--------------- QuickDiag | g3n-h@ckm@n | V5_10.09.19.1 --------------- ----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 15/09/2019 09:21:35 Updated 10/09/2019 | 23:30 (GMT) by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Time Zone : (UTC+01:00) Bruxelles, Copenhague, Madrid, Paris [Alain Brizault (Administrator)] - [ASUS] (S-1-5-21-3951195138-895905141-1799569697-1005) System: Microsoft Windows 10 Famille - - (10.0.18362) - BuildType: Multiprocessor Free - OSLanguage: 1036 (040c) -> (1903) System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True Boot : Microsoft Windows 10 Famille|C:\WINDOWS|\Device\Harddisk0\Partition2 Boot : Normal boot PC: CM6630_CM6730_CM6830. - ASUSTeK Computer INC. - IdNumber: C4PDCG000441 - UUID: 48863D80-D7DA-11DD-BCF6-10BF484D0D23 Processor : X64 - 3293 Mhz - Intel(R) Core(TM) i3-2120 CPU @ 3.30GHz VerbatimSTORE N GO 5.00 - en- - American Megatrends Inc. - S/N: C4PDCG000441 - 3602 - _ASUS_ - 1072009 CoreTemp : 29.8 Celsius ----------| Quick ---------- | SoundDevice Son Intel(R) pour écrans - Status: OK - Manufacturer: Intel(R) Corporation - PNPDeviceID: HDAUDIO\FUNC_01&VEN_8086&DEV_2805&SUBSYS_80860101&REV_1000\4&C43E6D5&0&0301 AMD High Definition Audio Device - Status: OK - Manufacturer: Advanced Micro Devices - PNPDeviceID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1002\5&28046A4D&0&0001 Realtek High Definition Audio - Status: OK - Manufacturer: Realtek - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0887&SUBSYS_10438444&REV_1003\4&C43E6D5&0&0001 HD Webcam C525 - Status: OK - Manufacturer: Logitech - PNPDeviceID: USB\VID_046D&PID_0826&MI_00\7&2A417FFC&0&0000 ---------- | Video Intel(R) HD Graphics - Resolution: x - Colors: - RefreshRate: - Bits Per Pixel - DeviceID: VideoController1 - Drivers: igdumd64.dll,igd10umd64.dll,igd10umd64.dll - PNPDeviceID: PCI\VEN_8086&DEV_0102&SUBSYS_844D1043&REV_09\3&11583659&0&10 - AdapterCompatibility: Intel Corporation - RAM: -2084569088 AMD Mobility Radeon HD 5000 Series - Resolution: 1680x1050 - Colors: 4294967296 - RefreshRate: 60 - 32 Bits Per Pixel - DeviceID: VideoController2 - Drivers: aticfx64.dll,aticfx64.dll,aticfx64.dll,amdxc64.dll - PNPDeviceID: PCI\VEN_1002&DEV_68E1&SUBSYS_041F1043&REV_00\4&80E7924&0&0008 - AdapterCompatibility: Advanced Micro Devices, Inc. - RAM: 1073741824 Inegrated Video Chipset DeviceName: Intel(R) HD Graphics - DriverVersion: 9.17.10.4459 - SpecificationVersion: 1025 ---------- | Codecs C:\WINDOWS\system32\MSVIDC32.DLL - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 39424 - Manufacturer: Microsoft Corporation - Status: OK C:\WINDOWS\system32\MSGSM32.ACM - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 42600 - Manufacturer: Microsoft Corporation - Status: OK C:\WINDOWS\system32\MSG711.ACM - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 26056 - Manufacturer: Microsoft Corporation - Status: OK C:\WINDOWS\system32\TSBYUV.DLL - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 16896 - Manufacturer: Microsoft Corporation - Status: OK C:\WINDOWS\system32\MSADP32.ACM - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 34808 - Manufacturer: Microsoft Corporation - Status: OK C:\WINDOWS\system32\IMAADP32.ACM - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 36920 - Manufacturer: Microsoft Corporation - Status: OK C:\WINDOWS\system32\LVCOD64.DLL - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 175392 - Manufacturer: Logitech Inc. - Status: OK C:\WINDOWS\system32\MSYUV.DLL - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 27648 - Manufacturer: Microsoft Corporation - Status: OK C:\WINDOWS\system32\IYUV_32.DLL - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 54272 - Manufacturer: Microsoft Corporation - Status: OK C:\WINDOWS\system32\L3CODECA.ACM - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 92672 - Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK C:\WINDOWS\system32\MSRLE32.DLL - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 17920 - Manufacturer: Microsoft Corporation - Status: OK ---------- | CPU CPU #1 value:0 % CPU #2 value:6 % CPU #3 value:6 % CPU #4 value:0 % Total Overall CPU Usage value:3 % ---------- | Network Realtek PCIe GbE Family Controller : SENT:0 bytes/sec / RECVD:0 bytes/sec 802.11n Wireless LAN Card : SENT:0 bytes/sec / RECVD:0 bytes/sec Overall -> SEND Maxium:3 bytes/sec, / RECEIVE Maximum:0 bytes/sec Microsoft Kernel Debug Network Adapter - - Microsoft - Status: - PnPID : ROOT\KDNIC\0000 Realtek PCIe GbE Family Controller - Ethernet 802.3 - Realtek - Status: - PnPID : PCI\VEN_10EC&DEV_8168&SUBSYS_84321043&REV_06\4&1D7623A1&0&00E2 802.11n Wireless LAN Card - Ethernet 802.3 - Ralink Technology, Corp. - Status: - PnPID : PCI\VEN_1814&DEV_3090&SUBSYS_760111AD&REV_00\4&DDEC341&0&00E1 Microsoft Hosted Network Virtual Adapter - Ethernet 802.3 - Microsoft - Status: - PnPID : {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP_SAP\5&32DF1B4E&0&11 WAN Miniport (SSTP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_SSTPMINIPORT WAN Miniport (IKEv2) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_AGILEVPNMINIPORT WAN Miniport (L2TP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_L2TPMINIPORT WAN Miniport (PPTP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_PPTPMINIPORT WAN Miniport (PPPOE) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_PPPOEMINIPORT WAN Miniport (IP) - Ethernet 802.3 - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_NDISWANIP WAN Miniport (IPv6) - Ethernet 802.3 - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_NDISWANIPV6 WAN Miniport (Network Monitor) - Ethernet 802.3 - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_NDISWANBH ---------- | Memory RAM = Total (MB) : 6186 | Free (MB) : 3416 Pagefile = Total (MB) : 7169 | Free (MB) : 4215 Virtual = Total (MB) : 4194 | Free (MB) : 3899 Physical Memory 0 : Capacity: 2147483648 - ChannelA-DIMM0 - Posit.: 1 - Manufacturer: 06C1 - PartNumber: SLZ302G08-GGNHC - S/N: 00014200 Physical Memory 1 : Capacity: 4294967296 - ChannelB-DIMM0 - Posit.: 2 - Manufacturer: 06C1 - PartNumber: SLA302G08-GGNHC - S/N: 00000024 ---------- | SID Users Administrateur : [S-1-5-21-3951195138-895905141-1799569697-500] Alain Brizault : [S-1-5-21-3951195138-895905141-1799569697-1005] DefaultAccount : [S-1-5-21-3951195138-895905141-1799569697-503] HomeGroupUser$ : [S-1-5-21-3951195138-895905141-1799569697-1002] Invité : [S-1-5-21-3951195138-895905141-1799569697-501] WDAGUtilityAccount : [S-1-5-21-3951195138-895905141-1799569697-504] Administrateurs : [S-1-5-32-544] Administrateurs Hyper-V : [S-1-5-32-578] IIS_IUSRS : [S-1-5-32-568] Invités : [S-1-5-32-546] Lecteurs des journaux d’événements : [S-1-5-32-573] System Managed Accounts Group : [S-1-5-32-581] Utilisateurs : [S-1-5-32-545] Utilisateurs de gestion à distance : [S-1-5-32-580] Utilisateurs de l’Analyseur de performances : [S-1-5-32-558] Utilisateurs du journal de performances : [S-1-5-32-559] Utilisateurs du modèle COM distribué : [S-1-5-32-562] AMD FUEL : [S-1-5-21-3951195138-895905141-1799569697-1041] HomeUsers : [S-1-5-21-3951195138-895905141-1799569697-1001] ---------- | SystemAccounts Name: Tout le monde - SID: S-1-1-0 - SIDType: 5 - Status: OK Name: LOCAL - SID: S-1-2-0 - SIDType: 5 - Status: OK Name: CREATEUR PROPRIETAIRE - SID: S-1-3-0 - SIDType: 5 - Status: OK Name: GROUPE CREATEUR - SID: S-1-3-1 - SIDType: 5 - Status: OK Name: CREATOR OWNER SERVER - SID: S-1-3-2 - SIDType: 5 - Status: OK Name: CREATOR GROUP SERVER - SID: S-1-3-3 - SIDType: 5 - Status: OK Name: DROITS DU PROPRIÉTAIRE - SID: S-1-3-4 - SIDType: 5 - Status: OK Name: LIGNE - SID: S-1-5-1 - SIDType: 5 - Status: OK Name: RESEAU - SID: S-1-5-2 - SIDType: 5 - Status: OK Name: TACHE - SID: S-1-5-3 - SIDType: 5 - Status: OK Name: INTERACTIF - SID: S-1-5-4 - SIDType: 5 - Status: OK Name: SERVICE - SID: S-1-5-6 - SIDType: 5 - Status: OK Name: ANONYMOUS LOGON - SID: S-1-5-7 - SIDType: 5 - Status: OK Name: Proxy - SID: S-1-5-8 - SIDType: 5 - Status: OK Name: Système - SID: S-1-5-18 - SIDType: 5 - Status: OK Name: ENTERPRISE DOMAIN CONTROLLERS - SID: S-1-5-9 - SIDType: 5 - Status: OK Name: SELF - SID: S-1-5-10 - SIDType: 5 - Status: OK Name: Utilisateurs authentifiés - SID: S-1-5-11 - SIDType: 5 - Status: OK Name: RESTRICTED - SID: S-1-5-12 - SIDType: 5 - Status: OK Name: UTILISATEUR TERMINAL SERVER - SID: S-1-5-13 - SIDType: 5 - Status: OK Name: REMOTE INTERACTIVE LOGON - SID: S-1-5-14 - SIDType: 5 - Status: OK Name: IUSR - SID: S-1-5-17 - SIDType: 5 - Status: OK Name: SERVICE LOCAL - SID: S-1-5-19 - SIDType: 5 - Status: OK Name: SERVICE RÉSEAU - SID: S-1-5-20 - SIDType: 5 - Status: OK Name: BUILTIN - SID: S-1-5-32 - SIDType: 3 - Status: OK ---------- | Drives C:\ -> [Fixed] | [WIN10] | Total : 272.02 Go | Free : 210.2 Go -> NTFS [SATA] D:\ -> [Fixed] | [] | Total : 407.94 Go | Free : 322.48 Go -> NTFS [SATA] Disk Usage Information [1 total Physical Disks] Physical Drive #0 [C:, D:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Overall - Read Maximum:0 bytes/sec, Write Maximum:0 bytes/sec DeviceID: \\.\PHYSICALDRIVE0 - Status: OK - SCSI - Fixed hard disk media - 3 Part. - PnPID : SCSI\DISK&VEN_WDC&PROD_WD10EZEX-08WN4A0\5&96B5FC1&0&010000 ---------- | Windows updates - Activation - License W.A.T : :) Test 1 : Windows Is Activated Volume License ---------- | Browsers ---------- | FlashPlayer FlashPlayer ActiveX : 32.0.0.255 FlashPlayer Plugin : 32.0.0.255 ---------- | Security AV : Windows Defender Enabled AS : FW : WINDOWS Firewall WMI : OK WU: Windows Update Service [Auto(2)] = stopped AS: Windows Defender [Auto(2)] = Running WMI: Windows Management Instrumentation [Auto(2)] = Running ---------- | Running processes 404 | [Owner : Système | Parent : 4(System) | ?????] - (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (10.0.18362.1) = C:\Windows\System32\smss.exe [19/03/2019 06:44:35] CPU Usage:0 % 648 | [Owner : Système | Parent : 632() | ?????] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (10.0.18362.1) = C:\Windows\System32\csrss.exe [19/03/2019 06:44:35] CPU Usage:0 % 756 | [Owner : Système | Parent : 632() | ?????] - (.Microsoft Corporation - Application de démarrage de Windows.) - (10.0.18362.1) = C:\Windows\System32\wininit.exe [19/03/2019 06:44:35] CPU Usage:0 % 828 | [Owner : Système | Parent : 756(wininit.exe) | ?????] - (.Microsoft Corporation - Applications Services et Contrôleur.) - (10.0.18362.207) = C:\Windows\System32\services.exe [28/06/2019 15:10:57] CPU Usage:0 % 836 | [Owner : Système | Parent : 756(wininit.exe) | 17.18 Mo] - (.Microsoft Corporation - Local Security Authority Process.) - (10.0.18362.1) = C:\Windows\System32\lsass.exe [19/03/2019 06:44:36] CPU Usage:0 % 360 | [Owner : Système | Parent : 828(services.exe) | 3.76 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 580 | [Owner : UMFD-0 | Parent : 756(wininit.exe) | 2.66 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.18362.295) = C:\Windows\System32\fontdrvhost.exe [13/08/2019 20:19:02] CPU Usage:0 % 652 | [Owner : Système | Parent : 828(services.exe) | 26.42 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 1040 | [Owner : SERVICE RÉSEAU | Parent : 828(services.exe) | 15.82 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 1084 | [Owner : Système | Parent : 828(services.exe) | 7.82 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 1260 | [Owner : Système | Parent : 828(services.exe) | 9.79 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 1268 | [Owner : SERVICE LOCAL | Parent : 828(services.exe) | 11.6 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 1356 | [Owner : Système | Parent : 828(services.exe) | 5.66 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 1432 | [Owner : SERVICE LOCAL | Parent : 828(services.exe) | 13.36 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 1556 | [Owner : SERVICE LOCAL | Parent : 828(services.exe) | 6.08 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 1592 | [Owner : SERVICE LOCAL | Parent : 828(services.exe) | 6.79 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 1680 | [Owner : SERVICE RÉSEAU | Parent : 828(services.exe) | 10.61 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 1716 | [Owner : SERVICE RÉSEAU | Parent : 828(services.exe) | 7.86 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 1728 | [Owner : Système | Parent : 828(services.exe) | 5.38 Mo] - (.AMD - AMD External Events Service Module.) - (6.14.11.1199) = C:\Windows\System32\atiesrxx.exe [09/08/2015 07:10:14] CPU Usage:0 % 1828 | [Owner : Système | Parent : 828(services.exe) | 14.51 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 1856 | [Owner : SERVICE LOCAL | Parent : 828(services.exe) | 39.3 Mo] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (10.0.18362.1) = C:\Windows\System32\WUDFHost.exe [19/03/2019 06:44:53] CPU Usage:0 % 1952 | [Owner : Système | Parent : 828(services.exe) | 9.42 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 1964 | [Owner : SERVICE LOCAL | Parent : 828(services.exe) | 8.34 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 1584 | [Owner : Système | Parent : 828(services.exe) | 11.69 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 1688 | [Owner : Système | Parent : 828(services.exe) | 105.33 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 1672 | [Owner : Système | Parent : 828(services.exe) | 5.6 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 1752 | [Owner : SERVICE LOCAL | Parent : 828(services.exe) | 7.34 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 2172 | [Owner : Système | Parent : 828(services.exe) | 7.37 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 2260 | [Owner : Système | Parent : 828(services.exe) | 15.89 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 2332 | [Owner : SERVICE LOCAL | Parent : 828(services.exe) | 7.07 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 2344 | [Owner : Système | Parent : 828(services.exe) | 7.08 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 2368 | [Owner : SERVICE LOCAL | Parent : 828(services.exe) | 6.9 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 2408 | [Owner : SERVICE LOCAL | Parent : 828(services.exe) | 9.02 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 2480 | [Owner : Système | Parent : 828(services.exe) | 9.56 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 2664 | [Owner : Système | Parent : 828(services.exe) | 20.68 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 2732 | [Owner : SERVICE LOCAL | Parent : 828(services.exe) | 8.09 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 2996 | [Owner : Système | Parent : 828(services.exe) | 6.23 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 3032 | [Owner : SERVICE LOCAL | Parent : 2996(svchost.exe) | 57.2 Mo] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (10.0.18362.1) = C:\Windows\System32\dasHost.exe [19/03/2019 06:44:18] CPU Usage:0 % 3048 | [Owner : SERVICE LOCAL | Parent : 828(services.exe) | 13.32 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 2832 | [Owner : SERVICE LOCAL | Parent : 828(services.exe) | 9.18 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 2648 | [Owner : SERVICE LOCAL | Parent : 828(services.exe) | 6.02 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 3176 | [Owner : Système | Parent : 828(services.exe) | 15.93 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 3244 | [Owner : Système | Parent : 828(services.exe) | 13.66 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 3264 | [Owner : SERVICE LOCAL | Parent : 828(services.exe) | 8.48 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 3312 | [Owner : Système | Parent : 828(services.exe) | 12.58 Mo] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.18362.239) = C:\Windows\System32\spoolsv.exe [20/07/2019 14:17:45] CPU Usage:0 % 3356 | [Owner : SERVICE LOCAL | Parent : 828(services.exe) | 13.26 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 3560 | [Owner : SERVICE RÉSEAU | Parent : 828(services.exe) | 7.43 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 3684 | [Owner : SERVICE RÉSEAU | Parent : 828(services.exe) | 16.94 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 3692 | [Owner : Système | Parent : 828(services.exe) | 5.62 Mo] - (.Seiko Epson Corporation - Epson Scanner Service (64bit).) - (1.3.0.1) = C:\Windows\System32\escsvc64.exe [06/06/2019 08:38:31] CPU Usage:0 % 3700 | [Owner : Système | Parent : 828(services.exe) | 31.82 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 3708 | [Owner : Système | Parent : 828(services.exe) | 9.76 Mo] - (.- HuaweiHiSuiteService.) - (2.0.0.42) = C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [19/08/2019 03:49:28] CPU Usage:0 % 3720 | [Owner : SERVICE LOCAL | Parent : 828(services.exe) | 21.6 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 3732 | [Owner : Système | Parent : 828(services.exe) | 7.05 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 3736 | [Owner : Système | Parent : 828(services.exe) | 10.5 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 3748 | [Owner : SERVICE LOCAL | Parent : 828(services.exe) | 5.91 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 3780 | [Owner : SERVICE LOCAL | Parent : 828(services.exe) | 7.28 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 3816 | [Owner : Système | Parent : 828(services.exe) | 20.82 Mo] - (.CHENGDU YIWO Tech Development Co., Ltd - EaseUS Todo Backup Agent Application.) - (5.0.0.1) = C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [04/09/2019 11:04:26] CPU Usage:0 % 3820 | [Owner : Système | Parent : 828(services.exe) | 44.86 Mo] - (.Logitech - Logitech VC ServiceLayer.) - (1.10.67.0) = C:\Program Files\Logitech\Collaboration\Services\Video\ServiceLayer.exe [19/06/2018 03:13:36] CPU Usage:0 % 3856 | [Owner : Système | Parent : 828(services.exe) | 6.22 Mo] - (.Adobe Systems - Adobe Acrobat Update Service.) - (1.824.34.1201) = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [24/07/2019 01:58:34] CPU Usage:0 % 3876 | [Owner : Système | Parent : 828(services.exe) | 5.35 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 3896 | [Owner : Système | Parent : 828(services.exe) | 6.75 Mo] - (.Reason Software Company Inc. - Unchecky Service.) - (1.2.0.0) = C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [23/08/2019 11:13:00] CPU Usage:0 % 3916 | [Owner : Système | Parent : 828(services.exe) | 19.54 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 3924 | [Owner : SERVICE LOCAL | Parent : 828(services.exe) | 5.78 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 3932 | [Owner : Système | Parent : 828(services.exe) | ?????] - (.Microsoft Corporation - Antimalware Service Executable.) - (4.18.1907.4) = C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\MsMpEng.exe [26/07/2019 08:18:44] CPU Usage:0 % 4048 | [Owner : SERVICE LOCAL | Parent : 828(services.exe) | 5.47 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 4528 | [Owner : Système | Parent : 828(services.exe) | 8.41 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 4548 | [Owner : Système | Parent : 828(services.exe) | 11.26 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 4724 | [Owner : SERVICE RÉSEAU | Parent : 652(svchost.exe) | 39.98 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.18362.1) = C:\Windows\System32\wbem\WmiPrvSE.exe [19/03/2019 06:44:00] CPU Usage:0 % 5008 | [Owner : Système | Parent : 3820(ServiceLayer.exe) | 27.65 Mo] - (.Logitech Europe S.A. - Logitech Crop Assist Service.) - (1.0.419.0) = C:\Program Files\Logitech\Collaboration\Services\Video\cropAssistAPI\CropAssistService.exe [18/06/2018 21:08:38] CPU Usage:0 % 1392 | [Owner : Système | Parent : 5008(CropAssistService.exe) | 5.84 Mo] - (.Microsoft Corporation - Hôte de la fenêtre de la console.) - (10.0.18362.1) = C:\Windows\System32\conhost.exe [19/03/2019 06:44:30] CPU Usage:0 % 5476 | [Owner : Système | Parent : 828(services.exe) | 38.3 Mo] - (.Microsoft Corporation - Service de disque virtuel.) - (10.0.18362.267) = C:\Windows\System32\vds.exe [27/07/2019 18:08:27] CPU Usage:0 % 5704 | [Owner : SERVICE LOCAL | Parent : 828(services.exe) | 6.36 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 5872 | [Owner : SERVICE LOCAL | Parent : 828(services.exe) | ?????] - (.Microsoft Corporation - Microsoft Network Realtime Inspection Service.) - (4.18.1907.4) = C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\NisSrv.exe [26/07/2019 08:18:44] CPU Usage:0 % 5256 | [Owner : SERVICE LOCAL | Parent : 828(services.exe) | 13.34 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 1664 | [Owner : Système | Parent : 828(services.exe) | 10.01 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 1484 | [Owner : SERVICE LOCAL | Parent : 828(services.exe) | 16.9 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 2752 | [Owner : Système | Parent : 2636() | 0.68 Mo] - (.Google LLC - Google Crash Handler.) - (1.3.34.11) = C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe [06/06/2019 11:12:36] CPU Usage:0 % 3060 | [Owner : Système | Parent : 2636() | 0.17 Mo] - (.Google LLC - Google Crash Handler.) - (1.3.34.11) = C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe [06/06/2019 11:12:36] CPU Usage:0 % 3092 | [Owner : Système | Parent : 828(services.exe) | ?????] - (.Microsoft Corporation - Service Broker du moniteur d'exécution System Guard.) - (10.0.18362.1) = C:\Windows\System32\SgrmBroker.exe [19/03/2019 06:45:32] CPU Usage:0 % 3848 | [Owner : Système | Parent : 828(services.exe) | 13.61 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 4708 | [Owner : SERVICE LOCAL | Parent : 828(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 4732 | [Owner : Système | Parent : 828(services.exe) | 33.89 Mo] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.18362.267) = C:\Windows\System32\SearchIndexer.exe [27/07/2019 18:08:45] CPU Usage:0 % 2328 | [Owner : Système | Parent : 828(services.exe) | 14.92 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 4592 | [Owner : Système | Parent : 828(services.exe) | 7.24 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 7036 | [Owner : SERVICE LOCAL | Parent : 828(services.exe) | 12.73 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 7420 | [Owner : Système | Parent : 828(services.exe) | 15.06 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 2600 | [Owner : Système | Parent : 828(services.exe) | ?????] - (.Microsoft Corporation - Windows Security Health Service.) - (4.18.1901.16384) = C:\Windows\System32\SecurityHealthService.exe [27/07/2019 18:09:10] CPU Usage:0 % 9028 | [Owner : SERVICE LOCAL | Parent : 828(services.exe) | 10.07 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 8624 | [Owner : Système | Parent : 828(services.exe) | 11.5 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 7440 | [Owner : Système | Parent : 652(svchost.exe) | 64.48 Mo] - (.Microsoft Corporation - USO Core Worker Process.) - (10.0.18362.267) = C:\Windows\System32\usocoreworker.exe [27/07/2019 18:08:51] CPU Usage:0 % 8844 | [Owner : Système | Parent : 828(services.exe) | 11.36 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 8404 | [Owner : Système | Parent : 828(services.exe) | 7.47 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 7536 | [Owner : Système | Parent : 104() | ?????] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (10.0.18362.1) = C:\Windows\System32\csrss.exe [19/03/2019 06:44:35] CPU Usage:0 % 7616 | [Owner : Système | Parent : 104() | 14.72 Mo] - (.Microsoft Corporation - Application d’ouverture de session Windows.) - (10.0.18362.267) = C:\Windows\System32\winlogon.exe [27/07/2019 18:09:09] CPU Usage:0 % 8884 | [Owner : UMFD-2 | Parent : 7616(winlogon.exe) | 6.82 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.18362.295) = C:\Windows\System32\fontdrvhost.exe [13/08/2019 20:19:02] CPU Usage:0 % 7324 | [Owner : DWM-2 | Parent : 7616(winlogon.exe) | 50.39 Mo] - (.Microsoft Corporation - Gestionnaire de fenêtres du Bureau.) - (10.0.18362.267) = C:\Windows\System32\dwm.exe [27/07/2019 18:09:01] CPU Usage:0 % 7932 | [Owner : Système | Parent : 1728(atiesrxx.exe) | 8.88 Mo] - (.AMD - AMD External Events Client Module.) - (6.14.11.1199) = C:\Windows\System32\atieclxx.exe [16/12/2015 20:07:40] CPU Usage:0 % 6348 | [Owner : SERVICE LOCAL | Parent : 828(services.exe) | 4.96 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 7024 | [Owner : Alain Brizault | Parent : 3896(unchecky_svc.exe) | 10.16 Mo] - (.Reason Software Company Inc. - Unchecky Background Process.) - (1.2.0.0) = C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe [23/08/2019 11:13:00] CPU Usage:0 % 6840 | [Owner : Alain Brizault | Parent : 828(services.exe) | 28.92 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 7252 | [Owner : Alain Brizault | Parent : 2480(svchost.exe) | 27.76 Mo] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.18362.1) = C:\Windows\System32\sihost.exe [19/03/2019 06:44:12] CPU Usage:0 % 4612 | [Owner : Alain Brizault | Parent : 828(services.exe) | 32.89 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 6204 | [Owner : Alain Brizault | Parent : 1828(svchost.exe) | 16.12 Mo] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.18362.1) = C:\Windows\System32\taskhostw.exe [19/03/2019 06:44:33] CPU Usage:0 % 8800 | [Owner : Alain Brizault | Parent : 6508() | 110.65 Mo] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.18362.267) = C:\Windows\explorer.exe [27/07/2019 18:08:25] CPU Usage:0 % 7100 | [Owner : Alain Brizault | Parent : 828(services.exe) | 19.67 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 6564 | [Owner : Alain Brizault | Parent : 652(svchost.exe) | 78.56 Mo] - (.-.) - (0.0.0.0) = C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe [27/07/2019 18:08:52] CPU Usage:0 % 1896 | [Owner : Alain Brizault | Parent : 652(svchost.exe) | 33.68 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.18362.1) = C:\Windows\System32\RuntimeBroker.exe [19/03/2019 06:44:06] CPU Usage:0 % 2544 | [Owner : Alain Brizault | Parent : 4592(svchost.exe) | 14.96 Mo] - (.Microsoft Corporation - Chargeur CTF.) - (10.0.18362.1) = C:\Windows\System32\ctfmon.exe [19/03/2019 06:44:33] CPU Usage:0 % 9140 | [Owner : Alain Brizault | Parent : 652(svchost.exe) | 146.77 Mo] - (.Microsoft Corporation - Search and Cortana application.) - (10.0.18362.267) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [27/07/2019 18:09:17] CPU Usage:0 % 3680 | [Owner : Alain Brizault | Parent : 652(svchost.exe) | 16.52 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.18362.1) = C:\Windows\System32\RuntimeBroker.exe [19/03/2019 06:44:06] CPU Usage:0 % 3420 | [Owner : Alain Brizault | Parent : 652(svchost.exe) | 123.7 Mo] - (.Microsoft Corporation - SkypeApp.) - (8.51.0.72) = C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.51.72.0_x64__kzf8qxf38zg5c\SkypeApp.exe [19/08/2019 08:19:47] CPU Usage:0 % 1156 | [Owner : Alain Brizault | Parent : 652(svchost.exe) | 1.11 Mo] - (.-.) - (8.51.0.72) = C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.51.72.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe [19/08/2019 08:19:47] CPU Usage:0 % 8760 | [Owner : Alain Brizault | Parent : 652(svchost.exe) | 14.62 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.18362.1) = C:\Windows\System32\RuntimeBroker.exe [19/03/2019 06:44:06] CPU Usage:0 % 784 | [Owner : Alain Brizault | Parent : 652(svchost.exe) | 20.84 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.18362.1) = C:\Windows\System32\RuntimeBroker.exe [19/03/2019 06:44:06] CPU Usage:0 % 6096 | [Owner : Système | Parent : 3816(Agent.exe) | 8.7 Mo] - (.-.) - (0.0.0.0) = C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe [04/09/2019 11:04:27] CPU Usage:0 % 2028 | [Owner : Alain Brizault | Parent : 8800(explorer.exe) | 11.42 Mo] - (.Microsoft Corporation - Windows Security notification icon.) - (10.0.18362.1) = C:\Windows\System32\SecurityHealthSystray.exe [19/03/2019 06:44:23] CPU Usage:0 % 2984 | [Owner : Alain Brizault | Parent : 8800(explorer.exe) | 9.05 Mo] - (.Yahoo! Inc. - Yahoo! Widgets.) - (4.5.2.0) = C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe [19/03/2008 02:31:20] CPU Usage:0 % 1476 | [Owner : Alain Brizault | Parent : 2984(YahooWidgets.exe) | 11.08 Mo] - (.Yahoo! Inc. - Yahoo! Widgets.) - (4.5.2.0) = C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe [19/03/2008 02:31:20] CPU Usage:0 % 8560 | [Owner : Alain Brizault | Parent : 828(services.exe) | 19.08 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 9116 | [Owner : Alain Brizault | Parent : 652(svchost.exe) | 55.4 Mo] - (.Microsoft Corporation - Application Frame Host.) - (10.0.18362.1) = C:\Windows\System32\ApplicationFrameHost.exe [19/03/2019 06:44:23] CPU Usage:0 % 6968 | [Owner : Alain Brizault | Parent : 652(svchost.exe) | 0.5 Mo] - (.Microsoft Corporation - Store.) - (11909.1001.7.0) = C:\Program Files\WindowsApps\Microsoft.WindowsStore_11909.1001.7.0_x64__8wekyb3d8bbwe\WinStore.App.exe [31/08/2019 12:39:25] CPU Usage:0 % 8956 | [Owner : Alain Brizault | Parent : 652(svchost.exe) | 16.52 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.18362.1) = C:\Windows\System32\RuntimeBroker.exe [19/03/2019 06:44:06] CPU Usage:0 % 4908 | [Owner : Alain Brizault | Parent : 652(svchost.exe) | 0.25 Mo] - (.-.) - (10.19072.1201.0) = C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19072.12011.0_x64__8wekyb3d8bbwe\Video.UI.exe [10/09/2019 08:36:34] CPU Usage:0 % 6156 | [Owner : Alain Brizault | Parent : 652(svchost.exe) | 0.35 Mo] - (.-.) - (4.32.1909.3003) = C:\Program Files\WindowsApps\Microsoft.BingWeather_4.32.12463.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe [13/09/2019 14:24:36] CPU Usage:0 % 3256 | [Owner : Alain Brizault | Parent : 652(svchost.exe) | 5.4 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.18362.1) = C:\Windows\System32\RuntimeBroker.exe [19/03/2019 06:44:06] CPU Usage:0 % 6972 | [Owner : Alain Brizault | Parent : 652(svchost.exe) | 10.99 Mo] - (.Microsoft Corporation - COM Surrogate.) - (10.0.18362.1) = C:\Windows\System32\dllhost.exe [19/03/2019 06:44:33] CPU Usage:0 % 2676 | [Owner : Alain Brizault | Parent : 4336() | 24.65 Mo] - (.Piriform Ltd - CCleaner.) - (5.61.0.7392) = C:\Program Files\CCleaner\CCleaner64.exe [15/08/2019 13:29:58] CPU Usage:0 % 6548 | [Owner : Alain Brizault | Parent : 652(svchost.exe) | 13.45 Mo] - (.Microsoft Corporation - Windows Security Health Host.) - (4.18.1901.16384) = C:\Windows\System32\SecurityHealthHost.exe [27/07/2019 18:09:10] CPU Usage:0 % 7888 | [Owner : Alain Brizault | Parent : 652(svchost.exe) | 46.54 Mo] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.18362.267) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [27/07/2019 18:09:03] CPU Usage:0 % 1444 | [Owner : Alain Brizault | Parent : 652(svchost.exe) | 21.94 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.18362.1) = C:\Windows\System32\RuntimeBroker.exe [19/03/2019 06:44:06] CPU Usage:0 % 4412 | [Owner : Alain Brizault | Parent : 652(svchost.exe) | 5.29 Mo] - (.Microsoft Corporation - System Settings Broker.) - (10.0.18362.1) = C:\Windows\System32\SystemSettingsBroker.exe [19/03/2019 06:43:54] CPU Usage:0 % 6576 | [Owner : Alain Brizault | Parent : 652(svchost.exe) | 38.52 Mo] - (.Microsoft Corporation - WindowsInternal.ComposableShell.Experiences.TextInput.InputApp.exe.) - (10.0.18362.267) = C:\Windows\SystemApps\InputApp_cw5n1h2txyewy\WindowsInternal.ComposableShell.Experiences.TextInput.InputApp.exe [27/07/2019 18:08:56] CPU Usage:0 % 8164 | [Owner : Alain Brizault | Parent : 652(svchost.exe) | 46.52 Mo] - (.Microsoft Corporation - Windows Defender application.) - (10.0.18362.267) = C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe [27/07/2019 18:08:55] CPU Usage:0 % 2804 | [Owner : Alain Brizault | Parent : 652(svchost.exe) | 8.23 Mo] - (.Microsoft Corporation - Windows Security Health Host.) - (4.18.1901.16384) = C:\Windows\System32\SecurityHealthHost.exe [27/07/2019 18:09:10] CPU Usage:0 % 4960 | [Owner : Alain Brizault | Parent : 652(svchost.exe) | 20.72 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.18362.1) = C:\Windows\System32\RuntimeBroker.exe [19/03/2019 06:44:06] CPU Usage:0 % 7524 | [Owner : Alain Brizault | Parent : 652(svchost.exe) | 7.13 Mo] - (.Microsoft Corporation - Windows Security Health Host.) - (4.18.1901.16384) = C:\Windows\System32\SecurityHealthHost.exe [27/07/2019 18:09:10] CPU Usage:0 % 7300 | [Owner : Alain Brizault | Parent : 652(svchost.exe) | 0.04 Mo] - (.Microsoft Corporation - Paramètres.) - (10.0.18362.1) = C:\Windows\ImmersiveControlPanel\SystemSettings.exe [19/03/2019 06:46:39] CPU Usage:0 % 3120 | [Owner : Alain Brizault | Parent : 652(svchost.exe) | 35.7 Mo] - (.Microsoft Corporation - Windows Defender SmartScreen.) - (10.0.18362.1) = C:\Windows\System32\smartscreen.exe [19/03/2019 06:44:03] CPU Usage:0 % 7044 | [Owner : SERVICE LOCAL | Parent : 3048(svchost.exe) | 11.48 Mo] - (.Microsoft Corporation - Isolation graphique de périphérique audio Windows.) - (10.0.18362.267) = C:\Windows\System32\audiodg.exe [27/07/2019 18:08:23] CPU Usage:0 % 6536 | [Owner : Système | Parent : 828(services.exe) | 7.71 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 6796 | [Owner : Système | Parent : 828(services.exe) | 5.83 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 7952 | [Owner : Système | Parent : 828(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 7028 | [Owner : Système | Parent : 828(services.exe) | 11.35 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 7568 | [Owner : Alain Brizault | Parent : 8800(explorer.exe) | 61.49 Mo] - (.SosVirus - QuickDiag.) - (10.9.19.1) = C:\Users\BZT\Desktop\QuickDiag.exe [15/09/2019 09:20:38] CPU Usage:0 % 7648 | [Owner : Système | Parent : 652(svchost.exe) | 8.54 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.18362.1) = C:\Windows\System32\wbem\WmiPrvSE.exe [19/03/2019 06:44:00] CPU Usage:0 % 2488 | [Owner : SERVICE RÉSEAU | Parent : 652(svchost.exe) | 9.96 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.18362.1) = C:\Windows\SysWOW64\wbem\WmiPrvSE.exe [19/03/2019 06:45:12] CPU Usage:0 % ---------- | Locked Applications ---------- | Explorer.exe Modules (Microsoft Files Whitelisted) (..-..) - (0.0.0.0) -- C:\WINDOWS\System32\UMPDC.dll (..-..) - (0.0.0.0) -- C:\Windows\System32\VirtualMonitorManager.dll (.Advanced Micro Devices, Inc. .-.aticfx64.dll.) - (8.17.10.1404) -- C:\WINDOWS\SYSTEM32\aticfx64.dll (.Advanced Micro Devices, Inc. .-.atiuxpag.dll.) - (8.14.1.6463) -- C:\WINDOWS\SYSTEM32\atiuxp64.dll (.Advanced Micro Devices, Inc. .-.atidxx64.dll.) - (8.17.10.625) -- C:\WINDOWS\SYSTEM32\atidxx64.dll (..-..) - (0.0.0.0) -- C:\Windows\ShellExperiences\TileControl.dll (..-..) - (0.0.0.0) -- C:\Windows\ShellComponents\TaskFlowUI.dll (..-..) - (0.9.0.0) -- C:\Program Files\RogueKiller\roguekillershell.dll (.Malwarebytes.-.Malwarebytes.) - (3.0.0.79) -- C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll (.CHENGDU YIWO Tech Development Co.,Ltd.-.EaseUS Todo Backup Application.) - (3.0.0.1) -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll ---------- | Winlogon.exe Modules (Microsoft Files Whitelisted) (..-..) - (0.0.0.0) -- C:\WINDOWS\System32\UMPDC.dll ---------- | svchost.exe Modules (Microsoft Files Whitelisted) (..-..) - (0.0.0.0) -- C:\WINDOWS\System32\UMPDC.dll (.SQLite Development Team.-.SQLite is a software library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine..) - (3.25.3.0) -- c:\windows\system32\winsqlite3.dll (..-..) - (0.0.0.0) -- C:\Windows\System32\usocoreps.dll (..-..) - (0.0.0.0) -- C:\WINDOWS\SYSTEM32\WINBIOPLUGINS\FACEBOOTSTRAPADAPTER.DLL ---------- | ZeroAccess Check [HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll [HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll [HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll ---------- | Startings up OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-19\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE LOCAL OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-20\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE RÉSEAU OneNote 2007 - Capture d'écran et lancement - (C:\PROGRA~2\MICROS~3\Office12\ONENOTEM.EXE /tsr [Startup]) - User: ASUS\Alain Brizault Yahoo! Widgets - (C:\PROGRA~2\Yahoo!\Widgets\YAHOOW~1.EXE [Startup]) - User: ASUS\Alain Brizault Skype for Desktop - (C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [HKU\S-1-5-21-3951195138-895905141-1799569697-1005\SOFTWARE\...\Run]) - User: ASUS\Alain Brizault EPLTarget\P0000000000000000 - (C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIRDE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-442 445 Series" [HKU\S-1-5-21-3951195138-895905141-1799569697-1005\SOFTWARE\...\Run]) - User: ASUS\Alain Brizault CCleaner Smart Cleaning - ("C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR [HKU\S-1-5-21-3951195138-895905141-1799569697-1005\SOFTWARE\...\Run]) - User: ASUS\Alain Brizault Yahoo! Widgets - (C:\PROGRA~2\Yahoo!\Widgets\YAHOOW~1.EXE [Startup]) - User: ASUS\Administrateur OneDrive - ("C:\Users\Administrateur.000\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background [HKU\S-1-5-21-3951195138-895905141-1799569697-500\SOFTWARE\...\Run]) - User: ASUS\Administrateur SecurityHealth - (%windir%\system32\SecurityHealthSystray.exe [HKLM\SOFTWARE\...\Run]) - User: Public EvtMgr6 - (C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [HKLM\SOFTWARE\...\Run]) - User: Public IgfxTray - ("C:\WINDOWS\system32\igfxtray.exe" [HKLM\SOFTWARE\...\Run]) - User: Public HotKeysCmds - ("C:\WINDOWS\system32\hkcmd.exe" [HKLM\SOFTWARE\...\Run]) - User: Public Persistence - ("C:\WINDOWS\system32\igfxpers.exe" [HKLM\SOFTWARE\...\Run]) - User: Public [HKU\S-1-5-21-3951195138-895905141-1799569697-1005\Software\Microsoft\Windows\CurrentVersion\Run] "Skype for Desktop"=C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [06/06/2019 07:03:02] "EPLTarget\P0000000000000000"=C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIRDE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-442 445 Series" "CCleaner Smart Cleaning"="C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR [HKU\S-1-5-21-3951195138-895905141-1799569697-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run] "OneDrive"=0x030000006988BA98E01BD501 "EPLTarget\P0000000000000000"=0x030000007CAEAF4F361CD501 "Skype for Desktop"=0x0300000019B01F58361CD501 "CCleaner Smart Cleaning"=0x030000007AD7AF70641CD501 [HKU\S-1-5-21-3951195138-895905141-1799569697-1005\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "Device"=EPSON XP-442 445 Series,winspool,Ne03: "IsMRUEstablished"=1 "LegacyDefaultPrinterMode"=0 [HKU\S-1-5-21-3951195138-895905141-1799569697-500\Software\Microsoft\Windows\CurrentVersion\Run] "OneDrive"="C:\Users\Administrateur.000\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background [HKU\S-1-5-21-3951195138-895905141-1799569697-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run] "OneDrive"=0x03000000B2356F191022D501 [HKU\S-1-5-21-3951195138-895905141-1799569697-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RunMRU] "a"=netplwiz\1 "MRUList"=a [HKU\S-1-5-21-3951195138-895905141-1799569697-500\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "Device"=OneNote,winspool,Ne04: "IsMRUEstablished"=0 "LegacyDefaultPrinterMode"=0 [HKLM\Software\Microsoft\Command Processor] "CompletionChar"=9 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=9 [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "SecurityHealth"=%windir%\system32\SecurityHealthSystray.exe "EvtMgr6"=C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run] "SecurityHealth"=0x060000000000000000000000 "RTHDVCPL"=0x0300000030D9BA95E01BD501 "HotKeysCmds"=0x030000004F90B796E01BD501 "IgfxTray"=0x0300000041A8D597E01BD501 "Persistence"=0x03000000261EBB9AE01BD501 "EvtMgr6"=0x0300000018CBA854361CD501 "StartCCC"=0x03000000D037B1CA7232D501 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32] "StartCCC"=0x0300000059D923E78D1CD501 [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] ""=mnmsrvc "AppInit_DLLs"= "DdeSendTimeout"=0 "DesktopHeapLogging"=1 "DeviceNotSelectedTimeout"=15 "DwmInputUsesIoCompletionPort"=1 "EnableDwmInputProcessing"=7 "GDIProcessHandleQuota"=10000 "IconServiceLib"=IconCodecService.dll "LoadAppInit_DLLs"=0 "NaturalInputHandler"=Ninput.dll "ShutdownWarningDialogTimeout"=4294967295 "Spooler"=yes "ThreadUnresponsiveLogTimeout"=500 "TransmissionRetryTimeout"=90 "USERNestedWindowLimit"=50 "USERPostMessageLimit"=10000 "USERProcessHandleQuota"=10000 "Win32kLastWriteTime"=1D55203918458A7 [HKLM\Software\WOW6432Node\Microsoft\Command Processor] "CompletionChar"=9 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=9 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows] ""=mnmsrvc "AppInit_DLLs"= "DdeSendTimeout"=0 "DesktopHeapLogging"=1 "DeviceNotSelectedTimeout"=15 "DwmInputUsesIoCompletionPort"=1 "EnableDwmInputProcessing"=7 "GDIProcessHandleQuota"=10000 "IconServiceLib"=IconCodecService.dll "LoadAppInit_DLLs"=0 "NaturalInputHandler"=Ninput.dll "ShutdownWarningDialogTimeout"=4294967295 "Spooler"=yes "ThreadUnresponsiveLogTimeout"=500 "TransmissionRetryTimeout"=90 "USERNestedWindowLimit"=50 "USERPostMessageLimit"=10000 "USERProcessHandleQuota"=10000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED} ---------- | Win.ini : ---------- | System.ini : ---------- | Tasks List Adobe Acrobat Update Task Adobe Flash Player NPAPI Notifier Adobe Flash Player Updater CCleaner Update CCleanerSkipUAC EPSON XP-442 445 Series Update {3E887263-0B07-4D72-8493-01EF18FDBF08} GoogleUpdateTaskMachineCore GoogleUpdateTaskMachineUA OneDrive Standalone Update Task-S-1-5-21-3951195138-895905141-1799569697-500 ---------- | Startings up registry ¦ Folder ---------- | Control - lsa - SecurityProviders - Session Manager - Terminal Server [HKLM\System\CurrentControlSet\Control] "BootDriverFlags"=28 "CurrentUser"=USERNAME "EarlyStartServices"=RpcSs Power BrokerInfrastructure SystemEventsBroker DcomLaunch RpcEpMapper LSM AppIdSvc "PreshutdownOrder"=DeviceInstall UsoSvc gpsvc trustedinstaller "SvcHostSplitThresholdInKB"=3670016 "WaitToKillServiceTimeout"=2000 "SystemStartOptions"= NOEXECUTE=OPTIN "SystemBootDevice"=multi(0)disk(0)rdisk(0)partition(2) "FirmwareBootDevice"=multi(0)disk(0)rdisk(0)partition(1) "LastBootSucceeded"=1 "LastBootShutdown"=1 "DirtyShutdownCount"=14 [HKLM\System\CurrentControlSet\Control\lsa] "auditbasedirectories"=0 "auditbaseobjects"=0 "Bounds"=0x0030000000200000 "crashonauditfail"=0 "fullprivilegeauditing"=0x00 "LimitBlankPasswordUse"=1 "NoLmHash"=1 "Security Packages"="" [29/01/2015 13:56:31] "Notification Packages"=scecli "Authentication Packages"=msv1_0 "disabledomaincreds"=0 "everyoneincludesanonymous"=0 "forceguest"=0 "LsaPid"=836 "ProductType"=3 "restrictanonymous"=0 "restrictanonymoussam"=1 "SamConnectedAccountsExist"=1 "SecureBoot"=1 [HKLM\System\CurrentControlSet\Control\SecurityProviders] "SecurityProviders"=credssp.dll [HKLM\System\CurrentControlSet\Control\Session Manager] "AutoChkTimeout"=8 "BootExecute"=autocheck autochk * "BootShell"=%SystemRoot%\system32\bootim.exe "CriticalSectionTimeout"=2592000 "ExcludeFromKnownDlls"= "GlobalFlag"=0 "GlobalFlag2"=0 "HeapDeCommitFreeBlockThreshold"=0 "HeapDeCommitTotalFreeThreshold"=0 "HeapSegmentCommit"=0 "HeapSegmentReserve"=0 "InitConsoleFlags"=0 "NumberOfInitialSessions"=2 "ObjectDirectories"=\Windows \RPC Control "ProcessorControl"=2 "ProtectionMode"=1 "ResourceTimeoutCount"=150 "RunLevelExecute"=WinInit ServiceControlManager "RunLevelValidate"=ServiceControlManager "AutoChkSkipSystemPartition"=0 "SetupExecute"= "PendingFileRenameOperations"=\??\C:\Users\BZT\AppData\Local\ESET\ESETOnlineScanner\Quarantine \??\C:\Users\BZT\AppData\Local\Temp\_iu14D2N.tmp [HKLM\System\CurrentControlSet\Control\Terminal Server] "AllowRemoteRPC"=0 "DelayConMgrTimeout"=0 "DeleteTempDirsOnExit"=1 "fDenyTSConnections"=1 "fSingleSessionPerUser"=1 "NotificationTimeOut"=0 "PerSessionTempDir"=0 "ProductVersion"=5.1 "RCDependentServices"=CertPropSvc SessionEnv "SnapshotMonitors"=1 "StartRCM"=0 "TSUserEnabled"=0 "InstanceID"=54aecc71-4b06-4756-a9ba-5cddf9d "GlassSessionId"=2 ---------- | .LNK with Arguments ---------- | AppCertDlls ---------- | Dnsapi.dll C:\WINDOWS\System32\dnsapi.dll -> OK : \drivers\etc\hosts C:\WINDOWS\SysWOW64\dnsapi.dll -> OK : \drivers\etc\hosts ---------- | Policies | Registry [HKU\S-1-5-21-3951195138-895905141-1799569697-1005\Control Panel\Desktop] "ActiveWndTrackTimeout"=0 "BlockSendInputResets"=0 "CaretTimeout"=5000 "ClickLockTime"=1200 "CoolSwitchColumns"=7 "CoolSwitchRows"=3 "CursorBlinkRate"=530 "DockMoving"=1 "DragFromMaximize"=1 "DragFullWindows"=1 "DragHeight"=4 "DragWidth"=4 "FocusBorderHeight"=1 "FocusBorderWidth"=1 "FontSmoothing"=2 "FontSmoothingOrientation"=1 "FontSmoothingType"=2 "ForegroundFlashCount"=7 "ForegroundLockTimeout"=200000 "LeftOverlapChars"=3 "MenuShowDelay"=400 "MouseWheelRouting"=2 "PaintDesktopVersion"=0 "Pattern"=0 "RightOverlapChars"=3 "ScreenSaveActive"=1 "SnapSizing"=1 "TileWallpaper"=0 "WallpaperOriginX"=0 "WallpaperOriginY"=0 "WallpaperStyle"=10 "WheelScrollChars"=3 "WheelScrollLines"=3 "WindowArrangementActive"=1 "FontSmoothingGamma"=1000 "CaretWidth"=2 "WallPaper"=D:\Disque G - Copie\Disque local\photos vrac\Photo0637.jpg [08/06/2018 07:05:45] "LogPixels"=120 "UserPreferencesMask"=0x9E1E078012000000 "WaitToKillAppTimeout"=2000 "Win8DpiScaling"=0 "DpiScalingVer"=4096 "MaxVirtualDesktopDimension"=3600 "MaxMonitorDimension"=1920 "TranscodedImageCount"=1 "LastUpdated"=4294967295 "TranscodedImageCache"=0x7AC30100F94A0A00EE070000B50400004B2FD86BEEAFCF0144003A005C004400690073007100750065002000470020002D00200043006F007000690065005C0044006900730071007500650020006C006F00630061006C005C00700068006F0074006F007300200076007200610063005C00500068006F0074006F0030003600330037002E006A0070006700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 "PreferredUILanguages"=fr-FR "AutoColorization"=0 "ImageColor"=2561899331 "LockScreenAutoLockActive"=0 "Pattern Upgrade"=TRUE "EnablePerProcessSystemDPI"=1 "ScreenSaverIsSecure"=0 "ScreenSaveTimeOut"=300 "HungAppTimeout"=2000 [HKU\S-1-5-21-3951195138-895905141-1799569697-1005\Software\Microsoft\Windows\CurrentVersion\Explorer] "ExplorerStartupTraceRecorded"=1 "ShellState"=0x240000001728000000000000000000000000000001000000130000000000000063000000 "UserSignedIn"=1 "SlowContextMenuEntries"=0xBD0E0C47735D584D9CEDE91E22E23282D30900006024B221EA3A6910A2DC08002B30309DE00700005D6CAD3D6721AE4C9914F99E41C12CFA060C00001A58CE57B60C66429CA019364C90A0B3EC0500000114020000000000C000000000000046830C0000 "SIDUpdatedOnLibraries"=1 "LocalKnownFoldersMigrated"=1 "TelemetrySalt"=0 "GlobalAssocChangedCounter"=168 "FirstRunTelemetryComplete"=1 "AppReadinessLogonComplete"=1 "EdgeDesktopShortcutCreated"=1 "PostAppInstallTasksCompleted"=1 "Browse For Folder Width"=347 "Browse For Folder Height"=310 "link"=0x17000000 [HKU\S-1-5-21-3951195138-895905141-1799569697-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_SearchFiles"=2 "EnableStartMenu"=1 "Start_AdminToolsRoot"=0 "Start_JumpListItems"=7 "Start_NotifyNewApps"=0 "Start_PowerButtonAction"=2 "Start_TrackDocs"=0 "Start_TrackProgs"=0 "StoreAppsOnTaskbar"=1 "ServerAdminUI"=0 "Hidden"=1 "ShowCompColor"=1 "HideFileExt"=0 "DontPrettyPath"=0 "ShowInfoTip"=1 "HideIcons"=0 "MapNetDrvBtn"=0 "WebView"=1 "Filter"=0 "ShowSuperHidden"=0 "AutoCheckSelect"=0 "IconsOnly"=0 "ShowTypeOverlay"=1 "ShowStatusBar"=1 "ListviewAlphaSelect"=1 "ListviewShadow"=1 "TaskbarAnimations"=1 "StartMenuInit"=13 "TaskbarStateLastRun"=0x4E4D7A5D00000000 "ShowCortanaButton"=0 "ReindexedProfile"=1 "ShellViewReentered"=1 "TaskbarSizeMove"=1 "ShowTaskViewButton"=0 "DisablePreviewDesktop"=0 "SeparateProcess"=1 [HKU\S-1-5-21-3951195138-895905141-1799569697-500\Control Panel\Desktop] "ActiveWndTrackTimeout"=0 "BlockSendInputResets"=0 "CaretTimeout"=5000 "CaretWidth"=1 "ClickLockTime"=1200 "CoolSwitchColumns"=7 "CoolSwitchRows"=3 "CursorBlinkRate"=530 "DockMoving"=1 "DragFromMaximize"=1 "DragFullWindows"=1 "DragHeight"=4 "DragWidth"=4 "FocusBorderHeight"=1 "FocusBorderWidth"=1 "FontSmoothing"=2 "FontSmoothingGamma"=0 "FontSmoothingOrientation"=1 "FontSmoothingType"=2 "ForegroundFlashCount"=7 "ForegroundLockTimeout"=200000 "LeftOverlapChars"=3 "MenuShowDelay"=400 "MouseWheelRouting"=2 "PaintDesktopVersion"=0 "Pattern"=0 "RightOverlapChars"=3 "ScreenSaveActive"=1 "SnapSizing"=1 "TileWallpaper"=0 "WallPaper"=C:\Users\Administrateur.000\Pictures\Raptr Screenshots\13-07-05_-port-blanc-012-1-230.jpg [14/12/2017 16:00:15] "WallpaperOriginX"=0 "WallpaperOriginY"=0 "WallpaperStyle"=10 "WheelScrollChars"=3 "WheelScrollLines"=3 "WindowArrangementActive"=1 "Win8DpiScaling"=0 "DpiScalingVer"=4096 "UserPreferencesMask"=0x9E1E078012000000 "MaxVirtualDesktopDimension"=1680 "MaxMonitorDimension"=1680 "TranscodedImageCount"=1 "LastUpdated"=4294967295 "TranscodedImageCache"=0x7AC3010088791F0027110000CE0A0000008DE8B8319ED20143003A005C00550073006500720073005C00410064006D0069006E006900730074007200610074006500750072002E003000300030005C00500069006300740075007200650073005C00520061007000740072002000530063007200650065006E00730068006F00740073005C00310033002D00300037002D00300035005F002D0070006F00720074002D0062006C0061006E0063002D003000310032002D0031002D003200330030002E006A007000670000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 "PreferredUILanguages"=fr-FR [HKU\S-1-5-21-3951195138-895905141-1799569697-500\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDriveTypeAutoRun"=145 [HKU\S-1-5-21-3951195138-895905141-1799569697-500\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{018D5C66-4533-4307-9B53-224DE2ED1FE6}"=1 [HKU\S-1-5-21-3951195138-895905141-1799569697-500\Software\Microsoft\Windows\CurrentVersion\Explorer] "ExplorerStartupTraceRecorded"=1 "ShellState"=0x240000003428000000000000000000000000000001000000130000000000000062000000 "UserSignedIn"=1 "SIDUpdatedOnLibraries"=1 "LocalKnownFoldersMigrated"=1 "TelemetrySalt"=4 "FirstRunTelemetryComplete"=1 "AppReadinessLogonComplete"=1 "EdgeDesktopShortcutCreated"=1 "SlowContextMenuEntries"=0x62B06A59D2B415429F74E9109B0A81536E0000005A67B13AFFCCD2118B2000A0C93CB1F4BF0200006024B221EA3A6910A2DC08002B30309D9C0000003CA4E2FFB956F54B9A79CC6D4285608A8D0000000114020000000000C0000000000000467D000000 "PostAppInstallTasksCompleted"=1 [HKU\S-1-5-21-3951195138-895905141-1799569697-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_SearchFiles"=2 "ServerAdminUI"=0 "Hidden"=2 "ShowCompColor"=1 "HideFileExt"=1 "DontPrettyPath"=0 "ShowInfoTip"=1 "HideIcons"=0 "MapNetDrvBtn"=0 "WebView"=1 "Filter"=0 "ShowSuperHidden"=0 "SeparateProcess"=0 "AutoCheckSelect"=0 "IconsOnly"=0 "ShowTypeOverlay"=1 "ShowStatusBar"=1 "StoreAppsOnTaskbar"=1 "ListviewAlphaSelect"=1 "ListviewShadow"=1 "TaskbarAnimations"=1 "StartMenuInit"=13 "TaskbarStateLastRun"=0xACEA7C5D00000000 "ReindexedProfile"=1 "ShowCortanaButton"=1 "TaskbarSizeMove"=0 [HKLM\Software\Policies\Microsoft\Windows\System] "DisableAcrylicBackgroundOnLogon"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "DSCAutomationHostEnabled"=2 "EnableCursorSuppression"=1 "EnableFullTrustStartupTasks"=2 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableUwpStartupTasks"=2 "EnableVirtualization"=1 "PromptOnSecureDesktop"=1 "SupportFullTrustStartupTasks"=1 "SupportUwpStartupTasks"=1 "ValidateAdminCodeSignatures"=0 "undockwithoutlogon"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "ForceActiveDesktopOn"=0 "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "NoRecentDocsHistory"=0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoAddingComponents"=1 "NoComponents"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "CheckedValue"=1 "DefaultValue"=2 "HKeyRoot"=2147483649 "Id"=2 "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "ValueName"=Hidden [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer] "ActiveSetupDisabled"=0 "ActiveSetupTaskOverride"=1 "AsyncRunOnce"=1 "AsyncUpdatePCSettings"=1 "DisableAppInstallsOnFirstLogon"=1 "DisableResolveStoreCategories"=1 "DisableUpgradeCleanup"=1 "EarlyAppResolverStart"=1 "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "FSIASleepTimeInMs"=60000 "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "IconUnderline"=2 "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "MachineOobeUpdates"=1 "NoWaitOnRoamingPayloads"=1 "TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd} "SmartScreenEnabled"=RequireAdmin "GlobalAssocChangedCounter"=16 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_TrackDocs"=1 "TaskbarSizeMove"=0 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s [HKLM\Software\WOW6432Node\Policies\Microsoft\Windows\System] "DisableAcrylicBackgroundOnLogon"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "DSCAutomationHostEnabled"=2 "EnableCursorSuppression"=1 "EnableFullTrustStartupTasks"=2 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableUwpStartupTasks"=2 "EnableVirtualization"=1 "PromptOnSecureDesktop"=1 "SupportFullTrustStartupTasks"=1 "SupportUwpStartupTasks"=1 "ValidateAdminCodeSignatures"=0 "undockwithoutlogon"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer] "ForceActiveDesktopOn"=0 "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "NoRecentDocsHistory"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoAddingComponents"=1 "NoComponents"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "CheckedValue"=1 "DefaultValue"=2 "HKeyRoot"=2147483649 "Id"=2 "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "ValueName"=Hidden [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer] "ActiveSetupDisabled"=0 "ActiveSetupTaskOverride"=1 "AsyncRunOnce"=1 "AsyncUpdatePCSettings"=1 "DisableAppInstallsOnFirstLogon"=1 "DisableResolveStoreCategories"=1 "DisableUpgradeCleanup"=1 "EarlyAppResolverStart"=1 "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "FSIASleepTimeInMs"=60000 "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "IconUnderline"=2 "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "MachineOobeUpdates"=1 "NoWaitOnRoamingPayloads"=1 "TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd} "GlobalAssocChangedCounter"=50 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_TrackDocs"=1 "TaskbarSizeMove"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s ---------- | Winlogon [HKU\S-1-5-21-3951195138-895905141-1799569697-1005\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin;OneDrive;Work Folders "BuildNumber"=18362 "FirstLogon"=0 "PUUActive"=0xCC727E61010010004D026203E3961000770F1100770F1100D200000002007B008FF0F72EA01C77000B601500A35C070060130700FC4C000000000000000000002F2B15001C8C0000990800000000000093A996F18F6BD501E39610000000000001000000E3961000BA470000000000000000000000000000 "DP"=0xD200E800DC0010004C020000CC727E6100000000000000006EC1B296886BD5016EC1B296886BD501000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000F03F80510100C73001000045112801551928AD0F01C0D0A0A036D1B0A1365C8400804991583169B15C77CAD20000422280054A228005EF5D0080C1008828C500882849E70080BB036054BB07705C3D3F00C0093192291DB19229E3CE008000080200843F020018100080A4000303BC000B13042C00C0260044082600742913DF00800601120086011200 "ParseAutoexec"=1 [HKU\S-1-5-21-3951195138-895905141-1799569697-500\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin;OneDrive;Work Folders "BuildNumber"=18362 "FirstLogon"=0 "PUUActive"=0xCC727E610100000008000900151400003A1400003A140000D20000001F007500E84EFD2ED1280000D12800004E0B0000C90A00008900000000000000000000002B130000980100000A000000000000002FDF9338006BD50115140000000000000100000015140000BA470000000000000000000000000000 "DP"=0xD200E8000600000008000000CC727E611B970100000000002FDF9338006BD501ADA974FAFF6AD501175B02000000000000000000000000000000000000000000637700000000000000000000000000000000000000000000000000000000F03F80510100643701C0500A1238500A123ABB7600807010C1507010C150793600808220B770D2A0F77099360000002001469078014E7F640000026C98182A6C9C5DFE1100800804BC18180CFE181808008008640C24C9645C2C3F3501008404080984458819DC810000E4018710E6019F10CD5001809052001490DA0054FED9008058021005D8623005 [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "AutoRestartShell"=1 "Background"=0 0 0 "CachedLogonsCount"=10 "DebugServerCommand"=no "DisableBackButton"=1 "EnableSIHostIntegration"=1 "ForceUnlockLogon"=0 "LegalNoticeCaption"= "LegalNoticeText"= "PasswordExpiryWarning"=5 "PowerdownAfterShutdown"=0 "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "ReportBootOk"=1 "Shell"=explorer.exe "ShellCritical"=0 "ShellInfrastructure"=sihost.exe "SiHostCritical"=0 "SiHostReadyTimeOut"=0 "SiHostRestartCountLimit"=0 "SiHostRestartTimeGap"=0 "Userinit"=C:\WINDOWS\system32\userinit.exe, "VMApplet"=SystemPropertiesPerformance.exe /pagefile "WinStationsDisabled"=0 "SkipNextFirstLogonAnimation"=1 "LastLogOffEndTimePerfCounter"=114147725343 "ShutdownFlags"=39 "DisableCAD"=1 "ShutdownWithoutLogon"=0 "EnableFirstLogonAnimation"=1 "AutoLogonSID"=S-1-5-21-3951195138-895905141-1799569697-1005 "LastUsedUsername"=Alain Brizault "AutoAdminLogon"=1 "DefaultUserName"=Alain Brizault "DefaultDomainName"=ASUS [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon] "DefaultDomainName"= "DefaultUserName"= "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "Shell"=explorer.exe "ShellCritical"=0 "SiHostCritical"=0 "SiHostReadyTimeOut"=0 "SiHostRestartCountLimit"=0 "SiHostRestartTimeGap"=0 "Userinit"=C:\WINDOWS\system32\userinit.exe, ---------- | Associations [HKLM\Software\Classes\.exe] ""=exefile [HKLM\Software\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\Classes\.com] ""=comfile [HKLM\Software\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.reg] ""=regfile [HKLM\Software\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\Classes\.scr] ""=scrfile [HKLM\Software\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\Classes\.bat] ""=batfile [HKLM\Software\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.cmd] ""=cmdfile [HKLM\Software\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.pif] ""=piffile [HKLM\Software\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.inf] ""=inffile [HKLM\Software\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\Classes\.url] ""=InternetShortcut [HKLM\Software\Classes\.lnk] ""=lnkfile [HKLM\Software\Classes\.hta] ""=htafile "Content Type"=application/hta "PerceivedType"=text [HKLM\Software\Classes\htafile\Shell\Open\Command] ""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* [HKLM\Software\Classes\InternetShortcut] "EditFlags"=2 "FriendlyTypeName"=@C:\Windows\System32\ieframe.dll,-10046 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "NeverShowExt"= "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment [HKLM\Software\Classes\Application.Manifest] ""=Application Manifest "BrowserFlags"=4096 "EditFlags"=4259840 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200 [HKLM\Software\Classes\Application.Reference] ""=Application Reference "EditFlags"=131072 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201 "IsShortcut"= "NeverShowExt"= [HKLM\Software\Classes\Folder] ""=Folder "AppUserModelID"=Microsoft.Windows.Explorer "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeLayoutPatternForSearch"=alpha "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.HomeGroupSharingStatus [HKLM\Software\WOW6432Node\Classes\.exe] ""=exefile [HKLM\Software\WOW6432Node\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\WOW6432Node\Classes\.com] ""=comfile [HKLM\Software\WOW6432Node\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.reg] ""=regfile [HKLM\Software\WOW6432Node\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\WOW6432Node\Classes\.scr] ""=scrfile [HKLM\Software\WOW6432Node\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\WOW6432Node\Classes\.bat] ""=batfile [HKLM\Software\WOW6432Node\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.cmd] ""=cmdfile [HKLM\Software\WOW6432Node\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.pif] ""=piffile [HKLM\Software\WOW6432Node\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.inf] ""=inffile [HKLM\Software\WOW6432Node\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\WOW6432Node\Classes\.url] ""=InternetShortcut [HKLM\Software\WOW6432Node\Classes\.lnk] ""=lnkfile [HKLM\Software\WOW6432Node\Classes\.hta] ""=htafile "Content Type"=application/hta "PerceivedType"=text [HKLM\Software\WOW6432Node\Classes\htafile\Shell\Open\Command] ""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* [HKLM\Software\WOW6432Node\Classes\InternetShortcut] "EditFlags"=2 "FriendlyTypeName"=@C:\Windows\System32\ieframe.dll,-10046 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "NeverShowExt"= "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment [HKLM\Software\WOW6432Node\Classes\Application.Manifest] ""=Application Manifest "BrowserFlags"=4096 "EditFlags"=4259840 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200 [HKLM\Software\WOW6432Node\Classes\Application.Reference] ""=Application Reference "EditFlags"=131072 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201 "IsShortcut"= "NeverShowExt"= [HKLM\Software\WOW6432Node\Classes\Folder] ""=Folder "AppUserModelID"=Microsoft.Windows.Explorer "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeLayoutPatternForSearch"=alpha "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.HomeGroupSharingStatus [HKU\S-1-5-21-3951195138-895905141-1799569697-1005\Software\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\Shell\open\Command] ""="C:\Program Files\Mozilla Firefox\firefox.exe" [HKU\S-1-5-21-3951195138-895905141-1799569697-1005\Software\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\InstallInfo] "ReinstallCommand"="C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\Shell\open\Command] ""="C:\Program Files\Mozilla Firefox\firefox.exe" [HKLM\Software\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\InstallInfo] "ReinstallCommand"="C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""= [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"= [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\Shell\open\Command] ""="C:\Program Files\Mozilla Firefox\firefox.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\InstallInfo] "ReinstallCommand"="C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""= [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"= ---------- | AppcompatFlags [HKU\S-1-5-21-3951195138-895905141-1799569697-1005\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted] "C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe"=33 "C:\Program Files (x86)\Realtek\NICDRV_8169\RTINSTALLER64.EXE"=1 [HKU\S-1-5-21-3951195138-895905141-1799569697-1005\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store] "C:\Program Files (x86)\Microsoft Money 2005\MNYCoreFiles\msmoney.exe"=0x5341435001000000000000000700000028000000202B0100841D020001000000000000000000010571000000631F6E6F0EDED40100000000000000000200000028000000000000000000001000640080000000000000000000000000556F2400000000006200000062000000 "C:\Users\BZT\Downloads\ausdiskdefragportable.exe"=0x5341435001000000000000000700000028000000E0797A0021A87A0001000000000000000000000A00210000631F6E6F0EDED40100000000000000000500000010000000000000000000000000000000800000000200000028000000000000008000004000000000000000000000000000000000EA140B00000000000B0000000B000000 "C:\Users\BZT\Downloads\DriversCloud_Win.exe"=0x534143500100000000000000070000002800000030B503009AE5030001000000000000000000000671000000631F6E6F0EDED40100000000000000000200000028000000000000000008004000000000000000000000000000000000C5710000000000000200000002000000 "C:\Users\BZT\Downloads\ESETOnlineScanner_FRA.exe"=0x534143500100000000000000070000002800000078746A0069976A0001000000000000000000000A00210000631F6E6F0EDED4010000000000000000020000005000000000000000000000400000000000000000000000000000000098C39200000000000900000004000000000000000000000000000000000000000000000000000000862F2C00000000000200000000000000 "SIGN.MEDIA=707C2 SETUP.EXE"=0x534143500100000000000000070000002800000030110700C7F8070001000000000000000000000671020000631F6E6F0EDED40100000000000000000200000028000000000000000000004000000000000000000000000000000000C89B0C00000000000100000001000000 "SIGN.MEDIA=254C42 InstallNavi.exe"=0x5341435001000000000000000700000028000000004C250077EF250001000000000000000000030600010000631F6E6F0EDED401000000000000000002000000280000000000000000000040000000000000000000000000000000006FE70400000000000200000002000000 "C:\Program Files (x86)\epson\Epson Scan 2\Core\es2launcher.exe"=0x5341435001000000000000000700000028000000181005000223050001000000000000000000000A71220000631F6E6F0EDED40100000000000000000200000028000000000000008000000000000200000000000000000000000000FB2E0E00000000000D0000000D000000 "C:\Program Files (x86)\Common Files\logishrd\LogiUCDpp\LogitechCamera.exe"=0x534143500100000000000000070000002800000068841D00FEAB1D0001000000000000000000000A71220000631F6E6F0EDED4010000000000000000020000002800000000000000000000000000000000000000000000000000000087520300000000000400000004000000 "C:\Program Files\Common Files\logishrd\CDDRV3\LDConfig.exe"=0x5341435001000000000000000700000028000000888E0100F571020001000000000000000000000A73220000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000BC000000000000002600000026000000 "C:\Program Files\Common Files\logishrd\sp6\LU1\LULnchr.exe"=0x5341435001000000000000000700000028000000186905005920060001000000000000000000020671220000631F6E6F0EDED401000000000000000002000000280000000000000000000000000000000000000000000000000000008F170000000000003900000039000000 "C:\Users\BZT\Downloads\marineaquarium3.exe"=0x534143500100000000000000070000002800000030E73600090C370001000000000000000000010600010000631F6E6F0EDED401000000000000000002000000500000000000000000000000000000000000000000000000000000002B0B00000000000001000000010000000000000000000040000000000000000000000000000000006A700400000000000100000000000000 "C:\Users\BZT\Downloads\widgetsus.exe"=0x534143500100000000000000070000002800000098D3F1009F61F20001000000000000000000000671020000631F6E6F0EDED401000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000001A872900000000000200000002000000 "C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe"=0x5341435001000000000000000700000028000000285C4800E181480001000000000000000000000671200000631F6E6F0EDED401000000000000000002000000500000000000000000000000000000000000000000000000000000003D787D000000000040000000090000000000000000000040000000000000000000000000000000004E000000000000000300000000000000 "C:\Program Files\Google\Google Earth Pro\client\googleearth.exe"=0x5341435001000000000000000700000028000000F0B51B005F241C0001000000000000000000000A73220000631F6E6F0EDED401000000000000000002000000280000000000000000000010000000000000000000000000000000001C393900000000001D0000001D000000 "C:\Program Files\Logitech\SetPointP\LogiAppBroker.exe"=0x534143500100000000000000070000002800000088DC05009A54060001000000000000000000000A73220000631F6E6F0EDED40100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000BB000000000000000100000001000000 "SIGN.MEDIA=1D1304 HiSuiteDownLoader.exe"=0x5341435001000000000000000700000028000000C8DA1D009C1D1E0001000000000000000000000A71220000631F6E6F0EDED4010000000000000000020000002800000000000000800000000000000000000000000000000000000017BE0200000000000100000001000000 "C:\Users\BZT\AppData\Local\HiSuite\userdata\hwtools\hdbtransport.exe"=0x5341435001000000000000000700000028000000202FDC008482DC0001000000000000000000000A71200000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000E31A1C00000000000B0000000B000000 "C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE"=0x5341435001000000000000000700000028000000C874180156D2180101000000000000000000000A71220000631F6E6F0EDED4010000000100000000 "C:\Users\BZT\Downloads\Jeux_Windows7_pour_Windows10.exe"=0x5341435001000000000000000700000028000000DFEB2A090000000001000000000000000000000671000000631F6E6F0EDED401000000000000000002000000280000000000000000080040000000000000000000000000000000009BAC0000000000000100000001000000 "C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe"=0x534143500100000000000000070000002800000000340D0097D60D0001000000000000000000010673000000631F6E6F0EDED4010000000000000000020000002800000000000000000000000000000000000000000000000000000094380000000000000100000001000000 "C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe"=0x5341435001000000000000000700000028000000002E0D007B040E0001000000000000000000010673000000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000A05B0600000000000300000003000000 "D:\Téléchargements\MAquarium-V2-MD.exe"=0x53414350010000000000000007000000280000006C0B19000000000001000000000000000000000A41200000631F6E6F0EDED40100000000000000000200000028000000000000000008004000000000000000000000000000000000A35C0400000000000100000001000000 "C:\Program Files (x86)\Microsoft Office\Office12\POWERPNT.EXE"=0x5341435001000000000000000700000028000000F01A080089E5080001000000000000000000000A71220000631F6E6F0EDED4010000000100000000 "C:\Program Files\DriversCloud.com\DriversCloud.exe"=0x534143500100000000000000070000002800000098F56800CF18690001000000000000000000000A00210000631F6E6F0EDED4010000000000000000020000002800000000000000000000400000000000000000000000000000000067FA1500000000003A0000003A000000 "C:\Program Files\Common Files\logishrd\Unifying\DJCUHost.exe"=0x534143500100000000000000070000002800000018F305008465060001000000000000000000030673220000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000F5420000000000000200000002000000 "C:\Program Files\Logitech\SetPointP\SetPoint.exe"=0x534143500100000000000000070000002800000088DA2F007540300001000000000000000000000A00210000631F6E6F0EDED4010000000000000000020000002800000000000000000000000000000000000000000000000000000005DF0A00000000000200000002000000 "C:\Users\BZT\Downloads\JRT.exe"=0x534143500100000000000000070000002800000048501B0027F11B0001000000000000000000010671020000631F6E6F0EDED40100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000A8650800000000000600000006000000 "D:\DD(G)\clés USB\clés USB\ROUGE\GPU-Z.0.8.0.exe"=0x534143500100000000000000070000002800000028C7190046651A0001000000000000000000030671020000631F6E6F0EDED40100000000000000000200000028000000000000000000004000000000000000000000000000000000D2480300000000000100000001000000 "C:\Users\BZT\Documents\WDDriveUtilitiesSetup_for_web_2.0.0.25\WDDriveUtilitiesSetup.exe"=0x53414350010000000000000007000000280000005083F500D132F60001000000000000000000010600010000631F6E6F0EDED401000000000000000002000000280000000000000000000000000000000000000000000000000000000E1D0000000000000100000001000000 "C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe"=0x534143500100000000000000070000002800000000800C0069820C0001000000000000000000010673000000631F6E6F0EDED401000000000000000002000000280000000000000000000000000000000000000000000000000000009E750000000000000200000002000000 "C:\Users\BZT\Downloads\RenaultMediaNavEvolutionToolbox-inst.exe"=0x534143500100000000000000070000002800000080C07104C314720401000000000000000000010600010000631F6E6F0EDED4010000000000000000020000002800000000000000000000400000000000000000000000000000000047100100000000000300000003000000 "C:\Program Files (x86)\RenaultAutomotive\Toolbox4\RenaultMediaNavEvolutionToolbox-uninst.exe"=0x534143500100000000000000070000002800000058F906006744070003000000000000000000010600010000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000331C0000000000000100000001000000 "C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE"=0x5341435001000000000000000700000028000000C06406006E16070001000000000000000000000A71220000631F6E6F0EDED4010000000100000000 "C:\Program Files (x86)\Microsoft Office\Office14\PPTVIEW.EXE"=0x5341435001000000000000000700000028000000A0D27900F6AD7A0001000000000000000000010600010000631F6E6F0EDED4010000000000000000020000005000000000000000000000000000000000000000000000000000000013650000000000000900000008000000000000000000004000000000000000000000000000000000012C0000000000000100000000000000 "C:\Program Files (x86)\Windows Media Player\wmplayer.exe"=0x5341435001000000000000000700000028000000008C02007A36030001000000010000000000000A61220000631F6E6F0EDED4010000000000000000 "C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe"=0x5341435001000000000000000700000028000000705AE200741AE30001000000000000000000000A73220000631F6E6F0EDED401000000000000000002000000280000000000000000000040000000000000000000000000000000005E650400000000001200000012000000 "C:\Program Files\Speccy\Speccy64.exe"=0x5341435001000000000000000700000028000000989A6C0074CD6C0001000000000000000000000A73220000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000A09D0800000000000B0000000B000000 "C:\Program Files (x86)\Microsoft Office\Office12\MSOHTMED.EXE"=0x5341435001000000000000000700000028000000700701001834010001000000000000000000000671220000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000D4230000000000000300000003000000 "C:\Program Files (x86)\Microsoft Office\Office12\OIS.EXE"=0x5341435001000000000000000700000028000000802D0400F959040001000000000000000000010671220000631F6E6F0EDED401000000000000000002000000280000000000000000000000000000000000000000000000000000003F4E0000000000000500000005000000 "D:\Win 10\$WINDOWS.~BT\setup.exe"=0x5341435001000000000000000700000028000000C03A0100D537020001000000000000000000000A00210000631F6E6F0EDED40100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000CA080000000000000100000001000000 "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSOXMLED.EXE"=0x534143500100000000000000070000002800000010E70000EEE0010001000000000000000000000671020000631F6E6F0EDED401000000000000000002000000280000000000000000000000000000000000000000000000000000000D030000000000000300000003000000 "C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe"=0x5341435001000000000000000700000028000000D04086000918870001000000000000000000000A71220000631F6E6F0EDED40100000000000000000200000028000000000000000000004000000000000000000000000000000000B6CD5100000000001200000012000000 "C:\Program Files\Malwarebytes\Anti-Malware\malwarebytes_assistant.exe"=0x534143500100000000000000070000002800000010390F0002F20F0001000000000000000000000A71220000631F6E6F0EDED4010000000000000000020000002800000000000000000000400000000000000000000000000000000001050000000000000100000001000000 "D:\DD(G)\clés USB\clés USB\ROUGE\Spamihilator-win32-1.0.0.exe"=0x534143500100000000000000070000002800000000242400F078020001000000000000000000010671020000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000F3AD0000000000000100000001000000 "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe"=0x5341435001000000000000000700000028000000C8B2040035A9050001000000000000000000000A00210000631F6E6F0EDED4010000000000000000 "C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe"=0x534143500100000000000000070000002800000000261300BF94130001000000000000000000010673000000631F6E6F0EDED401000000000000000002000000280000000000000000000000000000000000000000000000000000004C1D0000000000000100000001000000 "C:\Program Files\Microsoft Games\Chess\chess.exe"=0x534143500100000000000000070000002800000000AE30004FE0300001000000000000000000010673000000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000F33D0000000000000100000001000000 "C:\Program Files\AMD\CIM\BIN64\RadeonInstaller.exe"=0x534143500100000000000000070000002800000088FD0A02C26A0B0203000000000000000000000A00210000631F6E6F0EDED4010000000000000000020000002800000000000000000000000000000000000000000000000000000006B00000000000000100000001000000 "C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1905.1301.0_x64__8wekyb3d8bbwe\LocalBridge.exe"=0x534143500100000000000000070000002800000078B300009F6A010001000000000000000000000A73220000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000A90B0000000000000300000003000000 "C:\Program Files (x86)\Realtek\Audio\Drivers\RtlUpd64.exe"=0x5341435001000000000000000700000028000000604F2500EEE5250001000000000000000000000A00210000631F6E6F0EDED401000000000000000002000000280000000000000000000040000000000000000000000000000000006D000000000000000400000004000000 "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe"=0x5341435001000000000000000700000028000000B05E1200E1D8120003000000000000000000030600010000631F6E6F0EDED4010000000000000000 "C:\Program Files (x86)\Realtek\Audio\InstallShield\Rtkupd64.exe"=0x5341435001000000000000000700000028000000604F2500EEE5250001000000000000000000000A00210000631F6E6F0EDED401000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000002F000000000000000400000004000000 "SIGN.MEDIA=2725372D spsetup132.exe"=0x5341435001000000000000000700000028000000E01E69006B74690001000000000000000000010600010000631F6E6F0EDED401000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000004F340000000000000100000001000000 "SIGN.MEDIA=2725372D TreeSizeFreeSetup.exe"=0x5341435001000000000000000700000028000000108F7800AE9E780001000000000000000000000A00210000631F6E6F0EDED40100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000000000000000000000000000000000000000B8BC0000000000000100000001000000 "C:\Windows\SysWOW64\FlashPlayerApp.exe"=0x534143500100000000000000070000002800000068C00C00AFE20C0001000000000000000000000A71220000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000937C0000000000000100000001000000 "C:\Users\BZT\Downloads\ZHPCleaner.exe"=0x5341435001000000000000000700000028000000809D2F0027EB2F0001000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000004000000000000000000000000000000000C24D0000000000000A0000000A000000 "C:\Program Files (x86)\Unchecky\unchecky.exe"=0x534143500100000000000000070000002800000018651A0044DA1A0001000000000000000000000A00210000631F6E6F0EDED401000000000000000002000000280000000000000000000000000000000000000000000000000000003B660000000000000200000002000000 "C:\Program Files (x86)\CrystalDiskInfo\DiskInfo32.exe"=0x534143500100000000000000070000002800000038143D00A21D3D0001000000000000000000000A00210000631F6E6F0EDED4010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000076790000000000000A0000000A000000 "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.exe"=0x5341435001000000000000000700000028000000C8DE04003C13050001000000000000000000010500100000631F6E6F0EDED4010000000000000000 "C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe"=0x53414350010000000000000007000000280000006879FA04F323FB0401000000000000000000000A00210000631F6E6F0EDED4010000000000000000020000002800000000000000000000100000000000000000000000000000000074F30400000000000200000002000000 "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"=0x534143500100000000000000070000002800000030422700A70C280001000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000001000000000000000000000000000000000FB5B0000000000000100000001000000 "C:\Program Files\CCleaner\CCleaner64.exe"=0x5341435001000000000000000700000028000000209A5A0143F55A0101000000000000000000000A00210000631F6E6F0EDED4010000000000000000050000001000000000000000000000000000000000000000020000005000000000000000000000400000000000000000000000000000000001A80800000000000500000001000000000000000000000000000000000000000000000000000000A1070000000000000100000000000000 "C:\Program Files (x86)\EaseUS\Todo Backup\bin\Loader.exe"=0x534143500100000000000000070000002800000050CA0900E82C0A0001000000000000000000000A71220000631F6E6F0EDED40100000000000000000200000028000000000000000000004000000000000000000000000000000000765F2400000000000400000004000000 "C:\Program Files (x86)\Microsoft Office\Office12\ONENOTE.EXE"=0x5341435001000000000000000700000028000000B8920F00B32A100001000000000000000000000A71220000631F6E6F0EDED4010000000100000000 "C:\Program Files (x86)\HiSuite\HiSuite.exe"=0x5341435001000000000000000700000028000000505D84000249850001000000000000000000000A71220000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000A90B0000000000000200000002000000 "C:\Program Files\Mozilla Firefox\updater.exe"=0x534143500100000000000000070000002800000020080600F40C060001000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000004000000000000000000000000000000000C92A0000000000000100000001000000 "C:\Program Files\Mozilla Firefox\firefox.exe"=0x534143500100000000000000070000002800000020CA08003FCF080001000000000000000000000A00210000631F6E6F0EDED4010000000100000000 "C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe"=0x5341435001000000000000000700000028000000205E0300BC69030001000000000000000000000A00210000631F6E6F0EDED401000000000000000002000000280000000000000000000000000000000000000000000000000000002E471300000000000A0000000A000000 "C:\Users\BZT\Downloads\adwcleaner_7.4.1.exe"=0x5341435001000000000000000700000028000000C8867400373C750001000000000000000000000A00210000631F6E6F0EDED401000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000008A630700000000000800000008000000 "C:\Program Files (x86)\RenaultAutomotive\Toolbox4\RenaultMediaNavEvolutionToolbox.exe"=0x5341435001000000000000000700000028000000B8920D00B7660E0001000000000000000000000A71220000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000920C0A00000000000200000002000000 "C:\Users\BZT\Downloads\KVRT(1).exe"=0x53414350010000000000000007000000280000002817060AE36B060A01000000000000000000000A00210000631F6E6F0EDED40100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000AE410300000000000100000001000000 "C:\Program Files\RogueKiller\RogueKiller64.exe"=0x534143500100000000000000070000002800000038CE15025226160201000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000004000000000000000000000000000000000347F4800000000000100000001000000 "C:\Users\BZT\Desktop\QuickDiag.exe"=0x534143500100000000000000070000002800000098094F009D3C4F0001000000000000000000000A00210000631F6E6F0EDED4010000000000000000 [HKU\S-1-5-21-3951195138-895905141-1799569697-500\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store] "C:\Users\Administrateur.000\AppData\Local\Microsoft\OneDrive\19.002.0107.0005\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000308104009156050001000000000000000000000A00210000631F6E6F0EDED4010000000100000000 "C:\Users\Administrateur.000\AppData\Local\Microsoft\OneDrive\19.070.0410.0007_1\FileSyncConfig.exe"=0x534143500100000000000000070000002800000060BC0400100C050001000000000000000000000A00210000631F6E6F0EDED4010000000100000000 "C:\Users\Administrateur.000\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"=0x534143500100000000000000070000002800000038C7F901DA35FA0101000000000000000000000A00210000631F6E6F0EDED4010000000100000000 "C:\Users\Administrateur.000\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\FileSyncConfig.exe"=0x534143500100000000000000070000002800000038C904002188050001000000000000000000000A00210000631F6E6F0EDED4010000000100000000 "C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe"=0x5341435001000000000000000700000028000000D05D0300C7C5030001000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000B86B0700000000000100000001000000 "C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe"=0x5341435001000000000000000700000028000000285C4800E181480001000000000000000000000671200000631F6E6F0EDED4010000000000000000 "C:\Users\Administrateur.000\AppData\Local\Microsoft\OneDrive\OneDrive.exe"=0x5341435001000000000000000700000028000000383518006E76180001000000000000000000000A00210000631F6E6F0EDED4010000000100000000 "C:\Program Files (x86)\Trojan Remover\Sschk.exe"=0x5341435001000000000000000700000028000000E87506002F8A060001000000000000000000000A00210000631F6E6F0EDED4010000000000000000020000002800000000000000000000000000000000000000000000000000000052020000000000000100000001000000 "C:\Program Files\Mozilla Firefox\firefox.exe"=0x534143500100000000000000070000002800000020CA08003FCF080001000000000000000000000A00210000631F6E6F0EDED4010000000100000000 ---------- | IFEO ---------- | Mountpoints2 [HKU\S-1-5-21-3951195138-895905141-1799569697-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{16c16a20-cf07-11e9-bf08-10bf484d0d23}] : "F:\HiSuiteDownLoader.exe" (AutoRun) [HKU\S-1-5-21-3951195138-895905141-1799569697-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{2487d1f2-b9a9-11e9-bef7-10bf484d0d23}] : "F:\HiSuiteDownLoader.exe" (AutoRun) [HKU\S-1-5-21-3951195138-895905141-1799569697-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{363448f2-aae9-11e9-bee5-10bf484d0d23}] : "F:\HiSuiteDownLoader.exe" (AutoRun) [HKU\S-1-5-21-3951195138-895905141-1799569697-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{5372aa56-8859-11e9-beb3-10bf484d0d23}] : "G:\HiSuiteDownLoader.exe" (AutoRun) [HKU\S-1-5-21-3951195138-895905141-1799569697-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{5372aa98-8859-11e9-beb3-10bf484d0d23}] : "F:\HiSuiteDownLoader.exe" (AutoRun) [HKU\S-1-5-21-3951195138-895905141-1799569697-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{8b03a1e7-f367-11e5-9c16-806e6f6e6963}] : "E:\InstallNavi.exe" (AutoRun) ---------- | Windows [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] ""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "Beep"=#USR:Control Panel\Sound "CoolSwitch"=USR:Control Panel\Desktop "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickSpeed"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse "Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SwapMouseButtons"=#USR:Control Panel\Mouse "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "Beep"=#USR:Control Panel\Sound "CoolSwitch"=USR:Control Panel\Desktop "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickSpeed"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SwapMouseButtons"=#USR:Control Panel\Mouse "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems] "windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ---------- | Security center [HKLM\SOFTWARE\Microsoft\Security Center] "cval"=1 [HKLM\SOFTWARE\Microsoft\Security Center\svc] "VistaSp1"=132042370166556245 [HKLM\SOFTWARE\Microsoft\Windows Defender] "ProductAppDataPath"=C:\ProgramData\Microsoft\Windows Defender "ProductIcon"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-100 "ProductLocalizedName"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-1000 "RemediationExe"=windowsdefender:// "ProductType"=2 "InstallTime"=0xC0D6FC07D61BD501 "InstallLocation"=C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\ "ManagedDefenderProductType"=0 "OOBEInstallTime"=0xB381E5EDD71BD501 "ProductStatus"=0 "DisableAntiSpyware"=0 "DisableAntiVirus"=0 "BackupLocation"=C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1906.3-0 "PUAProtection"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications"=1 "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications"=1 "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications"=1 "EnableFirewall"=1 ---------- | Safeboot [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioSrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicDisplay.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicRender.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BrokerInfrastructure] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CBDHSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DeviceInstall] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dxgkrnl.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FsDepends.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudBus.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LSM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SerCx2.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SystemEventsBroker] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\usbaudio.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AudioEndpointBuilder] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AudioSrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicDisplay.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicRender.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BrokerInfrastructure] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CBDHSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DeviceInstall] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dxgkrnl.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\FsDepends.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HdAudAddService.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HdAudBus.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LSM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetSetupSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SerCx2.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmartcardSimulator] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SpbCx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SystemEventsBroker] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\uefi.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\usbaudio.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VirtualSmartcardReader] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wcmsvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinQuic] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96C-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}] ---------- | Winsock (Whitelist) ---------- | Hosts # unchecky_begin # These rules were added by the Unchecky program in order to block advertising software modules 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com 0.0.0.0 media.opencandy.com 0.0.0.0 cdn.opencandy.com 0.0.0.0 tracking.opencandy.com 0.0.0.0 api.opencandy.com [64] More lines ---------- | Ping Envoi d'une requ?te 'ping' sur google.com [216.58.213.142] avec 32 octets de donn?es?: R?ponse de 216.58.213.142?: octets=32 temps=30 ms TTL=53 R?ponse de 216.58.213.142?: octets=32 temps=30 ms TTL=53 R?ponse de 216.58.213.142?: octets=32 temps=30 ms TTL=53 R?ponse de 216.58.213.142?: octets=32 temps=30 ms TTL=53 Statistiques Ping pour 216.58.213.142: Paquets?: envoy?s = 4, re?us = 4, perdus = 0 (perte 0%), Dur?e approximative des boucles en millisecondes : Minimum = 30ms, Maximum = 30ms, Moyenne = 30ms ---------- | @ [HKU\S-1-5-21-3951195138-895905141-1799569697-1005\Software\Microsoft\Internet Explorer\Main] "Anchor Underline"=yes "Cache_Update_Frequency"=yes "Disable Script Debugger"=yes "DisableScriptDebuggerIE"=yes "Display Inline Images"=yes "Do404Search"=0x01000000 "Local Page"=%11%\blank.htm "Save_Session_History_On_Exit"=no "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Show_FullURL"=no "Show_StatusBar"=yes "Show_ToolBar"=yes "Show_URLinStatusBar"=yes "Show_URLToolBar"=yes "Use_DlgBox_Colors"=yes "UseClearType"=no "XMLHTTP"=1 "DoNotTrack"=0 "Enable Browser Extensions"=yes "Play_Background_Sounds"=yes "Play_Animations"=yes "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "ImageStoreRandomFolder"=s9vtu0o "OperationalData"=13 "CompatibilityFlags"=0 "SearchBandMigrationVersion"=1 "FullScreen"=no "IE10RunOncePerInstallCompleted"=1 "IE10RunOnceCompletionTime"=0x32A3D4F0D91BD501 "IE10TourShown"=1 "IE10TourShownTime"=0x32A3D4F0D91BD501 "Start Page_TIMESTAMP"=0x25CCE7267F1CD501 "SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy"=0x010000003300000019A526471027AC2D61AB1E30DD13A6C7CE5F51DAD36FE13FEC1E5C5070310590EFCFE5AC6FCAB7436DD45E28871F9092A449BB020000000E0000006E67616155736A78694C77253364 "Window_Placement"=0x2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFAF010000B9000000C905000049030000 [HKU\S-1-5-21-3951195138-895905141-1799569697-1005\Software\Microsoft\Windows\CurrentVersion\Internet settings] "DisableCachingOfSSLPages"=0 "IE5_UA_Backup_Flag"=5.0 "PrivacyAdvanced"=1 "SecureProtocols"=2688 "User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32) "CertificateRevocation"=1 "EnableNegotiate"=1 "MigrateProxy"=1 "ProxyEnable"=0 "ZonesSecurityUpgrade"=0x32A3D4F0D91BD501 "WarnonZoneCrossing"=0 "LockDatabase"=132110250847216897 [HKU\S-1-5-21-3951195138-895905141-1799569697-500\Software\Microsoft\Internet Explorer\Main] "Anchor Underline"=yes "Cache_Update_Frequency"=yes "Disable Script Debugger"=yes "DisableScriptDebuggerIE"=yes "Display Inline Images"=yes "Do404Search"=0x01000000 "Local Page"=%11%\blank.htm "Save_Session_History_On_Exit"=no "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Show_FullURL"=no "Show_StatusBar"=yes "Show_ToolBar"=yes "Show_URLinStatusBar"=yes "Show_URLToolBar"=yes "Use_DlgBox_Colors"=yes "UseClearType"=no "XMLHTTP"=1 "OperationalData"=1 [HKU\S-1-5-21-3951195138-895905141-1799569697-500\Software\Microsoft\Windows\CurrentVersion\Internet settings] "DisableCachingOfSSLPages"=0 "IE5_UA_Backup_Flag"=5.0 "PrivacyAdvanced"=1 "SecureProtocols"=2688 "User Agent"=Mozilla/5.0 (compatible; MSIE 9.0; Win32) "CertificateRevocation"=1 "LockDatabase"=132059420570647789 "EnableNegotiate"=1 "MigrateProxy"=1 "ProxyEnable"=0 [HKLM\Software\Microsoft\Internet Explorer\Main] "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "AutoHide"=yes "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 [HKLM\Software\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "Home"=270 "InPrivate"=res://ieframe.dll/inprivate.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "PostNotCached"=res://ieframe.dll/repost.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes] "ftp"=ftp:// "home"=http:// "mosaic"=http:// "www"=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings] "ActiveXCache"=C:\Windows\Downloaded Program Files "CodeBaseSearchPath"=CODEBASE "EnablePunycode"=1 "MinorVersion"=0 "WarnOnIntranet"=1 [HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings] "CallLegacyWCMPolicies"=0 [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Main] "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "AutoHide"=yes "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "Home"=270 "InPrivate"=res://ieframe.dll/inprivate.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "PostNotCached"=res://ieframe.dll/repost.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes] "ftp"=ftp:// "home"=http:// "mosaic"=http:// "www"=http:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet settings] "ActiveXCache"=C:\Windows\Downloaded Program Files "CodeBaseSearchPath"=CODEBASE "EnablePunycode"=1 "MinorVersion"=0 "WarnOnIntranet"=1 [HKLM\Software\WOW6432Node\Policies\Microsoft\Windows\CurrentVersion\Internet Settings] "CallLegacyWCMPolicies"=0 ---------- | Proxy ---------- | reparsepoint ---------- | Detection of offsets ---------- | Notify [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] : igfxdev.dll [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn] : "c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll ---------- | Execution FileExts [HKU\S-1-5-21-3951195138-895905141-1799569697-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apk] "Progid"= ---------- | SIOI | SEH | URLSH [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} -- C:\Windows\System32\EhStorShell.dll [19/03/2019 06:44:47] [HKU\S-1-5-21-3951195138-895905141-1799569697-1005\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks] "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"= [HKU\S-1-5-21-3951195138-895905141-1799569697-500\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks] "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"= ---------- | Toolbar [HKU\S-1-5-21-3951195138-895905141-1799569697-1005\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "Locked"=1 "ShowDiscussionButton"=Yes [HKU\S-1-5-21-3951195138-895905141-1799569697-1005\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser] "ITBar7Layout"=0x13000000000000000000000020000000100000000000000001000000000700006C01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000319E05FF5ACC2E4EBF3B96E929D6550300000000000000000000000000000000 [HKU\S-1-5-21-3951195138-895905141-1799569697-1005\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} "KnownProvidersUpgradeTime"=0x32A3D4F0D91BD501 "Version"=5 "UpgradeTime"=0x32A3D4F0D91BD501 [HKU\S-1-5-21-3951195138-895905141-1799569697-500\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "Locked"=1 [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} ---------- | Extensions [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}] : (&Envoyer à OneNote) - [] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}] : () - [] ---------- | SearchScopes [HKU\S-1-5-21-3951195138-895905141-1799569697-1005\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (Bing) - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : ---------- | Browser Helper Objects [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF949550-9094-4807-95EC-D1C317803333}] -> (Logitech SetPoint) : C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [31/01/2019 07:37:42] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF949550-9094-4807-95EC-D1C317803333}] -> (Logitech SetPoint) : C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [31/01/2019 07:37:42] ---------- | Chrome ---------- | Opera ---------- | Firefox [HKLM\Software\WOW6432Node\mozilla\Firefox\Extensions] "{F003DA68-8256-4b37-A6C4-350FA04494DF}"=C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer] - (Adobe® Flash® Player 32.0.0.255 Plugin) : C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_255.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@adobe.com/FlashPlayer] - (Adobe® Flash® Player 32.0.0.255 Plugin) : C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_255.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [HKLM\Software\WOW6432Node\MozillaPlugins\Adobe Reader] - (Handles PDFs in-place in Firefox) : C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [HKLM\Software\WOW6432Node\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1] - (Yahoo! activeX Plug-in Bridge) : C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll ---------- | DNS [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters] "DhcpNameServer"=192.168.1.1 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{06bcd5c9-1bd7-4dbf-a85d-63347126206d}] "DhcpNameServer"=192.168.1.1 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{aa09bb31-3411-44ab-8ba3-6cabbe48b153}] "DhcpNameServer"=192.168.1.1 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{06bcd5c9-1bd7-4dbf-a85d-63347126206d}] "DhcpNameServer"=192.168.1.1 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{aa09bb31-3411-44ab-8ba3-6cabbe48b153}] "DhcpNameServer"=192.168.1.1 ---------- | Applications [HKU\S-1-5-21-3951195138-895905141-1799569697-1005\SOFTWARE\Classes\Applications\PPTVIEW.EXE] : "C:\Program Files (x86)\Microsoft Office\Office14\PPTVIEW.EXE" "%1" [HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\Classes\Applications\ois.exe] : C:\PROGRA~2\MICROS~3\Office12\OIS.EXE /shellOpen "%1" [HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\ois.exe] : C:\PROGRA~2\MICROS~3\Office12\OIS.EXE /shellOpen "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" ---------- | SvcHost (Whitelist) [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost] "DcomLaunch"=Power LSM BrokerInfrastructure PlugPlay DcomLaunch SystemEventsBroker DeviceInstall "rdxgroup"=RetailDemo "Camera"=FrameS "LocalServiceNoNetworkFirewall"=BFE mpssvc "diagnostics"=DiagSvc "AarSvcGroup"=AarSvc "PrintWorkflow"=PrintWorkflowUserSvc "wusvcs"=WaaSMedicSvc "BcastDVRUserService"=BcastDVRUserService "GraphicsPerfSvcGroup"=GraphicsPerfSvc "autoTimeSvc"=autoTimeSvc "ClipboardSvcGroup"=cbdhsvc "BthAppGroup"=BluetoothUserService "smbsvcs"=lanmanserver "DevicesFlow"=DevicesFlowUserSvc DeviceAssociationBrokerSvc ConsentUxUserSvc DevicePickerUserSvc [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost] "DcomLaunch"=DcomLaunch DeviceInstall "PrintWorkflow"=PrintWorkflowUserSvc "DevicesFlow"=DeviceAssociationBrokerSvc "smbsvcs"=lanmanserver ---------- | SvcHost - Netsvcs (Whitelist) ---------- | Software [HKU\S-1-5-21-3951195138-895905141-1799569697-1005\Software\Adlice Software] [HKU\S-1-5-21-3951195138-895905141-1799569697-1005\Software\Adobe] [HKU\S-1-5-21-3951195138-895905141-1799569697-1005\Software\AMD] [HKU\S-1-5-21-3951195138-895905141-1799569697-1005\Software\AppDataLow] [HKU\S-1-5-21-3951195138-895905141-1799569697-1005\Software\ATI] [HKU\S-1-5-21-3951195138-895905141-1799569697-1005\Software\AvastAdSDK] [HKU\S-1-5-21-3951195138-895905141-1799569697-1005\Software\BraveSoftware] [HKU\S-1-5-21-3951195138-895905141-1799569697-1005\Software\Chromium] [HKU\S-1-5-21-3951195138-895905141-1799569697-1005\Software\Clients] [HKU\S-1-5-21-3951195138-895905141-1799569697-1005\Software\EaseUS] [HKU\S-1-5-21-3951195138-895905141-1799569697-1005\Software\EPSON] [HKU\S-1-5-21-3951195138-895905141-1799569697-1005\Software\ESET] [HKU\S-1-5-21-3951195138-895905141-1799569697-1005\Software\g3n-h@ckm@n] [HKU\S-1-5-21-3951195138-895905141-1799569697-1005\Software\Google] [HKU\S-1-5-21-3951195138-895905141-1799569697-1005\Software\iGO8] [HKU\S-1-5-21-3951195138-895905141-1799569697-1005\Software\Intel] [HKU\S-1-5-21-3951195138-895905141-1799569697-1005\Software\Licenses] [HKU\S-1-5-21-3951195138-895905141-1799569697-1005\Software\LogiShrd] [HKU\S-1-5-21-3951195138-895905141-1799569697-1005\Software\Logitech] [HKU\S-1-5-21-3951195138-895905141-1799569697-1005\Software\Malwarebytes] [HKU\S-1-5-21-3951195138-895905141-1799569697-1005\Software\Microsoft] [HKU\S-1-5-21-3951195138-895905141-1799569697-1005\Software\Mirage] [HKU\S-1-5-21-3951195138-895905141-1799569697-1005\Software\Mozilla] [HKU\S-1-5-21-3951195138-895905141-1799569697-1005\Software\Netscape] [HKU\S-1-5-21-3951195138-895905141-1799569697-1005\Software\ODBC] [HKU\S-1-5-21-3951195138-895905141-1799569697-1005\Software\Orange] [HKU\S-1-5-21-3951195138-895905141-1799569697-1005\Software\Piriform] [HKU\S-1-5-21-3951195138-895905141-1799569697-1005\Software\Policies] [HKU\S-1-5-21-3951195138-895905141-1799569697-1005\Software\RegisteredApplications] [HKU\S-1-5-21-3951195138-895905141-1799569697-1005\Software\RenaultAutomotive] [HKU\S-1-5-21-3951195138-895905141-1799569697-1005\Software\Seiko Epson Corporation] [HKU\S-1-5-21-3951195138-895905141-1799569697-1005\Software\Spamihilator] [HKU\S-1-5-21-3951195138-895905141-1799569697-1005\Software\SyncEngines] [HKU\S-1-5-21-3951195138-895905141-1799569697-1005\Software\sysinternals] [HKU\S-1-5-21-3951195138-895905141-1799569697-1005\Software\The Silicon Realms Toolworks] [HKU\S-1-5-21-3951195138-895905141-1799569697-1005\Software\Thunderbird] [HKU\S-1-5-21-3951195138-895905141-1799569697-1005\Software\Unchecky] [HKU\S-1-5-21-3951195138-895905141-1799569697-1005\Software\VS Revo Group] [HKU\S-1-5-21-3951195138-895905141-1799569697-1005\Software\WOW6432Node] [HKU\S-1-5-21-3951195138-895905141-1799569697-1005\Software\Yahoo] [HKU\S-1-5-21-3951195138-895905141-1799569697-1005\Software\ZHP] [HKU\S-1-5-21-3951195138-895905141-1799569697-1005\SOFTWARE\AppDataLow\Software\Microsoft] [HKU\S-1-5-21-3951195138-895905141-1799569697-1005\Software\Microsoft\Windows\AssignedAccessConfiguration] [HKU\S-1-5-21-3951195138-895905141-1799569697-1005\Software\Microsoft\Windows\CurrentVersion] [HKU\S-1-5-21-3951195138-895905141-1799569697-1005\Software\Microsoft\Windows\DWM] [HKU\S-1-5-21-3951195138-895905141-1799569697-1005\Software\Microsoft\Windows\Shell] [HKU\S-1-5-21-3951195138-895905141-1799569697-1005\Software\Microsoft\Windows\TabletPC] [HKU\S-1-5-21-3951195138-895905141-1799569697-1005\Software\Microsoft\Windows\Windows Error Reporting] [HKU\S-1-5-21-3951195138-895905141-1799569697-1005\Software\Microsoft\Windows\Winlogon] [HKU\S-1-5-21-3951195138-895905141-1799569697-1005\Software\Microsoft\Windows NT\CurrentVersion] [HKU\S-1-5-21-3951195138-895905141-1799569697-500\Software\Adobe] [HKU\S-1-5-21-3951195138-895905141-1799569697-500\Software\AppDataLow] [HKU\S-1-5-21-3951195138-895905141-1799569697-500\Software\ATI] [HKU\S-1-5-21-3951195138-895905141-1799569697-500\Software\Clients] [HKU\S-1-5-21-3951195138-895905141-1799569697-500\Software\EPSON] [HKU\S-1-5-21-3951195138-895905141-1799569697-500\Software\Google] [HKU\S-1-5-21-3951195138-895905141-1799569697-500\Software\Intel] [HKU\S-1-5-21-3951195138-895905141-1799569697-500\Software\Malwarebytes] [HKU\S-1-5-21-3951195138-895905141-1799569697-500\Software\Microsoft] [HKU\S-1-5-21-3951195138-895905141-1799569697-500\Software\Mozilla] [HKU\S-1-5-21-3951195138-895905141-1799569697-500\Software\Netscape] [HKU\S-1-5-21-3951195138-895905141-1799569697-500\Software\Piriform] [HKU\S-1-5-21-3951195138-895905141-1799569697-500\Software\Policies] [HKU\S-1-5-21-3951195138-895905141-1799569697-500\Software\RegisteredApplications] [HKU\S-1-5-21-3951195138-895905141-1799569697-500\Software\Seifert] [HKU\S-1-5-21-3951195138-895905141-1799569697-500\Software\SereneScreen] [HKU\S-1-5-21-3951195138-895905141-1799569697-500\Software\Simply Super Software] [HKU\S-1-5-21-3951195138-895905141-1799569697-500\Software\Thunderbird] [HKU\S-1-5-21-3951195138-895905141-1799569697-500\Software\WOW6432Node] [HKU\S-1-5-21-3951195138-895905141-1799569697-500\Software\Yahoo] [HKU\S-1-5-21-3951195138-895905141-1799569697-500\SOFTWARE\AppDataLow\Software\Microsoft] [HKU\S-1-5-21-3951195138-895905141-1799569697-500\Software\Microsoft\Windows\AssignedAccessConfiguration] [HKU\S-1-5-21-3951195138-895905141-1799569697-500\Software\Microsoft\Windows\CurrentVersion] [HKU\S-1-5-21-3951195138-895905141-1799569697-500\Software\Microsoft\Windows\DWM] [HKU\S-1-5-21-3951195138-895905141-1799569697-500\Software\Microsoft\Windows\Shell] [HKU\S-1-5-21-3951195138-895905141-1799569697-500\Software\Microsoft\Windows\TabletPC] [HKU\S-1-5-21-3951195138-895905141-1799569697-500\Software\Microsoft\Windows\Windows Error Reporting] [HKU\S-1-5-21-3951195138-895905141-1799569697-500\Software\Microsoft\Windows\Winlogon] [HKU\S-1-5-21-3951195138-895905141-1799569697-500\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\$RegPathCompany] [HKLM\Software\Alienware] [HKLM\Software\AMD] [HKLM\Software\ATI] [HKLM\Software\ATI Technologies] [HKLM\Software\Clients] [HKLM\Software\CVSM] [HKLM\Software\cybelsoft] [HKLM\Software\DefaultUserEnvironment] [HKLM\Software\Dolby] [HKLM\Software\EPSON] [HKLM\Software\g3n-h@ckm@n] [HKLM\Software\Google] [HKLM\Software\Huawei technologies] [HKLM\Software\ICEpower] [HKLM\Software\INextUUID] [HKLM\Software\Intel] [HKLM\Software\Khronos] [HKLM\Software\Logitech] [HKLM\Software\Macromedia] [HKLM\Software\Microsoft] [HKLM\Software\Mozilla] [HKLM\Software\mozilla.org] [HKLM\Software\MozillaPlugins] [HKLM\Software\Nahimic] [HKLM\Software\Nuance] [HKLM\Software\ODBC] [HKLM\Software\OEM] [HKLM\Software\Partner] [HKLM\Software\Piriform] [HKLM\Software\Policies] [HKLM\Software\Realtek] [HKLM\Software\RegisteredApplications] [HKLM\Software\RTLSetup] [HKLM\Software\SRS Labs] [HKLM\Software\sysinternals] [HKLM\Software\Windows] [HKLM\Software\WOW6432Node] [HKLM\Software\Yamaha APO] [HKLM\Software\Microsoft\Windows\Autopilot] [HKLM\Software\Microsoft\Windows\ClickNote] [HKLM\Software\Microsoft\Windows\CurrentVersion] [HKLM\Software\Microsoft\Windows\DWM] [HKLM\Software\Microsoft\Windows\DynamicManagement] [HKLM\Software\Microsoft\Windows\EnterpriseResourceManager] [HKLM\Software\Microsoft\Windows\Heat] [HKLM\Software\Microsoft\Windows\HTML Help] [HKLM\Software\Microsoft\Windows\ITStorage] [HKLM\Software\Microsoft\Windows\Notepad] [HKLM\Software\Microsoft\Windows\ScheduledDiagnostics] [HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\Microsoft\Windows\Shell] [HKLM\Software\Microsoft\Windows\Tablet PC] [HKLM\Software\Microsoft\Windows\TabletPC] [HKLM\Software\Microsoft\Windows\UpdateApi] [HKLM\Software\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\Microsoft\Windows\Windows Search] [HKLM\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\AarSvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\autotimesvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\BcastDVRUserService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\btagservice] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\BthAppGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\Camera] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ClipboardSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\DevicesFlow] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\diagnostics] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\GraphicsPerfSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ICService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceHttp] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestrictedDhcpLmHosts] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetworkFirewall] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceDnsNla] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\print] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\PrintWorkflow] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\rdxgroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\RmSvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\UnistackSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\WepHostSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wsappx] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wusvcs] [HKLM\Software\WOW6432Node\Adobe] [HKLM\Software\WOW6432Node\ATI] [HKLM\Software\WOW6432Node\ATI Technologies] [HKLM\Software\WOW6432Node\BraveSoftware] [HKLM\Software\WOW6432Node\DownloadCenter] [HKLM\Software\WOW6432Node\EaseUS] [HKLM\Software\WOW6432Node\EaseUS Todo Backup] [HKLM\Software\WOW6432Node\EPSON] [HKLM\Software\WOW6432Node\Eset] [HKLM\Software\WOW6432Node\Google] [HKLM\Software\WOW6432Node\Khronos] [HKLM\Software\WOW6432Node\Licenses] [HKLM\Software\WOW6432Node\Logitech] [HKLM\Software\WOW6432Node\Macromedia] [HKLM\Software\WOW6432Node\Microsoft] [HKLM\Software\WOW6432Node\Mozilla] [HKLM\Software\WOW6432Node\MozillaPlugins] [HKLM\Software\WOW6432Node\Nuance] [HKLM\Software\WOW6432Node\ODBC] [HKLM\Software\WOW6432Node\Realtek] [HKLM\Software\WOW6432Node\Realtek Semiconductor Corp.] [HKLM\Software\WOW6432Node\RenaultAutomotive] [HKLM\Software\WOW6432Node\SEIKO EPSON Corp.] [HKLM\Software\WOW6432Node\Softgogo] [HKLM\Software\WOW6432Node\SRS Labs] [HKLM\Software\WOW6432Node\Unchecky] [HKLM\Software\WOW6432Node\Yahoo] [HKLM\Software\WOW6432Node\Clients] [HKLM\Software\WOW6432Node\Policies] [HKLM\Software\WOW6432Node\RegisteredApplications] [HKLM\Software\WOW6432Node\Microsoft\Windows\ClickNote] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows\Dwm] [HKLM\Software\WOW6432Node\Microsoft\Windows\EnterpriseResourceManager] [HKLM\Software\WOW6432Node\Microsoft\Windows\Heat] [HKLM\Software\WOW6432Node\Microsoft\Windows\HTML Help] [HKLM\Software\WOW6432Node\Microsoft\Windows\ITStorage] [HKLM\Software\WOW6432Node\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\WOW6432Node\Microsoft\Windows\Tablet PC] [HKLM\Software\WOW6432Node\Microsoft\Windows\UpdateApi] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Search] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceHttp] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestrictedDhcpLmHosts] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetworkFirewall] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceDnsNla] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\PrintWorkflow] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\wusvcs] ---------- | Drives D: [09/04/2016 10:26:07] - |A| - (.-.) - [992] - (0.0.0.0) - D:\WD Drive Utilities.lnk ---------- | C: [18/12/2018 16:16:26] - |HD| - [180357] - C:\$GetCurrent [23/03/2016 16:33:10] - |SHD| - [213947898] - C:\$RECYCLE.BIN [05/06/2019 20:15:58] - |HD| - [137447730] - C:\$SysReset [15/06/2019 14:33:26] - |D| - [13527] - C:\$WINDOWS.~BT [15/06/2019 14:33:22] - |HD| - [294274] - C:\$Windows.~WS [06/09/2019 16:01:18] - |D| - [55252] - C:\AdwCleaner [24/03/2016 21:38:01] - |D| - [14] - C:\AllShare [06/01/2015 17:41:24] - |D| - [6128618681] - C:\AMD [MD5.D41D8CD98F00B204E9800998ECF8427E] - [17/11/2013 16:27:33] - |A| - (.-.) - [0] - (0.0.0.0) - C:\autoexec.bat [28/12/2011 03:09:58] - |SHD| - [15984916] - C:\Boot [MD5.259525CFB422E6AC8E87BC9777B1DF73] - [28/12/2011 03:09:58] - |RASH| - (.-.) - [383786] - (0.0.0.0) - C:\bootmgr [MD5.93B885ADFE0DA089CDF634904FD59F71] - [30/10/2015 10:13:44] - |ASH| - (.-.) - [1] - (0.0.0.0) - C:\BOOTNXT [MD5.D41D8CD98F00B204E9800998ECF8427E] - [28/12/2011 03:10:00] - |RASH| - (.-.) - [8192] - (0.0.0.0) - C:\BOOTSECT.BAK [MD5.8E36085A44AF6915D984DC950E7781E4] - [07/08/2019 16:26:30] - |SH| - (.-.) - [80] - (0.0.0.0) - C:\bootTel.dat [14/07/2009 07:08:56] - |SHD| - [0] - C:\Documents and Settings [02/02/2015 16:37:05] - |D| - [0] - C:\Download [04/06/2018 10:05:25] - |D| - [0] - C:\ESD [03/09/2019 15:36:37] - |D| - [16] - C:\found.001 [12/01/2018 16:56:55] - |D| - [119057391] - C:\FRST [MD5.D41D8CD98F00B204E9800998ECF8427E] - [18/12/2018 18:52:32] - |ASH| - (.-.) - [4750942208] - (0.0.0.0) - C:\hiberfil.sys [29/01/2015 13:52:00] - |D| - [0] - C:\Intel [09/09/2019 08:22:19] - |D| - [87577] - C:\KVRT_Data [27/04/2016 07:50:24] - |D| - [16285696] - C:\Logs [03/12/2014 16:51:54] - |DC| - [43710] - C:\MATS [25/07/2017 22:02:26] - |RHD| - [363779133] - C:\MSOCache [27/11/2017 17:13:27] - |HD| - [0] - C:\OneDriveTemp [MD5.D41D8CD98F00B204E9800998ECF8427E] - [17/07/2017 15:48:19] - |ASH| - (.-.) - [1006632960] - (0.0.0.0) - C:\pagefile.sys [05/06/2019 21:49:15] - |D| - [0] - C:\PerfLogs [05/06/2019 21:49:15] - |RD| - [3434082091] - C:\Program Files [05/06/2019 21:49:15] - |D| - [3192733268] - C:\Program Files (x86) [05/06/2019 21:49:15] - |HD| - [1451692691] - C:\ProgramData [15/09/2019 09:21:27] - |D| - [68685] - C:\QuickDiag [MD5.15729BED3D755487E1913714693CBEF6] - [15/09/2019 09:21:35] - |A| - (.-.) - [162835] - (0.0.0.0) - C:\QuickDiag.txt [05/06/2019 22:11:13] - |SHD| - [0] - C:\Recovery [MD5.989BC7A211A228454210DF1EDA1B602E] - [14/09/2019 13:03:04] - |A| - (.-.) - [468] - (0.0.0.0) - C:\SeafLog.txt [MD5.D41D8CD98F00B204E9800998ECF8427E] - [07/04/2017 18:28:19] - |ASH| - (.-.) - [268435456] - (0.0.0.0) - C:\swapfile.sys [04/07/2012 02:54:14] - |SHD| - [7982693161] - C:\System Volume Information [05/06/2019 21:37:26] - |RD| - [30241420438] - C:\Users [05/06/2019 21:37:25] - |D| - [24890151559] - C:\Windows ---------- | C:\WINDOWS [05/06/2019 21:49:15] - |D| - [802] - C:\WINDOWS\addins [05/06/2019 21:49:15] - |D| - [11327975] - C:\WINDOWS\appcompat [05/06/2019 21:49:15] - |D| - [8768290] - C:\WINDOWS\apppatch [05/06/2019 21:49:15] - |D| - [0] - C:\WINDOWS\AppReadiness [05/06/2019 21:49:15] - |RD| - [968886447] - C:\WINDOWS\assembly [MD5.D41D8CD98F00B204E9800998ECF8427E] - [05/06/2019 21:19:57] - |A| - (.-.) - [0] - (0.0.0.0) - C:\WINDOWS\ativpsrm.bin [05/06/2019 21:49:15] - |D| - [785153] - C:\WINDOWS\bcastdvr [MD5.B75D52E7DBEEF44A2C3324A2CE0272C9] - [19/03/2019 06:43:47] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Utilitaire de service de fichier de démarrage.) - [73216] - (10.0.18362.1) - C:\WINDOWS\bfsvc.exe [05/06/2019 21:49:15] - |D| - [39549067] - C:\WINDOWS\Boot [MD5.F9646037A775119151FFE690CCEED3AA] - [05/06/2019 22:04:53] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\WINDOWS\bootstat.dat [05/06/2019 21:49:15] - |D| - [2459128] - C:\WINDOWS\Branding [05/06/2019 21:41:22] - |D| - [0] - C:\WINDOWS\CbsTemp [05/06/2019 21:49:15] - |D| - [34157093] - C:\WINDOWS\Containers [05/06/2019 21:49:15] - |D| - [11501377] - C:\WINDOWS\Cursors [05/06/2019 21:49:15] - |D| - [18224483] - C:\WINDOWS\debug [05/06/2019 21:49:15] - |D| - [4558493] - C:\WINDOWS\diagnostics [05/06/2019 21:49:15] - |D| - [2074128] - C:\WINDOWS\DiagTrack [05/06/2019 21:53:20] - |D| - [0] - C:\WINDOWS\DigitalLocker [05/06/2019 21:49:15] - |SD| - [65] - C:\WINDOWS\Downloaded Program Files [05/06/2019 21:49:15] - |HD| - [67408] - C:\WINDOWS\ELAMBKUP [05/06/2019 21:53:20] - |D| - [97792] - C:\WINDOWS\en-US [MD5.5BF20D72234EFA5640E8DF7F25F3CDC1] - [27/07/2019 18:08:25] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [4552376] - (10.0.18362.267) - C:\WINDOWS\explorer.exe [05/06/2019 21:49:15] - |RSD| - [417780614] - C:\WINDOWS\Fonts [05/06/2019 21:55:23] - |D| - [110592] - C:\WINDOWS\fr-FR [05/06/2019 21:49:15] - |D| - [0] - C:\WINDOWS\GameBarPresenceWriter [05/06/2019 21:49:15] - |D| - [53135467] - C:\WINDOWS\Globalization [05/06/2019 21:49:15] - |D| - [1529764] - C:\WINDOWS\Help [MD5.7FE51A1679579DB427447CE8DFD8D47F] - [27/07/2019 18:09:43] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Aide et support Microsoft.) - [1059840] - (10.0.18362.267) - C:\WINDOWS\HelpPane.exe [MD5.DF73D52FDCE65F90A2E49EFB5248C77C] - [19/03/2019 06:45:38] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Exécutable de l’aide HTML Microsoft®.) - [18432] - (10.0.18362.1) - C:\WINDOWS\hh.exe [05/06/2019 21:49:15] - |D| - [29869] - C:\WINDOWS\IdentityCRL [05/06/2019 21:49:15] - |D| - [28824510] - C:\WINDOWS\IME [05/06/2019 21:49:15] - |RD| - [9266183] - C:\WINDOWS\ImmersiveControlPanel [05/06/2019 21:47:41] - |D| - [107229363] - C:\WINDOWS\INF [05/06/2019 21:49:15] - |D| - [38126462] - C:\WINDOWS\InputMethod [05/06/2019 21:49:15] - |SHD| - [2568257118] - C:\WINDOWS\Installer [05/06/2019 21:49:15] - |D| - [94304] - C:\WINDOWS\L2Schemas [05/06/2019 21:49:15] - |HD| - [0] - C:\WINDOWS\LanguageOverlayCache [05/06/2019 21:49:15] - |D| - [0] - C:\WINDOWS\LiveKernelReports [05/06/2019 21:49:15] - |D| - [275661278] - C:\WINDOWS\Logs [05/06/2019 21:49:15] - |RSD| - [20063519] - C:\WINDOWS\Media [MD5.23AF90D2355D8C83AA4567EF1763B467] - [19/03/2019 06:44:30] - |A| - (.-.) - [43131] - (0.0.0.0) - C:\WINDOWS\mib.bin [05/06/2019 21:49:15] - |RD| - [825309046] - C:\WINDOWS\Microsoft.NET [05/06/2019 21:49:15] - |D| - [3323] - C:\WINDOWS\Migration [05/08/2019 11:03:00] - |D| - [0] - C:\WINDOWS\Minidump [05/06/2019 21:49:15] - |D| - [0] - C:\WINDOWS\ModemLogs [MD5.F1139811BBF61362915958806AD30211] - [19/03/2019 06:45:00] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Bloc-notes.) - [181248] - (10.0.18362.1) - C:\WINDOWS\notepad.exe [MD5.04F313E2EF21071DA24E5FF4A564DBC0] - [14/09/2019 16:49:22] - |A| - (.-.) - [192462] - (0.0.0.0) - C:\WINDOWS\ntbtlog.txt [05/06/2019 21:56:34] - |D| - [199472] - C:\WINDOWS\OCR [05/06/2019 21:49:15] - |RD| - [65] - C:\WINDOWS\Offline Web Pages [05/06/2019 21:37:21] - |D| - [31676030] - C:\WINDOWS\Panther [06/06/2019 07:19:34] - |D| - [0] - C:\WINDOWS\PCHEALTH [05/06/2019 21:49:15] - |D| - [364552] - C:\WINDOWS\Performance [MD5.43C9220D197D0FA30FBF5AC45337D80C] - [06/06/2019 08:30:35] - |A| - (.-.) - [289704] - (0.0.0.0) - C:\WINDOWS\PFRO.log [05/06/2019 21:49:15] - |D| - [1283900] - C:\WINDOWS\PLA [05/06/2019 21:49:15] - |D| - [9719123] - C:\WINDOWS\PolicyDefinitions [05/06/2019 21:49:15] - |D| - [24845750] - C:\WINDOWS\prefetch [05/06/2019 21:49:15] - |RD| - [1997304] - C:\WINDOWS\PrintDialog [05/06/2019 21:49:15] - |D| - [5895170] - C:\WINDOWS\Provisioning [MD5.29409008DF22243BB320333F9FD5C060] - [19/03/2019 06:45:47] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Éditeur du Registre.) - [358400] - (10.0.18362.1) - C:\WINDOWS\regedit.exe [05/06/2019 21:49:15] - |D| - [22588] - C:\WINDOWS\registration [05/06/2019 21:49:15] - |D| - [17973056] - C:\WINDOWS\rescache [05/06/2019 21:49:15] - |D| - [4739239] - C:\WINDOWS\Resources [MD5.800C78BFF01B150C2E77165A67A0CFCF] - [08/08/2019 08:51:04] - |A| - (.Copyright (C) 2019 Realtek Semiconductor Corp. - RtlExUpd DLL for setup utility function.) - [2856624] - (1.0.7.3) - C:\WINDOWS\RtlExUpd.dll [05/06/2019 21:49:15] - |D| - [0] - C:\WINDOWS\SchCache [05/06/2019 21:49:15] - |D| - [122082] - C:\WINDOWS\schemas [05/06/2019 21:49:15] - |D| - [7811111] - C:\WINDOWS\security [05/06/2019 22:04:41] - |D| - [84191825] - C:\WINDOWS\ServiceProfiles [05/06/2019 21:49:15] - |D| - [4096] - C:\WINDOWS\ServiceState [05/06/2019 21:37:26] - |D| - [570203888] - C:\WINDOWS\servicing [05/06/2019 21:57:06] - |D| - [42] - C:\WINDOWS\Setup [05/06/2019 21:49:15] - |D| - [7052288] - C:\WINDOWS\ShellComponents [05/06/2019 21:49:15] - |D| - [55826944] - C:\WINDOWS\ShellExperiences [06/06/2019 07:15:03] - |D| - [37403] - C:\WINDOWS\SHELLNEW [05/06/2019 21:49:15] - |D| - [3070736] - C:\WINDOWS\SKB [05/06/2019 21:37:29] - |D| - [385078021] - C:\WINDOWS\SoftwareDistribution [05/06/2019 21:49:15] - |D| - [86040769] - C:\WINDOWS\Speech [05/06/2019 21:49:15] - |D| - [63949381] - C:\WINDOWS\Speech_OneCore [MD5.DD8E5CAD821A7A4122D7FA0BF92512D6] - [20/07/2019 14:17:45] - |A| - (.© Microsoft Corporation. - Print driver host for applications.) - [132096] - (10.0.18362.239) - C:\WINDOWS\splwow64.exe [05/06/2019 21:49:15] - |D| - [31039] - C:\WINDOWS\System [MD5.286A9EDB379DC3423A528B0864A0F111] - [05/06/2019 21:49:21] - |A| - (.-.) - [219] - (0.0.0.0) - C:\WINDOWS\system.ini [05/06/2019 21:37:26] - |D| - [6238446398] - C:\WINDOWS\System32 [05/06/2019 21:49:15] - |D| - [209018361] - C:\WINDOWS\SystemApps [05/06/2019 21:49:15] - |D| - [189210613] - C:\WINDOWS\SystemResources [05/06/2019 21:49:15] - |D| - [1421093100] - C:\WINDOWS\SysWOW64 [05/06/2019 21:49:15] - |D| - [0] - C:\WINDOWS\TAPI [05/06/2019 21:49:15] - |D| - [1151] - C:\WINDOWS\Tasks [05/06/2019 21:49:15] - |D| - [3131138] - C:\WINDOWS\Temp [05/06/2019 21:49:15] - |D| - [13786112] - C:\WINDOWS\TextInput [05/06/2019 21:49:15] - |D| - [0] - C:\WINDOWS\tracing [05/06/2019 21:49:15] - |D| - [16384] - C:\WINDOWS\twain_32 [MD5.BC67755EBD59B2523C943F0D1A9982EF] - [19/03/2019 06:46:01] - |A| - (.- Gestionnaire de sources Twain_32 (Image Acquisition Interface).) - [64512] - (1.7.1.3) - C:\WINDOWS\twain_32.dll [05/06/2019 21:49:15] - |D| - [12420] - C:\WINDOWS\Vss [05/06/2019 21:49:15] - |D| - [33142] - C:\WINDOWS\WaaS [05/06/2019 21:49:15] - |D| - [16568315] - C:\WINDOWS\Web [MD5.23CF8138F49416231807E6DE371FB9E6] - [05/06/2019 21:49:21] - |A| - (.-.) - [92] - (0.0.0.0) - C:\WINDOWS\win.ini [MD5.C844CA459F3B209329984772269B6E56] - [19/03/2019 06:44:30] - |AH| - (.-.) - [670] - (0.0.0.0) - C:\WINDOWS\WindowsShell.Manifest [MD5.2CC83D93DD1DDE691158CF5E9882420B] - [13/09/2019 16:19:35] - |A| - (.-.) - [276] - (0.0.0.0) - C:\WINDOWS\WindowsUpdate.log [MD5.CAA192BFDFB5F2A131EBD649B7062DE3] - [19/03/2019 06:46:01] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Relais Windows Winhlp32.) - [11776] - (10.0.18362.1) - C:\WINDOWS\winhlp32.exe [05/06/2019 21:37:26] - |D| - [9978588876] - C:\WINDOWS\WinSxS [MD5.E7E4D8D7340DA6934B9EA81CBB21374C] - [19/03/2019 06:58:10] - |A| - (.-.) - [316640] - (0.0.0.0) - C:\WINDOWS\WMSysPr9.prx [MD5.1D27F61CC5D659247D2E0C111C5386DE] - [19/03/2019 06:45:54] - |A| - (.© Microsoft Corporation. - Windows Write.) - [11264] - (10.0.18362.1) - C:\WINDOWS\write.exe ---------- | C:\WINDOWS\System32\GroupPolicy [MD5.8C6D69C4EC43412151A58E4CEA129501] - [14/09/2019 08:40:38] - |A| - (.-.) - [127] - (0.0.0.0) - C:\WINDOWS\System32\GroupPolicy\gpt.ini [14/09/2019 08:40:38] - |D| - [708] - C:\WINDOWS\System32\GroupPolicy\Machine [14/09/2019 08:40:38] - |D| - [0] - C:\WINDOWS\System32\GroupPolicy\User ---------- | Systemroot\System ---------- | Systemroot\Installer (Microsoft Files Whitelisted) [17/03/2015 10:41:29] - C:\WINDOWS\Installer\1fee4b1.msi : ( - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [05/05/2019 15:40:14] - C:\WINDOWS\Installer\209709d.msi : (Hardware Detection DriversCloud.com - Cybelsoft) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [11/11/2014 10:49:56] - C:\WINDOWS\Installer\240fe.msi : (Branding - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/11/2015 22:17:44] - C:\WINDOWS\Installer\24103.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/11/2015 22:14:30] - C:\WINDOWS\Installer\24108.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/11/2015 22:14:38] - C:\WINDOWS\Installer\2410d.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/11/2015 22:14:48] - C:\WINDOWS\Installer\24112.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/11/2015 22:14:56] - C:\WINDOWS\Installer\24117.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/11/2015 22:15:04] - C:\WINDOWS\Installer\2411c.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/11/2015 22:15:14] - C:\WINDOWS\Installer\24121.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/11/2015 22:15:22] - C:\WINDOWS\Installer\24126.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/11/2015 22:15:30] - C:\WINDOWS\Installer\2412b.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/11/2015 22:15:40] - C:\WINDOWS\Installer\24130.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/11/2015 22:15:48] - C:\WINDOWS\Installer\24135.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/11/2015 22:15:56] - C:\WINDOWS\Installer\2413a.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/11/2015 22:16:04] - C:\WINDOWS\Installer\2413f.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/11/2015 22:16:14] - C:\WINDOWS\Installer\24144.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/11/2015 22:16:22] - C:\WINDOWS\Installer\24149.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/11/2015 22:16:30] - C:\WINDOWS\Installer\2414e.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/11/2015 22:16:40] - C:\WINDOWS\Installer\24153.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/11/2015 22:16:48] - C:\WINDOWS\Installer\24158.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/11/2015 22:16:56] - C:\WINDOWS\Installer\2415d.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/11/2015 22:17:04] - C:\WINDOWS\Installer\24162.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/11/2015 22:17:14] - C:\WINDOWS\Installer\24167.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/11/2015 22:17:22] - C:\WINDOWS\Installer\2416c.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/11/2015 22:17:30] - C:\WINDOWS\Installer\24171.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/11/2015 22:18:10] - C:\WINDOWS\Installer\24176.msi : (Catalyst Control Center Utility 64 - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/11/2015 22:19:04] - C:\WINDOWS\Installer\2417b.msi : (AMD Fuel - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/11/2015 22:14:18] - C:\WINDOWS\Installer\24180.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/11/2015 22:17:52] - C:\WINDOWS\Installer\2be0e6.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/01/2019 16:42:06] - C:\WINDOWS\Installer\3ffa7.msi : (OEM Application Profile - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [09/08/2019 07:55:09] - C:\WINDOWS\Installer\4f18952.msi : (Adobe ARM Installer - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [07/01/2019 08:06:28] - C:\WINDOWS\Installer\5281f66.msi : (Intel(R) Chipset Device Software - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/06/2019 11:13:28] - C:\WINDOWS\Installer\5e17e9.msi : (Google Earth Pro - Google) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/06/2019 11:12:36] - C:\WINDOWS\Installer\5e17ef.msi : (Google Update Helper - Google LLC) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/11/2015 22:17:52] - C:\WINDOWS\Installer\7ee4b.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [15/02/2019 04:41:00] - C:\WINDOWS\Installer\8c179.msi : (Epson Software Updater - Seiko Epson Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [09/08/2017 00:00:00] - C:\WINDOWS\Installer\8c18a.msi : ( -) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/06/2011 21:27:28] - [4028928] - (.().-. - ()) - C:\WINDOWS\Installer\150507.msp [25/02/2009 19:08:18] - [8311808] - (.().-. - ()) - C:\WINDOWS\Installer\158db2.msp [14/04/2009 04:56:48] - [10826752] - (.().-. - ()) - C:\WINDOWS\Installer\158dba.msp [14/04/2009 04:22:04] - [7532544] - (.().-. - ()) - C:\WINDOWS\Installer\158dc2.msp [14/04/2009 03:46:40] - [7391744] - (.().-. - ()) - C:\WINDOWS\Installer\158dca.msp [21/07/2011 12:34:34] - [3456000] - (.().-. - ()) - C:\WINDOWS\Installer\158dd3.msp [15/09/2011 18:39:56] - [15017984] - (.().-. - ()) - C:\WINDOWS\Installer\158dda.msp [15/09/2011 18:40:24] - [33243648] - (.().-. - ()) - C:\WINDOWS\Installer\158e01.msp [15/09/2011 18:34:14] - [8499712] - (.().-. - ()) - C:\WINDOWS\Installer\158f03.msp [15/09/2011 18:35:04] - [1833984] - (.().-. - ()) - C:\WINDOWS\Installer\158f0e.msp [15/09/2011 18:37:06] - [14140416] - (.().-. - ()) - C:\WINDOWS\Installer\158f1a.msp [15/09/2011 18:38:04] - [10838528] - (.().-. - ()) - C:\WINDOWS\Installer\158f25.msp [15/09/2011 18:39:22] - [11163136] - (.().-. - ()) - C:\WINDOWS\Installer\158f31.msp [15/09/2011 18:40:36] - [7959552] - (.().-. - ()) - C:\WINDOWS\Installer\158f3b.msp [15/09/2011 18:40:52] - [4760064] - (.().-. - ()) - C:\WINDOWS\Installer\158f45.msp [26/10/2011 23:23:32] - [8821760] - (.().-. - ()) - C:\WINDOWS\Installer\158f50.msp [26/10/2011 23:22:30] - [1071616] - (.().-. - ()) - C:\WINDOWS\Installer\158f51.msp [23/01/2013 18:05:40] - [9765376] - (.().-. - ()) - C:\WINDOWS\Installer\158f59.msp [27/06/2013 22:13:14] - [40314880] - (.().-. - ()) - C:\WINDOWS\Installer\158f70.msp [17/06/2015 15:23:30] - [432128] - (.().-. - ()) - C:\WINDOWS\Installer\158f77.msp [22/08/2019 13:14:18] - [2002944] - (.().-. - ()) - C:\WINDOWS\Installer\1b31de11.msp [16/08/2019 10:08:46] - [9048064] - (.().-. - ()) - C:\WINDOWS\Installer\23312.msp [01/11/2011 13:34:26] - [1169920] - (.().-. - ()) - C:\WINDOWS\Installer\72a4a.msp [01/11/2011 13:34:28] - [2247168] - (.().-. - ()) - C:\WINDOWS\Installer\72a5c.msp [15/03/2012 02:24:28] - [1795584] - (.().-. - ()) - C:\WINDOWS\Installer\72a6e.msp [17/02/2012 08:45:24] - [2299392] - (.().-. - ()) - C:\WINDOWS\Installer\72a7f.msp [18/07/2012 15:46:48] - [593408] - (.().-. - ()) - C:\WINDOWS\Installer\72a91.msp [25/07/2012 16:57:08] - [2532864] - (.().-. - ()) - C:\WINDOWS\Installer\72aa3.msp [19/12/2012 22:36:38] - [13662720] - (.().-. - ()) - C:\WINDOWS\Installer\72ab5.msp [08/05/2013 21:36:50] - [10943488] - (.().-. - ()) - C:\WINDOWS\Installer\72ad8.msp [06/09/2013 23:07:02] - [11534336] - (.().-. - ()) - C:\WINDOWS\Installer\72ae1.msp [01/11/2013 18:15:08] - [6185472] - (.().-. - ()) - C:\WINDOWS\Installer\72af3.msp [16/04/2014 08:41:38] - [7844864] - (.().-. - ()) - C:\WINDOWS\Installer\72b05.msp [16/04/2014 08:40:26] - [7900672] - (.().-. - ()) - C:\WINDOWS\Installer\72b17.msp [19/11/2014 08:45:32] - [11059200] - (.().-. - ()) - C:\WINDOWS\Installer\72b29.msp [14/01/2015 22:35:04] - [10158080] - (.().-. - ()) - C:\WINDOWS\Installer\72b3e.msp [17/02/2015 17:43:42] - [8855552] - (.().-. - ()) - C:\WINDOWS\Installer\72b51.msp [17/02/2015 17:43:02] - [1053696] - (.().-. - ()) - C:\WINDOWS\Installer\72b52.msp [17/02/2015 17:37:22] - [746496] - (.().-. - ()) - C:\WINDOWS\Installer\72b5b.msp [20/06/2015 03:57:20] - [13508608] - (.().-. - ()) - C:\WINDOWS\Installer\72b6d.msp [16/07/2015 08:20:48] - [1110528] - (.().-. - ()) - C:\WINDOWS\Installer\72b76.msp [22/07/2015 09:07:40] - [5079040] - (.().-. - ()) - C:\WINDOWS\Installer\72b88.msp [22/07/2015 09:10:44] - [10031104] - (.().-. - ()) - C:\WINDOWS\Installer\72b9a.msp [04/09/2015 23:32:46] - [5976064] - (.().-. - ()) - C:\WINDOWS\Installer\72bab.msp [11/11/2015 22:32:34] - [8818688] - (.().-. - ()) - C:\WINDOWS\Installer\72bbd.msp [10/12/2015 11:57:36] - [24256512] - (.().-. - ()) - C:\WINDOWS\Installer\72bd5.msp [10/02/2016 11:39:52] - [2584576] - (.().-. - ()) - C:\WINDOWS\Installer\72be9.msp [14/04/2016 08:01:50] - [5959680] - (.().-. - ()) - C:\WINDOWS\Installer\72bfb.msp [14/04/2016 08:00:42] - [11554816] - (.().-. - ()) - C:\WINDOWS\Installer\72c0d.msp [17/05/2016 17:56:42] - [2978304] - (.().-. - ()) - C:\WINDOWS\Installer\72c16.msp [19/05/2016 04:14:28] - [4030464] - (.().-. - ()) - C:\WINDOWS\Installer\72c29.msp [13/07/2016 01:04:26] - [4911104] - (.().-. - ()) - C:\WINDOWS\Installer\72c3f.msp [27/10/2016 15:43:22] - [9019392] - (.().-. - ()) - C:\WINDOWS\Installer\72c51.msp [14/03/2017 14:51:22] - [909312] - (.().-. - ()) - C:\WINDOWS\Installer\72c63.msp [11/04/2017 23:25:46] - [9420800] - (.().-. - ()) - C:\WINDOWS\Installer\72c75.msp [27/08/2017 11:25:28] - [638976] - (.().-. - ()) - C:\WINDOWS\Installer\72c7e.msp [03/09/2017 02:08:26] - [9703424] - (.().-. - ()) - C:\WINDOWS\Installer\72c90.msp [03/09/2017 02:09:52] - [5218304] - (.().-. - ()) - C:\WINDOWS\Installer\72cb2.msp [03/09/2017 02:07:04] - [1142784] - (.().-. - ()) - C:\WINDOWS\Installer\72cbe.msp [05/09/2017 18:24:04] - [8134656] - (.().-. - ()) - C:\WINDOWS\Installer\72cd0.msp [14/12/2017 15:50:44] - [102400] - (.().-. - ()) - C:\WINDOWS\Installer\72cdd.msp [25/01/2018 18:59:52] - [17022976] - (.().-. - ()) - C:\WINDOWS\Installer\72cef.msp [24/03/2018 15:17:44] - [10461184] - (.().-. - ()) - C:\WINDOWS\Installer\72d01.msp [24/03/2018 15:18:34] - [9695232] - (.().-. - ()) - C:\WINDOWS\Installer\72d13.msp [24/03/2018 15:18:30] - [4341760] - (.().-. - ()) - C:\WINDOWS\Installer\72d25.msp [24/03/2018 15:18:34] - [10539008] - (.().-. - ()) - C:\WINDOWS\Installer\72d38.msp [17/05/2018 12:40:20] - [7991296] - (.().-. - ()) - C:\WINDOWS\Installer\72d41.msp [26/06/2018 12:38:18] - [761856] - (.().-. - ()) - C:\WINDOWS\Installer\72d4a.msp [13/09/2018 20:24:58] - [5918720] - (.().-. - ()) - C:\WINDOWS\Installer\72d53.msp [20/10/2018 14:18:40] - [774144] - (.().-. - ()) - C:\WINDOWS\Installer\72d5c.msp [30/11/2018 13:32:46] - [2023424] - (.().-. - ()) - C:\WINDOWS\Installer\72d65.msp [22/01/2019 16:39:00] - [7778304] - (.().-. - ()) - C:\WINDOWS\Installer\72d6e.msp [14/03/2019 11:49:28] - [8896512] - (.().-. - ()) - C:\WINDOWS\Installer\72d77.msp [12/08/2019 08:29:03] - [50438144] - (.().-. - ()) - C:\WINDOWS\Installer\7d40e9f.msp [13/06/2019 14:38:00] - [2260992] - (.().-. - ()) - C:\WINDOWS\Installer\d8c7b.msp ---------- | %System%\*.in* [01/05/2016 15:42:16] - [19066] - C:\WINDOWS\System32\AmUStor.ini [19/03/2019 06:45:40] - [3329] - C:\WINDOWS\System32\ieuinit.inf [26/10/2012 16:42:24] - [29494] - C:\WINDOWS\System32\lvcoin64.ini [05/06/2019 21:39:34] - [1771406] - C:\WINDOWS\System32\PerfStringBackup.INI [19/03/2019 06:45:00] - [60124] - C:\WINDOWS\System32\tcpmon.ini [19/03/2019 06:44:30] - [2404] - C:\WINDOWS\System32\WimBootCompress.ini [19/03/2019 06:46:01] - [3329] - C:\WINDOWS\Syswow64\ieuinit.inf [19/03/2019 06:45:19] - [2404] - C:\WINDOWS\Syswow64\WimBootCompress.ini ---------- | Listing no Microsoft signed files (Not necessary Malwares) | system32 | Syswow64 | General scan [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [0 Ko] - C:\WINDOWS\AppPatch\Custom\Custom64 [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 16:42:21] - [0.04 Ko] - C:\WINDOWS\Temp\Crashpad [MD5.58FBA2C5E1A58062DB5128B1664EF4CF] - |A| - [06/06/2019 09:01:06] - (.-.) - [54.52 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\CropAssist.log [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 19:00:40] - [0 Ko] - C:\WINDOWS\Temp\DiagTrack_alternativeTrace [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 19:00:40] - [0 Ko] - C:\WINDOWS\Temp\DiagTrack_aot [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 19:00:40] - [0 Ko] - C:\WINDOWS\Temp\DiagTrack_diag [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 19:00:40] - [0 Ko] - C:\WINDOWS\Temp\DiagTrack_miniTrace [MD5.00000000000000000000000000000000] - |D| - [13/09/2019 16:20:17] - [0 Ko] - C:\WINDOWS\Temp\FC084CE4-4144-4792-BA7C-0777CCBD5F27-Sigs [MD5.00000000000000000000000000000000] - |D| - [15/07/2019 11:45:53] - [197.41 Ko] - C:\WINDOWS\Temp\LogiDFULibUpdate [MD5.70D07DA03142CB402099CEA1A4288A17] - |A| - [13/09/2019 19:17:30] - (.-.) - [48.58 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MpCmdRun.log [MD5.4CDC363BB04AAA47937A64D7E217AC72] - |A| - [13/09/2019 16:20:18] - (.-.) - [69.2 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MpSigStub.log [MD5.00000000000000000000000000000000] - |D| - [13/09/2019 19:16:12] - [0 Ko] - C:\WINDOWS\Temp\Nebula-DFUPackages [MD5.89C1EA4EC89D1A86742EDC832515043A] - |A| - [14/09/2019 17:11:04] - (.-.) - [320 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_237D.tmp [MD5.5B3AC7F71B68558C585C2082F8250096] - |A| - [14/09/2019 11:04:42] - (.-.) - [256 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_52BF.tmp [MD5.2A96E8F6FC1B4413A20DAB0BF1E008F6] - |A| - [14/09/2019 18:36:20] - (.-.) - [192 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_67DE.tmp [MD5.884392136C5F508158E53A79EF4EBFA5] - |A| - [14/09/2019 15:09:34] - (.-.) - [256 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_776E.tmp [MD5.336DAD90097A45B18FC272C3EC7AF99B] - |A| - [13/09/2019 19:15:52] - (.-.) - [256 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_8EC2.tmp [MD5.5D3F138E9234CEEC412176C91DA32485] - |A| - [14/09/2019 19:01:46] - (.-.) - [256 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_970C.tmp [MD5.DE08E82AC392E7B8AA90F6B05F540A51] - |A| - [14/09/2019 11:04:12] - (.-.) - [128 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_DE0B.tmp [MD5.0B777E3FF8C0F4DF0528AB90670802E4] - |A| - [14/09/2019 18:35:45] - (.-.) - [256 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_DF63.tmp [MD5.E39ECC737FCD5CC51797735EA626A9B7] - |A| - [14/09/2019 19:01:00] - (.-.) - [320 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_E4E1.tmp [MD5.E74D29FE48250FFE820ABEAFF72ED5E5] - |A| - [14/09/2019 17:09:43] - (.-.) - [192 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_E908.tmp [MD5.B9A0718061A2708BEA6B974097D3C394] - |A| - [14/09/2019 15:08:59] - (.-.) - [256 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_EFCE.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 11:31:39] - [0 Ko] - C:\WINDOWS\Temp\tw-10e4-174-1a04e1.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 11:31:39] - [0 Ko] - C:\WINDOWS\Temp\tw-10e4-174-1a0541.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 11:31:39] - [0 Ko] - C:\WINDOWS\Temp\tw-10e4-174-1a0581.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 11:31:39] - [0 Ko] - C:\WINDOWS\Temp\tw-10e4-174-1a0593.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 11:31:39] - [0 Ko] - C:\WINDOWS\Temp\tw-10e4-174-1a05b4.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 11:31:39] - [0 Ko] - C:\WINDOWS\Temp\tw-10e4-174-1a05d5.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 11:31:39] - [0 Ko] - C:\WINDOWS\Temp\tw-10e4-174-1a05e7.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 11:31:39] - [0 Ko] - C:\WINDOWS\Temp\tw-10e4-174-1a0656.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 11:31:39] - [0 Ko] - C:\WINDOWS\Temp\tw-10e4-174-1a0678.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 11:31:39] - [0 Ko] - C:\WINDOWS\Temp\tw-10e4-174-1a0689.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 11:31:39] - [0 Ko] - C:\WINDOWS\Temp\tw-10e4-174-1a06e9.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 11:31:39] - [0 Ko] - C:\WINDOWS\Temp\tw-10e4-174-1a070a.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 11:31:39] - [0 Ko] - C:\WINDOWS\Temp\tw-10e4-174-1a072b.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 11:31:39] - [0 Ko] - C:\WINDOWS\Temp\tw-10e4-174-1a075c.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 11:31:39] - [0 Ko] - C:\WINDOWS\Temp\tw-10e4-174-1a077e.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 11:31:39] - [0 Ko] - C:\WINDOWS\Temp\tw-10e4-174-1a07ae.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 11:31:40] - [0 Ko] - C:\WINDOWS\Temp\tw-10e4-174-1a07c0.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 11:31:40] - [0 Ko] - C:\WINDOWS\Temp\tw-10e4-174-1a0820.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 11:31:40] - [0 Ko] - C:\WINDOWS\Temp\tw-10e4-174-1a0851.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 19:27:48] - [0 Ko] - C:\WINDOWS\Temp\tw-1858-238c-196c6a.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 19:27:48] - [0 Ko] - C:\WINDOWS\Temp\tw-1858-238c-196c8b.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 19:27:48] - [0 Ko] - C:\WINDOWS\Temp\tw-1858-238c-196cac.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 19:27:48] - [0 Ko] - C:\WINDOWS\Temp\tw-1858-238c-196cbe.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 19:27:48] - [0 Ko] - C:\WINDOWS\Temp\tw-1858-238c-196cc0.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 19:27:48] - [0 Ko] - C:\WINDOWS\Temp\tw-1858-238c-196cc2.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 19:27:48] - [0 Ko] - C:\WINDOWS\Temp\tw-1858-238c-196cd3.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 19:27:48] - [0 Ko] - C:\WINDOWS\Temp\tw-1858-238c-196ce5.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 19:27:48] - [0 Ko] - C:\WINDOWS\Temp\tw-1858-238c-196cf7.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 19:27:48] - [0 Ko] - C:\WINDOWS\Temp\tw-1858-238c-196d56.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 19:27:48] - [0 Ko] - C:\WINDOWS\Temp\tw-1858-238c-196e04.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 19:27:48] - [0 Ko] - C:\WINDOWS\Temp\tw-1858-238c-196e16.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 19:27:48] - [0 Ko] - C:\WINDOWS\Temp\tw-1858-238c-196e28.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 19:27:48] - [0 Ko] - C:\WINDOWS\Temp\tw-1858-238c-196e39.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 19:27:48] - [0 Ko] - C:\WINDOWS\Temp\tw-1858-238c-196e6a.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 19:27:48] - [0 Ko] - C:\WINDOWS\Temp\tw-1858-238c-196eba.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 19:27:49] - [0 Ko] - C:\WINDOWS\Temp\tw-1858-238c-197081.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 19:27:49] - [0 Ko] - C:\WINDOWS\Temp\tw-1858-238c-197083.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 19:27:49] - [0 Ko] - C:\WINDOWS\Temp\tw-1858-238c-1971ed.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 17:32:59] - [0 Ko] - C:\WINDOWS\Temp\tw-1a28-fb4-163386.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 17:32:59] - [0 Ko] - C:\WINDOWS\Temp\tw-1a28-fb4-1633d6.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 17:32:59] - [0 Ko] - C:\WINDOWS\Temp\tw-1a28-fb4-1633e8.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 17:32:59] - [0 Ko] - C:\WINDOWS\Temp\tw-1a28-fb4-1633ea.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 17:32:59] - [0 Ko] - C:\WINDOWS\Temp\tw-1a28-fb4-1633ec.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 17:32:59] - [0 Ko] - C:\WINDOWS\Temp\tw-1a28-fb4-1633fd.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 17:32:59] - [0 Ko] - C:\WINDOWS\Temp\tw-1a28-fb4-16340f.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 17:32:59] - [0 Ko] - C:\WINDOWS\Temp\tw-1a28-fb4-163411.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 17:32:59] - [0 Ko] - C:\WINDOWS\Temp\tw-1a28-fb4-16349f.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 17:32:59] - [0 Ko] - C:\WINDOWS\Temp\tw-1a28-fb4-16359b.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 17:32:59] - [0 Ko] - C:\WINDOWS\Temp\tw-1a28-fb4-16359d.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 17:32:59] - [0 Ko] - C:\WINDOWS\Temp\tw-1a28-fb4-1635af.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 17:32:59] - [0 Ko] - C:\WINDOWS\Temp\tw-1a28-fb4-1635b1.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 17:32:59] - [0 Ko] - C:\WINDOWS\Temp\tw-1a28-fb4-1635c3.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 17:32:59] - [0 Ko] - C:\WINDOWS\Temp\tw-1a28-fb4-1635c5.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 17:32:59] - [0 Ko] - C:\WINDOWS\Temp\tw-1a28-fb4-1635d6.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 17:32:59] - [0 Ko] - C:\WINDOWS\Temp\tw-1a28-fb4-1635d8.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 17:32:59] - [0 Ko] - C:\WINDOWS\Temp\tw-1a28-fb4-1635ea.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 17:32:59] - [0 Ko] - C:\WINDOWS\Temp\tw-1a28-fb4-1635fc.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 13:55:03] - [0 Ko] - C:\WINDOWS\Temp\tw-22a8-1088-9d4d66.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 13:55:03] - [0 Ko] - C:\WINDOWS\Temp\tw-22a8-1088-9d4d97.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 13:55:03] - [0 Ko] - C:\WINDOWS\Temp\tw-22a8-1088-9d4da9.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 13:55:03] - [0 Ko] - C:\WINDOWS\Temp\tw-22a8-1088-9d4dab.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 13:55:03] - [0 Ko] - C:\WINDOWS\Temp\tw-22a8-1088-9d4dbc.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 13:55:03] - [0 Ko] - C:\WINDOWS\Temp\tw-22a8-1088-9d4ded.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 13:55:03] - [0 Ko] - C:\WINDOWS\Temp\tw-22a8-1088-9d4dff.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 13:55:03] - [0 Ko] - C:\WINDOWS\Temp\tw-22a8-1088-9d4e10.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 13:55:03] - [0 Ko] - C:\WINDOWS\Temp\tw-22a8-1088-9d4e41.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 13:55:03] - [0 Ko] - C:\WINDOWS\Temp\tw-22a8-1088-9d4e63.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 13:55:03] - [0 Ko] - C:\WINDOWS\Temp\tw-22a8-1088-9d4e65.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 13:55:03] - [0 Ko] - C:\WINDOWS\Temp\tw-22a8-1088-9d4e76.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 13:55:03] - [0 Ko] - C:\WINDOWS\Temp\tw-22a8-1088-9d4e78.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 13:55:03] - [0 Ko] - C:\WINDOWS\Temp\tw-22a8-1088-9d4e8a.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 13:55:03] - [0 Ko] - C:\WINDOWS\Temp\tw-22a8-1088-9d4e9b.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 13:55:03] - [0 Ko] - C:\WINDOWS\Temp\tw-22a8-1088-9d4ebd.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 13:55:03] - [0 Ko] - C:\WINDOWS\Temp\tw-22a8-1088-9d4ece.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 13:55:03] - [0 Ko] - C:\WINDOWS\Temp\tw-22a8-1088-9d4ee0.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 13:55:03] - [0 Ko] - C:\WINDOWS\Temp\tw-22a8-1088-9d4ee2.tmp [MD5.00000000000000000000000000000000] - |D| - [13/09/2019 20:36:06] - [0 Ko] - C:\WINDOWS\Temp\tw-2504-8bc-12b7fb.tmp [MD5.00000000000000000000000000000000] - |D| - [13/09/2019 20:36:06] - [0 Ko] - C:\WINDOWS\Temp\tw-2504-8bc-12b80d.tmp [MD5.00000000000000000000000000000000] - |D| - [13/09/2019 20:36:07] - [0 Ko] - C:\WINDOWS\Temp\tw-2504-8bc-12b81f.tmp [MD5.00000000000000000000000000000000] - |D| - [13/09/2019 20:36:07] - [0 Ko] - C:\WINDOWS\Temp\tw-2504-8bc-12b821.tmp [MD5.00000000000000000000000000000000] - |D| - [13/09/2019 20:36:07] - [0 Ko] - C:\WINDOWS\Temp\tw-2504-8bc-12b823.tmp [MD5.00000000000000000000000000000000] - |D| - [13/09/2019 20:36:07] - [0 Ko] - C:\WINDOWS\Temp\tw-2504-8bc-12b834.tmp [MD5.00000000000000000000000000000000] - |D| - [13/09/2019 20:36:07] - [0 Ko] - C:\WINDOWS\Temp\tw-2504-8bc-12b846.tmp [MD5.00000000000000000000000000000000] - |D| - [13/09/2019 20:36:07] - [0 Ko] - C:\WINDOWS\Temp\tw-2504-8bc-12b848.tmp [MD5.00000000000000000000000000000000] - |D| - [13/09/2019 20:36:07] - [0 Ko] - C:\WINDOWS\Temp\tw-2504-8bc-12b85a.tmp [MD5.00000000000000000000000000000000] - |D| - [13/09/2019 20:36:07] - [0 Ko] - C:\WINDOWS\Temp\tw-2504-8bc-12b85c.tmp [MD5.00000000000000000000000000000000] - |D| - [13/09/2019 20:36:07] - [0 Ko] - C:\WINDOWS\Temp\tw-2504-8bc-12b85e.tmp [MD5.00000000000000000000000000000000] - |D| - [13/09/2019 20:36:07] - [0 Ko] - C:\WINDOWS\Temp\tw-2504-8bc-12b86f.tmp [MD5.00000000000000000000000000000000] - |D| - [13/09/2019 20:36:07] - [0 Ko] - C:\WINDOWS\Temp\tw-2504-8bc-12b871.tmp [MD5.00000000000000000000000000000000] - |D| - [13/09/2019 20:36:07] - [0 Ko] - C:\WINDOWS\Temp\tw-2504-8bc-12b883.tmp [MD5.00000000000000000000000000000000] - |D| - [13/09/2019 20:36:07] - [0 Ko] - C:\WINDOWS\Temp\tw-2504-8bc-12b885.tmp [MD5.00000000000000000000000000000000] - |D| - [13/09/2019 20:36:07] - [0 Ko] - C:\WINDOWS\Temp\tw-2504-8bc-12b887.tmp [MD5.00000000000000000000000000000000] - |D| - [13/09/2019 20:36:07] - [0 Ko] - C:\WINDOWS\Temp\tw-2504-8bc-12b898.tmp [MD5.00000000000000000000000000000000] - |D| - [13/09/2019 20:36:07] - [0 Ko] - C:\WINDOWS\Temp\tw-2504-8bc-12b89a.tmp [MD5.00000000000000000000000000000000] - |D| - [13/09/2019 20:36:07] - [0 Ko] - C:\WINDOWS\Temp\tw-2504-8bc-12b8ac.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 18:48:50] - [0 Ko] - C:\WINDOWS\Temp\tw-36c-1e40-cdbec.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 18:48:51] - [0 Ko] - C:\WINDOWS\Temp\tw-36c-1e40-cdc0d.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 18:48:51] - [0 Ko] - C:\WINDOWS\Temp\tw-36c-1e40-cdc0f.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 18:48:51] - [0 Ko] - C:\WINDOWS\Temp\tw-36c-1e40-cdc21.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 18:48:51] - [0 Ko] - C:\WINDOWS\Temp\tw-36c-1e40-cdc23.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 18:48:51] - [0 Ko] - C:\WINDOWS\Temp\tw-36c-1e40-cdc34.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 18:48:51] - [0 Ko] - C:\WINDOWS\Temp\tw-36c-1e40-cdc36.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 18:48:51] - [0 Ko] - C:\WINDOWS\Temp\tw-36c-1e40-cdc48.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 18:48:51] - [0 Ko] - C:\WINDOWS\Temp\tw-36c-1e40-cdc98.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 18:48:51] - [0 Ko] - C:\WINDOWS\Temp\tw-36c-1e40-cdcaa.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 18:48:51] - [0 Ko] - C:\WINDOWS\Temp\tw-36c-1e40-cdccb.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 18:48:51] - [0 Ko] - C:\WINDOWS\Temp\tw-36c-1e40-cdccd.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 18:48:51] - [0 Ko] - C:\WINDOWS\Temp\tw-36c-1e40-cdcdf.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 18:48:51] - [0 Ko] - C:\WINDOWS\Temp\tw-36c-1e40-cdd1f.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 18:48:51] - [0 Ko] - C:\WINDOWS\Temp\tw-36c-1e40-cdd31.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 18:48:51] - [0 Ko] - C:\WINDOWS\Temp\tw-36c-1e40-cdd42.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 18:48:51] - [0 Ko] - C:\WINDOWS\Temp\tw-36c-1e40-cdd44.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 18:48:51] - [0 Ko] - C:\WINDOWS\Temp\tw-36c-1e40-cdd56.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 18:48:51] - [0 Ko] - C:\WINDOWS\Temp\tw-36c-1e40-cdd58.tmp [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:53:20] - [0 Ko] - C:\WINDOWS\System32\0409 [MD5.C652A5EA6545C98CE71684018E0640E7] - |A| - [19/03/2019 06:44:33] - (.-.) - [3.1 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@AdvancedKeySettingsNotification.png [MD5.D6F8DD9F561B8A67FFAC2BAD7E989770] - |A| - [19/03/2019 06:44:28] - (.-.) - [0.23 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@AppHelpToast.png [MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [19/03/2019 06:44:28] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@AudioToastIcon.png [MD5.8E4B25CC8E98F63DBD54176DFAB539E0] - |A| - [19/03/2019 06:44:03] - (.-.) - [0.44 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@BackgroundAccessToastIcon.png [MD5.3937359E324E15F6A7A7092D4DAEBD64] - |A| - [19/03/2019 06:44:47] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@bitlockertoastimage.png [MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [19/03/2019 06:44:47] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@EnrollmentToastIcon.png [MD5.C2A332DE50FE519DA21AFB8BD6E134F4] - |A| - [19/03/2019 06:44:52] - (.-.) - [0.55 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@language_notification_icon.png [MD5.A119D69B4C29845D3F8CE2E5638C8E65] - |A| - [19/03/2019 06:45:47] - (.-.) - [0.47 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@optionalfeatures.png [MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [19/03/2019 06:45:02] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@VpnToastIcon.png [MD5.79166EAF65485F1432DD72B72870026B] - |A| - [19/03/2019 06:45:32] - (.-.) - [190.86 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@windows-hello-V4.1.gif [MD5.13EF2C8D799F7B6E9D8E3D6BACB9C779] - |A| - [19/03/2019 06:45:32] - (.-.) - [0.7 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsHelloFaceToastIcon.png [MD5.F553B252FEC3134D4F5303D9B25298B3] - |A| - [19/03/2019 06:44:21] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsUpdateToastIcon.contrast-black.png [MD5.DAD405CBDE259DE527EBF71BCC28099C] - |A| - [19/03/2019 06:44:21] - (.-.) - [0.79 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsUpdateToastIcon.contrast-white.png [MD5.F553B252FEC3134D4F5303D9B25298B3] - |A| - [19/03/2019 06:44:21] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsUpdateToastIcon.png [MD5.DB71001FC261F6685BE410527DAE3942] - |A| - [19/03/2019 06:44:01] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WirelessDisplayToast.png [MD5.D0FCF781D0801ABF5F74B54E98076A5B] - |A| - [19/03/2019 06:44:12] - (.-.) - [0.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WwanNotificationIcon.png [MD5.85D91E478AF18125007C531227FF6E59] - |A| - [19/03/2019 06:44:12] - (.-.) - [0.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WwanSimLockIcon.png [MD5.31A16C523B62500F83C82217F056A538] - |A| - [19/03/2019 06:44:21] - (.-.) - [8.13 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ActiveHours.png [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [2751.51 Ko] - C:\WINDOWS\System32\AdvancedInstallers [MD5.0724FA8BCAF2725746F9BB4264989D96] - |A| - [19/03/2019 06:43:47] - (.-.) - [13 Ko] - (0.0.0.0) - C:\WINDOWS\System32\agentactivationruntimestarter.exe [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [5.97 Ko] - C:\WINDOWS\System32\am-et [MD5.4B10D8998C824DD84AD597F9E058F6F0] - |A| - [30/07/2015 21:58:04] - (.-.) - [171.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\amde31a.dat [MD5.C8EDC7EFDAE950D1939B9A7E863642C9] - |A| - [16/12/2015 20:07:34] - (.-.) - [208.48 Ko] - (0.0.0.0) - C:\WINDOWS\System32\amdgfxinfo64.dll [MD5.4A8EEFA45D4DE092F9FB557B196BFE0F] - |A| - [16/12/2015 20:07:34] - (.-.) - [139.98 Ko] - (0.0.0.0) - C:\WINDOWS\System32\amdhdl64.dll [MD5.DDEB20626133878B0CE79CCE29B031B9] - |A| - [23/07/2015 11:52:32] - (.-.) - [814.26 Ko] - (0.0.0.0) - C:\WINDOWS\System32\amdicdxx.dat [MD5.038A004CF76AFDC15FA70863D3DC345A] - |A| - [16/12/2015 20:07:34] - (.Advanced Micro Devices, Inc. Copyright (C) 2015 - LiquidVR SDK 1.0.) - [616.98 Ko] - (1.0.3.8) - C:\WINDOWS\System32\amdlvr64.dll [MD5.5D4ABEC64507FDAF954B867AF85ADA87] - |A| - [16/12/2015 20:07:36] - (.Copyright (C) 2013 AMD Inc. - Mantle driver, support for SI family and above.) - [6529.48 Ko] - (9.1.10.83) - C:\WINDOWS\System32\amdmantle64.dll [MD5.D2112F5468176F075FAB0B08A142DB6A] - |A| - [16/12/2015 20:06:50] - (.-.) - [460.27 Ko] - (0.0.0.0) - C:\WINDOWS\System32\amdmiracast.dll [MD5.A40AD832C19625AAE912E2C8F26686A7] - |A| - [16/12/2015 20:07:34] - (.Copyright (c) 2013 Advanced Micro Devices, Inc. - Radeon MMOCL Universal Driver.) - [57.98 Ko] - (1.6.0.0) - C:\WINDOWS\System32\amdmmcl6.dll [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [16/12/2015 20:07:40] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\System32\amdocl12cl64.dll [MD5.64C031B2785EFA20232E64CE9A4ED8C8] - |A| - [16/12/2015 20:07:40] - (.Copyright (C) 2011 Advanced Micro Devices Inc. - AMD Accelerated Parallel Processing OpenCL 2.0 Runtime.) - [46673.98 Ko] - (10.0.1800.11) - C:\WINDOWS\System32\amdocl64.dll [MD5.2C121EDECF6F26ADA8E6B2D5316966A7] - |A| - [16/12/2015 20:07:36] - (.-.) - [1168 Ko] - (0.0.0.0) - C:\WINDOWS\System32\amdocl_as64.exe [MD5.10E49359190C5F9EC0287991260805D4] - |A| - [16/12/2015 20:07:36] - (.-.) - [1045.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\amdocl_ld64.exe [MD5.42B9C6DE9E3E4F0925AD58DAD8A86B7B] - |A| - [16/12/2015 20:06:50] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon PCOM Universal Driver.) - [85.94 Ko] - (8.14.10.23) - C:\WINDOWS\System32\amdpcom64.dll [MD5.0EF0E1F7B96736DA036A8FA3EC1A389A] - |A| - [16/12/2015 20:06:50] - (.Copyright (C) 2014-2015 AMD Inc. - amdxc64.dll.) - [9135.76 Ko] - (8.18.10.44) - C:\WINDOWS\System32\amdxc64.dll [MD5.3A35DB5593F0337EBB28D4BDBA05C064] - |A| - [01/05/2016 15:42:16] - (.-.) - [1052 Ko] - (0.0.0.0) - C:\WINDOWS\System32\AmRdrIco.icl [MD5.FDB1A14E059F447A893B44E8A4B2177F] - |A| - [01/05/2016 15:42:16] - (.-.) - [18.62 Ko] - (0.0.0.0) - C:\WINDOWS\System32\AmUStor.ini [MD5.A3FA2DD7B000AE0964395512E9C37E41] - |A| - [19/03/2019 06:45:35] - (.Copyright (c) libarchive authors - Windows-internal libarchive library.) - [607 Ko] - (3.3.2.0) - C:\WINDOWS\System32\archiveint.dll [MD5.7FB9F67CF1E872F4573028B6B64BFF6D] - |A| - [19/04/2017 05:09:14] - (.-.) - [27.37 Ko] - (0.0.0.0) - C:\WINDOWS\System32\asmtxhcicoinstaller.dll [MD5.80C04025EB23316D1E9CFCC3E8D52AC5] - |A| - [16/12/2015 20:07:38] - (.Copyright (C) 2008-2014 Advanced Micro Devices, Inc. - ADL.) - [1226.98 Ko] - (7.15.20.1301) - C:\WINDOWS\System32\atiadlxx.dll [MD5.4920154E53FDD2E1BB3B877E7CEEFEC7] - |A| - [04/11/2015 21:25:16] - (.-.) - [646.88 Ko] - (0.0.0.0) - C:\WINDOWS\System32\atiapfxx.blb [MD5.0789EC00F29DCC4A1441F876B81F15A7] - |A| - [16/12/2015 20:07:38] - (.Copyright (C) 2009 Advanced Micro Devices, Inc. - atiapfxx Application.) - [366.98 Ko] - (6.14.10.1001) - C:\WINDOWS\System32\atiapfxx.exe [MD5.3845FDD141F1658CF28A3A199C40ADAF] - |A| - [16/12/2015 20:07:38] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL compiler runtime.) - [62.98 Ko] - (6.14.10.1848) - C:\WINDOWS\System32\aticalcl64.dll [MD5.CDDD4CB320EDAAA9AACEFA117CB0F3FA] - |A| - [16/12/2015 20:07:40] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL DD.) - [15356.98 Ko] - (6.14.10.1848) - C:\WINDOWS\System32\aticaldd64.dll [MD5.2568D12AF17245F8D8413AC9A8B4EDA5] - |A| - [16/12/2015 20:07:40] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL runtime.) - [69.48 Ko] - (6.14.10.1848) - C:\WINDOWS\System32\aticalrt64.dll [MD5.8AE77361DA429B75CB56F20E2B1CA044] - |A| - [15/08/2015 20:49:42] - (.Copyright (C) 1998-2012 AMD Inc. - aticfx64.dll.) - [1445.13 Ko] - (8.17.10.1404) - C:\WINDOWS\System32\aticfx64.dll [MD5.0924FBECA5B233CCD3F89306D6EBBB50] - |A| - [16/12/2015 20:07:40] - (.2002-2012 - Graphics DEM.) - [440.48 Ko] - (4.5.5786.29424) - C:\WINDOWS\System32\atidemgy.dll [MD5.0301F99122692B658DA76145ACDB2F4B] - |A| - [15/08/2015 20:49:44] - (.Copyright (C) 1998-2011 AMD Inc. - atidxx64.dll.) - [11804.69 Ko] - (8.17.10.625) - C:\WINDOWS\System32\atidxx64.dll [MD5.B238026AACDDF5D78920DD46F4B8B9CC] - |A| - [16/12/2015 20:07:40] - (.-.) - [164.98 Ko] - (0.0.0.0) - C:\WINDOWS\System32\atieah64.exe [MD5.B3AB2D5B98E67EC56ED4EB9D2A3199BF] - |A| - [16/12/2015 20:07:40] - (.Copyright © 2008-2009 AMD - AMD External Events Client Module.) - [667.48 Ko] - (6.14.11.1199) - C:\WINDOWS\System32\atieclxx.exe [MD5.BBADD85854BFB5D43C60B7AC8EEA3DBA] - |A| - [09/08/2015 07:10:14] - (.Copyright © 2008-2009 AMD - AMD External Events Service Module.) - [249.48 Ko] - (6.14.11.1199) - C:\WINDOWS\System32\atiesrxx.exe [MD5.A400AAEA1E6FD94A3874066BA26AE257] - |A| - [16/12/2015 20:07:40] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiglpxx.dll.) - [81.98 Ko] - (8.14.1.6463) - C:\WINDOWS\System32\atig6pxx.dll [MD5.3C4EAA6E0C68E6B097F93D08034499FE] - |A| - [16/12/2015 20:07:40] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atigktxx.dll.) - [161.48 Ko] - (8.14.1.6463) - C:\WINDOWS\System32\atig6txx.dll [MD5.DFC371CDDD3FCD6C24E753298A41E759] - |A| - [16/12/2015 20:07:40] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiglpxx.dll.) - [76.48 Ko] - (8.14.1.6463) - C:\WINDOWS\System32\atiglpxx.dll [MD5.079EFFD5BECB418FE6596229B28D7324] - |A| - [15/08/2015 10:09:18] - (.-.) - [720.13 Ko] - (0.0.0.0) - C:\WINDOWS\System32\atiicdxx.dat [MD5.DDFF3EC23045E0B96D9B2212B0B00E31] - |A| - [16/12/2015 20:06:50] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon PCOM Universal Driver.) - [85.94 Ko] - (8.14.10.23) - C:\WINDOWS\System32\atimpc64.dll [MD5.9A407EF63E33D60BD607CA6DC917676F] - |A| - [16/12/2015 20:07:40] - (.Copyright ? 2009 AMD - Multi-language DPPE DLL.) - [37.48 Ko] - (6.14.10.1002) - C:\WINDOWS\System32\atimuixx.dll [MD5.3FC67270212EDDA9B0C3D1276930F830] - |A| - [16/12/2015 20:07:42] - (.Copyright (C) 1998-2011 Advanced Micro Devices, Inc. - AMD OpenGL driver.) - [30054.48 Ko] - (6.14.10.13399) - C:\WINDOWS\System32\atio6axx.dll [MD5.1F5F96AE1C39FC46275D120CB1C0CC7F] - |A| - [16/12/2015 20:07:40] - (.Copyright (C) 2008 - ATIODCLI Application.) - [58.48 Ko] - (1.0.0.1) - C:\WINDOWS\System32\ATIODCLI.exe [MD5.D9D76760A606AA2946757BA583538BA2] - |A| - [16/12/2015 20:07:40] - (.Copyright (C) 2008 - ATIODE Application.) - [333.48 Ko] - (1.0.0.1) - C:\WINDOWS\System32\ATIODE.exe [MD5.A273FBD6DCBB91434E33C1EC2404DFCC] - |A| - [16/12/2015 20:07:40] - (.Copy Right © 2012 Advanced Micro Devices, Inc - TMM Clone Control Module.) - [194.98 Ko] - (6.14.11.25) - C:\WINDOWS\System32\atitmm64.dll [MD5.DF30135A414649B0A8E8FAD0D61C13C1] - |A| - [16/12/2015 20:06:50] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiu9pag.dll.) - [127.02 Ko] - (8.14.1.6463) - C:\WINDOWS\System32\atiu9p64.dll [MD5.EAD4B31FE72D70F2BACFC915454E5BE2] - |A| - [16/12/2015 20:06:50] - (.Copyright (C) 1998-2011 AMD Inc. - atiumd64.dll.) - [8657.15 Ko] - (9.14.10.1128) - C:\WINDOWS\System32\atiumd64.dll [MD5.E40A33F1DD46469DCFFA4BD5117C61B1] - |A| - [04/11/2015 21:25:34] - (.-.) - [3357.06 Ko] - (0.0.0.0) - C:\WINDOWS\System32\atiumd6a.cap [MD5.839B5E291DAFB7C489306844AB2C9989] - |A| - [16/12/2015 20:06:52] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon Video Acceleration Universal Driver.) - [8771.91 Ko] - (8.14.10.513) - C:\WINDOWS\System32\atiumd6a.dll [MD5.25DB83722B01C0614679ACAC8C59D51A] - |A| - [15/08/2015 20:49:44] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiuxpag.dll.) - [158.43 Ko] - (8.14.1.6463) - C:\WINDOWS\System32\atiuxp64.dll [MD5.EFA5E3D55F1CC185BC690B7D79D015A9] - |A| - [24/07/2015 21:44:06] - (.-.) - [98.45 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ativce02.dat [MD5.B974290EEE645249EE212FF62DD0824A] - |A| - [30/07/2015 22:00:06] - (.-.) - [173.19 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ativce03.dat [MD5.5EBC73A78E5903E7CE6F6B25E4A6BE8F] - |A| - [15/08/2015 10:09:52] - (.-.) - [228.93 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ativvaxy_cik.dat [MD5.C55D2CBC17AAE1FBAC9135E7C31A4D31] - |A| - [15/08/2015 10:09:52] - (.-.) - [227.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ativvaxy_cik_nd.dat [MD5.0770A5AB5218E6D3134A7A7239B9A216] - |A| - [15/08/2015 10:09:52] - (.-.) - [249.81 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ativvaxy_cz_nd.dat [MD5.A81F68A0D3387A06182EFA3880D3F0BD] - |A| - [15/08/2015 10:09:52] - (.-.) - [245 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ativvaxy_FJ.dat [MD5.7EE8F6853798F7A900DB15F3054A0277] - |A| - [15/08/2015 10:09:52] - (.-.) - [243.25 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ativvaxy_FJ_nd.dat [MD5.11355CAC5334C8999211C09CAAE194EF] - |A| - [15/08/2015 10:09:52] - (.-.) - [315.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ativvaxy_vi.dat [MD5.3544D6AF6E0C9783C2CF6FA9CE42D520] - |A| - [15/08/2015 10:09:52] - (.-.) - [313.67 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ativvaxy_vi_nd.dat [MD5.7C163EDE63854539828F5B2C1BC529FD] - |A| - [15/08/2015 10:09:52] - (.-.) - [153.46 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ativvsva.dat [MD5.219D7091DD1D93728392337FE9C7ADD6] - |A| - [15/08/2015 10:09:52] - (.-.) - [200.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ativvsvl.dat [MD5.C03F0062C0749CDB59A4D60862C3E83E] - |A| - [19/03/2019 06:43:47] - (.-.) - [134.86 Ko] - (0.0.0.0) - C:\WINDOWS\System32\AverageRoom.bin [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [348 Ko] - C:\WINDOWS\System32\bg-BG [MD5.705628497C0012302212A46ADD463E6E] - |A| - [19/03/2019 06:43:45] - (.-.) - [8.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.contrast-black.png [MD5.F63C615733A3337BF2BEA96C6EE9B568] - |A| - [19/03/2019 06:43:45] - (.-.) - [8.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.contrast-high.png [MD5.705628497C0012302212A46ADD463E6E] - |A| - [19/03/2019 06:43:45] - (.-.) - [8.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.contrast-white.png [MD5.DAF1DCB4AEE839A1965F4CC160C49A53] - |A| - [19/03/2019 06:43:45] - (.-.) - [8.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.png [MD5.28ECA83D7F9D10D69E969675D1FF6725] - |A| - [19/03/2019 06:43:45] - (.-.) - [1.29 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothSystemToastIcon.contrast-white.png [MD5.A620186FF1CDE4EE117FC4CAD648B9CC] - |A| - [19/03/2019 06:43:45] - (.-.) - [1.2 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [5885.86 Ko] - C:\WINDOWS\System32\Boot [MD5.6CC5FAF5A7B51609D0D2A90AC1202918] - |A| - [19/03/2019 06:44:29] - (.Copyright (C) 2008 - Gestionnaire de contexte pour réseau personnel Bluetooth.) - [182 Ko] - (1.0.0.1) - C:\WINDOWS\System32\BthpanContextHandler.dll [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [0.1 Ko] - C:\WINDOWS\System32\Bthprops [MD5.F19289062E5CCEEA718A72CFE9F7354D] - |A| - [01/05/2016 15:42:16] - (.-.) - [0.01 Ko] - (0.0.0.0) - C:\WINDOWS\System32\CardDetect6361.bin [MD5.8D2D7DF5BBD593088EDF373FE87F3E72] - |A| - [01/05/2016 15:42:16] - (.-.) - [0.01 Ko] - (0.0.0.0) - C:\WINDOWS\System32\CardDetect6362.bin [MD5.B00577BC5FAFAAA1D611F379D0098096] - |A| - [01/05/2016 15:42:16] - (.-.) - [0.01 Ko] - (0.0.0.0) - C:\WINDOWS\System32\CardDetect6366.bin [MD5.DDDA2489940138D5F68F156EF016836D] - |A| - [01/05/2016 15:42:16] - (.-.) - [0.01 Ko] - (0.0.0.0) - C:\WINDOWS\System32\CardDetect6420.bin [MD5.6794D9D442E31DC5E95BDF65F37E4386] - |A| - [14/07/2009 03:25:22] - (.Copyright (C) 2006 - CardGames Resources.) - [6068.5 Ko] - (1.0.0.1) - C:\WINDOWS\System32\CardGames.dll [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:37:26] - [75108.48 Ko] - C:\WINDOWS\System32\CatRoot [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [66592.18 Ko] - C:\WINDOWS\System32\catroot2 [MD5.7BDE885D471C6478B13E0C32418EEE20] - |A| - [16/12/2015 20:07:40] - (.-.) - [237.98 Ko] - (0.0.0.0) - C:\WINDOWS\System32\clinfo.exe [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [11.19 Ko] - C:\WINDOWS\System32\CodeIntegrity [MD5.6960C5F72730E6DBDEBF087553BFAEB5] - |A| - [15/08/2015 20:48:46] - (.AMD. - CoInstaller DLL.) - [853.98 Ko] - (1.0.5.9) - C:\WINDOWS\System32\coinst_15.20.dll [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [375 Ko] - C:\WINDOWS\System32\Com [MD5.535884123FABC2C15AA7DEC9834B55D4] - |A| - [19/03/2019 06:43:45] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ComputerToastIcon.contrast-white.png [MD5.89F92266DFC6F93961DFFBB2D6C61A15] - |A| - [19/03/2019 06:43:45] - (.-.) - [0.38 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ComputerToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:37:26] - [446810.74 Ko] - C:\WINDOWS\System32\config [MD5.00000000000000000000000000000000] - |SD| - [05/06/2019 21:49:15] - [86.84 Ko] - C:\WINDOWS\System32\Configuration [MD5.5C77E079B337BCF6235F39183D7C7026] - |A| - [19/03/2019 06:44:16] - (.-.) - [223.02 Ko] - (0.0.0.0) - C:\WINDOWS\System32\containerdevicemanagement.dll [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [405.5 Ko] - C:\WINDOWS\System32\cs-CZ [MD5.2419907A0BB9A14F1871F0BDA7F65578] - |A| - [27/07/2019 18:09:43] - (.© 1996 - 2017 Daniel Stenberg, . - The curl executable.) - [411.5 Ko] - (7.55.1.0) - C:\WINDOWS\System32\curl.exe [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [401.5 Ko] - C:\WINDOWS\System32\da-DK [MD5.7155B124089FAC5F304084116669F6DF] - |A| - [19/03/2019 06:43:57] - (.-.) - [146 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DataStoreCacheDumpTool.exe [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:20:20] - [0 Ko] - C:\WINDOWS\System32\DAX2 [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:20:20] - [0 Ko] - C:\WINDOWS\System32\DAX3 [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [277.94 Ko] - C:\WINDOWS\System32\DDFs [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [456 Ko] - C:\WINDOWS\System32\de-DE [MD5.C04ED7B2794D40E8E777FD44ED44FC50] - |A| - [19/03/2019 06:44:03] - (.-.) - [0.36 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultAccountTile.png [MD5.618BA9E529EAB7E11DBA43469481835F] - |A| - [19/03/2019 06:43:47] - (.-.) - [4128.04 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultHrtfs.bin [MD5.664AA698FC0106A2B075A641E8DC6302] - |A| - [05/06/2019 21:49:23] - (.-.) - [0.84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultQuestions.json [MD5.E0C2A6E4110B09FF2976B0C4DE988C6B] - |A| - [02/07/2016 11:26:10] - (.Advanced Micro Devices. - Delay Audio Processing Object.) - [101 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DelayAPO.dll [MD5.6C22EC440786D5E1EA69E0D53C4F3B4B] - |A| - [19/03/2019 06:44:45] - (.-.) - [35 Ko] - (0.0.0.0) - C:\WINDOWS\System32\deploymentcsphelper.exe [MD5.851A9305E14B348CA0D9C7FB75391FDB] - |A| - [19/03/2019 06:44:21] - (.-.) - [272.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DesktopKeepOnToastImg.gif [MD5.4A6FA3C0EFD237F104E09A22883D9388] - |A| - [19/03/2019 06:44:25] - (.-.) - [3.85 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DetailedReading-Default.xml [MD5.B227DF8720C51EE0A80CB23CCCEF1EC6] - |A| - [26/10/2012 16:42:24] - (.-.) - [328.35 Ko] - (13.80.853.0) - C:\WINDOWS\System32\DevManagerCore.dll [MD5.00000000000000000000000000000000] - |SD| - [05/06/2019 21:49:15] - [916.5 Ko] - C:\WINDOWS\System32\DiagSvcs [MD5.173D1EB779621B66784DCABEDF9AFB4F] - |A| - [19/03/2019 06:44:18] - (.-.) - [82.77 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DiskSnapshot.conf [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [9703.81 Ko] - C:\WINDOWS\System32\Dism [MD5.6AB2B935BF38EB13CFCB9506223FD6E7] - |A| - [19/03/2019 06:43:45] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DisplaySystemToastIcon.contrast-white.png [MD5.FF004E0B30E5E4EC747B3D8EF6E3B89E] - |A| - [19/03/2019 06:43:45] - (.-.) - [0.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DisplaySystemToastIcon.png [MD5.8D220B2451DFE2E17A95212D8E0C7B2E] - |A| - [19/03/2019 06:45:32] - (.-.) - [0.31 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DrtmAuth1.bin [MD5.13318050805A1AC2D4A4C534887AB007] - |A| - [19/03/2019 06:45:32] - (.-.) - [0.31 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DrtmAuth10.bin [MD5.54A4D2752B62FFE8A98E588DB906E799] - |A| - [19/03/2019 06:45:34] - (.-.) - [0.31 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DrtmAuth11.bin [MD5.FA7D32EB423DAC57B0AE079CCA87DE7A] - |A| - [19/03/2019 06:45:34] - (.-.) - [0.31 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DrtmAuth12.bin [MD5.3570691E603B87CC41363341E8348904] - |A| - [19/03/2019 06:45:32] - (.-.) - [0.31 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DrtmAuth2.bin [MD5.DF7C0D8374183AB5CA91C1204CA91A0B] - |A| - [19/03/2019 06:45:32] - (.-.) - [0.31 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DrtmAuth3.bin [MD5.46F4C31CFE6F93F9CA045DF5C1E23752] - |A| - [19/03/2019 06:45:32] - (.-.) - [0.31 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DrtmAuth4.bin [MD5.A88FC6AF11F7E33395C51F9D979FFDFB] - |A| - [19/03/2019 06:45:32] - (.-.) - [0.31 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DrtmAuth5.bin [MD5.91B60C6DB00407A19FB7B16C15C3B07E] - |A| - [19/03/2019 06:45:32] - (.-.) - [0.31 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DrtmAuth6.bin [MD5.8F40E6DF99054EF4DF58281867B404B3] - |A| - [19/03/2019 06:45:32] - (.-.) - [0.31 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DrtmAuth7.bin [MD5.681F63EA513534AFC3A881CF81D65DEF] - |A| - [19/03/2019 06:45:32] - (.-.) - [0.31 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DrtmAuth8.bin [MD5.F0259D2CCAC0734A7E83CD875179A6A8] - |A| - [19/03/2019 06:45:32] - (.-.) - [0.31 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DrtmAuth9.bin [MD5.00000000000000000000000000000000] - |SD| - [05/06/2019 21:49:15] - [214.5 Ko] - C:\WINDOWS\System32\dsc [MD5.2AC58918336D59AAAB91DBDB97FB3182] - |A| - [19/03/2019 06:44:30] - (.-.) - [2529.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\dwmscene.dll [MD5.DF84EB7B44D1414284BA384F0061D1DC] - |A| - [19/03/2019 06:43:47] - (.-.) - [728.08 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DynamicLong.bin [MD5.346870077DFD18867A9693C7A59AA3E6] - |A| - [19/03/2019 06:43:47] - (.-.) - [503.08 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DynamicMedium.bin [MD5.2BEC13D68312ADE8C0065D8BCC146D2F] - |A| - [19/03/2019 06:43:47] - (.-.) - [315.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DynamicShort.bin [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [461 Ko] - C:\WINDOWS\System32\el-GR [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:53:20] - [3369 Ko] - C:\WINDOWS\System32\en [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [326 Ko] - C:\WINDOWS\System32\en-GB [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [42151.48 Ko] - C:\WINDOWS\System32\en-US [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [436 Ko] - C:\WINDOWS\System32\es-ES [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [361.5 Ko] - C:\WINDOWS\System32\es-MX [MD5.8159960E8BA20F1C4A4EBCF0DAEC60E5] - |A| - [06/06/2019 08:37:35] - (.Copyright (C) SEIKO EPSON CORPORATION 2005-2010. - ECBTEGB AMD64.) - [82 Ko] - (3.3.0.0) - C:\WINDOWS\System32\E_YD4BRDE.DLL [MD5.112991BBE164028DAB473E66007223BE] - |A| - [06/06/2019 17:56:32] - (.Copyright (C) 2005-2011 CHENGDU YIWO Tech Development Co., Ltd. - EaseUS Todo Backup Application.) - [25.58 Ko] - (3.0.0.1) - C:\WINDOWS\System32\fbnative.exe [MD5.4DED57BD7ACB9B0EBBE82034EC44645A] - |A| - [19/03/2019 06:44:39] - (.-.) - [43.22 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FeatureToastBulldogImg.png [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [7.11 Ko] - C:\WINDOWS\System32\ff-Adlm-SN [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [406.5 Ko] - C:\WINDOWS\System32\fi-FI [MD5.B87C73B9D3D2918E31461650DD55DA02] - |A| - [05/06/2019 21:12:24] - (.-.) - [315.49 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FNTCACHE.DAT [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:55:24] - [3403.5 Ko] - C:\WINDOWS\System32\fr [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [371.5 Ko] - C:\WINDOWS\System32\fr-CA [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [47202.63 Ko] - C:\WINDOWS\System32\fr-FR [MD5.3C402FA88BB488B77A73428623B7825B] - |A| - [19/03/2019 06:45:49] - (.-.) - [167 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FsNVSDeviceSource.dll [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [0 Ko] - C:\WINDOWS\System32\FxsTmp [MD5.41FD64AE28A0C932CA7B2A250993D675] - |A| - [19/03/2019 06:43:45] - (.-.) - [1.45 Ko] - (0.0.0.0) - C:\WINDOWS\System32\GameSystemToastIcon.contrast-white.png [MD5.6DC77FD8B062264AF1C6DA325ABB7010] - |A| - [19/03/2019 06:43:45] - (.-.) - [1.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\GameSystemToastIcon.png [MD5.2E6AF4D5BF6E31E728F409984C3045D4] - |A| - [19/03/2019 06:45:50] - (.-.) - [86.7 Ko] - (0.0.0.0) - C:\WINDOWS\System32\gatherNetworkInfo.vbs [MD5.E67DA43B4CF8E15291E4F0D5C42EA1A0] - |A| - [19/05/2016 11:44:42] - (.-.) - [162.28 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxres.ar-SA.resources [MD5.51470B9F0EFCBE5A80A8B501197CA0E2] - |A| - [19/05/2016 11:44:42] - (.-.) - [138.95 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxres.cs-CZ.resources [MD5.A2BCCE562367DCDA44797A6431155E9D] - |A| - [19/05/2016 11:44:42] - (.-.) - [133.93 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxres.da-DK.resources [MD5.2FC2E0417502F50636DE03818AC83E37] - |A| - [19/05/2016 11:44:42] - (.-.) - [143.94 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxres.de-DE.resources [MD5.78C2B4C49F955534DDDFDCA2C46BE843] - |A| - [19/05/2016 11:44:42] - (.-.) - [205.18 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxres.el-GR.resources [MD5.EBD3437D5EDB8404E1E86F2552F4E458] - |A| - [19/05/2016 11:44:42] - (.-.) - [129.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxres.en-US.resources [MD5.1D724422FD031FC348380DF30565F378] - |A| - [19/05/2016 11:44:42] - (.-.) - [143.84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxres.es-ES.resources [MD5.167C2A4CF15A1A6A6192798B0BBA64B5] - |A| - [19/05/2016 11:44:42] - (.-.) - [138.68 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxres.fi-FI.resources [MD5.F3EB742B8D75E8BAB4DB0271BEFBFA65] - |A| - [19/05/2016 11:44:42] - (.-.) - [142.08 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxres.fr-FR.resources [MD5.1924F5EE8CCA6761850DA2A1FB5E9233] - |A| - [19/05/2016 11:44:42] - (.-.) - [155.28 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxres.he-IL.resources [MD5.1AD276140AC09C73466542E197DFFBDC] - |A| - [19/05/2016 11:44:42] - (.-.) - [137.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxres.hr-HR.resources [MD5.2FFAE506730EF37784F3667CA4EA121E] - |A| - [19/05/2016 11:44:42] - (.-.) - [140.56 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxres.hu-HU.resources [MD5.2112A985F703196DB48042E2C3478849] - |A| - [19/05/2016 11:44:42] - (.-.) - [146.17 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxres.it-IT.resources [MD5.3D16226F3B3C353C8DED165C93881CD7] - |A| - [19/05/2016 11:44:42] - (.-.) - [159.59 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxres.ja-JP.resources [MD5.F848E84794792910171CB966CACD5869] - |A| - [19/05/2016 11:44:42] - (.-.) - [144.57 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxres.ko-KR.resources [MD5.D4F9A73A2D7A53B33B79B25D2C7F54A8] - |A| - [19/05/2016 11:44:42] - (.-.) - [134.55 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxres.nb-NO.resources [MD5.2CB895F3DD7239DF6785796E56FFF6EE] - |A| - [19/05/2016 11:44:42] - (.-.) - [140.64 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxres.nl-NL.resources [MD5.C22FC0D4D4DA401026C55BCF142E9EAA] - |A| - [19/05/2016 11:44:42] - (.-.) - [139.37 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxres.pl-PL.resources [MD5.61884D76B03DE138C45CE6BC826B261A] - |A| - [19/05/2016 11:44:42] - (.-.) - [140.88 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxres.pt-BR.resources [MD5.0345103583BA5A28A74297C583D6B72B] - |A| - [19/05/2016 11:44:42] - (.-.) - [139.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxres.pt-PT.resources [MD5.740CFD4AEDA63ED5A902C4012F634811] - |A| - [19/05/2016 11:44:42] - (.-.) - [142.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxres.ro-RO.resources [MD5.3B98DE17467E57264FB67BAAE9FC99D1] - |A| - [19/05/2016 11:44:42] - (.-.) - [189.69 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxres.ru-RU.resources [MD5.9AD3600A8802547DCA1395BF01F17D0C] - |A| - [19/05/2016 11:44:42] - (.-.) - [138.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxres.sk-SK.resources [MD5.ABA254E3CD5D35E6BDC98E21B754E46B] - |A| - [19/05/2016 11:44:42] - (.-.) - [134.66 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxres.sl-SI.resources [MD5.077B93A3728B0ED69F752D467EB5C432] - |A| - [19/05/2016 11:44:42] - (.-.) - [139.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxres.sv-SE.resources [MD5.96AAA779DA7D78893479BD24969E7644] - |A| - [19/05/2016 11:44:42] - (.-.) - [218.42 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxres.th-TH.resources [MD5.602AD24EE7F5C071C5F59EC6E510F10D] - |A| - [19/05/2016 11:44:42] - (.-.) - [141.25 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxres.tr-TR.resources [MD5.93A5633BA17BBE1726871BD5EA2B15CD] - |A| - [19/05/2016 11:44:42] - (.-.) - [121.73 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxres.zh-CN.resources [MD5.E5FC52A12691FB17D790C08E21150AEC] - |A| - [19/05/2016 11:44:42] - (.-.) - [123.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxres.zh-TW.resources [MD5.12BCB2A86CB2570F3603D68AE695E970] - |A| - [19/05/2016 11:44:42] - (.-.) - [0.26 Ko] - (0.0.0.0) - C:\WINDOWS\System32\GfxUI.exe.config [MD5.00000000000000000000000000000000] - |HD| - [05/06/2019 21:49:15] - [0.82 Ko] - C:\WINDOWS\System32\GroupPolicy [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [0 Ko] - C:\WINDOWS\System32\GroupPolicyUsers [MD5.EA99A87E98D995DE6E280CF85CEAD413] - |A| - [19/03/2019 06:43:45] - (.-.) - [1.21 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HandwritingSystemToastIcon.contrast-white.png [MD5.B8E586ED92DB703FFA480E254996160E] - |A| - [19/03/2019 06:43:45] - (.-.) - [0.89 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HandwritingSystemToastIcon.png [MD5.6E9E9D56B192B2995493E529CFF2BBFE] - |A| - [19/03/2019 06:43:45] - (.-.) - [1.43 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadphoneSystemToastIcon.contrast-white.png [MD5.7F1E9502267F778F3A8139C35A352190] - |A| - [19/03/2019 06:43:45] - (.-.) - [1.09 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadphoneSystemToastIcon.png [MD5.202A07E4526B050E22624328E64E0470] - |A| - [19/03/2019 06:43:45] - (.-.) - [1.52 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadsetSystemToastIcon.contrast-white.png [MD5.1892ACC10CAC009BCAC146AD650ABA58] - |A| - [19/03/2019 06:43:45] - (.-.) - [1.17 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadsetSystemToastIcon.png [MD5.031713BFD5F30E63336D3CA5D2767BE9] - |A| - [19/03/2019 06:43:45] - (.-.) - [1.79 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HealthSystemToastIcon.contrast-white.png [MD5.C1BD7976C99830E33A713D02374054EC] - |A| - [19/03/2019 06:43:45] - (.-.) - [1.62 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HealthSystemToastIcon.png [MD5.D6F7FB7B9386E0A029DCCD11DD84B15A] - |A| - [19/03/2019 06:44:11] - (.-.) - [260 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeatCore.dll [MD5.DF432871A485FD77E6C90197BE0B637D] - |A| - [16/12/2015 20:07:40] - (.-.) - [108.98 Ko] - (0.0.0.0) - C:\WINDOWS\System32\hsa-thunk64.dll [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [413.5 Ko] - C:\WINDOWS\System32\hu-HU [MD5.B4DE48A0333CD63B62CDC63B516D9902] - |A| - [19/03/2019 06:45:54] - (.-.) - [37.8 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HvSocket.dll [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [158.57 Ko] - C:\WINDOWS\System32\Hydrogen [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [5.36 Ko] - C:\WINDOWS\System32\ias [MD5.19A800CAA49DFE29BABC1BAF7723A044] - |A| - [09/03/2017 02:16:04] - (.-.) - [109.63 Ko] - (0.0.0.0) - C:\WINDOWS\System32\IccLibDll_x64.dll [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [36.27 Ko] - C:\WINDOWS\System32\icsxml [MD5.2E977573411A099BD0213832B7442F0E] - |A| - [30/05/2019 14:40:15] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Combined Library.) - [2267 Ko] - (63.1.0.0) - C:\WINDOWS\System32\icu.dll [MD5.D2A4919E61E99157AD2DE994795C0F83] - |A| - [19/03/2019 06:44:15] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU I18N DLL.) - [24.5 Ko] - (63.1.0.0) - C:\WINDOWS\System32\icuin.dll [MD5.003EEDD728E2952E23DB9F6516B9194A] - |A| - [19/03/2019 06:44:15] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Common DLL.) - [29 Ko] - (63.1.0.0) - C:\WINDOWS\System32\icuuc.dll [MD5.DD6A58ACF58557F6546BED42D7ED0B40] - |A| - [09/03/2017 02:16:06] - (.-.) - [116.63 Ko] - (0.0.0.0) - C:\WINDOWS\System32\igdde64.dll [MD5.925C5390A68D279D9E84101D82D1969A] - |A| - [09/03/2017 02:16:06] - (.Copyright (C) 2012 - CM Runtime Dynamic Link Library (DX11).) - [579.63 Ko] - (2.4.0.1020) - C:\WINDOWS\System32\igfx11cmrt64.dll [MD5.47E704080C9F891AA2F176E8F31CAF91] - |A| - [09/03/2017 02:16:08] - (.Copyright (C) 2010 - 2011 - CM JIT Dynamic Link Library.) - [3446.63 Ko] - (2.4.0.1020) - C:\WINDOWS\System32\igfxcmjit64.dll [MD5.E0C1A56B986E2B0E7C9F59C7FD2522A1] - |A| - [09/03/2017 02:17:06] - (.Copyright (C) 2010 - 2012 - CM Runtime Dynamic Link Library.) - [1060.95 Ko] - (2.4.0.1020) - C:\WINDOWS\System32\igfxcmrt64.dll [MD5.63AB75BD87466A6CFE6B18DC308C478D] - |A| - [09/03/2017 02:16:10] - (.Copyright (C) 2009 - Intel(R) Graphics Media Accelerator Driver Coinstaller.) - [131.13 Ko] - (1.2.30.0) - C:\WINDOWS\System32\igfxCoIn_v4459.dll [MD5.8935F0C8CD09D0520AF28A0E63D5BB00] - |A| - [09/03/2017 02:16:08] - (.-.) - [27.13 Ko] - (1.0.0.0) - C:\WINDOWS\System32\IGFXDEVLib.dll [MD5.40DFD4CFB98AB5E4666B0F607CB64921] - |A| - [19/05/2016 11:41:40] - (.-.) - [1935.25 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxa64.cpa [MD5.828C46F74BB7248FF401471D072BB751] - |A| - [19/05/2016 11:41:40] - (.-.) - [1.05 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxa64.vp [MD5.55632EAD6A6C6708C6671D4622454EDB] - |A| - [19/05/2016 11:41:40] - (.-.) - [57.84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxc64.vp [MD5.555B90CAEC4AE1D3140338CF2D16A11B] - |A| - [19/05/2016 11:41:40] - (.-.) - [57.72 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxc64_dev.vp [MD5.6FBF733E8ACB2F13407DD9582217F720] - |A| - [19/05/2016 11:41:40] - (.-.) - [58.01 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxg64.vp [MD5.ECE7DBF87A6E24AC8A680064FFAE5A58] - |A| - [19/05/2016 11:41:40] - (.-.) - [57.42 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxg64_dev.vp [MD5.48434EAFE70409D261DAF5AD244F03CA] - |A| - [19/05/2016 11:41:40] - (.-.) - [58.03 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxo64.vp [MD5.9D068CF01FC9A74EF3ACAEC779962B0C] - |A| - [19/05/2016 11:41:40] - (.-.) - [56.75 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxo64_dev.vp [MD5.40EA0A3BBDBAE952D47B433090B0F031] - |A| - [19/05/2016 11:58:18] - (.-.) - [16.69 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxs64.vp [MD5.8CE43FCE353B86A81F67014B6EEE5143] - |A| - [19/03/2019 06:43:45] - (.-.) - [195.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\IHDS.dll [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [25976.29 Ko] - C:\WINDOWS\System32\IME [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [0 Ko] - C:\WINDOWS\System32\inetsrv [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [6775 Ko] - C:\WINDOWS\System32\InputMethod [MD5.8DE9AE82152650C178BF1E24014E8503] - |A| - [19/03/2019 06:43:45] - (.-.) - [1.25 Ko] - (0.0.0.0) - C:\WINDOWS\System32\InputSystemToastIcon.contrast-white.png [MD5.0B9FBD6F3ED617CD36D042D3422F1C2B] - |A| - [19/03/2019 06:43:45] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\InputSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [0 Ko] - C:\WINDOWS\System32\Ipmi [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [435 Ko] - C:\WINDOWS\System32\it-IT [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [325.09 Ko] - C:\WINDOWS\System32\ja-jp [MD5.23AC7515B6D8A794BCC01B582F044078] - |A| - [19/03/2019 06:43:45] - (.-.) - [0.82 Ko] - (0.0.0.0) - C:\WINDOWS\System32\KeyboardSystemToastIcon.contrast-white.png [MD5.3DF873E16CCEA9B42857FB5FA085CB00] - |A| - [19/03/2019 06:43:45] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\KeyboardSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [532.61 Ko] - C:\WINDOWS\System32\Keywords [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [298 Ko] - C:\WINDOWS\System32\ko-KR [MD5.9451D4436E2EA67EB33FCC764E4AABED] - |A| - [19/03/2019 06:44:21] - (.-.) - [186.29 Ko] - (0.0.0.0) - C:\WINDOWS\System32\LaptopPlugInToastImg.gif [MD5.F0CC83E1BA7E24F9B3292160C28AECD7] - |A| - [19/03/2019 06:43:47] - (.-.) - [145.56 Ko] - (0.0.0.0) - C:\WINDOWS\System32\LargeRoom.bin [MD5.00F670378A360378705426FF733A1B34] - |A| - [14/04/2018 06:15:10] - (.(C) 1998-2018 Logitech. - Logitech Bluetooth Co-Installer (UNICODE).) - [59.12 Ko] - (5.92.28.0) - C:\WINDOWS\System32\LBTCoIns.DLL [MD5.157FB82D7141B18624FF2D42190C97E1] - |A| - [19/03/2019 14:01:40] - (.-.) - [1572 Ko] - (2.6.5.1) - C:\WINDOWS\System32\libcrypto.dll [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [625.17 Ko] - C:\WINDOWS\System32\Licenses [MD5.6FCFAF52ABBDB229A123A7402B2BC3E3] - |A| - [14/04/2018 06:15:24] - (.(C) 1998-2018 Logitech. - Logitech KMDF Co-Installer (UNICODE).) - [1810.62 Ko] - (5.92.28.0) - C:\WINDOWS\System32\LkmdfCoInst.dll [MD5.A2967AAEE6EA7EA7692A2DB737AD52E1] - |A| - [14/04/2018 06:15:28] - (.(C) 1998-2018 Logitech. - Logitech Bluetooth Co-Installer (UNICODE).) - [61.62 Ko] - (5.92.28.0) - C:\WINDOWS\System32\LMouFiltCoInst.dll [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [36529.24 Ko] - C:\WINDOWS\System32\LogFiles [MD5.B65E8E52916A527F88486875EE291AA8] - |A| - [26/10/2012 16:42:22] - (.-.) - [10663.85 Ko] - (13.80.853.0) - C:\WINDOWS\System32\LogiDPP.dll [MD5.24764C249F769991079F6D4B14B822AF] - |A| - [26/10/2012 16:42:22] - (.-.) - [100.85 Ko] - (13.80.853.0) - C:\WINDOWS\System32\LogiDPPApp.exe [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [07/06/2019 10:57:16] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\System32\LogMsg.txt [MD5.FAFA525E191366B891E1F07A55208B2A] - |A| - [07/06/2019 10:57:16] - (.-.) - [0.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\LogVss.txt [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [335.5 Ko] - C:\WINDOWS\System32\lt-LT [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [333.5 Ko] - C:\WINDOWS\System32\lv-LV [MD5.4D4248F6D008D86D5575EE5B154971AE] - |A| - [26/10/2012 16:42:22] - (.(c) 1996-2012 Logitech. - Logitech Co-Installer.) - [256.28 Ko] - (13.80.853.0) - C:\WINDOWS\System32\lvco1380853.dll [MD5.FF510CF2A7FA73192E7DB06D7C311799] - |A| - [26/10/2012 16:42:24] - (.(c) 1996-2012 Logitech. - Video Codec.) - [171.28 Ko] - (13.80.853.0) - C:\WINDOWS\System32\lvcod64.dll [MD5.1A8AE8A66B6C289046276453768EF270] - |A| - [26/10/2012 16:42:24] - (.-.) - [28.8 Ko] - (0.0.0.0) - C:\WINDOWS\System32\lvcoin64.ini [MD5.0C9A0F4DAC03D3179009FA4DD92F476C] - |A| - [05/06/2019 21:19:35] - (.-.) - [24.98 Ko] - (0.0.0.0) - C:\WINDOWS\System32\lvcoinst.log [MD5.B4CD287DFAA6578AC763A3800F0C2DC8] - |A| - [26/10/2012 16:42:24] - (.(c) 1996-2012 Logitech. - Logitech Camera Property Pages.) - [750.28 Ko] - (13.80.853.0) - C:\WINDOWS\System32\LVUI64.dll [MD5.CCFDDF84B42198B0AAD27D11ACFD254E] - |A| - [26/10/2012 16:42:22] - (.(c) 1996-2012 Logitech. - Logitech Camera Property Pages.) - [547.28 Ko] - (13.80.853.0) - C:\WINDOWS\System32\LVUIRC64.dll [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [58203.08 Ko] - C:\WINDOWS\System32\Macromed [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:56:34] - [32.68 Ko] - C:\WINDOWS\System32\MailContactsCalendarSync [MD5.9E881E4739C6BCAA98F2152CAFC3E059] - |A| - [16/12/2015 20:07:40] - (.Copyright (C) 2013 AMD Inc. - Mantle loader.) - [132.98 Ko] - (9.1.10.83) - C:\WINDOWS\System32\mantle64.dll [MD5.CE5A4E28D6423278DD8440404B6B5851] - |A| - [16/12/2015 20:07:40] - (.Copyright (C) 2013 AMD Inc. - Mantle extension library.) - [100.98 Ko] - (9.1.10.83) - C:\WINDOWS\System32\mantleaxl64.dll [MD5.84D72DC7008B082FC2F626C9ADE7F0D0] - |A| - [06/06/2019 09:09:12] - (.Copyright © 2014 - MarineAquarium3.3.) - [6980 Ko] - (0.0.0.3) - C:\WINDOWS\System32\MarineAquarium3.scr [MD5.F53CAB05B340E9C28028764995BC1071] - |A| - [19/03/2019 06:45:05] - (.-.) - [836.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MBR2GPT.EXE [MD5.F23EB28468FC8B62AF941308EC30387F] - |A| - [19/03/2019 06:43:45] - (.-.) - [1.25 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediaSystemToastIcon.contrast-white.png [MD5.6E27512E38D598E0A60F8E5ADCF032CD] - |A| - [19/03/2019 06:43:45] - (.-.) - [0.83 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediaSystemToastIcon.png [MD5.69D04DE701CF1E8CE69C65D1671D2B3F] - |A| - [19/03/2019 06:43:47] - (.-.) - [107.46 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediumRoom.bin [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 22:04:41] - [1136.71 Ko] - C:\WINDOWS\System32\Microsoft [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [5319.9 Ko] - C:\WINDOWS\System32\migration [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [46633.82 Ko] - C:\WINDOWS\System32\migwiz [MD5.08749DCC252AE1148E3BEA32B3FFFBFC] - |A| - [19/03/2019 06:46:18] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MixedRealityRuntime.json [MD5.C8BF077B236ED2803347BD95DE29BF68] - |A| - [05/06/2019 21:49:30] - (.-.) - [3.03 Ko] - (0.0.0.0) - C:\WINDOWS\System32\mmc.exe.config [MD5.B43E43FFFDD0F06A6925C7C89594042B] - |A| - [19/03/2019 06:43:45] - (.-.) - [1.35 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MouseSystemToastIcon.contrast-white.png [MD5.5D2F0D3E50BF1129D260AC1405FF2A18] - |A| - [19/03/2019 06:43:45] - (.-.) - [1.06 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MouseSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [06/06/2019 06:49:33] - [0 Ko] - C:\WINDOWS\System32\MRT [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [45.5 Ko] - C:\WINDOWS\System32\MSDRM [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [4148.28 Ko] - C:\WINDOWS\System32\MsDtc [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [19.16 Ko] - C:\WINDOWS\System32\MUI [MD5.C96CA9398552084E9D23E8ECD27E56E9] - |A| - [03/03/2012 20:59:55] - (.2009 (c) . - Coinstaller.) - [35 Ko] - (1.0.0.1) - C:\WINDOWS\System32\mv91xxm.dll [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [45.64 Ko] - C:\WINDOWS\System32\my-mm [MD5.6B1E196C4E5CB30D6FF99CFA8F1F071D] - |A| - [19/03/2019 06:44:28] - (.-.) - [28.7 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NarratorControlTemplates.xml [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [396.5 Ko] - C:\WINDOWS\System32\nb-NO [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [0 Ko] - C:\WINDOWS\System32\NDF [MD5.C146E873B22C3B300B21A859FE66C27A] - |A| - [19/03/2019 06:45:50] - (.-.) - [21.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NetTrace.PLA.Diagnostics.xml [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [187 Ko] - C:\WINDOWS\System32\networklist [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [431.5 Ko] - C:\WINDOWS\System32\nl-NL [MD5.00000000000000000000000000000000] - |SD| - [05/06/2019 21:49:15] - [3781.5 Ko] - C:\WINDOWS\System32\Nui [MD5.DC55B5C2A8A45395DB884591324D359B] - |A| - [05/06/2019 21:49:30] - (.-.) - [18.02 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OEMDefaultAssociations.xml [MD5.F3DC097E834C1A11F2BEDFD429C644A9] - |A| - [19/03/2019 06:44:21] - (.-.) - [0.41 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.contrast-black.png [MD5.BFE1CCA08FEFC8A3422F7DA615567D75] - |A| - [19/03/2019 06:44:21] - (.-.) - [0.43 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.contrast-white.png [MD5.F3DC097E834C1A11F2BEDFD429C644A9] - |A| - [19/03/2019 06:44:21] - (.-.) - [0.41 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.png [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [15271.88 Ko] - C:\WINDOWS\System32\oobe [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:56:34] - [3554.5 Ko] - C:\WINDOWS\System32\OpenSSH [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [3.81 Ko] - C:\WINDOWS\System32\osa-Osge-001 [MD5.459FB33AA2114A28C5932FEAA115B072] - |A| - [19/03/2019 06:43:47] - (.-.) - [45.82 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OutdoorAudioEnvironment.bin [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [1746.17 Ko] - C:\WINDOWS\System32\PerceptionSimulation [MD5.78409746BEC3A49570E64C164A1B1258] - |A| - [05/06/2019 21:50:51] - (.-.) - [130.03 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc009.dat [MD5.235F5AA98B88811035DBD9B03F5093CC] - |A| - [05/06/2019 21:55:30] - (.-.) - [146.32 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc00C.dat [MD5.1E60BC5E525063B96078DF17FBD3C4E1] - |A| - [05/06/2019 21:50:51] - (.-.) - [32.64 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd009.dat [MD5.9F9AF8517189B0D61B2615007E071084] - |A| - [05/06/2019 21:55:30] - (.-.) - [39.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd00C.dat [MD5.789B8A45D9A58A003AB86E23827E61D4] - |A| - [05/06/2019 21:50:51] - (.-.) - [684.96 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh009.dat [MD5.1EE8A07DEDF3CFFDB17F478123947347] - |A| - [05/06/2019 21:55:30] - (.-.) - [773.21 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh00C.dat [MD5.472783B5C91A2677BF3FA2F7F52F094E] - |A| - [05/06/2019 21:39:34] - (.-.) - [1729.89 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PerfStringBackup.INI [MD5.79D34E3B62076D4C875C748F5BE71ECA] - |A| - [19/03/2019 06:43:45] - (.-.) - [2.21 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PhoneSystemToastIcon.contrast-white.png [MD5.4D9495349D00D9AD907F227FF51F289F] - |A| - [19/03/2019 06:43:45] - (.-.) - [1.92 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PhoneSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [429.5 Ko] - C:\WINDOWS\System32\pl-PL [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [456.5 Ko] - C:\WINDOWS\System32\PointOfService [MD5.77D96999819206E9208DF12819E5DBA7] - |A| - [19/03/2019 06:44:12] - (.-.) - [42.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\pospaymentsworker.exe [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:53:21] - [973.95 Ko] - C:\WINDOWS\System32\Printing_Admin_Scripts [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [0 Ko] - C:\WINDOWS\System32\ProximityToast [MD5.007893E8374C766471239EB291BA8C17] - |A| - [19/03/2019 06:44:00] - (.-.) - [4.05 Ko] - (0.0.0.0) - C:\WINDOWS\System32\psmodulediscoveryprovider.mof [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [424 Ko] - C:\WINDOWS\System32\pt-BR [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [426.5 Ko] - C:\WINDOWS\System32\pt-PT [MD5.70D8648B0CB48C315DCB655507C69EB3] - |A| - [08/12/2015 10:18:32] - (.-.) - [15.73 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RaCoInst.dat [MD5.97C2B615FFA2A67FFA26C83FA8B20AD8] - |A| - [05/06/2019 21:20:30] - (.-.) - [1.72 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RaCoInst.log [MD5.F731CC0A6B9D275E58DA62F9A7548EFC] - |A| - [08/12/2015 10:18:32] - (.Copyright(c) 2014, Mediatek Inc. - Mediatek CoInstaller Dynamic Link Library.) - [327.14 Ko] - (1.0.12.3) - C:\WINDOWS\System32\RaCoInstx.dll [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [23.75 Ko] - C:\WINDOWS\System32\ras [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [0 Ko] - C:\WINDOWS\System32\RasToast [MD5.2210F24EDC6E80B1D311B2C3641DE9FA] - |A| - [13/08/2019 20:19:21] - (.-.) - [1983.5 Ko] - (1.0.1907.17001) - C:\WINDOWS\System32\rdpnano.dll [MD5.D8D02FD6073373A537FC0C1024E7C6DA] - |A| - [19/03/2019 06:43:47] - (.-.) - [60.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\rdsxvmaudio.dll [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [2.15 Ko] - C:\WINDOWS\System32\Recovery [MD5.826549DF7B1333179BA8CA939B12DAD3] - |A| - [19/03/2019 06:43:45] - (.-.) - [1.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RemoteSystemToastIcon.contrast-white.png [MD5.B4DEEC96F9DF6961D5DE054F11BF9C2B] - |A| - [19/03/2019 06:43:45] - (.-.) - [1.1 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RemoteSystemToastIcon.png [MD5.C6CA43573C21CA6392F57F238C8391FC] - |A| - [26/10/2012 16:42:22] - (.-.) - [39.45 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Repository.reg [MD5.093F9EE0C00B452996E7837F1D7165E5] - |A| - [27/07/2019 18:09:40] - (.-.) - [107.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResBParser.dll [MD5.1FB4B6A26FEEF4A99B7D0ECD2ADDF075] - |A| - [19/03/2019 06:45:56] - (.-.) - [9.19 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriHMImageList [MD5.93915F385A4EED6C0FBEE364EA90CE56] - |A| - [19/03/2019 06:45:56] - (.-.) - [9.09 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriHMImageListLowCost [MD5.39BB5D2A5EC1CBDD722CAB7BDCEC41F5] - |A| - [19/03/2019 06:45:56] - (.-.) - [8.64 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriImageList [MD5.39A2449AFF6ABAD80B97EA7C7CEB3F8E] - |A| - [19/03/2019 06:45:56] - (.-.) - [8.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriImageListLowCost [MD5.831C579709F4761E4AB7053FCF4176EC] - |A| - [19/03/2019 06:44:21] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.contrast-black.png [MD5.DF286186041C6BF73C5DC21CEEEFFED5] - |A| - [19/03/2019 06:44:21] - (.-.) - [0.77 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.contrast-white.png [MD5.831C579709F4761E4AB7053FCF4176EC] - |A| - [19/03/2019 06:44:21] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.png [MD5.AE9FE55FED83149715734CB83339055A] - |A| - [19/03/2019 06:44:21] - (.-.) - [1.07 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartTonight_80.png [MD5.AE9FE55FED83149715734CB83339055A] - |A| - [19/03/2019 06:44:21] - (.-.) - [1.07 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartTonight_80_contrast-black.png [MD5.891AD355AB777A95695FC8A8A623A614] - |A| - [19/03/2019 06:44:21] - (.-.) - [0.98 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartTonight_80_contrast-white.png [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [0.07 Ko] - C:\WINDOWS\System32\restore [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [351 Ko] - C:\WINDOWS\System32\ro-RO [MD5.D7CFCE6811519582690065C21088E9A5] - |A| - [22/02/2018 21:06:32] - (.Copyright (C) 2014 - RtCRX.) - [82.5 Ko] - (1.11.9600.0) - C:\WINDOWS\System32\RtCRX64.dll [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [421.5 Ko] - C:\WINDOWS\System32\ru-RU [MD5.AA694008D3068ED546D9DF920BF5300D] - |A| - [19/03/2019 06:44:35] - (.-.) - [57.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\runexehelper.exe [MD5.5C18CD22BE4628865FCB63337A6E5EF6] - |A| - [19/03/2019 06:46:39] - (.-.) - [10.18 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScavengeSpace.xml [MD5.2F24BC74DCB28FE032C1596755385917] - |A| - [19/03/2019 06:44:21] - (.-.) - [0.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.contrast-black.png [MD5.E72B1B6800DE45AA9AE7E10F899E5999] - |A| - [19/03/2019 06:44:21] - (.-.) - [0.54 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.contrast-white.png [MD5.2F24BC74DCB28FE032C1596755385917] - |A| - [19/03/2019 06:44:21] - (.-.) - [0.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.png [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [6.92 Ko] - C:\WINDOWS\System32\SecureBootUpdates [MD5.B21819B0520E582E9FCFF7576C7F9235] - |A| - [15/08/2015 20:49:44] - (.Copyright (C) 1998-2011 AMD Inc. - atidxx64.dll.) - [11780.86 Ko] - (8.17.10.625) - C:\WINDOWS\System32\SET1C58.tmp [MD5.DD1901D3DFA7F92D04855B05C80DCC14] - |A| - [15/08/2015 20:49:44] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiuxpag.dll.) - [158.47 Ko] - (8.14.1.6463) - C:\WINDOWS\System32\SET3988.tmp [MD5.108B408A225C6FBA3A80E750E74F2A1A] - |A| - [15/08/2015 20:49:42] - (.Copyright (C) 1998-2012 AMD Inc. - aticfx64.dll.) - [1434.41 Ko] - (8.17.10.1404) - C:\WINDOWS\System32\SET3B22.tmp [MD5.6960C5F72730E6DBDEBF087553BFAEB5] - |A| - [15/08/2015 20:48:46] - (.AMD. - CoInstaller DLL.) - [853.98 Ko] - (1.0.5.9) - C:\WINDOWS\System32\SET540.tmp [MD5.817A4AD7BB47B5811C84B58C43A78189] - |A| - [15/08/2015 20:48:44] - (.Copyright © 2008-2009 AMD - AMD External Events Service Module.) - [249.52 Ko] - (6.14.11.1199) - C:\WINDOWS\System32\SET628.tmp [MD5.9897BFAD16E076F9128765B8B58354F1] - |A| - [15/08/2015 20:48:46] - (.AMD. - CoInstaller DLL.) - [854.02 Ko] - (1.0.5.9) - C:\WINDOWS\System32\SET677C.tmp [MD5.9A6ED45849C7D725E53E35F5D25BF063] - |A| - [15/08/2015 20:48:44] - (.Copyright © 2008-2009 AMD - AMD External Events Client Module.) - [667.01 Ko] - (6.14.11.1199) - C:\WINDOWS\System32\SET6B7.tmp [MD5.EAD4B31FE72D70F2BACFC915454E5BE2] - |A| - [16/12/2015 20:06:50] - (.Copyright (C) 1998-2011 AMD Inc. - atiumd64.dll.) - [8657.15 Ko] - (9.14.10.1128) - C:\WINDOWS\System32\SETB9DE.tmp [MD5.839B5E291DAFB7C489306844AB2C9989] - |A| - [16/12/2015 20:06:52] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon Video Acceleration Universal Driver.) - [8771.91 Ko] - (8.14.10.513) - C:\WINDOWS\System32\SETBB57.tmp [MD5.80C04025EB23316D1E9CFCC3E8D52AC5] - |A| - [16/12/2015 20:07:38] - (.Copyright (C) 2008-2014 Advanced Micro Devices, Inc. - ADL.) - [1226.98 Ko] - (7.15.20.1301) - C:\WINDOWS\System32\SETBD12.tmp [MD5.BBADD85854BFB5D43C60B7AC8EEA3DBA] - |A| - [15/08/2015 20:48:44] - (.Copyright © 2008-2009 AMD - AMD External Events Service Module.) - [249.48 Ko] - (6.14.11.1199) - C:\WINDOWS\System32\SETBFF7.tmp [MD5.B3AB2D5B98E67EC56ED4EB9D2A3199BF] - |A| - [15/08/2015 20:48:44] - (.Copyright © 2008-2009 AMD - AMD External Events Client Module.) - [667.48 Ko] - (6.14.11.1199) - C:\WINDOWS\System32\SETC076.tmp [MD5.0924FBECA5B233CCD3F89306D6EBBB50] - |A| - [16/12/2015 20:07:40] - (.2002-2012 - Graphics DEM.) - [440.48 Ko] - (4.5.5786.29424) - C:\WINDOWS\System32\SETC114.tmp [MD5.0301F99122692B658DA76145ACDB2F4B] - |A| - [15/08/2015 20:49:44] - (.Copyright (C) 1998-2011 AMD Inc. - atidxx64.dll.) - [11804.69 Ko] - (8.17.10.625) - C:\WINDOWS\System32\SETD443.tmp [MD5.DF30135A414649B0A8E8FAD0D61C13C1] - |A| - [16/12/2015 20:06:50] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiu9pag.dll.) - [127.02 Ko] - (8.14.1.6463) - C:\WINDOWS\System32\SETED28.tmp [MD5.25DB83722B01C0614679ACAC8C59D51A] - |A| - [15/08/2015 20:49:44] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiuxpag.dll.) - [158.43 Ko] - (8.14.1.6463) - C:\WINDOWS\System32\SETED97.tmp [MD5.8AE77361DA429B75CB56F20E2B1CA044] - |A| - [15/08/2015 20:49:42] - (.Copyright (C) 1998-2012 AMD Inc. - aticfx64.dll.) - [1445.13 Ko] - (8.17.10.1404) - C:\WINDOWS\System32\SETEFCE.tmp [MD5.A8308D2F3DDE0745E8B678BF69A2ECD0] - |A| - [19/03/2019 06:44:01] - (.-.) - [8 Ko] - (0.0.0.0) - C:\WINDOWS\System32\settings.dat [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [77.44 Ko] - C:\WINDOWS\System32\Sgrm [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [2370 Ko] - C:\WINDOWS\System32\ShellExperiences [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [23.7 Ko] - C:\WINDOWS\System32\si-lk [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [341 Ko] - C:\WINDOWS\System32\sk-SK [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [337.5 Ko] - C:\WINDOWS\System32\sl-SI [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:12:29] - [92903.64 Ko] - C:\WINDOWS\System32\SleepStudy [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:53:21] - [98.06 Ko] - C:\WINDOWS\System32\slmgr [MD5.DAC275ABAAD2B689D7BB3685E4032072] - |A| - [19/03/2019 06:43:47] - (.-.) - [68.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SmallRoom.bin [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:37:26] - [14017.02 Ko] - C:\WINDOWS\System32\SMI [MD5.55121989BE7B289813D419BA0FDEE8B7] - |A| - [19/03/2019 06:44:21] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.contrast-black.png [MD5.E30B7D226E7B5B0EC2B9FC2316694ECC] - |A| - [19/03/2019 06:44:21] - (.-.) - [0.88 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.contrast-white.png [MD5.55121989BE7B289813D419BA0FDEE8B7] - |A| - [19/03/2019 06:44:21] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.png [MD5.DE3EAAF17BC934C77C4FC0C626EEA03B] - |A| - [19/03/2019 06:43:45] - (.-.) - [1.48 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SpeakersSystemToastIcon.contrast-white.png [MD5.3308374DB8D20CFDA4D4204E2B5E559E] - |A| - [19/03/2019 06:43:45] - (.-.) - [0.88 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SpeakersSystemToastIcon.png [MD5.CEDAB194F8B9DADA895371B4560B97F0] - |A| - [19/03/2019 06:45:54] - (.-.) - [38 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SpectrumSyncClient.dll [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [7680.8 Ko] - C:\WINDOWS\System32\Speech [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [12411.23 Ko] - C:\WINDOWS\System32\Speech_OneCore [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [122245.84 Ko] - C:\WINDOWS\System32\spool [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [5938.39 Ko] - C:\WINDOWS\System32\spp [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [23.61 Ko] - C:\WINDOWS\System32\sppui [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [339 Ko] - C:\WINDOWS\System32\sr-Latn-RS [MD5.DC9450258D80F46AEF8EF063A7C629B0] - |A| - [19/03/2019 06:45:56] - (.-.) - [19.03 Ko] - (0.0.0.0) - C:\WINDOWS\System32\srms-apr.dat [MD5.763BCEE61F573235E1C60E80438AC301] - |A| - [28/06/2019 15:11:29] - (.-.) - [57.45 Ko] - (0.0.0.0) - C:\WINDOWS\System32\srms.dat [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [15128 Ko] - C:\WINDOWS\System32\sru [MD5.EBF15D23B92DE845AC8C952AE9153492] - |A| - [19/03/2019 06:43:47] - (.-.) - [443 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ssdm.dll [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [403.5 Ko] - C:\WINDOWS\System32\sv-SE [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [1397.98 Ko] - C:\WINDOWS\System32\Sysprep [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [947.28 Ko] - C:\WINDOWS\System32\SystemResetPlatform [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [10.73 Ko] - C:\WINDOWS\System32\ta-in [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [10.73 Ko] - C:\WINDOWS\System32\ta-lk [MD5.5F6B04A0EC5FE46FEEEC887406F63E57] - |A| - [19/03/2019 06:45:35] - (.Copyright (c) libarchive authors - bsdtar archive tool.) - [49.5 Ko] - (3.3.2.0) - C:\WINDOWS\System32\tar.exe [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [585.77 Ko] - C:\WINDOWS\System32\Tasks [MD5.D602CA245CC6774A0981B607F0675609] - |A| - [19/03/2019 06:45:00] - (.-.) - [58.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\tcpmon.ini [MD5.364B8B76EBB95762632341E49F26144D] - |A| - [28/06/2019 15:10:50] - (.-.) - [1798 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TextInputMethodFormatter.dll [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [310.5 Ko] - C:\WINDOWS\System32\th-TH [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [5.97 Ko] - C:\WINDOWS\System32\ti-et [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [394 Ko] - C:\WINDOWS\System32\tr-TR [MD5.B88B8D017386A00D7724519F475317A0] - |A| - [19/03/2019 06:43:54] - (.-.) - [10.33 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlan.xslt [MD5.2F05390B798363D51EBE65D6320CD45E] - |A| - [19/03/2019 06:43:54] - (.-.) - [1.65 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlanCredentials.xslt [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [337 Ko] - C:\WINDOWS\System32\uk-UA [MD5.B9A75ED4500DD953DF172FE6F63578E8] - |A| - [19/03/2019 06:43:49] - (.-.) - [53.67 Ko] - (0.0.0.0) - C:\WINDOWS\System32\umpdc.dll [MD5.00000000000000000000000000000000] - |SD| - [05/06/2019 21:49:15] - [1917.6 Ko] - C:\WINDOWS\System32\UNP [MD5.21B9D3543310B811B3F0DBE3838EEF12] - |A| - [19/03/2019 06:44:18] - (.-.) - [44.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\UsbPmApi.dll [MD5.BAB4BA3C107F89955FABD06688B232F0] - |A| - [30/05/2019 14:40:17] - (.-.) - [37 Ko] - (0.0.0.0) - C:\WINDOWS\System32\usocoreps.dll [MD5.E9A66CB07CCDB9B99F084315E04FCBC7] - |A| - [19/03/2019 06:59:03] - (.-.) - [92.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\VirtualMonitorManager.dll [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [96316.98 Ko] - C:\WINDOWS\System32\wbem [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:53:23] - [0 Ko] - C:\WINDOWS\System32\WCN [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [102631.72 Ko] - C:\WINDOWS\System32\WDI [MD5.6EDD021A8B6457DDE09DE7B7FA4E8C8B] - |A| - [19/03/2019 06:44:30] - (.-.) - [0.6 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WdsUnattendTemplate.xml [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [1.12 Ko] - C:\WINDOWS\System32\WinBioDatabase [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [49316.93 Ko] - C:\WINDOWS\System32\WinBioPlugIns [MD5.8B956E4F6378335CC19BE3296A6C9B7E] - |A| - [19/03/2019 06:44:11] - (.-.) - [122 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WindowsDefaultHeatProcessor.dll [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [10482.4 Ko] - C:\WINDOWS\System32\WindowsPowerShell [MD5.28E98ED0B6B08B7F1D163FFD184B28AF] - |A| - [19/03/2019 06:44:39] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WindowsSecurityIcon.png [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [180580 Ko] - C:\WINDOWS\System32\winevt [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [6161.92 Ko] - C:\WINDOWS\System32\WinMetadata [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:53:23] - [207.67 Ko] - C:\WINDOWS\System32\winrm [MD5.1B46E2E85D401A629966A8F62D9B0775] - |A| - [19/03/2019 06:43:52] - (.-.) - [9.91 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpcatltoast.png [MD5.C30C621748C66CE751B19B2788559A3E] - |A| - [19/03/2019 06:43:52] - (.-.) - [4.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpcmon.png [MD5.69FEC1494F4C454E994D27CA6750832B] - |A| - [19/03/2019 06:44:35] - (.-.) - [0.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpr.config.xml [MD5.2DE2D263D2C5739AB4A37C5616ABA671] - |A| - [19/03/2019 06:44:03] - (.-.) - [97 Ko] - (0.0.0.0) - C:\WINDOWS\System32\xboxgipsynthetic.dll [MD5.F7B865265606C41B0E07779D3317E0A8] - |A| - [19/03/2019 06:44:21] - (.-.) - [0.61 Ko] - (0.0.0.0) - C:\WINDOWS\System32\X_80.contrast-black.png [MD5.6FF92221AF9D6CDF0966C4E44C367975] - |A| - [19/03/2019 06:44:21] - (.-.) - [0.57 Ko] - (0.0.0.0) - C:\WINDOWS\System32\X_80.contrast-white.png [MD5.F7B865265606C41B0E07779D3317E0A8] - |A| - [19/03/2019 06:44:21] - (.-.) - [0.61 Ko] - (0.0.0.0) - C:\WINDOWS\System32\X_80.png [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [287.99 Ko] - C:\WINDOWS\System32\zh-CN [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [258 Ko] - C:\WINDOWS\System32\zh-TW [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:53:23] - [0 Ko] - C:\WINDOWS\SysWOW64\0409 [MD5.D6F8DD9F561B8A67FFAC2BAD7E989770] - |A| - [19/03/2019 06:45:19] - (.-.) - [0.23 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@AppHelpToast.png [MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [19/03/2019 06:45:19] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@AudioToastIcon.png [MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [19/03/2019 06:45:22] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@EnrollmentToastIcon.png [MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [19/03/2019 06:45:30] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@VpnToastIcon.png [MD5.DB71001FC261F6685BE410527DAE3942] - |A| - [19/03/2019 06:45:13] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@WirelessDisplayToast.png [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [1856.8 Ko] - C:\WINDOWS\SysWOW64\AdvancedInstallers [MD5.A373223DA7D8955471215CE5B1BDCD0B] - |A| - [16/12/2015 20:07:34] - (.-.) - [193.98 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\amdgfxinfo32.dll [MD5.4DC0A8630E9C94AC559BDA738D228C2E] - |A| - [16/12/2015 20:07:34] - (.-.) - [128.98 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\amdhdl32.dll [MD5.870A3E3F7F49E0F0EDA057DE539BAA5C] - |A| - [16/12/2015 20:07:34] - (.Advanced Micro Devices, Inc. Copyright (C) 2015 - LiquidVR SDK 1.0.) - [511.98 Ko] - (1.0.3.8) - C:\WINDOWS\SysWOW64\amdlvr32.dll [MD5.DB00A1EDAF063A00E715BC0D844A6C6B] - |A| - [16/12/2015 20:07:36] - (.Copyright (C) 2013 AMD Inc. - Mantle driver, support for SI family and above.) - [5093.98 Ko] - (9.1.10.83) - C:\WINDOWS\SysWOW64\amdmantle32.dll [MD5.4C2E47A3ED607193656C44974AEA4162] - |A| - [16/12/2015 20:07:34] - (.Copyright (c) 2013 Advanced Micro Devices, Inc. - Radeon MMOCL Universal Driver.) - [46.98 Ko] - (1.6.0.0) - C:\WINDOWS\SysWOW64\amdmmcl.dll [MD5.E1B9410B2167B9B438B4C14639AA9FBC] - |A| - [15/08/2015 20:48:44] - (.Copyright (C) 2011 Advanced Micro Devices Inc. - AMD Accelerated Parallel Processing OpenCL 2.0 Runtime.) - [38789.98 Ko] - (10.0.1800.11) - C:\WINDOWS\SysWOW64\amdocl.dll [MD5.9DEF1F5B37479CB6AD2DE70AC5606759] - |A| - [15/08/2015 20:48:44] - (.Copyright (C) 2011 Advanced Micro Devices Inc. - AMD COMPILER OpenCL 1.1 Compiler.) - [21803.98 Ko] - (0.8.0.0) - C:\WINDOWS\SysWOW64\amdocl12cl.dll [MD5.ECC282372DEB746231685280F96442DF] - |A| - [16/12/2015 20:07:38] - (.-.) - [980.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\amdocl_as32.exe [MD5.EBC93A124038127EAD6CD8F16558C26B] - |A| - [16/12/2015 20:07:36] - (.-.) - [788.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\amdocl_ld32.exe [MD5.7D5DED378BFDB41955AC460C4F396F1B] - |A| - [16/12/2015 20:06:50] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon PCOM Universal Driver.) - [79.26 Ko] - (8.14.10.23) - C:\WINDOWS\SysWOW64\amdpcom32.dll [MD5.A400CFF0E7618D3C96E6D3FB5C657E6B] - |A| - [16/12/2015 20:06:50] - (.Copyright (C) 2014-2015 AMD Inc. - amdxc32.dll.) - [7503.02 Ko] - (8.18.10.44) - C:\WINDOWS\SysWOW64\amdxc32.dll [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [0 Ko] - C:\WINDOWS\SysWOW64\AppLocker [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [174 Ko] - C:\WINDOWS\SysWOW64\ar-SA [MD5.7230E04E6BD86FFE4E1034D9B3B893A3] - |A| - [19/03/2019 06:45:59] - (.Copyright (c) libarchive authors - Windows-internal libarchive library.) - [520 Ko] - (3.3.2.0) - C:\WINDOWS\SysWOW64\archiveint.dll [MD5.760A16CB68AA94B46C13E778E2C40C42] - |A| - [16/12/2015 20:07:38] - (.Copyright (C) 2008-2014 Advanced Micro Devices, Inc. - ADL.) - [913.48 Ko] - (7.15.20.1301) - C:\WINDOWS\SysWOW64\atiadlxx.dll [MD5.760A16CB68AA94B46C13E778E2C40C42] - |A| - [15/08/2015 20:48:44] - (.Copyright (C) 2008-2014 Advanced Micro Devices, Inc. - ADL.) - [913.48 Ko] - (7.15.20.1301) - C:\WINDOWS\SysWOW64\atiadlxy.dll [MD5.4920154E53FDD2E1BB3B877E7CEEFEC7] - |A| - [04/11/2015 21:25:16] - (.-.) - [646.88 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\atiapfxx.blb [MD5.6C1E0FA435FF2BE03DAE57482D70229C] - |A| - [16/12/2015 20:07:38] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL compiler runtime.) - [56.48 Ko] - (6.14.10.1848) - C:\WINDOWS\SysWOW64\aticalcl.dll [MD5.0D5F02309668BB18B09CC3018870A21D] - |A| - [16/12/2015 20:07:40] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL DD.) - [13975.48 Ko] - (6.14.10.1848) - C:\WINDOWS\SysWOW64\aticaldd.dll [MD5.91EE47E5F262066C4FE15FCC2AFA76D0] - |A| - [16/12/2015 20:07:40] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL runtime.) - [59.48 Ko] - (6.14.10.1848) - C:\WINDOWS\SysWOW64\aticalrt.dll [MD5.4ED9AE1B6AB8786EF287A005223602AF] - |A| - [16/12/2015 20:06:50] - (.Copyright (C) 1998-2012 AMD Inc. - aticfx32.dll.) - [1194.87 Ko] - (8.17.10.1404) - C:\WINDOWS\SysWOW64\aticfx32.dll [MD5.1F31F81DDBCE62FF5ED9EEB84B36994A] - |A| - [16/12/2015 20:06:50] - (.Copyright (C) 1998-2011 AMD Inc. - atidxx32.dll.) - [9971.7 Ko] - (8.17.10.625) - C:\WINDOWS\SysWOW64\atidxx32.dll [MD5.07722BE5C09F174DE3C857A384EB7A19] - |A| - [16/12/2015 20:07:40] - (.-.) - [148.98 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\atieah32.exe [MD5.FAA5C0AE370B2B4727A4D3BAD2E9FA90] - |A| - [15/08/2015 20:48:44] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atigktxx.dll.) - [146.98 Ko] - (8.14.1.6463) - C:\WINDOWS\SysWOW64\atigktxx.dll [MD5.DFC371CDDD3FCD6C24E753298A41E759] - |A| - [16/12/2015 20:07:40] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiglpxx.dll.) - [76.48 Ko] - (8.14.1.6463) - C:\WINDOWS\SysWOW64\atiglpxx.dll [MD5.212E4467D3558D6CF999942FBF24249A] - |A| - [16/12/2015 20:06:50] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon PCOM Universal Driver.) - [79.26 Ko] - (8.14.10.23) - C:\WINDOWS\SysWOW64\atimpc32.dll [MD5.0A4ECF95D837EB9C7990FDAE92077765] - |A| - [16/12/2015 20:07:42] - (.Copyright (C) 1998-2011 Advanced Micro Devices, Inc. - AMD OpenGL driver.) - [24726.98 Ko] - (6.14.10.13399) - C:\WINDOWS\SysWOW64\atioglxx.dll [MD5.CBA05A6A2400D9EFB00E8D8CF2BDD1E5] - |A| - [16/12/2015 20:06:50] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiu9pag.dll.) - [109.73 Ko] - (8.14.1.6463) - C:\WINDOWS\SysWOW64\atiu9pag.dll [MD5.D7D303BC870752D4E6CE9D9453B16FE6] - |A| - [16/12/2015 20:06:50] - (.Copyright (C) 1998-2011 AMD Inc. - atiumdag.dll.) - [7307.19 Ko] - (9.14.10.1128) - C:\WINDOWS\SysWOW64\atiumdag.dll [MD5.A6D47DE75D4DA8B345193FD2456A4386] - |A| - [04/11/2015 21:21:02] - (.-.) - [3390.02 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\atiumdva.cap [MD5.EEBEC694FFBAEF4812DE8D10E924E597] - |A| - [15/08/2015 20:49:44] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon Video Acceleration Universal Driver.) - [7821.64 Ko] - (8.14.10.513) - C:\WINDOWS\SysWOW64\atiumdva.dll [MD5.DBA2A487CC1913B9C6F4CFF3422D46B1] - |A| - [16/12/2015 20:06:50] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiuxpag.dll.) - [139.7 Ko] - (8.14.1.6463) - C:\WINDOWS\SysWOW64\atiuxpag.dll [MD5.7C163EDE63854539828F5B2C1BC529FD] - |A| - [15/08/2015 10:09:52] - (.-.) - [153.46 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\ativvsva.dat [MD5.219D7091DD1D93728392337FE9C7ADD6] - |A| - [15/08/2015 10:09:52] - (.-.) - [200.15 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\ativvsvl.dat [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [147.5 Ko] - C:\WINDOWS\SysWOW64\bg-BG [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [0.1 Ko] - C:\WINDOWS\SysWOW64\Bthprops [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [0 Ko] - C:\WINDOWS\SysWOW64\catroot [MD5.10A92052244A42E372B7B5AE52E80D84] - |A| - [06/06/2019 16:15:18] - (.-.) - [60.47 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\CCCInstall_201906061615189908.log [MD5.E4316E2C2CBC83D00EC28EB4F1F298B2] - |A| - [06/06/2019 19:51:03] - (.-.) - [59.61 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\CCCInstall_201906061951037520.log [MD5.0DBCC56757326CBC410969D3B9241A23] - |A| - [06/06/2019 19:52:56] - (.-.) - [60.47 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\CCCInstall_201906061952563738.log [MD5.9857C564735A1AA3C6E69B50910A652C] - |A| - [07/06/2019 17:53:41] - (.-.) - [59.61 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\CCCInstall_201906071753410119.log [MD5.1C0EDD78CD8699D7FC52A41438293A97] - |A| - [08/06/2019 11:48:36] - (.-.) - [60.47 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\CCCInstall_201906081148364281.log [MD5.607BE81C67D5F3E4B82F7C06A9819D39] - |A| - [08/06/2019 15:02:17] - (.-.) - [59.61 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\CCCInstall_201906081502175592.log [MD5.CC6350FCE81973C0C6958BA7274BADB2] - |A| - [21/06/2019 08:44:47] - (.-.) - [60.47 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\CCCInstall_201906210844476581.log [MD5.7B3259A5797624340DC91F7561348369] - |A| - [21/06/2019 08:51:32] - (.-.) - [59.61 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\CCCInstall_201906210851329287.log [MD5.8FD30FD8969E820CF4821D4A193A1B90] - |A| - [25/06/2019 09:06:57] - (.-.) - [60.47 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\CCCInstall_201906250906577503.log [MD5.0BA55D0076AF0247FC121760F165632A] - |A| - [25/06/2019 09:12:06] - (.-.) - [59.61 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\CCCInstall_201906250912069668.log [MD5.B6C82DFDEB3FB2C7D8DD931019178DC5] - |A| - [25/06/2019 09:13:13] - (.-.) - [54.87 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\CCCInstall_201906250913136259.log [MD5.495EEF374CC5F841B46BA6A95FFCA2E6] - |A| - [27/06/2019 08:20:55] - (.-.) - [54.01 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\CCCInstall_201906270820551732.log [MD5.9B15DF509EE8950502CDB2E21CA66B7C] - |A| - [04/07/2019 16:08:06] - (.-.) - [60.47 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\CCCInstall_201907041608061230.log [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [322 Ko] - C:\WINDOWS\SysWOW64\Com [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [7.64 Ko] - C:\WINDOWS\SysWOW64\config [MD5.00000000000000000000000000000000] - |SD| - [05/06/2019 21:49:15] - [86.84 Ko] - C:\WINDOWS\SysWOW64\Configuration [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [206 Ko] - C:\WINDOWS\SysWOW64\cs-CZ [MD5.1E02A122FE09272058FC1EF0B1B6265E] - |A| - [27/07/2019 18:09:50] - (.© 1996 - 2017 Daniel Stenberg, . - The curl executable.) - [377 Ko] - (7.55.1.0) - C:\WINDOWS\SysWOW64\curl.exe [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [207 Ko] - C:\WINDOWS\SysWOW64\da-DK [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [229 Ko] - C:\WINDOWS\SysWOW64\de-DE [MD5.C04ED7B2794D40E8E777FD44ED44FC50] - |A| - [19/03/2019 06:45:13] - (.-.) - [0.36 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\DefaultAccountTile.png [MD5.B227DF8720C51EE0A80CB23CCCEF1EC6] - |A| - [26/10/2012 16:42:24] - (.-.) - [328.35 Ko] - (13.80.853.0) - C:\WINDOWS\SysWOW64\DevManagerCore.dll [MD5.00000000000000000000000000000000] - |SD| - [05/06/2019 21:49:15] - [186 Ko] - C:\WINDOWS\SysWOW64\DiagSvcs [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [7676.23 Ko] - C:\WINDOWS\SysWOW64\Dism [MD5.ECE24EF9433BE822E57C0A8D2C4F5DAD] - |A| - [06/06/2019 17:58:56] - (.-.) - [215.38 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\Eaolog.log [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [231.5 Ko] - C:\WINDOWS\SysWOW64\el-GR [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:53:23] - [3118 Ko] - C:\WINDOWS\SysWOW64\en [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [135.5 Ko] - C:\WINDOWS\SysWOW64\en-GB [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [8130.73 Ko] - C:\WINDOWS\SysWOW64\en-US [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [219 Ko] - C:\WINDOWS\SysWOW64\es-ES [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [149.5 Ko] - C:\WINDOWS\SysWOW64\es-MX [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [135.5 Ko] - C:\WINDOWS\SysWOW64\et-EE [MD5.00000000000000000000000000000000] - |SD| - [05/06/2019 21:49:15] - [13060.65 Ko] - C:\WINDOWS\SysWOW64\F12 [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [208 Ko] - C:\WINDOWS\SysWOW64\fi-FI [MD5.1E91815C329345AD54FE08BF7A98F749] - |A| - [19/03/2019 14:01:34] - (.Copyright (C) 2017 - Gracenote SDK component.) - [4073.5 Ko] - (3.10.5.5585) - C:\WINDOWS\SysWOW64\gnsdk_fp.dll [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [0 Ko] - C:\WINDOWS\SysWOW64\GroupPolicy [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [0 Ko] - C:\WINDOWS\SysWOW64\GroupPolicyUsers [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [166 Ko] - C:\WINDOWS\SysWOW64\he-IL [MD5.791F8E1C60E6466F93D792D375D8F1B5] - |A| - [19/03/2019 06:45:13] - (.-.) - [203.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\HeatCore.dll [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [142.5 Ko] - C:\WINDOWS\SysWOW64\hr-HR [MD5.B1414C449CDF025115DDA1DD58A77381] - |A| - [16/12/2015 20:07:40] - (.-.) - [108.48 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\hsa-thunk.dll [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [212.5 Ko] - C:\WINDOWS\SysWOW64\hu-HU [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [36.27 Ko] - C:\WINDOWS\SysWOW64\icsxml [MD5.659B216490380FBE2DC77DECC203E5ED] - |A| - [30/05/2019 14:40:36] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Combined Library.) - [1849.5 Ko] - (63.1.0.0) - C:\WINDOWS\SysWOW64\icu.dll [MD5.1EAD0C642EF0B2692D44A206CAD63C74] - |A| - [19/03/2019 06:45:16] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU I18N DLL.) - [24 Ko] - (63.1.0.0) - C:\WINDOWS\SysWOW64\icuin.dll [MD5.9D459E0C31117F3A841D2EA00F7BC99C] - |A| - [19/03/2019 06:45:16] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Common DLL.) - [28.5 Ko] - (63.1.0.0) - C:\WINDOWS\SysWOW64\icuuc.dll [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [21339.25 Ko] - C:\WINDOWS\SysWOW64\IME [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [0 Ko] - C:\WINDOWS\SysWOW64\inetsrv [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [213 Ko] - C:\WINDOWS\SysWOW64\InputMethod [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [1160 Ko] - C:\WINDOWS\SysWOW64\InstallShield [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [0 Ko] - C:\WINDOWS\SysWOW64\Ipmi [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [216.5 Ko] - C:\WINDOWS\SysWOW64\it-IT [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [154 Ko] - C:\WINDOWS\SysWOW64\ja-JP [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [154.5 Ko] - C:\WINDOWS\SysWOW64\ko-KR [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [625.17 Ko] - C:\WINDOWS\SysWOW64\Licenses [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [0 Ko] - C:\WINDOWS\SysWOW64\LogFiles [MD5.B65E8E52916A527F88486875EE291AA8] - |A| - [26/10/2012 16:42:22] - (.-.) - [10663.85 Ko] - (13.80.853.0) - C:\WINDOWS\SysWOW64\LogiDPP.dll [MD5.24764C249F769991079F6D4B14B822AF] - |A| - [26/10/2012 16:42:22] - (.-.) - [100.85 Ko] - (13.80.853.0) - C:\WINDOWS\SysWOW64\LogiDPPApp.exe [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [145.5 Ko] - C:\WINDOWS\SysWOW64\lt-LT [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [142 Ko] - C:\WINDOWS\SysWOW64\lv-LV [MD5.BDC67729D0A4940C525654FF869C5289] - |A| - [26/10/2012 16:42:22] - (.(c) 1996-2012 Logitech. - Video Codec.) - [297.85 Ko] - (13.80.853.0) - C:\WINDOWS\SysWOW64\lvcodec2.dll [MD5.E8C604C7E16CE90C0D4564EC06B118E8] - |A| - [26/10/2012 16:42:22] - (.(c) 1996-2012 Logitech. - Logitech Camera Property Pages.) - [529.85 Ko] - (13.80.853.0) - C:\WINDOWS\SysWOW64\LVUI2.dll [MD5.F13DA78D0873B2025556D65DB5E3210D] - |A| - [26/10/2012 16:42:24] - (.(c) 1996-2012 Logitech. - Logitech Camera Property Pages.) - [525.85 Ko] - (13.80.853.0) - C:\WINDOWS\SysWOW64\LVUI2RC.dll [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [50362.73 Ko] - C:\WINDOWS\SysWOW64\Macromed [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:56:34] - [32.68 Ko] - C:\WINDOWS\SysWOW64\MailContactsCalendarSync [MD5.DAE24406C99B03DE3070FCA7B8823C68] - |A| - [16/12/2015 20:07:40] - (.Copyright (C) 2013 AMD Inc. - Mantle loader.) - [119.48 Ko] - (9.1.10.83) - C:\WINDOWS\SysWOW64\mantle32.dll [MD5.4B15FFE298E746FC8FE1718461C8527D] - |A| - [16/12/2015 20:07:40] - (.Copyright (C) 2013 AMD Inc. - Mantle extension library.) - [94.48 Ko] - (9.1.10.83) - C:\WINDOWS\SysWOW64\mantleaxl32.dll [MD5.192EDE29A39B686D9B5091071FCF9E51] - |A| - [14/06/2004 18:54:02] - (.-.) - [2204 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\MarineAquarium2MD.scr [MD5.84D72DC7008B082FC2F626C9ADE7F0D0] - |A| - [06/06/2019 09:09:07] - (.Copyright © 2014 - MarineAquarium3.3.) - [6980 Ko] - (0.0.0.3) - C:\WINDOWS\SysWOW64\MarineAquarium3.scr [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [2782.39 Ko] - C:\WINDOWS\SysWOW64\migration [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [812.8 Ko] - C:\WINDOWS\SysWOW64\migwiz [MD5.08749DCC252AE1148E3BEA32B3FFFBFC] - |A| - [19/03/2019 06:46:21] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\MixedRealityRuntime.json [MD5.C8BF077B236ED2803347BD95DE29BF68] - |A| - [05/06/2019 21:49:45] - (.-.) - [3.03 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\mmc.exe.config [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [45.5 Ko] - C:\WINDOWS\SysWOW64\MSDRM [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [52.28 Ko] - C:\WINDOWS\SysWOW64\Msdtc [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [19.15 Ko] - C:\WINDOWS\SysWOW64\MUI [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [205.5 Ko] - C:\WINDOWS\SysWOW64\nb-NO [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [0 Ko] - C:\WINDOWS\SysWOW64\NDF [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [51 Ko] - C:\WINDOWS\SysWOW64\networklist [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [215.5 Ko] - C:\WINDOWS\SysWOW64\nl-NL [MD5.00000000000000000000000000000000] - |SD| - [05/06/2019 21:49:15] - [3781.5 Ko] - C:\WINDOWS\SysWOW64\Nui [MD5.B3B9C8925432FDA674ACCA908FE3CFDE] - |A| - [19/03/2019 07:00:31] - (.-.) - [36.79 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\OneDrive.ico [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [754.8 Ko] - C:\WINDOWS\SysWOW64\oobe [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [79 Ko] - C:\WINDOWS\SysWOW64\PerceptionSimulation [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [216.5 Ko] - C:\WINDOWS\SysWOW64\pl-PL [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:53:23] - [969.13 Ko] - C:\WINDOWS\SysWOW64\Printing_Admin_Scripts [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [214.5 Ko] - C:\WINDOWS\SysWOW64\pt-BR [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [215.5 Ko] - C:\WINDOWS\SysWOW64\pt-PT [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [23.75 Ko] - C:\WINDOWS\SysWOW64\ras [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [0 Ko] - C:\WINDOWS\SysWOW64\RasToast [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [0.82 Ko] - C:\WINDOWS\SysWOW64\Recovery [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [0 Ko] - C:\WINDOWS\SysWOW64\restore [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [147.5 Ko] - C:\WINDOWS\SysWOW64\ro-RO [MD5.EBFD4799A3E1E3D78B10C078BF3BDF55] - |A| - [15/08/2015 20:49:44] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon Video Acceleration Universal Driver.) - [7821.66 Ko] - (8.14.10.513) - C:\WINDOWS\SysWOW64\SET2062.tmp [MD5.972AF323A502BF4546FC1FF86D7F4873] - |A| - [15/08/2015 20:48:44] - (.Copyright (C) 2008-2014 Advanced Micro Devices, Inc. - ADL.) - [913.52 Ko] - (7.15.20.1301) - C:\WINDOWS\SysWOW64\SET2180.tmp [MD5.9BDAD27008412311DBE102FE0A233B49] - |A| - [15/08/2015 20:48:44] - (.Copyright (C) 2011 Advanced Micro Devices Inc. - AMD COMPILER OpenCL 1.1 Compiler.) - [21805.51 Ko] - (0.8.0.0) - C:\WINDOWS\SysWOW64\SET3634.tmp [MD5.584055C693DBC9487F73C3D3FA24D0C7] - |A| - [15/08/2015 20:48:42] - (.Copyright © The Khronos Group Inc 2014 - OpenCL Client DLL.) - [68 Ko] - (2.0.4.0) - C:\WINDOWS\SysWOW64\SET5D1C.tmp [MD5.D413999F36BC8A9A28F147A6969FD2A8] - |A| - [15/08/2015 20:48:44] - (.Copyright (C) 2011 Advanced Micro Devices Inc. - AMD Accelerated Parallel Processing OpenCL 2.0 Runtime.) - [38792.52 Ko] - (10.0.1800.8) - C:\WINDOWS\SysWOW64\SET62CC.tmp [MD5.FB7164B75C3BA276DB68383E46BCC978] - |A| - [15/08/2015 20:48:44] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atigktxx.dll.) - [148.51 Ko] - (8.14.1.6463) - C:\WINDOWS\SysWOW64\SET662F.tmp [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [143.5 Ko] - C:\WINDOWS\SysWOW64\sk-SK [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [143 Ko] - C:\WINDOWS\SysWOW64\sl-SI [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:53:23] - [98.06 Ko] - C:\WINDOWS\SysWOW64\slmgr [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [0 Ko] - C:\WINDOWS\SysWOW64\SMI [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [4078.3 Ko] - C:\WINDOWS\SysWOW64\Speech [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [8871.62 Ko] - C:\WINDOWS\SysWOW64\Speech_OneCore [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [1306.25 Ko] - C:\WINDOWS\SysWOW64\spp [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [23.61 Ko] - C:\WINDOWS\SysWOW64\sppui [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [142 Ko] - C:\WINDOWS\SysWOW64\sr-Latn-RS [MD5.DC9450258D80F46AEF8EF063A7C629B0] - |A| - [19/03/2019 06:46:09] - (.-.) - [19.03 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\srms-apr.dat [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [0 Ko] - C:\WINDOWS\SysWOW64\sru [MD5.EC1C75518F1AFF370C27B0EB8B09E932] - |A| - [19/03/2019 06:45:07] - (.-.) - [323 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\ssdm.dll [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [207.5 Ko] - C:\WINDOWS\SysWOW64\sv-SE [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:53:23] - [0 Ko] - C:\WINDOWS\SysWOW64\sysprep [MD5.A3487FD8447683A4F74645C99E7CB255] - |A| - [19/03/2019 06:45:59] - (.Copyright (c) libarchive authors - bsdtar archive tool.) - [42.5 Ko] - (3.3.2.0) - C:\WINDOWS\SysWOW64\tar.exe [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [0 Ko] - C:\WINDOWS\SysWOW64\Tasks [MD5.21C60C44D0511D809DD8A381C4CE4E4D] - |A| - [28/06/2019 15:11:12] - (.-.) - [1075.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [129 Ko] - C:\WINDOWS\SysWOW64\th-TH [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [201 Ko] - C:\WINDOWS\SysWOW64\tr-TR [MD5.A88B20DABDA28A87D3C9FFA453ED2205] - |A| - [06/06/2019 08:38:31] - (.(C) 1993-2009 TWAIN Working Group. - TWAIN 32 Source Manager (Image Acquisition Interface).) - [144.02 Ko] - (2.1.4.0) - C:\WINDOWS\SysWOW64\twaindsm.dll [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [145 Ko] - C:\WINDOWS\SysWOW64\uk-UA [MD5.6C0B99BB629982510C1DA46E47AE6F6D] - |A| - [19/03/2019 06:45:16] - (.-.) - [45.56 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\umpdc.dll [MD5.CC7C694B2BD1510C5AAE7374A5B52B92] - |A| - [03/02/1999 07:45:42] - (.-.) - [26.46 Ko] - (2.0.0.5215) - C:\WINDOWS\SysWOW64\VBAFR32.OLB [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [18772.92 Ko] - C:\WINDOWS\SysWOW64\wbem [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:53:23] - [0 Ko] - C:\WINDOWS\SysWOW64\WCN [MD5.69E4DB68C3968DF92346FDF8477A3D1B] - |A| - [19/03/2019 06:45:13] - (.-.) - [104.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\WindowsDefaultHeatProcessor.dll [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [9424.46 Ko] - C:\WINDOWS\SysWOW64\WindowsPowerShell [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:53:23] - [207.67 Ko] - C:\WINDOWS\SysWOW64\winrm [MD5.246C62BF8A69AF9A9D1783F4548652BF] - |A| - [19/03/2019 06:45:13] - (.-.) - [62.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\xboxgipsynthetic.dll [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:56:34] - [10.16 Ko] - C:\WINDOWS\SysWOW64\XPSViewer [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [135.5 Ko] - C:\WINDOWS\SysWOW64\zh-CN [MD5.00000000000000000000000000000000] - |D| - [05/06/2019 21:49:15] - [136 Ko] - C:\WINDOWS\SysWOW64\zh-TW ---------- | [.AdvertisingPopup] ---------- | [.android] [09/03/2017 16:53:14] - |A| - [1704] - C:\Users\BZT\.android\adbkey [09/03/2017 16:53:14] - |A| - [716] - C:\Users\BZT\.android\adbkey.pub ---------- | [.Plays.tv] ---------- | [.QtWebEngineProcess] ---------- | [3D Objects] [17/07/2016 16:40:45] - |A| - [180848] - C:\Users\BZT\3D Objects\Bulldozer.3mf [17/07/2016 16:40:45] - |A| - [221583] - C:\Users\BZT\3D Objects\Caboose car.3mf [26/08/2016 17:32:04] - |A| - [121266] - C:\Users\BZT\3D Objects\CCapture.3mf [17/07/2016 16:40:46] - |A| - [153346] - C:\Users\BZT\3D Objects\Chess Set.3mf [17/07/2016 16:40:46] - |A| - [40085] - C:\Users\BZT\3D Objects\Cone Shape.3mf [17/07/2016 16:40:46] - |A| - [17922] - C:\Users\BZT\3D Objects\Cube Shape.3mf [11/06/2017 08:33:54] - |A| - [2281040] - C:\Users\BZT\3D Objects\Curiosity.fbx [17/07/2016 16:40:46] - |A| - [30831] - C:\Users\BZT\3D Objects\Cylinder Shape.3mf [17/07/2016 16:40:45] - |ASH| - [298] - C:\Users\BZT\3D Objects\desktop.ini [17/07/2016 16:40:45] - |A| - [283484] - C:\Users\BZT\3D Objects\Gimble Keychain.3mf [17/07/2016 16:40:46] - |A| - [27197] - C:\Users\BZT\3D Objects\Hexagon Shape.3mf [17/07/2016 16:40:45] - |A| - [50925] - C:\Users\BZT\3D Objects\Keychain.3mf [17/07/2016 16:40:45] - |A| - [168144] - C:\Users\BZT\3D Objects\Left Curve Track.3mf [17/07/2016 16:40:46] - |A| - [13822] - C:\Users\BZT\3D Objects\Pyramid Shape.3mf [17/07/2016 16:40:45] - |A| - [142086] - C:\Users\BZT\3D Objects\Right Curve Track.3mf [17/07/2016 16:40:45] - |A| - [120054] - C:\Users\BZT\3D Objects\Ship in a Bottle.3mf [17/07/2016 16:40:45] - |A| - [198260] - C:\Users\BZT\3D Objects\Space Shuttle.3mf [17/07/2016 16:40:46] - |A| - [89728] - C:\Users\BZT\3D Objects\Sphere Shape.3mf [17/07/2016 16:40:45] - |A| - [224396] - C:\Users\BZT\3D Objects\Split Track.3mf [17/07/2016 16:40:45] - |A| - [269838] - C:\Users\BZT\3D Objects\Star Trophy.3mf [17/07/2016 16:40:45] - |A| - [127270] - C:\Users\BZT\3D Objects\Straight Track.3mf [17/07/2016 16:40:46] - |A| - [18552] - C:\Users\BZT\3D Objects\Tetrahedron Shape.3mf [17/07/2016 16:40:46] - |A| - [262347] - C:\Users\BZT\3D Objects\Torus Shape.3mf [17/07/2016 16:40:45] - |A| - [162913] - C:\Users\BZT\3D Objects\Track Connector.3mf [17/07/2016 16:40:45] - |A| - [295707] - C:\Users\BZT\3D Objects\Train Engine.3mf [17/07/2016 16:40:46] - |A| - [21305] - C:\Users\BZT\3D Objects\Wedge Shape.3mf [17/07/2016 16:40:45] - |A| - [112077] - C:\Users\BZT\3D Objects\Windmill.3mf ---------- | [AppData] [05/06/2019 21:26:51] - |D| - [892733324] - C:\Users\BZT\AppData\Local [04/06/2018 08:35:04] - |D| - [2170162506] - C:\Users\BZT\AppData\LocalLow [05/06/2019 21:26:51] - |D| - [2289939938] - C:\Users\BZT\AppData\Roaming ---------- | [Application Data] ---------- | [Contacts] [31/12/2014 12:48:37] - |A| - [70349] - C:\Users\BZT\Contacts\Administrator.contact [16/09/2016 10:50:16] - |A| - [1157] - C:\Users\BZT\Contacts\Alain Brizault.contact [16/09/2016 09:10:32] - |A| - [1109] - C:\Users\BZT\Contacts\Alain BZT.contact [16/09/2016 10:50:05] - |A| - [1154] - C:\Users\BZT\Contacts\Alex - Laurent.contact [16/09/2016 10:50:05] - |A| - [1167] - C:\Users\BZT\Contacts\ALEXANDRA BRIZAULT.contact [16/09/2016 10:50:16] - |A| - [1156] - C:\Users\BZT\Contacts\Annick Leluron.contact [16/09/2016 10:50:05] - |A| - [1162] - C:\Users\BZT\Contacts\Bernard Paloty.contact [16/09/2016 10:50:05] - |A| - [1182] - C:\Users\BZT\Contacts\Bernard_Mireille Perrachon.contact [16/09/2016 10:50:05] - |A| - [1166] - C:\Users\BZT\Contacts\Brizault Florence.contact [16/09/2016 10:50:16] - |A| - [1141] - C:\Users\BZT\Contacts\Casino.contact [16/09/2016 10:50:16] - |A| - [1161] - C:\Users\BZT\Contacts\Christophe Hamon (1).contact [16/09/2016 10:50:05] - |A| - [1156] - C:\Users\BZT\Contacts\Christophe Hamon.contact [16/09/2016 10:50:16] - |A| - [1137] - C:\Users\BZT\Contacts\CRCA (1).contact [16/09/2016 10:50:18] - |A| - [1137] - C:\Users\BZT\Contacts\CRCA (2).contact [16/09/2016 10:50:05] - |A| - [1141] - C:\Users\BZT\Contacts\CRCA.contact [31/12/2014 12:48:37] - |ASH| - [412] - C:\Users\BZT\Contacts\desktop (1).ini [04/06/2018 08:35:04] - |ASH| - [412] - C:\Users\BZT\Contacts\desktop.ini [16/09/2016 10:50:16] - |A| - [1164] - C:\Users\BZT\Contacts\Dominique Hamon (1).contact [16/09/2016 10:50:05] - |A| - [1166] - C:\Users\BZT\Contacts\Dominique Hamon.contact [16/09/2016 10:50:16] - |A| - [1157] - C:\Users\BZT\Contacts\Etienne ducreux.contact [16/09/2016 10:50:05] - |A| - [1171] - C:\Users\BZT\Contacts\etienne.ducreux@sfr.fr.contact [16/09/2016 10:50:05] - |A| - [1137] - C:\Users\BZT\Contacts\Florence.contact [16/09/2016 10:50:05] - |A| - [1152] - C:\Users\BZT\Contacts\florencebrizault.contact [16/09/2016 10:50:16] - |A| - [1141] - C:\Users\BZT\Contacts\Gaby Boyer.contact [17/09/2016 08:54:04] - |A| - [1110] - C:\Users\BZT\Contacts\gamiboyer@sfr.fr.contact [16/09/2016 10:50:05] - |A| - [1555] - C:\Users\BZT\Contacts\Geneviève CUZIAT.contact [16/09/2016 10:50:16] - |A| - [1147] - C:\Users\BZT\Contacts\Isabelle K..contact [16/09/2016 10:50:05] - |A| - [1144] - C:\Users\BZT\Contacts\Isabelle.contact [16/09/2016 10:50:16] - |A| - [1155] - C:\Users\BZT\Contacts\Jacques Métard.contact [16/09/2016 10:50:16] - |A| - [1155] - C:\Users\BZT\Contacts\Jeannette DCX.contact [16/09/2016 10:50:05] - |A| - [1405] - C:\Users\BZT\Contacts\joel pasquelin.contact [16/09/2016 10:50:16] - |A| - [1157] - C:\Users\BZT\Contacts\Laurence Poyer.contact [16/09/2016 10:50:16] - |A| - [1166] - C:\Users\BZT\Contacts\Laurent et Alexandra.contact [16/09/2016 10:50:05] - |A| - [895] - C:\Users\BZT\Contacts\live_mariehamon0305.contact [16/09/2016 10:50:05] - |A| - [1159] - C:\Users\BZT\Contacts\M. Catherine.contact [16/09/2016 10:50:05] - |A| - [1154] - C:\Users\BZT\Contacts\Marcel Martin.contact [16/09/2016 10:50:05] - |A| - [1171] - C:\Users\BZT\Contacts\Marie Catherine HAMON.contact [16/09/2016 10:50:14] - |A| - [1171] - C:\Users\BZT\Contacts\Marie france Kerambrun.contact [16/09/2016 10:50:05] - |A| - [1146] - C:\Users\BZT\Contacts\Olivier hamon (1).contact [16/09/2016 10:50:05] - |A| - [1161] - C:\Users\BZT\Contacts\Olivier Hamon.contact [16/09/2016 10:50:05] - |A| - [1144] - C:\Users\BZT\Contacts\Orange.contact [16/09/2016 10:50:16] - |A| - [1160] - C:\Users\BZT\Contacts\Ouest-france.fr (1).contact [16/09/2016 09:10:25] - |A| - [1121] - C:\Users\BZT\Contacts\Ouest-France.fr.contact [16/09/2016 10:50:05] - |A| - [1162] - C:\Users\BZT\Contacts\Philippe Pernette.contact [16/09/2016 10:50:05] - |A| - [1145] - C:\Users\BZT\Contacts\Réunica.contact [16/09/2016 10:50:05] - |A| - [1155] - C:\Users\BZT\Contacts\thomas guerrier.contact [16/09/2016 10:50:05] - |A| - [1149] - C:\Users\BZT\Contacts\TomTom.contact [16/09/2016 10:50:16] - |A| - [873] - C:\Users\BZT\Contacts\tomtomax.contact [16/09/2016 10:50:16] - |A| - [875] - C:\Users\BZT\Contacts\webmaster.contact ---------- | [Cookies] ---------- | [Desktop] [23/06/2016 18:06:59] - |ASH| - [282] - C:\Users\BZT\Desktop\desktop (1).ini [04/06/2018 08:35:04] - |ASH| - [282] - C:\Users\BZT\Desktop\desktop.ini [15/09/2019 09:20:38] - |A| - [5179800] - C:\Users\BZT\Desktop\QuickDiag.exe [14/09/2019 15:36:24] - |A| - [1839] - C:\Users\BZT\Desktop\ZHPCleaner (S).txt [14/09/2019 16:08:02] - |A| - [273049] - C:\Users\BZT\Desktop\ZHPDiag.txt ---------- | [Documents] [21/04/2019 14:52:39] - |A| - [41914] - C:\Users\BZT\Documents\-4649-r-z.gif [21/04/2019 14:52:39] - |A| - [23109] - C:\Users\BZT\Documents\A004.gif [21/04/2019 14:52:39] - |A| - [7790] - C:\Users\BZT\Documents\alain[1].gif [21/04/2019 14:52:39] - |A| - [1664949] - C:\Users\BZT\Documents\Annotation.png [21/04/2019 14:50:52] - |D| - [44742045] - C:\Users\BZT\Documents\Basse Mer [05/09/2019 08:16:36] - |D| - [5639400] - C:\Users\BZT\Documents\Blocs-notes OneNote [21/04/2019 14:52:39] - |A| - [173] - C:\Users\BZT\Documents\Clés.txt [21/04/2019 14:52:39] - |A| - [2987] - C:\Users\BZT\Documents\contacts.csv [04/06/2018 08:35:04] - |ASH| - [402] - C:\Users\BZT\Documents\desktop.ini [27/05/2019 19:14:30] - |D| - [245] - C:\Users\BZT\Documents\Fax [21/04/2019 14:50:55] - |D| - [517246] - C:\Users\BZT\Documents\FS2004NoCD [21/04/2019 14:50:55] - |D| - [784495299] - C:\Users\BZT\Documents\HiSuite [21/04/2019 14:50:52] - |A| - [2359350] - C:\Users\BZT\Documents\Ile (2).bmp [21/04/2019 14:50:52] - |A| - [20554] - C:\Users\BZT\Documents\Image3.jpg [21/04/2019 14:50:52] - |A| - [1254148] - C:\Users\BZT\Documents\img022.jpg [21/04/2019 14:50:52] - |A| - [458028] - C:\Users\BZT\Documents\img20190407_19291867.jpg [02/09/2019 08:56:24] - |A| - [521222] - C:\Users\BZT\Documents\img20190902_08565706.jpg [02/09/2019 08:57:19] - |A| - [635658] - C:\Users\BZT\Documents\img20190902_08574623.jpg [05/06/2019 21:26:51] - |SHD| - [0] - C:\Users\BZT\Documents\Ma musique [21/04/2019 14:50:52] - |A| - [1166] - C:\Users\BZT\Documents\Manuels EPSON.lnk [21/04/2019 14:51:17] - |D| - [1258216598] - C:\Users\BZT\Documents\mb_driver_chipset_am1_18.30.18 [05/06/2019 21:26:51] - |SHD| - [0] - C:\Users\BZT\Documents\Mes images [05/06/2019 21:26:51] - |SHD| - [0] - C:\Users\BZT\Documents\Mes vidéos [21/04/2019 14:52:08] - |D| - [19427144] - C:\Users\BZT\Documents\MONEY [21/04/2019 14:52:11] - |D| - [7769074] - C:\Users\BZT\Documents\My Art [22/05/2019 16:03:40] - |SHD| - [0] - C:\Users\BZT\Documents\My Music [21/04/2019 14:52:11] - |D| - [0] - C:\Users\BZT\Documents\My NPS Files [22/05/2019 16:03:40] - |SHD| - [0] - C:\Users\BZT\Documents\My Pictures [22/05/2019 16:03:40] - |SHD| - [0] - C:\Users\BZT\Documents\My Videos [21/04/2019 14:52:12] - |D| - [5368585] - C:\Users\BZT\Documents\My Widgets [21/04/2019 14:52:07] - |D| - [5776927] - C:\Users\BZT\Documents\Médical [21/04/2019 14:50:52] - |A| - [184002] - C:\Users\BZT\Documents\neige.jpg [21/04/2019 14:52:12] - |RD| - [83] - C:\Users\BZT\Documents\Notes [21/04/2019 14:52:12] - |D| - [38408907] - C:\Users\BZT\Documents\Nouveau dossiers [21/04/2019 14:50:52] - |A| - [6156697] - C:\Users\BZT\Documents\Patrimoine.ppsx [05/09/2019 08:15:01] - |D| - [340318] - C:\Users\BZT\Documents\PdS [21/04/2019 14:50:52] - |A| - [899686] - C:\Users\BZT\Documents\Photo 422.jpg [21/04/2019 14:50:52] - |A| - [103349] - C:\Users\BZT\Documents\Photo0575.jpg [21/04/2019 14:52:13] - |D| - [853874] - C:\Users\BZT\Documents\Registre [30/08/2019 08:18:48] - |D| - [3725674] - C:\Users\BZT\Documents\S.C.I [21/04/2019 14:52:13] - |D| - [60714333] - C:\Users\BZT\Documents\Sample Pictures [21/04/2019 14:52:16] - |D| - [3048556] - C:\Users\BZT\Documents\Scanned Documents [21/04/2019 14:52:16] - |D| - [229825043] - C:\Users\BZT\Documents\Scrabble2009 [14/09/2019 11:34:26] - |D| - [71542] - C:\Users\BZT\Documents\Simply Super Software [21/04/2019 14:52:34] - |D| - [42398442] - C:\Users\BZT\Documents\Téléchargements [21/04/2019 14:52:37] - |D| - [20573838] - C:\Users\BZT\Documents\Videos [21/04/2019 14:52:38] - |D| - [16090043] - C:\Users\BZT\Documents\WDDriveUtilitiesSetup_for_web_2.0.0.25 [21/04/2019 14:52:38] - |D| - [15370239] - C:\Users\BZT\Documents\WDSecuritySetup_for_web_1.4.3.37 ---------- | [Downloads] [06/09/2019 16:00:42] - |A| - [7636680] - C:\Users\BZT\Downloads\adwcleaner_7.4.1.exe [21/04/2019 14:54:44] - |A| - [8026592] - C:\Users\BZT\Downloads\ausdiskdefragportable.exe [13/08/2019 20:37:26] - |A| - [1487761] - C:\Users\BZT\Downloads\Capture.PNG [21/04/2019 14:54:44] - |A| - [61128332] - C:\Users\BZT\Downloads\Comment monter une tête thermostatique programmable COMAP .mp4 [31/12/2014 12:48:37] - |ASH| - [282] - C:\Users\BZT\Downloads\desktop (1).ini [04/06/2018 08:35:04] - |ASH| - [282] - C:\Users\BZT\Downloads\desktop.ini [21/04/2019 14:54:46] - |A| - [242992] - C:\Users\BZT\Downloads\DriversCloud_Win.exe [21/04/2019 14:54:19] - |A| - [6976632] - C:\Users\BZT\Downloads\ESETOnlineScanner_FRA.exe [10/09/2019 08:03:23] - |A| - [70385] - C:\Users\BZT\Downloads\FactureAirFrance09092019.pdf [21/04/2019 14:54:19] - |A| - [153807839] - C:\Users\BZT\Downloads\Jeux_Windows7_pour_Windows10.exe [21/04/2019 14:54:23] - |A| - [1790024] - C:\Users\BZT\Downloads\JRT.exe [14/09/2019 16:19:36] - |A| - [168171304] - C:\Users\BZT\Downloads\KVRT(1).exe [21/04/2019 14:54:23] - |A| - [3598128] - C:\Users\BZT\Downloads\marineaquarium3.exe [21/04/2019 14:54:37] - |D| - [117478465] - C:\Users\BZT\Downloads\PDF [21/04/2019 14:54:23] - |A| - [6631920] - C:\Users\BZT\Downloads\Renault Média Nav -- Comment mettre à jour vos cartes.mp4 [16/06/2019 14:35:45] - |A| - [74563712] - C:\Users\BZT\Downloads\RenaultMediaNavEvolutionToolbox-inst.exe [06/06/2019 11:02:36] - |A| - [15848344] - C:\Users\BZT\Downloads\widgetsus.exe [21/04/2019 14:54:24] - |A| - [45056] - C:\Users\BZT\Downloads\winaskey.exe [14/09/2019 17:48:02] - |A| - [272520305] - C:\Users\BZT\Downloads\windows10.0-kb4512508-x64_1893edc9a11d760be11e49d2500170ceee8026d7.msu [14/09/2019 18:05:00] - |A| - [276293073] - C:\Users\BZT\Downloads\windows10.0-kb4515384-x64_d7e55a2589b1c603138c533b27b0d1222de975db.msu [14/09/2019 11:10:24] - |A| - [1697715] - C:\Users\BZT\Downloads\Winver1.PNG [21/04/2019 14:54:24] - |A| - [46682] - C:\Users\BZT\Downloads\wushowhide.diagcab [22/08/2019 15:20:03] - |A| - [3120512] - C:\Users\BZT\Downloads\ZHPCleaner.exe ---------- | [Favorites] [04/01/2015 16:44:08] - |D| - [961] - C:\Users\BZT\Favorites\BANQUE [04/01/2015 16:44:06] - |D| - [5252] - C:\Users\BZT\Favorites\Barre personnelle [05/01/2018 09:48:13] - |A| - [208] - C:\Users\BZT\Favorites\Bing.url [29/01/2015 19:40:37] - |ASH| - [402] - C:\Users\BZT\Favorites\desktop (1).ini [04/06/2018 08:35:04] - |ASH| - [402] - C:\Users\BZT\Favorites\desktop.ini [04/01/2015 16:44:07] - |D| - [1999] - C:\Users\BZT\Favorites\INFO SYSTEME [04/01/2015 16:44:07] - |D| - [7178] - C:\Users\BZT\Favorites\INFORMATIQUE [04/06/2018 08:35:04] - |RD| - [2162] - C:\Users\BZT\Favorites\Links [04/06/2018 08:35:04] - |D| - [224] - C:\Users\BZT\Favorites\Links for United States [04/01/2015 16:44:08] - |D| - [2168] - C:\Users\BZT\Favorites\MAISON [04/01/2015 16:44:06] - |D| - [5160] - C:\Users\BZT\Favorites\Marque-pages non classés [04/06/2018 08:35:04] - |D| - [0] - C:\Users\BZT\Favorites\Microsoft Websites [04/06/2018 08:35:04] - |D| - [0] - C:\Users\BZT\Favorites\MSN Websites [04/01/2015 16:44:07] - |D| - [910] - C:\Users\BZT\Favorites\ORANGE [04/01/2015 16:44:08] - |D| - [2302] - C:\Users\BZT\Favorites\PERSONNEL [04/01/2015 16:44:07] - |D| - [3803] - C:\Users\BZT\Favorites\PRATIQUE [04/01/2015 16:44:07] - |D| - [4624] - C:\Users\BZT\Favorites\VIDEOS [13/02/2016 11:34:01] - |A| - [251] - C:\Users\BZT\Favorites\Windows 10 WindowsFacile.fr.URL [04/06/2018 08:35:04] - |D| - [0] - C:\Users\BZT\Favorites\Windows Live ---------- | [Links] [04/06/2018 08:35:04] - |SH| - [580] - C:\Users\BZT\Links\desktop.ini [31/12/2014 12:48:37] - |A| - [493] - C:\Users\BZT\Links\Desktop.lnk [31/12/2014 12:48:37] - |A| - [946] - C:\Users\BZT\Links\Downloads.lnk [31/12/2014 12:48:37] - |A| - [383] - C:\Users\BZT\Links\RecentPlaces.lnk ---------- | [Local Settings] ---------- | [LogiShrd] [04/12/2012 23:52:36] - |D| - [0] - C:\Users\BZT\LogiShrd\SetPoint ---------- | [Menu Démarrer] ---------- | [Mes documents] ---------- | [MicrosoftEdgeBackups] [18/10/2017 11:33:36] - |D| - [4738736] - C:\Users\BZT\MicrosoftEdgeBackups\backups ---------- | [Modèles] ---------- | [Music] [29/01/2015 19:40:37] - |ASH| - [504] - C:\Users\BZT\Music\desktop (1).ini [04/06/2018 08:35:04] - |ASH| - [504] - C:\Users\BZT\Music\desktop.ini [05/04/2015 22:51:05] - |A| - [7262720] - C:\Users\BZT\Music\EL ROCIO.pps [31/12/2014 21:07:58] - |D| - [1659] - C:\Users\BZT\Music\Playlists ---------- | [Nouveau dossier] ---------- | [OneDrive] [05/06/2019 21:56:07] - |D| - [0] - C:\Users\BZT\OneDrive\Desktop [05/08/2016 11:02:58] - |D| - [966908989] - C:\Users\BZT\OneDrive\Documents [05/08/2016 11:02:56] - |D| - [25899861] - C:\Users\BZT\OneDrive\Images [05/08/2016 11:02:58] - |D| - [0] - C:\Users\BZT\OneDrive\Musique [18/10/2017 11:56:22] - |D| - [0] - C:\Users\BZT\OneDrive\Pièces jointes [05/08/2016 11:02:58] - |D| - [0] - C:\Users\BZT\OneDrive\Public ---------- | [Pictures] [10/09/2016 09:21:12] - |A| - [159165] - C:\Users\BZT\Pictures\0.jpg [13/01/2015 23:56:49] - |A| - [7896] - C:\Users\BZT\Pictures\01.jpg [09/04/2016 09:09:41] - |A| - [543382] - C:\Users\BZT\Pictures\017.jpg [31/12/2014 16:06:43] - |A| - [981890] - C:\Users\BZT\Pictures\1.bmp [31/12/2014 16:06:43] - |A| - [9270] - C:\Users\BZT\Pictures\10.jpg [11/10/2016 17:49:03] - |A| - [12442] - C:\Users\BZT\Pictures\11.JPG [11/10/2016 17:48:37] - |A| - [11529] - C:\Users\BZT\Pictures\12.JPG [04/12/2017 12:00:03] - |A| - [2062728] - C:\Users\BZT\Pictures\13-07-05_-port-blanc-012-1-230.jpg [04/12/2017 12:00:03] - |A| - [193866] - C:\Users\BZT\Pictures\164473.jpg [31/12/2014 16:06:43] - |A| - [113356] - C:\Users\BZT\Pictures\2.JPG [02/12/2017 09:20:12] - |D| - [216401603] - C:\Users\BZT\Pictures\2013-06 [02/12/2017 09:19:55] - |D| - [333773689] - C:\Users\BZT\Pictures\2013-07 [02/12/2017 09:19:58] - |D| - [15375697] - C:\Users\BZT\Pictures\2013-08 [02/12/2017 09:20:00] - |D| - [1116863059] - C:\Users\BZT\Pictures\2017-03 [01/04/2017 14:16:55] - |A| - [2044660] - C:\Users\BZT\Pictures\2017-04-01-14-16-55.png [02/12/2017 09:20:06] - |D| - [12481063] - C:\Users\BZT\Pictures\2017-05 [02/12/2017 09:19:55] - |D| - [3888255] - C:\Users\BZT\Pictures\2017-12 [16/07/2017 11:21:34] - |A| - [354763] - C:\Users\BZT\Pictures\20170710_133430 (2).jpg [11/07/2017 16:03:28] - |A| - [312338] - C:\Users\BZT\Pictures\20170710_133430.jpg [31/12/2014 16:06:43] - |A| - [660153] - C:\Users\BZT\Pictures\3.JPG [21/08/2019 08:36:18] - |A| - [172337] - C:\Users\BZT\Pictures\39eedb4d79182dbe1a29fd3abdc3dce4-nos-idees-de-sorties-pour-ce-mercredi-dans-le-tregor (4).jpg [31/12/2014 16:06:43] - |A| - [81124] - C:\Users\BZT\Pictures\4.JPG [31/12/2014 16:06:43] - |A| - [1057526] - C:\Users\BZT\Pictures\5.bmp [31/12/2014 16:06:43] - |A| - [74352] - C:\Users\BZT\Pictures\6.jpg [31/12/2014 16:06:43] - |A| - [99853] - C:\Users\BZT\Pictures\7.png [31/12/2014 16:06:43] - |A| - [70161] - C:\Users\BZT\Pictures\8.jpg [31/12/2014 16:06:43] - |A| - [27023] - C:\Users\BZT\Pictures\9.JPG [20/09/2016 17:27:30] - |A| - [2251247] - C:\Users\BZT\Pictures\91434005.jpg [17/12/2017 21:05:51] - |D| - [0] - C:\Users\BZT\Pictures\Amazing Lock Screen [03/03/2017 14:36:55] - |A| - [1306779] - C:\Users\BZT\Pictures\asset.JPG [03/03/2017 14:36:55] - |A| - [247537] - C:\Users\BZT\Pictures\asset1.JPG [28/08/2016 08:53:51] - |A| - [1775154] - C:\Users\BZT\Pictures\asseta.JPG [23/06/2016 22:46:18] - |D| - [14490736] - C:\Users\BZT\Pictures\Camera Roll [03/03/2017 14:36:55] - |A| - [34227] - C:\Users\BZT\Pictures\Capture0.JPG [03/03/2017 14:36:55] - |A| - [66785] - C:\Users\BZT\Pictures\Capture1.JPG [31/03/2017 15:12:05] - |A| - [8136217] - C:\Users\BZT\Pictures\Connaisez vous Cuers.ppsx [16/07/2017 11:19:27] - |A| - [405909] - C:\Users\BZT\Pictures\Copie de 20170710_133430.jpgv.jpg [29/01/2015 19:40:37] - |ASH| - [504] - C:\Users\BZT\Pictures\desktop (1).ini [04/06/2018 08:35:04] - |ASH| - [504] - C:\Users\BZT\Pictures\desktop.ini [08/08/2019 20:08:16] - |D| - [9949364] - C:\Users\BZT\Pictures\Download [17/07/2019 22:55:38] - |A| - [6756688] - C:\Users\BZT\Pictures\DSC_2524.JPG [17/07/2019 22:55:18] - |A| - [6534562] - C:\Users\BZT\Pictures\DSC_2527.JPG [17/07/2019 22:55:28] - |A| - [5717112] - C:\Users\BZT\Pictures\DSC_2545.JPG [27/08/2016 09:18:23] - |A| - [22967] - C:\Users\BZT\Pictures\Eccuson Marine Nationale 2015.jpg [19/08/2019 08:33:50] - |A| - [777450] - C:\Users\BZT\Pictures\Evan.JPG [03/03/2017 14:37:08] - |D| - [103421] - C:\Users\BZT\Pictures\Fax [28/04/2017 17:41:18] - |D| - [0] - C:\Users\BZT\Pictures\Feedback [11/10/2017 17:43:35] - |A| - [2132046] - C:\Users\BZT\Pictures\file-4.jpeg [04/03/2017 12:24:42] - |A| - [14368] - C:\Users\BZT\Pictures\images.jpg [04/03/2017 12:45:48] - |A| - [1051890] - C:\Users\BZT\Pictures\img044.jpg [13/08/2016 17:52:06] - |A| - [17565154] - C:\Users\BZT\Pictures\IMG_1877.MOV [11/10/2017 17:43:07] - |A| - [1970854] - C:\Users\BZT\Pictures\IMG_20161229_155120.jpg [01/04/2017 14:32:37] - |A| - [989800] - C:\Users\BZT\Pictures\IMG_20170401_102026_BURST001_COVER.jpg [11/07/2017 16:06:11] - |A| - [4476722] - C:\Users\BZT\Pictures\IMG_20170701_152035.jpg [11/07/2017 16:06:13] - |A| - [3166467] - C:\Users\BZT\Pictures\IMG_20170703_151137.jpg [11/07/2017 16:06:15] - |A| - [3260511] - C:\Users\BZT\Pictures\IMG_20170703_151404.jpg [11/07/2017 16:06:17] - |A| - [3322551] - C:\Users\BZT\Pictures\IMG_20170703_152831.jpg [11/07/2017 16:06:19] - |A| - [3500382] - C:\Users\BZT\Pictures\IMG_20170703_152914.jpg [11/07/2017 16:06:20] - |A| - [2338648] - C:\Users\BZT\Pictures\IMG_20170703_153037.jpg [11/07/2017 16:06:22] - |A| - [2910322] - C:\Users\BZT\Pictures\IMG_20170704_150025.jpg [16/07/2019 08:42:43] - |A| - [1582204] - C:\Users\BZT\Pictures\IMG_20170704_150052 (2).jpg [11/07/2017 16:06:24] - |A| - [2689900] - C:\Users\BZT\Pictures\IMG_20170704_150052.jpg [11/07/2017 16:06:25] - |A| - [5024084] - C:\Users\BZT\Pictures\IMG_20170704_150117.jpg [22/08/2017 11:42:53] - |A| - [219730] - C:\Users\BZT\Pictures\IMG_20170820_152452_BURST001_COVER.jpg [14/08/2019 16:04:23] - |A| - [4235604] - C:\Users\BZT\Pictures\IMG_20190814_144021.jpg [14/08/2019 16:04:22] - |A| - [4146112] - C:\Users\BZT\Pictures\IMG_20190814_144024.jpg [14/08/2019 16:04:22] - |A| - [3492811] - C:\Users\BZT\Pictures\IMG_20190814_144235.jpg [15/08/2019 11:03:56] - |A| - [1924866] - C:\Users\BZT\Pictures\IMG_20190815_093911 (2).jpg [15/08/2019 10:58:30] - |A| - [3319328] - C:\Users\BZT\Pictures\IMG_20190815_093911.jpg [15/08/2019 10:58:30] - |A| - [4054289] - C:\Users\BZT\Pictures\IMG_20190815_101837.jpg [06/09/2019 08:07:15] - |A| - [4038990] - C:\Users\BZT\Pictures\IMG_20190905_144347.jpg [06/09/2019 08:22:08] - |A| - [3743660] - C:\Users\BZT\Pictures\IMG_20190905_144347_LI.jpg [06/09/2019 08:07:04] - |A| - [1813074] - C:\Users\BZT\Pictures\IMG_20190905_184823.jpg [06/09/2019 08:07:26] - |A| - [1792426] - C:\Users\BZT\Pictures\IMG_20190905_184828.jpg [21/06/2016 13:00:15] - |D| - [0] - C:\Users\BZT\Pictures\Logitech Webcam [01/09/2019 07:50:25] - |A| - [1051959] - C:\Users\BZT\Pictures\M2.JPG [01/09/2019 07:51:01] - |A| - [1502221] - C:\Users\BZT\Pictures\M4.JPG [01/09/2019 07:52:03] - |A| - [1464727] - C:\Users\BZT\Pictures\M7.JPG [01/09/2019 07:52:22] - |A| - [1476706] - C:\Users\BZT\Pictures\M8.JPG [23/09/2016 15:55:35] - |A| - [638206] - C:\Users\BZT\Pictures\PAN CDG.jpg [11/10/2016 15:38:51] - |A| - [7710012] - C:\Users\BZT\Pictures\Parc O Riquier.ppsx [16/07/2019 08:20:15] - |A| - [4456478] - C:\Users\BZT\Pictures\pepitpicture-0.jpg [16/07/2019 08:20:23] - |A| - [5035307] - C:\Users\BZT\Pictures\pepitpicture-1.jpg [15/08/2017 09:09:57] - |A| - [1194213] - C:\Users\BZT\Pictures\Photo0041.jpg [04/12/2017 12:00:03] - |A| - [781503] - C:\Users\BZT\Pictures\Photo01.jpg [04/12/2017 12:00:03] - |A| - [1980604] - C:\Users\BZT\Pictures\Photo03.jpg [04/12/2017 12:00:03] - |A| - [928254] - C:\Users\BZT\Pictures\Photo04.jpg [15/08/2017 08:49:55] - |A| - [1717119] - C:\Users\BZT\Pictures\Photo0641.jpg [04/07/2016 22:34:03] - |A| - [2053810] - C:\Users\BZT\Pictures\photo1.JPG [04/07/2016 22:34:18] - |A| - [231421] - C:\Users\BZT\Pictures\photo2.JPG [04/07/2016 22:34:35] - |A| - [2083484] - C:\Users\BZT\Pictures\photo3.JPG [04/07/2016 22:34:55] - |A| - [2100641] - C:\Users\BZT\Pictures\photo4.JPG [10/09/2017 19:44:38] - |A| - [1983492] - C:\Users\BZT\Pictures\photo_1 (2).JPG [10/09/2017 19:45:16] - |A| - [10557979] - C:\Users\BZT\Pictures\photo_1(1).JPG [10/09/2017 19:45:39] - |A| - [7034930] - C:\Users\BZT\Pictures\photo_1(2).JPG [11/10/2017 17:42:51] - |A| - [783479] - C:\Users\BZT\Pictures\photo_1(3).JPG [07/09/2017 19:00:33] - |A| - [3154365] - C:\Users\BZT\Pictures\photo_1.JPG [10/09/2017 19:44:49] - |A| - [646900] - C:\Users\BZT\Pictures\photo_2 (2).JPG [07/09/2017 19:00:54] - |A| - [1833471] - C:\Users\BZT\Pictures\photo_2.JPG [10/09/2017 19:44:55] - |A| - [2568912] - C:\Users\BZT\Pictures\photo_3 (2).JPG [07/09/2017 19:01:04] - |A| - [1804290] - C:\Users\BZT\Pictures\photo_3.JPG [07/09/2017 19:01:10] - |A| - [1631364] - C:\Users\BZT\Pictures\photo_4.JPG [24/06/2019 08:02:19] - |A| - [1076021] - C:\Users\BZT\Pictures\Plan d'eau (2).jpg [05/10/2017 15:47:34] - |D| - [6922437] - C:\Users\BZT\Pictures\Raptr Screenshots [06/09/2019 09:10:21] - |A| - [2154456] - C:\Users\BZT\Pictures\Sans titre.png [23/06/2016 22:46:18] - |D| - [2039503] - C:\Users\BZT\Pictures\Saved Pictures [04/01/2018 12:47:19] - |D| - [10242821] - C:\Users\BZT\Pictures\Vidéos_exportées ---------- | [Recent] ---------- | [Saved Games] [31/12/2014 12:48:37] - |ASH| - [282] - C:\Users\BZT\Saved Games\desktop (1).ini [04/06/2018 08:35:04] - |ASH| - [282] - C:\Users\BZT\Saved Games\desktop.ini [31/12/2014 22:24:22] - |RD| - [83] - C:\Users\BZT\Saved Games\Microsoft Games ---------- | [Searches] [05/06/2019 21:50:40] - |ASH| - [524] - C:\Users\BZT\Searches\desktop.ini [05/06/2019 21:50:44] - |RAH| - [248] - C:\Users\BZT\Searches\Everywhere.search-ms [05/06/2019 21:50:44] - |RAH| - [248] - C:\Users\BZT\Searches\Indexed Locations.search-ms [07/09/2019 19:14:46] - |A| - [866] - C:\Users\BZT\Searches\oneindex--{S-1-5-21-3951195138-895905141-1799569697-1005}-.searchconnector-ms [05/06/2019 21:53:20] - |A| - [855] - C:\Users\BZT\Searches\winrt--{S-1-5-21-3951195138-895905141-1799569697-1005}-.searchconnector-ms ---------- | [SendTo] ---------- | [Tracing] [24/06/2016 14:15:42] - |D| - [143097856] - C:\Users\BZT\Tracing\WPPMedia ---------- | [Videos] [24/06/2016 09:12:05] - |RD| - [190] - C:\Users\BZT\Videos\Captures [31/12/2014 12:48:37] - || - [504] - C:\Users\BZT\Videos\desktop (1).ini [04/06/2018 08:35:04] - |ASH| - [504] - C:\Users\BZT\Videos\desktop.ini [10/09/2016 15:33:18] - |D| - [1060227246] - C:\Users\BZT\Videos\Les 153 communes [09/09/2016 11:38:03] - || - [650687590] - C:\Users\BZT\Videos\Les 153 communes varoises.MP4 [05/02/2015 21:21:33] - |D| - [0] - C:\Users\BZT\Videos\Logitech Webcam [05/10/2017 15:47:32] - |D| - [0] - C:\Users\BZT\Videos\PlaysTV [02/02/2015 15:34:32] - |D| - [0] - C:\Users\BZT\Videos\Raptr [21/04/2019 14:52:11] - |A| - [4880085] - C:\Users\BZT\Videos\Rues de Cuers.ppsx [10/09/2016 15:33:19] - || - [1073739776] - C:\Users\BZT\Videos\VTS_01_1.VOB ---------- | [Voisinage d'impression] ---------- | [Voisinage réseau] ---------- | C:\ProgramData [06/06/2019 06:46:03] - |D| - [429194788] - C:\ProgramData\Adobe [05/06/2019 21:37:25] - |SHD| - [0] - C:\ProgramData\Application Data [06/07/2019 15:35:31] - |D| - [187] - C:\ProgramData\ATI [09/08/2019 08:27:49] - |D| - [0] - C:\ProgramData\Audyssey Labs [05/06/2019 21:37:25] - |SHD| - [0] - C:\ProgramData\Bureau [05/06/2019 21:37:25] - |SHD| - [0] - C:\ProgramData\Documents [05/06/2019 21:20:25] - |AH| - [0] - C:\ProgramData\DP45977C.lfl [06/06/2019 06:57:58] - |D| - [2747746] - C:\ProgramData\DriversCloud.com [06/06/2019 08:34:14] - |D| - [17256384] - C:\ProgramData\Epson [14/09/2019 16:32:40] - |D| - [762266] - C:\ProgramData\F-Secure [05/06/2019 21:37:25] - |SHD| - [0] - C:\ProgramData\Favoris [14/09/2019 11:36:03] - |D| - [147] - C:\ProgramData\Licenses [06/06/2019 08:56:20] - |D| - [23059735] - C:\ProgramData\Logishrd [06/06/2019 06:53:50] - |D| - [30193889] - C:\ProgramData\Malwarebytes [05/06/2019 21:37:25] - |SHD| - [0] - C:\ProgramData\Menu Démarrer [05/06/2019 21:49:15] - |SD| - [802688855] - C:\ProgramData\Microsoft [06/06/2019 07:14:53] - |D| - [57676] - C:\ProgramData\Microsoft Help [12/06/2019 12:50:22] - |D| - [25] - C:\ProgramData\Microsoft OneDrive [05/06/2019 21:37:25] - |SHD| - [0] - C:\ProgramData\Modèles [05/06/2019 22:06:58] - |D| - [24502] - C:\ProgramData\Mozilla [14/09/2019 08:47:34] - |RASH| - [290] - C:\ProgramData\ntuser.pol [06/06/2019 09:00:42] - |D| - [40489795] - C:\ProgramData\Package Cache [05/06/2019 21:51:40] - |D| - [401408] - C:\ProgramData\Packages [05/06/2019 21:49:15] - |D| - [995] - C:\ProgramData\regid.1991-06.com.microsoft [12/08/2019 20:14:15] - |D| - [89182823] - C:\ProgramData\RogueKiller [05/06/2019 21:49:15] - |D| - [0] - C:\ProgramData\SoftwareDistribution [06/06/2019 17:58:54] - |D| - [4176] - C:\ProgramData\SystemAcCrux [14/09/2019 11:36:02] - |AD| - [4] - C:\ProgramData\TEMP [23/08/2019 11:13:00] - |D| - [2103] - C:\ProgramData\Unchecky [05/06/2019 21:49:15] - |D| - [10945] - C:\ProgramData\USOPrivate [05/06/2019 21:20:05] - |D| - [15613952] - C:\ProgramData\USOShared [05/06/2019 21:49:15] - |D| - [0] - C:\ProgramData\WindowsHolographicDevices ---------- | C:\ProgramData\Microsoft\Windows\Start Menu [05/06/2019 21:49:21] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini [29/01/2015 19:39:56] - |SHD| - [173530] - C:\ProgramData\Microsoft\Windows\Start Menu\Programmes [05/06/2019 21:49:15] - |RD| - [173530] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs [05/06/2019 21:49:15] - |RD| - [1614] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility [05/06/2019 21:49:15] - |RD| - [19515] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories [17/11/2017 09:23:29] - |A| - [2487] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC (1).lnk [17/11/2017 09:23:29] - |A| - [2457] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk [22/02/2017 12:26:35] - |A| - [2487] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC (1).lnk [22/02/2017 12:26:35] - |A| - [1693] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk [05/06/2019 21:49:15] - |RD| - [24236] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [04/07/2019 16:07:49] - |D| - [4299] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center [30/11/2017 16:47:36] - |D| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings [27/11/2017 14:34:25] - |D| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS [05/06/2019 09:00:07] - |D| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [14/11/2017 16:54:23] - |D| - [968] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [11/02/2017 21:21:18] - |D| - [1252] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo [05/06/2019 21:49:21] - |ASH| - [400] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini [30/09/2017 08:39:34] - |D| - [3920] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriversCloud.com [22/04/2019 10:26:01] - |D| - [2691] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Todo Backup 11.5 [06/11/2014 14:52:29] - |D| - [2652] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON [06/11/2014 14:52:47] - |D| - [2402] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software [05/06/2019 22:07:02] - |A| - [1010] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk [06/06/2019 15:34:15] - |D| - [12674] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games [25/10/2016 15:45:08] - |D| - [3216] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro [06/06/2019 11:13:43] - |A| - [2258] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk [06/09/2019 08:02:52] - |D| - [1845] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HiSuite [19/03/2019 06:46:39] - |AS| - [2349] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk [13/08/2014 15:01:04] - |D| - [2400] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech [05/06/2019 21:49:15] - |D| - [170] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance [04/07/2019 20:11:42] - |D| - [3906] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes [05/06/2019 22:39:49] - |A| - [1417] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Money.lnk [25/07/2017 22:07:39] - |D| - [48600] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [24/01/2015 00:11:52] - |D| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [05/06/2019 22:23:54] - |A| - [1283] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk [24/08/2016 17:32:14] - |D| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Orange [06/06/2019 09:01:12] - |D| - [1434] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paramètres de la caméra Logitech [02/12/2016 09:59:13] - |D| - [3429] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller [12/08/2019 20:14:10] - |D| - [922] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller [11/11/2017 16:52:25] - |D| - [1362] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [17/06/2019 09:39:25] - |D| - [940] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy [05/06/2019 21:49:15] - |RD| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp [05/06/2019 21:49:15] - |RD| - [1458] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools [27/04/2016 07:29:00] - |RHD| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC [23/08/2019 11:13:00] - |D| - [2109] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky [16/09/2014 15:37:18] - |A| - [2545] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visionneuse Microsoft PowerPoint (1).lnk [16/09/2014 15:37:18] - |A| - [2573] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visionneuse Microsoft PowerPoint .lnk [31/03/2016 15:09:41] - |D| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital [04/08/2014 17:43:21] - |D| - [49] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap [05/07/2012 16:28:17] - |D| - [2334] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Widgets ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [05/06/2019 21:49:21] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | C:\Program Files (x86) [06/06/2019 06:46:47] - |D| - [356083433] - C:\Program Files (x86)\Adobe [31/07/2019 08:37:13] - |D| - [8952] - C:\Program Files (x86)\AMD [04/07/2019 16:07:15] - |D| - [106367910] - C:\Program Files (x86)\ATI Technologies [14/09/2019 16:40:59] - |D| - [0] - C:\Program Files (x86)\BraveSoftware [05/06/2019 21:49:15] - |D| - [454366904] - C:\Program Files (x86)\Common Files [06/06/2019 14:21:25] - |D| - [13327546] - C:\Program Files (x86)\CrystalDiskInfo [05/06/2019 21:49:18] - |ASH| - [174] - C:\Program Files (x86)\desktop.ini [06/06/2019 17:56:20] - |D| - [719568757] - C:\Program Files (x86)\EaseUS [06/06/2019 08:38:31] - |D| - [136493955] - C:\Program Files (x86)\epson [06/06/2019 08:39:38] - |D| - [17247436] - C:\Program Files (x86)\EPSON Software [06/06/2019 11:12:36] - |D| - [72756504] - C:\Program Files (x86)\Google [06/09/2019 08:02:24] - |D| - [81836480] - C:\Program Files (x86)\HiSuite [06/06/2019 08:38:54] - |HD| - [22355129] - C:\Program Files (x86)\InstallShield Installation Information [05/06/2019 21:49:15] - |D| - [1163903] - C:\Program Files (x86)\Internet Explorer [06/06/2019 07:02:59] - |D| - [249872600] - C:\Program Files (x86)\Microsoft [05/06/2019 22:39:47] - |D| - [79497089] - C:\Program Files (x86)\Microsoft Money 2005 [06/06/2019 07:14:53] - |D| - [408542614] - C:\Program Files (x86)\Microsoft Office [06/06/2019 07:19:46] - |D| - [3726168] - C:\Program Files (x86)\Microsoft Works [05/06/2019 21:49:15] - |D| - [8175999] - C:\Program Files (x86)\Microsoft.NET [05/06/2019 22:07:02] - |D| - [517140] - C:\Program Files (x86)\Mozilla Maintenance Service [05/06/2019 22:23:45] - |D| - [132678841] - C:\Program Files (x86)\Mozilla Thunderbird [05/06/2019 21:56:33] - |D| - [25757] - C:\Program Files (x86)\MSBuild [06/06/2019 08:36:28] - |D| - [66546585] - C:\Program Files (x86)\MSECache [26/06/2019 19:23:34] - |D| - [12194077] - C:\Program Files (x86)\Realtek [05/06/2019 21:56:33] - |D| - [38462721] - C:\Program Files (x86)\Reference Assemblies [15/06/2019 18:06:09] - |D| - [159510354] - C:\Program Files (x86)\RenaultAutomotive [07/08/2019 09:15:00] - |HD| - [0] - C:\Program Files (x86)\Temp [23/08/2019 11:12:59] - |D| - [5239468] - C:\Program Files (x86)\Unchecky [05/06/2019 21:49:15] - |D| - [1794064] - C:\Program Files (x86)\Windows Defender [05/06/2019 21:49:15] - |D| - [625664] - C:\Program Files (x86)\Windows Mail [05/06/2019 21:56:33] - |D| - [3313005] - C:\Program Files (x86)\Windows Media Player [05/06/2019 21:49:15] - |D| - [39720] - C:\Program Files (x86)\Windows Multimedia Platform [05/06/2019 21:49:15] - |D| - [7610200] - C:\Program Files (x86)\Windows NT [05/06/2019 21:49:15] - |D| - [5320648] - C:\Program Files (x86)\Windows Photo Viewer [05/06/2019 21:49:15] - |D| - [39720] - C:\Program Files (x86)\Windows Portable Devices [05/06/2019 21:49:15] - |D| - [2372645] - C:\Program Files (x86)\WindowsPowerShell [06/06/2019 11:03:26] - |D| - [25051106] - C:\Program Files (x86)\Yahoo! ---------- | C:\Program Files [05/06/2019 21:19:53] - |D| - [90494374] - C:\Program Files\AMD [04/07/2019 16:07:42] - |D| - [5603752] - C:\Program Files\ATI Technologies [06/06/2019 11:45:14] - |D| - [46619264] - C:\Program Files\CCleaner [05/06/2019 21:49:15] - |D| - [93343024] - C:\Program Files\Common Files [05/06/2019 21:49:16] - |ASH| - [174] - C:\Program Files\desktop.ini [06/06/2019 06:57:58] - |D| - [19760115] - C:\Program Files\DriversCloud.com [05/06/2019 21:37:25] - |SHD| - [0] - C:\Program Files\Fichiers communs [06/06/2019 11:13:40] - |D| - [219169767] - C:\Program Files\Google [27/06/2019 08:14:22] - |D| - [98434] - C:\Program Files\Intel [24/06/2019 17:52:38] - |D| - [284343] - C:\Program Files\Intel Corporation [05/06/2019 21:49:15] - |D| - [1823586] - C:\Program Files\Internet Explorer [06/06/2019 08:56:12] - |D| - [84465917] - C:\Program Files\Logitech [06/06/2019 06:53:50] - |D| - [172391774] - C:\Program Files\Malwarebytes [06/06/2019 15:34:15] - |RD| - [149899411] - C:\Program Files\Microsoft Games [06/06/2019 07:15:42] - |D| - [1139478] - C:\Program Files\Microsoft Office [05/06/2019 21:49:15] - |D| - [0] - C:\Program Files\ModifiableWindowsApps [16/08/2019 08:29:19] - |D| - [200929232] - C:\Program Files\Mozilla Firefox [05/06/2019 21:56:33] - |D| - [25757] - C:\Program Files\MSBuild [05/06/2019 21:56:33] - |D| - [36867241] - C:\Program Files\Reference Assemblies [12/08/2019 20:14:06] - |D| - [98461232] - C:\Program Files\RogueKiller [17/06/2019 09:39:24] - |D| - [15516312] - C:\Program Files\Speccy [05/06/2019 21:37:11] - |HD| - [0] - C:\Program Files\Uninstall Information [06/06/2019 07:10:31] - |D| - [22490784] - C:\Program Files\VS Revo Group [05/06/2019 21:49:15] - |D| - [16096244] - C:\Program Files\Windows Defender [05/06/2019 21:49:15] - |D| - [636416] - C:\Program Files\Windows Mail [05/06/2019 21:56:33] - |D| - [4818321] - C:\Program Files\Windows Media Player [05/06/2019 21:49:15] - |D| - [47720] - C:\Program Files\Windows Multimedia Platform [05/06/2019 21:49:15] - |D| - [7946584] - C:\Program Files\Windows NT [05/06/2019 21:49:15] - |D| - [6138008] - C:\Program Files\Windows Photo Viewer [05/06/2019 21:49:15] - |D| - [47720] - C:\Program Files\Windows Portable Devices [05/06/2019 21:49:15] - |D| - [110373] - C:\Program Files\Windows Security [05/06/2019 21:49:15] - |HD| - [2136157057] - C:\Program Files\WindowsApps [05/06/2019 21:49:15] - |D| - [2699677] - C:\Program Files\WindowsPowerShell ---------- | C:\Program Files (x86)\Common Files [06/06/2019 06:46:47] - |D| - [23660508] - C:\Program Files (x86)\Common Files\Adobe [06/06/2019 14:36:31] - |D| - [99992] - C:\Program Files (x86)\Common Files\DESIGNER [05/06/2019 21:19:35] - |D| - [49149832] - C:\Program Files (x86)\Common Files\logishrd [05/06/2019 21:49:15] - |D| - [337722623] - C:\Program Files (x86)\Common Files\Microsoft Shared [05/06/2019 21:49:15] - |D| - [2702] - C:\Program Files (x86)\Common Files\Services [05/06/2019 21:49:15] - |D| - [43731247] - C:\Program Files (x86)\Common Files\System ---------- | C:\Program Files\Common files [06/06/2019 08:42:28] - |D| - [152640] - C:\Program Files\Common files\EPSON [05/06/2019 21:19:34] - |D| - [42465527] - C:\Program Files\Common files\logishrd [05/06/2019 21:49:15] - |D| - [40165856] - C:\Program Files\Common files\microsoft shared [05/06/2019 21:49:15] - |D| - [2702] - C:\Program Files\Common files\Services [05/06/2019 21:49:15] - |D| - [10556299] - C:\Program Files\Common files\System ---------- | Tasks [MD5.89B56847B65A85E1445B11FE55FD0872] - [14/09/2019 16:49:32] - |A| - [214] - C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job [MD5.E428EDDE637F2152955B9CE735319F23] - [06/06/2019 08:42:30] - |A| - [931] - C:\WINDOWS\Tasks\EPSON XP-442 445 Series Update {3E887263-0B07-4D72-8493-01EF18FDBF08}.job [MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [05/06/2019 21:36:55] - |AH| - [6] - C:\WINDOWS\Tasks\SA.DAT [MD5.0FB54D6C180195BA211E15BD6C5C9203] - [06/06/2019 06:47:26] - |A| - [4562] - C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task : C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [MD5.581944FED9C9FF67F548E1B3344BFCD8] - [06/06/2019 06:49:53] - |A| - [4714] - C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier : C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_255_Plugin.exe [MD5.DA46C57C5E189ABCB17B603C9BBD958C] - [06/06/2019 06:49:54] - |A| - [4552] - C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater : C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [MD5.6A3409C28ED39C506D3BAD9E9C54143A] - [06/06/2019 11:45:18] - |A| - [3936] - C:\WINDOWS\System32\Tasks\CCleaner Update : C:\Program Files\CCleaner\CCUpdate.exe [MD5.A9705A0D6E1EDA679E722B4F5A916729] - [06/06/2019 11:45:18] - |A| - [2884] - C:\WINDOWS\System32\Tasks\CCleanerSkipUAC : "C:\Program Files\CCleaner\CCleaner.exe" [MD5.391806854820D69CBAD3FAC61685BD07] - [06/06/2019 08:42:31] - |A| - [4136] - C:\WINDOWS\System32\Tasks\EPSON XP-442 445 Series Update {3E887263-0B07-4D72-8493-01EF18FDBF08} : C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSRDE.EXE [MD5.CC274C85814E35631601BB2FF2B8422F] - [06/06/2019 11:12:39] - |A| - [3464] - C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [MD5.3C88BDD278012B697841984B038752DD] - [06/06/2019 11:12:39] - |A| - [3588] - C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [MD5.00000000000000000000000000000000] - [05/06/2019 21:49:15] - |D| - [564618] - C:\WINDOWS\System32\Tasks\Microsoft [MD5.22A36C61339FA09FDB85FE14DAC56329] - [12/06/2019 12:51:53] - |A| - [3372] - C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3951195138-895905141-1799569697-500 : %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe [MD5.00000000000000000000000000000000] - [05/06/2019 21:49:15] - |D| - [0] - C:\WINDOWS\Syswow64\Tasks\Microsoft ---------- | Firewall [HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules] "WiFiDirect-KM-Driver-In-TCP"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=System|Name=@wlansvc.dll,-37378|Desc=@wlansvc.dll,-37890|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "WiFiDirect-KM-Driver-Out-TCP"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=System|Name=@wlansvc.dll,-37379|Desc=@wlansvc.dll,-37891|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "WiFiDirect-KM-Driver-In-UDP"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=System|Name=@wlansvc.dll,-37380|Desc=@wlansvc.dll,-37892|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "WiFiDirect-KM-Driver-Out-UDP"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=System|Name=@wlansvc.dll,-37381|Desc=@wlansvc.dll,-37893|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "DeliveryOptimization-TCP-In"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-102|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE| "DeliveryOptimization-UDP-In"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-103|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE| "Netlogon-NamedPipe-In"=v2.30|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|Name=@netlogon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010| "Netlogon-TCP-RPC-In"=v2.30|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%SystemRoot%\System32\lsass.exe|Name=@netlogon.dll,-1008|Desc=@netlogon.dll,-1009|EmbedCtxt=@netlogon.dll,-1010| "WirelessDisplay-In-TCP"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10200|Desc=@wifidisplay.dll,-10201|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Out-TCP"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10202|Desc=@wifidisplay.dll,-10203|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Out-UDP"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10204|Desc=@wifidisplay.dll,-10205|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Infra-In-TCP"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7250|App=%systemroot%\system32\CastSrv.exe|Name=@wifidisplay.dll,-10206|Desc=@wifidisplay.dll,-10207|EmbedCtxt=@wifidisplay.dll,-100| "{A6F40F91-516E-4CBA-885A-F5C6FDE6F5B7}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox TCUI|Desc=Xbox TCUI|LUOwn=S-1-5-21-3951195138-895905141-1799569697-1005|AppPkgId=S-1-15-2-2603511428-3224021693-1028932517-3941269705-3349582775-2312504883-4057327947|EmbedCtxt=Xbox TCUI|Platform=2:6:2|Platform2=GTEQ| "{CDBC5C2C-35FC-4FEB-9442-117F3C3BCC4A}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Pay|Desc=Microsoft Pay|LUOwn=S-1-5-21-3951195138-895905141-1799569697-1005|AppPkgId=S-1-15-2-567501097-281763132-502764112-1855211022-3143306454-2372101908-561929011|EmbedCtxt=Microsoft Pay|Platform=2:6:2|Platform2=GTEQ| "{B01DE17F-1CC0-4C3E-BFB7-81C6756B85A1}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Print 3D|Desc=Print 3D|LUOwn=S-1-5-21-3951195138-895905141-1799569697-1005|AppPkgId=S-1-15-2-4177018473-2823706547-3652141868-2730301309-560159678-43221128-488844051|EmbedCtxt=Print 3D|Platform=2:6:2|Platform2=GTEQ| "{087F83EB-C4A4-40B1-BF43-36E3886043F4}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Print 3D|Desc=Print 3D|LUOwn=S-1-5-21-3951195138-895905141-1799569697-1005|AppPkgId=S-1-15-2-4177018473-2823706547-3652141868-2730301309-560159678-43221128-488844051|EmbedCtxt=Print 3D|Platform=2:6:2|Platform2=GTEQ| "{701597D0-D34E-4717-8D55-F9061D88A02E}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=C:\Program Files\DriversCloud.com\DriversCloud.exe|Name=DriversCloud| "{4B80ED29-36F9-4CDF-8F34-E49C0F613FD3}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=C:\Program Files\DriversCloud.com\DriversCloud.exe|Name=DriversCloud| "{FC0602D3-CE1E-4F96-BD23-3CC4CE4AD0CB}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe|Name=TbService.exe| "{EE896337-EC35-4F15-85A0-7088BDAED0BA}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe|Name=TbService.exe| "{8A79C370-4FD1-4FC7-8171-6EC8A642CC3A}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe|Name=Local TBConsoleUI.exe| "{0738C82C-63FD-4DFA-9028-F23436651C77}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe|Name=Local TBConsoleUI.exe| "{AC83C49A-75E8-498F-BC35-C006193A05FF}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe|Name=Local TodoBackupService.exe| "{FD799380-EE78-4332-BDE0-DE177C173112}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe|Name=Local TodoBackupService.exe| "{D78BFE26-17A3-4D68-BD16-0361F36A0E1B}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox TCUI|Desc=Xbox TCUI|LUOwn=S-1-5-21-3951195138-895905141-1799569697-500|AppPkgId=S-1-15-2-2603511428-3224021693-1028932517-3941269705-3349582775-2312504883-4057327947|EmbedCtxt=Xbox TCUI|Platform=2:6:2|Platform2=GTEQ| "{77B0F506-42A3-4C07-BB48-9D27B6E28661}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Pay|Desc=Microsoft Pay|LUOwn=S-1-5-21-3951195138-895905141-1799569697-500|AppPkgId=S-1-15-2-567501097-281763132-502764112-1855211022-3143306454-2372101908-561929011|EmbedCtxt=Microsoft Pay|Platform=2:6:2|Platform2=GTEQ| "{E4612250-56A9-4D14-B4F0-09A27865011F}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Print 3D|Desc=Print 3D|LUOwn=S-1-5-21-3951195138-895905141-1799569697-500|AppPkgId=S-1-15-2-4177018473-2823706547-3652141868-2730301309-560159678-43221128-488844051|EmbedCtxt=Print 3D|Platform=2:6:2|Platform2=GTEQ| "{3FA8487A-2A21-4899-8B54-3112E3B90D22}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Print 3D|Desc=Print 3D|LUOwn=S-1-5-21-3951195138-895905141-1799569697-500|AppPkgId=S-1-15-2-4177018473-2823706547-3652141868-2730301309-560159678-43221128-488844051|EmbedCtxt=Print 3D|Platform=2:6:2|Platform2=GTEQ| "{CAEEAFBD-74B9-4E35-B847-7FB28D76D944}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-3951195138-895905141-1799569697-500|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ| "{15A70C41-3786-47B0-B17B-1A12CD8F8135}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-3951195138-895905141-1799569697-500|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ| "{477FB695-22AA-4131-BB9A-EBE59C6134A7}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Sticky Notes|Desc=Microsoft Sticky Notes|LUOwn=S-1-5-21-3951195138-895905141-1799569697-500|AppPkgId=S-1-15-2-3539788797-2700867667-1432428195-1581642-2885308443-3834444517-2495346167|EmbedCtxt=Microsoft Sticky Notes|Platform=2:6:2|Platform2=GTEQ| "{D42159AC-2E5E-4652-B416-E4461CFB5E8E}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Microsoft Sticky Notes|Desc=Microsoft Sticky Notes|LUOwn=S-1-5-21-3951195138-895905141-1799569697-500|AppPkgId=S-1-15-2-3539788797-2700867667-1432428195-1581642-2885308443-3834444517-2495346167|EmbedCtxt=Microsoft Sticky Notes|Platform=2:6:2|Platform2=GTEQ| "{0C3711F4-8CB2-415F-8153-E73338482F02}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-3951195138-895905141-1799569697-500|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ| "{CF9EC55F-6315-4897-B6DB-6917964C9F8F}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-3951195138-895905141-1799569697-500|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ| "{88164F20-0289-4ED9-B595-2843C8C41BFE}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe|Name=EaseUS_SMART| "{58459A7B-F9F6-4D31-A283-9326F1F8B877}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe|Name=EaseUS_SMART| "{CC5DF331-F654-4395-AA04-AAF0BDE05FD5}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Sticky Notes|Desc=Microsoft Sticky Notes|LUOwn=S-1-5-21-3951195138-895905141-1799569697-1005|AppPkgId=S-1-15-2-3539788797-2700867667-1432428195-1581642-2885308443-3834444517-2495346167|EmbedCtxt=Microsoft Sticky Notes|Platform=2:6:2|Platform2=GTEQ| "{4BB91DA6-54C1-4567-BA98-28FA72FC7280}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Microsoft Sticky Notes|Desc=Microsoft Sticky Notes|LUOwn=S-1-5-21-3951195138-895905141-1799569697-1005|AppPkgId=S-1-15-2-3539788797-2700867667-1432428195-1581642-2885308443-3834444517-2495346167|EmbedCtxt=Microsoft Sticky Notes|Platform=2:6:2|Platform2=GTEQ| "{EBB3148C-7C6E-46F1-8144-3492378D07D4}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Sudoku Classic|Desc=Sudoku Classic|LUOwn=S-1-5-21-3951195138-895905141-1799569697-1005|AppPkgId=S-1-15-2-246179734-496723943-2867387233-2207918382-341375148-1169930684-3965499183|EmbedCtxt=Sudoku Classic|Platform=2:6:2|Platform2=GTEQ| "{04E71C40-F9F8-48EF-8CD9-5454DC11A2A1}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-3951195138-895905141-1799569697-1005|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ| "{5A339E36-4357-44EB-BC23-8F7253A4C102}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-3951195138-895905141-1799569697-1005|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ| "{8E9C053E-C456-46DC-A033-20BFA2320DF3}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-3951195138-895905141-1799569697-1005|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ| "{447526DA-B9C6-4B28-A95E-86AF69832024}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-3951195138-895905141-1799569697-1005|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ| "{068F9E26-6EF8-4DA4-A265-C3A317E4F324}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Shell Input Application|Desc=Shell Input Application|LUOwn=S-1-5-21-3951195138-895905141-1799569697-1005|AppPkgId=S-1-15-2-3945102849-3632965805-3846928828-240845225-3300287824-62672950-817265009|EmbedCtxt=Shell Input Application|Platform=2:6:2|Platform2=GTEQ| "{F21461B7-C2FD-4E77-A39D-EBAEFD3AB8CC}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Shell Input Application|Desc=Shell Input Application|LUOwn=S-1-5-21-3951195138-895905141-1799569697-500|AppPkgId=S-1-15-2-3945102849-3632965805-3846928828-240845225-3300287824-62672950-817265009|EmbedCtxt=Shell Input Application|Platform=2:6:2|Platform2=GTEQ| "{468DEAFF-97E3-42E4-821A-0B34FE55603F}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox Game Bar Plugin|Desc=Xbox Game Bar Plugin|LUOwn=S-1-5-21-3951195138-895905141-1799569697-500|AppPkgId=S-1-15-2-1823635404-1364722122-2170562666-1762391777-2399050872-3465541734-3732476201|EmbedCtxt=Xbox Game Bar Plugin|Platform=2:6:2|Platform2=GTEQ| "{4289E7F9-3F37-40B3-93B5-5810510A620E}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox Game Bar Plugin|Desc=Xbox Game Bar Plugin|LUOwn=S-1-5-21-3951195138-895905141-1799569697-1005|AppPkgId=S-1-15-2-1823635404-1364722122-2170562666-1762391777-2399050872-3465541734-3732476201|EmbedCtxt=Xbox Game Bar Plugin|Platform=2:6:2|Platform2=GTEQ| ---------- | Control\Class [HKLM\SYSTEM\CurrentControlSet\Control\Class\{05f5cfe2-4733-4950-a6bb-07aad01a3a84}] : (XboxComposite) [] -> @dc1-controller.inf,%ClassName%;Xbox Peripherals [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1264760F-A5C8-4BFE-B314-D56A7B44A362}] : (DXGKrnl) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{13e42dfa-85d9-424d-8646-28a70f864f9c}] : (RemotePosDevice) [] -> @remoteposdrv.inf,%ClassName%;POS Remote Device [HKLM\SYSTEM\CurrentControlSet\Control\Class\{14b62f50-3f15-11dd-ae16-0800200c9a66}] : (DigitalMediaDevices) [] -> @digitalmediadevice.inf,%ClassName%;Digital Media Devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}] : (PrintQueue) [] -> @printqueue.inf,%ClassName%;Print queues [HKLM\SYSTEM\CurrentControlSet\Control\Class\{25dbce51-6c8f-4a72-8a6d-b54c2b4fc835}] : (WCEUSBS) [] -> @%SystemRoot%\System32\SysClass.Dll,-3026 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{268c95a1-edfe-11d3-95c3-0010dc4050a5}] : (SecurityAccelerator) [] -> @c_sslaccel.inf,%ClassName%;Security accelerators [HKLM\SYSTEM\CurrentControlSet\Control\Class\{281922b1-a910-451e-adb1-0b5567f1edb1}] : (BTDFU) [] -> @oem86.inf,%BTWClassName%;Bluetooth Devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2a9fe532-0cdc-44f9-9827-76192f2ca2fb}] : (HidMsr) [] -> @c_magneticstripereader.inf,%ClassName%;POS HID Magnetic Stripe Reader [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2db15374-706e-4131-a0c7-d7c78eb0289a}] : (SystemRecovery) [] -> @c_fssystemrecovery.inf,%ClassDesc%;FS System recovery filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B648}] : (fvevol) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B649}] : (fvevol) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{36fc9e60-c465-11cf-8056-444553540000}] : (USB) [] -> @%SystemRoot%\System32\SysClass.Dll,-3025 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3e3f0674-c83c-4558-bb26-9820e1eba5c5}] : (ContentScreener) [] -> @c_fscontentscreener.inf,%ClassDesc%;FS Content screener filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3f966bd9-fa04-4ec5-991c-d326973b5128}] : (AndroidUsbDeviceClass) [] -> @oem42.inf,%ClassName%;Android Phone [HKLM\SYSTEM\CurrentControlSet\Control\Class\{42cf9535-c69f-410f-9779-d6906dad9400}] : (CropAssistUSBDevice) [] -> USB devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{43675d81-502a-4a82-9f84-b75f418c5dea}] : (Media Center Extender) [] -> @c_mcx.inf,%ClassDesc%;Media Center Extenders [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4658ee7e-f050-11d1-b6bd-00c04fa372a7}] : (PnpPrinters) [] -> @%SystemRoot%\system32\ntprint.dll,-1300 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{48721b56-6795-11d2-b1a8-0080c72e74a2}] : (Dot4) [] -> @%SystemRoot%\system32\sysclass.dll,-3023 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{48d3ebc4-4cf8-48ff-b869-9c68ad42eb9f}] : (Replication) [] -> @c_fsreplication.inf,%ClassDesc%;FS Replication filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{49ce6ac8-6f86-11d2-b1e5-0080c72e74a2}] : (Dot4Print) [] -> @%SystemRoot%\system32\sysclass.dll,-3024 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e965-e325-11ce-bfc1-08002be10318}] : (CDROM) [] -> @%SystemRoot%\System32\StorProp.dll,-17001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e966-e325-11ce-bfc1-08002be10318}] : (Computer) [] -> @%SystemRoot%\System32\SysClass.dll,-3000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}] : (DiskDrive) [] -> @c_diskdrive.inf,%ClassDesc%;Disk drives [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}] : (Display) [] -> @c_display.inf,%ClassDesc%;Display adapters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e969-e325-11ce-bfc1-08002be10318}] : (FDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3013 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96a-e325-11ce-bfc1-08002be10318}] : (HDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96b-e325-11ce-bfc1-08002be10318}] : (Keyboard) [] -> @%SystemRoot%\System32\SysClass.Dll,-3002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96c-e325-11ce-bfc1-08002be10318}] : (MEDIA) [] -> @c_media.inf,%ClassDesc%;Sound, video and game controllers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}] : (Modem) [] -> @%SystemRoot%\System32\mdminst.dll,-14100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96e-e325-11ce-bfc1-08002be10318}] : (Monitor) [] -> @c_monitor.inf,%ClassDesc%;Monitors [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96f-e325-11ce-bfc1-08002be10318}] : (Mouse) [] -> @%SystemRoot%\System32\SysClass.Dll,-3004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e970-e325-11ce-bfc1-08002be10318}] : (MTD) [] -> @%SystemRoot%\System32\SysClass.Dll,-3021 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e971-e325-11ce-bfc1-08002be10318}] : (MultiFunction) [] -> @%SystemRoot%\System32\SysClass.Dll,-3014 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}] : (Net) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1502 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e973-e325-11ce-bfc1-08002be10318}] : (NetClient) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1504 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e974-e325-11ce-bfc1-08002be10318}] : (NetService) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1505 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e975-e325-11ce-bfc1-08002be10318}] : (NetTrans) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1503 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e977-e325-11ce-bfc1-08002be10318}] : (PCMCIA) [] -> @%SystemRoot%\System32\SysClass.Dll,-3010 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e978-e325-11ce-bfc1-08002be10318}] : (Ports) [] -> @%SystemRoot%\System32\msports.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e979-e325-11ce-bfc1-08002be10318}] : (Printer) [] -> @%SystemRoot%\system32\ntprint.dll,-1004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97b-e325-11ce-bfc1-08002be10318}] : (SCSIAdapter) [] -> @%SystemRoot%\System32\SysClass.Dll,-3005 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97d-e325-11ce-bfc1-08002be10318}] : (System) [] -> @%SystemRoot%\System32\SysClass.Dll,-3008 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97e-e325-11ce-bfc1-08002be10318}] : (Unknown) [] -> @%SystemRoot%\System32\SysClass.Dll,-3009 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e980-e325-11ce-bfc1-08002be10318}] : (FloppyDisk) [] -> @%SystemRoot%\System32\SysClass.Dll,-3015 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4fc9541c-0fe6-4480-a4f6-9495a0d17cd2}] : (HidLineDisplay) [] -> @c_linedisplay.inf,%ClassName%;POS Line Display [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50127dc3-0f36-415e-a6cc-4cb3be910b65}] : (Processor) [] -> @c_processor.inf,%ClassDesc%;Processors [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50906cb8-ba12-11d1-bf5d-0000f805f530}] : (MultiPortSerial) [] -> @%SystemRoot%\system32\sysclass.dll,-3022 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5099944a-f6b9-4057-a056-8c550228544c}] : (Memory) [] -> @%SystemRoot%\System32\SysClass.Dll,-3018 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50dd5230-ba8a-11d1-bf5d-0000f805f530}] : (SmartCardReader) [] -> @%SystemRoot%\System32\StorProp.dll,-17002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5175d334-c371-4806-b3ba-71fd53c9258d}] : (Sensor) [] -> @%SystemRoot%\system32\SensorsCpl.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{533c5b84-ec70-11d2-9505-00c04f79deaf}] : (VolumeSnapshot) [] -> @%SystemRoot%\System32\SysClass.Dll,-3011 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53487c23-680f-4585-acc3-1f10d6777e82}] : (SmrDisk) [] -> @c_smrdisk.inf,%ClassDesc%;Shingled magnetic recording disks [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53966cb1-4d46-4166-bf23-c522403cd495}] : (ScmDisk) [] -> @c_scmdisk.inf,%ClassDesc%;Persistent memory disks [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53b3cf03-8f5a-4788-91b6-d19ed9fcccbf}] : (SmrVolume) [] -> @c_smrvolume.inf,%ClassDesc%;Shingled magnetic recording volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53ccb149-e543-4c84-b6e0-bce4f6b7e806}] : (ScmVolume) [] -> @c_scmvolume.inf,%ClassDesc%;Storage Class Memory volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53d29ef7-377c-4d14-864b-eb3a85769359}] : (Biometric) [] -> @%SystemRoot%\System32\SysClass.DLL,-3028 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5630831c-06c9-4856-b327-f5d32586e060}] : (Proximity) [] -> @c_proximity.inf,%ClassDesc%;Proximity devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5989fce8-9cd0-467d-8a6a-5419e31529d4}] : (AudioProcessingObject) [] -> @c_apo.inf,%ClassDesc%;Audio Processing Objects (APOs) [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5aea001d-9372-4ed7-97f3-b79bf15a53c5}] : (OposLegacyDevice) [] -> @oposdrv.inf,%ClassName%;OPOS Legacy Device [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5c4c3332-344d-483c-8739-259e934c9cc8}] : (SoftwareComponent) [] -> @c_swcomponent.inf,%ClassDesc%;Software components [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5d1b9aaa-01e2-46af-849f-272b3f324c46}] : (FSFilterSystem) [] -> @c_fssystem.inf,%ClassDesc%;FS System filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{62f9c741-b25a-46ce-b54c-9bccce08b6f2}] : (SoftwareDevice) [] -> @c_swdevice.inf,%ClassDesc%;Software devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{645ad99b-1344-4316-837a-08a3e73db222}] : (PerceptionSimulation) [] -> @PerceptionSimulationSixDof.inf,%ClassName%;Perception Simulation Controllers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6a0a8e78-bba6-4fc4-a709-1e33cd09d67e}] : (PhysicalQuotaManagement) [] -> @c_fsphysicalquotamgmt.inf,%ClassDesc%;FS Physical quota management filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc1-810f-11d0-bec7-08002be2092f}] : (1394) [] -> @%SystemRoot%\System32\SysClass.Dll,-3016 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc5-810f-11d0-bec7-08002be2092f}] : (Infrared) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1501 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc6-810f-11d0-bec7-08002be2092f}] : (Image) [] -> @%SystemRoot%\system32\sti_ci.dll,-52 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6d807884-7d21-11cf-801c-08002be10318}] : (TapeDrive) [] -> @%SystemRoot%\System32\SysClass.Dll,-3006 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6FAE73B7-B735-4B50-A0DA-0DC2484B1F1A}] : (BasicDisplay) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{71a27cdd-812a-11d0-bec7-08002be2092f}] : (Volume) [] -> @c_volume.inf,%ClassDesc%;Storage volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{71aa14f8-6fad-4622-ad77-92bb9d7e6947}] : (ContinuousBackup) [] -> @c_fscontinuousbackup.inf,%ClassDesc%;FS Continuous backup filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{72631e54-78a4-11d0-bcf7-00aa00b7b32a}] : (Battery) [] -> @%SystemRoot%\system32\powrprof.dll,-611 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{745a17a0-74d3-11d0-b6fe-00a0c90f57da}] : (HIDClass) [] -> @%SystemRoot%\System32\hid.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{772e18f2-8925-4229-a5ac-6453cb482fda}] : (HidCashDrawer) [] -> @c_cashdrawer.inf,%ClassName%;POS Cash Drawer [HKLM\SYSTEM\CurrentControlSet\Control\Class\{7ebefbc0-3200-11d2-b4c2-00a0c9697d07}] : (61883) [] -> @%SystemRoot%\System32\SysClass.Dll,-3019 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{81C87465-DE07-4EFC-9D93-61E891D52FD2}] : (RdpVideoMiniport) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8496e87e-c0a1-4102-9d8d-bd9a9b8b07a9}] : (WDC_SAM) [] -> @oem23.inf,%WDC_SAM_ClassName%;WD Drive Management devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8503c911-a6c7-4919-8f79-5028f5866b0c}] : (QuotaManagement) [] -> @c_fsquotamgmt.inf,%ClassDesc%;FS Quota management filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{87ef9ad1-8f70-49ee-b215-ab1fcadcbe3c}] : (NetDriver) [] -> @c_netdriver.inf,%ClassDesc%;Universal Network Drivers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{88a1c342-4539-11d3-b88d-00c04fad5171}] : (TS_Generic) [] -> @ts_generic.inf,%TSClassName%;Generic Remote Desktop devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{88bae032-5a81-49f0-bc3d-a4ff138216d6}] : (USBDevice) [] -> @%SystemRoot%\System32\SysClass.Dll,-3029 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{89786ff1-9c12-402f-9c9e-17753c7f4375}] : (CopyProtection) [] -> @c_fscopyprotection.inf,%ClassDesc%;FS Copy protection filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8ecc055d-047f-11d1-a537-0000f8753ed1}] : (LegacyDriver) [] -> @%SystemRoot%\System32\SysClass.Dll,-3003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{990a2bd7-e738-46c7-b26f-1cf8fb9f1391}] : (SmartCard) [] -> @%SystemRoot%\System32\SysClass.DLL,-3031 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{9da2b80f-f89f-4a49-a5c2-511b085b9e8a}] : (EhStorSilo) [] -> @rawsilo.inf,%ClassName%;IEEE 1667 silo and control devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a588a4-c46f-4b37-b7ea-c82fe89870c6}] : (SDHost) [] -> @%SystemRoot%\System32\SysClass.Dll,-3012 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a701c0-a511-42ff-aa6c-06dc0395576f}] : (Encryption) [] -> @c_fsencryption.inf,%ClassDesc%;FS Encryption filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{A3E32DBA-BA89-4F17-8386-2D0127FBD4CC}] : (rdpbus) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b1d1a169-c54f-4379-81db-bee7d88d7454}] : (AntiVirus) [] -> @c_fsantivirus.inf,%ClassDesc%;FS Anti-virus filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b2728d24-ac56-42db-9e02-8edaf5db652f}] : (RDCamera) [] -> @rdcameradriver.inf,%ClassName%;Remote Desktop Camera devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b86dff51-a31e-4bac-b3cf-e8cfe75c9fc2}] : (ActivityMonitor) [] -> @c_fsactivitymonitor.inf,%ClassDesc%;FS Activity monitor filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{bbbe8734-08fa-4966-b6a6-4e5ad010cdd7}] : (USBFunctionController) [] -> @%SystemRoot%\System32\SysClass.Dll,-3030 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c06ff265-ae09-48f0-812c-16753d7cba83}] : (AVC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3027 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c166523c-fe0c-4a94-a586-f1a80cfbbf3e}] : (AudioEndpoint) [] -> @audioendpoint.inf,%ClassName%;Audio inputs and outputs [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c243ffbd-3afc-45e9-b3d3-2ba18bc7ebc5}] : (BarcodeScanner) [] -> @c_barcodescanner.inf,%ClassName%;POS Barcode Scanner [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c30ecea0-11ef-4ef9-b02e-6af81e6e65c0}] : (WSDPrintDevice) [] -> @wsdprint.inf,%ClassName%;WSD Print Provider [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c7bc9b22-21f0-4f0d-9bb6-66c229b8cd33}] : (POSPrinter) [] -> @c_receiptprinter.inf,%ClassName%;POS Receipt Printer [HKLM\SYSTEM\CurrentControlSet\Control\Class\{ca3e7ab9-b4c3-4ae6-8251-579ef933890f}] : (Camera) [] -> @c_camera.inf,%ClassDesc%;Cameras [HKLM\SYSTEM\CurrentControlSet\Control\Class\{cdcf0939-b75b-4630-bf76-80f7ba655884}] : (CFSMetadataServer) [] -> @c_fscfsmetadataserver.inf,%ClassDesc%;FS CFS metadata server filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{ce5939ae-ebde-11d0-b181-0000f8753ec4}] : (MediumChanger) [] -> @%SystemRoot%\System32\StorProp.dll,-17003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d02bc3da-0c8e-4945-9bd5-f1883c226c8c}] : (SecurityEnhancer) [] -> @c_fssecurityenhancer.inf,%ClassDesc%;FS Security enhancer filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d41dd63a-1395-4419-ae14-a534f5f2ad29}] : (DriverInterface) [] -> DriverInterface [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d421b08e-6d16-41ca-9c4d-9147e5ac98e0}] : (Miracast) [] -> @miradisp.inf,%ClassName%;Miracast display devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d48179be-ec20-11d1-b6b8-00c04fa372a7}] : (SBP2) [] -> @%SystemRoot%\System32\SysClass.Dll,-3017 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d546500a-2aeb-45f6-9482-f4b1799c3177}] : (HSM) [] -> @c_fshsm.inf,%ClassDesc%;FS HSM filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d612553d-06b1-49ca-8938-e39ef80eb16f}] : (Holographic) [] -> @c_holographic.inf,%ClassName%;Mixed Reality devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d61ca365-5af4-4486-998b-9db4734c6ca3}] : (XnaComposite) [] -> @xusb22.inf,%XUSB22.ClassName%;Xbox 360 Peripherals [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d94ee5d8-d189-4994-83d2-f68d7d41b0e6}] : (SecurityDevices) [] -> @%SystemRoot%\System32\SysClass.Dll,-3020 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{DA89094D-4B35-4D92-ABF3-9808A44B6E59}] : (LMouFilt) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{db4f6ddd-9c0e-45e4-9597-78dbbad0f412}] : (SmartCardFilter) [] -> @%SystemRoot%\System32\SysClass.DLL,-3032 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{E004269C-D387-4461-B955-25A64CFE23CE}] : (amdkmdag) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e0cbf06c-cd8b-4647-bb8a-263b43f0f974}] : (Bluetooth) [] -> @%SystemRoot%\system32\bthci.dll,-4001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e2f84ce7-8efa-411c-aa69-97454ca4cb57}] : (Extension) [] -> @c_extension.inf,%ClassDesc%;Extensions [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e55fa6f9-128c-4d04-abab-630c74b1453a}] : (Infrastructure) [] -> @c_fsinfrastructure.inf,%ClassDesc%;FS Infrastructure filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e6f1aa1c-7f3b-4473-b2e8-c97d8ac71d53}] : (UCM) [] -> @c_ucm.inf,%ClassDesc%;USB Connector Managers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{eec5ad98-8080-425f-922a-dabf3de3f69a}] : (WPD) [] -> @%SystemRoot%\System32\wpd_ci.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f2e7dd72-6468-4e36-b6f1-6488f42c1b52}] : (Firmware) [] -> @c_firmware.inf,%ClassDesc%;Firmware [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f3586baf-b5aa-49b5-8d6c-0569284c639f}] : (Compression) [] -> @c_fscompression.inf,%ClassDesc%;FS Compression filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f75a86c0-10d8-4c3a-b233-ed60e4cdfaac}] : (Virtualization) [] -> @c_fsvirtualization.inf,%ClassDesc%;FS Virtualization filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f8ecafa6-66d1-41a5-899b-66585d7216b7}] : (OpenFileBackup) [] -> @c_fsopenfilebackup.inf,%ClassDesc%;FS Open file backup filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{fe8f1572-c67a-48c0-bbac-0b5c6d66cafb}] : (Undelete) [] -> @c_fsundelete.inf,%ClassDesc%;FS Undelete filters [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5] -> elstrans.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) ---------- | Loaded modules (whitelist) [20/11/2017 01:24:26] - (3.2.3.0) - (Asmedia Technology - Asmedia 106x SATA Host Controller Driver) - C:\WINDOWS\System32\drivers\asstahci64.sys [06/06/2019 17:58:19] - (0.0.0.0) - ( -) - C:\WINDOWS\system32\drivers\EUBKMON.sys [06/06/2019 17:58:21] - (1.0.1.0) - (CHENGDU YIWO Tech Development Co., Ltd - Disk Backup Driver) - C:\WINDOWS\system32\drivers\eubakup.sys [06/06/2019 17:58:21] - (1.0.0.1) - (CHENGDU YIWO Tech Development Co., Ltd - Disk Backup Image Preview Driver) - C:\WINDOWS\system32\drivers\EuFdDisk.sys [06/06/2019 17:58:21] - (1.2.0.1) - (CHENGDU YIWO Tech Development Co., Ltd - Disk Access Driver) - C:\WINDOWS\system32\drivers\eudskacs.sys [08/12/2015 10:18:32] - (5.0.59.0) - (MediaTek Inc. - MediaTek 802.11 Wireless Adapter Driver) - C:\WINDOWS\system32\DRIVERS\netr28x.sys [19/04/2017 05:09:12] - (1.16.47.2) - (ASMedia Technology Inc - ASMedia xHCI Host Controller Driver) - C:\WINDOWS\System32\drivers\asmtxhci.sys [19/04/2017 05:09:10] - (1.16.47.2) - (ASMedia Technology Inc - ASMedia USB3 Hub Driver) - C:\WINDOWS\System32\drivers\asmthub3.sys [12/09/2019 16:02:19] - (2.0.2.0) - ( -) - C:\Windows\System32\drivers\truesight.sys ---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service S0 - [Kernel Driver] - 3ware () -> System32\drivers\3ware.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - ACPI (@acpi.inf,%ACPI.SvcDesc%;Microsoft ACPI Driver) -> System32\drivers\ACPI.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - acpiex (Microsoft ACPIEx Driver) -> System32\Drivers\acpiex.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - ADP80XX () -> System32\drivers\ADP80XX.SYS - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - amdkmafd (@oem92.inf,%AMDKMAFD_svcdesc%;AMD Audio Bus Lower Filter) -> System32\drivers\amdkmafd.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - amdsata () -> System32\drivers\amdsata.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdsbs () -> System32\drivers\amdsbs.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdxata () -> System32\drivers\amdxata.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - arcsas (@arcsas.inf,%arcsas_ServiceName%;Adaptec SAS/SATA-II RAID Storport's Miniport Driver) -> System32\drivers\arcsas.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - asstahci64 () -> System32\drivers\asstahci64.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - atapi (@mshdc.inf,%idechannel.DeviceDesc%;IDE Channel) -> System32\drivers\atapi.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - b06bdrv (@netbvbda.inf,%vbd_srv_desc%;QLogic Network Adapter VBD) -> System32\drivers\bxvbda.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - bttflt (@virtdisk.inf,%service_desc%;Microsoft Hyper-V VHDPMEM BTT Filter) -> System32\drivers\bttflt.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - cht4iscsi () -> System32\drivers\cht4sx64.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - CLFS (@%SystemRoot%\system32\drivers\clfs.sys,-100) -> System32\drivers\CLFS.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - CNG () -> System32\Drivers\cng.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - disk (@disk.inf,%disk_ServiceDesc%;Disk Driver) -> System32\drivers\disk.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - ebdrv (@netevbda.inf,%vbd_srv_desc%;QLogic 10 Gigabit Ethernet Adapter VBD) -> System32\drivers\evbda.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - EhStorClass (@%SystemRoot%\system32\drivers\EhStorClass.sys,-100) -> System32\drivers\EhStorClass.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - EhStorTcgDrv (@ehstortcgdrv.inf,%EhStorTcgDrv.Desc%;Microsoft driver for storage devices supporting IEEE 1667 and TCG protocols) -> System32\drivers\EhStorTcgDrv.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - EUBAKUP (EUBAKUP) -> system32\drivers\eubakup.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - EUBKMON (EUBKMON) -> system32\drivers\EUBKMON.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) -> System32\drivers\fileinfo.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) -> system32\drivers\fltmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) -> System32\DRIVERS\fvevol.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - HpSAMD () -> System32\drivers\HpSAMD.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) -> System32\drivers\hwpolicy.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - iaStor (@oem79.inf,%*PNP0600.DeviceDesc%;Intel AHCI Controller) -> System32\drivers\iaStor.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - iaStorAVC (@iastorav.inf,%iaStorAVC.DeviceDesc%;Intel Chipset SATA RAID Controller) -> System32\drivers\iaStorAVC.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - iaStorV (@iastorv.inf,%*PNP0600.DeviceDesc%;Intel RAID Controller Windows 7) -> System32\drivers\iaStorV.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - intelide () -> System32\drivers\intelide.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - intelpep (@intelpep.inf,%INTELPEP.SVCDESC%;Intel(R) Power Engine Plug-in Driver) -> System32\drivers\intelpep.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - iorate (@%SystemRoot%\system32\drivers\iorate.sys,-101) -> system32\drivers\iorate.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - isapnp () -> System32\drivers\isapnp.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - ItSas35i () -> System32\drivers\ItSas35i.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - KSecDD () -> System32\Drivers\ksecdd.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - KSecPkg () -> System32\Drivers\ksecpkg.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - LSI_SAS () -> System32\drivers\lsi_sas.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SAS2i () -> System32\drivers\lsi_sas2i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SAS3i () -> System32\drivers\lsi_sas3i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SSS () -> System32\drivers\lsi_sss.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - MbamElam (MbamElam) -> system32\DRIVERS\MbamElam.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasas () -> System32\drivers\megasas.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasas2i () -> System32\drivers\MegaSas2i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasas35i () -> System32\drivers\megasas35i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasr () -> System32\drivers\megasr.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) -> System32\drivers\mountmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - msisadrv () -> System32\drivers\msisadrv.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - Mup (@%systemroot%\system32\drivers\mup.sys,-101) -> System32\Drivers\mup.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - mv91xx () -> System32\drivers\mv91xx.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - mvumis () -> System32\drivers\mvumis.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) -> system32\drivers\ndis.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - nvraid () -> System32\drivers\nvraid.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - nvstor () -> System32\drivers\nvstor.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) -> System32\drivers\partmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - pci (@pci.inf,%pci_svcdesc%;Pilote de bus PCI) -> System32\drivers\pci.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - pciide () -> System32\drivers\pciide.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - pcmcia () -> System32\drivers\pcmcia.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - pcw (Performance Counters for Windows Driver) -> System32\drivers\pcw.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - pdc (@%SystemRoot%\system32\drivers\pdc.sys,-100) -> system32\drivers\pdc.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - percsas2i () -> System32\drivers\percsas2i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - percsas3i () -> System32\drivers\percsas3i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - Ramdisk (Windows RAM Disk Driver) -> system32\DRIVERS\ramdisk.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - rdyboost (ReadyBoost) -> System32\drivers\rdyboost.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - sbp2port (@sbp2.inf,%sbp2_ServiceDesc%;SBP-2 Transport/Protocol Bus Driver) -> System32\drivers\sbp2port.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - scmbus (@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver) -> System32\drivers\scmbus.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - SgrmAgent (@%SystemRoot%\System32\Drivers\SgrmAgent.sys,-1001) -> system32\drivers\SgrmAgent.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - SiSRaid2 () -> System32\drivers\SiSRaid2.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - SiSRaid4 () -> System32\drivers\sisraid4.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - SmartSAMD () -> System32\drivers\SmartSAMD.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - spaceport (@spaceport.inf,%Spaceport_ServiceDesc%;Storage Spaces Driver) -> System32\drivers\spaceport.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - stexstor () -> System32\drivers\stexstor.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storahci (@mshdc.inf,%storahci_ServiceDescription%;Microsoft Standard SATA AHCI Driver) -> System32\drivers\storahci.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storflt (@wstorflt.inf,%service_desc%;Microsoft Hyper-V Storage Accelerator) -> System32\drivers\vmstorfl.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - stornvme (@stornvme.inf,%StorNVMe_ServiceDesc%;Microsoft Standard NVM Express Driver) -> System32\drivers\stornvme.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - storufs (@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver) -> System32\drivers\storufs.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - storvsc () -> System32\drivers\storvsc.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - Tcpip (@%SystemRoot%\system32\drivers\tcpip.sys,-10001) -> System32\drivers\tcpip.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - vdrvroot (@vdrvroot.inf,%vdrvroot_svcdesc%;Microsoft Virtual Drive Enumerator) -> System32\drivers\vdrvroot.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - vmbus (@wvmbus.inf,%vmbus.SVCDESC%;Virtual Machine Bus) -> System32\drivers\vmbus.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - volmgr (@volmgr.inf,%volmgr_svcdesc%;Volume Manager Driver) -> System32\drivers\volmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) -> System32\drivers\volmgrx.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volsnap (@%SystemRoot%\system32\drivers\volsnap.sys,-100) -> System32\drivers\volsnap.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volume (@volume.inf,%VolumeServiceDesc%;Volume driver) -> System32\drivers\volume.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - vsmraid () -> System32\drivers\vsmraid.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - VSTXRAID (@vstxraid.inf,%Driver.DeviceDesc%;VIA StorX Storage RAID Controller Windows Driver) -> System32\drivers\vstxraid.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - WdBoot (@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-390) -> system32\drivers\wd\WdBoot.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) -> system32\drivers\Wdf01000.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - WdFilter (@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-330) -> system32\drivers\wd\WdFilter.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WFPLWFS (@%SystemRoot%\System32\drivers\wfplwfs.sys,-6000) -> System32\drivers\wfplwfs.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WindowsTrustedRT (Windows Trusted Execution Environment Class Extension) -> system32\drivers\WindowsTrustedRT.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WindowsTrustedRTProxy (@WindowsTrustedRTProxy.inf,%WindowsTrustedRTProxy.SVCDESC%;Microsoft Windows Trusted Runtime Secure Service) -> System32\drivers\WindowsTrustedRTProxy.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - Wof (Windows Overlay File System Filter Driver) -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) -> \SystemRoot\system32\drivers\afd.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - afunix (afunix) -> \SystemRoot\system32\drivers\afunix.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - ahcache (@%systemroot%\system32\drivers\ahcache.sys,-102) -> system32\DRIVERS\ahcache.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - bam (@%SystemRoot%\system32\drivers\bam.sys,-100) -> system32\drivers\bam.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - BasicDisplay () -> \SystemRoot\System32\DriverStore\FileRepository\basicdisplay.inf_amd64_25ab9510fd18cfda\BasicDisplay.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - BasicRender () -> \SystemRoot\System32\DriverStore\FileRepository\basicrender.inf_amd64_9ff437f462543a42\BasicRender.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Beep (Beep) -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - cdrom (@cdrom.inf,%cdrom_ServiceDesc%;CD-ROM Driver) -> \SystemRoot\System32\drivers\cdrom.sys - AcceptPause: False - AcceptStop: True S1 - [Kernel Driver] - dam (@%SystemRoot%\system32\drivers\dam.sys,-100) -> system32\drivers\dam.sys - AcceptPause: False - AcceptStop: False R1 - [File System Driver] - Dfsc (@%systemroot%\system32\wkssvc.dll,-1008) -> System32\Drivers\dfsc.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - DXGKrnl (LDDM Graphics Subsystem) -> \SystemRoot\System32\drivers\dxgkrnl.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - EUDSKACS (EUDSKACS) -> \??\C:\WINDOWS\system32\drivers\eudskacs.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - EUFDDISK (EUFDDISK) -> \??\C:\WINDOWS\system32\drivers\EuFdDisk.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - FileCrypt (@%systemroot%\system32\drivers\filecrypt.sys,-100) -> system32\drivers\filecrypt.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - GpuEnergyDrv (@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100) -> System32\drivers\gpuenergydrv.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - Msfs () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - mssmbios (@mssmbios.inf,%mssmbios_svcdesc%;Microsoft System Management BIOS Driver) -> \SystemRoot\System32\drivers\mssmbios.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - NetBIOS (@%windir%\system32\drivers\netbios.sys,-503) -> system32\drivers\netbios.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - NetBT (@%SystemRoot%\system32\drivers\netbt.sys,-2) -> System32\DRIVERS\netbt.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - Npfs () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - npsvctrig (@npsvctrig.inf,%NPSVCTRIG.SvcDisplayName%;Named pipe service trigger provider) -> \SystemRoot\System32\drivers\npsvctrig.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) -> system32\drivers\nsiproxy.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Null () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Psched (@%windir%\System32\drivers\pacer.sys,-101) -> System32\drivers\pacer.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) -> system32\DRIVERS\rdbss.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Serial (@oem34.inf,%Serial.SVCDESC%;Serial port driver) -> \SystemRoot\System32\drivers\serial.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) -> \SystemRoot\system32\DRIVERS\tdx.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - vwififlt (@%SystemRoot%\System32\drivers\vwififlt.sys,-259) -> System32\drivers\vwififlt.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - CldFlt (Windows Cloud Files Filter Driver) -> system32\drivers\cldflt.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - lltdio (@%SystemRoot%\system32\lltdres.dll,-6) -> system32\drivers\lltdio.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) -> \SystemRoot\system32\drivers\luafv.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - MMCSS (@%systemroot%\system32\drivers\mmcss.sys,-100) -> \SystemRoot\system32\drivers\mmcss.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - MsLldp (@%SystemRoot%\system32\drivers\mslldp.sys,-200) -> system32\drivers\mslldp.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - Ndu (@%SystemRoot%\system32\drivers\Ndu.sys,-10001) -> system32\drivers\Ndu.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - PEAUTH (PEAUTH) -> system32\drivers\peauth.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - rspndr (@%SystemRoot%\system32\lltdres.dll,-5) -> system32\drivers\rspndr.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - storqosflt (@%SystemRoot%\System32\drivers\storqosflt.sys,-101) -> system32\drivers\storqosflt.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - tcpipreg (TCP/IP Registry Compatibility) -> System32\drivers\tcpipreg.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - wanarp (@%systemroot%\system32\mprmsg.dll,-32011) -> System32\DRIVERS\wanarp.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - wcifs (@%systemroot%\system32\drivers\wcifs.sys,-100) -> \SystemRoot\system32\drivers\wcifs.sys - AcceptPause: False - AcceptStop: True ---------- | System files (Microsoft|Avast|Atheros|Adaptec|Brother|Intel Files whitelisted) ---------- | Uninstall (Whitelist) [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{148D6ED8-24B8-443D-9C5B-5D6BF506671B}] : (Intel(R) Chipset Device Software.-.Intel Corporation) -> MsiExec.exe /X{148D6ED8-24B8-443D-9C5B-5D6BF506671B} ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{36FAF585-3D08-3D84-8330-4D048F4B6CE6}] : (AMD Fuel.-.Advanced Micro Devices, Inc.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{70A0F34E-564B-4F93-ADD6-3BAEC6E44075}] : (Google Earth Pro.-.Google) -> MsiExec.exe /I{70A0F34E-564B-4F93-ADD6-3BAEC6E44075} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{8C7451C7-6D39-4DF6-9441-B4C593AF020C}] : (DriversCloud.com (64 bits).-.Cybelsoft) -> MsiExec.exe /X{8C7451C7-6D39-4DF6-9441-B4C593AF020C} ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{D9C2E250-17A1-0D68-CB41-83232EC31C2C}] : (ccc-utility64.-.Advanced Micro Devices, Inc.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Renault Media Nav Evolution Toolbox] : (Renault Media Nav Evolution Toolbox.-.) -> C:\Program Files (x86)\RenaultAutomotive\Toolbox4\RenaultMediaNavEvolutionToolbox-uninst.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1028AD34-EB8A-4136-9A93-27FC60FD0A40}] : (Epson Software Updater.-.Seiko Epson Corporation) -> MsiExec.exe /X{1028AD34-EB8A-4136-9A93-27FC60FD0A40} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{11087D24-567D-7D88-69C6-D7A08B5F4C47}] : (Catalyst Control Center - Branding.-.Advanced Micro Devices, Inc.) -> MsiExec.exe /I{11087D24-567D-7D88-69C6-D7A08B5F4C47} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1E93452B-BA3E-7375-958C-EBC5E8672A5E}] : (CCC Help Danish.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{2B642F70-BA82-5E78-41CE-BDFFD5C37530}] : (CCC Help Swedish.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{2EA40F3D-0D93-A391-F383-6F1C708B80BF}] : (CCC Help Turkish.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{3310DD5A-3695-3390-6F38-2B93D862FE02}] : (CCC Help German.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{3C7B5C75-FD82-BC1F-F148-89A3189EF385}] : (AMD Catalyst Control Center.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{4D72F94C-95A5-AA85-E75B-A1A1CB8FCE7A}] : (CCC Help Greek.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{5644668B-04A5-68F6-0AA9-03255877C58F}] : (Catalyst Control Center Localization All.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{5DA870C0-BC5C-BE96-5045-BD429959C0D3}] : (CCC Help Korean.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{5F3182EE-2532-3B96-2BBB-03B87F574E76}] : (CCC Help Portuguese.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}] : (Google Update Helper.-.Google LLC) -> MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{6953ECF8-0B1B-FBD7-0DDB-84C82FBBC2F4}] : (CCC Help Japanese.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{6D7A146A-BD56-8EE1-FCC7-BE02013ACE36}] : (CCC Help Chinese Standard.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{71971AE8-C8F3-3C62-FB89-AC41A96761AB}] : (CCC Help Italian.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{7D94356D-48E0-DE1A-423C-67A363C13771}] : (CCC Help English.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{7DE27D8A-1D73-61EB-86F1-079AF7E55C3A}] : (CCC Help Thai.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{7E0B1563-7607-00D7-21CE-7DAFA6FF009C}] : (CCC Help Czech.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{7F8B68A2-0CD0-7DAF-8955-1419C60886D3}] : (CCC Help Spanish.-.Advanced Micro Devices, Inc.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{84AD2AF7-10C8-0395-66F9-FFAEB4C5DBF1}] : (OEM Application Profile.-.Advanced Micro Devices, Inc.) -> MsiExec.exe /X{84AD2AF7-10C8-0395-66F9-FFAEB4C5DBF1} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}] : (Manuels EPSON.-.Seiko Epson Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{87006B27-A5A6-9EF1-BA04-CD7284462419}] : (CCC Help Norwegian.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{947E1256-258E-60A2-7331-44D09E61CF99}] : (CCC Help Russian.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A3168DE0-479A-D5EC-59C4-0278C7DEC11C}] : (CCC Help Hungarian.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AAAE97DA-1E8B-C0E9-F0E3-5481A09F97C8}] : (CCC Help French.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-0804-1033-1959-001824341201}] : (Adobe Refresh Manager.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-0804-1033-1959-001824341201} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}] : (Adobe Acrobat Reader DC - Français.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-AC0F074E4100} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AFDFBED8-CC9A-8E00-015D-845F0BF9D1E1}] : (CCC Help Chinese Traditional.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{BF44ADDF-E927-4B66-E829-4AF27BF6A58B}] : (CCC Help Polish.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{C3EAC1D2-A492-7B08-A9D5-15EDD5EA1A89}] : (CCC Help Dutch.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{D7D20EB4-BD89-05C0-05C6-33E5B762989E}] : (Catalyst Control Center InstallProxy.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F6860530-9733-0BB2-9C09-F25101076E78}] : (CCC Help Finnish.-.Advanced Micro Devices, Inc.) -> ---------- | Ports ---------- | Installer [HKCR\Installer\Products\0350686F33792BB0C9902F151070E687] : CCC Help Finnish -> C:\WINDOWS\Installer\{F6860530-9733-0BB2-9C09-F25101076E78}\ARPPRODUCTICON.exe [HKCR\Installer\Products\052E2C9D1A7186D0BC143832E23CC1C2] : ccc-utility64 -> C:\WINDOWS\Installer\{D9C2E250-17A1-0D68-CB41-83232EC31C2C}\ARPPRODUCTICON.exe [HKCR\Installer\Products\07F246B228AB87E514ECDBFF5D3C5703] : CCC Help Swedish -> C:\WINDOWS\Installer\{2B642F70-BA82-5E78-41CE-BDFFD5C37530}\ARPPRODUCTICON.exe [HKCR\Installer\Products\0C078AD5C5CB69EB0554DB2499950C3D] : CCC Help Korean -> C:\WINDOWS\Installer\{5DA870C0-BC5C-BE96-5045-BD429959C0D3}\ARPPRODUCTICON.exe [HKCR\Installer\Products\0ED8613AA974CE5D954C20877CED1CC1] : CCC Help Hungarian -> C:\WINDOWS\Installer\{A3168DE0-479A-D5EC-59C4-0278C7DEC11C}\ARPPRODUCTICON.exe [HKCR\Installer\Products\2A86B8F70DC0FAD7985541916C80683D] : CCC Help Spanish -> C:\WINDOWS\Installer\{7F8B68A2-0CD0-7DAF-8955-1419C60886D3}\ARPPRODUCTICON.exe [HKCR\Installer\Products\2D1CAE3C294A80B79A5D51DE5DAEA198] : CCC Help Dutch -> C:\WINDOWS\Installer\{C3EAC1D2-A492-7B08-A9D5-15EDD5EA1A89}\ARPPRODUCTICON.exe [HKCR\Installer\Products\3651B0E770677D0012ECD7FA6AFF00C9] : CCC Help Czech -> C:\WINDOWS\Installer\{7E0B1563-7607-00D7-21CE-7DAFA6FF009C}\ARPPRODUCTICON.exe [HKCR\Installer\Products\42D78011D76588D7966C7D0AB8F5C474] : Catalyst Control Center - Branding -> C:\WINDOWS\Installer\{11087D24-567D-7D88-69C6-D7A08B5F4C47}\ARPPRODUCTICON.exe [HKCR\Installer\Products\43DA8201A8BE6314A93972CF06DFA004] : Epson Software Updater -> C:\WINDOWS\Installer\{1028AD34-EB8A-4136-9A93-27FC60FD0A40}\icon.ico [HKCR\Installer\Products\4BE02D7D98DB0C50506C335E7B2689E9] : Catalyst Control Center InstallProxy -> C:\WINDOWS\Installer\{D7D20EB4-BD89-05C0-05C6-33E5B762989E}\ARPPRODUCTICON.exe [HKCR\Installer\Products\57C5B7C328DFF1CB1F84983A81E93F58] : AMD Catalyst Control Center -> C:\WINDOWS\Installer\{3C7B5C75-FD82-BC1F-F148-89A3189EF385}\ARPPRODUCTICON.exe [HKCR\Installer\Products\585FAF6380D348D33803D440F8B4C66E] : AMD Fuel -> C:\WINDOWS\Installer\{36FAF585-3D08-3D84-8330-4D048F4B6CE6}\ARPPRODUCTICON.exe [HKCR\Installer\Products\6521E749E8522A063713440DE916FC99] : CCC Help Russian -> C:\WINDOWS\Installer\{947E1256-258E-60A2-7331-44D09E61CF99}\ARPPRODUCTICON.exe [HKCR\Installer\Products\68AB67CA408033019195008142432110] : Adobe Refresh Manager -> C:\WINDOWS\Installer\{AC76BA86-0804-1033-1959-001824341201}\ARPPRODUCTICON.exe [HKCR\Installer\Products\68AB67CA7DA76301B744CAF070E41400] : Adobe Acrobat Reader DC - Français -> C:\WINDOWS\Installer\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}\SC_Reader.ico [HKCR\Installer\Products\72B600786A5A1FE9AB40DC2748644291] : CCC Help Norwegian -> C:\WINDOWS\Installer\{87006B27-A5A6-9EF1-BA04-CD7284462419}\ARPPRODUCTICON.exe [HKCR\Installer\Products\7C1547C893D66FD449144B5C39FA20C0] : DriversCloud.com (64 bits) -> C:\WINDOWS\Installer\{8C7451C7-6D39-4DF6-9441-B4C593AF020C}\maconfico [HKCR\Installer\Products\7FA2DA488C015930669FFFEA4B5CBD1F] : OEM Application Profile -> C:\WINDOWS\Installer\{84AD2AF7-10C8-0395-66F9-FFAEB4C5DBF1}\ARPPRODUCTICON.exe [HKCR\Installer\Products\8DE6D8418B42D344C9B5D5B65F6076B1] : Intel(R) Chipset Device Software [HKCR\Installer\Products\8DEBFDFAA9CC00E810D548F5B09F1D1E] : CCC Help Chinese Traditional -> C:\WINDOWS\Installer\{AFDFBED8-CC9A-8E00-015D-845F0BF9D1E1}\ARPPRODUCTICON.exe [HKCR\Installer\Products\8EA179173F8C26C3BF98CA149A7616BA] : CCC Help Italian -> C:\WINDOWS\Installer\{71971AE8-C8F3-3C62-FB89-AC41A96761AB}\ARPPRODUCTICON.exe [HKCR\Installer\Products\8FCE3596B1B07DBFD0BD488CF2BB2C4F] : CCC Help Japanese -> C:\WINDOWS\Installer\{6953ECF8-0B1B-FBD7-0DDB-84C82FBBC2F4}\ARPPRODUCTICON.exe [HKCR\Installer\Products\A089CE062ADB6BC44A720BA745894BAC] : Google Update Helper [HKCR\Installer\Products\A5DD013359630933F683B2398D26EF20] : CCC Help German -> C:\WINDOWS\Installer\{3310DD5A-3695-3390-6F38-2B93D862FE02}\ARPPRODUCTICON.exe [HKCR\Installer\Products\A641A7D665DB1EE8CF7CEB2010A3EC63] : CCC Help Chinese Standard -> C:\WINDOWS\Installer\{6D7A146A-BD56-8EE1-FCC7-BE02013ACE36}\ARPPRODUCTICON.exe [HKCR\Installer\Products\A8D72ED737D1BE16681F70A97F5EC5A3] : CCC Help Thai -> C:\WINDOWS\Installer\{7DE27D8A-1D73-61EB-86F1-079AF7E55C3A}\ARPPRODUCTICON.exe [HKCR\Installer\Products\AD79EAAAB8E19E0C0F3E45180AF9798C] : CCC Help French -> C:\WINDOWS\Installer\{AAAE97DA-1E8B-C0E9-F0E3-5481A09F97C8}\ARPPRODUCTICON.exe [HKCR\Installer\Products\B1CCEC48FE121B14A919E327E4D5993D] : Manuels EPSON -> C:\WINDOWS\Installer\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}\EPSMICO.ICO [HKCR\Installer\Products\B25439E1E3AB573759C8BE5C8E76A2E5] : CCC Help Danish -> C:\WINDOWS\Installer\{1E93452B-BA3E-7375-958C-EBC5E8672A5E}\ARPPRODUCTICON.exe [HKCR\Installer\Products\B86644655A406F86A09A305285775CF8] : Catalyst Control Center Localization All -> C:\WINDOWS\Installer\{5644668B-04A5-68F6-0AA9-03255877C58F}\ARPPRODUCTICON.exe [HKCR\Installer\Products\C49F27D45A5958AA7EB51A1ABCF8ECA7] : CCC Help Greek -> C:\WINDOWS\Installer\{4D72F94C-95A5-AA85-E75B-A1A1CB8FCE7A}\ARPPRODUCTICON.exe [HKCR\Installer\Products\D3F04AE239D0193A3F38F6C107B808FB] : CCC Help Turkish -> C:\WINDOWS\Installer\{2EA40F3D-0D93-A391-F383-6F1C708B80BF}\ARPPRODUCTICON.exe [HKCR\Installer\Products\D65349D70E84A1ED24C3763A361C7317] : CCC Help English -> C:\WINDOWS\Installer\{7D94356D-48E0-DE1A-423C-67A363C13771}\ARPPRODUCTICON.exe [HKCR\Installer\Products\E43F0A07B46539F4DA6DB3EA6C4E0457] : Google Earth Pro -> C:\WINDOWS\Installer\{70A0F34E-564B-4F93-ADD6-3BAEC6E44075}\MainIcon.ico [HKCR\Installer\Products\EE2813F5235269B3B2BB308BF775E467] : CCC Help Portuguese -> C:\WINDOWS\Installer\{5F3182EE-2532-3B96-2BBB-03B87F574E76}\ARPPRODUCTICON.exe [HKCR\Installer\Products\FDDA44FB729E66B48E92A42FB76F5AB8] : CCC Help Polish -> C:\WINDOWS\Installer\{BF44ADDF-E927-4B66-E829-4AF27BF6A58B}\ARPPRODUCTICON.exe ---------- | Drives ---------- | MBR 64 bits not supported by MBR.exe, Dump : C:\QuickDiag\MBR.Bin ---------- | 20 LastEventLog svchost (7952,R,98) TILEREPOSITORYS-1-5-18: L’erreur -1023 (0xfffffc01) s’est produite lors de l’ouverture d’un fichier journal C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. ------------ svchost (7484,R,98) TILEREPOSITORYS-1-5-18: L’erreur -1023 (0xfffffc01) s’est produite lors de l’ouverture d’un fichier journal C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. ------------ svchost (7312,R,98) TILEREPOSITORYS-1-5-18: L’erreur -1023 (0xfffffc01) s’est produite lors de l’ouverture d’un fichier journal C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. ------------ svchost (7640,R,98) TILEREPOSITORYS-1-5-18: L’erreur -1023 (0xfffffc01) s’est produite lors de l’ouverture d’un fichier journal C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. ------------ svchost (7092,R,98) TILEREPOSITORYS-1-5-18: L’erreur -1023 (0xfffffc01) s’est produite lors de l’ouverture d’un fichier journal C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. ------------ svchost (2364,R,98) TILEREPOSITORYS-1-5-18: L’erreur -1023 (0xfffffc01) s’est produite lors de l’ouverture d’un fichier journal C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. ------------ svchost (3304,R,98) TILEREPOSITORYS-1-5-18: L’erreur -1023 (0xfffffc01) s’est produite lors de l’ouverture d’un fichier journal C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. ------------ svchost (2540,R,98) TILEREPOSITORYS-1-5-18: L’erreur -1023 (0xfffffc01) s’est produite lors de l’ouverture d’un fichier journal C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. ------------ Erreur du service de cliché instantané des volumes : erreur lors de l’interrogation de l’interface IVssWriterCallback. hr = 0x80070005, Accès refusé. . Cette erreur est souvent due à des paramètres de sécurité incorrects dans le processus du rédacteur ou du demandeur. Opération : Données du rédacteur en cours de collecte Contexte : ID de classe du rédacteur: {e8132975-6f93-4464-a53e-1050253ae220} Nom du rédacteur: System Writer ID d’instance du rédacteur: {a5c06c14-fb6f-4ffc-a559-65f34e8e7afb} ------------ svchost (8468,R,98) TILEREPOSITORYS-1-5-18: L’erreur -1023 (0xfffffc01) s’est produite lors de l’ouverture d’un fichier journal C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. ------------ svchost (2560,R,98) TILEREPOSITORYS-1-5-18: L’erreur -1023 (0xfffffc01) s’est produite lors de l’ouverture d’un fichier journal C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. ------------ Nom de l’application défaillante YahooWidgets.exe, version : 4.5.2.0, horodatage : 0x47e05eca Nom du module défaillant : YahooWidgets.exe, version : 4.5.2.0, horodatage : 0x47e05eca Code d’exception : 0xc0000005 Décalage d’erreur : 0x00095551 ID du processus défaillant : 0x1ca8 Heure de début de l’application défaillante : 0x01d56b1e5378b91c Chemin d’accès de l’application défaillante : C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe Chemin d’accès du module défaillant: C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe ID de rapport : c3a31f11-ce90-4a6e-aa18-4c4641523ba9 Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ La ruche utilisateur est chargée par un autre processus (verrouillage de Registre) Nom du processus : C:\Windows\System32\svchost.exe, PID : 1664, PID ProfSvc : 1584. ------------ svchost (6596,R,98) TILEREPOSITORYS-1-5-18: L’erreur -1023 (0xfffffc01) s’est produite lors de l’ouverture d’un fichier journal C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. ------------ svchost (3236,R,98) TILEREPOSITORYS-1-5-18: L’erreur -1023 (0xfffffc01) s’est produite lors de l’ouverture d’un fichier journal C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. ------------ Erreur du service de cliché instantané des volumes : erreur lors de l’appel de la routine CoCreateInstance. hr = 0x8007045b, Un arrêt système est en cours. . ------------ Informations du service de cliché instantané de volumes : impossible de démarrer le serveur COM de CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} et de nom CEventSystem. [0x8007045b, Un arrêt système est en cours. ] ------------ Erreur du service de cliché instantané des volumes : erreur lors de l’appel de la routine CoCreateInstance. hr = 0x8007045b, Un arrêt système est en cours. . ------------ Informations du service de cliché instantané de volumes : impossible de démarrer le serveur COM de CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} et de nom CEventSystem. [0x8007045b, Un arrêt système est en cours. ] ------------ ----------( EOF)---------- - 4515 | 09:27:56