--------------- QuickDiag | g3n-h@ckm@n | V5_27.02.19.1 --------------- ----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 23/08/2019 15:12:42 Updated 27/02/2019 | 11:10 (GMT) by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Time Zone : (UTC+01:00) Bruxelles, Copenhague, Madrid, Paris [julie (Administrator)] - [DESKTOP-EMB9DVO] (S-1-5-21-313941316-4192098390-2314814383-1001) System: Microsoft Windows 10 Famille - - (10.0.17134) - BuildType: Multiprocessor Free - OSLanguage: 1036 (100c) -> (1803) System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True Boot : Microsoft Windows 10 Famille|C:\WINDOWS|\Device\Harddisk0\Partition3 Boot : Normal boot PC: 80MK - LENOVO - IdNumber: PF0EDPX3 - UUID: 2C147987-8FFB-11E5-8FC7-507B9D74C9E3 Processor : X64 - 2592 Mhz - Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz C6CN34WW - en|US|iso8859-1,0 - LENOVO - S/N: PF0EDPX3 - C6CN34WW - LENOVO - 1 CoreTemp : 29.8 Celsius ----------| Quick ---------- | SoundDevice Son Intel(R) pour écrans - Status: OK - Manufacturer: Intel(R) Corporation - PNPDeviceID: HDAUDIO\FUNC_01&VEN_8086&DEV_2809&SUBSYS_80860101&REV_1000\4&1909FA12&0&0201 Realtek High Definition Audio - Status: OK - Manufacturer: Realtek - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0298&SUBSYS_17AA3800&REV_1001\4&1909FA12&0&0001 ---------- | Video Intel(R) HD Graphics 520 - Resolution: 3200x1800 - Colors: 4294967296 - RefreshRate: 59 - 32 Bits Per Pixel - DeviceID: VideoController1 - Drivers: igdumdim64.dll,igd10iumd64.dll,igd10iumd64.dll,igd12umd64.dll - PNPDeviceID: PCI\VEN_8086&DEV_1916&SUBSYS_380017AA&REV_07\3&11583659&1&10 - AdapterCompatibility: Intel Corporation - RAM: 1073741824 Inegrated Video Chipset DeviceName: Intel(R) HD Graphics 520 - DriverVersion: 20.19.15.4326 - SpecificationVersion: 1025 ---------- | Codecs c:\windows\system32\msadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 34696 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msgsm32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 42480 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\l3codeca.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 86016 - Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK c:\windows\system32\msvidc32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 39424 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\iyuv_32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 53760 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\imaadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 36264 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\tsbyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 16896 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msg711.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 25408 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msrle32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 17920 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 28160 - Manufacturer: Microsoft Corporation - Status: OK ---------- | CPU CPU #1 value:0 % CPU #2 value:0 % CPU #3 value:12 % CPU #4 value:0 % Total Overall CPU Usage value:1 % ---------- | Network Microsoft Kernel Debug Network Adapter - - Microsoft - Status: - PnPID : ROOT\KDNIC\0000 TunnelBear Adapter V9 - - TunnelBear Provider V9 - Status: - PnPID : ROOT\NET\0000 Intel(R) Dual Band Wireless-AC 8260 - Ethernet 802.3 - Intel Corporation - Status: - PnPID : PCI\VEN_8086&DEV_24F3&SUBSYS_11308086&REV_3A\A434D9FFFF4B685600 Microsoft Wi-Fi Direct Virtual Adapter #4 - Ethernet 802.3 - Microsoft - Status: - PnPID : {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP_WFD\5&136CB7F4&0&11 Microsoft Wi-Fi Direct Virtual Adapter #5 - Ethernet 802.3 - Microsoft - Status: - PnPID : {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP_WFD\5&136CB7F4&0&12 WAN Miniport (SSTP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_SSTPMINIPORT WAN Miniport (IKEv2) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_AGILEVPNMINIPORT WAN Miniport (L2TP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_L2TPMINIPORT WAN Miniport (PPTP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_PPTPMINIPORT WAN Miniport (PPPOE) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_PPPOEMINIPORT WAN Miniport (IP) - Ethernet 802.3 - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_NDISWANIP WAN Miniport (IPv6) - Ethernet 802.3 - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_NDISWANIPV6 WAN Miniport (Network Monitor) - Ethernet 802.3 - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_NDISWANBH Bluetooth Device (RFCOMM Protocol TDI) - - Microsoft - Status: - PnPID : BTH\MS_RFCOMM\6&20B8EB46&0&0 Bluetooth Device (Personal Area Network) - Ethernet 802.3 - Microsoft - Status: - PnPID : BTH\MS_BTHPAN\6&20B8EB46&0&2 TAP-Windows Adapter V9 - Ethernet 802.3 - TAP-Windows Provider V9 - Status: - PnPID : ROOT\NET\0001 Remote NDIS Compatible Device - - - Status: - PnPID : RAS Async Adapter - - - Status: - PnPID : ---------- | Memory RAM = Total (MB) : 8292 | Free (MB) : 4429 Pagefile = Total (MB) : 9603 | Free (MB) : 5453 Virtual = Total (MB) : 4194 | Free (MB) : 3887 Physical Memory 0 : Capacity: 4294967296 - ChannelA-DIMM0 - Posit.: 1 - Manufacturer: SK Hynix - PartNumber: - S/N: 00000000 Physical Memory 2 : Capacity: 4294967296 - ChannelB-DIMM0 - Posit.: - Manufacturer: SK Hynix - PartNumber: - S/N: 00000000 ---------- | SID Users Administrateur : [S-1-5-21-313941316-4192098390-2314814383-500] DefaultAccount : [S-1-5-21-313941316-4192098390-2314814383-503] Invité : [S-1-5-21-313941316-4192098390-2314814383-501] julie : [S-1-5-21-313941316-4192098390-2314814383-1001] WDAGUtilityAccount : [S-1-5-21-313941316-4192098390-2314814383-504] Administrateurs : [S-1-5-32-544] IIS_IUSRS : [S-1-5-32-568] Invités : [S-1-5-32-546] Lecteurs des journaux d’événements : [S-1-5-32-573] System Managed Accounts Group : [S-1-5-32-581] Utilisateurs : [S-1-5-32-545] Utilisateurs de gestion à distance : [S-1-5-32-580] Utilisateurs de l’Analyseur de performances : [S-1-5-32-558] Utilisateurs du journal de performances : [S-1-5-32-559] Utilisateurs du modèle COM distribué : [S-1-5-32-562] ---------- | SystemAccounts Name: Tout le monde - SID: S-1-1-0 - SIDType: 5 - Status: OK Name: LOCAL - SID: S-1-2-0 - SIDType: 5 - Status: OK Name: CREATEUR PROPRIETAIRE - SID: S-1-3-0 - SIDType: 5 - Status: OK Name: GROUPE CREATEUR - SID: S-1-3-1 - SIDType: 5 - Status: OK Name: CREATOR OWNER SERVER - SID: S-1-3-2 - SIDType: 5 - Status: OK Name: CREATOR GROUP SERVER - SID: S-1-3-3 - SIDType: 5 - Status: OK Name: DROITS DU PROPRIÉTAIRE - SID: S-1-3-4 - SIDType: 5 - Status: OK Name: LIGNE - SID: S-1-5-1 - SIDType: 5 - Status: OK Name: RESEAU - SID: S-1-5-2 - SIDType: 5 - Status: OK Name: TACHE - SID: S-1-5-3 - SIDType: 5 - Status: OK Name: INTERACTIF - SID: S-1-5-4 - SIDType: 5 - Status: OK Name: SERVICE - SID: S-1-5-6 - SIDType: 5 - Status: OK Name: ANONYMOUS LOGON - SID: S-1-5-7 - SIDType: 5 - Status: OK Name: Proxy - SID: S-1-5-8 - SIDType: 5 - Status: OK Name: Système - SID: S-1-5-18 - SIDType: 5 - Status: OK Name: ENTERPRISE DOMAIN CONTROLLERS - SID: S-1-5-9 - SIDType: 5 - Status: OK Name: SELF - SID: S-1-5-10 - SIDType: 5 - Status: OK Name: Utilisateurs authentifiés - SID: S-1-5-11 - SIDType: 5 - Status: OK Name: RESTRICTED - SID: S-1-5-12 - SIDType: 5 - Status: OK Name: UTILISATEUR TERMINAL SERVER - SID: S-1-5-13 - SIDType: 5 - Status: OK Name: REMOTE INTERACTIVE LOGON - SID: S-1-5-14 - SIDType: 5 - Status: OK Name: IUSR - SID: S-1-5-17 - SIDType: 5 - Status: OK Name: SERVICE LOCAL - SID: S-1-5-19 - SIDType: 5 - Status: OK Name: SERVICE RÉSEAU - SID: S-1-5-20 - SIDType: 5 - Status: OK Name: BUILTIN - SID: S-1-5-32 - SIDType: 3 - Status: OK ---------- | Drives C:\ -> [Fixed] | [Windows] | Total : 430.46 Go | Free : 105.44 Go -> NTFS (SSD) [SATA] D:\ -> [Fixed] | [LENOVO] | Total : 25 Go | Free : 22.64 Go -> NTFS (SSD) [SATA] Disk Usage Information [1 total Physical Disks] Physical Drive #0 [C:, D:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Overall - Read Maximum:0 bytes/sec, Write Maximum:0 bytes/sec DeviceID: \\.\PHYSICALDRIVE0 - Status: OK - IDE - Fixed hard disk media - 6 Part. - PnPID : SCSI\DISK&VEN_SAMSUN_&PROD_MZNLN512HCJH-000\4&12974935&0&020000 ---------- | Windows updates - Activation - License W.A.T : :) Test 1 : Windows Is Activated Test 2 : Possible Fixed Windows Test 3 : Windows Is Activated Volume License ---------- | Browsers IE : 11.0.17134.1 (© Microsoft Corporation. Tous droits réservés.) GC : 76.0.3809.100 (Copyright 2019 Google LLC.) Default : "C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" -- "" ---------- | FlashPlayer FlashPlayer ActiveX : 32.0.0.207 ---------- | Security AV : Windows Defender Disabled FW : WINDOWS Firewall WMI : OK WU: Windows Update Service [Manual(3)] = stopped AS: Windows Defender [Manual(3)] = stopped WMI: Windows Management Instrumentation [Auto(2)] = Running ---------- | Running processes 380 | [Owner : Système | Parent : 4(System) | ?????] - (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (10.0.17134.590) = C:\Windows\System32\smss.exe [13/02/2019 06:54:22] CPU Usage:0 % 576 | [Owner : Système | Parent : 552() | ?????] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (10.0.17134.1) = C:\Windows\System32\csrss.exe [12/04/2018 01:34:22] CPU Usage:0 % 660 | [Owner : Système | Parent : 552() | ?????] - (.Microsoft Corporation - Application de démarrage de Windows.) - (10.0.17134.1) = C:\Windows\System32\wininit.exe [12/04/2018 01:34:22] CPU Usage:0 % 672 | [Owner : Système | Parent : 652() | ?????] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (10.0.17134.1) = C:\Windows\System32\csrss.exe [12/04/2018 01:34:22] CPU Usage:0 % 752 | [Owner : Système | Parent : 652() | 11.4 Mo] - (.Microsoft Corporation - Application d’ouverture de session Windows.) - (10.0.17134.319) = C:\Windows\System32\winlogon.exe [09/10/2018 23:36:22] CPU Usage:0 % 776 | [Owner : Système | Parent : 660(wininit.exe) | ?????] - (.Microsoft Corporation - Applications Services et Contrôleur.) - (10.0.17134.191) = C:\Windows\System32\services.exe [19/08/2018 18:35:01] CPU Usage:0 % 800 | [Owner : Système | Parent : 660(wininit.exe) | ?????] - (.Microsoft Corporation - Local Security Authority Process.) - (10.0.17134.376) = C:\Windows\System32\lsass.exe [14/11/2018 00:34:28] CPU Usage:0 % 916 | [Owner : Système | Parent : 776(services.exe) | 3.69 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 06:54:53] CPU Usage:0 % 924 | [Owner : UMFD-1 | Parent : 752(winlogon.exe) | 10.52 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.17134.885) = C:\Windows\System32\fontdrvhost.exe [11/07/2019 05:45:46] CPU Usage:0 % 932 | [Owner : UMFD-0 | Parent : 660(wininit.exe) | 3.02 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.17134.885) = C:\Windows\System32\fontdrvhost.exe [11/07/2019 05:45:46] CPU Usage:0 % 976 | [Owner : Système | Parent : 776(services.exe) | 27.76 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 06:54:53] CPU Usage:0 % 1008 | [Owner : SERVICE LOCAL | Parent : 776(services.exe) | 13.5 Mo] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (10.0.17134.1) = C:\Windows\System32\WUDFHost.exe [12/04/2018 01:34:28] CPU Usage:0 % 456 | [Owner : SERVICE RÉSEAU | Parent : 776(services.exe) | 13.1 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 06:54:53] CPU Usage:0 % 860 | [Owner : Système | Parent : 776(services.exe) | 7.77 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 06:54:53] CPU Usage:0 % 1072 | [Owner : DWM-1 | Parent : 752(winlogon.exe) | 77.16 Mo] - (.Microsoft Corporation - Gestionnaire de fenêtres du Bureau.) - (10.0.17134.1) = C:\Windows\System32\dwm.exe [12/04/2018 01:34:19] CPU Usage:0 % 1160 | [Owner : SERVICE LOCAL | Parent : 776(services.exe) | 10.56 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 06:54:53] CPU Usage:0 % 1168 | [Owner : SERVICE LOCAL | Parent : 776(services.exe) | 7.4 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 06:54:53] CPU Usage:0 % 1208 | [Owner : Système | Parent : 776(services.exe) | 9.07 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 06:54:53] CPU Usage:0 % 1228 | [Owner : SERVICE LOCAL | Parent : 776(services.exe) | 11.12 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 06:54:53] CPU Usage:0 % 1340 | [Owner : Système | Parent : 776(services.exe) | 14.64 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 06:54:53] CPU Usage:0 % 1360 | [Owner : SERVICE LOCAL | Parent : 776(services.exe) | 16.26 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 06:54:53] CPU Usage:0 % 1396 | [Owner : Système | Parent : 776(services.exe) | 10.17 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 06:54:53] CPU Usage:0 % 1484 | [Owner : Système | Parent : 776(services.exe) | 7.78 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 06:54:53] CPU Usage:0 % 1512 | [Owner : SERVICE LOCAL | Parent : 776(services.exe) | 7.45 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 06:54:53] CPU Usage:0 % 1580 | [Owner : Système | Parent : 776(services.exe) | 8.92 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 06:54:53] CPU Usage:0 % 1612 | [Owner : SERVICE LOCAL | Parent : 776(services.exe) | 7.7 Mo] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (10.0.17134.1) = C:\Windows\System32\WUDFHost.exe [12/04/2018 01:34:28] CPU Usage:0 % 1664 | [Owner : SERVICE LOCAL | Parent : 776(services.exe) | 14.24 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 06:54:53] CPU Usage:0 % 1680 | [Owner : Système | Parent : 776(services.exe) | 9.1 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 06:54:53] CPU Usage:0 % 1796 | [Owner : SERVICE LOCAL | Parent : 776(services.exe) | 7.93 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 06:54:53] CPU Usage:0 % 1812 | [Owner : Système | Parent : 776(services.exe) | 7.2 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 06:54:53] CPU Usage:0 % 1820 | [Owner : Système | Parent : 776(services.exe) | 12.19 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 06:54:53] CPU Usage:0 % 1828 | [Owner : SERVICE LOCAL | Parent : 776(services.exe) | 7.48 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 06:54:53] CPU Usage:0 % 1840 | [Owner : Système | Parent : 776(services.exe) | 5.56 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 06:54:53] CPU Usage:0 % 1920 | [Owner : SERVICE LOCAL | Parent : 776(services.exe) | 7.05 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 06:54:53] CPU Usage:0 % 1932 | [Owner : SERVICE LOCAL | Parent : 1580(svchost.exe) | 8.05 Mo] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (10.0.17134.1) = C:\Windows\System32\dasHost.exe [12/04/2018 01:34:12] CPU Usage:0 % 1940 | [Owner : SERVICE LOCAL | Parent : 776(services.exe) | 5.49 Mo] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (10.0.17134.1) = C:\Windows\System32\WUDFHost.exe [12/04/2018 01:34:28] CPU Usage:0 % 848 | [Owner : SERVICE LOCAL | Parent : 776(services.exe) | 9.87 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 06:54:53] CPU Usage:0 % 2072 | [Owner : Système | Parent : 776(services.exe) | 8.91 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 06:54:53] CPU Usage:0 % 2084 | [Owner : SERVICE RÉSEAU | Parent : 776(services.exe) | 11.07 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 06:54:53] CPU Usage:0 % 2116 | [Owner : Système | Parent : 776(services.exe) | 7.84 Mo] - (.Intel Corporation - igfxCUIService Module.) - (6.15.10.4326) = C:\Windows\System32\igfxCUIService.exe [01/04/2016 19:10:29] CPU Usage:0 % 2172 | [Owner : Système | Parent : 776(services.exe) | 15.41 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 06:54:53] CPU Usage:0 % 2200 | [Owner : Système | Parent : 776(services.exe) | 7.81 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 06:54:53] CPU Usage:0 % 2208 | [Owner : SERVICE LOCAL | Parent : 776(services.exe) | 10.05 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 06:54:53] CPU Usage:0 % 2220 | [Owner : Système | Parent : 776(services.exe) | 9.88 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 06:54:53] CPU Usage:0 % 2252 | [Owner : SERVICE LOCAL | Parent : 776(services.exe) | 7.27 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 06:54:53] CPU Usage:0 % 2436 | [Owner : SERVICE LOCAL | Parent : 776(services.exe) | 9.29 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 06:54:53] CPU Usage:0 % 2512 | [Owner : Système | Parent : 776(services.exe) | 19.21 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 06:54:53] CPU Usage:0 % 2596 | [Owner : SERVICE LOCAL | Parent : 776(services.exe) | 7.46 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 06:54:53] CPU Usage:0 % 2716 | [Owner : Système | Parent : 776(services.exe) | 13.43 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 06:54:53] CPU Usage:0 % 2900 | [Owner : SERVICE LOCAL | Parent : 776(services.exe) | 12.16 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 06:54:53] CPU Usage:0 % 2980 | [Owner : SERVICE LOCAL | Parent : 776(services.exe) | 8.14 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 06:54:53] CPU Usage:0 % 3052 | [Owner : Système | Parent : 776(services.exe) | 13.48 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 06:54:53] CPU Usage:0 % 2040 | [Owner : SERVICE RÉSEAU | Parent : 776(services.exe) | 7.67 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 06:54:53] CPU Usage:0 % 2064 | [Owner : SERVICE LOCAL | Parent : 776(services.exe) | 6.22 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 06:54:53] CPU Usage:0 % 2216 | [Owner : SERVICE LOCAL | Parent : 776(services.exe) | 11.54 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 06:54:53] CPU Usage:0 % 3136 | [Owner : SERVICE LOCAL | Parent : 776(services.exe) | 7.22 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 06:54:53] CPU Usage:0 % 3272 | [Owner : Système | Parent : 776(services.exe) | 16.82 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 06:54:53] CPU Usage:0 % 3328 | [Owner : Système | Parent : 776(services.exe) | 11.29 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 06:54:53] CPU Usage:0 % 3336 | [Owner : Système | Parent : 776(services.exe) | ?????] - (.AVAST Software - Avast Service.) - (19.7.4674.0) = C:\Program Files\AVAST Software\Avast\AvastSvc.exe [23/08/2019 14:47:49] CPU Usage:0 % 3476 | [Owner : SERVICE LOCAL | Parent : 2900(svchost.exe) | 19.67 Mo] - (.Microsoft Corporation - Isolation graphique de périphérique audio Windows.) - (10.0.17134.829) = C:\Windows\System32\audiodg.exe [11/06/2019 23:48:26] CPU Usage:0 % 3556 | [Owner : Système | Parent : 3272(svchost.exe) | 14.9 Mo] - (.Microsoft Corporation - Infrastructure d’extensibilité pour les services réseau Windows sans fil 802.11.) - (10.0.17134.1) = C:\Windows\System32\wlanext.exe [12/04/2018 01:34:43] CPU Usage:0 % 3572 | [Owner : Système | Parent : 3556(wlanext.exe) | 4.62 Mo] - (.Microsoft Corporation - Hôte de la fenêtre de la console.) - (10.0.17134.1) = C:\Windows\System32\conhost.exe [12/04/2018 01:34:20] CPU Usage:0 % 3712 | [Owner : Système | Parent : 776(services.exe) | 14.37 Mo] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.17134.1) = C:\Windows\System32\spoolsv.exe [12/04/2018 01:34:41] CPU Usage:0 % 3792 | [Owner : SERVICE RÉSEAU | Parent : 776(services.exe) | 7.84 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 06:54:53] CPU Usage:0 % 3932 | [Owner : Système | Parent : 776(services.exe) | 23.16 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 06:54:53] CPU Usage:0 % 3940 | [Owner : Système | Parent : 776(services.exe) | 17.16 Mo] - (.- LenovoPortalService.) - (1.0.0.0) = C:\Program Files (x86)\Lenovo\LenovoPortal\LenovoPortalService.exe [27/11/2015 10:10:10] CPU Usage:0 % 3948 | [Owner : Système | Parent : 776(services.exe) | 25.19 Mo] - (.- DolbyDAX2API.) - (0.5.2.32) = C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [15/09/2015 01:58:58] CPU Usage:0 % 3956 | [Owner : SERVICE LOCAL | Parent : 776(services.exe) | 6.17 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 06:54:53] CPU Usage:0 % 3964 | [Owner : Système | Parent : 776(services.exe) | 6.21 Mo] - (.Adobe Systems - Adobe Acrobat Update Service.) - (1.824.34.1201) = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [24/07/2019 01:58:34] CPU Usage:0 % 3972 | [Owner : Système | Parent : 776(services.exe) | 3.89 Mo] - (.Intel Corporation - Intel(R) Wireless Bluetooth(R) iBtSiva Service.) - (19.60.0.3) = C:\Windows\System32\ibtsiva.exe [13/04/2017 20:26:38] CPU Usage:0 % 3980 | [Owner : Système | Parent : 776(services.exe) | 11.24 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 06:54:53] CPU Usage:0 % 3992 | [Owner : Système | Parent : 776(services.exe) | 12.37 Mo] - (.Intel(R) Corporation - Intel(R) PROSet/Wireless Event Log Service.) - (18.11.0.0) = C:\Program Files\Intel\WiFi\bin\EvtEng.exe [12/06/2015 11:24:12] CPU Usage:0 % 4004 | [Owner : Système | Parent : 776(services.exe) | 6.24 Mo] - (.Intel Corporation - Intel(R) Dynamic Platform and Thermal Framework.) - (8.1.10602.174) = C:\Windows\SysWOW64\esif_uf.exe [27/11/2015 09:59:44] CPU Usage:0 % 4012 | [Owner : Système | Parent : 776(services.exe) | ?????] - (.Malwarebytes - Malwarebytes Service.) - (3.2.0.845) = C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [28/07/2019 09:02:46] CPU Usage:0 % 4020 | [Owner : Système | Parent : 776(services.exe) | 15.82 Mo] - (.EnigmaSoft Limited - SpyHunter product..) - (5.6.1.119) = C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe [20/08/2019 22:09:52] CPU Usage:0 % 4028 | [Owner : Système | Parent : 776(services.exe) | 14.63 Mo] - (.Intel(R) Corporation - Intel(R) Biometric and Context Agent Service.) - (2.0.146.0) = C:\Program Files\Intel\BCA\pabeSvc64.exe [06/05/2016 10:51:14] CPU Usage:0 % 4036 | [Owner : SERVICE RÉSEAU | Parent : 776(services.exe) | 13.72 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 06:54:53] CPU Usage:0 % 4044 | [Owner : Système | Parent : 776(services.exe) | 6.36 Mo] - (.Lenovo - RapidBoot HDD Accelerator Service.) - (3.0.0.1) = C:\Program Files (x86)\Lenovo\LenovoPortal\FastBoot\FbService.exe [27/11/2015 10:10:10] CPU Usage:0 % 4052 | [Owner : Système | Parent : 776(services.exe) | 7.06 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 06:54:53] CPU Usage:0 % 4060 | [Owner : Système | Parent : 776(services.exe) | 8.47 Mo] - (.Intel(R) Corporation - Intel(R) PROSet/Wireless Registry Service.) - (18.11.0.0) = C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [12/06/2015 11:23:48] CPU Usage:0 % 4068 | [Owner : SERVICE LOCAL | Parent : 776(services.exe) | 22.01 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 06:54:53] CPU Usage:0 % 4076 | [Owner : Système | Parent : 776(services.exe) | 8.6 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 06:54:53] CPU Usage:0 % 4084 | [Owner : Système | Parent : 776(services.exe) | 41.5 Mo] - (.Microsoft Corporation - Microsoft Office Click-to-Run (SxS).) - (16.0.11328.20390) = C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe [05/05/2016 23:15:33] CPU Usage:0 % 4092 | [Owner : Système | Parent : 776(services.exe) | 3.28 Mo] - (.BayHubTech/O2Micro International - O2 Flash Memory Service.) - (1.0.0.3) = C:\Windows\System32\drivers\o2flash.exe [21/05/2015 04:53:12] CPU Usage:0 % 3040 | [Owner : Système | Parent : 776(services.exe) | ?????] - (.Microsoft Corporation - Windows Security Health Service.) - (4.13.17134.191) = C:\Windows\System32\SecurityHealthService.exe [19/08/2018 18:35:04] CPU Usage:0 % 3112 | [Owner : Système | Parent : 776(services.exe) | 18.12 Mo] - (.Digital Communications Inc - Segurazo Service.) - (1.0.13.4) = C:\Program Files (x86)\Segurazo\SegurazoService.exe [17/08/2019 03:01:54] CPU Usage:0 % 2556 | [Owner : Système | Parent : 776(services.exe) | 5.34 Mo] - (.EnigmaSoft Limited - SpyHunter product..) - (5.6.1.119) = C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe [20/08/2019 22:10:09] CPU Usage:0 % 4124 | [Owner : SERVICE LOCAL | Parent : 776(services.exe) | 7.04 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 06:54:53] CPU Usage:0 % 4144 | [Owner : Système | Parent : 776(services.exe) | 3.77 Mo] - (.Synaptics Incorporated - 64-bit Synaptics Pointing Enhance Service.) - (19.0.17.57) = C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [01/04/2016 19:07:49] CPU Usage:0 % 4224 | [Owner : Système | Parent : 776(services.exe) | 5.38 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 06:54:53] CPU Usage:0 % 4232 | [Owner : Système | Parent : 776(services.exe) | 32.12 Mo] - (.- TunnelBear.Maintenance.) - (1.0.0.0) = C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe [16/04/2018 11:57:58] CPU Usage:0 % 4296 | [Owner : Système | Parent : 776(services.exe) | 28.27 Mo] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.17134.677) = C:\Windows\System32\SearchIndexer.exe [10/04/2019 07:40:28] CPU Usage:0 % 4304 | [Owner : Système | Parent : 776(services.exe) | 10.73 Mo] - (.- UpdateAgent Application.) - (1.0.0.4) = C:\Program Files\update\UpdateAgent.exe [27/11/2015 10:10:14] CPU Usage:0 % 4356 | [Owner : Système | Parent : 776(services.exe) | 18.56 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 06:54:53] CPU Usage:0 % 4364 | [Owner : Système | Parent : 776(services.exe) | 34.8 Mo] - (.Lenovo - Lenovo Yoga Mode Control.) - (1.0.0.5) = C:\ProgramData\LenovoTransition\Server\x64\ymc.exe [27/11/2015 09:11:10] CPU Usage:0 % 4380 | [Owner : Système | Parent : 776(services.exe) | 14.28 Mo] - (.- PLHotkeyService.) - (1.2.0.8) = C:\ProgramData\Lenovo\PLHotkeyService\PLHotkeyService.exe [27/11/2015 09:17:57] CPU Usage:0 % 4408 | [Owner : Système | Parent : 776(services.exe) | 16.07 Mo] - (.Intel® Corporation - Intel® PROSet/Wireless Zero Configure Service.) - (18.11.0.0) = C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [12/06/2015 11:24:40] CPU Usage:0 % 4564 | [Owner : SERVICE RÉSEAU | Parent : 776(services.exe) | 6.69 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 06:54:53] CPU Usage:0 % 4828 | [Owner : SERVICE LOCAL | Parent : 776(services.exe) | 5.2 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 06:54:53] CPU Usage:0 % 5100 | [Owner : Système | Parent : 776(services.exe) | 11.72 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 06:54:53] CPU Usage:0 % 5620 | [Owner : Système | Parent : 976(svchost.exe) | 6.73 Mo] - (.Microsoft Corporation - Sink to receive asynchronous callbacks for WMI client application.) - (10.0.17134.1) = C:\Windows\System32\wbem\unsecapp.exe [12/04/2018 01:34:40] CPU Usage:0 % 5964 | [Owner : Système | Parent : 976(svchost.exe) | 23.68 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.17134.1) = C:\Windows\System32\wbem\WmiPrvSE.exe [12/04/2018 01:34:40] CPU Usage:0 % 4968 | [Owner : SERVICE RÉSEAU | Parent : 776(services.exe) | 18.85 Mo] - (.Microsoft Corporation - Service Partage réseau du Lecteur Windows Media.) - (12.0.17134.1) = C:\Program Files\Windows Media Player\wmpnetwk.exe [12/04/2018 18:19:16] CPU Usage:0 % 6688 | [Owner : Système | Parent : 776(services.exe) | ?????] - (.AVAST Software - Avast remediation exe.) - (19.7.4674.0) = C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [23/08/2019 14:47:49] CPU Usage:0 % 7048 | [Owner : SERVICE LOCAL | Parent : 776(services.exe) | 9.71 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 06:54:53] CPU Usage:0 % 7160 | [Owner : SERVICE LOCAL | Parent : 776(services.exe) | 9.88 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 06:54:53] CPU Usage:0 % 6676 | [Owner : SERVICE LOCAL | Parent : 776(services.exe) | 6.44 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 06:54:53] CPU Usage:0 % 7004 | [Owner : Système | Parent : 776(services.exe) | 6.53 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 06:54:53] CPU Usage:0 % 7112 | [Owner : Système | Parent : 976(svchost.exe) | 10.26 Mo] - (.Microsoft Corporation - COM Surrogate.) - (10.0.17134.1) = C:\Windows\System32\dllhost.exe [12/04/2018 01:34:22] CPU Usage:0 % 5196 | [Owner : Système | Parent : 3336(AvastSvc.exe) | 71.1 Mo] - (.AVAST Software - Antivirus engine server.) - (19.7.4674.0) = C:\Program Files\AVAST Software\Avast\aswEngSrv.exe [23/08/2019 14:47:50] CPU Usage:0 % 6984 | [Owner : julie | Parent : 4004(esif_uf.exe) | 4.51 Mo] - (.Intel Corporation - Intel(R) Dynamic Platform and Thermal Framework Utility Application.) - (8.1.10602.174) = C:\Windows\Temp\DPTF\esif_assist_64.exe [23/08/2019 14:49:03] CPU Usage:0 % 7524 | [Owner : julie | Parent : 4012(MBAMService.exe) | 34.02 Mo] - (.Malwarebytes - Malwarebytes Tray Application.) - (3.1.0.1838) = C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [28/07/2019 09:02:43] CPU Usage:0 % 6300 | [Owner : julie | Parent : 4144(SynTPEnhService.exe) | 19.2 Mo] - (.Synaptics Incorporated - Synaptics TouchPad 64-bit Enhancements.) - (19.0.17.57) = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [01/04/2016 19:07:49] CPU Usage:0 % 7768 | [Owner : julie | Parent : 4364(ymc.exe) | 10.64 Mo] - (.Microsoft Corporation - Processus hôte Windows (Rundll32).) - (10.0.17134.1) = C:\Windows\System32\rundll32.exe [12/04/2018 01:34:33] CPU Usage:0 % 6296 | [Owner : julie | Parent : 1680(svchost.exe) | 23.06 Mo] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.17134.1) = C:\Windows\System32\sihost.exe [12/04/2018 01:34:12] CPU Usage:0 % 7868 | [Owner : julie | Parent : 4020(ShKernel.exe) | 22.82 Mo] - (.EnigmaSoft Limited - SpyHunter product..) - (5.6.1.119) = C:\Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exe [20/08/2019 22:10:10] CPU Usage:0 % 5528 | [Owner : julie | Parent : 776(services.exe) | 24.97 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 06:54:53] CPU Usage:0 % 1100 | [Owner : Système | Parent : 776(services.exe) | 11.28 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 06:54:53] CPU Usage:0 % 1696 | [Owner : julie | Parent : 776(services.exe) | 36.21 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 06:54:53] CPU Usage:0 % 3696 | [Owner : SERVICE LOCAL | Parent : 776(services.exe) | 18.5 Mo] - (.Microsoft Corporation - PresentationFontCache.exe.) - (3.0.6920.8931) = C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe [06/06/2018 23:21:41] CPU Usage:0 % 6552 | [Owner : julie | Parent : 1340(svchost.exe) | 13 Mo] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.17134.619) = C:\Windows\System32\taskhostw.exe [14/03/2019 01:00:12] CPU Usage:0 % 6892 | [Owner : Système | Parent : 776(services.exe) | 18.43 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 06:54:53] CPU Usage:0 % 8228 | [Owner : julie | Parent : 1428() | 4.25 Mo] - (.Synaptics Incorporated - Synaptics Pointing Device Helper.) - (19.0.17.57) = C:\Program Files\Synaptics\SynTP\SynTPHelper.exe [01/04/2016 19:07:49] CPU Usage:0 % 8248 | [Owner : Système | Parent : 776(services.exe) | 7.78 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 06:54:53] CPU Usage:0 % 8384 | [Owner : julie | Parent : 8276() | 10.74 Mo] - (.Intel Corporation - igfxEM Module.) - (6.15.10.4326) = C:\Windows\System32\igfxEM.exe [01/04/2016 19:10:29] CPU Usage:0 % 8392 | [Owner : julie | Parent : 8276() | 8.15 Mo] - (.Intel Corporation - igfxHK Module.) - (6.15.10.4326) = C:\Windows\System32\igfxHK.exe [01/04/2016 19:10:29] CPU Usage:0 % 8400 | [Owner : julie | Parent : 8276() | 9.86 Mo] - (.-.) - (0.0.0.0) = C:\Windows\System32\igfxTray.exe [01/04/2016 19:10:29] CPU Usage:0 % 8480 | [Owner : julie | Parent : 8448() | 137.56 Mo] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.17134.858) = C:\Windows\explorer.exe [11/07/2019 05:45:25] CPU Usage:0 % 8808 | [Owner : Système | Parent : 776(services.exe) | 5.6 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 06:54:53] CPU Usage:0 % 9020 | [Owner : SERVICE LOCAL | Parent : 776(services.exe) | 18.08 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 06:54:53] CPU Usage:0 % 9092 | [Owner : julie | Parent : 776(services.exe) | 27.58 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 06:54:53] CPU Usage:0 % 8964 | [Owner : julie | Parent : 976(svchost.exe) | 83 Mo] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.17134.753) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [16/05/2019 08:32:38] CPU Usage:0 % 9116 | [Owner : julie | Parent : 976(svchost.exe) | 75.55 Mo] - (.Microsoft Corporation - Search and Cortana application.) - (10.0.17134.885) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [11/07/2019 05:45:48] CPU Usage:0 % 9272 | [Owner : julie | Parent : 976(svchost.exe) | 18.92 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.17134.1) = C:\Windows\System32\RuntimeBroker.exe [12/04/2018 01:34:06] CPU Usage:0 % 9336 | [Owner : julie | Parent : 976(svchost.exe) | 28.14 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.17134.1) = C:\Windows\System32\RuntimeBroker.exe [12/04/2018 01:34:06] CPU Usage:0 % 9376 | [Owner : julie | Parent : 976(svchost.exe) | 24.15 Mo] - (.Microsoft Corporation - Speech Runtime Executable.) - (10.0.17134.81) = C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe [06/06/2018 23:28:15] CPU Usage:0 % 9828 | [Owner : julie | Parent : 976(svchost.exe) | 55.79 Mo] - (.Microsoft Corporation - SkypeApp.) - (8.51.0.72) = C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.51.72.0_x64__kzf8qxf38zg5c\SkypeApp.exe [20/08/2019 13:17:23] CPU Usage:0 % 9912 | [Owner : julie | Parent : 976(svchost.exe) | 21.35 Mo] - (.Microsoft Corporation - Reminders WinRT OOP Server.) - (10.0.17134.858) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe [11/07/2019 05:45:05] CPU Usage:0 % 9948 | [Owner : julie | Parent : 976(svchost.exe) | 10.73 Mo] - (.-.) - (8.51.0.72) = C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.51.72.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe [20/08/2019 13:17:23] CPU Usage:0 % 10056 | [Owner : julie | Parent : 1484(svchost.exe) | 16.19 Mo] - (.Microsoft Corporation - Chargeur CTF.) - (10.0.17134.1) = C:\Windows\System32\ctfmon.exe [12/04/2018 01:34:37] CPU Usage:0 % 10128 | [Owner : julie | Parent : 1484(svchost.exe) | 14.21 Mo] - (.Microsoft Corporation - Clavier tactile et volet d’écriture manuscrite.) - (10.0.17134.1) = C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [12/04/2018 01:35:07] CPU Usage:0 % 2688 | [Owner : julie | Parent : 976(svchost.exe) | 14.64 Mo] - (.Microsoft Corporation - Host Process for Setting Synchronization.) - (10.0.17134.885) = C:\Windows\System32\SettingSyncHost.exe [11/07/2019 05:45:13] CPU Usage:0 % 10656 | [Owner : SERVICE LOCAL | Parent : 776(services.exe) | 12.94 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 06:54:53] CPU Usage:0 % 10920 | [Owner : julie | Parent : 976(svchost.exe) | 20.04 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.17134.1) = C:\Windows\System32\RuntimeBroker.exe [12/04/2018 01:34:06] CPU Usage:0 % 11212 | [Owner : Système | Parent : 4348() | 1.02 Mo] - (.AVAST Software - Avast Browser Update.) - (1.4.136.333) = C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler.exe [08/04/2018 21:31:55] CPU Usage:0 % 11708 | [Owner : julie | Parent : 3112(SegurazoService.exe) | 113.6 Mo] - (.Digital Communications Inc - Segurazo Client.) - (1.0.13.4) = C:\Program Files (x86)\Segurazo\SegurazoClient.exe [29/07/2019 02:42:58] CPU Usage:0 % 11944 | [Owner : julie | Parent : 976(svchost.exe) | 20.48 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.17134.1) = C:\Windows\System32\RuntimeBroker.exe [12/04/2018 01:34:06] CPU Usage:0 % 12232 | [Owner : julie | Parent : 8480(explorer.exe) | 8.82 Mo] - (.Microsoft Corporation - Windows Defender notification icon.) - (4.13.17134.1) = C:\Program Files\Windows Defender\MSASCuiL.exe [12/04/2018 01:33:58] CPU Usage:0 % 13260 | [Owner : julie | Parent : 12976(AvastBrowserCrashHandler64.exe) | 12.52 Mo] - (.Piriform Software Ltd - CCleaner.) - (5.57.0.7182) = C:\Program Files\CCleaner\CCleaner64.exe [09/05/2019 13:01:48] CPU Usage:0 % 12880 | [Owner : julie | Parent : 8480(explorer.exe) | 11.44 Mo] - (.Apple Inc. - MobileDeviceProcess.) - (423.258.2.36) = C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe [17/07/2019 20:25:39] CPU Usage:0 % 12976 | [Owner : Système | Parent : 4348() | 0.83 Mo] - (.AVAST Software - Avast Browser Update.) - (1.4.136.333) = C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler64.exe [08/04/2018 21:31:55] CPU Usage:0 % 12756 | [Owner : julie | Parent : 12360() | 36.28 Mo] - (.AVAST Software - Avast Antivirus.) - (19.7.4674.0) = C:\Program Files\AVAST Software\Avast\AvastUI.exe [23/08/2019 14:47:52] CPU Usage:0 % 12252 | [Owner : Système | Parent : 776(services.exe) | 25.5 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 06:54:53] CPU Usage:0 % 7936 | [Owner : Système | Parent : 776(services.exe) | 18.35 Mo] - (.Lenovo - CCSDK.) - (1.2.0.13) = C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [27/11/2015 09:11:16] CPU Usage:0 % 12708 | [Owner : Système | Parent : 776(services.exe) | 564.88 Mo] - (.Lenovo - GDCAgent.) - (1.0.1.6) = C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe [27/11/2015 09:11:19] CPU Usage:0 % 9576 | [Owner : Système | Parent : 776(services.exe) | 39.2 Mo] - (.Intel Corporation - IAStorDataSvc.) - (14.5.0.1081) = C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [24/06/2015 02:00:06] CPU Usage:0 % 8656 | [Owner : Système | Parent : 776(services.exe) | 7.58 Mo] - (.Microsoft Corporation - sedsvc.) - (10.0.17134.10074) = C:\Program Files\rempl\sedsvc.exe [30/07/2019 11:09:14] CPU Usage:0 % 9744 | [Owner : Système | Parent : 776(services.exe) | ?????] - (.Microsoft Corporation - Service Broker du moniteur d'exécution System Guard.) - (10.0.17134.1) = C:\Windows\System32\SgrmBroker.exe [12/04/2018 01:34:04] CPU Usage:0 % 13452 | [Owner : julie | Parent : 10220() | 34.04 Mo] - (.Intel Corporation - IAStorIcon.) - (14.5.0.1081) = C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [24/06/2015 02:00:08] CPU Usage:0 % 13788 | [Owner : julie | Parent : 13752() | 1.15 Mo] - (.Lenovo - Lenovo Solution Center Notifications.) - (1.1.0.0) = C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [10/12/2015 11:19:42] CPU Usage:0 % 10088 | [Owner : Système | Parent : 7936(CCSDK.exe) | 10.88 Mo] - (.Lenovo - Lenovo CCSDKWing.) - (1.2.0.13) = C:\Program Files (x86)\Lenovo\CCSDK\WinGather.exe [27/11/2015 09:11:16] CPU Usage:0 % 11312 | [Owner : SERVICE RÉSEAU | Parent : 976(svchost.exe) | 9.99 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.17134.1) = C:\Windows\SysWOW64\wbem\WmiPrvSE.exe [12/04/2018 01:34:55] CPU Usage:0 % 12096 | [Owner : Système | Parent : 776(services.exe) | 5.96 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 06:54:53] CPU Usage:0 % 13512 | [Owner : SERVICE RÉSEAU | Parent : 976(svchost.exe) | 21.42 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.17134.1) = C:\Windows\System32\wbem\WmiPrvSE.exe [12/04/2018 01:34:40] CPU Usage:0 % 10336 | [Owner : Système | Parent : 776(services.exe) | 8.64 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 06:54:53] CPU Usage:0 % 12944 | [Owner : Système | Parent : 976(svchost.exe) | 28.96 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.17134.1) = C:\Windows\SysWOW64\wbem\WmiPrvSE.exe [12/04/2018 01:34:55] CPU Usage:0 % 10040 | [Owner : Système | Parent : 776(services.exe) | ?????] - (.AVAST Software - Avast Behavior Shield.) - (19.7.4674.0) = C:\Program Files\AVAST Software\Avast\aswidsagent.exe [23/08/2019 14:47:48] CPU Usage:0 % 9844 | [Owner : julie | Parent : 976(svchost.exe) | 22.12 Mo] - (.Microsoft Corporation - Windows Defender SmartScreen.) - (10.0.17134.677) = C:\Windows\System32\smartscreen.exe [10/04/2019 07:40:33] CPU Usage:0 % 11928 | [Owner : julie | Parent : 8480(explorer.exe) | 61.87 Mo] - (.SosVirus - QuickDiag.) - (27.2.19.1) = C:\Users\julie\Downloads\QuickDiag.exe [23/08/2019 14:51:55] CPU Usage:0 % ---------- | Locked Applications ---------- | Explorer.exe Modules (Microsoft Files Whitelisted) (.AVAST Software.-.Hook Library.) - (19.7.4674.0) -- C:\Program Files\AVAST Software\Avast\aswhook.dll (..-..) - (0.0.0.0) -- C:\Windows\System32\InputHost.dll (.Lenovo Group Limited.-.Lenovo Settings - Battery Gauge.) - (1.0.62.0) -- C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\LenovoBatteryGaugePackage.dll (.AVAST Software.-.Avast Shell Extension.) - (19.7.4674.0) -- C:\Program Files\AVAST Software\Avast\ashShell.dll (.Intel Corporation.-.User Mode Driver for Intel(R) Graphics Technology.) - (20.19.15.4326) -- C:\WINDOWS\SYSTEM32\igd10iumd64.dll (.Intel Corporation.-.Intel Graphics Shader Compiler for Intel(R) Graphics Accelerator.) - (20.19.15.4326) -- C:\WINDOWS\SYSTEM32\igc64.dll (..-..) - (0.0.0.0) -- C:\Windows\ShellExperiences\TileControl.dll (..-..) - (0.0.0.0) -- C:\Windows\ShellComponents\TaskFlowUI.dll (.AVAST Software.-.Avast AAVM Remote Procedure Call Library.) - (19.7.4674.0) -- C:\Program Files\AVAST Software\Avast\AavmRpch.dll ---------- | Winlogon.exe Modules (Microsoft Files Whitelisted) ---------- | svchost.exe Modules (Microsoft Files Whitelisted) (.SQLite Development Team.-.SQLite is a software library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine..) - (3.21.0.0) -- c:\windows\system32\winsqlite3.dll (.AVAST Software.-.Hook Library.) - (19.7.4674.0) -- C:\Program Files\AVAST Software\Avast\aswhook.dll (..-..) - (0.0.0.0) -- C:\Windows\System32\InputHost.dll ---------- | ZeroAccess Check [HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll [HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll [HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll ---------- | Startings up GarminExpress - ("C:\Program Files (x86)\Garmin\Express\express.exe" /minimized [HKU\S-1-5-18\SOFTWARE\...\Run]) - User: AUTORITE NT\Système OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-19\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE LOCAL OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-20\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE RÉSEAU OneDrive - ("C:\Users\julie\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\SOFTWARE\...\Run]) - User: DESKTOP-EMB9DVO\julie Adobe Reader Synchronizer - ("C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\SOFTWARE\...\Run]) - User: DESKTOP-EMB9DVO\julie Spotify - (C:\Users\julie\AppData\Roaming\Spotify\Spotify.exe --autostart [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\SOFTWARE\...\Run]) - User: DESKTOP-EMB9DVO\julie GarminExpressTrayApp - ("C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\SOFTWARE\...\Run]) - User: DESKTOP-EMB9DVO\julie Chromium - ("c:\users\julie\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\SOFTWARE\...\Run]) - User: DESKTOP-EMB9DVO\julie CCleaner Smart Cleaning - ("C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\SOFTWARE\...\Run]) - User: DESKTOP-EMB9DVO\julie AvastBrowserAutoLaunch_76BEA41CF3B184FAA7E3960F3981142E - ("C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" --check-run=src=logon --auto-launch-at-startup --profile-directory="Default" [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\SOFTWARE\...\Run]) - User: DESKTOP-EMB9DVO\julie Chromium Update - (C:\Users\julie\AppData\Local\Chromium\Update\1.3.99.0\ChromiumUpdateCore.exe [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\SOFTWARE\...\Run]) - User: DESKTOP-EMB9DVO\julie GarminExpress - ("C:\Program Files (x86)\Garmin\Express\express.exe" /minimized [HKU\.DEFAULT\SOFTWARE\...\Run]) - User: .DEFAULT SecurityHealth - (%ProgramFiles%\Windows Defender\MSASCuiL.exe [HKLM\SOFTWARE\...\Run]) - User: Public RTHDVCPL - ("C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s [HKLM\SOFTWARE\...\Run]) - User: Public RtHDVBg_Dolby - ("C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4 [HKLM\SOFTWARE\...\Run]) - User: Public RtHDVBg_LENOVO_DOLBYDRAGON - ("C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /LENOVO_DOLBYDRAGON [HKLM\SOFTWARE\...\Run]) - User: Public RtHDVBg_LENOVO_MICPKEY - ("C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /LENOVO_MICPKEY [HKLM\SOFTWARE\...\Run]) - User: Public LenovoUtility - ("C:\Program Files\Lenovo\LenovoUtility\utility.exe" [HKLM\SOFTWARE\...\Run]) - User: Public IAStorIcon - ("C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60 [HKLM\SOFTWARE\...\Run]) - User: Public AvastUI.exe - ("C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui [HKLM\SOFTWARE\...\Run]) - User: Public DAX2_APP - (C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe -Hide [HKLM\SOFTWARE\...\Run]) - User: Public [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\Microsoft\Command Processor] "CompletionChar"=9 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=9 [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\Microsoft\Windows\CurrentVersion\Run] "OneDrive"="C:\Users\julie\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background "Adobe Reader Synchronizer"="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" "Spotify"=C:\Users\julie\AppData\Roaming\Spotify\Spotify.exe --autostart "GarminExpressTrayApp"="C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" "Chromium"="c:\users\julie\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session "CCleaner Smart Cleaning"="C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR "AvastBrowserAutoLaunch_76BEA41CF3B184FAA7E3960F3981142E"="C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" --check-run=src=logon --auto-launch-at-startup --profile-directory="Default" "Chromium Update"=C:\Users\julie\AppData\Local\Chromium\Update\1.3.99.0\ChromiumUpdateCore.exe [26/07/2019 11:45:01] [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run] "OneDrive"=0x03000000806F01C55290D301 "RESTART_STICKY_NOTES"=0x020000000000000000000000 "Adobe Reader Synchronizer"=0x03000000704801C55290D301 "GarminExpressTrayApp"=0x03000000704801C55290D301 "Spotify"=0x0300000046188FD02B86D301 "Spotify Web Helper"=0x030000006075A3785390D301 "CCleaner Monitoring"=0x03000000704801C55290D301 "AvastBrowserAutoLaunch_76BEA41CF3B184FAA7E3960F3981142E"=0x03000000EBE55246DE10D501 "Chromium"=0x020000000000000000000000 "GoogleChromeAutoLaunch_332C70B64F8DBF38D409862D5BED7EE0"=0x020000000000000000000000 "CCleaner Smart Cleaning"=0x020000000000000000000000 "Chromium Update"=0x020000000000000000000000 [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RunMRU] "a"=appwiz.cpl\1 "MRUList"=cba "b"=REGEDIT\1 "c"=cmd\1 [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "Device"=EPSON8B28C8,winspool,Ne05: "IsMRUEstablished"=1 "LegacyDefaultPrinterMode"=0 "MenuDropAlignment"=1 [HKLM\Software\Microsoft\Command Processor] "DefaultColor"=0 "EnableExtensions"=1 "CompletionChar"=64 "PathCompletionChar"=64 [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "SecurityHealth"=%ProgramFiles%\Windows Defender\MSASCuiL.exe "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s "RtHDVBg_Dolby"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4 "RtHDVBg_LENOVO_DOLBYDRAGON"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /LENOVO_DOLBYDRAGON "RtHDVBg_LENOVO_MICPKEY"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /LENOVO_MICPKEY "LenovoUtility"="C:\Program Files\Lenovo\LenovoUtility\utility.exe" "IAStorIcon"="C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60 "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui "DAX2_APP"=C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe -Hide [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run] "SecurityHealth"=0x060000000000000000000000 "AvastUI.exe"=0x060000000000000000000000 "WinZip UN"=0x040000000000000000000000 "WinZip PreLoader"=0x040000000000000000000000 "WinZip FAH"=0x040000000000000000000000 "LenovoUtility"=0x03000000909601C55290D301 "IAStorIcon"=0x020000000000000000000000 "DAX2_APP"=0x03000000909601C55290D301 "RTHDVCPL"=0x03000000909601C55290D301 "RtHDVBg_LENOVO_MICPKEY"=0x03000000909601C55290D301 "RtHDVBg_LENOVO_DOLBYDRAGON"=0x03000000909601C55290D301 "RtHDVBg_Dolby"=0x03000000909601C55290D301 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32] "SunJavaUpdateSched"=0x03000000E05902C55290D301 "mcpltui_exe"=0x040000000000000000000000 "Cisco AnyConnect Secure Mobility Agent for Windows"=0x020000000000000000000000 "Wondershare Helper Compact.exe"=0x030000007F35C9562C86D301 "IAStorIcon"=0x03000000909601C55290D301 "AvastUI.exe"=0x020000000000000000000000 [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] ""=mnmsrvc "AppInit_DLLs"= "DdeSendTimeout"=0 "DesktopHeapLogging"=1 "DeviceNotSelectedTimeout"=15 "DwmInputUsesIoCompletionPort"=1 "EnableDwmInputProcessing"=7 "GDIProcessHandleQuota"=10000 "IconServiceLib"=IconCodecService.dll "LoadAppInit_DLLs"=0 "NaturalInputHandler"=Ninput.dll "ShutdownWarningDialogTimeout"=4294967295 "Spooler"=yes "ThreadUnresponsiveLogTimeout"=500 "TransmissionRetryTimeout"=90 "USERNestedWindowLimit"=50 "USERPostMessageLimit"=10000 "USERProcessHandleQuota"=10000 "Win32kLastWriteTime"=1D3D1ED98C0F7D8 [HKLM\Software\WOW6432Node\Microsoft\Command Processor] "CompletionChar"=9 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=9 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows] ""=mnmsrvc "AppInit_DLLs"= "DdeSendTimeout"=0 "DesktopHeapLogging"=1 "DeviceNotSelectedTimeout"=15 "DwmInputUsesIoCompletionPort"=1 "EnableDwmInputProcessing"=7 "GDIProcessHandleQuota"=10000 "IconServiceLib"=IconCodecService.dll "LoadAppInit_DLLs"=0 "NaturalInputHandler"=Ninput.dll "ShutdownWarningDialogTimeout"=4294967295 "Spooler"=yes "ThreadUnresponsiveLogTimeout"=500 "TransmissionRetryTimeout"=90 "USERNestedWindowLimit"=50 "USERPostMessageLimit"=10000 "USERProcessHandleQuota"=10000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED} ---------- | Win.ini : ---------- | System.ini : ---------- | Tasks List Adobe Acrobat Update Task Adobe Flash Player PPAPI Notifier Adobe Flash Player Updater Avast Emergency Update Avast Secure Browser Heartbeat Task (Hourly) Avast Secure Browser Heartbeat Task (Logon) AvastUpdateTaskMachineCore AvastUpdateTaskMachineUA CCleaner Update CCleanerSkipUAC ChromiumUpdateTaskMachineCore ChromiumUpdateTaskMachineUA ChromiumUpdateTaskUserS-1-5-21-313941316-4192098390-2314814383-1001Core ChromiumUpdateTaskUserS-1-5-21-313941316-4192098390-2314814383-1001UA CreateExplorerShellUnelevatedTask GarminUpdaterTask GoogleUpdateTaskMachineCore GoogleUpdateTaskMachineUA OneDrive Standalone Update Task-S-1-5-21-313941316-4192098390-2314814383-1001 User_Feed_Synchronization-{664383D0-C1BE-41E9-A90F-ACB04B00A418} {F1B496F4-6A79-49E6-90C4-C323B05ED6D6} ---------- | Startings up registry ¦ Folder ---------- | Control - lsa - SecurityProviders - Session Manager - Terminal Server [HKLM\System\CurrentControlSet\Control] "BootDriverFlags"=28 "CurrentUser"=USERNAME "EarlyStartServices"=RpcSs Power BrokerInfrastructure SystemEventsBroker DcomLaunch RpcEpMapper LSM AppIdSvc "PreshutdownOrder"=UsoSvc DeviceInstall gpsvc trustedinstaller "SvcHostSplitThresholdInKB"=3670016 "WaitToKillServiceTimeout"=2000 "SystemStartOptions"= NOEXECUTE=OPTIN NOVGA "SystemBootDevice"=multi(0)disk(0)rdisk(0)partition(3) "FirmwareBootDevice"=multi(0)disk(0)rdisk(0)partition(1) "LastBootSucceeded"=1 "LastBootShutdown"=1 "DirtyShutdownCount"=43 [HKLM\System\CurrentControlSet\Control\lsa] "auditbasedirectories"=0 "auditbaseobjects"=0 "Bounds"=0x0030000000200000 "crashonauditfail"=0 "LimitBlankPasswordUse"=1 "NoLmHash"=1 "Security Packages"="" [01/04/2016 19:06:59] "Authentication Packages"=msv1_0 "disabledomaincreds"=0 "everyoneincludesanonymous"=0 "forceguest"=0 "fullprivilegeauditing"=0x80 "LsaPid"=800 "Notification Packages"=scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "ProductType"=3 "restrictanonymous"=0 "restrictanonymoussam"=1 "SamConnectedAccountsExist"=1 "SecureBoot"=1 [HKLM\System\CurrentControlSet\Control\SecurityProviders] "SecurityProviders"=credssp.dll [HKLM\System\CurrentControlSet\Control\Session Manager] "AutoChkTimeout"=8 "BootExecute"=autocheck autochk * "BootShell"=%SystemRoot%\system32\bootim.exe "CriticalSectionTimeout"=2592000 "ExcludeFromKnownDlls"= "GlobalFlag"=0 "HeapDeCommitFreeBlockThreshold"=0 "HeapDeCommitTotalFreeThreshold"=0 "HeapSegmentCommit"=0 "HeapSegmentReserve"=0 "InitConsoleFlags"=0 "NumberOfInitialSessions"=2 "ObjectDirectories"=\Windows \RPC Control "ProcessorControl"=2 "ProtectionMode"=1 "RunLevelExecute"=WinInit ServiceControlManager "RunLevelValidate"=ServiceControlManager "SETUPEXECUTE"= "AutoChkSkipSystemPartition"=0 "ResourceTimeoutCount"=648000 [HKLM\System\CurrentControlSet\Control\Terminal Server] "AllowRemoteRPC"=0 "DelayConMgrTimeout"=0 "DeleteTempDirsOnExit"=1 "fDenyTSConnections"=1 "fSingleSessionPerUser"=1 "NotificationTimeOut"=0 "PerSessionTempDir"=0 "ProductVersion"=5.1 "RCDependentServices"=CertPropSvc SessionEnv "SnapshotMonitors"=1 "StartRCM"=0 "TSUserEnabled"=0 "InstanceID"=6e359d47-e6a8-42b7-b646-4a193f4 "GlassSessionId"=1 ---------- | .LNK with Arguments ---------- | AppCertDlls ---------- | Dnsapi.dll C:\WINDOWS\System32\dnsapi.dll -> OK : \drivers\etc\hosts C:\WINDOWS\SysWOW64\dnsapi.dll -> OK : \drivers\etc\hosts ---------- | Policies | Registry [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Control Panel\Desktop] "ActiveWndTrackTimeout"=0 "BlockSendInputResets"=0 "CaretTimeout"=5000 "CaretWidth"=1 "ClickLockTime"=1200 "CoolSwitchColumns"=7 "CoolSwitchRows"=3 "CursorBlinkRate"=530 "DockMoving"=1 "DragFromMaximize"=1 "DragFullWindows"=1 "DragHeight"=4 "DragWidth"=4 "FocusBorderHeight"=1 "FocusBorderWidth"=1 "FontSmoothing"=2 "FontSmoothingGamma"=0 "FontSmoothingOrientation"=1 "FontSmoothingType"=2 "ForegroundFlashCount"=7 "ForegroundLockTimeout"=200000 "LeftOverlapChars"=3 "MenuShowDelay"=400 "MouseWheelRouting"=2 "PaintDesktopVersion"=0 "Pattern"=0 "RightOverlapChars"=3 "ScreenSaveActive"=1 "SnapSizing"=1 "TileWallpaper"=0 "WallPaper"=C:\Users\julie\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\IMG_8547.JPG [28/11/2018 10:51:09] "WallpaperOriginX"=0 "WallpaperOriginY"=0 "WallpaperStyle"=10 "WheelScrollChars"=3 "WheelScrollLines"=3 "WindowArrangementActive"=1 "Win8DpiScaling"=0 "DpiScalingVer"=4096 "UserPreferencesMask"=0x9E1E078012000000 "MaxVirtualDesktopDimension"=5120 "MaxMonitorDimension"=3200 "TranscodedImageCount"=1 "LastUpdated"=4294967295 "TranscodedImageCache"=0x7AC30100D4653C00B0100000200B0000009FABCBDF07D30143003A005C00550073006500720073005C006A0075006C00690065005C0041007000700044006100740061005C004C006F00630061006C005C005000610063006B0061006700650073005C004D006900630072006F0073006F00660074002E00570069006E0064006F00770073002E00500068006F0074006F0073005F003800770065006B007900620033006400380062006200770065005C004C006F00630061006C00530074006100740065005C00500068006F0074006F0073004100700070004200610063006B00670072006F0075006E0064005C0049004D0047005F0038003500340037002E004A00500047000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 "PreferredUILanguages"=fr-FR "EnablePerProcessSystemDPI"=1 "WaitToKillAppTimeout"=2000 "HungAppTimeout"=2000 [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{018D5C66-4533-4307-9B53-224DE2ED1FE6}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\Microsoft\Windows\CurrentVersion\Explorer] "ShellState"=0x24000000382800000000000000000000000000000100000013000000000000006A000000 "ExplorerStartupTraceRecorded"=1 "UserSignedIn"=1 "SlowContextMenuEntries"=0x60B81DB4E464D2119906E49FADC173CA4A0B00000114020000000000C000000000000046D31E0000BD0E0C47735D584D9CEDE91E22E2328247090000B083204722C5CF11876300608CC02F240F310E001A58CE57B60C66429CA019364C90A0B3BE460000 "SIDUpdatedOnLibraries"=1 "LocalKnownFoldersMigrated"=1 "TelemetrySalt"=1 "GlobalAssocChangedCounter"=1173 "FirstRunTelemetryComplete"=1 "EdgeDesktopShortcutCreated"=1 "AppReadinessLogonComplete"=1 "PostAppInstallTasksCompleted"=1 "link"=0x15000000 "Browse For Folder Width"=866 "Browse For Folder Height"=730 [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_SearchFiles"=2 "ServerAdminUI"=0 "Hidden"=2 "ShowCompColor"=1 "HideFileExt"=0 "DontPrettyPath"=0 "ShowInfoTip"=1 "HideIcons"=0 "MapNetDrvBtn"=0 "WebView"=1 "Filter"=0 "ShowSuperHidden"=0 "SeparateProcess"=0 "AutoCheckSelect"=1 "IconsOnly"=0 "ShowTypeOverlay"=1 "ShowStatusBar"=1 "ListviewAlphaSelect"=1 "ListviewShadow"=1 "TaskbarAnimations"=1 "StoreAppsOnTaskbar"=1 "EnableStartMenu"=1 "StartMenuInit"=13 "ReindexedProfile"=1 "LaunchTo"=1 "TaskbarStateLastRun"=0x66105F5D00000000 "TaskbarAppsVisibleInTabletMode"=0 "TaskbarSizeMove"=1 "ShellViewReentered"=1 [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\WordWheelQuery] "MRUListEx"=0x0700000006000000050000000400000003000000020000000100000000000000FFFFFFFF "0"=0x4100550049006E007300740061006C006C004100670065006E0074000000 "1"=0x6E006F0072007600E800670065000000 "2"=0x6E006F00720064000000 "3"=0x77006800610074000000 "4"=0x4400530043005F0030003100330033000000 "5"=0x70006F006B0065006D006F006E000000 "6"=0x6700620061000000 "7"=0x72006F0075006700650020006600650075000000 [HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers] "authenticodeenabled"=0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "DSCAutomationHostEnabled"=2 "EnableCursorSuppression"=1 "EnableFullTrustStartupTasks"=2 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableUwpStartupTasks"=2 "EnableVirtualization"=1 "PromptOnSecureDesktop"=1 "SupportFullTrustStartupTasks"=1 "SupportUwpStartupTasks"=1 "ValidateAdminCodeSignatures"=0 "undockwithoutlogon"=1 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 "EnableSecureUIAPath"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "ForceActiveDesktopOn"=0 "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "NoRecentDocsHistory"=0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoAddingComponents"=1 "NoComponents"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "CheckedValue"=1 "DefaultValue"=2 "HKeyRoot"=2147483649 "Id"=2 "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "ValueName"=Hidden [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer] "ActiveSetupDisabled"=0 "ActiveSetupTaskOverride"=1 "AsyncRunOnce"=1 "AsyncUpdatePCSettings"=1 "DisableAppInstallsOnFirstLogon"=1 "DisableResolveStoreCategories"=1 "DisableUpgradeCleanup"=1 "EarlyAppResolverStart"=1 "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "FSIASleepTimeInMs"=60000 "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "IconUnderline"=2 "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "MachineOobeUpdates"=1 "NoWaitOnRoamingPayloads"=1 "TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd} "SmartScreenEnabled"=RequireAdmin "GlobalAssocChangedCounter"=3 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_TrackDocs"=1 "TaskbarSizeMove"=0 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s [HKLM\Software\WOW6432Node\Policies\Microsoft\Windows\Safer\CodeIdentifiers] "authenticodeenabled"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "DSCAutomationHostEnabled"=2 "EnableCursorSuppression"=1 "EnableFullTrustStartupTasks"=2 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableUwpStartupTasks"=2 "EnableVirtualization"=1 "PromptOnSecureDesktop"=1 "SupportFullTrustStartupTasks"=1 "SupportUwpStartupTasks"=1 "ValidateAdminCodeSignatures"=0 "undockwithoutlogon"=1 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 "EnableSecureUIAPath"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer] "ForceActiveDesktopOn"=0 "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "NoRecentDocsHistory"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoAddingComponents"=1 "NoComponents"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "CheckedValue"=1 "DefaultValue"=2 "HKeyRoot"=2147483649 "Id"=2 "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "ValueName"=Hidden [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer] "ActiveSetupDisabled"=0 "ActiveSetupTaskOverride"=1 "AsyncRunOnce"=1 "AsyncUpdatePCSettings"=1 "DisableAppInstallsOnFirstLogon"=1 "DisableResolveStoreCategories"=1 "DisableUpgradeCleanup"=1 "EarlyAppResolverStart"=1 "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "FSIASleepTimeInMs"=60000 "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "IconUnderline"=2 "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "MachineOobeUpdates"=1 "NoWaitOnRoamingPayloads"=1 "TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd} "GlobalAssocChangedCounter"=18 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_TrackDocs"=1 "TaskbarSizeMove"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s ---------- | Winlogon [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin;OneDrive;Work Folders "PUUActive"=0x0EFB17D004002700A400B006E4F4310068FC5C0068FC5C00D200000002005900A1C9DC627A783002F9F77000D72812008F070E00F3850400C29700002D0A6900D6900100A8300000930E0113B159D501354763000000000001000000EA155400EE420000EF110000B41B4F0000000000 "BuildNumber"=17134 "FirstLogon"=0 "DP"=0xD200E80013032700A70000000EFB17D0FDF55E0000000000930E0113B159D5012C559595A259D5017CA15D000000000000000000F6E53600000000000000000000000000B136000000000000000000000000000000000000000000000000F03F805101002BA100808832410888324308A14500C00086680200866A02B05E000024B04D15E5F14D15BF9300C08120004081244050456F008000420620244B0620C92001C0620CC260624CE27043010080C5C0102AC5C1142AA6BE0000100042201004C220E4D80000C2841410C6841510882F0100220899072A29D907640E00008900263489803734 "ParseAutoexec"=1 [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "AutoRestartShell"=1 "Background"=0 0 0 "CachedLogonsCount"=10 "DebugServerCommand"=no "DisableBackButton"=1 "EnableSIHostIntegration"=1 "ForceUnlockLogon"=0 "LegalNoticeCaption"= "LegalNoticeText"= "PasswordExpiryWarning"=5 "PowerdownAfterShutdown"=0 "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "ReportBootOk"=1 "Shell"=explorer.exe "ShellCritical"=0 "ShellInfrastructure"=sihost.exe "SiHostCritical"=0 "SiHostReadyTimeOut"=0 "SiHostRestartCountLimit"=0 "SiHostRestartTimeGap"=0 "VMApplet"=SystemPropertiesPerformance.exe /pagefile "WinStationsDisabled"=0 "scremoveoption"=0 "LastLogOffEndTimePerfCounter"=9108036118 "ShutdownFlags"=39 "Userinit"=C:\Windows\system32\userinit.exe, "DisableCad"=1 "DisableLockWorkstation"=0 "EnableFirstLogonAnimation"=1 "AutoLogonSID"=S-1-5-21-313941316-4192098390-2314814383-1001 "LastUsedUsername"=julie [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon] "DefaultDomainName"= "DefaultUserName"= "EnableSIHostIntegration"=1 "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "Shell"=explorer.exe "ShellCritical"=0 "SiHostCritical"=0 "SiHostReadyTimeOut"=0 "SiHostRestartCountLimit"=0 "SiHostRestartTimeGap"=0 "Userinit"=C:\WINDOWS\system32\userinit.exe, ---------- | Associations [HKLM\Software\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\Classes\.com] ""=comfile [HKLM\Software\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.reg] ""=regfile [HKLM\Software\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\Classes\.scr] ""=scrfile [HKLM\Software\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\Classes\.bat] ""=batfile [HKLM\Software\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.cmd] ""=cmdfile [HKLM\Software\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.pif] ""=piffile [HKLM\Software\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.inf] ""=inffile [HKLM\Software\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\Classes\.url] ""=InternetShortcut [HKLM\Software\Classes\.lnk] ""=lnkfile [HKLM\Software\Classes\.hta] ""=htafile "Content Type"=application/hta "PerceivedType"=text [HKLM\Software\Classes\htafile\Shell\Open\Command] ""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* [HKLM\Software\Classes\InternetShortcut] "EditFlags"=2 "FriendlyTypeName"=@C:\WINDOWS\system32\ieframe.dll,-10046 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "NeverShowExt"= "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment ""=Raccourci Internet [HKLM\Software\Classes\Application.Manifest] ""=Application Manifest "BrowserFlags"=4096 "EditFlags"=4259840 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200 [HKLM\Software\Classes\Application.Reference] ""=Application Reference "EditFlags"=131072 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201 "IsShortcut"= "NeverShowExt"= [HKLM\Software\Classes\Folder] ""=Folder "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeLayoutPatternForSearch"=alpha "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.HomeGroupSharingStatus [HKLM\Software\WOW6432Node\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\WOW6432Node\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\WOW6432Node\Classes\.com] ""=comfile [HKLM\Software\WOW6432Node\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.reg] ""=regfile [HKLM\Software\WOW6432Node\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\WOW6432Node\Classes\.scr] ""=scrfile [HKLM\Software\WOW6432Node\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\WOW6432Node\Classes\.bat] ""=batfile [HKLM\Software\WOW6432Node\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.cmd] ""=cmdfile [HKLM\Software\WOW6432Node\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.pif] ""=piffile [HKLM\Software\WOW6432Node\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.inf] ""=inffile [HKLM\Software\WOW6432Node\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\WOW6432Node\Classes\.url] ""=InternetShortcut [HKLM\Software\WOW6432Node\Classes\.lnk] ""=lnkfile [HKLM\Software\WOW6432Node\Classes\.hta] ""=htafile "Content Type"=application/hta "PerceivedType"=text [HKLM\Software\WOW6432Node\Classes\htafile\Shell\Open\Command] ""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* [HKLM\Software\WOW6432Node\Classes\InternetShortcut] "EditFlags"=2 "FriendlyTypeName"=@C:\WINDOWS\system32\ieframe.dll,-10046 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "NeverShowExt"= "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment ""=Raccourci Internet [HKLM\Software\WOW6432Node\Classes\Application.Manifest] ""=Application Manifest "BrowserFlags"=4096 "EditFlags"=4259840 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200 [HKLM\Software\WOW6432Node\Classes\Application.Reference] ""=Application Reference "EditFlags"=131072 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201 "IsShortcut"= "NeverShowExt"= [HKLM\Software\WOW6432Node\Classes\Folder] ""=Folder "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeLayoutPatternForSearch"=alpha "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.HomeGroupSharingStatus [HKLM\Software\Clients\StartMenuInternet\Avast Secure Browser\Shell\open\Command] ""="C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" [HKLM\Software\Clients\StartMenuInternet\Avast Secure Browser\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" --make-default-browser [HKLM\Software\Clients\StartMenuInternet\Google Chrome\Shell\open\Command] ""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [HKLM\Software\Clients\StartMenuInternet\Google Chrome\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""=C:\Program Files\Internet Explorer\iexplore.exe [12/04/2018 18:19:11] [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Avast Secure Browser\Shell\open\Command] ""="C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Avast Secure Browser\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" --make-default-browser [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\Shell\open\Command] ""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""=C:\Program Files\Internet Explorer\iexplore.exe [12/04/2018 18:19:11] [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall ---------- | AppcompatFlags [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store] "C:\Users\julie\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C03802000BA5020001000000000000000000000A002100000261329FFFBAD0010000000100000000 "C:\Users\julie\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C88002006821030001000000000000000000000A002100000261329FFFBAD0010000000100000000 "C:\Program Files (x86)\Lenovo\UserGuide\UserGuide.exe"=0x5341435001000000000000000700000028000000880C0100983A010001000000000000000000000AF12200000261329FFFBAD00100000000000000000200000028000000000000000000000000000000000000000000000000000000651E0000000000000100000001000000 "C:\Program Files\mcafee.com\agent\mcagent.exe"=0x53414350010000000000000007000000280000005067090059F3090001000000000000000000000A00210000078CBF8EFFBAD0010000000000000000020000002800000000000000000000000000000000000000000000000000000071020000000000000100000001000000 "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\OneKey Recovery.exe"=0x5341435001000000000000000700000028000000B8A5330036A6330001000000000000000000000A73220000E78E163C2AA0D20100000000000000000200000050000000000000000000005000000000000000000000000000000000CEAE0000000000000100000001000000000000000000004000000000000000000000000000000000C5A00000000000000100000000000000 "C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"=0x5341435001000000000000000700000028000000707803004F24040001000000000000000000030600010000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000F52C2BAE000000006C0100006C010000 "C:\Program Files (x86)\Lenovo\REACHit\REACHitAgent.exe"=0x5341435001000000000000000700000028000000C85F0A00889D0A0001000000000000000000030680010000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000B21F9701000000000400000004000000 "C:\Program Files (x86)\Microsoft Office\Office15\FIRSTRUN.EXE"=0x5341435001000000000000000700000028000000A81A0F006C6B0F0001000000000000000000000A712000000261329FFFBAD00100000000000000000200000028000000000000000000000000000000000000000000000000000000FF170600000000000400000004000000 "C:\Users\julie\AppData\Local\Temp\SetupO365ProPlusRetail.x86.fr-FR_O365ProPlusRetail_D79NR-XF84F-YRT4P-JH8MT-D3TP2_act_1_.exe"=0x5341435001000000000000000700000028000000C8401000A6181100010000000000000000000106000100000261329FFFBAD0010000000000000000020000002800000000000000000000000000000000000000000000000000000063710100000000000100000001000000 "C:\Program Files\Microsoft Office 15\root\office15\perfboost.exe"=0x5341435001000000000000000700000028000000A8600100F1F20100010000000000000000000206710000000261329FFFBAD0010000000000000000020000002800000000000000000000000000000000000000000000000000000094330000000000000300000003000000 "C:\Program Files\Microsoft Office 15\root\office15\FIRSTRUN.EXE"=0x5341435001000000000000000700000028000000A01C0F0045E20F0001000000000000000000000A712000000261329FFFBAD001000000000000000002000000280000000000000000000000000000000000000000000000000000007E700300000000000100000001000000 "C:\Users\julie\Downloads\mingw-get-setup.exe"=0x53414350010000000000000007000000280000000052010000000000010000000000000000000206000100000261329FFFBAD00100000000000000000200000028000000000000000000000000000000000000000000000000000000728B1800000000000100000001000000 "C:\Users\julie\Downloads\geany-1.27_setup.exe"=0x5341435001000000000000000700000028000000A846D40057B3D400010000000000000000000106000100000261329FFFBAD001000000000000000002000000280000000000000000000040000000000000000000000000000000006C440000000000000100000001000000 "C:\Program Files (x86)\Geany\bin\geany.exe"=0x534143500100000000000000070000002800000050B500009C22010001000000000000000000000A6122000033504C2B57DFD101000000000000000002000000280000000000000000000000100000000000000000000000000000002216AB0F00000000AB020000AB020000 "C:\Users\julie\Downloads\ChromeSetup.exe"=0x534143500100000000000000070000002800000050120F00AD530F0001000000000000000000000A002100000261329FFFBAD0010000008100000000 "C:\Users\julie\AppData\Local\Temp\GUMB159.tmp\GoogleUpdateSetup.exe"=0x534143500100000000000000070000002800000050120F00AD530F0001000000000000000000000A002100000261329FFFBAD00100000080000000000200000028000000000000000000004000000000000000000000000000000000057E0B00000000000100000001000000 "C:\Users\julie\Downloads\readerdc_fr_ka_install.exe"=0x5341435001000000000000000700000028000000E03E1200E33A1300010000000000000000000106000100000261329FFFBAD001000000000000000002000000280000000000000000000040000000000000000000000000000000004F0B2000000000000100000001000000 "C:\Users\julie\AppData\Local\Temp\Temp1_paint.net.4.0.5.install.zip\paint.net.4.0.8.install.exe"=0x5341435001000000000000000700000028000000F8786A0059906A00010000000000000000000106000100000261329FFFBAD00100000000000000000200000028000000000000000000004000000000000000000000000000000000E3600200000000000100000001000000 "C:\Users\julie\AppData\Local\Microsoft\OneDrive\17.3.6302.0225_1\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C88002006821030001000000000000000000000A0021000019B4C529E312D1010000000100000000 "C:\Users\julie\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C8BA0200D5D3020001000000000000000000000A0021000019B4C529E312D1010000000100000000 "C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe"=0x5341435001000000000000000700000028000000E0251400E0F7140001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000E2AD0DEE000000004D0100004D010000 "C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe"=0x5341435001000000000000000700000028000000E04100007D4D000001000000000000000000000AF522000059193B14E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000029010000000000000100000001000000 "C:\Program Files (x86)\Wondershare\PDFelement\PDFelement.exe"=0x5341435001000000000000000700000028000000F0D702001C4E030001000000000000000000000AF122000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000CAC10000000000000D0000000D000000 "C:\Users\julie\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C8BA020001D3020001000000000000000000000A0021000019B4C529E312D1010000000100000000 "C:\Program Files\Windows Media Player\wmplayer.exe"=0x534143500100000000000000070000002800000000980200DDE8020001000000010000000000000A7322000059193B14E312D1010000000000000000 "C:\Program Files (x86)\Lenovo\Lenovo Photo Master\PhotoMaster.exe"=0x5341435001000000000000000700000028000000185F0B00E8FD0B0001000000000000000000000A71220000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000A58F6B00000000000600000006000000 "C:\Program Files\Windows Mail\wab.exe"=0x534143500100000000000000070000002800000000E6070025D1080001000000010000000000000A7322000059193B14E312D1010000000000000000 "C:\Users\julie\Downloads\qt-unified-windows-x86-2.0.3-online.exe"=0x5341435001000000000000000700000028000000C0C71901B83A1A010100000000000000000003060001000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000BF731900000000000100000001000000 "C:\Users\julie\Desktop\Dossiers\build-test-Desktop_Qt_5_6_0_MinGW_32bit-Debug\debug\test.exe"=0x53414350010000000000000007000000280000002B0708001366080001000000000000000000000A6120000019B4C529E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000007AC90000000000000800000008000000 "C:\Users\julie\Downloads\FreeMind-Windows-Installer-1.0.1-max.exe"=0x53414350010000000000000007000000280000000FE13E02000000000100000000000000000002060001000019B4C529E312D101000000000000000002000000280000000000000000000040000000000000000000000000000000009E6D0000000000000100000001000000 "C:\Users\julie\Downloads\JavaSetup8u91.exe"=0x534143500100000000000000070000002800000040460B006D820B0001000000000000000000000A7122000019B4C529E312D101000000000000000002000000280000000000000000000040000000000000000000000000000000006CCE0000000000000100000001000000 "C:\Program Files\Internet Explorer\iexplore.exe"=0x5341435001000000000000000700000028000000C0720C009F7D0C0001000000010000000000000A0021000059193B14E312D1010000000000000000 "C:\Program Files\Intel Security\True Key\Application\truekey.exe"=0x534143500100000000000000070000002800000030F5460011B9470001000000000000000000000A7322000059193B14E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000BA030000000000000200000002000000 "C:\Users\julie\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C0AC02007050030001000000000000000000000A0021000019B4C529E312D1010000000100000000 "C:\Program Files\Microsoft Office 15\root\office15\EXCEL.EXE"=0x5341435001000000000000000700000028000000C0C288018126890101000000000000000000000A0021000019B4C529E312D1010000009100000000 "C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe"=0x5341435001000000000000000700000028000000F0AA3000844131000100000000000000000001060001000059193B14E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000F68A0100000000000300000003000000 "C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE"=0x5341435001000000000000000700000028000000B87C1D00EFC61D0001000000000000000000000A0021000019B4C529E312D1010000009100000000 "C:\Users\julie\Downloads\uTorrent.exe"=0x5341435001000000000000000700000028000000C0A620006E1D210001000000000000000000000A0021000019B4C529E312D10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000B1AB0000000000000100000001000000 "C:\Users\julie\Downloads\mbam-setup-cnet.35891-2.2.1.1043.exe"=0x534143500100000000000000070000002800000090AF5C017A9F5D0101000000000000000000000A0021000019B4C529E312D101000000000000000002000000280000000000000000000040000000000000000000000000000000003E1F3F00000000000100000001000000 "C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe"=0x534143500100000000000000070000002800000010E95D00CD595E0001000000000000000000000A0021000059193B14E312D10100000000000000000200000050000000000000000000000000000000000000000000000000000000F9A30800000000000100000001000000000000000000004000000000000000000000000000000000105A0800000000000200000000000000 "C:\MinGW\libexec\mingw-get\guimain.exe"=0x53414350010000000000000007000000280000000036020076D602000100000000000000000002060001000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000009B2A0000000000000200000002000000 "C:\Users\julie\Downloads\vasclient32.exe"=0x534143500100000000000000070000002800000060C653022DF353020100000000000000000003060001000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000FFC80300000000000100000001000000 "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe"=0x5341435001000000000000000700000028000000006A12007296120001000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000FE020000000000006A0000006A000000 "C:\Program Files (x86)\Quest Software\vWorkspace Client\pnap32.exe"=0x534143500100000000000000070000002800000088D92E00C62A2F0001000000000000000000000A7120000019B4C529E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000029BC1B00000000000200000002000000 "C:\Program Files\mcafee.com\agent\mcupdate.exe"=0x5341435001000000000000000700000028000000F8F8270039F8280001000000000000000000000A0021000059193B14E312D101000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000006B030000000000000100000001000000 "C:\Users\julie\Downloads\avast_free_antivirus_setup_online.exe"=0x5341435001000000000000000700000028000000486C5F00A22B600001000000000000000000000A0021000019B4C529E312D101000000000000000002000000280000000000000000000040000000000000000000000000000000009B930200000000000100000001000000 "C:\Users\julie\Downloads\kaspersky-anti-virus_17-0-0-611_en_10479.exe"=0x534143500100000000000000070000002800000020AA7C0A95DA7C0A01000000000000000000000A0021000019B4C529E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000028589A01000000000100000001000000 "C:\Users\julie\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C0AC02007050030001000000000000000000000A0021000033504C2B57DFD1010000000100000000 "C:\Users\julie\Desktop\CPP\Semaine 1\fondue.exe"=0x5341435001000000000000000700000028000000961301003DC9010001000000000000000000000A7120000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000009230000000000000200000002000000 "C:\Users\julie\Downloads\flashplayer23pp_wa_install.exe"=0x5341435001000000000000000700000028000000D0481200731C130001000000000000000000000A0021000033504C2B57DFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000016D20000000000000100000001000000 "C:\Users\julie\AppData\Local\Temp\jre-8u111-windows-au.exe"=0x534143500100000000000000070000002800000040420B0047080C0001000000000000000000000A7122000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000EED40100000000000100000001000000 "C:\Users\julie\AppData\Local\Microsoft\OneDrive\17.3.6705.1122\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D87E03000008040001000000000000000000000A0021000033504C2B57DFD1010000000100000000 "C:\Users\julie\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000E07E03004B44040001000000000000000000000A0021000033504C2B57DFD1010000000100000000 "C:\Users\julie\Downloads\Stremio_Setup.exe"=0x534143500100000000000000070000002800000070A117002316258C0100000000000000000002060001000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000F8218805000000000100000001000000 "C:\Users\julie\AppData\Local\Programs\LNV\Stremio\Stremio.exe"=0x534143500100000000000000070000002800000010F00C039CAC0D0301000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000A657D301000000000400000004000000 "C:\Users\julie\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D87E030025C1030001000000000000000000000A0021000033504C2B57DFD1010000000100000000 "C:\Users\julie\AppData\Local\Temp\{E97DCD51-DA2A-43C8-A34B-F7F64B9DE202}\.be\GarminExpressInstaller.exe"=0x5341435001000000000000000700000028000000C8621000CBC1100001000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000B7420000000000000100000001000000 "C:\Users\julie\Downloads\UsenetNLSetup_1.30.exe"=0x5341435001000000000000000700000028000000E8C97100DDC272000100000000000000000001060001000033504C2B57DFD10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000C92A0000000000000100000001000000 "C:\Users\julie\Downloads\UsenetNLSetup_1.30 (1).exe"=0x5341435001000000000000000700000028000000E8C97100DDC272000100000000000000000001060001000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000D13B0000000000000100000001000000 "C:\Users\julie\Downloads\doctor-strange-eng-6870456.exe"=0x534143500100000000000000070000002800000080E813004174BC870100000000000000000003060001000033504C2B57DFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000026400000000000000100000001000000 "C:\Users\julie\Downloads\wrar540fr.exe"=0x5341435001000000000000000700000028000000D87A1F0019F51F0001000000000000000000000A0021000033504C2B57DFD10100000080000000000200000028000000000000000000004000000000000000000000000000000000EC460000000000000100000001000000 "C:\Users\julie\Downloads\doctor-strange-eng-6870456 (1).exe"=0x534143500100000000000000070000002800000080E813004174BC870100000000000000000003060001000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000D70F0500000000000100000001000000 "C:\Users\julie\AppData\Local\chromium\Application\chrome.exe"=0x5341435001000000000000000700000028000000004E1000CA8A100001000000000000000000000A0021000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000003E000000000000000100000001000000 "C:\Users\julie\AppData\Local\Microsoft\OneDrive\17.3.6764.0111\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000E07E0300F3A9030001000000000000000000000A0021000033504C2B57DFD1010000000100000000 "C:\Users\julie\AppData\Local\{6EC0589C-4A68-3424-27F0-11CC0398ED54}\uninst.exe"=0x53414350010000000000000007000000280000009E910000000000000300000000000000000001060001000033504C2B57DFD10100000000000000000100000004000000010000000500000010000000000000000000000000000106000000000200000050000000000001060000006000008000000000000000800000000000650400000000000001000000010000000000000000000000000080000000000000008000000000005CAE010000000000010000000000000006000000080000000000800000000000 "C:\Program Files (x86)\Wondershare\PDFelement\unins000.exe"=0x534143500100000000000000070000002800000035431700000000000300000000000000000001060001000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000272B0000000000000100000001000000 "C:\Program Files\WinZip Driver Updater\Uninstall.exe"=0x5341435001000000000000000700000028000000D066080080AF08000300000000000000000001060001000033504C2B57DFD10100000080000000000200000028000000000000000000000000000000000000000000000000000000C7130000000000000100000001000000 "C:\Program Files (x86)\WinZip Malware Protector\unins000.exe"=0x5341435001000000000000000700000028000000F0361200F25A12000300000000000000000001060001000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000BA080000000000000100000001000000 "C:\Users\julie\Downloads\privatetunnel-win-2.8.exe"=0x53414350010000000000000007000000280000001884D70136F0D70101000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000ABD30000000000000100000001000000 "C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\privatetunnel2.8.2.exe"=0x534143500100000000000000070000002800000000DC3D00000000000100000000000000000003060001000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000001D820400000000000100000001000000 "C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\uninstall.exe"=0x5341435001000000000000000700000028000000777D020036F0D70103000000000000000000000A0021000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000002240000000000000100000001000000 "C:\Users\julie\AppData\Local\Temp\{04B4E235-228B-4438-AEB3-E006576B7081}\.be\TunnelBear-Installer.exe"=0x534143500100000000000000070000002800000018051300260F130001000000000000000000000A0021000033504C2B57DFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000024210000000000000100000001000000 "C:\Users\julie\AppData\Local\Microsoft\OneDrive\17.3.6798.0207\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D88003007F30040001000000000000000000000A0021000033504C2B57DFD1010000000100000000 "C:\Users\julie\Desktop\Dossiers\Etudes\Université\EPFL 16-17\Semestre 2\Analyse numérique\setup.exe"=0x534143500100000000000000070000002800000070B50300ACF4030001000000000000000000000A00210000D5B3B31A57DFD10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000885C0000000000000700000007000000 "C:\Users\julie\Desktop\marche\setup.exe"=0x534143500100000000000000070000002800000070B50300ACF4030001000000000000000000000A00210000D5B3B31A57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000000AFD0E00000000000500000005000000 "C:\Users\julie\AppData\Local\Programs\LNV\Stremio\Uninstall.exe"=0x534143500100000000000000070000002800000073D701005932FE030300000000000000000001060001000033504C2B57DFD10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000000000008000000000000000800000000000FCF30500000000000100000001000000010000000400000001000000 "C:\Program Files (x86)\FreeMind\unins000.exe"=0x534143500100000000000000070000002800000021020B00000000000300000000000000000002060001000033504C2B57DFD1010000000000000000020000002800000000000000000000000002020000000000000000000000000001120000000000000300000003000000 "C:\Program Files\MATLAB\R2016b\bin\matlab.exe"=0x534143500100000000000000070000002800000030A503008B64040001000000000000000000000A71220000DB80FDAC2839D30100000000000000000200000050000000000000000000001000000000000000000000000000000000FA630000000000000100000001000000000000000000000000000000000000000000000000000000B06F5900000000000900000000000000 "C:\Program Files\MATLAB\R2016b\bin\win64\MATLAB.exe"=0x5341435001000000000000000700000028000000186B02005BEC020001000000000000000000000A73220000D5B3B31A57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000089762E06000000000500000005000000 "C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.7909.7600.0_x64__8wekyb3d8bbwe\Office16\OfficeHubWin32.exe"=0x5341435001000000000000000700000028000000C8CA1D0018881E0001000000000000000000000A73200000D5B3B31A57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000DC120000000000000100000001000000 "C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe"=0x5341435001000000000000000700000028000000C8A30900AFA30A0001000000000000000000000AF122000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000FB0C0100000000000100000001000000 "C:\Program Files (x86)\Usenet.nl\Usenet.nl.exe"=0x53414350010000000000000007000000280000000040430000000000010000000000000000000206F102000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000B8750100000000000100000001000000 "C:\Program Files (x86)\Usenet.nl\unins000.exe"=0x534143500100000000000000070000002800000040CF11003A7312000300000000000000000001060001000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000910F0000000000000100000001000000 "C:\Users\julie\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D88203009CF3030001000000000000000000000A0021000033504C2B57DFD1010000000100000000 "C:\Windows\SysWOW64\FlashPlayerApp.exe"=0x5341435001000000000000000700000028000000F8BF0C0032B30D0001000000000000000000000A7122000033504C2B57DFD10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000000000000000000000000000000000000000F9541D00000000000200000002000000 "C:\Users\julie\Downloads\qt-unified-windows-x86-2.0.5-2-online.exe"=0x5341435001000000000000000700000028000000E8AC2501D8E225010100000000000000000003060001000033504C2B57DFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000000FA5601000000000100000001000000 "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe"=0x5341435001000000000000000700000028000000E0759700E487970001000000000000000000000A71220000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000DA0E1600000000000200000002000000 "C:\Users\julie\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D09A0300AA58040001000000000000000000000A7120000033504C2B57DFD1010000000100000000 "C:\Windows\System32\UNPUXWorker.exe"=0x534143500100000000000000070000002800000060570100D7A3010001000000000000000000000A73220000D5B3B31A57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000002F000000000000000200000002000000 "C:\Users\julie\AppData\Local\Microsoft\OneDrive\17.3.6943.0625\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D0960300F48A040001000000000000000000000A7120000033504C2B57DFD1010000000100000000 "C:\Users\julie\AppData\Local\Microsoft\OneDrive\17.3.6943.0625_1\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D0960300F48A040001000000000000000000000A71200000E63F486B2AA0D2010000000100000000 "C:\Users\julie\AppData\Local\Temp\{c8ec7cd1-0766-45c3-ac9b-080b10eb253a}\.be\Subtitles-win-3.2.3.exe"=0x5341435001000000000000000700000028000000883E0E0045170F0001000000000000000000000A00210000E63F486B2AA0D2010000000000000000020000002800000000000000000000400000000000000000000000000000000090AE0000000000000100000001000000 "C:\Users\julie\Downloads\vlc-2.2.6-win32.exe"=0x53414350010000000000000007000000280000000845D8014E15D90101000000000000000000010600010000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000356F0000000000000100000001000000 "C:\Program Files (x86)\Subtitles\Subtitles.exe"=0x5341435001000000000000000700000028000000708A11005491110001000000000000000000000A80210000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000072150200000000000300000003000000 "C:\Users\julie\AppData\Local\Microsoft\OneDrive\17.3.6966.0824\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D0B00300CDA9040001000000000000000000000A71200000E63F486B2AA0D2010000000100000000 "C:\ProgramData\Package Cache\{c8ec7cd1-0766-45c3-ac9b-080b10eb253a}\Subtitles-win-3.2.3.exe"=0x5341435001000000000000000700000028000000883E0E0045170F0003000000000000000000000A00210000E63F486B2AA0D201000000000000000002000000280000000000000000000000000000000000000000000000000000009F170000000000000100000001000000 "C:\Qt\MaintenanceTool.exe"=0x534143500100000000000000070000002800000030AC24010000000003000000000000000000030600010000E63F486B2AA0D20100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000000000008000000000000000800000000000965E0100000000000100000001000000010000000400000001000000 "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\Uninstall.exe"=0x534143500100000000000000070000002800000000E00700F72D080001000000000000000000000A00210000E63F486B2AA0D201000000000000000002000000280000000000000000000040000000000000000000000000000000002B610000000000000100000001000000 "C:\Users\julie\Anaconda3\pythonw.exe"=0x5341435001000000000000000700000028000000006601000000000001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000008E1BED47000000007C0100007C010000 "C:\Users\julie\AppData\Local\Microsoft\OneDrive\OneDrive.exe"=0x5341435001000000000000000700000028000000D08E1900A9781A0001000000000000000000000A00210000E63F486B2AA0D2010000000100000000 "C:\Users\julie\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D0E20300117A040001000000000000000000000A71200000E63F486B2AA0D2010000000100000000 "C:\Program Files (x86)\Java\jre1.8.0_121\bin\javaw.exe"=0x534143500100000000000000070000002800000040EC0200B611030001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000E3E43B00000000000100000001000000 "C:\Program Files\AVAST Software\SZBrowser\launcher.exe"=0x5341435001000000000000000700000028000000202410004701110001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000008000000000000000000000000000000000000000933F0800000000000100000001000000 "C:\Program Files (x86)\Microsoft Office\root\Office16\MSACCESS.EXE"=0x5341435001000000000000000700000028000000C868E800A5BAE80001000000000000000000000A00210000E63F486B2AA0D2010000009100000000 "C:\Users\julie\Desktop\Dossiers\Etudes\College\College 14-15\Physique\GraphicalAnalysis (2015_12_16 10_30_24 UTC).exe"=0x534143500100000000000000070000002800000000002C000000000001000000000000000000010571000000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000200000000000000000000000000FE580300000000000100000001000000 "C:\Users\julie\AppData\Local\WhatsApp\Update.exe"=0x5341435001000000000000000700000028000000008621000000000001000000000000000000000A80210000E63F486B2AA0D201000000800000000002000000280000000000000000000000000000000000000000000000000000007B2ECC03000000001400000014000000 "C:\Users\julie\AppData\Local\Microsoft\OneDrive\17.3.7064.1005\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C80E0400FB47040001000000000000000000000A71200000E63F486B2AA0D2010000000100000000 "C:\Users\julie\AppData\Local\Microsoft\OneDrive\17.3.7073.1013\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C80E0400AEA6040001000000000000000000000A71200000E63F486B2AA0D2010000000100000000 "C:\Users\julie\AppData\Local\Microsoft\OneDrive\17.3.7074.1023\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C80E0400B6AD040001000000000000000000000A71200000E63F486B2AA0D2010000000100000000 "C:\Users\julie\AppData\Local\Microsoft\OneDrive\17.3.7076.1026\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C80E040067ED040001000000000000000000000A71200000E63F486B2AA0D2010000000100000000 "C:\Users\julie\Downloads\texstudio-2.12.6-win-qt5.9.1.exe"=0x5341435001000000000000000700000028000000687EFD01E5AEFD0101000000000000000000000A00210000E63F486B2AA0D201000000000000000002000000500000000000000000000000000000000000000000000000000000003D780A000000000002000000020000000000000000000040000000000000000000000000000000003B2C0100000000000100000000000000 "C:\Users\julie\Downloads\basic-miktex-2.9.6361-x64.exe"=0x53414350010000000000000007000000280000000817F20BE1B8BA0001000000000000000000000A00210000E78E163C2AA0D201000000000000000002000000280000000000000000000040000000000000000000000000000000003D600400000000000100000001000000 "C:\Users\julie\AppData\Local\Programs\MiKTeX 2.9\miktex\bin\x64\yap.exe"=0x5341435001000000000000000700000028000000008213002E3B140001000000000000000000000A00210000E78E163C2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000780E0000000000000100000001000000 "C:\Program Files (x86)\TeXstudio\texstudio.exe"=0x534143500100000000000000070000002800000098B4B6001244B70001000000000000000000000A61200000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000004356A00B00000000CE000000CE000000 "C:\Program Files (x86)\TeXstudio\unins000.exe"=0x534143500100000000000000070000002800000088F80A00CAD00B0001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000DC750000000000000100000001000000 "C:\Program Files (x86)\Texmaker\texmaker.exe"=0x534143500100000000000000070000002800000000948C000000000001000000000000000000000A73220000E78E163C2AA0D201000000000000000002000000280000000000000000000000000000000000000000000000000000008F390000000000000100000001000000 "C:\Users\julie\Downloads\winzip22-lan.exe"=0x5341435001000000000000000700000028000000F0A40B00B9C60B0001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000425F0100000000000100000001000000 "C:\Program Files\Inkscape\inkscape.exe"=0x5341435001000000000000000700000028000000000A06002CC9060001000000000000000000000A63200000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000002CD58602000000001600000016000000 "C:\Users\julie\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"=0x5341435001000000000000000700000028000000C8987B01AC4A7C0101000000000000000000000A00210000E63F486B2AA0D2010000000100000000 "C:\Users\julie\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C89C0300B381040001000000000000000000000A71200000E63F486B2AA0D2010000000100000000 "C:\Users\julie\Downloads\winrar_5-50_en_9632_32.exe"=0x5341435001000000000000000700000028000000B8E71F00EB75200001000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000487E0000000000000200000002000000 "C:\Program Files (x86)\Java\jre1.8.0_121\bin\javacpl.exe"=0x534143500100000000000000070000002800000040120100176B010001000000000000000000010600010000DB80FDAC2839D30100000000000000000200000028000000000000000000000000120000000000000000000000000000381D0100000000000100000001000000 "C:\Users\julie\AppData\Local\Temp\jre-8u151-windows-au.exe"=0x534143500100000000000000070000002800000040541C005DC41C0001000000000000000000000A71220000DB80FDAC2839D3010000000000000000020000002800000000000000000000400000000000000000000000000000000011A50200000000000100000001000000 "C:\Users\julie\Downloads\suite_de_securite_orange.exe"=0x5341435001000000000000000700000028000000682E480B3B04490B01000000000000000000000A00210000DB80FDAC2839D301000000000000000002000000280000000000000000000040000000000000000000000000000000007BB30800000000000100000001000000 "C:\Program Files (x86)\Orange\Orange Security Suite 10.1\avpui.exe"=0x534143500100000000000000070000002800000018560300CE37040001000000000000000000000A00210000DB80FDAC2839D3010000000000000000 "C:\Users\julie\Downloads\ccsetup538.exe"=0x534143500100000000000000070000002800000060ECAA00EC8DAB0001000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000177A0C00000000000100000001000000 "C:\Users\julie\Downloads\mb3-setup-consumer-3.3.1.2183.exe"=0x5341435001000000000000000700000028000000B079AB04D695AB0401000000000000000000000A00210000DB80FDAC2839D3010000000000000000020000002800000000000000000000400000000000000000000000000000000009930000000000000100000001000000 "C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe"=0x5341435001000000000000000700000028000000E0E99400373C950001000000000000000000000A73220000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000069CA4C02000000000300000003000000 "C:\Users\julie\Downloads\FRST64.exe"=0x53414350010000000000000007000000280000000084240038CC240001000000000000000000000A00210000DB80FDAC2839D301000000000000000002000000280000000000000000000040000000000000000000000000000000008E6F0E00000000000100000001000000 "C:\Users\julie\Downloads\MCPR.exe"=0x5341435001000000000000000700000028000000E8193500DE66350001000000000000000000010600010000DB80FDAC2839D3010000000000000000020000002800000000000000000000400000000000000000000000000000000080C80000000000000300000003000000 "C:\Users\julie\Downloads\MCPR (1).exe"=0x5341435001000000000000000700000028000000E8193500DE66350001000000000000000000010600010000DB80FDAC2839D301000000000000000002000000280000000000000000000040000000000000000000000000000000009A101700000000000100000001000000 "C:\Program Files\McAfee Security Scan\uninstall.exe"=0x5341435001000000000000000700000028000000A8C80500D088060001000000000000000000010600010000DB80FDAC2839D3010000000000000000020000002800000000000000000000400000000000000000000000000000000015620000000000000100000001000000 "C:\Users\julie\Downloads\ZHPCleaner.exe"=0x534143500100000000000000070000002800000080D72D00DB932E0001000000000000000000030600010000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000765F1700000000000100000001000000 "C:\Users\julie\AppData\Roaming\ZHP\ZHPCleaner.exe"=0x534143500100000000000000070000002800000080D72D00DB932E0001000000000000000000030600010000DB80FDAC2839D3010000000000000000 "C:\Users\julie\Downloads\ZHPDiag3.exe"=0x5341435001000000000000000700000028000000802F2D00D1582D0001000000000000000000030600010000DB80FDAC2839D3010000000000000000 "C:\Users\julie\AppData\Roaming\ZHP\ZHPDiag3.exe"=0x5341435001000000000000000700000028000000802F2D00D1582D0001000000000000000000030600010000DB80FDAC2839D3010000000000000000020000002800000000000000000000400000000000000000000000000000000017740000000000000100000001000000 "C:\Windows\SysWOW64\msiexec.exe"=0x534143500100000000000000070000002800000000EA0000B165010003000000010000000000030600010000DB80FDAC2839D3010000000000000000 "C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDax2Launcher.exe"=0x5341435001000000000000000700000028000000008600000000000001000000000000000000000A73220000DB80FDAC2839D301000000000000000002000000280000000000000000000000000000000000000000000000000000004BCFF804000000000100000001000000 "C:\Users\julie\Desktop\FRST64.exe"=0x53414350010000000000000007000000280000000084240038CC240001000000000000000000000A00210000DB80FDAC2839D3010000000000000000 "C:\Program Files\Malwarebytes\Anti-Malware\malwarebytes_assistant.exe"=0x5341435001000000000000000700000028000000D09D0B00A80C0C0001000000000000000000000A71220000DB80FDAC2839D3010000000000000000020000002800000000000000000000400000000000000000000000000000000024070000000000000100000001000000 "C:\Users\julie\ZHPDiag3.exe"=0x5341435001000000000000000700000028000000803D2D0014502D0001000000000000000000030600010000DB80FDAC2839D301000000000000000002000000280000000000000000000040000200000000000000000000000000009ECA0B00000000000200000002000000 "C:\Users\julie\AppData\Local\WhatsApp\app-0.2.8000\WhatsApp.exe"=0x5341435001000000000000000700000028000000108FDD044B0EDE0401000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000E13E5500000000000400000004000000 "C:\Users\julie\Downloads\ZHPFix.exe"=0x534143500100000000000000070000002800000000B82E000000000001000000000000000000000A71220000DB80FDAC2839D3010000000000000000020000002800000000000000000000000000000000000000000000000000000095C90100000000000200000002000000 "C:\Users\julie\AppData\Local\Temp\TeamViewer\TeamViewer_.exe"=0x5341435001000000000000000700000028000000F0591C016F331D0101000000000000000000000A00210000DB80FDAC2839D3010000000000000000020000002800000000000000000000400000000000000000000000000000000020340000000000000100000001000000 "C:\Users\julie\Downloads\delfix_1.013.exe"=0x5341435001000000000000000700000028000000402C0C00C2D00C0001000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000A4590100000000000100000001000000 "C:\Users\julie\Downloads\FreeMind-Windows-Installer-0.9.0-min.exe"=0x5341435001000000000000000700000028000000A4F65B000000000001000000000000000000010600010000DB80FDAC2839D3010000000000000000020000002800000000000000000000400000000000000000000000000000000049900000000000000200000002000000 "C:\Program Files (x86)\Java\jre1.8.0_151\bin\javacpl.exe"=0x5341435001000000000000000700000028000000401601006833010001000000000000000000010600010000DB80FDAC2839D30100000000000000000200000028000000000000000000000000100000000000000000000000000000C3510800000000000200000002000000 "C:\Program Files (x86)\Java\jre1.8.0_161\bin\javaw.exe"=0x534143500100000000000000070000002800000040EC02002775030001000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000C23C0500000000000200000002000000 "C:\Users\julie\AppData\Local\Microsoft\OneDrive\17.3.7294.0108\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000A0A203006855040001000000000000000000000A71200000DB80FDAC2839D3010000000100000000 "C:\Program Files\paint.net\PaintDotNet.exe"=0x5341435001000000000000000700000028000000D8641B00EF171C0001000000000000000000000A00210000DB80FDAC2839D3010000000000000000020000002800000000000000000000000000000000000000000000000000000098896500000000000600000006000000 "C:\Users\julie\Downloads\inkscape-0.92.2-x64.exe"=0x53414350010000000000000007000000280000000C70EB030000000001000000000000000000000A00210000DB80FDAC2839D301000000000000000002000000280000000000000000000040000000000000000000000000000000001FBD7F01000000000100000001000000 "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"=0x5341435001000000000000000700000028000000180E120058A0120001000000000000000000000A71220000DB80FDAC2839D301000000000000000002000000280000000000000000000000000000000000000000000000000000001C030000000000000C0000000C000000 "C:\Users\julie\Downloads\winzip22.exe"=0x5341435001000000000000000700000028000000D8A40B0034E10B0001000000000000000000000A00210000DB80FDAC2839D301000000000000000002000000280000000000000000000040000000000000000000000000000000009A650100000000000100000001000000 "C:\Users\julie\AppData\Local\Temp\CloseFAH.exe"=0x5341435001000000000000000700000028000000C84D0100B220020001000000000000000000000A71220000DB80FDAC2839D301000000000000000002000000280000000000000000000000000000000000000000000000000000006D000000000000000200000002000000 "C:\Program Files\WinZip\winzip64.exe"=0x5341435001000000000000000700000028000000C89581052A8C820501000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000097C0600000000000300000003000000 "C:\Program Files\MATLAB\R2016b\uninstall\bin\win64\uninstall.exe"=0x534143500100000000000000070000002800000058D500003D15010001000000000000000000010600010000DB80FDAC2839D301000000000000000002000000280000000000000000000040001000000000000000000000000000009C050700000000000200000002000000 "C:\Users\julie\Downloads\octave-4.2.2-w64-installer.exe"=0x5341435001000000000000000700000028000000B297900CBCAE010001000000000000000000000A00210000DB80FDAC2839D3010000000000000000020000002800000000000000000000400000000000000000000000000000000051550400000000000100000001000000 "C:\Users\julie\AppData\Local\Microsoft\OneDrive\18.025.0204.0009\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000A0AE0300F24D040001000000000000000000000A71200000DB80FDAC2839D3010000000100000000 "C:\ProgramData\Malwarebytes\MBAMService\instlrupdate\mb3-setup-consumer-3.4.4.2398-1.0.322-1.0.4190.exe"=0x534143500100000000000000070000002800000030A71804F040190401000000000000000000000A00210000DB80FDAC2839D301000000000000000002000000280000000000000000000040000000000000000000000000000000007DBE0000000000000100000001000000 "C:\Users\julie\Documents\USBUtil v2.00 French\USBUtil v2.0 Full (French).exe"=0x5341435001000000000000000700000028000000002414000000000001000000000000000000010661200000DB80FDAC2839D301000000000000000002000000280000000000000000000000000000000000000000000000000000008D9D0900000000000200000002000000 "C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe"=0x53414350010000000000000007000000280000002047A300954DA30001000000000000000000000A71220000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000DF0C0700000000000100000001000000 "C:\Users\julie\AppData\Local\Temp\{290697DA-7273-4DCA-89A5-0CAAD21A68BD}\.be\TunnelBear-Installer.exe"=0x5341435001000000000000000700000028000000900C0E00FAE80E0001000000000000000000000A00210000DB80FDAC2839D3010000000000000000020000002800000000000000000000400000000000000000000000000000000097700100000000000100000001000000 "C:\Program Files (x86)\Garmin\Express\express.exe"=0x5341435001000000000000000700000028000000F8439C011A0D9D0101000000000000000000000A71220000DB80FDAC2839D3010000000000000000 "C:\Program Files (x86)\LD DIDACTIC\CASSYLab2\CASSYLab2.exe"=0x534143500100000000000000070000002800000090261701DD74170101000000000000000000000A75220000DB80FDAC2839D3010000000000000000020000002800000000000000000000000000000000000000000000000000000006D2DD01000000000A0000000A000000 "C:\Users\julie\Downloads\Lecteur_Vod_Orange.exe"=0x534143500100000000000000070000002800000018C840009BBA410001000000000000000000030600010000DB80FDAC2839D30100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000A9250000000000000100000001000000 "C:\Users\julie\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000A0E00300017A040001000000000000000000000A00210000DB80FDAC2839D3010000000100000000 "C:\Users\julie\Downloads\Lecteur_Vod_Orange (1).exe"=0x534143500100000000000000070000002800000018C840009BBA410001000000000000000000030600010000DB80FDAC2839D301000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000000000202000000000000000000000000005E1A0000000000000100000001000000 "C:\Octave\Octave-4.2.2\uninstall.exe"=0x5341435001000000000000000700000028000000623D0200BCAE010001000000000000000000000A00210000DB80FDAC2839D3010000000000000000020000002800000000000000000000400000000000000000000000000000000097220100000000000100000001000000 "C:\Users\julie\Downloads\qt-unified-windows-x86-3.0.4-online.exe"=0x534143500100000000000000070000002800000008513201E935330101000000000000000000030600010000DB80FDAC2839D301000000000000000002000000280000000000000000000000000000000000000000000000000000002E2B1900000000000100000001000000 "C:\Users\julie\Downloads\qt-unified-windows-x86-3.0.4-online (1).exe"=0x534143500100000000000000070000002800000008513201E935330101000000000000000000030600010000DB80FDAC2839D301000000000000000002000000280000000000000000000000000000000000000000000000000000003FFF2100000000000100000001000000 "C:\Users\julie\Downloads\qt-unified-windows-x86-3.0.4-online (2).exe"=0x534143500100000000000000070000002800000008513201E935330101000000000000000000030600010000DB80FDAC2839D3010000000000000000020000002800000000000000000000000000000000000000000000000000000070C82100000000000100000001000000 "C:\Users\julie\Downloads\PyQt5-5.6-gpl-Py3.5-Qt5.6.0-x32-2.exe"=0x5341435001000000000000000700000028000000B39EC1020000000001000000000000000000010600010000DB80FDAC2839D3010000000000000000020000002800000000000000000000400000000000000000000000000000000028E90000000000000100000001000000 "C:\Python35\Lib\site-packages\PyQt5\assistant.exe"=0x534143500100000000000000070000002800000000C810000000000001000000000000000000000A71220000DB80FDAC2839D3010000000000000000020000002800000000000000000000000000000000000000000000000000000002460000000000000100000001000000 "C:\Python35\Lib\site-packages\PyQt5\designer.exe"=0x534143500100000000000000070000002800000000F006000000000001000000000000000000000A71220000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000855A0300000000000100000001000000 "C:\Qt\Tools\QtCreator\bin\qtcreator.exe"=0x534143500100000000000000070000002800000000A80C000000000001000000000000000000000A71220000DB80FDAC2839D3010000000000000000020000002800000000000000000000000000000000000000000000000000000006985D00000000000200000002000000 "C:\Program Files\AVAST Software\Avast\AvastUI.exe"=0x5341435001000000000000000700000028000000D832B700222FB80001000000000000000000000A00210000DB80FDAC2839D301000000000000000002000000280000000000000000000000000000000000000000000000000000005E000000000000000100000001000000 "C:\Users\julie\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\OneDriveSetup.exe"=0x5341435001000000000000000700000028000000A0548501FEE6850101000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Users\julie\AppData\Local\Microsoft\OneDrive\18.065.0329.0002_1\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000A0E00300017A040001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Users\julie\Downloads\VPython-Win-32-Py2.7-6.11.exe"=0x5341435001000000000000000700000028000000F75A68020000000001000000000000000000020600010000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000039C70300000000000100000001000000 "C:\Users\julie\Anaconda3\python.exe"=0x5341435001000000000000000700000028000000006C01000000000001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000068010000000000000100000001000000 "C:\Program Files (x86)\FreeMind\Freemind.exe"=0x53414350010000000000000007000000280000005A490300BE0E040001000000000000000000000671000000BFA2139DEDD1D301000000000000000002000000280000000000000000000000001000000000000000000000000000007D14C701000000000100000001000000 "C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE"=0x5341435001000000000000000700000028000000B03C8001812C810101000000000000000000000A00210000BFA2139DEDD1D3010000009100000000 "C:\ProgramData\Malwarebytes\MBAMService\instlrupdate\mb3-setup-consumer-3.5.1.2522-1.0.365-1.0.5292.exe"=0x534143500100000000000000070000002800000048D48F04B690900401000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000DC480100000000000100000001000000 "C:\Users\julie\AppData\Local\Microsoft\OneDrive\18.091.0506.0007\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000A8E003002796040001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Users\julie\AppData\Local\Microsoft\OneDrive\18.111.0603.0006\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000A0F60300D140040001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Users\julie\AppData\Local\Microsoft\OneDrive\18.131.0701.0007\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000A80204003EA4040001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe"=0x5341435001000000000000000700000028000000303206003D2D070001000000010000000000000A73220000BFA2139DEDD1D3010000000000000000 "C:\Users\julie\AppData\Local\Microsoft\OneDrive\18.151.0729.0006\FileSyncConfig.exe"=0x534143500100000000000000070000002800000020F80300EE6C040001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Users\julie\AppData\Local\Microsoft\OneDrive\18.151.0729.0012\FileSyncConfig.exe"=0x534143500100000000000000070000002800000020F30300A795040001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Users\julie\Downloads\octave-4.4.1-w64-installer.exe"=0x53414350010000000000000007000000280000003974E60EFF56010001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000066BE0500000000000300000003000000 "C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.0.118.0_x64__8wekyb3d8bbwe\Microsoft.Notes.DesktopBridge.exe"=0x5341435001000000000000000700000028000000008802000000000001000000000000000000000A73220000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000006F3BFE22000000000600000006000000 "C:\Users\julie\Downloads\microsoft_project_2791783889.exe"=0x5341435001000000000000000700000028000000A03025000000000001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000F9EE0C00000000000100000001000000 "C:\Program Files\McAfee\WebAdvisor\uninstaller.exe"=0x53414350010000000000000007000000280000006860230071DB230001000000000000000000000A73220000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000076CF0000000000000100000001000000 "C:\ProgramData\Package Cache\{107bec2f-7507-4df6-98a6-a8bfea0d5655}\HSS-7.6.5-install-hss-821-siis.exe"=0x5341435001000000000000000700000028000000087610003652110001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000020480100000000000100000001000000 "C:\Users\julie\AppData\Local\{9CF9AAA5-B851-C61D-D5C9-E3F5F1A11F6D}\uninst.exe"=0x5341435001000000000000000700000028000000969200000000000001000000000000000000010600010000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000037250100000000000100000001000000 "C:\ProgramData\Malwarebytes\MBAMService\instlrupdate\mb3-setup-consumer-3.6.1.2711-1.0.463-1.0.7123.exe"=0x53414350010000000000000007000000280000002086D0047C5FD10401000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000002F850300000000000100000001000000 "C:\Users\julie\AppData\Local\Microsoft\OneDrive\18.172.0826.0010\FileSyncConfig.exe"=0x53414350010000000000000007000000280000006010040082C7040001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Users\julie\Desktop\Dossiers\Etudes\Université\Besançon 18-19\Projet Integrateur\uEye64_49100_WHQL.exe"=0x534143500100000000000000070000002800000070BC140FDAD3140F01000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000D3400300000000000100000001000000 "C:\Program Files\IDS\uEye\Program\uEyeCockpit.exe"=0x5341435001000000000000000700000028000000B09762006247630001000000000000000000000A73220000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000008FDD0000000000000100000001000000 "C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.0.119.0_x64__8wekyb3d8bbwe\Microsoft.Notes.DesktopBridge.exe"=0x5341435001000000000000000700000028000000008802000000000001000000000000000000000A73220000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000012739A1D000000000200000002000000 "C:\Users\julie\Desktop\Dossiers\Etudes\Université\Besançon 18-19\TP\TP9\ImageJ\ImageJ.exe"=0x53414350010000000000000007000000280000000006060073EB050001000000000000000000020673000000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000100000000000000000000000000000ABADF601000000000600000006000000 "C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.0.120.0_x64__8wekyb3d8bbwe\Microsoft.Notes.DesktopBridge.exe"=0x5341435001000000000000000700000028000000008802000000000001000000000000000000000A73220000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000FB6FD920000000000100000001000000 "C:\Users\julie\AppData\Local\Microsoft\OneDrive\18.192.0920.0015\FileSyncConfig.exe"=0x534143500100000000000000070000002800000060340400A607050001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Octave\Octave-4.4.1\uninstall.exe"=0x5341435001000000000000000700000028000000E0430200FF56010001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000182A0100000000000100000001000000 "C:\Users\julie\Documents\Matlab Win\MATLAB R2018a\setup.exe"=0x534143500100000000000000070000002800000070F906009565070001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000B2AA4300000000000200000002000000 "C:\Users\julie\AppData\Local\Microsoft\OneDrive\18.212.1021.0008\FileSyncConfig.exe"=0x53414350010000000000000007000000280000002031040026BC040001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.1.46.0_x64__8wekyb3d8bbwe\Microsoft.Notes.DesktopBridge.exe"=0x5341435001000000000000000700000028000000008802000000000001000000000000000000000A73220000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000CE80203F000000000C0000000C000000 "C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.35.76.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe"=0x5341435001000000000000000700000028000000005008000000000001000000000000000000000A73200000BFA2139DEDD1D30100000000000000000200000028000000000000000000001000000000000000000000000000000000A38BF11D000000001700000017000000 "C:\Program Files\MATLAB\R2018a\bin\matlab.exe"=0x5341435001000000000000000700000028000000781305009515050001000000000000000000000A71220000BFA2139DEDD1D3010000000000000000020000002800000000000000000000100000000000000000000000000000000040D15501000000000800000008000000 "C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe"=0x5341435001000000000000000700000028000000006208000000000001000000000000000000000A73200000BFA2139DEDD1D30100000000000000000200000028000000000000000000001000000000000000000000000000000000273F955B000000004800000048000000 "C:\Users\julie\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\FileSyncConfig.exe"=0x534143500100000000000000070000002800000020570400F14C050001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Users\julie\AppData\Local\Microsoft\OneDrive\18.240.1202.0004\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000386B0400903D050001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe"=0x5341435001000000000000000700000028000000008008000000000001000000000000000000000A73200000BFA2139DEDD1D3010000000000000000020000002800000000000000000000100000000000000000000000000000000019010000000000000200000002000000 "C:\Users\julie\AppData\Local\Programs\MiKTeX 2.9\miktex\bin\x64\miktex-texworks.exe"=0x5341435001000000000000000700000028000000005A6C000C406D0001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000052FC0000000000000100000001000000 "C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe"=0x5341435001000000000000000700000028000000008008000000000001000000000000000000000A73200000BFA2139DEDD1D301000000000000000002000000280000000000000000000010000000000000000000000000000000007C05211C000000000900000009000000 "C:\Users\julie\AppData\Local\Microsoft\OneDrive\19.002.0107.0008\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000308104006ACC040001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe"=0x5341435001000000000000000700000028000000008008000000000001000000000000000000000A73200000BFA2139DEDD1D3010000000000000000020000002800000000000000000000100000000000000000000000000000000019010000000000000100000001000000 "C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.222.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe"=0x5341435001000000000000000700000028000000008008000000000001000000000000000000000A73200000BFA2139DEDD1D301000000000000000002000000280000000000000000000010000000000000000000000000000000001541FD29000000000200000002000000 "C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.40.70.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe"=0x5341435001000000000000000700000028000000008008000000000001000000000000000000000A73200000BFA2139DEDD1D3010000000000000000020000002800000000000000000000100000000000000000000000000000000057C6CF47000000000300000003000000 "C:\Users\julie\AppData\Local\Microsoft\OneDrive\19.012.0121.0011\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000308D04008E97040001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.41.54.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe"=0x5341435001000000000000000700000028000000008008000000000001000000000000000000000A73200000BFA2139DEDD1D3010000000000000000020000002800000000000000000000100000000000000000000000000000000033AC2113000000000500000005000000 "C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\LocalBridge.exe"=0x534143500100000000000000070000002800000048B600006317010001000000000000000000000A73220000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000089320000000000000700000007000000 "C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.42.60.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe"=0x5341435001000000000000000700000028000000007E08000000000001000000000000000000000A73200000BFA2139DEDD1D30100000000000000000200000028000000000000000000001000000000000000000000000000000000600C5616000000000400000004000000 "C:\Users\julie\AppData\Local\Microsoft\OneDrive\19.033.0218.0011\FileSyncConfig.exe"=0x534143500100000000000000070000002800000060AA0400777F050001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\ProgramData\Malwarebytes\MBAMService\instlrupdate\mb3-setup-consumer-3.7.1.2839-1.0.538-1.0.9074.exe"=0x53414350010000000000000007000000280000004047D5031683D50301000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000D3260300000000000100000001000000 "C:\Program Files (x86)\TunnelBear\TunnelBear.UI.Launcher.exe"=0x5341435001000000000000000700000028000000003601000000000001000000000000000000000A71220000BFA2139DEDD1D30100000000000000000200000028000000000000008000000000000000000000000000000000000000E62B5800000000000400000004000000 "C:\Users\julie\Downloads\Lecteur_Vod_Orange (2).exe"=0x534143500100000000000000070000002800000060D04000E33B410001000000000000000000030600010000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000020200000000000000000000000000BE374100000000000200000002000000 "C:\Users\julie\Downloads\Silverlight_x64.exe"=0x534143500100000000000000070000002800000038B3C80003E4C80001000000000000000000010571000000BFA2139DEDD1D301000000000000000002000000280000000000000080010000000000000000000000000000000000002C400200000000000100000001000000 "C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\Silverlight.Configuration.exe"=0x5341435001000000000000000700000028000000889E03005FB7030001000000000000000000000A71220000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000310A0000000000000100000001000000 "C:\Program Files (x86)\VSTax 2017\vstax2017.exe"=0x534143500100000000000000070000002800000078190100B2CE010001000000000000000000020671000000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000100000000000000000000000000000490E0701000000000200000002000000 "C:\Program Files (x86)\InstallShield Installation Information\{0DEAF472-5D5C-4489-B7C4-F01E139A67B9}\setup.exe"=0x5341435001000000000000000700000028000000000A12000000000001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000016270200000000000100000001000000 "C:\Users\julie\AppData\Local\Microsoft\OneDrive\19.043.0304.0007\FileSyncConfig.exe"=0x534143500100000000000000070000002800000030AF0400A4BA040001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Users\julie\Downloads\NordVPNSetup.exe"=0x5341435001000000000000000700000028000000D896C20029F3C20001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000A35A0000000000000100000001000000 "C:\Program Files (x86)\NordVPN\NordVPN.exe"=0x5341435001000000000000000700000028000000D01B22005F45220001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000081020000000000000200000002000000 "C:\ProgramData\Caphyon\Advanced Installer\{5A4DEE6B-B4FE-4888-9D3F-BF104523FE56}\NordVPNSetup.exe"=0x5341435001000000000000000700000028000000D896C20029F3C20001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000004A950000000000000100000001000000 "C:\Program Files (x86)\TeamViewer\uninstall.exe"=0x5341435001000000000000000700000028000000F0B30D006BA50E0001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000 "C:\Users\julie\Downloads\psiphon3.exe"=0x534143500100000000000000070000002800000070A85F00A2AA5F0001000000000000000000000A71220000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000008784D00000000000100000001000000 "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe"=0x5341435001000000000000000700000028000000C8B00E006A730F0001000000000000000000000600010000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000002241CC01000000002A0000002A000000 "C:\Program Files (x86)\VSTax 2018\vstax2018.exe"=0x5341435001000000000000000700000028000000D019010096C6010001000000000000000000020671000000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000010000000000000000000000000000091E23100000000000200000002000000 "C:\Users\julie\AppData\Local\Microsoft\OneDrive\19.062.0331.0006\FileSyncConfig.exe"=0x534143500100000000000000070000002800000060BC0400AE33050001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Users\julie\Downloads\video-converter-ultimate.exe"=0x534143500100000000000000070000002800000008148102E878810201000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000004E6A0100000000000100000001000000 "C:\Program Files (x86)\AnyMP4 Studio\AnyMP4 Video Converter Ultimate\unins000.exe"=0x534143500100000000000000070000002800000090C31D00BE3A1E0001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000621C0000000000000100000001000000 "C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE"=0x534143500100000000000000070000002800000050CE1C005EE01C0001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Users\julie\AppData\Local\Microsoft\OneDrive\19.070.0410.0005\FileSyncConfig.exe"=0x534143500100000000000000070000002800000060BC04002A69050001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Program Files (x86)\WinRAR\Uninstall.exe"=0x5341435001000000000000000700000028000000D88805004A66060001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000096010000000000000100000001000000 "C:\Users\julie\AppData\Roaming\uTorrent\uTorrent.exe"=0x5341435001000000000000000700000028000000E8741E00F6D31E0001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000BD050000000000000200000002000000 "C:\Users\julie\AppData\Local\Microsoft\OneDrive\19.070.0410.0007\FileSyncConfig.exe"=0x534143500100000000000000070000002800000060BC0400100C050001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Users\julie\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\FileSyncConfig.exe"=0x534143500100000000000000070000002800000038C904002188050001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE"=0x534143500100000000000000070000002800000030F99102B9F7920201000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE"=0x534143500100000000000000070000002800000050001E0030811E0001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Users\julie\AppData\Local\Microsoft\OneDrive\19.103.0527.0003\FileSyncConfig.exe"=0x534143500100000000000000070000002800000078D404009BC1050001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Users\julie\AppData\Roaming\Spotify\Spotify.exe"=0x5341435001000000000000000700000028000000A07F86018AB2860101000000000000000000000A00210000BFA2139DEDD1D3010000000000000000 "C:\Program Files\WindowsApps\AppleInc.iTunes_12095.7.41059.0_x64__nzyj5cx40ttqa\iTunes.exe"=0x534143500100000000000000070000002800000038655602FDC4560201000000000000000000000A00210000BFA2139DEDD1D3010000000000000000 "C:\Program Files\WindowsApps\AppleInc.iTunes_12095.7.41059.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe"=0x534143500100000000000000070000002800000038770100FCBF010001000000000000000000000A73220000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000D4236C27000000000100000001000000 "C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe"=0x53414350010000000000000007000000280000002032AA00C259AA0001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000003719601000000001200000012000000 "C:\Users\julie\Desktop\VisualBoyAdvance-M.exe"=0x5341435001000000000000000700000028000000006E14000000000001000000000000000000000A71220000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000830C0000000000000100000001000000 "C:\Users\julie\Desktop\VisualBoyAdvance.exe"=0x534143500100000000000000070000002800000050201E000000000001000000000000000000010571200000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000040000000000000000000000000000FF296708000000001B0000001B000000 "C:\Users\julie\Downloads\Pokemon Rouge Feu (F)(Rising Sun)_0878744190.exe"=0x5341435001000000000000000700000028000000A50424000000000001000000000000000000010600010000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000565F0000000000000100000001000000 "C:\Program Files (x86)\WinRAR\WinRAR.exe"=0x5341435001000000000000000700000028000000D8082200B34F220001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000265D5308000000000400000004000000 "C:\Users\julie\AppData\Local\Temp\Pokemon Rouge Feu (F)(Rising Sun)_0878744190.exe"=0x5341435001000000000000000700000028000000A50424000000000001000000000000000000010600010000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000004F010200000000000100000001000000 "C:\Program Files (x86)\Segurazo\SegurazoUninstaller.exe"=0x5341435001000000000000000700000028000000681613002668130001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000050000000000000000000000000000000000000000000000000000000805F01000000000001000000010000000000000000000040000000000000000000000000000000001E850000000000000400000000000000 "C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe"=0x534143500100000000000000070000002800000038770100FCBF010001000000000000000000000A73220000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000105D2319000000001100000011000000 "C:\ProgramData\Malwarebytes\MBAMService\instlrupdate\mb3-setup-consumer-3.8.3.2965-1.0.613-1.0.11270.exe"=0x5341435001000000000000000700000028000000E8A7D5039381D60301000000000000000000000A00210000BFA2139DEDD1D3010000000000000000 "C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe"=0x5341435001000000000000000700000028000000F0B41B0076591C0001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000 "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"=0x5341435001000000000000000700000028000000F09D19005A5B1A0001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000A3040000000000000200000002000000 "C:\Users\julie\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"=0x5341435001000000000000000700000028000000782204026D68040201000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Users\julie\AppData\Local\Microsoft\OneDrive\19.123.0624.0005\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000788C05000898050001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Program Files\BlueStacks\BlueStacksUninstaller.exe"=0x5341435001000000000000000700000028000000083C060041DB060001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000007A910500000000000100000001000000 "C:\Users\julie\AppData\Local\WhatsApp\WhatsApp.exe"=0x5341435001000000000000000700000028000000B03B0A00F2E40A0001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000028DB2200000000000600000006000000 "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"=0x5341435001000000000000000700000028000000304227007781270001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000 "C:\ProgramData\EnigmaSoft Limited\sh5_installer.exe"=0x53414350010000000000000007000000280000003019680086BC680001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000050000001000000000000000000000000000000000000000020000005000000000000000000000400000000000000000000000000000000081C70B0000000000050000000200000000000000000000000000000000000000000000000000000088F40200000000000200000000000000 "C:\Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exe"=0x534143500100000000000000070000002800000030A19400A0AC940001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000003F000000000000000400000004000000 "C:\Program Files\CCleaner\CCleaner64.exe"=0x534143500100000000000000070000002800000058AD58015622590101000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000006D000000000000000200000002000000 "C:\Users\julie\Downloads\adwcleaner_7.4.exe"=0x5341435001000000000000000700000028000000C854740054F0740001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000F98F0700000000000200000002000000 "C:\Users\julie\Downloads\QuickDiag.exe"=0x534143500100000000000000070000002800000098F74E00B9194F0001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000 ---------- | IFEO ---------- | Mountpoints2 ---------- | Windows [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] ""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "Beep"=#USR:Control Panel\Sound "CoolSwitch"=USR:Control Panel\Desktop "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickSpeed"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse "Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SwapMouseButtons"=#USR:Control Panel\Mouse "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "Beep"=#USR:Control Panel\Sound "CoolSwitch"=USR:Control Panel\Desktop "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickSpeed"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SwapMouseButtons"=#USR:Control Panel\Mouse "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems] "windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ---------- | Security center [HKLM\SOFTWARE\Microsoft\Security Center] "cval"=1 [HKLM\SOFTWARE\Microsoft\Security Center\svc] "VistaSp1"=131727913830130934 [HKLM\SOFTWARE\Microsoft\Windows Defender] "ProductAppDataPath"=C:\ProgramData\Microsoft\Windows Defender "ProductIcon"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-100 "ProductLocalizedName"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-1000 "RemediationExe"=%ProgramFiles%\Windows Defender\MSASCui.exe "DisableAntiSpyware"=1 "TrustedImageIdentifier"=5B115FA4-5697-4EF7-9442-0C222680979F "ProductType"=2 "ManagedDefenderProductType"=0 "ProductStatus"=0 "InstallTime"=0x20A270C9E828D101 "DisableAntiVirus"=1 "OOBEInstallTime"=0xF09D05697E99D101 "InstallLocation"=C:\Program Files\Windows Defender\ "LastEnabledTime"=0xDD25F0F9E7BAD401 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall"=1 ---------- | Safeboot [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioSrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicDisplay.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicRender.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BrokerInfrastructure] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DeviceInstall] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dxgkrnl.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FsDepends.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudBus.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LSM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SerCx2.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SystemEventsBroker] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\usbaudio.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AudioEndpointBuilder] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AudioSrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicDisplay.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicRender.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BrokerInfrastructure] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DeviceInstall] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dxgkrnl.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\FsDepends.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HdAudAddService.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HdAudBus.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LSM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetSetupSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SerCx2.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmartcardSimulator] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SpbCx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SystemEventsBroker] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\uefi.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\usbaudio.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VirtualSmartcardReader] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wcmsvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96C-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}] ---------- | Winsock (Whitelist) ---------- | Hosts [78] More lines ---------- | Ping Envoi d'une requ?te 'ping' sur google.com [216.58.215.238] avec 32 octets de donn?es?: R?ponse de 216.58.215.238?: octets=32 temps=7 ms TTL=56 R?ponse de 216.58.215.238?: octets=32 temps=8 ms TTL=56 R?ponse de 216.58.215.238?: octets=32 temps=9 ms TTL=56 R?ponse de 216.58.215.238?: octets=32 temps=8 ms TTL=56 Statistiques Ping pour 216.58.215.238: Paquets?: envoy?s = 4, re?us = 4, perdus = 0 (perte 0%), Dur?e approximative des boucles en millisecondes : Minimum = 7ms, Maximum = 9ms, Moyenne = 8ms ---------- | @ [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\Microsoft\Internet Explorer\Main] "Anchor Underline"=yes "Cache_Update_Frequency"=yes "Disable Script Debugger"=yes "DisableScriptDebuggerIE"=yes "Display Inline Images"=yes "Do404Search"=0x01000000 "Local Page"=%11%\blank.htm "Save_Session_History_On_Exit"=no "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Show_FullURL"=no "Show_StatusBar"=yes "Show_ToolBar"=yes "Show_URLinStatusBar"=yes "Show_URLToolBar"=yes "Use_DlgBox_Colors"=yes "UseClearType"=no "XMLHTTP"=1 "Enable Browser Extensions"=yes "Play_Background_Sounds"=yes "Play_Animations"=yes "Default_Page_URL"=http://lenovo15.msn.com/?pc=LCTE "DisableFirstRunCustomize"=3 "Secondary Start Pages"=http://mystart.lenovo.com "Default_Secondary_Page_URL"=http://mystart.lenovo.com "ApplicationTileImmersiveActivation"=0 "AssociationActivationMode"=2 "ImageStoreRandomFolder"=m5iasw3 "OperationalData"=12 "EdgeSwitchingOSBuildNumber"=10586.th2_release_sec.160422-1850 "FormSuggest Passwords"=no "FormSuggest PW Ask"=no "CompatibilityFlags"=0 "FullScreen"=no "Window_Placement"=0x2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF4700000047000000870600002F040000 "Start Page_TIMESTAMP"=0x9C82766C0DBAD101 "SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy"=0x0100000024000000D884CD945304FB1728D5D75FE816B1027398020D0260D174158F32C45E256B6AEC218A74020000000E0000003259317156557241715973253364 "IE10RunOnceLastShown"=1 "IE10RunOnceLastShown_TIMESTAMP"=0x78ED97482286D201 "Start Page"=https://id.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wsg_nptdwxol_19_30_ssg01¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Did%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0AyCtAyE0DzyyE0ByCzzyDyCtAtDyC0AtN0D0Tzu0StByByCtAtN1L2XzuyEtFyDtCtFtDtFtCzytAtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StCyE0FtA0CtC0DzztGtC0CyCyBtG0FyE0EzztGyCzztA0AtGtC0EtCzyyEtCyByB0F0EzztC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EyCzzyEtB0E0ByBtGyCtC0F0BtGyE0ByD0DtGzytCyDtAtG0A0FtB0DtD0AtDtAtC0ByByC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutBtBtCyDzytN1Q2Z1B1P1RzutCyDyCyEtCyDyEzyyEyC%26cr%3D511794258%26a%3Dwsg_nptdwxol_19_30_ssg01%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome "SearchBandMigrationVersion"=1 [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\Microsoft\Windows\CurrentVersion\Internet settings] "DisableCachingOfSSLPages"=0 "IE5_UA_Backup_Flag"=5.0 "PrivacyAdvanced"=1 "SecureProtocols"=2688 "CertificateRevocation"=1 "User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32) "ZonesSecurityUpgrade"=0x1DB5520FD3FDD301 "WarnonZoneCrossing"=0 "EnableNegotiate"=1 "MigrateProxy"=1 "ProxyEnable"=0 "LockDatabase"=132110345464149128 [HKLM\Software\Microsoft\Internet Explorer\Main] "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "AutoHide"=yes "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Anchor_Visitation_Horizon"=0x01000000 "Cache_Percent_of_Disk"=0x0A000000 "Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Secondary_Page_URL"= "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "Extensions Off Page"=about:NoAdd-ons "Local Page"=C:\Windows\System32\blank.htm "Placeholder_Height"=0x1A000000 "Placeholder_Width"=0x1A000000 "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Security Risk Page"=about:SecurityRisk "Use_Async_DNS"=yes "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE "DisableRandomFlighting"=0 "EnableLegacyEdgeSwitching"=1 "TabProcGrowth"=Medium [HKLM\Software\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "Home"=270 "InPrivate"=res://ieframe.dll/inprivate.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "PostNotCached"=res://ieframe.dll/repost.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes] "ftp"=ftp:// "home"=http:// "mosaic"=http:// "www"=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings] "ActiveXCache"=C:\Windows\Downloaded Program Files "CodeBaseSearchPath"=CODEBASE "EnablePunycode"=1 "MinorVersion"=0 "WarnOnIntranet"=1 [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Main] "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "AutoHide"=yes "Start Page"=https://id.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wsg_nptdwxol_19_30_ssg01¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Did%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0AyCtAyE0DzyyE0ByCzzyDyCtAtDyC0AtN0D0Tzu0StByByCtAtN1L2XzuyEtFyDtCtFtDtFtCzytAtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StCyE0FtA0CtC0DzztGtC0CyCyBtG0FyE0EzztGyCzztA0AtGtC0EtCzyyEtCyByB0F0EzztC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EyCzzyEtB0E0ByBtGyCtC0F0BtGyE0ByD0DtGzytCyDtAtG0A0FtB0DtD0AtDtAtC0ByByC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutBtBtCyDzytN1Q2Z1B1P1RzutCyDyCyEtCyDyEzyyEyC%26cr%3D511794258%26a%3Dwsg_nptdwxol_19_30_ssg01%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome "Anchor_Visitation_Horizon"=0x01000000 "Cache_Percent_of_Disk"=0x0A000000 "Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Secondary_Page_URL"= "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "Extensions Off Page"=about:NoAdd-ons "Local Page"=C:\Windows\SysWOW64\blank.htm "Placeholder_Height"=0x1A000000 "Placeholder_Width"=0x1A000000 "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Security Risk Page"=about:SecurityRisk "Use_Async_DNS"=yes "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "Home"=270 "InPrivate"=res://ieframe.dll/inprivate.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "PostNotCached"=res://ieframe.dll/repost.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes] "ftp"=ftp:// "home"=http:// "mosaic"=http:// "www"=http:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet settings] "ActiveXCache"=C:\Windows\Downloaded Program Files "CodeBaseSearchPath"=CODEBASE "EnablePunycode"=1 "MinorVersion"=0 "WarnOnIntranet"=1 ---------- | Proxy ---------- | reparsepoint ---------- | Detection of offsets ---------- | Notify ---------- | Execution FileExts ---------- | SIOI | SEH | URLSH [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6] - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7] - {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw] - {472083B0-C522-11CF-8763-00608CC02F24} -- C:\Program Files\AVAST Software\Avast\ashShell.dll [23/08/2019 14:47:50] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast] - {472083B0-C522-11CF-8763-00608CC02F24} -- C:\Program Files\AVAST Software\Avast\ashShell.dll [23/08/2019 14:47:50] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} -- C:\Windows\System32\EhStorShell.dll [12/04/2018 01:34:24] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6] - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7] - {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} -- [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks] "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"= ---------- | Toolbar [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "Locked"=1 [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={2f23ab71-4ac6-41f2-a955-ea576e553146} "KnownProvidersUpgradeTime"=0x1DB5520FD3FDD301 "Version"=5 "UpgradeTime"=0x1DB5520FD3FDD301 "ShowSearchSuggestionsInAddressGlobal"=1 [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={1D50472C-736E-44D5-80A7-360163C858C9} [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Toolbar] "{4BAAC1B8-0800-42C9-8FA6-08B211F356B8}"=True Key [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={1D50472C-736E-44D5-80A7-360163C858C9} ---------- | Extensions [HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}] : (Se&nd to OneNote) - [] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] : (Lync Click to Call) - [] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}] : (OneNote Lin&ked Notes) - [] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}] : (Se&nd to OneNote) - [] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] : (Lync Click to Call) - [] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}] : (OneNote Lin&ked Notes) - [] ---------- | SearchScopes [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (Bing) - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 : [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1D50472C-736E-44D5-80A7-360163C858C9}] - (Bing) - http://www.bing.com/search?q={searchTerms}&form=PRLNC1&src=IE11TR&pc=LCTE : [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}] - (Search Powered by Yahoo!) - https://id.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wsg_nptdwxol_19_30_ssg01¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Did%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0AyCtAyE0DzyyE0ByCzzyDyCtAtDyC0AtN0D0Tzu0StByByCtAtN1L2XzuyEtFyDtCtFtDtFtCzytAtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StCyE0FtA0CtC0DzztGtC0CyCyBtG0FyE0EzztGyCzztA0AtGtC0EtCzyyEtCyByB0F0EzztC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EyCzzyEtB0E0ByBtGyCtC0F0BtGyE0ByD0DtGzytCyDtAtG0A0FtB0DtD0AtDtAtC0ByByC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutBtBtCyDzytN1Q2Z1B1P1RzutCyDyCyEtCyDyEzyyEyC%26cr%3D511794258%26a%3Dwsg_nptdwxol_19_30_ssg01%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms} : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1D50472C-736E-44D5-80A7-360163C858C9}] - (Bing) - http://www.bing.com/search?q={searchTerms}&form=PRLNC1&src=IE11TR&pc=LCTE : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{1D50472C-736E-44D5-80A7-360163C858C9}] - (Bing) - http://www.bing.com/search?q={searchTerms}&form=PRLNC1&src=IE11TR&pc=LCTE : ---------- | Browser Helper Objects [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] -> (Skype for Business Browser Helper) : C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [05/05/2016 23:28:55] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0F4B8786-5502-4803-8EBC-F652A1153BB6}] -> (True Key Helper) : C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [15/07/2016 15:10:30] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] -> (Skype for Business Browser Helper) : C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [05/05/2016 23:28:55] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] -> (Java(tm) Plug-In SSV Helper) : C:\Program Files (x86)\Java\jre1.8.0_201\bin\ssv.dll [04/06/2019 08:16:37] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] -> (Java(tm) Plug-In 2 SSV Helper) : C:\Program Files (x86)\Java\jre1.8.0_201\bin\jp2ssv.dll [04/06/2019 08:16:37] ---------- | Chrome C:\Users\julie\AppData\Local\Google\Chrome\User Data\Default\extensions\aapocclcgogkmnckokdopfmhonfmgoek = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\julie\AppData\Local\Google\Chrome\User Data\Default\extensions\aohghmighlieiainnegkcijnfilokake = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\julie\AppData\Local\Google\Chrome\User Data\Default\extensions\apdfllckaahabafndbhieahigkjlhalf = : Google & co - https://drive.google.com/?usp=chrome_app - Google & co - [http://docs.google.com/http://drive.google.com/https://docs.google.com/https://drive.google.com/] - https://clients2.google.com/service/update2/crx C:\Users\julie\AppData\Local\Google\Chrome\User Data\Default\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo = : Google & co - http://www.youtube.com - http://www.youtube.com - Google & co - http://clients2.google.com/service/update2/crx C:\Users\julie\AppData\Local\Google\Chrome\User Data\Default\extensions\cfhdojbkjhnklbpkdaibdccddilifddb = : __MSG_description__ - short_name: __MSG_name__ - permissions:[tabs\u003Call_urls>contextMenuswebRequestwebRequestBlockingwebNavigationstorageunlimitedStoragenotifications] - https://clients2.google.com/service/update2/crx C:\Users\julie\AppData\Local\Google\Chrome\User Data\Default\extensions\eedlgdlajadkbbjoobobefphmfkcchfk = : __MSG_store_shortdesc_new__ - __MSG_store_title_new__ - https://clients2.google.com/service/update2/crx C:\Users\julie\AppData\Local\Google\Chrome\User Data\Default\extensions\eiimnmioipafcokbfikbljfdeojpcgbh = : Google & co - Google & co - permissions:[tabswebNavigation\u003Call_urls>cookiesmanagementnotificationscontextMenuswebRequestwebRequestBlockingunlimitedStoragestoragegcm] - https://clients2.google.com/service/update2/crx C:\Users\julie\AppData\Local\Google\Chrome\User Data\Default\extensions\eofcbnmajmjmplflapaojjnihcjkigck = : __MSG_avastAppDesc__ - __MSG_avastAppShortName__ - https://clients2.google.com/service/update2/crx C:\Users\julie\AppData\Local\Google\Chrome\User Data\Default\extensions\felcaaldnbdncclmgdcncolpebgiejap = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\julie\AppData\Local\Google\Chrome\User Data\Default\extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi = : __MSG_extDesc__ - __MSG_extName__ - https://clients2.google.com/service/update2/crx C:\Users\julie\AppData\Local\Google\Chrome\User Data\Default\extensions\gomekmidlodglbbmalcneegieacbdmki = : Avast Browser Security and Web Reputation Plugin. - Avast Online Security - matches:[\u003Call_urls>] - https://clients2.google.com/service/update2/crx C:\Users\julie\AppData\Local\Google\Chrome\User Data\Default\extensions\nmmhkkegccagdldgiimedpiccmgmieda = : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx C:\Users\julie\AppData\Local\Google\Chrome\User Data\Default\extensions\pilplloabdedfmialnfchjomjmpjcoej = : This extensions lets you to easily switch between search engines directly from the new tab page - Search Manager - permissions:[\u003Call_urls>managementstoragecookiestabswebRequestwebRequestBlockingunlimitedStoragecontextMenusbookmarkstopSites] - https://clients2.google.com/service/update2/crx C:\Users\julie\AppData\Local\Google\Chrome\User Data\Default\extensions\pjkljhegncpnkpknbcohdijeoejaedia = : Google & co - https://mail.google.com/mail - Google & co - [*://mail.google.com/mail] - https://clients2.google.com/service/update2/crx C:\Users\julie\AppData\Local\Google\Chrome\User Data\Default\extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm = : Provider for discovery and services for mirroring of Chrome Media Router - Chrome Media Router - 919648714761-55j965o0km033psv3i9qls5mo3qtdrb0.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\Google\Chrome\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce] [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej] [HKLM\Software\WOW6432Node\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj] [HKLM\Software\WOW6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck] [HKLM\Software\WOW6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki] ---------- | Opera ---------- | Firefox [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\MozillaPlugins\@chbrowserupdate.com/Chromium Update;version=3] - (Chromium Update) : C:\Users\julie\AppData\Local\Chromium\Update\1.3.99.0\npChromiumUpdate3.dll [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\MozillaPlugins\@chbrowserupdate.com/Chromium Update;version=9] - (Chromium Update) : C:\Users\julie\AppData\Local\Chromium\Update\1.3.99.0\npChromiumUpdate3.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@chbrowserupdate.com/Chromium Update;version=3] - (Chromium Update) : C:\Program Files (x86)\Chromium\Update\1.3.99.0\npChromiumUpdate3.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@chbrowserupdate.com/Chromium Update;version=9] - (Chromium Update) : C:\Program Files (x86)\Chromium\Update\1.3.99.0\npChromiumUpdate3.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.201.2] - (Java™ Deployment Toolkit) : C:\Program Files (x86)\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.201.2] - (Oracle® Next Generation Java™ Plug-In) : C:\Program Files (x86)\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0] - (Microsoft Lync Plug-in for Firefox) : C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0] - (Microsoft SharePoint Plug-in for Firefox) : C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [HKLM\Software\WOW6432Node\MozillaPlugins\Adobe Reader] - (Handles PDFs in-place in Firefox) : C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll ---------- | DNS [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters] "DhcpNameServer"=192.168.1.1 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{414c2ede-048b-4b91-b319-23ec9748f7fe}] "DhcpNameServer"=172.18.10.1 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{665c0a56-c4e9-4498-88bf-8374c9647bf5}] "DhcpNameServer"=150.206.1.3 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{7b8b795b-6964-4296-a1af-ff45570bc3da}] "DhcpNameServer"=192.168.1.1 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{aa035553-a7a8-4fbb-83ab-b4b5bc060e44}] "DhcpNameServer"=192.168.42.129 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{ade15d45-4c01-4f65-b41f-f1134997e6dc}] "DhcpNameServer"=192.168.42.129 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{d2f1e3d3-b074-41a6-880e-627b3686ba64}] "DhcpNameServer"=172.18.13.1 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{eb75e059-bd4e-4819-ba85-1e939802089a}] "DhcpNameServer"=172.18.10.1 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{414c2ede-048b-4b91-b319-23ec9748f7fe}] "DhcpNameServer"=172.18.10.1 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{665c0a56-c4e9-4498-88bf-8374c9647bf5}] "DhcpNameServer"=150.206.1.3 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{7b8b795b-6964-4296-a1af-ff45570bc3da}] "DhcpNameServer"=192.168.1.1 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{aa035553-a7a8-4fbb-83ab-b4b5bc060e44}] "DhcpNameServer"=192.168.42.129 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{ade15d45-4c01-4f65-b41f-f1134997e6dc}] "DhcpNameServer"=192.168.42.129 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{d2f1e3d3-b074-41a6-880e-627b3686ba64}] "DhcpNameServer"=172.18.13.1 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{eb75e059-bd4e-4819-ba85-1e939802089a}] "DhcpNameServer"=172.18.10.1 ---------- | Applications [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\SOFTWARE\Classes\Applications\geany.exe] : "C:\Program Files (x86)\Geany\bin\geany.exe" "%1" [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\SOFTWARE\Classes\Applications\inkscape.exe] : "C:\Program Files\Inkscape\inkscape.exe" "%1" [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\SOFTWARE\Classes\Applications\pythonw.exe] : "C:\Users\julie\Anaconda3\pythonw.exe" "%1" [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\SOFTWARE\Classes\Applications\QtProject.QtCreator.c] : C:\Qt\\Tools\QtCreator\bin\qtcreator.exe -client "%1" [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\SOFTWARE\Classes\Applications\QtProject.QtCreator.c++] : C:\Qt\\Tools\QtCreator\bin\qtcreator.exe -client "%1" [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\SOFTWARE\Classes\Applications\QtProject.QtCreator.cc] : C:\Qt\\Tools\QtCreator\bin\qtcreator.exe -client "%1" [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\SOFTWARE\Classes\Applications\QtProject.QtCreator.cp] : C:\Qt\\Tools\QtCreator\bin\qtcreator.exe -client "%1" [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\SOFTWARE\Classes\Applications\QtProject.QtCreator.cpp] : C:\Qt\\Tools\QtCreator\bin\qtcreator.exe -client "%1" [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\SOFTWARE\Classes\Applications\QtProject.QtCreator.cxx] : C:\Qt\\Tools\QtCreator\bin\qtcreator.exe -client "%1" [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\SOFTWARE\Classes\Applications\QtProject.QtCreator.h] : C:\Qt\\Tools\QtCreator\bin\qtcreator.exe -client "%1" [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\SOFTWARE\Classes\Applications\QtProject.QtCreator.h++] : C:\Qt\\Tools\QtCreator\bin\qtcreator.exe -client "%1" [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\SOFTWARE\Classes\Applications\QtProject.QtCreator.hh] : C:\Qt\\Tools\QtCreator\bin\qtcreator.exe -client "%1" [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\SOFTWARE\Classes\Applications\QtProject.QtCreator.hpp] : C:\Qt\\Tools\QtCreator\bin\qtcreator.exe -client "%1" [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\SOFTWARE\Classes\Applications\QtProject.QtCreator.hxx] : C:\Qt\\Tools\QtCreator\bin\qtcreator.exe -client "%1" [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\SOFTWARE\Classes\Applications\QtProject.QtCreator.pri] : C:\Qt\\Tools\QtCreator\bin\qtcreator.exe -client "%1" [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\SOFTWARE\Classes\Applications\QtProject.QtCreator.pro] : C:\Qt\\Tools\QtCreator\bin\qtcreator.exe -client "%1" [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\SOFTWARE\Classes\Applications\QtProject.QtCreator.qbs] : C:\Qt\\Tools\QtCreator\bin\qtcreator.exe -client "%1" [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\SOFTWARE\Classes\Applications\QtProject.QtCreator.qml] : C:\Qt\\Tools\QtCreator\bin\qtcreator.exe -client "%1" [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\SOFTWARE\Classes\Applications\QtProject.QtCreator.qs] : C:\Qt\\Tools\QtCreator\bin\qtcreator.exe -client "%1" [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\SOFTWARE\Classes\Applications\QtProject.QtCreator.ui] : C:\Qt\\Tools\QtCreator\bin\qtcreator.exe -client "%1" [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\SOFTWARE\Classes\Applications\uTorrent.exe] : "%APPDATA%\uTorrent\uTorrent.exe" "%1" [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\SOFTWARE\Classes\Applications\WhatsApp.exe] : "C:\Users\julie\AppData\Local\WhatsApp\WhatsApp.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 [HKLM\SOFTWARE\Classes\Applications\MSOXMLED.EXE] : "C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE" "%1" [HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\Classes\Applications\provtool.exe] : "%SystemRoot%\System32\provtool.exe" "%1" /source ShellOpen [HKLM\SOFTWARE\Classes\Applications\vlc.exe] : "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file "%1" [HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\MSOXMLED.EXE] : "C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\provtool.exe] : "%SystemRoot%\System32\provtool.exe" "%1" /source ShellOpen [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\vlc.exe] : "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" ---------- | SvcHost (Whitelist) [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost] "DcomLaunch"=Power LSM BrokerInfrastructure PlugPlay DcomLaunch DeviceInstall SystemEventsBroker "rdxgroup"=RetailDemo "wusvcs"=WaaSMedicSvc "BthAppGroup"=BluetoothUserService "BcastDVRUserService"=BcastDVRUserService "Camera"=FrameS "diagnostics"=DiagSvc "PrintWorkflow"=PrintWorkflowUserSvc "GraphicsPerfSvcGroup"=GraphicsPerfSvc "DevicesFlow"=DevicesFlowUserSvc DevicePickerUserSvc "smbsvcs"=lanmanserver browser [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost] "DcomLaunch"=PlugPlay DcomLaunch DeviceInstall "PrintWorkflow"=PrintWorkflowUserSvc "smbsvcs"=lanmanserver ---------- | SvcHost - Netsvcs (Whitelist) ---------- | Software [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\Adobe] [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\AFPL Ghostscript] [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\AnyMP4 Studio] [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\AppDataLow] [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\AVAST Software] [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\BitTorrent] [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\BlueStacksInstaller] [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\Browser Cleanup] [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\Chromium] [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\Cisco] [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\Clients] [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\Corel] [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\CyberLink] [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\Digia] [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\DMGR2.0.0] [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\Dolby] [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\Emulators] [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\g3n-h@ckm@n] [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\Garmin] [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\Google] [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\GPL Ghostscript] [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\IDS] [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\IM Providers] [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\Intel] [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\Intel Corporation] [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\Intel Security] [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\JavaSoft] [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\KasperskyLabSetup] [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\Lenovo] [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\Licenses] [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\Macromedia] [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\Malwarebytes] [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\Mathworks] [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\Microsoft] [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\MiKTeX.org] [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\Mine] [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\MozillaPlugins] [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\Netscape] [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\NT-ware] [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\ODBC] [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\OpenCV] [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\OpenSub] [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\paint.net] [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\Piriform] [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\Policies] [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\Provision Networks] [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\Psiphon3] [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\Python] [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\Qt] [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\QtProject] [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\Quest Software] [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\Rainy Cape S.L.] [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\Realtek] [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\RegisteredApplications] [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\SHAREit] [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\Spotify] [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\SSPrint] [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\Synaptics] [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\SyncEngines] [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\sysinternals] [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\TeamViewer] [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\TUG] [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\TunnelBear] [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\undefined] [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\VB and VBA Program Settings] [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\Vernier Software] [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\WinRAR] [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\WinRAR SFX] [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\Wow6432Node] [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\Xerox] [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\xm1] [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\ZebHelpProcess Helper] [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\ZHP] [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\SOFTWARE\AppDataLow\Software\JavaSoft] [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\SOFTWARE\AppDataLow\Software\Microsoft] [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\Microsoft\Windows\CurrentVersion] [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\Microsoft\Windows\DWM] [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\Microsoft\Windows\PrivacySettingsBeforeCreatorsUpdate] [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\Microsoft\Windows\Shell] [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\Microsoft\Windows\TabletPC] [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\Microsoft\Windows\Windows Error Reporting] [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\Microsoft\Windows\Winlogon] [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\Avast Software] [HKLM\Software\BlueStacksInstaller] [HKLM\Software\Clients] [HKLM\Software\Corel] [HKLM\Software\Dell] [HKLM\Software\Dolby] [HKLM\Software\DTS] [HKLM\Software\EnigmaSoft] [HKLM\Software\Fortemedia] [HKLM\Software\g3n-h@ckm@n] [HKLM\Software\Google] [HKLM\Software\IDS] [HKLM\Software\InstalledOptions] [HKLM\Software\Intel] [HKLM\Software\Intel Security] [HKLM\Software\IPS] [HKLM\Software\Khronos] [HKLM\Software\Knowles] [HKLM\Software\Lenovo] [HKLM\Software\Macromedia] [HKLM\Software\MathWorks] [HKLM\Software\Microsoft] [HKLM\Software\Mozilla] [HKLM\Software\Nahimic] [HKLM\Software\Nuance] [HKLM\Software\ODBC] [HKLM\Software\OEM] [HKLM\Software\Partner] [HKLM\Software\Piriform] [HKLM\Software\Policies] [HKLM\Software\Quest Software] [HKLM\Software\Quest Software, Inc.] [HKLM\Software\Realtek] [HKLM\Software\RegisteredApplications] [HKLM\Software\Samsung] [HKLM\Software\SegOption] [HKLM\Software\Segurazo] [HKLM\Software\SonicFocus] [HKLM\Software\SoundResearch] [HKLM\Software\SRS Labs] [HKLM\Software\SSPrint] [HKLM\Software\Synaptics] [HKLM\Software\sysinternals] [HKLM\Software\TAP-Windows] [HKLM\Software\TrueKey] [HKLM\Software\Waves Audio] [HKLM\Software\WOW6432Node] [HKLM\Software\Xerox] [HKLM\Software\Yamaha APO] [HKLM\Software\Microsoft\Windows\ClickNote] [HKLM\Software\Microsoft\Windows\CurrentVersion] [HKLM\Software\Microsoft\Windows\Dwm] [HKLM\Software\Microsoft\Windows\DynamicManagement] [HKLM\Software\Microsoft\Windows\EnterpriseResourceManager] [HKLM\Software\Microsoft\Windows\Heat] [HKLM\Software\Microsoft\Windows\HTML Help] [HKLM\Software\Microsoft\Windows\ITStorage] [HKLM\Software\Microsoft\Windows\PrivacySettingsBeforeCreatorsUpdate] [HKLM\Software\Microsoft\Windows\ScheduledDiagnostics] [HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\Microsoft\Windows\Segurazo] [HKLM\Software\Microsoft\Windows\Shell] [HKLM\Software\Microsoft\Windows\Tablet PC] [HKLM\Software\Microsoft\Windows\TabletPC] [HKLM\Software\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\Microsoft\Windows\Windows Search] [HKLM\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\BcastDVRUserService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\btagservice] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\BthAppGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\Camera] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\DevicesFlow] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\diagnostics] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\GraphicsPerfSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ICService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceHttp] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestrictedDhcpLmHosts] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetworkFirewall] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceDnsNla] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\print] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\PrintWorkflow] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\rdxgroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\RmSvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\UnistackSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\WepHostSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wsappx] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wusvcs] [HKLM\Software\WOW6432Node\Adobe] [HKLM\Software\WOW6432Node\Apple Inc.] [HKLM\Software\WOW6432Node\Avast] [HKLM\Software\WOW6432Node\AVAST Software] [HKLM\Software\WOW6432Node\Chromium] [HKLM\Software\WOW6432Node\Cyberlink] [HKLM\Software\WOW6432Node\Garmin] [HKLM\Software\WOW6432Node\Geany] [HKLM\Software\WOW6432Node\Google] [HKLM\Software\WOW6432Node\IDS] [HKLM\Software\WOW6432Node\IM Providers] [HKLM\Software\WOW6432Node\Intel] [HKLM\Software\WOW6432Node\Intel Security] [HKLM\Software\WOW6432Node\JavaSoft] [HKLM\Software\WOW6432Node\JreMetrics] [HKLM\Software\WOW6432Node\Kanton VS] [HKLM\Software\WOW6432Node\KasperskyLab] [HKLM\Software\WOW6432Node\Khronos] [HKLM\Software\WOW6432Node\Lenovo] [HKLM\Software\WOW6432Node\Macromedia] [HKLM\Software\WOW6432Node\Malwarebytes' Anti-Malware] [HKLM\Software\WOW6432Node\mcafeeupdater] [HKLM\Software\WOW6432Node\Microsoft] [HKLM\Software\WOW6432Node\Mozilla] [HKLM\Software\WOW6432Node\MozillaPlugins] [HKLM\Software\WOW6432Node\Nuance] [HKLM\Software\WOW6432Node\ODBC] [HKLM\Software\WOW6432Node\Oracle] [HKLM\Software\WOW6432Node\Piriform] [HKLM\Software\WOW6432Node\PyQt5] [HKLM\Software\WOW6432Node\Quest Software] [HKLM\Software\WOW6432Node\Realtek] [HKLM\Software\WOW6432Node\Realtek Semiconductor Corp.] [HKLM\Software\WOW6432Node\Segurazo] [HKLM\Software\WOW6432Node\SHAREit] [HKLM\Software\WOW6432Node\SRS Labs] [HKLM\Software\WOW6432Node\SyncIntegrationClients] [HKLM\Software\WOW6432Node\TeamViewer] [HKLM\Software\WOW6432Node\TrueKey] [HKLM\Software\WOW6432Node\TunnelBear] [HKLM\Software\WOW6432Node\VideoLAN] [HKLM\Software\WOW6432Node\Volatile] [HKLM\Software\WOW6432Node\WafCX] [HKLM\Software\WOW6432Node\WinRAR] [HKLM\Software\WOW6432Node\Wondershare] [HKLM\Software\WOW6432Node\WOW6432Node] [HKLM\Software\WOW6432Node\Clients] [HKLM\Software\WOW6432Node\Policies] [HKLM\Software\WOW6432Node\RegisteredApplications] [HKLM\Software\WOW6432Node\Microsoft\Windows\ClickNote] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows\Dwm] [HKLM\Software\WOW6432Node\Microsoft\Windows\EnterpriseResourceManager] [HKLM\Software\WOW6432Node\Microsoft\Windows\Heat] [HKLM\Software\WOW6432Node\Microsoft\Windows\HTML Help] [HKLM\Software\WOW6432Node\Microsoft\Windows\ITStorage] [HKLM\Software\WOW6432Node\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\WOW6432Node\Microsoft\Windows\Segurazo] [HKLM\Software\WOW6432Node\Microsoft\Windows\Tablet PC] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Search] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceHttp] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestrictedDhcpLmHosts] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetworkFirewall] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceDnsNla] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\PrintWorkflow] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\wusvcs] ---------- | Drives D: ---------- | C: [MD5.F53B81684C388F69D600E2FC3FB35069] - [19/09/2016 18:15:05] - |A| - (.-.) - [2294] - (0.0.0.0) - C:\!Install.txt [14/02/2017 16:21:15] - |HD| - [980176] - C:\$AV_ASW [10/07/2015 13:04:22] - |SHD| - [1162315] - C:\$Recycle.Bin [23/08/2019 13:15:39] - |HD| - [161511187] - C:\$WINDOWS.~BT [23/08/2019 13:34:24] - |D| - [6962865] - C:\AdwCleaner [16/07/2015 18:32:49] - |SHD| - [18395932] - C:\Boot [MD5.CDF075B70E5F612B4399A54B25D55192] - [10/07/2015 15:20:06] - |RASH| - (.-.) - [395268] - (0.0.0.0) - C:\bootmgr [MD5.93B885ADFE0DA089CDF634904FD59F71] - [10/07/2015 15:20:06] - |ASH| - (.-.) - [1] - (0.0.0.0) - C:\BOOTNXT [MD5.28F9607316A91601CFEB5B0274F04115] - [16/07/2015 18:32:51] - |RASH| - (.-.) - [8192] - (0.0.0.0) - C:\BOOTSECT.BAK [MD5.10A342B7E8E40518580707FED7019063] - [04/06/2018 15:15:45] - |SH| - (.-.) - [80] - (0.0.0.0) - C:\bootTel.dat [26/09/2016 07:36:21] - |SHD| - [6984742] - C:\Config.Msi [MD5.D676C9F0BB816FB7BAD45CF221F6F70C] - [23/01/2018 16:29:23] - |A| - (.-.) - [1300] - (0.0.0.0) - C:\DelFix.txt [10/07/2015 14:21:38] - |SHD| - [0] - C:\Documents and Settings [MD5.D41D8CD98F00B204E9800998ECF8427E] - [22/08/2019 07:24:42] - |ASH| - (.-.) - [3396505600] - (0.0.0.0) - C:\hiberfil.sys [27/11/2015 09:56:30] - |HDC| - [114748] - C:\Intel [13/02/2016 15:18:25] - |D| - [16355328] - C:\Logs [04/04/2016 14:05:28] - |D| - [197341775] - C:\MinGW [23/08/2019 14:13:48] - |D| - [105907] - C:\msiinv [17/03/2018 14:26:15] - |D| - [0] - C:\Octave [MD5.D41D8CD98F00B204E9800998ECF8427E] - [22/08/2019 07:24:47] - |ASH| - (.-.) - [1342177280] - (0.0.0.0) - C:\pagefile.sys [12/04/2018 01:38:20] - |D| - [0] - C:\PerfLogs [12/04/2018 01:38:20] - |RD| - [42395773664] - C:\Program Files [12/04/2018 01:38:20] - |RD| - [8189041199] - C:\Program Files (x86) [12/04/2018 01:38:20] - |HD| - [4767190758] - C:\ProgramData [05/06/2018 14:09:02] - |D| - [183304817] - C:\Python35 [05/06/2018 13:42:25] - |D| - [445915708] - C:\Qt [23/08/2019 14:53:00] - |D| - [68685] - C:\QuickDiag [MD5.820DD83B1A25CC1F8BFE400042B0BFF6] - [23/08/2019 14:53:14] - |A| - (.-.) - [232234] - (0.0.0.0) - C:\QuickDiag.txt [16/07/2015 17:47:58] - |HDC| - [4563829491] - C:\Recovery [20/08/2019 22:10:46] - |D| - [8390066] - C:\sh5ldr [MD5.D41D8CD98F00B204E9800998ECF8427E] - [22/08/2019 07:24:47] - |ASH| - (.-.) - [16777216] - (0.0.0.0) - C:\swapfile.sys [27/11/2015 09:51:33] - |SHD| - [0] - C:\System Volume Information [27/11/2015 09:10:34] - |ASHD| - [238714456] - C:\UserGuidePDF [11/04/2018 23:04:33] - |RD| - [272800354020] - C:\Users [11/04/2018 23:04:33] - |D| - [38285911039] - C:\Windows ---------- | C:\WINDOWS [12/04/2018 01:38:20] - |D| - [802] - C:\WINDOWS\addins [12/04/2018 01:38:20] - |D| - [18458708] - C:\WINDOWS\appcompat [12/04/2018 01:38:20] - |D| - [9022910] - C:\WINDOWS\apppatch [12/04/2018 01:38:20] - |D| - [0] - C:\WINDOWS\AppReadiness [12/04/2018 01:38:20] - |RSD| - [1021928472] - C:\WINDOWS\assembly [21/06/2018 07:33:15] - |D| - [0] - C:\WINDOWS\AUInstallAgent [MD5.12EBDA58437CD1EA7066FCB6455241D2] - [08/10/2016 10:36:08] - |A| - (.Copyright (c) 2014 AVAST Software - avast! Screen Saver stub.) - [53208] - (12.3.3154.0) - C:\WINDOWS\avastSS.scr [12/04/2018 01:38:20] - |D| - [720353] - C:\WINDOWS\bcastdvr [MD5.178BA90AA13F6F834E5C060DC923FB55] - [12/04/2018 01:34:02] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Utilitaire de service de fichier de démarrage.) - [67072] - (10.0.17134.1) - C:\WINDOWS\bfsvc.exe [12/04/2018 01:38:20] - |D| - [38348031] - C:\WINDOWS\Boot [MD5.26B21C34CBC3DB62041EAD256F0A9B71] - [06/06/2018 23:30:18] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\WINDOWS\bootstat.dat [12/04/2018 01:38:21] - |D| - [2464344] - C:\WINDOWS\Branding [12/04/2018 01:30:02] - |D| - [0] - C:\WINDOWS\CbsTemp [MD5.A155FFABF2F04265A97274CCAB44D773] - [12/04/2018 18:23:39] - |A| - (.-.) - [35138] - (0.0.0.0) - C:\WINDOWS\Core.xml [MD5.7B4A26DCC09222DE4763DF989DEB6743] - [10/07/2015 15:16:28] - |A| - (.-.) - [31816] - (0.0.0.0) - C:\WINDOWS\CoreSingleLanguage.xml [MD5.B8F7F2779ED3F923F30CE77CED1A10CE] - [27/11/2015 09:49:56] - |A| - (.-.) - [12] - (0.0.0.0) - C:\WINDOWS\csup.txt [12/04/2018 01:38:21] - |D| - [11482410] - C:\WINDOWS\Cursors [06/06/2018 23:23:55] - |D| - [107520] - C:\WINDOWS\de-DE [12/04/2018 01:38:21] - |D| - [31685301] - C:\WINDOWS\debug [MD5.85BDC9BCB8B49319B5A841D5E3EA8A3F] - [06/06/2018 22:42:29] - |A| - (.-.) - [26673] - (0.0.0.0) - C:\WINDOWS\diagerr.xml [12/04/2018 01:38:21] - |D| - [5188985] - C:\WINDOWS\diagnostics [MD5.85BDC9BCB8B49319B5A841D5E3EA8A3F] - [06/06/2018 22:42:29] - |A| - (.-.) - [26673] - (0.0.0.0) - C:\WINDOWS\diagwrn.xml [12/04/2018 18:18:37] - |D| - [0] - C:\WINDOWS\DigitalLocker [27/11/2015 09:12:38] - |D| - [151491584] - C:\WINDOWS\Downloaded Installations [12/04/2018 01:38:21] - |SD| - [65] - C:\WINDOWS\Downloaded Program Files [12/04/2018 01:38:21] - |HD| - [81040] - C:\WINDOWS\ELAMBKUP [12/04/2018 18:18:37] - |D| - [96256] - C:\WINDOWS\en-US [MD5.A1D1CE7D323A357163A500CDC15EDA54] - [11/07/2019 05:45:25] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [4038688] - (10.0.17134.858) - C:\WINDOWS\explorer.exe [12/04/2018 01:38:21] - |RSD| - [398710956] - C:\WINDOWS\Fonts [12/04/2018 18:18:37] - |D| - [109568] - C:\WINDOWS\fr-FR [12/04/2018 01:38:21] - |D| - [0] - C:\WINDOWS\GameBarPresenceWriter [12/04/2018 01:38:21] - |D| - [56336039] - C:\WINDOWS\Globalization [12/04/2018 01:38:21] - |D| - [2844018] - C:\WINDOWS\Help [MD5.30D302335B017DC3B53519BD9E33D763] - [13/02/2019 06:54:51] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Aide et support Microsoft.) - [1054720] - (10.0.17134.556) - C:\WINDOWS\HelpPane.exe [MD5.A50C9DF7603E2F1AEA6B54053794A326] - [12/04/2018 01:34:25] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Exécutable de l’aide HTML Microsoft®.) - [17920] - (10.0.17134.1) - C:\WINDOWS\hh.exe [12/04/2018 01:38:21] - |D| - [29869] - C:\WINDOWS\IdentityCRL [12/04/2018 01:38:21] - |D| - [28832150] - C:\WINDOWS\IME [12/04/2018 01:38:21] - |RD| - [8504001] - C:\WINDOWS\ImmersiveControlPanel [12/04/2018 01:36:48] - |D| - [96966867] - C:\WINDOWS\INF [12/04/2018 01:38:21] - |D| - [1662149707] - C:\WINDOWS\InfusedApps [12/04/2018 01:38:21] - |D| - [38137502] - C:\WINDOWS\InputMethod [12/04/2018 01:38:21] - |SHD| - [2365296745] - C:\WINDOWS\Installer [12/04/2018 01:38:21] - |D| - [94163] - C:\WINDOWS\L2Schemas [12/04/2018 01:38:21] - |HD| - [0] - C:\WINDOWS\LanguageOverlayCache [MD5.BA7C22AC509ACAD0A8F4BB3D35890D61] - [13/04/2015 08:08:30] - |A| - (.-.) - [50176] - (0.0.0.0) - C:\WINDOWS\LenovoScreenSaver.scr [MD5.E4D6540F99F187BAB7D5E0F47E5969A9] - [27/11/2015 10:10:12] - |A| - (.-.) - [629145600] - (0.0.0.0) - C:\WINDOWS\lenovo_fastboot.img [12/04/2018 01:38:21] - |D| - [0] - C:\WINDOWS\LiveKernelReports [11/04/2018 23:04:39] - |D| - [13261682] - C:\WINDOWS\Logs [MD5.41593A9FCAE9891D99B19278F5687BE8] - [27/11/2015 09:07:25] - |A| - (.-.) - [1144] - (0.0.0.0) - C:\WINDOWS\machineinfo.sav [12/04/2018 01:38:21] - |RSD| - [20486563] - C:\WINDOWS\media [MD5.26AA3E12DC0C1B59705DB119308A398A] - [27/11/2015 10:21:04] - |A| - (.-.) - [2861477] - (0.0.0.0) - C:\WINDOWS\MFGSTAT.zip [MD5.23AF90D2355D8C83AA4567EF1763B467] - [12/04/2018 01:34:36] - |A| - (.-.) - [43131] - (0.0.0.0) - C:\WINDOWS\mib.bin [12/04/2018 01:38:20] - |RD| - [878391899] - C:\WINDOWS\Microsoft.NET [12/04/2018 01:38:21] - |D| - [3322] - C:\WINDOWS\Migration [12/04/2018 01:38:21] - |D| - [0] - C:\WINDOWS\ModemLogs [MD5.BB9A06B8F2DD9D24C77F389D7B2B58D2] - [12/04/2018 01:34:20] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Bloc-notes.) - [245760] - (10.0.17134.1) - C:\WINDOWS\notepad.exe [12/04/2018 18:22:25] - |D| - [408202] - C:\WINDOWS\OCR [12/04/2018 01:38:21] - |RD| - [65] - C:\WINDOWS\Offline Web Pages [08/05/2019 21:19:48] - |D| - [552106051] - C:\WINDOWS\Panther [12/04/2018 01:38:21] - |D| - [453266] - C:\WINDOWS\Performance [MD5.D09B468768EDE09C91173B0B296EFBA8] - [11/10/2016 16:12:10] - |A| - (.-.) - [1040870] - (0.0.0.0) - C:\WINDOWS\PFRO.log [12/04/2018 01:38:21] - |D| - [1441616] - C:\WINDOWS\PLA [MD5.D2E30BBD8E30187CB824F0C4C21A4D05] - [27/11/2015 10:35:58] - |A| - (.-.) - [29944] - (0.0.0.0) - C:\WINDOWS\PLDDATA.XML [12/04/2018 01:38:21] - |D| - [4344720] - C:\WINDOWS\PolicyDefinitions [06/06/2018 22:34:13] - |D| - [9941392] - C:\WINDOWS\Prefetch [12/04/2018 01:38:21] - |RD| - [1965014] - C:\WINDOWS\PrintDialog [12/04/2018 01:38:21] - |D| - [5519070] - C:\WINDOWS\Provisioning [MD5.AC91328EE5CFFBD695CE912F75F876F6] - [12/04/2018 01:34:34] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Éditeur du Registre.) - [336384] - (10.0.17134.1) - C:\WINDOWS\regedit.exe [12/04/2018 01:38:21] - |D| - [1095288] - C:\WINDOWS\Registration [12/04/2018 01:38:21] - |D| - [26015688] - C:\WINDOWS\rescache [12/04/2018 01:38:21] - |D| - [4576221] - C:\WINDOWS\Resources [MD5.DCB9604D425C1E9300138436ED241CDD] - [27/11/2015 10:06:29] - |A| - (.Copyright (C) Realtek Semiconductor Corp. - RtCamU.) - [2627288] - (1.12.0.0) - C:\WINDOWS\RtCamU64.exe [MD5.429D9EEB1DA2386625DF4601CC1C875A] - [27/11/2015 09:59:53] - |A| - (.Copyright (C) 2015 Realtek Semiconductor Corp. - RtlExUpd DLL for setup utility function.) - [2825944] - (1.0.6.5) - C:\WINDOWS\RtlExUpd.dll [12/04/2018 01:38:21] - |D| - [0] - C:\WINDOWS\SchCache [12/04/2018 01:38:21] - |D| - [122082] - C:\WINDOWS\schemas [12/04/2018 01:38:21] - |D| - [8282354] - C:\WINDOWS\security [06/06/2018 23:29:47] - |D| - [88632460] - C:\WINDOWS\ServiceProfiles [12/04/2018 01:38:21] - |D| - [0] - C:\WINDOWS\ServiceState [11/04/2018 23:04:33] - |D| - [225102558] - C:\WINDOWS\servicing [12/04/2018 01:41:20] - |D| - [42] - C:\WINDOWS\Setup [12/04/2018 01:38:21] - |D| - [6443008] - C:\WINDOWS\ShellComponents [12/04/2018 01:38:21] - |D| - [53634048] - C:\WINDOWS\ShellExperiences [12/04/2018 18:19:39] - |D| - [7276064] - C:\WINDOWS\SKB [27/11/2015 10:00:44] - |D| - [9053021530] - C:\WINDOWS\SoftwareDistribution [12/04/2018 01:38:21] - |D| - [86042305] - C:\WINDOWS\Speech [12/04/2018 01:38:21] - |D| - [63476142] - C:\WINDOWS\Speech_OneCore [MD5.1CC7C7CCB919892585890F22DB69258D] - [11/07/2019 05:45:05] - |A| - (.© Microsoft Corporation. - Print driver host for applications.) - [131072] - (10.0.17134.885) - C:\WINDOWS\splwow64.exe [12/04/2018 01:38:21] - |D| - [31039] - C:\WINDOWS\System [MD5.286A9EDB379DC3423A528B0864A0F111] - [10/07/2015 13:04:27] - |A| - (.-.) - [219] - (0.0.0.0) - C:\WINDOWS\system.ini [11/04/2018 23:04:33] - |D| - [8040552178] - C:\WINDOWS\System32 [12/04/2018 01:38:21] - |D| - [227727685] - C:\WINDOWS\SystemApps [12/04/2018 01:38:21] - |D| - [28643409] - C:\WINDOWS\SystemResources [11/04/2018 23:04:41] - |D| - [1696186819] - C:\WINDOWS\SysWOW64 [12/04/2018 01:38:21] - |D| - [0] - C:\WINDOWS\TAPI [10/07/2015 13:04:23] - |D| - [6] - C:\WINDOWS\Tasks [12/04/2018 01:38:21] - |D| - [1875253] - C:\WINDOWS\Temp [12/04/2018 01:38:21] - |D| - [13610496] - C:\WINDOWS\TextInput [12/04/2018 01:38:21] - |D| - [0] - C:\WINDOWS\tracing [12/04/2018 01:38:21] - |D| - [266968] - C:\WINDOWS\twain_32 [MD5.076387B253E6A381090F59EDBFC5EEF6] - [12/04/2018 01:34:53] - |A| - (.- Gestionnaire de sources Twain_32 (Image Acquisition Interface).) - [65536] - (1.7.1.3) - C:\WINDOWS\twain_32.dll [15/06/2017 00:52:35] - |SD| - [0] - C:\WINDOWS\UpdateAssistantV2 [12/04/2018 01:38:21] - |D| - [12420] - C:\WINDOWS\Vss [11/04/2018 23:04:37] - |D| - [25818] - C:\WINDOWS\WaaS [12/04/2018 01:38:21] - |D| - [17431992] - C:\WINDOWS\Web [MD5.23CF8138F49416231807E6DE371FB9E6] - [10/07/2015 13:04:27] - |A| - (.-.) - [92] - (0.0.0.0) - C:\WINDOWS\win.ini [MD5.C844CA459F3B209329984772269B6E56] - [12/04/2018 01:34:36] - |RAH| - (.-.) - [670] - (0.0.0.0) - C:\WINDOWS\WindowsShell.Manifest [MD5.2CC83D93DD1DDE691158CF5E9882420B] - [23/08/2019 13:46:50] - |A| - (.-.) - [276] - (0.0.0.0) - C:\WINDOWS\WindowsUpdate.log [MD5.EE1F0DE1ED3E8A5BF080B3497049969E] - [12/04/2018 01:34:52] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Relais Windows Winhlp32.) - [11776] - (10.0.17134.1) - C:\WINDOWS\winhlp32.exe [11/04/2018 23:04:33] - |D| - [10553251171] - C:\WINDOWS\WinSxS [MD5.E7E4D8D7340DA6934B9EA81CBB21374C] - [12/04/2018 01:33:56] - |A| - (.-.) - [316640] - (0.0.0.0) - C:\WINDOWS\WMSysPr9.prx [MD5.5266C61652051E9EF3A4D199001F6B17] - [12/04/2018 01:34:19] - |A| - (.© Microsoft Corporation. - Windows Write.) - [11264] - (10.0.17134.1) - C:\WINDOWS\write.exe ---------- | C:\WINDOWS\System32\GroupPolicy ---------- | Systemroot\System ---------- | Systemroot\Installer (Microsoft Files Whitelisted) [15/05/2019 05:47:58] - C:\WINDOWS\Installer\11197089.msi : (Google Update Helper - Google LLC) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [15/09/2015 02:00:06] - C:\WINDOWS\Installer\1189f.msi : (Dolby Audio X2 Windows API SDK - Dolby Laboratories, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [24/06/2015 17:39:44] - C:\WINDOWS\Installer\118a5.msi : (Dolby Audio X2 Windows APP - Dolby Laboratories, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [15/09/2015 02:00:06] - C:\WINDOWS\Installer\118c7.msi : (Dolby Audio X2 Windows API SDK - Dolby Laboratories, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [15/09/2015 12:00:06] - C:\WINDOWS\Installer\123d4.msi : (Dolby Audio X2 Windows API SDK - Dolby Laboratories, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [20/07/2015 15:49:26] - C:\WINDOWS\Installer\123e1.msi : (Intel(R) Serial IO - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [25/10/2015 12:34:24] - C:\WINDOWS\Installer\123e8.msi : (Intel® WiFi - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [12/06/2015 01:10:06] - C:\WINDOWS\Installer\123ef.msi : (Intel® WiFi - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [15/09/2015 02:00:06] - C:\WINDOWS\Installer\169d5.msi : (Dolby Audio X2 Windows API SDK - Dolby Laboratories, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [16/04/2018 12:00:16] - C:\WINDOWS\Installer\1962f58f.msi : (TunnelBear - TunnelBear) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [26/01/2018 19:00:10] - C:\WINDOWS\Installer\1a75d71a.msi : (Java SE Runtime Environment 8 Update 161 - Oracle Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/03/2015 10:41:29] - C:\WINDOWS\Installer\1aa1fc3.msi : ( - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [22/02/2016 13:49:36] - C:\WINDOWS\Installer\1b182e4.msi : (Intel® Software Guard Extensions Platform Software - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [27/10/2015 08:55:00] - C:\WINDOWS\Installer\1f48a5c.msi : (Intel® RealSense™ SDK 2014 Runtime (x64): Core - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/05/2016 10:52:20] - C:\WINDOWS\Installer\1fd7d0f.msi : (Intel(R) Biometric and Context Agent 2.0.146.0 - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/05/2016 10:52:20] - C:\WINDOWS\Installer\1fd7d25.msi : (Intel(R) Biometric and Context Agent Redistributables 2.0.146.0 - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [26/09/2016 07:26:15] - C:\WINDOWS\Installer\20ecf3a5.msi : (Lenovo System Interface Foundation - Lenovo) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [08/04/2018 21:31:54] - C:\WINDOWS\Installer\259f872.msi : (Avast Update Helper - AVAST Software) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [10/08/2019 13:47:56] - C:\WINDOWS\Installer\25d4d6e7.msi : (Adobe ARM Installer - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [27/11/2015 09:12:38] - C:\WINDOWS\Installer\318ec.msi : (Metric Collection SDK Redistributable - Lenovo Group Limited) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [27/06/2015 17:15:35] - C:\WINDOWS\Installer\31903.msi : (User Manuals - Lenovo) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [24/10/2018 15:18:02] - C:\WINDOWS\Installer\34427ad5.msi : (Elevated Installer - Garmin Ltd or its subsidiaries) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [24/10/2018 15:17:50] - C:\WINDOWS\Installer\34427ada.msi : (ANT Drivers Installer x64 - Garmin Ltd or its subsidiaries) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [01/04/2016 19:08:24] - C:\WINDOWS\Installer\3e31.msi : (Metric Collection SDK Redistributable - Lenovo Group Limited) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [01/04/2016 19:08:28] - C:\WINDOWS\Installer\3e44.msi : ( - Lenovo) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/09/2016 10:22:48] - C:\WINDOWS\Installer\4c7b09e7.msi : (Lenovo System Interface Foundation - Lenovo) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/04/2016 11:01:07] - C:\WINDOWS\Installer\4f8f4a6.msi : (Lenovo Solution Center - Lenovo) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [04/06/2019 08:16:06] - C:\WINDOWS\Installer\8299d3d.msi : (Java SE Runtime Environment 8 Update 201 - Oracle Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [04/06/2019 08:17:01] - C:\WINDOWS\Installer\8299d48.msi : (Java Auto Updater - Oracle Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [08/07/2015 05:27:26] - C:\WINDOWS\Installer\855e.msi : (Intel(R) Wireless Bluetooth(R) Patch/Audio Package Installation - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [21/05/2015 13:12:04] - C:\WINDOWS\Installer\ad3a.msi : (O2Micro Flash Memory Card Windows Driver - O2Micro International LTD.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [29/09/2015 00:10:24] - C:\WINDOWS\Installer\ad63.msi : (Lenovo QuickOptimizer - Lenovo) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [11/06/2015 04:28:46] - C:\WINDOWS\Installer\ad96.msi : (Blank Project Template - CyberLink Corp.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [27/11/2015 09:11:12] - C:\WINDOWS\Installer\add4.msi : (Blank Project Template - Lenovo) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [14/07/2015 23:51:48] - C:\WINDOWS\Installer\addc.msi : (Intel(R) Chipset Device Software - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [22/07/2015 10:25:28] - C:\WINDOWS\Installer\ade3.msi : (Intel(R) ME UninstallLegacy - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [22/07/2015 10:25:38] - C:\WINDOWS\Installer\adea.msi : (Intel(R) Management Engine Components - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [24/06/2015 02:01:14] - C:\WINDOWS\Installer\adf1.msi : (Intel(R) Rapid Storage Technology - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [13/05/2019 08:57:34] - [59400192] - (.().-. - ()) - C:\WINDOWS\Installer\111efe03.msp [12/05/2018 08:05:37] - [7094272] - (.().-. - ()) - C:\WINDOWS\Installer\148141ff.msp [12/07/2016 05:25:29] - [39538688] - (.().-. - ()) - C:\WINDOWS\Installer\14de3aa0.msp [18/09/2018 10:10:59] - [4706304] - (.().-. - ()) - C:\WINDOWS\Installer\15c0c826.msp [03/11/2016 09:25:06] - [1642496] - (.().-. - ()) - C:\WINDOWS\Installer\15d4dff4.msp [08/04/2019 08:22:42] - [7155712] - (.().-. - ()) - C:\WINDOWS\Installer\17a531c1.msp [12/08/2019 08:29:03] - [50438144] - (.().-. - ()) - C:\WINDOWS\Installer\18c4304e.msp [09/01/2017 05:41:00] - [25853952] - (.().-. - ()) - C:\WINDOWS\Installer\196fc6c4.msp [10/04/2017 07:34:32] - [57815040] - (.().-. - ()) - C:\WINDOWS\Installer\19b64957.msp [27/02/2016 01:05:24] - [64245760] - (.().-. - ()) - C:\WINDOWS\Installer\1aa1fc4.msp [10/12/2018 08:52:51] - [44044288] - (.().-. - ()) - C:\WINDOWS\Installer\1fe3d646.msp [28/06/2011 21:27:28] - [4028928] - (.().-. - ()) - C:\WINDOWS\Installer\22336be4.msp [22/10/2018 15:33:19] - [2584576] - (.().-. - ()) - C:\WINDOWS\Installer\22e506ec.msp [10/05/2016 05:20:29] - [58986496] - (.().-. - ()) - C:\WINDOWS\Installer\24ba6969.msp [21/02/2017 14:33:51] - [12845056] - (.().-. - ()) - C:\WINDOWS\Installer\295ace.msp [19/01/2017 12:28:55] - [1937408] - (.().-. - ()) - C:\WINDOWS\Installer\2a86de3b.msp [13/11/2017 06:26:16] - [23506944] - (.().-. - ()) - C:\WINDOWS\Installer\2bb29d.msp [23/02/2018 15:25:19] - [1343488] - (.().-. - ()) - C:\WINDOWS\Installer\2cba2a63.msp [13/08/2018 08:19:45] - [1441792] - (.().-. - ()) - C:\WINDOWS\Installer\4411741c.msp [02/08/2016 13:49:06] - [1511424] - (.().-. - ()) - C:\WINDOWS\Installer\44309297.msp [13/11/2018 06:24:12] - [3485696] - (.().-. - ()) - C:\WINDOWS\Installer\45007296.msp [29/11/2017 12:42:28] - [1355776] - (.().-. - ()) - C:\WINDOWS\Installer\464016d6.msp [13/06/2019 14:38:00] - [2260992] - (.().-. - ()) - C:\WINDOWS\Installer\4688962.msp [03/01/2019 11:17:04] - [1720320] - (.().-. - ()) - C:\WINDOWS\Installer\4e4fd47c.msp [28/08/2017 18:40:46] - [2424832] - (.().-. - ()) - C:\WINDOWS\Installer\63219.msp [11/02/2019 08:36:53] - [8757248] - (.().-. - ()) - C:\WINDOWS\Installer\739e4c9.msp [11/07/2017 06:57:12] - [1732608] - (.().-. - ()) - C:\WINDOWS\Installer\8f3552ec.msp [08/10/2018 13:11:44] - [2174976] - (.().-. - ()) - C:\WINDOWS\Installer\b659182.msp [10/10/2016 09:29:03] - [36499456] - (.().-. - ()) - C:\WINDOWS\Installer\cf684.msp [20/02/2019 14:28:20] - [1986560] - (.().-. - ()) - C:\WINDOWS\Installer\d4482ce.msp [19/05/2016 05:30:11] - [1429504] - (.().-. - ()) - C:\WINDOWS\Installer\d6793a4.msp [09/07/2018 07:47:48] - [27000832] - (.().-. - ()) - C:\WINDOWS\Installer\eafd59de.msp [02/06/2016 06:48:41] - [2772992] - (.().-. - ()) - C:\WINDOWS\Installer\f4da3f2.msp ---------- | %System%\*.in* [12/04/2018 01:33:56] - [3329] - C:\WINDOWS\System32\ieuinit.inf [06/06/2018 22:40:51] - [2651646] - C:\WINDOWS\System32\PerfStringBackup.INI [12/04/2018 01:34:33] - [60124] - C:\WINDOWS\System32\tcpmon.ini [12/04/2018 01:34:20] - [2404] - C:\WINDOWS\System32\WimBootCompress.ini [12/04/2018 01:34:00] - [3329] - C:\WINDOWS\Syswow64\ieuinit.inf [27/11/2015 09:58:37] - [2646618] - C:\WINDOWS\Syswow64\PerfStringBackup.INI [12/04/2018 01:34:49] - [2404] - C:\WINDOWS\Syswow64\WimBootCompress.ini ---------- | Listing no Microsoft signed files (Not necessary Malwares) | system32 | Syswow64 | General scan [MD5.A81FA7E40DEBEE442837590484DFE459] - |A| - [23/08/2019 13:36:34] - (.-.) - [64.66 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\.session64 [MD5.2D1D78850A0F40CF0125D0CFD61602DB] - |A| - [23/08/2019 13:44:12] - (.-.) - [0.05 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\aria-debug-10524.log [MD5.E78CF6623FF3B033AB9BD2FF8AFEA4D4] - |A| - [23/08/2019 14:55:05] - (.-.) - [0.05 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\aria-debug-12656.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [23/08/2019 13:47:59] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\aria-debug-12660.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [23/08/2019 13:36:24] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\aria-debug-14236.log [MD5.96569A77670AE96CA66AC6C125D6D037] - |A| - [23/08/2019 13:07:47] - (.-.) - [0.05 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\aria-debug-15272.log [MD5.A7ADBA048683814FD352EF2BCB391756] - |A| - [23/08/2019 13:07:47] - (.-.) - [0.05 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\aria-debug-15356.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [23/08/2019 13:45:05] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\aria-debug-3532.log [MD5.94A4755BD8F3EE87CC858CDA61F16061] - |A| - [23/08/2019 00:11:23] - (.-.) - [0.05 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\aria-debug-3756.log [MD5.A9DF6CC6B03F3F1BA63828458F6ED2A9] - |A| - [22/08/2019 23:58:49] - (.-.) - [0.05 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\aria-debug-3840.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [23/08/2019 13:48:47] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\aria-debug-3976.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [23/08/2019 14:49:03] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\aria-debug-4084.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [23/08/2019 13:04:48] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\aria-debug-4288.log [MD5.C4AD234292EED144490DCDECBE9CEC43] - |A| - [23/08/2019 00:13:37] - (.-.) - [0.05 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\aria-debug-4520.log [MD5.A4729F7BFC87EC14DB02A5650C6F5190] - |A| - [23/08/2019 00:10:21] - (.-.) - [0.05 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\aria-debug-5892.log [MD5.46C78840D41EDB6CD3AC4373983E972B] - |A| - [23/08/2019 00:04:03] - (.-.) - [0.05 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\aria-debug-6928.log [MD5.303458D5E1D36AD67C4601D32D14F38D] - |A| - [23/08/2019 00:04:56] - (.-.) - [0.05 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\aria-debug-7112.log [MD5.6BFCD3D92DF03D32280E9EB3BD52ADF4] - |A| - [23/08/2019 13:53:59] - (.-.) - [0.05 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\aria-debug-8612.log [MD5.00000000000000000000000000000000] - |D| - [23/08/2019 13:45:49] - [0 Ko] - C:\WINDOWS\Temp\avast_ash2 [MD5.9E4D3E42FBF16CD02A99889B21921A9E] - |A| - [23/08/2019 13:45:50] - (.-.) - [145.95 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\battery-report.html [MD5.ED4360EAE97CB738A900FB3C72EBF553] - |A| - [23/08/2019 13:45:50] - (.-.) - [140.25 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\battery-report.xml [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [23/08/2019 00:00:52] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\BIT4183.tmp [MD5.883AA4BB17BBCD4D21791B77E5B08ED2] - |A| - [22/08/2019 23:58:54] - (.-.) - [156.58 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-EMB9DVO-20190822-2358.log [MD5.9807E38D8E0DD4B1692D1D61DF25C705] - |A| - [23/08/2019 00:04:08] - (.-.) - [15.53 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-EMB9DVO-20190823-0004.log [MD5.76DDA48DC79DEEF64FC95CF41BCC83B6] - |A| - [23/08/2019 00:05:01] - (.-.) - [224.07 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-EMB9DVO-20190823-0005.log [MD5.3555CF91BD98A303754FD3D1D6658522] - |A| - [23/08/2019 00:10:26] - (.-.) - [198.46 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-EMB9DVO-20190823-0010.log [MD5.52499E45846C57305F513098C9D698E8] - |A| - [23/08/2019 00:11:29] - (.-.) - [11.91 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-EMB9DVO-20190823-0011.log [MD5.9CC3765AC2030E48E6465818ADF7CBFF] - |A| - [23/08/2019 00:13:42] - (.-.) - [63.76 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-EMB9DVO-20190823-0013.log [MD5.15FF4BB4441DDFFA287C0AA8B6F2A1DB] - |A| - [23/08/2019 13:04:53] - (.-.) - [18.76 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-EMB9DVO-20190823-1304.log [MD5.FF3341E11357037C5278A8AAC37DBDE9] - |A| - [23/08/2019 13:07:52] - (.-.) - [11.81 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-EMB9DVO-20190823-1307.log [MD5.3EEFDE5E65FBD397C6E84A29DF3BEB20] - |A| - [23/08/2019 13:07:53] - (.-.) - [32.04 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-EMB9DVO-20190823-1307a.log [MD5.8F39BF4DB844B338D748FD5DEB3E1A40] - |A| - [23/08/2019 13:10:11] - (.-.) - [11.1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-EMB9DVO-20190823-1310.log [MD5.B840C797DA4F599F59026FFFCF9A58F2] - |A| - [23/08/2019 13:36:29] - (.-.) - [37.35 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-EMB9DVO-20190823-1336.log [MD5.3DDE1AC3977AC15699C91100CE1E33F3] - |A| - [23/08/2019 13:44:17] - (.-.) - [15.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-EMB9DVO-20190823-1344.log [MD5.01D97256DD3014C18C56C1905F05C185] - |A| - [23/08/2019 13:45:10] - (.-.) - [14.55 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-EMB9DVO-20190823-1345.log [MD5.2CC6690FE9B454041274D794D6AB1A7F] - |A| - [23/08/2019 13:48:04] - (.-.) - [39.9 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-EMB9DVO-20190823-1348.log [MD5.AEE523EE726049AF3C3BF07A0CF7A3E9] - |A| - [23/08/2019 13:48:53] - (.-.) - [17.82 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-EMB9DVO-20190823-1348a.log [MD5.637FAAFD933B17BDE56ED333AC0EE3F4] - |A| - [23/08/2019 13:54:04] - (.-.) - [9.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-EMB9DVO-20190823-1354.log [MD5.5375F95D8D03A132BC0108B26266F339] - |A| - [23/08/2019 14:49:08] - (.-.) - [22.62 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-EMB9DVO-20190823-1449.log [MD5.63AF2FC27DB51B4CB7142DF8B3339BB4] - |A| - [23/08/2019 14:55:11] - (.-.) - [10.11 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-EMB9DVO-20190823-1455.log [MD5.00000000000000000000000000000000] - |D| - [23/08/2019 14:49:04] - [0 Ko] - C:\WINDOWS\Temp\DiagTrack_alternativeTrace [MD5.00000000000000000000000000000000] - |D| - [23/08/2019 14:49:04] - [0 Ko] - C:\WINDOWS\Temp\DiagTrack_aot [MD5.00000000000000000000000000000000] - |D| - [23/08/2019 14:49:04] - [0 Ko] - C:\WINDOWS\Temp\DiagTrack_diag [MD5.00000000000000000000000000000000] - |D| - [23/08/2019 14:49:04] - [0 Ko] - C:\WINDOWS\Temp\DiagTrack_miniTrace [MD5.00000000000000000000000000000000] - |D| - [06/06/2018 22:34:19] - [501.49 Ko] - C:\WINDOWS\Temp\DPTF [MD5.50BDD34208B430E8FB8FB8F9435C4A49] - |A| - [02/12/2018 12:30:06] - (.-.) - [18.12 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\HighPerformancePlan.log [MD5.C6CC99A11A400B15218CB572A984A490] - |A| - [23/08/2019 14:34:40] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSIa2f9f.LOG [MD5.EA5015EB92EF4A70AA0FEBCE0E8AEC86] - |A| - [22/08/2019 23:55:47] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSIb7311.LOG [MD5.17564FAC7A8524E89F7A06371E64ECAD] - |A| - [23/08/2019 13:34:46] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSIba266.LOG [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [23/08/2019 13:04:48] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(2019082313044810C0).log [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [23/08/2019 13:36:24] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(20190823133624379C).log [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [23/08/2019 13:45:06] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(20190823134506DCC).log [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [23/08/2019 13:47:59] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(201908231347593174).log [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [23/08/2019 13:48:48] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(20190823134848F88).log [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [23/08/2019 14:49:04] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(20190823144904FF4).log [MD5.38ECDEDFF4CEB5EB378BE3B51584C4CC] - |A| - [02/12/2018 12:30:06] - (.-.) - [0.1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PowerPlan.log [MD5.B2C13837E01F934EE53BBC7DE7298C7F] - |A| - [05/10/2018 18:11:38] - (.-.) - [40.84 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\tempstate.dat [MD5.28288BB1B24230D22F8F6FA9ADD9EE35] - |A| - [28/04/2019 13:15:49] - (.-.) - [14.27 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\UsoStoreFile.xml [MD5.1696A4487030B0B6B5CDD521A9C3D238] - |A| - [22/08/2019 23:56:32] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER211C.tmp.WERDataCollectionStatus.txt [MD5.1696A4487030B0B6B5CDD521A9C3D238] - |A| - [22/08/2019 23:55:54] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER8DAF.tmp.WERDataCollectionStatus.txt [MD5.1696A4487030B0B6B5CDD521A9C3D238] - |A| - [22/08/2019 23:56:16] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WERE2C8.tmp.WERDataCollectionStatus.txt [MD5.00000000000000000000000000000000] - |D| - [18/09/2018 10:26:33] - [0 Ko] - C:\WINDOWS\Temp\_avast_ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:18:38] - [0 Ko] - C:\WINDOWS\System32\0409 [MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [12/04/2018 01:34:20] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@AudioToastIcon.png [MD5.8E4B25CC8E98F63DBD54176DFAB539E0] - |A| - [12/04/2018 01:34:07] - (.-.) - [0.44 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@BackgroundAccessToastIcon.png [MD5.3937359E324E15F6A7A7092D4DAEBD64] - |A| - [12/04/2018 01:34:25] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@bitlockertoastimage.png [MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [12/04/2018 01:34:14] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@EnrollmentToastIcon.png [MD5.C2A332DE50FE519DA21AFB8BD6E134F4] - |A| - [12/04/2018 01:34:27] - (.-.) - [0.55 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@language_notification_icon.png [MD5.A119D69B4C29845D3F8CE2E5638C8E65] - |A| - [12/04/2018 01:34:32] - (.-.) - [0.47 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@optionalfeatures.png [MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [12/04/2018 01:34:33] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@VpnToastIcon.png [MD5.7AC3EA1A5175106ED6467FF0C5315541] - |A| - [12/04/2018 01:34:44] - (.-.) - [14.75 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WiFiNotificationIcon.png [MD5.79166EAF65485F1432DD72B72870026B] - |A| - [12/04/2018 01:34:04] - (.-.) - [190.86 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@windows-hello-V4.1.gif [MD5.13EF2C8D799F7B6E9D8E3D6BACB9C779] - |A| - [12/04/2018 01:34:04] - (.-.) - [0.7 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsHelloFaceToastIcon.png [MD5.F553B252FEC3134D4F5303D9B25298B3] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsUpdateToastIcon.contrast-black.png [MD5.DAD405CBDE259DE527EBF71BCC28099C] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.79 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsUpdateToastIcon.contrast-white.png [MD5.F553B252FEC3134D4F5303D9B25298B3] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsUpdateToastIcon.png [MD5.DB71001FC261F6685BE410527DAE3942] - |A| - [12/04/2018 01:34:20] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WirelessDisplayToast.png [MD5.D0FCF781D0801ABF5F74B54E98076A5B] - |A| - [12/04/2018 01:34:12] - (.-.) - [0.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WwanNotificationIcon.png [MD5.85D91E478AF18125007C531227FF6E59] - |A| - [12/04/2018 01:34:12] - (.-.) - [0.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WwanSimLockIcon.png [MD5.5B4E5638D97F2584DB358E6B45D611FA] - |A| - [27/11/2015 09:59:54] - (.-.) - [115.82 Ko] - (0.0.0.0) - C:\WINDOWS\System32\AcpiServiceVnA64.dll [MD5.00000000000000000000000000000000] - |D| - [11/04/2018 23:04:39] - [2891.9 Ko] - C:\WINDOWS\System32\AdvancedInstallers [MD5.B4F803BBEAFAD4DE89C6D3718E93F4F0] - |A| - [12/04/2018 01:34:15] - (.Copyright (c) libarchive authors - Windows-internal libarchive library.) - [602 Ko] - (3.3.2.0) - C:\WINDOWS\System32\archiveint.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30.5 Ko] - C:\WINDOWS\System32\as-IN [MD5.6ECE5A28A9B58426B73589FFD9107230] - |A| - [23/08/2019 14:48:04] - (.Copyright (c) 2019 AVAST Software - Avast start-up scanner.) - [355.38 Ko] - (19.7.4674.0) - C:\WINDOWS\System32\aswBoot.exe [MD5.98367C54AE3C8B7EC57FC2AA9CDE79E1] - |A| - [27/11/2015 09:59:54] - (.-.) - [102.84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\audioLibVc.dll [MD5.C03F0062C0749CDB59A4D60862C3E83E] - |A| - [12/04/2018 01:34:04] - (.-.) - [134.86 Ko] - (0.0.0.0) - C:\WINDOWS\System32\AverageRoom.bin [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\System32\az-Latn-AZ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\System32\be-BY [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [345.5 Ko] - C:\WINDOWS\System32\bg-BG [MD5.9C0787D13B3F51966690B79175255835] - |A| - [21/05/2015 04:53:12] - (.Copyright (C) 2014, BayHubTech/O2Micro. - BayHubTech/O2Micro SD/MMC Icon.) - [1248.49 Ko] - (1.0.0.5) - C:\WINDOWS\System32\bhtv5Icon.dll [MD5.705628497C0012302212A46ADD463E6E] - |A| - [12/04/2018 01:34:02] - (.-.) - [8.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.contrast-black.png [MD5.F63C615733A3337BF2BEA96C6EE9B568] - |A| - [12/04/2018 01:34:02] - (.-.) - [8.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.contrast-high.png [MD5.705628497C0012302212A46ADD463E6E] - |A| - [12/04/2018 01:34:02] - (.-.) - [8.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.contrast-white.png [MD5.DAF1DCB4AEE839A1965F4CC160C49A53] - |A| - [12/04/2018 01:34:02] - (.-.) - [8.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.png [MD5.28ECA83D7F9D10D69E969675D1FF6725] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.29 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothSystemToastIcon.contrast-white.png [MD5.A620186FF1CDE4EE117FC4CAD648B9CC] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.2 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\System32\bn-BD [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\System32\bn-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [5044.73 Ko] - C:\WINDOWS\System32\Boot [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\System32\bs-Latn-BA [MD5.06DB0A736F8A78151518276F232669FC] - |A| - [12/04/2018 01:34:19] - (.Copyright (C) 2008 - Gestionnaire de contexte pour réseau personnel Bluetooth.) - [181 Ko] - (1.0.0.1) - C:\WINDOWS\System32\BthpanContextHandler.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0.1 Ko] - C:\WINDOWS\System32\Bthprops [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30.5 Ko] - C:\WINDOWS\System32\ca-ES [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [31 Ko] - C:\WINDOWS\System32\ca-ES-valencia [MD5.00000000000000000000000000000000] - |D| - [11/04/2018 23:04:33] - [95759.09 Ko] - C:\WINDOWS\System32\CatRoot [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [62568.33 Ko] - C:\WINDOWS\System32\catroot2 [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [23 Ko] - C:\WINDOWS\System32\chr-CHER-US [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [3357.23 Ko] - C:\WINDOWS\System32\CodeIntegrity [MD5.64430E214B5B229D426D2D35538C402D] - |A| - [01/04/2016 19:10:27] - (.-.) - [366.38 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ColorImageEnhancement.wmv [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [378 Ko] - C:\WINDOWS\System32\com [MD5.535884123FABC2C15AA7DEC9834B55D4] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ComputerToastIcon.contrast-white.png [MD5.89F92266DFC6F93961DFFBB2D6C61A15] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.38 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ComputerToastIcon.png [MD5.D84E42FB373E5CA498A7B5D87B2562CB] - |A| - [27/11/2015 09:59:54] - (.2013 © Real Sound Lab SIA, iSoft Solutions - CONEQ™ Media Suite APO GUI Library.) - [119.46 Ko] - (1.0.0.4) - C:\WINDOWS\System32\CONEQMSAPOGUILibrary.dll [MD5.00000000000000000000000000000000] - |D| - [11/04/2018 23:04:33] - [417775.6 Ko] - C:\WINDOWS\System32\config [MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 01:38:21] - [124.04 Ko] - C:\WINDOWS\System32\Configuration [MD5.82DF5576BDD96CE8DF5A06C0571EA463] - |A| - [01/04/2016 19:10:28] - (.-.) - [499.28 Ko] - (0.0.0.0) - C:\WINDOWS\System32\cp_resources.bin [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [403.5 Ko] - C:\WINDOWS\System32\cs-CZ [MD5.BDEBD2FC4927DA00EEA263AF9CF8F7ED] - |A| - [12/04/2018 01:34:15] - (.© 1996 - 2017 Daniel Stenberg, . - The curl executable.) - [414.5 Ko] - (7.55.1.0) - C:\WINDOWS\System32\curl.exe [MD5.509440E2F49CCF0205D49A29D8E83FEF] - |A| - [27/11/2015 09:59:54] - (.©Conexant Systems Inc. - Conexant APO.) - [1564.41 Ko] - (1.31.0.0) - C:\WINDOWS\System32\CX64APO.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [31.5 Ko] - C:\WINDOWS\System32\cy-GB [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [399 Ko] - C:\WINDOWS\System32\da-DK [MD5.48E51DAA9278C41213957795D439A274] - |A| - [14/11/2018 00:34:24] - (.-.) - [138 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DataStoreCacheDumpTool.exe [MD5.00000000000000000000000000000000] - |D| - [23/07/2017 16:25:58] - [5218.15 Ko] - C:\WINDOWS\System32\DAX2 [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [217.6 Ko] - C:\WINDOWS\System32\DDFs [MD5.36F84B561E153EEE8EDC3A9BD9E0CBAC] - |A| - [27/11/2015 09:59:54] - (.©2014 Dolby Laboratories. - Dolby Digital Plus API x86.) - [266.33 Ko] - (7.6.5.1) - C:\WINDOWS\System32\DDPA64.dll [MD5.57460DBDDB45A5585F06FE13E9F7A007] - |A| - [27/11/2015 09:59:54] - (.©2014 Dolby Laboratories. - Dolby Digital Plus API x86.) - [303.15 Ko] - (7.6.7.2) - C:\WINDOWS\System32\DDPA64F3.dll [MD5.2205780305F7191F4B11A32C39DFF09F] - |A| - [27/11/2015 09:59:54] - (.©2014 Dolby Laboratories. - Dolby Digital Plus COM DLL x86.) - [1919.74 Ko] - (7.6.5.1) - C:\WINDOWS\System32\DDPD64A.dll [MD5.962D3F544251AD58D5875AB7A8ECFE77] - |A| - [27/11/2015 09:59:54] - (.©2014 Dolby Laboratories. - Dolby Digital Plus COM DLL x86.) - [1913.68 Ko] - (7.6.7.2) - C:\WINDOWS\System32\DDPD64AF3.dll [MD5.12E46D227E73FA5BBE3BE3656E8371CE] - |A| - [27/11/2015 09:59:54] - (.©2014 Dolby Laboratories. - Dolby Digital Plus APO x86.) - [319.79 Ko] - (7.6.5.1) - C:\WINDOWS\System32\DDPO64A.dll [MD5.62AEADF2C83A4D64751698A8956FE87F] - |A| - [27/11/2015 09:59:54] - (.©2014 Dolby Laboratories. - Dolby Digital Plus APO x86.) - [353.58 Ko] - (7.6.7.2) - C:\WINDOWS\System32\DDPO64AF3.dll [MD5.5DF56AE3D9AE6990CB189E3B0E4C322A] - |A| - [27/11/2015 09:59:54] - (.©2014 Dolby Laboratories. - Dolby DS1PC Control Panel x86.) - [6929.88 Ko] - (7.6.5.1) - C:\WINDOWS\System32\DDPP64A.dll [MD5.29DBEA923FB8458AEAD51C675E4A0678] - |A| - [27/11/2015 09:59:54] - (.©2014 Dolby Laboratories. - Dolby DS1PC Control Panel x86.) - [6117.81 Ko] - (7.6.7.2) - C:\WINDOWS\System32\DDPP64AF3.dll [MD5.00000000000000000000000000000000] - |D| - [06/06/2018 23:23:56] - [3368.5 Ko] - C:\WINDOWS\System32\de [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [45554.22 Ko] - C:\WINDOWS\System32\de-DE [MD5.C04ED7B2794D40E8E777FD44ED44FC50] - |A| - [12/04/2018 01:34:06] - (.-.) - [0.36 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultAccountTile.png [MD5.618BA9E529EAB7E11DBA43469481835F] - |A| - [12/04/2018 01:34:04] - (.-.) - [4128.04 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultHrtfs.bin [MD5.664AA698FC0106A2B075A641E8DC6302] - |A| - [12/04/2018 01:38:27] - (.-.) - [0.84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultQuestions.json [MD5.9160E0692CF341EAE992DADDC0FA5107] - |A| - [01/04/2016 21:52:43] - (.-.) - [15.77 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DESKTOP-EMB9DVO_defaultuser0_HistoryPrediction.bin [MD5.74CBFD8DD24538D3E5E24305905841F1] - |A| - [10/07/2015 14:22:52] - (.-.) - [15.77 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DESKTOP-M7P1NB6_Administrator_HistoryPrediction.bin [MD5.851A9305E14B348CA0D9C7FB75391FDB] - |A| - [14/11/2018 00:35:01] - (.-.) - [272.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DesktopKeepOnToastImg.gif [MD5.4A6FA3C0EFD237F104E09A22883D9388] - |A| - [12/04/2018 01:34:17] - (.-.) - [3.85 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DetailedReading-Default.xml [MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 01:38:21] - [952 Ko] - C:\WINDOWS\System32\DiagSvcs [MD5.12ACC91FA93C8BF82D4EF3FB779ECEF8] - |A| - [12/04/2018 01:34:24] - (.-.) - [80.27 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DiskSnapshot.conf [MD5.00000000000000000000000000000000] - |D| - [11/04/2018 23:04:37] - [10352.07 Ko] - C:\WINDOWS\System32\Dism [MD5.4550D8FD7ADD6D34DA39E535CA341A46] - |A| - [01/04/2016 19:10:28] - (.-.) - [800.24 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DisplayAudiox64.cab [MD5.6AB2B935BF38EB13CFCB9506223FD6E7] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DisplaySystemToastIcon.contrast-white.png [MD5.FF004E0B30E5E4EC747B3D8EF6E3B89E] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DisplaySystemToastIcon.png [MD5.010CBFA764DECCD5407926EBECEAA7E6] - |A| - [27/11/2015 09:59:54] - (.© 2015 Dolby Laboratories, Inc. - Dolby DAX2 APO Property Page.) - [930.65 Ko] - (0.5.1.22) - C:\WINDOWS\System32\DolbyDAX2APOProp.dll [MD5.A042B59B81FDF66A1D435194F6FD4796] - |A| - [27/11/2015 09:59:54] - (.© 2015 Dolby Laboratories, Inc. - Dolby DAX2 APO.) - [2380.02 Ko] - (0.5.1.22) - C:\WINDOWS\System32\DolbyDAX2APOv201.dll [MD5.AB587E1CD554E9A961D3CBFC35E8CB18] - |A| - [27/11/2015 09:59:54] - (.© 2015 Dolby Laboratories, Inc. - Dolby DAX2 APO.) - [2472.37 Ko] - (0.5.1.22) - C:\WINDOWS\System32\DolbyDAX2APOv211.dll [MD5.00000000000000000000000000000000] - |D| - [11/04/2018 23:04:37] - [2404.09 Ko] - C:\WINDOWS\System32\downlevel [MD5.60E6C68CB0B797EDD0386A68526935A4] - |A| - [01/04/2016 19:10:28] - (.-.) - [0.91 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DPTopologyApp.exe.config [MD5.899E708E589C09700BFF1C73CB7D7002] - |A| - [01/04/2016 19:10:28] - (.-.) - [0.87 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DPTopologyAppv2_0.exe.config [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:37:59] - [146949.65 Ko] - C:\WINDOWS\System32\drivers [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\System32\DriverState [MD5.00000000000000000000000000000000] - |D| - [11/04/2018 23:04:33] - [1869434.74 Ko] - C:\WINDOWS\System32\DriverStore [MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 01:38:21] - [276.5 Ko] - C:\WINDOWS\System32\dsc [MD5.F998AEC731583C3E26FFC3C456EB5B12] - |A| - [27/11/2015 09:59:54] - (.(c) DTS. - DTS Bass Enhancement COM DLL.) - [726.53 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSBassEnhancementDLL64.dll [MD5.8E485D955757593C6A7E1770F4B9A29F] - |A| - [27/11/2015 09:59:54] - (.(c) DTS. - DTS Boost COM DLL.) - [1473.57 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSBoostDLL64.dll [MD5.27E447068CF929894A21496E8B199099] - |A| - [27/11/2015 09:59:54] - (.(c) DTS. - DTS Gain Compensator COM DLL.) - [430.93 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSGainCompensatorDLL64.dll [MD5.6319D90878627E74A6B69BB9563C98B4] - |A| - [27/11/2015 09:59:54] - (.(c) DTS. - DTS GFX APO.) - [247.95 Ko] - (1.0.0.3) - C:\WINDOWS\System32\DTSGFXAPO64.dll [MD5.7648E89F9B66281AD3CBB9FA5FDBCC3F] - |A| - [27/11/2015 09:59:54] - (.(c) DTS. - DTS GFX APO.) - [246.95 Ko] - (1.0.0.3) - C:\WINDOWS\System32\DTSGFXAPONS64.dll [MD5.43B44CED5E1367BF77C12DF603C90EEA] - |A| - [27/11/2015 09:59:54] - (.(c) DTS. - DTS LFX APO.) - [247.92 Ko] - (1.0.0.3) - C:\WINDOWS\System32\DTSLFXAPO64.dll [MD5.1CF2B6071775FBE62EE2CD587AA18371] - |A| - [27/11/2015 09:59:54] - (.(c) DTS. - DTS Limiter COM DLL.) - [434.97 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSLimiterDLL64.dll [MD5.B9CE5847B882A6568331EC83D67A8609] - |A| - [27/11/2015 09:59:54] - (.(c) DTS. - DTS NEO:PC COM DLL.) - [492.49 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSNeoPCDLL64.dll [MD5.07F22A58B9614F920A3AC6CDE468C276] - |A| - [27/11/2015 09:59:54] - (.(c) DTS. - DTS Surround Sensation Headphone COM DLL.) - [1553.77 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSS2HeadphoneDLL64.dll [MD5.8EC82F6AC42FE0DDC00FDBEB95B324D7] - |A| - [27/11/2015 09:59:54] - (.(c) DTS. - DTS Surround Sensation Speaker COM DLL.) - [1738.89 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSS2SpeakerDLL64.dll [MD5.2CA445FFB0E591A69B8902E2599246C8] - |A| - [27/11/2015 09:59:54] - (.(c) DTS. - DTS Symmetry COM DLL.) - [710.39 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSSymmetryDLL64.dll [MD5.37642708D5222C80B231BC5FCE729DF7] - |A| - [27/11/2015 09:59:54] - (.(c) DTS. - DTS GFX APO.) - [488.83 Ko] - (2.1.1.0) - C:\WINDOWS\System32\DTSU2PGFX64.dll [MD5.970646D5D76C90F8379CB546B7EF4061] - |A| - [27/11/2015 09:59:54] - (.(c) DTS. - DTS LFX APO.) - [502.47 Ko] - (2.1.1.0) - C:\WINDOWS\System32\DTSU2PLFX64.dll [MD5.E59BD47EEB7A8F54A0237EDF078B6AEB] - |A| - [27/11/2015 09:59:54] - (.(c) DTS. - DTS LFX APO.) - [418.2 Ko] - (2.1.1.0) - C:\WINDOWS\System32\DTSU2PREC64.dll [MD5.75B6A46D1681E9AEF600EB593A51DB5A] - |A| - [27/11/2015 09:59:54] - (.(c) DTS. - DTS Voice Clarity COM DLL.) - [691.72 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSVoiceClarityDLL64.dll [MD5.DF84EB7B44D1414284BA384F0061D1DC] - |A| - [12/04/2018 01:34:04] - (.-.) - [728.08 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DynamicLong.bin [MD5.346870077DFD18867A9693C7A59AA3E6] - |A| - [12/04/2018 01:34:04] - (.-.) - [503.08 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DynamicMedium.bin [MD5.2BEC13D68312ADE8C0065D8BCC146D2F] - |A| - [12/04/2018 01:34:04] - (.-.) - [315.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DynamicShort.bin [MD5.10C38E1CA0D664F58E8B9F3645885E1D] - |A| - [13/02/2019 06:54:20] - (.-.) - [0.07 Ko] - (0.0.0.0) - C:\WINDOWS\System32\edgehtmlpluginpolicy.bin [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [451.5 Ko] - C:\WINDOWS\System32\el-GR [MD5.AB61D03BF6FC0F5378EC3CD61022726C] - |A| - [18/04/2016 16:22:24] - (.-.) - [22.66 Ko] - (0.0.0.0) - C:\WINDOWS\System32\emptyregdb.dat [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:18:38] - [3369 Ko] - C:\WINDOWS\System32\en [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [324 Ko] - C:\WINDOWS\System32\en-GB [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [41575.68 Ko] - C:\WINDOWS\System32\en-US [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [433.5 Ko] - C:\WINDOWS\System32\es-ES [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [358.5 Ko] - C:\WINDOWS\System32\es-MX [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [318.5 Ko] - C:\WINDOWS\System32\et-EE [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29 Ko] - C:\WINDOWS\System32\eu-ES [MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 01:38:21] - [17317.64 Ko] - C:\WINDOWS\System32\F12 [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\System32\fa-IR [MD5.4DBB768C8F7E49566670FF10A61726A3] - |A| - [31/07/2018 08:58:54] - (.-.) - [1278 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FaceProcessor.dll [MD5.F5A3997555DA1A4F7036D4E8B2FCB386] - |A| - [31/07/2018 08:58:40] - (.-.) - [530.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FaceProcessorCore.dll [MD5.BB0137476B1EC8B10CE944BF023C91F6] - |A| - [12/04/2018 01:34:04] - (.-.) - [1317.05 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FaceTrackerInternal.dll [MD5.4DED57BD7ACB9B0EBBE82034EC44645A] - |A| - [12/04/2018 01:34:41] - (.-.) - [43.22 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FeatureToastBulldogImg.png [MD5.E65D2A37B6D4445D0CD9234BA933475B] - |A| - [12/04/2018 01:33:53] - (.-.) - [72.96 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FeatureToastHeroImg.jpg [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [404.5 Ko] - C:\WINDOWS\System32\fi-FI [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32.5 Ko] - C:\WINDOWS\System32\fil-PH [MD5.A08B87CC51FB774ED45FDF4284B1974F] - |A| - [01/04/2016 19:10:28] - (.-.) - [626.49 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FilmModeDetection.wmv [MD5.BF45AC5AD646F9FF704F1B669C2BFA10] - |A| - [06/06/2018 22:33:42] - (.-.) - [393.47 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FNTCACHE.DAT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:18:38] - [3403 Ko] - C:\WINDOWS\System32\fr [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [369 Ko] - C:\WINDOWS\System32\fr-CA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [45679 Ko] - C:\WINDOWS\System32\fr-FR [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\System32\FxsTmp [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32.5 Ko] - C:\WINDOWS\System32\ga-IE [MD5.41FD64AE28A0C932CA7B2A250993D675] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.45 Ko] - (0.0.0.0) - C:\WINDOWS\System32\GameSystemToastIcon.contrast-white.png [MD5.6DC77FD8B062264AF1C6DA325ABB7010] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\GameSystemToastIcon.png [MD5.2E6AF4D5BF6E31E728F409984C3045D4] - |A| - [12/04/2018 01:34:39] - (.-.) - [86.7 Ko] - (0.0.0.0) - C:\WINDOWS\System32\gatherNetworkInfo.vbs [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [34 Ko] - C:\WINDOWS\System32\gd-GB [MD5.899E708E589C09700BFF1C73CB7D7002] - |A| - [01/04/2016 19:10:28] - (.-.) - [0.87 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxv2_0.exe.config [MD5.60E6C68CB0B797EDD0386A68526935A4] - |A| - [01/04/2016 19:10:28] - (.-.) - [0.91 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxv4_0.exe.config [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [31 Ko] - C:\WINDOWS\System32\gl-ES [MD5.00000000000000000000000000000000] - |D| - [10/07/2015 13:04:22] - [0 Ko] - C:\WINDOWS\System32\GroupPolicy [MD5.00000000000000000000000000000000] - |D| - [10/07/2015 13:04:22] - [0 Ko] - C:\WINDOWS\System32\GroupPolicyUsers [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29 Ko] - C:\WINDOWS\System32\gu-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29 Ko] - C:\WINDOWS\System32\ha-Latn-NG [MD5.EA99A87E98D995DE6E280CF85CEAD413] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.21 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HandwritingSystemToastIcon.contrast-white.png [MD5.B8E586ED92DB703FFA480E254996160E] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.89 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HandwritingSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [327.5 Ko] - C:\WINDOWS\System32\he-IL [MD5.6E9E9D56B192B2995493E529CFF2BBFE] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.43 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadphoneSystemToastIcon.contrast-white.png [MD5.7F1E9502267F778F3A8139C35A352190] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.09 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadphoneSystemToastIcon.png [MD5.202A07E4526B050E22624328E64E0470] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.52 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadsetSystemToastIcon.contrast-white.png [MD5.1892ACC10CAC009BCAC146AD650ABA58] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.17 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadsetSystemToastIcon.png [MD5.031713BFD5F30E63336D3CA5D2767BE9] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.79 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HealthSystemToastIcon.contrast-white.png [MD5.C1BD7976C99830E33A713D02374054EC] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.62 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HealthSystemToastIcon.png [MD5.D6906D226393F94E7D8B3B2AC1E41D94] - |A| - [12/04/2018 01:34:10] - (.-.) - [247.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeatCore.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29 Ko] - C:\WINDOWS\System32\hi-IN [MD5.A33087B72E6E2DA9793CD5C42B3A9F5D] - |A| - [27/11/2015 09:59:55] - (.© 2015 Dolby Laboratories, Inc. - Dolby DAX2 HiFi API.) - [349.14 Ko] - (0.5.1.30) - C:\WINDOWS\System32\HiFiDAX2API.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [335 Ko] - C:\WINDOWS\System32\hr-HR [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [411 Ko] - C:\WINDOWS\System32\hu-HU [MD5.E1712E7E7F912EC72EEDA318C3B25E25] - |A| - [12/04/2018 01:33:54] - (.-.) - [31 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HvSocket.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [27.5 Ko] - C:\WINDOWS\System32\hy-AM [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:20] - [160.64 Ko] - C:\WINDOWS\System32\hydrogen [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [5.36 Ko] - C:\WINDOWS\System32\ias [MD5.842F25C63A6F4338558E1216D64DAB87] - |A| - [27/11/2015 09:59:55] - (.Copyright (c) 2015, ICEpower a/s - ICEpower ICEsound audio effects.) - [332.66 Ko] - (1.0.0.15) - C:\WINDOWS\System32\ICEsoundAPO64.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [36.27 Ko] - C:\WINDOWS\System32\icsxml [MD5.CD591279F103D5E02F84ABD7ED450E57] - |RA| - [12/04/2018 01:34:12] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU I18N DLL.) - [1848 Ko] - (59.1.0.0) - C:\WINDOWS\System32\icuin.dll [MD5.4185EE055F39FD2D726A91E6A8A1A093] - |RA| - [12/04/2018 01:34:12] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Common DLL.) - [1311.5 Ko] - (59.1.0.0) - C:\WINDOWS\System32\icuuc.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\System32\id-ID [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [27 Ko] - C:\WINDOWS\System32\ig-NG [MD5.DB1CEFDBC12AF6DBA1AB4934BF58BD80] - |A| - [01/04/2016 19:10:29] - (.-.) - [5661.23 Ko] - (0.0.0.0) - C:\WINDOWS\System32\igdclbif.bin [MD5.C6009A38AE6A58D72F7661489F861BA6] - |A| - [01/04/2016 19:10:29] - (.Copyright (C) 2012-2015 - MDF(CM) Runtime DX11 Dynamic Link Library.) - [424.9 Ko] - (5.0.0.1133) - C:\WINDOWS\System32\igfx11cmrt64.dll [MD5.DE2E14CB3A0110944E284698AFB225F7] - |A| - [01/04/2016 19:10:29] - (.Copyright (C) 2010 - 2015 - MDF(CM) JIT Dynamic Link Library.) - [1540.01 Ko] - (5.0.0.1133) - C:\WINDOWS\System32\igfxcmjit64.dll [MD5.59C5EBADFE0BE6ECC9B461E2FA9442DB] - |A| - [01/04/2016 19:10:29] - (.Copyright (C) 2010 - 2015 - MDF(CM) Runtime Dynamic Link Library.) - [423.8 Ko] - (5.0.0.1133) - C:\WINDOWS\System32\igfxcmrt64.dll [MD5.1E954B640532246DCD5B87D5E4C1F667] - |A| - [01/04/2016 19:10:29] - (.-.) - [267.02 Ko] - (0.0.0.0) - C:\WINDOWS\System32\igfxCPL.cpl [MD5.93AC582C74269C3F6852C224A4C84207] - |A| - [01/04/2016 19:10:29] - (.-.) - [101.02 Ko] - (0.0.0.0) - C:\WINDOWS\System32\igfxCUIServicePS.dll [MD5.D6795F3A84AF5B273C082956111564CC] - |A| - [01/04/2016 19:10:29] - (.-.) - [81.51 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxDHLib.dll [MD5.D8183FBDA6AB1EF70F35005EAC1EBE84] - |A| - [01/04/2016 19:10:29] - (.-.) - [93.01 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxDHLibv2_0.dll [MD5.E25C0FB9616E6EA0884396E1C9CA22B0] - |A| - [01/04/2016 19:10:29] - (.-.) - [28.51 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxDILib.dll [MD5.ACA7144ED32AA5B8B8EEE84D93BDEDD0] - |A| - [01/04/2016 19:10:29] - (.-.) - [28.51 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxDILibv2_0.dll [MD5.FA604E9281DEBD6A4AC4806267BF1E08] - |A| - [01/04/2016 19:10:29] - (.-.) - [27.02 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxEMLib.dll [MD5.E0239220A3C54C96BAD67A1DD8E3585A] - |A| - [01/04/2016 19:10:29] - (.-.) - [27.01 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxEMLibv2_0.dll [MD5.F22C0889E1688046FD96F1B219C643E3] - |A| - [01/04/2016 19:10:29] - (.-.) - [22.01 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxLHMLib.dll [MD5.EA09646B1AABE40040EE267D7E6DFC3D] - |A| - [01/04/2016 19:10:29] - (.-.) - [22.01 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxLHMLibv2_0.dll [MD5.0C7E5997EC4B4403B6AB3A94DA12FC44] - |A| - [01/04/2016 19:10:29] - (.-.) - [1002.41 Ko] - (0.0.0.0) - C:\WINDOWS\System32\igfxSDK.exe [MD5.074093CD8E92AE9B048DF6CD2E5743FF] - |A| - [01/04/2016 19:10:29] - (.-.) - [98.51 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxSDKLib.dll [MD5.71DB6B30795E9652B5F114CE5BA78307] - |A| - [01/04/2016 19:10:29] - (.-.) - [109.01 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxSDKLibv2_0.dll [MD5.8CF274936289912BDCE019558C102C9D] - |A| - [01/04/2016 19:10:29] - (.-.) - [392.91 Ko] - (0.0.0.0) - C:\WINDOWS\System32\igfxTray.exe [MD5.6C0F36ABFE80433B352FA7748ED887BF] - |A| - [01/04/2016 19:10:29] - (.-.) - [2748 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxa64.cpa [MD5.0D3AF85E1F169395885151038ADE9317] - |A| - [01/04/2016 19:10:29] - (.-.) - [1.1 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxa64.vp [MD5.A0D0A10C8DA1B00A2EE378357F72BA90] - |A| - [01/04/2016 19:10:29] - (.-.) - [39.37 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxc64.vp [MD5.7B929507BB2C2A3FBD2956EC3515364C] - |A| - [01/04/2016 19:10:29] - (.-.) - [40.33 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxc64_dev.vp [MD5.1A8302994182D4FC003A71DC6D23EE81] - |A| - [01/04/2016 19:10:29] - (.-.) - [38.73 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxg64.vp [MD5.38FA402460982FE9A071BEC11C58B0D3] - |A| - [01/04/2016 19:10:29] - (.-.) - [38.87 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxg64_dev.vp [MD5.26526A63D35D8E4E19C46F920AAF48F2] - |A| - [01/04/2016 19:10:29] - (.-.) - [39.4 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxo64.vp [MD5.9CD97189D5A5E409BBEC1B28A8AFD428] - |A| - [01/04/2016 19:10:29] - (.-.) - [39.97 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxo64_dev.vp [MD5.75AC973DD17F1B61F02D40CD87A507FC] - |A| - [01/04/2016 19:10:29] - (.-.) - [4.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxs64.vp [MD5.67B646C256190F118619C9D10AAE4B5C] - |A| - [12/04/2018 01:34:04] - (.-.) - [168 Ko] - (0.0.0.0) - C:\WINDOWS\System32\IHDS.dll [MD5.3ED204C864E5CC3C78D3DBB707D102D1] - |A| - [01/04/2016 19:10:30] - (.-.) - [394.21 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ImageStabilization.wmv [MD5.3305FDD2C7908F21851E134B7630D9A1] - |A| - [13/09/2016 18:14:14] - (.-.) - [251.83 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iMDriverHelper.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [25221.12 Ko] - C:\WINDOWS\System32\IME [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\System32\inetsrv [MD5.BB1480586B5C174900A1051CEB2B462F] - |A| - [12/04/2018 01:34:12] - (.-.) - [480.22 Ko] - (0.0.0.0) - C:\WINDOWS\System32\InputHost.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [6671.5 Ko] - C:\WINDOWS\System32\InputMethod [MD5.8DE9AE82152650C178BF1E24014E8503] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.25 Ko] - (0.0.0.0) - C:\WINDOWS\System32\InputSystemToastIcon.contrast-white.png [MD5.0B9FBD6F3ED617CD36D042D3422F1C2B] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\InputSystemToastIcon.png [MD5.E842258D4922BB68FF0D4CEC3621D8E9] - |A| - [01/04/2016 19:10:30] - (.Copyright (C) 2015 - IntelCpHDCPSvc Executable.) - [604.41 Ko] - (1.0.0.1) - C:\WINDOWS\System32\IntelCpHDCPSvc.exe [MD5.9B4DA2AEC9F46E807A60BD744ABFCD8B] - |A| - [01/04/2016 19:10:30] - (.Copyright © The Khronos Group Inc 2014 - OpenCL Client DLL.) - [97.51 Ko] - (2.0.2.0) - C:\WINDOWS\System32\Intel_OpenCL_ICD64.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\System32\Ipmi [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29 Ko] - C:\WINDOWS\System32\is-IS [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [432.5 Ko] - C:\WINDOWS\System32\it-IT [MD5.D055DC7ACE8A4012F73F8274EF7F490C] - |A| - [27/11/2015 09:59:55] - (.© Knowles Electronics. - Knowles HD Audio APO.) - [603.7 Ko] - (4.1105.6000.53) - C:\WINDOWS\System32\KAAPORT64.dll [MD5.23AC7515B6D8A794BCC01B582F044078] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.82 Ko] - (0.0.0.0) - C:\WINDOWS\System32\KeyboardSystemToastIcon.contrast-white.png [MD5.3DF873E16CCEA9B42857FB5FA085CB00] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\KeyboardSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\System32\kk-KZ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28 Ko] - C:\WINDOWS\System32\km-KH [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [31.5 Ko] - C:\WINDOWS\System32\kn-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [297 Ko] - C:\WINDOWS\System32\ko-KR [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29 Ko] - C:\WINDOWS\System32\kok-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\System32\ku-Arab-IQ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\System32\ky-KG [MD5.9451D4436E2EA67EB33FCC764E4AABED] - |A| - [14/11/2018 00:35:24] - (.-.) - [186.29 Ko] - (0.0.0.0) - C:\WINDOWS\System32\LaptopPlugInToastImg.gif [MD5.F0CC83E1BA7E24F9B3292160C28AECD7] - |A| - [12/04/2018 01:34:04] - (.-.) - [145.56 Ko] - (0.0.0.0) - C:\WINDOWS\System32\LargeRoom.bin [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [33 Ko] - C:\WINDOWS\System32\lb-LU [MD5.4F5120E44845A78D5920D2F0BDE0340F] - |A| - [12/04/2018 18:22:53] - (.-.) - [1953 Ko] - (2.6.4.0) - C:\WINDOWS\System32\libcrypto.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [559.86 Ko] - C:\WINDOWS\System32\Licenses [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [27 Ko] - C:\WINDOWS\System32\lo-LA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [5289.83 Ko] - C:\WINDOWS\System32\LogFiles [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [333 Ko] - C:\WINDOWS\System32\lt-LT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [331.5 Ko] - C:\WINDOWS\System32\lv-LV [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [62388.9 Ko] - C:\WINDOWS\System32\Macromed [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32.68 Ko] - C:\WINDOWS\System32\MailContactsCalendarSync [MD5.ED33332944214CA6C12EDB837BCF4A51] - |A| - [27/11/2015 09:59:55] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [322.82 Ko] - (2.2.9.0) - C:\WINDOWS\System32\MaxxAudioAPO20.dll [MD5.2351E9DFBC7BA4D4D7B2C9F03874A08F] - |A| - [27/11/2015 09:59:55] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [662.3 Ko] - (3.6.0.0) - C:\WINDOWS\System32\MaxxAudioAPO30.dll [MD5.99C50E19D7F204C4E8059BCD22655629] - |A| - [27/11/2015 09:59:55] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [1137.05 Ko] - (4.5.8.0) - C:\WINDOWS\System32\MaxxAudioAPO4064.dll [MD5.9B834DC22CFDF95E0054F0D9940B0307] - |A| - [27/11/2015 09:59:55] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [1183.43 Ko] - (5.6.5.0) - C:\WINDOWS\System32\MaxxAudioAPO5064.dll [MD5.E75EC3F1298F9BFD5BB68245F8321214] - |A| - [27/11/2015 09:59:55] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [1363.05 Ko] - (6.1.14.0) - C:\WINDOWS\System32\MaxxAudioAPO6064.dll [MD5.6987A7EE8C7973BB445643586620C6E1] - |A| - [27/11/2015 09:59:55] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [2757.11 Ko] - (7.0.10.0) - C:\WINDOWS\System32\MaxxAudioAPO7064.dll [MD5.5F6FC05FA6661C89D39BEE3C54BABBDC] - |A| - [27/11/2015 09:59:55] - (.Copyright (C) 2010-2013 - MaxxAudio APO Shell.) - [909.79 Ko] - (4.10.8.0) - C:\WINDOWS\System32\MaxxAudioAPOShell64.dll [MD5.3F517EF1A61E99733483954B9986DF24] - |A| - [27/11/2015 09:59:55] - (.Copyright © 1996-2014 -.) - [2002.13 Ko] - (4.1.1.0) - C:\WINDOWS\System32\MaxxAudioEQ64.dll [MD5.B74F6FE843BC1626A91D1BD737A39315] - |A| - [27/11/2015 09:59:55] - (.Copyright © 1996-2013 -.) - [13727.79 Ko] - (4.4.10.0) - C:\WINDOWS\System32\MaxxAudioRealtek64.dll [MD5.86DACC00E1D25A19D73EA0CF380D63C0] - |A| - [27/11/2015 09:59:55] - (.© Waves Audio Ltd. - MaxxSpeech APO.) - [1303.11 Ko] - (1.1.4.0) - C:\WINDOWS\System32\MaxxSpeechAPO64.dll [MD5.2E1F3E59896C4237846F4C400CDD96F3] - |A| - [27/11/2015 09:59:55] - (.© Waves Audio Ltd. - MaxxVoice APO.) - [974.64 Ko] - (2.6.2.0) - C:\WINDOWS\System32\MaxxVoiceAPO2064.dll [MD5.65F48480610AA04515CC8F6CDA09F514] - |A| - [27/11/2015 09:59:55] - (.© Waves Audio Ltd. - MaxxVoice APO.) - [12813.24 Ko] - (3.1.14.0) - C:\WINDOWS\System32\MaxxVoiceAPO3064.dll [MD5.97E5C974A480D469D03EA1667FCB521C] - |A| - [27/11/2015 09:59:55] - (.© Waves Audio Ltd. - MaxxVoice APO.) - [12682.16 Ko] - (4.0.19.0) - C:\WINDOWS\System32\MaxxVoiceAPO4064.dll [MD5.AE6AB856F89D3FAC935D7D8C641235E1] - |A| - [27/11/2015 09:59:55] - (.© Waves Audio Ltd. - MaxxVolumeSD APO.) - [661.8 Ko] - (3.6.0.0) - C:\WINDOWS\System32\MaxxVolumeSDAPO.dll [MD5.3DCF07F29FFC6A20F14E05C20D3621F7] - |A| - [14/03/2019 01:00:34] - (.-.) - [791.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MBR2GPT.EXE [MD5.F23EB28468FC8B62AF941308EC30387F] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.25 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediaSystemToastIcon.contrast-white.png [MD5.6E27512E38D598E0A60F8E5ADCF032CD] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.83 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediaSystemToastIcon.png [MD5.69D04DE701CF1E8CE69C65D1671D2B3F] - |A| - [12/04/2018 01:34:04] - (.-.) - [107.46 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediumRoom.bin [MD5.D225B2044789A6059344503C1AE33347] - |A| - [12/04/2018 01:34:29] - (.-.) - [3.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\mmc.exe.config [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30.5 Ko] - C:\WINDOWS\System32\mn-MN [MD5.B43E43FFFDD0F06A6925C7C89594042B] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.35 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MouseSystemToastIcon.contrast-white.png [MD5.5D2F0D3E50BF1129D260AC1405FF2A18] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.06 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MouseSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\System32\mr-IN [MD5.00000000000000000000000000000000] - |D| - [02/04/2016 12:37:34] - [0 Ko] - C:\WINDOWS\System32\MRT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\System32\ms-MY [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [45.5 Ko] - C:\WINDOWS\System32\MSDRM [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [4356.28 Ko] - C:\WINDOWS\System32\MsDtc [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [31 Ko] - C:\WINDOWS\System32\mt-MT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [32.3 Ko] - C:\WINDOWS\System32\MUI [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [34.35 Ko] - C:\WINDOWS\System32\my-mm [MD5.9DBCC4085916BEBD794B3FD2C12FA2A4] - |A| - [27/11/2015 09:59:55] - (.Copyright © 2013 Nahimic Inc. All rights reserved - Nahimic APO lfx dll.) - [5165.97 Ko] - (6.3.9600.17231) - C:\WINDOWS\System32\NAHIMICAPOlfx.dll [MD5.5DB3D7FEEAA47EA7E7EFEA203CF9CFE7] - |A| - [27/11/2015 09:59:55] - (.Copyright © 2013 Nahimic Inc. All rights reserved - Nahimic APO Settings Communication Dll.) - [980.34 Ko] - (1.0.0.14866) - C:\WINDOWS\System32\NahimicAPONSControl.dll [MD5.8B343B1626BF9F0646439BAFB08B02EF] - |A| - [27/11/2015 09:59:55] - (.Copyright © 2013 Nahimic Inc. All rights reserved - Nahimic APO lfx dll.) - [5639.8 Ko] - (6.3.9600.16384) - C:\WINDOWS\System32\NAHIMICV2apo.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [393.5 Ko] - C:\WINDOWS\System32\nb-NO [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [512 Ko] - C:\WINDOWS\System32\NDF [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [31.5 Ko] - C:\WINDOWS\System32\ne-NP [MD5.2166A03509EEA1005F7FE3EE93AA93E5] - |A| - [23/07/2017 16:25:03] - (.-.) - [159.69 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NetSetupMig.log [MD5.C146E873B22C3B300B21A859FE66C27A] - |A| - [12/04/2018 01:34:39] - (.-.) - [21.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NetTrace.PLA.Diagnostics.xml [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [51 Ko] - C:\WINDOWS\System32\networklist [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [422.5 Ko] - C:\WINDOWS\System32\nl-NL [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\System32\nn-NO [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30.5 Ko] - C:\WINDOWS\System32\nso-ZA [MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 01:38:21] - [3781.5 Ko] - C:\WINDOWS\System32\Nui [MD5.1F8E72D18D9DF680D0E0E5AA10ECA760] - |A| - [12/04/2018 01:38:28] - (.-.) - [16.94 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OEMDefaultAssociations.xml [MD5.688C53AFDB3DCDF26AA84276674DEB8C] - |A| - [16/07/2015 18:32:33] - (.-.) - [42.24 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OEMLOGO.bmp [MD5.F3DC097E834C1A11F2BEDFD429C644A9] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.41 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.contrast-black.png [MD5.BFE1CCA08FEFC8A3422F7DA615567D75] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.43 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.contrast-white.png [MD5.F3DC097E834C1A11F2BEDFD429C644A9] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.41 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [24072.89 Ko] - C:\WINDOWS\System32\oobe [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:54] - [3834.5 Ko] - C:\WINDOWS\System32\OpenSSH [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32.5 Ko] - C:\WINDOWS\System32\or-IN [MD5.459FB33AA2114A28C5932FEAA115B072] - |A| - [12/04/2018 01:34:04] - (.-.) - [45.82 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OutdoorAudioEnvironment.bin [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\System32\pa-Arab-PK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\System32\pa-IN [MD5.874B0871DA3EC061D1BF30423C1E165B] - |A| - [12/04/2018 01:34:43] - (.-.) - [48.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PerceptionSimulationInput.exe [MD5.77AB487CABF2266017836CD5ECFDE396] - |A| - [06/06/2018 23:23:58] - (.-.) - [146.7 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc007.dat [MD5.F3EDAD0D3AB48E071477BB0E83EE44D7] - |A| - [12/04/2018 01:40:29] - (.-.) - [130.72 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc009.dat [MD5.04A0F872E6FA238853CC96B6F55A734E] - |A| - [12/04/2018 18:18:42] - (.-.) - [146.95 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc00C.dat [MD5.C6A00700213A4CDFAC7B02FAABC2FA10] - |A| - [06/06/2018 23:23:58] - (.-.) - [39.57 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd007.dat [MD5.1E60BC5E525063B96078DF17FBD3C4E1] - |A| - [12/04/2018 01:40:29] - (.-.) - [32.64 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd009.dat [MD5.9F9AF8517189B0D61B2615007E071084] - |A| - [12/04/2018 18:18:42] - (.-.) - [39.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd00C.dat [MD5.293A8D1D16E52FEA1EE0A2CAFB24FAE2] - |A| - [06/06/2018 23:23:58] - (.-.) - [715.91 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh007.dat [MD5.36627DC7164B2FDE895B402BAC2B0F46] - |A| - [12/04/2018 01:40:29] - (.-.) - [685.97 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh009.dat [MD5.67D2F7410F4F6A6D675834A472DEC07A] - |A| - [12/04/2018 18:18:42] - (.-.) - [774.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh00C.dat [MD5.7B82A2472096C9FCF698F8A3F82DA4A8] - |A| - [06/06/2018 22:40:51] - (.-.) - [2589.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PerfStringBackup.INI [MD5.79D34E3B62076D4C875C748F5BE71ECA] - |A| - [12/04/2018 01:34:02] - (.-.) - [2.21 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PhoneSystemToastIcon.contrast-white.png [MD5.4D9495349D00D9AD907F227FF51F289F] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.92 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PhoneSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [420 Ko] - C:\WINDOWS\System32\pl-PL [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [705 Ko] - C:\WINDOWS\System32\PointOfService [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:18:39] - [1392.38 Ko] - C:\WINDOWS\System32\Printing_Admin_Scripts [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\System32\ProximityToast [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30.5 Ko] - C:\WINDOWS\System32\prs-AF [MD5.007893E8374C766471239EB291BA8C17] - |A| - [12/04/2018 01:34:40] - (.-.) - [4.05 Ko] - (0.0.0.0) - C:\WINDOWS\System32\psmodulediscoveryprovider.mof [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [422 Ko] - C:\WINDOWS\System32\pt-BR [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [417.5 Ko] - C:\WINDOWS\System32\pt-PT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32.5 Ko] - C:\WINDOWS\System32\quc-Latn-GT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30.5 Ko] - C:\WINDOWS\System32\quz-PE [MD5.58B00FC6AA2F6B1EA7C0B974A4A73546] - |A| - [27/11/2015 09:59:55] - (.©2012 Dolby Laboratories. - Dolby PCEE4 ASL Analog x64.) - [131.06 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EEA64A.dll [MD5.FE3045DC3EC4760A02477991A7B591DC] - |A| - [27/11/2015 09:59:55] - (.©2012 Dolby Laboratories. - Dolby PCEE4 COM DLL x64.) - [437.23 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EED64A.dll [MD5.5081C4130C97CCA979DB34027703D4AE] - |A| - [27/11/2015 09:59:55] - (.©2012 Dolby Laboratories. - Dolby PCEE4 GFX APO x64.) - [82.64 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EEG64A.dll [MD5.0E30B20BAF8B748ED73CFCD23A023C23] - |A| - [27/11/2015 09:59:55] - (.©2012 Dolby Laboratories. - Dolby PCEE4 LFX APO x64.) - [148.23 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EEL64A.dll [MD5.BEFC30C51A92764BE6DC762BF60979E2] - |A| - [27/11/2015 09:59:55] - (.©2012 Dolby Laboratories. - Dolby PCEE4 Control Panel x64.) - [7004.8 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EEP64A.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [23.75 Ko] - C:\WINDOWS\System32\ras [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\System32\RasToast [MD5.5BBEA6A833CAE2CAB5E400D757998BBF] - |A| - [06/06/2018 23:28:14] - (.-.) - [1907.5 Ko] - (1.0.1802.7001) - C:\WINDOWS\System32\rdpnano.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [425854.98 Ko] - C:\WINDOWS\System32\Recovery [MD5.826549DF7B1333179BA8CA939B12DAD3] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RemoteSystemToastIcon.contrast-white.png [MD5.B4DEEC96F9DF6961D5DE054F11BF9C2B] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.1 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RemoteSystemToastIcon.png [MD5.93915F385A4EED6C0FBEE364EA90CE56] - |A| - [12/04/2018 01:34:43] - (.-.) - [9.09 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriHMImageList [MD5.39A2449AFF6ABAD80B97EA7C7CEB3F8E] - |A| - [12/04/2018 01:34:43] - (.-.) - [8.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriImageList [MD5.831C579709F4761E4AB7053FCF4176EC] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.contrast-black.png [MD5.DF286186041C6BF73C5DC21CEEEFFED5] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.77 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.contrast-white.png [MD5.831C579709F4761E4AB7053FCF4176EC] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0.07 Ko] - C:\WINDOWS\System32\restore [MD5.DD7B96ECA33C6EC7F6AB0B37DC381D20] - |A| - [27/11/2015 09:59:39] - (.-.) - [16.39 Ko] - (0.0.0.0) - C:\WINDOWS\System32\results.xml [MD5.2A2EE8A5D5F9E11DAEB722E2BE682238] - |A| - [27/11/2015 09:59:56] - (.© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DAA Control Panel x64.) - [314.18 Ko] - (6.0.6001.18) - C:\WINDOWS\System32\RP3DAA64.dll [MD5.FA7199ABA84E2A914AD9174D2A9ACD2E] - |A| - [27/11/2015 09:59:56] - (.© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DHT Control Panel x64.) - [314.18 Ko] - (6.0.6001.18) - C:\WINDOWS\System32\RP3DHT64.dll [MD5.E64DB0AC8C2AB86639227456CDA1D9CB] - |A| - [27/11/2015 09:59:56] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 COM DLL x64.) - [209.8 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEED64A.dll [MD5.C2EE07C5D2305ED0B4FC71935CC7916D] - |A| - [27/11/2015 09:59:56] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 GFX APO x64.) - [86.28 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEEG64A.dll [MD5.9C1F270FFC8D6F414AD87CEF673C093C] - |A| - [27/11/2015 09:59:56] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 LFX APO x64.) - [108.39 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEEL64A.dll [MD5.518A179F83F751292573DCC418764BE6] - |A| - [27/11/2015 09:59:56] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 Control Panel x64.) - [378.24 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEEP64A.dll [MD5.BA34CA469FE48B13922CD7A07A4A904A] - |A| - [09/10/2018 23:36:15] - (.-.) - [51.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\runexehelper.exe [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\System32\rw-RW [MD5.5C18CD22BE4628865FCB63337A6E5EF6] - |A| - [12/04/2018 01:35:22] - (.-.) - [10.18 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScavengeSpace.xml [MD5.2F24BC74DCB28FE032C1596755385917] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.contrast-black.png [MD5.E72B1B6800DE45AA9AE7E10F899E5999] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.54 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.contrast-white.png [MD5.2F24BC74DCB28FE032C1596755385917] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\System32\sd-Arab-PK [MD5.A8308D2F3DDE0745E8B678BF69A2ECD0] - |A| - [12/04/2018 01:34:39] - (.-.) - [8 Ko] - (0.0.0.0) - C:\WINDOWS\System32\settings.dat [MD5.BA91C3568EEC59488EF9FC1B171FBCCA] - |A| - [27/11/2015 09:59:56] - (.Copyright (c) 2006-2011 Synopsys, Inc. All Rights Reserved - SFAPO.DLL.) - [86.26 Ko] - (3.0.0.16) - C:\WINDOWS\System32\SFAPO64.dll [MD5.0411441302C7A1B05CE0B6D98DCE0441] - |A| - [27/11/2015 09:59:56] - (.Copyright (c) 2006-2011 Synopsys, Inc. All Rights Reserved - SFCOM.DLL.) - [88.79 Ko] - (3.0.0.16) - C:\WINDOWS\System32\SFCOM64.dll [MD5.1AA5227160754F99FF583A7E82434D90] - |A| - [27/11/2015 09:59:56] - (.Copyright (c) 2006-2011 Synopsys, Inc. All Rights Reserved - SFNHK.DLL.) - [226.48 Ko] - (3.0.0.16) - C:\WINDOWS\System32\SFNHK64.dll [MD5.FE94A45D390EA35B45FC497B5279D99C] - |A| - [27/11/2015 09:59:56] - (.Copyright (C) 2013 DTS, Inc. - DTS Studio Sound.) - [939.3 Ko] - (3.1.39.0) - C:\WINDOWS\System32\sl3apo64.dll [MD5.6F2E53F8EE2ED1E7FAAE1848D8028F00] - |A| - [27/11/2015 09:59:56] - (.Copyright (C) 2011 SRS Labs, Inc. - SRS Labs.) - [1095.57 Ko] - (3.1.39.0) - C:\WINDOWS\System32\slcnt64.dll [MD5.00000000000000000000000000000000] - |D| - [06/06/2018 22:33:42] - [905033.87 Ko] - C:\WINDOWS\System32\SleepStudy [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:18:39] - [150.63 Ko] - C:\WINDOWS\System32\slmgr [MD5.934AF299F1ECE9C87764034DB22ED269] - |A| - [27/11/2015 09:59:56] - (.TODO: (c) . - TODO: .) - [252.45 Ko] - (1.0.0.1) - C:\WINDOWS\System32\slprp64.dll [MD5.2F9C6652FB6B1AE70F10C4A396263D9C] - |A| - [27/11/2015 09:59:56] - (.Copyright (C) 2013 DTS, Inc. - DTS Studio Sound.) - [731.45 Ko] - (3.1.39.0) - C:\WINDOWS\System32\sltech64.dll [MD5.DAC275ABAAD2B689D7BB3685E4032072] - |A| - [12/04/2018 01:34:04] - (.-.) - [68.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SmallRoom.bin [MD5.00000000000000000000000000000000] - |D| - [11/04/2018 23:04:33] - [13385.02 Ko] - C:\WINDOWS\System32\SMI [MD5.55121989BE7B289813D419BA0FDEE8B7] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.contrast-black.png [MD5.E30B7D226E7B5B0EC2B9FC2316694ECC] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.88 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.contrast-white.png [MD5.55121989BE7B289813D419BA0FDEE8B7] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.png [MD5.DE3EAAF17BC934C77C4FC0C626EEA03B] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.48 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SpeakersSystemToastIcon.contrast-white.png [MD5.3308374DB8D20CFDA4D4204E2B5E559E] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.88 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SpeakersSystemToastIcon.png [MD5.3C238A27DD48D63F21CBB8AE6E4210BD] - |A| - [12/04/2018 01:34:41] - (.-.) - [37 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SpectrumSyncClient.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [7763.9 Ko] - C:\WINDOWS\System32\Speech [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [12278.67 Ko] - C:\WINDOWS\System32\Speech_OneCore [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [449663.3 Ko] - C:\WINDOWS\System32\spool [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [12500.53 Ko] - C:\WINDOWS\System32\spp [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [23.61 Ko] - C:\WINDOWS\System32\sppui [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30.5 Ko] - C:\WINDOWS\System32\sq-AL [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\System32\sr-Cyrl-BA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\System32\sr-Cyrl-RS [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [0 Ko] - C:\WINDOWS\System32\sr-Latn-CS [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [337 Ko] - C:\WINDOWS\System32\sr-Latn-RS [MD5.218DB269A87BCB7FC0CBB152287FA385] - |A| - [27/11/2015 09:59:56] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRAPO.DLL.) - [456.22 Ko] - (4.0.0.59) - C:\WINDOWS\System32\SRAPO64.dll [MD5.E35B33E4DB4ABF6FF5C26E4D2E992B96] - |A| - [27/11/2015 09:59:56] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRCOM.DLL.) - [333.16 Ko] - (4.0.0.59) - C:\WINDOWS\System32\SRCOM.dll [MD5.6D51F065B1BFABEAEA552781A3C9A274] - |A| - [27/11/2015 09:59:56] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRCOM.DLL.) - [372.48 Ko] - (4.0.0.59) - C:\WINDOWS\System32\SRCOM64.dll [MD5.2E00E08420875FAE0B173C6A34C2A575] - |A| - [06/06/2018 23:28:16] - (.-.) - [18.28 Ko] - (0.0.0.0) - C:\WINDOWS\System32\srms-apr.dat [MD5.4FD560E994EDF0353835F3F9F506A62C] - |A| - [31/07/2018 08:58:35] - (.-.) - [57.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\srms.dat [MD5.7FEDE3E24899BE7127973A22585F59F2] - |A| - [27/11/2015 09:59:56] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRRPTR.DLL.) - [1401.52 Ko] - (4.0.0.59) - C:\WINDOWS\System32\SRRPTR64.dll [MD5.44038DD03747CBAC17FCDE19AD3E10E8] - |A| - [27/11/2015 09:59:56] - (.(c) 2007 SRS Labs, Inc. - COM object implementing SRS Headphone 360.) - [204.63 Ko] - (1.1.0.0) - C:\WINDOWS\System32\SRSHP64.dll [MD5.3B725CB8AF769A34682D7C09FB004E67] - |A| - [27/11/2015 09:59:56] - (.Copyright (c) 2006 SRS Labs, Inc.. - TruSurround HD and HD4 COM object for Windows.) - [216.77 Ko] - (1.1.4.0) - C:\WINDOWS\System32\SRSTSH64.dll [MD5.EF8B69FD28C689E0CB1ABFF264B2FC96] - |A| - [27/11/2015 09:59:56] - (.Copyright 2002 SRS Labs, Inc. - TruSurroundXT Module.) - [519.91 Ko] - (3.2.0.0) - C:\WINDOWS\System32\SRSTSX64.dll [MD5.884708AF4F09D58263B7ECC32B426751] - |A| - [27/11/2015 09:59:56] - (.(c) 2006 SRS Labs, Inc. - WOW HD COM object for Windows.) - [162.31 Ko] - (1.1.3.0) - C:\WINDOWS\System32\SRSWOW64.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [65112 Ko] - C:\WINDOWS\System32\sru [MD5.8A02EF186BDC952CA75EFA689EC4F275] - |A| - [12/04/2018 01:34:04] - (.-.) - [434 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ssdm.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [401.5 Ko] - C:\WINDOWS\System32\sv-SE [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29 Ko] - C:\WINDOWS\System32\sw-KE [MD5.0EA1618AF4ED9DDC644DEC681BE9CB67] - |A| - [01/04/2016 19:07:49] - (.Copyright (C) Synaptics Incorporated 1996-2016 - SynCOM.) - [767.61 Ko] - (19.0.17.57) - C:\WINDOWS\System32\SynCOM.dll [MD5.CD6DAA3A6B7C73096D042F7C045DA63E] - |A| - [01/04/2016 19:07:49] - (.Copyright (C) Synaptics Incorporated 1996-2016 - SynTPAPI.) - [279.6 Ko] - (19.0.17.57) - C:\WINDOWS\System32\SynTPAPI.dll [MD5.2670848766C9566B437DAF5CE6B6C470] - |A| - [27/11/2015 09:47:12] - (.Copyright (C) Synaptics Incorporated 1996-2015 - Synaptics Pointing Device Driver Co-Installer.) - [254.16 Ko] - (19.0.17.13) - C:\WINDOWS\System32\SynTPCo34-2.dll [MD5.EEEAF787639C5EBA0AC5C9DF7C7A28B5] - |A| - [01/04/2016 19:07:49] - (.Copyright (C) Synaptics Incorporated 1996-2016 - Synaptics Pointing Device Driver Co-Installer.) - [285.11 Ko] - (19.0.17.57) - C:\WINDOWS\System32\SynTPCo34-5.dll [MD5.00000000000000000000000000000000] - |D| - [11/04/2018 23:04:37] - [1421.76 Ko] - C:\WINDOWS\System32\Sysprep [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [938.28 Ko] - C:\WINDOWS\System32\SystemResetPlatform [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [44.73 Ko] - C:\WINDOWS\System32\ta-in [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [10.73 Ko] - C:\WINDOWS\System32\ta-lk [MD5.9CD66B93520B6DD13C71EAEF487D7899] - |A| - [12/04/2018 01:34:16] - (.Copyright (c) libarchive authors - bsdtar archive tool.) - [49 Ko] - (3.3.2.0) - C:\WINDOWS\System32\tar.exe [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [708.07 Ko] - C:\WINDOWS\System32\Tasks [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [641.44 Ko] - C:\WINDOWS\System32\Tasks_Migrated [MD5.AD6EA34C17105785BE012B0685835BD2] - |A| - [11/07/2019 05:45:04] - (.-.) - [1.28 Ko] - (0.0.0.0) - C:\WINDOWS\System32\tcbres.wim [MD5.D602CA245CC6774A0981B607F0675609] - |A| - [12/04/2018 01:34:33] - (.-.) - [58.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\tcpmon.ini [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\System32\te-IN [MD5.A5D67D7C5CC0B3DF047ACDDE940C9160] - |A| - [16/07/2015 18:32:33] - (.-.) - [5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Thumbs.db [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [22.5 Ko] - C:\WINDOWS\System32\ti-ET [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [27.5 Ko] - C:\WINDOWS\System32\tk-TM [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32.5 Ko] - C:\WINDOWS\System32\tn-ZA [MD5.B88B8D017386A00D7724519F475317A0] - |A| - [12/04/2018 01:34:44] - (.-.) - [10.33 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlan.xslt [MD5.2F05390B798363D51EBE65D6320CD45E] - |A| - [12/04/2018 01:34:44] - (.-.) - [1.65 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlanCredentials.xslt [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\System32\tt-RU [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28 Ko] - C:\WINDOWS\System32\ug-CN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [334.5 Ko] - C:\WINDOWS\System32\uk-UA [MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 01:38:21] - [2716.43 Ko] - C:\WINDOWS\System32\UNP [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\System32\ur-PK [MD5.5B0D59652F66ABB715DC53C312B26BD0] - |A| - [12/04/2018 01:34:14] - (.-.) - [37 Ko] - (0.0.0.0) - C:\WINDOWS\System32\UsbPmApi.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32 Ko] - C:\WINDOWS\System32\uz-Latn-UZ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [31.5 Ko] - C:\WINDOWS\System32\vi-VN [MD5.36BAB6207CC96F15611F52D040EC9FEE] - |A| - [27/11/2015 09:59:56] - (.Copyright © 1996-2012 - General Library for Plug-Ins.) - [2061.13 Ko] - (4.4.5.0) - C:\WINDOWS\System32\WavesGUILib64.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [111006.57 Ko] - C:\WINDOWS\System32\wbem [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:18:39] - [0 Ko] - C:\WINDOWS\System32\WCN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [128376.69 Ko] - C:\WINDOWS\System32\WDI [MD5.6EDD021A8B6457DDE09DE7B7FA4E8C8B] - |A| - [12/04/2018 01:34:19] - (.-.) - [0.6 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WdsUnattendTemplate.xml [MD5.00000000000000000000000000000000] - |D| - [10/07/2015 13:04:22] - [0 Ko] - C:\WINDOWS\System32\wfp [MD5.CB67D4FDEC2BB89535308B3D5C73142D] - |A| - [27/11/2015 09:52:10] - (.-.) - [15.77 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WIN-0VTVCGRM1FF_Administrator_HistoryPrediction.bin [MD5.1FE77855A00093955EEA5EE5CBA42D6A] - |A| - [27/11/2015 10:29:22] - (.-.) - [15.77 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WIN-CONP6267D34_Administrator_HistoryPrediction.bin [MD5.497610BC0E33C9B17A817B8A8CCEC28A] - |A| - [16/07/2015 18:12:06] - (.-.) - [15.77 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WIN-CPIA451KGBT_Administrator_HistoryPrediction.bin [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [1.12 Ko] - C:\WINDOWS\System32\WinBioDatabase [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [44134.66 Ko] - C:\WINDOWS\System32\WinBioPlugIns [MD5.9FB33FC28587B322B6563F73A8F0CBBD] - |A| - [12/04/2018 01:34:10] - (.-.) - [123 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WindowsDefaultHeatProcessor.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [10429.1 Ko] - C:\WINDOWS\System32\WindowsPowerShell [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [210768 Ko] - C:\WINDOWS\System32\winevt [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [5569.42 Ko] - C:\WINDOWS\System32\WinMetadata [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:18:39] - [315.45 Ko] - C:\WINDOWS\System32\winrm [MD5.00000000000000000000000000000000] - |HD| - [27/11/2015 10:05:30] - [0.05 Ko] - C:\WINDOWS\System32\WLANProfiles [MD5.C30C621748C66CE751B19B2788559A3E] - |A| - [12/04/2018 01:34:42] - (.-.) - [4.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpcmon.png [MD5.A853BF78DA5ED707FC4430FBEA74CC15] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpr.config.xml [MD5.DE198ABE13B6E663E60E006E17CF68B1] - |A| - [12/04/2018 01:34:06] - (.-.) - [79.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\xboxgipsynthetic.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\System32\xh-ZA [MD5.5C5A797761421CF9B72087F3BC8A5259] - |A| - [23/07/2017 16:25:53] - (.-.) - [0.18 Ko] - (0.0.0.0) - C:\WINDOWS\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat [MD5.1373F6562D5E4C715D5D3583E350093E] - |A| - [23/07/2017 16:25:53] - (.-.) - [0.2 Ko] - (0.0.0.0) - C:\WINDOWS\System32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:18:39] - [0 Ko] - C:\WINDOWS\SysWOW64\0409 [MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [12/04/2018 01:34:49] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@AudioToastIcon.png [MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [12/04/2018 01:34:48] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@EnrollmentToastIcon.png [MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [12/04/2018 01:34:59] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@VpnToastIcon.png [MD5.DB71001FC261F6685BE410527DAE3942] - |A| - [12/04/2018 01:34:49] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@WirelessDisplayToast.png [MD5.00000000000000000000000000000000] - |D| - [11/04/2018 23:04:41] - [1900.9 Ko] - C:\WINDOWS\SysWOW64\AdvancedInstallers [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\SysWOW64\af-ZA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [22 Ko] - C:\WINDOWS\SysWOW64\am-ET [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\AppLocker [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [326.5 Ko] - C:\WINDOWS\SysWOW64\ar-SA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30.5 Ko] - C:\WINDOWS\SysWOW64\as-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\SysWOW64\az-Latn-AZ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\SysWOW64\be-BY [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [324 Ko] - C:\WINDOWS\SysWOW64\bg-BG [MD5.9C0787D13B3F51966690B79175255835] - |A| - [21/05/2015 04:53:12] - (.Copyright (C) 2014, BayHubTech/O2Micro. - BayHubTech/O2Micro SD/MMC Icon.) - [1248.49 Ko] - (1.0.0.5) - C:\WINDOWS\SysWOW64\bhtv5Icon.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\SysWOW64\bn-BD [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\SysWOW64\bn-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\SysWOW64\bs-Latn-BA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0.1 Ko] - C:\WINDOWS\SysWOW64\Bthprops [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30.5 Ko] - C:\WINDOWS\SysWOW64\ca-ES [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [31 Ko] - C:\WINDOWS\SysWOW64\ca-ES-valencia [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\catroot [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [23 Ko] - C:\WINDOWS\SysWOW64\chr-CHER-US [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [330.5 Ko] - C:\WINDOWS\SysWOW64\com [MD5.C04ED7B2794D40E8E777FD44ED44FC50] - |A| - [12/04/2018 01:34:46] - (.-.) - [0.36 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\DefaultAccountTile.png [MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 01:38:21] - [205 Ko] - C:\WINDOWS\SysWOW64\DiagSvcs [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [8361.46 Ko] - C:\WINDOWS\SysWOW64\Dism [MD5.0902754B4F3041FD31673CB63B34012D] - |A| - [05/04/2016 13:36:17] - (.-.) - [0.23 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\dllhost.exe.config [MD5.1E91815C329345AD54FE08BF7A98F749] - |A| - [12/04/2018 18:19:16] - (.Copyright (C) 2017 - Gracenote SDK component.) - [4073.5 Ko] - (3.10.5.5585) - C:\WINDOWS\SysWOW64\gnsdk_fp.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\GroupPolicy [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\GroupPolicyUsers [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29 Ko] - C:\WINDOWS\SysWOW64\gu-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29 Ko] - C:\WINDOWS\SysWOW64\ha-Latn-NG [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [309.5 Ko] - C:\WINDOWS\SysWOW64\he-IL [MD5.B4242227EAA6B910E3D0B985816DB2E7] - |A| - [12/04/2018 01:34:45] - (.-.) - [218 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\HeatCore.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29 Ko] - C:\WINDOWS\SysWOW64\hi-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [314.5 Ko] - C:\WINDOWS\SysWOW64\hr-HR [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [389.5 Ko] - C:\WINDOWS\SysWOW64\hu-HU [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [27.5 Ko] - C:\WINDOWS\SysWOW64\hy-AM [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [36.27 Ko] - C:\WINDOWS\SysWOW64\icsxml [MD5.17F5D3282D520EB2EA7C488AA6C57438] - |RA| - [12/04/2018 01:34:47] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU I18N DLL.) - [1594 Ko] - (59.1.0.0) - C:\WINDOWS\SysWOW64\icuin.dll [MD5.A456E020684366A0DB0714ABFB1B5A2A] - |RA| - [12/04/2018 01:34:47] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Common DLL.) - [1134 Ko] - (59.1.0.0) - C:\WINDOWS\SysWOW64\icuuc.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\SysWOW64\id-ID [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [27 Ko] - C:\WINDOWS\SysWOW64\ig-NG [MD5.9DDE110E76DD3D7FAA7282361069528E] - |A| - [12/04/2018 01:34:47] - (.-.) - [355.66 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\InputHost.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [215.5 Ko] - C:\WINDOWS\SysWOW64\InputMethod [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [1160 Ko] - C:\WINDOWS\SysWOW64\InstallShield [MD5.69753F6CAF7B5ADB70A3EDADD0B3574D] - |A| - [01/04/2016 19:10:30] - (.Copyright © The Khronos Group Inc 2014 - OpenCL Client DLL.) - [101.51 Ko] - (2.0.2.0) - C:\WINDOWS\SysWOW64\Intel_OpenCL_ICD32.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\Ipmi [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29 Ko] - C:\WINDOWS\SysWOW64\is-IS [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [410.5 Ko] - C:\WINDOWS\SysWOW64\it-IT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [288 Ko] - C:\WINDOWS\SysWOW64\ja-JP [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\SysWOW64\ka-GE [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\SysWOW64\kk-KZ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28 Ko] - C:\WINDOWS\SysWOW64\km-KH [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [31.5 Ko] - C:\WINDOWS\SysWOW64\kn-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [283.5 Ko] - C:\WINDOWS\SysWOW64\ko-KR [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29 Ko] - C:\WINDOWS\SysWOW64\kok-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\SysWOW64\ku-Arab-IQ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\SysWOW64\ky-KG [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [06/09/2017 19:48:13] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\last.dump [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [33 Ko] - C:\WINDOWS\SysWOW64\lb-LU [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [559.86 Ko] - C:\WINDOWS\SysWOW64\Licenses [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [27 Ko] - C:\WINDOWS\SysWOW64\lo-LA [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [27/11/2015 10:09:48] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\log.txt [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\LogFiles [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [313 Ko] - C:\WINDOWS\SysWOW64\lt-LT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [311.5 Ko] - C:\WINDOWS\SysWOW64\lv-LV [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [25024.93 Ko] - C:\WINDOWS\SysWOW64\Macromed [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32.68 Ko] - C:\WINDOWS\SysWOW64\MailContactsCalendarSync [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29 Ko] - C:\WINDOWS\SysWOW64\mi-NZ [MD5.00000000000000000000000000000000] - |SD| - [20/06/2018 21:59:56] - [0 Ko] - C:\WINDOWS\SysWOW64\Microsoft [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [3061.42 Ko] - C:\WINDOWS\SysWOW64\migration [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [827.4 Ko] - C:\WINDOWS\SysWOW64\migwiz [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\SysWOW64\mk-MK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32.5 Ko] - C:\WINDOWS\SysWOW64\ml-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30.5 Ko] - C:\WINDOWS\SysWOW64\mn-MN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\SysWOW64\mr-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\SysWOW64\ms-MY [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [45.5 Ko] - C:\WINDOWS\SysWOW64\MSDRM [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [52.28 Ko] - C:\WINDOWS\SysWOW64\Msdtc [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [31 Ko] - C:\WINDOWS\SysWOW64\mt-MT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [32.3 Ko] - C:\WINDOWS\SysWOW64\MUI [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [374 Ko] - C:\WINDOWS\SysWOW64\nb-NO [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\NDF [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [31.5 Ko] - C:\WINDOWS\SysWOW64\ne-NP [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [51 Ko] - C:\WINDOWS\SysWOW64\networklist [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [400.5 Ko] - C:\WINDOWS\SysWOW64\nl-NL [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\SysWOW64\nn-NO [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30.5 Ko] - C:\WINDOWS\SysWOW64\nso-ZA [MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 01:38:21] - [3781.5 Ko] - C:\WINDOWS\SysWOW64\Nui [MD5.B3B9C8925432FDA674ACCA908FE3CFDE] - |A| - [12/04/2018 01:34:02] - (.-.) - [36.79 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\OneDrive.ico [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [684.8 Ko] - C:\WINDOWS\SysWOW64\oobe [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32.5 Ko] - C:\WINDOWS\SysWOW64\or-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\SysWOW64\pa-Arab-PK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\SysWOW64\pa-IN [MD5.90849CA284D959EC118C1733988B20BE] - |A| - [27/11/2015 09:58:37] - (.-.) - [2584.59 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\PerfStringBackup.INI [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [397.5 Ko] - C:\WINDOWS\SysWOW64\pl-PL [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:18:40] - [1392.56 Ko] - C:\WINDOWS\SysWOW64\Printing_Admin_Scripts [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30.5 Ko] - C:\WINDOWS\SysWOW64\prs-AF [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [400.5 Ko] - C:\WINDOWS\SysWOW64\pt-BR [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [395.5 Ko] - C:\WINDOWS\SysWOW64\pt-PT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32.5 Ko] - C:\WINDOWS\SysWOW64\quc-Latn-GT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30.5 Ko] - C:\WINDOWS\SysWOW64\quz-PE [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [23.75 Ko] - C:\WINDOWS\SysWOW64\ras [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\RasToast [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0.82 Ko] - C:\WINDOWS\SysWOW64\Recovery [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\restore [MD5.E35B33E4DB4ABF6FF5C26E4D2E992B96] - |A| - [27/11/2015 09:59:56] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRCOM.DLL.) - [333.16 Ko] - (4.0.0.59) - C:\WINDOWS\SysWOW64\SRCOM.dll [MD5.2E00E08420875FAE0B173C6A34C2A575] - |A| - [06/06/2018 23:28:18] - (.-.) - [18.28 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\srms-apr.dat [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\sru [MD5.DC2DB04CA829CAD7910CE71263F68C90] - |A| - [12/04/2018 01:34:45] - (.-.) - [321.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\ssdm.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [381.5 Ko] - C:\WINDOWS\SysWOW64\sv-SE [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29 Ko] - C:\WINDOWS\SysWOW64\sw-KE [MD5.16ED7003825B2A176EF00D0E2049CD64] - |A| - [05/01/2018 21:26:26] - (.-.) - [0.31 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\swhealthex.log [MD5.A8034BF2639A57190AF6B7C1728599DD] - |A| - [01/04/2016 19:07:49] - (.Copyright (C) Synaptics Incorporated 1996-2016 - SynCOM.) - [427.11 Ko] - (19.0.17.57) - C:\WINDOWS\SysWOW64\SynCom.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:18:40] - [0 Ko] - C:\WINDOWS\SysWOW64\sysprep [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [34 Ko] - C:\WINDOWS\SysWOW64\ta-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\Tasks [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\SysWOW64\te-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32 Ko] - C:\WINDOWS\SysWOW64\tg-Cyrl-TJ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [289.5 Ko] - C:\WINDOWS\SysWOW64\th-TH [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [22.5 Ko] - C:\WINDOWS\SysWOW64\ti-ET [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [27.5 Ko] - C:\WINDOWS\SysWOW64\tk-TM [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32.5 Ko] - C:\WINDOWS\SysWOW64\tn-ZA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [372.5 Ko] - C:\WINDOWS\SysWOW64\tr-TR [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\SysWOW64\tt-RU [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28 Ko] - C:\WINDOWS\SysWOW64\ug-CN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [314 Ko] - C:\WINDOWS\SysWOW64\uk-UA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\SysWOW64\ur-PK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32 Ko] - C:\WINDOWS\SysWOW64\uz-Latn-UZ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [31.5 Ko] - C:\WINDOWS\SysWOW64\vi-VN [MD5.6E6F3DC96D72B4252D56303AA34C4E38] - |A| - [07/06/2016 22:08:53] - (.© Copyright 2004-2016, Cisco Systems, Inc. - Cisco AnyConnect VPN Client Event Categories.) - [17.5 Ko] - (4.3.748.0) - C:\WINDOWS\SysWOW64\vpncategories.dll [MD5.F1148D116889B80FA2E12A6C44B75FD6] - |A| - [07/06/2016 22:08:50] - (.© Copyright 2004-2016, Cisco Systems, Inc. - Cisco AnyConnect Secure Mobility Client Event Messages.) - [40 Ko] - (4.3.748.0) - C:\WINDOWS\SysWOW64\vpnevents.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [22091.44 Ko] - C:\WINDOWS\SysWOW64\wbem [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:18:40] - [0 Ko] - C:\WINDOWS\SysWOW64\WCN [MD5.F8A04B2ADF9693ADF0D70B966CA4498E] - |A| - [12/04/2018 01:34:45] - (.-.) - [109 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\WindowsDefaultHeatProcessor.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [9534.28 Ko] - C:\WINDOWS\SysWOW64\WindowsPowerShell [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [5569.41 Ko] - C:\WINDOWS\SysWOW64\WinMetadata [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:18:40] - [315.45 Ko] - C:\WINDOWS\SysWOW64\winrm [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [27.5 Ko] - C:\WINDOWS\SysWOW64\wo-SN [MD5.62236256C14EBAB96F24E4F1D7049CA8] - |A| - [12/04/2018 01:34:45] - (.-.) - [54.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\xboxgipsynthetic.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\SysWOW64\xh-ZA [MD5.00000000000000000000000000000000] - |D| - [06/06/2018 23:21:47] - [20.31 Ko] - C:\WINDOWS\SysWOW64\XPSViewer [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\SysWOW64\yo-NG [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [245.5 Ko] - C:\WINDOWS\SysWOW64\zh-CN [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\zh-HK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [240.5 Ko] - C:\WINDOWS\SysWOW64\zh-TW [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\SysWOW64\zu-ZA ---------- | [Administrateur] [13/02/2016 15:14:31] - |HD| - [127473093] - C:\Users\Administrateur\AppData [13/02/2016 15:14:32] - |SHD| - [0] - C:\Users\Administrateur\Application Data [13/02/2016 15:14:32] - |SHD| - [0] - C:\Users\Administrateur\Cookies [13/02/2016 15:14:31] - |RD| - [2015] - C:\Users\Administrateur\Links [13/02/2016 15:14:32] - |SHD| - [0] - C:\Users\Administrateur\Local Settings [13/02/2016 15:14:32] - |SHD| - [0] - C:\Users\Administrateur\Menu Démarrer [13/02/2016 15:14:32] - |SHD| - [0] - C:\Users\Administrateur\Mes documents [13/02/2016 15:14:32] - |SHD| - [0] - C:\Users\Administrateur\Modèles [13/02/2016 15:14:31] - |ASH| - [524288] - C:\Users\Administrateur\NTUSER.DAT [13/02/2016 15:14:32] - |ASH| - [12288] - C:\Users\Administrateur\ntuser.dat.LOG1 [13/02/2016 15:14:32] - |ASH| - [0] - C:\Users\Administrateur\ntuser.dat.LOG2 [13/02/2016 15:14:32] - |ASH| - [65536] - C:\Users\Administrateur\NTUSER.DAT{a97de0a2-d207-11e5-8729-a48cb7566772}.TM.blf [13/02/2016 15:14:32] - |ASH| - [524288] - C:\Users\Administrateur\NTUSER.DAT{a97de0a2-d207-11e5-8729-a48cb7566772}.TMContainer00000000000000000001.regtrans-ms [13/02/2016 15:14:32] - |ASH| - [524288] - C:\Users\Administrateur\NTUSER.DAT{a97de0a2-d207-11e5-8729-a48cb7566772}.TMContainer00000000000000000002.regtrans-ms [13/02/2016 15:14:32] - |ASH| - [20] - C:\Users\Administrateur\ntuser.ini [13/02/2016 15:14:32] - |SHD| - [0] - C:\Users\Administrateur\Recent [13/02/2016 15:18:35] - |RD| - [1875] - C:\Users\Administrateur\Searches [13/02/2016 15:14:32] - |SHD| - [0] - C:\Users\Administrateur\SendTo [13/02/2016 15:14:32] - |SHD| - [0] - C:\Users\Administrateur\Voisinage d'impression [13/02/2016 15:14:32] - |SHD| - [0] - C:\Users\Administrateur\Voisinage réseau [13/02/2016 15:14:31] - |D| - [127336646] - C:\Users\Administrateur\AppData\Local [13/02/2016 15:14:32] - |D| - [0] - C:\Users\Administrateur\AppData\LocalLow [13/02/2016 15:14:31] - |D| - [136447] - C:\Users\Administrateur\AppData\Roaming [13/02/2016 15:16:50] - |D| - [0] - C:\Users\Administrateur\AppData\Local\ActiveSync [13/02/2016 15:14:32] - |SHD| - [0] - C:\Users\Administrateur\AppData\Local\Application Data [13/02/2016 15:14:32] - |SHD| - [0] - C:\Users\Administrateur\AppData\Local\Historique [13/02/2016 15:21:05] - |AH| - [3368] - C:\Users\Administrateur\AppData\Local\IconCache.db [13/02/2016 15:14:31] - |D| - [112978172] - C:\Users\Administrateur\AppData\Local\Microsoft [13/02/2016 15:14:37] - |D| - [3271330] - C:\Users\Administrateur\AppData\Local\Packages [13/02/2016 15:14:31] - |D| - [0] - C:\Users\Administrateur\AppData\Local\Temp [13/02/2016 15:14:32] - |SHD| - [0] - C:\Users\Administrateur\AppData\Local\Temporary Internet Files [13/02/2016 15:14:36] - |D| - [11083776] - C:\Users\Administrateur\AppData\Local\TileDataLayer [13/02/2016 15:18:33] - |D| - [0] - C:\Users\Administrateur\AppData\Roaming\Adobe [13/02/2016 15:14:31] - |SD| - [136447] - C:\Users\Administrateur\AppData\Roaming\Microsoft [13/02/2016 15:18:35] - |ASH| - [174] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini [13/02/2016 15:14:32] - |SHD| - [0] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes [13/02/2016 15:14:31] - |RD| - [22466] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [13/02/2016 15:14:31] - |RD| - [3888] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility [13/02/2016 15:14:31] - |RD| - [2925] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [13/02/2016 15:18:35] - |RD| - [174] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [13/02/2016 15:18:35] - |ASH| - [174] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini [13/02/2016 15:14:31] - |D| - [170] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [13/02/2016 15:19:52] - |A| - [2405] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk [13/02/2016 15:18:35] - |RD| - [174] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [13/02/2016 15:14:31] - |RD| - [5318] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools [13/02/2016 15:14:31] - |RSD| - [7238] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell [13/02/2016 15:18:35] - |ASH| - [174] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | [ancien ordi] [22/08/2015 16:28:05] - |HD| - [36075006] - C:\Users\ancien ordi\AppData [20/12/2017 20:06:52] - |A| - [8192] - C:\Users\ancien ordi\ntuser.dat [20/12/2017 20:06:52] - |ASH| - [8192] - C:\Users\ancien ordi\ntuser.dat.LOG1 [20/12/2017 20:06:52] - |ASH| - [0] - C:\Users\ancien ordi\ntuser.dat.LOG2 [20/12/2017 20:06:52] - |ASH| - [65536] - C:\Users\ancien ordi\ntuser.dat{eb57a792-e42a-11e7-9c46-d07af299186a}.TM.blf [20/12/2017 20:06:52] - |ASH| - [524288] - C:\Users\ancien ordi\ntuser.dat{eb57a792-e42a-11e7-9c46-d07af299186a}.TMContainer00000000000000000001.regtrans-ms [20/12/2017 20:06:52] - |ASH| - [524288] - C:\Users\ancien ordi\ntuser.dat{eb57a792-e42a-11e7-9c46-d07af299186a}.TMContainer00000000000000000002.regtrans-ms [22/08/2015 16:28:05] - |D| - [17759863] - C:\Users\ancien ordi\AppData\Local [21/08/2015 14:46:34] - |D| - [11070670] - C:\Users\ancien ordi\AppData\LocalLow [22/08/2015 16:28:05] - |D| - [7244473] - C:\Users\ancien ordi\AppData\Roaming [22/08/2015 16:28:05] - |D| - [17592] - C:\Users\ancien ordi\AppData\Local\Microsoft [22/08/2015 16:37:22] - |D| - [17742271] - C:\Users\ancien ordi\AppData\Local\Packages [21/08/2015 14:47:20] - |SD| - [11070670] - C:\Users\ancien ordi\AppData\LocalLow\Microsoft [22/08/2015 12:50:27] - |D| - [7236858] - C:\Users\ancien ordi\AppData\Roaming\AVAST Software [22/08/2015 16:28:05] - |SD| - [7615] - C:\Users\ancien ordi\AppData\Roaming\Microsoft ---------- | [julie] [19/09/2017 16:57:22] - |D| - [13349727] - C:\Users\julie\.anaconda [26/12/2017 10:01:02] - |D| - [9708] - C:\Users\julie\.astropy [04/04/2016 21:33:06] - |D| - [29221] - C:\Users\julie\.cisco [19/09/2017 16:57:36] - |D| - [26] - C:\Users\julie\.conda [19/09/2017 16:58:03] - |A| - [43] - C:\Users\julie\.condarc [17/03/2018 14:30:48] - |D| - [70715] - C:\Users\julie\.config [05/06/2018 14:12:42] - |D| - [16718] - C:\Users\julie\.designer [30/05/2016 02:52:02] - |D| - [194890] - C:\Users\julie\.freemind [26/12/2017 10:01:18] - |D| - [241] - C:\Users\julie\.glue [25/03/2017 15:20:35] - |A| - [204] - C:\Users\julie\.gtk-bookmarks [06/11/2018 22:26:41] - |D| - [2029] - C:\Users\julie\.imagej [05/03/2018 10:38:48] - |D| - [66124] - C:\Users\julie\.ipynb_checkpoints [19/09/2017 17:01:18] - |D| - [3506547] - C:\Users\julie\.ipython [19/09/2017 17:10:24] - |D| - [26] - C:\Users\julie\.jupyter [28/04/2016 12:03:24] - |D| - [0] - C:\Users\julie\.LSC [19/09/2017 17:00:51] - |D| - [123707] - C:\Users\julie\.matplotlib [17/03/2018 14:36:07] - |A| - [1701] - C:\Users\julie\.octave_hist [30/05/2016 02:51:23] - |D| - [56] - C:\Users\julie\.oracle_jre_usage [18/05/2016 16:48:56] - |A| - [252] - C:\Users\julie\.qt-license [28/04/2016 12:03:24] - |D| - [0] - C:\Users\julie\.QtWebEngineProcess [19/09/2017 17:00:47] - |D| - [528594] - C:\Users\julie\.spyder-py3 [28/04/2016 18:41:52] - |RD| - [7206978981] - C:\Users\julie\3D Objects [19/09/2017 16:51:07] - |D| - [6294790754] - C:\Users\julie\Anaconda3 [19/09/2017 17:00:27] - |D| - [0] - C:\Users\julie\AnacondaProjects [06/06/2018 22:35:37] - |HDC| - [20428013025] - C:\Users\julie\AppData [06/06/2018 22:35:37] - |SHD| - [0] - C:\Users\julie\Application Data [01/04/2016 21:52:48] - |RD| - [68787] - C:\Users\julie\Contacts [06/06/2018 22:35:37] - |SHD| - [0] - C:\Users\julie\Cookies [01/04/2016 19:06:59] - |RDC| - [100297098278] - C:\Users\julie\Desktop [07/10/2018 13:43:49] - |A| - [5088] - C:\Users\julie\dessin.svg [01/04/2016 19:06:59] - |RDC| - [15868003499] - C:\Users\julie\Documents [01/04/2016 19:06:59] - |RD| - [20683675175] - C:\Users\julie\Downloads [15/11/2017 09:59:54] - |A| - [92] - C:\Users\julie\exa_exo_2.py [01/04/2016 19:06:59] - |RD| - [1159] - C:\Users\julie\Favorites [06/03/2018 16:44:25] - |A| - [163] - C:\Users\julie\fe.png [06/05/2019 16:56:09] - |A| - [699001] - C:\Users\julie\Figure_2.png [29/01/2019 15:40:25] - |A| - [232475] - C:\Users\julie\g884.png [05/03/2018 11:41:16] - |A| - [26518] - C:\Users\julie\HaefelinJulien1.2.ipynb [05/03/2018 10:38:48] - |A| - [38885] - C:\Users\julie\HaefelinJulien1.ipynb [03/03/2018 11:42:15] - |A| - [6074] - C:\Users\julie\image.png [01/04/2016 21:52:46] - |SHD| - [25308] - C:\Users\julie\IntelGraphicsProfiles [06/12/2017 16:38:59] - |A| - [1287] - C:\Users\julie\L50.py [06/12/2017 16:39:08] - |A| - [1281] - C:\Users\julie\L75.py [01/04/2016 19:06:59] - |RD| - [2055] - C:\Users\julie\Links [06/06/2018 22:35:37] - |SHD| - [0] - C:\Users\julie\Local Settings [06/06/2018 22:35:37] - |SHD| - [0] - C:\Users\julie\Menu Démarrer [06/06/2018 22:35:37] - |SHD| - [0] - C:\Users\julie\Mes documents [04/12/2017 20:15:30] - |HD| - [5994] - C:\Users\julie\MicrosoftEdgeBackups [06/06/2018 22:35:37] - |SHD| - [0] - C:\Users\julie\Modèles [01/04/2016 19:06:59] - |RD| - [4320945020] - C:\Users\julie\Music [06/06/2018 22:35:37] - |AH| - [9175040] - C:\Users\julie\NTUSER.DAT [06/06/2018 22:35:37] - |ASH| - [1753088] - C:\Users\julie\ntuser.dat.LOG1 [06/06/2018 22:35:37] - |ASH| - [2321408] - C:\Users\julie\ntuser.dat.LOG2 [06/06/2018 22:35:37] - |ASH| - [65536] - C:\Users\julie\NTUSER.DAT{449ac6e6-69d1-11e8-8b73-e605656bfebc}.TM.blf [06/06/2018 22:35:37] - |ASH| - [524288] - C:\Users\julie\NTUSER.DAT{449ac6e6-69d1-11e8-8b73-e605656bfebc}.TMContainer00000000000000000001.regtrans-ms [06/06/2018 22:35:37] - |ASH| - [524288] - C:\Users\julie\NTUSER.DAT{449ac6e6-69d1-11e8-8b73-e605656bfebc}.TMContainer00000000000000000002.regtrans-ms [06/06/2018 22:43:22] - |SH| - [20] - C:\Users\julie\ntuser.ini [01/04/2016 21:54:42] - |RD| - [96] - C:\Users\julie\OneDrive [01/04/2016 19:06:59] - |RD| - [26066492707] - C:\Users\julie\Pictures [03/04/2016 13:49:58] - |D| - [0] - C:\Users\julie\REACHit [06/06/2018 22:35:37] - |SHD| - [0] - C:\Users\julie\Recent [03/03/2018 11:44:28] - |A| - [3724] - C:\Users\julie\rect6093.png [06/06/2018 22:35:37] - |D| - [0] - C:\Users\julie\Roaming [01/04/2016 19:06:59] - |RD| - [282] - C:\Users\julie\Saved Games [01/04/2016 21:52:48] - |RD| - [2815] - C:\Users\julie\Searches [06/06/2018 22:35:37] - |SHD| - [0] - C:\Users\julie\SendTo [05/06/2018 18:19:21] - |A| - [3292] - C:\Users\julie\Untitled.ipynb [01/04/2016 19:06:59] - |RD| - [66610096398] - C:\Users\julie\Videos [06/06/2018 22:35:37] - |SHD| - [0] - C:\Users\julie\Voisinage d'impression [06/06/2018 22:35:37] - |SHD| - [0] - C:\Users\julie\Voisinage réseau [06/12/2017 16:44:26] - |A| - [587] - C:\Users\julie\v_expL50.txt [06/12/2017 16:44:21] - |A| - [587] - C:\Users\julie\v_expL75.txt [15/01/2018 20:16:59] - |A| - [2964864] - C:\Users\julie\ZHPDiag3.exe [06/06/2018 22:35:37] - |DC| - [19315310429] - C:\Users\julie\AppData\Local [01/04/2016 19:07:00] - |DC| - [53381463] - C:\Users\julie\AppData\LocalLow [06/06/2018 22:35:37] - |DC| - [1059321133] - C:\Users\julie\AppData\Roaming [21/02/2018 20:59:29] - |DC| - [3436] - C:\Users\julie\AppData\Local\.Kanton VS [18/04/2016 16:27:58] - |DC| - [0] - C:\Users\julie\AppData\Local\ActiveSync [04/04/2016 21:23:29] - |DC| - [28068288] - C:\Users\julie\AppData\Local\Adobe [16/05/2019 09:16:09] - |DC| - [779] - C:\Users\julie\AppData\Local\AnyMP4 Studio [06/06/2018 22:35:37] - |SHD| - [0] - C:\Users\julie\AppData\Local\Application Data [08/04/2018 21:31:54] - |DC| - [741194883] - C:\Users\julie\AppData\Local\AVAST Software [18/08/2019 05:31:17] - |AC| - [0] - C:\Users\julie\AppData\Local\BITFA29.tmp [18/08/2019 05:31:18] - |AC| - [0] - C:\Users\julie\AppData\Local\BITFDC7.tmp [21/04/2019 23:45:22] - |DC| - [82444] - C:\Users\julie\AppData\Local\BitTorrentHelper [20/08/2019 22:06:40] - |DC| - [165337] - C:\Users\julie\AppData\Local\BlueStacks [11/05/2018 09:59:29] - |DC| - [23108] - C:\Users\julie\AppData\Local\cache [04/04/2016 21:42:08] - |DC| - [446149] - C:\Users\julie\AppData\Local\CEF [12/10/2018 11:28:37] - |DC| - [62938687] - C:\Users\julie\AppData\Local\chromium [04/04/2016 21:32:29] - |DC| - [551] - C:\Users\julie\AppData\Local\Cisco [01/04/2016 21:54:46] - |DC| - [409395531] - C:\Users\julie\AppData\Local\Comms [19/09/2017 16:57:36] - |DC| - [0] - C:\Users\julie\AppData\Local\conda [09/10/2016 18:02:51] - |DC| - [7384233] - C:\Users\julie\AppData\Local\ConnectedDevicesPlatform [07/08/2018 23:01:35] - |DC| - [0] - C:\Users\julie\AppData\Local\CrashDumps [01/04/2016 21:53:24] - |DC| - [11633491] - C:\Users\julie\AppData\Local\CyberLink [06/08/2018 13:14:04] - |DC| - [68516] - C:\Users\julie\AppData\Local\D3DSCache [13/08/2017 17:47:15] - |DC| - [0] - C:\Users\julie\AppData\Local\DBG [04/04/2016 21:28:21] - |DC| - [0] - C:\Users\julie\AppData\Local\Diagnostics [03/04/2016 13:23:12] - |DC| - [226596] - C:\Users\julie\AppData\Local\ElevatedDiagnostics [19/11/2017 15:06:13] - |DC| - [0] - C:\Users\julie\AppData\Local\enchant [13/11/2017 23:28:49] - |DC| - [3742268] - C:\Users\julie\AppData\Local\fontconfig [16/01/2017 14:52:34] - |DC| - [8326] - C:\Users\julie\AppData\Local\Garmin_Ltd._or_its_subsid [04/04/2016 14:55:52] - |DC| - [2473971967] - C:\Users\julie\AppData\Local\Google [04/04/2016 14:42:29] - |DC| - [205] - C:\Users\julie\AppData\Local\gtk-2.0 [06/06/2018 22:35:37] - |SHD| - [0] - C:\Users\julie\AppData\Local\Historique [20/06/2018 21:57:54] - |AHC| - [6291456] - C:\Users\julie\AppData\Local\IconCache.db [15/02/2017 10:09:42] - |DC| - [8123] - C:\Users\julie\AppData\Local\IsolatedStorage [29/04/2018 00:29:00] - |DC| - [451] - C:\Users\julie\AppData\Local\LD [02/04/2016 12:28:20] - |DC| - [12071] - C:\Users\julie\AppData\Local\Lenovo [28/04/2016 12:03:28] - |DC| - [557424] - C:\Users\julie\AppData\Local\LSC [23/02/2017 09:21:14] - |DC| - [10475267] - C:\Users\julie\AppData\Local\MathWorks [16/10/2018 07:34:27] - |DC| - [776360] - C:\Users\julie\AppData\Local\mbam [16/10/2018 07:31:30] - |DC| - [235676] - C:\Users\julie\AppData\Local\mbamtray [06/06/2018 22:35:37] - |DC| - [759298196] - C:\Users\julie\AppData\Local\Microsoft [01/06/2016 10:36:26] - |DC| - [298044] - C:\Users\julie\AppData\Local\Microsoft Help [01/04/2016 21:56:15] - |DC| - [75524] - C:\Users\julie\AppData\Local\MicrosoftEdge [04/11/2017 10:14:56] - |DC| - [48945763] - C:\Users\julie\AppData\Local\MiKTeX [01/04/2016 21:55:07] - |DC| - [0] - C:\Users\julie\AppData\Local\NetworkTiles [22/04/2019 00:32:30] - |DC| - [93945] - C:\Users\julie\AppData\Local\NordVPN [06/04/2019 17:58:39] - |DC| - [5165] - C:\Users\julie\AppData\Local\Orange Player [04/12/2017 19:57:24] - |DC| - [10393414424] - C:\Users\julie\AppData\Local\Packages [14/09/2016 19:00:12] - |DC| - [0] - C:\Users\julie\AppData\Local\PackageStaging [05/04/2016 13:40:52] - |DC| - [128] - C:\Users\julie\AppData\Local\paint.net [05/06/2018 13:12:11] - |DC| - [170813119] - C:\Users\julie\AppData\Local\pip [20/06/2018 21:37:46] - |DC| - [0] - C:\Users\julie\AppData\Local\PlaceholderTileLogoFolder [02/04/2016 12:31:50] - |DC| - [1115868418] - C:\Users\julie\AppData\Local\Programs [01/04/2016 21:52:59] - |DC| - [963032] - C:\Users\julie\AppData\Local\Publishers [11/05/2017 16:30:25] - |DC| - [1173444] - C:\Users\julie\AppData\Local\QtProject [23/07/2017 18:22:50] - |DC| - [3263] - C:\Users\julie\AppData\Local\Rainy_Cape_S.L [29/01/2019 16:20:51] - |AC| - [828] - C:\Users\julie\AppData\Local\recently-used.xbel [05/09/2017 12:42:52] - |DC| - [4491] - C:\Users\julie\AppData\Local\Recovery [17/05/2016 21:42:31] - |AC| - [17] - C:\Users\julie\AppData\Local\resmon.resmoncfg [28/04/2016 11:00:54] - |DC| - [4220] - C:\Users\julie\AppData\Local\SHAREit [02/04/2016 14:35:59] - |DC| - [1880] - C:\Users\julie\AppData\Local\speech [30/12/2016 11:51:26] - |DC| - [2147790348] - C:\Users\julie\AppData\Local\Spotify [11/05/2018 09:59:24] - |DC| - [93395999] - C:\Users\julie\AppData\Local\Spyder [03/06/2017 10:50:26] - |DC| - [56385914] - C:\Users\julie\AppData\Local\SquirrelTemp [06/06/2018 22:35:37] - |DC| - [6453534] - C:\Users\julie\AppData\Local\Temp [06/06/2018 22:35:37] - |SHD| - [0] - C:\Users\julie\AppData\Local\Temporary Internet Files [01/04/2016 21:52:46] - |DC| - [14830194] - C:\Users\julie\AppData\Local\TileDataLayer [04/04/2016 22:14:23] - |DC| - [17667694] - C:\Users\julie\AppData\Local\tkdata [29/06/2017 14:58:08] - |DC| - [0] - C:\Users\julie\AppData\Local\UNP [01/04/2016 21:52:47] - |DC| - [8412] - C:\Users\julie\AppData\Local\VirtualStore [03/06/2017 10:50:34] - |DC| - [725112589] - C:\Users\julie\AppData\Local\WhatsApp [23/07/2017 18:22:49] - |DC| - [0] - C:\Users\julie\AppData\Local\XamarinInsights [05/01/2018 18:52:28] - |DC| - [234634] - C:\Users\julie\AppData\Local\ZHP [26/07/2019 11:44:51] - |DC| - [4755587] - C:\Users\julie\AppData\Local\{6EC0589C-4A68-3424-27F0-11CC0398ED54} [04/04/2016 21:42:07] - |DC| - [50846645] - C:\Users\julie\AppData\LocalLow\Adobe [27/11/2016 16:59:57] - |DC| - [209357] - C:\Users\julie\AppData\LocalLow\Lenovo [01/04/2016 19:07:12] - |SDC| - [2277029] - C:\Users\julie\AppData\LocalLow\Microsoft [30/05/2016 02:51:23] - |DC| - [15664] - C:\Users\julie\AppData\LocalLow\Sun [05/04/2016 13:28:51] - |DC| - [0] - C:\Users\julie\AppData\LocalLow\Temp [30/05/2019 05:28:26] - |DC| - [32768] - C:\Users\julie\AppData\LocalLow\uTorrent [09/04/2019 18:03:09] - |DC| - [11608] - C:\Users\julie\AppData\Roaming\.jfwupdate [21/02/2018 20:59:28] - |DC| - [286213] - C:\Users\julie\AppData\Roaming\.Kanton VS [01/04/2016 21:52:46] - |DC| - [2601050] - C:\Users\julie\AppData\Roaming\Adobe [08/10/2016 10:36:41] - |DC| - [24658537] - C:\Users\julie\AppData\Roaming\AVAST Software [23/07/2017 18:22:53] - |AHC| - [28] - C:\Users\julie\AppData\Roaming\be046e943fe726861c04b0318e13b2f274b1ec06.sys [23/07/2017 18:22:53] - |ASHOC| - [28] - C:\Users\julie\AppData\Roaming\c54da0d4db72e7476d261013371d583ed5cee3ac.sys [28/04/2016 11:00:38] - |DC| - [0] - C:\Users\julie\AppData\Roaming\CyberLink [19/09/2016 18:11:40] - |DC| - [40055808] - C:\Users\julie\AppData\Roaming\Downloaded Installations [16/01/2017 14:52:33] - |DC| - [0] - C:\Users\julie\AppData\Roaming\Garmin [04/04/2016 14:40:58] - |DC| - [7105] - C:\Users\julie\AppData\Roaming\geany [27/04/2017 10:18:36] - |DC| - [0] - C:\Users\julie\AppData\Roaming\Google [21/04/2016 15:28:57] - |DC| - [0] - C:\Users\julie\AppData\Roaming\Identities [13/11/2017 23:28:18] - |DC| - [26738] - C:\Users\julie\AppData\Roaming\inkscape [01/04/2016 21:52:45] - |DC| - [1224] - C:\Users\julie\AppData\Roaming\Intel [01/04/2016 21:55:28] - |DC| - [0] - C:\Users\julie\AppData\Roaming\Intel Corporation [19/09/2017 17:01:06] - |DC| - [153556487] - C:\Users\julie\AppData\Roaming\Jedi [19/09/2017 17:01:12] - |DC| - [8487561] - C:\Users\julie\AppData\Roaming\jupyter [28/04/2016 12:03:24] - |DC| - [539228] - C:\Users\julie\AppData\Roaming\Lenovo [03/05/2016 18:32:28] - |DC| - [37920] - C:\Users\julie\AppData\Roaming\LSC [01/04/2016 21:55:28] - |DC| - [0] - C:\Users\julie\AppData\Roaming\Macromedia [23/02/2017 00:33:03] - |DC| - [2859399] - C:\Users\julie\AppData\Roaming\MathWorks [06/06/2018 22:35:37] - |SDC| - [104266561] - C:\Users\julie\AppData\Roaming\Microsoft [04/11/2017 10:14:56] - |DC| - [23267] - C:\Users\julie\AppData\Roaming\MiKTeX [03/02/2017 17:20:42] - |DC| - [0] - C:\Users\julie\AppData\Roaming\Nico Mak Computing [29/04/2019 04:14:01] - |DC| - [6005079] - C:\Users\julie\AppData\Roaming\Psiphon3 [18/05/2016 16:48:56] - |DC| - [980] - C:\Users\julie\AppData\Roaming\Qt [18/05/2016 17:18:04] - |DC| - [97235] - C:\Users\julie\AppData\Roaming\QtProject [22/09/2016 10:22:48] - |DC| - [0] - C:\Users\julie\AppData\Roaming\Quest Software [26/07/2019 17:30:45] - |DC| - [1207] - C:\Users\julie\AppData\Roaming\segurazoclient [22/08/2016 17:07:04] - |DC| - [77] - C:\Users\julie\AppData\Roaming\Skype [30/12/2016 11:51:00] - |DC| - [228003750] - C:\Users\julie\AppData\Roaming\Spotify [23/02/2017 09:21:13] - |DC| - [19322] - C:\Users\julie\AppData\Roaming\Subversion [30/05/2016 02:51:23] - |DC| - [0] - C:\Users\julie\AppData\Roaming\Sun [22/01/2018 21:40:42] - |DC| - [6128] - C:\Users\julie\AppData\Roaming\TeamViewer [04/11/2017 10:08:16] - |DC| - [42070467] - C:\Users\julie\AppData\Roaming\TeXstudio [15/02/2017 10:09:42] - |DC| - [68297741] - C:\Users\julie\AppData\Roaming\TunnelBear [17/01/2017 15:31:22] - |DC| - [20229] - C:\Users\julie\AppData\Roaming\Usenet.nl [14/09/2016 12:59:57] - |DC| - [38375519] - C:\Users\julie\AppData\Roaming\uTorrent [23/07/2017 18:27:28] - |DC| - [90914] - C:\Users\julie\AppData\Roaming\vlc [03/06/2017 10:50:43] - |DC| - [123429781] - C:\Users\julie\AppData\Roaming\WhatsApp [03/02/2017 16:29:56] - |DC| - [12] - C:\Users\julie\AppData\Roaming\WinRAR [04/04/2016 21:39:47] - |DC| - [1074] - C:\Users\julie\AppData\Roaming\Xerox [04/11/2017 01:03:26] - |DC| - [22684] - C:\Users\julie\AppData\Roaming\xm1 [05/01/2018 18:52:28] - |DC| - [215460172] - C:\Users\julie\AppData\Roaming\ZHP [01/04/2016 21:52:48] - |ASHC| - [174] - C:\Users\julie\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini [04/04/2016 14:07:58] - |AC| - [910] - C:\Users\julie\AppData\Roaming\Microsoft\Windows\Start Menu\MinGW Installation Manager.lnk [06/06/2018 22:35:37] - |SHD| - [0] - C:\Users\julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes [09/10/2016 17:28:57] - |RDC| - [60584] - C:\Users\julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [14/09/2016 13:00:44] - |AC| - [2647] - C:\Users\julie\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk [06/06/2018 22:35:37] - |RDC| - [3888] - C:\Users\julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility [06/06/2018 22:35:37] - |RDC| - [2932] - C:\Users\julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [01/04/2016 21:52:48] - |RDC| - [174] - C:\Users\julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [19/09/2017 16:55:13] - |DC| - [14952] - C:\Users\julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anaconda3 (64-bit) [06/06/2018 22:35:37] - |SHC| - [264] - C:\Users\julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini [12/01/2017 10:18:48] - |AC| - [1312] - C:\Users\julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EPFL 16-17.lnk [26/07/2019 11:44:51] - |AC| - [1412] - C:\Users\julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HowToRemove.lnk [06/06/2018 22:35:37] - |DC| - [170] - C:\Users\julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [04/11/2017 10:15:40] - |DC| - [11060] - C:\Users\julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MiKTeX 2.9 [06/06/2018 22:35:37] - |AC| - [2454] - C:\Users\julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk [05/06/2018 13:43:00] - |DC| - [1662] - C:\Users\julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qt [30/12/2016 11:51:25] - |AC| - [1843] - C:\Users\julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk [01/04/2016 21:52:48] - |RDC| - [174] - C:\Users\julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [06/06/2018 22:35:37] - |RDC| - [3496] - C:\Users\julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools [03/06/2017 10:50:43] - |DC| - [2328] - C:\Users\julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp [06/06/2018 22:35:37] - |RDC| - [7754] - C:\Users\julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell [11/12/2017 20:12:25] - |DC| - [4709] - C:\Users\julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [09/01/2017 22:49:07] - |DC| - [0] - C:\Users\julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinZip 21.0 [01/04/2016 21:52:48] - |ASHC| - [174] - C:\Users\julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | [Public] [13/02/2016 15:18:35] - |RHD| - [196] - C:\Users\Public\AccountPictures [20/08/2019 22:06:40] - |D| - [72] - C:\Users\Public\BlueStacks [10/07/2015 13:04:22] - |RHD| - [30088] - C:\Users\Public\Desktop [12/04/2018 01:38:24] - |ASH| - [174] - C:\Users\Public\desktop.ini [10/07/2015 13:04:22] - |RD| - [49279943] - C:\Users\Public\Documents [10/07/2015 13:04:22] - |RD| - [174] - C:\Users\Public\Downloads [12/04/2018 01:38:20] - |RHD| - [1135] - C:\Users\Public\Libraries [10/07/2015 13:04:22] - |RD| - [40484] - C:\Users\Public\Music [08/10/2016 11:41:36] - |A| - [8192] - C:\Users\Public\NTUSER.DAT [08/10/2016 11:41:36] - |A| - [8192] - C:\Users\Public\NTUSER.DAT.LOG1 [08/10/2016 11:41:36] - |A| - [0] - C:\Users\Public\NTUSER.DAT.LOG2 [08/10/2016 11:41:36] - |ASH| - [65536] - C:\Users\Public\NTUSER.DAT{2098aa0f-8d32-11e6-9bfd-e09325147964}.TM.blf [08/10/2016 11:41:36] - |ASH| - [524288] - C:\Users\Public\NTUSER.DAT{2098aa0f-8d32-11e6-9bfd-e09325147964}.TMContainer00000000000000000001.regtrans-ms [08/10/2016 11:41:36] - |ASH| - [524288] - C:\Users\Public\NTUSER.DAT{2098aa0f-8d32-11e6-9bfd-e09325147964}.TMContainer00000000000000000002.regtrans-ms [10/07/2015 13:04:22] - |RD| - [380] - C:\Users\Public\Pictures [27/11/2015 10:05:13] - |D| - [0] - C:\Users\Public\Roaming [10/07/2015 13:04:22] - |RD| - [380] - C:\Users\Public\Videos ---------- | C:\ProgramData [04/04/2016 21:23:57] - |D| - [246738156] - C:\ProgramData\Adobe [17/07/2019 20:26:46] - |D| - [256] - C:\ProgramData\Apple [17/07/2019 20:26:42] - |D| - [549] - C:\ProgramData\Apple Computer [06/06/2018 22:43:06] - |SHD| - [0] - C:\ProgramData\Application Data [08/10/2016 10:33:53] - |D| - [431066796] - C:\ProgramData\AVAST Software [18/04/2016 16:24:31] - |SHD| - [0] - C:\ProgramData\Bureau [22/04/2019 00:32:34] - |D| - [0] - C:\ProgramData\Caphyon [04/04/2016 21:32:29] - |D| - [5726] - C:\ProgramData\Cisco [16/07/2016 13:47:48] - |D| - [0] - C:\ProgramData\Comms [27/11/2015 09:12:29] - |D| - [29936] - C:\ProgramData\CyberLink [06/06/2018 22:43:06] - |SHD| - [0] - C:\ProgramData\Documents [06/06/2018 22:34:48] - |D| - [1069056] - C:\ProgramData\Dolby [23/07/2017 16:26:00] - |A| - [0] - C:\ProgramData\DP45977C.lfl [20/08/2019 22:11:03] - |D| - [6822192] - C:\ProgramData\EnigmaSoft Limited [16/01/2017 14:52:26] - |D| - [15434993] - C:\ProgramData\Garmin [27/11/2015 09:11:21] - |D| - [296288] - C:\ProgramData\install_clap [27/11/2015 09:56:26] - |D| - [22369533] - C:\ProgramData\Intel [27/11/2015 10:05:03] - |D| - [22368211] - C:\ProgramData\Intel.sav [06/01/2018 10:21:31] - |D| - [3666993] - C:\ProgramData\Kaspersky Lab Setup Files [29/04/2018 00:15:54] - |D| - [181] - C:\ProgramData\LD [27/11/2015 09:17:16] - |D| - [209530204] - C:\ProgramData\Lenovo [27/11/2015 09:11:10] - |D| - [3880527] - C:\ProgramData\LenovoTransition [14/09/2016 13:03:44] - |D| - [380002715] - C:\ProgramData\Malwarebytes [18/04/2016 16:24:31] - |SHD| - [0] - C:\ProgramData\Menu Démarrer [12/04/2018 01:38:20] - |SD| - [2996133860] - C:\ProgramData\Microsoft [06/06/2018 22:45:06] - |D| - [0] - C:\ProgramData\Microsoft OneDrive [23/07/2017 16:26:04] - |A| - [102] - C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc [18/04/2016 16:24:31] - |SHD| - [0] - C:\ProgramData\Modèles [22/04/2019 00:32:31] - |D| - [478374] - C:\ProgramData\NordVpn [27/11/2015 10:12:47] - |D| - [9190] - C:\ProgramData\OneKey Recovery [30/05/2016 02:51:12] - |D| - [72347250] - C:\ProgramData\Oracle [27/11/2015 09:09:02] - |D| - [293020803] - C:\ProgramData\Package Cache [31/07/2018 08:51:56] - |D| - [630784] - C:\ProgramData\Packages [12/04/2018 01:38:20] - |D| - [5318] - C:\ProgramData\regid.1991-06.com.microsoft [27/11/2015 10:05:13] - |D| - [0] - C:\ProgramData\Roaming [21/11/2017 16:27:35] - |D| - [0] - C:\ProgramData\Samsung [26/07/2019 17:29:39] - |D| - [52826696] - C:\ProgramData\Segurazo [12/04/2018 01:38:20] - |D| - [0] - C:\ProgramData\SoftwareDistribution [27/11/2015 09:11:21] - |D| - [0] - C:\ProgramData\SUPPORTDIR [21/03/2018 23:01:16] - |D| - [0] - C:\ProgramData\SWCUTemp [27/11/2015 09:11:24] - |D| - [84560] - C:\ProgramData\Temp [09/01/2017 22:50:01] - |D| - [294] - C:\ProgramData\UniqueId [12/04/2018 01:38:20] - |D| - [17794] - C:\ProgramData\USOPrivate [06/06/2018 22:36:14] - |D| - [8347648] - C:\ProgramData\USOShared [12/04/2018 18:23:20] - |D| - [0] - C:\ProgramData\WindowsHolographicDevices [09/01/2017 22:49:11] - |AD| - [6088] - C:\ProgramData\WinZip [05/04/2016 13:36:29] - |D| - [2437] - C:\ProgramData\wondershare [04/04/2016 21:39:39] - |D| - [0] - C:\ProgramData\Xerox [12/10/2018 11:26:22] - |D| - [568] - C:\ProgramData\{0782C2E1-8DC0-4827-0B06-D66591445DAB} ---------- | C:\ProgramData\Microsoft\Windows\Start Menu [12/04/2018 01:38:24] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini [18/04/2016 16:24:31] - |SHD| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programmes [12/04/2018 01:38:20] - |RD| - [176190] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs [12/06/2018 13:55:02] - |A| - [2144] - C:\ProgramData\Microsoft\Windows\Start Menu\VIDLE for VPython.lnk ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs [23/08/2019 00:12:57] - |A| - [2521] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk [12/04/2018 01:38:20] - |RD| - [1614] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility [12/04/2018 01:38:20] - |RD| - [14299] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories [16/04/2017 19:57:03] - |A| - [2457] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk [04/04/2016 21:24:14] - |A| - [2457] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk [12/04/2018 01:38:20] - |RD| - [21770] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [19/03/2019 01:32:23] - |A| - [2095] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Antivirus Gratuit.lnk [08/04/2018 21:32:23] - |A| - [2503] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk [29/12/2017 16:00:12] - |D| - [970] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [12/04/2018 01:38:24] - |ASH| - [530] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini [06/06/2018 22:34:50] - |D| - [2229] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby [20/08/2019 22:11:00] - |D| - [1836] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EnigmaSoft [23/08/2019 00:12:57] - |A| - [2494] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk [26/01/2018 19:02:35] - |D| - [3125] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeMind [26/10/2018 03:40:49] - |D| - [2169] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin [04/04/2016 14:40:47] - |D| - [4166] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Geany [04/04/2016 15:08:27] - |A| - [2306] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk [12/04/2018 01:35:21] - |RAS| - [2349] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk [02/03/2018 17:52:52] - |A| - [832] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape.lnk [27/11/2015 09:58:37] - |RD| - [2478] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel [30/05/2016 02:51:21] - |D| - [6911] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java [27/11/2015 09:10:31] - |RD| - [13898] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo [12/04/2018 01:38:20] - |D| - [170] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance [28/07/2019 09:02:52] - |D| - [3910] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes [23/08/2019 00:12:57] - |A| - [2494] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk [23/08/2019 00:12:57] - |D| - [18415] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outils Microsoft Office [03/03/2017 14:32:17] - |D| - [8002] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outils Microsoft Office 2016 [23/08/2019 00:12:58] - |A| - [2482] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk [23/08/2019 00:12:58] - |A| - [2521] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk [23/08/2019 00:12:58] - |A| - [2444] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk [05/06/2018 14:09:21] - |D| - [8756] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PyQt GPL v5.6 for Python v3.5 (x32) [27/11/2015 10:00:21] - |D| - [1957] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realtek [23/08/2019 00:12:58] - |A| - [2595] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype Entreprise.lnk [12/04/2018 01:38:20] - |RD| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp [12/04/2018 01:38:20] - |RD| - [1458] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools [04/11/2017 10:28:21] - |A| - [1107] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeXstudio.lnk [04/04/2016 22:14:03] - |A| - [1246] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk [22/04/2018 16:29:40] - |D| - [2245] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TunnelBear [23/07/2017 18:27:01] - |D| - [7230] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [21/02/2018 20:59:22] - |D| - [2129] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSTax 2017 [08/05/2019 19:12:27] - |D| - [2129] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSTax 2018 [06/06/2018 22:37:53] - |A| - [1576] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk [11/12/2017 20:12:25] - |D| - [4637] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [23/08/2019 00:12:58] - |A| - [2504] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [12/04/2018 01:38:24] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | C:\Program Files (x86) [04/04/2016 21:24:09] - |D| - [356082921] - C:\Program Files (x86)\Adobe [08/04/2018 21:31:54] - |D| - [451858132] - C:\Program Files (x86)\AVAST Software [26/07/2019 17:29:38] - |D| - [6103040] - C:\Program Files (x86)\Chromium [27/11/2015 10:05:05] - |AD| - [7114563] - C:\Program Files (x86)\Cisco [12/04/2018 01:38:20] - |D| - [126611711] - C:\Program Files (x86)\Common Files [28/04/2016 11:00:36] - |D| - [2447300] - C:\Program Files (x86)\CyberLink [12/04/2018 01:38:24] - |ASH| - [174] - C:\Program Files (x86)\desktop.ini [26/01/2018 19:02:35] - |D| - [8333626] - C:\Program Files (x86)\FreeMind [16/01/2017 14:52:24] - |AD| - [178727923] - C:\Program Files (x86)\Garmin [04/04/2016 14:40:45] - |D| - [68945408] - C:\Program Files (x86)\Geany [04/04/2016 14:55:55] - |D| - [477408934] - C:\Program Files (x86)\Google [27/11/2015 09:11:13] - |HD| - [63030992] - C:\Program Files (x86)\InstallShield Installation Information [23/07/2017 16:25:41] - |D| - [15196438] - C:\Program Files (x86)\Intel [12/04/2018 01:38:20] - |D| - [2013676] - C:\Program Files (x86)\Internet Explorer [30/05/2016 02:51:11] - |D| - [361290630] - C:\Program Files (x86)\Java [27/11/2015 09:10:31] - |D| - [2243781624] - C:\Program Files (x86)\Lenovo [27/11/2015 09:11:06] - |AD| - [2617216084] - C:\Program Files (x86)\Microsoft Office [12/04/2018 01:38:20] - |D| - [8256351] - C:\Program Files (x86)\Microsoft.NET [06/06/2018 23:21:47] - |D| - [25757] - C:\Program Files (x86)\MSBuild [27/11/2015 09:12:33] - |D| - [3837445] - C:\Program Files (x86)\NSIS Uninstall Information [27/11/2015 10:06:40] - |D| - [3184374] - C:\Program Files (x86)\O2Micro [15/02/2017 10:00:22] - |D| - [0] - C:\Program Files (x86)\OpenVPN Technologies [06/04/2019 17:58:37] - |D| - [0] - C:\Program Files (x86)\OrangePlayerOOB [23/07/2017 16:26:02] - |D| - [54141937] - C:\Program Files (x86)\Realtek [06/06/2018 23:21:47] - |D| - [39924993] - C:\Program Files (x86)\Reference Assemblies [26/07/2019 17:29:37] - |D| - [40500994] - C:\Program Files (x86)\Segurazo [22/01/2018 21:40:35] - |D| - [1820442] - C:\Program Files (x86)\TeamViewer [27/11/2015 09:59:53] - |HD| - [0] - C:\Program Files (x86)\Temp [04/11/2017 10:08:13] - |AD| - [87648649] - C:\Program Files (x86)\TeXstudio [15/02/2017 10:09:37] - |AD| - [200681910] - C:\Program Files (x86)\TunnelBear [23/07/2017 18:26:55] - |D| - [167032358] - C:\Program Files (x86)\VideoLAN [21/02/2018 20:59:20] - |D| - [282997293] - C:\Program Files (x86)\VSTax 2017 [08/05/2019 19:12:19] - |D| - [283688209] - C:\Program Files (x86)\VSTax 2018 [12/04/2018 01:38:20] - |D| - [1892472] - C:\Program Files (x86)\Windows Defender [12/04/2018 01:38:20] - |D| - [625664] - C:\Program Files (x86)\Windows Mail [12/04/2018 18:19:21] - |D| - [3413447] - C:\Program Files (x86)\Windows Media Player [12/04/2018 01:38:20] - |D| - [40328] - C:\Program Files (x86)\Windows Multimedia Platform [12/04/2018 01:38:20] - |D| - [7775576] - C:\Program Files (x86)\windows nt [12/04/2018 01:38:20] - |D| - [5462792] - C:\Program Files (x86)\Windows Photo Viewer [12/04/2018 01:38:20] - |D| - [40328] - C:\Program Files (x86)\Windows Portable Devices [12/04/2018 01:38:20] - |SHD| - [0] - C:\Program Files (x86)\Windows Sidebar [12/04/2018 01:38:20] - |D| - [3563435] - C:\Program Files (x86)\WindowsPowerShell [03/02/2017 16:29:29] - |AD| - [6323353] - C:\Program Files (x86)\WinRAR ---------- | C:\Program Files [30/06/2016 09:51:03] - |D| - [14451062149] - C:\Program Files\Adobe [08/10/2016 10:34:50] - |D| - [1354988895] - C:\Program Files\AVAST Software [20/08/2019 22:07:56] - |D| - [30061688] - C:\Program Files\BlueStacks [29/12/2017 16:00:11] - |D| - [46405000] - C:\Program Files\CCleaner [12/04/2018 01:38:20] - |D| - [172503552] - C:\Program Files\Common Files [12/04/2018 01:38:23] - |ASH| - [174] - C:\Program Files\desktop.ini [16/01/2017 14:52:34] - |D| - [707464] - C:\Program Files\DIFX [06/06/2018 22:34:48] - |D| - [27110044] - C:\Program Files\Dolby [20/08/2019 22:09:52] - |D| - [102328980] - C:\Program Files\EnigmaSoft [18/04/2016 16:24:31] - |SHD| - [0] - C:\Program Files\Fichiers communs [30/06/2016 09:55:06] - |D| - [4146] - C:\Program Files\geany [02/03/2018 17:52:30] - |D| - [292880514] - C:\Program Files\Inkscape [23/07/2017 16:25:51] - |AD| - [284449493] - C:\Program Files\Intel [04/04/2016 22:14:00] - |D| - [116873739] - C:\Program Files\Intel Security [12/04/2018 01:38:20] - |D| - [2645495] - C:\Program Files\internet explorer [27/11/2015 09:11:13] - |D| - [204986764] - C:\Program Files\Lenovo [29/12/2017 16:06:10] - |D| - [171209665] - C:\Program Files\Malwarebytes [23/02/2017 00:18:09] - |D| - [20874703225] - C:\Program Files\MATLAB [14/09/2016 15:04:53] - |D| - [8727328] - C:\Program Files\Microsoft Office 15 [06/06/2018 23:21:46] - |D| - [25757] - C:\Program Files\MSBuild [05/04/2016 13:40:52] - |AD| - [0] - C:\Program Files\paint.net [23/07/2017 16:25:54] - |D| - [45518920] - C:\Program Files\Realtek [06/06/2018 23:21:46] - |D| - [39049897] - C:\Program Files\Reference Assemblies [17/11/2018 00:06:39] - |D| - [32946417] - C:\Program Files\rempl [23/07/2017 16:25:38] - |D| - [73949107] - C:\Program Files\Synaptics [12/10/2018 11:26:36] - |D| - [272409] - C:\Program Files\TAP-Windows [23/07/2017 16:26:03] - |HD| - [0] - C:\Program Files\Uninstall Information [22/06/2017 10:05:10] - |AD| - [25102928] - C:\Program Files\UNP [27/11/2015 10:10:14] - |D| - [1915071] - C:\Program Files\update [12/04/2018 01:38:20] - |RD| - [19987627] - C:\Program Files\Windows Defender [12/04/2018 01:38:20] - |D| - [635392] - C:\Program Files\Windows Mail [12/04/2018 18:19:21] - |D| - [5036523] - C:\Program Files\Windows Media Player [12/04/2018 01:38:20] - |D| - [46576] - C:\Program Files\Windows Multimedia Platform [12/04/2018 01:38:20] - |D| - [8042328] - C:\Program Files\windows nt [12/04/2018 01:38:20] - |D| - [6263048] - C:\Program Files\Windows Photo Viewer [12/04/2018 01:38:20] - |D| - [46576] - C:\Program Files\Windows Portable Devices [12/04/2018 01:38:20] - |D| - [106165] - C:\Program Files\Windows Security [12/04/2018 01:38:20] - |SHD| - [0] - C:\Program Files\Windows Sidebar [12/04/2018 01:38:20] - |HD| - [3991307991] - C:\Program Files\WindowsApps [12/04/2018 01:38:20] - |D| - [3877263] - C:\Program Files\WindowsPowerShell ---------- | C:\Program Files (x86)\Common Files [04/04/2016 21:24:09] - |AD| - [23660508] - C:\Program Files (x86)\Common Files\Adobe [13/02/2017 12:57:53] - |D| - [0] - C:\Program Files (x86)\Common Files\AV [20/06/2019 16:54:13] - |D| - [23336] - C:\Program Files (x86)\Common Files\DESIGNER [23/07/2017 16:25:49] - |D| - [68080835] - C:\Program Files (x86)\Common Files\Intel [27/11/2015 10:01:30] - |D| - [240236] - C:\Program Files (x86)\Common Files\Intel Corporation [04/06/2019 08:17:02] - |D| - [1975280] - C:\Program Files (x86)\Common Files\Java [27/11/2015 09:14:46] - |D| - [2637] - C:\Program Files (x86)\Common Files\LENOVO [12/04/2018 01:38:20] - |D| - [21098918] - C:\Program Files (x86)\Common Files\microsoft shared [04/06/2019 08:16:40] - |D| - [1371344] - C:\Program Files (x86)\Common Files\Oracle [12/04/2018 01:38:20] - |D| - [2702] - C:\Program Files (x86)\Common Files\Services [12/04/2018 01:38:20] - |D| - [10155915] - C:\Program Files (x86)\Common Files\system [05/04/2016 13:36:27] - |D| - [0] - C:\Program Files (x86)\Common Files\Wondershare ---------- | C:\Program Files\Common files [02/04/2016 12:29:24] - |D| - [3645192] - C:\Program Files\Common files\AV [26/10/2017 08:40:33] - |D| - [5837304] - C:\Program Files\Common files\avast software [27/11/2015 10:05:05] - |D| - [9013224] - C:\Program Files\Common files\Intel [12/04/2018 01:38:20] - |D| - [143153919] - C:\Program Files\Common files\microsoft shared [12/04/2018 01:38:20] - |D| - [2702] - C:\Program Files\Common files\Services [12/04/2018 01:38:20] - |D| - [10851211] - C:\Program Files\Common files\system ---------- | Tasks [MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [06/06/2018 22:43:02] - |AH| - [6] - C:\WINDOWS\Tasks\SA.DAT [MD5.606B09D841BFD2EE935C69BFB0576837] - [06/06/2018 22:43:02] - |A| - [4562] - C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task : C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [MD5.D49779ECF20B5FEE6136C62B61B2A58A] - [06/06/2018 22:43:02] - |A| - [3754] - C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier : C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_154_pepper.exe [MD5.06539AD46F34F1D6CDDCD52E85EF8418] - [06/06/2018 22:43:02] - |A| - [3450] - C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater : C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [MD5.266ED7AAEAC6EA747FD88B089CA37E61] - [06/06/2018 22:43:02] - |A| - [3990] - C:\WINDOWS\System32\Tasks\Avast Emergency Update : C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [MD5.99A47FC693A01C9BA4D870D6A490E35B] - [12/04/2019 16:23:18] - |A| - [3856] - C:\WINDOWS\System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) : C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [MD5.B7F45D11A051E9ED91976F4E32AB6634] - [12/04/2019 16:23:18] - |A| - [3272] - C:\WINDOWS\System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) : C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [MD5.00000000000000000000000000000000] - [06/06/2018 22:43:02] - |D| - [4086] - C:\WINDOWS\System32\Tasks\AVAST Software [MD5.FB78D3AFC558EA067A5F7005467BB648] - [06/06/2018 22:43:02] - |A| - [3332] - C:\WINDOWS\System32\Tasks\AvastUpdateTaskMachineCore : C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [MD5.97D67316DFBE9542F018E4709530723F] - [06/06/2018 22:43:02] - |A| - [3556] - C:\WINDOWS\System32\Tasks\AvastUpdateTaskMachineUA : C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [MD5.DDE4782967B6A618AF8961DCB05BC99E] - [06/06/2018 22:43:02] - |A| - [3194] - C:\WINDOWS\System32\Tasks\CCleaner Update : C:\Program Files\CCleaner\CCUpdate.exe [MD5.C2116E4115B1E093282D44696FED02B9] - [06/06/2018 22:43:02] - |A| - [2218] - C:\WINDOWS\System32\Tasks\CCleanerSkipUAC : "C:\Program Files\CCleaner\CCleaner.exe" [MD5.1236C41EB05AE3E6EB2D19105B5A6AB3] - [26/07/2019 17:29:39] - |A| - [3144] - C:\WINDOWS\System32\Tasks\ChromiumUpdateTaskMachineCore : C:\Program Files (x86)\Chromium\Update\ChromiumUpdate.exe [MD5.31A2802945618D1F1B53B7AC8C925F79] - [26/07/2019 17:29:39] - |A| - [3368] - C:\WINDOWS\System32\Tasks\ChromiumUpdateTaskMachineUA : C:\Program Files (x86)\Chromium\Update\ChromiumUpdate.exe [MD5.AC72F127127DF62D0A77AE69CAD57AF3] - [26/07/2019 11:45:02] - |A| - [3274] - C:\WINDOWS\System32\Tasks\ChromiumUpdateTaskUserS-1-5-21-313941316-4192098390-2314814383-1001Core : C:\Users\julie\AppData\Local\Chromium\Update\ChromiumUpdate.exe [MD5.64C3F5C71CE52AF5E9C649393C9A74C7] - [26/07/2019 11:45:02] - |A| - [3542] - C:\WINDOWS\System32\Tasks\ChromiumUpdateTaskUserS-1-5-21-313941316-4192098390-2314814383-1001UA : C:\Users\julie\AppData\Local\Chromium\Update\ChromiumUpdate.exe [MD5.69469433CE2EC8E21C06A90721CE1F64] - [06/06/2018 22:43:02] - |A| - [2588] - C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask : C:\WINDOWS\explorer.exe [MD5.00000000000000000000000000000000] - [06/06/2018 22:43:02] - |D| - [2392] - C:\WINDOWS\System32\Tasks\CyberLink [MD5.0A318924823137B7FFCF776C9F827D67] - [06/06/2018 22:43:02] - |A| - [2702] - C:\WINDOWS\System32\Tasks\GarminUpdaterTask : C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [MD5.6057FD3CFC39A45E7289B3E8488E939A] - [06/06/2018 22:43:02] - |A| - [3292] - C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [MD5.6258A485561E916D35B248E4ABFC9455] - [06/06/2018 22:43:02] - |A| - [3516] - C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [MD5.00000000000000000000000000000000] - [06/06/2018 22:43:02] - |D| - [26214] - C:\WINDOWS\System32\Tasks\Lenovo [MD5.00000000000000000000000000000000] - [12/04/2018 01:38:21] - |D| - [618970] - C:\WINDOWS\System32\Tasks\Microsoft [MD5.A8F0979FBF77A1B13ECC45C292010481] - [06/06/2018 22:43:02] - |A| - [2858] - C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-313941316-4192098390-2314814383-1001 : %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe [MD5.00000000000000000000000000000000] - [06/08/2018 14:10:30] - |D| - [3380] - C:\WINDOWS\System32\Tasks\S-1-5-21-313941316-4192098390-2314814383-1001 [MD5.808BE9ADEC30051566678F3D10E9C36E] - [06/06/2018 22:43:02] - |A| - [4176] - C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{664383D0-C1BE-41E9-A90F-ACB04B00A418} : C:\WINDOWS\system32\msfeedssync.exe [MD5.4616BC3952B0337764EB68396F44AE85] - [06/06/2018 22:43:02] - |A| - [2374] - C:\WINDOWS\System32\Tasks\{F1B496F4-6A79-49E6-90C4-C323B05ED6D6} : C:\WINDOWS\system32\pcalua.exe [MD5.00000000000000000000000000000000] - [12/04/2018 01:38:21] - |D| - [0] - C:\WINDOWS\Syswow64\Tasks\Microsoft ---------- | Firewall [HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules] "WiFiDirect-KM-Driver-In-TCP"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=System|Name=@wlansvc.dll,-37378|Desc=@wlansvc.dll,-37890|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "WiFiDirect-KM-Driver-Out-TCP"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=System|Name=@wlansvc.dll,-37379|Desc=@wlansvc.dll,-37891|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "WiFiDirect-KM-Driver-In-UDP"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=System|Name=@wlansvc.dll,-37380|Desc=@wlansvc.dll,-37892|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "WiFiDirect-KM-Driver-Out-UDP"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=System|Name=@wlansvc.dll,-37381|Desc=@wlansvc.dll,-37893|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "DeliveryOptimization-TCP-In"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-102|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE| "DeliveryOptimization-UDP-In"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-103|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE| "Netlogon-NamedPipe-In"=v2.28|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|Name=@netlogon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010| "Netlogon-TCP-RPC-In"=v2.28|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%SystemRoot%\System32\lsass.exe|Name=@netlogon.dll,-1008|Desc=@netlogon.dll,-1009|EmbedCtxt=@netlogon.dll,-1010| "WirelessDisplay-In-TCP"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10200|Desc=@wifidisplay.dll,-10201|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Out-TCP"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10202|Desc=@wifidisplay.dll,-10203|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Out-UDP"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10204|Desc=@wifidisplay.dll,-10205|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Infra-In-TCP"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7250|App=%systemroot%\system32\CastSrv.exe|Name=@wifidisplay.dll,-10206|Desc=@wifidisplay.dll,-10207|EmbedCtxt=@wifidisplay.dll,-100| "{32C4AEAB-FAFA-4CF0-AE5D-E887E5E7F05C}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-21-313941316-4192098390-2314814383-1001|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2:6:2|Platform2=GTEQ| "{C5BE5A0C-CA45-4468-9915-76D71E225254}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Name=Microsoft Pay|Desc=Microsoft Pay|LUOwn=S-1-5-21-313941316-4192098390-2314814383-1001|AppPkgId=S-1-15-2-567501097-281763132-502764112-1855211022-3143306454-2372101908-561929011|EmbedCtxt=Microsoft Pay|Platform=2:6:2|Platform2=GTEQ| "UDP Query User{335B5B19-DE4C-4AE8-A532-37B37EAFA8F1}C:\users\julie\anaconda3\python.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\julie\anaconda3\python.exe|Name=python.exe|Desc=python.exe|Defer=User| "TCP Query User{901C748B-2329-4B03-8E8C-0A3FFF55E9A6}C:\users\julie\anaconda3\python.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\julie\anaconda3\python.exe|Name=python.exe|Desc=python.exe|Defer=User| "{73BAEA74-BB0A-4B96-B462-B6EAC6A6733A}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-18|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2:6:2|Platform2=GTEQ| "UDP Query User{81D01F30-1C35-43C7-921A-1A50621B981D}C:\program files\matlab\r2016b\bin\win64\matlab.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files\matlab\r2016b\bin\win64\matlab.exe|Name=MATLAB R2016b|Desc=MATLAB R2016b|Defer=User| "TCP Query User{FAB2E0E7-15D3-43A9-9CA1-C2D9DFCCAE9A}C:\program files\matlab\r2016b\bin\win64\matlab.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files\matlab\r2016b\bin\win64\matlab.exe|Name=MATLAB R2016b|Desc=MATLAB R2016b|Defer=User| "{6B49AA51-DE1C-422E-AFF0-54392BF5FC5A}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe|Name=SHAREit.exe| "{1ECF7C2A-40BE-4224-9CBF-D1D3202B5FFC}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe|Name=SHAREit.exe| "UDP Query User{DE9014CA-B6AF-4905-9C7A-BCBC19E67FFA}C:\program files\matlab\r2016b\bin\win64\matlab.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files\matlab\r2016b\bin\win64\matlab.exe|Name=MATLAB R2016b|Desc=MATLAB R2016b|Defer=User| "TCP Query User{97DD8E0D-C2C0-4F1A-9845-F64D6FAF6C0E}C:\program files\matlab\r2016b\bin\win64\matlab.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files\matlab\r2016b\bin\win64\matlab.exe|Name=MATLAB R2016b|Desc=MATLAB R2016b|Defer=User| "UDP Query User{7134F9F3-27F4-462D-9DEB-103A2D10AEA5}C:\users\julie\appdata\roaming\spotify\spotify.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\julie\appdata\roaming\spotify\spotify.exe|Name=spotify.exe|Desc=spotify.exe|Defer=User| "TCP Query User{7326AFBF-A5C5-409E-9A30-777F45745FD5}C:\users\julie\appdata\roaming\spotify\spotify.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\julie\appdata\roaming\spotify\spotify.exe|Name=spotify.exe|Desc=spotify.exe|Defer=User| "UDP Query User{01AC055F-366D-4815-8484-F64FC3455D18}C:\users\julie\appdata\roaming\spotify\spotify.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\julie\appdata\roaming\spotify\spotify.exe|Name=spotify.exe|Desc=spotify.exe|Defer=User| "TCP Query User{3D79C33E-1DF5-4F07-A9C7-26378200D0AC}C:\users\julie\appdata\roaming\spotify\spotify.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\julie\appdata\roaming\spotify\spotify.exe|Name=spotify.exe|Desc=spotify.exe|Defer=User| "{6EBC3A51-C506-47E1-8C42-B9919A1CEF9D}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-21-313941316-4192098390-2314814383-500|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2:6:2|Platform2=GTEQ| "{F37876A4-BCAB-4651-8972-DA6891D337AF}"=v2.24|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Lenovo\LenovoPortal\Lenovo.Portal.exe|Name=LenovoPortal| "{CCEF7876-920E-4123-B25D-71AE0F08E004}"=v2.24|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe|Name=Wireless PAN DHCP Server|EmbedCtxt=MyWiFiDHCPDNS| "{CF86B2AD-420B-4C11-9D81-D2BE2CD5F326}"=v2.24|Action=Allow|Active=TRUE|Dir=Out|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-21-313941316-4192098390-2314814383-500|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2:6:2|Platform2=GTEQ| "{C494C106-0BA6-4A0F-A3CD-74A8B8F3A8D3}"=v2.25|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Lenovo\Lenovo Photo Master\subsys\AdvPhotoEditor\PhotoDirector5.exe|Name=Lenovo PhotoPlus Advance Editor|Desc=Lenovo PhotoPlus Advance Editor| "{1A0AEC5F-22E3-4D36-98C8-233653AD07D2}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Users\julie\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (TCP-In) (julie)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE| "{486033C9-F3B5-4595-8EEA-2F915497FEFE}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=C:\Users\julie\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (TCP-Out) (julie)|Desc=Allow µTorrent network traffic| "{C9BAE37D-D3F8-4F15-9AAC-D29431472A2E}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Users\julie\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (UDP-In) (julie)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE| "{1546BADD-C8F7-4BD4-A38A-2424D5524B58}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Users\julie\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (julie)| "{238980E1-7E77-429B-8BBF-0B21C208B4F0}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Users\julie\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (julie)| "{A4563819-16EE-4866-8DD4-B50A3E73AB7C}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=C:\Users\julie\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (UDP-Out) (julie)|Desc=Allow µTorrent network traffic| "TCP Query User{574FC920-47CA-47F8-B1E0-6DF06B68EFDF}C:\windows\system32\settingsynchost.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\windows\system32\settingsynchost.exe|Name=Host Process for Setting Synchronization|Desc=Host Process for Setting Synchronization|Defer=User| "UDP Query User{B16C0F72-7D9D-43A7-A423-CD4CD0FE286B}C:\windows\system32\settingsynchost.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\windows\system32\settingsynchost.exe|Name=Host Process for Setting Synchronization|Desc=Host Process for Setting Synchronization|Defer=User| "TCP Query User{457AA551-B7DE-4666-96B2-5833BDC2F5A0}C:\users\julie\anaconda3\python.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\julie\anaconda3\python.exe|Name=python.exe|Desc=python.exe|Defer=User| "UDP Query User{7487709B-FD11-43CB-8081-2F6BAA9E4051}C:\users\julie\anaconda3\python.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\julie\anaconda3\python.exe|Name=python.exe|Desc=python.exe|Defer=User| "TCP Query User{3A72EC0F-883F-462F-85BF-CD3D39EA4B37}C:\users\julie\anaconda3\pythonw.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\julie\anaconda3\pythonw.exe|Name=pythonw.exe|Desc=pythonw.exe|Defer=User| "UDP Query User{86795D96-5AAD-4C1F-A711-AD64F85AF301}C:\users\julie\anaconda3\pythonw.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\julie\anaconda3\pythonw.exe|Name=pythonw.exe|Desc=pythonw.exe|Defer=User| "{B179BA70-9A6E-48B4-A374-4CF67A3AA824}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-18|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2:6:2|Platform2=GTEQ| "{102BE1F9-A61C-493A-B16C-F42706C4723E}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Win32WebViewHost|Desc=Win32WebViewHost|LUOwn=S-1-5-21-313941316-4192098390-2314814383-1001|AppPkgId=S-1-15-2-1310292540-1029022339-4008023048-2190398717-53961996-4257829345-603366646|EmbedCtxt=Win32WebViewHost|Platform=2:6:2|Platform2=GTEQ| "{CD9C6D44-75AC-4ADA-BB68-A82BFD525975}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Win32WebViewHost|Desc=Win32WebViewHost|LUOwn=S-1-5-21-313941316-4192098390-2314814383-1001|AppPkgId=S-1-15-2-1310292540-1029022339-4008023048-2190398717-53961996-4257829345-603366646|EmbedCtxt=Win32WebViewHost|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{8FEFC4E3-EB6D-4A4E-B347-AC2A8BB16B30}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Shell Input Application|Desc=Shell Input Application|LUOwn=S-1-5-21-313941316-4192098390-2314814383-1001|AppPkgId=S-1-15-2-3945102849-3632965805-3846928828-240845225-3300287824-62672950-817265009|EmbedCtxt=Shell Input Application|Platform=2:6:2|Platform2=GTEQ| "{2F7C1547-CC60-4CFC-88E6-14E605A2C82D}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\CCleaner\CCUpdate.exe|Name=CCleaner Update| "{54B64481-7095-49B8-A896-57C9F325E341}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\CCleaner\CCUpdate.exe|Name=CCleaner Update| "{A4031999-97AA-432B-945E-14774F6A2134}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox gaming overlay|Desc=Xbox gaming overlay|LUOwn=S-1-5-21-313941316-4192098390-2314814383-1001|AppPkgId=S-1-15-2-1714399563-1326177402-2048222277-143663168-2151391019-765408921-4098702777|EmbedCtxt=Xbox gaming overlay|Platform=2:6:2|Platform2=GTEQ| "TCP Query User{49608193-6BCB-46C7-A44D-E5A5BD241D0E}C:\users\julie\desktop\dossiers\etudes\université\besançon 18-19\tp\tp9\imagej\imagej.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\julie\desktop\dossiers\etudes\université\besançon 18-19\tp\tp9\imagej\imagej.exe|Name=imagej.exe|Desc=imagej.exe|Defer=User| "UDP Query User{4393DA97-61EB-4A21-9B0B-DF127E0D509E}C:\users\julie\desktop\dossiers\etudes\université\besançon 18-19\tp\tp9\imagej\imagej.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\julie\desktop\dossiers\etudes\université\besançon 18-19\tp\tp9\imagej\imagej.exe|Name=imagej.exe|Desc=imagej.exe|Defer=User| "TCP Query User{7959A966-EBFB-4A4A-9CD6-5E93E16A0238}C:\users\julie\anaconda3\pythonw.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\julie\anaconda3\pythonw.exe|Name=pythonw.exe|Desc=pythonw.exe|Defer=User| "UDP Query User{048C5D66-7AC2-4460-9ACF-B3BD8D374941}C:\users\julie\anaconda3\pythonw.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\julie\anaconda3\pythonw.exe|Name=pythonw.exe|Desc=pythonw.exe|Defer=User| "{EAA3036F-0B45-4768-BD0A-E5176C4FE796}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox TCUI|Desc=Xbox TCUI|LUOwn=S-1-5-21-313941316-4192098390-2314814383-1001|AppPkgId=S-1-15-2-2603511428-3224021693-1028932517-3941269705-3349582775-2312504883-4057327947|EmbedCtxt=Xbox TCUI|Platform=2:6:2|Platform2=GTEQ| "TCP Query User{1AD0024C-18A8-478E-A1FB-A54B8B2923BA}C:\users\julie\desktop\dossiers\etudes\université\besançon 18-19\tp\tp9\imagej\imagej.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\julie\desktop\dossiers\etudes\université\besançon 18-19\tp\tp9\imagej\imagej.exe|Name=imagej.exe|Desc=imagej.exe|Defer=User| "UDP Query User{EEF42326-70A6-4259-9A87-2EC3094F5CE4}C:\users\julie\desktop\dossiers\etudes\université\besançon 18-19\tp\tp9\imagej\imagej.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\julie\desktop\dossiers\etudes\université\besançon 18-19\tp\tp9\imagej\imagej.exe|Name=imagej.exe|Desc=imagej.exe|Defer=User| "{9C059625-1EA6-45C1-BB8F-E0D2884FA18A}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Facebook|Desc=Facebook|LUOwn=S-1-5-21-313941316-4192098390-2314814383-1001|AppPkgId=S-1-15-2-3324467646-4197585051-1359281946-1224535466-457027138-2879639353-3757999841|EmbedCtxt=Facebook|Platform=2:6:2|Platform2=GTEQ| "{B6AB41DE-3915-417C-8D8D-4FA53DC1B849}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{LenovoCorporation.LenovoID_2.0.37.0_x86__4642shxvsv8s2?ms-resource://LenovoCorporation.LenovoID/Resources/DisplayName}|Desc=@{LenovoCorporation.LenovoID_2.0.37.0_x86__4642shxvsv8s2?ms-resource://LenovoCorporation.LenovoID/Resources/DisplayName}|LUOwn=S-1-5-21-313941316-4192098390-2314814383-1001|AppPkgId=S-1-15-2-1739223337-1177984934-722485270-445606100-3168345968-3693140498-1001633489|EmbedCtxt=@{LenovoCorporation.LenovoID_2.0.37.0_x86__4642shxvsv8s2?ms-resource://LenovoCorporation.LenovoID/Resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ| "{132E14F7-F9D2-43DB-9AB7-EAFD584578F7}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Netflix|Desc=Netflix|LUOwn=S-1-5-21-313941316-4192098390-2314814383-1001|AppPkgId=S-1-15-2-444797119-353723001-3522112724-563070080-1809981734-922308773-1844997097|EmbedCtxt=Netflix|Platform=2:6:2|Platform2=GTEQ| "{BCC9FBA1-69DD-42DA-9301-CC919C8D4890}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Netflix|Desc=Netflix|LUOwn=S-1-5-21-313941316-4192098390-2314814383-1001|AppPkgId=S-1-15-2-444797119-353723001-3522112724-563070080-1809981734-922308773-1844997097|EmbedCtxt=Netflix|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{5654E2E6-CFEC-433A-AD73-2C27DB950B14}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=HP Smart|Desc=HP Smart|LUOwn=S-1-5-21-313941316-4192098390-2314814383-1001|AppPkgId=S-1-15-2-744533573-2444454674-265863901-3215465728-4115286053-1341080355-789689510|EmbedCtxt=HP Smart|Platform=2:6:2|Platform2=GTEQ| "{B8B54FAF-1B5B-4129-B3C7-1E08B01435A3}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=HP Smart|Desc=HP Smart|LUOwn=S-1-5-21-313941316-4192098390-2314814383-1001|AppPkgId=S-1-15-2-744533573-2444454674-265863901-3215465728-4115286053-1341080355-789689510|EmbedCtxt=HP Smart|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{35919913-E95C-4910-92FF-4226BB106BA2}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe|Name=Avast Secure Browser (mDNS-In)|Desc=Règle de trafic entrant pour Avast Secure Browser autorisant le trafic mDNS|EmbedCtxt=Avast Secure Browser| "{75F70124-DC93-48D5-9335-AEBA737DC67E}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox Game Bar Plugin|Desc=Xbox Game Bar Plugin|LUOwn=S-1-5-21-313941316-4192098390-2314814383-1001|AppPkgId=S-1-15-2-1823635404-1364722122-2170562666-1762391777-2399050872-3465541734-3732476201|EmbedCtxt=Xbox Game Bar Plugin|Platform=2:6:2|Platform2=GTEQ| "{7AF64AAE-F8D7-4EF6-87CD-34C27A39105D}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files (x86)\Google\Chrome\Application\chrome.exe|Name=Google Chrome (mDNS-In)|Desc=Règle de trafic entrant pour Google Chrome autorisant le trafic mDNS|EmbedCtxt=Google Chrome| "{FD91B98B-C7ED-4964-ACE5-EE2BE5C93A95}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-313941316-4192098390-2314814383-1001|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ| "{B132B706-7CA2-4B92-B068-1E26671F6D92}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-313941316-4192098390-2314814383-1001|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ| "{49B721B7-A7CC-4D78-B3ED-809419684B3E}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xerox Print Experience|Desc=Xerox Print Experience|LUOwn=S-1-5-21-313941316-4192098390-2314814383-1001|AppPkgId=S-1-15-2-1375605007-1101320117-3040504297-2038252773-852520260-593594363-4002695151|EmbedCtxt=Xerox Print Experience|Platform=2:6:2|Platform2=GTEQ| "{04E08A5D-68A3-4E89-9903-209D5030B11F}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Xerox Print Experience|Desc=Xerox Print Experience|LUOwn=S-1-5-21-313941316-4192098390-2314814383-1001|AppPkgId=S-1-15-2-1375605007-1101320117-3040504297-2038252773-852520260-593594363-4002695151|EmbedCtxt=Xerox Print Experience|Platform=2:6:2|Platform2=GTEQ| "{03702736-180E-4005-AC28-EB04FAEB8020}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Lenovo Settings|Desc=Lenovo Settings|LUOwn=S-1-5-21-313941316-4192098390-2314814383-1001|AppPkgId=S-1-15-2-2347044602-2006291027-2778961148-400699338-2240359354-266753004-2519498824|EmbedCtxt=Lenovo Settings|Platform=2:6:2|Platform2=GTEQ| "{8662E1A9-0C7E-4180-ACE2-97331AE3E58C}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Lenovo Settings|Desc=Lenovo Settings|LUOwn=S-1-5-21-313941316-4192098390-2314814383-1001|AppPkgId=S-1-15-2-2347044602-2006291027-2778961148-400699338-2240359354-266753004-2519498824|EmbedCtxt=Lenovo Settings|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|TTK=Proximity| "{96C1C9DA-944C-4FFE-B024-4D5BD996D363}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Public|IFType=Wireless|Name=Lenovo Settings|Desc=Lenovo Settings|LUOwn=S-1-5-21-313941316-4192098390-2314814383-1001|AppPkgId=S-1-15-2-2347044602-2006291027-2778961148-400699338-2240359354-266753004-2519498824|EmbedCtxt=Lenovo Settings|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|TTK2_22=WFDDevices| "{BEB7220B-8028-4B6A-94B5-602752253883}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Name=Lenovo Settings|Desc=Lenovo Settings|LUOwn=S-1-5-21-313941316-4192098390-2314814383-1001|AppPkgId=S-1-15-2-2347044602-2006291027-2778961148-400699338-2240359354-266753004-2519498824|EmbedCtxt=Lenovo Settings|Platform=2:6:2|Platform2=GTEQ|TTK=Proximity| "{8EC5FD94-0E6E-4BDE-A45A-C6164E8AC423}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Public|IFType=Wireless|Name=Lenovo Settings|Desc=Lenovo Settings|LUOwn=S-1-5-21-313941316-4192098390-2314814383-1001|AppPkgId=S-1-15-2-2347044602-2006291027-2778961148-400699338-2240359354-266753004-2519498824|EmbedCtxt=Lenovo Settings|Platform=2:6:2|Platform2=GTEQ|TTK2_22=WFDDevices| "{F47C0D1D-F822-4459-A095-327EB77CF337}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Sway|Desc=Sway|LUOwn=S-1-5-21-313941316-4192098390-2314814383-1001|AppPkgId=S-1-15-2-584073948-3292409011-2882754242-2237763630-1999038865-1049037702-4080706152|EmbedCtxt=Sway|Platform=2:6:2|Platform2=GTEQ| "{CA869245-6952-4A13-9500-FAF0B5F469D7}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{25529kineapps.MyCalendar_3.2.72.0_x64__4a6d1yza056d2?ms-resource://25529kineapps.MyCalendar/Resources/ApplicationName}|Desc=@{25529kineapps.MyCalendar_3.2.72.0_x64__4a6d1yza056d2?ms-resource://25529kineapps.MyCalendar/Resources/ApplicationName}|LUOwn=S-1-5-21-313941316-4192098390-2314814383-1001|AppPkgId=S-1-15-2-3658455969-1014918655-1342107714-1905933838-1989489639-732552332-224809535|EmbedCtxt=@{25529kineapps.MyCalendar_3.2.72.0_x64__4a6d1yza056d2?ms-resource://25529kineapps.MyCalendar/Resources/ApplicationName}|Platform=2:6:2|Platform2=GTEQ| "{4147352A-1A4C-4116-9C27-E70186F250B0}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=@{25529kineapps.MyCalendar_3.2.72.0_x64__4a6d1yza056d2?ms-resource://25529kineapps.MyCalendar/Resources/ApplicationName}|Desc=@{25529kineapps.MyCalendar_3.2.72.0_x64__4a6d1yza056d2?ms-resource://25529kineapps.MyCalendar/Resources/ApplicationName}|LUOwn=S-1-5-21-313941316-4192098390-2314814383-1001|AppPkgId=S-1-15-2-3658455969-1014918655-1342107714-1905933838-1989489639-732552332-224809535|EmbedCtxt=@{25529kineapps.MyCalendar_3.2.72.0_x64__4a6d1yza056d2?ms-resource://25529kineapps.MyCalendar/Resources/ApplicationName}|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{1F7F4054-F37B-4BD5-B270-17851BA7980B}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{E046963F.LenovoCompanion_4.27.32.0_x86__k1h2ywk1493x8?ms-resource://E046963F.LenovoCompanion/Resources/AppName}|Desc=@{E046963F.LenovoCompanion_4.27.32.0_x86__k1h2ywk1493x8?ms-resource://E046963F.LenovoCompanion/Resources/AppName}|LUOwn=S-1-5-21-313941316-4192098390-2314814383-1001|AppPkgId=S-1-15-2-4089219695-2918877493-2298198654-3910773282-1202009102-2725390625-3479975918|EmbedCtxt=@{E046963F.LenovoCompanion_4.27.32.0_x86__k1h2ywk1493x8?ms-resource://E046963F.LenovoCompanion/Resources/AppName}|Platform=2:6:2|Platform2=GTEQ| "{4EF79DBB-A5D0-4C12-BF3E-E25BE20E8CAC}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{E046963F.LenovoCompanion_4.27.32.0_x86__k1h2ywk1493x8?ms-resource://E046963F.LenovoCompanion/Resources/AppName}|Desc=@{E046963F.LenovoCompanion_4.27.32.0_x86__k1h2ywk1493x8?ms-resource://E046963F.LenovoCompanion/Resources/AppName}|LUOwn=S-1-5-21-313941316-4192098390-2314814383-1001|AppPkgId=S-1-15-2-4089219695-2918877493-2298198654-3910773282-1202009102-2725390625-3479975918|EmbedCtxt=@{E046963F.LenovoCompanion_4.27.32.0_x86__k1h2ywk1493x8?ms-resource://E046963F.LenovoCompanion/Resources/AppName}|Platform=2:6:2|Platform2=GTEQ| "{BDD0AAD5-6FE9-486C-B647-EE449F557A0E}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=@{E046963F.LenovoCompanion_4.27.32.0_x86__k1h2ywk1493x8?ms-resource://E046963F.LenovoCompanion/Resources/AppName}|Desc=@{E046963F.LenovoCompanion_4.27.32.0_x86__k1h2ywk1493x8?ms-resource://E046963F.LenovoCompanion/Resources/AppName}|LUOwn=S-1-5-21-313941316-4192098390-2314814383-1001|AppPkgId=S-1-15-2-4089219695-2918877493-2298198654-3910773282-1202009102-2725390625-3479975918|EmbedCtxt=@{E046963F.LenovoCompanion_4.27.32.0_x86__k1h2ywk1493x8?ms-resource://E046963F.LenovoCompanion/Resources/AppName}|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|TTK=Proximity| "{F91EC74C-859D-466C-84F8-7EFF4791B890}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Public|IFType=Wireless|Name=@{E046963F.LenovoCompanion_4.27.32.0_x86__k1h2ywk1493x8?ms-resource://E046963F.LenovoCompanion/Resources/AppName}|Desc=@{E046963F.LenovoCompanion_4.27.32.0_x86__k1h2ywk1493x8?ms-resource://E046963F.LenovoCompanion/Resources/AppName}|LUOwn=S-1-5-21-313941316-4192098390-2314814383-1001|AppPkgId=S-1-15-2-4089219695-2918877493-2298198654-3910773282-1202009102-2725390625-3479975918|EmbedCtxt=@{E046963F.LenovoCompanion_4.27.32.0_x86__k1h2ywk1493x8?ms-resource://E046963F.LenovoCompanion/Resources/AppName}|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|TTK2_22=WFDDevices| "{8A5015BB-953D-4D7E-9EB6-B6A161A8BBF0}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Public|IFType=Wireless|Name=@{E046963F.LenovoCompanion_4.27.32.0_x86__k1h2ywk1493x8?ms-resource://E046963F.LenovoCompanion/Resources/AppName}|Desc=@{E046963F.LenovoCompanion_4.27.32.0_x86__k1h2ywk1493x8?ms-resource://E046963F.LenovoCompanion/Resources/AppName}|LUOwn=S-1-5-21-313941316-4192098390-2314814383-1001|AppPkgId=S-1-15-2-4089219695-2918877493-2298198654-3910773282-1202009102-2725390625-3479975918|EmbedCtxt=@{E046963F.LenovoCompanion_4.27.32.0_x86__k1h2ywk1493x8?ms-resource://E046963F.LenovoCompanion/Resources/AppName}|Platform=2:6:2|Platform2=GTEQ|TTK2_22=WFDDevices| "{1D0D7E41-30EF-4988-985F-D26F179125E6}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Print 3D|Desc=Print 3D|LUOwn=S-1-5-21-313941316-4192098390-2314814383-1001|AppPkgId=S-1-15-2-4177018473-2823706547-3652141868-2730301309-560159678-43221128-488844051|EmbedCtxt=Print 3D|Platform=2:6:2|Platform2=GTEQ| "{E8978BF9-122D-41F2-BA33-04AA31845D80}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Print 3D|Desc=Print 3D|LUOwn=S-1-5-21-313941316-4192098390-2314814383-1001|AppPkgId=S-1-15-2-4177018473-2823706547-3652141868-2730301309-560159678-43221128-488844051|EmbedCtxt=Print 3D|Platform=2:6:2|Platform2=GTEQ| "{AA357F15-05A1-409B-9B37-0F511AA95867}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=PDF Document Scanner|Desc=PDF Document Scanner|LUOwn=S-1-5-21-313941316-4192098390-2314814383-1001|AppPkgId=S-1-15-2-1088521170-3356117522-2354084286-850298340-3297292260-1309001026-2803439657|EmbedCtxt=PDF Document Scanner|Platform=2:6:2|Platform2=GTEQ| "{A0658CAA-EFCB-4798-A029-7FA9BE934FDF}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=PDF Document Scanner|Desc=PDF Document Scanner|LUOwn=S-1-5-21-313941316-4192098390-2314814383-1001|AppPkgId=S-1-15-2-1088521170-3356117522-2354084286-850298340-3297292260-1309001026-2803439657|EmbedCtxt=PDF Document Scanner|Platform=2:6:2|Platform2=GTEQ| "{BE2911CF-65C0-48AD-83CD-459C708DD11A}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Houzz|Desc=Houzz|LUOwn=S-1-5-21-313941316-4192098390-2314814383-1001|AppPkgId=S-1-15-2-710836851-3437960197-3124813297-1117780211-532123803-2479421734-2060993970|EmbedCtxt=Houzz|Platform=2:6:2|Platform2=GTEQ| "{A756963D-9F17-4D5C-BBF0-8C70BE160CB3}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files\BlueStacks\HD-Player.exe|Name=BlueStacks Service| "{B391BDBF-E3C0-4804-A20F-9668D48F34D1}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=3D Builder|Desc=3D Builder|LUOwn=S-1-5-21-313941316-4192098390-2314814383-1001|AppPkgId=S-1-15-2-3995430443-3719053022-3339397951-2895237338-2437516106-1575886070-2755610054|EmbedCtxt=3D Builder|Platform=2:6:2|Platform2=GTEQ| "{EB64662E-38CE-4B3B-83D5-CDD7AB52B54C}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=3D Builder|Desc=3D Builder|LUOwn=S-1-5-21-313941316-4192098390-2314814383-1001|AppPkgId=S-1-15-2-3995430443-3719053022-3339397951-2895237338-2437516106-1575886070-2755610054|EmbedCtxt=3D Builder|Platform=2:6:2|Platform2=GTEQ| "{875BF14A-B9D5-472F-B166-6A121D7EFB77}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Sticky Notes|Desc=Microsoft Sticky Notes|LUOwn=S-1-5-21-313941316-4192098390-2314814383-1001|AppPkgId=S-1-15-2-3539788797-2700867667-1432428195-1581642-2885308443-3834444517-2495346167|EmbedCtxt=Microsoft Sticky Notes|Platform=2:6:2|Platform2=GTEQ| "{992604B1-561F-44A0-BF35-9FF329207390}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Microsoft Sticky Notes|Desc=Microsoft Sticky Notes|LUOwn=S-1-5-21-313941316-4192098390-2314814383-1001|AppPkgId=S-1-15-2-3539788797-2700867667-1432428195-1581642-2885308443-3834444517-2495346167|EmbedCtxt=Microsoft Sticky Notes|Platform=2:6:2|Platform2=GTEQ| "{27379E3E-FD91-4BDE-9785-D96FD802E938}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-313941316-4192098390-2314814383-1001|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ| "{70E76FD0-4BEE-4424-A1ED-F64EF09D4ED4}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-313941316-4192098390-2314814383-1001|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ| ---------- | Control\Class [HKLM\SYSTEM\CurrentControlSet\Control\Class\{05f5cfe2-4733-4950-a6bb-07aad01a3a84}] : (XboxComposite) [] -> @dc1-controller.inf,%ClassName%;Xbox Peripherals [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1264760F-A5C8-4BFE-B314-D56A7B44A362}] : (DXGKrnl) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{13e42dfa-85d9-424d-8646-28a70f864f9c}] : (RemotePosDevice) [] -> @remoteposdrv.inf,%ClassName%;POS Remote Device [HKLM\SYSTEM\CurrentControlSet\Control\Class\{14b62f50-3f15-11dd-ae16-0800200c9a66}] : (DigitalMediaDevices) [] -> @digitalmediadevice.inf,%ClassName%;Digital Media Devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{177b1d2a-679c-4093-98bf-fd6999695d3b}] : (LenovoVhid) [] -> @oem12.inf,%ClassName%;Lenovo Vhid Device [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}] : (PrintQueue) [] -> @printqueue.inf,%ClassName%;Print queues [HKLM\SYSTEM\CurrentControlSet\Control\Class\{25dbce51-6c8f-4a72-8a6d-b54c2b4fc835}] : (WCEUSBS) [] -> @%SystemRoot%\System32\SysClass.Dll,-3026 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{268c95a1-edfe-11d3-95c3-0010dc4050a5}] : (SecurityAccelerator) [] -> @c_sslaccel.inf,%ClassName%;Security accelerators [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2a9fe532-0cdc-44f9-9827-76192f2ca2fb}] : (HidMsr) [] -> @c_magneticstripereader.inf,%ClassName%;POS HID Magnetic Stripe Reader [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2db15374-706e-4131-a0c7-d7c78eb0289a}] : (SystemRecovery) [] -> @c_fssystemrecovery.inf,%ClassDesc%;FS System recovery filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2EA9B43F-3045-43B5-80F2-FD06C55FBB90}] : (vhdmp) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B648}] : (fvevol) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B649}] : (fvevol) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{36fc9e60-c465-11cf-8056-444553540000}] : (USB) [] -> @%SystemRoot%\System32\SysClass.Dll,-3025 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3e3f0674-c83c-4558-bb26-9820e1eba5c5}] : (ContentScreener) [] -> @c_fscontentscreener.inf,%ClassDesc%;FS Content screener filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{43675d81-502a-4a82-9f84-b75f418c5dea}] : (Media Center Extender) [] -> @c_mcx.inf,%ClassDesc%;Media Center Extenders [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4658ee7e-f050-11d1-b6bd-00c04fa372a7}] : (PnpPrinters) [] -> @%SystemRoot%\system32\ntprint.dll,-1300 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{48721b56-6795-11d2-b1a8-0080c72e74a2}] : (Dot4) [] -> @%SystemRoot%\system32\sysclass.dll,-3023 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{48d3ebc4-4cf8-48ff-b869-9c68ad42eb9f}] : (Replication) [] -> @c_fsreplication.inf,%ClassDesc%;FS Replication filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{49ce6ac8-6f86-11d2-b1e5-0080c72e74a2}] : (Dot4Print) [] -> @%SystemRoot%\system32\sysclass.dll,-3024 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e965-e325-11ce-bfc1-08002be10318}] : (CDROM) [] -> @%SystemRoot%\System32\StorProp.dll,-17001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e966-e325-11ce-bfc1-08002be10318}] : (Computer) [] -> @%SystemRoot%\System32\SysClass.dll,-3000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}] : (DiskDrive) [] -> @c_diskdrive.inf,%ClassDesc%;Disk drives [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}] : (Display) [] -> @c_display.inf,%ClassDesc%;Display adapters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e969-e325-11ce-bfc1-08002be10318}] : (FDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3013 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96a-e325-11ce-bfc1-08002be10318}] : (HDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96b-e325-11ce-bfc1-08002be10318}] : (Keyboard) [] -> @%SystemRoot%\System32\SysClass.Dll,-3002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96c-e325-11ce-bfc1-08002be10318}] : (MEDIA) [] -> @%SystemRoot%\System32\mmci.dll,-3000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}] : (Modem) [] -> @%SystemRoot%\System32\mdminst.dll,-14100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96e-e325-11ce-bfc1-08002be10318}] : (Monitor) [] -> @c_monitor.inf,%ClassDesc%;Monitors [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96f-e325-11ce-bfc1-08002be10318}] : (Mouse) [] -> @%SystemRoot%\System32\SysClass.Dll,-3004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e970-e325-11ce-bfc1-08002be10318}] : (MTD) [] -> @%SystemRoot%\System32\SysClass.Dll,-3021 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e971-e325-11ce-bfc1-08002be10318}] : (MultiFunction) [] -> @%SystemRoot%\System32\SysClass.Dll,-3014 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}] : (Net) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1502 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e973-e325-11ce-bfc1-08002be10318}] : (NetClient) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1504 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e974-e325-11ce-bfc1-08002be10318}] : (NetService) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1505 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e975-e325-11ce-bfc1-08002be10318}] : (NetTrans) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1503 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e977-e325-11ce-bfc1-08002be10318}] : (PCMCIA) [] -> @%SystemRoot%\System32\SysClass.Dll,-3010 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e978-e325-11ce-bfc1-08002be10318}] : (Ports) [] -> @%SystemRoot%\System32\msports.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e979-e325-11ce-bfc1-08002be10318}] : (Printer) [] -> @%SystemRoot%\system32\ntprint.dll,-1004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97b-e325-11ce-bfc1-08002be10318}] : (SCSIAdapter) [] -> @%SystemRoot%\System32\SysClass.Dll,-3005 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97d-e325-11ce-bfc1-08002be10318}] : (System) [] -> @%SystemRoot%\System32\SysClass.Dll,-3008 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97e-e325-11ce-bfc1-08002be10318}] : (Unknown) [] -> @%SystemRoot%\System32\SysClass.Dll,-3009 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e980-e325-11ce-bfc1-08002be10318}] : (FloppyDisk) [] -> @%SystemRoot%\System32\SysClass.Dll,-3015 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4fc9541c-0fe6-4480-a4f6-9495a0d17cd2}] : (HidLineDisplay) [] -> @c_linedisplay.inf,%ClassName%;POS Line Display [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50127dc3-0f36-415e-a6cc-4cb3be910b65}] : (Processor) [] -> @c_processor.inf,%ClassDesc%;Processors [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50906cb8-ba12-11d1-bf5d-0000f805f530}] : (MultiPortSerial) [] -> @%SystemRoot%\system32\sysclass.dll,-3022 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5099944a-f6b9-4057-a056-8c550228544c}] : (Memory) [] -> @%SystemRoot%\System32\SysClass.Dll,-3018 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50dd5230-ba8a-11d1-bf5d-0000f805f530}] : (SmartCardReader) [] -> @%SystemRoot%\System32\StorProp.dll,-17002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5175d334-c371-4806-b3ba-71fd53c9258d}] : (Sensor) [] -> @%SystemRoot%\system32\SensorsCpl.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{533c5b84-ec70-11d2-9505-00c04f79deaf}] : (VolumeSnapshot) [] -> @%SystemRoot%\System32\SysClass.Dll,-3011 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53487c23-680f-4585-acc3-1f10d6777e82}] : (SmrDisk) [] -> @c_smrdisk.inf,%ClassDesc%;Shingled magnetic recording disks [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53966cb1-4d46-4166-bf23-c522403cd495}] : (ScmDisk) [] -> @c_scmdisk.inf,%ClassDesc%;Persistent memory disks [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53b3cf03-8f5a-4788-91b6-d19ed9fcccbf}] : (SmrVolume) [] -> @c_smrvolume.inf,%ClassDesc%;Shingled magnetic recording volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53ccb149-e543-4c84-b6e0-bce4f6b7e806}] : (ScmVolume) [] -> @c_scmvolume.inf,%ClassDesc%;Storage Class Memory volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53d29ef7-377c-4d14-864b-eb3a85769359}] : (Biometric) [] -> @%SystemRoot%\System32\SysClass.DLL,-3028 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5630831c-06c9-4856-b327-f5d32586e060}] : (Proximity) [] -> @c_proximity.inf,%ClassDesc%;Proximity devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5989fce8-9cd0-467d-8a6a-5419e31529d4}] : (AudioProcessingObject) [] -> @c_apo.inf,%ClassDesc%;Audio Processing Objects (APOs) [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5aea001d-9372-4ed7-97f3-b79bf15a53c5}] : (OposLegacyDevice) [] -> @oposdrv.inf,%ClassName%;OPOS Legacy Device [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5c4c3332-344d-483c-8739-259e934c9cc8}] : (SoftwareComponent) [] -> @c_swcomponent.inf,%ClassDesc%;Software components [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5d1b9aaa-01e2-46af-849f-272b3f324c46}] : (FSFilterSystem) [] -> @c_fssystem.inf,%ClassDesc%;FS System filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{62f9c741-b25a-46ce-b54c-9bccce08b6f2}] : (SoftwareDevice) [] -> @c_swdevice.inf,%ClassDesc%;Software devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{645ad99b-1344-4316-837a-08a3e73db222}] : (PerceptionSimulation) [] -> @PerceptionSimulationSixDof.inf,%ClassName%;Perception Simulation Controllers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6a0a8e78-bba6-4fc4-a709-1e33cd09d67e}] : (PhysicalQuotaManagement) [] -> @c_fsphysicalquotamgmt.inf,%ClassDesc%;FS Physical quota management filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc1-810f-11d0-bec7-08002be2092f}] : (1394) [] -> @%SystemRoot%\System32\SysClass.Dll,-3016 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc5-810f-11d0-bec7-08002be2092f}] : (Infrared) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1501 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc6-810f-11d0-bec7-08002be2092f}] : (Image) [] -> @%SystemRoot%\system32\sti_ci.dll,-52 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6d807884-7d21-11cf-801c-08002be10318}] : (TapeDrive) [] -> @%SystemRoot%\System32\SysClass.Dll,-3006 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6FAE73B7-B735-4B50-A0DA-0DC2484B1F1A}] : (BasicDisplay) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{71a27cdd-812a-11d0-bec7-08002be2092f}] : (Volume) [] -> @c_volume.inf,%ClassDesc%;Storage volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{71aa14f8-6fad-4622-ad77-92bb9d7e6947}] : (ContinuousBackup) [] -> @c_fscontinuousbackup.inf,%ClassDesc%;FS Continuous backup filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{72631e54-78a4-11d0-bcf7-00aa00b7b32a}] : (Battery) [] -> @%SystemRoot%\system32\powrprof.dll,-611 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{745a17a0-74d3-11d0-b6fe-00a0c90f57da}] : (HIDClass) [] -> @%SystemRoot%\System32\hid.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{772e18f2-8925-4229-a5ac-6453cb482fda}] : (HidCashDrawer) [] -> @c_cashdrawer.inf,%ClassName%;POS Cash Drawer [HKLM\SYSTEM\CurrentControlSet\Control\Class\{78A1C341-4539-11D3-B88D-00C04FAD5171}] : (mfesapsn) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{7ebefbc0-3200-11d2-b4c2-00a0c9697d07}] : (61883) [] -> @%SystemRoot%\System32\SysClass.Dll,-3019 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{81C87465-DE07-4EFC-9D93-61E891D52FD2}] : (RdpVideoMiniport) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8503c911-a6c7-4919-8f79-5028f5866b0c}] : (QuotaManagement) [] -> @c_fsquotamgmt.inf,%ClassDesc%;FS Quota management filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{87ef9ad1-8f70-49ee-b215-ab1fcadcbe3c}] : (NetDriver) [] -> @c_netdriver.inf,%ClassDesc%;Universal Network Drivers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{88a1c342-4539-11d3-b88d-00c04fad5171}] : (TS_Generic) [] -> @ts_generic.inf,%TSClassName%;Generic Remote Desktop devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{88bae032-5a81-49f0-bc3d-a4ff138216d6}] : (USBDevice) [] -> @%SystemRoot%\System32\SysClass.Dll,-3029 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{89786ff1-9c12-402f-9c9e-17753c7f4375}] : (CopyProtection) [] -> @c_fscopyprotection.inf,%ClassDesc%;FS Copy protection filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8ecc055d-047f-11d1-a537-0000f8753ed1}] : (LegacyDriver) [] -> @%SystemRoot%\System32\SysClass.Dll,-3003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{990a2bd7-e738-46c7-b26f-1cf8fb9f1391}] : (SmartCard) [] -> @%SystemRoot%\System32\SysClass.DLL,-3031 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{9da2b80f-f89f-4a49-a5c2-511b085b9e8a}] : (EhStorSilo) [] -> @rawsilo.inf,%ClassName%;IEEE 1667 silo and control devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a588a4-c46f-4b37-b7ea-c82fe89870c6}] : (SDHost) [] -> @%SystemRoot%\System32\SysClass.Dll,-3012 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a701c0-a511-42ff-aa6c-06dc0395576f}] : (Encryption) [] -> @c_fsencryption.inf,%ClassDesc%;FS Encryption filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{A3E32DBA-BA89-4F17-8386-2D0127FBD4CC}] : (rdpbus) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b1d1a169-c54f-4379-81db-bee7d88d7454}] : (AntiVirus) [] -> @c_fsantivirus.inf,%ClassDesc%;FS Anti-virus filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b2728d24-ac56-42db-9e02-8edaf5db652f}] : (RDCamera) [] -> @rdcameradriver.inf,%ClassName%;Remote Desktop Camera devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b86dff51-a31e-4bac-b3cf-e8cfe75c9fc2}] : (ActivityMonitor) [] -> @c_fsactivitymonitor.inf,%ClassDesc%;FS Activity monitor filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{bbbe8734-08fa-4966-b6a6-4e5ad010cdd7}] : (USBFunctionController) [] -> @%SystemRoot%\System32\SysClass.Dll,-3030 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c06ff265-ae09-48f0-812c-16753d7cba83}] : (AVC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3027 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c166523c-fe0c-4a94-a586-f1a80cfbbf3e}] : (AudioEndpoint) [] -> @audioendpoint.inf,%ClassName%;Audio inputs and outputs [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c243ffbd-3afc-45e9-b3d3-2ba18bc7ebc5}] : (BarcodeScanner) [] -> @c_barcodescanner.inf,%ClassName%;POS Barcode Scanner [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c3077fcd-9c3c-482f-9317-460712f23efd}] : (DPTF) [] -> @oem43.inf,%ClassName%;Intel(R) Dynamic Platform and Thermal Framework [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c30ecea0-11ef-4ef9-b02e-6af81e6e65c0}] : (WSDPrintDevice) [] -> @wsdprint.inf,%ClassName%;WSD Print Provider [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c7bc9b22-21f0-4f0d-9bb6-66c229b8cd33}] : (POSPrinter) [] -> @c_receiptprinter.inf,%ClassName%;POS Receipt Printer [HKLM\SYSTEM\CurrentControlSet\Control\Class\{ca3e7ab9-b4c3-4ae6-8251-579ef933890f}] : (Camera) [] -> @c_camera.inf,%ClassDesc%;Cameras [HKLM\SYSTEM\CurrentControlSet\Control\Class\{cdcf0939-b75b-4630-bf76-80f7ba655884}] : (CFSMetadataServer) [] -> @c_fscfsmetadataserver.inf,%ClassDesc%;FS CFS metadata server filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{ce5939ae-ebde-11d0-b181-0000f8753ec4}] : (MediumChanger) [] -> @%SystemRoot%\System32\StorProp.dll,-17003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d02bc3da-0c8e-4945-9bd5-f1883c226c8c}] : (SecurityEnhancer) [] -> @c_fssecurityenhancer.inf,%ClassDesc%;FS Security enhancer filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d421b08e-6d16-41ca-9c4d-9147e5ac98e0}] : (Miracast) [] -> @miradisp.inf,%ClassName%;Miracast display devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d48179be-ec20-11d1-b6b8-00c04fa372a7}] : (SBP2) [] -> @%SystemRoot%\System32\SysClass.Dll,-3017 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d546500a-2aeb-45f6-9482-f4b1799c3177}] : (HSM) [] -> @c_fshsm.inf,%ClassDesc%;FS HSM filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d612553d-06b1-49ca-8938-e39ef80eb16f}] : (Holographic) [] -> @c_holographic.inf,%ClassName%;Mixed Reality devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d61ca365-5af4-4486-998b-9db4734c6ca3}] : (XnaComposite) [] -> @xusb22.inf,%XUSB22.ClassName%;Xbox 360 Peripherals [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d94ee5d8-d189-4994-83d2-f68d7d41b0e6}] : (SecurityDevices) [] -> @%SystemRoot%\System32\SysClass.Dll,-3020 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{db4f6ddd-9c0e-45e4-9597-78dbbad0f412}] : (SmartCardFilter) [] -> @%SystemRoot%\System32\SysClass.DLL,-3032 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e0cbf06c-cd8b-4647-bb8a-263b43f0f974}] : (Bluetooth) [] -> @%SystemRoot%\system32\bthci.dll,-4001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e2f84ce7-8efa-411c-aa69-97454ca4cb57}] : (Extension) [] -> @c_extension.inf,%ClassDesc%;Extensions [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e55fa6f9-128c-4d04-abab-630c74b1453a}] : (Infrastructure) [] -> @c_fsinfrastructure.inf,%ClassDesc%;FS Infrastructure filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e6f1aa1c-7f3b-4473-b2e8-c97d8ac71d53}] : (UCM) [] -> @c_ucm.inf,%ClassDesc%;USB Connector Managers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{eb781aaf-9c70-4523-a5df-642a87eca567}] : (libusb-win32 devices) [] -> libusb-win32 devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{eec5ad98-8080-425f-922a-dabf3de3f69a}] : (WPD) [] -> @%SystemRoot%\System32\wpd_ci.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f2e7dd72-6468-4e36-b6f1-6488f42c1b52}] : (Firmware) [] -> @c_firmware.inf,%ClassDesc%;Firmware [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f3586baf-b5aa-49b5-8d6c-0569284c639f}] : (Compression) [] -> @c_fscompression.inf,%ClassDesc%;FS Compression filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f75a86c0-10d8-4c3a-b233-ed60e4cdfaac}] : (Virtualization) [] -> @c_fsvirtualization.inf,%ClassDesc%;FS Virtualization filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f8ecafa6-66d1-41a5-899b-66585d7216b7}] : (OpenFileBackup) [] -> @c_fsopenfilebackup.inf,%ClassDesc%;FS Open file backup filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{fe8f1572-c67a-48c0-bbac-0b5c6d66cafb}] : (Undelete) [] -> @c_fsundelete.inf,%ClassDesc%;FS Undelete filters [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5] -> elstrans.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) ---------- | Loaded modules (whitelist) [27/11/2015 10:10:12] - (2.0.0.21) - (Windows (R) Win 7 DDK provider - fsmon driver) - C:\WINDOWS\System32\DRIVERS\FBFsmon.sys [27/11/2015 10:10:12] - (2.0.0.21) - (Windows (R) Win 7 DDK provider - HDD Accelerator Driver) - C:\WINDOWS\System32\DRIVERS\Fastboot.sys [26/06/2019 19:42:50] - (1.0.1.2) - (Digital Communications Inc - Segurazo Kernel Driver) - C:\Program Files (x86)\Segurazo\SegurazoKD.sys [21/04/2016 11:10:04] - (9.0.0.21) - (The OpenVPN Project - TAP-Windows Virtual Network Driver (NDIS 6.0)) - C:\WINDOWS\System32\drivers\tap0901.sys [21/05/2015 04:53:12] - (1.2.2.1076) - (BayHubTech/O2Micro - BayHubTech/O2Micro SD Reader Driver For Win8) - C:\WINDOWS\System32\drivers\O2FJ2x64.sys [15/06/2015 12:11:21] - (1.5.0.14) - (Lenovo Corporation - ACPI Virtual Power Controller Driver) - C:\WINDOWS\System32\drivers\AcpiVpc.sys [01/04/2016 19:07:49] - (19.0.17.57) - (Synaptics Incorporated - Synaptics Touchpad Win64 Driver) - C:\WINDOWS\system32\DRIVERS\SynTP.sys [01/04/2016 19:07:54] - (19.0.17.57) - (Synaptics Incorporated - Synaptics I2C Driver) - C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys [20/08/2019 22:11:26] - (5.4.3.6711) - (EnigmaSoft Limited - SpyHunter Guard) - C:\WINDOWS\system32\drivers\EnigmaFileMonDriver.sys ---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service S0 - [Kernel Driver] - 3ware () -> System32\drivers\3ware.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - ACPI (@acpi.inf,%ACPI.SvcDesc%;Microsoft ACPI Driver) -> System32\drivers\ACPI.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - acpiex (Microsoft ACPIEx Driver) -> System32\Drivers\acpiex.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - ADP80XX () -> System32\drivers\ADP80XX.SYS - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdsata () -> System32\drivers\amdsata.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdsbs () -> System32\drivers\amdsbs.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdxata () -> System32\drivers\amdxata.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - arcsas (@arcsas.inf,%arcsas_ServiceName%;Adaptec SAS/SATA-II RAID Storport's Miniport Driver) -> System32\drivers\arcsas.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - aswArDisk (aswArDisk) -> system32\drivers\aswArDisk.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - aswbidsh (aswbidsh) -> system32\drivers\aswbidsh.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - aswbuniv (aswbuniv) -> system32\drivers\aswbuniv.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - aswElam (aswElam) -> system32\drivers\aswElam.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - aswRvrt (aswRvrt) -> system32\drivers\aswRvrt.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - aswVmm (aswVmm) -> system32\drivers\aswVmm.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - atapi (@mshdc.inf,%idechannel.DeviceDesc%;IDE Channel) -> System32\drivers\atapi.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - b06bdrv (@netbvbda.inf,%vbd_srv_desc%;QLogic Network Adapter VBD) -> System32\drivers\bxvbda.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - bttflt (@virtdisk.inf,%service_desc%;Microsoft Hyper-V VHDPMEM BTT Filter) -> System32\drivers\bttflt.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - cht4iscsi () -> System32\drivers\cht4sx64.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - CLFS (@%SystemRoot%\system32\drivers\clfs.sys,-100) -> System32\drivers\CLFS.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - CNG () -> System32\Drivers\cng.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - Disk (@disk.inf,%disk_ServiceDesc%;Disk Driver) -> System32\drivers\disk.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - ebdrv (@netevbda.inf,%vbd_srv_desc%;QLogic 10 Gigabit Ethernet Adapter VBD) -> System32\drivers\evbda.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - EhStorClass (@%SystemRoot%\system32\drivers\EhStorClass.sys,-100) -> System32\drivers\EhStorClass.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - EhStorTcgDrv (@ehstortcgdrv.inf,%EhStorTcgDrv.Desc%;Microsoft driver for storage devices supporting IEEE 1667 and TCG protocols) -> System32\drivers\EhStorTcgDrv.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - Fastboot (Fastboot) -> System32\DRIVERS\Fastboot.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - FBFsmon (FBFsmon) -> System32\DRIVERS\FBFsmon.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) -> System32\drivers\fileinfo.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) -> system32\drivers\fltmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) -> System32\DRIVERS\fvevol.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - HpSAMD () -> System32\drivers\HpSAMD.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) -> System32\drivers\hwpolicy.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - iaStorA () -> System32\drivers\iaStorA.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - iaStorAVC (@iastorav.inf,%iaStorAVC.DeviceDesc%;Intel Chipset SATA RAID Controller) -> System32\drivers\iaStorAVC.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - iaStorV (@iastorv.inf,%*PNP0600.DeviceDesc%;Intel RAID Controller Windows 7) -> System32\drivers\iaStorV.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - intelide () -> System32\drivers\intelide.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - intelpep (@intelpep.inf,%INTELPEP.SVCDESC%;Intel(R) Power Engine Plug-in Driver) -> System32\drivers\intelpep.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - iorate (@%SystemRoot%\system32\drivers\iorate.sys,-101) -> system32\drivers\iorate.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - isapnp () -> System32\drivers\isapnp.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - ItSas35i () -> System32\drivers\ItSas35i.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - KSecDD () -> System32\Drivers\ksecdd.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - KSecPkg () -> System32\Drivers\ksecpkg.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - LSI_SAS () -> System32\drivers\lsi_sas.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SAS2i () -> System32\drivers\lsi_sas2i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SAS3i () -> System32\drivers\lsi_sas3i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SSS () -> System32\drivers\lsi_sss.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - MbamElam (MbamElam) -> system32\DRIVERS\MbamElam.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasas () -> System32\drivers\megasas.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasas2i () -> System32\drivers\MegaSas2i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasas35i () -> System32\drivers\megasas35i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasr () -> System32\drivers\megasr.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) -> System32\drivers\mountmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - msisadrv () -> System32\drivers\msisadrv.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - Mup (@%systemroot%\system32\drivers\mup.sys,-101) -> System32\Drivers\mup.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - mvumis () -> System32\drivers\mvumis.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) -> system32\drivers\ndis.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - nvraid () -> System32\drivers\nvraid.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - nvstor () -> System32\drivers\nvstor.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) -> System32\drivers\partmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - pci (@pci.inf,%pci_svcdesc%;Pilote de bus PCI) -> System32\drivers\pci.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - pciide () -> System32\drivers\pciide.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - pcmcia () -> System32\drivers\pcmcia.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - pcw (Performance Counters for Windows Driver) -> System32\drivers\pcw.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - pdc (@%SystemRoot%\system32\drivers\pdc.sys,-100) -> system32\drivers\pdc.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - percsas2i () -> System32\drivers\percsas2i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - percsas3i () -> System32\drivers\percsas3i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - Ramdisk (Windows RAM Disk Driver) -> system32\DRIVERS\ramdisk.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - rdyboost (ReadyBoost) -> System32\drivers\rdyboost.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - sbp2port (@sbp2.inf,%sbp2_ServiceDesc%;SBP-2 Transport/Protocol Bus Driver) -> System32\drivers\sbp2port.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - scmbus (@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver) -> System32\drivers\scmbus.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - SgrmAgent (@%SystemRoot%\System32\Drivers\SgrmAgent.sys,-1001) -> system32\drivers\SgrmAgent.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - SiSRaid2 () -> System32\drivers\SiSRaid2.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - SiSRaid4 () -> System32\drivers\sisraid4.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - spaceport (@spaceport.inf,%Spaceport_ServiceDesc%;Storage Spaces Driver) -> System32\drivers\spaceport.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - stexstor () -> System32\drivers\stexstor.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storahci (@mshdc.inf,%storahci_ServiceDescription%;Microsoft Standard SATA AHCI Driver) -> System32\drivers\storahci.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storflt (@wstorflt.inf,%service_desc%;Microsoft Hyper-V Storage Accelerator) -> System32\drivers\vmstorfl.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - stornvme (@stornvme.inf,%StorNVMe_ServiceDesc%;Microsoft Standard NVM Express Driver) -> System32\drivers\stornvme.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storufs (@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver) -> System32\drivers\storufs.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storvsc () -> System32\drivers\storvsc.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - Tcpip (@%SystemRoot%\system32\drivers\tcpip.sys,-10001) -> System32\drivers\tcpip.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - vdrvroot (@vdrvroot.inf,%vdrvroot_svcdesc%;Microsoft Virtual Drive Enumerator) -> System32\drivers\vdrvroot.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - vmbus (@wvmbus.inf,%vmbus.SVCDESC%;Virtual Machine Bus) -> System32\drivers\vmbus.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - volmgr (@volmgr.inf,%volmgr_svcdesc%;Volume Manager Driver) -> System32\drivers\volmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) -> System32\drivers\volmgrx.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volsnap (@%SystemRoot%\system32\drivers\volsnap.sys,-100) -> System32\drivers\volsnap.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volume (@volume.inf,%VolumeServiceDesc%;Volume driver) -> System32\drivers\volume.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - vsmraid () -> System32\drivers\vsmraid.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - VSTXRAID (@vstxraid.inf,%Driver.DeviceDesc%;VIA StorX Storage RAID Controller Windows Driver) -> System32\drivers\vstxraid.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) -> system32\drivers\Wdf01000.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WFPLWFS (@%SystemRoot%\System32\drivers\wfplwfs.sys,-6000) -> System32\drivers\wfplwfs.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WindowsTrustedRT (Windows Trusted Execution Environment Class Extension) -> system32\drivers\WindowsTrustedRT.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WindowsTrustedRTProxy (@WindowsTrustedRTProxy.inf,%WindowsTrustedRTProxy.SVCDESC%;Microsoft Windows Trusted Runtime Secure Service) -> System32\drivers\WindowsTrustedRTProxy.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - Wof (Windows Overlay File System Filter Driver) -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) -> \SystemRoot\system32\drivers\afd.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - afunix (afunix) -> \SystemRoot\system32\drivers\afunix.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - ahcache (@%systemroot%\system32\drivers\ahcache.sys,-102) -> system32\DRIVERS\ahcache.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - aswArPot (aswArPot) -> system32\drivers\aswArPot.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - aswbidsdriver (aswbidsdriver) -> system32\drivers\aswbidsdriver.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - aswHdsKe (aswHdsKe) -> system32\drivers\aswHdsKe.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - aswKbd (aswKbd) -> system32\drivers\aswKbd.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - aswRdr (aswRdr) -> system32\drivers\aswRdr2.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - aswSnx (aswSnx) -> system32\drivers\aswSnx.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - aswSP (aswSP) -> system32\drivers\aswSP.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - bam (@%SystemRoot%\system32\drivers\bam.sys,-100) -> system32\drivers\bam.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - BasicDisplay () -> \SystemRoot\System32\drivers\BasicDisplay.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - BasicRender () -> \SystemRoot\System32\drivers\BasicRender.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Beep (Beep) -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - cdrom (@cdrom.inf,%cdrom_ServiceDesc%;CD-ROM Driver) -> \SystemRoot\System32\drivers\cdrom.sys - AcceptPause: False - AcceptStop: True S1 - [Kernel Driver] - dam (@%SystemRoot%\system32\drivers\dam.sys,-100) -> system32\drivers\dam.sys - AcceptPause: False - AcceptStop: False R1 - [File System Driver] - Dfsc (@%systemroot%\system32\wkssvc.dll,-1008) -> System32\Drivers\dfsc.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - DXGKrnl (LDDM Graphics Subsystem) -> \SystemRoot\System32\drivers\dxgkrnl.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - FileCrypt (@%systemroot%\system32\drivers\filecrypt.sys,-100) -> system32\drivers\filecrypt.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - GpuEnergyDrv (@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100) -> System32\drivers\gpuenergydrv.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - Msfs () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - mssmbios (@mssmbios.inf,%mssmbios_svcdesc%;Microsoft System Management BIOS Driver) -> \SystemRoot\System32\drivers\mssmbios.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - NetBIOS (@%windir%\system32\drivers\netbios.sys,-503) -> system32\drivers\netbios.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - NetBT (@%SystemRoot%\system32\drivers\netbt.sys,-2) -> System32\DRIVERS\netbt.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - Npfs () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - npsvctrig (@npsvctrig.inf,%NPSVCTRIG.SvcDisplayName%;Named pipe service trigger provider) -> \SystemRoot\System32\drivers\npsvctrig.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) -> system32\drivers\nsiproxy.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Null () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Psched (@%windir%\System32\drivers\pacer.sys,-101) -> System32\drivers\pacer.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) -> system32\DRIVERS\rdbss.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - SEGURAZOKD (Segurazo Kernel Driver) -> \??\C:\Program Files (x86)\Segurazo\SegurazoKD.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) -> \SystemRoot\system32\DRIVERS\tdx.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - vwififlt (@%SystemRoot%\System32\drivers\vwififlt.sys,-259) -> System32\drivers\vwififlt.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - aswMonFlt (aswMonFlt) -> system32\drivers\aswMonFlt.sys - AcceptPause: False - AcceptStop: True S2 - [Kernel Driver] - aswStm (aswStm) -> system32\drivers\aswStm.sys - AcceptPause: False - AcceptStop: False R2 - [File System Driver] - CldFlt (Windows Cloud Files Filter Driver) -> system32\drivers\cldflt.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - lltdio (@%SystemRoot%\system32\lltdres.dll,-6) -> system32\drivers\lltdio.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) -> \SystemRoot\system32\drivers\luafv.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - MMCSS (@%systemroot%\system32\drivers\mmcss.sys,-100) -> \SystemRoot\system32\drivers\mmcss.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - MsLldp (@%SystemRoot%\system32\drivers\mslldp.sys,-200) -> system32\drivers\mslldp.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - Ndu (@%SystemRoot%\system32\drivers\Ndu.sys,-10001) -> system32\drivers\Ndu.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - PEAUTH (PEAUTH) -> system32\drivers\peauth.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - rspndr (@%SystemRoot%\system32\lltdres.dll,-5) -> system32\drivers\rspndr.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - srv (@%systemroot%\system32\srvsvc.dll,-102) -> System32\DRIVERS\srv.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - storqosflt (@%SystemRoot%\System32\drivers\storqosflt.sys,-101) -> system32\drivers\storqosflt.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - tcpipreg (TCP/IP Registry Compatibility) -> System32\drivers\tcpipreg.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - wanarp (@%systemroot%\system32\mprmsg.dll,-32011) -> System32\DRIVERS\wanarp.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - wcifs (@%systemroot%\system32\drivers\wcifs.sys,-100) -> \SystemRoot\system32\drivers\wcifs.sys - AcceptPause: False - AcceptStop: True ---------- | System files (Microsoft|Avast|Atheros|Adaptec|Brother|Intel Files whitelisted) ---------- | Uninstall (Whitelist) [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\ea907108667957baa834ba192536edc5] : (.-.) -> [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MiKTeX 2.9] : (MiKTeX 2.9.-.MiKTeX.org) -> "C:\Users\julie\AppData\Local\Programs\MiKTeX 2.9\miktex/bin/x64/internal\copystart.exe" "C:\Users\julie\AppData\Local\Programs\MiKTeX 2.9\miktex/bin/x64/internal\uninstall.exe" [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Python 3.6.1 (Anaconda3 4.4.0 64-bit)] : (Python 3.6.1 (Anaconda3 4.4.0 64-bit).-.Continuum Analytics, Inc.) -> "C:\Users\julie\Anaconda3\Uninstall-Anaconda.exe" [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{6eff7515-4ac5-4b28-9bad-42838a904259}] : (Qt.-.The Qt Company Ltd) -> C:\Qt\MaintenanceTool.exe [HKU\S-1-5-21-313941316-4192098390-2314814383-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{DA553295-8AD5-E315-3B55-9395EBD54015}] : (Search Powered by Yahoo!.-.) -> "C:\Users\julie\AppData\Local\{6EC0589C-4A68-3424-27F0-11CC0398ED54}\uninst.exe" -P=/Uninstall /s /noun /DelSelfDir /sfl=0Czx1Y0U1B1P1C1B1Y1K2Y1I1L1P1Y0A1E1E0D1T2Z1T1Y0L1F1R1T1I1Y2SyC0E0CtDyDzzzy0CtGyE0AyCzztGtAyEtByEtGtByB0FtDtGtCtC0C0CtDtAzyzz0E0DyDyE2Q1Y2Z1P1B1T1G1L /sfns=2StCyE0FtA0CtC0DzztGtC0CyCyBtG0FyE0EzztGyCzztA0AtGtC0EtCzyyEtCyByB0F0EzztC2Q [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{011a1545-816e-4bfd-9bd5-5b80bf75f55f}] : (Intel(R) PRO/Wireless Driver.-.Intel Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{18F418B0-A89F-4751-9541-9F48CF3CDB2A}] : (Intel(R) Management Engine Components.-.Intel Corporation) -> MsiExec.exe /I{18F418B0-A89F-4751-9541-9F48CF3CDB2A} ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{205AE40D-8AD7-4F29-A430-DD2168DA562D}] : (Intel(R) Rapid Storage Technology.-.Intel Corporation) -> MsiExec.exe /I{205AE40D-8AD7-4F29-A430-DD2168DA562D} ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{30E935B2-0DAC-455E-AC76-3C8504DC3D18}] : (Intel(R) Serial IO.-.Intel Corporation) -> MsiExec.exe /I{30E935B2-0DAC-455E-AC76-3C8504DC3D18} ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{37D41A97-6B02-4C30-8753-85107BE1D674}] : (Intel® RealSense™ SDK 2014 Runtime (x64): Core.-.Intel Corporation) -> MsiExec.exe /X{37D41A97-6B02-4C30-8753-85107BE1D674} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{526002E5-7D5B-4703-A4E3-BA566AED5D8A}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{52753916-613B-4455-8022-A146CC17B1F6}] : (Lenovo Solution Center.-.Lenovo) -> MsiExec.exe /X{52753916-613B-4455-8022-A146CC17B1F6} ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{55398EAC-F58E-4F19-B553-BDF8B9EFD839}] : (Intel(R) Chipset Device Software.-.Intel Corporation) -> MsiExec.exe /I{55398EAC-F58E-4F19-B553-BDF8B9EFD839} ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{61D0924A-4791-4AD5-B6C6-38E3420B6D53}] : (Intel® PROSet/Wireless WiFi Software.-.Intel Corporation) -> MsiExec.exe /I{61D0924A-4791-4AD5-B6C6-38E3420B6D53} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{6A478BF2-F67F-4ABC-A7F1-B6B5BA862371}] : (Dolby Audio X2 Windows API SDK.-.Dolby Laboratories, Inc.) -> MsiExec.exe /X{6A478BF2-F67F-4ABC-A7F1-B6B5BA862371} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{7DA57EF8-9D20-4126-AF15-D0CC97D0C017}] : (Dolby Audio X2 Windows APP.-.Dolby Laboratories, Inc.) -> MsiExec.exe /X{7DA57EF8-9D20-4126-AF15-D0CC97D0C017} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{8D2C871B-1B9F-45AC-9C43-2BB18089CDFA}] : (Lenovo QuickOptimizer.-.Lenovo) -> MsiExec.exe /X{8D2C871B-1B9F-45AC-9C43-2BB18089CDFA} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{90150000-008F-0000-1000-0000000FF1CE}] : (.-.) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{9B445C3B-9E6D-47E6-9A62-A693B6A224B0}] : (Intel(R) ME UninstallLegacy.-.Intel Corporation) -> MsiExec.exe /I{9B445C3B-9E6D-47E6-9A62-A693B6A224B0} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{A5591EC4-8AD6-48EE-9F8D-FACFA8BA4E35}] : (.-.) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{A6668863-B0A3-4812-AAF2-E47749ECFE0E}] : (O2Micro Flash Memory Card Windows Driver.-.O2Micro International LTD.) -> MsiExec.exe /X{A6668863-B0A3-4812-AAF2-E47749ECFE0E} ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{C1424923-74F7-4399-B9D9-5F72FB1B9481}] : (Intel(R) Biometric and Context Agent.-.Intel Corporation) -> MsiExec.exe /X{C1424923-74F7-4399-B9D9-5F72FB1B9481} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{C2E5CA37-C862-4A69-AC6D-24F450A20C16}] : (Lenovo System Interface Foundation.-.Lenovo) -> MsiExec.exe /X{C2E5CA37-C862-4A69-AC6D-24F450A20C16} ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{C3F24413-3E29-4979-A195-DEEB56F29B2A}] : (Intel(R) Biometric and Context Agent Redistributables.-.Intel Corporation) -> MsiExec.exe /X{C3F24413-3E29-4979-A195-DEEB56F29B2A} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{CBEDEC16-C4F5-4255-99E4-5884EFEDD1BC}] : (.-.) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{D559687A-60C5-4786-9429-C21EC195789D}] : (ANT Drivers Installer x64.-.Garmin Ltd or its subsidiaries) -> MsiExec.exe /I{D559687A-60C5-4786-9429-C21EC195789D} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{E6D505B9-1A18-4F67-9BE0-D37B5164D581}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Geany] : (Geany 1.27.-.The Geany developer team) -> C:\Program Files (x86)\Geany\uninst.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield Uninstall Information] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallWIX_{1CF84962-50F8-48CA-9082-B70F3A02C686}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\VPython for Python 2.7_is1] : (VPython 6.11.-.) -> "C:\Users\julie\Desktop\AnaCPP\New Folder\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{0BF90608-2F95-4C7C-9A85-E90E0CAF4FE9}] : (Elevated Installer.-.Garmin Ltd or its subsidiaries) -> MsiExec.exe /I{0BF90608-2F95-4C7C-9A85-E90E0CAF4FE9} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{0DEAF472-5D5C-4489-B7C4-F01E139A67B9}] : (IDS uEye.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{18AB01BA-71A6-4F0A-A01F-CF4A8216B369}] : (Lenovo Product Demo.-.Lenovo) -> MsiExec.exe /I{18AB01BA-71A6-4F0A-A01F-CF4A8216B369} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{194D7B5E-8A68-4354-9152-168F21E3D027}] : (TunnelBear.-.TunnelBear) -> MsiExec.exe /I{194D7B5E-8A68-4354-9152-168F21E3D027} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F32180161F0}] : (Java 8 Update 161.-.Oracle Corporation) -> MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F32180161F0} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F32180201F0}] : (Java 8 Update 201.-.Oracle Corporation) -> MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F32180201F0} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{4532E4C5-C84D-4040-A044-ECFCC5C6995B}] : (REACHit.-.Lenovo) -> MsiExec.exe /X{4532E4C5-C84D-4040-A044-ECFCC5C6995B} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}] : (Java Auto Updater.-.Oracle Corporation) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{4C870971-EEC6-4BD4-A163-94E20E593986}] : (VSTax 2018.-.Abraxas Informatik AG) -> MsiExec.exe /X{4C870971-EEC6-4BD4-A163-94E20E593986} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{588DA478-D4FF-48E3-8290-49F8C4B21283}] : (Intel(R) Wireless Bluetooth(R).-.Intel Corporation) -> MsiExec.exe /I{588DA478-D4FF-48E3-8290-49F8C4B21283} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}] : (Google Update Helper.-.Google LLC) -> MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}] : (LenovoUtility.-.Lenovo) -> MsiExec.exe /I{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{90150000-008C-0000-0000-0000000FF1CE}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{90150000-008C-040C-0000-0000000FF1CE}] : (.-.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{95D0EADA-5123-41C0-931A-F37946BC0E8E}] : (Garmin Express.-.Garmin Ltd or its subsidiaries) -> MsiExec.exe /I{95D0EADA-5123-41C0-931A-F37946BC0E8E} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}] : (Avast Update Helper.-.AVAST Software) -> MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-0804-1033-1959-000182420219}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-0804-1033-1959-001824184103}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-0804-1033-1959-001824191728}] : (.-.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-0804-1033-1959-001824341201}] : (Adobe Refresh Manager.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-0804-1033-1959-001824341201} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}] : (Adobe Acrobat Reader DC - Français.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-AC0F074E4100} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}] : (Metric Collection SDK 35.-.Lenovo Group Limited) -> MsiExec.exe /X{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{DDAA788F-52E6-44EA-ADB8-92837B11BF26}] : (Metric Collection SDK.-.Lenovo Group Limited) -> MsiExec.exe /X{DDAA788F-52E6-44EA-ADB8-92837B11BF26} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{DE463D00-04BC-4766-904F-DD2148F7CB7B}] : (VSTax 2017.-.Abraxas Informatik AG) -> MsiExec.exe /X{DE463D00-04BC-4766-904F-DD2148F7CB7B} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}] : (Lenovo EasyCamera.-.Realtek Semiconductor Corp.) -> C:\WINDOWS\RtCamU64.exe /u /s ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}] : (User Manuals.-.Lenovo) -> MsiExec.exe /X{F07C2CF8-4C53-4EC3-8162-A6221E36EB88} ---------- | Ports ---------- | Installer [HKCR\Installer\Products\00006109C80000000000000000F01FEC] : Office 16 Click-to-Run Extensibility Component [HKCR\Installer\Products\00006109C800C0400000000000F01FEC] : Office 16 Click-to-Run Localization Component [HKCR\Installer\Products\00006109DD0000000100000000F01FEC] : Office 16 Click-to-Run Extensibility Component 64-bit Registration [HKCR\Installer\Products\00006109F80000000100000000F01FEC] : Office 16 Click-to-Run Licensing Component [HKCR\Installer\Products\00D364EDCB40667409F4DD12847FBCB7] : VSTax 2017 -> C:\WINDOWS\Installer\{DE463D00-04BC-4766-904F-DD2148F7CB7B}\icon.ico [HKCR\Installer\Products\0B5B5B2C545249E44BAB45D8B40F1B69] : Metric Collection SDK 35 [HKCR\Installer\Products\0B814F81F98A15745914F984FCC3BDA2] : Intel(R) Management Engine Components [HKCR\Installer\Products\1616DA6174E21FB4AA779064FE9EE380] : Update for Windows 10 for x64-based Systems (KB4023057) [HKCR\Installer\Products\179078C46CEE4DB41A36492EE0959368] : VSTax 2018 -> C:\WINDOWS\Installer\{4C870971-EEC6-4BD4-A163-94E20E593986}\icon.ico [HKCR\Installer\Products\2B539E03CAD0E554CA67C35840CDD381] : Intel(R) Serial IO [HKCR\Installer\Products\2FB874A6F76FCBA47A1F6B5BAB683217] : Dolby Audio X2 Windows API SDK -> C:\WINDOWS\Installer\{6A478BF2-F67F-4ABC-A7F1-B6B5BA862371}\DolbyBlue.exe [HKCR\Installer\Products\31442F3C92E397941A59EDBE652FB9A2] : Intel(R) Biometric and Context Agent Redistributables [HKCR\Installer\Products\3294241C7F4799349B9DF527BFB14918] : Intel(R) Biometric and Context Agent [HKCR\Installer\Products\3688666A3A0B2184AA2F4E7794CEEFE0] : O2Micro Flash Memory Card Windows Driver -> C:\Windows\Installer\{A6668863-B0A3-4812-AAF2-E47749ECFE0E}\ARPPRODUCTICON.exe [HKCR\Installer\Products\421D4F645E0221D4EB25CE71A7A7B424] : OneKey Recovery -> C:\Windows\Installer\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}\ARPPRODUCTICON.exe [HKCR\Installer\Products\4EA42A62D9304AC4784BF2238110160F] : Java 8 Update 161 -> C:\Program Files (x86)\Java\jre1.8.0_161\\bin\javaws.exe [HKCR\Installer\Products\4EA42A62D9304AC4784BF2238120100F] : Java 8 Update 201 -> C:\Program Files (x86)\Java\jre1.8.0_201\\bin\javaws.exe [HKCR\Installer\Products\5451A110E618DFB4B95DB508FB575FF5] : Intel(R) PRO/Wireless Driver -> C:\Windows\Installer\{011A1545-816E-4BFD-9BD5-5B80BF75F55F}\ARPPRODUCTICON.exe [HKCR\Installer\Products\5C4E2354D48C04040A44CECF5C6C99B5] : REACHit -> C:\Windows\Installer\{4532E4C5-C84D-4040-A044-ECFCC5C6995B}\ARPPRODUCTICON.exe [HKCR\Installer\Products\61935725B316554408221A64CC711B6F] : Lenovo Solution Center -> C:\WINDOWS\Installer\{52753916-613B-4455-8022-A146CC17B1F6}\ARPPRODUCTICON.exe [HKCR\Installer\Products\68AB67CA408033019195008142432110] : Adobe Refresh Manager -> C:\WINDOWS\Installer\{AC76BA86-0804-1033-1959-001824341201}\ARPPRODUCTICON.exe [HKCR\Installer\Products\68AB67CA7DA76301B744CAF070E41400] : Adobe Acrobat Reader DC - Français -> C:\Windows\Installer\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}\SC_Reader.ico [HKCR\Installer\Products\73AC5E2C268C96A4CAD6424F052AC061] : Lenovo System Interface Foundation -> C:\Windows\Installer\{C2E5CA37-C862-4A69-AC6D-24F450A20C16}\ARPPRODUCTICON.exe [HKCR\Installer\Products\79A14D7320B603C478355801B71E6D47] : Intel® RealSense™ SDK 2014 Runtime (x64): Core -> C:\Windows\Installer\{37D41A97-6B02-4C30-8753-85107BE1D674}\arp.ico [HKCR\Installer\Products\80609FB059F2C7C4A9589EE0C0FAF49E] : Elevated Installer -> C:\WINDOWS\Installer\{0BF90608-2F95-4C7C-9A85-E90E0CAF4FE9}\express.ico [HKCR\Installer\Products\874AD885FF4D3E842809948F4C2B2138] : Intel(R) Wireless Bluetooth(R) -> C:\Windows\Installer\{588DA478-D4FF-48E3-8290-49F8C4B21283}\IntelBluetooth.ico [HKCR\Installer\Products\88E7ADA661D8D0D4CB09B239CAE565AD] : LenovoUtility -> C:\Windows\Installer\{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}\ARPPRODUCTICON.exe [HKCR\Installer\Products\8FC2C70F35C43CE418266A22E163BE88] : User Manuals -> C:\Windows\Installer\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}\ARPPRODUCTICON.exe [HKCR\Installer\Products\8FE75AD702D96214FA510DCC790D0C71] : Dolby Audio X2 Windows APP -> C:\WINDOWS\Installer\{7DA57EF8-9D20-4126-AF15-D0CC97D0C017}\DolbyBlue.exe [HKCR\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E] : Avast Update Helper [HKCR\Installer\Products\99E80CA9B0328e74791254777B1F42AE] : [HKCR\Installer\Products\A089CE062ADB6BC44A720BA745894BAC] : Google Update Helper [HKCR\Installer\Products\A4290D1619745DA46B6C833E24B0D635] : Intel® PROSet/Wireless WiFi Software -> C:\Windows\Installer\{61D0924A-4791-4AD5-B6C6-38E3420B6D53}\ARPPRODUCTICON.exe [HKCR\Installer\Products\A65C49CB9463C0247865A2EDEB93D933] : [HKCR\Installer\Products\A786955D5C06687449922CE11C5987D9] : ANT Drivers Installer x64 [HKCR\Installer\Products\AB10BA816A17A0F40AF1FCA428613B96] : Lenovo Product Demo -> C:\Windows\Installer\{18AB01BA-71A6-4F0A-A01F-CF4A8216B369}\_853F67D554F05449430E7E.exe [HKCR\Installer\Products\ADAE0D5932150C1439A13F9764CBE0E8] : Garmin Express [HKCR\Installer\Products\B178C2D8F9B1CA54C934B21B0898DCAF] : Lenovo QuickOptimizer -> C:\Windows\Installer\{8D2C871B-1B9F-45AC-9C43-2BB18089CDFA}\ARPPRODUCTICON.exe [HKCR\Installer\Products\B3C544B9D6E96E74A9266A396B2A420B] : Intel(R) ME UninstallLegacy [HKCR\Installer\Products\CAE89355E85F91F45B35DB8F9BFE8D93] : Intel(R) Chipset Device Software [HKCR\Installer\Products\D04EA5027DA892F44A03DD1286AD65D2] : Intel(R) Rapid Storage Technology [HKCR\Installer\Products\E5B7D49186A84534192561F8123E0D72] : TunnelBear [HKCR\Installer\Products\F60730A4A66673047777F5728467D401] : Java Auto Updater [HKCR\Installer\Products\F887AADD6E25AE44DA8B2938B711FB62] : Metric Collection SDK ---------- | Drives ---------- | MBR 64 bits not supported by MBR.exe, Dump : C:\QuickDiag\MBR.Bin ---------- | 20 LastEventLog Le programme QuickDiag.exe version 27.2.19.1 a cessé d'interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l'historique du problème dans le panneau de configuration Sécurité et maintenance. ID de processus : 1be0 Heure de début : 01d559b1b13686e4 Heure de fin : 4294967295 Chemin d'accès de l'application : C:\Users\julie\Downloads\QuickDiag.exe ID de rapport : cabff714-9f1f-48d8-af6f-bec3499874cc Nom complet du package défaillant : ID de l'application relative au package défaillant : ------------ La création du contexte d’activation a échoué pour « C:\Users\julie\AppData\Local\chromium\Application\chrome.exe ». Assembly dépendant 58.0.3014.0,language="*",type="win32",version="58.0.3014.0" introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé. ------------ Impossible d’ajouter le couple de modifications codé en dur « http -> http » au moteur : Non implémenté. Le vérificateur d’orthographe reste disponible. ------------ Product: Google Update Helper -- Error 1316. Le compte spécifié existe déjà. ------------ Impossible d’ajouter le couple de modifications codé en dur « http -> http » au moteur : Non implémenté. Le vérificateur d’orthographe reste disponible. ------------ La création du contexte d’activation a échoué pour « C:\Users\julie\AppData\Local\chromium\Application\chrome.exe ». Assembly dépendant 58.0.3014.0,language="*",type="win32",version="58.0.3014.0" introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé. ------------ La création du contexte d’activation a échoué pour « C:\Users\julie\AppData\Local\chromium\Application\chrome.exe ». Assembly dépendant 58.0.3014.0,language="*",type="win32",version="58.0.3014.0" introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé. ------------ Nom de l’application défaillante mbamservice.exe, version : 3.2.0.845, horodatage : 0x5d10ed55 Nom du module défaillant : ntdll.dll, version : 10.0.17134.799, horodatage : 0x7f828745 Code d’exception : 0xc0000005 Décalage d’erreur : 0x0000000000024989 ID du processus défaillant : 0x10e8 Heure de début de l’application défaillante : 0x01d559a294040cd9 Chemin d’accès de l’application défaillante : C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe Chemin d’accès du module défaillant: C:\WINDOWS\SYSTEM32\ntdll.dll ID de rapport : 36be1d2d-d425-4519-bf41-35bf3f1686f8 Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Le programme adwcleaner_7.4.exe version 7.4.0.0 a cessé d'interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l'historique du problème dans le panneau de configuration Sécurité et maintenance. ID de processus : c20 Heure de début : 01d559a6b60ef74c Heure de fin : 4294967295 Chemin d'accès de l'application : C:\Users\julie\Downloads\adwcleaner_7.4.exe ID de rapport : 8e17e495-9aa6-4ed6-87aa-0f85583c7806 Nom complet du package défaillant : ID de l'application relative au package défaillant : ------------ Impossible d’ajouter le couple de modifications codé en dur « http -> http » au moteur : Non implémenté. Le vérificateur d’orthographe reste disponible. ------------ Product: Google Update Helper -- Error 1316. Le compte spécifié existe déjà. ------------ Impossible d’ajouter le couple de modifications codé en dur « http -> http » au moteur : Non implémenté. Le vérificateur d’orthographe reste disponible. ------------ ------------ Échec de la sauvegarde. Raison : une erreur d'écriture s'est produite à l'emplacement de sauvegarde (E:\). Erreur : Emplacement de sauvegarde introuvable ou non valide. Vérifiez-le en passant en revue vos paramètres de sauvegarde. (0x81000006). ------------ La création du contexte d’activation a échoué pour « C:\Users\julie\AppData\Local\chromium\Application\chrome.exe ». Assembly dépendant 58.0.3014.0,language="*",type="win32",version="58.0.3014.0" introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé. ------------ Nom de l’application défaillante SegurazoService.exe, version : 1.0.13.4, horodatage : 0x5d38953d Nom du module défaillant : unknown, version : 0.0.0.0, horodatage : 0x00000000 Code d’exception : 0x00000000 Décalage d’erreur : 0x00007ffad0db69a9 ID du processus défaillant : 0x100c Heure de début de l’application défaillante : 0x01d55934c76c3c0a Chemin d’accès de l’application défaillante : C:\Program Files (x86)\Segurazo\SegurazoService.exe Chemin d’accès du module défaillant: unknown ID de rapport : 280ca80e-b78f-4f1c-96bc-b1fadb2a8006 Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ La création du contexte d’activation a échoué pour « C:\Users\julie\AppData\Local\chromium\Application\chrome.exe ». Assembly dépendant 58.0.3014.0,language="*",type="win32",version="58.0.3014.0" introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé. ------------ Windows ne parvient pas à charger la DLL de compteur extensible rdyboost. Le premier mot (DWORD) de la section Données contient le code d’erreur Windows. ------------ Échec de la procédure d’ouverture pour le service « BITS » dans la DLL « C:\Windows\System32\bitsperf.dll ». Les données de performance de ce service ne seront pas disponibles. Le premier mot (DWORD) de la section Données contient le code d’erreur. ------------ ----------( EOF)---------- - 4674 | 15:52:13