (.-.) - [443416] - (0.0.0.0) - E:\Paladium (1).exe [13/11/2017 18:26:18] - |A| - (.-.) - [443416] - (0.0.0.0) - E:\Paladium (2).exe [13/11/2017 17:43:42] - |A| - (.-.) - [443416] - (0.0.0.0) - E:\Paladium.exe [22/02/2017 13:50:17] - |A| - (.© Datpol. - SpyShelter Premium Setup .) - [10477384] - (10.9.0.0) - E:\premiumsetup.exe [27/01/2017 16:54:15] - |A| - (.(C) 2012 ROBLOX Corporation. - Roblox.) - [846904] - (1.6.3.36191) - E:\RobloxPlayerLauncher (1).exe [27/01/2017 16:52:02] - |A| - (.(C) 2012 ROBLOX Corporation. - Roblox.) - [846904] - (1.6.3.36191) - E:\RobloxPlayerLauncher.exe [27/08/2017 13:38:56] - |A| - (.All rights reserved - Unchecky Setup.) - [1359520] - (1.0.3.0) - E:\unchecky_setup.exe [18/03/2017 13:04:34] - |A| - (.-.) - [122878] - (0.0.0.0) - E:\alibi.com ---------- | C: [15/03/2017 10:56:21] - |HD| - [335872] - C:\$AV_ASW [19/11/2017 15:12:43] - |SHD| - [1372] - C:\$RECYCLE.BIN [MD5.D640B5CC0C6694B1434B9D817E053ECB] - [13/04/2017 09:37:35] - |AH| - (.-.) - [40] - (0.0.0.0) - C:\3ABCD28EBA4E [MD5.1F9ACCEE784632EACAA392749B8A4082] - [20/02/2019 13:06:52] - |A| - (.-.) - [1384] - (0.0.0.0) - C:\abtext.txt [25/12/2016 19:42:19] - |D| - [21118456] - C:\AdwCleaner [MD5.93B885ADFE0DA089CDF634904FD59F71] - [30/10/2015 09:13:44] - |ASH| - (.-.) - [1] - (0.0.0.0) - C:\BOOTNXT [05/02/2016 17:09:09] - |SHD| - [0] - C:\Documents and Settings [MD5.B796CC3F6377BDAD3B0DB15477431200] - [19/11/2017 14:07:36] - |A| - (.-.) - [21] - (0.0.0.0) - C:\folders.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - [18/05/2018 19:30:24] - |ASH| - (.-.) - [3420495872] - (0.0.0.0) - C:\hiberfil.sys [02/08/2016 11:52:36] - |D| - [2233] - C:\MININT [13/11/2017 17:59:11] - |D| - [0] - C:\outputzip [MD5.D41D8CD98F00B204E9800998ECF8427E] - [28/05/2018 13:03:17] - |ASH| - (.-.) - [1811939328] - (0.0.0.0) - C:\pagefile.sys [12/04/2018 00:38:20] - |D| - [0] - C:\PerfLogs [12/04/2018 00:38:20] - |RD| - [9982878785] - C:\Program Files [12/04/2018 00:38:20] - |RD| - [60395742291] - C:\Program Files (x86) [12/04/2018 00:38:20] - |HD| - [5243106674] - C:\ProgramData [17/03/2019 16:34:57] - |D| - [68685] - C:\QuickDiag [MD5.5DBBE1564BEA631E6743790C1D9B217B] - [17/03/2019 16:34:59] - |A| - (.-.) - [204020] - (0.0.0.0) - C:\QuickDiag.txt [MD5.EE95A5E70E12392FB247317FC274B521] - [21/02/2019 07:36:18] - |A| - (.-.) - [370] - (0.0.0.0) - C:\rebootclean.txt [05/02/2016 16:45:27] - |HD| - [1555290430] - C:\Recovery [MD5.3BC13B0CDD5A5C4314BC12B8EC9A89B3] - [19/11/2017 13:52:39] - |A| - (.-.) - [700] - (0.0.0.0) - C:\runcheck.txt [MD5.D41D8CD98F00B204E9800998ECF8427E] - [18/05/2018 19:27:27] - |ASH| - (.-.) - [16777216] - (0.0.0.0) - C:\swapfile.sys [02/08/2016 12:41:48] - |SHD| - [0] - C:\System Volume Information [01/09/2016 14:51:43] - |D| - [1560036] - C:\System.sav [MD5.03740D3124E84F304BDA87F3C9B2DFA6] - [28/02/2017 17:06:21] - |A| - (.Syndicate, LLC, http://www.technicpack.net - Technic Launcher.) - [4734784] - (4.0.0.349) - C:\TechnicLauncher.exe [12/09/2017 18:25:40] - |D| - [0] - C:\Temp [MD5.D3783E41A51BE1D6C95897761496D82F] - [12/09/2017 18:33:51] - |A| - (.-.) - [1051] - (0.0.0.0) - C:\TempRegressi.rw3 [11/04/2018 22:04:33] - |RD| - [22487062751] - C:\Users [MD5.99483CA5E2033ADF251CCCE63B2999CE] - [17/02/2017 13:13:05] - |A| - (.-.) - [829] - (0.0.0.0) - C:\Vidéos - Raccourci.lnk [11/04/2018 22:04:33] - |D| - [32579336597] - C:\Windows [MD5.79ED1288840EFA83AF2DCFA23D02370F] - [21/02/2019 07:36:18] - |A| - (.-.) - [4228] - (0.0.0.0) - C:\wtcrebootclean.txt [19/11/2017 14:07:35] - |D| - [8067627] - C:\zoek [MD5.B241EEC536AA1A4964B116650953B898] - [19/11/2017 13:53:33] - |A| - (.-.) - [82474] - (0.0.0.0) - C:\zoek-results.log [MD5.3CA0B30B673321449E6D39D735576D29] - [19/11/2017 14:05:50] - |A| - (.-.) - [80946] - (0.0.0.0) - C:\zoek-results2017-11-19-125724.log [19/11/2017 13:52:37] - |D| - [0] - C:\zoek_backup ---------- | C:\WINDOWS [12/04/2018 00:38:20] - |D| - [802] - C:\WINDOWS\addins [12/04/2018 00:38:20] - |D| - [12428234] - C:\WINDOWS\appcompat [12/04/2018 00:38:20] - |D| - [8633860] - C:\WINDOWS\apppatch [12/04/2018 00:38:20] - |D| - [0] - C:\WINDOWS\AppReadiness [12/04/2018 00:38:20] - |RSD| - [892277042] - C:\WINDOWS\assembly [MD5.D41D8CD98F00B204E9800998ECF8427E] - [02/08/2016 12:44:15] - |A| - (.-.) - [0] - (0.0.0.0) - C:\WINDOWS\authtest.txt [MD5.12EBDA58437CD1EA7066FCB6455241D2] - [03/01/2017 11:43:04] - |A| - (.Copyright (c) 2014 AVAST Software - avast! Screen Saver stub.) - [53208] - (12.3.3154.0) - C:\WINDOWS\avastSS.scr [12/04/2018 00:38:20] - |D| - [720353] - C:\WINDOWS\bcastdvr [MD5.178BA90AA13F6F834E5C060DC923FB55] - [12/04/2018 00:34:02] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Utilitaire de service de fichier de démarrage.) - [67072] - (10.0.17134.1) - C:\WINDOWS\bfsvc.exe [12/04/2018 00:38:20] - |D| - [38333074] - C:\WINDOWS\Boot [MD5.282433C0C8E75A2B0C431C51892718E5] - [18/05/2018 20:24:49] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\WINDOWS\bootstat.dat [12/04/2018 00:38:21] - |D| - [2456664] - C:\WINDOWS\Branding [12/04/2018 00:30:02] - |D| - [0] - C:\WINDOWS\CbsTemp [MD5.B3F1FA363E481014ED7965F9ED716B5D] - [18/05/2018 19:30:45] - |A| - (.-.) - [15864] - (0.0.0.0) - C:\WINDOWS\comsetup.log [MD5.A155FFABF2F04265A97274CCAB44D773] - [12/04/2018 17:23:39] - |A| - (.-.) - [35138] - (0.0.0.0) - C:\WINDOWS\Core.xml [12/04/2018 00:38:21] - |D| - [11482410] - C:\WINDOWS\Cursors [12/04/2018 00:38:21] - |D| - [4232559] - C:\WINDOWS\debug [MD5.99F5D5BBD351694638DF3C0CC4A919A3] - [18/05/2018 19:34:17] - |A| - (.-.) - [7623] - (0.0.0.0) - C:\WINDOWS\diagerr.xml [12/04/2018 00:38:21] - |D| - [4799891] - C:\WINDOWS\diagnostics [MD5.99F5D5BBD351694638DF3C0CC4A919A3] - [18/05/2018 19:34:17] - |A| - (.-.) - [7623] - (0.0.0.0) - C:\WINDOWS\diagwrn.xml [12/04/2018 17:18:37] - |D| - [0] - C:\WINDOWS\DigitalLocker [MD5.48FACD11CBB6F17206B54CCDA62CD15D] - [31/12/2017 13:48:28] - |A| - (.-.) - [34586] - (0.0.0.0) - C:\WINDOWS\DirectX.log [12/04/2018 00:38:21] - |SD| - [65] - C:\WINDOWS\Downloaded Program Files [MD5.F2F9C8DF7F96512D5022167F99E8FDE5] - [12/04/2018 00:40:39] - |A| - (.-.) - [4179] - (0.0.0.0) - C:\WINDOWS\DtcInstall.log [12/04/2018 00:38:21] - |HD| - [59896] - C:\WINDOWS\ELAMBKUP [12/04/2018 17:18:37] - |D| - [96256] - C:\WINDOWS\en-US [MD5.E4A81EDDFF8B844D85C8B45354E4144E] - [05/09/2018 23:33:12] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [3932672] - (10.0.17134.165) - C:\WINDOWS\explorer.exe [12/04/2018 00:38:21] - |RSD| - [590656684] - C:\WINDOWS\Fonts [12/04/2018 17:18:37] - |D| - [109568] - C:\WINDOWS\fr-FR [12/04/2018 00:38:21] - |D| - [0] - C:\WINDOWS\GameBarPresenceWriter [12/04/2018 00:38:21] - |D| - [47788657] - C:\WINDOWS\Globalization [12/04/2018 00:38:21] - |D| - [72614565] - C:\WINDOWS\Help [MD5.FFD31D96B8D4BAB8B0F83E42B7430A54] - [05/09/2018 23:32:48] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Aide et support Microsoft.) - [1054720] - (10.0.17134.137) - C:\WINDOWS\HelpPane.exe [MD5.A50C9DF7603E2F1AEA6B54053794A326] - [12/04/2018 00:34:25] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Exécutable de l’aide HTML Microsoft®.) - [17920] - (10.0.17134.1) - C:\WINDOWS\hh.exe [12/04/2018 00:38:21] - |D| - [29869] - C:\WINDOWS\IdentityCRL [12/04/2018 00:38:21] - |D| - [28829590] - C:\WINDOWS\IME [12/04/2018 00:38:21] - |RD| - [8496633] - C:\WINDOWS\ImmersiveControlPanel [12/04/2018 00:36:48] - |D| - [121274819] - C:\WINDOWS\INF [12/04/2018 00:38:21] - |D| - [1578812474] - C:\WINDOWS\InfusedApps [12/04/2018 00:38:21] - |D| - [38137502] - C:\WINDOWS\InputMethod [12/04/2018 00:38:21] - |SHDC| - [1214526515] - C:\WINDOWS\Installer [12/04/2018 00:38:21] - |D| - [94163] - C:\WINDOWS\L2Schemas [12/04/2018 00:38:21] - |HD| - [0] - C:\WINDOWS\LanguageOverlayCache [12/04/2018 00:38:21] - |D| - [0] - C:\WINDOWS\LiveKernelReports [11/04/2018 22:04:39] - |D| - [59475831] - C:\WINDOWS\Logs [12/04/2018 00:38:21] - |RSD| - [20517644] - C:\WINDOWS\media [MD5.23AF90D2355D8C83AA4567EF1763B467] - [12/04/2018 00:34:36] - |A| - (.-.) - [43131] - (0.0.0.0) - C:\WINDOWS\mib.bin [12/04/2018 00:38:20] - |RD| - [841464313] - C:\WINDOWS\Microsoft.NET [12/04/2018 00:38:21] - |D| - [3135] - C:\WINDOWS\Migration [23/05/2018 14:05:13] - |D| - [0] - C:\WINDOWS\Minidump [12/04/2018 00:38:21] - |D| - [0] - C:\WINDOWS\ModemLogs [MD5.BB9A06B8F2DD9D24C77F389D7B2B58D2] - [12/04/2018 00:34:20] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Bloc-notes.) - [245760] - (10.0.17134.1) - C:\WINDOWS\notepad.exe [MD5.74F28574BB8F61FFC7DD419FE6B6E0D5] - [08/02/2017 23:30:19] - |A| - (.-.) - [1951] - (0.0.0.0) - C:\WINDOWS\NvContainerRecovery.bat [12/04/2018 17:22:25] - |D| - [199472] - C:\WINDOWS\OCR [05/02/2016 17:13:50] - |D| - [109795] - C:\WINDOWS\OEMFolder [12/04/2018 00:38:21] - |RD| - [65] - C:\WINDOWS\Offline Web Pages [13/05/2018 11:59:16] - |DC| - [298272183] - C:\WINDOWS\Panther [12/04/2018 00:38:21] - |D| - [504572] - C:\WINDOWS\Performance [MD5.7EC0D18132AE664FB5535120BB198027] - [27/08/2017 14:00:54] - |A| - (.-.) - [1291570] - (0.0.0.0) - C:\WINDOWS\PFRO.log [12/04/2018 00:38:21] - |D| - [1283900] - C:\WINDOWS\PLA [12/04/2018 00:38:21] - |D| - [3514778] - C:\WINDOWS\PolicyDefinitions [18/05/2018 19:27:48] - |D| - [6830213] - C:\WINDOWS\Prefetch [12/04/2018 00:38:21] - |RD| - [1965014] - C:\WINDOWS\PrintDialog [12/04/2018 00:38:21] - |D| - [5261619] - C:\WINDOWS\Provisioning [MD5.AC91328EE5CFFBD695CE912F75F876F6] - [12/04/2018 00:34:34] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Éditeur du Registre.) - [336384] - (10.0.17134.1) - C:\WINDOWS\regedit.exe [12/04/2018 00:38:21] - |D| - [1117876] - C:\WINDOWS\Registration [12/04/2018 00:38:21] - |D| - [5529472] - C:\WINDOWS\rescache [12/04/2018 00:38:21] - |D| - [3633177] - C:\WINDOWS\Resources [05/02/2016 17:13:51] - |D| - [141360901] - C:\WINDOWS\ScanState [12/04/2018 00:38:21] - |D| - [0] - C:\WINDOWS\SchCache [12/04/2018 00:38:21] - |D| - [122082] - C:\WINDOWS\schemas [14/11/2016 00:58:03] - |D| - [1670721945] - C:\WINDOWS\SecSrv [12/04/2018 00:38:21] - |D| - [6451750] - C:\WINDOWS\security [18/05/2018 20:24:28] - |D| - [64185934] - C:\WINDOWS\ServiceProfiles [12/04/2018 00:38:21] - |D| - [0] - C:\WINDOWS\ServiceState [11/04/2018 22:04:33] - |D| - [81327990] - C:\WINDOWS\servicing [12/04/2018 00:41:20] - |D| - [42] - C:\WINDOWS\Setup [MD5.D41D8CD98F00B204E9800998ECF8427E] - [18/05/2018 19:28:30] - |A| - (.-.) - [0] - (0.0.0.0) - C:\WINDOWS\setuperr.log [12/04/2018 00:38:21] - |D| - [6442496] - C:\WINDOWS\ShellComponents [12/04/2018 00:38:21] - |D| - [53630976] - C:\WINDOWS\ShellExperiences [20/02/2019 12:38:56] - |D| - [324] - C:\WINDOWS\ShellNew [12/04/2018 17:19:39] - |D| - [3070736] - C:\WINDOWS\SKB [MD5.FB9372BC10F162645F64884A47B5F79D] - [06/06/2017 15:04:21] - |A| - (.-.) - [61304] - (8.0.4624.2183) - C:\WINDOWS\SMSS-PFRO1126.tmp [MD5.FB9372BC10F162645F64884A47B5F79D] - [06/06/2017 15:04:21] - |A| - (.-.) - [61304] - (8.0.4624.2183) - C:\WINDOWS\SMSS-PFRO1220.tmp [MD5.FB9372BC10F162645F64884A47B5F79D] - [06/06/2017 15:04:21] - |A| - (.-.) - [61304] - (8.0.4624.2183) - C:\WINDOWS\SMSS-PFRO1339.tmp [MD5.5DF51062CE9D927AABA58A92C5675751] - [02/08/2016 12:44:31] - |A| - (.-.) - [51] - (0.0.0.0) - C:\WINDOWS\smsts.ini [02/08/2016 12:43:05] - |D| - [291673084] - C:\WINDOWS\SoftwareDistribution [12/04/2018 00:38:21] - |D| - [86039745] - C:\WINDOWS\Speech [12/04/2018 00:38:21] - |D| - [63476142] - C:\WINDOWS\Speech_OneCore [MD5.8D59B31FF375059E3C32B17BF31A76D5] - [12/04/2018 00:34:41] - |A| - (.© Microsoft Corporation. - Print driver host for applications.) - [130560] - (10.0.17134.1) - C:\WINDOWS\splwow64.exe [12/04/2018 00:38:21] - |D| - [31039] - C:\WINDOWS\System [MD5.286A9EDB379DC3423A528B0864A0F111] - [30/10/2015 08:24:29] - |A| - (.-.) - [219] - (0.0.0.0) - C:\WINDOWS\system.ini [11/04/2018 22:04:33] - |D| - [15293767523] - C:\WINDOWS\System32 [12/04/2018 00:38:21] - |D| - [226344651] - C:\WINDOWS\SystemApps [12/04/2018 00:38:21] - |D| - [27057957] - C:\WINDOWS\SystemResources [11/04/2018 22:04:41] - |D| - [1596261090] - C:\WINDOWS\SysWOW64 [12/04/2018 00:38:21] - |D| - [0] - C:\WINDOWS\TAPI [30/10/2015 08:24:25] - |D| - [406] - C:\WINDOWS\Tasks [12/04/2018 00:38:21] - |D| - [62012091] - C:\WINDOWS\Temp [12/04/2018 00:38:21] - |D| - [13610496] - C:\WINDOWS\TextInput [12/04/2018 00:38:21] - |D| - [0] - C:\WINDOWS\tracing [12/04/2018 00:38:21] - |D| - [32164984] - C:\WINDOWS\twain_32 [MD5.076387B253E6A381090F59EDBFC5EEF6] - [12/04/2018 00:34:53] - |A| - (.- Gestionnaire de sources Twain_32 (Image Acquisition Interface).) - [65536] - (1.7.1.3) - C:\WINDOWS\twain_32.dll [15/06/2017 16:42:10] - |SD| - [0] - C:\WINDOWS\UpdateAssistantV2 [12/04/2018 00:38:21] - |D| - [12420] - C:\WINDOWS\Vss [11/04/2018 22:04:37] - |D| - [25814] - C:\WINDOWS\WaaS [12/04/2018 00:38:21] - |D| - [15729830] - C:\WINDOWS\Web [MD5.23CF8138F49416231807E6DE371FB9E6] - [30/10/2015 08:24:29] - |A| - (.-.) - [92] - (0.0.0.0) - C:\WINDOWS\win.ini [MD5.C844CA459F3B209329984772269B6E56] - [12/04/2018 00:34:36] - |RAH| - (.-.) - [670] - (0.0.0.0) - C:\WINDOWS\WindowsShell.Manifest [MD5.2CC83D93DD1DDE691158CF5E9882420B] - [27/08/2017 14:01:00] - |A| - (.-.) - [276] - (0.0.0.0) - C:\WINDOWS\WindowsUpdate.log [MD5.EE1F0DE1ED3E8A5BF080B3497049969E] - [12/04/2018 00:34:52] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Relais Windows Winhlp32.) - [11776] - (10.0.17134.1) - C:\WINDOWS\winhlp32.exe [11/04/2018 22:04:33] - |D| - [6909300964] - C:\WINDOWS\WinSxS [MD5.E7E4D8D7340DA6934B9EA81CBB21374C] - [12/04/2018 00:33:56] - |A| - (.-.) - [316640] - (0.0.0.0) - C:\WINDOWS\WMSysPr9.prx [MD5.5266C61652051E9EF3A4D199001F6B17] - [12/04/2018 00:34:19] - |A| - (.© Microsoft Corporation. - Windows Write.) - [11264] - (10.0.17134.1) - C:\WINDOWS\write.exe ---------- | C:\WINDOWS\System32\GroupPolicy [03/01/2017 12:00:03] - |D| - [0] - C:\WINDOWS\System32\GroupPolicy\Machine [03/01/2017 12:00:03] - |D| - [0] - C:\WINDOWS\System32\GroupPolicy\User ---------- | Systemroot\System ---------- | Systemroot\Installer (Microsoft Files Whitelisted) [08/01/2018 20:28:34] - C:\WINDOWS\Installer\10739e33.msi : (Algobox - Apprentissage de la programmation - Algobox) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/05/2007 21:27:18] - C:\WINDOWS\Installer\124961f7.msi : ( -) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [23/01/2008 23:07:14] - C:\WINDOWS\Installer\12587d97.msi : (Blank Project Template - THQ) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [29/11/2014 15:18:09] - C:\WINDOWS\Installer\12b9e77.msi : (Install/UnInstall PhysX Driver + Engines: 2.7.1/3/4/5/6; 2.8.0/1/3 - NVIDIA Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [29/09/2016 18:11:18] - C:\WINDOWS\Installer\163dd3.msi : (OpenOffice 4.1.3 - OpenOffice) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [19/11/2017 15:21:12] - C:\WINDOWS\Installer\261875.msi : (Kaspersky Free - Kaspersky Lab) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [12/07/2017 13:26:00] - C:\WINDOWS\Installer\28222f.msi : (Java SE Runtime Environment 8 Update 131 - Oracle Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [12/07/2017 13:25:52] - C:\WINDOWS\Installer\28223a.msi : (Java Auto Updater - Oracle Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [01/09/2016 13:35:57] - C:\WINDOWS\Installer\2dff1248.msi : (HP Support Solutions Framework - HP Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [10/03/2015 02:39:35] - C:\WINDOWS\Installer\2e104b69.msi : (HP ENVY 4520 series Basic Device Software - Hewlett-Packard Co.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [01/09/2016 14:51:09] - C:\WINDOWS\Installer\2e439008.msi : (HP Support Assistant - HP Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [01/09/2016 14:51:44] - C:\WINDOWS\Installer\2e43900d.msi : (Blank Project Template - Hewlett-Packard) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/03/2015 09:41:29] - C:\WINDOWS\Installer\37470c.msi : ( - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [02/01/2019 16:48:18] - C:\WINDOWS\Installer\4519fdf.msi : (Hotspot Shield 7.16.0 - AnchorFree Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [05/09/2017 17:31:25] - C:\WINDOWS\Installer\5cb98.msi : (Google Update Helper - Google Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [20/12/2018 15:58:51] - C:\WINDOWS\Installer\61014e8.msi : (Google Update Helper - Google Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [01/03/2017 22:27:11] - C:\WINDOWS\Installer\79c7.msi : (Amazon Assistant - Amazon) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [12/07/2017 13:21:36] - C:\WINDOWS\Installer\8ef3f.msi : (Minecraft - Mojang) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [14/02/2019 23:06:17] - C:\WINDOWS\Installer\b2afc.msi : (Adobe ARM Installer - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [12/09/2017 18:25:03] - C:\WINDOWS\Installer\cf6015.msi : (Installation de Regressi - Evariste) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [03/09/2018 17:57:19] - [17661952] - (.().-. - ()) - C:\WINDOWS\Installer\152df3.msp [20/02/2019 13:28:20] - [1986560] - (.().-. - ()) - C:\WINDOWS\Installer\27a9084.msp [13/11/2018 05:24:12] - [3485696] - (.().-. - ()) - C:\WINDOWS\Installer\2864f05a.msp [29/11/2017 11:42:28] - [1355776] - (.().-. - ()) - C:\WINDOWS\Installer\37471f.msp [22/10/2018 14:33:19] - [2584576] - (.().-. - ()) - C:\WINDOWS\Installer\40c7025e.msp [01/03/2018 21:02:57] - [53248] - (.().-. - ()) - C:\WINDOWS\Installer\42674.msp [20/02/2019 13:27:22] - [13271040] - (.().-. - ()) - C:\WINDOWS\Installer\47270df.msp [18/09/2018 09:10:59] - [4706304] - (.().-. - ()) - C:\WINDOWS\Installer\476ff0fd.msp [23/02/2018 14:25:19] - [1343488] - (.().-. - ()) - C:\WINDOWS\Installer\4a373bf.msp [14/12/2017 17:41:47] - [65536] - (.().-. - ()) - C:\WINDOWS\Installer\4c3f027.msp [26/12/2017 11:28:35] - [13234176] - (.().-. - ()) - C:\WINDOWS\Installer\50c6a89.msp [03/01/2019 10:17:04] - [1720320] - (.().-. - ()) - C:\WINDOWS\Installer\59322d0d.msp [10/12/2018 07:52:51] - [44044288] - (.().-. - ()) - C:\WINDOWS\Installer\7122493.msp [12/05/2018 07:05:37] - [7094272] - (.().-. - ()) - C:\WINDOWS\Installer\b122a04.msp [11/02/2019 07:36:53] - [8757248] - (.().-. - ()) - C:\WINDOWS\Installer\b2b87.msp [28/06/2011 21:21:32] - [4637184] - (.().-. - ()) - C:\WINDOWS\Installer\f583c26.msp [08/05/2018 13:06:13] - [17260544] - (.().-. - ()) - C:\WINDOWS\Installer\fe2a309.msp [28/06/2011 21:27:28] - [4028928] - (.().-. - ()) - C:\WINDOWS\Installer\ff94.msp ---------- | %System%\*.in* [12/04/2018 00:33:56] - [3329] - C:\WINDOWS\System32\ieuinit.inf [18/05/2018 19:36:59] - [1766590] - C:\WINDOWS\System32\PerfStringBackup.INI [14/11/2016 00:59:01] - [9240] - C:\WINDOWS\System32\prxOff.ini [12/04/2018 00:34:33] - [60124] - C:\WINDOWS\System32\tcpmon.ini [12/04/2018 00:34:20] - [2404] - C:\WINDOWS\System32\WimBootCompress.ini [12/04/2018 00:34:00] - [3329] - C:\WINDOWS\Syswow64\ieuinit.inf [14/11/2016 00:59:01] - [9240] - C:\WINDOWS\Syswow64\prxOff.ini [12/04/2018 00:34:49] - [2404] - C:\WINDOWS\Syswow64\WimBootCompress.ini ---------- | Listing no Microsoft signed files (Not necessary Malwares) | system32 | Syswow64 | General scan [MD5.1212FB9DF3B21A3E01D4218945CC77C6] - |A| - [11/03/2019 19:50:51] - (.-.) - [64.66 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\.session64 [MD5.419AC7A5FF8EAC1B3AF6198BEFA5629C] - |A| - [18/05/2018 19:30:35] - (.-.) - [4862.86 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\adobegc.log [MD5.E610D872712006CEAB6373113A6AC597] - |A| - [15/03/2019 21:16:27] - (.-.) - [0.05 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\aria-debug-10456.log [MD5.E2BA2247A6338E4AB4EB699F78B9BD28] - |A| - [11/03/2019 19:50:49] - (.-.) - [0.05 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\aria-debug-12624.log [MD5.85BB4A9BC93124A46AFB35B03B041CB3] - |A| - [14/03/2019 17:55:37] - (.-.) - [0.05 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\aria-debug-12832.log [MD5.56F0F129A4F535736166F8978CB21511] - |A| - [10/03/2019 18:13:49] - (.-.) - [0.05 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\aria-debug-4900.log [MD5.EB063FAC0E1BBC55C2784EFD2B17C790] - |A| - [13/03/2019 12:23:49] - (.-.) - [0.05 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\aria-debug-7772.log [MD5.AA089828EFE0A670AB8283C15D9396B4] - |A| - [17/03/2019 15:39:44] - (.-.) - [0.05 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\aria-debug-8096.log [MD5.00000000000000000000000000000000] - |D| - [17/03/2019 15:59:51] - [0 Ko] - C:\WINDOWS\Temp\avg_ash2 [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [13/03/2019 17:14:02] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\BIT10EC.tmp [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [10/03/2019 19:14:39] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\BIT7DD8.tmp [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [14/03/2019 17:47:08] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\BITB7FE.tmp [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [11/03/2019 17:48:07] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\BITFFA0.tmp [MD5.3B2BFA3D771CB1D07BC8BB28038D2AAA] - |A| - [02/03/2019 17:42:45] - (.-.) - [31.25 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\chrome_installer.log [MD5.00000000000000000000000000000000] - |D| - [02/03/2019 17:42:45] - [0.04 Ko] - C:\WINDOWS\Temp\Crashpad [MD5.00000000000000000000000000000000] - |D| - [18/05/2018 19:30:35] - [7313.58 Ko] - C:\WINDOWS\Temp\CreativeCloud [MD5.00000000000000000000000000000000] - |D| - [10/03/2019 18:06:51] - [2580.42 Ko] - C:\WINDOWS\Temp\CR_4676E.tmp [MD5.D9CEEC3360477496427509988C30784D] - |A| - [21/02/2019 07:24:51] - (.-.) - [280.17 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-GCRG7F9-20190221-0724.log [MD5.EA15AD8773D63B10F3DD3E0DB70BA873] - |A| - [10/03/2019 18:04:21] - (.-.) - [7.1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-GCRG7F9-20190310-1804.log [MD5.DEDD41ADFAC73996D2C19959C97CBE26] - |A| - [10/03/2019 18:06:05] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-GCRG7F9-20190310-1806.log [MD5.368DE0482FBE9D23C008300340EA36AA] - |A| - [10/03/2019 18:06:05] - (.-.) - [12.99 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-GCRG7F9-20190310-1806a.log [MD5.562AFC51ED84D334F6DFAFA1102F4328] - |A| - [10/03/2019 18:08:09] - (.-.) - [9.51 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-GCRG7F9-20190310-1808.log [MD5.B819F23CADB15EDCB324D400FBABAADF] - |A| - [10/03/2019 18:13:51] - (.-.) - [63.58 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-GCRG7F9-20190310-1813.log [MD5.3A8FEB3218B956599680074502064340] - |A| - [10/03/2019 18:27:42] - (.-.) - [9.51 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-GCRG7F9-20190310-1827.log [MD5.825575A50F39E39A699874BAEDADF5BC] - |A| - [10/03/2019 19:06:40] - (.-.) - [67.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-GCRG7F9-20190310-1906.log [MD5.C7D5B333087896B95B06BBF8B92CB5A2] - |A| - [10/03/2019 19:11:58] - (.-.) - [10.37 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-GCRG7F9-20190310-1911.log [MD5.87142BC343B1B98084591F642AF82CDA] - |A| - [11/03/2019 17:50:09] - (.-.) - [15.04 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-GCRG7F9-20190311-1750.log [MD5.6575FDB74A34EADC232FB390754942CE] - |A| - [11/03/2019 19:32:17] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-GCRG7F9-20190311-1932.log [MD5.747DC34AAB9DAA47271D57ED60B0611D] - |A| - [11/03/2019 19:32:18] - (.-.) - [9.51 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-GCRG7F9-20190311-1932a.log [MD5.F704C2A3249CE1C346A7C9F9577CC756] - |A| - [11/03/2019 19:32:51] - (.-.) - [17.26 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-GCRG7F9-20190311-1932b.log [MD5.FFC4FD847B1D9E4E11BD095411611484] - |A| - [11/03/2019 19:50:54] - (.-.) - [58.71 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-GCRG7F9-20190311-1950.log [MD5.E488D91B0E3D7002DA6B16A2DBFE4D0F] - |A| - [12/03/2019 04:00:00] - (.-.) - [11.96 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-GCRG7F9-20190312-0400.log [MD5.FD8E587EBA0E7C6EAF41740449E79C1F] - |A| - [12/03/2019 08:54:08] - (.-.) - [4.48 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-GCRG7F9-20190312-0854.log [MD5.35B4ECACDF1217E653037DF9C4B0182A] - |A| - [12/03/2019 16:52:38] - (.-.) - [9.51 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-GCRG7F9-20190312-1652.log [MD5.0A40C79F806C7C0597EC5F300736706F] - |A| - [12/03/2019 19:32:13] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-GCRG7F9-20190312-1932.log [MD5.558F6DB8FEC9D8EFC12A1119E7BA2DB1] - |A| - [13/03/2019 12:06:18] - (.-.) - [132.6 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-GCRG7F9-20190313-1206.log [MD5.40C6BDA56F9E874FD6A6400564708B13] - |A| - [13/03/2019 12:14:07] - (.-.) - [17.3 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-GCRG7F9-20190313-1214.log [MD5.FEAF23BBE8F65D0EB8005267FC32C075] - |A| - [13/03/2019 12:15:14] - (.-.) - [3 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-GCRG7F9-20190313-1215.log [MD5.28782AEF2C6C97252056CC2CB7F4E371] - |A| - [13/03/2019 12:15:14] - (.-.) - [12.62 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-GCRG7F9-20190313-1215a.log [MD5.2D6392E7F89F5CAB88BACEE1AE1FB19D] - |A| - [13/03/2019 12:23:51] - (.-.) - [60.83 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-GCRG7F9-20190313-1223.log [MD5.8E24AFD55FF30EE0B064095C0E677E6F] - |A| - [13/03/2019 13:45:22] - (.-.) - [9.49 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-GCRG7F9-20190313-1345.log [MD5.95DBC20FB337E73124A7B1C4112BCE4D] - |A| - [13/03/2019 16:21:15] - (.-.) - [12.99 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-GCRG7F9-20190313-1621.log [MD5.1265EF193BBEEDF37A8E62C572789B23] - |A| - [13/03/2019 18:24:42] - (.-.) - [10.03 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-GCRG7F9-20190313-1824.log [MD5.FB4FB108D28E30122BEE6B164EC77C7A] - |A| - [13/03/2019 19:36:27] - (.-.) - [9.51 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-GCRG7F9-20190313-1936.log [MD5.997CCFEAD4EBB0F2A6573F60E4EA51CD] - |A| - [13/03/2019 19:45:35] - (.-.) - [9.51 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-GCRG7F9-20190313-1945.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [13/03/2019 21:33:22] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-GCRG7F9-20190313-2133.log [MD5.713ACCD7494690AEF0EF64D11A23E9B9] - |A| - [14/03/2019 17:44:27] - (.-.) - [2.67 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-GCRG7F9-20190314-1744.log [MD5.7D85904A84B33B006AF98276256D652F] - |A| - [14/03/2019 17:47:02] - (.-.) - [17.84 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-GCRG7F9-20190314-1747.log [MD5.EC67E75059393B5BB50AD0E3C67F1665] - |A| - [14/03/2019 17:47:02] - (.-.) - [2.67 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-GCRG7F9-20190314-1747a.log [MD5.EF08E2637FA1FC04DAA753316321B913] - |A| - [14/03/2019 17:49:09] - (.-.) - [12.99 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-GCRG7F9-20190314-1749.log [MD5.8007DDBF41C2B0D5FAE6B9CE8A2796B1] - |A| - [14/03/2019 17:55:39] - (.-.) - [37.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-GCRG7F9-20190314-1755.log [MD5.359389B1D695292437D1DDA8EC73947E] - |A| - [15/03/2019 17:31:52] - (.-.) - [71.62 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-GCRG7F9-20190315-1731.log [MD5.F2023B7A9BCC8EF6CC2CA2767E2E7F52] - |A| - [15/03/2019 17:37:44] - (.-.) - [9.51 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-GCRG7F9-20190315-1737.log [MD5.133F7718AD768FE778666A129DA41731] - |A| - [15/03/2019 17:37:44] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-GCRG7F9-20190315-1737a.log [MD5.EA546DE2CC639295E3B58D76E68F0EBA] - |A| - [15/03/2019 21:13:24] - (.-.) - [17.23 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-GCRG7F9-20190315-2113.log [MD5.C48031A2906314372EEE53453A09583A] - |A| - [15/03/2019 21:16:28] - (.-.) - [63.63 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-GCRG7F9-20190315-2116.log [MD5.D3463A9CC198DCD659321A47929CCCA0] - |A| - [16/03/2019 04:00:00] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-GCRG7F9-20190316-0400.log [MD5.2D8B8FF867244CACE2CB7E473589B5AF] - |A| - [16/03/2019 06:54:54] - (.-.) - [5.62 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-GCRG7F9-20190316-0654.log [MD5.B463F673B1452F12B329C57B1531E6DE] - |A| - [16/03/2019 11:45:04] - (.-.) - [9.89 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-GCRG7F9-20190316-1145.log [MD5.9C5D08FE6C656811B0C79638B05519BD] - |A| - [16/03/2019 13:29:00] - (.-.) - [9.89 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-GCRG7F9-20190316-1329.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [16/03/2019 15:24:15] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-GCRG7F9-20190316-1524.log [MD5.B74E4C2683CED365189C13F39F1BFF9D] - |A| - [16/03/2019 17:00:43] - (.-.) - [9.49 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-GCRG7F9-20190316-1700.log [MD5.FA5ECF62F3178933D7C23DF53F58ACF8] - |A| - [17/03/2019 15:29:13] - (.-.) - [68.08 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-GCRG7F9-20190317-1529.log [MD5.2AD459C04E7537B3BF81C44FA3C4DB6F] - |A| - [17/03/2019 15:32:11] - (.-.) - [7.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-GCRG7F9-20190317-1532.log [MD5.5C3850BC285670CB1D4936E743D15F13] - |A| - [17/03/2019 15:32:11] - (.-.) - [17.3 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-GCRG7F9-20190317-1532a.log [MD5.91D2F3E508A5F9CA50F752A19755A289] - |A| - [17/03/2019 15:34:33] - (.-.) - [9.51 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-GCRG7F9-20190317-1534.log [MD5.97096B37FD8FCCCD4621D2EE76EEA5B9] - |A| - [17/03/2019 15:39:46] - (.-.) - [62.7 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-GCRG7F9-20190317-1539.log [MD5.CAE2F659D11B3925A1B805CC8B2C75E6] - |A| - [17/03/2019 15:40:46] - (.-.) - [10.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-GCRG7F9-20190317-1540.log [MD5.59A3839E555691F364839F5B5B4F4351] - |A| - [17/03/2019 16:07:14] - (.-.) - [12.18 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-GCRG7F9-20190317-1607.log [MD5.1B114F52B61154B1C8A8FF7E771D5F8B] - |A| - [17/03/2019 16:31:10] - (.-.) - [10.29 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-GCRG7F9-20190317-1631.log [MD5.D6076CC94297B2D07435BBFE3E7ABCD0] - |A| - [17/03/2019 16:37:38] - (.-.) - [9.49 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-GCRG7F9-20190317-1637.log [MD5.00000000000000000000000000000000] - |D| - [17/03/2019 16:31:10] - [0 Ko] - C:\WINDOWS\Temp\DiagTrack_alternativeTrace [MD5.00000000000000000000000000000000] - |D| - [17/03/2019 16:31:10] - [0 Ko] - C:\WINDOWS\Temp\DiagTrack_aot [MD5.00000000000000000000000000000000] - |D| - [17/03/2019 16:31:10] - [0 Ko] - C:\WINDOWS\Temp\DiagTrack_diag [MD5.00000000000000000000000000000000] - |D| - [17/03/2019 16:31:10] - [0 Ko] - C:\WINDOWS\Temp\DiagTrack_miniTrace [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [13/03/2019 19:39:20] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\His1656.tmp [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [15/03/2019 21:13:19] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\His17D4.tmp [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [10/03/2019 18:27:41] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\His2A03.tmp [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [16/03/2019 13:39:45] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\His3482.tmp [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [11/03/2019 19:43:08] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\His4C80.tmp [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [16/03/2019 13:29:00] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\His5C7C.tmp [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [16/03/2019 17:02:05] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\His73F1.tmp [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [11/03/2019 19:32:23] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\His7813.tmp [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [14/03/2019 20:12:09] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\His7F50.tmp [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [13/03/2019 16:32:00] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\His92E3.tmp [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [13/03/2019 13:45:21] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\His93.tmp [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [13/03/2019 18:35:26] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\His94B8.tmp [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [17/03/2019 15:50:31] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\HisA677.tmp [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [12/03/2019 09:08:34] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\HisB4C4.tmp [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [13/03/2019 16:21:14] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\HisBA12.tmp [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [17/03/2019 16:17:59] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\HisCDC2.tmp [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [15/03/2019 21:24:03] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\HisECAD.tmp [MD5.00000000000000000000000000000000] - |D| - [10/03/2019 19:07:02] - [4.7 Ko] - C:\WINDOWS\Temp\HP [MD5.00000000000000000000000000000000] - |D| - [10/03/2019 18:06:08] - [20 Ko] - C:\WINDOWS\Temp\NVIDIA Corporation [MD5.00000000000000000000000000000000] - |D| - [13/03/2019 12:14:52] - [0 Ko] - C:\WINDOWS\Temp\OfficeC2R1037AD09-129B-49E5-AB2D-EEF812F3B6A7 [MD5.00000000000000000000000000000000] - |D| - [15/03/2019 21:13:55] - [0 Ko] - C:\WINDOWS\Temp\OfficeC2R22E9EB82-4873-4793-B9F2-DAC701E75BD2 [MD5.00000000000000000000000000000000] - |D| - [14/03/2019 17:47:34] - [0 Ko] - C:\WINDOWS\Temp\OfficeC2RFBE6C29A-79B3-4163-9A2F-6B13D7B07A7E [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [17/03/2019 16:31:10] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(20190317163110D94).log [MD5.02F79E9ECDBC6CE597E157A1343FA021] - |A| - [18/05/2018 19:30:36] - (.-.) - [217.47 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\prx.log [MD5.58C4C0FC487CBC07E17AA5B5D9A143A2] - |A| - [10/03/2019 19:06:41] - (.-.) - [2.32 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\prxr.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [10/03/2019 18:03:02] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\sd_9728.tmp [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [10/03/2019 18:03:08] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\sd_B09D.tmp [MD5.3D1028C39015BCAA156E390F7190305F] - |A| - [10/03/2019 18:03:13] - (.-.) - [152.9 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\sd_C436.tmp [MD5.A6BD4333B67E9DD6EAF3F133BF3E8193] - |A| - [11/03/2019 19:10:12] - (.Copyright (c) 2015 -.) - [5640.69 Ko] - (3.0.0.8) - C:\WINDOWS\Temp\Tmp2782.tmp [MD5.E5985D8B7B487C8545A48C7580A6110A] - |A| - [15/03/2019 18:40:35] - (.© 2017 AO Kaspersky Lab. - Native interop assembly.) - [6004.64 Ko] - (18.0.0.789) - C:\WINDOWS\Temp\Tmp4350.tmp [MD5.9CFF65818A239B9C9BB42BC5185603E6] - |A| - [12/03/2019 16:51:31] - (.GleenHook. - Security Client.) - [6841.73 Ko] - (2.7.0.0) - C:\WINDOWS\Temp\Tmp8CC3.tmp [MD5.A6BD4333B67E9DD6EAF3F133BF3E8193] - |A| - [11/03/2019 19:10:42] - (.Copyright (c) 2015 -.) - [5640.69 Ko] - (3.0.0.8) - C:\WINDOWS\Temp\Tmp9BB9.tmp [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [10/03/2019 19:09:02] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\tw5BF6.tmp [MD5.00000000000000000000000000000000] - |D| - [20/02/2019 13:14:23] - [0 Ko] - C:\WINDOWS\Temp\_avg_ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:18:38] - [0 Ko] - C:\WINDOWS\System32\0409 [MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [12/04/2018 00:34:20] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@AudioToastIcon.png [MD5.8E4B25CC8E98F63DBD54176DFAB539E0] - |A| - [12/04/2018 00:34:07] - (.-.) - [0.44 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@BackgroundAccessToastIcon.png [MD5.3937359E324E15F6A7A7092D4DAEBD64] - |A| - [12/04/2018 00:34:25] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@bitlockertoastimage.png [MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [12/04/2018 00:34:14] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@EnrollmentToastIcon.png [MD5.C2A332DE50FE519DA21AFB8BD6E134F4] - |A| - [12/04/2018 00:34:27] - (.-.) - [0.55 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@language_notification_icon.png [MD5.A119D69B4C29845D3F8CE2E5638C8E65] - |A| - [12/04/2018 00:34:32] - (.-.) - [0.47 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@optionalfeatures.png [MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [12/04/2018 00:34:33] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@VpnToastIcon.png [MD5.7AC3EA1A5175106ED6467FF0C5315541] - |A| - [12/04/2018 00:34:44] - (.-.) - [14.75 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WiFiNotificationIcon.png [MD5.79166EAF65485F1432DD72B72870026B] - |A| - [12/04/2018 00:34:04] - (.-.) - [190.86 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@windows-hello-V4.1.gif [MD5.13EF2C8D799F7B6E9D8E3D6BACB9C779] - |A| - [12/04/2018 00:34:04] - (.-.) - [0.7 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsHelloFaceToastIcon.png [MD5.F553B252FEC3134D4F5303D9B25298B3] - |A| - [12/04/2018 00:33:53] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsUpdateToastIcon.contrast-black.png [MD5.DAD405CBDE259DE527EBF71BCC28099C] - |A| - [12/04/2018 00:33:53] - (.-.) - [0.79 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsUpdateToastIcon.contrast-white.png [MD5.F553B252FEC3134D4F5303D9B25298B3] - |A| - [12/04/2018 00:33:53] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsUpdateToastIcon.png [MD5.DB71001FC261F6685BE410527DAE3942] - |A| - [12/04/2018 00:34:20] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WirelessDisplayToast.png [MD5.D0FCF781D0801ABF5F74B54E98076A5B] - |A| - [12/04/2018 00:34:12] - (.-.) - [0.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WwanNotificationIcon.png [MD5.85D91E478AF18125007C531227FF6E59] - |A| - [12/04/2018 00:34:12] - (.-.) - [0.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WwanSimLockIcon.png [MD5.F2CF417EF502555B139EDCD9FEBF9CD3] - |A| - [02/08/2016 21:37:23] - (.-.) - [107.27 Ko] - (0.0.0.0) - C:\WINDOWS\System32\AcpiServiceVnA64.dll [MD5.00000000000000000000000000000000] - |D| - [11/04/2018 22:04:39] - [2891.9 Ko] - C:\WINDOWS\System32\AdvancedInstallers [MD5.B4F803BBEAFAD4DE89C6D3718E93F4F0] - |A| - [12/04/2018 00:34:15] - (.Copyright (c) libarchive authors - Windows-internal libarchive library.) - [602 Ko] - (3.3.2.0) - C:\WINDOWS\System32\archiveint.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [30.5 Ko] - C:\WINDOWS\System32\as-IN [MD5.8113D6E1884940FC3F9DED886B364A1E] - |A| - [02/08/2016 21:37:23] - (.-.) - [94.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\audioLibVc.dll [MD5.C03F0062C0749CDB59A4D60862C3E83E] - |A| - [12/04/2018 00:34:04] - (.-.) - [134.86 Ko] - (0.0.0.0) - C:\WINDOWS\System32\AverageRoom.bin [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [30 Ko] - C:\WINDOWS\System32\az-Latn-AZ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [29.5 Ko] - C:\WINDOWS\System32\be-BY [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [345.5 Ko] - C:\WINDOWS\System32\bg-BG [MD5.705628497C0012302212A46ADD463E6E] - |A| - [12/04/2018 00:34:02] - (.-.) - [8.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.contrast-black.png [MD5.F63C615733A3337BF2BEA96C6EE9B568] - |A| - [12/04/2018 00:34:02] - (.-.) - [8.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.contrast-high.png [MD5.705628497C0012302212A46ADD463E6E] - |A| - [12/04/2018 00:34:02] - (.-.) - [8.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.contrast-white.png [MD5.DAF1DCB4AEE839A1965F4CC160C49A53] - |A| - [12/04/2018 00:34:02] - (.-.) - [8.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.png [MD5.28ECA83D7F9D10D69E969675D1FF6725] - |A| - [12/04/2018 00:34:02] - (.-.) - [1.29 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothSystemToastIcon.contrast-white.png [MD5.A620186FF1CDE4EE117FC4CAD648B9CC] - |A| - [12/04/2018 00:34:02] - (.-.) - [1.2 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [28.5 Ko] - C:\WINDOWS\System32\bn-BD [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [29.5 Ko] - C:\WINDOWS\System32\bn-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [4933.96 Ko] - C:\WINDOWS\System32\Boot [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [28.5 Ko] - C:\WINDOWS\System32\bs-Latn-BA [MD5.06DB0A736F8A78151518276F232669FC] - |A| - [12/04/2018 00:34:19] - (.Copyright (C) 2008 - Gestionnaire de contexte pour réseau personnel Bluetooth.) - [181 Ko] - (1.0.0.1) - C:\WINDOWS\System32\BthpanContextHandler.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [0.1 Ko] - C:\WINDOWS\System32\Bthprops [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [30.5 Ko] - C:\WINDOWS\System32\ca-ES [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [31 Ko] - C:\WINDOWS\System32\ca-ES-valencia [MD5.00000000000000000000000000000000] - |D| - [11/04/2018 22:04:33] - [161875.81 Ko] - C:\WINDOWS\System32\CatRoot [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [34019.24 Ko] - C:\WINDOWS\System32\catroot2 [MD5.4D30A29EB6A9DFDB3888EF4F8E1FED2F] - |A| - [14/11/2016 00:59:01] - (.-.) - [1.1 Ko] - (0.0.0.0) - C:\WINDOWS\System32\cert.cer [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [23 Ko] - C:\WINDOWS\System32\chr-CHER-US [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [3097.71 Ko] - C:\WINDOWS\System32\CodeIntegrity [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [373 Ko] - C:\WINDOWS\System32\com [MD5.535884123FABC2C15AA7DEC9834B55D4] - |A| - [12/04/2018 00:34:02] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ComputerToastIcon.contrast-white.png [MD5.89F92266DFC6F93961DFFBB2D6C61A15] - |A| - [12/04/2018 00:34:02] - (.-.) - [0.38 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ComputerToastIcon.png [MD5.6E14F444A2506049EEC25CB5EDFE0905] - |A| - [02/08/2016 21:37:24] - (.2013 © Real Sound Lab SIA, iSoft Solutions - CONEQ™ Media Suite APO GUI Library.) - [110.91 Ko] - (1.0.0.4) - C:\WINDOWS\System32\CONEQMSAPOGUILibrary.dll [MD5.00000000000000000000000000000000] - |D| - [11/04/2018 22:04:33] - [292521.2 Ko] - C:\WINDOWS\System32\config [MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 00:38:21] - [86.84 Ko] - C:\WINDOWS\System32\Configuration [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [403.5 Ko] - C:\WINDOWS\System32\cs-CZ [MD5.BDEBD2FC4927DA00EEA263AF9CF8F7ED] - |A| - [12/04/2018 00:34:15] - (.© 1996 - 2017 Daniel Stenberg, . - The curl executable.) - [414.5 Ko] - (7.55.1.0) - C:\WINDOWS\System32\curl.exe [MD5.66E6010C31A70C8C5C2853AF597D853E] - |A| - [02/08/2016 21:37:24] - (.©Conexant Systems Inc. - Conexant APO.) - [1540.02 Ko] - (1.28.0.0) - C:\WINDOWS\System32\CX64APO.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [31.5 Ko] - C:\WINDOWS\System32\cy-GB [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [399 Ko] - C:\WINDOWS\System32\da-DK [MD5.4EDE94905F4910EA8CF91D4101DA198A] - |A| - [12/04/2018 00:34:04] - (.-.) - [138 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DataStoreCacheDumpTool.exe [MD5.00000000000000000000000000000000] - |D| - [28/09/2016 11:34:45] - [4022.57 Ko] - C:\WINDOWS\System32\DAX2 [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [217.6 Ko] - C:\WINDOWS\System32\DDFs [MD5.CAC823DDBB6E785DB76906BFCCFE55AF] - |A| - [02/08/2016 21:37:24] - (.©2014 Dolby Laboratories. - Dolby Digital Plus API x86.) - [255.34 Ko] - (7.6.5.1) - C:\WINDOWS\System32\DDPA64.dll [MD5.1EA86BB2AA1717F105544F9DCD7DD590] - |A| - [02/08/2016 21:37:24] - (.©2014 Dolby Laboratories. - Dolby Digital Plus API x86.) - [278.27 Ko] - (7.6.7.1) - C:\WINDOWS\System32\DDPA64F3.dll [MD5.018EFD4A9BF6FDA0F1AA3A6DE5712CD9] - |A| - [02/08/2016 21:37:24] - (.©2014 Dolby Laboratories. - Dolby Digital Plus COM DLL x86.) - [1894.34 Ko] - (7.6.5.1) - C:\WINDOWS\System32\DDPD64A.dll [MD5.01E7B306CBBEAEFB32118FB229CE200F] - |A| - [02/08/2016 21:37:24] - (.©2014 Dolby Laboratories. - Dolby Digital Plus COM DLL x86.) - [1888.27 Ko] - (7.6.7.1) - C:\WINDOWS\System32\DDPD64AF3.dll [MD5.DE67ADEAC731C1ED3BD76527AB530BA5] - |A| - [02/08/2016 21:37:24] - (.©2014 Dolby Laboratories. - Dolby Digital Plus APO x86.) - [308.34 Ko] - (7.6.5.1) - C:\WINDOWS\System32\DDPO64A.dll [MD5.52B5ADE064EC99FD5FF740CF35BB4907] - |A| - [02/08/2016 21:37:24] - (.©2014 Dolby Laboratories. - Dolby Digital Plus APO x86.) - [328.27 Ko] - (7.6.7.1) - C:\WINDOWS\System32\DDPO64AF3.dll [MD5.C71D1DAFA22B5D3B71853783E5AA09D2] - |A| - [02/08/2016 21:37:24] - (.©2014 Dolby Laboratories. - Dolby DS1PC Control Panel x86.) - [6921.34 Ko] - (7.6.5.1) - C:\WINDOWS\System32\DDPP64A.dll [MD5.03B3FDBF4E7336EA01EB1F80B8A06820] - |A| - [02/08/2016 21:37:24] - (.©2014 Dolby Laboratories. - Dolby DS1PC Control Panel x86.) - [6096.27 Ko] - (7.6.7.1) - C:\WINDOWS\System32\DDPP64AF3.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [453 Ko] - C:\WINDOWS\System32\de-DE [MD5.C04ED7B2794D40E8E777FD44ED44FC50] - |A| - [12/04/2018 00:34:06] - (.-.) - [0.36 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultAccountTile.png [MD5.618BA9E529EAB7E11DBA43469481835F] - |A| - [12/04/2018 00:34:04] - (.-.) - [4128.04 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultHrtfs.bin [MD5.664AA698FC0106A2B075A641E8DC6302] - |A| - [12/04/2018 00:38:27] - (.-.) - [0.84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultQuestions.json [MD5.4A6FA3C0EFD237F104E09A22883D9388] - |A| - [12/04/2018 00:34:17] - (.-.) - [3.85 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DetailedReading-Default.xml [MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 00:38:21] - [926.5 Ko] - C:\WINDOWS\System32\DiagSvcs [MD5.12ACC91FA93C8BF82D4EF3FB779ECEF8] - |A| - [12/04/2018 00:34:24] - (.-.) - [80.27 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DiskSnapshot.conf [MD5.00000000000000000000000000000000] - |D| - [11/04/2018 22:04:37] - [10043.27 Ko] - C:\WINDOWS\System32\Dism [MD5.6AB2B935BF38EB13CFCB9506223FD6E7] - |A| - [12/04/2018 00:34:02] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DisplaySystemToastIcon.contrast-white.png [MD5.FF004E0B30E5E4EC747B3D8EF6E3B89E] - |A| - [12/04/2018 00:34:02] - (.-.) - [0.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DisplaySystemToastIcon.png [MD5.74AB7CBEB58EB3DD81FCEE0FCCEBB40B] - |A| - [02/08/2016 21:37:24] - (.© 2015 Dolby Laboratories, Inc. - Dolby DAX2 APO Property Page.) - [922.84 Ko] - (0.4.0.18) - C:\WINDOWS\System32\DolbyDAX2APOProp.dll [MD5.568A705E6E34FDE302AC52C6D2401112] - |A| - [02/08/2016 21:37:24] - (.© 2015 Dolby Laboratories, Inc. - Dolby DAX2 APO.) - [2337.34 Ko] - (0.4.0.18) - C:\WINDOWS\System32\DolbyDAX2APOv201.dll [MD5.49DC2BC9EB25626B02E0BB130C329F7E] - |A| - [02/08/2016 21:37:24] - (.© 2015 Dolby Laboratories, Inc. - Dolby DAX2 APO.) - [2403.34 Ko] - (0.4.0.18) - C:\WINDOWS\System32\DolbyDAX2APOv211.dll [MD5.00000000000000000000000000000000] - |D| - [11/04/2018 22:04:37] - [2404.09 Ko] - C:\WINDOWS\System32\downlevel [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:37:59] - [110060.19 Ko] - C:\WINDOWS\System32\drivers [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [0 Ko] - C:\WINDOWS\System32\DriverState [MD5.00000000000000000000000000000000] - |D| - [11/04/2018 22:04:33] - [9983316.04 Ko] - C:\WINDOWS\System32\DriverStore [MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 00:38:21] - [214.5 Ko] - C:\WINDOWS\System32\dsc [MD5.8B5A737AD11EF45D9B1AEB4ED6884968] - |A| - [02/08/2016 21:37:24] - (.(c) DTS. - DTS Bass Enhancement COM DLL.) - [711.6 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSBassEnhancementDLL64.dll [MD5.21B38D4D86A87909491F690883AE6D1E] - |A| - [02/08/2016 21:37:24] - (.(c) DTS. - DTS Boost COM DLL.) - [1452.1 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSBoostDLL64.dll [MD5.FF31A2F57AAAB58DB78FCC961A58B206] - |A| - [02/08/2016 21:37:24] - (.(c) DTS. - DTS Gain Compensator COM DLL.) - [418.6 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSGainCompensatorDLL64.dll [MD5.BC0474E5476E5EA0D0E1AA5AC41E2061] - |A| - [02/08/2016 21:37:24] - (.(c) DTS. - DTS GFX APO.) - [237.1 Ko] - (1.0.0.3) - C:\WINDOWS\System32\DTSGFXAPO64.dll [MD5.3B8FB5376F5431C0101747D5138BCB9B] - |A| - [02/08/2016 21:37:24] - (.(c) DTS. - DTS GFX APO.) - [236.1 Ko] - (1.0.0.3) - C:\WINDOWS\System32\DTSGFXAPONS64.dll [MD5.B3977C8BA77559F4F8752AE8EB724C87] - |A| - [02/08/2016 21:37:24] - (.(c) DTS. - DTS LFX APO.) - [237.1 Ko] - (1.0.0.3) - C:\WINDOWS\System32\DTSLFXAPO64.dll [MD5.192A03A21636D3775CEE4C049C3BEB2A] - |A| - [02/08/2016 21:37:24] - (.(c) DTS. - DTS Limiter COM DLL.) - [422.6 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSLimiterDLL64.dll [MD5.2EF5442E8E7ED20F7634EEFB09640C8F] - |A| - [02/08/2016 21:37:24] - (.(c) DTS. - DTS NEO:PC COM DLL.) - [479.6 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSNeoPCDLL64.dll [MD5.F7C357462077156DC211AC2112FC8C53] - |A| - [02/08/2016 21:37:24] - (.(c) DTS. - DTS Surround Sensation Headphone COM DLL.) - [1531.6 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSS2HeadphoneDLL64.dll [MD5.F132C08BD8C58579B400DFAA71F34CFB] - |A| - [02/08/2016 21:37:24] - (.(c) DTS. - DTS Surround Sensation Speaker COM DLL.) - [1715.1 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSS2SpeakerDLL64.dll [MD5.9948969B2C1987B1D64789EFEB284A84] - |A| - [02/08/2016 21:37:24] - (.(c) DTS. - DTS Symmetry COM DLL.) - [695.6 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSSymmetryDLL64.dll [MD5.37B8A8089ECED77F6CEAF74917C5D12B] - |A| - [02/08/2016 21:37:24] - (.(c) DTS. - DTS GFX APO.) - [475.94 Ko] - (2.1.1.0) - C:\WINDOWS\System32\DTSU2PGFX64.dll [MD5.8AE860D92752CFA136979B1FF797FFDC] - |A| - [02/08/2016 21:37:24] - (.(c) DTS. - DTS LFX APO.) - [489.44 Ko] - (2.1.1.0) - C:\WINDOWS\System32\DTSU2PLFX64.dll [MD5.A9B98F96FBE514ADEABD20B2BD132172] - |A| - [02/08/2016 21:37:24] - (.(c) DTS. - DTS LFX APO.) - [405.94 Ko] - (2.1.1.0) - C:\WINDOWS\System32\DTSU2PREC64.dll [MD5.DE32448E6B40141C80DAABFF6FBE1744] - |A| - [02/08/2016 21:37:24] - (.(c) DTS. - DTS Voice Clarity COM DLL.) - [677.1 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSVoiceClarityDLL64.dll [MD5.DF84EB7B44D1414284BA384F0061D1DC] - |A| - [12/04/2018 00:34:04] - (.-.) - [728.08 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DynamicLong.bin [MD5.346870077DFD18867A9693C7A59AA3E6] - |A| - [12/04/2018 00:34:04] - (.-.) - [503.08 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DynamicMedium.bin [MD5.2BEC13D68312ADE8C0065D8BCC146D2F] - |A| - [12/04/2018 00:34:04] - (.-.) - [315.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DynamicShort.bin [MD5.08C33E4AB904EC0960B0781ED26AE039] - |A| - [12/04/2018 00:33:52] - (.-.) - [2.04 Ko] - (0.0.0.0) - C:\WINDOWS\System32\edgehtmlpluginpolicy.bin [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [451.5 Ko] - C:\WINDOWS\System32\el-GR [MD5.AF8B56769531848BD6A9F357E55312F2] - |A| - [28/09/2016 11:39:00] - (.-.) - [22.66 Ko] - (0.0.0.0) - C:\WINDOWS\System32\emptyregdb.dat [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:18:38] - [3369 Ko] - C:\WINDOWS\System32\en [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [324 Ko] - C:\WINDOWS\System32\en-GB [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [41561.18 Ko] - C:\WINDOWS\System32\en-US [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [433.5 Ko] - C:\WINDOWS\System32\es-ES [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [358.5 Ko] - C:\WINDOWS\System32\es-MX [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [318.5 Ko] - C:\WINDOWS\System32\et-EE [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [29 Ko] - C:\WINDOWS\System32\eu-ES [MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 00:38:21] - [17213.14 Ko] - C:\WINDOWS\System32\F12 [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [28.5 Ko] - C:\WINDOWS\System32\fa-IR [MD5.4DBB768C8F7E49566670FF10A61726A3] - |A| - [05/09/2018 23:33:03] - (.-.) - [1278 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FaceProcessor.dll [MD5.F5A3997555DA1A4F7036D4E8B2FCB386] - |A| - [05/09/2018 23:32:38] - (.-.) - [530.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FaceProcessorCore.dll [MD5.BB0137476B1EC8B10CE944BF023C91F6] - |A| - [12/04/2018 00:34:04] - (.-.) - [1317.05 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FaceTrackerInternal.dll [MD5.4DED57BD7ACB9B0EBBE82034EC44645A] - |A| - [12/04/2018 00:34:41] - (.-.) - [43.22 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FeatureToastBulldogImg.png [MD5.E65D2A37B6D4445D0CD9234BA933475B] - |A| - [12/04/2018 00:33:53] - (.-.) - [72.96 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FeatureToastHeroImg.jpg [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [404.5 Ko] - C:\WINDOWS\System32\fi-FI [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [32.5 Ko] - C:\WINDOWS\System32\fil-PH [MD5.FFFAFDEE8E2AE22D5B910785DC1BB3CF] - |A| - [18/05/2018 19:27:25] - (.-.) - [4892.22 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FNTCACHE.DAT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:18:38] - [3403 Ko] - C:\WINDOWS\System32\fr [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [369 Ko] - C:\WINDOWS\System32\fr-CA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [45626 Ko] - C:\WINDOWS\System32\fr-FR [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [0 Ko] - C:\WINDOWS\System32\FxsTmp [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [32.5 Ko] - C:\WINDOWS\System32\ga-IE [MD5.41FD64AE28A0C932CA7B2A250993D675] - |A| - [12/04/2018 00:34:02] - (.-.) - [1.45 Ko] - (0.0.0.0) - C:\WINDOWS\System32\GameSystemToastIcon.contrast-white.png [MD5.6DC77FD8B062264AF1C6DA325ABB7010] - |A| - [12/04/2018 00:34:02] - (.-.) - [1.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\GameSystemToastIcon.png [MD5.2E6AF4D5BF6E31E728F409984C3045D4] - |A| - [12/04/2018 00:34:39] - (.-.) - [86.7 Ko] - (0.0.0.0) - C:\WINDOWS\System32\gatherNetworkInfo.vbs [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [34 Ko] - C:\WINDOWS\System32\gd-GB [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [31 Ko] - C:\WINDOWS\System32\gl-ES [MD5.00000000000000000000000000000000] - |HD| - [30/10/2015 08:24:25] - [0 Ko] - C:\WINDOWS\System32\GroupPolicy [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 08:24:25] - [0 Ko] - C:\WINDOWS\System32\GroupPolicyUsers [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [29 Ko] - C:\WINDOWS\System32\gu-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [29 Ko] - C:\WINDOWS\System32\ha-Latn-NG [MD5.EA99A87E98D995DE6E280CF85CEAD413] - |A| - [12/04/2018 00:34:02] - (.-.) - [1.21 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HandwritingSystemToastIcon.contrast-white.png [MD5.B8E586ED92DB703FFA480E254996160E] - |A| - [12/04/2018 00:34:02] - (.-.) - [0.89 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HandwritingSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [327.5 Ko] - C:\WINDOWS\System32\he-IL [MD5.6E9E9D56B192B2995493E529CFF2BBFE] - |A| - [12/04/2018 00:34:02] - (.-.) - [1.43 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadphoneSystemToastIcon.contrast-white.png [MD5.7F1E9502267F778F3A8139C35A352190] - |A| - [12/04/2018 00:34:02] - (.-.) - [1.09 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadphoneSystemToastIcon.png [MD5.202A07E4526B050E22624328E64E0470] - |A| - [12/04/2018 00:34:02] - (.-.) - [1.52 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadsetSystemToastIcon.contrast-white.png [MD5.1892ACC10CAC009BCAC146AD650ABA58] - |A| - [12/04/2018 00:34:02] - (.-.) - [1.17 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadsetSystemToastIcon.png [MD5.031713BFD5F30E63336D3CA5D2767BE9] - |A| - [12/04/2018 00:34:02] - (.-.) - [1.79 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HealthSystemToastIcon.contrast-white.png [MD5.C1BD7976C99830E33A713D02374054EC] - |A| - [12/04/2018 00:34:02] - (.-.) - [1.62 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HealthSystemToastIcon.png [MD5.D6906D226393F94E7D8B3B2AC1E41D94] - |A| - [12/04/2018 00:34:10] - (.-.) - [247.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeatCore.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [29 Ko] - C:\WINDOWS\System32\hi-IN [MD5.53539EEFEA3E3FA261AC38CA0977E391] - |A| - [02/08/2016 21:37:25] - (.© 2015 Dolby Laboratories, Inc. - Dolby DAX2 HiFi API.) - [341.34 Ko] - (0.4.0.20) - C:\WINDOWS\System32\HiFiDAX2API.dll [MD5.E1712E7E7F912EC72EEDA318C3B25E25] - |A| - [12/04/2018 00:33:54] - (.-.) - [31 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HvSocket.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [27.5 Ko] - C:\WINDOWS\System32\hy-AM [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:20] - [160.64 Ko] - C:\WINDOWS\System32\hydrogen [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [5.36 Ko] - C:\WINDOWS\System32\ias [MD5.B9178219A1B69431A12ED114B409E8C9] - |A| - [02/08/2016 21:37:25] - (.Copyright (c) 2015, ICEpower a/s - ICEpower ICEsound audio effects.) - [321.11 Ko] - (1.0.0.15) - C:\WINDOWS\System32\ICEsoundAPO64.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [36.27 Ko] - C:\WINDOWS\System32\icsxml [MD5.CD591279F103D5E02F84ABD7ED450E57] - |RA| - [12/04/2018 00:34:12] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU I18N DLL.) - [1848 Ko] - (59.1.0.0) - C:\WINDOWS\System32\icuin.dll [MD5.4185EE055F39FD2D726A91E6A8A1A093] - |RA| - [12/04/2018 00:34:12] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Common DLL.) - [1311.5 Ko] - (59.1.0.0) - C:\WINDOWS\System32\icuuc.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [28.5 Ko] - C:\WINDOWS\System32\id-ID [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [27 Ko] - C:\WINDOWS\System32\ig-NG [MD5.67B646C256190F118619C9D10AAE4B5C] - |A| - [12/04/2018 00:34:04] - (.-.) - [168 Ko] - (0.0.0.0) - C:\WINDOWS\System32\IHDS.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [25220 Ko] - C:\WINDOWS\System32\IME [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [0 Ko] - C:\WINDOWS\System32\inetsrv [MD5.BB1480586B5C174900A1051CEB2B462F] - |A| - [12/04/2018 00:34:12] - (.-.) - [480.22 Ko] - (0.0.0.0) - C:\WINDOWS\System32\InputHost.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [6671.5 Ko] - C:\WINDOWS\System32\InputMethod [MD5.8DE9AE82152650C178BF1E24014E8503] - |A| - [12/04/2018 00:34:02] - (.-.) - [1.25 Ko] - (0.0.0.0) - C:\WINDOWS\System32\InputSystemToastIcon.contrast-white.png [MD5.0B9FBD6F3ED617CD36D042D3422F1C2B] - |A| - [12/04/2018 00:34:02] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\InputSystemToastIcon.png [MD5.6F7D1601DA55BBE5C7A79E01E236D7B9] - |A| - [02/08/2016 21:37:25] - (.© Knowles Electronics. - Knowles HD Audio APO.) - [589.83 Ko] - (4.1105.6000.53) - C:\WINDOWS\System32\KAAPORT64.dll [MD5.23AC7515B6D8A794BCC01B582F044078] - |A| - [12/04/2018 00:34:02] - (.-.) - [0.82 Ko] - (0.0.0.0) - C:\WINDOWS\System32\KeyboardSystemToastIcon.contrast-white.png [MD5.3DF873E16CCEA9B42857FB5FA085CB00] - |A| - [12/04/2018 00:34:02] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\KeyboardSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [28.5 Ko] - C:\WINDOWS\System32\kk-KZ [MD5.48BA9C6110A5EBA910E7FB2E7D23CFC1] - |A| - [19/11/2017 15:54:17] - (.Copyright © Kaspersky Lab ZAO 1996-2012. - Filtering Platform Helper Class.) - [107.59 Ko] - (1.0.0.12) - C:\WINDOWS\System32\klfphc.dll [MD5.7AC19A1EEF8F735AF745F8CE501217F5] - |A| - [15/10/2017 05:15:14] - (.© 2018 AO Kaspersky Lab. - System Interceptors PDK usermode service interceptor.) - [149.38 Ko] - (20.0.68.0) - C:\WINDOWS\System32\klhkum.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [28 Ko] - C:\WINDOWS\System32\km-KH [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [31.5 Ko] - C:\WINDOWS\System32\kn-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [297 Ko] - C:\WINDOWS\System32\ko-KR [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [29 Ko] - C:\WINDOWS\System32\kok-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [29.5 Ko] - C:\WINDOWS\System32\ku-Arab-IQ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [30 Ko] - C:\WINDOWS\System32\ky-KG [MD5.F0CC83E1BA7E24F9B3292160C28AECD7] - |A| - [12/04/2018 00:34:04] - (.-.) - [145.56 Ko] - (0.0.0.0) - C:\WINDOWS\System32\LargeRoom.bin [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [33 Ko] - C:\WINDOWS\System32\lb-LU [MD5.4F5120E44845A78D5920D2F0BDE0340F] - |A| - [12/04/2018 17:22:53] - (.-.) - [1953 Ko] - (2.6.4.0) - C:\WINDOWS\System32\libcrypto.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [559.86 Ko] - C:\WINDOWS\System32\Licenses [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [27 Ko] - C:\WINDOWS\System32\lo-LA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [6239.15 Ko] - C:\WINDOWS\System32\LogFiles [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [333 Ko] - C:\WINDOWS\System32\lt-LT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [331.5 Ko] - C:\WINDOWS\System32\lv-LV [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [30012.97 Ko] - C:\WINDOWS\System32\Macromed [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [32.68 Ko] - C:\WINDOWS\System32\MailContactsCalendarSync [MD5.75616F8DB5C092A8A50AFEC273859DD7] - |A| - [02/08/2016 21:37:25] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [311.34 Ko] - (2.2.9.0) - C:\WINDOWS\System32\MaxxAudioAPO20.dll [MD5.06080807E61471A18AD99F3E6FF3C9B5] - |A| - [02/08/2016 21:37:25] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [647.75 Ko] - (3.6.0.0) - C:\WINDOWS\System32\MaxxAudioAPO30.dll [MD5.A0DEEB5F93530A3C67E913F2EAE7AF7C] - |A| - [02/08/2016 21:37:25] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [1118.42 Ko] - (4.5.8.0) - C:\WINDOWS\System32\MaxxAudioAPO4064.dll [MD5.7C0186E421B1B5FC5824837D5078B4C1] - |A| - [02/08/2016 21:37:25] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [1164.42 Ko] - (5.6.5.0) - C:\WINDOWS\System32\MaxxAudioAPO5064.dll [MD5.06059CB3AACCBDA5865EFD9922832F82] - |A| - [02/08/2016 21:37:25] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [1342.42 Ko] - (6.1.12.0) - C:\WINDOWS\System32\MaxxAudioAPO6064.dll [MD5.CD2A9C650A6441544E4E4EB0B6F7C16E] - |A| - [02/08/2016 21:37:25] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [2724.42 Ko] - (7.0.10.0) - C:\WINDOWS\System32\MaxxAudioAPO7064.dll [MD5.71947A1775D4CBD9CBE580C6E97FF78E] - |A| - [02/08/2016 21:37:25] - (.Copyright (C) 2010-2013 - MaxxAudio APO Shell.) - [901.25 Ko] - (4.10.8.0) - C:\WINDOWS\System32\MaxxAudioAPOShell64.dll [MD5.E93ADE8C38CA41442FE60E844DED92AC] - |A| - [02/08/2016 21:37:25] - (.Copyright © 1996-2014 -.) - [1993.59 Ko] - (4.1.1.0) - C:\WINDOWS\System32\MaxxAudioEQ64.dll [MD5.CB56F27AFF28FB9576C6FC79E6D14036] - |A| - [02/08/2016 21:37:25] - (.Copyright © 1996-2013 -.) - [13719.25 Ko] - (4.4.10.0) - C:\WINDOWS\System32\MaxxAudioRealtek64.dll [MD5.581778867AEB80C4366057B3DE1DC4D0] - |A| - [02/08/2016 21:37:25] - (.© Waves Audio Ltd. - MaxxSpeech APO.) - [1283.11 Ko] - (1.1.4.0) - C:\WINDOWS\System32\MaxxSpeechAPO64.dll [MD5.4209912F4FC493FCB0816771448F9E8E] - |A| - [02/08/2016 21:37:25] - (.© Waves Audio Ltd. - MaxxVoice APO.) - [957.42 Ko] - (2.6.2.0) - C:\WINDOWS\System32\MaxxVoiceAPO2064.dll [MD5.DF3632EDBC612F4112F6FEDB024F6118] - |A| - [02/08/2016 21:37:25] - (.© Waves Audio Ltd. - MaxxVoice APO.) - [12691.92 Ko] - (3.1.13.0) - C:\WINDOWS\System32\MaxxVoiceAPO3064.dll [MD5.6C100BAE708BD61F65932087D9A69ECA] - |A| - [02/08/2016 21:37:25] - (.© Waves Audio Ltd. - MaxxVoice APO.) - [12533.92 Ko] - (4.0.8.0) - C:\WINDOWS\System32\MaxxVoiceAPO4064.dll [MD5.587A8CF457604D84266FF858CEB60223] - |A| - [02/08/2016 21:37:25] - (.© Waves Audio Ltd. - MaxxVolumeSD APO.) - [647.25 Ko] - (3.6.0.0) - C:\WINDOWS\System32\MaxxVolumeSDAPO.dll [MD5.9F46840758431946CA096F8096B016B4] - |A| - [05/09/2018 23:32:47] - (.-.) - [790 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MBR2GPT.EXE [MD5.F23EB28468FC8B62AF941308EC30387F] - |A| - [12/04/2018 00:34:02] - (.-.) - [1.25 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediaSystemToastIcon.contrast-white.png [MD5.6E27512E38D598E0A60F8E5ADCF032CD] - |A| - [12/04/2018 00:34:02] - (.-.) - [0.83 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediaSystemToastIcon.png [MD5.69D04DE701CF1E8CE69C65D1671D2B3F] - |A| - [12/04/2018 00:34:04] - (.-.) - [107.46 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediumRoom.bin [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [29 Ko] - C:\WINDOWS\System32\mi-NZ [MD5.00000000000000000000000000000000] - |D| - [18/05/2018 20:24:28] - [15.13 Ko] - C:\WINDOWS\System32\Microsoft [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [5570.96 Ko] - C:\WINDOWS\System32\migration [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [47370.49 Ko] - C:\WINDOWS\System32\migwiz [MD5.D225B2044789A6059344503C1AE33347] - |A| - [12/04/2018 00:34:29] - (.-.) - [3.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\mmc.exe.config [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [30.5 Ko] - C:\WINDOWS\System32\mn-MN [MD5.B43E43FFFDD0F06A6925C7C89594042B] - |A| - [12/04/2018 00:34:02] - (.-.) - [1.35 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MouseSystemToastIcon.contrast-white.png [MD5.5D2F0D3E50BF1129D260AC1405FF2A18] - |A| - [12/04/2018 00:34:02] - (.-.) - [1.06 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MouseSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [29.5 Ko] - C:\WINDOWS\System32\mr-IN [MD5.00000000000000000000000000000000] - |D| - [05/02/2016 17:28:51] - [0 Ko] - C:\WINDOWS\System32\MRT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [30 Ko] - C:\WINDOWS\System32\ms-MY [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [45.5 Ko] - C:\WINDOWS\System32\MSDRM [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [4292.28 Ko] - C:\WINDOWS\System32\MsDtc [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [31 Ko] - C:\WINDOWS\System32\mt-MT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [19.15 Ko] - C:\WINDOWS\System32\MUI [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [34.35 Ko] - C:\WINDOWS\System32\my-mm [MD5.52D09193B954697371DFA7BE9E520D05] - |A| - [02/08/2016 21:37:25] - (.Copyright © 2013 Nahimic Inc. All rights reserved - Nahimic APO lfx dll.) - [5112.26 Ko] - (6.3.9600.17231) - C:\WINDOWS\System32\NAHIMICAPOlfx.dll [MD5.4E5442D9B14EF9EF679CD8D65CD50A51] - |A| - [02/08/2016 21:37:26] - (.Copyright © 2013 Nahimic Inc. All rights reserved - Nahimic APO Settings Communication Dll.) - [971.8 Ko] - (1.0.0.14866) - C:\WINDOWS\System32\NahimicAPONSControl.dll [MD5.BE01A0E01C03156B908EDDB4406EC972] - |A| - [02/08/2016 21:37:26] - (.Copyright © 2013 Nahimic Inc. All rights reserved - Nahimic APO lfx dll.) - [5574.94 Ko] - (6.3.9600.16384) - C:\WINDOWS\System32\NAHIMICV2apo.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [393.5 Ko] - C:\WINDOWS\System32\nb-NO [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [768 Ko] - C:\WINDOWS\System32\NDF [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [31.5 Ko] - C:\WINDOWS\System32\ne-NP [MD5.6795B6F8EB774893C6A411C33309FA05] - |A| - [28/09/2016 11:33:54] - (.-.) - [113.91 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NetSetupMig.log [MD5.C146E873B22C3B300B21A859FE66C27A] - |A| - [12/04/2018 00:34:39] - (.-.) - [21.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NetTrace.PLA.Diagnostics.xml [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [51 Ko] - C:\WINDOWS\System32\networklist [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [422.5 Ko] - C:\WINDOWS\System32\nl-NL [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [28.5 Ko] - C:\WINDOWS\System32\nn-NO [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [30.5 Ko] - C:\WINDOWS\System32\nso-ZA [MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 00:38:21] - [3781.5 Ko] - C:\WINDOWS\System32\Nui [MD5.43EE5D523F29FC802E8A219FD1CF1F8C] - |A| - [09/11/2017 03:57:26] - (.-.) - [0.65 Ko] - (0.0.0.0) - C:\WINDOWS\System32\nv-vk64.json [MD5.0D26105579DFA185FB414D6712C53BFE] - |A| - [28/09/2016 11:35:00] - (.-.) - [7620.04 Ko] - (0.0.0.0) - C:\WINDOWS\System32\nvcoproc.bin [MD5.8245AF8C7F4E36D9DF9BF2EAC61C1341] - |A| - [09/11/2017 03:57:28] - (.-.) - [47.31 Ko] - (0.0.0.0) - C:\WINDOWS\System32\nvinfo.pb [MD5.B537BF43DB70CB9B316BEC73A59AED9F] - |A| - [02/08/2016 11:45:43] - (.-.) - [109.41 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NvRtmpStreamer64.dll [MD5.1F8E72D18D9DF680D0E0E5AA10ECA760] - |A| - [12/04/2018 00:38:28] - (.-.) - [16.94 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OEMDefaultAssociations.xml [MD5.F3DC097E834C1A11F2BEDFD429C644A9] - |A| - [12/04/2018 00:33:53] - (.-.) - [0.41 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.contrast-black.png [MD5.BFE1CCA08FEFC8A3422F7DA615567D75] - |A| - [12/04/2018 00:33:53] - (.-.) - [0.43 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.contrast-white.png [MD5.F3DC097E834C1A11F2BEDFD429C644A9] - |A| - [12/04/2018 00:33:53] - (.-.) - [0.41 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [16350.31 Ko] - C:\WINDOWS\System32\oobe [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:54] - [3834.5 Ko] - C:\WINDOWS\System32\OpenSSH [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [32.5 Ko] - C:\WINDOWS\System32\or-IN [MD5.459FB33AA2114A28C5932FEAA115B072] - |A| - [12/04/2018 00:34:04] - (.-.) - [45.82 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OutdoorAudioEnvironment.bin [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [28.5 Ko] - C:\WINDOWS\System32\pa-Arab-PK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [30 Ko] - C:\WINDOWS\System32\pa-IN [MD5.874B0871DA3EC061D1BF30423C1E165B] - |A| - [12/04/2018 00:34:43] - (.-.) - [48.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PerceptionSimulationInput.exe [MD5.FC79A01FF933557C4E40506054BC11DD] - |A| - [12/04/2018 00:40:29] - (.-.) - [129.59 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc009.dat [MD5.6BFD07D23CAADC567EA40688590883FE] - |A| - [12/04/2018 17:18:42] - (.-.) - [145.82 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc00C.dat [MD5.1E60BC5E525063B96078DF17FBD3C4E1] - |A| - [12/04/2018 00:40:29] - (.-.) - [32.64 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd009.dat [MD5.9F9AF8517189B0D61B2615007E071084] - |A| - [12/04/2018 17:18:42] - (.-.) - [39.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd00C.dat [MD5.4D5507AF989E9EAEF9CE3A9B0D3492F3] - |A| - [12/04/2018 00:40:29] - (.-.) - [683.36 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh009.dat [MD5.C8693D36B9468577E5316D2D5BEEC31E] - |A| - [12/04/2018 17:18:42] - (.-.) - [771.28 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh00C.dat [MD5.66F81CBC69F02F7B293DA064FC990A2F] - |A| - [18/05/2018 19:36:59] - (.-.) - [1725.19 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PerfStringBackup.INI [MD5.79D34E3B62076D4C875C748F5BE71ECA] - |A| - [12/04/2018 00:34:02] - (.-.) - [2.21 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PhoneSystemToastIcon.contrast-white.png [MD5.4D9495349D00D9AD907F227FF51F289F] - |A| - [12/04/2018 00:34:02] - (.-.) - [1.92 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PhoneSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [420 Ko] - C:\WINDOWS\System32\pl-PL [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [693.5 Ko] - C:\WINDOWS\System32\PointOfService [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:18:39] - [971.35 Ko] - C:\WINDOWS\System32\Printing_Admin_Scripts [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [0 Ko] - C:\WINDOWS\System32\ProximityToast [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [30.5 Ko] - C:\WINDOWS\System32\prs-AF [MD5.EEA2E4B98E4D1060823F1000FA80A21B] - |A| - [14/11/2016 00:59:01] - (.-.) - [9.02 Ko] - (0.0.0.0) - C:\WINDOWS\System32\prxOff.ini [MD5.007893E8374C766471239EB291BA8C17] - |A| - [12/04/2018 00:34:40] - (.-.) - [4.05 Ko] - (0.0.0.0) - C:\WINDOWS\System32\psmodulediscoveryprovider.mof [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [422 Ko] - C:\WINDOWS\System32\pt-BR [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [417.5 Ko] - C:\WINDOWS\System32\pt-PT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [32.5 Ko] - C:\WINDOWS\System32\quc-Latn-GT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [30.5 Ko] - C:\WINDOWS\System32\quz-PE [MD5.8882AD10853E45402CABD3BAF48A7EFC] - |A| - [02/08/2016 21:37:26] - (.©2012 Dolby Laboratories. - Dolby PCEE4 ASL Analog x64.) - [121.27 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EEA64A.dll [MD5.0B5EF50E26CFD1E7BF01E32E053532B2] - |A| - [02/08/2016 21:37:26] - (.©2012 Dolby Laboratories. - Dolby PCEE4 COM DLL x64.) - [424.77 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EED64A.dll [MD5.01096663377134C41D618AF0E53A953E] - |A| - [02/08/2016 21:37:26] - (.©2012 Dolby Laboratories. - Dolby PCEE4 GFX APO x64.) - [73.27 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EEG64A.dll [MD5.D0EB28022A91A5C084E8A7DEBB08D8D2] - |A| - [02/08/2016 21:37:26] - (.©2012 Dolby Laboratories. - Dolby PCEE4 LFX APO x64.) - [138.27 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EEL64A.dll [MD5.03625A179B27362D3A90E3331AEBE95E] - |A| - [02/08/2016 21:37:26] - (.©2012 Dolby Laboratories. - Dolby PCEE4 Control Panel x64.) - [6996.27 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EEP64A.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [23.75 Ko] - C:\WINDOWS\System32\ras [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [0 Ko] - C:\WINDOWS\System32\RasToast [MD5.5BBEA6A833CAE2CAB5E400D757998BBF] - |A| - [05/09/2018 23:33:09] - (.-.) - [1907.5 Ko] - (1.0.1802.7001) - C:\WINDOWS\System32\rdpnano.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [390650.76 Ko] - C:\WINDOWS\System32\Recovery [MD5.826549DF7B1333179BA8CA939B12DAD3] - |A| - [12/04/2018 00:34:02] - (.-.) - [1.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RemoteSystemToastIcon.contrast-white.png [MD5.B4DEEC96F9DF6961D5DE054F11BF9C2B] - |A| - [12/04/2018 00:34:02] - (.-.) - [1.1 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RemoteSystemToastIcon.png [MD5.93915F385A4EED6C0FBEE364EA90CE56] - |A| - [12/04/2018 00:34:43] - (.-.) - [9.09 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriHMImageList [MD5.39A2449AFF6ABAD80B97EA7C7CEB3F8E] - |A| - [12/04/2018 00:34:43] - (.-.) - [8.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriImageList [MD5.831C579709F4761E4AB7053FCF4176EC] - |A| - [12/04/2018 00:33:53] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.contrast-black.png [MD5.DF286186041C6BF73C5DC21CEEEFFED5] - |A| - [12/04/2018 00:33:53] - (.-.) - [0.77 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.contrast-white.png [MD5.831C579709F4761E4AB7053FCF4176EC] - |A| - [12/04/2018 00:33:53] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [0 Ko] - C:\WINDOWS\System32\restore [MD5.E9D4A333DF15D06C68AC4BFB9B6581CB] - |A| - [02/08/2016 21:37:27] - (.© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DAA Control Panel x64.) - [302.84 Ko] - (6.0.6001.18) - C:\WINDOWS\System32\RP3DAA64.dll [MD5.B6FE01558CC03F3866C9AD0ED19261D8] - |A| - [02/08/2016 21:37:27] - (.© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DHT Control Panel x64.) - [302.84 Ko] - (6.0.6001.18) - C:\WINDOWS\System32\RP3DHT64.dll [MD5.A6286A6C7A1BBFCBA17AA54384A21D1C] - |A| - [02/08/2016 21:37:27] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 COM DLL x64.) - [199.34 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEED64A.dll [MD5.6F4CD493196100EEF349D7132CECAFD9] - |A| - [02/08/2016 21:37:27] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 GFX APO x64.) - [76.84 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEEG64A.dll [MD5.ECAEC5FBBBEF8612AF0A866AFA5F7EF2] - |A| - [02/08/2016 21:37:27] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 LFX APO x64.) - [98.84 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEEL64A.dll [MD5.D0D0D82B7366E691275E433CD34F89B2] - |A| - [02/08/2016 21:37:27] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 Control Panel x64.) - [366.34 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEEP64A.dll [MD5.0F0CE558A9D992E8E0336E6ACB3FAF85] - |A| - [12/04/2018 00:34:04] - (.-.) - [51.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\runexehelper.exe [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [29.5 Ko] - C:\WINDOWS\System32\rw-RW [MD5.5C18CD22BE4628865FCB63337A6E5EF6] - |A| - [12/04/2018 00:35:22] - (.-.) - [10.18 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScavengeSpace.xml [MD5.2F24BC74DCB28FE032C1596755385917] - |A| - [12/04/2018 00:33:53] - (.-.) - [0.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.contrast-black.png [MD5.E72B1B6800DE45AA9AE7E10F899E5999] - |A| - [12/04/2018 00:33:53] - (.-.) - [0.54 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.contrast-white.png [MD5.2F24BC74DCB28FE032C1596755385917] - |A| - [12/04/2018 00:33:53] - (.-.) - [0.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [30 Ko] - C:\WINDOWS\System32\sd-Arab-PK [MD5.A8308D2F3DDE0745E8B678BF69A2ECD0] - |A| - [12/04/2018 00:34:39] - (.-.) - [8 Ko] - (0.0.0.0) - C:\WINDOWS\System32\settings.dat [MD5.17ABCAD44A75C635583A238ED6333357] - |A| - [02/08/2016 21:37:27] - (.Copyright (c) 2006-2011 Synopsys, Inc. All Rights Reserved - SFAPO.DLL.) - [76.84 Ko] - (3.0.0.16) - C:\WINDOWS\System32\SFAPO64.dll [MD5.2C25AF115BDDC05D9A84D26227A08E63] - |A| - [02/08/2016 21:37:27] - (.Copyright (c) 2006-2011 Synopsys, Inc. All Rights Reserved - SFCOM.DLL.) - [79.34 Ko] - (3.0.0.16) - C:\WINDOWS\System32\SFCOM64.dll [MD5.7B3E9344FB43D799C6462227A0E65877] - |A| - [02/08/2016 21:37:27] - (.Copyright (c) 2006-2011 Synopsys, Inc. All Rights Reserved - SFNHK.DLL.) - [215.84 Ko] - (3.0.0.16) - C:\WINDOWS\System32\SFNHK64.dll [MD5.DBB99601D716F92CDD97CE4E60865319] - |A| - [02/08/2016 21:37:27] - (.Copyright (C) 2013 DTS, Inc. - DTS Studio Sound.) - [921.66 Ko] - (3.1.38.0) - C:\WINDOWS\System32\sl3apo64.dll [MD5.6F8B108E8B57AC88F90D6EA13B2A1755] - |A| - [02/08/2016 21:37:27] - (.Copyright (C) 2011 SRS Labs, Inc. - SRS Labs.) - [1078.16 Ko] - (3.1.38.0) - C:\WINDOWS\System32\slcnt64.dll [MD5.00000000000000000000000000000000] - |D| - [18/05/2018 19:27:26] - [70094.25 Ko] - C:\WINDOWS\System32\SleepStudy [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:18:39] - [98.06 Ko] - C:\WINDOWS\System32\slmgr [MD5.2E4C258CB2FF3D249FD0ABBCABC664A1] - |A| - [02/08/2016 21:37:27] - (.TODO: (c) . - TODO: .) - [244.66 Ko] - (1.0.0.1) - C:\WINDOWS\System32\slprp64.dll [MD5.EC05C33DF2CF20D839FE3650505ED6ED] - |A| - [02/08/2016 21:37:27] - (.Copyright (C) 2013 DTS, Inc. - DTS Studio Sound.) - [717.16 Ko] - (3.1.38.0) - C:\WINDOWS\System32\sltech64.dll [MD5.DAC275ABAAD2B689D7BB3685E4032072] - |A| - [12/04/2018 00:34:04] - (.-.) - [68.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SmallRoom.bin [MD5.00000000000000000000000000000000] - |D| - [11/04/2018 22:04:33] - [13417.02 Ko] - C:\WINDOWS\System32\SMI [MD5.55121989BE7B289813D419BA0FDEE8B7] - |A| - [12/04/2018 00:33:53] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.contrast-black.png [MD5.E30B7D226E7B5B0EC2B9FC2316694ECC] - |A| - [12/04/2018 00:33:53] - (.-.) - [0.88 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.contrast-white.png [MD5.55121989BE7B289813D419BA0FDEE8B7] - |A| - [12/04/2018 00:33:53] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.png [MD5.DE3EAAF17BC934C77C4FC0C626EEA03B] - |A| - [12/04/2018 00:34:02] - (.-.) - [1.48 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SpeakersSystemToastIcon.contrast-white.png [MD5.3308374DB8D20CFDA4D4204E2B5E559E] - |A| - [12/04/2018 00:34:02] - (.-.) - [0.88 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SpeakersSystemToastIcon.png [MD5.3C238A27DD48D63F21CBB8AE6E4210BD] - |A| - [12/04/2018 00:34:41] - (.-.) - [37 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SpectrumSyncClient.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [7627.9 Ko] - C:\WINDOWS\System32\Speech [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [12278.17 Ko] - C:\WINDOWS\System32\Speech_OneCore [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [501298.66 Ko] - C:\WINDOWS\System32\spool [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [8753.34 Ko] - C:\WINDOWS\System32\spp [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [23.61 Ko] - C:\WINDOWS\System32\sppui [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [30.5 Ko] - C:\WINDOWS\System32\sq-AL [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [29.5 Ko] - C:\WINDOWS\System32\sr-Cyrl-BA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [29.5 Ko] - C:\WINDOWS\System32\sr-Cyrl-RS [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [0 Ko] - C:\WINDOWS\System32\sr-Latn-CS [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [337 Ko] - C:\WINDOWS\System32\sr-Latn-RS [MD5.A5F6491F71A0DAF25140CA915600AB37] - |A| - [02/08/2016 21:37:27] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRAPO.DLL.) - [443.64 Ko] - (4.0.0.59) - C:\WINDOWS\System32\SRAPO64.dll [MD5.48435D12B45AB1F954CB579D1EA15D52] - |A| - [02/08/2016 21:37:27] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRCOM.DLL.) - [321.64 Ko] - (4.0.0.59) - C:\WINDOWS\System32\SRCOM.dll [MD5.18F4327F7A659F4B1017C0E4C03EB50B] - |A| - [02/08/2016 21:37:27] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRCOM.DLL.) - [360.64 Ko] - (4.0.0.59) - C:\WINDOWS\System32\SRCOM64.dll [MD5.2E00E08420875FAE0B173C6A34C2A575] - |A| - [05/09/2018 23:32:35] - (.-.) - [18.28 Ko] - (0.0.0.0) - C:\WINDOWS\System32\srms-apr.dat [MD5.4FD560E994EDF0353835F3F9F506A62C] - |A| - [05/09/2018 23:32:32] - (.-.) - [57.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\srms.dat [MD5.D47D28D2AD44318805CF5EF15665D570] - |A| - [02/08/2016 21:37:27] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRRPTR.DLL.) - [1380.64 Ko] - (4.0.0.59) - C:\WINDOWS\System32\SRRPTR64.dll [MD5.A88BE9A6C4E646A2B2A1BD3A7F4B58E7] - |A| - [02/08/2016 21:37:27] - (.(c) 2007 SRS Labs, Inc. - COM object implementing SRS Headphone 360.) - [194.23 Ko] - (1.1.0.0) - C:\WINDOWS\System32\SRSHP64.dll [MD5.A028717B791416182959B325D5B40679] - |A| - [02/08/2016 21:37:27] - (.Copyright (c) 2006 SRS Labs, Inc.. - TruSurround HD and HD4 COM object for Windows.) - [206.23 Ko] - (1.1.4.0) - C:\WINDOWS\System32\SRSTSH64.dll [MD5.018D3D2478754AA411DE6DA6DE5F8F21] - |A| - [02/08/2016 21:37:27] - (.Copyright 2002 SRS Labs, Inc. - TruSurroundXT Module.) - [506.73 Ko] - (3.2.0.0) - C:\WINDOWS\System32\SRSTSX64.dll [MD5.2FCADCC14F8E540F6ADE4BF92BD8AEDD] - |A| - [02/08/2016 21:37:27] - (.(c) 2006 SRS Labs, Inc. - WOW HD COM object for Windows.) - [152.23 Ko] - (1.1.3.0) - C:\WINDOWS\System32\SRSWOW64.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [58904 Ko] - C:\WINDOWS\System32\sru [MD5.8A02EF186BDC952CA75EFA689EC4F275] - |A| - [12/04/2018 00:34:04] - (.-.) - [434 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ssdm.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [401.5 Ko] - C:\WINDOWS\System32\sv-SE [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [29 Ko] - C:\WINDOWS\System32\sw-KE [MD5.00000000000000000000000000000000] - |D| - [11/04/2018 22:04:37] - [1411.16 Ko] - C:\WINDOWS\System32\Sysprep [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [930.78 Ko] - C:\WINDOWS\System32\SystemResetPlatform [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [44.73 Ko] - C:\WINDOWS\System32\ta-in [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [10.73 Ko] - C:\WINDOWS\System32\ta-lk [MD5.9CD66B93520B6DD13C71EAEF487D7899] - |A| - [12/04/2018 00:34:16] - (.Copyright (c) libarchive authors - bsdtar archive tool.) - [49 Ko] - (3.3.2.0) - C:\WINDOWS\System32\tar.exe [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [628.72 Ko] - C:\WINDOWS\System32\Tasks [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [584.89 Ko] - C:\WINDOWS\System32\Tasks_Migrated [MD5.3FD03A130DAF033DFB0EB93228286810] - |A| - [05/09/2018 23:32:34] - (.-.) - [1.28 Ko] - (0.0.0.0) - C:\WINDOWS\System32\tcbres.wim [MD5.D602CA245CC6774A0981B607F0675609] - |A| - [12/04/2018 00:34:33] - (.-.) - [58.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\tcpmon.ini [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [30 Ko] - C:\WINDOWS\System32\te-IN [MD5.B88B8D017386A00D7724519F475317A0] - |A| - [12/04/2018 00:34:44] - (.-.) - [10.33 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlan.xslt [MD5.2F05390B798363D51EBE65D6320CD45E] - |A| - [12/04/2018 00:34:44] - (.-.) - [1.65 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlanCredentials.xslt [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [28.5 Ko] - C:\WINDOWS\System32\tt-RU [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [28 Ko] - C:\WINDOWS\System32\ug-CN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [334.5 Ko] - C:\WINDOWS\System32\uk-UA [MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 00:38:21] - [2716.96 Ko] - C:\WINDOWS\System32\UNP [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [29.5 Ko] - C:\WINDOWS\System32\ur-PK [MD5.5B0D59652F66ABB715DC53C312B26BD0] - |A| - [12/04/2018 00:34:14] - (.-.) - [37 Ko] - (0.0.0.0) - C:\WINDOWS\System32\UsbPmApi.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [32 Ko] - C:\WINDOWS\System32\uz-Latn-UZ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [31.5 Ko] - C:\WINDOWS\System32\vi-VN [MD5.8140DA331F52518CC5FF25E69093BC5C] - |A| - [09/09/2016 19:25:10] - (.Copyright (C) 2015-2016 - Vulkan Loader.) - [255.78 Ko] - (1.0.26.0) - C:\WINDOWS\System32\vulkan-1-1-0-26-0.dll [MD5.8140DA331F52518CC5FF25E69093BC5C] - |A| - [08/02/2017 23:30:54] - (.Copyright (C) 2015-2016 - Vulkan Loader.) - [255.78 Ko] - (1.0.26.0) - C:\WINDOWS\System32\vulkan-1.dll [MD5.61DA784EB8C8E133EB3BB4AFBDD66758] - |A| - [09/09/2016 19:24:38] - (.-.) - [122.28 Ko] - (0.0.0.0) - C:\WINDOWS\System32\vulkaninfo-1-1-0-26-0.exe [MD5.61DA784EB8C8E133EB3BB4AFBDD66758] - |A| - [08/02/2017 23:30:54] - (.-.) - [122.28 Ko] - (0.0.0.0) - C:\WINDOWS\System32\vulkaninfo.exe [MD5.D5DBBF94106B931112FBFB19A1351506] - |A| - [02/08/2016 21:37:27] - (.Copyright © 1996-2012 - General Library for Plug-Ins.) - [2052.59 Ko] - (4.4.5.0) - C:\WINDOWS\System32\WavesGUILib64.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [103548.62 Ko] - C:\WINDOWS\System32\wbem [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:18:39] - [0 Ko] - C:\WINDOWS\System32\WCN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [124583.6 Ko] - C:\WINDOWS\System32\WDI [MD5.6EDD021A8B6457DDE09DE7B7FA4E8C8B] - |A| - [12/04/2018 00:34:19] - (.-.) - [0.6 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WdsUnattendTemplate.xml [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [1.12 Ko] - C:\WINDOWS\System32\WinBioDatabase [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [44134.66 Ko] - C:\WINDOWS\System32\WinBioPlugIns [MD5.9FB33FC28587B322B6563F73A8F0CBBD] - |A| - [12/04/2018 00:34:10] - (.-.) - [123 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WindowsDefaultHeatProcessor.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [10062.01 Ko] - C:\WINDOWS\System32\WindowsPowerShell [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [170284 Ko] - C:\WINDOWS\System32\winevt [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [5569.42 Ko] - C:\WINDOWS\System32\WinMetadata [MD5.A6C58E75174174E45B76DE84B8F7B36C] - |A| - [14/11/2016 00:58:58] - (.-.) - [337.73 Ko] - (0.0.0.0) - C:\WINDOWS\System32\winmvtl.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:18:39] - [207.64 Ko] - C:\WINDOWS\System32\winrm [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [27.5 Ko] - C:\WINDOWS\System32\wo-SN [MD5.C30C621748C66CE751B19B2788559A3E] - |A| - [12/04/2018 00:34:42] - (.-.) - [4.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpcmon.png [MD5.A853BF78DA5ED707FC4430FBEA74CC15] - |A| - [12/04/2018 00:34:02] - (.-.) - [0.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpr.config.xml [MD5.DE198ABE13B6E663E60E006E17CF68B1] - |A| - [12/04/2018 00:34:06] - (.-.) - [79.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\xboxgipsynthetic.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [30 Ko] - C:\WINDOWS\System32\xh-ZA [MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [12/04/2018 00:34:49] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@AudioToastIcon.png [MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [12/04/2018 00:34:48] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@EnrollmentToastIcon.png [MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [12/04/2018 00:34:59] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@VpnToastIcon.png [MD5.DB71001FC261F6685BE410527DAE3942] - |A| - [12/04/2018 00:34:49] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@WirelessDisplayToast.png [MD5.00000000000000000000000000000000] - |D| - [11/04/2018 22:04:41] - [1900.9 Ko] - C:\WINDOWS\SysWOW64\AdvancedInstallers [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [29.5 Ko] - C:\WINDOWS\SysWOW64\af-ZA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [22 Ko] - C:\WINDOWS\SysWOW64\am-ET [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\AppLocker [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [326.5 Ko] - C:\WINDOWS\SysWOW64\ar-SA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [30.5 Ko] - C:\WINDOWS\SysWOW64\as-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [30 Ko] - C:\WINDOWS\SysWOW64\az-Latn-AZ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [29.5 Ko] - C:\WINDOWS\SysWOW64\be-BY [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [324 Ko] - C:\WINDOWS\SysWOW64\bg-BG [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [28.5 Ko] - C:\WINDOWS\SysWOW64\bn-BD [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [29.5 Ko] - C:\WINDOWS\SysWOW64\bn-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [28.5 Ko] - C:\WINDOWS\SysWOW64\bs-Latn-BA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [0.1 Ko] - C:\WINDOWS\SysWOW64\Bthprops [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [30.5 Ko] - C:\WINDOWS\SysWOW64\ca-ES [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [31 Ko] - C:\WINDOWS\SysWOW64\ca-ES-valencia [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\catroot [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [23 Ko] - C:\WINDOWS\SysWOW64\chr-CHER-US [MD5.38718C4E864DC8F8E1DB0EF3B5566FA7] - |A| - [06/10/2017 21:27:25] - (.Copyright (C) 2004/05 Sony DADC Austria AG - SecuROM Context-Menu for Explorer..) - [174.61 Ko] - (1.1.221.0) - C:\WINDOWS\SysWOW64\CmdLineExt_x64.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [325.5 Ko] - C:\WINDOWS\SysWOW64\com [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [22187.55 Ko] - C:\WINDOWS\SysWOW64\config [MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 00:38:21] - [86.84 Ko] - C:\WINDOWS\SysWOW64\Configuration [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [382 Ko] - C:\WINDOWS\SysWOW64\cs-CZ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [31.5 Ko] - C:\WINDOWS\SysWOW64\cy-GB [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [379 Ko] - C:\WINDOWS\SysWOW64\da-DK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [430.5 Ko] - C:\WINDOWS\SysWOW64\de-DE [MD5.C04ED7B2794D40E8E777FD44ED44FC50] - |A| - [12/04/2018 00:34:46] - (.-.) - [0.36 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\DefaultAccountTile.png [MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 00:38:21] - [205 Ko] - C:\WINDOWS\SysWOW64\DiagSvcs [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [8052.73 Ko] - C:\WINDOWS\SysWOW64\Dism [MD5.A352B52F35D156C36F1DA586E6AE5432] - |A| - [04/11/2016 16:53:40] - (.-.) - [0.17 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\DOErrors.log [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [2503.91 Ko] - C:\WINDOWS\SysWOW64\downlevel [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [3438.15 Ko] - C:\WINDOWS\SysWOW64\drivers [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [0.45 Ko] - C:\WINDOWS\SysWOW64\DriverStore [MD5.9AA997FF3AE8B83DAA7DA88617A7FB2C] - |A| - [31/10/2017 08:39:35] - (.Copyright © EasyAntiCheat Ltd 2017 - EasyAntiCheat Service.) - [373.54 Ko] - (4.0.0.0) - C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [428 Ko] - C:\WINDOWS\SysWOW64\el-GR [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:18:39] - [3118 Ko] - C:\WINDOWS\SysWOW64\en [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [304 Ko] - C:\WINDOWS\SysWOW64\en-GB [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [33963.84 Ko] - C:\WINDOWS\SysWOW64\en-US [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [411.5 Ko] - C:\WINDOWS\SysWOW64\es-ES [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [336.5 Ko] - C:\WINDOWS\SysWOW64\es-MX [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [299.5 Ko] - C:\WINDOWS\SysWOW64\et-EE [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [29 Ko] - C:\WINDOWS\SysWOW64\eu-ES [MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 00:38:21] - [13099.15 Ko] - C:\WINDOWS\SysWOW64\F12 [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [28.5 Ko] - C:\WINDOWS\SysWOW64\fa-IR [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [383 Ko] - C:\WINDOWS\SysWOW64\fi-FI [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [32.5 Ko] - C:\WINDOWS\SysWOW64\fil-PH [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:18:40] - [3149.5 Ko] - C:\WINDOWS\SysWOW64\fr [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [346 Ko] - C:\WINDOWS\SysWOW64\fr-CA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [37137.15 Ko] - C:\WINDOWS\SysWOW64\fr-FR [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\FxsTmp [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [32.5 Ko] - C:\WINDOWS\SysWOW64\ga-IE [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [34 Ko] - C:\WINDOWS\SysWOW64\gd-GB [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [31 Ko] - C:\WINDOWS\SysWOW64\gl-ES [MD5.1E91815C329345AD54FE08BF7A98F749] - |A| - [12/04/2018 17:19:16] - (.Copyright (C) 2017 - Gracenote SDK component.) - [4073.5 Ko] - (3.10.5.5585) - C:\WINDOWS\SysWOW64\gnsdk_fp.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\GroupPolicy [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\GroupPolicyUsers [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [29 Ko] - C:\WINDOWS\SysWOW64\gu-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [29 Ko] - C:\WINDOWS\SysWOW64\ha-Latn-NG [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [309.5 Ko] - C:\WINDOWS\SysWOW64\he-IL [MD5.B4242227EAA6B910E3D0B985816DB2E7] - |A| - [12/04/2018 00:34:45] - (.-.) - [218 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\HeatCore.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [29 Ko] - C:\WINDOWS\SysWOW64\hi-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [314.5 Ko] - C:\WINDOWS\SysWOW64\hr-HR [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [389.5 Ko] - C:\WINDOWS\SysWOW64\hu-HU [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [27.5 Ko] - C:\WINDOWS\SysWOW64\hy-AM [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [36.27 Ko] - C:\WINDOWS\SysWOW64\icsxml [MD5.17F5D3282D520EB2EA7C488AA6C57438] - |RA| - [12/04/2018 00:34:47] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU I18N DLL.) - [1594 Ko] - (59.1.0.0) - C:\WINDOWS\SysWOW64\icuin.dll [MD5.A456E020684366A0DB0714ABFB1B5A2A] - |RA| - [12/04/2018 00:34:47] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Common DLL.) - [1134 Ko] - (59.1.0.0) - C:\WINDOWS\SysWOW64\icuuc.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [28.5 Ko] - C:\WINDOWS\SysWOW64\id-ID [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [27 Ko] - C:\WINDOWS\SysWOW64\ig-NG [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [20757.55 Ko] - C:\WINDOWS\SysWOW64\IME [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\inetsrv [MD5.9DDE110E76DD3D7FAA7282361069528E] - |A| - [12/04/2018 00:34:47] - (.-.) - [355.66 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\InputHost.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [215.5 Ko] - C:\WINDOWS\SysWOW64\InputMethod [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [1160 Ko] - C:\WINDOWS\SysWOW64\InstallShield [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\Ipmi [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [29 Ko] - C:\WINDOWS\SysWOW64\is-IS [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [410.5 Ko] - C:\WINDOWS\SysWOW64\it-IT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [288 Ko] - C:\WINDOWS\SysWOW64\ja-JP [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [28.5 Ko] - C:\WINDOWS\SysWOW64\ka-GE [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [28.5 Ko] - C:\WINDOWS\SysWOW64\kk-KZ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [28 Ko] - C:\WINDOWS\SysWOW64\km-KH [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [31.5 Ko] - C:\WINDOWS\SysWOW64\kn-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [283.5 Ko] - C:\WINDOWS\SysWOW64\ko-KR [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [29 Ko] - C:\WINDOWS\SysWOW64\kok-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [29.5 Ko] - C:\WINDOWS\SysWOW64\ku-Arab-IQ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [30 Ko] - C:\WINDOWS\SysWOW64\ky-KG [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [16/11/2017 06:34:56] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\last.dump [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [33 Ko] - C:\WINDOWS\SysWOW64\lb-LU [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [559.86 Ko] - C:\WINDOWS\SysWOW64\Licenses [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [27 Ko] - C:\WINDOWS\SysWOW64\lo-LA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\LogFiles [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [313 Ko] - C:\WINDOWS\SysWOW64\lt-LT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [311.5 Ko] - C:\WINDOWS\SysWOW64\lv-LV [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [24557.69 Ko] - C:\WINDOWS\SysWOW64\Macromed [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [32.68 Ko] - C:\WINDOWS\SysWOW64\MailContactsCalendarSync [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [29 Ko] - C:\WINDOWS\SysWOW64\mi-NZ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [3054.92 Ko] - C:\WINDOWS\SysWOW64\migration [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [827.4 Ko] - C:\WINDOWS\SysWOW64\migwiz [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [30 Ko] - C:\WINDOWS\SysWOW64\mk-MK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [32.5 Ko] - C:\WINDOWS\SysWOW64\ml-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [30.5 Ko] - C:\WINDOWS\SysWOW64\mn-MN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [29.5 Ko] - C:\WINDOWS\SysWOW64\mr-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [30 Ko] - C:\WINDOWS\SysWOW64\ms-MY [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [45.5 Ko] - C:\WINDOWS\SysWOW64\MSDRM [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [52.28 Ko] - C:\WINDOWS\SysWOW64\Msdtc [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [31 Ko] - C:\WINDOWS\SysWOW64\mt-MT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [19.15 Ko] - C:\WINDOWS\SysWOW64\MUI [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [374 Ko] - C:\WINDOWS\SysWOW64\nb-NO [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\NDF [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [31.5 Ko] - C:\WINDOWS\SysWOW64\ne-NP [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [51 Ko] - C:\WINDOWS\SysWOW64\networklist [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [400.5 Ko] - C:\WINDOWS\SysWOW64\nl-NL [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [28.5 Ko] - C:\WINDOWS\SysWOW64\nn-NO [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [30.5 Ko] - C:\WINDOWS\SysWOW64\nso-ZA [MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 00:38:21] - [3781.5 Ko] - C:\WINDOWS\SysWOW64\Nui [MD5.56AA0573CF4F7F7EDA2F692E53EEC7BE] - |A| - [09/11/2017 03:57:26] - (.-.) - [0.65 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\nv-vk32.json [MD5.B3B9C8925432FDA674ACCA908FE3CFDE] - |A| - [12/04/2018 00:34:02] - (.-.) - [36.79 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\OneDrive.ico [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [688.69 Ko] - C:\WINDOWS\SysWOW64\oobe [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [32.5 Ko] - C:\WINDOWS\SysWOW64\or-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [28.5 Ko] - C:\WINDOWS\SysWOW64\pa-Arab-PK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [30 Ko] - C:\WINDOWS\SysWOW64\pa-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [397.5 Ko] - C:\WINDOWS\SysWOW64\pl-PL [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:18:40] - [971.3 Ko] - C:\WINDOWS\SysWOW64\Printing_Admin_Scripts [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [30.5 Ko] - C:\WINDOWS\SysWOW64\prs-AF [MD5.598BE921DBCDFD865422B5DD5F3B1CAA] - |A| - [14/11/2016 00:59:01] - (.-.) - [9.02 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\prxOff.ini [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [400.5 Ko] - C:\WINDOWS\SysWOW64\pt-BR [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [395.5 Ko] - C:\WINDOWS\SysWOW64\pt-PT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [32.5 Ko] - C:\WINDOWS\SysWOW64\quc-Latn-GT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [30.5 Ko] - C:\WINDOWS\SysWOW64\quz-PE [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [23.75 Ko] - C:\WINDOWS\SysWOW64\ras [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\RasToast [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [0.82 Ko] - C:\WINDOWS\SysWOW64\Recovery [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\restore [MD5.48435D12B45AB1F954CB579D1EA15D52] - |A| - [02/08/2016 21:37:27] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRCOM.DLL.) - [321.64 Ko] - (4.0.0.59) - C:\WINDOWS\SysWOW64\SRCOM.dll [MD5.2E00E08420875FAE0B173C6A34C2A575] - |A| - [05/09/2018 23:32:35] - (.-.) - [18.28 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\srms-apr.dat [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\sru [MD5.DC2DB04CA829CAD7910CE71263F68C90] - |A| - [12/04/2018 00:34:45] - (.-.) - [321.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\ssdm.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [381.5 Ko] - C:\WINDOWS\SysWOW64\sv-SE [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [29 Ko] - C:\WINDOWS\SysWOW64\sw-KE [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:18:40] - [0 Ko] - C:\WINDOWS\SysWOW64\sysprep [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [34 Ko] - C:\WINDOWS\SysWOW64\ta-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\Tasks [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [30 Ko] - C:\WINDOWS\SysWOW64\te-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [32 Ko] - C:\WINDOWS\SysWOW64\tg-Cyrl-TJ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [289.5 Ko] - C:\WINDOWS\SysWOW64\th-TH [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [22.5 Ko] - C:\WINDOWS\SysWOW64\ti-ET [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [27.5 Ko] - C:\WINDOWS\SysWOW64\tk-TM [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [32.5 Ko] - C:\WINDOWS\SysWOW64\tn-ZA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [372.5 Ko] - C:\WINDOWS\SysWOW64\tr-TR [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [28.5 Ko] - C:\WINDOWS\SysWOW64\tt-RU [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [28 Ko] - C:\WINDOWS\SysWOW64\ug-CN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [314 Ko] - C:\WINDOWS\SysWOW64\uk-UA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [29.5 Ko] - C:\WINDOWS\SysWOW64\ur-PK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [32 Ko] - C:\WINDOWS\SysWOW64\uz-Latn-UZ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [31.5 Ko] - C:\WINDOWS\SysWOW64\vi-VN [MD5.4B0C0A8C960AF22761FB6A25D8A50DF2] - |A| - [26/12/2017 20:28:46] - (.Copyright © 2000-3 ON2 Technologies - VP6 VIDEO FOR WINDOWS CODEC.) - [437.26 Ko] - (6.0.6.4) - C:\WINDOWS\SysWOW64\vp6vfw.dll [MD5.2F28B023406F83D17ACE4294E2510F44] - |A| - [09/09/2016 19:25:58] - (.Copyright (C) 2015-2016 - Vulkan Loader.) - [263.28 Ko] - (1.0.26.0) - C:\WINDOWS\SysWOW64\vulkan-1-1-0-26-0.dll [MD5.2F28B023406F83D17ACE4294E2510F44] - |A| - [08/02/2017 23:30:54] - (.Copyright (C) 2015-2016 - Vulkan Loader.) - [263.28 Ko] - (1.0.26.0) - C:\WINDOWS\SysWOW64\vulkan-1.dll [MD5.6448CF3F64B96B8C72A9D5905F7C07B0] - |A| - [09/09/2016 19:25:28] - (.-.) - [108.28 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\vulkaninfo-1-1-0-26-0.exe [MD5.6448CF3F64B96B8C72A9D5905F7C07B0] - |A| - [08/02/2017 23:30:54] - (.-.) - [108.28 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\vulkaninfo.exe [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [18805.88 Ko] - C:\WINDOWS\SysWOW64\wbem [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:18:40] - [0 Ko] - C:\WINDOWS\SysWOW64\WCN [MD5.F8A04B2ADF9693ADF0D70B966CA4498E] - |A| - [12/04/2018 00:34:45] - (.-.) - [109 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\WindowsDefaultHeatProcessor.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [9201.61 Ko] - C:\WINDOWS\SysWOW64\WindowsPowerShell [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [5569.41 Ko] - C:\WINDOWS\SysWOW64\WinMetadata [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:18:40] - [207.64 Ko] - C:\WINDOWS\SysWOW64\winrm [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [27.5 Ko] - C:\WINDOWS\SysWOW64\wo-SN [MD5.62236256C14EBAB96F24E4F1D7049CA8] - |A| - [12/04/2018 00:34:45] - (.-.) - [54.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\xboxgipsynthetic.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [30 Ko] - C:\WINDOWS\SysWOW64\xh-ZA [MD5.00000000000000000000000000000000] - |D| - [18/05/2018 20:23:44] - [10.16 Ko] - C:\WINDOWS\SysWOW64\XPSViewer [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [29 Ko] - C:\WINDOWS\SysWOW64\yo-NG [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [245.5 Ko] - C:\WINDOWS\SysWOW64\zh-CN [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\zh-HK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [240.5 Ko] - C:\WINDOWS\SysWOW64\zh-TW [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:22:49] - [30 Ko] - C:\WINDOWS\SysWOW64\zu-ZA ---------- | [famille penaib] [22/08/2016 13:32:10] - |D| - [57] - C:\Users\famille penaib\.oracle_jre_usage [18/11/2017 17:10:18] - |D| - [0] - C:\Users\famille penaib\.Origin [18/11/2017 17:10:20] - |D| - [0] - C:\Users\famille penaib\.QtWebEngineProcess [13/12/2017 19:35:14] - |RD| - [298] - C:\Users\famille penaib\3D Objects [01/10/2017 14:25:55] - |D| - [2866] - C:\Users\famille penaib\algos [18/05/2018 19:29:07] - |HD| - [9970106574] - C:\Users\famille penaib\AppData [18/05/2018 19:29:07] - |SHD| - [0] - C:\Users\famille penaib\Application Data [09/01/2017 19:41:43] - |A| - [0] - C:\Users\famille penaib\changeling_xvid-cd1.mkv [13/08/2016 14:39:09] - |RD| - [412] - C:\Users\famille penaib\Contacts [18/05/2018 19:29:07] - |SHD| - [0] - C:\Users\famille penaib\Cookies [02/01/2017 12:35:04] - |RD| - [159] - C:\Users\famille penaib\Creative Cloud Files [13/08/2016 14:39:01] - |RD| - [3170809312] - C:\Users\famille penaib\Desktop [13/08/2016 14:39:01] - |RD| - [3626062957] - C:\Users\famille penaib\Documents [13/08/2016 14:39:01] - |RD| - [207979391] - C:\Users\famille penaib\Downloads [13/08/2016 14:39:01] - |RD| - [9607] - C:\Users\famille penaib\Favorites [13/08/2016 14:39:01] - |RD| - [2033] - C:\Users\famille penaib\Links [18/05/2018 19:29:07] - |SHD| - [0] - C:\Users\famille penaib\Local Settings [18/05/2018 19:29:07] - |SHD| - [0] - C:\Users\famille penaib\Menu Démarrer [18/05/2018 19:29:07] - |SHD| - [0] - C:\Users\famille penaib\Mes documents [13/12/2017 20:39:56] - |HD| - [2719192] - C:\Users\famille penaib\MicrosoftEdgeBackups [18/05/2018 19:29:07] - |SHD| - [0] - C:\Users\famille penaib\Modèles [13/08/2016 14:39:01] - |RD| - [1303] - C:\Users\famille penaib\Music [18/05/2018 19:29:07] - |AH| - [5767168] - C:\Users\famille penaib\NTUSER.DAT [18/05/2018 19:29:07] - |ASH| - [1425408] - C:\Users\famille penaib\ntuser.dat.LOG1 [18/05/2018 19:29:07] - |ASH| - [0] - C:\Users\famille penaib\ntuser.dat.LOG2 [18/05/2018 19:29:07] - |ASH| - [65536] - C:\Users\famille penaib\NTUSER.DAT{7b1d6a57-5ad1-11e8-a30e-8abe7b17167d}.TM.blf [18/05/2018 19:29:07] - |ASH| - [524288] - C:\Users\famille penaib\NTUSER.DAT{7b1d6a57-5ad1-11e8-a30e-8abe7b17167d}.TMContainer00000000000000000001.regtrans-ms [18/05/2018 19:29:07] - |ASH| - [524288] - C:\Users\famille penaib\NTUSER.DAT{7b1d6a57-5ad1-11e8-a30e-8abe7b17167d}.TMContainer00000000000000000002.regtrans-ms [18/05/2018 19:35:05] - |SH| - [20] - C:\Users\famille penaib\ntuser.ini [13/08/2016 14:40:45] - |RD| - [105] - C:\Users\famille penaib\OneDrive [13/08/2016 14:39:01] - |RD| - [5181017] - C:\Users\famille penaib\Pictures [18/05/2018 19:29:07] - |SHD| - [0] - C:\Users\famille penaib\Recent [13/08/2016 14:39:01] - |RD| - [1778] - C:\Users\famille penaib\Saved Games [13/08/2016 14:39:10] - |RD| - [1879] - C:\Users\famille penaib\Searches [18/05/2018 19:29:07] - |SHD| - [0] - C:\Users\famille penaib\SendTo [09/01/2017 19:28:49] - |D| - [0] - C:\Users\famille penaib\Temp [13/08/2016 14:39:01] - |RD| - [46011163] - C:\Users\famille penaib\Videos [18/05/2018 19:29:07] - |SHD| - [0] - C:\Users\famille penaib\Voisinage d'impression [18/05/2018 19:29:07] - |SHD| - [0] - C:\Users\famille penaib\Voisinage réseau [26/12/2016 20:12:49] - |A| - [36438150] - C:\Users\famille penaib\WIN_20161226_17_42_28_Pro.avi [18/05/2018 19:29:07] - |D| - [4145049651] - C:\Users\famille penaib\AppData\Local [13/08/2016 14:39:01] - |D| - [349778557] - C:\Users\famille penaib\AppData\LocalLow [18/05/2018 19:29:07] - |D| - [5475278366] - C:\Users\famille penaib\AppData\Roaming [11/01/2017 12:51:16] - |D| - [39936] - C:\Users\famille penaib\AppData\Local\4kdownload.com [02/01/2017 12:14:58] - |D| - [44314182] - C:\Users\famille penaib\AppData\Local\Adobe [18/05/2018 19:29:07] - |SHD| - [0] - C:\Users\famille penaib\AppData\Local\Application Data [27/08/2017 13:48:04] - |D| - [2348318] - C:\Users\famille penaib\AppData\Local\Apps [20/02/2019 13:18:23] - |D| - [0] - C:\Users\famille penaib\AppData\Local\AVG [24/12/2016 23:50:19] - |D| - [103274597] - C:\Users\famille penaib\AppData\Local\Battle.net [25/11/2017 11:14:22] - |D| - [0] - C:\Users\famille penaib\AppData\Local\BattlEye [26/02/2018 19:42:01] - |D| - [17027] - C:\Users\famille penaib\AppData\Local\Black_Tree_Gaming [24/12/2016 23:50:26] - |D| - [806717] - C:\Users\famille penaib\AppData\Local\Blizzard Entertainment [06/05/2017 13:56:16] - |D| - [278770] - C:\Users\famille penaib\AppData\Local\Bluestacks [13/08/2016 20:26:04] - |D| - [9602761] - C:\Users\famille penaib\AppData\Local\CEF [17/12/2016 22:53:12] - |D| - [1048616] - C:\Users\famille penaib\AppData\Local\Chromium [13/08/2016 14:58:40] - |D| - [32783692] - C:\Users\famille penaib\AppData\Local\Comms [28/09/2016 11:40:32] - |D| - [5628477] - C:\Users\famille penaib\AppData\Local\ConnectedDevicesPlatform [23/08/2016 12:44:03] - |D| - [68448544] - C:\Users\famille penaib\AppData\Local\CrashDumps [28/10/2018 21:53:14] - |D| - [9703] - C:\Users\famille penaib\AppData\Local\CrashReportClient [21/05/2017 10:35:50] - |D| - [0] - C:\Users\famille penaib\AppData\Local\CrashRpt [18/05/2018 20:07:30] - |D| - [342756] - C:\Users\famille penaib\AppData\Local\D3DSCache [13/12/2017 20:52:18] - |D| - [0] - C:\Users\famille penaib\AppData\Local\DBG [02/01/2017 11:37:54] - |A| - [5120] - C:\Users\famille penaib\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [31/10/2017 08:40:05] - |D| - [4616711] - C:\Users\famille penaib\AppData\Local\DeadByDaylight [13/12/2016 09:28:36] - |D| - [0] - C:\Users\famille penaib\AppData\Local\Diagnostics [15/12/2017 20:25:43] - |D| - [4045368] - C:\Users\famille penaib\AppData\Local\DunDefLauncher [29/10/2017 17:48:05] - |D| - [0] - C:\Users\famille penaib\AppData\Local\ElevatedDiagnostics [17/01/2017 13:19:00] - |D| - [1433516] - C:\Users\famille penaib\AppData\Local\fontconfig [21/05/2017 10:35:52] - |D| - [89129693] - C:\Users\famille penaib\AppData\Local\FreeReign [13/08/2016 20:49:19] - |D| - [175608903] - C:\Users\famille penaib\AppData\Local\Google [20/10/2017 21:06:54] - |D| - [19183626] - C:\Users\famille penaib\AppData\Local\HelloNeighbor [01/09/2016 13:37:35] - |D| - [12457] - C:\Users\famille penaib\AppData\Local\Hewlett-Packard [18/05/2018 19:29:07] - |SHD| - [0] - C:\Users\famille penaib\AppData\Local\Historique [20/10/2017 16:37:04] - |D| - [590704] - C:\Users\famille penaib\AppData\Local\hlm2comics [01/09/2016 13:53:01] - |D| - [65692] - C:\Users\famille penaib\AppData\Local\HP [04/11/2016 16:55:52] - |D| - [5745] - C:\Users\famille penaib\AppData\Local\HP_Development_Company,_L [18/05/2018 19:54:38] - |AH| - [32010] - C:\Users\famille penaib\AppData\Local\IconCache.db [24/12/2016 23:46:01] - |D| - [5535053] - C:\Users\famille penaib\AppData\Local\KADOKAWA [18/05/2018 19:29:07] - |D| - [498097584] - C:\Users\famille penaib\AppData\Local\Microsoft [13/08/2016 16:07:08] - |D| - [72323] - C:\Users\famille penaib\AppData\Local\MicrosoftEdge [01/11/2017 14:26:56] - |D| - [154041892] - C:\Users\famille penaib\AppData\Local\Mozilla [19/11/2017 18:19:56] - |D| - [0] - C:\Users\famille penaib\AppData\Local\NetworkTiles [13/08/2016 14:39:10] - |D| - [99254769] - C:\Users\famille penaib\AppData\Local\NVIDIA [13/08/2016 14:39:10] - |D| - [3029670] - C:\Users\famille penaib\AppData\Local\NVIDIA Corporation [30/01/2019 15:19:53] - |D| - [2097152] - C:\Users\famille penaib\AppData\Local\nwjs [26/02/2018 19:42:56] - |D| - [204] - C:\Users\famille penaib\AppData\Local\Oblivion [02/02/2019 13:20:00] - |D| - [127576965] - C:\Users\famille penaib\AppData\Local\Opera Software [18/11/2017 12:26:52] - |D| - [39374049] - C:\Users\famille penaib\AppData\Local\Origin [13/12/2017 19:29:27] - |D| - [601056574] - C:\Users\famille penaib\AppData\Local\Packages [13/08/2016 21:13:03] - |D| - [451608] - C:\Users\famille penaib\AppData\Local\PAYDAY 2 [19/05/2018 14:07:56] - |D| - [0] - C:\Users\famille penaib\AppData\Local\PlaceholderTileLogoFolder [03/01/2017 11:36:03] - |D| - [379954210] - C:\Users\famille penaib\AppData\Local\Programs [13/08/2016 14:39:15] - |D| - [853060] - C:\Users\famille penaib\AppData\Local\Publishers [27/01/2017 16:54:21] - |D| - [825710494] - C:\Users\famille penaib\AppData\Local\Roblox [19/08/2016 21:48:53] - |D| - [3089] - C:\Users\famille penaib\AppData\Local\Skyrim [27/06/2018 18:44:59] - |D| - [0] - C:\Users\famille penaib\AppData\Local\Skyrim Special Edition [18/05/2018 19:54:29] - |D| - [1880] - C:\Users\famille penaib\AppData\Local\speech [13/08/2016 20:26:04] - |D| - [265193497] - C:\Users\famille penaib\AppData\Local\Steam [18/05/2018 19:29:07] - |D| - [542309935] - C:\Users\famille penaib\AppData\Local\Temp [18/05/2018 19:29:07] - |SHD| - [0] - C:\Users\famille penaib\AppData\Local\Temporary Internet Files [13/08/2016 14:39:09] - |D| - [16685487] - C:\Users\famille penaib\AppData\Local\TileDataLayer [14/04/2017 08:41:56] - |D| - [0] - C:\Users\famille penaib\AppData\Local\UNP [20/10/2017 21:06:54] - |D| - [135] - C:\Users\famille penaib\AppData\Local\UnrealEngine [30/01/2019 15:19:53] - |D| - [18826712] - C:\Users\famille penaib\AppData\Local\User Data [13/08/2016 14:39:10] - |D| - [568571] - C:\Users\famille penaib\AppData\Local\VirtualStore [20/02/2019 13:08:16] - |D| - [681097] - C:\Users\famille penaib\AppData\Local\{E693D0CF-C23B-BC77-AFA3-999F8BCB6507} [13/12/2017 18:52:58] - |D| - [3031878] - C:\Users\famille penaib\AppData\LocalLow\Adobe [18/05/2018 17:54:31] - |D| - [24346429] - C:\Users\famille penaib\AppData\LocalLow\DefaultCompany [12/06/2018 21:32:25] - |D| - [857] - C:\Users\famille penaib\AppData\LocalLow\Landfall [13/08/2016 16:07:24] - |SD| - [29030298] - C:\Users\famille penaib\AppData\LocalLow\Microsoft [20/09/2018 17:44:32] - |D| - [2298285] - C:\Users\famille penaib\AppData\LocalLow\Monomi Park [18/11/2017 11:22:20] - |D| - [1331200] - C:\Users\famille penaib\AppData\LocalLow\Mozilla [27/01/2017 16:54:22] - |A| - [252] - C:\Users\famille penaib\AppData\LocalLow\rbxcsettings.rbx [29/06/2018 15:21:25] - |D| - [3202447] - C:\Users\famille penaib\AppData\LocalLow\Robot Gentleman [22/08/2016 13:32:10] - |D| - [17905] - C:\Users\famille penaib\AppData\LocalLow\Sun [07/09/2017 17:27:49] - |D| - [7956] - C:\Users\famille penaib\AppData\LocalLow\Temp [18/05/2018 20:08:30] - |D| - [286466959] - C:\Users\famille penaib\AppData\LocalLow\Unity [12/04/2018 16:04:55] - |D| - [11323] - C:\Users\famille penaib\AppData\LocalLow\upjers GmbH [26/01/2017 21:14:02] - |D| - [32768] - C:\Users\famille penaib\AppData\LocalLow\uTorrent [20/11/2017 17:44:36] - |D| - [1106929845] - C:\Users\famille penaib\AppData\Roaming\.minecraft [20/11/2017 17:45:53] - |D| - [480040135] - C:\Users\famille penaib\AppData\Roaming\.Paladium [11/12/2017 15:35:26] - |D| - [2321386361] - C:\Users\famille penaib\AppData\Roaming\.technic [13/08/2016 14:39:09] - |D| - [1264234719] - C:\Users\famille penaib\AppData\Roaming\Adobe [24/12/2016 23:13:25] - |D| - [12396] - C:\Users\famille penaib\AppData\Roaming\Battle.net [17/01/2017 13:12:42] - |D| - [1640] - C:\Users\famille penaib\AppData\Roaming\Canneverbe Limited [09/01/2017 19:17:49] - |D| - [203] - C:\Users\famille penaib\AppData\Roaming\dvdcss [28/10/2018 22:14:00] - |D| - [2312004] - C:\Users\famille penaib\AppData\Roaming\EasyAntiCheat [01/09/2016 14:57:53] - |D| - [0] - C:\Users\famille penaib\AppData\Roaming\Hewlett-Packard [01/12/2017 23:14:59] - |D| - [78145] - C:\Users\famille penaib\AppData\Roaming\HPPSDr [01/09/2016 14:51:13] - |D| - [41679] - C:\Users\famille penaib\AppData\Roaming\hpqLog [22/08/2016 12:38:07] - |D| - [0] - C:\Users\famille penaib\AppData\Roaming\InstallShield [13/08/2016 16:18:08] - |D| - [13704] - C:\Users\famille penaib\AppData\Roaming\Macromedia [18/05/2018 19:29:07] - |SD| - [45742285] - C:\Users\famille penaib\AppData\Roaming\Microsoft [06/05/2017 13:58:10] - |D| - [26950327] - C:\Users\famille penaib\AppData\Roaming\Mozilla [02/01/2017 11:46:51] - |D| - [2366988] - C:\Users\famille penaib\AppData\Roaming\NCH Software [22/08/2016 15:11:42] - |D| - [114827407] - C:\Users\famille penaib\AppData\Roaming\NVIDIA [17/01/2017 19:45:16] - |D| - [12589911] - C:\Users\famille penaib\AppData\Roaming\OpenOffice [02/02/2019 13:17:26] - |D| - [33250562] - C:\Users\famille penaib\AppData\Roaming\Opera Software [18/11/2017 12:26:55] - |D| - [232376] - C:\Users\famille penaib\AppData\Roaming\Origin [20/02/2019 13:01:31] - |D| - [37976353] - C:\Users\famille penaib\AppData\Roaming\pctonics.com [28/08/2016 18:20:13] - |D| - [76] - C:\Users\famille penaib\AppData\Roaming\Skype [22/08/2016 13:32:10] - |D| - [0] - C:\Users\famille penaib\AppData\Roaming\Sun [30/06/2017 11:59:34] - |D| - [317] - C:\Users\famille penaib\AppData\Roaming\UserCache [09/11/2016 17:52:25] - |D| - [26197111] - C:\Users\famille penaib\AppData\Roaming\uTorrent [02/01/2017 11:29:25] - |D| - [92354] - C:\Users\famille penaib\AppData\Roaming\vlc [22/02/2019 17:25:22] - |A| - [34] - C:\Users\famille penaib\AppData\Roaming\WB.CFG [22/08/2016 12:43:14] - |D| - [191] - C:\Users\famille penaib\AppData\Roaming\Xfire [08/01/2018 20:50:05] - |D| - [870] - C:\Users\famille penaib\AppData\Roaming\xm1 [12/07/2017 14:01:32] - |D| - [373] - C:\Users\famille penaib\AppData\Roaming\Yahoo [13/08/2016 14:39:09] - |SH| - [174] - C:\Users\famille penaib\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini [18/05/2018 19:29:07] - |SHD| - [0] - C:\Users\famille penaib\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes [28/09/2016 11:35:48] - |RD| - [43549] - C:\Users\famille penaib\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [18/05/2018 19:29:07] - |RD| - [3888] - C:\Users\famille penaib\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility [18/05/2018 19:29:07] - |RD| - [2936] - C:\Users\famille penaib\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [13/08/2016 14:39:10] - |RD| - [174] - C:\Users\famille penaib\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [18/05/2018 19:29:07] - |SH| - [264] - C:\Users\famille penaib\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini [15/12/2016 17:23:18] - |D| - [4187] - C:\Users\famille penaib\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory [18/05/2018 19:29:07] - |D| - [170] - C:\Users\famille penaib\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [02/02/2019 13:19:58] - |A| - [1513] - C:\Users\famille penaib\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Navigateur Opera.lnk [18/05/2018 19:29:07] - |A| - [2439] - C:\Users\famille penaib\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk [27/01/2017 16:54:25] - |D| - [2741] - C:\Users\famille penaib\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox [13/08/2016 14:39:10] - |RD| - [1253] - C:\Users\famille penaib\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [18/05/2018 19:29:07] - |RD| - [3496] - C:\Users\famille penaib\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools [22/08/2016 12:37:12] - |D| - [12734] - C:\Users\famille penaib\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\THQ [18/05/2018 19:29:07] - |RD| - [7754] - C:\Users\famille penaib\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell [13/08/2016 14:39:10] - |SH| - [174] - C:\Users\famille penaib\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini [22/08/2016 12:43:14] - |A| - [1079] - C:\Users\famille penaib\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk ---------- | [Public] [05/02/2016 17:11:10] - |RHD| - [196] - C:\Users\Public\AccountPictures [30/10/2015 08:24:24] - |RHD| - [38221] - C:\Users\Public\Desktop [12/04/2018 00:38:24] - |ASH| - [174] - C:\Users\Public\desktop.ini [30/10/2015 08:24:24] - |RD| - [165352891] - C:\Users\Public\Documents [30/10/2015 08:24:24] - |RD| - [174] - C:\Users\Public\Downloads [12/04/2018 00:38:20] - |RHD| - [3357] - C:\Users\Public\Libraries [30/10/2015 08:24:24] - |RD| - [380] - C:\Users\Public\Music [17/03/2019 16:30:01] - |A| - [8192] - C:\Users\Public\ntuser.dat [17/03/2019 16:30:01] - |ASH| - [8192] - C:\Users\Public\ntuser.dat.LOG1 [17/03/2019 16:30:01] - |ASH| - [0] - C:\Users\Public\ntuser.dat.LOG2 [17/03/2019 16:30:01] - |ASH| - [65536] - C:\Users\Public\ntuser.dat{036ecc37-48c1-11e9-a75e-4ccc6a439e34}.TM.blf [17/03/2019 16:30:01] - |ASH| - [524288] - C:\Users\Public\ntuser.dat{036ecc37-48c1-11e9-a75e-4ccc6a439e34}.TMContainer00000000000000000001.regtrans-ms [17/03/2019 16:30:01] - |ASH| - [524288] - C:\Users\Public\ntuser.dat{036ecc37-48c1-11e9-a75e-4ccc6a439e34}.TMContainer00000000000000000002.regtrans-ms [30/10/2015 08:24:24] - |RD| - [380] - C:\Users\Public\Pictures [30/10/2015 08:24:24] - |RD| - [380] - C:\Users\Public\Videos ---------- | C:\ProgramData [02/01/2017 12:29:56] - |D| - [288188356] - C:\ProgramData\Adobe [01/09/2016 13:55:11] - |A| - [57] - C:\ProgramData\Ament.ini [18/05/2018 19:34:57] - |SHD| - [0] - C:\ProgramData\Application Data [03/01/2017 11:32:37] - |D| - [9655007] - C:\ProgramData\AVAST Software [20/02/2019 12:54:03] - |D| - [3805467] - C:\ProgramData\AVG [24/12/2016 23:00:54] - |D| - [16310597] - C:\ProgramData\Battle.net [24/12/2016 23:50:20] - |D| - [45488] - C:\ProgramData\Blizzard Entertainment [06/05/2017 13:55:38] - |D| - [1869563293] - C:\ProgramData\BlueStacks [02/01/2017 12:35:04] - |D| - [12] - C:\ProgramData\boost_interprocess [05/02/2016 17:09:09] - |SHD| - [0] - C:\ProgramData\Bureau [17/01/2017 13:12:50] - |D| - [0] - C:\ProgramData\Canneverbe Limited [18/05/2018 19:34:57] - |SHD| - [0] - C:\ProgramData\Documents [28/09/2016 11:34:47] - |A| - [0] - C:\ProgramData\DP45977C.lfl [02/01/2018 19:24:14] - |D| - [0] - C:\ProgramData\EA Core [02/01/2018 19:24:12] - |D| - [1428] - C:\ProgramData\EA Logs [18/11/2017 09:57:33] - |D| - [14208] - C:\ProgramData\Electronic Arts [01/09/2016 13:52:46] - |D| - [28311132] - C:\ProgramData\Hewlett-Packard [20/02/2019 12:54:12] - |D| - [1327] - C:\ProgramData\Hotspot Shield [01/09/2016 13:55:14] - |AD| - [1758338] - C:\ProgramData\HP [19/11/2017 15:54:08] - |D| - [1194449638] - C:\ProgramData\Kaspersky Lab [19/11/2017 15:11:43] - |D| - [0] - C:\ProgramData\Kaspersky Lab Setup Files [20/02/2019 12:50:15] - |D| - [193754] - C:\ProgramData\McAfee [05/02/2016 17:09:09] - |SHD| - [0] - C:\ProgramData\Menu Démarrer [12/04/2018 00:38:20] - |SD| - [836819897] - C:\ProgramData\Microsoft [18/05/2018 20:07:18] - |D| - [0] - C:\ProgramData\Microsoft OneDrive [05/02/2016 17:09:09] - |SHD| - [0] - C:\ProgramData\Modèles [02/01/2017 11:46:51] - |D| - [87084] - C:\ProgramData\NCH Software [17/03/2019 16:30:01] - |A| - [8192] - C:\ProgramData\ntuser.dat [17/03/2019 16:30:01] - |ASH| - [8192] - C:\ProgramData\ntuser.dat.LOG1 [17/03/2019 16:30:01] - |ASH| - [0] - C:\ProgramData\ntuser.dat.LOG2 [17/03/2019 16:30:01] - |ASH| - [65536] - C:\ProgramData\ntuser.dat{036ecc2c-48c1-11e9-a75e-4ccc6a439e34}.TM.blf [17/03/2019 16:30:01] - |ASH| - [524288] - C:\ProgramData\ntuser.dat{036ecc2c-48c1-11e9-a75e-4ccc6a439e34}.TMContainer00000000000000000001.regtrans-ms [17/03/2019 16:30:01] - |ASH| - [524288] - C:\ProgramData\ntuser.dat{036ecc2c-48c1-11e9-a75e-4ccc6a439e34}.TMContainer00000000000000000002.regtrans-ms [28/09/2016 11:35:02] - |D| - [2716858] - C:\ProgramData\NVIDIA [28/09/2016 11:34:54] - |D| - [458467003] - C:\ProgramData\NVIDIA Corporation [22/08/2016 13:01:11] - |D| - [114] - C:\ProgramData\Oracle [18/11/2017 09:57:33] - |D| - [372338104] - C:\ProgramData\Origin [02/08/2016 11:45:03] - |D| - [64525321] - C:\ProgramData\Package Cache [06/09/2018 00:23:25] - |D| - [0] - C:\ProgramData\Packages [20/02/2019 13:01:30] - |D| - [79433080] - C:\ProgramData\pctonics.com [12/04/2018 00:38:20] - |D| - [5298] - C:\ProgramData\regid.1991-06.com.microsoft [03/01/2017 11:36:15] - |D| - [62280] - C:\ProgramData\RogueKiller [12/04/2018 00:38:20] - |D| - [0] - C:\ProgramData\SoftwareDistribution [03/01/2017 11:47:39] - |D| - [107830] - C:\ProgramData\Spybot - Search & Destroy [27/08/2017 13:39:09] - |D| - [2225] - C:\ProgramData\Unchecky [20/02/2019 13:15:30] - |D| - [294] - C:\ProgramData\UniqueId [12/04/2018 00:38:20] - |D| - [36390] - C:\ProgramData\USOPrivate [18/05/2018 19:29:55] - |D| - [9007104] - C:\ProgramData\USOShared [12/04/2018 17:23:20] - |D| - [0] - C:\ProgramData\WindowsHolographicDevices [22/08/2016 12:51:03] - |D| - [115] - C:\ProgramData\Xfire [12/09/2017 18:21:22] - |HDC| - [6069079] - C:\ProgramData\{FAF4735E-A714-4194-8322-898863EDAAD1} ---------- | C:\ProgramData\Microsoft\Windows\Start Menu [06/05/2017 13:56:41] - |A| - [1648] - C:\ProgramData\Microsoft\Windows\Start Menu\BlueStacks.lnk [12/04/2018 00:38:24] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini [05/02/2016 17:09:09] - |SHD| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programmes [12/04/2018 00:38:20] - |D| - [171638] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs [11/01/2017 12:51:12] - |D| - [1362] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4K Download [15/12/2016 17:27:45] - |D| - [1571] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [12/04/2018 00:38:20] - |RD| - [1614] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility [12/04/2018 00:38:20] - |RD| - [14299] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories [13/12/2017 18:51:45] - |A| - [2457] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk [20/02/2019 13:13:23] - |D| - [1779] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Actiona [12/04/2018 00:38:20] - |RD| - [21770] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [07/06/2017 17:18:51] - |A| - [1233] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk [02/01/2017 14:10:00] - |A| - [1170] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CC 2017.lnk [02/01/2017 13:30:20] - |A| - [1158] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Pro CC 2017.lnk [08/01/2018 20:28:50] - |D| - [1135] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Algobox [20/02/2019 12:39:45] - |D| - [6056] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey [20/02/2019 13:01:46] - |A| - [2987] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Booking.lnk [11/09/2016 13:00:41] - |D| - [970] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [17/01/2017 13:12:42] - |A| - [1185] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk [01/12/2017 16:06:09] - |D| - [10773] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.7 [12/04/2018 00:38:24] - |SH| - [530] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini [05/02/2016 17:17:05] - |A| - [2487] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk [01/11/2017 14:26:13] - |A| - [1012] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk [05/09/2017 17:38:54] - |A| - [2306] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk [20/02/2019 12:54:25] - |D| - [1166] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield [01/09/2016 13:55:17] - |D| - [2284] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP [01/09/2016 14:51:51] - |D| - [2329] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support [12/04/2018 00:35:21] - |RAS| - [2349] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk [22/08/2016 13:32:08] - |D| - [7135] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java [19/11/2017 15:54:23] - |D| - [6799] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Free [26/12/2017 20:28:46] - |D| - [6092] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Les Sims 4 [23/05/2017 17:34:23] - |D| - [3460] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LucasArts [12/04/2018 00:38:20] - |D| - [170] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance [31/12/2017 13:49:03] - |D| - [7818] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mass Effect 3 [12/07/2017 13:21:45] - |D| - [1055] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft [26/02/2018 19:41:58] - |D| - [3143] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager [02/08/2016 11:45:25] - |D| - [1475] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [05/02/2016 17:17:05] - |A| - [2487] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk [17/01/2017 19:44:53] - |SD| - [7392] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.3 [18/11/2017 09:57:34] - |D| - [2996] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin [05/02/2016 17:17:05] - |A| - [2482] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk [25/12/2016 12:35:17] - |D| - [379] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Overwatch [05/02/2016 17:17:05] - |A| - [2514] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk [12/09/2017 18:21:22] - |D| - [2088] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Regressi [03/01/2017 11:39:48] - |D| - [924] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller [12/04/2018 00:38:20] - |RD| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp [13/08/2016 16:22:59] - |D| - [1119] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [12/04/2018 00:38:20] - |RD| - [1458] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools [22/08/2016 12:38:50] - |D| - [3300] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ [12/06/2018 21:32:21] - |A| - [1384] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Totally Accurate Battle Simulator.lnk [27/08/2017 13:39:09] - |D| - [2246] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky [02/01/2017 11:29:21] - |D| - [5892] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [02/01/2017 11:46:51] - |A| - [1260] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoPad - Logiciel de montage vidéo.lnk [20/02/2019 13:01:31] - |D| - [2757] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Win Tonic [18/05/2018 19:29:46] - |A| - [1576] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk [02/01/2017 11:36:36] - |A| - [2523] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker 2.6.lnk [05/02/2016 17:17:05] - |A| - [2497] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk [22/08/2016 12:43:14] - |D| - [1061] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xfire ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [12/04/2018 00:38:24] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | C:\Program Files (x86) [11/01/2017 12:51:09] - |D| - [108946396] - C:\Program Files (x86)\4KDownload [02/01/2017 12:29:51] - |AD| - [633442260] - C:\Program Files (x86)\Adobe [08/01/2018 20:28:50] - |D| - [164947041] - C:\Program Files (x86)\Algobox [24/12/2016 23:14:05] - |AD| - [730741743] - C:\Program Files (x86)\Battle.net [06/05/2017 13:55:38] - |D| - [68914450] - C:\Program Files (x86)\BlueStacks [20/02/2019 13:01:41] - |D| - [113838983] - C:\Program Files (x86)\Booking [17/01/2017 13:12:41] - |AD| - [19784351] - C:\Program Files (x86)\CDBurnerXP [01/12/2017 16:06:07] - |AD| - [40433378] - C:\Program Files (x86)\Cheat Engine 6.7 [12/04/2018 00:38:20] - |D| - [632027611] - C:\Program Files (x86)\Common Files [12/04/2018 00:38:24] - |ASH| - [174] - C:\Program Files (x86)\desktop.ini [28/10/2018 22:13:59] - |D| - [1760000] - C:\Program Files (x86)\EasyAntiCheat [12/09/2017 18:21:22] - |D| - [48510497] - C:\Program Files (x86)\Evariste [15/12/2016 17:23:03] - |D| - [158905565] - C:\Program Files (x86)\FormatFactory [13/08/2016 20:49:22] - |D| - [466318562] - C:\Program Files (x86)\Google [13/04/2017 09:17:49] - |D| - [1128792] - C:\Program Files (x86)\GUM3AB9.tmp [01/09/2016 13:36:25] - |D| - [90681247] - C:\Program Files (x86)\Hewlett-Packard [01/09/2016 13:55:14] - |D| - [25623571] - C:\Program Files (x86)\HP [22/08/2016 12:38:50] - |HD| - [26472079] - C:\Program Files (x86)\InstallShield Installation Information [12/04/2018 00:38:20] - |D| - [2016699] - C:\Program Files (x86)\Internet Explorer [22/08/2016 13:31:58] - |D| - [167615750] - C:\Program Files (x86)\Java [19/11/2017 15:54:08] - |D| - [266823576] - C:\Program Files (x86)\Kaspersky Lab [23/05/2017 17:34:24] - |D| - [2850126522] - C:\Program Files (x86)\LucasArts [05/02/2016 17:16:14] - |AD| - [2103554797] - C:\Program Files (x86)\Microsoft Office [12/04/2018 00:38:20] - |D| - [8210119] - C:\Program Files (x86)\Microsoft.NET [12/07/2017 13:21:45] - |AD| - [151984035] - C:\Program Files (x86)\Minecraft [02/01/2017 11:36:36] - |D| - [9336778] - C:\Program Files (x86)\Movie Maker 2.6 [01/11/2017 14:26:10] - |D| - [293456] - C:\Program Files (x86)\Mozilla Maintenance Service [18/05/2018 20:23:43] - |D| - [25757] - C:\Program Files (x86)\MSBuild [02/01/2017 11:46:51] - |D| - [21232976] - C:\Program Files (x86)\NCH Software [28/09/2016 11:34:51] - |D| - [283778488] - C:\Program Files (x86)\NVIDIA Corporation [17/01/2017 19:44:45] - |AD| - [326647949] - C:\Program Files (x86)\OpenOffice 4 [18/11/2017 09:57:25] - |AD| - [396413544] - C:\Program Files (x86)\Origin [25/11/2017 10:32:24] - |D| - [42559191172] - C:\Program Files (x86)\Origin Games [18/05/2018 20:23:43] - |D| - [38454529] - C:\Program Files (x86)\Reference Assemblies [03/01/2017 11:47:37] - |AD| - [9713426] - C:\Program Files (x86)\Spybot - Search & Destroy 2 [13/08/2016 16:22:58] - |D| - [7733677001] - C:\Program Files (x86)\Steam [12/06/2018 21:32:18] - |D| - [94124900] - C:\Program Files (x86)\Totally Accurate Battle Simulator [27/08/2017 13:39:09] - |AD| - [5239468] - C:\Program Files (x86)\Unchecky [28/09/2016 11:34:59] - |HD| - [0] - C:\Program Files (x86)\Uninstall Information [08/02/2017 23:30:53] - |D| - [846194] - C:\Program Files (x86)\VulkanRT [12/04/2018 00:38:20] - |D| - [1831456] - C:\Program Files (x86)\Windows Defender [12/04/2018 00:38:20] - |D| - [625664] - C:\Program Files (x86)\Windows Mail [12/04/2018 17:19:21] - |D| - [3328967] - C:\Program Files (x86)\Windows Media Player [12/04/2018 00:38:20] - |D| - [40328] - C:\Program Files (x86)\Windows Multimedia Platform [12/04/2018 00:38:20] - |D| - [7607128] - C:\Program Files (x86)\windows nt [12/04/2018 00:38:20] - |D| - [5414152] - C:\Program Files (x86)\Windows Photo Viewer [12/04/2018 00:38:20] - |D| - [40328] - C:\Program Files (x86)\Windows Portable Devices [12/04/2018 00:38:20] - |SHD| - [0] - C:\Program Files (x86)\Windows Sidebar [12/04/2018 00:38:20] - |D| - [2373613] - C:\Program Files (x86)\WindowsPowerShell [22/08/2016 12:43:12] - |SD| - [12696819] - C:\Program Files (x86)\Xfire ---------- | C:\Program Files [15/12/2016 17:27:43] - |AD| - [4990738] - C:\Program Files\7-Zip [20/02/2019 13:13:18] - |D| - [121030068] - C:\Program Files\Actiona [02/01/2017 12:35:18] - |AD| - [3602818938] - C:\Program Files\Adobe [20/02/2019 12:38:55] - |D| - [9499978] - C:\Program Files\AutoHotkey [11/09/2016 13:00:33] - |AD| - [21474848] - C:\Program Files\CCleaner [12/04/2018 00:38:20] - |D| - [1855613024] - C:\Program Files\Common Files [12/04/2018 00:38:23] - |ASH| - [174] - C:\Program Files\desktop.ini [05/02/2016 17:09:09] - |SHD| - [0] - C:\Program Files\Fichiers communs [01/09/2016 13:55:14] - |D| - [139822941] - C:\Program Files\HP [12/04/2018 00:38:20] - |D| - [2649030] - C:\Program Files\internet explorer [20/02/2019 12:57:03] - |D| - [44955161] - C:\Program Files\McAfee [05/02/2016 17:16:13] - |D| - [9032032] - C:\Program Files\Microsoft Office 15 [01/11/2017 14:26:03] - |AD| - [152817397] - C:\Program Files\Mozilla Firefox [18/05/2018 20:23:43] - |D| - [25757] - C:\Program Files\MSBuild [26/02/2018 19:41:57] - |D| - [25276647] - C:\Program Files\Nexus Mod Manager [28/09/2016 11:34:51] - |D| - [1150760691] - C:\Program Files\NVIDIA Corporation [28/09/2016 11:34:30] - |D| - [42726992] - C:\Program Files\Realtek [18/05/2018 20:23:43] - |D| - [36854953] - C:\Program Files\Reference Assemblies [29/09/2017 08:25:03] - |AD| - [8514783] - C:\Program Files\rempl [03/01/2017 11:39:42] - |AD| - [81416134] - C:\Program Files\RogueKiller [20/02/2019 12:54:26] - |D| - [272409] - C:\Program Files\TAP-Windows [05/02/2016 17:10:01] - |HD| - [0] - C:\Program Files\Uninstall Information [14/04/2017 08:35:33] - |AD| - [6553600] - C:\Program Files\UNP [02/01/2017 11:29:18] - |D| - [134539102] - C:\Program Files\VideoLAN [20/02/2019 13:01:29] - |D| - [24761229] - C:\Program Files\Win Tonic [12/04/2018 00:38:20] - |D| - [19662839] - C:\Program Files\Windows Defender [12/04/2018 00:38:20] - |D| - [635392] - C:\Program Files\Windows Mail [12/04/2018 17:19:21] - |D| - [4900843] - C:\Program Files\Windows Media Player [12/04/2018 00:38:20] - |D| - [46576] - C:\Program Files\Windows Multimedia Platform [12/04/2018 00:38:20] - |D| - [7873880] - C:\Program Files\windows nt [12/04/2018 00:38:20] - |D| - [6214408] - C:\Program Files\Windows Photo Viewer [12/04/2018 00:38:20] - |D| - [46576] - C:\Program Files\Windows Portable Devices [12/04/2018 00:38:20] - |D| - [106165] - C:\Program Files\Windows Security [12/04/2018 00:38:20] - |SHD| - [0] - C:\Program Files\Windows Sidebar [12/04/2018 00:38:20] - |HD| - [2464331377] - C:\Program Files\WindowsApps [12/04/2018 00:38:20] - |D| - [2654103] - C:\Program Files\WindowsPowerShell ---------- | C:\Program Files (x86)\Common Files [02/01/2017 12:29:51] - |D| - [573859230] - C:\Program Files (x86)\Common Files\Adobe [14/03/2017 16:21:04] - |D| - [0] - C:\Program Files (x86)\Common Files\AV [24/11/2017 17:46:34] - |D| - [12153872] - C:\Program Files (x86)\Common Files\BattlEye [29/05/2018 23:02:34] - |D| - [24240] - C:\Program Files (x86)\Common Files\DESIGNER [26/12/2017 20:28:46] - |HD| - [7870824] - C:\Program Files (x86)\Common Files\EAInstaller [23/05/2017 17:30:38] - |D| - [1743078] - C:\Program Files (x86)\Common Files\InstallShield [12/07/2017 13:57:58] - |D| - [1941576] - C:\Program Files (x86)\Common Files\Java [12/04/2018 00:38:20] - |D| - [20586638] - C:\Program Files (x86)\Common Files\microsoft shared [12/04/2018 00:38:20] - |D| - [2702] - C:\Program Files (x86)\Common Files\Services [13/08/2016 16:23:00] - |D| - [4012096] - C:\Program Files (x86)\Common Files\Steam [12/04/2018 00:38:20] - |D| - [9833355] - C:\Program Files (x86)\Common Files\system ---------- | C:\Program Files\Common files [02/01/2017 13:30:19] - |D| - [1434260] - C:\Program Files\Common files\Adobe [19/11/2017 15:54:21] - |D| - [1951017] - C:\Program Files\Common files\AV [20/02/2019 13:13:44] - |D| - [1988600] - C:\Program Files\Common files\AVG [12/04/2018 00:38:20] - |D| - [1839698066] - C:\Program Files\Common files\microsoft shared [12/04/2018 00:38:20] - |D| - [2702] - C:\Program Files\Common files\Services [12/04/2018 00:38:20] - |D| - [10538379] - C:\Program Files\Common files\system ---------- | Tasks [MD5.7AA09F14C632460F9B3EE660C72E68A9] - [02/03/2019 17:44:48] - |A| - [400] - C:\WINDOWS\Tasks\HPCeeScheduleForfamille penaib.job [MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [18/05/2018 19:34:55] - |AH| - [6] - C:\WINDOWS\Tasks\SA.DAT [MD5.9E4EA1E3E6CEBF9C966CF1E96C7B4A48] - [18/05/2018 19:34:54] - |A| - [3482] - C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task : C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [MD5.AA25F6F945E25BD93F622E67060F6CDA] - [18/05/2018 19:34:54] - |A| - [2852] - C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-GCRG7F9-famille penaib : C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [MD5.0F155CD1DD883BB4B2D0532C8BAF4CFC] - [18/05/2018 19:34:54] - |A| - [2746] - C:\WINDOWS\System32\Tasks\AdobeGCInvoker-1.0-DESKTOP-GCRG7F9-famille penaib : C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [MD5.00000000000000000000000000000000] - [20/02/2019 18:02:07] - |D| - [0] - C:\WINDOWS\System32\Tasks\AVAST Software [MD5.00000000000000000000000000000000] - [20/02/2019 13:14:23] - |D| - [3922] - C:\WINDOWS\System32\Tasks\AVG [MD5.F82F7365D2EF1EE75D9A2BD68B88B679] - [18/05/2018 19:34:54] - |A| - [2280] - C:\WINDOWS\System32\Tasks\CCleanerSkipUAC : "C:\Program Files\CCleaner\CCleaner.exe" [MD5.038B7E008A5C55CA63F3965FE79D9F97] - [18/05/2018 19:34:54] - |A| - [3292] - C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [MD5.FCCAC16D1F8434530CB27FAB4875A94A] - [18/05/2018 19:34:54] - |A| - [3516] - C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [MD5.00000000000000000000000000000000] - [18/05/2018 19:34:54] - |D| - [31204] - C:\WINDOWS\System32\Tasks\Hewlett-Packard [MD5.2461EAFB519934AB88FECEA8F68BE5B2] - [13/09/2018 16:40:51] - |A| - [2856] - C:\WINDOWS\System32\Tasks\HPCeeScheduleForfamille penaib : C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [MD5.00000000000000000000000000000000] - [12/04/2018 00:38:21] - |D| - [566952] - C:\WINDOWS\System32\Tasks\Microsoft [MD5.00000000000000000000000000000000] - [18/05/2018 19:34:55] - |D| - [0] - C:\WINDOWS\System32\Tasks\NCH Software [MD5.16054C8EA9D2FF512551C50E98040B6C] - [18/05/2018 19:34:55] - |A| - [2860] - C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2558606646-2195665510-3164333630-1002 : %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe [MD5.5CC9BDCCACBF0D6E61FCA0C08D6F56BC] - [02/02/2019 13:20:00] - |A| - [3594] - C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1549109994 : C:\Users\famille penaib\AppData\Local\Programs\Opera\launcher.exe [MD5.00000000000000000000000000000000] - [18/05/2018 19:34:55] - |D| - [2932] - C:\WINDOWS\System32\Tasks\S-1-5-21-2558606646-2195665510-3164333630-1002 [MD5.00000000000000000000000000000000] - [18/05/2018 19:34:55] - |D| - [0] - C:\WINDOWS\System32\Tasks\Safer-Networking [MD5.F9A1B3741A8C8677559C2DD0970B40F7] - [18/05/2018 19:34:55] - |A| - [4198] - C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1778857C-5434-4BE8-8CE2-140E4B404218} : C:\windows\system32\msfeedssync.exe [MD5.D2D6BA43477AFBB211907193F2C5485E] - [20/02/2019 13:06:47] - |A| - [2574] - C:\WINDOWS\System32\Tasks\Win Tonic : C:\Program Files\Win Tonic\wtcmonitor.exe [MD5.3C4FD696D51164BF0632CDD2AF37BD65] - [20/02/2019 13:06:47] - |A| - [2264] - C:\WINDOWS\System32\Tasks\Win Tonic_Logon : C:\Program Files\Win Tonic\wtcmonitor.exe [MD5.0A2C847CA371FA4B5BBFFA874C88409F] - [18/05/2018 19:34:55] - |A| - [2282] - C:\WINDOWS\System32\Tasks\{9A7AEA18-34EC-432B-B90B-D8C5EFC13F29} : C:\windows\system32\pcalua.exe [MD5.00000000000000000000000000000000] - [12/04/2018 00:38:21] - |D| - [0] - C:\WINDOWS\Syswow64\Tasks\Microsoft ---------- | Firewall [HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules] "WiFiDirect-KM-Driver-In-TCP"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=System|Name=@wlansvc.dll,-37378|Desc=@wlansvc.dll,-37890|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "WiFiDirect-KM-Driver-Out-TCP"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=System|Name=@wlansvc.dll,-37379|Desc=@wlansvc.dll,-37891|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "WiFiDirect-KM-Driver-In-UDP"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=System|Name=@wlansvc.dll,-37380|Desc=@wlansvc.dll,-37892|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "WiFiDirect-KM-Driver-Out-UDP"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=System|Name=@wlansvc.dll,-37381|Desc=@wlansvc.dll,-37893|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "DeliveryOptimization-TCP-In"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-102|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE| "DeliveryOptimization-UDP-In"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-103|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE| "Netlogon-NamedPipe-In"=v2.28|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|Name=@netlogon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010| "Netlogon-TCP-RPC-In"=v2.28|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%SystemRoot%\System32\lsass.exe|Name=@netlogon.dll,-1008|Desc=@netlogon.dll,-1009|EmbedCtxt=@netlogon.dll,-1010| "WirelessDisplay-In-TCP"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10200|Desc=@wifidisplay.dll,-10201|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Out-TCP"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10202|Desc=@wifidisplay.dll,-10203|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Out-UDP"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10204|Desc=@wifidisplay.dll,-10205|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Infra-In-TCP"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7250|App=%systemroot%\system32\CastSrv.exe|Name=@wifidisplay.dll,-10206|Desc=@wifidisplay.dll,-10207|EmbedCtxt=@wifidisplay.dll,-100| "{D91E4974-BBC0-42B0-B0A1-0CB808BA0A5B}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Users\famille penaib\AppData\Local\Temp\7zS5C92\HPDiagnosticCoreUI.exe|Name=HPSAPS| "{BA2FCB29-E1B2-4757-9A9C-EF5166323E5D}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Users\famille penaib\AppData\Local\Temp\7zS5C92\HPDiagnosticCoreUI.exe|Name=HPSAPS| "{B4357968-5DF4-4B76-B107-138D53E9C9A7}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Users\famille penaib\AppData\Local\Temp\7zS5B42\HPDiagnosticCoreUI.exe|Name=HPSAPS| "{DCAE172A-1A77-4155-82C6-A70C77F13606}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Users\famille penaib\AppData\Local\Temp\7zS5B42\HPDiagnosticCoreUI.exe|Name=HPSAPS| "{66FD567D-D388-4B13-863C-3252FFF7D73D}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Users\famille penaib\AppData\Local\Temp\7zS1091\HPDiagnosticCoreUI.exe|Name=HPSAPS| "{61AF06C5-DC38-4619-99C6-2670EDEE9C1B}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Users\famille penaib\AppData\Local\Temp\7zS1091\HPDiagnosticCoreUI.exe|Name=HPSAPS| "UDP Query User{72D5636E-BA28-4AA1-A75E-2E2743E06DEB}C:\program files\hp\hp envy 4520 series\bin\hpnetworkcommunicatorcom.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files\hp\hp envy 4520 series\bin\hpnetworkcommunicatorcom.exe|Name=HPNetworkCommunicatorCom|Desc=HPNetworkCommunicatorCom|Defer=User| "TCP Query User{94FB4E41-A396-4FC3-87AA-B0C494D1107B}C:\program files\hp\hp envy 4520 series\bin\hpnetworkcommunicatorcom.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files\hp\hp envy 4520 series\bin\hpnetworkcommunicatorcom.exe|Name=HPNetworkCommunicatorCom|Desc=HPNetworkCommunicatorCom|Defer=User| "{0AC6B4D1-9309-4949-AC94-B656DB8BDA44}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe|Name=Les Sims™ 4 64 Bit| "{108A9112-5F28-4423-8660-EAD97CC6D5B1}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe|Name=Les Sims™ 4 64 Bit| "{1B7C15EF-8704-446C-BDCE-9E80EC781B52}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe|Name=Les Sims™ 4 32 Bit| "{2C864D42-6A20-4353-AE44-7BA713240370}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe|Name=Les Sims™ 4 32 Bit| "{26382BBA-506B-4DD4-B259-151A075FEBE0}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Origin Games\Mass Effect 3\Binaries\Win32\MassEffect3.exe|Name=Mass Effect™ 3| "{6E64DE76-4A81-4679-BF6E-349F3F376736}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Origin Games\Mass Effect 3\Binaries\Win32\MassEffect3.exe|Name=Mass Effect™ 3| "{8875E3A5-5BB1-4B6B-A1F0-4204B4A855C1}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Name=Xbox TCUI|Desc=Xbox TCUI|LUOwn=S-1-5-21-2558606646-2195665510-3164333630-1002|AppPkgId=S-1-15-2-2603511428-3224021693-1028932517-3941269705-3349582775-2312504883-4057327947|EmbedCtxt=Xbox TCUI|Platform=2:6:2|Platform2=GTEQ| "TCP Query User{5D1D46C2-A709-4046-AB74-4C48CF200F13}C:\program files\hp\hp envy 4520 series\bin\hpnetworkcommunicatorcom.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files\hp\hp envy 4520 series\bin\hpnetworkcommunicatorcom.exe|Name=HPNetworkCommunicatorCom|Desc=HPNetworkCommunicatorCom| "UDP Query User{7D76FAAA-95CA-438C-A653-E583FFA17485}C:\program files\hp\hp envy 4520 series\bin\hpnetworkcommunicatorcom.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files\hp\hp envy 4520 series\bin\hpnetworkcommunicatorcom.exe|Name=HPNetworkCommunicatorCom|Desc=HPNetworkCommunicatorCom| "TCP Query User{347DDC45-1BF8-49BB-9575-797B1B664142}C:\program files (x86)\thq\dawn of war\w40k.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files (x86)\thq\dawn of war\w40k.exe|Name=w40k|Desc=w40k| "UDP Query User{BBDF1A3F-3FA8-40C9-A30A-07FEE8F3A3BB}C:\program files (x86)\thq\dawn of war\w40k.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files (x86)\thq\dawn of war\w40k.exe|Name=w40k|Desc=w40k| "TCP Query User{52EC671B-8417-4F73-9ECF-B75F6E874312}C:\program files (x86)\thq\dawn of war\w40kwa.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files (x86)\thq\dawn of war\w40kwa.exe|Name=w40kwa|Desc=w40kwa| "UDP Query User{929F657B-74E5-424B-BDAC-99C574B642FE}C:\program files (x86)\thq\dawn of war\w40kwa.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files (x86)\thq\dawn of war\w40kwa.exe|Name=w40kwa|Desc=w40kwa| "{593EE7D7-3E90-4AB4-A729-6FF90429A9A3}"=v2.26|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\FormatFactory\FormatFactory.exe|Name=Format Factory| "{3647D50D-FD1E-4608-B6DA-657083A16171}"=v2.26|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe|Name=EBook Codec Downloader| "{665B1E81-B6A6-4DCD-A014-640C603DA9C4}"=v2.26|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\FormatFactory\FormatFactory.exe|Name=Format Factory| "{E06385F1-171A-4453-B911-FF53EAA1AA42}"=v2.26|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe|Name=EBook Codec Downloader| "{05A23513-AAC4-4CCA-8B69-E01CA8D736FF}"=v2.26|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\FormatFactory\FFModules\Package\PTInstOnline.exe|Name=Picosmos Tools Downloader| "TCP Query User{D5F086D1-8027-4C68-AF4F-CA7DFDC66341}E:\overwatch\overwatch.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=E:\overwatch\overwatch.exe|Name=Overwatch Application|Desc=Overwatch Application|Defer=User| "UDP Query User{05277FF3-DEDB-4D66-858C-B68C4193A571}E:\overwatch\overwatch.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=E:\overwatch\overwatch.exe|Name=Overwatch Application|Desc=Overwatch Application|Defer=User| "TCP Query User{72854FFE-785D-4223-B9A1-17781B0E3B02}C:\program files (x86)\lucasarts\star wars battlefront\gamedata\battlefront.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files (x86)\lucasarts\star wars battlefront\gamedata\battlefront.exe|Name=battlefront|Desc=battlefront| "UDP Query User{9C1BF310-12AB-4853-BD72-444D32F0351F}C:\program files (x86)\lucasarts\star wars battlefront\gamedata\battlefront.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files (x86)\lucasarts\star wars battlefront\gamedata\battlefront.exe|Name=battlefront|Desc=battlefront| "TCP Query User{5FA205C8-B108-418A-8A32-8535AB974A5C}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe|Name=Java(TM) Platform SE binary|Desc=Java(TM) Platform SE binary|Defer=User| "UDP Query User{AD3ADDFD-7C11-46C1-A20B-261969379DB5}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe|Name=Java(TM) Platform SE binary|Desc=Java(TM) Platform SE binary|Defer=User| "TCP Query User{5A97A00E-C103-404D-87D2-5D753910DC18}C:\program files (x86)\battle.net\battle.net.9093\battle.net.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files (x86)\battle.net\battle.net.9093\battle.net.exe|Name=Blizzard App|Desc=Blizzard App|Defer=User| "UDP Query User{D2CEF9F5-C05B-4D8A-8ADC-C23BC67645AD}C:\program files (x86)\battle.net\battle.net.9093\battle.net.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files (x86)\battle.net\battle.net.9093\battle.net.exe|Name=Blizzard App|Desc=Blizzard App|Defer=User| "TCP Query User{CA1FE0E3-B495-4F18-8F07-862FB48B9EFF}C:\program files (x86)\thq\dawn of war - soulstorm\soulstorm.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files (x86)\thq\dawn of war - soulstorm\soulstorm.exe|Name=soulstorm|Desc=soulstorm| "UDP Query User{D79E2F4F-7E63-43BC-B00E-1FE62A39137D}C:\program files (x86)\thq\dawn of war - soulstorm\soulstorm.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files (x86)\thq\dawn of war - soulstorm\soulstorm.exe|Name=soulstorm|Desc=soulstorm| "TCP Query User{2E5FE6A2-B9FF-434A-A111-56C543F38401}C:\program files (x86)\java\jre1.8.0_131\bin\javaw.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files (x86)\java\jre1.8.0_131\bin\javaw.exe|Name=Java(TM) Platform SE binary|Desc=Java(TM) Platform SE binary| "UDP Query User{BEC75275-87CA-4C89-8B2F-288AED2DDF67}C:\program files (x86)\java\jre1.8.0_131\bin\javaw.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files (x86)\java\jre1.8.0_131\bin\javaw.exe|Name=Java(TM) Platform SE binary|Desc=Java(TM) Platform SE binary| "{B4D25EF1-5728-4C67-A997-E5BA81630C76}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Name=Sway|Desc=Sway|LUOwn=S-1-5-21-2558606646-2195665510-3164333630-1002|AppPkgId=S-1-15-2-584073948-3292409011-2882754242-2237763630-1999038865-1049037702-4080706152|EmbedCtxt=Sway|Platform=2:6:2|Platform2=GTEQ| "TCP Query User{AE91DA68-A89C-496F-BCF0-47CDBC40F833}C:\program files (x86)\java\jre1.8.0_131\bin\java.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files (x86)\java\jre1.8.0_131\bin\java.exe|Name=Java(TM) Platform SE binary|Desc=Java(TM) Platform SE binary| "UDP Query User{91EBD043-C77A-4BB6-AD59-741EF7DE7A87}C:\program files (x86)\java\jre1.8.0_131\bin\java.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files (x86)\java\jre1.8.0_131\bin\java.exe|Name=Java(TM) Platform SE binary|Desc=Java(TM) Platform SE binary| "TCP Query User{109DFAFF-23BA-4198-9D86-4A6B1D20FC9D}E:\dawn of war - soulstorm\soulstorm.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=E:\dawn of war - soulstorm\soulstorm.exe|Name=soulstorm|Desc=soulstorm| "UDP Query User{923D5504-2E6A-40EE-A3EC-5E9C5FFE3A55}E:\dawn of war - soulstorm\soulstorm.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=E:\dawn of war - soulstorm\soulstorm.exe|Name=soulstorm|Desc=soulstorm| "TCP Query User{54BC8091-C9D5-4421-87A5-D5DC1EC997B0}C:\program files (x86)\cheat engine 6.7\cheatengine-x86_64.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files (x86)\cheat engine 6.7\cheatengine-x86_64.exe|Name=Cheat Engine|Desc=Cheat Engine| "UDP Query User{94DB5CE3-64A7-4B6C-8045-21DB76BCE695}C:\program files (x86)\cheat engine 6.7\cheatengine-x86_64.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files (x86)\cheat engine 6.7\cheatengine-x86_64.exe|Name=Cheat Engine|Desc=Cheat Engine| "{A95AB6DB-6AD6-459B-899D-9A57AF5BF9F6}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Users\famille penaib\AppData\Local\Temp\7zS6ABA\HPDiagnosticCoreUI.exe|Name=HPSAPS| "{9AE4B2D8-6940-4CFB-AF6D-FE7474F0A188}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Users\famille penaib\AppData\Local\Temp\7zS6ABA\HPDiagnosticCoreUI.exe|Name=HPSAPS| "{49D84421-C479-4631-B4D0-343EFFAE0B5F}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Users\famille penaib\AppData\Local\Temp\7zS6B40\HPDiagnosticCoreUI.exe|Name=HPSAPS| "{77962793-D1DD-4719-B4CF-42F6BF87B2FF}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Users\famille penaib\AppData\Local\Temp\7zS6B40\HPDiagnosticCoreUI.exe|Name=HPSAPS| "{D7B04C05-F28B-4708-AA14-EC1880FB9340}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Users\famille penaib\AppData\Local\Temp\7zS2393\HPDiagnosticCoreUI.exe|Name=HPSAPS| "{B3F0C2AA-DDF7-40F8-B9E5-C2868C1C2590}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Users\famille penaib\AppData\Local\Temp\7zS2393\HPDiagnosticCoreUI.exe|Name=HPSAPS| "{1FAAB115-C2C7-4547-B64B-53C78B1E5E8D}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-18|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2:6:2|Platform2=GTEQ| "{70BF18F3-78E0-434C-82BF-A0C4FB4CBFCD}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Win32WebViewHost|Desc=Win32WebViewHost|LUOwn=S-1-5-21-2558606646-2195665510-3164333630-1002|AppPkgId=S-1-15-2-1310292540-1029022339-4008023048-2190398717-53961996-4257829345-603366646|EmbedCtxt=Win32WebViewHost|Platform=2:6:2|Platform2=GTEQ| "{1677DF03-D4E0-45C2-BE35-0B0B0E8C215D}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Win32WebViewHost|Desc=Win32WebViewHost|LUOwn=S-1-5-21-2558606646-2195665510-3164333630-1002|AppPkgId=S-1-15-2-1310292540-1029022339-4008023048-2190398717-53961996-4257829345-603366646|EmbedCtxt=Win32WebViewHost|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{A76030BB-022F-408F-A4B1-9DB4E01F54C8}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Shell Input Application|Desc=Shell Input Application|LUOwn=S-1-5-21-2558606646-2195665510-3164333630-1002|AppPkgId=S-1-15-2-3945102849-3632965805-3846928828-240845225-3300287824-62672950-817265009|EmbedCtxt=Shell Input Application|Platform=2:6:2|Platform2=GTEQ| "{D2CC5DAB-E2ED-4372-86AF-798453334E7A}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Pay|Desc=Microsoft Pay|LUOwn=S-1-5-21-2558606646-2195665510-3164333630-1002|AppPkgId=S-1-15-2-567501097-281763132-502764112-1855211022-3143306454-2372101908-561929011|EmbedCtxt=Microsoft Pay|Platform=2:6:2|Platform2=GTEQ| "TCP Query User{528DBA7C-2F8A-4EA3-99E2-106E2F1E3CBD}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe|Name=Java(TM) Platform SE binary|Desc=Java(TM) Platform SE binary|Defer=User| "UDP Query User{D09BEA59-6AC7-45A0-A0A5-5D2D5E66CA4C}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe|Name=Java(TM) Platform SE binary|Desc=Java(TM) Platform SE binary|Defer=User| "{42C0495D-E569-4767-8D1F-C8A97C86BB89}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-2558606646-2195665510-3164333630-1002|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ| "{4ECB2DFA-7A9A-493E-AD4A-A9276580A73A}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-2558606646-2195665510-3164333630-1002|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ| "{D98175EB-0F0E-4964-BFC7-CCB19F121EED}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox|Desc=Xbox|LUOwn=S-1-5-21-2558606646-2195665510-3164333630-1002|AppPkgId=S-1-15-2-4153522205-3718366397-1353898457-1332184198-1210887116-3116787857-2103916698|EmbedCtxt=Xbox|Platform=2:6:2|Platform2=GTEQ| "{EC2BE83C-025B-48D1-AD63-53D80EF7B383}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox|Desc=Xbox|LUOwn=S-1-5-21-2558606646-2195665510-3164333630-1002|AppPkgId=S-1-15-2-4153522205-3718366397-1353898457-1332184198-1210887116-3116787857-2103916698|EmbedCtxt=Xbox|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{57CD3F02-F1ED-471B-86C6-BBC31F7EEC30}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Print 3D|Desc=Print 3D|LUOwn=S-1-5-21-2558606646-2195665510-3164333630-1002|AppPkgId=S-1-15-2-4177018473-2823706547-3652141868-2730301309-560159678-43221128-488844051|EmbedCtxt=Print 3D|Platform=2:6:2|Platform2=GTEQ| "{CFFA761B-2DB8-4929-99F4-E7DCCA825E68}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Print 3D|Desc=Print 3D|LUOwn=S-1-5-21-2558606646-2195665510-3164333630-1002|AppPkgId=S-1-15-2-4177018473-2823706547-3652141868-2730301309-560159678-43221128-488844051|EmbedCtxt=Print 3D|Platform=2:6:2|Platform2=GTEQ| "{2B3391D9-5E21-4BB7-9C5B-598C54B763FD}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Candy Crush Soda Saga|Desc=Candy Crush Soda Saga|LUOwn=S-1-5-21-2558606646-2195665510-3164333630-1002|AppPkgId=S-1-15-2-3055884410-2067824683-223899546-422323478-2359388318-2114876276-1379654078|EmbedCtxt=Candy Crush Soda Saga|Platform=2:6:2|Platform2=GTEQ| "{062FA118-7A2C-4404-9FC9-879F98ED9EAA}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=3D Builder|Desc=3D Builder|LUOwn=S-1-5-21-2558606646-2195665510-3164333630-1002|AppPkgId=S-1-15-2-3995430443-3719053022-3339397951-2895237338-2437516106-1575886070-2755610054|EmbedCtxt=3D Builder|Platform=2:6:2|Platform2=GTEQ| "{5D94C09B-94F1-4CF2-A479-3D1EEFA89795}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Twitter|Desc=Twitter|LUOwn=S-1-5-21-2558606646-2195665510-3164333630-1002|AppPkgId=S-1-15-2-1063257880-1914585122-1954150059-946145533-116938067-416079064-1690466945|EmbedCtxt=Twitter|Platform=2:6:2|Platform2=GTEQ| "{145999E7-B312-4CCE-8B59-501003D79C5E}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox gaming overlay|Desc=Xbox gaming overlay|LUOwn=S-1-5-21-2558606646-2195665510-3164333630-1002|AppPkgId=S-1-15-2-1714399563-1326177402-2048222277-143663168-2151391019-765408921-4098702777|EmbedCtxt=Xbox gaming overlay|Platform=2:6:2|Platform2=GTEQ| "{A790D42B-703F-44C0-BFA9-18AD897AAE93}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox Game bar|Desc=Xbox Game bar|LUOwn=S-1-5-21-2558606646-2195665510-3164333630-1002|AppPkgId=S-1-15-2-1823635404-1364722122-2170562666-1762391777-2399050872-3465541734-3732476201|EmbedCtxt=Xbox Game bar|Platform=2:6:2|Platform2=GTEQ| "{890F8474-EF13-4F23-A4DB-11FECC971313}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Sticky Notes|Desc=Microsoft Sticky Notes|LUOwn=S-1-5-21-2558606646-2195665510-3164333630-1002|AppPkgId=S-1-15-2-3539788797-2700867667-1432428195-1581642-2885308443-3834444517-2495346167|EmbedCtxt=Microsoft Sticky Notes|Platform=2:6:2|Platform2=GTEQ| "{6897490D-B56F-4D0E-BA78-44BD0D7DD189}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Microsoft Sticky Notes|Desc=Microsoft Sticky Notes|LUOwn=S-1-5-21-2558606646-2195665510-3164333630-1002|AppPkgId=S-1-15-2-3539788797-2700867667-1432428195-1581642-2885308443-3834444517-2495346167|EmbedCtxt=Microsoft Sticky Notes|Platform=2:6:2|Platform2=GTEQ| "{E730B282-ACFF-4793-829E-8C1BF0AD6D4F}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-2558606646-2195665510-3164333630-1002|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ| "{123C5A60-2713-4BB5-8CBE-CFCAF976F9AA}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-2558606646-2195665510-3164333630-1002|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ| "{EF2C8A53-C28B-4879-B0B4-C5EA02EFEB67}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files (x86)\Google\Chrome\Application\chrome.exe|Name=Google Chrome (mDNS-In)|Desc=Règle de trafic entrant pour Google Chrome autorisant le trafic mDNS|EmbedCtxt=Google Chrome| ---------- | Control\Class [HKLM\SYSTEM\CurrentControlSet\Control\Class\{05f5cfe2-4733-4950-a6bb-07aad01a3a84}] : (XboxComposite) [] -> @dc1-controller.inf,%ClassName%;Xbox Peripherals [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1264760F-A5C8-4BFE-B314-D56A7B44A362}] : (DXGKrnl) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{13e42dfa-85d9-424d-8646-28a70f864f9c}] : (RemotePosDevice) [] -> @remoteposdrv.inf,%ClassName%;POS Remote Device [HKLM\SYSTEM\CurrentControlSet\Control\Class\{14b62f50-3f15-11dd-ae16-0800200c9a66}] : (DigitalMediaDevices) [] -> @digitalmediadevice.inf,%ClassName%;Digital Media Devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}] : (PrintQueue) [] -> @printqueue.inf,%ClassName%;Print queues [HKLM\SYSTEM\CurrentControlSet\Control\Class\{25dbce51-6c8f-4a72-8a6d-b54c2b4fc835}] : (WCEUSBS) [] -> @%SystemRoot%\System32\SysClass.Dll,-3026 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{268c95a1-edfe-11d3-95c3-0010dc4050a5}] : (SecurityAccelerator) [] -> @c_sslaccel.inf,%ClassName%;Security accelerators [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2a9fe532-0cdc-44f9-9827-76192f2ca2fb}] : (HidMsr) [] -> @c_magneticstripereader.inf,%ClassName%;POS HID Magnetic Stripe Reader [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2db15374-706e-4131-a0c7-d7c78eb0289a}] : (SystemRecovery) [] -> @c_fssystemrecovery.inf,%ClassDesc%;FS System recovery filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B648}] : (fvevol) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B649}] : (fvevol) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{36fc9e60-c465-11cf-8056-444553540000}] : (USB) [] -> @%SystemRoot%\System32\SysClass.Dll,-3025 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3e3f0674-c83c-4558-bb26-9820e1eba5c5}] : (ContentScreener) [] -> @c_fscontentscreener.inf,%ClassDesc%;FS Content screener filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{43675d81-502a-4a82-9f84-b75f418c5dea}] : (Media Center Extender) [] -> @c_mcx.inf,%ClassDesc%;Media Center Extenders [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4658ee7e-f050-11d1-b6bd-00c04fa372a7}] : (PnpPrinters) [] -> @%SystemRoot%\system32\ntprint.dll,-1300 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{48721b56-6795-11d2-b1a8-0080c72e74a2}] : (Dot4) [] -> @%SystemRoot%\system32\sysclass.dll,-3023 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{48d3ebc4-4cf8-48ff-b869-9c68ad42eb9f}] : (Replication) [] -> @c_fsreplication.inf,%ClassDesc%;FS Replication filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{49ce6ac8-6f86-11d2-b1e5-0080c72e74a2}] : (Dot4Print) [] -> @%SystemRoot%\system32\sysclass.dll,-3024 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e965-e325-11ce-bfc1-08002be10318}] : (CDROM) [] -> @%SystemRoot%\System32\StorProp.dll,-17001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e966-e325-11ce-bfc1-08002be10318}] : (Computer) [] -> @%SystemRoot%\System32\SysClass.dll,-3000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}] : (DiskDrive) [] -> @c_diskdrive.inf,%ClassDesc%;Disk drives [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}] : (Display) [] -> @c_display.inf,%ClassDesc%;Display adapters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e969-e325-11ce-bfc1-08002be10318}] : (FDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3013 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96a-e325-11ce-bfc1-08002be10318}] : (HDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96b-e325-11ce-bfc1-08002be10318}] : (Keyboard) [] -> @%SystemRoot%\System32\SysClass.Dll,-3002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96c-e325-11ce-bfc1-08002be10318}] : (MEDIA) [] -> @%SystemRoot%\System32\mmci.dll,-3000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}] : (Modem) [] -> @%SystemRoot%\System32\mdminst.dll,-14100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96e-e325-11ce-bfc1-08002be10318}] : (Monitor) [] -> @c_monitor.inf,%ClassDesc%;Monitors [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96f-e325-11ce-bfc1-08002be10318}] : (Mouse) [] -> @%SystemRoot%\System32\SysClass.Dll,-3004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e970-e325-11ce-bfc1-08002be10318}] : (MTD) [] -> @%SystemRoot%\System32\SysClass.Dll,-3021 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e971-e325-11ce-bfc1-08002be10318}] : (MultiFunction) [] -> @%SystemRoot%\System32\SysClass.Dll,-3014 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}] : (Net) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1502 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e973-e325-11ce-bfc1-08002be10318}] : (NetClient) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1504 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e974-e325-11ce-bfc1-08002be10318}] : (NetService) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1505 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e975-e325-11ce-bfc1-08002be10318}] : (NetTrans) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1503 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e977-e325-11ce-bfc1-08002be10318}] : (PCMCIA) [] -> @%SystemRoot%\System32\SysClass.Dll,-3010 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e978-e325-11ce-bfc1-08002be10318}] : (Ports) [] -> @%SystemRoot%\System32\msports.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e979-e325-11ce-bfc1-08002be10318}] : (Printer) [] -> @%SystemRoot%\system32\ntprint.dll,-1004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97b-e325-11ce-bfc1-08002be10318}] : (SCSIAdapter) [] -> @%SystemRoot%\System32\SysClass.Dll,-3005 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97d-e325-11ce-bfc1-08002be10318}] : (System) [] -> @%SystemRoot%\System32\SysClass.Dll,-3008 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97e-e325-11ce-bfc1-08002be10318}] : (Unknown) [] -> @%SystemRoot%\System32\SysClass.Dll,-3009 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e980-e325-11ce-bfc1-08002be10318}] : (FloppyDisk) [] -> @%SystemRoot%\System32\SysClass.Dll,-3015 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4fc9541c-0fe6-4480-a4f6-9495a0d17cd2}] : (HidLineDisplay) [] -> @c_linedisplay.inf,%ClassName%;POS Line Display [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50127dc3-0f36-415e-a6cc-4cb3be910b65}] : (Processor) [] -> @c_processor.inf,%ClassDesc%;Processors [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50906cb8-ba12-11d1-bf5d-0000f805f530}] : (MultiPortSerial) [] -> @%SystemRoot%\system32\sysclass.dll,-3022 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5099944a-f6b9-4057-a056-8c550228544c}] : (Memory) [] -> @%SystemRoot%\System32\SysClass.Dll,-3018 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50dd5230-ba8a-11d1-bf5d-0000f805f530}] : (SmartCardReader) [] -> @%SystemRoot%\System32\StorProp.dll,-17002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5175d334-c371-4806-b3ba-71fd53c9258d}] : (Sensor) [] -> @%SystemRoot%\system32\SensorsCpl.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{533c5b84-ec70-11d2-9505-00c04f79deaf}] : (VolumeSnapshot) [] -> @%SystemRoot%\System32\SysClass.Dll,-3011 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53487c23-680f-4585-acc3-1f10d6777e82}] : (SmrDisk) [] -> @c_smrdisk.inf,%ClassDesc%;Shingled magnetic recording disks [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53966cb1-4d46-4166-bf23-c522403cd495}] : (ScmDisk) [] -> @c_scmdisk.inf,%ClassDesc%;Persistent memory disks [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53b3cf03-8f5a-4788-91b6-d19ed9fcccbf}] : (SmrVolume) [] -> @c_smrvolume.inf,%ClassDesc%;Shingled magnetic recording volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53ccb149-e543-4c84-b6e0-bce4f6b7e806}] : (ScmVolume) [] -> @c_scmvolume.inf,%ClassDesc%;Storage Class Memory volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53d29ef7-377c-4d14-864b-eb3a85769359}] : (Biometric) [] -> @%SystemRoot%\System32\SysClass.DLL,-3028 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5630831c-06c9-4856-b327-f5d32586e060}] : (Proximity) [] -> @c_proximity.inf,%ClassDesc%;Proximity devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5989fce8-9cd0-467d-8a6a-5419e31529d4}] : (AudioProcessingObject) [] -> @c_apo.inf,%ClassDesc%;Audio Processing Objects (APOs) [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5aea001d-9372-4ed7-97f3-b79bf15a53c5}] : (OposLegacyDevice) [] -> @oposdrv.inf,%ClassName%;OPOS Legacy Device [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5c4c3332-344d-483c-8739-259e934c9cc8}] : (SoftwareComponent) [] -> @c_swcomponent.inf,%ClassDesc%;Software components [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5d1b9aaa-01e2-46af-849f-272b3f324c46}] : (FSFilterSystem) [] -> @c_fssystem.inf,%ClassDesc%;FS System filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{62f9c741-b25a-46ce-b54c-9bccce08b6f2}] : (SoftwareDevice) [] -> @c_swdevice.inf,%ClassDesc%;Software devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{645ad99b-1344-4316-837a-08a3e73db222}] : (PerceptionSimulation) [] -> @PerceptionSimulationSixDof.inf,%ClassName%;Perception Simulation Controllers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6a0a8e78-bba6-4fc4-a709-1e33cd09d67e}] : (PhysicalQuotaManagement) [] -> @c_fsphysicalquotamgmt.inf,%ClassDesc%;FS Physical quota management filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc1-810f-11d0-bec7-08002be2092f}] : (1394) [] -> @%SystemRoot%\System32\SysClass.Dll,-3016 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc5-810f-11d0-bec7-08002be2092f}] : (Infrared) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1501 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc6-810f-11d0-bec7-08002be2092f}] : (Image) [] -> @%SystemRoot%\system32\sti_ci.dll,-52 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6d807884-7d21-11cf-801c-08002be10318}] : (TapeDrive) [] -> @%SystemRoot%\System32\SysClass.Dll,-3006 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6FAE73B7-B735-4B50-A0DA-0DC2484B1F1A}] : (BasicDisplay) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{71a27cdd-812a-11d0-bec7-08002be2092f}] : (Volume) [] -> @c_volume.inf,%ClassDesc%;Storage volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{71aa14f8-6fad-4622-ad77-92bb9d7e6947}] : (ContinuousBackup) [] -> @c_fscontinuousbackup.inf,%ClassDesc%;FS Continuous backup filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{72631e54-78a4-11d0-bcf7-00aa00b7b32a}] : (Battery) [] -> @%SystemRoot%\system32\powrprof.dll,-611 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{745a17a0-74d3-11d0-b6fe-00a0c90f57da}] : (HIDClass) [] -> @%SystemRoot%\System32\hid.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{772e18f2-8925-4229-a5ac-6453cb482fda}] : (HidCashDrawer) [] -> @c_cashdrawer.inf,%ClassName%;POS Cash Drawer [HKLM\SYSTEM\CurrentControlSet\Control\Class\{7ebefbc0-3200-11d2-b4c2-00a0c9697d07}] : (61883) [] -> @%SystemRoot%\System32\SysClass.Dll,-3019 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{81C87465-DE07-4EFC-9D93-61E891D52FD2}] : (RdpVideoMiniport) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8503c911-a6c7-4919-8f79-5028f5866b0c}] : (QuotaManagement) [] -> @c_fsquotamgmt.inf,%ClassDesc%;FS Quota management filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{87ef9ad1-8f70-49ee-b215-ab1fcadcbe3c}] : (NetDriver) [] -> @c_netdriver.inf,%ClassDesc%;Universal Network Drivers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{88a1c342-4539-11d3-b88d-00c04fad5171}] : (TS_Generic) [] -> @ts_generic.inf,%TSClassName%;Generic Remote Desktop devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{88bae032-5a81-49f0-bc3d-a4ff138216d6}] : (USBDevice) [] -> @%SystemRoot%\System32\SysClass.Dll,-3029 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{89786ff1-9c12-402f-9c9e-17753c7f4375}] : (CopyProtection) [] -> @c_fscopyprotection.inf,%ClassDesc%;FS Copy protection filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8ecc055d-047f-11d1-a537-0000f8753ed1}] : (LegacyDriver) [] -> @%SystemRoot%\System32\SysClass.Dll,-3003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{990a2bd7-e738-46c7-b26f-1cf8fb9f1391}] : (SmartCard) [] -> @%SystemRoot%\System32\SysClass.DLL,-3031 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{9da2b80f-f89f-4a49-a5c2-511b085b9e8a}] : (EhStorSilo) [] -> @rawsilo.inf,%ClassName%;IEEE 1667 silo and control devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a588a4-c46f-4b37-b7ea-c82fe89870c6}] : (SDHost) [] -> @%SystemRoot%\System32\SysClass.Dll,-3012 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a701c0-a511-42ff-aa6c-06dc0395576f}] : (Encryption) [] -> @c_fsencryption.inf,%ClassDesc%;FS Encryption filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{A3E32DBA-BA89-4F17-8386-2D0127FBD4CC}] : (rdpbus) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{A73C93F1-9727-4D1D-ACE1-0E333BA4E7DB}] : (nvlddmkm) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b1d1a169-c54f-4379-81db-bee7d88d7454}] : (AntiVirus) [] -> @c_fsantivirus.inf,%ClassDesc%;FS Anti-virus filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b2728d24-ac56-42db-9e02-8edaf5db652f}] : (RDCamera) [] -> @rdcameradriver.inf,%ClassName%;Remote Desktop Camera devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b86dff51-a31e-4bac-b3cf-e8cfe75c9fc2}] : (ActivityMonitor) [] -> @c_fsactivitymonitor.inf,%ClassDesc%;FS Activity monitor filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{bbbe8734-08fa-4966-b6a6-4e5ad010cdd7}] : (USBFunctionController) [] -> @%SystemRoot%\System32\SysClass.Dll,-3030 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c06ff265-ae09-48f0-812c-16753d7cba83}] : (AVC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3027 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c166523c-fe0c-4a94-a586-f1a80cfbbf3e}] : (AudioEndpoint) [] -> @audioendpoint.inf,%ClassName%;Audio inputs and outputs [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c243ffbd-3afc-45e9-b3d3-2ba18bc7ebc5}] : (BarcodeScanner) [] -> @c_barcodescanner.inf,%ClassName%;POS Barcode Scanner [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c30ecea0-11ef-4ef9-b02e-6af81e6e65c0}] : (WSDPrintDevice) [] -> @wsdprint.inf,%ClassName%;WSD Print Provider [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c7bc9b22-21f0-4f0d-9bb6-66c229b8cd33}] : (POSPrinter) [] -> @c_receiptprinter.inf,%ClassName%;POS Receipt Printer [HKLM\SYSTEM\CurrentControlSet\Control\Class\{ca3e7ab9-b4c3-4ae6-8251-579ef933890f}] : (Camera) [] -> @c_camera.inf,%ClassDesc%;Cameras [HKLM\SYSTEM\CurrentControlSet\Control\Class\{cdcf0939-b75b-4630-bf76-80f7ba655884}] : (CFSMetadataServer) [] -> @c_fscfsmetadataserver.inf,%ClassDesc%;FS CFS metadata server filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{ce5939ae-ebde-11d0-b181-0000f8753ec4}] : (MediumChanger) [] -> @%SystemRoot%\System32\StorProp.dll,-17003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d02bc3da-0c8e-4945-9bd5-f1883c226c8c}] : (SecurityEnhancer) [] -> @c_fssecurityenhancer.inf,%ClassDesc%;FS Security enhancer filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d421b08e-6d16-41ca-9c4d-9147e5ac98e0}] : (Miracast) [] -> @miradisp.inf,%ClassName%;Miracast display devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d48179be-ec20-11d1-b6b8-00c04fa372a7}] : (SBP2) [] -> @%SystemRoot%\System32\SysClass.Dll,-3017 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d546500a-2aeb-45f6-9482-f4b1799c3177}] : (HSM) [] -> @c_fshsm.inf,%ClassDesc%;FS HSM filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d612553d-06b1-49ca-8938-e39ef80eb16f}] : (Holographic) [] -> @c_holographic.inf,%ClassName%;Mixed Reality devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d61ca365-5af4-4486-998b-9db4734c6ca3}] : (XnaComposite) [] -> @xusb22.inf,%XUSB22.ClassName%;Xbox 360 Peripherals [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d94ee5d8-d189-4994-83d2-f68d7d41b0e6}] : (SecurityDevices) [] -> @%SystemRoot%\System32\SysClass.Dll,-3020 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{db4f6ddd-9c0e-45e4-9597-78dbbad0f412}] : (SmartCardFilter) [] -> @%SystemRoot%\System32\SysClass.DLL,-3032 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e0cbf06c-cd8b-4647-bb8a-263b43f0f974}] : (Bluetooth) [] -> @%SystemRoot%\system32\bthci.dll,-4001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e2f84ce7-8efa-411c-aa69-97454ca4cb57}] : (Extension) [] -> @c_extension.inf,%ClassDesc%;Extensions [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e55fa6f9-128c-4d04-abab-630c74b1453a}] : (Infrastructure) [] -> @c_fsinfrastructure.inf,%ClassDesc%;FS Infrastructure filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e6f1aa1c-7f3b-4473-b2e8-c97d8ac71d53}] : (UCM) [] -> @c_ucm.inf,%ClassDesc%;USB Connector Managers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{eec5ad98-8080-425f-922a-dabf3de3f69a}] : (WPD) [] -> @%SystemRoot%\System32\wpd_ci.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f2e7dd72-6468-4e36-b6f1-6488f42c1b52}] : (Firmware) [] -> @c_firmware.inf,%ClassDesc%;Firmware [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f3586baf-b5aa-49b5-8d6c-0569284c639f}] : (Compression) [] -> @c_fscompression.inf,%ClassDesc%;FS Compression filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f75a86c0-10d8-4c3a-b233-ed60e4cdfaac}] : (Virtualization) [] -> @c_fsvirtualization.inf,%ClassDesc%;FS Virtualization filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f8ecafa6-66d1-41a5-899b-66585d7216b7}] : (OpenFileBackup) [] -> @c_fsopenfilebackup.inf,%ClassDesc%;FS Open file backup filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{fe8f1572-c67a-48c0-bbac-0b5c6d66cafb}] : (Undelete) [] -> @c_fsundelete.inf,%ClassDesc%;FS Undelete filters [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5] -> elstrans.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) ---------- | Loaded modules (whitelist) [20/02/2019 13:29:57] - (2.0.3.0) - (AO Kaspersky Lab - Kaspersky Lab Anti-Rootkit Monitor) - C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [26/12/2016 20:27:10] - (4.1.28.0) - (AO Kaspersky Lab - Cryptographic Module Driver x64 (56 bit)) - C:\WINDOWS\system32\DRIVERS\cm_km.sys [15/10/2017 05:15:14] - (14.0.0.9) - (AO Kaspersky Lab - Backup Disk Filter [fre_wnet_x64]) - C:\WINDOWS\system32\DRIVERS\klbackupdisk.sys [20/02/2019 13:29:59] - (11.0.4.0) - (AO Kaspersky Lab - Kaspersky Lab Boot Guard Driver) - C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [01/10/2016 02:26:00] - (6.8.0.67) - (AO Kaspersky Lab - Kaspersky Unified Driver) - C:\WINDOWS\system32\DRIVERS\kl1.sys [15/10/2017 05:15:14] - (20.0.68.61) - (AO Kaspersky Lab - klhk [fre_win7_x64]) - C:\WINDOWS\System32\drivers\klhk.sys [15/10/2017 05:15:14] - (14.0.0.27) - (AO Kaspersky Lab - Backup File Filter [fre_win8_x64]) - C:\WINDOWS\system32\DRIVERS\klbackupflt.sys [19/11/2017 15:54:05] - (13.0.60.0) - (AO Kaspersky Lab - Filter Core [fre_win8_x64]) - C:\WINDOWS\system32\DRIVERS\klflt.sys [15/10/2017 05:15:14] - (13.0.0.9) - (AO Kaspersky Lab - Format Recognizer [fre_wnet_x64]) - C:\WINDOWS\system32\DRIVERS\klpd.sys [19/11/2017 15:54:05] - (13.0.375.0) - (AO Kaspersky Lab - Core System Interceptors [fre_win8_x64]) - C:\WINDOWS\system32\DRIVERS\klif.sys [12/10/2016 12:29:22] - (14.0.0.18) - (AO Kaspersky Lab - Packet Network Filter [fre_win8_x64]) - C:\WINDOWS\system32\DRIVERS\klim6.sys [15/10/2017 05:15:16] - (13.0.0.47) - (AO Kaspersky Lab - WFP Network Connection Filter Driver [fre_win8_x64]) - C:\WINDOWS\system32\DRIVERS\klwtp.sys [15/10/2017 05:15:16] - (13.0.0.40) - (AO Kaspersky Lab - Network Processor [fre_wnet_x64]) - C:\WINDOWS\system32\DRIVERS\kneps.sys [21/04/2016 10:10:04] - (9.0.0.21) - (The OpenVPN Project - TAP-Windows Virtual Network Driver (NDIS 6.0)) - C:\WINDOWS\System32\drivers\tap0901.sys [09/11/2017 04:40:28] - (23.21.13.8813) - (NVIDIA Corporation - NVIDIA Windows Kernel Mode Driver, Version 388.13) - C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_2e7fa54192fe16d0\nvlddmkm.sys [02/08/2016 11:44:00] - (1.2.40.0) - (NVIDIA Corporation - NVIDIA Virtual Audio Driver) - C:\WINDOWS\system32\drivers\nvvad64v.sys [09/11/2017 04:38:54] - (1.3.35.1) - (NVIDIA Corporation - NVIDIA HDMI Audio Driver) - C:\WINDOWS\system32\drivers\nvhda64v.sys [23/12/2016 09:20:56] - (13.0.0.8) - (AO Kaspersky Lab - Keyboard Device Filter [fre_win8_x64]) - C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [14/11/2016 00:59:02] - (3.0.0.8) - (Bitex Group LTD - WFP driver) - C:\WINDOWS\system32\Drivers\prxwfp64.sys [31/05/2016 23:24:06] - (15.0.0.10) - (AO Kaspersky Lab - Virtual Disk [fre_wnet_x64]) - C:\WINDOWS\system32\DRIVERS\kldisk.sys [14/11/2016 00:58:58] - (0.0.0.0) - ( -) - C:\WINDOWS\SecSrv\s32mdrv.sys [14/11/2016 00:58:58] - (0.0.0.0) - ( -) - C:\WINDOWS\SecSrv\s64mdrvh.sys [20/02/2019 13:29:56] - (0.0.0.46) - (AO Kaspersky Lab - Kernel heuristics engine) - C:\WINDOWS\System32\Drivers\klupd_klif_kimul.sys [20/02/2019 13:29:56] - (6.0.3.0) - (AO Kaspersky Lab - Kaspersky Lab Anti-Rootkit Engine) - C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [07/12/2016 09:30:58] - (13.0.0.5) - (AO Kaspersky Lab - Mouse Device Filter [fre_win8_x64]) - C:\WINDOWS\system32\DRIVERS\klmouflt.sys ---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service S0 - [Kernel Driver] - 3ware () -> System32\drivers\3ware.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - ACPI (@acpi.inf,%ACPI.SvcDesc%;Microsoft ACPI Driver) -> System32\drivers\ACPI.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - acpiex (Microsoft ACPIEx Driver) -> System32\Drivers\acpiex.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - ADP80XX () -> System32\drivers\ADP80XX.SYS - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdsata () -> System32\drivers\amdsata.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdsbs () -> System32\drivers\amdsbs.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdxata () -> System32\drivers\amdxata.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - arcsas (@arcsas.inf,%arcsas_ServiceName%;Adaptec SAS/SATA-II RAID Storport's Miniport Driver) -> System32\drivers\arcsas.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - atapi (@mshdc.inf,%idechannel.DeviceDesc%;IDE Channel) -> System32\drivers\atapi.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - b06bdrv (@netbvbda.inf,%vbd_srv_desc%;QLogic Network Adapter VBD) -> System32\drivers\bxvbda.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - bttflt (@virtdisk.inf,%service_desc%;Microsoft Hyper-V VHDPMEM BTT Filter) -> System32\drivers\bttflt.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - cht4iscsi () -> System32\drivers\cht4sx64.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - CLFS (@%SystemRoot%\system32\drivers\clfs.sys,-100) -> System32\drivers\CLFS.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - cm_km (AO Kaspersky Lab Cryptographic Module x64 (56 bit)) -> system32\DRIVERS\cm_km.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - CNG () -> System32\Drivers\cng.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - Disk (@disk.inf,%disk_ServiceDesc%;Disk Driver) -> System32\drivers\disk.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - ebdrv (@netevbda.inf,%vbd_srv_desc%;QLogic 10 Gigabit Ethernet Adapter VBD) -> System32\drivers\evbda.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - EhStorClass (@%SystemRoot%\system32\drivers\EhStorClass.sys,-100) -> System32\drivers\EhStorClass.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - EhStorTcgDrv (@ehstortcgdrv.inf,%EhStorTcgDrv.Desc%;Microsoft driver for storage devices supporting IEEE 1667 and TCG protocols) -> System32\drivers\EhStorTcgDrv.sys - AcceptPause: False - AcceptStop: False R0 - [File System Driver] - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) -> System32\drivers\fileinfo.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) -> system32\drivers\fltmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) -> System32\DRIVERS\fvevol.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - HpSAMD () -> System32\drivers\HpSAMD.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) -> System32\drivers\hwpolicy.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - iaStorA () -> System32\drivers\iaStorA.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - iaStorAVC (@iastorav.inf,%iaStorAVC.DeviceDesc%;Intel Chipset SATA RAID Controller) -> System32\drivers\iaStorAVC.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - iaStorV (@iastorv.inf,%*PNP0600.DeviceDesc%;Intel RAID Controller Windows 7) -> System32\drivers\iaStorV.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - intelide () -> System32\drivers\intelide.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - intelpep (@intelpep.inf,%INTELPEP.SVCDESC%;Intel(R) Power Engine Plug-in Driver) -> System32\drivers\intelpep.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - iorate (@%SystemRoot%\system32\drivers\iorate.sys,-101) -> system32\drivers\iorate.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - isapnp () -> System32\drivers\isapnp.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - ItSas35i () -> System32\drivers\ItSas35i.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - kl1 (kl1) -> system32\DRIVERS\kl1.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - klbackupdisk (Kaspersky Lab klbackupdisk) -> system32\DRIVERS\klbackupdisk.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - klelam (klelam) -> system32\DRIVERS\klelam.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - klupd_klif_arkmon (klupd_klif_arkmon) -> System32\Drivers\klupd_klif_arkmon.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - klupd_klif_klbg (klupd_klif_klbg) -> System32\Drivers\klupd_klif_klbg.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - KSecDD () -> System32\Drivers\ksecdd.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - KSecPkg () -> System32\Drivers\ksecpkg.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - LSI_SAS () -> System32\drivers\lsi_sas.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SAS2i () -> System32\drivers\lsi_sas2i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SAS3i () -> System32\drivers\lsi_sas3i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SSS () -> System32\drivers\lsi_sss.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasas () -> System32\drivers\megasas.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasas2i () -> System32\drivers\MegaSas2i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasas35i () -> System32\drivers\megasas35i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasr () -> System32\drivers\megasr.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) -> System32\drivers\mountmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - msisadrv () -> System32\drivers\msisadrv.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - Mup (@%systemroot%\system32\drivers\mup.sys,-101) -> System32\Drivers\mup.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - mvumis () -> System32\drivers\mvumis.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) -> system32\drivers\ndis.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - nvraid () -> System32\drivers\nvraid.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - nvstor () -> System32\drivers\nvstor.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) -> System32\drivers\partmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - pci (@pci.inf,%pci_svcdesc%;Pilote de bus PCI) -> System32\drivers\pci.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - pciide () -> System32\drivers\pciide.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - pcmcia () -> System32\drivers\pcmcia.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - pcw (Performance Counters for Windows Driver) -> System32\drivers\pcw.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - pdc (@%SystemRoot%\system32\drivers\pdc.sys,-100) -> system32\drivers\pdc.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - percsas2i () -> System32\drivers\percsas2i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - percsas3i () -> System32\drivers\percsas3i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - Ramdisk (Windows RAM Disk Driver) -> system32\DRIVERS\ramdisk.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - rdyboost (ReadyBoost) -> System32\drivers\rdyboost.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - sbp2port (@sbp2.inf,%sbp2_ServiceDesc%;SBP-2 Transport/Protocol Bus Driver) -> System32\drivers\sbp2port.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - scmbus (@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver) -> System32\drivers\scmbus.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - SgrmAgent (@%SystemRoot%\System32\Drivers\SgrmAgent.sys,-1001) -> system32\drivers\SgrmAgent.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - SiSRaid2 () -> System32\drivers\SiSRaid2.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - SiSRaid4 () -> System32\drivers\sisraid4.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - spaceport (@spaceport.inf,%Spaceport_ServiceDesc%;Storage Spaces Driver) -> System32\drivers\spaceport.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - stexstor () -> System32\drivers\stexstor.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storahci (@mshdc.inf,%storahci_ServiceDescription%;Microsoft Standard SATA AHCI Driver) -> System32\drivers\storahci.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storflt (@wstorflt.inf,%service_desc%;Microsoft Hyper-V Storage Accelerator) -> System32\drivers\vmstorfl.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - stornvme (@stornvme.inf,%StorNVMe_ServiceDesc%;Microsoft Standard NVM Express Driver) -> System32\drivers\stornvme.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storufs (@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver) -> System32\drivers\storufs.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storvsc () -> System32\drivers\storvsc.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - Tcpip (@%SystemRoot%\system32\drivers\tcpip.sys,-10001) -> System32\drivers\tcpip.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - vdrvroot (@vdrvroot.inf,%vdrvroot_svcdesc%;Microsoft Virtual Drive Enumerator) -> System32\drivers\vdrvroot.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - vmbus (@wvmbus.inf,%vmbus.SVCDESC%;Virtual Machine Bus) -> System32\drivers\vmbus.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - volmgr (@volmgr.inf,%volmgr_svcdesc%;Volume Manager Driver) -> System32\drivers\volmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) -> System32\drivers\volmgrx.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volsnap (@%SystemRoot%\system32\drivers\volsnap.sys,-100) -> System32\drivers\volsnap.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volume (@volume.inf,%VolumeServiceDesc%;Volume driver) -> System32\drivers\volume.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - vsmraid () -> System32\drivers\vsmraid.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - VSTXRAID (@vstxraid.inf,%Driver.DeviceDesc%;VIA StorX Storage RAID Controller Windows Driver) -> System32\drivers\vstxraid.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) -> system32\drivers\Wdf01000.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WFPLWFS (@%SystemRoot%\System32\drivers\wfplwfs.sys,-6000) -> System32\drivers\wfplwfs.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WindowsTrustedRT (Windows Trusted Execution Environment Class Extension) -> system32\drivers\WindowsTrustedRT.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WindowsTrustedRTProxy (@WindowsTrustedRTProxy.inf,%WindowsTrustedRTProxy.SVCDESC%;Microsoft Windows Trusted Runtime Secure Service) -> System32\drivers\WindowsTrustedRTProxy.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - Wof (Windows Overlay File System Filter Driver) -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) -> \SystemRoot\system32\drivers\afd.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - afunix (afunix) -> \SystemRoot\system32\drivers\afunix.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - ahcache (@%systemroot%\system32\drivers\ahcache.sys,-102) -> system32\DRIVERS\ahcache.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - bam (@%SystemRoot%\system32\drivers\bam.sys,-100) -> system32\drivers\bam.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - BasicDisplay () -> \SystemRoot\System32\drivers\BasicDisplay.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - BasicRender () -> \SystemRoot\System32\drivers\BasicRender.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Beep (Beep) -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - cdrom (@cdrom.inf,%cdrom_ServiceDesc%;CD-ROM Driver) -> \SystemRoot\System32\drivers\cdrom.sys - AcceptPause: False - AcceptStop: True S1 - [Kernel Driver] - dam (@%SystemRoot%\system32\drivers\dam.sys,-100) -> system32\drivers\dam.sys - AcceptPause: False - AcceptStop: False R1 - [File System Driver] - Dfsc (@%systemroot%\system32\wkssvc.dll,-1008) -> System32\Drivers\dfsc.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - DXGKrnl (LDDM Graphics Subsystem) -> \SystemRoot\System32\drivers\dxgkrnl.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - FileCrypt (@%systemroot%\system32\drivers\filecrypt.sys,-100) -> system32\drivers\filecrypt.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - GpuEnergyDrv (@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100) -> System32\drivers\gpuenergydrv.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - klbackupflt (Kaspersky Lab klbackupflt) -> system32\DRIVERS\klbackupflt.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - klhk (@oem40.inf,%klhkDisplayName%;Kaspersky Lab service driver) -> \SystemRoot\System32\drivers\klhk.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - KLIF (Kaspersky Lab Driver) -> system32\DRIVERS\klif.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - KLIM6 (@oem10.inf,%KLIM6_Desc%;Kaspersky Anti-Virus NDIS 6 Filter) -> \SystemRoot\system32\DRIVERS\klim6.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - klpd (Kaspersky Lab format recognizer driver) -> system32\DRIVERS\klpd.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Klwtp (KLwtp - WFP callout traffic inspector) -> \SystemRoot\system32\DRIVERS\klwtp.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - kneps (kneps) -> \SystemRoot\system32\DRIVERS\kneps.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - Msfs () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - mssmbios (@mssmbios.inf,%mssmbios_svcdesc%;Microsoft System Management BIOS Driver) -> \SystemRoot\System32\drivers\mssmbios.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - NetBIOS (@%windir%\system32\drivers\netbios.sys,-503) -> system32\drivers\netbios.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - NetBT (@%SystemRoot%\system32\drivers\netbt.sys,-2) -> System32\DRIVERS\netbt.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - Npfs () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - npsvctrig (@npsvctrig.inf,%NPSVCTRIG.SvcDisplayName%;Named pipe service trigger provider) -> \SystemRoot\System32\drivers\npsvctrig.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) -> system32\drivers\nsiproxy.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Null () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Psched (@%windir%\System32\drivers\pacer.sys,-101) -> System32\drivers\pacer.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) -> system32\DRIVERS\rdbss.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) -> \SystemRoot\system32\DRIVERS\tdx.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - vwififlt (@%SystemRoot%\System32\drivers\vwififlt.sys,-259) -> System32\drivers\vwififlt.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - CldFlt (Windows Cloud Files Filter Driver) -> system32\drivers\cldflt.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - kldisk (kldisk) -> \SystemRoot\system32\DRIVERS\kldisk.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - lltdio (@%SystemRoot%\system32\lltdres.dll,-6) -> system32\drivers\lltdio.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) -> \SystemRoot\system32\drivers\luafv.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - MMCSS (@%systemroot%\system32\drivers\mmcss.sys,-100) -> \SystemRoot\system32\drivers\mmcss.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - MsLldp (@%SystemRoot%\system32\drivers\mslldp.sys,-200) -> system32\drivers\mslldp.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - Ndu (@%SystemRoot%\system32\drivers\Ndu.sys,-10001) -> system32\drivers\Ndu.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - PEAUTH (PEAUTH) -> system32\drivers\peauth.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - prxwfp (prxwfp) -> \??\C:\WINDOWS\system32\Drivers\prxwfp64.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - rspndr (@%SystemRoot%\system32\lltdres.dll,-5) -> system32\drivers\rspndr.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - storqosflt (@%SystemRoot%\System32\drivers\storqosflt.sys,-101) -> system32\drivers\storqosflt.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - tcpipreg (TCP/IP Registry Compatibility) -> System32\drivers\tcpipreg.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - wanarp (@%systemroot%\system32\mprmsg.dll,-32011) -> System32\DRIVERS\wanarp.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - wcifs (@%systemroot%\system32\drivers\wcifs.sys,-100) -> \SystemRoot\system32\drivers\wcifs.sys - AcceptPause: False - AcceptStop: True ---------- | System files (Microsoft|Avast|Atheros|Adaptec|Brother|Intel Files whitelisted) ---------- | Uninstall (Whitelist) [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\511ad79e8fa1ef09b8f44d699b063479] : (.-.) -> [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\uTorrent] : (µTorrent.-.BitTorrent Inc.) -> [HKU\S-1-5-21-2558606646-2195665510-3164333630-1002\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}] : (Roblox Studio for famille penaib.-.Roblox Corporation) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{098CDAF9-5A9B-4731-9F3C-F3F1DF7490C2}_is1] : (Actiona 3.9.2 (64 bits).-.Actiona.tools) -> "C:\Program Files\Actiona\unins000.exe" [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{58C1E04C-4538-46EF-93C7-788C935E0031}_is1] : (Win Tonic.-.pctonics.com) -> "C:\Program Files\Win Tonic\unins000.exe" ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel] : (Panneau de configuration NVIDIA 388.13.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus] : (NVIDIA Optimus Update 2.11.3.5.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update] : (Mises à jour NVIDIA 2.11.3.5.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer] : (NVIDIA LED Visualizer 1.0.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv] : (SHIELD Streaming.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GfExperienceService] : (NVIDIA GeForce Experience Service.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer] : (NVIDIA Install Application.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service] : (NVIDIA Network Service.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainer] : (NVIDIA Display Container.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainerLS] : (NVIDIA Display Container LS.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayPluginWatchdog] : (NVIDIA Display Watchdog Plugin.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplaySessionContainer] : (NVIDIA Display Session Container.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay] : (NVIDIA ShadowPlay 2.11.3.5.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController] : (SHIELD Wireless Controller Driver.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core] : (NVIDIA Update Core.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver] : (NVIDIA Virtual Audio 1.2.40.-.NVIDIA Corporation) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{D20015E2-CAB7-4664-B8D8-F153E9427DE2}] : (Logiciel de base du périphérique HP ENVY 4520 series.-.Hewlett-Packard Co.) -> MsiExec.exe /I{D20015E2-CAB7-4664-B8D8-F153E9427DE2} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield Uninstall Information] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallWIX_{5AAE61FF-858E-453E-B8F3-944618149975}] : (Kaspersky Free.-.Kaspersky Lab) -> MsiExec.exe /I{5AAE61FF-858E-453E-B8F3-944618149975} REMOVE=ALL [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallWIX_{F33C0717-8E04-4EB5-90C8-47221287DB4F}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{065E406C-5309-4CE8-9935-189A1EAE1004}] : (Amazon Assistant.-.Amazon) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}] : (Minecraft.-.Mojang) -> MsiExec.exe /X{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{21B20945-C837-4F6F-A4D4-80ECB462367C}] : (Dawn of War - Soulstorm.-.THQ) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F32180131F0}] : (Java 8 Update 131.-.Oracle Corporation) -> MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F32180131F0} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{3E1679DA-5081-44AA-B4C2-BF8EE7E107E0}] : (OpenOffice 4.1.3.-.Apache Software Foundation) -> MsiExec.exe /I{3E1679DA-5081-44AA-B4C2-BF8EE7E107E0} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{446AA6E0-104D-40FB-A18A-A3431AED2F14}] : (HP Support Solutions Framework.-.HP Inc.) -> MsiExec.exe /X{446AA6E0-104D-40FB-A18A-A3431AED2F14} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}] : (Java Auto Updater.-.Oracle Corporation) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{56D27851-B9A6-430F-875A-E2D7A3802C7B}] : (HP Support Assistant.-.HP Inc.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{582876EC-A178-44D4-9823-C10D6C62EAFF}] : (.-.) -> MsiExec /X{8B922CF8-8A6C-41CE-A858-F1755D7F5D29} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{5AAE61FF-858E-453E-B8F3-944618149975}] : (Kaspersky Free.-.Kaspersky Lab) -> MsiExec.exe /I{5AAE61FF-858E-453E-B8F3-944618149975} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}] : (Google Update Helper.-.Google Inc.) -> MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{64228DFB-7450-49B7-935C-B97342CB6659}] : (HP Customer Experience Enhancements.-.HP Development Company, L.P.) -> MsiExec.exe /X{64228DFB-7450-49B7-935C-B97342CB6659} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{6CE23139-4FCC-4819-970B-F37B7DD83243}] : (Algobox 1.0.2 (64-bit).-.Algobox) -> MsiExec.exe /I{6CE23139-4FCC-4819-970B-F37B7DD83243} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{8670953D-FB1B-4365-B71A-A9560F37E1ED}_is1] : (Totally Accurate Battle Simulator version 0.3.6.-.Landfall) -> "C:\Program Files (x86)\Totally Accurate Battle Simulator\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}] : (NVIDIA PhysX.-.NVIDIA Corporation) -> MsiExec.exe /I{8B922CF8-8A6C-41CE-A858-F1755D7F5D29} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}] : (Google Update Helper.-.Google Inc.) -> MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-0804-1033-1959-001824311644}] : (Adobe Refresh Manager.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-0804-1033-1959-001824311644} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}] : (Adobe Acrobat Reader DC - Français.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-AC0F074E4100} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AF599C42-A2E5-4251-B7EE-4925C227AE9B}] : (Hotspot Shield 7.16.0.-.AnchorFree Inc.) -> MsiExec.exe /X{AF599C42-A2E5-4251-B7EE-4925C227AE9B} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{D0B36BAF-3E9D-423E-8821-ED238C18DB0A}] : (Warhammer 40,000: Dawn Of War - Gold Edition.-.THQ) -> MsiExec.exe /X{D0B36BAF-3E9D-423E-8821-ED238C18DB0A} ---------- | Ports ---------- | Installer [HKCR\Installer\Products\00006109C80000000000000000F01FEC] : Office 16 Click-to-Run Extensibility Component [HKCR\Installer\Products\00006109C800C0400000000000F01FEC] : Office 16 Click-to-Run Localization Component [HKCR\Installer\Products\00006109DD0000000100000000F01FEC] : Office 16 Click-to-Run Extensibility Component 64-bit Registration [HKCR\Installer\Products\00006109F80000000100000000F01FEC] : Office 16 Click-to-Run Licensing Component [HKCR\Installer\Products\0E6AA644D401BF041AA83A34A1DEF241] : HP Support Solutions Framework -> C:\windows\Installer\{446AA6E0-104D-40FB-A18A-A3431AED2F14}\icon.ico [HKCR\Installer\Products\15872D656A9BF03478A52E7D3A08C2B7] : HP Support Assistant -> C:\windows\Installer\{56D27851-B9A6-430F-875A-E2D7A3802C7B}\ARPPRODUCTICON.exe [HKCR\Installer\Products\24C995FA5E2A15247BEE94522C72EAB9] : Hotspot Shield 7.16.0 [HKCR\Installer\Products\2E51002D7BAC46648B8D1F359E24D72E] : Logiciel de base du périphérique HP ENVY 4520 series -> C:\windows\Installer\{D20015E2-CAB7-4664-B8D8-F153E9427DE2}\ARP_Icon [HKCR\Installer\Products\343380EDD42D594419E9816CE50C2F98] : Update for Windows 10 for x64-based Systems (KB4023057) [HKCR\Installer\Products\3ACB61C11CBE6F946832F8FB9BCC8C27] : Minecraft -> C:\WINDOWS\Installer\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}\minecraft.ico [HKCR\Installer\Products\4EA42A62D9304AC4784BF2238110130F] : Java 8 Update 131 -> C:\Program Files (x86)\Java\jre1.8.0_131\\bin\javaws.exe [HKCR\Installer\Products\54902B12738CF6F44A4D08CE4B2663C7] : Dawn of War - Soulstorm [HKCR\Installer\Products\68AB67CA408033019195008142136144] : Adobe Refresh Manager -> C:\WINDOWS\Installer\{AC76BA86-0804-1033-1959-001824311644}\ARPPRODUCTICON.exe [HKCR\Installer\Products\68AB67CA7DA76301B744CAF070E41400] : Adobe Acrobat Reader DC - Français -> C:\WINDOWS\Installer\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}\SC_Reader.ico [HKCR\Installer\Products\835B4B0F17DF05D469E9198F35210F47] : Regressi [HKCR\Installer\Products\8FC229B8C6A8EC148A851F57D5F7D592] : NVIDIA PhysX -> C:\windows\Installer\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}\icon.ico [HKCR\Installer\Products\93132EC6CCF4918479B03FB7D78D2334] : Algobox 1.0.2 (64-bit) -> C:\WINDOWS\Installer\{6CE23139-4FCC-4819-970B-F37B7DD83243}\algobox.ico [HKCR\Installer\Products\99E80CA9B0328e74791254777B1F42AE] : [HKCR\Installer\Products\A089CE062ADB6BC44A720BA745894BAC] : Google Update Helper [HKCR\Installer\Products\AD9761E31805AA444B2CFBE87E1E700E] : OpenOffice 4.1.3 -> C:\WINDOWS\Installer\{3E1679DA-5081-44AA-B4C2-BF8EE7E107E0}\soffice.ico [HKCR\Installer\Products\BFD8224605477B9439C59B3724BC6695] : HP Customer Experience Enhancements -> C:\windows\Installer\{64228DFB-7450-49B7-935C-B97342CB6659}\ARPPRODUCTICON.exe [HKCR\Installer\Products\C604E56090358EC4995381A9E1EA0140] : Amazon Assistant -> C:\WINDOWS\Installer\{065E406C-5309-4CE8-9935-189A1EAE1004}\installIcon.exe [HKCR\Installer\Products\D139E7FE48CDB174D86B8A3385904547] : [HKCR\Installer\Products\F45FAD3B52BD6854E91F692DB41B0488] : Windows Movie Maker 2.6 [HKCR\Installer\Products\F60730A4A66673047777F5728467D401] : Java Auto Updater [HKCR\Installer\Products\FF16EAA5E858E3548B3F496481419957] : Kaspersky Free -> C:\WINDOWS\Installer\{5AAE61FF-858E-453E-B8F3-944618149975}\arp.ico ---------- | Drives ---------- | MBR 64 bits not supported by MBR.exe, Dump : C:\QuickDiag\MBR.Bin ---------- | 20 LastEventLog Nom de l’application défaillante svchost.exe_UserDataSvc, version : 10.0.17134.1, horodatage : 0xa38b9ab2 Nom du module défaillant : ucrtbase.dll, version : 10.0.17134.191, horodatage : 0x5db729cd Code d’exception : 0xc0000005 Décalage d’erreur : 0x0000000000039078 ID du processus défaillant : 0x1b84 Heure de début de l’application défaillante : 0x01d4da852e1102ca Chemin d’accès de l’application défaillante : c:\windows\system32\svchost.exe Chemin d’accès du module défaillant: C:\WINDOWS\System32\ucrtbase.dll ID de rapport : fc20bfa6-cb0d-4e4a-9df4-3b6fd58d3c7f Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Nom de l’application défaillante svchost.exe_WpnUserService, version : 10.0.17134.1, horodatage : 0xa38b9ab2 Nom du module défaillant : NotificationController.dll, version : 10.0.17134.165, horodatage : 0xe0385185 Code d’exception : 0xc0000005 Décalage d’erreur : 0x000000000007a24d ID du processus défaillant : 0x430 Heure de début de l’application défaillante : 0x01d4da88f97c0495 Chemin d’accès de l’application défaillante : C:\WINDOWS\system32\svchost.exe Chemin d’accès du module défaillant: C:\Windows\System32\NotificationController.dll ID de rapport : bab90bef-b41d-4130-863b-6b021868d11a Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Nom de l’application défaillante SearchUI.exe, version : 10.0.17134.228, horodatage : 0x5b63c896 Nom du module défaillant : Windows.UI.Xaml.dll, version : 10.0.17134.81, horodatage : 0x4f4899f8 Code d’exception : 0xc0000005 Décalage d’erreur : 0x00000000007e48cf ID du processus défaillant : 0x1b20 Heure de début de l’application défaillante : 0x01d4d98cce5cd363 Chemin d’accès de l’application défaillante : C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe Chemin d’accès du module défaillant: C:\Windows\System32\Windows.UI.Xaml.dll ID de rapport : 47321c04-0ac8-4fd4-a59f-f12420b4b728 Nom complet du package défaillant : Microsoft.Windows.Cortana_1.10.7.17134_neutral_neutral_cw5n1h2txyewy ID de l’application relative au package défaillant : CortanaUI ------------ Nom de l’application défaillante svchost.exe_WpnUserService, version : 10.0.17134.1, horodatage : 0xa38b9ab2 Nom du module défaillant : QuietHours.dll, version : 10.0.17134.165, horodatage : 0xa4eee2d0 Code d’exception : 0xc0000005 Décalage d’erreur : 0x000000000004bae4 ID du processus défaillant : 0x1eb8 Heure de début de l’application défaillante : 0x01d4d85c310711d4 Chemin d’accès de l’application défaillante : C:\WINDOWS\system32\svchost.exe Chemin d’accès du module défaillant: C:\Windows\System32\QuietHours.dll ID de rapport : 67f0958f-93ec-47dd-9756-a92c1b163b21 Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Nom de l’application défaillante svchost.exe_WpnUserService, version : 10.0.17134.1, horodatage : 0xa38b9ab2 Nom du module défaillant : NotificationController.dll, version : 10.0.17134.165, horodatage : 0xe0385185 Code d’exception : 0xc0000005 Décalage d’erreur : 0x000000000007a24d ID du processus défaillant : 0x3a08 Heure de début de l’application défaillante : 0x01d4d83a5593101d Chemin d’accès de l’application défaillante : C:\WINDOWS\system32\svchost.exe Chemin d’accès du module défaillant: C:\Windows\System32\NotificationController.dll ID de rapport : 49526079-21e9-4856-a86c-a3ddfb50b0ad Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Nom de l’application défaillante svchost.exe_WpnUserService, version : 10.0.17134.1, horodatage : 0xa38b9ab2 Nom du module défaillant : QuietHours.dll, version : 10.0.17134.165, horodatage : 0xa4eee2d0 Code d’exception : 0xc0000005 Décalage d’erreur : 0x000000000004bae4 ID du processus défaillant : 0x5f8 Heure de début de l’application défaillante : 0x01d4d833c7b4b2da Chemin d’accès de l’application défaillante : C:\WINDOWS\system32\svchost.exe Chemin d’accès du module défaillant: C:\Windows\System32\QuietHours.dll ID de rapport : b69aed51-dcda-4826-88f8-395858600291 Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Échec de l’extraction de la liste racine tierce depuis le fichier CAB de mise à jour automatique à : avec l’erreur : Données non valides. . ------------ Échec de l’extraction de la liste racine tierce depuis le fichier CAB de mise à jour automatique à : avec l’erreur : Données non valides. . ------------ Échec de l’extraction de la liste racine tierce depuis le fichier CAB de mise à jour automatique à : avec l’erreur : Données non valides. . ------------ Échec de l’extraction de la liste racine tierce depuis le fichier CAB de mise à jour automatique à : avec l’erreur : Données non valides. . ------------ Échec de l’extraction de la liste racine tierce depuis le fichier CAB de mise à jour automatique à : avec l’erreur : Données non valides. . ------------ Échec de l’extraction de la liste racine tierce depuis le fichier CAB de mise à jour automatique à : avec l’erreur : Données non valides. . ------------ Échec de l’extraction de la liste racine tierce depuis le fichier CAB de mise à jour automatique à : avec l’erreur : Données non valides. . ------------ Échec de l’extraction de la liste racine tierce depuis le fichier CAB de mise à jour automatique à : avec l’erreur : Données non valides. . ------------ Échec de l’extraction de la liste racine tierce depuis le fichier CAB de mise à jour automatique à : avec l’erreur : Données non valides. . ------------ Échec de l’extraction de la liste racine tierce depuis le fichier CAB de mise à jour automatique à : avec l’erreur : Données non valides. . ------------ Échec de l’extraction de la liste racine tierce depuis le fichier CAB de mise à jour automatique à : avec l’erreur : Données non valides. . ------------ Échec de l’extraction de la liste racine tierce depuis le fichier CAB de mise à jour automatique à : avec l’erreur : Données non valides. . ------------ Échec de l’extraction de la liste racine tierce depuis le fichier CAB de mise à jour automatique à : avec l’erreur : Données non valides. . ------------ ----------( EOF)---------- - 4517 | 16:39:20