--------------- QuickDiag | g3n-h@ckm@n | V5_25.08.19.1 --------------- ----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 01/09/2019 23:27:20 Updated 25/08/2019 | 15:30 (GMT) by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Time Zone : (UTC+01:00) Bruxelles, Copenhague, Madrid, Paris [overd (Administrator)] - [DESKTOP-L79GNMF] (S-1-5-21-3426031793-651430910-2054641259-1001) System: Microsoft Windows 10 Professionnel - - (10.0.17134) - BuildType: Multiprocessor Free - OSLanguage: 1036 (040c) -> (1803) System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True Boot : Microsoft Windows 10 Professionnel|C:\WINDOWS|\Device\Harddisk1\Partition4 Boot : Normal boot PC: 80WK - LENOVO - IdNumber: PF1115F3 - UUID: AB1A944A-E0AB-11E7-8A95-54E1ADF378E5 Processor : X64 - 2496 Mhz - Intel(R) Core(TM) i5-7300HQ CPU @ 2.50GHz 4KCN40WW - en|US|iso8859-1,0 - LENOVO - S/N: PF1115F3 - 4KCN40WW - LENOVO - 1 CoreTemp : ? Celsius ----------| Quick ---------- | SoundDevice Son Intel(R) pour écrans - Status: OK - Manufacturer: Intel(R) Corporation - PNPDeviceID: HDAUDIO\FUNC_01&VEN_8086&DEV_280B&SUBSYS_80860101&REV_1000\4&BC7FF4&0&0201 Realtek High Definition Audio - Status: OK - Manufacturer: Realtek - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0235&SUBSYS_17AA3844&REV_1000\4&BC7FF4&0&0001 NVIDIA Virtual Audio Device (Wave Extensible) (WDM) - Status: OK - Manufacturer: NVIDIA - PNPDeviceID: ROOT\UNNAMED_DEVICE\0000 ---------- | Video NVIDIA GeForce GTX 1050 - Resolution: x - Colors: - RefreshRate: - Bits Per Pixel - DeviceID: VideoController1 - Drivers: C:\WINDOWS\System32\DriverStore\FileRepository\nvlti.inf_amd64_7d75ec06a1da16da\nvldumdx.dll,C:\WINDOWS\System32\DriverStore\FileRepository\nvlti.inf_amd64_7d75ec06a1da16da\nvldumdx.dll,C:\WINDOWS\System32\DriverStore\FileRepository\nvlti.inf_amd64_7d75ec06a1da16da\nvldumdx.dll,C:\WINDOWS\System32\DriverStore\FileRepository\nvlti.inf_amd64_7d75ec06a1da16da\nvldumdx.dll - PNPDeviceID: PCI\VEN_10DE&DEV_1C8D&SUBSYS_39D117AA&REV_A1\4&2574EA12&0&0008 - AdapterCompatibility: NVIDIA - RAM: -2147483648 Intel(R) HD Graphics 630 - Resolution: 1920x1080 - Colors: 4294967296 - RefreshRate: 60 - 32 Bits Per Pixel - DeviceID: VideoController2 - Drivers: C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9dc776be3e13ad6d\igdumdim64.dll,C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9dc776be3e13ad6d\igd10iumd64.dll,C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9dc776be3e13ad6d\igd10iumd64.dll,C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9dc776be3e13ad6d\igd12umd64.dll - PNPDeviceID: PCI\VEN_8086&DEV_591B&SUBSYS_39D117AA&REV_04\3&11583659&0&10 - AdapterCompatibility: Intel Corporation - RAM: 1073741824 Inegrated Video Chipset DeviceName: NVIDIA GeForce GTX 1050 - DriverVersion: 26.21.14.3039 - SpecificationVersion: 1025 ---------- | Codecs c:\windows\system32\iyuv_32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 53760 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\tsbyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 16896 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msvidc32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 39424 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msgsm32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 42480 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 28160 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msrle32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 17920 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\imaadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 36264 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\l3codeca.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 86016 - Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK c:\windows\system32\msg711.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 25408 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 34696 - Manufacturer: Microsoft Corporation - Status: OK ---------- | CPU CPU #1 value:0 % CPU #2 value:0 % CPU #3 value:2 % CPU #4 value:0 % Total Overall CPU Usage value:0 % ---------- | Network Realtek PCIe GBE Family Controller : SENT:0 bytes/sec / RECVD:0 bytes/sec Intel[R] Dual Band Wireless-AC 3165 : SENT:0 bytes/sec / RECVD:0 bytes/sec Overall -> SEND Maxium:0 bytes/sec, / RECEIVE Maximum:0 bytes/sec Microsoft Kernel Debug Network Adapter - - Microsoft - Status: - PnPID : ROOT\KDNIC\0000 Realtek PCIe GBE Family Controller - Ethernet 802.3 - Realtek - Status: - PnPID : PCI\VEN_10EC&DEV_8168&SUBSYS_388417AA&REV_10\4&C30FDCB&0&00E3 Intel(R) Dual Band Wireless-AC 3165 - Ethernet 802.3 - Intel Corporation - Status: - PnPID : PCI\VEN_8086&DEV_3166&SUBSYS_42108086&REV_99\60F677FFFFA1CA1100 Microsoft Wi-Fi Direct Virtual Adapter - Ethernet 802.3 - Microsoft - Status: - PnPID : {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP_WFD\5&24F7EB7C&0&11 Bluetooth Device (RFCOMM Protocol TDI) - - Microsoft - Status: - PnPID : BTH\MS_RFCOMM\6&396464B6&0&0 Bluetooth Device (Personal Area Network) - Ethernet 802.3 - Microsoft - Status: - PnPID : BTH\MS_BTHPAN\6&396464B6&0&2 Microsoft Wi-Fi Direct Virtual Adapter #2 - Ethernet 802.3 - Microsoft - Status: - PnPID : {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP_WFD\5&24F7EB7C&0&12 WAN Miniport (SSTP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_SSTPMINIPORT WAN Miniport (IKEv2) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_AGILEVPNMINIPORT WAN Miniport (L2TP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_L2TPMINIPORT WAN Miniport (PPTP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_PPTPMINIPORT WAN Miniport (PPPOE) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_PPPOEMINIPORT WAN Miniport (IP) - Ethernet 802.3 - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_NDISWANIP WAN Miniport (IPv6) - Ethernet 802.3 - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_NDISWANIPV6 WAN Miniport (Network Monitor) - Ethernet 802.3 - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_NDISWANBH RAS Async Adapter - - - Status: - PnPID : ---------- | Memory RAM = Total (MB) : 8278 | Free (MB) : 6153 Pagefile = Total (MB) : 10179 | Free (MB) : 7423 Virtual = Total (MB) : 4194 | Free (MB) : 3898 Physical Memory 0 : Capacity: 8589934592 - ChannelA-DIMM0 - Posit.: 1 - Manufacturer: SK Hynix - PartNumber: HMA81GS6AFR8N-UH - S/N: 2AE98640 ---------- | SID Users Administrateur : [S-1-5-21-3426031793-651430910-2054641259-500] DefaultAccount : [S-1-5-21-3426031793-651430910-2054641259-503] Invité : [S-1-5-21-3426031793-651430910-2054641259-501] overd : [S-1-5-21-3426031793-651430910-2054641259-1001] WDAGUtilityAccount : [S-1-5-21-3426031793-651430910-2054641259-504] Administrateurs : [S-1-5-32-544] Administrateurs Hyper-V : [S-1-5-32-578] Duplicateurs : [S-1-5-32-552] IIS_IUSRS : [S-1-5-32-568] Invités : [S-1-5-32-546] Lecteurs des journaux d’événements : [S-1-5-32-573] Opérateurs d'assistance de contrôle d'accès : [S-1-5-32-579] Opérateurs de chiffrement : [S-1-5-32-569] Opérateurs de configuration réseau : [S-1-5-32-556] Opérateurs de sauvegarde : [S-1-5-32-551] System Managed Accounts Group : [S-1-5-32-581] Utilisateurs : [S-1-5-32-545] Utilisateurs avec pouvoir : [S-1-5-32-547] Utilisateurs de gestion à distance : [S-1-5-32-580] Utilisateurs de l’Analyseur de performances : [S-1-5-32-558] Utilisateurs du Bureau à distance : [S-1-5-32-555] Utilisateurs du journal de performances : [S-1-5-32-559] Utilisateurs du modèle COM distribué : [S-1-5-32-562] ---------- | SystemAccounts Name: Tout le monde - SID: S-1-1-0 - SIDType: 5 - Status: OK Name: LOCAL - SID: S-1-2-0 - SIDType: 5 - Status: OK Name: CREATEUR PROPRIETAIRE - SID: S-1-3-0 - SIDType: 5 - Status: OK Name: GROUPE CREATEUR - SID: S-1-3-1 - SIDType: 5 - Status: OK Name: CREATOR OWNER SERVER - SID: S-1-3-2 - SIDType: 5 - Status: OK Name: CREATOR GROUP SERVER - SID: S-1-3-3 - SIDType: 5 - Status: OK Name: DROITS DU PROPRIÉTAIRE - SID: S-1-3-4 - SIDType: 5 - Status: OK Name: LIGNE - SID: S-1-5-1 - SIDType: 5 - Status: OK Name: RESEAU - SID: S-1-5-2 - SIDType: 5 - Status: OK Name: TACHE - SID: S-1-5-3 - SIDType: 5 - Status: OK Name: INTERACTIF - SID: S-1-5-4 - SIDType: 5 - Status: OK Name: SERVICE - SID: S-1-5-6 - SIDType: 5 - Status: OK Name: ANONYMOUS LOGON - SID: S-1-5-7 - SIDType: 5 - Status: OK Name: Proxy - SID: S-1-5-8 - SIDType: 5 - Status: OK Name: Système - SID: S-1-5-18 - SIDType: 5 - Status: OK Name: ENTERPRISE DOMAIN CONTROLLERS - SID: S-1-5-9 - SIDType: 5 - Status: OK Name: SELF - SID: S-1-5-10 - SIDType: 5 - Status: OK Name: Utilisateurs authentifiés - SID: S-1-5-11 - SIDType: 5 - Status: OK Name: RESTRICTED - SID: S-1-5-12 - SIDType: 5 - Status: OK Name: UTILISATEUR TERMINAL SERVER - SID: S-1-5-13 - SIDType: 5 - Status: OK Name: REMOTE INTERACTIVE LOGON - SID: S-1-5-14 - SIDType: 5 - Status: OK Name: IUSR - SID: S-1-5-17 - SIDType: 5 - Status: OK Name: SERVICE LOCAL - SID: S-1-5-19 - SIDType: 5 - Status: OK Name: SERVICE RÉSEAU - SID: S-1-5-20 - SIDType: 5 - Status: OK Name: BUILTIN - SID: S-1-5-32 - SIDType: 3 - Status: OK ---------- | Drives C:\ -> [Fixed] | [] | Total : 118.64 Go | Free : 69.36 Go -> NTFS (SSD) D:\ -> [Fixed] | [] | Total : 0.98 Go | Free : 0.95 Go -> NTFS [SATA] E:\ -> [Fixed] | [] | Total : 0.49 Go | Free : 0.47 Go -> NTFS (SSD) V:\ -> [Fixed] | [Nouveau nom] | Total : 930.53 Go | Free : 647.5 Go -> NTFS [SATA] Disk Usage Information [2 total Physical Disks] Physical Drive #0 [D:, V:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Physical Drive #1 [E:, C:] : Read:130,197 bytes/sec, Written:2,093,325 bytes/sec Max Read:130,197 bytes/sec, Max Write:2,093,325 bytes/sec Overall - Read Maximum:130,197 bytes/sec, Write Maximum:2,093,325 bytes/sec DeviceID: \\.\PHYSICALDRIVE1 - Status: OK - SCSI - Fixed hard disk media - 3 Part. - PnPID : SCSI\DISK&VEN_NVME&PROD_SAMSUNG_MZVLW128\5&32D48DCA&0&000000 DeviceID: \\.\PHYSICALDRIVE0 - Status: OK - IDE - Fixed hard disk media - 2 Part. - PnPID : SCSI\DISK&VEN_ST1000LM&PROD_035-1RK172\4&2ABCD9BC&0&000200 ---------- | Windows updates - Activation - License W.A.T : :) Test 1 : Windows Is Activated Volume License ---------- | Browsers IE : 11.0.17134.1 (© Microsoft Corporation. Tous droits réservés.) Default : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" ---------- | FlashPlayer FlashPlayer ActiveX : 32.0.0.207 ---------- | Security FW : WINDOWS Firewall WMI : OK WU: Windows Update Service [Auto(2)] = Running AS: Windows Defender [Auto(2)] = Running WMI: Windows Management Instrumentation [Auto(2)] = Running ---------- | Running processes 388 | [Owner : Système | Parent : 4(System) | ?????] - (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (10.0.17134.590) = C:\Windows\System32\smss.exe [13/02/2019 21:14:55] CPU Usage:0 % 620 | [Owner : Système | Parent : 588() | ?????] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (10.0.17134.1) = C:\Windows\System32\csrss.exe [12/04/2018 01:34:22] CPU Usage:0 % 724 | [Owner : Système | Parent : 588() | ?????] - (.Microsoft Corporation - Application de démarrage de Windows.) - (10.0.17134.1) = C:\Windows\System32\wininit.exe [12/04/2018 01:34:22] CPU Usage:0 % 732 | [Owner : Système | Parent : 716() | ?????] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (10.0.17134.1) = C:\Windows\System32\csrss.exe [12/04/2018 01:34:22] CPU Usage:0 % 796 | [Owner : Système | Parent : 724(wininit.exe) | ?????] - (.Microsoft Corporation - Applications Services et Contrôleur.) - (10.0.17134.191) = C:\Windows\System32\services.exe [16/08/2018 16:13:37] CPU Usage:0 % 816 | [Owner : Système | Parent : 724(wininit.exe) | 17.78 Mo] - (.Microsoft Corporation - Local Security Authority Process.) - (10.0.17134.376) = C:\Windows\System32\lsass.exe [13/11/2018 22:38:51] CPU Usage:0 % 920 | [Owner : Système | Parent : 796(services.exe) | 3.88 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 940 | [Owner : Système | Parent : 796(services.exe) | 29.24 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 956 | [Owner : UMFD-0 | Parent : 724(wininit.exe) | 4.09 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.17134.765) = C:\Windows\System32\fontdrvhost.exe [14/05/2019 22:09:30] CPU Usage:0 % 76 | [Owner : SERVICE RÉSEAU | Parent : 796(services.exe) | 12.47 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 544 | [Owner : Système | Parent : 796(services.exe) | 7.79 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 936 | [Owner : Système | Parent : 716() | 10.3 Mo] - (.Microsoft Corporation - Application d’ouverture de session Windows.) - (10.0.17134.319) = C:\Windows\System32\winlogon.exe [09/10/2018 21:42:54] CPU Usage:0 % 1032 | [Owner : UMFD-1 | Parent : 936(winlogon.exe) | 5.8 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.17134.765) = C:\Windows\System32\fontdrvhost.exe [14/05/2019 22:09:30] CPU Usage:0 % 1108 | [Owner : DWM-1 | Parent : 936(winlogon.exe) | 68.21 Mo] - (.Microsoft Corporation - Gestionnaire de fenêtres du Bureau.) - (10.0.17134.1) = C:\Windows\System32\dwm.exe [12/04/2018 01:34:19] CPU Usage:0 % 1176 | [Owner : Système | Parent : 796(services.exe) | 7.68 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 1192 | [Owner : SERVICE LOCAL | Parent : 796(services.exe) | 5.5 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 1200 | [Owner : SERVICE LOCAL | Parent : 796(services.exe) | 11.26 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 1208 | [Owner : SERVICE LOCAL | Parent : 796(services.exe) | 7.84 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 1312 | [Owner : SERVICE LOCAL | Parent : 796(services.exe) | 11.38 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 1324 | [Owner : Système | Parent : 796(services.exe) | 9.73 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 1348 | [Owner : Système | Parent : 796(services.exe) | 15.16 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 1480 | [Owner : Système | Parent : 796(services.exe) | 10.74 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 1500 | [Owner : Système | Parent : 796(services.exe) | 5.94 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 1560 | [Owner : Système | Parent : 796(services.exe) | 7.18 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 1572 | [Owner : SERVICE LOCAL | Parent : 796(services.exe) | 7.95 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 1596 | [Owner : SERVICE LOCAL | Parent : 796(services.exe) | 20.82 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 1688 | [Owner : Système | Parent : 796(services.exe) | 7.04 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 1696 | [Owner : Système | Parent : 796(services.exe) | 9.4 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 1788 | [Owner : SERVICE LOCAL | Parent : 796(services.exe) | 7.87 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 1924 | [Owner : Système | Parent : 796(services.exe) | 16.35 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.15.2586.5913) = C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [06/02/2019 22:34:20] CPU Usage:0 % 1956 | [Owner : SERVICE LOCAL | Parent : 1688(svchost.exe) | 8.98 Mo] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (10.0.17134.1) = C:\Windows\System32\dasHost.exe [12/04/2018 01:34:12] CPU Usage:0 % 1972 | [Owner : Système | Parent : 796(services.exe) | 7.82 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 1992 | [Owner : SERVICE LOCAL | Parent : 796(services.exe) | 7.63 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 2008 | [Owner : SERVICE LOCAL | Parent : 796(services.exe) | 19.81 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 1028 | [Owner : SERVICE LOCAL | Parent : 796(services.exe) | 10.88 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 2052 | [Owner : Système | Parent : 796(services.exe) | 12.44 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 2060 | [Owner : SERVICE LOCAL | Parent : 796(services.exe) | 7.91 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 2068 | [Owner : Système | Parent : 796(services.exe) | 5.82 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 2204 | [Owner : SERVICE RÉSEAU | Parent : 796(services.exe) | 12.12 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 2272 | [Owner : SERVICE RÉSEAU | Parent : 796(services.exe) | 7.8 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 2280 | [Owner : Système | Parent : 796(services.exe) | 8.54 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 2356 | [Owner : Système | Parent : 796(services.exe) | 8.41 Mo] - (.Intel Corporation - igfxCUIService Module.) - (6.15.10.4836) = C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9dc776be3e13ad6d\igfxCUIService.exe [21/11/2017 19:20:56] CPU Usage:0 % 2496 | [Owner : SERVICE LOCAL | Parent : 796(services.exe) | 9.59 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 2504 | [Owner : Système | Parent : 796(services.exe) | 8.15 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 2516 | [Owner : SERVICE LOCAL | Parent : 796(services.exe) | 9.82 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 2676 | [Owner : SERVICE LOCAL | Parent : 796(services.exe) | 16.06 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 2752 | [Owner : Système | Parent : 796(services.exe) | 15.84 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 2760 | [Owner : SERVICE LOCAL | Parent : 796(services.exe) | 7.22 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 2920 | [Owner : SERVICE RÉSEAU | Parent : 796(services.exe) | 16.62 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 2936 | [Owner : Système | Parent : 796(services.exe) | 13.08 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 2212 | [Owner : SERVICE LOCAL | Parent : 796(services.exe) | 7.61 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 2860 | [Owner : Système | Parent : 796(services.exe) | 19.3 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 3120 | [Owner : Système | Parent : 796(services.exe) | 12.41 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 3360 | [Owner : SERVICE RÉSEAU | Parent : 940(svchost.exe) | 15.38 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.17134.1) = C:\Windows\System32\wbem\WmiPrvSE.exe [12/04/2018 01:34:40] CPU Usage:0 % 3580 | [Owner : SERVICE LOCAL | Parent : 796(services.exe) | 8.38 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 3608 | [Owner : Système | Parent : 796(services.exe) | 8.92 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 3736 | [Owner : SERVICE LOCAL | Parent : 796(services.exe) | 12.94 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 3808 | [Owner : Système | Parent : 796(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 3876 | [Owner : Système | Parent : 1924(NVDisplay.Container.exe) | 30.1 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.15.2586.5913) = C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [06/02/2019 22:34:20] CPU Usage:0 % 3140 | [Owner : Système | Parent : 796(services.exe) | 10.58 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 612 | [Owner : Système | Parent : 796(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 3232 | [Owner : Système | Parent : 796(services.exe) | 7.11 Mo] - (.Realtek Semiconductor - Realtek Audio Service.) - (1.0.0.88) = C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [02/02/2018 22:26:22] CPU Usage:0 % 608 | [Owner : SERVICE LOCAL | Parent : 2676(svchost.exe) | 17.35 Mo] - (.Microsoft Corporation - Isolation graphique de périphérique audio Windows.) - (10.0.17134.829) = C:\Windows\System32\audiodg.exe [12/06/2019 16:40:38] CPU Usage:0 % 4316 | [Owner : SERVICE LOCAL | Parent : 796(services.exe) | 12.33 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 4324 | [Owner : SERVICE LOCAL | Parent : 796(services.exe) | 6.49 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 4432 | [Owner : Système | Parent : 796(services.exe) | 15.42 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 4484 | [Owner : Système | Parent : 796(services.exe) | 11.94 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 4532 | [Owner : Système | Parent : 796(services.exe) | 17.58 Mo] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.17134.1) = C:\Windows\System32\spoolsv.exe [12/04/2018 01:34:41] CPU Usage:0 % 4580 | [Owner : SERVICE RÉSEAU | Parent : 796(services.exe) | 8.16 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 4676 | [Owner : SERVICE LOCAL | Parent : 796(services.exe) | 18.24 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 4684 | [Owner : Système | Parent : 796(services.exe) | 6.59 Mo] - (.Intel Corporation - Intel HD Graphics Drivers for Windows(R).) - (22.20.16.4836) = C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9dc776be3e13ad6d\IntelCpHDCPSvc.exe [21/11/2017 19:22:06] CPU Usage:0 % 4704 | [Owner : Système | Parent : 796(services.exe) | 7.58 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 4712 | [Owner : Système | Parent : 796(services.exe) | 38.22 Mo] - (.Intel - DSAService.) - (3.1.2.2) = C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe [17/01/2018 16:32:58] CPU Usage:0 % 4720 | [Owner : Système | Parent : 796(services.exe) | 6.92 Mo] - (.Adobe Systems Incorporated - Adobe Update Service.) - (4.6.0.384) = C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [22/06/2018 06:13:20] CPU Usage:0 % 4732 | [Owner : Système | Parent : 796(services.exe) | 11.18 Mo] - (.Adobe Systems, Incorporated - Adobe Genuine Software Integrity Service.) - (6.3.1.77) = C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [23/08/2017 11:51:32] CPU Usage:0 % 4740 | [Owner : Système | Parent : 796(services.exe) | 10.07 Mo] - (.Adobe Systems, Incorporated - Adobe Genuine Software Service.) - (6.3.1.77) = C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [11/05/2018 12:50:52] CPU Usage:0 % 4752 | [Owner : Système | Parent : 796(services.exe) | 29.56 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.15.2586.5913) = C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [24/05/2018 20:20:51] CPU Usage:0 % 4764 | [Owner : SERVICE RÉSEAU | Parent : 796(services.exe) | 10.04 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 4784 | [Owner : SERVICE RÉSEAU | Parent : 796(services.exe) | 15.78 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.15.2586.5913) = C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [19/01/2019 14:18:24] CPU Usage:0 % 4808 | [Owner : Système | Parent : 796(services.exe) | 20.39 Mo] - (.Lenovo(beijing) Limited - Services principaux Lenovo Nerve Center(Sense).) - (2.6.11.8) = C:\Program Files\Lenovo\Nerve Center\bin\x64\PluginLoaderSvc.exe [03/02/2018 12:31:07] CPU Usage:0 % 4828 | [Owner : Système | Parent : 796(services.exe) | ?????] - (.Microsoft Corporation - Windows Security Health Service.) - (4.13.17134.191) = C:\Windows\System32\SecurityHealthService.exe [16/08/2018 16:13:41] CPU Usage:0 % 4836 | [Owner : SERVICE LOCAL | Parent : 796(services.exe) | 6.56 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 4860 | [Owner : SERVICE LOCAL | Parent : 796(services.exe) | 7.84 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 4888 | [Owner : Système | Parent : 796(services.exe) | 8.7 Mo] - (.Synaptics Incorporated - 64-bit Synaptics Pointing Enhance Service.) - (19.4.18.30) = C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [29/01/2018 07:22:44] CPU Usage:0 % 4940 | [Owner : Système | Parent : 796(services.exe) | 5.56 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 4948 | [Owner : SERVICE LOCAL | Parent : 796(services.exe) | 6.65 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 4988 | [Owner : Système | Parent : 796(services.exe) | ?????] - (.Microsoft Corporation - Antimalware Service Executable.) - (4.18.1907.4) = C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\MsMpEng.exe [04/08/2019 15:44:16] CPU Usage:0 % 5036 | [Owner : Système | Parent : 796(services.exe) | 20.38 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 5216 | [Owner : SERVICE LOCAL | Parent : 796(services.exe) | 5.47 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 5240 | [Owner : Système | Parent : 796(services.exe) | 11.9 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 5540 | [Owner : Système | Parent : 796(services.exe) | 7.74 Mo] - (.Intel Corporation - IntelCpHeciSvc Executable.) - (9.0.18.917) = C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9dc776be3e13ad6d\IntelCpHeciSvc.exe [21/11/2017 19:22:10] CPU Usage:0 % 5596 | [Owner : Système | Parent : 940(svchost.exe) | 6.62 Mo] - (.Microsoft Corporation - Sink to receive asynchronous callbacks for WMI client application.) - (10.0.17134.1) = C:\Windows\System32\wbem\unsecapp.exe [12/04/2018 01:34:40] CPU Usage:0 % 5692 | [Owner : Système | Parent : 4752(nvcontainer.exe) | 7.64 Mo] - (.Microsoft Corporation - Processus hôte Windows (Rundll32).) - (10.0.17134.1) = C:\Windows\System32\rundll32.exe [12/04/2018 01:34:33] CPU Usage:0 % 6256 | [Owner : Système | Parent : 796(services.exe) | 5.78 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 7148 | [Owner : overd | Parent : 4752(nvcontainer.exe) | 26.16 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.15.2586.5913) = C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [24/05/2018 20:20:51] CPU Usage:0 % 7156 | [Owner : overd | Parent : 4752(nvcontainer.exe) | 39.2 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.15.2586.5913) = C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [24/05/2018 20:20:51] CPU Usage:0 % 6352 | [Owner : overd | Parent : 1696(svchost.exe) | 24.46 Mo] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.17134.1) = C:\Windows\System32\sihost.exe [12/04/2018 01:34:12] CPU Usage:0 % 6356 | [Owner : overd | Parent : 796(services.exe) | 25.92 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 6412 | [Owner : Système | Parent : 3232(RtkAudioService64.exe) | 13.99 Mo] - (.Realtek Semiconductor - HD Audio Background Process.) - (1.0.0.295) = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [02/02/2018 22:26:21] CPU Usage:0 % 6048 | [Owner : overd | Parent : 796(services.exe) | 28.43 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 4932 | [Owner : SERVICE LOCAL | Parent : 796(services.exe) | 21.4 Mo] - (.Microsoft Corporation - PresentationFontCache.exe.) - (3.0.6920.8931) = C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe [19/05/2018 12:40:41] CPU Usage:0 % 5740 | [Owner : overd | Parent : 1348(svchost.exe) | 11.98 Mo] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.17134.619) = C:\Windows\System32\taskhostw.exe [13/03/2019 20:27:22] CPU Usage:0 % 6632 | [Owner : overd | Parent : 1348(svchost.exe) | 4.81 Mo] - (.Lenovo(beijing) Limited - Mise à jour moteur Lenovo Nerve Center(Sense).) - (2.6.11.8) = C:\Program Files\Lenovo\Nerve Center\bin\x64\LenovoNerveCenterUpdateAgent.exe [03/02/2018 12:30:54] CPU Usage:0 % 6620 | [Owner : Système | Parent : 796(services.exe) | 7.95 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 1912 | [Owner : overd | Parent : 6620(svchost.exe) | 13.64 Mo] - (.Microsoft Corporation - Chargeur CTF.) - (10.0.17134.1) = C:\Windows\System32\ctfmon.exe [12/04/2018 01:34:37] CPU Usage:0 % 552 | [Owner : overd | Parent : 3344() | 114.24 Mo] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.17134.677) = C:\Windows\explorer.exe [10/04/2019 16:24:40] CPU Usage:0 % 1540 | [Owner : overd | Parent : 6944() | 12.93 Mo] - (.Intel Corporation - igfxEM Module.) - (6.15.10.4836) = C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9dc776be3e13ad6d\igfxEM.exe [21/11/2017 19:21:24] CPU Usage:0 % 3748 | [Owner : SERVICE LOCAL | Parent : 796(services.exe) | 19 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 7248 | [Owner : Système | Parent : 796(services.exe) | 14.17 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 7484 | [Owner : Système | Parent : 796(services.exe) | 7.89 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 7496 | [Owner : Système | Parent : 940(svchost.exe) | 9.23 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.17134.1) = C:\Windows\System32\wbem\WmiPrvSE.exe [12/04/2018 01:34:40] CPU Usage:0 % 7624 | [Owner : overd | Parent : 940(svchost.exe) | 65.51 Mo] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.17134.753) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [14/05/2019 22:09:27] CPU Usage:0 % 7876 | [Owner : overd | Parent : 4888(SynTPEnhService.exe) | 20.26 Mo] - (.Synaptics Incorporated - Synaptics TouchPad 64-bit Enhancements.) - (19.4.18.30) = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [29/01/2018 07:22:42] CPU Usage:0 % 7208 | [Owner : Système | Parent : 796(services.exe) | 6.08 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 7780 | [Owner : overd | Parent : 7980() | 5.28 Mo] - (.Synaptics Incorporated - Synaptics Pointing Device Helper.) - (19.4.18.30) = C:\Program Files\Synaptics\SynTP\SynTPHelper.exe [29/01/2018 07:22:46] CPU Usage:0 % 8420 | [Owner : overd | Parent : 940(svchost.exe) | 31.96 Mo] - (.Microsoft Corporation - Host Process for Setting Synchronization.) - (10.0.17134.753) = C:\Windows\System32\SettingSyncHost.exe [14/05/2019 22:09:24] CPU Usage:0 % 8104 | [Owner : overd | Parent : 812() | 40.85 Mo] - (.Node.js - NVIDIA Web Helper Service.) - (11.13.0.0) = C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe [24/05/2018 20:20:53] CPU Usage:0 % 7580 | [Owner : overd | Parent : 8104(NVIDIA Web Helper.exe) | 5.26 Mo] - (.Microsoft Corporation - Hôte de la fenêtre de la console.) - (10.0.17134.1) = C:\Windows\System32\conhost.exe [12/04/2018 01:34:20] CPU Usage:0 % 8188 | [Owner : overd | Parent : 4752(nvcontainer.exe) | 12.18 Mo] - (.NVIDIA Corporation - NVIDIA ShadowPlay Helper.) - (3.19.0.107) = C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe [24/05/2018 20:20:58] CPU Usage:0 % 7084 | [Owner : overd | Parent : 7148(nvcontainer.exe) | 59.14 Mo] - (.NVIDIA Corporation - NVIDIA Share.) - (73.3683.1933.1) = C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe [24/05/2018 20:20:56] CPU Usage:0 % 8984 | [Owner : Système | Parent : 796(services.exe) | 15.81 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 8580 | [Owner : overd | Parent : 7084(NVIDIA Share.exe) | 39.84 Mo] - (.NVIDIA Corporation - NVIDIA Share.) - (73.3683.1933.1) = C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe [24/05/2018 20:20:56] CPU Usage:0 % 3356 | [Owner : overd | Parent : 7084(NVIDIA Share.exe) | 69.72 Mo] - (.NVIDIA Corporation - NVIDIA Share.) - (73.3683.1933.1) = C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe [24/05/2018 20:20:56] CPU Usage:0 % 9116 | [Owner : overd | Parent : 552(explorer.exe) | 12.38 Mo] - (.Microsoft Corporation - Windows Defender notification icon.) - (4.13.17134.1) = C:\Program Files\Windows Defender\MSASCuiL.exe [12/04/2018 01:33:58] CPU Usage:0 % 9244 | [Owner : overd | Parent : 940(svchost.exe) | 8.74 Mo] - (.Microsoft Corporation - Windows Defender SmartScreen.) - (10.0.17134.677) = C:\Windows\System32\smartscreen.exe [10/04/2019 16:24:24] CPU Usage:0 % 9276 | [Owner : overd | Parent : 552(explorer.exe) | 16.72 Mo] - (.Lenovo(beijing) Limited - Lenovo Nerve Center(Sense) Tray - Une application Lenovo développée dans le but d'optimiser votre expérience de jeu.) - (2.6.11.8) = C:\Program Files\Lenovo\Nerve Center\bin\x64\LenovoNerveCenterTray.exe [03/02/2018 12:31:03] CPU Usage:0 % 9660 | [Owner : overd | Parent : 552(explorer.exe) | 13.46 Mo] - (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) - (1.0.0.1128) = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [02/02/2018 22:26:21] CPU Usage:0 % 9740 | [Owner : overd | Parent : 796(services.exe) | 20.01 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 9848 | [Owner : overd | Parent : 552(explorer.exe) | 14 Mo] - (.Realtek Semiconductor - HD Audio Background Process.) - (1.0.0.295) = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [02/02/2018 22:26:21] CPU Usage:0 % 9992 | [Owner : overd | Parent : 4808(PluginLoaderSvc.exe) | 5.4 Mo] - (.Lenovo(beijing) Limited - HotkeyMonitor - Analyse des touches de raccourci Lenovo Nerve Center (Sense).) - (2.6.11.8) = C:\Program Files\Lenovo\Nerve Center\bin\x64\HotkeyMonitor.exe [03/02/2018 12:31:07] CPU Usage:0 % 10056 | [Owner : overd | Parent : 552(explorer.exe) | 13.97 Mo] - (.Realtek Semiconductor - HD Audio Background Process.) - (1.0.0.295) = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [02/02/2018 22:26:21] CPU Usage:0 % 7828 | [Owner : Système | Parent : 796(services.exe) | 7.96 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 9548 | [Owner : overd | Parent : 940(svchost.exe) | 21.42 Mo] - (.Microsoft Corporation - Application Frame Host.) - (10.0.17134.1) = C:\Windows\System32\ApplicationFrameHost.exe [12/04/2018 01:34:18] CPU Usage:0 % 10320 | [Owner : overd | Parent : 940(svchost.exe) | 10.04 Mo] - (.Microsoft Corporation - COM Surrogate.) - (10.0.17134.1) = C:\Windows\System32\dllhost.exe [12/04/2018 01:34:22] CPU Usage:0 % 7596 | [Owner : Système | Parent : 796(services.exe) | 18.9 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 10180 | [Owner : Système | Parent : 796(services.exe) | 43.06 Mo] - (.Dolby Laboratories, Inc. - DolbyDAX2API.) - (0.8.8.87) = C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [26/09/2018 00:30:02] CPU Usage:0 % 2264 | [Owner : Système | Parent : 796(services.exe) | 9.85 Mo] - (.Microsoft Corporation - sedsvc.) - (10.0.17134.10066) = C:\Program Files\rempl\sedsvc.exe [11/06/2019 11:37:42] CPU Usage:0 % 6380 | [Owner : Système | Parent : 796(services.exe) | ?????] - (.Microsoft Corporation - Service Broker du moniteur d'exécution System Guard.) - (10.0.17134.1) = C:\Windows\System32\SgrmBroker.exe [12/04/2018 01:34:04] CPU Usage:0 % 3596 | [Owner : Système | Parent : 796(services.exe) | 13.93 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 10580 | [Owner : SERVICE LOCAL | Parent : 796(services.exe) | 9.03 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 21:14:58] CPU Usage:0 % 3840 | [Owner : Système | Parent : 796(services.exe) | 19.08 Mo] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.17134.677) = C:\Windows\System32\SearchIndexer.exe [10/04/2019 16:24:45] CPU Usage:0 % 10796 | [Owner : Système | Parent : 3840(SearchIndexer.exe) | 11.92 Mo] - (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) - (7.0.17134.677) = C:\Windows\System32\SearchProtocolHost.exe [10/04/2019 16:24:47] CPU Usage:0 % 3604 | [Owner : Système | Parent : 3840(SearchIndexer.exe) | 6.14 Mo] - (.Microsoft Corporation - Microsoft Windows Search Filter Host.) - (7.0.17134.677) = C:\Windows\System32\SearchFilterHost.exe [10/04/2019 16:24:47] CPU Usage:0 % 10972 | [Owner : overd | Parent : 552(explorer.exe) | 57.19 Mo] - (.SosVirus - QuickDiag.) - (25.8.19.1) = C:\Users\overd\Desktop\QuickDiag.exe [28/08/2019 18:40:21] CPU Usage:0 % 6344 | [Owner : SERVICE RÉSEAU | Parent : 940(svchost.exe) | 9.58 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.17134.1) = C:\Windows\SysWOW64\wbem\WmiPrvSE.exe [12/04/2018 01:34:55] CPU Usage:0 % ---------- | Locked Applications ---------- | Explorer.exe Modules (Microsoft Files Whitelisted) (.Lenovo(beijing) Limited.-.Lenovo Nerve Center(Sense).) - (2.6.11.8) -- C:\Program Files\Lenovo\Nerve Center\bin\x64\Taskbar.dll (..-..) - (0.0.0.0) -- C:\Windows\System32\InputHost.dll (.Intel Corporation.-.User Mode Driver for Intel(R) Graphics Technology.) - (22.20.16.4836) -- C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9dc776be3e13ad6d\igd10iumd64.dll (.Intel Corporation.-.Intel Graphics Shader Compiler for Intel(R) Graphics Accelerator.) - (22.20.16.4836) -- C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9dc776be3e13ad6d\igc64.dll (..-.Core Sync.) - (2.4.6.82) -- C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll (..-..) - (0.0.0.0) -- C:\Windows\ShellExperiences\TileControl.dll (..-..) - (0.0.0.0) -- C:\Windows\ShellComponents\TaskFlowUI.dll (.Alexander Roshal.-.WinRAR shell extension.) - (5.60.0.0) -- V:\Program Files (x86)\WinRAR\rarext64.dll (.NVIDIA Corporation.-.NVIDIA Shell Extensions.) - (6.14.14.3039) -- C:\WINDOWS\system32\nv3dappshext.dll (.NVIDIA Corporation.-.NVIDIA NVAPI Library, Version 430.39.) - (26.21.14.3039) -- C:\WINDOWS\system32\nvapi64.dll (.NVIDIA Corporation.-.NVIDIA French language resource library.) - (6.14.14.3039) -- C:\WINDOWS\SYSTEM32\Nv3DAppShExtR.dll ---------- | Winlogon.exe Modules (Microsoft Files Whitelisted) ---------- | svchost.exe Modules (Microsoft Files Whitelisted) (.SQLite Development Team.-.SQLite is a software library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine..) - (3.21.0.0) -- C:\WINDOWS\System32\winsqlite3.dll (..-..) - (0.0.0.0) -- C:\Windows\System32\InputHost.dll ---------- | ZeroAccess Check [HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll [HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll [HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll ---------- | Startings up OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-19\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE LOCAL OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-20\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE RÉSEAU GameCenter - ("C:\Users\overd\AppData\Local\GameCenter\GameCenter.exe" -autostart [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\SOFTWARE\...\Run]) - User: DESKTOP-L79GNMF\overd Discord - (C:\Users\overd\AppData\Local\Discord\app-0.0.304\Discord.exe [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\SOFTWARE\...\Run]) - User: DESKTOP-L79GNMF\overd SecurityHealth - (%ProgramFiles%\Windows Defender\MSASCuiL.exe [HKLM\SOFTWARE\...\Run]) - User: Public NerveCenterTray - ("C:\Program Files\Lenovo\Nerve Center\bin\x64\LenovoNerveCenterTray.exe" -autostart [HKLM\SOFTWARE\...\Run]) - User: Public RTHDVCPL - ("C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s [HKLM\SOFTWARE\...\Run]) - User: Public RtHDVBg_Dolby - ("C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4 [HKLM\SOFTWARE\...\Run]) - User: Public RtHDVBg_LENOVO_DOLBYDRAGON - ("C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /LENOVO_DOLBYDRAGON [HKLM\SOFTWARE\...\Run]) - User: Public AdobeAAMUpdater-1.0 - ("C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [HKLM\SOFTWARE\...\Run]) - User: Public AdobeGCInvoker-1.0 - ("C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe" [HKLM\SOFTWARE\...\Run]) - User: Public [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Microsoft\Command Processor] "CompletionChar"=9 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=9 [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Microsoft\Windows\CurrentVersion\Run] "GameCenter"="C:\Users\overd\AppData\Local\GameCenter\GameCenter.exe" -autostart "Discord"=C:\Users\overd\AppData\Local\Discord\app-0.0.304\Discord.exe [31/01/2019 15:33:12] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run] "OneDriveSetup"=0x0300000031294E1388F1D301 "Steam"=0x030000000D42816A9A01D401 "Discord"=0x0300000024AB74609A01D401 "CCleaner Monitoring"=0x030000004C1BED5E9A01D401 "CCleaner Smart Cleaning"=0x03000000DBA85FBA8586D401 "GameCenter"=0x030000002C25027757A0D401 [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "Device"=HP Photosmart C4400 series,winspool,Ne05: "IsMRUEstablished"=1 "LegacyDefaultPrinterMode"=0 [HKLM\Software\Microsoft\Command Processor] "DefaultColor"=0 "EnableExtensions"=1 "CompletionChar"=64 "PathCompletionChar"=64 [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "SecurityHealth"=%ProgramFiles%\Windows Defender\MSASCuiL.exe "NerveCenterTray"="C:\Program Files\Lenovo\Nerve Center\bin\x64\LenovoNerveCenterTray.exe" -autostart "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s "RtHDVBg_Dolby"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4 "RtHDVBg_LENOVO_DOLBYDRAGON"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /LENOVO_DOLBYDRAGON "AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" "AdobeGCInvoker-1.0"="C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe" [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run] "SecurityHealth"=0x060000000000000000000000 "NerveCenterTray"=0x060000000000000000000000 "RTHDVCPL"=0x060000000000000000000000 "RtHDVBg_Dolby"=0x060000000000000000000000 "RtHDVBg_LENOVO_DOLBYDRAGON"=0x060000000000000000000000 "AvastUI.exe"=0x03000000F4757C5D9A01D401 "AdobeGCInvoker-1.0"=0x030000004A1C23B78586D401 "AdobeAAMUpdater-1.0"=0x030000009891DEB88586D401 "iTunesHelper"=0x03000000824D46BE8586D401 "WindowsDefender"=0x020000000000000000000000 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32] "DSATray"=0x070000001663C9659A01D401 "Adobe Creative Cloud"=0x03000000D7FBDEB48586D401 "SunJavaUpdateSched"=0x03000000B62F52C78586D401 "T5"=0x0300000069FBFDF6C84AD501 [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] ""=mnmsrvc "DdeSendTimeout"=0 "DesktopHeapLogging"=1 "DeviceNotSelectedTimeout"=15 "DwmInputUsesIoCompletionPort"=1 "EnableDwmInputProcessing"=7 "GDIProcessHandleQuota"=10000 "IconServiceLib"=IconCodecService.dll "LoadAppInit_DLLs"=0 "NaturalInputHandler"=Ninput.dll "ShutdownWarningDialogTimeout"=4294967295 "Spooler"=yes "ThreadUnresponsiveLogTimeout"=500 "TransmissionRetryTimeout"=90 "USERNestedWindowLimit"=50 "USERPostMessageLimit"=10000 "USERProcessHandleQuota"=10000 "Win32kLastWriteTime"=1D3D1ED98C0F7D8 "APPINIT_DLLS"= [HKLM\Software\WOW6432Node\Microsoft\Command Processor] "CompletionChar"=9 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=9 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] "DSATray"=C:\Program Files (x86)\Intel Driver and Support Assistant\DsaTray.exe [17/01/2018 16:32:44] "Adobe Creative Cloud"="C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows] ""=mnmsrvc "DdeSendTimeout"=0 "DesktopHeapLogging"=1 "DeviceNotSelectedTimeout"=15 "DwmInputUsesIoCompletionPort"=1 "EnableDwmInputProcessing"=7 "GDIProcessHandleQuota"=10000 "IconServiceLib"=IconCodecService.dll "LoadAppInit_DLLs"=0 "NaturalInputHandler"=Ninput.dll "ShutdownWarningDialogTimeout"=4294967295 "Spooler"=yes "ThreadUnresponsiveLogTimeout"=500 "TransmissionRetryTimeout"=90 "USERNestedWindowLimit"=50 "USERPostMessageLimit"=10000 "USERProcessHandleQuota"=10000 "APPINIT_DLLS"= [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED} ---------- | Win.ini : ---------- | System.ini : ---------- | Tasks List Adobe Flash Player PPAPI Notifier Adobe Flash Player Updater AdobeAAMUpdater-1.0-MicrosoftAccount-overd0z@outlook.fr AdobeGCInvoker-1.0-MicrosoftAccount-overd0z@outlook.fr ages andalusiaages andalusia CreateExplorerShellUnelevatedTask galaxy_arbitrarilygalaxy_arbitrarily greenwaldgreenwald IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 NerveCenterUpdate NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} OneDrive Standalone Update Task-S-1-5-21-3426031793-651430910-2054641259-500 skidded_mussoliniskidded_mussolini snowesnowe thant-roccothant-rocco voorvoor ---------- | Startings up registry ¦ Folder ---------- | Control - lsa - SecurityProviders - Session Manager - Terminal Server [HKLM\System\CurrentControlSet\Control] "BootDriverFlags"=28 "CurrentUser"=USERNAME "EarlyStartServices"=RpcSs Power BrokerInfrastructure SystemEventsBroker DcomLaunch RpcEpMapper LSM AppIdSvc "PreshutdownOrder"=UsoSvc DeviceInstall gpsvc trustedinstaller "SvcHostSplitThresholdInKB"=3670016 "WaitToKillServiceTimeout"=2000 "SystemStartOptions"= NOEXECUTE=OPTIN NOVGA "SystemBootDevice"=multi(0)disk(0)rdisk(1)partition(4) "FirmwareBootDevice"=multi(0)disk(0)rdisk(1)partition(2) "LastBootSucceeded"=1 "LastBootShutdown"=1 "DirtyShutdownCount"=23 [HKLM\System\CurrentControlSet\Control\lsa] "auditbasedirectories"=0 "auditbaseobjects"=0 "Bounds"=0x0030000000200000 "crashonauditfail"=0 "fullprivilegeauditing"=0x00 "LimitBlankPasswordUse"=1 "NoLmHash"=1 "Security Packages"="" [02/02/2018 21:05:01] "Notification Packages"=scecli "Authentication Packages"=msv1_0 "disabledomaincreds"=0 "everyoneincludesanonymous"=0 "forceguest"=0 "LsaPid"=816 "ProductType"=6 "restrictanonymous"=0 "restrictanonymoussam"=1 "SamConnectedAccountsExist"=1 "SecureBoot"=1 "LsaCfgFlagsDefault"=0 [HKLM\System\CurrentControlSet\Control\SecurityProviders] "SecurityProviders"=credssp.dll [HKLM\System\CurrentControlSet\Control\Session Manager] "AutoChkTimeout"=8 "BootExecute"=autocheck autochk * "BootShell"=%SystemRoot%\system32\bootim.exe "CriticalSectionTimeout"=2592000 "ExcludeFromKnownDlls"= "GlobalFlag"=0 "HeapDeCommitFreeBlockThreshold"=0 "HeapDeCommitTotalFreeThreshold"=0 "HeapSegmentCommit"=0 "HeapSegmentReserve"=0 "InitConsoleFlags"=0 "NumberOfInitialSessions"=2 "ObjectDirectories"=\Windows \RPC Control "ProcessorControl"=2 "ProtectionMode"=1 "RunLevelExecute"=WinInit ServiceControlManager "RunLevelValidate"=ServiceControlManager "SETUPEXECUTE"= "AutoChkSkipSystemPartition"=0 "ResourceTimeoutCount"=648000 [HKLM\System\CurrentControlSet\Control\Terminal Server] "AllowRemoteRPC"=0 "DelayConMgrTimeout"=0 "DeleteTempDirsOnExit"=1 "fDenyTSConnections"=1 "fSingleSessionPerUser"=1 "NotificationTimeOut"=0 "PerSessionTempDir"=0 "ProductVersion"=5.1 "RCDependentServices"=CertPropSvc SessionEnv "SnapshotMonitors"=1 "StartRCM"=0 "TSUserEnabled"=0 "RailShowallNotifyIcons"=1 "RDPVGCInstalled"=1 "InstanceID"=272a76f0-f1be-4ed9-aa19-94f0e89 "GlassSessionId"=1 ---------- | .LNK with Arguments ---------- | AppCertDlls ---------- | Dnsapi.dll C:\WINDOWS\System32\dnsapi.dll -> OK : \drivers\etc\hosts C:\WINDOWS\SysWOW64\dnsapi.dll -> OK : \drivers\etc\hosts ---------- | Policies | Registry [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Control Panel\Desktop] "ActiveWndTrackTimeout"=0 "BlockSendInputResets"=0 "CaretTimeout"=5000 "CaretWidth"=1 "ClickLockTime"=1200 "CoolSwitchColumns"=7 "CoolSwitchRows"=3 "CursorBlinkRate"=530 "DockMoving"=1 "DragFromMaximize"=1 "DragFullWindows"=1 "DragHeight"=4 "DragWidth"=4 "FocusBorderHeight"=1 "FocusBorderWidth"=1 "FontSmoothing"=2 "FontSmoothingGamma"=0 "FontSmoothingOrientation"=1 "FontSmoothingType"=2 "ForegroundFlashCount"=7 "ForegroundLockTimeout"=200000 "LeftOverlapChars"=3 "MenuShowDelay"=400 "MouseWheelRouting"=2 "PaintDesktopVersion"=0 "Pattern"=0 "RightOverlapChars"=3 "ScreenSaveActive"=1 "SnapSizing"=1 "TileWallpaper"=0 "WallPaper"=C:\Users\overd\Downloads\144565.jpg [08/08/2019 16:37:39] "WallpaperOriginX"=0 "WallpaperOriginY"=0 "WallpaperStyle"=6 "WheelScrollChars"=3 "WindowArrangementActive"=1 "WheelScrollLines"=7 "Win8DpiScaling"=0 "DpiScalingVer"=4096 "UserPreferencesMask"=0x9E1E078012000000 "MaxVirtualDesktopDimension"=3840 "MaxMonitorDimension"=1920 "TranscodedImageCount"=1 "LastUpdated"=4294967295 "TranscodedImageCache"=0x7AC301005B08150080070000B0040000321132D7F64DD50143003A005C00550073006500720073005C006F0076006500720064005C0044006F0077006E006C006F006100640073005C003100340034003500360035002E006A007000670000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 "EnablePerProcessSystemDPI"=1 "WaitToKillAppTimeout"=2000 "HungAppTimeout"=2000 [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDriveTypeAutoRun"=145 [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{018D5C66-4533-4307-9B53-224DE2ED1FE6}"=1 "{0E270DAA-1BE6-48F2-AC49-71E8ABC0E927}"=1 [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Microsoft\Windows\CurrentVersion\Explorer] "ShellState"=0x240000003728000000000000000000000000000001000000130000000000000062000000 "ExplorerStartupTraceRecorded"=1 "UserSignedIn"=1 "SlowContextMenuEntries"=0x60B81DB4E464D2119906E49FADC173CA8E05000060B81DB4E48ED2119906E49FADC173CA5604000016EC7DE90DA5BB49AE24CF682282E08DBD0500000114020000000000C00000000000004688060000CEC429A936FD7042B4F534ECAC5BD63C28160000 "SIDUpdatedOnLibraries"=1 "LocalKnownFoldersMigrated"=1 "TelemetrySalt"=0 "GlobalAssocChangedCounter"=318 "FirstRunTelemetryComplete"=1 "EdgeDesktopShortcutCreated"=1 "AppReadinessLogonComplete"=1 "PostAppInstallTasksCompleted"=1 "Browse For Folder Width"=404 "Browse For Folder Height"=354 "Reason Setting"=255 "link"=0x16000000 [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_SearchFiles"=2 "ServerAdminUI"=0 "Hidden"=1 "ShowCompColor"=1 "HideFileExt"=0 "DontPrettyPath"=0 "ShowInfoTip"=1 "HideIcons"=0 "MapNetDrvBtn"=0 "WebView"=1 "Filter"=0 "ShowSuperHidden"=0 "SeparateProcess"=0 "AutoCheckSelect"=0 "IconsOnly"=0 "ShowTypeOverlay"=1 "ShowStatusBar"=1 "StoreAppsOnTaskbar"=1 "ListviewAlphaSelect"=1 "ListviewShadow"=1 "TaskbarAnimations"=1 "StartMenuInit"=13 "TaskbarStateLastRun"=0x7C4F655D00000000 "ReindexedProfile"=1 "DisablePreviewDesktop"=1 [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\WordWheelQuery] "MRUListEx"=0x0700000006000000050000000300000004000000020000000100000000000000FFFFFFFF "0"=0x69006D006100670065000000 "1"=0x770069006E007200610072000000 "2"=0x630020006C000000 "4"=0x6600670072000000 "3"=0x6B006D0073000000 "5"=0x46005200530054000000 "6"=0x41007200590046000000 "7"=0x6F007500740069006C00200063006100700074007500720065000000 [HKLM\Software\Policies\Microsoft\Windows\System] "EnableSmartScreen"=0 [HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers] "authenticodeenabled"=0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "DSCAutomationHostEnabled"=2 "EnableCursorSuppression"=1 "EnableFullTrustStartupTasks"=2 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableUwpStartupTasks"=2 "EnableVirtualization"=1 "PromptOnSecureDesktop"=1 "SupportFullTrustStartupTasks"=1 "SupportUwpStartupTasks"=1 "ValidateAdminCodeSignatures"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableSecureUIAPath"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "ForceActiveDesktopOn"=0 "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "NoRecentDocsHistory"=0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoAddingComponents"=1 "NoComponents"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "CheckedValue"=1 "DefaultValue"=2 "HKeyRoot"=2147483649 "Id"=2 "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "ValueName"=Hidden [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer] "ActiveSetupDisabled"=0 "ActiveSetupTaskOverride"=1 "AsyncRunOnce"=1 "AsyncUpdatePCSettings"=1 "DisableAppInstallsOnFirstLogon"=1 "DisableResolveStoreCategories"=1 "DisableUpgradeCleanup"=1 "EarlyAppResolverStart"=1 "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "FSIASleepTimeInMs"=60000 "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "IconUnderline"=2 "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "MachineOobeUpdates"=1 "NoWaitOnRoamingPayloads"=1 "TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd} "AccessDeniedDialog"={100B4FC8-74C1-470F-B1B7-DD7B6BAE79BD} "GlobalAssocChangedCounter"=20 "SmartScreenEnabled"=Off [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_TrackDocs"=1 "TaskbarSizeMove"=0 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s [HKLM\Software\WOW6432Node\Policies\Microsoft\Windows\System] "EnableSmartScreen"=0 [HKLM\Software\WOW6432Node\Policies\Microsoft\Windows\Safer\CodeIdentifiers] "authenticodeenabled"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "DSCAutomationHostEnabled"=2 "EnableCursorSuppression"=1 "EnableFullTrustStartupTasks"=2 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableUwpStartupTasks"=2 "EnableVirtualization"=1 "PromptOnSecureDesktop"=1 "SupportFullTrustStartupTasks"=1 "SupportUwpStartupTasks"=1 "ValidateAdminCodeSignatures"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableSecureUIAPath"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer] "ForceActiveDesktopOn"=0 "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "NoRecentDocsHistory"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoAddingComponents"=1 "NoComponents"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "CheckedValue"=1 "DefaultValue"=2 "HKeyRoot"=2147483649 "Id"=2 "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "ValueName"=Hidden [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer] "ActiveSetupDisabled"=0 "ActiveSetupTaskOverride"=1 "AsyncRunOnce"=1 "AsyncUpdatePCSettings"=1 "DisableAppInstallsOnFirstLogon"=1 "DisableResolveStoreCategories"=1 "DisableUpgradeCleanup"=1 "EarlyAppResolverStart"=1 "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "FSIASleepTimeInMs"=60000 "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "IconUnderline"=2 "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "MachineOobeUpdates"=1 "NoWaitOnRoamingPayloads"=1 "TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd} "AccessDeniedDialog"={100B4FC8-74C1-470F-B1B7-DD7B6BAE79BD} "GlobalAssocChangedCounter"=25 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_TrackDocs"=1 "TaskbarSizeMove"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s ---------- | Winlogon [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin;OneDrive;Work Folders "PUUActive"=0x0EFB17D002001600BB018605CD2E3800A7CB4800A7CB4800D200000002005F000ED19FDEE6B94202B0646B0047331D00F8F91B004E330F0003000000BE8750001EAE0000DA1E00008BF9A3A80B61D50162583E00000000000100000062583E00EE4200001B7E00008BF3C80000000000 "BuildNumber"=17134 "FirstLogon"=0 "DP"=0xD200E8002C021600BD0100000EFB17D08BF3C800000000008BF9A3A80B61D501D62F94FEEC60D501D0034E0000000000000000000000000000000000000000004D9F3B00E803000000000000000000000000000000000000000000000000F03F80510100DDEE00804408015045084550EA3A01C080011A6884019A68B4870040600284186006C458490200803200D04032A0D040004701805D0010065D085406C7B900C0294901056B4B0515CA97000082C05E28B2C07E284B6A004088628046887280461B960080108458049086781C9D1000C00A0E04210A0F44316BB00080400389024003C922 "ParseAutoexec"=1 [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "AutoRestartShell"=1 "Background"=0 0 0 "CachedLogonsCount"=10 "DebugServerCommand"=no "DisableBackButton"=1 "EnableSIHostIntegration"=1 "ForceUnlockLogon"=0 "LegalNoticeCaption"= "LegalNoticeText"= "PasswordExpiryWarning"=5 "PowerdownAfterShutdown"=0 "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "ReportBootOk"=1 "Shell"=explorer.exe "ShellCritical"=0 "ShellInfrastructure"=sihost.exe "SiHostCritical"=0 "SiHostReadyTimeOut"=0 "SiHostRestartCountLimit"=0 "SiHostRestartTimeGap"=0 "VMApplet"=SystemPropertiesPerformance.exe /pagefile "WinStationsDisabled"=0 "scremoveoption"=0 "LastLogOffEndTimePerfCounter"=698568208625 "ShutdownFlags"=39 "Userinit"=C:\Windows\system32\userinit.exe, "DisableCad"=1 "DisableLockWorkstation"=0 "EnableFirstLogonAnimation"=1 "AutoLogonSID"=S-1-5-21-3426031793-651430910-2054641259-1001 "LastUsedUsername"=overd [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon] "DefaultDomainName"= "DefaultUserName"= "EnableSIHostIntegration"=1 "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "Shell"=explorer.exe "ShellCritical"=0 "SiHostCritical"=0 "SiHostReadyTimeOut"=0 "SiHostRestartCountLimit"=0 "SiHostRestartTimeGap"=0 "Userinit"=C:\WINDOWS\system32\userinit.exe, ---------- | Associations [HKLM\Software\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\Classes\.com] ""=comfile [HKLM\Software\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.reg] ""=regfile [HKLM\Software\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\Classes\.scr] ""=scrfile [HKLM\Software\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\Classes\.bat] ""=batfile [HKLM\Software\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.cmd] ""=cmdfile [HKLM\Software\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.pif] ""=piffile [HKLM\Software\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.inf] ""=inffile [HKLM\Software\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\Classes\.url] ""=InternetShortcut [HKLM\Software\Classes\.lnk] ""=lnkfile [HKLM\Software\Classes\.hta] ""=htafile "Content Type"=application/hta "PerceivedType"=text [HKLM\Software\Classes\htafile\Shell\Open\Command] ""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* [HKLM\Software\Classes\InternetShortcut] "EditFlags"=2 "FriendlyTypeName"=@C:\WINDOWS\system32\ieframe.dll,-10046 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "NeverShowExt"= "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment ""=Raccourci Internet [HKLM\Software\Classes\Application.Manifest] ""=Application Manifest "BrowserFlags"=4096 "EditFlags"=4259840 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200 [HKLM\Software\Classes\Application.Reference] ""=Application Reference "EditFlags"=131072 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201 "IsShortcut"= "NeverShowExt"= [HKLM\Software\Classes\Folder] ""=Folder "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeLayoutPatternForSearch"=alpha "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.HomeGroupSharingStatus [HKLM\Software\WOW6432Node\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\WOW6432Node\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\WOW6432Node\Classes\.com] ""=comfile [HKLM\Software\WOW6432Node\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.reg] ""=regfile [HKLM\Software\WOW6432Node\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\WOW6432Node\Classes\.scr] ""=scrfile [HKLM\Software\WOW6432Node\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\WOW6432Node\Classes\.bat] ""=batfile [HKLM\Software\WOW6432Node\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.cmd] ""=cmdfile [HKLM\Software\WOW6432Node\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.pif] ""=piffile [HKLM\Software\WOW6432Node\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.inf] ""=inffile [HKLM\Software\WOW6432Node\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\WOW6432Node\Classes\.url] ""=InternetShortcut [HKLM\Software\WOW6432Node\Classes\.lnk] ""=lnkfile [HKLM\Software\WOW6432Node\Classes\.hta] ""=htafile "Content Type"=application/hta "PerceivedType"=text [HKLM\Software\WOW6432Node\Classes\htafile\Shell\Open\Command] ""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* [HKLM\Software\WOW6432Node\Classes\InternetShortcut] "EditFlags"=2 "FriendlyTypeName"=@C:\WINDOWS\system32\ieframe.dll,-10046 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "NeverShowExt"= "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment ""=Raccourci Internet [HKLM\Software\WOW6432Node\Classes\Application.Manifest] ""=Application Manifest "BrowserFlags"=4096 "EditFlags"=4259840 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200 [HKLM\Software\WOW6432Node\Classes\Application.Reference] ""=Application Reference "EditFlags"=131072 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201 "IsShortcut"= "NeverShowExt"= [HKLM\Software\WOW6432Node\Classes\Folder] ""=Folder "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeLayoutPatternForSearch"=alpha "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.HomeGroupSharingStatus [HKLM\Software\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\Shell\open\Command] ""="C:\Program Files\Mozilla Firefox\firefox.exe" [HKLM\Software\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\InstallInfo] "ReinstallCommand"="C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""=C:\Program Files\Internet Explorer\iexplore.exe [12/04/2018 18:19:51] [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\Shell\open\Command] ""="C:\Program Files\Mozilla Firefox\firefox.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\InstallInfo] "ReinstallCommand"="C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""=C:\Program Files\Internet Explorer\iexplore.exe [12/04/2018 18:19:51] [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall ---------- | AppcompatFlags [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted] "C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\upc.exe"=32 [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store] ""= "C:\Users\overd\Desktop\QuickDiag.exe"=0x534143500100000000000000070000002800000098034F00A0AC4F0001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000DCF20000000000000300000003000000 "C:\Users\overd\Desktop\Greenshot-INSTALLER-1.2.10.6-RELEASE.exe"=0x5341435001000000000000000700000028000000A0351B001A4A1B0001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000000000000000000000000000000000000024140000000000000100000001000000 "C:\Program Files\Mozilla Firefox\firefox.exe"=0x534143500100000000000000070000002800000020E608005DBE090001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"=0x5341435001000000000000000700000028000000A880030064DA030001000000000000000000030600010000BFA2139DEDD1D3010000000000000000 ---------- | IFEO ---------- | Mountpoints2 [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{b460c3d8-2558-11e9-af4e-60f677a1ca15}] : "F:\HiSuiteDownLoader.exe" (AutoRun) [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{d34a8043-c663-11e8-af33-60f677a1ca15}] : "F:\HiSuiteDownLoader.exe" (AutoRun) ---------- | Windows [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] ""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "Beep"=#USR:Control Panel\Sound "CoolSwitch"=USR:Control Panel\Desktop "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickSpeed"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse "Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SwapMouseButtons"=#USR:Control Panel\Mouse "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "Beep"=#USR:Control Panel\Sound "CoolSwitch"=USR:Control Panel\Desktop "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickSpeed"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SwapMouseButtons"=#USR:Control Panel\Mouse "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems] "windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ---------- | Security center [HKLM\SOFTWARE\Microsoft\Security Center] "cval"=1 [HKLM\SOFTWARE\Microsoft\Security Center\svc] "VistaSp1"=131711970960754196 [HKLM\SOFTWARE\Microsoft\Windows Defender] "ProductAppDataPath"=C:\ProgramData\Microsoft\Windows Defender "ProductIcon"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-100 "ProductLocalizedName"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-1000 "RemediationExe"=%ProgramFiles%\Windows Defender\MSASCui.exe "ProductType"=2 "InstallTime"=0xE594D2A8929CD301 "InstallLocation"=C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\ "ProductStatus"=0 "OOBEInstallTime"=0x84705E0857EFD301 "ManagedDefenderProductType"=0 "BackupLocation"=C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1906.3-0 "LastEnabledTime"=0x91351451E431D501 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall"=1 ---------- | Safeboot [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioSrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicDisplay.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicRender.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BrokerInfrastructure] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DeviceInstall] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dxgkrnl.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FsDepends.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudBus.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ixAptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ixAvSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ixCommonSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ixFwSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ixRealTimeSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LSM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SerCx2.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SystemEventsBroker] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TKFsAvM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TKFsFtM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TKPcFt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TKRgAc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TKRgFt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\usbaudio.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AudioEndpointBuilder] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AudioSrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicDisplay.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicRender.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BrokerInfrastructure] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DeviceInstall] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dxgkrnl.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\FsDepends.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HdAudAddService.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HdAudBus.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ixAptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ixAvSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ixCommonSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ixFwSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ixRealTimeSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LSM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetSetupSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SerCx2.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmartcardSimulator] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SpbCx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SystemEventsBroker] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TKFsAvM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TKFsFtM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TKPcFt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TKRgAc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TKRgFt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\uefi.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\usbaudio.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VirtualSmartcardReader] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wcmsvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96C-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}] ---------- | Winsock (Whitelist) ---------- | Hosts [41] More lines ---------- | Ping Envoi d'une requ?te 'ping' sur google.com [2a00:1450:4007:810::200e] avec 32 octets de donn?es?: R?ponse de 2a00:1450:4007:810::200e?: temps=12 ms R?ponse de 2a00:1450:4007:810::200e?: temps=11 ms R?ponse de 2a00:1450:4007:810::200e?: temps=11 ms R?ponse de 2a00:1450:4007:810::200e?: temps=10 ms Statistiques Ping pour 2a00:1450:4007:810::200e: Paquets?: envoy?s = 4, re?us = 4, perdus = 0 (perte 0%), Dur?e approximative des boucles en millisecondes : Minimum = 10ms, Maximum = 12ms, Moyenne = 11ms ---------- | @ [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Microsoft\Internet Explorer\Main] "Anchor Underline"=yes "Cache_Update_Frequency"=yes "Disable Script Debugger"=yes "DisableScriptDebuggerIE"=yes "Display Inline Images"=yes "Do404Search"=0x01000000 "Local Page"=%11%\blank.htm "Save_Session_History_On_Exit"=no "Search Page"=www.google.com "Show_FullURL"=no "Show_StatusBar"=yes "Show_ToolBar"=yes "Show_URLinStatusBar"=yes "Show_URLToolBar"=yes "Use_DlgBox_Colors"=yes "UseClearType"=no "XMLHTTP"=1 "Enable Browser Extensions"=yes "Play_Background_Sounds"=yes "Play_Animations"=yes "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "ImageStoreRandomFolder"=03sptm3 "OperationalData"=13 "CompatibilityFlags"=0 "SearchBandMigrationVersion"=1 "FullScreen"=no "Window_Placement"=0x2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF4A0000004A000000FA040000ED020000 "Start Page_TIMESTAMP"=0x230F21BD3F5ED501 "SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy"=0x01000000330000003342F0484210F0CD7FB59D799B0DB58A847068596194FF49FAEF95E49EB75C49B55091A51D282FD343CAF50C019D72F13EB5BE020000000E000000306F3562544A386B4B7351253364 "IE10RunOnceLastShown"=1 "IE10RunOnceLastShown_TIMESTAMP"=0xDE0EF9D56F5ED501 "IE10TourShown"=1 "IE10TourShownTime"=0x7A6E57BB485DD501 "Search Bar"=www.google.com "Use Search Asst"=yes "SearchAssistant"=www.google.com "IE11EdgeNotifyTime"=0x2CA02938305CD501 "EdgeReminderRemainingCount"=5 "IE11DefaultsFRECompletionTime"=0xA477DFB13F5ED501 "IE11DefaultsFREConfigUpdateTimestamp"=0xA477DFB13F5ED501 [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"=www.google.com [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Microsoft\Windows\CurrentVersion\Internet settings] "DisableCachingOfSSLPages"=0 "IE5_UA_Backup_Flag"=5.0 "PrivacyAdvanced"=1 "SecureProtocols"=2688 "CertificateRevocation"=1 "EnableNegotiate"=1 "MigrateProxy"=1 "ProxyEnable"=0 "User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32) "ZonesSecurityUpgrade"=0x0F460E61E4EED301 "WarnonZoneCrossing"=0 "LockDatabase"=132066617889650945 [HKLM\Software\Microsoft\Internet Explorer\Main] "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "AutoHide"=yes "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Anchor_Visitation_Horizon"=0x01000000 "Cache_Percent_of_Disk"=0x0A000000 "Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Secondary_Page_URL"= "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "Extensions Off Page"=about:NoAdd-ons "Local Page"=C:\Windows\System32\blank.htm "Placeholder_Height"=0x1A000000 "Placeholder_Width"=0x1A000000 "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Security Risk Page"=about:SecurityRisk "Use_Async_DNS"=yes "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [HKLM\Software\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "Home"=270 "InPrivate"=res://ieframe.dll/inprivate.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "PostNotCached"=res://ieframe.dll/repost.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes] "ftp"=ftp:// "home"=http:// "mosaic"=http:// "www"=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings] "ActiveXCache"=C:\Windows\Downloaded Program Files "CodeBaseSearchPath"=CODEBASE "EnablePunycode"=1 "MinorVersion"=0 "WarnOnIntranet"=1 [HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings] "CallLegacyWCMPolicies"=0 [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Main] "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "AutoHide"=yes "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Anchor_Visitation_Horizon"=0x01000000 "Cache_Percent_of_Disk"=0x0A000000 "Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Secondary_Page_URL"= "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "Extensions Off Page"=about:NoAdd-ons "Local Page"=C:\Windows\SysWOW64\blank.htm "Placeholder_Height"=0x1A000000 "Placeholder_Width"=0x1A000000 "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Security Risk Page"=about:SecurityRisk "Use_Async_DNS"=yes "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\SearchURL] "Default"=www.google.com [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "Home"=270 "InPrivate"=res://ieframe.dll/inprivate.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "PostNotCached"=res://ieframe.dll/repost.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes] "ftp"=ftp:// "home"=http:// "mosaic"=http:// "www"=http:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet settings] "ActiveXCache"=C:\Windows\Downloaded Program Files "CodeBaseSearchPath"=CODEBASE "EnablePunycode"=1 "MinorVersion"=0 "WarnOnIntranet"=1 [HKLM\Software\WOW6432Node\Policies\Microsoft\Windows\CurrentVersion\Internet Settings] "CallLegacyWCMPolicies"=0 ---------- | Proxy ---------- | reparsepoint ---------- | Detection of offsets ---------- | Notify ---------- | Execution FileExts ---------- | SIOI | SEH | URLSH [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ AccExtIco1] - {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} -- C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [27/02/2018 20:08:36] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ AccExtIco2] - {853B7E05-C47D-4985-909A-D0DC5C6D7303} -- C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [27/02/2018 20:08:36] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ AccExtIco3] - {42D38F2E-98E9-4382-B546-E24E4D6D04BB} -- C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [27/02/2018 20:08:36] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6] - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7] - {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw] - {472083B0-C522-11CF-8763-00608CC02F24} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} -- C:\Windows\System32\EhStorShell.dll [12/04/2018 01:34:24] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Offline Files] - {4E77131D-3629-431c-9818-C5679DC83E81} -- %SystemRoot%\System32\cscui.dll [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6] - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7] - {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} -- [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks] "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"= ---------- | Toolbar [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "Locked"=1 [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} "KnownProvidersUpgradeTime"=0x7A6E57BB485DD501 "Version"=5 "UpgradeTime"=0x7A6E57BB485DD501 [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} ---------- | Extensions ---------- | SearchScopes [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (Bing) - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 : ---------- | Browser Helper Objects ---------- | Chrome C:\Users\overd\AppData\Local\Google\Chrome\User Data\Default\extensions\aapocclcgogkmnckokdopfmhonfmgoek = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\overd\AppData\Local\Google\Chrome\User Data\Default\extensions\aohghmighlieiainnegkcijnfilokake = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\overd\AppData\Local\Google\Chrome\User Data\Default\extensions\apdfllckaahabafndbhieahigkjlhalf = : Google & co - https://drive.google.com/?usp=chrome_app - Google & co - [http://docs.google.com/http://drive.google.com/https://docs.google.com/https://drive.google.com/] - https://clients2.google.com/service/update2/crx C:\Users\overd\AppData\Local\Google\Chrome\User Data\Default\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo = : Google & co - http://www.youtube.com - http://www.youtube.com - Google & co - http://clients2.google.com/service/update2/crx C:\Users\overd\AppData\Local\Google\Chrome\User Data\Default\extensions\felcaaldnbdncclmgdcncolpebgiejap = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\overd\AppData\Local\Google\Chrome\User Data\Default\extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi = : __MSG_extDesc__ - __MSG_extName__ - https://clients2.google.com/service/update2/crx C:\Users\overd\AppData\Local\Google\Chrome\User Data\Default\extensions\nmmhkkegccagdldgiimedpiccmgmieda = : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx C:\Users\overd\AppData\Local\Google\Chrome\User Data\Default\extensions\pjkljhegncpnkpknbcohdijeoejaedia = : Google & co - https://mail.google.com/mail - Google & co - [*://mail.google.com/mail] - https://clients2.google.com/service/update2/crx C:\Users\overd\AppData\Local\Google\Chrome\User Data\Default\extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm = : Provider for discovery and services for mirroring of Chrome Media Router - Chrome Media Router - 919648714761-55j965o0km033psv3i9qls5mo3qtdrb0.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx ---------- | Opera ---------- | Firefox [HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.191.2] - (Java™ Deployment Toolkit) : V:\Program Files\Java\bin\dtplugin\npDeployJava1.dll [HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.191.2] - (Oracle® Next Generation Java™ Plug-In) : V:\Program Files\Java\bin\plugin2\npjp2.dll [HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect] - () : C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [HKLM\Software\WOW6432Node\MozillaPlugins\adobe.com/AdobeAAMDetect] - () : C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll C:\Users\overd\AppData\Roaming\Mozilla\Firefox\Profiles\429t94c6.default\Prefs.js user_pref("app.normandy.startupRolloutPrefs.extensions.fxmonitor.enabled", true); user_pref("browser.search.defaultenginename", "Bing Search Engine"); user_pref("browser.search.selectedEngine", "Bing Search Engine"); user_pref("browser.startup.homepage", "https://www.google.com/"); user_pref("browser.startup.homepage_override.buildID", "20190813150448"); user_pref("browser.startup.homepage_override.mstone", "68.0.2"); user_pref("extensions.activeThemeID", "default-theme@mozilla.org"); user_pref("extensions.autoDisableScopes", 0); user_pref("extensions.blocklist.lastModified", "Wed, 28 Aug 2019 19:55:12 GMT"); user_pref("extensions.blocklist.pingCountTotal", 245); user_pref("extensions.blocklist.pingCountVersion", 6); user_pref("extensions.databaseSchema", 31); user_pref("extensions.fxmonitor.firstAlertShown", true); user_pref("extensions.getAddons.cache.lastUpdate", 1567366413); user_pref("extensions.getAddons.databaseSchema", 5); user_pref("extensions.incognito.migrated", true); user_pref("extensions.lastAppBuildId", "20190813150448"); user_pref("extensions.lastAppVersion", "68.0.2"); user_pref("extensions.lastPlatformVersion", "68.0.2"); user_pref("extensions.pendingOperations", false); user_pref("extensions.signer.hotfixed", true); user_pref("extensions.systemAddonSet", "{\"schema\":1,\"directory\":\"{2c66840f-a108-4744-847d-c3ed2b9f2bcb}\",\"addons\":{\"webcompat@mozilla.org\":{\"version\":\"5.0.2\"}}}"); user_pref("extensions.ui.dictionary.hidden", true); user_pref("extensions.ui.experiment.hidden", true); user_pref("extensions.ui.lastCategory", "addons://list/extension"); user_pref("extensions.ui.locale.hidden", true); user_pref("extensions.webcompat.perform_injections", true); user_pref("extensions.webcompat.perform_ua_overrides", true); user_pref("extensions.webextensions.ExtensionStorageIDB.migrated.screenshots@mozilla.org", true); user_pref("extensions.webextensions.uuids", "{\"screenshots@mozilla.org\":\"d65560d2-7c5e-405d-9bd2-779de8e16aa7\",\"webcompat@mozilla.org\":\"6829ff6d-6dff-4a76-834e-bb1054375cf6\",\"formautofill@mozilla.org\":\"33ba5962-0e6d-4d77-ac43-46a9db789620\",\"webcompat-reporter@mozilla.org\":\"5ede2f57-a694-4728-88c2-55be5d9b22d7\",\"{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}\":\"982fc55c-7228-4396-9d35-ea1ec0f8295e\",\"baidu-code-update@mozillaonline.com\":\"2fbb0ce9-5d6b-4f88-96b7-46c0f1df46fc\",\"fxmonitor@mozilla.org\":\"2455a959-721c-4e8c-af89-79c955352f6c\",\"{14553439-2741-4e9d-b474-784f336f58c9}\":\"0b39fadf-2734-4824-8372-ed2bf8b5a1e0\",\"{1189C9DF-3038-4787-9592-8C6E41CC7F94}\":\"cf290fe7-673e-49a3-a22b-3afec9d8055c\",\"default-theme@mozilla.org\":\"651375f3-cdf7-4f31-b0c1-59e0a5aabfbf\",\"google@search.mozilla.org\":\"6c882191-c06b-4071-a6f0-353e6219a5e0\",\"bing@search.mozilla.org\":\"a229956d-a15d-47ac-b728-fe1ba6922774\",\"amazon@search.mozilla.org\":\"6a5925b0-e457-41f0-80aa-eb5bdf59cf91\",\"ddg@search.mozilla.org\":\"249e3f8c-0a42-4393-8cdf-bbc5ff727e7c\",\"ebay@search.mozilla.org\":\"396af2e9-07df-46c5-8b12-7974664d9871\",\"qwant@search.mozilla.org\":\"d82f8ac3-6249-45db-9c18-e2dcf1a941c5\",\"wikipedia@search.mozilla.org\":\"b5303a23-b7f2-425c-93c9-29e1afc342ee\"}"); user_pref("services.sync.extension-storage.lastSync", "0"); user_pref("services.sync.extension-storage.lastSyncLocal", "0"); [Profile0] - Name=default -> Profiles/429t94c6.default ---------- | DNS [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters] "DhcpNameServer"=192.168.1.1 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{052c947f-46b6-49e5-bdfd-cdd34e33c89d}] "DhcpNameServer"=192.168.1.1 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{0cb1d63c-8abf-4882-b80c-95422bc3f10a}] "DhcpNameServer"=192.168.1.1 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{b0e7b1c5-1d14-4fcd-aae2-6f064e3a1a3a}] "NameServer"=8.8.8.8 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{dfe7f4a0-0885-11e8-af0f-806e6f6e6963}] "NameServer"=8.8.8.8 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{052c947f-46b6-49e5-bdfd-cdd34e33c89d}] "DhcpNameServer"=192.168.1.1 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{0cb1d63c-8abf-4882-b80c-95422bc3f10a}] "DhcpNameServer"=192.168.1.1 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{b0e7b1c5-1d14-4fcd-aae2-6f064e3a1a3a}] "NameServer"=8.8.8.8 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{dfe7f4a0-0885-11e8-af0f-806e6f6e6963}] "NameServer"=8.8.8.8 ---------- | Applications [HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 [HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\Classes\Applications\Photoshop.exe] : "C:\Program Files\Adobe\Adobe Photoshop CC 2018\Photoshop.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\provtool.exe] : "%SystemRoot%\System32\provtool.exe" "%1" /source ShellOpen [HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\Photoshop.exe] : "C:\Program Files\Adobe\Adobe Photoshop CC 2018\Photoshop.exe" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\provtool.exe] : "%SystemRoot%\System32\provtool.exe" "%1" /source ShellOpen [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" ---------- | SvcHost (Whitelist) [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost] "DcomLaunch"=Power LSM BrokerInfrastructure PlugPlay DcomLaunch DeviceInstall SystemEventsBroker "rdxgroup"=RetailDemo "wusvcs"=WaaSMedicSvc "BthAppGroup"=BluetoothUserService "BcastDVRUserService"=BcastDVRUserService "Camera"=FrameS "diagnostics"=DiagSvc "PrintWorkflow"=PrintWorkflowUserSvc "GraphicsPerfSvcGroup"=GraphicsPerfSvc "DevicesFlow"=DevicesFlowUserSvc DevicePickerUserSvc "smbsvcs"=lanmanserver browser "PeerDist"=PeerDistSvc "AssignedAccessManagerSvc"=AssignedAccessManagerSvc [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost] "DcomLaunch"=PlugPlay DcomLaunch DeviceInstall "PrintWorkflow"=PrintWorkflowUserSvc "smbsvcs"=lanmanserver ---------- | SvcHost - Netsvcs (Whitelist) ---------- | Software [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\8floor] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Adobe] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Ankama] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\AppDataLow] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Apple Computer, Inc.] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Apple Inc.] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\BugSplat] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Canon] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Chromium] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Clients] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\CraveSoftware] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Cryptbot Software] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Dalton] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Discord] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\DMGR2.0.0] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Electronic Arts] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Epic Games] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\g3n-h@ckm@n] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\GameCenter] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Gigot] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Google] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Hewlett-Packard] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Image-Line] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Imagination Technologies] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Intel] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Lavasoft] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Lenovo] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Logitech] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Macromedia] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Malwarebytes] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Microsoft] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Mozilla] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\NVIDIA Corporation] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Picture] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Policies] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\PROTeam] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\QtProject] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Realtek] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Red Giant Software] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\RegisteredApplications] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Rtp] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\SoftVoice] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Synaptics] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\SyncEngines] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\sysinternals] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\TACHYON] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\TeamSpeak 3 Client] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\The Document Foundation] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Trolltech] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Ubisoft] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Valve] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\VB and VBA Program Settings] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\WinRAR] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\WinRAR SFX] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Wondershare] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Wow6432Node] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\ZebHelpProcess Helper] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\ZHP] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\{C6D7ED1A-6343-4C1B-8AEC-2C36D31D7863}] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\SOFTWARE\AppDataLow\Software\Microsoft] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Microsoft\Windows\CurrentVersion] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Microsoft\Windows\DWM] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Microsoft\Windows\Shell] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Microsoft\Windows\TabletPC] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Microsoft\Windows\Windows Error Reporting] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Microsoft\Windows\Winlogon] [HKU\S-1-5-21-3426031793-651430910-2054641259-1001\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\Adobe] [HKLM\Software\AGEIA Technologies] [HKLM\Software\Apple Computer, Inc.] [HKLM\Software\Apple Inc.] [HKLM\Software\ASIO] [HKLM\Software\Canon] [HKLM\Software\Clients] [HKLM\Software\Dolby] [HKLM\Software\Fortemedia] [HKLM\Software\g3n-h@ckm@n] [HKLM\Software\Google] [HKLM\Software\Image-Line] [HKLM\Software\InstalledOptions] [HKLM\Software\Intel] [HKLM\Software\IntelVolatile] [HKLM\Software\JavaSoft] [HKLM\Software\JreMetrics] [HKLM\Software\Khronos] [HKLM\Software\Lenovo] [HKLM\Software\LibreOffice] [HKLM\Software\Macromedia] [HKLM\Software\Microsoft] [HKLM\Software\Minnetonka Audio Software] [HKLM\Software\Mozilla] [HKLM\Software\mozilla.org] [HKLM\Software\MozillaPlugins] [HKLM\Software\MRAC] [HKLM\Software\Nuance] [HKLM\Software\NVIDIA Corporation] [HKLM\Software\ODBC] [HKLM\Software\OEM] [HKLM\Software\Oracle] [HKLM\Software\Partner] [HKLM\Software\Policies] [HKLM\Software\Propellerhead Software] [HKLM\Software\Realtek] [HKLM\Software\RegisteredApplications] [HKLM\Software\Respawn] [HKLM\Software\SoftVoice] [HKLM\Software\SRS Labs] [HKLM\Software\Synaptics] [HKLM\Software\sysinternals] [HKLM\Software\TeamSpeak 3 Client] [HKLM\Software\The Document Foundation] [HKLM\Software\WOW6432Node] [HKLM\Software\Microsoft\Windows\AssignedAccessConfiguration] [HKLM\Software\Microsoft\Windows\AssignedAccessCsp] [HKLM\Software\Microsoft\Windows\ClickNote] [HKLM\Software\Microsoft\Windows\CurrentVersion] [HKLM\Software\Microsoft\Windows\Dwm] [HKLM\Software\Microsoft\Windows\DynamicManagement] [HKLM\Software\Microsoft\Windows\EnterpriseResourceManager] [HKLM\Software\Microsoft\Windows\Heat] [HKLM\Software\Microsoft\Windows\HTML Help] [HKLM\Software\Microsoft\Windows\ITStorage] [HKLM\Software\Microsoft\Windows\ScheduledDiagnostics] [HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\Microsoft\Windows\Shell] [HKLM\Software\Microsoft\Windows\Tablet PC] [HKLM\Software\Microsoft\Windows\TabletPC] [HKLM\Software\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\Microsoft\Windows\Windows Search] [HKLM\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\AssignedAccessManagerSvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\BcastDVRUserService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\btagservice] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\BthAppGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\Camera] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\DevicesFlow] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\diagnostics] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\GraphicsPerfSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ICService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceHttp] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestrictedDhcpLmHosts] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetworkFirewall] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceDnsNla] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\print] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\PrintWorkflow] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\rdxgroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\RmSvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\UnistackSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\WepHostSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wsappx] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wusvcs] [HKLM\Software\WOW6432Node\$(brand_name)] [HKLM\Software\WOW6432Node\Adobe] [HKLM\Software\WOW6432Node\AGEIA Technologies] [HKLM\Software\WOW6432Node\ASIO] [HKLM\Software\WOW6432Node\ASIO4ALL] [HKLM\Software\WOW6432Node\AVAST Software] [HKLM\Software\WOW6432Node\Caphyon] [HKLM\Software\WOW6432Node\EasyAntiCheat] [HKLM\Software\WOW6432Node\Electronic Arts] [HKLM\Software\WOW6432Node\Epic Games] [HKLM\Software\WOW6432Node\EpicGames] [HKLM\Software\WOW6432Node\Google] [HKLM\Software\WOW6432Node\Hi-Rez Studios] [HKLM\Software\WOW6432Node\HiRez Studios] [HKLM\Software\WOW6432Node\Image-Line] [HKLM\Software\WOW6432Node\Intel] [HKLM\Software\WOW6432Node\JavaSoft] [HKLM\Software\WOW6432Node\JreMetrics] [HKLM\Software\WOW6432Node\Khronos] [HKLM\Software\WOW6432Node\Lavasoft] [HKLM\Software\WOW6432Node\Macromedia] [HKLM\Software\WOW6432Node\Microsoft] [HKLM\Software\WOW6432Node\Mozilla] [HKLM\Software\WOW6432Node\MozillaPlugins] [HKLM\Software\WOW6432Node\Nuance] [HKLM\Software\WOW6432Node\NVIDIA Corporation] [HKLM\Software\WOW6432Node\ODBC] [HKLM\Software\WOW6432Node\Origin] [HKLM\Software\WOW6432Node\Origin Games] [HKLM\Software\WOW6432Node\Overwolf] [HKLM\Software\WOW6432Node\Piriform] [HKLM\Software\WOW6432Node\Propellerhead Software] [HKLM\Software\WOW6432Node\Respawn] [HKLM\Software\WOW6432Node\Riot Games, Inc] [HKLM\Software\WOW6432Node\SoftVoice] [HKLM\Software\WOW6432Node\Starter] [HKLM\Software\WOW6432Node\TACHYON] [HKLM\Software\WOW6432Node\Ubisoft] [HKLM\Software\WOW6432Node\Valve] [HKLM\Software\WOW6432Node\WafCX] [HKLM\Software\WOW6432Node\WinRAR] [HKLM\Software\WOW6432Node\Wondershare] [HKLM\Software\WOW6432Node\Clients] [HKLM\Software\WOW6432Node\Policies] [HKLM\Software\WOW6432Node\RegisteredApplications] [HKLM\Software\WOW6432Node\Microsoft\Windows\ClickNote] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows\Dwm] [HKLM\Software\WOW6432Node\Microsoft\Windows\EnterpriseResourceManager] [HKLM\Software\WOW6432Node\Microsoft\Windows\Heat] [HKLM\Software\WOW6432Node\Microsoft\Windows\HTML Help] [HKLM\Software\WOW6432Node\Microsoft\Windows\ITStorage] [HKLM\Software\WOW6432Node\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\WOW6432Node\Microsoft\Windows\Tablet PC] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Search] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceHttp] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestrictedDhcpLmHosts] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetworkFirewall] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceDnsNla] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\PrintWorkflow] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\wusvcs] ---------- | Drives D: E: V: ---------- | C: [28/08/2019 03:04:33] - |HD| - [319217854] - C:\$GetCurrent [29/09/2017 15:46:33] - |SHD| - [3458879152] - C:\$Recycle.Bin [04/07/2019 20:49:16] - |HD| - [725527] - C:\$SysReset [28/08/2019 04:24:34] - |HD| - [67311877019] - C:\$WINDOWS.~BT [MD5.7866FA1357A10081EAEEE9C7F33228AA] - [26/08/2019 20:26:26] - |A| - (.-.) - [590] - (0.0.0.0) - C:\DelFix.txt [03/02/2018 04:00:59] - |SHD| - [145642891524] - C:\Documents and Settings [03/02/2018 00:52:37] - |DC| - [211519320] - C:\DRIVERS [MD5.2C20F08093979971FAFA18632D17CC4C] - [21/02/2018 23:12:36] - |AH| - (.-.) - [40] - (0.0.0.0) - C:\E8A9DCB0DE8F [MD5.D41D8CD98F00B204E9800998ECF8427E] - [19/05/2018 11:49:23] - |ASH| - (.-.) - [3390705664] - (0.0.0.0) - C:\hiberfil.sys [02/02/2018 21:24:13] - |DC| - [80052] - C:\Intel [MD5.D41D8CD98F00B204E9800998ECF8427E] - [01/04/2019 20:59:05] - |ASH| - (.-.) - [1946157056] - (0.0.0.0) - C:\pagefile.sys [12/04/2018 01:38:20] - |D| - [0] - C:\PerfLogs [12/04/2018 01:38:20] - |RD| - [8003064098] - C:\Program Files [12/04/2018 01:38:20] - |RD| - [3309935697] - C:\Program Files (x86) [12/04/2018 01:38:20] - |HD| - [55373654796] - C:\ProgramData [28/08/2019 18:40:32] - |D| - [371441234] - C:\QuickDiag [MD5.8AB8A6CBA193628479B8168AD9DA8E46] - [01/09/2019 23:27:20] - |A| - (.-.) - [143968] - (0.0.0.0) - C:\QuickDiag.txt [MD5.6C0A4001AE3746DDBD1416DBF2D6BB68] - [01/09/2019 20:07:47] - |RAST| - (.-.) - [429576] - (0.0.0.0) - C:\QuickDiag_01_09_2019_20_07_47.txt [MD5.6C0A4001AE3746DDBD1416DBF2D6BB68] - [01/09/2019 21:21:27] - |RAST| - (.-.) - [429576] - (0.0.0.0) - C:\QuickDiag_01_09_2019_21_21_27.txt [MD5.28ABDC9FEEF1DA91C47EA3EB66350D3D] - [28/08/2019 19:02:51] - |RAST| - (.-.) - [433142] - (0.0.0.0) - C:\QuickDiag_28_08_2019_19_02_51.txt [03/02/2018 04:01:00] - |SHDC| - [0] - C:\Recovery [MD5.D41D8CD98F00B204E9800998ECF8427E] - [19/05/2018 11:45:21] - |ASH| - (.-.) - [16777216] - (0.0.0.0) - C:\swapfile.sys [03/02/2018 03:59:34] - |SHD| - [0] - C:\System Volume Information [11/04/2018 23:04:33] - |RD| - [159277007313] - C:\Users [11/04/2018 23:04:33] - |D| - [25151667279] - C:\Windows [28/08/2019 03:04:30] - |D| - [22070709] - C:\Windows10Upgrade ---------- | C:\WINDOWS [12/04/2018 01:38:20] - |D| - [802] - C:\WINDOWS\addins [12/04/2018 01:38:20] - |D| - [14192442] - C:\WINDOWS\appcompat [12/04/2018 01:38:20] - |D| - [8331488] - C:\WINDOWS\apppatch [12/04/2018 01:38:20] - |D| - [0] - C:\WINDOWS\AppReadiness [12/04/2018 01:38:20] - |RSD| - [984704123] - C:\WINDOWS\assembly [12/04/2018 01:38:20] - |D| - [720353] - C:\WINDOWS\bcastdvr [MD5.178BA90AA13F6F834E5C060DC923FB55] - [12/04/2018 01:34:02] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Utilitaire de service de fichier de démarrage.) - [67072] - (10.0.17134.1) - C:\WINDOWS\bfsvc.exe [12/04/2018 18:24:11] - |SHD| - [580179] - C:\WINDOWS\BitLockerDiscoveryVolumeContents [12/04/2018 01:38:20] - |D| - [38317662] - C:\WINDOWS\Boot [MD5.B56E59D95488FC4D384B2669546CAB81] - [19/05/2018 12:43:52] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\WINDOWS\bootstat.dat [12/04/2018 01:38:21] - |D| - [2448984] - C:\WINDOWS\Branding [12/04/2018 01:30:02] - |D| - [0] - C:\WINDOWS\CbsTemp [MD5.0B5BDF712FB4C6BF5C4AF1E57F21E55F] - [28/08/2019 03:30:40] - |A| - (.-.) - [4130] - (0.0.0.0) - C:\WINDOWS\comsetup.log [12/04/2018 18:41:55] - |D| - [46697886] - C:\WINDOWS\Containers [03/02/2018 04:01:08] - |D| - [68] - C:\WINDOWS\CSC [12/04/2018 01:38:21] - |D| - [11482410] - C:\WINDOWS\Cursors [12/04/2018 01:38:21] - |D| - [25472154] - C:\WINDOWS\debug [MD5.D1E75542EC8D1B4851765A57AC63618E] - [19/05/2018 11:51:27] - |A| - (.-.) - [1908] - (0.0.0.0) - C:\WINDOWS\diagerr.xml [12/04/2018 01:38:21] - |D| - [4609080] - C:\WINDOWS\diagnostics [MD5.D1E75542EC8D1B4851765A57AC63618E] - [19/05/2018 11:51:27] - |A| - (.-.) - [1908] - (0.0.0.0) - C:\WINDOWS\diagwrn.xml [12/04/2018 18:19:18] - |D| - [0] - C:\WINDOWS\DigitalLocker [MD5.64309F0E029A568B72EB9BBDB533E832] - [08/08/2019 17:44:31] - |A| - (.-.) - [18473] - (0.0.0.0) - C:\WINDOWS\DirectX.log [12/04/2018 01:38:21] - |SD| - [65] - C:\WINDOWS\Downloaded Program Files [12/04/2018 01:38:21] - |HD| - [59976] - C:\WINDOWS\ELAMBKUP [12/04/2018 18:19:18] - |D| - [0] - C:\WINDOWS\en-US [MD5.C8FB56B60458B09C1CAEBD4DAF1AC8BB] - [10/04/2019 16:24:40] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [3933296] - (10.0.17134.677) - C:\WINDOWS\explorer.exe [12/04/2018 01:38:21] - |RSD| - [436376489] - C:\WINDOWS\Fonts [12/04/2018 18:19:18] - |D| - [109568] - C:\WINDOWS\fr-FR [12/04/2018 01:38:21] - |D| - [0] - C:\WINDOWS\GameBarPresenceWriter [12/04/2018 01:38:21] - |D| - [47867303] - C:\WINDOWS\Globalization [12/04/2018 01:38:21] - |D| - [71641922] - C:\WINDOWS\Help [MD5.30D302335B017DC3B53519BD9E33D763] - [13/02/2019 21:14:55] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Aide et support Microsoft.) - [1054720] - (10.0.17134.556) - C:\WINDOWS\HelpPane.exe [MD5.A50C9DF7603E2F1AEA6B54053794A326] - [12/04/2018 01:34:25] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Exécutable de l’aide HTML Microsoft®.) - [17920] - (10.0.17134.1) - C:\WINDOWS\hh.exe [12/04/2018 01:38:21] - |D| - [29869] - C:\WINDOWS\IdentityCRL [12/04/2018 01:38:21] - |D| - [28827030] - C:\WINDOWS\IME [12/04/2018 01:38:21] - |RD| - [8489793] - C:\WINDOWS\ImmersiveControlPanel [12/04/2018 01:36:48] - |D| - [92317013] - C:\WINDOWS\INF [12/04/2018 01:38:21] - |D| - [1362468432] - C:\WINDOWS\InfusedApps [12/04/2018 01:38:21] - |D| - [38137502] - C:\WINDOWS\InputMethod [12/04/2018 01:38:21] - |SHDC| - [439599999] - C:\WINDOWS\Installer [02/02/2018 22:21:52] - |D| - [0] - C:\WINDOWS\IObit [12/04/2018 01:38:21] - |D| - [94163] - C:\WINDOWS\L2Schemas [12/04/2018 01:38:21] - |HD| - [0] - C:\WINDOWS\LanguageOverlayCache [12/04/2018 01:38:21] - |D| - [0] - C:\WINDOWS\LiveKernelReports [11/04/2018 23:04:39] - |D| - [20022335] - C:\WINDOWS\Logs [12/04/2018 01:38:21] - |RSD| - [20672035] - C:\WINDOWS\media [MD5.23AF90D2355D8C83AA4567EF1763B467] - [12/04/2018 01:34:36] - |A| - (.-.) - [43131] - (0.0.0.0) - C:\WINDOWS\mib.bin [04/07/2019 00:40:37] - |D| - [157241420] - C:\WINDOWS\Microsoft Antimalware [12/04/2018 01:38:20] - |RD| - [836131579] - C:\WINDOWS\Microsoft.NET [12/04/2018 01:38:21] - |D| - [3135] - C:\WINDOWS\Migration [12/04/2018 01:38:21] - |D| - [0] - C:\WINDOWS\ModemLogs [MD5.BB9A06B8F2DD9D24C77F389D7B2B58D2] - [12/04/2018 01:34:20] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Bloc-notes.) - [245760] - (10.0.17134.1) - C:\WINDOWS\notepad.exe [MD5.8E4F650A5604CBE61C4832EB1090FEB1] - [28/08/2019 02:44:10] - |A| - (.-.) - [454250] - (0.0.0.0) - C:\WINDOWS\ntbtlog.txt [MD5.74F28574BB8F61FFC7DD419FE6B6E0D5] - [06/02/2019 22:34:20] - |A| - (.-.) - [1951] - (0.0.0.0) - C:\WINDOWS\NvContainerRecovery.bat [MD5.74F28574BB8F61FFC7DD419FE6B6E0D5] - [03/02/2018 13:16:00] - |A| - (.-.) - [1951] - (0.0.0.0) - C:\WINDOWS\NvTelemetryContainerRecovery.bat [12/04/2018 18:23:03] - |D| - [199472] - C:\WINDOWS\OCR [12/04/2018 01:38:21] - |RD| - [65] - C:\WINDOWS\Offline Web Pages [06/02/2019 19:26:49] - |D| - [92443635] - C:\WINDOWS\Panther [12/04/2018 01:38:21] - |D| - [385340] - C:\WINDOWS\Performance [MD5.361410638FCD2D928487ED13F9BC4924] - [03/02/2018 01:25:36] - |A| - (.-.) - [657288] - (0.0.0.0) - C:\WINDOWS\PFRO.log [12/04/2018 01:38:21] - |D| - [1136442] - C:\WINDOWS\PLA [12/04/2018 01:38:21] - |D| - [7207245] - C:\WINDOWS\PolicyDefinitions [19/05/2018 11:45:39] - |D| - [3965317] - C:\WINDOWS\Prefetch [12/04/2018 01:38:21] - |RD| - [1965018] - C:\WINDOWS\PrintDialog [MD5.37BAA0C11BDFD8E54594E9C923CDF25E] - [12/04/2018 18:24:39] - |A| - (.-.) - [36112] - (0.0.0.0) - C:\WINDOWS\Professional.xml [MD5.2A9FFDF1D5AACB1A8CAD2433736135BA] - [28/08/2019 03:22:31] - |A| - (.-.) - [35] - (0.0.0.0) - C:\WINDOWS\progress.ini [12/04/2018 01:38:21] - |D| - [5479518] - C:\WINDOWS\Provisioning [MD5.AC91328EE5CFFBD695CE912F75F876F6] - [12/04/2018 01:34:34] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Éditeur du Registre.) - [336384] - (10.0.17134.1) - C:\WINDOWS\regedit.exe [12/04/2018 01:38:21] - |D| - [1095144] - C:\WINDOWS\Registration [12/04/2018 18:24:11] - |D| - [0] - C:\WINDOWS\RemotePackages [12/04/2018 01:38:21] - |D| - [24578472] - C:\WINDOWS\rescache [12/04/2018 01:38:21] - |D| - [4100609] - C:\WINDOWS\Resources [12/04/2018 01:38:21] - |D| - [0] - C:\WINDOWS\SchCache [12/04/2018 01:38:21] - |D| - [189322] - C:\WINDOWS\schemas [12/04/2018 01:38:21] - |D| - [3805911] - C:\WINDOWS\security [19/05/2018 12:43:19] - |D| - [77373842] - C:\WINDOWS\ServiceProfiles [12/04/2018 01:38:21] - |D| - [0] - C:\WINDOWS\ServiceState [11/04/2018 23:04:33] - |D| - [193356506] - C:\WINDOWS\servicing [12/04/2018 01:41:20] - |D| - [42] - C:\WINDOWS\Setup [MD5.AE9ACCC1917BC9D5B4843080418395C8] - [17/08/2019 00:51:07] - |A| - (.-.) - [3137] - (0.0.0.0) - C:\WINDOWS\setupact.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - [04/07/2019 19:45:07] - |A| - (.-.) - [0] - (0.0.0.0) - C:\WINDOWS\setuperr.log [12/04/2018 01:38:21] - |D| - [6443008] - C:\WINDOWS\ShellComponents [12/04/2018 01:38:21] - |D| - [53634048] - C:\WINDOWS\ShellExperiences [12/04/2018 18:20:18] - |D| - [3070736] - C:\WINDOWS\SKB [28/08/2019 02:35:26] - |D| - [44540127] - C:\WINDOWS\SoftwareDistribution [03/02/2018 04:01:10] - |D| - [0] - C:\WINDOWS\SoftwareDistribution.old [12/04/2018 01:38:21] - |D| - [86037185] - C:\WINDOWS\Speech [12/04/2018 01:38:21] - |D| - [63476142] - C:\WINDOWS\Speech_OneCore [MD5.8D59B31FF375059E3C32B17BF31A76D5] - [12/04/2018 01:34:41] - |A| - (.© Microsoft Corporation. - Print driver host for applications.) - [130560] - (10.0.17134.1) - C:\WINDOWS\splwow64.exe [12/04/2018 01:38:21] - |D| - [31039] - C:\WINDOWS\System [MD5.286A9EDB379DC3423A528B0864A0F111] - [29/09/2017 15:46:38] - |A| - (.-.) - [219] - (0.0.0.0) - C:\WINDOWS\system.ini [11/04/2018 23:04:33] - |D| - [7645420481] - C:\WINDOWS\System32 [12/04/2018 01:38:21] - |D| - [226976951] - C:\WINDOWS\SystemApps [12/04/2018 01:38:21] - |D| - [25702345] - C:\WINDOWS\SystemResources [11/04/2018 23:04:41] - |D| - [1529342885] - C:\WINDOWS\SysWOW64 [12/04/2018 01:38:21] - |D| - [0] - C:\WINDOWS\TAPI [29/09/2017 15:46:34] - |D| - [220] - C:\WINDOWS\Tasks [12/04/2018 01:38:21] - |D| - [7385311] - C:\WINDOWS\Temp [12/04/2018 01:38:21] - |D| - [13610496] - C:\WINDOWS\TextInput [12/04/2018 01:38:21] - |D| - [0] - C:\WINDOWS\tracing [12/04/2018 01:38:21] - |D| - [275696] - C:\WINDOWS\twain_32 [MD5.076387B253E6A381090F59EDBFC5EEF6] - [12/04/2018 01:34:53] - |A| - (.- Gestionnaire de sources Twain_32 (Image Acquisition Interface).) - [65536] - (1.7.1.3) - C:\WINDOWS\twain_32.dll [12/04/2018 01:38:21] - |D| - [12420] - C:\WINDOWS\Vss [11/04/2018 23:04:37] - |D| - [25818] - C:\WINDOWS\WaaS [12/04/2018 01:38:21] - |D| - [15729830] - C:\WINDOWS\Web [MD5.23CF8138F49416231807E6DE371FB9E6] - [29/09/2017 15:46:38] - |A| - (.-.) - [92] - (0.0.0.0) - C:\WINDOWS\win.ini [MD5.C844CA459F3B209329984772269B6E56] - [12/04/2018 01:34:36] - |RAH| - (.-.) - [670] - (0.0.0.0) - C:\WINDOWS\WindowsShell.Manifest [MD5.2CC83D93DD1DDE691158CF5E9882420B] - [28/08/2019 03:01:08] - |A| - (.-.) - [276] - (0.0.0.0) - C:\WINDOWS\WindowsUpdate.log [MD5.EE1F0DE1ED3E8A5BF080B3497049969E] - [12/04/2018 01:34:52] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Relais Windows Winhlp32.) - [11776] - (10.0.17134.1) - C:\WINDOWS\winhlp32.exe [11/04/2018 23:04:33] - |D| - [10307539339] - C:\WINDOWS\WinSxS [MD5.E7E4D8D7340DA6934B9EA81CBB21374C] - [12/04/2018 01:33:56] - |A| - (.-.) - [316640] - (0.0.0.0) - C:\WINDOWS\WMSysPr9.prx [MD5.5266C61652051E9EF3A4D199001F6B17] - [12/04/2018 01:34:19] - |A| - (.© Microsoft Corporation. - Windows Write.) - [11264] - (10.0.17134.1) - C:\WINDOWS\write.exe ---------- | C:\WINDOWS\System32\GroupPolicy [03/07/2019 22:30:16] - |D| - [0] - C:\WINDOWS\System32\GroupPolicy\Adm [MD5.A62CE44A33F1C05FC2D340EA0CA118A4] - [03/07/2019 22:30:16] - |A| - (.-.) - [268] - (0.0.0.0) - C:\WINDOWS\System32\GroupPolicy\gpt.ini [03/07/2019 22:30:16] - |D| - [0] - C:\WINDOWS\System32\GroupPolicy\Machine [03/07/2019 22:30:16] - |D| - [0] - C:\WINDOWS\System32\GroupPolicy\User ---------- | Systemroot\System ---------- | Systemroot\Installer (Microsoft Files Whitelisted) [08/08/2019 13:41:31] - C:\WINDOWS\Installer\1433f697.msi : (Epic Games Launcher - Epic Games, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/01/2018 16:32:26] - C:\WINDOWS\Installer\1fede7.msi : (.. - Intel) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/01/2018 16:33:02] - C:\WINDOWS\Installer\1fedf3.msi : (Intel(R) Driver & Support Assistant 3.1.2 - Intel) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/06/2018 23:20:26] - C:\WINDOWS\Installer\2d18499b.msi : (Intel(R) C++ Redistributables on Intel(R) 64 - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [19/11/2015 11:56:58] - C:\WINDOWS\Installer\33c3cc.msi : (Epic Games Launcher Prerequisites (x64) - Epic Games, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [26/11/2018 19:59:11] - C:\WINDOWS\Installer\47daf2d.msi : (Java SE Runtime Environment 8 Update 191 - Oracle Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [26/11/2018 20:01:31] - C:\WINDOWS\Installer\47daf34.msi : (Java Auto Updater - Oracle Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [02/11/2017 13:18:13] - C:\WINDOWS\Installer\6717e288.msi : (Online Application - Microleaves) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [03/02/2018 01:30:14] - C:\WINDOWS\Installer\6aba8.msi : (Google Update Helper - Google Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [01/10/2018 21:28:48] - C:\WINDOWS\Installer\ef404be.msi : (Dolby Audio X2 Windows API SDK - Dolby Laboratories, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] ---------- | %System%\*.in* [12/04/2018 01:33:56] - [3329] - C:\WINDOWS\System32\ieuinit.inf [19/05/2018 11:55:50] - [1766590] - C:\WINDOWS\System32\PerfStringBackup.INI [12/04/2018 01:34:33] - [60124] - C:\WINDOWS\System32\tcpmon.ini [29/01/2018 12:40:14] - [4779] - C:\WINDOWS\System32\TKFWFV.inf [12/04/2018 01:34:20] - [2404] - C:\WINDOWS\System32\WimBootCompress.ini [12/04/2018 01:34:00] - [3329] - C:\WINDOWS\Syswow64\ieuinit.inf [12/04/2018 01:34:49] - [2404] - C:\WINDOWS\Syswow64\WimBootCompress.ini ---------- | Listing no Microsoft signed files (Not necessary Malwares) | system32 | Syswow64 | General scan [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:20] - [0 Ko] - C:\WINDOWS\AppPatch\Custom\Custom64 [MD5.00000000000000000000000000000000] - |D| - [01/09/2019 19:55:23] - [0 Ko] - C:\WINDOWS\Temp\88DB2278-E86A-432C-8647-6E5D4836956F-Sigs [MD5.EF5EB19690D7277487482EDB38220F36] - |A| - [04/09/2018 22:01:55] - (.-.) - [2981.64 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\adobegc.log [MD5.D947FE62D1B198C1FD5D84ACB2D7C1E0] - |A| - [29/08/2019 16:48:16] - (.-.) - [0.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\adobegc_a01780 [MD5.D947FE62D1B198C1FD5D84ACB2D7C1E0] - |A| - [28/08/2019 19:09:21] - (.-.) - [0.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\adobegc_a12036 [MD5.D947FE62D1B198C1FD5D84ACB2D7C1E0] - |A| - [26/08/2019 20:58:47] - (.-.) - [0.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\adobegc_a12472 [MD5.00000000000000000000000000000000] - |D| - [26/08/2019 18:09:55] - [0.04 Ko] - C:\WINDOWS\Temp\Crashpad [MD5.00000000000000000000000000000000] - |D| - [30/08/2018 13:32:55] - [3645.29 Ko] - C:\WINDOWS\Temp\CreativeCloud [MD5.00000000000000000000000000000000] - |D| - [01/09/2019 23:26:01] - [0 Ko] - C:\WINDOWS\Temp\DiagTrack_alternativeTrace [MD5.00000000000000000000000000000000] - |D| - [01/09/2019 23:26:01] - [0 Ko] - C:\WINDOWS\Temp\DiagTrack_aot [MD5.00000000000000000000000000000000] - |D| - [01/09/2019 23:26:01] - [0 Ko] - C:\WINDOWS\Temp\DiagTrack_diag [MD5.00000000000000000000000000000000] - |D| - [01/09/2019 23:26:01] - [0 Ko] - C:\WINDOWS\Temp\DiagTrack_miniTrace [MD5.61AF48708FB1894080C9C6D34B9F9C61] - |A| - [25/02/2019 20:06:39] - (.-.) - [541.09 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MpCmdRun.log [MD5.63273B93CBE2A5E069BE5B638F797C3A] - |A| - [28/08/2019 03:11:19] - (.-.) - [45.01 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MpSigStub.log [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:19:19] - [0 Ko] - C:\WINDOWS\System32\0409 [MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [12/04/2018 01:34:20] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@AudioToastIcon.png [MD5.8E4B25CC8E98F63DBD54176DFAB539E0] - |A| - [12/04/2018 01:34:07] - (.-.) - [0.44 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@BackgroundAccessToastIcon.png [MD5.3937359E324E15F6A7A7092D4DAEBD64] - |A| - [12/04/2018 01:34:25] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@bitlockertoastimage.png [MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [12/04/2018 01:34:14] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@EnrollmentToastIcon.png [MD5.C2A332DE50FE519DA21AFB8BD6E134F4] - |A| - [12/04/2018 01:34:27] - (.-.) - [0.55 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@language_notification_icon.png [MD5.A119D69B4C29845D3F8CE2E5638C8E65] - |A| - [12/04/2018 01:34:32] - (.-.) - [0.47 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@optionalfeatures.png [MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [12/04/2018 01:34:33] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@VpnToastIcon.png [MD5.7AC3EA1A5175106ED6467FF0C5315541] - |A| - [12/04/2018 01:34:44] - (.-.) - [14.75 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WiFiNotificationIcon.png [MD5.79166EAF65485F1432DD72B72870026B] - |A| - [12/04/2018 01:34:04] - (.-.) - [190.86 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@windows-hello-V4.1.gif [MD5.13EF2C8D799F7B6E9D8E3D6BACB9C779] - |A| - [12/04/2018 01:34:04] - (.-.) - [0.7 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsHelloFaceToastIcon.png [MD5.F553B252FEC3134D4F5303D9B25298B3] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsUpdateToastIcon.contrast-black.png [MD5.DAD405CBDE259DE527EBF71BCC28099C] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.79 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsUpdateToastIcon.contrast-white.png [MD5.F553B252FEC3134D4F5303D9B25298B3] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsUpdateToastIcon.png [MD5.DB71001FC261F6685BE410527DAE3942] - |A| - [12/04/2018 01:34:20] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WirelessDisplayToast.png [MD5.D0FCF781D0801ABF5F74B54E98076A5B] - |A| - [12/04/2018 01:34:12] - (.-.) - [0.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WwanNotificationIcon.png [MD5.85D91E478AF18125007C531227FF6E59] - |A| - [12/04/2018 01:34:12] - (.-.) - [0.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WwanSimLockIcon.png [MD5.00000000000000000000000000000000] - |D| - [11/04/2018 23:04:39] - [2891.9 Ko] - C:\WINDOWS\System32\AdvancedInstallers [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29.5 Ko] - C:\WINDOWS\System32\af-ZA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [27.97 Ko] - C:\WINDOWS\System32\am-et [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\System32\AppLocker [MD5.00000000000000000000000000000000] - |D| - [03/02/2018 01:47:56] - [0 Ko] - C:\WINDOWS\System32\appmgmt [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [2686.05 Ko] - C:\WINDOWS\System32\appraiser [MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 18:24:11] - [287.58 Ko] - C:\WINDOWS\System32\AppV [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [345.5 Ko] - C:\WINDOWS\System32\ar-SA [MD5.B4F803BBEAFAD4DE89C6D3718E93F4F0] - |A| - [12/04/2018 01:34:15] - (.Copyright (c) libarchive authors - Windows-internal libarchive library.) - [602 Ko] - (3.3.2.0) - C:\WINDOWS\System32\archiveint.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [30.5 Ko] - C:\WINDOWS\System32\as-IN [MD5.C03F0062C0749CDB59A4D60862C3E83E] - |A| - [12/04/2018 01:34:04] - (.-.) - [134.86 Ko] - (0.0.0.0) - C:\WINDOWS\System32\AverageRoom.bin [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [30 Ko] - C:\WINDOWS\System32\az-Latn-AZ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29.5 Ko] - C:\WINDOWS\System32\be-BY [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [345.5 Ko] - C:\WINDOWS\System32\bg-BG [MD5.200930141D240DB217EAF5284DCBB068] - |A| - [02/02/2018 22:25:53] - (.Copyright (C) 2016, BayHubTech/O2Micro. - BayHubTech/O2Micro SD/MMC Icon.) - [1248.48 Ko] - (1.0.0.5) - C:\WINDOWS\System32\bhtv5Icon.dll [MD5.705628497C0012302212A46ADD463E6E] - |A| - [12/04/2018 01:34:02] - (.-.) - [8.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.contrast-black.png [MD5.F63C615733A3337BF2BEA96C6EE9B568] - |A| - [12/04/2018 01:34:02] - (.-.) - [8.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.contrast-high.png [MD5.705628497C0012302212A46ADD463E6E] - |A| - [12/04/2018 01:34:02] - (.-.) - [8.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.contrast-white.png [MD5.DAF1DCB4AEE839A1965F4CC160C49A53] - |A| - [12/04/2018 01:34:02] - (.-.) - [8.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.png [MD5.28ECA83D7F9D10D69E969675D1FF6725] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.29 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothSystemToastIcon.contrast-white.png [MD5.A620186FF1CDE4EE117FC4CAD648B9CC] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.2 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [28.5 Ko] - C:\WINDOWS\System32\bn-BD [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29.5 Ko] - C:\WINDOWS\System32\bn-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [4836.9 Ko] - C:\WINDOWS\System32\Boot [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [28.5 Ko] - C:\WINDOWS\System32\bs-Latn-BA [MD5.06DB0A736F8A78151518276F232669FC] - |A| - [12/04/2018 01:34:19] - (.Copyright (C) 2008 - Gestionnaire de contexte pour réseau personnel Bluetooth.) - [181 Ko] - (1.0.0.1) - C:\WINDOWS\System32\BthpanContextHandler.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0.1 Ko] - C:\WINDOWS\System32\Bthprops [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [30.5 Ko] - C:\WINDOWS\System32\ca-ES [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [31 Ko] - C:\WINDOWS\System32\ca-ES-valencia [MD5.00000000000000000000000000000000] - |D| - [11/04/2018 23:04:33] - [96744.23 Ko] - C:\WINDOWS\System32\CatRoot [MD5.00000000000000000000000000000000] - |D| - [28/08/2019 02:35:53] - [35375.18 Ko] - C:\WINDOWS\System32\catroot2 [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [40144.26 Ko] - C:\WINDOWS\System32\Catroot2.old [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [23 Ko] - C:\WINDOWS\System32\chr-CHER-US [MD5.C3B200C13BCBAF149C160B3BC9CBD83C] - |A| - [12/04/2018 22:16:59] - (.Copyright CANON INC. 2000-2014 - IJ Language Monitor.) - [396.5 Ko] - (0.3.0.1) - C:\WINDOWS\System32\CNMLMCA.DLL [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [3234.8 Ko] - C:\WINDOWS\System32\CodeIntegrity [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [368 Ko] - C:\WINDOWS\System32\com [MD5.535884123FABC2C15AA7DEC9834B55D4] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ComputerToastIcon.contrast-white.png [MD5.89F92266DFC6F93961DFFBB2D6C61A15] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.38 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ComputerToastIcon.png [MD5.CC7D8A8C05FA87656804C18D3ED288A1] - |A| - [18/10/2018 02:07:24] - (.2013 © Real Sound Lab SIA, iSoft Solutions - CONEQ™ Media Suite APO GUI Library.) - [119.32 Ko] - (1.0.0.4) - C:\WINDOWS\System32\CONEQMSAPOGUILibrary.dll [MD5.00000000000000000000000000000000] - |D| - [11/04/2018 23:04:33] - [322013.06 Ko] - C:\WINDOWS\System32\config [MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 01:38:21] - [53.11 Ko] - C:\WINDOWS\System32\Configuration [MD5.21CFA73B9FE6A74D622D3EF4E7460549] - |A| - [21/11/2017 19:07:52] - (.-.) - [738.92 Ko] - (0.0.0.0) - C:\WINDOWS\System32\cp_resources.bin [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [408 Ko] - C:\WINDOWS\System32\cs-CZ [MD5.BDEBD2FC4927DA00EEA263AF9CF8F7ED] - |A| - [12/04/2018 01:34:15] - (.© 1996 - 2017 Daniel Stenberg, . - The curl executable.) - [414.5 Ko] - (7.55.1.0) - C:\WINDOWS\System32\curl.exe [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [31.5 Ko] - C:\WINDOWS\System32\cy-GB [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [403.5 Ko] - C:\WINDOWS\System32\da-DK [MD5.48E51DAA9278C41213957795D439A274] - |A| - [13/11/2018 22:38:55] - (.-.) - [138 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DataStoreCacheDumpTool.exe [MD5.00000000000000000000000000000000] - |D| - [02/02/2018 21:12:58] - [14122.32 Ko] - C:\WINDOWS\System32\DAX2 [MD5.00000000000000000000000000000000] - |D| - [02/02/2018 21:12:58] - [9568.75 Ko] - C:\WINDOWS\System32\DAX3 [MD5.2A7153B6C7C3B8EF2EA0E1E7DBC119A4] - |A| - [18/10/2018 02:06:38] - (.© 2017 Dolby Laboratories, Inc. - Dolby DAX APO Property Page.) - [1508.12 Ko] - (1.1.7.13) - C:\WINDOWS\System32\DAX3APOProp.dll [MD5.8C72F29651DD7595F935EF47EAE97563] - |A| - [18/10/2018 02:06:40] - (.© 2017 Dolby Laboratories, Inc. - Dolby DAX APO.) - [1340.28 Ko] - (1.1.7.13) - C:\WINDOWS\System32\DAX3APOv251.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [217.6 Ko] - C:\WINDOWS\System32\DDFs [MD5.6CE46420E121351C6F217F7A3E3B16C7] - |A| - [02/02/2018 22:26:24] - (.©2014 Dolby Laboratories. - Dolby Digital Plus API x86.) - [271.81 Ko] - (7.6.5.1) - C:\WINDOWS\System32\DDPA64.dll [MD5.04C0FF55158BD5C8E31B8C3DC2A322C9] - |A| - [18/10/2018 02:06:42] - (.©2014 Dolby Laboratories. - Dolby Digital Plus COM DLL x86.) - [1925.22 Ko] - (7.6.5.1) - C:\WINDOWS\System32\DDPD64A.dll [MD5.2B46D04F1E86B9E978815DE19C427F93] - |A| - [18/10/2018 02:06:42] - (.©2014 Dolby Laboratories. - Dolby Digital Plus APO x86.) - [325.27 Ko] - (7.6.5.1) - C:\WINDOWS\System32\DDPO64A.dll [MD5.F90018211FD3CF221F833B5609F0C6F2] - |A| - [18/10/2018 02:07:30] - (.©2014 Dolby Laboratories. - Dolby DS1PC Control Panel x86.) - [6935.16 Ko] - (7.6.5.1) - C:\WINDOWS\System32\DDPP64A.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [458 Ko] - C:\WINDOWS\System32\de-DE [MD5.C04ED7B2794D40E8E777FD44ED44FC50] - |A| - [12/04/2018 01:34:06] - (.-.) - [0.36 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultAccountTile.png [MD5.618BA9E529EAB7E11DBA43469481835F] - |A| - [12/04/2018 01:34:04] - (.-.) - [4128.04 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultHrtfs.bin [MD5.664AA698FC0106A2B075A641E8DC6302] - |A| - [12/04/2018 01:38:27] - (.-.) - [0.84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultQuestions.json [MD5.851A9305E14B348CA0D9C7FB75391FDB] - |A| - [13/11/2018 22:38:55] - (.-.) - [272.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DesktopKeepOnToastImg.gif [MD5.4A6FA3C0EFD237F104E09A22883D9388] - |A| - [12/04/2018 01:34:17] - (.-.) - [3.85 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DetailedReading-Default.xml [MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 01:38:21] - [946 Ko] - C:\WINDOWS\System32\DiagSvcs [MD5.12ACC91FA93C8BF82D4EF3FB779ECEF8] - |A| - [12/04/2018 01:34:24] - (.-.) - [80.27 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DiskSnapshot.conf [MD5.00000000000000000000000000000000] - |D| - [11/04/2018 23:04:37] - [9781.27 Ko] - C:\WINDOWS\System32\Dism [MD5.6AB2B935BF38EB13CFCB9506223FD6E7] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DisplaySystemToastIcon.contrast-white.png [MD5.FF004E0B30E5E4EC747B3D8EF6E3B89E] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DisplaySystemToastIcon.png [MD5.A1B31418DDFD3A392775C4BF6E98CE53] - |A| - [18/10/2018 02:07:34] - (.© 2018 Dolby Laboratories, Inc. - Dolby DAX2 APO Property Page.) - [1131.88 Ko] - (0.8.8.33) - C:\WINDOWS\System32\DolbyDAX2APOProp.dll [MD5.F432717A6EEF19760268238D6EDCC1C0] - |A| - [02/02/2018 22:26:25] - (.© 2018 Dolby Laboratories, Inc. - Dolby DAX2 APO.) - [5221.73 Ko] - (0.8.8.33) - C:\WINDOWS\System32\DolbyDAX2APOv211.dll [MD5.1A638FFC7A4E5F57711137D3D9B50070] - |A| - [18/10/2018 02:06:48] - (.© 2016 Dolby Laboratories, Inc. - Dolby DAX2 APO.) - [1230.27 Ko] - (1.6.1.53) - C:\WINDOWS\System32\DolbyDAX2APOvlldp.dll [MD5.00000000000000000000000000000000] - |D| - [11/04/2018 23:04:37] - [2404.09 Ko] - C:\WINDOWS\System32\downlevel [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:37:59] - [154925.96 Ko] - C:\WINDOWS\System32\drivers [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\System32\DriverState [MD5.00000000000000000000000000000000] - |D| - [11/04/2018 23:04:33] - [2728985.85 Ko] - C:\WINDOWS\System32\DriverStore [MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 01:38:21] - [161.5 Ko] - C:\WINDOWS\System32\dsc [MD5.DF84EB7B44D1414284BA384F0061D1DC] - |A| - [12/04/2018 01:34:04] - (.-.) - [728.08 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DynamicLong.bin [MD5.346870077DFD18867A9693C7A59AA3E6] - |A| - [12/04/2018 01:34:04] - (.-.) - [503.08 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DynamicMedium.bin [MD5.2BEC13D68312ADE8C0065D8BCC146D2F] - |A| - [12/04/2018 01:34:04] - (.-.) - [315.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DynamicShort.bin [MD5.AC4A4E064D4884F571CC4A0DB1CE821F] - |A| - [22/01/2019 20:08:56] - (.Copyright © EasyAntiCheat Oy 2018 - EasyAntiCheat UserMode.) - [19.23 Ko] - (1.0.0.0) - C:\WINDOWS\System32\eac_usermode_128131239834113.dll [MD5.AA85615965D5CD7C84E483018BABBD91] - |A| - [18/10/2018 18:24:59] - (.Copyright © EasyAntiCheat Oy 2018 - EasyAntiCheat UserMode.) - [19.73 Ko] - (1.0.0.0) - C:\WINDOWS\System32\eac_usermode_136054174650470.dll [MD5.C3393866E7D6D4506ACAA6D56C200EDF] - |A| - [12/12/2018 22:12:50] - (.Copyright © EasyAntiCheat Oy 2018 - EasyAntiCheat UserMode.) - [19.23 Ko] - (1.0.0.0) - C:\WINDOWS\System32\eac_usermode_17253359047334.dll [MD5.F420898B636588B13C7D65098BD87689] - |A| - [05/02/2019 21:54:33] - (.Copyright © EasyAntiCheat Oy 2018 - EasyAntiCheat UserMode.) - [19.23 Ko] - (1.0.0.0) - C:\WINDOWS\System32\eac_usermode_347953618885984.dll [MD5.C3393866E7D6D4506ACAA6D56C200EDF] - |A| - [30/12/2018 21:36:17] - (.Copyright © EasyAntiCheat Oy 2018 - EasyAntiCheat UserMode.) - [19.23 Ko] - (1.0.0.0) - C:\WINDOWS\System32\eac_usermode_516534076780906.dll [MD5.10C38E1CA0D664F58E8B9F3645885E1D] - |A| - [13/02/2019 21:14:59] - (.-.) - [0.07 Ko] - (0.0.0.0) - C:\WINDOWS\System32\edgehtmlpluginpolicy.bin [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [456.5 Ko] - C:\WINDOWS\System32\el-GR [MD5.D96B7D921C3056ECC603D787A15BAC92] - |A| - [19/05/2018 11:50:13] - (.-.) - [22.57 Ko] - (0.0.0.0) - C:\WINDOWS\System32\emptyregdb.dat [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:19:19] - [0 Ko] - C:\WINDOWS\System32\en [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [324 Ko] - C:\WINDOWS\System32\en-GB [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [2148.5 Ko] - C:\WINDOWS\System32\en-US [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [438.5 Ko] - C:\WINDOWS\System32\es-ES [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [358.5 Ko] - C:\WINDOWS\System32\es-MX [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [318.5 Ko] - C:\WINDOWS\System32\et-EE [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29 Ko] - C:\WINDOWS\System32\eu-ES [MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 01:38:21] - [17125.14 Ko] - C:\WINDOWS\System32\F12 [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [28.5 Ko] - C:\WINDOWS\System32\fa-IR [MD5.4DBB768C8F7E49566670FF10A61726A3] - |A| - [11/07/2018 12:52:17] - (.-.) - [1278 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FaceProcessor.dll [MD5.F5A3997555DA1A4F7036D4E8B2FCB386] - |A| - [11/07/2018 12:52:12] - (.-.) - [530.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FaceProcessorCore.dll [MD5.BB0137476B1EC8B10CE944BF023C91F6] - |A| - [12/04/2018 01:34:04] - (.-.) - [1317.05 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FaceTrackerInternal.dll [MD5.4DED57BD7ACB9B0EBBE82034EC44645A] - |A| - [12/04/2018 01:34:41] - (.-.) - [43.22 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FeatureToastBulldogImg.png [MD5.E65D2A37B6D4445D0CD9234BA933475B] - |A| - [12/04/2018 01:33:53] - (.-.) - [72.96 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FeatureToastHeroImg.jpg [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [409 Ko] - C:\WINDOWS\System32\fi-FI [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [32.5 Ko] - C:\WINDOWS\System32\fil-PH [MD5.3BE22ED5E769B77ADB37331AEDD0C654] - |A| - [19/05/2018 11:45:22] - (.-.) - [436.02 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FNTCACHE.DAT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:19:19] - [3490 Ko] - C:\WINDOWS\System32\fr [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [369 Ko] - C:\WINDOWS\System32\fr-CA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [47341.88 Ko] - C:\WINDOWS\System32\fr-FR [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\System32\FxsTmp [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [32.5 Ko] - C:\WINDOWS\System32\ga-IE [MD5.41FD64AE28A0C932CA7B2A250993D675] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.45 Ko] - (0.0.0.0) - C:\WINDOWS\System32\GameSystemToastIcon.contrast-white.png [MD5.6DC77FD8B062264AF1C6DA325ABB7010] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\GameSystemToastIcon.png [MD5.2E6AF4D5BF6E31E728F409984C3045D4] - |A| - [12/04/2018 01:34:39] - (.-.) - [86.7 Ko] - (0.0.0.0) - C:\WINDOWS\System32\gatherNetworkInfo.vbs [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [34 Ko] - C:\WINDOWS\System32\gd-GB [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [02/02/2018 21:24:25] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\System32\GfxValDisplayLog.bin [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [31 Ko] - C:\WINDOWS\System32\gl-ES [MD5.00000000000000000000000000000000] - |HD| - [29/09/2017 15:46:33] - [0.26 Ko] - C:\WINDOWS\System32\GroupPolicy [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:33] - [0 Ko] - C:\WINDOWS\System32\GroupPolicyUsers [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29 Ko] - C:\WINDOWS\System32\gu-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29 Ko] - C:\WINDOWS\System32\ha-Latn-NG [MD5.EA99A87E98D995DE6E280CF85CEAD413] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.21 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HandwritingSystemToastIcon.contrast-white.png [MD5.B8E586ED92DB703FFA480E254996160E] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.89 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HandwritingSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [327.5 Ko] - C:\WINDOWS\System32\he-IL [MD5.6E9E9D56B192B2995493E529CFF2BBFE] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.43 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadphoneSystemToastIcon.contrast-white.png [MD5.7F1E9502267F778F3A8139C35A352190] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.09 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadphoneSystemToastIcon.png [MD5.202A07E4526B050E22624328E64E0470] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.52 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadsetSystemToastIcon.contrast-white.png [MD5.1892ACC10CAC009BCAC146AD650ABA58] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.17 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadsetSystemToastIcon.png [MD5.031713BFD5F30E63336D3CA5D2767BE9] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.79 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HealthSystemToastIcon.contrast-white.png [MD5.C1BD7976C99830E33A713D02374054EC] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.62 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HealthSystemToastIcon.png [MD5.D6906D226393F94E7D8B3B2AC1E41D94] - |A| - [12/04/2018 01:34:10] - (.-.) - [247.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeatCore.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29 Ko] - C:\WINDOWS\System32\hi-IN [MD5.D3C5FA2DCBED5B375BF36D3A54E08F93] - |A| - [02/02/2018 22:26:26] - (.© 2018 Dolby Laboratories, Inc. - Dolby DAX2 HiFi API.) - [369.38 Ko] - (0.8.8.85) - C:\WINDOWS\System32\HiFiDAX2API.dll [MD5.A6A23F90726BFA4BB9B9E6A554A7341D] - |A| - [18/10/2018 02:07:00] - (.© 2016 Dolby Laboratories, Inc. - Dolby DAX2 HiFi API.) - [396.8 Ko] - (1.6.1.53) - C:\WINDOWS\System32\HiFiDAX2APIPCLL.dll [MD5.E1712E7E7F912EC72EEDA318C3B25E25] - |A| - [12/04/2018 01:33:54] - (.-.) - [31 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HvSocket.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [27.5 Ko] - C:\WINDOWS\System32\hy-AM [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:24:11] - [278.87 Ko] - C:\WINDOWS\System32\hydrogen [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [5.36 Ko] - C:\WINDOWS\System32\ias [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [36.27 Ko] - C:\WINDOWS\System32\icsxml [MD5.CD591279F103D5E02F84ABD7ED450E57] - |RA| - [12/04/2018 01:34:12] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU I18N DLL.) - [1848 Ko] - (59.1.0.0) - C:\WINDOWS\System32\icuin.dll [MD5.4185EE055F39FD2D726A91E6A8A1A093] - |RA| - [12/04/2018 01:34:12] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Common DLL.) - [1311.5 Ko] - (59.1.0.0) - C:\WINDOWS\System32\icuuc.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [28.5 Ko] - C:\WINDOWS\System32\id-ID [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [27 Ko] - C:\WINDOWS\System32\ig-NG [MD5.BBB3C3B345E949D02923B7634342B223] - |A| - [21/11/2017 19:20:56] - (.-.) - [270.48 Ko] - (0.0.0.0) - C:\WINDOWS\System32\igfxCPL.cpl [MD5.67B646C256190F118619C9D10AAE4B5C] - |A| - [12/04/2018 01:34:04] - (.-.) - [168 Ko] - (0.0.0.0) - C:\WINDOWS\System32\IHDS.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [25220 Ko] - C:\WINDOWS\System32\IME [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\System32\inetsrv [MD5.BB1480586B5C174900A1051CEB2B462F] - |A| - [12/04/2018 01:34:12] - (.-.) - [480.22 Ko] - (0.0.0.0) - C:\WINDOWS\System32\InputHost.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [6671.5 Ko] - C:\WINDOWS\System32\InputMethod [MD5.8DE9AE82152650C178BF1E24014E8503] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.25 Ko] - (0.0.0.0) - C:\WINDOWS\System32\InputSystemToastIcon.contrast-white.png [MD5.0B9FBD6F3ED617CD36D042D3422F1C2B] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\InputSystemToastIcon.png [MD5.F418D2193501DC122E4BF92AAF734F34] - |A| - [20/12/2017 14:59:20] - (.-.) - [170.61 Ko] - (0.0.0.0) - C:\WINDOWS\System32\IntelWifiIhv04.dll [MD5.837EA0A9B3FF7DCAF79C74C5060A8774] - |A| - [21/11/2017 19:22:24] - (.Copyright © The Khronos Group Inc 2014 - OpenCL Client DLL.) - [136.98 Ko] - (2.1.0.0) - C:\WINDOWS\System32\Intel_OpenCL_ICD64.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\System32\Ipmi [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29 Ko] - C:\WINDOWS\System32\is-IS [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [437 Ko] - C:\WINDOWS\System32\it-IT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [323.56 Ko] - C:\WINDOWS\System32\ja-jp [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [28.5 Ko] - C:\WINDOWS\System32\ka-GE [MD5.23AC7515B6D8A794BCC01B582F044078] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.82 Ko] - (0.0.0.0) - C:\WINDOWS\System32\KeyboardSystemToastIcon.contrast-white.png [MD5.3DF873E16CCEA9B42857FB5FA085CB00] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\KeyboardSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [28.5 Ko] - C:\WINDOWS\System32\kk-KZ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [28 Ko] - C:\WINDOWS\System32\km-KH [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [31.5 Ko] - C:\WINDOWS\System32\kn-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [301 Ko] - C:\WINDOWS\System32\ko-KR [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29 Ko] - C:\WINDOWS\System32\kok-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29.5 Ko] - C:\WINDOWS\System32\ku-Arab-IQ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [30 Ko] - C:\WINDOWS\System32\ky-KG [MD5.9451D4436E2EA67EB33FCC764E4AABED] - |A| - [13/11/2018 22:38:59] - (.-.) - [186.29 Ko] - (0.0.0.0) - C:\WINDOWS\System32\LaptopPlugInToastImg.gif [MD5.F0CC83E1BA7E24F9B3292160C28AECD7] - |A| - [12/04/2018 01:34:04] - (.-.) - [145.56 Ko] - (0.0.0.0) - C:\WINDOWS\System32\LargeRoom.bin [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [33 Ko] - C:\WINDOWS\System32\lb-LU [MD5.4F5120E44845A78D5920D2F0BDE0340F] - |A| - [12/04/2018 18:23:31] - (.-.) - [1953 Ko] - (2.6.4.0) - C:\WINDOWS\System32\libcrypto.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [559.86 Ko] - C:\WINDOWS\System32\Licenses [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [27 Ko] - C:\WINDOWS\System32\lo-LA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [13891.84 Ko] - C:\WINDOWS\System32\LogFiles [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [333 Ko] - C:\WINDOWS\System32\lt-LT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [331.5 Ko] - C:\WINDOWS\System32\lv-LV [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [62579.38 Ko] - C:\WINDOWS\System32\Macromed [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [32.68 Ko] - C:\WINDOWS\System32\MailContactsCalendarSync [MD5.7A495CA1402C2F9F5D035092AD808669] - |A| - [12/04/2018 01:35:23] - (.-.) - [0.85 Ko] - (0.0.0.0) - C:\WINDOWS\System32\manage-bde.wsf [MD5.3DCF07F29FFC6A20F14E05C20D3621F7] - |A| - [13/03/2019 20:27:23] - (.-.) - [791.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MBR2GPT.EXE [MD5.F23EB28468FC8B62AF941308EC30387F] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.25 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediaSystemToastIcon.contrast-white.png [MD5.6E27512E38D598E0A60F8E5ADCF032CD] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.83 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediaSystemToastIcon.png [MD5.69D04DE701CF1E8CE69C65D1671D2B3F] - |A| - [12/04/2018 01:34:04] - (.-.) - [107.46 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediumRoom.bin [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29 Ko] - C:\WINDOWS\System32\mi-NZ [MD5.00000000000000000000000000000000] - |D| - [19/05/2018 12:43:19] - [1111.36 Ko] - C:\WINDOWS\System32\Microsoft [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [6771.46 Ko] - C:\WINDOWS\System32\migration [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [47360.95 Ko] - C:\WINDOWS\System32\migwiz [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [30 Ko] - C:\WINDOWS\System32\mk-MK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [32.5 Ko] - C:\WINDOWS\System32\ml-IN [MD5.D225B2044789A6059344503C1AE33347] - |A| - [12/04/2018 01:34:29] - (.-.) - [3.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\mmc.exe.config [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [30.5 Ko] - C:\WINDOWS\System32\mn-MN [MD5.B43E43FFFDD0F06A6925C7C89594042B] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.35 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MouseSystemToastIcon.contrast-white.png [MD5.5D2F0D3E50BF1129D260AC1405FF2A18] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.06 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MouseSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29.5 Ko] - C:\WINDOWS\System32\mr-IN [MD5.9288D8C59049E43911079C2B4A061D84] - |A| - [22/11/2018 19:40:24] - (.Copyright (C) 2018 LLC Mail.Ru - Mail.Ru AntiCheat Service.) - [11427.27 Ko] - (2.42.6.0) - C:\WINDOWS\System32\mracsvc.exe [MD5.00000000000000000000000000000000] - |D| - [02/02/2018 21:35:55] - [0 Ko] - C:\WINDOWS\System32\MRT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [30 Ko] - C:\WINDOWS\System32\ms-MY [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [45.5 Ko] - C:\WINDOWS\System32\MSDRM [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [4196.28 Ko] - C:\WINDOWS\System32\MsDtc [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [31 Ko] - C:\WINDOWS\System32\mt-MT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [19.15 Ko] - C:\WINDOWS\System32\MUI [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [34.35 Ko] - C:\WINDOWS\System32\my-mm [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [398 Ko] - C:\WINDOWS\System32\nb-NO [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [640 Ko] - C:\WINDOWS\System32\NDF [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [31.5 Ko] - C:\WINDOWS\System32\ne-NP [MD5.60DE320E21D998D8BE31EFB574039D6D] - |A| - [19/05/2018 11:45:22] - (.-.) - [42.47 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NetSetupMig.log [MD5.C146E873B22C3B300B21A859FE66C27A] - |A| - [12/04/2018 01:34:39] - (.-.) - [21.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NetTrace.PLA.Diagnostics.xml [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [51 Ko] - C:\WINDOWS\System32\networklist [MD5.B8443ABFD8E5B6E13241C04D499ED47F] - |A| - [06/02/2019 22:34:29] - (.-.) - [8357.36 Ko] - (0.0.0.0) - C:\WINDOWS\System32\nvcoproc.bin [MD5.539023008CC6E329500B05B84BD8C894] - |A| - [06/02/2019 22:32:19] - (.-.) - [51.03 Ko] - (0.0.0.0) - C:\WINDOWS\System32\nvinfo.pb [MD5.06AAD0C702C868AD5CAC775F8B8A740A] - |A| - [23/04/2019 20:11:01] - (.-.) - [659.2 Ko] - (0.0.0.0) - C:\WINDOWS\System32\nvofapi64.dll [MD5.1F8E72D18D9DF680D0E0E5AA10ECA760] - |A| - [12/04/2018 01:38:28] - (.-.) - [16.94 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OEMDefaultAssociations.xml [MD5.F3DC097E834C1A11F2BEDFD429C644A9] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.41 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.contrast-black.png [MD5.BFE1CCA08FEFC8A3422F7DA615567D75] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.43 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.contrast-white.png [MD5.F3DC097E834C1A11F2BEDFD429C644A9] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.41 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [15794.83 Ko] - C:\WINDOWS\System32\oobe [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:32] - [3834.5 Ko] - C:\WINDOWS\System32\OpenSSH [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [32.5 Ko] - C:\WINDOWS\System32\or-IN [MD5.459FB33AA2114A28C5932FEAA115B072] - |A| - [12/04/2018 01:34:04] - (.-.) - [45.82 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OutdoorAudioEnvironment.bin [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [28.5 Ko] - C:\WINDOWS\System32\pa-Arab-PK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [30 Ko] - C:\WINDOWS\System32\pa-IN [MD5.874B0871DA3EC061D1BF30423C1E165B] - |A| - [12/04/2018 01:34:43] - (.-.) - [48.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PerceptionSimulationInput.exe [MD5.7B13DB7CF79003F9B9A029815E957F36] - |A| - [12/04/2018 01:40:29] - (.-.) - [129.79 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc009.dat [MD5.1FC9B43E18B0A61B2A60F5DB7536E07B] - |A| - [12/04/2018 18:19:23] - (.-.) - [146.02 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc00C.dat [MD5.1E60BC5E525063B96078DF17FBD3C4E1] - |A| - [12/04/2018 01:40:29] - (.-.) - [32.64 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd009.dat [MD5.9F9AF8517189B0D61B2615007E071084] - |A| - [12/04/2018 18:19:23] - (.-.) - [39.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd00C.dat [MD5.C8BA025E992F0964574E9DC3A31DA7C9] - |A| - [12/04/2018 01:40:29] - (.-.) - [683.55 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh009.dat [MD5.C476DC80C33463AAAD8F86A07305AE81] - |A| - [12/04/2018 18:19:23] - (.-.) - [772.49 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh00C.dat [MD5.1D3C6B9E63ACAD2B14B98973C2D65099] - |A| - [19/05/2018 11:55:50] - (.-.) - [1725.19 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PerfStringBackup.INI [MD5.79D34E3B62076D4C875C748F5BE71ECA] - |A| - [12/04/2018 01:34:02] - (.-.) - [2.21 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PhoneSystemToastIcon.contrast-white.png [MD5.4D9495349D00D9AD907F227FF51F289F] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.92 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PhoneSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [424.5 Ko] - C:\WINDOWS\System32\pl-PL [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [682 Ko] - C:\WINDOWS\System32\PointOfService [MD5.686E760C5AEA12E78A85B617B76D99A9] - |A| - [19/10/2012 04:52:32] - (.-.) - [3776.41 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PortChanger.exe [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:19:20] - [420.74 Ko] - C:\WINDOWS\System32\Printing_Admin_Scripts [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\System32\ProximityToast [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [30.5 Ko] - C:\WINDOWS\System32\prs-AF [MD5.007893E8374C766471239EB291BA8C17] - |A| - [12/04/2018 01:34:40] - (.-.) - [4.05 Ko] - (0.0.0.0) - C:\WINDOWS\System32\psmodulediscoveryprovider.mof [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [427 Ko] - C:\WINDOWS\System32\pt-BR [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [422 Ko] - C:\WINDOWS\System32\pt-PT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [32.5 Ko] - C:\WINDOWS\System32\quc-Latn-GT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [30.5 Ko] - C:\WINDOWS\System32\quz-PE [MD5.654407BE74EDA960DA9F5E8698BD8622] - |A| - [18/10/2018 02:07:10] - (.©2012 Dolby Laboratories. - Dolby PCEE4 ASL Analog x64.) - [136.35 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EEA64A.dll [MD5.5A648E812BD4583BD972E7B898C8C184] - |A| - [18/10/2018 02:07:10] - (.©2012 Dolby Laboratories. - Dolby PCEE4 COM DLL x64.) - [442.52 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EED64A.dll [MD5.E4B603AC50A3C8941449DC3B38D0CE51] - |A| - [18/10/2018 02:07:12] - (.©2012 Dolby Laboratories. - Dolby PCEE4 GFX APO x64.) - [87.93 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EEG64A.dll [MD5.B603DEBF9A0F30B5FBB7BC9EFD6C14EA] - |A| - [18/10/2018 02:07:12] - (.©2012 Dolby Laboratories. - Dolby PCEE4 LFX APO x64.) - [153.52 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EEL64A.dll [MD5.7890D3A67D151E762BAFAD721D23374F] - |A| - [18/10/2018 02:07:58] - (.©2012 Dolby Laboratories. - Dolby PCEE4 Control Panel x64.) - [7010.3 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EEP64A.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [23.75 Ko] - C:\WINDOWS\System32\ras [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\System32\RasToast [MD5.5BBEA6A833CAE2CAB5E400D757998BBF] - |A| - [19/05/2018 12:42:05] - (.-.) - [1907.5 Ko] - (1.0.1802.7001) - C:\WINDOWS\System32\rdpnano.dll [MD5.0BF1E2262C95164A0B244174167FBD85] - |A| - [12/04/2018 01:35:13] - (.Copyright (C) 2009 - RemoteFX Helper.) - [104.5 Ko] - (1.1.0.0) - C:\WINDOWS\System32\RDVGHelper.exe [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [453371.27 Ko] - C:\WINDOWS\System32\Recovery [MD5.826549DF7B1333179BA8CA939B12DAD3] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RemoteSystemToastIcon.contrast-white.png [MD5.B4DEEC96F9DF6961D5DE054F11BF9C2B] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.1 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RemoteSystemToastIcon.png [MD5.93915F385A4EED6C0FBEE364EA90CE56] - |A| - [12/04/2018 01:34:43] - (.-.) - [9.09 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriHMImageList [MD5.39A2449AFF6ABAD80B97EA7C7CEB3F8E] - |A| - [12/04/2018 01:34:43] - (.-.) - [8.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriImageList [MD5.831C579709F4761E4AB7053FCF4176EC] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.contrast-black.png [MD5.DF286186041C6BF73C5DC21CEEEFFED5] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.77 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.contrast-white.png [MD5.831C579709F4761E4AB7053FCF4176EC] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0.07 Ko] - C:\WINDOWS\System32\restore [MD5.BA34CA469FE48B13922CD7A07A4A904A] - |A| - [09/10/2018 21:42:21] - (.-.) - [51.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\runexehelper.exe [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29.5 Ko] - C:\WINDOWS\System32\rw-RW [MD5.5C18CD22BE4628865FCB63337A6E5EF6] - |A| - [12/04/2018 01:35:22] - (.-.) - [10.18 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScavengeSpace.xml [MD5.2F24BC74DCB28FE032C1596755385917] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.contrast-black.png [MD5.E72B1B6800DE45AA9AE7E10F899E5999] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.54 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.contrast-white.png [MD5.2F24BC74DCB28FE032C1596755385917] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [30 Ko] - C:\WINDOWS\System32\sd-Arab-PK [MD5.00000000000000000000000000000000] - |D| - [19/05/2018 12:37:46] - [531.49 Ko] - C:\WINDOWS\System32\SDA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [6.92 Ko] - C:\WINDOWS\System32\SecureBootUpdates [MD5.A8308D2F3DDE0745E8B678BF69A2ECD0] - |A| - [12/04/2018 01:34:39] - (.-.) - [8 Ko] - (0.0.0.0) - C:\WINDOWS\System32\settings.dat [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [2246 Ko] - C:\WINDOWS\System32\ShellExperiences [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [53.2 Ko] - C:\WINDOWS\System32\si-lk [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [339 Ko] - C:\WINDOWS\System32\sk-SK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [335.5 Ko] - C:\WINDOWS\System32\sl-SI [MD5.00000000000000000000000000000000] - |D| - [19/05/2018 11:45:22] - [200521.31 Ko] - C:\WINDOWS\System32\SleepStudy [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:19:20] - [52.14 Ko] - C:\WINDOWS\System32\slmgr [MD5.DAC275ABAAD2B689D7BB3685E4032072] - |A| - [12/04/2018 01:34:04] - (.-.) - [68.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SmallRoom.bin [MD5.00000000000000000000000000000000] - |D| - [11/04/2018 23:04:33] - [13385.02 Ko] - C:\WINDOWS\System32\SMI [MD5.55121989BE7B289813D419BA0FDEE8B7] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.contrast-black.png [MD5.E30B7D226E7B5B0EC2B9FC2316694ECC] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.88 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.contrast-white.png [MD5.55121989BE7B289813D419BA0FDEE8B7] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.png [MD5.DE3EAAF17BC934C77C4FC0C626EEA03B] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.48 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SpeakersSystemToastIcon.contrast-white.png [MD5.3308374DB8D20CFDA4D4204E2B5E559E] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.88 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SpeakersSystemToastIcon.png [MD5.3C238A27DD48D63F21CBB8AE6E4210BD] - |A| - [12/04/2018 01:34:41] - (.-.) - [37 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SpectrumSyncClient.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [7505.4 Ko] - C:\WINDOWS\System32\Speech [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [12221.17 Ko] - C:\WINDOWS\System32\Speech_OneCore [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [151477.66 Ko] - C:\WINDOWS\System32\spool [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [15120.34 Ko] - C:\WINDOWS\System32\spp [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [23.61 Ko] - C:\WINDOWS\System32\sppui [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [30.5 Ko] - C:\WINDOWS\System32\sq-AL [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29.5 Ko] - C:\WINDOWS\System32\sr-Cyrl-BA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29.5 Ko] - C:\WINDOWS\System32\sr-Cyrl-RS [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [337 Ko] - C:\WINDOWS\System32\sr-Latn-RS [MD5.2E00E08420875FAE0B173C6A34C2A575] - |A| - [12/06/2018 21:27:03] - (.-.) - [18.28 Ko] - (0.0.0.0) - C:\WINDOWS\System32\srms-apr.dat [MD5.4FD560E994EDF0353835F3F9F506A62C] - |A| - [11/07/2018 12:52:10] - (.-.) - [57.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\srms.dat [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [39768 Ko] - C:\WINDOWS\System32\sru [MD5.8A02EF186BDC952CA75EFA689EC4F275] - |A| - [12/04/2018 01:34:04] - (.-.) - [434 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ssdm.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [406 Ko] - C:\WINDOWS\System32\sv-SE [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29 Ko] - C:\WINDOWS\System32\sw-KE [MD5.BD1F091BAF7931FA8CED744706589B76] - |A| - [13/03/2019 20:27:32] - (.-.) - [33.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SyncAppvPublishingServer.exe [MD5.20C4FE2B130D9F0C92D7629E71AFBB66] - |A| - [12/04/2018 01:35:10] - (.-.) - [1.68 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SyncAppvPublishingServer.vbs [MD5.E05FD986E310753F5EAB64A0FD5F856B] - |A| - [29/01/2018 07:22:10] - (.Copyright (C) Synaptics Incorporated 1996-2018 - SynCOM.) - [801.16 Ko] - (19.4.18.30) - C:\WINDOWS\System32\SynCOM.dll [MD5.6147AA090B9B3D9B83BC934BE316F33F] - |A| - [29/01/2018 07:22:30] - (.Copyright (C) Synaptics Incorporated 1996-2018 - SynTPAPI.) - [284.16 Ko] - (19.4.18.30) - C:\WINDOWS\System32\SynTPAPI.dll [MD5.D586B23CC84EB2E9CDB961508E031174] - |A| - [29/01/2018 07:22:34] - (.Copyright (C) Synaptics Incorporated 1996-2018 - Synaptics Pointing Device Driver Co-Installer.) - [349.66 Ko] - (19.4.18.30) - C:\WINDOWS\System32\SynTPCo63.dll [MD5.00000000000000000000000000000000] - |D| - [11/04/2018 23:04:37] - [1403.34 Ko] - C:\WINDOWS\System32\Sysprep [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [923.28 Ko] - C:\WINDOWS\System32\SystemResetPlatform [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [44.73 Ko] - C:\WINDOWS\System32\ta-in [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [10.73 Ko] - C:\WINDOWS\System32\ta-lk [MD5.9CD66B93520B6DD13C71EAEF487D7899] - |A| - [12/04/2018 01:34:16] - (.Copyright (c) libarchive authors - bsdtar archive tool.) - [49 Ko] - (3.3.2.0) - C:\WINDOWS\System32\tar.exe [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [620.68 Ko] - C:\WINDOWS\System32\Tasks [MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [560.15 Ko] - C:\WINDOWS\System32\Tasks_Migrated [MD5.A3C97023CE50955FC9E7081633368209] - |A| - [12/06/2019 16:40:37] - (.-.) - [1.28 Ko] - (0.0.0.0) - C:\WINDOWS\System32\tcbres.wim [MD5.D602CA245CC6774A0981B607F0675609] - |A| - [12/04/2018 01:34:33] - (.-.) - [58.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\tcpmon.ini [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [30 Ko] - C:\WINDOWS\System32\te-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [32 Ko] - C:\WINDOWS\System32\tg-Cyrl-TJ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [308.5 Ko] - C:\WINDOWS\System32\th-TH [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [22.5 Ko] - C:\WINDOWS\System32\ti-ET [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [27.5 Ko] - C:\WINDOWS\System32\tk-TM [MD5.F712C8732001D6588FE59C63E0960847] - |A| - [29/01/2018 12:40:16] - (.Copyright (C) INCA Internet. 2000-2012 - Tachyon Kernel ACI DLL 1.0.) - [151.84 Ko] - (2012.8.21.1) - C:\WINDOWS\System32\TKAciU64.dll [MD5.B6647D779BD20034286124C517BD5287] - |A| - [29/01/2018 12:40:16] - (.Copyright (C) INCA Internet. 2000-2016 - Tachyon Kernel Control Driver 1.0.) - [200.55 Ko] - (2016.1.27.1) - C:\WINDOWS\System32\TKCtrl2k.sys [MD5.B76D55A00D95C8B4C5A4A141F8B0133F] - |A| - [29/01/2018 12:40:16] - (.Copyright (C) INCA Internet. 2000-2016 - Tachyon Kernel Control Driver 1.0.) - [143.79 Ko] - (2016.1.27.1) - C:\WINDOWS\System32\TKCtrl2k64.sys [MD5.787AA2418F166E7C3C99AB7244B078E2] - |A| - [05/02/2016 04:05:34] - (.Copyright (C) INCA Internet. 2000-2014 - Tachyon Kernel Control DLL 1.0.) - [343.25 Ko] - (2014.10.23.1) - C:\WINDOWS\System32\TKCtrlU64.dll [MD5.0FF5BC110227F375E3F52D5994DBA983] - |A| - [29/01/2018 12:40:16] - (.Copyright (C) INCA Internet. 2000-2013 - Tachyon MBR Protection Driver 2.0.) - [75.23 Ko] - (2013.10.10.1) - C:\WINDOWS\System32\tkdacex2k.sys [MD5.71844C767E7EE4AEB1322C9606853029] - |A| - [29/01/2018 12:40:18] - (.Copyright (C) INCA Internet. 2000-2013 - Tachyon MBR Protection Driver 2.0.) - [49.73 Ko] - (2013.10.10.1) - C:\WINDOWS\System32\tkdacex2k64.sys [MD5.80C9119836819C98B87A21987BE59673] - |A| - [14/09/2017 07:03:54] - (.Copyright (C) INCA Internet. 2000-2013 - Tachyon MBR Protection Driver Management Dll 2.0.) - [83.26 Ko] - (2013.5.30.1) - C:\WINDOWS\System32\tkdacex64.dll [MD5.DF0DC8BCEB238101CDFFB95CF337291B] - |A| - [29/01/2018 12:40:16] - (.Copyright (C) INCA Internet. 2000-2013 - Tachyon MBR Protection Driver Management Dll 2.0.) - [84.76 Ko] - (2013.5.30.1) - C:\WINDOWS\System32\tkdacexu64.dll [MD5.9B25C40B921E33E00D29299B6AE0DD49] - |A| - [07/03/2018 09:59:06] - (.Copyright (C) INCA Internet. 2000-2016 - Tachyon Anti-Virus Driver 2.0.) - [227.14 Ko] - (2017.8.2.1) - C:\WINDOWS\System32\TKFsAv.sys [MD5.F222681D5FCB98100826BA2A16DC5489] - |A| - [07/03/2018 09:59:02] - (.Copyright (C) INCA Internet. 2000-2016 - Tachyon Anti-Virus Driver 2.0.) - [194.15 Ko] - (2017.8.2.1) - C:\WINDOWS\System32\TKFsAv64.sys [MD5.E9761FADE0718D3B14BFBEBCBE66CDD0] - |A| - [16/01/2018 06:55:26] - (.Copyright (C) INCA Internet. 2000-2014 - Tachyon Anti-Virus Driver Management Dll 2.0.) - [272.57 Ko] - (2018.1.16.1) - C:\WINDOWS\System32\TKFsAvMU64.dll [MD5.C3F389CAE7088CBCCFEC89879FF05304] - |A| - [07/03/2018 09:59:04] - (.Copyright (C) INCA Internet. 2000-2014 - Tachyon File System MiniFilter Driver 2.0.) - [25.24 Ko] - (2014.7.1.1) - C:\WINDOWS\System32\TKFsFt.sys [MD5.50EA573555A02CF3FD2DDA56DF907D89] - |A| - [07/03/2018 09:59:02] - (.Copyright (C) INCA Internet. 2000-2014 - Tachyon File System MiniFilter Driver 2.0.) - [28.15 Ko] - (2014.7.1.1) - C:\WINDOWS\System32\TKFsFt64.sys [MD5.C65176A42968C13DB53D8DD125A43F3B] - |A| - [29/01/2018 12:40:18] - (.Copyright (C) INCA Internet. 2000-2014 - Tachyon File System MiniFilter Driver Management Dll 2.0.) - [237.64 Ko] - (2014.7.14.1) - C:\WINDOWS\System32\TKFsFtMU64.dll [MD5.7D5C9464829502C4F785383425930E31] - |A| - [29/01/2018 12:40:18] - (.Copyright(C) INCAInternet. 2000-2015 - Tachyon Firewall Core Driver.) - [159.47 Ko] - (2015.1.16.1) - C:\WINDOWS\System32\TKFW.sys [MD5.CFE400EED6D8EDDFECC42E9C2328EDD5] - |A| - [29/01/2018 12:40:18] - (.Copyright(C) INCA Internet. 2000-2013 - Tachyon Firewall Filter Driver.) - [81.01 Ko] - (2013.8.7.1) - C:\WINDOWS\System32\tkfwflt.sys [MD5.1DFA8D499BAEDD64A02BA131223E7DD2] - |A| - [29/01/2018 12:40:16] - (.-.) - [7.24 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TKFWFV.cat [MD5.A0D37811119C7077E569846409C676BE] - |A| - [29/01/2018 12:40:14] - (.-.) - [4.67 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TKFWFV.inf [MD5.FF178762663A7E5B78FE5F6E97664971] - |A| - [29/01/2018 12:40:14] - (.Copyright(C) INCA Internet. 2000-2010 - Tachyon Firewall LW Filter Driver.) - [31.09 Ko] - (2010.9.3.1) - C:\WINDOWS\System32\TKFWFV.sys [MD5.03CA1284C0D1EC9F785CC2D99ECF4A69] - |A| - [29/01/2018 12:40:16] - (.-.) - [7.25 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TKFWFV64.cat [MD5.9638CBC32E752C61BE3D2AC5F128A572] - |A| - [29/01/2018 12:40:18] - (.Copyright(C) INCA Internet. 2000-2010 - Tachyon Firewall LW Filter Driver.) - [33.59 Ko] - (2010.9.3.1) - C:\WINDOWS\System32\TKFWFV64.sys [MD5.525EF3DDAB2670DCC0CC6D4E6E21394A] - |A| - [29/01/2018 12:40:16] - (.Copyright(C) INCA Internet. 2000-2015 - Tachyon Firewall Core Driver.) - [158.91 Ko] - (2015.1.16.1) - C:\WINDOWS\System32\tkfwvt.sys [MD5.D6CCCF67168FE2902F1BB92BEAB24F82] - |A| - [29/01/2018 12:40:18] - (.Copyright(C) INCA Internet. 2000-2015 - Tachyon Firewall Core Driver.) - [181.53 Ko] - (2015.1.16.1) - C:\WINDOWS\System32\tkfwvt64.sys [MD5.4385E30F48A83DFAAF7CFDFF124B245F] - |A| - [29/01/2018 12:40:18] - (.Copyright (C) INCA Internet. 2000-2015 - Tachyon IDS Core Driver.) - [131.43 Ko] - (2015.1.16.1) - C:\WINDOWS\System32\tkids.sys [MD5.69EF28822E72CD4146864F8CBA225B41] - |A| - [29/01/2018 12:40:16] - (.Copyright (C) INCA Internet. 2000-2015 - Tachyon IDS Core Driver 2.0.) - [86.99 Ko] - (2015.1.16.1) - C:\WINDOWS\System32\TKIdsVt.sys [MD5.9E99D91709390EADB958B686EB823072] - |A| - [29/01/2018 12:40:14] - (.Copyright (C) INCA Internet. 2000-2015 - Tachyon IDS Core Driver 2.0.) - [103.11 Ko] - (2015.1.16.1) - C:\WINDOWS\System32\TKIdsVt64.sys [MD5.2D941F545E65991077270DA9BFA225D6] - |A| - [29/01/2018 12:40:20] - (.Copyright (C) INCA Internet. 2000-2013 - Tachyon Process Control Filter Driver 1.0.) - [36.26 Ko] - (2013.12.16.1) - C:\WINDOWS\System32\TKPcFtCb.sys [MD5.FCE5766FF34AEE062F3B307A5BE5DC44] - |A| - [30/01/2018 05:41:24] - (.Copyright (C) INCA Internet. 2000-2015 - Tachyon Process Control Filter Driver 1.0.) - [53.23 Ko] - (2017.4.12.1) - C:\WINDOWS\System32\TKPcFtCb64.sys [MD5.AF5D31641DAE403C782D9ECD5E157527] - |A| - [30/01/2018 05:41:24] - (.Copyright (C) INCA Internet. 2000-2015 - Tachyon Process Control Filter Driver 1.0.) - [61.79 Ko] - (2017.4.12.1) - C:\WINDOWS\System32\TKPcFtHk.sys [MD5.71252A997A8799439D573C9A12EAD4FE] - |A| - [07/03/2018 09:59:02] - (.Copyright (C) INCA Internet. 2000-2010 - Tachyon Process Control Filter Driver 1.0.) - [23.81 Ko] - (2011.9.23.1) - C:\WINDOWS\System32\TKPcFtHk64.sys [MD5.3A125B5F43E1BB43A0B0A750446CF158] - |A| - [29/01/2018 12:40:18] - (.Copyright (C) INCA Internet. 2000-2015 - Tachyon Process Control Filter Driver Management Dll 1.0.) - [324.13 Ko] - (2015.2.13.1) - C:\WINDOWS\System32\TKPcFtU64.dll [MD5.E9BD3C15003623C1550FC668541AF6F7] - |A| - [27/10/2017 06:59:28] - (.Copyright (C) INCA Internet. 2000-2015 - Tachyon Kernel Process Log Driver 1.0.) - [165.5 Ko] - (2017.10.27.1) - C:\WINDOWS\System32\tkpl2k.sys [MD5.17E01A2845C192D52A0AD0FF1FD7E529] - |A| - [27/10/2017 06:59:28] - (.Copyright (C) INCA Internet. 2000-2015 - Tachyon Kernel Process Log Driver 1.0.) - [119.59 Ko] - (2017.10.27.1) - C:\WINDOWS\System32\tkpl2k64.sys [MD5.4C75AB09DDE1124FE3FD1D2542519C3B] - |A| - [14/09/2017 07:03:52] - (.Copyright (C) INCA Internet. 2000-2013 - Tachyon Kernel Process Log Driver Management Dll 1.0.) - [84.76 Ko] - (2013.5.15.1) - C:\WINDOWS\System32\tkpl64.dll [MD5.499D1DED7AFAEAAB4F4C6791BDBA5C42] - |A| - [29/01/2018 12:40:16] - (.Copyright (C) INCA Internet. 2000-2014 - Tachyon Kernel Process Log Driver Management Dll 1.0.) - [94.59 Ko] - (2014.3.14.1) - C:\WINDOWS\System32\tkplu64.dll [MD5.D13BCBA7F36B96C18B5BF6A61F6BDBE7] - |A| - [29/01/2018 22:47:32] - (.Copyright (C) INCA Internet. 2000-2015 - Tachyon Registry Access Control Driver.) - [131.23 Ko] - (2017.4.25.1) - C:\WINDOWS\System32\TKRgAc2k.sys [MD5.03BC4F28136DF99296D0D443573D5BA8] - |A| - [29/01/2018 22:47:28] - (.Copyright (C) INCA Internet. 2000-2015 - Tachyon Registry Access Control Driver.) - [113.05 Ko] - (2017.4.25.1) - C:\WINDOWS\System32\TKRgAc2k64.sys [MD5.F0D5CD4C28628FFAFAE5A979D02CE2A4] - |A| - [14/09/2017 07:03:52] - (.Copyright (C) INCA Internet. 2000-2012 - Tachyon Registry Access Control Driver Management Dll 2.0.) - [208.81 Ko] - (2012.5.8.1) - C:\WINDOWS\System32\TKRgAc64.dll [MD5.A264D8BC894408B4450547C01997222B] - |A| - [29/01/2018 12:40:18] - (.-.) - [42.39 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TKRgAc9x.vxd [MD5.C545B6617BFB93EBEBEB817D554DF3D9] - |A| - [29/01/2018 12:40:20] - (.Copyright (C) INCA Internet. 2000-2010 - Tachyon Registry Access Control Driver.) - [93.37 Ko] - (2010.12.1.1) - C:\WINDOWS\System32\TKRgAcNt4.sys [MD5.53F003A9EFCDECF5C8F31F8703D8F29D] - |A| - [29/01/2018 12:40:16] - (.Copyright (C) INCA Internet. 2000-2014 - Tachyon Registry Access Control Driver Management Dll 2.0.) - [251.36 Ko] - (2014.6.9.1) - C:\WINDOWS\System32\TKRgAcu64.dll [MD5.6DD73BDF34F2359FEEBEEDCF3D0F0887] - |A| - [29/01/2018 22:47:32] - (.Copyright (C) INCA Internet. 2000-2015 - Tachyon Registry Filter Driver.) - [80.07 Ko] - (2015.4.15.1) - C:\WINDOWS\System32\TKRgFt2k.sys [MD5.AD194F08D1AA465951510DC7B9627DB2] - |A| - [14/09/2017 07:03:52] - (.Copyright (C) INCA Internet. 2000-2012 - Tachyon Registry Filter Driver Management Dll 1.0.) - [201.81 Ko] - (2012.5.8.1) - C:\WINDOWS\System32\TKRgFt64.dll [MD5.A7357F05E8EB20FA3536020ED0CB93C0] - |A| - [29/01/2018 12:40:16] - (.-.) - [21.82 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TKRgFt9x.vxd [MD5.82C18F65B7C574A26D92CBB610C06A90] - |A| - [29/01/2018 12:40:18] - (.Copyright (C) INCA Internet. 2000-2010 - Tachyon Registry Filter Driver.) - [49.28 Ko] - (2010.12.1.1) - C:\WINDOWS\System32\TKRgFtNt4.sys [MD5.1A0C10FA8D1906A441EDC622FB765448] - |A| - [29/01/2018 22:47:28] - (.Copyright (C) INCA Internet. 2000-2014 - Tachyon Registry Filter Driver Management Dll 1.0.) - [244.3 Ko] - (2017.4.25.1) - C:\WINDOWS\System32\TKRgFtu64.dll [MD5.A33C7BA5C22D80CA9AA046C97C2818C2] - |A| - [04/02/2018 16:49:44] - (.Copyright (C) INCA Internet. 2000-2015 - Tachyon Registry Filter Driver(XP Later).) - [94.29 Ko] - (2018.2.5.1) - C:\WINDOWS\System32\TKRgFtXp.sys [MD5.E3F72AA54D1BCF550925B4536FE0A0C3] - |A| - [04/02/2018 16:50:20] - (.Copyright (C) INCA Internet. 2000-2015 - Tachyon Registry Filter Driver(XP Later).) - [67.23 Ko] - (2018.2.5.1) - C:\WINDOWS\System32\TKRgFtXp64.sys [MD5.62361E956A05DC51A3EB36B747D2E8EA] - |A| - [29/01/2018 12:40:18] - (.Copyright (C) INCA Internet. 2000-2010 - Tachyon Self-Protection Driver 1.0.) - [100.22 Ko] - (2010.11.8.1) - C:\WINDOWS\System32\tksp2k.sys [MD5.1214502997A7880DD899CFCFA5451519] - |A| - [14/09/2017 07:03:54] - (.Copyright (C) INCA Internet. 2000-2010 - Tachyon Self-Protection Driver Management Dll 1.0.) - [76.09 Ko] - (2010.11.8.1) - C:\WINDOWS\System32\tksp64.dll [MD5.4607FB4B709A1D980389AA452D43D8DB] - |A| - [29/01/2018 12:40:18] - (.Copyright (C) INCA Internet. 2000-2010 - Tachyon Self-Protection Driver Management Dll 1.0.) - [78.09 Ko] - (2010.11.8.1) - C:\WINDOWS\System32\tkspu64.dll [MD5.4AFEB8809C9C70DCDE32D1FFAB12F7D3] - |A| - [29/01/2018 12:40:18] - (.Copyright (C) INCA Internet. 2000-2014 - Tachyon Self-Protection Driver 1.0.) - [103.88 Ko] - (2015.4.23.99) - C:\WINDOWS\System32\tkspxp.sys [MD5.152651C32949B3515A13A6D4CF08218B] - |A| - [29/01/2018 12:40:16] - (.Copyright (C) INCA Internet. 2000-2014 - Tachyon Self-Protection Driver 1.0.) - [78.93 Ko] - (2015.4.23.99) - C:\WINDOWS\System32\tkspxp64.sys [MD5.F17D9A5E726A510FFF69537DA2811701] - |A| - [29/01/2018 12:40:16] - (.Copyright (C) INCA Internet. 2000-2013 - Tachyon Tools Driver 1.0.) - [28.48 Ko] - (2013.4.17.1) - C:\WINDOWS\System32\TKTool2k.sys [MD5.B86DAC7005D2DE3AF97E194B97E49DFD] - |A| - [29/01/2018 12:40:16] - (.Copyright (C) INCA Internet. 2000-2013 - Tachyon Tools Driver 1.0.) - [31.73 Ko] - (2013.4.17.1) - C:\WINDOWS\System32\TKTool2k64.sys [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [32.5 Ko] - C:\WINDOWS\System32\tn-ZA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [397 Ko] - C:\WINDOWS\System32\tr-TR [MD5.B88B8D017386A00D7724519F475317A0] - |A| - [12/04/2018 01:34:44] - (.-.) - [10.33 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlan.xslt [MD5.2F05390B798363D51EBE65D6320CD45E] - |A| - [12/04/2018 01:34:44] - (.-.) - [1.65 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlanCredentials.xslt [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [28.5 Ko] - C:\WINDOWS\System32\tt-RU [MD5.D200497DD3A24F138123F0EB6C385D1D] - |A| - [12/04/2018 01:35:10] - (.-.) - [0.14 Ko] - (0.0.0.0) - C:\WINDOWS\System32\UevAppMonitor.exe.config [MD5.4AAEE8D86EC81DA2A1514ABC77E71F57] - |A| - [12/04/2018 01:35:10] - (.-.) - [3.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\UevCustomActionTypes.tlb [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [28 Ko] - C:\WINDOWS\System32\ug-CN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [334.5 Ko] - C:\WINDOWS\System32\uk-UA [MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 01:38:21] - [2716.43 Ko] - C:\WINDOWS\System32\UNP [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29.5 Ko] - C:\WINDOWS\System32\ur-PK [MD5.5B0D59652F66ABB715DC53C312B26BD0] - |A| - [12/04/2018 01:34:14] - (.-.) - [37 Ko] - (0.0.0.0) - C:\WINDOWS\System32\UsbPmApi.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [32 Ko] - C:\WINDOWS\System32\uz-Latn-UZ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [31.5 Ko] - C:\WINDOWS\System32\vi-VN [MD5.992506A725AA519B64827D92A4585871] - |A| - [23/04/2019 20:11:01] - (.Copyright (C) 2015-2018 - Vulkan Loader.) - [983.2 Ko] - (1.1.97.0) - C:\WINDOWS\System32\vulkan-1-999-0-0-0.dll [MD5.992506A725AA519B64827D92A4585871] - |A| - [23/04/2019 20:11:01] - (.Copyright (C) 2015-2018 - Vulkan Loader.) - [983.2 Ko] - (1.1.97.0) - C:\WINDOWS\System32\vulkan-1.dll [MD5.F6F678CA8AB9E78684BD91B468311B79] - |A| - [23/04/2019 20:11:01] - (.Copyright (C) 2015-2018 - Vulkan Info.) - [279.7 Ko] - (1.1.97.0) - C:\WINDOWS\System32\vulkaninfo-1-999-0-0-0.exe [MD5.F6F678CA8AB9E78684BD91B468311B79] - |A| - [23/04/2019 20:11:01] - (.Copyright (C) 2015-2018 - Vulkan Info.) - [279.7 Ko] - (1.1.97.0) - C:\WINDOWS\System32\vulkaninfo.exe [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [91166.92 Ko] - C:\WINDOWS\System32\wbem [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:19:20] - [0 Ko] - C:\WINDOWS\System32\WCN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [95581.67 Ko] - C:\WINDOWS\System32\WDI [MD5.6EDD021A8B6457DDE09DE7B7FA4E8C8B] - |A| - [12/04/2018 01:34:19] - (.-.) - [0.6 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WdsUnattendTemplate.xml [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [1.12 Ko] - C:\WINDOWS\System32\WinBioDatabase [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [44134.66 Ko] - C:\WINDOWS\System32\WinBioPlugIns [MD5.18EE3FF4D1F08AF296A51A083C0C4D14] - |A| - [26/11/2018 20:01:07] - (.Copyright © 2018 - Java(TM) Platform SE binary.) - [108.37 Ko] - (8.0.1910.12) - C:\WINDOWS\System32\WindowsAccessBridge-64.dll [MD5.9FB33FC28587B322B6563F73A8F0CBBD] - |A| - [12/04/2018 01:34:10] - (.-.) - [123 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WindowsDefaultHeatProcessor.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [11070.26 Ko] - C:\WINDOWS\System32\WindowsPowerShell [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [233076 Ko] - C:\WINDOWS\System32\winevt [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [5569.42 Ko] - C:\WINDOWS\System32\WinMetadata [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:19:20] - [107.53 Ko] - C:\WINDOWS\System32\winrm [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [27.5 Ko] - C:\WINDOWS\System32\wo-SN [MD5.C30C621748C66CE751B19B2788559A3E] - |A| - [12/04/2018 01:34:42] - (.-.) - [4.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpcmon.png [MD5.A853BF78DA5ED707FC4430FBEA74CC15] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpr.config.xml [MD5.DE198ABE13B6E663E60E006E17CF68B1] - |A| - [12/04/2018 01:34:06] - (.-.) - [79.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\xboxgipsynthetic.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [30 Ko] - C:\WINDOWS\System32\xh-ZA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29 Ko] - C:\WINDOWS\System32\yo-NG [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [290.49 Ko] - C:\WINDOWS\System32\zh-CN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [255 Ko] - C:\WINDOWS\System32\zh-TW [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [30 Ko] - C:\WINDOWS\System32\zu-ZA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:19:20] - [0 Ko] - C:\WINDOWS\SysWOW64\0409 [MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [12/04/2018 01:34:49] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@AudioToastIcon.png [MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [12/04/2018 01:34:48] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@EnrollmentToastIcon.png [MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [12/04/2018 01:34:59] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@VpnToastIcon.png [MD5.DB71001FC261F6685BE410527DAE3942] - |A| - [12/04/2018 01:34:49] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@WirelessDisplayToast.png [MD5.00000000000000000000000000000000] - |D| - [11/04/2018 23:04:41] - [1900.9 Ko] - C:\WINDOWS\SysWOW64\AdvancedInstallers [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29.5 Ko] - C:\WINDOWS\SysWOW64\af-ZA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [22 Ko] - C:\WINDOWS\SysWOW64\am-ET [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\AppLocker [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [326.5 Ko] - C:\WINDOWS\SysWOW64\ar-SA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [30.5 Ko] - C:\WINDOWS\SysWOW64\as-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [30 Ko] - C:\WINDOWS\SysWOW64\az-Latn-AZ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29.5 Ko] - C:\WINDOWS\SysWOW64\be-BY [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [324 Ko] - C:\WINDOWS\SysWOW64\bg-BG [MD5.200930141D240DB217EAF5284DCBB068] - |A| - [02/02/2018 22:25:53] - (.Copyright (C) 2016, BayHubTech/O2Micro. - BayHubTech/O2Micro SD/MMC Icon.) - [1248.48 Ko] - (1.0.0.5) - C:\WINDOWS\SysWOW64\bhtv5Icon.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [28.5 Ko] - C:\WINDOWS\SysWOW64\bn-BD [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29.5 Ko] - C:\WINDOWS\SysWOW64\bn-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [28.5 Ko] - C:\WINDOWS\SysWOW64\bs-Latn-BA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0.1 Ko] - C:\WINDOWS\SysWOW64\Bthprops [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [30.5 Ko] - C:\WINDOWS\SysWOW64\ca-ES [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [31 Ko] - C:\WINDOWS\SysWOW64\ca-ES-valencia [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\catroot [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [23 Ko] - C:\WINDOWS\SysWOW64\chr-CHER-US [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [320.5 Ko] - C:\WINDOWS\SysWOW64\com [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [4019.51 Ko] - C:\WINDOWS\SysWOW64\config [MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 01:38:21] - [53.11 Ko] - C:\WINDOWS\SysWOW64\Configuration [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [382 Ko] - C:\WINDOWS\SysWOW64\cs-CZ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [31.5 Ko] - C:\WINDOWS\SysWOW64\cy-GB [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [379 Ko] - C:\WINDOWS\SysWOW64\da-DK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [430.5 Ko] - C:\WINDOWS\SysWOW64\de-DE [MD5.C04ED7B2794D40E8E777FD44ED44FC50] - |A| - [12/04/2018 01:34:46] - (.-.) - [0.36 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\DefaultAccountTile.png [MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 01:38:21] - [205 Ko] - C:\WINDOWS\SysWOW64\DiagSvcs [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [7791.13 Ko] - C:\WINDOWS\SysWOW64\Dism [MD5.1E91815C329345AD54FE08BF7A98F749] - |A| - [12/04/2018 18:19:56] - (.Copyright (C) 2017 - Gracenote SDK component.) - [4073.5 Ko] - (3.10.5.5585) - C:\WINDOWS\SysWOW64\gnsdk_fp.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\GroupPolicyUsers [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29 Ko] - C:\WINDOWS\SysWOW64\gu-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29 Ko] - C:\WINDOWS\SysWOW64\ha-Latn-NG [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [309.5 Ko] - C:\WINDOWS\SysWOW64\he-IL [MD5.B4242227EAA6B910E3D0B985816DB2E7] - |A| - [12/04/2018 01:34:45] - (.-.) - [218 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\HeatCore.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29 Ko] - C:\WINDOWS\SysWOW64\hi-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [314.5 Ko] - C:\WINDOWS\SysWOW64\hr-HR [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [389.5 Ko] - C:\WINDOWS\SysWOW64\hu-HU [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [27.5 Ko] - C:\WINDOWS\SysWOW64\hy-AM [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [36.27 Ko] - C:\WINDOWS\SysWOW64\icsxml [MD5.17F5D3282D520EB2EA7C488AA6C57438] - |RA| - [12/04/2018 01:34:47] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU I18N DLL.) - [1594 Ko] - (59.1.0.0) - C:\WINDOWS\SysWOW64\icuin.dll [MD5.A456E020684366A0DB0714ABFB1B5A2A] - |RA| - [12/04/2018 01:34:47] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Common DLL.) - [1134 Ko] - (59.1.0.0) - C:\WINDOWS\SysWOW64\icuuc.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [28.5 Ko] - C:\WINDOWS\SysWOW64\id-ID [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [27 Ko] - C:\WINDOWS\SysWOW64\ig-NG [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [20757.55 Ko] - C:\WINDOWS\SysWOW64\IME [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\inetsrv [MD5.9DDE110E76DD3D7FAA7282361069528E] - |A| - [12/04/2018 01:34:47] - (.-.) - [355.66 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\InputHost.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [215.5 Ko] - C:\WINDOWS\SysWOW64\InputMethod [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [1160 Ko] - C:\WINDOWS\SysWOW64\InstallShield [MD5.AF78A632F862F0080CC3BE525D4B4091] - |A| - [21/11/2017 19:22:20] - (.Copyright © The Khronos Group Inc 2014 - OpenCL Client DLL.) - [113.98 Ko] - (2.1.0.0) - C:\WINDOWS\SysWOW64\Intel_OpenCL_ICD32.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\Ipmi [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29 Ko] - C:\WINDOWS\SysWOW64\is-IS [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [410.5 Ko] - C:\WINDOWS\SysWOW64\it-IT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [288 Ko] - C:\WINDOWS\SysWOW64\ja-JP [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [28.5 Ko] - C:\WINDOWS\SysWOW64\ka-GE [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [28.5 Ko] - C:\WINDOWS\SysWOW64\kk-KZ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [28 Ko] - C:\WINDOWS\SysWOW64\km-KH [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [31.5 Ko] - C:\WINDOWS\SysWOW64\kn-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [283.5 Ko] - C:\WINDOWS\SysWOW64\ko-KR [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29 Ko] - C:\WINDOWS\SysWOW64\kok-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29.5 Ko] - C:\WINDOWS\SysWOW64\ku-Arab-IQ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [30 Ko] - C:\WINDOWS\SysWOW64\ky-KG [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [33 Ko] - C:\WINDOWS\SysWOW64\lb-LU [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [559.86 Ko] - C:\WINDOWS\SysWOW64\Licenses [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [27 Ko] - C:\WINDOWS\SysWOW64\lo-LA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\LogFiles [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [313 Ko] - C:\WINDOWS\SysWOW64\lt-LT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [311.5 Ko] - C:\WINDOWS\SysWOW64\lv-LV [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [44947.69 Ko] - C:\WINDOWS\SysWOW64\Macromed [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [32.68 Ko] - C:\WINDOWS\SysWOW64\MailContactsCalendarSync [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29 Ko] - C:\WINDOWS\SysWOW64\mi-NZ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [2984.42 Ko] - C:\WINDOWS\SysWOW64\migration [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [827.4 Ko] - C:\WINDOWS\SysWOW64\migwiz [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [30 Ko] - C:\WINDOWS\SysWOW64\mk-MK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [32.5 Ko] - C:\WINDOWS\SysWOW64\ml-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [30.5 Ko] - C:\WINDOWS\SysWOW64\mn-MN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29.5 Ko] - C:\WINDOWS\SysWOW64\mr-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [30 Ko] - C:\WINDOWS\SysWOW64\ms-MY [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [45.5 Ko] - C:\WINDOWS\SysWOW64\MSDRM [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [52.28 Ko] - C:\WINDOWS\SysWOW64\Msdtc [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [31 Ko] - C:\WINDOWS\SysWOW64\mt-MT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [19.15 Ko] - C:\WINDOWS\SysWOW64\MUI [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [374 Ko] - C:\WINDOWS\SysWOW64\nb-NO [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\NDF [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [31.5 Ko] - C:\WINDOWS\SysWOW64\ne-NP [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [51 Ko] - C:\WINDOWS\SysWOW64\networklist [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [400.5 Ko] - C:\WINDOWS\SysWOW64\nl-NL [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [28.5 Ko] - C:\WINDOWS\SysWOW64\nn-NO [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [30.5 Ko] - C:\WINDOWS\SysWOW64\nso-ZA [MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 01:38:21] - [3781.5 Ko] - C:\WINDOWS\SysWOW64\Nui [MD5.FBEE9A370EE5B36635CAB9DCAAFEE9C0] - |A| - [23/04/2019 20:11:01] - (.-.) - [529.2 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\nvofapi.dll [MD5.B3B9C8925432FDA674ACCA908FE3CFDE] - |A| - [12/04/2018 01:34:02] - (.-.) - [36.79 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\OneDrive.ico [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [685.69 Ko] - C:\WINDOWS\SysWOW64\oobe [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [32.5 Ko] - C:\WINDOWS\SysWOW64\or-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [28.5 Ko] - C:\WINDOWS\SysWOW64\pa-Arab-PK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [30 Ko] - C:\WINDOWS\SysWOW64\pa-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [397.5 Ko] - C:\WINDOWS\SysWOW64\pl-PL [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:19:21] - [420.74 Ko] - C:\WINDOWS\SysWOW64\Printing_Admin_Scripts [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [30.5 Ko] - C:\WINDOWS\SysWOW64\prs-AF [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [400.5 Ko] - C:\WINDOWS\SysWOW64\pt-BR [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [395.5 Ko] - C:\WINDOWS\SysWOW64\pt-PT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [32.5 Ko] - C:\WINDOWS\SysWOW64\quc-Latn-GT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [30.5 Ko] - C:\WINDOWS\SysWOW64\quz-PE [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [23.75 Ko] - C:\WINDOWS\SysWOW64\ras [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\RasToast [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0.82 Ko] - C:\WINDOWS\SysWOW64\Recovery [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\restore [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [321 Ko] - C:\WINDOWS\SysWOW64\ro-RO [MD5.2E00E08420875FAE0B173C6A34C2A575] - |A| - [12/06/2018 21:27:03] - (.-.) - [18.28 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\srms-apr.dat [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\sru [MD5.DC2DB04CA829CAD7910CE71263F68C90] - |A| - [12/04/2018 01:34:45] - (.-.) - [321.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\ssdm.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [381.5 Ko] - C:\WINDOWS\SysWOW64\sv-SE [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29 Ko] - C:\WINDOWS\SysWOW64\sw-KE [MD5.648699367E9C5752DCD5382EB250B927] - |A| - [29/01/2018 07:22:12] - (.Copyright (C) Synaptics Incorporated 1996-2018 - SynCOM.) - [429.16 Ko] - (19.4.18.30) - C:\WINDOWS\SysWOW64\SynCom.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:19:21] - [0 Ko] - C:\WINDOWS\SysWOW64\sysprep [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [34 Ko] - C:\WINDOWS\SysWOW64\ta-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\Tasks [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [30 Ko] - C:\WINDOWS\SysWOW64\te-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [32 Ko] - C:\WINDOWS\SysWOW64\tg-Cyrl-TJ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [289.5 Ko] - C:\WINDOWS\SysWOW64\th-TH [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [22.5 Ko] - C:\WINDOWS\SysWOW64\ti-ET [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [27.5 Ko] - C:\WINDOWS\SysWOW64\tk-TM [MD5.0D2DA91DC6EAD6CD57DF9F5B0E347B85] - |A| - [29/01/2018 12:40:08] - (.Copyright (C) INCA Internet. 2000-2012 - tkfwflt.dll.) - [224.31 Ko] - (2012.1.9.1) - C:\WINDOWS\SysWOW64\tkfwfltU.dll [MD5.11D68A84FE7E9461108001FA303C74EB] - |A| - [29/01/2018 12:40:10] - (.Copyright (C) INCA Internet. 2000-2014 - TKFW.dll.) - [236.13 Ko] - (2015.7.23.1) - C:\WINDOWS\SysWOW64\TKFWU.dll [MD5.2805AD9279163935BA327F8552CAF479] - |A| - [29/01/2018 12:40:10] - (.Copyright (C) INCA Internet. 2000-2012 - tkidsx.dll.) - [324.31 Ko] - (2012.1.9.1) - C:\WINDOWS\SysWOW64\tkidsxU.dll [MD5.B57E61843319B30B464C0C758FF7C4AC] - |A| - [29/01/2018 12:40:10] - (.Copyright (C) INCA Internet. 2000-2010 - tknetcfg Application.) - [122.59 Ko] - (2010.5.13.1) - C:\WINDOWS\SysWOW64\tknetcfg.exe [MD5.B8D4B9759145BF4809427D5A430015D5] - |A| - [29/01/2018 12:40:10] - (.Copyright (C) INCA Internet. 2000-2010 - tknetcfg Application.) - [128.59 Ko] - (2010.5.13.1) - C:\WINDOWS\SysWOW64\tknetcfg64.exe [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [32.5 Ko] - C:\WINDOWS\SysWOW64\tn-ZA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [372.5 Ko] - C:\WINDOWS\SysWOW64\tr-TR [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [28.5 Ko] - C:\WINDOWS\SysWOW64\tt-RU [MD5.01E96A85B337B702AE2BC7F838AE7B65] - |A| - [12/04/2018 01:35:13] - (.-.) - [3.34 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\UevCustomActionTypes.tlb [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [28 Ko] - C:\WINDOWS\SysWOW64\ug-CN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [314 Ko] - C:\WINDOWS\SysWOW64\uk-UA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29.5 Ko] - C:\WINDOWS\SysWOW64\ur-PK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [32 Ko] - C:\WINDOWS\SysWOW64\uz-Latn-UZ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [31.5 Ko] - C:\WINDOWS\SysWOW64\vi-VN [MD5.15D2B42B2348686B01B751B29E7CCE1F] - |A| - [12/04/2018 01:35:13] - (.-.) - [33.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\vmstaging.dll [MD5.C7713A708D52733F9F1BEAA462836842] - |A| - [23/04/2019 20:11:01] - (.Copyright (C) 2015-2018 - Vulkan Loader.) - [849.7 Ko] - (1.1.97.0) - C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll [MD5.C7713A708D52733F9F1BEAA462836842] - |A| - [23/04/2019 20:11:01] - (.Copyright (C) 2015-2018 - Vulkan Loader.) - [849.7 Ko] - (1.1.97.0) - C:\WINDOWS\SysWOW64\vulkan-1.dll [MD5.88B35ED68E9335D8126AD02285071AA3] - |A| - [23/04/2019 20:11:01] - (.Copyright (C) 2015-2018 - Vulkan Info.) - [254.2 Ko] - (1.1.97.0) - C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe [MD5.88B35ED68E9335D8126AD02285071AA3] - |A| - [23/04/2019 20:11:01] - (.Copyright (C) 2015-2018 - Vulkan Info.) - [254.2 Ko] - (1.1.97.0) - C:\WINDOWS\SysWOW64\vulkaninfo.exe [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [17270.82 Ko] - C:\WINDOWS\SysWOW64\wbem [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:19:21] - [0 Ko] - C:\WINDOWS\SysWOW64\WCN [MD5.F8A04B2ADF9693ADF0D70B966CA4498E] - |A| - [12/04/2018 01:34:45] - (.-.) - [109 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\WindowsDefaultHeatProcessor.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [10274.95 Ko] - C:\WINDOWS\SysWOW64\WindowsPowerShell [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [5569.41 Ko] - C:\WINDOWS\SysWOW64\WinMetadata [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:19:21] - [107.53 Ko] - C:\WINDOWS\SysWOW64\winrm [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [27.5 Ko] - C:\WINDOWS\SysWOW64\wo-SN [MD5.62236256C14EBAB96F24E4F1D7049CA8] - |A| - [12/04/2018 01:34:45] - (.-.) - [54.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\xboxgipsynthetic.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [30 Ko] - C:\WINDOWS\SysWOW64\xh-ZA [MD5.00000000000000000000000000000000] - |D| - [19/05/2018 12:40:48] - [10.16 Ko] - C:\WINDOWS\SysWOW64\XPSViewer [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [29.5 Ko] - C:\WINDOWS\SysWOW64\yo-NG [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [245.5 Ko] - C:\WINDOWS\SysWOW64\zh-CN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [240.5 Ko] - C:\WINDOWS\SysWOW64\zh-TW [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:27] - [30 Ko] - C:\WINDOWS\SysWOW64\zu-ZA ---------- | [Administrateur] [28/08/2019 02:01:01] - |RD| - [298] - C:\Users\Administrateur\3D Objects [28/08/2019 02:01:23] - |D| - [0] - C:\Users\Administrateur\ansel [28/08/2019 02:00:59] - |HD| - [322506344] - C:\Users\Administrateur\AppData [28/08/2019 02:00:59] - |SHD| - [0] - C:\Users\Administrateur\Application Data [28/08/2019 02:01:01] - |RD| - [412] - C:\Users\Administrateur\Contacts [28/08/2019 02:00:59] - |SHD| - [0] - C:\Users\Administrateur\Cookies [28/08/2019 02:00:59] - |RD| - [1699] - C:\Users\Administrateur\Desktop [28/08/2019 02:00:59] - |RD| - [402] - C:\Users\Administrateur\Documents [28/08/2019 02:00:59] - |RD| - [282] - C:\Users\Administrateur\Downloads [28/08/2019 02:00:59] - |RD| - [690] - C:\Users\Administrateur\Favorites [28/08/2019 02:01:00] - |SHD| - [25308] - C:\Users\Administrateur\IntelGraphicsProfiles [28/08/2019 02:00:59] - |RD| - [2015] - C:\Users\Administrateur\Links [28/08/2019 02:00:59] - |SHD| - [0] - C:\Users\Administrateur\Local Settings [28/08/2019 02:00:59] - |SHD| - [0] - C:\Users\Administrateur\Menu Démarrer [28/08/2019 02:00:59] - |SHD| - [0] - C:\Users\Administrateur\Mes documents [28/08/2019 02:01:37] - |HD| - [2634315] - C:\Users\Administrateur\MicrosoftEdgeBackups [28/08/2019 02:00:59] - |SHD| - [0] - C:\Users\Administrateur\Modèles [28/08/2019 02:00:59] - |RD| - [504] - C:\Users\Administrateur\Music [28/08/2019 02:00:59] - |AH| - [1310720] - C:\Users\Administrateur\NTUSER.DAT [28/08/2019 02:00:59] - |ASH| - [118784] - C:\Users\Administrateur\ntuser.dat.LOG1 [28/08/2019 02:00:59] - |ASH| - [262144] - C:\Users\Administrateur\ntuser.dat.LOG2 [28/08/2019 02:00:59] - |ASH| - [65536] - C:\Users\Administrateur\NTUSER.DAT{b6f7cd94-5b51-11e8-9c14-54e1adf378e5}.TM.blf [28/08/2019 02:00:59] - |ASH| - [524288] - C:\Users\Administrateur\NTUSER.DAT{b6f7cd94-5b51-11e8-9c14-54e1adf378e5}.TMContainer00000000000000000001.regtrans-ms [28/08/2019 02:00:59] - |ASH| - [524288] - C:\Users\Administrateur\NTUSER.DAT{b6f7cd94-5b51-11e8-9c14-54e1adf378e5}.TMContainer00000000000000000002.regtrans-ms [28/08/2019 02:00:59] - |ASH| - [20] - C:\Users\Administrateur\ntuser.ini [28/08/2019 02:00:59] - |RASH| - [290] - C:\Users\Administrateur\ntuser.pol [28/08/2019 02:02:16] - |RD| - [105] - C:\Users\Administrateur\OneDrive [28/08/2019 02:00:59] - |RD| - [884] - C:\Users\Administrateur\Pictures [28/08/2019 02:00:59] - |SHD| - [0] - C:\Users\Administrateur\Recent [28/08/2019 02:00:59] - |RD| - [282] - C:\Users\Administrateur\Saved Games [28/08/2019 02:01:01] - |RD| - [1872] - C:\Users\Administrateur\Searches [28/08/2019 02:00:59] - |SHD| - [0] - C:\Users\Administrateur\SendTo [28/08/2019 02:00:59] - |RD| - [504] - C:\Users\Administrateur\Videos [28/08/2019 02:00:59] - |SHD| - [0] - C:\Users\Administrateur\Voisinage d'impression [28/08/2019 02:00:59] - |SHD| - [0] - C:\Users\Administrateur\Voisinage réseau [28/08/2019 02:00:59] - |D| - [322225127] - C:\Users\Administrateur\AppData\Local [28/08/2019 02:00:59] - |D| - [7487] - C:\Users\Administrateur\AppData\LocalLow [28/08/2019 02:00:59] - |D| - [273730] - C:\Users\Administrateur\AppData\Roaming [28/08/2019 02:00:59] - |SHD| - [0] - C:\Users\Administrateur\AppData\Local\Application Data [28/08/2019 02:02:00] - |D| - [0] - C:\Users\Administrateur\AppData\Local\CEF [28/08/2019 02:16:41] - |D| - [18898948] - C:\Users\Administrateur\AppData\Local\Comms [28/08/2019 02:01:00] - |D| - [1083499] - C:\Users\Administrateur\AppData\Local\ConnectedDevicesPlatform [28/08/2019 02:00:59] - |SHD| - [0] - C:\Users\Administrateur\AppData\Local\Historique [28/08/2019 02:38:18] - |AH| - [10858] - C:\Users\Administrateur\AppData\Local\IconCache.db [28/08/2019 02:00:59] - |D| - [194509525] - C:\Users\Administrateur\AppData\Local\Microsoft [28/08/2019 02:01:30] - |D| - [0] - C:\Users\Administrateur\AppData\Local\MicrosoftEdge [28/08/2019 02:01:00] - |D| - [155697] - C:\Users\Administrateur\AppData\Local\NVIDIA [28/08/2019 02:01:02] - |D| - [16195263] - C:\Users\Administrateur\AppData\Local\NVIDIA Corporation [28/08/2019 02:01:01] - |D| - [56809847] - C:\Users\Administrateur\AppData\Local\Packages [28/08/2019 02:02:19] - |D| - [0] - C:\Users\Administrateur\AppData\Local\PlaceholderTileLogoFolder [28/08/2019 02:01:06] - |D| - [0] - C:\Users\Administrateur\AppData\Local\Publishers [28/08/2019 02:00:59] - |D| - [34561490] - C:\Users\Administrateur\AppData\Local\Temp [28/08/2019 02:00:59] - |SHD| - [0] - C:\Users\Administrateur\AppData\Local\Temporary Internet Files [28/08/2019 02:01:19] - |SD| - [7487] - C:\Users\Administrateur\AppData\LocalLow\Microsoft [28/08/2019 02:01:01] - |D| - [0] - C:\Users\Administrateur\AppData\Roaming\Adobe [28/08/2019 02:00:59] - |SD| - [273730] - C:\Users\Administrateur\AppData\Roaming\Microsoft [28/08/2019 02:01:01] - |SH| - [174] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini [28/08/2019 02:00:59] - |SHD| - [0] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes [28/08/2019 02:00:59] - |RD| - [21273] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [28/08/2019 02:00:59] - |RD| - [3888] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility [28/08/2019 02:00:59] - |RD| - [2925] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [28/08/2019 02:01:02] - |RD| - [174] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [28/08/2019 02:00:59] - |SH| - [264] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini [28/08/2019 02:00:59] - |D| - [170] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [28/08/2019 02:00:59] - |A| - [2428] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk [28/08/2019 02:01:02] - |RD| - [174] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [28/08/2019 02:00:59] - |RD| - [3496] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools [28/08/2019 02:00:59] - |RD| - [7754] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell [28/08/2019 02:01:02] - |SH| - [174] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | [overd] [12/02/2019 12:54:13] - |D| - [0] - C:\Users\overd\.Origin [12/02/2019 12:54:14] - |D| - [0] - C:\Users\overd\.QtWebEngineProcess [02/02/2018 21:07:25] - |RD| - [298] - C:\Users\overd\3D Objects [20/03/2018 20:08:13] - |D| - [0] - C:\Users\overd\ansel [19/05/2018 11:48:34] - |HDC| - [51781354942] - C:\Users\overd\AppData [19/05/2018 11:48:34] - |SHD| - [2839127330] - C:\Users\overd\Application Data [02/02/2018 21:07:25] - |RD| - [412] - C:\Users\overd\Contacts [19/05/2018 11:48:34] - |SHD| - [91] - C:\Users\overd\Cookies [21/08/2018 23:03:57] - |D| - [0] - C:\Users\overd\Creative Cloud Files [02/02/2018 21:05:01] - |RDC| - [16141573] - C:\Users\overd\Desktop [02/02/2018 21:05:01] - |RDC| - [578381450] - C:\Users\overd\Documents [02/02/2018 21:05:01] - |RD| - [35509621] - C:\Users\overd\Downloads [02/02/2018 21:05:01] - |RD| - [690] - C:\Users\overd\Favorites [02/02/2018 21:24:26] - |SHD| - [25308] - C:\Users\overd\IntelGraphicsProfiles [02/02/2018 21:05:01] - |RD| - [3278] - C:\Users\overd\Links [19/05/2018 11:48:34] - |SHD| - [47828994739] - C:\Users\overd\Local Settings [19/05/2018 11:48:34] - |SHD| - [87207] - C:\Users\overd\Menu Démarrer [19/05/2018 11:48:34] - |SHD| - [578381450] - C:\Users\overd\Mes documents [02/02/2018 21:47:54] - |HD| - [3682377] - C:\Users\overd\MicrosoftEdgeBackups [19/05/2018 11:48:34] - |SHD| - [0] - C:\Users\overd\Modèles [02/02/2018 21:05:01] - |RD| - [54120] - C:\Users\overd\Music [19/05/2018 11:48:34] - |AH| - [4718592] - C:\Users\overd\NTUSER.DAT [19/05/2018 11:48:34] - |ASH| - [1224704] - C:\Users\overd\ntuser.dat.LOG1 [19/05/2018 11:48:34] - |ASH| - [0] - C:\Users\overd\ntuser.dat.LOG2 [19/05/2018 11:48:34] - |ASH| - [65536] - C:\Users\overd\NTUSER.DAT{b6f7cd94-5b51-11e8-9c14-54e1adf378e5}.TM.blf [19/05/2018 11:48:34] - |ASH| - [524288] - C:\Users\overd\NTUSER.DAT{b6f7cd94-5b51-11e8-9c14-54e1adf378e5}.TMContainer00000000000000000001.regtrans-ms [19/05/2018 11:48:34] - |ASH| - [524288] - C:\Users\overd\NTUSER.DAT{b6f7cd94-5b51-11e8-9c14-54e1adf378e5}.TMContainer00000000000000000002.regtrans-ms [19/05/2018 11:51:48] - |SH| - [20] - C:\Users\overd\ntuser.ini [03/07/2019 22:31:46] - |RASH| - [290] - C:\Users\overd\ntuser.pol [02/02/2018 21:09:02] - |RD| - [1067376] - C:\Users\overd\OneDrive [02/02/2018 21:05:01] - |RD| - [155371006] - C:\Users\overd\Pictures [19/05/2018 11:48:34] - |SHD| - [584456] - C:\Users\overd\Recent [02/02/2018 21:05:01] - |RD| - [315456912] - C:\Users\overd\Saved Games [02/02/2018 21:07:25] - |RD| - [1875] - C:\Users\overd\Searches [19/05/2018 11:48:34] - |SHD| - [5508] - C:\Users\overd\SendTo [02/02/2018 21:05:01] - |RD| - [1464] - C:\Users\overd\Videos [19/05/2018 11:48:34] - |SHD| - [0] - C:\Users\overd\Voisinage d'impression [19/05/2018 11:48:34] - |SHD| - [0] - C:\Users\overd\Voisinage réseau [19/05/2018 11:48:34] - |DC| - [48936672127] - C:\Users\overd\AppData\Local [02/02/2018 21:05:01] - |DC| - [5335194] - C:\Users\overd\AppData\LocalLow [06/06/2018 22:59:50] - |AC| - [220291] - C:\Users\overd\AppData\Localtransition_7f4aafd08e00891616584009c7052448.ini [19/05/2018 11:48:34] - |DC| - [2839127330] - C:\Users\overd\AppData\Roaming [20/02/2018 23:24:34] - |DC| - [22104099] - C:\Users\overd\AppData\Local\Adobe [06/06/2018 22:59:49] - |DC| - [3855339] - C:\Users\overd\AppData\Local\Ankama [27/11/2018 19:54:35] - |DC| - [0] - C:\Users\overd\AppData\Local\Apple [27/11/2018 19:55:08] - |DC| - [1024495] - C:\Users\overd\AppData\Local\Apple Computer [19/05/2018 11:48:34] - |SHD| - [44511084166] - C:\Users\overd\AppData\Local\Application Data [27/08/2019 15:51:41] - |DC| - [412976] - C:\Users\overd\AppData\Local\Archon [30/06/2018 00:58:03] - |DC| - [1] - C:\Users\overd\AppData\Local\BattlEye [02/02/2018 22:33:07] - |DC| - [4693338] - C:\Users\overd\AppData\Local\CEF [02/02/2018 21:23:49] - |DC| - [76669666] - C:\Users\overd\AppData\Local\Comms [02/02/2018 21:07:24] - |DC| - [1655962] - C:\Users\overd\AppData\Local\ConnectedDevicesPlatform [11/03/2018 22:09:35] - |DC| - [30608569] - C:\Users\overd\AppData\Local\CrashDumps [06/02/2018 21:20:05] - |DC| - [142433] - C:\Users\overd\AppData\Local\CrashReportClient [22/11/2018 19:40:31] - |DC| - [0] - C:\Users\overd\AppData\Local\CrashRpt [19/05/2018 13:35:16] - |DC| - [479868] - C:\Users\overd\AppData\Local\D3DSCache [03/02/2018 01:19:32] - |DC| - [0] - C:\Users\overd\AppData\Local\DBG [08/02/2018 19:11:22] - |DC| - [67299] - C:\Users\overd\AppData\Local\Diagnostics [13/01/2019 18:19:37] - |DC| - [331306138] - C:\Users\overd\AppData\Local\Discord [22/08/2018 14:04:37] - |DC| - [381541336] - C:\Users\overd\AppData\Local\Downloaded Installations [28/08/2019 02:40:33] - |DC| - [130702] - C:\Users\overd\AppData\Local\ElevatedDiagnostics [04/07/2019 21:31:16] - |DC| - [114448889] - C:\Users\overd\AppData\Local\EpicGamesLauncher [14/05/2018 21:10:24] - |DC| - [427784869] - C:\Users\overd\AppData\Local\FortniteGame [03/02/2018 01:30:14] - |DC| - [601972487] - C:\Users\overd\AppData\Local\Google [01/09/2019 22:45:59] - |DC| - [21593] - C:\Users\overd\AppData\Local\Greenshot [17/03/2018 21:36:20] - |DC| - [295] - C:\Users\overd\AppData\Local\HirezLauncherUI [19/05/2018 11:48:34] - |SHD| - [130] - C:\Users\overd\AppData\Local\Historique [29/08/2019 02:29:14] - |AHC| - [89165] - C:\Users\overd\AppData\Local\IconCache.db [14/05/2018 19:11:37] - |DC| - [26394416] - C:\Users\overd\AppData\Local\LenovoServiceBridge [22/08/2018 14:21:26] - |DC| - [0] - C:\Users\overd\AppData\Local\LooksBuilder [04/07/2019 19:58:11] - |DC| - [776360] - C:\Users\overd\AppData\Local\mbam [04/07/2019 19:57:51] - |DC| - [235676] - C:\Users\overd\AppData\Local\mbamtray [19/05/2018 11:48:34] - |DC| - [195454487] - C:\Users\overd\AppData\Local\Microsoft [02/02/2018 21:45:26] - |DC| - [70882] - C:\Users\overd\AppData\Local\MicrosoftEdge [02/02/2018 21:50:27] - |DC| - [1090902568] - C:\Users\overd\AppData\Local\Mozilla [20/02/2018 23:25:00] - |DC| - [185885129] - C:\Users\overd\AppData\Local\NVIDIA [03/02/2018 00:55:49] - |DC| - [185691584] - C:\Users\overd\AppData\Local\NVIDIA Corporation [04/07/2019 00:02:18] - |AC| - [0] - C:\Users\overd\AppData\Local\oobelibMkey.log [12/02/2019 12:54:08] - |DC| - [121162551] - C:\Users\overd\AppData\Local\Origin [02/02/2018 21:07:25] - |DC| - [538130157] - C:\Users\overd\AppData\Local\Packages [19/05/2018 11:51:58] - |DC| - [0] - C:\Users\overd\AppData\Local\PackageStaging [02/02/2018 22:02:47] - |DC| - [0] - C:\Users\overd\AppData\Local\PeerDistRepub [02/02/2018 21:29:48] - |DC| - [2495] - C:\Users\overd\AppData\Local\PlaceholderTileLogoFolder [17/03/2018 01:26:35] - |DC| - [4293274] - C:\Users\overd\AppData\Local\PokerStars.FR [02/02/2018 22:19:22] - |DC| - [8673829] - C:\Users\overd\AppData\Local\Programs [02/02/2018 21:07:28] - |DC| - [853066] - C:\Users\overd\AppData\Local\Publishers [15/03/2018 20:00:19] - |DC| - [0] - C:\Users\overd\AppData\Local\SCE [28/07/2018 02:45:40] - |DC| - [2820] - C:\Users\overd\AppData\Local\speech [01/11/2018 16:47:00] - |DC| - [0] - C:\Users\overd\AppData\Local\Speech Graphics [28/05/2018 18:41:53] - |DC| - [33361] - C:\Users\overd\AppData\Local\SquirrelTemp [02/02/2018 22:33:07] - |DC| - [52155664] - C:\Users\overd\AppData\Local\Steam [02/02/2018 22:44:38] - |DC| - [44] - C:\Users\overd\AppData\Local\TeamSpeak 3 Client [26/08/2019 19:29:16] - |DC| - [15441375] - C:\Users\overd\AppData\Local\Temp [19/05/2018 11:48:34] - |SHD| - [61099] - C:\Users\overd\AppData\Local\Temporary Internet Files [03/02/2018 00:49:53] - |DC| - [4492] - C:\Users\overd\AppData\Local\Ubisoft Game Launcher [02/02/2018 23:26:51] - |DC| - [530] - C:\Users\overd\AppData\Local\UnrealEngine [03/02/2018 13:29:31] - |DC| - [500] - C:\Users\overd\AppData\Local\UnrealEngineLauncher [02/02/2018 21:07:25] - |DC| - [889] - C:\Users\overd\AppData\Local\VirtualStore [26/08/2019 18:47:22] - |DC| - [351064] - C:\Users\overd\AppData\Local\ZHP [27/08/2019 02:13:38] - |DC| - [2824178] - C:\Users\overd\AppData\LocalLow\8floor [26/08/2019 20:58:54] - |DC| - [0] - C:\Users\overd\AppData\LocalLow\Adobe [02/02/2018 22:19:52] - |DC| - [177] - C:\Users\overd\AppData\LocalLow\IObit [02/02/2018 21:05:33] - |SDC| - [2510135] - C:\Users\overd\AppData\LocalLow\Microsoft [02/02/2018 21:50:28] - |DC| - [0] - C:\Users\overd\AppData\LocalLow\Mozilla [26/11/2018 20:01:10] - |DC| - [704] - C:\Users\overd\AppData\LocalLow\Sun [27/08/2019 16:30:44] - |DC| - [0] - C:\Users\overd\AppData\LocalLow\Unity [02/02/2018 21:07:25] - |DC| - [2379677326] - C:\Users\overd\AppData\Roaming\Adobe [30/12/2018 17:32:43] - |SHDC| - [0] - C:\Users\overd\AppData\Roaming\amd64_netfx-aspnetmmcext_b03f5f7f11d50a3a_6.1.7600.16385_none_bfba567785514114 [06/06/2018 23:53:53] - |DC| - [1005] - C:\Users\overd\AppData\Roaming\AnkamaCertificates [08/12/2018 00:10:02] - |DC| - [0] - C:\Users\overd\AppData\Roaming\ByClick [06/06/2018 23:52:57] - |AC| - [113] - C:\Users\overd\AppData\Roaming\D2Info0 [23/07/2018 19:06:01] - |DC| - [2118] - C:\Users\overd\AppData\Roaming\Daichi [13/01/2019 18:19:48] - |DC| - [156320379] - C:\Users\overd\AppData\Roaming\discord [06/06/2018 23:52:57] - |DC| - [10786148] - C:\Users\overd\AppData\Roaming\Dofus [07/06/2018 12:16:29] - |DC| - [75] - C:\Users\overd\AppData\Roaming\Dofus-2 [12/06/2018 16:20:34] - |DC| - [75] - C:\Users\overd\AppData\Roaming\Dofus-3 [06/06/2018 23:52:57] - |AC| - [8] - C:\Users\overd\AppData\Roaming\DofusAppId0_1 [07/06/2018 12:16:29] - |AC| - [8] - C:\Users\overd\AppData\Roaming\DofusAppId0_2 [12/06/2018 16:20:34] - |AC| - [8] - C:\Users\overd\AppData\Roaming\DofusAppId0_3 [10/03/2018 00:41:17] - |DC| - [7237580] - C:\Users\overd\AppData\Roaming\EasyAntiCheat [04/07/2019 14:38:46] - |DC| - [0] - C:\Users\overd\AppData\Roaming\Google [01/09/2019 22:45:59] - |DC| - [12999] - C:\Users\overd\AppData\Roaming\Greenshot [27/11/2018 19:37:22] - |DC| - [4096] - C:\Users\overd\AppData\Roaming\HYXDevPsnList [23/07/2018 17:31:31] - |DC| - [2752370] - C:\Users\overd\AppData\Roaming\Image-Line [18/04/2019 18:03:23] - |DC| - [1709156] - C:\Users\overd\AppData\Roaming\LibreOffice [06/06/2018 23:52:57] - |DC| - [2440] - C:\Users\overd\AppData\Roaming\Macromedia [19/05/2018 11:48:34] - |SDC| - [1426048] - C:\Users\overd\AppData\Roaming\Microsoft [02/02/2018 21:50:27] - |DC| - [58986935] - C:\Users\overd\AppData\Roaming\Mozilla [03/02/2018 12:34:04] - |DC| - [130802428] - C:\Users\overd\AppData\Roaming\NVIDIA [12/02/2019 12:54:12] - |DC| - [5697] - C:\Users\overd\AppData\Roaming\Origin [02/03/2019 15:14:01] - |DC| - [271414] - C:\Users\overd\AppData\Roaming\Red Giant Link [06/06/2018 23:52:58] - |DC| - [5352] - C:\Users\overd\AppData\Roaming\Reg [26/11/2018 20:01:10] - |DC| - [0] - C:\Users\overd\AppData\Roaming\Sun [05/02/2018 20:54:30] - |DC| - [66421221] - C:\Users\overd\AppData\Roaming\TS3Client [23/07/2018 18:02:43] - |DC| - [1031741] - C:\Users\overd\AppData\Roaming\WinRAR [08/12/2018 00:10:44] - |DC| - [5218] - C:\Users\overd\AppData\Roaming\YouTubeByClick [26/08/2019 18:47:22] - |DC| - [21660019] - C:\Users\overd\AppData\Roaming\ZHP [09/03/2019 13:47:04] - |DC| - [5353] - C:\Users\overd\AppData\Roaming\[Worker].null [02/02/2018 21:07:25] - |ASHC| - [174] - C:\Users\overd\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini [06/06/2018 22:59:49] - |AC| - [985] - C:\Users\overd\AppData\Roaming\Microsoft\Windows\Start Menu\Dofus.lnk [19/05/2018 11:48:34] - |SHD| - [43024] - C:\Users\overd\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes [02/02/2018 21:05:01] - |RDC| - [43024] - C:\Users\overd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [19/05/2018 11:48:34] - |RDC| - [3888] - C:\Users\overd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility [19/05/2018 11:48:34] - |RDC| - [2925] - C:\Users\overd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [02/02/2018 21:07:25] - |RDC| - [174] - C:\Users\overd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [23/07/2018 17:32:15] - |DC| - [2499] - C:\Users\overd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2 [19/05/2018 11:48:34] - |ASHC| - [264] - C:\Users\overd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini [28/05/2018 18:42:00] - |DC| - [2247] - C:\Users\overd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc [23/07/2018 17:31:24] - |DC| - [2044] - C:\Users\overd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line [01/11/2018 16:04:17] - |DC| - [2191] - C:\Users\overd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KULT-ULTIMATE [06/03/2018 18:19:13] - |DC| - [4968] - C:\Users\overd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo [19/05/2018 11:48:34] - |DC| - [170] - C:\Users\overd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [19/11/2018 19:51:00] - |DC| - [239] - C:\Users\overd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My.com Games [19/05/2018 11:48:34] - |AC| - [1105] - C:\Users\overd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk [17/03/2018 00:36:19] - |DC| - [2822] - C:\Users\overd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStars.FR [02/02/2018 21:07:25] - |RDC| - [174] - C:\Users\overd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [19/05/2018 11:48:34] - |RDC| - [3496] - C:\Users\overd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools [03/02/2018 00:49:53] - |DC| - [2701] - C:\Users\overd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft [19/05/2018 11:48:34] - |RDC| - [7754] - C:\Users\overd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell [23/07/2018 18:02:26] - |DC| - [3363] - C:\Users\overd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [02/02/2018 21:07:25] - |ASHC| - [174] - C:\Users\overd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | [Public] [02/02/2018 21:07:25] - |RHD| - [196] - C:\Users\Public\AccountPictures [03/02/2018 00:58:51] - |AHD| - [0] - C:\Users\Public\AppData [29/09/2017 15:46:33] - |RHD| - [7993] - C:\Users\Public\Desktop [12/04/2018 01:38:24] - |ASH| - [174] - C:\Users\Public\desktop.ini [29/09/2017 15:46:33] - |RD| - [200454039] - C:\Users\Public\Documents [29/09/2017 15:46:33] - |RD| - [174] - C:\Users\Public\Downloads [12/04/2018 01:38:20] - |SHD| - [1374] - C:\Users\Public\Libraries [03/02/2018 00:58:51] - |A| - [240] - C:\Users\Public\Libraries.ini [29/09/2017 15:46:33] - |RD| - [380] - C:\Users\Public\Music [29/09/2017 15:46:33] - |RD| - [380] - C:\Users\Public\Pictures [12/07/2018 14:56:44] - |AHD| - [0] - C:\Users\Public\Shared Files [29/09/2017 15:46:33] - |RD| - [380] - C:\Users\Public\Videos ---------- | C:\ProgramData [20/02/2018 23:24:40] - |D| - [840449196] - C:\ProgramData\Adobe [27/11/2018 19:53:59] - |D| - [257] - C:\ProgramData\Apple [27/11/2018 19:54:48] - |D| - [555] - C:\ProgramData\Apple Computer [19/05/2018 11:51:37] - |SHD| - [50591283457] - C:\ProgramData\Application Data [05/06/2018 13:52:08] - |D| - [7855456] - C:\ProgramData\AVAST Software [03/02/2018 04:00:59] - |SHD| - [7993] - C:\ProgramData\Bureau [12/04/2018 22:17:06] - |HD| - [32360511] - C:\ProgramData\CanonBJ [08/12/2018 00:10:39] - |D| - [0] - C:\ProgramData\Caphyon [19/05/2018 11:51:37] - |SHD| - [200454039] - C:\ProgramData\Documents [02/01/2019 20:05:28] - |D| - [8716288] - C:\ProgramData\Dolby [02/02/2018 21:12:59] - |A| - [0] - C:\ProgramData\DP45977C.lfl [12/02/2019 18:47:45] - |D| - [433] - C:\ProgramData\Electronic Arts [08/08/2019 13:42:56] - |D| - [21661221] - C:\ProgramData\Epic [14/07/2018 13:18:47] - |D| - [75138] - C:\ProgramData\Hewlett-Packard [17/03/2018 21:36:12] - |D| - [7092238] - C:\ProgramData\Hi-Rez Studios [03/02/2018 01:14:50] - |D| - [406652] - C:\ProgramData\Intel [03/02/2018 12:30:33] - |D| - [6170846] - C:\ProgramData\Lenovo [04/07/2019 19:57:39] - |D| - [4452352] - C:\ProgramData\Malwarebytes [03/02/2018 04:00:59] - |SHD| - [170368] - C:\ProgramData\Menu Démarrer [12/04/2018 01:38:20] - |SD| - [654007911] - C:\ProgramData\Microsoft [19/05/2018 11:55:43] - |D| - [0] - C:\ProgramData\Microsoft OneDrive [04/07/2019 19:09:36] - |A| - [102] - C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc [03/02/2018 04:00:59] - |SHD| - [0] - C:\ProgramData\Modèles [06/02/2019 20:24:52] - |D| - [16707] - C:\ProgramData\Mozilla [03/07/2019 22:30:16] - |RASH| - [2708] - C:\ProgramData\ntuser.pol [02/02/2018 21:28:07] - |D| - [4223702] - C:\ProgramData\NVIDIA [02/02/2018 21:27:56] - |D| - [2467385383] - C:\ProgramData\NVIDIA Corporation [26/11/2018 20:00:54] - |D| - [82551963] - C:\ProgramData\Oracle [12/02/2019 12:54:12] - |D| - [360872121] - C:\ProgramData\Origin [02/02/2018 22:44:42] - |D| - [72615230] - C:\ProgramData\Package Cache [13/06/2018 00:06:00] - |D| - [356352] - C:\ProgramData\Packages [03/07/2019 22:29:32] - |D| - [0] - C:\ProgramData\Pader [02/02/2018 22:21:54] - |D| - [140] - C:\ProgramData\ProductData [22/08/2018 14:05:43] - |D| - [1031] - C:\ProgramData\RedGiant [12/04/2018 01:38:20] - |D| - [993] - C:\ProgramData\regid.1991-06.com.microsoft [06/01/2019 00:32:20] - |D| - [39] - C:\ProgramData\Riot Games [12/04/2018 01:38:20] - |D| - [0] - C:\ProgramData\SoftwareDistribution [04/08/2019 15:30:45] - |D| - [6366] - C:\ProgramData\TACHYON [12/04/2018 01:38:20] - |D| - [6935] - C:\ProgramData\USOPrivate [19/05/2018 11:47:44] - |D| - [10203136] - C:\ProgramData\USOShared [12/04/2018 18:24:11] - |D| - [0] - C:\ProgramData\WindowsHolographicDevices [27/11/2018 19:36:55] - |D| - [246977] - C:\ProgramData\Wondershare ---------- | C:\ProgramData\Microsoft\Windows\Start Menu [12/04/2018 01:38:24] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini [03/02/2018 04:00:59] - |SHD| - [85097] - C:\ProgramData\Microsoft\Windows\Start Menu\Programmes [12/04/2018 01:38:20] - |RD| - [85097] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs [12/04/2018 01:38:20] - |RD| - [1614] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility [12/04/2018 01:38:20] - |RD| - [14299] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories [12/04/2018 01:38:20] - |RD| - [24294] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [30/08/2018 13:44:46] - |A| - [1231] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CC 2018.lnk [28/07/2018 04:15:15] - |A| - [1298] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk [30/08/2018 13:52:23] - |A| - [1133] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CC 2018.lnk [28/08/2019 03:04:30] - |A| - [731] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Assistant Mise à jour de Windows 10.lnk [12/04/2018 01:38:24] - |ASH| - [530] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini [08/08/2019 13:43:00] - |A| - [951] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk [17/07/2019 20:41:23] - |A| - [1005] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk [01/09/2019 22:45:49] - |D| - [3583] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Greenshot [17/03/2018 21:36:13] - |D| - [2052] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios [23/07/2018 17:31:24] - |D| - [2898] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line [12/04/2018 01:35:21] - |RAS| - [2349] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk [03/02/2018 13:06:50] - |D| - [1358] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver and Support Assistant [26/11/2018 20:01:07] - |D| - [3147] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java [03/02/2018 12:31:00] - |D| - [1251] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo [18/04/2019 18:02:53] - |D| - [9054] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 6.1 [12/04/2018 01:38:20] - |D| - [170] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance [24/05/2018 20:20:58] - |D| - [1461] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [12/02/2019 12:58:49] - |D| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin [02/02/2018 22:27:02] - |D| - [2039] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realtek [12/04/2018 01:38:20] - |RD| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp [02/02/2018 22:26:32] - |D| - [1108] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [12/04/2018 01:38:20] - |RD| - [1458] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools [05/02/2018 20:53:10] - |A| - [970] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk [19/05/2018 11:48:56] - |A| - [1576] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk [23/07/2018 18:02:27] - |D| - [3363] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [27/11/2018 19:37:15] - |D| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [12/04/2018 01:38:24] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | C:\Program Files (x86) [28/07/2018 04:14:32] - |D| - [195434902] - C:\Program Files (x86)\Adobe [12/04/2018 01:38:20] - |D| - [1185013176] - C:\Program Files (x86)\Common Files [12/04/2018 01:38:24] - |ASH| - [174] - C:\Program Files (x86)\desktop.ini [12/07/2018 14:50:02] - |D| - [1825736] - C:\Program Files (x86)\EasyAntiCheat [03/02/2018 01:30:14] - |D| - [0] - C:\Program Files (x86)\Google [23/07/2018 17:26:23] - |D| - [213805354] - C:\Program Files (x86)\Image-Line [17/03/2018 21:36:09] - |HD| - [3156853] - C:\Program Files (x86)\InstallShield Installation Information [03/02/2018 13:06:50] - |D| - [3854266] - C:\Program Files (x86)\Intel Driver and Support Assistant [12/04/2018 01:38:20] - |D| - [1996783] - C:\Program Files (x86)\Internet Explorer [12/04/2018 01:38:20] - |D| - [23935] - C:\Program Files (x86)\Microsoft.NET [17/07/2019 20:41:23] - |D| - [331393] - C:\Program Files (x86)\Mozilla Maintenance Service [19/05/2018 12:40:47] - |D| - [25757] - C:\Program Files (x86)\MSBuild [02/02/2018 21:28:07] - |D| - [295499645] - C:\Program Files (x86)\NVIDIA Corporation [12/02/2019 19:35:42] - |D| - [0] - C:\Program Files (x86)\Origin Games [02/02/2018 21:13:04] - |D| - [14460928] - C:\Program Files (x86)\Realtek [19/05/2018 12:40:47] - |D| - [38462721] - C:\Program Files (x86)\Reference Assemblies [02/02/2018 22:26:32] - |D| - [992710856] - C:\Program Files (x86)\Steam [03/07/2019 22:30:40] - |HD| - [0] - C:\Program Files (x86)\transacting [03/02/2018 00:49:51] - |D| - [342398245] - C:\Program Files (x86)\Ubisoft [19/05/2018 11:47:07] - |HD| - [0] - C:\Program Files (x86)\Uninstall Information [02/02/2018 21:24:24] - |D| - [15351] - C:\Program Files (x86)\VulkanRT [12/04/2018 01:38:20] - |D| - [1780344] - C:\Program Files (x86)\Windows Defender [12/04/2018 01:38:20] - |D| - [625664] - C:\Program Files (x86)\Windows Mail [12/04/2018 18:20:01] - |D| - [3255239] - C:\Program Files (x86)\Windows Media Player [12/04/2018 01:38:20] - |D| - [40328] - C:\Program Files (x86)\Windows Multimedia Platform [12/04/2018 01:38:20] - |D| - [7556440] - C:\Program Files (x86)\windows nt [12/04/2018 01:38:20] - |D| - [5370120] - C:\Program Files (x86)\Windows Photo Viewer [12/04/2018 01:38:20] - |D| - [40328] - C:\Program Files (x86)\Windows Portable Devices [12/04/2018 01:38:20] - |SHD| - [0] - C:\Program Files (x86)\Windows Sidebar [12/04/2018 01:38:20] - |D| - [2251159] - C:\Program Files (x86)\WindowsPowerShell ---------- | C:\Program Files [28/07/2018 04:19:48] - |D| - [2205535114] - C:\Program Files\Adobe [05/06/2018 13:52:04] - |D| - [32] - C:\Program Files\CCleaner [12/04/2018 01:38:20] - |D| - [144428413] - C:\Program Files\Common Files [12/04/2018 01:38:23] - |ASH| - [174] - C:\Program Files\desktop.ini [02/01/2019 20:05:28] - |D| - [6657549] - C:\Program Files\Dolby [03/02/2018 04:00:59] - |SHD| - [144428413] - C:\Program Files\Fichiers communs [01/09/2019 22:45:48] - |D| - [3174851] - C:\Program Files\Greenshot [23/07/2018 17:31:25] - |D| - [3681435] - C:\Program Files\Image-Line [02/02/2018 21:24:12] - |D| - [66135470] - C:\Program Files\Intel [12/04/2018 01:38:20] - |D| - [2628602] - C:\Program Files\internet explorer [03/02/2018 12:30:33] - |D| - [104320900] - C:\Program Files\Lenovo [18/04/2019 18:02:26] - |D| - [545944436] - C:\Program Files\LibreOffice [22/06/2019 13:21:21] - |D| - [237959532] - C:\Program Files\Mozilla Firefox [19/05/2018 12:40:47] - |D| - [25757] - C:\Program Files\MSBuild [02/02/2018 21:27:53] - |D| - [1849906953] - C:\Program Files\NVIDIA Corporation [02/02/2018 21:12:57] - |D| - [27814425] - C:\Program Files\Realtek [19/05/2018 12:40:47] - |D| - [36867241] - C:\Program Files\Reference Assemblies [16/11/2018 20:41:49] - |D| - [31168145] - C:\Program Files\rempl [02/02/2018 21:05:32] - |D| - [70806152] - C:\Program Files\Synaptics [05/02/2018 20:53:04] - |D| - [181912107] - C:\Program Files\TeamSpeak 3 Client [03/02/2018 03:59:48] - |HD| - [0] - C:\Program Files\Uninstall Information [20/06/2019 14:31:43] - |D| - [10257074] - C:\Program Files\UNP [12/04/2018 01:38:20] - |RD| - [19299507] - C:\Program Files\Windows Defender [12/04/2018 18:24:11] - |D| - [12730296] - C:\Program Files\Windows Defender Advanced Threat Protection [12/04/2018 01:38:20] - |D| - [635392] - C:\Program Files\Windows Mail [12/04/2018 18:20:01] - |D| - [4784107] - C:\Program Files\Windows Media Player [12/04/2018 01:38:20] - |D| - [46576] - C:\Program Files\Windows Multimedia Platform [12/04/2018 01:38:20] - |D| - [12668248] - C:\Program Files\windows nt [12/04/2018 01:38:20] - |D| - [6170376] - C:\Program Files\Windows Photo Viewer [12/04/2018 01:38:20] - |D| - [46576] - C:\Program Files\Windows Portable Devices [12/04/2018 01:38:20] - |D| - [106165] - C:\Program Files\Windows Security [12/04/2018 01:38:20] - |SHD| - [0] - C:\Program Files\Windows Sidebar [12/04/2018 01:38:20] - |HD| - [2270422127] - C:\Program Files\WindowsApps [12/04/2018 01:38:20] - |D| - [2501953] - C:\Program Files\WindowsPowerShell ---------- | C:\Program Files (x86)\Common Files [20/02/2018 23:24:34] - |D| - [982559065] - C:\Program Files (x86)\Common Files\Adobe [03/02/2018 00:55:10] - |D| - [32293928] - C:\Program Files (x86)\Common Files\BattlEye [02/02/2018 21:24:11] - |D| - [135634590] - C:\Program Files (x86)\Common Files\Intel [26/11/2018 20:01:31] - |D| - [1973744] - C:\Program Files (x86)\Common Files\Java [12/04/2018 01:38:20] - |D| - [15936520] - C:\Program Files (x86)\Common Files\microsoft shared [26/11/2018 20:01:07] - |D| - [1540304] - C:\Program Files (x86)\Common Files\Oracle [23/07/2018 17:31:54] - |D| - [1435256] - C:\Program Files (x86)\Common Files\Propellerhead Software [12/04/2018 01:38:20] - |D| - [2702] - C:\Program Files (x86)\Common Files\Services [02/02/2018 22:26:33] - |D| - [4085312] - C:\Program Files (x86)\Common Files\Steam [12/04/2018 01:38:20] - |D| - [9551755] - C:\Program Files (x86)\Common Files\system ---------- | C:\Program Files\Common files [28/07/2018 04:22:31] - |D| - [91203088] - C:\Program Files\Common files\Adobe [05/06/2018 13:53:07] - |D| - [2045832] - C:\Program Files\Common files\AVAST Software [08/08/2019 17:45:05] - |HD| - [1000642] - C:\Program Files\Common files\EAInstaller [12/04/2018 01:38:20] - |D| - [37717650] - C:\Program Files\Common files\microsoft shared [23/07/2018 17:31:54] - |D| - [2193016] - C:\Program Files\Common files\Propellerhead Software [12/04/2018 01:38:20] - |D| - [2702] - C:\Program Files\Common files\Services [12/04/2018 01:38:20] - |D| - [10265483] - C:\Program Files\Common files\system ---------- | Tasks [MD5.AA42413323356905CCA562737277303B] - [28/08/2019 02:44:13] - |A| - [214] - C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job [MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [19/05/2018 11:51:35] - |AH| - [6] - C:\WINDOWS\Tasks\SA.DAT [MD5.BE204F83D8AE53DFDFEDB8B6E97A2303] - [27/05/2018 22:03:47] - |A| - [4772] - C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier : C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_238_pepper.exe [MD5.FCC3EB18D5B5754A54D0AD31243D87EA] - [11/06/2018 06:49:28] - |A| - [4594] - C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater : C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [MD5.3A502C21D0EFEECFD3C267EB31B86E8E] - [19/05/2018 11:51:35] - |A| - [2800] - C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-overd0z@outlook.fr : C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [MD5.AC3EEDC5E9E30003B0F509D724C82E33] - [28/07/2018 04:58:55] - |A| - [3708] - C:\WINDOWS\System32\Tasks\AdobeGCInvoker-1.0-MicrosoftAccount-overd0z@outlook.fr : C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [MD5.00000000000000000000000000000000] - [05/06/2018 13:53:18] - |D| - [4086] - C:\WINDOWS\System32\Tasks\Avast Software [MD5.78A091238461EF78F93C8A429780274C] - [26/08/2019 20:26:32] - |A| - [3656] - C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask : C:\WINDOWS\explorer.exe [MD5.00000000000000000000000000000000] - [30/12/2018 17:32:43] - |D| - [0] - C:\WINDOWS\System32\Tasks\G-8-5-63-1065323198-1077138701-1193712117-8057 [MD5.8AD898912076F35F325BEF265423DDCB] - [19/05/2018 11:51:35] - |A| - [3834] - C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 : C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [MD5.00000000000000000000000000000000] - [19/05/2018 11:51:35] - |D| - [2986] - C:\WINDOWS\System32\Tasks\Lenovo [MD5.00000000000000000000000000000000] - [12/04/2018 01:38:21] - |D| - [556650] - C:\WINDOWS\System32\Tasks\Microsoft [MD5.51176F3BFA2A622D87E013ADB2AD518F] - [19/05/2018 11:51:35] - |A| - [2404] - C:\WINDOWS\System32\Tasks\NerveCenterUpdate : "C:\Program Files\Lenovo\Nerve Center\bin\x64\LenovoNerveCenterUpdateAgent.exe" [MD5.3FCF5E0D7D1D01D2FDE412AC20D2ED17] - [24/05/2018 20:20:52] - |A| - [4106] - C:\WINDOWS\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [MD5.877E75B7DAE490B5A33E88CD403839CE] - [19/05/2018 11:51:35] - |A| - [4308] - C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [MD5.F55B2F72E563AB4B2C6F011BD0C0A3BC] - [24/05/2018 20:20:58] - |A| - [3976] - C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : "C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe" [MD5.9200A7AEAD4C78C61F5CA9964667C70D] - [24/05/2018 20:20:58] - |A| - [3940] - C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [MD5.85C501E4538A5F27604F85DBAA4DF9FE] - [19/05/2018 11:51:35] - |A| - [3894] - C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [MD5.4C1943F7A098FE04B84E9B3BDC3715BF] - [19/05/2018 11:51:35] - |A| - [3654] - C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [MD5.AF502838DC3A4FDBC24FEC62420EFDDA] - [20/08/2019 17:48:14] - |A| - [3858] - C:\WINDOWS\System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [MD5.8DE857C3F59070B7B79683C0D0865976] - [20/08/2019 17:48:14] - |A| - [3858] - C:\WINDOWS\System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [MD5.C0616C125C7C07293C4A9661CB78B863] - [20/08/2019 17:48:14] - |A| - [3858] - C:\WINDOWS\System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [MD5.F06C9CDBFF48F5A80D4D80EA2F74D910] - [20/08/2019 17:48:14] - |A| - [3858] - C:\WINDOWS\System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} : C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [MD5.8D248DD79B621113D44E79188D69C3B9] - [28/08/2019 02:02:31] - |A| - [3394] - C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3426031793-651430910-2054641259-500 : %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe [MD5.00000000000000000000000000000000] - [04/07/2019 19:43:36] - |D| - [3380] - C:\WINDOWS\System32\Tasks\S-1-5-21-3426031793-651430910-2054641259-1001 [MD5.00000000000000000000000000000000] - [12/04/2018 01:38:21] - |D| - [0] - C:\WINDOWS\Syswow64\Tasks\Microsoft ---------- | Firewall [HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules] "WirelessDisplay-Infra-In-TCP"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7250|App=%systemroot%\system32\CastSrv.exe|Name=@wifidisplay.dll,-10206|Desc=@wifidisplay.dll,-10207|EmbedCtxt=@wifidisplay.dll,-100| "WirelessDisplay-Out-UDP"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10204|Desc=@wifidisplay.dll,-10205|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Out-TCP"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10202|Desc=@wifidisplay.dll,-10203|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-In-TCP"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10200|Desc=@wifidisplay.dll,-10201|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "Netlogon-TCP-RPC-In"=v2.28|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%SystemRoot%\System32\lsass.exe|Name=@netlogon.dll,-1008|Desc=@netlogon.dll,-1009|EmbedCtxt=@netlogon.dll,-1010| "Netlogon-NamedPipe-In"=v2.28|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|Name=@netlogon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010| "DeliveryOptimization-UDP-In"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-103|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE| "DeliveryOptimization-TCP-In"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-102|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE| "WiFiDirect-KM-Driver-Out-UDP"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=System|Name=@wlansvc.dll,-37381|Desc=@wlansvc.dll,-37893|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "WiFiDirect-KM-Driver-In-UDP"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=System|Name=@wlansvc.dll,-37380|Desc=@wlansvc.dll,-37892|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "WiFiDirect-KM-Driver-Out-TCP"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=System|Name=@wlansvc.dll,-37379|Desc=@wlansvc.dll,-37891|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "WiFiDirect-KM-Driver-In-TCP"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=System|Name=@wlansvc.dll,-37378|Desc=@wlansvc.dll,-37890|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "TCP Query User{5C307306-0A55-4276-A62D-5E8F2CDC6329}V:\program files (x86)\tom clancy's rainbow six siege\rainbowsix.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=V:\program files (x86)\tom clancy's rainbow six siege\rainbowsix.exe|Name=Rainbow Six|Desc=Rainbow Six|Defer=User| "UDP Query User{CF337723-F224-4E43-9F29-EA2C1F1AD450}V:\program files (x86)\tom clancy's rainbow six siege\rainbowsix.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=V:\program files (x86)\tom clancy's rainbow six siege\rainbowsix.exe|Name=Rainbow Six|Desc=Rainbow Six|Defer=User| "{CE93CDDB-E8C4-471A-8930-DAA45770EAE3}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-21-3426031793-651430910-2054641259-500|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2:6:2|Platform2=GTEQ| "{BFC4D433-6889-49AC-ABA4-38916DA04B97}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Dolby Access|Desc=Dolby Access|LUOwn=S-1-5-21-3426031793-651430910-2054641259-500|AppPkgId=S-1-15-2-864892550-682355956-3667821578-694357232-3878941086-3291980491-2900429266|EmbedCtxt=Dolby Access|Platform=2:6:2|Platform2=GTEQ| "{7CC34A9D-C35F-4117-BCA8-508AA40C8F43}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Dolby Access|Desc=Dolby Access|LUOwn=S-1-5-21-3426031793-651430910-2054641259-500|AppPkgId=S-1-15-2-864892550-682355956-3667821578-694357232-3878941086-3291980491-2900429266|EmbedCtxt=Dolby Access|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{AFB8FB54-948F-4292-8F09-4A479BA96209}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Shell Input Application|Desc=Shell Input Application|LUOwn=S-1-5-21-3426031793-651430910-2054641259-500|AppPkgId=S-1-15-2-3945102849-3632965805-3846928828-240845225-3300287824-62672950-817265009|EmbedCtxt=Shell Input Application|Platform=2:6:2|Platform2=GTEQ| "{BD53CCA8-B2ED-40F5-A3BD-22C02E244904}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Win32WebViewHost|Desc=Win32WebViewHost|LUOwn=S-1-5-21-3426031793-651430910-2054641259-500|AppPkgId=S-1-15-2-1310292540-1029022339-4008023048-2190398717-53961996-4257829345-603366646|EmbedCtxt=Win32WebViewHost|Platform=2:6:2|Platform2=GTEQ| "{5AF9BAC7-2719-4851-B028-A009F2B8A06B}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Win32WebViewHost|Desc=Win32WebViewHost|LUOwn=S-1-5-21-3426031793-651430910-2054641259-500|AppPkgId=S-1-15-2-1310292540-1029022339-4008023048-2190398717-53961996-4257829345-603366646|EmbedCtxt=Win32WebViewHost|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{22B0AE1D-366E-4C12-9F44-50EF154E2366}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox gaming overlay|Desc=Xbox gaming overlay|LUOwn=S-1-5-21-3426031793-651430910-2054641259-500|AppPkgId=S-1-15-2-1714399563-1326177402-2048222277-143663168-2151391019-765408921-4098702777|EmbedCtxt=Xbox gaming overlay|Platform=2:6:2|Platform2=GTEQ| "{2C2098E0-AEF9-4A34-A587-671D5BA87EC0}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox Game Bar Plugin|Desc=Xbox Game Bar Plugin|LUOwn=S-1-5-21-3426031793-651430910-2054641259-500|AppPkgId=S-1-15-2-1823635404-1364722122-2170562666-1762391777-2399050872-3465541734-3732476201|EmbedCtxt=Xbox Game Bar Plugin|Platform=2:6:2|Platform2=GTEQ| "{387F3FA8-206F-4116-9359-3FAC34394E6E}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox TCUI|Desc=Xbox TCUI|LUOwn=S-1-5-21-3426031793-651430910-2054641259-500|AppPkgId=S-1-15-2-2603511428-3224021693-1028932517-3941269705-3349582775-2312504883-4057327947|EmbedCtxt=Xbox TCUI|Platform=2:6:2|Platform2=GTEQ| "{11035149-743E-46D9-99E1-1D7367FA128F}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Pay|Desc=Microsoft Pay|LUOwn=S-1-5-21-3426031793-651430910-2054641259-500|AppPkgId=S-1-15-2-567501097-281763132-502764112-1855211022-3143306454-2372101908-561929011|EmbedCtxt=Microsoft Pay|Platform=2:6:2|Platform2=GTEQ| "{9224CE4A-D68B-43D9-A3B9-205C08F9AC24}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Print 3D|Desc=Print 3D|LUOwn=S-1-5-21-3426031793-651430910-2054641259-500|AppPkgId=S-1-15-2-4177018473-2823706547-3652141868-2730301309-560159678-43221128-488844051|EmbedCtxt=Print 3D|Platform=2:6:2|Platform2=GTEQ| "{852BEF43-EB28-4B4F-8B68-009961E6608F}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Print 3D|Desc=Print 3D|LUOwn=S-1-5-21-3426031793-651430910-2054641259-500|AppPkgId=S-1-15-2-4177018473-2823706547-3652141868-2730301309-560159678-43221128-488844051|EmbedCtxt=Print 3D|Platform=2:6:2|Platform2=GTEQ| "{4D48D69C-AB69-4A88-8386-E45242BE6857}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-3426031793-651430910-2054641259-500|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ| "{E085FE6E-A7F7-4D22-B080-E633565F22F5}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-3426031793-651430910-2054641259-500|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ| "{366B8AB5-1DCC-45B4-9666-80927EDECCC1}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Sticky Notes|Desc=Microsoft Sticky Notes|LUOwn=S-1-5-21-3426031793-651430910-2054641259-500|AppPkgId=S-1-15-2-3539788797-2700867667-1432428195-1581642-2885308443-3834444517-2495346167|EmbedCtxt=Microsoft Sticky Notes|Platform=2:6:2|Platform2=GTEQ| "{EE6838CA-E37E-4686-8B33-81490C452A65}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Microsoft Sticky Notes|Desc=Microsoft Sticky Notes|LUOwn=S-1-5-21-3426031793-651430910-2054641259-500|AppPkgId=S-1-15-2-3539788797-2700867667-1432428195-1581642-2885308443-3834444517-2495346167|EmbedCtxt=Microsoft Sticky Notes|Platform=2:6:2|Platform2=GTEQ| "{A5CCF2C8-FE00-4004-9ADB-0E93B65D0371}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-3426031793-651430910-2054641259-500|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ| "{C7B0C14E-7274-48E0-9552-232942E1C170}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-3426031793-651430910-2054641259-500|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ| "{22C5E2E7-27D3-4524-9D14-CF61BA6B8568}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox Game Bar Plugin|Desc=Xbox Game Bar Plugin|LUOwn=S-1-5-21-3426031793-651430910-2054641259-1001|AppPkgId=S-1-15-2-1823635404-1364722122-2170562666-1762391777-2399050872-3465541734-3732476201|EmbedCtxt=Xbox Game Bar Plugin|Platform=2:6:2|Platform2=GTEQ| "{6E455ED6-8298-4CBA-81DD-517493BED93D}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-3426031793-651430910-2054641259-1001|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ| "{0EEA3986-370C-4C13-81C6-35F49ACA75B2}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-3426031793-651430910-2054641259-1001|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ| "{51557431-3E00-41D0-ADA6-C044BE396594}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Sticky Notes|Desc=Microsoft Sticky Notes|LUOwn=S-1-5-21-3426031793-651430910-2054641259-1001|AppPkgId=S-1-15-2-3539788797-2700867667-1432428195-1581642-2885308443-3834444517-2495346167|EmbedCtxt=Microsoft Sticky Notes|Platform=2:6:2|Platform2=GTEQ| "{8BDA2FBE-8A9D-438C-B54B-D921182EF1E6}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Microsoft Sticky Notes|Desc=Microsoft Sticky Notes|LUOwn=S-1-5-21-3426031793-651430910-2054641259-1001|AppPkgId=S-1-15-2-3539788797-2700867667-1432428195-1581642-2885308443-3834444517-2495346167|EmbedCtxt=Microsoft Sticky Notes|Platform=2:6:2|Platform2=GTEQ| "{21CB8A6B-3736-4B45-9E9C-E2304209D1A7}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-3426031793-651430910-2054641259-1001|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ| "{A8B1CD96-AEDB-42BA-A80F-46DAC07D1E2C}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-3426031793-651430910-2054641259-1001|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ| "{61EBB245-814D-4D93-90F9-D6A5BA6F6320}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort2_10=4371-4379|App=C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.114.475.0_x86__zpdnekdrzrea0\Spotify.exe|Name=Spotify Music|Desc=Spotify Music|EmbedCtxt={78E1CD88-49E3-476E-B926-580E596AD309}| "{E1AAF83E-05F7-4575-933D-6A97ED9395D4}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort2_10=4381-4389|App=C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.114.475.0_x86__zpdnekdrzrea0\Spotify.exe|Name=Spotify Music|Desc=Spotify Music|EmbedCtxt={78E1CD88-49E3-476E-B926-580E596AD309}| "{20538251-C824-4A6E-815F-9DDBB919410D}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=8088|App=C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.114.475.0_x86__zpdnekdrzrea0\Spotify.exe|Name=Spotify Music|Desc=Spotify Music|EmbedCtxt={78E1CD88-49E3-476E-B926-580E596AD309}| "{B9CE08B1-3F36-420F-A2DE-F1AB22A48564}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=8088|App=C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.114.475.0_x86__zpdnekdrzrea0\Spotify.exe|Name=Spotify Music|Desc=Spotify Music|EmbedCtxt={78E1CD88-49E3-476E-B926-580E596AD309}| "{B6B73F21-4FA7-4C69-B0D9-2F824E26725E}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=57621|App=C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.114.475.0_x86__zpdnekdrzrea0\Spotify.exe|Name=Spotify Music|Desc=Spotify Music|EmbedCtxt={78E1CD88-49E3-476E-B926-580E596AD309}| "{E917BCAC-B708-4057-AE7B-509A7126439F}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort2_10=57621-57631|App=C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.114.475.0_x86__zpdnekdrzrea0\Spotify.exe|Name=Spotify Music|Desc=Spotify Music|EmbedCtxt={78E1CD88-49E3-476E-B926-580E596AD309}| "{3D5D5345-1B30-4D2B-BA8E-11A1F1579F04}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.114.475.0_x86__zpdnekdrzrea0\Spotify.exe|Name=Spotify Music|Desc=Spotify Music|EmbedCtxt={78E1CD88-49E3-476E-B926-580E596AD309}| "{C353222A-CF6D-44D3-A396-A5F0F1C0280A}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.114.475.0_x86__zpdnekdrzrea0\Spotify.exe|Name=Spotify Music|Desc=Spotify Music|EmbedCtxt={78E1CD88-49E3-476E-B926-580E596AD309}| "{1624359E-6B4E-48E1-AB79-0C54D1B31D60}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Spotify Music|Desc=Spotify Music|LUOwn=S-1-5-21-3426031793-651430910-2054641259-1001|AppPkgId=S-1-15-2-557819504-3144503769-3460048582-2468406004-2969798954-3397036932-4166026031|EmbedCtxt=Spotify Music|Platform=2:6:2|Platform2=GTEQ| ---------- | Control\Class [HKLM\SYSTEM\CurrentControlSet\Control\Class\{05f5cfe2-4733-4950-a6bb-07aad01a3a84}] : (XboxComposite) [] -> @dc1-controller.inf,%ClassName%;Xbox Peripherals [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1264760F-A5C8-4BFE-B314-D56A7B44A362}] : (DXGKrnl) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{13e42dfa-85d9-424d-8646-28a70f864f9c}] : (RemotePosDevice) [] -> @remoteposdrv.inf,%ClassName%;POS Remote Device [HKLM\SYSTEM\CurrentControlSet\Control\Class\{14b62f50-3f15-11dd-ae16-0800200c9a66}] : (DigitalMediaDevices) [] -> @digitalmediadevice.inf,%ClassName%;Digital Media Devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}] : (PrintQueue) [] -> @printqueue.inf,%ClassName%;Print queues [HKLM\SYSTEM\CurrentControlSet\Control\Class\{25dbce51-6c8f-4a72-8a6d-b54c2b4fc835}] : (WCEUSBS) [] -> @%SystemRoot%\System32\SysClass.Dll,-3026 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{268c95a1-edfe-11d3-95c3-0010dc4050a5}] : (SecurityAccelerator) [] -> @c_sslaccel.inf,%ClassName%;Security accelerators [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2a9fe532-0cdc-44f9-9827-76192f2ca2fb}] : (HidMsr) [] -> @c_magneticstripereader.inf,%ClassName%;POS HID Magnetic Stripe Reader [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2db15374-706e-4131-a0c7-d7c78eb0289a}] : (SystemRecovery) [] -> @c_fssystemrecovery.inf,%ClassDesc%;FS System recovery filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2EA9B43F-3045-43B5-80F2-FD06C55FBB90}] : (vhdmp) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B648}] : (fvevol) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B649}] : (fvevol) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{36fc9e60-c465-11cf-8056-444553540000}] : (USB) [] -> @%SystemRoot%\System32\SysClass.Dll,-3025 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3e3f0674-c83c-4558-bb26-9820e1eba5c5}] : (ContentScreener) [] -> @c_fscontentscreener.inf,%ClassDesc%;FS Content screener filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{43675d81-502a-4a82-9f84-b75f418c5dea}] : (Media Center Extender) [] -> @c_mcx.inf,%ClassDesc%;Media Center Extenders [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4658ee7e-f050-11d1-b6bd-00c04fa372a7}] : (PnpPrinters) [] -> @%SystemRoot%\system32\ntprint.dll,-1300 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{48721b56-6795-11d2-b1a8-0080c72e74a2}] : (Dot4) [] -> @%SystemRoot%\system32\sysclass.dll,-3023 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{48d3ebc4-4cf8-48ff-b869-9c68ad42eb9f}] : (Replication) [] -> @c_fsreplication.inf,%ClassDesc%;FS Replication filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{49ce6ac8-6f86-11d2-b1e5-0080c72e74a2}] : (Dot4Print) [] -> @%SystemRoot%\system32\sysclass.dll,-3024 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e965-e325-11ce-bfc1-08002be10318}] : (CDROM) [] -> @%SystemRoot%\System32\StorProp.dll,-17001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e966-e325-11ce-bfc1-08002be10318}] : (Computer) [] -> @%SystemRoot%\System32\SysClass.dll,-3000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}] : (DiskDrive) [] -> @c_diskdrive.inf,%ClassDesc%;Disk drives [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}] : (Display) [] -> @c_display.inf,%ClassDesc%;Display adapters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e969-e325-11ce-bfc1-08002be10318}] : (FDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3013 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96a-e325-11ce-bfc1-08002be10318}] : (HDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96b-e325-11ce-bfc1-08002be10318}] : (Keyboard) [] -> @%SystemRoot%\System32\SysClass.Dll,-3002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96c-e325-11ce-bfc1-08002be10318}] : (MEDIA) [] -> @%SystemRoot%\System32\mmci.dll,-3000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}] : (Modem) [] -> @%SystemRoot%\System32\mdminst.dll,-14100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96e-e325-11ce-bfc1-08002be10318}] : (Monitor) [] -> @c_monitor.inf,%ClassDesc%;Monitors [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96f-e325-11ce-bfc1-08002be10318}] : (Mouse) [] -> @%SystemRoot%\System32\SysClass.Dll,-3004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e970-e325-11ce-bfc1-08002be10318}] : (MTD) [] -> @%SystemRoot%\System32\SysClass.Dll,-3021 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e971-e325-11ce-bfc1-08002be10318}] : (MultiFunction) [] -> @%SystemRoot%\System32\SysClass.Dll,-3014 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}] : (Net) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1502 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e973-e325-11ce-bfc1-08002be10318}] : (NetClient) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1504 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e974-e325-11ce-bfc1-08002be10318}] : (NetService) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1505 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e975-e325-11ce-bfc1-08002be10318}] : (NetTrans) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1503 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e977-e325-11ce-bfc1-08002be10318}] : (PCMCIA) [] -> @%SystemRoot%\System32\SysClass.Dll,-3010 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e978-e325-11ce-bfc1-08002be10318}] : (Ports) [] -> @%SystemRoot%\System32\msports.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e979-e325-11ce-bfc1-08002be10318}] : (Printer) [] -> @%SystemRoot%\system32\ntprint.dll,-1004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97b-e325-11ce-bfc1-08002be10318}] : (SCSIAdapter) [] -> @%SystemRoot%\System32\SysClass.Dll,-3005 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97d-e325-11ce-bfc1-08002be10318}] : (System) [] -> @%SystemRoot%\System32\SysClass.Dll,-3008 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97e-e325-11ce-bfc1-08002be10318}] : (Unknown) [] -> @%SystemRoot%\System32\SysClass.Dll,-3009 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e980-e325-11ce-bfc1-08002be10318}] : (FloppyDisk) [] -> @%SystemRoot%\System32\SysClass.Dll,-3015 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4fc9541c-0fe6-4480-a4f6-9495a0d17cd2}] : (HidLineDisplay) [] -> @c_linedisplay.inf,%ClassName%;POS Line Display [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50127dc3-0f36-415e-a6cc-4cb3be910b65}] : (Processor) [] -> @c_processor.inf,%ClassDesc%;Processors [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50906cb8-ba12-11d1-bf5d-0000f805f530}] : (MultiPortSerial) [] -> @%SystemRoot%\system32\sysclass.dll,-3022 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5099944a-f6b9-4057-a056-8c550228544c}] : (Memory) [] -> @%SystemRoot%\System32\SysClass.Dll,-3018 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50dd5230-ba8a-11d1-bf5d-0000f805f530}] : (SmartCardReader) [] -> @%SystemRoot%\System32\StorProp.dll,-17002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5175d334-c371-4806-b3ba-71fd53c9258d}] : (Sensor) [] -> @%SystemRoot%\system32\SensorsCpl.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{533c5b84-ec70-11d2-9505-00c04f79deaf}] : (VolumeSnapshot) [] -> @%SystemRoot%\System32\SysClass.Dll,-3011 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53487c23-680f-4585-acc3-1f10d6777e82}] : (SmrDisk) [] -> @c_smrdisk.inf,%ClassDesc%;Shingled magnetic recording disks [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53966cb1-4d46-4166-bf23-c522403cd495}] : (ScmDisk) [] -> @c_scmdisk.inf,%ClassDesc%;Persistent memory disks [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53b3cf03-8f5a-4788-91b6-d19ed9fcccbf}] : (SmrVolume) [] -> @c_smrvolume.inf,%ClassDesc%;Shingled magnetic recording volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53ccb149-e543-4c84-b6e0-bce4f6b7e806}] : (ScmVolume) [] -> @c_scmvolume.inf,%ClassDesc%;Storage Class Memory volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53d29ef7-377c-4d14-864b-eb3a85769359}] : (Biometric) [] -> @%SystemRoot%\System32\SysClass.DLL,-3028 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5630831c-06c9-4856-b327-f5d32586e060}] : (Proximity) [] -> @c_proximity.inf,%ClassDesc%;Proximity devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5989fce8-9cd0-467d-8a6a-5419e31529d4}] : (AudioProcessingObject) [] -> @c_apo.inf,%ClassDesc%;Audio Processing Objects (APOs) [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5aea001d-9372-4ed7-97f3-b79bf15a53c5}] : (OposLegacyDevice) [] -> @oposdrv.inf,%ClassName%;OPOS Legacy Device [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5c4c3332-344d-483c-8739-259e934c9cc8}] : (SoftwareComponent) [] -> @c_swcomponent.inf,%ClassDesc%;Software components [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5d1b9aaa-01e2-46af-849f-272b3f324c46}] : (FSFilterSystem) [] -> @c_fssystem.inf,%ClassDesc%;FS System filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{62f9c741-b25a-46ce-b54c-9bccce08b6f2}] : (SoftwareDevice) [] -> @c_swdevice.inf,%ClassDesc%;Software devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{645ad99b-1344-4316-837a-08a3e73db222}] : (PerceptionSimulation) [] -> @PerceptionSimulationSixDof.inf,%ClassName%;Perception Simulation Controllers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6a0a8e78-bba6-4fc4-a709-1e33cd09d67e}] : (PhysicalQuotaManagement) [] -> @c_fsphysicalquotamgmt.inf,%ClassDesc%;FS Physical quota management filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc1-810f-11d0-bec7-08002be2092f}] : (1394) [] -> @%SystemRoot%\System32\SysClass.Dll,-3016 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc5-810f-11d0-bec7-08002be2092f}] : (Infrared) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1501 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc6-810f-11d0-bec7-08002be2092f}] : (Image) [] -> @%SystemRoot%\system32\sti_ci.dll,-52 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6d807884-7d21-11cf-801c-08002be10318}] : (TapeDrive) [] -> @%SystemRoot%\System32\SysClass.Dll,-3006 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6FAE73B7-B735-4B50-A0DA-0DC2484B1F1A}] : (BasicDisplay) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{71a27cdd-812a-11d0-bec7-08002be2092f}] : (Volume) [] -> @c_volume.inf,%ClassDesc%;Storage volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{71aa14f8-6fad-4622-ad77-92bb9d7e6947}] : (ContinuousBackup) [] -> @c_fscontinuousbackup.inf,%ClassDesc%;FS Continuous backup filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{72631e54-78a4-11d0-bcf7-00aa00b7b32a}] : (Battery) [] -> @%SystemRoot%\system32\powrprof.dll,-611 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{745a17a0-74d3-11d0-b6fe-00a0c90f57da}] : (HIDClass) [] -> @%SystemRoot%\System32\hid.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{772e18f2-8925-4229-a5ac-6453cb482fda}] : (HidCashDrawer) [] -> @c_cashdrawer.inf,%ClassName%;POS Cash Drawer [HKLM\SYSTEM\CurrentControlSet\Control\Class\{78a1c341-4539-22a6-0503-00c04fad5171}] : (LED) [] -> @oem0.inf,%ClassName%;Indicator Device [HKLM\SYSTEM\CurrentControlSet\Control\Class\{7ebefbc0-3200-11d2-b4c2-00a0c9697d07}] : (61883) [] -> @%SystemRoot%\System32\SysClass.Dll,-3019 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{81C87465-DE07-4EFC-9D93-61E891D52FD2}] : (RdpVideoMiniport) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8503c911-a6c7-4919-8f79-5028f5866b0c}] : (QuotaManagement) [] -> @c_fsquotamgmt.inf,%ClassDesc%;FS Quota management filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{87ef9ad1-8f70-49ee-b215-ab1fcadcbe3c}] : (NetDriver) [] -> @c_netdriver.inf,%ClassDesc%;Universal Network Drivers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{88a1c342-4539-11d3-b88d-00c04fad5171}] : (TS_Generic) [] -> @ts_generic.inf,%TSClassName%;Generic Remote Desktop devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{88bae032-5a81-49f0-bc3d-a4ff138216d6}] : (USBDevice) [] -> @%SystemRoot%\System32\SysClass.Dll,-3029 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{89786ff1-9c12-402f-9c9e-17753c7f4375}] : (CopyProtection) [] -> @c_fscopyprotection.inf,%ClassDesc%;FS Copy protection filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8ecc055d-047f-11d1-a537-0000f8753ed1}] : (LegacyDriver) [] -> @%SystemRoot%\System32\SysClass.Dll,-3003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{990a2bd7-e738-46c7-b26f-1cf8fb9f1391}] : (SmartCard) [] -> @%SystemRoot%\System32\SysClass.DLL,-3031 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{9da2b80f-f89f-4a49-a5c2-511b085b9e8a}] : (EhStorSilo) [] -> @rawsilo.inf,%ClassName%;IEEE 1667 silo and control devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a588a4-c46f-4b37-b7ea-c82fe89870c6}] : (SDHost) [] -> @%SystemRoot%\System32\SysClass.Dll,-3012 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a701c0-a511-42ff-aa6c-06dc0395576f}] : (Encryption) [] -> @c_fsencryption.inf,%ClassDesc%;FS Encryption filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{A3E32DBA-BA89-4F17-8386-2D0127FBD4CC}] : (rdpbus) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{A73C93F1-9727-4D1D-ACE1-0E333BA4E7DB}] : (nvlddmkm) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b1d1a169-c54f-4379-81db-bee7d88d7454}] : (AntiVirus) [] -> @c_fsantivirus.inf,%ClassDesc%;FS Anti-virus filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b2728d24-ac56-42db-9e02-8edaf5db652f}] : (RDCamera) [] -> @rdcameradriver.inf,%ClassName%;Remote Desktop Camera devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b86dff51-a31e-4bac-b3cf-e8cfe75c9fc2}] : (ActivityMonitor) [] -> @c_fsactivitymonitor.inf,%ClassDesc%;FS Activity monitor filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{bbbe8734-08fa-4966-b6a6-4e5ad010cdd7}] : (USBFunctionController) [] -> @%SystemRoot%\System32\SysClass.Dll,-3030 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c06ff265-ae09-48f0-812c-16753d7cba83}] : (AVC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3027 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c166523c-fe0c-4a94-a586-f1a80cfbbf3e}] : (AudioEndpoint) [] -> @audioendpoint.inf,%ClassName%;Audio inputs and outputs [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c243ffbd-3afc-45e9-b3d3-2ba18bc7ebc5}] : (BarcodeScanner) [] -> @c_barcodescanner.inf,%ClassName%;POS Barcode Scanner [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c30ecea0-11ef-4ef9-b02e-6af81e6e65c0}] : (WSDPrintDevice) [] -> @wsdprint.inf,%ClassName%;WSD Print Provider [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c7bc9b22-21f0-4f0d-9bb6-66c229b8cd33}] : (POSPrinter) [] -> @c_receiptprinter.inf,%ClassName%;POS Receipt Printer [HKLM\SYSTEM\CurrentControlSet\Control\Class\{ca3e7ab9-b4c3-4ae6-8251-579ef933890f}] : (Camera) [] -> @c_camera.inf,%ClassDesc%;Cameras [HKLM\SYSTEM\CurrentControlSet\Control\Class\{cdcf0939-b75b-4630-bf76-80f7ba655884}] : (CFSMetadataServer) [] -> @c_fscfsmetadataserver.inf,%ClassDesc%;FS CFS metadata server filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{ce5939ae-ebde-11d0-b181-0000f8753ec4}] : (MediumChanger) [] -> @%SystemRoot%\System32\StorProp.dll,-17003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d02bc3da-0c8e-4945-9bd5-f1883c226c8c}] : (SecurityEnhancer) [] -> @c_fssecurityenhancer.inf,%ClassDesc%;FS Security enhancer filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d421b08e-6d16-41ca-9c4d-9147e5ac98e0}] : (Miracast) [] -> @miradisp.inf,%ClassName%;Miracast display devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d48179be-ec20-11d1-b6b8-00c04fa372a7}] : (SBP2) [] -> @%SystemRoot%\System32\SysClass.Dll,-3017 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d546500a-2aeb-45f6-9482-f4b1799c3177}] : (HSM) [] -> @c_fshsm.inf,%ClassDesc%;FS HSM filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d612553d-06b1-49ca-8938-e39ef80eb16f}] : (Holographic) [] -> @c_holographic.inf,%ClassName%;Mixed Reality devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d61ca365-5af4-4486-998b-9db4734c6ca3}] : (XnaComposite) [] -> @xusb22.inf,%XUSB22.ClassName%;Xbox 360 Peripherals [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d94ee5d8-d189-4994-83d2-f68d7d41b0e6}] : (SecurityDevices) [] -> @%SystemRoot%\System32\SysClass.Dll,-3020 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{db4f6ddd-9c0e-45e4-9597-78dbbad0f412}] : (SmartCardFilter) [] -> @%SystemRoot%\System32\SysClass.DLL,-3032 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e0cbf06c-cd8b-4647-bb8a-263b43f0f974}] : (Bluetooth) [] -> @%SystemRoot%\system32\bthci.dll,-4001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e2f84ce7-8efa-411c-aa69-97454ca4cb57}] : (Extension) [] -> @c_extension.inf,%ClassDesc%;Extensions [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e55fa6f9-128c-4d04-abab-630c74b1453a}] : (Infrastructure) [] -> @c_fsinfrastructure.inf,%ClassDesc%;FS Infrastructure filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e6f1aa1c-7f3b-4473-b2e8-c97d8ac71d53}] : (UCM) [] -> @c_ucm.inf,%ClassDesc%;USB Connector Managers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{eec5ad98-8080-425f-922a-dabf3de3f69a}] : (WPD) [] -> @%SystemRoot%\System32\wpd_ci.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f2e7dd72-6468-4e36-b6f1-6488f42c1b52}] : (Firmware) [] -> @c_firmware.inf,%ClassDesc%;Firmware [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f3586baf-b5aa-49b5-8d6c-0569284c639f}] : (Compression) [] -> @c_fscompression.inf,%ClassDesc%;FS Compression filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f75a86c0-10d8-4c3a-b233-ed60e4cdfaac}] : (Virtualization) [] -> @c_fsvirtualization.inf,%ClassDesc%;FS Virtualization filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f8ecafa6-66d1-41a5-899b-66585d7216b7}] : (OpenFileBackup) [] -> @c_fsopenfilebackup.inf,%ClassDesc%;FS Open file backup filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{fe8f1572-c67a-48c0-bbac-0b5c6d66cafb}] : (Undelete) [] -> @c_fsundelete.inf,%ClassDesc%;FS Undelete filters [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5] -> elstrans.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) ---------- | Loaded modules (whitelist) [02/02/2018 22:25:43] - (2.4.7.0) - (Samsung Electronics Co., Ltd - Samsung NVM Express Storport Miniport Driver) - C:\WINDOWS\System32\drivers\secnvme.sys [02/02/2018 22:25:43] - (1.0.0.3) - (Samsung Electronics Co., Ltd - Samsung NVMe Filter driver) - C:\WINDOWS\System32\drivers\secnvmeF.sys [02/02/2018 22:19:51] - (8.98.0.0) - (REALiX(tm) - HWiNFO AMD64 Kernel Driver) - C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [23/04/2019 20:11:01] - (26.21.14.3039) - (NVIDIA Corporation - NVIDIA Windows Kernel Mode Driver, Version 430.39) - C:\WINDOWS\System32\DriverStore\FileRepository\nvlti.inf_amd64_7d75ec06a1da16da\nvlddmkm.sys [02/02/2018 22:25:53] - (1.1.1.1014) - (BayHubTech/O2Micro - BayHubTech/O2Micro SD Reader Driver) - C:\WINDOWS\System32\drivers\bhtpcrdr.sys [15/10/2017 20:22:14] - (1.5.0.18) - (Lenovo Corporation - ACPI Virtual Power Controller Driver) - C:\WINDOWS\System32\drivers\AcpiVpc.sys [29/01/2018 07:22:28] - (19.4.18.30) - (Synaptics Incorporated - Synaptics Touchpad Win64 Driver) - C:\WINDOWS\system32\DRIVERS\SynTP.sys [02/02/2018 21:05:33] - (19.4.18.30) - (Synaptics Incorporated - Synaptics SMBus Driver) - C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [24/05/2018 20:20:40] - (4.13.0.0) - (NVIDIA Corporation - NVIDIA Virtual Audio Driver) - C:\WINDOWS\system32\drivers\nvvad64v.sys [06/02/2019 22:32:19] - (303.0.0.0) - (NVIDIA Corporation - Virtual USB Host Controller driver) - C:\WINDOWS\System32\drivers\nvvhci.sys ---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service S0 - [Kernel Driver] - 3ware () -> System32\drivers\3ware.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - ACPI (@acpi.inf,%ACPI.SvcDesc%;Microsoft ACPI Driver) -> System32\drivers\ACPI.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - acpiex (Microsoft ACPIEx Driver) -> System32\Drivers\acpiex.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - ADP80XX () -> System32\drivers\ADP80XX.SYS - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdsata () -> System32\drivers\amdsata.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdsbs () -> System32\drivers\amdsbs.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdxata () -> System32\drivers\amdxata.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - arcsas (@arcsas.inf,%arcsas_ServiceName%;Adaptec SAS/SATA-II RAID Storport's Miniport Driver) -> System32\drivers\arcsas.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - atapi (@mshdc.inf,%idechannel.DeviceDesc%;IDE Channel) -> System32\drivers\atapi.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - b06bdrv (@netbvbda.inf,%vbd_srv_desc%;QLogic Network Adapter VBD) -> System32\drivers\bxvbda.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - bttflt (@virtdisk.inf,%service_desc%;Microsoft Hyper-V VHDPMEM BTT Filter) -> System32\drivers\bttflt.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - cht4iscsi () -> System32\drivers\cht4sx64.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - CLFS (@%SystemRoot%\system32\drivers\clfs.sys,-100) -> System32\drivers\CLFS.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - CNG () -> System32\Drivers\cng.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - Disk (@disk.inf,%disk_ServiceDesc%;Disk Driver) -> System32\drivers\disk.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - ebdrv (@netevbda.inf,%vbd_srv_desc%;QLogic 10 Gigabit Ethernet Adapter VBD) -> System32\drivers\evbda.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - EhStorClass (@%SystemRoot%\system32\drivers\EhStorClass.sys,-100) -> System32\drivers\EhStorClass.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - EhStorTcgDrv (@ehstortcgdrv.inf,%EhStorTcgDrv.Desc%;Microsoft driver for storage devices supporting IEEE 1667 and TCG protocols) -> System32\drivers\EhStorTcgDrv.sys - AcceptPause: False - AcceptStop: False R0 - [File System Driver] - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) -> System32\drivers\fileinfo.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) -> system32\drivers\fltmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) -> System32\DRIVERS\fvevol.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - HpSAMD () -> System32\drivers\HpSAMD.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) -> System32\drivers\hwpolicy.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - iaStorA (@oem25.inf,%iaStorA.DeviceDesc%;Intel(R) Chipset SATA/PCIe RST Premium Controller) -> System32\drivers\iaStorA.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - iaStorAC (@oem52.inf,%iaStorAC.DeviceDesc%;Intel(R) Chipset SATA/PCIe RST Premium Controller) -> System32\drivers\iaStorAC.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - iaStorAVC (@iastorav.inf,%iaStorAVC.DeviceDesc%;Intel Chipset SATA RAID Controller) -> System32\drivers\iaStorAVC.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - iaStorV (@iastorv.inf,%*PNP0600.DeviceDesc%;Intel RAID Controller Windows 7) -> System32\drivers\iaStorV.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - intelide () -> System32\drivers\intelide.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - intelpep (@intelpep.inf,%INTELPEP.SVCDESC%;Intel(R) Power Engine Plug-in Driver) -> System32\drivers\intelpep.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - iorate (@%SystemRoot%\system32\drivers\iorate.sys,-101) -> system32\drivers\iorate.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - isapnp () -> System32\drivers\isapnp.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - ItSas35i () -> System32\drivers\ItSas35i.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - KSecDD () -> System32\Drivers\ksecdd.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - KSecPkg () -> System32\Drivers\ksecpkg.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - LSI_SAS () -> System32\drivers\lsi_sas.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SAS2i () -> System32\drivers\lsi_sas2i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SAS3i () -> System32\drivers\lsi_sas3i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SSS () -> System32\drivers\lsi_sss.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasas () -> System32\drivers\megasas.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasas2i () -> System32\drivers\MegaSas2i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasas35i () -> System32\drivers\megasas35i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasr () -> System32\drivers\megasr.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) -> System32\drivers\mountmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - msisadrv () -> System32\drivers\msisadrv.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - MsSecFlt (@%SystemRoot%\System32\Drivers\mssecflt.sys,-1001) -> system32\drivers\mssecflt.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - Mup (@%systemroot%\system32\drivers\mup.sys,-101) -> System32\Drivers\mup.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - mvumis () -> System32\drivers\mvumis.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) -> system32\drivers\ndis.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - nvraid () -> System32\drivers\nvraid.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - nvstor () -> System32\drivers\nvstor.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) -> System32\drivers\partmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - pci (@pci.inf,%pci_svcdesc%;Pilote de bus PCI) -> System32\drivers\pci.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - pciide () -> System32\drivers\pciide.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - pcmcia () -> System32\drivers\pcmcia.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - pcw (Performance Counters for Windows Driver) -> System32\drivers\pcw.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - pdc (@%SystemRoot%\system32\drivers\pdc.sys,-100) -> system32\drivers\pdc.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - percsas2i () -> System32\drivers\percsas2i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - percsas3i () -> System32\drivers\percsas3i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - Ramdisk (Windows RAM Disk Driver) -> system32\DRIVERS\ramdisk.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - rdyboost (ReadyBoost) -> System32\drivers\rdyboost.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - sbp2port (@sbp2.inf,%sbp2_ServiceDesc%;SBP-2 Transport/Protocol Bus Driver) -> System32\drivers\sbp2port.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - scmbus (@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver) -> System32\drivers\scmbus.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - secnvme () -> System32\drivers\secnvme.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - secnvmeF () -> System32\drivers\secnvmeF.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - SgrmAgent (@%SystemRoot%\System32\Drivers\SgrmAgent.sys,-1001) -> system32\drivers\SgrmAgent.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - SiSRaid2 () -> System32\drivers\SiSRaid2.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - SiSRaid4 () -> System32\drivers\sisraid4.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - spaceport (@spaceport.inf,%Spaceport_ServiceDesc%;Storage Spaces Driver) -> System32\drivers\spaceport.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - stexstor () -> System32\drivers\stexstor.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storahci (@mshdc.inf,%storahci_ServiceDescription%;Microsoft Standard SATA AHCI Driver) -> System32\drivers\storahci.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storflt (@wstorflt.inf,%service_desc%;Microsoft Hyper-V Storage Accelerator) -> System32\drivers\vmstorfl.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - stornvme (@stornvme.inf,%StorNVMe_ServiceDesc%;Microsoft Standard NVM Express Driver) -> System32\drivers\stornvme.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storufs (@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver) -> System32\drivers\storufs.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storvsc () -> System32\drivers\storvsc.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - Tcpip (@%SystemRoot%\system32\drivers\tcpip.sys,-10001) -> System32\drivers\tcpip.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - vdrvroot (@vdrvroot.inf,%vdrvroot_svcdesc%;Microsoft Virtual Drive Enumerator) -> System32\drivers\vdrvroot.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - vmbus (@wvmbus.inf,%vmbus.SVCDESC%;Virtual Machine Bus) -> System32\drivers\vmbus.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - volmgr (@volmgr.inf,%volmgr_svcdesc%;Volume Manager Driver) -> System32\drivers\volmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) -> System32\drivers\volmgrx.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volsnap (@%SystemRoot%\system32\drivers\volsnap.sys,-100) -> System32\drivers\volsnap.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volume (@volume.inf,%VolumeServiceDesc%;Volume driver) -> System32\drivers\volume.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - vsmraid () -> System32\drivers\vsmraid.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - VSTXRAID (@vstxraid.inf,%Driver.DeviceDesc%;VIA StorX Storage RAID Controller Windows Driver) -> System32\drivers\vstxraid.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - WdBoot (@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-390) -> system32\drivers\wd\WdBoot.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) -> system32\drivers\Wdf01000.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - WdFilter (@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-330) -> system32\drivers\wd\WdFilter.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WFPLWFS (@%SystemRoot%\System32\drivers\wfplwfs.sys,-6000) -> System32\drivers\wfplwfs.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WindowsTrustedRT (Windows Trusted Execution Environment Class Extension) -> system32\drivers\WindowsTrustedRT.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WindowsTrustedRTProxy (@WindowsTrustedRTProxy.inf,%WindowsTrustedRTProxy.SVCDESC%;Microsoft Windows Trusted Runtime Secure Service) -> System32\drivers\WindowsTrustedRTProxy.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - Wof (Windows Overlay File System Filter Driver) -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) -> \SystemRoot\system32\drivers\afd.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - afunix (afunix) -> \SystemRoot\system32\drivers\afunix.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - ahcache (@%systemroot%\system32\drivers\ahcache.sys,-102) -> system32\DRIVERS\ahcache.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - bam (@%SystemRoot%\system32\drivers\bam.sys,-100) -> system32\drivers\bam.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - BasicDisplay () -> \SystemRoot\System32\drivers\BasicDisplay.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - BasicRender () -> \SystemRoot\System32\drivers\BasicRender.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Beep (Beep) -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - cdrom (@cdrom.inf,%cdrom_ServiceDesc%;CD-ROM Driver) -> \SystemRoot\System32\drivers\cdrom.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - CSC (@%systemroot%\system32\cscsvc.dll,-202) -> system32\drivers\csc.sys - AcceptPause: False - AcceptStop: True S1 - [Kernel Driver] - dam (@%SystemRoot%\system32\drivers\dam.sys,-100) -> system32\drivers\dam.sys - AcceptPause: False - AcceptStop: False R1 - [File System Driver] - Dfsc (@%systemroot%\system32\wkssvc.dll,-1008) -> System32\Drivers\dfsc.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - DXGKrnl (LDDM Graphics Subsystem) -> \SystemRoot\System32\drivers\dxgkrnl.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - FileCrypt (@%systemroot%\system32\drivers\filecrypt.sys,-100) -> system32\drivers\filecrypt.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - GpuEnergyDrv (@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100) -> System32\drivers\gpuenergydrv.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - HWiNFO32 (HWiNFO32/64 Kernel Driver) -> \??\C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - Msfs () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - mssmbios (@mssmbios.inf,%mssmbios_svcdesc%;Microsoft System Management BIOS Driver) -> \SystemRoot\System32\drivers\mssmbios.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - NetBIOS (@%windir%\system32\drivers\netbios.sys,-503) -> system32\drivers\netbios.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - NetBT (@%SystemRoot%\system32\drivers\netbt.sys,-2) -> System32\DRIVERS\netbt.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - Npfs () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - npsvctrig (@npsvctrig.inf,%NPSVCTRIG.SvcDisplayName%;Named pipe service trigger provider) -> \SystemRoot\System32\drivers\npsvctrig.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) -> system32\drivers\nsiproxy.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Null () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Psched (@%windir%\System32\drivers\pacer.sys,-101) -> System32\drivers\pacer.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) -> system32\DRIVERS\rdbss.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) -> \SystemRoot\system32\DRIVERS\tdx.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - vwififlt (@%SystemRoot%\System32\drivers\vwififlt.sys,-259) -> System32\drivers\vwififlt.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - CldFlt (Windows Cloud Files Filter Driver) -> system32\drivers\cldflt.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - lltdio (@%SystemRoot%\system32\lltdres.dll,-6) -> system32\drivers\lltdio.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) -> \SystemRoot\system32\drivers\luafv.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - MMCSS (@%systemroot%\system32\drivers\mmcss.sys,-100) -> \SystemRoot\system32\drivers\mmcss.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - mrxsmb10 (@%systemroot%\system32\wkssvc.dll,-1004) -> system32\DRIVERS\mrxsmb10.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - MsLldp (@%SystemRoot%\system32\drivers\mslldp.sys,-200) -> system32\drivers\mslldp.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - Ndu (@%SystemRoot%\system32\drivers\Ndu.sys,-10001) -> system32\drivers\Ndu.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - PEAUTH (PEAUTH) -> system32\drivers\peauth.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - rspndr (@%SystemRoot%\system32\lltdres.dll,-5) -> system32\drivers\rspndr.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - storqosflt (@%SystemRoot%\System32\drivers\storqosflt.sys,-101) -> system32\drivers\storqosflt.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - tcpipreg (TCP/IP Registry Compatibility) -> System32\drivers\tcpipreg.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - wanarp (@%systemroot%\system32\mprmsg.dll,-32011) -> System32\DRIVERS\wanarp.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - wcifs (@%systemroot%\system32\drivers\wcifs.sys,-100) -> \SystemRoot\system32\drivers\wcifs.sys - AcceptPause: False - AcceptStop: True ---------- | System files (Microsoft|Avast|Atheros|Adaptec|Brother|Intel Files whitelisted) ---------- | Uninstall (Whitelist) [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F64180191F0}] : (Java 8 Update 191 (64-bit).-.Oracle Corporation) -> MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F64180191F0} ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{569F29BA-2D46-439B-8B7C-01D999B9201D}] : (...-.Intel) -> MsiExec.exe /I{569F29BA-2D46-439B-8B7C-01D999B9201D} ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{66C5838F-B854-4A55-89E6-A6138747A4DF}] : (Epic Games Launcher Prerequisites (x64).-.Epic Games, Inc.) -> MsiExec.exe /X{66C5838F-B854-4A55-89E6-A6138747A4DF} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{8738A898-221B-4279-BC87-FEF7938022C1}] : (Dolby Audio X2 Windows API SDK.-.Dolby Laboratories, Inc.) -> MsiExec.exe /X{8738A898-221B-4279-BC87-FEF7938022C1} ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel] : (NVIDIA Ansel.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel] : (Panneau de configuration NVIDIA 430.39.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus] : (NVIDIA Optimus Update 37.0.0.0.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update] : (Mises à jour NVIDIA 37.0.0.0.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer] : (DisplayDriverAnalyzer.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv] : (NVIDIA SHIELD Streaming.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer] : (NVIDIA Install Application.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvAbHub] : (NVIDIA ABHub.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvBackend] : (NVIDIA Backend.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer] : (NVIDIA Container.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.ContainerTelemetryApiHelper] : (NVIDIA TelemetryApi helper for NvContainer.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.LocalSystem] : (NVIDIA LocalSystem Container.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.MessageBus] : (NVIDIA Message Bus for NvContainer.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NetworkService] : (NVIDIA NetworkService Container.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor] : (NVAPI Monitor plugin for NvContainer.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.Session] : (NVIDIA Session Container.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.User] : (NVIDIA User Container.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainer] : (NVIDIA Display Container.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainerLS] : (NVIDIA Display Container LS.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayPluginWatchdog] : (NVIDIA Display Watchdog Plugin.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplaySessionContainer] : (NVIDIA Display Session Container.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs] : (NVIDIA NodeJS.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvPlugin.Watchdog] : (NVIDIA Watchdog Plugin for NvContainer.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry] : (NVIDIA Telemetry Client.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetryContainer] : (NVIDIA Telemetry Container.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvVHCI] : (NVIDIA Virtual Host Controller.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_OSC] : (Nvidia Share.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay] : (NVIDIA ShadowPlay 3.19.0.107.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController] : (NVIDIA SHIELD Wireless Controller Driver.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core] : (NVIDIA Update Core.-.NVIDIA Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver] : (NVIDIA Virtual Audio 4.13.0.0.-.NVIDIA Corporation) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{F936275B-96A7-4823-B4F8-0C0D3DC70C70}] : (LibreOffice 6.1.5.2.-.The Document Foundation) -> MsiExec.exe /I{F936275B-96A7-4823-B4F8-0C0D3DC70C70} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield Uninstall Information] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\KULT-ULTIMATE] : (KULT-ULTIMATE 1.0.-.niudodo) -> V:\Program Files (x86)\KULT-ULTIMATE\uninst.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{0990E25C-5C33-B615-1F5D-0B21B1131C54}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{0E11C64F-A7F9-E911-99CB-309058080C24}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{0F84C7C8-13B2-37AB-8080-C040E0A0F0D0}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{131BB145-57D0-4600-0000-808040C02060}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{16186075-98C1-7402-0309-0D27BA2EC54F}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{287831FC-A422-15F2-EBC1-216394BC9ACE}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{2E6C1468-EBA3-944C-7256-0103848C52F6}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{2E72F364-A682-E8F2-6B41-6123B41CAAFE}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{337A054A-E2C5-33B6-91B3-0C24B6223399}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{3B47F08D-E1D2-09C6-A9FB-F8E8DC94DE9A}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{46E76F43-952C-E5C2-A3E9-DD97E2A6F9EB}] : (.-.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}] : (Java Auto Updater.-.Oracle Corporation) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{4D0D4DB6-A15E-AF27-BA2E-45CF36A2F3D9}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{5704F61E-26B5-4710-98C8-AC0486925B11}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{60BEDB5A-2186-461B-A562-E40088BCB0C6}] : (Epic Games Launcher.-.Epic Games, Inc.) -> MsiExec.exe /X{60BEDB5A-2186-461B-A562-E40088BCB0C6} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{64FE75C7-6EA1-7DB3-8CA4-7662133955FF}] : (.-.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{9F460796-0348-4B11-BCA0-714C4B85E3D7}] : (.. ..-.Intel) -> MsiExec.exe /X{9F460796-0348-4B11-BCA0-714C4B85E3D7} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}] : (Google Update Helper.-.Google Inc.) -> MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F70BCE36-25F2-4475-A918-6209B3D85BF3}] : (Intel(R) C++ Redistributables on Intel(R) 64.-.Intel Corporation) -> MsiExec.exe /X{F70BCE36-25F2-4475-A918-6209B3D85BF3} ---------- | Ports ---------- | Installer [HKCR\Installer\Products\4EA42A62D9304AC4784BF2468110190F] : Java 8 Update 191 (64-bit) -> V:\Program Files\Java\\bin\javaws.exe [HKCR\Installer\Products\63ECB07F2F5257449A8126903B8DB53F] : Intel(R) C++ Redistributables on Intel(R) 64 [HKCR\Installer\Products\697064F9843011B4CB0A17C4B4583E7D] : . . . -> C:\Windows\Installer\{9F460796-0348-4B11-BCA0-714C4B85E3D7}\ProductIcon [HKCR\Installer\Products\898A8378B1229724CB78EF7F3908221C] : Dolby Audio X2 Windows API SDK -> C:\WINDOWS\Installer\{8738A898-221B-4279-BC87-FEF7938022C1}\DolbyBlue.exe [HKCR\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E] : Google Update Helper [HKCR\Installer\Products\A5BDEB066812B1645A264E0088CB0B6C] : Epic Games Launcher -> C:\WINDOWS\Installer\{60BEDB5A-2186-461B-A562-E40088BCB0C6}\Installer.ico [HKCR\Installer\Products\A86BF41F88196304DAD00D45CBC92919] : Update for Windows 10 for x64-based Systems (KB4023057) [HKCR\Installer\Products\AB92F96564D2B934B8C7109D999B02D1] : . . [HKCR\Installer\Products\B572639F7A6932844B8FC0D0D37CC007] : LibreOffice 6.1.5.2 -> C:\WINDOWS\Installer\{F936275B-96A7-4823-B4F8-0C0D3DC70C70}\soffice.ico [HKCR\Installer\Products\F60730A4A66673047777F5728467D401] : Java Auto Updater [HKCR\Installer\Products\F8385C66458B55A4986E6A3178744AFD] : Epic Games Launcher Prerequisites (x64) -> C:\Windows\Installer\{66C5838F-B854-4A55-89E6-A6138747A4DF}\UnrealEngineLauncher.ico ---------- | Drives ---------- | MBR 64 bits not supported by MBR.exe, Dump : C:\QuickDiag\MBR.Bin ---------- | 20 LastEventLog Nom de l’application défaillante svchost.exe_DiagTrack, version : 10.0.17134.556, horodatage : 0xf23cada5 Nom du module défaillant : diagtrack.dll, version : 10.0.17134.799, horodatage : 0xa4e609e3 Code d’exception : 0xc0000409 Décalage d’erreur : 0x000000000001f310 ID du processus défaillant : 0x2afc Heure de début de l’application défaillante : 0x01d5610bda900870 Chemin d’accès de l’application défaillante : C:\WINDOWS\System32\svchost.exe Chemin d’accès du module défaillant: c:\windows\system32\diagtrack.dll ID de rapport : 8140c914-b95b-4195-9597-ff7b4f44903b Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Échec de l’activation des licences (slui.exe) avec le code d’erreur suivant : hr=0xC004F074 Arguments de la ligne de commande : RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1 ------------ Échec de l’activation des licences (slui.exe) avec le code d’erreur suivant : hr=0xC004F074 Arguments de la ligne de commande : RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable ------------ Nom de l’application défaillante backgroundTaskHost.exe, version : 10.0.17134.1, horodatage : 0xcb43d9c5 Nom du module défaillant : biwinrt.dll, version : 10.0.17134.1, horodatage : 0x695175ab Code d’exception : 0xc000027b Décalage d’erreur : 0x000000000000e5b7 ID du processus défaillant : 0x2588 Heure de début de l’application défaillante : 0x01d5610bce29a2c3 Chemin d’accès de l’application défaillante : C:\WINDOWS\system32\backgroundTaskHost.exe Chemin d’accès du module défaillant: C:\Windows\System32\biwinrt.dll ID de rapport : 92fce850-fe67-4555-8ff3-72c2a82c3c09 Nom complet du package défaillant : Microsoft.Windows.Cortana_1.10.7.17134_neutral_neutral_cw5n1h2txyewy ID de l’application relative au package défaillant : CortanaUI ------------ Nom de l’application défaillante backgroundTaskHost.exe, version : 10.0.17134.1, horodatage : 0xcb43d9c5 Nom du module défaillant : biwinrt.dll, version : 10.0.17134.1, horodatage : 0x695175ab Code d’exception : 0xc000027b Décalage d’erreur : 0x000000000000e5b7 ID du processus défaillant : 0x2080 Heure de début de l’application défaillante : 0x01d5610bc76f725e Chemin d’accès de l’application défaillante : C:\WINDOWS\system32\backgroundTaskHost.exe Chemin d’accès du module défaillant: C:\Windows\System32\biwinrt.dll ID de rapport : 9c469933-293b-44c7-be8a-cc296c61e25f Nom complet du package défaillant : Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe ID de l’application relative au package défaillant : x4c7a3b7dy2188y46d4ya362y19ac5a5805e5x ------------ Nom de l’application défaillante svchost.exe_DiagTrack, version : 10.0.17134.556, horodatage : 0xf23cada5 Nom du module défaillant : diagtrack.dll, version : 10.0.17134.799, horodatage : 0xa4e609e3 Code d’exception : 0xc0000409 Décalage d’erreur : 0x000000000001f310 ID du processus défaillant : 0x22f8 Heure de début de l’application défaillante : 0x01d5610bc7ebd109 Chemin d’accès de l’application défaillante : C:\WINDOWS\System32\svchost.exe Chemin d’accès du module défaillant: c:\windows\system32\diagtrack.dll ID de rapport : 425c3804-fbf6-4997-8db5-666ee710c4f5 Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Nom de l’application défaillante svchost.exe_DiagTrack, version : 10.0.17134.556, horodatage : 0xf23cada5 Nom du module défaillant : diagtrack.dll, version : 10.0.17134.799, horodatage : 0xa4e609e3 Code d’exception : 0xc0000409 Décalage d’erreur : 0x000000000001f310 ID du processus défaillant : 0x1254 Heure de début de l’application défaillante : 0x01d5610bb4c19bde Chemin d’accès de l’application défaillante : C:\WINDOWS\System32\svchost.exe Chemin d’accès du module défaillant: c:\windows\system32\diagtrack.dll ID de rapport : 0b575a9c-ee8a-4d5d-80b8-f508f25ff2d4 Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Nom de l’application défaillante ShellExperienceHost.exe, version : 10.0.17134.753, horodatage : 0x5cb9a3e6 Nom du module défaillant : Windows.UI.Xaml.dll, version : 10.0.17134.799, horodatage : 0x4c4ad50a Code d’exception : 0xc000027b Décalage d’erreur : 0x00000000006a6552 ID du processus défaillant : 0x2898 Heure de début de l’application défaillante : 0x01d55ead1024b666 Chemin d’accès de l’application défaillante : C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe Chemin d’accès du module défaillant: C:\Windows\System32\Windows.UI.Xaml.dll ID de rapport : 442165a4-fa63-4580-bcfc-9403643f1fd9 Nom complet du package défaillant : Microsoft.Windows.ShellExperienceHost_10.0.17134.112_neutral_neutral_cw5n1h2txyewy ID de l’application relative au package défaillant : App ------------ Nom de l’application défaillante svchost.exe_DiagTrack, version : 10.0.17134.556, horodatage : 0xf23cada5 Nom du module défaillant : diagtrack.dll, version : 10.0.17134.799, horodatage : 0xa4e609e3 Code d’exception : 0xc0000409 Décalage d’erreur : 0x000000000001f310 ID du processus défaillant : 0x2c44 Heure de début de l’application défaillante : 0x01d560f0cac30d90 Chemin d’accès de l’application défaillante : C:\WINDOWS\System32\svchost.exe Chemin d’accès du module défaillant: c:\windows\system32\diagtrack.dll ID de rapport : ceb3ef3b-7480-4efd-a5a4-633fc0e126f9 Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Nom de l’application défaillante svchost.exe_DiagTrack, version : 10.0.17134.556, horodatage : 0xf23cada5 Nom du module défaillant : diagtrack.dll, version : 10.0.17134.799, horodatage : 0xa4e609e3 Code d’exception : 0xc0000409 Décalage d’erreur : 0x000000000001f310 ID du processus défaillant : 0x24b0 Heure de début de l’application défaillante : 0x01d560f0c471fcec Chemin d’accès de l’application défaillante : C:\WINDOWS\System32\svchost.exe Chemin d’accès du module défaillant: c:\windows\system32\diagtrack.dll ID de rapport : 8906e47e-b5bf-4931-973f-6f0f2a06a2f6 Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Nom de l’application défaillante svchost.exe_DiagTrack, version : 10.0.17134.556, horodatage : 0xf23cada5 Nom du module défaillant : diagtrack.dll, version : 10.0.17134.799, horodatage : 0xa4e609e3 Code d’exception : 0xc0000409 Décalage d’erreur : 0x000000000001f310 ID du processus défaillant : 0x1d6c Heure de début de l’application défaillante : 0x01d560f0bae1ad05 Chemin d’accès de l’application défaillante : C:\WINDOWS\System32\svchost.exe Chemin d’accès du module défaillant: c:\windows\system32\diagtrack.dll ID de rapport : 2cc6d675-b2b7-4bd4-a216-13d5c242958f Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Nom de l’application défaillante svchost.exe_DiagTrack, version : 10.0.17134.556, horodatage : 0xf23cada5 Nom du module défaillant : diagtrack.dll, version : 10.0.17134.799, horodatage : 0xa4e609e3 Code d’exception : 0xc0000409 Décalage d’erreur : 0x000000000001f310 ID du processus défaillant : 0x1b4c Heure de début de l’application défaillante : 0x01d560ed8d7d4904 Chemin d’accès de l’application défaillante : C:\WINDOWS\System32\svchost.exe Chemin d’accès du module défaillant: c:\windows\system32\diagtrack.dll ID de rapport : 55ffcb7d-d908-40e2-a126-b7cc02d5ced0 Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Nom de l’application défaillante svchost.exe_DiagTrack, version : 10.0.17134.556, horodatage : 0xf23cada5 Nom du module défaillant : diagtrack.dll, version : 10.0.17134.799, horodatage : 0xa4e609e3 Code d’exception : 0xc0000409 Décalage d’erreur : 0x000000000001f310 ID du processus défaillant : 0x644 Heure de début de l’application défaillante : 0x01d560ed868e3481 Chemin d’accès de l’application défaillante : C:\WINDOWS\System32\svchost.exe Chemin d’accès du module défaillant: c:\windows\system32\diagtrack.dll ID de rapport : 364f489e-e60c-4d3a-b19c-71d28127c4b2 Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Nom de l’application défaillante svchost.exe_DiagTrack, version : 10.0.17134.556, horodatage : 0xf23cada5 Nom du module défaillant : diagtrack.dll, version : 10.0.17134.799, horodatage : 0xa4e609e3 Code d’exception : 0xc0000409 Décalage d’erreur : 0x000000000001f310 ID du processus défaillant : 0x2ddc Heure de début de l’application défaillante : 0x01d560ed73e20918 Chemin d’accès de l’application défaillante : C:\WINDOWS\System32\svchost.exe Chemin d’accès du module défaillant: c:\windows\system32\diagtrack.dll ID de rapport : 486e7bd2-3910-48b6-9e41-81e38a07500f Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Nom de l’application défaillante svchost.exe_DiagTrack, version : 10.0.17134.556, horodatage : 0xf23cada5 Nom du module défaillant : diagtrack.dll, version : 10.0.17134.799, horodatage : 0xa4e609e3 Code d’exception : 0xc0000409 Décalage d’erreur : 0x000000000001f310 ID du processus défaillant : 0x1bdc Heure de début de l’application défaillante : 0x01d560ed698aec15 Chemin d’accès de l’application défaillante : C:\WINDOWS\System32\svchost.exe Chemin d’accès du module défaillant: c:\windows\system32\diagtrack.dll ID de rapport : d5bf07e3-c5d7-4efd-bb8b-a7f38a73f2ea Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Échec de l’activation des licences (slui.exe) avec le code d’erreur suivant : hr=0xC004F074 Arguments de la ligne de commande : RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable ------------ Échec de l’activation des licences (slui.exe) avec le code d’erreur suivant : hr=0xC004F074 Arguments de la ligne de commande : RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=TimerEvent ------------ Nom de l’application défaillante backgroundTaskHost.exe, version : 10.0.17134.1, horodatage : 0xcb43d9c5 Nom du module défaillant : biwinrt.dll, version : 10.0.17134.1, horodatage : 0x695175ab Code d’exception : 0xc000027b Décalage d’erreur : 0x000000000000e5b7 ID du processus défaillant : 0x14e4 Heure de début de l’application défaillante : 0x01d560ed00727b6b Chemin d’accès de l’application défaillante : C:\WINDOWS\system32\backgroundTaskHost.exe Chemin d’accès du module défaillant: C:\Windows\System32\biwinrt.dll ID de rapport : a5d8380d-80d0-47d1-870c-b4b56bdeba3d Nom complet du package défaillant : Microsoft.Windows.Cortana_1.10.7.17134_neutral_neutral_cw5n1h2txyewy ID de l’application relative au package défaillant : CortanaUI ------------ Nom de l’application défaillante backgroundTaskHost.exe, version : 10.0.17134.1, horodatage : 0xcb43d9c5 Nom du module défaillant : twinapi.appcore.dll, version : 10.0.17134.137, horodatage : 0xb5d50228 Code d’exception : 0xc000027b Décalage d’erreur : 0x000000000009cad5 ID du processus défaillant : 0x1b8 Heure de début de l’application défaillante : 0x01d560ecfdedcdbb Chemin d’accès de l’application défaillante : C:\WINDOWS\system32\backgroundTaskHost.exe Chemin d’accès du module défaillant: C:\Windows\System32\twinapi.appcore.dll ID de rapport : 8b8ea417-015b-491f-9182-679fa301a2a8 Nom complet du package défaillant : Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe ID de l’application relative au package défaillant : x4c7a3b7dy2188y46d4ya362y19ac5a5805e5x ------------ ----------( EOF)---------- - 4150 | 23:48:39