--------------- QuickDiag | g3n-h@ckm@n | V5_25.08.19.1 --------------- ----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 28/08/2019 11:56:42 Updated 25/08/2019 | 15:30 (GMT) by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Time Zone : (UTC+01:00) Bruxelles, Copenhague, Madrid, Paris [Francis (Administrator)] - [DESKTOP-O58RN8R] (S-1-5-21-3990603123-2573632487-1218807564-1002) System: Microsoft Windows 10 Famille - - (10.0.17134) - BuildType: Multiprocessor Free - OSLanguage: 1036 (040c) -> (1803) System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True Boot : Microsoft Windows 10 Famille|C:\Windows|\Device\Harddisk0\Partition3 Boot : Normal boot PC: imedia S1360 - Packard Bell - IdNumber: PTU6XE200613800A489600 - UUID: 69DC9CC8-E2FD-1120-0922-130742000000 Processor : X64 - 1297 Mhz - AMD E-300 APU with Radeon(tm) HD Graphics BIOS Date: 09/02/11 18:15:45 Ver: 04.06.04 - en|US|iso8859-1 - AMI - S/N: PTU6XE200613800A489600 - P01-B4 - ACRSYS - 1072009 CoreTemp : ? Celsius ----------| Quick ---------- | SoundDevice AMD High Definition Audio Device - Status: OK - Manufacturer: Advanced Micro Devices - PNPDeviceID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1002\4&2A04E29&0&0001 Périphérique High Definition Audio - Status: OK - Manufacturer: Microsoft - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0662&SUBSYS_10258100&REV_1001\4&1B7D940D&0&0001 ---------- | Video AMD Radeon HD 6310 Graphics - Resolution: 1920x1080 - Colors: 4294967296 - RefreshRate: 60 - 32 Bits Per Pixel - DeviceID: VideoController1 - Drivers: aticfx64.dll,aticfx64.dll,aticfx64.dll - PNPDeviceID: PCI\VEN_1002&DEV_9802&SUBSYS_05921025&REV_00\3&11583659&0&08 - AdapterCompatibility: Advanced Micro Devices, Inc. - RAM: 536870912 Inegrated Video Chipset DeviceName: AMD Radeon HD 6310 Graphics - DriverVersion: 8.14.01.6463 - SpecificationVersion: 1025 ---------- | Codecs c:\windows\system32\msgsm32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 42480 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msg711.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 25408 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 34696 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msrle32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 17920 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\tsbyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 16896 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\iyuv_32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 53760 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msvidc32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 39424 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\imaadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 36264 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\l3codeca.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 86016 - Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK c:\windows\system32\msyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 28160 - Manufacturer: Microsoft Corporation - Status: OK ---------- | CPU CPU #1 value:70 % CPU #2 value:70 % Total Overall CPU Usage value:70 % ---------- | Network Realtek PCIe GBE Family Controller : SENT:0 bytes/sec / RECVD:0 bytes/sec Realtek RTL8192EU Wireless LAN 802.11n USB 2.0 Network Adapter _2 : SENT:0 bytes/sec / RECVD:0 bytes/sec Overall -> SEND Maxium:70 bytes/sec, / RECEIVE Maximum:0 bytes/sec Microsoft Kernel Debug Network Adapter - - Microsoft - Status: - PnPID : ROOT\KDNIC\0000 Realtek RTL8192EU Wireless LAN 802.11n USB 2.0 Network Adapter - - - Status: - PnPID : Realtek PCIe GBE Family Controller - Ethernet 802.3 - Realtek - Status: - PnPID : PCI\VEN_10EC&DEV_8168&SUBSYS_80001025&REV_06\4&EDB6346&0&00AA Microsoft Wi-Fi Direct Virtual Adapter - - - Status: - PnPID : Microsoft Wi-Fi Direct Virtual Adapter - - - Status: - PnPID : WAN Miniport (SSTP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_SSTPMINIPORT WAN Miniport (IKEv2) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_AGILEVPNMINIPORT WAN Miniport (L2TP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_L2TPMINIPORT WAN Miniport (PPTP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_PPTPMINIPORT WAN Miniport (PPPOE) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_PPPOEMINIPORT WAN Miniport (IP) - Ethernet 802.3 - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_NDISWANIP WAN Miniport (IPv6) - Ethernet 802.3 - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_NDISWANIPV6 WAN Miniport (Network Monitor) - Ethernet 802.3 - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_NDISWANBH Realtek RTL8192EU Wireless LAN 802.11n USB 2.0 Network Adapter #2 - Ethernet 802.3 - Realtek Semiconductor Corp. - Status: - PnPID : USB\VID_0BDA&PID_818B\00E04C000001 Microsoft Wi-Fi Direct Virtual Adapter #3 - Ethernet 802.3 - Microsoft - Status: - PnPID : {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP_WFD\6&3B2CC5CB&0&13 Microsoft Wi-Fi Direct Virtual Adapter #4 - Ethernet 802.3 - Microsoft - Status: - PnPID : {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP_WFD\6&3B2CC5CB&0&14 ---------- | Memory RAM = Total (MB) : 3665 | Free (MB) : 919 Pagefile = Total (MB) : 4910 | Free (MB) : 1545 Virtual = Total (MB) : 4194 | Free (MB) : 3913 Physical Memory 0 : Capacity: 2147483648 - DIMM1 - Posit.: 0 - Manufacturer: Kingston - PartNumber: ACR256X64D3U1333C9 - S/N: 550EF63E Physical Memory 1 : Capacity: 2147483648 - DIMM2 - Posit.: 0 - Manufacturer: Kingston - PartNumber: ACR256X64D3U1333C9 - S/N: 530EF43E ---------- | SID Users Administrateur : [S-1-5-21-3990603123-2573632487-1218807564-500] DefaultAccount : [S-1-5-21-3990603123-2573632487-1218807564-503] Francis : [S-1-5-21-3990603123-2573632487-1218807564-1002] Invité : [S-1-5-21-3990603123-2573632487-1218807564-501] WDAGUtilityAccount : [S-1-5-21-3990603123-2573632487-1218807564-504] Administrateurs : [S-1-5-32-544] IIS_IUSRS : [S-1-5-32-568] Invités : [S-1-5-32-546] Lecteurs des journaux d’événements : [S-1-5-32-573] Propriétaires d'appareils : [S-1-5-32-583] System Managed Accounts Group : [S-1-5-32-581] Utilisateurs : [S-1-5-32-545] Utilisateurs de gestion à distance : [S-1-5-32-580] Utilisateurs de l’Analyseur de performances : [S-1-5-32-558] Utilisateurs du journal de performances : [S-1-5-32-559] Utilisateurs du modèle COM distribué : [S-1-5-32-562] AMD FUEL : [S-1-5-21-3990603123-2573632487-1218807564-1000] ---------- | SystemAccounts Name: Tout le monde - SID: S-1-1-0 - SIDType: 5 - Status: OK Name: LOCAL - SID: S-1-2-0 - SIDType: 5 - Status: OK Name: CREATEUR PROPRIETAIRE - SID: S-1-3-0 - SIDType: 5 - Status: OK Name: GROUPE CREATEUR - SID: S-1-3-1 - SIDType: 5 - Status: OK Name: CREATOR OWNER SERVER - SID: S-1-3-2 - SIDType: 5 - Status: OK Name: CREATOR GROUP SERVER - SID: S-1-3-3 - SIDType: 5 - Status: OK Name: DROITS DU PROPRIÉTAIRE - SID: S-1-3-4 - SIDType: 5 - Status: OK Name: LIGNE - SID: S-1-5-1 - SIDType: 5 - Status: OK Name: RESEAU - SID: S-1-5-2 - SIDType: 5 - Status: OK Name: TACHE - SID: S-1-5-3 - SIDType: 5 - Status: OK Name: INTERACTIF - SID: S-1-5-4 - SIDType: 5 - Status: OK Name: SERVICE - SID: S-1-5-6 - SIDType: 5 - Status: OK Name: ANONYMOUS LOGON - SID: S-1-5-7 - SIDType: 5 - Status: OK Name: Proxy - SID: S-1-5-8 - SIDType: 5 - Status: OK Name: Système - SID: S-1-5-18 - SIDType: 5 - Status: OK Name: ENTERPRISE DOMAIN CONTROLLERS - SID: S-1-5-9 - SIDType: 5 - Status: OK Name: SELF - SID: S-1-5-10 - SIDType: 5 - Status: OK Name: Utilisateurs authentifiés - SID: S-1-5-11 - SIDType: 5 - Status: OK Name: RESTRICTED - SID: S-1-5-12 - SIDType: 5 - Status: OK Name: UTILISATEUR TERMINAL SERVER - SID: S-1-5-13 - SIDType: 5 - Status: OK Name: REMOTE INTERACTIVE LOGON - SID: S-1-5-14 - SIDType: 5 - Status: OK Name: IUSR - SID: S-1-5-17 - SIDType: 5 - Status: OK Name: SERVICE LOCAL - SID: S-1-5-19 - SIDType: 5 - Status: OK Name: SERVICE RÉSEAU - SID: S-1-5-20 - SIDType: 5 - Status: OK Name: BUILTIN - SID: S-1-5-32 - SIDType: 3 - Status: OK ---------- | Drives C:\ -> [Fixed] | [Packard Bell] | Total : 686.83 Go | Free : 562.84 Go -> NTFS [SATA] D:\ -> [Fixed] | [DATA] | Total : 686.83 Go | Free : 685.79 Go -> NTFS [SATA] Disk Usage Information [2 total Physical Disks] Physical Drive #0 [C:, D:] : Read:0 bytes/sec, Written:120,287 bytes/sec Max Read:0 bytes/sec, Max Write:120,287 bytes/sec Physical Drive #1 [F:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Overall - Read Maximum:0 bytes/sec, Write Maximum:120,287 bytes/sec DeviceID: \\.\PHYSICALDRIVE1 - Status: OK - USB - - 0 Part. - PnPID : USBSTOR\DISK&VEN_GENERIC-&PROD_MULTI-CARD&REV_1.00\20071114173400000&0 DeviceID: \\.\PHYSICALDRIVE0 - Status: OK - IDE - Fixed hard disk media - 4 Part. - PnPID : SCSI\DISK&VEN_WDC_WD15&PROD_EARS-22MVWB0\4&19F351EC&0&000000 ---------- | Windows updates - Activation - License W.A.T : :) Test 1 : Windows Is Activated Volume License ---------- | Browsers IE : 11.0.17134.1 (© Microsoft Corporation. Tous droits réservés.) GC : 76.0.3809.100 (Copyright 2019 Google LLC.) Default : "C:\Program Files\Internet Explorer\iexplore.exe" ---------- | FlashPlayer FlashPlayer ActiveX : 32.0.0.207 ---------- | Security AV : Malwarebytes Enabled AS : Windows Defender Disabled FW : WINDOWS Firewall WMI : OK WU: Windows Update Service [Manual(3)] = Running AS: Windows Defender [Manual(3)] = stopped WMI: Windows Management Instrumentation [Auto(2)] = Running ---------- | Running processes 372 | [Owner : Système | Parent : 4(System) | ?????] - (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (10.0.17134.590) = C:\Windows\System32\smss.exe [13/02/2019 12:24:22] CPU Usage:0 % 516 | [Owner : Système | Parent : 504() | ?????] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (10.0.17134.1) = C:\Windows\System32\csrss.exe [12/04/2018 01:34:22] CPU Usage:0 % 616 | [Owner : Système | Parent : 504() | ?????] - (.Microsoft Corporation - Application de démarrage de Windows.) - (10.0.17134.1) = C:\Windows\System32\wininit.exe [12/04/2018 01:34:22] CPU Usage:0 % 624 | [Owner : Système | Parent : 608() | ?????] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (10.0.17134.1) = C:\Windows\System32\csrss.exe [12/04/2018 01:34:22] CPU Usage:0 % 680 | [Owner : Système | Parent : 616(wininit.exe) | ?????] - (.Microsoft Corporation - Applications Services et Contrôleur.) - (10.0.17134.191) = C:\Windows\System32\services.exe [17/08/2018 10:13:59] CPU Usage:0 % 696 | [Owner : Système | Parent : 616(wininit.exe) | 13.83 Mo] - (.Microsoft Corporation - Local Security Authority Process.) - (10.0.17134.376) = C:\Windows\System32\lsass.exe [14/11/2018 16:16:23] CPU Usage:0 % 728 | [Owner : Système | Parent : 608() | 7.78 Mo] - (.Microsoft Corporation - Application d’ouverture de session Windows.) - (10.0.17134.915) = C:\Windows\System32\winlogon.exe [14/08/2019 12:20:15] CPU Usage:0 % 836 | [Owner : UMFD-0 | Parent : 616(wininit.exe) | 2.8 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.17134.950) = C:\Windows\System32\fontdrvhost.exe [14/08/2019 12:20:21] CPU Usage:0 % 844 | [Owner : UMFD-1 | Parent : 728(winlogon.exe) | 9.39 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.17134.950) = C:\Windows\System32\fontdrvhost.exe [14/08/2019 12:20:21] CPU Usage:0 % 924 | [Owner : Système | Parent : 680(services.exe) | 23.22 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 12:24:38] CPU Usage:0 % 988 | [Owner : SERVICE RÉSEAU | Parent : 680(services.exe) | 11.26 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 12:24:38] CPU Usage:0 % 444 | [Owner : DWM-1 | Parent : 728(winlogon.exe) | 42.16 Mo] - (.Microsoft Corporation - Gestionnaire de fenêtres du Bureau.) - (10.0.17134.1) = C:\Windows\System32\dwm.exe [12/04/2018 01:34:19] CPU Usage:0 % 980 | [Owner : Système | Parent : 680(services.exe) | 64.97 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 12:24:38] CPU Usage:0 % 1036 | [Owner : Système | Parent : 680(services.exe) | 73.51 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 12:24:38] CPU Usage:0 % 1076 | [Owner : SERVICE LOCAL | Parent : 680(services.exe) | 30.09 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 12:24:38] CPU Usage:0 % 1100 | [Owner : SERVICE LOCAL | Parent : 680(services.exe) | 24.68 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 12:24:38] CPU Usage:0 % 1264 | [Owner : SERVICE LOCAL | Parent : 680(services.exe) | 30.25 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 12:24:38] CPU Usage:0 % 1332 | [Owner : SERVICE RÉSEAU | Parent : 680(services.exe) | 25.04 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 12:24:38] CPU Usage:0 % 1436 | [Owner : Système | Parent : 680(services.exe) | 4.72 Mo] - (.AMD - AMD External Events Service Module.) - (6.14.11.1199) = C:\Windows\System32\atiesrxx.exe [30/10/2015 00:55:08] CPU Usage:0 % 1524 | [Owner : SERVICE LOCAL | Parent : 680(services.exe) | 6.45 Mo] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (10.0.17134.1) = C:\Windows\System32\WUDFHost.exe [12/04/2018 01:34:28] CPU Usage:0 % 1556 | [Owner : Système | Parent : 1436(atiesrxx.exe) | 7.48 Mo] - (.AMD - AMD External Events Client Module.) - (6.14.11.1199) = C:\Windows\System32\atieclxx.exe [30/10/2015 00:55:08] CPU Usage:0 % 1808 | [Owner : SERVICE LOCAL | Parent : 680(services.exe) | 11.49 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 12:24:38] CPU Usage:0 % 1884 | [Owner : SERVICE LOCAL | Parent : 680(services.exe) | 6.13 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 12:24:38] CPU Usage:0 % 1892 | [Owner : SERVICE LOCAL | Parent : 680(services.exe) | 10.77 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 12:24:38] CPU Usage:0 % 1900 | [Owner : Système | Parent : 680(services.exe) | 12.94 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 12:24:38] CPU Usage:0 % 1712 | [Owner : Système | Parent : 680(services.exe) | 12.62 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 12:24:38] CPU Usage:0 % 1956 | [Owner : Système | Parent : 680(services.exe) | 15.96 Mo] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.17134.1) = C:\Windows\System32\spoolsv.exe [12/04/2018 01:34:41] CPU Usage:0 % 2096 | [Owner : Système | Parent : 680(services.exe) | 6.69 Mo] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) - (15.0.1907.1535) = C:\Program Files (x86)\Avira\Antivirus\sched.exe [05/08/2019 13:36:38] CPU Usage:0 % 2372 | [Owner : Francis | Parent : 980(svchost.exe) | 28.62 Mo] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.17134.1) = C:\Windows\System32\sihost.exe [12/04/2018 01:34:12] CPU Usage:0 % 2416 | [Owner : Francis | Parent : 680(services.exe) | 34.66 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 12:24:38] CPU Usage:0 % 2556 | [Owner : Système | Parent : 680(services.exe) | 53.48 Mo] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) - (15.0.1907.1535) = C:\Program Files (x86)\Avira\Antivirus\avguard.exe [05/08/2019 13:36:20] CPU Usage:4 % 2564 | [Owner : Système | Parent : 680(services.exe) | 6.16 Mo] - (.Advanced Micro Devices, Inc. - Service Fusion Utility.) - (1.0.0.0) = C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [21/08/2015 22:09:14] CPU Usage:0 % 2580 | [Owner : Francis | Parent : 980(svchost.exe) | 14.99 Mo] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.17134.619) = C:\Windows\System32\taskhostw.exe [14/03/2019 14:01:39] CPU Usage:0 % 2588 | [Owner : Système | Parent : 680(services.exe) | ?????] - (.Avira Operations GmbH & Co. KG - Avira Protected Antimalware Service.) - (15.0.1907.1535) = C:\Program Files (x86)\Avira\Antivirus\protectedservice.exe [05/08/2019 13:36:38] CPU Usage:0 % 2612 | [Owner : Système | Parent : 680(services.exe) | 20.63 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 12:24:38] CPU Usage:0 % 2780 | [Owner : Système | Parent : 680(services.exe) | ?????] - (.Microsoft Corporation - Windows Security Health Service.) - (4.13.17134.191) = C:\Windows\System32\SecurityHealthService.exe [17/08/2018 10:14:15] CPU Usage:0 % 2804 | [Owner : SERVICE LOCAL | Parent : 680(services.exe) | 6.79 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 12:24:38] CPU Usage:0 % 2856 | [Owner : Système | Parent : 680(services.exe) | ?????] - (.Malwarebytes - Malwarebytes Service.) - (3.2.0.845) = C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [14/08/2019 11:27:08] CPU Usage:0 % 3024 | [Owner : Système | Parent : 680(services.exe) | 11.58 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 12:24:38] CPU Usage:0 % 2228 | [Owner : Francis | Parent : 1036(svchost.exe) | 12.67 Mo] - (.Microsoft Corporation - Chargeur CTF.) - (10.0.17134.1) = C:\Windows\System32\ctfmon.exe [12/04/2018 01:34:37] CPU Usage:0 % 4456 | [Owner : Francis | Parent : 924(svchost.exe) | 22.89 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.17134.1) = C:\Windows\System32\RuntimeBroker.exe [12/04/2018 01:34:06] CPU Usage:0 % 4696 | [Owner : Francis | Parent : 924(svchost.exe) | 21.11 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.17134.1) = C:\Windows\System32\RuntimeBroker.exe [12/04/2018 01:34:06] CPU Usage:0 % 1520 | [Owner : Francis | Parent : 924(svchost.exe) | 24.6 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.17134.1) = C:\Windows\System32\RuntimeBroker.exe [12/04/2018 01:34:06] CPU Usage:0 % 5196 | [Owner : Francis | Parent : 2856(MBAMService.exe) | 38.52 Mo] - (.Malwarebytes - Malwarebytes Tray Application.) - (3.1.0.1838) = C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [14/08/2019 11:26:55] CPU Usage:0 % 5276 | [Owner : Francis | Parent : 3504() | 8.78 Mo] - (.Microsoft Corporation - Windows Defender notification icon.) - (4.13.17134.1) = C:\Program Files\Windows Defender\MSASCuiL.exe [12/04/2018 01:33:58] CPU Usage:0 % 5908 | [Owner : Francis | Parent : 5788() | 6.17 Mo] - (.Advanced Micro Devices Inc. - Catalyst Control Center: Monitoring program.) - (4.5.0.0) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [21/08/2015 22:38:30] CPU Usage:0 % 1480 | [Owner : Francis | Parent : 5908(MOM.exe) | 26.22 Mo] - (.Advanced Micro Devices Inc. - Catalyst Control Center: Host application.) - (4.5.0.0) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [21/08/2015 22:38:26] CPU Usage:0 % 5300 | [Owner : Système | Parent : 680(services.exe) | 34.16 Mo] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.17134.915) = C:\Windows\System32\SearchIndexer.exe [14/08/2019 12:20:33] CPU Usage:0 % 4976 | [Owner : Système | Parent : 2556(avguard.exe) | 7.47 Mo] - (.Avira Operations GmbH & Co. KG - AntiVir shadow copy service.) - (15.0.1908.1548) = C:\Program Files (x86)\Avira\Antivirus\avshadow.exe [05/08/2019 13:36:42] CPU Usage:0 % 2620 | [Owner : Système | Parent : 680(services.exe) | 22.41 Mo] - (.Avira Operations GmbH & Co. KG - AntiVir WebGuard WFP Service.) - (15.0.1908.1548) = C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [05/08/2019 13:36:22] CPU Usage:0 % 5552 | [Owner : Francis | Parent : 5216() | 3.32 Mo] - (.Avira Operations GmbH & Co. KG - Avira system tray application.) - (15.0.1907.1535) = C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [05/08/2019 13:36:20] CPU Usage:0 % 1372 | [Owner : Système | Parent : 680(services.exe) | 13.5 Mo] - (.Microsoft Corporation - sedsvc.) - (10.0.17134.10074) = C:\Program Files\rempl\sedsvc.exe [30/07/2019 11:09:14] CPU Usage:0 % 4556 | [Owner : Système | Parent : 680(services.exe) | ?????] - (.Microsoft Corporation - Service Broker du moniteur d'exécution System Guard.) - (10.0.17134.1) = C:\Windows\System32\SgrmBroker.exe [12/04/2018 01:34:04] CPU Usage:0 % 7352 | [Owner : SERVICE LOCAL | Parent : 680(services.exe) | 6.98 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 12:24:38] CPU Usage:0 % 6868 | [Owner : Francis | Parent : 924(svchost.exe) | 27.74 Mo] - (.Microsoft Corporation - Application Frame Host.) - (10.0.17134.1) = C:\Windows\System32\ApplicationFrameHost.exe [12/04/2018 01:34:18] CPU Usage:0 % 1352 | [Owner : Francis | Parent : 924(svchost.exe) | 48.88 Mo] - (.Microsoft Corporation - Microsoft Edge.) - (11.0.17134.915) = C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe [14/08/2019 12:21:32] CPU Usage:0 % 5996 | [Owner : Francis | Parent : 924(svchost.exe) | 8.16 Mo] - (.Microsoft Corporation - Browser_Broker.) - (11.0.17134.590) = C:\Windows\System32\browser_broker.exe [13/02/2019 12:24:20] CPU Usage:0 % 7844 | [Owner : Francis | Parent : 924(svchost.exe) | 9.94 Mo] - (.Microsoft Corporation - COM Surrogate.) - (10.0.17134.1) = C:\Windows\System32\dllhost.exe [12/04/2018 01:34:22] CPU Usage:0 % 6048 | [Owner : Francis | Parent : 924(svchost.exe) | 6.32 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.17134.1) = C:\Windows\System32\RuntimeBroker.exe [12/04/2018 01:34:06] CPU Usage:0 % 4212 | [Owner : Francis | Parent : 924(svchost.exe) | 27.76 Mo] - (.Microsoft Corporation - Sélectionner une application.) - (10.0.17134.1) = C:\Windows\System32\OpenWith.exe [12/04/2018 01:34:37] CPU Usage:0 % 6380 | [Owner : Francis | Parent : 924(svchost.exe) | 8.54 Mo] - (.Microsoft Corporation - SkypeApp.) - (8.51.0.72) = C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.51.72.0_x64__kzf8qxf38zg5c\SkypeApp.exe [19/08/2019 09:41:24] CPU Usage:0 % 632 | [Owner : Francis | Parent : 924(svchost.exe) | 10.16 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.17134.1) = C:\Windows\System32\RuntimeBroker.exe [12/04/2018 01:34:06] CPU Usage:0 % 756 | [Owner : Francis | Parent : 728(winlogon.exe) | 160.8 Mo] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.17134.858) = C:\Windows\explorer.exe [11/07/2019 13:24:37] CPU Usage:0 % 7052 | [Owner : SERVICE LOCAL | Parent : 680(services.exe) | 7.93 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 12:24:38] CPU Usage:0 % 8420 | [Owner : Francis | Parent : 924(svchost.exe) | 55.56 Mo] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.17134.753) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [15/05/2019 18:44:06] CPU Usage:0 % 7464 | [Owner : Francis | Parent : 924(svchost.exe) | 71.46 Mo] - (.Microsoft Corporation - Search and Cortana application.) - (10.0.17134.950) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [14/08/2019 12:21:24] CPU Usage:0 % 5764 | [Owner : Francis | Parent : 924(svchost.exe) | 13.54 Mo] - (.Microsoft Corporation - COM Surrogate.) - (10.0.17134.1) = C:\Windows\System32\dllhost.exe [12/04/2018 01:34:22] CPU Usage:0 % 6432 | [Owner : Francis | Parent : 924(svchost.exe) | 46.11 Mo] - (.Microsoft Corporation - Paramètres.) - (10.0.17134.112) = C:\Windows\ImmersiveControlPanel\SystemSettings.exe [13/06/2018 16:13:18] CPU Usage:0 % 8800 | [Owner : Francis | Parent : 756(explorer.exe) | 183.87 Mo] - (.Mozilla Corporation - Thunderbird.) - (60.8.0.7123) = C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [02/08/2019 10:51:34] CPU Usage:0 % 6276 | [Owner : Francis | Parent : 5852() | 298.08 Mo] - (.Mozilla Corporation - Firefox.) - (68.0.2.7164) = C:\Program Files\Mozilla Firefox\firefox.exe [19/08/2019 09:48:45] CPU Usage:0 % 8628 | [Owner : Francis | Parent : 6276(firefox.exe) | 47.1 Mo] - (.Mozilla Corporation - Firefox.) - (68.0.2.7164) = C:\Program Files\Mozilla Firefox\firefox.exe [19/08/2019 09:48:45] CPU Usage:8 % 4708 | [Owner : Francis | Parent : 6276(firefox.exe) | 216.17 Mo] - (.Mozilla Corporation - Firefox.) - (68.0.2.7164) = C:\Program Files\Mozilla Firefox\firefox.exe [19/08/2019 09:48:45] CPU Usage:0 % 7096 | [Owner : Francis | Parent : 6276(firefox.exe) | 89.42 Mo] - (.Mozilla Corporation - Firefox.) - (68.0.2.7164) = C:\Program Files\Mozilla Firefox\firefox.exe [19/08/2019 09:48:45] CPU Usage:0 % 3524 | [Owner : Francis | Parent : 6276(firefox.exe) | 233.85 Mo] - (.Mozilla Corporation - Firefox.) - (68.0.2.7164) = C:\Program Files\Mozilla Firefox\firefox.exe [19/08/2019 09:48:45] CPU Usage:4 % 400 | [Owner : Francis | Parent : 2604(Avira.Systray.exe) | 16 Mo] - (.EFD Software - HD Tune Pro.) - (5.6.0.0) = C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe [27/08/2019 22:15:50] CPU Usage:0 % 2160 | [Owner : Système | Parent : 680(services.exe) | 3.73 Mo] - (.Avira Operations GmbH & Co. KG - Avira Service Host.) - (1.2.135.51949) = C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [25/07/2019 11:58:50] CPU Usage:0 % 2604 | [Owner : Francis | Parent : 2160(Avira.ServiceHost.exe) | 25.39 Mo] - (.Avira Operations GmbH & Co. KG - Avira.) - (1.2.135.51949) = C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [25/07/2019 12:02:40] CPU Usage:0 % 8052 | [Owner : Francis | Parent : 6276(firefox.exe) | 54.04 Mo] - (.Mozilla Corporation - Firefox.) - (68.0.2.7164) = C:\Program Files\Mozilla Firefox\firefox.exe [19/08/2019 09:48:45] CPU Usage:0 % 7248 | [Owner : SERVICE LOCAL | Parent : 1808(svchost.exe) | 11.18 Mo] - (.Microsoft Corporation - Isolation graphique de périphérique audio Windows.) - (10.0.17134.829) = C:\Windows\System32\audiodg.exe [13/06/2019 13:37:44] CPU Usage:0 % 5320 | [Owner : SERVICE RÉSEAU | Parent : 924(svchost.exe) | 11.52 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.17134.1) = C:\Windows\System32\wbem\WmiPrvSE.exe [12/04/2018 01:34:40] CPU Usage:0 % 4360 | [Owner : Francis | Parent : 924(svchost.exe) | 38.17 Mo] - (.Microsoft Corporation - Windows Defender SmartScreen.) - (10.0.17134.677) = C:\Windows\System32\smartscreen.exe [11/04/2019 16:41:17] CPU Usage:0 % 3752 | [Owner : Francis | Parent : 756(explorer.exe) | 55.14 Mo] - (.SosVirus - QuickDiag.) - (25.8.19.1) = C:\Users\Francis\Desktop\QuickDiag.exe [28/08/2019 11:54:16] CPU Usage:0 % 8468 | [Owner : Système | Parent : 924(svchost.exe) | 8.51 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.17134.1) = C:\Windows\System32\wbem\WmiPrvSE.exe [12/04/2018 01:34:40] CPU Usage:0 % 7704 | [Owner : SERVICE RÉSEAU | Parent : 924(svchost.exe) | 9.69 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.17134.1) = C:\Windows\SysWOW64\wbem\WmiPrvSE.exe [12/04/2018 01:34:55] CPU Usage:0 % ---------- | Locked Applications ---------- | Explorer.exe Modules (Microsoft Files Whitelisted) (..-..) - (0.0.0.0) -- C:\Windows\System32\InputHost.dll (.Advanced Micro Devices, Inc. .-.aticfx64.dll.) - (8.17.10.1404) -- C:\Windows\SYSTEM32\aticfx64.dll (.Advanced Micro Devices, Inc. .-.atiuxpag.dll.) - (8.14.1.6463) -- C:\Windows\SYSTEM32\atiuxp64.dll (.Advanced Micro Devices, Inc. .-.atidxx64.dll.) - (8.17.10.625) -- C:\Windows\SYSTEM32\atidxx64.dll (..-..) - (0.0.0.0) -- C:\Windows\ShellExperiences\TileControl.dll (..-..) - (0.0.0.0) -- C:\Windows\ShellComponents\TaskFlowUI.dll (.Advanced Micro Devices, Inc. .-.atiu9pag.dll.) - (8.14.1.6463) -- C:\Windows\SYSTEM32\atiu9p64.dll (.Advanced Micro Devices, Inc. .-.atiumd64.dll.) - (9.14.10.1128) -- C:\Windows\SYSTEM32\atiumd64.dll (.Advanced Micro Devices, Inc. .-.Radeon Video Acceleration Universal Driver.) - (8.14.10.513) -- C:\Windows\SYSTEM32\atiumd6a.dll (.Hewlett-Packard Development Company, L.P..-.HP Unidrive UI Plugin.) - (9.84.0.1173) -- C:\Windows\system32\spool\DRIVERS\x64\3\hpvplui09.dll (.Apache Software Foundation.-..) - (4.0.9790.500) -- C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (.Malwarebytes.-.Malwarebytes.) - (3.0.0.79) -- C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll (.Alexander Roshal.-.WinRAR shell extension.) - (5.71.0.0) -- C:\Program Files\WinRAR\rarext.dll (.Avira Operations GmbH & Co. KG.-.AntiVirus context menu.) - (15.0.1908.1548) -- C:\Program Files (x86)\Avira\Antivirus\shlext64.dll (.Free Time.-.FormatFactory Shell Menu Module.) - (1.5.0.0) -- C:\Program Files (x86)\FormatFactory\ShellEx64_106.dll ---------- | Winlogon.exe Modules (Microsoft Files Whitelisted) ---------- | svchost.exe Modules (Microsoft Files Whitelisted) (.SQLite Development Team.-.SQLite is a software library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine..) - (3.21.0.0) -- C:\Windows\System32\winsqlite3.dll ---------- | ZeroAccess Check [HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll [HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll [HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll ---------- | Startings up OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-19\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE LOCAL OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-20\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE RÉSEAU CCleaner Smart Cleaning - ("C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR [HKU\S-1-5-21-3990603123-2573632487-1218807564-1002\SOFTWARE\...\Run]) - User: DESKTOP-O58RN8R\Francis SecurityHealth - (%ProgramFiles%\Windows Defender\MSASCuiL.exe [HKLM\SOFTWARE\...\Run]) - User: Public [HKU\S-1-5-21-3990603123-2573632487-1218807564-1002\Software\Microsoft\Windows\CurrentVersion\Run] "CCleaner Smart Cleaning"="C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR [HKU\S-1-5-21-3990603123-2573632487-1218807564-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run] "OneDrive"=0x03000000C0081C7C2449D501 "CCleaner Smart Cleaning"=0x030000008074677D2449D501 [HKU\S-1-5-21-3990603123-2573632487-1218807564-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RunMRU] "a"=cleanmgr\1 "MRUList"=cba "b"=%WINDIR%\System32\Control.exe Appwiz.cpl\1 "c"=explorer.exe\1 [HKU\S-1-5-21-3990603123-2573632487-1218807564-1002\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "Device"=HP Photosmart 5520 series,winspool,Ne00: "IsMRUEstablished"=1 "LegacyDefaultPrinterMode"=0 [HKLM\Software\Microsoft\Command Processor] "CompletionChar"=9 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=9 [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "SecurityHealth"=%ProgramFiles%\Windows Defender\MSASCuiL.exe [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run] "SecurityHealth"=0x060000000000000000000000 "StartCCC"=0x03000000600220752449D501 "WindowsDefender"=0x020000000000000000000000 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32] "StartCCC"=0x060000000000000000000000 "SecurityHealth"=0x03000000B05F907A2449D501 "Avira SystrayStartTrigger"=0x020000000000000000000000 [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] ""=mnmsrvc "AppInit_DLLs"= "DdeSendTimeout"=0 "DesktopHeapLogging"=1 "DeviceNotSelectedTimeout"=15 "DwmInputUsesIoCompletionPort"=1 "EnableDwmInputProcessing"=7 "GDIProcessHandleQuota"=10000 "IconServiceLib"=IconCodecService.dll "LoadAppInit_DLLs"=0 "NaturalInputHandler"=Ninput.dll "ShutdownWarningDialogTimeout"=4294967295 "Spooler"=yes "ThreadUnresponsiveLogTimeout"=500 "TransmissionRetryTimeout"=90 "USERNestedWindowLimit"=50 "USERPostMessageLimit"=10000 "USERProcessHandleQuota"=10000 "Win32kLastWriteTime"=1D3D1ED98C0F7D8 [HKLM\Software\WOW6432Node\Microsoft\Command Processor] "CompletionChar"=9 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=9 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun "Avira SystrayStartTrigger"="C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe" [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows] ""=mnmsrvc "AppInit_DLLs"= "DdeSendTimeout"=0 "DesktopHeapLogging"=1 "DeviceNotSelectedTimeout"=15 "DwmInputUsesIoCompletionPort"=1 "EnableDwmInputProcessing"=7 "GDIProcessHandleQuota"=10000 "IconServiceLib"=IconCodecService.dll "LoadAppInit_DLLs"=0 "NaturalInputHandler"=Ninput.dll "ShutdownWarningDialogTimeout"=4294967295 "Spooler"=yes "ThreadUnresponsiveLogTimeout"=500 "TransmissionRetryTimeout"=90 "USERNestedWindowLimit"=50 "USERPostMessageLimit"=10000 "USERProcessHandleQuota"=10000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED} ---------- | Win.ini : ---------- | System.ini : ---------- | Tasks List Avira_Antivirus_Systray CCleaner Update CCleanerSkipUAC GoogleUpdateTaskMachineCore GoogleUpdateTaskMachineUA ---------- | Startings up registry ¦ Folder ---------- | Control - lsa - SecurityProviders - Session Manager - Terminal Server [HKLM\System\CurrentControlSet\Control] "BootDriverFlags"=28 "CurrentUser"=USERNAME "EarlyStartServices"=RpcSs Power BrokerInfrastructure SystemEventsBroker DcomLaunch RpcEpMapper LSM AppIdSvc "PreshutdownOrder"=UsoSvc DeviceInstall gpsvc trustedinstaller "SvcHostSplitThresholdInKB"=3670016 "WaitToKillServiceTimeout"=2000 "SystemStartOptions"= NOEXECUTE=OPTIN "SystemBootDevice"=multi(0)disk(0)rdisk(0)partition(3) "FirmwareBootDevice"=multi(0)disk(0)rdisk(0)partition(2) "LastBootSucceeded"=1 "LastBootShutdown"=0 "DirtyShutdownCount"=6 [HKLM\System\CurrentControlSet\Control\lsa] "auditbasedirectories"=0 "auditbaseobjects"=0 "Bounds"=0x0030000000200000 "crashonauditfail"=0 "fullprivilegeauditing"=0x00 "LimitBlankPasswordUse"=1 "NoLmHash"=1 "Security Packages"="" [02/08/2019 09:56:36] "Notification Packages"=scecli "Authentication Packages"=msv1_0 "LsaPid"=696 "SecureBoot"=1 "ProductType"=3 "disabledomaincreds"=0 "everyoneincludesanonymous"=0 "forceguest"=0 "restrictanonymous"=0 "restrictanonymoussam"=1 [HKLM\System\CurrentControlSet\Control\SecurityProviders] "SecurityProviders"=credssp.dll [HKLM\System\CurrentControlSet\Control\Session Manager] "AutoChkTimeout"=8 "BootExecute"=autocheck autochk * "BootShell"=%SystemRoot%\system32\bootim.exe "CriticalSectionTimeout"=2592000 "ExcludeFromKnownDlls"= "GlobalFlag"=0 "HeapDeCommitFreeBlockThreshold"=0 "HeapDeCommitTotalFreeThreshold"=0 "HeapSegmentCommit"=0 "HeapSegmentReserve"=0 "InitConsoleFlags"=0 "NumberOfInitialSessions"=2 "ObjectDirectories"=\Windows \RPC Control "ProcessorControl"=2 "ProtectionMode"=1 "ResourceTimeoutCount"=150 "RunLevelExecute"=WinInit ServiceControlManager "RunLevelValidate"=ServiceControlManager "SETUPEXECUTE"= "AutoChkSkipSystemPartition"=0 [HKLM\System\CurrentControlSet\Control\Terminal Server] "AllowRemoteRPC"=0 "DelayConMgrTimeout"=0 "DeleteTempDirsOnExit"=1 "fDenyTSConnections"=1 "fSingleSessionPerUser"=1 "NotificationTimeOut"=0 "PerSessionTempDir"=0 "ProductVersion"=5.1 "RCDependentServices"=CertPropSvc SessionEnv "SnapshotMonitors"=1 "StartRCM"=0 "TSUserEnabled"=0 "InstanceID"=92a5b334-c321-4fcc-b8e5-372d3f3 "GlassSessionId"=1 ---------- | .LNK with Arguments ---------- | AppCertDlls ---------- | Dnsapi.dll C:\Windows\System32\dnsapi.dll -> OK : \drivers\etc\hosts C:\Windows\SysWOW64\dnsapi.dll -> OK : \drivers\etc\hosts ---------- | Policies | Registry [HKU\S-1-5-21-3990603123-2573632487-1218807564-1002\Control Panel\Desktop] "ActiveWndTrackTimeout"=0 "BlockSendInputResets"=0 "CaretTimeout"=5000 "CaretWidth"=1 "ClickLockTime"=1200 "CoolSwitchColumns"=7 "CoolSwitchRows"=3 "CursorBlinkRate"=530 "DockMoving"=1 "DragFromMaximize"=1 "DragFullWindows"=1 "DragHeight"=4 "DragWidth"=4 "FocusBorderHeight"=1 "FocusBorderWidth"=1 "FontSmoothing"=2 "FontSmoothingGamma"=0 "FontSmoothingOrientation"=1 "FontSmoothingType"=2 "ForegroundFlashCount"=7 "ForegroundLockTimeout"=200000 "LeftOverlapChars"=3 "MenuShowDelay"=400 "MouseWheelRouting"=2 "PaintDesktopVersion"=0 "Pattern"=0 "RightOverlapChars"=3 "ScreenSaveActive"=1 "SnapSizing"=1 "TileWallpaper"=0 "WallPaper"=C:\Users\Francis\Desktop\lacene_peint_026-copie.jpg "WallpaperOriginX"=0 "WallpaperOriginY"=0 "WallpaperStyle"=10 "WheelScrollChars"=3 "WheelScrollLines"=3 "WindowArrangementActive"=1 "Win8DpiScaling"=0 "DpiScalingVer"=4096 "UserPreferencesMask"=0x9E1E078012000000 "MaxVirtualDesktopDimension"=1920 "MaxMonitorDimension"=1920 "TranscodedImageCount"=1 "LastUpdated"=4294967295 "TranscodedImageCache"=0x7AC301008D6B0600200300000E020000445E167F0949D50143003A005C00550073006500720073005C004600720061006E006300690073005C004400650073006B0074006F0070005C006C006100630065006E0065005F007000650069006E0074005F003000320036002D0063006F007000690065002E006A00700067000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 "WaitToKillAppTimeout"=2000 "HungAppTimeout"=2000 [HKU\S-1-5-21-3990603123-2573632487-1218807564-1002\Software\Microsoft\Windows\CurrentVersion\Explorer] "ExplorerStartupTraceRecorded"=1 "ShellState"=0x240000003428000000000000000000000000000001000000130000000000000062000000 "UserSignedIn"=1 "SlowContextMenuEntries"=0x1A58CE57B60C66429CA019364C90A0B3F5760000B083204722C5CF11876300608CC02F24A01C00008826AC455302D84E97DEB5370FA7D48A473701005D54A9A2C2A0B4429708A0B2BADD77C87433000060B81DB4E464D2119906E49FADC173CA829E0000 "SIDUpdatedOnLibraries"=1 "LocalKnownFoldersMigrated"=1 "TelemetrySalt"=4 "GlobalAssocChangedCounter"=71 "FirstRunTelemetryComplete"=1 "EdgeDesktopShortcutCreated"=1 "AppReadinessLogonComplete"=1 "PostAppInstallTasksCompleted"=1 "link"=0x15000000 "Browse For Folder Width"=347 "Browse For Folder Height"=346 [HKU\S-1-5-21-3990603123-2573632487-1218807564-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_SearchFiles"=2 "ServerAdminUI"=0 "Hidden"=2 "ShowCompColor"=1 "HideFileExt"=1 "DontPrettyPath"=0 "ShowInfoTip"=1 "HideIcons"=0 "MapNetDrvBtn"=0 "WebView"=1 "Filter"=0 "ShowSuperHidden"=0 "SeparateProcess"=0 "AutoCheckSelect"=0 "IconsOnly"=0 "ShowTypeOverlay"=1 "ShowStatusBar"=1 "StoreAppsOnTaskbar"=1 "ListviewAlphaSelect"=1 "ListviewShadow"=1 "TaskbarAnimations"=1 "StartMenuInit"=13 "TaskbarStateLastRun"=0x2BE05F5D00000000 "ReindexedProfile"=1 "ShowTaskViewButton"=1 [HKU\S-1-5-21-3990603123-2573632487-1218807564-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\WordWheelQuery] "MRUListEx"=0xFFFFFFFF [HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers] "authenticodeenabled"=0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "DSCAutomationHostEnabled"=2 "EnableCursorSuppression"=1 "EnableFullTrustStartupTasks"=2 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableUwpStartupTasks"=2 "EnableVirtualization"=1 "PromptOnSecureDesktop"=1 "SupportFullTrustStartupTasks"=1 "SupportUwpStartupTasks"=1 "ValidateAdminCodeSignatures"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "ForceActiveDesktopOn"=0 "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "NoRecentDocsHistory"=0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoAddingComponents"=1 "NoComponents"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "CheckedValue"=1 "DefaultValue"=2 "HKeyRoot"=2147483649 "Id"=2 "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "ValueName"=Hidden [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer] "ActiveSetupDisabled"=0 "ActiveSetupTaskOverride"=1 "AsyncRunOnce"=1 "AsyncUpdatePCSettings"=1 "DisableAppInstallsOnFirstLogon"=1 "DisableResolveStoreCategories"=1 "DisableUpgradeCleanup"=1 "EarlyAppResolverStart"=1 "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "FSIASleepTimeInMs"=60000 "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "IconUnderline"=2 "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "MachineOobeUpdates"=1 "NoWaitOnRoamingPayloads"=1 "TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd} "GlobalAssocChangedCounter"=8 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_TrackDocs"=1 "TaskbarSizeMove"=0 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s [HKLM\Software\WOW6432Node\Policies\Microsoft\Windows\Safer\CodeIdentifiers] "authenticodeenabled"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "DSCAutomationHostEnabled"=2 "EnableCursorSuppression"=1 "EnableFullTrustStartupTasks"=2 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableUwpStartupTasks"=2 "EnableVirtualization"=1 "PromptOnSecureDesktop"=1 "SupportFullTrustStartupTasks"=1 "SupportUwpStartupTasks"=1 "ValidateAdminCodeSignatures"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer] "ForceActiveDesktopOn"=0 "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "NoRecentDocsHistory"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoAddingComponents"=1 "NoComponents"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "CheckedValue"=1 "DefaultValue"=2 "HKeyRoot"=2147483649 "Id"=2 "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "ValueName"=Hidden [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer] "ActiveSetupDisabled"=0 "ActiveSetupTaskOverride"=1 "AsyncRunOnce"=1 "AsyncUpdatePCSettings"=1 "DisableAppInstallsOnFirstLogon"=1 "DisableResolveStoreCategories"=1 "DisableUpgradeCleanup"=1 "EarlyAppResolverStart"=1 "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "FSIASleepTimeInMs"=60000 "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "IconUnderline"=2 "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "MachineOobeUpdates"=1 "NoWaitOnRoamingPayloads"=1 "TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd} "GlobalAssocChangedCounter"=11 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_TrackDocs"=1 "TaskbarSizeMove"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s ---------- | Winlogon [HKU\S-1-5-21-3990603123-2573632487-1218807564-1002\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin;OneDrive;Work Folders "BuildNumber"=17134 "FirstLogon"=0 "PUUActive"=0x0EFB17D00100030023005E00CFA30200EAB20200EAB20200D200000003000C000DFF3D7251CA1C00ADBC070056850100CB67010078210000000000002CB203009416000005010000F1656BB5765DD501CFA302000000000001000000CFA30200EE42000011010000DF5FA20000000000 "DP"=0xD200E80022000300230000000EFB17D000000000000000004BFBA9EE5D5DD5014BFBA9EE5D5DD501000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000F03F80510100272C0040D0811809D081D80967330180648004536480165B043000803032291B38762D3BFB0900806D26E0206D26F0203E1900001D0359401D635B405E3C01408D0019208D201D202CD400C0C0021130C803317CD0CF00C02A4150002E41D000E5A7000013302A2953302A393C10014000B1702044BB7220732F01800202320022423220 [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "AutoRestartShell"=1 "Background"=0 0 0 "CachedLogonsCount"=10 "DebugServerCommand"=no "DefaultDomainName"= "DefaultUserName"=Francis "DisableBackButton"=1 "EnableSIHostIntegration"=1 "ForceUnlockLogon"=0 "LegalNoticeCaption"= "LegalNoticeText"= "PasswordExpiryWarning"=5 "PowerdownAfterShutdown"=0 "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "ReportBootOk"=1 "Shell"=explorer.exe "ShellCritical"=0 "ShellInfrastructure"=sihost.exe "SiHostCritical"=0 "SiHostReadyTimeOut"=0 "SiHostRestartCountLimit"=0 "SiHostRestartTimeGap"=0 "Userinit"=C:\Windows\system32\userinit.exe, "VMApplet"=SystemPropertiesPerformance.exe /pagefile "WinStationsDisabled"=0 "scremoveoption"=0 "DisableCAD"=1 "LastLogOffEndTimePerfCounter"=9797844388 "ShutdownFlags"=2147483815 "AutoAdminLogon"=0 "DisableLockWorkstation"=0 "EnableFirstLogonAnimation"=1 "AutoLogonSID"=S-1-5-21-3990603123-2573632487-1218807564-1002 "LastUsedUsername"=Francis [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon] "DefaultDomainName"= "DefaultUserName"= "EnableSIHostIntegration"=1 "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "Shell"=explorer.exe "ShellCritical"=0 "SiHostCritical"=0 "SiHostReadyTimeOut"=0 "SiHostRestartCountLimit"=0 "SiHostRestartTimeGap"=0 ---------- | Associations [HKLM\Software\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\Classes\.com] ""=comfile [HKLM\Software\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.reg] ""=regfile [HKLM\Software\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\Classes\.scr] ""=scrfile [HKLM\Software\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\Classes\.bat] ""=batfile [HKLM\Software\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.cmd] ""=cmdfile [HKLM\Software\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.pif] ""=piffile [HKLM\Software\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.inf] ""=inffile [HKLM\Software\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\Classes\.url] ""=InternetShortcut [HKLM\Software\Classes\.lnk] ""=lnkfile [HKLM\Software\Classes\.hta] ""=htafile "Content Type"=application/hta "PerceivedType"=text [HKLM\Software\Classes\htafile\Shell\Open\Command] ""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* [HKLM\Software\Classes\InternetShortcut] "EditFlags"=2 "FriendlyTypeName"=@C:\Windows\System32\ieframe.dll,-10046 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "NeverShowExt"= "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment [HKLM\Software\Classes\Application.Manifest] ""=Application Manifest "BrowserFlags"=4096 "EditFlags"=4259840 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200 [HKLM\Software\Classes\Application.Reference] ""=Application Reference "EditFlags"=131072 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201 "IsShortcut"= "NeverShowExt"= [HKLM\Software\Classes\Folder] ""=Folder "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeLayoutPatternForSearch"=alpha "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.HomeGroupSharingStatus [HKLM\Software\WOW6432Node\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\WOW6432Node\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\WOW6432Node\Classes\.com] ""=comfile [HKLM\Software\WOW6432Node\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.reg] ""=regfile [HKLM\Software\WOW6432Node\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\WOW6432Node\Classes\.scr] ""=scrfile [HKLM\Software\WOW6432Node\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\WOW6432Node\Classes\.bat] ""=batfile [HKLM\Software\WOW6432Node\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.cmd] ""=cmdfile [HKLM\Software\WOW6432Node\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.pif] ""=piffile [HKLM\Software\WOW6432Node\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.inf] ""=inffile [HKLM\Software\WOW6432Node\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\WOW6432Node\Classes\.url] ""=InternetShortcut [HKLM\Software\WOW6432Node\Classes\.lnk] ""=lnkfile [HKLM\Software\WOW6432Node\Classes\.hta] ""=htafile "Content Type"=application/hta "PerceivedType"=text [HKLM\Software\WOW6432Node\Classes\htafile\Shell\Open\Command] ""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* [HKLM\Software\WOW6432Node\Classes\InternetShortcut] "EditFlags"=2 "FriendlyTypeName"=@C:\Windows\System32\ieframe.dll,-10046 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "NeverShowExt"= "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment [HKLM\Software\WOW6432Node\Classes\Application.Manifest] ""=Application Manifest "BrowserFlags"=4096 "EditFlags"=4259840 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200 [HKLM\Software\WOW6432Node\Classes\Application.Reference] ""=Application Reference "EditFlags"=131072 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201 "IsShortcut"= "NeverShowExt"= [HKLM\Software\WOW6432Node\Classes\Folder] ""=Folder "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeLayoutPatternForSearch"=alpha "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.HomeGroupSharingStatus [HKLM\Software\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\Shell\open\Command] ""="C:\Program Files\Mozilla Firefox\firefox.exe" [HKLM\Software\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\InstallInfo] "ReinstallCommand"="C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\Clients\StartMenuInternet\Google Chrome\Shell\open\Command] ""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [HKLM\Software\Clients\StartMenuInternet\Google Chrome\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""=C:\Program Files\Internet Explorer\iexplore.exe [12/04/2018 18:19:11] [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\Shell\open\Command] ""="C:\Program Files\Mozilla Firefox\firefox.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\InstallInfo] "ReinstallCommand"="C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\Shell\open\Command] ""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""=C:\Program Files\Internet Explorer\iexplore.exe [12/04/2018 18:19:11] [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall ---------- | AppcompatFlags [HKU\S-1-5-21-3990603123-2573632487-1218807564-1002\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store] "C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe"=0x5341435001000000000000000700000028000000205E0300503E040001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000005354BE02000000002900000029000000 "C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\LocalBridge.exe"=0x534143500100000000000000070000002800000048B600006317010001000000000000000000000A73220000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000073330000000000000100000001000000 "C:\Program Files\CPUID\HWMonitor\HWMonitor.exe"=0x5341435001000000000000000700000028000000E037250045AC250001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000087D30100000000000300000003000000 "C:\Program Files\CCleaner\CCleaner64.exe"=0x5341435001000000000000000700000028000000C04A61016656610101000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000FD0F0000000000000B0000000B000000 "C:\Users\Francis\AppData\Local\Microsoft\OneDrive\19.123.0624.0005\OneDriveSetup.exe"=0x5341435001000000000000000700000028000000782204026D68040201000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Program Files (x86)\FormatFactory\FormatFactory.exe"=0x5341435001000000000000000700000028000000B07E40007E9E400001000000000000000000000A71220000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000FBECF501000000001B0000001B000000 "C:\Program Files\MPC-HC\mpc-hc64.exe"=0x5341435001000000000000000700000028000000F032C100B62BC20001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000001200000000000000000000000000000000C12D0B0000000000DA000000DA000000 "C:\Program Files\WinRAR\WinRAR.exe"=0x5341435001000000000000000700000028000000D8BC220053DF220001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000010E30600000000000400000004000000 "C:\Program Files (x86)\Avira\Antivirus\avgnt.exe"=0x5341435001000000000000000700000028000000280E2A00B6282A0001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000009870E502000000005200000052000000 "C:\Program Files (x86)\Avira\Antivirus\ipmgui.exe"=0x5341435001000000000000000700000028000000085C2600963C270001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000A3330000000000000300000003000000 "C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe"=0x5341435001000000000000000700000028000000D04086000918870001000000000000000000000A71220000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000097837000000000000400000004000000 "C:\Users\Francis\Downloads\ChromeSetup.exe"=0x534143500100000000000000070000002800000038921100D8CF110001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000005E480B00000000000200000002000000 "C:\Program Files (x86)\Avira\Antivirus\avscan.exe"=0x534143500100000000000000070000002800000038DC3400F90D350001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000048717300000000000200000002000000 "C:\Users\Francis\Downloads\hwmonitor_1.40.exe"=0x5341435001000000000000000700000028000000704E13005E7E130001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000000A080100000000000100000001000000 "C:\Program Files\Mozilla Firefox\firefox.exe"=0x534143500100000000000000070000002800000020E608005DBE090001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Users\Francis\Downloads\Firefox Installer.exe"=0x534143500100000000000000070000002800000060EB0400F956050001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000E6FC0500000000000100000001000000 "C:\Users\Francis\Downloads\adwcleaner_7.4.exe"=0x5341435001000000000000000700000028000000C854740054F0740001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000547D0200000000000200000002000000 "C:\Program Files (x86)\OpenOffice 4\program\swriter.exe"=0x534143500100000000000000070000002800000000B004001E5B050001000000000000000000000A71220000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000002A5D0C00000000000700000007000000 "C:\Program Files (x86)\OpenOffice 4\program\soffice.exe"=0x534143500100000000000000070000002800000000AAA8004340A90001000000000000000000000A71220000BFA2139DEDD1D301000000000000000002000000280000000000000000000010000000000000000000000000000000000B2A2800000000000300000003000000 "C:\Users\Francis\Desktop\PhotoFiltre.exe"=0x534143500100000000000000070000002800000000442B000000000001000000000000000000010661200000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000008E40D00000000000100000001000000 "C:\Users\Francis\Downloads\hdtunepro_560_trial.exe"=0x53414350010000000000000007000000280000008D2B22000000000001000000000000000000010600010000BFA2139DEDD1D3010000000000000000 "C:\Program Files (x86)\Avira\Antivirus\administrativerightsprovider_fr.exe"=0x5341435001000000000000000700000028000000700D0400B8A4040001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000D4010000000000000100000001000000 "C:\Users\Francis\Desktop\QuickDiag.exe"=0x534143500100000000000000070000002800000098034F00A0AC4F0001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000 ---------- | IFEO ---------- | Mountpoints2 [HKU\S-1-5-21-3990603123-2573632487-1218807564-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{22228195-c252-11e9-8eda-c89cdc69fde2}] : "G:\LaunchU3.exe" -a (AutoRun) ---------- | Windows [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] ""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "Beep"=#USR:Control Panel\Sound "CoolSwitch"=USR:Control Panel\Desktop "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickSpeed"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse "Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SwapMouseButtons"=#USR:Control Panel\Mouse "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "Beep"=#USR:Control Panel\Sound "CoolSwitch"=USR:Control Panel\Desktop "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickSpeed"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SwapMouseButtons"=#USR:Control Panel\Mouse "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems] "windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ---------- | Security center [HKLM\SOFTWARE\Microsoft\Security Center] "cval"=1 [HKLM\SOFTWARE\Microsoft\Security Center\svc] "VistaSp1"=132091866001069481 [HKLM\SOFTWARE\Microsoft\Windows Defender] "ProductAppDataPath"=C:\ProgramData\Microsoft\Windows Defender "ProductIcon"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-100 "ProductLocalizedName"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-1000 "RemediationExe"=%ProgramFiles%\Windows Defender\MSASCui.exe "ProductType"=2 "InstallTime"=0x160ADCB0D948D501 "InstallLocation"=C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\ "OOBEInstallTime"=0xAC83FC4B0849D501 "ManagedDefenderProductType"=0 "DisableAntiSpyware"=1 "DisableAntiVirus"=1 "ProductStatus"=0 "PassiveMode"=0 "LastEnabledTime"=0xB2A109B35F56D501 "PreviousRunningMode"=2 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall"=1 ---------- | Safeboot [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioSrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicDisplay.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicRender.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BrokerInfrastructure] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DeviceInstall] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dxgkrnl.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FsDepends.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudBus.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LSM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SerCx2.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SystemEventsBroker] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\usbaudio.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AudioEndpointBuilder] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AudioSrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicDisplay.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicRender.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BrokerInfrastructure] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DeviceInstall] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dxgkrnl.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\FsDepends.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HdAudAddService.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HdAudBus.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LSM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetSetupSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SerCx2.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmartcardSimulator] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SpbCx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SystemEventsBroker] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\uefi.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\usbaudio.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VirtualSmartcardReader] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wcmsvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96C-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}] ---------- | Winsock (Whitelist) ---------- | Hosts ---------- | Ping Envoi d'une requ?te 'ping' sur google.com [216.58.213.142] avec 32 octets de donn?es?: R?ponse de 216.58.213.142?: octets=32 temps=21 ms TTL=55 R?ponse de 216.58.213.142?: octets=32 temps=20 ms TTL=55 R?ponse de 216.58.213.142?: octets=32 temps=19 ms TTL=55 R?ponse de 216.58.213.142?: octets=32 temps=20 ms TTL=55 Statistiques Ping pour 216.58.213.142: Paquets?: envoy?s = 4, re?us = 4, perdus = 0 (perte 0%), Dur?e approximative des boucles en millisecondes : Minimum = 19ms, Maximum = 21ms, Moyenne = 20ms ---------- | @ [HKU\S-1-5-21-3990603123-2573632487-1218807564-1002\Software\Microsoft\Internet Explorer\Main] "Anchor Underline"=yes "Cache_Update_Frequency"=yes "Disable Script Debugger"=yes "DisableScriptDebuggerIE"=yes "Display Inline Images"=yes "Do404Search"=0x01000000 "Local Page"=%11%\blank.htm "Save_Session_History_On_Exit"=no "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Show_FullURL"=no "Show_StatusBar"=yes "Show_ToolBar"=yes "Show_URLinStatusBar"=yes "Show_URLToolBar"=yes "Use_DlgBox_Colors"=yes "UseClearType"=no "XMLHTTP"=1 "Enable Browser Extensions"=yes "Play_Background_Sounds"=yes "Play_Animations"=yes "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "ImageStoreRandomFolder"=8v4wvih "OperationalData"=13 "CompatibilityFlags"=0 "SearchBandMigrationVersion"=1 "FullScreen"=no "Window_Placement"=0x2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF2400000024000000D4040000C7020000 "Start Page_TIMESTAMP"=0xD752721EE95BD501 "SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy"= "IE10RunOnceLastShown"=1 "IE10RunOnceLastShown_TIMESTAMP"=0x6D7CE421E95BD501 "IE10TourShown"=1 "IE10TourShownTime"=0xFDCE4F537048D501 [HKU\S-1-5-21-3990603123-2573632487-1218807564-1002\Software\Microsoft\Windows\CurrentVersion\Internet settings] "DisableCachingOfSSLPages"=0 "IE5_UA_Backup_Flag"=5.0 "PrivacyAdvanced"=1 "SecureProtocols"=2688 "User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32) "CertificateRevocation"=1 "EnableNegotiate"=1 "ZonesSecurityUpgrade"=0xFDCE4F537048D501 "MigrateProxy"=1 "ProxyEnable"=0 "WarnonZoneCrossing"=0 "LockDatabase"=132112793747200629 [HKLM\Software\Microsoft\Internet Explorer\Main] "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "AutoHide"=yes "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Anchor_Visitation_Horizon"=0x01000000 "Cache_Percent_of_Disk"=0x0A000000 "Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Secondary_Page_URL"= "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "Extensions Off Page"=about:NoAdd-ons "Local Page"=C:\Windows\System32\blank.htm "Placeholder_Height"=0x1A000000 "Placeholder_Width"=0x1A000000 "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Security Risk Page"=about:SecurityRisk "Use_Async_DNS"=yes "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [HKLM\Software\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "Home"=270 "InPrivate"=res://ieframe.dll/inprivate.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "PostNotCached"=res://ieframe.dll/repost.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes] "ftp"=ftp:// "home"=http:// "mosaic"=http:// "www"=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings] "ActiveXCache"=C:\Windows\Downloaded Program Files "CodeBaseSearchPath"=CODEBASE "EnablePunycode"=1 "MinorVersion"=0 "WarnOnIntranet"=1 [HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings] "CallLegacyWCMPolicies"=0 [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Main] "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "AutoHide"=yes "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Anchor_Visitation_Horizon"=0x01000000 "Cache_Percent_of_Disk"=0x0A000000 "Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Secondary_Page_URL"= "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "Extensions Off Page"=about:NoAdd-ons "Local Page"=C:\Windows\SysWOW64\blank.htm "Placeholder_Height"=0x1A000000 "Placeholder_Width"=0x1A000000 "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Security Risk Page"=about:SecurityRisk "Use_Async_DNS"=yes "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "Home"=270 "InPrivate"=res://ieframe.dll/inprivate.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "PostNotCached"=res://ieframe.dll/repost.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes] "ftp"=ftp:// "home"=http:// "mosaic"=http:// "www"=http:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet settings] "ActiveXCache"=C:\Windows\Downloaded Program Files "CodeBaseSearchPath"=CODEBASE "EnablePunycode"=1 "MinorVersion"=0 "WarnOnIntranet"=1 [HKLM\Software\WOW6432Node\Policies\Microsoft\Windows\CurrentVersion\Internet Settings] "CallLegacyWCMPolicies"=0 ---------- | Proxy ---------- | reparsepoint ---------- | Detection of offsets ---------- | Notify ---------- | Execution FileExts ---------- | SIOI | SEH | URLSH [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw] - {472083B0-C522-11CF-8763-00608CC02F24} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} -- C:\Windows\System32\EhStorShell.dll [12/04/2018 01:34:24] [HKU\S-1-5-21-3990603123-2573632487-1218807564-1002\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks] "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"= ---------- | Toolbar [HKU\S-1-5-21-3990603123-2573632487-1218807564-1002\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "Locked"=1 [HKU\S-1-5-21-3990603123-2573632487-1218807564-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} ---------- | Extensions ---------- | SearchScopes [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : ---------- | Browser Helper Objects ---------- | Chrome C:\Users\Francis\AppData\Local\Google\Chrome\User Data\Default\extensions\aapocclcgogkmnckokdopfmhonfmgoek = : Google & co - Google & co - https://clients2.google.com/service/update2/crx ---------- | Opera ---------- | Firefox C:\Users\Francis\AppData\Roaming\Mozilla\Firefox\Profiles\zxaul0zm.default-release-1565795432674\Extensions\bookmarksorganizer@agenedia.com.xpi C:\Users\Francis\AppData\Roaming\Mozilla\Firefox\Profiles\zxaul0zm.default-release-1565795432674\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi C:\Users\Francis\AppData\Roaming\Mozilla\Firefox\Profiles\zxaul0zm.default-release-1565795432674\Extensions\{702a2280-2133-4441-8732-4e308fb01885}.xpi C:\Users\Francis\AppData\Roaming\Mozilla\Firefox\Profiles\zxaul0zm.default-release-1565795432674\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}.xpi [HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll C:\Users\Francis\AppData\Roaming\Mozilla\Firefox\Profiles\zxaul0zm.default-release-1565795432674\Prefs.js user_pref("browser.startup.homepage_override.buildID", "20190813150448"); user_pref("browser.startup.homepage_override.mstone", "68.0.2"); user_pref("extensions.activeThemeID", "{702a2280-2133-4441-8732-4e308fb01885}"); user_pref("extensions.blocklist.lastModified", "Tue, 27 Aug 2019 19:33:48 GMT"); user_pref("extensions.blocklist.pingCountTotal", 8); user_pref("extensions.blocklist.pingCountVersion", 8); user_pref("extensions.databaseSchema", 31); user_pref("extensions.getAddons.cache.lastUpdate", 1566979770); user_pref("extensions.getAddons.databaseSchema", 5); user_pref("extensions.incognito.migrated", true); user_pref("extensions.lastAppBuildId", "20190813150448"); user_pref("extensions.lastAppVersion", "68.0.2"); user_pref("extensions.lastPlatformVersion", "68.0.2"); user_pref("extensions.pendingOperations", false); user_pref("extensions.systemAddonSet", "{\"schema\":1,\"directory\":\"{073c7363-de9a-444f-831b-1a466e75e8f7}\",\"addons\":{\"webcompat@mozilla.org\":{\"version\":\"5.0.2\"}}}"); user_pref("extensions.ui.dictionary.hidden", true); user_pref("extensions.ui.lastCategory", "addons://list/extension"); user_pref("extensions.ui.locale.hidden", true); user_pref("extensions.webcompat.perform_injections", true); user_pref("extensions.webcompat.perform_ua_overrides", true); user_pref("extensions.webextensions.ExtensionStorageIDB.migrated.bookmarksorganizer@agenedia.com", true); user_pref("extensions.webextensions.ExtensionStorageIDB.migrated.screenshots@mozilla.org", true); user_pref("extensions.webextensions.ExtensionStorageIDB.migrated.{1018e4d6-728f-4b20-ad56-37578a4de76b}", true); user_pref("extensions.webextensions.ExtensionStorageIDB.migrated.{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}", true); user_pref("extensions.webextensions.uuids", "{\"formautofill@mozilla.org\":\"84b2ccb1-6fa7-4a85-827a-831f60cf956a\",\"fxmonitor@mozilla.org\":\"42fc0bca-aba2-40a3-bb61-19aa7c7ea34f\",\"screenshots@mozilla.org\":\"3061eb76-f28e-4cc5-b9cf-81337b0e0139\",\"webcompat-reporter@mozilla.org\":\"8c0fd861-c936-4a1c-9788-5aec0720c585\",\"webcompat@mozilla.org\":\"2ec31b6e-800a-4c9e-81ce-892838ce865e\",\"default-theme@mozilla.org\":\"1204272d-3bcd-41cd-91e3-72934bf70559\",\"google@search.mozilla.org\":\"5eaefae8-fbe1-4acb-b9f2-85692cc3370f\",\"bing@search.mozilla.org\":\"ed1522f7-4fbc-4de7-a9f8-d07dd02f4c65\",\"amazon@search.mozilla.org\":\"561b4f71-2a38-4625-85c5-f816f9b03b3e\",\"ddg@search.mozilla.org\":\"d12d5110-08cd-4e7a-afb1-d11cef255065\",\"ebay@search.mozilla.org\":\"31ce82e3-bddc-41ae-8b99-6c5c5401755f\",\"qwant@search.mozilla.org\":\"06b0ed6c-64d0-4f19-b09f-2f4a08ad95ec\",\"wikipedia@search.mozilla.org\":\"045db0db-07e2-4a27-98fb-7a3b73267548\",\"{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}\":\"e92b73df-2296-44ff-82eb-26280adcc03f\",\"bookmarksorganizer@agenedia.com\":\"321f2296-bd5b-4b6d-8b33-9257efff26e0\",\"firefox-compact-light@mozilla.org\":\"ba74351f-f748-4428-94c1-657b3a407015\",\"firefox-compact-dark@mozilla.org\":\"229b1f6a-8a8c-4a0c-b6df-b25f6f0c71ea\",\"{1018e4d6-728f-4b20-ad56-37578a4de76b}\":\"2c8d3c37-4e50-42cb-a650-51e27c5f0744\",\"{702a2280-2133-4441-8732-4e308fb01885}\":\"bbf2515d-1032-47ad-8475-69dace1956b3\"}"); user_pref("services.sync.extension-storage.lastSync", "0"); [Profile0] - Name=default-release -> Profiles/zxaul0zm.default-release-1565795432674 ---------- | DNS [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters] "DhcpNameServer"=192.168.1.254 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{38353a0a-dd38-40a6-883a-1813742262cf}] "DhcpNameServer"=192.168.1.254 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{c4d3a722-ee40-44f8-a3fe-8f65cb60c319}] "DhcpNameServer"=192.168.1.254 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{38353a0a-dd38-40a6-883a-1813742262cf}] "DhcpNameServer"=192.168.1.254 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{c4d3a722-ee40-44f8-a3fe-8f65cb60c319}] "DhcpNameServer"=192.168.1.254 ---------- | Applications [HKU\S-1-5-21-3990603123-2573632487-1218807564-1002\SOFTWARE\Classes\Applications\mpc-hc64.exe] : "C:\Program Files\MPC-HC\mpc-hc64.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\iexplore.exe" %1 [HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\iexplore.exe" %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" ---------- | SvcHost (Whitelist) [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost] "DcomLaunch"=Power LSM BrokerInfrastructure PlugPlay DcomLaunch DeviceInstall SystemEventsBroker "rdxgroup"=RetailDemo "wusvcs"=WaaSMedicSvc "BthAppGroup"=BluetoothUserService "BcastDVRUserService"=BcastDVRUserService "Camera"=FrameS "diagnostics"=DiagSvc "PrintWorkflow"=PrintWorkflowUserSvc "GraphicsPerfSvcGroup"=GraphicsPerfSvc "DevicesFlow"=DevicesFlowUserSvc DevicePickerUserSvc "smbsvcs"=lanmanserver browser [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost] "DcomLaunch"=PlugPlay DcomLaunch DeviceInstall "PrintWorkflow"=PrintWorkflowUserSvc "smbsvcs"=lanmanserver ---------- | SvcHost - Netsvcs (Whitelist) ---------- | Software [HKU\S-1-5-21-3990603123-2573632487-1218807564-1002\Software\AppDataLow] [HKU\S-1-5-21-3990603123-2573632487-1218807564-1002\Software\ATI] [HKU\S-1-5-21-3990603123-2573632487-1218807564-1002\Software\Avira] [HKU\S-1-5-21-3990603123-2573632487-1218807564-1002\Software\BraveSoftware] [HKU\S-1-5-21-3990603123-2573632487-1218807564-1002\Software\Browser Cleanup] [HKU\S-1-5-21-3990603123-2573632487-1218807564-1002\Software\Chromium] [HKU\S-1-5-21-3990603123-2573632487-1218807564-1002\Software\Clients] [HKU\S-1-5-21-3990603123-2573632487-1218807564-1002\Software\EFD Software] [HKU\S-1-5-21-3990603123-2573632487-1218807564-1002\Software\FreeTime] [HKU\S-1-5-21-3990603123-2573632487-1218807564-1002\Software\g3n-h@ckm@n] [HKU\S-1-5-21-3990603123-2573632487-1218807564-1002\Software\Google] [HKU\S-1-5-21-3990603123-2573632487-1218807564-1002\Software\Malwarebytes] [HKU\S-1-5-21-3990603123-2573632487-1218807564-1002\Software\Microsoft] [HKU\S-1-5-21-3990603123-2573632487-1218807564-1002\Software\Mozilla] [HKU\S-1-5-21-3990603123-2573632487-1218807564-1002\Software\MozillaPlugins] [HKU\S-1-5-21-3990603123-2573632487-1218807564-1002\Software\MPC-HC] [HKU\S-1-5-21-3990603123-2573632487-1218807564-1002\Software\OpenOffice] [HKU\S-1-5-21-3990603123-2573632487-1218807564-1002\Software\Piriform] [HKU\S-1-5-21-3990603123-2573632487-1218807564-1002\Software\Policies] [HKU\S-1-5-21-3990603123-2573632487-1218807564-1002\Software\RegisteredApplications] [HKU\S-1-5-21-3990603123-2573632487-1218807564-1002\Software\sysinternals] [HKU\S-1-5-21-3990603123-2573632487-1218807564-1002\Software\Thunderbird] [HKU\S-1-5-21-3990603123-2573632487-1218807564-1002\Software\WinRAR] [HKU\S-1-5-21-3990603123-2573632487-1218807564-1002\Software\WinRAR SFX] [HKU\S-1-5-21-3990603123-2573632487-1218807564-1002\Software\Wow6432Node] [HKU\S-1-5-21-3990603123-2573632487-1218807564-1002\SOFTWARE\AppDataLow\Software\Microsoft] [HKU\S-1-5-21-3990603123-2573632487-1218807564-1002\Software\Microsoft\Windows\CurrentVersion] [HKU\S-1-5-21-3990603123-2573632487-1218807564-1002\Software\Microsoft\Windows\DWM] [HKU\S-1-5-21-3990603123-2573632487-1218807564-1002\Software\Microsoft\Windows\Shell] [HKU\S-1-5-21-3990603123-2573632487-1218807564-1002\Software\Microsoft\Windows\TabletPC] [HKU\S-1-5-21-3990603123-2573632487-1218807564-1002\Software\Microsoft\Windows\Windows Error Reporting] [HKU\S-1-5-21-3990603123-2573632487-1218807564-1002\Software\Microsoft\Windows\Winlogon] [HKU\S-1-5-21-3990603123-2573632487-1218807564-1002\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\AMD] [HKLM\Software\ATI] [HKLM\Software\ATI Technologies] [HKLM\Software\AVAST Software] [HKLM\Software\Clients] [HKLM\Software\CPUID] [HKLM\Software\g3n-h@ckm@n] [HKLM\Software\Google] [HKLM\Software\Intel] [HKLM\Software\Khronos] [HKLM\Software\Logishrd] [HKLM\Software\Macromedia] [HKLM\Software\Microsoft] [HKLM\Software\Mozilla] [HKLM\Software\mozilla.org] [HKLM\Software\ODBC] [HKLM\Software\OEM] [HKLM\Software\Partner] [HKLM\Software\Piriform] [HKLM\Software\Policies] [HKLM\Software\RegisteredApplications] [HKLM\Software\sysinternals] [HKLM\Software\WinRAR] [HKLM\Software\WOW6432Node] [HKLM\Software\Microsoft\Windows\ClickNote] [HKLM\Software\Microsoft\Windows\CurrentVersion] [HKLM\Software\Microsoft\Windows\DWM] [HKLM\Software\Microsoft\Windows\DynamicManagement] [HKLM\Software\Microsoft\Windows\EnterpriseResourceManager] [HKLM\Software\Microsoft\Windows\Heat] [HKLM\Software\Microsoft\Windows\HTML Help] [HKLM\Software\Microsoft\Windows\ITStorage] [HKLM\Software\Microsoft\Windows\ScheduledDiagnostics] [HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\Microsoft\Windows\Shell] [HKLM\Software\Microsoft\Windows\Tablet PC] [HKLM\Software\Microsoft\Windows\TabletPC] [HKLM\Software\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\Microsoft\Windows\Windows Search] [HKLM\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\BcastDVRUserService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\btagservice] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\BthAppGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\Camera] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\DevicesFlow] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\diagnostics] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\GraphicsPerfSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ICService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceHttp] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestrictedDhcpLmHosts] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetworkFirewall] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceDnsNla] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\print] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\PrintWorkflow] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\rdxgroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\RmSvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\UnistackSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\WepHostSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wsappx] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wusvcs] [HKLM\Software\WOW6432Node\AMD] [HKLM\Software\WOW6432Node\ATI] [HKLM\Software\WOW6432Node\ATI Technologies] [HKLM\Software\WOW6432Node\AVAST Software] [HKLM\Software\WOW6432Node\Avira] [HKLM\Software\WOW6432Node\Google] [HKLM\Software\WOW6432Node\Intel] [HKLM\Software\WOW6432Node\Khronos] [HKLM\Software\WOW6432Node\Macromedia] [HKLM\Software\WOW6432Node\Microsoft] [HKLM\Software\WOW6432Node\Mozilla] [HKLM\Software\WOW6432Node\MozillaPlugins] [HKLM\Software\WOW6432Node\ODBC] [HKLM\Software\WOW6432Node\OpenOffice] [HKLM\Software\WOW6432Node\Wow6432Node] [HKLM\Software\WOW6432Node\X-AVCSD] [HKLM\Software\WOW6432Node\Clients] [HKLM\Software\WOW6432Node\Policies] [HKLM\Software\WOW6432Node\RegisteredApplications] [HKLM\Software\WOW6432Node\Microsoft\Windows\ClickNote] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows\Dwm] [HKLM\Software\WOW6432Node\Microsoft\Windows\EnterpriseResourceManager] [HKLM\Software\WOW6432Node\Microsoft\Windows\Heat] [HKLM\Software\WOW6432Node\Microsoft\Windows\HTML Help] [HKLM\Software\WOW6432Node\Microsoft\Windows\ITStorage] [HKLM\Software\WOW6432Node\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\WOW6432Node\Microsoft\Windows\Tablet PC] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Search] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceHttp] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestrictedDhcpLmHosts] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetworkFirewall] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceDnsNla] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\PrintWorkflow] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\wusvcs] ---------- | Drives D: ---------- | C: [01/08/2019 15:20:05] - |SHD| - [2562044654] - C:\$Recycle.Bin [01/08/2019 13:14:53] - |HD| - [72732110] - C:\$SysReset [23/08/2019 15:18:45] - |D| - [2230] - C:\AdwCleaner [02/08/2019 04:30:46] - |D| - [126954006] - C:\AMD [02/08/2019 04:42:39] - |SHD| - [0] - C:\Documents and Settings [MD5.D41D8CD98F00B204E9800998ECF8427E] - [25/05/2018 12:03:52] - |ASH| - (.-.) - [1501249536] - (0.0.0.0) - C:\hiberfil.sys [MD5.D41D8CD98F00B204E9800998ECF8427E] - [06/04/2016 15:33:40] - |ASH| - (.-.) - [1275068416] - (0.0.0.0) - C:\pagefile.sys [01/08/2019 15:20:05] - |D| - [0] - C:\PerfLogs [01/08/2019 15:20:05] - |RD| - [2706773195] - C:\Program Files [01/08/2019 15:20:06] - |RD| - [2020352502] - C:\Program Files (x86) [01/08/2019 15:20:06] - |HD| - [676096155] - C:\ProgramData [28/08/2019 11:56:17] - |D| - [68685] - C:\QuickDiag [MD5.684C4FEBB0BE89B113471AE9CBBBE355] - [28/08/2019 11:56:42] - |A| - (.-.) - [115816] - (0.0.0.0) - C:\QuickDiag.txt [01/08/2019 15:54:16] - |SHD| - [1040] - C:\Recovery [MD5.D41D8CD98F00B204E9800998ECF8427E] - [01/08/2019 23:02:52] - |A| - (.-.) - [0] - (0.0.0.0) - C:\Recovery.txt [MD5.D41D8CD98F00B204E9800998ECF8427E] - [06/04/2016 15:33:40] - |ASH| - (.-.) - [268435456] - (0.0.0.0) - C:\swapfile.sys [28/07/2015 08:07:25] - |SHD| - [0] - C:\System Volume Information [01/08/2019 14:44:26] - |RD| - [101156727555] - C:\Users [01/08/2019 14:44:26] - |D| - [21366299306] - C:\Windows ---------- | C:\Windows [01/08/2019 15:20:06] - |D| - [802] - C:\Windows\addins [01/08/2019 15:20:06] - |D| - [7519765] - C:\Windows\appcompat [01/08/2019 15:20:06] - |D| - [8333246] - C:\Windows\apppatch [01/08/2019 15:20:06] - |D| - [0] - C:\Windows\AppReadiness [01/08/2019 15:20:05] - |RD| - [934291854] - C:\Windows\assembly [MD5.D41D8CD98F00B204E9800998ECF8427E] - [02/08/2019 04:30:46] - |A| - (.-.) - [0] - (0.0.0.0) - C:\Windows\ativpsrm.bin [01/08/2019 15:20:06] - |D| - [720353] - C:\Windows\bcastdvr [MD5.178BA90AA13F6F834E5C060DC923FB55] - [12/04/2018 01:34:02] - |N| - (.© Microsoft Corporation. Tous droits réservés. - Utilitaire de service de fichier de démarrage.) - [67072] - (10.0.17134.1) - C:\Windows\bfsvc.exe [01/08/2019 15:20:06] - |D| - [38319581] - C:\Windows\Boot [MD5.1840CA2360240E00E1C785E3395E516E] - [01/08/2019 15:52:14] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\Windows\bootstat.dat [01/08/2019 15:20:06] - |D| - [2448984] - C:\Windows\Branding [01/08/2019 14:59:53] - |D| - [0] - C:\Windows\CbsTemp [01/08/2019 15:20:06] - |D| - [11482410] - C:\Windows\Cursors [01/08/2019 15:20:06] - |D| - [0] - C:\Windows\debug [01/08/2019 15:20:06] - |D| - [4607251] - C:\Windows\diagnostics [01/08/2019 15:34:24] - |D| - [0] - C:\Windows\DigitalLocker [01/08/2019 15:20:06] - |SD| - [65] - C:\Windows\Downloaded Program Files [01/08/2019 15:20:06] - |HD| - [103376] - C:\Windows\ELAMBKUP [01/08/2019 15:34:24] - |D| - [0] - C:\Windows\en-US [MD5.A1D1CE7D323A357163A500CDC15EDA54] - [11/07/2019 13:24:37] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [4038688] - (10.0.17134.858) - C:\Windows\explorer.exe [01/08/2019 15:20:06] - |RSD| - [372186704] - C:\Windows\Fonts [01/08/2019 15:34:24] - |D| - [109568] - C:\Windows\fr-FR [01/08/2019 15:20:06] - |D| - [0] - C:\Windows\GameBarPresenceWriter [01/08/2019 15:20:06] - |D| - [47866459] - C:\Windows\Globalization [01/08/2019 15:20:06] - |D| - [961999] - C:\Windows\Help [MD5.30D302335B017DC3B53519BD9E33D763] - [13/02/2019 12:25:18] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Aide et support Microsoft.) - [1054720] - (10.0.17134.556) - C:\Windows\HelpPane.exe [MD5.A50C9DF7603E2F1AEA6B54053794A326] - [12/04/2018 01:34:25] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Exécutable de l’aide HTML Microsoft®.) - [17920] - (10.0.17134.1) - C:\Windows\hh.exe [01/08/2019 15:20:06] - |D| - [29869] - C:\Windows\IdentityCRL [01/08/2019 15:20:06] - |D| - [28827030] - C:\Windows\IME [01/08/2019 15:20:06] - |RD| - [8489793] - C:\Windows\ImmersiveControlPanel [01/08/2019 15:14:40] - |D| - [54362910] - C:\Windows\INF [01/08/2019 15:52:34] - |D| - [1589477952] - C:\Windows\InfusedApps [01/08/2019 15:20:06] - |D| - [38137502] - C:\Windows\InputMethod [01/08/2019 15:20:06] - |SHD| - [91105577] - C:\Windows\Installer [01/08/2019 15:20:06] - |D| - [94163] - C:\Windows\L2Schemas [01/08/2019 15:20:06] - |HD| - [0] - C:\Windows\LanguageOverlayCache [01/08/2019 15:20:06] - |D| - [0] - C:\Windows\LiveKernelReports [01/08/2019 15:20:06] - |D| - [5952217] - C:\Windows\Logs [01/08/2019 15:20:06] - |RSD| - [20486563] - C:\Windows\media [MD5.23AF90D2355D8C83AA4567EF1763B467] - [12/04/2018 01:34:36] - |N| - (.-.) - [43131] - (0.0.0.0) - C:\Windows\mib.bin [01/08/2019 15:20:05] - |RD| - [794241321] - C:\Windows\Microsoft.NET [01/08/2019 15:20:06] - |D| - [3135] - C:\Windows\Migration [01/08/2019 15:20:06] - |D| - [0] - C:\Windows\ModemLogs [MD5.BB9A06B8F2DD9D24C77F389D7B2B58D2] - [12/04/2018 01:34:20] - |N| - (.© Microsoft Corporation. Tous droits réservés. - Bloc-notes.) - [245760] - (10.0.17134.1) - C:\Windows\notepad.exe [01/08/2019 15:36:46] - |D| - [199472] - C:\Windows\OCR [01/08/2019 15:20:06] - |RD| - [65] - C:\Windows\Offline Web Pages [01/08/2019 14:44:22] - |D| - [20579110] - C:\Windows\Panther [01/08/2019 15:20:06] - |D| - [334564] - C:\Windows\Performance [MD5.7BEE1DF5F5637EE8B145CCCF4C8F69DE] - [02/08/2019 11:02:35] - |A| - (.-.) - [596098] - (0.0.0.0) - C:\Windows\PFRO.log [01/08/2019 15:20:06] - |D| - [1136442] - C:\Windows\PLA [01/08/2019 15:20:06] - |D| - [2822167] - C:\Windows\PolicyDefinitions [01/08/2019 15:20:06] - |D| - [18235202] - C:\Windows\prefetch [01/08/2019 15:20:06] - |RD| - [1965018] - C:\Windows\PrintDialog [01/08/2019 15:20:06] - |D| - [5526670] - C:\Windows\Provisioning [MD5.AC91328EE5CFFBD695CE912F75F876F6] - [12/04/2018 01:34:34] - |N| - (.© Microsoft Corporation. Tous droits réservés. - Éditeur du Registre.) - [336384] - (10.0.17134.1) - C:\Windows\regedit.exe [01/08/2019 15:20:06] - |D| - [22588] - C:\Windows\Registration [01/08/2019 15:20:06] - |D| - [10297016] - C:\Windows\rescache [01/08/2019 15:20:06] - |D| - [3623961] - C:\Windows\Resources [01/08/2019 15:20:06] - |D| - [0] - C:\Windows\SchCache [01/08/2019 15:20:06] - |D| - [122082] - C:\Windows\schemas [01/08/2019 15:20:06] - |D| - [5317092] - C:\Windows\security [02/08/2019 04:25:38] - |D| - [76151823] - C:\Windows\ServiceProfiles [01/08/2019 15:20:07] - |D| - [0] - C:\Windows\ServiceState [01/08/2019 14:44:26] - |D| - [106966540] - C:\Windows\servicing [01/08/2019 15:48:24] - |D| - [42] - C:\Windows\Setup [MD5.64BA174D203C39E90A0C2560D08201D0] - [20/08/2019 13:50:15] - |A| - (.-.) - [3631] - (0.0.0.0) - C:\Windows\setupact.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - [20/08/2019 13:50:15] - |A| - (.-.) - [0] - (0.0.0.0) - C:\Windows\setuperr.log [01/08/2019 15:20:07] - |D| - [6443008] - C:\Windows\ShellComponents [01/08/2019 15:20:07] - |D| - [53636096] - C:\Windows\ShellExperiences [01/08/2019 15:20:07] - |D| - [3070736] - C:\Windows\SKB [02/08/2019 04:47:10] - |D| - [427566335] - C:\Windows\SoftwareDistribution [01/08/2019 15:20:07] - |D| - [86037185] - C:\Windows\Speech [01/08/2019 15:20:07] - |D| - [63476142] - C:\Windows\Speech_OneCore [MD5.1CC7C7CCB919892585890F22DB69258D] - [11/07/2019 13:21:45] - |A| - (.© Microsoft Corporation. - Print driver host for applications.) - [131072] - (10.0.17134.885) - C:\Windows\splwow64.exe [01/08/2019 15:20:07] - |D| - [31039] - C:\Windows\System [MD5.286A9EDB379DC3423A528B0864A0F111] - [01/08/2019 15:20:30] - |A| - (.-.) - [219] - (0.0.0.0) - C:\Windows\system.ini [01/08/2019 14:44:26] - |D| - [4139824734] - C:\Windows\System32 [01/08/2019 15:20:08] - |D| - [225513034] - C:\Windows\SystemApps [01/08/2019 15:20:19] - |D| - [25702089] - C:\Windows\SystemResources [01/08/2019 15:20:20] - |D| - [1448451075] - C:\Windows\SysWOW64 [01/08/2019 15:20:21] - |D| - [0] - C:\Windows\TAPI [01/08/2019 15:20:21] - |D| - [6] - C:\Windows\Tasks [01/08/2019 15:20:21] - |D| - [755552] - C:\Windows\Temp [01/08/2019 15:20:21] - |D| - [13610496] - C:\Windows\TextInput [01/08/2019 15:20:21] - |D| - [0] - C:\Windows\tracing [01/08/2019 15:20:21] - |D| - [7680] - C:\Windows\twain_32 [MD5.076387B253E6A381090F59EDBFC5EEF6] - [12/04/2018 01:34:53] - |N| - (.- Gestionnaire de sources Twain_32 (Image Acquisition Interface).) - [65536] - (1.7.1.3) - C:\Windows\twain_32.dll [01/08/2019 15:20:21] - |D| - [12420] - C:\Windows\Vss [01/08/2019 15:20:21] - |D| - [25818] - C:\Windows\WaaS [01/08/2019 15:20:21] - |D| - [15729830] - C:\Windows\Web [MD5.23CF8138F49416231807E6DE371FB9E6] - [01/08/2019 15:20:30] - |A| - (.-.) - [92] - (0.0.0.0) - C:\Windows\win.ini [MD5.C844CA459F3B209329984772269B6E56] - [12/04/2018 01:34:36] - |AH| - (.-.) - [670] - (0.0.0.0) - C:\Windows\WindowsShell.Manifest [MD5.2CC83D93DD1DDE691158CF5E9882420B] - [19/08/2019 09:26:00] - |A| - (.-.) - [276] - (0.0.0.0) - C:\Windows\WindowsUpdate.log [MD5.EE1F0DE1ED3E8A5BF080B3497049969E] - [12/04/2018 01:34:52] - |N| - (.© Microsoft Corporation. Tous droits réservés. - Relais Windows Winhlp32.) - [11776] - (10.0.17134.1) - C:\Windows\winhlp32.exe [01/08/2019 14:44:26] - |D| - [10535937195] - C:\Windows\WinSxS [MD5.E7E4D8D7340DA6934B9EA81CBB21374C] - [12/04/2018 01:33:56] - |N| - (.-.) - [316640] - (0.0.0.0) - C:\Windows\WMSysPr9.prx [MD5.5266C61652051E9EF3A4D199001F6B17] - [12/04/2018 01:34:19] - |N| - (.© Microsoft Corporation. - Windows Write.) - [11264] - (10.0.17134.1) - C:\Windows\write.exe ---------- | C:\Windows\System32\GroupPolicy ---------- | Systemroot\System ---------- | Systemroot\Installer (Microsoft Files Whitelisted) [14/08/2019 13:24:54] - C:\Windows\Installer\24e2a5.msi : (Google Update Helper - Google LLC) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:06:24] - C:\Windows\Installer\6a275.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [11/11/2014 10:49:56] - C:\Windows\Installer\6a27a.msi : (Branding - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:06:16] - C:\Windows\Installer\6a27f.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:03:22] - C:\Windows\Installer\6a284.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:03:30] - C:\Windows\Installer\6a289.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:03:36] - C:\Windows\Installer\6a28e.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:03:44] - C:\Windows\Installer\6a293.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:03:52] - C:\Windows\Installer\6a298.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:04:00] - C:\Windows\Installer\6a29d.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:04:06] - C:\Windows\Installer\6a2a2.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:04:16] - C:\Windows\Installer\6a2a7.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:04:22] - C:\Windows\Installer\6a2ac.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:04:30] - C:\Windows\Installer\6a2b1.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:04:38] - C:\Windows\Installer\6a2b6.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:04:46] - C:\Windows\Installer\6a2bb.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:04:54] - C:\Windows\Installer\6a2c0.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:05:02] - C:\Windows\Installer\6a2c5.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:05:10] - C:\Windows\Installer\6a2ca.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:05:18] - C:\Windows\Installer\6a2cf.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:05:26] - C:\Windows\Installer\6a2d4.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:05:34] - C:\Windows\Installer\6a2d9.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:05:42] - C:\Windows\Installer\6a2de.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:05:50] - C:\Windows\Installer\6a2e3.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:05:58] - C:\Windows\Installer\6a2e8.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:06:06] - C:\Windows\Installer\6a2ed.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:06:40] - C:\Windows\Installer\6a2f2.msi : (Catalyst Control Center Utility 64 - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:07:30] - C:\Windows\Installer\6a2f7.msi : (AMD Fuel - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:03:12] - C:\Windows\Installer\6a2fc.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [24/10/2018 05:07:56] - C:\Windows\Installer\6e7f66.msi : (OpenOffice 4.1.6 - OpenOffice) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [25/07/2019 12:10:34] - C:\Windows\Installer\ff7cfd1.msi : (Avira - Avira Operations GmbH & Co. KG) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] ---------- | %System%\*.in* [12/04/2018 01:33:56] - [3329] - C:\Windows\System32\ieuinit.inf [02/08/2019 04:46:53] - [1766590] - C:\Windows\System32\PerfStringBackup.INI [12/04/2018 01:34:33] - [60124] - C:\Windows\System32\tcpmon.ini [12/04/2018 01:34:20] - [2404] - C:\Windows\System32\WimBootCompress.ini [12/04/2018 01:34:00] - [3329] - C:\Windows\Syswow64\ieuinit.inf [12/04/2018 01:34:49] - [2404] - C:\Windows\Syswow64\WimBootCompress.ini ---------- | Listing no Microsoft signed files (Not necessary Malwares) | system32 | Syswow64 | General scan [MD5.CA441D2D121DF11205C084C99620464D] - |A| - [27/08/2019 13:08:55] - (.-.) - [2.67 Ko] - (0.0.0.0) - C:\Windows\Temp\avira_antivirus_setup.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [21/08/2019 13:13:12] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\FXSAPIDebugLogFile.txt [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [21/08/2019 13:12:58] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\FXSTIFFDebugLogFile.txt [MD5.F304D668CCA92BAC281B90BB053410F6] - |A| - [26/08/2019 10:10:09] - (.-.) - [18.02 Ko] - (0.0.0.0) - C:\Windows\Temp\HighPerformancePlan.log [MD5.00000000000000000000000000000000] - |D| - [21/08/2019 13:12:08] - [679.75 Ko] - C:\Windows\Temp\HP [MD5.8C6FEB6AC7CB8BC78F1146522DC05323] - |A| - [26/08/2019 11:24:20] - (.-.) - [9.68 Ko] - (0.0.0.0) - C:\Windows\Temp\MpCmdRun.log [MD5.EB71E15918EC932AD45F8A8A0BC55927] - |A| - [26/08/2019 09:54:54] - (.-.) - [14.19 Ko] - (0.0.0.0) - C:\Windows\Temp\MpSigStub.log [MD5.59F0170A9FA6BD1F5C9155C13400C949] - |A| - [26/08/2019 10:10:06] - (.-.) - [0.1 Ko] - (0.0.0.0) - C:\Windows\Temp\PowerPlan.log [MD5.3CFE3986CCA11E222802965720384772] - |A| - [26/08/2019 10:09:38] - (.-.) - [13.43 Ko] - (0.0.0.0) - C:\Windows\Temp\UsoStoreFile.xml [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:34:25] - [0 Ko] - C:\Windows\System32\0409 [MD5.82C37C3E27020AF6C2E018E944284676] - |N| - [12/04/2018 01:34:20] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\Windows\System32\@AudioToastIcon.png [MD5.8E4B25CC8E98F63DBD54176DFAB539E0] - |N| - [12/04/2018 01:34:07] - (.-.) - [0.44 Ko] - (0.0.0.0) - C:\Windows\System32\@BackgroundAccessToastIcon.png [MD5.3937359E324E15F6A7A7092D4DAEBD64] - |N| - [12/04/2018 01:34:25] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\Windows\System32\@bitlockertoastimage.png [MD5.495C1F072039B434827A5FE0D9761E4D] - |N| - [12/04/2018 01:34:14] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\Windows\System32\@EnrollmentToastIcon.png [MD5.C2A332DE50FE519DA21AFB8BD6E134F4] - |N| - [12/04/2018 01:34:27] - (.-.) - [0.55 Ko] - (0.0.0.0) - C:\Windows\System32\@language_notification_icon.png [MD5.A119D69B4C29845D3F8CE2E5638C8E65] - |N| - [12/04/2018 01:34:32] - (.-.) - [0.47 Ko] - (0.0.0.0) - C:\Windows\System32\@optionalfeatures.png [MD5.1622DE67156496C78D6B7BE9B471645B] - |N| - [12/04/2018 01:34:33] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\Windows\System32\@VpnToastIcon.png [MD5.7AC3EA1A5175106ED6467FF0C5315541] - |N| - [12/04/2018 01:34:44] - (.-.) - [14.75 Ko] - (0.0.0.0) - C:\Windows\System32\@WiFiNotificationIcon.png [MD5.79166EAF65485F1432DD72B72870026B] - |N| - [12/04/2018 01:34:04] - (.-.) - [190.86 Ko] - (0.0.0.0) - C:\Windows\System32\@windows-hello-V4.1.gif [MD5.13EF2C8D799F7B6E9D8E3D6BACB9C779] - |N| - [12/04/2018 01:34:04] - (.-.) - [0.7 Ko] - (0.0.0.0) - C:\Windows\System32\@WindowsHelloFaceToastIcon.png [MD5.F553B252FEC3134D4F5303D9B25298B3] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\Windows\System32\@WindowsUpdateToastIcon.contrast-black.png [MD5.DAD405CBDE259DE527EBF71BCC28099C] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.79 Ko] - (0.0.0.0) - C:\Windows\System32\@WindowsUpdateToastIcon.contrast-white.png [MD5.F553B252FEC3134D4F5303D9B25298B3] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\Windows\System32\@WindowsUpdateToastIcon.png [MD5.DB71001FC261F6685BE410527DAE3942] - |N| - [12/04/2018 01:34:20] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\Windows\System32\@WirelessDisplayToast.png [MD5.D0FCF781D0801ABF5F74B54E98076A5B] - |N| - [12/04/2018 01:34:12] - (.-.) - [0.15 Ko] - (0.0.0.0) - C:\Windows\System32\@WwanNotificationIcon.png [MD5.85D91E478AF18125007C531227FF6E59] - |N| - [12/04/2018 01:34:12] - (.-.) - [0.34 Ko] - (0.0.0.0) - C:\Windows\System32\@WwanSimLockIcon.png [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [2891.9 Ko] - C:\Windows\System32\AdvancedInstallers [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:46] - [29.5 Ko] - C:\Windows\System32\af-ZA [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [27.97 Ko] - C:\Windows\System32\am-et [MD5.4B10D8998C824DD84AD597F9E058F6F0] - |A| - [30/10/2015 00:55:00] - (.-.) - [171.53 Ko] - (0.0.0.0) - C:\Windows\System32\amde31a.dat [MD5.C7628FE6341B7919D2F62DB9057DB4FC] - |A| - [30/10/2015 00:55:00] - (.-.) - [208.48 Ko] - (0.0.0.0) - C:\Windows\System32\amdgfxinfo64.dll [MD5.AF1928F5E15921A29877C2E18626F80E] - |A| - [30/10/2015 00:55:00] - (.-.) - [139.98 Ko] - (0.0.0.0) - C:\Windows\System32\amdhdl64.dll [MD5.DDEB20626133878B0CE79CCE29B031B9] - |A| - [30/10/2015 00:55:00] - (.-.) - [814.26 Ko] - (0.0.0.0) - C:\Windows\System32\amdicdxx.dat [MD5.82CAB4EAF1E1CBA85AE5DEBB4C068EE2] - |A| - [30/10/2015 00:55:00] - (.Advanced Micro Devices, Inc. Copyright (C) 2015 - LiquidVR SDK 1.0.) - [616.48 Ko] - (1.0.3.8) - C:\Windows\System32\amdlvr64.dll [MD5.C366C5A2EE8F1F586691E4511AB56040] - |A| - [30/10/2015 00:55:00] - (.Copyright (C) 2013 AMD Inc. - Mantle driver, support for SI family and above.) - [6529.48 Ko] - (9.1.10.83) - C:\Windows\System32\amdmantle64.dll [MD5.3960C946E67311C9831550AEDC649C3A] - |A| - [30/10/2015 00:55:01] - (.-.) - [460.27 Ko] - (0.0.0.0) - C:\Windows\System32\amdmiracast.dll [MD5.4CA9A0DF33972919623BBFF8FBD1A501] - |A| - [30/10/2015 00:55:01] - (.Copyright (c) 2013 Advanced Micro Devices, Inc. - Radeon MMOCL Universal Driver.) - [57.98 Ko] - (1.6.0.0) - C:\Windows\System32\amdmmcl6.dll [MD5.7BA9A6BBF176D945D7B201865897E158] - |A| - [30/10/2015 00:55:02] - (.Copyright (C) 2011 Advanced Micro Devices Inc. - AMD COMPILER OpenCL 1.1 Compiler.) - [26898.98 Ko] - (0.8.0.0) - C:\Windows\System32\amdocl12cl64.dll [MD5.AFF92249DA8E62FF8C6D2B89977D3245] - |A| - [30/10/2015 00:55:03] - (.Copyright (C) 2011 Advanced Micro Devices Inc. - AMD Accelerated Parallel Processing OpenCL 2.0 Runtime.) - [46673.98 Ko] - (10.0.1800.11) - C:\Windows\System32\amdocl64.dll [MD5.8305AA2FEBE5CAD45AB8D208C17DA930] - |A| - [30/10/2015 00:55:05] - (.-.) - [1168 Ko] - (0.0.0.0) - C:\Windows\System32\amdocl_as64.exe [MD5.187EB6A72565FAAF01AAE0CDD63DE56F] - |A| - [30/10/2015 00:55:06] - (.-.) - [1045.5 Ko] - (0.0.0.0) - C:\Windows\System32\amdocl_ld64.exe [MD5.2B79CD2445F85D54959702583ECBCC04] - |A| - [30/10/2015 00:55:07] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon PCOM Universal Driver.) - [85.94 Ko] - (8.14.10.23) - C:\Windows\System32\amdpcom64.dll [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [0 Ko] - C:\Windows\System32\AppLocker [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [2710.82 Ko] - C:\Windows\System32\appraiser [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [342.5 Ko] - C:\Windows\System32\ar-SA [MD5.B4F803BBEAFAD4DE89C6D3718E93F4F0] - |N| - [12/04/2018 01:34:15] - (.Copyright (c) libarchive authors - Windows-internal libarchive library.) - [602 Ko] - (3.3.2.0) - C:\Windows\System32\archiveint.dll [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:46] - [30.5 Ko] - C:\Windows\System32\as-IN [MD5.28DF09388444100467873AC906FD6CB2] - |A| - [30/10/2015 00:55:07] - (.Copyright (C) 2008-2014 Advanced Micro Devices, Inc. - ADL.) - [1226.98 Ko] - (7.15.20.1301) - C:\Windows\System32\atiadlxx.dll [MD5.53650482B8E621276DC55E50C9FB2FEE] - |A| - [30/10/2015 00:55:07] - (.-.) - [646.87 Ko] - (0.0.0.0) - C:\Windows\System32\atiapfxx.blb [MD5.CC2470CA903EA355A24F05520D79BDB8] - |A| - [30/10/2015 00:55:07] - (.Copyright (C) 2009 Advanced Micro Devices, Inc. - atiapfxx Application.) - [366.98 Ko] - (6.14.10.1001) - C:\Windows\System32\atiapfxx.exe [MD5.279066332FA267076E3BEE81C4297F87] - |A| - [30/10/2015 00:55:07] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL compiler runtime.) - [62.98 Ko] - (6.14.10.1848) - C:\Windows\System32\aticalcl64.dll [MD5.3A0F17C7C8E37DCEAE1DA76B7D761702] - |A| - [30/10/2015 00:55:07] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL DD.) - [15356.98 Ko] - (6.14.10.1848) - C:\Windows\System32\aticaldd64.dll [MD5.D22A08EE217DE15B6A41AE518B4F4FBE] - |A| - [30/10/2015 00:55:08] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL runtime.) - [69.48 Ko] - (6.14.10.1848) - C:\Windows\System32\aticalrt64.dll [MD5.BE92AD0155D4A23D0073AF51BE808B29] - |A| - [30/10/2015 00:55:08] - (.Copyright (C) 1998-2012 AMD Inc. - aticfx64.dll.) - [1445.13 Ko] - (8.17.10.1404) - C:\Windows\System32\aticfx64.dll [MD5.B565601728AF96EEFCF7E9CDE3CDD2BE] - |A| - [30/10/2015 00:55:08] - (.2002-2012 - Graphics DEM.) - [440.48 Ko] - (4.5.5711.37472) - C:\Windows\System32\atidemgy.dll [MD5.8700278344BED8D4A3A5AC2875359584] - |A| - [30/10/2015 00:55:08] - (.Copyright (C) 1998-2011 AMD Inc. - atidxx64.dll.) - [11804.69 Ko] - (8.17.10.625) - C:\Windows\System32\atidxx64.dll [MD5.69F82C40A189962A65F6D5A02DF8599F] - |A| - [30/10/2015 00:55:08] - (.-.) - [164.98 Ko] - (0.0.0.0) - C:\Windows\System32\atieah64.exe [MD5.B96BD9F5B2B0CD6549EE59FD242A6D56] - |A| - [30/10/2015 00:55:08] - (.Copyright © 2008-2009 AMD - AMD External Events Client Module.) - [667.48 Ko] - (6.14.11.1199) - C:\Windows\System32\atieclxx.exe [MD5.521248FA26458669BAAE6AB7DB21F3AC] - |A| - [30/10/2015 00:55:08] - (.Copyright © 2008-2009 AMD - AMD External Events Service Module.) - [249.48 Ko] - (6.14.11.1199) - C:\Windows\System32\atiesrxx.exe [MD5.E4F96DFF0501430BF7C6E90841A7282D] - |A| - [30/10/2015 00:55:08] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiglpxx.dll.) - [81.98 Ko] - (8.14.1.6463) - C:\Windows\System32\atig6pxx.dll [MD5.86F2AE002AF9222F34937823B98753C2] - |A| - [30/10/2015 00:55:08] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atigktxx.dll.) - [161.48 Ko] - (8.14.1.6463) - C:\Windows\System32\atig6txx.dll [MD5.0C3156664885AF41100B63853EBCE037] - |A| - [30/10/2015 00:55:08] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiglpxx.dll.) - [76.48 Ko] - (8.14.1.6463) - C:\Windows\System32\atiglpxx.dll [MD5.079EFFD5BECB418FE6596229B28D7324] - |A| - [30/10/2015 00:55:08] - (.-.) - [720.13 Ko] - (0.0.0.0) - C:\Windows\System32\atiicdxx.dat [MD5.FE4E7138E51DA7EF01E51F28128A7F53] - |A| - [30/10/2015 00:55:09] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon PCOM Universal Driver.) - [85.94 Ko] - (8.14.10.23) - C:\Windows\System32\atimpc64.dll [MD5.C84C24F13663EF5A59C1E598A350C8C3] - |A| - [30/10/2015 00:55:09] - (.Copyright ? 2009 AMD - Multi-language DPPE DLL.) - [37.48 Ko] - (6.14.10.1002) - C:\Windows\System32\atimuixx.dll [MD5.7D9CCB5DD8837D6AC954956A5812112C] - |A| - [30/10/2015 00:55:09] - (.Copyright (C) 1998-2011 Advanced Micro Devices, Inc. - AMD OpenGL driver.) - [30054.98 Ko] - (6.14.10.13399) - C:\Windows\System32\atio6axx.dll [MD5.0E89795F721B2BC02D0A12C470750DF6] - |A| - [30/10/2015 00:55:09] - (.Copyright (C) 2008 - ATIODCLI Application.) - [58.48 Ko] - (1.0.0.1) - C:\Windows\System32\ATIODCLI.exe [MD5.C7A506822BE45CD42415710979CDAE7F] - |A| - [30/10/2015 00:55:09] - (.Copyright (C) 2008 - ATIODE Application.) - [333.48 Ko] - (1.0.0.1) - C:\Windows\System32\ATIODE.exe [MD5.3FE40633FC3BC5AE41EACDA0E1BA72FE] - |A| - [30/10/2015 00:55:10] - (.Copy Right © 2012 Advanced Micro Devices, Inc - TMM Clone Control Module.) - [194.98 Ko] - (6.14.11.25) - C:\Windows\System32\atitmm64.dll [MD5.067CED045532C58B46E6527BCE3CB47F] - |A| - [30/10/2015 00:55:10] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiu9pag.dll.) - [127.02 Ko] - (8.14.1.6463) - C:\Windows\System32\atiu9p64.dll [MD5.AC6970C74B7457B291BB2C0035AA7DAE] - |A| - [30/10/2015 00:55:10] - (.Copyright (C) 1998-2011 AMD Inc. - atiumd64.dll.) - [8657.15 Ko] - (9.14.10.1128) - C:\Windows\System32\atiumd64.dll [MD5.486D6985E7B7826DBBEAE12755851027] - |A| - [30/10/2015 00:55:10] - (.-.) - [3357.06 Ko] - (0.0.0.0) - C:\Windows\System32\atiumd6a.cap [MD5.0A9CA09952D768F768D2903F984102DC] - |A| - [30/10/2015 00:55:10] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon Video Acceleration Universal Driver.) - [8771.91 Ko] - (8.14.10.513) - C:\Windows\System32\atiumd6a.dll [MD5.AE81C76C930DD6875E5D9C6BEA2F0966] - |A| - [30/10/2015 00:55:11] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiuxpag.dll.) - [158.43 Ko] - (8.14.1.6463) - C:\Windows\System32\atiuxp64.dll [MD5.EFA5E3D55F1CC185BC690B7D79D015A9] - |A| - [30/10/2015 00:55:11] - (.-.) - [98.45 Ko] - (0.0.0.0) - C:\Windows\System32\ativce02.dat [MD5.B974290EEE645249EE212FF62DD0824A] - |A| - [30/10/2015 00:55:11] - (.-.) - [173.19 Ko] - (0.0.0.0) - C:\Windows\System32\ativce03.dat [MD5.5EBC73A78E5903E7CE6F6B25E4A6BE8F] - |A| - [30/10/2015 00:55:11] - (.-.) - [228.93 Ko] - (0.0.0.0) - C:\Windows\System32\ativvaxy_cik.dat [MD5.C55D2CBC17AAE1FBAC9135E7C31A4D31] - |A| - [30/10/2015 00:55:11] - (.-.) - [227.3 Ko] - (0.0.0.0) - C:\Windows\System32\ativvaxy_cik_nd.dat [MD5.0770A5AB5218E6D3134A7A7239B9A216] - |A| - [30/10/2015 00:55:11] - (.-.) - [249.81 Ko] - (0.0.0.0) - C:\Windows\System32\ativvaxy_cz_nd.dat [MD5.A81F68A0D3387A06182EFA3880D3F0BD] - |A| - [30/10/2015 00:55:11] - (.-.) - [245 Ko] - (0.0.0.0) - C:\Windows\System32\ativvaxy_FJ.dat [MD5.7EE8F6853798F7A900DB15F3054A0277] - |A| - [30/10/2015 00:55:11] - (.-.) - [243.25 Ko] - (0.0.0.0) - C:\Windows\System32\ativvaxy_FJ_nd.dat [MD5.11355CAC5334C8999211C09CAAE194EF] - |A| - [30/10/2015 00:55:11] - (.-.) - [315.3 Ko] - (0.0.0.0) - C:\Windows\System32\ativvaxy_vi.dat [MD5.3544D6AF6E0C9783C2CF6FA9CE42D520] - |A| - [30/10/2015 00:55:11] - (.-.) - [313.67 Ko] - (0.0.0.0) - C:\Windows\System32\ativvaxy_vi_nd.dat [MD5.7C163EDE63854539828F5B2C1BC529FD] - |A| - [30/10/2015 00:55:11] - (.-.) - [153.46 Ko] - (0.0.0.0) - C:\Windows\System32\ativvsva.dat [MD5.219D7091DD1D93728392337FE9C7ADD6] - |A| - [30/10/2015 00:55:11] - (.-.) - [200.15 Ko] - (0.0.0.0) - C:\Windows\System32\ativvsvl.dat [MD5.C03F0062C0749CDB59A4D60862C3E83E] - |N| - [12/04/2018 01:34:04] - (.-.) - [134.86 Ko] - (0.0.0.0) - C:\Windows\System32\AverageRoom.bin [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:46] - [30 Ko] - C:\Windows\System32\az-Latn-AZ [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:46] - [29.5 Ko] - C:\Windows\System32\be-BY [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [342 Ko] - C:\Windows\System32\bg-BG [MD5.705628497C0012302212A46ADD463E6E] - |N| - [12/04/2018 01:34:02] - (.-.) - [8.3 Ko] - (0.0.0.0) - C:\Windows\System32\BluetoothPairingSystemToastIcon.contrast-black.png [MD5.F63C615733A3337BF2BEA96C6EE9B568] - |N| - [12/04/2018 01:34:02] - (.-.) - [8.53 Ko] - (0.0.0.0) - C:\Windows\System32\BluetoothPairingSystemToastIcon.contrast-high.png [MD5.705628497C0012302212A46ADD463E6E] - |N| - [12/04/2018 01:34:02] - (.-.) - [8.3 Ko] - (0.0.0.0) - C:\Windows\System32\BluetoothPairingSystemToastIcon.contrast-white.png [MD5.DAF1DCB4AEE839A1965F4CC160C49A53] - |N| - [12/04/2018 01:34:02] - (.-.) - [8.34 Ko] - (0.0.0.0) - C:\Windows\System32\BluetoothPairingSystemToastIcon.png [MD5.28ECA83D7F9D10D69E969675D1FF6725] - |N| - [12/04/2018 01:34:02] - (.-.) - [1.29 Ko] - (0.0.0.0) - C:\Windows\System32\BluetoothSystemToastIcon.contrast-white.png [MD5.A620186FF1CDE4EE117FC4CAD648B9CC] - |N| - [12/04/2018 01:34:02] - (.-.) - [1.2 Ko] - (0.0.0.0) - C:\Windows\System32\BluetoothSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:46] - [28.5 Ko] - C:\Windows\System32\bn-BD [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:46] - [29.5 Ko] - C:\Windows\System32\bn-IN [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [4839.22 Ko] - C:\Windows\System32\Boot [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:46] - [28.5 Ko] - C:\Windows\System32\bs-Latn-BA [MD5.06DB0A736F8A78151518276F232669FC] - |N| - [12/04/2018 01:34:19] - (.Copyright (C) 2008 - Gestionnaire de contexte pour réseau personnel Bluetooth.) - [181 Ko] - (1.0.0.1) - C:\Windows\System32\BthpanContextHandler.dll [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [0.1 Ko] - C:\Windows\System32\Bthprops [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:46] - [30.5 Ko] - C:\Windows\System32\ca-ES [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:46] - [31 Ko] - C:\Windows\System32\ca-ES-valencia [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 14:44:26] - [68572.79 Ko] - C:\Windows\System32\CatRoot [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [40754.35 Ko] - C:\Windows\System32\catroot2 [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:46] - [23 Ko] - C:\Windows\System32\chr-CHER-US [MD5.F2D598B11C294EE360FDA0D3E81DA7EC] - |A| - [30/10/2015 00:55:18] - (.-.) - [237.98 Ko] - (0.0.0.0) - C:\Windows\System32\clinfo.exe [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [3174.46 Ko] - C:\Windows\System32\CodeIntegrity [MD5.A0E91D21C945781D03EA0BA1C95F821E] - |A| - [30/10/2015 00:55:18] - (.AMD. - CoInstaller DLL.) - [853.98 Ko] - (1.0.5.9) - C:\Windows\System32\coinst_15.20.dll [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [368 Ko] - C:\Windows\System32\com [MD5.535884123FABC2C15AA7DEC9834B55D4] - |N| - [12/04/2018 01:34:02] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\Windows\System32\ComputerToastIcon.contrast-white.png [MD5.89F92266DFC6F93961DFFBB2D6C61A15] - |N| - [12/04/2018 01:34:02] - (.-.) - [0.38 Ko] - (0.0.0.0) - C:\Windows\System32\ComputerToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 14:44:26] - [249304.59 Ko] - C:\Windows\System32\config [MD5.00000000000000000000000000000000] - |SD| - [01/08/2019 15:20:07] - [53.11 Ko] - C:\Windows\System32\Configuration [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [400 Ko] - C:\Windows\System32\cs-CZ [MD5.BDEBD2FC4927DA00EEA263AF9CF8F7ED] - |N| - [12/04/2018 01:34:15] - (.© 1996 - 2017 Daniel Stenberg, . - The curl executable.) - [414.5 Ko] - (7.55.1.0) - C:\Windows\System32\curl.exe [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:46] - [31.5 Ko] - C:\Windows\System32\cy-GB [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [396 Ko] - C:\Windows\System32\da-DK [MD5.53D8DB67883D6B780EDAB1CB9C7CF3E5] - |A| - [14/08/2019 12:20:01] - (.-.) - [138 Ko] - (0.0.0.0) - C:\Windows\System32\DataStoreCacheDumpTool.exe [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [217.6 Ko] - C:\Windows\System32\DDFs [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [449.5 Ko] - C:\Windows\System32\de-DE [MD5.C04ED7B2794D40E8E777FD44ED44FC50] - |N| - [12/04/2018 01:34:06] - (.-.) - [0.36 Ko] - (0.0.0.0) - C:\Windows\System32\DefaultAccountTile.png [MD5.618BA9E529EAB7E11DBA43469481835F] - |N| - [12/04/2018 01:34:04] - (.-.) - [4128.04 Ko] - (0.0.0.0) - C:\Windows\System32\DefaultHrtfs.bin [MD5.664AA698FC0106A2B075A641E8DC6302] - |A| - [01/08/2019 15:20:44] - (.-.) - [0.84 Ko] - (0.0.0.0) - C:\Windows\System32\DefaultQuestions.json [MD5.F56E7B036F1B4395EAB596F8EBCA8848] - |A| - [26/02/2016 22:17:14] - (.Advanced Micro Devices. - Delay Audio Processing Object.) - [101 Ko] - (1.0.0.1) - C:\Windows\System32\DelayAPO.dll [MD5.851A9305E14B348CA0D9C7FB75391FDB] - |A| - [14/11/2018 16:17:22] - (.-.) - [272.34 Ko] - (0.0.0.0) - C:\Windows\System32\DesktopKeepOnToastImg.gif [MD5.4A6FA3C0EFD237F104E09A22883D9388] - |N| - [12/04/2018 01:34:17] - (.-.) - [3.85 Ko] - (0.0.0.0) - C:\Windows\System32\DetailedReading-Default.xml [MD5.00000000000000000000000000000000] - |SD| - [01/08/2019 15:20:07] - [946 Ko] - C:\Windows\System32\DiagSvcs [MD5.12ACC91FA93C8BF82D4EF3FB779ECEF8] - |N| - [12/04/2018 01:34:24] - (.-.) - [80.27 Ko] - (0.0.0.0) - C:\Windows\System32\DiskSnapshot.conf [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [9781.07 Ko] - C:\Windows\System32\Dism [MD5.6AB2B935BF38EB13CFCB9506223FD6E7] - |N| - [12/04/2018 01:34:02] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\Windows\System32\DisplaySystemToastIcon.contrast-white.png [MD5.FF004E0B30E5E4EC747B3D8EF6E3B89E] - |N| - [12/04/2018 01:34:02] - (.-.) - [0.34 Ko] - (0.0.0.0) - C:\Windows\System32\DisplaySystemToastIcon.png [MD5.DF84EB7B44D1414284BA384F0061D1DC] - |N| - [12/04/2018 01:34:04] - (.-.) - [728.08 Ko] - (0.0.0.0) - C:\Windows\System32\DynamicLong.bin [MD5.346870077DFD18867A9693C7A59AA3E6] - |N| - [12/04/2018 01:34:04] - (.-.) - [503.08 Ko] - (0.0.0.0) - C:\Windows\System32\DynamicMedium.bin [MD5.2BEC13D68312ADE8C0065D8BCC146D2F] - |N| - [12/04/2018 01:34:04] - (.-.) - [315.58 Ko] - (0.0.0.0) - C:\Windows\System32\DynamicShort.bin [MD5.10C38E1CA0D664F58E8B9F3645885E1D] - |N| - [13/02/2019 12:24:14] - (.-.) - [0.07 Ko] - (0.0.0.0) - C:\Windows\System32\edgehtmlpluginpolicy.bin [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [448 Ko] - C:\Windows\System32\el-GR [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:34:27] - [0 Ko] - C:\Windows\System32\en [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [321 Ko] - C:\Windows\System32\en-GB [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [2136.03 Ko] - C:\Windows\System32\en-US [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [430 Ko] - C:\Windows\System32\es-ES [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [355 Ko] - C:\Windows\System32\es-MX [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [315 Ko] - C:\Windows\System32\et-EE [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:46] - [29 Ko] - C:\Windows\System32\eu-ES [MD5.00000000000000000000000000000000] - |SD| - [01/08/2019 15:20:07] - [17125.14 Ko] - C:\Windows\System32\F12 [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:46] - [28.5 Ko] - C:\Windows\System32\fa-IR [MD5.4DBB768C8F7E49566670FF10A61726A3] - |A| - [11/07/2018 21:38:56] - (.-.) - [1278 Ko] - (0.0.0.0) - C:\Windows\System32\FaceProcessor.dll [MD5.F5A3997555DA1A4F7036D4E8B2FCB386] - |A| - [11/07/2018 21:32:54] - (.-.) - [530.16 Ko] - (0.0.0.0) - C:\Windows\System32\FaceProcessorCore.dll [MD5.BB0137476B1EC8B10CE944BF023C91F6] - |N| - [12/04/2018 01:34:04] - (.-.) - [1317.05 Ko] - (0.0.0.0) - C:\Windows\System32\FaceTrackerInternal.dll [MD5.4DED57BD7ACB9B0EBBE82034EC44645A] - |N| - [12/04/2018 01:34:41] - (.-.) - [43.22 Ko] - (0.0.0.0) - C:\Windows\System32\FeatureToastBulldogImg.png [MD5.E65D2A37B6D4445D0CD9234BA933475B] - |A| - [12/04/2018 01:33:53] - (.-.) - [72.96 Ko] - (0.0.0.0) - C:\Windows\System32\FeatureToastHeroImg.jpg [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [401 Ko] - C:\Windows\System32\fi-FI [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:46] - [32.5 Ko] - C:\Windows\System32\fil-PH [MD5.BC2C325AAFC89CB1A15755869B5D2A2D] - |A| - [02/08/2019 04:25:30] - (.-.) - [259.97 Ko] - (0.0.0.0) - C:\Windows\System32\FNTCACHE.DAT [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:34:27] - [3403 Ko] - C:\Windows\System32\fr [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [365.5 Ko] - C:\Windows\System32\fr-CA [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [45680 Ko] - C:\Windows\System32\fr-FR [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [0 Ko] - C:\Windows\System32\FxsTmp [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:46] - [32.5 Ko] - C:\Windows\System32\ga-IE [MD5.41FD64AE28A0C932CA7B2A250993D675] - |N| - [12/04/2018 01:34:02] - (.-.) - [1.45 Ko] - (0.0.0.0) - C:\Windows\System32\GameSystemToastIcon.contrast-white.png [MD5.6DC77FD8B062264AF1C6DA325ABB7010] - |N| - [12/04/2018 01:34:02] - (.-.) - [1.11 Ko] - (0.0.0.0) - C:\Windows\System32\GameSystemToastIcon.png [MD5.2E6AF4D5BF6E31E728F409984C3045D4] - |N| - [12/04/2018 01:34:39] - (.-.) - [86.7 Ko] - (0.0.0.0) - C:\Windows\System32\gatherNetworkInfo.vbs [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:46] - [34 Ko] - C:\Windows\System32\gd-GB [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:46] - [31 Ko] - C:\Windows\System32\gl-ES [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [0 Ko] - C:\Windows\System32\GroupPolicy [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [0 Ko] - C:\Windows\System32\GroupPolicyUsers [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:46] - [29 Ko] - C:\Windows\System32\gu-IN [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:46] - [29 Ko] - C:\Windows\System32\ha-Latn-NG [MD5.EA99A87E98D995DE6E280CF85CEAD413] - |N| - [12/04/2018 01:34:02] - (.-.) - [1.21 Ko] - (0.0.0.0) - C:\Windows\System32\HandwritingSystemToastIcon.contrast-white.png [MD5.B8E586ED92DB703FFA480E254996160E] - |N| - [12/04/2018 01:34:02] - (.-.) - [0.89 Ko] - (0.0.0.0) - C:\Windows\System32\HandwritingSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [324.5 Ko] - C:\Windows\System32\he-IL [MD5.6E9E9D56B192B2995493E529CFF2BBFE] - |N| - [12/04/2018 01:34:02] - (.-.) - [1.43 Ko] - (0.0.0.0) - C:\Windows\System32\HeadphoneSystemToastIcon.contrast-white.png [MD5.7F1E9502267F778F3A8139C35A352190] - |N| - [12/04/2018 01:34:02] - (.-.) - [1.09 Ko] - (0.0.0.0) - C:\Windows\System32\HeadphoneSystemToastIcon.png [MD5.202A07E4526B050E22624328E64E0470] - |N| - [12/04/2018 01:34:02] - (.-.) - [1.52 Ko] - (0.0.0.0) - C:\Windows\System32\HeadsetSystemToastIcon.contrast-white.png [MD5.1892ACC10CAC009BCAC146AD650ABA58] - |N| - [12/04/2018 01:34:02] - (.-.) - [1.17 Ko] - (0.0.0.0) - C:\Windows\System32\HeadsetSystemToastIcon.png [MD5.031713BFD5F30E63336D3CA5D2767BE9] - |N| - [12/04/2018 01:34:02] - (.-.) - [1.79 Ko] - (0.0.0.0) - C:\Windows\System32\HealthSystemToastIcon.contrast-white.png [MD5.C1BD7976C99830E33A713D02374054EC] - |N| - [12/04/2018 01:34:02] - (.-.) - [1.62 Ko] - (0.0.0.0) - C:\Windows\System32\HealthSystemToastIcon.png [MD5.D6906D226393F94E7D8B3B2AC1E41D94] - |N| - [12/04/2018 01:34:10] - (.-.) - [247.5 Ko] - (0.0.0.0) - C:\Windows\System32\HeatCore.dll [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:46] - [29 Ko] - C:\Windows\System32\hi-IN [MD5.77071BF934BEF16D5F02E31624258A91] - |A| - [30/10/2015 00:55:18] - (.-.) - [108.98 Ko] - (0.0.0.0) - C:\Windows\System32\hsa-thunk64.dll [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [407.5 Ko] - C:\Windows\System32\hu-HU [MD5.E1712E7E7F912EC72EEDA318C3B25E25] - |N| - [12/04/2018 01:33:54] - (.-.) - [31 Ko] - (0.0.0.0) - C:\Windows\System32\HvSocket.dll [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:46] - [27.5 Ko] - C:\Windows\System32\hy-AM [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [160.64 Ko] - C:\Windows\System32\hydrogen [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [5.36 Ko] - C:\Windows\System32\ias [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [36.27 Ko] - C:\Windows\System32\icsxml [MD5.CD591279F103D5E02F84ABD7ED450E57] - |N| - [12/04/2018 01:34:12] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU I18N DLL.) - [1848 Ko] - (59.1.0.0) - C:\Windows\System32\icuin.dll [MD5.4185EE055F39FD2D726A91E6A8A1A093] - |N| - [12/04/2018 01:34:12] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Common DLL.) - [1311.5 Ko] - (59.1.0.0) - C:\Windows\System32\icuuc.dll [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:46] - [28.5 Ko] - C:\Windows\System32\id-ID [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:46] - [27 Ko] - C:\Windows\System32\ig-NG [MD5.67B646C256190F118619C9D10AAE4B5C] - |N| - [12/04/2018 01:34:04] - (.-.) - [168 Ko] - (0.0.0.0) - C:\Windows\System32\IHDS.dll [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [25221.12 Ko] - C:\Windows\System32\IME [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [0 Ko] - C:\Windows\System32\inetsrv [MD5.BB1480586B5C174900A1051CEB2B462F] - |N| - [12/04/2018 01:34:12] - (.-.) - [480.22 Ko] - (0.0.0.0) - C:\Windows\System32\InputHost.dll [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [6671.5 Ko] - C:\Windows\System32\InputMethod [MD5.8DE9AE82152650C178BF1E24014E8503] - |N| - [12/04/2018 01:34:02] - (.-.) - [1.25 Ko] - (0.0.0.0) - C:\Windows\System32\InputSystemToastIcon.contrast-white.png [MD5.0B9FBD6F3ED617CD36D042D3422F1C2B] - |N| - [12/04/2018 01:34:02] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\Windows\System32\InputSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [0 Ko] - C:\Windows\System32\Ipmi [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:46] - [29 Ko] - C:\Windows\System32\is-IS [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [429 Ko] - C:\Windows\System32\it-IT [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [316.56 Ko] - C:\Windows\System32\ja-jp [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:46] - [28.5 Ko] - C:\Windows\System32\ka-GE [MD5.23AC7515B6D8A794BCC01B582F044078] - |N| - [12/04/2018 01:34:02] - (.-.) - [0.82 Ko] - (0.0.0.0) - C:\Windows\System32\KeyboardSystemToastIcon.contrast-white.png [MD5.3DF873E16CCEA9B42857FB5FA085CB00] - |N| - [12/04/2018 01:34:02] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\Windows\System32\KeyboardSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:46] - [28.5 Ko] - C:\Windows\System32\kk-KZ [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:46] - [28 Ko] - C:\Windows\System32\km-KH [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:46] - [31.5 Ko] - C:\Windows\System32\kn-IN [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [294 Ko] - C:\Windows\System32\ko-KR [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:46] - [29 Ko] - C:\Windows\System32\kok-IN [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:46] - [29.5 Ko] - C:\Windows\System32\ku-Arab-IQ [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:46] - [30 Ko] - C:\Windows\System32\ky-KG [MD5.9451D4436E2EA67EB33FCC764E4AABED] - |A| - [14/11/2018 16:19:46] - (.-.) - [186.29 Ko] - (0.0.0.0) - C:\Windows\System32\LaptopPlugInToastImg.gif [MD5.F0CC83E1BA7E24F9B3292160C28AECD7] - |N| - [12/04/2018 01:34:04] - (.-.) - [145.56 Ko] - (0.0.0.0) - C:\Windows\System32\LargeRoom.bin [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:46] - [33 Ko] - C:\Windows\System32\lb-LU [MD5.FDB03E10C048F68C50D2949A4907FF18] - |A| - [20/09/2012 16:02:06] - (.(C) 1991-2012 Logitech. - LDA Component Extensions (UNICODE).) - [2401.3 Ko] - (1.10.77.0) - C:\Windows\System32\LdaCx2.dll [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [559.86 Ko] - C:\Windows\System32\Licenses [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:46] - [27 Ko] - C:\Windows\System32\lo-LA [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [3157 Ko] - C:\Windows\System32\LogFiles [MD5.1C1C3C5D7DF9D6B19410168E7724F48E] - |A| - [20/09/2012 16:02:06] - (.Copyright © 2010-2012 Logitech. All Rights Reserved - Logitech Download Assistant.) - [3841.3 Ko] - (1.10.77.0) - C:\Windows\System32\LogiLDA.DLL [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [330 Ko] - C:\Windows\System32\lt-LT [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [328 Ko] - C:\Windows\System32\lv-LV [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [30096.04 Ko] - C:\Windows\System32\Macromed [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:46] - [32.68 Ko] - C:\Windows\System32\MailContactsCalendarSync [MD5.D3F4E00C322EDA78873848BE75ACC8A4] - |A| - [30/10/2015 00:55:18] - (.Copyright (C) 2013 AMD Inc. - Mantle loader.) - [132.98 Ko] - (9.1.10.83) - C:\Windows\System32\mantle64.dll [MD5.EA33454E28EE1F3CA432DA87203DA24F] - |A| - [30/10/2015 00:55:18] - (.Copyright (C) 2013 AMD Inc. - Mantle extension library.) - [100.98 Ko] - (9.1.10.83) - C:\Windows\System32\mantleaxl64.dll [MD5.3DCF07F29FFC6A20F14E05C20D3621F7] - |A| - [14/03/2019 14:02:28] - (.-.) - [791.5 Ko] - (0.0.0.0) - C:\Windows\System32\MBR2GPT.EXE [MD5.F23EB28468FC8B62AF941308EC30387F] - |N| - [12/04/2018 01:34:02] - (.-.) - [1.25 Ko] - (0.0.0.0) - C:\Windows\System32\MediaSystemToastIcon.contrast-white.png [MD5.6E27512E38D598E0A60F8E5ADCF032CD] - |N| - [12/04/2018 01:34:02] - (.-.) - [0.83 Ko] - (0.0.0.0) - C:\Windows\System32\MediaSystemToastIcon.png [MD5.69D04DE701CF1E8CE69C65D1671D2B3F] - |N| - [12/04/2018 01:34:04] - (.-.) - [107.46 Ko] - (0.0.0.0) - C:\Windows\System32\MediumRoom.bin [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:46] - [29 Ko] - C:\Windows\System32\mi-NZ [MD5.00000000000000000000000000000000] - |SD| - [02/08/2019 04:25:35] - [1.88 Ko] - C:\Windows\System32\Microsoft [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [5674.27 Ko] - C:\Windows\System32\migration [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [47466.78 Ko] - C:\Windows\System32\migwiz [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:46] - [30 Ko] - C:\Windows\System32\mk-MK [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:46] - [32.5 Ko] - C:\Windows\System32\ml-IN [MD5.D225B2044789A6059344503C1AE33347] - |N| - [12/04/2018 01:34:29] - (.-.) - [3.11 Ko] - (0.0.0.0) - C:\Windows\System32\mmc.exe.config [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:46] - [30.5 Ko] - C:\Windows\System32\mn-MN [MD5.B43E43FFFDD0F06A6925C7C89594042B] - |N| - [12/04/2018 01:34:02] - (.-.) - [1.35 Ko] - (0.0.0.0) - C:\Windows\System32\MouseSystemToastIcon.contrast-white.png [MD5.5D2F0D3E50BF1129D260AC1405FF2A18] - |N| - [12/04/2018 01:34:02] - (.-.) - [1.06 Ko] - (0.0.0.0) - C:\Windows\System32\MouseSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:46] - [29.5 Ko] - C:\Windows\System32\mr-IN [MD5.00000000000000000000000000000000] - |D| - [02/08/2019 13:33:45] - [0 Ko] - C:\Windows\System32\MRT [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:46] - [30 Ko] - C:\Windows\System32\ms-MY [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [45.5 Ko] - C:\Windows\System32\MSDRM [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [4148.28 Ko] - C:\Windows\System32\MsDtc [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:46] - [31 Ko] - C:\Windows\System32\mt-MT [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [19.15 Ko] - C:\Windows\System32\MUI [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [34.35 Ko] - C:\Windows\System32\my-mm [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [390.5 Ko] - C:\Windows\System32\nb-NO [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [384 Ko] - C:\Windows\System32\NDF [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:46] - [31.5 Ko] - C:\Windows\System32\ne-NP [MD5.C146E873B22C3B300B21A859FE66C27A] - |N| - [12/04/2018 01:34:39] - (.-.) - [21.15 Ko] - (0.0.0.0) - C:\Windows\System32\NetTrace.PLA.Diagnostics.xml [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [51 Ko] - C:\Windows\System32\networklist [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [419 Ko] - C:\Windows\System32\nl-NL [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:46] - [28.5 Ko] - C:\Windows\System32\nn-NO [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:46] - [30.5 Ko] - C:\Windows\System32\nso-ZA [MD5.00000000000000000000000000000000] - |SD| - [01/08/2019 15:20:07] - [3781.5 Ko] - C:\Windows\System32\Nui [MD5.1F8E72D18D9DF680D0E0E5AA10ECA760] - |A| - [01/08/2019 15:20:52] - (.-.) - [16.94 Ko] - (0.0.0.0) - C:\Windows\System32\OEMDefaultAssociations.xml [MD5.F3DC097E834C1A11F2BEDFD429C644A9] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.41 Ko] - (0.0.0.0) - C:\Windows\System32\OkDone_80.contrast-black.png [MD5.BFE1CCA08FEFC8A3422F7DA615567D75] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.43 Ko] - (0.0.0.0) - C:\Windows\System32\OkDone_80.contrast-white.png [MD5.F3DC097E834C1A11F2BEDFD429C644A9] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.41 Ko] - (0.0.0.0) - C:\Windows\System32\OkDone_80.png [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [14250.28 Ko] - C:\Windows\System32\oobe [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:46] - [32.5 Ko] - C:\Windows\System32\or-IN [MD5.459FB33AA2114A28C5932FEAA115B072] - |N| - [12/04/2018 01:34:04] - (.-.) - [45.82 Ko] - (0.0.0.0) - C:\Windows\System32\OutdoorAudioEnvironment.bin [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:46] - [28.5 Ko] - C:\Windows\System32\pa-Arab-PK [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:46] - [30 Ko] - C:\Windows\System32\pa-IN [MD5.874B0871DA3EC061D1BF30423C1E165B] - |N| - [12/04/2018 01:34:43] - (.-.) - [48.5 Ko] - (0.0.0.0) - C:\Windows\System32\PerceptionSimulationInput.exe [MD5.F1DE7640D7444963D0710EA15E928544] - |A| - [01/08/2019 15:25:41] - (.-.) - [129.59 Ko] - (0.0.0.0) - C:\Windows\System32\perfc009.dat [MD5.04B74551F6FA9889CC02883D710E01B3] - |A| - [01/08/2019 15:34:58] - (.-.) - [145.82 Ko] - (0.0.0.0) - C:\Windows\System32\perfc00C.dat [MD5.1E60BC5E525063B96078DF17FBD3C4E1] - |A| - [01/08/2019 15:25:41] - (.-.) - [32.64 Ko] - (0.0.0.0) - C:\Windows\System32\perfd009.dat [MD5.9F9AF8517189B0D61B2615007E071084] - |A| - [01/08/2019 15:34:58] - (.-.) - [39.74 Ko] - (0.0.0.0) - C:\Windows\System32\perfd00C.dat [MD5.AE2AE240A2AC8651977842E11CA29513] - |A| - [01/08/2019 15:25:41] - (.-.) - [683.36 Ko] - (0.0.0.0) - C:\Windows\System32\perfh009.dat [MD5.1DA7D21572061161341D525B111721FF] - |A| - [01/08/2019 15:34:58] - (.-.) - [771.28 Ko] - (0.0.0.0) - C:\Windows\System32\perfh00C.dat [MD5.D2A24AF0F23E8C4A7FFF286715045C06] - |A| - [02/08/2019 04:46:53] - (.-.) - [1725.19 Ko] - (0.0.0.0) - C:\Windows\System32\PerfStringBackup.INI [MD5.79D34E3B62076D4C875C748F5BE71ECA] - |N| - [12/04/2018 01:34:02] - (.-.) - [2.21 Ko] - (0.0.0.0) - C:\Windows\System32\PhoneSystemToastIcon.contrast-white.png [MD5.4D9495349D00D9AD907F227FF51F289F] - |N| - [12/04/2018 01:34:02] - (.-.) - [1.92 Ko] - (0.0.0.0) - C:\Windows\System32\PhoneSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [416.5 Ko] - C:\Windows\System32\pl-PL [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [682 Ko] - C:\Windows\System32\PointOfService [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:34:33] - [420.74 Ko] - C:\Windows\System32\Printing_Admin_Scripts [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [0 Ko] - C:\Windows\System32\ProximityToast [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:46] - [30.5 Ko] - C:\Windows\System32\prs-AF [MD5.007893E8374C766471239EB291BA8C17] - |N| - [12/04/2018 01:34:40] - (.-.) - [4.05 Ko] - (0.0.0.0) - C:\Windows\System32\psmodulediscoveryprovider.mof [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [418.5 Ko] - C:\Windows\System32\pt-BR [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [414 Ko] - C:\Windows\System32\pt-PT [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:46] - [32.5 Ko] - C:\Windows\System32\quc-Latn-GT [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:46] - [30.5 Ko] - C:\Windows\System32\quz-PE [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [23.75 Ko] - C:\Windows\System32\ras [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [0 Ko] - C:\Windows\System32\RasToast [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [1.05 Ko] - C:\Windows\System32\Recovery [MD5.826549DF7B1333179BA8CA939B12DAD3] - |N| - [12/04/2018 01:34:02] - (.-.) - [1.58 Ko] - (0.0.0.0) - C:\Windows\System32\RemoteSystemToastIcon.contrast-white.png [MD5.B4DEEC96F9DF6961D5DE054F11BF9C2B] - |N| - [12/04/2018 01:34:02] - (.-.) - [1.1 Ko] - (0.0.0.0) - C:\Windows\System32\RemoteSystemToastIcon.png [MD5.93915F385A4EED6C0FBEE364EA90CE56] - |N| - [12/04/2018 01:34:43] - (.-.) - [9.09 Ko] - (0.0.0.0) - C:\Windows\System32\ResPriHMImageList [MD5.39A2449AFF6ABAD80B97EA7C7CEB3F8E] - |N| - [12/04/2018 01:34:43] - (.-.) - [8.53 Ko] - (0.0.0.0) - C:\Windows\System32\ResPriImageList [MD5.831C579709F4761E4AB7053FCF4176EC] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\Windows\System32\RestartNowPower_80.contrast-black.png [MD5.DF286186041C6BF73C5DC21CEEEFFED5] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.77 Ko] - (0.0.0.0) - C:\Windows\System32\RestartNowPower_80.contrast-white.png [MD5.831C579709F4761E4AB7053FCF4176EC] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\Windows\System32\RestartNowPower_80.png [MD5.AE9FE55FED83149715734CB83339055A] - |A| - [14/08/2019 12:20:04] - (.-.) - [1.07 Ko] - (0.0.0.0) - C:\Windows\System32\RestartTonight_80.png [MD5.AE9FE55FED83149715734CB83339055A] - |A| - [14/08/2019 12:20:04] - (.-.) - [1.07 Ko] - (0.0.0.0) - C:\Windows\System32\RestartTonight_80_contrast-black.png [MD5.891AD355AB777A95695FC8A8A623A614] - |A| - [14/08/2019 12:20:04] - (.-.) - [0.98 Ko] - (0.0.0.0) - C:\Windows\System32\RestartTonight_80_contrast-white.png [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [0.07 Ko] - C:\Windows\System32\restore [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [338.5 Ko] - C:\Windows\System32\ro-RO [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [408.5 Ko] - C:\Windows\System32\ru-RU [MD5.BA34CA469FE48B13922CD7A07A4A904A] - |A| - [10/10/2018 11:01:53] - (.-.) - [51.5 Ko] - (0.0.0.0) - C:\Windows\System32\runexehelper.exe [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:46] - [29.5 Ko] - C:\Windows\System32\rw-RW [MD5.5C18CD22BE4628865FCB63337A6E5EF6] - |N| - [12/04/2018 01:35:22] - (.-.) - [10.18 Ko] - (0.0.0.0) - C:\Windows\System32\ScavengeSpace.xml [MD5.2F24BC74DCB28FE032C1596755385917] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.53 Ko] - (0.0.0.0) - C:\Windows\System32\ScheduleTime_80.contrast-black.png [MD5.E72B1B6800DE45AA9AE7E10F899E5999] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.54 Ko] - (0.0.0.0) - C:\Windows\System32\ScheduleTime_80.contrast-white.png [MD5.2F24BC74DCB28FE032C1596755385917] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.53 Ko] - (0.0.0.0) - C:\Windows\System32\ScheduleTime_80.png [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:46] - [30 Ko] - C:\Windows\System32\sd-Arab-PK [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [6.92 Ko] - C:\Windows\System32\SecureBootUpdates [MD5.A8308D2F3DDE0745E8B678BF69A2ECD0] - |A| - [12/04/2018 01:34:39] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\System32\settings.dat [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [2246 Ko] - C:\Windows\System32\ShellExperiences [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [53.2 Ko] - C:\Windows\System32\si-lk [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [335.5 Ko] - C:\Windows\System32\sk-SK [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [332 Ko] - C:\Windows\System32\sl-SI [MD5.00000000000000000000000000000000] - |D| - [02/08/2019 04:25:38] - [18950.82 Ko] - C:\Windows\System32\SleepStudy [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:34:33] - [52.14 Ko] - C:\Windows\System32\slmgr [MD5.DAC275ABAAD2B689D7BB3685E4032072] - |N| - [12/04/2018 01:34:04] - (.-.) - [68.15 Ko] - (0.0.0.0) - C:\Windows\System32\SmallRoom.bin [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 14:44:26] - [13377.02 Ko] - C:\Windows\System32\SMI [MD5.55121989BE7B289813D419BA0FDEE8B7] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\Windows\System32\Snooze_80.contrast-black.png [MD5.E30B7D226E7B5B0EC2B9FC2316694ECC] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.88 Ko] - (0.0.0.0) - C:\Windows\System32\Snooze_80.contrast-white.png [MD5.55121989BE7B289813D419BA0FDEE8B7] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\Windows\System32\Snooze_80.png [MD5.DE3EAAF17BC934C77C4FC0C626EEA03B] - |N| - [12/04/2018 01:34:02] - (.-.) - [1.48 Ko] - (0.0.0.0) - C:\Windows\System32\SpeakersSystemToastIcon.contrast-white.png [MD5.3308374DB8D20CFDA4D4204E2B5E559E] - |N| - [12/04/2018 01:34:02] - (.-.) - [0.88 Ko] - (0.0.0.0) - C:\Windows\System32\SpeakersSystemToastIcon.png [MD5.3C238A27DD48D63F21CBB8AE6E4210BD] - |N| - [12/04/2018 01:34:41] - (.-.) - [37 Ko] - (0.0.0.0) - C:\Windows\System32\SpectrumSyncClient.dll [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [7505.4 Ko] - C:\Windows\System32\Speech [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [12221.17 Ko] - C:\Windows\System32\Speech_OneCore [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [43712.21 Ko] - C:\Windows\System32\spool [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [5924.88 Ko] - C:\Windows\System32\spp [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [23.61 Ko] - C:\Windows\System32\sppui [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:46] - [30.5 Ko] - C:\Windows\System32\sq-AL [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:46] - [29.5 Ko] - C:\Windows\System32\sr-Cyrl-BA [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:46] - [29.5 Ko] - C:\Windows\System32\sr-Cyrl-RS [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [333.5 Ko] - C:\Windows\System32\sr-Latn-RS [MD5.2E00E08420875FAE0B173C6A34C2A575] - |N| - [13/06/2018 16:13:11] - (.-.) - [18.28 Ko] - (0.0.0.0) - C:\Windows\System32\srms-apr.dat [MD5.EA8B12C5A67ADC1FE689FF886BD4CB7E] - |A| - [14/08/2019 12:20:00] - (.-.) - [57.5 Ko] - (0.0.0.0) - C:\Windows\System32\srms.dat [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [7832 Ko] - C:\Windows\System32\sru [MD5.8A02EF186BDC952CA75EFA689EC4F275] - |N| - [12/04/2018 01:34:04] - (.-.) - [434 Ko] - (0.0.0.0) - C:\Windows\System32\ssdm.dll [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [398 Ko] - C:\Windows\System32\sv-SE [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:46] - [29 Ko] - C:\Windows\System32\sw-KE [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:05] - [1402.26 Ko] - C:\Windows\System32\Sysprep [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [923.28 Ko] - C:\Windows\System32\SystemResetPlatform [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [44.73 Ko] - C:\Windows\System32\ta-in [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [10.73 Ko] - C:\Windows\System32\ta-lk [MD5.9CD66B93520B6DD13C71EAEF487D7899] - |N| - [12/04/2018 01:34:16] - (.Copyright (c) libarchive authors - bsdtar archive tool.) - [49 Ko] - (3.3.2.0) - C:\Windows\System32\tar.exe [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [531.71 Ko] - C:\Windows\System32\Tasks [MD5.CD7C5FFE1013C548205BCD00E0A9A421] - |A| - [14/08/2019 12:20:01] - (.-.) - [1.28 Ko] - (0.0.0.0) - C:\Windows\System32\tcbres.wim [MD5.D602CA245CC6774A0981B607F0675609] - |N| - [12/04/2018 01:34:33] - (.-.) - [58.71 Ko] - (0.0.0.0) - C:\Windows\System32\tcpmon.ini [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:46] - [30 Ko] - C:\Windows\System32\te-IN [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:46] - [32 Ko] - C:\Windows\System32\tg-Cyrl-TJ [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [305.5 Ko] - C:\Windows\System32\th-TH [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:46] - [22.5 Ko] - C:\Windows\System32\ti-ET [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:46] - [27.5 Ko] - C:\Windows\System32\tk-TM [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:46] - [32.5 Ko] - C:\Windows\System32\tn-ZA [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [389 Ko] - C:\Windows\System32\tr-TR [MD5.B88B8D017386A00D7724519F475317A0] - |N| - [12/04/2018 01:34:44] - (.-.) - [10.33 Ko] - (0.0.0.0) - C:\Windows\System32\TransformPPSToWlan.xslt [MD5.2F05390B798363D51EBE65D6320CD45E] - |N| - [12/04/2018 01:34:44] - (.-.) - [1.65 Ko] - (0.0.0.0) - C:\Windows\System32\TransformPPSToWlanCredentials.xslt [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:46] - [28.5 Ko] - C:\Windows\System32\tt-RU [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:46] - [28 Ko] - C:\Windows\System32\ug-CN [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [331 Ko] - C:\Windows\System32\uk-UA [MD5.00000000000000000000000000000000] - |SD| - [01/08/2019 15:20:07] - [2925.58 Ko] - C:\Windows\System32\UNP [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:46] - [29.5 Ko] - C:\Windows\System32\ur-PK [MD5.5B0D59652F66ABB715DC53C312B26BD0] - |N| - [12/04/2018 01:34:14] - (.-.) - [37 Ko] - (0.0.0.0) - C:\Windows\System32\UsbPmApi.dll [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:46] - [32 Ko] - C:\Windows\System32\uz-Latn-UZ [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:46] - [31.5 Ko] - C:\Windows\System32\vi-VN [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:07] - [78670.93 Ko] - C:\Windows\System32\wbem [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:34:34] - [0 Ko] - C:\Windows\System32\WCN [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:08] - [70542.76 Ko] - C:\Windows\System32\WDI [MD5.6EDD021A8B6457DDE09DE7B7FA4E8C8B] - |N| - [12/04/2018 01:34:19] - (.-.) - [0.6 Ko] - (0.0.0.0) - C:\Windows\System32\WdsUnattendTemplate.xml [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:08] - [1.12 Ko] - C:\Windows\System32\WinBioDatabase [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:08] - [44134.66 Ko] - C:\Windows\System32\WinBioPlugIns [MD5.9FB33FC28587B322B6563F73A8F0CBBD] - |N| - [12/04/2018 01:34:10] - (.-.) - [123 Ko] - (0.0.0.0) - C:\Windows\System32\WindowsDefaultHeatProcessor.dll [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:08] - [9866.12 Ko] - C:\Windows\System32\WindowsPowerShell [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:08] - [98864 Ko] - C:\Windows\System32\winevt [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:08] - [5569.42 Ko] - C:\Windows\System32\WinMetadata [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:34:35] - [107.53 Ko] - C:\Windows\System32\winrm [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:46] - [27.5 Ko] - C:\Windows\System32\wo-SN [MD5.C30C621748C66CE751B19B2788559A3E] - |N| - [12/04/2018 01:34:42] - (.-.) - [4.58 Ko] - (0.0.0.0) - C:\Windows\System32\wpcmon.png [MD5.A853BF78DA5ED707FC4430FBEA74CC15] - |N| - [12/04/2018 01:34:02] - (.-.) - [0.71 Ko] - (0.0.0.0) - C:\Windows\System32\wpr.config.xml [MD5.DE198ABE13B6E663E60E006E17CF68B1] - |N| - [12/04/2018 01:34:06] - (.-.) - [79.5 Ko] - (0.0.0.0) - C:\Windows\System32\xboxgipsynthetic.dll [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:46] - [30 Ko] - C:\Windows\System32\xh-ZA [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:46] - [29.5 Ko] - C:\Windows\System32\yo-NG [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:08] - [283.99 Ko] - C:\Windows\System32\zh-CN [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:08] - [248.5 Ko] - C:\Windows\System32\zh-TW [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:46] - [30 Ko] - C:\Windows\System32\zu-ZA [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:34:35] - [0 Ko] - C:\Windows\SysWOW64\0409 [MD5.82C37C3E27020AF6C2E018E944284676] - |N| - [12/04/2018 01:34:49] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\@AudioToastIcon.png [MD5.495C1F072039B434827A5FE0D9761E4D] - |N| - [12/04/2018 01:34:48] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\@EnrollmentToastIcon.png [MD5.1622DE67156496C78D6B7BE9B471645B] - |N| - [12/04/2018 01:34:59] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\@VpnToastIcon.png [MD5.DB71001FC261F6685BE410527DAE3942] - |N| - [12/04/2018 01:34:49] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\@WirelessDisplayToast.png [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:20] - [1900.9 Ko] - C:\Windows\SysWOW64\AdvancedInstallers [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:47] - [29.5 Ko] - C:\Windows\SysWOW64\af-ZA [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:47] - [22 Ko] - C:\Windows\SysWOW64\am-ET [MD5.7D4761FD5A02353C9BD70C1F5B15AA4F] - |A| - [30/10/2015 00:55:00] - (.-.) - [193.98 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\amdgfxinfo32.dll [MD5.F12467373381C72FAE9CA7C08ED6C919] - |A| - [30/10/2015 00:55:00] - (.-.) - [128.98 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\amdhdl32.dll [MD5.87882BCCDF63B74B675ECCE6B6609DC2] - |A| - [30/10/2015 00:55:00] - (.Advanced Micro Devices, Inc. Copyright (C) 2015 - LiquidVR SDK 1.0.) - [511.98 Ko] - (1.0.3.8) - C:\Windows\SysWOW64\amdlvr32.dll [MD5.8F2144D05F41DD27308548B5D9D19101] - |A| - [30/10/2015 00:55:00] - (.Copyright (C) 2013 AMD Inc. - Mantle driver, support for SI family and above.) - [5093.98 Ko] - (9.1.10.83) - C:\Windows\SysWOW64\amdmantle32.dll [MD5.F9F99EA40AF48C716C2E823F2B6FD2D8] - |A| - [30/10/2015 00:55:01] - (.Copyright (c) 2013 Advanced Micro Devices, Inc. - Radeon MMOCL Universal Driver.) - [46.98 Ko] - (1.6.0.0) - C:\Windows\SysWOW64\amdmmcl.dll [MD5.E30B1D883DC886016C38FDEE6755CCC6] - |A| - [30/10/2015 00:55:01] - (.Copyright (C) 2011 Advanced Micro Devices Inc. - AMD Accelerated Parallel Processing OpenCL 2.0 Runtime.) - [38790.48 Ko] - (10.0.1800.11) - C:\Windows\SysWOW64\amdocl.dll [MD5.5F0F6073A243FC8C4C190E3F06D1247E] - |A| - [30/10/2015 00:55:02] - (.Copyright (C) 2011 Advanced Micro Devices Inc. - AMD COMPILER OpenCL 1.1 Compiler.) - [21803.98 Ko] - (0.8.0.0) - C:\Windows\SysWOW64\amdocl12cl.dll [MD5.40A2E4C2933EB5DE99C06F00A9E2C589] - |A| - [30/10/2015 00:55:05] - (.-.) - [980.49 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\amdocl_as32.exe [MD5.985589A3C4BB14ED23A15D9477475F7B] - |A| - [30/10/2015 00:55:06] - (.-.) - [788.5 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\amdocl_ld32.exe [MD5.170EA2F4A32130BBF7EABD2D94B235AE] - |A| - [30/10/2015 00:55:07] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon PCOM Universal Driver.) - [79.26 Ko] - (8.14.10.23) - C:\Windows\SysWOW64\amdpcom32.dll [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:21] - [0 Ko] - C:\Windows\SysWOW64\AppLocker [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:21] - [323.5 Ko] - C:\Windows\SysWOW64\ar-SA [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:47] - [30.5 Ko] - C:\Windows\SysWOW64\as-IN [MD5.546E937838E7D9FD945D6505529F2209] - |A| - [30/10/2015 00:55:07] - (.Copyright (C) 2008-2014 Advanced Micro Devices, Inc. - ADL.) - [913.48 Ko] - (7.15.20.1301) - C:\Windows\SysWOW64\atiadlxx.dll [MD5.546E937838E7D9FD945D6505529F2209] - |A| - [30/10/2015 00:55:07] - (.Copyright (C) 2008-2014 Advanced Micro Devices, Inc. - ADL.) - [913.48 Ko] - (7.15.20.1301) - C:\Windows\SysWOW64\atiadlxy.dll [MD5.53650482B8E621276DC55E50C9FB2FEE] - |A| - [30/10/2015 00:55:07] - (.-.) - [646.87 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\atiapfxx.blb [MD5.4A8BC73F07C13E602B573BE723BFB360] - |A| - [30/10/2015 00:55:07] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL compiler runtime.) - [56.48 Ko] - (6.14.10.1848) - C:\Windows\SysWOW64\aticalcl.dll [MD5.64E261847856C53DE5A3007682707290] - |A| - [30/10/2015 00:55:07] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL DD.) - [13975.48 Ko] - (6.14.10.1848) - C:\Windows\SysWOW64\aticaldd.dll [MD5.F1E925DE8ECC7BE99BCC380BBA3F477E] - |A| - [30/10/2015 00:55:08] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL runtime.) - [59.48 Ko] - (6.14.10.1848) - C:\Windows\SysWOW64\aticalrt.dll [MD5.DCE2F09D2DF45938DB476B287D6F560B] - |A| - [30/10/2015 00:55:08] - (.Copyright (C) 1998-2012 AMD Inc. - aticfx32.dll.) - [1194.88 Ko] - (8.17.10.1404) - C:\Windows\SysWOW64\aticfx32.dll [MD5.194B36603ED7BB93290F4A3C73B94764] - |A| - [30/10/2015 00:55:08] - (.Copyright (C) 1998-2011 AMD Inc. - atidxx32.dll.) - [9971.7 Ko] - (8.17.10.625) - C:\Windows\SysWOW64\atidxx32.dll [MD5.B84EF06D0D8192F33EE5BC12B2BA3702] - |A| - [30/10/2015 00:55:08] - (.-.) - [148.98 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\atieah32.exe [MD5.B728F7B42DA61395F43C86BDDE5196E5] - |A| - [30/10/2015 00:55:08] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atigktxx.dll.) - [146.98 Ko] - (8.14.1.6463) - C:\Windows\SysWOW64\atigktxx.dll [MD5.0C3156664885AF41100B63853EBCE037] - |A| - [30/10/2015 00:55:08] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiglpxx.dll.) - [76.48 Ko] - (8.14.1.6463) - C:\Windows\SysWOW64\atiglpxx.dll [MD5.B344A7D717211B7DF53E369FC58290DF] - |A| - [30/10/2015 00:55:09] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon PCOM Universal Driver.) - [79.26 Ko] - (8.14.10.23) - C:\Windows\SysWOW64\atimpc32.dll [MD5.6557A2BB671495C8F7E127FCD23FAF3E] - |A| - [30/10/2015 00:55:09] - (.Copyright (C) 1998-2011 Advanced Micro Devices, Inc. - AMD OpenGL driver.) - [24726.98 Ko] - (6.14.10.13399) - C:\Windows\SysWOW64\atioglxx.dll [MD5.E183E40B75E742A6E597A922168C2405] - |A| - [30/10/2015 00:55:10] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiu9pag.dll.) - [109.73 Ko] - (8.14.1.6463) - C:\Windows\SysWOW64\atiu9pag.dll [MD5.E638384DCD47CEA8F0DF2B6BAFB11F57] - |A| - [30/10/2015 00:55:10] - (.Copyright (C) 1998-2011 AMD Inc. - atiumdag.dll.) - [7307.19 Ko] - (9.14.10.1128) - C:\Windows\SysWOW64\atiumdag.dll [MD5.A98DA23A524803615B083CFCED1CE362] - |A| - [30/10/2015 00:55:10] - (.-.) - [3390.02 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\atiumdva.cap [MD5.34438A391DADBD03940AF0760E2932CB] - |A| - [30/10/2015 00:55:10] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon Video Acceleration Universal Driver.) - [7821.64 Ko] - (8.14.10.513) - C:\Windows\SysWOW64\atiumdva.dll [MD5.C62336798199A3705424A6708445DD11] - |A| - [30/10/2015 00:55:11] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiuxpag.dll.) - [139.7 Ko] - (8.14.1.6463) - C:\Windows\SysWOW64\atiuxpag.dll [MD5.7C163EDE63854539828F5B2C1BC529FD] - |A| - [30/10/2015 00:55:11] - (.-.) - [153.46 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\ativvsva.dat [MD5.219D7091DD1D93728392337FE9C7ADD6] - |A| - [30/10/2015 00:55:11] - (.-.) - [200.15 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\ativvsvl.dat [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:47] - [30 Ko] - C:\Windows\SysWOW64\az-Latn-AZ [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:47] - [29.5 Ko] - C:\Windows\SysWOW64\be-BY [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:21] - [320.5 Ko] - C:\Windows\SysWOW64\bg-BG [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:47] - [28.5 Ko] - C:\Windows\SysWOW64\bn-BD [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:47] - [29.5 Ko] - C:\Windows\SysWOW64\bn-IN [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:47] - [28.5 Ko] - C:\Windows\SysWOW64\bs-Latn-BA [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:21] - [0.1 Ko] - C:\Windows\SysWOW64\Bthprops [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:47] - [30.5 Ko] - C:\Windows\SysWOW64\ca-ES [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:47] - [31 Ko] - C:\Windows\SysWOW64\ca-ES-valencia [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:21] - [0 Ko] - C:\Windows\SysWOW64\catroot [MD5.627CC9FEF06BBFD6CB00624D8A368601] - |A| - [02/08/2019 04:34:06] - (.-.) - [60.47 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\CCCInstall_201908020434058230.log [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:47] - [23 Ko] - C:\Windows\SysWOW64\chr-CHER-US [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:21] - [320.5 Ko] - C:\Windows\SysWOW64\com [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:21] - [42393.77 Ko] - C:\Windows\SysWOW64\config [MD5.00000000000000000000000000000000] - |SD| - [01/08/2019 15:20:21] - [53.11 Ko] - C:\Windows\SysWOW64\Configuration [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:21] - [378.5 Ko] - C:\Windows\SysWOW64\cs-CZ [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:47] - [31.5 Ko] - C:\Windows\SysWOW64\cy-GB [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:21] - [376 Ko] - C:\Windows\SysWOW64\da-DK [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:21] - [427 Ko] - C:\Windows\SysWOW64\de-DE [MD5.C04ED7B2794D40E8E777FD44ED44FC50] - |N| - [12/04/2018 01:34:46] - (.-.) - [0.36 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\DefaultAccountTile.png [MD5.00000000000000000000000000000000] - |SD| - [01/08/2019 15:20:21] - [205 Ko] - C:\Windows\SysWOW64\DiagSvcs [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:21] - [7790.46 Ko] - C:\Windows\SysWOW64\Dism [MD5.1E91815C329345AD54FE08BF7A98F749] - |A| - [12/04/2018 18:19:16] - (.Copyright (C) 2017 - Gracenote SDK component.) - [4073.5 Ko] - (3.10.5.5585) - C:\Windows\SysWOW64\gnsdk_fp.dll [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:21] - [0 Ko] - C:\Windows\SysWOW64\GroupPolicy [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:21] - [0 Ko] - C:\Windows\SysWOW64\GroupPolicyUsers [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:48] - [29 Ko] - C:\Windows\SysWOW64\gu-IN [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:48] - [29 Ko] - C:\Windows\SysWOW64\ha-Latn-NG [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:21] - [306.5 Ko] - C:\Windows\SysWOW64\he-IL [MD5.B4242227EAA6B910E3D0B985816DB2E7] - |N| - [12/04/2018 01:34:45] - (.-.) - [218 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\HeatCore.dll [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:48] - [29 Ko] - C:\Windows\SysWOW64\hi-IN [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:21] - [311 Ko] - C:\Windows\SysWOW64\hr-HR [MD5.506C5BE8B184615F7F35A85C00A16E76] - |A| - [30/10/2015 00:55:18] - (.-.) - [108.48 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\hsa-thunk.dll [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:21] - [386 Ko] - C:\Windows\SysWOW64\hu-HU [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:48] - [27.5 Ko] - C:\Windows\SysWOW64\hy-AM [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:21] - [36.27 Ko] - C:\Windows\SysWOW64\icsxml [MD5.17F5D3282D520EB2EA7C488AA6C57438] - |N| - [12/04/2018 01:34:47] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU I18N DLL.) - [1594 Ko] - (59.1.0.0) - C:\Windows\SysWOW64\icuin.dll [MD5.A456E020684366A0DB0714ABFB1B5A2A] - |N| - [12/04/2018 01:34:47] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Common DLL.) - [1134 Ko] - (59.1.0.0) - C:\Windows\SysWOW64\icuuc.dll [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:48] - [28.5 Ko] - C:\Windows\SysWOW64\id-ID [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:48] - [27 Ko] - C:\Windows\SysWOW64\ig-NG [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:21] - [20759.46 Ko] - C:\Windows\SysWOW64\IME [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:21] - [0 Ko] - C:\Windows\SysWOW64\inetsrv [MD5.9DDE110E76DD3D7FAA7282361069528E] - |N| - [12/04/2018 01:34:47] - (.-.) - [355.66 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\InputHost.dll [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:21] - [215.5 Ko] - C:\Windows\SysWOW64\InputMethod [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:21] - [1160 Ko] - C:\Windows\SysWOW64\InstallShield [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:21] - [0 Ko] - C:\Windows\SysWOW64\Ipmi [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:48] - [29 Ko] - C:\Windows\SysWOW64\is-IS [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:21] - [407 Ko] - C:\Windows\SysWOW64\it-IT [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:21] - [285 Ko] - C:\Windows\SysWOW64\ja-JP [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:48] - [28.5 Ko] - C:\Windows\SysWOW64\ka-GE [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:48] - [28.5 Ko] - C:\Windows\SysWOW64\kk-KZ [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:48] - [28 Ko] - C:\Windows\SysWOW64\km-KH [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:48] - [31.5 Ko] - C:\Windows\SysWOW64\kn-IN [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:21] - [280.5 Ko] - C:\Windows\SysWOW64\ko-KR [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:48] - [29 Ko] - C:\Windows\SysWOW64\kok-IN [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:48] - [29.5 Ko] - C:\Windows\SysWOW64\ku-Arab-IQ [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:48] - [30 Ko] - C:\Windows\SysWOW64\ky-KG [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:48] - [33 Ko] - C:\Windows\SysWOW64\lb-LU [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:21] - [559.86 Ko] - C:\Windows\SysWOW64\Licenses [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:49] - [27 Ko] - C:\Windows\SysWOW64\lo-LA [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:21] - [0 Ko] - C:\Windows\SysWOW64\LogFiles [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:21] - [310 Ko] - C:\Windows\SysWOW64\lt-LT [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:21] - [308 Ko] - C:\Windows\SysWOW64\lv-LV [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:21] - [24626.88 Ko] - C:\Windows\SysWOW64\Macromed [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:49] - [32.68 Ko] - C:\Windows\SysWOW64\MailContactsCalendarSync [MD5.39CE334A6E1CBED62462A0CCCC080A5C] - |A| - [30/10/2015 00:55:18] - (.Copyright (C) 2013 AMD Inc. - Mantle loader.) - [119.48 Ko] - (9.1.10.83) - C:\Windows\SysWOW64\mantle32.dll [MD5.890CD0E80FA4CA7728FF49E372D789F2] - |A| - [30/10/2015 00:55:18] - (.Copyright (C) 2013 AMD Inc. - Mantle extension library.) - [94.48 Ko] - (9.1.10.83) - C:\Windows\SysWOW64\mantleaxl32.dll [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:49] - [29 Ko] - C:\Windows\SysWOW64\mi-NZ [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:21] - [2984.42 Ko] - C:\Windows\SysWOW64\migration [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:21] - [827.4 Ko] - C:\Windows\SysWOW64\migwiz [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:49] - [30 Ko] - C:\Windows\SysWOW64\mk-MK [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:49] - [32.5 Ko] - C:\Windows\SysWOW64\ml-IN [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:49] - [30.5 Ko] - C:\Windows\SysWOW64\mn-MN [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:49] - [29.5 Ko] - C:\Windows\SysWOW64\mr-IN [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:49] - [30 Ko] - C:\Windows\SysWOW64\ms-MY [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:21] - [45.5 Ko] - C:\Windows\SysWOW64\MSDRM [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:21] - [52.28 Ko] - C:\Windows\SysWOW64\Msdtc [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:49] - [31 Ko] - C:\Windows\SysWOW64\mt-MT [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:21] - [19.15 Ko] - C:\Windows\SysWOW64\MUI [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:21] - [371 Ko] - C:\Windows\SysWOW64\nb-NO [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:21] - [0 Ko] - C:\Windows\SysWOW64\NDF [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:49] - [31.5 Ko] - C:\Windows\SysWOW64\ne-NP [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:21] - [51 Ko] - C:\Windows\SysWOW64\networklist [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:21] - [397 Ko] - C:\Windows\SysWOW64\nl-NL [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:49] - [28.5 Ko] - C:\Windows\SysWOW64\nn-NO [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:49] - [30.5 Ko] - C:\Windows\SysWOW64\nso-ZA [MD5.00000000000000000000000000000000] - |SD| - [01/08/2019 15:20:21] - [3781.5 Ko] - C:\Windows\SysWOW64\Nui [MD5.B3B9C8925432FDA674ACCA908FE3CFDE] - |N| - [12/04/2018 01:34:02] - (.-.) - [36.79 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\OneDrive.ico [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:21] - [678.8 Ko] - C:\Windows\SysWOW64\oobe [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:49] - [32.5 Ko] - C:\Windows\SysWOW64\or-IN [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:49] - [28.5 Ko] - C:\Windows\SysWOW64\pa-Arab-PK [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:49] - [30 Ko] - C:\Windows\SysWOW64\pa-IN [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:21] - [394 Ko] - C:\Windows\SysWOW64\pl-PL [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:34:45] - [420.74 Ko] - C:\Windows\SysWOW64\Printing_Admin_Scripts [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:49] - [30.5 Ko] - C:\Windows\SysWOW64\prs-AF [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:21] - [397 Ko] - C:\Windows\SysWOW64\pt-BR [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:21] - [392 Ko] - C:\Windows\SysWOW64\pt-PT [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:49] - [32.5 Ko] - C:\Windows\SysWOW64\quc-Latn-GT [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:49] - [30.5 Ko] - C:\Windows\SysWOW64\quz-PE [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:21] - [23.75 Ko] - C:\Windows\SysWOW64\ras [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:21] - [0 Ko] - C:\Windows\SysWOW64\RasToast [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:21] - [0.82 Ko] - C:\Windows\SysWOW64\Recovery [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:21] - [0 Ko] - C:\Windows\SysWOW64\restore [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:21] - [317.5 Ko] - C:\Windows\SysWOW64\ro-RO [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:21] - [387.5 Ko] - C:\Windows\SysWOW64\ru-RU [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:49] - [29.5 Ko] - C:\Windows\SysWOW64\rw-RW [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:49] - [30 Ko] - C:\Windows\SysWOW64\sd-Arab-PK [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:49] - [29.5 Ko] - C:\Windows\SysWOW64\si-LK [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:21] - [313 Ko] - C:\Windows\SysWOW64\sk-SK [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:21] - [311 Ko] - C:\Windows\SysWOW64\sl-SI [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:34:45] - [52.14 Ko] - C:\Windows\SysWOW64\slmgr [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:21] - [0 Ko] - C:\Windows\SysWOW64\SMI [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:21] - [4133.4 Ko] - C:\Windows\SysWOW64\Speech [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:21] - [8940.62 Ko] - C:\Windows\SysWOW64\Speech_OneCore [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:21] - [1309.47 Ko] - C:\Windows\SysWOW64\spp [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:21] - [23.61 Ko] - C:\Windows\SysWOW64\sppui [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:49] - [30.5 Ko] - C:\Windows\SysWOW64\sq-AL [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:49] - [29.5 Ko] - C:\Windows\SysWOW64\sr-Cyrl-BA [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:49] - [29.5 Ko] - C:\Windows\SysWOW64\sr-Cyrl-RS [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:21] - [313 Ko] - C:\Windows\SysWOW64\sr-Latn-RS [MD5.2E00E08420875FAE0B173C6A34C2A575] - |N| - [13/06/2018 16:13:11] - (.-.) - [18.28 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\srms-apr.dat [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:21] - [0 Ko] - C:\Windows\SysWOW64\sru [MD5.DC2DB04CA829CAD7910CE71263F68C90] - |N| - [12/04/2018 01:34:45] - (.-.) - [321.5 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\ssdm.dll [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:21] - [378 Ko] - C:\Windows\SysWOW64\sv-SE [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:49] - [29 Ko] - C:\Windows\SysWOW64\sw-KE [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:34:45] - [0 Ko] - C:\Windows\SysWOW64\sysprep [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:49] - [34 Ko] - C:\Windows\SysWOW64\ta-IN [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:21] - [0 Ko] - C:\Windows\SysWOW64\Tasks [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:49] - [30 Ko] - C:\Windows\SysWOW64\te-IN [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:49] - [32 Ko] - C:\Windows\SysWOW64\tg-Cyrl-TJ [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:21] - [286.5 Ko] - C:\Windows\SysWOW64\th-TH [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:49] - [22.5 Ko] - C:\Windows\SysWOW64\ti-ET [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:49] - [27.5 Ko] - C:\Windows\SysWOW64\tk-TM [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:49] - [32.5 Ko] - C:\Windows\SysWOW64\tn-ZA [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:21] - [369 Ko] - C:\Windows\SysWOW64\tr-TR [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:49] - [28.5 Ko] - C:\Windows\SysWOW64\tt-RU [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:49] - [28 Ko] - C:\Windows\SysWOW64\ug-CN [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:21] - [310.5 Ko] - C:\Windows\SysWOW64\uk-UA [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:49] - [29.5 Ko] - C:\Windows\SysWOW64\ur-PK [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:49] - [32 Ko] - C:\Windows\SysWOW64\uz-Latn-UZ [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:49] - [31.5 Ko] - C:\Windows\SysWOW64\vi-VN [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:21] - [15735.62 Ko] - C:\Windows\SysWOW64\wbem [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:34:46] - [0 Ko] - C:\Windows\SysWOW64\WCN [MD5.F8A04B2ADF9693ADF0D70B966CA4498E] - |N| - [12/04/2018 01:34:45] - (.-.) - [109 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\WindowsDefaultHeatProcessor.dll [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:21] - [8910.7 Ko] - C:\Windows\SysWOW64\WindowsPowerShell [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:21] - [5569.41 Ko] - C:\Windows\SysWOW64\WinMetadata [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:34:46] - [107.53 Ko] - C:\Windows\SysWOW64\winrm [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:49] - [27.5 Ko] - C:\Windows\SysWOW64\wo-SN [MD5.62236256C14EBAB96F24E4F1D7049CA8] - |N| - [12/04/2018 01:34:45] - (.-.) - [54.5 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\xboxgipsynthetic.dll [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:49] - [30 Ko] - C:\Windows\SysWOW64\xh-ZA [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:50] - [10.16 Ko] - C:\Windows\SysWOW64\XPSViewer [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:50] - [29.5 Ko] - C:\Windows\SysWOW64\yo-NG [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:21] - [242.5 Ko] - C:\Windows\SysWOW64\zh-CN [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:20:21] - [237.5 Ko] - C:\Windows\SysWOW64\zh-TW [MD5.00000000000000000000000000000000] - |D| - [01/08/2019 15:36:50] - [30 Ko] - C:\Windows\SysWOW64\zu-ZA ---------- | [Francis] [02/08/2019 09:58:02] - |RD| - [298] - C:\Users\Francis\3D Objects [02/08/2019 09:56:36] - |HD| - [2299296235] - C:\Users\Francis\AppData [02/08/2019 09:56:36] - |SHD| - [0] - C:\Users\Francis\Application Data [02/08/2019 09:58:03] - |RD| - [412] - C:\Users\Francis\Contacts [02/08/2019 09:56:36] - |SHD| - [0] - C:\Users\Francis\Cookies [02/08/2019 09:56:36] - |RD| - [98139910886] - C:\Users\Francis\Desktop [02/08/2019 09:56:36] - |RD| - [402] - C:\Users\Francis\Documents [02/08/2019 09:56:36] - |RD| - [10592677] - C:\Users\Francis\Downloads [02/08/2019 09:56:36] - |RD| - [690] - C:\Users\Francis\Favorites [02/08/2019 09:56:36] - |RD| - [1993] - C:\Users\Francis\Links [02/08/2019 09:56:36] - |SHD| - [0] - C:\Users\Francis\Local Settings [02/08/2019 09:56:36] - |SHD| - [0] - C:\Users\Francis\Menu Démarrer [02/08/2019 09:56:36] - |SHD| - [0] - C:\Users\Francis\Mes documents [02/08/2019 09:59:02] - |HD| - [4216681] - C:\Users\Francis\MicrosoftEdgeBackups [02/08/2019 09:56:36] - |SHD| - [0] - C:\Users\Francis\Modèles [02/08/2019 09:56:36] - |RD| - [16901805] - C:\Users\Francis\Music [02/08/2019 09:56:36] - |AH| - [1835008] - C:\Users\Francis\NTUSER.DAT [02/08/2019 09:56:36] - |ASH| - [524288] - C:\Users\Francis\ntuser.dat.LOG1 [02/08/2019 09:56:36] - |ASH| - [476160] - C:\Users\Francis\ntuser.dat.LOG2 [27/08/2019 09:46:44] - |ASH| - [1048576] - C:\Users\Francis\NTUSER.DAT{045125d0-b4cf-11e9-8ed2-00e04c1b8f7b}.TxR.0.regtrans-ms [27/08/2019 09:46:44] - |ASH| - [1048576] - C:\Users\Francis\NTUSER.DAT{045125d0-b4cf-11e9-8ed2-00e04c1b8f7b}.TxR.1.regtrans-ms [27/08/2019 09:46:44] - |ASH| - [1048576] - C:\Users\Francis\NTUSER.DAT{045125d0-b4cf-11e9-8ed2-00e04c1b8f7b}.TxR.2.regtrans-ms [27/08/2019 09:46:44] - |ASH| - [65536] - C:\Users\Francis\NTUSER.DAT{045125d0-b4cf-11e9-8ed2-00e04c1b8f7b}.TxR.blf [02/08/2019 09:56:36] - |ASH| - [65536] - C:\Users\Francis\NTUSER.DAT{045125d1-b4cf-11e9-8ed2-00e04c1b8f7b}.TM.blf [02/08/2019 09:56:36] - |ASH| - [524288] - C:\Users\Francis\NTUSER.DAT{045125d1-b4cf-11e9-8ed2-00e04c1b8f7b}.TMContainer00000000000000000001.regtrans-ms [02/08/2019 09:56:36] - |ASH| - [524288] - C:\Users\Francis\NTUSER.DAT{045125d1-b4cf-11e9-8ed2-00e04c1b8f7b}.TMContainer00000000000000000002.regtrans-ms [02/08/2019 09:56:36] - |SH| - [20] - C:\Users\Francis\ntuser.ini [02/08/2019 10:12:50] - |RD| - [98] - C:\Users\Francis\OneDrive [02/08/2019 09:56:36] - |RD| - [884] - C:\Users\Francis\Pictures [02/08/2019 09:56:36] - |SHD| - [0] - C:\Users\Francis\Recent [02/08/2019 09:56:36] - |RD| - [282] - C:\Users\Francis\Saved Games [02/08/2019 09:58:03] - |RD| - [1879] - C:\Users\Francis\Searches [02/08/2019 09:56:36] - |SHD| - [0] - C:\Users\Francis\SendTo [02/08/2019 09:56:36] - |RD| - [504] - C:\Users\Francis\Videos [02/08/2019 09:56:36] - |SHD| - [0] - C:\Users\Francis\Voisinage d'impression [02/08/2019 09:56:36] - |SHD| - [0] - C:\Users\Francis\Voisinage réseau [02/08/2019 09:56:36] - |D| - [884238187] - C:\Users\Francis\AppData\Local [02/08/2019 09:56:36] - |D| - [2439834] - C:\Users\Francis\AppData\LocalLow [02/08/2019 09:56:36] - |D| - [1412618214] - C:\Users\Francis\AppData\Roaming [02/08/2019 10:01:07] - |D| - [8] - C:\Users\Francis\AppData\Local\AMD [02/08/2019 09:56:36] - |SHD| - [0] - C:\Users\Francis\AppData\Local\Application Data [02/08/2019 10:00:28] - |D| - [66104] - C:\Users\Francis\AppData\Local\ATI [07/08/2019 10:16:54] - |D| - [0] - C:\Users\Francis\AppData\Local\BraveSoftware [02/08/2019 10:29:47] - |D| - [0] - C:\Users\Francis\AppData\Local\CEF [02/08/2019 10:26:03] - |D| - [18898948] - C:\Users\Francis\AppData\Local\Comms [02/08/2019 09:57:54] - |D| - [5635915] - C:\Users\Francis\AppData\Local\ConnectedDevicesPlatform [09/08/2019 10:47:51] - |D| - [35012207] - C:\Users\Francis\AppData\Local\CrashDumps [14/08/2019 13:57:26] - |D| - [137032] - C:\Users\Francis\AppData\Local\D3DSCache [02/08/2019 11:44:54] - |D| - [0] - C:\Users\Francis\AppData\Local\DBG [02/08/2019 11:12:15] - |D| - [11486191] - C:\Users\Francis\AppData\Local\Diagnostics [14/08/2019 13:24:08] - |D| - [23270704] - C:\Users\Francis\AppData\Local\Google [02/08/2019 09:56:36] - |SHD| - [0] - C:\Users\Francis\AppData\Local\Historique [02/08/2019 11:06:48] - |AH| - [76509] - C:\Users\Francis\AppData\Local\IconCache.db [14/08/2019 11:29:26] - |D| - [776360] - C:\Users\Francis\AppData\Local\mbam [14/08/2019 11:29:22] - |D| - [235676] - C:\Users\Francis\AppData\Local\mbamtray [02/08/2019 09:56:36] - |D| - [128818377] - C:\Users\Francis\AppData\Local\Microsoft [02/08/2019 09:58:51] - |D| - [68704] - C:\Users\Francis\AppData\Local\MicrosoftEdge [02/08/2019 11:43:00] - |D| - [375690389] - C:\Users\Francis\AppData\Local\Mozilla [02/08/2019 09:58:00] - |D| - [70183600] - C:\Users\Francis\AppData\Local\Packages [02/08/2019 10:05:05] - |D| - [143305] - C:\Users\Francis\AppData\Local\PlaceholderTileLogoFolder [02/08/2019 13:11:21] - |D| - [0] - C:\Users\Francis\AppData\Local\Programs [02/08/2019 09:58:33] - |D| - [0] - C:\Users\Francis\AppData\Local\Publishers [02/08/2019 09:56:36] - |D| - [113821637] - C:\Users\Francis\AppData\Local\Temp [02/08/2019 09:56:36] - |SHD| - [0] - C:\Users\Francis\AppData\Local\Temporary Internet Files [02/08/2019 10:52:09] - |D| - [99926411] - C:\Users\Francis\AppData\Local\Thunderbird [02/08/2019 09:58:00] - |D| - [0] - C:\Users\Francis\AppData\Local\VirtualStore [02/08/2019 09:57:57] - |SD| - [2439834] - C:\Users\Francis\AppData\LocalLow\Microsoft [02/08/2019 11:43:04] - |D| - [0] - C:\Users\Francis\AppData\LocalLow\Mozilla [02/08/2019 09:58:00] - |D| - [0] - C:\Users\Francis\AppData\Roaming\Adobe [02/08/2019 10:00:28] - |D| - [0] - C:\Users\Francis\AppData\Roaming\ATI [27/08/2019 22:16:04] - |D| - [35348] - C:\Users\Francis\AppData\Roaming\HD Tune Pro [02/08/2019 09:56:36] - |SD| - [1221941] - C:\Users\Francis\AppData\Roaming\Microsoft [02/08/2019 10:52:10] - |D| - [38870985] - C:\Users\Francis\AppData\Roaming\Mozilla [07/08/2019 10:44:41] - |D| - [89] - C:\Users\Francis\AppData\Roaming\MPC-HC [23/08/2019 15:21:10] - |D| - [12408419] - C:\Users\Francis\AppData\Roaming\OpenOffice [02/08/2019 10:52:09] - |D| - [1360081420] - C:\Users\Francis\AppData\Roaming\Thunderbird [08/08/2019 00:40:40] - |D| - [12] - C:\Users\Francis\AppData\Roaming\WinRAR [02/08/2019 09:58:03] - |SH| - [174] - C:\Users\Francis\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini [02/08/2019 09:56:36] - |SHD| - [0] - C:\Users\Francis\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes [02/08/2019 09:56:36] - |RD| - [22653] - C:\Users\Francis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [02/08/2019 09:56:36] - |RD| - [3888] - C:\Users\Francis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility [02/08/2019 09:56:36] - |RD| - [2941] - C:\Users\Francis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [02/08/2019 09:58:03] - |RD| - [174] - C:\Users\Francis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [02/08/2019 09:56:36] - |SH| - [264] - C:\Users\Francis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini [07/08/2019 10:26:01] - |D| - [4197] - C:\Users\Francis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory [02/08/2019 09:56:36] - |D| - [170] - C:\Users\Francis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [02/08/2019 09:58:03] - |RD| - [174] - C:\Users\Francis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [02/08/2019 09:56:36] - |RD| - [3091] - C:\Users\Francis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools [02/08/2019 09:56:36] - |RD| - [7754] - C:\Users\Francis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell [02/08/2019 09:58:03] - |SH| - [174] - C:\Users\Francis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | [Public] [02/08/2019 09:58:03] - |RHD| - [196] - C:\Users\Public\AccountPictures [01/08/2019 15:20:06] - |RHD| - [174] - C:\Users\Public\Desktop [01/08/2019 15:20:30] - |ASH| - [174] - C:\Users\Public\desktop.ini [01/08/2019 15:20:06] - |RD| - [278] - C:\Users\Public\Documents [01/08/2019 15:20:06] - |RD| - [174] - C:\Users\Public\Downloads [01/08/2019 15:20:06] - |RHD| - [1174] - C:\Users\Public\Libraries [01/08/2019 15:20:06] - |RD| - [380] - C:\Users\Public\Music [01/08/2019 15:20:06] - |RD| - [380] - C:\Users\Public\Pictures [01/08/2019 15:20:06] - |RD| - [380] - C:\Users\Public\Videos ---------- | C:\ProgramData [02/08/2019 04:42:58] - |D| - [0] - C:\ProgramData\AMD [02/08/2019 04:42:39] - |SHD| - [0] - C:\ProgramData\Application Data [02/08/2019 10:00:28] - |D| - [186] - C:\ProgramData\ATI [02/08/2019 10:21:04] - |D| - [3021553] - C:\ProgramData\AVAST Software [05/08/2019 13:31:44] - |D| - [10478983] - C:\ProgramData\Avira [02/08/2019 04:42:39] - |SHD| - [0] - C:\ProgramData\Bureau [02/08/2019 04:42:39] - |SHD| - [0] - C:\ProgramData\Documents [14/08/2019 11:26:52] - |D| - [89639593] - C:\ProgramData\Malwarebytes [02/08/2019 04:42:39] - |SHD| - [0] - C:\ProgramData\Menu Démarrer [01/08/2019 15:20:06] - |SD| - [552639232] - C:\ProgramData\Microsoft [02/08/2019 10:00:20] - |D| - [25] - C:\ProgramData\Microsoft OneDrive [02/08/2019 04:42:39] - |SHD| - [0] - C:\ProgramData\Modèles [02/08/2019 11:40:59] - |D| - [0] - C:\ProgramData\Mozilla [02/08/2019 04:31:54] - |D| - [20713308] - C:\ProgramData\Package Cache [02/08/2019 10:15:46] - |D| - [0] - C:\ProgramData\Packages [01/08/2019 15:20:06] - |D| - [999] - C:\ProgramData\regid.1991-06.com.microsoft [01/08/2019 15:20:06] - |D| - [0] - C:\ProgramData\SoftwareDistribution [01/08/2019 15:20:06] - |D| - [16724] - C:\ProgramData\USOPrivate [02/08/2019 04:29:49] - |D| - [770048] - C:\ProgramData\USOShared [01/08/2019 15:20:06] - |D| - [0] - C:\ProgramData\WindowsHolographicDevices ---------- | C:\ProgramData\Microsoft\Windows\Start Menu [01/08/2019 15:20:30] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini [02/08/2019 04:42:39] - |SHD| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programmes [01/08/2019 15:20:06] - |RD| - [79784] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs [01/08/2019 15:20:06] - |RD| - [1614] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility [01/08/2019 15:20:06] - |RD| - [13011] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories [01/08/2019 15:20:06] - |RD| - [21770] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [02/08/2019 04:33:28] - |D| - [4393] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center [05/08/2019 13:32:15] - |D| - [4818] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [02/08/2019 13:18:18] - |D| - [975] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [02/08/2019 13:11:33] - |D| - [2017] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID [01/08/2019 15:20:30] - |ASH| - [400] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini [19/08/2019 09:49:16] - |A| - [1017] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk [14/08/2019 13:34:54] - |A| - [2387] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk [27/08/2019 22:15:51] - |D| - [6966] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune Pro [12/04/2018 01:35:21] - |AS| - [2349] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk [01/08/2019 15:20:06] - |D| - [170] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance [14/08/2019 11:27:35] - |D| - [3920] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes [02/08/2019 10:51:51] - |A| - [1294] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk [02/08/2019 16:40:20] - |D| - [3659] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC x64 [02/08/2019 13:20:22] - |SD| - [7392] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.6 [01/08/2019 15:20:06] - |RD| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp [01/08/2019 15:20:06] - |RD| - [1458] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [01/08/2019 15:20:30] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | C:\Program Files (x86) [02/08/2019 04:32:23] - |D| - [106367910] - C:\Program Files (x86)\ATI Technologies [05/08/2019 13:31:54] - |D| - [558440489] - C:\Program Files (x86)\Avira [01/08/2019 15:20:06] - |D| - [24067105] - C:\Program Files (x86)\Common Files [01/08/2019 15:20:29] - |ASH| - [174] - C:\Program Files (x86)\desktop.ini [07/08/2019 10:22:35] - |D| - [282225165] - C:\Program Files (x86)\FormatFactory [14/08/2019 13:25:07] - |D| - [519663490] - C:\Program Files (x86)\Google [27/08/2019 22:15:50] - |D| - [4459582] - C:\Program Files (x86)\HD Tune Pro [01/08/2019 15:20:06] - |D| - [1996783] - C:\Program Files (x86)\Internet Explorer [01/08/2019 15:20:06] - |D| - [23935] - C:\Program Files (x86)\Microsoft.NET [19/08/2019 09:49:12] - |D| - [331005] - C:\Program Files (x86)\Mozilla Maintenance Service [02/08/2019 10:51:18] - |D| - [132293941] - C:\Program Files (x86)\Mozilla Thunderbird [01/08/2019 15:36:42] - |D| - [25757] - C:\Program Files (x86)\MSBuild [02/08/2019 13:18:41] - |D| - [331074823] - C:\Program Files (x86)\OpenOffice 4 [01/08/2019 15:36:42] - |D| - [38462721] - C:\Program Files (x86)\Reference Assemblies [01/08/2019 15:20:06] - |D| - [1780344] - C:\Program Files (x86)\Windows Defender [01/08/2019 15:20:06] - |D| - [625664] - C:\Program Files (x86)\Windows Mail [01/08/2019 15:36:42] - |D| - [3255239] - C:\Program Files (x86)\Windows Media Player [01/08/2019 15:20:06] - |D| - [40328] - C:\Program Files (x86)\Windows Multimedia Platform [01/08/2019 15:20:06] - |D| - [7556440] - C:\Program Files (x86)\windows nt [01/08/2019 15:20:06] - |D| - [5370120] - C:\Program Files (x86)\Windows Photo Viewer [01/08/2019 15:20:06] - |D| - [40328] - C:\Program Files (x86)\Windows Portable Devices [01/08/2019 15:20:06] - |SHD| - [0] - C:\Program Files (x86)\Windows Sidebar [01/08/2019 15:20:06] - |D| - [2251159] - C:\Program Files (x86)\WindowsPowerShell ---------- | C:\Program Files [02/08/2019 04:30:29] - |D| - [96636696] - C:\Program Files\AMD [02/08/2019 04:33:11] - |D| - [5595872] - C:\Program Files\ATI Technologies [02/08/2019 13:18:10] - |D| - [47323168] - C:\Program Files\CCleaner [01/08/2019 15:20:05] - |D| - [49043507] - C:\Program Files\Common Files [02/08/2019 13:11:32] - |D| - [3179791] - C:\Program Files\CPUID [01/08/2019 15:20:28] - |ASH| - [174] - C:\Program Files\desktop.ini [02/08/2019 04:42:39] - |SHD| - [0] - C:\Program Files\Fichiers communs [01/08/2019 15:20:05] - |D| - [2628602] - C:\Program Files\internet explorer [14/08/2019 11:26:52] - |D| - [173655619] - C:\Program Files\Malwarebytes [14/08/2019 17:17:03] - |D| - [193037423] - C:\Program Files\Mozilla Firefox [02/08/2019 16:40:07] - |D| - [49378811] - C:\Program Files\MPC-HC [01/08/2019 15:36:41] - |D| - [25757] - C:\Program Files\MSBuild [01/08/2019 15:36:41] - |D| - [36867241] - C:\Program Files\Reference Assemblies [02/08/2019 13:30:17] - |D| - [13416689] - C:\Program Files\rempl [02/08/2019 04:26:42] - |HD| - [0] - C:\Program Files\Uninstall Information [03/08/2019 13:17:39] - |D| - [15993424] - C:\Program Files\UNP [01/08/2019 15:20:05] - |D| - [19299507] - C:\Program Files\Windows Defender [01/08/2019 15:20:05] - |D| - [635392] - C:\Program Files\Windows Mail [01/08/2019 15:36:42] - |D| - [4784107] - C:\Program Files\Windows Media Player [01/08/2019 15:20:05] - |D| - [46576] - C:\Program Files\Windows Multimedia Platform [01/08/2019 15:20:05] - |D| - [7823192] - C:\Program Files\windows nt [01/08/2019 15:20:05] - |D| - [6170376] - C:\Program Files\Windows Photo Viewer [01/08/2019 15:20:05] - |D| - [46576] - C:\Program Files\Windows Portable Devices [01/08/2019 15:20:05] - |D| - [106165] - C:\Program Files\Windows Security [01/08/2019 15:20:05] - |SHD| - [0] - C:\Program Files\Windows Sidebar [01/08/2019 15:20:05] - |HD| - [1971109849] - C:\Program Files\WindowsApps [01/08/2019 15:20:05] - |D| - [2501953] - C:\Program Files\WindowsPowerShell [02/08/2019 13:23:13] - |D| - [7466728] - C:\Program Files\WinRAR ---------- | C:\Program Files (x86)\Common Files [01/08/2019 15:20:06] - |D| - [14512648] - C:\Program Files (x86)\Common Files\microsoft shared [01/08/2019 15:20:06] - |D| - [2702] - C:\Program Files (x86)\Common Files\Services [01/08/2019 15:20:06] - |D| - [9551755] - C:\Program Files (x86)\Common Files\system ---------- | C:\Program Files\Common files [02/08/2019 10:25:23] - |D| - [2045832] - C:\Program Files\Common files\AVAST Software [01/08/2019 15:20:05] - |D| - [36729490] - C:\Program Files\Common files\microsoft shared [01/08/2019 15:20:05] - |D| - [2702] - C:\Program Files\Common files\Services [01/08/2019 15:20:05] - |D| - [10265483] - C:\Program Files\Common files\system ---------- | Tasks [MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [02/08/2019 04:26:20] - |AH| - [6] - C:\Windows\Tasks\SA.DAT [MD5.00000000000000000000000000000000] - [02/08/2019 10:28:09] - |D| - [3996] - C:\Windows\System32\Tasks\Avast Software [MD5.F468D9C427053B6BDE8AD382302A194F] - [05/08/2019 13:37:01] - |A| - [3374] - C:\Windows\System32\Tasks\Avira_Antivirus_Systray : "C:\Program Files (x86)\Avira\Antivirus\avgnt.exe" [MD5.DCBEC165AC8C265DF22D390551C7C2DD] - [02/08/2019 13:18:27] - |A| - [4210] - C:\Windows\System32\Tasks\CCleaner Update : C:\Program Files\CCleaner\CCUpdate.exe [MD5.5B133B4B72AE1636A79A47E85825F570] - [02/08/2019 13:18:27] - |A| - [2238] - C:\Windows\System32\Tasks\CCleanerSkipUAC : "C:\Program Files\CCleaner\CCleaner.exe" [MD5.BBC1E7FC82AC85152152FA068E41CE66] - [14/08/2019 13:27:53] - |A| - [3464] - C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [MD5.BBCBE63C144E17EAA1DD939270C5FBC5] - [14/08/2019 13:27:54] - |A| - [3588] - C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [MD5.00000000000000000000000000000000] - [01/08/2019 15:20:07] - |D| - [523604] - C:\Windows\System32\Tasks\Microsoft [MD5.00000000000000000000000000000000] - [01/08/2019 15:20:21] - |D| - [0] - C:\Windows\Syswow64\Tasks\Microsoft ---------- | Firewall [HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules] "WiFiDirect-KM-Driver-In-TCP"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=System|Name=@wlansvc.dll,-37378|Desc=@wlansvc.dll,-37890|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "WiFiDirect-KM-Driver-Out-TCP"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=System|Name=@wlansvc.dll,-37379|Desc=@wlansvc.dll,-37891|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "WiFiDirect-KM-Driver-In-UDP"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=System|Name=@wlansvc.dll,-37380|Desc=@wlansvc.dll,-37892|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "WiFiDirect-KM-Driver-Out-UDP"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=System|Name=@wlansvc.dll,-37381|Desc=@wlansvc.dll,-37893|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "DeliveryOptimization-TCP-In"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-102|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE| "DeliveryOptimization-UDP-In"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-103|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE| "Netlogon-NamedPipe-In"=v2.28|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|Name=@netlogon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010| "Netlogon-TCP-RPC-In"=v2.28|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%SystemRoot%\System32\lsass.exe|Name=@netlogon.dll,-1008|Desc=@netlogon.dll,-1009|EmbedCtxt=@netlogon.dll,-1010| "WirelessDisplay-In-TCP"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10200|Desc=@wifidisplay.dll,-10201|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Out-TCP"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10202|Desc=@wifidisplay.dll,-10203|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Out-UDP"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10204|Desc=@wifidisplay.dll,-10205|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Infra-In-TCP"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7250|App=%systemroot%\system32\CastSrv.exe|Name=@wifidisplay.dll,-10206|Desc=@wifidisplay.dll,-10207|EmbedCtxt=@wifidisplay.dll,-100| "{28B43FC5-3BB9-4DE1-82CD-09EB56845BE3}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Shell Input Application|Desc=Shell Input Application|LUOwn=S-1-5-21-3990603123-2573632487-1218807564-1002|AppPkgId=S-1-15-2-3945102849-3632965805-3846928828-240845225-3300287824-62672950-817265009|EmbedCtxt=Shell Input Application|Platform=2:6:2|Platform2=GTEQ| "{4486E4B7-C7DD-4E1E-AAC3-62D99A3F4989}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Win32WebViewHost|Desc=Win32WebViewHost|LUOwn=S-1-5-21-3990603123-2573632487-1218807564-1002|AppPkgId=S-1-15-2-1310292540-1029022339-4008023048-2190398717-53961996-4257829345-603366646|EmbedCtxt=Win32WebViewHost|Platform=2:6:2|Platform2=GTEQ| "{0D081455-675D-4D54-8B3C-A2F0A8B3A61D}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Win32WebViewHost|Desc=Win32WebViewHost|LUOwn=S-1-5-21-3990603123-2573632487-1218807564-1002|AppPkgId=S-1-15-2-1310292540-1029022339-4008023048-2190398717-53961996-4257829345-603366646|EmbedCtxt=Win32WebViewHost|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{521A09C8-8C81-4D61-9C01-6CD37526AD31}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\FormatFactory\FormatFactory.exe|Name=Format Factory| "{5AC7DACE-D70D-41CB-88AA-718690B0691B}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe|Name=EBook Codec Downloader| "{5F0C0269-ED8E-45FD-B196-0CA419F52DA1}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files (x86)\Google\Chrome\Application\chrome.exe|Name=Google Chrome (mDNS-In)|Desc=Règle de trafic entrant pour Google Chrome autorisant le trafic mDNS|EmbedCtxt=Google Chrome| ---------- | Control\Class [HKLM\SYSTEM\CurrentControlSet\Control\Class\{05f5cfe2-4733-4950-a6bb-07aad01a3a84}] : (XboxComposite) [] -> @dc1-controller.inf,%ClassName%;Xbox Peripherals [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1264760F-A5C8-4BFE-B314-D56A7B44A362}] : (DXGKrnl) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{13e42dfa-85d9-424d-8646-28a70f864f9c}] : (RemotePosDevice) [] -> @remoteposdrv.inf,%ClassName%;POS Remote Device [HKLM\SYSTEM\CurrentControlSet\Control\Class\{14b62f50-3f15-11dd-ae16-0800200c9a66}] : (DigitalMediaDevices) [] -> @digitalmediadevice.inf,%ClassName%;Digital Media Devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}] : (PrintQueue) [] -> @printqueue.inf,%ClassName%;Print queues [HKLM\SYSTEM\CurrentControlSet\Control\Class\{25dbce51-6c8f-4a72-8a6d-b54c2b4fc835}] : (WCEUSBS) [] -> @%SystemRoot%\System32\SysClass.Dll,-3026 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{268c95a1-edfe-11d3-95c3-0010dc4050a5}] : (SecurityAccelerator) [] -> @c_sslaccel.inf,%ClassName%;Security accelerators [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2a9fe532-0cdc-44f9-9827-76192f2ca2fb}] : (HidMsr) [] -> @c_magneticstripereader.inf,%ClassName%;POS HID Magnetic Stripe Reader [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2db15374-706e-4131-a0c7-d7c78eb0289a}] : (SystemRecovery) [] -> @c_fssystemrecovery.inf,%ClassDesc%;FS System recovery filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B648}] : (fvevol) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B649}] : (fvevol) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{36fc9e60-c465-11cf-8056-444553540000}] : (USB) [] -> @%SystemRoot%\System32\SysClass.Dll,-3025 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3e3f0674-c83c-4558-bb26-9820e1eba5c5}] : (ContentScreener) [] -> @c_fscontentscreener.inf,%ClassDesc%;FS Content screener filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{43675d81-502a-4a82-9f84-b75f418c5dea}] : (Media Center Extender) [] -> @c_mcx.inf,%ClassDesc%;Media Center Extenders [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4658ee7e-f050-11d1-b6bd-00c04fa372a7}] : (PnpPrinters) [] -> @%SystemRoot%\system32\ntprint.dll,-1300 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{48721b56-6795-11d2-b1a8-0080c72e74a2}] : (Dot4) [] -> @%SystemRoot%\system32\sysclass.dll,-3023 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{48d3ebc4-4cf8-48ff-b869-9c68ad42eb9f}] : (Replication) [] -> @c_fsreplication.inf,%ClassDesc%;FS Replication filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{49ce6ac8-6f86-11d2-b1e5-0080c72e74a2}] : (Dot4Print) [] -> @%SystemRoot%\system32\sysclass.dll,-3024 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e965-e325-11ce-bfc1-08002be10318}] : (CDROM) [] -> @%SystemRoot%\System32\StorProp.dll,-17001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e966-e325-11ce-bfc1-08002be10318}] : (Computer) [] -> @%SystemRoot%\System32\SysClass.dll,-3000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}] : (DiskDrive) [] -> @c_diskdrive.inf,%ClassDesc%;Disk drives [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}] : (Display) [] -> @c_display.inf,%ClassDesc%;Display adapters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e969-e325-11ce-bfc1-08002be10318}] : (FDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3013 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96a-e325-11ce-bfc1-08002be10318}] : (HDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96b-e325-11ce-bfc1-08002be10318}] : (Keyboard) [] -> @%SystemRoot%\System32\SysClass.Dll,-3002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96c-e325-11ce-bfc1-08002be10318}] : (MEDIA) [] -> @%SystemRoot%\System32\mmci.dll,-3000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}] : (Modem) [] -> @%SystemRoot%\System32\mdminst.dll,-14100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96e-e325-11ce-bfc1-08002be10318}] : (Monitor) [] -> @c_monitor.inf,%ClassDesc%;Monitors [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96f-e325-11ce-bfc1-08002be10318}] : (Mouse) [] -> @%SystemRoot%\System32\SysClass.Dll,-3004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e970-e325-11ce-bfc1-08002be10318}] : (MTD) [] -> @%SystemRoot%\System32\SysClass.Dll,-3021 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e971-e325-11ce-bfc1-08002be10318}] : (MultiFunction) [] -> @%SystemRoot%\System32\SysClass.Dll,-3014 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}] : (Net) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1502 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e973-e325-11ce-bfc1-08002be10318}] : (NetClient) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1504 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e974-e325-11ce-bfc1-08002be10318}] : (NetService) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1505 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e975-e325-11ce-bfc1-08002be10318}] : (NetTrans) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1503 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e977-e325-11ce-bfc1-08002be10318}] : (PCMCIA) [] -> @%SystemRoot%\System32\SysClass.Dll,-3010 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e978-e325-11ce-bfc1-08002be10318}] : (Ports) [] -> @%SystemRoot%\System32\msports.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e979-e325-11ce-bfc1-08002be10318}] : (Printer) [] -> @%SystemRoot%\system32\ntprint.dll,-1004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97b-e325-11ce-bfc1-08002be10318}] : (SCSIAdapter) [] -> @%SystemRoot%\System32\SysClass.Dll,-3005 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97d-e325-11ce-bfc1-08002be10318}] : (System) [] -> @%SystemRoot%\System32\SysClass.Dll,-3008 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97e-e325-11ce-bfc1-08002be10318}] : (Unknown) [] -> @%SystemRoot%\System32\SysClass.Dll,-3009 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e980-e325-11ce-bfc1-08002be10318}] : (FloppyDisk) [] -> @%SystemRoot%\System32\SysClass.Dll,-3015 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4fc9541c-0fe6-4480-a4f6-9495a0d17cd2}] : (HidLineDisplay) [] -> @c_linedisplay.inf,%ClassName%;POS Line Display [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50127dc3-0f36-415e-a6cc-4cb3be910b65}] : (Processor) [] -> @c_processor.inf,%ClassDesc%;Processors [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50906cb8-ba12-11d1-bf5d-0000f805f530}] : (MultiPortSerial) [] -> @%SystemRoot%\system32\sysclass.dll,-3022 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5099944a-f6b9-4057-a056-8c550228544c}] : (Memory) [] -> @%SystemRoot%\System32\SysClass.Dll,-3018 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50dd5230-ba8a-11d1-bf5d-0000f805f530}] : (SmartCardReader) [] -> @%SystemRoot%\System32\StorProp.dll,-17002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5175d334-c371-4806-b3ba-71fd53c9258d}] : (Sensor) [] -> @%SystemRoot%\system32\SensorsCpl.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{533c5b84-ec70-11d2-9505-00c04f79deaf}] : (VolumeSnapshot) [] -> @%SystemRoot%\System32\SysClass.Dll,-3011 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53487c23-680f-4585-acc3-1f10d6777e82}] : (SmrDisk) [] -> @c_smrdisk.inf,%ClassDesc%;Shingled magnetic recording disks [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53966cb1-4d46-4166-bf23-c522403cd495}] : (ScmDisk) [] -> @c_scmdisk.inf,%ClassDesc%;Persistent memory disks [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53b3cf03-8f5a-4788-91b6-d19ed9fcccbf}] : (SmrVolume) [] -> @c_smrvolume.inf,%ClassDesc%;Shingled magnetic recording volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53ccb149-e543-4c84-b6e0-bce4f6b7e806}] : (ScmVolume) [] -> @c_scmvolume.inf,%ClassDesc%;Storage Class Memory volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53d29ef7-377c-4d14-864b-eb3a85769359}] : (Biometric) [] -> @%SystemRoot%\System32\SysClass.DLL,-3028 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5630831c-06c9-4856-b327-f5d32586e060}] : (Proximity) [] -> @c_proximity.inf,%ClassDesc%;Proximity devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5989fce8-9cd0-467d-8a6a-5419e31529d4}] : (AudioProcessingObject) [] -> @c_apo.inf,%ClassDesc%;Audio Processing Objects (APOs) [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5aea001d-9372-4ed7-97f3-b79bf15a53c5}] : (OposLegacyDevice) [] -> @oposdrv.inf,%ClassName%;OPOS Legacy Device [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5c4c3332-344d-483c-8739-259e934c9cc8}] : (SoftwareComponent) [] -> @c_swcomponent.inf,%ClassDesc%;Software components [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5d1b9aaa-01e2-46af-849f-272b3f324c46}] : (FSFilterSystem) [] -> @c_fssystem.inf,%ClassDesc%;FS System filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{62f9c741-b25a-46ce-b54c-9bccce08b6f2}] : (SoftwareDevice) [] -> @c_swdevice.inf,%ClassDesc%;Software devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{645ad99b-1344-4316-837a-08a3e73db222}] : (PerceptionSimulation) [] -> @PerceptionSimulationSixDof.inf,%ClassName%;Perception Simulation Controllers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6a0a8e78-bba6-4fc4-a709-1e33cd09d67e}] : (PhysicalQuotaManagement) [] -> @c_fsphysicalquotamgmt.inf,%ClassDesc%;FS Physical quota management filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc1-810f-11d0-bec7-08002be2092f}] : (1394) [] -> @%SystemRoot%\System32\SysClass.Dll,-3016 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc5-810f-11d0-bec7-08002be2092f}] : (Infrared) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1501 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc6-810f-11d0-bec7-08002be2092f}] : (Image) [] -> @%SystemRoot%\system32\sti_ci.dll,-52 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6d807884-7d21-11cf-801c-08002be10318}] : (TapeDrive) [] -> @%SystemRoot%\System32\SysClass.Dll,-3006 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6FAE73B7-B735-4B50-A0DA-0DC2484B1F1A}] : (BasicDisplay) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{71a27cdd-812a-11d0-bec7-08002be2092f}] : (Volume) [] -> @c_volume.inf,%ClassDesc%;Storage volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{71aa14f8-6fad-4622-ad77-92bb9d7e6947}] : (ContinuousBackup) [] -> @c_fscontinuousbackup.inf,%ClassDesc%;FS Continuous backup filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{72631e54-78a4-11d0-bcf7-00aa00b7b32a}] : (Battery) [] -> @%SystemRoot%\system32\powrprof.dll,-611 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{745a17a0-74d3-11d0-b6fe-00a0c90f57da}] : (HIDClass) [] -> @%SystemRoot%\System32\hid.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{772e18f2-8925-4229-a5ac-6453cb482fda}] : (HidCashDrawer) [] -> @c_cashdrawer.inf,%ClassName%;POS Cash Drawer [HKLM\SYSTEM\CurrentControlSet\Control\Class\{7ebefbc0-3200-11d2-b4c2-00a0c9697d07}] : (61883) [] -> @%SystemRoot%\System32\SysClass.Dll,-3019 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{81C87465-DE07-4EFC-9D93-61E891D52FD2}] : (RdpVideoMiniport) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8496e87e-c0a1-4102-9d8d-bd9a9b8b07a9}] : (WDC_SAM) [] -> @oem24.inf,%WDC_SAM_ClassName%;WD Drive Management devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8503c911-a6c7-4919-8f79-5028f5866b0c}] : (QuotaManagement) [] -> @c_fsquotamgmt.inf,%ClassDesc%;FS Quota management filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{87ef9ad1-8f70-49ee-b215-ab1fcadcbe3c}] : (NetDriver) [] -> @c_netdriver.inf,%ClassDesc%;Universal Network Drivers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{88a1c342-4539-11d3-b88d-00c04fad5171}] : (TS_Generic) [] -> @ts_generic.inf,%TSClassName%;Generic Remote Desktop devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{88bae032-5a81-49f0-bc3d-a4ff138216d6}] : (USBDevice) [] -> @%SystemRoot%\System32\SysClass.Dll,-3029 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{89786ff1-9c12-402f-9c9e-17753c7f4375}] : (CopyProtection) [] -> @c_fscopyprotection.inf,%ClassDesc%;FS Copy protection filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8ecc055d-047f-11d1-a537-0000f8753ed1}] : (LegacyDriver) [] -> @%SystemRoot%\System32\SysClass.Dll,-3003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{990a2bd7-e738-46c7-b26f-1cf8fb9f1391}] : (SmartCard) [] -> @%SystemRoot%\System32\SysClass.DLL,-3031 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{9da2b80f-f89f-4a49-a5c2-511b085b9e8a}] : (EhStorSilo) [] -> @rawsilo.inf,%ClassName%;IEEE 1667 silo and control devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a588a4-c46f-4b37-b7ea-c82fe89870c6}] : (SDHost) [] -> @%SystemRoot%\System32\SysClass.Dll,-3012 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a701c0-a511-42ff-aa6c-06dc0395576f}] : (Encryption) [] -> @c_fsencryption.inf,%ClassDesc%;FS Encryption filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{A3E32DBA-BA89-4F17-8386-2D0127FBD4CC}] : (rdpbus) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b1d1a169-c54f-4379-81db-bee7d88d7454}] : (AntiVirus) [] -> @c_fsantivirus.inf,%ClassDesc%;FS Anti-virus filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b2728d24-ac56-42db-9e02-8edaf5db652f}] : (RDCamera) [] -> @rdcameradriver.inf,%ClassName%;Remote Desktop Camera devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b86dff51-a31e-4bac-b3cf-e8cfe75c9fc2}] : (ActivityMonitor) [] -> @c_fsactivitymonitor.inf,%ClassDesc%;FS Activity monitor filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{bbbe8734-08fa-4966-b6a6-4e5ad010cdd7}] : (USBFunctionController) [] -> @%SystemRoot%\System32\SysClass.Dll,-3030 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c06ff265-ae09-48f0-812c-16753d7cba83}] : (AVC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3027 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c166523c-fe0c-4a94-a586-f1a80cfbbf3e}] : (AudioEndpoint) [] -> @audioendpoint.inf,%ClassName%;Audio inputs and outputs [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c243ffbd-3afc-45e9-b3d3-2ba18bc7ebc5}] : (BarcodeScanner) [] -> @c_barcodescanner.inf,%ClassName%;POS Barcode Scanner [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c30ecea0-11ef-4ef9-b02e-6af81e6e65c0}] : (WSDPrintDevice) [] -> @wsdprint.inf,%ClassName%;WSD Print Provider [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c7bc9b22-21f0-4f0d-9bb6-66c229b8cd33}] : (POSPrinter) [] -> @c_receiptprinter.inf,%ClassName%;POS Receipt Printer [HKLM\SYSTEM\CurrentControlSet\Control\Class\{ca3e7ab9-b4c3-4ae6-8251-579ef933890f}] : (Camera) [] -> @c_camera.inf,%ClassDesc%;Cameras [HKLM\SYSTEM\CurrentControlSet\Control\Class\{cdcf0939-b75b-4630-bf76-80f7ba655884}] : (CFSMetadataServer) [] -> @c_fscfsmetadataserver.inf,%ClassDesc%;FS CFS metadata server filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{ce5939ae-ebde-11d0-b181-0000f8753ec4}] : (MediumChanger) [] -> @%SystemRoot%\System32\StorProp.dll,-17003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d02bc3da-0c8e-4945-9bd5-f1883c226c8c}] : (SecurityEnhancer) [] -> @c_fssecurityenhancer.inf,%ClassDesc%;FS Security enhancer filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d421b08e-6d16-41ca-9c4d-9147e5ac98e0}] : (Miracast) [] -> @miradisp.inf,%ClassName%;Miracast display devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d48179be-ec20-11d1-b6b8-00c04fa372a7}] : (SBP2) [] -> @%SystemRoot%\System32\SysClass.Dll,-3017 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d546500a-2aeb-45f6-9482-f4b1799c3177}] : (HSM) [] -> @c_fshsm.inf,%ClassDesc%;FS HSM filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d612553d-06b1-49ca-8938-e39ef80eb16f}] : (Holographic) [] -> @c_holographic.inf,%ClassName%;Mixed Reality devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d61ca365-5af4-4486-998b-9db4734c6ca3}] : (XnaComposite) [] -> @xusb22.inf,%XUSB22.ClassName%;Xbox 360 Peripherals [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d94ee5d8-d189-4994-83d2-f68d7d41b0e6}] : (SecurityDevices) [] -> @%SystemRoot%\System32\SysClass.Dll,-3020 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{db4f6ddd-9c0e-45e4-9597-78dbbad0f412}] : (SmartCardFilter) [] -> @%SystemRoot%\System32\SysClass.DLL,-3032 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{E004269C-D387-4461-B955-25A64CFE23CE}] : (amdkmdag) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e0cbf06c-cd8b-4647-bb8a-263b43f0f974}] : (Bluetooth) [] -> @%SystemRoot%\system32\bthci.dll,-4001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e2f84ce7-8efa-411c-aa69-97454ca4cb57}] : (Extension) [] -> @c_extension.inf,%ClassDesc%;Extensions [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e55fa6f9-128c-4d04-abab-630c74b1453a}] : (Infrastructure) [] -> @c_fsinfrastructure.inf,%ClassDesc%;FS Infrastructure filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e6f1aa1c-7f3b-4473-b2e8-c97d8ac71d53}] : (UCM) [] -> @c_ucm.inf,%ClassDesc%;USB Connector Managers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{eb781aaf-9c70-4523-a5df-642a87eca567}] : (libusb-win32 devices) [] -> libusb-win32 devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{eec5ad98-8080-425f-922a-dabf3de3f69a}] : (WPD) [] -> @%SystemRoot%\System32\wpd_ci.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f2e7dd72-6468-4e36-b6f1-6488f42c1b52}] : (Firmware) [] -> @c_firmware.inf,%ClassDesc%;Firmware [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f3586baf-b5aa-49b5-8d6c-0569284c639f}] : (Compression) [] -> @c_fscompression.inf,%ClassDesc%;FS Compression filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f75a86c0-10d8-4c3a-b233-ed60e4cdfaac}] : (Virtualization) [] -> @c_fsvirtualization.inf,%ClassDesc%;FS Virtualization filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f8ecafa6-66d1-41a5-899b-66585d7216b7}] : (OpenFileBackup) [] -> @c_fsopenfilebackup.inf,%ClassDesc%;FS Open file backup filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{fe8f1572-c67a-48c0-bbac-0b5c6d66cafb}] : (Undelete) [] -> @c_fsundelete.inf,%ClassDesc%;FS Undelete filters [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5] -> elstrans.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) ---------- | Loaded modules (whitelist) [05/08/2019 13:36:42] - (15.0.44.17) - (Avira Operations GmbH & Co. KG - Avira USB Filter Driver) - C:\Windows\System32\Drivers\avusbflt.sys [05/08/2019 13:36:41] - (15.0.1906.69) - (Avira Operations GmbH & Co. KG - Avira USB Feature Driver) - C:\Windows\system32\DRIVERS\avdevprot.sys [05/08/2019 13:36:42] - (15.0.44.17) - (Avira Operations GmbH & Co. KG - Avira Manager Driver) - C:\Windows\system32\DRIVERS\avkmgr.sys [05/08/2019 13:36:41] - (15.0.1907.112) - (Avira Operations GmbH & Co. KG - Avira Driver for Security Enhancement) - C:\Windows\system32\DRIVERS\avipbb.sys [05/08/2019 13:36:41] - (15.0.1907.117) - (Avira Operations GmbH & Co. KG - Avira Minifilter Driver) - C:\Windows\system32\DRIVERS\avgntflt.sys [05/08/2019 13:36:42] - (15.0.44.17) - (Avira Operations GmbH & Co. KG - Avira WFP Network Driver) - C:\Windows\system32\DRIVERS\avnetflt.sys ---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service S0 - [Kernel Driver] - 3ware () -> System32\drivers\3ware.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - ACPI (@acpi.inf,%ACPI.SvcDesc%;Microsoft ACPI Driver) -> System32\drivers\ACPI.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - acpiex (Microsoft ACPIEx Driver) -> System32\Drivers\acpiex.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - ADP80XX () -> System32\drivers\ADP80XX.SYS - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - ahcix64s () -> System32\drivers\ahcix64s.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdsata () -> System32\drivers\amdsata.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdsbs () -> System32\drivers\amdsbs.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdxata () -> System32\drivers\amdxata.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - amd_sata () -> System32\drivers\amd_sata.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - amd_xata () -> System32\drivers\amd_xata.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - arcsas (@arcsas.inf,%arcsas_ServiceName%;Adaptec SAS/SATA-II RAID Storport's Miniport Driver) -> System32\drivers\arcsas.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - atapi (@mshdc.inf,%idechannel.DeviceDesc%;IDE Channel) -> System32\drivers\atapi.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - AtiPcie (@oem0.inf,%ATIPCIE_svcdesc%;AMD PCI Express (3GIO) Filter) -> System32\drivers\AtiPcie64.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - avdevprot (avdevprot) -> system32\DRIVERS\avdevprot.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - avelam () -> system32\drivers\avelam.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - avusbflt (avusbflt) -> System32\Drivers\avusbflt.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - b06bdrv (@netbvbda.inf,%vbd_srv_desc%;QLogic Network Adapter VBD) -> System32\drivers\bxvbda.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - bttflt (@virtdisk.inf,%service_desc%;Microsoft Hyper-V VHDPMEM BTT Filter) -> System32\drivers\bttflt.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - cht4iscsi () -> System32\drivers\cht4sx64.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - CLFS (@%SystemRoot%\system32\drivers\clfs.sys,-100) -> System32\drivers\CLFS.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - CNG () -> System32\Drivers\cng.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - Disk (@disk.inf,%disk_ServiceDesc%;Disk Driver) -> System32\drivers\disk.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - ebdrv (@netevbda.inf,%vbd_srv_desc%;QLogic 10 Gigabit Ethernet Adapter VBD) -> System32\drivers\evbda.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - EhStorClass (@%SystemRoot%\system32\drivers\EhStorClass.sys,-100) -> System32\drivers\EhStorClass.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - EhStorTcgDrv (@ehstortcgdrv.inf,%EhStorTcgDrv.Desc%;Microsoft driver for storage devices supporting IEEE 1667 and TCG protocols) -> System32\drivers\EhStorTcgDrv.sys - AcceptPause: False - AcceptStop: False R0 - [File System Driver] - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) -> System32\drivers\fileinfo.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) -> system32\drivers\fltmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) -> System32\DRIVERS\fvevol.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - HpSAMD () -> System32\drivers\HpSAMD.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) -> System32\drivers\hwpolicy.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - iaStorAVC (@iastorav.inf,%iaStorAVC.DeviceDesc%;Intel Chipset SATA RAID Controller) -> System32\drivers\iaStorAVC.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - iaStorV (@iastorv.inf,%*PNP0600.DeviceDesc%;Intel RAID Controller Windows 7) -> System32\drivers\iaStorV.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - intelide () -> System32\drivers\intelide.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - intelpep (@intelpep.inf,%INTELPEP.SVCDESC%;Intel(R) Power Engine Plug-in Driver) -> System32\drivers\intelpep.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - iorate (@%SystemRoot%\system32\drivers\iorate.sys,-101) -> system32\drivers\iorate.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - isapnp () -> System32\drivers\isapnp.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - ItSas35i () -> System32\drivers\ItSas35i.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - KSecDD () -> System32\Drivers\ksecdd.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - KSecPkg () -> System32\Drivers\ksecpkg.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - LSI_SAS () -> System32\drivers\lsi_sas.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SAS2i () -> System32\drivers\lsi_sas2i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SAS3i () -> System32\drivers\lsi_sas3i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SSS () -> System32\drivers\lsi_sss.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - MbamElam (MbamElam) -> system32\DRIVERS\MbamElam.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasas () -> System32\drivers\megasas.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasas2i () -> System32\drivers\MegaSas2i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasas35i () -> System32\drivers\megasas35i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasr () -> System32\drivers\megasr.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) -> System32\drivers\mountmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - msisadrv () -> System32\drivers\msisadrv.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - Mup (@%systemroot%\system32\drivers\mup.sys,-101) -> System32\Drivers\mup.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - mvumis () -> System32\drivers\mvumis.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) -> system32\drivers\ndis.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - nvraid () -> System32\drivers\nvraid.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - nvstor () -> System32\drivers\nvstor.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) -> System32\drivers\partmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - pci (@pci.inf,%pci_svcdesc%;PCI Bus Driver) -> System32\drivers\pci.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - pciide () -> System32\drivers\pciide.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - pcmcia () -> System32\drivers\pcmcia.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - pcw (Performance Counters for Windows Driver) -> System32\drivers\pcw.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - pdc (@%SystemRoot%\system32\drivers\pdc.sys,-100) -> system32\drivers\pdc.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - percsas2i () -> System32\drivers\percsas2i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - percsas3i () -> System32\drivers\percsas3i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - Ramdisk (Windows RAM Disk Driver) -> system32\DRIVERS\ramdisk.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - rdyboost (ReadyBoost) -> System32\drivers\rdyboost.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - sbp2port (@sbp2.inf,%sbp2_ServiceDesc%;SBP-2 Transport/Protocol Bus Driver) -> System32\drivers\sbp2port.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - scmbus (@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver) -> System32\drivers\scmbus.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - SgrmAgent (@%SystemRoot%\System32\Drivers\SgrmAgent.sys,-1001) -> system32\drivers\SgrmAgent.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - SiSRaid2 () -> System32\drivers\SiSRaid2.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - SiSRaid4 () -> System32\drivers\sisraid4.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - spaceport (@spaceport.inf,%Spaceport_ServiceDesc%;Storage Spaces Driver) -> System32\drivers\spaceport.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - stexstor () -> System32\drivers\stexstor.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storahci (@mshdc.inf,%storahci_ServiceDescription%;Microsoft Standard SATA AHCI Driver) -> System32\drivers\storahci.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storflt (@wstorflt.inf,%service_desc%;Microsoft Hyper-V Storage Accelerator) -> System32\drivers\vmstorfl.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - stornvme (@stornvme.inf,%StorNVMe_ServiceDesc%;Microsoft Standard NVM Express Driver) -> System32\drivers\stornvme.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storufs (@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver) -> System32\drivers\storufs.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storvsc () -> System32\drivers\storvsc.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - Tcpip (@%SystemRoot%\system32\drivers\tcpip.sys,-10001) -> System32\drivers\tcpip.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - vdrvroot (@vdrvroot.inf,%vdrvroot_svcdesc%;Microsoft Virtual Drive Enumerator) -> System32\drivers\vdrvroot.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - vmbus (@wvmbus.inf,%vmbus.SVCDESC%;Virtual Machine Bus) -> System32\drivers\vmbus.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - volmgr (@volmgr.inf,%volmgr_svcdesc%;Volume Manager Driver) -> System32\drivers\volmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) -> System32\drivers\volmgrx.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volsnap (@%SystemRoot%\system32\drivers\volsnap.sys,-100) -> System32\drivers\volsnap.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volume (@volume.inf,%VolumeServiceDesc%;Volume driver) -> System32\drivers\volume.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - vsmraid () -> System32\drivers\vsmraid.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - VSTXRAID (@vstxraid.inf,%Driver.DeviceDesc%;VIA StorX Storage RAID Controller Windows Driver) -> System32\drivers\vstxraid.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) -> system32\drivers\Wdf01000.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WFPLWFS (@%SystemRoot%\System32\drivers\wfplwfs.sys,-6000) -> System32\drivers\wfplwfs.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WindowsTrustedRT (Windows Trusted Execution Environment Class Extension) -> system32\drivers\WindowsTrustedRT.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WindowsTrustedRTProxy (@WindowsTrustedRTProxy.inf,%WindowsTrustedRTProxy.SVCDESC%;Microsoft Windows Trusted Runtime Secure Service) -> System32\drivers\WindowsTrustedRTProxy.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - Wof (Windows Overlay File System Filter Driver) -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) -> \SystemRoot\system32\drivers\afd.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - afunix (afunix) -> \SystemRoot\system32\drivers\afunix.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - ahcache (@%systemroot%\system32\drivers\ahcache.sys,-102) -> system32\DRIVERS\ahcache.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - avipbb (avipbb) -> \SystemRoot\system32\DRIVERS\avipbb.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - avkmgr (avkmgr) -> \SystemRoot\system32\DRIVERS\avkmgr.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - bam (@%SystemRoot%\system32\drivers\bam.sys,-100) -> system32\drivers\bam.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - BasicDisplay () -> \SystemRoot\System32\drivers\BasicDisplay.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - BasicRender () -> \SystemRoot\System32\drivers\BasicRender.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Beep (Beep) -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - cdrom (@cdrom.inf,%cdrom_ServiceDesc%;CD-ROM Driver) -> \SystemRoot\System32\drivers\cdrom.sys - AcceptPause: False - AcceptStop: True S1 - [Kernel Driver] - dam (@%SystemRoot%\system32\drivers\dam.sys,-100) -> system32\drivers\dam.sys - AcceptPause: False - AcceptStop: False R1 - [File System Driver] - Dfsc (@%systemroot%\system32\wkssvc.dll,-1008) -> System32\Drivers\dfsc.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - DXGKrnl (LDDM Graphics Subsystem) -> \SystemRoot\System32\drivers\dxgkrnl.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - ESProtectionDriver (Malwarebytes Anti-Exploit) -> \??\C:\Windows\system32\drivers\mbae64.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - FileCrypt (@%systemroot%\system32\drivers\filecrypt.sys,-100) -> system32\drivers\filecrypt.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - GpuEnergyDrv (@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100) -> System32\drivers\gpuenergydrv.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - Msfs () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - mssmbios (@mssmbios.inf,%mssmbios_svcdesc%;Microsoft System Management BIOS Driver) -> \SystemRoot\System32\drivers\mssmbios.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - NetBIOS (@%windir%\system32\drivers\netbios.sys,-503) -> system32\drivers\netbios.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - NetBT (@%SystemRoot%\system32\drivers\netbt.sys,-2) -> System32\DRIVERS\netbt.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - Npfs () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - npsvctrig (@npsvctrig.inf,%NPSVCTRIG.SvcDisplayName%;Named pipe service trigger provider) -> \SystemRoot\System32\drivers\npsvctrig.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) -> system32\drivers\nsiproxy.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Null () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Psched (@%windir%\System32\drivers\pacer.sys,-101) -> System32\drivers\pacer.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) -> system32\DRIVERS\rdbss.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) -> \SystemRoot\system32\DRIVERS\tdx.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - vwififlt (@%SystemRoot%\System32\drivers\vwififlt.sys,-259) -> System32\drivers\vwififlt.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - avgntflt (avgntflt) -> system32\DRIVERS\avgntflt.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - avnetflt (avnetflt) -> \SystemRoot\system32\DRIVERS\avnetflt.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - CldFlt (Windows Cloud Files Filter Driver) -> system32\drivers\cldflt.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - lltdio (@%SystemRoot%\system32\lltdres.dll,-6) -> system32\drivers\lltdio.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) -> \SystemRoot\system32\drivers\luafv.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - MBAMChameleon (MBAMChameleon) -> \SystemRoot\System32\Drivers\MbamChameleon.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - MMCSS (@%systemroot%\system32\drivers\mmcss.sys,-100) -> \SystemRoot\system32\drivers\mmcss.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - mrxsmb10 (@%systemroot%\system32\wkssvc.dll,-1004) -> system32\DRIVERS\mrxsmb10.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - MsLldp (@%SystemRoot%\system32\drivers\mslldp.sys,-200) -> system32\drivers\mslldp.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - Ndu (@%SystemRoot%\system32\drivers\Ndu.sys,-10001) -> system32\drivers\Ndu.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - PEAUTH (PEAUTH) -> system32\drivers\peauth.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - rspndr (@%SystemRoot%\system32\lltdres.dll,-5) -> system32\drivers\rspndr.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - storqosflt (@%SystemRoot%\System32\drivers\storqosflt.sys,-101) -> system32\drivers\storqosflt.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - tcpipreg (TCP/IP Registry Compatibility) -> System32\drivers\tcpipreg.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - wanarp (@%systemroot%\system32\mprmsg.dll,-32011) -> System32\DRIVERS\wanarp.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - wcifs (@%systemroot%\system32\drivers\wcifs.sys,-100) -> \SystemRoot\system32\drivers\wcifs.sys - AcceptPause: False - AcceptStop: True ---------- | System files (Microsoft|Avast|Atheros|Adaptec|Brother|Intel Files whitelisted) ---------- | Uninstall (Whitelist) [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{063E67F0-C298-8A2A-0FA6-84C15322A4E0}] : (ccc-utility64.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{E7366CA8-7179-77AE-E712-BA18D70A0A07}] : (AMD Fuel.-.Advanced Micro Devices, Inc.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{07326A3E-02B3-1078-25D7-B8666BA8FE15}] : (CCC Help Korean.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{085EBD0C-F24E-EB94-6D33-2A22EF64C5CF}] : (CCC Help Finnish.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{11087D24-567D-7D88-69C6-D7A08B5F4C47}] : (Catalyst Control Center - Branding.-.Advanced Micro Devices, Inc.) -> MsiExec.exe /I{11087D24-567D-7D88-69C6-D7A08B5F4C47} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1AD99E77-37CC-744E-39CA-67F6FD34565A}] : (Catalyst Control Center Localization All.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1BB85E73-0D92-604A-0AAF-C7AAD5E3A3C6}] : (CCC Help English.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1E72F5D1-553E-CFF9-06A3-8C5AF507DD1C}] : (CCC Help French.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{25ACE797-EBDA-0E4B-096F-9FE97A1E2A6F}] : (CCC Help Russian.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{2D07E15C-A9A4-D8D6-D371-92EC8779E587}] : (CCC Help Hungarian.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{350E61E5-6C2C-2F3C-3A14-7E094AB6D3A0}] : (CCC Help Spanish.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{35A71DED-DA81-1313-352A-EC8A0B27DF3B}] : (CCC Help Chinese Standard.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{42F08141-3F60-46FF-A5B4-08C4783DACFE}] : (Avira.-.Avira Operations GmbH & Co. KG) -> MsiExec.exe /X{42F08141-3F60-46FF-A5B4-08C4783DACFE} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{50D70A8D-0503-4AA6-97EF-09849E9FB520}] : (OpenOffice 4.1.6.-.Apache Software Foundation) -> MsiExec.exe /I{50D70A8D-0503-4AA6-97EF-09849E9FB520} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}] : (Google Update Helper.-.Google LLC) -> MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{64D5A142-BD50-726E-ED9E-D2508D2A17E2}] : (Catalyst Control Center InstallProxy.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{6FDCB1C3-9EDC-3CBC-473C-DD85ED5E0494}] : (CCC Help German.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{79D22166-78C1-2AD4-04E7-BD22BD58FD46}] : (CCC Help Chinese Traditional.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{82CA1714-13EA-F419-91FE-12834424745E}] : (CCC Help Italian.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{8CBC65A3-40AB-DE65-2CB1-997ABDA8FD68}] : (CCC Help Turkish.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{8FFCCB27-EE2D-D58F-5ABD-ED5C06B91E81}] : (CCC Help Swedish.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A5A6A4D0-2005-2A05-2E21-495808CF95ED}] : (CCC Help Norwegian.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A760847A-C4D9-E7EF-716F-07C6CBF6B147}] : (CCC Help Thai.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AF0FDA86-6E7B-1A6C-51D4-43AF50181ED2}] : (AMD Catalyst Control Center.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{B839153C-D4D2-F89C-5033-0A160C62706B}] : (CCC Help Portuguese.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{C1EA3764-1138-AE27-AD63-549BAD99BA15}] : (CCC Help Japanese.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{C3D13AB8-468A-0174-1D06-DB9AAE8A131B}] : (CCC Help Czech.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{CA95D57F-9FC3-0DD7-7C36-362F74D8C04E}] : (CCC Help Dutch.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{E817E580-6318-AFC8-2102-322C73117EC4}] : (CCC Help Polish.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F77474EE-EB6C-C87B-88AF-3310C848E068}] : (CCC Help Greek.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F8DDBE95-DCBE-03B5-5359-DE3601146E21}] : (CCC Help Danish.-.Advanced Micro Devices, Inc.) -> ---------- | Ports ---------- | Installer [HKCR\Installer\Products\085E718E81368CFA122023C23711E74C] : CCC Help Polish -> C:\Windows\Installer\{E817E580-6318-AFC8-2102-322C73117EC4}\ARPPRODUCTICON.exe [HKCR\Installer\Products\0D4A6A5A500250A2E212948580FC59DE] : CCC Help Norwegian -> C:\Windows\Installer\{A5A6A4D0-2005-2A05-2E21-495808CF95ED}\ARPPRODUCTICON.exe [HKCR\Installer\Products\0F76E360892CA2A8F06A481C35224A0E] : ccc-utility64 -> C:\Windows\Installer\{063E67F0-C298-8A2A-0FA6-84C15322A4E0}\ARPPRODUCTICON.exe [HKCR\Installer\Products\14180F2406F3FF645A4B804C87D3CAEF] : Avira [HKCR\Installer\Products\1616DA6174E21FB4AA779064FE9EE380] : Update for Windows 10 for x64-based Systems (KB4023057) [HKCR\Installer\Products\1D5F27E1E3559FFC603AC8A55F70DDC1] : CCC Help French -> C:\Windows\Installer\{1E72F5D1-553E-CFF9-06A3-8C5AF507DD1C}\ARPPRODUCTICON.exe [HKCR\Installer\Products\241A5D4605DBE627DEE92D05D8A2712E] : Catalyst Control Center InstallProxy -> C:\Windows\Installer\{64D5A142-BD50-726E-ED9E-D2508D2A17E2}\ARPPRODUCTICON.exe [HKCR\Installer\Products\37E58BB129D0A406A0FA7CAA5D3E3A6C] : CCC Help English -> C:\Windows\Installer\{1BB85E73-0D92-604A-0AAF-C7AAD5E3A3C6}\ARPPRODUCTICON.exe [HKCR\Installer\Products\3A56CBC8BA0456EDC21B99A7DB8ADF86] : CCC Help Turkish -> C:\Windows\Installer\{8CBC65A3-40AB-DE65-2CB1-997ABDA8FD68}\ARPPRODUCTICON.exe [HKCR\Installer\Products\3C1BCDF6CDE9CBC374C3DD58DEE54049] : CCC Help German -> C:\Windows\Installer\{6FDCB1C3-9EDC-3CBC-473C-DD85ED5E0494}\ARPPRODUCTICON.exe [HKCR\Installer\Products\4171AC28AE31914F19EF2138444247E5] : CCC Help Italian -> C:\Windows\Installer\{82CA1714-13EA-F419-91FE-12834424745E}\ARPPRODUCTICON.exe [HKCR\Installer\Products\42D78011D76588D7966C7D0AB8F5C474] : Catalyst Control Center - Branding -> C:\Windows\Installer\{11087D24-567D-7D88-69C6-D7A08B5F4C47}\ARPPRODUCTICON.exe [HKCR\Installer\Products\4673AE1C831172EADA3645B9DA99AB51] : CCC Help Japanese -> C:\Windows\Installer\{C1EA3764-1138-AE27-AD63-549BAD99BA15}\ARPPRODUCTICON.exe [HKCR\Installer\Products\59EBDD8FEBCD5B303595ED631041E612] : CCC Help Danish -> C:\Windows\Installer\{F8DDBE95-DCBE-03B5-5359-DE3601146E21}\ARPPRODUCTICON.exe [HKCR\Installer\Products\5E16E053C2C6C3F2A341E790A46B3D0A] : CCC Help Spanish -> C:\Windows\Installer\{350E61E5-6C2C-2F3C-3A14-7E094AB6D3A0}\ARPPRODUCTICON.exe [HKCR\Installer\Products\66122D971C874DA2407EDB22DB85DF64] : CCC Help Chinese Traditional -> C:\Windows\Installer\{79D22166-78C1-2AD4-04E7-BD22BD58FD46}\ARPPRODUCTICON.exe [HKCR\Installer\Products\68ADF0FAB7E6C6A1154D34FA0581E12D] : AMD Catalyst Control Center -> C:\Windows\Installer\{AF0FDA86-6E7B-1A6C-51D4-43AF50181ED2}\ARPPRODUCTICON.exe [HKCR\Installer\Products\72BCCFF8D2EEF85DA5DBDEC5609BE118] : CCC Help Swedish -> C:\Windows\Installer\{8FFCCB27-EE2D-D58F-5ABD-ED5C06B91E81}\ARPPRODUCTICON.exe [HKCR\Installer\Products\77E99DA1CC73E44793AC766FDF4365A5] : Catalyst Control Center Localization All -> C:\Windows\Installer\{1AD99E77-37CC-744E-39CA-67F6FD34565A}\ARPPRODUCTICON.exe [HKCR\Installer\Products\797ECA52ADBEB4E090F6F99EA7E1A2F6] : CCC Help Russian -> C:\Windows\Installer\{25ACE797-EBDA-0E4B-096F-9FE97A1E2A6F}\ARPPRODUCTICON.exe [HKCR\Installer\Products\8AC6637E9717EA777E21AB817DA0A070] : AMD Fuel -> C:\Windows\Installer\{E7366CA8-7179-77AE-E712-BA18D70A0A07}\ARPPRODUCTICON.exe [HKCR\Installer\Products\8BA31D3CA8644710D160BDA9EAA831B1] : CCC Help Czech -> C:\Windows\Installer\{C3D13AB8-468A-0174-1D06-DB9AAE8A131B}\ARPPRODUCTICON.exe [HKCR\Installer\Products\A089CE062ADB6BC44A720BA745894BAC] : Google Update Helper [HKCR\Installer\Products\A748067A9D4CFE7E17F6706CBC6F1B74] : CCC Help Thai -> C:\Windows\Installer\{A760847A-C4D9-E7EF-716F-07C6CBF6B147}\ARPPRODUCTICON.exe [HKCR\Installer\Products\C0DBE580E42F49BED633A222FE465CFC] : CCC Help Finnish -> C:\Windows\Installer\{085EBD0C-F24E-EB94-6D33-2A22EF64C5CF}\ARPPRODUCTICON.exe [HKCR\Installer\Products\C351938B2D4DC98F0533A061C02607B6] : CCC Help Portuguese -> C:\Windows\Installer\{B839153C-D4D2-F89C-5033-0A160C62706B}\ARPPRODUCTICON.exe [HKCR\Installer\Products\C51E70D24A9A6D8D3D1729CE78975E78] : CCC Help Hungarian -> C:\Windows\Installer\{2D07E15C-A9A4-D8D6-D371-92EC8779E587}\ARPPRODUCTICON.exe [HKCR\Installer\Products\D8A07D0530506AA479FE9048E9F95B02] : OpenOffice 4.1.6 -> C:\Windows\Installer\{50D70A8D-0503-4AA6-97EF-09849E9FB520}\soffice.ico [HKCR\Installer\Products\DED17A5318AD313153A2CEA8B072FDB3] : CCC Help Chinese Standard -> C:\Windows\Installer\{35A71DED-DA81-1313-352A-EC8A0B27DF3B}\ARPPRODUCTICON.exe [HKCR\Installer\Products\E3A623703B208701527D8B66B68AEF51] : CCC Help Korean -> C:\Windows\Installer\{07326A3E-02B3-1078-25D7-B8666BA8FE15}\ARPPRODUCTICON.exe [HKCR\Installer\Products\EE47477FC6BEB78C88FA33018C840E86] : CCC Help Greek -> C:\Windows\Installer\{F77474EE-EB6C-C87B-88AF-3310C848E068}\ARPPRODUCTICON.exe [HKCR\Installer\Products\F75D59AC3CF97DD0C76363F2478D0CE4] : CCC Help Dutch -> C:\Windows\Installer\{CA95D57F-9FC3-0DD7-7C36-362F74D8C04E}\ARPPRODUCTICON.exe ---------- | Drives ---------- | MBR 64 bits not supported by MBR.exe, Dump : C:\QuickDiag\MBR.Bin ---------- | 20 LastEventLog Nom de l’application défaillante Avira.ServiceHost.exe, version : 1.2.135.51949, horodatage : 0x5d397d39 Nom du module défaillant : unknown, version : 0.0.0.0, horodatage : 0x00000000 Code d’exception : 0xc0000005 Décalage d’erreur : 0x044ddf86 ID du processus défaillant : 0xb20 Heure de début de l’application défaillante : 0x01d55cab94a455f9 Chemin d’accès de l’application défaillante : C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe Chemin d’accès du module défaillant: unknown ID de rapport : 65bcbf17-ace2-4a8a-a364-12693b5a2433 Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Nom de l’application défaillante mbamtray.exe, version : 3.1.0.1838, horodatage : 0x5d13b12f Nom du module défaillant : Qt5Core.dll, version : 5.11.1.0, horodatage : 0x5cba0161 Code d’exception : 0xc0000005 Décalage d’erreur : 0x0018dc19 ID du processus défaillant : 0x144c Heure de début de l’application défaillante : 0x01d55cabaf3b7296 Chemin d’accès de l’application défaillante : C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe Chemin d’accès du module défaillant: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll ID de rapport : 6ca37bea-94f0-4875-a7f3-2d6813127c70 Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Nom de l’application défaillante mpc-hc64.exe, version : 1.7.13.0, horodatage : 0x596b8aa4 Nom du module défaillant : mpc-hc64.exe, version : 1.7.13.0, horodatage : 0x596b8aa4 Code d’exception : 0xc000041d Décalage d’erreur : 0x000000000009f297 ID du processus défaillant : 0x534 Heure de début de l’application défaillante : 0x01d55c4af8a386fa Chemin d’accès de l’application défaillante : C:\Program Files\MPC-HC\mpc-hc64.exe Chemin d’accès du module défaillant: C:\Program Files\MPC-HC\mpc-hc64.exe ID de rapport : 1f6d76d7-7c8e-43e4-86d9-373447c4a3f7 Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Nom de l’application défaillante mpc-hc64.exe, version : 1.7.13.0, horodatage : 0x596b8aa4 Nom du module défaillant : mpc-hc64.exe, version : 1.7.13.0, horodatage : 0x596b8aa4 Code d’exception : 0xc000041d Décalage d’erreur : 0x000000000009f297 ID du processus défaillant : 0x1620 Heure de début de l’application défaillante : 0x01d55c4af92b714c Chemin d’accès de l’application défaillante : C:\Program Files\MPC-HC\mpc-hc64.exe Chemin d’accès du module défaillant: C:\Program Files\MPC-HC\mpc-hc64.exe ID de rapport : c5968991-a299-47ea-a9e7-afd656decb62 Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Nom de l’application défaillante mpc-hc64.exe, version : 1.7.13.0, horodatage : 0x596b8aa4 Nom du module défaillant : mpc-hc64.exe, version : 1.7.13.0, horodatage : 0x596b8aa4 Code d’exception : 0xc000041d Décalage d’erreur : 0x000000000009f297 ID du processus défaillant : 0x6d0 Heure de début de l’application défaillante : 0x01d55c4af6bc7f3d Chemin d’accès de l’application défaillante : C:\Program Files\MPC-HC\mpc-hc64.exe Chemin d’accès du module défaillant: C:\Program Files\MPC-HC\mpc-hc64.exe ID de rapport : 0a2d90bf-09ed-44ad-872d-b5cca0819091 Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Nom de l’application défaillante Avira.ServiceHost.exe, version : 1.2.135.51949, horodatage : 0x5d397d39 Nom du module défaillant : unknown, version : 0.0.0.0, horodatage : 0x00000000 Code d’exception : 0xc0000005 Décalage d’erreur : 0x0109919e ID du processus défaillant : 0x980 Heure de début de l’application défaillante : 0x01d5565f12d7c747 Chemin d’accès de l’application défaillante : C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe Chemin d’accès du module défaillant: unknown ID de rapport : d0b6d1be-40fe-4c81-80a6-8646603c1d20 Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Les services de chiffrement ont échoué lors du traitement de l’appel OnIdentity() dans l’objet System Writer. Details: AddLegacyDriverFiles: Unable to back up image of binary Protocole LLDP (Link Layer Discovery Protocol) Microsoft. System Error: Accès refusé. . ------------ Nom de l’application défaillante Avira.ServiceHost.exe, version : 1.2.135.51949, horodatage : 0x5d397d39 Nom du module défaillant : unknown, version : 0.0.0.0, horodatage : 0x00000000 Code d’exception : 0xc0000005 Décalage d’erreur : 0x05fd7936 ID du processus défaillant : 0x998 Heure de début de l’application défaillante : 0x01d552982b0b4c03 Chemin d’accès de l’application défaillante : C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe Chemin d’accès du module défaillant: unknown ID de rapport : ce235c54-a9df-41cf-875b-a90294564145 Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Nom de l’application défaillante firefox.exe, version : 68.0.1.7137, horodatage : 0x5d2f6e3d Nom du module défaillant : ntdll.dll, version : 10.0.17134.799, horodatage : 0x7f828745 Code d’exception : 0xc0000005 Décalage d’erreur : 0x000000000000d4cc ID du processus défaillant : 0xd50 Heure de début de l’application défaillante : 0x01d5527df59c7343 Chemin d’accès de l’application défaillante : C:\Program Files\Mozilla Firefox\firefox.exe Chemin d’accès du module défaillant: C:\Windows\SYSTEM32\ntdll.dll ID de rapport : 2e7ec181-1a9a-4e04-a3a4-514219c49bfa Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Les services de chiffrement ont échoué lors du traitement de l’appel OnIdentity() dans l’objet System Writer. Details: AddLegacyDriverFiles: Unable to back up image of binary Protocole LLDP (Link Layer Discovery Protocol) Microsoft. System Error: Accès refusé. . ------------ Nom de l’application défaillante firefox.exe, version : 68.0.1.7137, horodatage : 0x5d2f6e3d Nom du module défaillant : ntdll.dll, version : 10.0.17134.799, horodatage : 0x7f828745 Code d’exception : 0xc0000005 Décalage d’erreur : 0x000000000000d4cc ID du processus défaillant : 0x1494 Heure de début de l’application défaillante : 0x01d54e8b6b3eb432 Chemin d’accès de l’application défaillante : C:\Program Files\Mozilla Firefox\firefox.exe Chemin d’accès du module défaillant: C:\Windows\SYSTEM32\ntdll.dll ID de rapport : b22b121f-7ce4-4906-90b8-d52243402ab3 Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Les services de chiffrement ont échoué lors du traitement de l’appel OnIdentity() dans l’objet System Writer. Details: AddLegacyDriverFiles: Unable to back up image of binary Protocole LLDP (Link Layer Discovery Protocol) Microsoft. System Error: Accès refusé. . ------------ Le programme MicrosoftEdgeCP.exe version 11.0.17134.858 a cessé d'interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l'historique du problème dans le panneau de configuration Sécurité et maintenance. ID de processus : 1b20 Heure de début : 01d549164721f537 Heure de fin : 19863 Chemin d'accès de l'application : C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe ID de rapport : c58e57eb-ba6a-43a3-950b-f040255f3b6d Nom complet du package défaillant : Microsoft.MicrosoftEdge_42.17134.1.0_neutral__8wekyb3d8bbwe ID de l'application relative au package défaillant : ContentProcess ------------ Impossible d’ajouter le couple de modifications codé en dur « http -> http » au moteur : Non implémenté. Le vérificateur d’orthographe reste disponible. ------------ Impossible d’ajouter le couple de modifications codé en dur « http -> http » au moteur : Non implémenté. Le vérificateur d’orthographe reste disponible. ------------ Échec de l’activation des licences (slui.exe) avec le code d’erreur suivant : hr=0xC004F025 Arguments de la ligne de commande : RuleId=3482d82e-ca2c-4e1f-8864-da0267b484b2;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8;NotificationInterval=1440;Trigger=TimerEvent ------------ Échec de la création d’un point de restauration (Processus = C:\AMD\WU-CCC2\ccc2_install\VC12RTx64\vcredist_x64.exe /q /norestart ; Description = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 ; Erreur = 0x80042318). ------------ Erreur du service de cliché instantané des volumes : incohérence interne détectée lors de la prise de contact avec les enregistreurs du service de cliché instantané. Registry Writer n’a pas pu répondre à une requête du service VSS. Vérifiez que le service d’événements et le service de cliché instantané des volumes fonctionnent correctement et consultez le journal des événements des applications pour les autres événements. Opération : Données du rédacteur en cours de collecte Opération asynchrone en cours d’exécution Contexte : Contexte d’exécution: Requestor État actuel: GatherWriterMetadata ------------ Échec de la création d’un point de restauration (Processus = C:\AMD\WU-CCC2\ccc2_install\VC12RTx86\vcredist_x86.exe /q /norestart ; Description = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 ; Erreur = 0x80042318). ------------ ----------( EOF)---------- - 3553 | 12:11:36