--------------- QuickDiag | g3n-h@ckm@n | V5_27.02.19.1 --------------- ----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 22/07/2019 00:33:42 Updated 27/02/2019 | 11:10 (GMT) by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Time Zone : (UTC+01:00) Bruxelles, Copenhague, Madrid, Paris [Jean Bouquet (Administrator)] - [DESKTOP-2ORIENU] (S-1-5-21-84932897-3685993778-4120941894-1001) System: Microsoft Windows 10 Professionnel - - (10.0.18362) - BuildType: Multiprocessor Free - OSLanguage: 1036 (040c) -> (1903) System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True Boot : Microsoft Windows 10 Professionnel|C:\Windows|\Device\Harddisk6\Partition4 Boot : Normal boot PC: System Product Name - System manufacturer - IdNumber: System Serial Number - UUID: F69A7A3E-D8B2-8C0F-44B2-40B076DF4359 Processor : X64 - 2904 Mhz - Intel(R) Core(TM) i5-9400F CPU @ 2.90GHz 2417 - fr|FR|iso8859-1 - American Megatrends Inc. - S/N: System Serial Number - 2417 - ALASKA - 1072009 CoreTemp : 27.8 Celsius ----------| Quick ---------- | SoundDevice NVIDIA High Definition Audio - Status: OK - Manufacturer: NVIDIA - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10DE&DEV_0084&SUBSYS_196E11D8&REV_1001\5&37333C5&0&0001 Realtek High Definition Audio - Status: OK - Manufacturer: Realtek - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0B00&SUBSYS_10438797&REV_1000\4&256F20D7&0&0001 ---------- | Video NVIDIA GeForce GTX 1060 6GB - Resolution: 1920x1080 - Colors: 4294967296 - RefreshRate: 60 - 32 Bits Per Pixel - DeviceID: VideoController1 - Drivers: C:\Windows\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_8e4f37220e99138f\nvldumdx.dll,C:\Windows\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_8e4f37220e99138f\nvldumdx.dll,C:\Windows\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_8e4f37220e99138f\nvldumdx.dll,C:\Windows\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_8e4f37220e99138f\nvldumdx.dll - PNPDeviceID: PCI\VEN_10DE&DEV_1C03&SUBSYS_11D8196E&REV_A1\4&2D78AB8F&0&0008 - AdapterCompatibility: NVIDIA - RAM: -1048576 Inegrated Video Chipset DeviceName: NVIDIA GeForce GTX 1060 6GB - DriverVersion: 24.21.13.9924 - SpecificationVersion: 1025 ---------- | Codecs C:\Windows\system32\MSYUV.DLL - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 27648 - Manufacturer: Microsoft Corporation - Status: OK C:\Windows\system32\MSADP32.ACM - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 34808 - Manufacturer: Microsoft Corporation - Status: OK C:\Windows\system32\TSBYUV.DLL - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 16896 - Manufacturer: Microsoft Corporation - Status: OK C:\Windows\system32\L3CODECA.ACM - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 92672 - Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK C:\Windows\system32\MSGSM32.ACM - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 42600 - Manufacturer: Microsoft Corporation - Status: OK C:\Windows\system32\MSRLE32.DLL - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 17920 - Manufacturer: Microsoft Corporation - Status: OK C:\Windows\system32\IMAADP32.ACM - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 36920 - Manufacturer: Microsoft Corporation - Status: OK C:\Windows\system32\MSVIDC32.DLL - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 39424 - Manufacturer: Microsoft Corporation - Status: OK C:\Windows\system32\IYUV_32.DLL - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 54272 - Manufacturer: Microsoft Corporation - Status: OK C:\Windows\system32\MSG711.ACM - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 26056 - Manufacturer: Microsoft Corporation - Status: OK ---------- | CPU CPU #1 value:0 % CPU #2 value:0 % CPU #3 value:0 % CPU #4 value:6 % CPU #5 value:6 % CPU #6 value:6 % Total Overall CPU Usage value:3 % ---------- | Network Intel[R] Ethernet Connection [7] I219-V : SENT:0 bytes/sec / RECVD:0 bytes/sec Qualcomm Atheros AR9485 Wireless Network Adapter : SENT:0 bytes/sec / RECVD:0 bytes/sec Overall -> SEND Maxium:3 bytes/sec, / RECEIVE Maximum:0 bytes/sec Microsoft Kernel Debug Network Adapter - - Microsoft - Status: - PnPID : ROOT\KDNIC\0000 Intel(R) Ethernet Connection (7) I219-V - Ethernet 802.3 - Intel Corporation - Status: - PnPID : PCI\VEN_8086&DEV_15BC&SUBSYS_86721043&REV_10\3&11583659&0&FE Qualcomm Atheros AR9485 Wireless Network Adapter - Ethernet 802.3 - Qualcomm Atheros Communications Inc. - Status: - PnPID : PCI\VEN_168C&DEV_0032&SUBSYS_3118168C&REV_01\4&261959&0&00E5 Microsoft Wi-Fi Direct Virtual Adapter - Ethernet 802.3 - Microsoft - Status: - PnPID : {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP_WFD\5&323212C6&0&11 WAN Miniport (SSTP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_SSTPMINIPORT WAN Miniport (IKEv2) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_AGILEVPNMINIPORT WAN Miniport (L2TP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_L2TPMINIPORT WAN Miniport (PPTP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_PPTPMINIPORT WAN Miniport (PPPOE) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_PPPOEMINIPORT WAN Miniport (IP) - Ethernet 802.3 - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_NDISWANIP WAN Miniport (IPv6) - Ethernet 802.3 - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_NDISWANIPV6 WAN Miniport (Network Monitor) - Ethernet 802.3 - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_NDISWANBH Microsoft Wi-Fi Direct Virtual Adapter #2 - Ethernet 802.3 - Microsoft - Status: - PnPID : {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP_WFD\5&323212C6&0&12 RAS Async Adapter - - - Status: - PnPID : ---------- | Memory RAM = Total (MB) : 16696 | Free (MB) : 12799 Pagefile = Total (MB) : 19187 | Free (MB) : 13566 Virtual = Total (MB) : 4194 | Free (MB) : 3893 Physical Memory 0 : Capacity: 8589934592 - ChannelA-DIMM1 - Posit.: 1 - Manufacturer: Kingston - PartNumber: KHX2666C16/8G - S/N: D8395A76 Physical Memory 2 : Capacity: 8589934592 - ChannelB-DIMM1 - Posit.: 2 - Manufacturer: Kingston - PartNumber: KHX2666C16/8G - S/N: D9398D75 ---------- | SID Users Administrateur : [S-1-5-21-84932897-3685993778-4120941894-500] DefaultAccount : [S-1-5-21-84932897-3685993778-4120941894-503] Invité : [S-1-5-21-84932897-3685993778-4120941894-501] Jean Bouquet : [S-1-5-21-84932897-3685993778-4120941894-1001] WDAGUtilityAccount : [S-1-5-21-84932897-3685993778-4120941894-504] Administrateurs : [S-1-5-32-544] Administrateurs Hyper-V : [S-1-5-32-578] Duplicateurs : [S-1-5-32-552] IIS_IUSRS : [S-1-5-32-568] Invités : [S-1-5-32-546] Lecteurs des journaux d’événements : [S-1-5-32-573] Opérateurs d'assistance de contrôle d'accès : [S-1-5-32-579] Opérateurs de chiffrement : [S-1-5-32-569] Opérateurs de configuration réseau : [S-1-5-32-556] Opérateurs de sauvegarde : [S-1-5-32-551] Propriétaires d'appareils : [S-1-5-32-583] System Managed Accounts Group : [S-1-5-32-581] Utilisateurs : [S-1-5-32-545] Utilisateurs avec pouvoir : [S-1-5-32-547] Utilisateurs de gestion à distance : [S-1-5-32-580] Utilisateurs de l’Analyseur de performances : [S-1-5-32-558] Utilisateurs du Bureau à distance : [S-1-5-32-555] Utilisateurs du journal de performances : [S-1-5-32-559] Utilisateurs du modèle COM distribué : [S-1-5-32-562] ---------- | SystemAccounts Name: Tout le monde - SID: S-1-1-0 - SIDType: 5 - Status: OK Name: LOCAL - SID: S-1-2-0 - SIDType: 5 - Status: OK Name: CREATEUR PROPRIETAIRE - SID: S-1-3-0 - SIDType: 5 - Status: OK Name: GROUPE CREATEUR - SID: S-1-3-1 - SIDType: 5 - Status: OK Name: CREATOR OWNER SERVER - SID: S-1-3-2 - SIDType: 5 - Status: OK Name: CREATOR GROUP SERVER - SID: S-1-3-3 - SIDType: 5 - Status: OK Name: DROITS DU PROPRIÉTAIRE - SID: S-1-3-4 - SIDType: 5 - Status: OK Name: LIGNE - SID: S-1-5-1 - SIDType: 5 - Status: OK Name: RESEAU - SID: S-1-5-2 - SIDType: 5 - Status: OK Name: TACHE - SID: S-1-5-3 - SIDType: 5 - Status: OK Name: INTERACTIF - SID: S-1-5-4 - SIDType: 5 - Status: OK Name: SERVICE - SID: S-1-5-6 - SIDType: 5 - Status: OK Name: ANONYMOUS LOGON - SID: S-1-5-7 - SIDType: 5 - Status: OK Name: Proxy - SID: S-1-5-8 - SIDType: 5 - Status: OK Name: Système - SID: S-1-5-18 - SIDType: 5 - Status: OK Name: ENTERPRISE DOMAIN CONTROLLERS - SID: S-1-5-9 - SIDType: 5 - Status: OK Name: SELF - SID: S-1-5-10 - SIDType: 5 - Status: OK Name: Utilisateurs authentifiés - SID: S-1-5-11 - SIDType: 5 - Status: OK Name: RESTRICTED - SID: S-1-5-12 - SIDType: 5 - Status: OK Name: UTILISATEUR TERMINAL SERVER - SID: S-1-5-13 - SIDType: 5 - Status: OK Name: REMOTE INTERACTIVE LOGON - SID: S-1-5-14 - SIDType: 5 - Status: OK Name: IUSR - SID: S-1-5-17 - SIDType: 5 - Status: OK Name: SERVICE LOCAL - SID: S-1-5-19 - SIDType: 5 - Status: OK Name: SERVICE RÉSEAU - SID: S-1-5-20 - SIDType: 5 - Status: OK Name: BUILTIN - SID: S-1-5-32 - SIDType: 3 - Status: OK ---------- | Drives C:\ -> [Fixed] | [BOOT] | Total : 476.31 Go | Free : 374.99 Go -> NTFS (SSD) E:\ -> [Fixed] | [TELECHARGEMENTS] | Total : 931.51 Go | Free : 891.98 Go -> NTFS [SATA] F:\ -> [Fixed] | [BIBLIO] | Total : 931.51 Go | Free : 888.28 Go -> NTFS [SATA] G:\ -> [Fixed] | [PHOTOS] | Total : 931.51 Go | Free : 758.99 Go -> NTFS [SATA] H:\ -> [Fixed] | [DONNEES] | Total : 931.51 Go | Free : 879.67 Go -> NTFS [SATA] I:\ -> [Fixed] | [TEMPORAIRES] | Total : 931.51 Go | Free : 883.51 Go -> NTFS [SATA] J:\ -> [Fixed] | [AUTO] | Total : 931.51 Go | Free : 859.58 Go -> NTFS [SCSI] K:\ -> [Removable] | [BMW VERT] | Total : 29.98 Go | Free : 26.88 Go -> FAT32 [USB] Z:\ -> [Fixed] | [ANCIEN] | Total : 465.76 Go | Free : 454.21 Go -> NTFS (SSD) [SATA] Disk Usage Information [9 total Physical Disks] Physical Drive #0 [I:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Physical Drive #1 [Z:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Physical Drive #2 [H:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Physical Drive #3 [E:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Physical Drive #4 [F:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Physical Drive #5 [G:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Physical Drive #6 [C:] : Read:0 bytes/sec, Written:15,970 bytes/sec Max Read:0 bytes/sec, Max Write:15,970 bytes/sec Physical Drive #7 [J:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Physical Drive #8 [K:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Overall - Read Maximum:0 bytes/sec, Write Maximum:15,970 bytes/sec DeviceID: \\.\PHYSICALDRIVE3 - Status: OK - IDE - Fixed hard disk media - 1 Part. - PnPID : SCSI\DISK&VEN_WDC&PROD_WD10EZEX-00RKKA0\4&FE99083&0&030000 DeviceID: \\.\PHYSICALDRIVE1 - Status: OK - IDE - Fixed hard disk media - 1 Part. - PnPID : SCSI\DISK&VEN_SAMSUNG&PROD_SSD_850_EVO_500G\4&FE99083&0&010000 DeviceID: \\.\PHYSICALDRIVE5 - Status: OK - IDE - Fixed hard disk media - 1 Part. - PnPID : SCSI\DISK&VEN_WDC&PROD_WD10EFRX-68PJCN0\4&FE99083&0&050000 DeviceID: \\.\PHYSICALDRIVE8 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_VENDORCO&PROD_PRODUCTCODE&REV_2.00\920729278D170122571&0 DeviceID: \\.\PHYSICALDRIVE4 - Status: OK - IDE - Fixed hard disk media - 1 Part. - PnPID : SCSI\DISK&VEN_WDC&PROD_WD10EURX-14FH1Y0\4&FE99083&0&040000 DeviceID: \\.\PHYSICALDRIVE0 - Status: OK - IDE - Fixed hard disk media - 1 Part. - PnPID : SCSI\DISK&VEN_SAMSUNG&PROD_HD103UJ\4&FE99083&0&000000 DeviceID: \\.\PHYSICALDRIVE6 - Status: OK - SCSI - Fixed hard disk media - 3 Part. - PnPID : SCSI\DISK&VEN_NVME&PROD_INTEL_SSDPEKNW51\5&1FADBE63&0&000000 DeviceID: \\.\PHYSICALDRIVE2 - Status: OK - IDE - Fixed hard disk media - 1 Part. - PnPID : SCSI\DISK&VEN_&PROD_ST31000524AS\4&FE99083&0&020000 DeviceID: \\.\PHYSICALDRIVE7 - Status: OK - SCSI - Fixed hard disk media - 1 Part. - PnPID : SCSI\DISK&VEN_ST310005&PROD_24AS&REV_JC45\5&2B2AD54B&0&000000 ---------- | Windows updates - Activation - License W.A.T : :) Test 1 : Windows Is Activated Test 2 : Windows Is Activated Volume License ---------- | Browsers IE : 11.0.18362.1 (© Microsoft Corporation. Tous droits réservés.) GC : 75.0.3770.142 (Copyright 2019 Google LLC.) Default : "C:\Program Files\Internet Explorer\iexplore.exe" ---------- | FlashPlayer FlashPlayer ActiveX : 32.0.0.207 ---------- | Security AV : Windows Defender Disabled AS : FW : Avast Antivirus Enabled WMI : OK WU: Windows Update Service [Manual(3)] = stopped AS: Windows Defender [Manual(3)] = stopped WMI: Windows Management Instrumentation [Auto(2)] = Running ---------- | Running processes 440 | [Owner : Système | Parent : 4(System) | ?????] - (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (10.0.18362.1) = C:\Windows\System32\smss.exe [19/03/2019 06:44:35] CPU Usage:0 % 708 | [Owner : Système | Parent : 696() | ?????] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (10.0.18362.1) = C:\Windows\System32\csrss.exe [19/03/2019 06:44:35] CPU Usage:0 % 800 | [Owner : Système | Parent : 696() | ?????] - (.Microsoft Corporation - Application de démarrage de Windows.) - (10.0.18362.1) = C:\Windows\System32\wininit.exe [19/03/2019 06:44:35] CPU Usage:0 % 808 | [Owner : Système | Parent : 792() | ?????] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (10.0.18362.1) = C:\Windows\System32\csrss.exe [19/03/2019 06:44:35] CPU Usage:0 % 872 | [Owner : Système | Parent : 800(wininit.exe) | ?????] - (.Microsoft Corporation - Applications Services et Contrôleur.) - (10.0.18362.207) = C:\Windows\System32\services.exe [01/07/2019 12:48:33] CPU Usage:0 % 884 | [Owner : Système | Parent : 800(wininit.exe) | ?????] - (.Microsoft Corporation - Local Security Authority Process.) - (10.0.18362.1) = C:\Windows\System32\lsass.exe [19/03/2019 06:44:36] CPU Usage:0 % 1012 | [Owner : Système | Parent : 872(services.exe) | 2.88 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 88 | [Owner : Système | Parent : 872(services.exe) | 26.34 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 456 | [Owner : UMFD-0 | Parent : 800(wininit.exe) | 3.36 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.18362.239) = C:\Windows\System32\fontdrvhost.exe [10/07/2019 21:03:41] CPU Usage:0 % 592 | [Owner : SERVICE RÉSEAU | Parent : 872(services.exe) | 14.21 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 912 | [Owner : Système | Parent : 872(services.exe) | 7.02 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 1052 | [Owner : Système | Parent : 792() | 9.95 Mo] - (.Microsoft Corporation - Application d’ouverture de session Windows.) - (10.0.18362.1) = C:\Windows\System32\winlogon.exe [19/03/2019 06:44:38] CPU Usage:0 % 1108 | [Owner : UMFD-1 | Parent : 1052(winlogon.exe) | 12.36 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.18362.239) = C:\Windows\System32\fontdrvhost.exe [10/07/2019 21:03:41] CPU Usage:0 % 1176 | [Owner : DWM-1 | Parent : 1052(winlogon.exe) | 68.74 Mo] - (.Microsoft Corporation - Gestionnaire de fenêtres du Bureau.) - (10.0.18362.145) = C:\Windows\System32\dwm.exe [01/07/2019 12:00:00] CPU Usage:0 % 1264 | [Owner : SERVICE LOCAL | Parent : 872(services.exe) | 5.89 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 1324 | [Owner : Système | Parent : 872(services.exe) | 9.05 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 1332 | [Owner : Système | Parent : 872(services.exe) | 10.03 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 1340 | [Owner : SERVICE LOCAL | Parent : 872(services.exe) | 10.9 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 1384 | [Owner : Système | Parent : 872(services.exe) | 14.26 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 1452 | [Owner : Système | Parent : 872(services.exe) | 4.46 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 1620 | [Owner : SERVICE LOCAL | Parent : 872(services.exe) | 18.27 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 1688 | [Owner : Système | Parent : 872(services.exe) | 8.29 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 1696 | [Owner : SERVICE LOCAL | Parent : 872(services.exe) | 4.52 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 1756 | [Owner : SERVICE LOCAL | Parent : 872(services.exe) | 6.57 Mo] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (10.0.18362.1) = C:\Windows\System32\WUDFHost.exe [19/03/2019 06:44:53] CPU Usage:0 % 1900 | [Owner : SERVICE LOCAL | Parent : 872(services.exe) | 7.98 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 1908 | [Owner : Système | Parent : 872(services.exe) | 14.89 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.11.2431.7967) = C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [01/07/2019 11:29:26] CPU Usage:0 % 1964 | [Owner : SERVICE LOCAL | Parent : 872(services.exe) | 6.14 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 2012 | [Owner : Système | Parent : 872(services.exe) | 11.28 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 1588 | [Owner : SERVICE RÉSEAU | Parent : 872(services.exe) | 11.66 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 1552 | [Owner : SERVICE LOCAL | Parent : 872(services.exe) | 6.52 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 1748 | [Owner : Système | Parent : 872(services.exe) | 4.34 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 2000 | [Owner : Système | Parent : 872(services.exe) | 12.1 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 2120 | [Owner : SERVICE RÉSEAU | Parent : 872(services.exe) | 7.12 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 2272 | [Owner : SERVICE LOCAL | Parent : 872(services.exe) | 5.61 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 2324 | [Owner : Système | Parent : 872(services.exe) | 7.21 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 2400 | [Owner : Système | Parent : 872(services.exe) | 6.42 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 2412 | [Owner : SERVICE LOCAL | Parent : 872(services.exe) | 5.92 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 2488 | [Owner : SERVICE LOCAL | Parent : 872(services.exe) | 7.97 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 2628 | [Owner : Système | Parent : 1908(NVDisplay.Container.exe) | 27.4 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.11.2431.7967) = C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [01/07/2019 11:29:26] CPU Usage:0 % 2660 | [Owner : SERVICE LOCAL | Parent : 872(services.exe) | 9.78 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 2724 | [Owner : SERVICE LOCAL | Parent : 872(services.exe) | 6.42 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 2848 | [Owner : SERVICE LOCAL | Parent : 872(services.exe) | 13.6 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 2928 | [Owner : SERVICE LOCAL | Parent : 872(services.exe) | 5.63 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 3048 | [Owner : Système | Parent : 872(services.exe) | 21.98 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 3056 | [Owner : SERVICE LOCAL | Parent : 872(services.exe) | 8.61 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 3244 | [Owner : SERVICE LOCAL | Parent : 872(services.exe) | 12.11 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 3364 | [Owner : Système | Parent : 872(services.exe) | 16.96 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 3384 | [Owner : SERVICE LOCAL | Parent : 872(services.exe) | 5.36 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 3392 | [Owner : SERVICE LOCAL | Parent : 872(services.exe) | 8.34 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 3512 | [Owner : Système | Parent : 872(services.exe) | 16.72 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 3560 | [Owner : Système | Parent : 872(services.exe) | 5.03 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 3600 | [Owner : Système | Parent : 872(services.exe) | 5.43 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 3620 | [Owner : SERVICE LOCAL | Parent : 3560(svchost.exe) | 16.66 Mo] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (10.0.18362.1) = C:\Windows\System32\dasHost.exe [19/03/2019 06:44:18] CPU Usage:0 % 3688 | [Owner : Système | Parent : 872(services.exe) | 11.44 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 3720 | [Owner : Système | Parent : 872(services.exe) | ?????] - (.AVAST Software - Avast Service.) - (19.6.4546.0) = C:\Program Files\AVAST Software\Avast\AvastSvc.exe [04/07/2019 20:58:13] CPU Usage:0 % 4032 | [Owner : Système | Parent : 872(services.exe) | 20.86 Mo] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.18362.239) = C:\Windows\System32\spoolsv.exe [10/07/2019 21:03:38] CPU Usage:0 % 4076 | [Owner : SERVICE LOCAL | Parent : 872(services.exe) | 16.83 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 2148 | [Owner : SERVICE RÉSEAU | Parent : 872(services.exe) | 6.77 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 4148 | [Owner : Système | Parent : 872(services.exe) | 30 Mo] - (.AVAST Software - Avast firewall service.) - (19.6.4546.0) = C:\Program Files\AVAST Software\Avast\afwServ.exe [04/07/2019 20:58:12] CPU Usage:0 % 4156 | [Owner : SERVICE LOCAL | Parent : 872(services.exe) | 6.46 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 4412 | [Owner : Jean Bouquet | Parent : 1688(svchost.exe) | 23.82 Mo] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.18362.1) = C:\Windows\System32\sihost.exe [19/03/2019 06:44:12] CPU Usage:0 % 4440 | [Owner : Jean Bouquet | Parent : 872(services.exe) | 24.36 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 4524 | [Owner : Jean Bouquet | Parent : 872(services.exe) | 36 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 4588 | [Owner : Système | Parent : 872(services.exe) | 14.56 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 4596 | [Owner : Jean Bouquet | Parent : 1384(svchost.exe) | 18.02 Mo] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.18362.1) = C:\Windows\System32\taskhostw.exe [19/03/2019 06:44:33] CPU Usage:0 % 4800 | [Owner : Système | Parent : 872(services.exe) | 12.36 Mo] - (.-.) - (0.0.0.0) = C:\Windows\System32\AsusUpdateCheck.exe [01/07/2019 17:14:51] CPU Usage:0 % 4812 | [Owner : SERVICE RÉSEAU | Parent : 872(services.exe) | 12.04 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 4820 | [Owner : Système | Parent : 872(services.exe) | 30.1 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 4828 | [Owner : SERVICE LOCAL | Parent : 872(services.exe) | 20.99 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 4868 | [Owner : SERVICE LOCAL | Parent : 872(services.exe) | 7.08 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 4884 | [Owner : Système | Parent : 872(services.exe) | 17.05 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 4896 | [Owner : Système | Parent : 872(services.exe) | 6.46 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 4908 | [Owner : SERVICE LOCAL | Parent : 872(services.exe) | 5.06 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 4916 | [Owner : Système | Parent : 872(services.exe) | 4.1 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 4924 | [Owner : Système | Parent : 872(services.exe) | 19.64 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 4932 | [Owner : Système | Parent : 872(services.exe) | 5.29 Mo] - (.Apple Inc. - Bonjour Service.) - (3.0.0.10) = C:\Program Files\Bonjour\mDNSResponder.exe [30/08/2011 23:05:32] CPU Usage:0 % 4940 | [Owner : Système | Parent : 872(services.exe) | 6.65 Mo] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - (1.824.31.1644) = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [17/12/2018 04:29:48] CPU Usage:0 % 4948 | [Owner : Système | Parent : 872(services.exe) | 17.29 Mo] - (.Sanford, L.P. - DymoPnpService.) - (8.7.3.46663) = C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [02/08/2018 06:27:22] CPU Usage:0 % 5064 | [Owner : Système | Parent : 872(services.exe) | 7.44 Mo] - (.Nuance Communications, Inc. - Dragon NaturallySpeaking Service.) - (13.0.0.202) = C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [23/01/2015 20:53:02] CPU Usage:0 % 5092 | [Owner : Système | Parent : 872(services.exe) | 74.72 Mo] - (.Internet Security Corporation - Internet Security Service.) - (1.4.3.0) = C:\Users\Jean Bouquet\AppData\Local\Programs\Prestafind\Debitest\svcinetsec.exe [08/07/2019 16:07:36] CPU Usage:0 % 5100 | [Owner : Système | Parent : 872(services.exe) | 7.92 Mo] - (.Realtek Semiconductor - Realtek HD Audio Universal Service.) - (1.0.0.124) = C:\Windows\System32\RtkAudUService64.exe [01/07/2019 11:44:57] CPU Usage:0 % 5116 | [Owner : Système | Parent : 872(services.exe) | 9.1 Mo] - (.-.) - (0.0.0.0) = C:\Windows\System32\DTS\PC\APO3x\DTSAPO3Service.exe [01/07/2019 11:45:31] CPU Usage:0 % 5072 | [Owner : Système | Parent : 872(services.exe) | 7.48 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 5140 | [Owner : Système | Parent : 872(services.exe) | 55.62 Mo] - (.Microsoft Corporation - Microsoft Office Click-to-Run (SxS).) - (16.0.11727.20222) = C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe [01/07/2019 13:13:06] CPU Usage:0 % 5148 | [Owner : Système | Parent : 872(services.exe) | 7.03 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 5236 | [Owner : SERVICE LOCAL | Parent : 872(services.exe) | 3.92 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 5464 | [Owner : Système | Parent : 872(services.exe) | 5.82 Mo] - (.Seiko Epson Corporation - Epson Scanner Service (64bit).) - (1.0.2.1) = C:\Windows\System32\escsvc64.exe [02/07/2019 11:48:26] CPU Usage:0 % 5576 | [Owner : SERVICE RÉSEAU | Parent : 872(services.exe) | 5.82 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 5732 | [Owner : Jean Bouquet | Parent : 5148(svchost.exe) | 14.56 Mo] - (.Microsoft Corporation - Chargeur CTF.) - (10.0.18362.1) = C:\Windows\System32\ctfmon.exe [19/03/2019 06:44:33] CPU Usage:0 % 5824 | [Owner : Système | Parent : 872(services.exe) | 11.04 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 5076 | [Owner : Système | Parent : 872(services.exe) | 6.3 Mo] - (.Nuance Communications, Inc. - Dragon NaturallySpeaking Logging Service.) - (13.0.0.202) = C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe [23/01/2015 20:53:02] CPU Usage:0 % 6216 | [Owner : SERVICE LOCAL | Parent : 872(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 6228 | [Owner : Système | Parent : 88(svchost.exe) | 42.85 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.18362.1) = C:\Windows\System32\wbem\WmiPrvSE.exe [19/03/2019 06:44:00] CPU Usage:0 % 6392 | [Owner : SERVICE RÉSEAU | Parent : 872(services.exe) | 5.73 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 6596 | [Owner : Jean Bouquet | Parent : 6428() | 143.51 Mo] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.18362.207) = C:\Windows\explorer.exe [01/07/2019 12:48:26] CPU Usage:0 % 6876 | [Owner : Système | Parent : 4800(AsusUpdateCheck.exe) | 16.06 Mo] - (.ASUSTeK Computer Inc. -.) - (1.0.0.1) = C:\Windows\System32\AsusDownloadAgent.exe [01/07/2019 11:43:46] CPU Usage:0 % 6900 | [Owner : Système | Parent : 6876(AsusDownloadAgent.exe) | 11.17 Mo] - (.Microsoft Corporation - Hôte de la fenêtre de la console.) - (10.0.18362.1) = C:\Windows\System32\conhost.exe [19/03/2019 06:44:30] CPU Usage:0 % 7000 | [Owner : SERVICE LOCAL | Parent : 872(services.exe) | 16.49 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 6512 | [Owner : Système | Parent : 872(services.exe) | 4.4 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 1580 | [Owner : Système | Parent : 872(services.exe) | 8.93 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 7328 | [Owner : Jean Bouquet | Parent : 872(services.exe) | 17.72 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 7696 | [Owner : Système | Parent : 872(services.exe) | 31.48 Mo] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.18362.207) = C:\Windows\System32\SearchIndexer.exe [01/07/2019 12:48:31] CPU Usage:0 % 6272 | [Owner : Jean Bouquet | Parent : 88(svchost.exe) | 91.58 Mo] - (.-.) - (0.0.0.0) = C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe [19/03/2019 06:44:23] CPU Usage:0 % 7800 | [Owner : Jean Bouquet | Parent : 88(svchost.exe) | 5.56 Mo] - (.Microsoft Corporation - COM Surrogate.) - (10.0.18362.1) = C:\Windows\System32\dllhost.exe [19/03/2019 06:44:33] CPU Usage:0 % 8120 | [Owner : Jean Bouquet | Parent : 88(svchost.exe) | 24.91 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.18362.1) = C:\Windows\System32\RuntimeBroker.exe [19/03/2019 06:44:06] CPU Usage:0 % 8380 | [Owner : Jean Bouquet | Parent : 88(svchost.exe) | 145.37 Mo] - (.Microsoft Corporation - Search and Cortana application.) - (10.0.18362.207) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [01/07/2019 12:48:35] CPU Usage:0 % 8704 | [Owner : Jean Bouquet | Parent : 88(svchost.exe) | 18.9 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.18362.1) = C:\Windows\System32\RuntimeBroker.exe [19/03/2019 06:44:06] CPU Usage:0 % 9148 | [Owner : Jean Bouquet | Parent : 88(svchost.exe) | 1.2 Mo] - (.-.) - (1.19062.451.0) = C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19062.451.0_x64__8wekyb3d8bbwe\YourPhone.exe [16/07/2019 15:13:49] CPU Usage:0 % 8204 | [Owner : Jean Bouquet | Parent : 88(svchost.exe) | 16.15 Mo] - (.Microsoft Corporation - Host Process for Setting Synchronization.) - (10.0.18362.239) = C:\Windows\System32\SettingSyncHost.exe [10/07/2019 21:03:43] CPU Usage:0 % 3792 | [Owner : Jean Bouquet | Parent : 88(svchost.exe) | 16.33 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.18362.1) = C:\Windows\System32\RuntimeBroker.exe [19/03/2019 06:44:06] CPU Usage:0 % 9200 | [Owner : Jean Bouquet | Parent : 88(svchost.exe) | 20.56 Mo] - (.Microsoft Corporation - Reminders WinRT OOP Server.) - (10.0.18362.207) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe [01/07/2019 12:48:34] CPU Usage:0 % 8692 | [Owner : Système | Parent : 872(services.exe) | ?????] - (.AVAST Software - Avast Behavior Shield.) - (19.6.4546.0) = C:\Program Files\AVAST Software\Avast\aswidsagent.exe [04/07/2019 20:58:12] CPU Usage:0 % 7520 | [Owner : Système | Parent : 6876(AsusDownloadAgent.exe) | 18.72 Mo] - (.- ASUS Q-Installer.) - (1.0.0.0) = C:\Program Files (x86)\ASUS\ASUSQInstaller\ASUSQInstaller.exe [01/07/2019 11:43:58] CPU Usage:0 % 9604 | [Owner : Système | Parent : 88(svchost.exe) | 5.17 Mo] - (.Microsoft Corporation - Sink to receive asynchronous callbacks for WMI client application.) - (10.0.18362.1) = C:\Windows\System32\wbem\unsecapp.exe [19/03/2019 06:43:54] CPU Usage:0 % 9856 | [Owner : Système | Parent : 4612() | 1.46 Mo] - (.Google LLC - Google Crash Handler.) - (1.3.34.11) = C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe [01/07/2019 13:25:27] CPU Usage:0 % 9864 | [Owner : Système | Parent : 4648() | 0.35 Mo] - (.AVAST Software - Avast Browser.) - (1.5.245.0) = C:\Program Files (x86)\AVAST Software\Browser\Update\1.5.245.0\AvastBrowserCrashHandler.exe [04/07/2019 21:02:53] CPU Usage:0 % 9920 | [Owner : Système | Parent : 4612() | 0.2 Mo] - (.Google LLC - Google Crash Handler.) - (1.3.34.11) = C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe [01/07/2019 13:25:27] CPU Usage:0 % 9928 | [Owner : Système | Parent : 4648() | 0.2 Mo] - (.AVAST Software - Avast Browser.) - (1.5.245.0) = C:\Program Files (x86)\AVAST Software\Browser\Update\1.5.245.0\AvastBrowserCrashHandler64.exe [04/07/2019 21:02:53] CPU Usage:0 % 9984 | [Owner : Jean Bouquet | Parent : 88(svchost.exe) | 6.05 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.18362.1) = C:\Windows\System32\RuntimeBroker.exe [19/03/2019 06:44:06] CPU Usage:0 % 9476 | [Owner : Jean Bouquet | Parent : 6596(explorer.exe) | 7.31 Mo] - (.Microsoft Corporation - Windows Security notification icon.) - (10.0.18362.1) = C:\Windows\System32\SecurityHealthSystray.exe [19/03/2019 06:44:23] CPU Usage:0 % 9496 | [Owner : Système | Parent : 872(services.exe) | ?????] - (.Microsoft Corporation - Windows Security Health Service.) - (4.18.1901.16384) = C:\Windows\System32\SecurityHealthService.exe [19/03/2019 06:44:39] CPU Usage:0 % 9688 | [Owner : Jean Bouquet | Parent : 6596(explorer.exe) | 6.9 Mo] - (.Realtek Semiconductor - Realtek HD Audio Universal Service.) - (1.0.0.124) = C:\Windows\System32\RtkAudUService64.exe [01/07/2019 11:44:57] CPU Usage:0 % 9672 | [Owner : Jean Bouquet | Parent : 9488() | 37.89 Mo] - (.AVAST Software - Avast Antivirus.) - (19.6.4546.633) = C:\Program Files\AVAST Software\Avast\AvastUI.exe [16/07/2019 16:58:30] CPU Usage:0 % 9836 | [Owner : Jean Bouquet | Parent : 6596(explorer.exe) | 49.96 Mo] - (.Microsoft Corporation - Microsoft OneDrive.) - (19.103.527.3) = C:\Users\Jean Bouquet\AppData\Local\Microsoft\OneDrive\OneDrive.exe [01/07/2019 11:32:14] CPU Usage:0 % 10124 | [Owner : Jean Bouquet | Parent : 6596(explorer.exe) | 40.16 Mo] - (.- Rainlendar2.) - (2.14.2.0) = C:\Program Files\Rainlendar2\Rainlendar2.exe [25/05/2018 09:11:52] CPU Usage:0 % 6644 | [Owner : Jean Bouquet | Parent : 6596(explorer.exe) | 5.83 Mo] - (.Guillaume Ryder (http://utilfr42.free.fr) - Clavier+.) - (10.8.3.0) = C:\Users\Jean Bouquet\AppData\Local\Clavier+\Clavier.exe [02/07/2019 19:31:50] CPU Usage:0 % 10176 | [Owner : Système | Parent : 872(services.exe) | 5.02 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 5436 | [Owner : Jean Bouquet | Parent : 6596(explorer.exe) | 149.38 Mo] - (.Lamantine Software a.s. - Sticky Password.) - (8.2.2.14) = C:\Program Files (x86)\Sticky Password\stpass.exe [02/07/2019 00:46:30] CPU Usage:0 % 7208 | [Owner : Jean Bouquet | Parent : 5436(stpass.exe) | 22.18 Mo] - (.Lamantine Software a.s. - Sticky Password UI Automation Manager.) - (8.2.2.14) = C:\Program Files (x86)\Sticky Password\spUIAManager.exe [02/07/2019 00:46:31] CPU Usage:0 % 4228 | [Owner : Système | Parent : 872(services.exe) | ?????] - (.Malwarebytes - Malwarebytes Service.) - (3.2.0.845) = C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [21/07/2019 19:41:17] CPU Usage:0 % 10300 | [Owner : Jean Bouquet | Parent : 6596(explorer.exe) | 9.99 Mo] - (.Gadwin Systems, Inc - Gadwin PrintScreen.) - (4.6.0.0) = C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe [03/05/2011 11:18:01] CPU Usage:0 % 10316 | [Owner : Jean Bouquet | Parent : 10300(PrintScreen.exe) | 10.05 Mo] - (.Microsoft Corporation - Print driver host for applications.) - (10.0.18362.239) = C:\Windows\splwow64.exe [10/07/2019 21:03:38] CPU Usage:0 % 10464 | [Owner : Jean Bouquet | Parent : 88(svchost.exe) | 51.68 Mo] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.18362.145) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [01/07/2019 12:00:01] CPU Usage:0 % 10472 | [Owner : Jean Bouquet | Parent : 6596(explorer.exe) | 24.48 Mo] - (.Siber Systems - RoboForm TaskBar Icon.) - (8.5.9.5) = C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe [04/07/2019 14:39:04] CPU Usage:0 % 10612 | [Owner : Jean Bouquet | Parent : 88(svchost.exe) | 15.6 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.18362.1) = C:\Windows\System32\RuntimeBroker.exe [19/03/2019 06:44:06] CPU Usage:0 % 10856 | [Owner : Jean Bouquet | Parent : 6596(explorer.exe) | 118.75 Mo] - (.Binary Fortress Software - DisplayFusion.) - (9.5.0.0) = C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [21/07/2019 19:30:51] CPU Usage:0 % 10952 | [Owner : Jean Bouquet | Parent : 4228(MBAMService.exe) | 41.96 Mo] - (.Malwarebytes - Malwarebytes Tray Application.) - (3.1.0.1838) = C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [21/07/2019 19:41:16] CPU Usage:0 % 10552 | [Owner : Jean Bouquet | Parent : 6596(explorer.exe) | 20.77 Mo] - (.PFU LIMITED - CardMinder Viewer.) - (4.1.40.1) = C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe [05/07/2019 12:42:40] CPU Usage:0 % 10828 | [Owner : Jean Bouquet | Parent : 6576() | 40.97 Mo] - (.Sanford, L.P. - DYMO.DLS.Printing.Host.) - (8.7.3.46663) = C:\Program Files (x86)\DYMO\DYMO Label Software\DYMO.DLS.Printing.Host.exe [02/08/2018 06:28:16] CPU Usage:0 % 1736 | [Owner : Jean Bouquet | Parent : 6576() | 25.44 Mo] - (.CANON INC. - Canon Quick Menu.) - (2.8.5.0) = C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [02/07/2019 10:47:24] CPU Usage:0 % 2024 | [Owner : Jean Bouquet | Parent : 6596(explorer.exe) | 22.98 Mo] - (.PFU LIMITED - ScanSnap Manager.) - (5.1.30.19) = C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe [05/07/2019 12:40:45] CPU Usage:0 % 11184 | [Owner : Jean Bouquet | Parent : 10856(DisplayFusion.exe) | 5.72 Mo] - (.Binary Fortress Software - DisplayFusion Hook App.) - (9.5.0.1) = C:\Program Files (x86)\DisplayFusion\DisplayFusionHookApp64.exe [21/07/2019 19:30:51] CPU Usage:0 % 11092 | [Owner : Jean Bouquet | Parent : 10856(DisplayFusion.exe) | 7.2 Mo] - (.Binary Fortress Software - DisplayFusion Hook App.) - (9.5.0.1) = C:\Program Files (x86)\DisplayFusion\DisplayFusionHookApp32.exe [21/07/2019 19:30:51] CPU Usage:0 % 11204 | [Owner : Jean Bouquet | Parent : 6576() | 14.12 Mo] - (.Corsair Components Inc - Corsair Gaming Software.) - (1.0.0.1) = C:\Program Files (x86)\Corsair\K95 Keyboard\K95Hid.exe [02/07/2019 15:57:38] CPU Usage:0 % 7668 | [Owner : Jean Bouquet | Parent : 11204(K95Hid.exe) | 9.97 Mo] - (.Corsair Components Inc - Corsair Gaming Software.) - (1.0.0.1) = C:\Program Files (x86)\Corsair\K95 Keyboard\CorsTra.exe [02/07/2019 15:57:38] CPU Usage:0 % 8528 | [Owner : Jean Bouquet | Parent : 1736(CNQMMAIN.EXE) | 29.39 Mo] - (.CANON INC. - Canon Quick Menu Updater.) - (2.8.5.0) = C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE [02/07/2019 10:47:24] CPU Usage:0 % 3372 | [Owner : Jean Bouquet | Parent : 6576() | 15.54 Mo] - (.Oracle Corporation - Java Update Scheduler.) - (2.8.211.12) = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [01/04/2019 23:03:20] CPU Usage:0 % 1124 | [Owner : Jean Bouquet | Parent : 88(svchost.exe) | 32.86 Mo] - (.Microsoft Corporation - Application Frame Host.) - (10.0.18362.1) = C:\Windows\System32\ApplicationFrameHost.exe [19/03/2019 06:44:23] CPU Usage:0 % 11272 | [Owner : Jean Bouquet | Parent : 88(svchost.exe) | 2.45 Mo] - (.Microsoft Corporation - Store.) - (11905.1001.4.0) = C:\Program Files\WindowsApps\Microsoft.WindowsStore_11905.1001.4.0_x64__8wekyb3d8bbwe\WinStore.App.exe [02/07/2019 00:10:42] CPU Usage:0 % 11452 | [Owner : Jean Bouquet | Parent : 88(svchost.exe) | 19.94 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.18362.1) = C:\Windows\System32\RuntimeBroker.exe [19/03/2019 06:44:06] CPU Usage:0 % 11856 | [Owner : Système | Parent : 872(services.exe) | 12.08 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 8220 | [Owner : Jean Bouquet | Parent : 88(svchost.exe) | 11.58 Mo] - (.Microsoft Corporation - Microsoft Edge.) - (11.0.18362.207) = C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe [01/07/2019 12:48:24] CPU Usage:0 % 6816 | [Owner : Jean Bouquet | Parent : 88(svchost.exe) | 6.73 Mo] - (.Microsoft Corporation - Browser_Broker.) - (11.0.18362.1) = C:\Windows\System32\browser_broker.exe [19/03/2019 06:44:30] CPU Usage:0 % 11716 | [Owner : Jean Bouquet | Parent : 88(svchost.exe) | 11.35 Mo] - (.Microsoft Corporation - COM Surrogate.) - (10.0.18362.1) = C:\Windows\System32\dllhost.exe [19/03/2019 06:44:33] CPU Usage:0 % 5624 | [Owner : Jean Bouquet | Parent : 88(svchost.exe) | 6 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.18362.1) = C:\Windows\System32\RuntimeBroker.exe [19/03/2019 06:44:06] CPU Usage:0 % 6268 | [Owner : Jean Bouquet | Parent : 5624(RuntimeBroker.exe) | 6.53 Mo] - (.Microsoft Corporation - Microsoft Edge Web Platform.) - (11.0.18362.1) = C:\Windows\System32\MicrosoftEdgeSH.exe [19/03/2019 06:44:09] CPU Usage:0 % 5968 | [Owner : Jean Bouquet | Parent : 88(svchost.exe) | 24.3 Mo] - (.Microsoft Corporation - Microsoft Edge Content Process.) - (11.0.18362.1) = C:\Windows\System32\MicrosoftEdgeCP.exe [19/03/2019 06:44:47] CPU Usage:0 % 12196 | [Owner : Jean Bouquet | Parent : 872(services.exe) | 21.84 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 7204 | [Owner : Jean Bouquet | Parent : 6596(explorer.exe) | 19.45 Mo] - (.Disc Soft Ltd - DAEMON Tools Shell Extensions Helper.) - (10.8.0.402) = C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe [22/03/2018 10:08:46] CPU Usage:0 % 984 | [Owner : Système | Parent : 872(services.exe) | 12.6 Mo] - (.Disc Soft Ltd - Disc Soft Bus Service Lite.) - (10.8.0.402) = C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [22/03/2018 10:08:16] CPU Usage:0 % 9644 | [Owner : Jean Bouquet | Parent : 88(svchost.exe) | 1.12 Mo] - (.Microsoft Corporation - Paramètres.) - (10.0.18362.1) = C:\Windows\ImmersiveControlPanel\SystemSettings.exe [19/03/2019 06:46:39] CPU Usage:0 % 11620 | [Owner : Système | Parent : 872(services.exe) | 11.26 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 3456 | [Owner : Système | Parent : 872(services.exe) | 51.06 Mo] - (.Binary Fortress Software - DisplayFusion Service.) - (9.5.0.0) = C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [21/07/2019 19:30:51] CPU Usage:0 % 11532 | [Owner : SERVICE RÉSEAU | Parent : 872(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 1984 | [Owner : Système | Parent : 872(services.exe) | 12.25 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 12132 | [Owner : Système | Parent : 872(services.exe) | ?????] - (.Microsoft Corporation - Service Broker du moniteur d'exécution System Guard.) - (10.0.18362.1) = C:\Windows\System32\SgrmBroker.exe [19/03/2019 06:45:32] CPU Usage:0 % 10232 | [Owner : Système | Parent : 872(services.exe) | 8.1 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 9252 | [Owner : Jean Bouquet | Parent : 88(svchost.exe) | 7.23 Mo] - (.Microsoft Corporation - COM Surrogate.) - (10.0.18362.1) = C:\Windows\System32\dllhost.exe [19/03/2019 06:44:33] CPU Usage:0 % 11488 | [Owner : Jean Bouquet | Parent : 88(svchost.exe) | 46.72 Mo] - (.Microsoft Corporation - WindowsInternal.ComposableShell.Experiences.TextInput.InputApp.exe.) - (10.0.18362.1) = C:\Windows\SystemApps\InputApp_cw5n1h2txyewy\WindowsInternal.ComposableShell.Experiences.TextInput.InputApp.exe [19/03/2019 06:44:25] CPU Usage:0 % 3980 | [Owner : Système | Parent : 88(svchost.exe) | 10.46 Mo] - (.Microsoft Corporation - COM Surrogate.) - (10.0.18362.1) = C:\Windows\System32\dllhost.exe [19/03/2019 06:44:33] CPU Usage:0 % 5808 | [Owner : Jean Bouquet | Parent : 3372(jusched.exe) | 15.25 Mo] - (.Oracle Corporation - Java Update Checker.) - (2.8.211.12) = C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe [01/04/2019 23:02:52] CPU Usage:0 % 4288 | [Owner : Système | Parent : 88(svchost.exe) | 37.14 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.18362.1) = C:\Windows\SysWOW64\wbem\WmiPrvSE.exe [19/03/2019 06:45:12] CPU Usage:0 % 4260 | [Owner : Système | Parent : 872(services.exe) | 20.96 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 10196 | [Owner : Jean Bouquet | Parent : 88(svchost.exe) | 25.74 Mo] - (.Microsoft Corporation - Windows Defender SmartScreen.) - (10.0.18362.1) = C:\Windows\System32\smartscreen.exe [19/03/2019 06:44:03] CPU Usage:0 % 10884 | [Owner : Système | Parent : 872(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 8096 | [Owner : Système | Parent : 872(services.exe) | 8.46 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 9912 | [Owner : SERVICE LOCAL | Parent : 872(services.exe) | 7.16 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 1156 | [Owner : Jean Bouquet | Parent : 5188() | 255.11 Mo] - (.Opera Software - Opera Internet Browser.) - (62.0.3331.72) = C:\Users\Jean Bouquet\AppData\Local\Programs\Opera\62.0.3331.72\opera.exe [15/07/2019 10:17:03] CPU Usage:0 % 7572 | [Owner : Jean Bouquet | Parent : 1156(opera.exe) | 8.47 Mo] - (.Opera Software - Opera crash-reporter.) - (62.0.3331.72) = C:\Users\Jean Bouquet\AppData\Local\Programs\Opera\62.0.3331.72\opera_crashreporter.exe [15/07/2019 10:17:03] CPU Usage:0 % 9444 | [Owner : Jean Bouquet | Parent : 1156(opera.exe) | 126.7 Mo] - (.Opera Software - Opera Internet Browser.) - (62.0.3331.72) = C:\Users\Jean Bouquet\AppData\Local\Programs\Opera\62.0.3331.72\opera.exe [15/07/2019 10:17:03] CPU Usage:0 % 1676 | [Owner : Jean Bouquet | Parent : 1156(opera.exe) | 26.23 Mo] - (.Opera Software - Opera Internet Browser.) - (62.0.3331.72) = C:\Users\Jean Bouquet\AppData\Local\Programs\Opera\62.0.3331.72\opera.exe [15/07/2019 10:17:03] CPU Usage:0 % 11932 | [Owner : Jean Bouquet | Parent : 1156(opera.exe) | 39.87 Mo] - (.Opera Software - Opera Internet Browser.) - (62.0.3331.72) = C:\Users\Jean Bouquet\AppData\Local\Programs\Opera\62.0.3331.72\opera.exe [15/07/2019 10:17:03] CPU Usage:0 % 8184 | [Owner : Jean Bouquet | Parent : 1156(opera.exe) | 84.97 Mo] - (.Opera Software - Opera Internet Browser.) - (62.0.3331.72) = C:\Users\Jean Bouquet\AppData\Local\Programs\Opera\62.0.3331.72\opera.exe [15/07/2019 10:17:03] CPU Usage:0 % 13144 | [Owner : Jean Bouquet | Parent : 1156(opera.exe) | 36.76 Mo] - (.Opera Software - Opera Internet Browser.) - (62.0.3331.72) = C:\Users\Jean Bouquet\AppData\Local\Programs\Opera\62.0.3331.72\opera.exe [15/07/2019 10:17:03] CPU Usage:0 % 6064 | [Owner : Jean Bouquet | Parent : 1156(opera.exe) | 47.39 Mo] - (.Opera Software - Opera Internet Browser.) - (62.0.3331.72) = C:\Users\Jean Bouquet\AppData\Local\Programs\Opera\62.0.3331.72\opera.exe [15/07/2019 10:17:03] CPU Usage:0 % 8424 | [Owner : Jean Bouquet | Parent : 1156(opera.exe) | 58.08 Mo] - (.Opera Software - Opera Internet Browser.) - (62.0.3331.72) = C:\Users\Jean Bouquet\AppData\Local\Programs\Opera\62.0.3331.72\opera.exe [15/07/2019 10:17:03] CPU Usage:0 % 4860 | [Owner : Jean Bouquet | Parent : 1156(opera.exe) | 34.68 Mo] - (.Opera Software - Opera Internet Browser.) - (62.0.3331.72) = C:\Users\Jean Bouquet\AppData\Local\Programs\Opera\62.0.3331.72\opera.exe [15/07/2019 10:17:03] CPU Usage:0 % 12136 | [Owner : Jean Bouquet | Parent : 1156(opera.exe) | 54.39 Mo] - (.Opera Software - Opera Internet Browser.) - (62.0.3331.72) = C:\Users\Jean Bouquet\AppData\Local\Programs\Opera\62.0.3331.72\opera.exe [15/07/2019 10:17:03] CPU Usage:0 % 2776 | [Owner : Jean Bouquet | Parent : 1156(opera.exe) | 102.12 Mo] - (.Opera Software - Opera Internet Browser.) - (62.0.3331.72) = C:\Users\Jean Bouquet\AppData\Local\Programs\Opera\62.0.3331.72\opera.exe [15/07/2019 10:17:03] CPU Usage:0 % 11664 | [Owner : Système | Parent : 872(services.exe) | 14.04 Mo] - (.Microsoft Corporation - Adaptateur inverse de performance WMI.) - (10.0.18362.1) = C:\Windows\System32\wbem\WmiApSrv.exe [19/03/2019 06:43:54] CPU Usage:0 % 2784 | [Owner : Jean Bouquet | Parent : 1156(opera.exe) | 124.1 Mo] - (.Opera Software - Opera Internet Browser.) - (62.0.3331.72) = C:\Users\Jean Bouquet\AppData\Local\Programs\Opera\62.0.3331.72\opera.exe [15/07/2019 10:17:03] CPU Usage:0 % 7936 | [Owner : SERVICE LOCAL | Parent : 3244(svchost.exe) | 14.93 Mo] - (.Microsoft Corporation - Isolation graphique de périphérique audio Windows.) - (10.0.18362.239) = C:\Windows\System32\audiodg.exe [10/07/2019 21:03:38] CPU Usage:0 % 3880 | [Owner : Jean Bouquet | Parent : 1156(opera.exe) | 66.76 Mo] - (.SosVirus - QuickDiag.) - (27.2.19.1) = I:\TEMP QUICKDIAG\scoped_dir1156_23204\QuickDiag.exe [22/07/2019 00:33:09] CPU Usage:1 % 12380 | [Owner : Jean Bouquet | Parent : 1156(opera.exe) | 27.4 Mo] - (.Opera Software - Opera Internet Browser.) - (62.0.3331.72) = C:\Users\Jean Bouquet\AppData\Local\Programs\Opera\62.0.3331.72\opera.exe [15/07/2019 10:17:03] CPU Usage:0 % 11012 | [Owner : SERVICE RÉSEAU | Parent : 88(svchost.exe) | 12.22 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.18362.1) = C:\Windows\SysWOW64\wbem\WmiPrvSE.exe [19/03/2019 06:45:12] CPU Usage:0 % ---------- | Locked Applications ---------- | Explorer.exe Modules (Microsoft Files Whitelisted) (..-..) - (0.0.0.0) -- C:\Windows\System32\UMPDC.dll (..-..) - (0.0.0.0) -- C:\Windows\System32\VirtualMonitorManager.dll (.NVIDIA Corporation.-.NVIDIA Driver Loader, Version 399.24.) - (24.21.13.9924) -- C:\Windows\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_8e4f37220e99138f\nvldumdx.dll (.NVIDIA Corporation.-.NVIDIA D3D10 Driver, Version 399.24.) - (24.21.13.9924) -- C:\Windows\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_8e4f37220e99138f\nvwgf2umx_cfg.dll (.AVAST Software.-.Avast Shell Extension.) - (19.6.4546.0) -- C:\Program Files\AVAST Software\Avast\ashShell.dll (..-..) - (0.0.0.0) -- C:\Windows\ShellExperiences\TileControl.dll (..-..) - (0.0.0.0) -- C:\Windows\ShellComponents\TaskFlowUI.dll (.Binary Fortress Software.-.DisplayFusion Hook.) - (9.5.0.1) -- C:\Program Files (x86)\DisplayFusion\Hooks\AppHook64_67D2283E-1D4E-48D2-8056-6BE0E2D153A5.dll (.Malwarebytes.-.Malwarebytes.) - (3.0.0.79) -- C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll (.Disc Soft Ltd.-.DAEMON Tools Lite.) - (10.8.0.402) -- C:\Program Files\DAEMON Tools Lite\DTShl64.dll (.Zeon International Investment Corp. .-.SDirectShellExt Module.) - (1.0.0.12) -- C:\Program Files (x86)\Nuance\Power PDF\bin\SDirectShellExt.dll (.Nuance Communications, Inc..-.SHELLEXT.DLL.) - (1.0.14219.939) -- C:\Program Files (x86)\Nuance\Power PDF\ShellExt.dll (.AVAST Software.-.Avast AAVM Remote Procedure Call Library.) - (19.6.4546.0) -- C:\Program Files\AVAST Software\Avast\AavmRpch.dll (.Igor Pavlov.-.7-Zip Shell Extension.) - (19.0.0.0) -- C:\Program Files\7-Zip\7-zip.dll ---------- | Winlogon.exe Modules (Microsoft Files Whitelisted) (..-..) - (0.0.0.0) -- C:\Windows\System32\UMPDC.dll ---------- | svchost.exe Modules (Microsoft Files Whitelisted) (..-..) - (0.0.0.0) -- C:\Windows\System32\UMPDC.dll (.Apple Inc..-.Bonjour Namespace Provider.) - (3.0.0.10) -- C:\Program Files\Bonjour\mdnsNSP.dll (.AVAST Software.-.Avast AMSI COM object.) - (19.6.4546.0) -- C:\Program Files\AVAST Software\Avast\aswAMSI.dll (.AVAST Software.-.Avast dll loader.) - (19.6.4546.0) -- C:\Program Files\AVAST Software\Avast\dll_loader.dll (.AVAST Software.-.Antivirus HW dependent library.) - (19.6.4546.0) -- C:\Program Files\AVAST Software\Avast\aswCmnOS.dll (.AVAST Software.-.Antivirus independent functions.) - (19.6.4546.0) -- C:\Program Files\AVAST Software\Avast\aswCmnIS.dll (.AVAST Software.-.Avast Logging Library.) - (19.6.4546.0) -- C:\Program Files\AVAST Software\Avast\log.dll (.AVAST Software.-.Avast module lifetime.) - (19.6.4546.0) -- C:\Program Files\AVAST Software\Avast\module_lifetime.dll (.AVAST Software.-.Avast Property Storage library.) - (19.6.4546.0) -- C:\Program Files\AVAST Software\Avast\aswProperty.dll (.AVAST Software.-.Avast AV Property Storage library.) - (19.6.4546.0) -- C:\Program Files\AVAST Software\Avast\aswPropertyAv.dll (.AVAST Software.-.Avast AAVM Remote Procedure Call Library.) - (19.6.4546.0) -- C:\Program Files\AVAST Software\Avast\AavmRpch.dll (.AVAST Software.-.Avast task library core.) - (19.6.4546.0) -- C:\Program Files\AVAST Software\Avast\tasks_core.dll (.SQLite Development Team.-.SQLite is a software library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine..) - (3.25.3.0) -- c:\windows\system32\winsqlite3.dll (.AVAST Software.-.Hook Library.) - (19.6.4546.0) -- C:\Program Files\AVAST Software\Avast\aswhook.dll (..-..) - (0.0.0.0) -- C:\WINDOWS\SYSTEM32\WINBIOPLUGINS\FACEBOOTSTRAPADAPTER.DLL ---------- | ZeroAccess Check [HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll [HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll [HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll ---------- | Startings up DAEMON Tools Lite Automount - ("C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun [HKU\S-1-5-18\SOFTWARE\...\Run]) - User: AUTORITE NT\Système OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-19\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE LOCAL OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-20\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE RÉSEAU OneDrive - ("C:\Users\Jean Bouquet\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\SOFTWARE\...\Run]) - User: DESKTOP-2ORIENU\Jean Bouquet Rainlendar2 - (C:\Program Files\Rainlendar2\Rainlendar2.exe [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\SOFTWARE\...\Run]) - User: DESKTOP-2ORIENU\Jean Bouquet DymoQuickPrint - ("C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe" /startup [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\SOFTWARE\...\Run]) - User: DESKTOP-2ORIENU\Jean Bouquet Clavier+ - (C:\Users\Jean Bouquet\AppData\Local\Clavier+\Clavier.exe [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\SOFTWARE\...\Run]) - User: DESKTOP-2ORIENU\Jean Bouquet StickyPassword - (C:\Program Files (x86)\Sticky Password\stpass.exe [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\SOFTWARE\...\Run]) - User: DESKTOP-2ORIENU\Jean Bouquet Steam - ("C:\Program Files (x86)\Steam\steam.exe" -silent [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\SOFTWARE\...\Run]) - User: DESKTOP-2ORIENU\Jean Bouquet Spotify - (C:\Users\Jean Bouquet\AppData\Roaming\Spotify\Spotify.exe --autostart --minimized [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\SOFTWARE\...\Run]) - User: DESKTOP-2ORIENU\Jean Bouquet Gadwin PrintScreen - (C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\SOFTWARE\...\Run]) - User: DESKTOP-2ORIENU\Jean Bouquet RoboForm - ("C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\SOFTWARE\...\Run]) - User: DESKTOP-2ORIENU\Jean Bouquet DisplayFusion - ("C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe" [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\SOFTWARE\...\Run]) - User: DESKTOP-2ORIENU\Jean Bouquet DAEMON Tools Lite Automount - ("C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun [HKU\.DEFAULT\SOFTWARE\...\Run]) - User: .DEFAULT CardMinder Viewer - (C:\PROGRA~2\PFU\ScanSnap\CARDMI~1\CARDLA~2.EXE [Common Startup]) - User: Public Conversion au format PDF avec ScanSnap Organizer - (C:\PROGRA~2\PFU\ScanSnap\ORGANI~1\PFED53~1.EXE [Common Startup]) - User: Public ScanSnap Manager - (C:\PROGRA~2\PFU\ScanSnap\Driver\PfuSsMon.exe [Common Startup]) - User: Public SecurityHealth - (%windir%\system32\SecurityHealthSystray.exe [HKLM\SOFTWARE\...\Run]) - User: Public RtkAudUService - ("C:\Windows\System32\RtkAudUService64.exe" -background [HKLM\SOFTWARE\...\Run]) - User: Public Logitech Download Assistant - (C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [HKLM\SOFTWARE\...\Run]) - User: Public AvastUI.exe - ("C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui [HKLM\SOFTWARE\...\Run]) - User: Public [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\Software\Microsoft\Windows\CurrentVersion\Run] "OneDrive"="C:\Users\Jean Bouquet\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background "Rainlendar2"=C:\Program Files\Rainlendar2\Rainlendar2.exe [25/05/2018 09:11:52] "DymoQuickPrint"="C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe" /startup "Clavier+"=C:\Users\Jean Bouquet\AppData\Local\Clavier+\Clavier.exe [02/07/2019 19:31:50] "StickyPassword"=C:\Program Files (x86)\Sticky Password\stpass.exe [02/07/2019 00:46:30] "Steam"="C:\Program Files (x86)\Steam\steam.exe" -silent "Spotify"=C:\Users\Jean Bouquet\AppData\Roaming\Spotify\Spotify.exe --autostart --minimized "Gadwin PrintScreen"=C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash "RoboForm"="C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" "DisplayFusion"="C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe" [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run] "Clavier+"=0x020000000000000000000000 "OneDrive"=0x020000000000000000000000 "Rainlendar2"=0x020000000000000000000000 "RoboForm"=0x020000000000000000000000 "StickyPassword"=0x020000000000000000000000 "DisplayFusion"=0x020000000000000000000000 "DymoQuickPrint"=0x03000000646E62ABC238D501 "DDAssist"=0x020000000000000000000000 "Steam"=0x03000000294DA8386435D501 "AvastBrowserAutoLaunch_0F64F9902282E6C0665B960A9B86A70F"=0x020000000000000000000000 "Spotify"=0x03000000E4CE4F9CC238D501 "ISUSPM"=0x020000000000000000000000 "Gadwin PrintScreen"=0x020000000000000000000000 [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RunMRU] "a"=msconfig\1 "MRUList"=ba "b"=diskmgmt.msc\1 [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "Device"=Canon iX6800 series,winspool,Ne05: "IsMRUEstablished"=1 "LegacyDefaultPrinterMode"=1 [HKLM\Software\Microsoft\Command Processor] "CompletionChar"=9 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=9 [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "SecurityHealth"=%windir%\system32\SecurityHealthSystray.exe "RtkAudUService"="C:\Windows\System32\RtkAudUService64.exe" -background "Logitech Download Assistant"=C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run] "SecurityHealth"=0x060000000000000000000000 "AvastUI.exe"=0x020000000000000000000000 "Logitech Download Assistant"=0x03000000D2FD68786435D501 "RtkAudUService"=0x020000000000000000000000 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32] "DLSWebSvc"=0x020000000000000000000000 "CanonQuickMenu"=0x020000000000000000000000 "Corsair K95"=0x020000000000000000000000 "ISUSPM"=0x020000000000000000000000 "PowerPDF Registry Controller"=0x020000000000000000000000 "Nuance Power PDF Standard-reminder"=0x020000000000000000000000 "DNS7reminder"=0x020000000000000000000000 "SunJavaUpdateSched"=0x020000000000000000000000 [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] ""=mnmsrvc "AppInit_DLLs"= "DdeSendTimeout"=0 "DesktopHeapLogging"=1 "DeviceNotSelectedTimeout"=15 "DwmInputUsesIoCompletionPort"=1 "EnableDwmInputProcessing"=7 "GDIProcessHandleQuota"=10000 "IconServiceLib"=IconCodecService.dll "LoadAppInit_DLLs"=0 "NaturalInputHandler"=Ninput.dll "ShutdownWarningDialogTimeout"=4294967295 "Spooler"=yes "ThreadUnresponsiveLogTimeout"=500 "TransmissionRetryTimeout"=90 "USERNestedWindowLimit"=50 "USERPostMessageLimit"=10000 "USERProcessHandleQuota"=10000 "Win32kLastWriteTime"=1D537522F3EBD6A [HKLM\Software\WOW6432Node\Microsoft\Command Processor] "CompletionChar"=9 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=9 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] "DLSWebSvc"="C:\Program Files (x86)\DYMO\DYMO Label Software\DYMO.DLS.Printing.Host.exe" /auto "CanonQuickMenu"=C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon "Corsair K95"=C:\Program Files (x86)\Corsair\K95 Keyboard\K95Hid.exe [02/07/2019 15:57:38] "ISUSPM"=C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler "PowerPDF Registry Controller"="C:\Program Files (x86)\Nuance\Power PDF\RegistryController.exe" "Nuance Power PDF Standard-reminder"="C:\Program Files (x86)\Nuance\Power PDF\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\Power PDF Standard\Ereg\Ereg.ini" "DNS7reminder"="C:\Program Files (x86)\Nuance\NaturallySpeaking13\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking13\Ereg.ini" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows] ""=mnmsrvc "AppInit_DLLs"= "DdeSendTimeout"=0 "DesktopHeapLogging"=1 "DeviceNotSelectedTimeout"=15 "DwmInputUsesIoCompletionPort"=1 "EnableDwmInputProcessing"=7 "GDIProcessHandleQuota"=10000 "IconServiceLib"=IconCodecService.dll "LoadAppInit_DLLs"=0 "NaturalInputHandler"=Ninput.dll "ShutdownWarningDialogTimeout"=4294967295 "Spooler"=yes "ThreadUnresponsiveLogTimeout"=500 "TransmissionRetryTimeout"=90 "USERNestedWindowLimit"=50 "USERPostMessageLimit"=10000 "USERProcessHandleQuota"=10000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED} ---------- | Win.ini : ---------- | System.ini : ---------- | Tasks List Adobe Acrobat Update Task Adobe Flash Player PPAPI Notifier Adobe Flash Player Updater Avast Emergency Update Avast Secure Browser Heartbeat Task (Hourly) Avast Secure Browser Heartbeat Task (Logon) AvastUpdateTaskMachineCore AvastUpdateTaskMachineUA GoogleUpdateTaskMachineCore GoogleUpdateTaskMachineUA HPCustParticipation HP LaserJet M14-M17 OneDrive Standalone Update Task-S-1-5-21-84932897-3685993778-4120941894-1001 Open URL by RoboForm Opera scheduled Autoupdate 1562339949 Run RoboForm TaskBar Icon ---------- | Startings up registry ¦ Folder ---------- | Control - lsa - SecurityProviders - Session Manager - Terminal Server [HKLM\System\CurrentControlSet\Control] "BootDriverFlags"=28 "CurrentUser"=USERNAME "EarlyStartServices"=RpcSs Power BrokerInfrastructure SystemEventsBroker DcomLaunch RpcEpMapper LSM AppIdSvc "PreshutdownOrder"=DeviceInstall UsoSvc gpsvc trustedinstaller "SvcHostSplitThresholdInKB"=3670016 "WaitToKillServiceTimeout"=2000 "SystemStartOptions"= NOEXECUTE=OPTIN NOVGA "SystemBootDevice"=multi(0)disk(0)rdisk(7)partition(4) "FirmwareBootDevice"=multi(0)disk(0)rdisk(7)partition(2) "LastBootSucceeded"=1 "LastBootShutdown"=1 "DirtyShutdownCount"=3 [HKLM\System\CurrentControlSet\Control\lsa] "auditbasedirectories"=0 "auditbaseobjects"=0 "Bounds"=0x0030000000200000 "crashonauditfail"=0 "fullprivilegeauditing"=0x00 "LimitBlankPasswordUse"=0 "NoLmHash"=1 "Security Packages"="" [22/07/2019 00:33:31] "Notification Packages"=scecli "Authentication Packages"=msv1_0 "LsaPid"=884 "LsaCfgFlagsDefault"=0 "SecureBoot"=1 "ProductType"=6 "disabledomaincreds"=0 "everyoneincludesanonymous"=0 "forceguest"=0 "restrictanonymous"=0 "restrictanonymoussam"=1 [HKLM\System\CurrentControlSet\Control\SecurityProviders] "SecurityProviders"=credssp.dll [HKLM\System\CurrentControlSet\Control\Session Manager] "AutoChkTimeout"=8 "BootExecute"=autocheck autochk * "BootShell"=%SystemRoot%\system32\bootim.exe "CriticalSectionTimeout"=2592000 "ExcludeFromKnownDlls"= "GlobalFlag"=0 "GlobalFlag2"=0 "HeapDeCommitFreeBlockThreshold"=0 "HeapDeCommitTotalFreeThreshold"=0 "HeapSegmentCommit"=0 "HeapSegmentReserve"=0 "InitConsoleFlags"=0 "NumberOfInitialSessions"=2 "ObjectDirectories"=\Windows \RPC Control "ProcessorControl"=2 "ProtectionMode"=1 "ResourceTimeoutCount"=150 "RunLevelExecute"=WinInit ServiceControlManager "RunLevelValidate"=ServiceControlManager "SETUPEXECUTE"= "AutoChkSkipSystemPartition"=0 [HKLM\System\CurrentControlSet\Control\Terminal Server] "AllowRemoteRPC"=0 "DelayConMgrTimeout"=0 "DeleteTempDirsOnExit"=1 "fDenyTSConnections"=1 "fSingleSessionPerUser"=1 "NotificationTimeOut"=0 "PerSessionTempDir"=0 "ProductVersion"=5.1 "RCDependentServices"=CertPropSvc SessionEnv "SnapshotMonitors"=1 "StartRCM"=0 "TSUserEnabled"=0 "RailShowallNotifyIcons"=1 "RDPVGCInstalled"=1 "InstanceID"=2b6dd539-9581-4f6d-95f5-cb7cf6e "GlassSessionId"=1 ---------- | .LNK with Arguments C:\Users\Jean Bouquet\Desktop\AdsFix_Donate.lnk - Encrypted: False - Target: C:\Program Files (x86)\Internet Explorer\iexplore.exe - Args: (hxxps://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=S3AQ8V3XRWWYN) - Hidden: False - Status: OK ---------- | AppCertDlls ---------- | Dnsapi.dll C:\Windows\System32\dnsapi.dll -> OK : \drivers\etc\hosts C:\Windows\SysWOW64\dnsapi.dll -> OK : \drivers\etc\hosts ---------- | Policies | Registry [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\Control Panel\Desktop] "ActiveWndTrackTimeout"=0 "BlockSendInputResets"=0 "CaretTimeout"=5000 "CaretWidth"=1 "ClickLockTime"=1200 "CoolSwitchColumns"=7 "CoolSwitchRows"=3 "CursorBlinkRate"=530 "DockMoving"=1 "DragFromMaximize"=1 "DragFullWindows"=1 "DragHeight"=4 "DragWidth"=4 "FocusBorderHeight"=1 "FocusBorderWidth"=1 "FontSmoothing"=2 "FontSmoothingGamma"=0 "FontSmoothingOrientation"=1 "FontSmoothingType"=2 "ForegroundFlashCount"=7 "ForegroundLockTimeout"=200000 "LeftOverlapChars"=3 "MenuShowDelay"=400 "MouseWheelRouting"=2 "PaintDesktopVersion"=0 "Pattern"=0 "RightOverlapChars"=3 "ScreenSaveActive"=1 "SnapSizing"=1 "TileWallpaper"=1 "WallPaper"=C:\Users\Jean Bouquet\AppData\Local\DisplayFusion\Wallpaper_2.png [21/07/2019 19:33:23] "WallpaperOriginX"=0 "WallpaperOriginY"=0 "WallpaperStyle"=0 "WheelScrollChars"=3 "WheelScrollLines"=3 "WindowArrangementActive"=0 "Win8DpiScaling"=0 "DpiScalingVer"=4096 "UserPreferencesMask"=0x9E1E078012000000 "MaxVirtualDesktopDimension"=3840 "MaxMonitorDimension"=1920 "TranscodedImageCount"=2 "LastUpdated"=4294967295 "TranscodedImageCache"=0x7AC30100C5586C00000F0000B004000092D2E677EA3FD50143003A005C00550073006500720073005C004A00650061006E00200042006F00750071007500650074005C0041007000700044006100740061005C004C006F00630061006C005C0044006900730070006C006100790046007500730069006F006E005C00570061006C006C00700061007000650072005F0032002E0070006E00670000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 "ScreenSaverIsSecure"=0 "ScreenSaveTimeOut"=60 "ActiveWndTrkTimeout"=0 "PreferredUILanguages"=fr-FR "WallpaperDF"=C:\Users\Jean Bouquet\AppData\Local\DisplayFusion\Wallpaper_2.png [21/07/2019 19:33:23] "LockScreenAutoLockActive"=0 "WaitToKillAppTimeout"=2000 "HungAppTimeout"=2000 [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{018D5C66-4533-4307-9B53-224DE2ED1FE6}"=1 [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\Software\Microsoft\Windows\CurrentVersion\Explorer] "ExplorerStartupTraceRecorded"=1 "ShellState"=0x240000003D28000000000000000000000000000001000000130000000000000062000000 "UserSignedIn"=1 "SIDUpdatedOnLibraries"=1 "LocalKnownFoldersMigrated"=1 "TelemetrySalt"=5 "GlobalAssocChangedCounter"=361 "FirstRunTelemetryComplete"=1 "AppReadinessLogonComplete"=1 "EdgeDesktopShortcutCreated"=1 "Reason Setting"=255 "SlowContextMenuEntries"=0x7B5D1B1DC90F2E45902C12BACD4FBC200D0B00000114020000000000C000000000000046C6010000B083204722C5CF11876300608CC02F2422530000AF75193DC6488E4FA182BE0E08FA86A9B50100006024B221EA3A6910A2DC08002B30309D9D000000 "PostAppInstallTasksCompleted"=1 "link"=0x1E000000 "Browse For Folder Width"=347 "Browse For Folder Height"=346 [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_SearchFiles"=2 "ServerAdminUI"=0 "Hidden"=1 "ShowCompColor"=1 "HideFileExt"=1 "DontPrettyPath"=0 "ShowInfoTip"=1 "HideIcons"=0 "MapNetDrvBtn"=0 "WebView"=1 "Filter"=0 "ShowSuperHidden"=0 "SeparateProcess"=0 "AutoCheckSelect"=0 "IconsOnly"=0 "ShowTypeOverlay"=1 "ShowStatusBar"=1 "StoreAppsOnTaskbar"=1 "ListviewAlphaSelect"=1 "ListviewShadow"=1 "TaskbarAnimations"=1 "StartMenuInit"=13 "TaskbarStateLastRun"=0x00482C5D00000000 "ShowCortanaButton"=0 "ReindexedProfile"=1 "TaskbarSizeMove"=1 "DisablePreviewDesktop"=1 "TaskbarGlomLevel"=0 "MMTaskbarEnabled"=1 "ShowTaskViewButton"=0 "DontUsePowerShellOnWinX"=1 [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\WordWheelQuery] "MRUListEx"=0x1D0000001C0000001B0000001A000000190000001800000017000000160000001500000014000000130000001200000011000000100000000F000000030000000E0000000C0000000D0000000B0000000A000000060000000900000008000000070000000500000004000000020000000100000000000000FFFFFFFF "0"=0x450053005300410049000000 "1"=0x73007400690063006B0079000000 "2"=0x63006D00640065000000 "4"=0x43004F004E004600490047002E004D00530049000000 "5"=0x7200650063006F0076006500720079000000 "7"=0x4C00410055004E0043004800450052000000 "8"=0x4C00410055004E0043004800450052002E004500580045000000 "9"=0x41005000500044004100540041000000 "6"=0x6F0070006500720061000000 "10"=0x6C006100750063006800650072002E006500780065000000 "11"=0x7600610064000000 "13"=0x2A002E0078006C00730020006400610074006500640065006D006F00640069006600690063006100740069006F006E003A0061006E006E00E900650020006400650072006E006900E800720065000000 "12"=0x2A002E0078006C0073000000 "14"=0x2A002E0078006C00730020006400610074006500640065006D006F00640069006600690063006100740069006F006E003A0063006500740074006500200061006E006E00E90065000000 "3"=0x6D00730069000000 "15"=0x63006F006E006600690067000000 "16"=0x41006400760061006E006300650064002000530079007300740065006D0020005200650070006100690072002000500072006F000000 "17"=0x63006400690070000000 "18"=0x63006F00720065006C000000 "19"=0x77006800610074000000 "20"=0x570069006E0064006F007700730041007000700073000000 "21"=0x4600490043004800450053000000 "22"=0x6C006F007400750073000000 "23"=0x370039003800320038000000 "24"=0x7400610062006C006500610075000000 "25"=0x3700390038003200380020007400610062006C006500610075000000 "26"=0x530068006F00720074006300750074000000 "27"=0x67006F006F0067006C0065002000730065007400750070000000 "28"=0x640065006200690074006500730074000000 "29"=0x4100440053004600490058000000 [HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers] "authenticodeenabled"=0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "DSCAutomationHostEnabled"=2 "EnableCursorSuppression"=1 "EnableFullTrustStartupTasks"=2 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableUwpStartupTasks"=2 "EnableVirtualization"=1 "PromptOnSecureDesktop"=1 "SupportFullTrustStartupTasks"=1 "SupportUwpStartupTasks"=1 "ValidateAdminCodeSignatures"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "ForceActiveDesktopOn"=0 "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "NoRecentDocsHistory"=0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoAddingComponents"=1 "NoComponents"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 "{26AFDB68-5ABA-49CB-9207-F4B7FCDBC980}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 "{26AFDB68-5ABA-49CB-9207-F4B7FCDBC980}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "CheckedValue"=1 "DefaultValue"=2 "HKeyRoot"=2147483649 "Id"=2 "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "ValueName"=Hidden [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer] "ActiveSetupDisabled"=0 "ActiveSetupTaskOverride"=1 "AsyncRunOnce"=1 "AsyncUpdatePCSettings"=1 "DisableAppInstallsOnFirstLogon"=1 "DisableResolveStoreCategories"=1 "DisableUpgradeCleanup"=1 "EarlyAppResolverStart"=1 "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "FSIASleepTimeInMs"=60000 "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "IconUnderline"=2 "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "MachineOobeUpdates"=1 "NoWaitOnRoamingPayloads"=1 "TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd} "AccessDeniedDialog"={100B4FC8-74C1-470F-B1B7-DD7B6BAE79BD} "GlobalAssocChangedCounter"=12 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_TrackDocs"=1 "TaskbarSizeMove"=0 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s [HKLM\Software\WOW6432Node\Policies\Microsoft\Windows\Safer\CodeIdentifiers] "authenticodeenabled"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "DSCAutomationHostEnabled"=2 "EnableCursorSuppression"=1 "EnableFullTrustStartupTasks"=2 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableUwpStartupTasks"=2 "EnableVirtualization"=1 "PromptOnSecureDesktop"=1 "SupportFullTrustStartupTasks"=1 "SupportUwpStartupTasks"=1 "ValidateAdminCodeSignatures"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer] "ForceActiveDesktopOn"=0 "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "NoRecentDocsHistory"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoAddingComponents"=1 "NoComponents"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "CheckedValue"=1 "DefaultValue"=2 "HKeyRoot"=2147483649 "Id"=2 "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "ValueName"=Hidden [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer] "ActiveSetupDisabled"=0 "ActiveSetupTaskOverride"=1 "AsyncRunOnce"=1 "AsyncUpdatePCSettings"=1 "DisableAppInstallsOnFirstLogon"=1 "DisableResolveStoreCategories"=1 "DisableUpgradeCleanup"=1 "EarlyAppResolverStart"=1 "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "FSIASleepTimeInMs"=60000 "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "IconUnderline"=2 "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "MachineOobeUpdates"=1 "NoWaitOnRoamingPayloads"=1 "TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd} "AccessDeniedDialog"={100B4FC8-74C1-470F-B1B7-DD7B6BAE79BD} "GlobalAssocChangedCounter"=44 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_TrackDocs"=1 "TaskbarSizeMove"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s ---------- | Winlogon [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin;OneDrive;Work Folders "BuildNumber"=18362 "FirstLogon"=0 "PUUActive"=0xCC727E61010003004200FB00A98C0A00A4C40B00A4C40B00D200000002002900F6378F9E96B3190057E81000D2AF070054760700654F00000000000000000000BC4911001C590000BD03000000000000B6B9C9D21340D501A98C0A000000000001000000A98C0A00BA47000016050000A7BF140000000000 "DP"=0xD200E8003E00030042000000CC727E61245B52000000000072CC4BA81040D501BF1643170440D501B4751C0000000000290E0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000F03F80510100F74601809440084295705862555000C08478402B857A406B219B00809022164C9C32964CB65800801088040514898405AF4C010004ADC30304ADC307EB090080001C6460C11E6464C495008080845C0180845C491C4E0180040C4448040E4448A64800C05C45944A5C4DBC5A1C2101C011000341510403635EFD00C029304144A9B06144 "ParseAutoexec"=1 [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "AutoRestartShell"=1 "Background"=0 0 0 "CachedLogonsCount"=10 "DebugServerCommand"=no "DefaultDomainName"= "DefaultUserName"=Jean Bouquet "DisableBackButton"=1 "EnableSIHostIntegration"=1 "ForceUnlockLogon"=0 "LegalNoticeCaption"= "LegalNoticeText"= "PasswordExpiryWarning"=5 "PowerdownAfterShutdown"=0 "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "ReportBootOk"=1 "Shell"=explorer.exe "ShellCritical"=0 "ShellInfrastructure"=sihost.exe "SiHostCritical"=0 "SiHostReadyTimeOut"=0 "SiHostRestartCountLimit"=0 "SiHostRestartTimeGap"=0 "Userinit"=C:\Windows\system32\userinit.exe, "VMApplet"=SystemPropertiesPerformance.exe /pagefile "WinStationsDisabled"=0 "scremoveoption"=0 "DisableCAD"=1 "LastLogOffEndTimePerfCounter"=9994476257 "ShutdownFlags"=2147483815 "AutoAdminLogon"=0 "DisableLockWorkstation"=0 "EnableFirstLogonAnimation"=1 "AutoLogonSID"=S-1-5-21-84932897-3685993778-4120941894-1001 "LastUsedUsername"=Jean Bouquet [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon] "DefaultDomainName"= "DefaultUserName"= "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "Shell"=explorer.exe "ShellCritical"=0 "SiHostCritical"=0 "SiHostReadyTimeOut"=0 "SiHostRestartCountLimit"=0 "SiHostRestartTimeGap"=0 "Userinit"=C:\Windows\system32\userinit.exe [19/03/2019 06:44:35] ---------- | Associations [HKLM\Software\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\Classes\.com] ""=comfile [HKLM\Software\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.reg] ""=regfile [HKLM\Software\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\Classes\.scr] ""=scrfile [HKLM\Software\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\Classes\.bat] ""=batfile [HKLM\Software\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.cmd] ""=cmdfile [HKLM\Software\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.pif] ""=piffile [HKLM\Software\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.inf] ""=inffile [HKLM\Software\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\Classes\.url] ""=InternetShortcut [HKLM\Software\Classes\.lnk] ""=lnkfile [HKLM\Software\Classes\.hta] ""=htafile "Content Type"=application/hta "PerceivedType"=text [HKLM\Software\Classes\htafile\Shell\Open\Command] ""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* [HKLM\Software\Classes\InternetShortcut] "EditFlags"=2 "FriendlyTypeName"=@C:\Windows\System32\ieframe.dll,-10046 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "NeverShowExt"= "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment [HKLM\Software\Classes\Application.Manifest] ""=Application Manifest "BrowserFlags"=4096 "EditFlags"=4259840 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200 [HKLM\Software\Classes\Application.Reference] ""=Application Reference "EditFlags"=131072 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201 "IsShortcut"= "NeverShowExt"= [HKLM\Software\Classes\Folder] ""=Folder "AppUserModelID"=Microsoft.Windows.Explorer "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeLayoutPatternForSearch"=alpha "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.HomeGroupSharingStatus [HKLM\Software\WOW6432Node\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\WOW6432Node\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\WOW6432Node\Classes\.com] ""=comfile [HKLM\Software\WOW6432Node\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.reg] ""=regfile [HKLM\Software\WOW6432Node\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\WOW6432Node\Classes\.scr] ""=scrfile [HKLM\Software\WOW6432Node\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\WOW6432Node\Classes\.bat] ""=batfile [HKLM\Software\WOW6432Node\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.cmd] ""=cmdfile [HKLM\Software\WOW6432Node\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.pif] ""=piffile [HKLM\Software\WOW6432Node\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.inf] ""=inffile [HKLM\Software\WOW6432Node\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\WOW6432Node\Classes\.url] ""=InternetShortcut [HKLM\Software\WOW6432Node\Classes\.lnk] ""=lnkfile [HKLM\Software\WOW6432Node\Classes\.hta] ""=htafile "Content Type"=application/hta "PerceivedType"=text [HKLM\Software\WOW6432Node\Classes\htafile\Shell\Open\Command] ""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* [HKLM\Software\WOW6432Node\Classes\InternetShortcut] "EditFlags"=2 "FriendlyTypeName"=@C:\Windows\System32\ieframe.dll,-10046 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "NeverShowExt"= "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment [HKLM\Software\WOW6432Node\Classes\Application.Manifest] ""=Application Manifest "BrowserFlags"=4096 "EditFlags"=4259840 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200 [HKLM\Software\WOW6432Node\Classes\Application.Reference] ""=Application Reference "EditFlags"=131072 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201 "IsShortcut"= "NeverShowExt"= [HKLM\Software\WOW6432Node\Classes\Folder] ""=Folder "AppUserModelID"=Microsoft.Windows.Explorer "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeLayoutPatternForSearch"=alpha "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.HomeGroupSharingStatus [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\Software\Clients\StartMenuInternet\OperaStable\Shell\open\Command] ""="C:\Program Files (x86)\Opera\Launcher.exe" [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\Software\Clients\StartMenuInternet\OperaStable\InstallInfo] "ReinstallCommand"="C:\Users\Jean Bouquet\AppData\Local\Programs\Opera\Launcher.exe" --makedefaultbrowser [HKLM\Software\Clients\StartMenuInternet\Avast Secure Browser\Shell\open\Command] ""="C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" [HKLM\Software\Clients\StartMenuInternet\Avast Secure Browser\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" --make-default-browser [HKLM\Software\Clients\StartMenuInternet\Google Chrome\Shell\open\Command] ""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [HKLM\Software\Clients\StartMenuInternet\Google Chrome\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""=C:\Program Files\Internet Explorer\iexplore.exe [19/03/2019 14:02:17] [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Avast Secure Browser\Shell\open\Command] ""="C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Avast Secure Browser\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" --make-default-browser [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\Shell\open\Command] ""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""=C:\Program Files\Internet Explorer\iexplore.exe [19/03/2019 14:02:17] [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall ---------- | AppcompatFlags [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted] "E:\AATELECHARGEMENT\ROBOFORM\scoped_dir13064_32753\ASR_Blue_Installer_7GA-inapp-1G.exe"=1 "C:\ProgramData\TSR7Settings\uninstasr.exe"=33 "C:\Users\Jean Bouquet\AppData\Local\Programs\Opera\Launcher.exe"=32 [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store] "C:\Users\Jean Bouquet\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\FileSyncConfig.exe"=0x534143500100000000000000070000002800000038C904002188050001000000000000000000000A00210000631F6E6F0EDED4010000000100000000 "C:\Users\Jean Bouquet\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\Setup.Def.fr-FR_O365HomePremRetail_07b6774c-aa41-4a59-8b36-f11de4ea9b51_TX_DB_storeid_CFQ7TTC0K5DM_Platform_def_ (1).exe"=0x534143500100000000000000070000002800000060F055000584560001000000000000000000000A00210000631F6E6F0EDED401000000000000000002000000280000000000000000000000000000000000000000000000000000009A050400000000000100000001000000 "C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe"=0x5341435001000000000000000700000028000000080099011DD4990101000000000000000000000A00210000631F6E6F0EDED401000000000000000002000000280000000000000000000000000000000000000000000000000000007CB40300000000000100000001000000 "C:\Users\Jean Bouquet\Downloads\Ninite 7Zip Avast Chrome Firefox Google Earth Installer.exe"=0x5341435001000000000000000700000028000000587D06001F66070001000000000000000000000A00210000631F6E6F0EDED4010000000000000000 "C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE"=0x534143500100000000000000070000002800000098E39A0211779B0201000000000000000000000A00210000631F6E6F0EDED4010000009100000000 "C:\Users\Jean Bouquet\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\readerdc_fr_fb_crd_install (1).exe"=0x5341435001000000000000000700000028000000305A1200678C120001000000000000000000000A00210000631F6E6F0EDED401000000000000000002000000280000000000000000000000000000000000000000000000000000007DF40100000000000100000001000000 "Z:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE"=0x5341435001000000000000000700000028000000D029AA0232C4AA0201000000000000000000000A00210000631F6E6F0EDED4010000000100000000 "C:\Users\Jean Bouquet\AppData\Local\Microsoft\OneDrive\OneDrive.exe"=0x5341435001000000000000000700000028000000383518006E76180001000000000000000000000A00210000631F6E6F0EDED4010000000100000000 "Z:\Program Files (x86)\Sony\ReaderDesktop\Reader.exe"=0x534143500100000000000000070000002800000048EBA900C416AA0001000000000000000000030671020000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000A76B4900000000000300000003000000 "C:\Users\Jean Bouquet\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\Ninite Thunderbird Installer (1).exe"=0x5341435001000000000000000700000028000000587D0600CF4F070001000000000000000000000A00210000631F6E6F0EDED401000000000000000002000000280000000000000000000000000000000000000000000000000000007F118800000000000100000001000000 "Z:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe"=0x534143500100000000000000070000002800000000700700F348080001000000000000000000010671200000631F6E6F0EDED401000000000000000002000000280000000000000000000000000000000000000000000000000000003076B700000000000300000003000000 "E:\AATELECHARGEMENT\DISPLAYFUSION\DisplayFusionSetup-9.0.exe"=0x5341435001000000000000000700000028000000F05D4801FBDA480101000000000000000000000A00210000631F6E6F0EDED40100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000000000000000000000000000000000000000469B0000000000000100000001000000 "E:\AATELECHARGEMENT\DISPLAYFUSION\DisplayFusionSetup-8.1.exe"=0x5341435001000000000000000700000028000000D09C3C01101C3D0101000000000000000000000A00210000631F6E6F0EDED4010000000000000000 "E:\AATELECHARGEMENT\CLAVIER +\ClavierSetup64.exe"=0x5341435001000000000000000700000028000000067908000000000001000000000000000000020600010000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000A27E0400000000000100000001000000 "E:\AATELECHARGEMENT\SPECCY\spsetup129.exe"=0x5341435001000000000000000700000028000000C8FD4D0038FF4D0001000000000000000000010600010000631F6E6F0EDED40100000000000000000200000028000000000000000000004000000000000000000000000000000000E6630100000000000100000001000000 "E:\AATELECHARGEMENT\RAILENDAR\Rainlendar-Pro-2.14.2-64bit.exe"=0x53414350010000000000000007000000280000001EC2E7010000000001000000000000000000000A00210000631F6E6F0EDED4010000000000000000 "C:\Program Files\Rainlendar2\Rainlendar2.exe"=0x534143500100000000000000070000002800000000702E000000000001000000000000000000000A73220000631F6E6F0EDED4010000000000000000020000002800000000000000000000000000000000000000000000000000000079130000000000000200000002000000 "C:\Program Files\DAEMON Tools Lite\DTLauncher.exe"=0x5341435001000000000000000700000028000000684A3200D945330001000000000000000000000A73220000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000549C0900000000000500000005000000 "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"=0x5341435001000000000000000700000028000000303C27001E78270001000000000000000000000A00210000631F6E6F0EDED401000000000000000002000000280000000000000000000010000000000000000000000000000000005F5D3200000000003700000037000000 "C:\Program Files\InfraRecorder\infrarecorder.exe"=0x5341435001000000000000000700000028000000005028003E86280001000000000000000000010673220000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000989D0000000000000200000002000000 "I:\temp canon\win-ix6800-1_1-mcd.exe"=0x5341435001000000000000000700000028000000305E16037E70160301000000000000000000010600010000631F6E6F0EDED4010000000000000000020000002800000000000000800000400000000000000000000000000000000023C73900000000000100000001000000 "C:\Program Files\VideoLAN\VLC\vlc.exe"=0x5341435001000000000000000700000028000000C80A0F0051C10F0001000000000000000000000600010000631F6E6F0EDED401000000000000000002000000280000000000000000000000000000000000000000000000000000008D420200000000000100000001000000 "C:\Program Files\7-Zip\7zFM.exe"=0x5341435001000000000000000700000028000000003E0D000000000001000000000000000000000A00210000631F6E6F0EDED401000000000000000002000000280000000000000000000000000000000000000000000000000000009BCF0200000000000B0000000B000000 "C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE"=0x534143500100000000000000070000002800000008201D007C741D0001000000000000000000000A00210000631F6E6F0EDED4010000000100000000 "C:\Program Files (x86)\Sticky Password\stpass.exe"=0x5341435001000000000000000700000028000000F00201008702020001000000000000000000000A00210000631F6E6F0EDED401000000000000000002000000280000000000000000000040000000000000000000000000000000001C151609000000007500000075000000 "E:\DYMO\DLS8Setup.8.7.3.exe"=0x5341435001000000000000000700000028000000D0F82B0AFE112C0A01000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000004000000000000000000000000000000000E8A10100000000000200000002000000 "C:\Program Files (x86)\DYMO\DYMO Label Software\DLS.exe"=0x5341435001000000000000000700000028000000B81C02004E93020001000000000000000000000A71200000631F6E6F0EDED40100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000000000000000000000000000000000000000647A8402000000001000000010000000 "C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPrinterWizard.exe"=0x5341435001000000000000000700000028000000007403000000000001000000000000000000000A71220000631F6E6F0EDED40100000000000000000200000028000000000000000000004000000000000000000000000000000000461E0000000000000100000001000000 "C:\Program Files (x86)\DYMO\DYMO Label Software\DYMO.DLS.Printing.Host.exe"=0x534143500100000000000000070000002800000000484E000000000001000000000000000000000A71220000631F6E6F0EDED401000000000000000002000000280000000000000000000000000000000000000000000000000000004E000000000000000200000002000000 "E:\AATELECHARGEMENT\EPSON\epson376969eu.exe"=0x5341435001000000000000000700000028000000587EDD02B891DD0201000000000000000000000671020000631F6E6F0EDED401000000000000000002000000280000000000000080000000000000000000000000000000000000008A9C0100000000000100000001000000 "C:\Windows\twain_32\escndv\escndv.exe"=0x53414350010000000000000007000000280000002853030096C8030001000000000000000000000A71200000631F6E6F0EDED4010000000000000000020000002800000000000000000000000000020000000000000000000000000052120600000000000F0000000F000000 "E:\AATELECHARGEMENT\EPSON\epson630611eu.exe"=0x5341435001000000000000000700000028000000D097DD02C78DDE0201000000000000000000010600010000631F6E6F0EDED4010000000000000000050000001000000000000000000000000000000080000000020000002800000000000000800000000000020000000000000000000000000043290000000000000100000001000000 "E:\AATELECHARGEMENT\EPSON\epson513258eu.exe"=0x534143500100000000000000070000002800000000B0AA000000000001000000000000000000010600010000631F6E6F0EDED40100000000000000000200000028000000000000008000004000000000000000000000000000000000E5420000000000000100000001000000 "C:\Program Files (x86)\Epson Software\Easy Photo Scan\EasyPhotoScan.exe"=0x5341435001000000000000000700000028000000F0C90E004DCA0E0001000000000000000000000A71220000631F6E6F0EDED4010000000000000000020000002800000000000000000000000000000000000000000000000000000041170000000000000200000002000000 "C:\Program Files (x86)\Canon\IJ Manual\Easy Guide Viewer\cmview.exe"=0x5341435001000000000000000700000028000000580E21002209220001000000000000000000030600010000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000E0140000000000000100000001000000 "C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe"=0x534143500100000000000000070000002800000000C010006605110001000000000000000000000A71220000631F6E6F0EDED401000000000000000002000000280000000000000000000000000000000000000000000000000000004E000000000000000A0000000A000000 "C:\Program Files (x86)\PFU\ScanSnap\Driver\ScanSnapTool.exe"=0x534143500100000000000000070000002800000008110600B104070001000000000000000000010671200000631F6E6F0EDED4010000000000000000020000002800000000000000000000000000000000000000000000000000000011120000000000000100000001000000 "C:\Program Files (x86)\InstallShield Installation Information\{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}\setup.exe"=0x534143500100000000000000070000002800000000B005000000000003000000000000000000000A00210000631F6E6F0EDED401000000000000000002000000280000000000000000000000000000000000000000000000000000005A4E0100000000000300000003000000 "E:\AATELECHARGEMENT\SNAPSCAN\ssv51l30W.exe"=0x5341435001000000000000000700000028000000F8F1E31E0000000001000000000000000000010571000000631F6E6F0EDED401000000000000000002000000280000000000000000000000000000000000000000000000000000003B0B0000000000000100000001000000 "E:\AATELECHARGEMENT\FUJI\WinS1500ManagerV55L10WW (2).exe"=0x5341435001000000000000000700000028000000B0CD7120FC69722001000000000000000000000A00210000631F6E6F0EDED401000000000000000002000000280000000000000000000040000000000000000000000000000000004B5DD801000000000100000001000000 "E:\AATELECHARGEMENT\sony\FP607090x64W01.exe"=0x53414350010000000000000007000000280000000062060065DC060001000000000000000000010571000000631F6E6F0EDED4010000000000000000020000005000000000000000800100400000000000000000000000000000000033020000000000000100000001000000000000008001000000440200000000000000000000000000577E0000000000000400000000000000 "Z:\Program Files (x86)\Ordi Mots\ordiscrab.exe"=0x53414350010000000000000007000000280000000010D000CE44D00001000000000000000000000A71200000631F6E6F0EDED4010000000000000000020000002800000000000000000000000000000000000000000000000000000051170000000000000100000001000000 "C:\Program Files (x86)\Corsair\K95 Keyboard\mainframe.exe"=0x534143500100000000000000070000002800000000FE1A00145C1B0001000000000000000000020671220000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000AA5E0A00000000003D0000003D000000 "C:\Users\Jean Bouquet\AppData\Local\Clavier+\unins000.exe"=0x5341435001000000000000000700000028000000C94F12000000000003000000000000000000020600010000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000112C0000000000000100000001000000 "C:\Users\Jean Bouquet\AppData\Local\Clavier+\Clavier.exe"=0x534143500100000000000000070000002800000000900200EB2C030001000000000000000000000A73200000631F6E6F0EDED4010000000000000000020000002800000000000000000000000000000000000000000000000000000010000000000000001400000014000000 "C:\Program Files (x86)\DisplayFusion\DisplayFusionCommand.exe"=0x5341435001000000000000000700000028000000A8F36B0042836C0001000000000000000000000A00210000631F6E6F0EDED401000000000000000002000000280000000000000000000000000000000000000000000000000000008AEA0100000000001100000011000000 "C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe"=0x534143500100000000000000070000002800000090B1A0000781A10001000000000000000000000A00210000631F6E6F0EDED4010000000000000000020000002800000000000000000000400000000000000000000000000000000016168903000000002900000029000000 "C:\Program Files (x86)\Drobo\Drobo Dashboard\Drobo Dashboard.exe"=0x534143500100000000000000070000002800000020127E0030A37E0001000000000000000000000A71220000631F6E6F0EDED401000000000000000002000000280000000000000000000000000000000000000000000000000000009C037600000000000B0000000B000000 "C:\Program Files\HP\HP LaserJet M14-M17\Bin\HP LaserJet M14-M17.exe"=0x5341435001000000000000000700000028000000880C79007319790001000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000D3100100000000000300000003000000 "C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE"=0x5341435001000000000000000700000028000000800A14003987140001000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000BB000000000000000100000001000000 "E:\AATELECHARGEMENT\ROBOFORM\RoboForm-v8-Setup.exe"=0x5341435001000000000000000700000028000000C0F362019F12630101000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000004000000000000000000000000000000000C30B0100000000000200000002000000 "E:\AATELECHARGEMENT\SYNCBACK\SyncBack_Setup.exe"=0x5341435001000000000000000700000028000000B021B201CEAFB20101000000000000000000000A00210000631F6E6F0EDED4010000000000000000020000002800000000000000000000000000000000000000000000000000000028712100000000000200000002000000 "C:\Program Files (x86)\2BrightSparks\SyncBackFree\SyncBackFree.exe"=0x5341435001000000000000000700000028000000B04B40041BC2400401000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000FF005207000000002A0000002A000000 "C:\Program Files (x86)\Steam\Steam.exe"=0x5341435001000000000000000700000028000000200B3000368A300001000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000093E6704000000000900000009000000 "I:\TEMP JEUX\Solitaire XP.exe"=0x534143500100000000000000070000002800000000E000006207010001000000000000000000010571200000631F6E6F0EDED4010000000000000000020000002800000000000000000000000000000000000000000000000000000066CB0500000000000200000002000000 "I:\TEMP JEUX\Spider Solitaire XP.exe"=0x5341435001000000000000000700000028000000003A080083F4080001000000000000000000000671200000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000BF7F5301000000001E0000001E000000 "C:\Program Files (x86)\Siber Systems\AI RoboForm\identities.exe"=0x5341435001000000000000000700000028000000286504002282040001000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000E9123C06000000001100000011000000 "C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe"=0x5341435001000000000000000700000028000000283902003FC0020001000000000000000000000A00210000631F6E6F0EDED401000000000000000002000000280000000000000000000000000000000000000000000000000000002F000000000000000300000003000000 "C:\Program Files (x86)\Siber Systems\AI RoboForm\rfwipeout.exe"=0x534143500100000000000000070000002800000028895200C535530001000000000000000000000A00210000631F6E6F0EDED4010000000000000000020000005000000000000000000000000000000000000000000000000000000040680000000000000100000001000000000000000000004000000000000000000000000000000000D5280000000000000100000000000000 "C:\Program Files (x86)\Siber Systems\AI RoboForm\passwordgenerator.exe"=0x5341435001000000000000000700000028000000288301000BB4010001000000000000000000000A00210000631F6E6F0EDED4010000000000000000020000002800000000000000000000000000000000000000000000000000000024D50300000000000200000002000000 "E:\AATELECHARGEMENT\VISIONNEUSE\scoped_dir7444_10514\xnview-standard_2-48_fr_9667.exe"=0x534143500100000000000000070000002800000090F25500FD26560001000000000000000000000A00210000631F6E6F0EDED401000000000000000002000000280000000000000000000000000000000000000000000000000000000ABF0000000000000100000001000000 "C:\Program Files (x86)\XnView\xnview.exe"=0x534143500100000000000000070000002800000048E66100ECE1620001000000000000000000000A71220000631F6E6F0EDED4010000000000000000020000005000000000000000000000000000000000000000000000000000000051447C0000000000110000000D00000000000000000000400000000000000000000000000000000006830B00000000000100000000000000 "E:\AATELECHARGEMENT\AVAST\avast_internet_security_setup_offline.exe"=0x534143500100000000000000070000002800000048EF66150FC5671501000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000004000000000000000000000000000000000E72E0200000000000100000001000000 "C:\Program Files\AVAST Software\Avast\setup\instup.exe"=0x5341435001000000000000000700000028000000B8351E000000000003000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000E7C30100000000000200000002000000 "C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe"=0x534143500100000000000000070000002800000078981B00B69F1B0001000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000E2392D00000000000400000004000000 "SIGN.MEDIA=F34268 Setup.exe"=0x534143500100000000000000070000002800000048690A00552E0B0001000000000000000000010600010000631F6E6F0EDED401000000000000000002000000280000000000000000000040000000000000000000000000000000001D740200000000000100000001000000 "C:\Program Files (x86)\Nuance\Power PDF\RegistryController.exe"=0x534143500100000000000000070000002800000048F30200B7F3020001000000000000000000030671220000631F6E6F0EDED401000000000000000002000000280000000000000000000000000000000000000000000000000000001F000000000000000100000001000000 "C:\Program Files (x86)\Nuance\Power PDF\bin\NuancePDF.exe"=0x534143500100000000000000070000002800000070AD0100B3B7010001000000000000000000030671220000631F6E6F0EDED4010000000000000000020000002800000000000000000000000010000000000000000000000000000012890202000000000300000003000000 "SIGN.MEDIA=586C1 ScanSnap.exe"=0x534143500100000000000000070000002800000008610100F65A020001000000000000000000010671200000631F6E6F0EDED401000000000000000002000000280000000000000080000000000000000000000000000000000000004A41A002000000000100000001000000 "E:\AATELECHARGEMENT\JEUX\domino-3d.exe"=0x5341435001000000000000000700000028000000E0C20D006B5D355E01000000000000000000030600010000631F6E6F0EDED401000000000000000002000000280000000000000000000000000000000000000000000000000000009A730000000000000100000001000000 "C:\Program Files (x86)\Canon\IJ Manual\CANON IX6800 SERIES\uninstall.exe"=0x5341435001000000000000000700000028000000586805001935060003000000000000000000020600210000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000A2F90000000000000100000001000000 "C:\Program Files\CanonBJ\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iX6800_series\DELDRV64.exe"=0x534143500100000000000000070000002800000058160B00E4890B0003000000000000000000030600010000631F6E6F0EDED4010000000000000000020000002800000000000000000000000000000000000000000000000000000067640000000000000100000001000000 "SIGN.MEDIA=3F4774 win\MSETUP4.EXE"=0x534143500100000000000000070000002800000050E80F003D16100001000000000000000000030600010000631F6E6F0EDED40100000000000000000200000028000000000000000000004000020000000000000000000000000000B9C62B00000000000100000001000000 "C:\Users\Jean Bouquet\AppData\Roaming\Spotify\Spotify.exe"=0x5341435001000000000000000700000028000000A07F86018AB2860101000000000000000000000A00210000631F6E6F0EDED4010000000000000000020000002800000000000000000000100000000000000000000000000000000050ABA200000000000100000001000000 "C:\Program Files (x86)\Audacity\audacity.exe"=0x53414350010000000000000007000000280000000090D3000000000001000000000000000000000A71220000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000652B0000000000000100000001000000 "E:\AATELECHARGEMENT\GADWIN\gadwin-printscreen_gadwin_printscreen_4.6_francais_18037.exe"=0x5341435001000000000000000700000028000000B0062C000000000001000000000000000000010571000000631F6E6F0EDED40100000000000000000200000028000000000000000008004000000000000000000000000000000000FAABB001000000000100000001000000 "C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe"=0x534143500100000000000000070000002800000000700700F348080001000000000000000000010671200000631F6E6F0EDED401000000000000000002000000280000000000000000000000000000000000000000000000000000004E000000000000000200000002000000 "C:\Program Files\paint.net\PaintDotNet.exe"=0x5341435001000000000000000700000028000000D86A1C0084601D0001000000000000000000000A00210000631F6E6F0EDED401000000000000000002000000280000000000000000000000000000000000000000000000000000002DAE0100000000000300000003000000 "C:\Users\Jean Bouquet\AppData\Local\Programs\Opera\62.0.3331.43_0\opera.exe"=0x534143500100000000000000070000002800000018D81E00EF1B1F0001000000000000000000000A00210000631F6E6F0EDED4010000000100000000 "C:\Users\Jean Bouquet\AppData\Local\Microsoft\OneDrive\19.103.0527.0003\FileSyncConfig.exe"=0x534143500100000000000000070000002800000078D404009BC1050001000000000000000000000A00210000631F6E6F0EDED4010000000100000000 "C:\Program Files\Google\Google Earth Pro\client\googleearth.exe"=0x5341435001000000000000000700000028000000F0B51B005F241C0001000000000000000000000A73220000631F6E6F0EDED401000000000000000002000000280000000000000000000010000000000000000000000000000000004EB10A00000000000600000006000000 "C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe"=0x53414350010000000000000007000000280000006028AE00FF83AE0001000000000000000000000A00210000631F6E6F0EDED4010000000000000000020000002800000000000000000000000000000000000000000000000000000043EC1400000000000D0000000D000000 "E:\AATELECHARGEMENT\FOTOFILTRE\scoped_dir6984_8889\pfsx-setup-fr-10.14.0 (2).exe"=0x53414350010000000000000007000000280000007ED4A9000000000001000000000000000000000671000000631F6E6F0EDED40100000000000000000200000028000000000000000008004000000000000000000000000000000000882F0400000000000100000001000000 "C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE"=0x5341435001000000000000000700000028000000E0491E0004B91E0001000000000000000000000A00210000631F6E6F0EDED4010000000100000000 "C:\Program Files\Microsoft Office\root\Office16\MSPUB.EXE"=0x534143500100000000000000070000002800000000F2FC00CF29FD0001000000000000000000000A00210000631F6E6F0EDED4010000000100000000 "E:\AATELECHARGEMENT\STUDIO CRAP\scoped_dir6352_10629\setup-studio-scrap-v8.exe"=0x5341435001000000000000000700000028000000B83F08001C4F080001000000000000000000020600010000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000EBAD0F00000000000100000001000000 "C:\Program Files (x86)\PhotoFiltre Studio X\pfstudiox.exe"=0x5341435001000000000000000700000028000000004435000000000001000000000000000000000A61200000631F6E6F0EDED401000000000000000002000000280000000000000000000000000000000000000000000000000000005B820400000000000300000003000000 "E:\AATELECHARGEMENT\fullsync\scoped_dir2008_14165\jre-8u211-windows-x64.exe"=0x53414350010000000000000007000000280000006075C0046207C10401000000000000000000000A73220000631F6E6F0EDED401000000000000000002000000280000000000000000000040000000000000000000000000000000005D7D0000000000000100000001000000 "C:\Corel\Draw70\programs\photopnt.exe"=0x534143500100000000000000070000002800000000C87F000000000001000000000000000000010571200000631F6E6F0EDED40100000000000000000200000028000000000000000000001000000000000000000000000000000000EF210000000000000100000001000000 "C:\Corel\Draw70\programs\scanmgr.exe"=0x5341435001000000000000000700000028000000000432000000000001000000000000000000010571200000631F6E6F0EDED40100000000000000000200000028000000000000000000001000000000000000000000000000000000BD120000000000000400000004000000 "C:\Program Files\Speccy\Speccy.exe"=0x5341435001000000000000000700000028000000A8535100084F520001000000000000000000000A71220000631F6E6F0EDED401000000000000000002000000280000000000000000000000000000000000000000000000000000005F2C0000000000000100000001000000 "C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE"=0x5341435001000000000000000700000028000000E8D97503FDE5750301000000000000000000000A00210000631F6E6F0EDED4010000000100000000 "I:\TEMP JEUX\Freecell XP.exe"=0x534143500100000000000000070000002800000000DA000080D0010001000000000000000000010571200000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000F924FE00000000000100000001000000 "C:\Users\Jean Bouquet\AppData\Local\Programs\Opera\launcher.exe"=0x534143500100000000000000070000002800000018301700CFE3170001000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000F29EA60F000000002001000020010000 "C:\Program Files (x86)\Mozilla Thunderbird\uninstall\helper.exe"=0x534143500100000000000000070000002800000048890C009E780D0003000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000166F0000000000000100000001000000 "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"=0x5341435001000000000000000700000028000000F0BD1700C839180001000000000000000000000A00210000631F6E6F0EDED401000000000000000002000000280000000000000000000000000000000000000000000000000000004452A302000000000600000006000000 "I:\TEMP FRST\FRST64.exe"=0x534143500100000000000000070000002800000000F81F00AE62200001000000000000000000000A00210000631F6E6F0EDED401000000000000000002000000280000000000000000000040000000000000000000000000000000008A7D0700000000000400000004000000 "C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.142\Installer\setup.exe"=0x5341435001000000000000000700000028000000F01F2200A3B1220003000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000DEF7B902000000000100000001000000 "E:\AATELECHARGEMENT\CHROME\scoped_dir4000_13308\ChromeSetup (1).exe"=0x534143500100000000000000070000002800000038921100D8CF110001000000000000000000000A00210000631F6E6F0EDED4010000000000000000020000002800000000000000000000000000000000000000000000000000000073550000000000000100000001000000 "I:\TEMP QUICKDIAG\QuickDiag.exe"=0x534143500100000000000000070000002800000098F74E00B9194F0001000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000004000000000000000000000000000000000C4C30500000000000100000001000000 "C:\Program Files\AVAST Software\Avast\AvastUI.exe"=0x53414350010000000000000007000000280000008815B800FE1CB80001000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000BB000000000000000100000001000000 "I:\TEMP ADSFIX\adsfix_V6_19.07.19.1.exe"=0x534143500100000000000000070000002800000098EF5D00F23D5E0001000000000000000000000A00210000631F6E6F0EDED401000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000005B100000000000000100000001000000 "C:\Users\Jean Bouquet\Desktop\adsfix_V6_19.07.19.1.exe"=0x534143500100000000000000070000002800000098EF5D00F23D5E0001000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000004000000000000000000000000000000000AF6E7500000000000200000002000000 "C:\Program Files (x86)\DisplayFusion\unins000.exe"=0x5341435001000000000000000700000028000000A0BF2600DE29270003000000000000000000000A00210000631F6E6F0EDED4010000000000000000020000002800000000000000000000000000000000000000000000000000000027930A00000000000100000001000000 "C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe"=0x5341435001000000000000000700000028000000D04086000918870001000000000000000000000A71220000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000FF730F00000000000500000005000000 ---------- | IFEO ---------- | Mountpoints2 ---------- | Windows [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] ""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "Beep"=#USR:Control Panel\Sound "CoolSwitch"=USR:Control Panel\Desktop "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickSpeed"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse "Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SwapMouseButtons"=#USR:Control Panel\Mouse "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "Beep"=#USR:Control Panel\Sound "CoolSwitch"=USR:Control Panel\Desktop "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickSpeed"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SwapMouseButtons"=#USR:Control Panel\Mouse "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems] "windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ---------- | Security center [HKLM\SOFTWARE\Microsoft\Security Center] "cval"=1 [HKLM\SOFTWARE\Microsoft\Security Center\svc] "VistaSp1"=132064464500809460 [HKLM\SOFTWARE\Microsoft\Windows Defender] "ProductAppDataPath"=C:\ProgramData\Microsoft\Windows Defender "ProductIcon"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-100 "ProductLocalizedName"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-1000 "RemediationExe"=windowsdefender:// "ProductType"=2 "InstallTime"=0x7B3A8ABF1F30D501 "InstallLocation"=C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\ "ManagedDefenderProductType"=0 "OOBEInstallTime"=0x36EF3FC6EF2FD501 "ProductStatus"=0 "DisableAntiSpyware"=1 "DisableAntiVirus"=1 "LastEnabledTime"=0x330B9BCF9032D501 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall"=1 ---------- | Safeboot [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioSrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicDisplay.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicRender.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BrokerInfrastructure] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CBDHSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DeviceInstall] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dxgkrnl.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FsDepends.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudBus.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LSM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SerCx2.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SystemEventsBroker] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\usbaudio.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AudioEndpointBuilder] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AudioSrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicDisplay.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicRender.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BrokerInfrastructure] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CBDHSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DeviceInstall] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dxgkrnl.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\FsDepends.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HdAudAddService.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HdAudBus.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LSM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetSetupSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SerCx2.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmartcardSimulator] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SpbCx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SystemEventsBroker] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\uefi.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\usbaudio.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VirtualSmartcardReader] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wcmsvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinQuic] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96C-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}] ---------- | Winsock (Whitelist) ---------- | Hosts ---------- | Ping Envoi d'une requ?te 'ping' sur google.com [2a00:1450:4007:817::200e] avec 32 octets de donn?es?: R?ponse de 2a00:1450:4007:817::200e?: temps=5 ms R?ponse de 2a00:1450:4007:817::200e?: temps=4 ms R?ponse de 2a00:1450:4007:817::200e?: temps=5 ms R?ponse de 2a00:1450:4007:817::200e?: temps=5 ms Statistiques Ping pour 2a00:1450:4007:817::200e: Paquets?: envoy?s = 4, re?us = 4, perdus = 0 (perte 0%), Dur?e approximative des boucles en millisecondes : Minimum = 4ms, Maximum = 5ms, Moyenne = 4ms ---------- | @ [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\Software\Microsoft\Internet Explorer\Main] "Anchor Underline"=yes "Cache_Update_Frequency"=yes "Disable Script Debugger"=yes "DisableScriptDebuggerIE"=yes "Display Inline Images"=yes "Do404Search"=0x01000000 "Local Page"=C:\Windows\System32\blank.htm "Save_Session_History_On_Exit"=no "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Show_FullURL"=no "Show_StatusBar"=yes "Show_ToolBar"=yes "Show_URLinStatusBar"=yes "Show_URLToolBar"=yes "Use_DlgBox_Colors"=yes "UseClearType"=no "XMLHTTP"=1 "Enable Browser Extensions"=yes "Play_Background_Sounds"=yes "Play_Animations"=yes "Start Page"=http://www.google.fr/ "Use FormSuggest"=no "ImageStoreRandomFolder"=co3gtno "FormSuggest Passwords"=no "OperationalData"=13 "CompatibilityFlags"=0 "SearchBandMigrationVersion"=1 "FullScreen"=no "Window_Placement"=0x2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF2F8FFFFE8000000A2FDFFFF88030000 "IE10RunOnceLastShown"=1 "IE10RunOnceLastShown_TIMESTAMP"=0x7BE8917C2233D501 "IE10TourShown"=1 "IE10TourShownTime"=0x19E49BD71F30D501 "IE11EdgeNotifyTime"=0x9E093F5E6030D501 "EdgeReminderRemainingCount"=5 "Start Page_TIMESTAMP"=0x0FD34C5E6030D501 "SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy"=0x01000000190000006CA0327217191B8D7C3D449E8688BF8C9FCD5869965B19B2C5020000000E0000004656657072557A4D657941253364 "IE10RunOncePerInstallCompleted"=1 "IE10RunOnceCompletionTime"=0x19E49BD71F30D501 "IE10TourNoShow"=1 "News Feed First Run Experience"=0 [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\Software\Microsoft\Windows\CurrentVersion\Internet settings] "DisableCachingOfSSLPages"=0 "IE5_UA_Backup_Flag"=5.0 "PrivacyAdvanced"=1 "SecureProtocols"=2688 "User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32) "CertificateRevocation"=1 "ZonesSecurityUpgrade"=0xC17B5EA56CCED201 "WarnonZoneCrossing"=0 "EnableNegotiate"=1 "MigrateProxy"=1 "LockDatabase"=132064470949572884 "EmailName"=IEUser@ "PrivDiscUiShown"=1 "EnableHttp1_1"=1 "WarnOnIntranet"=1 "MimeExclusionListForCache"=multipart/mixed multipart/x-mixed-replace multipart/x-byteranges "AutoConfigProxy"=wininet.dll "UseSchannelDirectly"=0x01000000 "WarnOnPost"=0x01000000 "UrlEncoding"=0 "EnableAutodial"=0 "NoNetAutodial"=0 "ProxyHttp1.1"=1 "EnableSPDY3_0"=0 "BackgroundConnections"=1 "EnableSSL3Fallback"=1 "EnablePunycode"=1 "ShowPunycode"=0 "CreateUriCacheSize"=80 "CoInternetCombineIUriCacheSize"=80 "SecurityIdIUriCacheSize"=30 "SpecialFoldersCacheSize"=8 "SyncMode5"=4 "ProxyOverride"=*.local "GlobalUserOffline"=0 "ProxyOverride.Bonjour"= "ProxyEnable"=0 "WarNonBadCertReceving"=1 "WarNonHTTPSToHTTPRedirect"=1 [HKLM\Software\Microsoft\Internet Explorer\Main] "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "AutoHide"=yes "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Anchor_Visitation_Horizon"=0x01000000 "Cache_Percent_of_Disk"=0x0A000000 "Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Secondary_Page_URL"= "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "Extensions Off Page"=about:NoAdd-ons "Local Page"=C:\Windows\System32\blank.htm "Placeholder_Height"=0x1A000000 "Placeholder_Width"=0x1A000000 "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Security Risk Page"=about:SecurityRisk "Use_Async_DNS"=yes "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [HKLM\Software\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "Home"=270 "InPrivate"=res://ieframe.dll/inprivate.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "PostNotCached"=res://ieframe.dll/repost.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes] "ftp"=ftp:// "home"=http:// "mosaic"=http:// "www"=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings] "ActiveXCache"=C:\Windows\Downloaded Program Files "CodeBaseSearchPath"=CODEBASE "EnablePunycode"=1 "MinorVersion"=0 "WarnOnIntranet"=1 "MigrateProxy"=1 "ProxyEnable"=1 "ProxyServer"=http=127.0.0.1:48080;https=127.0.0.1:48080 "ProxyOverride"=*.local;127.0.0.1; [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Main] "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "AutoHide"=yes "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Anchor_Visitation_Horizon"=0x01000000 "Cache_Percent_of_Disk"=0x0A000000 "Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Secondary_Page_URL"= "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "Extensions Off Page"=about:NoAdd-ons "Local Page"=C:\Windows\System32\blank.htm "Placeholder_Height"=0x1A000000 "Placeholder_Width"=0x1A000000 "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Security Risk Page"=about:SecurityRisk "Use_Async_DNS"=yes "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "Home"=270 "InPrivate"=res://ieframe.dll/inprivate.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "PostNotCached"=res://ieframe.dll/repost.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes] "ftp"=ftp:// "home"=http:// "mosaic"=http:// "www"=http:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet settings] "ActiveXCache"=C:\Windows\Downloaded Program Files "CodeBaseSearchPath"=CODEBASE "EnablePunycode"=1 "MinorVersion"=0 "WarnOnIntranet"=1 "ProxyEnable"=1 "MigrateProxy"=1 "ProxyServer"=http=127.0.0.1:48080;https=127.0.0.1:48080 "ProxyOverride"=*.local;127.0.0.1; ---------- | Proxy [HKLM\System\CurrentControlSet\Services\Iphlpsvc\Parameters\ProxyMgr\{2864AF74-0177-4595-A10A-7812DC610557}] "StaticProxy"=http=127.0.0.1:48080;https=127.0.0.1:48080 "LastUseTime"=132081293481886862 [HKLM\System\CurrentControlSet\Services\Iphlpsvc\Parameters\ProxyMgr\{4929C787-D907-47B6-97A8-F0000ADAB480}] "StaticProxy"=http=127.0.0.1:48080;https=127.0.0.1:48080 "LastUseTime"=132080847671216593 [HKLM\System\CurrentControlSet\Services\Iphlpsvc\Parameters\ProxyMgr\{89F2B6A1-EB33-4FB5-BD2F-216360DEC067}] "StaticProxy"=http=127.0.0.1:48080;https=127.0.0.1:48080 "LastUseTime"=132076519090159624 [HKLM\System\CurrentControlSet\Services\Iphlpsvc\Parameters\ProxyMgr\{9EB40A2D-90A6-41CA-BF25-270B6C0736EB}] "StaticProxy"=http=127.0.0.1:48080;https=127.0.0.1:48080 "LastUseTime"=132072150783263588 [HKLM\System\CurrentControlSet\Services\Iphlpsvc\Parameters\ProxyMgr\{A557ADD7-5B57-4277-BEE0-ED2086CE1954}] "StaticProxy"=http=127.0.0.1:48080;https=127.0.0.1:48080 "LastUseTime"=132072247389206338 [HKLM\System\CurrentControlSet\Services\Iphlpsvc\Parameters\ProxyMgr\{C27F87BD-C524-4588-BF0E-79445C828261}] "StaticProxy"=http=127.0.0.1:48080;https=127.0.0.1:48080 "LastUseTime"=132077050951093829 [HKLM\System\CurrentControlSet\Services\Iphlpsvc\Parameters\ProxyMgr\{DF63A753-B89F-4A9B-BF8E-CB0447C33C74}] "StaticProxy"=http=127.0.0.1:48080;https=127.0.0.1:48080 "LastUseTime"=132073236292324300 [HKLM\System\CurrentControlSet\Services\Iphlpsvc\Parameters\ProxyMgr\{FF07E014-73E1-4A22-A924-24668BCCB259}] "StaticProxy"=http=127.0.0.1:48080;https=127.0.0.1:48080 "LastUseTime"=132072152583387668 [HKLM\System\CurrentControlSet\Services\NLASVC\Parameters\Internet\Manualproxies]~[] : 1http=127.0.0.1:48080;https=127.0.0.1:48080 ---------- | reparsepoint ---------- | Detection of offsets ---------- | Notify ---------- | Execution FileExts ---------- | SIOI | SEH | URLSH [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6] - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7] - {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw] - {472083B0-C522-11CF-8763-00608CC02F24} -- C:\Program Files\AVAST Software\Avast\ashShell.dll [04/07/2019 20:58:14] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} -- C:\Windows\System32\EhStorShell.dll [19/03/2019 06:44:47] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Offline Files] - {4E77131D-3629-431c-9818-C5679DC83E81} -- %SystemRoot%\System32\cscui.dll [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6] - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7] - {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} -- [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks] "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"= ---------- | Toolbar [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "Locked"=0 "ShowDiscussionButton"=Yes [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser] "ITBar7Height"=0 [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "KnownProvidersUpgradeTime"=0x19E49BD71F30D501 "Version"=5 "UpgradeTime"=0x19E49BD71F30D501 "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} [HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}"=Canon Easy-WebPrint EX "{724d43a0-0d85-11d4-9908-00400523e39a}"=0x00 [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Toolbar] "{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}"=Canon Easy-WebPrint EX "{724d43a0-0d85-11d4-9908-00400523e39a}"=0x00 "{BED78D9C-A025-4FE9-B3BA-27E6D376A3D5}"= ---------- | Extensions [HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{320AF880-6646-11D3-ABEE-C5DBF3571F46}] : (Remplir les formulaires) - [] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{320AF880-6646-11D3-ABEE-C5DBF3571F49}] : (Enregistrer les formulaires) - [] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{724d43aa-0d85-11d4-9908-00400523e39a}] : (Barre RoboForm) - [] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}] : (Se&nd to OneNote) - [] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] : (Lync Click to Call) - [] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{320AF880-6646-11D3-ABEE-C5DBF3571F46}] : (Remplir les formulaires) - [] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{320AF880-6646-11D3-ABEE-C5DBF3571F49}] : (Enregistrer les formulaires) - [] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{724d43aa-0d85-11d4-9908-00400523e39a}] : (Barre RoboForm) - [] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}] : (OneNote Lin&ked Notes) - [] ---------- | SearchScopes [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (Bing) - https://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04 : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : ---------- | Browser Helper Objects [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}] -> (Canon Easy-WebPrint EX BHO) : C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [01/07/2019 23:28:06] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}] -> (RoboForm Toolbar Helper) : C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [04/07/2019 14:39:04] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] -> () : [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] -> () : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] -> (Skype for Business Browser Helper) : C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [01/07/2019 13:13:52] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}] -> (Canon Easy-WebPrint EX BHO) : C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [01/07/2019 23:28:06] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}] -> (RoboForm Toolbar Helper) : C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [04/07/2019 14:39:04] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{940361F8-7F16-4498-AB43-2EFFE0235AFA}] -> (Nuance PDF Toolbar Helper) : C:\Program Files (x86)\Nuance\Power PDF\Bin\SZeonIEFavClient.dll [27/02/2014 07:59:44] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D137966-2E29-45C5-9B12-29D5427F8F66}] -> (PlusIEEventHelper Class) : C:\Program Files (x86)\Nuance\Power PDF\Bin\PlusIEContextMenu.dll [27/02/2014 07:59:36] ---------- | Chrome C:\Users\Jean Bouquet\AppData\Local\Google\Chrome\User Data\Default\extensions\bnfdmghkeppfadphbnkjcicejfepnbfe = : Never forget a password again. Sticky Password manager saves them securely and types them for you as you browse. Automatically! - Sticky Password extension - https://clients2.google.com/service/update2/crx C:\Users\Jean Bouquet\AppData\Local\Google\Chrome\User Data\Default\extensions\eofcbnmajmjmplflapaojjnihcjkigck = : __MSG_avastAppDesc__ - __MSG_avastAppShortName__ - https://clients2.google.com/service/update2/crx C:\Users\Jean Bouquet\AppData\Local\Google\Chrome\User Data\Default\extensions\gomekmidlodglbbmalcneegieacbdmki = : Avast Browser Security and Web Reputation Plugin. - Avast Online Security - matches:[\u003Call_urls>] - https://clients2.google.com/service/update2/crx C:\Users\Jean Bouquet\AppData\Local\Google\Chrome\User Data\Default\extensions\nmmhkkegccagdldgiimedpiccmgmieda = : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx C:\Users\Jean Bouquet\AppData\Local\Google\Chrome\User Data\Default\extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm = : Provider for discovery and services for mirroring of Chrome Media Router - Chrome Media Router - 919648714761-55j965o0km033psv3i9qls5mo3qtdrb0.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx C:\Users\Jean Bouquet\AppData\Local\Google\Chrome\User Data\Default\extensions\pnlccmojcmeohlpggmfnbbiapkmbliob = : RoboForm the #1 ranked Password Manager makes your life easier by remembering passwords and logging you into websites automatically - short_name: RoboForm - https://clients2.google.com/service/update2/crx [HKLM\Software\WOW6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck] [HKLM\Software\WOW6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki] [HKLM\Software\WOW6432Node\Google\Chrome\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob] ---------- | Opera C:\Users\Jean Bouquet\AppData\Roaming\Opera Software\Opera Stable\extensions\hiegahbgoabbpoieploedhfnobmpgbeg = : Google & co - Google & co - https://extension-updates.opera.com/api/omaha/update/ C:\Users\Jean Bouquet\AppData\Roaming\Opera Software\Opera Stable\extensions\jhicomgjechdjmijiabdcfnddhdbcdnn = : RoboForm Lite Password Manager. Saves fills in login info for web sites. Logins are stored on RoboForm Everywhere server encrypted - RoboForm Lite Password Manager - https://extension-updates.opera.com/api/omaha/update/ C:\Users\Jean Bouquet\AppData\Roaming\Opera Software\Opera Stable\extensions\kipjbhgniklcnglfaldilecjomjaddfi = : __MSG_description__ - __MSG_name__ - https://extension-updates.opera.com/api/omaha/update/ C:\Users\Jean Bouquet\AppData\Roaming\Opera Software\Opera Stable\extensions\ollghamalkmmhboihmhoaaobmamehjgn = : __MSG_Kernel_AppDescription__ - __MSG_Kernel_AppName__ - https://extension-updates.opera.com/api/omaha/update/ C:\Users\Jean Bouquet\AppData\Roaming\Opera Software\Opera Stable\extensions\pcdbekffgfnmjeacgnmdbekgjffgfckb = : __MSG_description__ - __MSG_name__ - https://extension-updates.opera.com/api/omaha/update/ ---------- | Firefox [HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.211.2] - (Java™ Deployment Toolkit) : C:\Program Files\Java\jre1.8.0_211\bin\dtplugin\npDeployJava1.dll [HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.211.2] - (Oracle® Next Generation Java™ Plug-In) : C:\Program Files\Java\jre1.8.0_211\bin\plugin2\npjp2.dll [HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0] - (Microsoft SharePoint Plug-in for Firefox) : C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=3.0.7.1] - (VLC Multimedia Plugin) : C:\Program Files\VideoLAN\VLC\npvlc.dll [HKLM\Software\MozillaPlugins\nuance.com/DgnRia2_x86_64] - () : C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\npDgnRia2_x64.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@canon.com/EPPEX] - (Canon My Image Garden) : C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0] - (Microsoft SharePoint Plug-in for Firefox) : C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [HKLM\Software\WOW6432Node\MozillaPlugins\@nvidia.com/3DVision] - (NVIDIA stereo images plugin for Mozilla browsers) : C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming] - (NVIDIA 3D Vision Streaming plugin for Mozilla browsers) : C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [HKLM\Software\WOW6432Node\MozillaPlugins\Adobe Reader] - (Handles PDFs in-place in Firefox) : C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [HKLM\Software\WOW6432Node\MozillaPlugins\nuance.com/DgnRia2] - () : C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\npDgnRia2.dll [HKLM\Software\WOW6432Node\MozillaPlugins\ZEON/PDF,version=2.0] - () : C:\Program Files (x86)\Nuance\Power PDF\bin\nppdf.dll C:\Users\Jean Bouquet\AppData\Roaming\Mozilla\Firefox\Profiles\jcclkn0z.default\Prefs.js user_pref("browser.search.defaultenginename", "Bing Search Engine"); user_pref("browser.search.selectedEngine", "Bing Search Engine"); user_pref("browser.startup.homepage", "https://www.malwarebytes.org/restorebrowser/"); user_pref("browser.startup.homepage_override.buildID", "20190225143501"); user_pref("browser.startup.homepage_override.mstone", "65.0.2"); user_pref("browser.uiCustomization.state", "{\"placements\":{\"widget-overflow-fixed-list\":[],\"nav-bar\":[\"back-button\",\"forward-button\",\"stop-reload-button\",\"home-button\",\"customizableui-special-spring1\",\"urlbar-container\",\"search-container\",\"customizableui-special-spring2\",\"downloads-button\",\"library-button\",\"loop-button\",\"action-button--wrcavastcom-wrc-toolbar-button\",\"flashgot-media-tbb\",\"screenshots_mozilla_org-browser-action\",\"sidebar-button\",\"jetpack-extension_dashlane_com-browser-action\",\"rf-firefox_siber_com-browser-action\"],\"toolbar-menubar\":[\"menubar-items\"],\"TabsToolbar\":[\"tabbrowser-tabs\",\"new-tab-button\",\"alltabs-button\"],\"PersonalToolbar\":[\"personal-bookmarks\"]},\"seen\":[\"loop-button\",\"pocket-button\",\"action-button--wrcavastcom-wrc-toolbar-button\",\"developer-button\",\"webide-button\",\"screenshots_mozilla_org-browser-action\",\"jetpack-extension_dashlane_com-browser-action\",\"rf-firefox_siber_com-browser-action\",\"feed-button\"],\"dirtyAreaCache\":[\"PersonalToolbar\",\"nav-bar\",\"PanelUI-contents\",\"addon-bar\",\"TabsToolbar\",\"toolbar-menubar\"],\"currentVersion\":15,\"newElementCount\":2}"); user_pref("e10s.rollout.cohort", "webextensions-multiBucket4"); user_pref("extensions.avastsp.settings", "{\"current\":{\"callerId\":8018,\"userId\":\"9bcf6955fc407e445b7fd6d7326738da\",\"edition\":0,\"lastApplicationEventSent\":1471264002707},\"features\":{\"phishing\":true,\"dnt\":true,\"dntSocial\":false,\"dntAdTracking\":false,\"dntWebAnalytics\":false,\"dntOthers\":false,\"siteCorrect\":true,\"siteCorrectAuto\":false,\"safeZone\":true,\"communityIQ\":true,\"serp\":true,\"serpPopup\":true,\"safeShop\":-1},\"siteCorrect\":{\"declined\":{}},\"safeZone\":{\"declined\":{}},\"phishing\":{\"trusted\":{}},\"safeShop\":{\"noCouponDomains\":{},\"hideDomains\":{},\"hideAll\":0}}"); user_pref("extensions.avastwrc.settings", "{\"current\":{\"callerId\":2020,\"userId\":\"9bcf6955fc407e445b7fd6d7326738da\",\"edition\":0,\"lastApplicationEventSent\":1471264002707},\"features\":{\"phishing\":true,\"dnt\":true,\"dntSocial\":false,\"dntAdTracking\":false,\"dntWebAnalytics\":false,\"dntOthers\":false,\"siteCorrect\":true,\"siteCorrectAuto\":false,\"safeZone\":true,\"communityIQ\":true,\"serp\":true,\"serpPopup\":true,\"safeShop\":-1},\"siteCorrect\":{\"declined\":{}},\"safeZone\":{\"declined\":{}},\"phishing\":{\"trusted\":{}},\"safeShop\":{\"noCouponDomains\":{},\"hideDomains\":{},\"hideAll\":0}}"); user_pref("extensions.avastwrc.whiteList", "{\"trk\":{\"apps.facebook.com\":{\"703\":false},\"avast.com\":{\"779\":false}}}"); user_pref("extensions.blocklist.lastModified", "Mon, 12 Nov 2018 12:26:28 GMT"); user_pref("extensions.blocklist.pingCountTotal", 28); user_pref("extensions.blocklist.pingCountVersion", -1); user_pref("extensions.databaseSchema", 28); user_pref("extensions.e10s.rollout.blocklist", ""); user_pref("extensions.e10s.rollout.hasAddon", true); user_pref("extensions.e10s.rollout.policy", "50allmpc"); user_pref("extensions.e10sBlockedByAddons", false); user_pref("extensions.e10sMultiBlockedByAddons", false); user_pref("extensions.followonsearch.cohortSample", "0.460982"); user_pref("extensions.getAddons.cache.lastUpdate", 1552239791); user_pref("extensions.getAddons.databaseSchema", 5); user_pref("extensions.hotfix.lastVersion", "20170302.01"); user_pref("extensions.lastAppBuildId", "20190225143501"); user_pref("extensions.lastAppVersion", "65.0.2"); user_pref("extensions.lastPlatformVersion", "65.0.2"); user_pref("extensions.pendingOperations", false); user_pref("extensions.sp@avast.com.sdk.baseURI", "resource://sp-at-avast-dot-com/"); user_pref("extensions.sp@avast.com.sdk.domain", "sp-at-avast-dot-com"); user_pref("extensions.sp@avast.com.sdk.load.reason", "startup"); user_pref("extensions.sp@avast.com.sdk.rootURI", "file:///C:/Program%20Files/AVAST%20Software/Avast/SafePrice/FF/"); user_pref("extensions.sp@avast.com.sdk.version", "10.3.5.39"); user_pref("extensions.systemAddonSet", "{\"schema\":1,\"directory\":\"{ac238cdd-df1c-451c-bd8b-051e71ea03e3}\",\"addons\":{\"fxmonitor@mozilla.org\":{\"version\":\"2.8\"},\"webcompat@mozilla.org\":{\"version\":\"3.0.1\"}}}"); user_pref("extensions.ui.dictionary.hidden", true); user_pref("extensions.ui.experiment.hidden", true); user_pref("extensions.ui.lastCategory", "addons://discover/"); user_pref("extensions.ui.locale.hidden", true); user_pref("extensions.webcompat.perform_injections", true); user_pref("extensions.webcompat.perform_ua_overrides", true); user_pref("extensions.webextensions.uuids", "{\"sp@avast.com\":\"470a4fea-dce2-4b80-839b-83c15f4567ad\",\"wrc@avast.com\":\"154d6304-5da2-4b65-b7aa-1f96c5b97ef5\",\"screenshots@mozilla.org\":\"4d28bd99-6b85-4680-93cb-7eddda8d9b06\",\"support@lastpass.com\":\"5eea505e-ee19-4911-81e2-a443a67114c7\",\"jetpack-extension@dashlane.com\":\"7c059350-4a93-48ef-b707-f28df3e7790a\",\"rf-firefox@siber.com\":\"0dfb8760-a9b1-4ab6-9440-e58a4c940727\",\"webcompat@mozilla.org\":\"2e18ac72-dbde-406c-90c7-5ed11e9aa86f\",\"formautofill@mozilla.org\":\"baf748f7-6c3a-44e8-b521-a092e35b2509\",\"webcompat-reporter@mozilla.org\":\"da4f10d3-a828-42ae-9c30-5b5b47c9667e\",\"fxmonitor@mozilla.org\":\"f15caf21-c2ad-44b3-a60b-202560f3ee81\"}"); user_pref("extensions.wrc@avast.com.sdk.baseURI", "resource://wrc-at-avast-dot-com/"); user_pref("extensions.wrc@avast.com.sdk.domain", "wrc-at-avast-dot-com"); user_pref("extensions.wrc@avast.com.sdk.load.reason", "startup"); user_pref("extensions.wrc@avast.com.sdk.rootURI", "file:///C:/Program%20Files/AVAST%20Software/Avast/WebRep/FF/"); user_pref("extensions.wrc@avast.com.sdk.version", "12.0.88"); C:\Users\Jean Bouquet\AppData\Roaming\Mozilla\Firefox\Profiles\wqjum3p4.default-release-1563556468601\Prefs.js user_pref("browser.startup.homepage_override.buildID", "20190705220548"); user_pref("browser.startup.homepage_override.mstone", "68.0"); user_pref("extensions.activeThemeID", "default-theme@mozilla.org"); user_pref("extensions.blocklist.pingCountVersion", 0); user_pref("extensions.databaseSchema", 31); user_pref("extensions.getAddons.databaseSchema", 5); user_pref("extensions.incognito.migrated", true); user_pref("extensions.lastAppBuildId", "20190705220548"); user_pref("extensions.lastAppVersion", "68.0"); user_pref("extensions.lastPlatformVersion", "68.0"); user_pref("extensions.pendingOperations", false); user_pref("extensions.systemAddonSet", "{\"schema\":1,\"addons\":{}}"); user_pref("extensions.webcompat.perform_injections", true); user_pref("extensions.webcompat.perform_ua_overrides", true); user_pref("extensions.webextensions.uuids", "{\"formautofill@mozilla.org\":\"b284805e-f226-4d3b-96af-01a0474c7d2a\",\"fxmonitor@mozilla.org\":\"fa5a7994-9e5e-4498-829b-c4be70468ec0\",\"screenshots@mozilla.org\":\"9f2aec2a-78c2-4bf2-882d-ccaf9cb4acb4\",\"webcompat-reporter@mozilla.org\":\"193f6447-92ed-4fe2-8225-ca30e4477fa0\",\"webcompat@mozilla.org\":\"8b4264b8-09ae-4675-8296-49b2ab8eb543\",\"default-theme@mozilla.org\":\"7c87db6a-4fbf-4d4f-8890-c1a1531053d6\",\"google@search.mozilla.org\":\"0b8512b9-9b5e-4f69-b7cc-dfbf64f3d98e\",\"bing@search.mozilla.org\":\"2042a4a9-1a55-431c-959f-c096f6b97b53\",\"amazon@search.mozilla.org\":\"29eddf97-df9b-4ad1-a591-5073ad6e6164\",\"ddg@search.mozilla.org\":\"dff3768a-4f87-42f5-b45c-9f930183c5eb\",\"ebay@search.mozilla.org\":\"66a02d1a-7519-4b18-b91e-38e72edb8ef2\",\"qwant@search.mozilla.org\":\"2feb99b4-ced3-4c09-821e-07d3b6112303\",\"wikipedia@search.mozilla.org\":\"f8967a21-4be0-4406-adb4-47145eb130d5\"}"); [Profile0] - Name=default-release -> Profiles/wqjum3p4.default-release-1563556468601 ---------- | DNS [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters] "DhcpNameServer"=192.168.1.1 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{102d6879-155f-4549-b2a2-d1eb126be7e9}] "DhcpNameServer"=192.168.1.1 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{2c0f2b6c-96f4-4cd9-a25e-13f9b89d16c3}] "DhcpNameServer"=192.168.1.1 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{102d6879-155f-4549-b2a2-d1eb126be7e9}] "DhcpNameServer"=192.168.1.1 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{2c0f2b6c-96f4-4cd9-a25e-13f9b89d16c3}] "DhcpNameServer"=192.168.1.1 ---------- | Applications [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\SOFTWARE\Classes\Applications\opera.exe] : "C:\Users\Jean Bouquet\AppData\Local\Programs\Opera\Launcher.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\iexplore.exe" %1 [HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\Classes\Applications\NuancePDF.exe] : "C:\Program Files (x86)\Nuance\Power PDF\bin\NuancePDF.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\provtool.exe] : "%SystemRoot%\System32\provtool.exe" "%1" /source ShellOpen [HKLM\SOFTWARE\Classes\Applications\vlc.exe] : "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "%1" [HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" [HKLM\SOFTWARE\Classes\Applications\xnview.exe] : "C:\Program Files (x86)\XnView\xnview.exe" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\iexplore.exe" %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\NuancePDF.exe] : "C:\Program Files (x86)\Nuance\Power PDF\bin\NuancePDF.exe" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\provtool.exe] : "%SystemRoot%\System32\provtool.exe" "%1" /source ShellOpen [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\vlc.exe] : "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\xnview.exe] : "C:\Program Files (x86)\XnView\xnview.exe" ---------- | SvcHost (Whitelist) [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost] "DcomLaunch"=Power LSM BrokerInfrastructure PlugPlay DcomLaunch SystemEventsBroker DeviceInstall "rdxgroup"=RetailDemo "Camera"=FrameS "LocalServiceNoNetworkFirewall"=BFE mpssvc "diagnostics"=DiagSvc "AarSvcGroup"=AarSvc "PrintWorkflow"=PrintWorkflowUserSvc "wusvcs"=WaaSMedicSvc "BcastDVRUserService"=BcastDVRUserService "GraphicsPerfSvcGroup"=GraphicsPerfSvc "autoTimeSvc"=autoTimeSvc "ClipboardSvcGroup"=cbdhsvc "BthAppGroup"=BluetoothUserService "smbsvcs"=lanmanserver "DevicesFlow"=DeviceAssociationBrokerSvc DevicesFlowUserSvc DevicePickerUserSvc ConsentUxUserSvc "PeerDist"=PeerDistSvc "AssignedAccessManagerSvc"=AssignedAccessManagerSvc [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost] "DcomLaunch"=DcomLaunch DeviceInstall "PrintWorkflow"=PrintWorkflowUserSvc "DevicesFlow"=DeviceAssociationBrokerSvc "smbsvcs"=lanmanserver ---------- | SvcHost - Netsvcs (Whitelist) ---------- | Software [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\Software\2BrightSparks] [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\Software\7-Zip] [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\Software\ACD Systems] [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\Software\Adobe] [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\Software\AppDataLow] [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\Software\Avast Software] [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\Software\Binary Fortress Software] [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\Software\Browser Cleanup] [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\Software\Canon] [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\Software\CanonBJ] [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\Software\Chromium] [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\Software\Clients] [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\Software\Common] [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\Software\Corel] [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\Software\Corsair] [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\Software\Disc Soft] [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\Software\Drobo] [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\Software\DYMO] [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\Software\EPSON] [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\Software\FLEXnet] [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\Software\g3n-h@ckm@n] [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\Software\Gadwin Systems] [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\Software\Google] [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\Software\Hewlett-Packard] [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\Software\HP] [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\Software\InfraRecorder] [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\Software\JavaSoft] [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\Software\kde.org] [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\Software\Lamantine] [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\Software\LogiShrd] [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\Software\Logitech] [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\Software\Macromedia] [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\Software\Malwarebytes] [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\Software\Microsoft] [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\Software\Mozilla] [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\Software\Netscape] [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\Software\Nuance] [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\Software\NVIDIA Corporation] [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\Software\ODBC] [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\Software\Opera Software] [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\Software\paint.net] [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\Software\PFU] [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\Software\PhotoFiltre Studio X] [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\Software\Piriform] [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\Software\Policies] [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\Software\QtProject] [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\Software\Realtek] [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\Software\RegisteredApplications] [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\Software\ScanSoft] [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\Software\Siber Systems] [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\Software\Sony Corporation] [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\Software\Spotify] [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\Software\SyncEngines] [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\Software\Sysinternals] [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\Software\Thunderbird] [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\Software\Trolltech] [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\Software\Valve] [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\Software\Wow6432Node] [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\SOFTWARE\AppDataLow\Software\Canon] [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\SOFTWARE\AppDataLow\Software\Microsoft] [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\Software\Microsoft\Windows\AssignedAccessConfiguration] [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\Software\Microsoft\Windows\CurrentVersion] [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\Software\Microsoft\Windows\DWM] [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\Software\Microsoft\Windows\Shell] [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\Software\Microsoft\Windows\TabletPC] [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\Software\Microsoft\Windows\Windows Error Reporting] [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\Software\Microsoft\Windows\Winlogon] [HKU\S-1-5-21-84932897-3685993778-4120941894-1001\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\7-Zip] [HKLM\Software\AdsFix] [HKLM\Software\AGEIA Technologies] [HKLM\Software\Apple Inc.] [HKLM\Software\ASIO] [HKLM\Software\AVAST Software] [HKLM\Software\Canon] [HKLM\Software\Clients] [HKLM\Software\CVSM] [HKLM\Software\DefaultUserEnvironment] [HKLM\Software\Disc Soft] [HKLM\Software\DTS] [HKLM\Software\DYMO] [HKLM\Software\g3n-h@ckm@n] [HKLM\Software\Google] [HKLM\Software\HP] [HKLM\Software\Intel] [HKLM\Software\JavaSoft] [HKLM\Software\JreMetrics] [HKLM\Software\Khronos] [HKLM\Software\Logishrd] [HKLM\Software\Logitech] [HKLM\Software\Macromedia] [HKLM\Software\Microsoft] [HKLM\Software\Mozilla] [HKLM\Software\mozilla.org] [HKLM\Software\MozillaPlugins] [HKLM\Software\Nuance] [HKLM\Software\NVIDIA Corporation] [HKLM\Software\ODBC] [HKLM\Software\OEM] [HKLM\Software\Oracle] [HKLM\Software\paint.net] [HKLM\Software\Partner] [HKLM\Software\Piriform] [HKLM\Software\Policies] [HKLM\Software\Realtek] [HKLM\Software\RegisteredApplications] [HKLM\Software\SyncIntegrationClients] [HKLM\Software\sysinternals] [HKLM\Software\VideoLAN] [HKLM\Software\Windows] [HKLM\Software\WOW6432Node] [HKLM\Software\Microsoft\Windows\AssignedAccessConfiguration] [HKLM\Software\Microsoft\Windows\AssignedAccessCsp] [HKLM\Software\Microsoft\Windows\Autopilot] [HKLM\Software\Microsoft\Windows\ClickNote] [HKLM\Software\Microsoft\Windows\CurrentVersion] [HKLM\Software\Microsoft\Windows\Dwm] [HKLM\Software\Microsoft\Windows\DynamicManagement] [HKLM\Software\Microsoft\Windows\EnterpriseResourceManager] [HKLM\Software\Microsoft\Windows\Heat] [HKLM\Software\Microsoft\Windows\HTML Help] [HKLM\Software\Microsoft\Windows\ITStorage] [HKLM\Software\Microsoft\Windows\Notepad] [HKLM\Software\Microsoft\Windows\ScheduledDiagnostics] [HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\Microsoft\Windows\Shell] [HKLM\Software\Microsoft\Windows\Tablet PC] [HKLM\Software\Microsoft\Windows\TabletPC] [HKLM\Software\Microsoft\Windows\UpdateApi] [HKLM\Software\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\Microsoft\Windows\Windows Search] [HKLM\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\AarSvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\AssignedAccessManagerSvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\autotimesvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\BcastDVRUserService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\btagservice] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\BthAppGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\Camera] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ClipboardSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\DevicesFlow] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\diagnostics] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\GraphicsPerfSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ICService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceHttp] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestrictedDhcpLmHosts] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetworkFirewall] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceDnsNla] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\print] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\PrintWorkflow] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\rdxgroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\RmSvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\UnistackSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\WepHostSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wsappx] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wusvcs] [HKLM\Software\WOW6432Node\2BrightSparks] [HKLM\Software\WOW6432Node\ABBYY] [HKLM\Software\WOW6432Node\Adobe] [HKLM\Software\WOW6432Node\AGEIA Technologies] [HKLM\Software\WOW6432Node\Apple Inc.] [HKLM\Software\WOW6432Node\ASIO] [HKLM\Software\WOW6432Node\ASUS] [HKLM\Software\WOW6432Node\AVAST Software] [HKLM\Software\WOW6432Node\binary fortress software] [HKLM\Software\WOW6432Node\Canon] [HKLM\Software\WOW6432Node\Canon_Inc_IC] [HKLM\Software\WOW6432Node\Citrix] [HKLM\Software\WOW6432Node\Corel] [HKLM\Software\WOW6432Node\Corsair] [HKLM\Software\WOW6432Node\Dragon Systems] [HKLM\Software\WOW6432Node\EPSON] [HKLM\Software\WOW6432Node\Google] [HKLM\Software\WOW6432Node\Hewlett-Packard] [HKLM\Software\WOW6432Node\Intel] [HKLM\Software\WOW6432Node\JavaSoft] [HKLM\Software\WOW6432Node\JreMetrics] [HKLM\Software\WOW6432Node\Khronos] [HKLM\Software\WOW6432Node\Lamantine] [HKLM\Software\WOW6432Node\Licenses] [HKLM\Software\WOW6432Node\Macromedia] [HKLM\Software\WOW6432Node\Microsoft] [HKLM\Software\WOW6432Node\Mozilla] [HKLM\Software\WOW6432Node\MozillaPlugins] [HKLM\Software\WOW6432Node\Nuance] [HKLM\Software\WOW6432Node\NVIDIA Corporation] [HKLM\Software\WOW6432Node\ODBC] [HKLM\Software\WOW6432Node\OpenAL] [HKLM\Software\WOW6432Node\PFU] [HKLM\Software\WOW6432Node\Piriform] [HKLM\Software\WOW6432Node\RailSimulator.com] [HKLM\Software\WOW6432Node\Rainlendar2] [HKLM\Software\WOW6432Node\Realtek] [HKLM\Software\WOW6432Node\Realtek Semiconductor Corp.] [HKLM\Software\WOW6432Node\Rohos] [HKLM\Software\WOW6432Node\ScanSoft] [HKLM\Software\WOW6432Node\Siber Systems] [HKLM\Software\WOW6432Node\Sidify Music Converter] [HKLM\Software\WOW6432Node\Valve] [HKLM\Software\WOW6432Node\Voice] [HKLM\Software\WOW6432Node\XnView] [HKLM\Software\WOW6432Node\Clients] [HKLM\Software\WOW6432Node\Policies] [HKLM\Software\WOW6432Node\RegisteredApplications] [HKLM\Software\WOW6432Node\Microsoft\Windows\ClickNote] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows\Dwm] [HKLM\Software\WOW6432Node\Microsoft\Windows\EnterpriseResourceManager] [HKLM\Software\WOW6432Node\Microsoft\Windows\Heat] [HKLM\Software\WOW6432Node\Microsoft\Windows\HTML Help] [HKLM\Software\WOW6432Node\Microsoft\Windows\ITStorage] [HKLM\Software\WOW6432Node\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\WOW6432Node\Microsoft\Windows\Tablet PC] [HKLM\Software\WOW6432Node\Microsoft\Windows\UpdateApi] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Search] [HKLM\Software\WOW6432Node\Microsoft\Windows\xnview.exe] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceHttp] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestrictedDhcpLmHosts] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetworkFirewall] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceDnsNla] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\PrintWorkflow] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\wusvcs] ---------- | Drives E: [01/07/2019 20:51:24] - |A| - (.-.) - [580] - (0.0.0.0) - E:\Telechargements.lnk F: G: H: I: J: K: Z: ---------- | C: [05/07/2019 01:33:02] - |HD| - [499090] - C:\$AV_ASW [19/03/2019 06:52:43] - |SHD| - [477304] - C:\$Recycle.Bin [21/07/2019 16:29:35] - |D| - [251685600] - C:\AdsFix [MD5.D480EDC6366723FC3BF6D89503B49ADF] - [21/07/2019 16:32:56] - |A| - (.-.) - [52017] - (0.0.0.0) - C:\AdsFix_21_07_2019_17_56_59.txt [01/07/2019 11:44:33] - |D| - [122998201] - C:\ASUS [MD5.9A6662209A6744BBEC5550597B0EB732] - [01/07/2019 11:44:50] - |A| - (.-.) - [206] - (0.0.0.0) - C:\audio.log [01/07/2019 17:16:26] - |SHD| - [0] - C:\Documents and Settings [19/07/2019 18:15:42] - |D| - [136334708] - C:\FRST [MD5.D41D8CD98F00B204E9800998ECF8427E] - [01/07/2019 17:16:20] - |ASH| - (.-.) - [6838837248] - (0.0.0.0) - C:\hiberfil.sys [22/07/2019 00:08:30] - |HD| - [0] - C:\OneDriveTemp [MD5.D41D8CD98F00B204E9800998ECF8427E] - [01/07/2019 17:14:51] - |ASH| - (.-.) - [2550136832] - (0.0.0.0) - C:\pagefile.sys [19/03/2019 06:52:43] - |D| - [0] - C:\PerfLogs [19/03/2019 06:52:43] - |RD| - [8653928052] - C:\Program Files [19/03/2019 06:52:44] - |RD| - [25141452861] - C:\Program Files (x86) [19/03/2019 06:52:44] - |HD| - [4862483609] - C:\ProgramData [21/07/2019 10:20:46] - |D| - [545363] - C:\QuickDiag [MD5.1310C479636EC893B93357D0D2A9A3FA] - [22/07/2019 00:33:42] - |A| - (.-.) - [204656] - (0.0.0.0) - C:\QuickDiag.txt [MD5.42EFC304E64CB46D512031FD21F2C87A] - [21/07/2019 10:27:01] - |RAST| - (.-.) - [472353] - (0.0.0.0) - C:\QuickDiag_21_07_2019_10_27_01.txt [01/07/2019 17:16:27] - |SHD| - [0] - C:\Recovery [MD5.D41D8CD98F00B204E9800998ECF8427E] - [01/07/2019 17:14:52] - |ASH| - (.-.) - [16777216] - (0.0.0.0) - C:\swapfile.sys [01/07/2019 17:14:51] - |SHD| - [0] - C:\System Volume Information [19/03/2019 06:37:22] - |RD| - [32620303107] - C:\Users [19/03/2019 06:37:22] - |D| - [21963029065] - C:\Windows ---------- | C:\Windows [19/03/2019 06:52:44] - |D| - [802] - C:\Windows\addins [19/03/2019 06:52:44] - |D| - [10113749] - C:\Windows\appcompat [19/03/2019 06:52:44] - |D| - [8443788] - C:\Windows\apppatch [19/03/2019 06:52:44] - |D| - [0] - C:\Windows\AppReadiness [MD5.BF391031160DEA70A15AAC8B423D6DC3] - [01/07/2019 11:43:59] - |A| - (.-.) - [800] - (0.0.0.0) - C:\Windows\Ascd_ProcessLog.ini [MD5.FC96C596D6E8005DEAC1F310956C8FA0] - [01/07/2019 11:43:58] - |A| - (.-.) - [8164] - (0.0.0.0) - C:\Windows\Ascd_tmp.ini [19/03/2019 06:52:43] - |RSD| - [1287131890] - C:\Windows\assembly [19/03/2019 06:52:44] - |D| - [785153] - C:\Windows\bcastdvr [MD5.B75D52E7DBEEF44A2C3324A2CE0272C9] - [19/03/2019 06:43:47] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Utilitaire de service de fichier de démarrage.) - [73216] - (10.0.18362.1) - C:\Windows\bfsvc.exe [19/03/2019 14:04:01] - |SHD| - [578755] - C:\Windows\BitLockerDiscoveryVolumeContents [19/03/2019 06:52:44] - |D| - [39535503] - C:\Windows\Boot [MD5.8FE249701761FA551FC1FD40F4A19691] - [01/07/2019 17:15:29] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\Windows\bootstat.dat [19/03/2019 06:52:44] - |D| - [2450424] - C:\Windows\Branding [19/03/2019 06:37:22] - |D| - [0] - C:\Windows\CbsTemp [19/03/2019 06:52:44] - |D| - [90662775] - C:\Windows\Containers [01/07/2019 11:20:49] - |D| - [0] - C:\Windows\CSC [19/03/2019 06:52:44] - |D| - [11501377] - C:\Windows\Cursors [19/03/2019 06:52:44] - |D| - [28255984] - C:\Windows\debug [19/03/2019 06:52:44] - |D| - [4295354] - C:\Windows\diagnostics [19/03/2019 06:52:44] - |D| - [2074128] - C:\Windows\DiagTrack [19/03/2019 14:01:27] - |D| - [0] - C:\Windows\DigitalLocker [MD5.D25892B3079C87A04C54A700480056AE] - [13/07/2019 14:45:37] - |A| - (.-.) - [10123] - (0.0.0.0) - C:\Windows\DirectX.log [MD5.F7FA707AD19DAA3EB199D4A3489640DF] - [05/07/2019 12:40:47] - |A| - (.-.) - [161] - (0.0.0.0) - C:\Windows\DISPARAM.INI [19/03/2019 06:52:44] - |SD| - [65] - C:\Windows\Downloaded Program Files [MD5.4830DF26CF81BD3F6EE065DA613561E8] - [02/07/2019 10:10:14] - |A| - (.-.) - [60784] - (0.0.0.0) - C:\Windows\DPINST.LOG [MD5.BC999E169502745B4A6FBE9BB4680841] - [19/03/2019 06:55:49] - |A| - (.-.) - [1947] - (0.0.0.0) - C:\Windows\DtcInstall.log [19/03/2019 06:52:44] - |HD| - [82896] - C:\Windows\ELAMBKUP [19/03/2019 14:01:27] - |D| - [0] - C:\Windows\en-US [MD5.9C111E2764F4F0C03EBE0A0BD5EDA46D] - [01/07/2019 12:48:26] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [4552336] - (10.0.18362.207) - C:\Windows\explorer.exe [19/03/2019 06:52:44] - |RSD| - [550319211] - C:\Windows\Fonts [19/03/2019 14:01:27] - |D| - [110592] - C:\Windows\fr-FR [19/03/2019 06:52:44] - |D| - [0] - C:\Windows\GameBarPresenceWriter [19/03/2019 06:52:44] - |D| - [53136311] - C:\Windows\Globalization [19/03/2019 06:52:44] - |D| - [71532755] - C:\Windows\Help [MD5.BB596F99CCBE983F4E6D3D4A92CE9B8E] - [19/03/2019 06:45:38] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Aide et support Microsoft.) - [1054208] - (10.0.18362.1) - C:\Windows\HelpPane.exe [MD5.DF73D52FDCE65F90A2E49EFB5248C77C] - [19/03/2019 06:45:38] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Exécutable de l’aide HTML Microsoft®.) - [18432] - (10.0.18362.1) - C:\Windows\hh.exe [19/03/2019 06:52:44] - |D| - [29869] - C:\Windows\IdentityCRL [19/03/2019 06:52:44] - |D| - [28821950] - C:\Windows\IME [19/03/2019 06:52:44] - |RD| - [9251964] - C:\Windows\ImmersiveControlPanel [19/03/2019 06:50:07] - |D| - [84883422] - C:\Windows\INF [19/03/2019 06:52:44] - |D| - [38126462] - C:\Windows\InputMethod [19/03/2019 06:52:44] - |SHD| - [1083261480] - C:\Windows\Installer [19/03/2019 06:52:44] - |D| - [94304] - C:\Windows\L2Schemas [19/03/2019 06:52:44] - |HD| - [0] - C:\Windows\LanguageOverlayCache [19/03/2019 06:52:44] - |D| - [786432] - C:\Windows\LiveKernelReports [19/03/2019 06:52:44] - |D| - [59618823] - C:\Windows\Logs [MD5.D41D8CD98F00B204E9800998ECF8427E] - [13/07/2019 18:10:52] - |A| - (.-.) - [0] - (0.0.0.0) - C:\Windows\longfile.INI [MD5.44A2249136EB5055D1F0CC1022EDF0AA] - [01/07/2019 17:14:52] - |A| - (.-.) - [1376] - (0.0.0.0) - C:\Windows\lsasetup.log [19/03/2019 06:52:44] - |RSD| - [20063519] - C:\Windows\Media [MD5.23AF90D2355D8C83AA4567EF1763B467] - [19/03/2019 06:44:30] - |A| - (.-.) - [43131] - (0.0.0.0) - C:\Windows\mib.bin [19/03/2019 06:52:43] - |RD| - [854449549] - C:\Windows\Microsoft.NET [19/03/2019 06:52:44] - |D| - [3323] - C:\Windows\Migration [01/07/2019 11:18:57] - |D| - [0] - C:\Windows\minidump [19/03/2019 06:52:44] - |D| - [0] - C:\Windows\ModemLogs [13/07/2019 18:10:50] - |D| - [447760] - C:\Windows\MSAPPS [MD5.F1139811BBF61362915958806AD30211] - [19/03/2019 06:45:00] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Bloc-notes.) - [181248] - (10.0.18362.1) - C:\Windows\notepad.exe [MD5.74F28574BB8F61FFC7DD419FE6B6E0D5] - [01/07/2019 11:29:26] - |A| - (.-.) - [1951] - (0.0.0.0) - C:\Windows\NvContainerRecovery.bat [19/03/2019 14:03:09] - |D| - [199472] - C:\Windows\OCR [19/03/2019 06:52:44] - |RD| - [65] - C:\Windows\Offline Web Pages [01/07/2019 18:14:29] - |D| - [6514004] - C:\Windows\Panther [19/03/2019 06:52:44] - |D| - [528552] - C:\Windows\Performance [MD5.E1D9332C94366B40C631551B33975FEA] - [01/07/2019 13:09:36] - |A| - (.-.) - [378328] - (0.0.0.0) - C:\Windows\PFRO.log [05/07/2019 11:44:40] - |D| - [69632] - C:\Windows\PIXTRAN [19/03/2019 06:52:44] - |D| - [1136442] - C:\Windows\PLA [19/03/2019 06:52:44] - |D| - [7381588] - C:\Windows\PolicyDefinitions [01/07/2019 17:14:51] - |D| - [6348684] - C:\Windows\Prefetch [19/03/2019 06:52:44] - |RD| - [1997091] - C:\Windows\PrintDialog [MD5.AD5867D2A8665FFB20B0651AFC12114B] - [19/03/2019 14:04:34] - |A| - (.-.) - [34925] - (0.0.0.0) - C:\Windows\Professional.xml [19/03/2019 06:52:44] - |D| - [5894931] - C:\Windows\Provisioning [MD5.29409008DF22243BB320333F9FD5C060] - [19/03/2019 06:45:47] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Éditeur du Registre.) - [358400] - (10.0.18362.1) - C:\Windows\regedit.exe [19/03/2019 06:52:44] - |D| - [22588] - C:\Windows\Registration [19/03/2019 14:04:01] - |D| - [0] - C:\Windows\RemotePackages [19/03/2019 06:52:44] - |D| - [9510216] - C:\Windows\rescache [19/03/2019 06:52:44] - |D| - [3712599] - C:\Windows\Resources [MD5.2F887699ECB55E01D486700FB67E8805] - [01/07/2019 11:44:50] - |A| - (.Copyright (C) 2017 Realtek Semiconductor Corp. - RtlExUpd DLL for setup utility function.) - [2856800] - (1.0.7.2) - C:\Windows\RtlExUpd.dll [19/03/2019 06:52:44] - |D| - [0] - C:\Windows\SchCache [19/03/2019 06:52:44] - |D| - [190773] - C:\Windows\schemas [19/03/2019 06:52:44] - |D| - [1133807] - C:\Windows\security [01/07/2019 17:14:52] - |D| - [406385120] - C:\Windows\ServiceProfiles [19/03/2019 06:52:44] - |D| - [4580] - C:\Windows\ServiceState [19/03/2019 06:37:22] - |D| - [1219455043] - C:\Windows\servicing [19/03/2019 06:56:38] - |D| - [42] - C:\Windows\Setup [MD5.CA3E998C71C15EEEAEBC37F6FA9DE585] - [01/07/2019 17:14:59] - |A| - (.-.) - [33090] - (0.0.0.0) - C:\Windows\setupact.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - [01/07/2019 17:14:59] - |A| - (.-.) - [0] - (0.0.0.0) - C:\Windows\setuperr.log [19/03/2019 06:52:44] - |D| - [7052288] - C:\Windows\ShellComponents [19/03/2019 06:52:44] - |D| - [55485952] - C:\Windows\ShellExperiences [19/03/2019 06:52:44] - |D| - [3070736] - C:\Windows\SKB [01/07/2019 11:18:58] - |D| - [39970464] - C:\Windows\SoftwareDistribution [19/03/2019 06:52:44] - |D| - [88566928] - C:\Windows\Speech [19/03/2019 06:52:44] - |D| - [63949381] - C:\Windows\Speech_OneCore [MD5.DD8E5CAD821A7A4122D7FA0BF92512D6] - [10/07/2019 21:03:38] - |A| - (.© Microsoft Corporation. - Print driver host for applications.) - [132096] - (10.0.18362.239) - C:\Windows\splwow64.exe [05/07/2019 12:40:45] - |D| - [9644772] - C:\Windows\SSDriver [19/03/2019 06:52:44] - |D| - [31039] - C:\Windows\System [MD5.286A9EDB379DC3423A528B0864A0F111] - [19/03/2019 06:49:35] - |A| - (.-.) - [219] - (0.0.0.0) - C:\Windows\system.ini [19/03/2019 06:37:22] - |D| - [5028525507] - C:\Windows\System32 [19/03/2019 06:52:45] - |D| - [209415390] - C:\Windows\SystemApps [19/03/2019 06:52:46] - |D| - [187446133] - C:\Windows\SystemResources [19/03/2019 06:52:46] - |D| - [1328029976] - C:\Windows\SysWOW64 [19/03/2019 06:52:46] - |D| - [0] - C:\Windows\TAPI [19/03/2019 06:52:46] - |D| - [6] - C:\Windows\Tasks [19/03/2019 06:52:46] - |D| - [328185] - C:\Windows\Temp [19/03/2019 06:52:46] - |D| - [13780992] - C:\Windows\TextInput [19/03/2019 06:52:46] - |D| - [0] - C:\Windows\tracing [MD5.DCEBD85F30DCAC12706D9D81965E1903] - [13/07/2019 18:07:47] - |N| - (.- Twain Source Manager (Image Acquisition Interface).) - [88389] - (1.6.0.1) - C:\Windows\twain.dll [19/03/2019 06:52:46] - |D| - [72855180] - C:\Windows\twain_32 [MD5.BC67755EBD59B2523C943F0D1A9982EF] - [19/03/2019 06:46:01] - |A| - (.- Gestionnaire de sources Twain_32 (Image Acquisition Interface).) - [64512] - (1.7.1.3) - C:\Windows\twain_32.dll [MD5.74B8802CE5CD6F4E7AC83152E0E17D25] - [13/07/2019 18:07:47] - |N| - (.- Twain_32.dll Client's 16-Bit Thunking Server.) - [48560] - (1.6.0.1) - C:\Windows\twunk_16.exe [MD5.E2D4BA3248CB1DCB51383267868715E5] - [13/07/2019 18:07:47] - |N| - (.- Twain.dll Client's 32-Bit Thunking Server.) - [69632] - (1.6.0.1) - C:\Windows\twunk_32.exe [MD5.42ACDB4B5D231ECD9CDF3355B252309E] - [02/07/2019 15:57:38] - |A| - (.-.) - [35339] - (0.0.0.0) - C:\Windows\unins000.dat [MD5.C0B01D14A1EE97A747EC7C39F04A8785] - [02/07/2019 15:57:38] - |A| - (.- Setup/Uninstall.) - [1192591] - (51.1052.0.0) - C:\Windows\unins000.exe [19/03/2019 06:52:46] - |D| - [12420] - C:\Windows\Vss [19/03/2019 06:52:46] - |D| - [33138] - C:\Windows\WaaS [19/03/2019 06:52:46] - |D| - [16568315] - C:\Windows\Web [MD5.23CF8138F49416231807E6DE371FB9E6] - [19/03/2019 06:49:35] - |A| - (.-.) - [92] - (0.0.0.0) - C:\Windows\win.ini [MD5.C844CA459F3B209329984772269B6E56] - [19/03/2019 06:44:30] - |RAH| - (.-.) - [670] - (0.0.0.0) - C:\Windows\WindowsShell.Manifest [MD5.2CC83D93DD1DDE691158CF5E9882420B] - [01/07/2019 11:18:58] - |A| - (.-.) - [276] - (0.0.0.0) - C:\Windows\WindowsUpdate.log [MD5.CAA192BFDFB5F2A131EBD649B7062DE3] - [19/03/2019 06:46:01] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Relais Windows Winhlp32.) - [11776] - (10.0.18362.1) - C:\Windows\winhlp32.exe [19/03/2019 06:37:22] - |D| - [8815207223] - C:\Windows\WinSxS [MD5.E7E4D8D7340DA6934B9EA81CBB21374C] - [19/03/2019 06:58:10] - |A| - (.-.) - [316640] - (0.0.0.0) - C:\Windows\WMSysPr9.prx [MD5.1D27F61CC5D659247D2E0C111C5386DE] - [19/03/2019 06:45:54] - |A| - (.© Microsoft Corporation. - Windows Write.) - [11264] - (10.0.18362.1) - C:\Windows\write.exe [MD5.F383EE9225824B48C2674E1BBBE33FE7] - [13/07/2019 18:10:44] - |A| - (.-.) - [546] - (0.0.0.0) - C:\Windows\WT61CE.UWL [MD5.F383EE9225824B48C2674E1BBBE33FE7] - [13/07/2019 18:10:44] - |A| - (.-.) - [546] - (0.0.0.0) - C:\Windows\WT61KR.UWL [MD5.F383EE9225824B48C2674E1BBBE33FE7] - [13/07/2019 18:10:44] - |A| - (.-.) - [546] - (0.0.0.0) - C:\Windows\WT61OZ.UWL [MD5.F383EE9225824B48C2674E1BBBE33FE7] - [13/07/2019 18:10:44] - |A| - (.-.) - [546] - (0.0.0.0) - C:\Windows\WT61UK.UWL [MD5.71B1E5A86EF6FA6F56AD1C6BFDAEDBFE] - [13/07/2019 18:10:44] - |A| - (.-.) - [8198] - (0.0.0.0) - C:\Windows\WT61US.UWL ---------- | C:\Windows\System32\GroupPolicy ---------- | Systemroot\System ---------- | Systemroot\Installer (Microsoft Files Whitelisted) [04/07/2019 21:02:52] - C:\Windows\Installer\12dfa.msi : (Avast Update Helper - AVAST Software) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [01/07/2019 13:25:27] - C:\Windows\Installer\132a57.msi : (Google Update Helper - Google LLC) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [13/07/2019 14:45:21] - C:\Windows\Installer\15ebd.msi : (Install/UnInstall PhysX Driver + Engines: 2.3.1/2/3; 2.4.0/1/4; 2.5.0/1/3/4; 2.6.0/1/2/3/4; 2.7.0/1/2/3/4/5/6; 2.8.0/1/3 - NVIDIA Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [19/04/2014 15:26:04] - C:\Windows\Installer\22e03b2.msi : (Nuance Power PDF - Nuance Communications, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [22/07/2011 09:53:38] - C:\Windows\Installer\26223f7.msi : (Blank Project Template - PFU Limited) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [12/07/2011 11:47:28] - C:\Windows\Installer\2622403.msi : (Blank Project Template - PFU LIMITED) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [11/07/2011 11:05:36] - C:\Windows\Installer\262240f.msi : (Blank Project Template - PFU) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/05/2011 00:07:30] - C:\Windows\Installer\2622428.msi : (ABBYY FineReader for ScanSnap (TM) 4.1 - ABBYY) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [24/01/2015 04:14:51] - C:\Windows\Installer\262242d.msi : (Blank Project Template - Nuance Communications Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [13/07/2019 14:37:02] - C:\Windows\Installer\299418.msi : (Java SE Runtime Environment 8 Update 211 - Oracle Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [13/07/2019 14:37:33] - C:\Windows\Installer\299423.msi : (Java Auto Updater - Oracle Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [13/07/2019 20:20:26] - C:\Windows\Installer\362001c.msi : ( - dotPDN LLC) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [02/07/2019 10:09:39] - C:\Windows\Installer\43de18.msi : ([ProductName] Installer - Apple Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [02/07/2019 10:07:32] - C:\Windows\Installer\43e027.msi : (DYMO LabelWriter Drivers Installer 8.3.0.443 - Sanford L.P.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [02/07/2019 10:14:27] - C:\Windows\Installer\43e040.msi : (DYMO Label - Newell Rubbermaid) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [01/07/2019 13:19:28] - C:\Windows\Installer\55958.msi : (InfraRecorder (x64 edition) - Christian Kindahl) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/07/2019 17:45:32] - C:\Windows\Installer\68f97c.msi : (Google Earth Pro - Google) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [27/09/2017 18:43:53] - C:\Windows\Installer\6e1fff.msi : (HP LaserJet M14-M17 Basic Device Software - HP Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [19/07/2017 03:55:32] - C:\Windows\Installer\6e200b.msi : (HP LaserJet M14-M17 Help - HP) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [27/09/2017 18:42:03] - C:\Windows\Installer\6e2017.msi : (Product Improvement Study for HP LaserJet M14-M17 - HP Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/05/2015 03:38:02] - C:\Windows\Installer\9f9c47.msi : (Easy Photo Scan - Seiko Epson Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/03/2015 10:41:29] - C:\Windows\Installer\f9181.msi : ( - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [13/06/2019 14:38:00] - [2260992] - (.().-. - ()) - C:\Windows\Installer\20cab6.msp [03/09/2014 05:17:54] - [4028928] - (.().-. - ()) - C:\Windows\Installer\43ddc3.msp [03/09/2014 05:17:54] - [4637184] - (.().-. - ()) - C:\Windows\Installer\43ddd2.msp [15/09/2011 18:37:18] - [28100608] - (.().-. - ()) - C:\Windows\Installer\59dead3.msp [25/02/2009 19:08:18] - [8311808] - (.().-. - ()) - C:\Windows\Installer\59deade.msp [17/11/2012 09:36:10] - [3865600] - (.().-. - ()) - C:\Windows\Installer\59deaea.msp [08/05/2013 21:36:50] - [10943488] - (.().-. - ()) - C:\Windows\Installer\e8d97c.msp [25/01/2018 18:59:52] - [17022976] - (.().-. - ()) - C:\Windows\Installer\e8d988.msp [22/07/2015 09:10:44] - [10031104] - (.().-. - ()) - C:\Windows\Installer\e8d994.msp ---------- | %System%\*.in* [19/03/2019 06:45:40] - [3329] - C:\Windows\System32\ieuinit.inf [01/07/2019 11:22:59] - [1771430] - C:\Windows\System32\PerfStringBackup.INI [19/03/2019 06:45:00] - [60124] - C:\Windows\System32\tcpmon.ini [19/03/2019 06:44:30] - [2404] - C:\Windows\System32\WimBootCompress.ini [19/03/2019 06:46:01] - [3329] - C:\Windows\Syswow64\ieuinit.inf [19/03/2019 06:45:19] - [2404] - C:\Windows\Syswow64\WimBootCompress.ini ---------- | Listing no Microsoft signed files (Not necessary Malwares) | system32 | Syswow64 | General scan [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:44] - [0 Ko] - C:\Windows\AppPatch\Custom\Custom64 [MD5.23F948156435D7D6473911CF1E5C179E] - |A| - [21/07/2019 16:50:23] - (.-.) - [0.05 Ko] - (0.0.0.0) - C:\Windows\Temp\.ses [MD5.00000000000000000000000000000000] - |D| - [21/07/2019 18:00:06] - [0 Ko] - C:\Windows\Temp\avast_ash2 [MD5.A38B26B72B7E706D9F9D51046EF39317] - |A| - [21/07/2019 16:33:05] - (.-.) - [33.32 Ko] - (0.0.0.0) - C:\Windows\Temp\DESKTOP-2ORIENU-20190721-1633.log [MD5.A299DC73EF4CB69FBD5DD4F51F8B48AB] - |A| - [21/07/2019 16:50:18] - (.-.) - [13.26 Ko] - (0.0.0.0) - C:\Windows\Temp\DESKTOP-2ORIENU-20190721-1650.log [MD5.A1DF7DE2B87A76EFE8F31B41C5C4A877] - |A| - [21/07/2019 17:17:26] - (.-.) - [12.51 Ko] - (0.0.0.0) - C:\Windows\Temp\DESKTOP-2ORIENU-20190721-1717.log [MD5.45B15D792845FE57F8397EC68476BC05] - |A| - [21/07/2019 17:51:39] - (.-.) - [12.18 Ko] - (0.0.0.0) - C:\Windows\Temp\DESKTOP-2ORIENU-20190721-1751.log [MD5.5239D2D2A14D688B5200FBE616AE81BE] - |A| - [21/07/2019 18:02:38] - (.-.) - [12.51 Ko] - (0.0.0.0) - C:\Windows\Temp\DESKTOP-2ORIENU-20190721-1802.log [MD5.825713B17E187D68B883026CC005F189] - |A| - [21/07/2019 18:12:49] - (.-.) - [12.16 Ko] - (0.0.0.0) - C:\Windows\Temp\DESKTOP-2ORIENU-20190721-1812.log [MD5.3605697EE2CF316FFD942B352646FE23] - |A| - [21/07/2019 18:41:34] - (.-.) - [22.86 Ko] - (0.0.0.0) - C:\Windows\Temp\DESKTOP-2ORIENU-20190721-1841.log [MD5.663759036612A76EC1203394259D2567] - |A| - [21/07/2019 18:44:54] - (.-.) - [25.96 Ko] - (0.0.0.0) - C:\Windows\Temp\DESKTOP-2ORIENU-20190721-1844.log [MD5.F8B32BA22807B13574643E5629C455AA] - |A| - [21/07/2019 18:49:54] - (.-.) - [13.22 Ko] - (0.0.0.0) - C:\Windows\Temp\DESKTOP-2ORIENU-20190721-1849.log [MD5.F234336D017335BC3101DB30E47A9CC6] - |A| - [21/07/2019 18:57:09] - (.-.) - [12.48 Ko] - (0.0.0.0) - C:\Windows\Temp\DESKTOP-2ORIENU-20190721-1857.log [MD5.11F724195450C75A659A767BD7571730] - |A| - [21/07/2019 19:00:10] - (.-.) - [41.98 Ko] - (0.0.0.0) - C:\Windows\Temp\DESKTOP-2ORIENU-20190721-1900.log [MD5.1274FA9283B7B35D869A44A65150C929] - |A| - [21/07/2019 19:05:10] - (.-.) - [13.17 Ko] - (0.0.0.0) - C:\Windows\Temp\DESKTOP-2ORIENU-20190721-1905.log [MD5.2052E32D6A0367E02FE68FC22BC8B99B] - |A| - [21/07/2019 19:10:17] - (.-.) - [12.18 Ko] - (0.0.0.0) - C:\Windows\Temp\DESKTOP-2ORIENU-20190721-1910.log [MD5.9B7BEF4D1286269C8DC4A2BFEA345C92] - |A| - [21/07/2019 19:38:38] - (.-.) - [2.45 Ko] - (0.0.0.0) - C:\Windows\Temp\DESKTOP-2ORIENU-20190721-1938.log [MD5.9904A20BA0F0932F225FBCFA90A68084] - |A| - [21/07/2019 19:45:57] - (.-.) - [14.28 Ko] - (0.0.0.0) - C:\Windows\Temp\DESKTOP-2ORIENU-20190721-1945.log [MD5.09E292913E1ACC992B5B0AB0DB4CB78A] - |A| - [21/07/2019 19:56:03] - (.-.) - [13.24 Ko] - (0.0.0.0) - C:\Windows\Temp\DESKTOP-2ORIENU-20190721-1956.log [MD5.DA1E4872D0568AA7B598BEC5C609F81A] - |A| - [21/07/2019 23:50:57] - (.-.) - [27.23 Ko] - (0.0.0.0) - C:\Windows\Temp\DESKTOP-2ORIENU-20190721-2350.log [MD5.1A5D1FC92F5838833DDA4ECAC4BD0C12] - |A| - [21/07/2019 23:55:57] - (.-.) - [12.68 Ko] - (0.0.0.0) - C:\Windows\Temp\DESKTOP-2ORIENU-20190721-2355.log [MD5.895C4A01C6198253135FCCF066445DFA] - |A| - [22/07/2019 00:08:14] - (.-.) - [26.36 Ko] - (0.0.0.0) - C:\Windows\Temp\DESKTOP-2ORIENU-20190722-0008.log [MD5.9595CECFEBFFCE04A7C0E193F8490466] - |A| - [22/07/2019 00:13:14] - (.-.) - [12.71 Ko] - (0.0.0.0) - C:\Windows\Temp\DESKTOP-2ORIENU-20190722-0013.log [MD5.00000000000000000000000000000000] - |D| - [22/07/2019 00:08:09] - [0 Ko] - C:\Windows\Temp\DiagTrack_alternativeTrace [MD5.00000000000000000000000000000000] - |D| - [22/07/2019 00:08:09] - [0 Ko] - C:\Windows\Temp\DiagTrack_aot [MD5.00000000000000000000000000000000] - |D| - [22/07/2019 00:08:09] - [0 Ko] - C:\Windows\Temp\DiagTrack_diag [MD5.00000000000000000000000000000000] - |D| - [22/07/2019 00:08:09] - [0 Ko] - C:\Windows\Temp\DiagTrack_miniTrace [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [21/07/2019 17:17:31] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\mat-debug-10184.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [21/07/2019 19:10:22] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\mat-debug-10796.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [21/07/2019 18:02:43] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\mat-debug-10804.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [21/07/2019 19:05:15] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\mat-debug-1148.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [21/07/2019 16:33:10] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\mat-debug-11944.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [21/07/2019 17:51:44] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\mat-debug-12676.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [21/07/2019 16:50:23] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\mat-debug-12820.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [21/07/2019 23:56:02] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\mat-debug-3264.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [21/07/2019 19:46:02] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\mat-debug-3852.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [21/07/2019 19:00:15] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\mat-debug-4268.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [21/07/2019 18:12:54] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\mat-debug-4280.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [21/07/2019 23:51:02] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\mat-debug-4376.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [21/07/2019 18:41:39] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\mat-debug-4588.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [21/07/2019 18:44:59] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\mat-debug-4720.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [22/07/2019 00:13:19] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\mat-debug-4740.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [22/07/2019 00:08:19] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\mat-debug-5140.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [21/07/2019 18:49:59] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\mat-debug-7232.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [21/07/2019 18:57:14] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\mat-debug-880.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [21/07/2019 19:56:08] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\mat-debug-9480.log [MD5.F88F99D6665DA1FEA4D20C72135E2CAE] - |A| - [22/07/2019 00:03:44] - (.-.) - [0.07 Ko] - (0.0.0.0) - C:\Windows\Temp\mb_errors3800.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [21/07/2019 18:41:30] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\officeclicktorun.exe_streamserver(2019072118413011EC).log [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [22/07/2019 00:08:09] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\officeclicktorun.exe_streamserver(201907220008091414).log [MD5.00000000000000000000000000000000] - |D| - [21/07/2019 19:10:13] - [0 Ko] - C:\Windows\Temp\tw-1e74-2280-98687.tmp [MD5.00000000000000000000000000000000] - |D| - [21/07/2019 19:10:13] - [0 Ko] - C:\Windows\Temp\tw-1e74-2280-98699.tmp [MD5.00000000000000000000000000000000] - |D| - [21/07/2019 19:10:13] - [0 Ko] - C:\Windows\Temp\tw-1e74-2280-9869b.tmp [MD5.00000000000000000000000000000000] - |D| - [21/07/2019 19:10:13] - [0 Ko] - C:\Windows\Temp\tw-1e74-2280-9869d.tmp [MD5.00000000000000000000000000000000] - |D| - [21/07/2019 19:10:13] - [0 Ko] - C:\Windows\Temp\tw-1e74-2280-9869f.tmp [MD5.00000000000000000000000000000000] - |D| - [21/07/2019 19:10:13] - [0 Ko] - C:\Windows\Temp\tw-1e74-2280-986a1.tmp [MD5.00000000000000000000000000000000] - |D| - [21/07/2019 19:10:13] - [0 Ko] - C:\Windows\Temp\tw-1e74-2280-986a3.tmp [MD5.00000000000000000000000000000000] - |D| - [21/07/2019 19:10:13] - [0 Ko] - C:\Windows\Temp\tw-1e74-2280-986a5.tmp [MD5.00000000000000000000000000000000] - |D| - [21/07/2019 19:10:13] - [0 Ko] - C:\Windows\Temp\tw-1e74-2280-986b6.tmp [MD5.00000000000000000000000000000000] - |D| - [21/07/2019 19:10:13] - [0 Ko] - C:\Windows\Temp\tw-1e74-2280-986b8.tmp [MD5.00000000000000000000000000000000] - |D| - [21/07/2019 19:10:13] - [0 Ko] - C:\Windows\Temp\tw-1e74-2280-986ba.tmp [MD5.00000000000000000000000000000000] - |D| - [21/07/2019 19:10:13] - [0 Ko] - C:\Windows\Temp\tw-1e74-2280-986bc.tmp [MD5.00000000000000000000000000000000] - |D| - [21/07/2019 19:10:13] - [0 Ko] - C:\Windows\Temp\tw-1e74-2280-986be.tmp [MD5.00000000000000000000000000000000] - |D| - [21/07/2019 19:10:13] - [0 Ko] - C:\Windows\Temp\tw-1e74-2280-986c0.tmp [MD5.00000000000000000000000000000000] - |D| - [21/07/2019 19:10:13] - [0 Ko] - C:\Windows\Temp\tw-1e74-2280-986d2.tmp [MD5.00000000000000000000000000000000] - |D| - [21/07/2019 19:10:13] - [0 Ko] - C:\Windows\Temp\tw-1e74-2280-986d4.tmp [MD5.00000000000000000000000000000000] - |D| - [21/07/2019 19:10:13] - [0 Ko] - C:\Windows\Temp\tw-1e74-2280-986d6.tmp [MD5.00000000000000000000000000000000] - |D| - [21/07/2019 19:10:13] - [0 Ko] - C:\Windows\Temp\tw-1e74-2280-986d8.tmp [MD5.00000000000000000000000000000000] - |D| - [21/07/2019 19:10:13] - [0 Ko] - C:\Windows\Temp\tw-1e74-2280-986da.tmp [MD5.00000000000000000000000000000000] - |D| - [21/07/2019 18:57:05] - [0 Ko] - C:\Windows\Temp\tw-420-2d6c-b76ed.tmp [MD5.00000000000000000000000000000000] - |D| - [21/07/2019 18:57:05] - [0 Ko] - C:\Windows\Temp\tw-420-2d6c-b76ef.tmp [MD5.00000000000000000000000000000000] - |D| - [21/07/2019 18:57:05] - [0 Ko] - C:\Windows\Temp\tw-420-2d6c-b76f1.tmp [MD5.00000000000000000000000000000000] - |D| - [21/07/2019 18:57:05] - [0 Ko] - C:\Windows\Temp\tw-420-2d6c-b76f3.tmp [MD5.00000000000000000000000000000000] - |D| - [21/07/2019 18:57:05] - [0 Ko] - C:\Windows\Temp\tw-420-2d6c-b7705.tmp [MD5.00000000000000000000000000000000] - |D| - [21/07/2019 18:57:05] - [0 Ko] - C:\Windows\Temp\tw-420-2d6c-b7707.tmp [MD5.00000000000000000000000000000000] - |D| - [21/07/2019 18:57:05] - [0 Ko] - C:\Windows\Temp\tw-420-2d6c-b7709.tmp [MD5.00000000000000000000000000000000] - |D| - [21/07/2019 18:57:05] - [0 Ko] - C:\Windows\Temp\tw-420-2d6c-b770b.tmp [MD5.00000000000000000000000000000000] - |D| - [21/07/2019 18:57:05] - [0 Ko] - C:\Windows\Temp\tw-420-2d6c-b770d.tmp [MD5.00000000000000000000000000000000] - |D| - [21/07/2019 18:57:05] - [0 Ko] - C:\Windows\Temp\tw-420-2d6c-b770f.tmp [MD5.00000000000000000000000000000000] - |D| - [21/07/2019 18:57:05] - [0 Ko] - C:\Windows\Temp\tw-420-2d6c-b7711.tmp [MD5.00000000000000000000000000000000] - |D| - [21/07/2019 18:57:05] - [0 Ko] - C:\Windows\Temp\tw-420-2d6c-b7713.tmp [MD5.00000000000000000000000000000000] - |D| - [21/07/2019 18:57:05] - [0 Ko] - C:\Windows\Temp\tw-420-2d6c-b7724.tmp [MD5.00000000000000000000000000000000] - |D| - [21/07/2019 18:57:05] - [0 Ko] - C:\Windows\Temp\tw-420-2d6c-b7726.tmp [MD5.00000000000000000000000000000000] - |D| - [21/07/2019 18:57:05] - [0 Ko] - C:\Windows\Temp\tw-420-2d6c-b7728.tmp [MD5.00000000000000000000000000000000] - |D| - [21/07/2019 18:57:05] - [0 Ko] - C:\Windows\Temp\tw-420-2d6c-b772a.tmp [MD5.00000000000000000000000000000000] - |D| - [21/07/2019 18:57:05] - [0 Ko] - C:\Windows\Temp\tw-420-2d6c-b772c.tmp [MD5.00000000000000000000000000000000] - |D| - [21/07/2019 18:57:05] - [0 Ko] - C:\Windows\Temp\tw-420-2d6c-b772e.tmp [MD5.00000000000000000000000000000000] - |D| - [21/07/2019 18:57:05] - [0 Ko] - C:\Windows\Temp\tw-420-2d6c-b7730.tmp [MD5.00000000000000000000000000000000] - |D| - [01/07/2019 13:21:43] - [0 Ko] - C:\Windows\Temp\_avast_ [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [21/07/2019 19:38:33] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\{824AE45B-14B2-4197-9150-525FA140ED72} - OProcSessId.dat [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 14:01:27] - [0 Ko] - C:\Windows\System32\0409 [MD5.C652A5EA6545C98CE71684018E0640E7] - |A| - [19/03/2019 06:44:33] - (.-.) - [3.1 Ko] - (0.0.0.0) - C:\Windows\System32\@AdvancedKeySettingsNotification.png [MD5.D6F8DD9F561B8A67FFAC2BAD7E989770] - |A| - [19/03/2019 06:44:28] - (.-.) - [0.23 Ko] - (0.0.0.0) - C:\Windows\System32\@AppHelpToast.png [MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [19/03/2019 06:44:28] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\Windows\System32\@AudioToastIcon.png [MD5.8E4B25CC8E98F63DBD54176DFAB539E0] - |A| - [19/03/2019 06:44:03] - (.-.) - [0.44 Ko] - (0.0.0.0) - C:\Windows\System32\@BackgroundAccessToastIcon.png [MD5.3937359E324E15F6A7A7092D4DAEBD64] - |A| - [19/03/2019 06:44:47] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\Windows\System32\@bitlockertoastimage.png [MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [19/03/2019 06:44:47] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\Windows\System32\@EnrollmentToastIcon.png [MD5.C2A332DE50FE519DA21AFB8BD6E134F4] - |A| - [19/03/2019 06:44:52] - (.-.) - [0.55 Ko] - (0.0.0.0) - C:\Windows\System32\@language_notification_icon.png [MD5.A119D69B4C29845D3F8CE2E5638C8E65] - |A| - [19/03/2019 06:45:47] - (.-.) - [0.47 Ko] - (0.0.0.0) - C:\Windows\System32\@optionalfeatures.png [MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [19/03/2019 06:45:02] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\Windows\System32\@VpnToastIcon.png [MD5.79166EAF65485F1432DD72B72870026B] - |A| - [19/03/2019 06:45:32] - (.-.) - [190.86 Ko] - (0.0.0.0) - C:\Windows\System32\@windows-hello-V4.1.gif [MD5.13EF2C8D799F7B6E9D8E3D6BACB9C779] - |A| - [19/03/2019 06:45:32] - (.-.) - [0.7 Ko] - (0.0.0.0) - C:\Windows\System32\@WindowsHelloFaceToastIcon.png [MD5.F553B252FEC3134D4F5303D9B25298B3] - |A| - [19/03/2019 06:44:21] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\Windows\System32\@WindowsUpdateToastIcon.contrast-black.png [MD5.DAD405CBDE259DE527EBF71BCC28099C] - |A| - [19/03/2019 06:44:21] - (.-.) - [0.79 Ko] - (0.0.0.0) - C:\Windows\System32\@WindowsUpdateToastIcon.contrast-white.png [MD5.F553B252FEC3134D4F5303D9B25298B3] - |A| - [19/03/2019 06:44:21] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\Windows\System32\@WindowsUpdateToastIcon.png [MD5.DB71001FC261F6685BE410527DAE3942] - |A| - [19/03/2019 06:44:01] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\Windows\System32\@WirelessDisplayToast.png [MD5.D0FCF781D0801ABF5F74B54E98076A5B] - |A| - [19/03/2019 06:44:12] - (.-.) - [0.15 Ko] - (0.0.0.0) - C:\Windows\System32\@WwanNotificationIcon.png [MD5.85D91E478AF18125007C531227FF6E59] - |A| - [19/03/2019 06:44:12] - (.-.) - [0.34 Ko] - (0.0.0.0) - C:\Windows\System32\@WwanSimLockIcon.png [MD5.31A16C523B62500F83C82217F056A538] - |A| - [19/03/2019 06:44:21] - (.-.) - [8.13 Ko] - (0.0.0.0) - C:\Windows\System32\ActiveHours.png [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [2751.51 Ko] - C:\Windows\System32\AdvancedInstallers [MD5.0724FA8BCAF2725746F9BB4264989D96] - |A| - [19/03/2019 06:43:47] - (.-.) - [13 Ko] - (0.0.0.0) - C:\Windows\System32\agentactivationruntimestarter.exe [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [5.97 Ko] - C:\Windows\System32\am-et [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [0 Ko] - C:\Windows\System32\AppLocker [MD5.00000000000000000000000000000000] - |D| - [02/07/2019 10:13:24] - [0 Ko] - C:\Windows\System32\appmgmt [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [2710.82 Ko] - C:\Windows\System32\appraiser [MD5.00000000000000000000000000000000] - |SD| - [19/03/2019 14:04:01] - [287.49 Ko] - C:\Windows\System32\AppV [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [279 Ko] - C:\Windows\System32\ar-SA [MD5.A3FA2DD7B000AE0964395512E9C37E41] - |A| - [19/03/2019 06:45:35] - (.Copyright (c) libarchive authors - Windows-internal libarchive library.) - [607 Ko] - (3.3.2.0) - C:\Windows\System32\archiveint.dll [MD5.FD82F0D54CFDFC908E7C3723B86AB1DA] - |A| - [19/03/2019 06:57:20] - (.-.) - [488.5 Ko] - (0.0.0.0) - C:\Windows\System32\AssignedAccessCsp.dll [MD5.284EA63A83D1557EAB4B5F2A32B8FA53] - |A| - [01/07/2019 11:43:46] - (.ASUSTeK Computer Inc. -.) - [1104.91 Ko] - (1.0.0.1) - C:\Windows\System32\AsusDownloadAgent.exe [MD5.F085C08B2C913ADC9EC6C66756C4EDC2] - |A| - [01/07/2019 11:30:28] - (.Copyright © 2017 - AsusDownLoadLicense.) - [322.24 Ko] - (1.0.0.0) - C:\Windows\System32\AsusDownLoadLicense.exe [MD5.27041F07DD7E1442287FA1A808ABD851] - |A| - [01/07/2019 17:14:51] - (.-.) - [1071.9 Ko] - (0.0.0.0) - C:\Windows\System32\AsusUpdateCheck.exe [MD5.09BA156D2582A9B27B3B04031B9FD343] - |A| - [04/07/2019 20:58:19] - (.Copyright (c) 2019 AVAST Software - Avast start-up scanner.) - [354.88 Ko] - (19.6.4546.0) - C:\Windows\System32\aswBoot.exe [MD5.C03F0062C0749CDB59A4D60862C3E83E] - |A| - [19/03/2019 06:43:47] - (.-.) - [134.86 Ko] - (0.0.0.0) - C:\Windows\System32\AverageRoom.bin [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [259 Ko] - C:\Windows\System32\bg-BG [MD5.705628497C0012302212A46ADD463E6E] - |A| - [19/03/2019 06:43:45] - (.-.) - [8.3 Ko] - (0.0.0.0) - C:\Windows\System32\BluetoothPairingSystemToastIcon.contrast-black.png [MD5.F63C615733A3337BF2BEA96C6EE9B568] - |A| - [19/03/2019 06:43:45] - (.-.) - [8.53 Ko] - (0.0.0.0) - C:\Windows\System32\BluetoothPairingSystemToastIcon.contrast-high.png [MD5.705628497C0012302212A46ADD463E6E] - |A| - [19/03/2019 06:43:45] - (.-.) - [8.3 Ko] - (0.0.0.0) - C:\Windows\System32\BluetoothPairingSystemToastIcon.contrast-white.png [MD5.DAF1DCB4AEE839A1965F4CC160C49A53] - |A| - [19/03/2019 06:43:45] - (.-.) - [8.34 Ko] - (0.0.0.0) - C:\Windows\System32\BluetoothPairingSystemToastIcon.png [MD5.28ECA83D7F9D10D69E969675D1FF6725] - |A| - [19/03/2019 06:43:45] - (.-.) - [1.29 Ko] - (0.0.0.0) - C:\Windows\System32\BluetoothSystemToastIcon.contrast-white.png [MD5.A620186FF1CDE4EE117FC4CAD648B9CC] - |A| - [19/03/2019 06:43:45] - (.-.) - [1.2 Ko] - (0.0.0.0) - C:\Windows\System32\BluetoothSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [5783.66 Ko] - C:\Windows\System32\Boot [MD5.6CC5FAF5A7B51609D0D2A90AC1202918] - |A| - [19/03/2019 06:44:29] - (.Copyright (C) 2008 - Gestionnaire de contexte pour réseau personnel Bluetooth.) - [182 Ko] - (1.0.0.1) - C:\Windows\System32\BthpanContextHandler.dll [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [0.1 Ko] - C:\Windows\System32\Bthprops [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:37:22] - [68101.95 Ko] - C:\Windows\System32\CatRoot [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [60723.54 Ko] - C:\Windows\System32\catroot2 [MD5.5FD23925CB1C8C28ACDA99FEA65B4133] - |A| - [05/07/2019 13:32:08] - (.Copyright CANON INC. 2000-2013 - IJ Language Monitor.) - [382 Ko] - (0.3.0.1) - C:\Windows\System32\CNMLMC0.DLL [MD5.795499C0B9CC2FA1003DB2AC79375568] - |A| - [02/07/2019 10:47:34] - (.Copyright CANON INC. 2003-2013 - Canon IJ Network 64bit comm Module.) - [352 Ko] - (3.4.0.30) - C:\Windows\System32\CNMN6PPM.DLL [MD5.078C676A27990B2AA042286F368823DD] - |A| - [02/07/2019 10:47:34] - (.Copyright CANON INC. 2003-2013 - Canon IJ Network 64bit UI Module.) - [38.5 Ko] - (3.4.0.30) - C:\Windows\System32\CNMN6UI.DLL [MD5.C363AD6FFEA91974F31912C15DE09FC8] - |A| - [05/07/2019 14:06:50] - (.Copyright CANON INC. 2007-2013 - IJ Language Monitor.) - [385 Ko] - (0.3.0.1) - C:\Windows\System32\CNMXLMC0.DLL [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [11.19 Ko] - C:\Windows\System32\CodeIntegrity [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [370 Ko] - C:\Windows\System32\Com [MD5.535884123FABC2C15AA7DEC9834B55D4] - |A| - [19/03/2019 06:43:45] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\Windows\System32\ComputerToastIcon.contrast-white.png [MD5.89F92266DFC6F93961DFFBB2D6C61A15] - |A| - [19/03/2019 06:43:45] - (.-.) - [0.38 Ko] - (0.0.0.0) - C:\Windows\System32\ComputerToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:37:22] - [265973.94 Ko] - C:\Windows\System32\config [MD5.00000000000000000000000000000000] - |SD| - [19/03/2019 06:52:45] - [53.11 Ko] - C:\Windows\System32\Configuration [MD5.5C77E079B337BCF6235F39183D7C7026] - |A| - [19/03/2019 06:44:16] - (.-.) - [223.02 Ko] - (0.0.0.0) - C:\Windows\System32\containerdevicemanagement.dll [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [322.5 Ko] - C:\Windows\System32\cs-CZ [MD5.BDEBD2FC4927DA00EEA263AF9CF8F7ED] - |A| - [19/03/2019 06:45:35] - (.© 1996 - 2017 Daniel Stenberg, . - The curl executable.) - [414.5 Ko] - (7.55.1.0) - C:\Windows\System32\curl.exe [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [318.5 Ko] - C:\Windows\System32\da-DK [MD5.7155B124089FAC5F304084116669F6DF] - |A| - [19/03/2019 06:43:57] - (.-.) - [146 Ko] - (0.0.0.0) - C:\Windows\System32\DataStoreCacheDumpTool.exe [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [277.94 Ko] - C:\Windows\System32\DDFs [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [363 Ko] - C:\Windows\System32\de-DE [MD5.C04ED7B2794D40E8E777FD44ED44FC50] - |A| - [19/03/2019 06:44:03] - (.-.) - [0.36 Ko] - (0.0.0.0) - C:\Windows\System32\DefaultAccountTile.png [MD5.618BA9E529EAB7E11DBA43469481835F] - |A| - [19/03/2019 06:43:47] - (.-.) - [4128.04 Ko] - (0.0.0.0) - C:\Windows\System32\DefaultHrtfs.bin [MD5.664AA698FC0106A2B075A641E8DC6302] - |A| - [19/03/2019 06:49:38] - (.-.) - [0.84 Ko] - (0.0.0.0) - C:\Windows\System32\DefaultQuestions.json [MD5.6C22EC440786D5E1EA69E0D53C4F3B4B] - |A| - [19/03/2019 06:44:45] - (.-.) - [35 Ko] - (0.0.0.0) - C:\Windows\System32\deploymentcsphelper.exe [MD5.851A9305E14B348CA0D9C7FB75391FDB] - |A| - [19/03/2019 06:44:21] - (.-.) - [272.34 Ko] - (0.0.0.0) - C:\Windows\System32\DesktopKeepOnToastImg.gif [MD5.4A6FA3C0EFD237F104E09A22883D9388] - |A| - [19/03/2019 06:44:25] - (.-.) - [3.85 Ko] - (0.0.0.0) - C:\Windows\System32\DetailedReading-Default.xml [MD5.2E4A8F4B4B71F266861613647BCE2DAE] - |A| - [19/03/2019 06:57:20] - (.-.) - [133.5 Ko] - (0.0.0.0) - C:\Windows\System32\DeviceUpdateCenterCsp.dll [MD5.00000000000000000000000000000000] - |SD| - [19/03/2019 06:52:45] - [913.5 Ko] - C:\Windows\System32\DiagSvcs [MD5.173D1EB779621B66784DCABEDF9AFB4F] - |A| - [19/03/2019 06:44:18] - (.-.) - [82.77 Ko] - (0.0.0.0) - C:\Windows\System32\DiskSnapshot.conf [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [9441.31 Ko] - C:\Windows\System32\Dism [MD5.6AB2B935BF38EB13CFCB9506223FD6E7] - |A| - [19/03/2019 06:43:45] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\Windows\System32\DisplaySystemToastIcon.contrast-white.png [MD5.FF004E0B30E5E4EC747B3D8EF6E3B89E] - |A| - [19/03/2019 06:43:45] - (.-.) - [0.34 Ko] - (0.0.0.0) - C:\Windows\System32\DisplaySystemToastIcon.png [MD5.F7E6E09D6FCD374AD85AFA2C0A93D03B] - |A| - [02/07/2019 12:25:50] - (.Copyright (C) PFU LIMITED 2004-2005 - DistortionDLL.) - [68 Ko] - (1.0.0.15) - C:\Windows\System32\distortion.dll [MD5.8D220B2451DFE2E17A95212D8E0C7B2E] - |A| - [19/03/2019 06:45:32] - (.-.) - [0.31 Ko] - (0.0.0.0) - C:\Windows\System32\DrtmAuth1.bin [MD5.13318050805A1AC2D4A4C534887AB007] - |A| - [19/03/2019 06:45:32] - (.-.) - [0.31 Ko] - (0.0.0.0) - C:\Windows\System32\DrtmAuth10.bin [MD5.54A4D2752B62FFE8A98E588DB906E799] - |A| - [19/03/2019 06:45:34] - (.-.) - [0.31 Ko] - (0.0.0.0) - C:\Windows\System32\DrtmAuth11.bin [MD5.FA7D32EB423DAC57B0AE079CCA87DE7A] - |A| - [19/03/2019 06:45:34] - (.-.) - [0.31 Ko] - (0.0.0.0) - C:\Windows\System32\DrtmAuth12.bin [MD5.3570691E603B87CC41363341E8348904] - |A| - [19/03/2019 06:45:32] - (.-.) - [0.31 Ko] - (0.0.0.0) - C:\Windows\System32\DrtmAuth2.bin [MD5.DF7C0D8374183AB5CA91C1204CA91A0B] - |A| - [19/03/2019 06:45:32] - (.-.) - [0.31 Ko] - (0.0.0.0) - C:\Windows\System32\DrtmAuth3.bin [MD5.46F4C31CFE6F93F9CA045DF5C1E23752] - |A| - [19/03/2019 06:45:32] - (.-.) - [0.31 Ko] - (0.0.0.0) - C:\Windows\System32\DrtmAuth4.bin [MD5.A88FC6AF11F7E33395C51F9D979FFDFB] - |A| - [19/03/2019 06:45:32] - (.-.) - [0.31 Ko] - (0.0.0.0) - C:\Windows\System32\DrtmAuth5.bin [MD5.91B60C6DB00407A19FB7B16C15C3B07E] - |A| - [19/03/2019 06:45:32] - (.-.) - [0.31 Ko] - (0.0.0.0) - C:\Windows\System32\DrtmAuth6.bin [MD5.8F40E6DF99054EF4DF58281867B404B3] - |A| - [19/03/2019 06:45:32] - (.-.) - [0.31 Ko] - (0.0.0.0) - C:\Windows\System32\DrtmAuth7.bin [MD5.681F63EA513534AFC3A881CF81D65DEF] - |A| - [19/03/2019 06:45:32] - (.-.) - [0.31 Ko] - (0.0.0.0) - C:\Windows\System32\DrtmAuth8.bin [MD5.F0259D2CCAC0734A7E83CD875179A6A8] - |A| - [19/03/2019 06:45:32] - (.-.) - [0.31 Ko] - (0.0.0.0) - C:\Windows\System32\DrtmAuth9.bin [MD5.00000000000000000000000000000000] - |SD| - [19/03/2019 06:52:45] - [161.5 Ko] - C:\Windows\System32\dsc [MD5.00000000000000000000000000000000] - |D| - [01/07/2019 11:49:04] - [10237.87 Ko] - C:\Windows\System32\DTS [MD5.2AC58918336D59AAAB91DBDB97FB3182] - |A| - [19/03/2019 06:44:30] - (.-.) - [2529.5 Ko] - (0.0.0.0) - C:\Windows\System32\dwmscene.dll [MD5.34D01C9546EE5FEA3F88E1FFE9CC5BC0] - |A| - [27/07/2018 00:39:06] - (.Copyright © 2006 - DYMO AsyncUI DLL.) - [11 Ko] - (2.0.0.1) - C:\Windows\System32\DYMOAsyncUI.dll [MD5.DF84EB7B44D1414284BA384F0061D1DC] - |A| - [19/03/2019 06:43:47] - (.-.) - [728.08 Ko] - (0.0.0.0) - C:\Windows\System32\DynamicLong.bin [MD5.346870077DFD18867A9693C7A59AA3E6] - |A| - [19/03/2019 06:43:47] - (.-.) - [503.08 Ko] - (0.0.0.0) - C:\Windows\System32\DynamicMedium.bin [MD5.2BEC13D68312ADE8C0065D8BCC146D2F] - |A| - [19/03/2019 06:43:47] - (.-.) - [315.58 Ko] - (0.0.0.0) - C:\Windows\System32\DynamicShort.bin [MD5.10C38E1CA0D664F58E8B9F3645885E1D] - |A| - [19/03/2019 06:43:45] - (.-.) - [0.07 Ko] - (0.0.0.0) - C:\Windows\System32\edgehtmlpluginpolicy.bin [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [365.5 Ko] - C:\Windows\System32\el-GR [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 14:01:27] - [0 Ko] - C:\Windows\System32\en [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [243.5 Ko] - C:\Windows\System32\en-GB [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [1569.5 Ko] - C:\Windows\System32\en-US [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [348 Ko] - C:\Windows\System32\es-ES [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [271 Ko] - C:\Windows\System32\es-MX [MD5.53C3DF59E3CC67C8547B25F446ADE868] - |A| - [02/07/2019 11:48:26] - (.-.) - [64.25 Ko] - (0.0.0.0) - C:\Windows\System32\esfweb.bin [MD5.65544350FBB63F17C57C4AC90C069522] - |A| - [02/07/2019 11:48:26] - (.Copyright (C) SEIKO EPSON CORP. 2013 - Command Interpreter Module.) - [337.5 Ko] - (1.0.4.1) - C:\Windows\System32\esxuineb.dll [MD5.4DED57BD7ACB9B0EBBE82034EC44645A] - |A| - [19/03/2019 06:44:39] - (.-.) - [43.22 Ko] - (0.0.0.0) - C:\Windows\System32\FeatureToastBulldogImg.png [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [7.11 Ko] - C:\Windows\System32\ff-Adlm-SN [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [322.5 Ko] - C:\Windows\System32\fi-FI [MD5.F8616DB05E19292A18F9A6CFBA636889] - |A| - [02/07/2019 12:25:50] - (.COPYRIGHT PFU LIMITED 2008 - ScanSnap sti minidriver.) - [32.5 Ko] - (2.1.2.3) - C:\Windows\System32\fj52usb-x64.dll [MD5.5BCC3C3F5199F59741030DAF044F0BD5] - |A| - [02/07/2019 12:25:50] - (.COPYRIGHT PFU LIMITED 2000-2007 - ScanSnap sti minidriver.) - [32.5 Ko] - (2.1.2.2) - C:\Windows\System32\fjmcusb-x64.dll [MD5.60F5B1A01840DC776F28D879047EFAF4] - |A| - [01/07/2019 17:14:52] - (.-.) - [732.38 Ko] - (0.0.0.0) - C:\Windows\System32\FNTCACHE.DAT [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 14:01:27] - [3490.5 Ko] - C:\Windows\System32\fr [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [278.5 Ko] - C:\Windows\System32\fr-CA [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [48159.78 Ko] - C:\Windows\System32\fr-FR [MD5.3C402FA88BB488B77A73428623B7825B] - |A| - [19/03/2019 06:45:49] - (.-.) - [167 Ko] - (0.0.0.0) - C:\Windows\System32\FsNVSDeviceSource.dll [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [0 Ko] - C:\Windows\System32\FxsTmp [MD5.41FD64AE28A0C932CA7B2A250993D675] - |A| - [19/03/2019 06:43:45] - (.-.) - [1.45 Ko] - (0.0.0.0) - C:\Windows\System32\GameSystemToastIcon.contrast-white.png [MD5.6DC77FD8B062264AF1C6DA325ABB7010] - |A| - [19/03/2019 06:43:45] - (.-.) - [1.11 Ko] - (0.0.0.0) - C:\Windows\System32\GameSystemToastIcon.png [MD5.2E6AF4D5BF6E31E728F409984C3045D4] - |A| - [19/03/2019 06:45:50] - (.-.) - [86.7 Ko] - (0.0.0.0) - C:\Windows\System32\gatherNetworkInfo.vbs [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [0 Ko] - C:\Windows\System32\GroupPolicy [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [0 Ko] - C:\Windows\System32\GroupPolicyUsers [MD5.EA99A87E98D995DE6E280CF85CEAD413] - |A| - [19/03/2019 06:43:45] - (.-.) - [1.21 Ko] - (0.0.0.0) - C:\Windows\System32\HandwritingSystemToastIcon.contrast-white.png [MD5.B8E586ED92DB703FFA480E254996160E] - |A| - [19/03/2019 06:43:45] - (.-.) - [0.89 Ko] - (0.0.0.0) - C:\Windows\System32\HandwritingSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [256.5 Ko] - C:\Windows\System32\he-IL [MD5.6E9E9D56B192B2995493E529CFF2BBFE] - |A| - [19/03/2019 06:43:45] - (.-.) - [1.43 Ko] - (0.0.0.0) - C:\Windows\System32\HeadphoneSystemToastIcon.contrast-white.png [MD5.7F1E9502267F778F3A8139C35A352190] - |A| - [19/03/2019 06:43:45] - (.-.) - [1.09 Ko] - (0.0.0.0) - C:\Windows\System32\HeadphoneSystemToastIcon.png [MD5.202A07E4526B050E22624328E64E0470] - |A| - [19/03/2019 06:43:45] - (.-.) - [1.52 Ko] - (0.0.0.0) - C:\Windows\System32\HeadsetSystemToastIcon.contrast-white.png [MD5.1892ACC10CAC009BCAC146AD650ABA58] - |A| - [19/03/2019 06:43:45] - (.-.) - [1.17 Ko] - (0.0.0.0) - C:\Windows\System32\HeadsetSystemToastIcon.png [MD5.031713BFD5F30E63336D3CA5D2767BE9] - |A| - [19/03/2019 06:43:45] - (.-.) - [1.79 Ko] - (0.0.0.0) - C:\Windows\System32\HealthSystemToastIcon.contrast-white.png [MD5.C1BD7976C99830E33A713D02374054EC] - |A| - [19/03/2019 06:43:45] - (.-.) - [1.62 Ko] - (0.0.0.0) - C:\Windows\System32\HealthSystemToastIcon.png [MD5.D6F7FB7B9386E0A029DCCD11DD84B15A] - |A| - [19/03/2019 06:44:11] - (.-.) - [260 Ko] - (0.0.0.0) - C:\Windows\System32\HeatCore.dll [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [250 Ko] - C:\Windows\System32\hr-HR [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [329 Ko] - C:\Windows\System32\hu-HU [MD5.B4DE48A0333CD63B62CDC63B516D9902] - |A| - [19/03/2019 06:45:54] - (.-.) - [37.8 Ko] - (0.0.0.0) - C:\Windows\System32\HvSocket.dll [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 14:04:01] - [158.57 Ko] - C:\Windows\System32\Hydrogen [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [5.36 Ko] - C:\Windows\System32\ias [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [36.27 Ko] - C:\Windows\System32\icsxml [MD5.2E977573411A099BD0213832B7442F0E] - |A| - [01/07/2019 11:59:59] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Combined Library.) - [2267 Ko] - (63.1.0.0) - C:\Windows\System32\icu.dll [MD5.D2A4919E61E99157AD2DE994795C0F83] - |RA| - [19/03/2019 06:44:15] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU I18N DLL.) - [24.5 Ko] - (63.1.0.0) - C:\Windows\System32\icuin.dll [MD5.003EEDD728E2952E23DB9F6516B9194A] - |RA| - [19/03/2019 06:44:15] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Common DLL.) - [29 Ko] - (63.1.0.0) - C:\Windows\System32\icuuc.dll [MD5.8CE43FCE353B86A81F67014B6EEE5143] - |A| - [19/03/2019 06:43:45] - (.-.) - [195.5 Ko] - (0.0.0.0) - C:\Windows\System32\IHDS.dll [MD5.04E3F8E9A6D1D8841D5CBBD14D1CD3C4] - |A| - [02/07/2019 12:25:50] - (.Copyright (c) PFU Limited. -.) - [3001 Ko] - (1.0.3.1) - C:\Windows\System32\ijl5s1100-x64.dll [MD5.5B918EB7B842719872BB0C8F34FA1689] - |A| - [02/07/2019 12:25:50] - (.Copyright (c) PFU Limited. -.) - [2806.5 Ko] - (1.0.3.0) - C:\Windows\System32\ijl5s1300-x64.dll [MD5.04E3F8E9A6D1D8841D5CBBD14D1CD3C4] - |A| - [02/07/2019 12:25:50] - (.Copyright (c) PFU Limited. -.) - [3001 Ko] - (1.0.3.1) - C:\Windows\System32\ijl5s1300i-x64.dll [MD5.0B4287D2BE6A59CECC31D6C060F9F89D] - |A| - [02/07/2019 12:25:50] - (.Copyright (c) PFU Limited. -.) - [2806.5 Ko] - (1.0.3.0) - C:\Windows\System32\ijl5s300-x64.dll [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [25975.79 Ko] - C:\Windows\System32\IME [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [0 Ko] - C:\Windows\System32\inetsrv [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [6775 Ko] - C:\Windows\System32\InputMethod [MD5.8DE9AE82152650C178BF1E24014E8503] - |A| - [19/03/2019 06:43:45] - (.-.) - [1.25 Ko] - (0.0.0.0) - C:\Windows\System32\InputSystemToastIcon.contrast-white.png [MD5.0B9FBD6F3ED617CD36D042D3422F1C2B] - |A| - [19/03/2019 06:43:45] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\Windows\System32\InputSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [0 Ko] - C:\Windows\System32\Ipmi [MD5.AA4584D365E68A086D1DFD8DF4E14BB0] - |A| - [02/07/2019 12:25:50] - (.Copyright (c) PFU Limited. - ScanSnap S1100 Mini Driver DLL.) - [2409.5 Ko] - (1.0.4.2) - C:\Windows\System32\ippi5s1100-x64.dll [MD5.4E1F72EC6265CF80F6FB53A28F9355A9] - |A| - [02/07/2019 12:25:50] - (.Copyright (c) PFU Limited. - ScanSnap S1300 Mini Driver DLL.) - [679 Ko] - (1.0.3.0) - C:\Windows\System32\ippi5s1300-x64.dll [MD5.AA4584D365E68A086D1DFD8DF4E14BB0] - |A| - [02/07/2019 12:25:50] - (.Copyright (c) PFU Limited. - ScanSnap S1100 Mini Driver DLL.) - [2409.5 Ko] - (1.0.4.2) - C:\Windows\System32\ippi5s1300i-x64.dll [MD5.9AC6B075C809304DA712F01F279CD28B] - |A| - [02/07/2019 12:25:50] - (.Copyright (c) PFU Limited. - ScanSnap S300 Mini Driver DLL.) - [679 Ko] - (1.0.3.0) - C:\Windows\System32\ippi5s300-x64.dll [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [348 Ko] - C:\Windows\System32\it-IT [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [264.09 Ko] - C:\Windows\System32\ja-jp [MD5.23AC7515B6D8A794BCC01B582F044078] - |A| - [19/03/2019 06:43:45] - (.-.) - [0.82 Ko] - (0.0.0.0) - C:\Windows\System32\KeyboardSystemToastIcon.contrast-white.png [MD5.3DF873E16CCEA9B42857FB5FA085CB00] - |A| - [19/03/2019 06:43:45] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\Windows\System32\KeyboardSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [532.61 Ko] - C:\Windows\System32\Keywords [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [238.5 Ko] - C:\Windows\System32\ko-KR [MD5.9451D4436E2EA67EB33FCC764E4AABED] - |A| - [19/03/2019 06:44:21] - (.-.) - [186.29 Ko] - (0.0.0.0) - C:\Windows\System32\LaptopPlugInToastImg.gif [MD5.F0CC83E1BA7E24F9B3292160C28AECD7] - |A| - [19/03/2019 06:43:47] - (.-.) - [145.56 Ko] - (0.0.0.0) - C:\Windows\System32\LargeRoom.bin [MD5.C15D2C94E3C94CEFE8DE6A9D36C35FD1] - |A| - [13/10/2016 21:55:18] - (.(C) 1991-2012 Logitech. - LDA Component Extensions (UNICODE).) - [2410.45 Ko] - (1.10.77.0) - C:\Windows\System32\LdaCx2.dll [MD5.157FB82D7141B18624FF2D42190C97E1] - |A| - [19/03/2019 14:02:30] - (.-.) - [1572 Ko] - (2.6.5.1) - C:\Windows\System32\libcrypto.dll [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [625.17 Ko] - C:\Windows\System32\Licenses [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [29303.74 Ko] - C:\Windows\System32\LogFiles [MD5.1F1E9FBB7FE7A39A84A061F6EF7003B4] - |A| - [13/10/2016 21:55:24] - (.Copyright © 2010-2012 Logitech. All Rights Reserved - Logitech Download Assistant.) - [3850.45 Ko] - (1.10.77.0) - C:\Windows\System32\LogiLDA.DLL [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [246.5 Ko] - C:\Windows\System32\lt-LT [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [247.5 Ko] - C:\Windows\System32\lv-LV [MD5.7A495CA1402C2F9F5D035092AD808669] - |A| - [19/03/2019 06:46:54] - (.-.) - [0.85 Ko] - (0.0.0.0) - C:\Windows\System32\manage-bde.wsf [MD5.F53CAB05B340E9C28028764995BC1071] - |A| - [19/03/2019 06:45:05] - (.-.) - [836.5 Ko] - (0.0.0.0) - C:\Windows\System32\MBR2GPT.EXE [MD5.F23EB28468FC8B62AF941308EC30387F] - |A| - [19/03/2019 06:43:45] - (.-.) - [1.25 Ko] - (0.0.0.0) - C:\Windows\System32\MediaSystemToastIcon.contrast-white.png [MD5.6E27512E38D598E0A60F8E5ADCF032CD] - |A| - [19/03/2019 06:43:45] - (.-.) - [0.83 Ko] - (0.0.0.0) - C:\Windows\System32\MediaSystemToastIcon.png [MD5.69D04DE701CF1E8CE69C65D1671D2B3F] - |A| - [19/03/2019 06:43:47] - (.-.) - [107.46 Ko] - (0.0.0.0) - C:\Windows\System32\MediumRoom.bin [MD5.00000000000000000000000000000000] - |SD| - [01/07/2019 17:14:52] - [1.88 Ko] - C:\Windows\System32\Microsoft [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [6483.77 Ko] - C:\Windows\System32\migration [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [46626.32 Ko] - C:\Windows\System32\migwiz [MD5.08749DCC252AE1148E3BEA32B3FFFBFC] - |A| - [19/03/2019 06:46:18] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\Windows\System32\MixedRealityRuntime.json [MD5.C8BF077B236ED2803347BD95DE29BF68] - |A| - [19/03/2019 06:49:39] - (.-.) - [3.03 Ko] - (0.0.0.0) - C:\Windows\System32\mmc.exe.config [MD5.B43E43FFFDD0F06A6925C7C89594042B] - |A| - [19/03/2019 06:43:45] - (.-.) - [1.35 Ko] - (0.0.0.0) - C:\Windows\System32\MouseSystemToastIcon.contrast-white.png [MD5.5D2F0D3E50BF1129D260AC1405FF2A18] - |A| - [19/03/2019 06:43:45] - (.-.) - [1.06 Ko] - (0.0.0.0) - C:\Windows\System32\MouseSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [01/07/2019 11:51:29] - [0 Ko] - C:\Windows\System32\MRT [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [45.5 Ko] - C:\Windows\System32\MSDRM [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [4148.28 Ko] - C:\Windows\System32\MsDtc [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [19.16 Ko] - C:\Windows\System32\MUI [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [45.64 Ko] - C:\Windows\System32\my-mm [MD5.6B1E196C4E5CB30D6FF99CFA8F1F071D] - |A| - [19/03/2019 06:44:28] - (.-.) - [28.7 Ko] - (0.0.0.0) - C:\Windows\System32\NarratorControlTemplates.xml [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [311.5 Ko] - C:\Windows\System32\nb-NO [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [896 Ko] - C:\Windows\System32\NDF [MD5.C146E873B22C3B300B21A859FE66C27A] - |A| - [19/03/2019 06:45:50] - (.-.) - [21.15 Ko] - (0.0.0.0) - C:\Windows\System32\NetTrace.PLA.Diagnostics.xml [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [51 Ko] - C:\Windows\System32\networklist [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [342.5 Ko] - C:\Windows\System32\nl-NL [MD5.00000000000000000000000000000000] - |SD| - [19/03/2019 06:52:45] - [3781.5 Ko] - C:\Windows\System32\Nui [MD5.A5B61A97393620007C04D6510ED440C0] - |A| - [01/07/2019 11:29:30] - (.-.) - [8135 Ko] - (0.0.0.0) - C:\Windows\System32\nvcoproc.bin [MD5.DEF07D5AA963F5601E5C709DE7625D88] - |A| - [01/07/2019 11:29:08] - (.-.) - [43.3 Ko] - (0.0.0.0) - C:\Windows\System32\nvinfo.pb [MD5.DC55B5C2A8A45395DB884591324D359B] - |A| - [19/03/2019 14:04:01] - (.-.) - [18.02 Ko] - (0.0.0.0) - C:\Windows\System32\OEMDefaultAssociations.xml [MD5.F3DC097E834C1A11F2BEDFD429C644A9] - |A| - [19/03/2019 06:44:21] - (.-.) - [0.41 Ko] - (0.0.0.0) - C:\Windows\System32\OkDone_80.contrast-black.png [MD5.BFE1CCA08FEFC8A3422F7DA615567D75] - |A| - [19/03/2019 06:44:21] - (.-.) - [0.43 Ko] - (0.0.0.0) - C:\Windows\System32\OkDone_80.contrast-white.png [MD5.F3DC097E834C1A11F2BEDFD429C644A9] - |A| - [19/03/2019 06:44:21] - (.-.) - [0.41 Ko] - (0.0.0.0) - C:\Windows\System32\OkDone_80.png [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [14681.86 Ko] - C:\Windows\System32\oobe [MD5.2AD7B4F3C8D2BB686D231EDFF404B7A4] - |A| - [13/07/2019 14:45:47] - (.Copyright (C) 2000-2006 - Standard OpenAL(TM) Implementation.) - [120.02 Ko] - (6.14.357.24) - C:\Windows\System32\OpenAL32.dll [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 14:02:30] - [3554.5 Ko] - C:\Windows\System32\OpenSSH [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [3.81 Ko] - C:\Windows\System32\osa-Osge-001 [MD5.459FB33AA2114A28C5932FEAA115B072] - |A| - [19/03/2019 06:43:47] - (.-.) - [45.82 Ko] - (0.0.0.0) - C:\Windows\System32\OutdoorAudioEnvironment.bin [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [1728.68 Ko] - C:\Windows\System32\PerceptionSimulation [MD5.0764F61FAD64EC950EFE175C0175695C] - |A| - [19/03/2019 06:55:38] - (.-.) - [130.2 Ko] - (0.0.0.0) - C:\Windows\System32\perfc009.dat [MD5.9C8520E9788E7CD1D520965469025A40] - |A| - [19/03/2019 14:01:29] - (.-.) - [146.49 Ko] - (0.0.0.0) - C:\Windows\System32\perfc00C.dat [MD5.1E60BC5E525063B96078DF17FBD3C4E1] - |A| - [19/03/2019 06:55:38] - (.-.) - [32.64 Ko] - (0.0.0.0) - C:\Windows\System32\perfd009.dat [MD5.9F9AF8517189B0D61B2615007E071084] - |A| - [19/03/2019 14:01:29] - (.-.) - [39.74 Ko] - (0.0.0.0) - C:\Windows\System32\perfd00C.dat [MD5.E02D46A50A97C1EF746D039488B15396] - |A| - [19/03/2019 06:55:38] - (.-.) - [685.13 Ko] - (0.0.0.0) - C:\Windows\System32\perfh009.dat [MD5.62B2D6D011E35A8EAC3D55A70A8B7A6A] - |A| - [19/03/2019 14:01:29] - (.-.) - [773.38 Ko] - (0.0.0.0) - C:\Windows\System32\perfh00C.dat [MD5.235E9918C3BFC41DEEAF1CA61428BDE2] - |A| - [01/07/2019 11:22:59] - (.-.) - [1729.91 Ko] - (0.0.0.0) - C:\Windows\System32\PerfStringBackup.INI [MD5.79D34E3B62076D4C875C748F5BE71ECA] - |A| - [19/03/2019 06:43:45] - (.-.) - [2.21 Ko] - (0.0.0.0) - C:\Windows\System32\PhoneSystemToastIcon.contrast-white.png [MD5.4D9495349D00D9AD907F227FF51F289F] - |A| - [19/03/2019 06:43:45] - (.-.) - [1.92 Ko] - (0.0.0.0) - C:\Windows\System32\PhoneSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [341.5 Ko] - C:\Windows\System32\pl-PL [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [448 Ko] - C:\Windows\System32\PointOfService [MD5.77D96999819206E9208DF12819E5DBA7] - |A| - [19/03/2019 06:44:12] - (.-.) - [42.5 Ko] - (0.0.0.0) - C:\Windows\System32\pospaymentsworker.exe [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 14:01:28] - [420.74 Ko] - C:\Windows\System32\Printing_Admin_Scripts [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [0 Ko] - C:\Windows\System32\ProximityToast [MD5.007893E8374C766471239EB291BA8C17] - |A| - [19/03/2019 06:44:00] - (.-.) - [4.05 Ko] - (0.0.0.0) - C:\Windows\System32\psmodulediscoveryprovider.mof [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [336 Ko] - C:\Windows\System32\pt-BR [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [338.5 Ko] - C:\Windows\System32\pt-PT [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [23.75 Ko] - C:\Windows\System32\ras [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [0 Ko] - C:\Windows\System32\RasToast [MD5.C7C018F59C8D03A723A6CE7315657659] - |A| - [19/03/2019 06:45:47] - (.-.) - [1970.5 Ko] - (1.0.1901.7002) - C:\Windows\System32\rdpnano.dll [MD5.D8D02FD6073373A537FC0C1024E7C6DA] - |A| - [19/03/2019 06:43:47] - (.-.) - [60.5 Ko] - (0.0.0.0) - C:\Windows\System32\rdsxvmaudio.dll [MD5.9EB5D001B61A90672B8DA7E272545704] - |A| - [19/03/2019 06:58:49] - (.Copyright (C) 2009 - RemoteFX Helper.) - [131.5 Ko] - (1.1.0.0) - C:\Windows\System32\RDVGHelper.exe [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [1.08 Ko] - C:\Windows\System32\Recovery [MD5.826549DF7B1333179BA8CA939B12DAD3] - |A| - [19/03/2019 06:43:45] - (.-.) - [1.58 Ko] - (0.0.0.0) - C:\Windows\System32\RemoteSystemToastIcon.contrast-white.png [MD5.B4DEEC96F9DF6961D5DE054F11BF9C2B] - |A| - [19/03/2019 06:43:45] - (.-.) - [1.1 Ko] - (0.0.0.0) - C:\Windows\System32\RemoteSystemToastIcon.png [MD5.1BD059A6D1219C35098AC3BD4C02FDC2] - |A| - [19/03/2019 06:45:32] - (.-.) - [107.5 Ko] - (0.0.0.0) - C:\Windows\System32\ResBParser.dll [MD5.1FB4B6A26FEEF4A99B7D0ECD2ADDF075] - |A| - [19/03/2019 06:45:56] - (.-.) - [9.19 Ko] - (0.0.0.0) - C:\Windows\System32\ResPriHMImageList [MD5.93915F385A4EED6C0FBEE364EA90CE56] - |A| - [19/03/2019 06:45:56] - (.-.) - [9.09 Ko] - (0.0.0.0) - C:\Windows\System32\ResPriHMImageListLowCost [MD5.39BB5D2A5EC1CBDD722CAB7BDCEC41F5] - |A| - [19/03/2019 06:45:56] - (.-.) - [8.64 Ko] - (0.0.0.0) - C:\Windows\System32\ResPriImageList [MD5.39A2449AFF6ABAD80B97EA7C7CEB3F8E] - |A| - [19/03/2019 06:45:56] - (.-.) - [8.53 Ko] - (0.0.0.0) - C:\Windows\System32\ResPriImageListLowCost [MD5.831C579709F4761E4AB7053FCF4176EC] - |A| - [19/03/2019 06:44:21] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\Windows\System32\RestartNowPower_80.contrast-black.png [MD5.DF286186041C6BF73C5DC21CEEEFFED5] - |A| - [19/03/2019 06:44:21] - (.-.) - [0.77 Ko] - (0.0.0.0) - C:\Windows\System32\RestartNowPower_80.contrast-white.png [MD5.831C579709F4761E4AB7053FCF4176EC] - |A| - [19/03/2019 06:44:21] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\Windows\System32\RestartNowPower_80.png [MD5.AE9FE55FED83149715734CB83339055A] - |A| - [19/03/2019 06:44:21] - (.-.) - [1.07 Ko] - (0.0.0.0) - C:\Windows\System32\RestartTonight_80.png [MD5.AE9FE55FED83149715734CB83339055A] - |A| - [19/03/2019 06:44:21] - (.-.) - [1.07 Ko] - (0.0.0.0) - C:\Windows\System32\RestartTonight_80_contrast-black.png [MD5.891AD355AB777A95695FC8A8A623A614] - |A| - [19/03/2019 06:44:21] - (.-.) - [0.98 Ko] - (0.0.0.0) - C:\Windows\System32\RestartTonight_80_contrast-white.png [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [0.07 Ko] - C:\Windows\System32\restore [MD5.AA694008D3068ED546D9DF920BF5300D] - |A| - [19/03/2019 06:44:35] - (.-.) - [57.5 Ko] - (0.0.0.0) - C:\Windows\System32\runexehelper.exe [MD5.5DE3395944F796F56B16275F681F2D02] - |A| - [02/07/2019 12:25:50] - (.Copyright (c) PFU Limited. - ScanSnap S1100 Mini Driver DLL.) - [608.5 Ko] - (1.0.0.12) - C:\Windows\System32\s1100u-x64.dll [MD5.63572FE073E15EF294304F10669CFBB3] - |A| - [02/07/2019 12:25:50] - (.Copyright PFU LIMITED 2011 - ScanSnap S1300i Mini Driver DLL.) - [1040.5 Ko] - (2.0.2.7) - C:\Windows\System32\s1300iu-x64.dll [MD5.A3311DE17B0CBFDA3A4BB95ECF25ED47] - |A| - [02/07/2019 12:25:50] - (.Copyright (c) PFU Limited. - ScanSnap S1300 Mini Driver DLL.) - [359 Ko] - (2.0.0.8) - C:\Windows\System32\s1300u-x64.dll [MD5.47A9451DD2567AF4AD93B118B38E0BBB] - |A| - [02/07/2019 12:25:50] - (.Copyright (c) PFU Limited. - ScanSnap S300 Mini Driver DLL.) - [343.5 Ko] - (1.4.0.0) - C:\Windows\System32\s300u-x64.dll [MD5.5C18CD22BE4628865FCB63337A6E5EF6] - |A| - [19/03/2019 06:46:39] - (.-.) - [10.18 Ko] - (0.0.0.0) - C:\Windows\System32\ScavengeSpace.xml [MD5.2F24BC74DCB28FE032C1596755385917] - |A| - [19/03/2019 06:44:21] - (.-.) - [0.53 Ko] - (0.0.0.0) - C:\Windows\System32\ScheduleTime_80.contrast-black.png [MD5.E72B1B6800DE45AA9AE7E10F899E5999] - |A| - [19/03/2019 06:44:21] - (.-.) - [0.54 Ko] - (0.0.0.0) - C:\Windows\System32\ScheduleTime_80.contrast-white.png [MD5.2F24BC74DCB28FE032C1596755385917] - |A| - [19/03/2019 06:44:21] - (.-.) - [0.53 Ko] - (0.0.0.0) - C:\Windows\System32\ScheduleTime_80.png [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [6.92 Ko] - C:\Windows\System32\SecureBootUpdates [MD5.A8308D2F3DDE0745E8B678BF69A2ECD0] - |A| - [19/03/2019 06:44:01] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\System32\settings.dat [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [77.44 Ko] - C:\Windows\System32\Sgrm [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [2370 Ko] - C:\Windows\System32\ShellExperiences [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [23.7 Ko] - C:\Windows\System32\si-lk [MD5.51750D547EDABFABC0EF5D3D9B799D7C] - |A| - [01/07/2019 13:09:56] - (.Copyright © 2003-2006, Silicon Image Inc. - Property page provider..) - [101.54 Ko] - (1.0.12.0) - C:\Windows\System32\SilSupp.cpl [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [254.5 Ko] - C:\Windows\System32\sk-SK [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [251.5 Ko] - C:\Windows\System32\sl-SI [MD5.00000000000000000000000000000000] - |D| - [01/07/2019 17:14:52] - [39371.13 Ko] - C:\Windows\System32\SleepStudy [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 14:01:28] - [52.14 Ko] - C:\Windows\System32\slmgr [MD5.DAC275ABAAD2B689D7BB3685E4032072] - |A| - [19/03/2019 06:43:47] - (.-.) - [68.15 Ko] - (0.0.0.0) - C:\Windows\System32\SmallRoom.bin [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:37:22] - [13385.02 Ko] - C:\Windows\System32\SMI [MD5.55121989BE7B289813D419BA0FDEE8B7] - |A| - [19/03/2019 06:44:21] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\Windows\System32\Snooze_80.contrast-black.png [MD5.E30B7D226E7B5B0EC2B9FC2316694ECC] - |A| - [19/03/2019 06:44:21] - (.-.) - [0.88 Ko] - (0.0.0.0) - C:\Windows\System32\Snooze_80.contrast-white.png [MD5.55121989BE7B289813D419BA0FDEE8B7] - |A| - [19/03/2019 06:44:21] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\Windows\System32\Snooze_80.png [MD5.9E90030CAA809C0AE07D9E150449428C] - |A| - [05/07/2019 11:51:19] - (.-.) - [58.5 Ko] - (0.3.1536.20) - C:\Windows\System32\SODPPLM.DLL [MD5.DE3EAAF17BC934C77C4FC0C626EEA03B] - |A| - [19/03/2019 06:43:45] - (.-.) - [1.48 Ko] - (0.0.0.0) - C:\Windows\System32\SpeakersSystemToastIcon.contrast-white.png [MD5.3308374DB8D20CFDA4D4204E2B5E559E] - |A| - [19/03/2019 06:43:45] - (.-.) - [0.88 Ko] - (0.0.0.0) - C:\Windows\System32\SpeakersSystemToastIcon.png [MD5.CEDAB194F8B9DADA895371B4560B97F0] - |A| - [19/03/2019 06:45:54] - (.-.) - [38 Ko] - (0.0.0.0) - C:\Windows\System32\SpectrumSyncClient.dll [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [7558.3 Ko] - C:\Windows\System32\Speech [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [12411.23 Ko] - C:\Windows\System32\Speech_OneCore [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [184214.56 Ko] - C:\Windows\System32\spool [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [18057.23 Ko] - C:\Windows\System32\spp [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [23.61 Ko] - C:\Windows\System32\sppui [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [253.5 Ko] - C:\Windows\System32\sr-Latn-RS [MD5.DC9450258D80F46AEF8EF063A7C629B0] - |A| - [19/03/2019 06:45:56] - (.-.) - [19.03 Ko] - (0.0.0.0) - C:\Windows\System32\srms-apr.dat [MD5.763BCEE61F573235E1C60E80438AC301] - |A| - [01/07/2019 12:48:42] - (.-.) - [57.45 Ko] - (0.0.0.0) - C:\Windows\System32\srms.dat [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [33432 Ko] - C:\Windows\System32\sru [MD5.EBF15D23B92DE845AC8C952AE9153492] - |A| - [19/03/2019 06:43:47] - (.-.) - [443 Ko] - (0.0.0.0) - C:\Windows\System32\ssdm.dll [MD5.00000000000000000000000000000000] - |D| - [02/07/2019 10:47:34] - [156.5 Ko] - C:\Windows\System32\STRING [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [317.5 Ko] - C:\Windows\System32\sv-SE [MD5.20C4FE2B130D9F0C92D7629E71AFBB66] - |A| - [19/03/2019 06:46:24] - (.-.) - [1.68 Ko] - (0.0.0.0) - C:\Windows\System32\SyncAppvPublishingServer.vbs [MD5.1B3B402B8AB718FE00CFFA6DE39420A6] - |A| - [01/07/2019 11:43:46] - (.-.) - [358 Ko] - (0.0.0.0) - C:\Windows\System32\syncas.dll [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:43] - [1390.02 Ko] - C:\Windows\System32\Sysprep [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [939.78 Ko] - C:\Windows\System32\SystemResetPlatform [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [10.73 Ko] - C:\Windows\System32\ta-in [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [10.73 Ko] - C:\Windows\System32\ta-lk [MD5.5F6B04A0EC5FE46FEEEC887406F63E57] - |A| - [19/03/2019 06:45:35] - (.Copyright (c) libarchive authors - bsdtar archive tool.) - [49.5 Ko] - (3.3.2.0) - C:\Windows\System32\tar.exe [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [628.79 Ko] - C:\Windows\System32\Tasks [MD5.D602CA245CC6774A0981B607F0675609] - |A| - [19/03/2019 06:45:00] - (.-.) - [58.71 Ko] - (0.0.0.0) - C:\Windows\System32\tcpmon.ini [MD5.364B8B76EBB95762632341E49F26144D] - |A| - [01/07/2019 12:48:31] - (.-.) - [1798 Ko] - (0.0.0.0) - C:\Windows\System32\TextInputMethodFormatter.dll [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [232 Ko] - C:\Windows\System32\th-TH [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [5.97 Ko] - C:\Windows\System32\ti-et [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [312.5 Ko] - C:\Windows\System32\tr-TR [MD5.B88B8D017386A00D7724519F475317A0] - |A| - [19/03/2019 06:43:54] - (.-.) - [10.33 Ko] - (0.0.0.0) - C:\Windows\System32\TransformPPSToWlan.xslt [MD5.2F05390B798363D51EBE65D6320CD45E] - |A| - [19/03/2019 06:43:54] - (.-.) - [1.65 Ko] - (0.0.0.0) - C:\Windows\System32\TransformPPSToWlanCredentials.xslt [MD5.D200497DD3A24F138123F0EB6C385D1D] - |A| - [19/03/2019 06:46:26] - (.-.) - [0.14 Ko] - (0.0.0.0) - C:\Windows\System32\UevAppMonitor.exe.config [MD5.4AAEE8D86EC81DA2A1514ABC77E71F57] - |A| - [19/03/2019 06:46:26] - (.-.) - [3.34 Ko] - (0.0.0.0) - C:\Windows\System32\UevCustomActionTypes.tlb [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [249 Ko] - C:\Windows\System32\uk-UA [MD5.B9A75ED4500DD953DF172FE6F63578E8] - |A| - [19/03/2019 06:43:49] - (.-.) - [53.67 Ko] - (0.0.0.0) - C:\Windows\System32\umpdc.dll [MD5.00000000000000000000000000000000] - |SD| - [19/03/2019 06:52:45] - [1917.6 Ko] - C:\Windows\System32\UNP [MD5.21B9D3543310B811B3F0DBE3838EEF12] - |A| - [19/03/2019 06:44:18] - (.-.) - [44.5 Ko] - (0.0.0.0) - C:\Windows\System32\UsbPmApi.dll [MD5.BAB4BA3C107F89955FABD06688B232F0] - |A| - [01/07/2019 12:00:00] - (.-.) - [37 Ko] - (0.0.0.0) - C:\Windows\System32\usocoreps.dll [MD5.F7588533600D24CFFDB5842176B81106] - |A| - [19/03/2019 06:57:21] - (.-.) - [116 Ko] - (0.0.0.0) - C:\Windows\System32\uwfcfgmgmt.dll [MD5.BD456ED873EF48503EC28DC0317B505A] - |A| - [19/03/2019 06:57:21] - (.-.) - [147.5 Ko] - (0.0.0.0) - C:\Windows\System32\uwfcsp.dll [MD5.5489D0B06F4A77C8676E3A6F0A8E2D79] - |A| - [19/03/2019 06:57:47] - (.-.) - [30 Ko] - (0.0.0.0) - C:\Windows\System32\uwfservicingapi.dll [MD5.E9A66CB07CCDB9B99F084315E04FCBC7] - |A| - [19/03/2019 06:59:03] - (.-.) - [92.5 Ko] - (0.0.0.0) - C:\Windows\System32\VirtualMonitorManager.dll [MD5.AC97F59AAF23E9F6BAF6D29D6241ADF3] - |A| - [20/06/2018 21:58:08] - (.Copyright (C) 2015-2018 - Vulkan Loader.) - [944.3 Ko] - (1.1.77.0) - C:\Windows\System32\vulkan-1-999-0-0-0.dll [MD5.AC97F59AAF23E9F6BAF6D29D6241ADF3] - |A| - [20/06/2018 21:58:08] - (.Copyright (C) 2015-2018 - Vulkan Loader.) - [944.3 Ko] - (1.1.77.0) - C:\Windows\System32\vulkan-1.dll [MD5.E127D369C4C8D9790B4094679480FBDF] - |A| - [20/06/2018 21:58:24] - (.Copyright (C) 2015-2018 - Vulkan Info.) - [250.8 Ko] - (1.1.77.0) - C:\Windows\System32\vulkaninfo-1-999-0-0-0.exe [MD5.E127D369C4C8D9790B4094679480FBDF] - |A| - [20/06/2018 21:58:24] - (.Copyright (C) 2015-2018 - Vulkan Info.) - [250.8 Ko] - (1.1.77.0) - C:\Windows\System32\vulkaninfo.exe [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [85469.91 Ko] - C:\Windows\System32\wbem [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 14:01:28] - [0 Ko] - C:\Windows\System32\WCN [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [111998.12 Ko] - C:\Windows\System32\WDI [MD5.6EDD021A8B6457DDE09DE7B7FA4E8C8B] - |A| - [19/03/2019 06:44:30] - (.-.) - [0.6 Ko] - (0.0.0.0) - C:\Windows\System32\WdsUnattendTemplate.xml [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [1.12 Ko] - C:\Windows\System32\WinBioDatabase [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [49316.93 Ko] - C:\Windows\System32\WinBioPlugIns [MD5.E30AD4BFF3700940585102E79813639C] - |A| - [13/07/2019 14:37:20] - (.Copyright © 2019 - Java(TM) Platform SE binary.) - [108.37 Ko] - (8.0.2110.12) - C:\Windows\System32\WindowsAccessBridge-64.dll [MD5.8B956E4F6378335CC19BE3296A6C9B7E] - |A| - [19/03/2019 06:44:11] - (.-.) - [122 Ko] - (0.0.0.0) - C:\Windows\System32\WindowsDefaultHeatProcessor.dll [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [11359.65 Ko] - C:\Windows\System32\WindowsPowerShell [MD5.28E98ED0B6B08B7F1D163FFD184B28AF] - |A| - [19/03/2019 06:44:39] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\Windows\System32\WindowsSecurityIcon.png [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [157084 Ko] - C:\Windows\System32\winevt [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [6161.92 Ko] - C:\Windows\System32\WinMetadata [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 14:01:28] - [107.56 Ko] - C:\Windows\System32\winrm [MD5.2CBFE0080EA46405A016AA4F2AC3AD11] - |A| - [01/07/2019 17:14:46] - (.-.) - [1109.86 Ko] - (0.0.0.0) - C:\Windows\System32\wpbbin.exe [MD5.1B46E2E85D401A629966A8F62D9B0775] - |A| - [19/03/2019 06:43:52] - (.-.) - [9.91 Ko] - (0.0.0.0) - C:\Windows\System32\wpcatltoast.png [MD5.C30C621748C66CE751B19B2788559A3E] - |A| - [19/03/2019 06:43:52] - (.-.) - [4.58 Ko] - (0.0.0.0) - C:\Windows\System32\wpcmon.png [MD5.69FEC1494F4C454E994D27CA6750832B] - |A| - [19/03/2019 06:44:35] - (.-.) - [0.71 Ko] - (0.0.0.0) - C:\Windows\System32\wpr.config.xml [MD5.549347BCD4AACD63243D78E8F869DBB1] - |A| - [13/07/2019 14:45:47] - (.Copyright © 2008 - OpenAL32.) - [455.52 Ko] - (2.2.0.5) - C:\Windows\System32\wrap_oal.dll [MD5.2DE2D263D2C5739AB4A37C5616ABA671] - |A| - [19/03/2019 06:44:03] - (.-.) - [97 Ko] - (0.0.0.0) - C:\Windows\System32\xboxgipsynthetic.dll [MD5.F7B865265606C41B0E07779D3317E0A8] - |A| - [19/03/2019 06:44:21] - (.-.) - [0.61 Ko] - (0.0.0.0) - C:\Windows\System32\X_80.contrast-black.png [MD5.6FF92221AF9D6CDF0966C4E44C367975] - |A| - [19/03/2019 06:44:21] - (.-.) - [0.57 Ko] - (0.0.0.0) - C:\Windows\System32\X_80.contrast-white.png [MD5.F7B865265606C41B0E07779D3317E0A8] - |A| - [19/03/2019 06:44:21] - (.-.) - [0.61 Ko] - (0.0.0.0) - C:\Windows\System32\X_80.png [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [237.99 Ko] - C:\Windows\System32\zh-CN [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [207.5 Ko] - C:\Windows\System32\zh-TW [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 14:01:28] - [0 Ko] - C:\Windows\SysWOW64\0409 [MD5.D6F8DD9F561B8A67FFAC2BAD7E989770] - |A| - [19/03/2019 06:45:19] - (.-.) - [0.23 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\@AppHelpToast.png [MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [19/03/2019 06:45:19] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\@AudioToastIcon.png [MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [19/03/2019 06:45:22] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\@EnrollmentToastIcon.png [MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [19/03/2019 06:45:30] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\@VpnToastIcon.png [MD5.DB71001FC261F6685BE410527DAE3942] - |A| - [19/03/2019 06:45:13] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\@WirelessDisplayToast.png [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [1856.8 Ko] - C:\Windows\SysWOW64\AdvancedInstallers [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [0 Ko] - C:\Windows\SysWOW64\AppLocker [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [97.5 Ko] - C:\Windows\SysWOW64\ar-SA [MD5.7230E04E6BD86FFE4E1034D9B3B893A3] - |A| - [19/03/2019 06:45:59] - (.Copyright (c) libarchive authors - Windows-internal libarchive library.) - [520 Ko] - (3.3.2.0) - C:\Windows\SysWOW64\archiveint.dll [MD5.8128B54EAA48F9C06B19A86C87752996] - |A| - [01/07/2019 11:43:58] - (.Copyright (C) 2010 - AsIO DLL.) - [28 Ko] - (1.0.0.4) - C:\Windows\SysWOW64\AsIO.dll [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [58.5 Ko] - C:\Windows\SysWOW64\bg-BG [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [0.1 Ko] - C:\Windows\SysWOW64\Bthprops [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [0 Ko] - C:\Windows\SysWOW64\catroot [MD5.701D00BB88E6CA4E7B8521D0A9BEFDBF] - |A| - [05/07/2019 12:42:59] - (.COPYRIGHT(C) PFU LIMITED 2000 - chksti.) - [32 Ko] - (5.0.10.1) - C:\Windows\SysWOW64\chksti.dll [MD5.B0CCE15E9A93C09152C6C84637651E81] - |A| - [02/07/2019 10:47:34] - (.Copyright CANON INC. 2003-2013 - Canon IJ Network 32bit comm Module.) - [358 Ko] - (3.4.0.30) - C:\Windows\SysWOW64\CNMNPPM.DLL [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [317 Ko] - C:\Windows\SysWOW64\Com [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [27483.41 Ko] - C:\Windows\SysWOW64\config [MD5.00000000000000000000000000000000] - |SD| - [19/03/2019 06:52:46] - [53.11 Ko] - C:\Windows\SysWOW64\Configuration [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [118.5 Ko] - C:\Windows\SysWOW64\cs-CZ [MD5.A13ED3466516D2B60AC4EE4373ECE977] - |A| - [19/03/2019 06:45:59] - (.© 1996 - 2017 Daniel Stenberg, . - The curl executable.) - [377.5 Ko] - (7.55.1.0) - C:\Windows\SysWOW64\curl.exe [MD5.C04ED7B2794D40E8E777FD44ED44FC50] - |A| - [19/03/2019 06:45:13] - (.-.) - [0.36 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\DefaultAccountTile.png [MD5.757D5BFA88ABD18E3D3081396202E853] - |A| - [29/12/2013 13:47:56] - (.- Custom Office Framer Control.) - [257.32 Ko] - (2.2.1.2) - C:\Windows\SysWOW64\dsoframer.ocx [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [131 Ko] - C:\Windows\SysWOW64\el-GR [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 14:01:28] - [0 Ko] - C:\Windows\SysWOW64\en [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [53 Ko] - C:\Windows\SysWOW64\en-GB [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [521.5 Ko] - C:\Windows\SysWOW64\en-US [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [126 Ko] - C:\Windows\SysWOW64\es-ES [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [59 Ko] - C:\Windows\SysWOW64\es-MX [MD5.6F4689C67D3A17D8BEB3A253BDFFBAC5] - |A| - [02/07/2019 11:48:26] - (.Copyright (C) SEIKO EPSON CORP. 2013 - Command Interpreter Module.) - [260 Ko] - (1.0.4.1) - C:\Windows\SysWOW64\esinteb.dll [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [53.5 Ko] - C:\Windows\SysWOW64\et-EE [MD5.00000000000000000000000000000000] - |SD| - [19/03/2019 06:52:46] - [12972.65 Ko] - C:\Windows\SysWOW64\F12 [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [119.5 Ko] - C:\Windows\SysWOW64\fi-FI [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 14:01:28] - [3150 Ko] - C:\Windows\SysWOW64\fr [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [60.5 Ko] - C:\Windows\SysWOW64\fr-CA [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [9424.26 Ko] - C:\Windows\SysWOW64\fr-FR [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [0 Ko] - C:\Windows\SysWOW64\FxsTmp [MD5.1E91815C329345AD54FE08BF7A98F749] - |A| - [19/03/2019 14:02:24] - (.Copyright (C) 2017 - Gracenote SDK component.) - [4073.5 Ko] - (3.10.5.5585) - C:\Windows\SysWOW64\gnsdk_fp.dll [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [0 Ko] - C:\Windows\SysWOW64\GroupPolicy [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [0 Ko] - C:\Windows\SysWOW64\GroupPolicyUsers [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [93 Ko] - C:\Windows\SysWOW64\he-IL [MD5.791F8E1C60E6466F93D792D375D8F1B5] - |A| - [19/03/2019 06:45:13] - (.-.) - [203.5 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\HeatCore.dll [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [55.5 Ko] - C:\Windows\SysWOW64\hr-HR [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [123 Ko] - C:\Windows\SysWOW64\hu-HU [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [36.27 Ko] - C:\Windows\SysWOW64\icsxml [MD5.659B216490380FBE2DC77DECC203E5ED] - |A| - [01/07/2019 12:00:05] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Combined Library.) - [1849.5 Ko] - (63.1.0.0) - C:\Windows\SysWOW64\icu.dll [MD5.1EAD0C642EF0B2692D44A206CAD63C74] - |RA| - [19/03/2019 06:45:16] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU I18N DLL.) - [24 Ko] - (63.1.0.0) - C:\Windows\SysWOW64\icuin.dll [MD5.9D459E0C31117F3A841D2EA00F7BC99C] - |RA| - [19/03/2019 06:45:16] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Common DLL.) - [28.5 Ko] - (63.1.0.0) - C:\Windows\SysWOW64\icuuc.dll [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [21338.75 Ko] - C:\Windows\SysWOW64\IME [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [0 Ko] - C:\Windows\SysWOW64\inetsrv [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [213 Ko] - C:\Windows\SysWOW64\InputMethod [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [1160 Ko] - C:\Windows\SysWOW64\InstallShield [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [0 Ko] - C:\Windows\SysWOW64\Ipmi [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [125 Ko] - C:\Windows\SysWOW64\it-IT [MD5.08749DCC252AE1148E3BEA32B3FFFBFC] - |A| - [19/03/2019 06:46:21] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\MixedRealityRuntime.json [MD5.C8BF077B236ED2803347BD95DE29BF68] - |A| - [19/03/2019 06:49:45] - (.-.) - [3.03 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\mmc.exe.config [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [45.5 Ko] - C:\Windows\SysWOW64\MSDRM [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [52.28 Ko] - C:\Windows\SysWOW64\Msdtc [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [19.15 Ko] - C:\Windows\SysWOW64\MUI [MD5.B3B9C8925432FDA674ACCA908FE3CFDE] - |A| - [19/03/2019 07:00:31] - (.-.) - [36.79 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\OneDrive.ico [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [751.8 Ko] - C:\Windows\SysWOW64\oobe [MD5.235355A8DD26903E75D5E812ECF50E53] - |A| - [13/07/2019 14:45:47] - (.Copyright (C) 2000-2006 - Standard OpenAL(TM) Implementation.) - [106.52 Ko] - (6.14.357.24) - C:\Windows\SysWOW64\OpenAL32.dll [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [79 Ko] - C:\Windows\SysWOW64\PerceptionSimulation [MD5.CEADF7C89BA104441FDFB2837A119A8B] - |A| - [05/07/2019 12:42:59] - (.COPYRIGHT(C) PFU LIMITED 1999 - pfdvmn V1.1L10 R03.) - [34.5 Ko] - (1.1.10.3) - C:\Windows\SysWOW64\pfdvmn.dll [MD5.09C66B8E27A0F7DA762A8E7A997EF8AF] - |A| - [05/07/2019 12:42:59] - (.COPYRIGHT(C) PFU LIMITED 1999 - pfusti V1.0L10 R01.) - [30.5 Ko] - (1.0.10.1) - C:\Windows\SysWOW64\pfusti.dll [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [124 Ko] - C:\Windows\SysWOW64\pl-PL [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 14:01:28] - [420.74 Ko] - C:\Windows\SysWOW64\Printing_Admin_Scripts [MD5.F0F2922A9779B4A31B41DC9FF88E66A9] - |A| - [22/03/2010 10:31:46] - (.Copyright (C) 2006 - PSPGRU.) - [392.5 Ko] - (14.0.230.20) - C:\Windows\SysWOW64\PSPGRU.acm [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [121.5 Ko] - C:\Windows\SysWOW64\pt-BR [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [123 Ko] - C:\Windows\SysWOW64\pt-PT [MD5.8846D315880DB63E8D8EDEB7B83D81FA] - |N| - [13/07/2019 18:07:35] - (.-.) - [21 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\scpext.dll [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [57 Ko] - C:\Windows\SysWOW64\sk-SK [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [57 Ko] - C:\Windows\SysWOW64\sl-SI [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 14:01:28] - [52.14 Ko] - C:\Windows\SysWOW64\slmgr [MD5.DC9450258D80F46AEF8EF063A7C629B0] - |A| - [19/03/2019 06:46:09] - (.-.) - [19.03 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\srms-apr.dat [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [0 Ko] - C:\Windows\SysWOW64\sru [MD5.EC1C75518F1AFF370C27B0EB8B09E932] - |A| - [19/03/2019 06:45:07] - (.-.) - [323 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\ssdm.dll [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [117 Ko] - C:\Windows\SysWOW64\sv-SE [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 14:01:28] - [0 Ko] - C:\Windows\SysWOW64\sysprep [MD5.4704B677419E824874383F44D87E65AB] - |A| - [19/04/2014 12:02:54] - (.Copyright (C) 1995-2014 Nuance Communications, Inc. - ZNMACROUIRES.ENU.) - [40.82 Ko] - (1.0.14219.939) - C:\Windows\SysWOW64\SZnMacroUIRes.ENU [MD5.66030F3B07031DC744F28E9A2CACB9DD] - |A| - [19/04/2014 12:03:04] - (.Copyright (C) 1995-2014 Nuance Communications, Inc. - ZNMACROUIRES.FRA.) - [108.82 Ko] - (1.0.14219.939) - C:\Windows\SysWOW64\SZnMacroUIRes.FRA [MD5.A3487FD8447683A4F74645C99E7CB255] - |A| - [19/03/2019 06:45:59] - (.Copyright (c) libarchive authors - bsdtar archive tool.) - [42.5 Ko] - (3.3.2.0) - C:\Windows\SysWOW64\tar.exe [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [0 Ko] - C:\Windows\SysWOW64\Tasks [MD5.21C60C44D0511D809DD8A381C4CE4E4D] - |A| - [01/07/2019 12:48:37] - (.-.) - [1075.5 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\TextInputMethodFormatter.dll [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [50.5 Ko] - C:\Windows\SysWOW64\th-TH [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [115 Ko] - C:\Windows\SysWOW64\tr-TR [MD5.01E96A85B337B702AE2BC7F838AE7B65] - |A| - [19/03/2019 06:46:31] - (.-.) - [3.34 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\UevCustomActionTypes.tlb [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [57 Ko] - C:\Windows\SysWOW64\uk-UA [MD5.6C0B99BB629982510C1DA46E47AE6F6D] - |A| - [19/03/2019 06:45:16] - (.-.) - [45.56 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\umpdc.dll [MD5.C2024EDF31E78D974EB0C54C5B86B8F6] - |RA| - [13/07/2019 18:10:49] - (.-.) - [1339.29 Ko] - (2.0.0.5208) - C:\Windows\SysWOW64\VBAR2132.DLL [MD5.E20B43E6E37F8F19887F5399F2D19408] - |RA| - [13/07/2019 18:10:50] - (.-.) - [36.5 Ko] - (2.0.0.5208) - C:\Windows\SysWOW64\VEN2132.OLB [MD5.3140C410C9D67F9BDF19C82A65ACD7DF] - |A| - [20/06/2018 21:58:08] - (.Copyright (C) 2015-2018 - Vulkan Loader.) - [814.3 Ko] - (1.1.77.0) - C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll [MD5.3140C410C9D67F9BDF19C82A65ACD7DF] - |A| - [20/06/2018 21:58:08] - (.Copyright (C) 2015-2018 - Vulkan Loader.) - [814.3 Ko] - (1.1.77.0) - C:\Windows\SysWOW64\vulkan-1.dll [MD5.B147E64F63584C2FF33E0BC8CDB64895] - |A| - [20/06/2018 21:58:22] - (.Copyright (C) 2015-2018 - Vulkan Info.) - [226.8 Ko] - (1.1.77.0) - C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe [MD5.B147E64F63584C2FF33E0BC8CDB64895] - |A| - [20/06/2018 21:58:22] - (.Copyright (C) 2015-2018 - Vulkan Info.) - [226.8 Ko] - (1.1.77.0) - C:\Windows\SysWOW64\vulkaninfo.exe [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [16953.47 Ko] - C:\Windows\SysWOW64\wbem [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 14:01:28] - [0 Ko] - C:\Windows\SysWOW64\WCN [MD5.69E4DB68C3968DF92346FDF8477A3D1B] - |A| - [19/03/2019 06:45:13] - (.-.) - [104.5 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\WindowsDefaultHeatProcessor.dll [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [10259.44 Ko] - C:\Windows\SysWOW64\WindowsPowerShell [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 14:01:28] - [107.56 Ko] - C:\Windows\SysWOW64\winrm [MD5.D494267BC169604FAC5E3679B9A97FED] - |A| - [13/07/2019 14:45:47] - (.Copyright © 2008 - OpenAL32.) - [434.52 Ko] - (2.2.0.5) - C:\Windows\SysWOW64\wrap_oal.dll [MD5.246C62BF8A69AF9A9D1783F4548652BF] - |A| - [19/03/2019 06:45:13] - (.-.) - [62.5 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\xboxgipsynthetic.dll [MD5.82D9148DD6B5BC2586407DBE5247AB6B] - |A| - [23/01/2015 20:53:02] - (.-.) - [6.41 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\xpsplog.cat [MD5.2807CBABA428E02CFAE1328317CD2F29] - |A| - [22/03/2010 10:31:18] - (.Copyright (c) Philips Austria GmbH - Speech Processing, 2008 - LOG is a logging library.) - [112.5 Ko] - (2.7.230.20) - C:\Windows\SysWOW64\XPSPLOG.dll [MD5.00000000000000000000000000000000] - |D| - [05/07/2019 12:39:52] - [10.16 Ko] - C:\Windows\SysWOW64\XPSViewer [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [82 Ko] - C:\Windows\SysWOW64\zh-CN [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [82 Ko] - C:\Windows\SysWOW64\zh-TW ---------- | [Jean Bouquet] [01/07/2019 22:25:54] - |D| - [74476] - C:\Users\Jean Bouquet\.rainlendar2 [01/07/2019 11:30:28] - |RD| - [298] - C:\Users\Jean Bouquet\3D Objects [01/07/2019 11:29:44] - |HD| - [8145626998] - C:\Users\Jean Bouquet\AppData [01/07/2019 11:29:44] - |SHD| - [0] - C:\Users\Jean Bouquet\Application Data [01/07/2019 11:30:28] - |RD| - [68792] - C:\Users\Jean Bouquet\Contacts [01/07/2019 11:29:44] - |SHD| - [0] - C:\Users\Jean Bouquet\Cookies [01/07/2019 11:29:44] - |RD| - [26949371] - C:\Users\Jean Bouquet\Desktop [01/07/2019 11:29:44] - |RD| - [6447806544] - C:\Users\Jean Bouquet\Documents [01/07/2019 11:29:44] - |RD| - [11689771569] - C:\Users\Jean Bouquet\Downloads [01/07/2019 11:29:44] - |RD| - [2785] - C:\Users\Jean Bouquet\Favorites [01/07/2019 11:29:44] - |RD| - [2097] - C:\Users\Jean Bouquet\Links [01/07/2019 11:29:44] - |SHD| - [0] - C:\Users\Jean Bouquet\Local Settings [01/07/2019 11:29:44] - |SHD| - [0] - C:\Users\Jean Bouquet\Menu Démarrer [01/07/2019 11:29:44] - |SHD| - [0] - C:\Users\Jean Bouquet\Mes documents [01/07/2019 11:30:43] - |HD| - [4941215] - C:\Users\Jean Bouquet\MicrosoftEdgeBackups [01/07/2019 11:29:44] - |SHD| - [0] - C:\Users\Jean Bouquet\Modèles [01/07/2019 11:29:44] - |RD| - [39635294] - C:\Users\Jean Bouquet\Music [01/07/2019 11:29:44] - |AH| - [7077888] - C:\Users\Jean Bouquet\NTUSER.DAT [01/07/2019 11:29:44] - |ASH| - [1986560] - C:\Users\Jean Bouquet\ntuser.dat.LOG1 [01/07/2019 11:29:44] - |ASH| - [409600] - C:\Users\Jean Bouquet\ntuser.dat.LOG2 [01/07/2019 11:29:44] - |ASH| - [65536] - C:\Users\Jean Bouquet\NTUSER.DAT{fd9a35db-49fe-11e9-aa2c-248a07783950}.TM.blf [01/07/2019 11:29:44] - |ASH| - [524288] - C:\Users\Jean Bouquet\NTUSER.DAT{fd9a35db-49fe-11e9-aa2c-248a07783950}.TMContainer00000000000000000001.regtrans-ms [01/07/2019 11:29:44] - |ASH| - [524288] - C:\Users\Jean Bouquet\NTUSER.DAT{fd9a35db-49fe-11e9-aa2c-248a07783950}.TMContainer00000000000000000002.regtrans-ms [01/07/2019 11:29:44] - |SH| - [20] - C:\Users\Jean Bouquet\ntuser.ini [01/07/2019 11:32:14] - |RAD| - [23082125] - C:\Users\Jean Bouquet\OneDrive [01/07/2019 11:29:44] - |RD| - [546614026] - C:\Users\Jean Bouquet\Pictures [01/07/2019 11:29:44] - |SHD| - [0] - C:\Users\Jean Bouquet\Recent [01/07/2019 11:29:44] - |RD| - [282] - C:\Users\Jean Bouquet\Saved Games [01/07/2019 11:30:28] - |RD| - [1872] - C:\Users\Jean Bouquet\Searches [01/07/2019 11:29:44] - |SHD| - [0] - C:\Users\Jean Bouquet\SendTo [02/07/2019 11:50:47] - |A| - [1101] - C:\Users\Jean Bouquet\Sti_Trace.log [01/07/2019 11:29:44] - |RD| - [694] - C:\Users\Jean Bouquet\Videos [01/07/2019 11:29:44] - |SHD| - [0] - C:\Users\Jean Bouquet\Voisinage d'impression [01/07/2019 11:29:44] - |SHD| - [0] - C:\Users\Jean Bouquet\Voisinage réseau [01/07/2019 11:29:44] - |D| - [5686755742] - C:\Users\Jean Bouquet\AppData\Local [01/07/2019 11:29:44] - |D| - [946118205] - C:\Users\Jean Bouquet\AppData\LocalLow [01/07/2019 11:29:44] - |D| - [1512753051] - C:\Users\Jean Bouquet\AppData\Roaming [03/07/2019 17:38:14] - |D| - [43060485] - C:\Users\Jean Bouquet\AppData\Local\2BrightSparks [01/07/2019 14:44:19] - |D| - [1502502] - C:\Users\Jean Bouquet\AppData\Local\Adobe [01/07/2019 11:29:44] - |SHD| - [0] - C:\Users\Jean Bouquet\AppData\Local\Application Data [02/07/2019 10:57:26] - |D| - [0] - C:\Users\Jean Bouquet\AppData\Local\Apps [02/07/2019 10:57:26] - |D| - [14413854] - C:\Users\Jean Bouquet\AppData\Local\assembly [05/07/2019 15:24:25] - |D| - [0] - C:\Users\Jean Bouquet\AppData\Local\Audacity [04/07/2019 21:02:53] - |D| - [494299246] - C:\Users\Jean Bouquet\AppData\Local\AVAST Software [01/07/2019 13:21:47] - |D| - [3171896] - C:\Users\Jean Bouquet\AppData\Local\CEF [02/07/2019 19:31:50] - |D| - [1391059] - C:\Users\Jean Bouquet\AppData\Local\Clavier+ [01/07/2019 11:45:43] - |D| - [21717854] - C:\Users\Jean Bouquet\AppData\Local\Comms [01/07/2019 11:30:28] - |D| - [12324435] - C:\Users\Jean Bouquet\AppData\Local\ConnectedDevicesPlatform [02/07/2019 10:11:00] - |D| - [21772316] - C:\Users\Jean Bouquet\AppData\Local\CrashDumps [01/07/2019 14:59:49] - |D| - [137032] - C:\Users\Jean Bouquet\AppData\Local\D3DSCache [02/07/2019 10:57:26] - |D| - [0] - C:\Users\Jean Bouquet\AppData\Local\Deployment [02/07/2019 23:42:21] - |D| - [14597653] - C:\Users\Jean Bouquet\AppData\Local\Diagnostics [01/07/2019 22:34:47] - |D| - [2506] - C:\Users\Jean Bouquet\AppData\Local\Disc_Soft_Ltd [21/07/2019 19:30:57] - |D| - [8682936] - C:\Users\Jean Bouquet\AppData\Local\DisplayFusion [13/07/2019 14:45:52] - |D| - [0] - C:\Users\Jean Bouquet\AppData\Local\Dovetail Games [02/07/2019 23:30:05] - |D| - [9930240] - C:\Users\Jean Bouquet\AppData\Local\Downloaded Installations [02/07/2019 10:10:18] - |D| - [2662981] - C:\Users\Jean Bouquet\AppData\Local\DYMO [02/07/2019 14:44:06] - |D| - [64354] - C:\Users\Jean Bouquet\AppData\Local\ElevatedDiagnostics [01/07/2019 13:23:39] - |D| - [178597481] - C:\Users\Jean Bouquet\AppData\Local\Google [01/07/2019 11:29:44] - |SHD| - [0] - C:\Users\Jean Bouquet\AppData\Local\Historique [02/07/2019 10:54:46] - |D| - [29997] - C:\Users\Jean Bouquet\AppData\Local\HP [01/07/2019 11:48:04] - |AH| - [154736] - C:\Users\Jean Bouquet\AppData\Local\IconCache.db [01/07/2019 15:00:10] - |D| - [0] - C:\Users\Jean Bouquet\AppData\Local\kinoma [21/07/2019 19:41:51] - |D| - [813864] - C:\Users\Jean Bouquet\AppData\Local\mbam [21/07/2019 19:41:25] - |D| - [235676] - C:\Users\Jean Bouquet\AppData\Local\mbamtray [01/07/2019 11:29:44] - |D| - [3046017963] - C:\Users\Jean Bouquet\AppData\Local\Microsoft [01/07/2019 11:30:33] - |D| - [70882] - C:\Users\Jean Bouquet\AppData\Local\MicrosoftEdge [01/07/2019 13:21:00] - |D| - [0] - C:\Users\Jean Bouquet\AppData\Local\Mozilla [02/07/2019 12:26:09] - |D| - [0] - C:\Users\Jean Bouquet\AppData\Local\Nuance [01/07/2019 14:59:51] - |D| - [186980] - C:\Users\Jean Bouquet\AppData\Local\NVIDIA [01/07/2019 14:55:48] - |D| - [0] - C:\Users\Jean Bouquet\AppData\Local\OneDrive [01/07/2019 13:29:54] - |D| - [8967] - C:\Users\Jean Bouquet\AppData\Local\Opera Mail [01/07/2019 15:14:42] - |D| - [390512230] - C:\Users\Jean Bouquet\AppData\Local\Opera Software [01/07/2019 11:30:28] - |D| - [157697982] - C:\Users\Jean Bouquet\AppData\Local\Packages [01/07/2019 13:20:21] - |D| - [64] - C:\Users\Jean Bouquet\AppData\Local\paint.net [02/07/2019 00:46:36] - |D| - [0] - C:\Users\Jean Bouquet\AppData\Local\PeerDistRepub [02/07/2019 12:26:08] - |D| - [487] - C:\Users\Jean Bouquet\AppData\Local\PFU [01/07/2019 12:34:22] - |D| - [10897] - C:\Users\Jean Bouquet\AppData\Local\PlaceholderTileLogoFolder [01/07/2019 14:48:54] - |D| - [606713233] - C:\Users\Jean Bouquet\AppData\Local\Programs [01/07/2019 11:30:31] - |D| - [0] - C:\Users\Jean Bouquet\AppData\Local\Publishers [02/07/2019 00:15:40] - |D| - [23425097] - C:\Users\Jean Bouquet\AppData\Local\RoboForm [02/07/2019 11:23:16] - |D| - [4731] - C:\Users\Jean Bouquet\AppData\Local\Sanford,_L.P [01/07/2019 15:00:10] - |D| - [18522] - C:\Users\Jean Bouquet\AppData\Local\Sony Corporation [02/07/2019 01:44:07] - |D| - [940] - C:\Users\Jean Bouquet\AppData\Local\speech [01/07/2019 14:49:06] - |D| - [535280956] - C:\Users\Jean Bouquet\AppData\Local\Spotify [03/07/2019 18:48:31] - |D| - [28360059] - C:\Users\Jean Bouquet\AppData\Local\Steam [01/07/2019 11:29:44] - |D| - [1190223] - C:\Users\Jean Bouquet\AppData\Local\Temp [01/07/2019 11:29:44] - |SHD| - [0] - C:\Users\Jean Bouquet\AppData\Local\Temporary Internet Files [01/07/2019 17:43:06] - |D| - [3902124] - C:\Users\Jean Bouquet\AppData\Local\Thunderbird [01/07/2019 11:30:28] - |D| - [0] - C:\Users\Jean Bouquet\AppData\Local\VirtualStore [01/07/2019 13:29:24] - |D| - [63790302] - C:\Users\Jean Bouquet\AppData\Local\Vivaldi [01/07/2019 14:46:02] - |D| - [3268563] - C:\Users\Jean Bouquet\AppData\LocalLow\Adobe [01/07/2019 23:28:07] - |D| - [0] - C:\Users\Jean Bouquet\AppData\LocalLow\Canon Easy-WebPrint EX [01/07/2019 23:28:07] - |D| - [0] - C:\Users\Jean Bouquet\AppData\LocalLow\Canon Easy-WebPrint EX2 [01/07/2019 13:29:24] - |D| - [931726573] - C:\Users\Jean Bouquet\AppData\LocalLow\Google [01/07/2019 11:30:28] - |SD| - [11107696] - C:\Users\Jean Bouquet\AppData\LocalLow\Microsoft [01/07/2019 13:21:00] - |D| - [0] - C:\Users\Jean Bouquet\AppData\LocalLow\Mozilla [13/07/2019 14:37:03] - |D| - [15373] - C:\Users\Jean Bouquet\AppData\LocalLow\Sun [03/07/2019 17:38:14] - |D| - [0] - C:\Users\Jean Bouquet\AppData\Roaming\2BrightSparks [01/07/2019 11:30:28] - |D| - [51180] - C:\Users\Jean Bouquet\AppData\Roaming\Adobe [05/07/2019 15:24:25] - |D| - [41374] - C:\Users\Jean Bouquet\AppData\Roaming\audacity [04/07/2019 20:59:47] - |D| - [6999858] - C:\Users\Jean Bouquet\AppData\Roaming\AVAST Software [02/07/2019 10:27:41] - |D| - [8953] - C:\Users\Jean Bouquet\AppData\Roaming\Canon [01/07/2019 20:53:19] - |SHD| - [352] - C:\Users\Jean Bouquet\AppData\Roaming\Common [02/07/2019 15:57:38] - |D| - [0] - C:\Users\Jean Bouquet\AppData\Roaming\Corsair Vengeance [01/07/2019 12:35:47] - |D| - [0] - C:\Users\Jean Bouquet\AppData\Roaming\DAEMON Tools Lite [02/07/2019 23:30:46] - |D| - [0] - C:\Users\Jean Bouquet\AppData\Roaming\Drobo [02/07/2019 11:53:28] - |D| - [1540] - C:\Users\Jean Bouquet\AppData\Roaming\Epson [05/07/2019 13:11:46] - |D| - [606] - C:\Users\Jean Bouquet\AppData\Roaming\FLEXnet [02/07/2019 14:11:31] - |D| - [2441] - C:\Users\Jean Bouquet\AppData\Roaming\Fujitsu [01/07/2019 23:15:46] - |D| - [5268] - C:\Users\Jean Bouquet\AppData\Roaming\InfraRecorder [02/07/2019 00:51:40] - |D| - [429245] - C:\Users\Jean Bouquet\AppData\Roaming\Lamantine [05/07/2019 14:30:25] - |D| - [3466] - C:\Users\Jean Bouquet\AppData\Roaming\Logishrd [05/07/2019 14:30:26] - |D| - [0] - C:\Users\Jean Bouquet\AppData\Roaming\Logitech [02/07/2019 01:36:37] - |D| - [2535] - C:\Users\Jean Bouquet\AppData\Roaming\Macromedia [01/07/2019 11:29:44] - |SD| - [64167971] - C:\Users\Jean Bouquet\AppData\Roaming\Microsoft [01/07/2019 13:21:00] - |D| - [54267411] - C:\Users\Jean Bouquet\AppData\Roaming\Mozilla [05/07/2019 11:44:44] - |D| - [134968] - C:\Users\Jean Bouquet\AppData\Roaming\Nuance [13/07/2019 14:45:52] - |D| - [0] - C:\Users\Jean Bouquet\AppData\Roaming\NVIDIA [01/07/2019 13:29:27] - |D| - [396672547] - C:\Users\Jean Bouquet\AppData\Roaming\Opera Software [02/07/2019 12:26:07] - |D| - [49275] - C:\Users\Jean Bouquet\AppData\Roaming\PFU [01/07/2019 15:11:57] - |D| - [2296] - C:\Users\Jean Bouquet\AppData\Roaming\PhotoFiltre Studio X [05/07/2019 01:32:46] - |D| - [8750676] - C:\Users\Jean Bouquet\AppData\Roaming\Sidify Music Converter [03/07/2019 00:20:11] - |D| - [435] - C:\Users\Jean Bouquet\AppData\Roaming\Sony Corporation [01/07/2019 14:49:05] - |D| - [193084478] - C:\Users\Jean Bouquet\AppData\Roaming\Spotify [13/07/2019 13:30:20] - |D| - [21929655] - C:\Users\Jean Bouquet\AppData\Roaming\Studio-Scrap8 [13/07/2019 14:37:26] - |D| - [0] - C:\Users\Jean Bouquet\AppData\Roaming\Sun [01/07/2019 13:26:08] - |D| - [611474735] - C:\Users\Jean Bouquet\AppData\Roaming\Thunderbird [01/07/2019 23:46:25] - |D| - [875] - C:\Users\Jean Bouquet\AppData\Roaming\vlc [04/07/2019 16:41:25] - |D| - [154670911] - C:\Users\Jean Bouquet\AppData\Roaming\XnView [01/07/2019 11:30:28] - |SH| - [174] - C:\Users\Jean Bouquet\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini [01/07/2019 11:29:44] - |SHD| - [0] - C:\Users\Jean Bouquet\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes [01/07/2019 11:29:44] - |RD| - [35074] - C:\Users\Jean Bouquet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [01/07/2019 11:29:44] - |RD| - [3888] - C:\Users\Jean Bouquet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility [01/07/2019 11:29:44] - |RD| - [2925] - C:\Users\Jean Bouquet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [01/07/2019 11:30:28] - |RD| - [174] - C:\Users\Jean Bouquet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [01/07/2019 11:29:44] - |SH| - [264] - C:\Users\Jean Bouquet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini [05/07/2019 16:58:01] - |D| - [4015] - C:\Users\Jean Bouquet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gadwin Systems [01/07/2019 11:29:44] - |D| - [170] - C:\Users\Jean Bouquet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [05/07/2019 17:19:09] - |A| - [1541] - C:\Users\Jean Bouquet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Navigateur Opera.lnk [01/07/2019 11:29:44] - |A| - [2471] - C:\Users\Jean Bouquet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk [09/07/2019 21:53:47] - |D| - [4903] - C:\Users\Jean Bouquet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PhotoFiltre Studio X [05/07/2019 01:32:12] - |D| - [0] - C:\Users\Jean Bouquet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sidify [01/07/2019 14:49:05] - |A| - [1882] - C:\Users\Jean Bouquet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk [01/07/2019 11:30:28] - |RD| - [174] - C:\Users\Jean Bouquet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [01/07/2019 11:29:44] - |RD| - [4913] - C:\Users\Jean Bouquet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools [01/07/2019 11:29:44] - |RD| - [7754] - C:\Users\Jean Bouquet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell [01/07/2019 11:30:28] - |SH| - [174] - C:\Users\Jean Bouquet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | [Public] [01/07/2019 11:30:28] - |RHD| - [85916] - C:\Users\Public\AccountPictures [19/03/2019 06:52:44] - |RHD| - [25028] - C:\Users\Public\Desktop [19/03/2019 06:49:35] - |ASH| - [174] - C:\Users\Public\desktop.ini [19/03/2019 06:52:44] - |RD| - [787901097] - C:\Users\Public\Documents [19/03/2019 06:52:44] - |RD| - [174] - C:\Users\Public\Downloads [19/03/2019 06:52:44] - |RHD| - [1174] - C:\Users\Public\Libraries [19/03/2019 06:52:44] - |RD| - [380] - C:\Users\Public\Music [19/03/2019 06:52:44] - |RD| - [7100360] - C:\Users\Public\Pictures [19/03/2019 06:52:44] - |RD| - [26246406] - C:\Users\Public\Videos ---------- | C:\ProgramData [01/07/2019 14:45:33] - |D| - [426913828] - C:\ProgramData\Adobe [02/07/2019 10:09:40] - |D| - [2682368] - C:\ProgramData\Apple [01/07/2019 17:16:26] - |SHD| - [0] - C:\ProgramData\Application Data [01/07/2019 17:14:59] - |D| - [153806] - C:\ProgramData\ASUS [01/07/2019 13:21:05] - |D| - [65997512] - C:\ProgramData\AVAST Software [21/07/2019 19:30:54] - |D| - [253] - C:\ProgramData\Binary Fortress Software [01/07/2019 17:16:26] - |SHD| - [0] - C:\ProgramData\Bureau [02/07/2019 10:47:49] - |D| - [0] - C:\ProgramData\Canon IJ Network Tool [05/07/2019 13:32:16] - |HD| - [61520697] - C:\ProgramData\CanonBJ [01/07/2019 23:24:40] - |HD| - [83] - C:\ProgramData\CanonIJETV [05/07/2019 14:09:18] - |D| - [1096] - C:\ProgramData\CanonIJPLM [01/07/2019 23:28:10] - |D| - [86797] - C:\ProgramData\CanonIJWSpt [01/07/2019 11:45:48] - |D| - [3694] - C:\ProgramData\DAEMON Tools Lite [01/07/2019 17:16:26] - |SHD| - [0] - C:\ProgramData\Documents [02/07/2019 23:30:46] - |D| - [0] - C:\ProgramData\Drobo [01/07/2019 11:49:05] - |D| - [1576] - C:\ProgramData\DTSAudio [05/07/2019 11:44:34] - |D| - [5324268] - C:\ProgramData\FLEXnet [02/07/2019 10:54:55] - |D| - [3116542] - C:\ProgramData\HP [05/07/2019 11:44:34] - |D| - [2358624] - C:\ProgramData\Macrovision [21/07/2019 19:41:15] - |D| - [21154569] - C:\ProgramData\Malwarebytes [01/07/2019 17:16:26] - |SHD| - [0] - C:\ProgramData\Menu Démarrer [19/03/2019 06:52:44] - |SD| - [1063385238] - C:\ProgramData\Microsoft [01/07/2019 11:31:45] - |D| - [25] - C:\ProgramData\Microsoft OneDrive [01/07/2019 17:16:26] - |SHD| - [0] - C:\ProgramData\Modèles [01/07/2019 12:35:45] - |D| - [0] - C:\ProgramData\Mozilla [02/07/2019 12:26:09] - |D| - [3086249388] - C:\ProgramData\Nuance [01/07/2019 11:29:26] - |D| - [2566283] - C:\ProgramData\NVIDIA [01/07/2019 11:29:20] - |D| - [3099356] - C:\ProgramData\NVIDIA Corporation [13/07/2019 14:37:10] - |D| - [82551976] - C:\ProgramData\Oracle [01/07/2019 22:25:13] - |D| - [22425854] - C:\ProgramData\Package Cache [01/07/2019 11:46:39] - |D| - [278528] - C:\ProgramData\Packages [19/03/2019 06:52:44] - |D| - [4216] - C:\ProgramData\regid.1991-06.com.microsoft [02/07/2019 00:15:54] - |D| - [136] - C:\ProgramData\RoboForm [19/03/2019 06:52:44] - |D| - [0] - C:\ProgramData\SoftwareDistribution [03/07/2019 00:20:12] - |D| - [0] - C:\ProgramData\Sony Corporation [05/07/2019 11:44:55] - |AD| - [0] - C:\ProgramData\TEMP [19/03/2019 06:52:44] - |D| - [3387] - C:\ProgramData\USOPrivate [01/07/2019 11:20:49] - |D| - [7745536] - C:\ProgramData\USOShared [01/07/2019 11:45:31] - |AD| - [4895704] - C:\ProgramData\UWP [19/03/2019 14:04:01] - |D| - [0] - C:\ProgramData\WindowsHolographicDevices ---------- | C:\ProgramData\Microsoft\Windows\Start Menu [19/03/2019 06:49:34] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini [01/07/2019 17:16:26] - |SHD| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programmes [19/03/2019 06:52:44] - |RD| - [230410] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs [05/07/2019 11:44:41] - |A| - [1919] - C:\ProgramData\Microsoft\Windows\Start Menu\Software Updates.lnk ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs [03/07/2019 17:38:09] - |D| - [2638] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2BrightSparks [01/07/2019 13:19:45] - |D| - [1557] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [05/07/2019 12:44:58] - |D| - [3602] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader for ScanSnap (TM) 4.1 [01/07/2019 13:15:44] - |A| - [2472] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk [19/03/2019 06:52:44] - |RD| - [1614] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility [19/03/2019 06:52:44] - |RD| - [13063] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories [01/07/2019 14:45:55] - |A| - [2457] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk [19/03/2019 06:52:44] - |RD| - [25478] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [01/07/2019 14:48:57] - |A| - [1099] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk [04/07/2019 20:59:45] - |A| - [2171] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Internet Security.lnk [04/07/2019 21:04:13] - |A| - [2579] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk [05/07/2019 13:32:36] - |D| - [2437] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon iX6800 series Manual [02/07/2019 10:27:26] - |D| - [8401] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities [05/07/2019 12:42:39] - |D| - [6395] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CardMinder [02/07/2019 19:31:50] - |D| - [2740] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Clavier+ [13/07/2019 18:10:39] - |D| - [3616] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW 7 [02/07/2019 15:57:42] - |D| - [895] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corsair [01/07/2019 11:45:50] - |D| - [944] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite [19/03/2019 06:49:34] - |SH| - [400] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini [21/07/2019 19:30:53] - |D| - [6834] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DisplayFusion [05/07/2019 13:00:50] - |D| - [19413] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon NaturallySpeaking [02/07/2019 23:30:47] - |D| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Drobo [02/07/2019 10:15:50] - |D| - [9042] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DYMO Label [02/07/2019 11:48:26] - |D| - [2069] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON [02/07/2019 11:49:58] - |D| - [2102] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software [01/07/2019 13:15:44] - |A| - [2445] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk [20/07/2019 10:55:21] - |A| - [2375] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk [06/07/2019 17:45:54] - |A| - [2257] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk [02/07/2019 10:57:19] - |D| - [2288] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP [19/03/2019 06:46:39] - |RAS| - [2349] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk [01/07/2019 13:19:46] - |D| - [2084] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InfraRecorder [13/07/2019 14:37:20] - |D| - [6764] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java [19/03/2019 06:52:44] - |D| - [170] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance [22/07/2019 00:03:52] - |D| - [3904] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes [05/07/2019 11:44:41] - |D| - [3413] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nuance Power PDF Standard [01/07/2019 12:00:30] - |D| - [4994] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [01/07/2019 13:15:44] - |D| - [5099] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outils Microsoft Office [01/07/2019 13:15:44] - |A| - [2433] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk [01/07/2019 13:20:23] - |A| - [1144] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk [01/07/2019 13:15:44] - |A| - [2472] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk [01/07/2019 13:15:44] - |A| - [2395] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk [01/07/2019 22:25:49] - |D| - [5565] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rainlendar2 [04/07/2019 14:39:05] - |D| - [16016] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm [05/07/2019 12:40:45] - |D| - [11217] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScanSnap Manager [05/07/2019 12:41:34] - |D| - [7533] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScanSnap Organizer [19/03/2019 06:52:44] - |RD| - [3966] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp [03/07/2019 18:45:25] - |D| - [1119] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [02/07/2019 00:46:35] - |D| - [2344] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sticky Password [19/03/2019 06:52:44] - |RD| - [1458] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools [01/07/2019 13:20:15] - |D| - [5850] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [01/07/2019 13:15:44] - |A| - [2455] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk [04/07/2019 16:40:13] - |D| - [2283] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XnView ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [05/07/2019 12:42:39] - |A| - [976] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CardMinder Viewer.lnk [05/07/2019 12:41:51] - |A| - [980] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Conversion au format PDF avec ScanSnap Organizer.lnk [19/03/2019 06:49:34] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini [05/07/2019 12:40:45] - |A| - [1836] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScanSnap Manager.lnk ---------- | C:\Program Files (x86) [03/07/2019 17:38:06] - |D| - [126528161] - C:\Program Files (x86)\2BrightSparks [05/07/2019 12:44:57] - |D| - [286802824] - C:\Program Files (x86)\ABBYY FineReader for ScanSnap [01/07/2019 14:45:48] - |D| - [377399015] - C:\Program Files (x86)\Adobe [01/07/2019 11:43:46] - |D| - [68416236] - C:\Program Files (x86)\ASUS [01/07/2019 14:48:54] - |D| - [70599237] - C:\Program Files (x86)\Audacity [04/07/2019 21:02:53] - |D| - [506893713] - C:\Program Files (x86)\AVAST Software [02/07/2019 10:09:40] - |D| - [631201] - C:\Program Files (x86)\Bonjour [01/07/2019 23:23:58] - |D| - [757150381] - C:\Program Files (x86)\Canon [19/03/2019 06:52:44] - |D| - [547982766] - C:\Program Files (x86)\Common Files [02/07/2019 15:57:38] - |D| - [17015387] - C:\Program Files (x86)\Corsair [19/03/2019 06:49:34] - |ASH| - [174] - C:\Program Files (x86)\desktop.ini [01/07/2019 20:53:10] - |D| - [89716919] - C:\Program Files (x86)\DisplayFusion [02/07/2019 23:30:46] - |D| - [0] - C:\Program Files (x86)\Drobo [02/07/2019 10:14:57] - |D| - [93744164] - C:\Program Files (x86)\DYMO [02/07/2019 11:48:24] - |D| - [3319618] - C:\Program Files (x86)\epson [02/07/2019 11:49:58] - |D| - [19188689] - C:\Program Files (x86)\Epson Software [05/07/2019 16:58:01] - |D| - [3650842] - C:\Program Files (x86)\Gadwin Systems [01/07/2019 13:19:32] - |D| - [603745182] - C:\Program Files (x86)\Google [02/07/2019 10:57:17] - |D| - [5628119] - C:\Program Files (x86)\HP [01/07/2019 11:44:56] - |HD| - [25152142] - C:\Program Files (x86)\InstallShield Installation Information [19/03/2019 06:52:44] - |D| - [1984279] - C:\Program Files (x86)\Internet Explorer [02/07/2019 10:09:38] - |D| - [2799856] - C:\Program Files (x86)\Microsoft Office [19/03/2019 06:52:44] - |D| - [8175999] - C:\Program Files (x86)\Microsoft.NET [01/07/2019 15:14:36] - |D| - [0] - C:\Program Files (x86)\Mozilla Thunderbird [05/07/2019 12:39:50] - |D| - [25757] - C:\Program Files (x86)\MSBuild [05/07/2019 11:44:34] - |D| - [2407700772] - C:\Program Files (x86)\Nuance [01/07/2019 11:29:17] - |D| - [119341835] - C:\Program Files (x86)\NVIDIA Corporation [13/07/2019 14:45:47] - |D| - [809496] - C:\Program Files (x86)\OpenAL [02/07/2019 12:25:42] - |D| - [553786375] - C:\Program Files (x86)\PFU [09/07/2019 21:53:46] - |D| - [14907837] - C:\Program Files (x86)\PhotoFiltre Studio X [01/07/2019 11:44:56] - |D| - [4888809] - C:\Program Files (x86)\Realtek [05/07/2019 12:39:50] - |D| - [38462721] - C:\Program Files (x86)\Reference Assemblies [04/07/2019 14:38:14] - |D| - [86039468] - C:\Program Files (x86)\Siber Systems [05/07/2019 11:51:07] - |D| - [21630] - C:\Program Files (x86)\Sony [01/07/2019 13:30:00] - |D| - [18106248615] - C:\Program Files (x86)\Steam [02/07/2019 00:46:25] - |D| - [151471273] - C:\Program Files (x86)\Sticky Password [01/07/2019 11:44:51] - |HD| - [0] - C:\Program Files (x86)\Temp [01/07/2019 12:00:11] - |D| - [9991] - C:\Program Files (x86)\VulkanRT [19/03/2019 06:52:44] - |D| - [1741328] - C:\Program Files (x86)\Windows Defender [19/03/2019 06:52:44] - |D| - [625664] - C:\Program Files (x86)\Windows Mail [19/03/2019 14:04:01] - |D| - [3238765] - C:\Program Files (x86)\Windows Media Player [19/03/2019 14:04:01] - |D| - [39720] - C:\Program Files (x86)\Windows Multimedia Platform [19/03/2019 06:52:44] - |D| - [7554392] - C:\Program Files (x86)\Windows NT [19/03/2019 14:04:01] - |D| - [5276616] - C:\Program Files (x86)\Windows Photo Viewer [19/03/2019 14:04:01] - |D| - [39720] - C:\Program Files (x86)\Windows Portable Devices [19/03/2019 06:52:44] - |SHD| - [0] - C:\Program Files (x86)\Windows Sidebar [19/03/2019 06:52:44] - |D| - [2250183] - C:\Program Files (x86)\WindowsPowerShell [04/07/2019 16:40:12] - |D| - [20446990] - C:\Program Files (x86)\XnView ---------- | C:\Program Files [01/07/2019 13:19:44] - |D| - [5204927] - C:\Program Files\7-Zip [04/07/2019 20:56:49] - |D| - [1215512929] - C:\Program Files\AVAST Software [02/07/2019 10:09:40] - |D| - [613987] - C:\Program Files\Bonjour [01/07/2019 23:28:06] - |D| - [32829717] - C:\Program Files\Canon [05/07/2019 13:31:54] - |HD| - [21341184] - C:\Program Files\CanonBJ [19/03/2019 06:52:43] - |D| - [148949925] - C:\Program Files\Common Files [01/07/2019 11:45:49] - |D| - [48578024] - C:\Program Files\DAEMON Tools Lite [19/03/2019 06:49:34] - |ASH| - [174] - C:\Program Files\desktop.ini [05/07/2019 11:51:19] - |D| - [971934] - C:\Program Files\DIFX [02/07/2019 10:14:10] - |D| - [2473850] - C:\Program Files\DYMO LabelWriter Drivers [01/07/2019 17:16:26] - |SHD| - [0] - C:\Program Files\Fichiers communs [06/07/2019 17:45:53] - |D| - [219169767] - C:\Program Files\Google [02/07/2019 10:57:17] - |D| - [133801978] - C:\Program Files\HP [01/07/2019 13:19:46] - |D| - [10080333] - C:\Program Files\InfraRecorder [19/03/2019 06:52:44] - |D| - [2645498] - C:\Program Files\Internet Explorer [13/07/2019 14:37:09] - |D| - [215700356] - C:\Program Files\Java [21/07/2019 19:41:15] - |D| - [171209919] - C:\Program Files\Malwarebytes [01/07/2019 13:13:08] - |D| - [2687092322] - C:\Program Files\Microsoft Office [01/07/2019 13:13:07] - |D| - [8979840] - C:\Program Files\Microsoft Office 15 [19/03/2019 06:52:44] - |D| - [0] - C:\Program Files\ModifiableWindowsApps [05/07/2019 12:39:50] - |D| - [25757] - C:\Program Files\MSBuild [01/07/2019 11:29:17] - |D| - [1138981016] - C:\Program Files\NVIDIA Corporation [01/07/2019 13:20:21] - |D| - [73391254] - C:\Program Files\paint.net [01/07/2019 22:25:06] - |D| - [61285311] - C:\Program Files\Rainlendar2 [05/07/2019 12:39:50] - |D| - [36867241] - C:\Program Files\Reference Assemblies [01/07/2019 22:21:48] - |D| - [15011048] - C:\Program Files\Speccy [01/07/2019 17:15:02] - |HD| - [0] - C:\Program Files\Uninstall Information [01/07/2019 13:20:08] - |D| - [176857799] - C:\Program Files\VideoLAN [19/03/2019 06:52:44] - |D| - [29020983] - C:\Program Files\Windows Defender [19/03/2019 14:04:01] - |D| - [16462456] - C:\Program Files\Windows Defender Advanced Threat Protection [19/03/2019 06:52:44] - |D| - [636416] - C:\Program Files\Windows Mail [19/03/2019 14:04:01] - |D| - [4710289] - C:\Program Files\Windows Media Player [19/03/2019 14:04:01] - |D| - [47720] - C:\Program Files\Windows Multimedia Platform [19/03/2019 06:52:44] - |D| - [7889752] - C:\Program Files\Windows NT [19/03/2019 14:04:01] - |D| - [6093976] - C:\Program Files\Windows Photo Viewer [19/03/2019 14:04:01] - |D| - [47720] - C:\Program Files\Windows Portable Devices [19/03/2019 06:52:44] - |D| - [110373] - C:\Program Files\Windows Security [19/03/2019 06:52:44] - |SHD| - [0] - C:\Program Files\Windows Sidebar [19/03/2019 06:52:44] - |HD| - [2158786294] - C:\Program Files\WindowsApps [19/03/2019 06:52:44] - |D| - [2545983] - C:\Program Files\WindowsPowerShell ---------- | C:\Program Files (x86)\Common Files [01/07/2019 14:45:48] - |D| - [22704948] - C:\Program Files (x86)\Common Files\Adobe [05/07/2019 11:44:38] - |D| - [92976] - C:\Program Files (x86)\Common Files\DESIGNER [05/07/2019 11:44:34] - |D| - [1193648] - C:\Program Files (x86)\Common Files\InstallShield [02/07/2019 10:10:14] - |D| - [10608833] - C:\Program Files (x86)\Common Files\Intuit [05/07/2019 13:00:39] - |D| - [1512625] - C:\Program Files (x86)\Common Files\IVA [13/07/2019 14:37:33] - |D| - [2036720] - C:\Program Files (x86)\Common Files\Java [19/03/2019 06:52:44] - |D| - [66307696] - C:\Program Files (x86)\Common Files\Microsoft Shared [05/07/2019 13:00:36] - |D| - [28186054] - C:\Program Files (x86)\Common Files\Nuance [13/07/2019 14:37:20] - |D| - [1540304] - C:\Program Files (x86)\Common Files\Oracle [05/07/2019 12:40:15] - |D| - [373328857] - C:\Program Files (x86)\Common Files\PFU [19/03/2019 06:52:44] - |D| - [2702] - C:\Program Files (x86)\Common Files\Services [03/07/2019 18:45:30] - |D| - [4019264] - C:\Program Files (x86)\Common Files\Steam [19/03/2019 06:52:44] - |D| - [9434507] - C:\Program Files (x86)\Common Files\System [13/07/2019 14:45:21] - |D| - [27013632] - C:\Program Files (x86)\Common Files\Wise Installation Wizard ---------- | C:\Program Files\Common files [04/07/2019 20:58:18] - |D| - [2281944] - C:\Program Files\Common files\AVAST Software [01/07/2019 13:15:23] - |D| - [32784] - C:\Program Files\Common files\DESIGNER [19/03/2019 06:52:43] - |D| - [136349604] - C:\Program Files\Common files\microsoft shared [19/03/2019 06:52:44] - |D| - [2702] - C:\Program Files\Common files\Services [19/03/2019 06:52:44] - |D| - [10282891] - C:\Program Files\Common files\System ---------- | Tasks [MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [01/07/2019 17:14:58] - |AH| - [6] - C:\Windows\Tasks\SA.DAT [MD5.00000000000000000000000000000000] - [03/07/2019 22:53:03] - |D| - [0] - C:\Windows\System32\Tasks\2BrightSparks [MD5.EB21A3174CF1B6E3052D12DB34575C10] - [01/07/2019 14:45:59] - |A| - [3482] - C:\Windows\System32\Tasks\Adobe Acrobat Update Task : C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [MD5.C04489292E877AC749AB26BCB1A1C402] - [02/07/2019 22:03:43] - |A| - [3890] - C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier : C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_223_pepper.exe [MD5.A4D3E3CEC65A35D5D6FCE1BDCB35DF51] - [02/07/2019 22:03:43] - |A| - [3576] - C:\Windows\System32\Tasks\Adobe Flash Player Updater : C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [MD5.6CB08B3339C12A1D943764EF8FF1D059] - [04/07/2019 20:58:22] - |A| - [4264] - C:\Windows\System32\Tasks\Avast Emergency Update : C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [MD5.5688B9673068B6D960BD04194296189B] - [04/07/2019 21:04:13] - |A| - [3856] - C:\Windows\System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) : C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [MD5.B7F45D11A051E9ED91976F4E32AB6634] - [04/07/2019 21:04:13] - |A| - [3272] - C:\Windows\System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) : C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [MD5.00000000000000000000000000000000] - [04/07/2019 20:58:33] - |D| - [3996] - C:\Windows\System32\Tasks\Avast Software [MD5.D94963DE3D2A26AAA7427011863D759F] - [04/07/2019 21:02:53] - |A| - [3500] - C:\Windows\System32\Tasks\AvastUpdateTaskMachineCore : C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [MD5.B25542BCB18833E95BF4B53532B66EA6] - [04/07/2019 21:02:53] - |A| - [3624] - C:\Windows\System32\Tasks\AvastUpdateTaskMachineUA : C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [MD5.10EC51A3F559F98DE06780E5B0778494] - [01/07/2019 13:19:33] - |A| - [3292] - C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [MD5.EF273BE05E94311A303A09BE95C5A713] - [01/07/2019 13:19:33] - |A| - [3516] - C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [MD5.6A6B27D53A1ECF247F8387118E80110A] - [02/07/2019 10:57:45] - |A| - [2656] - C:\Windows\System32\Tasks\HPCustParticipation HP LaserJet M14-M17 : "C:\Program Files\HP\HP LaserJet M14-M17\Bin\HPCustPartic.exe" [MD5.00000000000000000000000000000000] - [19/03/2019 06:52:45] - |D| - [587620] - C:\Windows\System32\Tasks\Microsoft [MD5.95394ACA79B19EE5CF41FD357F5F4131] - [01/07/2019 11:32:14] - |A| - [2854] - C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-84932897-3685993778-4120941894-1001 : %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe [MD5.3BBE0F6F648FFFA79E5B3A164E21ECFD] - [02/07/2019 00:19:00] - |A| - [3806] - C:\Windows\System32\Tasks\Open URL by RoboForm : C:\Windows\system32\rundll32.exe [MD5.46A44FD5C863BC74F41F88C012123141] - [05/07/2019 17:19:14] - |A| - [3578] - C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1562339949 : C:\Users\Jean Bouquet\AppData\Local\Programs\Opera\launcher.exe [MD5.B0DC9A18987A5FDB4592A255B7937B4C] - [02/07/2019 00:18:44] - |A| - [3098] - C:\Windows\System32\Tasks\Run RoboForm TaskBar Icon : C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [MD5.00000000000000000000000000000000] - [19/03/2019 06:52:46] - |D| - [0] - C:\Windows\Syswow64\Tasks\Microsoft ---------- | Firewall [HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules] "WiFiDirect-KM-Driver-In-TCP"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=System|Name=@wlansvc.dll,-37378|Desc=@wlansvc.dll,-37890|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "WiFiDirect-KM-Driver-Out-TCP"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=System|Name=@wlansvc.dll,-37379|Desc=@wlansvc.dll,-37891|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "WiFiDirect-KM-Driver-In-UDP"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=System|Name=@wlansvc.dll,-37380|Desc=@wlansvc.dll,-37892|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "WiFiDirect-KM-Driver-Out-UDP"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=System|Name=@wlansvc.dll,-37381|Desc=@wlansvc.dll,-37893|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "DeliveryOptimization-TCP-In"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-102|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE| "DeliveryOptimization-UDP-In"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-103|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE| "Netlogon-NamedPipe-In"=v2.30|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|Name=@netlogon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010| "Netlogon-TCP-RPC-In"=v2.30|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%SystemRoot%\System32\lsass.exe|Name=@netlogon.dll,-1008|Desc=@netlogon.dll,-1009|EmbedCtxt=@netlogon.dll,-1010| "WirelessDisplay-In-TCP"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10200|Desc=@wifidisplay.dll,-10201|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Out-TCP"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10202|Desc=@wifidisplay.dll,-10203|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Out-UDP"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10204|Desc=@wifidisplay.dll,-10205|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Infra-In-TCP"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7250|App=%systemroot%\system32\CastSrv.exe|Name=@wifidisplay.dll,-10206|Desc=@wifidisplay.dll,-10207|EmbedCtxt=@wifidisplay.dll,-100| "{FF69EA5D-82C6-47FF-83CC-7487C50AF9D7}"=v2.30|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe|Name=DAEMON Tools Lite Service|Desc=The DAEMON Tools Lite mandatory service is responsible for remote devices.| "{F37D6EFB-D8E7-4DD7-A01B-9F49A3F30F69}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Shell Input Application|Desc=Shell Input Application|LUOwn=S-1-5-21-84932897-3685993778-4120941894-1001|AppPkgId=S-1-15-2-3945102849-3632965805-3846928828-240845225-3300287824-62672950-817265009|EmbedCtxt=Shell Input Application|Platform=2:6:2|Platform2=GTEQ| "{100AF5CA-4032-42A6-B650-FD016A7D066A}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Pay|Desc=Microsoft Pay|LUOwn=S-1-5-21-84932897-3685993778-4120941894-1001|AppPkgId=S-1-15-2-567501097-281763132-502764112-1855211022-3143306454-2372101908-561929011|EmbedCtxt=Microsoft Pay|Platform=2:6:2|Platform2=GTEQ| "{3256BE33-0397-4328-9F5A-BC71B1B86E46}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Print 3D|Desc=Print 3D|LUOwn=S-1-5-21-84932897-3685993778-4120941894-1001|AppPkgId=S-1-15-2-4177018473-2823706547-3652141868-2730301309-560159678-43221128-488844051|EmbedCtxt=Print 3D|Platform=2:6:2|Platform2=GTEQ| "{88444616-447B-46B7-A4D9-E81413AF2A37}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Print 3D|Desc=Print 3D|LUOwn=S-1-5-21-84932897-3685993778-4120941894-1001|AppPkgId=S-1-15-2-4177018473-2823706547-3652141868-2730301309-560159678-43221128-488844051|EmbedCtxt=Print 3D|Platform=2:6:2|Platform2=GTEQ| "{269302C8-EB40-424E-92FA-3EFCF2237C9E}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Sticky Notes|Desc=Microsoft Sticky Notes|LUOwn=S-1-5-21-84932897-3685993778-4120941894-1001|AppPkgId=S-1-15-2-3539788797-2700867667-1432428195-1581642-2885308443-3834444517-2495346167|EmbedCtxt=Microsoft Sticky Notes|Platform=2:6:2|Platform2=GTEQ| "{1D813A53-EF16-48DA-9CFE-2B566F5A251D}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Microsoft Sticky Notes|Desc=Microsoft Sticky Notes|LUOwn=S-1-5-21-84932897-3685993778-4120941894-1001|AppPkgId=S-1-15-2-3539788797-2700867667-1432428195-1581642-2885308443-3834444517-2495346167|EmbedCtxt=Microsoft Sticky Notes|Platform=2:6:2|Platform2=GTEQ| "{EC8CF0D6-6CFE-41BE-95A6-B7E29A81C658}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-84932897-3685993778-4120941894-1001|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ| "{FBEA5C96-DAC5-4487-8660-1B733AB72005}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-84932897-3685993778-4120941894-1001|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ| "{AAF8666D-AF19-4A86-8669-E16D019C2F35}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox TCUI|Desc=Xbox TCUI|LUOwn=S-1-5-21-84932897-3685993778-4120941894-1001|AppPkgId=S-1-15-2-2603511428-3224021693-1028932517-3941269705-3349582775-2312504883-4057327947|EmbedCtxt=Xbox TCUI|Platform=2:6:2|Platform2=GTEQ| "{9E1D37A1-33AB-417B-BA8B-03953C5A97BE}"=v2.30|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Sticky Password\stpass.exe|Name=Sticky Password| "{6E2D5D1A-409C-4B31-A968-26BAFA89BE51}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\Sticky Password\stpass.exe|Name=Sticky Password| "{9FAED628-606C-413E-A641-FDAE9434DCA0}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\Bonjour\mDNSResponder.exe|Name=Service Bonjour| "{AAE59861-E003-4B22-96AB-1D7B7D1BA6A4}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\Bonjour\mDNSResponder.exe|Name=Service Bonjour| "{C3CA552F-C38E-42C3-ABC1-BF4D01547F11}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Bonjour\mDNSResponder.exe|Name=Service Bonjour| "{2977817E-0733-463F-A977-51BC21E67871}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Bonjour\mDNSResponder.exe|Name=Service Bonjour| "{D4511DEE-1F4D-4B94-BD09-AEF0540701EE}"=v2.30|Action=Allow|Active=TRUE|Dir=In|RA4=LocalSubnet|RA6=LocalSubnet|App=C:\Program Files\HP\HP LaserJet M14-M17\bin\EWSProxy.exe|Name=HP LaserJet M14-M17 EWSProxy|Edge=TRUE| "{95A0E878-38B6-428F-8D28-B1D440D5AD33}"=v2.30|Action=Allow|Active=TRUE|Dir=In|RA4=LocalSubnet|RA6=LocalSubnet|App=C:\Program Files\HP\HP LaserJet M14-M17\Bin\DeviceSetup.exe|Name=Configuration du périphérique HP (HP LaserJet M14-M17)|Edge=TRUE| "{E0AB5978-B0BA-437D-85AA-3AEF8E2CDAFA}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=5357|Name=Port TCP WS-Eventing 5357| "{4B7E7CAD-8E49-44B8-B220-8189836CC459}"=v2.30|Action=Allow|Active=TRUE|Dir=In|RA4=LocalSubnet|RA6=LocalSubnet|App=C:\Program Files\HP\HP LaserJet M14-M17\Bin\HPNetworkCommunicatorCom.exe|Name=Communicateur réseau COM HP (HP LaserJet M14-M17)|Edge=TRUE| "{043C35C7-ACCE-4834-8890-74D24601F0C1}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Program Files (x86)\Drobo\Drobo Dashboard\DDService.exe|Name=Drobo Dashboard Service| "{7DE084EF-60BB-4C91-A13D-0DF6ED0A6958}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Program Files (x86)\Drobo\Drobo Dashboard\DDService.exe|Name=Drobo Dashboard Service| "{30AD66E8-FC8F-4A41-B707-59D36811FC12}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Program Files (x86)\Drobo\Drobo Dashboard\Drobo Dashboard.exe|Name=Drobo Dashboard| "{AFF9CA34-EC8A-4297-A57E-1D8A9468D5FB}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Program Files (x86)\Drobo\Drobo Dashboard\Drobo Dashboard.exe|Name=Drobo Dashboard| "{6698AA15-5107-4E78-92DF-7D8E163CA00D}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{TreeCardGames.KlondikeSolitaireCollectionFree_4.0.1.0_x64__n666hb6ddc5jp?ms-resource://TreeCardGames.KlondikeSolitaireCollectionFree/resources/appDisplayName}|Desc=@{TreeCardGames.KlondikeSolitaireCollectionFree_4.0.1.0_x64__n666hb6ddc5jp?ms-resource://TreeCardGames.KlondikeSolitaireCollectionFree/resources/appDisplayName}|LUOwn=S-1-5-21-84932897-3685993778-4120941894-1001|AppPkgId=S-1-15-2-1273318621-1286994186-1688526701-3148542376-2126824434-2260951670-3246504334|EmbedCtxt=@{TreeCardGames.KlondikeSolitaireCollectionFree_4.0.1.0_x64__n666hb6ddc5jp?ms-resource://TreeCardGames.KlondikeSolitaireCollectionFree/resources/appDisplayName}|Platform=2:6:2|Platform2=GTEQ| "{8E1AE109-BC84-47EB-A75A-8C80BB2C5F3E}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Canon Inkjet Print Utility|Desc=Canon Inkjet Print Utility|LUOwn=S-1-5-21-84932897-3685993778-4120941894-1001|AppPkgId=S-1-15-2-115199243-2764431856-1086699609-1912897127-1214238601-531789971-2447004905|EmbedCtxt=Canon Inkjet Print Utility|Platform=2:6:2|Platform2=GTEQ| "{6CF6E4FD-B769-44B9-AEB1-63797FADBD52}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Canon Inkjet Print Utility|Desc=Canon Inkjet Print Utility|LUOwn=S-1-5-21-84932897-3685993778-4120941894-1001|AppPkgId=S-1-15-2-115199243-2764431856-1086699609-1912897127-1214238601-531789971-2447004905|EmbedCtxt=Canon Inkjet Print Utility|Platform=2:6:2|Platform2=GTEQ| "{B77743E2-95F9-4F9E-AA3A-B39C109BC224}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe|Name=Avast Secure Browser (mDNS-In)|Desc=Règle de trafic entrant pour Avast Secure Browser autorisant le trafic mDNS|EmbedCtxt=Avast Secure Browser| "{C5B6914D-6AE6-4561-9C02-E95A5C7014A6}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Nuance\Power PDF\NPDFAssist.exe|Name=Nuance Pdf Converter Assistant| "{95929AC2-2810-428E-9DCA-0B247581956B}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Nuance\Power PDF\NPDFAssist.exe|Name=Nuance Pdf Converter Assistant| "{95D70825-2A70-4F63-AE98-F1C633ACDA39}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Nuance\Power PDF\NPDFLM.exe|Name=Nuance Activation| "{A0125598-A3AC-4BA9-ACF2-00C75F92632B}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Nuance\Power PDF\NPDFLM.exe|Name=Nuance Activation| "{C80A2E44-7304-4D81-8D51-15661B643F83}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Nuance\Power PDF\bin\NPDFCreate.exe|Name=Nuance Pdf Create Assistant| "{480E42C7-4049-4FB7-81A5-1BE0B57E6A44}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Nuance\Power PDF\bin\NPDFCreate.exe|Name=Nuance Pdf Create Assistant| "{DFEDECFF-8C04-480F-8415-7465B61FB392}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Nuance\Power PDF\bin\NuancePDF.exe|Name=Nuance Power PDF| "{61848806-1688-47DD-83E4-B7D71239D8B2}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Nuance\Power PDF\bin\NuancePDF.exe|Name=Nuance Power PDF| "{56EE4AEF-EDEA-4B7D-A0E9-20D9F4454C51}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Nuance\Power PDF\Ereg\Ereg.exe|Name=Nuance Electronic Registration| "{C844C8F3-5453-45F3-BCC9-E457A393A412}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Nuance\Power PDF\Ereg\Ereg.exe|Name=Nuance Electronic Registration| "{310ACF13-79A3-4DD8-AD30-F4AA962F8267}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=53|IF={6C186342-AEF4-4B5C-B1B1-CD2107A8010D}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-143|Desc=@ipnathlp.dll,-10142|EmbedCtxt=@ipnathlp.dll,-140| "{1EEC356F-C106-4353-A6F5-B7DCA09809A7}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=67|IF={6C186342-AEF4-4B5C-B1B1-CD2107A8010D}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-144|Desc=@ipnathlp.dll,-10143|EmbedCtxt=@ipnathlp.dll,-140| "{E56DEA52-7B9E-401A-B1D7-1CCFE3BB7AF6}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=68|IF={6C186342-AEF4-4B5C-B1B1-CD2107A8010D}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-145|Desc=@ipnathlp.dll,-10144|EmbedCtxt=@ipnathlp.dll,-140| "{CCE4FBBC-9D02-420C-853A-68AC294F892B}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=1900|IF={6C186342-AEF4-4B5C-B1B1-CD2107A8010D}|App=%systemroot%\system32\svchost.exe|Svc=ssdpsrv|Name=@ipnathlp.dll,-147|Desc=@ipnathlp.dll,-10146|EmbedCtxt=@ipnathlp.dll,-140| "{85F4E1BB-0BA9-405B-8150-808FA1D0E561}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|RPort=1900|IF={6C186342-AEF4-4B5C-B1B1-CD2107A8010D}|App=%systemroot%\system32\svchost.exe|Svc=ssdpsrv|Name=@ipnathlp.dll,-150|Desc=@ipnathlp.dll,-10150|EmbedCtxt=@ipnathlp.dll,-140| "{D5EF897E-85BA-4B7F-BCAB-551D34D0864E}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=2869|IF={6C186342-AEF4-4B5C-B1B1-CD2107A8010D}|App=System|Name=@ipnathlp.dll,-146|Desc=@ipnathlp.dll,-10145|EmbedCtxt=@ipnathlp.dll,-140| "{A8A6D114-0F70-45C8-BB3C-18AE9241C0F0}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RPort=2869|IF={6C186342-AEF4-4B5C-B1B1-CD2107A8010D}|App=System|Name=@ipnathlp.dll,-152|Desc=@ipnathlp.dll,-10151|EmbedCtxt=@ipnathlp.dll,-140| "{68FC9B57-74E1-487B-843E-BB6F2BB229C3}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=547|IF={6C186342-AEF4-4B5C-B1B1-CD2107A8010D}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-142|Desc=@ipnathlp.dll,-10141|EmbedCtxt=@ipnathlp.dll,-140| "{4C60F4BA-61A2-4570-B4EC-F3A2DA0D3BA7}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|Profile=Private|Profile=Public|ICMP6=133:0|IF={6C186342-AEF4-4B5C-B1B1-CD2107A8010D}|Name=@ipnathlp.dll,-148|Desc=@ipnathlp.dll,-10147|EmbedCtxt=@ipnathlp.dll,-140| "{80DDDBD7-37C8-4D3A-81E8-5D10C57D08E9}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|IF={6C186342-AEF4-4B5C-B1B1-CD2107A8010D}|App=%systemroot%\system32\svchost.exe|Svc=upnphost|Name=@ipnathlp.dll,-149|Desc=@ipnathlp.dll,-10148|EmbedCtxt=@ipnathlp.dll,-140| "{438B799B-1BB7-4260-BD98-FC9134A26C1F}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|IF={6C186342-AEF4-4B5C-B1B1-CD2107A8010D}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-151|Desc=@ipnathlp.dll,-10149|EmbedCtxt=@ipnathlp.dll,-140| "{669EBD5F-E90A-4F05-A415-C7017AFFA72D}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|IF={6C186342-AEF4-4B5C-B1B1-CD2107A8010D}|App=%systemroot%\system32\alg.exe|Name=@ipnathlp.dll,-140|Desc=@ipnathlp.dll,-140|EmbedCtxt=@ipnathlp.dll,-140| "{BDF5B4D7-8B5F-45F2-B9A3-7C9DD5715998}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox Game Bar Plugin|Desc=Xbox Game Bar Plugin|LUOwn=S-1-5-21-84932897-3685993778-4120941894-1001|AppPkgId=S-1-15-2-1823635404-1364722122-2170562666-1762391777-2399050872-3465541734-3732476201|EmbedCtxt=Xbox Game Bar Plugin|Platform=2:6:2|Platform2=GTEQ| "{F45F2173-33EE-439E-8260-6133C13B967E}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-84932897-3685993778-4120941894-1001|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ| "{F146ADA2-60BE-48DA-ACAD-70D8BBB27B9B}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-84932897-3685993778-4120941894-1001|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ| "{4C77106E-1BA5-47F7-836C-D0DC7DA65A29}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files (x86)\Google\Chrome\Application\chrome.exe|Name=Google Chrome (mDNS-In)|Desc=Règle de trafic entrant pour Google Chrome autorisant le trafic mDNS|EmbedCtxt=Google Chrome| "{D28E6B79-C2AA-4378-AD0C-00B491A66820}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=HP Smart|Desc=HP Smart|LUOwn=S-1-5-21-84932897-3685993778-4120941894-1001|AppPkgId=S-1-15-2-744533573-2444454674-265863901-3215465728-4115286053-1341080355-789689510|EmbedCtxt=HP Smart|Platform=2:6:2|Platform2=GTEQ| "{A714DE0F-35A3-4573-BAD5-64FC0A8C79BA}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=HP Smart|Desc=HP Smart|LUOwn=S-1-5-21-84932897-3685993778-4120941894-1001|AppPkgId=S-1-15-2-744533573-2444454674-265863901-3215465728-4115286053-1341080355-789689510|EmbedCtxt=HP Smart|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| ---------- | Control\Class [HKLM\SYSTEM\CurrentControlSet\Control\Class\{05f5cfe2-4733-4950-a6bb-07aad01a3a84}] : (XboxComposite) [] -> @dc1-controller.inf,%ClassName%;Xbox Peripherals [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1264760F-A5C8-4BFE-B314-D56A7B44A362}] : (DXGKrnl) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{13e42dfa-85d9-424d-8646-28a70f864f9c}] : (RemotePosDevice) [] -> @remoteposdrv.inf,%ClassName%;POS Remote Device [HKLM\SYSTEM\CurrentControlSet\Control\Class\{14b62f50-3f15-11dd-ae16-0800200c9a66}] : (DigitalMediaDevices) [] -> @digitalmediadevice.inf,%ClassName%;Digital Media Devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}] : (PrintQueue) [] -> @printqueue.inf,%ClassName%;Print queues [HKLM\SYSTEM\CurrentControlSet\Control\Class\{25dbce51-6c8f-4a72-8a6d-b54c2b4fc835}] : (WCEUSBS) [] -> @%SystemRoot%\System32\SysClass.Dll,-3026 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{268c95a1-edfe-11d3-95c3-0010dc4050a5}] : (SecurityAccelerator) [] -> @c_sslaccel.inf,%ClassName%;Security accelerators [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2a9fe532-0cdc-44f9-9827-76192f2ca2fb}] : (HidMsr) [] -> @c_magneticstripereader.inf,%ClassName%;POS HID Magnetic Stripe Reader [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2db15374-706e-4131-a0c7-d7c78eb0289a}] : (SystemRecovery) [] -> @c_fssystemrecovery.inf,%ClassDesc%;FS System recovery filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B648}] : (fvevol) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B649}] : (fvevol) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{36fc9e60-c465-11cf-8056-444553540000}] : (USB) [] -> @%SystemRoot%\System32\SysClass.Dll,-3025 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3e3f0674-c83c-4558-bb26-9820e1eba5c5}] : (ContentScreener) [] -> @c_fscontentscreener.inf,%ClassDesc%;FS Content screener filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{43675d81-502a-4a82-9f84-b75f418c5dea}] : (Media Center Extender) [] -> @c_mcx.inf,%ClassDesc%;Media Center Extenders [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4658ee7e-f050-11d1-b6bd-00c04fa372a7}] : (PnpPrinters) [] -> @%SystemRoot%\system32\ntprint.dll,-1300 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{48721b56-6795-11d2-b1a8-0080c72e74a2}] : (Dot4) [] -> @%SystemRoot%\system32\sysclass.dll,-3023 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{48d3ebc4-4cf8-48ff-b869-9c68ad42eb9f}] : (Replication) [] -> @c_fsreplication.inf,%ClassDesc%;FS Replication filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{49ce6ac8-6f86-11d2-b1e5-0080c72e74a2}] : (Dot4Print) [] -> @%SystemRoot%\system32\sysclass.dll,-3024 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e965-e325-11ce-bfc1-08002be10318}] : (CDROM) [] -> @%SystemRoot%\System32\StorProp.dll,-17001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e966-e325-11ce-bfc1-08002be10318}] : (Computer) [] -> @%SystemRoot%\System32\SysClass.dll,-3000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}] : (DiskDrive) [] -> @c_diskdrive.inf,%ClassDesc%;Disk drives [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}] : (Display) [] -> @c_display.inf,%ClassDesc%;Display adapters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e969-e325-11ce-bfc1-08002be10318}] : (FDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3013 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96a-e325-11ce-bfc1-08002be10318}] : (HDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96b-e325-11ce-bfc1-08002be10318}] : (Keyboard) [] -> @%SystemRoot%\System32\SysClass.Dll,-3002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96c-e325-11ce-bfc1-08002be10318}] : (MEDIA) [] -> @c_media.inf,%ClassDesc%;Sound, video and game controllers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}] : (Modem) [] -> @%SystemRoot%\System32\mdminst.dll,-14100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96e-e325-11ce-bfc1-08002be10318}] : (Monitor) [] -> @c_monitor.inf,%ClassDesc%;Monitors [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96f-e325-11ce-bfc1-08002be10318}] : (Mouse) [] -> @%SystemRoot%\System32\SysClass.Dll,-3004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e970-e325-11ce-bfc1-08002be10318}] : (MTD) [] -> @%SystemRoot%\System32\SysClass.Dll,-3021 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e971-e325-11ce-bfc1-08002be10318}] : (MultiFunction) [] -> @%SystemRoot%\System32\SysClass.Dll,-3014 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}] : (Net) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1502 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e973-e325-11ce-bfc1-08002be10318}] : (NetClient) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1504 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e974-e325-11ce-bfc1-08002be10318}] : (NetService) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1505 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e975-e325-11ce-bfc1-08002be10318}] : (NetTrans) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1503 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e977-e325-11ce-bfc1-08002be10318}] : (PCMCIA) [] -> @%SystemRoot%\System32\SysClass.Dll,-3010 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e978-e325-11ce-bfc1-08002be10318}] : (Ports) [] -> @%SystemRoot%\System32\msports.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e979-e325-11ce-bfc1-08002be10318}] : (Printer) [] -> @%SystemRoot%\system32\ntprint.dll,-1004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97b-e325-11ce-bfc1-08002be10318}] : (SCSIAdapter) [] -> @%SystemRoot%\System32\SysClass.Dll,-3005 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97d-e325-11ce-bfc1-08002be10318}] : (System) [] -> @%SystemRoot%\System32\SysClass.Dll,-3008 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97e-e325-11ce-bfc1-08002be10318}] : (Unknown) [] -> @%SystemRoot%\System32\SysClass.Dll,-3009 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e980-e325-11ce-bfc1-08002be10318}] : (FloppyDisk) [] -> @%SystemRoot%\System32\SysClass.Dll,-3015 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4fc9541c-0fe6-4480-a4f6-9495a0d17cd2}] : (HidLineDisplay) [] -> @c_linedisplay.inf,%ClassName%;POS Line Display [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50127dc3-0f36-415e-a6cc-4cb3be910b65}] : (Processor) [] -> @c_processor.inf,%ClassDesc%;Processors [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50906cb8-ba12-11d1-bf5d-0000f805f530}] : (MultiPortSerial) [] -> @%SystemRoot%\system32\sysclass.dll,-3022 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5099944a-f6b9-4057-a056-8c550228544c}] : (Memory) [] -> @%SystemRoot%\System32\SysClass.Dll,-3018 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50dd5230-ba8a-11d1-bf5d-0000f805f530}] : (SmartCardReader) [] -> @%SystemRoot%\System32\StorProp.dll,-17002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5175d334-c371-4806-b3ba-71fd53c9258d}] : (Sensor) [] -> @%SystemRoot%\system32\SensorsCpl.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{533c5b84-ec70-11d2-9505-00c04f79deaf}] : (VolumeSnapshot) [] -> @%SystemRoot%\System32\SysClass.Dll,-3011 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53487c23-680f-4585-acc3-1f10d6777e82}] : (SmrDisk) [] -> @c_smrdisk.inf,%ClassDesc%;Shingled magnetic recording disks [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53966cb1-4d46-4166-bf23-c522403cd495}] : (ScmDisk) [] -> @c_scmdisk.inf,%ClassDesc%;Persistent memory disks [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53b3cf03-8f5a-4788-91b6-d19ed9fcccbf}] : (SmrVolume) [] -> @c_smrvolume.inf,%ClassDesc%;Shingled magnetic recording volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53ccb149-e543-4c84-b6e0-bce4f6b7e806}] : (ScmVolume) [] -> @c_scmvolume.inf,%ClassDesc%;Storage Class Memory volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53d29ef7-377c-4d14-864b-eb3a85769359}] : (Biometric) [] -> @%SystemRoot%\System32\SysClass.DLL,-3028 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5630831c-06c9-4856-b327-f5d32586e060}] : (Proximity) [] -> @c_proximity.inf,%ClassDesc%;Proximity devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5989fce8-9cd0-467d-8a6a-5419e31529d4}] : (AudioProcessingObject) [] -> @c_apo.inf,%ClassDesc%;Audio Processing Objects (APOs) [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5aea001d-9372-4ed7-97f3-b79bf15a53c5}] : (OposLegacyDevice) [] -> @oposdrv.inf,%ClassName%;OPOS Legacy Device [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5c4c3332-344d-483c-8739-259e934c9cc8}] : (SoftwareComponent) [] -> @c_swcomponent.inf,%ClassDesc%;Software components [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5d1b9aaa-01e2-46af-849f-272b3f324c46}] : (FSFilterSystem) [] -> @c_fssystem.inf,%ClassDesc%;FS System filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{62f9c741-b25a-46ce-b54c-9bccce08b6f2}] : (SoftwareDevice) [] -> @c_swdevice.inf,%ClassDesc%;Software devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{645ad99b-1344-4316-837a-08a3e73db222}] : (PerceptionSimulation) [] -> @PerceptionSimulationSixDof.inf,%ClassName%;Perception Simulation Controllers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6a0a8e78-bba6-4fc4-a709-1e33cd09d67e}] : (PhysicalQuotaManagement) [] -> @c_fsphysicalquotamgmt.inf,%ClassDesc%;FS Physical quota management filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc1-810f-11d0-bec7-08002be2092f}] : (1394) [] -> @%SystemRoot%\System32\SysClass.Dll,-3016 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc5-810f-11d0-bec7-08002be2092f}] : (Infrared) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1501 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc6-810f-11d0-bec7-08002be2092f}] : (Image) [] -> @%SystemRoot%\system32\sti_ci.dll,-52 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6d807884-7d21-11cf-801c-08002be10318}] : (TapeDrive) [] -> @%SystemRoot%\System32\SysClass.Dll,-3006 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6FAE73B7-B735-4B50-A0DA-0DC2484B1F1A}] : (BasicDisplay) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{71a27cdd-812a-11d0-bec7-08002be2092f}] : (Volume) [] -> @c_volume.inf,%ClassDesc%;Storage volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{71aa14f8-6fad-4622-ad77-92bb9d7e6947}] : (ContinuousBackup) [] -> @c_fscontinuousbackup.inf,%ClassDesc%;FS Continuous backup filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{72631e54-78a4-11d0-bcf7-00aa00b7b32a}] : (Battery) [] -> @%SystemRoot%\system32\powrprof.dll,-611 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{745a17a0-74d3-11d0-b6fe-00a0c90f57da}] : (HIDClass) [] -> @%SystemRoot%\System32\hid.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{772e18f2-8925-4229-a5ac-6453cb482fda}] : (HidCashDrawer) [] -> @c_cashdrawer.inf,%ClassName%;POS Cash Drawer [HKLM\SYSTEM\CurrentControlSet\Control\Class\{7ebefbc0-3200-11d2-b4c2-00a0c9697d07}] : (61883) [] -> @%SystemRoot%\System32\SysClass.Dll,-3019 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{81C87465-DE07-4EFC-9D93-61E891D52FD2}] : (RdpVideoMiniport) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8503c911-a6c7-4919-8f79-5028f5866b0c}] : (QuotaManagement) [] -> @c_fsquotamgmt.inf,%ClassDesc%;FS Quota management filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{87ef9ad1-8f70-49ee-b215-ab1fcadcbe3c}] : (NetDriver) [] -> @c_netdriver.inf,%ClassDesc%;Universal Network Drivers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{88a1c342-4539-11d3-b88d-00c04fad5171}] : (TS_Generic) [] -> @ts_generic.inf,%TSClassName%;Generic Remote Desktop devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{88bae032-5a81-49f0-bc3d-a4ff138216d6}] : (USBDevice) [] -> @%SystemRoot%\System32\SysClass.Dll,-3029 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{89786ff1-9c12-402f-9c9e-17753c7f4375}] : (CopyProtection) [] -> @c_fscopyprotection.inf,%ClassDesc%;FS Copy protection filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8ecc055d-047f-11d1-a537-0000f8753ed1}] : (LegacyDriver) [] -> @%SystemRoot%\System32\SysClass.Dll,-3003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{990a2bd7-e738-46c7-b26f-1cf8fb9f1391}] : (SmartCard) [] -> @%SystemRoot%\System32\SysClass.DLL,-3031 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{9da2b80f-f89f-4a49-a5c2-511b085b9e8a}] : (EhStorSilo) [] -> @rawsilo.inf,%ClassName%;IEEE 1667 silo and control devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a588a4-c46f-4b37-b7ea-c82fe89870c6}] : (SDHost) [] -> @%SystemRoot%\System32\SysClass.Dll,-3012 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a701c0-a511-42ff-aa6c-06dc0395576f}] : (Encryption) [] -> @c_fsencryption.inf,%ClassDesc%;FS Encryption filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{A3E32DBA-BA89-4F17-8386-2D0127FBD4CC}] : (rdpbus) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{A6F38C48-3A7D-49C2-BB36-DC40BF0F5287}] : (CORK95) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{A73C93F1-9727-4D1D-ACE1-0E333BA4E7DB}] : (nvlddmkm) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b1d1a169-c54f-4379-81db-bee7d88d7454}] : (AntiVirus) [] -> @c_fsantivirus.inf,%ClassDesc%;FS Anti-virus filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b2728d24-ac56-42db-9e02-8edaf5db652f}] : (RDCamera) [] -> @rdcameradriver.inf,%ClassName%;Remote Desktop Camera devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b86dff51-a31e-4bac-b3cf-e8cfe75c9fc2}] : (ActivityMonitor) [] -> @c_fsactivitymonitor.inf,%ClassDesc%;FS Activity monitor filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{bbbe8734-08fa-4966-b6a6-4e5ad010cdd7}] : (USBFunctionController) [] -> @%SystemRoot%\System32\SysClass.Dll,-3030 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c06ff265-ae09-48f0-812c-16753d7cba83}] : (AVC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3027 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c166523c-fe0c-4a94-a586-f1a80cfbbf3e}] : (AudioEndpoint) [] -> @audioendpoint.inf,%ClassName%;Audio inputs and outputs [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c243ffbd-3afc-45e9-b3d3-2ba18bc7ebc5}] : (BarcodeScanner) [] -> @c_barcodescanner.inf,%ClassName%;POS Barcode Scanner [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c30ecea0-11ef-4ef9-b02e-6af81e6e65c0}] : (WSDPrintDevice) [] -> @wsdprint.inf,%ClassName%;WSD Print Provider [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c7bc9b22-21f0-4f0d-9bb6-66c229b8cd33}] : (POSPrinter) [] -> @c_receiptprinter.inf,%ClassName%;POS Receipt Printer [HKLM\SYSTEM\CurrentControlSet\Control\Class\{ca3e7ab9-b4c3-4ae6-8251-579ef933890f}] : (Camera) [] -> @c_camera.inf,%ClassDesc%;Cameras [HKLM\SYSTEM\CurrentControlSet\Control\Class\{cdcf0939-b75b-4630-bf76-80f7ba655884}] : (CFSMetadataServer) [] -> @c_fscfsmetadataserver.inf,%ClassDesc%;FS CFS metadata server filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{ce5939ae-ebde-11d0-b181-0000f8753ec4}] : (MediumChanger) [] -> @%SystemRoot%\System32\StorProp.dll,-17003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d02bc3da-0c8e-4945-9bd5-f1883c226c8c}] : (SecurityEnhancer) [] -> @c_fssecurityenhancer.inf,%ClassDesc%;FS Security enhancer filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d421b08e-6d16-41ca-9c4d-9147e5ac98e0}] : (Miracast) [] -> @miradisp.inf,%ClassName%;Miracast display devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d48179be-ec20-11d1-b6b8-00c04fa372a7}] : (SBP2) [] -> @%SystemRoot%\System32\SysClass.Dll,-3017 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d546500a-2aeb-45f6-9482-f4b1799c3177}] : (HSM) [] -> @c_fshsm.inf,%ClassDesc%;FS HSM filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d612553d-06b1-49ca-8938-e39ef80eb16f}] : (Holographic) [] -> @c_holographic.inf,%ClassName%;Mixed Reality devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d61ca365-5af4-4486-998b-9db4734c6ca3}] : (XnaComposite) [] -> @xusb22.inf,%XUSB22.ClassName%;Xbox 360 Peripherals [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d94ee5d8-d189-4994-83d2-f68d7d41b0e6}] : (SecurityDevices) [] -> @%SystemRoot%\System32\SysClass.Dll,-3020 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{db4f6ddd-9c0e-45e4-9597-78dbbad0f412}] : (SmartCardFilter) [] -> @%SystemRoot%\System32\SysClass.DLL,-3032 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e0cbf06c-cd8b-4647-bb8a-263b43f0f974}] : (Bluetooth) [] -> @%SystemRoot%\system32\bthci.dll,-4001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e2f84ce7-8efa-411c-aa69-97454ca4cb57}] : (Extension) [] -> @c_extension.inf,%ClassDesc%;Extensions [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e55fa6f9-128c-4d04-abab-630c74b1453a}] : (Infrastructure) [] -> @c_fsinfrastructure.inf,%ClassDesc%;FS Infrastructure filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e6f1aa1c-7f3b-4473-b2e8-c97d8ac71d53}] : (UCM) [] -> @c_ucm.inf,%ClassDesc%;USB Connector Managers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{eec5ad98-8080-425f-922a-dabf3de3f69a}] : (WPD) [] -> @%SystemRoot%\System32\wpd_ci.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f2e7dd72-6468-4e36-b6f1-6488f42c1b52}] : (Firmware) [] -> @c_firmware.inf,%ClassDesc%;Firmware [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f3586baf-b5aa-49b5-8d6c-0569284c639f}] : (Compression) [] -> @c_fscompression.inf,%ClassDesc%;FS Compression filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f75a86c0-10d8-4c3a-b233-ed60e4cdfaac}] : (Virtualization) [] -> @c_fsvirtualization.inf,%ClassDesc%;FS Virtualization filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f8ecafa6-66d1-41a5-899b-66585d7216b7}] : (OpenFileBackup) [] -> @c_fsopenfilebackup.inf,%ClassDesc%;FS Open file backup filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{fe8f1572-c67a-48c0-bbac-0b5c6d66cafb}] : (Undelete) [] -> @c_fsundelete.inf,%ClassDesc%;FS Undelete filters [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5] -> elstrans.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) ---------- | Loaded modules (whitelist) [01/07/2019 13:09:56] - (1.5.18.0) - (Silicon Image, Inc - SATA SoftRAID 5 miniport driver) - C:\Windows\system32\DRIVERS\Si3132r5.sys [01/07/2019 13:09:56] - (1.0.0.11) - (Silicon Image, Inc. - Windows Accelerator Driver) - C:\Windows\system32\DRIVERS\SiWinAcc.sys [01/07/2019 13:09:56] - (1.1.6.0) - (Silicon Image, Inc. - Filter driver for Silicon Image SATALink controllers.) - C:\Windows\system32\DRIVERS\SiRemFil.sys [01/07/2019 11:43:58] - (0.0.0.0) - ( -) - C:\Windows\SysWow64\drivers\AsIO.sys [25/09/2018 02:19:54] - (24.21.13.9924) - (NVIDIA Corporation - NVIDIA Windows Kernel Mode Driver, Version 399.24) - C:\Windows\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_8e4f37220e99138f\nvlddmkm.sys [19/03/2019 06:43:33] - (3.0.2.201) - (Qualcomm Atheros Communications, Inc. - Qualcomm Atheros Extensible Wireless LAN device driver) - C:\Windows\System32\drivers\athw8x.sys [01/07/2019 11:45:51] - (3.4.0.0) - (Disc Soft Ltd - DAEMON Tools Lite Virtual USB Bus Driver) - C:\Windows\System32\drivers\dtliteusbbus.sys [01/07/2019 11:45:50] - (5.28.0.0) - (Disc Soft Ltd - DAEMON Tools Lite Virtual SCSI Bus Driver) - C:\Windows\System32\drivers\dtlitescsibus.sys [01/07/2019 11:29:08] - (1.3.37.4) - (NVIDIA Corporation - NVIDIA HDMI Audio Driver) - C:\Windows\system32\drivers\nvhda64v.sys [02/07/2019 15:57:38] - (1.0.0.0) - ( -) - C:\Windows\system32\drivers\CORK95.sys ---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service S0 - [Kernel Driver] - 3ware () -> System32\drivers\3ware.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - ACPI (@acpi.inf,%ACPI.SvcDesc%;Microsoft ACPI Driver) -> System32\drivers\ACPI.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - acpiex (Microsoft ACPIEx Driver) -> System32\Drivers\acpiex.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - ADP80XX () -> System32\drivers\ADP80XX.SYS - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdsata () -> System32\drivers\amdsata.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdsbs () -> System32\drivers\amdsbs.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdxata () -> System32\drivers\amdxata.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - arcsas (@arcsas.inf,%arcsas_ServiceName%;Adaptec SAS/SATA-II RAID Storport's Miniport Driver) -> System32\drivers\arcsas.sys - AcceptPause: False - AcceptStop: False R0 - [File System Driver] - aswbidsh (aswbidsh) -> system32\drivers\aswbidsh.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - aswbuniv (aswbuniv) -> system32\drivers\aswbuniv.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - aswElam (aswElam) -> system32\drivers\aswElam.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - aswRvrt (aswRvrt) -> system32\drivers\aswRvrt.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - aswVmm (aswVmm) -> system32\drivers\aswVmm.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - atapi (@mshdc.inf,%idechannel.DeviceDesc%;IDE Channel) -> System32\drivers\atapi.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - b06bdrv (@netbvbda.inf,%vbd_srv_desc%;QLogic Network Adapter VBD) -> System32\drivers\bxvbda.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - bttflt (@virtdisk.inf,%service_desc%;Microsoft Hyper-V VHDPMEM BTT Filter) -> System32\drivers\bttflt.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - cht4iscsi () -> System32\drivers\cht4sx64.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - CLFS (@%SystemRoot%\system32\drivers\clfs.sys,-100) -> System32\drivers\CLFS.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - CNG () -> System32\Drivers\cng.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - disk (@disk.inf,%disk_ServiceDesc%;Disk Driver) -> System32\drivers\disk.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - ebdrv (@netevbda.inf,%vbd_srv_desc%;QLogic 10 Gigabit Ethernet Adapter VBD) -> System32\drivers\evbda.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - EhStorClass (@%SystemRoot%\system32\drivers\EhStorClass.sys,-100) -> System32\drivers\EhStorClass.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - EhStorTcgDrv (@ehstortcgdrv.inf,%EhStorTcgDrv.Desc%;Microsoft driver for storage devices supporting IEEE 1667 and TCG protocols) -> System32\drivers\EhStorTcgDrv.sys - AcceptPause: False - AcceptStop: False R0 - [File System Driver] - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) -> System32\drivers\fileinfo.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) -> system32\drivers\fltmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) -> System32\DRIVERS\fvevol.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - HpSAMD () -> System32\drivers\HpSAMD.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) -> System32\drivers\hwpolicy.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - iaStorAVC (@iastorav.inf,%iaStorAVC.DeviceDesc%;Intel Chipset SATA RAID Controller) -> System32\drivers\iaStorAVC.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - iaStorV (@iastorv.inf,%*PNP0600.DeviceDesc%;Intel RAID Controller Windows 7) -> System32\drivers\iaStorV.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - intelide () -> System32\drivers\intelide.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - intelpep (@intelpep.inf,%INTELPEP.SVCDESC%;Intel(R) Power Engine Plug-in Driver) -> System32\drivers\intelpep.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - iorate (@%SystemRoot%\system32\drivers\iorate.sys,-101) -> system32\drivers\iorate.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - isapnp () -> System32\drivers\isapnp.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - ItSas35i () -> System32\drivers\ItSas35i.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - KSecDD () -> System32\Drivers\ksecdd.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - KSecPkg () -> System32\Drivers\ksecpkg.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - LSI_SAS () -> System32\drivers\lsi_sas.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SAS2i () -> System32\drivers\lsi_sas2i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SAS3i () -> System32\drivers\lsi_sas3i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SSS () -> System32\drivers\lsi_sss.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - MbamElam (MbamElam) -> system32\DRIVERS\MbamElam.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasas () -> System32\drivers\megasas.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasas2i () -> System32\drivers\MegaSas2i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasas35i () -> System32\drivers\megasas35i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasr () -> System32\drivers\megasr.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) -> System32\drivers\mountmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - msisadrv () -> System32\drivers\msisadrv.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - MsSecFlt (@%SystemRoot%\System32\Drivers\mssecflt.sys,-1001) -> system32\drivers\mssecflt.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - Mup (@%systemroot%\system32\drivers\mup.sys,-101) -> System32\Drivers\mup.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - mvumis () -> System32\drivers\mvumis.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) -> system32\drivers\ndis.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - nvraid () -> System32\drivers\nvraid.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - nvstor () -> System32\drivers\nvstor.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) -> System32\drivers\partmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - pci (@pci.inf,%pci_svcdesc%;Pilote de bus PCI) -> System32\drivers\pci.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - pciide () -> System32\drivers\pciide.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - pcmcia () -> System32\drivers\pcmcia.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - pcw (Performance Counters for Windows Driver) -> System32\drivers\pcw.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - pdc (@%SystemRoot%\system32\drivers\pdc.sys,-100) -> system32\drivers\pdc.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - percsas2i () -> System32\drivers\percsas2i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - percsas3i () -> System32\drivers\percsas3i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - Ramdisk (Windows RAM Disk Driver) -> system32\DRIVERS\ramdisk.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - rdyboost (ReadyBoost) -> System32\drivers\rdyboost.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - sbp2port (@sbp2.inf,%sbp2_ServiceDesc%;SBP-2 Transport/Protocol Bus Driver) -> System32\drivers\sbp2port.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - scmbus (@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver) -> System32\drivers\scmbus.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - SgrmAgent (@%SystemRoot%\System32\Drivers\SgrmAgent.sys,-1001) -> system32\drivers\SgrmAgent.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - Si3132r5 (@oem22.inf,%SI3132.SvcDesc%;SiI-3132 SoftRaid 5 Controller) -> system32\DRIVERS\Si3132r5.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - SiFilter (SATALink driver accelerator) -> system32\DRIVERS\SiWinAcc.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - SiRemFil (SATALink External Device Filter) -> system32\DRIVERS\SiRemFil.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - SiSRaid2 () -> System32\drivers\SiSRaid2.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - SiSRaid4 () -> System32\drivers\sisraid4.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - SmartSAMD () -> System32\drivers\SmartSAMD.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - spaceport (@spaceport.inf,%Spaceport_ServiceDesc%;Storage Spaces Driver) -> System32\drivers\spaceport.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - stexstor () -> System32\drivers\stexstor.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - storahci (@mshdc.inf,%storahci_ServiceDescription%;Microsoft Standard SATA AHCI Driver) -> System32\drivers\storahci.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - storflt (@wstorflt.inf,%service_desc%;Microsoft Hyper-V Storage Accelerator) -> System32\drivers\vmstorfl.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - stornvme (@stornvme.inf,%StorNVMe_ServiceDesc%;Microsoft Standard NVM Express Driver) -> System32\drivers\stornvme.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - storufs (@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver) -> System32\drivers\storufs.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storvsc () -> System32\drivers\storvsc.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - Tcpip (@%SystemRoot%\system32\drivers\tcpip.sys,-10001) -> System32\drivers\tcpip.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - vdrvroot (@vdrvroot.inf,%vdrvroot_svcdesc%;Microsoft Virtual Drive Enumerator) -> System32\drivers\vdrvroot.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - vmbus (@wvmbus.inf,%vmbus.SVCDESC%;Virtual Machine Bus) -> System32\drivers\vmbus.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - volmgr (@volmgr.inf,%volmgr_svcdesc%;Volume Manager Driver) -> System32\drivers\volmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) -> System32\drivers\volmgrx.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volsnap (@%SystemRoot%\system32\drivers\volsnap.sys,-100) -> System32\drivers\volsnap.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volume (@volume.inf,%VolumeServiceDesc%;Volume driver) -> System32\drivers\volume.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - vsmraid () -> System32\drivers\vsmraid.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - VSTXRAID (@vstxraid.inf,%Driver.DeviceDesc%;VIA StorX Storage RAID Controller Windows Driver) -> System32\drivers\vstxraid.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) -> system32\drivers\Wdf01000.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WFPLWFS (@%SystemRoot%\System32\drivers\wfplwfs.sys,-6000) -> System32\drivers\wfplwfs.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WindowsTrustedRT (Windows Trusted Execution Environment Class Extension) -> system32\drivers\WindowsTrustedRT.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WindowsTrustedRTProxy (@WindowsTrustedRTProxy.inf,%WindowsTrustedRTProxy.SVCDESC%;Microsoft Windows Trusted Runtime Secure Service) -> System32\drivers\WindowsTrustedRTProxy.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - Wof (Windows Overlay File System Filter Driver) -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) -> \SystemRoot\system32\drivers\afd.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - afunix (afunix) -> \SystemRoot\system32\drivers\afunix.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - ahcache (@%systemroot%\system32\drivers\ahcache.sys,-102) -> system32\DRIVERS\ahcache.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - aswArPot (aswArPot) -> system32\drivers\aswArPot.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - aswbidsdriver (aswbidsdriver) -> system32\drivers\aswbidsdriver.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - aswKbd (aswKbd) -> system32\drivers\aswKbd.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - aswNetSec (aswNetSec) -> system32\drivers\aswNetSec.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - aswRdr (aswRdr) -> system32\drivers\aswRdr2.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - aswSnx (aswSnx) -> system32\drivers\aswSnx.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - aswSP (aswSP) -> system32\drivers\aswSP.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - bam (@%SystemRoot%\system32\drivers\bam.sys,-100) -> system32\drivers\bam.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - BasicDisplay () -> \SystemRoot\System32\DriverStore\FileRepository\basicdisplay.inf_amd64_25ab9510fd18cfda\BasicDisplay.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - BasicRender () -> \SystemRoot\System32\DriverStore\FileRepository\basicrender.inf_amd64_9ff437f462543a42\BasicRender.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Beep (Beep) -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - cdrom (@cdrom.inf,%cdrom_ServiceDesc%;CD-ROM Driver) -> \SystemRoot\System32\drivers\cdrom.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - CSC (@%systemroot%\system32\cscsvc.dll,-202) -> system32\drivers\csc.sys - AcceptPause: False - AcceptStop: True S1 - [Kernel Driver] - dam (@%SystemRoot%\system32\drivers\dam.sys,-100) -> system32\drivers\dam.sys - AcceptPause: False - AcceptStop: False R1 - [File System Driver] - Dfsc (@%systemroot%\system32\wkssvc.dll,-1008) -> System32\Drivers\dfsc.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - DXGKrnl (LDDM Graphics Subsystem) -> \SystemRoot\System32\drivers\dxgkrnl.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - FileCrypt (@%systemroot%\system32\drivers\filecrypt.sys,-100) -> system32\drivers\filecrypt.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - GpuEnergyDrv (@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100) -> System32\drivers\gpuenergydrv.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - Msfs () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - mssmbios (@mssmbios.inf,%mssmbios_svcdesc%;Microsoft System Management BIOS Driver) -> \SystemRoot\System32\drivers\mssmbios.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - NetBIOS (@%windir%\system32\drivers\netbios.sys,-503) -> system32\drivers\netbios.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - NetBT (@%SystemRoot%\system32\drivers\netbt.sys,-2) -> System32\DRIVERS\netbt.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - Npfs () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - npsvctrig (@npsvctrig.inf,%NPSVCTRIG.SvcDisplayName%;Named pipe service trigger provider) -> \SystemRoot\System32\drivers\npsvctrig.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) -> system32\drivers\nsiproxy.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Null () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Psched (@%windir%\System32\drivers\pacer.sys,-101) -> System32\drivers\pacer.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) -> system32\DRIVERS\rdbss.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) -> \SystemRoot\system32\DRIVERS\tdx.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - vwififlt (@%SystemRoot%\System32\drivers\vwififlt.sys,-259) -> System32\drivers\vwififlt.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - aswMonFlt (aswMonFlt) -> system32\drivers\aswMonFlt.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - aswStm (aswStm) -> system32\drivers\aswStm.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - CldFlt (Windows Cloud Files Filter Driver) -> system32\drivers\cldflt.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - lltdio (@%SystemRoot%\system32\lltdres.dll,-6) -> system32\drivers\lltdio.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) -> \SystemRoot\system32\drivers\luafv.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - MMCSS (@%systemroot%\system32\drivers\mmcss.sys,-100) -> \SystemRoot\system32\drivers\mmcss.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - MsLldp (@%SystemRoot%\system32\drivers\mslldp.sys,-200) -> system32\drivers\mslldp.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - Ndu (@%SystemRoot%\system32\drivers\Ndu.sys,-10001) -> system32\drivers\Ndu.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - PEAUTH (PEAUTH) -> system32\drivers\peauth.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - rspndr (@%SystemRoot%\system32\lltdres.dll,-5) -> system32\drivers\rspndr.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - storqosflt (@%SystemRoot%\System32\drivers\storqosflt.sys,-101) -> system32\drivers\storqosflt.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - tcpipreg (TCP/IP Registry Compatibility) -> System32\drivers\tcpipreg.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - wanarp (@%systemroot%\system32\mprmsg.dll,-32011) -> System32\DRIVERS\wanarp.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - wcifs (@%systemroot%\system32\drivers\wcifs.sys,-100) -> \SystemRoot\system32\drivers\wcifs.sys - AcceptPause: False - AcceptStop: True ---------- | System files (Microsoft|Avast|Atheros|Adaptec|Brother|Intel Files whitelisted) ---------- | Uninstall (Whitelist) [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{24BC4EEC-D064-46DF-B35F-E76494C747D4}] : (Étude pour l'amélioration du produit HP LaserJet M14-M17.-.HP Inc.) -> MsiExec.exe /I{24BC4EEC-D064-46DF-B35F-E76494C747D4} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F64180211F0}] : (Java 8 Update 211 (64-bit).-.Oracle Corporation) -> MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F64180211F0} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{2C22EA92-CB30-4932-0053-000001000000}] : (InfraRecorder 0.53 (x64 edition).-.Christian Kindahl) -> MsiExec.exe /X{2C22EA92-CB30-4932-0053-000001000000} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{6AA6EA9D-F627-45CF-BBBE-6C6223D45A9C}] : (paint.net.-.dotPDN LLC) -> MsiExec.exe /X{6AA6EA9D-F627-45CF-BBBE-6C6223D45A9C} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}] : (Bonjour.-.Apple Inc.) -> MsiExec.exe /X{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{70A0F34E-564B-4F93-ADD6-3BAEC6E44075}] : (Google Earth Pro.-.Google) -> MsiExec.exe /I{70A0F34E-564B-4F93-ADD6-3BAEC6E44075} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{A757B3C8-7F20-4842-8724-63EEAC94CB88}] : (Nuance Power PDF Standard.-.Nuance Communications, Inc.) -> MsiExec.exe /X{A757B3C8-7F20-4842-8724-63EEAC94CB88} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B1701327-1007-4642-9D6C-3B4EFF8AD667}] : (Logiciel de base du périphérique HP LaserJet M14-M17.-.HP Inc.) -> MsiExec.exe /I{B1701327-1007-4642-9D6C-3B4EFF8AD667} ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel] : (NVIDIA Ansel.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel] : (Panneau de configuration NVIDIA 399.24.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer] : (NVIDIA Install Application.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainer] : (NVIDIA Display Container.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainerLS] : (NVIDIA Display Container LS.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayPluginWatchdog] : (NVIDIA Display Watchdog Plugin.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplaySessionContainer] : (NVIDIA Display Session Container.-.NVIDIA Corporation) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{CE16D92B-50F3-4FC5-B29C-13FAFEE1A6C6}] : (DYMO LabelWriter Drivers.-.Sanford L.P.) -> MsiExec.exe /X{CE16D92B-50F3-4FC5-B29C-13FAFEE1A6C6} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\CANONIJPLM100] : (.-.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1A6DED1E-A024-455D-AA82-203D6B3B0CBC}] : (Easy Photo Scan.-.Seiko Epson Corporation) -> MsiExec.exe /X{1A6DED1E-A024-455D-AA82-203D6B3B0CBC} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1f1cc5c0-5f1c-11d5-b4ea-00a0c98e59bc}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{33EA20FB-5389-4938-BA59-2BCD9BB68F41}] : (Dragon NaturallySpeaking 13.-.Nuance Communications Inc.) -> MsiExec.exe /I{33EA20FB-5389-4938-BA59-2BCD9BB68F41} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}] : (NVIDIA PhysX.-.NVIDIA Corporation) -> MsiExec.exe /X{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}] : (Java Auto Updater.-.Oracle Corporation) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{54D84731-D2F9-4E8C-B18E-E91838BE52BB}] : (DYMO Label.-.Newell Rubbermaid) -> MsiExec.exe /I{54D84731-D2F9-4E8C-B18E-E91838BE52BB} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{582876EC-A178-44D4-9823-C10D6C62EAFF}] : (.-.) -> MsiExec /X{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}] : (Google Update Helper.-.Google LLC) -> MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{860F83D4-E1ED-425C-9A5F-C07867AE1EC5}] : (HP LaserJet M14-M17 Aide.-.HP) -> MsiExec.exe /X{860F83D4-E1ED-425C-9A5F-C07867AE1EC5} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}] : (Avast Update Helper.-.AVAST Software) -> MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}] : (Adobe Acrobat Reader DC - Français.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-AC0F074E4100} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AD0AFA77-3849-4A55-8699-11FA72ABD28B}_is1] : (Pilote V1.0 du clavier Corsair K95 Pilote.-.) -> "C:\Windows\unins000.exe" ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{BB586E51-4876-4BB2-91EC-5CB3D0C38145}] : (CardMinder V4.1.-.PFU) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{BF90863B-BF23-4293-89F0-19EF85E2B170}] : (ScanSnap Organizer.-.PFU LIMITED) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{CC08084A-3CB3-44C5-8D9B-04E2E299612A}] : (ScanSnap.-.PFU Limited) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{FB410000-0002-0000-0000-074957833700}] : (ABBYY FineReader for ScanSnap (TM) 4.1.-.ABBYY) -> MsiExec.exe /I{FB410000-0002-0000-0000-074957833700} ---------- | Ports ---------- | Installer [HKCR\Installer\Products\000014BF200000000000709475387300] : ABBYY FineReader for ScanSnap (TM) 4.1 -> C:\Windows\Installer\{FB410000-0002-0000-0000-074957833700}\ARPPRODUCTICON.exe [HKCR\Installer\Products\00006109C80000000100000000F01FEC] : Office 16 Click-to-Run Extensibility Component [HKCR\Installer\Products\00006109C800C0400100000000F01FEC] : Office 16 Click-to-Run Localization Component [HKCR\Installer\Products\00006109E70000000100000000F01FEC] : Office 16 Click-to-Run Licensing Component [HKCR\Installer\Products\09E42CDFE627ECA46809F84AA25C7C92] : Debitest -> C:\Windows\Installer\{FDC24E90-726E-4ACE-8690-8FA42AC5C729}\_853F67D554F05449430E7E.exe [HKCR\Installer\Products\13748D459F2DC8E41BE89E8183EB25BB] : DYMO Label -> C:\Windows\Installer\{54D84731-D2F9-4E8C-B18E-E91838BE52BB}\ARPPRODUCTICON.exe [HKCR\Installer\Products\15E685BB67842BB419CEC53B0D3C1854] : CardMinder V4.1 [HKCR\Installer\Products\29AE22C203BC23940035000010000000] : InfraRecorder 0.53 (x64 edition) -> C:\Windows\Installer\{2C22EA92-CB30-4932-0053-000001000000}\iconmain.ico [HKCR\Installer\Products\2B0163E6D0340BE4183EB2758E9BEDD8] : Bonjour -> C:\Windows\Installer\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}\Bonjour.ico [HKCR\Installer\Products\3B58836850C7C1248871657821777854] : Drobo Dashboard -> C:\Windows\Installer\{863885B3-7C05-421C-8817-568712778745}\ARPPRODUCTICON.exe [HKCR\Installer\Products\4D38F068DE1EC524A9F50C8776EAE15C] : HP LaserJet M14-M17 Aide -> C:\Windows\Installer\{860F83D4-E1ED-425C-9A5F-C07867AE1EC5}\ARPPRODUCTICON.exe [HKCR\Installer\Products\4EA42A62D9304AC4784BF2468120110F] : Java 8 Update 211 (64-bit) -> C:\Program Files\Java\jre1.8.0_211\\bin\javaws.exe [HKCR\Installer\Products\68AB67CA7DA76301B744CAF070E41400] : Adobe Acrobat Reader DC - Français -> C:\Windows\Installer\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}\SC_Reader.ico [HKCR\Installer\Products\7231071B70012464D9C6B3E4FFA86D76] : Logiciel de base du périphérique HP LaserJet M14-M17 -> C:\Windows\Installer\{B1701327-1007-4642-9D6C-3B4EFF8AD667}\ARP_Icon [HKCR\Installer\Products\8C3B757A02F72484784236EECA49BC88] : Nuance Power PDF Standard -> C:\Windows\Installer\{A757B3C8-7F20-4842-8724-63EEAC94CB88}\ARPPRODUCTICON.exe [HKCR\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E] : Avast Update Helper [HKCR\Installer\Products\99E80CA9B0328e74791254777B1F42AE] : [HKCR\Installer\Products\A089CE062ADB6BC44A720BA745894BAC] : Google Update Helper [HKCR\Installer\Products\A48080CC3BC35C44D8B9402E2E9916A2] : ScanSnap [HKCR\Installer\Products\B29D61EC3F055CF42BC931AFEF1E6A6C] : DYMO LabelWriter Drivers [HKCR\Installer\Products\B36809FB32FB3924980F91FE582E1B07] : ScanSnap Organizer [HKCR\Installer\Products\BF02AE3398358394AB95B2DCB96BF814] : Dragon NaturallySpeaking 13.0 -> C:\Windows\Installer\{33EA20FB-5389-4938-BA59-2BCD9BB68F41}\ARPPRODUCTICON.exe [HKCR\Installer\Products\CEE4CB42460DFD643BF57E46497C744D] : Étude pour l'amélioration du produit HP LaserJet M14-M17 -> C:\Windows\Installer\{24BC4EEC-D064-46DF-B35F-E76494C747D4}\ARP_Icon [HKCR\Installer\Products\D9AE6AA6726FFC54BBEBC626324DA5C9] : paint.net -> C:\Windows\Installer\{6AA6EA9D-F627-45CF-BBBE-6C6223D45A9C}\_853F67D554F05449430E7E.exe [HKCR\Installer\Products\E1DED6A1420AD554AA2802D3B6B3C0CB] : Easy Photo Scan -> C:\Windows\Installer\{1A6DED1E-A024-455D-AA82-203D6B3B0CBC}\icon.exe [HKCR\Installer\Products\E43F0A07B46539F4DA6DB3EA6C4E0457] : Google Earth Pro -> C:\Windows\Installer\{70A0F34E-564B-4F93-ADD6-3BAEC6E44075}\MainIcon.ico [HKCR\Installer\Products\F173C5F32AE852F4D9D30D4B25E6A3AE] : NVIDIA PhysX [HKCR\Installer\Products\F60730A4A66673047777F5728467D401] : Java Auto Updater ---------- | Drives ---------- | MBR 64 bits not supported by MBR.exe, Dump : C:\QuickDiag\MBR.Bin ---------- | 20 LastEventLog Local Hostname DESKTOP-2ORIENU.local already in use; will try DESKTOP-2ORIENU-2.local instead ------------ mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 DESKTOP-2ORIENU.local. Addr 192.168.1.10 ------------ mDNSCoreReceiveResponse: Received from 192.168.1.10:5353 16 DESKTOP-2ORIENU.local. AAAA 2A01:CB06:00C3:9B00:497D:E29D:EDA5:F1A1 ------------ Windows ne peut pas charger la DLL de compteur extensible « C:\Windows\system32\sysmain.dll » (code d'erreur Win32 Le module spécifié est introuvable.). ------------ Nom de l’application défaillante MicrosoftEdgeCP.exe, version : 11.0.18362.1, horodatage : 0xceb8cbe1 Nom du module défaillant : edgehtml.dll, version : 11.0.18362.239, horodatage : 0xbf514858 Code d’exception : 0x80070005 Décalage d’erreur : 0x00000000005477fe ID du processus défaillant : 0x2fe8 Heure de début de l’application défaillante : 0x01d5400ce893302c Chemin d’accès de l’application défaillante : C:\Windows\System32\MicrosoftEdgeCP.exe Chemin d’accès du module défaillant: C:\Windows\SYSTEM32\edgehtml.dll ID de rapport : 88b6eb67-3e5e-4f6b-922d-ea8737fc004d Nom complet du package défaillant : Microsoft.MicrosoftEdge_44.18362.1.0_neutral__8wekyb3d8bbwe ID de l’application relative au package défaillant : MicrosoftEdge ------------ Nom de l’application défaillante MicrosoftEdgeCP.exe, version : 11.0.18362.1, horodatage : 0xceb8cbe1 Nom du module défaillant : edgehtml.dll, version : 11.0.18362.239, horodatage : 0xbf514858 Code d’exception : 0x80070005 Décalage d’erreur : 0x00000000005477fe ID du processus défaillant : 0x2f94 Heure de début de l’application défaillante : 0x01d5400ce88d1719 Chemin d’accès de l’application défaillante : C:\Windows\System32\MicrosoftEdgeCP.exe Chemin d’accès du module défaillant: C:\Windows\SYSTEM32\edgehtml.dll ID de rapport : 48da8022-0423-434b-8d4e-ddc7fece8567 Nom complet du package défaillant : Microsoft.MicrosoftEdge_44.18362.1.0_neutral__8wekyb3d8bbwe ID de l’application relative au package défaillant : MicrosoftEdge ------------ Nom de l’application défaillante MicrosoftEdgeCP.exe, version : 11.0.18362.1, horodatage : 0xceb8cbe1 Nom du module défaillant : edgehtml.dll, version : 11.0.18362.239, horodatage : 0xbf514858 Code d’exception : 0x80070005 Décalage d’erreur : 0x00000000005477fe ID du processus défaillant : 0x2cdc Heure de début de l’application défaillante : 0x01d5400ce7d84026 Chemin d’accès de l’application défaillante : C:\Windows\System32\MicrosoftEdgeCP.exe Chemin d’accès du module défaillant: C:\Windows\SYSTEM32\edgehtml.dll ID de rapport : 5098ea33-c0ef-43ff-bb12-9245e3a60364 Nom complet du package défaillant : Microsoft.MicrosoftEdge_44.18362.1.0_neutral__8wekyb3d8bbwe ID de l’application relative au package défaillant : MicrosoftEdge ------------ Nom de l’application défaillante MicrosoftEdgeCP.exe, version : 11.0.18362.1, horodatage : 0xceb8cbe1 Nom du module défaillant : edgehtml.dll, version : 11.0.18362.239, horodatage : 0xbf514858 Code d’exception : 0x80070005 Décalage d’erreur : 0x00000000005477fe ID du processus défaillant : 0x1728 Heure de début de l’application défaillante : 0x01d5400ce7d19574 Chemin d’accès de l’application défaillante : C:\Windows\System32\MicrosoftEdgeCP.exe Chemin d’accès du module défaillant: C:\Windows\SYSTEM32\edgehtml.dll ID de rapport : 89171870-47d1-4789-a53b-dda14a31b517 Nom complet du package défaillant : Microsoft.MicrosoftEdge_44.18362.1.0_neutral__8wekyb3d8bbwe ID de l’application relative au package défaillant : MicrosoftEdge ------------ Nom de l’application défaillante MicrosoftEdgeCP.exe, version : 11.0.18362.1, horodatage : 0xceb8cbe1 Nom du module défaillant : edgehtml.dll, version : 11.0.18362.239, horodatage : 0xbf514858 Code d’exception : 0x80070005 Décalage d’erreur : 0x00000000005477fe ID du processus défaillant : 0x2b24 Heure de début de l’application défaillante : 0x01d5400ce7191db3 Chemin d’accès de l’application défaillante : C:\Windows\System32\MicrosoftEdgeCP.exe Chemin d’accès du module défaillant: C:\Windows\SYSTEM32\edgehtml.dll ID de rapport : 480e1698-fb1d-4bba-a976-c80a016cfdf8 Nom complet du package défaillant : Microsoft.MicrosoftEdge_44.18362.1.0_neutral__8wekyb3d8bbwe ID de l’application relative au package défaillant : MicrosoftEdge ------------ Nom de l’application défaillante MicrosoftEdgeCP.exe, version : 11.0.18362.1, horodatage : 0xceb8cbe1 Nom du module défaillant : edgehtml.dll, version : 11.0.18362.239, horodatage : 0xbf514858 Code d’exception : 0x80070005 Décalage d’erreur : 0x00000000005477fe ID du processus défaillant : 0x11e8 Heure de début de l’application défaillante : 0x01d53fe95ff7e639 Chemin d’accès de l’application défaillante : C:\Windows\System32\MicrosoftEdgeCP.exe Chemin d’accès du module défaillant: C:\Windows\SYSTEM32\edgehtml.dll ID de rapport : 62f80222-4c20-4ac0-9761-583364220048 Nom complet du package défaillant : Microsoft.MicrosoftEdge_44.18362.1.0_neutral__8wekyb3d8bbwe ID de l’application relative au package défaillant : MicrosoftEdge ------------ Nom de l’application défaillante MicrosoftEdgeCP.exe, version : 11.0.18362.1, horodatage : 0xceb8cbe1 Nom du module défaillant : edgehtml.dll, version : 11.0.18362.239, horodatage : 0xbf514858 Code d’exception : 0x80070005 Décalage d’erreur : 0x00000000005477fe ID du processus défaillant : 0x2774 Heure de début de l’application défaillante : 0x01d53fe95f2c86bc Chemin d’accès de l’application défaillante : C:\Windows\System32\MicrosoftEdgeCP.exe Chemin d’accès du module défaillant: C:\Windows\SYSTEM32\edgehtml.dll ID de rapport : 414ea6d1-11df-4cc3-8661-eb7e06c77534 Nom complet du package défaillant : Microsoft.MicrosoftEdge_44.18362.1.0_neutral__8wekyb3d8bbwe ID de l’application relative au package défaillant : MicrosoftEdge ------------ Nom de l’application défaillante MicrosoftEdgeCP.exe, version : 11.0.18362.1, horodatage : 0xceb8cbe1 Nom du module défaillant : edgehtml.dll, version : 11.0.18362.239, horodatage : 0xbf514858 Code d’exception : 0x80070005 Décalage d’erreur : 0x00000000005477fe ID du processus défaillant : 0x1e64 Heure de début de l’application défaillante : 0x01d53fe95e66321e Chemin d’accès de l’application défaillante : C:\Windows\System32\MicrosoftEdgeCP.exe Chemin d’accès du module défaillant: C:\Windows\SYSTEM32\edgehtml.dll ID de rapport : 29355bf8-e7f7-4207-b377-9958616cf110 Nom complet du package défaillant : Microsoft.MicrosoftEdge_44.18362.1.0_neutral__8wekyb3d8bbwe ID de l’application relative au package défaillant : MicrosoftEdge ------------ Nom de l’application défaillante MicrosoftEdgeCP.exe, version : 11.0.18362.1, horodatage : 0xceb8cbe1 Nom du module défaillant : edgehtml.dll, version : 11.0.18362.239, horodatage : 0xbf514858 Code d’exception : 0x80070005 Décalage d’erreur : 0x00000000005477fe ID du processus défaillant : 0x9dc Heure de début de l’application défaillante : 0x01d53fe95e6056e3 Chemin d’accès de l’application défaillante : C:\Windows\System32\MicrosoftEdgeCP.exe Chemin d’accès du module défaillant: C:\Windows\SYSTEM32\edgehtml.dll ID de rapport : 9860e494-3326-4f87-ad1c-71d15988f4bc Nom complet du package défaillant : Microsoft.MicrosoftEdge_44.18362.1.0_neutral__8wekyb3d8bbwe ID de l’application relative au package défaillant : MicrosoftEdge ------------ Nom de l’application défaillante MicrosoftEdgeCP.exe, version : 11.0.18362.1, horodatage : 0xceb8cbe1 Nom du module défaillant : edgehtml.dll, version : 11.0.18362.239, horodatage : 0xbf514858 Code d’exception : 0x80070005 Décalage d’erreur : 0x00000000005477fe ID du processus défaillant : 0xd64 Heure de début de l’application défaillante : 0x01d53fe95d9e241a Chemin d’accès de l’application défaillante : C:\Windows\System32\MicrosoftEdgeCP.exe Chemin d’accès du module défaillant: C:\Windows\SYSTEM32\edgehtml.dll ID de rapport : f3603f75-1f1c-46c9-bf38-14e58a70e72f Nom complet du package défaillant : Microsoft.MicrosoftEdge_44.18362.1.0_neutral__8wekyb3d8bbwe ID de l’application relative au package défaillant : MicrosoftEdge ------------ Nom de l’application défaillante MicrosoftEdgeCP.exe, version : 11.0.18362.1, horodatage : 0xceb8cbe1 Nom du module défaillant : edgehtml.dll, version : 11.0.18362.239, horodatage : 0xbf514858 Code d’exception : 0x80070005 Décalage d’erreur : 0x00000000005477fe ID du processus défaillant : 0x1d24 Heure de début de l’application défaillante : 0x01d53fe95d8cfa24 Chemin d’accès de l’application défaillante : C:\Windows\System32\MicrosoftEdgeCP.exe Chemin d’accès du module défaillant: C:\Windows\SYSTEM32\edgehtml.dll ID de rapport : 2a11d362-5868-4553-9933-b032b3d301ae Nom complet du package défaillant : Microsoft.MicrosoftEdge_44.18362.1.0_neutral__8wekyb3d8bbwe ID de l’application relative au package défaillant : MicrosoftEdge ------------ Nom de l’application défaillante MicrosoftEdgeCP.exe, version : 11.0.18362.1, horodatage : 0xceb8cbe1 Nom du module défaillant : edgehtml.dll, version : 11.0.18362.239, horodatage : 0xbf514858 Code d’exception : 0x80070005 Décalage d’erreur : 0x00000000005477fe ID du processus défaillant : 0x21bc Heure de début de l’application défaillante : 0x01d53fe95cb85fc6 Chemin d’accès de l’application défaillante : C:\Windows\System32\MicrosoftEdgeCP.exe Chemin d’accès du module défaillant: C:\Windows\SYSTEM32\edgehtml.dll ID de rapport : 213c1d39-8aff-4593-8144-c7f628e40ca9 Nom complet du package défaillant : Microsoft.MicrosoftEdge_44.18362.1.0_neutral__8wekyb3d8bbwe ID de l’application relative au package défaillant : MicrosoftEdge ------------ Nom de l’application défaillante MicrosoftEdgeCP.exe, version : 11.0.18362.1, horodatage : 0xceb8cbe1 Nom du module défaillant : edgehtml.dll, version : 11.0.18362.239, horodatage : 0xbf514858 Code d’exception : 0x80070005 Décalage d’erreur : 0x00000000005477fe ID du processus défaillant : 0x2b98 Heure de début de l’application défaillante : 0x01d53fe5e6c70ba9 Chemin d’accès de l’application défaillante : C:\Windows\System32\MicrosoftEdgeCP.exe Chemin d’accès du module défaillant: C:\Windows\SYSTEM32\edgehtml.dll ID de rapport : 8a7a27f7-eb93-4acf-9a93-99884cefa9ab Nom complet du package défaillant : Microsoft.MicrosoftEdge_44.18362.1.0_neutral__8wekyb3d8bbwe ID de l’application relative au package défaillant : MicrosoftEdge ------------ Erreur du service de cliché instantané des volumes : erreur lors de l’appel de la routine CoCreateInstance. hr = 0x8007045b, Un arrêt système est en cours. . ------------ Informations du service de cliché instantané de volumes : impossible de démarrer le serveur COM de CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} et de nom CEventSystem. [0x8007045b, Un arrêt système est en cours. ] ------------ ----------( EOF)---------- - 4440 | 00:38:39