--------------- QuickDiag | g3n-h@ckm@n | V5_27.02.19.1 --------------- ----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 17/07/2019 12:30:15 Updated 27/02/2019 | 11:10 (GMT) by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Time Zone : (UTC+01:00) Bruxelles, Copenhague, Madrid, Paris [Personnel (Administrator)] - [DESKTOP-BVRDNI1] (S-1-5-21-3016070864-3641507875-3210199050-1001) System: Microsoft Windows 10 Famille - - (10.0.17134) - BuildType: Multiprocessor Free - OSLanguage: 1036 (040c) -> (1803) System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True Boot : Microsoft Windows 10 Famille|C:\WINDOWS|\Device\Harddisk0\Partition2 Boot : Normal boot PC: SATELLITE L70-A - TOSHIBA - IdNumber: 2E014317C - UUID: 16A61460-903B-11E3-BA71-C454441B39FC Processor : X64 - 2494 Mhz - Intel(R) Core(TM) i5-4200M CPU @ 2.50GHz InsydeH2O Version 03.73.061.50 - en|US|iso8859-1 - Insyde Corp. - S/N: 2E014317C - 1.50 - TOSQCI - 1 CoreTemp : ? Celsius ----------| Quick ---------- | SoundDevice Conexant SmartAudio HD - Status: OK - Manufacturer: Conexant - PNPDeviceID: HDAUDIO\FUNC_01&VEN_14F1&DEV_5114&SUBSYS_1179FA80&REV_1001\4&15F9C4DC&0&0001 ---------- | Video Intel(R) HD Graphics 4600 - Resolution: 1600x900 - Colors: 4294967296 - RefreshRate: 60 - 32 Bits Per Pixel - DeviceID: VideoController1 - Drivers: igdumdim64.dll,igd10iumd64.dll,igd10iumd64.dll,igd12umd64.dll - PNPDeviceID: PCI\VEN_8086&DEV_0416&SUBSYS_FA891179&REV_06\3&11583659&0&10 - AdapterCompatibility: Intel Corporation - RAM: 1073741824 NVIDIA GeForce GT 740M - Resolution: x - Colors: - RefreshRate: - Bits Per Pixel - DeviceID: VideoController2 - Drivers: C:\WINDOWS\System32\DriverStore\FileRepository\nvtd.inf_amd64_c34aa07807f46c95\nvd3dumx.dll,C:\WINDOWS\System32\DriverStore\FileRepository\nvtd.inf_amd64_c34aa07807f46c95\nvwgf2umx.dll,C:\WINDOWS\System32\DriverStore\FileRepository\nvtd.inf_amd64_c34aa07807f46c95\nvwgf2umx.dll,C:\WINDOWS\System32\DriverStore\FileRepository\nvtd.inf_amd64_c34aa07807f46c95\nvwgf2umx.dll - PNPDeviceID: PCI\VEN_10DE&DEV_1292&SUBSYS_FA891179&REV_A1\4&34E05AE9&0&0008 - AdapterCompatibility: NVIDIA - RAM: -2147483648 Inegrated Video Chipset DeviceName: Intel(R) HD Graphics 4600 - DriverVersion: 20.19.15.5070 - SpecificationVersion: 1025 ---------- | Codecs c:\windows\system32\imaadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 36264 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 34696 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\l3codeca.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 86016 - Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK c:\windows\system32\msg711.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 25408 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\tsbyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 16896 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msvidc32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 39424 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msgsm32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 42480 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msrle32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 17920 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\iyuv_32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 53760 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 28160 - Manufacturer: Microsoft Corporation - Status: OK ---------- | CPU CPU #1 value:0 % CPU #2 value:7 % CPU #3 value:7 % CPU #4 value:0 % Total Overall CPU Usage value:4 % ---------- | Network Qualcomm Atheros AR8161 PCI-E Gigabit Ethernet Controller [NDIS 6.30] : SENT:0 bytes/sec / RECVD:0 bytes/sec Qualcomm Atheros AR956x Wireless Network Adapter : SENT:0 bytes/sec / RECVD:0 bytes/sec Overall -> SEND Maxium:4 bytes/sec, / RECEIVE Maximum:0 bytes/sec Microsoft Kernel Debug Network Adapter - - Microsoft - Status: - PnPID : ROOT\KDNIC\0000 Qualcomm Atheros AR956x Wireless Network Adapter - Ethernet 802.3 - Qualcomm Atheros Communications Inc. - Status: - PnPID : PCI\VEN_168C&DEV_0036&SUBSYS_061211AD&REV_01\4&13FF2E12&0&00E2 Qualcomm Atheros AR8161 PCI-E Gigabit Ethernet Controller (NDIS 6.30) - Ethernet 802.3 - Qualcomm Atheros - Status: - PnPID : PCI\VEN_1969&DEV_1091&SUBSYS_FA821179&REV_10\FF1B39FCC45444FF00 Microsoft Wi-Fi Direct Virtual Adapter - Ethernet 802.3 - Microsoft - Status: - PnPID : {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP_WFD\5&2343246D&0&11 Microsoft Wi-Fi Direct Virtual Adapter #2 - Ethernet 802.3 - Microsoft - Status: - PnPID : {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP_WFD\5&2343246D&0&12 Bluetooth Device (RFCOMM Protocol TDI) - - Microsoft - Status: - PnPID : BTH\MS_RFCOMM\7&22419453&0&0 Bluetooth Device (Personal Area Network) #2 - Ethernet 802.3 - Microsoft - Status: - PnPID : BTH\MS_BTHPAN\7&22419453&0&2 WAN Miniport (SSTP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_SSTPMINIPORT WAN Miniport (IKEv2) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_AGILEVPNMINIPORT WAN Miniport (L2TP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_L2TPMINIPORT WAN Miniport (PPTP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_PPTPMINIPORT WAN Miniport (PPPOE) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_PPPOEMINIPORT WAN Miniport (IP) - Ethernet 802.3 - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_NDISWANIP WAN Miniport (IPv6) - Ethernet 802.3 - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_NDISWANIPV6 WAN Miniport (Network Monitor) - Ethernet 802.3 - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_NDISWANBH RAS Async Adapter - Réseau étendu (WAN) - Microsoft - Status: - PnPID : SW\{EEAB7790-C514-11D1-B42B-00805FC1270E}\ASYNCMAC ---------- | Memory RAM = Total (MB) : 4121 | Free (MB) : 766 Pagefile = Total (MB) : 4842 | Free (MB) : 1189 Virtual = Total (MB) : 4194 | Free (MB) : 3881 Physical Memory 2 : Capacity: 4294967296 - DIMM1 - Posit.: 2 - Manufacturer: Samsung - PartNumber: M471B5173QH0-YK0 - S/N: 150CB5F1 ---------- | SID Users Administrateur : [S-1-5-21-3016070864-3641507875-3210199050-500] DefaultAccount : [S-1-5-21-3016070864-3641507875-3210199050-503] Invité : [S-1-5-21-3016070864-3641507875-3210199050-501] Personnel : [S-1-5-21-3016070864-3641507875-3210199050-1001] WDAGUtilityAccount : [S-1-5-21-3016070864-3641507875-3210199050-504] Administrateurs : [S-1-5-32-544] IIS_IUSRS : [S-1-5-32-568] Invités : [S-1-5-32-546] Lecteurs des journaux d’événements : [S-1-5-32-573] System Managed Accounts Group : [S-1-5-32-581] Utilisateurs : [S-1-5-32-545] Utilisateurs de gestion à distance : [S-1-5-32-580] Utilisateurs de l’Analyseur de performances : [S-1-5-32-558] Utilisateurs du journal de performances : [S-1-5-32-559] Utilisateurs du modèle COM distribué : [S-1-5-32-562] ---------- | SystemAccounts Name: Tout le monde - SID: S-1-1-0 - SIDType: 5 - Status: OK Name: LOCAL - SID: S-1-2-0 - SIDType: 5 - Status: OK Name: CREATEUR PROPRIETAIRE - SID: S-1-3-0 - SIDType: 5 - Status: OK Name: GROUPE CREATEUR - SID: S-1-3-1 - SIDType: 5 - Status: OK Name: CREATOR OWNER SERVER - SID: S-1-3-2 - SIDType: 5 - Status: OK Name: CREATOR GROUP SERVER - SID: S-1-3-3 - SIDType: 5 - Status: OK Name: DROITS DU PROPRIÉTAIRE - SID: S-1-3-4 - SIDType: 5 - Status: OK Name: LIGNE - SID: S-1-5-1 - SIDType: 5 - Status: OK Name: RESEAU - SID: S-1-5-2 - SIDType: 5 - Status: OK Name: TACHE - SID: S-1-5-3 - SIDType: 5 - Status: OK Name: INTERACTIF - SID: S-1-5-4 - SIDType: 5 - Status: OK Name: SERVICE - SID: S-1-5-6 - SIDType: 5 - Status: OK Name: ANONYMOUS LOGON - SID: S-1-5-7 - SIDType: 5 - Status: OK Name: Proxy - SID: S-1-5-8 - SIDType: 5 - Status: OK Name: Système - SID: S-1-5-18 - SIDType: 5 - Status: OK Name: ENTERPRISE DOMAIN CONTROLLERS - SID: S-1-5-9 - SIDType: 5 - Status: OK Name: SELF - SID: S-1-5-10 - SIDType: 5 - Status: OK Name: Utilisateurs authentifiés - SID: S-1-5-11 - SIDType: 5 - Status: OK Name: RESTRICTED - SID: S-1-5-12 - SIDType: 5 - Status: OK Name: UTILISATEUR TERMINAL SERVER - SID: S-1-5-13 - SIDType: 5 - Status: OK Name: REMOTE INTERACTIVE LOGON - SID: S-1-5-14 - SIDType: 5 - Status: OK Name: IUSR - SID: S-1-5-17 - SIDType: 5 - Status: OK Name: SERVICE LOCAL - SID: S-1-5-19 - SIDType: 5 - Status: OK Name: SERVICE RÉSEAU - SID: S-1-5-20 - SIDType: 5 - Status: OK Name: BUILTIN - SID: S-1-5-32 - SIDType: 3 - Status: OK ---------- | Drives C:\ -> [Fixed] | [] | Total : 930.24 Go | Free : 673.21 Go -> NTFS [SATA] E:\ -> [CDROM] | [Audio CD] Disk Usage Information [1 total Physical Disks] Physical Drive #0 [C:] : Read:1,189,420 bytes/sec, Written:1,044,761 bytes/sec Max Read:1,189,420 bytes/sec, Max Write:1,044,761 bytes/sec Overall - Read Maximum:1,189,420 bytes/sec, Write Maximum:1,044,761 bytes/sec DeviceID: \\.\PHYSICALDRIVE0 - Status: OK - IDE - Fixed hard disk media - 3 Part. - PnPID : SCSI\DISK&VEN_TOSHIBA&PROD_MQ01ABD100\4&1CDF97BD&0&050000 ---------- | Windows updates - Activation - License W.A.T : :) Test 1 : Windows Is Activated Volume License ---------- | Browsers IE : 11.0.17134.1 (© Microsoft Corporation. Tous droits réservés.) GC : 75.0.3770.100 (Copyright 2019 Google LLC.) Default : "C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" -- "" ---------- | FlashPlayer FlashPlayer ActiveX : 32.0.0.207 ---------- | Security AV : Windows Defender Disabled FW : WINDOWS Firewall WMI : OK WU: Windows Update Service [Manual(3)] = Running AS: Windows Defender [Manual(3)] = stopped WMI: Windows Management Instrumentation [Auto(2)] = Running ---------- | Running processes 472 | [Owner : Système | Parent : 4(System) | ?????] - (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (10.0.17134.590) = C:\Windows\System32\smss.exe [24/02/2019 16:47:11] CPU Usage:0 % 652 | [Owner : Système | Parent : 640() | ?????] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (10.0.17134.1) = C:\Windows\System32\csrss.exe [12/04/2018 01:34:22] CPU Usage:0 % 760 | [Owner : Système | Parent : 640() | ?????] - (.Microsoft Corporation - Application de démarrage de Windows.) - (10.0.17134.1) = C:\Windows\System32\wininit.exe [12/04/2018 01:34:22] CPU Usage:0 % 832 | [Owner : Système | Parent : 760(wininit.exe) | ?????] - (.Microsoft Corporation - Applications Services et Contrôleur.) - (10.0.17134.191) = C:\Windows\System32\services.exe [15/08/2018 12:42:20] CPU Usage:0 % 848 | [Owner : Système | Parent : 760(wininit.exe) | ?????] - (.Microsoft Corporation - Local Security Authority Process.) - (10.0.17134.376) = C:\Windows\System32\lsass.exe [19/11/2018 16:03:12] CPU Usage:0 % 964 | [Owner : Système | Parent : 832(services.exe) | 3.54 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [24/02/2019 16:47:31] CPU Usage:0 % 988 | [Owner : UMFD-0 | Parent : 760(wininit.exe) | 2.68 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.17134.765) = C:\Windows\System32\fontdrvhost.exe [18/05/2019 21:46:43] CPU Usage:0 % 68 | [Owner : Système | Parent : 832(services.exe) | 29.21 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [24/02/2019 16:47:31] CPU Usage:0 % 380 | [Owner : SERVICE RÉSEAU | Parent : 832(services.exe) | 13.06 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [24/02/2019 16:47:31] CPU Usage:0 % 592 | [Owner : Système | Parent : 832(services.exe) | 7.57 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [24/02/2019 16:47:31] CPU Usage:0 % 1304 | [Owner : Système | Parent : 832(services.exe) | 14.42 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [24/02/2019 16:47:31] CPU Usage:0 % 1312 | [Owner : Système | Parent : 832(services.exe) | 8.87 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [24/02/2019 16:47:31] CPU Usage:0 % 1320 | [Owner : Système | Parent : 832(services.exe) | 10.1 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [24/02/2019 16:47:31] CPU Usage:0 % 1468 | [Owner : Système | Parent : 832(services.exe) | 5.34 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [24/02/2019 16:47:31] CPU Usage:0 % 1484 | [Owner : Système | Parent : 832(services.exe) | 9.16 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [24/02/2019 16:47:31] CPU Usage:0 % 1716 | [Owner : Système | Parent : 832(services.exe) | 9.12 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.0.0.0) = C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [22/06/2017 15:20:49] CPU Usage:0 % 1756 | [Owner : SERVICE LOCAL | Parent : 832(services.exe) | 15.82 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [24/02/2019 16:47:31] CPU Usage:0 % 1764 | [Owner : SERVICE LOCAL | Parent : 832(services.exe) | 6.72 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [24/02/2019 16:47:31] CPU Usage:0 % 1772 | [Owner : SERVICE LOCAL | Parent : 832(services.exe) | 15.12 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [24/02/2019 16:47:31] CPU Usage:0 % 1780 | [Owner : SERVICE LOCAL | Parent : 832(services.exe) | 9.23 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [24/02/2019 16:47:31] CPU Usage:0 % 1788 | [Owner : SERVICE LOCAL | Parent : 832(services.exe) | 7.34 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [24/02/2019 16:47:31] CPU Usage:0 % 1796 | [Owner : SERVICE LOCAL | Parent : 832(services.exe) | 11.11 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [24/02/2019 16:47:31] CPU Usage:0 % 1988 | [Owner : Système | Parent : 832(services.exe) | 94.85 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [24/02/2019 16:47:31] CPU Usage:0 % 2012 | [Owner : Système | Parent : 832(services.exe) | 5.24 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [24/02/2019 16:47:31] CPU Usage:0 % 1112 | [Owner : Système | Parent : 832(services.exe) | 8.7 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [24/02/2019 16:47:31] CPU Usage:0 % 2096 | [Owner : SERVICE LOCAL | Parent : 832(services.exe) | 7.8 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [24/02/2019 16:47:31] CPU Usage:0 % 2148 | [Owner : Système | Parent : 832(services.exe) | 7.88 Mo] - (.Intel Corporation - igfxCUIService Module.) - (6.15.10.5070) = C:\Windows\System32\igfxCUIService.exe [02/12/2016 07:31:14] CPU Usage:0 % 2188 | [Owner : Système | Parent : 832(services.exe) | 6.87 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [24/02/2019 16:47:31] CPU Usage:0 % 2220 | [Owner : SERVICE LOCAL | Parent : 832(services.exe) | 6.67 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [24/02/2019 16:47:31] CPU Usage:0 % 2228 | [Owner : SERVICE LOCAL | Parent : 832(services.exe) | 7.73 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [24/02/2019 16:47:31] CPU Usage:0 % 2296 | [Owner : Système | Parent : 832(services.exe) | 7.95 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [24/02/2019 16:47:31] CPU Usage:0 % 2336 | [Owner : Système | Parent : 832(services.exe) | 7.55 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [24/02/2019 16:47:31] CPU Usage:0 % 2372 | [Owner : SERVICE LOCAL | Parent : 832(services.exe) | 6.95 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [24/02/2019 16:47:31] CPU Usage:0 % 2464 | [Owner : SERVICE LOCAL | Parent : 2296(svchost.exe) | 9.63 Mo] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (10.0.17134.1) = C:\Windows\System32\dasHost.exe [12/04/2018 01:34:12] CPU Usage:0 % 2500 | [Owner : SERVICE RÉSEAU | Parent : 832(services.exe) | 11.03 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [24/02/2019 16:47:31] CPU Usage:0 % 2516 | [Owner : Système | Parent : 832(services.exe) | 19.34 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [24/02/2019 16:47:31] CPU Usage:0 % 2548 | [Owner : SERVICE LOCAL | Parent : 832(services.exe) | 8.72 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [24/02/2019 16:47:31] CPU Usage:0 % 2628 | [Owner : SERVICE LOCAL | Parent : 832(services.exe) | 11.6 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [24/02/2019 16:47:31] CPU Usage:0 % 2660 | [Owner : SERVICE LOCAL | Parent : 832(services.exe) | 9.18 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [24/02/2019 16:47:31] CPU Usage:0 % 2700 | [Owner : SERVICE LOCAL | Parent : 832(services.exe) | 8.86 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [24/02/2019 16:47:31] CPU Usage:0 % 2832 | [Owner : Système | Parent : 832(services.exe) | 13.93 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [24/02/2019 16:47:31] CPU Usage:0 % 2884 | [Owner : SERVICE LOCAL | Parent : 832(services.exe) | 5.77 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [24/02/2019 16:47:31] CPU Usage:0 % 2892 | [Owner : SERVICE LOCAL | Parent : 832(services.exe) | 10.76 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [24/02/2019 16:47:31] CPU Usage:0 % 2344 | [Owner : SERVICE LOCAL | Parent : 832(services.exe) | 7.08 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [24/02/2019 16:47:31] CPU Usage:0 % 3148 | [Owner : Système | Parent : 832(services.exe) | 14.18 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [24/02/2019 16:47:31] CPU Usage:0 % 3260 | [Owner : Système | Parent : 832(services.exe) | ?????] - (.AVAST Software - Avast Service.) - (19.5.4444.0) = C:\Program Files\AVAST Software\Avast\AvastSvc.exe [14/06/2019 22:08:04] CPU Usage:0 % 3268 | [Owner : Système | Parent : 832(services.exe) | 13.01 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [24/02/2019 16:47:31] CPU Usage:0 % 3728 | [Owner : Système | Parent : 832(services.exe) | 14.93 Mo] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.17134.1) = C:\Windows\System32\spoolsv.exe [12/04/2018 01:34:41] CPU Usage:0 % 3776 | [Owner : SERVICE RÉSEAU | Parent : 832(services.exe) | 7.31 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [24/02/2019 16:47:31] CPU Usage:0 % 3992 | [Owner : Système | Parent : 832(services.exe) | 4.74 Mo] - (.ELAN Microelectronics Corp. - Elan Service.) - (11.10.8.3) = C:\Program Files\Elantech\ETDService.exe [25/09/2015 19:58:06] CPU Usage:0 % 4000 | [Owner : Système | Parent : 832(services.exe) | 7.95 Mo] - (.Apple Inc. - MobileDeviceService.) - (17.423.0.24) = C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [11/10/2017 12:23:00] CPU Usage:0 % 4008 | [Owner : Système | Parent : 832(services.exe) | 6.13 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [24/02/2019 16:47:31] CPU Usage:0 % 4020 | [Owner : Système | Parent : 832(services.exe) | 24.82 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [24/02/2019 16:47:31] CPU Usage:0 % 4028 | [Owner : Système | Parent : 832(services.exe) | 10.67 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [24/02/2019 16:47:31] CPU Usage:0 % 4036 | [Owner : SERVICE LOCAL | Parent : 832(services.exe) | 5.7 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [24/02/2019 16:47:31] CPU Usage:0 % 4044 | [Owner : Système | Parent : 832(services.exe) | 5.55 Mo] - (.Apple Inc. - Bonjour Service.) - (3.1.0.1) = C:\Program Files\Bonjour\mDNSResponder.exe [12/08/2015 16:03:42] CPU Usage:0 % 4052 | [Owner : Système | Parent : 832(services.exe) | 4.91 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [24/02/2019 16:47:31] CPU Usage:0 % 4060 | [Owner : Système | Parent : 832(services.exe) | 19.02 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [24/02/2019 16:47:31] CPU Usage:0 % 4068 | [Owner : SERVICE LOCAL | Parent : 832(services.exe) | 8.81 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [24/02/2019 16:47:31] CPU Usage:0 % 4080 | [Owner : Système | Parent : 832(services.exe) | ?????] - (.Microsoft Corporation - Windows Security Health Service.) - (4.13.17134.191) = C:\Windows\System32\SecurityHealthService.exe [15/08/2018 12:42:35] CPU Usage:0 % 4088 | [Owner : SERVICE RÉSEAU | Parent : 832(services.exe) | 20.08 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [24/02/2019 16:47:31] CPU Usage:0 % 3080 | [Owner : SERVICE LOCAL | Parent : 832(services.exe) | 23.4 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [24/02/2019 16:47:31] CPU Usage:0 % 2868 | [Owner : Système | Parent : 832(services.exe) | 5.82 Mo] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - (1.824.31.1644) = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [16/12/2018 20:29:48] CPU Usage:0 % 3604 | [Owner : Système | Parent : 832(services.exe) | 8.22 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [24/02/2019 16:47:31] CPU Usage:0 % 4128 | [Owner : SERVICE RÉSEAU | Parent : 832(services.exe) | 7.91 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [24/02/2019 16:47:31] CPU Usage:0 % 4384 | [Owner : Système | Parent : 832(services.exe) | 11.64 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [24/02/2019 16:47:31] CPU Usage:0 % 4420 | [Owner : SERVICE LOCAL | Parent : 832(services.exe) | 4.7 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [24/02/2019 16:47:31] CPU Usage:0 % 5080 | [Owner : Système | Parent : 832(services.exe) | 7.09 Mo] - (.Conexant Systems Inc. - Conexant Audio Message Service.) - (1.16.0.0) = C:\Windows\System32\CxAudMsg64.exe [22/06/2017 15:22:20] CPU Usage:0 % 3524 | [Owner : SERVICE LOCAL | Parent : 832(services.exe) | 9.38 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [24/02/2019 16:47:31] CPU Usage:0 % 5228 | [Owner : Système | Parent : 832(services.exe) | 7.29 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [24/02/2019 16:47:31] CPU Usage:0 % 5696 | [Owner : Système | Parent : 832(services.exe) | 5.98 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [24/02/2019 16:47:31] CPU Usage:0 % 6220 | [Owner : SERVICE LOCAL | Parent : 832(services.exe) | 16.95 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [24/02/2019 16:47:31] CPU Usage:0 % 6276 | [Owner : Système | Parent : 832(services.exe) | 8.17 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [24/02/2019 16:47:31] CPU Usage:0 % 6356 | [Owner : Système | Parent : 832(services.exe) | 12.33 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [24/02/2019 16:47:31] CPU Usage:0 % 6756 | [Owner : Système | Parent : 832(services.exe) | 11.22 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [24/02/2019 16:47:31] CPU Usage:0 % 4900 | [Owner : SERVICE LOCAL | Parent : 832(services.exe) | 18.17 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [24/02/2019 16:47:31] CPU Usage:0 % 4916 | [Owner : Système | Parent : 832(services.exe) | 33.28 Mo] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.17134.677) = C:\Windows\System32\SearchIndexer.exe [10/04/2019 17:53:48] CPU Usage:0 % 4924 | [Owner : SERVICE LOCAL | Parent : 832(services.exe) | 6.85 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [24/02/2019 16:47:31] CPU Usage:0 % 8304 | [Owner : Système | Parent : 6124() | 0.82 Mo] - (.Google LLC - Google Crash Handler.) - (1.3.34.11) = C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe [16/05/2019 08:24:16] CPU Usage:0 % 8388 | [Owner : Système | Parent : 832(services.exe) | 12.25 Mo] - (.Microsoft Corporation - sedsvc.) - (10.0.17134.10066) = C:\Program Files\rempl\sedsvc.exe [11/06/2019 11:37:42] CPU Usage:0 % 8408 | [Owner : Système | Parent : 6092() | 0.65 Mo] - (.AVAST Software - Avast Browser Update.) - (1.4.136.333) = C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler.exe [04/04/2018 10:03:47] CPU Usage:0 % 8536 | [Owner : Système | Parent : 6124() | 0.54 Mo] - (.Google LLC - Google Crash Handler.) - (1.3.34.11) = C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe [16/05/2019 08:24:16] CPU Usage:0 % 8876 | [Owner : Système | Parent : 6092() | 0.54 Mo] - (.AVAST Software - Avast Browser Update.) - (1.4.136.333) = C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler64.exe [04/04/2018 10:03:47] CPU Usage:0 % 6940 | [Owner : Système | Parent : 832(services.exe) | 14.92 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [24/02/2019 16:47:31] CPU Usage:0 % 8004 | [Owner : Système | Parent : 832(services.exe) | ?????] - (.Microsoft Corporation - Service Broker du moniteur d'exécution System Guard.) - (10.0.17134.1) = C:\Windows\System32\SgrmBroker.exe [12/04/2018 01:34:04] CPU Usage:0 % 7980 | [Owner : Système | Parent : 832(services.exe) | 45.28 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [24/02/2019 16:47:31] CPU Usage:0 % 8676 | [Owner : SERVICE RÉSEAU | Parent : 832(services.exe) | 15.34 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [24/02/2019 16:47:31] CPU Usage:0 % 9304 | [Owner : SERVICE RÉSEAU | Parent : 832(services.exe) | 7.82 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [24/02/2019 16:47:31] CPU Usage:0 % 1084 | [Owner : Système | Parent : 832(services.exe) | 7.47 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [24/02/2019 16:47:31] CPU Usage:0 % 9392 | [Owner : SERVICE LOCAL | Parent : 832(services.exe) | 9.65 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [24/02/2019 16:47:31] CPU Usage:0 % 8356 | [Owner : Système | Parent : 832(services.exe) | 9.67 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [24/02/2019 16:47:31] CPU Usage:0 % 2680 | [Owner : SERVICE LOCAL | Parent : 832(services.exe) | 8.24 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [24/02/2019 16:47:31] CPU Usage:0 % 8380 | [Owner : Système | Parent : 832(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [24/02/2019 16:47:31] CPU Usage:0 % 9200 | [Owner : Système | Parent : 832(services.exe) | 8.93 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [24/02/2019 16:47:31] CPU Usage:0 % 2328 | [Owner : Système | Parent : 832(services.exe) | 5.83 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [24/02/2019 16:47:31] CPU Usage:0 % 11076 | [Owner : Système | Parent : 6860() | ?????] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (10.0.17134.1) = C:\Windows\System32\csrss.exe [12/04/2018 01:34:22] CPU Usage:0 % 10832 | [Owner : Système | Parent : 6860() | 8.18 Mo] - (.Microsoft Corporation - Application d’ouverture de session Windows.) - (10.0.17134.319) = C:\Windows\System32\winlogon.exe [18/10/2018 15:29:56] CPU Usage:0 % 12004 | [Owner : UMFD-3 | Parent : 10832(winlogon.exe) | 6.36 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.17134.765) = C:\Windows\System32\fontdrvhost.exe [18/05/2019 21:46:43] CPU Usage:0 % 6336 | [Owner : DWM-3 | Parent : 10832(winlogon.exe) | 45.58 Mo] - (.Microsoft Corporation - Gestionnaire de fenêtres du Bureau.) - (10.0.17134.1) = C:\Windows\System32\dwm.exe [12/04/2018 01:34:19] CPU Usage:0 % 12084 | [Owner : Système | Parent : 832(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [24/02/2019 16:47:31] CPU Usage:0 % 11304 | [Owner : Système | Parent : 1716(NVDisplay.Container.exe) | 21.37 Mo] - (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) - (8.17.13.7719) = C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe [22/06/2017 15:21:19] CPU Usage:0 % 2000 | [Owner : Personnel | Parent : 832(services.exe) | 15.78 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [24/02/2019 16:47:31] CPU Usage:0 % 10148 | [Owner : Personnel | Parent : 1484(svchost.exe) | 23.72 Mo] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.17134.1) = C:\Windows\System32\sihost.exe [12/04/2018 01:34:12] CPU Usage:0 % 3576 | [Owner : Personnel | Parent : 832(services.exe) | 29.48 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [24/02/2019 16:47:31] CPU Usage:0 % 5264 | [Owner : Personnel | Parent : 1304(svchost.exe) | 3.38 Mo] - (.AVAST Software - Avast Driver Updater.) - (2.5.6.0) = C:\Program Files (x86)\Avast Driver Updater\Avast Driver Updater.exe [10/04/2019 14:01:20] CPU Usage:0 % 4832 | [Owner : Personnel | Parent : 1304(svchost.exe) | 14.13 Mo] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.17134.619) = C:\Windows\System32\taskhostw.exe [13/03/2019 17:45:45] CPU Usage:0 % 9632 | [Owner : Personnel | Parent : 3992(ETDService.exe) | 16.83 Mo] - (.ELAN Microelectronics Corp. - ETD Control Center.) - (11.66.8.7) = C:\Program Files\Elantech\ETDCtrl.exe [25/09/2015 19:58:06] CPU Usage:0 % 7556 | [Owner : Personnel | Parent : 2844() | 99.94 Mo] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.17134.677) = C:\Windows\explorer.exe [10/04/2019 17:53:51] CPU Usage:0 % 8856 | [Owner : Personnel | Parent : 4296() | 10.92 Mo] - (.Intel Corporation - igfxEM Module.) - (6.15.10.5070) = C:\Windows\System32\igfxEM.exe [02/12/2016 07:31:44] CPU Usage:0 % 8108 | [Owner : Personnel | Parent : 4296() | 8.22 Mo] - (.Intel Corporation - igfxHK Module.) - (6.15.10.5070) = C:\Windows\System32\igfxHK.exe [02/12/2016 07:32:02] CPU Usage:0 % 6608 | [Owner : Personnel | Parent : 4296() | 10.43 Mo] - (.-.) - (0.0.0.0) = C:\Windows\System32\igfxTray.exe [02/12/2016 07:32:42] CPU Usage:0 % 11524 | [Owner : Personnel | Parent : 9632(ETDCtrl.exe) | 7.5 Mo] - (.ELAN Microelectronics Corp. - ETD Control Center Helper.) - (11.23.8.1) = C:\Program Files\Elantech\ETDCtrlHelper.exe [25/09/2015 19:58:06] CPU Usage:0 % 11580 | [Owner : Personnel | Parent : 68(svchost.exe) | 55.84 Mo] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.17134.753) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [18/05/2019 21:47:04] CPU Usage:0 % 7652 | [Owner : Personnel | Parent : 68(svchost.exe) | 68.03 Mo] - (.Microsoft Corporation - Search and Cortana application.) - (10.0.17134.829) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [12/06/2019 16:23:32] CPU Usage:0 % 7548 | [Owner : Personnel | Parent : 68(svchost.exe) | 26.37 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.17134.1) = C:\Windows\System32\RuntimeBroker.exe [12/04/2018 01:34:06] CPU Usage:0 % 10472 | [Owner : Personnel | Parent : 68(svchost.exe) | 14.55 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.17134.1) = C:\Windows\System32\RuntimeBroker.exe [12/04/2018 01:34:06] CPU Usage:0 % 6432 | [Owner : Personnel | Parent : 68(svchost.exe) | 43.22 Mo] - (.Microsoft Corporation - LockApp.exe.) - (10.0.17134.1) = C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe [12/04/2018 01:34:28] CPU Usage:0 % 5732 | [Owner : Personnel | Parent : 68(svchost.exe) | 17.72 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.17134.1) = C:\Windows\System32\RuntimeBroker.exe [12/04/2018 01:34:06] CPU Usage:0 % 7944 | [Owner : Personnel | Parent : 68(svchost.exe) | 26.96 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.17134.1) = C:\Windows\System32\RuntimeBroker.exe [12/04/2018 01:34:06] CPU Usage:0 % 2796 | [Owner : Personnel | Parent : 5228(svchost.exe) | 13.45 Mo] - (.Microsoft Corporation - Chargeur CTF.) - (10.0.17134.1) = C:\Windows\System32\ctfmon.exe [12/04/2018 01:34:37] CPU Usage:0 % 11468 | [Owner : Personnel | Parent : 68(svchost.exe) | 32.65 Mo] - (.-.) - (10.19031.1141.0) = C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.11411.0_x64__8wekyb3d8bbwe\Video.UI.exe [04/04/2019 16:27:05] CPU Usage:0 % 8364 | [Owner : Personnel | Parent : 68(svchost.exe) | 10.51 Mo] - (.-.) - (8.48.0.51) = C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.48.51.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe [01/07/2019 15:55:42] CPU Usage:0 % 4996 | [Owner : Personnel | Parent : 7556(explorer.exe) | 15.16 Mo] - (.Microsoft Corporation - Windows Defender notification icon.) - (4.13.17134.1) = C:\Program Files\Windows Defender\MSASCuiL.exe [12/04/2018 01:33:58] CPU Usage:0 % 12136 | [Owner : Personnel | Parent : 7556(explorer.exe) | 7.59 Mo] - (.Conexant Systems, Inc. - Conexant High Definition Audio Filter Agent.) - (1.7.95.0) = C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe [22/06/2017 15:22:24] CPU Usage:0 % 12092 | [Owner : Personnel | Parent : 9148() | 38.66 Mo] - (.AVAST Software - Avast Antivirus.) - (19.5.4444.0) = C:\Program Files\AVAST Software\Avast\AvastUI.exe [16/06/2019 16:53:29] CPU Usage:0 % 6544 | [Owner : SERVICE RÉSEAU | Parent : 68(svchost.exe) | 17.73 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.17134.1) = C:\Windows\System32\wbem\WmiPrvSE.exe [12/04/2018 01:34:40] CPU Usage:0 % 2940 | [Owner : Personnel | Parent : 3184() | 6.78 Mo] - (.Oracle Corporation - Java Update Scheduler.) - (2.8.201.9) = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [16/12/2018 03:05:40] CPU Usage:0 % 5860 | [Owner : Personnel | Parent : 68(svchost.exe) | 6.72 Mo] - (.Microsoft Corporation - Sink to receive asynchronous callbacks for WMI client application.) - (10.0.17134.1) = C:\Windows\System32\wbem\unsecapp.exe [12/04/2018 01:34:40] CPU Usage:0 % 3760 | [Owner : Personnel | Parent : 68(svchost.exe) | 7.55 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.17134.1) = C:\Windows\System32\RuntimeBroker.exe [12/04/2018 01:34:06] CPU Usage:0 % 11100 | [Owner : Personnel | Parent : 832(services.exe) | 21.58 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [24/02/2019 16:47:31] CPU Usage:0 % 4356 | [Owner : Système | Parent : 68(svchost.exe) | 20.38 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.17134.1) = C:\Windows\System32\wbem\WmiPrvSE.exe [12/04/2018 01:34:40] CPU Usage:0 % 7592 | [Owner : SERVICE LOCAL | Parent : 832(services.exe) | 5.39 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [24/02/2019 16:47:31] CPU Usage:0 % 1276 | [Owner : Système | Parent : 1304(svchost.exe) | 0.18 Mo] - (.Microsoft Corporation - Microsoft Compatibility Telemetry.) - (10.0.17763.1016) = C:\Windows\System32\CompatTelRunner.exe [13/03/2019 17:45:58] CPU Usage:0 % 9116 | [Owner : Système | Parent : 1304(svchost.exe) | 0.48 Mo] - (.AVAST Software - Avast Secure Browser.) - (75.0.1447.80) = C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [04/04/2018 10:05:45] CPU Usage:0 % 7604 | [Owner : Système | Parent : 1276(CompatTelRunner.exe) | 0.44 Mo] - (.Microsoft Corporation - Hôte de la fenêtre de la console.) - (10.0.17134.1) = C:\Windows\System32\conhost.exe [12/04/2018 01:34:20] CPU Usage:0 % 7084 | [Owner : Personnel | Parent : 68(svchost.exe) | 29.52 Mo] - (.Microsoft Corporation - SkypeApp.) - (8.48.0.51) = C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.48.51.0_x64__kzf8qxf38zg5c\SkypeApp.exe [01/07/2019 15:55:42] CPU Usage:0 % 9188 | [Owner : Système | Parent : 1276(CompatTelRunner.exe) | 13.26 Mo] - (.Microsoft Corporation - Microsoft Compatibility Telemetry.) - (10.0.17763.1016) = C:\Windows\System32\CompatTelRunner.exe [13/03/2019 17:45:58] CPU Usage:0 % 11764 | [Owner : Personnel | Parent : 68(svchost.exe) | 10.74 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.17134.1) = C:\Windows\System32\RuntimeBroker.exe [12/04/2018 01:34:06] CPU Usage:0 % 6008 | [Owner : Personnel | Parent : 9116(AvastBrowser.exe) | 11.56 Mo] - (.AVAST Software - Avast Secure Browser.) - (75.0.1447.80) = C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [04/04/2018 10:05:45] CPU Usage:0 % 4188 | [Owner : Personnel | Parent : 6008(AvastBrowser.exe) | 0.61 Mo] - (.AVAST Software - Avast Secure Browser.) - (75.0.1447.80) = C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [04/04/2018 10:05:45] CPU Usage:0 % 5444 | [Owner : Personnel | Parent : 7556(explorer.exe) | 140.1 Mo] - (.Google LLC - Google Chrome.) - (75.0.3770.100) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [23/06/2017 18:07:49] CPU Usage:0 % 2416 | [Owner : Personnel | Parent : 5444(chrome.exe) | 7.1 Mo] - (.Google LLC - Google Chrome.) - (75.0.3770.100) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [23/06/2017 18:07:49] CPU Usage:0 % 1936 | [Owner : Personnel | Parent : 5444(chrome.exe) | 7.86 Mo] - (.Google LLC - Google Chrome.) - (75.0.3770.100) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [23/06/2017 18:07:49] CPU Usage:0 % 8028 | [Owner : Personnel | Parent : 5444(chrome.exe) | 174.59 Mo] - (.Google LLC - Google Chrome.) - (75.0.3770.100) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [23/06/2017 18:07:49] CPU Usage:0 % 4260 | [Owner : Personnel | Parent : 5444(chrome.exe) | 37.44 Mo] - (.Google LLC - Google Chrome.) - (75.0.3770.100) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [23/06/2017 18:07:49] CPU Usage:0 % 9636 | [Owner : Personnel | Parent : 5444(chrome.exe) | 144.28 Mo] - (.Google LLC - Google Chrome.) - (75.0.3770.100) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [23/06/2017 18:07:49] CPU Usage:0 % 11412 | [Owner : Personnel | Parent : 5444(chrome.exe) | 183.82 Mo] - (.Google LLC - Google Chrome.) - (75.0.3770.100) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [23/06/2017 18:07:49] CPU Usage:0 % 8988 | [Owner : Personnel | Parent : 5444(chrome.exe) | 49.71 Mo] - (.Google LLC - Google Chrome.) - (75.0.3770.100) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [23/06/2017 18:07:49] CPU Usage:0 % 11692 | [Owner : Personnel | Parent : 5444(chrome.exe) | 6.11 Mo] - (.Apache Software Foundation - OpenOffice Writer.) - (4.0.9783.500) = C:\Program Files (x86)\OpenOffice 4\program\swriter.exe [29/09/2016 14:05:28] CPU Usage:0 % 2956 | [Owner : Personnel | Parent : 11692(swriter.exe) | 7.52 Mo] - (.Apache Software Foundation - OpenOffice 4.1.3.) - (4.0.9783.500) = C:\Program Files (x86)\OpenOffice 4\program\soffice.exe [29/09/2016 14:05:24] CPU Usage:0 % 11600 | [Owner : Personnel | Parent : 2956(soffice.exe) | 93.34 Mo] - (.Apache Software Foundation - OpenOffice 4.1.3.) - (4.0.9783.500) = C:\Program Files (x86)\OpenOffice 4\program\soffice.bin [29/09/2016 14:05:24] CPU Usage:0 % 11796 | [Owner : Personnel | Parent : 6008(AvastBrowser.exe) | 0.4 Mo] - (.AVAST Software - Avast Secure Browser.) - (75.0.1447.80) = C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [04/04/2018 10:05:45] CPU Usage:0 % 1920 | [Owner : Personnel | Parent : 11600(soffice.bin) | 12.02 Mo] - (.Microsoft Corporation - Print driver host for applications.) - (10.0.17134.1) = C:\Windows\splwow64.exe [12/04/2018 01:34:41] CPU Usage:0 % 7148 | [Owner : Système | Parent : 7980(svchost.exe) | 21.46 Mo] - (.Microsoft Corporation - Windows Update.) - (10.0.17134.1) = C:\Windows\System32\wuauclt.exe [12/04/2018 01:34:10] CPU Usage:0 % 5972 | [Owner : Personnel | Parent : 6008(AvastBrowser.exe) | 5.29 Mo] - (.AVAST Software - Avast Secure Browser.) - (75.0.1447.80) = C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [04/04/2018 10:05:45] CPU Usage:0 % 7496 | [Owner : Personnel | Parent : 6008(AvastBrowser.exe) | 3.64 Mo] - (.AVAST Software - Avast Secure Browser.) - (75.0.1447.80) = C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [04/04/2018 10:05:45] CPU Usage:0 % 1340 | [Owner : Système | Parent : 832(services.exe) | 7.28 Mo] - (.Microsoft Corporation - Programme d’installation pour les modules Windows.) - (10.0.17134.1) = C:\Windows\servicing\TrustedInstaller.exe [11/04/2018 23:04:35] CPU Usage:0 % 6264 | [Owner : Système | Parent : 68(svchost.exe) | 143.89 Mo] - (.Microsoft Corporation - Windows Modules Installer Worker.) - (10.0.17134.464) = C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17134.760_none_eaef1a361d71e348\TiWorker.exe [13/12/2018 12:31:14] CPU Usage:0 % 6200 | [Owner : Système | Parent : 1304(svchost.exe) | 0.44 Mo] - (.AVAST Software - Avast Secure Browser.) - (75.0.1447.80) = C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [04/04/2018 10:05:45] CPU Usage:0 % 3868 | [Owner : Personnel | Parent : 5444(chrome.exe) | 164.63 Mo] - (.Google LLC - Google Chrome.) - (75.0.3770.100) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [23/06/2017 18:07:49] CPU Usage:0 % 1336 | [Owner : Personnel | Parent : 6200(AvastBrowser.exe) | 2.61 Mo] - (.AVAST Software - Avast Secure Browser.) - (75.0.1447.80) = C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [04/04/2018 10:05:45] CPU Usage:0 % 2312 | [Owner : Personnel | Parent : 5444(chrome.exe) | 26.92 Mo] - (.Google LLC - Google Chrome.) - (75.0.3770.100) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [23/06/2017 18:07:49] CPU Usage:0 % 2936 | [Owner : Personnel | Parent : 1336(AvastBrowser.exe) | 1.08 Mo] - (.AVAST Software - Avast Secure Browser.) - (75.0.1447.80) = C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [04/04/2018 10:05:45] CPU Usage:0 % 9236 | [Owner : Personnel | Parent : 5444(chrome.exe) | 53.61 Mo] - (.Google LLC - Google Chrome.) - (75.0.3770.100) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [23/06/2017 18:07:49] CPU Usage:0 % 10716 | [Owner : Personnel | Parent : 5444(chrome.exe) | 133.6 Mo] - (.Google LLC - Google Chrome.) - (75.0.3770.100) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [23/06/2017 18:07:49] CPU Usage:6 % 8152 | [Owner : Personnel | Parent : 5444(chrome.exe) | 65.76 Mo] - (.Google LLC - Google Chrome.) - (75.0.3770.100) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [23/06/2017 18:07:49] CPU Usage:0 % 3372 | [Owner : Personnel | Parent : 5444(chrome.exe) | 47.64 Mo] - (.Google LLC - Google Chrome.) - (75.0.3770.100) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [23/06/2017 18:07:49] CPU Usage:0 % 3884 | [Owner : Personnel | Parent : 5444(chrome.exe) | 45.16 Mo] - (.Google LLC - Google Chrome.) - (75.0.3770.100) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [23/06/2017 18:07:49] CPU Usage:0 % 8220 | [Owner : Personnel | Parent : 5444(chrome.exe) | 50.44 Mo] - (.Google LLC - Google Chrome.) - (75.0.3770.100) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [23/06/2017 18:07:49] CPU Usage:0 % 11368 | [Owner : Personnel | Parent : 5444(chrome.exe) | 52.19 Mo] - (.Google LLC - Google Chrome.) - (75.0.3770.100) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [23/06/2017 18:07:49] CPU Usage:0 % 3664 | [Owner : Personnel | Parent : 68(svchost.exe) | 21.97 Mo] - (.Microsoft Corporation - Application Frame Host.) - (10.0.17134.1) = C:\Windows\System32\ApplicationFrameHost.exe [12/04/2018 01:34:18] CPU Usage:0 % 10748 | [Owner : Personnel | Parent : 68(svchost.exe) | 9.36 Mo] - (.Microsoft Corporation - COM Surrogate.) - (10.0.17134.1) = C:\Windows\System32\dllhost.exe [12/04/2018 01:34:22] CPU Usage:0 % 4112 | [Owner : Système | Parent : 832(services.exe) | 6.82 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [24/02/2019 16:47:31] CPU Usage:0 % 9408 | [Owner : Personnel | Parent : 68(svchost.exe) | 27.26 Mo] - (.Microsoft Corporation - Windows Defender SmartScreen.) - (10.0.17134.677) = C:\Windows\System32\smartscreen.exe [10/04/2019 17:53:57] CPU Usage:0 % 7076 | [Owner : SERVICE LOCAL | Parent : 832(services.exe) | 6.96 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [24/02/2019 16:47:31] CPU Usage:0 % 12152 | [Owner : Système | Parent : 1304(svchost.exe) | 7.53 Mo] - (.Google Inc. - Programme d'installation de Google.) - (1.3.33.5) = C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [23/06/2017 18:05:29] CPU Usage:0 % 11056 | [Owner : Personnel | Parent : 5444(chrome.exe) | 61.86 Mo] - (.SosVirus - QuickDiag.) - (27.2.19.1) = C:\Users\Personnel\Downloads\QuickDiag.exe [17/07/2019 12:24:56] CPU Usage:0 % 8732 | [Owner : SERVICE RÉSEAU | Parent : 68(svchost.exe) | 9.9 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.17134.1) = C:\Windows\SysWOW64\wbem\WmiPrvSE.exe [12/04/2018 01:34:55] CPU Usage:0 % 1260 | [Owner : Personnel | Parent : 1336(AvastBrowser.exe) | 7.85 Mo] - (.AVAST Software - Avast Secure Browser.) - (75.0.1447.80) = C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [04/04/2018 10:05:45] CPU Usage:0 % ---------- | Locked Applications [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{f9e93b39-49d1-4179-9848-a5a2896955ea}] - () - (%systemroot%\system32\mrt.exe) ---------- | Explorer.exe Modules (Microsoft Files Whitelisted) (.AVAST Software.-.Hook Library.) - (19.5.4444.0) -- C:\Program Files\AVAST Software\Avast\aswhook.dll (..-..) - (0.0.0.0) -- C:\Windows\System32\InputHost.dll (.Intel Corporation.-.User Mode Driver for Intel(R) Graphics Technology.) - (20.19.15.5070) -- C:\WINDOWS\SYSTEM32\igd10iumd64.dll (.Intel Corporation.-.Unified Shader Compiler for Intel(R) Graphics Accelerator.) - (20.19.15.5070) -- C:\WINDOWS\SYSTEM32\igdusc64.dll (.AVAST Software.-.Avast Shell Extension.) - (19.5.4444.0) -- C:\Program Files\AVAST Software\Avast\ashShell.dll (..-..) - (0.0.0.0) -- C:\Windows\ShellExperiences\TileControl.dll (..-..) - (0.0.0.0) -- C:\Windows\ShellComponents\TaskFlowUI.dll (.NVIDIA Corporation.-.NVIDIA Shell Extensions.) - (8.17.13.7719) -- C:\WINDOWS\system32\nv3dappshext.dll (.NVIDIA Corporation.-.NVIDIA NVAPI Library, Version 377.19.) - (21.21.13.7719) -- C:\WINDOWS\system32\nvapi64.dll (.NVIDIA Corporation.-.NVIDIA French language resource library.) - (8.17.13.7719) -- C:\WINDOWS\SYSTEM32\Nv3DAppShExtR.dll ---------- | Winlogon.exe Modules (Microsoft Files Whitelisted) (.AVAST Software.-.Hook Library.) - (19.5.4444.0) -- C:\Program Files\AVAST Software\Avast\aswhook.dll ---------- | svchost.exe Modules (Microsoft Files Whitelisted) (.Apple Inc..-.Bonjour Namespace Provider.) - (3.1.0.1) -- C:\Program Files\Bonjour\mdnsNSP.dll (.SQLite Development Team.-.SQLite is a software library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine..) - (3.21.0.0) -- c:\windows\system32\winsqlite3.dll (.AVAST Software.-.Hook Library.) - (19.5.4444.0) -- C:\Program Files\AVAST Software\Avast\aswhook.dll (..-..) - (0.0.0.0) -- C:\Windows\System32\InputHost.dll ---------- | ZeroAccess Check [HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll [HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll [HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll ---------- | Startings up OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-19\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE LOCAL OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-20\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE RÉSEAU OneDrive - ("C:\Users\Personnel\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background [HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\SOFTWARE\...\Run]) - User: DESKTOP-BVRDNI1\Personnel CCleaner Smart Cleaning - ("C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR [HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\SOFTWARE\...\Run]) - User: DESKTOP-BVRDNI1\Personnel simplicheck - (C:\PROGRA~2\SIMPLI~1\SIMPLI~1\SIMPLI~1.EXE -timer [Common Startup]) - User: Public SecurityHealth - (%ProgramFiles%\Windows Defender\MSASCuiL.exe [HKLM\SOFTWARE\...\Run]) - User: Public ETDCtrl - (%ProgramFiles%\Elantech\ETDCtrl.exe [HKLM\SOFTWARE\...\Run]) - User: Public cAudioFilterAgent - (C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [HKLM\SOFTWARE\...\Run]) - User: Public AvastUI.exe - ("C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui [HKLM\SOFTWARE\...\Run]) - User: Public SmartAudio - ("C:\Program Files\CONEXANT\SAII\SACpl.exe" /t [HKLM\SOFTWARE\...\Run]) - User: Public iTunesHelper - ("C:\Program Files\iTunes\iTunesHelper.exe" [HKLM\SOFTWARE\...\Run]) - User: Public [HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\Microsoft\Command Processor] "CompletionChar"=9 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=9 [HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\Microsoft\Windows\CurrentVersion\Run] "OneDrive"="C:\Users\Personnel\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background "CCleaner Smart Cleaning"="C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR [HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run] "OneDrive"=0x03000000BD74F86FC46BD401 "CCleaner Monitoring"=0x020000000000000000000000 "AvastBrowserAutoLaunch_EED673341E9972012CEF778528558ED8"=0x020000000000000000000000 "CCleaner Smart Cleaning"=0x0100000042EF80A4C46BD401 [HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RunMRU] "a"=regedit\1 "MRUList"=a [HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "Device"=HP ENVY 5640 series,winspool,Ne03: "IsMRUEstablished"=1 "LegacyDefaultPrinterMode"=1 [HKLM\Software\Microsoft\Command Processor] "DefaultColor"=0 "EnableExtensions"=1 "CompletionChar"=64 "PathCompletionChar"=64 [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "SecurityHealth"=%ProgramFiles%\Windows Defender\MSASCuiL.exe "ETDCtrl"=%ProgramFiles%\Elantech\ETDCtrl.exe "cAudioFilterAgent"=C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [22/06/2017 15:22:24] "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui "SmartAudio"="C:\Program Files\CONEXANT\SAII\SACpl.exe" /t "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run] "SecurityHealth"=0x040000000000000000000000 "ETDCtrl"=0x040000000000000000000000 "cAudioFilterAgent"=0x040000000000000000000000 "AvastUI.exe"=0x040000000000000000000000 "iTunesHelper"=0x050000009F6F697AC46BD401 "SmartAudio"=0x040000000000000000000000 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32] "SunJavaUpdateSched"=0x040000000000000000000000 "Dropbox"=0x040000000000000000000000 "AvastUI.exe"=0x020000000000000000000000 [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] ""=mnmsrvc "AppInit_DLLs"= "DdeSendTimeout"=0 "DesktopHeapLogging"=1 "DeviceNotSelectedTimeout"=15 "DwmInputUsesIoCompletionPort"=1 "EnableDwmInputProcessing"=7 "GDIProcessHandleQuota"=10000 "IconServiceLib"=IconCodecService.dll "LoadAppInit_DLLs"=0 "NaturalInputHandler"=Ninput.dll "ShutdownWarningDialogTimeout"=4294967295 "Spooler"=yes "ThreadUnresponsiveLogTimeout"=500 "TransmissionRetryTimeout"=90 "USERNestedWindowLimit"=50 "USERPostMessageLimit"=10000 "USERProcessHandleQuota"=10000 "Win32kLastWriteTime"=1D3D1ED98C0F7D8 [HKLM\Software\WOW6432Node\Microsoft\Command Processor] "CompletionChar"=9 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=9 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows] ""=mnmsrvc "AppInit_DLLs"= "DdeSendTimeout"=0 "DesktopHeapLogging"=1 "DeviceNotSelectedTimeout"=15 "DwmInputUsesIoCompletionPort"=1 "EnableDwmInputProcessing"=7 "GDIProcessHandleQuota"=10000 "IconServiceLib"=IconCodecService.dll "LoadAppInit_DLLs"=0 "NaturalInputHandler"=Ninput.dll "ShutdownWarningDialogTimeout"=4294967295 "Spooler"=yes "ThreadUnresponsiveLogTimeout"=500 "TransmissionRetryTimeout"=90 "USERNestedWindowLimit"=50 "USERPostMessageLimit"=10000 "USERProcessHandleQuota"=10000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED} ---------- | Win.ini : ---------- | System.ini : ---------- | Tasks List Adobe Acrobat Update Task Avast Driver Updater Startup Avast Emergency Update Avast Secure Browser Heartbeat Task (Hourly) Avast Secure Browser Heartbeat Task (Logon) AvastUpdateTaskMachineCore AvastUpdateTaskMachineUA CCleaner Update CCleanerSkipUAC GoogleUpdateTaskMachineCore GoogleUpdateTaskMachineUA OneDrive Standalone Update Task-S-1-5-21-3016070864-3641507875-3210199050-1001 User_Feed_Synchronization-{7A6061FF-1AA6-42F5-AA14-17A22E3B6D48} ---------- | Startings up registry ¦ Folder ---------- | Control - lsa - SecurityProviders - Session Manager - Terminal Server [HKLM\System\CurrentControlSet\Control] "BootDriverFlags"=28 "CurrentUser"=USERNAME "EarlyStartServices"=RpcSs Power BrokerInfrastructure SystemEventsBroker DcomLaunch RpcEpMapper LSM AppIdSvc "PreshutdownOrder"=UsoSvc DeviceInstall gpsvc trustedinstaller "SvcHostSplitThresholdInKB"=3670016 "WaitToKillServiceTimeout"=2000 "SystemStartOptions"= NOEXECUTE=OPTIN "SystemBootDevice"=multi(0)disk(0)rdisk(0)partition(2) "FirmwareBootDevice"=multi(0)disk(0)rdisk(0)partition(1) "LastBootSucceeded"=1 "LastBootShutdown"=1 "DirtyShutdownCount"=2 [HKLM\System\CurrentControlSet\Control\lsa] "auditbasedirectories"=0 "auditbaseobjects"=0 "Bounds"=0x0030000000200000 "crashonauditfail"=0 "fullprivilegeauditing"=0x00 "LimitBlankPasswordUse"=1 "NoLmHash"=1 "Security Packages"="" [22/06/2017 12:32:27] "Notification Packages"=scecli "Authentication Packages"=msv1_0 "disabledomaincreds"=0 "everyoneincludesanonymous"=0 "forceguest"=0 "LsaPid"=848 "ProductType"=3 "restrictanonymous"=0 "restrictanonymoussam"=1 "SecureBoot"=1 [HKLM\System\CurrentControlSet\Control\SecurityProviders] "SecurityProviders"=credssp.dll [HKLM\System\CurrentControlSet\Control\Session Manager] "AutoChkTimeout"=8 "BootExecute"=autocheck autochk * "BootShell"=%SystemRoot%\system32\bootim.exe "CriticalSectionTimeout"=2592000 "ExcludeFromKnownDlls"= "GlobalFlag"=0 "HeapDeCommitFreeBlockThreshold"=0 "HeapDeCommitTotalFreeThreshold"=0 "HeapSegmentCommit"=0 "HeapSegmentReserve"=0 "InitConsoleFlags"=0 "NumberOfInitialSessions"=2 "ObjectDirectories"=\Windows \RPC Control "ProcessorControl"=2 "ProtectionMode"=1 "RunLevelExecute"=WinInit ServiceControlManager "RunLevelValidate"=ServiceControlManager "AutoChkSkipSystemPartition"=0 "ResourceTimeoutCount"=648000 [HKLM\System\CurrentControlSet\Control\Terminal Server] "AllowRemoteRPC"=0 "DelayConMgrTimeout"=0 "DeleteTempDirsOnExit"=1 "fDenyTSConnections"=1 "fSingleSessionPerUser"=1 "NotificationTimeOut"=0 "PerSessionTempDir"=0 "ProductVersion"=5.1 "RCDependentServices"=CertPropSvc SessionEnv "SnapshotMonitors"=1 "StartRCM"=0 "TSUserEnabled"=0 "InstanceID"=2346bad0-bff4-4a8b-8fec-bc27ffe "GlassSessionId"=3 ---------- | .LNK with Arguments ---------- | AppCertDlls ---------- | Dnsapi.dll C:\WINDOWS\System32\dnsapi.dll -> OK : \drivers\etc\hosts C:\WINDOWS\SysWOW64\dnsapi.dll -> OK : \drivers\etc\hosts ---------- | Policies | Registry [HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Control Panel\Desktop] "ActiveWndTrackTimeout"=0 "BlockSendInputResets"=0 "CaretTimeout"=5000 "CaretWidth"=1 "ClickLockTime"=1200 "CoolSwitchColumns"=7 "CoolSwitchRows"=3 "CursorBlinkRate"=530 "DockMoving"=1 "DragFromMaximize"=1 "DragFullWindows"=1 "DragHeight"=4 "DragWidth"=4 "FocusBorderHeight"=1 "FocusBorderWidth"=1 "FontSmoothing"=2 "FontSmoothingGamma"=0 "FontSmoothingOrientation"=1 "FontSmoothingType"=2 "ForegroundFlashCount"=7 "ForegroundLockTimeout"=200000 "LeftOverlapChars"=3 "MenuShowDelay"=400 "MouseWheelRouting"=2 "PaintDesktopVersion"=0 "Pattern"=0 "RightOverlapChars"=3 "ScreenSaveActive"=1 "SnapSizing"=1 "TileWallpaper"=0 "WallPaper"=C:\Users\Personnel\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{f67c2083-ac93-4b3e-a3bc-8a4641586703}.JPG [19/08/2017 10:14:53] "WallpaperOriginX"=0 "WallpaperOriginY"=0 "WallpaperStyle"=10 "WheelScrollChars"=3 "WheelScrollLines"=3 "WindowArrangementActive"=1 "Win8DpiScaling"=0 "DpiScalingVer"=4096 "UserPreferencesMask"=0x9E1E078012000000 "MaxVirtualDesktopDimension"=3840 "MaxMonitorDimension"=3840 "TranscodedImageCount"=1 "LastUpdated"=4294967295 "TranscodedImageCache"=0x7AC30100B02E0D0000090000C006000000E22FE423EACC0143003A005C00550073006500720073005C0050006500720073006F006E006E0065006C005C0041007000700044006100740061005C004C006F00630061006C005C005000610063006B0061006700650073005C004D006900630072006F0073006F00660074002E00570069006E0064006F00770073002E00500068006F0074006F0073005F003800770065006B007900620033006400380062006200770065005C004C006F00630061006C00530074006100740065005C00500068006F0074006F0073004100700070004200610063006B00670072006F0075006E0064005C007B00660036003700630032003000380033002D0061006300390033002D0034006200330065002D0061003300620063002D003800610034003600340031003500380036003700300033007D002E004A0050004700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 "Pattern Upgrade"=TRUE "AutoColorization"=1 "ImageColor"=2939909043 "WaitToKillAppTimeout"=2000 "HungAppTimeout"=2000 [HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=0 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=0 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=0 "{018D5C66-4533-4307-9B53-224DE2ED1FE6}"=1 [HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=0 [HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\Microsoft\Windows\CurrentVersion\Explorer] "EnableAutoTray"=1 "ShellState"=0x240000003428000000000000000000000000000001000000130000000000000062000000 "ExplorerStartupTraceRecorded"=1 "SlowContextMenuEntries"=0x5D54A9A2C2A0B4429708A0B2BADD77C8AC8D0600B083204722C5CF11876300608CC02F24A7F3000010901EF8A46ECE11A7FF00AA003CA9F6404600000114020000000000C0000000000000463A430200550F3DCB2CBC1A4C85ED23ED75B5106B8A0A0100 "UserSignedIn"=1 "SIDUpdatedOnLibraries"=1 "LocalKnownFoldersMigrated"=1 "TelemetrySalt"=0 "GlobalAssocChangedCounter"=1129 "FirstRunTelemetryComplete"=1 "AppReadinessLogonComplete"=1 "EdgeDesktopShortcutCreated"=1 "PostAppInstallTasksCompleted"=1 "Reason Setting"=255 [HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_SearchFiles"=2 "ServerAdminUI"=0 "Hidden"=2 "ShowCompColor"=1 "HideFileExt"=1 "DontPrettyPath"=0 "ShowInfoTip"=1 "HideIcons"=0 "MapNetDrvBtn"=0 "WebView"=1 "Filter"=0 "ShowSuperHidden"=0 "SeparateProcess"=0 "AutoCheckSelect"=0 "IconsOnly"=0 "ShowTypeOverlay"=1 "ShowStatusBar"=1 "StoreAppsOnTaskbar"=1 "ListviewAlphaSelect"=1 "ListviewShadow"=1 "TaskbarAnimations"=1 "StartMenuInit"=13 "TaskbarStateLastRun"=0x6671285D00000000 "ReindexedProfile"=1 "DisablePreviewDesktop"=0 "TaskbarGlomLevel"=2 [HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\WordWheelQuery] "MRUListEx"=0x00000000FFFFFFFF "0"=0x6D0061006700690078000000 [HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers] "authenticodeenabled"=0 "DefaultLevel"=262144 "TransparentEnabled"=1 "PolicyScope"=0 "ExecutableTypes"=ADE ADP BAS BAT CHM CMD COM CPL CRT EXE HLP HTA INF INS ISP LNK MDB MDE MSC MSI MSP MST OCX PCD PIF REG SCR SHS URL VB WSC [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorUser"=3 "DSCAutomationHostEnabled"=2 "EnableCursorSuppression"=1 "EnableFullTrustStartupTasks"=2 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableUwpStartupTasks"=2 "EnableVirtualization"=1 "SupportFullTrustStartupTasks"=1 "SupportUwpStartupTasks"=1 "ValidateAdminCodeSignatures"=0 "ConsentPromptBehaviorAdmin"=0 "PromptOnSecureDesktop"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "ForceActiveDesktopOn"=0 "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "NoRecentDocsHistory"=0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoAddingComponents"=1 "NoComponents"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "CheckedValue"=1 "DefaultValue"=2 "HKeyRoot"=2147483649 "Id"=2 "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "ValueName"=Hidden [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer] "ActiveSetupDisabled"=0 "ActiveSetupTaskOverride"=1 "AsyncRunOnce"=1 "AsyncUpdatePCSettings"=1 "DisableAppInstallsOnFirstLogon"=1 "DisableResolveStoreCategories"=1 "DisableUpgradeCleanup"=1 "EarlyAppResolverStart"=1 "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "FSIASleepTimeInMs"=60000 "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "IconUnderline"=2 "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "MachineOobeUpdates"=1 "NoWaitOnRoamingPayloads"=1 "TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd} "GlobalAssocChangedCounter"=2 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_TrackDocs"=1 "TaskbarSizeMove"=0 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s [HKLM\Software\WOW6432Node\Policies\Microsoft\Windows\Safer\CodeIdentifiers] "authenticodeenabled"=0 "DefaultLevel"=262144 "TransparentEnabled"=1 "PolicyScope"=0 "ExecutableTypes"=ADE ADP BAS BAT CHM CMD COM CPL CRT EXE HLP HTA INF INS ISP LNK MDB MDE MSC MSI MSP MST OCX PCD PIF REG SCR SHS URL VB WSC [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorUser"=3 "DSCAutomationHostEnabled"=2 "EnableCursorSuppression"=1 "EnableFullTrustStartupTasks"=2 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableUwpStartupTasks"=2 "EnableVirtualization"=1 "SupportFullTrustStartupTasks"=1 "SupportUwpStartupTasks"=1 "ValidateAdminCodeSignatures"=0 "ConsentPromptBehaviorAdmin"=0 "PromptOnSecureDesktop"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer] "ForceActiveDesktopOn"=0 "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "NoRecentDocsHistory"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoAddingComponents"=1 "NoComponents"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "CheckedValue"=1 "DefaultValue"=2 "HKeyRoot"=2147483649 "Id"=2 "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "ValueName"=Hidden [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer] "ActiveSetupDisabled"=0 "ActiveSetupTaskOverride"=1 "AsyncRunOnce"=1 "AsyncUpdatePCSettings"=1 "DisableAppInstallsOnFirstLogon"=1 "DisableResolveStoreCategories"=1 "DisableUpgradeCleanup"=1 "EarlyAppResolverStart"=1 "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "FSIASleepTimeInMs"=60000 "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "IconUnderline"=2 "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "MachineOobeUpdates"=1 "NoWaitOnRoamingPayloads"=1 "TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd} "GlobalAssocChangedCounter"=25 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_TrackDocs"=1 "TaskbarSizeMove"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s ---------- | Winlogon [HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin;OneDrive;Work Folders "PUUActive"=0x0EFB17D004000200EC0061025B080D0092B50E0092B50E00D200000002002700C6FC18D5D0FDEE01587C3A00421E06007DF50400B808010000000000B1411600E73900008008000012A5BCED893CD501ADD52200000000000100000086BF1400EE420000000000000000000000000000 "BuildNumber"=17134 "FirstLogon"=0 "DP"=0xD200E80037010200ED0000000EFB17D00000000000000000B4B5E421863CD501B4B5E421863CD501000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000F03F80510100EF9E00C04009040040090440939000806640A0016640E201A8E9000018120A0238121A06C74100807A4C0B097ACC1B0B9B380100024194030A41944345EB00004F00984A4F50984A8CD400801103000811130008EA0401803E0608193E0E08198B3201802883A5102C87A71130270180C07C9748C07E97483B0B00400C500A000CD40A08 "ParseAutoexec"=1 [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "AutoRestartShell"=1 "Background"=0 0 0 "CachedLogonsCount"=10 "DebugServerCommand"=no "DisableBackButton"=1 "EnableSIHostIntegration"=1 "ForceUnlockLogon"=0 "LegalNoticeCaption"= "LegalNoticeText"= "PasswordExpiryWarning"=5 "PowerdownAfterShutdown"=0 "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "ReportBootOk"=1 "Shell"=explorer.exe "ShellCritical"=0 "ShellInfrastructure"=sihost.exe "SiHostCritical"=0 "SiHostReadyTimeOut"=0 "SiHostRestartCountLimit"=0 "SiHostRestartTimeGap"=0 "VMApplet"=SystemPropertiesPerformance.exe /pagefile "WinStationsDisabled"=0 "scremoveoption"=0 "LastLogOffEndTimePerfCounter"=701996563785 "ShutdownFlags"=2147483687 "Userinit"=C:\Windows\system32\userinit.exe, "DisableCad"=1 "DisableLockWorkstation"=0 "EnableFirstLogonAnimation"=1 "AutoLogonSID"=S-1-5-21-3016070864-3641507875-3210199050-1001 "LastUsedUsername"=Personnel [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon] "DefaultDomainName"= "DefaultUserName"= "EnableSIHostIntegration"=1 "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "Shell"=explorer.exe "ShellCritical"=0 "SiHostCritical"=0 "SiHostReadyTimeOut"=0 "SiHostRestartCountLimit"=0 "SiHostRestartTimeGap"=0 "allocatecdroms"=0 ---------- | Associations [HKLM\Software\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\Classes\.com] ""=comfile [HKLM\Software\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.reg] ""=regfile [HKLM\Software\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\Classes\.scr] ""=scrfile [HKLM\Software\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\Classes\.bat] ""=batfile [HKLM\Software\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.cmd] ""=cmdfile [HKLM\Software\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.pif] ""=piffile [HKLM\Software\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.inf] ""=inffile [HKLM\Software\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\Classes\.url] ""=InternetShortcut [HKLM\Software\Classes\.lnk] ""=lnkfile [HKLM\Software\Classes\.hta] ""=htafile "Content Type"=application/hta "PerceivedType"=text [HKLM\Software\Classes\htafile\Shell\Open\Command] ""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* [HKLM\Software\Classes\InternetShortcut] "EditFlags"=2 "FriendlyTypeName"=@C:\WINDOWS\system32\ieframe.dll,-10046 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "NeverShowExt"= "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment ""=Raccourci Internet [HKLM\Software\Classes\Application.Manifest] ""=Application Manifest "BrowserFlags"=4096 "EditFlags"=4259840 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200 [HKLM\Software\Classes\Application.Reference] ""=Application Reference "EditFlags"=131072 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201 "IsShortcut"= "NeverShowExt"= [HKLM\Software\Classes\Folder] ""=Folder "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeLayoutPatternForSearch"=alpha "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.HomeGroupSharingStatus [HKLM\Software\WOW6432Node\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\WOW6432Node\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\WOW6432Node\Classes\.com] ""=comfile [HKLM\Software\WOW6432Node\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.reg] ""=regfile [HKLM\Software\WOW6432Node\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\WOW6432Node\Classes\.scr] ""=scrfile [HKLM\Software\WOW6432Node\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\WOW6432Node\Classes\.bat] ""=batfile [HKLM\Software\WOW6432Node\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.cmd] ""=cmdfile [HKLM\Software\WOW6432Node\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.pif] ""=piffile [HKLM\Software\WOW6432Node\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.inf] ""=inffile [HKLM\Software\WOW6432Node\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\WOW6432Node\Classes\.url] ""=InternetShortcut [HKLM\Software\WOW6432Node\Classes\.lnk] ""=lnkfile [HKLM\Software\WOW6432Node\Classes\.hta] ""=htafile "Content Type"=application/hta "PerceivedType"=text [HKLM\Software\WOW6432Node\Classes\htafile\Shell\Open\Command] ""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* [HKLM\Software\WOW6432Node\Classes\InternetShortcut] "EditFlags"=2 "FriendlyTypeName"=@C:\WINDOWS\system32\ieframe.dll,-10046 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "NeverShowExt"= "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment ""=Raccourci Internet [HKLM\Software\WOW6432Node\Classes\Application.Manifest] ""=Application Manifest "BrowserFlags"=4096 "EditFlags"=4259840 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200 [HKLM\Software\WOW6432Node\Classes\Application.Reference] ""=Application Reference "EditFlags"=131072 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201 "IsShortcut"= "NeverShowExt"= [HKLM\Software\WOW6432Node\Classes\Folder] ""=Folder "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeLayoutPatternForSearch"=alpha "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.HomeGroupSharingStatus [HKLM\Software\Clients\StartMenuInternet\Avast Secure Browser\Shell\open\Command] ""="C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" [HKLM\Software\Clients\StartMenuInternet\Avast Secure Browser\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" --make-default-browser [HKLM\Software\Clients\StartMenuInternet\Google Chrome\Shell\open\Command] ""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [HKLM\Software\Clients\StartMenuInternet\Google Chrome\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""=C:\Program Files\Internet Explorer\iexplore.exe [12/04/2018 18:19:11] [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Avast Secure Browser\Shell\open\Command] ""="C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Avast Secure Browser\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" --make-default-browser [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\Shell\open\Command] ""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""=C:\Program Files\Internet Explorer\iexplore.exe [12/04/2018 18:19:11] [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall ---------- | AppcompatFlags [HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store] "C:\Users\Personnel\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000787C03003765040001000000000000000000000A00210000E63F486B2AA0D2010000000100000000 "C:\Users\Personnel\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D09A0300AA58040001000000000000000000000A71200000E63F486B2AA0D2010000000100000000 "C:\Program Files\Elantech\ETDCtrlHelper.exe"=0x5341435001000000000000000700000028000000D0862700B2AD270001000000000000000000000A73220000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000D0F8FA1400000000FC010000FC010000 "SIGN.MEDIA=B668F7C5 current\AcroRdrDC1502320053_fr_FR.exe"=0x5341435001000000000000000700000028000000B8E4AB051E3CAC0501000000000000000000000A71220000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000F2070600000000000200000002000000 "SIGN.MEDIA=B668F7C5 current\bitdefender_antivirus.exe"=0x534143500100000000000000070000002800000098B4B4000306B50001000000000000000000000A00210000E63F486B2AA0D201000000000000000002000000280000000000000000000000000000000000000000000000000000001E850000000000000100000001000000 "SIGN.MEDIA=B668F7C5 current\Apache_OpenOffice_4.1.3_Win_x86_install_fr.exe"=0x534143500100000000000000070000002800000066CAE3070000000001000000000000000000000A00210000E63F486B2AA0D2010000000000000000020000002800000000000000000000400000000000000000000000000000000044C60200000000000100000001000000 "SIGN.MEDIA=B668F7C5 current\Combined-Community-Codec-Pack-2014-07-13.exe"=0x534143500100000000000000070000002800000020009F000F4F9F0001000000000000000000030600010000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000AB5E0000000000000100000001000000 "SIGN.MEDIA=B668F7C5 current\Firefox Setup Stub 53.0.3.exe"=0x5341435001000000000000000700000028000000D8C103000863040001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000197A0200000000000100000001000000 "SIGN.MEDIA=B668F7C5 current\bitdefender_ts_21_64b.exe"=0x534143500100000000000000070000002800000040EECD16739ECE1601000000000000000000000A00210000E63F486B2AA0D201000000000000000002000000280000000000000000000000000000000000000000000000000000003EB80B00000000000200000002000000 "C:\Users\Personnel\AppData\Local\Temp\RarSFX1\bddeploy.exe"=0x5341435001000000000000000700000028000000B06108004A5E090001000000000000000000000A00210000E63F486B2AA0D201000000000000000002000000280000000000000000000000000000000000000000000000000000007B370000000000000100000001000000 "SIGN.MEDIA=B668F7C5 current\pf7-setup-fr.exe"=0x5341435001000000000000000700000028000000B6EE80000000000001000000000000000000000671000000E63F486B2AA0D201000000000000000002000000280000000000000000080040000000000000000000000000000000000A430200000000000100000001000000 "SIGN.MEDIA=B668F7C5 current\PowerPointViewer.exe"=0x5341435001000000000000000700000028000000A099C6031335C70301000000000000000000010671020000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000BB370300000000000100000001000000 "C:\Program Files (x86)\Mozilla Firefox\firefox.exe"=0x5341435001000000000000000700000028000000C8F307005894080001000000000000000000000A00210000E63F486B2AA0D2010000000100000000 "C:\Program Files (x86)\OpenOffice 4\program\swriter.exe"=0x5341435001000000000000000700000028000000009601002029020001000000000000000000000A71220000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000007C2DCB0B000000006300000063000000 "SIGN.MEDIA=AAC7AF00 Setup.exe"=0x5341435001000000000000000700000028000000085A1A006A721A0001000000000000000000010600010000E63F486B2AA0D2010000000000000000020000002800000000000000800000000000000000000000000000000000000003130500000000000100000001000000 "C:\Program Files\Internet Explorer\iexplore.exe"=0x534143500100000000000000070000002800000040930C00D5A10C0001000000010000000000000A00210000E78E163C2AA0D2010000000000000000 "C:\Users\Personnel\Downloads\ChromeSetup.exe"=0x5341435001000000000000000700000028000000583F11002342110001000000000000000000000A00210000E63F486B2AA0D2010000008100000000 "C:\Users\Personnel\AppData\Local\Temp\GUMEBE6.tmp\GoogleUpdateSetup.exe"=0x5341435001000000000000000700000028000000583F11002342110001000000000000000000000A00210000E63F486B2AA0D201000000800000000002000000280000000000000000000040000000000000000000000000000000004C2B0200000000000100000001000000 "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe"=0x5341435001000000000000000700000028000000207F0D007D3D0E0003000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000C91D0000000000000100000001000000 "SIGN.IE=069BE0 sconnect-ie-v2.3.0.0.exe"=0x5341435001000000000000000700000028000000E09B060018AB060001000000000000000000010600010000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000077010000000000000100000001000000 "C:\Program Files\Bitdefender\Bitdefender 2017\bdagent.exe"=0x534143500100000000000000070000002800000008EB0400772C050001000000000000000000000A00210000E78E163C2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000B0590F00000000000100000001000000 "C:\Users\Personnel\Downloads\avast_free_antivirus_setup_online.exe"=0x5341435001000000000000000700000028000000F08B65007099650001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000BAF90500000000000100000001000000 "C:\Program Files\Common Files\Bitdefender\SetupInformation\{C12EDCD9-A219-4778-A5FC-0D0F1F219F12}\installer.exe"=0x5341435001000000000000000700000028000000B8520B00858D0B0003000000000000000000000A00210000E78E163C2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000B9760600000000000100000001000000 "C:\Program Files\Bitdefender Agent\installer\installer.exe"=0x5341435001000000000000000700000028000000A0C60900F4900A0003000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000E3090000000000000100000001000000 "C:\Program Files (x86)\PhotoFiltre 7\PhotoFiltre7.exe"=0x534143500100000000000000070000002800000000E434000000000001000000000000000000020661200000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000077B90100000000000100000001000000 "C:\Program Files\AVAST Software\SZBrowser\launcher.exe"=0x534143500100000000000000070000002800000020260E00776B0E0001000000000000000000000A00210000E63F486B2AA0D2010000000000000000020000002800000000000000800000000000000000000000000000000000000035F90000000000000100000001000000 "C:\Program Files (x86)\OpenOffice 4\program\soffice.exe"=0x5341435001000000000000000700000028000000001A9600A653960001000000000000000000000A71220000BFA2139DEDD1D30100000000000000000200000028000000000000000000001000000000000000000000000000000000E9659500000000001F0000001F000000 "C:\Users\Personnel\Downloads\JavaSetup8u131.exe"=0x534143500100000000000000070000002800000040440B0020CC0B0001000000000000000000000A71220000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000F57E0300000000000100000001000000 "C:\Users\Personnel\AppData\Local\Microsoft\OneDrive\17.3.6943.0625\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D0960300F48A040001000000000000000000000A71200000E63F486B2AA0D2010000000100000000 "C:\Users\Personnel\Downloads\adwcleaner-7-0-0-0.exe"=0x5341435001000000000000000700000028000000C88B7C006CAA7C0001000000000000000000000A71220000E63F486B2AA0D2010000000000000000 "C:\Users\Personnel\Downloads\ccleaner_5-32-6129_fr_14492.exe"=0x534143500100000000000000070000002800000038BC940091CD940001000000000000000000000A00210000E63F486B2AA0D2010000000000000000 "C:\Users\Personnel\AppData\Local\Temp\jre-8u144-windows-au.exe"=0x5341435001000000000000000700000028000000404C0B001FB30B0001000000000000000000000A71220000E63F486B2AA0D2010000000000000000020000002800000000000000000000400000000000000000000000000000000025440500000000000100000001000000 "C:\Users\Personnel\Downloads\adwcleaner-7-0-0-0 (1).exe"=0x5341435001000000000000000700000028000000C88B7C006CAA7C0001000000000000000000000A71220000E63F486B2AA0D2010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000070060500000000000100000001000000 "C:\Users\Personnel\Downloads\adwcleaner-7-0-0-0 (2).exe"=0x5341435001000000000000000700000028000000C88B7C006CAA7C0001000000000000000000000A71220000E63F486B2AA0D20100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000F8B30800000000000100000001000000 "C:\Users\Personnel\Downloads\adwcleaner_7.0.1.0 (1).exe"=0x5341435001000000000000000700000028000000C8E57C00C3187D0001000000000000000000000A00210000E63F486B2AA0D2010000000000000000 "C:\Users\Personnel\AppData\Local\SConnectHost\uninstall_sconnect.exe"=0x5341435001000000000000000700000028000000C1990000F626040003000000000000000000010600010000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000C0020000000000000100000001000000 "C:\Users\Personnel\AppData\Local\Temp\GUM4A56.tmp\DropboxUpdate.exe"=0x5341435001000000000000000700000028000000282F0200CE9B020001000000000000000000010600010000E63F486B2AA0D20100000080000000000200000028000000000000000000004000000000000000000000000000000000F6940800000000000100000001000000 "C:\Users\Personnel\AppData\Local\Microsoft\OneDrive\17.3.6966.0824\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D0B00300CDA9040001000000000000000000000A71200000E63F486B2AA0D2010000000100000000 "C:\Program Files\CCleaner\CCleaner64.exe"=0x5341435001000000000000000700000028000000D8DE97001A40980001000000000000000000000A00210000E78E163C2AA0D201000000000000000002000000280000000000000000000000000000000000000000000000000000003E000000000000000100000001000000 "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe"=0x534143500100000000000000070000002800000038353500BDEB350001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000130F0000000000000100000001000000 "C:\Users\Personnel\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D0E20300117A040001000000000000000000000A71200000E63F486B2AA0D2010000000100000000 "C:\Users\Personnel\Downloads\adwcleaner_7.0.3.1.exe"=0x5341435001000000000000000700000028000000D0E57D0082347E0001000000000000000000000A00210000E63F486B2AA0D2010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000017820200000000000100000001000000 "C:\Users\Personnel\AppData\Local\Microsoft\OneDrive\17.3.7073.1013\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C80E0400AEA6040001000000000000000000000A71200000E63F486B2AA0D2010000000100000000 "C:\Users\Personnel\AppData\Local\Microsoft\OneDrive\17.3.7074.1023\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C80E0400B6AD040001000000000000000000000A71200000E63F486B2AA0D2010000000100000000 "C:\Users\Personnel\AppData\Local\Temp\IXP181.TMP\SetupAdmin.exe"=0x5341435001000000000000000700000028000000480D02005CF2020001000000000000000000000A00210000E63F486B2AA0D201000000000000000002000000280000000000000000000040000000000000000000000000000000003C202700000000000100000001000000 "C:\Program Files\iTunes\iTunes.exe"=0x5341435001000000000000000700000028000000388F62022C28630201000000000000000000000A00210000DB80FDAC2839D3010000000000000000020000002800000000000000000000100000000000000000000000000000000036DE0B00000000000300000003000000 "C:\Users\Personnel\AppData\Local\Microsoft\OneDrive\17.3.7076.1026\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C80E040067ED040001000000000000000000000A71200000E63F486B2AA0D2010000000100000000 "C:\Users\Personnel\Downloads\adwcleaner_7.0.4.0.exe"=0x5341435001000000000000000700000028000000D00F7E00268F7E0001000000000000000000000A00210000E63F486B2AA0D20100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000367B0100000000000100000001000000 "C:\Users\Personnel\Downloads\ccsetup537.exe"=0x5341435001000000000000000700000028000000708EA500C46EA60001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000A93B4700000000000100000001000000 "C:\Program Files (x86)\OpenOffice 4\program\scalc.exe"=0x534143500100000000000000070000002800000000960100CBD6010001000000000000000000000A71220000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000003E720100000000000700000007000000 "C:\Users\Personnel\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C89C0300B381040001000000000000000000000A71200000E63F486B2AA0D2010000000100000000 "C:\Users\Personnel\Downloads\adwcleaner_7.0.5.0.exe"=0x534143500100000000000000070000002800000000B27C000000000001000000000000000000000A00210000DB80FDAC2839D3010000000000000000020000002800000000000000000000400000000000000000000000000000000069970100000000000100000001000000 "C:\Users\Personnel\Downloads\ccsetup537 (1).exe"=0x5341435001000000000000000700000028000000708EA500C46EA60001000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000B1164900000000000100000001000000 "C:\Users\Personnel\AppData\Local\Microsoft\OneDrive\17.3.7294.0108\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000A0A203006855040001000000000000000000000A71200000DB80FDAC2839D3010000000100000000 "C:\Users\Personnel\AppData\Local\Microsoft\OneDrive\17.005.0107.0008\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000A0AC03001457040001000000000000000000000A71200000DB80FDAC2839D3010000000100000000 "C:\Users\Personnel\AppData\Local\Microsoft\OneDrive\18.025.0204.0009\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000A0AE0300F24D040001000000000000000000000A71200000DB80FDAC2839D3010000000100000000 "C:\Users\Personnel\AppData\Local\Microsoft\OneDrive\18.044.0301.0006\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000A0BC0300204F040001000000000000000000000A00210000DB80FDAC2839D3010000000100000000 "SIGN.MEDIA=3DBBE95 WinSetup.exe"=0x53414350010000000000000007000000280000003A0C0B000000000001000000000000000000000671000000DB80FDAC2839D30100000000000000000200000028000000000000000008004000000000000000000000000000000000282C0F00000000000200000002000000 "C:\Program Files (x86)\ImageScan_V1.06.105d4\ImageScan.exe"=0x5341435001000000000000000700000028000000002C54000000000001000000000000000000000A71200000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000250D8900000000001100000011000000 "C:\Users\Personnel\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000A0E00300017A040001000000000000000000000A00210000DB80FDAC2839D3010000000100000000 "C:\Users\Personnel\AppData\Local\Microsoft\OneDrive\18.091.0506.0007\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000A8E003002796040001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"=0x5341435001000000000000000700000028000000F0A522004741230001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000001000000000000000000000000000000000B7210200000000000D0000000D000000 "C:\Users\Personnel\AppData\Local\Microsoft\OneDrive\18.111.0603.0006\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000A0F60300D140040001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Users\Personnel\AppData\Local\Microsoft\OneDrive\18.131.0701.0007\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000A80204003EA4040001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Users\Personnel\Downloads\adwcleaner_7.2.2.exe"=0x5341435001000000000000000700000028000000D02C710032B5710001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000016B70100000000000100000001000000 "C:\Users\Personnel\Downloads\ccsetup545.exe"=0x534143500100000000000000070000002800000038AFFD005D73FE0001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000A4410500000000000100000001000000 "C:\Users\Personnel\Downloads\adwcleaner_7.2.2 (2).exe"=0x5341435001000000000000000700000028000000D02C710032B5710001000000000000000000000A00210000BFA2139DEDD1D301000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000004B120100000000000100000001000000 "C:\Users\Personnel\AppData\Local\Microsoft\OneDrive\18.151.0729.0006\FileSyncConfig.exe"=0x534143500100000000000000070000002800000020F80300EE6C040001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Users\Personnel\AppData\Local\Microsoft\OneDrive\18.151.0729.0012\FileSyncConfig.exe"=0x534143500100000000000000070000002800000020F30300A795040001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Users\Personnel\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"=0x5341435001000000000000000700000028000000604CAB018134AC0101000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Users\Personnel\AppData\Local\Microsoft\OneDrive\18.172.0826.0010\FileSyncConfig.exe"=0x53414350010000000000000007000000280000006010040082C7040001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Program Files\AVAST Software\Avast\wsc_proxy.exe"=0x5341435001000000000000000700000028000000A0E000000B5F010001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000019B10800000000000100000001000000 "C:\Program Files (x86)\Windows Media Player\wmplayer.exe"=0x5341435001000000000000000700000028000000008C02004C22030001000000010000000000000A61220000BFA2139DEDD1D3010000000000000000 "C:\Users\Personnel\Downloads\ccleaner_5-47-6716_fr_14492.exe"=0x5341435001000000000000000700000028000000B84C00015D00010101000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000009CA81C00000000000100000001000000 "C:\Program Files (x86)\Dropbox\Client\DropboxUninstaller.exe"=0x534143500100000000000000070000002800000048960200D9DD020001000000000000000000010600010000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000108B0200000000000100000001000000 "C:\Users\Personnel\AppData\Local\Microsoft\OneDrive\18.192.0920.0015_1\FileSyncConfig.exe"=0x534143500100000000000000070000002800000060340400A607050001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Users\Personnel\AppData\Local\Microsoft\OneDrive\18.212.1021.0008\FileSyncConfig.exe"=0x53414350010000000000000007000000280000002031040026BC040001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Users\Personnel\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\FileSyncConfig.exe"=0x534143500100000000000000070000002800000020570400F14C050001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Users\Personnel\Downloads\adwcleaner_7.2.6.0.exe"=0x5341435001000000000000000700000028000000D0B26F0055B46F0001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000092420100000000000100000001000000 "C:\Users\Personnel\Downloads\ccsetup551.exe"=0x5341435001000000000000000700000028000000307B26015C8D260101000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000002D323501000000000100000001000000 "C:\Program Files (x86)\Combined Community Codec Pack\MPC\mpc-hc.exe"=0x5341435001000000000000000700000028000000000A90002FC5900001000000000000000000030600210000BFA2139DEDD1D30100000000000000000200000050000000000000008000001200000000000000000000000000000000748618010000000002000000020000000000000000000012000000000000000000000000000000009E4D0100000000000100000000000000 "C:\Users\Personnel\Downloads\ccsetup551 (1).exe"=0x5341435001000000000000000700000028000000307B26015C8D260101000000000000000000000A00210000BFA2139DEDD1D3010000000000000000 "C:\Users\Personnel\Downloads\adwcleaner_7.2.6.0 (1).exe"=0x5341435001000000000000000700000028000000D0B26F0055B46F0001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000 "C:\Users\Personnel\Downloads\musicmaker.exe"=0x5341435001000000000000000700000028000000387A49002BCD490001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000025290300000000000100000001000000 "C:\Users\Personnel\Downloads\musicmaker (1).exe"=0x5341435001000000000000000700000028000000387A49002BCD490001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000937C0000000000000200000002000000 "C:\Users\Personnel\Downloads\MP3CutterSetup.exe"=0x5341435001000000000000000700000028000000E01B0F000000000001000000000000000000030600010000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000C0730200000000000100000001000000 "C:\Program Files (x86)\MuseTips\Free MP3 Cutter and Editor\MP3Cutter.exe"=0x534143500100000000000000070000002800000000F00E000000000001000000000000000000000A71200000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000E55C0000000000000200000002000000 "C:\Users\Personnel\Downloads\adwcleaner_7.2.6.0 (2).exe"=0x5341435001000000000000000700000028000000D0B26F0055B46F0001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000A4660100000000000100000001000000 "C:\Users\Personnel\AppData\Local\Microsoft\OneDrive\18.240.1202.0004\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000386B0400903D050001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Users\Personnel\Downloads\nero6614-6.6.14.0.exe"=0x5341435001000000000000000700000028000000A0272202E613230201000000000000000000010571000000BFA2139DEDD1D30100000000000000000200000028000000000000000008004000000000000000000000000000000000E4260600000000000200000002000000 "C:\Users\Personnel\Downloads\cdbxp_setup_4.5.8.7041.exe"=0x534143500100000000000000070000002800000040596300C50F640001000000000000000000030600010000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000092EF0300000000000100000001000000 "C:\Users\Personnel\AppData\Local\Microsoft\OneDrive\19.002.0107.0008_1\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000308104006ACC040001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Users\Personnel\Downloads\adwcleaner_7.2.7.0.exe"=0x5341435001000000000000000700000028000000D0A46F000FD26F0001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000 "C:\Users\Personnel\Downloads\ccleaner_5-53-7034_fr_14492.exe"=0x534143500100000000000000070000002800000038C927011208280101000000000000000000000A00210000BFA2139DEDD1D3010000000000000000 "C:\Users\Personnel\AppData\Local\Microsoft\OneDrive\19.012.0121.0011\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000308D04008E97040001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\LocalBridge.exe"=0x534143500100000000000000070000002800000048B600006317010001000000000000000000000A73220000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000009B2F0000000000000200000002000000 "C:\Users\Personnel\AppData\Local\Microsoft\OneDrive\19.033.0218.0011\FileSyncConfig.exe"=0x534143500100000000000000070000002800000060AA0400777F050001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Users\Personnel\Downloads\adwcleaner_7.3.exe"=0x5341435001000000000000000700000028000000D0326B00387A6B0001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000D2E40000000000000100000001000000 "C:\Users\Personnel\Downloads\ccleaner_5-55-7108_fr_14492.exe"=0x534143500100000000000000070000002800000008924301A8ED430101000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000F06DE20B000000000100000001000000 "C:\Program Files (x86)\OpenOffice 4\program\sdraw.exe"=0x534143500100000000000000070000002800000000960100B501020001000000000000000000000A71220000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000C0620700000000000300000003000000 "C:\Users\Personnel\Downloads\adwcleaner_7.3 (1).exe"=0x5341435001000000000000000700000028000000D0326B00387A6B0001000000000000000000000A00210000BFA2139DEDD1D301000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000006AEB0000000000000100000001000000 "C:\Users\Personnel\AppData\Local\Microsoft\OneDrive\19.043.0304.0007\FileSyncConfig.exe"=0x534143500100000000000000070000002800000030AF0400A4BA040001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "D:\Start PC.exe"=0x5341435001000000000000000700000028000000002002000000000001000000000000000000010671200000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000010000000000000000000000000000030E50000000000000500000005000000 "C:\Users\Personnel\AppData\Local\Microsoft\OneDrive\19.062.0331.0006\FileSyncConfig.exe"=0x534143500100000000000000070000002800000060BC0400AE33050001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Users\Personnel\Downloads\adwcleaner_7.3 (2).exe"=0x5341435001000000000000000700000028000000D0326B00387A6B0001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000604D0100000000000100000001000000 "C:\Users\Personnel\Downloads\ccsetup557.exe"=0x534143500100000000000000070000002800000018404501DC8F450101000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000DA0C0800000000000100000001000000 "C:\Users\Personnel\AppData\Local\Microsoft\OneDrive\19.070.0410.0005\FileSyncConfig.exe"=0x534143500100000000000000070000002800000060BC04002A69050001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Users\Personnel\Downloads\avastdriverupdater.exe"=0x53414350010000000000000007000000280000006872150042F3150001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000CDD31A00000000000100000001000000 "C:\Users\Personnel\AppData\Local\Microsoft\OneDrive\19.070.0410.0007\FileSyncConfig.exe"=0x534143500100000000000000070000002800000060BC0400100C050001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe"=0x5341435001000000000000000700000028000000A8E21D00C2BB1E0001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000EE580000000000000200000002000000 "C:\Program Files (x86)\OpenOffice 4\program\simpress.exe"=0x534143500100000000000000070000002800000000960100472B020001000000000000000000000A71220000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000A00F0000000000000200000002000000 "C:\Users\Personnel\Downloads\adwcleaner_7.3 (3).exe"=0x5341435001000000000000000700000028000000D0326B00387A6B0001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000173F0100000000000100000001000000 "C:\Users\Personnel\Downloads\ccsetup558.exe"=0x5341435001000000000000000700000028000000F0EB3A01C0413B0101000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000FB629206000000000100000001000000 "C:\Users\Personnel\AppData\Local\Microsoft\OneDrive\19.086.0502.0006_1\FileSyncConfig.exe"=0x534143500100000000000000070000002800000038C904002188050001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19041.16510.0_x64__8wekyb3d8bbwe\VideoProjectsLauncher.exe"=0x5341435001000000000000000700000028000000005801000000000001000000000000000000000A73220000BFA2139DEDD1D301000000000000000002000000280000000000000000000010000000000000000000000000000000009B080000000000000100000001000000 "C:\Program Files (x86)\CDBurnerXP\cdbxpp.exe"=0x534143500100000000000000070000002800000070BE1A0007351B0001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000086C0000000000000100000001000000 "SIGN.MEDIA=6A568 start.exe"=0x5341435001000000000000000700000028000000F8A50600A162070001000000000000000000010671220000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000681F4000000000000200000002000000 "C:\Program Files (x86)\MAGIX\Vidéo easy SOS Cassettes vidéo ! Version 7.0\VideoEasy.exe"=0x5341435001000000000000000700000028000000008FB100D988B20001000000000000000000020671020000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000E75C9E01000000000B0000000B000000 "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"=0x5341435001000000000000000700000028000000F0BD1700B2B1180001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000005BE43A00000000000700000007000000 "C:\Users\Personnel\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"=0x534143500100000000000000070000002800000078E4FC0124EEFC0101000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Users\Personnel\AppData\Local\Microsoft\OneDrive\19.103.0527.0003\FileSyncConfig.exe"=0x534143500100000000000000070000002800000078D404009BC1050001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Program Files\AVAST Software\Avast\AvastUI.exe"=0x534143500100000000000000070000002800000088A3B4000D4BB50001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000AA030000000000000100000001000000 ---------- | IFEO ---------- | Mountpoints2 [HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{5c690731-8d29-11e9-ac97-28e34730fc03}] : "F:\Fondation_Ronald_McDonald_USB_2015.EXE" (AutoRun) ---------- | Windows [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] ""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "Beep"=#USR:Control Panel\Sound "CoolSwitch"=USR:Control Panel\Desktop "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickSpeed"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse "Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SwapMouseButtons"=#USR:Control Panel\Mouse "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "Beep"=#USR:Control Panel\Sound "CoolSwitch"=USR:Control Panel\Desktop "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickSpeed"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SwapMouseButtons"=#USR:Control Panel\Mouse "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems] "windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ---------- | Security center [HKLM\SOFTWARE\Microsoft\Security Center] "cval"=1 [HKLM\SOFTWARE\Microsoft\Security Center\svc] "VistaSp1"=131726849000528469 [HKLM\SOFTWARE\Microsoft\Windows Defender] "ProductAppDataPath"=C:\ProgramData\Microsoft\Windows Defender "ProductIcon"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-100 "ProductLocalizedName"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-1000 "RemediationExe"=%ProgramFiles%\Windows Defender\MSASCui.exe "DisableAntiSpyware"=1 "ProductType"=2 "InstallTime"=0x7D8E003341EBD201 "InstallLocation"=C:\Program Files\Windows Defender\ "ProductStatus"=0 "OOBEInstallTime"=0xCBA0A32343EBD201 "ManagedDefenderProductType"=0 "DisableAntiVirus"=1 "LastEnabledTime"=0xA613C473FF34D501 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall"=1 ---------- | Safeboot [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioSrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicDisplay.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicRender.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BrokerInfrastructure] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DeviceInstall] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dxgkrnl.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FsDepends.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudBus.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LSM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SerCx2.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SystemEventsBroker] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\usbaudio.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AudioEndpointBuilder] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AudioSrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicDisplay.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicRender.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BrokerInfrastructure] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DeviceInstall] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dxgkrnl.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\FsDepends.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HdAudAddService.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HdAudBus.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LSM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetSetupSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SerCx2.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmartcardSimulator] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SpbCx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SystemEventsBroker] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\uefi.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\usbaudio.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VirtualSmartcardReader] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wcmsvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96C-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}] ---------- | Winsock (Whitelist) ---------- | Hosts ---------- | Ping Envoi d'une requ?te 'ping' sur google.com [172.217.18.206] avec 32 octets de donn?es?: R?ponse de 172.217.18.206?: octets=32 temps=28 ms TTL=48 R?ponse de 172.217.18.206?: octets=32 temps=27 ms TTL=48 R?ponse de 172.217.18.206?: octets=32 temps=27 ms TTL=48 R?ponse de 172.217.18.206?: octets=32 temps=28 ms TTL=48 Statistiques Ping pour 172.217.18.206: Paquets?: envoy?s = 4, re?us = 4, perdus = 0 (perte 0%), Dur?e approximative des boucles en millisecondes : Minimum = 27ms, Maximum = 28ms, Moyenne = 27ms ---------- | @ [HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\Microsoft\Internet Explorer\Main] "Anchor Underline"=yes "Cache_Update_Frequency"=yes "Disable Script Debugger"=yes "DisableScriptDebuggerIE"=yes "Display Inline Images"=yes "Do404Search"=0x01000000 "Local Page"=%11%\blank.htm "Save_Session_History_On_Exit"=no "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Show_FullURL"=no "Show_StatusBar"=yes "Show_ToolBar"=yes "Show_URLinStatusBar"=yes "Show_URLToolBar"=yes "Use_DlgBox_Colors"=yes "UseClearType"=no "XMLHTTP"=1 "Enable Browser Extensions"=yes "Play_Background_Sounds"=yes "Play_Animations"=yes "Start Page"=https://fr.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset "SmoothScroll"=1 "ImageStoreRandomFolder"=3d74zpm "OperationalData"=12 "CompatibilityFlags"=0 "FullScreen"=no "Window_Placement"=0x2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF24000000240000000C0400007C020000 "Start Page_TIMESTAMP"=0xC3AA32322FECD201 "SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy"= "IE10RunOnceLastShown"=1 "IE10RunOnceLastShown_TIMESTAMP"=0xD04CB19C2CECD201 "IE10TourShown"=1 "IE10TourShownTime"=0xFDFF64CE41EBD201 "IE11EdgeNotifyTime"=0xE31BCCE6CEECD201 "EdgeReminderRemainingCount"=5 "TabProcGrowth"=100 "DownloadWindowPlacement"=0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 "IE10RunOncePerInstallCompleted"=1 "IE10RunOnceCompletionTime"=0xFDFF64CE41EBD201 "Use FormSuggest"=no "FormSuggest Passwords"=yes "FormSuggest PW Ask"=yes [HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\Microsoft\Windows\CurrentVersion\Internet settings] "DisableCachingOfSSLPages"=0 "IE5_UA_Backup_Flag"=5.0 "PrivacyAdvanced"=1 "SecureProtocols"=2688 "CertificateRevocation"=1 "User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32) "ZonesSecurityUpgrade"=0xBD267F76B6FCD301 "WarnonZoneCrossing"=0 "EnableNegotiate"=1 "MigrateProxy"=1 "ProxyEnable"=0 "LockDatabase"=131992713354573300 [HKLM\Software\Microsoft\Internet Explorer\Main] "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "AutoHide"=yes "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Anchor_Visitation_Horizon"=0x01000000 "Cache_Percent_of_Disk"=0x0A000000 "Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Secondary_Page_URL"= "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "Extensions Off Page"=about:NoAdd-ons "Local Page"=C:\Windows\System32\blank.htm "Placeholder_Height"=0x1A000000 "Placeholder_Width"=0x1A000000 "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Security Risk Page"=about:SecurityRisk "Use_Async_DNS"=yes "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [HKLM\Software\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "Home"=270 "InPrivate"=res://ieframe.dll/inprivate.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "PostNotCached"=res://ieframe.dll/repost.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes] "ftp"=ftp:// "home"=http:// "mosaic"=http:// "www"=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings] "ActiveXCache"=C:\Windows\Downloaded Program Files "CodeBaseSearchPath"=CODEBASE "EnablePunycode"=1 "MinorVersion"=0 "WarnOnIntranet"=1 [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Main] "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "AutoHide"=yes "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Anchor_Visitation_Horizon"=0x01000000 "Cache_Percent_of_Disk"=0x0A000000 "Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Secondary_Page_URL"= "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "Extensions Off Page"=about:NoAdd-ons "Local Page"=C:\Windows\SysWOW64\blank.htm "Placeholder_Height"=0x1A000000 "Placeholder_Width"=0x1A000000 "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Security Risk Page"=about:SecurityRisk "Use_Async_DNS"=yes "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "Home"=270 "InPrivate"=res://ieframe.dll/inprivate.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "PostNotCached"=res://ieframe.dll/repost.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes] "ftp"=ftp:// "home"=http:// "mosaic"=http:// "www"=http:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet settings] "ActiveXCache"=C:\Windows\Downloaded Program Files "CodeBaseSearchPath"=CODEBASE "EnablePunycode"=1 "MinorVersion"=0 "WarnOnIntranet"=1 ---------- | Proxy ---------- | reparsepoint ---------- | Detection of offsets ---------- | Notify ---------- | Execution FileExts ---------- | SIOI | SEH | URLSH [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6] - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7] - {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw] - {472083B0-C522-11CF-8763-00608CC02F24} -- C:\Program Files\AVAST Software\Avast\ashShell.dll [14/06/2019 22:08:14] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} -- C:\Windows\System32\EhStorShell.dll [12/04/2018 01:34:24] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6] - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7] - {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} -- [HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks] "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"= ---------- | Toolbar [HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "Locked"=1 [HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} "KnownProvidersUpgradeTime"=0xFDFF64CE41EBD201 "Version"=5 "UpgradeTime"=0xFDFF64CE41EBD201 [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} ---------- | Extensions [HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1AE2C481-BF51-4AA2-8869-1E443AEf58EC}] : (Réglages SConnect) - [] ---------- | SearchScopes [HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (Bing) - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 : [HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{42DC2A7C-EC0F-45B5-A5F0-AD11DF49B655}] - (Yahoo Search) - https://fr.search.yahoo.com/search?p={searchTerms}&intl=fr&fr=yset_ie_syc_oracle&type=orcl_default&partnerexternal-oracle=external-oracle : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : ---------- | Browser Helper Objects [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] -> (Java(tm) Plug-In SSV Helper) : C:\Program Files (x86)\Java\jre1.8.0_201\bin\ssv.dll [18/03/2019 12:05:20] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] -> (Java(tm) Plug-In 2 SSV Helper) : C:\Program Files (x86)\Java\jre1.8.0_201\bin\jp2ssv.dll [18/03/2019 12:05:20] ---------- | Chrome C:\Users\Personnel\AppData\Local\Google\Chrome\User Data\Default\extensions\aohghmighlieiainnegkcijnfilokake = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\Personnel\AppData\Local\Google\Chrome\User Data\Default\extensions\apdfllckaahabafndbhieahigkjlhalf = : Google & co - https://drive.google.com/?usp=chrome_app - Google & co - [http://docs.google.com/http://drive.google.com/https://docs.google.com/https://drive.google.com/] - https://clients2.google.com/service/update2/crx C:\Users\Personnel\AppData\Local\Google\Chrome\User Data\Default\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo = : Google & co - http://www.youtube.com - http://www.youtube.com - Google & co - http://clients2.google.com/service/update2/crx C:\Users\Personnel\AppData\Local\Google\Chrome\User Data\Default\extensions\efaidnbmnnnibpcajpcglclefindmkaj = : __MSG_web2pdfExtnDescription__ - __MSG_web2pdfExtnName__ - https://clients2.google.com/service/update2/crx C:\Users\Personnel\AppData\Local\Google\Chrome\User Data\Default\extensions\eofcbnmajmjmplflapaojjnihcjkigck = : __MSG_avastAppDesc__ - __MSG_avastAppShortName__ - https://clients2.google.com/service/update2/crx C:\Users\Personnel\AppData\Local\Google\Chrome\User Data\Default\extensions\felcaaldnbdncclmgdcncolpebgiejap = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\Personnel\AppData\Local\Google\Chrome\User Data\Default\extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi = : __MSG_extDesc__ - __MSG_extName__ - https://clients2.google.com/service/update2/crx C:\Users\Personnel\AppData\Local\Google\Chrome\User Data\Default\extensions\gighmmpiobklfepjocnamgkkbiglidom = : __MSG_description__ - short_name: __MSG_name__ - permissions:[tabs\u003Call_urls>contextMenuswebRequestwebRequestBlockingwebNavigationstorageunlimitedStoragenotificationsidlealarms] - https://clients2.google.com/service/update2/crx C:\Users\Personnel\AppData\Local\Google\Chrome\User Data\Default\extensions\gomekmidlodglbbmalcneegieacbdmki = : Avast Browser Security and Web Reputation Plugin. - Avast Online Security - matches:[\u003Call_urls>] - https://clients2.google.com/service/update2/crx C:\Users\Personnel\AppData\Local\Google\Chrome\User Data\Default\extensions\mjhbkkaddmmnkghdnnmkjcgpphnopnfk = : SEcure Addons Manager for Chrome - short_name: SConnect - permissions:[tabsnativeMessaging\u003Call_urls>] - https://clients2.google.com/service/update2/crx C:\Users\Personnel\AppData\Local\Google\Chrome\User Data\Default\extensions\nmmhkkegccagdldgiimedpiccmgmieda = : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx C:\Users\Personnel\AppData\Local\Google\Chrome\User Data\Default\extensions\pjkljhegncpnkpknbcohdijeoejaedia = : Google & co - https://mail.google.com/mail - Google & co - [*://mail.google.com/mail] - https://clients2.google.com/service/update2/crx C:\Users\Personnel\AppData\Local\Google\Chrome\User Data\Default\extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm = : Provider for discovery and services for mirroring of Chrome Media Router - Chrome Media Router - 919648714761-55j965o0km033psv3i9qls5mo3qtdrb0.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx [HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj] [HKLM\Software\WOW6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck] [HKLM\Software\WOW6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki] [HKLM\Software\WOW6432Node\Google\Chrome\Extensions\njpedbdniajflhgfoipnjkednnlkngbj] ---------- | Opera ---------- | Firefox [HKLM\Software\WOW6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.201.2] - (Java™ Deployment Toolkit) : C:\Program Files (x86)\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.201.2] - (Oracle® Next Generation Java™ Plug-In) : C:\Program Files (x86)\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [HKLM\Software\WOW6432Node\MozillaPlugins\Adobe Reader] - (Handles PDFs in-place in Firefox) : C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll C:\Users\Personnel\AppData\Roaming\Mozilla\Firefox\Profiles\5j21fe11.default\Prefs.js user_pref("browser.startup.homepage", "google.fr"); user_pref("browser.startup.homepage_override.buildID", "20170608105825"); user_pref("browser.startup.homepage_override.mstone", "54.0"); user_pref("extensions.adblockplus.currentVersion", "2.9.1"); user_pref("extensions.adblockplus.notificationdata", "{\"lastCheck\":1498233768608,\"softExpiration\":1498288289321,\"hardExpiration\":1498384981496,\"data\":{\"notifications\":[],\"version\":\"201706231002\"},\"lastError\":0,\"downloadStatus\":\"synchronize_ok\",\"downloadCount\":1}"); user_pref("extensions.blocklist.pingCountTotal", 2); user_pref("extensions.blocklist.pingCountVersion", 2); user_pref("extensions.bootstrappedAddons", "{\"{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\":{\"version\":\"2.9.1\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\Personnel\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\5j21fe11.default\\\\extensions\\\\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi\",\"multiprocessCompatible\":true,\"runInSafeMode\":false,\"dependencies\":[],\"hasEmbeddedWebExtension\":true},\"aushelper@mozilla.org\":{\"version\":\"2.0\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\aushelper@mozilla.org.xpi\",\"multiprocessCompatible\":true,\"runInSafeMode\":true,\"dependencies\":[],\"hasEmbeddedWebExtension\":false},\"e10srollout@mozilla.org\":{\"version\":\"1.50\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\e10srollout@mozilla.org.xpi\",\"multiprocessCompatible\":true,\"runInSafeMode\":true,\"dependencies\":[],\"hasEmbeddedWebExtension\":false},\"firefox@getpocket.com\":{\"version\":\"1.0.5\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\firefox@getpocket.com.xpi\",\"multiprocessCompatible\":true,\"runInSafeMode\":true,\"dependencies\":[],\"hasEmbeddedWebExtension\":false},\"screenshots@mozilla.org\":{\"version\":\"6.6.0\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\screenshots@mozilla.org.xpi\",\"multiprocessCompatible\":true,\"runInSafeMode\":true,\"dependencies\":[],\"hasEmbeddedWebExtension\":false},\"webcompat@mozilla.org\":{\"version\":\"1.1\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\webcompat@mozilla.org.xpi\",\"multiprocessCompatible\":true,\"runInSafeMode\":true,\"dependencies\":[],\"hasEmbeddedWebExtension\":false}}"); user_pref("extensions.databaseSchema", 19); user_pref("extensions.e10s.rollout.blocklist", ""); user_pref("extensions.e10s.rollout.hasAddon", true); user_pref("extensions.e10s.rollout.policy", "50allmpc"); user_pref("extensions.e10sBlockedByAddons", false); user_pref("extensions.e10sMultiBlockedByAddons", true); user_pref("extensions.enabledAddons", "%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:54.0"); user_pref("extensions.getAddons.cache.lastUpdate", 1498212272); user_pref("extensions.getAddons.databaseSchema", 5); user_pref("extensions.hotfix.lastVersion", "20170302.01"); user_pref("extensions.lastAppVersion", "54.0"); user_pref("extensions.lastPlatformVersion", "54.0"); user_pref("extensions.pendingOperations", false); user_pref("extensions.pocket.settings.test.panelSignUp", "v1"); user_pref("extensions.systemAddonSet", "{\"schema\":1,\"addons\":{}}"); user_pref("extensions.webextensions.uuids", "{\"{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\":\"91bb347b-a6dc-43e0-920c-bdd5b0230ce1\"}"); user_pref("extensions.xpiState", "{\"app-profile\":{\"{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\":{\"d\":\"C:\\\\Users\\\\Personnel\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\5j21fe11.default\\\\extensions\\\\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi\",\"e\":true,\"v\":\"2.9.1\",\"st\":1498142479750}},\"app-system-defaults\":{\"aushelper@mozilla.org\":{\"d\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\aushelper@mozilla.org.xpi\",\"e\":true,\"v\":\"2.0\",\"st\":1496962878045},\"e10srollout@mozilla.org\":{\"d\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\e10srollout@mozilla.org.xpi\",\"e\":true,\"v\":\"1.50\",\"st\":1496962878039},\"firefox@getpocket.com\":{\"d\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\firefox@getpocket.com.xpi\",\"e\":true,\"v\":\"1.0.5\",\"st\":1496962878797},\"screenshots@mozilla.org\":{\"d\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\screenshots@mozilla.org.xpi\",\"e\":true,\"v\":\"6.6.0\",\"st\":1496962879238},\"webcompat@mozilla.org\":{\"d\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\webcompat@mozilla.org.xpi\",\"e\":true,\"v\":\"1.1\",\"st\":1496962878100}},\"app-global\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"d\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi\",\"e\":true,\"v\":\"54.0\",\"st\":1496962878070}},\"winreg-app-global\":{\"bdwteffv20@bitdefender.com\":{\"d\":\"C:\\\\Program Files\\\\Bitdefender\\\\Bitdefender 2017\\\\antispam32\\\\bdwteff\",\"e\":false,\"v\":\"4.2.5\",\"st\":1492799770403,\"mt\":1498233829245}}}"); [Profile0] - Name=default -> Profiles/5j21fe11.default ---------- | DNS [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters] "DhcpNameServer"=192.168.1.1 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{2fdbb621-5476-4137-9806-3719a0f3b484}] "DhcpNameServer"=192.168.1.1 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{2fdbb621-5476-4137-9806-3719a0f3b484}] "DhcpNameServer"=192.168.1.1 ---------- | Applications [HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 [HKLM\SOFTWARE\Classes\Applications\iTunes.exe] : "C:\Program Files\iTunes\iTunes.exe" /open "%L" [HKLM\SOFTWARE\Classes\Applications\mpc-hc.exe] : "C:\Program Files (x86)\Combined Community Codec Pack\MPC\mpc-hc.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\Classes\Applications\provtool.exe] : "%SystemRoot%\System32\provtool.exe" "%1" /source ShellOpen [HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iTunes.exe] : "C:\Program Files\iTunes\iTunes.exe" /open "%L" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\mpc-hc.exe] : "C:\Program Files (x86)\Combined Community Codec Pack\MPC\mpc-hc.exe" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\provtool.exe] : "%SystemRoot%\System32\provtool.exe" "%1" /source ShellOpen [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" ---------- | SvcHost (Whitelist) [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost] "DcomLaunch"=Power LSM BrokerInfrastructure PlugPlay DcomLaunch DeviceInstall SystemEventsBroker "rdxgroup"=RetailDemo "wusvcs"=WaaSMedicSvc "BthAppGroup"=BluetoothUserService "BcastDVRUserService"=BcastDVRUserService "Camera"=FrameS "diagnostics"=DiagSvc "PrintWorkflow"=PrintWorkflowUserSvc "GraphicsPerfSvcGroup"=GraphicsPerfSvc "DevicesFlow"=DevicesFlowUserSvc DevicePickerUserSvc "smbsvcs"=lanmanserver browser [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost] "DcomLaunch"=PlugPlay DcomLaunch DeviceInstall "PrintWorkflow"=PrintWorkflowUserSvc "smbsvcs"=lanmanserver ---------- | SvcHost - Netsvcs (Whitelist) ---------- | Software [HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\Adobe] [HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\AppDataLow] [HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\Apple Computer, Inc.] [HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\Apple Inc.] [HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\Avast Software] [HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\Browser Cleanup] [HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\Canneverbe Limited] [HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\Chromium] [HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\Clients] [HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\Dropbox] [HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\DropboxUpdate] [HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\Elantech] [HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\g3n-h@ckm@n] [HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\Gabest] [HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\Gemalto] [HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\Google] [HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\Haali] [HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\Hewlett-Packard] [HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\Intel] [HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\JavaSoft] [HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\LAV] [HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\Macromedia] [HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\MAGIX] [HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\MAGIX AG] [HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\MediaChance] [HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\Microsoft] [HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\Mozilla] [HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\MPC-HC] [HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\Netscape] [HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\NVIDIA Corporation] [HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\OpenOffice] [HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\PhotoFiltre 7] [HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\Piriform] [HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\Policies] [HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\RegisteredApplications] [HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\SYNCJM] [HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\sysinternals] [HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\Wow6432Node] [HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\yahoo] [HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\SOFTWARE\AppDataLow\Software\Microsoft] [HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\Microsoft\Windows\CurrentVersion] [HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\Microsoft\Windows\DWM] [HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\Microsoft\Windows\Shell] [HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\Microsoft\Windows\TabletPC] [HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\Microsoft\Windows\Windows Error Reporting] [HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\Apple Computer, Inc.] [HKLM\Software\Apple Inc.] [HKLM\Software\AVAST Software] [HKLM\Software\Clients] [HKLM\Software\Cnxt_Uiu_Parms] [HKLM\Software\Conexant] [HKLM\Software\g3n-h@ckm@n] [HKLM\Software\Google] [HKLM\Software\Hewlett-Packard] [HKLM\Software\InstalledOptions] [HKLM\Software\Intel] [HKLM\Software\Khronos] [HKLM\Software\Macromedia] [HKLM\Software\Microsoft] [HKLM\Software\Mozilla] [HKLM\Software\NVIDIA Corporation] [HKLM\Software\ODBC] [HKLM\Software\OEM] [HKLM\Software\Partner] [HKLM\Software\Piriform] [HKLM\Software\Policies] [HKLM\Software\RegisteredApplications] [HKLM\Software\SRS Labs] [HKLM\Software\sysinternals] [HKLM\Software\UIU] [HKLM\Software\USB2800] [HKLM\Software\WOW6432Node] [HKLM\Software\Microsoft\Windows\ClickNote] [HKLM\Software\Microsoft\Windows\CurrentVersion] [HKLM\Software\Microsoft\Windows\Dwm] [HKLM\Software\Microsoft\Windows\DynamicManagement] [HKLM\Software\Microsoft\Windows\EnterpriseResourceManager] [HKLM\Software\Microsoft\Windows\Heat] [HKLM\Software\Microsoft\Windows\HTML Help] [HKLM\Software\Microsoft\Windows\ITStorage] [HKLM\Software\Microsoft\Windows\ScheduledDiagnostics] [HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\Microsoft\Windows\Shell] [HKLM\Software\Microsoft\Windows\Tablet PC] [HKLM\Software\Microsoft\Windows\TabletPC] [HKLM\Software\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\Microsoft\Windows\Windows Search] [HKLM\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\BcastDVRUserService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\btagservice] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\BthAppGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\Camera] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\DevicesFlow] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\diagnostics] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\GraphicsPerfSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ICService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceHttp] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestrictedDhcpLmHosts] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetworkFirewall] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceDnsNla] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\print] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\PrintWorkflow] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\rdxgroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\RmSvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\UnistackSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\WepHostSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wsappx] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wusvcs] [HKLM\Software\WOW6432Node\Adobe] [HKLM\Software\WOW6432Node\Apple Inc.] [HKLM\Software\WOW6432Node\Avast] [HKLM\Software\WOW6432Node\AVAST Software] [HKLM\Software\WOW6432Node\Canneverbe Limited] [HKLM\Software\WOW6432Node\Combined-Community-Codec-Pack] [HKLM\Software\WOW6432Node\Google] [HKLM\Software\WOW6432Node\HaaliMkx] [HKLM\Software\WOW6432Node\HiVision Multimedia] [HKLM\Software\WOW6432Node\Intel] [HKLM\Software\WOW6432Node\JavaSoft] [HKLM\Software\WOW6432Node\JreMetrics] [HKLM\Software\WOW6432Node\Khronos] [HKLM\Software\WOW6432Node\Macromedia] [HKLM\Software\WOW6432Node\MAGIX] [HKLM\Software\WOW6432Node\Microsoft] [HKLM\Software\WOW6432Node\Mozilla] [HKLM\Software\WOW6432Node\mozilla.org] [HKLM\Software\WOW6432Node\MozillaPlugins] [HKLM\Software\WOW6432Node\NVIDIA Corporation] [HKLM\Software\WOW6432Node\ODBC] [HKLM\Software\WOW6432Node\OpenOffice] [HKLM\Software\WOW6432Node\Oracle] [HKLM\Software\WOW6432Node\Piriform] [HKLM\Software\WOW6432Node\simplitec] [HKLM\Software\WOW6432Node\SlimWare Utilities Inc] [HKLM\Software\WOW6432Node\USB2800] [HKLM\Software\WOW6432Node\WOW6432Node] [HKLM\Software\WOW6432Node\Yahoo] [HKLM\Software\WOW6432Node\Clients] [HKLM\Software\WOW6432Node\Policies] [HKLM\Software\WOW6432Node\RegisteredApplications] [HKLM\Software\WOW6432Node\Microsoft\Windows\ClickNote] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows\Dwm] [HKLM\Software\WOW6432Node\Microsoft\Windows\EnterpriseResourceManager] [HKLM\Software\WOW6432Node\Microsoft\Windows\Heat] [HKLM\Software\WOW6432Node\Microsoft\Windows\HTML Help] [HKLM\Software\WOW6432Node\Microsoft\Windows\ITStorage] [HKLM\Software\WOW6432Node\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\WOW6432Node\Microsoft\Windows\Tablet PC] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Search] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceHttp] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestrictedDhcpLmHosts] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetworkFirewall] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceDnsNla] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\PrintWorkflow] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\wusvcs] ---------- | Drives ---------- | C: [18/03/2017 23:03:28] - |SHD| - [137649013] - C:\$Recycle.Bin [29/07/2017 09:50:28] - |D| - [33609557] - C:\AdwCleaner [MD5.A83ADADB310E8370E382469507594069] - [24/06/2017 12:32:21] - |A| - (.-.) - [789] - (0.0.0.0) - C:\bdlog.txt [22/06/2017 12:26:55] - |SHD| - [0] - C:\Documents and Settings [22/06/2017 15:47:04] - |D| - [586913214] - C:\EBP [MD5.D41D8CD98F00B204E9800998ECF8427E] - [05/06/2018 16:43:30] - |ASH| - (.-.) - [1687937024] - (0.0.0.0) - C:\hiberfil.sys [22/06/2017 15:17:18] - |D| - [473538] - C:\Intel [MD5.D41D8CD98F00B204E9800998ECF8427E] - [22/06/2017 12:19:47] - |ASH| - (.-.) - [738197504] - (0.0.0.0) - C:\pagefile.sys [12/04/2018 01:38:20] - |D| - [0] - C:\PerfLogs [12/04/2018 01:38:20] - |RD| - [6268547745] - C:\Program Files [12/04/2018 01:38:20] - |RD| - [3728702603] - C:\Program Files (x86) [12/04/2018 01:38:20] - |HD| - [3791912876] - C:\ProgramData [17/07/2019 12:30:01] - |D| - [68685] - C:\QuickDiag [MD5.1551CDC43BAC0EE677A2AA51D17C624D] - [17/07/2019 12:30:15] - |A| - (.-.) - [177590] - (0.0.0.0) - C:\QuickDiag.txt [05/06/2018 17:09:19] - |SHD| - [0] - C:\Recovery [MD5.D41D8CD98F00B204E9800998ECF8427E] - [22/06/2017 12:19:49] - |ASH| - (.-.) - [268435456] - (0.0.0.0) - C:\swapfile.sys [22/06/2017 12:19:46] - |SHD| - [0] - C:\System Volume Information [11/04/2018 23:04:33] - |RD| - [235964951922] - C:\Users [11/04/2018 23:04:33] - |D| - [28457400368] - C:\Windows ---------- | C:\WINDOWS [12/04/2018 01:38:20] - |D| - [802] - C:\WINDOWS\addins [12/04/2018 01:38:20] - |D| - [12558037] - C:\WINDOWS\appcompat [12/04/2018 01:38:20] - |D| - [8331488] - C:\WINDOWS\apppatch [12/04/2018 01:38:20] - |D| - [0] - C:\WINDOWS\AppReadiness [12/04/2018 01:38:20] - |RD| - [466949506] - C:\WINDOWS\assembly [12/04/2018 01:38:20] - |D| - [720353] - C:\WINDOWS\bcastdvr [MD5.178BA90AA13F6F834E5C060DC923FB55] - [12/04/2018 01:34:02] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Utilitaire de service de fichier de démarrage.) - [67072] - (10.0.17134.1) - C:\WINDOWS\bfsvc.exe [12/04/2018 01:38:20] - |D| - [38317662] - C:\WINDOWS\Boot [MD5.A3B9B4EFD4DB5528F6325AC4281CDB94] - [05/06/2018 17:21:03] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\WINDOWS\bootstat.dat [12/04/2018 01:38:21] - |D| - [2448984] - C:\WINDOWS\Branding [MD5.9130CCE19B5DB3D2E31F9F789263FC4A] - [22/06/2017 16:41:36] - |A| - (.Copyright (c) 1999-2006 Microsoft Corporation - CAPICOM Module.) - [511328] - (2.1.0.2) - C:\WINDOWS\capicom.dll [12/04/2018 01:30:02] - |D| - [42939044] - C:\WINDOWS\CbsTemp [22/06/2017 15:23:12] - |D| - [54486161] - C:\WINDOWS\Cnxt [MD5.A155FFABF2F04265A97274CCAB44D773] - [12/04/2018 18:23:39] - |A| - (.-.) - [35138] - (0.0.0.0) - C:\WINDOWS\Core.xml [12/04/2018 01:38:21] - |D| - [11482410] - C:\WINDOWS\Cursors [12/04/2018 01:38:21] - |D| - [28618778] - C:\WINDOWS\debug [MD5.99F5D5BBD351694638DF3C0CC4A919A3] - [05/06/2018 17:06:10] - |A| - (.-.) - [7623] - (0.0.0.0) - C:\WINDOWS\diagerr.xml [12/04/2018 01:38:21] - |D| - [4607251] - C:\WINDOWS\diagnostics [MD5.99F5D5BBD351694638DF3C0CC4A919A3] - [05/06/2018 17:06:10] - |A| - (.-.) - [7623] - (0.0.0.0) - C:\WINDOWS\diagwrn.xml [12/04/2018 18:18:37] - |D| - [0] - C:\WINDOWS\DigitalLocker [12/04/2018 01:38:21] - |SD| - [65] - C:\WINDOWS\Downloaded Program Files [12/04/2018 01:38:21] - |HD| - [60104] - C:\WINDOWS\ELAMBKUP [MD5.030BED8976DD3D3D5BDED63A679E0FF7] - [20/06/2012 10:27:06] - |A| - (.Copyright (C) eMPIA Technology, Inc. 2002-2006 - BDA Monitor Application.) - [85504] - (5.7.1107.0) - C:\WINDOWS\emMON.exe [12/04/2018 18:18:37] - |D| - [0] - C:\WINDOWS\en-US [MD5.C8FB56B60458B09C1CAEBD4DAF1AC8BB] - [10/04/2019 17:53:51] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [3933296] - (10.0.17134.677) - C:\WINDOWS\explorer.exe [12/04/2018 01:38:21] - |RSD| - [377007866] - C:\WINDOWS\Fonts [12/04/2018 18:18:37] - |D| - [109568] - C:\WINDOWS\fr-FR [12/04/2018 01:38:21] - |D| - [0] - C:\WINDOWS\GameBarPresenceWriter [12/04/2018 01:38:21] - |D| - [47867303] - C:\WINDOWS\Globalization [12/04/2018 01:38:21] - |D| - [71367505] - C:\WINDOWS\Help [MD5.30D302335B017DC3B53519BD9E33D763] - [24/02/2019 16:47:12] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Aide et support Microsoft.) - [1054720] - (10.0.17134.556) - C:\WINDOWS\HelpPane.exe [MD5.A50C9DF7603E2F1AEA6B54053794A326] - [12/04/2018 01:34:25] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Exécutable de l’aide HTML Microsoft®.) - [17920] - (10.0.17134.1) - C:\WINDOWS\hh.exe [12/04/2018 01:38:21] - |D| - [29869] - C:\WINDOWS\IdentityCRL [12/04/2018 01:38:21] - |D| - [28827030] - C:\WINDOWS\IME [12/04/2018 01:38:21] - |RD| - [8489793] - C:\WINDOWS\ImmersiveControlPanel [12/04/2018 01:36:48] - |D| - [69110123] - C:\WINDOWS\INF [12/04/2018 01:38:21] - |D| - [1392019087] - C:\WINDOWS\InfusedApps [12/04/2018 01:38:21] - |D| - [38137502] - C:\WINDOWS\InputMethod [12/04/2018 01:38:21] - |SHDC| - [1689864012] - C:\WINDOWS\Installer [12/04/2018 01:38:21] - |D| - [94163] - C:\WINDOWS\L2Schemas [12/04/2018 01:38:21] - |HD| - [0] - C:\WINDOWS\LanguageOverlayCache [23/06/2019 17:43:09] - |D| - [481768] - C:\WINDOWS\LastGood [23/06/2019 15:19:44] - |D| - [359161006] - C:\WINDOWS\LastGood.Tmp [12/04/2018 01:38:21] - |D| - [0] - C:\WINDOWS\LiveKernelReports [11/04/2018 23:04:39] - |D| - [8363389] - C:\WINDOWS\Logs [12/04/2018 01:38:21] - |RSD| - [20486563] - C:\WINDOWS\media [MD5.23AF90D2355D8C83AA4567EF1763B467] - [12/04/2018 01:34:36] - |A| - (.-.) - [43131] - (0.0.0.0) - C:\WINDOWS\mib.bin [12/04/2018 01:38:20] - |RD| - [608393172] - C:\WINDOWS\Microsoft.NET [12/04/2018 01:38:21] - |D| - [3135] - C:\WINDOWS\Migration [12/04/2018 01:38:21] - |D| - [0] - C:\WINDOWS\ModemLogs [MD5.BB9A06B8F2DD9D24C77F389D7B2B58D2] - [12/04/2018 01:34:20] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Bloc-notes.) - [245760] - (10.0.17134.1) - C:\WINDOWS\notepad.exe [MD5.74F28574BB8F61FFC7DD419FE6B6E0D5] - [22/06/2017 15:20:49] - |A| - (.-.) - [1951] - (0.0.0.0) - C:\WINDOWS\NvContainerRecovery.bat [12/04/2018 18:22:25] - |D| - [199472] - C:\WINDOWS\OCR [12/04/2018 01:38:21] - |RD| - [65] - C:\WINDOWS\Offline Web Pages [24/05/2018 14:23:17] - |DC| - [222545734] - C:\WINDOWS\Panther [12/04/2018 01:38:21] - |D| - [461854] - C:\WINDOWS\Performance [MD5.8893F5CBE2FFCFEF439122BD3B99BC6A] - [18/12/2017 18:48:09] - |A| - (.-.) - [252146] - (0.0.0.0) - C:\WINDOWS\PFRO.log [12/04/2018 01:38:21] - |D| - [1136442] - C:\WINDOWS\PLA [12/04/2018 01:38:21] - |D| - [2822167] - C:\WINDOWS\PolicyDefinitions [05/06/2018 16:30:21] - |D| - [21287047] - C:\WINDOWS\Prefetch [12/04/2018 01:38:21] - |RD| - [1965018] - C:\WINDOWS\PrintDialog [12/04/2018 01:38:21] - |D| - [5479518] - C:\WINDOWS\Provisioning [MD5.AC91328EE5CFFBD695CE912F75F876F6] - [12/04/2018 01:34:34] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Éditeur du Registre.) - [336384] - (10.0.17134.1) - C:\WINDOWS\regedit.exe [12/04/2018 01:38:21] - |D| - [1117876] - C:\WINDOWS\registration [12/04/2018 01:38:21] - |D| - [24272560] - C:\WINDOWS\rescache [12/04/2018 01:38:21] - |D| - [3883941] - C:\WINDOWS\Resources [12/04/2018 01:38:21] - |D| - [0] - C:\WINDOWS\SchCache [12/04/2018 01:38:21] - |D| - [122082] - C:\WINDOWS\schemas [12/04/2018 01:38:21] - |D| - [3948774] - C:\WINDOWS\security [05/06/2018 17:20:20] - |D| - [62182483] - C:\WINDOWS\ServiceProfiles [12/04/2018 01:38:21] - |D| - [0] - C:\WINDOWS\ServiceState [11/04/2018 23:04:33] - |D| - [222427891] - C:\WINDOWS\servicing [12/04/2018 01:41:20] - |D| - [42] - C:\WINDOWS\Setup [MD5.7839ADB8CA8AD83F4B8C6EFC44DE9F1C] - [15/07/2019 12:48:21] - |A| - (.-.) - [918] - (0.0.0.0) - C:\WINDOWS\setupact.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - [15/07/2019 12:48:21] - |A| - (.-.) - [0] - (0.0.0.0) - C:\WINDOWS\setuperr.log [12/04/2018 01:38:21] - |D| - [6443008] - C:\WINDOWS\ShellComponents [12/04/2018 01:38:21] - |D| - [53634048] - C:\WINDOWS\ShellExperiences [12/04/2018 18:19:39] - |D| - [3070736] - C:\WINDOWS\SKB [22/06/2017 12:29:29] - |D| - [1234158430] - C:\WINDOWS\SoftwareDistribution [12/04/2018 01:38:21] - |D| - [86037185] - C:\WINDOWS\Speech [12/04/2018 01:38:21] - |D| - [63476142] - C:\WINDOWS\Speech_OneCore [MD5.8D59B31FF375059E3C32B17BF31A76D5] - [12/04/2018 01:34:41] - |A| - (.© Microsoft Corporation. - Print driver host for applications.) - [130560] - (10.0.17134.1) - C:\WINDOWS\splwow64.exe [12/04/2018 01:38:21] - |D| - [31039] - C:\WINDOWS\System [MD5.286A9EDB379DC3423A528B0864A0F111] - [18/03/2017 23:03:33] - |A| - (.-.) - [219] - (0.0.0.0) - C:\WINDOWS\system.ini [11/04/2018 23:04:33] - |D| - [7517812514] - C:\WINDOWS\System32 [12/04/2018 01:38:21] - |D| - [225352970] - C:\WINDOWS\SystemApps [12/04/2018 01:38:21] - |D| - [25702345] - C:\WINDOWS\SystemResources [11/04/2018 23:04:41] - |D| - [1520798437] - C:\WINDOWS\SysWOW64 [12/04/2018 01:38:21] - |D| - [0] - C:\WINDOWS\TAPI [18/03/2017 23:03:29] - |D| - [528] - C:\WINDOWS\Tasks [12/04/2018 01:38:21] - |D| - [4752932] - C:\WINDOWS\Temp [12/04/2018 01:38:21] - |D| - [13610496] - C:\WINDOWS\TextInput [12/04/2018 01:38:21] - |D| - [0] - C:\WINDOWS\tracing [12/04/2018 01:38:21] - |D| - [7680] - C:\WINDOWS\twain_32 [MD5.076387B253E6A381090F59EDBFC5EEF6] - [12/04/2018 01:34:53] - |A| - (.- Gestionnaire de sources Twain_32 (Image Acquisition Interface).) - [65536] - (1.7.1.3) - C:\WINDOWS\twain_32.dll [12/04/2018 01:38:21] - |D| - [12420] - C:\WINDOWS\Vss [11/04/2018 23:04:37] - |D| - [25818] - C:\WINDOWS\WaaS [12/04/2018 01:38:21] - |D| - [15729830] - C:\WINDOWS\Web [MD5.23CF8138F49416231807E6DE371FB9E6] - [18/03/2017 23:03:33] - |A| - (.-.) - [92] - (0.0.0.0) - C:\WINDOWS\win.ini [MD5.C844CA459F3B209329984772269B6E56] - [12/04/2018 01:34:36] - |RAH| - (.-.) - [670] - (0.0.0.0) - C:\WINDOWS\WindowsShell.Manifest [MD5.2CC83D93DD1DDE691158CF5E9882420B] - [18/06/2019 16:20:00] - |A| - (.-.) - [276] - (0.0.0.0) - C:\WINDOWS\WindowsUpdate.log [MD5.EE1F0DE1ED3E8A5BF080B3497049969E] - [12/04/2018 01:34:52] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Relais Windows Winhlp32.) - [11776] - (10.0.17134.1) - C:\WINDOWS\winhlp32.exe [11/04/2018 23:04:33] - |D| - [11715595028] - C:\WINDOWS\WinSxS [MD5.E7E4D8D7340DA6934B9EA81CBB21374C] - [12/04/2018 01:33:56] - |A| - (.-.) - [316640] - (0.0.0.0) - C:\WINDOWS\WMSysPr9.prx [MD5.5266C61652051E9EF3A4D199001F6B17] - [12/04/2018 01:34:19] - |A| - (.© Microsoft Corporation. - Windows Write.) - [11264] - (10.0.17134.1) - C:\WINDOWS\write.exe ---------- | C:\WINDOWS\System32\GroupPolicy ---------- | Systemroot\System ---------- | Systemroot\Installer (Microsoft Files Whitelisted) [08/08/2017 10:01:05] - C:\WINDOWS\Installer\278df3c9.msi : (Java SE Runtime Environment 8 Update 144 - Oracle Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/03/2015 10:41:29] - C:\WINDOWS\Installer\3050a6.msi : ( - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [29/09/2016 19:11:18] - C:\WINDOWS\Installer\3050b2.msi : (OpenOffice 4.1.3 - OpenOffice) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/05/2019 22:15:58] - C:\WINDOWS\Installer\336f3213.msi : (Looks for updates for your computer's software and drivers to improve performance. - AVAST Software) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [16/05/2019 08:22:52] - C:\WINDOWS\Installer\3bd817de.msi : (Google Update Helper - Google LLC) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [13/10/2017 10:35:42] - C:\WINDOWS\Installer\3ebc5c44.msi : (Apple Mobile Device Support Installer - Apple Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [18/03/2019 12:04:24] - C:\WINDOWS\Installer\4f3c285.msi : (Java SE Runtime Environment 8 Update 201 - Oracle Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [18/03/2019 12:06:26] - C:\WINDOWS\Installer\4f3c28e.msi : (Java Auto Updater - Oracle Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [04/04/2018 10:03:43] - C:\WINDOWS\Installer\6a428019.msi : (Avast Update Helper - AVAST Software) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [22/02/2019 10:14:14] - C:\WINDOWS\Installer\6bbaf104.msi : (Adobe ARM Installer - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [24/10/2018 19:57:49] - C:\WINDOWS\Installer\82a802.msi : (Java SE Runtime Environment 8 Update 191 - Oracle Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2018 10:44:12] - C:\WINDOWS\Installer\8efd55.msi : (Apple Application Support Installer - Apple Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2018 10:44:14] - C:\WINDOWS\Installer\8f01d5.msi : (Apple Application Support Installer - Apple Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/07/2018 03:48:04] - C:\WINDOWS\Installer\8f03c7.msi : (Apple Software Update Installer - Apple Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [01/03/2018 14:02:42] - C:\WINDOWS\Installer\8f03cb.msi : ([ProductName] Installer - Apple Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [19/10/2016 14:46:20] - C:\WINDOWS\Installer\9803b31.msi : (GemPcCCID Version 2.0.7 - Gemalto) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [22/10/2012 14:36:25] - C:\WINDOWS\Installer\a3eeec3.msi : (simplitec simplicheck - v1.3.10.0 - simplitec GmbH) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [12/09/2013 11:22:17] - C:\WINDOWS\Installer\a3eeec7.msi : (MAGIX Speed burnR (MSI) - v7.0.1.27 (fr-FR) - MAGIX AG) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [16/09/2013 12:42:53] - C:\WINDOWS\Installer\a3eeed5.msi : (MAGIX Video easy Rescue Your Videotapes! - v5.0.1.104 (en-II) - MAGIX AG) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [19/06/2019 17:32:45] - C:\WINDOWS\Installer\a3eeed9.msi : (MAGIX USB-Videowandler 2 - MAGIX) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [11/07/2017 06:57:12] - [1732608] - (.().-. - ()) - C:\WINDOWS\Installer\118f8fa.msp [12/05/2018 08:05:37] - [7094272] - (.().-. - ()) - C:\WINDOWS\Installer\124396.msp [13/11/2017 06:26:16] - [23506944] - (.().-. - ()) - C:\WINDOWS\Installer\127f030.msp [13/06/2019 14:38:00] - [2260992] - (.().-. - ()) - C:\WINDOWS\Installer\19a80426.msp [23/02/2018 15:25:19] - [1343488] - (.().-. - ()) - C:\WINDOWS\Installer\24267e85.msp [18/09/2018 10:10:59] - [4706304] - (.().-. - ()) - C:\WINDOWS\Installer\26e89ee5.msp [23/12/2016 21:39:56] - [75468800] - (.().-. - ()) - C:\WINDOWS\Installer\3050a7.msp [13/05/2019 08:57:34] - [59400192] - (.().-. - ()) - C:\WINDOWS\Installer\41f2416b.msp [28/08/2017 18:40:46] - [2424832] - (.().-. - ()) - C:\WINDOWS\Installer\4a2cca48.msp [10/04/2017 07:34:47] - [92508160] - (.().-. - ()) - C:\WINDOWS\Installer\52555ce.msp [29/11/2017 12:42:28] - [1355776] - (.().-. - ()) - C:\WINDOWS\Installer\5390f685.msp [13/11/2018 06:24:12] - [3485696] - (.().-. - ()) - C:\WINDOWS\Installer\56715d61.msp [03/01/2019 11:17:04] - [1720320] - (.().-. - ()) - C:\WINDOWS\Installer\5b5a4aa8.msp [09/07/2018 07:47:48] - [27000832] - (.().-. - ()) - C:\WINDOWS\Installer\80f4d4f6.msp [13/08/2018 08:19:45] - [1441792] - (.().-. - ()) - C:\WINDOWS\Installer\a1ee54f.msp [08/10/2018 13:11:44] - [2174976] - (.().-. - ()) - C:\WINDOWS\Installer\a891be41.msp [08/04/2019 08:22:42] - [7155712] - (.().-. - ()) - C:\WINDOWS\Installer\aaca14d.msp [22/10/2018 15:33:19] - [2584576] - (.().-. - ()) - C:\WINDOWS\Installer\c6d1cf59.msp [10/12/2018 08:52:51] - [44044288] - (.().-. - ()) - C:\WINDOWS\Installer\e99aa4a.msp ---------- | %System%\*.in* [12/04/2018 01:33:56] - [3329] - C:\WINDOWS\System32\ieuinit.inf [05/06/2018 16:51:51] - [1677054] - C:\WINDOWS\System32\PerfStringBackup.INI [12/04/2018 01:34:33] - [60124] - C:\WINDOWS\System32\tcpmon.ini [12/04/2018 01:34:20] - [2404] - C:\WINDOWS\System32\WimBootCompress.ini [12/04/2018 01:34:00] - [3329] - C:\WINDOWS\Syswow64\ieuinit.inf [12/04/2018 01:34:49] - [2404] - C:\WINDOWS\Syswow64\WimBootCompress.ini ---------- | Listing no Microsoft signed files (Not necessary Malwares) | system32 | Syswow64 | General scan [MD5.1BC066B3EE0BBF97A5D6660F45E570F8] - |AT| - [12/07/2019 15:13:56] - (.-.) - [10.82 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\APPX.1a9v7q7acfy4pfq2ntzphz2if.tmp [MD5.5F41B317E49238900F3601566405066C] - |AT| - [12/07/2019 15:13:56] - (.-.) - [22.74 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\APPX.4qe_g0dqnfw_kc4rxnxg5sa1b.tmp [MD5.3D96BE218D416F454526A915CF74D70C] - |AT| - [12/07/2019 15:14:00] - (.-.) - [10.82 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\APPX.5hy045ssuf2k9pxwbf9usimgf.tmp [MD5.448E5FA7A9766F889EE26468FFB51F3E] - |AT| - [12/07/2019 15:13:56] - (.-.) - [133.98 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\APPX.d68r54jq6bxkxuran9282s00f.tmp [MD5.D87E83CD865D71F919E5F24BBBCCF010] - |AT| - [12/07/2019 15:14:00] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\APPX.ewykyc5sub0rdy4iifv151j3.tmp [MD5.AA60AB375A0C140770BED0599BC91986] - |AT| - [12/07/2019 15:14:00] - (.-.) - [4.3 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\APPX.iovxy9f4_qgi524hzolwf9yt.tmp [MD5.96AFE767B233E2D3271CFD941F6D122D] - |AT| - [12/07/2019 15:14:00] - (.-.) - [11.83 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\APPX.sool1p953k_q0nifq13irrhob.tmp [MD5.C6AA5470A1FDCA8C6DDE551123A76CCC] - |AT| - [12/07/2019 15:13:56] - (.-.) - [450.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\APPX.v5f9n5t6y19jh3m09qd_vxadg.tmp [MD5.00000000000000000000000000000000] - |D| - [17/06/2019 17:49:48] - [0 Ko] - C:\WINDOWS\Temp\avast_ash2 [MD5.7F754D25F4BE2689D92A7BFF1C8BA8C7] - |A| - [15/07/2019 22:20:24] - (.-.) - [25.55 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\battery-report.html [MD5.156E4676968659C93B0D7B1F03000152] - |A| - [15/07/2019 22:20:20] - (.-.) - [7.43 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\battery-report.xml [MD5.2BC918A7CFC439404126534D69DAC5B4] - |A| - [17/07/2019 12:32:27] - (.-.) - [2.18 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\chrome_installer.log [MD5.00000000000000000000000000000000] - |D| - [17/07/2019 12:32:28] - [0.04 Ko] - C:\WINDOWS\Temp\Crashpad [MD5.00000000000000000000000000000000] - |D| - [17/07/2019 12:32:23] - [4135.34 Ko] - C:\WINDOWS\Temp\CR_4F24F.tmp [MD5.00000000000000000000000000000000] - |D| - [23/06/2019 17:43:28] - [1.75 Ko] - C:\WINDOWS\Temp\HP [MD5.00000000000000000000000000000000] - |D| - [18/06/2019 03:49:12] - [20 Ko] - C:\WINDOWS\Temp\NVIDIA Corporation [MD5.00000000000000000000000000000000] - |D| - [05/06/2018 16:44:56] - [0 Ko] - C:\WINDOWS\Temp\_avast_ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:18:38] - [0 Ko] - C:\WINDOWS\System32\0409 [MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [12/04/2018 01:34:20] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@AudioToastIcon.png [MD5.8E4B25CC8E98F63DBD54176DFAB539E0] - |A| - [12/04/2018 01:34:07] - (.-.) - [0.44 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@BackgroundAccessToastIcon.png [MD5.3937359E324E15F6A7A7092D4DAEBD64] - |A| - [12/04/2018 01:34:25] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@bitlockertoastimage.png [MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [12/04/2018 01:34:14] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@EnrollmentToastIcon.png [MD5.C2A332DE50FE519DA21AFB8BD6E134F4] - |A| - [12/04/2018 01:34:27] - (.-.) - [0.55 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@language_notification_icon.png [MD5.A119D69B4C29845D3F8CE2E5638C8E65] - |A| - [12/04/2018 01:34:32] - (.-.) - [0.47 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@optionalfeatures.png [MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [12/04/2018 01:34:33] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@VpnToastIcon.png [MD5.7AC3EA1A5175106ED6467FF0C5315541] - |A| - [12/04/2018 01:34:44] - (.-.) - [14.75 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WiFiNotificationIcon.png [MD5.79166EAF65485F1432DD72B72870026B] - |A| - [12/04/2018 01:34:04] - (.-.) - [190.86 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@windows-hello-V4.1.gif [MD5.13EF2C8D799F7B6E9D8E3D6BACB9C779] - |A| - [12/04/2018 01:34:04] - (.-.) - [0.7 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsHelloFaceToastIcon.png [MD5.F553B252FEC3134D4F5303D9B25298B3] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsUpdateToastIcon.contrast-black.png [MD5.DAD405CBDE259DE527EBF71BCC28099C] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.79 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsUpdateToastIcon.contrast-white.png [MD5.F553B252FEC3134D4F5303D9B25298B3] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsUpdateToastIcon.png [MD5.DB71001FC261F6685BE410527DAE3942] - |A| - [12/04/2018 01:34:20] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WirelessDisplayToast.png [MD5.D0FCF781D0801ABF5F74B54E98076A5B] - |A| - [12/04/2018 01:34:12] - (.-.) - [0.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WwanNotificationIcon.png [MD5.85D91E478AF18125007C531227FF6E59] - |A| - [12/04/2018 01:34:12] - (.-.) - [0.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WwanSimLockIcon.png [MD5.00000000000000000000000000000000] - |D| - [11/04/2018 23:04:39] - [2891.9 Ko] - C:\WINDOWS\System32\AdvancedInstallers [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\System32\af-ZA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [27.97 Ko] - C:\WINDOWS\System32\am-et [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\System32\AppLocker [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [2686.05 Ko] - C:\WINDOWS\System32\appraiser [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [345.5 Ko] - C:\WINDOWS\System32\ar-SA [MD5.B4F803BBEAFAD4DE89C6D3718E93F4F0] - |A| - [12/04/2018 01:34:15] - (.Copyright (c) libarchive authors - Windows-internal libarchive library.) - [602 Ko] - (3.3.2.0) - C:\WINDOWS\System32\archiveint.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30.5 Ko] - C:\WINDOWS\System32\as-IN [MD5.29105436455898F7866D8FF4D1CC79F5] - |A| - [07/07/2019 22:07:43] - (.Copyright (c) 2019 AVAST Software - Avast start-up scanner.) - [354.88 Ko] - (19.5.4444.0) - C:\WINDOWS\System32\aswBoot.exe [MD5.C03F0062C0749CDB59A4D60862C3E83E] - |A| - [12/04/2018 01:34:04] - (.-.) - [134.86 Ko] - (0.0.0.0) - C:\WINDOWS\System32\AverageRoom.bin [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\System32\az-Latn-AZ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\System32\be-BY [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [345.5 Ko] - C:\WINDOWS\System32\bg-BG [MD5.705628497C0012302212A46ADD463E6E] - |A| - [12/04/2018 01:34:02] - (.-.) - [8.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.contrast-black.png [MD5.F63C615733A3337BF2BEA96C6EE9B568] - |A| - [12/04/2018 01:34:02] - (.-.) - [8.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.contrast-high.png [MD5.705628497C0012302212A46ADD463E6E] - |A| - [12/04/2018 01:34:02] - (.-.) - [8.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.contrast-white.png [MD5.DAF1DCB4AEE839A1965F4CC160C49A53] - |A| - [12/04/2018 01:34:02] - (.-.) - [8.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.png [MD5.28ECA83D7F9D10D69E969675D1FF6725] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.29 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothSystemToastIcon.contrast-white.png [MD5.A620186FF1CDE4EE117FC4CAD648B9CC] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.2 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\System32\bn-BD [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\System32\bn-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [4836.9 Ko] - C:\WINDOWS\System32\Boot [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\System32\bs-Latn-BA [MD5.BDD249D9FA40B81ED70224FBA3502877] - |A| - [27/07/2015 04:04:48] - (.Qualcomm Atheros Communications Inc. - Qualcomm Atheros Bluetooth Driver Coinstaller.) - [211.62 Ko] - (1.0.0.0) - C:\WINDOWS\System32\btcoinst.dll [MD5.D970D0B41F5A199732BC125A8B460E25] - |A| - [27/07/2015 04:04:48] - (.© Qualcomm Atheros, Inc. - Atheros Bluetooth Module.) - [212.62 Ko] - (8.0.1.302) - C:\WINDOWS\System32\BtContextMenu.dll [MD5.1F1E974C66981B0DCA8F172C4E578EFC] - |A| - [27/07/2015 04:04:48] - (.© Qualcomm Atheros, Inc. - Atheros Bluetooth Module.) - [45.12 Ko] - (8.0.1.302) - C:\WINDOWS\System32\BtContextMenu.dll.muien-US [MD5.06DB0A736F8A78151518276F232669FC] - |A| - [12/04/2018 01:34:19] - (.Copyright (C) 2008 - Gestionnaire de contexte pour réseau personnel Bluetooth.) - [181 Ko] - (1.0.0.1) - C:\WINDOWS\System32\BthpanContextHandler.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0.1 Ko] - C:\WINDOWS\System32\Bthprops [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30.5 Ko] - C:\WINDOWS\System32\ca-ES [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [31 Ko] - C:\WINDOWS\System32\ca-ES-valencia [MD5.00000000000000000000000000000000] - |D| - [11/04/2018 23:04:33] - [105685.96 Ko] - C:\WINDOWS\System32\CatRoot [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [61018.17 Ko] - C:\WINDOWS\System32\catroot2 [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [23 Ko] - C:\WINDOWS\System32\chr-CHER-US [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [3286.34 Ko] - C:\WINDOWS\System32\CodeIntegrity [MD5.64430E214B5B229D426D2D35538C402D] - |A| - [01/12/2016 23:20:22] - (.-.) - [366.38 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ColorImageEnhancement.wmv [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [368 Ko] - C:\WINDOWS\System32\com [MD5.535884123FABC2C15AA7DEC9834B55D4] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ComputerToastIcon.contrast-white.png [MD5.89F92266DFC6F93961DFFBB2D6C61A15] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.38 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ComputerToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [11/04/2018 23:04:33] - [383245.05 Ko] - C:\WINDOWS\System32\config [MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 01:38:21] - [53.11 Ko] - C:\WINDOWS\System32\Configuration [MD5.82DF5576BDD96CE8DF5A06C0571EA463] - |A| - [01/12/2016 23:20:22] - (.-.) - [499.28 Ko] - (0.0.0.0) - C:\WINDOWS\System32\cp_resources.bin [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [403.5 Ko] - C:\WINDOWS\System32\cs-CZ [MD5.BDEBD2FC4927DA00EEA263AF9CF8F7ED] - |A| - [12/04/2018 01:34:15] - (.© 1996 - 2017 Daniel Stenberg, . - The curl executable.) - [414.5 Ko] - (7.55.1.0) - C:\WINDOWS\System32\curl.exe [MD5.58A51645E11E64133A0085F313116164] - |A| - [20/03/2017 14:26:52] - (.Conexant Systems Inc. - Conexant Audio Processing Objects.) - [1010.08 Ko] - (4.81.22.0) - C:\WINDOWS\System32\CX64BP22.dll [MD5.5FCABDE89AC62A8818C803646FCEE23E] - |A| - [22/06/2017 15:22:20] - (.© Conexant Systems Inc. - Conexant Audio Message Service.) - [220.21 Ko] - (1.16.0.0) - C:\WINDOWS\System32\CxAudMsg64.exe [MD5.2373C94C040B83D6592C11E24CA32D09] - |A| - [20/03/2017 14:26:54] - (.Conexant Systems Inc. - Conexant PageMaster.) - [58.78 Ko] - (1.1.0.0) - C:\WINDOWS\System32\CxPageMaster64.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [31.5 Ko] - C:\WINDOWS\System32\cy-GB [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [399 Ko] - C:\WINDOWS\System32\da-DK [MD5.48E51DAA9278C41213957795D439A274] - |A| - [19/11/2018 16:02:55] - (.-.) - [138 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DataStoreCacheDumpTool.exe [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [217.6 Ko] - C:\WINDOWS\System32\DDFs [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [453 Ko] - C:\WINDOWS\System32\de-DE [MD5.C04ED7B2794D40E8E777FD44ED44FC50] - |A| - [12/04/2018 01:34:06] - (.-.) - [0.36 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultAccountTile.png [MD5.618BA9E529EAB7E11DBA43469481835F] - |A| - [12/04/2018 01:34:04] - (.-.) - [4128.04 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultHrtfs.bin [MD5.664AA698FC0106A2B075A641E8DC6302] - |A| - [12/04/2018 01:38:27] - (.-.) - [0.84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultQuestions.json [MD5.851A9305E14B348CA0D9C7FB75391FDB] - |A| - [19/11/2018 16:04:22] - (.-.) - [272.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DesktopKeepOnToastImg.gif [MD5.4A6FA3C0EFD237F104E09A22883D9388] - |A| - [12/04/2018 01:34:17] - (.-.) - [3.85 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DetailedReading-Default.xml [MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 01:38:21] - [946 Ko] - C:\WINDOWS\System32\DiagSvcs [MD5.12ACC91FA93C8BF82D4EF3FB779ECEF8] - |A| - [12/04/2018 01:34:24] - (.-.) - [80.27 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DiskSnapshot.conf [MD5.00000000000000000000000000000000] - |D| - [11/04/2018 23:04:37] - [9781.27 Ko] - C:\WINDOWS\System32\Dism [MD5.254D1F4D191CE37B4A0FE4E042AF59F6] - |A| - [05/05/2019 22:48:38] - (.-.) - [811.4 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DisplayAudiox64.cab [MD5.6AB2B935BF38EB13CFCB9506223FD6E7] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DisplaySystemToastIcon.contrast-white.png [MD5.FF004E0B30E5E4EC747B3D8EF6E3B89E] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DisplaySystemToastIcon.png [MD5.60E6C68CB0B797EDD0386A68526935A4] - |A| - [01/12/2016 23:20:22] - (.-.) - [0.91 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DPTopologyApp.exe.config [MD5.899E708E589C09700BFF1C73CB7D7002] - |A| - [01/12/2016 23:20:22] - (.-.) - [0.87 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DPTopologyAppv2_0.exe.config [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:37:59] - [102582.07 Ko] - C:\WINDOWS\System32\drivers [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\System32\DriverState [MD5.00000000000000000000000000000000] - |D| - [11/04/2018 23:04:33] - [3052388.69 Ko] - C:\WINDOWS\System32\DriverStore [MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 01:38:21] - [161.5 Ko] - C:\WINDOWS\System32\dsc [MD5.DF84EB7B44D1414284BA384F0061D1DC] - |A| - [12/04/2018 01:34:04] - (.-.) - [728.08 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DynamicLong.bin [MD5.346870077DFD18867A9693C7A59AA3E6] - |A| - [12/04/2018 01:34:04] - (.-.) - [503.08 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DynamicMedium.bin [MD5.2BEC13D68312ADE8C0065D8BCC146D2F] - |A| - [12/04/2018 01:34:04] - (.-.) - [315.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DynamicShort.bin [MD5.10C38E1CA0D664F58E8B9F3645885E1D] - |A| - [24/02/2019 16:47:08] - (.-.) - [0.07 Ko] - (0.0.0.0) - C:\WINDOWS\System32\edgehtmlpluginpolicy.bin [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [451.5 Ko] - C:\WINDOWS\System32\el-GR [MD5.20B85E58713F59664314438F3E10755A] - |A| - [20/06/2012 10:16:38] - (.Copyright (C) eMPIA Technology 2002-2012 - USB 28xx BDA Prop Page.) - [116.5 Ko] - (5.2012.620.0) - C:\WINDOWS\System32\emPRP64.ax [MD5.C38B51CDDD8D6CA489FEB4FA3FE09840] - |A| - [09/12/2017 12:20:34] - (.-.) - [22.66 Ko] - (0.0.0.0) - C:\WINDOWS\System32\emptyregdb.dat [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:18:38] - [0 Ko] - C:\WINDOWS\System32\en [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [324 Ko] - C:\WINDOWS\System32\en-GB [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [2139.03 Ko] - C:\WINDOWS\System32\en-US [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [433.5 Ko] - C:\WINDOWS\System32\es-ES [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [358.5 Ko] - C:\WINDOWS\System32\es-MX [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [318.5 Ko] - C:\WINDOWS\System32\et-EE [MD5.4DBB768C8F7E49566670FF10A61726A3] - |A| - [12/07/2018 10:05:45] - (.-.) - [1278 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FaceProcessor.dll [MD5.F5A3997555DA1A4F7036D4E8B2FCB386] - |A| - [12/07/2018 10:05:11] - (.-.) - [530.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FaceProcessorCore.dll [MD5.BB0137476B1EC8B10CE944BF023C91F6] - |A| - [12/04/2018 01:34:04] - (.-.) - [1317.05 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FaceTrackerInternal.dll [MD5.4DED57BD7ACB9B0EBBE82034EC44645A] - |A| - [12/04/2018 01:34:41] - (.-.) - [43.22 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FeatureToastBulldogImg.png [MD5.E65D2A37B6D4445D0CD9234BA933475B] - |A| - [12/04/2018 01:33:53] - (.-.) - [72.96 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FeatureToastHeroImg.jpg [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [404.5 Ko] - C:\WINDOWS\System32\fi-FI [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32.5 Ko] - C:\WINDOWS\System32\fil-PH [MD5.A08B87CC51FB774ED45FDF4284B1974F] - |A| - [01/12/2016 23:20:22] - (.-.) - [626.49 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FilmModeDetection.wmv [MD5.054476C027EE2974C1F5984BBE3CD4F8] - |A| - [20/03/2017 14:26:54] - (.(c)Conexant Systems Inc. - Microphone Effects Property Page.) - [107.7 Ko] - (1.7.0.0) - C:\WINDOWS\System32\FMPropPageExt64.dll [MD5.2E4B4496D81381333A21A58C227EF19B] - |A| - [05/06/2018 16:28:46] - (.-.) - [350.48 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FNTCACHE.DAT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:18:38] - [3403 Ko] - C:\WINDOWS\System32\fr [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [369 Ko] - C:\WINDOWS\System32\fr-CA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [45668.33 Ko] - C:\WINDOWS\System32\fr-FR [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\System32\FxsTmp [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32.5 Ko] - C:\WINDOWS\System32\ga-IE [MD5.41FD64AE28A0C932CA7B2A250993D675] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.45 Ko] - (0.0.0.0) - C:\WINDOWS\System32\GameSystemToastIcon.contrast-white.png [MD5.6DC77FD8B062264AF1C6DA325ABB7010] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\GameSystemToastIcon.png [MD5.2E6AF4D5BF6E31E728F409984C3045D4] - |A| - [12/04/2018 01:34:39] - (.-.) - [86.7 Ko] - (0.0.0.0) - C:\WINDOWS\System32\gatherNetworkInfo.vbs [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [34 Ko] - C:\WINDOWS\System32\gd-GB [MD5.899E708E589C09700BFF1C73CB7D7002] - |A| - [01/12/2016 23:20:22] - (.-.) - [0.87 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxv2_0.exe.config [MD5.60E6C68CB0B797EDD0386A68526935A4] - |A| - [01/12/2016 23:20:22] - (.-.) - [0.91 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxv4_0.exe.config [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [22/06/2017 15:17:19] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\System32\GfxValDisplayLog.bin [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [31 Ko] - C:\WINDOWS\System32\gl-ES [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\System32\GroupPolicy [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\System32\GroupPolicyUsers [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29 Ko] - C:\WINDOWS\System32\gu-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29 Ko] - C:\WINDOWS\System32\ha-Latn-NG [MD5.EA99A87E98D995DE6E280CF85CEAD413] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.21 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HandwritingSystemToastIcon.contrast-white.png [MD5.B8E586ED92DB703FFA480E254996160E] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.89 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HandwritingSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [327.5 Ko] - C:\WINDOWS\System32\he-IL [MD5.6E9E9D56B192B2995493E529CFF2BBFE] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.43 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadphoneSystemToastIcon.contrast-white.png [MD5.7F1E9502267F778F3A8139C35A352190] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.09 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadphoneSystemToastIcon.png [MD5.202A07E4526B050E22624328E64E0470] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.52 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadsetSystemToastIcon.contrast-white.png [MD5.1892ACC10CAC009BCAC146AD650ABA58] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.17 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadsetSystemToastIcon.png [MD5.031713BFD5F30E63336D3CA5D2767BE9] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.79 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HealthSystemToastIcon.contrast-white.png [MD5.C1BD7976C99830E33A713D02374054EC] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.62 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HealthSystemToastIcon.png [MD5.D6906D226393F94E7D8B3B2AC1E41D94] - |A| - [12/04/2018 01:34:10] - (.-.) - [247.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeatCore.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29 Ko] - C:\WINDOWS\System32\hi-IN [MD5.7A319F10718AB67B8600BD5CED29BCF0] - |A| - [21/07/2016 21:05:08] - (.© 2015 HPDC LP - DeviceCoInstaller.) - [320.68 Ko] - (40.2.1065.64451) - C:\WINDOWS\System32\hpinkcoiCC11.dll [MD5.14B44F60077B01C873F01F5AC1B7DF69] - |A| - [21/07/2016 21:05:14] - (.© 2015 HPDC LP - hpinkins.exe.) - [2883.68 Ko] - (40.2.1065.64451) - C:\WINDOWS\System32\hpinkinsCC11.exe [MD5.3359D87DC51B6D9564A7DB37E1E2904A] - |A| - [21/07/2016 21:05:22] - (.© 2015 HPDC LP - Print Status Language Monitor.) - [384.18 Ko] - (40.2.1065.64451) - C:\WINDOWS\System32\hpinkstsCC11LM.dll [MD5.53D8BBB236513133915E8206CC8E419F] - |A| - [07/05/2008 19:59:34] - (.Copyright (C) 1999 - LanguageMonitor.) - [34 Ko] - (61.53.25.9) - C:\WINDOWS\System32\HPZ3LLHN.DLL [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [335 Ko] - C:\WINDOWS\System32\hr-HR [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [411 Ko] - C:\WINDOWS\System32\hu-HU [MD5.E1712E7E7F912EC72EEDA318C3B25E25] - |A| - [12/04/2018 01:33:54] - (.-.) - [31 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HvSocket.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [27.5 Ko] - C:\WINDOWS\System32\hy-AM [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:20] - [160.64 Ko] - C:\WINDOWS\System32\hydrogen [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [5.36 Ko] - C:\WINDOWS\System32\ias [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [36.27 Ko] - C:\WINDOWS\System32\icsxml [MD5.CD591279F103D5E02F84ABD7ED450E57] - |RA| - [12/04/2018 01:34:12] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU I18N DLL.) - [1848 Ko] - (59.1.0.0) - C:\WINDOWS\System32\icuin.dll [MD5.4185EE055F39FD2D726A91E6A8A1A093] - |RA| - [12/04/2018 01:34:12] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Common DLL.) - [1311.5 Ko] - (59.1.0.0) - C:\WINDOWS\System32\icuuc.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\System32\id-ID [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [27 Ko] - C:\WINDOWS\System32\ig-NG [MD5.AB2D50B6F3C665B55C8E5A049D59E7CC] - |A| - [01/12/2016 23:20:22] - (.-.) - [5663.46 Ko] - (0.0.0.0) - C:\WINDOWS\System32\igdclbif.bin [MD5.9F63B714A933FD4D4E3C613211AD98D6] - |A| - [06/05/2019 02:02:06] - (.Copyright (C) 2012-2015 - MDF(CM) Runtime DX11 Dynamic Link Library.) - [178.87 Ko] - (5.0.0.1148) - C:\WINDOWS\System32\igfx11cmrt64.dll [MD5.BC0EF9B1AA166D06897793D5609A8470] - |A| - [05/05/2019 23:02:00] - (.Copyright (C) 2010 - 2015 - MDF(CM) JIT Dynamic Link Library.) - [1553.71 Ko] - (5.0.0.1148) - C:\WINDOWS\System32\igfxcmjit64.dll [MD5.EB5AD9A2DE80B701316E224A2E5D232D] - |A| - [06/05/2019 02:02:08] - (.Copyright (C) 2010 - 2015 - MDF(CM) Runtime Dynamic Link Library.) - [179.88 Ko] - (5.0.0.1148) - C:\WINDOWS\System32\igfxcmrt64.dll [MD5.39CDEFCA280721A52FC2AB2F179F83E8] - |A| - [05/05/2019 23:02:00] - (.-.) - [267.2 Ko] - (0.0.0.0) - C:\WINDOWS\System32\igfxCPL.cpl [MD5.422ADA69DF0C91E3811FE57C0B1BFC2D] - |A| - [05/05/2019 23:02:02] - (.-.) - [101.2 Ko] - (0.0.0.0) - C:\WINDOWS\System32\igfxCUIServicePS.dll [MD5.6DD5C6A6E60B5DFA3DD7E0891829A705] - |A| - [05/05/2019 23:02:02] - (.-.) - [83.2 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxDHLib.dll [MD5.135C9667D13E7E4CFD6692D9D6CD88B8] - |A| - [05/05/2019 23:02:02] - (.-.) - [93.2 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxDHLibv2_0.dll [MD5.CE16F09952F187AFA56462421270E317] - |A| - [05/05/2019 23:02:04] - (.-.) - [28.7 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxDILib.dll [MD5.2BA013342BD1DF3DAADACA5123187980] - |A| - [05/05/2019 23:02:04] - (.-.) - [28.73 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxDILibv2_0.dll [MD5.FAAD447A9C7A81B2003D641BCFCEC362] - |A| - [05/05/2019 23:02:04] - (.-.) - [27.21 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxEMLib.dll [MD5.C562E2218D126BE18F480138BD911154] - |A| - [05/05/2019 23:02:06] - (.-.) - [27.23 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxEMLibv2_0.dll [MD5.A749F3730D0B1B87D810817687B950BB] - |A| - [05/05/2019 23:02:08] - (.-.) - [22.2 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxLHMLib.dll [MD5.847C4E75626D0545344734FF87A70EC1] - |A| - [05/05/2019 23:02:08] - (.-.) - [22.2 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxLHMLibv2_0.dll [MD5.FAF4A7388FFD70816551666DD584D5D5] - |A| - [05/05/2019 23:02:08] - (.-.) - [996.95 Ko] - (0.0.0.0) - C:\WINDOWS\System32\igfxSDK.exe [MD5.0C0C6605C35C04D78A6CDADDB2742217] - |A| - [05/05/2019 23:02:08] - (.-.) - [98.5 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxSDKLib.dll [MD5.85204D473EBE306A50CE988F6DB83CA6] - |A| - [05/05/2019 23:02:10] - (.-.) - [109 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxSDKLibv2_0.dll [MD5.95B1D26DD3556EDAB0704FD14245569C] - |A| - [02/12/2016 07:32:42] - (.-.) - [389.45 Ko] - (0.0.0.0) - C:\WINDOWS\System32\igfxTray.exe [MD5.8AC373F4A5A8E34E97F0C2B54E227574] - |A| - [05/05/2019 22:48:42] - (.-.) - [1344 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxa64.cpa [MD5.AB07C2EDD36510773CCB2CDE86961461] - |A| - [05/05/2019 22:48:42] - (.-.) - [1.1 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxa64.vp [MD5.4E967268EC80FF454D7391D598BA5E10] - |A| - [05/05/2019 22:48:42] - (.-.) - [43.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxc64.vp [MD5.5F8C37E8469B67AC76C2AD6050AE6513] - |A| - [05/05/2019 22:48:42] - (.-.) - [42.2 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxc64_dev.vp [MD5.2A8578240F878F098205E1DC75DF4834] - |A| - [05/05/2019 22:48:42] - (.-.) - [42.73 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxg64.vp [MD5.6485A3A7D87E7D49D55E3E814290BA26] - |A| - [05/05/2019 22:48:42] - (.-.) - [42.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxg64_dev.vp [MD5.392AF7118598E658B41C4716642B7D4B] - |A| - [05/05/2019 22:48:42] - (.-.) - [41.52 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxo64.vp [MD5.828CF0AA3495A32D1DADF9CB56BFCDEA] - |A| - [05/05/2019 22:48:42] - (.-.) - [42.13 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxo64_dev.vp [MD5.F137925ECD8957A40C4151738D1D4284] - |A| - [05/05/2019 22:48:42] - (.-.) - [4.73 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxs64.vp [MD5.67B646C256190F118619C9D10AAE4B5C] - |A| - [12/04/2018 01:34:04] - (.-.) - [168 Ko] - (0.0.0.0) - C:\WINDOWS\System32\IHDS.dll [MD5.3ED204C864E5CC3C78D3DBB707D102D1] - |A| - [01/12/2016 23:20:24] - (.-.) - [394.21 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ImageStabilization.wmv [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [25220 Ko] - C:\WINDOWS\System32\IME [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\System32\inetsrv [MD5.BB1480586B5C174900A1051CEB2B462F] - |A| - [12/04/2018 01:34:12] - (.-.) - [480.22 Ko] - (0.0.0.0) - C:\WINDOWS\System32\InputHost.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [6671.5 Ko] - C:\WINDOWS\System32\InputMethod [MD5.8DE9AE82152650C178BF1E24014E8503] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.25 Ko] - (0.0.0.0) - C:\WINDOWS\System32\InputSystemToastIcon.contrast-white.png [MD5.0B9FBD6F3ED617CD36D042D3422F1C2B] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\InputSystemToastIcon.png [MD5.2FA94E7C11618BBF7607EEFDAE5929E7] - |A| - [05/05/2019 23:02:10] - (.Copyright (C) 2015 - IntelCpHDCPSvc Executable.) - [435.45 Ko] - (1.0.0.1) - C:\WINDOWS\System32\IntelCpHDCPSvc.exe [MD5.CD5103513C1B423576F1786C3A14B842] - |A| - [05/05/2019 23:02:18] - (.Copyright © The Khronos Group Inc 2014 - OpenCL Client DLL.) - [97.5 Ko] - (2.0.2.0) - C:\WINDOWS\System32\Intel_OpenCL_ICD64.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\System32\Ipmi [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29 Ko] - C:\WINDOWS\System32\is-IS [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [432.5 Ko] - C:\WINDOWS\System32\it-IT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [319.56 Ko] - C:\WINDOWS\System32\ja-jp [MD5.23AC7515B6D8A794BCC01B582F044078] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.82 Ko] - (0.0.0.0) - C:\WINDOWS\System32\KeyboardSystemToastIcon.contrast-white.png [MD5.3DF873E16CCEA9B42857FB5FA085CB00] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\KeyboardSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\System32\kk-KZ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28 Ko] - C:\WINDOWS\System32\km-KH [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [31.5 Ko] - C:\WINDOWS\System32\kn-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [297 Ko] - C:\WINDOWS\System32\ko-KR [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29 Ko] - C:\WINDOWS\System32\kok-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\System32\ku-Arab-IQ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\System32\ky-KG [MD5.9451D4436E2EA67EB33FCC764E4AABED] - |A| - [19/11/2018 16:04:49] - (.-.) - [186.29 Ko] - (0.0.0.0) - C:\WINDOWS\System32\LaptopPlugInToastImg.gif [MD5.F0CC83E1BA7E24F9B3292160C28AECD7] - |A| - [12/04/2018 01:34:04] - (.-.) - [145.56 Ko] - (0.0.0.0) - C:\WINDOWS\System32\LargeRoom.bin [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [33 Ko] - C:\WINDOWS\System32\lb-LU [MD5.4F5120E44845A78D5920D2F0BDE0340F] - |A| - [12/04/2018 18:22:53] - (.-.) - [1953 Ko] - (2.6.4.0) - C:\WINDOWS\System32\libcrypto.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [559.86 Ko] - C:\WINDOWS\System32\Licenses [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [27 Ko] - C:\WINDOWS\System32\lo-LA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [6794.69 Ko] - C:\WINDOWS\System32\LogFiles [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [333 Ko] - C:\WINDOWS\System32\lt-LT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [331.5 Ko] - C:\WINDOWS\System32\lv-LV [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [30096.04 Ko] - C:\WINDOWS\System32\Macromed [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32.68 Ko] - C:\WINDOWS\System32\MailContactsCalendarSync [MD5.3DCF07F29FFC6A20F14E05C20D3621F7] - |A| - [13/03/2019 17:45:35] - (.-.) - [791.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MBR2GPT.EXE [MD5.F23EB28468FC8B62AF941308EC30387F] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.25 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediaSystemToastIcon.contrast-white.png [MD5.6E27512E38D598E0A60F8E5ADCF032CD] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.83 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediaSystemToastIcon.png [MD5.69D04DE701CF1E8CE69C65D1671D2B3F] - |A| - [12/04/2018 01:34:04] - (.-.) - [107.46 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediumRoom.bin [MD5.D225B2044789A6059344503C1AE33347] - |A| - [12/04/2018 01:34:29] - (.-.) - [3.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\mmc.exe.config [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30.5 Ko] - C:\WINDOWS\System32\mn-MN [MD5.B43E43FFFDD0F06A6925C7C89594042B] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.35 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MouseSystemToastIcon.contrast-white.png [MD5.5D2F0D3E50BF1129D260AC1405FF2A18] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.06 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MouseSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\System32\mr-IN [MD5.00000000000000000000000000000000] - |D| - [22/06/2017 15:28:51] - [0 Ko] - C:\WINDOWS\System32\MRT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\System32\ms-MY [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [45.5 Ko] - C:\WINDOWS\System32\MSDRM [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [4196.28 Ko] - C:\WINDOWS\System32\MsDtc [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [31 Ko] - C:\WINDOWS\System32\mt-MT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [6 Ko] - C:\WINDOWS\System32\MUI [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [34.35 Ko] - C:\WINDOWS\System32\my-mm [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [393.5 Ko] - C:\WINDOWS\System32\nb-NO [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [512 Ko] - C:\WINDOWS\System32\NDF [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [31.5 Ko] - C:\WINDOWS\System32\ne-NP [MD5.755CB19547091C00749BCC2948CE22D1] - |A| - [09/12/2017 11:56:40] - (.-.) - [73.76 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NetSetupMig.log [MD5.C146E873B22C3B300B21A859FE66C27A] - |A| - [12/04/2018 01:34:39] - (.-.) - [21.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NetTrace.PLA.Diagnostics.xml [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [51 Ko] - C:\WINDOWS\System32\networklist [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [422.5 Ko] - C:\WINDOWS\System32\nl-NL [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\System32\nn-NO [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30.5 Ko] - C:\WINDOWS\System32\nso-ZA [MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 01:38:21] - [3781.5 Ko] - C:\WINDOWS\System32\Nui [MD5.B71AD74A91E472CC8B283B8A7D2C9677] - |A| - [15/05/2017 09:17:08] - (.-.) - [0.65 Ko] - (0.0.0.0) - C:\WINDOWS\System32\nv-vk64.json [MD5.6C29B9074C1B5F1EBE3B0718A4A53007] - |A| - [22/06/2017 15:21:19] - (.-.) - [7663.69 Ko] - (0.0.0.0) - C:\WINDOWS\System32\nvcoproc.bin [MD5.3ABC3E46A92F82ECEA031312B0EE3EE1] - |A| - [15/05/2017 09:17:12] - (.-.) - [41.39 Ko] - (0.0.0.0) - C:\WINDOWS\System32\nvinfo.pb [MD5.1F8E72D18D9DF680D0E0E5AA10ECA760] - |A| - [12/04/2018 01:38:28] - (.-.) - [16.94 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OEMDefaultAssociations.xml [MD5.F3DC097E834C1A11F2BEDFD429C644A9] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.41 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.contrast-black.png [MD5.BFE1CCA08FEFC8A3422F7DA615567D75] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.43 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.contrast-white.png [MD5.F3DC097E834C1A11F2BEDFD429C644A9] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.41 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [15794.83 Ko] - C:\WINDOWS\System32\oobe [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:54] - [3834.5 Ko] - C:\WINDOWS\System32\OpenSSH [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32.5 Ko] - C:\WINDOWS\System32\or-IN [MD5.459FB33AA2114A28C5932FEAA115B072] - |A| - [12/04/2018 01:34:04] - (.-.) - [45.82 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OutdoorAudioEnvironment.bin [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\System32\pa-Arab-PK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\System32\pa-IN [MD5.874B0871DA3EC061D1BF30423C1E165B] - |A| - [12/04/2018 01:34:43] - (.-.) - [48.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PerceptionSimulationInput.exe [MD5.82E7332ED265B31F803CAC793439BF7C] - |A| - [12/04/2018 01:40:29] - (.-.) - [122.19 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc009.dat [MD5.93BA8C0BC40F5A636009C36F32B12E2A] - |A| - [12/04/2018 18:18:42] - (.-.) - [138.42 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc00C.dat [MD5.1E60BC5E525063B96078DF17FBD3C4E1] - |A| - [12/04/2018 01:40:29] - (.-.) - [32.64 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd009.dat [MD5.9F9AF8517189B0D61B2615007E071084] - |A| - [12/04/2018 18:18:42] - (.-.) - [39.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd00C.dat [MD5.D3502EF912725EEB9E3B4891D2CAB6DA] - |A| - [12/04/2018 01:40:29] - (.-.) - [649.09 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh009.dat [MD5.65A89EE4647CA2729B84D3095949789D] - |A| - [12/04/2018 18:18:42] - (.-.) - [736.92 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh00C.dat [MD5.43F3521765362487E504B76CA9908F01] - |A| - [05/06/2018 16:51:51] - (.-.) - [1637.75 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PerfStringBackup.INI [MD5.79D34E3B62076D4C875C748F5BE71ECA] - |A| - [12/04/2018 01:34:02] - (.-.) - [2.21 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PhoneSystemToastIcon.contrast-white.png [MD5.4D9495349D00D9AD907F227FF51F289F] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.92 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PhoneSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [420 Ko] - C:\WINDOWS\System32\pl-PL [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [682 Ko] - C:\WINDOWS\System32\PointOfService [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:18:39] - [420.74 Ko] - C:\WINDOWS\System32\Printing_Admin_Scripts [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\System32\ProximityToast [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30.5 Ko] - C:\WINDOWS\System32\prs-AF [MD5.007893E8374C766471239EB291BA8C17] - |A| - [12/04/2018 01:34:40] - (.-.) - [4.05 Ko] - (0.0.0.0) - C:\WINDOWS\System32\psmodulediscoveryprovider.mof [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [422 Ko] - C:\WINDOWS\System32\pt-BR [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [417.5 Ko] - C:\WINDOWS\System32\pt-PT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32.5 Ko] - C:\WINDOWS\System32\quc-Latn-GT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30.5 Ko] - C:\WINDOWS\System32\quz-PE [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [23.75 Ko] - C:\WINDOWS\System32\ras [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\System32\RasToast [MD5.5BBEA6A833CAE2CAB5E400D757998BBF] - |A| - [05/06/2018 17:15:33] - (.-.) - [1907.5 Ko] - (1.0.1802.7001) - C:\WINDOWS\System32\rdpnano.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [445846.27 Ko] - C:\WINDOWS\System32\Recovery [MD5.826549DF7B1333179BA8CA939B12DAD3] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RemoteSystemToastIcon.contrast-white.png [MD5.B4DEEC96F9DF6961D5DE054F11BF9C2B] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.1 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RemoteSystemToastIcon.png [MD5.93915F385A4EED6C0FBEE364EA90CE56] - |A| - [12/04/2018 01:34:43] - (.-.) - [9.09 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriHMImageList [MD5.39A2449AFF6ABAD80B97EA7C7CEB3F8E] - |A| - [12/04/2018 01:34:43] - (.-.) - [8.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriImageList [MD5.831C579709F4761E4AB7053FCF4176EC] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.contrast-black.png [MD5.DF286186041C6BF73C5DC21CEEEFFED5] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.77 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.contrast-white.png [MD5.831C579709F4761E4AB7053FCF4176EC] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0.07 Ko] - C:\WINDOWS\System32\restore [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [342 Ko] - C:\WINDOWS\System32\ro-RO [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [412 Ko] - C:\WINDOWS\System32\ru-RU [MD5.BA34CA469FE48B13922CD7A07A4A904A] - |A| - [18/10/2018 15:28:53] - (.-.) - [51.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\runexehelper.exe [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\System32\rw-RW [MD5.5C18CD22BE4628865FCB63337A6E5EF6] - |A| - [12/04/2018 01:35:22] - (.-.) - [10.18 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScavengeSpace.xml [MD5.2F24BC74DCB28FE032C1596755385917] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.contrast-black.png [MD5.E72B1B6800DE45AA9AE7E10F899E5999] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.54 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.contrast-white.png [MD5.2F24BC74DCB28FE032C1596755385917] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\System32\sd-Arab-PK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [6.92 Ko] - C:\WINDOWS\System32\SecureBootUpdates [MD5.A8308D2F3DDE0745E8B678BF69A2ECD0] - |A| - [12/04/2018 01:34:39] - (.-.) - [8 Ko] - (0.0.0.0) - C:\WINDOWS\System32\settings.dat [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [2246 Ko] - C:\WINDOWS\System32\ShellExperiences [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [53.2 Ko] - C:\WINDOWS\System32\si-lk [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [339 Ko] - C:\WINDOWS\System32\sk-SK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [335.5 Ko] - C:\WINDOWS\System32\sl-SI [MD5.00000000000000000000000000000000] - |D| - [05/06/2018 16:28:53] - [86902.98 Ko] - C:\WINDOWS\System32\SleepStudy [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:18:39] - [52.14 Ko] - C:\WINDOWS\System32\slmgr [MD5.DAC275ABAAD2B689D7BB3685E4032072] - |A| - [12/04/2018 01:34:04] - (.-.) - [68.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SmallRoom.bin [MD5.00000000000000000000000000000000] - |D| - [11/04/2018 23:04:33] - [13385.02 Ko] - C:\WINDOWS\System32\SMI [MD5.55121989BE7B289813D419BA0FDEE8B7] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.contrast-black.png [MD5.E30B7D226E7B5B0EC2B9FC2316694ECC] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.88 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.contrast-white.png [MD5.55121989BE7B289813D419BA0FDEE8B7] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.png [MD5.DE3EAAF17BC934C77C4FC0C626EEA03B] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.48 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SpeakersSystemToastIcon.contrast-white.png [MD5.3308374DB8D20CFDA4D4204E2B5E559E] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.88 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SpeakersSystemToastIcon.png [MD5.3C238A27DD48D63F21CBB8AE6E4210BD] - |A| - [12/04/2018 01:34:41] - (.-.) - [37 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SpectrumSyncClient.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [7505.4 Ko] - C:\WINDOWS\System32\Speech [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [12221.17 Ko] - C:\WINDOWS\System32\Speech_OneCore [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [112941.71 Ko] - C:\WINDOWS\System32\spool [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [5924 Ko] - C:\WINDOWS\System32\spp [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [23.61 Ko] - C:\WINDOWS\System32\sppui [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30.5 Ko] - C:\WINDOWS\System32\sq-AL [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\System32\sr-Cyrl-BA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\System32\sr-Cyrl-RS [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [337 Ko] - C:\WINDOWS\System32\sr-Latn-RS [MD5.2E00E08420875FAE0B173C6A34C2A575] - |A| - [05/06/2018 17:15:48] - (.-.) - [18.28 Ko] - (0.0.0.0) - C:\WINDOWS\System32\srms-apr.dat [MD5.4FD560E994EDF0353835F3F9F506A62C] - |A| - [12/07/2018 10:04:56] - (.-.) - [57.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\srms.dat [MD5.00000000000000000000000000000000] - |D| - [22/06/2017 15:21:59] - [3161.65 Ko] - C:\WINDOWS\System32\SRSLabs [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [5208 Ko] - C:\WINDOWS\System32\sru [MD5.8A02EF186BDC952CA75EFA689EC4F275] - |A| - [12/04/2018 01:34:04] - (.-.) - [434 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ssdm.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [401.5 Ko] - C:\WINDOWS\System32\sv-SE [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29 Ko] - C:\WINDOWS\System32\sw-KE [MD5.00000000000000000000000000000000] - |D| - [11/04/2018 23:04:37] - [1402.25 Ko] - C:\WINDOWS\System32\Sysprep [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [923.28 Ko] - C:\WINDOWS\System32\SystemResetPlatform [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [44.73 Ko] - C:\WINDOWS\System32\ta-in [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [10.73 Ko] - C:\WINDOWS\System32\ta-lk [MD5.9CD66B93520B6DD13C71EAEF487D7899] - |A| - [12/04/2018 01:34:16] - (.Copyright (c) libarchive authors - bsdtar archive tool.) - [49 Ko] - (3.3.2.0) - C:\WINDOWS\System32\tar.exe [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [566.76 Ko] - C:\WINDOWS\System32\Tasks [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [523.65 Ko] - C:\WINDOWS\System32\Tasks_Migrated [MD5.A3C97023CE50955FC9E7081633368209] - |A| - [12/06/2019 16:22:25] - (.-.) - [1.28 Ko] - (0.0.0.0) - C:\WINDOWS\System32\tcbres.wim [MD5.D602CA245CC6774A0981B607F0675609] - |A| - [12/04/2018 01:34:33] - (.-.) - [58.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\tcpmon.ini [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\System32\te-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32 Ko] - C:\WINDOWS\System32\tg-Cyrl-TJ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [308.5 Ko] - C:\WINDOWS\System32\th-TH [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [22.5 Ko] - C:\WINDOWS\System32\ti-ET [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [27.5 Ko] - C:\WINDOWS\System32\tk-TM [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32.5 Ko] - C:\WINDOWS\System32\tn-ZA [MD5.43E499635DCDFCEC8CD88DE61E55A4E6] - |A| - [20/03/2017 14:27:04] - (.Copyright © 2016 Toshiba Client Solutions Co., Ltd. - TOSHIBA Audio Source Filtering APO.) - [832.16 Ko] - (2.1.1.0) - C:\WINDOWS\System32\tosasfapo64.dll [MD5.815528CBA609B6EB5E595059287314AF] - |A| - [20/03/2017 14:27:04] - (.Copyright © 2016 Toshiba Client Solutions Co., Ltd. - TOSHIBA Earphone Audio Enhancement APO.) - [436.7 Ko] - (2.1.0.0) - C:\WINDOWS\System32\toseaeapo64.dll [MD5.11493D68091CC4F42E7003F83ADE1ED4] - |A| - [20/03/2017 14:27:10] - (.Copyright © 2016 Toshiba Client Solutions Co., Ltd. - TOSHIBA Speaker Audio Enhancement APO.) - [1306.29 Ko] - (2.1.1.0) - C:\WINDOWS\System32\tossaeapo64.dll [MD5.A5AD41EA67E9F14CA73F4763E3562A63] - |A| - [20/03/2017 14:27:12] - (.Copyright © 2016 Toshiba Client Solutions Co., Ltd. - TOSHIBA Speaker Audio Enhancement Maximizer.) - [590.62 Ko] - (1.1.2.0) - C:\WINDOWS\System32\tossaemaxapo64.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [392.5 Ko] - C:\WINDOWS\System32\tr-TR [MD5.B88B8D017386A00D7724519F475317A0] - |A| - [12/04/2018 01:34:44] - (.-.) - [10.33 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlan.xslt [MD5.2F05390B798363D51EBE65D6320CD45E] - |A| - [12/04/2018 01:34:44] - (.-.) - [1.65 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlanCredentials.xslt [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\System32\tt-RU [MD5.3DB14AD20B4F30239DF20F2C922DF494] - |A| - [20/03/2017 14:26:52] - (.Copyright© Conexant Systems, Inc. 2013 - Conexant Unified x64 Device CoInstaller.) - [4675.37 Ko] - (7.102.0.0) - C:\WINDOWS\System32\UCI64A102.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28 Ko] - C:\WINDOWS\System32\ug-CN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [334.5 Ko] - C:\WINDOWS\System32\uk-UA [MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 01:38:21] - [2716.43 Ko] - C:\WINDOWS\System32\UNP [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\System32\ur-PK [MD5.5B0D59652F66ABB715DC53C312B26BD0] - |A| - [12/04/2018 01:34:14] - (.-.) - [37 Ko] - (0.0.0.0) - C:\WINDOWS\System32\UsbPmApi.dll [MD5.4E8F2BB3A5A87E75C35533723B50E685] - |A| - [22/06/2017 16:44:25] - (.-.) - [0.38 Ko] - (0.0.0.0) - C:\WINDOWS\System32\user_gensett.xml [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32 Ko] - C:\WINDOWS\System32\uz-Latn-UZ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [31.5 Ko] - C:\WINDOWS\System32\vi-VN [MD5.8140DA331F52518CC5FF25E69093BC5C] - |A| - [09/09/2016 20:25:10] - (.Copyright (C) 2015-2016 - Vulkan Loader.) - [255.78 Ko] - (1.0.26.0) - C:\WINDOWS\System32\vulkan-1-1-0-26-0.dll [MD5.8140DA331F52518CC5FF25E69093BC5C] - |A| - [22/06/2017 15:26:05] - (.Copyright (C) 2015-2016 - Vulkan Loader.) - [255.78 Ko] - (1.0.26.0) - C:\WINDOWS\System32\vulkan-1.dll [MD5.61DA784EB8C8E133EB3BB4AFBDD66758] - |A| - [09/09/2016 20:24:38] - (.-.) - [122.28 Ko] - (0.0.0.0) - C:\WINDOWS\System32\vulkaninfo-1-1-0-26-0.exe [MD5.61DA784EB8C8E133EB3BB4AFBDD66758] - |A| - [22/06/2017 15:26:05] - (.-.) - [122.28 Ko] - (0.0.0.0) - C:\WINDOWS\System32\vulkaninfo.exe [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [85292.74 Ko] - C:\WINDOWS\System32\wbem [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:18:39] - [0 Ko] - C:\WINDOWS\System32\WCN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [61055.17 Ko] - C:\WINDOWS\System32\WDI [MD5.6EDD021A8B6457DDE09DE7B7FA4E8C8B] - |A| - [12/04/2018 01:34:19] - (.-.) - [0.6 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WdsUnattendTemplate.xml [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [1.12 Ko] - C:\WINDOWS\System32\WinBioDatabase [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [44134.66 Ko] - C:\WINDOWS\System32\WinBioPlugIns [MD5.9FB33FC28587B322B6563F73A8F0CBBD] - |A| - [12/04/2018 01:34:10] - (.-.) - [123 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WindowsDefaultHeatProcessor.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [9747.49 Ko] - C:\WINDOWS\System32\WindowsPowerShell [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [179244 Ko] - C:\WINDOWS\System32\winevt [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [5569.42 Ko] - C:\WINDOWS\System32\WinMetadata [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:18:39] - [107.53 Ko] - C:\WINDOWS\System32\winrm [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [27.5 Ko] - C:\WINDOWS\System32\wo-SN [MD5.C30C621748C66CE751B19B2788559A3E] - |A| - [12/04/2018 01:34:42] - (.-.) - [4.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpcmon.png [MD5.A853BF78DA5ED707FC4430FBEA74CC15] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpr.config.xml [MD5.DE198ABE13B6E663E60E006E17CF68B1] - |A| - [12/04/2018 01:34:06] - (.-.) - [79.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\xboxgipsynthetic.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\System32\xh-ZA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29 Ko] - C:\WINDOWS\System32\yo-NG [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [286.99 Ko] - C:\WINDOWS\System32\zh-CN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [251.5 Ko] - C:\WINDOWS\System32\zh-TW [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\System32\zu-ZA [MD5.5C5A797761421CF9B72087F3BC8A5259] - |A| - [22/06/2017 15:17:18] - (.-.) - [0.18 Ko] - (0.0.0.0) - C:\WINDOWS\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat [MD5.1373F6562D5E4C715D5D3583E350093E] - |A| - [22/06/2017 15:17:18] - (.-.) - [0.2 Ko] - (0.0.0.0) - C:\WINDOWS\System32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:18:39] - [0 Ko] - C:\WINDOWS\SysWOW64\0409 [MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [12/04/2018 01:34:49] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@AudioToastIcon.png [MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [12/04/2018 01:34:48] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@EnrollmentToastIcon.png [MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [12/04/2018 01:34:59] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@VpnToastIcon.png [MD5.DB71001FC261F6685BE410527DAE3942] - |A| - [12/04/2018 01:34:49] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@WirelessDisplayToast.png [MD5.00000000000000000000000000000000] - |D| - [11/04/2018 23:04:41] - [1900.9 Ko] - C:\WINDOWS\SysWOW64\AdvancedInstallers [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\SysWOW64\af-ZA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [22 Ko] - C:\WINDOWS\SysWOW64\am-ET [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\AppLocker [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [326.5 Ko] - C:\WINDOWS\SysWOW64\ar-SA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30.5 Ko] - C:\WINDOWS\SysWOW64\as-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\SysWOW64\az-Latn-AZ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\SysWOW64\be-BY [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [324 Ko] - C:\WINDOWS\SysWOW64\bg-BG [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\SysWOW64\bn-BD [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\SysWOW64\bn-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\SysWOW64\bs-Latn-BA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0.1 Ko] - C:\WINDOWS\SysWOW64\Bthprops [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30.5 Ko] - C:\WINDOWS\SysWOW64\ca-ES [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [31 Ko] - C:\WINDOWS\SysWOW64\ca-ES-valencia [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\catroot [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [23 Ko] - C:\WINDOWS\SysWOW64\chr-CHER-US [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [320.5 Ko] - C:\WINDOWS\SysWOW64\com [MD5.C04ED7B2794D40E8E777FD44ED44FC50] - |A| - [12/04/2018 01:34:46] - (.-.) - [0.36 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\DefaultAccountTile.png [MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 01:38:21] - [205 Ko] - C:\WINDOWS\SysWOW64\DiagSvcs [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [7791.13 Ko] - C:\WINDOWS\SysWOW64\Dism [MD5.5F0291F743A717E5E90D5FCAA65F323B] - |A| - [10/07/2012 11:43:08] - (.© PoINT Software & Systems GmbH 1994-2012 - API of PoINT CD/DVD Audio/Video SDK.) - [741.38 Ko] - (11.0.0.226) - C:\WINDOWS\SysWOW64\DLLAV32.dll [MD5.B28BCDE12EF536157B0836F0E35BF0EE] - |A| - [10/07/2012 11:43:08] - (.© PoINT Software & Systems GmbH 1994-2012 - PoINT Shared DLL.) - [153.38 Ko] - (4.0.0.167) - C:\WINDOWS\SysWOW64\DLLCPY32.dll [MD5.46805CB8BCBB94C6AF09F2EB63D2F4E4] - |A| - [10/07/2012 11:43:08] - (.© PoINT Software & Systems GmbH 1994-2012 - PoINT Shared DLL.) - [221.38 Ko] - (4.0.0.306) - C:\WINDOWS\SysWOW64\DLLDEV32.dll [MD5.2608C6004950BAA4C1AB2508AC637AB5] - |A| - [27/04/2007 10:43:58] - (.-.) - [117.38 Ko] - (3.7.0.12) - C:\WINDOWS\SysWOW64\DLLDEV32i.dll [MD5.2E7B44A102611318AC9A6627A4A2FBF4] - |A| - [10/07/2012 11:43:06] - (.© PoINT Software & Systems GmbH 1994-2012 - PoINT Shared DLL.) - [213.38 Ko] - (4.0.0.393) - C:\WINDOWS\SysWOW64\DLLDRV32.dll [MD5.75D9D1AF69F397737150089723EDFA7A] - |A| - [10/07/2012 11:43:06] - (.© PoINT Software & Systems GmbH 1994-2012 - PoINT Shared DLL.) - [97.38 Ko] - (3.1.0.109) - C:\WINDOWS\SysWOW64\DLLIO32.dll [MD5.D621B9F4C9F0647BFBCE84D7C0F68E27] - |A| - [10/07/2012 11:43:06] - (.Copyright © PoINT Software & Systems GmbH 1994-2012 - PoINT Shared DLL.) - [81.38 Ko] - (3.3.0.59) - C:\WINDOWS\SysWOW64\DLLPNT32.dll [MD5.FAC8907FE85FB1C43E6E81D45D507278] - |A| - [10/07/2012 11:43:06] - (.© PoINT Software & Systems GmbH 1994-2010 - PoINT Shared DLL.) - [93.38 Ko] - (3.1.0.40) - C:\WINDOWS\SysWOW64\DLLPRF32.dll [MD5.C77A763D688D9D4C25D4D899F5491CBD] - |A| - [10/07/2012 11:43:04] - (.PoINT Software & Systems GmbH 1994-2012 - PoINT Shared DLL.) - [297.38 Ko] - (3.3.0.217) - C:\WINDOWS\SysWOW64\DLLRES32.dll [MD5.B6B66E2F8A99C5274C5901739B40DF09] - |A| - [20/06/2012 10:06:32] - (.Copyright (C) eMPIA Technology 2002-2012 - USB 28xx BDA Prop Page.) - [111.5 Ko] - (5.2012.620.0) - C:\WINDOWS\SysWOW64\emPRP.ax [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:18:39] - [0 Ko] - C:\WINDOWS\SysWOW64\en [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [304 Ko] - C:\WINDOWS\SysWOW64\en-GB [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [1556.03 Ko] - C:\WINDOWS\SysWOW64\en-US [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [411.5 Ko] - C:\WINDOWS\SysWOW64\es-ES [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [336.5 Ko] - C:\WINDOWS\SysWOW64\es-MX [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [299.5 Ko] - C:\WINDOWS\SysWOW64\et-EE [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29 Ko] - C:\WINDOWS\SysWOW64\eu-ES [MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 01:38:21] - [13011.15 Ko] - C:\WINDOWS\SysWOW64\F12 [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\SysWOW64\fa-IR [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [383 Ko] - C:\WINDOWS\SysWOW64\fi-FI [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32.5 Ko] - C:\WINDOWS\SysWOW64\fil-PH [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:18:40] - [3149.5 Ko] - C:\WINDOWS\SysWOW64\fr [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [346 Ko] - C:\WINDOWS\SysWOW64\fr-CA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [37130.47 Ko] - C:\WINDOWS\SysWOW64\fr-FR [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\FxsTmp [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32.5 Ko] - C:\WINDOWS\SysWOW64\ga-IE [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [34 Ko] - C:\WINDOWS\SysWOW64\gd-GB [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [31 Ko] - C:\WINDOWS\SysWOW64\gl-ES [MD5.1E91815C329345AD54FE08BF7A98F749] - |A| - [12/04/2018 18:19:16] - (.Copyright (C) 2017 - Gracenote SDK component.) - [4073.5 Ko] - (3.10.5.5585) - C:\WINDOWS\SysWOW64\gnsdk_fp.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\GroupPolicy [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\GroupPolicyUsers [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29 Ko] - C:\WINDOWS\SysWOW64\gu-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29 Ko] - C:\WINDOWS\SysWOW64\ha-Latn-NG [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [309.5 Ko] - C:\WINDOWS\SysWOW64\he-IL [MD5.B4242227EAA6B910E3D0B985816DB2E7] - |A| - [12/04/2018 01:34:45] - (.-.) - [218 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\HeatCore.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29 Ko] - C:\WINDOWS\SysWOW64\hi-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [314.5 Ko] - C:\WINDOWS\SysWOW64\hr-HR [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [389.5 Ko] - C:\WINDOWS\SysWOW64\hu-HU [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [27.5 Ko] - C:\WINDOWS\SysWOW64\hy-AM [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [36.27 Ko] - C:\WINDOWS\SysWOW64\icsxml [MD5.17F5D3282D520EB2EA7C488AA6C57438] - |RA| - [12/04/2018 01:34:47] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU I18N DLL.) - [1594 Ko] - (59.1.0.0) - C:\WINDOWS\SysWOW64\icuin.dll [MD5.A456E020684366A0DB0714ABFB1B5A2A] - |RA| - [12/04/2018 01:34:47] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Common DLL.) - [1134 Ko] - (59.1.0.0) - C:\WINDOWS\SysWOW64\icuuc.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\SysWOW64\id-ID [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [27 Ko] - C:\WINDOWS\SysWOW64\ig-NG [MD5.9DDE110E76DD3D7FAA7282361069528E] - |A| - [12/04/2018 01:34:47] - (.-.) - [355.66 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\InputHost.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [215.5 Ko] - C:\WINDOWS\SysWOW64\InputMethod [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [1160 Ko] - C:\WINDOWS\SysWOW64\InstallShield [MD5.3BF7D3E5ED0D1983A12E7F83F4E305C7] - |A| - [05/05/2019 23:02:18] - (.Copyright © The Khronos Group Inc 2014 - OpenCL Client DLL.) - [101.5 Ko] - (2.0.2.0) - C:\WINDOWS\SysWOW64\Intel_OpenCL_ICD32.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\Ipmi [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29 Ko] - C:\WINDOWS\SysWOW64\is-IS [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [410.5 Ko] - C:\WINDOWS\SysWOW64\it-IT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [288 Ko] - C:\WINDOWS\SysWOW64\ja-JP [MD5.9EA3CD2CB18622637DD032743D7750C9] - |A| - [15/05/2017 09:17:08] - (.-.) - [0.65 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\nv-vk32.json [MD5.B3B9C8925432FDA674ACCA908FE3CFDE] - |A| - [12/04/2018 01:34:02] - (.-.) - [36.79 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\OneDrive.ico [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [685.69 Ko] - C:\WINDOWS\SysWOW64\oobe [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32.5 Ko] - C:\WINDOWS\SysWOW64\or-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\SysWOW64\pa-Arab-PK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\SysWOW64\pa-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [397.5 Ko] - C:\WINDOWS\SysWOW64\pl-PL [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:18:40] - [420.74 Ko] - C:\WINDOWS\SysWOW64\Printing_Admin_Scripts [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30.5 Ko] - C:\WINDOWS\SysWOW64\prs-AF [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [400.5 Ko] - C:\WINDOWS\SysWOW64\pt-BR [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [395.5 Ko] - C:\WINDOWS\SysWOW64\pt-PT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32.5 Ko] - C:\WINDOWS\SysWOW64\quc-Latn-GT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30.5 Ko] - C:\WINDOWS\SysWOW64\quz-PE [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [23.75 Ko] - C:\WINDOWS\SysWOW64\ras [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\RasToast [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0.82 Ko] - C:\WINDOWS\SysWOW64\Recovery [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\restore [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [321 Ko] - C:\WINDOWS\SysWOW64\ro-RO [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [391 Ko] - C:\WINDOWS\SysWOW64\ru-RU [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\SysWOW64\rw-RW [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\SysWOW64\sd-Arab-PK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\SysWOW64\si-LK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [316.5 Ko] - C:\WINDOWS\SysWOW64\sk-SK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [314.5 Ko] - C:\WINDOWS\SysWOW64\sl-SI [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:18:40] - [52.14 Ko] - C:\WINDOWS\SysWOW64\slmgr [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\SMI [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [4133.4 Ko] - C:\WINDOWS\SysWOW64\Speech [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [8940.62 Ko] - C:\WINDOWS\SysWOW64\Speech_OneCore [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [1309.47 Ko] - C:\WINDOWS\SysWOW64\spp [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [23.61 Ko] - C:\WINDOWS\SysWOW64\sppui [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30.5 Ko] - C:\WINDOWS\SysWOW64\sq-AL [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\SysWOW64\sr-Cyrl-BA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\SysWOW64\sr-Cyrl-RS [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [316.5 Ko] - C:\WINDOWS\SysWOW64\sr-Latn-RS [MD5.2E00E08420875FAE0B173C6A34C2A575] - |A| - [05/06/2018 17:16:06] - (.-.) - [18.28 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\srms-apr.dat [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\sru [MD5.DC2DB04CA829CAD7910CE71263F68C90] - |A| - [12/04/2018 01:34:45] - (.-.) - [321.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\ssdm.dll [MD5.D89190BEDE191ACEFA833CC0FA0DA3C5] - |A| - [10/07/2012 11:43:04] - (.© PoINT Software & Systems GmbH 1994-2012 - PoINT Shared DLL.) - [69.38 Ko] - (3.0.0.24) - C:\WINDOWS\SysWOW64\STRING32.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [381.5 Ko] - C:\WINDOWS\SysWOW64\sv-SE [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29 Ko] - C:\WINDOWS\SysWOW64\sw-KE [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:18:40] - [0 Ko] - C:\WINDOWS\SysWOW64\sysprep [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [34 Ko] - C:\WINDOWS\SysWOW64\ta-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\Tasks [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\SysWOW64\te-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32 Ko] - C:\WINDOWS\SysWOW64\tg-Cyrl-TJ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [289.5 Ko] - C:\WINDOWS\SysWOW64\th-TH [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [22.5 Ko] - C:\WINDOWS\SysWOW64\ti-ET [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [27.5 Ko] - C:\WINDOWS\SysWOW64\tk-TM [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32.5 Ko] - C:\WINDOWS\SysWOW64\tn-ZA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [372.5 Ko] - C:\WINDOWS\SysWOW64\tr-TR [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\SysWOW64\tt-RU [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28 Ko] - C:\WINDOWS\SysWOW64\ug-CN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [314 Ko] - C:\WINDOWS\SysWOW64\uk-UA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\SysWOW64\ur-PK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32 Ko] - C:\WINDOWS\SysWOW64\uz-Latn-UZ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [31.5 Ko] - C:\WINDOWS\SysWOW64\vi-VN [MD5.2F28B023406F83D17ACE4294E2510F44] - |A| - [09/09/2016 20:25:58] - (.Copyright (C) 2015-2016 - Vulkan Loader.) - [263.28 Ko] - (1.0.26.0) - C:\WINDOWS\SysWOW64\vulkan-1-1-0-26-0.dll [MD5.2F28B023406F83D17ACE4294E2510F44] - |A| - [22/06/2017 15:26:05] - (.Copyright (C) 2015-2016 - Vulkan Loader.) - [263.28 Ko] - (1.0.26.0) - C:\WINDOWS\SysWOW64\vulkan-1.dll [MD5.6448CF3F64B96B8C72A9D5905F7C07B0] - |A| - [09/09/2016 20:25:28] - (.-.) - [108.28 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\vulkaninfo-1-1-0-26-0.exe [MD5.6448CF3F64B96B8C72A9D5905F7C07B0] - |A| - [22/06/2017 15:26:05] - (.-.) - [108.28 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\vulkaninfo.exe [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [15720.71 Ko] - C:\WINDOWS\SysWOW64\wbem [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:18:40] - [0 Ko] - C:\WINDOWS\SysWOW64\WCN [MD5.F8A04B2ADF9693ADF0D70B966CA4498E] - |A| - [12/04/2018 01:34:45] - (.-.) - [109 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\WindowsDefaultHeatProcessor.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [8910.7 Ko] - C:\WINDOWS\SysWOW64\WindowsPowerShell [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [5569.41 Ko] - C:\WINDOWS\SysWOW64\WinMetadata [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:18:40] - [107.53 Ko] - C:\WINDOWS\SysWOW64\winrm [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [27.5 Ko] - C:\WINDOWS\SysWOW64\wo-SN [MD5.62236256C14EBAB96F24E4F1D7049CA8] - |A| - [12/04/2018 01:34:45] - (.-.) - [54.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\xboxgipsynthetic.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\SysWOW64\xh-ZA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\SysWOW64\yo-NG [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [245.5 Ko] - C:\WINDOWS\SysWOW64\zh-CN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [240.5 Ko] - C:\WINDOWS\SysWOW64\zh-TW [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\SysWOW64\zu-ZA ---------- | [Personnel] [09/12/2017 19:22:30] - |RD| - [298] - C:\Users\Personnel\3D Objects [05/06/2018 16:38:28] - |HD| - [47536287994] - C:\Users\Personnel\AppData [05/06/2018 16:38:28] - |SHD| - [0] - C:\Users\Personnel\Application Data [22/06/2017 12:33:04] - |RD| - [412] - C:\Users\Personnel\Contacts [05/06/2018 16:38:28] - |SHD| - [0] - C:\Users\Personnel\Cookies [22/06/2017 12:32:27] - |RD| - [273919008] - C:\Users\Personnel\Desktop [22/06/2017 12:32:27] - |RD| - [6606401095] - C:\Users\Personnel\Documents [22/06/2017 12:32:27] - |RD| - [1181750560] - C:\Users\Personnel\Downloads [21/08/2017 17:20:47] - |RD| - [1155588] - C:\Users\Personnel\Dropbox [22/06/2017 12:32:27] - |RD| - [2940] - C:\Users\Personnel\Favorites [22/06/2017 15:17:21] - |SHD| - [25308] - C:\Users\Personnel\IntelGraphicsProfiles [22/06/2017 12:32:27] - |RD| - [2528] - C:\Users\Personnel\Links [05/06/2018 16:38:28] - |SHD| - [0] - C:\Users\Personnel\Local Settings [05/06/2018 16:38:28] - |SHD| - [0] - C:\Users\Personnel\Menu Démarrer [05/06/2018 16:38:28] - |SHD| - [0] - C:\Users\Personnel\Mes documents [17/08/2018 21:10:04] - |HD| - [2631425] - C:\Users\Personnel\MicrosoftEdgeBackups [05/06/2018 16:38:28] - |SHD| - [0] - C:\Users\Personnel\Modèles [22/06/2017 12:32:27] - |RD| - [449495786] - C:\Users\Personnel\Music [05/06/2018 16:38:28] - |AH| - [3145728] - C:\Users\Personnel\ntuser.dat [05/06/2018 16:38:28] - |ASH| - [1060864] - C:\Users\Personnel\ntuser.dat.log1 [05/06/2018 16:38:28] - |ASH| - [2002944] - C:\Users\Personnel\ntuser.dat.log2 [05/06/2018 16:38:28] - |ASH| - [65536] - C:\Users\Personnel\NTUSER.DAT{13d7362e-68d5-11e8-90a3-c454441b39fc}.TM.blf [05/06/2018 16:38:28] - |ASH| - [524288] - C:\Users\Personnel\NTUSER.DAT{13d7362e-68d5-11e8-90a3-c454441b39fc}.TMContainer00000000000000000001.regtrans-ms [05/06/2018 16:38:28] - |ASH| - [524288] - C:\Users\Personnel\NTUSER.DAT{13d7362e-68d5-11e8-90a3-c454441b39fc}.TMContainer00000000000000000002.regtrans-ms [07/07/2019 22:08:18] - |ASH| - [65536] - C:\Users\Personnel\ntuser.dat{c84b15e4-9e7a-11e9-ac9c-28e34730fc03}.TM.blf [07/07/2019 22:08:18] - |ASH| - [524288] - C:\Users\Personnel\ntuser.dat{c84b15e4-9e7a-11e9-ac9c-28e34730fc03}.TMContainer00000000000000000001.regtrans-ms [07/07/2019 22:08:18] - |ASH| - [524288] - C:\Users\Personnel\ntuser.dat{c84b15e4-9e7a-11e9-ac9c-28e34730fc03}.TMContainer00000000000000000002.regtrans-ms [05/06/2018 17:10:51] - |SH| - [20] - C:\Users\Personnel\ntuser.ini [22/06/2017 12:36:42] - |RD| - [100] - C:\Users\Personnel\OneDrive [22/06/2017 12:32:27] - |RD| - [172530994437] - C:\Users\Personnel\Pictures [05/06/2018 16:38:28] - |SHD| - [0] - C:\Users\Personnel\Recent [22/06/2017 12:32:27] - |RD| - [282] - C:\Users\Personnel\Saved Games [22/06/2017 12:33:04] - |RD| - [1879] - C:\Users\Personnel\Searches [05/06/2018 16:38:28] - |SHD| - [0] - C:\Users\Personnel\SendTo [22/06/2017 12:32:27] - |RD| - [3580493384] - C:\Users\Personnel\Videos [05/06/2018 16:38:28] - |SHD| - [0] - C:\Users\Personnel\Voisinage d'impression [05/06/2018 16:38:28] - |SHD| - [0] - C:\Users\Personnel\Voisinage réseau [05/06/2018 16:38:28] - |D| - [3609938366] - C:\Users\Personnel\AppData\Local [22/06/2017 12:32:27] - |D| - [947858] - C:\Users\Personnel\AppData\LocalLow [05/06/2018 16:38:28] - |D| - [43925401771] - C:\Users\Personnel\AppData\Roaming [22/06/2017 16:33:23] - |D| - [1830909] - C:\Users\Personnel\AppData\Local\Adobe [01/11/2017 21:43:58] - |D| - [0] - C:\Users\Personnel\AppData\Local\Apple [01/11/2017 22:04:54] - |D| - [4465793] - C:\Users\Personnel\AppData\Local\Apple Computer [05/06/2018 16:38:28] - |SHD| - [0] - C:\Users\Personnel\AppData\Local\Application Data [04/04/2018 10:03:47] - |D| - [1041563247] - C:\Users\Personnel\AppData\Local\AVAST Software [22/06/2017 16:33:59] - |D| - [0] - C:\Users\Personnel\AppData\Local\CEF [22/06/2017 12:50:22] - |D| - [28532740] - C:\Users\Personnel\AppData\Local\Comms [22/06/2017 12:32:54] - |D| - [1215646] - C:\Users\Personnel\AppData\Local\ConnectedDevicesPlatform [11/08/2017 11:08:10] - |D| - [1532357] - C:\Users\Personnel\AppData\Local\CrashDumps [07/07/2019 20:45:21] - |D| - [68516] - C:\Users\Personnel\AppData\Local\D3DSCache [11/08/2017 11:07:29] - |D| - [0] - C:\Users\Personnel\AppData\Local\DBG [19/06/2019 17:32:45] - |D| - [2580480] - C:\Users\Personnel\AppData\Local\Downloaded Installations [23/06/2017 18:05:27] - |D| - [903748946] - C:\Users\Personnel\AppData\Local\Google [05/06/2018 16:38:28] - |SHD| - [0] - C:\Users\Personnel\AppData\Local\Historique [04/07/2019 16:48:17] - |D| - [51379] - C:\Users\Personnel\AppData\Local\HP [24/10/2018 20:25:36] - |AH| - [86665] - C:\Users\Personnel\AppData\Local\IconCache.db [05/06/2018 18:35:20] - |AH| - [57772] - C:\Users\Personnel\AppData\Local\IconCache.db.backup [05/06/2018 16:38:28] - |D| - [786643589] - C:\Users\Personnel\AppData\Local\Microsoft [24/06/2017 11:48:27] - |D| - [70882] - C:\Users\Personnel\AppData\Local\MicrosoftEdge [22/06/2017 16:34:36] - |D| - [10789383] - C:\Users\Personnel\AppData\Local\Mozilla [09/12/2017 12:03:50] - |D| - [779207570] - C:\Users\Personnel\AppData\Local\Packages [12/06/2018 16:20:40] - |D| - [0] - C:\Users\Personnel\AppData\Local\PlaceholderTileLogoFolder [22/06/2017 16:30:41] - |D| - [0] - C:\Users\Personnel\AppData\Local\Programs [22/06/2017 12:33:14] - |D| - [853060] - C:\Users\Personnel\AppData\Local\Publishers [21/08/2017 14:20:55] - |D| - [351627] - C:\Users\Personnel\AppData\Local\SConnectHost [24/06/2017 12:13:40] - |D| - [786659] - C:\Users\Personnel\AppData\Local\SConnectIE [05/06/2018 18:34:46] - |D| - [940] - C:\Users\Personnel\AppData\Local\speech [05/06/2018 16:38:28] - |D| - [33611893] - C:\Users\Personnel\AppData\Local\Temp [05/06/2018 16:38:28] - |SHD| - [0] - C:\Users\Personnel\AppData\Local\Temporary Internet Files [22/06/2017 12:32:55] - |D| - [11888222] - C:\Users\Personnel\AppData\Local\TileDataLayer [22/06/2017 12:32:57] - |D| - [91] - C:\Users\Personnel\AppData\Local\VirtualStore [22/06/2017 16:33:23] - |D| - [41984] - C:\Users\Personnel\AppData\LocalLow\Adobe [22/06/2017 12:33:38] - |SD| - [720368] - C:\Users\Personnel\AppData\LocalLow\Microsoft [22/06/2017 16:36:47] - |D| - [0] - C:\Users\Personnel\AppData\LocalLow\Mozilla [21/08/2017 14:20:58] - |D| - [168245] - C:\Users\Personnel\AppData\LocalLow\SConnect [12/07/2017 15:20:33] - |D| - [17261] - C:\Users\Personnel\AppData\LocalLow\Sun [22/06/2017 12:32:58] - |D| - [50310] - C:\Users\Personnel\AppData\Roaming\Adobe [01/11/2017 22:04:54] - |D| - [43881003590] - C:\Users\Personnel\AppData\Roaming\Apple Computer [24/06/2017 12:29:08] - |D| - [7048724] - C:\Users\Personnel\AppData\Roaming\AVAST Software [22/06/2017 16:39:32] - |D| - [73] - C:\Users\Personnel\AppData\Roaming\Bitdefender [29/01/2019 13:45:47] - |D| - [1721] - C:\Users\Personnel\AppData\Roaming\Canneverbe Limited [13/12/2018 18:29:26] - |D| - [0] - C:\Users\Personnel\AppData\Roaming\Google [04/07/2019 16:51:27] - |D| - [0] - C:\Users\Personnel\AppData\Roaming\HpUpdate [24/06/2017 12:13:06] - |D| - [506] - C:\Users\Personnel\AppData\Roaming\Macromedia [16/01/2019 16:38:34] - |D| - [1566852] - C:\Users\Personnel\AppData\Roaming\MAGIX [05/06/2018 16:38:28] - |SD| - [4128304] - C:\Users\Personnel\AppData\Roaming\Microsoft [22/06/2017 16:36:27] - |D| - [19016566] - C:\Users\Personnel\AppData\Roaming\Mozilla [16/01/2019 13:47:42] - |D| - [0] - C:\Users\Personnel\AppData\Roaming\MPC-HC [22/06/2017 16:57:52] - |D| - [12583173] - C:\Users\Personnel\AppData\Roaming\OpenOffice [24/06/2017 14:50:23] - |D| - [1482] - C:\Users\Personnel\AppData\Roaming\PhotoFiltre 7 [22/06/2017 16:36:28] - |D| - [0] - C:\Users\Personnel\AppData\Roaming\QuickScan [20/06/2019 13:03:40] - |D| - [20] - C:\Users\Personnel\AppData\Roaming\simplitec [22/06/2017 12:39:41] - |D| - [77] - C:\Users\Personnel\AppData\Roaming\Skype [12/07/2017 15:20:28] - |D| - [0] - C:\Users\Personnel\AppData\Roaming\Sun [08/08/2017 10:05:21] - |D| - [373] - C:\Users\Personnel\AppData\Roaming\Yahoo [22/06/2017 12:33:04] - |SH| - [174] - C:\Users\Personnel\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini [05/06/2018 16:38:28] - |SHD| - [0] - C:\Users\Personnel\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes [22/06/2017 12:32:27] - |RD| - [28141] - C:\Users\Personnel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [05/06/2018 16:38:28] - |RD| - [3888] - C:\Users\Personnel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility [05/06/2018 16:38:28] - |RD| - [2929] - C:\Users\Personnel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [22/06/2017 12:33:04] - |RD| - [174] - C:\Users\Personnel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [05/06/2018 16:38:28] - |SH| - [264] - C:\Users\Personnel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini [10/04/2018 16:04:22] - |D| - [2183] - C:\Users\Personnel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ImageScan_V1.06.105d4 [05/06/2018 16:38:28] - |D| - [170] - C:\Users\Personnel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [12/07/2019 14:06:53] - |A| - [2417] - C:\Users\Personnel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk [22/06/2017 16:34:29] - |D| - [4692] - C:\Users\Personnel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PhotoFiltre 7 [22/06/2017 12:33:04] - |RD| - [174] - C:\Users\Personnel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [05/06/2018 16:38:28] - |RD| - [3496] - C:\Users\Personnel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools [05/06/2018 16:38:28] - |RD| - [7754] - C:\Users\Personnel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell [22/06/2017 12:33:04] - |SH| - [174] - C:\Users\Personnel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | [Public] [22/06/2017 12:33:04] - |RHD| - [196] - C:\Users\Public\AccountPictures [18/03/2017 23:03:29] - |HD| - [18102] - C:\Users\Public\Desktop [12/04/2018 01:38:24] - |ASH| - [174] - C:\Users\Public\desktop.ini [18/03/2017 23:03:29] - |RD| - [1686] - C:\Users\Public\Documents [18/03/2017 23:03:29] - |RD| - [174] - C:\Users\Public\Downloads [12/04/2018 01:38:20] - |RHD| - [1135] - C:\Users\Public\Libraries [18/03/2017 23:03:29] - |RD| - [380] - C:\Users\Public\Music [18/03/2017 23:03:29] - |RD| - [380] - C:\Users\Public\Pictures [18/03/2017 23:03:29] - |RD| - [380] - C:\Users\Public\Videos ---------- | C:\ProgramData [22/06/2017 16:26:49] - |D| - [257962628] - C:\ProgramData\Adobe [22/06/2017 16:29:40] - |A| - [47601] - C:\ProgramData\agent.1498141774.bdinstall.bin [24/06/2017 12:39:15] - |A| - [29891] - C:\ProgramData\agent.uninstall.1498300753.bdinstall.bin [22/06/2017 16:32:58] - |A| - [29984] - C:\ProgramData\agent.update.1498141970.bdinstall.bin [01/11/2017 21:01:27] - |D| - [221689302] - C:\ProgramData\Apple [01/11/2017 21:45:12] - |D| - [159712487] - C:\ProgramData\Apple Computer [05/06/2018 17:09:19] - |SHD| - [0] - C:\ProgramData\Application Data [24/06/2017 12:22:33] - |D| - [224731877] - C:\ProgramData\AVAST Software [22/06/2017 16:42:29] - |D| - [0] - C:\ProgramData\BDLogging [22/06/2017 16:34:05] - |D| - [94] - C:\ProgramData\Bitdefender [22/06/2017 16:29:34] - |D| - [0] - C:\ProgramData\Bitdefender Agent [22/06/2017 12:26:56] - |SHD| - [0] - C:\ProgramData\Bureau [29/01/2019 13:45:58] - |D| - [0] - C:\ProgramData\Canneverbe Limited [22/06/2017 16:44:00] - |A| - [478494] - C:\ProgramData\cl.1498142019.bdinstall.bin [24/06/2017 12:38:56] - |A| - [216058] - C:\ProgramData\cl.uninstall.1498300313.bdinstall.bin [22/06/2017 15:22:00] - |D| - [1855193] - C:\ProgramData\Conexant [05/06/2018 17:09:19] - |SHD| - [0] - C:\ProgramData\Documents [23/06/2017 10:45:54] - |D| - [15708861] - C:\ProgramData\HP [04/07/2019 16:51:52] - |D| - [639506] - C:\ProgramData\HP Photo Creations [19/06/2019 17:18:51] - |D| - [1965070352] - C:\ProgramData\MAGIX [22/06/2017 12:26:56] - |SHD| - [0] - C:\ProgramData\Menu Démarrer [12/04/2018 01:38:20] - |SD| - [859109990] - C:\ProgramData\Microsoft [06/06/2018 11:30:38] - |D| - [0] - C:\ProgramData\Microsoft OneDrive [22/06/2017 12:26:56] - |SHD| - [0] - C:\ProgramData\Modèles [22/06/2017 15:20:49] - |D| - [9802] - C:\ProgramData\NVIDIA [22/06/2017 15:19:49] - |D| - [3468877] - C:\ProgramData\NVIDIA Corporation [12/07/2017 15:20:00] - |D| - [72304784] - C:\ProgramData\Oracle [21/06/2018 11:20:34] - |D| - [147456] - C:\ProgramData\Packages [12/04/2018 01:38:20] - |D| - [995] - C:\ProgramData\regid.1991-06.com.microsoft [19/06/2019 17:18:39] - |D| - [380] - C:\ProgramData\simplitec [12/04/2018 01:38:20] - |D| - [0] - C:\ProgramData\SoftwareDistribution [12/04/2018 01:38:20] - |D| - [19333] - C:\ProgramData\USOPrivate [05/06/2018 16:33:28] - |D| - [8679424] - C:\ProgramData\USOShared [12/04/2018 18:23:20] - |D| - [0] - C:\ProgramData\WindowsHolographicDevices ---------- | C:\ProgramData\Microsoft\Windows\Start Menu [12/04/2018 01:38:24] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini [22/06/2017 12:26:56] - |SHD| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programmes [12/04/2018 01:38:20] - |RD| - [108641] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs [22/06/2017 15:23:05] - |A| - [1961] - C:\ProgramData\Microsoft\Windows\Start Menu\SmartAudio.lnk ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs [12/04/2018 01:38:20] - |RD| - [1614] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility [12/04/2018 01:38:20] - |RD| - [14299] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories [23/06/2017 15:35:35] - |A| - [2457] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk [22/06/2017 16:29:27] - |A| - [2457] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk [12/04/2018 01:38:20] - |RD| - [21770] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [01/11/2017 21:43:55] - |A| - [2535] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [16/03/2019 18:23:10] - |A| - [2088] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Antivirus Gratuit.lnk [28/05/2019 22:16:32] - |D| - [5066] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Driver Updater [04/04/2018 10:05:46] - |A| - [2496] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk [29/07/2017 09:58:10] - |D| - [963] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [29/01/2019 13:45:47] - |A| - [1178] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk [22/06/2017 16:30:53] - |D| - [11353] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack [22/06/2017 15:23:05] - |D| - [1979] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Conexant [12/04/2018 01:38:24] - |SH| - [530] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini [23/06/2017 18:07:49] - |A| - [2299] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk [12/04/2018 01:35:21] - |RAS| - [2349] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk [24/10/2018 20:23:13] - |D| - [4073] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [12/07/2017 15:20:21] - |D| - [6890] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java [19/06/2019 17:30:51] - |D| - [1399] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX [12/04/2018 01:38:20] - |D| - [170] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance [16/01/2019 16:57:31] - |D| - [4171] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MuseTips [22/06/2017 16:32:28] - |SD| - [7392] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.3 [19/06/2019 17:18:38] - |D| - [1208] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\simplitec [12/04/2018 01:38:20] - |RD| - [2298] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp [12/04/2018 01:38:20] - |RD| - [1458] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools [22/06/2017 16:37:06] - |A| - [2573] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visionneuse Microsoft PowerPoint .lnk [05/06/2018 16:40:52] - |A| - [1576] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [12/04/2018 01:38:24] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini [19/06/2019 17:18:39] - |A| - [2124] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\simplicheck.lnk ---------- | C:\Program Files (x86) [22/06/2017 16:29:08] - |D| - [377399015] - C:\Program Files (x86)\Adobe [24/10/2018 20:15:23] - |D| - [4057910] - C:\Program Files (x86)\Apple Software Update [28/05/2019 22:16:32] - |D| - [30793215] - C:\Program Files (x86)\Avast Driver Updater [04/04/2018 10:03:47] - |D| - [478311829] - C:\Program Files (x86)\AVAST Software [24/10/2018 20:15:28] - |D| - [631713] - C:\Program Files (x86)\Bonjour [29/01/2019 13:45:46] - |D| - [13649061] - C:\Program Files (x86)\CDBurnerXP [22/06/2017 16:30:46] - |AD| - [34136824] - C:\Program Files (x86)\Combined Community Codec Pack [12/04/2018 01:38:20] - |D| - [382409925] - C:\Program Files (x86)\Common Files [12/04/2018 01:38:24] - |ASH| - [174] - C:\Program Files (x86)\desktop.ini [24/06/2017 11:52:59] - |D| - [156004] - C:\Program Files (x86)\Gemalto [23/06/2017 18:05:28] - |D| - [759238942] - C:\Program Files (x86)\Google [04/07/2019 16:50:39] - |D| - [487529] - C:\Program Files (x86)\HP [04/07/2019 16:51:52] - |D| - [1263] - C:\Program Files (x86)\HP Photo Creations [10/04/2018 16:04:22] - |D| - [26312118] - C:\Program Files (x86)\ImageScan_V1.06.105d4 [22/06/2017 15:17:40] - |D| - [6404080] - C:\Program Files (x86)\Intel [12/04/2018 01:38:20] - |D| - [1996783] - C:\Program Files (x86)\Internet Explorer [12/07/2017 15:19:52] - |D| - [533783250] - C:\Program Files (x86)\Java [19/06/2019 17:18:51] - |D| - [614852241] - C:\Program Files (x86)\MAGIX [22/06/2017 16:36:47] - |D| - [34205731] - C:\Program Files (x86)\Microsoft Office [12/04/2018 01:38:20] - |D| - [23935] - C:\Program Files (x86)\Microsoft.NET [22/06/2017 16:36:33] - |D| - [66546585] - C:\Program Files (x86)\MSECache [19/06/2019 17:18:31] - |D| - [154033] - C:\Program Files (x86)\MSXML 4.0 [16/01/2019 16:57:31] - |D| - [2589633] - C:\Program Files (x86)\MuseTips [22/06/2017 15:19:40] - |D| - [773952] - C:\Program Files (x86)\NVIDIA Corporation [22/06/2017 16:31:45] - |AD| - [326647949] - C:\Program Files (x86)\OpenOffice 4 [22/06/2017 16:34:25] - |D| - [8329088] - C:\Program Files (x86)\PhotoFiltre 7 [19/06/2019 17:18:37] - |D| - [3044005] - C:\Program Files (x86)\simplitec [09/12/2017 12:00:04] - |HD| - [0] - C:\Program Files (x86)\Uninstall Information [22/06/2017 15:26:05] - |D| - [846194] - C:\Program Files (x86)\VulkanRT [12/04/2018 01:38:20] - |D| - [1780344] - C:\Program Files (x86)\Windows Defender [12/04/2018 01:38:20] - |D| - [625664] - C:\Program Files (x86)\Windows Mail [12/04/2018 18:19:21] - |D| - [3255239] - C:\Program Files (x86)\Windows Media Player [12/04/2018 01:38:20] - |D| - [40328] - C:\Program Files (x86)\Windows Multimedia Platform [12/04/2018 01:38:20] - |D| - [7556440] - C:\Program Files (x86)\windows nt [12/04/2018 01:38:20] - |D| - [5370120] - C:\Program Files (x86)\Windows Photo Viewer [12/04/2018 01:38:20] - |D| - [40328] - C:\Program Files (x86)\Windows Portable Devices [12/04/2018 01:38:20] - |SHD| - [0] - C:\Program Files (x86)\Windows Sidebar [12/04/2018 01:38:20] - |D| - [2251159] - C:\Program Files (x86)\WindowsPowerShell [08/08/2017 10:04:38] - |D| - [0] - C:\Program Files (x86)\Yahoo! ---------- | C:\Program Files [24/06/2017 12:23:35] - |D| - [1333912342] - C:\Program Files\AVAST Software [24/10/2018 20:15:28] - |D| - [615066] - C:\Program Files\Bonjour [29/07/2017 09:58:04] - |AD| - [46602304] - C:\Program Files\CCleaner [12/04/2018 01:38:20] - |D| - [222010186] - C:\Program Files\Common Files [22/06/2017 15:21:59] - |D| - [127965525] - C:\Program Files\CONEXANT [12/04/2018 01:38:23] - |ASH| - [174] - C:\Program Files\desktop.ini [22/06/2017 15:18:08] - |D| - [78077945] - C:\Program Files\Elantech [22/06/2017 12:26:56] - |SHD| - [0] - C:\Program Files\Fichiers communs [04/07/2019 16:50:38] - |D| - [9507301] - C:\Program Files\HP [22/06/2017 15:17:09] - |D| - [46181465] - C:\Program Files\Intel [12/04/2018 01:38:20] - |D| - [2628602] - C:\Program Files\internet explorer [24/10/2018 20:23:02] - |D| - [4266299] - C:\Program Files\iPod [24/10/2018 20:21:08] - |D| - [396554287] - C:\Program Files\iTunes [22/06/2017 15:19:40] - |D| - [922801997] - C:\Program Files\NVIDIA Corporation [19/11/2018 18:44:31] - |D| - [28219025] - C:\Program Files\rempl [22/06/2017 12:21:18] - |HD| - [0] - C:\Program Files\Uninstall Information [20/06/2019 13:22:32] - |D| - [3180114] - C:\Program Files\UNP [12/04/2018 01:38:20] - |RD| - [19299507] - C:\Program Files\Windows Defender [12/04/2018 01:38:20] - |D| - [635392] - C:\Program Files\Windows Mail [12/04/2018 18:19:21] - |D| - [4784107] - C:\Program Files\Windows Media Player [12/04/2018 01:38:20] - |D| - [46576] - C:\Program Files\Windows Multimedia Platform [12/04/2018 01:38:20] - |D| - [7823192] - C:\Program Files\windows nt [12/04/2018 01:38:20] - |D| - [6170376] - C:\Program Files\Windows Photo Viewer [12/04/2018 01:38:20] - |D| - [46576] - C:\Program Files\Windows Portable Devices [12/04/2018 01:38:20] - |D| - [106165] - C:\Program Files\Windows Security [12/04/2018 01:38:20] - |SHD| - [0] - C:\Program Files\Windows Sidebar [12/04/2018 01:38:20] - |HD| - [3004613997] - C:\Program Files\WindowsApps [12/04/2018 01:38:20] - |D| - [2501953] - C:\Program Files\WindowsPowerShell ---------- | C:\Program Files (x86)\Common Files [22/06/2017 16:29:08] - |AD| - [23594804] - C:\Program Files (x86)\Common Files\Adobe [01/11/2017 21:01:27] - |D| - [146201825] - C:\Program Files (x86)\Common Files\Apple [22/06/2017 15:17:03] - |D| - [68077283] - C:\Program Files (x86)\Common Files\Intel [18/03/2019 12:06:35] - |D| - [1975280] - C:\Program Files (x86)\Common Files\Java [19/06/2019 17:18:51] - |D| - [7909412] - C:\Program Files (x86)\Common Files\MAGIX Services [12/04/2018 01:38:20] - |D| - [123725520] - C:\Program Files (x86)\Common Files\microsoft shared [18/03/2019 12:06:00] - |D| - [1371344] - C:\Program Files (x86)\Common Files\Oracle [12/04/2018 01:38:20] - |D| - [2702] - C:\Program Files (x86)\Common Files\Services [12/04/2018 01:38:20] - |D| - [9551755] - C:\Program Files (x86)\Common Files\system ---------- | C:\Program Files\Common files [01/11/2017 21:42:57] - |D| - [168740638] - C:\Program Files\Common files\Apple [22/06/2017 15:39:18] - |D| - [633] - C:\Program Files\Common files\Atheros [09/12/2017 19:31:18] - |D| - [6271240] - C:\Program Files\Common files\Avast Software [12/04/2018 01:38:20] - |D| - [36729490] - C:\Program Files\Common files\microsoft shared [12/04/2018 01:38:20] - |D| - [2702] - C:\Program Files\Common files\Services [12/04/2018 01:38:20] - |D| - [10265483] - C:\Program Files\Common files\system ---------- | Tasks [MD5.367CF33343F709333696908C7348CCE3] - [28/05/2019 22:17:29] - |A| - [522] - C:\WINDOWS\Tasks\Avast Driver Updater Startup.job [MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [05/06/2018 17:08:17] - |AH| - [6] - C:\WINDOWS\Tasks\SA.DAT [MD5.E74F16504225A55AAF9FD40B1ABB4B88] - [05/06/2018 17:08:16] - |A| - [3482] - C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task : C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [MD5.00000000000000000000000000000000] - [24/10/2018 20:15:26] - |D| - [3510] - C:\WINDOWS\System32\Tasks\Apple [MD5.DCBF10141928B987DC9CAD6B900F6E33] - [28/05/2019 22:17:29] - |A| - [3028] - C:\WINDOWS\System32\Tasks\Avast Driver Updater Startup : C:\Program Files (x86)\Avast Driver Updater\Avast Driver Updater.exe [MD5.D5E5195F8990A6ECAD95F70B55CCD3C0] - [05/06/2018 17:08:16] - |A| - [4264] - C:\WINDOWS\System32\Tasks\Avast Emergency Update : C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [MD5.B75C83EB6FF80491CAB4638A07778316] - [16/04/2019 23:07:17] - |A| - [3856] - C:\WINDOWS\System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) : C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [MD5.B7F45D11A051E9ED91976F4E32AB6634] - [16/04/2019 23:07:17] - |A| - [3272] - C:\WINDOWS\System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) : C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [MD5.00000000000000000000000000000000] - [05/06/2018 17:08:16] - |D| - [4086] - C:\WINDOWS\System32\Tasks\Avast Software [MD5.291EE5F1A16377B996EB8585ACFB9F3E] - [05/06/2018 17:08:16] - |A| - [3332] - C:\WINDOWS\System32\Tasks\AvastUpdateTaskMachineCore : C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [MD5.5C9FBD44B3E4B25955122C456E285F6A] - [05/06/2018 17:08:16] - |A| - [3556] - C:\WINDOWS\System32\Tasks\AvastUpdateTaskMachineUA : C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [MD5.24E3A959383F590DEBCEA8B89A5E1DA8] - [05/06/2018 17:08:16] - |A| - [4210] - C:\WINDOWS\System32\Tasks\CCleaner Update : C:\Program Files\CCleaner\CCUpdate.exe [MD5.A3DAA20C3DC8E89E6E513417C43BCF5B] - [05/06/2018 17:08:16] - |A| - [2220] - C:\WINDOWS\System32\Tasks\CCleanerSkipUAC : "C:\Program Files\CCleaner\CCleaner.exe" [MD5.6CFEDB68FEA6FF5E29EEE6556F2A65EC] - [05/06/2018 17:08:16] - |A| - [3292] - C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [MD5.D314B5885C9ACF9CDDFD7EBDC42BEC71] - [05/06/2018 17:08:16] - |A| - [3516] - C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [MD5.00000000000000000000000000000000] - [12/04/2018 01:38:21] - |D| - [527162] - C:\WINDOWS\System32\Tasks\Microsoft [MD5.FF0B0A07B23FB1949D30C5A7D522665D] - [05/06/2018 17:08:17] - |A| - [3388] - C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3016070864-3641507875-3210199050-1001 : %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe [MD5.CC0F1D7FEE57E775F689F29C8DD3DAF8] - [05/06/2018 17:08:17] - |A| - [4186] - C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7A6061FF-1AA6-42F5-AA14-17A22E3B6D48} : C:\Windows\system32\msfeedssync.exe [MD5.00000000000000000000000000000000] - [12/04/2018 01:38:21] - |D| - [0] - C:\WINDOWS\Syswow64\Tasks\Microsoft ---------- | Firewall [HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules] "WiFiDirect-KM-Driver-In-TCP"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=System|Name=@wlansvc.dll,-37378|Desc=@wlansvc.dll,-37890|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "WiFiDirect-KM-Driver-Out-TCP"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=System|Name=@wlansvc.dll,-37379|Desc=@wlansvc.dll,-37891|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "WiFiDirect-KM-Driver-In-UDP"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=System|Name=@wlansvc.dll,-37380|Desc=@wlansvc.dll,-37892|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "WiFiDirect-KM-Driver-Out-UDP"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=System|Name=@wlansvc.dll,-37381|Desc=@wlansvc.dll,-37893|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "DeliveryOptimization-TCP-In"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-102|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE| "DeliveryOptimization-UDP-In"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-103|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE| "Netlogon-NamedPipe-In"=v2.28|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|Name=@netlogon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010| "Netlogon-TCP-RPC-In"=v2.28|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%SystemRoot%\System32\lsass.exe|Name=@netlogon.dll,-1008|Desc=@netlogon.dll,-1009|EmbedCtxt=@netlogon.dll,-1010| "WirelessDisplay-In-TCP"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10200|Desc=@wifidisplay.dll,-10201|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Out-TCP"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10202|Desc=@wifidisplay.dll,-10203|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Out-UDP"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10204|Desc=@wifidisplay.dll,-10205|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Infra-In-TCP"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7250|App=%systemroot%\system32\CastSrv.exe|Name=@wifidisplay.dll,-10206|Desc=@wifidisplay.dll,-10207|EmbedCtxt=@wifidisplay.dll,-100| "{D60D558C-BF5A-4221-AE8D-8A9D7691DE04}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|IF={AED4FDC3-225B-45B3-86D1-05A75A349B33}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-151|Desc=@ipnathlp.dll,-10149|EmbedCtxt=@ipnathlp.dll,-140| "{B4C40AF6-79AD-4135-B2B0-F9A1421FCEBA}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=68|IF={AED4FDC3-225B-45B3-86D1-05A75A349B33}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-145|Desc=@ipnathlp.dll,-10144|EmbedCtxt=@ipnathlp.dll,-140| "{A57279F1-3E81-4ED9-B7D5-42D031304B7A}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=67|IF={AED4FDC3-225B-45B3-86D1-05A75A349B33}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-144|Desc=@ipnathlp.dll,-10143|EmbedCtxt=@ipnathlp.dll,-140| "{1B163A33-31B5-43C2-9B76-2A7AD12E57F1}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|IF={AED4FDC3-225B-45B3-86D1-05A75A349B33}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-151|Desc=@ipnathlp.dll,-10149|EmbedCtxt=@ipnathlp.dll,-140| "{33813907-5871-4844-B9C4-29B1FA731500}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=68|IF={AED4FDC3-225B-45B3-86D1-05A75A349B33}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-145|Desc=@ipnathlp.dll,-10144|EmbedCtxt=@ipnathlp.dll,-140| "{C3702A0E-8FBA-4745-8C34-82BC44B6AE74}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=67|IF={AED4FDC3-225B-45B3-86D1-05A75A349B33}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-144|Desc=@ipnathlp.dll,-10143|EmbedCtxt=@ipnathlp.dll,-140| "{A5C501F5-D5E2-4DE5-AAB1-EB64BF654C43}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-18|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2:6:2|Platform2=GTEQ| "{E9EC4D4C-EC83-44AC-A78E-8BF16E4C3E3E}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-18|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2:6:2|Platform2=GTEQ| "{A59AD725-21ED-4816-A46A-1CA0E825F978}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Pay|Desc=Microsoft Pay|LUOwn=S-1-5-21-3016070864-3641507875-3210199050-1001|AppPkgId=S-1-15-2-567501097-281763132-502764112-1855211022-3143306454-2372101908-561929011|EmbedCtxt=Microsoft Pay|Platform=2:6:2|Platform2=GTEQ| "{154933A6-17BB-4329-954F-1BF5EDBC817E}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Win32WebViewHost|Desc=Win32WebViewHost|LUOwn=S-1-5-21-3016070864-3641507875-3210199050-1001|AppPkgId=S-1-15-2-1310292540-1029022339-4008023048-2190398717-53961996-4257829345-603366646|EmbedCtxt=Win32WebViewHost|Platform=2:6:2|Platform2=GTEQ| "{03B746AD-4708-4716-B048-4C728190B359}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Win32WebViewHost|Desc=Win32WebViewHost|LUOwn=S-1-5-21-3016070864-3641507875-3210199050-1001|AppPkgId=S-1-15-2-1310292540-1029022339-4008023048-2190398717-53961996-4257829345-603366646|EmbedCtxt=Win32WebViewHost|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{283CAFF4-10AD-4998-8430-9DD84A348D3C}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Shell Input Application|Desc=Shell Input Application|LUOwn=S-1-5-21-3016070864-3641507875-3210199050-1001|AppPkgId=S-1-15-2-3945102849-3632965805-3846928828-240845225-3300287824-62672950-817265009|EmbedCtxt=Shell Input Application|Platform=2:6:2|Platform2=GTEQ| "{48091DB9-4385-4B7B-9C7F-7599B3F7013F}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Twitter|Desc=Twitter|LUOwn=S-1-5-21-3016070864-3641507875-3210199050-1001|AppPkgId=S-1-15-2-1063257880-1914585122-1954150059-946145533-116938067-416079064-1690466945|EmbedCtxt=Twitter|Platform=2:6:2|Platform2=GTEQ| "{7F6610E1-7BCD-4EC6-B778-9383494B7C7A}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe|Name=Apple Push Service|Edge=TRUE| "{0204507A-72F1-470C-B451-02F01E90D373}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\Bonjour\mDNSResponder.exe|Name=Service Bonjour| "{6B49E7CA-6E5C-4974-B183-1436FCAFAC03}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\Bonjour\mDNSResponder.exe|Name=Service Bonjour| "{E03BE767-E540-44A5-A336-D1FACEFE6D16}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Bonjour\mDNSResponder.exe|Name=Service Bonjour| "{ED007B3E-3E94-477F-A5AA-33049332742C}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Bonjour\mDNSResponder.exe|Name=Service Bonjour| "{C953D747-4F30-4664-9358-B1FFEAA9AE35}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox TCUI|Desc=Xbox TCUI|LUOwn=S-1-5-21-3016070864-3641507875-3210199050-1001|AppPkgId=S-1-15-2-2603511428-3224021693-1028932517-3941269705-3349582775-2312504883-4057327947|EmbedCtxt=Xbox TCUI|Platform=2:6:2|Platform2=GTEQ| "{A6019013-BFC7-4C9D-9C84-92AE5C28ADE9}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\CCleaner\CCUpdate.exe|Name=CCleaner Update| "{81073A54-D7F4-4079-A77F-B0280A7D5E07}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\CCleaner\CCUpdate.exe|Name=CCleaner Update| "{29425DE9-C4AE-4507-8473-582DF7CEAB8B}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Messenger|Desc=Messenger|LUOwn=S-1-5-21-3016070864-3641507875-3210199050-1001|AppPkgId=S-1-15-2-1345574982-3131358661-52681180-1453525950-1322691609-2529609693-64475048|EmbedCtxt=Messenger|Platform=2:6:2|Platform2=GTEQ| "{50601D06-29CE-4380-96BD-24C2513DEC3B}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Print 3D|Desc=Print 3D|LUOwn=S-1-5-21-3016070864-3641507875-3210199050-1001|AppPkgId=S-1-15-2-4177018473-2823706547-3652141868-2730301309-560159678-43221128-488844051|EmbedCtxt=Print 3D|Platform=2:6:2|Platform2=GTEQ| "{D3069074-80F3-4F92-97B6-DE2C72E0E3BE}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Print 3D|Desc=Print 3D|LUOwn=S-1-5-21-3016070864-3641507875-3210199050-1001|AppPkgId=S-1-15-2-4177018473-2823706547-3652141868-2730301309-560159678-43221128-488844051|EmbedCtxt=Print 3D|Platform=2:6:2|Platform2=GTEQ| "{744AAB60-E527-4A8F-82BC-4AE248A9C5B5}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox gaming overlay|Desc=Xbox gaming overlay|LUOwn=S-1-5-21-3016070864-3641507875-3210199050-1001|AppPkgId=S-1-15-2-1714399563-1326177402-2048222277-143663168-2151391019-765408921-4098702777|EmbedCtxt=Xbox gaming overlay|Platform=2:6:2|Platform2=GTEQ| "{EFEA74EC-1E12-4FA7-BB6C-E39D326EB098}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=3D Builder|Desc=3D Builder|LUOwn=S-1-5-21-3016070864-3641507875-3210199050-1001|AppPkgId=S-1-15-2-3995430443-3719053022-3339397951-2895237338-2437516106-1575886070-2755610054|EmbedCtxt=3D Builder|Platform=2:6:2|Platform2=GTEQ| "{168D8F66-4767-4909-B3B0-25A5D8F019F8}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-3016070864-3641507875-3210199050-1001|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ| "{4DF54A63-5FDE-4564-AB5E-2DC38A5BB30E}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-3016070864-3641507875-3210199050-1001|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ| "{23CE32E2-658D-411B-894E-1E9A33F6C147}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files (x86)\Google\Chrome\Application\chrome.exe|Name=Google Chrome (mDNS-In)|Desc=Règle de trafic entrant pour Google Chrome autorisant le trafic mDNS|EmbedCtxt=Google Chrome| "{FD8EB264-6C79-422E-A999-19AB3CC611BF}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe|Name=Avast Secure Browser (mDNS-In)|Desc=Règle de trafic entrant pour Avast Secure Browser autorisant le trafic mDNS|EmbedCtxt=Avast Secure Browser| "{10C3C42B-2531-480D-9868-1CEE5E641893}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Sticky Notes|Desc=Microsoft Sticky Notes|LUOwn=S-1-5-21-3016070864-3641507875-3210199050-1001|AppPkgId=S-1-15-2-3539788797-2700867667-1432428195-1581642-2885308443-3834444517-2495346167|EmbedCtxt=Microsoft Sticky Notes|Platform=2:6:2|Platform2=GTEQ| "{F1A6A002-5D16-4CE0-837B-DADFBF7614E6}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Microsoft Sticky Notes|Desc=Microsoft Sticky Notes|LUOwn=S-1-5-21-3016070864-3641507875-3210199050-1001|AppPkgId=S-1-15-2-3539788797-2700867667-1432428195-1581642-2885308443-3834444517-2495346167|EmbedCtxt=Microsoft Sticky Notes|Platform=2:6:2|Platform2=GTEQ| "{F1D3122A-8372-4E1A-95E5-C2ABD83602F4}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=HP Smart|Desc=HP Smart|LUOwn=S-1-5-21-3016070864-3641507875-3210199050-1001|AppPkgId=S-1-15-2-744533573-2444454674-265863901-3215465728-4115286053-1341080355-789689510|EmbedCtxt=HP Smart|Platform=2:6:2|Platform2=GTEQ| "{0E19D51F-EBE1-4104-B5C0-7522AA3BD60B}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=HP Smart|Desc=HP Smart|LUOwn=S-1-5-21-3016070864-3641507875-3210199050-1001|AppPkgId=S-1-15-2-744533573-2444454674-265863901-3215465728-4115286053-1341080355-789689510|EmbedCtxt=HP Smart|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{6DEE11A6-6896-4695-9E8C-5CEA5AD1720A}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Keeper - Password Manager & Secure File Storage|Desc=Keeper - Password Manager & Secure File Storage|LUOwn=S-1-5-21-3016070864-3641507875-3210199050-1001|AppPkgId=S-1-15-2-1693445186-3345176799-2248129915-4000651515-812732840-1010160964-1868342332|EmbedCtxt=Keeper - Password Manager & Secure File Storage|Platform=2:6:2|Platform2=GTEQ| "{06BAD92B-D430-425A-BE91-E84322209F9E}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Keeper - Password Manager & Secure File Storage|Desc=Keeper - Password Manager & Secure File Storage|LUOwn=S-1-5-21-3016070864-3641507875-3210199050-1001|AppPkgId=S-1-15-2-1693445186-3345176799-2248129915-4000651515-812732840-1010160964-1868342332|EmbedCtxt=Keeper - Password Manager & Secure File Storage|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{BC7A2454-A569-4CAC-A434-74B9BB4276FB}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox Game Bar Plugin|Desc=Xbox Game Bar Plugin|LUOwn=S-1-5-21-3016070864-3641507875-3210199050-1001|AppPkgId=S-1-15-2-1823635404-1364722122-2170562666-1762391777-2399050872-3465541734-3732476201|EmbedCtxt=Xbox Game Bar Plugin|Platform=2:6:2|Platform2=GTEQ| ---------- | Control\Class [HKLM\SYSTEM\CurrentControlSet\Control\Class\{05f5cfe2-4733-4950-a6bb-07aad01a3a84}] : (XboxComposite) [] -> @dc1-controller.inf,%ClassName%;Xbox Peripherals [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1264760F-A5C8-4BFE-B314-D56A7B44A362}] : (DXGKrnl) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{13e42dfa-85d9-424d-8646-28a70f864f9c}] : (RemotePosDevice) [] -> @remoteposdrv.inf,%ClassName%;POS Remote Device [HKLM\SYSTEM\CurrentControlSet\Control\Class\{14b62f50-3f15-11dd-ae16-0800200c9a66}] : (DigitalMediaDevices) [] -> @digitalmediadevice.inf,%ClassName%;Digital Media Devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}] : (PrintQueue) [] -> @printqueue.inf,%ClassName%;Print queues [HKLM\SYSTEM\CurrentControlSet\Control\Class\{25dbce51-6c8f-4a72-8a6d-b54c2b4fc835}] : (WCEUSBS) [] -> @%SystemRoot%\System32\SysClass.Dll,-3026 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{268c95a1-edfe-11d3-95c3-0010dc4050a5}] : (SecurityAccelerator) [] -> @c_sslaccel.inf,%ClassName%;Security accelerators [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2a9fe532-0cdc-44f9-9827-76192f2ca2fb}] : (HidMsr) [] -> @c_magneticstripereader.inf,%ClassName%;POS HID Magnetic Stripe Reader [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2db15374-706e-4131-a0c7-d7c78eb0289a}] : (SystemRecovery) [] -> @c_fssystemrecovery.inf,%ClassDesc%;FS System recovery filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B648}] : (fvevol) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B649}] : (fvevol) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{36fc9e60-c465-11cf-8056-444553540000}] : (USB) [] -> @%SystemRoot%\System32\SysClass.Dll,-3025 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3e3f0674-c83c-4558-bb26-9820e1eba5c5}] : (ContentScreener) [] -> @c_fscontentscreener.inf,%ClassDesc%;FS Content screener filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{43675d81-502a-4a82-9f84-b75f418c5dea}] : (Media Center Extender) [] -> @c_mcx.inf,%ClassDesc%;Media Center Extenders [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4532C9EB-FEF9-43AC-83DA-D5DE1F9A2BFF}] : (nvpciflt) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4658ee7e-f050-11d1-b6bd-00c04fa372a7}] : (PnpPrinters) [] -> @%SystemRoot%\system32\ntprint.dll,-1300 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{48721b56-6795-11d2-b1a8-0080c72e74a2}] : (Dot4) [] -> @%SystemRoot%\system32\sysclass.dll,-3023 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{48d3ebc4-4cf8-48ff-b869-9c68ad42eb9f}] : (Replication) [] -> @c_fsreplication.inf,%ClassDesc%;FS Replication filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{49ce6ac8-6f86-11d2-b1e5-0080c72e74a2}] : (Dot4Print) [] -> @%SystemRoot%\system32\sysclass.dll,-3024 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e965-e325-11ce-bfc1-08002be10318}] : (CDROM) [] -> @%SystemRoot%\System32\StorProp.dll,-17001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e966-e325-11ce-bfc1-08002be10318}] : (Computer) [] -> @%SystemRoot%\System32\SysClass.dll,-3000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}] : (DiskDrive) [] -> @c_diskdrive.inf,%ClassDesc%;Disk drives [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}] : (Display) [] -> @c_display.inf,%ClassDesc%;Display adapters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e969-e325-11ce-bfc1-08002be10318}] : (FDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3013 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96a-e325-11ce-bfc1-08002be10318}] : (HDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96b-e325-11ce-bfc1-08002be10318}] : (Keyboard) [] -> @%SystemRoot%\System32\SysClass.Dll,-3002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96c-e325-11ce-bfc1-08002be10318}] : (MEDIA) [] -> @%SystemRoot%\System32\mmci.dll,-3000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}] : (Modem) [] -> @%SystemRoot%\System32\mdminst.dll,-14100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96e-e325-11ce-bfc1-08002be10318}] : (Monitor) [] -> @c_monitor.inf,%ClassDesc%;Monitors [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96f-e325-11ce-bfc1-08002be10318}] : (Mouse) [] -> @%SystemRoot%\System32\SysClass.Dll,-3004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e970-e325-11ce-bfc1-08002be10318}] : (MTD) [] -> @%SystemRoot%\System32\SysClass.Dll,-3021 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e971-e325-11ce-bfc1-08002be10318}] : (MultiFunction) [] -> @%SystemRoot%\System32\SysClass.Dll,-3014 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}] : (Net) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1502 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e973-e325-11ce-bfc1-08002be10318}] : (NetClient) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1504 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e974-e325-11ce-bfc1-08002be10318}] : (NetService) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1505 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e975-e325-11ce-bfc1-08002be10318}] : (NetTrans) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1503 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e977-e325-11ce-bfc1-08002be10318}] : (PCMCIA) [] -> @%SystemRoot%\System32\SysClass.Dll,-3010 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e978-e325-11ce-bfc1-08002be10318}] : (Ports) [] -> @%SystemRoot%\System32\msports.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e979-e325-11ce-bfc1-08002be10318}] : (Printer) [] -> @%SystemRoot%\system32\ntprint.dll,-1004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97b-e325-11ce-bfc1-08002be10318}] : (SCSIAdapter) [] -> @%SystemRoot%\System32\SysClass.Dll,-3005 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97d-e325-11ce-bfc1-08002be10318}] : (System) [] -> @%SystemRoot%\System32\SysClass.Dll,-3008 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97e-e325-11ce-bfc1-08002be10318}] : (Unknown) [] -> @%SystemRoot%\System32\SysClass.Dll,-3009 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e980-e325-11ce-bfc1-08002be10318}] : (FloppyDisk) [] -> @%SystemRoot%\System32\SysClass.Dll,-3015 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4fc9541c-0fe6-4480-a4f6-9495a0d17cd2}] : (HidLineDisplay) [] -> @c_linedisplay.inf,%ClassName%;POS Line Display [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50127dc3-0f36-415e-a6cc-4cb3be910b65}] : (Processor) [] -> @c_processor.inf,%ClassDesc%;Processors [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50906cb8-ba12-11d1-bf5d-0000f805f530}] : (MultiPortSerial) [] -> @%SystemRoot%\system32\sysclass.dll,-3022 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5099944a-f6b9-4057-a056-8c550228544c}] : (Memory) [] -> @%SystemRoot%\System32\SysClass.Dll,-3018 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50dd5230-ba8a-11d1-bf5d-0000f805f530}] : (SmartCardReader) [] -> @%SystemRoot%\System32\StorProp.dll,-17002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5175d334-c371-4806-b3ba-71fd53c9258d}] : (Sensor) [] -> @%SystemRoot%\system32\SensorsCpl.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{533c5b84-ec70-11d2-9505-00c04f79deaf}] : (VolumeSnapshot) [] -> @%SystemRoot%\System32\SysClass.Dll,-3011 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53487c23-680f-4585-acc3-1f10d6777e82}] : (SmrDisk) [] -> @c_smrdisk.inf,%ClassDesc%;Shingled magnetic recording disks [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53966cb1-4d46-4166-bf23-c522403cd495}] : (ScmDisk) [] -> @c_scmdisk.inf,%ClassDesc%;Persistent memory disks [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53b3cf03-8f5a-4788-91b6-d19ed9fcccbf}] : (SmrVolume) [] -> @c_smrvolume.inf,%ClassDesc%;Shingled magnetic recording volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53ccb149-e543-4c84-b6e0-bce4f6b7e806}] : (ScmVolume) [] -> @c_scmvolume.inf,%ClassDesc%;Storage Class Memory volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53d29ef7-377c-4d14-864b-eb3a85769359}] : (Biometric) [] -> @%SystemRoot%\System32\SysClass.DLL,-3028 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5630831c-06c9-4856-b327-f5d32586e060}] : (Proximity) [] -> @c_proximity.inf,%ClassDesc%;Proximity devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5989fce8-9cd0-467d-8a6a-5419e31529d4}] : (AudioProcessingObject) [] -> @c_apo.inf,%ClassDesc%;Audio Processing Objects (APOs) [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5aea001d-9372-4ed7-97f3-b79bf15a53c5}] : (OposLegacyDevice) [] -> @oposdrv.inf,%ClassName%;OPOS Legacy Device [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5c4c3332-344d-483c-8739-259e934c9cc8}] : (SoftwareComponent) [] -> @c_swcomponent.inf,%ClassDesc%;Software components [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5d1b9aaa-01e2-46af-849f-272b3f324c46}] : (FSFilterSystem) [] -> @c_fssystem.inf,%ClassDesc%;FS System filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{62f9c741-b25a-46ce-b54c-9bccce08b6f2}] : (SoftwareDevice) [] -> @c_swdevice.inf,%ClassDesc%;Software devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{645ad99b-1344-4316-837a-08a3e73db222}] : (PerceptionSimulation) [] -> @PerceptionSimulationSixDof.inf,%ClassName%;Perception Simulation Controllers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6a0a8e78-bba6-4fc4-a709-1e33cd09d67e}] : (PhysicalQuotaManagement) [] -> @c_fsphysicalquotamgmt.inf,%ClassDesc%;FS Physical quota management filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc1-810f-11d0-bec7-08002be2092f}] : (1394) [] -> @%SystemRoot%\System32\SysClass.Dll,-3016 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc5-810f-11d0-bec7-08002be2092f}] : (Infrared) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1501 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc6-810f-11d0-bec7-08002be2092f}] : (Image) [] -> @%SystemRoot%\system32\sti_ci.dll,-52 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6d807884-7d21-11cf-801c-08002be10318}] : (TapeDrive) [] -> @%SystemRoot%\System32\SysClass.Dll,-3006 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6FAE73B7-B735-4B50-A0DA-0DC2484B1F1A}] : (BasicDisplay) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{71a27cdd-812a-11d0-bec7-08002be2092f}] : (Volume) [] -> @c_volume.inf,%ClassDesc%;Storage volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{71aa14f8-6fad-4622-ad77-92bb9d7e6947}] : (ContinuousBackup) [] -> @c_fscontinuousbackup.inf,%ClassDesc%;FS Continuous backup filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{72631e54-78a4-11d0-bcf7-00aa00b7b32a}] : (Battery) [] -> @%SystemRoot%\system32\powrprof.dll,-611 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{745a17a0-74d3-11d0-b6fe-00a0c90f57da}] : (HIDClass) [] -> @%SystemRoot%\System32\hid.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{772e18f2-8925-4229-a5ac-6453cb482fda}] : (HidCashDrawer) [] -> @c_cashdrawer.inf,%ClassName%;POS Cash Drawer [HKLM\SYSTEM\CurrentControlSet\Control\Class\{7ebefbc0-3200-11d2-b4c2-00a0c9697d07}] : (61883) [] -> @%SystemRoot%\System32\SysClass.Dll,-3019 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{81C87465-DE07-4EFC-9D93-61E891D52FD2}] : (RdpVideoMiniport) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8496e87e-c0a1-4102-9d8d-bd9a9b8b07a9}] : (WDC_SAM) [] -> @oem29.inf,%WDC_SAM_ClassName%;WD Drive Management devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8503c911-a6c7-4919-8f79-5028f5866b0c}] : (QuotaManagement) [] -> @c_fsquotamgmt.inf,%ClassDesc%;FS Quota management filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{87ef9ad1-8f70-49ee-b215-ab1fcadcbe3c}] : (NetDriver) [] -> @c_netdriver.inf,%ClassDesc%;Universal Network Drivers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{88a1c342-4539-11d3-b88d-00c04fad5171}] : (TS_Generic) [] -> @ts_generic.inf,%TSClassName%;Generic Remote Desktop devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{88bae032-5a81-49f0-bc3d-a4ff138216d6}] : (USBDevice) [] -> @%SystemRoot%\System32\SysClass.Dll,-3029 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{89786ff1-9c12-402f-9c9e-17753c7f4375}] : (CopyProtection) [] -> @c_fscopyprotection.inf,%ClassDesc%;FS Copy protection filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8ecc055d-047f-11d1-a537-0000f8753ed1}] : (LegacyDriver) [] -> @%SystemRoot%\System32\SysClass.Dll,-3003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{990a2bd7-e738-46c7-b26f-1cf8fb9f1391}] : (SmartCard) [] -> @%SystemRoot%\System32\SysClass.DLL,-3031 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{9da2b80f-f89f-4a49-a5c2-511b085b9e8a}] : (EhStorSilo) [] -> @rawsilo.inf,%ClassName%;IEEE 1667 silo and control devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a588a4-c46f-4b37-b7ea-c82fe89870c6}] : (SDHost) [] -> @%SystemRoot%\System32\SysClass.Dll,-3012 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a701c0-a511-42ff-aa6c-06dc0395576f}] : (Encryption) [] -> @c_fsencryption.inf,%ClassDesc%;FS Encryption filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{A3E32DBA-BA89-4F17-8386-2D0127FBD4CC}] : (rdpbus) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{A73C93F1-9727-4D1D-ACE1-0E333BA4E7DB}] : (nvlddmkm) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b1d1a169-c54f-4379-81db-bee7d88d7454}] : (AntiVirus) [] -> @c_fsantivirus.inf,%ClassDesc%;FS Anti-virus filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b2728d24-ac56-42db-9e02-8edaf5db652f}] : (RDCamera) [] -> @rdcameradriver.inf,%ClassName%;Remote Desktop Camera devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b86dff51-a31e-4bac-b3cf-e8cfe75c9fc2}] : (ActivityMonitor) [] -> @c_fsactivitymonitor.inf,%ClassDesc%;FS Activity monitor filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{bbbe8734-08fa-4966-b6a6-4e5ad010cdd7}] : (USBFunctionController) [] -> @%SystemRoot%\System32\SysClass.Dll,-3030 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c06ff265-ae09-48f0-812c-16753d7cba83}] : (AVC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3027 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c166523c-fe0c-4a94-a586-f1a80cfbbf3e}] : (AudioEndpoint) [] -> @audioendpoint.inf,%ClassName%;Audio inputs and outputs [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c243ffbd-3afc-45e9-b3d3-2ba18bc7ebc5}] : (BarcodeScanner) [] -> @c_barcodescanner.inf,%ClassName%;POS Barcode Scanner [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c30ecea0-11ef-4ef9-b02e-6af81e6e65c0}] : (WSDPrintDevice) [] -> @wsdprint.inf,%ClassName%;WSD Print Provider [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c7bc9b22-21f0-4f0d-9bb6-66c229b8cd33}] : (POSPrinter) [] -> @c_receiptprinter.inf,%ClassName%;POS Receipt Printer [HKLM\SYSTEM\CurrentControlSet\Control\Class\{ca3e7ab9-b4c3-4ae6-8251-579ef933890f}] : (Camera) [] -> @c_camera.inf,%ClassDesc%;Cameras [HKLM\SYSTEM\CurrentControlSet\Control\Class\{cdcf0939-b75b-4630-bf76-80f7ba655884}] : (CFSMetadataServer) [] -> @c_fscfsmetadataserver.inf,%ClassDesc%;FS CFS metadata server filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{ce5939ae-ebde-11d0-b181-0000f8753ec4}] : (MediumChanger) [] -> @%SystemRoot%\System32\StorProp.dll,-17003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d02bc3da-0c8e-4945-9bd5-f1883c226c8c}] : (SecurityEnhancer) [] -> @c_fssecurityenhancer.inf,%ClassDesc%;FS Security enhancer filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d421b08e-6d16-41ca-9c4d-9147e5ac98e0}] : (Miracast) [] -> @miradisp.inf,%ClassName%;Miracast display devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d48179be-ec20-11d1-b6b8-00c04fa372a7}] : (SBP2) [] -> @%SystemRoot%\System32\SysClass.Dll,-3017 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d546500a-2aeb-45f6-9482-f4b1799c3177}] : (HSM) [] -> @c_fshsm.inf,%ClassDesc%;FS HSM filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d612553d-06b1-49ca-8938-e39ef80eb16f}] : (Holographic) [] -> @c_holographic.inf,%ClassName%;Mixed Reality devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d61ca365-5af4-4486-998b-9db4734c6ca3}] : (XnaComposite) [] -> @xusb22.inf,%XUSB22.ClassName%;Xbox 360 Peripherals [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d94ee5d8-d189-4994-83d2-f68d7d41b0e6}] : (SecurityDevices) [] -> @%SystemRoot%\System32\SysClass.Dll,-3020 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{db4f6ddd-9c0e-45e4-9597-78dbbad0f412}] : (SmartCardFilter) [] -> @%SystemRoot%\System32\SysClass.DLL,-3032 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e0cbf06c-cd8b-4647-bb8a-263b43f0f974}] : (Bluetooth) [] -> @%SystemRoot%\system32\bthci.dll,-4001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e2f84ce7-8efa-411c-aa69-97454ca4cb57}] : (Extension) [] -> @c_extension.inf,%ClassDesc%;Extensions [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e55fa6f9-128c-4d04-abab-630c74b1453a}] : (Infrastructure) [] -> @c_fsinfrastructure.inf,%ClassDesc%;FS Infrastructure filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e6f1aa1c-7f3b-4473-b2e8-c97d8ac71d53}] : (UCM) [] -> @c_ucm.inf,%ClassDesc%;USB Connector Managers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{eec5ad98-8080-425f-922a-dabf3de3f69a}] : (WPD) [] -> @%SystemRoot%\System32\wpd_ci.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f2e7dd72-6468-4e36-b6f1-6488f42c1b52}] : (Firmware) [] -> @c_firmware.inf,%ClassDesc%;Firmware [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f3586baf-b5aa-49b5-8d6c-0569284c639f}] : (Compression) [] -> @c_fscompression.inf,%ClassDesc%;FS Compression filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f75a86c0-10d8-4c3a-b233-ed60e4cdfaac}] : (Virtualization) [] -> @c_fsvirtualization.inf,%ClassDesc%;FS Virtualization filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f8ecafa6-66d1-41a5-899b-66585d7216b7}] : (OpenFileBackup) [] -> @c_fsopenfilebackup.inf,%ClassDesc%;FS Open file backup filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{fe8f1572-c67a-48c0-bbac-0b5c6d66cafb}] : (Undelete) [] -> @c_fsundelete.inf,%ClassDesc%;FS Undelete filters [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5] -> elstrans.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) ---------- | Loaded modules (whitelist) [03/08/2016 07:08:04] - (2.1.0.1) - (Toshiba Client Solutions Co., Ltd. - TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver) - C:\WINDOWS\System32\drivers\TVALZ_O.SYS [15/05/2017 12:44:08] - (21.21.13.7719) - (NVIDIA Corporation - NVIDIA Windows Kernel Mode Driver, Version 377.19) - C:\WINDOWS\system32\DRIVERS\nvpciflt.sys [15/05/2017 12:43:48] - (21.21.13.7719) - (NVIDIA Corporation - NVIDIA Windows Kernel Mode Driver, Version 377.19) - C:\WINDOWS\System32\DriverStore\FileRepository\nvtd.inf_amd64_c34aa07807f46c95\nvlddmkm.sys [12/04/2018 01:33:45] - (3.0.2.201) - (Qualcomm Atheros Communications, Inc. - Qualcomm Atheros Extensible Wireless LAN device driver) - C:\WINDOWS\System32\drivers\athw8x.sys [12/04/2018 01:33:48] - (2.1.0.16) - (Qualcomm Atheros Co., Ltd. - Qualcomm Atheros Ar81xx series PCI-E Gigabit Ethernet Controller) - C:\WINDOWS\System32\drivers\L1C63x64.sys [25/09/2015 19:58:06] - (15.7.8.23) - (ELAN Microelectronics Corp. - ELAN KMDF Driver) - C:\WINDOWS\system32\DRIVERS\ETD.sys [26/09/2016 05:56:08] - (10.16.813.0) - (Toshiba Client Solutions Co., Ltd. - TOSHIBA Bluetooth ACPI Driver) - C:\WINDOWS\System32\drivers\tosrfec.sys [28/05/2015 03:13:18] - (5.0.0.0) - (TOSHIBA - Generic IO & Memory Access) - C:\WINDOWS\System32\drivers\QIOMem.sys [03/08/2016 00:30:16] - (9.2.0.1) - (Toshiba Client Solutions Co., Ltd. - Toshiba Hotkey Driver) - C:\WINDOWS\System32\drivers\Thotkey.sys [20/03/2017 14:26:48] - (8.66.43.0) - (Conexant Systems Inc. - 64-bit High Definition Audio Function Driver) - C:\WINDOWS\system32\drivers\CHDRT64.sys [27/07/2015 04:04:48] - (10.0.1.1) - (Qualcomm Atheros - Qualcomm Atheros BtFilter Driver) - C:\WINDOWS\system32\DRIVERS\btfilter.sys ---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service S0 - [Kernel Driver] - 3ware () -> System32\drivers\3ware.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - ACPI (@acpi.inf,%ACPI.SvcDesc%;Microsoft ACPI Driver) -> System32\drivers\ACPI.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - acpiex (Microsoft ACPIEx Driver) -> System32\Drivers\acpiex.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - ADP80XX () -> System32\drivers\ADP80XX.SYS - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdsata () -> System32\drivers\amdsata.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdsbs () -> System32\drivers\amdsbs.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdxata () -> System32\drivers\amdxata.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - arcsas (@arcsas.inf,%arcsas_ServiceName%;Adaptec SAS/SATA-II RAID Storport's Miniport Driver) -> System32\drivers\arcsas.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - aswArDisk (aswArDisk) -> system32\drivers\aswArDisk.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - aswbidsh (aswbidsh) -> system32\drivers\aswbidsh.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - aswbuniv (aswbuniv) -> system32\drivers\aswbuniv.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - aswElam (aswElam) -> system32\drivers\aswElam.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - aswRvrt (aswRvrt) -> system32\drivers\aswRvrt.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - aswVmm (aswVmm) -> system32\drivers\aswVmm.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - atapi (@mshdc.inf,%idechannel.DeviceDesc%;IDE Channel) -> System32\drivers\atapi.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - b06bdrv (@netbvbda.inf,%vbd_srv_desc%;QLogic Network Adapter VBD) -> System32\drivers\bxvbda.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - bttflt (@virtdisk.inf,%service_desc%;Microsoft Hyper-V VHDPMEM BTT Filter) -> System32\drivers\bttflt.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - cht4iscsi () -> System32\drivers\cht4sx64.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - CLFS (@%SystemRoot%\system32\drivers\clfs.sys,-100) -> System32\drivers\CLFS.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - CNG () -> System32\Drivers\cng.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - Disk (@disk.inf,%disk_ServiceDesc%;Disk Driver) -> System32\drivers\disk.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - ebdrv (@netevbda.inf,%vbd_srv_desc%;QLogic 10 Gigabit Ethernet Adapter VBD) -> System32\drivers\evbda.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - EhStorClass (@%SystemRoot%\system32\drivers\EhStorClass.sys,-100) -> System32\drivers\EhStorClass.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - EhStorTcgDrv (@ehstortcgdrv.inf,%EhStorTcgDrv.Desc%;Microsoft driver for storage devices supporting IEEE 1667 and TCG protocols) -> System32\drivers\EhStorTcgDrv.sys - AcceptPause: False - AcceptStop: False R0 - [File System Driver] - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) -> System32\drivers\fileinfo.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) -> system32\drivers\fltmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) -> System32\DRIVERS\fvevol.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - HpSAMD () -> System32\drivers\HpSAMD.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) -> System32\drivers\hwpolicy.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - iaStorAVC (@iastorav.inf,%iaStorAVC.DeviceDesc%;Intel Chipset SATA RAID Controller) -> System32\drivers\iaStorAVC.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - iaStorV (@iastorv.inf,%*PNP0600.DeviceDesc%;Intel RAID Controller Windows 7) -> System32\drivers\iaStorV.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - intelide () -> System32\drivers\intelide.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - intelpep (@intelpep.inf,%INTELPEP.SVCDESC%;Intel(R) Power Engine Plug-in Driver) -> System32\drivers\intelpep.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - iorate (@%SystemRoot%\system32\drivers\iorate.sys,-101) -> system32\drivers\iorate.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - isapnp () -> System32\drivers\isapnp.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - ItSas35i () -> System32\drivers\ItSas35i.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - KSecDD () -> System32\Drivers\ksecdd.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - KSecPkg () -> System32\Drivers\ksecpkg.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - LSI_SAS () -> System32\drivers\lsi_sas.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SAS2i () -> System32\drivers\lsi_sas2i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SAS3i () -> System32\drivers\lsi_sas3i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SSS () -> System32\drivers\lsi_sss.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasas () -> System32\drivers\megasas.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasas2i () -> System32\drivers\MegaSas2i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasas35i () -> System32\drivers\megasas35i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasr () -> System32\drivers\megasr.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) -> System32\drivers\mountmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - msisadrv () -> System32\drivers\msisadrv.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - Mup (@%systemroot%\system32\drivers\mup.sys,-101) -> System32\Drivers\mup.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - mvumis () -> System32\drivers\mvumis.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) -> system32\drivers\ndis.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - nvpciflt () -> system32\DRIVERS\nvpciflt.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - nvraid () -> System32\drivers\nvraid.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - nvstor () -> System32\drivers\nvstor.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) -> System32\drivers\partmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - pci (@pci.inf,%pci_svcdesc%;Pilote de bus PCI) -> System32\drivers\pci.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - pciide () -> System32\drivers\pciide.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - pcmcia () -> System32\drivers\pcmcia.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - pcw (Performance Counters for Windows Driver) -> System32\drivers\pcw.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - pdc (@%SystemRoot%\system32\drivers\pdc.sys,-100) -> system32\drivers\pdc.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - percsas2i () -> System32\drivers\percsas2i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - percsas3i () -> System32\drivers\percsas3i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - Ramdisk (Windows RAM Disk Driver) -> system32\DRIVERS\ramdisk.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - rdyboost (ReadyBoost) -> System32\drivers\rdyboost.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - sbp2port (@sbp2.inf,%sbp2_ServiceDesc%;SBP-2 Transport/Protocol Bus Driver) -> System32\drivers\sbp2port.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - scmbus (@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver) -> System32\drivers\scmbus.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - SgrmAgent (@%SystemRoot%\System32\Drivers\SgrmAgent.sys,-1001) -> system32\drivers\SgrmAgent.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - SiSRaid2 () -> System32\drivers\SiSRaid2.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - SiSRaid4 () -> System32\drivers\sisraid4.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - spaceport (@spaceport.inf,%Spaceport_ServiceDesc%;Storage Spaces Driver) -> System32\drivers\spaceport.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - stexstor () -> System32\drivers\stexstor.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - storahci (@mshdc.inf,%storahci_ServiceDescription%;Microsoft Standard SATA AHCI Driver) -> System32\drivers\storahci.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - storflt (@wstorflt.inf,%service_desc%;Microsoft Hyper-V Storage Accelerator) -> System32\drivers\vmstorfl.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - stornvme (@stornvme.inf,%StorNVMe_ServiceDesc%;Microsoft Standard NVM Express Driver) -> System32\drivers\stornvme.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storufs (@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver) -> System32\drivers\storufs.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storvsc () -> System32\drivers\storvsc.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - Tcpip (@%SystemRoot%\system32\drivers\tcpip.sys,-10001) -> System32\drivers\tcpip.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - TVALZ (@oem16.inf,%TVALZ.SvcDesc%;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver) -> System32\drivers\TVALZ_O.SYS - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - vdrvroot (@vdrvroot.inf,%vdrvroot_svcdesc%;Microsoft Virtual Drive Enumerator) -> System32\drivers\vdrvroot.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - vmbus (@wvmbus.inf,%vmbus.SVCDESC%;Virtual Machine Bus) -> System32\drivers\vmbus.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - volmgr (@volmgr.inf,%volmgr_svcdesc%;Volume Manager Driver) -> System32\drivers\volmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) -> System32\drivers\volmgrx.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volsnap (@%SystemRoot%\system32\drivers\volsnap.sys,-100) -> System32\drivers\volsnap.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volume (@volume.inf,%VolumeServiceDesc%;Volume driver) -> System32\drivers\volume.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - vsmraid () -> System32\drivers\vsmraid.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - VSTXRAID (@vstxraid.inf,%Driver.DeviceDesc%;VIA StorX Storage RAID Controller Windows Driver) -> System32\drivers\vstxraid.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) -> system32\drivers\Wdf01000.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WFPLWFS (@%SystemRoot%\System32\drivers\wfplwfs.sys,-6000) -> System32\drivers\wfplwfs.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WindowsTrustedRT (Windows Trusted Execution Environment Class Extension) -> system32\drivers\WindowsTrustedRT.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WindowsTrustedRTProxy (@WindowsTrustedRTProxy.inf,%WindowsTrustedRTProxy.SVCDESC%;Microsoft Windows Trusted Runtime Secure Service) -> System32\drivers\WindowsTrustedRTProxy.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - Wof (Windows Overlay File System Filter Driver) -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) -> \SystemRoot\system32\drivers\afd.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - afunix (afunix) -> \SystemRoot\system32\drivers\afunix.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - ahcache (@%systemroot%\system32\drivers\ahcache.sys,-102) -> system32\DRIVERS\ahcache.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - aswArPot (aswArPot) -> system32\drivers\aswArPot.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - aswbidsdriver (aswbidsdriver) -> system32\drivers\aswbidsdriver.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - aswHdsKe (aswHdsKe) -> system32\drivers\aswHdsKe.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - aswKbd (aswKbd) -> system32\drivers\aswKbd.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - aswRdr (aswRdr) -> system32\drivers\aswRdr2.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - aswSnx (aswSnx) -> system32\drivers\aswSnx.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - aswSP (aswSP) -> system32\drivers\aswSP.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - bam (@%SystemRoot%\system32\drivers\bam.sys,-100) -> system32\drivers\bam.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - BasicDisplay () -> \SystemRoot\System32\drivers\BasicDisplay.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - BasicRender () -> \SystemRoot\System32\drivers\BasicRender.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Beep (Beep) -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - cdrom (@cdrom.inf,%cdrom_ServiceDesc%;CD-ROM Driver) -> \SystemRoot\System32\drivers\cdrom.sys - AcceptPause: False - AcceptStop: True S1 - [Kernel Driver] - dam (@%SystemRoot%\system32\drivers\dam.sys,-100) -> system32\drivers\dam.sys - AcceptPause: False - AcceptStop: False R1 - [File System Driver] - Dfsc (@%systemroot%\system32\wkssvc.dll,-1008) -> System32\Drivers\dfsc.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - DXGKrnl (LDDM Graphics Subsystem) -> \SystemRoot\System32\drivers\dxgkrnl.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - FileCrypt (@%systemroot%\system32\drivers\filecrypt.sys,-100) -> system32\drivers\filecrypt.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - GpuEnergyDrv (@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100) -> System32\drivers\gpuenergydrv.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - Msfs () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - mssmbios (@mssmbios.inf,%mssmbios_svcdesc%;Microsoft System Management BIOS Driver) -> \SystemRoot\System32\drivers\mssmbios.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - NetBIOS (@%windir%\system32\drivers\netbios.sys,-503) -> system32\drivers\netbios.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - NetBT (@%SystemRoot%\system32\drivers\netbt.sys,-2) -> System32\DRIVERS\netbt.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - Npfs () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - npsvctrig (@npsvctrig.inf,%NPSVCTRIG.SvcDisplayName%;Named pipe service trigger provider) -> \SystemRoot\System32\drivers\npsvctrig.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) -> system32\drivers\nsiproxy.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Null () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Psched (@%windir%\System32\drivers\pacer.sys,-101) -> System32\drivers\pacer.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) -> system32\DRIVERS\rdbss.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) -> \SystemRoot\system32\DRIVERS\tdx.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - vwififlt (@%SystemRoot%\System32\drivers\vwififlt.sys,-259) -> System32\drivers\vwififlt.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - aswMonFlt (aswMonFlt) -> system32\drivers\aswMonFlt.sys - AcceptPause: False - AcceptStop: True S2 - [Kernel Driver] - aswStm (aswStm) -> system32\drivers\aswStm.sys - AcceptPause: False - AcceptStop: False R2 - [File System Driver] - CldFlt (Windows Cloud Files Filter Driver) -> system32\drivers\cldflt.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - lltdio (@%SystemRoot%\system32\lltdres.dll,-6) -> system32\drivers\lltdio.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) -> \SystemRoot\system32\drivers\luafv.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - MMCSS (@%systemroot%\system32\drivers\mmcss.sys,-100) -> \SystemRoot\system32\drivers\mmcss.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - MsLldp (@%SystemRoot%\system32\drivers\mslldp.sys,-200) -> system32\drivers\mslldp.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - Ndu (@%SystemRoot%\system32\drivers\Ndu.sys,-10001) -> system32\drivers\Ndu.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - PEAUTH (PEAUTH) -> system32\drivers\peauth.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - rspndr (@%SystemRoot%\system32\lltdres.dll,-5) -> system32\drivers\rspndr.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - srv (@%systemroot%\system32\srvsvc.dll,-102) -> System32\DRIVERS\srv.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - storqosflt (@%SystemRoot%\System32\drivers\storqosflt.sys,-101) -> system32\drivers\storqosflt.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - tcpipreg (TCP/IP Registry Compatibility) -> System32\drivers\tcpipreg.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - wanarp (@%systemroot%\system32\mprmsg.dll,-32011) -> System32\DRIVERS\wanarp.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - wcifs (@%systemroot%\system32\drivers\wcifs.sys,-100) -> \SystemRoot\system32\drivers\wcifs.sys - AcceptPause: False - AcceptStop: True ---------- | System files (Microsoft|Avast|Atheros|Adaptec|Brother|Intel Files whitelisted) ---------- | Uninstall (Whitelist) [HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SConnectHost] : (SConnect Host.-.Gemalto) -> C:\Users\Personnel\AppData\Local\SConnectHost\uninstall_sconnect.exe [HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SConnectIE] : (SConnect IE.-.Gemalto) -> C:\Users\Personnel\AppData\Local\SConnectIE\uninstall_sconnect.exe [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{07A7CE9A-1131-4B53-BB1D-5B7F35970DF7}] : (iTunes.-.Apple Inc.) -> MsiExec.exe /I{07A7CE9A-1131-4B53-BB1D-5B7F35970DF7} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{0CB84A7D-9697-4526-A819-60FB050E8F05}] : (Apple Application Support (64 bits).-.Apple Inc.) -> MsiExec.exe /I{0CB84A7D-9697-4526-A819-60FB050E8F05} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{31A0B634-BCF4-4D3F-8336-87FEACFEE142}] : (Apple Mobile Device Support.-.Apple Inc.) -> MsiExec.exe /I{31A0B634-BCF4-4D3F-8336-87FEACFEE142} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{3DB40A23-7291-441C-9402-EEE0AE5410BA}] : (GemPcCCID.-.Gemalto) -> MsiExec.exe /I{3DB40A23-7291-441C-9402-EEE0AE5410BA} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}] : (Bonjour.-.Apple Inc.) -> MsiExec.exe /X{56DDDFB8-7F79-4480-89D5-25E1F52AB28F} ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel] : (Ansel.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel] : (Panneau de configuration NVIDIA 377.19.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer] : (NVIDIA Install Application.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainer] : (NVIDIA Display Container.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainerLS] : (NVIDIA Display Container LS.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{BAED9B72-BC74-4EF2-85AA-A77555F38972}] : (MAGIX Speed burnR (MSI).-.MAGIX AG) -> MsiExec.exe /I{BAED9B72-BC74-4EF2-85AA-A77555F38972} ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{FBDCB56E-2A25-4053-9E0C-C8E345DE0CA7}] : (MAGIX Vidéo easy SOS Cassettes vidéo !.-.MAGIX AG) -> MsiExec.exe /I{FBDCB56E-2A25-4053-9E0C-C8E345DE0CA7} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Dropbox] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Free MP3 Cutter and Editor_is1] : (Free MP3 Cutter and Editor 2.8.-.musetips.com) -> "C:\Program Files (x86)\MuseTips\Free MP3 Cutter and Editor\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\ImageScan] : (ImageScan_V1.06.105d4.-.) -> C:\Program Files (x86)\ImageScan_V1.06.105d4\uninst.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F32180144F0}] : (Java 8 Update 144.-.Oracle Corporation) -> MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F32180144F0} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F32180191F0}] : (Java 8 Update 191.-.Oracle Corporation) -> MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F32180191F0} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F32180201F0}] : (Java 8 Update 201.-.Oracle Corporation) -> MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F32180201F0} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{308F2F8C-9D33-4B22-8A6C-D9C13DBEF8C6}] : (Apple Application Support (32 bits).-.Apple Inc.) -> MsiExec.exe /I{308F2F8C-9D33-4B22-8A6C-D9C13DBEF8C6} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{38874054-65D0-45D0-9486-FBEFD42A2251}] : (MAGIX USB-Videowandler 2.-.Nom de votre société) -> MsiExec.exe /X{38874054-65D0-45D0-9486-FBEFD42A2251} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{3E1679DA-5081-44AA-B4C2-BF8EE7E107E0}] : (OpenOffice 4.1.3.-.Apache Software Foundation) -> MsiExec.exe /I{3E1679DA-5081-44AA-B4C2-BF8EE7E107E0} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}] : (Java Auto Updater.-.Oracle Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}] : (Google Update Helper.-.Google LLC) -> MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{630C3D8E-2BEE-465F-9E59-BB069ED10761}] : (Avast Driver Updater.-.AVAST Software) -> MsiExec.exe /X{630C3D8E-2BEE-465F-9E59-BB069ED10761} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A30EA700-5515-48F0-88B0-9E99DC356B88}] : (Apple Software Update.-.Apple Inc.) -> MsiExec.exe /I{A30EA700-5515-48F0-88B0-9E99DC356B88} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}] : (Avast Update Helper.-.AVAST Software) -> MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-0804-1033-1959-001824311644}] : (Adobe Refresh Manager.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-0804-1033-1959-001824311644} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}] : (Adobe Acrobat Reader DC - Français.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-AC0F074E4100} ---------- | Ports ---------- | Installer [HKCR\Installer\Products\007AE03A51550F84880BE999CD53B688] : Apple Software Update -> C:\WINDOWS\Installer\{A30EA700-5515-48F0-88B0-9E99DC356B88}\Installer.ico [HKCR\Installer\Products\1F764691F11C67F458B88521DA8CB349] : MSXML 4.0 SP3 Parser [HKCR\Installer\Products\27B9DEAB47CB2FE458AA7A57553F9827] : MAGIX Speed burnR (MSI) [HKCR\Installer\Products\32A04BD31927C1444920EE0EEA4501AB] : GemPcCCID [HKCR\Installer\Products\436B0A134FCBF3D4386378EFCAEF1E24] : Apple Mobile Device Support -> C:\Windows\Installer\{31A0B634-BCF4-4D3F-8336-87FEACFEE142}\Installer.ico [HKCR\Installer\Products\450478830D560D544968BFFE4DA22215] : MAGIX USB-Videowandler 2 -> C:\WINDOWS\Installer\{38874054-65D0-45D0-9486-FBEFD42A2251}\ARPPRODUCTICON.exe [HKCR\Installer\Products\4EA42A62D9304AC4784BF2238110190F] : Java 8 Update 191 -> C:\Program Files (x86)\Java\jre1.8.0_191\\bin\javaws.exe [HKCR\Installer\Products\4EA42A62D9304AC4784BF2238110440F] : Java 8 Update 144 -> C:\Program Files (x86)\Java\jre1.8.0_144\\bin\javaws.exe [HKCR\Installer\Products\4EA42A62D9304AC4784BF2238120100F] : Java 8 Update 201 -> C:\Program Files (x86)\Java\jre1.8.0_201\\bin\javaws.exe [HKCR\Installer\Products\68AB67CA408033019195008142136144] : Adobe Refresh Manager -> C:\WINDOWS\Installer\{AC76BA86-0804-1033-1959-001824311644}\ARPPRODUCTICON.exe [HKCR\Installer\Products\68AB67CA7DA76301B744CAF070E41400] : Adobe Acrobat Reader DC - Français -> C:\Windows\Installer\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}\SC_Reader.ico [HKCR\Installer\Products\8BFDDD6597F70844985D521E5FA22BF8] : Bonjour -> C:\WINDOWS\Installer\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}\Bonjour.ico [HKCR\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E] : Avast Update Helper [HKCR\Installer\Products\9B68EE4C47D898646B6F9BF4CB55FA20] : simplitec simplicheck -> C:\WINDOWS\Installer\{C4EE86B9-8D74-4689-B6F6-B94FBC55AF02}\ProgramIcon.exe [HKCR\Installer\Products\A089CE062ADB6BC44A720BA745894BAC] : Google Update Helper [HKCR\Installer\Products\A86BF41F88196304DAD00D45CBC92919] : Update for Windows 10 for x64-based Systems (KB4023057) [HKCR\Installer\Products\A9EC7A70131135B4BBD1B5F75379D07F] : iTunes -> C:\WINDOWS\Installer\{07A7CE9A-1131-4B53-BB1D-5B7F35970DF7}\Installer.ico [HKCR\Installer\Products\AD9761E31805AA444B2CFBE87E1E700E] : OpenOffice 4.1.3 -> C:\Windows\Installer\{3E1679DA-5081-44AA-B4C2-BF8EE7E107E0}\soffice.ico [HKCR\Installer\Products\C8F2F80333D922B4A8C69D1CD3EB8F6C] : Apple Application Support (32 bits) -> C:\WINDOWS\Installer\{308F2F8C-9D33-4B22-8A6C-D9C13DBEF8C6}\WinInstall.ico [HKCR\Installer\Products\D7A48BC0796962548A9106BF50E0F850] : Apple Application Support (64 bits) -> C:\WINDOWS\Installer\{0CB84A7D-9697-4526-A819-60FB050E8F05}\WinInstall.ico [HKCR\Installer\Products\E65BCDBF52A23504E9C08C3E54EDC07A] : MAGIX Vidéo easy SOS Cassettes vidéo ! [HKCR\Installer\Products\E8D3C036EEB2F564E995BB60E91D7016] : Avast Driver Updater -> C:\WINDOWS\Installer\{630C3D8E-2BEE-465F-9E59-BB069ED10761}\Icon.exe [HKCR\Installer\Products\F60730A4A66673047777F5728467D401] : Java Auto Updater ---------- | Drives ---------- | MBR 64 bits not supported by MBR.exe, Dump : C:\QuickDiag\MBR.Bin ---------- | 20 LastEventLog Windows ne parvient pas à charger la DLL de compteur extensible rdyboost. Le premier mot (DWORD) de la section Données contient le code d’erreur Windows. ------------ Échec de la procédure d’ouverture pour le service « BITS » dans la DLL « C:\Windows\System32\bitsperf.dll ». Les données de performance de ce service ne seront pas disponibles. Le premier mot (DWORD) de la section Données contient le code d’erreur. ------------ Windows ne parvient pas à charger la DLL de compteur extensible rdyboost. Le premier mot (DWORD) de la section Données contient le code d’erreur Windows. ------------ Échec de la procédure d’ouverture pour le service « BITS » dans la DLL « C:\Windows\System32\bitsperf.dll ». Les données de performance de ce service ne seront pas disponibles. Le premier mot (DWORD) de la section Données contient le code d’erreur. ------------ Windows ne parvient pas à charger la DLL de compteur extensible rdyboost. Le premier mot (DWORD) de la section Données contient le code d’erreur Windows. ------------ Échec de la procédure d’ouverture pour le service « BITS » dans la DLL « C:\Windows\System32\bitsperf.dll ». Les données de performance de ce service ne seront pas disponibles. Le premier mot (DWORD) de la section Données contient le code d’erreur. ------------ Windows ne parvient pas à charger la DLL de compteur extensible rdyboost. Le premier mot (DWORD) de la section Données contient le code d’erreur Windows. ------------ Échec de la procédure d’ouverture pour le service « BITS » dans la DLL « C:\Windows\System32\bitsperf.dll ». Les données de performance de ce service ne seront pas disponibles. Le premier mot (DWORD) de la section Données contient le code d’erreur. ------------ svchost (2832,R,98) SRUJet: L’erreur -1811 (0xfffff8ed) s’est produite lors de l’ouverture d’un fichier journal C:\WINDOWS\system32\SRU\SRU03DB1.log. ------------ Nom de l’application défaillante SearchUI.exe, version : 10.0.17134.829, horodatage : 0x5cf9f5a0 Nom du module défaillant : twinapi.appcore.dll, version : 10.0.17134.137, horodatage : 0xb5d50228 Code d’exception : 0xc000027b Décalage d’erreur : 0x000000000009cad5 ID du processus défaillant : 0x2f8 Heure de début de l’application défaillante : 0x01d534d52f689056 Chemin d’accès de l’application défaillante : C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe Chemin d’accès du module défaillant: C:\Windows\System32\twinapi.appcore.dll ID de rapport : 139c04e3-7458-4e3e-bb64-bea8d296dc16 Nom complet du package défaillant : Microsoft.Windows.Cortana_1.10.7.17134_neutral_neutral_cw5n1h2txyewy ID de l’application relative au package défaillant : CortanaUI ------------ Le programme LockApp.exe version 10.0.17134.1 a cessé d'interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l'historique du problème dans le panneau de configuration Sécurité et maintenance. ID de processus : 221c Heure de début : 01d534d53b7251a0 Heure de fin : 4294967295 Chemin d'accès de l'application : C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe ID de rapport : 0b94e5c2-f691-4edc-80fd-ffcc3acdf171 Nom complet du package défaillant : Microsoft.LockApp_10.0.17134.1_neutral__cw5n1h2txyewy ID de l'application relative au package défaillant : WindowsDefaultLockScreen ------------ Nom de l’application défaillante svchost.exe_stisvc, version : 10.0.17134.556, horodatage : 0xf23cada5 Nom du module défaillant : ntdll.dll, version : 10.0.17134.799, horodatage : 0x7f828745 Code d’exception : 0xc0000008 Décalage d’erreur : 0x000000000009e78a ID du processus défaillant : 0xfbc Heure de début de l’application défaillante : 0x01d5301ea6055f4f Chemin d’accès de l’application défaillante : C:\WINDOWS\system32\svchost.exe Chemin d’accès du module défaillant: C:\WINDOWS\SYSTEM32\ntdll.dll ID de rapport : 553b6252-1358-4f64-8902-d5c8ccf41628 Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Task Scheduling Error: m->NextScheduledSPRetry 62174969 ------------ Task Scheduling Error: m->NextScheduledEvent 62174969 ------------ Task Scheduling Error: Continuously busy for more than a second ------------ Windows ne parvient pas à charger la DLL de compteur extensible rdyboost. Le premier mot (DWORD) de la section Données contient le code d’erreur Windows. ------------ Échec de la procédure d’ouverture pour le service « BITS » dans la DLL « C:\Windows\System32\bitsperf.dll ». Les données de performance de ce service ne seront pas disponibles. Le premier mot (DWORD) de la section Données contient le code d’erreur. ------------ Windows ne parvient pas à charger la DLL de compteur extensible rdyboost. Le premier mot (DWORD) de la section Données contient le code d’erreur Windows. ------------ Échec de la procédure d’ouverture pour le service « BITS » dans la DLL « C:\Windows\System32\bitsperf.dll ». Les données de performance de ce service ne seront pas disponibles. Le premier mot (DWORD) de la section Données contient le code d’erreur. ------------ ----------( EOF)---------- - 3906 | 12:52:20