--------------- QuickDiag | g3n-h@ckm@n | V5_25.08.19.1 --------------- ----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 01/09/2019 19:46:14 Updated 25/08/2019 | 15:30 (GMT) by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Time Zone : (UTC+01:00) Bruxelles, Copenhague, Madrid, Paris [overd (Administrator)] - [DESKTOP-L79GNMF] (S-1-5-21-3426031793-651430910-2054641259-1001) System: Microsoft Windows 10 Professionnel - - (10.0.17134) - BuildType: Multiprocessor Free - OSLanguage: 1036 (040c) -> (1803) System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True Boot : Microsoft Windows 10 Professionnel|C:\WINDOWS|\Device\Harddisk1\Partition4 Boot : Normal boot PC: 80WK - LENOVO - IdNumber: PF1115F3 - UUID: AB1A944A-E0AB-11E7-8A95-54E1ADF378E5 Processor : X64 - 2496 Mhz - Intel(R) Core(TM) i5-7300HQ CPU @ 2.50GHz 4KCN40WW - en|US|iso8859-1,0 - LENOVO - S/N: PF1115F3 - 4KCN40WW - LENOVO - 1 CoreTemp : ? Celsius ----------| Quick ---------- | SoundDevice Son Intel(R) pour écrans - Status: OK - Manufacturer: Intel(R) Corporation - PNPDeviceID: HDAUDIO\FUNC_01&VEN_8086&DEV_280B&SUBSYS_80860101&REV_1000\4&BC7FF4&0&0201 Realtek High Definition Audio - Status: OK - Manufacturer: Realtek - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0235&SUBSYS_17AA3844&REV_1000\4&BC7FF4&0&0001 NVIDIA Virtual Audio Device (Wave Extensible) (WDM) - Status: OK - Manufacturer: NVIDIA - PNPDeviceID: ROOT\UNNAMED_DEVICE\0000 ---------- | Video NVIDIA GeForce GTX 1050 - Resolution: x - Colors: - RefreshRate: - Bits Per Pixel - DeviceID: VideoController1 - Drivers: C:\WINDOWS\System32\DriverStore\FileRepository\nvlti.inf_amd64_7d75ec06a1da16da\nvldumdx.dll,C:\WINDOWS\System32\DriverStore\FileRepository\nvlti.inf_amd64_7d75ec06a1da16da\nvldumdx.dll,C:\WINDOWS\System32\DriverStore\FileRepository\nvlti.inf_amd64_7d75ec06a1da16da\nvldumdx.dll,C:\WINDOWS\System32\DriverStore\FileRepository\nvlti.inf_amd64_7d75ec06a1da16da\nvldumdx.dll - PNPDeviceID: PCI\VEN_10DE&DEV_1C8D&SUBSYS_39D117AA&REV_A1\4&2574EA12&0&0008 - AdapterCompatibility: NVIDIA - RAM: -2147483648 Intel(R) HD Graphics 630 - Resolution: 1920x1080 - Colors: 4294967296 - RefreshRate: 60 - 32 Bits Per Pixel - DeviceID: VideoController2 - Drivers: C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9dc776be3e13ad6d\igdumdim64.dll,C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9dc776be3e13ad6d\igd10iumd64.dll,C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9dc776be3e13ad6d\igd10iumd64.dll,C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9dc776be3e13ad6d\igd12umd64.dll - PNPDeviceID: PCI\VEN_8086&DEV_591B&SUBSYS_39D117AA&REV_04\3&11583659&0&10 - AdapterCompatibility: Intel Corporation - RAM: 1073741824 Inegrated Video Chipset DeviceName: NVIDIA GeForce GTX 1050 - DriverVersion: 26.21.14.3039 - SpecificationVersion: 1025 ---------- | Codecs c:\windows\system32\imaadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 36264 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\l3codeca.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 86016 - Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK c:\windows\system32\msvidc32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 39424 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\iyuv_32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 53760 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\tsbyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 16896 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msgsm32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 42480 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 28160 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 34696 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msg711.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 25408 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msrle32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 17920 - Manufacturer: Microsoft Corporation - Status: OK ---------- | CPU CPU #1 value:0 % CPU #2 value:0 % CPU #3 value:0 % CPU #4 value:0 % Total Overall CPU Usage value:0 % ---------- | Network Realtek PCIe GBE Family Controller : SENT:204,364 bytes/sec / RECVD:204,364 bytes/sec Intel[R] Dual Band Wireless-AC 3165 : SENT:0 bytes/sec / RECVD:0 bytes/sec Overall -> SEND Maxium:204,364 bytes/sec, / RECEIVE Maximum:204,364 bytes/sec Microsoft Kernel Debug Network Adapter - - Microsoft - Status: - PnPID : ROOT\KDNIC\0000 Realtek PCIe GBE Family Controller - Ethernet 802.3 - Realtek - Status: - PnPID : PCI\VEN_10EC&DEV_8168&SUBSYS_388417AA&REV_10\4&C30FDCB&0&00E3 Intel(R) Dual Band Wireless-AC 3165 - Ethernet 802.3 - Intel Corporation - Status: - PnPID : PCI\VEN_8086&DEV_3166&SUBSYS_42108086&REV_99\60F677FFFFA1CA1100 Microsoft Wi-Fi Direct Virtual Adapter - Ethernet 802.3 - Microsoft - Status: - PnPID : {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP_WFD\5&24F7EB7C&0&11 Bluetooth Device (RFCOMM Protocol TDI) - - Microsoft - Status: - PnPID : BTH\MS_RFCOMM\6&396464B6&0&0 Bluetooth Device (Personal Area Network) - Ethernet 802.3 - Microsoft - Status: - PnPID : BTH\MS_BTHPAN\6&396464B6&0&2 Microsoft Wi-Fi Direct Virtual Adapter #2 - Ethernet 802.3 - Microsoft - Status: - PnPID : {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP_WFD\5&24F7EB7C&0&12 WAN Miniport (SSTP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_SSTPMINIPORT WAN Miniport (IKEv2) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_AGILEVPNMINIPORT WAN Miniport (L2TP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_L2TPMINIPORT WAN Miniport (PPTP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_PPTPMINIPORT WAN Miniport (PPPOE) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_PPPOEMINIPORT WAN Miniport (IP) - Ethernet 802.3 - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_NDISWANIP WAN Miniport (IPv6) - Ethernet 802.3 - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_NDISWANIPV6 WAN Miniport (Network Monitor) - Ethernet 802.3 - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_NDISWANBH RAS Async Adapter - - - Status: - PnPID : ---------- | Memory RAM = Total (MB) : 8278 | Free (MB) : 5999 Pagefile = Total (MB) : 10244 | Free (MB) : 6946 Virtual = Total (MB) : 4194 | Free (MB) : 3902 Physical Memory 0 : Capacity: 8589934592 - ChannelA-DIMM0 - Posit.: 1 - Manufacturer: SK Hynix - PartNumber: HMA81GS6AFR8N-UH - S/N: 2AE98640 ---------- | SID Users Administrateur : [S-1-5-21-3426031793-651430910-2054641259-500] DefaultAccount : [S-1-5-21-3426031793-651430910-2054641259-503] Invité : [S-1-5-21-3426031793-651430910-2054641259-501] overd : [S-1-5-21-3426031793-651430910-2054641259-1001] WDAGUtilityAccount : [S-1-5-21-3426031793-651430910-2054641259-504] Administrateurs : [S-1-5-32-544] Administrateurs Hyper-V : [S-1-5-32-578] Duplicateurs : [S-1-5-32-552] IIS_IUSRS : [S-1-5-32-568] Invités : [S-1-5-32-546] Lecteurs des journaux d’événements : [S-1-5-32-573] Opérateurs d'assistance de contrôle d'accès : [S-1-5-32-579] Opérateurs de chiffrement : [S-1-5-32-569] Opérateurs de configuration réseau : [S-1-5-32-556] Opérateurs de sauvegarde : [S-1-5-32-551] System Managed Accounts Group : [S-1-5-32-581] Utilisateurs : [S-1-5-32-545] Utilisateurs avec pouvoir : [S-1-5-32-547] Utilisateurs de gestion à distance : [S-1-5-32-580] Utilisateurs de l’Analyseur de performances : [S-1-5-32-558] Utilisateurs du Bureau à distance : [S-1-5-32-555] Utilisateurs du journal de performances : [S-1-5-32-559] Utilisateurs du modèle COM distribué : [S-1-5-32-562] ---------- | SystemAccounts Name: Tout le monde - SID: S-1-1-0 - SIDType: 5 - Status: OK Name: LOCAL - SID: S-1-2-0 - SIDType: 5 - Status: OK Name: CREATEUR PROPRIETAIRE - SID: S-1-3-0 - SIDType: 5 - Status: OK Name: GROUPE CREATEUR - SID: S-1-3-1 - SIDType: 5 - Status: OK Name: CREATOR OWNER SERVER - SID: S-1-3-2 - SIDType: 5 - Status: OK Name: CREATOR GROUP SERVER - SID: S-1-3-3 - SIDType: 5 - Status: OK Name: DROITS DU PROPRIÉTAIRE - SID: S-1-3-4 - SIDType: 5 - Status: OK Name: LIGNE - SID: S-1-5-1 - SIDType: 5 - Status: OK Name: RESEAU - SID: S-1-5-2 - SIDType: 5 - Status: OK Name: TACHE - SID: S-1-5-3 - SIDType: 5 - Status: OK Name: INTERACTIF - SID: S-1-5-4 - SIDType: 5 - Status: OK Name: SERVICE - SID: S-1-5-6 - SIDType: 5 - Status: OK Name: ANONYMOUS LOGON - SID: S-1-5-7 - SIDType: 5 - Status: OK Name: Proxy - SID: S-1-5-8 - SIDType: 5 - Status: OK Name: Système - SID: S-1-5-18 - SIDType: 5 - Status: OK Name: ENTERPRISE DOMAIN CONTROLLERS - SID: S-1-5-9 - SIDType: 5 - Status: OK Name: SELF - SID: S-1-5-10 - SIDType: 5 - Status: OK Name: Utilisateurs authentifiés - SID: S-1-5-11 - SIDType: 5 - Status: OK Name: RESTRICTED - SID: S-1-5-12 - SIDType: 5 - Status: OK Name: UTILISATEUR TERMINAL SERVER - SID: S-1-5-13 - SIDType: 5 - Status: OK Name: REMOTE INTERACTIVE LOGON - SID: S-1-5-14 - SIDType: 5 - Status: OK Name: IUSR - SID: S-1-5-17 - SIDType: 5 - Status: OK Name: SERVICE LOCAL - SID: S-1-5-19 - SIDType: 5 - Status: OK Name: SERVICE RÉSEAU - SID: S-1-5-20 - SIDType: 5 - Status: OK Name: BUILTIN - SID: S-1-5-32 - SIDType: 3 - Status: OK ---------- | Drives C:\ -> [Fixed] | [] | Total : 118.64 Go | Free : 68.09 Go -> NTFS (SSD) D:\ -> [Fixed] | [] | Total : 0.98 Go | Free : 0.95 Go -> NTFS [SATA] E:\ -> [Fixed] | [] | Total : 0.49 Go | Free : 0.47 Go -> NTFS (SSD) V:\ -> [Fixed] | [Nouveau nom] | Total : 930.53 Go | Free : 647.11 Go -> NTFS [SATA] Disk Usage Information [2 total Physical Disks] Physical Drive #0 [D:, V:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Physical Drive #1 [E:, C:] : Read:0 bytes/sec, Written:3,900,626 bytes/sec Max Read:0 bytes/sec, Max Write:3,900,626 bytes/sec Overall - Read Maximum:0 bytes/sec, Write Maximum:3,900,626 bytes/sec DeviceID: \\.\PHYSICALDRIVE1 - Status: OK - SCSI - Fixed hard disk media - 3 Part. - PnPID : SCSI\DISK&VEN_NVME&PROD_SAMSUNG_MZVLW128\5&32D48DCA&0&000000 DeviceID: \\.\PHYSICALDRIVE0 - Status: OK - IDE - Fixed hard disk media - 2 Part. - PnPID : SCSI\DISK&VEN_ST1000LM&PROD_035-1RK172\4&2ABCD9BC&0&000200 ---------- | Windows updates - Activation - License W.A.T : :) Test 1 : Windows Is Activated Volume License ---------- | Browsers IE : 11.0.17134.1 (© Microsoft Corporation. Tous droits réservés.) Default : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" ---------- | FlashPlayer FlashPlayer ActiveX : 32.0.0.207 ---------- | Security FW : WINDOWS Firewall WMI : OK WU: Windows Update Service [Auto(2)] = stopped AS: Windows Defender [Auto(2)] = Running WMI: Windows Management Instrumentation [Auto(2)] = Running ---------- | Running processes 388 | [Owner : Système | Parent : 4(System) | ?????] - (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (10.0.17134.590) = C:\Windows\System32\smss.exe [13/02/2019 21:14:55] CPU Usage:0 % 612 | [Owner : Système | Parent : 576() | ?????] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (10.0.17134.1) = C:\Windows\System32\csrss.exe [12/04/2018 01:34:22] CPU Usage:0 % 716 | [Owner : Système | Parent : 576() | ?????] - (.Microsoft Corporation - Application de démarrage de Windows.) - (10.0.17134.1) = C:\Windows\System32\wininit.exe [12/04/2018 01:34:22] CPU Usage:0 % 724 | [Owner : Système | Parent : 708() | ?????] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (10.0.17134.1) = C:\Windows\System32\csrss.exe [12/04/2018 01:34:22] CPU Usage:0 % 788 | [Owner : Système | Parent : 716(wininit.exe) | ?????] - (.Microsoft Corporation - Applications Services et Contrôleur.) - (10.0.17134.191) = C:\Windows\System32\services.exe [16/08/2018 16:13:37] CPU Usage:0 % 808 | [Owner : Système | Parent : 716(wininit.exe) | 11.78 Mo] - (.Microsoft Corporation - Local Security Authority Process.) - (10.0.17134.376) = C:\Windows\System32\lsass.exe [13/11/2018 22:38:51] CPU Usage:0 % 884 | [Owner : Système | Parent : 708() | 3.8 Mo] - (.Microsoft Corporation - Application d’ouverture de session Windows.) - (10.0.17134.319) = C:\Windows\System32\winlogon.exe [09/10/2018 21:42:54] CPU Usage:0 % 996 | [Owner : Système | Parent : 788(services.exe) | 0.41 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 1020 | [Owner : Système | Parent : 788(services.exe) | 17.86 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 72 | [Owner : UMFD-0 | Parent : 716(wininit.exe) | 0.41 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.17134.765) = C:\Windows\System32\fontdrvhost.exe [14/05/2019 22:09:30] CPU Usage:0 % 256 | [Owner : UMFD-1 | Parent : 884(winlogon.exe) | 5.48 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.17134.765) = C:\Windows\System32\fontdrvhost.exe [14/05/2019 22:09:30] CPU Usage:0 % 712 | [Owner : SERVICE RÉSEAU | Parent : 788(services.exe) | 9.1 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 1032 | [Owner : Système | Parent : 788(services.exe) | 3.74 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 1100 | [Owner : DWM-1 | Parent : 884(winlogon.exe) | 38.85 Mo] - (.Microsoft Corporation - Gestionnaire de fenêtres du Bureau.) - (10.0.17134.1) = C:\Windows\System32\dwm.exe [12/04/2018 01:34:19] CPU Usage:0 % 1240 | [Owner : SERVICE LOCAL | Parent : 788(services.exe) | 2.31 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 1248 | [Owner : SERVICE LOCAL | Parent : 788(services.exe) | 3.3 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 1320 | [Owner : SERVICE LOCAL | Parent : 788(services.exe) | 12.93 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 1364 | [Owner : Système | Parent : 788(services.exe) | 4.67 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 1376 | [Owner : SERVICE LOCAL | Parent : 788(services.exe) | 4.24 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 1412 | [Owner : Système | Parent : 788(services.exe) | 9.11 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 1552 | [Owner : Système | Parent : 788(services.exe) | 2.04 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 1564 | [Owner : Système | Parent : 788(services.exe) | 3.31 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 1608 | [Owner : SERVICE LOCAL | Parent : 788(services.exe) | 12.66 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 1640 | [Owner : Système | Parent : 788(services.exe) | 5.04 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 1672 | [Owner : SERVICE LOCAL | Parent : 788(services.exe) | 1.73 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 1768 | [Owner : Système | Parent : 788(services.exe) | 2.56 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 1888 | [Owner : SERVICE LOCAL | Parent : 788(services.exe) | 5.23 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 1920 | [Owner : Système | Parent : 788(services.exe) | 5.26 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 1936 | [Owner : Système | Parent : 788(services.exe) | 6.22 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.15.2586.5913) = C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [06/02/2019 22:34:20] CPU Usage:0 % 2032 | [Owner : SERVICE LOCAL | Parent : 1768(svchost.exe) | 6.35 Mo] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (10.0.17134.1) = C:\Windows\System32\dasHost.exe [12/04/2018 01:34:12] CPU Usage:0 % 2044 | [Owner : Système | Parent : 788(services.exe) | 4.88 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 1088 | [Owner : Système | Parent : 788(services.exe) | 1.03 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 1232 | [Owner : SERVICE LOCAL | Parent : 788(services.exe) | 3.68 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 1480 | [Owner : SERVICE LOCAL | Parent : 788(services.exe) | 4.14 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 2140 | [Owner : SERVICE LOCAL | Parent : 788(services.exe) | 2.14 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 2204 | [Owner : Système | Parent : 788(services.exe) | 5.15 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 2296 | [Owner : SERVICE RÉSEAU | Parent : 788(services.exe) | 8.3 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 2308 | [Owner : Système | Parent : 788(services.exe) | 2.15 Mo] - (.Intel Corporation - igfxCUIService Module.) - (6.15.10.4836) = C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9dc776be3e13ad6d\igfxCUIService.exe [21/11/2017 19:20:56] CPU Usage:0 % 2348 | [Owner : SERVICE RÉSEAU | Parent : 788(services.exe) | 4.76 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 2384 | [Owner : Système | Parent : 788(services.exe) | 3.02 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 2400 | [Owner : SERVICE LOCAL | Parent : 788(services.exe) | 5.45 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 2516 | [Owner : SERVICE LOCAL | Parent : 788(services.exe) | 5.23 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 2684 | [Owner : SERVICE LOCAL | Parent : 788(services.exe) | 6.48 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 2844 | [Owner : Système | Parent : 788(services.exe) | 9.52 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 2896 | [Owner : SERVICE RÉSEAU | Parent : 788(services.exe) | 13.02 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 2304 | [Owner : Système | Parent : 788(services.exe) | 15.05 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 2452 | [Owner : SERVICE LOCAL | Parent : 788(services.exe) | 3.5 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 3136 | [Owner : Système | Parent : 788(services.exe) | 7.42 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 3308 | [Owner : SERVICE LOCAL | Parent : 788(services.exe) | 4.12 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 3500 | [Owner : SERVICE RÉSEAU | Parent : 1020(svchost.exe) | 15.76 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.17134.1) = C:\Windows\System32\wbem\WmiPrvSE.exe [12/04/2018 01:34:40] CPU Usage:0 % 3592 | [Owner : Système | Parent : 788(services.exe) | 3.26 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 3696 | [Owner : SERVICE LOCAL | Parent : 788(services.exe) | 16.16 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 3728 | [Owner : Système | Parent : 1936(NVDisplay.Container.exe) | 15.08 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.15.2586.5913) = C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [06/02/2019 22:34:20] CPU Usage:0 % 3972 | [Owner : Système | Parent : 788(services.exe) | 12 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 4108 | [Owner : Système | Parent : 788(services.exe) | 1.14 Mo] - (.Realtek Semiconductor - Realtek Audio Service.) - (1.0.0.88) = C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [02/02/2018 22:26:22] CPU Usage:0 % 4180 | [Owner : SERVICE LOCAL | Parent : 788(services.exe) | 2.57 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 4188 | [Owner : SERVICE LOCAL | Parent : 788(services.exe) | 6.56 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 4308 | [Owner : Système | Parent : 788(services.exe) | 6.75 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 4364 | [Owner : Système | Parent : 788(services.exe) | 3.19 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 4412 | [Owner : Système | Parent : 788(services.exe) | 3.83 Mo] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.17134.1) = C:\Windows\System32\spoolsv.exe [12/04/2018 01:34:41] CPU Usage:0 % 4448 | [Owner : SERVICE RÉSEAU | Parent : 788(services.exe) | 2.8 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 4560 | [Owner : SERVICE RÉSEAU | Parent : 788(services.exe) | 7.93 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 4568 | [Owner : Système | Parent : 788(services.exe) | 2.64 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 4576 | [Owner : Système | Parent : 788(services.exe) | 1.59 Mo] - (.Intel Corporation - Intel HD Graphics Drivers for Windows(R).) - (22.20.16.4836) = C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9dc776be3e13ad6d\IntelCpHDCPSvc.exe [21/11/2017 19:22:06] CPU Usage:0 % 4584 | [Owner : Système | Parent : 788(services.exe) | 0.9 Mo] - (.Adobe Systems Incorporated - Adobe Update Service.) - (4.6.0.384) = C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [22/06/2018 06:13:20] CPU Usage:0 % 4592 | [Owner : Système | Parent : 788(services.exe) | 9.71 Mo] - (.Intel - DSAService.) - (3.1.2.2) = C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe [17/01/2018 16:32:58] CPU Usage:0 % 4608 | [Owner : SERVICE LOCAL | Parent : 788(services.exe) | 15.35 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 4616 | [Owner : Système | Parent : 788(services.exe) | 7.34 Mo] - (.Adobe Systems, Incorporated - Adobe Genuine Software Integrity Service.) - (6.3.1.77) = C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [23/08/2017 11:51:32] CPU Usage:0 % 4624 | [Owner : Système | Parent : 788(services.exe) | 2.48 Mo] - (.Adobe Systems, Incorporated - Adobe Genuine Software Service.) - (6.3.1.77) = C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [11/05/2018 12:50:52] CPU Usage:0 % 4648 | [Owner : Système | Parent : 788(services.exe) | 11.68 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.15.2586.5913) = C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [24/05/2018 20:20:51] CPU Usage:0 % 4656 | [Owner : SERVICE RÉSEAU | Parent : 788(services.exe) | 9.9 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.15.2586.5913) = C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [19/01/2019 14:18:24] CPU Usage:0 % 4704 | [Owner : Système | Parent : 788(services.exe) | 7.61 Mo] - (.Lenovo(beijing) Limited - Services principaux Lenovo Nerve Center(Sense).) - (2.6.11.8) = C:\Program Files\Lenovo\Nerve Center\bin\x64\PluginLoaderSvc.exe [03/02/2018 12:31:07] CPU Usage:0 % 4712 | [Owner : SERVICE LOCAL | Parent : 788(services.exe) | 1.32 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 4744 | [Owner : Système | Parent : 788(services.exe) | ?????] - (.Microsoft Corporation - Windows Security Health Service.) - (4.13.17134.191) = C:\Windows\System32\SecurityHealthService.exe [16/08/2018 16:13:41] CPU Usage:0 % 4764 | [Owner : SERVICE LOCAL | Parent : 788(services.exe) | 3 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 4772 | [Owner : Système | Parent : 788(services.exe) | 2.28 Mo] - (.Synaptics Incorporated - 64-bit Synaptics Pointing Enhance Service.) - (19.4.18.30) = C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [29/01/2018 07:22:44] CPU Usage:0 % 4836 | [Owner : Système | Parent : 788(services.exe) | 0.7 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 4844 | [Owner : SERVICE LOCAL | Parent : 788(services.exe) | 3.85 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 4904 | [Owner : Système | Parent : 788(services.exe) | ?????] - (.Microsoft Corporation - Antimalware Service Executable.) - (4.18.1907.4) = C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\MsMpEng.exe [04/08/2019 15:44:16] CPU Usage:0 % 4960 | [Owner : Système | Parent : 788(services.exe) | 13.33 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 5164 | [Owner : SERVICE LOCAL | Parent : 788(services.exe) | 1.44 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 5208 | [Owner : Système | Parent : 788(services.exe) | 4.92 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 5304 | [Owner : Système | Parent : 788(services.exe) | 2.28 Mo] - (.Intel Corporation - IntelCpHeciSvc Executable.) - (9.0.18.917) = C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9dc776be3e13ad6d\IntelCpHeciSvc.exe [21/11/2017 19:22:10] CPU Usage:0 % 5400 | [Owner : Système | Parent : 4648(nvcontainer.exe) | 0.6 Mo] - (.Microsoft Corporation - Processus hôte Windows (Rundll32).) - (10.0.17134.1) = C:\Windows\System32\rundll32.exe [12/04/2018 01:34:33] CPU Usage:0 % 5668 | [Owner : Système | Parent : 1020(svchost.exe) | 2.85 Mo] - (.Microsoft Corporation - Sink to receive asynchronous callbacks for WMI client application.) - (10.0.17134.1) = C:\Windows\System32\wbem\unsecapp.exe [12/04/2018 01:34:40] CPU Usage:0 % 2876 | [Owner : overd | Parent : 4648(nvcontainer.exe) | 5.44 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.15.2586.5913) = C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [24/05/2018 20:20:51] CPU Usage:0 % 1632 | [Owner : Système | Parent : 4108(RtkAudioService64.exe) | 1.89 Mo] - (.Realtek Semiconductor - HD Audio Background Process.) - (1.0.0.295) = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [02/02/2018 22:26:21] CPU Usage:0 % 4976 | [Owner : overd | Parent : 1920(svchost.exe) | 17.23 Mo] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.17134.1) = C:\Windows\System32\sihost.exe [12/04/2018 01:34:12] CPU Usage:0 % 4672 | [Owner : overd | Parent : 4648(nvcontainer.exe) | 46.43 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.15.2586.5913) = C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [24/05/2018 20:20:51] CPU Usage:0 % 1192 | [Owner : overd | Parent : 788(services.exe) | 20.77 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 6140 | [Owner : overd | Parent : 788(services.exe) | 17.67 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 4636 | [Owner : SERVICE LOCAL | Parent : 788(services.exe) | 0.19 Mo] - (.Microsoft Corporation - PresentationFontCache.exe.) - (3.0.6920.8931) = C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe [19/05/2018 12:40:41] CPU Usage:0 % 6372 | [Owner : overd | Parent : 1412(svchost.exe) | 10.87 Mo] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.17134.619) = C:\Windows\System32\taskhostw.exe [13/03/2019 20:27:22] CPU Usage:0 % 3940 | [Owner : overd | Parent : 1412(svchost.exe) | 5.06 Mo] - (.Lenovo(beijing) Limited - Mise à jour moteur Lenovo Nerve Center(Sense).) - (2.6.11.8) = C:\Program Files\Lenovo\Nerve Center\bin\x64\LenovoNerveCenterUpdateAgent.exe [03/02/2018 12:30:54] CPU Usage:0 % 6788 | [Owner : Système | Parent : 788(services.exe) | 1.97 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 6832 | [Owner : overd | Parent : 6788(svchost.exe) | 8.94 Mo] - (.Microsoft Corporation - Chargeur CTF.) - (10.0.17134.1) = C:\Windows\System32\ctfmon.exe [12/04/2018 01:34:37] CPU Usage:0 % 7340 | [Owner : overd | Parent : 7292() | 74.64 Mo] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.17134.677) = C:\Windows\explorer.exe [10/04/2019 16:24:40] CPU Usage:0 % 7372 | [Owner : overd | Parent : 7240() | 4.7 Mo] - (.Intel Corporation - igfxEM Module.) - (6.15.10.4836) = C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9dc776be3e13ad6d\igfxEM.exe [21/11/2017 19:21:24] CPU Usage:0 % 7564 | [Owner : SERVICE LOCAL | Parent : 788(services.exe) | 10.99 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 7676 | [Owner : Système | Parent : 788(services.exe) | 9.03 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 7844 | [Owner : Système | Parent : 1020(svchost.exe) | 5.98 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.17134.1) = C:\Windows\System32\wbem\WmiPrvSE.exe [12/04/2018 01:34:40] CPU Usage:0 % 8640 | [Owner : overd | Parent : 1020(svchost.exe) | 38.22 Mo] - (.Microsoft Corporation - Host Process for Setting Synchronization.) - (10.0.17134.753) = C:\Windows\System32\SettingSyncHost.exe [14/05/2019 22:09:24] CPU Usage:0 % 7380 | [Owner : overd | Parent : 4648(nvcontainer.exe) | 2.23 Mo] - (.NVIDIA Corporation - NVIDIA ShadowPlay Helper.) - (3.19.0.107) = C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe [24/05/2018 20:20:58] CPU Usage:0 % 8412 | [Owner : overd | Parent : 2876(nvcontainer.exe) | 18.81 Mo] - (.NVIDIA Corporation - NVIDIA Share.) - (73.3683.1933.1) = C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe [24/05/2018 20:20:56] CPU Usage:0 % 9016 | [Owner : overd | Parent : 4772(SynTPEnhService.exe) | 8.44 Mo] - (.Synaptics Incorporated - Synaptics TouchPad 64-bit Enhancements.) - (19.4.18.30) = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [29/01/2018 07:22:42] CPU Usage:0 % 9080 | [Owner : Système | Parent : 788(services.exe) | 2.81 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 3108 | [Owner : overd | Parent : 9052() | 0.31 Mo] - (.Synaptics Incorporated - Synaptics Pointing Device Helper.) - (19.4.18.30) = C:\Program Files\Synaptics\SynTP\SynTPHelper.exe [29/01/2018 07:22:46] CPU Usage:0 % 8204 | [Owner : Système | Parent : 788(services.exe) | 4.66 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 8852 | [Owner : overd | Parent : 8412(NVIDIA Share.exe) | 5.46 Mo] - (.NVIDIA Corporation - NVIDIA Share.) - (73.3683.1933.1) = C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe [24/05/2018 20:20:56] CPU Usage:0 % 9516 | [Owner : overd | Parent : 9276() | 31.79 Mo] - (.Node.js - NVIDIA Web Helper Service.) - (11.13.0.0) = C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe [24/05/2018 20:20:53] CPU Usage:0 % 9532 | [Owner : overd | Parent : 9516(NVIDIA Web Helper.exe) | 0.63 Mo] - (.Microsoft Corporation - Hôte de la fenêtre de la console.) - (10.0.17134.1) = C:\Windows\System32\conhost.exe [12/04/2018 01:34:20] CPU Usage:0 % 3492 | [Owner : overd | Parent : 8412(NVIDIA Share.exe) | 53.62 Mo] - (.NVIDIA Corporation - NVIDIA Share.) - (73.3683.1933.1) = C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe [24/05/2018 20:20:56] CPU Usage:0 % 8756 | [Owner : overd | Parent : 788(services.exe) | 9.57 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 1148 | [Owner : overd | Parent : 7340(explorer.exe) | 2.6 Mo] - (.Microsoft Corporation - Windows Defender notification icon.) - (4.13.17134.1) = C:\Program Files\Windows Defender\MSASCuiL.exe [12/04/2018 01:33:58] CPU Usage:0 % 6384 | [Owner : overd | Parent : 7340(explorer.exe) | 2.75 Mo] - (.Lenovo(beijing) Limited - Lenovo Nerve Center(Sense) Tray - Une application Lenovo développée dans le but d'optimiser votre expérience de jeu.) - (2.6.11.8) = C:\Program Files\Lenovo\Nerve Center\bin\x64\LenovoNerveCenterTray.exe [03/02/2018 12:31:03] CPU Usage:0 % 10308 | [Owner : overd | Parent : 7340(explorer.exe) | 3.22 Mo] - (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) - (1.0.0.1128) = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [02/02/2018 22:26:21] CPU Usage:0 % 10364 | [Owner : overd | Parent : 7340(explorer.exe) | 2.06 Mo] - (.Realtek Semiconductor - HD Audio Background Process.) - (1.0.0.295) = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [02/02/2018 22:26:21] CPU Usage:0 % 10448 | [Owner : overd | Parent : 4704(PluginLoaderSvc.exe) | 0.54 Mo] - (.Lenovo(beijing) Limited - HotkeyMonitor - Analyse des touches de raccourci Lenovo Nerve Center (Sense).) - (2.6.11.8) = C:\Program Files\Lenovo\Nerve Center\bin\x64\HotkeyMonitor.exe [03/02/2018 12:31:07] CPU Usage:0 % 10504 | [Owner : overd | Parent : 7340(explorer.exe) | 1.99 Mo] - (.Realtek Semiconductor - HD Audio Background Process.) - (1.0.0.295) = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [02/02/2018 22:26:21] CPU Usage:0 % 10152 | [Owner : Système | Parent : 788(services.exe) | 17.16 Mo] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.17134.677) = C:\Windows\System32\SearchIndexer.exe [10/04/2019 16:24:45] CPU Usage:0 % 9136 | [Owner : Système | Parent : 788(services.exe) | 2.92 Mo] - (.Dolby Laboratories, Inc. - DolbyDAX2API.) - (0.8.8.87) = C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [26/09/2018 00:30:02] CPU Usage:0 % 9432 | [Owner : Système | Parent : 788(services.exe) | 11.23 Mo] - (.Microsoft Corporation - sedsvc.) - (10.0.17134.10066) = C:\Program Files\rempl\sedsvc.exe [11/06/2019 11:37:42] CPU Usage:0 % 7284 | [Owner : Système | Parent : 788(services.exe) | ?????] - (.Microsoft Corporation - Service Broker du moniteur d'exécution System Guard.) - (10.0.17134.1) = C:\Windows\System32\SgrmBroker.exe [12/04/2018 01:34:04] CPU Usage:0 % 10144 | [Owner : Système | Parent : 788(services.exe) | 4.02 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 8664 | [Owner : SERVICE LOCAL | Parent : 788(services.exe) | 4.01 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 8500 | [Owner : overd | Parent : 10144(svchost.exe) | 4.85 Mo] - (.Microsoft Corporation - MusNotifyIcon.exe.) - (10.0.17134.799) = C:\Windows\System32\MusNotifyIcon.exe [12/06/2019 16:40:57] CPU Usage:0 % 5288 | [Owner : overd | Parent : 1020(svchost.exe) | 11.52 Mo] - (.Microsoft Corporation - Application Frame Host.) - (10.0.17134.1) = C:\Windows\System32\ApplicationFrameHost.exe [12/04/2018 01:34:18] CPU Usage:0 % 8556 | [Owner : Système | Parent : 788(services.exe) | 5.06 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 8736 | [Owner : overd | Parent : 1020(svchost.exe) | 0.38 Mo] - (.Microsoft Corporation - Store.) - (11906.1001.24.0) = C:\Program Files\WindowsApps\Microsoft.WindowsStore_11906.1001.24.0_x64__8wekyb3d8bbwe\WinStore.App.exe [28/08/2019 03:18:59] CPU Usage:0 % 10852 | [Owner : Système | Parent : 788(services.exe) | 6.42 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 10888 | [Owner : overd | Parent : 9388() | 2.64 Mo] - (.Adobe Systems Incorporated - Adobe IPC Broker.) - (5.4.0.57) = C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe [05/12/2017 00:33:20] CPU Usage:0 % 6960 | [Owner : overd | Parent : 9388() | 0.28 Mo] - (.Adobe Systems Incorporated - CCXProcess.) - (2.2.1.120) = C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [12/04/2018 21:33:16] CPU Usage:0 % 3628 | [Owner : overd | Parent : 6960(CCXProcess.exe) | 38.03 Mo] - (.Node.js - Node.js: Server-side JavaScript.) - (6.12.3.0) = C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\libs\node.exe [02/01/2018 10:38:46] CPU Usage:0 % 4668 | [Owner : overd | Parent : 3628(node.exe) | 0.79 Mo] - (.Microsoft Corporation - Hôte de la fenêtre de la console.) - (10.0.17134.1) = C:\Windows\System32\conhost.exe [12/04/2018 01:34:20] CPU Usage:0 % 4808 | [Owner : overd | Parent : 1020(svchost.exe) | 16.3 Mo] - (.-.) - (2019.19061.17310.0) = C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19061.17310.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe [28/08/2019 03:17:57] CPU Usage:0 % 3540 | [Owner : overd | Parent : 1020(svchost.exe) | 0.77 Mo] - (.Microsoft Corporation - Paramètres.) - (10.0.17134.112) = C:\Windows\ImmersiveControlPanel\SystemSettings.exe [12/06/2018 21:27:04] CPU Usage:0 % 2720 | [Owner : Système | Parent : 788(services.exe) | 9.58 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 9808 | [Owner : SERVICE LOCAL | Parent : 788(services.exe) | 7.56 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 11172 | [Owner : Système | Parent : 788(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 2644 | [Owner : Système | Parent : 788(services.exe) | 7.33 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 10392 | [Owner : overd | Parent : 1020(svchost.exe) | 73.71 Mo] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.17134.753) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [14/05/2019 22:09:27] CPU Usage:0 % 3276 | [Owner : Système | Parent : 788(services.exe) | 6.72 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 3960 | [Owner : Système | Parent : 788(services.exe) | 16.83 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 8668 | [Owner : SERVICE LOCAL | Parent : 788(services.exe) | 5.54 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 2888 | [Owner : Système | Parent : 788(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 8512 | [Owner : SERVICE LOCAL | Parent : 2684(svchost.exe) | 16.22 Mo] - (.Microsoft Corporation - Isolation graphique de périphérique audio Windows.) - (10.0.17134.829) = C:\Windows\System32\audiodg.exe [12/06/2019 16:40:38] CPU Usage:0 % 11352 | [Owner : overd | Parent : 7340(explorer.exe) | 57.4 Mo] - (.SosVirus - QuickDiag.) - (25.8.19.1) = C:\Users\overd\Desktop\QuickDiag.exe [28/08/2019 18:40:21] CPU Usage:0 % 11576 | [Owner : Système | Parent : 788(services.exe) | 5.72 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 11844 | [Owner : SERVICE RÉSEAU | Parent : 1020(svchost.exe) | 9.54 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.17134.1) = C:\Windows\SysWOW64\wbem\WmiPrvSE.exe [12/04/2018 01:34:55] CPU Usage:0 % ---------- | Locked Applications ---------- | Explorer.exe Modules (Microsoft Files Whitelisted) (.Lenovo(beijing) Limited.-.Lenovo Nerve Center(Sense).) - (2.6.11.8) -- C:\Program Files\Lenovo\Nerve Center\bin\x64\Taskbar.dll (..-..) - (0.0.0.0) -- C:\Windows\System32\InputHost.dll (.Intel Corporation.-.User Mode Driver for Intel(R) Graphics Technology.) - (22.20.16.4836) -- C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9dc776be3e13ad6d\igd10iumd64.dll (.Intel Corporation.-.Intel Graphics Shader Compiler for Intel(R) Graphics Accelerator.) - (22.20.16.4836) -- C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9dc776be3e13ad6d\igc64.dll (..-.Core Sync.) - (2.4.6.82) -- C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll (..-..) - (0.0.0.0) -- C:\Windows\ShellExperiences\TileControl.dll (..-..) - (0.0.0.0) -- C:\Windows\ShellComponents\TaskFlowUI.dll (.NVIDIA Corporation.-.NVIDIA NVAPI Library, Version 430.39.) - (26.21.14.3039) -- C:\WINDOWS\system32\nvapi64.dll (.NVIDIA Corporation.-.NVIDIA French language resource library.) - (6.14.14.3039) -- C:\WINDOWS\SYSTEM32\Nv3DAppShExtR.dll (.Alexander Roshal.-.WinRAR shell extension.) - (5.60.0.0) -- V:\Program Files (x86)\WinRAR\rarext64.dll ---------- | Winlogon.exe Modules (Microsoft Files Whitelisted) ---------- | svchost.exe Modules (Microsoft Files Whitelisted) (.SQLite Development Team.-.SQLite is a software library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine..) - (3.21.0.0) -- C:\WINDOWS\System32\winsqlite3.dll ---------- | ZeroAccess Check [HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll [HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll [HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll ---------- | Startings up OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-19\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE LOCAL OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-20\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE RÉSEAU gamelan - (gamelan.lnk [Startup]) - User: DESKTOP-L79GNMF\overd gamelangamelan - (gamelangamelan.lnk [Startup]) - User: DESKTOP-L79GNMF\overd OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\SOFTWARE\...\Run]) - User: DESKTOP-L79GNMF\overd Steam - ("C:\Program Files (x86)\Steam\steam.exe" -silent [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\SOFTWARE\...\Run]) - User: DESKTOP-L79GNMF\overd GameCenter - ("C:\Users\overd\AppData\Local\GameCenter\GameCenter.exe" -autostart [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\SOFTWARE\...\Run]) - User: DESKTOP-L79GNMF\overd Discord - (C:\Users\overd\AppData\Local\Discord\app-0.0.304\Discord.exe [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\SOFTWARE\...\Run]) - User: DESKTOP-L79GNMF\overd SecurityHealth - (%ProgramFiles%\Windows Defender\MSASCuiL.exe [HKLM\SOFTWARE\...\Run]) - User: Public NerveCenterTray - ("C:\Program Files\Lenovo\Nerve Center\bin\x64\LenovoNerveCenterTray.exe" -autostart [HKLM\SOFTWARE\...\Run]) - User: Public RTHDVCPL - ("C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s [HKLM\SOFTWARE\...\Run]) - User: Public RtHDVBg_Dolby - ("C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4 [HKLM\SOFTWARE\...\Run]) - User: Public RtHDVBg_LENOVO_DOLBYDRAGON - ("C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /LENOVO_DOLBYDRAGON [HKLM\SOFTWARE\...\Run]) - User: Public AdobeAAMUpdater-1.0 - ("C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [HKLM\SOFTWARE\...\Run]) - User: Public AdobeGCInvoker-1.0 - ("C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe" [HKLM\SOFTWARE\...\Run]) - User: Public [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Microsoft\Command Processor] "CompletionChar"=9 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=9 [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"=C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup "Steam"="C:\Program Files (x86)\Steam\steam.exe" -silent "GameCenter"="C:\Users\overd\AppData\Local\GameCenter\GameCenter.exe" -autostart "Discord"=C:\Users\overd\AppData\Local\Discord\app-0.0.304\Discord.exe [31/01/2019 15:33:12] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run] "OneDriveSetup"=0x0300000031294E1388F1D301 "Steam"=0x030000000D42816A9A01D401 "Discord"=0x0300000024AB74609A01D401 "CCleaner Monitoring"=0x030000004C1BED5E9A01D401 "CCleaner Smart Cleaning"=0x03000000DBA85FBA8586D401 "GameCenter"=0x030000002C25027757A0D401 [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "Device"=HP Photosmart C4400 series,winspool,Ne05: "IsMRUEstablished"=1 "LegacyDefaultPrinterMode"=0 [HKLM\Software\Microsoft\Command Processor] "DefaultColor"=0 "EnableExtensions"=1 "CompletionChar"=64 "PathCompletionChar"=64 [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "SecurityHealth"=%ProgramFiles%\Windows Defender\MSASCuiL.exe "NerveCenterTray"="C:\Program Files\Lenovo\Nerve Center\bin\x64\LenovoNerveCenterTray.exe" -autostart "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s "RtHDVBg_Dolby"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4 "RtHDVBg_LENOVO_DOLBYDRAGON"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /LENOVO_DOLBYDRAGON "AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" "AdobeGCInvoker-1.0"="C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe" [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run] "SecurityHealth"=0x060000000000000000000000 "NerveCenterTray"=0x060000000000000000000000 "RTHDVCPL"=0x060000000000000000000000 "RtHDVBg_Dolby"=0x060000000000000000000000 "RtHDVBg_LENOVO_DOLBYDRAGON"=0x060000000000000000000000 "AvastUI.exe"=0x03000000F4757C5D9A01D401 "AdobeGCInvoker-1.0"=0x030000004A1C23B78586D401 "AdobeAAMUpdater-1.0"=0x030000009891DEB88586D401 "iTunesHelper"=0x03000000824D46BE8586D401 "WindowsDefender"=0x020000000000000000000000 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32] "DSATray"=0x070000001663C9659A01D401 "Adobe Creative Cloud"=0x03000000D7FBDEB48586D401 "SunJavaUpdateSched"=0x03000000B62F52C78586D401 "T5"=0x0300000069FBFDF6C84AD501 [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] ""=mnmsrvc "DdeSendTimeout"=0 "DesktopHeapLogging"=1 "DeviceNotSelectedTimeout"=15 "DwmInputUsesIoCompletionPort"=1 "EnableDwmInputProcessing"=7 "GDIProcessHandleQuota"=10000 "IconServiceLib"=IconCodecService.dll "LoadAppInit_DLLs"=0 "NaturalInputHandler"=Ninput.dll "ShutdownWarningDialogTimeout"=4294967295 "Spooler"=yes "ThreadUnresponsiveLogTimeout"=500 "TransmissionRetryTimeout"=90 "USERNestedWindowLimit"=50 "USERPostMessageLimit"=10000 "USERProcessHandleQuota"=10000 "Win32kLastWriteTime"=1D3D1ED98C0F7D8 "APPINIT_DLLS"= [HKLM\Software\WOW6432Node\Microsoft\Command Processor] "CompletionChar"=9 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=9 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] "DSATray"=C:\Program Files (x86)\Intel Driver and Support Assistant\DsaTray.exe [17/01/2018 16:32:44] "Adobe Creative Cloud"="C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows] ""=mnmsrvc "DdeSendTimeout"=0 "DesktopHeapLogging"=1 "DeviceNotSelectedTimeout"=15 "DwmInputUsesIoCompletionPort"=1 "EnableDwmInputProcessing"=7 "GDIProcessHandleQuota"=10000 "IconServiceLib"=IconCodecService.dll "LoadAppInit_DLLs"=0 "NaturalInputHandler"=Ninput.dll "ShutdownWarningDialogTimeout"=4294967295 "Spooler"=yes "ThreadUnresponsiveLogTimeout"=500 "TransmissionRetryTimeout"=90 "USERNestedWindowLimit"=50 "USERPostMessageLimit"=10000 "USERProcessHandleQuota"=10000 "APPINIT_DLLS"= [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED} ---------- | Win.ini : ---------- | System.ini : ---------- | Tasks List Adobe Flash Player PPAPI Notifier Adobe Flash Player Updater AdobeAAMUpdater-1.0-MicrosoftAccount-overd0z@outlook.fr AdobeGCInvoker-1.0-MicrosoftAccount-overd0z@outlook.fr ages andalusiaages andalusia CreateExplorerShellUnelevatedTask galaxy_arbitrarilygalaxy_arbitrarily greenwaldgreenwald IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 NerveCenterUpdate NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} OneDrive Standalone Update Task-S-1-5-21-3426031793-651430910-2054641259-500 skidded_mussoliniskidded_mussolini snowesnowe thant-roccothant-rocco voorvoor ---------- | Startings up registry ¦ Folder ---------- | Control - lsa - SecurityProviders - Session Manager - Terminal Server [HKLM\System\CurrentControlSet\Control] "BootDriverFlags"=28 "CurrentUser"=USERNAME "EarlyStartServices"=RpcSs Power BrokerInfrastructure SystemEventsBroker DcomLaunch RpcEpMapper LSM AppIdSvc "PreshutdownOrder"=UsoSvc DeviceInstall gpsvc trustedinstaller "SvcHostSplitThresholdInKB"=3670016 "WaitToKillServiceTimeout"=2000 "SystemStartOptions"= NOEXECUTE=OPTIN NOVGA "SystemBootDevice"=multi(0)disk(0)rdisk(1)partition(4) "FirmwareBootDevice"=multi(0)disk(0)rdisk(1)partition(2) "LastBootSucceeded"=1 "LastBootShutdown"=1 "DirtyShutdownCount"=23 [HKLM\System\CurrentControlSet\Control\lsa] "auditbasedirectories"=0 "auditbaseobjects"=0 "Bounds"=0x0030000000200000 "crashonauditfail"=0 "fullprivilegeauditing"=0x00 "LimitBlankPasswordUse"=1 "NoLmHash"=1 "Security Packages"="" [02/02/2018 21:05:01] "Notification Packages"=scecli "Authentication Packages"=msv1_0 "disabledomaincreds"=0 "everyoneincludesanonymous"=0 "forceguest"=0 "LsaPid"=808 "ProductType"=6 "restrictanonymous"=0 "restrictanonymoussam"=1 "SamConnectedAccountsExist"=1 "SecureBoot"=1 "LsaCfgFlagsDefault"=0 [HKLM\System\CurrentControlSet\Control\SecurityProviders] "SecurityProviders"=credssp.dll [HKLM\System\CurrentControlSet\Control\Session Manager] "AutoChkTimeout"=8 "BootExecute"=autocheck autochk * "BootShell"=%SystemRoot%\system32\bootim.exe "CriticalSectionTimeout"=2592000 "ExcludeFromKnownDlls"= "GlobalFlag"=0 "HeapDeCommitFreeBlockThreshold"=0 "HeapDeCommitTotalFreeThreshold"=0 "HeapSegmentCommit"=0 "HeapSegmentReserve"=0 "InitConsoleFlags"=0 "NumberOfInitialSessions"=2 "ObjectDirectories"=\Windows \RPC Control "ProcessorControl"=2 "ProtectionMode"=1 "RunLevelExecute"=WinInit ServiceControlManager "RunLevelValidate"=ServiceControlManager "SETUPEXECUTE"= "AutoChkSkipSystemPartition"=0 "ResourceTimeoutCount"=648000 [HKLM\System\CurrentControlSet\Control\Terminal Server] "AllowRemoteRPC"=0 "DelayConMgrTimeout"=0 "DeleteTempDirsOnExit"=1 "fDenyTSConnections"=1 "fSingleSessionPerUser"=1 "NotificationTimeOut"=0 "PerSessionTempDir"=0 "ProductVersion"=5.1 "RCDependentServices"=CertPropSvc SessionEnv "SnapshotMonitors"=1 "StartRCM"=0 "TSUserEnabled"=0 "RailShowallNotifyIcons"=1 "RDPVGCInstalled"=1 "InstanceID"=b5040dae-bc57-4eb3-a129-41c5769 "GlassSessionId"=1 ---------- | .LNK with Arguments ---------- | AppCertDlls ---------- | Dnsapi.dll C:\WINDOWS\System32\dnsapi.dll -> OK : \drivers\etc\hosts C:\WINDOWS\SysWOW64\dnsapi.dll -> OK : \drivers\etc\hosts ---------- | Policies | Registry [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Control Panel\Desktop] "ActiveWndTrackTimeout"=0 "BlockSendInputResets"=0 "CaretTimeout"=5000 "CaretWidth"=1 "ClickLockTime"=1200 "CoolSwitchColumns"=7 "CoolSwitchRows"=3 "CursorBlinkRate"=530 "DockMoving"=1 "DragFromMaximize"=1 "DragFullWindows"=1 "DragHeight"=4 "DragWidth"=4 "FocusBorderHeight"=1 "FocusBorderWidth"=1 "FontSmoothing"=2 "FontSmoothingGamma"=0 "FontSmoothingOrientation"=1 "FontSmoothingType"=2 "ForegroundFlashCount"=7 "ForegroundLockTimeout"=200000 "LeftOverlapChars"=3 "MenuShowDelay"=400 "MouseWheelRouting"=2 "PaintDesktopVersion"=0 "Pattern"=0 "RightOverlapChars"=3 "ScreenSaveActive"=1 "SnapSizing"=1 "TileWallpaper"=0 "WallPaper"=C:\Users\overd\Downloads\144565.jpg [08/08/2019 16:37:39] "WallpaperOriginX"=0 "WallpaperOriginY"=0 "WallpaperStyle"=6 "WheelScrollChars"=3 "WindowArrangementActive"=1 "WheelScrollLines"=7 "Win8DpiScaling"=0 "DpiScalingVer"=4096 "UserPreferencesMask"=0x9E1E078012000000 "MaxVirtualDesktopDimension"=3840 "MaxMonitorDimension"=1920 "TranscodedImageCount"=1 "LastUpdated"=4294967295 "TranscodedImageCache"=0x7AC301005B08150080070000B0040000321132D7F64DD50143003A005C00550073006500720073005C006F0076006500720064005C0044006F0077006E006C006F006100640073005C003100340034003500360035002E006A007000670000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 "EnablePerProcessSystemDPI"=1 "WaitToKillAppTimeout"=2000 "HungAppTimeout"=2000 [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDriveTypeAutoRun"=145 [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{018D5C66-4533-4307-9B53-224DE2ED1FE6}"=1 "{0E270DAA-1BE6-48F2-AC49-71E8ABC0E927}"=1 [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Microsoft\Windows\CurrentVersion\Explorer] "ShellState"=0x240000003728000000000000000000000000000001000000130000000000000062000000 "ExplorerStartupTraceRecorded"=1 "UserSignedIn"=1 "SlowContextMenuEntries"=0x60B81DB4E464D2119906E49FADC173CA8E05000060B81DB4E48ED2119906E49FADC173CA5604000016EC7DE90DA5BB49AE24CF682282E08DBD0500000114020000000000C00000000000004688060000CEC429A936FD7042B4F534ECAC5BD63C28160000 "SIDUpdatedOnLibraries"=1 "LocalKnownFoldersMigrated"=1 "TelemetrySalt"=0 "GlobalAssocChangedCounter"=317 "FirstRunTelemetryComplete"=1 "EdgeDesktopShortcutCreated"=1 "AppReadinessLogonComplete"=1 "PostAppInstallTasksCompleted"=1 "Browse For Folder Width"=404 "Browse For Folder Height"=354 "Reason Setting"=255 "link"=0x16000000 [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_SearchFiles"=2 "ServerAdminUI"=0 "Hidden"=1 "ShowCompColor"=1 "HideFileExt"=0 "DontPrettyPath"=0 "ShowInfoTip"=1 "HideIcons"=0 "MapNetDrvBtn"=0 "WebView"=1 "Filter"=0 "ShowSuperHidden"=0 "SeparateProcess"=0 "AutoCheckSelect"=0 "IconsOnly"=0 "ShowTypeOverlay"=1 "ShowStatusBar"=1 "StoreAppsOnTaskbar"=1 "ListviewAlphaSelect"=1 "ListviewShadow"=1 "TaskbarAnimations"=1 "StartMenuInit"=13 "TaskbarStateLastRun"=0x7C4F655D00000000 "ReindexedProfile"=1 "DisablePreviewDesktop"=1 [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\WordWheelQuery] "MRUListEx"=0x06000000050000000300000004000000020000000100000000000000FFFFFFFF "0"=0x69006D006100670065000000 "1"=0x770069006E007200610072000000 "2"=0x630020006C000000 "4"=0x6600670072000000 "3"=0x6B006D0073000000 "5"=0x46005200530054000000 "6"=0x41007200590046000000 [HKLM\Software\Policies\Microsoft\Windows\System] "EnableSmartScreen"=0 [HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers] "authenticodeenabled"=0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "DSCAutomationHostEnabled"=2 "EnableCursorSuppression"=1 "EnableFullTrustStartupTasks"=2 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableUwpStartupTasks"=2 "EnableVirtualization"=1 "PromptOnSecureDesktop"=1 "SupportFullTrustStartupTasks"=1 "SupportUwpStartupTasks"=1 "ValidateAdminCodeSignatures"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableSecureUIAPath"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "ForceActiveDesktopOn"=0 "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "NoRecentDocsHistory"=0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoAddingComponents"=1 "NoComponents"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "CheckedValue"=1 "DefaultValue"=2 "HKeyRoot"=2147483649 "Id"=2 "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "ValueName"=Hidden [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer] "ActiveSetupDisabled"=0 "ActiveSetupTaskOverride"=1 "AsyncRunOnce"=1 "AsyncUpdatePCSettings"=1 "DisableAppInstallsOnFirstLogon"=1 "DisableResolveStoreCategories"=1 "DisableUpgradeCleanup"=1 "EarlyAppResolverStart"=1 "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "FSIASleepTimeInMs"=60000 "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "IconUnderline"=2 "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "MachineOobeUpdates"=1 "NoWaitOnRoamingPayloads"=1 "TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd} "AccessDeniedDialog"={100B4FC8-74C1-470F-B1B7-DD7B6BAE79BD} "GlobalAssocChangedCounter"=20 "SmartScreenEnabled"=Off [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_TrackDocs"=1 "TaskbarSizeMove"=0 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s [HKLM\Software\WOW6432Node\Policies\Microsoft\Windows\System] "EnableSmartScreen"=0 [HKLM\Software\WOW6432Node\Policies\Microsoft\Windows\Safer\CodeIdentifiers] "authenticodeenabled"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "DSCAutomationHostEnabled"=2 "EnableCursorSuppression"=1 "EnableFullTrustStartupTasks"=2 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableUwpStartupTasks"=2 "EnableVirtualization"=1 "PromptOnSecureDesktop"=1 "SupportFullTrustStartupTasks"=1 "SupportUwpStartupTasks"=1 "ValidateAdminCodeSignatures"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableSecureUIAPath"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer] "ForceActiveDesktopOn"=0 "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "NoRecentDocsHistory"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoAddingComponents"=1 "NoComponents"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "CheckedValue"=1 "DefaultValue"=2 "HKeyRoot"=2147483649 "Id"=2 "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "ValueName"=Hidden [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer] "ActiveSetupDisabled"=0 "ActiveSetupTaskOverride"=1 "AsyncRunOnce"=1 "AsyncUpdatePCSettings"=1 "DisableAppInstallsOnFirstLogon"=1 "DisableResolveStoreCategories"=1 "DisableUpgradeCleanup"=1 "EarlyAppResolverStart"=1 "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "FSIASleepTimeInMs"=60000 "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "IconUnderline"=2 "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "MachineOobeUpdates"=1 "NoWaitOnRoamingPayloads"=1 "TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd} "AccessDeniedDialog"={100B4FC8-74C1-470F-B1B7-DD7B6BAE79BD} "GlobalAssocChangedCounter"=24 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_TrackDocs"=1 "TaskbarSizeMove"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s ---------- | Winlogon [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin;OneDrive;Work Folders "PUUActive"=0x0EFB17D002001600BB018305D41A3800ACB74800ACB74800D200000002005F000ED19FDE758642023F316B0029281D007BF01B0052310F00030000003A5E500065AA0000C31E0000D62F94FEEC60D50169443E00000000000100000069443E00EE420000000000000000000000000000 "BuildNumber"=17134 "FirstLogon"=0 "DP"=0xD200E8002C021600BD0100000EFB17D00000000000000000D62F94FEEC60D501D62F94FEEC60D501000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000F03F80510100DDEE00804408015045084550EA3A01C080011A6884019A68B4870040600284186006C458490200803200D04032A0D040004701805D0010065D085406C7B900C0294901056B4B0515CA97000082C05E28B2C07E284B6A004088628046887280461B960080108458049086781C9D1000C00A0E04210A0F44316BB00080400389024003C922 "ParseAutoexec"=1 [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "AutoRestartShell"=1 "Background"=0 0 0 "CachedLogonsCount"=10 "DebugServerCommand"=no "DisableBackButton"=1 "EnableSIHostIntegration"=1 "ForceUnlockLogon"=0 "LegalNoticeCaption"= "LegalNoticeText"= "PasswordExpiryWarning"=5 "PowerdownAfterShutdown"=0 "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "ReportBootOk"=1 "Shell"=explorer.exe "ShellCritical"=0 "ShellInfrastructure"=sihost.exe "SiHostCritical"=0 "SiHostReadyTimeOut"=0 "SiHostRestartCountLimit"=0 "SiHostRestartTimeGap"=0 "VMApplet"=SystemPropertiesPerformance.exe /pagefile "WinStationsDisabled"=0 "scremoveoption"=0 "LastLogOffEndTimePerfCounter"=220000139337 "ShutdownFlags"=39 "Userinit"=C:\Windows\system32\userinit.exe, "DisableCad"=1 "DisableLockWorkstation"=0 "EnableFirstLogonAnimation"=1 "AutoLogonSID"=S-1-5-21-3426031793-651430910-2054641259-1001 "LastUsedUsername"=overd [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon] "DefaultDomainName"= "DefaultUserName"= "EnableSIHostIntegration"=1 "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "Shell"=explorer.exe "ShellCritical"=0 "SiHostCritical"=0 "SiHostReadyTimeOut"=0 "SiHostRestartCountLimit"=0 "SiHostRestartTimeGap"=0 "Userinit"=C:\WINDOWS\system32\userinit.exe, ---------- | Associations [HKLM\Software\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\Classes\.com] ""=comfile [HKLM\Software\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.reg] ""=regfile [HKLM\Software\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\Classes\.scr] ""=scrfile [HKLM\Software\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\Classes\.bat] ""=batfile [HKLM\Software\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.cmd] ""=cmdfile [HKLM\Software\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.pif] ""=piffile [HKLM\Software\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.inf] ""=inffile [HKLM\Software\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\Classes\.url] ""=InternetShortcut [HKLM\Software\Classes\.lnk] ""=lnkfile [HKLM\Software\Classes\.hta] ""=htafile "Content Type"=application/hta "PerceivedType"=text [HKLM\Software\Classes\htafile\Shell\Open\Command] ""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* [HKLM\Software\Classes\InternetShortcut] "EditFlags"=2 "FriendlyTypeName"=@C:\WINDOWS\system32\ieframe.dll,-10046 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "NeverShowExt"= "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment ""=Raccourci Internet [HKLM\Software\Classes\Application.Manifest] ""=Application Manifest "BrowserFlags"=4096 "EditFlags"=4259840 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200 [HKLM\Software\Classes\Application.Reference] ""=Application Reference "EditFlags"=131072 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201 "IsShortcut"= "NeverShowExt"= [HKLM\Software\Classes\Folder] ""=Folder "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeLayoutPatternForSearch"=alpha "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.HomeGroupSharingStatus [HKLM\Software\WOW6432Node\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\WOW6432Node\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\WOW6432Node\Classes\.com] ""=comfile [HKLM\Software\WOW6432Node\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.reg] ""=regfile [HKLM\Software\WOW6432Node\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\WOW6432Node\Classes\.scr] ""=scrfile [HKLM\Software\WOW6432Node\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\WOW6432Node\Classes\.bat] ""=batfile [HKLM\Software\WOW6432Node\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.cmd] ""=cmdfile [HKLM\Software\WOW6432Node\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.pif] ""=piffile [HKLM\Software\WOW6432Node\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.inf] ""=inffile [HKLM\Software\WOW6432Node\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\WOW6432Node\Classes\.url] ""=InternetShortcut [HKLM\Software\WOW6432Node\Classes\.lnk] ""=lnkfile [HKLM\Software\WOW6432Node\Classes\.hta] ""=htafile "Content Type"=application/hta "PerceivedType"=text [HKLM\Software\WOW6432Node\Classes\htafile\Shell\Open\Command] ""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* [HKLM\Software\WOW6432Node\Classes\InternetShortcut] "EditFlags"=2 "FriendlyTypeName"=@C:\WINDOWS\system32\ieframe.dll,-10046 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "NeverShowExt"= "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment ""=Raccourci Internet [HKLM\Software\WOW6432Node\Classes\Application.Manifest] ""=Application Manifest "BrowserFlags"=4096 "EditFlags"=4259840 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200 [HKLM\Software\WOW6432Node\Classes\Application.Reference] ""=Application Reference "EditFlags"=131072 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201 "IsShortcut"= "NeverShowExt"= [HKLM\Software\WOW6432Node\Classes\Folder] ""=Folder "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeLayoutPatternForSearch"=alpha "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.HomeGroupSharingStatus [HKLM\Software\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\Shell\open\Command] ""="C:\Program Files\Mozilla Firefox\firefox.exe" [HKLM\Software\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\InstallInfo] "ReinstallCommand"="C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""=C:\Program Files\Internet Explorer\iexplore.exe [12/04/2018 18:19:51] [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\Shell\open\Command] ""="C:\Program Files\Mozilla Firefox\firefox.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\InstallInfo] "ReinstallCommand"="C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""=C:\Program Files\Internet Explorer\iexplore.exe [12/04/2018 18:19:51] [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall ---------- | AppcompatFlags [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted] "C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\upc.exe"=32 [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store] "C:\Users\overd\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"=0x5341435001000000000000000700000028000000A0C07E01EAF67E0101000000000000000000000A00210000DB80FDAC2839D3010000000100000000 "C:\Users\overd\AppData\Local\Microsoft\OneDrive\17.3.7294.0108\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000A0A203006855040001000000000000000000000A71200000DB80FDAC2839D3010000000100000000 "SIGN.MEDIA=11A4180 KMSAuto.Net.Portable.v1.4.2\KMSAuto Net.exe"=0x534143500100000000000000070000002800000080AA89003E388A0001000000000000000000000A75220000DB80FDAC2839D3010000000000000000020000002800000000000000000000400000000000000000000000000000000068630100000000000200000002000000 "C:\Users\overd\Downloads\Mes_Drivers_3.0.4.exe"=0x534143500100000000000000070000002800000078C91800A0D8180001000000000000000000000A71220000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000AD270000000000000100000001000000 "C:\Users\overd\Downloads\driver_booster_setup.exe"=0x534143500100000000000000070000002800000048D52F01A4A6300101000000000000000000000A00210000DB80FDAC2839D3010000000000000000 "C:\Users\overd\Downloads\SpotifySetup.exe"=0x5341435001000000000000000700000028000000F0110B007DB90B0001000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000681B0000000000000100000001000000 "C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.73.345.0_x86__zpdnekdrzrea0\SpotifyMigrator.exe"=0x534143500100000000000000070000002800000090550C008AE20C0001000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000E07EA200000000000100000001000000 "C:\Users\overd\Downloads\SteamSetup.exe"=0x534143500100000000000000070000002800000088131600052B160001000000000000000000000A00210000DB80FDAC2839D301000000000000000002000000280000000000000000000040000000000000000000000000000000001D3E0100000000000100000001000000 "C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.73.345.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe"=0x534143500100000000000000070000002800000090E90B006DFE0B0001000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000A3C8FA07000000000D0000000D000000 "C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.73.345.0_x86__zpdnekdrzrea0\SpotifyStartupTask.exe"=0x534143500100000000000000070000002800000090070200EE84020001000000000000000000000A00210000DB80FDAC2839D301000000000000000002000000280000000000000000000000000000000000000000000000000000000FE52B00000000000800000008000000 "C:\Users\overd\Downloads\TeamSpeak3-Client-win64-3.1.8.exe"=0x53414350010000000000000007000000280000008870A7042AA7A70401000000000000000000010600010000DB80FDAC2839D301000000000000000002000000280000000000000000000040000000000000000000000000000000001AD33900000000000100000001000000 "C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe"=0x5341435001000000000000000700000028000000C0C5EF01FEC9EF0101000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000008000004000000000000000000000000000000000610A0000000000000100000001000000 "C:\Users\overd\Downloads\UplayInstaller(1).exe"=0x5341435001000000000000000700000028000000F8795304C8E7530401000000000000000000000A00210000DB80FDAC2839D301000000000000000002000000280000000000000000000040000000000000000000000000000000000F832000000000000100000001000000 "C:\Users\overd\Downloads\dtoc04ww01.exe"=0x5341435001000000000000000700000028000000D0DC6C04C9D76D0401000000000000000000020600010000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000BF100200000000000100000001000000 "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\FortniteClient-Win64-Shipping_BE.exe"=0x5341435001000000000000000700000028000000C0DB0E00F51A0F0001000000000000000000000A71200000DB80FDAC2839D3010000000000000000020000002800000000000000800000400000000000000000000000000000000094040000000000000100000001000000 "C:\Users\overd\AppData\Local\TeamSpeak 3 Client\ts3client_win64.exe"=0x534143500100000000000000070000002800000098E8E3001C32E40001000000000000000000000A73220000DB80FDAC2839D3010000000000000000020000002800000000000000000000400000000000000000000000000000000009C47700000000000B0000000B000000 "C:\Users\overd\Downloads\ccsetup539.exe"=0x5341435001000000000000000700000028000000C8FCAA008ECEAB0001000000000000000000000A00210000DB80FDAC2839D3010000000000000000 "C:\Users\overd\Downloads\wwg2050e.exe"=0x534143500100000000000000070000002800000070227103F97A710301000000000000000000000A00210000DB80FDAC2839D3010000000000000000 "C:\Program Files\Lenovo\Nerve Center\bin\x64\LenovoNerveCenter.exe"=0x534143500100000000000000070000002800000060632A00B0362B0001000000000000000000000A73220000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000B11F9701000000000100000001000000 "C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.140\Installer\setup.exe"=0x534143500100000000000000070000002800000058ED1800B887190003000000000000000000000A00210000DB80FDAC2839D3010000000000000000 "C:\Users\overd\AppData\Local\Microsoft\OneDrive\17.3.7294.0108\OneDriveSetup.exe"=0x5341435001000000000000000700000028000000A0C07E01EAF67E0103000000000000000000000A00210000DB80FDAC2839D3010000000100000000 "C:\Users\overd\Downloads\Mes_Drivers_3.0.4(1).exe"=0x534143500100000000000000070000002800000078C91800A0D8180001000000000000000000000A71220000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000EA2F0000000000000200000002000000 "C:\Users\overd\Downloads\Intel Driver and Support Assistant Installer.exe"=0x5341435001000000000000000700000028000000E0ABD3007140D40001000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000214D7801000000000200000002000000 "C:\Users\overd\Downloads\390.77-desktop-win10-64bit-international-whql.exe"=0x5341435001000000000000000700000028000000D80EFF1A3232FF1A01000000000000000000020600010000DB80FDAC2839D3010000000000000000020000002800000000000000000000400000000000000000000000000000000032980800000000000100000001000000 "C:\Users\overd\Downloads\Mes_Drivers_3.0.4(2).exe"=0x534143500100000000000000070000002800000078C91800A0D8180001000000000000000000000A71220000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000342E0000000000000100000001000000 "C:\Users\overd\AppData\Local\Temp\Temp1_KULT-ULTIMATE.zip\KULT-ULTIMATE.exe"=0x5341435001000000000000000700000028000000D58459020000000001000000000000000000010600010000DB80FDAC2839D301000000000000000002000000280000000000000000000040000000000000000000000000000000002E490000000000000200000002000000 "C:\Program Files (x86)\KULT-ULTIMATE\qcef.exe"=0x534143500100000000000000070000002800000000740F000000000001000000000000000000000A71220000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000DC9D7200000000000300000003000000 "C:\Users\overd\AppData\Local\TeamSpeak 3 Client\Uninstall.exe"=0x53414350010000000000000007000000280000002C1006002AA7A70403000000000000000000010600010000DB80FDAC2839D301000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000000000080000000000000008000000000003E220000000000000100000001000000010000000400000001000000 "C:\Users\overd\Downloads\TeamSpeak3-Client-win64-3.1.8(1).exe"=0x53414350010000000000000007000000280000008870A7042AA7A70401000000000000000000010600010000DB80FDAC2839D3010000000000000000020000002800000000000000000000400000000000000000000000000000000022890E00000000000100000001000000 "C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.73.345.0_x86__zpdnekdrzrea0\Spotify.exe"=0x534143500100000000000000070000002800000090D54101C44C420101000000000000000000000A00210000DB80FDAC2839D3010000000000000000020000002800000000000000000000000000000000000000000000000000000002050000000000000200000002000000 "C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"=0x5341435001000000000000000700000028000000A880030064DA030001000000000000000000030600010000BFA2139DEDD1D3010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000052A20F17000000004B0100004B010000 "C:\Program Files\internet explorer\iexplore.exe"=0x534143500100000000000000070000002800000038950C005F6B0D0001000000010000000000000A00210000DB80FDAC2839D3010000000000000000 "C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.74.380.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe"=0x534143500100000000000000070000002800000090E90B0022F90B0001000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000B84F8000000000000600000006000000 "C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.74.380.0_x86__zpdnekdrzrea0\SpotifyStartupTask.exe"=0x53414350010000000000000007000000280000009007020064B5020001000000000000000000000A00210000DB80FDAC2839D301000000000000000002000000280000000000000000000000000000000000000000000000000000009F760500000000000200000002000000 "C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.74.380.0_x86__zpdnekdrzrea0\Spotify.exe"=0x5341435001000000000000000700000028000000906545013206460101000000000000000000000A00210000DB80FDAC2839D3010000000000000000020000002800000000000000000000000000000000000000000000000000000005070000000000000300000003000000 "SIGN.MEDIA=36BFD photoshop cs6\AdobePhotoshopCS6Portable\PhotoshopCS6Portable.exe"=0x5341435001000000000000000700000028000000C6B501000000000001000000000000000000010600010000DB80FDAC2839D301000000000000000002000000280000000000000000000040000000000000000000000000000000008D320600000000000200000002000000 "C:\photoshop cs6\AdobePhotoshopCS6Portable\PhotoshopCS6Portable.exe"=0x5341435001000000000000000700000028000000C6B501000000000001000000000000000000010600010000DB80FDAC2839D301000000000000000002000000280000000000000000000040000000000000000000000000000000005F7A0A00000000000100000001000000 "C:\Users\overd\Desktop\photoshop cs6\AdobePhotoshopCS6Portable\PhotoshopCS6Portable.exe"=0x5341435001000000000000000700000028000000C6B501000000000001000000000000000000010600010000BFA2139DEDD1D30100000000000000000200000050000000000001060000006000020000000000000000000000000000C1CF710100000000050000000500000000000000000000400000000000000000000000000000000032B62400000000000100000000000000 "C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.74.380.0_x86__zpdnekdrzrea0\SpotifyMigrator.exe"=0x534143500100000000000000070000002800000090550C003B370D0001000000000000000000000A00210000DB80FDAC2839D3010000000000000000 "C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe"=0x534143500100000000000000070000002800000090F10B00E25E0C0001000000000000000000000A00210000DB80FDAC2839D301000000000000000002000000280000000000000000000000000000000000000000000000000000009767A30A000000001300000013000000 "C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\SpotifyStartupTask.exe"=0x5341435001000000000000000700000028000000900702001BDD020001000000000000000000000A00210000DB80FDAC2839D3010000000000000000020000002800000000000000000000000000000000000000000000000000000022A80100000000000200000002000000 "C:\Users\overd\Downloads\LSBSetup.exe"=0x5341435001000000000000000700000028000000288929002CD1290001000000000000000000030600010000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000A93B3701000000000100000001000000 "C:\Program Files (x86)\KULT-ULTIMATE\uninst.exe"=0x5341435001000000000000000700000028000000921003000000000003000000000000000000010600010000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000F2110000000000000100000001000000 "C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\SpotifyMigrator.exe"=0x5341435001000000000000000700000028000000905D0C00A5580D0001000000000000000000000A00210000DB80FDAC2839D3010000000000000000020000002800000000000000000000000000000000000000000000000000000046235900000000000100000001000000 "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\FortniteClient-Win64-Shipping.exe"=0x5341435001000000000000000700000028000000908FF7040070F80401000000000000000000000A73200000DB80FDAC2839D301000000000000000002000000280000000000000010000020000000000000000000000000000000008B3C1400000000000100000001000000 "C:\Users\overd\Desktop\PhotoshopCS6Portable.exe"=0x5341435001000000000000000700000028000000C6B501000000000001000000000000000000010600010000DB80FDAC2839D30100000000000000000200000028000000000000000000004000020000000000000000000000000000EE0F0000000000000200000002000000 "V:\PhotoshopCS6Portable.exe"=0x5341435001000000000000000700000028000000C6B501000000000001000000000000000000010600010000DB80FDAC2839D301000000000000000002000000280000000000000000000040000200000000000000000000000000005A0B0000000000000200000002000000 "C:\Users\overd\Desktop\photoshop cs6\AdobePhotoshopCS6Portable\App\PhotoshopCS6\Photoshop.exe"=0x5341435001000000000000000700000028000000C87F8002D28C800201000000000000000000010671020000DB80FDAC2839D30100000000000000000200000028000000000000000000001000020000000000000000000000000000000D0000000000000200000002000000 "C:\Users\overd\Desktop\Photoshop.exe"=0x5341435001000000000000000700000028000000C87F8002D28C800201000000000000000000010671020000DB80FDAC2839D30100000000000000000200000028000000000000000000001000000000000000000000000000000000301A0000000000000100000001000000 "C:\Users\overd\Desktop\photoshop cs6\PhotoshopCS6Portable.exe"=0x5341435001000000000000000700000028000000C6B501000000000001000000000000000000010600010000DB80FDAC2839D30100000000000000000200000028000000000000000000004000020000000000000000000000000000580E0000000000000100000001000000 "C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe"=0x534143500100000000000000070000002800000090154E01FDB74E0101000000000000000000000A00210000DB80FDAC2839D3010000000000000000020000002800000000000000000000000000000000000000000000000000000088060000000000000200000002000000 "C:\Program Files (x86)\Steam\bin\steamservice.exe"=0x53414350010000000000000007000000280000002019190078091A0001000000000000000000000A00210000DB80FDAC2839D301000000000000000002000000280000000000000000000040000000000000000000000000000000008AE30000000000000100000001000000 "V:\overd\Documents\SteamLibrary\steamapps\common\H1Z1\H1Z1_BE.exe"=0x5341435001000000000000000700000028000000081C0F0008B00F0001000000000000000000000A71200000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000AA030000000000000100000001000000 "C:\Users\overd\Downloads\PokerStarsInstallFR.exe"=0x5341435001000000000000000700000028000000D8394E060000000001000000000000000000000A71200000DB80FDAC2839D3010000000000000000020000002800000000000000000000000000000000000000000000000000000068982E00000000000100000001000000 "C:\Users\overd\Downloads\InstallSmite.exe"=0x5341435001000000000000000700000028000000B80B7304636A730401000000000000000000010600010000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000EF300100000000000100000001000000 "V:\Program Files (x86)\Hi-Rez Studios\HirezLauncherUI.exe"=0x5341435001000000000000000700000028000000981537008AD3370001000000000000000000000A71220000BFA2139DEDD1D30100000000000000000200000028000000000000008000000000000000000000000000000000000000B0E8F109000000000500000005000000 "C:\Users\overd\AppData\Local\Temp\a7789c5a-6819-434d-857d-ac05ff0ad085\setup.exe"=0x5341435001000000000000000700000028000000B8A10600E027070001000000000000000000000A00210000DB80FDAC2839D3010000000000000000020000002800000000000000800000400000000000000000000000000000000099490400000000000100000001000000 "C:\Users\overd\Downloads\Lifecraft.exe"=0x5341435001000000000000000700000028000000A54E040024CE000001000000000000000000030671000000DB80FDAC2839D30100000000000000000200000028000000000000000000000000020000000000000000000000000000290E0000000000000100000001000000 "C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.77.338.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe"=0x534143500100000000000000070000002800000090F10B0018650C0001000000000000000000000A00210000DB80FDAC2839D301000000000000000002000000280000000000000000000000000000000000000000000000000000007C5CCF07000000000200000002000000 "C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.77.338.0_x86__zpdnekdrzrea0\SpotifyStartupTask.exe"=0x5341435001000000000000000700000028000000900702006BF9020001000000000000000000000A00210000DB80FDAC2839D3010000000000000000 "C:\Users\overd\Downloads\Apache_OpenOffice_4.1.5_Win_x86_install_fr.exe"=0x5341435001000000000000000700000028000000B84FE4070000000001000000000000000000000A00210000DB80FDAC2839D301000000000000000002000000280000000000000000000040000000000000000000000000000000009EEA0000000000000100000001000000 "C:\Program Files (x86)\OpenOffice 4\program\soffice.exe"=0x5341435001000000000000000700000028000000001A96004393960001000000000000000000000A71220000DB80FDAC2839D3010000000000000000020000002800000000000000000000100000000000000000000000000000000045B18900000000000100000001000000 "C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.77.338.0_x86__zpdnekdrzrea0\SpotifyMigrator.exe"=0x5341435001000000000000000700000028000000905D0C00BF2D0D0001000000000000000000000A00210000DB80FDAC2839D3010000000000000000 "C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.exe"=0x534143500100000000000000070000002800000090812E0077B32E0001000000000000000000000A71220000DB80FDAC2839D301000000000000000002000000280000000000000080000000000000000000000000000000000000004EB0E309000000000A0000000A000000 "C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.78.999.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe"=0x534143500100000000000000070000002800000090F10B0055D10C0001000000000000000000000A00210000DB80FDAC2839D3010000000000000000020000002800000000000000000000000000000000000000000000000000000023EE120C000000000600000006000000 "C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.78.999.0_x86__zpdnekdrzrea0\SpotifyStartupTask.exe"=0x53414350010000000000000007000000280000009007020055E4020001000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000B0B30000000000000200000002000000 "V:\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe"=0x5341435001000000000000000700000028000000902BF401B12EF40101000000000000000000000A00210000DB80FDAC2839D301000000000000000002000000280000000000000000000000000000000000000000000000000000007AB60100000000000100000001000000 "C:\Users\overd\Desktop\EpicGamesLauncher.exe"=0x534143500100000000000000070000002800000090CFF40140D0F40101000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000C00F0000000000000100000001000000 "V:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\EpicGamesLauncher.exe"=0x534143500100000000000000070000002800000090C53900B6A03A0001000000000000000000000A73220000DB80FDAC2839D30100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000000000000000000000000000000000000000AF810100000000000200000002000000 "V:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Redist\LauncherPrereqSetup_x64.exe"=0x5341435001000000000000000700000028000000509AB200EA66B30001000000000000000000030600010000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000206800000000200000050000000000002068000004000000000000000000000000000000000C501000000000000010000000100000000000000800000400000000000000000000000000000000087010000000000000100000000000000 "V:\Program Files (x86)\Epic Games\Fortnite\FortniteGame\Binaries\Win64\FortniteClient-Win64-Shipping_BE.exe"=0x534143500100000000000000070000002800000090E10E0076CF0F0001000000000000000000000A71200000DB80FDAC2839D301000000000000000002000000280000000000000080000040000000000000000000000000000000000D030000000000000100000001000000 "C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.80.474.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe"=0x534143500100000000000000070000002800000090F10B00D0000C0001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000052E68500000000000200000002000000 "C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.80.474.0_x86__zpdnekdrzrea0\SpotifyStartupTask.exe"=0x5341435001000000000000000700000028000000900702001934020001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000A1480000000000000100000001000000 "C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe"=0x534143500100000000000000070000002800000098FCE3008D6FE40001000000000000000000000A73220000BFA2139DEDD1D301000000000000000002000000280000000000020600000060000000000000000000000000000000004F615501000000009E0000009E000000 "C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.80.474.0_x86__zpdnekdrzrea0\SpotifyMigrator.exe"=0x5341435001000000000000000700000028000000905D0C003C3C0D0001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000009B080000000000000100000001000000 "C:\ProgramData\NVIDIA Corporation\Downloader\641ce1481194bca086021343e4eaeca8\GeForce_Experience_Update_v3.14.0.139_Official_F5B5E1.exe"=0x5341435001000000000000000700000028000000C8D86D053FAC6E0501000000000000000000020600010000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000083690100000000000100000001000000 "V:\Program Files (x86)\Epic Games\Fortnite\FortniteGame\Binaries\Win64\FortniteClient-Win64-Shipping.exe"=0x534143500100000000000000070000002800000090C14605C068470501000000000000000000000A73200000BFA2139DEDD1D30100000000000000000200000028000000000002060000002200000000000000000000000000000000B92A0000000000000100000001000000 "C:\Users\overd\Downloads\DiscordSetup.exe"=0x534143500100000000000000070000002800000058A99403C786950301000000000000000000030600010000BFA2139DEDD1D3010000000000000000 "C:\Users\overd\AppData\Local\Discord\Update.exe"=0x5341435001000000000000000700000028000000583F17005341170001000000000000000000000A75220000BFA2139DEDD1D30100000000000000000200000050000000000000000000004000000000000000000000000000000000B635000000000000020000000200000000000000000000000000000000000000000000000000000061AE4511000000006B00000000000000 "C:\Users\overd\Downloads\ccsetup543pro.exe"=0x534143500100000000000000070000002800000060A2F1004C8DF20001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000 "C:\Users\overd\Downloads\dofus.exe"=0x5341435001000000000000000700000028000000608662002955630001000000000000000000020600010000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000000000000000000000000000000000000000935F1E00000000000100000001000000 "V:\Users\overd\AppData\Local\Ankama\Dofus\Dofus.exe"=0x5341435001000000000000000700000028000000608662002955630001000000000000000000020600010000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000B6936900000000002000000020000000 "C:\Users\overd\Downloads\flashplayer30ppau_ha_install.exe"=0x5341435001000000000000000700000028000000F0611200CB04130001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000CF8E0400000000000100000001000000 "C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.82.454.0_x86__zpdnekdrzrea0\SpotifyMigrator.exe"=0x534143500100000000000000070000002800000090650C0085BD0C0001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000002D2F7401000000000400000004000000 "C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.83.318.0_x86__zpdnekdrzrea0\SpotifyMigrator.exe"=0x534143500100000000000000070000002800000090650C0048CE0C0001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000056011E00000000000100000001000000 "C:\Users\overd\AppData\Local\Temp\84f5d336-d8d9-414c-9f7c-08474871236c\setup.exe"=0x5341435001000000000000000700000028000000B8750700245F080001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000008000004000000000000000000000000000000000CE911E00000000000100000001000000 "C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.84.344.0_x86__zpdnekdrzrea0\SpotifyMigrator.exe"=0x534143500100000000000000070000002800000090650C00AB0D0D0001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000D4A10601000000000100000001000000 "C:\Program Files\AVAST Software\Avast\setup\instup.exe"=0x5341435001000000000000000700000028000000089917000000000003000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000031A90000000000000100000001000000 "V:\Program Files (x86)\Epic Games\Fortnite\FortniteGame\Binaries\Win64\EasyAntiCheat\EasyAntiCheat_Setup.exe"=0x534143500100000000000000070000002800000080EA0B00ABDF0C0001000000000000000000030600010000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000007B2A0000000000000100000001000000 "C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.257.0_x86__zpdnekdrzrea0\SpotifyMigrator.exe"=0x534143500100000000000000070000002800000090650C0042E50C0001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000 "C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.259.0_x86__zpdnekdrzrea0\SpotifyMigrator.exe"=0x534143500100000000000000070000002800000090650C00FC9C0C0001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000 "C:\Users\overd\Downloads\flstudio_win_20.0.3.532.exe"=0x534143500100000000000000070000002800000018763F2A8DDF3F2A01000000000000000000010600010000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000968B0A00000000000100000001000000 "C:\Users\overd\Downloads\wrar560fr.exe"=0x5341435001000000000000000700000028000000F8A12D0001052E0001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000D8800000000000000100000001000000 "V:\Program Files (x86)\WinRAR\WinRAR.exe"=0x5341435001000000000000000700000028000000C8652100A673210001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000000000000000000000000000000000000042592600000000002700000027000000 "C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.86.337.0_x86__zpdnekdrzrea0\SpotifyMigrator.exe"=0x534143500100000000000000070000002800000090650C00D4B40C0001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000 "C:\Users\overd\Downloads\Creative_Cloud_Set-Up.exe"=0x534143500100000000000000070000002800000058F91E008E711F0001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000 "C:\Users\overd\Downloads\ADOBE CRACK.EXE"=0x5341435001000000000000000700000028000000004026000000000001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000002FACEA01000000000200000002000000 "SIGN.MEDIA=CCC41F setup.exe"=0x53414350010000000000000007000000280000005F2013000000000001000000000000000000010600010000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000F69D0000000000000100000001000000 "V:\KMSpico 11 FINAL\KMSELDI.exe"=0x5341435001000000000000000700000028000000C0AA11005123120001000000000000000000000A75220000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000F07C0000000000000100000001000000 "V:\KMSpico 11 FINAL\unins000.exe"=0x5341435001000000000000000700000028000000815117000000000001000000000000000000010600010000BFA2139DEDD1D301000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000200000000000000000000000000002B130000000000000100000001000000 "C:\Program Files\Adobe\Adobe Photoshop CC 2018\Photoshop.exe"=0x534143500100000000000000070000002800000010EE0C0C1CB40D0C01000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000001000000000000000000000000000000000AD851E0D000000002700000027000000 "V:\Users\overd\Creative Cloud Files\Adobe Premiere Pro CC 2018\Adobe Premiere Pro.exe"=0x5341435001000000000000000700000028000000007E360066FF360001000000000000000000000A73220000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000AB0C7E05000000001600000016000000 "C:\Users\overd\Desktop\Red Giant\ESuite_Win_Full\Effects Suite 11.0.1 64-bit.exe"=0x53414350010000000000000007000000280000004058AB09C475AB0901000000000000000000010600010000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000057950400000000000100000001000000 "C:\Users\overd\Desktop\Red Giant\KSuite_Win_Full_11.0.2\Keying Suite 11.0.2 64-bit.exe"=0x5341435001000000000000000700000028000000F06F2C0113382D0101000000000000000000010600010000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000E08B0100000000000100000001000000 "C:\Users\overd\Desktop\Red Giant\MBSuite_Win_Full\Magic Bullet Suite 11.4.4 64-bit.exe"=0x5341435001000000000000000700000028000000387BEA059078EB0501000000000000000000010600010000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000008670300000000000100000001000000 "C:\Users\overd\Desktop\Red Giant\TCSuite_Win_Full\Trapcode Suite 12.1.1 64-bit.exe"=0x534143500100000000000000070000002800000010BA1E06D6D61E0601000000000000000000010600010000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000008BFE0200000000000100000001000000 "C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.88.353.0_x86__zpdnekdrzrea0\SpotifyMigrator.exe"=0x534143500100000000000000070000002800000090650C0086580D0001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000466C4200000000000200000002000000 "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe"=0x5341435001000000000000000700000028000000D8C5240088FD240001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000E089E102000000000100000001000000 "C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\Adobe Installer.exe"=0x5341435001000000000000000700000028000000D83F0700DA8D070001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000007FCFDF02000000000100000001000000 "C:\Program Files\CCleaner\CCleaner64.exe"=0x5341435001000000000000000700000028000000A8451C01C00D1D0101000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000006E000000000000000B0000000B000000 "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\Creative Cloud Uninstaller.exe"=0x5341435001000000000000000700000028000000D8993500065C360001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000621C0000000000000100000001000000 "C:\Program Files (x86)\Image-Line\FL Studio ASIO\uninstall.exe"=0x5341435001000000000000000700000028000000D87E0E00A4890E0001000000000000000000010600010000BFA2139DEDD1D301000000000000000002000000500000000000000000000000000000000000000000000000000000009F0A0000000000000100000001000000000000000000004000000000000000000000000000000000D3110000000000000100000000000000 "C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.89.313.0_x86__zpdnekdrzrea0\SpotifyMigrator.exe"=0x534143500100000000000000070000002800000090650C00F93A0D0001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000199E2A00000000000200000002000000 "C:\Users\overd\Downloads\flstudio_win_20.0.5.681.exe"=0x53414350010000000000000007000000280000005855092A2FF8092A01000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000009AB60E00000000000100000001000000 "V:\Program Files (x86)\FL Studio 20\FL64.exe"=0x5341435001000000000000000700000028000000B80D0400AF75040001000000000000000000030600010000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000A8301D00000000000200000002000000 "C:\ProgramData\NVIDIA Corporation\Downloader\PostProcessing\GFE\9d5f7af4f183de3c9003b38a29af2535\setup.exe"=0x5341435001000000000000000700000028000000D0520700A687070001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000A08C0000000000000100000001000000 "C:\Users\overd\Downloads\FL Studio 20 Crack Torrent_3687178648.exe"=0x53414350010000000000000007000000280000006BF519000000000001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000D6C60100000000000100000001000000 "C:\Program Files\WebBarMedia\unins000.exe"=0x5341435001000000000000000700000028000000E80C120097B1120003000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000502C0000000000000100000001000000 "C:\Users\overd\AppData\Local\WallpaperHd\uninstall.exe"=0x5341435001000000000000000700000028000000BF0002000000000003000000000000000000000A00210000BFA2139DEDD1D3010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000000000000000000000000000000000000087010000000000000100000001000000 "C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.90.268.0_x86__zpdnekdrzrea0\SpotifyMigrator.exe"=0x5341435001000000000000000700000028000000E85C0C005D180D0001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000 "V:\Program Files (x86)\FL Studio 20\FL.exe"=0x5341435001000000000000000700000028000000B8990300655F040001000000000000000000030600010000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000C4640000000000000100000001000000 "C:\Users\overd\AppData\Local\Temp\d8aba209-2e4c-4d13-8d57-cdd78d316281\setup.exe"=0x5341435001000000000000000700000028000000807507002622080001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000080000040000000000000000000000000000000006A7D0400000000000100000001000000 "C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.92.390.0_x86__zpdnekdrzrea0\SpotifyMigrator.exe"=0x5341435001000000000000000700000028000000E8580C00056D0C0001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000 "C:\Users\overd\Desktop\KULT-ULTIMATE.exe"=0x5341435001000000000000000700000028000000D58459020000000001000000000000000000010600010000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000000D660000000000000100000001000000 "V:\Program Files (x86)\KULT-ULTIMATE\qcef.exe"=0x534143500100000000000000070000002800000000740F000000000001000000000000000000000A71220000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000A1856602000000000300000003000000 "C:\ProgramData\NVIDIA Corporation\Downloader\PostProcessing\GFE\7b79447f02e83b50c6a1719c740616a7\setup.exe"=0x534143500100000000000000070000002800000028520700781C080001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000048A50000000000000100000001000000 "C:\Users\overd\Desktop\PROClient.exe"=0x534143500100000000000000070000002800000000E609000000000001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000C7060000000000000100000001000000 "C:\Users\overd\AppData\Local\Temp\555f2bc8-c59e-4903-9335-ed1ac3525e93\setup.exe"=0x5341435001000000000000000700000028000000F07507009B84070001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000080000040000000000000000000000000000000002BBF0300000000000100000001000000 "C:\Users\overd\Downloads\WarfaceMycomLoader_5180267f7e0c35bc7cc723efd3caa421_.exe"=0x5341435001000000000000000700000028000000800C580060B7580001000000000000000000030600010000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000093068800000000000100000001000000 "V:\MyGames\Warface My.Com\Bin32Release\mracinstall64.exe"=0x534143500100000000000000070000002800000010BDB900B2A6BA0001000000000000000000000A73220000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000AC000000000000000100000001000000 "V:\MyGames\Warface My.Com\Bin32Release\Game.exe"=0x534143500100000000000000070000002800000040C255012694560101000000000000000000000A71220000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000014140000000000000100000001000000 "C:\Users\overd\Downloads\drfone_erase_setup_full3443.exe"=0x534143500100000000000000070000002800000068440F0020FB0F0001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000004B5F0900000000000100000001000000 "C:\Users\overd\Downloads\iTunes64Setup.exe"=0x534143500100000000000000070000002800000048EB1710B55B181001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000060B00100000000000100000001000000 "C:\Users\overd\AppData\Local\Temp\IXP839.TMP\SetupAdmin.exe"=0x5341435001000000000000000700000028000000480F0200015C020001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000020BE0000000000000100000001000000 "C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.94.262.0_x86__zpdnekdrzrea0\SpotifyMigrator.exe"=0x5341435001000000000000000700000028000000E8580C00325A0C0001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000 "C:\Program Files (x86)\Wondershare\drfone\unins000.exe"=0x5341435001000000000000000700000028000000C9A512000000000003000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000421C0000000000000100000001000000 "C:\Program Files (x86)\VulkanRT\1.0.54.1\Instance_2\UninstallVulkanRT.exe"=0x5341435001000000000000000700000028000000DD1A05000000000003000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000057D40000000000000100000001000000 "V:\Téléchargements\YouTubeByClick-Setup.exe"=0x534143500100000000000000070000002800000058D7EA00EA5AEB0001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000E5A50000000000000100000001000000 "V:\Program Files (x86)\YouTube By Click\YouTubeByClick.exe"=0x5341435001000000000000000700000028000000C81B03000A63030001000000000000000000000A71220000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000006D30200000000000100000001000000 "C:\ProgramData\Caphyon\Advanced Installer\{FCA9936A-FD7C-4F36-A4DB-2ED8B9947988}\YouTubeByClick-Setup.exe"=0x534143500100000000000000070000002800000058D7EA00EA5AEB0003000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000C92A0000000000000100000001000000 "C:\Program Files (x86)\VulkanRT\1.0.54.1\UninstallVulkanRT.exe"=0x5341435001000000000000000700000028000000DD1A05000000000001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000008B220000000000000100000001000000 "C:\ProgramData\NVIDIA Corporation\Downloader\PostProcessing\GFE\267f46a917fd6ebe4483992837b8cb29\setup.exe"=0x5341435001000000000000000700000028000000F0530700623E080001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000001D390100000000000100000001000000 "C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.95.289.0_x86__zpdnekdrzrea0\SpotifyMigrator.exe"=0x5341435001000000000000000700000028000000E8E60B001E800C0001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000 "C:\Users\overd\AppData\Local\Temp\8a0243de-21e3-47ef-a957-30450df9906c\setup.exe"=0x5341435001000000000000000700000028000000A0750700E26D080001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000800000400000000000000000000000000000000066271200000000000100000001000000 "C:\Users\overd\AppData\Local\GameCenter\GameCenter.exe"=0x534143500100000000000000070000002800000080549400F660940001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000FD508101000000000200000002000000 "V:\Téléchargements\League of Legends installer EUW.exe"=0x534143500100000000000000070000002800000038B6400533D6400501000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000A2653E00000000000100000001000000 "C:\Users\overd\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\344.75-desktop-win8-win7-winvista-64bit-international-whql (1).exe"=0x5341435001000000000000000700000028000000C0436112EB40621201000000000000000000020600010000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000E9E80000000000000100000001000000 "V:\MyGames\Riot Games\League of Legends\LeagueClient.exe"=0x534143500100000000000000070000002800000080224D002C0A4E0001000000000000000000000A71220000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000010000000000000000000000850D3300000000000200000002000000 "V:\Téléchargements\DiscordSetup.exe"=0x534143500100000000000000070000002800000058A9940312E8940301000000000000000000030600010000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000082781301000000000100000001000000 "V:\Téléchargements\Mes_Drivers_3.0.4.exe"=0x534143500100000000000000070000002800000078C91800A0D8180001000000000000000000000A71220000BFA2139DEDD1D301000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000002B2D0000000000000100000001000000 "V:\Téléchargements\417.71-desktop-win10-64bit-international-whql.exe"=0x53414350010000000000000007000000280000007879102258BC102201000000000000000000020600010000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000D4750500000000000100000001000000 "V:\Téléchargements\dch_win64_25.20.100.6519.exe"=0x5341435001000000000000000700000028000000C0E035140DC9361401000000000000000000010571000000BFA2139DEDD1D301000000000000000001000000040000000100000005000000100000000000000000000000000301050008000002000000500000000003010500080060008202000000000000800000000000000DBC000000000000010000000100000000000000000800400000220000000000000020000000000014CD0000000000000100000000000000 "C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.96.181.0_x86__zpdnekdrzrea0\SpotifyMigrator.exe"=0x5341435001000000000000000700000028000000E8E60B00AFDA0C0001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000 "C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.98.78.0_x86__zpdnekdrzrea0\SpotifyMigrator.exe"=0x5341435001000000000000000700000028000000E8E60B003A3D0C0001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000 "V:\Program Files (x86)\Hi-Rez Studios\HiRezGamesDiagAndSupport.exe"=0x5341435001000000000000000700000028000000003C00000000000003000000000000000000000A75220000BFA2139DEDD1D30100000000000000000100000004000000010000000500000010000000000000000000000000000000000000000200000028000000000000000000000010008000000000000000800000000000A80B0000000000000400000004000000 "C:\Users\overd\AppData\Local\Temp\d314fa1e-af7a-40c6-85ac-d5bd09a5a7ae\setup.exe"=0x534143500100000000000000070000002800000060740700BB9D070001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000008000004000000000000000000000000000000000ABFE0500000000000100000001000000 "C:\Users\overd\AppData\Local\Temp\f67cc875-b56e-41b5-926f-1410cbd3b275\setup.exe"=0x534143500100000000000000070000002800000060740700BB9D070001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000008000004000000000000000000000000000000000F9310400000000000100000001000000 "C:\Users\overd\AppData\Local\Temp\0af31fc1-d99e-4491-9d8a-2d277b4d5675\setup.exe"=0x534143500100000000000000070000002800000060740700BB9D070001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000008000004000000000000000000000000000000000F1980400000000000100000001000000 "V:\Téléchargements\ApexLegendsInstaller.exe"=0x5341435001000000000000000700000028000000E83D03044154030401000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000EC2C6D01000000000100000001000000 "C:\ProgramData\NVIDIA Corporation\Downloader\PostProcessing\GFE\7b69c8594affa73d0f6357d0d998abcf\setup.exe"=0x534143500100000000000000070000002800000088530700DCE5070001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000A6FB0000000000000100000001000000 "C:\Users\overd\AppData\Local\Temp\1c1270d6-2137-45aa-b351-ce02ac5ab6b9\setup.exe"=0x5341435001000000000000000700000028000000887507003AA2070001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000080000040000000000000000000000000000000004C170B00000000000100000001000000 "C:\Users\overd\AppData\Local\Temp\47d52a59-4d15-4199-a265-f3967e43fb7b\setup.exe"=0x534143500100000000000000070000002800000000730700C1EA070001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000800000400000000000000000000000000000000048556F00000000000100000001000000 "C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.100.237.0_x86__zpdnekdrzrea0\SpotifyMigrator.exe"=0x5341435001000000000000000700000028000000E8E60B0030C70C0001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000 "C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.101.348.0_x86__zpdnekdrzrea0\SpotifyMigrator.exe"=0x5341435001000000000000000700000028000000E8E80B00C2EE0B0001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000 "C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\LocalBridge.exe"=0x534143500100000000000000070000002800000048B600006317010001000000000000000000000A73220000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000832E0000000000000400000004000000 "C:\ProgramData\NVIDIA Corporation\Downloader\PostProcessing\GFE\daa4fab973e53fae3db151e3f11c3c7e\setup.exe"=0x5341435001000000000000000700000028000000F05307008086070001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000002F970000000000000100000001000000 "V:\Program Files (x86)\Tom Clancy's Rainbow Six Siege\RainbowSix_BE.exe"=0x534143500100000000000000070000002800000008460E00599E0E0001000000000000000000000A71200000BFA2139DEDD1D301000000000000000002000000280000000000000080000000000000000000000000000000000000005A166200000000000200000002000000 "V:\Program Files (x86)\Origin\legacyPM\OriginLegacyCLI.exe"=0x534143500100000000000000070000002800000038930C00A8070D0001000000000000000000010600010000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000004E000000000000000800000008000000 "C:\Program Files\windows nt\accessories\wordpad.exe"=0x5341435001000000000000000700000028000000008E4400221F450001000000010000000000000A73220000BFA2139DEDD1D3010000000000000000 "C:\ProgramData\NVIDIA Corporation\Downloader\PostProcessing\GFE\78eddab7c3bcf182331359fdd0d1e497\setup.exe"=0x534143500100000000000000070000002800000070510700C299070001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000FA5D0100000000000100000001000000 "C:\Program Files\LibreOffice\program\soffice.exe"=0x534143500100000000000000070000002800000068240100001F020001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000009C3D0901000000000100000001000000 "C:\Program Files\LibreOffice\program\swriter.exe"=0x53414350010000000000000007000000280000006844010057F3010001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000410A0000000000000300000003000000 "C:\Users\overd\AppData\Local\Temp\787a8994-8a6b-4cb6-a894-0baf47cec1f9\setup.exe"=0x5341435001000000000000000700000028000000C8740700A76C080001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000800000400000000000000000000000000000000047E10A00000000000100000001000000 "C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.104.197.0_x86__zpdnekdrzrea0\SpotifyMigrator.exe"=0x5341435001000000000000000700000028000000E8EA0B006C520C0001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000 "C:\Users\overd\AppData\Local\Temp\fd085586-229f-45e7-b23e-cf41bab61528\setup.exe"=0x5341435001000000000000000700000028000000C0730700449B070001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000008000004000000000000000000000000000000000A2160400000000000100000001000000 "V:\Program Files\KMSpico\UninsHs.exe"=0x5341435001000000000000000700000028000000007600000000000001000000000000000000000671200000BFA2139DEDD1D3010000000000000000050000001000000000000000000000000000000000080000020000002800000000000000000800400000020000000000000000000000000073620000000000000100000001000000 "C:\Program Files (x86)\Common Files\Finphase\uninstall.exe"=0x534143500100000000000000070000002800000000E218000000000003000000000000000000000A71200000BFA2139DEDD1D301000000000000000002000000280000000000000000080000000000000000000000000000000000004C6B0000000000000100000001000000 "C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanionInstaller.exe"=0x534143500100000000000000070000002800000058030500C022050003000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000F6C40000000000000100000001000000 "C:\Users\overd\AppData\Local\PetGame.exe"=0x5341435001000000000000000700000028000000002007005BB7070003000000000000000000000A71200000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000000000000000000000000000000000000000B9030000000000000100000001000000 "C:\Users\overd\AppData\Local\Temp\wrokyi2a.n0e\DiskProtect16688\unins000.exe"=0x534143500100000000000000070000002800000051F127000000000003000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000930C0000000000000100000001000000 "C:\Users\overd\AppData\Local\Temp\lb1cf0a1.0i5\ModularInstaller.exe"=0x5341435001000000000000000700000028000000387D2D00B37F2D0003000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000052290000000000000100000001000000 "V:\Program Files (x86)\FL Studio 20\uninstall.exe"=0x5341435001000000000000000700000028000000C85563000FD2630001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000001F490000000000000100000001000000 "C:\Program Files\Homeville\unins000.exe"=0x5341435001000000000000000700000028000000A5100B000000000001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000CD120000000000000100000001000000 "C:\Program Files (x86)\Wondershare\WAF\unins000.exe"=0x5341435001000000000000000700000028000000DF9412000000000001000000000000000000030600010000BFA2139DEDD1D3010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000000000000000000000000000000000000013430000000000000100000001000000 "C:\Program Files (x86)\windows nt\accessories\wordpad.exe"=0x5341435001000000000000000700000028000000007C41007A44420001000000010000000000000A61220000BFA2139DEDD1D3010000000000000000 "C:\Program Files\Mozilla Firefox\uninstall\helper.exe"=0x534143500100000000000000070000002800000010060E006B3E0E0003000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000F4280000000000000100000001000000 "C:\Users\overd\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\ChromeSetup (1).exe"=0x534143500100000000000000070000002800000038921100D8CF110001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000B15C0100000000000100000001000000 "C:\Program Files\Malwarebytes\Anti-Malware\malwarebytes_assistant.exe"=0x534143500100000000000000070000002800000010390F0002F20F0001000000000000000000000A71220000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000071020000000000000100000001000000 "V:\MyGames\Riot Games\League of Legends\Uninstall League of Legends.exe"=0x5341435001000000000000000700000028000000C251640033D6400503000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000842B0000000000000100000001000000 "C:\Program Files\CCleaner\uninst.exe"=0x534143500100000000000000070000002800000000C10B00FE020C0003000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000088130000000000000100000001000000 "C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe"=0x5341435001000000000000000700000028000000D04086000918870001000000000000000000000A71220000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000004580000000000000100000001000000 "C:\Program Files\Malwarebytes\Anti-Malware\MbamPt.exe"=0x534143500100000000000000070000002800000028500000B53B010001000000000000000000000A73220000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000000000000000000000100000001000000 "C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe"=0x5341435001000000000000000700000028000000D00214008D43140003000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000001B610000000000000100000001000000 "C:\Users\overd\Desktop\Activation\AAct_x64.exe"=0x534143500100000000000000070000002800000058290B007B7F0B0001000000000000000000000A73220000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000091A60000000000000200000002000000 "C:\Program Files (x86)\TACHYON\T5\ixAvsUninst.exe"=0x534143500100000000000000070000002800000070FB2A00D02B2B0003000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000001A5D7302000000000100000001000000 "C:\ProgramData\Origin\SelfUpdate\Staged\OriginThinSetupInternal.exe"=0x534143500100000000000000070000002800000028014D01BE614D0101000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000AE2C0000000000000100000001000000 "V:\Program Files (x86)\Origin\OriginClientService.exe"=0x534143500100000000000000070000002800000030972300F97A240001000000000000000000010600010000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000009C000000000000000100000001000000 "V:\Program Files (x86)\Origin\OriginWebHelperService.exe"=0x534143500100000000000000070000002800000030ED300012BF310001000000000000000000010600010000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000009C000000000000000100000001000000 "V:\Program Files (x86)\Origin\Origin.exe"=0x534143500100000000000000070000002800000010852F00C3A42F0001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000008D917E00000000000300000003000000 "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"=0x5341435001000000000000000700000028000000F09D19005A5B1A0001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000096400600000000000200000002000000 "V:\Program Files (x86)\Origin Games\Apex\r5apex.exe"=0x5341435001000000000000000700000028000000E0D59C0206619D0201000000000000000000000A73200000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000C7014201000000000100000001000000 "C:\Users\overd\Downloads\flashplayer32ppau_ha_install.exe"=0x5341435001000000000000000700000028000000286C12001E8B120001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000DF500000000000000100000001000000 "C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\upc.exe"=0x53414350010000000000000007000000280000005891D1008C8DD20001000000000000000000000A71220000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000000501D401000000000E0000000E000000 "C:\ProgramData\NVIDIA Corporation\Downloader\PostProcessing\GFE\920c23fb7471819f37d81760e38997e7\setup.exe"=0x5341435001000000000000000700000028000000385307009857070001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000F0890000000000000100000001000000 "C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe"=0x534143500100000000000000070000002800000070E30900D7E20A0001000000000000000000000A71200000BFA2139DEDD1D30100000000000000000200000028000000000000008000000000000000000000000000000000000000DF020000000000000100000001000000 "C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe"=0x534143500100000000000000070000002800000070CD390004493A0001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000DD5CD501000000000100000001000000 "C:\Program Files\Mozilla Firefox\updater.exe"=0x5341435001000000000000000700000028000000200806006634060001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000005F120000000000000100000001000000 "C:\Program Files (x86)\InstallShield Installation Information\{456BB962-D316-40BC-8949-4CEC32F2AA7A}\setup.exe"=0x534143500100000000000000070000002800000060120F000000000003000000000000000000010600010000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000003A4F0000000000000100000001000000 "C:\Program Files (x86)\InstallShield Installation Information\{76D21FF6-B4B6-4BE1-A43D-AB01EA6A2B69}\setup.exe"=0x534143500100000000000000070000002800000060120F000000000003000000000000000000010600010000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000009C560000000000000100000001000000 "C:\Program Files (x86)\InstallShield Installation Information\{9528F9CB-29E3-4E33-8BAA-181B336E24F8}\setup.exe"=0x534143500100000000000000070000002800000060120F000000000003000000000000000000010600010000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000D7540000000000000100000001000000 "C:\Program Files (x86)\InstallShield Installation Information\{E7676EF4-3896-4B7E-B030-1356EEC477CE}\setup.exe"=0x534143500100000000000000070000002800000060120F000000000003000000000000000000010600010000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000047520000000000000100000001000000 "C:\Program Files (x86)\Google\Chrome\Application\76.0.3809.100\Installer\setup.exe"=0x5341435001000000000000000700000028000000F02722002CBA220003000000000000000000000A00210000BFA2139DEDD1D3010000000000000000 "C:\Program Files\Mozilla Firefox\firefox.exe"=0x534143500100000000000000070000002800000020E608005DBE090001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "V:\Téléchargements\ZHPCleaner.exe"=0x534143500100000000000000070000002800000080A32F004108300001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000FD150900000000000100000001000000 "C:\Users\overd\AppData\Roaming\ZHP\ZHPCleaner.exe"=0x534143500100000000000000070000002800000080A32F004108300001000000000000000000000A00210000BFA2139DEDD1D301000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000005CDD0E00000000000200000002000000 "V:\Téléchargements\adwcleaner_7.4.exe"=0x5341435001000000000000000700000028000000C854740054F0740001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000 "C:\Users\overd\Desktop\zhpfix_2017.11-21.2.exe"=0x534143500100000000000000070000002800000000C42E000000000001000000000000000000000A71220000BFA2139DEDD1D3010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000018CA0300000000000100000001000000 "C:\Users\overd\Desktop\delfix_1.013.exe"=0x5341435001000000000000000700000028000000402C0C00C2D00C0001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000042A10000000000000200000002000000 "C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exe"=0x5341435001000000000000000700000028000000582F07007CCA070001000000000000000000000A71220000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000009CC60000000000000300000003000000 "V:\Program Files (x86)\PokerStars.FR\PokerStarsUpdate.exe"=0x5341435001000000000000000700000028000000A8601F000926200001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000033710100000000000100000001000000 "C:\Program Files (x86)\Steam\Steam.exe"=0x534143500100000000000000070000002800000020FD3000564C310001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000001F000000000000000100000001000000 "V:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe"=0x5341435001000000000000000700000028000000900724027F2E240201000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000BE875002000000000300000003000000 "V:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.exe"=0x534143500100000000000000070000002800000090A330005C40310001000000000000000000000A71220000BFA2139DEDD1D3010000000000000000020000002800000000000000820000200000000000000000000000000000000020050000000000000100000001000000 "C:\Users\overd\Desktop\Windows10Upgrade9252.exe"=0x5341435001000000000000000700000028000000906F5F008A885F0001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000 "C:\Users\overd\Desktop\ZHPDiag3.exe"=0x5341435001000000000000000700000028000000805F2E00A72B2F0001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000009570000000000000200000002000000 "C:\Users\overd\AppData\Roaming\ZHP\ZHPDiag3.exe"=0x5341435001000000000000000700000028000000805F2E00A72B2F0001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000DAE62D00000000000100000001000000 "C:\Users\overd\Desktop\QuickDiag.exe"=0x534143500100000000000000070000002800000098034F00A0AC4F0001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000FC721400000000000A0000000A000000 ---------- | IFEO ---------- | Mountpoints2 [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{b460c3d8-2558-11e9-af4e-60f677a1ca15}] : "F:\HiSuiteDownLoader.exe" (AutoRun) [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{d34a8043-c663-11e8-af33-60f677a1ca15}] : "F:\HiSuiteDownLoader.exe" (AutoRun) ---------- | Windows [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] ""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "Beep"=#USR:Control Panel\Sound "CoolSwitch"=USR:Control Panel\Desktop "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickSpeed"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse "Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SwapMouseButtons"=#USR:Control Panel\Mouse "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "Beep"=#USR:Control Panel\Sound "CoolSwitch"=USR:Control Panel\Desktop "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickSpeed"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SwapMouseButtons"=#USR:Control Panel\Mouse "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems] "windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ---------- | Security center [HKLM\SOFTWARE\Microsoft\Security Center] "cval"=1 [HKLM\SOFTWARE\Microsoft\Security Center\svc] "VistaSp1"=131711970960754196 [HKLM\SOFTWARE\Microsoft\Windows Defender] "ProductAppDataPath"=C:\ProgramData\Microsoft\Windows Defender "ProductIcon"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-100 "ProductLocalizedName"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-1000 "RemediationExe"=%ProgramFiles%\Windows Defender\MSASCui.exe "ProductType"=2 "InstallTime"=0xE594D2A8929CD301 "InstallLocation"=C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\ "ProductStatus"=0 "OOBEInstallTime"=0x84705E0857EFD301 "ManagedDefenderProductType"=0 "BackupLocation"=C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1906.3-0 "LastEnabledTime"=0x91351451E431D501 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall"=1 ---------- | Safeboot [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioSrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicDisplay.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicRender.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BrokerInfrastructure] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DeviceInstall] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dxgkrnl.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FsDepends.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudBus.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ixAptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ixAvSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ixCommonSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ixFwSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ixRealTimeSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LSM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SerCx2.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SystemEventsBroker] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TKFsAvM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TKFsFtM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TKPcFt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TKRgAc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TKRgFt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\usbaudio.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AudioEndpointBuilder] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AudioSrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicDisplay.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicRender.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BrokerInfrastructure] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DeviceInstall] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dxgkrnl.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\FsDepends.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HdAudAddService.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HdAudBus.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ixAptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ixAvSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ixCommonSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ixFwSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ixRealTimeSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LSM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetSetupSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SerCx2.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmartcardSimulator] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SpbCx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SystemEventsBroker] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TKFsAvM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TKFsFtM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TKPcFt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TKRgAc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TKRgFt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\uefi.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\usbaudio.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VirtualSmartcardReader] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wcmsvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96C-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}] ---------- | Winsock (Whitelist) ---------- | Hosts [41] More lines ---------- | Ping Envoi d'une requ?te 'ping' sur google.com [2a00:1450:4007:812::200e] avec 32 octets de donn?es?: R?ponse de 2a00:1450:4007:812::200e?: temps=11 ms D?lai d'attente de la demande d?pass?. R?ponse de 2a00:1450:4007:812::200e?: temps=11 ms R?ponse de 2a00:1450:4007:812::200e?: temps=16 ms Statistiques Ping pour 2a00:1450:4007:812::200e: Paquets?: envoy?s = 4, re?us = 3, perdus = 1 (perte 25%), Dur?e approximative des boucles en millisecondes : Minimum = 11ms, Maximum = 16ms, Moyenne = 12ms ---------- | @ [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Microsoft\Internet Explorer\Main] "Anchor Underline"=yes "Cache_Update_Frequency"=yes "Disable Script Debugger"=yes "DisableScriptDebuggerIE"=yes "Display Inline Images"=yes "Do404Search"=0x01000000 "Local Page"=%11%\blank.htm "Save_Session_History_On_Exit"=no "Search Page"=www.google.com "Show_FullURL"=no "Show_StatusBar"=yes "Show_ToolBar"=yes "Show_URLinStatusBar"=yes "Show_URLToolBar"=yes "Use_DlgBox_Colors"=yes "UseClearType"=no "XMLHTTP"=1 "Enable Browser Extensions"=yes "Play_Background_Sounds"=yes "Play_Animations"=yes "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "ImageStoreRandomFolder"=03sptm3 "OperationalData"=13 "CompatibilityFlags"=0 "SearchBandMigrationVersion"=1 "FullScreen"=no "Window_Placement"=0x2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF4A0000004A000000FA040000ED020000 "Start Page_TIMESTAMP"=0x230F21BD3F5ED501 "SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy"=0x01000000330000003342F0484210F0CD7FB59D799B0DB58A847068596194FF49FAEF95E49EB75C49B55091A51D282FD343CAF50C019D72F13EB5BE020000000E000000306F3562544A386B4B7351253364 "IE10RunOnceLastShown"=1 "IE10RunOnceLastShown_TIMESTAMP"=0xDE0EF9D56F5ED501 "IE10TourShown"=1 "IE10TourShownTime"=0x7A6E57BB485DD501 "Search Bar"=www.google.com "Use Search Asst"=yes "SearchAssistant"=www.google.com "IE11EdgeNotifyTime"=0x2CA02938305CD501 "EdgeReminderRemainingCount"=5 "IE11DefaultsFRECompletionTime"=0xA477DFB13F5ED501 "IE11DefaultsFREConfigUpdateTimestamp"=0xA477DFB13F5ED501 [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"=www.google.com [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Microsoft\Windows\CurrentVersion\Internet settings] "DisableCachingOfSSLPages"=0 "IE5_UA_Backup_Flag"=5.0 "PrivacyAdvanced"=1 "SecureProtocols"=2688 "CertificateRevocation"=1 "EnableNegotiate"=1 "MigrateProxy"=1 "ProxyEnable"=0 "User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32) "ZonesSecurityUpgrade"=0x0F460E61E4EED301 "WarnonZoneCrossing"=0 "LockDatabase"=132066617889650945 [HKLM\Software\Microsoft\Internet Explorer\Main] "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "AutoHide"=yes "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Anchor_Visitation_Horizon"=0x01000000 "Cache_Percent_of_Disk"=0x0A000000 "Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Secondary_Page_URL"= "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "Extensions Off Page"=about:NoAdd-ons "Local Page"=C:\Windows\System32\blank.htm "Placeholder_Height"=0x1A000000 "Placeholder_Width"=0x1A000000 "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Security Risk Page"=about:SecurityRisk "Use_Async_DNS"=yes "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [HKLM\Software\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "Home"=270 "InPrivate"=res://ieframe.dll/inprivate.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "PostNotCached"=res://ieframe.dll/repost.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes] "ftp"=ftp:// "home"=http:// "mosaic"=http:// "www"=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings] "ActiveXCache"=C:\Windows\Downloaded Program Files "CodeBaseSearchPath"=CODEBASE "EnablePunycode"=1 "MinorVersion"=0 "WarnOnIntranet"=1 [HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings] "CallLegacyWCMPolicies"=0 [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Main] "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "AutoHide"=yes "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Anchor_Visitation_Horizon"=0x01000000 "Cache_Percent_of_Disk"=0x0A000000 "Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Secondary_Page_URL"= "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "Extensions Off Page"=about:NoAdd-ons "Local Page"=C:\Windows\SysWOW64\blank.htm "Placeholder_Height"=0x1A000000 "Placeholder_Width"=0x1A000000 "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Security Risk Page"=about:SecurityRisk "Use_Async_DNS"=yes "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\SearchURL] "Default"=www.google.com [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "Home"=270 "InPrivate"=res://ieframe.dll/inprivate.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "PostNotCached"=res://ieframe.dll/repost.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes] "ftp"=ftp:// "home"=http:// "mosaic"=http:// "www"=http:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet settings] "ActiveXCache"=C:\Windows\Downloaded Program Files "CodeBaseSearchPath"=CODEBASE "EnablePunycode"=1 "MinorVersion"=0 "WarnOnIntranet"=1 [HKLM\Software\WOW6432Node\Policies\Microsoft\Windows\CurrentVersion\Internet Settings] "CallLegacyWCMPolicies"=0 ---------- | Proxy ---------- | reparsepoint ---------- | Detection of offsets ---------- | Notify ---------- | Execution FileExts ---------- | SIOI | SEH | URLSH [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ AccExtIco1] - {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} -- C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [27/02/2018 20:08:36] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ AccExtIco2] - {853B7E05-C47D-4985-909A-D0DC5C6D7303} -- C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [27/02/2018 20:08:36] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ AccExtIco3] - {42D38F2E-98E9-4382-B546-E24E4D6D04BB} -- C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [27/02/2018 20:08:36] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6] - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7] - {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw] - {472083B0-C522-11CF-8763-00608CC02F24} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} -- C:\Windows\System32\EhStorShell.dll [12/04/2018 01:34:24] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Offline Files] - {4E77131D-3629-431c-9818-C5679DC83E81} -- %SystemRoot%\System32\cscui.dll [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6] - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7] - {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} -- [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks] "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"= ---------- | Toolbar [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "Locked"=1 [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} "KnownProvidersUpgradeTime"=0x7A6E57BB485DD501 "Version"=5 "UpgradeTime"=0x7A6E57BB485DD501 [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} ---------- | Extensions ---------- | SearchScopes [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (Bing) - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 : ---------- | Browser Helper Objects ---------- | Chrome C:\Users\overd\AppData\Local\Google\Chrome\User Data\Default\extensions\aapocclcgogkmnckokdopfmhonfmgoek = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\overd\AppData\Local\Google\Chrome\User Data\Default\extensions\aohghmighlieiainnegkcijnfilokake = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\overd\AppData\Local\Google\Chrome\User Data\Default\extensions\apdfllckaahabafndbhieahigkjlhalf = : Google & co - https://drive.google.com/?usp=chrome_app - Google & co - [http://docs.google.com/http://drive.google.com/https://docs.google.com/https://drive.google.com/] - https://clients2.google.com/service/update2/crx C:\Users\overd\AppData\Local\Google\Chrome\User Data\Default\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo = : Google & co - http://www.youtube.com - http://www.youtube.com - Google & co - http://clients2.google.com/service/update2/crx C:\Users\overd\AppData\Local\Google\Chrome\User Data\Default\extensions\felcaaldnbdncclmgdcncolpebgiejap = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\overd\AppData\Local\Google\Chrome\User Data\Default\extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi = : __MSG_extDesc__ - __MSG_extName__ - https://clients2.google.com/service/update2/crx C:\Users\overd\AppData\Local\Google\Chrome\User Data\Default\extensions\nmmhkkegccagdldgiimedpiccmgmieda = : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx C:\Users\overd\AppData\Local\Google\Chrome\User Data\Default\extensions\pjkljhegncpnkpknbcohdijeoejaedia = : Google & co - https://mail.google.com/mail - Google & co - [*://mail.google.com/mail] - https://clients2.google.com/service/update2/crx C:\Users\overd\AppData\Local\Google\Chrome\User Data\Default\extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm = : Provider for discovery and services for mirroring of Chrome Media Router - Chrome Media Router - 919648714761-55j965o0km033psv3i9qls5mo3qtdrb0.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx ---------- | Opera ---------- | Firefox [HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.191.2] - (Java™ Deployment Toolkit) : V:\Program Files\Java\bin\dtplugin\npDeployJava1.dll [HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.191.2] - (Oracle® Next Generation Java™ Plug-In) : V:\Program Files\Java\bin\plugin2\npjp2.dll [HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect] - () : C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [HKLM\Software\WOW6432Node\MozillaPlugins\adobe.com/AdobeAAMDetect] - () : C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll C:\Users\overd\AppData\Roaming\Mozilla\Firefox\Profiles\429t94c6.default\Prefs.js user_pref("app.normandy.startupRolloutPrefs.extensions.fxmonitor.enabled", true); user_pref("browser.search.defaultenginename", "Bing Search Engine"); user_pref("browser.search.selectedEngine", "Bing Search Engine"); user_pref("browser.startup.homepage", "https://www.google.com/"); user_pref("browser.startup.homepage_override.buildID", "20190813150448"); user_pref("browser.startup.homepage_override.mstone", "68.0.2"); user_pref("extensions.activeThemeID", "default-theme@mozilla.org"); user_pref("extensions.autoDisableScopes", 0); user_pref("extensions.blocklist.lastModified", "Wed, 28 Aug 2019 19:55:12 GMT"); user_pref("extensions.blocklist.pingCountTotal", 244); user_pref("extensions.blocklist.pingCountVersion", 5); user_pref("extensions.databaseSchema", 31); user_pref("extensions.fxmonitor.firstAlertShown", true); user_pref("extensions.getAddons.cache.lastUpdate", 1567103150); user_pref("extensions.getAddons.databaseSchema", 5); user_pref("extensions.incognito.migrated", true); user_pref("extensions.lastAppBuildId", "20190813150448"); user_pref("extensions.lastAppVersion", "68.0.2"); user_pref("extensions.lastPlatformVersion", "68.0.2"); user_pref("extensions.pendingOperations", false); user_pref("extensions.signer.hotfixed", true); user_pref("extensions.systemAddonSet", "{\"schema\":1,\"directory\":\"{2c66840f-a108-4744-847d-c3ed2b9f2bcb}\",\"addons\":{\"webcompat@mozilla.org\":{\"version\":\"5.0.2\"}}}"); user_pref("extensions.ui.dictionary.hidden", true); user_pref("extensions.ui.experiment.hidden", true); user_pref("extensions.ui.lastCategory", "addons://list/extension"); user_pref("extensions.ui.locale.hidden", true); user_pref("extensions.webcompat.perform_injections", true); user_pref("extensions.webcompat.perform_ua_overrides", true); user_pref("extensions.webextensions.ExtensionStorageIDB.migrated.screenshots@mozilla.org", true); user_pref("extensions.webextensions.uuids", "{\"screenshots@mozilla.org\":\"d65560d2-7c5e-405d-9bd2-779de8e16aa7\",\"webcompat@mozilla.org\":\"6829ff6d-6dff-4a76-834e-bb1054375cf6\",\"formautofill@mozilla.org\":\"33ba5962-0e6d-4d77-ac43-46a9db789620\",\"webcompat-reporter@mozilla.org\":\"5ede2f57-a694-4728-88c2-55be5d9b22d7\",\"{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}\":\"982fc55c-7228-4396-9d35-ea1ec0f8295e\",\"baidu-code-update@mozillaonline.com\":\"2fbb0ce9-5d6b-4f88-96b7-46c0f1df46fc\",\"fxmonitor@mozilla.org\":\"2455a959-721c-4e8c-af89-79c955352f6c\",\"{14553439-2741-4e9d-b474-784f336f58c9}\":\"0b39fadf-2734-4824-8372-ed2bf8b5a1e0\",\"{1189C9DF-3038-4787-9592-8C6E41CC7F94}\":\"cf290fe7-673e-49a3-a22b-3afec9d8055c\",\"default-theme@mozilla.org\":\"651375f3-cdf7-4f31-b0c1-59e0a5aabfbf\",\"google@search.mozilla.org\":\"6c882191-c06b-4071-a6f0-353e6219a5e0\",\"bing@search.mozilla.org\":\"a229956d-a15d-47ac-b728-fe1ba6922774\",\"amazon@search.mozilla.org\":\"6a5925b0-e457-41f0-80aa-eb5bdf59cf91\",\"ddg@search.mozilla.org\":\"249e3f8c-0a42-4393-8cdf-bbc5ff727e7c\",\"ebay@search.mozilla.org\":\"396af2e9-07df-46c5-8b12-7974664d9871\",\"qwant@search.mozilla.org\":\"d82f8ac3-6249-45db-9c18-e2dcf1a941c5\",\"wikipedia@search.mozilla.org\":\"b5303a23-b7f2-425c-93c9-29e1afc342ee\"}"); user_pref("services.sync.extension-storage.lastSync", "0"); user_pref("services.sync.extension-storage.lastSyncLocal", "0"); [Profile0] - Name=default -> Profiles/429t94c6.default ---------- | DNS [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters] "DhcpNameServer"=192.168.1.1 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{052c947f-46b6-49e5-bdfd-cdd34e33c89d}] "DhcpNameServer"=192.168.1.1 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{0cb1d63c-8abf-4882-b80c-95422bc3f10a}] "DhcpNameServer"=192.168.1.1 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{b0e7b1c5-1d14-4fcd-aae2-6f064e3a1a3a}] "NameServer"=8.8.8.8 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{dfe7f4a0-0885-11e8-af0f-806e6f6e6963}] "NameServer"=8.8.8.8 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{052c947f-46b6-49e5-bdfd-cdd34e33c89d}] "DhcpNameServer"=192.168.1.1 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{0cb1d63c-8abf-4882-b80c-95422bc3f10a}] "DhcpNameServer"=192.168.1.1 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{b0e7b1c5-1d14-4fcd-aae2-6f064e3a1a3a}] "NameServer"=8.8.8.8 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{dfe7f4a0-0885-11e8-af0f-806e6f6e6963}] "NameServer"=8.8.8.8 ---------- | Applications [HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 [HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\Classes\Applications\Photoshop.exe] : "C:\Program Files\Adobe\Adobe Photoshop CC 2018\Photoshop.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\provtool.exe] : "%SystemRoot%\System32\provtool.exe" "%1" /source ShellOpen [HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\Photoshop.exe] : "C:\Program Files\Adobe\Adobe Photoshop CC 2018\Photoshop.exe" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\provtool.exe] : "%SystemRoot%\System32\provtool.exe" "%1" /source ShellOpen [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" ---------- | SvcHost (Whitelist) [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost] "DcomLaunch"=Power LSM BrokerInfrastructure PlugPlay DcomLaunch DeviceInstall SystemEventsBroker "rdxgroup"=RetailDemo "wusvcs"=WaaSMedicSvc "BthAppGroup"=BluetoothUserService "BcastDVRUserService"=BcastDVRUserService "Camera"=FrameS "diagnostics"=DiagSvc "PrintWorkflow"=PrintWorkflowUserSvc "GraphicsPerfSvcGroup"=GraphicsPerfSvc "DevicesFlow"=DevicesFlowUserSvc DevicePickerUserSvc "smbsvcs"=lanmanserver browser "PeerDist"=PeerDistSvc "AssignedAccessManagerSvc"=AssignedAccessManagerSvc [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost] "DcomLaunch"=PlugPlay DcomLaunch DeviceInstall "PrintWorkflow"=PrintWorkflowUserSvc "smbsvcs"=lanmanserver ---------- | SvcHost - Netsvcs (Whitelist) ---------- | Software [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\8floor] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Adobe] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Ankama] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\AppDataLow] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Apple Computer, Inc.] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Apple Inc.] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\BugSplat] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Canon] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Chromium] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Clients] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\CraveSoftware] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Cryptbot Software] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Dalton] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Discord] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\DMGR2.0.0] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Electronic Arts] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Epic Games] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\g3n-h@ckm@n] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\GameCenter] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Gigot] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Google] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Hewlett-Packard] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Image-Line] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Imagination Technologies] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Intel] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Lavasoft] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Lenovo] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Logitech] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Macromedia] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Malwarebytes] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Microsoft] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Mozilla] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\NVIDIA Corporation] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Picture] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Policies] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\PROTeam] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\QtProject] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Realtek] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Red Giant Software] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\RegisteredApplications] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Rtp] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\SoftVoice] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Synaptics] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\SyncEngines] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\sysinternals] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\TACHYON] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\TeamSpeak 3 Client] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\The Document Foundation] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Trolltech] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Ubisoft] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Valve] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\VB and VBA Program Settings] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\WinRAR] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\WinRAR SFX] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Wondershare] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Wow6432Node] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\ZebHelpProcess Helper] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\ZHP] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\{C6D7ED1A-6343-4C1B-8AEC-2C36D31D7863}] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\SOFTWARE\AppDataLow\Software\Microsoft] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Microsoft\Windows\CurrentVersion] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Microsoft\Windows\DWM] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Microsoft\Windows\Shell] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Microsoft\Windows\TabletPC] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Microsoft\Windows\Windows Error Reporting] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Microsoft\Windows\Winlogon] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\Adobe] [HKLM\Software\AGEIA Technologies] [HKLM\Software\Apple Computer, Inc.] [HKLM\Software\Apple Inc.] [HKLM\Software\ASIO] [HKLM\Software\Canon] [HKLM\Software\Clients] [HKLM\Software\Dolby] [HKLM\Software\Fortemedia] [HKLM\Software\g3n-h@ckm@n] [HKLM\Software\Google] [HKLM\Software\Image-Line] [HKLM\Software\InstalledOptions] [HKLM\Software\Intel] [HKLM\Software\IntelVolatile] [HKLM\Software\JavaSoft] [HKLM\Software\JreMetrics] [HKLM\Software\Khronos] [HKLM\Software\Lenovo] [HKLM\Software\LibreOffice] [HKLM\Software\Macromedia] [HKLM\Software\Microsoft] [HKLM\Software\Minnetonka Audio Software] [HKLM\Software\Mozilla] [HKLM\Software\mozilla.org] [HKLM\Software\MozillaPlugins] [HKLM\Software\MRAC] [HKLM\Software\Nuance] [HKLM\Software\NVIDIA Corporation] [HKLM\Software\ODBC] [HKLM\Software\OEM] [HKLM\Software\Oracle] [HKLM\Software\Partner] [HKLM\Software\Policies] [HKLM\Software\Propellerhead Software] [HKLM\Software\Realtek] [HKLM\Software\RegisteredApplications] [HKLM\Software\Respawn] [HKLM\Software\SoftVoice] [HKLM\Software\SRS Labs] [HKLM\Software\Synaptics] [HKLM\Software\sysinternals] [HKLM\Software\TeamSpeak 3 Client] [HKLM\Software\The Document Foundation] [HKLM\Software\WOW6432Node] [HKLM\Software\Microsoft\Windows\AssignedAccessConfiguration] [HKLM\Software\Microsoft\Windows\AssignedAccessCsp] [HKLM\Software\Microsoft\Windows\ClickNote] [HKLM\Software\Microsoft\Windows\CurrentVersion] [HKLM\Software\Microsoft\Windows\Dwm] [HKLM\Software\Microsoft\Windows\DynamicManagement] [HKLM\Software\Microsoft\Windows\EnterpriseResourceManager] [HKLM\Software\Microsoft\Windows\Heat] [HKLM\Software\Microsoft\Windows\HTML Help] [HKLM\Software\Microsoft\Windows\ITStorage] [HKLM\Software\Microsoft\Windows\ScheduledDiagnostics] [HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\Microsoft\Windows\Shell] [HKLM\Software\Microsoft\Windows\Tablet PC] [HKLM\Software\Microsoft\Windows\TabletPC] [HKLM\Software\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\Microsoft\Windows\Windows Search] [HKLM\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\AssignedAccessManagerSvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\BcastDVRUserService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\btagservice] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\BthAppGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\Camera] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\DevicesFlow] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\diagnostics] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\GraphicsPerfSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ICService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceHttp] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestrictedDhcpLmHosts] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetworkFirewall] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceDnsNla] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\print] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\PrintWorkflow] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\rdxgroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\RmSvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\UnistackSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\WepHostSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wsappx] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wusvcs] [HKLM\Software\WOW6432Node\$(brand_name)] [HKLM\Software\WOW6432Node\Adobe] [HKLM\Software\WOW6432Node\AGEIA Technologies] [HKLM\Software\WOW6432Node\ASIO] [HKLM\Software\WOW6432Node\ASIO4ALL] [HKLM\Software\WOW6432Node\AVAST Software] [HKLM\Software\WOW6432Node\Caphyon] [HKLM\Software\WOW6432Node\EasyAntiCheat] [HKLM\Software\WOW6432Node\Electronic Arts] [HKLM\Software\WOW6432Node\Epic Games] [HKLM\Software\WOW6432Node\EpicGames] [HKLM\Software\WOW6432Node\Google] [HKLM\Software\WOW6432Node\Hi-Rez Studios] [HKLM\Software\WOW6432Node\HiRez Studios] [HKLM\Software\WOW6432Node\Image-Line] [HKLM\Software\WOW6432Node\Intel] [HKLM\Software\WOW6432Node\JavaSoft] [HKLM\Software\WOW6432Node\JreMetrics] [HKLM\Software\WOW6432Node\Khronos] [HKLM\Software\WOW6432Node\Lavasoft] [HKLM\Software\WOW6432Node\Macromedia] [HKLM\Software\WOW6432Node\Microsoft] [HKLM\Software\WOW6432Node\Mozilla] [HKLM\Software\WOW6432Node\MozillaPlugins] [HKLM\Software\WOW6432Node\Nuance] [HKLM\Software\WOW6432Node\NVIDIA Corporation] [HKLM\Software\WOW6432Node\ODBC] [HKLM\Software\WOW6432Node\Origin] [HKLM\Software\WOW6432Node\Origin Games] [HKLM\Software\WOW6432Node\Overwolf] [HKLM\Software\WOW6432Node\Piriform] [HKLM\Software\WOW6432Node\Propellerhead Software] [HKLM\Software\WOW6432Node\Respawn] [HKLM\Software\WOW6432Node\Riot Games, Inc] [HKLM\Software\WOW6432Node\SoftVoice] [HKLM\Software\WOW6432Node\Starter] [HKLM\Software\WOW6432Node\TACHYON] [HKLM\Software\WOW6432Node\Ubisoft] [HKLM\Software\WOW6432Node\Valve] [HKLM\Software\WOW6432Node\WafCX] [HKLM\Software\WOW6432Node\WinRAR] [HKLM\Software\WOW6432Node\Wondershare] [HKLM\Software\WOW6432Node\Clients] [HKLM\Software\WOW6432Node\Policies] [HKLM\Software\WOW6432Node\RegisteredApplications] [HKLM\Software\WOW6432Node\Microsoft\Windows\ClickNote] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows\Dwm] [HKLM\Software\WOW6432Node\Microsoft\Windows\EnterpriseResourceManager] [HKLM\Software\WOW6432Node\Microsoft\Windows\Heat] [HKLM\Software\WOW6432Node\Microsoft\Windows\HTML Help] [HKLM\Software\WOW6432Node\Microsoft\Windows\ITStorage] [HKLM\Software\WOW6432Node\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\WOW6432Node\Microsoft\Windows\Tablet PC] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Search] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceHttp] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestrictedDhcpLmHosts] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetworkFirewall] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceDnsNla] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\PrintWorkflow] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\wusvcs] ---------- | Drives D: E: [10/08/2019 15:21:15] - |ASH| - (.-.) - [0] - (0.0.0.0) - E:\desktop.ini V: ---------- | C: [28/08/2019 03:04:33] - |HD| - [319217854] - C:\$GetCurrent [29/09/2017 15:46:33] - |SHD| - [3458878926] - C:\$Recycle.Bin [04/07/2019 20:49:16] - |HD| - [725527] - C:\$SysReset [28/08/2019 04:24:34] - |HD| - [67402685478] - C:\$WINDOWS.~BT [MD5.7866FA1357A10081EAEEE9C7F33228AA] - [26/08/2019 20:26:26] - |A| - (.-.) - [590] - (0.0.0.0) - C:\DelFix.txt [03/02/2018 04:00:59] - |SHD| - [145511001867] - C:\Documents and Settings [03/02/2018 00:52:37] - |DC| - [211519320] - C:\DRIVERS [MD5.2C20F08093979971FAFA18632D17CC4C] - [21/02/2018 23:12:36] - |AH| - (.-.) - [40] - (0.0.0.0) - C:\E8A9DCB0DE8F [MD5.D41D8CD98F00B204E9800998ECF8427E] - [19/05/2018 11:49:23] - |ASH| - (.-.) - [3390705664] - (0.0.0.0) - C:\hiberfil.sys [02/02/2018 21:24:13] - |DC| - [80052] - C:\Intel [MD5.D41D8CD98F00B204E9800998ECF8427E] - [01/04/2019 20:59:05] - |ASH| - (.-.) - [2013265920] - (0.0.0.0) - C:\pagefile.sys [12/04/2018 01:38:20] - |D| - [0] - C:\PerfLogs [12/04/2018 01:38:20] - |RD| - [8319668133] - C:\Program Files [12/04/2018 01:38:20] - |RD| - [3309935697] - C:\Program Files (x86) [12/04/2018 01:38:20] - |HD| - [55471680651] - C:\ProgramData [28/08/2019 18:40:32] - |D| - [228339624] - C:\QuickDiag [MD5.65978D93B45DBB9A1144D50034A43864] - [01/09/2019 19:46:14] - |A| - (.-.) - [209216] - (0.0.0.0) - C:\QuickDiag.txt [MD5.28ABDC9FEEF1DA91C47EA3EB66350D3D] - [28/08/2019 19:02:51] - |RAST| - (.-.) - [433142] - (0.0.0.0) - C:\QuickDiag_28_08_2019_19_02_51.txt [03/02/2018 04:01:00] - |SHDC| - [0] - C:\Recovery [MD5.D41D8CD98F00B204E9800998ECF8427E] - [19/05/2018 11:45:21] - |ASH| - (.-.) - [16777216] - (0.0.0.0) - C:\swapfile.sys [03/02/2018 03:59:34] - |SHD| - [0] - C:\System Volume Information [11/04/2018 23:04:33] - |RD| - [159132100996] - C:\Users [11/04/2018 23:04:33] - |D| - [25268543632] - C:\Windows [28/08/2019 03:04:30] - |D| - [22070709] - C:\Windows10Upgrade ---------- | C:\WINDOWS [12/04/2018 01:38:20] - |D| - [802] - C:\WINDOWS\addins [12/04/2018 01:38:20] - |D| - [14026586] - C:\WINDOWS\appcompat [12/04/2018 01:38:20] - |D| - [8331488] - C:\WINDOWS\apppatch [12/04/2018 01:38:20] - |D| - [0] - C:\WINDOWS\AppReadiness [12/04/2018 01:38:20] - |RSD| - [984704123] - C:\WINDOWS\assembly [12/04/2018 01:38:20] - |D| - [720353] - C:\WINDOWS\bcastdvr [MD5.178BA90AA13F6F834E5C060DC923FB55] - [12/04/2018 01:34:02] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Utilitaire de service de fichier de démarrage.) - [67072] - (10.0.17134.1) - C:\WINDOWS\bfsvc.exe [12/04/2018 18:24:11] - |SHD| - [580179] - C:\WINDOWS\BitLockerDiscoveryVolumeContents [12/04/2018 01:38:20] - |D| - [38317662] - C:\WINDOWS\Boot [MD5.F3CD0DB29138A1A871785489E195B551] - [19/05/2018 12:43:52] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\WINDOWS\bootstat.dat [12/04/2018 01:38:21] - |D| - [2448984] - C:\WINDOWS\Branding [12/04/2018 01:30:02] - |D| - [0] - C:\WINDOWS\CbsTemp [MD5.0B5BDF712FB4C6BF5C4AF1E57F21E55F] - [28/08/2019 03:30:40] - |A| - (.-.) - [4130] - (0.0.0.0) - C:\WINDOWS\comsetup.log [12/04/2018 18:41:55] - |D| - [46697886] - C:\WINDOWS\Containers [03/02/2018 04:01:08] - |D| - [68] - C:\WINDOWS\CSC [12/04/2018 01:38:21] - |D| - [11482410] - C:\WINDOWS\Cursors [12/04/2018 01:38:21] - |D| - [25445208] - C:\WINDOWS\debug [MD5.D1E75542EC8D1B4851765A57AC63618E] - [19/05/2018 11:51:27] - |A| - (.-.) - [1908] - (0.0.0.0) - C:\WINDOWS\diagerr.xml [12/04/2018 01:38:21] - |D| - [4609080] - C:\WINDOWS\diagnostics [MD5.D1E75542EC8D1B4851765A57AC63618E] - [19/05/2018 11:51:27] - |A| - (.-.) - [1908] - (0.0.0.0) - C:\WINDOWS\diagwrn.xml [12/04/2018 18:19:18] - |D| - [0] - C:\WINDOWS\DigitalLocker [MD5.64309F0E029A568B72EB9BBDB533E832] - [08/08/2019 17:44:31] - |A| - (.-.) - [18473] - (0.0.0.0) - C:\WINDOWS\DirectX.log [12/04/2018 01:38:21] - |SD| - [65] - C:\WINDOWS\Downloaded Program Files [12/04/2018 01:38:21] - |HD| - [59976] - C:\WINDOWS\ELAMBKUP [12/04/2018 18:19:18] - |D| - [0] - C:\WINDOWS\en-US [MD5.C8FB56B60458B09C1CAEBD4DAF1AC8BB] - [10/04/2019 16:24:40] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [3933296] - (10.0.17134.677) - C:\WINDOWS\explorer.exe [12/04/2018 01:38:21] - |RSD| - [436376489] - C:\WINDOWS\Fonts [12/04/2018 18:19:18] - |D| - [109568] - C:\WINDOWS\fr-FR [12/04/2018 01:38:21] - |D| - [0] - C:\WINDOWS\GameBarPresenceWriter [12/04/2018 01:38:21] - |D| - [47867303] - C:\WINDOWS\Globalization [12/04/2018 01:38:21] - |D| - [71641922] - C:\WINDOWS\Help [MD5.30D302335B017DC3B53519BD9E33D763] - [13/02/2019 21:14:55] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Aide et support Microsoft.) - [1054720] - (10.0.17134.556) - C:\WINDOWS\HelpPane.exe [MD5.A50C9DF7603E2F1AEA6B54053794A326] - [12/04/2018 01:34:25] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Exécutable de l’aide HTML Microsoft®.) - [17920] - (10.0.17134.1) - C:\WINDOWS\hh.exe [12/04/2018 01:38:21] - |D| - [29869] - C:\WINDOWS\IdentityCRL [12/04/2018 01:38:21] - |D| - [28827030] - C:\WINDOWS\IME [12/04/2018 01:38:21] - |RD| - [8489793] - C:\WINDOWS\ImmersiveControlPanel [12/04/2018 01:36:48] - |D| - [92317013] - C:\WINDOWS\INF [12/04/2018 01:38:21] - |D| - [1362468432] - C:\WINDOWS\InfusedApps [12/04/2018 01:38:21] - |D| - [38137502] - C:\WINDOWS\InputMethod [12/04/2018 01:38:21] - |SHDC| - [439599999] - C:\WINDOWS\Installer [02/02/2018 22:21:52] - |D| - [0] - C:\WINDOWS\IObit [12/04/2018 01:38:21] - |D| - [94163] - C:\WINDOWS\L2Schemas [12/04/2018 01:38:21] - |HD| - [0] - C:\WINDOWS\LanguageOverlayCache [12/04/2018 01:38:21] - |D| - [0] - C:\WINDOWS\LiveKernelReports [11/04/2018 23:04:39] - |D| - [19934254] - C:\WINDOWS\Logs [12/04/2018 01:38:21] - |RSD| - [20672035] - C:\WINDOWS\media [MD5.23AF90D2355D8C83AA4567EF1763B467] - [12/04/2018 01:34:36] - |A| - (.-.) - [43131] - (0.0.0.0) - C:\WINDOWS\mib.bin [04/07/2019 00:40:37] - |D| - [157241420] - C:\WINDOWS\Microsoft Antimalware [12/04/2018 01:38:20] - |RD| - [836127829] - C:\WINDOWS\Microsoft.NET [12/04/2018 01:38:21] - |D| - [3135] - C:\WINDOWS\Migration [12/04/2018 01:38:21] - |D| - [0] - C:\WINDOWS\ModemLogs [MD5.BB9A06B8F2DD9D24C77F389D7B2B58D2] - [12/04/2018 01:34:20] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Bloc-notes.) - [245760] - (10.0.17134.1) - C:\WINDOWS\notepad.exe [MD5.8E4F650A5604CBE61C4832EB1090FEB1] - [28/08/2019 02:44:10] - |A| - (.-.) - [454250] - (0.0.0.0) - C:\WINDOWS\ntbtlog.txt [MD5.74F28574BB8F61FFC7DD419FE6B6E0D5] - [06/02/2019 22:34:20] - |A| - (.-.) - [1951] - (0.0.0.0) - C:\WINDOWS\NvContainerRecovery.bat [MD5.74F28574BB8F61FFC7DD419FE6B6E0D5] - [03/02/2018 13:16:00] - |A| - (.-.) - [1951] - (0.0.0.0) - C:\WINDOWS\NvTelemetryContainerRecovery.bat [12/04/2018 18:23:03] - |D| - [199472] - C:\WINDOWS\OCR [12/04/2018 01:38:21] - |RD| - [65] - C:\WINDOWS\Offline Web Pages [06/02/2019 19:26:49] - |D| - [92418921] - C:\WINDOWS\Panther [12/04/2018 01:38:21] - |D| - [385340] - C:\WINDOWS\Performance [MD5.361410638FCD2D928487ED13F9BC4924] - [03/02/2018 01:25:36] - |A| - (.-.) - [657288] - (0.0.0.0) - C:\WINDOWS\PFRO.log [12/04/2018 01:38:21] - |D| - [1136442] - C:\WINDOWS\PLA [12/04/2018 01:38:21] - |D| - [7207245] - C:\WINDOWS\PolicyDefinitions [19/05/2018 11:45:39] - |D| - [3854602] - C:\WINDOWS\Prefetch [12/04/2018 01:38:21] - |RD| - [1965018] - C:\WINDOWS\PrintDialog [MD5.37BAA0C11BDFD8E54594E9C923CDF25E] - [12/04/2018 18:24:39] - |A| - (.-.) - [36112] - (0.0.0.0) - C:\WINDOWS\Professional.xml [MD5.2A9FFDF1D5AACB1A8CAD2433736135BA] - [28/08/2019 03:22:31] - |A| - (.-.) - [35] - (0.0.0.0) - C:\WINDOWS\progress.ini [12/04/2018 01:38:21] - |D| - [5479518] - C:\WINDOWS\Provisioning [MD5.AC91328EE5CFFBD695CE912F75F876F6] - [12/04/2018 01:34:34] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Éditeur du Registre.) - [336384] - (10.0.17134.1) - C:\WINDOWS\regedit.exe [12/04/2018 01:38:21] - |D| - [1095144] - C:\WINDOWS\Registration [12/04/2018 18:24:11] - |D| - [0] - C:\WINDOWS\RemotePackages [12/04/2018 01:38:21] - |D| - [24578472] - C:\WINDOWS\rescache [12/04/2018 01:38:21] - |D| - [4100609] - C:\WINDOWS\Resources [12/04/2018 01:38:21] - |D| - [0] - C:\WINDOWS\SchCache [12/04/2018 01:38:21] - |D| - [189322] - C:\WINDOWS\schemas [12/04/2018 01:38:21] - |D| - [3805911] - C:\WINDOWS\security [19/05/2018 12:43:19] - |D| - [190129790] - C:\WINDOWS\ServiceProfiles [12/04/2018 01:38:21] - |D| - [0] - C:\WINDOWS\ServiceState [11/04/2018 23:04:33] - |D| - [193356506] - C:\WINDOWS\servicing [12/04/2018 01:41:20] - |D| - [42] - C:\WINDOWS\Setup [MD5.AE9ACCC1917BC9D5B4843080418395C8] - [17/08/2019 00:51:07] - |A| - (.-.) - [3137] - (0.0.0.0) - C:\WINDOWS\setupact.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - [04/07/2019 19:45:07] - |A| - (.-.) - [0] - (0.0.0.0) - C:\WINDOWS\setuperr.log [12/04/2018 01:38:21] - |D| - [6443008] - C:\WINDOWS\ShellComponents [12/04/2018 01:38:21] - |D| - [53634048] - C:\WINDOWS\ShellExperiences [12/04/2018 18:20:18] - |D| - [3070736] - C:\WINDOWS\SKB [28/08/2019 02:35:26] - |D| - [47922229] - C:\WINDOWS\SoftwareDistribution [03/02/2018 04:01:10] - |D| - [0] - C:\WINDOWS\SoftwareDistribution.old [12/04/2018 01:38:21] - |D| - [86037185] - C:\WINDOWS\Speech [12/04/2018 01:38:21] - |D| - [63476142] - C:\WINDOWS\Speech_OneCore [MD5.8D59B31FF375059E3C32B17BF31A76D5] - [12/04/2018 01:34:41] - |A| - (.© Microsoft Corporation. - Print driver host for applications.) - [130560] - (10.0.17134.1) - C:\WINDOWS\splwow64.exe [12/04/2018 01:38:21] - |D| - [31039] - C:\WINDOWS\System [MD5.286A9EDB379DC3423A528B0864A0F111] - [29/09/2017 15:46:38] - |A| - (.-.) - [219] - (0.0.0.0) - C:\WINDOWS\system.ini [11/04/2018 23:04:33] - |D| - [7646609065] - C:\WINDOWS\System32 [12/04/2018 01:38:21] - |D| - [226976951] - C:\WINDOWS\SystemApps [12/04/2018 01:38:21] - |D| - [25702345] - C:\WINDOWS\SystemResources [11/04/2018 23:04:41] - |D| - [1529342885] - C:\WINDOWS\SysWOW64 [12/04/2018 01:38:21] - |D| - [0] - C:\WINDOWS\TAPI [29/09/2017 15:46:34] - |D| - [220] - C:\WINDOWS\Tasks [12/04/2018 01:38:21] - |D| - [7355092] - C:\WINDOWS\Temp [12/04/2018 01:38:21] - |D| - [13610496] - C:\WINDOWS\TextInput [12/04/2018 01:38:21] - |D| - [0] - C:\WINDOWS\tracing [12/04/2018 01:38:21] - |D| - [275696] - C:\WINDOWS\twain_32 [MD5.076387B253E6A381090F59EDBFC5EEF6] - [12/04/2018 01:34:53] - |A| - (.- Gestionnaire de sources Twain_32 (Image Acquisition Interface).) - [65536] - (1.7.1.3) - C:\WINDOWS\twain_32.dll [12/04/2018 01:38:21] - |D| - [12420] - C:\WINDOWS\Vss [11/04/2018 23:04:37] - |D| - [25818] - C:\WINDOWS\WaaS [12/04/2018 01:38:21] - |D| - [15729830] - C:\WINDOWS\Web [MD5.23CF8138F49416231807E6DE371FB9E6] - [29/09/2017 15:46:38] - |A| - (.-.) - [92] - (0.0.0.0) - C:\WINDOWS\win.ini [MD5.C844CA459F3B209329984772269B6E56] - [12/04/2018 01:34:36] - |RAH| - (.-.) - [670] - (0.0.0.0) - C:\WINDOWS\WindowsShell.Manifest [MD5.2CC83D93DD1DDE691158CF5E9882420B] - [28/08/2019 03:01:08] - |A| - (.-.) - [276] - (0.0.0.0) - C:\WINDOWS\WindowsUpdate.log [MD5.EE1F0DE1ED3E8A5BF080B3497049969E] - [12/04/2018 01:34:52] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Relais Windows Winhlp32.) - [11776] - (10.0.17134.1) - C:\WINDOWS\winhlp32.exe [11/04/2018 23:04:33] - |D| - [10307539339] - C:\WINDOWS\WinSxS [MD5.E7E4D8D7340DA6934B9EA81CBB21374C] - [12/04/2018 01:33:56] - |A| - (.-.) - [316640] - (0.0.0.0) - C:\WINDOWS\WMSysPr9.prx [MD5.5266C61652051E9EF3A4D199001F6B17] - [12/04/2018 01:34:19] - |A| - (.© Microsoft Corporation. - Windows Write.) - [11264] - (10.0.17134.1) - C:\WINDOWS\write.exe ---------- | C:\WINDOWS\System32\GroupPolicy [03/07/2019 22:30:16] - |D| - [0] - C:\WINDOWS\System32\GroupPolicy\Adm [MD5.A62CE44A33F1C05FC2D340EA0CA118A4] - [03/07/2019 22:30:16] - |A| - (.-.) - [268] - (0.0.0.0) - C:\WINDOWS\System32\GroupPolicy\gpt.ini [03/07/2019 22:30:16] - |D| - [0] - C:\WINDOWS\System32\GroupPolicy\Machine [03/07/2019 22:30:16] - |D| - [0] - C:\WINDOWS\System32\GroupPolicy\User ---------- | Systemroot\System ---------- | Systemroot\Installer (Microsoft Files Whitelisted) [08/08/2019 13:41:31] - C:\WINDOWS\Installer\1433f697.msi : (Epic Games Launcher - Epic Games, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/01/2018 16:32:26] - C:\WINDOWS\Installer\1fede7.msi : (.. - Intel) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/01/2018 16:33:02] - C:\WINDOWS\Installer\1fedf3.msi : (Intel(R) Driver & Support Assistant 3.1.2 - Intel) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/06/2018 23:20:26] - C:\WINDOWS\Installer\2d18499b.msi : (Intel(R) C++ Redistributables on Intel(R) 64 - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [19/11/2015 11:56:58] - C:\WINDOWS\Installer\33c3cc.msi : (Epic Games Launcher Prerequisites (x64) - Epic Games, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [26/11/2018 19:59:11] - C:\WINDOWS\Installer\47daf2d.msi : (Java SE Runtime Environment 8 Update 191 - Oracle Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [26/11/2018 20:01:31] - C:\WINDOWS\Installer\47daf34.msi : (Java Auto Updater - Oracle Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [02/11/2017 13:18:13] - C:\WINDOWS\Installer\6717e288.msi : (Online Application - Microleaves) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [03/02/2018 01:30:14] - C:\WINDOWS\Installer\6aba8.msi : (Google Update Helper - Google Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [01/10/2018 21:28:48] - C:\WINDOWS\Installer\ef404be.msi : (Dolby Audio X2 Windows API SDK - Dolby Laboratories, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] ---------- | %System%\*.in* [12/04/2018 01:33:56] - [3329] - C:\WINDOWS\System32\ieuinit.inf [19/05/2018 11:55:50] - [1766590] - C:\WINDOWS\System32\PerfStringBackup.INI [12/04/2018 01:34:33] - [60124] - C:\WINDOWS\System32\tcpmon.ini [29/01/2018 12:40:14] - [4779] - C:\WINDOWS\System32\TKFWFV.inf [12/04/2018 01:34:20] - [2404] - C:\WINDOWS\System32\WimBootCompress.ini [12/04/2018 01:34:00] - [3329] - C:\WINDOWS\Syswow64\ieuinit.inf [12/04/2018 01:34:49] - [2404] - C:\WINDOWS\Syswow64\WimBootCompress.ini ---------- | Listing no Microsoft signed files (Not necessary Malwares) | system32 | Syswow64 | General scan [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:20] - [0 Ko] - C:\WINDOWS\AppPatch\Custom\Custom64 [MD5.00000000000000000000000000000000] - |D| - [01/09/2019 19:55:23] - [0 Ko] - C:\WINDOWS\Temp\88DB2278-E86A-432C-8647-6E5D4836956F-Sigs [MD5.C6D64DA1BA9083B1C1D9AF98887EB6E5] - |A| - [04/09/2018 22:01:55] - (.-.) - [2973.23 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\adobegc.log [MD5.D947FE62D1B198C1FD5D84ACB2D7C1E0] - |A| - [29/08/2019 16:48:16] - (.-.) - [0.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\adobegc_a01780 [MD5.D947FE62D1B198C1FD5D84ACB2D7C1E0] - |A| - [28/08/2019 19:09:21] - (.-.) - [0.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\adobegc_a12036 [MD5.D947FE62D1B198C1FD5D84ACB2D7C1E0] - |A| - [26/08/2019 20:58:47] - (.-.) - [0.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\adobegc_a12472 [MD5.00000000000000000000000000000000] - |D| - [26/08/2019 18:09:55] - [0.04 Ko] - C:\WINDOWS\Temp\Crashpad [MD5.00000000000000000000000000000000] - |D| - [30/08/2018 13:32:55] - [3637.54 Ko] - C:\WINDOWS\Temp\CreativeCloud [MD5.00000000000000000000000000000000] - |D| - [01/09/2019 19:49:07] - [0 Ko] - C:\WINDOWS\Temp\DiagTrack_alternativeTrace [MD5.00000000000000000000000000000000] - |D| - [01/09/2019 19:49:07] - [0 Ko] - C:\WINDOWS\Temp\DiagTrack_aot [MD5.00000000000000000000000000000000] - |D| - [01/09/2019 19:49:07] - [0 Ko] - C:\WINDOWS\Temp\DiagTrack_diag [MD5.00000000000000000000000000000000] - |D| - [01/09/2019 19:49:07] - [0 Ko] - C:\WINDOWS\Temp\DiagTrack_miniTrace [MD5.ED9922728D51746E3CE7837AB672739F] - |A| - [25/02/2019 20:06:39] - (.-.) - [534.89 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MpCmdRun.log [MD5.4893C0792383269A10F80EC0A6AE8A9F] - |A| - [28/08/2019 03:11:19] - (.-.) - [37.39 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MpSigStub.log [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:19:19] - [0 Ko] - C:\WINDOWS\System32\0409 [MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [12/04/2018 01:34:20] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@AudioToastIcon.png [MD5.8E4B25CC8E98F63DBD54176DFAB539E0] - |A| - [12/04/2018 01:34:07] - (.-.) - [0.44 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@BackgroundAccessToastIcon.png [MD5.3937359E324E15F6A7A7092D4DAEBD64] - |A| - [12/04/2018 01:34:25] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@bitlockertoastimage.png [MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [12/04/2018 01:34:14] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@EnrollmentToastIcon.png [MD5.C2A332DE50FE519DA21AFB8BD6E134F4] - |A| - [12/04/2018 01:34:27] - (.-.) - [0.55 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@language_notification_icon.png [MD5.A119D69B4C29845D3F8CE2E5638C8E65] - |A| - [12/04/2018 01:34:32] - (.-.) - [0.47 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@optionalfeatures.png [MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [12/04/2018 01:34:33] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@VpnToastIcon.png [MD5.7AC3EA1A5175106ED6467FF0C5315541] - |A| - [12/04/2018 01:34:44] - (.-.) - [14.75 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WiFiNotificationIcon.png [MD5.79166EAF65485F1432DD72B72870026B] - |A| - [12/04/2018 01:34:04] - (.-.) - [190.86 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@windows-hello-V4.1.gif [MD5.13EF2C8D799F7B6E9D8E3D6BACB9C779] - |A| - [12/04/2018 01:34:04] - (.-.) - [0.7 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsHelloFaceToastIcon.png [MD5.F553B252FEC3134D4F5303D9B25298B3] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsUpdateToastIcon.contrast-black.png [MD5.DAD405CBDE259DE527EBF71BCC28099C] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.79 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsUpdateToastIcon.contrast-white.png [MD5.F553B252FEC3134D4F5303D9B25298B3] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsUpdateToastIcon.png [MD5.DB71001FC261F6685BE410527DAE3942] - |A| - [12/04/2018 01:34:20] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WirelessDisplayToast.png [MD5.D0FCF781D0801ABF5F74B54E98076A5B] - |A| - [12/04/2018 01:34:12] - (.-.) - [0.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WwanNotificationIcon.png [MD5.85D91E478AF18125007C531227FF6E59] - |A| - [12/04/2018 01:34:12] - (.-.) - [0.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WwanSimLockIcon.png [MD5.00000000000000000000000000000000] - |D| - [11/04/2018 23:04:39] - [2891.9 Ko] - C:\WINDOWS\System32\AdvancedInstallers [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29.5 Ko] - C:\WINDOWS\System32\af-ZA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [27.97 Ko] - C:\WINDOWS\System32\am-et [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\System32\AppLocker [MD5.00000000000000000000000000000000] - |D| - [03/02/2018 01:47:56] - [0 Ko] - C:\WINDOWS\System32\appmgmt [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [2686.05 Ko] - C:\WINDOWS\System32\appraiser [MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 18:24:11] - [287.58 Ko] - C:\WINDOWS\System32\AppV [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [345.5 Ko] - C:\WINDOWS\System32\ar-SA [MD5.B4F803BBEAFAD4DE89C6D3718E93F4F0] - |A| - [12/04/2018 01:34:15] - (.Copyright (c) libarchive authors - Windows-internal libarchive library.) - [602 Ko] - (3.3.2.0) - C:\WINDOWS\System32\archiveint.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [30.5 Ko] - C:\WINDOWS\System32\as-IN [MD5.C03F0062C0749CDB59A4D60862C3E83E] - |A| - [12/04/2018 01:34:04] - (.-.) - [134.86 Ko] - (0.0.0.0) - C:\WINDOWS\System32\AverageRoom.bin [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [30 Ko] - C:\WINDOWS\System32\az-Latn-AZ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29.5 Ko] - C:\WINDOWS\System32\be-BY [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [345.5 Ko] - C:\WINDOWS\System32\bg-BG [MD5.200930141D240DB217EAF5284DCBB068] - |A| - [02/02/2018 22:25:53] - (.Copyright (C) 2016, BayHubTech/O2Micro. - BayHubTech/O2Micro SD/MMC Icon.) - [1248.48 Ko] - (1.0.0.5) - C:\WINDOWS\System32\bhtv5Icon.dll [MD5.705628497C0012302212A46ADD463E6E] - |A| - [12/04/2018 01:34:02] - (.-.) - [8.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.contrast-black.png [MD5.F63C615733A3337BF2BEA96C6EE9B568] - |A| - [12/04/2018 01:34:02] - (.-.) - [8.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.contrast-high.png [MD5.705628497C0012302212A46ADD463E6E] - |A| - [12/04/2018 01:34:02] - (.-.) - [8.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.contrast-white.png [MD5.DAF1DCB4AEE839A1965F4CC160C49A53] - |A| - [12/04/2018 01:34:02] - (.-.) - [8.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.png [MD5.28ECA83D7F9D10D69E969675D1FF6725] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.29 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothSystemToastIcon.contrast-white.png [MD5.A620186FF1CDE4EE117FC4CAD648B9CC] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.2 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [28.5 Ko] - C:\WINDOWS\System32\bn-BD [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29.5 Ko] - C:\WINDOWS\System32\bn-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [4836.9 Ko] - C:\WINDOWS\System32\Boot [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [28.5 Ko] - C:\WINDOWS\System32\bs-Latn-BA [MD5.06DB0A736F8A78151518276F232669FC] - |A| - [12/04/2018 01:34:19] - (.Copyright (C) 2008 - Gestionnaire de contexte pour réseau personnel Bluetooth.) - [181 Ko] - (1.0.0.1) - C:\WINDOWS\System32\BthpanContextHandler.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0.1 Ko] - C:\WINDOWS\System32\Bthprops [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [30.5 Ko] - C:\WINDOWS\System32\ca-ES [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [31 Ko] - C:\WINDOWS\System32\ca-ES-valencia [MD5.00000000000000000000000000000000] - |D| - [11/04/2018 23:04:33] - [96744.23 Ko] - C:\WINDOWS\System32\CatRoot [MD5.00000000000000000000000000000000] - |D| - [28/08/2019 02:35:53] - [35375.18 Ko] - C:\WINDOWS\System32\catroot2 [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [40144.26 Ko] - C:\WINDOWS\System32\Catroot2.old [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [23 Ko] - C:\WINDOWS\System32\chr-CHER-US [MD5.C3B200C13BCBAF149C160B3BC9CBD83C] - |A| - [12/04/2018 22:16:59] - (.Copyright CANON INC. 2000-2014 - IJ Language Monitor.) - [396.5 Ko] - (0.3.0.1) - C:\WINDOWS\System32\CNMLMCA.DLL [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [3221.88 Ko] - C:\WINDOWS\System32\CodeIntegrity [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [368 Ko] - C:\WINDOWS\System32\com [MD5.535884123FABC2C15AA7DEC9834B55D4] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ComputerToastIcon.contrast-white.png [MD5.89F92266DFC6F93961DFFBB2D6C61A15] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.38 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ComputerToastIcon.png [MD5.CC7D8A8C05FA87656804C18D3ED288A1] - |A| - [18/10/2018 02:07:24] - (.2013 © Real Sound Lab SIA, iSoft Solutions - CONEQ™ Media Suite APO GUI Library.) - [119.32 Ko] - (1.0.0.4) - C:\WINDOWS\System32\CONEQMSAPOGUILibrary.dll [MD5.00000000000000000000000000000000] - |D| - [11/04/2018 23:04:33] - [321237.48 Ko] - C:\WINDOWS\System32\config [MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 01:38:21] - [53.11 Ko] - C:\WINDOWS\System32\Configuration [MD5.21CFA73B9FE6A74D622D3EF4E7460549] - |A| - [21/11/2017 19:07:52] - (.-.) - [738.92 Ko] - (0.0.0.0) - C:\WINDOWS\System32\cp_resources.bin [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [408 Ko] - C:\WINDOWS\System32\cs-CZ [MD5.BDEBD2FC4927DA00EEA263AF9CF8F7ED] - |A| - [12/04/2018 01:34:15] - (.© 1996 - 2017 Daniel Stenberg, . - The curl executable.) - [414.5 Ko] - (7.55.1.0) - C:\WINDOWS\System32\curl.exe [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [31.5 Ko] - C:\WINDOWS\System32\cy-GB [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [403.5 Ko] - C:\WINDOWS\System32\da-DK [MD5.48E51DAA9278C41213957795D439A274] - |A| - [13/11/2018 22:38:55] - (.-.) - [138 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DataStoreCacheDumpTool.exe [MD5.00000000000000000000000000000000] - |D| - [02/02/2018 21:12:58] - [14122.32 Ko] - C:\WINDOWS\System32\DAX2 [MD5.00000000000000000000000000000000] - |D| - [02/02/2018 21:12:58] - [9568.75 Ko] - C:\WINDOWS\System32\DAX3 [MD5.2A7153B6C7C3B8EF2EA0E1E7DBC119A4] - |A| - [18/10/2018 02:06:38] - (.© 2017 Dolby Laboratories, Inc. - Dolby DAX APO Property Page.) - [1508.12 Ko] - (1.1.7.13) - C:\WINDOWS\System32\DAX3APOProp.dll [MD5.8C72F29651DD7595F935EF47EAE97563] - |A| - [18/10/2018 02:06:40] - (.© 2017 Dolby Laboratories, Inc. - Dolby DAX APO.) - [1340.28 Ko] - (1.1.7.13) - C:\WINDOWS\System32\DAX3APOv251.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [217.6 Ko] - C:\WINDOWS\System32\DDFs [MD5.6CE46420E121351C6F217F7A3E3B16C7] - |A| - [02/02/2018 22:26:24] - (.©2014 Dolby Laboratories. - Dolby Digital Plus API x86.) - [271.81 Ko] - (7.6.5.1) - C:\WINDOWS\System32\DDPA64.dll [MD5.04C0FF55158BD5C8E31B8C3DC2A322C9] - |A| - [18/10/2018 02:06:42] - (.©2014 Dolby Laboratories. - Dolby Digital Plus COM DLL x86.) - [1925.22 Ko] - (7.6.5.1) - C:\WINDOWS\System32\DDPD64A.dll [MD5.2B46D04F1E86B9E978815DE19C427F93] - |A| - [18/10/2018 02:06:42] - (.©2014 Dolby Laboratories. - Dolby Digital Plus APO x86.) - [325.27 Ko] - (7.6.5.1) - C:\WINDOWS\System32\DDPO64A.dll [MD5.F90018211FD3CF221F833B5609F0C6F2] - |A| - [18/10/2018 02:07:30] - (.©2014 Dolby Laboratories. - Dolby DS1PC Control Panel x86.) - [6935.16 Ko] - (7.6.5.1) - C:\WINDOWS\System32\DDPP64A.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [458 Ko] - C:\WINDOWS\System32\de-DE [MD5.C04ED7B2794D40E8E777FD44ED44FC50] - |A| - [12/04/2018 01:34:06] - (.-.) - [0.36 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultAccountTile.png [MD5.618BA9E529EAB7E11DBA43469481835F] - |A| - [12/04/2018 01:34:04] - (.-.) - [4128.04 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultHrtfs.bin [MD5.664AA698FC0106A2B075A641E8DC6302] - |A| - [12/04/2018 01:38:27] - (.-.) - [0.84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultQuestions.json [MD5.851A9305E14B348CA0D9C7FB75391FDB] - |A| - [13/11/2018 22:38:55] - (.-.) - [272.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DesktopKeepOnToastImg.gif [MD5.4A6FA3C0EFD237F104E09A22883D9388] - |A| - [12/04/2018 01:34:17] - (.-.) - [3.85 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DetailedReading-Default.xml [MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 01:38:21] - [946 Ko] - C:\WINDOWS\System32\DiagSvcs [MD5.12ACC91FA93C8BF82D4EF3FB779ECEF8] - |A| - [12/04/2018 01:34:24] - (.-.) - [80.27 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DiskSnapshot.conf [MD5.00000000000000000000000000000000] - |D| - [11/04/2018 23:04:37] - [9781.27 Ko] - C:\WINDOWS\System32\Dism [MD5.6AB2B935BF38EB13CFCB9506223FD6E7] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DisplaySystemToastIcon.contrast-white.png [MD5.FF004E0B30E5E4EC747B3D8EF6E3B89E] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DisplaySystemToastIcon.png [MD5.A1B31418DDFD3A392775C4BF6E98CE53] - |A| - [18/10/2018 02:07:34] - (.© 2018 Dolby Laboratories, Inc. - Dolby DAX2 APO Property Page.) - [1131.88 Ko] - (0.8.8.33) - C:\WINDOWS\System32\DolbyDAX2APOProp.dll [MD5.F432717A6EEF19760268238D6EDCC1C0] - |A| - [02/02/2018 22:26:25] - (.© 2018 Dolby Laboratories, Inc. - Dolby DAX2 APO.) - [5221.73 Ko] - (0.8.8.33) - C:\WINDOWS\System32\DolbyDAX2APOv211.dll [MD5.1A638FFC7A4E5F57711137D3D9B50070] - |A| - [18/10/2018 02:06:48] - (.© 2016 Dolby Laboratories, Inc. - Dolby DAX2 APO.) - [1230.27 Ko] - (1.6.1.53) - C:\WINDOWS\System32\DolbyDAX2APOvlldp.dll [MD5.00000000000000000000000000000000] - |D| - [11/04/2018 23:04:37] - [2404.09 Ko] - C:\WINDOWS\System32\downlevel [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:37:59] - [154925.96 Ko] - C:\WINDOWS\System32\drivers [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\System32\DriverState [MD5.00000000000000000000000000000000] - |D| - [11/04/2018 23:04:33] - [2728985.85 Ko] - C:\WINDOWS\System32\DriverStore [MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 01:38:21] - [161.5 Ko] - C:\WINDOWS\System32\dsc [MD5.DF84EB7B44D1414284BA384F0061D1DC] - |A| - [12/04/2018 01:34:04] - (.-.) - [728.08 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DynamicLong.bin [MD5.346870077DFD18867A9693C7A59AA3E6] - |A| - [12/04/2018 01:34:04] - (.-.) - [503.08 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DynamicMedium.bin [MD5.2BEC13D68312ADE8C0065D8BCC146D2F] - |A| - [12/04/2018 01:34:04] - (.-.) - [315.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DynamicShort.bin [MD5.AC4A4E064D4884F571CC4A0DB1CE821F] - |A| - [22/01/2019 20:08:56] - (.Copyright © EasyAntiCheat Oy 2018 - EasyAntiCheat UserMode.) - [19.23 Ko] - (1.0.0.0) - C:\WINDOWS\System32\eac_usermode_128131239834113.dll [MD5.AA85615965D5CD7C84E483018BABBD91] - |A| - [18/10/2018 18:24:59] - (.Copyright © EasyAntiCheat Oy 2018 - EasyAntiCheat UserMode.) - [19.73 Ko] - (1.0.0.0) - C:\WINDOWS\System32\eac_usermode_136054174650470.dll [MD5.C3393866E7D6D4506ACAA6D56C200EDF] - |A| - [12/12/2018 22:12:50] - (.Copyright © EasyAntiCheat Oy 2018 - EasyAntiCheat UserMode.) - [19.23 Ko] - (1.0.0.0) - C:\WINDOWS\System32\eac_usermode_17253359047334.dll [MD5.F420898B636588B13C7D65098BD87689] - |A| - [05/02/2019 21:54:33] - (.Copyright © EasyAntiCheat Oy 2018 - EasyAntiCheat UserMode.) - [19.23 Ko] - (1.0.0.0) - C:\WINDOWS\System32\eac_usermode_347953618885984.dll [MD5.C3393866E7D6D4506ACAA6D56C200EDF] - |A| - [30/12/2018 21:36:17] - (.Copyright © EasyAntiCheat Oy 2018 - EasyAntiCheat UserMode.) - [19.23 Ko] - (1.0.0.0) - C:\WINDOWS\System32\eac_usermode_516534076780906.dll [MD5.10C38E1CA0D664F58E8B9F3645885E1D] - |A| - [13/02/2019 21:14:59] - (.-.) - [0.07 Ko] - (0.0.0.0) - C:\WINDOWS\System32\edgehtmlpluginpolicy.bin [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [456.5 Ko] - C:\WINDOWS\System32\el-GR [MD5.D96B7D921C3056ECC603D787A15BAC92] - |A| - [19/05/2018 11:50:13] - (.-.) - [22.57 Ko] - (0.0.0.0) - C:\WINDOWS\System32\emptyregdb.dat [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:19:19] - [0 Ko] - C:\WINDOWS\System32\en [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [324 Ko] - C:\WINDOWS\System32\en-GB [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [2148.5 Ko] - C:\WINDOWS\System32\en-US [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [438.5 Ko] - C:\WINDOWS\System32\es-ES [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [358.5 Ko] - C:\WINDOWS\System32\es-MX [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [318.5 Ko] - C:\WINDOWS\System32\et-EE [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29 Ko] - C:\WINDOWS\System32\eu-ES [MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 01:38:21] - [17125.14 Ko] - C:\WINDOWS\System32\F12 [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [28.5 Ko] - C:\WINDOWS\System32\fa-IR [MD5.4DBB768C8F7E49566670FF10A61726A3] - |A| - [11/07/2018 12:52:17] - (.-.) - [1278 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FaceProcessor.dll [MD5.F5A3997555DA1A4F7036D4E8B2FCB386] - |A| - [11/07/2018 12:52:12] - (.-.) - [530.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FaceProcessorCore.dll [MD5.BB0137476B1EC8B10CE944BF023C91F6] - |A| - [12/04/2018 01:34:04] - (.-.) - [1317.05 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FaceTrackerInternal.dll [MD5.4DED57BD7ACB9B0EBBE82034EC44645A] - |A| - [12/04/2018 01:34:41] - (.-.) - [43.22 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FeatureToastBulldogImg.png [MD5.E65D2A37B6D4445D0CD9234BA933475B] - |A| - [12/04/2018 01:33:53] - (.-.) - [72.96 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FeatureToastHeroImg.jpg [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [409 Ko] - C:\WINDOWS\System32\fi-FI [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [32.5 Ko] - C:\WINDOWS\System32\fil-PH [MD5.3BE22ED5E769B77ADB37331AEDD0C654] - |A| - [19/05/2018 11:45:22] - (.-.) - [436.02 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FNTCACHE.DAT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:19:19] - [3490 Ko] - C:\WINDOWS\System32\fr [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [369 Ko] - C:\WINDOWS\System32\fr-CA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [47341.88 Ko] - C:\WINDOWS\System32\fr-FR [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\System32\FxsTmp [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [32.5 Ko] - C:\WINDOWS\System32\ga-IE [MD5.41FD64AE28A0C932CA7B2A250993D675] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.45 Ko] - (0.0.0.0) - C:\WINDOWS\System32\GameSystemToastIcon.contrast-white.png [MD5.6DC77FD8B062264AF1C6DA325ABB7010] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\GameSystemToastIcon.png [MD5.2E6AF4D5BF6E31E728F409984C3045D4] - |A| - [12/04/2018 01:34:39] - (.-.) - [86.7 Ko] - (0.0.0.0) - C:\WINDOWS\System32\gatherNetworkInfo.vbs [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [34 Ko] - C:\WINDOWS\System32\gd-GB [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [02/02/2018 21:24:25] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\System32\GfxValDisplayLog.bin [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [31 Ko] - C:\WINDOWS\System32\gl-ES [MD5.00000000000000000000000000000000] - |HD| - [29/09/2017 15:46:33] - [0.26 Ko] - C:\WINDOWS\System32\GroupPolicy [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:33] - [0 Ko] - C:\WINDOWS\System32\GroupPolicyUsers [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29 Ko] - C:\WINDOWS\System32\gu-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29 Ko] - C:\WINDOWS\System32\ha-Latn-NG [MD5.EA99A87E98D995DE6E280CF85CEAD413] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.21 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HandwritingSystemToastIcon.contrast-white.png [MD5.B8E586ED92DB703FFA480E254996160E] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.89 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HandwritingSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [327.5 Ko] - C:\WINDOWS\System32\he-IL [MD5.6E9E9D56B192B2995493E529CFF2BBFE] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.43 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadphoneSystemToastIcon.contrast-white.png [MD5.7F1E9502267F778F3A8139C35A352190] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.09 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadphoneSystemToastIcon.png [MD5.202A07E4526B050E22624328E64E0470] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.52 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadsetSystemToastIcon.contrast-white.png [MD5.1892ACC10CAC009BCAC146AD650ABA58] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.17 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadsetSystemToastIcon.png [MD5.031713BFD5F30E63336D3CA5D2767BE9] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.79 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HealthSystemToastIcon.contrast-white.png [MD5.C1BD7976C99830E33A713D02374054EC] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.62 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HealthSystemToastIcon.png [MD5.D6906D226393F94E7D8B3B2AC1E41D94] - |A| - [12/04/2018 01:34:10] - (.-.) - [247.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeatCore.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29 Ko] - C:\WINDOWS\System32\hi-IN [MD5.D3C5FA2DCBED5B375BF36D3A54E08F93] - |A| - [02/02/2018 22:26:26] - (.© 2018 Dolby Laboratories, Inc. - Dolby DAX2 HiFi API.) - [369.38 Ko] - (0.8.8.85) - C:\WINDOWS\System32\HiFiDAX2API.dll [MD5.A6A23F90726BFA4BB9B9E6A554A7341D] - |A| - [18/10/2018 02:07:00] - (.© 2016 Dolby Laboratories, Inc. - Dolby DAX2 HiFi API.) - [396.8 Ko] - (1.6.1.53) - C:\WINDOWS\System32\HiFiDAX2APIPCLL.dll [MD5.E1712E7E7F912EC72EEDA318C3B25E25] - |A| - [12/04/2018 01:33:54] - (.-.) - [31 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HvSocket.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [27.5 Ko] - C:\WINDOWS\System32\hy-AM [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:24:11] - [278.87 Ko] - C:\WINDOWS\System32\hydrogen [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [5.36 Ko] - C:\WINDOWS\System32\ias [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [36.27 Ko] - C:\WINDOWS\System32\icsxml [MD5.CD591279F103D5E02F84ABD7ED450E57] - |RA| - [12/04/2018 01:34:12] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU I18N DLL.) - [1848 Ko] - (59.1.0.0) - C:\WINDOWS\System32\icuin.dll [MD5.4185EE055F39FD2D726A91E6A8A1A093] - |RA| - [12/04/2018 01:34:12] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Common DLL.) - [1311.5 Ko] - (59.1.0.0) - C:\WINDOWS\System32\icuuc.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [28.5 Ko] - C:\WINDOWS\System32\id-ID [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [27 Ko] - C:\WINDOWS\System32\ig-NG [MD5.BBB3C3B345E949D02923B7634342B223] - |A| - [21/11/2017 19:20:56] - (.-.) - [270.48 Ko] - (0.0.0.0) - C:\WINDOWS\System32\igfxCPL.cpl [MD5.67B646C256190F118619C9D10AAE4B5C] - |A| - [12/04/2018 01:34:04] - (.-.) - [168 Ko] - (0.0.0.0) - C:\WINDOWS\System32\IHDS.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [25220 Ko] - C:\WINDOWS\System32\IME [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\System32\inetsrv [MD5.BB1480586B5C174900A1051CEB2B462F] - |A| - [12/04/2018 01:34:12] - (.-.) - [480.22 Ko] - (0.0.0.0) - C:\WINDOWS\System32\InputHost.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [6671.5 Ko] - C:\WINDOWS\System32\InputMethod [MD5.8DE9AE82152650C178BF1E24014E8503] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.25 Ko] - (0.0.0.0) - C:\WINDOWS\System32\InputSystemToastIcon.contrast-white.png [MD5.0B9FBD6F3ED617CD36D042D3422F1C2B] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\InputSystemToastIcon.png [MD5.F418D2193501DC122E4BF92AAF734F34] - |A| - [20/12/2017 14:59:20] - (.-.) - [170.61 Ko] - (0.0.0.0) - C:\WINDOWS\System32\IntelWifiIhv04.dll [MD5.837EA0A9B3FF7DCAF79C74C5060A8774] - |A| - [21/11/2017 19:22:24] - (.Copyright © The Khronos Group Inc 2014 - OpenCL Client DLL.) - [136.98 Ko] - (2.1.0.0) - C:\WINDOWS\System32\Intel_OpenCL_ICD64.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\System32\Ipmi [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29 Ko] - C:\WINDOWS\System32\is-IS [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [437 Ko] - C:\WINDOWS\System32\it-IT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [323.56 Ko] - C:\WINDOWS\System32\ja-jp [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [28.5 Ko] - C:\WINDOWS\System32\ka-GE [MD5.23AC7515B6D8A794BCC01B582F044078] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.82 Ko] - (0.0.0.0) - C:\WINDOWS\System32\KeyboardSystemToastIcon.contrast-white.png [MD5.3DF873E16CCEA9B42857FB5FA085CB00] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\KeyboardSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [28.5 Ko] - C:\WINDOWS\System32\kk-KZ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [28 Ko] - C:\WINDOWS\System32\km-KH [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [31.5 Ko] - C:\WINDOWS\System32\kn-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [301 Ko] - C:\WINDOWS\System32\ko-KR [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29 Ko] - C:\WINDOWS\System32\kok-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29.5 Ko] - C:\WINDOWS\System32\ku-Arab-IQ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [30 Ko] - C:\WINDOWS\System32\ky-KG [MD5.9451D4436E2EA67EB33FCC764E4AABED] - |A| - [13/11/2018 22:38:59] - (.-.) - [186.29 Ko] - (0.0.0.0) - C:\WINDOWS\System32\LaptopPlugInToastImg.gif [MD5.F0CC83E1BA7E24F9B3292160C28AECD7] - |A| - [12/04/2018 01:34:04] - (.-.) - [145.56 Ko] - (0.0.0.0) - C:\WINDOWS\System32\LargeRoom.bin [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [33 Ko] - C:\WINDOWS\System32\lb-LU [MD5.4F5120E44845A78D5920D2F0BDE0340F] - |A| - [12/04/2018 18:23:31] - (.-.) - [1953 Ko] - (2.6.4.0) - C:\WINDOWS\System32\libcrypto.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [559.86 Ko] - C:\WINDOWS\System32\Licenses [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [27 Ko] - C:\WINDOWS\System32\lo-LA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [13789.66 Ko] - C:\WINDOWS\System32\LogFiles [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [333 Ko] - C:\WINDOWS\System32\lt-LT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [331.5 Ko] - C:\WINDOWS\System32\lv-LV [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [62579.38 Ko] - C:\WINDOWS\System32\Macromed [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [32.68 Ko] - C:\WINDOWS\System32\MailContactsCalendarSync [MD5.7A495CA1402C2F9F5D035092AD808669] - |A| - [12/04/2018 01:35:23] - (.-.) - [0.85 Ko] - (0.0.0.0) - C:\WINDOWS\System32\manage-bde.wsf [MD5.3DCF07F29FFC6A20F14E05C20D3621F7] - |A| - [13/03/2019 20:27:23] - (.-.) - [791.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MBR2GPT.EXE [MD5.F23EB28468FC8B62AF941308EC30387F] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.25 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediaSystemToastIcon.contrast-white.png [MD5.6E27512E38D598E0A60F8E5ADCF032CD] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.83 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediaSystemToastIcon.png [MD5.69D04DE701CF1E8CE69C65D1671D2B3F] - |A| - [12/04/2018 01:34:04] - (.-.) - [107.46 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediumRoom.bin [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29 Ko] - C:\WINDOWS\System32\mi-NZ [MD5.00000000000000000000000000000000] - |D| - [19/05/2018 12:43:19] - [1111.36 Ko] - C:\WINDOWS\System32\Microsoft [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [6771.46 Ko] - C:\WINDOWS\System32\migration [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [47360.95 Ko] - C:\WINDOWS\System32\migwiz [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [30 Ko] - C:\WINDOWS\System32\mk-MK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [32.5 Ko] - C:\WINDOWS\System32\ml-IN [MD5.D225B2044789A6059344503C1AE33347] - |A| - [12/04/2018 01:34:29] - (.-.) - [3.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\mmc.exe.config [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [30.5 Ko] - C:\WINDOWS\System32\mn-MN [MD5.B43E43FFFDD0F06A6925C7C89594042B] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.35 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MouseSystemToastIcon.contrast-white.png [MD5.5D2F0D3E50BF1129D260AC1405FF2A18] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.06 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MouseSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29.5 Ko] - C:\WINDOWS\System32\mr-IN [MD5.9288D8C59049E43911079C2B4A061D84] - |A| - [22/11/2018 19:40:24] - (.Copyright (C) 2018 LLC Mail.Ru - Mail.Ru AntiCheat Service.) - [11427.27 Ko] - (2.42.6.0) - C:\WINDOWS\System32\mracsvc.exe [MD5.00000000000000000000000000000000] - |D| - [02/02/2018 21:35:55] - [0 Ko] - C:\WINDOWS\System32\MRT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [30 Ko] - C:\WINDOWS\System32\ms-MY [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [45.5 Ko] - C:\WINDOWS\System32\MSDRM [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [4196.28 Ko] - C:\WINDOWS\System32\MsDtc [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [31 Ko] - C:\WINDOWS\System32\mt-MT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [19.15 Ko] - C:\WINDOWS\System32\MUI [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [34.35 Ko] - C:\WINDOWS\System32\my-mm [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [398 Ko] - C:\WINDOWS\System32\nb-NO [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [640 Ko] - C:\WINDOWS\System32\NDF [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [31.5 Ko] - C:\WINDOWS\System32\ne-NP [MD5.60DE320E21D998D8BE31EFB574039D6D] - |A| - [19/05/2018 11:45:22] - (.-.) - [42.47 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NetSetupMig.log [MD5.C146E873B22C3B300B21A859FE66C27A] - |A| - [12/04/2018 01:34:39] - (.-.) - [21.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NetTrace.PLA.Diagnostics.xml [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [51 Ko] - C:\WINDOWS\System32\networklist [MD5.B8443ABFD8E5B6E13241C04D499ED47F] - |A| - [06/02/2019 22:34:29] - (.-.) - [8357.36 Ko] - (0.0.0.0) - C:\WINDOWS\System32\nvcoproc.bin [MD5.539023008CC6E329500B05B84BD8C894] - |A| - [06/02/2019 22:32:19] - (.-.) - [51.03 Ko] - (0.0.0.0) - C:\WINDOWS\System32\nvinfo.pb [MD5.06AAD0C702C868AD5CAC775F8B8A740A] - |A| - [23/04/2019 20:11:01] - (.-.) - [659.2 Ko] - (0.0.0.0) - C:\WINDOWS\System32\nvofapi64.dll [MD5.1F8E72D18D9DF680D0E0E5AA10ECA760] - |A| - [12/04/2018 01:38:28] - (.-.) - [16.94 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OEMDefaultAssociations.xml [MD5.F3DC097E834C1A11F2BEDFD429C644A9] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.41 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.contrast-black.png [MD5.BFE1CCA08FEFC8A3422F7DA615567D75] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.43 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.contrast-white.png [MD5.F3DC097E834C1A11F2BEDFD429C644A9] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.41 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [15794.83 Ko] - C:\WINDOWS\System32\oobe [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:32] - [3834.5 Ko] - C:\WINDOWS\System32\OpenSSH [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [32.5 Ko] - C:\WINDOWS\System32\or-IN [MD5.459FB33AA2114A28C5932FEAA115B072] - |A| - [12/04/2018 01:34:04] - (.-.) - [45.82 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OutdoorAudioEnvironment.bin [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [28.5 Ko] - C:\WINDOWS\System32\pa-Arab-PK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [30 Ko] - C:\WINDOWS\System32\pa-IN [MD5.874B0871DA3EC061D1BF30423C1E165B] - |A| - [12/04/2018 01:34:43] - (.-.) - [48.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PerceptionSimulationInput.exe [MD5.7B13DB7CF79003F9B9A029815E957F36] - |A| - [12/04/2018 01:40:29] - (.-.) - [129.79 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc009.dat [MD5.1FC9B43E18B0A61B2A60F5DB7536E07B] - |A| - [12/04/2018 18:19:23] - (.-.) - [146.02 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc00C.dat [MD5.1E60BC5E525063B96078DF17FBD3C4E1] - |A| - [12/04/2018 01:40:29] - (.-.) - [32.64 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd009.dat [MD5.9F9AF8517189B0D61B2615007E071084] - |A| - [12/04/2018 18:19:23] - (.-.) - [39.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd00C.dat [MD5.C8BA025E992F0964574E9DC3A31DA7C9] - |A| - [12/04/2018 01:40:29] - (.-.) - [683.55 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh009.dat [MD5.C476DC80C33463AAAD8F86A07305AE81] - |A| - [12/04/2018 18:19:23] - (.-.) - [772.49 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh00C.dat [MD5.1D3C6B9E63ACAD2B14B98973C2D65099] - |A| - [19/05/2018 11:55:50] - (.-.) - [1725.19 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PerfStringBackup.INI [MD5.79D34E3B62076D4C875C748F5BE71ECA] - |A| - [12/04/2018 01:34:02] - (.-.) - [2.21 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PhoneSystemToastIcon.contrast-white.png [MD5.4D9495349D00D9AD907F227FF51F289F] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.92 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PhoneSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [424.5 Ko] - C:\WINDOWS\System32\pl-PL [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [682 Ko] - C:\WINDOWS\System32\PointOfService [MD5.686E760C5AEA12E78A85B617B76D99A9] - |A| - [19/10/2012 04:52:32] - (.-.) - [3776.41 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PortChanger.exe [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:19:20] - [420.74 Ko] - C:\WINDOWS\System32\Printing_Admin_Scripts [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\System32\ProximityToast [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [30.5 Ko] - C:\WINDOWS\System32\prs-AF [MD5.007893E8374C766471239EB291BA8C17] - |A| - [12/04/2018 01:34:40] - (.-.) - [4.05 Ko] - (0.0.0.0) - C:\WINDOWS\System32\psmodulediscoveryprovider.mof [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [427 Ko] - C:\WINDOWS\System32\pt-BR [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [422 Ko] - C:\WINDOWS\System32\pt-PT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [32.5 Ko] - C:\WINDOWS\System32\quc-Latn-GT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [30.5 Ko] - C:\WINDOWS\System32\quz-PE [MD5.654407BE74EDA960DA9F5E8698BD8622] - |A| - [18/10/2018 02:07:10] - (.©2012 Dolby Laboratories. - Dolby PCEE4 ASL Analog x64.) - [136.35 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EEA64A.dll [MD5.5A648E812BD4583BD972E7B898C8C184] - |A| - [18/10/2018 02:07:10] - (.©2012 Dolby Laboratories. - Dolby PCEE4 COM DLL x64.) - [442.52 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EED64A.dll [MD5.E4B603AC50A3C8941449DC3B38D0CE51] - |A| - [18/10/2018 02:07:12] - (.©2012 Dolby Laboratories. - Dolby PCEE4 GFX APO x64.) - [87.93 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EEG64A.dll [MD5.B603DEBF9A0F30B5FBB7BC9EFD6C14EA] - |A| - [18/10/2018 02:07:12] - (.©2012 Dolby Laboratories. - Dolby PCEE4 LFX APO x64.) - [153.52 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EEL64A.dll [MD5.7890D3A67D151E762BAFAD721D23374F] - |A| - [18/10/2018 02:07:58] - (.©2012 Dolby Laboratories. - Dolby PCEE4 Control Panel x64.) - [7010.3 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EEP64A.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [23.75 Ko] - C:\WINDOWS\System32\ras [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\System32\RasToast [MD5.5BBEA6A833CAE2CAB5E400D757998BBF] - |A| - [19/05/2018 12:42:05] - (.-.) - [1907.5 Ko] - (1.0.1802.7001) - C:\WINDOWS\System32\rdpnano.dll [MD5.0BF1E2262C95164A0B244174167FBD85] - |A| - [12/04/2018 01:35:13] - (.Copyright (C) 2009 - RemoteFX Helper.) - [104.5 Ko] - (1.1.0.0) - C:\WINDOWS\System32\RDVGHelper.exe [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [453371.27 Ko] - C:\WINDOWS\System32\Recovery [MD5.826549DF7B1333179BA8CA939B12DAD3] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RemoteSystemToastIcon.contrast-white.png [MD5.B4DEEC96F9DF6961D5DE054F11BF9C2B] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.1 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RemoteSystemToastIcon.png [MD5.93915F385A4EED6C0FBEE364EA90CE56] - |A| - [12/04/2018 01:34:43] - (.-.) - [9.09 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriHMImageList [MD5.39A2449AFF6ABAD80B97EA7C7CEB3F8E] - |A| - [12/04/2018 01:34:43] - (.-.) - [8.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriImageList [MD5.831C579709F4761E4AB7053FCF4176EC] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.contrast-black.png [MD5.DF286186041C6BF73C5DC21CEEEFFED5] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.77 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.contrast-white.png [MD5.831C579709F4761E4AB7053FCF4176EC] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0.07 Ko] - C:\WINDOWS\System32\restore [MD5.BA34CA469FE48B13922CD7A07A4A904A] - |A| - [09/10/2018 21:42:21] - (.-.) - [51.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\runexehelper.exe [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29.5 Ko] - C:\WINDOWS\System32\rw-RW [MD5.5C18CD22BE4628865FCB63337A6E5EF6] - |A| - [12/04/2018 01:35:22] - (.-.) - [10.18 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScavengeSpace.xml [MD5.2F24BC74DCB28FE032C1596755385917] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.contrast-black.png [MD5.E72B1B6800DE45AA9AE7E10F899E5999] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.54 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.contrast-white.png [MD5.2F24BC74DCB28FE032C1596755385917] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [30 Ko] - C:\WINDOWS\System32\sd-Arab-PK [MD5.00000000000000000000000000000000] - |D| - [19/05/2018 12:37:46] - [531.49 Ko] - C:\WINDOWS\System32\SDA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [6.92 Ko] - C:\WINDOWS\System32\SecureBootUpdates [MD5.A8308D2F3DDE0745E8B678BF69A2ECD0] - |A| - [12/04/2018 01:34:39] - (.-.) - [8 Ko] - (0.0.0.0) - C:\WINDOWS\System32\settings.dat [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [2246 Ko] - C:\WINDOWS\System32\ShellExperiences [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [53.2 Ko] - C:\WINDOWS\System32\si-lk [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [339 Ko] - C:\WINDOWS\System32\sk-SK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [335.5 Ko] - C:\WINDOWS\System32\sl-SI [MD5.00000000000000000000000000000000] - |D| - [19/05/2018 11:45:22] - [200953.15 Ko] - C:\WINDOWS\System32\SleepStudy [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:19:20] - [52.14 Ko] - C:\WINDOWS\System32\slmgr [MD5.DAC275ABAAD2B689D7BB3685E4032072] - |A| - [12/04/2018 01:34:04] - (.-.) - [68.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SmallRoom.bin [MD5.00000000000000000000000000000000] - |D| - [11/04/2018 23:04:33] - [13385.02 Ko] - C:\WINDOWS\System32\SMI [MD5.55121989BE7B289813D419BA0FDEE8B7] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.contrast-black.png [MD5.E30B7D226E7B5B0EC2B9FC2316694ECC] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.88 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.contrast-white.png [MD5.55121989BE7B289813D419BA0FDEE8B7] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.png [MD5.DE3EAAF17BC934C77C4FC0C626EEA03B] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.48 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SpeakersSystemToastIcon.contrast-white.png [MD5.3308374DB8D20CFDA4D4204E2B5E559E] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.88 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SpeakersSystemToastIcon.png [MD5.3C238A27DD48D63F21CBB8AE6E4210BD] - |A| - [12/04/2018 01:34:41] - (.-.) - [37 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SpectrumSyncClient.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [7505.4 Ko] - C:\WINDOWS\System32\Speech [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [12221.17 Ko] - C:\WINDOWS\System32\Speech_OneCore [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [151477.66 Ko] - C:\WINDOWS\System32\spool [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [15120.42 Ko] - C:\WINDOWS\System32\spp [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [23.61 Ko] - C:\WINDOWS\System32\sppui [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [30.5 Ko] - C:\WINDOWS\System32\sq-AL [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29.5 Ko] - C:\WINDOWS\System32\sr-Cyrl-BA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29.5 Ko] - C:\WINDOWS\System32\sr-Cyrl-RS [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [337 Ko] - C:\WINDOWS\System32\sr-Latn-RS [MD5.2E00E08420875FAE0B173C6A34C2A575] - |A| - [12/06/2018 21:27:03] - (.-.) - [18.28 Ko] - (0.0.0.0) - C:\WINDOWS\System32\srms-apr.dat [MD5.4FD560E994EDF0353835F3F9F506A62C] - |A| - [11/07/2018 12:52:10] - (.-.) - [57.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\srms.dat [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [40088 Ko] - C:\WINDOWS\System32\sru [MD5.8A02EF186BDC952CA75EFA689EC4F275] - |A| - [12/04/2018 01:34:04] - (.-.) - [434 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ssdm.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [406 Ko] - C:\WINDOWS\System32\sv-SE [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29 Ko] - C:\WINDOWS\System32\sw-KE [MD5.BD1F091BAF7931FA8CED744706589B76] - |A| - [13/03/2019 20:27:32] - (.-.) - [33.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SyncAppvPublishingServer.exe [MD5.20C4FE2B130D9F0C92D7629E71AFBB66] - |A| - [12/04/2018 01:35:10] - (.-.) - [1.68 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SyncAppvPublishingServer.vbs [MD5.E05FD986E310753F5EAB64A0FD5F856B] - |A| - [29/01/2018 07:22:10] - (.Copyright (C) Synaptics Incorporated 1996-2018 - SynCOM.) - [801.16 Ko] - (19.4.18.30) - C:\WINDOWS\System32\SynCOM.dll [MD5.6147AA090B9B3D9B83BC934BE316F33F] - |A| - [29/01/2018 07:22:30] - (.Copyright (C) Synaptics Incorporated 1996-2018 - SynTPAPI.) - [284.16 Ko] - (19.4.18.30) - C:\WINDOWS\System32\SynTPAPI.dll [MD5.D586B23CC84EB2E9CDB961508E031174] - |A| - [29/01/2018 07:22:34] - (.Copyright (C) Synaptics Incorporated 1996-2018 - Synaptics Pointing Device Driver Co-Installer.) - [349.66 Ko] - (19.4.18.30) - C:\WINDOWS\System32\SynTPCo63.dll [MD5.00000000000000000000000000000000] - |D| - [11/04/2018 23:04:37] - [1403.34 Ko] - C:\WINDOWS\System32\Sysprep [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [923.28 Ko] - C:\WINDOWS\System32\SystemResetPlatform [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [44.73 Ko] - C:\WINDOWS\System32\ta-in [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [10.73 Ko] - C:\WINDOWS\System32\ta-lk [MD5.9CD66B93520B6DD13C71EAEF487D7899] - |A| - [12/04/2018 01:34:16] - (.Copyright (c) libarchive authors - bsdtar archive tool.) - [49 Ko] - (3.3.2.0) - C:\WINDOWS\System32\tar.exe [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [620.68 Ko] - C:\WINDOWS\System32\Tasks [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [560.15 Ko] - C:\WINDOWS\System32\Tasks_Migrated [MD5.A3C97023CE50955FC9E7081633368209] - |A| - [12/06/2019 16:40:37] - (.-.) - [1.28 Ko] - (0.0.0.0) - C:\WINDOWS\System32\tcbres.wim [MD5.D602CA245CC6774A0981B607F0675609] - |A| - [12/04/2018 01:34:33] - (.-.) - [58.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\tcpmon.ini [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [30 Ko] - C:\WINDOWS\System32\te-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [32 Ko] - C:\WINDOWS\System32\tg-Cyrl-TJ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [308.5 Ko] - C:\WINDOWS\System32\th-TH [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [22.5 Ko] - C:\WINDOWS\System32\ti-ET [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [27.5 Ko] - C:\WINDOWS\System32\tk-TM [MD5.F712C8732001D6588FE59C63E0960847] - |A| - [29/01/2018 12:40:16] - (.Copyright (C) INCA Internet. 2000-2012 - Tachyon Kernel ACI DLL 1.0.) - [151.84 Ko] - (2012.8.21.1) - C:\WINDOWS\System32\TKAciU64.dll [MD5.B6647D779BD20034286124C517BD5287] - |A| - [29/01/2018 12:40:16] - (.Copyright (C) INCA Internet. 2000-2016 - Tachyon Kernel Control Driver 1.0.) - [200.55 Ko] - (2016.1.27.1) - C:\WINDOWS\System32\TKCtrl2k.sys [MD5.B76D55A00D95C8B4C5A4A141F8B0133F] - |A| - [29/01/2018 12:40:16] - (.Copyright (C) INCA Internet. 2000-2016 - Tachyon Kernel Control Driver 1.0.) - [143.79 Ko] - (2016.1.27.1) - C:\WINDOWS\System32\TKCtrl2k64.sys [MD5.787AA2418F166E7C3C99AB7244B078E2] - |A| - [05/02/2016 04:05:34] - (.Copyright (C) INCA Internet. 2000-2014 - Tachyon Kernel Control DLL 1.0.) - [343.25 Ko] - (2014.10.23.1) - C:\WINDOWS\System32\TKCtrlU64.dll [MD5.0FF5BC110227F375E3F52D5994DBA983] - |A| - [29/01/2018 12:40:16] - (.Copyright (C) INCA Internet. 2000-2013 - Tachyon MBR Protection Driver 2.0.) - [75.23 Ko] - (2013.10.10.1) - C:\WINDOWS\System32\tkdacex2k.sys [MD5.71844C767E7EE4AEB1322C9606853029] - |A| - [29/01/2018 12:40:18] - (.Copyright (C) INCA Internet. 2000-2013 - Tachyon MBR Protection Driver 2.0.) - [49.73 Ko] - (2013.10.10.1) - C:\WINDOWS\System32\tkdacex2k64.sys [MD5.80C9119836819C98B87A21987BE59673] - |A| - [14/09/2017 07:03:54] - (.Copyright (C) INCA Internet. 2000-2013 - Tachyon MBR Protection Driver Management Dll 2.0.) - [83.26 Ko] - (2013.5.30.1) - C:\WINDOWS\System32\tkdacex64.dll [MD5.DF0DC8BCEB238101CDFFB95CF337291B] - |A| - [29/01/2018 12:40:16] - (.Copyright (C) INCA Internet. 2000-2013 - Tachyon MBR Protection Driver Management Dll 2.0.) - [84.76 Ko] - (2013.5.30.1) - C:\WINDOWS\System32\tkdacexu64.dll [MD5.9B25C40B921E33E00D29299B6AE0DD49] - |A| - [07/03/2018 09:59:06] - (.Copyright (C) INCA Internet. 2000-2016 - Tachyon Anti-Virus Driver 2.0.) - [227.14 Ko] - (2017.8.2.1) - C:\WINDOWS\System32\TKFsAv.sys [MD5.F222681D5FCB98100826BA2A16DC5489] - |A| - [07/03/2018 09:59:02] - (.Copyright (C) INCA Internet. 2000-2016 - Tachyon Anti-Virus Driver 2.0.) - [194.15 Ko] - (2017.8.2.1) - C:\WINDOWS\System32\TKFsAv64.sys [MD5.E9761FADE0718D3B14BFBEBCBE66CDD0] - |A| - [16/01/2018 06:55:26] - (.Copyright (C) INCA Internet. 2000-2014 - Tachyon Anti-Virus Driver Management Dll 2.0.) - [272.57 Ko] - (2018.1.16.1) - C:\WINDOWS\System32\TKFsAvMU64.dll [MD5.C3F389CAE7088CBCCFEC89879FF05304] - |A| - [07/03/2018 09:59:04] - (.Copyright (C) INCA Internet. 2000-2014 - Tachyon File System MiniFilter Driver 2.0.) - [25.24 Ko] - (2014.7.1.1) - C:\WINDOWS\System32\TKFsFt.sys [MD5.50EA573555A02CF3FD2DDA56DF907D89] - |A| - [07/03/2018 09:59:02] - (.Copyright (C) INCA Internet. 2000-2014 - Tachyon File System MiniFilter Driver 2.0.) - [28.15 Ko] - (2014.7.1.1) - C:\WINDOWS\System32\TKFsFt64.sys [MD5.C65176A42968C13DB53D8DD125A43F3B] - |A| - [29/01/2018 12:40:18] - (.Copyright (C) INCA Internet. 2000-2014 - Tachyon File System MiniFilter Driver Management Dll 2.0.) - [237.64 Ko] - (2014.7.14.1) - C:\WINDOWS\System32\TKFsFtMU64.dll [MD5.7D5C9464829502C4F785383425930E31] - |A| - [29/01/2018 12:40:18] - (.Copyright(C) INCAInternet. 2000-2015 - Tachyon Firewall Core Driver.) - [159.47 Ko] - (2015.1.16.1) - C:\WINDOWS\System32\TKFW.sys [MD5.CFE400EED6D8EDDFECC42E9C2328EDD5] - |A| - [29/01/2018 12:40:18] - (.Copyright(C) INCA Internet. 2000-2013 - Tachyon Firewall Filter Driver.) - [81.01 Ko] - (2013.8.7.1) - C:\WINDOWS\System32\tkfwflt.sys [MD5.1DFA8D499BAEDD64A02BA131223E7DD2] - |A| - [29/01/2018 12:40:16] - (.-.) - [7.24 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TKFWFV.cat [MD5.A0D37811119C7077E569846409C676BE] - |A| - [29/01/2018 12:40:14] - (.-.) - [4.67 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TKFWFV.inf [MD5.FF178762663A7E5B78FE5F6E97664971] - |A| - [29/01/2018 12:40:14] - (.Copyright(C) INCA Internet. 2000-2010 - Tachyon Firewall LW Filter Driver.) - [31.09 Ko] - (2010.9.3.1) - C:\WINDOWS\System32\TKFWFV.sys [MD5.03CA1284C0D1EC9F785CC2D99ECF4A69] - |A| - [29/01/2018 12:40:16] - (.-.) - [7.25 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TKFWFV64.cat [MD5.9638CBC32E752C61BE3D2AC5F128A572] - |A| - [29/01/2018 12:40:18] - (.Copyright(C) INCA Internet. 2000-2010 - Tachyon Firewall LW Filter Driver.) - [33.59 Ko] - (2010.9.3.1) - C:\WINDOWS\System32\TKFWFV64.sys [MD5.525EF3DDAB2670DCC0CC6D4E6E21394A] - |A| - [29/01/2018 12:40:16] - (.Copyright(C) INCA Internet. 2000-2015 - Tachyon Firewall Core Driver.) - [158.91 Ko] - (2015.1.16.1) - C:\WINDOWS\System32\tkfwvt.sys [MD5.D6CCCF67168FE2902F1BB92BEAB24F82] - |A| - [29/01/2018 12:40:18] - (.Copyright(C) INCA Internet. 2000-2015 - Tachyon Firewall Core Driver.) - [181.53 Ko] - (2015.1.16.1) - C:\WINDOWS\System32\tkfwvt64.sys [MD5.4385E30F48A83DFAAF7CFDFF124B245F] - |A| - [29/01/2018 12:40:18] - (.Copyright (C) INCA Internet. 2000-2015 - Tachyon IDS Core Driver.) - [131.43 Ko] - (2015.1.16.1) - C:\WINDOWS\System32\tkids.sys [MD5.69EF28822E72CD4146864F8CBA225B41] - |A| - [29/01/2018 12:40:16] - (.Copyright (C) INCA Internet. 2000-2015 - Tachyon IDS Core Driver 2.0.) - [86.99 Ko] - (2015.1.16.1) - C:\WINDOWS\System32\TKIdsVt.sys [MD5.9E99D91709390EADB958B686EB823072] - |A| - [29/01/2018 12:40:14] - (.Copyright (C) INCA Internet. 2000-2015 - Tachyon IDS Core Driver 2.0.) - [103.11 Ko] - (2015.1.16.1) - C:\WINDOWS\System32\TKIdsVt64.sys [MD5.2D941F545E65991077270DA9BFA225D6] - |A| - [29/01/2018 12:40:20] - (.Copyright (C) INCA Internet. 2000-2013 - Tachyon Process Control Filter Driver 1.0.) - [36.26 Ko] - (2013.12.16.1) - C:\WINDOWS\System32\TKPcFtCb.sys [MD5.FCE5766FF34AEE062F3B307A5BE5DC44] - |A| - [30/01/2018 05:41:24] - (.Copyright (C) INCA Internet. 2000-2015 - Tachyon Process Control Filter Driver 1.0.) - [53.23 Ko] - (2017.4.12.1) - C:\WINDOWS\System32\TKPcFtCb64.sys [MD5.AF5D31641DAE403C782D9ECD5E157527] - |A| - [30/01/2018 05:41:24] - (.Copyright (C) INCA Internet. 2000-2015 - Tachyon Process Control Filter Driver 1.0.) - [61.79 Ko] - (2017.4.12.1) - C:\WINDOWS\System32\TKPcFtHk.sys [MD5.71252A997A8799439D573C9A12EAD4FE] - |A| - [07/03/2018 09:59:02] - (.Copyright (C) INCA Internet. 2000-2010 - Tachyon Process Control Filter Driver 1.0.) - [23.81 Ko] - (2011.9.23.1) - C:\WINDOWS\System32\TKPcFtHk64.sys [MD5.3A125B5F43E1BB43A0B0A750446CF158] - |A| - [29/01/2018 12:40:18] - (.Copyright (C) INCA Internet. 2000-2015 - Tachyon Process Control Filter Driver Management Dll 1.0.) - [324.13 Ko] - (2015.2.13.1) - C:\WINDOWS\System32\TKPcFtU64.dll [MD5.E9BD3C15003623C1550FC668541AF6F7] - |A| - [27/10/2017 06:59:28] - (.Copyright (C) INCA Internet. 2000-2015 - Tachyon Kernel Process Log Driver 1.0.) - [165.5 Ko] - (2017.10.27.1) - C:\WINDOWS\System32\tkpl2k.sys [MD5.17E01A2845C192D52A0AD0FF1FD7E529] - |A| - [27/10/2017 06:59:28] - (.Copyright (C) INCA Internet. 2000-2015 - Tachyon Kernel Process Log Driver 1.0.) - [119.59 Ko] - (2017.10.27.1) - C:\WINDOWS\System32\tkpl2k64.sys [MD5.4C75AB09DDE1124FE3FD1D2542519C3B] - |A| - [14/09/2017 07:03:52] - (.Copyright (C) INCA Internet. 2000-2013 - Tachyon Kernel Process Log Driver Management Dll 1.0.) - [84.76 Ko] - (2013.5.15.1) - C:\WINDOWS\System32\tkpl64.dll [MD5.499D1DED7AFAEAAB4F4C6791BDBA5C42] - |A| - [29/01/2018 12:40:16] - (.Copyright (C) INCA Internet. 2000-2014 - Tachyon Kernel Process Log Driver Management Dll 1.0.) - [94.59 Ko] - (2014.3.14.1) - C:\WINDOWS\System32\tkplu64.dll [MD5.D13BCBA7F36B96C18B5BF6A61F6BDBE7] - |A| - [29/01/2018 22:47:32] - (.Copyright (C) INCA Internet. 2000-2015 - Tachyon Registry Access Control Driver.) - [131.23 Ko] - (2017.4.25.1) - C:\WINDOWS\System32\TKRgAc2k.sys [MD5.03BC4F28136DF99296D0D443573D5BA8] - |A| - [29/01/2018 22:47:28] - (.Copyright (C) INCA Internet. 2000-2015 - Tachyon Registry Access Control Driver.) - [113.05 Ko] - (2017.4.25.1) - C:\WINDOWS\System32\TKRgAc2k64.sys [MD5.F0D5CD4C28628FFAFAE5A979D02CE2A4] - |A| - [14/09/2017 07:03:52] - (.Copyright (C) INCA Internet. 2000-2012 - Tachyon Registry Access Control Driver Management Dll 2.0.) - [208.81 Ko] - (2012.5.8.1) - C:\WINDOWS\System32\TKRgAc64.dll [MD5.A264D8BC894408B4450547C01997222B] - |A| - [29/01/2018 12:40:18] - (.-.) - [42.39 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TKRgAc9x.vxd [MD5.C545B6617BFB93EBEBEB817D554DF3D9] - |A| - [29/01/2018 12:40:20] - (.Copyright (C) INCA Internet. 2000-2010 - Tachyon Registry Access Control Driver.) - [93.37 Ko] - (2010.12.1.1) - C:\WINDOWS\System32\TKRgAcNt4.sys [MD5.53F003A9EFCDECF5C8F31F8703D8F29D] - |A| - [29/01/2018 12:40:16] - (.Copyright (C) INCA Internet. 2000-2014 - Tachyon Registry Access Control Driver Management Dll 2.0.) - [251.36 Ko] - (2014.6.9.1) - C:\WINDOWS\System32\TKRgAcu64.dll [MD5.6DD73BDF34F2359FEEBEEDCF3D0F0887] - |A| - [29/01/2018 22:47:32] - (.Copyright (C) INCA Internet. 2000-2015 - Tachyon Registry Filter Driver.) - [80.07 Ko] - (2015.4.15.1) - C:\WINDOWS\System32\TKRgFt2k.sys [MD5.AD194F08D1AA465951510DC7B9627DB2] - |A| - [14/09/2017 07:03:52] - (.Copyright (C) INCA Internet. 2000-2012 - Tachyon Registry Filter Driver Management Dll 1.0.) - [201.81 Ko] - (2012.5.8.1) - C:\WINDOWS\System32\TKRgFt64.dll [MD5.A7357F05E8EB20FA3536020ED0CB93C0] - |A| - [29/01/2018 12:40:16] - (.-.) - [21.82 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TKRgFt9x.vxd [MD5.82C18F65B7C574A26D92CBB610C06A90] - |A| - [29/01/2018 12:40:18] - (.Copyright (C) INCA Internet. 2000-2010 - Tachyon Registry Filter Driver.) - [49.28 Ko] - (2010.12.1.1) - C:\WINDOWS\System32\TKRgFtNt4.sys [MD5.1A0C10FA8D1906A441EDC622FB765448] - |A| - [29/01/2018 22:47:28] - (.Copyright (C) INCA Internet. 2000-2014 - Tachyon Registry Filter Driver Management Dll 1.0.) - [244.3 Ko] - (2017.4.25.1) - C:\WINDOWS\System32\TKRgFtu64.dll [MD5.A33C7BA5C22D80CA9AA046C97C2818C2] - |A| - [04/02/2018 16:49:44] - (.Copyright (C) INCA Internet. 2000-2015 - Tachyon Registry Filter Driver(XP Later).) - [94.29 Ko] - (2018.2.5.1) - C:\WINDOWS\System32\TKRgFtXp.sys [MD5.E3F72AA54D1BCF550925B4536FE0A0C3] - |A| - [04/02/2018 16:50:20] - (.Copyright (C) INCA Internet. 2000-2015 - Tachyon Registry Filter Driver(XP Later).) - [67.23 Ko] - (2018.2.5.1) - C:\WINDOWS\System32\TKRgFtXp64.sys [MD5.62361E956A05DC51A3EB36B747D2E8EA] - |A| - [29/01/2018 12:40:18] - (.Copyright (C) INCA Internet. 2000-2010 - Tachyon Self-Protection Driver 1.0.) - [100.22 Ko] - (2010.11.8.1) - C:\WINDOWS\System32\tksp2k.sys [MD5.1214502997A7880DD899CFCFA5451519] - |A| - [14/09/2017 07:03:54] - (.Copyright (C) INCA Internet. 2000-2010 - Tachyon Self-Protection Driver Management Dll 1.0.) - [76.09 Ko] - (2010.11.8.1) - C:\WINDOWS\System32\tksp64.dll [MD5.4607FB4B709A1D980389AA452D43D8DB] - |A| - [29/01/2018 12:40:18] - (.Copyright (C) INCA Internet. 2000-2010 - Tachyon Self-Protection Driver Management Dll 1.0.) - [78.09 Ko] - (2010.11.8.1) - C:\WINDOWS\System32\tkspu64.dll [MD5.4AFEB8809C9C70DCDE32D1FFAB12F7D3] - |A| - [29/01/2018 12:40:18] - (.Copyright (C) INCA Internet. 2000-2014 - Tachyon Self-Protection Driver 1.0.) - [103.88 Ko] - (2015.4.23.99) - C:\WINDOWS\System32\tkspxp.sys [MD5.152651C32949B3515A13A6D4CF08218B] - |A| - [29/01/2018 12:40:16] - (.Copyright (C) INCA Internet. 2000-2014 - Tachyon Self-Protection Driver 1.0.) - [78.93 Ko] - (2015.4.23.99) - C:\WINDOWS\System32\tkspxp64.sys [MD5.F17D9A5E726A510FFF69537DA2811701] - |A| - [29/01/2018 12:40:16] - (.Copyright (C) INCA Internet. 2000-2013 - Tachyon Tools Driver 1.0.) - [28.48 Ko] - (2013.4.17.1) - C:\WINDOWS\System32\TKTool2k.sys [MD5.B86DAC7005D2DE3AF97E194B97E49DFD] - |A| - [29/01/2018 12:40:16] - (.Copyright (C) INCA Internet. 2000-2013 - Tachyon Tools Driver 1.0.) - [31.73 Ko] - (2013.4.17.1) - C:\WINDOWS\System32\TKTool2k64.sys [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [32.5 Ko] - C:\WINDOWS\System32\tn-ZA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [397 Ko] - C:\WINDOWS\System32\tr-TR [MD5.B88B8D017386A00D7724519F475317A0] - |A| - [12/04/2018 01:34:44] - (.-.) - [10.33 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlan.xslt [MD5.2F05390B798363D51EBE65D6320CD45E] - |A| - [12/04/2018 01:34:44] - (.-.) - [1.65 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlanCredentials.xslt [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [28.5 Ko] - C:\WINDOWS\System32\tt-RU [MD5.D200497DD3A24F138123F0EB6C385D1D] - |A| - [12/04/2018 01:35:10] - (.-.) - [0.14 Ko] - (0.0.0.0) - C:\WINDOWS\System32\UevAppMonitor.exe.config [MD5.4AAEE8D86EC81DA2A1514ABC77E71F57] - |A| - [12/04/2018 01:35:10] - (.-.) - [3.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\UevCustomActionTypes.tlb [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [28 Ko] - C:\WINDOWS\System32\ug-CN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [334.5 Ko] - C:\WINDOWS\System32\uk-UA [MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 01:38:21] - [2716.43 Ko] - C:\WINDOWS\System32\UNP [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29.5 Ko] - C:\WINDOWS\System32\ur-PK [MD5.5B0D59652F66ABB715DC53C312B26BD0] - |A| - [12/04/2018 01:34:14] - (.-.) - [37 Ko] - (0.0.0.0) - C:\WINDOWS\System32\UsbPmApi.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [32 Ko] - C:\WINDOWS\System32\uz-Latn-UZ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [31.5 Ko] - C:\WINDOWS\System32\vi-VN [MD5.992506A725AA519B64827D92A4585871] - |A| - [23/04/2019 20:11:01] - (.Copyright (C) 2015-2018 - Vulkan Loader.) - [983.2 Ko] - (1.1.97.0) - C:\WINDOWS\System32\vulkan-1-999-0-0-0.dll [MD5.992506A725AA519B64827D92A4585871] - |A| - [23/04/2019 20:11:01] - (.Copyright (C) 2015-2018 - Vulkan Loader.) - [983.2 Ko] - (1.1.97.0) - C:\WINDOWS\System32\vulkan-1.dll [MD5.F6F678CA8AB9E78684BD91B468311B79] - |A| - [23/04/2019 20:11:01] - (.Copyright (C) 2015-2018 - Vulkan Info.) - [279.7 Ko] - (1.1.97.0) - C:\WINDOWS\System32\vulkaninfo-1-999-0-0-0.exe [MD5.F6F678CA8AB9E78684BD91B468311B79] - |A| - [23/04/2019 20:11:01] - (.Copyright (C) 2015-2018 - Vulkan Info.) - [279.7 Ko] - (1.1.97.0) - C:\WINDOWS\System32\vulkaninfo.exe [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [91166.92 Ko] - C:\WINDOWS\System32\wbem [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:19:20] - [0 Ko] - C:\WINDOWS\System32\WCN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [96881.15 Ko] - C:\WINDOWS\System32\WDI [MD5.6EDD021A8B6457DDE09DE7B7FA4E8C8B] - |A| - [12/04/2018 01:34:19] - (.-.) - [0.6 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WdsUnattendTemplate.xml [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [1.12 Ko] - C:\WINDOWS\System32\WinBioDatabase [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [44134.66 Ko] - C:\WINDOWS\System32\WinBioPlugIns [MD5.18EE3FF4D1F08AF296A51A083C0C4D14] - |A| - [26/11/2018 20:01:07] - (.Copyright © 2018 - Java(TM) Platform SE binary.) - [108.37 Ko] - (8.0.1910.12) - C:\WINDOWS\System32\WindowsAccessBridge-64.dll [MD5.9FB33FC28587B322B6563F73A8F0CBBD] - |A| - [12/04/2018 01:34:10] - (.-.) - [123 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WindowsDefaultHeatProcessor.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [11070.26 Ko] - C:\WINDOWS\System32\WindowsPowerShell [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [233076 Ko] - C:\WINDOWS\System32\winevt [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [5569.42 Ko] - C:\WINDOWS\System32\WinMetadata [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:19:20] - [107.53 Ko] - C:\WINDOWS\System32\winrm [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [27.5 Ko] - C:\WINDOWS\System32\wo-SN [MD5.C30C621748C66CE751B19B2788559A3E] - |A| - [12/04/2018 01:34:42] - (.-.) - [4.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpcmon.png [MD5.A853BF78DA5ED707FC4430FBEA74CC15] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpr.config.xml [MD5.DE198ABE13B6E663E60E006E17CF68B1] - |A| - [12/04/2018 01:34:06] - (.-.) - [79.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\xboxgipsynthetic.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [30 Ko] - C:\WINDOWS\System32\xh-ZA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29 Ko] - C:\WINDOWS\System32\yo-NG [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [290.49 Ko] - C:\WINDOWS\System32\zh-CN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [255 Ko] - C:\WINDOWS\System32\zh-TW [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [30 Ko] - C:\WINDOWS\System32\zu-ZA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:19:20] - [0 Ko] - C:\WINDOWS\SysWOW64\0409 [MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [12/04/2018 01:34:49] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@AudioToastIcon.png [MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [12/04/2018 01:34:48] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@EnrollmentToastIcon.png [MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [12/04/2018 01:34:59] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@VpnToastIcon.png [MD5.DB71001FC261F6685BE410527DAE3942] - |A| - [12/04/2018 01:34:49] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@WirelessDisplayToast.png [MD5.00000000000000000000000000000000] - |D| - [11/04/2018 23:04:41] - [1900.9 Ko] - C:\WINDOWS\SysWOW64\AdvancedInstallers [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29.5 Ko] - C:\WINDOWS\SysWOW64\af-ZA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [22 Ko] - C:\WINDOWS\SysWOW64\am-ET [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\AppLocker [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [326.5 Ko] - C:\WINDOWS\SysWOW64\ar-SA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [30.5 Ko] - C:\WINDOWS\SysWOW64\as-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [30 Ko] - C:\WINDOWS\SysWOW64\az-Latn-AZ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29.5 Ko] - C:\WINDOWS\SysWOW64\be-BY [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [324 Ko] - C:\WINDOWS\SysWOW64\bg-BG [MD5.200930141D240DB217EAF5284DCBB068] - |A| - [02/02/2018 22:25:53] - (.Copyright (C) 2016, BayHubTech/O2Micro. - BayHubTech/O2Micro SD/MMC Icon.) - [1248.48 Ko] - (1.0.0.5) - C:\WINDOWS\SysWOW64\bhtv5Icon.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [28.5 Ko] - C:\WINDOWS\SysWOW64\bn-BD [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29.5 Ko] - C:\WINDOWS\SysWOW64\bn-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [28.5 Ko] - C:\WINDOWS\SysWOW64\bs-Latn-BA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0.1 Ko] - C:\WINDOWS\SysWOW64\Bthprops [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [30.5 Ko] - C:\WINDOWS\SysWOW64\ca-ES [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [31 Ko] - C:\WINDOWS\SysWOW64\ca-ES-valencia [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\catroot [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [23 Ko] - C:\WINDOWS\SysWOW64\chr-CHER-US [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [320.5 Ko] - C:\WINDOWS\SysWOW64\com [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [4019.51 Ko] - C:\WINDOWS\SysWOW64\config [MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 01:38:21] - [53.11 Ko] - C:\WINDOWS\SysWOW64\Configuration [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [382 Ko] - C:\WINDOWS\SysWOW64\cs-CZ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [31.5 Ko] - C:\WINDOWS\SysWOW64\cy-GB [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [379 Ko] - C:\WINDOWS\SysWOW64\da-DK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [430.5 Ko] - C:\WINDOWS\SysWOW64\de-DE [MD5.C04ED7B2794D40E8E777FD44ED44FC50] - |A| - [12/04/2018 01:34:46] - (.-.) - [0.36 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\DefaultAccountTile.png [MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 01:38:21] - [205 Ko] - C:\WINDOWS\SysWOW64\DiagSvcs [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [7791.13 Ko] - C:\WINDOWS\SysWOW64\Dism [MD5.1E91815C329345AD54FE08BF7A98F749] - |A| - [12/04/2018 18:19:56] - (.Copyright (C) 2017 - Gracenote SDK component.) - [4073.5 Ko] - (3.10.5.5585) - C:\WINDOWS\SysWOW64\gnsdk_fp.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\GroupPolicyUsers [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29 Ko] - C:\WINDOWS\SysWOW64\gu-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29 Ko] - C:\WINDOWS\SysWOW64\ha-Latn-NG [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [309.5 Ko] - C:\WINDOWS\SysWOW64\he-IL [MD5.B4242227EAA6B910E3D0B985816DB2E7] - |A| - [12/04/2018 01:34:45] - (.-.) - [218 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\HeatCore.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29 Ko] - C:\WINDOWS\SysWOW64\hi-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [314.5 Ko] - C:\WINDOWS\SysWOW64\hr-HR [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [389.5 Ko] - C:\WINDOWS\SysWOW64\hu-HU [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [27.5 Ko] - C:\WINDOWS\SysWOW64\hy-AM [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [36.27 Ko] - C:\WINDOWS\SysWOW64\icsxml [MD5.17F5D3282D520EB2EA7C488AA6C57438] - |RA| - [12/04/2018 01:34:47] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU I18N DLL.) - [1594 Ko] - (59.1.0.0) - C:\WINDOWS\SysWOW64\icuin.dll [MD5.A456E020684366A0DB0714ABFB1B5A2A] - |RA| - [12/04/2018 01:34:47] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Common DLL.) - [1134 Ko] - (59.1.0.0) - C:\WINDOWS\SysWOW64\icuuc.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [28.5 Ko] - C:\WINDOWS\SysWOW64\id-ID [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [27 Ko] - C:\WINDOWS\SysWOW64\ig-NG [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [20757.55 Ko] - C:\WINDOWS\SysWOW64\IME [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\inetsrv [MD5.9DDE110E76DD3D7FAA7282361069528E] - |A| - [12/04/2018 01:34:47] - (.-.) - [355.66 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\InputHost.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [215.5 Ko] - C:\WINDOWS\SysWOW64\InputMethod [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [1160 Ko] - C:\WINDOWS\SysWOW64\InstallShield [MD5.AF78A632F862F0080CC3BE525D4B4091] - |A| - [21/11/2017 19:22:20] - (.Copyright © The Khronos Group Inc 2014 - OpenCL Client DLL.) - [113.98 Ko] - (2.1.0.0) - C:\WINDOWS\SysWOW64\Intel_OpenCL_ICD32.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\Ipmi [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29 Ko] - C:\WINDOWS\SysWOW64\is-IS [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [410.5 Ko] - C:\WINDOWS\SysWOW64\it-IT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [288 Ko] - C:\WINDOWS\SysWOW64\ja-JP [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [28.5 Ko] - C:\WINDOWS\SysWOW64\ka-GE [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [28.5 Ko] - C:\WINDOWS\SysWOW64\kk-KZ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [28 Ko] - C:\WINDOWS\SysWOW64\km-KH [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [31.5 Ko] - C:\WINDOWS\SysWOW64\kn-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [283.5 Ko] - C:\WINDOWS\SysWOW64\ko-KR [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29 Ko] - C:\WINDOWS\SysWOW64\kok-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29.5 Ko] - C:\WINDOWS\SysWOW64\ku-Arab-IQ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [30 Ko] - C:\WINDOWS\SysWOW64\ky-KG [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [33 Ko] - C:\WINDOWS\SysWOW64\lb-LU [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [559.86 Ko] - C:\WINDOWS\SysWOW64\Licenses [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [27 Ko] - C:\WINDOWS\SysWOW64\lo-LA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\LogFiles [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [313 Ko] - C:\WINDOWS\SysWOW64\lt-LT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [311.5 Ko] - C:\WINDOWS\SysWOW64\lv-LV [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [44947.69 Ko] - C:\WINDOWS\SysWOW64\Macromed [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [32.68 Ko] - C:\WINDOWS\SysWOW64\MailContactsCalendarSync [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29 Ko] - C:\WINDOWS\SysWOW64\mi-NZ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [2984.42 Ko] - C:\WINDOWS\SysWOW64\migration [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [827.4 Ko] - C:\WINDOWS\SysWOW64\migwiz [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [30 Ko] - C:\WINDOWS\SysWOW64\mk-MK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [32.5 Ko] - C:\WINDOWS\SysWOW64\ml-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [30.5 Ko] - C:\WINDOWS\SysWOW64\mn-MN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29.5 Ko] - C:\WINDOWS\SysWOW64\mr-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [30 Ko] - C:\WINDOWS\SysWOW64\ms-MY [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [45.5 Ko] - C:\WINDOWS\SysWOW64\MSDRM [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [52.28 Ko] - C:\WINDOWS\SysWOW64\Msdtc [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [31 Ko] - C:\WINDOWS\SysWOW64\mt-MT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [19.15 Ko] - C:\WINDOWS\SysWOW64\MUI [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [374 Ko] - C:\WINDOWS\SysWOW64\nb-NO [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\NDF [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [31.5 Ko] - C:\WINDOWS\SysWOW64\ne-NP [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [51 Ko] - C:\WINDOWS\SysWOW64\networklist [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [400.5 Ko] - C:\WINDOWS\SysWOW64\nl-NL [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [28.5 Ko] - C:\WINDOWS\SysWOW64\nn-NO [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [30.5 Ko] - C:\WINDOWS\SysWOW64\nso-ZA [MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 01:38:21] - [3781.5 Ko] - C:\WINDOWS\SysWOW64\Nui [MD5.FBEE9A370EE5B36635CAB9DCAAFEE9C0] - |A| - [23/04/2019 20:11:01] - (.-.) - [529.2 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\nvofapi.dll [MD5.B3B9C8925432FDA674ACCA908FE3CFDE] - |A| - [12/04/2018 01:34:02] - (.-.) - [36.79 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\OneDrive.ico [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [685.69 Ko] - C:\WINDOWS\SysWOW64\oobe [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [32.5 Ko] - C:\WINDOWS\SysWOW64\or-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [28.5 Ko] - C:\WINDOWS\SysWOW64\pa-Arab-PK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [30 Ko] - C:\WINDOWS\SysWOW64\pa-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [397.5 Ko] - C:\WINDOWS\SysWOW64\pl-PL [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:19:21] - [420.74 Ko] - C:\WINDOWS\SysWOW64\Printing_Admin_Scripts [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [30.5 Ko] - C:\WINDOWS\SysWOW64\prs-AF [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [400.5 Ko] - C:\WINDOWS\SysWOW64\pt-BR [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [395.5 Ko] - C:\WINDOWS\SysWOW64\pt-PT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [32.5 Ko] - C:\WINDOWS\SysWOW64\quc-Latn-GT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [30.5 Ko] - C:\WINDOWS\SysWOW64\quz-PE [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [23.75 Ko] - C:\WINDOWS\SysWOW64\ras [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\RasToast [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0.82 Ko] - C:\WINDOWS\SysWOW64\Recovery [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\restore [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [321 Ko] - C:\WINDOWS\SysWOW64\ro-RO [MD5.2E00E08420875FAE0B173C6A34C2A575] - |A| - [12/06/2018 21:27:03] - (.-.) - [18.28 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\srms-apr.dat [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\sru [MD5.DC2DB04CA829CAD7910CE71263F68C90] - |A| - [12/04/2018 01:34:45] - (.-.) - [321.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\ssdm.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [381.5 Ko] - C:\WINDOWS\SysWOW64\sv-SE [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29 Ko] - C:\WINDOWS\SysWOW64\sw-KE [MD5.648699367E9C5752DCD5382EB250B927] - |A| - [29/01/2018 07:22:12] - (.Copyright (C) Synaptics Incorporated 1996-2018 - SynCOM.) - [429.16 Ko] - (19.4.18.30) - C:\WINDOWS\SysWOW64\SynCom.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:19:21] - [0 Ko] - C:\WINDOWS\SysWOW64\sysprep [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [34 Ko] - C:\WINDOWS\SysWOW64\ta-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\Tasks [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [30 Ko] - C:\WINDOWS\SysWOW64\te-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [32 Ko] - C:\WINDOWS\SysWOW64\tg-Cyrl-TJ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [289.5 Ko] - C:\WINDOWS\SysWOW64\th-TH [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [22.5 Ko] - C:\WINDOWS\SysWOW64\ti-ET [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [27.5 Ko] - C:\WINDOWS\SysWOW64\tk-TM [MD5.0D2DA91DC6EAD6CD57DF9F5B0E347B85] - |A| - [29/01/2018 12:40:08] - (.Copyright (C) INCA Internet. 2000-2012 - tkfwflt.dll.) - [224.31 Ko] - (2012.1.9.1) - C:\WINDOWS\SysWOW64\tkfwfltU.dll [MD5.11D68A84FE7E9461108001FA303C74EB] - |A| - [29/01/2018 12:40:10] - (.Copyright (C) INCA Internet. 2000-2014 - TKFW.dll.) - [236.13 Ko] - (2015.7.23.1) - C:\WINDOWS\SysWOW64\TKFWU.dll [MD5.2805AD9279163935BA327F8552CAF479] - |A| - [29/01/2018 12:40:10] - (.Copyright (C) INCA Internet. 2000-2012 - tkidsx.dll.) - [324.31 Ko] - (2012.1.9.1) - C:\WINDOWS\SysWOW64\tkidsxU.dll [MD5.B57E61843319B30B464C0C758FF7C4AC] - |A| - [29/01/2018 12:40:10] - (.Copyright (C) INCA Internet. 2000-2010 - tknetcfg Application.) - [122.59 Ko] - (2010.5.13.1) - C:\WINDOWS\SysWOW64\tknetcfg.exe [MD5.B8D4B9759145BF4809427D5A430015D5] - |A| - [29/01/2018 12:40:10] - (.Copyright (C) INCA Internet. 2000-2010 - tknetcfg Application.) - [128.59 Ko] - (2010.5.13.1) - C:\WINDOWS\SysWOW64\tknetcfg64.exe [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [32.5 Ko] - C:\WINDOWS\SysWOW64\tn-ZA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [372.5 Ko] - C:\WINDOWS\SysWOW64\tr-TR [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [28.5 Ko] - C:\WINDOWS\SysWOW64\tt-RU [MD5.01E96A85B337B702AE2BC7F838AE7B65] - |A| - [12/04/2018 01:35:13] - (.-.) - [3.34 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\UevCustomActionTypes.tlb [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [28 Ko] - C:\WINDOWS\SysWOW64\ug-CN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [314 Ko] - C:\WINDOWS\SysWOW64\uk-UA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29.5 Ko] - C:\WINDOWS\SysWOW64\ur-PK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [32 Ko] - C:\WINDOWS\SysWOW64\uz-Latn-UZ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [31.5 Ko] - C:\WINDOWS\SysWOW64\vi-VN [MD5.15D2B42B2348686B01B751B29E7CCE1F] - |A| - [12/04/2018 01:35:13] - (.-.) - [33.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\vmstaging.dll [MD5.C7713A708D52733F9F1BEAA462836842] - |A| - [23/04/2019 20:11:01] - (.Copyright (C) 2015-2018 - Vulkan Loader.) - [849.7 Ko] - (1.1.97.0) - C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll [MD5.C7713A708D52733F9F1BEAA462836842] - |A| - [23/04/2019 20:11:01] - (.Copyright (C) 2015-2018 - Vulkan Loader.) - [849.7 Ko] - (1.1.97.0) - C:\WINDOWS\SysWOW64\vulkan-1.dll [MD5.88B35ED68E9335D8126AD02285071AA3] - |A| - [23/04/2019 20:11:01] - (.Copyright (C) 2015-2018 - Vulkan Info.) - [254.2 Ko] - (1.1.97.0) - C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe [MD5.88B35ED68E9335D8126AD02285071AA3] - |A| - [23/04/2019 20:11:01] - (.Copyright (C) 2015-2018 - Vulkan Info.) - [254.2 Ko] - (1.1.97.0) - C:\WINDOWS\SysWOW64\vulkaninfo.exe [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [17270.82 Ko] - C:\WINDOWS\SysWOW64\wbem [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:19:21] - [0 Ko] - C:\WINDOWS\SysWOW64\WCN [MD5.F8A04B2ADF9693ADF0D70B966CA4498E] - |A| - [12/04/2018 01:34:45] - (.-.) - [109 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\WindowsDefaultHeatProcessor.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [10274.95 Ko] - C:\WINDOWS\SysWOW64\WindowsPowerShell [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [5569.41 Ko] - C:\WINDOWS\SysWOW64\WinMetadata [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:19:21] - [107.53 Ko] - C:\WINDOWS\SysWOW64\winrm [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [27.5 Ko] - C:\WINDOWS\SysWOW64\wo-SN [MD5.62236256C14EBAB96F24E4F1D7049CA8] - |A| - [12/04/2018 01:34:45] - (.-.) - [54.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\xboxgipsynthetic.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [30 Ko] - C:\WINDOWS\SysWOW64\xh-ZA [MD5.00000000000000000000000000000000] - |D| - [19/05/2018 12:40:48] - [10.16 Ko] - C:\WINDOWS\SysWOW64\XPSViewer [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29.5 Ko] - C:\WINDOWS\SysWOW64\yo-NG [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [245.5 Ko] - C:\WINDOWS\SysWOW64\zh-CN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [240.5 Ko] - C:\WINDOWS\SysWOW64\zh-TW [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [30 Ko] - C:\WINDOWS\SysWOW64\zu-ZA ---------- | [Administrateur] [28/08/2019 02:01:01] - |RD| - [298] - C:\Users\Administrateur\3D Objects [28/08/2019 02:01:23] - |D| - [0] - C:\Users\Administrateur\ansel [28/08/2019 02:00:59] - |HD| - [322506344] - C:\Users\Administrateur\AppData [28/08/2019 02:00:59] - |SHD| - [0] - C:\Users\Administrateur\Application Data [28/08/2019 02:01:01] - |RD| - [412] - C:\Users\Administrateur\Contacts [28/08/2019 02:00:59] - |SHD| - [0] - C:\Users\Administrateur\Cookies [28/08/2019 02:00:59] - |RD| - [1699] - C:\Users\Administrateur\Desktop [28/08/2019 02:00:59] - |RD| - [402] - C:\Users\Administrateur\Documents [28/08/2019 02:00:59] - |RD| - [282] - C:\Users\Administrateur\Downloads [28/08/2019 02:00:59] - |RD| - [690] - C:\Users\Administrateur\Favorites [28/08/2019 02:01:00] - |SHD| - [25308] - C:\Users\Administrateur\IntelGraphicsProfiles [28/08/2019 02:00:59] - |RD| - [2015] - C:\Users\Administrateur\Links [28/08/2019 02:00:59] - |SHD| - [0] - C:\Users\Administrateur\Local Settings [28/08/2019 02:00:59] - |SHD| - [0] - C:\Users\Administrateur\Menu Démarrer [28/08/2019 02:00:59] - |SHD| - [0] - C:\Users\Administrateur\Mes documents [28/08/2019 02:01:37] - |HD| - [2634315] - C:\Users\Administrateur\MicrosoftEdgeBackups [28/08/2019 02:00:59] - |SHD| - [0] - C:\Users\Administrateur\Modèles [28/08/2019 02:00:59] - |RD| - [504] - C:\Users\Administrateur\Music [28/08/2019 02:00:59] - |AH| - [1310720] - C:\Users\Administrateur\NTUSER.DAT [28/08/2019 02:00:59] - |ASH| - [118784] - C:\Users\Administrateur\ntuser.dat.LOG1 [28/08/2019 02:00:59] - |ASH| - [262144] - C:\Users\Administrateur\ntuser.dat.LOG2 [28/08/2019 02:00:59] - |ASH| - [65536] - C:\Users\Administrateur\NTUSER.DAT{b6f7cd94-5b51-11e8-9c14-54e1adf378e5}.TM.blf [28/08/2019 02:00:59] - |ASH| - [524288] - C:\Users\Administrateur\NTUSER.DAT{b6f7cd94-5b51-11e8-9c14-54e1adf378e5}.TMContainer00000000000000000001.regtrans-ms [28/08/2019 02:00:59] - |ASH| - [524288] - C:\Users\Administrateur\NTUSER.DAT{b6f7cd94-5b51-11e8-9c14-54e1adf378e5}.TMContainer00000000000000000002.regtrans-ms [28/08/2019 02:00:59] - |ASH| - [20] - C:\Users\Administrateur\ntuser.ini [28/08/2019 02:00:59] - |RASH| - [290] - C:\Users\Administrateur\ntuser.pol [28/08/2019 02:02:16] - |RD| - [105] - C:\Users\Administrateur\OneDrive [28/08/2019 02:00:59] - |RD| - [884] - C:\Users\Administrateur\Pictures [28/08/2019 02:00:59] - |SHD| - [0] - C:\Users\Administrateur\Recent [28/08/2019 02:00:59] - |RD| - [282] - C:\Users\Administrateur\Saved Games [28/08/2019 02:01:01] - |RD| - [1872] - C:\Users\Administrateur\Searches [28/08/2019 02:00:59] - |SHD| - [0] - C:\Users\Administrateur\SendTo [28/08/2019 02:00:59] - |RD| - [504] - C:\Users\Administrateur\Videos [28/08/2019 02:00:59] - |SHD| - [0] - C:\Users\Administrateur\Voisinage d'impression [28/08/2019 02:00:59] - |SHD| - [0] - C:\Users\Administrateur\Voisinage réseau [28/08/2019 02:00:59] - |D| - [322225127] - C:\Users\Administrateur\AppData\Local [28/08/2019 02:00:59] - |D| - [7487] - C:\Users\Administrateur\AppData\LocalLow [28/08/2019 02:00:59] - |D| - [273730] - C:\Users\Administrateur\AppData\Roaming [28/08/2019 02:00:59] - |SHD| - [0] - C:\Users\Administrateur\AppData\Local\Application Data [28/08/2019 02:02:00] - |D| - [0] - C:\Users\Administrateur\AppData\Local\CEF [28/08/2019 02:16:41] - |D| - [18898948] - C:\Users\Administrateur\AppData\Local\Comms [28/08/2019 02:01:00] - |D| - [1083499] - C:\Users\Administrateur\AppData\Local\ConnectedDevicesPlatform [28/08/2019 02:00:59] - |SHD| - [0] - C:\Users\Administrateur\AppData\Local\Historique [28/08/2019 02:38:18] - |AH| - [10858] - C:\Users\Administrateur\AppData\Local\IconCache.db [28/08/2019 02:00:59] - |D| - [194509525] - C:\Users\Administrateur\AppData\Local\Microsoft [28/08/2019 02:01:30] - |D| - [0] - C:\Users\Administrateur\AppData\Local\MicrosoftEdge [28/08/2019 02:01:00] - |D| - [155697] - C:\Users\Administrateur\AppData\Local\NVIDIA [28/08/2019 02:01:02] - |D| - [16195263] - C:\Users\Administrateur\AppData\Local\NVIDIA Corporation [28/08/2019 02:01:01] - |D| - [56809847] - C:\Users\Administrateur\AppData\Local\Packages [28/08/2019 02:02:19] - |D| - [0] - C:\Users\Administrateur\AppData\Local\PlaceholderTileLogoFolder [28/08/2019 02:01:06] - |D| - [0] - C:\Users\Administrateur\AppData\Local\Publishers [28/08/2019 02:00:59] - |D| - [34561490] - C:\Users\Administrateur\AppData\Local\Temp [28/08/2019 02:00:59] - |SHD| - [0] - C:\Users\Administrateur\AppData\Local\Temporary Internet Files [28/08/2019 02:01:19] - |SD| - [7487] - C:\Users\Administrateur\AppData\LocalLow\Microsoft [28/08/2019 02:01:01] - |D| - [0] - C:\Users\Administrateur\AppData\Roaming\Adobe [28/08/2019 02:00:59] - |SD| - [273730] - C:\Users\Administrateur\AppData\Roaming\Microsoft [28/08/2019 02:01:01] - |SH| - [174] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini [28/08/2019 02:00:59] - |SHD| - [0] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes [28/08/2019 02:00:59] - |RD| - [21273] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [28/08/2019 02:00:59] - |RD| - [3888] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility [28/08/2019 02:00:59] - |RD| - [2925] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [28/08/2019 02:01:02] - |RD| - [174] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [28/08/2019 02:00:59] - |SH| - [264] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini [28/08/2019 02:00:59] - |D| - [170] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [28/08/2019 02:00:59] - |A| - [2428] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk [28/08/2019 02:01:02] - |RD| - [174] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [28/08/2019 02:00:59] - |RD| - [3496] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools [28/08/2019 02:00:59] - |RD| - [7754] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell [28/08/2019 02:01:02] - |SH| - [174] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | [overd] [12/02/2019 12:54:13] - |D| - [0] - C:\Users\overd\.Origin [12/02/2019 12:54:14] - |D| - [0] - C:\Users\overd\.QtWebEngineProcess [02/02/2018 21:07:25] - |RD| - [298] - C:\Users\overd\3D Objects [20/03/2018 20:08:13] - |D| - [0] - C:\Users\overd\ansel [19/05/2018 11:48:34] - |HDC| - [51660164771] - C:\Users\overd\AppData [19/05/2018 11:48:34] - |SHD| - [2838971475] - C:\Users\overd\Application Data [02/02/2018 21:07:25] - |RD| - [412] - C:\Users\overd\Contacts [19/05/2018 11:48:34] - |SHD| - [91] - C:\Users\overd\Cookies [21/08/2018 23:03:57] - |D| - [0] - C:\Users\overd\Creative Cloud Files [02/02/2018 21:05:01] - |RDC| - [13415585] - C:\Users\overd\Desktop [02/02/2018 21:05:01] - |RDC| - [578381450] - C:\Users\overd\Documents [02/02/2018 21:05:01] - |RD| - [35509621] - C:\Users\overd\Downloads [02/02/2018 21:05:01] - |RD| - [690] - C:\Users\overd\Favorites [02/02/2018 21:24:26] - |SHD| - [25308] - C:\Users\overd\IntelGraphicsProfiles [02/02/2018 21:05:01] - |RD| - [3278] - C:\Users\overd\Links [19/05/2018 11:48:34] - |SHD| - [47707999855] - C:\Users\overd\Local Settings [19/05/2018 11:48:34] - |SHD| - [91551] - C:\Users\overd\Menu Démarrer [19/05/2018 11:48:34] - |SHD| - [578381450] - C:\Users\overd\Mes documents [02/02/2018 21:47:54] - |HD| - [3682377] - C:\Users\overd\MicrosoftEdgeBackups [19/05/2018 11:48:34] - |SHD| - [0] - C:\Users\overd\Modèles [02/02/2018 21:05:01] - |RD| - [54120] - C:\Users\overd\Music [19/05/2018 11:48:34] - |AH| - [4718592] - C:\Users\overd\NTUSER.DAT [19/05/2018 11:48:34] - |ASH| - [917504] - C:\Users\overd\ntuser.dat.LOG1 [19/05/2018 11:48:34] - |ASH| - [393216] - C:\Users\overd\ntuser.dat.LOG2 [19/05/2018 11:48:34] - |ASH| - [65536] - C:\Users\overd\NTUSER.DAT{b6f7cd94-5b51-11e8-9c14-54e1adf378e5}.TM.blf [19/05/2018 11:48:34] - |ASH| - [524288] - C:\Users\overd\NTUSER.DAT{b6f7cd94-5b51-11e8-9c14-54e1adf378e5}.TMContainer00000000000000000001.regtrans-ms [19/05/2018 11:48:34] - |ASH| - [524288] - C:\Users\overd\NTUSER.DAT{b6f7cd94-5b51-11e8-9c14-54e1adf378e5}.TMContainer00000000000000000002.regtrans-ms [19/05/2018 11:51:48] - |SH| - [20] - C:\Users\overd\ntuser.ini [03/07/2019 22:31:46] - |RASH| - [290] - C:\Users\overd\ntuser.pol [02/02/2018 21:09:02] - |RD| - [1067376] - C:\Users\overd\OneDrive [02/02/2018 21:05:01] - |RD| - [155371006] - C:\Users\overd\Pictures [19/05/2018 11:48:34] - |SHD| - [576945] - C:\Users\overd\Recent [02/02/2018 21:05:01] - |RD| - [315456912] - C:\Users\overd\Saved Games [02/02/2018 21:07:25] - |RD| - [1875] - C:\Users\overd\Searches [19/05/2018 11:48:34] - |SHD| - [5508] - C:\Users\overd\SendTo [02/02/2018 21:05:01] - |RD| - [1464] - C:\Users\overd\Videos [19/05/2018 11:48:34] - |SHD| - [0] - C:\Users\overd\Voisinage d'impression [19/05/2018 11:48:34] - |SHD| - [0] - C:\Users\overd\Voisinage réseau [19/05/2018 11:48:34] - |DC| - [48815641968] - C:\Users\overd\AppData\Local [02/02/2018 21:05:01] - |DC| - [5331037] - C:\Users\overd\AppData\LocalLow [06/06/2018 22:59:50] - |AC| - [220291] - C:\Users\overd\AppData\Localtransition_7f4aafd08e00891616584009c7052448.ini [19/05/2018 11:48:34] - |DC| - [2838971475] - C:\Users\overd\AppData\Roaming [20/02/2018 23:24:34] - |DC| - [22104099] - C:\Users\overd\AppData\Local\Adobe [06/06/2018 22:59:49] - |DC| - [3855339] - C:\Users\overd\AppData\Local\Ankama [27/11/2018 19:54:35] - |DC| - [0] - C:\Users\overd\AppData\Local\Apple [27/11/2018 19:55:08] - |DC| - [1024495] - C:\Users\overd\AppData\Local\Apple Computer [19/05/2018 11:48:34] - |SHD| - [44400071634] - C:\Users\overd\AppData\Local\Application Data [27/08/2019 15:51:41] - |DC| - [412976] - C:\Users\overd\AppData\Local\Archon [30/06/2018 00:58:03] - |DC| - [1] - C:\Users\overd\AppData\Local\BattlEye [02/02/2018 22:33:07] - |DC| - [4693338] - C:\Users\overd\AppData\Local\CEF [02/02/2018 21:23:49] - |DC| - [76669666] - C:\Users\overd\AppData\Local\Comms [02/02/2018 21:07:24] - |DC| - [1671855] - C:\Users\overd\AppData\Local\ConnectedDevicesPlatform [11/03/2018 22:09:35] - |DC| - [30488170] - C:\Users\overd\AppData\Local\CrashDumps [06/02/2018 21:20:05] - |DC| - [142433] - C:\Users\overd\AppData\Local\CrashReportClient [22/11/2018 19:40:31] - |DC| - [0] - C:\Users\overd\AppData\Local\CrashRpt [19/05/2018 13:35:16] - |DC| - [479868] - C:\Users\overd\AppData\Local\D3DSCache [03/02/2018 01:19:32] - |DC| - [0] - C:\Users\overd\AppData\Local\DBG [08/02/2018 19:11:22] - |DC| - [67299] - C:\Users\overd\AppData\Local\Diagnostics [13/01/2019 18:19:37] - |DC| - [331306138] - C:\Users\overd\AppData\Local\Discord [22/08/2018 14:04:37] - |DC| - [381541336] - C:\Users\overd\AppData\Local\Downloaded Installations [28/08/2019 02:40:33] - |DC| - [130702] - C:\Users\overd\AppData\Local\ElevatedDiagnostics [04/07/2019 21:31:16] - |DC| - [114448889] - C:\Users\overd\AppData\Local\EpicGamesLauncher [14/05/2018 21:10:24] - |DC| - [427784869] - C:\Users\overd\AppData\Local\FortniteGame [03/02/2018 01:30:14] - |DC| - [601972487] - C:\Users\overd\AppData\Local\Google [17/03/2018 21:36:20] - |DC| - [295] - C:\Users\overd\AppData\Local\HirezLauncherUI [19/05/2018 11:48:34] - |SHD| - [130] - C:\Users\overd\AppData\Local\Historique [29/08/2019 02:29:14] - |AHC| - [83089] - C:\Users\overd\AppData\Local\IconCache.db [14/05/2018 19:11:37] - |DC| - [26394416] - C:\Users\overd\AppData\Local\LenovoServiceBridge [22/08/2018 14:21:26] - |DC| - [0] - C:\Users\overd\AppData\Local\LooksBuilder [04/07/2019 19:58:11] - |DC| - [776360] - C:\Users\overd\AppData\Local\mbam [04/07/2019 19:57:51] - |DC| - [235676] - C:\Users\overd\AppData\Local\mbamtray [19/05/2018 11:48:34] - |DC| - [188722085] - C:\Users\overd\AppData\Local\Microsoft [02/02/2018 21:45:26] - |DC| - [70882] - C:\Users\overd\AppData\Local\MicrosoftEdge [02/02/2018 21:50:27] - |DC| - [1089356441] - C:\Users\overd\AppData\Local\Mozilla [20/02/2018 23:25:00] - |DC| - [184618785] - C:\Users\overd\AppData\Local\NVIDIA [03/02/2018 00:55:49] - |DC| - [185651084] - C:\Users\overd\AppData\Local\NVIDIA Corporation [04/07/2019 00:02:18] - |AC| - [0] - C:\Users\overd\AppData\Local\oobelibMkey.log [12/02/2019 12:54:08] - |DC| - [121162551] - C:\Users\overd\AppData\Local\Origin [02/02/2018 21:07:25] - |DC| - [537862383] - C:\Users\overd\AppData\Local\Packages [19/05/2018 11:51:58] - |DC| - [0] - C:\Users\overd\AppData\Local\PackageStaging [02/02/2018 22:02:47] - |DC| - [0] - C:\Users\overd\AppData\Local\PeerDistRepub [02/02/2018 21:29:48] - |DC| - [2495] - C:\Users\overd\AppData\Local\PlaceholderTileLogoFolder [17/03/2018 01:26:35] - |DC| - [4293274] - C:\Users\overd\AppData\Local\PokerStars.FR [02/02/2018 22:19:22] - |DC| - [8673829] - C:\Users\overd\AppData\Local\Programs [02/02/2018 21:07:28] - |DC| - [853066] - C:\Users\overd\AppData\Local\Publishers [15/03/2018 20:00:19] - |DC| - [0] - C:\Users\overd\AppData\Local\SCE [28/07/2018 02:45:40] - |DC| - [2820] - C:\Users\overd\AppData\Local\speech [01/11/2018 16:47:00] - |DC| - [0] - C:\Users\overd\AppData\Local\Speech Graphics [28/05/2018 18:41:53] - |DC| - [33361] - C:\Users\overd\AppData\Local\SquirrelTemp [02/02/2018 22:33:07] - |DC| - [52155664] - C:\Users\overd\AppData\Local\Steam [02/02/2018 22:44:38] - |DC| - [44] - C:\Users\overd\AppData\Local\TeamSpeak 3 Client [26/08/2019 19:29:16] - |DC| - [15409070] - C:\Users\overd\AppData\Local\Temp [19/05/2018 11:48:34] - |SHD| - [61099] - C:\Users\overd\AppData\Local\Temporary Internet Files [03/02/2018 00:49:53] - |DC| - [4492] - C:\Users\overd\AppData\Local\Ubisoft Game Launcher [02/02/2018 23:26:51] - |DC| - [530] - C:\Users\overd\AppData\Local\UnrealEngine [03/02/2018 13:29:31] - |DC| - [500] - C:\Users\overd\AppData\Local\UnrealEngineLauncher [02/02/2018 21:07:25] - |DC| - [889] - C:\Users\overd\AppData\Local\VirtualStore [26/08/2019 18:47:22] - |DC| - [351064] - C:\Users\overd\AppData\Local\ZHP [27/08/2019 02:13:38] - |DC| - [2824178] - C:\Users\overd\AppData\LocalLow\8floor [26/08/2019 20:58:54] - |DC| - [0] - C:\Users\overd\AppData\LocalLow\Adobe [02/02/2018 22:19:52] - |DC| - [177] - C:\Users\overd\AppData\LocalLow\IObit [02/02/2018 21:05:33] - |SDC| - [2505978] - C:\Users\overd\AppData\LocalLow\Microsoft [02/02/2018 21:50:28] - |DC| - [0] - C:\Users\overd\AppData\LocalLow\Mozilla [26/11/2018 20:01:10] - |DC| - [704] - C:\Users\overd\AppData\LocalLow\Sun [27/08/2019 16:30:44] - |DC| - [0] - C:\Users\overd\AppData\LocalLow\Unity [02/02/2018 21:07:25] - |DC| - [2379677326] - C:\Users\overd\AppData\Roaming\Adobe [30/12/2018 17:32:43] - |SHDC| - [0] - C:\Users\overd\AppData\Roaming\amd64_netfx-aspnetmmcext_b03f5f7f11d50a3a_6.1.7600.16385_none_bfba567785514114 [06/06/2018 23:53:53] - |DC| - [1005] - C:\Users\overd\AppData\Roaming\AnkamaCertificates [08/12/2018 00:10:02] - |DC| - [0] - C:\Users\overd\AppData\Roaming\ByClick [06/06/2018 23:52:57] - |AC| - [113] - C:\Users\overd\AppData\Roaming\D2Info0 [23/07/2018 19:06:01] - |DC| - [2118] - C:\Users\overd\AppData\Roaming\Daichi [13/01/2019 18:19:48] - |DC| - [156320379] - C:\Users\overd\AppData\Roaming\discord [06/06/2018 23:52:57] - |DC| - [10786148] - C:\Users\overd\AppData\Roaming\Dofus [07/06/2018 12:16:29] - |DC| - [75] - C:\Users\overd\AppData\Roaming\Dofus-2 [12/06/2018 16:20:34] - |DC| - [75] - C:\Users\overd\AppData\Roaming\Dofus-3 [06/06/2018 23:52:57] - |AC| - [8] - C:\Users\overd\AppData\Roaming\DofusAppId0_1 [07/06/2018 12:16:29] - |AC| - [8] - C:\Users\overd\AppData\Roaming\DofusAppId0_2 [12/06/2018 16:20:34] - |AC| - [8] - C:\Users\overd\AppData\Roaming\DofusAppId0_3 [10/03/2018 00:41:17] - |DC| - [7237580] - C:\Users\overd\AppData\Roaming\EasyAntiCheat [04/07/2019 14:38:46] - |DC| - [0] - C:\Users\overd\AppData\Roaming\Google [27/11/2018 19:37:22] - |DC| - [4096] - C:\Users\overd\AppData\Roaming\HYXDevPsnList [23/07/2018 17:31:31] - |DC| - [2752370] - C:\Users\overd\AppData\Roaming\Image-Line [18/04/2019 18:03:23] - |DC| - [1709156] - C:\Users\overd\AppData\Roaming\LibreOffice [06/06/2018 23:52:57] - |DC| - [2440] - C:\Users\overd\AppData\Roaming\Macromedia [19/05/2018 11:48:34] - |SDC| - [1422881] - C:\Users\overd\AppData\Roaming\Microsoft [02/02/2018 21:50:27] - |DC| - [58847246] - C:\Users\overd\AppData\Roaming\Mozilla [03/02/2018 12:34:04] - |DC| - [130802428] - C:\Users\overd\AppData\Roaming\NVIDIA [12/02/2019 12:54:12] - |DC| - [5697] - C:\Users\overd\AppData\Roaming\Origin [02/03/2019 15:14:01] - |DC| - [271414] - C:\Users\overd\AppData\Roaming\Red Giant Link [06/06/2018 23:52:58] - |DC| - [5352] - C:\Users\overd\AppData\Roaming\Reg [26/11/2018 20:01:10] - |DC| - [0] - C:\Users\overd\AppData\Roaming\Sun [05/02/2018 20:54:30] - |DC| - [66421221] - C:\Users\overd\AppData\Roaming\TS3Client [23/07/2018 18:02:43] - |DC| - [1031741] - C:\Users\overd\AppData\Roaming\WinRAR [08/12/2018 00:10:44] - |DC| - [5218] - C:\Users\overd\AppData\Roaming\YouTubeByClick [26/08/2019 18:47:22] - |DC| - [21660019] - C:\Users\overd\AppData\Roaming\ZHP [09/03/2019 13:47:04] - |DC| - [5353] - C:\Users\overd\AppData\Roaming\[Worker].null [02/02/2018 21:07:25] - |ASHC| - [174] - C:\Users\overd\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini [06/06/2018 22:59:49] - |AC| - [985] - C:\Users\overd\AppData\Roaming\Microsoft\Windows\Start Menu\Dofus.lnk [19/05/2018 11:48:34] - |SHD| - [45196] - C:\Users\overd\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes [02/02/2018 21:05:01] - |RDC| - [45196] - C:\Users\overd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [19/05/2018 11:48:34] - |RDC| - [3888] - C:\Users\overd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility [19/05/2018 11:48:34] - |RDC| - [2925] - C:\Users\overd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [02/02/2018 21:07:25] - |RDC| - [174] - C:\Users\overd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [23/07/2018 17:32:15] - |DC| - [2499] - C:\Users\overd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2 [19/05/2018 11:48:34] - |ASHC| - [264] - C:\Users\overd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini [28/05/2018 18:42:00] - |DC| - [2247] - C:\Users\overd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc [23/07/2018 17:31:24] - |DC| - [2044] - C:\Users\overd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line [01/11/2018 16:04:17] - |DC| - [2191] - C:\Users\overd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KULT-ULTIMATE [06/03/2018 18:19:13] - |DC| - [4968] - C:\Users\overd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo [19/05/2018 11:48:34] - |DC| - [170] - C:\Users\overd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [19/11/2018 19:51:00] - |DC| - [239] - C:\Users\overd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My.com Games [19/05/2018 11:48:34] - |AC| - [1105] - C:\Users\overd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk [17/03/2018 00:36:19] - |DC| - [2822] - C:\Users\overd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStars.FR [02/02/2018 21:07:25] - |RDC| - [2346] - C:\Users\overd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [19/05/2018 11:48:34] - |RDC| - [3496] - C:\Users\overd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools [03/02/2018 00:49:53] - |DC| - [2701] - C:\Users\overd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft [19/05/2018 11:48:34] - |RDC| - [7754] - C:\Users\overd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell [23/07/2018 18:02:26] - |DC| - [3363] - C:\Users\overd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [02/02/2018 21:07:25] - |ASHC| - [174] - C:\Users\overd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini [03/07/2019 22:30:40] - |AC| - [1076] - C:\Users\overd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gamelan.lnk [03/07/2019 22:30:40] - |AC| - [1096] - C:\Users\overd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gamelangamelan.lnk ---------- | [Public] [02/02/2018 21:07:25] - |RHD| - [196] - C:\Users\Public\AccountPictures [03/02/2018 00:58:51] - |AHD| - [0] - C:\Users\Public\AppData [29/09/2017 15:46:33] - |RHD| - [7993] - C:\Users\Public\Desktop [12/04/2018 01:38:24] - |ASH| - [174] - C:\Users\Public\desktop.ini [29/09/2017 15:46:33] - |RD| - [200454039] - C:\Users\Public\Documents [29/09/2017 15:46:33] - |RD| - [174] - C:\Users\Public\Downloads [12/04/2018 01:38:20] - |SHD| - [1374] - C:\Users\Public\Libraries [03/02/2018 00:58:51] - |A| - [240] - C:\Users\Public\Libraries.ini [29/09/2017 15:46:33] - |RD| - [380] - C:\Users\Public\Music [29/09/2017 15:46:33] - |RD| - [380] - C:\Users\Public\Pictures [12/07/2018 14:56:44] - |AHD| - [0] - C:\Users\Public\Shared Files [29/09/2017 15:46:33] - |RD| - [380] - C:\Users\Public\Videos ---------- | C:\ProgramData [20/02/2018 23:24:40] - |D| - [840449196] - C:\ProgramData\Adobe [27/11/2018 19:53:59] - |D| - [257] - C:\ProgramData\Apple [27/11/2018 19:54:48] - |D| - [555] - C:\ProgramData\Apple Computer [19/05/2018 11:51:37] - |SHD| - [50675360286] - C:\ProgramData\Application Data [05/06/2018 13:52:08] - |D| - [7855456] - C:\ProgramData\AVAST Software [03/02/2018 04:00:59] - |SHD| - [7993] - C:\ProgramData\Bureau [12/04/2018 22:17:06] - |HD| - [32360511] - C:\ProgramData\CanonBJ [08/12/2018 00:10:39] - |D| - [0] - C:\ProgramData\Caphyon [19/05/2018 11:51:37] - |SHD| - [200454039] - C:\ProgramData\Documents [02/01/2019 20:05:28] - |D| - [8716288] - C:\ProgramData\Dolby [02/02/2018 21:12:59] - |A| - [0] - C:\ProgramData\DP45977C.lfl [12/02/2019 18:47:45] - |D| - [433] - C:\ProgramData\Electronic Arts [08/08/2019 13:42:56] - |D| - [21661221] - C:\ProgramData\Epic [14/07/2018 13:18:47] - |D| - [75138] - C:\ProgramData\Hewlett-Packard [17/03/2018 21:36:12] - |D| - [7092238] - C:\ProgramData\Hi-Rez Studios [03/02/2018 01:14:50] - |D| - [405376] - C:\ProgramData\Intel [03/02/2018 12:30:33] - |D| - [6393166] - C:\ProgramData\Lenovo [04/07/2019 19:57:39] - |D| - [4452352] - C:\ProgramData\Malwarebytes [03/02/2018 04:00:59] - |SHD| - [163202] - C:\ProgramData\Menu Démarrer [12/04/2018 01:38:20] - |SD| - [653812090] - C:\ProgramData\Microsoft [19/05/2018 11:55:43] - |D| - [0] - C:\ProgramData\Microsoft OneDrive [04/07/2019 19:09:36] - |A| - [102] - C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc [03/02/2018 04:00:59] - |SHD| - [0] - C:\ProgramData\Modèles [06/02/2019 20:24:52] - |D| - [16707] - C:\ProgramData\Mozilla [03/07/2019 22:30:16] - |RASH| - [2708] - C:\ProgramData\ntuser.pol [02/02/2018 21:28:07] - |D| - [8273597] - C:\ProgramData\NVIDIA [02/02/2018 21:27:56] - |D| - [2469713262] - C:\ProgramData\NVIDIA Corporation [26/11/2018 20:00:54] - |D| - [82551963] - C:\ProgramData\Oracle [12/02/2019 12:54:12] - |D| - [360868077] - C:\ProgramData\Origin [02/02/2018 22:44:42] - |D| - [72615230] - C:\ProgramData\Package Cache [13/06/2018 00:06:00] - |D| - [356352] - C:\ProgramData\Packages [03/07/2019 22:29:32] - |D| - [0] - C:\ProgramData\Pader [02/02/2018 22:21:54] - |D| - [140] - C:\ProgramData\ProductData [22/08/2018 14:05:43] - |D| - [1031] - C:\ProgramData\RedGiant [12/04/2018 01:38:20] - |D| - [993] - C:\ProgramData\regid.1991-06.com.microsoft [06/01/2019 00:32:20] - |D| - [39] - C:\ProgramData\Riot Games [12/04/2018 01:38:20] - |D| - [0] - C:\ProgramData\SoftwareDistribution [04/08/2019 15:30:45] - |D| - [6366] - C:\ProgramData\TACHYON [12/04/2018 01:38:20] - |D| - [7054] - C:\ProgramData\USOPrivate [19/05/2018 11:47:44] - |D| - [10252288] - C:\ProgramData\USOShared [12/04/2018 18:24:11] - |D| - [0] - C:\ProgramData\WindowsHolographicDevices [27/11/2018 19:36:55] - |D| - [246977] - C:\ProgramData\Wondershare [03/07/2019 22:29:39] - |D| - [0] - C:\ProgramData\{14508CBC-3008-9E5A-702D-D91270CA8043} [04/08/2019 15:30:08] - |D| - [0] - C:\ProgramData\{7FB81F86-A332-F5B2-4ABE-31794A596828} [03/07/2019 22:29:39] - |D| - [0] - C:\ProgramData\{887E2529-999D-0274-E584-F78EE563AEDF} [04/08/2019 15:30:08] - |D| - [0] - C:\ProgramData\{A403AA99-162D-2E09-550B-8AA255ECD3F3} ---------- | C:\ProgramData\Microsoft\Windows\Start Menu [12/04/2018 01:38:24] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini [03/02/2018 04:00:59] - |SHD| - [81514] - C:\ProgramData\Microsoft\Windows\Start Menu\Programmes [12/04/2018 01:38:20] - |RD| - [81514] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs [12/04/2018 01:38:20] - |RD| - [1614] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility [12/04/2018 01:38:20] - |RD| - [14299] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories [12/04/2018 01:38:20] - |RD| - [24294] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [30/08/2018 13:44:46] - |A| - [1231] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CC 2018.lnk [28/07/2018 04:15:15] - |A| - [1298] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk [30/08/2018 13:52:23] - |A| - [1133] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CC 2018.lnk [28/08/2019 03:04:30] - |A| - [731] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Assistant Mise à jour de Windows 10.lnk [12/04/2018 01:38:24] - |ASH| - [530] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini [08/08/2019 13:43:00] - |A| - [951] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk [17/07/2019 20:41:23] - |A| - [1005] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk [17/03/2018 21:36:13] - |D| - [2052] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios [23/07/2018 17:31:24] - |D| - [2898] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line [12/04/2018 01:35:21] - |RAS| - [2349] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk [03/02/2018 13:06:50] - |D| - [1358] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver and Support Assistant [26/11/2018 20:01:07] - |D| - [3147] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java [03/02/2018 12:31:00] - |D| - [1251] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo [18/04/2019 18:02:53] - |D| - [9054] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 6.1 [12/04/2018 01:38:20] - |D| - [170] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance [24/05/2018 20:20:58] - |D| - [1461] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [12/02/2019 12:58:49] - |D| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin [02/02/2018 22:27:02] - |D| - [2039] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realtek [12/04/2018 01:38:20] - |RD| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp [02/02/2018 22:26:32] - |D| - [1108] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [12/04/2018 01:38:20] - |RD| - [1458] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools [05/02/2018 20:53:10] - |A| - [970] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk [19/05/2018 11:48:56] - |A| - [1576] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk [23/07/2018 18:02:27] - |D| - [3363] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [27/11/2018 19:37:15] - |D| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [12/04/2018 01:38:24] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | C:\Program Files (x86) [28/07/2018 04:14:32] - |D| - [195434902] - C:\Program Files (x86)\Adobe [12/04/2018 01:38:20] - |D| - [1185013176] - C:\Program Files (x86)\Common Files [12/04/2018 01:38:24] - |ASH| - [174] - C:\Program Files (x86)\desktop.ini [12/07/2018 14:50:02] - |D| - [1825736] - C:\Program Files (x86)\EasyAntiCheat [03/02/2018 01:30:14] - |D| - [0] - C:\Program Files (x86)\Google [23/07/2018 17:26:23] - |D| - [213805354] - C:\Program Files (x86)\Image-Line [17/03/2018 21:36:09] - |HD| - [3156853] - C:\Program Files (x86)\InstallShield Installation Information [03/02/2018 13:06:50] - |D| - [3854266] - C:\Program Files (x86)\Intel Driver and Support Assistant [12/04/2018 01:38:20] - |D| - [1996783] - C:\Program Files (x86)\Internet Explorer [12/04/2018 01:38:20] - |D| - [23935] - C:\Program Files (x86)\Microsoft.NET [17/07/2019 20:41:23] - |D| - [331393] - C:\Program Files (x86)\Mozilla Maintenance Service [19/05/2018 12:40:47] - |D| - [25757] - C:\Program Files (x86)\MSBuild [02/02/2018 21:28:07] - |D| - [295499645] - C:\Program Files (x86)\NVIDIA Corporation [12/02/2019 19:35:42] - |D| - [0] - C:\Program Files (x86)\Origin Games [02/02/2018 21:13:04] - |D| - [14460928] - C:\Program Files (x86)\Realtek [19/05/2018 12:40:47] - |D| - [38462721] - C:\Program Files (x86)\Reference Assemblies [02/02/2018 22:26:32] - |D| - [992710856] - C:\Program Files (x86)\Steam [03/07/2019 22:30:40] - |HD| - [0] - C:\Program Files (x86)\transacting [03/02/2018 00:49:51] - |D| - [342398245] - C:\Program Files (x86)\Ubisoft [19/05/2018 11:47:07] - |HD| - [0] - C:\Program Files (x86)\Uninstall Information [02/02/2018 21:24:24] - |D| - [15351] - C:\Program Files (x86)\VulkanRT [12/04/2018 01:38:20] - |D| - [1780344] - C:\Program Files (x86)\Windows Defender [12/04/2018 01:38:20] - |D| - [625664] - C:\Program Files (x86)\Windows Mail [12/04/2018 18:20:01] - |D| - [3255239] - C:\Program Files (x86)\Windows Media Player [12/04/2018 01:38:20] - |D| - [40328] - C:\Program Files (x86)\Windows Multimedia Platform [12/04/2018 01:38:20] - |D| - [7556440] - C:\Program Files (x86)\windows nt [12/04/2018 01:38:20] - |D| - [5370120] - C:\Program Files (x86)\Windows Photo Viewer [12/04/2018 01:38:20] - |D| - [40328] - C:\Program Files (x86)\Windows Portable Devices [12/04/2018 01:38:20] - |SHD| - [0] - C:\Program Files (x86)\Windows Sidebar [12/04/2018 01:38:20] - |D| - [2251159] - C:\Program Files (x86)\WindowsPowerShell ---------- | C:\Program Files [28/07/2018 04:19:48] - |D| - [2205535114] - C:\Program Files\Adobe [05/06/2018 13:52:04] - |D| - [32] - C:\Program Files\CCleaner [12/04/2018 01:38:20] - |D| - [144428413] - C:\Program Files\Common Files [12/04/2018 01:38:23] - |ASH| - [174] - C:\Program Files\desktop.ini [02/01/2019 20:05:28] - |D| - [6657549] - C:\Program Files\Dolby [03/02/2018 04:00:59] - |SHD| - [144428413] - C:\Program Files\Fichiers communs [23/07/2018 17:31:25] - |D| - [3681435] - C:\Program Files\Image-Line [02/02/2018 21:24:12] - |D| - [66135470] - C:\Program Files\Intel [12/04/2018 01:38:20] - |D| - [2628602] - C:\Program Files\internet explorer [03/02/2018 12:30:33] - |D| - [104320900] - C:\Program Files\Lenovo [18/04/2019 18:02:26] - |D| - [545944436] - C:\Program Files\LibreOffice [22/06/2019 13:21:21] - |D| - [237959532] - C:\Program Files\Mozilla Firefox [19/05/2018 12:40:47] - |D| - [25757] - C:\Program Files\MSBuild [02/02/2018 21:27:53] - |D| - [1849906953] - C:\Program Files\NVIDIA Corporation [02/02/2018 21:12:57] - |D| - [27814425] - C:\Program Files\Realtek [19/05/2018 12:40:47] - |D| - [36867241] - C:\Program Files\Reference Assemblies [16/11/2018 20:41:49] - |D| - [32151185] - C:\Program Files\rempl [02/02/2018 21:05:32] - |D| - [70806152] - C:\Program Files\Synaptics [05/02/2018 20:53:04] - |D| - [181912107] - C:\Program Files\TeamSpeak 3 Client [03/02/2018 03:59:48] - |HD| - [0] - C:\Program Files\Uninstall Information [20/06/2019 14:31:43] - |D| - [10257074] - C:\Program Files\UNP [12/04/2018 01:38:20] - |RD| - [19299507] - C:\Program Files\Windows Defender [12/04/2018 18:24:11] - |D| - [12730296] - C:\Program Files\Windows Defender Advanced Threat Protection [12/04/2018 01:38:20] - |D| - [635392] - C:\Program Files\Windows Mail [12/04/2018 18:20:01] - |D| - [4784107] - C:\Program Files\Windows Media Player [12/04/2018 01:38:20] - |D| - [46576] - C:\Program Files\Windows Multimedia Platform [12/04/2018 01:38:20] - |D| - [12668248] - C:\Program Files\windows nt [12/04/2018 01:38:20] - |D| - [6170376] - C:\Program Files\Windows Photo Viewer [12/04/2018 01:38:20] - |D| - [46576] - C:\Program Files\Windows Portable Devices [12/04/2018 01:38:20] - |D| - [106165] - C:\Program Files\Windows Security [12/04/2018 01:38:20] - |SHD| - [0] - C:\Program Files\Windows Sidebar [12/04/2018 01:38:20] - |HD| - [2589217973] - C:\Program Files\WindowsApps [12/04/2018 01:38:20] - |D| - [2501953] - C:\Program Files\WindowsPowerShell ---------- | C:\Program Files (x86)\Common Files [20/02/2018 23:24:34] - |D| - [982559065] - C:\Program Files (x86)\Common Files\Adobe [03/02/2018 00:55:10] - |D| - [32293928] - C:\Program Files (x86)\Common Files\BattlEye [02/02/2018 21:24:11] - |D| - [135634590] - C:\Program Files (x86)\Common Files\Intel [26/11/2018 20:01:31] - |D| - [1973744] - C:\Program Files (x86)\Common Files\Java [12/04/2018 01:38:20] - |D| - [15936520] - C:\Program Files (x86)\Common Files\microsoft shared [26/11/2018 20:01:07] - |D| - [1540304] - C:\Program Files (x86)\Common Files\Oracle [23/07/2018 17:31:54] - |D| - [1435256] - C:\Program Files (x86)\Common Files\Propellerhead Software [12/04/2018 01:38:20] - |D| - [2702] - C:\Program Files (x86)\Common Files\Services [02/02/2018 22:26:33] - |D| - [4085312] - C:\Program Files (x86)\Common Files\Steam [12/04/2018 01:38:20] - |D| - [9551755] - C:\Program Files (x86)\Common Files\system ---------- | C:\Program Files\Common files [28/07/2018 04:22:31] - |D| - [91203088] - C:\Program Files\Common files\Adobe [05/06/2018 13:53:07] - |D| - [2045832] - C:\Program Files\Common files\AVAST Software [08/08/2019 17:45:05] - |HD| - [1000642] - C:\Program Files\Common files\EAInstaller [12/04/2018 01:38:20] - |D| - [37717650] - C:\Program Files\Common files\microsoft shared [23/07/2018 17:31:54] - |D| - [2193016] - C:\Program Files\Common files\Propellerhead Software [12/04/2018 01:38:20] - |D| - [2702] - C:\Program Files\Common files\Services [12/04/2018 01:38:20] - |D| - [10265483] - C:\Program Files\Common files\system ---------- | Tasks [MD5.AA42413323356905CCA562737277303B] - [28/08/2019 02:44:13] - |A| - [214] - C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job [MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [19/05/2018 11:51:35] - |AH| - [6] - C:\WINDOWS\Tasks\SA.DAT [MD5.BE204F83D8AE53DFDFEDB8B6E97A2303] - [27/05/2018 22:03:47] - |A| - [4772] - C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier : C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_238_pepper.exe [MD5.FCC3EB18D5B5754A54D0AD31243D87EA] - [11/06/2018 06:49:28] - |A| - [4594] - C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater : C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [MD5.3A502C21D0EFEECFD3C267EB31B86E8E] - [19/05/2018 11:51:35] - |A| - [2800] - C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-overd0z@outlook.fr : C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [MD5.AC3EEDC5E9E30003B0F509D724C82E33] - [28/07/2018 04:58:55] - |A| - [3708] - C:\WINDOWS\System32\Tasks\AdobeGCInvoker-1.0-MicrosoftAccount-overd0z@outlook.fr : C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [MD5.00000000000000000000000000000000] - [05/06/2018 13:53:18] - |D| - [4086] - C:\WINDOWS\System32\Tasks\Avast Software [MD5.78A091238461EF78F93C8A429780274C] - [26/08/2019 20:26:32] - |A| - [3656] - C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask : C:\WINDOWS\explorer.exe [MD5.00000000000000000000000000000000] - [30/12/2018 17:32:43] - |D| - [0] - C:\WINDOWS\System32\Tasks\G-8-5-63-1065323198-1077138701-1193712117-8057 [MD5.8AD898912076F35F325BEF265423DDCB] - [19/05/2018 11:51:35] - |A| - [3834] - C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 : C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [MD5.00000000000000000000000000000000] - [19/05/2018 11:51:35] - |D| - [2986] - C:\WINDOWS\System32\Tasks\Lenovo [MD5.00000000000000000000000000000000] - [12/04/2018 01:38:21] - |D| - [556650] - C:\WINDOWS\System32\Tasks\Microsoft [MD5.51176F3BFA2A622D87E013ADB2AD518F] - [19/05/2018 11:51:35] - |A| - [2404] - C:\WINDOWS\System32\Tasks\NerveCenterUpdate : "C:\Program Files\Lenovo\Nerve Center\bin\x64\LenovoNerveCenterUpdateAgent.exe" [MD5.3FCF5E0D7D1D01D2FDE412AC20D2ED17] - [24/05/2018 20:20:52] - |A| - [4106] - C:\WINDOWS\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [MD5.877E75B7DAE490B5A33E88CD403839CE] - [19/05/2018 11:51:35] - |A| - [4308] - C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [MD5.F55B2F72E563AB4B2C6F011BD0C0A3BC] - [24/05/2018 20:20:58] - |A| - [3976] - C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : "C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe" [MD5.9200A7AEAD4C78C61F5CA9964667C70D] - [24/05/2018 20:20:58] - |A| - [3940] - C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [MD5.85C501E4538A5F27604F85DBAA4DF9FE] - [19/05/2018 11:51:35] - |A| - [3894] - C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [MD5.4C1943F7A098FE04B84E9B3BDC3715BF] - [19/05/2018 11:51:35] - |A| - [3654] - C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [MD5.AF502838DC3A4FDBC24FEC62420EFDDA] - [20/08/2019 17:48:14] - |A| - [3858] - C:\WINDOWS\System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [MD5.8DE857C3F59070B7B79683C0D0865976] - [20/08/2019 17:48:14] - |A| - [3858] - C:\WINDOWS\System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [MD5.C0616C125C7C07293C4A9661CB78B863] - [20/08/2019 17:48:14] - |A| - [3858] - C:\WINDOWS\System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [MD5.F06C9CDBFF48F5A80D4D80EA2F74D910] - [20/08/2019 17:48:14] - |A| - [3858] - C:\WINDOWS\System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [MD5.8D248DD79B621113D44E79188D69C3B9] - [28/08/2019 02:02:31] - |A| - [3394] - C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3426031793-651430910-2054641259-500 : %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe [MD5.00000000000000000000000000000000] - [04/07/2019 19:43:36] - |D| - [3380] - C:\WINDOWS\System32\Tasks\S-1-5-21-3426031793-651430910-2054641259-1001 [MD5.00000000000000000000000000000000] - [12/04/2018 01:38:21] - |D| - [0] - C:\WINDOWS\Syswow64\Tasks\Microsoft ---------- | Firewall [HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules] "WirelessDisplay-Infra-In-TCP"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7250|App=%systemroot%\system32\CastSrv.exe|Name=@wifidisplay.dll,-10206|Desc=@wifidisplay.dll,-10207|EmbedCtxt=@wifidisplay.dll,-100| "WirelessDisplay-Out-UDP"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10204|Desc=@wifidisplay.dll,-10205|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Out-TCP"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10202|Desc=@wifidisplay.dll,-10203|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-In-TCP"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10200|Desc=@wifidisplay.dll,-10201|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "Netlogon-TCP-RPC-In"=v2.28|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%SystemRoot%\System32\lsass.exe|Name=@netlogon.dll,-1008|Desc=@netlogon.dll,-1009|EmbedCtxt=@netlogon.dll,-1010| "Netlogon-NamedPipe-In"=v2.28|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|Name=@netlogon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010| "DeliveryOptimization-UDP-In"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-103|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE| "DeliveryOptimization-TCP-In"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-102|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE| "WiFiDirect-KM-Driver-Out-UDP"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=System|Name=@wlansvc.dll,-37381|Desc=@wlansvc.dll,-37893|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "WiFiDirect-KM-Driver-In-UDP"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=System|Name=@wlansvc.dll,-37380|Desc=@wlansvc.dll,-37892|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "WiFiDirect-KM-Driver-Out-TCP"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=System|Name=@wlansvc.dll,-37379|Desc=@wlansvc.dll,-37891|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "WiFiDirect-KM-Driver-In-TCP"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=System|Name=@wlansvc.dll,-37378|Desc=@wlansvc.dll,-37890|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "TCP Query User{5C307306-0A55-4276-A62D-5E8F2CDC6329}V:\program files (x86)\tom clancy's rainbow six siege\rainbowsix.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=V:\program files (x86)\tom clancy's rainbow six siege\rainbowsix.exe|Name=Rainbow Six|Desc=Rainbow Six|Defer=User| "UDP Query User{CF337723-F224-4E43-9F29-EA2C1F1AD450}V:\program files (x86)\tom clancy's rainbow six siege\rainbowsix.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=V:\program files (x86)\tom clancy's rainbow six siege\rainbowsix.exe|Name=Rainbow Six|Desc=Rainbow Six|Defer=User| "{CE93CDDB-E8C4-471A-8930-DAA45770EAE3}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-21-3426031793-651430910-2054641259-500|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2:6:2|Platform2=GTEQ| "{BFC4D433-6889-49AC-ABA4-38916DA04B97}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Dolby Access|Desc=Dolby Access|LUOwn=S-1-5-21-3426031793-651430910-2054641259-500|AppPkgId=S-1-15-2-864892550-682355956-3667821578-694357232-3878941086-3291980491-2900429266|EmbedCtxt=Dolby Access|Platform=2:6:2|Platform2=GTEQ| "{7CC34A9D-C35F-4117-BCA8-508AA40C8F43}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Dolby Access|Desc=Dolby Access|LUOwn=S-1-5-21-3426031793-651430910-2054641259-500|AppPkgId=S-1-15-2-864892550-682355956-3667821578-694357232-3878941086-3291980491-2900429266|EmbedCtxt=Dolby Access|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{AFB8FB54-948F-4292-8F09-4A479BA96209}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Shell Input Application|Desc=Shell Input Application|LUOwn=S-1-5-21-3426031793-651430910-2054641259-500|AppPkgId=S-1-15-2-3945102849-3632965805-3846928828-240845225-3300287824-62672950-817265009|EmbedCtxt=Shell Input Application|Platform=2:6:2|Platform2=GTEQ| "{BD53CCA8-B2ED-40F5-A3BD-22C02E244904}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Win32WebViewHost|Desc=Win32WebViewHost|LUOwn=S-1-5-21-3426031793-651430910-2054641259-500|AppPkgId=S-1-15-2-1310292540-1029022339-4008023048-2190398717-53961996-4257829345-603366646|EmbedCtxt=Win32WebViewHost|Platform=2:6:2|Platform2=GTEQ| "{5AF9BAC7-2719-4851-B028-A009F2B8A06B}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Win32WebViewHost|Desc=Win32WebViewHost|LUOwn=S-1-5-21-3426031793-651430910-2054641259-500|AppPkgId=S-1-15-2-1310292540-1029022339-4008023048-2190398717-53961996-4257829345-603366646|EmbedCtxt=Win32WebViewHost|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{22B0AE1D-366E-4C12-9F44-50EF154E2366}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox gaming overlay|Desc=Xbox gaming overlay|LUOwn=S-1-5-21-3426031793-651430910-2054641259-500|AppPkgId=S-1-15-2-1714399563-1326177402-2048222277-143663168-2151391019-765408921-4098702777|EmbedCtxt=Xbox gaming overlay|Platform=2:6:2|Platform2=GTEQ| "{2C2098E0-AEF9-4A34-A587-671D5BA87EC0}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox Game Bar Plugin|Desc=Xbox Game Bar Plugin|LUOwn=S-1-5-21-3426031793-651430910-2054641259-500|AppPkgId=S-1-15-2-1823635404-1364722122-2170562666-1762391777-2399050872-3465541734-3732476201|EmbedCtxt=Xbox Game Bar Plugin|Platform=2:6:2|Platform2=GTEQ| "{387F3FA8-206F-4116-9359-3FAC34394E6E}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox TCUI|Desc=Xbox TCUI|LUOwn=S-1-5-21-3426031793-651430910-2054641259-500|AppPkgId=S-1-15-2-2603511428-3224021693-1028932517-3941269705-3349582775-2312504883-4057327947|EmbedCtxt=Xbox TCUI|Platform=2:6:2|Platform2=GTEQ| "{11035149-743E-46D9-99E1-1D7367FA128F}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Pay|Desc=Microsoft Pay|LUOwn=S-1-5-21-3426031793-651430910-2054641259-500|AppPkgId=S-1-15-2-567501097-281763132-502764112-1855211022-3143306454-2372101908-561929011|EmbedCtxt=Microsoft Pay|Platform=2:6:2|Platform2=GTEQ| "{9224CE4A-D68B-43D9-A3B9-205C08F9AC24}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Print 3D|Desc=Print 3D|LUOwn=S-1-5-21-3426031793-651430910-2054641259-500|AppPkgId=S-1-15-2-4177018473-2823706547-3652141868-2730301309-560159678-43221128-488844051|EmbedCtxt=Print 3D|Platform=2:6:2|Platform2=GTEQ| "{852BEF43-EB28-4B4F-8B68-009961E6608F}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Print 3D|Desc=Print 3D|LUOwn=S-1-5-21-3426031793-651430910-2054641259-500|AppPkgId=S-1-15-2-4177018473-2823706547-3652141868-2730301309-560159678-43221128-488844051|EmbedCtxt=Print 3D|Platform=2:6:2|Platform2=GTEQ| "{4D48D69C-AB69-4A88-8386-E45242BE6857}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-3426031793-651430910-2054641259-500|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ| "{E085FE6E-A7F7-4D22-B080-E633565F22F5}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-3426031793-651430910-2054641259-500|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ| "{366B8AB5-1DCC-45B4-9666-80927EDECCC1}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Sticky Notes|Desc=Microsoft Sticky Notes|LUOwn=S-1-5-21-3426031793-651430910-2054641259-500|AppPkgId=S-1-15-2-3539788797-2700867667-1432428195-1581642-2885308443-3834444517-2495346167|EmbedCtxt=Microsoft Sticky Notes|Platform=2:6:2|Platform2=GTEQ| "{EE6838CA-E37E-4686-8B33-81490C452A65}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Microsoft Sticky Notes|Desc=Microsoft Sticky Notes|LUOwn=S-1-5-21-3426031793-651430910-2054641259-500|AppPkgId=S-1-15-2-3539788797-2700867667-1432428195-1581642-2885308443-3834444517-2495346167|EmbedCtxt=Microsoft Sticky Notes|Platform=2:6:2|Platform2=GTEQ| "{A5CCF2C8-FE00-4004-9ADB-0E93B65D0371}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-3426031793-651430910-2054641259-500|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ| "{C7B0C14E-7274-48E0-9552-232942E1C170}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-3426031793-651430910-2054641259-500|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ| "{CC5E94CE-44D3-4460-99C5-45FAB19108B3}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort2_10=4371-4379|App=C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.112.451.0_x86__zpdnekdrzrea0\Spotify.exe|Name=Spotify Music|Desc=Spotify Music|EmbedCtxt={78E1CD88-49E3-476E-B926-580E596AD309}| "{6BD403E7-0C3E-4070-845E-AFC7D2340058}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort2_10=4381-4389|App=C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.112.451.0_x86__zpdnekdrzrea0\Spotify.exe|Name=Spotify Music|Desc=Spotify Music|EmbedCtxt={78E1CD88-49E3-476E-B926-580E596AD309}| "{0D9F3450-6419-4916-B4E0-00BEB2A4C37B}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=8088|App=C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.112.451.0_x86__zpdnekdrzrea0\Spotify.exe|Name=Spotify Music|Desc=Spotify Music|EmbedCtxt={78E1CD88-49E3-476E-B926-580E596AD309}| "{3847B4FB-CAB0-4300-B954-080C3E938FF3}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=8088|App=C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.112.451.0_x86__zpdnekdrzrea0\Spotify.exe|Name=Spotify Music|Desc=Spotify Music|EmbedCtxt={78E1CD88-49E3-476E-B926-580E596AD309}| "{84FC16EF-9D16-4B7F-A702-CE58BA5AF977}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=57621|App=C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.112.451.0_x86__zpdnekdrzrea0\Spotify.exe|Name=Spotify Music|Desc=Spotify Music|EmbedCtxt={78E1CD88-49E3-476E-B926-580E596AD309}| "{02222F29-0CA3-40F6-8A80-3C93F8EB6A31}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort2_10=57621-57631|App=C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.112.451.0_x86__zpdnekdrzrea0\Spotify.exe|Name=Spotify Music|Desc=Spotify Music|EmbedCtxt={78E1CD88-49E3-476E-B926-580E596AD309}| "{1B6DEA2E-16D9-47BA-8A9D-C50AB3A63A9E}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.112.451.0_x86__zpdnekdrzrea0\Spotify.exe|Name=Spotify Music|Desc=Spotify Music|EmbedCtxt={78E1CD88-49E3-476E-B926-580E596AD309}| "{E5D5C710-BF3D-43D1-986A-5104F736D834}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.112.451.0_x86__zpdnekdrzrea0\Spotify.exe|Name=Spotify Music|Desc=Spotify Music|EmbedCtxt={78E1CD88-49E3-476E-B926-580E596AD309}| "{53DEC143-21B7-4662-B759-97FCA0C38565}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Spotify Music|Desc=Spotify Music|LUOwn=S-1-5-21-3426031793-651430910-2054641259-1001|AppPkgId=S-1-15-2-557819504-3144503769-3460048582-2468406004-2969798954-3397036932-4166026031|EmbedCtxt=Spotify Music|Platform=2:6:2|Platform2=GTEQ| "{22C5E2E7-27D3-4524-9D14-CF61BA6B8568}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox Game Bar Plugin|Desc=Xbox Game Bar Plugin|LUOwn=S-1-5-21-3426031793-651430910-2054641259-1001|AppPkgId=S-1-15-2-1823635404-1364722122-2170562666-1762391777-2399050872-3465541734-3732476201|EmbedCtxt=Xbox Game Bar Plugin|Platform=2:6:2|Platform2=GTEQ| "{6E455ED6-8298-4CBA-81DD-517493BED93D}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-3426031793-651430910-2054641259-1001|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ| "{0EEA3986-370C-4C13-81C6-35F49ACA75B2}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-3426031793-651430910-2054641259-1001|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ| "{51557431-3E00-41D0-ADA6-C044BE396594}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Sticky Notes|Desc=Microsoft Sticky Notes|LUOwn=S-1-5-21-3426031793-651430910-2054641259-1001|AppPkgId=S-1-15-2-3539788797-2700867667-1432428195-1581642-2885308443-3834444517-2495346167|EmbedCtxt=Microsoft Sticky Notes|Platform=2:6:2|Platform2=GTEQ| "{8BDA2FBE-8A9D-438C-B54B-D921182EF1E6}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Microsoft Sticky Notes|Desc=Microsoft Sticky Notes|LUOwn=S-1-5-21-3426031793-651430910-2054641259-1001|AppPkgId=S-1-15-2-3539788797-2700867667-1432428195-1581642-2885308443-3834444517-2495346167|EmbedCtxt=Microsoft Sticky Notes|Platform=2:6:2|Platform2=GTEQ| "{21CB8A6B-3736-4B45-9E9C-E2304209D1A7}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-3426031793-651430910-2054641259-1001|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ| "{A8B1CD96-AEDB-42BA-A80F-46DAC07D1E2C}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-3426031793-651430910-2054641259-1001|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ| "{61EBB245-814D-4D93-90F9-D6A5BA6F6320}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort2_10=4371-4379|App=C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.114.475.0_x86__zpdnekdrzrea0\Spotify.exe|Name=Spotify Music|Desc=Spotify Music|EmbedCtxt={78E1CD88-49E3-476E-B926-580E596AD309}| "{E1AAF83E-05F7-4575-933D-6A97ED9395D4}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort2_10=4381-4389|App=C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.114.475.0_x86__zpdnekdrzrea0\Spotify.exe|Name=Spotify Music|Desc=Spotify Music|EmbedCtxt={78E1CD88-49E3-476E-B926-580E596AD309}| "{20538251-C824-4A6E-815F-9DDBB919410D}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=8088|App=C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.114.475.0_x86__zpdnekdrzrea0\Spotify.exe|Name=Spotify Music|Desc=Spotify Music|EmbedCtxt={78E1CD88-49E3-476E-B926-580E596AD309}| "{B9CE08B1-3F36-420F-A2DE-F1AB22A48564}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=8088|App=C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.114.475.0_x86__zpdnekdrzrea0\Spotify.exe|Name=Spotify Music|Desc=Spotify Music|EmbedCtxt={78E1CD88-49E3-476E-B926-580E596AD309}| "{B6B73F21-4FA7-4C69-B0D9-2F824E26725E}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=57621|App=C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.114.475.0_x86__zpdnekdrzrea0\Spotify.exe|Name=Spotify Music|Desc=Spotify Music|EmbedCtxt={78E1CD88-49E3-476E-B926-580E596AD309}| "{E917BCAC-B708-4057-AE7B-509A7126439F}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort2_10=57621-57631|App=C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.114.475.0_x86__zpdnekdrzrea0\Spotify.exe|Name=Spotify Music|Desc=Spotify Music|EmbedCtxt={78E1CD88-49E3-476E-B926-580E596AD309}| "{3D5D5345-1B30-4D2B-BA8E-11A1F1579F04}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.114.475.0_x86__zpdnekdrzrea0\Spotify.exe|Name=Spotify Music|Desc=Spotify Music|EmbedCtxt={78E1CD88-49E3-476E-B926-580E596AD309}| "{C353222A-CF6D-44D3-A396-A5F0F1C0280A}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.114.475.0_x86__zpdnekdrzrea0\Spotify.exe|Name=Spotify Music|Desc=Spotify Music|EmbedCtxt={78E1CD88-49E3-476E-B926-580E596AD309}| ---------- | Control\Class [HKLM\SYSTEM\CurrentControlSet\Control\Class\{05f5cfe2-4733-4950-a6bb-07aad01a3a84}] : (XboxComposite) [] -> @dc1-controller.inf,%ClassName%;Xbox Peripherals [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1264760F-A5C8-4BFE-B314-D56A7B44A362}] : (DXGKrnl) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{13e42dfa-85d9-424d-8646-28a70f864f9c}] : (RemotePosDevice) [] -> @remoteposdrv.inf,%ClassName%;POS Remote Device [HKLM\SYSTEM\CurrentControlSet\Control\Class\{14b62f50-3f15-11dd-ae16-0800200c9a66}] : (DigitalMediaDevices) [] -> @digitalmediadevice.inf,%ClassName%;Digital Media Devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}] : (PrintQueue) [] -> @printqueue.inf,%ClassName%;Print queues [HKLM\SYSTEM\CurrentControlSet\Control\Class\{25dbce51-6c8f-4a72-8a6d-b54c2b4fc835}] : (WCEUSBS) [] -> @%SystemRoot%\System32\SysClass.Dll,-3026 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{268c95a1-edfe-11d3-95c3-0010dc4050a5}] : (SecurityAccelerator) [] -> @c_sslaccel.inf,%ClassName%;Security accelerators [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2a9fe532-0cdc-44f9-9827-76192f2ca2fb}] : (HidMsr) [] -> @c_magneticstripereader.inf,%ClassName%;POS HID Magnetic Stripe Reader [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2db15374-706e-4131-a0c7-d7c78eb0289a}] : (SystemRecovery) [] -> @c_fssystemrecovery.inf,%ClassDesc%;FS System recovery filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2EA9B43F-3045-43B5-80F2-FD06C55FBB90}] : (vhdmp) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B648}] : (fvevol) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B649}] : (fvevol) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{36fc9e60-c465-11cf-8056-444553540000}] : (USB) [] -> @%SystemRoot%\System32\SysClass.Dll,-3025 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3e3f0674-c83c-4558-bb26-9820e1eba5c5}] : (ContentScreener) [] -> @c_fscontentscreener.inf,%ClassDesc%;FS Content screener filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{43675d81-502a-4a82-9f84-b75f418c5dea}] : (Media Center Extender) [] -> @c_mcx.inf,%ClassDesc%;Media Center Extenders [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4658ee7e-f050-11d1-b6bd-00c04fa372a7}] : (PnpPrinters) [] -> @%SystemRoot%\system32\ntprint.dll,-1300 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{48721b56-6795-11d2-b1a8-0080c72e74a2}] : (Dot4) [] -> @%SystemRoot%\system32\sysclass.dll,-3023 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{48d3ebc4-4cf8-48ff-b869-9c68ad42eb9f}] : (Replication) [] -> @c_fsreplication.inf,%ClassDesc%;FS Replication filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{49ce6ac8-6f86-11d2-b1e5-0080c72e74a2}] : (Dot4Print) [] -> @%SystemRoot%\system32\sysclass.dll,-3024 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e965-e325-11ce-bfc1-08002be10318}] : (CDROM) [] -> @%SystemRoot%\System32\StorProp.dll,-17001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e966-e325-11ce-bfc1-08002be10318}] : (Computer) [] -> @%SystemRoot%\System32\SysClass.dll,-3000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}] : (DiskDrive) [] -> @c_diskdrive.inf,%ClassDesc%;Disk drives [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}] : (Display) [] -> @c_display.inf,%ClassDesc%;Display adapters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e969-e325-11ce-bfc1-08002be10318}] : (FDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3013 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96a-e325-11ce-bfc1-08002be10318}] : (HDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96b-e325-11ce-bfc1-08002be10318}] : (Keyboard) [] -> @%SystemRoot%\System32\SysClass.Dll,-3002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96c-e325-11ce-bfc1-08002be10318}] : (MEDIA) [] -> @%SystemRoot%\System32\mmci.dll,-3000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}] : (Modem) [] -> @%SystemRoot%\System32\mdminst.dll,-14100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96e-e325-11ce-bfc1-08002be10318}] : (Monitor) [] -> @c_monitor.inf,%ClassDesc%;Monitors [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96f-e325-11ce-bfc1-08002be10318}] : (Mouse) [] -> @%SystemRoot%\System32\SysClass.Dll,-3004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e970-e325-11ce-bfc1-08002be10318}] : (MTD) [] -> @%SystemRoot%\System32\SysClass.Dll,-3021 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e971-e325-11ce-bfc1-08002be10318}] : (MultiFunction) [] -> @%SystemRoot%\System32\SysClass.Dll,-3014 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}] : (Net) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1502 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e973-e325-11ce-bfc1-08002be10318}] : (NetClient) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1504 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e974-e325-11ce-bfc1-08002be10318}] : (NetService) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1505 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e975-e325-11ce-bfc1-08002be10318}] : (NetTrans) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1503 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e977-e325-11ce-bfc1-08002be10318}] : (PCMCIA) [] -> @%SystemRoot%\System32\SysClass.Dll,-3010 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e978-e325-11ce-bfc1-08002be10318}] : (Ports) [] -> @%SystemRoot%\System32\msports.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e979-e325-11ce-bfc1-08002be10318}] : (Printer) [] -> @%SystemRoot%\system32\ntprint.dll,-1004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97b-e325-11ce-bfc1-08002be10318}] : (SCSIAdapter) [] -> @%SystemRoot%\System32\SysClass.Dll,-3005 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97d-e325-11ce-bfc1-08002be10318}] : (System) [] -> @%SystemRoot%\System32\SysClass.Dll,-3008 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97e-e325-11ce-bfc1-08002be10318}] : (Unknown) [] -> @%SystemRoot%\System32\SysClass.Dll,-3009 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e980-e325-11ce-bfc1-08002be10318}] : (FloppyDisk) [] -> @%SystemRoot%\System32\SysClass.Dll,-3015 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4fc9541c-0fe6-4480-a4f6-9495a0d17cd2}] : (HidLineDisplay) [] -> @c_linedisplay.inf,%ClassName%;POS Line Display [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50127dc3-0f36-415e-a6cc-4cb3be910b65}] : (Processor) [] -> @c_processor.inf,%ClassDesc%;Processors [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50906cb8-ba12-11d1-bf5d-0000f805f530}] : (MultiPortSerial) [] -> @%SystemRoot%\system32\sysclass.dll,-3022 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5099944a-f6b9-4057-a056-8c550228544c}] : (Memory) [] -> @%SystemRoot%\System32\SysClass.Dll,-3018 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50dd5230-ba8a-11d1-bf5d-0000f805f530}] : (SmartCardReader) [] -> @%SystemRoot%\System32\StorProp.dll,-17002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5175d334-c371-4806-b3ba-71fd53c9258d}] : (Sensor) [] -> @%SystemRoot%\system32\SensorsCpl.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{533c5b84-ec70-11d2-9505-00c04f79deaf}] : (VolumeSnapshot) [] -> @%SystemRoot%\System32\SysClass.Dll,-3011 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53487c23-680f-4585-acc3-1f10d6777e82}] : (SmrDisk) [] -> @c_smrdisk.inf,%ClassDesc%;Shingled magnetic recording disks [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53966cb1-4d46-4166-bf23-c522403cd495}] : (ScmDisk) [] -> @c_scmdisk.inf,%ClassDesc%;Persistent memory disks [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53b3cf03-8f5a-4788-91b6-d19ed9fcccbf}] : (SmrVolume) [] -> @c_smrvolume.inf,%ClassDesc%;Shingled magnetic recording volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53ccb149-e543-4c84-b6e0-bce4f6b7e806}] : (ScmVolume) [] -> @c_scmvolume.inf,%ClassDesc%;Storage Class Memory volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53d29ef7-377c-4d14-864b-eb3a85769359}] : (Biometric) [] -> @%SystemRoot%\System32\SysClass.DLL,-3028 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5630831c-06c9-4856-b327-f5d32586e060}] : (Proximity) [] -> @c_proximity.inf,%ClassDesc%;Proximity devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5989fce8-9cd0-467d-8a6a-5419e31529d4}] : (AudioProcessingObject) [] -> @c_apo.inf,%ClassDesc%;Audio Processing Objects (APOs) [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5aea001d-9372-4ed7-97f3-b79bf15a53c5}] : (OposLegacyDevice) [] -> @oposdrv.inf,%ClassName%;OPOS Legacy Device [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5c4c3332-344d-483c-8739-259e934c9cc8}] : (SoftwareComponent) [] -> @c_swcomponent.inf,%ClassDesc%;Software components [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5d1b9aaa-01e2-46af-849f-272b3f324c46}] : (FSFilterSystem) [] -> @c_fssystem.inf,%ClassDesc%;FS System filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{62f9c741-b25a-46ce-b54c-9bccce08b6f2}] : (SoftwareDevice) [] -> @c_swdevice.inf,%ClassDesc%;Software devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{645ad99b-1344-4316-837a-08a3e73db222}] : (PerceptionSimulation) [] -> @PerceptionSimulationSixDof.inf,%ClassName%;Perception Simulation Controllers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6a0a8e78-bba6-4fc4-a709-1e33cd09d67e}] : (PhysicalQuotaManagement) [] -> @c_fsphysicalquotamgmt.inf,%ClassDesc%;FS Physical quota management filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc1-810f-11d0-bec7-08002be2092f}] : (1394) [] -> @%SystemRoot%\System32\SysClass.Dll,-3016 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc5-810f-11d0-bec7-08002be2092f}] : (Infrared) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1501 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc6-810f-11d0-bec7-08002be2092f}] : (Image) [] -> @%SystemRoot%\system32\sti_ci.dll,-52 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6d807884-7d21-11cf-801c-08002be10318}] : (TapeDrive) [] -> @%SystemRoot%\System32\SysClass.Dll,-3006 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6FAE73B7-B735-4B50-A0DA-0DC2484B1F1A}] : (BasicDisplay) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{71a27cdd-812a-11d0-bec7-08002be2092f}] : (Volume) [] -> @c_volume.inf,%ClassDesc%;Storage volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{71aa14f8-6fad-4622-ad77-92bb9d7e6947}] : (ContinuousBackup) [] -> @c_fscontinuousbackup.inf,%ClassDesc%;FS Continuous backup filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{72631e54-78a4-11d0-bcf7-00aa00b7b32a}] : (Battery) [] -> @%SystemRoot%\system32\powrprof.dll,-611 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{745a17a0-74d3-11d0-b6fe-00a0c90f57da}] : (HIDClass) [] -> @%SystemRoot%\System32\hid.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{772e18f2-8925-4229-a5ac-6453cb482fda}] : (HidCashDrawer) [] -> @c_cashdrawer.inf,%ClassName%;POS Cash Drawer [HKLM\SYSTEM\CurrentControlSet\Control\Class\{78a1c341-4539-22a6-0503-00c04fad5171}] : (LED) [] -> @oem0.inf,%ClassName%;Indicator Device [HKLM\SYSTEM\CurrentControlSet\Control\Class\{7ebefbc0-3200-11d2-b4c2-00a0c9697d07}] : (61883) [] -> @%SystemRoot%\System32\SysClass.Dll,-3019 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{81C87465-DE07-4EFC-9D93-61E891D52FD2}] : (RdpVideoMiniport) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8503c911-a6c7-4919-8f79-5028f5866b0c}] : (QuotaManagement) [] -> @c_fsquotamgmt.inf,%ClassDesc%;FS Quota management filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{87ef9ad1-8f70-49ee-b215-ab1fcadcbe3c}] : (NetDriver) [] -> @c_netdriver.inf,%ClassDesc%;Universal Network Drivers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{88a1c342-4539-11d3-b88d-00c04fad5171}] : (TS_Generic) [] -> @ts_generic.inf,%TSClassName%;Generic Remote Desktop devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{88bae032-5a81-49f0-bc3d-a4ff138216d6}] : (USBDevice) [] -> @%SystemRoot%\System32\SysClass.Dll,-3029 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{89786ff1-9c12-402f-9c9e-17753c7f4375}] : (CopyProtection) [] -> @c_fscopyprotection.inf,%ClassDesc%;FS Copy protection filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8ecc055d-047f-11d1-a537-0000f8753ed1}] : (LegacyDriver) [] -> @%SystemRoot%\System32\SysClass.Dll,-3003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{990a2bd7-e738-46c7-b26f-1cf8fb9f1391}] : (SmartCard) [] -> @%SystemRoot%\System32\SysClass.DLL,-3031 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{9da2b80f-f89f-4a49-a5c2-511b085b9e8a}] : (EhStorSilo) [] -> @rawsilo.inf,%ClassName%;IEEE 1667 silo and control devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a588a4-c46f-4b37-b7ea-c82fe89870c6}] : (SDHost) [] -> @%SystemRoot%\System32\SysClass.Dll,-3012 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a701c0-a511-42ff-aa6c-06dc0395576f}] : (Encryption) [] -> @c_fsencryption.inf,%ClassDesc%;FS Encryption filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{A3E32DBA-BA89-4F17-8386-2D0127FBD4CC}] : (rdpbus) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{A73C93F1-9727-4D1D-ACE1-0E333BA4E7DB}] : (nvlddmkm) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b1d1a169-c54f-4379-81db-bee7d88d7454}] : (AntiVirus) [] -> @c_fsantivirus.inf,%ClassDesc%;FS Anti-virus filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b2728d24-ac56-42db-9e02-8edaf5db652f}] : (RDCamera) [] -> @rdcameradriver.inf,%ClassName%;Remote Desktop Camera devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b86dff51-a31e-4bac-b3cf-e8cfe75c9fc2}] : (ActivityMonitor) [] -> @c_fsactivitymonitor.inf,%ClassDesc%;FS Activity monitor filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{bbbe8734-08fa-4966-b6a6-4e5ad010cdd7}] : (USBFunctionController) [] -> @%SystemRoot%\System32\SysClass.Dll,-3030 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c06ff265-ae09-48f0-812c-16753d7cba83}] : (AVC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3027 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c166523c-fe0c-4a94-a586-f1a80cfbbf3e}] : (AudioEndpoint) [] -> @audioendpoint.inf,%ClassName%;Audio inputs and outputs [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c243ffbd-3afc-45e9-b3d3-2ba18bc7ebc5}] : (BarcodeScanner) [] -> @c_barcodescanner.inf,%ClassName%;POS Barcode Scanner [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c30ecea0-11ef-4ef9-b02e-6af81e6e65c0}] : (WSDPrintDevice) [] -> @wsdprint.inf,%ClassName%;WSD Print Provider [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c7bc9b22-21f0-4f0d-9bb6-66c229b8cd33}] : (POSPrinter) [] -> @c_receiptprinter.inf,%ClassName%;POS Receipt Printer [HKLM\SYSTEM\CurrentControlSet\Control\Class\{ca3e7ab9-b4c3-4ae6-8251-579ef933890f}] : (Camera) [] -> @c_camera.inf,%ClassDesc%;Cameras [HKLM\SYSTEM\CurrentControlSet\Control\Class\{cdcf0939-b75b-4630-bf76-80f7ba655884}] : (CFSMetadataServer) [] -> @c_fscfsmetadataserver.inf,%ClassDesc%;FS CFS metadata server filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{ce5939ae-ebde-11d0-b181-0000f8753ec4}] : (MediumChanger) [] -> @%SystemRoot%\System32\StorProp.dll,-17003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d02bc3da-0c8e-4945-9bd5-f1883c226c8c}] : (SecurityEnhancer) [] -> @c_fssecurityenhancer.inf,%ClassDesc%;FS Security enhancer filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d421b08e-6d16-41ca-9c4d-9147e5ac98e0}] : (Miracast) [] -> @miradisp.inf,%ClassName%;Miracast display devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d48179be-ec20-11d1-b6b8-00c04fa372a7}] : (SBP2) [] -> @%SystemRoot%\System32\SysClass.Dll,-3017 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d546500a-2aeb-45f6-9482-f4b1799c3177}] : (HSM) [] -> @c_fshsm.inf,%ClassDesc%;FS HSM filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d612553d-06b1-49ca-8938-e39ef80eb16f}] : (Holographic) [] -> @c_holographic.inf,%ClassName%;Mixed Reality devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d61ca365-5af4-4486-998b-9db4734c6ca3}] : (XnaComposite) [] -> @xusb22.inf,%XUSB22.ClassName%;Xbox 360 Peripherals [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d94ee5d8-d189-4994-83d2-f68d7d41b0e6}] : (SecurityDevices) [] -> @%SystemRoot%\System32\SysClass.Dll,-3020 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{db4f6ddd-9c0e-45e4-9597-78dbbad0f412}] : (SmartCardFilter) [] -> @%SystemRoot%\System32\SysClass.DLL,-3032 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e0cbf06c-cd8b-4647-bb8a-263b43f0f974}] : (Bluetooth) [] -> @%SystemRoot%\system32\bthci.dll,-4001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e2f84ce7-8efa-411c-aa69-97454ca4cb57}] : (Extension) [] -> @c_extension.inf,%ClassDesc%;Extensions [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e55fa6f9-128c-4d04-abab-630c74b1453a}] : (Infrastructure) [] -> @c_fsinfrastructure.inf,%ClassDesc%;FS Infrastructure filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e6f1aa1c-7f3b-4473-b2e8-c97d8ac71d53}] : (UCM) [] -> @c_ucm.inf,%ClassDesc%;USB Connector Managers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{eec5ad98-8080-425f-922a-dabf3de3f69a}] : (WPD) [] -> @%SystemRoot%\System32\wpd_ci.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f2e7dd72-6468-4e36-b6f1-6488f42c1b52}] : (Firmware) [] -> @c_firmware.inf,%ClassDesc%;Firmware [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f3586baf-b5aa-49b5-8d6c-0569284c639f}] : (Compression) [] -> @c_fscompression.inf,%ClassDesc%;FS Compression filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f75a86c0-10d8-4c3a-b233-ed60e4cdfaac}] : (Virtualization) [] -> @c_fsvirtualization.inf,%ClassDesc%;FS Virtualization filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f8ecafa6-66d1-41a5-899b-66585d7216b7}] : (OpenFileBackup) [] -> @c_fsopenfilebackup.inf,%ClassDesc%;FS Open file backup filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{fe8f1572-c67a-48c0-bbac-0b5c6d66cafb}] : (Undelete) [] -> @c_fsundelete.inf,%ClassDesc%;FS Undelete filters [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5] -> elstrans.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) ---------- | Loaded modules (whitelist) [02/02/2018 22:25:43] - (2.4.7.0) - (Samsung Electronics Co., Ltd - Samsung NVM Express Storport Miniport Driver) - C:\WINDOWS\System32\drivers\secnvme.sys [02/02/2018 22:25:43] - (1.0.0.3) - (Samsung Electronics Co., Ltd - Samsung NVMe Filter driver) - C:\WINDOWS\System32\drivers\secnvmeF.sys [02/02/2018 22:19:51] - (8.98.0.0) - (REALiX(tm) - HWiNFO AMD64 Kernel Driver) - C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [23/04/2019 20:11:01] - (26.21.14.3039) - (NVIDIA Corporation - NVIDIA Windows Kernel Mode Driver, Version 430.39) - C:\WINDOWS\System32\DriverStore\FileRepository\nvlti.inf_amd64_7d75ec06a1da16da\nvlddmkm.sys [02/02/2018 22:25:53] - (1.1.1.1014) - (BayHubTech/O2Micro - BayHubTech/O2Micro SD Reader Driver) - C:\WINDOWS\System32\drivers\bhtpcrdr.sys [15/10/2017 20:22:14] - (1.5.0.18) - (Lenovo Corporation - ACPI Virtual Power Controller Driver) - C:\WINDOWS\System32\drivers\AcpiVpc.sys [29/01/2018 07:22:28] - (19.4.18.30) - (Synaptics Incorporated - Synaptics Touchpad Win64 Driver) - C:\WINDOWS\system32\DRIVERS\SynTP.sys [02/02/2018 21:05:33] - (19.4.18.30) - (Synaptics Incorporated - Synaptics SMBus Driver) - C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [24/05/2018 20:20:40] - (4.13.0.0) - (NVIDIA Corporation - NVIDIA Virtual Audio Driver) - C:\WINDOWS\system32\drivers\nvvad64v.sys [06/02/2019 22:32:19] - (303.0.0.0) - (NVIDIA Corporation - Virtual USB Host Controller driver) - C:\WINDOWS\System32\drivers\nvvhci.sys ---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service S0 - [Kernel Driver] - 3ware () -> System32\drivers\3ware.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - ACPI (@acpi.inf,%ACPI.SvcDesc%;Microsoft ACPI Driver) -> System32\drivers\ACPI.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - acpiex (Microsoft ACPIEx Driver) -> System32\Drivers\acpiex.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - ADP80XX () -> System32\drivers\ADP80XX.SYS - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdsata () -> System32\drivers\amdsata.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdsbs () -> System32\drivers\amdsbs.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdxata () -> System32\drivers\amdxata.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - arcsas (@arcsas.inf,%arcsas_ServiceName%;Adaptec SAS/SATA-II RAID Storport's Miniport Driver) -> System32\drivers\arcsas.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - atapi (@mshdc.inf,%idechannel.DeviceDesc%;IDE Channel) -> System32\drivers\atapi.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - b06bdrv (@netbvbda.inf,%vbd_srv_desc%;QLogic Network Adapter VBD) -> System32\drivers\bxvbda.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - bttflt (@virtdisk.inf,%service_desc%;Microsoft Hyper-V VHDPMEM BTT Filter) -> System32\drivers\bttflt.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - cht4iscsi () -> System32\drivers\cht4sx64.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - CLFS (@%SystemRoot%\system32\drivers\clfs.sys,-100) -> System32\drivers\CLFS.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - CNG () -> System32\Drivers\cng.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - Disk (@disk.inf,%disk_ServiceDesc%;Disk Driver) -> System32\drivers\disk.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - ebdrv (@netevbda.inf,%vbd_srv_desc%;QLogic 10 Gigabit Ethernet Adapter VBD) -> System32\drivers\evbda.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - EhStorClass (@%SystemRoot%\system32\drivers\EhStorClass.sys,-100) -> System32\drivers\EhStorClass.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - EhStorTcgDrv (@ehstortcgdrv.inf,%EhStorTcgDrv.Desc%;Microsoft driver for storage devices supporting IEEE 1667 and TCG protocols) -> System32\drivers\EhStorTcgDrv.sys - AcceptPause: False - AcceptStop: False R0 - [File System Driver] - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) -> System32\drivers\fileinfo.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) -> system32\drivers\fltmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) -> System32\DRIVERS\fvevol.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - HpSAMD () -> System32\drivers\HpSAMD.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) -> System32\drivers\hwpolicy.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - iaStorA (@oem25.inf,%iaStorA.DeviceDesc%;Intel(R) Chipset SATA/PCIe RST Premium Controller) -> System32\drivers\iaStorA.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - iaStorAC (@oem52.inf,%iaStorAC.DeviceDesc%;Intel(R) Chipset SATA/PCIe RST Premium Controller) -> System32\drivers\iaStorAC.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - iaStorAVC (@iastorav.inf,%iaStorAVC.DeviceDesc%;Intel Chipset SATA RAID Controller) -> System32\drivers\iaStorAVC.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - iaStorV (@iastorv.inf,%*PNP0600.DeviceDesc%;Intel RAID Controller Windows 7) -> System32\drivers\iaStorV.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - intelide () -> System32\drivers\intelide.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - intelpep (@intelpep.inf,%INTELPEP.SVCDESC%;Intel(R) Power Engine Plug-in Driver) -> System32\drivers\intelpep.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - iorate (@%SystemRoot%\system32\drivers\iorate.sys,-101) -> system32\drivers\iorate.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - isapnp () -> System32\drivers\isapnp.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - ItSas35i () -> System32\drivers\ItSas35i.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - KSecDD () -> System32\Drivers\ksecdd.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - KSecPkg () -> System32\Drivers\ksecpkg.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - LSI_SAS () -> System32\drivers\lsi_sas.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SAS2i () -> System32\drivers\lsi_sas2i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SAS3i () -> System32\drivers\lsi_sas3i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SSS () -> System32\drivers\lsi_sss.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasas () -> System32\drivers\megasas.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasas2i () -> System32\drivers\MegaSas2i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasas35i () -> System32\drivers\megasas35i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasr () -> System32\drivers\megasr.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) -> System32\drivers\mountmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - msisadrv () -> System32\drivers\msisadrv.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - MsSecFlt (@%SystemRoot%\System32\Drivers\mssecflt.sys,-1001) -> system32\drivers\mssecflt.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - Mup (@%systemroot%\system32\drivers\mup.sys,-101) -> System32\Drivers\mup.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - mvumis () -> System32\drivers\mvumis.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) -> system32\drivers\ndis.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - nvraid () -> System32\drivers\nvraid.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - nvstor () -> System32\drivers\nvstor.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) -> System32\drivers\partmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - pci (@pci.inf,%pci_svcdesc%;Pilote de bus PCI) -> System32\drivers\pci.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - pciide () -> System32\drivers\pciide.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - pcmcia () -> System32\drivers\pcmcia.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - pcw (Performance Counters for Windows Driver) -> System32\drivers\pcw.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - pdc (@%SystemRoot%\system32\drivers\pdc.sys,-100) -> system32\drivers\pdc.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - percsas2i () -> System32\drivers\percsas2i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - percsas3i () -> System32\drivers\percsas3i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - Ramdisk (Windows RAM Disk Driver) -> system32\DRIVERS\ramdisk.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - rdyboost (ReadyBoost) -> System32\drivers\rdyboost.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - sbp2port (@sbp2.inf,%sbp2_ServiceDesc%;SBP-2 Transport/Protocol Bus Driver) -> System32\drivers\sbp2port.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - scmbus (@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver) -> System32\drivers\scmbus.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - secnvme () -> System32\drivers\secnvme.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - secnvmeF () -> System32\drivers\secnvmeF.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - SgrmAgent (@%SystemRoot%\System32\Drivers\SgrmAgent.sys,-1001) -> system32\drivers\SgrmAgent.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - SiSRaid2 () -> System32\drivers\SiSRaid2.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - SiSRaid4 () -> System32\drivers\sisraid4.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - spaceport (@spaceport.inf,%Spaceport_ServiceDesc%;Storage Spaces Driver) -> System32\drivers\spaceport.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - stexstor () -> System32\drivers\stexstor.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storahci (@mshdc.inf,%storahci_ServiceDescription%;Microsoft Standard SATA AHCI Driver) -> System32\drivers\storahci.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storflt (@wstorflt.inf,%service_desc%;Microsoft Hyper-V Storage Accelerator) -> System32\drivers\vmstorfl.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - stornvme (@stornvme.inf,%StorNVMe_ServiceDesc%;Microsoft Standard NVM Express Driver) -> System32\drivers\stornvme.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storufs (@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver) -> System32\drivers\storufs.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storvsc () -> System32\drivers\storvsc.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - Tcpip (@%SystemRoot%\system32\drivers\tcpip.sys,-10001) -> System32\drivers\tcpip.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - vdrvroot (@vdrvroot.inf,%vdrvroot_svcdesc%;Microsoft Virtual Drive Enumerator) -> System32\drivers\vdrvroot.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - vmbus (@wvmbus.inf,%vmbus.SVCDESC%;Virtual Machine Bus) -> System32\drivers\vmbus.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - volmgr (@volmgr.inf,%volmgr_svcdesc%;Volume Manager Driver) -> System32\drivers\volmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) -> System32\drivers\volmgrx.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volsnap (@%SystemRoot%\system32\drivers\volsnap.sys,-100) -> System32\drivers\volsnap.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volume (@volume.inf,%VolumeServiceDesc%;Volume driver) -> System32\drivers\volume.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - vsmraid () -> System32\drivers\vsmraid.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - VSTXRAID (@vstxraid.inf,%Driver.DeviceDesc%;VIA StorX Storage RAID Controller Windows Driver) -> System32\drivers\vstxraid.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - WdBoot (@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-390) -> system32\drivers\wd\WdBoot.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) -> system32\drivers\Wdf01000.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - WdFilter (@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-330) -> system32\drivers\wd\WdFilter.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WFPLWFS (@%SystemRoot%\System32\drivers\wfplwfs.sys,-6000) -> System32\drivers\wfplwfs.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WindowsTrustedRT (Windows Trusted Execution Environment Class Extension) -> system32\drivers\WindowsTrustedRT.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WindowsTrustedRTProxy (@WindowsTrustedRTProxy.inf,%WindowsTrustedRTProxy.SVCDESC%;Microsoft Windows Trusted Runtime Secure Service) -> System32\drivers\WindowsTrustedRTProxy.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - Wof (Windows Overlay File System Filter Driver) -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) -> \SystemRoot\system32\drivers\afd.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - afunix (afunix) -> \SystemRoot\system32\drivers\afunix.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - ahcache (@%systemroot%\system32\drivers\ahcache.sys,-102) -> system32\DRIVERS\ahcache.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - bam (@%SystemRoot%\system32\drivers\bam.sys,-100) -> system32\drivers\bam.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - BasicDisplay () -> \SystemRoot\System32\drivers\BasicDisplay.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - BasicRender () -> \SystemRoot\System32\drivers\BasicRender.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Beep (Beep) -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - cdrom (@cdrom.inf,%cdrom_ServiceDesc%;CD-ROM Driver) -> \SystemRoot\System32\drivers\cdrom.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - CSC (@%systemroot%\system32\cscsvc.dll,-202) -> system32\drivers\csc.sys - AcceptPause: False - AcceptStop: True S1 - [Kernel Driver] - dam (@%SystemRoot%\system32\drivers\dam.sys,-100) -> system32\drivers\dam.sys - AcceptPause: False - AcceptStop: False R1 - [File System Driver] - Dfsc (@%systemroot%\system32\wkssvc.dll,-1008) -> System32\Drivers\dfsc.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - DXGKrnl (LDDM Graphics Subsystem) -> \SystemRoot\System32\drivers\dxgkrnl.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - FileCrypt (@%systemroot%\system32\drivers\filecrypt.sys,-100) -> system32\drivers\filecrypt.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - GpuEnergyDrv (@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100) -> System32\drivers\gpuenergydrv.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - HWiNFO32 (HWiNFO32/64 Kernel Driver) -> \??\C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - Msfs () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - mssmbios (@mssmbios.inf,%mssmbios_svcdesc%;Microsoft System Management BIOS Driver) -> \SystemRoot\System32\drivers\mssmbios.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - NetBIOS (@%windir%\system32\drivers\netbios.sys,-503) -> system32\drivers\netbios.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - NetBT (@%SystemRoot%\system32\drivers\netbt.sys,-2) -> System32\DRIVERS\netbt.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - Npfs () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - npsvctrig (@npsvctrig.inf,%NPSVCTRIG.SvcDisplayName%;Named pipe service trigger provider) -> \SystemRoot\System32\drivers\npsvctrig.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) -> system32\drivers\nsiproxy.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Null () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Psched (@%windir%\System32\drivers\pacer.sys,-101) -> System32\drivers\pacer.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) -> system32\DRIVERS\rdbss.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) -> \SystemRoot\system32\DRIVERS\tdx.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - vwififlt (@%SystemRoot%\System32\drivers\vwififlt.sys,-259) -> System32\drivers\vwififlt.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - CldFlt (Windows Cloud Files Filter Driver) -> system32\drivers\cldflt.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - lltdio (@%SystemRoot%\system32\lltdres.dll,-6) -> system32\drivers\lltdio.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) -> \SystemRoot\system32\drivers\luafv.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - MMCSS (@%systemroot%\system32\drivers\mmcss.sys,-100) -> \SystemRoot\system32\drivers\mmcss.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - mrxsmb10 (@%systemroot%\system32\wkssvc.dll,-1004) -> system32\DRIVERS\mrxsmb10.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - MsLldp (@%SystemRoot%\system32\drivers\mslldp.sys,-200) -> system32\drivers\mslldp.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - Ndu (@%SystemRoot%\system32\drivers\Ndu.sys,-10001) -> system32\drivers\Ndu.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - PEAUTH (PEAUTH) -> system32\drivers\peauth.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - rspndr (@%SystemRoot%\system32\lltdres.dll,-5) -> system32\drivers\rspndr.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - storqosflt (@%SystemRoot%\System32\drivers\storqosflt.sys,-101) -> system32\drivers\storqosflt.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - tcpipreg (TCP/IP Registry Compatibility) -> System32\drivers\tcpipreg.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - wanarp (@%systemroot%\system32\mprmsg.dll,-32011) -> System32\DRIVERS\wanarp.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - wcifs (@%systemroot%\system32\drivers\wcifs.sys,-100) -> \SystemRoot\system32\drivers\wcifs.sys - AcceptPause: False - AcceptStop: True ---------- | System files (Microsoft|Avast|Atheros|Adaptec|Brother|Intel Files whitelisted) ---------- | Uninstall (Whitelist) [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F64180191F0}] : (Java 8 Update 191 (64-bit).-.Oracle Corporation) -> MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F64180191F0} ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{569F29BA-2D46-439B-8B7C-01D999B9201D}] : (...-.Intel) -> MsiExec.exe /I{569F29BA-2D46-439B-8B7C-01D999B9201D} ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{66C5838F-B854-4A55-89E6-A6138747A4DF}] : (Epic Games Launcher Prerequisites (x64).-.Epic Games, Inc.) -> MsiExec.exe /X{66C5838F-B854-4A55-89E6-A6138747A4DF} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{8738A898-221B-4279-BC87-FEF7938022C1}] : (Dolby Audio X2 Windows API SDK.-.Dolby Laboratories, Inc.) -> MsiExec.exe /X{8738A898-221B-4279-BC87-FEF7938022C1} ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel] : (NVIDIA Ansel.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel] : (Panneau de configuration NVIDIA 430.39.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus] : (NVIDIA Optimus Update 37.0.0.0.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update] : (Mises à jour NVIDIA 37.0.0.0.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer] : (DisplayDriverAnalyzer.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv] : (NVIDIA SHIELD Streaming.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer] : (NVIDIA Install Application.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvAbHub] : (NVIDIA ABHub.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvBackend] : (NVIDIA Backend.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer] : (NVIDIA Container.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.ContainerTelemetryApiHelper] : (NVIDIA TelemetryApi helper for NvContainer.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.LocalSystem] : (NVIDIA LocalSystem Container.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.MessageBus] : (NVIDIA Message Bus for NvContainer.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NetworkService] : (NVIDIA NetworkService Container.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor] : (NVAPI Monitor plugin for NvContainer.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.Session] : (NVIDIA Session Container.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.User] : (NVIDIA User Container.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainer] : (NVIDIA Display Container.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainerLS] : (NVIDIA Display Container LS.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayPluginWatchdog] : (NVIDIA Display Watchdog Plugin.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplaySessionContainer] : (NVIDIA Display Session Container.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs] : (NVIDIA NodeJS.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvPlugin.Watchdog] : (NVIDIA Watchdog Plugin for NvContainer.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry] : (NVIDIA Telemetry Client.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetryContainer] : (NVIDIA Telemetry Container.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvVHCI] : (NVIDIA Virtual Host Controller.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_OSC] : (Nvidia Share.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay] : (NVIDIA ShadowPlay 3.19.0.107.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController] : (NVIDIA SHIELD Wireless Controller Driver.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core] : (NVIDIA Update Core.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver] : (NVIDIA Virtual Audio 4.13.0.0.-.NVIDIA Corporation) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{F936275B-96A7-4823-B4F8-0C0D3DC70C70}] : (LibreOffice 6.1.5.2.-.The Document Foundation) -> MsiExec.exe /I{F936275B-96A7-4823-B4F8-0C0D3DC70C70} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield Uninstall Information] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\KULT-ULTIMATE] : (KULT-ULTIMATE 1.0.-.niudodo) -> V:\Program Files (x86)\KULT-ULTIMATE\uninst.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{0990E25C-5C33-B615-1F5D-0B21B1131C54}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{0E11C64F-A7F9-E911-99CB-309058080C24}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{0F84C7C8-13B2-37AB-8080-C040E0A0F0D0}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{131BB145-57D0-4600-0000-808040C02060}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{16186075-98C1-7402-0309-0D27BA2EC54F}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{287831FC-A422-15F2-EBC1-216394BC9ACE}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{2E6C1468-EBA3-944C-7256-0103848C52F6}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{2E72F364-A682-E8F2-6B41-6123B41CAAFE}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{337A054A-E2C5-33B6-91B3-0C24B6223399}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{3B47F08D-E1D2-09C6-A9FB-F8E8DC94DE9A}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{46E76F43-952C-E5C2-A3E9-DD97E2A6F9EB}] : (.-.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}] : (Java Auto Updater.-.Oracle Corporation) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{4D0D4DB6-A15E-AF27-BA2E-45CF36A2F3D9}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{5704F61E-26B5-4710-98C8-AC0486925B11}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{60BEDB5A-2186-461B-A562-E40088BCB0C6}] : (Epic Games Launcher.-.Epic Games, Inc.) -> MsiExec.exe /X{60BEDB5A-2186-461B-A562-E40088BCB0C6} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{64FE75C7-6EA1-7DB3-8CA4-7662133955FF}] : (.-.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{9F460796-0348-4B11-BCA0-714C4B85E3D7}] : (.. ..-.Intel) -> MsiExec.exe /X{9F460796-0348-4B11-BCA0-714C4B85E3D7} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}] : (Google Update Helper.-.Google Inc.) -> MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F70BCE36-25F2-4475-A918-6209B3D85BF3}] : (Intel(R) C++ Redistributables on Intel(R) 64.-.Intel Corporation) -> MsiExec.exe /X{F70BCE36-25F2-4475-A918-6209B3D85BF3} ---------- | Ports ---------- | Installer [HKCR\Installer\Products\4EA42A62D9304AC4784BF2468110190F] : Java 8 Update 191 (64-bit) -> V:\Program Files\Java\\bin\javaws.exe [HKCR\Installer\Products\63ECB07F2F5257449A8126903B8DB53F] : Intel(R) C++ Redistributables on Intel(R) 64 [HKCR\Installer\Products\697064F9843011B4CB0A17C4B4583E7D] : . . . -> C:\Windows\Installer\{9F460796-0348-4B11-BCA0-714C4B85E3D7}\ProductIcon [HKCR\Installer\Products\898A8378B1229724CB78EF7F3908221C] : Dolby Audio X2 Windows API SDK -> C:\WINDOWS\Installer\{8738A898-221B-4279-BC87-FEF7938022C1}\DolbyBlue.exe [HKCR\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E] : Google Update Helper [HKCR\Installer\Products\A5BDEB066812B1645A264E0088CB0B6C] : Epic Games Launcher -> C:\WINDOWS\Installer\{60BEDB5A-2186-461B-A562-E40088BCB0C6}\Installer.ico [HKCR\Installer\Products\A86BF41F88196304DAD00D45CBC92919] : Update for Windows 10 for x64-based Systems (KB4023057) [HKCR\Installer\Products\AB92F96564D2B934B8C7109D999B02D1] : . . [HKCR\Installer\Products\B572639F7A6932844B8FC0D0D37CC007] : LibreOffice 6.1.5.2 -> C:\WINDOWS\Installer\{F936275B-96A7-4823-B4F8-0C0D3DC70C70}\soffice.ico [HKCR\Installer\Products\F60730A4A66673047777F5728467D401] : Java Auto Updater [HKCR\Installer\Products\F8385C66458B55A4986E6A3178744AFD] : Epic Games Launcher Prerequisites (x64) -> C:\Windows\Installer\{66C5838F-B854-4A55-89E6-A6138747A4DF}\UnrealEngineLauncher.ico ---------- | Drives ---------- | MBR 64 bits not supported by MBR.exe, Dump : C:\QuickDiag\MBR.Bin ---------- | 20 LastEventLog Nom de l’application défaillante svchost.exe_DiagTrack, version : 10.0.17134.556, horodatage : 0xf23cada5 Nom du module défaillant : diagtrack.dll, version : 10.0.17134.799, horodatage : 0xa4e609e3 Code d’exception : 0xc0000409 Décalage d’erreur : 0x000000000001f310 ID du processus défaillant : 0x1b4c Heure de début de l’application défaillante : 0x01d560ed8d7d4904 Chemin d’accès de l’application défaillante : C:\WINDOWS\System32\svchost.exe Chemin d’accès du module défaillant: c:\windows\system32\diagtrack.dll ID de rapport : 55ffcb7d-d908-40e2-a126-b7cc02d5ced0 Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Nom de l’application défaillante svchost.exe_DiagTrack, version : 10.0.17134.556, horodatage : 0xf23cada5 Nom du module défaillant : diagtrack.dll, version : 10.0.17134.799, horodatage : 0xa4e609e3 Code d’exception : 0xc0000409 Décalage d’erreur : 0x000000000001f310 ID du processus défaillant : 0x644 Heure de début de l’application défaillante : 0x01d560ed868e3481 Chemin d’accès de l’application défaillante : C:\WINDOWS\System32\svchost.exe Chemin d’accès du module défaillant: c:\windows\system32\diagtrack.dll ID de rapport : 364f489e-e60c-4d3a-b19c-71d28127c4b2 Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Nom de l’application défaillante svchost.exe_DiagTrack, version : 10.0.17134.556, horodatage : 0xf23cada5 Nom du module défaillant : diagtrack.dll, version : 10.0.17134.799, horodatage : 0xa4e609e3 Code d’exception : 0xc0000409 Décalage d’erreur : 0x000000000001f310 ID du processus défaillant : 0x2ddc Heure de début de l’application défaillante : 0x01d560ed73e20918 Chemin d’accès de l’application défaillante : C:\WINDOWS\System32\svchost.exe Chemin d’accès du module défaillant: c:\windows\system32\diagtrack.dll ID de rapport : 486e7bd2-3910-48b6-9e41-81e38a07500f Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Nom de l’application défaillante svchost.exe_DiagTrack, version : 10.0.17134.556, horodatage : 0xf23cada5 Nom du module défaillant : diagtrack.dll, version : 10.0.17134.799, horodatage : 0xa4e609e3 Code d’exception : 0xc0000409 Décalage d’erreur : 0x000000000001f310 ID du processus défaillant : 0x1bdc Heure de début de l’application défaillante : 0x01d560ed698aec15 Chemin d’accès de l’application défaillante : C:\WINDOWS\System32\svchost.exe Chemin d’accès du module défaillant: c:\windows\system32\diagtrack.dll ID de rapport : d5bf07e3-c5d7-4efd-bb8b-a7f38a73f2ea Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Échec de l’activation des licences (slui.exe) avec le code d’erreur suivant : hr=0xC004F074 Arguments de la ligne de commande : RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable ------------ Échec de l’activation des licences (slui.exe) avec le code d’erreur suivant : hr=0xC004F074 Arguments de la ligne de commande : RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=TimerEvent ------------ Nom de l’application défaillante backgroundTaskHost.exe, version : 10.0.17134.1, horodatage : 0xcb43d9c5 Nom du module défaillant : biwinrt.dll, version : 10.0.17134.1, horodatage : 0x695175ab Code d’exception : 0xc000027b Décalage d’erreur : 0x000000000000e5b7 ID du processus défaillant : 0x14e4 Heure de début de l’application défaillante : 0x01d560ed00727b6b Chemin d’accès de l’application défaillante : C:\WINDOWS\system32\backgroundTaskHost.exe Chemin d’accès du module défaillant: C:\Windows\System32\biwinrt.dll ID de rapport : a5d8380d-80d0-47d1-870c-b4b56bdeba3d Nom complet du package défaillant : Microsoft.Windows.Cortana_1.10.7.17134_neutral_neutral_cw5n1h2txyewy ID de l’application relative au package défaillant : CortanaUI ------------ Nom de l’application défaillante backgroundTaskHost.exe, version : 10.0.17134.1, horodatage : 0xcb43d9c5 Nom du module défaillant : twinapi.appcore.dll, version : 10.0.17134.137, horodatage : 0xb5d50228 Code d’exception : 0xc000027b Décalage d’erreur : 0x000000000009cad5 ID du processus défaillant : 0x1b8 Heure de début de l’application défaillante : 0x01d560ecfdedcdbb Chemin d’accès de l’application défaillante : C:\WINDOWS\system32\backgroundTaskHost.exe Chemin d’accès du module défaillant: C:\Windows\System32\twinapi.appcore.dll ID de rapport : 8b8ea417-015b-491f-9182-679fa301a2a8 Nom complet du package défaillant : Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe ID de l’application relative au package défaillant : x4c7a3b7dy2188y46d4ya362y19ac5a5805e5x ------------ Nom de l’application défaillante ShellExperienceHost.exe, version : 10.0.17134.753, horodatage : 0x5cb9a3e6 Nom du module défaillant : Windows.UI.Xaml.dll, version : 10.0.17134.799, horodatage : 0x4c4ad50a Code d’exception : 0xc000027b Décalage d’erreur : 0x00000000006a6552 ID du processus défaillant : 0x72c Heure de début de l’application défaillante : 0x01d55ead0cbaeb11 Chemin d’accès de l’application défaillante : C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe Chemin d’accès du module défaillant: C:\Windows\System32\Windows.UI.Xaml.dll ID de rapport : 7ad600eb-b776-4f30-a912-cd8c87681eac Nom complet du package défaillant : Microsoft.Windows.ShellExperienceHost_10.0.17134.112_neutral_neutral_cw5n1h2txyewy ID de l’application relative au package défaillant : App ------------ Nom de l’application défaillante ShellExperienceHost.exe, version : 10.0.17134.753, horodatage : 0x5cb9a3e6 Nom du module défaillant : Windows.UI.Xaml.dll, version : 10.0.17134.799, horodatage : 0x4c4ad50a Code d’exception : 0xc000027b Décalage d’erreur : 0x00000000006a6552 ID du processus défaillant : 0x674 Heure de début de l’application défaillante : 0x01d55ead047de524 Chemin d’accès de l’application défaillante : C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe Chemin d’accès du module défaillant: C:\Windows\System32\Windows.UI.Xaml.dll ID de rapport : de869fe1-e68b-41c8-934d-ac21c3244a22 Nom complet du package défaillant : Microsoft.Windows.ShellExperienceHost_10.0.17134.112_neutral_neutral_cw5n1h2txyewy ID de l’application relative au package défaillant : App ------------ Nom de l’application défaillante ShellExperienceHost.exe, version : 10.0.17134.753, horodatage : 0x5cb9a3e6 Nom du module défaillant : Windows.UI.Xaml.dll, version : 10.0.17134.799, horodatage : 0x4c4ad50a Code d’exception : 0xc000027b Décalage d’erreur : 0x00000000006a6552 ID du processus défaillant : 0xc94 Heure de début de l’application défaillante : 0x01d55eacffeb0e84 Chemin d’accès de l’application défaillante : C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe Chemin d’accès du module défaillant: C:\Windows\System32\Windows.UI.Xaml.dll ID de rapport : 4720ab85-e8ed-4d33-8f2d-9531b23fbdce Nom complet du package défaillant : Microsoft.Windows.ShellExperienceHost_10.0.17134.112_neutral_neutral_cw5n1h2txyewy ID de l’application relative au package défaillant : App ------------ Nom de l’application défaillante ShellExperienceHost.exe, version : 10.0.17134.753, horodatage : 0x5cb9a3e6 Nom du module défaillant : Windows.UI.Xaml.dll, version : 10.0.17134.799, horodatage : 0x4c4ad50a Code d’exception : 0xc000027b Décalage d’erreur : 0x00000000006a6552 ID du processus défaillant : 0x104c Heure de début de l’application défaillante : 0x01d55e725f022ea6 Chemin d’accès de l’application défaillante : C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe Chemin d’accès du module défaillant: C:\Windows\System32\Windows.UI.Xaml.dll ID de rapport : da67735a-a4fa-4a17-a20d-a5fdf39b0321 Nom complet du package défaillant : Microsoft.Windows.ShellExperienceHost_10.0.17134.112_neutral_neutral_cw5n1h2txyewy ID de l’application relative au package défaillant : App ------------ Nom de l’application défaillante svchost.exe_DiagTrack, version : 10.0.17134.556, horodatage : 0xf23cada5 Nom du module défaillant : diagtrack.dll, version : 10.0.17134.799, horodatage : 0xa4e609e3 Code d’exception : 0xc0000409 Décalage d’erreur : 0x000000000001f310 ID du processus défaillant : 0x67c Heure de début de l’application défaillante : 0x01d55ea2d31086aa Chemin d’accès de l’application défaillante : C:\WINDOWS\System32\svchost.exe Chemin d’accès du module défaillant: c:\windows\system32\diagtrack.dll ID de rapport : fe8ce3f5-a54e-424d-a98a-75626b2b1718 Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Nom de l’application défaillante svchost.exe_DiagTrack, version : 10.0.17134.556, horodatage : 0xf23cada5 Nom du module défaillant : diagtrack.dll, version : 10.0.17134.799, horodatage : 0xa4e609e3 Code d’exception : 0xc0000409 Décalage d’erreur : 0x000000000001f310 ID du processus défaillant : 0x2798 Heure de début de l’application défaillante : 0x01d55ea2ccca348c Chemin d’accès de l’application défaillante : C:\WINDOWS\System32\svchost.exe Chemin d’accès du module défaillant: c:\windows\system32\diagtrack.dll ID de rapport : 65907493-af93-4114-89bf-2c603fc79ad1 Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Nom de l’application défaillante svchost.exe_DiagTrack, version : 10.0.17134.556, horodatage : 0xf23cada5 Nom du module défaillant : diagtrack.dll, version : 10.0.17134.799, horodatage : 0xa4e609e3 Code d’exception : 0xc0000409 Décalage d’erreur : 0x000000000001f310 ID du processus défaillant : 0x2630 Heure de début de l’application défaillante : 0x01d55ea2c37d4249 Chemin d’accès de l’application défaillante : C:\WINDOWS\System32\svchost.exe Chemin d’accès du module défaillant: c:\windows\system32\diagtrack.dll ID de rapport : 9b2b2909-26d4-4244-bb58-f8f805329f68 Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Échec de l’activation des licences (slui.exe) avec le code d’erreur suivant : hr=0xC004F074 Arguments de la ligne de commande : RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable ------------ Nom de l’application défaillante ShellExperienceHost.exe, version : 10.0.17134.753, horodatage : 0x5cb9a3e6 Nom du module défaillant : Windows.UI.Xaml.dll, version : 10.0.17134.799, horodatage : 0x4c4ad50a Code d’exception : 0xc000027b Décalage d’erreur : 0x00000000006a6552 ID du processus défaillant : 0x18f4 Heure de début de l’application défaillante : 0x01d55e7214f1e495 Chemin d’accès de l’application défaillante : C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe Chemin d’accès du module défaillant: C:\Windows\System32\Windows.UI.Xaml.dll ID de rapport : ab0dcf90-2409-4970-85e1-0d67abc8c4f3 Nom complet du package défaillant : Microsoft.Windows.ShellExperienceHost_10.0.17134.112_neutral_neutral_cw5n1h2txyewy ID de l’application relative au package défaillant : App ------------ Nom de l’application défaillante ShellExperienceHost.exe, version : 10.0.17134.753, horodatage : 0x5cb9a3e6 Nom du module défaillant : Windows.UI.Xaml.dll, version : 10.0.17134.799, horodatage : 0x4c4ad50a Code d’exception : 0xc000027b Décalage d’erreur : 0x00000000006a6552 ID du processus défaillant : 0x2834 Heure de début de l’application défaillante : 0x01d55e7159147363 Chemin d’accès de l’application défaillante : C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe Chemin d’accès du module défaillant: C:\Windows\System32\Windows.UI.Xaml.dll ID de rapport : 3aebe2cc-a736-4fe8-8e44-5315308549ed Nom complet du package défaillant : Microsoft.Windows.ShellExperienceHost_10.0.17134.112_neutral_neutral_cw5n1h2txyewy ID de l’application relative au package défaillant : App ------------ Nom de l’application défaillante ShellExperienceHost.exe, version : 10.0.17134.753, horodatage : 0x5cb9a3e6 Nom du module défaillant : Windows.UI.Xaml.dll, version : 10.0.17134.799, horodatage : 0x4c4ad50a Code d’exception : 0xc000027b Décalage d’erreur : 0x00000000006a6552 ID du processus défaillant : 0x1f0c Heure de début de l’application défaillante : 0x01d55e706b7fdcf9 Chemin d’accès de l’application défaillante : C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe Chemin d’accès du module défaillant: C:\Windows\System32\Windows.UI.Xaml.dll ID de rapport : 7703ebdc-5eeb-41c5-9fae-6b317aa6d055 Nom complet du package défaillant : Microsoft.Windows.ShellExperienceHost_10.0.17134.112_neutral_neutral_cw5n1h2txyewy ID de l’application relative au package défaillant : App ------------ ----------( EOF)---------- - 4395 | 20:07:47