--------------- QuickDiag | g3n-h@ckm@n | V5_10.09.19.1 --------------- ----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 17/09/2019 20:14:23 Updated 10/09/2019 | 23:30 (GMT) by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Time Zone : (UTC+01:00) Bruxelles, Copenhague, Madrid, Paris [xbera (Administrator)] - [DESKTOP-1BVC1B8] (S-1-5-21-2984681472-3382979029-149579308-1002) System: Microsoft Windows 10 Famille - - (10.0.18362) - BuildType: Multiprocessor Free - OSLanguage: 1036 (040c) -> (1903) System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True Boot : Microsoft Windows 10 Famille|C:\WINDOWS|\Device\Harddisk0\Partition2 Boot : Normal boot PC: SH61R4 - Shuttle Inc. - IdNumber: 4008 - UUID: 03000200-0400-0500-0006-000700080009 Processor : X64 - 3293 Mhz - Intel(R) Core(TM) i5-2500 CPU @ 3.30GHz BIOS Date: 07/15/11 14:07:56 Ver: 04.06.04 - en|US|iso8859-1 - American Megatrends Inc. - S/N: 4008 - 1.00 - Shuttl - 1072009 CoreTemp : ? Celsius ----------| Quick ---------- | SoundDevice Périphérique High Definition Audio - Status: OK - Manufacturer: Microsoft - PNPDeviceID: HDAUDIO\FUNC_01&VEN_8086&DEV_2805&SUBSYS_80862805&REV_1000\4&1716AB6&0&0301 Périphérique High Definition Audio - Status: OK - Manufacturer: Microsoft - PNPDeviceID: HDAUDIO\FUNC_01&VEN_111D&DEV_76C1&SUBSYS_12974008&REV_1001\4&1716AB6&0&0201 AMD High Definition Audio Device - Status: OK - Manufacturer: Advanced Micro Devices - PNPDeviceID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1002\5&2CCFD07D&0&0001 ---------- | Video AMD Radeon HD 5670 - Resolution: 1920x1080 - Colors: 4294967296 - RefreshRate: 60 - 32 Bits Per Pixel - DeviceID: VideoController1 - Drivers: aticfx64.dll,aticfx64.dll,aticfx64.dll,amdxc64.dll - PNPDeviceID: PCI\VEN_1002&DEV_68D8&SUBSYS_03C01043&REV_00\4&2967C37E&0&0008 - AdapterCompatibility: Advanced Micro Devices, Inc. - RAM: 1073741824 Inegrated Video Chipset DeviceName: AMD Radeon HD 5670 - DriverVersion: 8.14.01.6463 - SpecificationVersion: 1025 ---------- | Codecs C:\WINDOWS\system32\IMAADP32.ACM - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 36920 - Manufacturer: Microsoft Corporation - Status: OK C:\WINDOWS\system32\MSVIDC32.DLL - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 39424 - Manufacturer: Microsoft Corporation - Status: OK C:\WINDOWS\system32\MSADP32.ACM - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 34808 - Manufacturer: Microsoft Corporation - Status: OK C:\WINDOWS\system32\MSGSM32.ACM - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 42600 - Manufacturer: Microsoft Corporation - Status: OK C:\WINDOWS\system32\MSRLE32.DLL - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 17920 - Manufacturer: Microsoft Corporation - Status: OK C:\WINDOWS\system32\TSBYUV.DLL - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 16896 - Manufacturer: Microsoft Corporation - Status: OK C:\WINDOWS\system32\MSG711.ACM - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 26056 - Manufacturer: Microsoft Corporation - Status: OK C:\WINDOWS\system32\L3CODECA.ACM - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 92672 - Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK C:\WINDOWS\system32\IYUV_32.DLL - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 54272 - Manufacturer: Microsoft Corporation - Status: OK C:\WINDOWS\system32\MSYUV.DLL - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 27648 - Manufacturer: Microsoft Corporation - Status: OK ---------- | CPU CPU #1 value:50 % CPU #2 value:43 % CPU #3 value:31 % CPU #4 value:50 % Total Overall CPU Usage value:43 % ---------- | Network Microsoft Kernel Debug Network Adapter - - Microsoft - Status: - PnPID : ROOT\KDNIC\0000 Realtek PCIe GbE Family Controller - Ethernet 802.3 - Realtek - Status: - PnPID : PCI\VEN_10EC&DEV_8168&SUBSYS_01231297&REV_06\8F000000684CE00000 WAN Miniport (SSTP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_SSTPMINIPORT WAN Miniport (IKEv2) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_AGILEVPNMINIPORT WAN Miniport (L2TP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_L2TPMINIPORT WAN Miniport (PPTP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_PPTPMINIPORT WAN Miniport (PPPOE) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_PPPOEMINIPORT WAN Miniport (IP) - Ethernet 802.3 - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_NDISWANIP WAN Miniport (IPv6) - Ethernet 802.3 - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_NDISWANIPV6 WAN Miniport (Network Monitor) - Ethernet 802.3 - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_NDISWANBH ---------- | Memory RAM = Total (MB) : 4175 | Free (MB) : 1626 Pagefile = Total (MB) : 5617 | Free (MB) : 3093 Virtual = Total (MB) : 4194 | Free (MB) : 3905 Physical Memory 0 : Capacity: 2147483648 - A1_DIMM0 - Posit.: 0 - Manufacturer: Micron - PartNumber: 16JTF25664AY-1G4D1 - S/N: EA1B9037 Physical Memory 2 : Capacity: 2147483648 - A1_DIMM2 - Posit.: 0 - Manufacturer: Micron - PartNumber: 16JTF25664AY-1G4D1 - S/N: EA1B8FD7 ---------- | SID Users Administrateur : [S-1-5-21-2984681472-3382979029-149579308-500] DefaultAccount : [S-1-5-21-2984681472-3382979029-149579308-503] Invité : [S-1-5-21-2984681472-3382979029-149579308-501] WDAGUtilityAccount : [S-1-5-21-2984681472-3382979029-149579308-504] xbera : [S-1-5-21-2984681472-3382979029-149579308-1002] Administrateurs : [S-1-5-32-544] Administrateurs Hyper-V : [S-1-5-32-578] IIS_IUSRS : [S-1-5-32-568] Invités : [S-1-5-32-546] Lecteurs des journaux d’événements : [S-1-5-32-573] System Managed Accounts Group : [S-1-5-32-581] Utilisateurs : [S-1-5-32-545] Utilisateurs de gestion à distance : [S-1-5-32-580] Utilisateurs de l’Analyseur de performances : [S-1-5-32-558] Utilisateurs du journal de performances : [S-1-5-32-559] Utilisateurs du modèle COM distribué : [S-1-5-32-562] AMD FUEL : [S-1-5-21-2984681472-3382979029-149579308-1008] ---------- | SystemAccounts Name: Tout le monde - SID: S-1-1-0 - SIDType: 5 - Status: OK Name: LOCAL - SID: S-1-2-0 - SIDType: 5 - Status: OK Name: CREATEUR PROPRIETAIRE - SID: S-1-3-0 - SIDType: 5 - Status: OK Name: GROUPE CREATEUR - SID: S-1-3-1 - SIDType: 5 - Status: OK Name: CREATOR OWNER SERVER - SID: S-1-3-2 - SIDType: 5 - Status: OK Name: CREATOR GROUP SERVER - SID: S-1-3-3 - SIDType: 5 - Status: OK Name: DROITS DU PROPRIÉTAIRE - SID: S-1-3-4 - SIDType: 5 - Status: OK Name: LIGNE - SID: S-1-5-1 - SIDType: 5 - Status: OK Name: RESEAU - SID: S-1-5-2 - SIDType: 5 - Status: OK Name: TACHE - SID: S-1-5-3 - SIDType: 5 - Status: OK Name: INTERACTIF - SID: S-1-5-4 - SIDType: 5 - Status: OK Name: SERVICE - SID: S-1-5-6 - SIDType: 5 - Status: OK Name: ANONYMOUS LOGON - SID: S-1-5-7 - SIDType: 5 - Status: OK Name: Proxy - SID: S-1-5-8 - SIDType: 5 - Status: OK Name: Système - SID: S-1-5-18 - SIDType: 5 - Status: OK Name: ENTERPRISE DOMAIN CONTROLLERS - SID: S-1-5-9 - SIDType: 5 - Status: OK Name: SELF - SID: S-1-5-10 - SIDType: 5 - Status: OK Name: Utilisateurs authentifiés - SID: S-1-5-11 - SIDType: 5 - Status: OK Name: RESTRICTED - SID: S-1-5-12 - SIDType: 5 - Status: OK Name: UTILISATEUR TERMINAL SERVER - SID: S-1-5-13 - SIDType: 5 - Status: OK Name: REMOTE INTERACTIVE LOGON - SID: S-1-5-14 - SIDType: 5 - Status: OK Name: IUSR - SID: S-1-5-17 - SIDType: 5 - Status: OK Name: SERVICE LOCAL - SID: S-1-5-19 - SIDType: 5 - Status: OK Name: SERVICE RÉSEAU - SID: S-1-5-20 - SIDType: 5 - Status: OK Name: BUILTIN - SID: S-1-5-32 - SIDType: 3 - Status: OK ---------- | Drives C:\ -> [Fixed] | [] | Total : 231.87 Go | Free : 96.12 Go -> NTFS [SATA] Disk Usage Information [1 total Physical Disks] Physical Drive #0 [C:] : Read:835,598 bytes/sec, Written:1,533,948 bytes/sec Max Read:835,598 bytes/sec, Max Write:1,533,948 bytes/sec Overall - Read Maximum:835,598 bytes/sec, Write Maximum:1,533,948 bytes/sec DeviceID: \\.\PHYSICALDRIVE0 - Status: OK - IDE - Fixed hard disk media - 3 Part. - PnPID : SCSI\DISK&VEN_&PROD_ST3250310CS\4&1BC90E86&0&040000 ---------- | Windows updates - Activation - License W.A.T : :) Test 1 : Windows Is Activated Volume License ---------- | Browsers IE : 11.0.18362.1 (© Microsoft Corporation. Tous droits réservés.) GC : 76.0.3809.132 (Copyright 2019 Google LLC.) Default : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" ---------- | FlashPlayer FlashPlayer ActiveX : 32.0.0.255 ---------- | Security AV : Windows Defender Enabled AS : Avast Antivirus Enabled FW : WINDOWS Firewall WMI : OK WU: Windows Update Service [Manual(3)] = Running AS: Windows Defender [Auto(2)] = Running WMI: Windows Management Instrumentation [Auto(2)] = Running ---------- | Running processes 376 | [Owner : Système | Parent : 4(System) | ?????] - (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (10.0.18362.329) = C:\Windows\System32\smss.exe [14/09/2019 18:36:43] CPU Usage:0 % 492 | [Owner : Système | Parent : 476() | ?????] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (10.0.18362.1) = C:\Windows\System32\csrss.exe [19/03/2019 06:44:35] CPU Usage:0 % 592 | [Owner : Système | Parent : 476() | ?????] - (.Microsoft Corporation - Application de démarrage de Windows.) - (10.0.18362.1) = C:\Windows\System32\wininit.exe [19/03/2019 06:44:35] CPU Usage:0 % 608 | [Owner : Système | Parent : 584() | ?????] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (10.0.18362.1) = C:\Windows\System32\csrss.exe [19/03/2019 06:44:35] CPU Usage:0 % 664 | [Owner : Système | Parent : 592(wininit.exe) | ?????] - (.Microsoft Corporation - Applications Services et Contrôleur.) - (10.0.18362.207) = C:\Windows\System32\services.exe [13/09/2019 18:12:37] CPU Usage:0 % 712 | [Owner : Système | Parent : 584() | 11.64 Mo] - (.Microsoft Corporation - Application d’ouverture de session Windows.) - (10.0.18362.356) = C:\Windows\System32\winlogon.exe [14/09/2019 18:36:51] CPU Usage:0 % 728 | [Owner : Système | Parent : 592(wininit.exe) | 16.77 Mo] - (.Microsoft Corporation - Local Security Authority Process.) - (10.0.18362.1) = C:\Windows\System32\lsass.exe [19/03/2019 06:44:36] CPU Usage:0 % 872 | [Owner : Système | Parent : 664(services.exe) | 3.96 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 896 | [Owner : Système | Parent : 664(services.exe) | 26.39 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 904 | [Owner : UMFD-0 | Parent : 592(wininit.exe) | 3.69 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.18362.356) = C:\Windows\System32\fontdrvhost.exe [14/09/2019 18:36:50] CPU Usage:0 % 908 | [Owner : UMFD-1 | Parent : 712(winlogon.exe) | 31.7 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.18362.356) = C:\Windows\System32\fontdrvhost.exe [14/09/2019 18:36:50] CPU Usage:0 % 1016 | [Owner : SERVICE RÉSEAU | Parent : 664(services.exe) | 13.08 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 404 | [Owner : Système | Parent : 664(services.exe) | 8.29 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 452 | [Owner : DWM-1 | Parent : 712(winlogon.exe) | 46.12 Mo] - (.Microsoft Corporation - Gestionnaire de fenêtres du Bureau.) - (10.0.18362.329) = C:\Windows\System32\dwm.exe [14/09/2019 18:35:59] CPU Usage:0 % 1112 | [Owner : Système | Parent : 664(services.exe) | 15.64 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 1144 | [Owner : Système | Parent : 664(services.exe) | 12.12 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 1152 | [Owner : Système | Parent : 664(services.exe) | 10.49 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 1256 | [Owner : Système | Parent : 664(services.exe) | 5.97 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 1272 | [Owner : Système | Parent : 664(services.exe) | 9.84 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 1316 | [Owner : SERVICE LOCAL | Parent : 664(services.exe) | 5.26 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 1324 | [Owner : SERVICE LOCAL | Parent : 664(services.exe) | 5.77 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 1448 | [Owner : SERVICE LOCAL | Parent : 664(services.exe) | 12.1 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 1504 | [Owner : SERVICE LOCAL | Parent : 664(services.exe) | 18.39 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 1524 | [Owner : SERVICE LOCAL | Parent : 664(services.exe) | 7.3 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 1544 | [Owner : Système | Parent : 664(services.exe) | 5.94 Mo] - (.AMD - AMD External Events Service Module.) - (6.14.11.1199) = C:\Windows\System32\atiesrxx.exe [16/12/2015 20:07:40] CPU Usage:0 % 1684 | [Owner : SERVICE LOCAL | Parent : 664(services.exe) | 8.17 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 1708 | [Owner : SERVICE LOCAL | Parent : 664(services.exe) | 7.35 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 1784 | [Owner : SERVICE RÉSEAU | Parent : 664(services.exe) | 10.94 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 1804 | [Owner : SERVICE RÉSEAU | Parent : 664(services.exe) | 7.83 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 1932 | [Owner : SERVICE LOCAL | Parent : 664(services.exe) | 8.58 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 1040 | [Owner : SERVICE LOCAL | Parent : 664(services.exe) | 7.23 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 2124 | [Owner : Système | Parent : 1544(atiesrxx.exe) | 10.16 Mo] - (.AMD - AMD External Events Client Module.) - (6.14.11.1199) = C:\Windows\System32\atieclxx.exe [16/12/2015 20:07:40] CPU Usage:0 % 2144 | [Owner : Système | Parent : 664(services.exe) | 64.46 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 2152 | [Owner : Système | Parent : 664(services.exe) | 5.78 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 2160 | [Owner : SERVICE LOCAL | Parent : 664(services.exe) | 7.73 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 2268 | [Owner : Système | Parent : 664(services.exe) | 8.33 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 2292 | [Owner : Système | Parent : 664(services.exe) | 7.98 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 2300 | [Owner : SERVICE LOCAL | Parent : 664(services.exe) | 7.71 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 2392 | [Owner : SERVICE LOCAL | Parent : 664(services.exe) | 12.81 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 2480 | [Owner : Système | Parent : 664(services.exe) | 12.76 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 2488 | [Owner : SERVICE LOCAL | Parent : 664(services.exe) | 9.35 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 2496 | [Owner : SERVICE LOCAL | Parent : 664(services.exe) | 6.24 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 2552 | [Owner : Système | Parent : 664(services.exe) | 14.47 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 2736 | [Owner : Système | Parent : 664(services.exe) | 15.66 Mo] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.18362.239) = C:\Windows\System32\spoolsv.exe [13/09/2019 18:11:28] CPU Usage:0 % 2792 | [Owner : SERVICE LOCAL | Parent : 664(services.exe) | 18.1 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 2856 | [Owner : SERVICE RÉSEAU | Parent : 664(services.exe) | 7.98 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 2944 | [Owner : Système | Parent : 664(services.exe) | 6.39 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 2952 | [Owner : SERVICE LOCAL | Parent : 664(services.exe) | 19.72 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 2960 | [Owner : SERVICE RÉSEAU | Parent : 664(services.exe) | 14.19 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 2968 | [Owner : Système | Parent : 664(services.exe) | 32.53 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 2984 | [Owner : Système | Parent : 664(services.exe) | 7.71 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 3040 | [Owner : Système | Parent : 664(services.exe) | 18.61 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 3048 | [Owner : SERVICE LOCAL | Parent : 664(services.exe) | 6.26 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 3064 | [Owner : SERVICE LOCAL | Parent : 664(services.exe) | 7.88 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 2324 | [Owner : Système | Parent : 664(services.exe) | 20.94 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 2200 | [Owner : Système | Parent : 664(services.exe) | 5.52 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 2420 | [Owner : SERVICE LOCAL | Parent : 664(services.exe) | 6.42 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 3140 | [Owner : Système | Parent : 664(services.exe) | 6.44 Mo] - (.Apple Inc. - Bonjour Service.) - (3.1.0.1) = C:\Program Files\Bonjour\mDNSResponder.exe [12/08/2015 16:03:42] CPU Usage:0 % 3148 | [Owner : Système | Parent : 664(services.exe) | 6.36 Mo] - (.Dropbox, Inc. - Dropbox Service.) - (1.0.24.0) = C:\Windows\System32\DbxSvc.exe [05/09/2019 14:18:06] CPU Usage:0 % 3160 | [Owner : Système | Parent : 664(services.exe) | 10.99 Mo] - (.- HuaweiHiSuiteService.) - (2.0.0.42) = C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [19/08/2019 03:49:28] CPU Usage:0 % 3168 | [Owner : Système | Parent : 664(services.exe) | 12.65 Mo] - (.Apple Inc. - MobileDeviceService.) - (17.423.0.24) = C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [11/10/2017 12:23:00] CPU Usage:0 % 3284 | [Owner : SERVICE LOCAL | Parent : 664(services.exe) | 5.3 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 3320 | [Owner : Système | Parent : 664(services.exe) | 9.05 Mo] - (.Adobe Systems Incorporated - Adobe Update Service.) - (4.2.0.211) = C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [13/07/2017 09:50:22] CPU Usage:0 % 3328 | [Owner : Système | Parent : 664(services.exe) | 6.8 Mo] - (.Adobe Systems - Adobe Acrobat Update Service.) - (1.824.34.1201) = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [24/07/2019 01:58:34] CPU Usage:0 % 3356 | [Owner : Système | Parent : 664(services.exe) | 11.24 Mo] - (.Adobe Systems, Incorporated - Adobe Genuine Software Integrity Service.) - (6.3.1.77) = C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [27/02/2017 09:55:02] CPU Usage:0 % 3372 | [Owner : Système | Parent : 664(services.exe) | 12.06 Mo] - (.Adobe Systems, Incorporated - Adobe Genuine Software Service.) - (6.3.1.77) = C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [11/05/2018 12:50:52] CPU Usage:0 % 3444 | [Owner : Système | Parent : 664(services.exe) | 12.19 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 3508 | [Owner : SERVICE LOCAL | Parent : 2944(svchost.exe) | 8.54 Mo] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (10.0.18362.1) = C:\Windows\System32\dasHost.exe [19/03/2019 06:44:18] CPU Usage:0 % 3544 | [Owner : Système | Parent : 664(services.exe) | ?????] - (.Malwarebytes - Malwarebytes Service.) - (3.2.0.765) = C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [13/10/2018 08:03:12] CPU Usage:0 % 3680 | [Owner : SERVICE LOCAL | Parent : 664(services.exe) | 7.4 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 3892 | [Owner : Système | Parent : 664(services.exe) | 8.66 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 4000 | [Owner : Système | Parent : 664(services.exe) | 11.86 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 4880 | [Owner : Système | Parent : 896(svchost.exe) | 6.58 Mo] - (.Microsoft Corporation - Sink to receive asynchronous callbacks for WMI client application.) - (10.0.18362.1) = C:\Windows\System32\wbem\unsecapp.exe [19/03/2019 06:43:54] CPU Usage:0 % 4996 | [Owner : SERVICE RÉSEAU | Parent : 896(svchost.exe) | 15.54 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.18362.1) = C:\Windows\System32\wbem\WmiPrvSE.exe [19/03/2019 06:44:00] CPU Usage:0 % 892 | [Owner : Système | Parent : 896(svchost.exe) | 15.76 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.18362.1) = C:\Windows\System32\wbem\WmiPrvSE.exe [19/03/2019 06:44:00] CPU Usage:0 % 3584 | [Owner : xbera | Parent : 3544(MBAMService.exe) | 43.77 Mo] - (.Malwarebytes - Malwarebytes Tray Application.) - (3.1.0.1807) = C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [15/02/2018 13:46:06] CPU Usage:0 % 4928 | [Owner : xbera | Parent : 1272(svchost.exe) | 26.38 Mo] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.18362.1) = C:\Windows\System32\sihost.exe [19/03/2019 06:44:12] CPU Usage:0 % 720 | [Owner : xbera | Parent : 664(services.exe) | 25.91 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 1588 | [Owner : xbera | Parent : 664(services.exe) | 36.26 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 4840 | [Owner : Système | Parent : 664(services.exe) | 12.59 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 2772 | [Owner : xbera | Parent : 1112(svchost.exe) | 14.28 Mo] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.18362.1) = C:\Windows\System32\taskhostw.exe [19/03/2019 06:44:33] CPU Usage:0 % 676 | [Owner : Système | Parent : 664(services.exe) | 8.12 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 4100 | [Owner : xbera | Parent : 676(svchost.exe) | 14.17 Mo] - (.Microsoft Corporation - Chargeur CTF.) - (10.0.18362.1) = C:\Windows\System32\ctfmon.exe [19/03/2019 06:44:33] CPU Usage:0 % 4528 | [Owner : SERVICE LOCAL | Parent : 664(services.exe) | 17.17 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 5188 | [Owner : xbera | Parent : 5152() | 107.64 Mo] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.18362.329) = C:\Windows\explorer.exe [14/09/2019 18:33:41] CPU Usage:0 % 5404 | [Owner : xbera | Parent : 664(services.exe) | 16.8 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 6052 | [Owner : xbera | Parent : 896(svchost.exe) | 66.56 Mo] - (.-.) - (0.0.0.0) = C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe [14/09/2019 18:35:10] CPU Usage:0 % 2408 | [Owner : xbera | Parent : 896(svchost.exe) | 22.92 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.18362.1) = C:\Windows\System32\RuntimeBroker.exe [19/03/2019 06:44:06] CPU Usage:0 % 1476 | [Owner : Système | Parent : 664(services.exe) | 35.43 Mo] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.18362.329) = C:\Windows\System32\SearchIndexer.exe [14/09/2019 18:34:53] CPU Usage:0 % 1008 | [Owner : Système | Parent : 2804() | 0.78 Mo] - (.AVAST Software - Avast Browser Update.) - (1.4.154.333) = C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler.exe [16/04/2019 11:05:32] CPU Usage:0 % 5608 | [Owner : xbera | Parent : 896(svchost.exe) | 71.44 Mo] - (.Microsoft Corporation - Search and Cortana application.) - (10.0.18362.329) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [14/09/2019 18:37:10] CPU Usage:0 % 5788 | [Owner : xbera | Parent : 896(svchost.exe) | 16.6 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.18362.1) = C:\Windows\System32\RuntimeBroker.exe [19/03/2019 06:44:06] CPU Usage:0 % 5488 | [Owner : Système | Parent : 2472() | 0.52 Mo] - (.Google LLC - Google Crash Handler.) - (1.3.34.11) = C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe [15/05/2019 11:52:49] CPU Usage:0 % 5744 | [Owner : SERVICE LOCAL | Parent : 664(services.exe) | 9.79 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 5960 | [Owner : xbera | Parent : 896(svchost.exe) | 33.32 Mo] - (.-.) - (1.19082.1006.0) = C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19082.1006.0_x64__8wekyb3d8bbwe\YourPhone.exe [17/09/2019 17:19:00] CPU Usage:0 % 5420 | [Owner : Système | Parent : 3004() | 4 Mo] - (.Dropbox, Inc. - Dropbox Update.) - (1.3.27.73) = C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [23/08/2017 18:55:57] CPU Usage:0 % 4016 | [Owner : Système | Parent : 2472() | 0.48 Mo] - (.Google LLC - Google Crash Handler.) - (1.3.34.11) = C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe [15/05/2019 11:52:50] CPU Usage:0 % 964 | [Owner : Système | Parent : 2804() | 0.48 Mo] - (.AVAST Software - Avast Browser Update.) - (1.4.154.333) = C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler64.exe [16/04/2019 11:05:33] CPU Usage:0 % 5456 | [Owner : xbera | Parent : 896(svchost.exe) | 8.84 Mo] - (.Microsoft Corporation - Host Process for Setting Synchronization.) - (10.0.18362.239) = C:\Windows\System32\SettingSyncHost.exe [13/09/2019 18:13:07] CPU Usage:0 % 5056 | [Owner : xbera | Parent : 664(services.exe) | 12.6 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 4732 | [Owner : Système | Parent : 1476(SearchIndexer.exe) | 10.36 Mo] - (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) - (7.0.18362.329) = C:\Windows\System32\SearchProtocolHost.exe [14/09/2019 18:34:52] CPU Usage:4 % 6176 | [Owner : xbera | Parent : 896(svchost.exe) | 6.43 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.18362.1) = C:\Windows\System32\RuntimeBroker.exe [19/03/2019 06:44:06] CPU Usage:0 % 6280 | [Owner : xbera | Parent : 5188(explorer.exe) | 8.9 Mo] - (.Microsoft Corporation - Windows Security notification icon.) - (10.0.18362.1) = C:\Windows\System32\SecurityHealthSystray.exe [19/03/2019 06:44:23] CPU Usage:0 % 6336 | [Owner : Système | Parent : 664(services.exe) | ?????] - (.Microsoft Corporation - Windows Security Health Service.) - (4.18.1901.16384) = C:\Windows\System32\SecurityHealthService.exe [14/09/2019 18:36:55] CPU Usage:0 % 6392 | [Owner : xbera | Parent : 896(svchost.exe) | 17.5 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.18362.1) = C:\Windows\System32\RuntimeBroker.exe [19/03/2019 06:44:06] CPU Usage:0 % 6404 | [Owner : xbera | Parent : 5188(explorer.exe) | 15.44 Mo] - (.Apple Inc. - iTunesHelper.) - (12.9.3.3) = C:\Program Files\iTunes\iTunesHelper.exe [18/01/2019 21:03:40] CPU Usage:0 % 6444 | [Owner : xbera | Parent : 5188(explorer.exe) | 50.96 Mo] - (.Microsoft Corporation - Microsoft OneDrive.) - (19.86.502.6) = C:\Users\xbera\AppData\Local\Microsoft\OneDrive\OneDrive.exe [23/08/2017 16:46:42] CPU Usage:0 % 6840 | [Owner : xbera | Parent : 5188(explorer.exe) | 16.17 Mo] - (.AVAST Software - Avast Cleanup UI.) - (19.1.7734.0) = C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe [05/03/2019 16:38:06] CPU Usage:0 % 6884 | [Owner : Système | Parent : 664(services.exe) | 8.14 Mo] - (.Apple Inc. - iPod Service.) - (12.9.3.3) = C:\Program Files\iPod\bin\iPodService.exe [18/01/2019 21:03:44] CPU Usage:0 % 7152 | [Owner : xbera | Parent : 6492() | 75.46 Mo] - (.Adobe Systems Incorporated - Adobe Creative Cloud.) - (4.2.0.211) = C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [13/07/2017 09:50:22] CPU Usage:0 % 3100 | [Owner : xbera | Parent : 6492() | 15.41 Mo] - (.Oracle Corporation - Java Update Scheduler.) - (2.8.201.9) = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [16/12/2018 03:05:40] CPU Usage:0 % 2112 | [Owner : xbera | Parent : 7152(Creative Cloud.exe) | 10.83 Mo] - (.Adobe Systems Incorporated - Adobe IPC Broker.) - (5.4.0.12) = C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe [14/02/2017 11:41:16] CPU Usage:0 % 4984 | [Owner : xbera | Parent : 4640() | 5.36 Mo] - (.Advanced Micro Devices Inc. - Catalyst Control Center: Monitoring program.) - (4.5.0.0) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [04/11/2015 17:12:16] CPU Usage:0 % 6384 | [Owner : Système | Parent : 664(services.exe) | ?????] - (.Microsoft Corporation - Service Broker du moniteur d'exécution System Guard.) - (10.0.18362.1) = C:\Windows\System32\SgrmBroker.exe [19/03/2019 06:45:32] CPU Usage:0 % 3016 | [Owner : xbera | Parent : 5188(explorer.exe) | 141.5 Mo] - (.Google LLC - Google Chrome.) - (76.0.3809.132) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [23/08/2017 16:54:02] CPU Usage:0 % 424 | [Owner : Système | Parent : 664(services.exe) | 9.66 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 6368 | [Owner : xbera | Parent : 3016(chrome.exe) | 6.32 Mo] - (.Google LLC - Google Chrome.) - (76.0.3809.132) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [23/08/2017 16:54:02] CPU Usage:0 % 6808 | [Owner : xbera | Parent : 3016(chrome.exe) | 8.53 Mo] - (.Google LLC - Google Chrome.) - (76.0.3809.132) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [23/08/2017 16:54:02] CPU Usage:0 % 6680 | [Owner : xbera | Parent : 3016(chrome.exe) | 103.23 Mo] - (.Google LLC - Google Chrome.) - (76.0.3809.132) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [23/08/2017 16:54:02] CPU Usage:2 % 5136 | [Owner : xbera | Parent : 3016(chrome.exe) | 36.79 Mo] - (.Google LLC - Google Chrome.) - (76.0.3809.132) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [23/08/2017 16:54:02] CPU Usage:0 % 6440 | [Owner : xbera | Parent : 3016(chrome.exe) | 47.66 Mo] - (.Google LLC - Google Chrome.) - (76.0.3809.132) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [23/08/2017 16:54:02] CPU Usage:0 % 7288 | [Owner : xbera | Parent : 3016(chrome.exe) | 37.74 Mo] - (.Google LLC - Google Chrome.) - (76.0.3809.132) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [23/08/2017 16:54:02] CPU Usage:0 % 7488 | [Owner : xbera | Parent : 4984(MOM.exe) | 8.06 Mo] - (.Advanced Micro Devices Inc. - Catalyst Control Center: Host application.) - (4.5.0.0) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [04/11/2015 17:12:12] CPU Usage:0 % 7756 | [Owner : xbera | Parent : 3016(chrome.exe) | 102.42 Mo] - (.Google LLC - Google Chrome.) - (76.0.3809.132) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [23/08/2017 16:54:02] CPU Usage:4 % 7372 | [Owner : xbera | Parent : 3016(chrome.exe) | 3.85 Mo] - (.Google - Software Reporter Tool.) - (44.218.200.0) = C:\Users\xbera\AppData\Local\Google\Chrome\User Data\SwReporter\44.218.200\software_reporter_tool.exe [11/09/2019 13:13:19] CPU Usage:0 % 7312 | [Owner : xbera | Parent : 7372(software_reporter_tool.exe) | 1.3 Mo] - (.Google - Software Reporter Tool.) - (44.218.200.0) = C:\Users\xbera\AppData\Local\Google\Chrome\User Data\SwReporter\44.218.200\software_reporter_tool.exe [11/09/2019 13:13:19] CPU Usage:0 % 7932 | [Owner : xbera | Parent : 7152(Creative Cloud.exe) | 77.98 Mo] - (.Adobe Systems Incorporated - Creative Cloud.) - (4.2.0.211) = C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe [13/07/2017 09:50:22] CPU Usage:0 % 7660 | [Owner : xbera | Parent : 7152(Creative Cloud.exe) | 59.94 Mo] - (.Adobe Systems Incorporated - Adobe CEF Helper.) - (4.2.0.211) = C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe [13/07/2017 09:50:22] CPU Usage:0 % 7968 | [Owner : xbera | Parent : 7932(Adobe Desktop Service.exe) | 30.84 Mo] - (.- Core Sync.) - (2.4.2.61) = C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe [14/08/2017 03:48:42] CPU Usage:0 % 8696 | [Owner : xbera | Parent : 7932(Adobe Desktop Service.exe) | 3.47 Mo] - (.Adobe Systems Incorporated - CCXProcess.) - (2.0.1.406) = C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe [13/07/2017 10:12:36] CPU Usage:0 % 8712 | [Owner : Système | Parent : 664(services.exe) | 8.34 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 8744 | [Owner : xbera | Parent : 8696(CCXProcess.exe) | 57.34 Mo] - (.Node.js - Node.js: Server-side JavaScript.) - (6.9.2.0) = C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe [19/12/2016 17:35:00] CPU Usage:0 % 8756 | [Owner : xbera | Parent : 8744(node.exe) | 10.86 Mo] - (.Microsoft Corporation - Hôte de la fenêtre de la console.) - (10.0.18362.1) = C:\Windows\System32\conhost.exe [19/03/2019 06:44:30] CPU Usage:0 % 8956 | [Owner : Système | Parent : 664(services.exe) | 28.39 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 9120 | [Owner : xbera | Parent : 7152(Creative Cloud.exe) | 58.74 Mo] - (.Adobe Systems Incorporated - Adobe CEF Helper.) - (4.2.0.211) = C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe [13/07/2017 09:50:22] CPU Usage:0 % 8132 | [Owner : SERVICE LOCAL | Parent : 664(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 7452 | [Owner : xbera | Parent : 7372(software_reporter_tool.exe) | 13.88 Mo] - (.Google - Software Reporter Tool.) - (44.218.200.0) = C:\Users\xbera\AppData\Local\Google\Chrome\User Data\SwReporter\44.218.200\software_reporter_tool.exe [11/09/2019 13:13:19] CPU Usage:13 % 1264 | [Owner : xbera | Parent : 3100(jusched.exe) | 13.99 Mo] - (.Oracle Corporation - Java Update Checker.) - (2.8.201.9) = C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe [16/12/2018 03:05:18] CPU Usage:0 % 6228 | [Owner : xbera | Parent : 896(svchost.exe) | 44.92 Mo] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.18362.329) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [14/09/2019 18:36:28] CPU Usage:0 % 6524 | [Owner : xbera | Parent : 896(svchost.exe) | 16.43 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.18362.1) = C:\Windows\System32\RuntimeBroker.exe [19/03/2019 06:44:06] CPU Usage:0 % 8384 | [Owner : SERVICE LOCAL | Parent : 2392(svchost.exe) | 11.8 Mo] - (.Microsoft Corporation - Isolation graphique de périphérique audio Windows.) - (10.0.18362.356) = C:\Windows\System32\audiodg.exe [14/09/2019 18:33:02] CPU Usage:0 % 9096 | [Owner : xbera | Parent : 3016(chrome.exe) | 49.25 Mo] - (.Google LLC - Google Chrome.) - (76.0.3809.132) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [23/08/2017 16:54:02] CPU Usage:0 % 8432 | [Owner : xbera | Parent : 3016(chrome.exe) | 37.61 Mo] - (.Google LLC - Google Chrome.) - (76.0.3809.132) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [23/08/2017 16:54:02] CPU Usage:0 % 1100 | [Owner : xbera | Parent : 3016(chrome.exe) | 47.76 Mo] - (.Google LLC - Google Chrome.) - (76.0.3809.132) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [23/08/2017 16:54:02] CPU Usage:0 % 8400 | [Owner : xbera | Parent : 3016(chrome.exe) | 65.23 Mo] - (.Google LLC - Google Chrome.) - (76.0.3809.132) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [23/08/2017 16:54:02] CPU Usage:0 % 7296 | [Owner : xbera | Parent : 3016(chrome.exe) | 35.66 Mo] - (.Google LLC - Google Chrome.) - (76.0.3809.132) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [23/08/2017 16:54:02] CPU Usage:0 % 8912 | [Owner : xbera | Parent : 3016(chrome.exe) | 49.34 Mo] - (.Google LLC - Google Chrome.) - (76.0.3809.132) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [23/08/2017 16:54:02] CPU Usage:0 % 1232 | [Owner : Système | Parent : 664(services.exe) | ?????] - (.Microsoft Corporation - Antimalware Service Executable.) - (4.18.1907.4) = C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\MsMpEng.exe [14/09/2019 11:18:12] CPU Usage:0 % 8344 | [Owner : xbera | Parent : 3016(chrome.exe) | 15.03 Mo] - (.Google LLC - Google Chrome.) - (76.0.3809.132) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [23/08/2017 16:54:02] CPU Usage:0 % 2724 | [Owner : Système | Parent : 664(services.exe) | 5.78 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 9468 | [Owner : xbera | Parent : 3016(chrome.exe) | 20.64 Mo] - (.Google LLC - Google Chrome.) - (76.0.3809.132) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [23/08/2017 16:54:02] CPU Usage:0 % 9400 | [Owner : Système | Parent : 664(services.exe) | 6.83 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 9112 | [Owner : xbera | Parent : 7372(software_reporter_tool.exe) | 0.88 Mo] - (.Google - Software Reporter Tool.) - (44.218.200.0) = C:\Users\xbera\AppData\Local\Google\Chrome\User Data\SwReporter\44.218.200\software_reporter_tool.exe [11/09/2019 13:13:19] CPU Usage:0 % 5696 | [Owner : SERVICE LOCAL | Parent : 664(services.exe) | ?????] - (.Microsoft Corporation - Microsoft Network Realtime Inspection Service.) - (4.18.1907.4) = C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\NisSrv.exe [14/09/2019 11:18:12] CPU Usage:0 % 10088 | [Owner : xbera | Parent : 896(svchost.exe) | 36.88 Mo] - (.Microsoft Corporation - Windows Defender SmartScreen.) - (10.0.18362.1) = C:\Windows\System32\smartscreen.exe [19/03/2019 06:44:03] CPU Usage:0 % 9844 | [Owner : Système | Parent : 896(svchost.exe) | 38.27 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.18362.1) = C:\Windows\SysWOW64\wbem\WmiPrvSE.exe [19/03/2019 06:45:12] CPU Usage:0 % 8916 | [Owner : Système | Parent : 664(services.exe) | 11.36 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 9684 | [Owner : Système | Parent : 664(services.exe) | 11.54 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 9504 | [Owner : Système | Parent : 664(services.exe) | 11.65 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 8336 | [Owner : SERVICE LOCAL | Parent : 664(services.exe) | 7.26 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 5748 | [Owner : Système | Parent : 664(services.exe) | 7.55 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 10052 | [Owner : Système | Parent : 664(services.exe) | 6.27 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 9344 | [Owner : xbera | Parent : 5188(explorer.exe) | 62.74 Mo] - (.SosVirus - QuickDiag.) - (10.9.19.1) = C:\Users\xbera\Desktop\QuickDiag.exe [17/09/2019 20:08:38] CPU Usage:2 % 9736 | [Owner : SERVICE RÉSEAU | Parent : 896(svchost.exe) | 10.03 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.18362.1) = C:\Windows\SysWOW64\wbem\WmiPrvSE.exe [19/03/2019 06:45:12] CPU Usage:0 % ---------- | Locked Applications [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{f9e93b39-49d1-4179-9848-a5a2896955ea}] - () - (%systemroot%\system32\mrt.exe) ---------- | Explorer.exe Modules (Microsoft Files Whitelisted) (..-..) - (0.0.0.0) -- C:\WINDOWS\System32\UMPDC.dll (..-..) - (0.0.0.0) -- C:\Windows\System32\VirtualMonitorManager.dll (.Dropbox, Inc..-.Dropbox Shell Extension.) - (1.0.27.0) -- C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll (.Google.-.Google Drive shell extension.) - (3.45.5545.5747) -- C:\Program Files\Google\Drive\googledrivesync64.dll (..-.Core Sync.) - (2.4.2.61) -- C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll (.Advanced Micro Devices, Inc. .-.aticfx64.dll.) - (8.17.10.1404) -- C:\WINDOWS\SYSTEM32\aticfx64.dll (.Advanced Micro Devices, Inc. .-.atiuxpag.dll.) - (8.14.1.6463) -- C:\WINDOWS\SYSTEM32\atiuxp64.dll (.Advanced Micro Devices, Inc. .-.atidxx64.dll.) - (8.17.10.625) -- C:\WINDOWS\SYSTEM32\atidxx64.dll (..-..) - (0.0.0.0) -- C:\Windows\ShellExperiences\TileControl.dll (..-..) - (0.0.0.0) -- C:\Windows\ShellComponents\TaskFlowUI.dll (.Malwarebytes.-.Malwarebytes.) - (3.0.0.78) -- C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll (.Alexander Roshal.-.WinRAR shell extension.) - (5.70.0.0) -- C:\Program Files\WinRAR\rarext.dll (.Google.-.Google Drive shell extension.) - (3.45.5545.5747) -- C:\Program Files\Google\Drive\contextmenu64.dll ---------- | Winlogon.exe Modules (Microsoft Files Whitelisted) (..-..) - (0.0.0.0) -- C:\WINDOWS\System32\UMPDC.dll ---------- | svchost.exe Modules (Microsoft Files Whitelisted) (..-..) - (0.0.0.0) -- C:\WINDOWS\System32\UMPDC.dll (.SQLite Development Team.-.SQLite is a software library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine..) - (3.25.3.0) -- c:\windows\system32\winsqlite3.dll (..-..) - (0.0.0.0) -- C:\Windows\System32\usocoreps.dll ---------- | ZeroAccess Check [HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll [HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll [HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll ---------- | Startings up OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-19\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE LOCAL OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-20\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE RÉSEAU OneDrive - ("C:\Users\xbera\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background [HKU\S-1-5-21-2984681472-3382979029-149579308-1002\SOFTWARE\...\Run]) - User: DESKTOP-1BVC1B8\xbera Avast Cleanup Premium - (C:\PROGRA~2\AVASTS~1\AVASTC~1\TuneupUI.exe /nogui [Common Startup]) - User: Public SecurityHealth - (%windir%\system32\SecurityHealthSystray.exe [HKLM\SOFTWARE\...\Run]) - User: Public AvastUI.exe - ("C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui [HKLM\SOFTWARE\...\Run]) - User: Public AdobeAAMUpdater-1.0 - ("C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [HKLM\SOFTWARE\...\Run]) - User: Public AdobeGCInvoker-1.0 - ("C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe" [HKLM\SOFTWARE\...\Run]) - User: Public iTunesHelper - ("C:\Program Files\iTunes\iTunesHelper.exe" [HKLM\SOFTWARE\...\Run]) - User: Public Logitech Download Assistant - (C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [HKLM\SOFTWARE\...\Run]) - User: Public [HKU\S-1-5-21-2984681472-3382979029-149579308-1002\Software\Microsoft\Command Processor] "CompletionChar"=9 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=9 [HKU\S-1-5-21-2984681472-3382979029-149579308-1002\Software\Microsoft\Windows\CurrentVersion\Run] "OneDrive"="C:\Users\xbera\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background [HKU\S-1-5-21-2984681472-3382979029-149579308-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run] "OneDriveSetup"=0x020000000000000000000000 "OneDrive"=0x020000000000000000000000 "iCloudDrive"=0x020000000000000000000000 "iCloudPhotos"=0x020000000000000000000000 "GoogleDriveSync"=0x020000000000000000000000 "AvastBrowserAutoLaunch_6EE352AB1E43A7CC8B50E2ECBE606D1C"=0x020000000000000000000000 [HKU\S-1-5-21-2984681472-3382979029-149579308-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RunMRU] "a"=services.msc\1 "MRUList"=gbadfec "b"=regedit\1 "c"=cleanmgr\1 "d"=cmd\1 "e"=Chkdsk : /f /r\1 "f"=sfc /scannow\1 "g"=taskschd.msc\1 [HKU\S-1-5-21-2984681472-3382979029-149579308-1002\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "Device"=Brother DCP-L2520DW series,winspool,Ne04: "IsMRUEstablished"=1 "LegacyDefaultPrinterMode"=1 [HKLM\Software\Microsoft\Command Processor] "DefaultColor"=0 "EnableExtensions"=1 "CompletionChar"=64 "PathCompletionChar"=64 [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "SecurityHealth"=%windir%\system32\SecurityHealthSystray.exe "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui "AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" "AdobeGCInvoker-1.0"="C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe" "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" "Logitech Download Assistant"=C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run] "SecurityHealth"=0x060000000000000000000000 "AvastUI.exe"=0x020000000000000000000000 "Logitech Download Assistant"=0x020000000000000000000000 "WinZip UN"=0x03000000B029913F936FD301 "WinZip PreLoader"=0x03000000805A9F3F936FD301 "AdobeAAMUpdater-1.0"=0x020000000000000000000000 "iTunesHelper"=0x020000000000000000000000 "WinZip FAH"=0x030000006041AB3F936FD301 "WindowsDefender"=0x020000000000000000000000 "AdobeGCInvoker-1.0"=0x020000000000000000000000 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32] "StartCCC"=0x020000000000000000000000 "GrooveMonitor"=0x020000000000000000000000 "Dropbox"=0x03000000A0D8E87978D1D301 "Adobe Creative Cloud"=0x020000000000000000000000 "SunJavaUpdateSched"=0x020000000000000000000000 "AvastUI.exe"=0x020000000000000000000000 [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] ""=mnmsrvc "AppInit_DLLs"= "DdeSendTimeout"=0 "DesktopHeapLogging"=1 "DeviceNotSelectedTimeout"=15 "DwmInputUsesIoCompletionPort"=1 "EnableDwmInputProcessing"=7 "GDIProcessHandleQuota"=10000 "IconServiceLib"=IconCodecService.dll "LoadAppInit_DLLs"=0 "NaturalInputHandler"=Ninput.dll "ShutdownWarningDialogTimeout"=4294967295 "Spooler"=yes "ThreadUnresponsiveLogTimeout"=500 "TransmissionRetryTimeout"=90 "USERNestedWindowLimit"=50 "USERPostMessageLimit"=10000 "USERProcessHandleQuota"=10000 "Win32kLastWriteTime"=1D56B1A5B3ED298 [HKLM\Software\WOW6432Node\Microsoft\Command Processor] "CompletionChar"=9 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=9 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] "Dropbox"="C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup "Adobe Creative Cloud"="C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true "GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows] ""=mnmsrvc "AppInit_DLLs"= "DdeSendTimeout"=0 "DesktopHeapLogging"=1 "DeviceNotSelectedTimeout"=15 "DwmInputUsesIoCompletionPort"=1 "EnableDwmInputProcessing"=7 "GDIProcessHandleQuota"=10000 "IconServiceLib"=IconCodecService.dll "LoadAppInit_DLLs"=0 "NaturalInputHandler"=Ninput.dll "ShutdownWarningDialogTimeout"=4294967295 "Spooler"=yes "ThreadUnresponsiveLogTimeout"=500 "TransmissionRetryTimeout"=90 "USERNestedWindowLimit"=50 "USERPostMessageLimit"=10000 "USERProcessHandleQuota"=10000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED} ---------- | Win.ini : ---------- | System.ini : ---------- | Tasks List Adobe Acrobat Update Task AdobeAAMUpdater-1.0-MicrosoftAccount-xberaud@yahoo.fr AdobeGCInvoker-1.0-MicrosoftAccount-xberaud@yahoo.fr Avast Cleanup Update Avast Emergency Update Avast Secure Browser Heartbeat Task (Hourly) Avast Secure Browser Heartbeat Task (Logon) AvastUpdateTaskMachineCore AvastUpdateTaskMachineUA DropboxUpdateTaskMachineCore DropboxUpdateTaskMachineUA GoogleUpdateTaskMachineCore GoogleUpdateTaskMachineUA OneDrive Standalone Update Task-S-1-5-21-2984681472-3382979029-149579308-1002 User_Feed_Synchronization-{49CD5FE8-B3B2-45D4-97B1-48E96AF2119D} ---------- | Startings up registry ¦ Folder ---------- | Control - lsa - SecurityProviders - Session Manager - Terminal Server [HKLM\System\CurrentControlSet\Control] "BootDriverFlags"=28 "CurrentUser"=USERNAME "EarlyStartServices"=RpcSs Power BrokerInfrastructure SystemEventsBroker DcomLaunch RpcEpMapper LSM AppIdSvc "PreshutdownOrder"=DeviceInstall UsoSvc gpsvc trustedinstaller "SvcHostSplitThresholdInKB"=3670016 "WaitToKillServiceTimeout"=2000 "SystemStartOptions"= NOEXECUTE=OPTIN "SystemBootDevice"=multi(0)disk(0)rdisk(0)partition(2) "FirmwareBootDevice"=multi(0)disk(0)rdisk(0)partition(1) "LastBootSucceeded"=1 "LastBootShutdown"=1 [HKLM\System\CurrentControlSet\Control\lsa] "auditbasedirectories"=0 "auditbaseobjects"=0 "Bounds"=0x0030000000200000 "crashonauditfail"=0 "fullprivilegeauditing"=0x00 "LimitBlankPasswordUse"=1 "NoLmHash"=1 "Security Packages"="" [23/08/2017 16:40:47] "Notification Packages"=scecli "Authentication Packages"=msv1_0 "disabledomaincreds"=0 "everyoneincludesanonymous"=0 "forceguest"=0 "LsaPid"=728 "ProductType"=3 "restrictanonymous"=0 "restrictanonymoussam"=1 "SamConnectedAccountsExist"=1 "SecureBoot"=1 [HKLM\System\CurrentControlSet\Control\SecurityProviders] "SecurityProviders"=credssp.dll [HKLM\System\CurrentControlSet\Control\Session Manager] "AutoChkTimeout"=8 "BootExecute"=autocheck autochk * "BootShell"=%SystemRoot%\system32\bootim.exe "CriticalSectionTimeout"=2592000 "ExcludeFromKnownDlls"= "GlobalFlag"=0 "GlobalFlag2"=0 "HeapDeCommitFreeBlockThreshold"=0 "HeapDeCommitTotalFreeThreshold"=0 "HeapSegmentCommit"=0 "HeapSegmentReserve"=0 "InitConsoleFlags"=0 "NumberOfInitialSessions"=2 "ObjectDirectories"=\Windows \RPC Control "ProcessorControl"=2 "ProtectionMode"=1 "RunLevelExecute"=WinInit ServiceControlManager "RunLevelValidate"=ServiceControlManager "SETUPEXECUTE"= "AutoChkSkipSystemPartition"=0 "ResourceTimeoutCount"=648000 [HKLM\System\CurrentControlSet\Control\Terminal Server] "AllowRemoteRPC"=0 "DelayConMgrTimeout"=0 "DeleteTempDirsOnExit"=1 "fDenyTSConnections"=1 "fSingleSessionPerUser"=1 "NotificationTimeOut"=0 "PerSessionTempDir"=0 "ProductVersion"=5.1 "RCDependentServices"=CertPropSvc SessionEnv "SnapshotMonitors"=1 "StartRCM"=0 "TSUserEnabled"=0 "InstanceID"=207bc73c-794e-43e0-b00f-82e0fc7 "GlassSessionId"=1 ---------- | .LNK with Arguments ---------- | AppCertDlls ---------- | Dnsapi.dll C:\WINDOWS\System32\dnsapi.dll -> OK : \drivers\etc\hosts C:\WINDOWS\SysWOW64\dnsapi.dll -> OK : \drivers\etc\hosts ---------- | Policies | Registry [HKU\S-1-5-21-2984681472-3382979029-149579308-1002\Control Panel\Desktop] "ActiveWndTrackTimeout"=0 "BlockSendInputResets"=0 "CaretTimeout"=5000 "CaretWidth"=1 "ClickLockTime"=1200 "CoolSwitchColumns"=7 "CoolSwitchRows"=3 "CursorBlinkRate"=530 "DockMoving"=1 "DragFromMaximize"=1 "DragFullWindows"=1 "DragHeight"=4 "DragWidth"=4 "FocusBorderHeight"=1 "FocusBorderWidth"=1 "FontSmoothing"=2 "FontSmoothingGamma"=0 "FontSmoothingOrientation"=1 "FontSmoothingType"=2 "ForegroundFlashCount"=7 "ForegroundLockTimeout"=200000 "LeftOverlapChars"=3 "MenuShowDelay"=400 "MouseWheelRouting"=2 "PaintDesktopVersion"=0 "Pattern"=0 "RightOverlapChars"=3 "ScreenSaveActive"=1 "SnapSizing"=1 "TileWallpaper"=0 "WallpaperOriginX"=0 "WallpaperOriginY"=0 "WallpaperStyle"=10 "WheelScrollChars"=3 "WheelScrollLines"=3 "WindowArrangementActive"=1 "WallPaper"=c:\windows\web\wallpaper\windows\img0.jpg [19/03/2019 06:45:56] "Win8DpiScaling"=0 "DpiScalingVer"=4096 "UserPreferencesMask"=0x9E1E078012000000 "MaxVirtualDesktopDimension"=1920 "MaxMonitorDimension"=1920 "TranscodedImageCount"=1 "LastUpdated"=4294967295 "TranscodedImageCache"=0x7AC301009E01060080070000B0040000E88517A40EDED40163003A005C00770069006E0064006F00770073005C007700650062005C00770061006C006C00700061007000650072005C00770069006E0064006F00770073005C0069006D00670030002E006A007000670000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 "AutoColorization"=0 "ImageColor"=2950864452 "WaitToKillAppTimeout"=2000 "HungAppTimeout"=2000 [HKU\S-1-5-21-2984681472-3382979029-149579308-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{E31EA727-12ED-4702-820C-4B6445F28E1A}"=1 "{0E270DAA-1BE6-48F2-AC49-AF74C5BABD0E}"=1 "{018D5C66-4533-4307-9B53-224DE2ED1FE6}"=1 [HKU\S-1-5-21-2984681472-3382979029-149579308-1002\Software\Microsoft\Windows\CurrentVersion\Explorer] "EdgeDesktopShortcutCreated"=1 "ShellState"=0x240000003428000000000000000000000000000001000000130000000000000062000000 "ExplorerStartupTraceRecorded"=1 "UserSignedIn"=1 "SlowContextMenuEntries"=0x0114020000000000C000000000000046CF290000FB9A790967ADD111ABCD00C04FC30936900F00003673466C8182604E8204430CED96822D73890000BD0E0C47735D584D9CEDE91E22E23282350C0000B083204722C5CF11876300608CC02F244F120000 "SIDUpdatedOnLibraries"=1 "LocalKnownFoldersMigrated"=1 "TelemetrySalt"=1 "GlobalAssocChangedCounter"=50 "FirstRunTelemetryComplete"=1 "AppReadinessLogonComplete"=1 "PostAppInstallTasksCompleted"=1 "ScreenshotIndex"=3 [HKU\S-1-5-21-2984681472-3382979029-149579308-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_SearchFiles"=2 "ServerAdminUI"=0 "Hidden"=2 "ShowCompColor"=1 "HideFileExt"=1 "DontPrettyPath"=0 "ShowInfoTip"=1 "HideIcons"=0 "MapNetDrvBtn"=0 "WebView"=1 "Filter"=0 "ShowSuperHidden"=0 "SeparateProcess"=0 "AutoCheckSelect"=0 "IconsOnly"=0 "ShowTypeOverlay"=1 "ShowStatusBar"=1 "StoreAppsOnTaskbar"=1 "ListviewAlphaSelect"=1 "ListviewShadow"=1 "TaskbarAnimations"=1 "StartMenuInit"=13 "TaskbarStateLastRun"=0xFAF5805D00000000 "ReindexedProfile"=1 "TaskbarSmallIcons"=0 "DisablePreviewDesktop"=1 "DontUsePowerShellOnWinX"=1 "TaskbarBadges"=0 "TaskbarSizeMove"=1 "ShowCortanaButton"=1 [HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers] "authenticodeenabled"=0 "DefaultLevel"=262144 "TransparentEnabled"=1 "PolicyScope"=0 "ExecutableTypes"=ADE ADP BAS BAT CHM CMD COM CPL CRT EXE HLP HTA INF INS ISP LNK MDB MDE MSC MSI MSP MST OCX PCD PIF REG SCR SHS URL VB WSC [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "DSCAutomationHostEnabled"=2 "EnableCursorSuppression"=1 "EnableFullTrustStartupTasks"=2 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableUwpStartupTasks"=2 "EnableVirtualization"=1 "PromptOnSecureDesktop"=1 "SupportFullTrustStartupTasks"=1 "SupportUwpStartupTasks"=1 "ValidateAdminCodeSignatures"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "ForceActiveDesktopOn"=0 "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "NoRecentDocsHistory"=0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoAddingComponents"=1 "NoComponents"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "CheckedValue"=1 "DefaultValue"=2 "HKeyRoot"=2147483649 "Id"=2 "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "ValueName"=Hidden [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer] "ActiveSetupDisabled"=0 "ActiveSetupTaskOverride"=1 "AsyncRunOnce"=1 "AsyncUpdatePCSettings"=1 "DisableAppInstallsOnFirstLogon"=1 "DisableResolveStoreCategories"=1 "DisableUpgradeCleanup"=1 "EarlyAppResolverStart"=1 "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "FSIASleepTimeInMs"=60000 "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "IconUnderline"=2 "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "MachineOobeUpdates"=1 "NoWaitOnRoamingPayloads"=1 "TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd} [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_TrackDocs"=1 "TaskbarSizeMove"=0 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s [HKLM\Software\WOW6432Node\Policies\Microsoft\Windows\Safer\CodeIdentifiers] "authenticodeenabled"=0 "DefaultLevel"=262144 "TransparentEnabled"=1 "PolicyScope"=0 "ExecutableTypes"=ADE ADP BAS BAT CHM CMD COM CPL CRT EXE HLP HTA INF INS ISP LNK MDB MDE MSC MSI MSP MST OCX PCD PIF REG SCR SHS URL VB WSC [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "DSCAutomationHostEnabled"=2 "EnableCursorSuppression"=1 "EnableFullTrustStartupTasks"=2 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableUwpStartupTasks"=2 "EnableVirtualization"=1 "PromptOnSecureDesktop"=1 "SupportFullTrustStartupTasks"=1 "SupportUwpStartupTasks"=1 "ValidateAdminCodeSignatures"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer] "ForceActiveDesktopOn"=0 "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "NoRecentDocsHistory"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoAddingComponents"=1 "NoComponents"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "CheckedValue"=1 "DefaultValue"=2 "HKeyRoot"=2147483649 "Id"=2 "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "ValueName"=Hidden [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer] "ActiveSetupDisabled"=0 "ActiveSetupTaskOverride"=1 "AsyncRunOnce"=1 "AsyncUpdatePCSettings"=1 "DisableAppInstallsOnFirstLogon"=1 "DisableResolveStoreCategories"=1 "DisableUpgradeCleanup"=1 "EarlyAppResolverStart"=1 "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "FSIASleepTimeInMs"=60000 "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "IconUnderline"=2 "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "MachineOobeUpdates"=1 "NoWaitOnRoamingPayloads"=1 "TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd} [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_TrackDocs"=1 "TaskbarSizeMove"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s ---------- | Winlogon [HKU\S-1-5-21-2984681472-3382979029-149579308-1002\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin;OneDrive;Work Folders "BuildNumber"=18362 "FirstLogon"=0 "PUUActive"=0xCC727E610100000007000B003E2500008931000089310000D200000002000500E60093B956A00400FE8500000F0B000004090000430200000000000000000000224A0000BD01000037000000000000009A82BB43816DD5013E25000000000000010000003E250000BA470000B50B000070B62F0000000000 "DP"=0xD200E8000400000007000000CC727E6103319F00000000009A82BB43816DD5011E1A1CFA686DD50198E652000000000011050000D43B06000000000000000000000000000000000000000000000000000000000000000000000000000000F03F80510100B7DD00C0840044488500E448D83800C084400C008C430C002AAA00800202126002021260D5A50080400E0060601E1060B8C600800C8289322C92C9335FCB004014B6285814B6AC58A550000052000902D2204962526F00800CA0740D0CA8740D908100404C2A1C7E4CAA1C7E324500C01825A85519ADEC5798E1008020220501A0222501 [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "AutoRestartShell"=1 "Background"=0 0 0 "CachedLogonsCount"=10 "DebugServerCommand"=no "DisableBackButton"=1 "EnableSIHostIntegration"=1 "ForceUnlockLogon"=0 "LegalNoticeCaption"= "LegalNoticeText"= "PasswordExpiryWarning"=5 "PowerdownAfterShutdown"=0 "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "ReportBootOk"=1 "Shell"=explorer.exe "ShellCritical"=0 "ShellInfrastructure"=sihost.exe "SiHostCritical"=0 "SiHostReadyTimeOut"=0 "SiHostRestartCountLimit"=0 "SiHostRestartTimeGap"=0 "VMApplet"=SystemPropertiesPerformance.exe /pagefile "WinStationsDisabled"=0 "scremoveoption"=0 "LastLogOffEndTimePerfCounter"=4190806039 "ShutdownFlags"=2147483687 "Userinit"=C:\Windows\system32\userinit.exe, "DisableCad"=1 "DisableLockWorkstation"=0 "EnableFirstLogonAnimation"=1 "AutoLogonSID"=S-1-5-21-2984681472-3382979029-149579308-1002 "LastUsedUsername"=xbera [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon] "DefaultDomainName"= "DefaultUserName"= "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "Shell"=explorer.exe "ShellCritical"=0 "SiHostCritical"=0 "SiHostReadyTimeOut"=0 "SiHostRestartCountLimit"=0 "SiHostRestartTimeGap"=0 ---------- | Associations [HKLM\Software\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\Classes\.com] ""=comfile [HKLM\Software\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.reg] ""=regfile [HKLM\Software\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\Classes\.scr] ""=scrfile [HKLM\Software\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\Classes\.bat] ""=batfile [HKLM\Software\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.cmd] ""=cmdfile [HKLM\Software\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.pif] ""=piffile [HKLM\Software\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.inf] ""=inffile [HKLM\Software\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\Classes\.url] ""=InternetShortcut [HKLM\Software\Classes\.lnk] ""=lnkfile [HKLM\Software\Classes\.hta] ""=htafile "Content Type"=application/hta "PerceivedType"=text [HKLM\Software\Classes\htafile\Shell\Open\Command] ""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* [HKLM\Software\Classes\InternetShortcut] "EditFlags"=2 "FriendlyTypeName"=@C:\WINDOWS\system32\ieframe.dll,-10046 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "NeverShowExt"= "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment ""=Raccourci Internet [HKLM\Software\Classes\Application.Manifest] ""=Application Manifest "BrowserFlags"=4096 "EditFlags"=4259840 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200 [HKLM\Software\Classes\Application.Reference] ""=Application Reference "EditFlags"=131072 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201 "IsShortcut"= "NeverShowExt"= [HKLM\Software\Classes\Folder] ""=Folder "AppUserModelID"=Microsoft.Windows.Explorer "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeLayoutPatternForSearch"=alpha "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.HomeGroupSharingStatus [HKLM\Software\WOW6432Node\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\WOW6432Node\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\WOW6432Node\Classes\.com] ""=comfile [HKLM\Software\WOW6432Node\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.reg] ""=regfile [HKLM\Software\WOW6432Node\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\WOW6432Node\Classes\.scr] ""=scrfile [HKLM\Software\WOW6432Node\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\WOW6432Node\Classes\.bat] ""=batfile [HKLM\Software\WOW6432Node\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.cmd] ""=cmdfile [HKLM\Software\WOW6432Node\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.pif] ""=piffile [HKLM\Software\WOW6432Node\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.inf] ""=inffile [HKLM\Software\WOW6432Node\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\WOW6432Node\Classes\.url] ""=InternetShortcut [HKLM\Software\WOW6432Node\Classes\.lnk] ""=lnkfile [HKLM\Software\WOW6432Node\Classes\.hta] ""=htafile "Content Type"=application/hta "PerceivedType"=text [HKLM\Software\WOW6432Node\Classes\htafile\Shell\Open\Command] ""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* [HKLM\Software\WOW6432Node\Classes\InternetShortcut] "EditFlags"=2 "FriendlyTypeName"=@C:\WINDOWS\system32\ieframe.dll,-10046 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "NeverShowExt"= "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment ""=Raccourci Internet [HKLM\Software\WOW6432Node\Classes\Application.Manifest] ""=Application Manifest "BrowserFlags"=4096 "EditFlags"=4259840 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200 [HKLM\Software\WOW6432Node\Classes\Application.Reference] ""=Application Reference "EditFlags"=131072 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201 "IsShortcut"= "NeverShowExt"= [HKLM\Software\WOW6432Node\Classes\Folder] ""=Folder "AppUserModelID"=Microsoft.Windows.Explorer "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeLayoutPatternForSearch"=alpha "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.HomeGroupSharingStatus [HKLM\Software\Clients\StartMenuInternet\Avast Secure Browser\Shell\open\Command] ""="C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" [HKLM\Software\Clients\StartMenuInternet\Avast Secure Browser\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" --make-default-browser [HKLM\Software\Clients\StartMenuInternet\Google Chrome\Shell\open\Command] ""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [HKLM\Software\Clients\StartMenuInternet\Google Chrome\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""=C:\Program Files\Internet Explorer\iexplore.exe [19/03/2019 14:01:28] [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Avast Secure Browser\Shell\open\Command] ""="C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Avast Secure Browser\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" --make-default-browser [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\Shell\open\Command] ""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""=C:\Program Files\Internet Explorer\iexplore.exe [19/03/2019 14:01:28] [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall ---------- | AppcompatFlags [HKU\S-1-5-21-2984681472-3382979029-149579308-1002\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted] "C:\Users\xbera\AppData\Local\Temp\Rar$EXa9996.24270\HiSuite 9.0.3.300\Setup.exe"=1 "C:\Users\xbera\AppData\Local\HiSuite\userdata\LiveUpdateHisuite\full\HiSuite V500R001B007D30SP00C06\A0824A299B9915E2\Setup.exe"=1 [HKU\S-1-5-21-2984681472-3382979029-149579308-1002\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store] "C:\Users\xbera\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000787C03003765040001000000000000000000000A00210000E63F486B2AA0D2010000000100000000 "C:\Users\xbera\AppData\Local\Microsoft\OneDrive\17.3.6943.0625\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D0960300F48A040001000000000000000000000A71200000E63F486B2AA0D2010000000100000000 "C:\Users\xbera\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\ChromeSetup.exe"=0x5341435001000000000000000700000028000000583F11002342110001000000000000000000000A00210000E63F486B2AA0D2010000008100000000 "C:\Users\xbera\AppData\Local\Temp\GUM25FF.tmp\GoogleUpdateSetup.exe"=0x5341435001000000000000000700000028000000583F11002342110001000000000000000000000A00210000E63F486B2AA0D20100000080000000000200000028000000000000000000004000000000000000000000000000000000D84C0000000000000100000001000000 "C:\Users\xbera\Downloads\avast_free_antivirus_setup_online_z1h.exe"=0x534143500100000000000000070000002800000030076A00737E6A0001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000B9EA0100000000000100000001000000 "SIGN.MEDIA=738F2 SETUP.EXE"=0x534143500100000000000000070000002800000030110700C7F8070001000000000000000000000671020000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000BEFC0A00000000000200000002000000 "C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE"=0x53414350010000000000000007000000280000002883C3007E99C30001000000000000000000000671020000E63F486B2AA0D2010000000100000000 "C:\Users\xbera\AppData\Local\Temp\GUMF313.tmp\DropboxUpdate.exe"=0x5341435001000000000000000700000028000000282F0200CE9B020001000000000000000000010600010000E63F486B2AA0D20100000080000000000200000028000000000000000000004000000000000000000000000000000000577A0200000000000100000001000000 "C:\Users\xbera\Downloads\wrar540fr.exe"=0x5341435001000000000000000700000028000000680020007002200001000000000000000000000A00210000E63F486B2AA0D20100000080000000000200000028000000000000000000004000000000000000000000000000000000E4A00000000000000100000001000000 "C:\Program Files (x86)\WinRAR\Uninstall.exe"=0x5341435001000000000000000700000028000000902703002403040001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000402C0000000000000100000001000000 "C:\Users\xbera\Downloads\winrar-x64-540fr.exe"=0x5341435001000000000000000700000028000000C84E23003B97230001000000000000000000000A00210000E78E163C2AA0D2010000000000000000020000002800000000000000000000400000000000000000000000000000000056790000000000000100000001000000 "C:\Users\xbera\Downloads\winzip21.exe"=0x5341435001000000000000000700000028000000D8A40B00156F0C0001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000FD610200000000000100000001000000 "C:\Program Files\WinZip\WzPreloader.exe"=0x5341435001000000000000000700000028000000C8E501003102020001000000000000000000030680010000E78E163C2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000095350700000000000100000001000000 "C:\Users\xbera\Downloads\vlc-2.2.6-win32.exe"=0x53414350010000000000000007000000280000000845D8014E15D90101000000000000000000010600010000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000BC210100000000000100000001000000 "C:\Program Files\WinZip\WINZIP64.EXE"=0x5341435001000000000000000700000028000000C881BE04B0CBBE0401000000000000000000000A00210000E78E163C2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000B67E0000000000000600000006000000 "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe"=0x5341435001000000000000000700000028000000B0370200A843020001000000000000000000000600010000BFA2139DEDD1D3010000000000000000020000002800000000000000000000100000000000000000000000000000000089412500000000001E0000001E000000 "C:\Users\xbera\Downloads\Thunderbird Setup 52.3.0.exe"=0x534143500100000000000000070000002800000048186B02AF946B0201000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000ADCD0400000000000100000001000000 "C:\Users\xbera\Desktop\CRACK ADOBE 2017\AMT.Emulator.v0.9.2.exe"=0x5341435001000000000000000700000028000000004026000000000001000000000000000000000A00210000E63F486B2AA0D2010000000000000000020000002800000000000000000000400000000000000000000000000000000011260100000000000200000002000000 "C:\Users\xbera\Downloads\InDesign_Set-Up.exe"=0x534143500100000000000000070000002800000090B22200DF6E230001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000E0E6CD00000000000100000001000000 "C:\Program Files\Adobe\Adobe InDesign CC 2017\InDesign.exe"=0x5341435001000000000000000700000028000000685E5C0024F85C0001000000000000000000000A73220000BFA2139DEDD1D301000000000000000002000000280000000000000000000000800000000000000000000000000000001ED59907000000008003000080030000 "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe"=0x534143500100000000000000070000002800000060BA24008089250001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000071861800000000000900000009000000 "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe"=0x5341435001000000000000000700000028000000F07B0900E1B3090001000000000000000000010600010000E63F486B2AA0D20100000000000000000200000028000000000000000000000010100000000000000000000000000000D6760000000000000100000001000000 "C:\Users\xbera\Downloads\CuteWriter.exe"=0x5341435001000000000000000700000028000000080619008B3B190001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000397E0000000000000100000001000000 "C:\Users\xbera\Downloads\readerdc_fr_ha_cra_install.exe"=0x5341435001000000000000000700000028000000F86B12003BD9120001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000077D0200000000000100000001000000 "C:\Users\xbera\Documents\Avid\Sibelius 7 First\SibeliusRegistration.exe"=0x534143500100000000000000070000002800000000AE2D00B4E62D0001000000000000000000010671220000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000C1080200000000000200000002000000 "C:\Users\xbera\Documents\Avid\Sibelius 7 First\Sibelius First.exe"=0x5341435001000000000000000700000028000000B89D390352FF390301000000000000000000010673220000E78E163C2AA0D20100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000000000000000000000000000000000000000019A0600000000000100000001000000 "C:\Users\xbera\Downloads\SibeliusFirst713b78_77753.exe"=0x534143500100000000000000070000002800000078178410FEF4841001000000000000000000010600010000E63F486B2AA0D20100000000000000000200000050000000000000000000004000000000000000000000000000000000330A03000000000001000000010000000000000000000000000000000000000000000000000000003AC00200000000000100000000000000 "C:\Program Files\Avid\Sibelius 7 First\Sibelius First.exe"=0x5341435001000000000000000700000028000000B89D390352FF390301000000000000000000010673220000631F6E6F0EDED401000000000000000002000000280000000000000000000000040000000000000000000000000000008098660300000000DA050000DA050000 "C:\Program Files\Avid\Sibelius 7 First\SibeliusRegistration.exe"=0x534143500100000000000000070000002800000000AE2D00B4E62D0001000000000000000000010671220000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000069AA0000000000000200000002000000 "C:\Users\xbera\Downloads\Installer\Sibelius7FirstSoundsInstaller.exe"=0x5341435001000000000000000700000028000000D0410100562F020001000000000000000000000671020000E63F486B2AA0D20100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000C66B0E00000000000100000001000000 "C:\Program Files\Avid\Sibelius 7 First\Report.exe"=0x534143500100000000000000070000002800000000B60000B291010001000000000000000000010673220000E78E163C2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000C0230100000000000100000001000000 "C:\Users\xbera\AppData\Local\Temp\IXP085.TMP\SetupAdmin.exe"=0x5341435001000000000000000700000028000000480F0200C894020001000000000000000000010600010000E63F486B2AA0D2010000000000000000020000002800000000000000000000400000000000000000000000000000000071450100000000000100000001000000 "C:\Users\xbera\AppData\Local\Temp\IXP760.TMP\SetupAdmin.exe"=0x5341435001000000000000000700000028000000384F0100183E020001000000000000000000010600010000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000EF2E0000000000000100000001000000 "C:\Users\xbera\Downloads\pf7-setup-fr-7-2-1.exe"=0x534143500100000000000000070000002800000004614F000000000001000000000000000000000671000000E63F486B2AA0D2010000000000000000020000002800000000000000000800400000000000000000000000000000000066990900000000000100000001000000 "C:\Program Files (x86)\PhotoFiltre 7\PhotoFiltre7.exe"=0x5341435001000000000000000700000028000000001435000000000001000000000000000000000A61200000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000005F874C00000000003700000037000000 "C:\Users\xbera\AppData\Local\Microsoft\OneDrive\17.3.6966.0824\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D0B00300CDA9040001000000000000000000000A71200000E63F486B2AA0D2010000000100000000 "C:\Users\xbera\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D0E20300117A040001000000000000000000000A71200000E63F486B2AA0D2010000000100000000 "C:\Users\xbera\AppData\Local\Temp\GUM17C5.tmp\GoogleUpdateSetup.exe"=0x5341435001000000000000000700000028000000583F11002342110001000000000000000000000A00210000E63F486B2AA0D2010000008000000000020000002800000000000000000000400000000000000000000000000000000046330300000000000100000001000000 "C:\Users\xbera\AppData\Local\Temp\GUM2E06.tmp\GoogleUpdateSetup.exe"=0x5341435001000000000000000700000028000000A03B1100BAC0110001000000000000000000000A00210000E63F486B2AA0D20100000080000000000200000028000000000000000000004000000000000000000000000000000000A0030200000000000100000001000000 "C:\Users\xbera\AppData\Local\Microsoft\OneDrive\17.3.7073.1013\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C80E0400AEA6040001000000000000000000000A71200000E63F486B2AA0D2010000000100000000 "C:\Users\xbera\AppData\Local\Microsoft\OneDrive\17.3.7074.1023\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C80E0400B6AD040001000000000000000000000A71200000E63F486B2AA0D2010000000100000000 "C:\Users\xbera\Downloads\SweetHome3D-5.6-windows.exe"=0x5341435001000000000000000700000028000000B84B13036EF5130301000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000EF770000000000000100000001000000 "C:\Users\xbera\Downloads\JavaSetup8u151.exe"=0x534143500100000000000000070000002800000040461C00D6281D0001000000000000000000000A71220000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000B2560200000000000100000001000000 "C:\Program Files\Internet Explorer\iexplore.exe"=0x534143500100000000000000070000002800000040950C0053520D0001000000010000000000000A00210000E78E163C2AA0D2010000000000000000 "C:\Program Files\Sweet Home 3D\SweetHome3D.exe"=0x5341435001000000000000000700000028000000803B02003BDD020001000000000000000000000A71200000E63F486B2AA0D201000000000000000002000000280000000000000000000000000000000000000000000000000000004C700700000000000200000002000000 "C:\Users\xbera\AppData\Local\Microsoft\OneDrive\17.3.7076.1026\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C80E040067ED040001000000000000000000000A71200000E63F486B2AA0D2010000000100000000 "C:\Program Files (x86)\Microsoft Office\Office12\MSPUB.EXE"=0x5341435001000000000000000700000028000000D0308E0026D68E0001000000000000000000000A71220000BFA2139DEDD1D3010000000100000000 "C:\Program Files\Adobe\Adobe Photoshop CC 2017\Photoshop.exe"=0x534143500100000000000000070000002800000008B6250A8F7D260A01000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000050000000000000000000001000000000000000000000000000000000656DF900000000001E0000001E00000000000000000000000000000000000000000000000000000025C00D00000000000300000000000000 "C:\Users\xbera\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C89C0300B381040001000000000000000000000A71200000E63F486B2AA0D2010000000100000000 "C:\Program Files\Sweet Home 3D\unins000.exe"=0x5341435001000000000000000700000028000000D0F10A005EB40B0001000000000000000000000A00210000DB80FDAC2839D3010000000000000000020000002800000000000000000000400000000000000000000000000000000086300000000000000200000002000000 "C:\Users\xbera\AppData\Local\Temp\CloseFAH.exe"=0x5341435001000000000000000700000028000000C84D0100BFED010001000000000000000000000A71220000E63F486B2AA0D201000000000000000002000000280000000000000000000000000000000000000000000000000000002F000000000000000100000001000000 "C:\Users\xbera\Downloads\SweetHome3D-5.5.2-windows.exe"=0x5341435001000000000000000700000028000000487F02032312030301000000000000000000000A00210000DB80FDAC2839D3010000000000000000020000002800000000000000000000400000000000000000000000000000000074960000000000000100000001000000 "C:\Program Files\iTunes\iTunes.exe"=0x5341435001000000000000000700000028000000388F62022C28630201000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000100000000000000000000000000000000085D38F00000000001D0000001D000000 "C:\Users\xbera\Downloads\DraftSight64.exe"=0x5341435001000000000000000700000028000000608D630BC51B640B01000000000000000000010571000000DB80FDAC2839D301000000000000000002000000280000000000000080010040000000000000000000000000000000005DDF0800000000000100000001000000 "C:\Program Files\Dassault Systemes\DraftSight\bin\DraftSight.exe"=0x53414350010000000000000007000000280000000094F9000000000001000000000000000000000A73220000DB80FDAC2839D3010000000000000000020000002800000000000000000000000000000000000000000000000000000060BF0500000000000200000002000000 "C:\Users\xbera\Downloads\googlesketchupwfr.exe"=0x5341435001000000000000000700000028000000E0C967023CEC670201000000000000000000010671000000DB80FDAC2839D3010000000000000000020000002800000000000000000800400000000000000000000000000000000065A40200000000000100000001000000 "C:\Program Files (x86)\Google\Google SketchUp 8\SketchUp.exe"=0x53414350010000000000000007000000280000000070B9005B3EBA0001000000000000000000010671200000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000A3D51300000000000400000004000000 "C:\Users\xbera\Downloads\audacity-win-2.1.0.exe"=0x5341435001000000000000000700000028000000B86C71010000000001000000000000000000030600010000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000167C0000000000000100000001000000 "C:\Program Files (x86)\Audacity\audacity.exe"=0x534143500100000000000000070000002800000000547E000000000001000000000000000000000A71220000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000CD2E4900000000001000000010000000 "C:\Users\xbera\Google Drive\Dossier MP\googledrivesync.exe"=0x5341435001000000000000000700000028000000A03B1100BAC0110001000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000015C0200000000000200000002000000 "C:\Users\xbera\AppData\Local\Temp\GUM8726.tmp\GoogleUpdateSetup.exe"=0x5341435001000000000000000700000028000000583D1100C0A5110001000000000000000000000A00210000DB80FDAC2839D3010000000000000000020000002800000000000000000000400000000000000000000000000000000057FD0100000000000100000001000000 "C:\Users\xbera\AppData\Local\Temp\GUM22A2.tmp\GoogleUpdateSetup.exe"=0x5341435001000000000000000700000028000000583D1100C0A5110001000000000000000000000A00210000DB80FDAC2839D3010000000000000000020000002800000000000000000000400000000000000000000000000000000092770000000000000100000001000000 "C:\Users\xbera\AppData\Local\Temp\GUM1EB0.tmp\GoogleUpdateSetup.exe"=0x5341435001000000000000000700000028000000583D1100C0A5110001000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000F9AC0000000000000100000001000000 "C:\Users\xbera\Downloads\installbackupandsync.exe"=0x5341435001000000000000000700000028000000583D1100C0A5110001000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000E9850000000000000200000002000000 "C:\Users\xbera\AppData\Local\Microsoft\OneDrive\17.3.7294.0108\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000A0A203006855040001000000000000000000000A71200000DB80FDAC2839D3010000000100000000 "C:\Users\xbera\Downloads\sc-cleaner.exe"=0x534143500100000000000000070000002800000080200700D7FB070001000000000000000000000A71220000DB80FDAC2839D3010000000000000000020000002800000000000000000000400000000000000000000000000000000026110000000000000100000001000000 "C:\Users\xbera\Downloads\adwcleaner_7.0.8.0.exe"=0x534143500100000000000000070000002800000020777D006DF47D0001000000000000000000000A00210000DB80FDAC2839D301000000000000000002000000280000000000000000000040000000000000000000000000000000008A1E0200000000000100000001000000 "C:\Users\xbera\Downloads\mb3-setup-35891.35891-3.3.1.2183-1.0.262-1.0.3374.exe"=0x5341435001000000000000000700000028000000D84EF7044010F80401000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000B4450000000000000100000001000000 "C:\Program Files (x86)\Google\Drive\googledrivesync.exe"=0x5341435001000000000000000700000028000000282473024F20740201000000000000000000000A61200000DB80FDAC2839D3010000000000000000020000002800000000000000000000000000000000000000000000000000000025650E02000000001E0000001E000000 "C:\Users\xbera\Downloads\EasyPHP-Devserver-17.0-setup.exe"=0x534143500100000000000000070000002800000073C8CD030000000001000000000000000000000A00210000DB80FDAC2839D301000000000000000002000000280000000000000000000000000000000000000000000000000000009F4FBA00000000000100000001000000 "C:\Program Files (x86)\EasyPHP-Devserver-17\run-devserver.exe"=0x534143500100000000000000070000002800000000D21200E95D130001000000000000000000000671220000DB80FDAC2839D30100000000000000000200000028000000000000000000000000000000000000000000000000000000246BB700000000000200000002000000 "C:\Program Files (x86)\MuseScore 2\bin\MuseScore.exe"=0x5341435001000000000000000700000028000000C8CCA8019336A90101000000000000000000000A61200000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000053C52100000000000A0000000A000000 "C:\Users\xbera\AppData\Local\Microsoft\OneDrive\18.025.0204.0009\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000A0AE0300F24D040001000000000000000000000A71200000DB80FDAC2839D3010000000100000000 "C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE"=0x5341435001000000000000000700000028000000C06406006E16070001000000000000000000000A71220000631F6E6F0EDED4010000000100000000 "C:\Users\xbera\Downloads\MbConceptLT_Install_LC64.exe"=0x5341435001000000000000000700000028000000131E32000000000001000000000000000000020600010000DB80FDAC2839D30100000000000000000200000050000000000000000000000000000000000000000000000000000000D29B00000000000001000000010000000000000000000040000000000000000000000000000000007A4C0000000000000100000000000000 "C:\MbConcept_LC\MbConcept_Ll.exe"=0x53414350010000000000000007000000280000000026BE000000000001000000000000000000000A63220000DB80FDAC2839D3010000000000000000020000002800000000000000000000000000000000000000000000000000000056660100000000000200000002000000 "C:\Users\xbera\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000A0E00300017A040001000000000000000000000A00210000DB80FDAC2839D3010000000100000000 "C:\Users\xbera\AppData\Local\Microsoft\OneDrive\18.091.0506.0007\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000A8E003002796040001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Users\xbera\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"=0x5341435001000000000000000700000028000000A08A8C01AF838D0101000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Users\xbera\AppData\Local\Microsoft\OneDrive\18.111.0603.0006\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000A0F60300D140040001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Program Files\Malwarebytes\Anti-Malware\malwarebytes_assistant.exe"=0x5341435001000000000000000700000028000000D0600D0050110E0001000000000000000000000A71220000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000020050000000000000200000002000000 "C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\Office Setup Controller\SETUP.EXE"=0x534143500100000000000000070000002800000030B50600FF1E070001000000000000000000000671020000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000040450800000000000100000001000000 "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"=0x5341435001000000000000000700000028000000809F1500AC1F160001000000000000000000000A71220000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000004A200000000000000200000002000000 "C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUninst.exe"=0x5341435001000000000000000700000028000000B0436C008AF96C0001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000005CF00000000000000100000001000000 "C:\Program Files (x86)\AVAST Software\Browser\AvastBrowserUninstall.exe"=0x534143500100000000000000070000002800000088292A00A25C2A0001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000005BEA0100000000000200000002000000 "C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE"=0x5341435001000000000000000700000028000000C874180156D2180101000000000000000000000A71220000BFA2139DEDD1D3010000000100000000 "C:\Users\xbera\AppData\Local\Microsoft\OneDrive\18.131.0701.0007\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000A80204003EA4040001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Users\xbera\AppData\Local\Microsoft\OneDrive\18.151.0729.0006\FileSyncConfig.exe"=0x534143500100000000000000070000002800000020F80300EE6C040001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Users\xbera\Downloads\midi2mp3_setup.exe"=0x5341435001000000000000000700000028000000408AB5008F1CB60001000000000000000000010600010000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000138F0300000000000100000001000000 "C:\Program Files (x86)\Direct MIDI to MP3 Converter\MIDItoMP3.exe"=0x5341435001000000000000000700000028000000D0503600B15B360001000000000000000000020661200000BFA2139DEDD1D3010000000000000000020000002800000000000000000000100010000000000000000000000000000052FF1000000000000E0000000E000000 "C:\Program Files (x86)\Microsoft Office\Office12\POWERPNT.EXE"=0x5341435001000000000000000700000028000000F01A080089E5080001000000000000000000000A71220000BFA2139DEDD1D3010000000100000000 "C:\Users\xbera\AppData\Local\Microsoft\OneDrive\18.151.0729.0012\FileSyncConfig.exe"=0x534143500100000000000000070000002800000020F30300A795040001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Users\xbera\Downloads\GeForce_Experience_v3.15.0.164.exe"=0x5341435001000000000000000700000028000000B0C465052327660501000000000000000000020600010000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000045B00000000000000200000002000000 "C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18071.15310.1000_x64__8wekyb3d8bbwe\VideoProjectsLauncher.exe"=0x5341435001000000000000000700000028000000005401000000000001000000000000000000000A73220000BFA2139DEDD1D301000000000000000002000000280000000000000000000010000000000000000000000000000000004B660000000000000100000001000000 "C:\Users\xbera\Downloads\SmartShow3d.exe"=0x5341435001000000000000000700000028000000F8F6C10724D9C20701000000000000000000020600010000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000002D881000000000000100000001000000 "C:\Users\xbera\Desktop\SmartShow3dFull.exe"=0x5341435001000000000000000700000028000000B876CB14F398CB1401000000000000000000020600010000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000C7C50200000000000100000001000000 "C:\Program Files (x86)\SmartSHOW 3D\SmartSHOW3D.exe"=0x5341435001000000000000000700000028000000F04C4901C8074A0101000000000000000000000A71220000BFA2139DEDD1D30100000000000000000200000028000000000000000000000004000000000000000000000000000000A8A37200000000000D0000000D000000 "C:\ProgramData\Malwarebytes\MBAMService\instlrupdate\mb3-setup-consumer-3.6.1.2711-1.0.463-1.0.7123.exe"=0x53414350010000000000000007000000280000002086D0047C5FD10401000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000007A2C0100000000000100000001000000 "C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe"=0x534143500100000000000000070000002800000070447C0084337D0001000000000000000000000A71220000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000000DAA0300000000000300000003000000 "C:\Users\xbera\AppData\Local\Microsoft\OneDrive\18.172.0826.0010_6\FileSyncConfig.exe"=0x53414350010000000000000007000000280000006010040082C7040001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Users\xbera\AppData\Local\Microsoft\OneDrive\18.192.0920.0015\FileSyncConfig.exe"=0x534143500100000000000000070000002800000060340400A607050001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Users\xbera\AppData\Local\Microsoft\OneDrive\18.212.1021.0008\FileSyncConfig.exe"=0x53414350010000000000000007000000280000002031040026BC040001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Users\xbera\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\FileSyncConfig.exe"=0x534143500100000000000000070000002800000020570400F14C050001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Program Files (x86)\Windows Media Player\wmplayer.exe"=0x5341435001000000000000000700000028000000008C02004C22030001000000010000000000000A61220000BFA2139DEDD1D3010000000000000000 "C:\Users\xbera\AppData\Local\Microsoft\OneDrive\18.240.1202.0004\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000386B0400903D050001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Users\xbera\AppData\Local\Microsoft\OneDrive\19.002.0107.0008\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000308104006ACC040001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1902.1121.0_x64__8wekyb3d8bbwe\LocalBridge.exe"=0x534143500100000000000000070000002800000078BD0000720E010001000000000000000000000A73220000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000982D0000000000000100000001000000 "C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1902.1223.0_x64__8wekyb3d8bbwe\LocalBridge.exe"=0x534143500100000000000000070000002800000078BD00002A55010001000000000000000000000A73220000BFA2139DEDD1D3010000000000000000 "C:\Program Files\WinRAR\Uninstall.exe"=0x5341435001000000000000000700000028000000D8FC0500551D060001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000005B030000000000000100000001000000 "C:\Program Files\WinRAR\WinRAR.exe"=0x5341435001000000000000000700000028000000D8BC2200844A230001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000009A23EC00000000000900000009000000 "C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe"=0x5341435001000000000000000700000028000000881D1F000C581F0001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000F1160700000000000100000001000000 "C:\ProgramData\Malwarebytes\MBAMService\instlrupdate\mb3-setup-consumer-3.7.1.2839-1.0.538-1.0.9074.exe"=0x53414350010000000000000007000000280000004047D5031683D50301000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000EF930400000000000100000001000000 "C:\Users\xbera\AppData\Local\Microsoft\OneDrive\19.012.0121.0011\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000308D04008E97040001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\LocalBridge.exe"=0x534143500100000000000000070000002800000048B600006317010001000000000000000000000A73220000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000F67C0200000000000100000001000000 "C:\Users\xbera\AppData\Local\Microsoft\OneDrive\19.033.0218.0011\FileSyncConfig.exe"=0x534143500100000000000000070000002800000060AA0400777F050001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Program Files\Windows Photo Viewer\ImagingDevices.exe"=0x534143500100000000000000070000002800000008990100C4EF010001000000010000000000000A63220000BFA2139DEDD1D3010000000000000000 "C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe"=0x534143500100000000000000070000002800000070CC1D0004E31D0001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000009CDB0300000000000100000001000000 "C:\Users\xbera\AppData\Local\Microsoft\OneDrive\19.043.0304.0007\FileSyncConfig.exe"=0x534143500100000000000000070000002800000030AF0400A4BA040001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Users\xbera\AppData\Local\Microsoft\OneDrive\19.062.0331.0006\FileSyncConfig.exe"=0x534143500100000000000000070000002800000060BC0400AE33050001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Users\xbera\AppData\Local\Microsoft\OneDrive\19.070.0410.0005\FileSyncConfig.exe"=0x534143500100000000000000070000002800000060BC04002A69050001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Users\xbera\AppData\Local\Microsoft\OneDrive\19.070.0410.0007\FileSyncConfig.exe"=0x534143500100000000000000070000002800000060BC0400100C050001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Users\xbera\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"=0x534143500100000000000000070000002800000038C7F901DA35FA0101000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Users\xbera\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\FileSyncConfig.exe"=0x534143500100000000000000070000002800000038C904002188050001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Users\xbera\Desktop\MesLivres.exe"=0x5341435001000000000000000700000028000000C07754007CFE540001000000000000000000030600010000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000097E85D00000000000100000001000000 "C:\Program Files (x86)\MesLivres\Mes Livres.exe"=0x534143500100000000000000070000002800000030C62E004BBF2F0001000000000000000000000A71220000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000009EBD5D00000000000300000003000000 "C:\Program Files (x86)\MesLivres\unins000.exe"=0x534143500100000000000000070000002800000021040B000000000001000000000000000000030600010000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000C6280000000000000100000001000000 "C:\Users\xbera\Desktop\MesLivresPro.exe"=0x5341435001000000000000000700000028000000F0F560006034610001000000000000000000030600010000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000CCB12100000000000100000001000000 "C:\Program Files (x86)\MesLivresPro\Mes Livres.exe"=0x534143500100000000000000070000002800000030BA46009055470001000000000000000000000A71220000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000C2C52400000000000800000008000000 "C:\Program Files\Google\Drive\googledrivesync.exe"=0x5341435001000000000000000700000028000000700FCD02BDD6CD0201000000000000000000000A63200000BFA2139DEDD1D3010000000000000000 "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe"=0x534143500100000000000000070000002800000040D959008A6E5A0001000000000000000000000A00210000631F6E6F0EDED401000000000000000002000000280000000000000000000000000000000000000000000000000000000A76AF01000000000400000004000000 "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"=0x534143500100000000000000070000002800000030422700A70C280001000000000000000000000A00210000631F6E6F0EDED401000000000000000002000000280000000000000000000010000000000000000000000000000000008DD25401000000001400000014000000 "C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe"=0x5341435001000000000000000700000028000000205E0300BC69030001000000000000000000000A00210000631F6E6F0EDED401000000000000000002000000280000000000000000000000000000000000000000000000000000003D027100000000000700000007000000 "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"=0x5341435001000000000000000700000028000000F09D19000DAF190001000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000C36B7800000000000400000004000000 "C:\Program Files\AVAST Software\Avast\AvastUI.exe"=0x5341435001000000000000000700000028000000881DBC0019FCBC0001000000000000000000000A00210000631F6E6F0EDED4010000000000000000020000002800000000000000000000000000000000000000000000000000000075CC0400000000000400000004000000 "C:\Users\xbera\Desktop\avastclear.exe"=0x534143500100000000000000070000002800000070BFA500C331A60001000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000004000000000000000000000000000000000566C0000000000000100000001000000 "C:\Users\xbera\Desktop\QuickDiag.exe"=0x534143500100000000000000070000002800000098094F009D3C4F0001000000000000000000000A00210000631F6E6F0EDED4010000000000000000 ---------- | IFEO ---------- | Mountpoints2 ---------- | Windows [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] ""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "Beep"=#USR:Control Panel\Sound "CoolSwitch"=USR:Control Panel\Desktop "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickSpeed"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse "Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SwapMouseButtons"=#USR:Control Panel\Mouse "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "Beep"=#USR:Control Panel\Sound "CoolSwitch"=USR:Control Panel\Desktop "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickSpeed"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SwapMouseButtons"=#USR:Control Panel\Mouse "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems] "windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ---------- | Security center [HKLM\SOFTWARE\Microsoft\Security Center] "cval"=1 [HKLM\SOFTWARE\Microsoft\Security Center\svc] "VistaSp1"=132128658723427904 [HKLM\SOFTWARE\Microsoft\Windows Defender] "ProductAppDataPath"=C:\ProgramData\Microsoft\Windows Defender "ProductIcon"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-100 "ProductLocalizedName"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-1000 "RemediationExe"=%ProgramFiles%\Windows Defender\MSASCui.exe "ProductType"=2 "InstallTime"=0xC236E2B5181CD301 "InstallLocation"=C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1908.7-0\ "ProductStatus"=0 "OOBEInstallTime"=0xFB8AF427526AD501 "LastEnabledTime"=0xA41BD30E836DD501 "ManagedDefenderProductType"=0 "BackupLocation"=C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0 "DisableAntiSpyware"=0 "DisableAntiVirus"=0 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall"=1 ---------- | Safeboot [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioSrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicDisplay.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicRender.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BrokerInfrastructure] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CBDHSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DeviceInstall] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dxgkrnl.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FsDepends.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudBus.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LSM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SerCx2.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SystemEventsBroker] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\usbaudio.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AudioEndpointBuilder] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AudioSrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicDisplay.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicRender.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BrokerInfrastructure] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CBDHSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DeviceInstall] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dxgkrnl.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\FsDepends.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HdAudAddService.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HdAudBus.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LSM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetSetupSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SerCx2.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmartcardSimulator] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SpbCx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SystemEventsBroker] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\uefi.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\usbaudio.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VirtualSmartcardReader] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wcmsvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinQuic] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96C-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}] ---------- | Winsock (Whitelist) ---------- | Hosts ---------- | Ping Envoi d'une requ?te 'ping' sur google.com [172.217.22.142] avec 32 octets de donn?es?: R?ponse de 172.217.22.142?: octets=32 temps=34 ms TTL=53 R?ponse de 172.217.22.142?: octets=32 temps=31 ms TTL=53 R?ponse de 172.217.22.142?: octets=32 temps=31 ms TTL=53 R?ponse de 172.217.22.142?: octets=32 temps=31 ms TTL=53 Statistiques Ping pour 172.217.22.142: Paquets?: envoy?s = 4, re?us = 4, perdus = 0 (perte 0%), Dur?e approximative des boucles en millisecondes : Minimum = 31ms, Maximum = 34ms, Moyenne = 31ms ---------- | @ [HKU\S-1-5-21-2984681472-3382979029-149579308-1002\Software\Microsoft\Internet Explorer\Main] "Anchor Underline"=yes "Cache_Update_Frequency"=yes "Disable Script Debugger"=yes "DisableScriptDebuggerIE"=yes "Display Inline Images"=yes "Do404Search"=0x01000000 "Local Page"=%11%\blank.htm "Save_Session_History_On_Exit"=no "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Show_FullURL"=no "Show_StatusBar"=yes "Show_ToolBar"=yes "Show_URLinStatusBar"=yes "Show_URLToolBar"=yes "Use_DlgBox_Colors"=yes "UseClearType"=no "XMLHTTP"=1 "Enable Browser Extensions"=yes "Play_Background_Sounds"=yes "Play_Animations"=yes "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "ImageStoreRandomFolder"=88svqda "OperationalData"=13 "CompatibilityFlags"=0 "SearchBandMigrationVersion"=1 "FullScreen"=no "Window_Placement"=0x2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF2400000024000000D4040000C7020000 "Start Page_TIMESTAMP"=0x9BE16CD0D953D301 "SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy"=0x01000000330000007910138530E5CCC281658FC5FD443DE56E555584F3FB8A2F8C5AB15B900FDEA88FE03DFE0F80F58F0D8A5484A774E1C6C48609020000000E00000053757554644F373374766F253364 "IE10RunOnceLastShown"=1 "IE10RunOnceLastShown_TIMESTAMP"=0x28FC7FA5A080D301 "IE10TourShown"=1 "IE10TourShownTime"=0x87AFB1ACA393D301 "IE10RunOncePerInstallCompleted"=1 "IE10RunOnceCompletionTime"=0x87AFB1ACA393D301 [HKU\S-1-5-21-2984681472-3382979029-149579308-1002\Software\Microsoft\Windows\CurrentVersion\Internet settings] "DisableCachingOfSSLPages"=0 "IE5_UA_Backup_Flag"=5.0 "PrivacyAdvanced"=1 "SecureProtocols"=2688 "CertificateRevocation"=1 "User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32) "ZonesSecurityUpgrade"=0x0B9066F03C6AD501 "WarnonZoneCrossing"=0 "EnableNegotiate"=1 "MigrateProxy"=1 "ProxyEnable"=0 "LockDatabase"=132128665186091103 [HKLM\Software\Microsoft\Internet Explorer\Main] "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "AutoHide"=yes "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Anchor_Visitation_Horizon"=0x01000000 "Cache_Percent_of_Disk"=0x0A000000 "Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Secondary_Page_URL"= "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "Extensions Off Page"=about:NoAdd-ons "Local Page"=C:\Windows\System32\blank.htm "Placeholder_Height"=0x1A000000 "Placeholder_Width"=0x1A000000 "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Security Risk Page"=about:SecurityRisk "Use_Async_DNS"=yes "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [HKLM\Software\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "Home"=270 "InPrivate"=res://ieframe.dll/inprivate.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "PostNotCached"=res://ieframe.dll/repost.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes] "ftp"=ftp:// "home"=http:// "mosaic"=http:// "www"=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings] "ActiveXCache"=C:\Windows\Downloaded Program Files "CodeBaseSearchPath"=CODEBASE "EnablePunycode"=1 "MinorVersion"=0 "WarnOnIntranet"=1 [HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings] "CallLegacyWCMPolicies"=0 [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Main] "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "AutoHide"=yes "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Anchor_Visitation_Horizon"=0x01000000 "Cache_Percent_of_Disk"=0x0A000000 "Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Secondary_Page_URL"= "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "Extensions Off Page"=about:NoAdd-ons "Local Page"=C:\Windows\SysWOW64\blank.htm "Placeholder_Height"=0x1A000000 "Placeholder_Width"=0x1A000000 "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Security Risk Page"=about:SecurityRisk "Use_Async_DNS"=yes "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "Home"=270 "InPrivate"=res://ieframe.dll/inprivate.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "PostNotCached"=res://ieframe.dll/repost.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes] "ftp"=ftp:// "home"=http:// "mosaic"=http:// "www"=http:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet settings] "ActiveXCache"=C:\Windows\Downloaded Program Files "CodeBaseSearchPath"=CODEBASE "EnablePunycode"=1 "MinorVersion"=0 "WarnOnIntranet"=1 [HKLM\Software\WOW6432Node\Policies\Microsoft\Windows\CurrentVersion\Internet Settings] "CallLegacyWCMPolicies"=0 ---------- | Proxy ---------- | reparsepoint ---------- | Detection of offsets ---------- | Notify ---------- | Execution FileExts [HKU\S-1-5-21-2984681472-3382979029-149579308-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apk] "Progid"= ---------- | SIOI | SEH | URLSH [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt01] - {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} -- C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [12/05/2019 10:34:23] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt02] - {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} -- C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [12/05/2019 10:34:23] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt03] - {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} -- C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [12/05/2019 10:34:23] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt04] - {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} -- C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [12/05/2019 10:34:23] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt05] - {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} -- C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [12/05/2019 10:34:23] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt06] - {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} -- C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [12/05/2019 10:34:23] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt07] - {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} -- C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [12/05/2019 10:34:23] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt08] - {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} -- C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [12/05/2019 10:34:23] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt09] - {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} -- C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [12/05/2019 10:34:23] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt10] - {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} -- C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [12/05/2019 10:34:23] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ GoogleDriveBlacklisted] - {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} -- C:\Program Files\Google\Drive\googledrivesync64.dll [27/06/2019 12:58:16] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ GoogleDriveSynced] - {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} -- C:\Program Files\Google\Drive\googledrivesync64.dll [27/06/2019 12:58:16] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ GoogleDriveSyncing] - {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} -- C:\Program Files\Google\Drive\googledrivesync64.dll [27/06/2019 12:58:16] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ AccExtIco1] - {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} -- C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [14/08/2017 03:48:44] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ AccExtIco2] - {853B7E05-C47D-4985-909A-D0DC5C6D7303} -- C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [14/08/2017 03:48:44] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ AccExtIco3] - {42D38F2E-98E9-4382-B546-E24E4D6D04BB} -- C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [14/08/2017 03:48:44] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6] - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7] - {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw] - {472083B0-C522-11CF-8763-00608CC02F24} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} -- C:\Windows\System32\EhStorShell.dll [19/03/2019 06:44:47] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt01] - {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} -- C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.0.dll [12/05/2019 10:34:23] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt02] - {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} -- C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.0.dll [12/05/2019 10:34:23] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt03] - {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} -- C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.0.dll [12/05/2019 10:34:23] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt04] - {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} -- C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.0.dll [12/05/2019 10:34:23] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt05] - {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} -- C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.0.dll [12/05/2019 10:34:23] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt06] - {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} -- C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.0.dll [12/05/2019 10:34:23] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt07] - {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} -- C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.0.dll [12/05/2019 10:34:23] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt08] - {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} -- C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.0.dll [12/05/2019 10:34:23] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt09] - {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} -- C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.0.dll [12/05/2019 10:34:23] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt10] - {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} -- C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.0.dll [12/05/2019 10:34:23] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6] - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7] - {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 1 (GFS Unread Stub)] - {99FD978C-D287-4F50-827F-B2C658EDA8E7} -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [26/02/2009 18:36:54] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 2 (GFS Stub)] - {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [26/02/2009 18:36:54] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] - {920E6DB1-9907-4370-B3A0-BAFC03D81399} -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [26/02/2009 18:36:54] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 3 (GFS Folder)] - {16F3DD56-1AF5-4347-846D-7C10C4192619} -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [26/02/2009 18:36:54] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 4 (GFS Unread Mark)] - {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [26/02/2009 18:36:54] [HKU\S-1-5-21-2984681472-3382979029-149579308-1002\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks] "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"= [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=Groove GFS Stub Execution Hook ---------- | Toolbar [HKU\S-1-5-21-2984681472-3382979029-149579308-1002\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "Locked"=1 [HKU\S-1-5-21-2984681472-3382979029-149579308-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} "KnownProvidersUpgradeTime"=0x87AFB1ACA393D301 "Version"=5 "UpgradeTime"=0x87AFB1ACA393D301 [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} ---------- | Extensions [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}] : (&Envoyer à OneNote) - [] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}] : () - [] ---------- | SearchScopes [HKU\S-1-5-21-2984681472-3382979029-149579308-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (Bing) - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : ---------- | Browser Helper Objects [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] -> (Groove GFS Browser Helper) : C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [26/02/2009 18:36:54] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] -> (Java(tm) Plug-In SSV Helper) : C:\Program Files (x86)\Java\jre1.8.0_201\bin\ssv.dll [05/03/2019 19:51:32] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] -> (Java(tm) Plug-In 2 SSV Helper) : C:\Program Files (x86)\Java\jre1.8.0_201\bin\jp2ssv.dll [05/03/2019 19:51:32] ---------- | Chrome C:\Users\xbera\AppData\Local\Google\Chrome\User Data\Default\extensions\aghbiahbpaijignceidepookljebhfak = : - https://drive.google.com/?lfhs=2 - Google Drive C:\Users\xbera\AppData\Local\Google\Chrome\User Data\Default\extensions\apdfllckaahabafndbhieahigkjlhalf = : Google & co - https://drive.google.com/?usp=chrome_app - Google & co - [http://docs.google.com/http://drive.google.com/https://docs.google.com/https://drive.google.com/] - https://clients2.google.com/service/update2/crx C:\Users\xbera\AppData\Local\Google\Chrome\User Data\Default\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo = : Google & co - http://www.youtube.com - http://www.youtube.com - Google & co - http://clients2.google.com/service/update2/crx C:\Users\xbera\AppData\Local\Google\Chrome\User Data\Default\extensions\emhginjpijfggbofeediiojmdlmlkoik = : - short_name: passwords - permissions:[activeTabtabs\u003Call_urls>declarativeContentstoragecontextMenus] - https://clients2.google.com/service/update2/crx C:\Users\xbera\AppData\Local\Google\Chrome\User Data\Default\extensions\gighmmpiobklfepjocnamgkkbiglidom = : __MSG_description__ - short_name: __MSG_name__ - permissions:[tabs\u003Call_urls>contextMenuswebRequestwebRequestBlockingwebNavigationstorageunlimitedStoragenotificationsidlealarms] - https://clients2.google.com/service/update2/crx C:\Users\xbera\AppData\Local\Google\Chrome\User Data\Default\extensions\gomekmidlodglbbmalcneegieacbdmki = : Avast Browser Security and Web Reputation Plugin. - Avast Online Security - matches:[\u003Call_urls>] - https://clients2.google.com/service/update2/crx C:\Users\xbera\AppData\Local\Google\Chrome\User Data\Default\extensions\jabopobgcpjmedljpbcaablpmlmfcogm = : The easiest way to identify fonts on web pages. - WhatFont - https://clients2.google.com/service/update2/crx C:\Users\xbera\AppData\Local\Google\Chrome\User Data\Default\extensions\jkjdfchjlhkgnfjblhclgaliiccalckf = : Brushed metal theme for Google Chrome with a transparent toolbar. Works with any Windows Aero theme. Developed by Jim Biggs - short_name: Brushed Metal Aero - https://clients2.google.com/service/update2/crx C:\Users\xbera\AppData\Local\Google\Chrome\User Data\Default\extensions\kngglkijfekbhidmchmlfmpkdffmedob = : __MSG_description__ - short_name: __MSG_name__ - https://clients2.google.com/service/update2/crx C:\Users\xbera\AppData\Local\Google\Chrome\User Data\Default\extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh = : Open Drive files directly from your browser in compatible applications installed on your computer. - short_name: Google Drive App Launcher - https://clients2.google.com/service/update2/crx C:\Users\xbera\AppData\Local\Google\Chrome\User Data\Default\extensions\nmmhkkegccagdldgiimedpiccmgmieda = : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx C:\Users\xbera\AppData\Local\Google\Chrome\User Data\Default\extensions\nnabekmffpcncdhhggfnmfkinjalamea = : __MSG_marketingDescription__ - __MSG_productName__ - https://clients2.google.com/service/update2/crx C:\Users\xbera\AppData\Local\Google\Chrome\User Data\Default\extensions\pjkljhegncpnkpknbcohdijeoejaedia = : Google & co - https://mail.google.com/mail - Google & co - [*://mail.google.com/mail] - https://clients2.google.com/service/update2/crx C:\Users\xbera\AppData\Local\Google\Chrome\User Data\Default\extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm = : Provider for discovery and services for mirroring of Chrome Media Router - Chrome Media Router - 919648714761-55j965o0km033psv3i9qls5mo3qtdrb0.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx [HKU\S-1-5-21-2984681472-3382979029-149579308-1002\Software\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh] [HKLM\Software\WOW6432Node\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj] [HKLM\Software\WOW6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck] [HKLM\Software\WOW6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki] ---------- | Opera ---------- | Firefox [HKU\S-1-5-21-2984681472-3382979029-149579308-1002\Software\MozillaPlugins\@zoom.us/ZoomVideoPlugin] - (Zoom Video Plugin) : C:\Users\xbera\AppData\Roaming\Zoom\bin\npzoomplugin.dll [HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect] - () : C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.201.2] - (Java™ Deployment Toolkit) : C:\Program Files (x86)\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.201.2] - (Oracle® Next Generation Java™ Plug-In) : C:\Program Files (x86)\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.6] - (VLC Multimedia Plugin) : C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@videolan.org/vlc,version=3.0.6] - (VLC Multimedia Plugin) : C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [HKLM\Software\WOW6432Node\MozillaPlugins\Adobe Reader] - (Handles PDFs in-place in Firefox) : C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [HKLM\Software\WOW6432Node\MozillaPlugins\adobe.com/AdobeAAMDetect] - () : C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll ---------- | DNS [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters] "DhcpNameServer"=192.168.1.1 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{df323869-a479-440a-97c8-b8b88e395010}] "DhcpNameServer"=192.168.1.1 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{df323869-a479-440a-97c8-b8b88e395010}] "DhcpNameServer"=192.168.1.1 ---------- | Applications [HKU\S-1-5-21-2984681472-3382979029-149579308-1002\SOFTWARE\Classes\Applications\InDesign.exe] : "C:\Program Files\Adobe\Adobe InDesign CC 2017\InDesign.exe" "%1" [HKU\S-1-5-21-2984681472-3382979029-149579308-1002\SOFTWARE\Classes\Applications\MuseScore2.exe] : "C:\Program Files (x86)\MuseScore 2\bin\MuseScore.exe" "%1" [HKU\S-1-5-21-2984681472-3382979029-149579308-1002\SOFTWARE\Classes\Applications\Sibelius First.exe] : "C:\Program Files\Avid\Sibelius 7 First\Sibelius First.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 [HKLM\SOFTWARE\Classes\Applications\iTunes.exe] : "C:\Program Files\iTunes\iTunes.exe" /open "%L" [HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\Classes\Applications\ois.exe] : C:\PROGRA~2\MICROS~1\Office12\OIS.EXE /shellOpen "%1" [HKLM\SOFTWARE\Classes\Applications\Photoshop.exe] : "C:\Program Files\Adobe\Adobe Photoshop CC 2017\Photoshop.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\provtool.exe] : "%SystemRoot%\System32\provtool.exe" "%1" /source ShellOpen [HKLM\SOFTWARE\Classes\Applications\vlc.exe] : "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file "%1" [HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iTunes.exe] : "C:\Program Files\iTunes\iTunes.exe" /open "%L" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\ois.exe] : C:\PROGRA~2\MICROS~1\Office12\OIS.EXE /shellOpen "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\Photoshop.exe] : "C:\Program Files\Adobe\Adobe Photoshop CC 2017\Photoshop.exe" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\provtool.exe] : "%SystemRoot%\System32\provtool.exe" "%1" /source ShellOpen [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\vlc.exe] : "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" ---------- | SvcHost (Whitelist) [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost] "DcomLaunch"=Power LSM BrokerInfrastructure PlugPlay DcomLaunch SystemEventsBroker DeviceInstall "rdxgroup"=RetailDemo "Camera"=FrameS "LocalServiceNoNetworkFirewall"=BFE mpssvc "diagnostics"=DiagSvc "AarSvcGroup"=AarSvc "PrintWorkflow"=PrintWorkflowUserSvc "wusvcs"=WaaSMedicSvc "BcastDVRUserService"=BcastDVRUserService "GraphicsPerfSvcGroup"=GraphicsPerfSvc "autoTimeSvc"=autoTimeSvc "ClipboardSvcGroup"=cbdhsvc "BthAppGroup"=BluetoothUserService "smbsvcs"=lanmanserver browser "DevicesFlow"=DeviceAssociationBrokerSvc DevicesFlowUserSvc DevicePickerUserSvc ConsentUxUserSvc [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost] "DcomLaunch"=DcomLaunch DeviceInstall "PrintWorkflow"=PrintWorkflowUserSvc "DevicesFlow"=DeviceAssociationBrokerSvc "smbsvcs"=lanmanserver ---------- | SvcHost - Netsvcs (Whitelist) ---------- | Software [HKU\S-1-5-21-2984681472-3382979029-149579308-1002\Software\Acro Software Inc] [HKU\S-1-5-21-2984681472-3382979029-149579308-1002\Software\Adobe] [HKU\S-1-5-21-2984681472-3382979029-149579308-1002\Software\AMS Software] [HKU\S-1-5-21-2984681472-3382979029-149579308-1002\Software\AppDataLow] [HKU\S-1-5-21-2984681472-3382979029-149579308-1002\Software\Apple Computer, Inc.] [HKU\S-1-5-21-2984681472-3382979029-149579308-1002\Software\Apple Inc.] [HKU\S-1-5-21-2984681472-3382979029-149579308-1002\Software\ATI] [HKU\S-1-5-21-2984681472-3382979029-149579308-1002\Software\AVAST Software] [HKU\S-1-5-21-2984681472-3382979029-149579308-1002\Software\Avid] [HKU\S-1-5-21-2984681472-3382979029-149579308-1002\Software\Browser Cleanup] [HKU\S-1-5-21-2984681472-3382979029-149579308-1002\Software\Bugsplat] [HKU\S-1-5-21-2984681472-3382979029-149579308-1002\Software\Chromium] [HKU\S-1-5-21-2984681472-3382979029-149579308-1002\Software\Clients] [HKU\S-1-5-21-2984681472-3382979029-149579308-1002\Software\Corel] [HKU\S-1-5-21-2984681472-3382979029-149579308-1002\Software\Dassault Systemes] [HKU\S-1-5-21-2984681472-3382979029-149579308-1002\Software\Dropbox] [HKU\S-1-5-21-2984681472-3382979029-149579308-1002\Software\DropboxUpdate] [HKU\S-1-5-21-2984681472-3382979029-149579308-1002\Software\g3n-h@ckm@n] [HKU\S-1-5-21-2984681472-3382979029-149579308-1002\Software\Google] [HKU\S-1-5-21-2984681472-3382979029-149579308-1002\Software\Its] [HKU\S-1-5-21-2984681472-3382979029-149579308-1002\Software\JavaSoft] [HKU\S-1-5-21-2984681472-3382979029-149579308-1002\Software\kde.org] [HKU\S-1-5-21-2984681472-3382979029-149579308-1002\Software\Leadertech] [HKU\S-1-5-21-2984681472-3382979029-149579308-1002\Software\Licenses] [HKU\S-1-5-21-2984681472-3382979029-149579308-1002\Software\LogiShrd] [HKU\S-1-5-21-2984681472-3382979029-149579308-1002\Software\Malwarebytes] [HKU\S-1-5-21-2984681472-3382979029-149579308-1002\Software\MicroQuill] [HKU\S-1-5-21-2984681472-3382979029-149579308-1002\Software\Microsoft] [HKU\S-1-5-21-2984681472-3382979029-149579308-1002\Software\Mozilla] [HKU\S-1-5-21-2984681472-3382979029-149579308-1002\Software\MozillaPlugins] [HKU\S-1-5-21-2984681472-3382979029-149579308-1002\Software\MuseScore2] [HKU\S-1-5-21-2984681472-3382979029-149579308-1002\Software\Netscape] [HKU\S-1-5-21-2984681472-3382979029-149579308-1002\Software\ODBC] [HKU\S-1-5-21-2984681472-3382979029-149579308-1002\Software\PhotoFiltre 7] [HKU\S-1-5-21-2984681472-3382979029-149579308-1002\Software\PistonSoft] [HKU\S-1-5-21-2984681472-3382979029-149579308-1002\Software\Policies] [HKU\S-1-5-21-2984681472-3382979029-149579308-1002\Software\QtProject] [HKU\S-1-5-21-2984681472-3382979029-149579308-1002\Software\RegisteredApplications] [HKU\S-1-5-21-2984681472-3382979029-149579308-1002\Software\SWActivation] [HKU\S-1-5-21-2984681472-3382979029-149579308-1002\Software\SyncEngines] [HKU\S-1-5-21-2984681472-3382979029-149579308-1002\Software\Sysinternals] [HKU\S-1-5-21-2984681472-3382979029-149579308-1002\Software\The Silicon Realms Toolworks] [HKU\S-1-5-21-2984681472-3382979029-149579308-1002\Software\Thunderbird] [HKU\S-1-5-21-2984681472-3382979029-149579308-1002\Software\Trolltech] [HKU\S-1-5-21-2984681472-3382979029-149579308-1002\Software\VB and VBA Program Settings] [HKU\S-1-5-21-2984681472-3382979029-149579308-1002\Software\Werner Schweer and Others] [HKU\S-1-5-21-2984681472-3382979029-149579308-1002\Software\WinRAR] [HKU\S-1-5-21-2984681472-3382979029-149579308-1002\Software\WinRAR SFX] [HKU\S-1-5-21-2984681472-3382979029-149579308-1002\Software\Wow6432Node] [HKU\S-1-5-21-2984681472-3382979029-149579308-1002\SOFTWARE\AppDataLow\Software\Microsoft] [HKU\S-1-5-21-2984681472-3382979029-149579308-1002\Software\Microsoft\Windows\AssignedAccessConfiguration] [HKU\S-1-5-21-2984681472-3382979029-149579308-1002\Software\Microsoft\Windows\CurrentVersion] [HKU\S-1-5-21-2984681472-3382979029-149579308-1002\Software\Microsoft\Windows\DWM] [HKU\S-1-5-21-2984681472-3382979029-149579308-1002\Software\Microsoft\Windows\Shell] [HKU\S-1-5-21-2984681472-3382979029-149579308-1002\Software\Microsoft\Windows\TabletPC] [HKU\S-1-5-21-2984681472-3382979029-149579308-1002\Software\Microsoft\Windows\Windows Error Reporting] [HKU\S-1-5-21-2984681472-3382979029-149579308-1002\Software\Microsoft\Windows\Winlogon] [HKU\S-1-5-21-2984681472-3382979029-149579308-1002\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\Acro Software Inc] [HKLM\Software\Adobe] [HKLM\Software\AMD] [HKLM\Software\Apple Computer, Inc.] [HKLM\Software\Apple Inc.] [HKLM\Software\ATI] [HKLM\Software\ATI Technologies] [HKLM\Software\AVAST Software] [HKLM\Software\Avid] [HKLM\Software\Clients] [HKLM\Software\Corel] [HKLM\Software\CVSM] [HKLM\Software\DefaultUserEnvironment] [HKLM\Software\g3n-h@ckm@n] [HKLM\Software\Google] [HKLM\Software\Huawei technologies] [HKLM\Software\Intel] [HKLM\Software\Khronos] [HKLM\Software\Logishrd] [HKLM\Software\Macromedia] [HKLM\Software\Microsoft] [HKLM\Software\Mozilla] [HKLM\Software\MozillaPlugins] [HKLM\Software\ODBC] [HKLM\Software\OEM] [HKLM\Software\Partner] [HKLM\Software\Policies] [HKLM\Software\RegisteredApplications] [HKLM\Software\sysinternals] [HKLM\Software\Windows] [HKLM\Software\WinRAR] [HKLM\Software\WOW6432Node] [HKLM\Software\Microsoft\Windows\Autopilot] [HKLM\Software\Microsoft\Windows\ClickNote] [HKLM\Software\Microsoft\Windows\CurrentVersion] [HKLM\Software\Microsoft\Windows\Dwm] [HKLM\Software\Microsoft\Windows\DynamicManagement] [HKLM\Software\Microsoft\Windows\EnterpriseResourceManager] [HKLM\Software\Microsoft\Windows\Heat] [HKLM\Software\Microsoft\Windows\HTML Help] [HKLM\Software\Microsoft\Windows\ITStorage] [HKLM\Software\Microsoft\Windows\Notepad] [HKLM\Software\Microsoft\Windows\ScheduledDiagnostics] [HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\Microsoft\Windows\Shell] [HKLM\Software\Microsoft\Windows\Tablet PC] [HKLM\Software\Microsoft\Windows\TabletPC] [HKLM\Software\Microsoft\Windows\UpdateApi] [HKLM\Software\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\Microsoft\Windows\Windows Search] [HKLM\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\AarSvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\autotimesvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\BcastDVRUserService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\btagservice] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\BthAppGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\Camera] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ClipboardSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\DevicesFlow] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\diagnostics] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\GraphicsPerfSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ICService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceHttp] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestrictedDhcpLmHosts] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetworkFirewall] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceDnsNla] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\print] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\PrintWorkflow] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\rdxgroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\RmSvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\UnistackSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\WepHostSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wsappx] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wusvcs] [HKLM\Software\WOW6432Node\Acro Software Inc] [HKLM\Software\WOW6432Node\Adobe] [HKLM\Software\WOW6432Node\Apple Inc.] [HKLM\Software\WOW6432Node\ATI] [HKLM\Software\WOW6432Node\ATI Technologies] [HKLM\Software\WOW6432Node\Avast] [HKLM\Software\WOW6432Node\AVAST Software] [HKLM\Software\WOW6432Node\Avid] [HKLM\Software\WOW6432Node\Avid Technology] [HKLM\Software\WOW6432Node\Dropbox] [HKLM\Software\WOW6432Node\DropboxUpdate] [HKLM\Software\WOW6432Node\Google] [HKLM\Software\WOW6432Node\GPL Ghostscript] [HKLM\Software\WOW6432Node\Intel] [HKLM\Software\WOW6432Node\JavaSoft] [HKLM\Software\WOW6432Node\JreMetrics] [HKLM\Software\WOW6432Node\Khronos] [HKLM\Software\WOW6432Node\Macromedia] [HKLM\Software\WOW6432Node\Microsoft] [HKLM\Software\WOW6432Node\Mozilla] [HKLM\Software\WOW6432Node\MozillaPlugins] [HKLM\Software\WOW6432Node\ODBC] [HKLM\Software\WOW6432Node\Oracle] [HKLM\Software\WOW6432Node\Propellerhead Software] [HKLM\Software\WOW6432Node\VideoLAN] [HKLM\Software\WOW6432Node\WOW6432Node] [HKLM\Software\WOW6432Node\Clients] [HKLM\Software\WOW6432Node\Policies] [HKLM\Software\WOW6432Node\RegisteredApplications] [HKLM\Software\WOW6432Node\Microsoft\Windows\ClickNote] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows\Dwm] [HKLM\Software\WOW6432Node\Microsoft\Windows\EnterpriseResourceManager] [HKLM\Software\WOW6432Node\Microsoft\Windows\Heat] [HKLM\Software\WOW6432Node\Microsoft\Windows\Help] [HKLM\Software\WOW6432Node\Microsoft\Windows\HTML Help] [HKLM\Software\WOW6432Node\Microsoft\Windows\ITStorage] [HKLM\Software\WOW6432Node\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\WOW6432Node\Microsoft\Windows\Tablet PC] [HKLM\Software\WOW6432Node\Microsoft\Windows\UpdateApi] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Search] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceHttp] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestrictedDhcpLmHosts] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetworkFirewall] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceDnsNla] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\PrintWorkflow] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\wusvcs] ---------- | Drives ---------- | C: [18/03/2017 23:03:28] - |SHD| - [156288977] - C:\$Recycle.Bin [15/02/2018 13:44:22] - |D| - [1289534] - C:\AdwCleaner [23/08/2017 16:37:55] - |D| - [127671042] - C:\AMD [23/08/2017 16:09:52] - |SHD| - [0] - C:\Documents and Settings [MD5.D41D8CD98F00B204E9800998ECF8427E] - [28/05/2018 12:54:29] - |ASH| - (.-.) - [1710252032] - (0.0.0.0) - C:\hiberfil.sys [26/04/2018 14:00:32] - |D| - [17776210] - C:\MbConcept_LC [MD5.800B746FDC4D80469AFC7E5E9B510C9C] - [01/12/2006 23:37:14] - |A| - (.© Microsoft Corporation. - Microsoft® Debug Information Accessor.) - [904704] - (8.0.50727.762) - C:\msdia80.dll [21/07/2018 17:45:09] - |RHD| - [592884925] - C:\MSOCache [09/09/2019 14:40:09] - |HD| - [0] - C:\OneDriveTemp [MD5.D41D8CD98F00B204E9800998ECF8427E] - [23/08/2017 16:03:10] - |ASH| - (.-.) - [1476395008] - (0.0.0.0) - C:\pagefile.sys [19/03/2019 06:52:43] - |D| - [0] - C:\PerfLogs [19/03/2019 06:52:43] - |RD| - [8618987731] - C:\Program Files [19/03/2019 06:52:44] - |RD| - [17249016489] - C:\Program Files (x86) [19/03/2019 06:52:44] - |HD| - [2624662295] - C:\ProgramData [17/09/2019 20:13:13] - |D| - [68685] - C:\QuickDiag [MD5.8323BB020862F20D6001C891576ED65A] - [17/09/2019 20:14:23] - |A| - (.-.) - [184243] - (0.0.0.0) - C:\QuickDiag.txt [13/09/2019 18:32:27] - |SHD| - [0] - C:\Recovery [MD5.D41D8CD98F00B204E9800998ECF8427E] - [23/08/2017 16:03:11] - |ASH| - (.-.) - [268435456] - (0.0.0.0) - C:\swapfile.sys [23/08/2017 16:03:09] - |SHD| - [0] - C:\System Volume Information [19/03/2019 06:37:22] - |RD| - [75414136230] - C:\Users [19/03/2019 06:37:22] - |D| - [25335786728] - C:\Windows [13/09/2019 18:37:09] - |D| - [32577793320] - C:\Windows.old ---------- | C:\WINDOWS [19/03/2019 06:52:44] - |D| - [802] - C:\WINDOWS\addins [19/03/2019 06:52:44] - |D| - [6501993] - C:\WINDOWS\appcompat [19/03/2019 06:52:44] - |D| - [8446546] - C:\WINDOWS\apppatch [19/03/2019 06:52:44] - |D| - [0] - C:\WINDOWS\AppReadiness [19/03/2019 06:52:43] - |RD| - [576311160] - C:\WINDOWS\assembly [MD5.D41D8CD98F00B204E9800998ECF8427E] - [23/08/2017 16:37:52] - |A| - (.-.) - [0] - (0.0.0.0) - C:\WINDOWS\ativpsrm.bin [19/03/2019 06:52:44] - |D| - [785153] - C:\WINDOWS\bcastdvr [MD5.B75D52E7DBEEF44A2C3324A2CE0272C9] - [19/03/2019 06:43:47] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Utilitaire de service de fichier de démarrage.) - [73216] - (10.0.18362.1) - C:\WINDOWS\bfsvc.exe [19/03/2019 06:52:44] - |D| - [39534311] - C:\WINDOWS\Boot [MD5.BAF0120C66563D306D90D9D07B22D5AE] - [13/09/2019 18:27:57] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\WINDOWS\bootstat.dat [19/03/2019 06:52:44] - |D| - [2450424] - C:\WINDOWS\Branding [19/03/2019 06:37:22] - |D| - [0] - C:\WINDOWS\CbsTemp [MD5.9AA74B10B5F3A450BB4EE336D7898490] - [13/09/2019 18:07:08] - |A| - (.-.) - [9710] - (0.0.0.0) - C:\WINDOWS\comsetup.log [19/03/2019 06:52:44] - |D| - [33951637] - C:\WINDOWS\Containers [MD5.1F334AC7713E228137147CBFBB7BC9AA] - [19/03/2019 14:03:26] - |A| - (.-.) - [33951] - (0.0.0.0) - C:\WINDOWS\Core.xml [19/03/2019 06:52:44] - |D| - [11501377] - C:\WINDOWS\Cursors [19/03/2019 06:52:44] - |D| - [73397] - C:\WINDOWS\debug [MD5.99F5D5BBD351694638DF3C0CC4A919A3] - [13/09/2019 18:29:06] - |A| - (.-.) - [7623] - (0.0.0.0) - C:\WINDOWS\diagerr.xml [19/03/2019 06:52:44] - |D| - [4293525] - C:\WINDOWS\diagnostics [19/03/2019 06:52:44] - |D| - [2074128] - C:\WINDOWS\DiagTrack [MD5.99F5D5BBD351694638DF3C0CC4A919A3] - [13/09/2019 18:29:06] - |A| - (.-.) - [7623] - (0.0.0.0) - C:\WINDOWS\diagwrn.xml [19/03/2019 14:00:40] - |D| - [0] - C:\WINDOWS\DigitalLocker [19/03/2019 06:52:44] - |SD| - [65] - C:\WINDOWS\Downloaded Program Files [MD5.9BA3629DA25EA41969AEBBD9B8E54655] - [19/03/2019 06:55:49] - |A| - (.-.) - [776] - (0.0.0.0) - C:\WINDOWS\DtcInstall.log [19/03/2019 06:52:44] - |HD| - [61960] - C:\WINDOWS\ELAMBKUP [19/03/2019 14:00:40] - |D| - [0] - C:\WINDOWS\en-US [MD5.9CFA2A65575B4313753BC52D268F7B85] - [14/09/2019 18:33:41] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [4551352] - (10.0.18362.329) - C:\WINDOWS\explorer.exe [19/03/2019 06:52:44] - |RSD| - [424926144] - C:\WINDOWS\Fonts [19/03/2019 14:00:40] - |D| - [110592] - C:\WINDOWS\fr-FR [19/03/2019 06:52:44] - |D| - [0] - C:\WINDOWS\GameBarPresenceWriter [19/03/2019 06:52:44] - |D| - [53135467] - C:\WINDOWS\Globalization [19/03/2019 06:52:44] - |D| - [960276] - C:\WINDOWS\Help [MD5.7FE51A1679579DB427447CE8DFD8D47F] - [13/09/2019 18:14:36] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Aide et support Microsoft.) - [1059840] - (10.0.18362.267) - C:\WINDOWS\HelpPane.exe [MD5.DF73D52FDCE65F90A2E49EFB5248C77C] - [19/03/2019 06:45:38] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Exécutable de l’aide HTML Microsoft®.) - [18432] - (10.0.18362.1) - C:\WINDOWS\hh.exe [19/03/2019 06:52:44] - |D| - [29869] - C:\WINDOWS\IdentityCRL [19/03/2019 06:52:44] - |D| - [28821950] - C:\WINDOWS\IME [19/03/2019 06:52:44] - |RD| - [9264248] - C:\WINDOWS\ImmersiveControlPanel [19/03/2019 06:50:07] - |D| - [57204782] - C:\WINDOWS\INF [12/04/2018 01:38:21] - |D| - [0] - C:\WINDOWS\InfusedApps [19/03/2019 06:52:44] - |D| - [38126462] - C:\WINDOWS\InputMethod [19/03/2019 06:52:44] - |SHDC| - [3468619715] - C:\WINDOWS\Installer [19/03/2019 06:52:44] - |D| - [94304] - C:\WINDOWS\L2Schemas [19/03/2019 06:52:44] - |HD| - [0] - C:\WINDOWS\LanguageOverlayCache [19/03/2019 06:52:44] - |D| - [1626392048] - C:\WINDOWS\LiveKernelReports [19/03/2019 06:52:44] - |D| - [64692320] - C:\WINDOWS\Logs [19/03/2019 06:52:44] - |RSD| - [20063519] - C:\WINDOWS\Media [MD5.23AF90D2355D8C83AA4567EF1763B467] - [19/03/2019 06:44:30] - |A| - (.-.) - [43131] - (0.0.0.0) - C:\WINDOWS\mib.bin [19/03/2019 06:52:43] - |RD| - [624508727] - C:\WINDOWS\Microsoft.NET [19/03/2019 06:52:44] - |D| - [3323] - C:\WINDOWS\Migration [19/03/2019 06:52:44] - |D| - [0] - C:\WINDOWS\ModemLogs [MD5.F1139811BBF61362915958806AD30211] - [19/03/2019 06:45:00] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Bloc-notes.) - [181248] - (10.0.18362.1) - C:\WINDOWS\notepad.exe [19/03/2019 14:02:18] - |D| - [199472] - C:\WINDOWS\OCR [19/03/2019 06:52:44] - |RD| - [65] - C:\WINDOWS\Offline Web Pages [26/08/2019 15:31:14] - |DC| - [497649668] - C:\WINDOWS\Panther [19/03/2019 06:52:44] - |D| - [511363] - C:\WINDOWS\Performance [MD5.919D5D9D5FF40229D2081C30781D3B43] - [15/06/2018 13:59:31] - |A| - (.-.) - [576176] - (0.0.0.0) - C:\WINDOWS\PFRO.log [19/03/2019 06:52:44] - |D| - [1136442] - C:\WINDOWS\PLA [19/03/2019 06:52:44] - |D| - [2908500] - C:\WINDOWS\PolicyDefinitions [13/09/2019 17:38:10] - |D| - [13265029] - C:\WINDOWS\Prefetch [19/03/2019 06:52:44] - |RD| - [1997092] - C:\WINDOWS\PrintDialog [19/03/2019 06:52:44] - |D| - [5940574] - C:\WINDOWS\Provisioning [MD5.29409008DF22243BB320333F9FD5C060] - [19/03/2019 06:45:47] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Éditeur du Registre.) - [358400] - (10.0.18362.1) - C:\WINDOWS\regedit.exe [19/03/2019 06:52:44] - |D| - [1117876] - C:\WINDOWS\Registration [19/03/2019 06:52:44] - |D| - [5118504] - C:\WINDOWS\rescache [19/03/2019 06:52:44] - |D| - [3471899] - C:\WINDOWS\Resources [19/03/2019 06:52:44] - |D| - [0] - C:\WINDOWS\SchCache [19/03/2019 06:52:44] - |D| - [122082] - C:\WINDOWS\schemas [19/03/2019 06:52:44] - |D| - [6892618] - C:\WINDOWS\security [13/09/2019 18:27:15] - |D| - [71613749] - C:\WINDOWS\ServiceProfiles [19/03/2019 06:52:44] - |D| - [4096] - C:\WINDOWS\ServiceState [19/03/2019 06:37:22] - |D| - [554392634] - C:\WINDOWS\servicing [19/03/2019 06:56:38] - |D| - [37596] - C:\WINDOWS\Setup [MD5.5FB5E059E4EBBA8B9208BE0E4F82BC6A] - [13/09/2019 17:44:17] - |A| - (.-.) - [24316] - (0.0.0.0) - C:\WINDOWS\setupact.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - [13/09/2019 17:44:17] - |A| - (.-.) - [0] - (0.0.0.0) - C:\WINDOWS\setuperr.log [19/03/2019 06:52:44] - |D| - [7052288] - C:\WINDOWS\ShellComponents [19/03/2019 06:52:44] - |D| - [56039936] - C:\WINDOWS\ShellExperiences [21/07/2018 17:46:15] - |D| - [97307] - C:\WINDOWS\SHELLNEW [19/03/2019 06:52:44] - |D| - [3070736] - C:\WINDOWS\SKB [23/08/2017 16:13:03] - |D| - [383160272] - C:\WINDOWS\SoftwareDistribution [19/03/2019 06:52:44] - |D| - [86038209] - C:\WINDOWS\Speech [19/03/2019 06:52:44] - |D| - [63949381] - C:\WINDOWS\Speech_OneCore [MD5.DD8E5CAD821A7A4122D7FA0BF92512D6] - [13/09/2019 18:11:28] - |A| - (.© Microsoft Corporation. - Print driver host for applications.) - [132096] - (10.0.18362.239) - C:\WINDOWS\splwow64.exe [19/03/2019 06:52:44] - |D| - [31039] - C:\WINDOWS\System [MD5.286A9EDB379DC3423A528B0864A0F111] - [18/03/2017 23:03:33] - |A| - (.-.) - [219] - (0.0.0.0) - C:\WINDOWS\system.ini [19/03/2019 06:37:22] - |D| - [4337926555] - C:\WINDOWS\System32 [19/03/2019 06:52:45] - |D| - [212055986] - C:\WINDOWS\SystemApps [19/03/2019 06:52:46] - |D| - [187195349] - C:\WINDOWS\SystemResources [19/03/2019 06:52:46] - |D| - [1232095183] - C:\WINDOWS\SysWOW64 [19/03/2019 06:52:46] - |D| - [0] - C:\WINDOWS\TAPI [18/03/2017 23:03:29] - |D| - [2648] - C:\WINDOWS\Tasks [19/03/2019 06:52:46] - |D| - [109403914] - C:\WINDOWS\Temp [19/03/2019 06:52:46] - |D| - [13786112] - C:\WINDOWS\TextInput [19/03/2019 06:52:46] - |D| - [0] - C:\WINDOWS\tracing [19/03/2019 06:52:46] - |D| - [7680] - C:\WINDOWS\twain_32 [MD5.BC67755EBD59B2523C943F0D1A9982EF] - [19/03/2019 06:46:01] - |A| - (.- Gestionnaire de sources Twain_32 (Image Acquisition Interface).) - [64512] - (1.7.1.3) - C:\WINDOWS\twain_32.dll [19/03/2019 06:52:46] - |D| - [12420] - C:\WINDOWS\Vss [19/03/2019 06:52:46] - |D| - [33146] - C:\WINDOWS\WaaS [19/03/2019 06:52:46] - |D| - [16568315] - C:\WINDOWS\Web [MD5.919DAC5548D2000BFE3E43C0F74CE669] - [18/03/2017 23:03:33] - |A| - (.-.) - [167] - (0.0.0.0) - C:\WINDOWS\win.ini [MD5.C844CA459F3B209329984772269B6E56] - [19/03/2019 06:44:30] - |RAH| - (.-.) - [670] - (0.0.0.0) - C:\WINDOWS\WindowsShell.Manifest [MD5.2CC83D93DD1DDE691158CF5E9882420B] - [23/08/2017 16:13:04] - |A| - (.-.) - [276] - (0.0.0.0) - C:\WINDOWS\WindowsUpdate.log [MD5.CAA192BFDFB5F2A131EBD649B7062DE3] - [19/03/2019 06:46:01] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Relais Windows Winhlp32.) - [11776] - (10.0.18362.1) - C:\WINDOWS\winhlp32.exe [19/03/2019 06:37:22] - |D| - [10348568386] - C:\WINDOWS\WinSxS [MD5.E7E4D8D7340DA6934B9EA81CBB21374C] - [19/03/2019 06:58:10] - |A| - (.-.) - [316640] - (0.0.0.0) - C:\WINDOWS\WMSysPr9.prx [MD5.1D27F61CC5D659247D2E0C111C5386DE] - [19/03/2019 06:45:54] - |A| - (.© Microsoft Corporation. - Windows Write.) - [11264] - (10.0.18362.1) - C:\WINDOWS\write.exe ---------- | C:\WINDOWS\System32\GroupPolicy ---------- | Systemroot\System ---------- | Systemroot\Installer (Microsoft Files Whitelisted) [18/08/2019 12:34:49] - C:\WINDOWS\Installer\1184eb16.msi : (Backup and Sync from Google - Google, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [16/04/2019 11:04:45] - C:\WINDOWS\Installer\1a4ddc00.msi : (Avast Update Helper - AVAST Software) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/11/2015 22:17:52] - C:\WINDOWS\Installer\1b1a2f.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [20/03/2018 18:17:33] - C:\WINDOWS\Installer\1b3bb93e.msi : (MuseScore 2 - Werner Schweer and Others) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [22/08/2019 08:41:45] - C:\WINDOWS\Installer\25492b8f.msi : (Dropbox Update Helper - Dropbox, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [22/08/2019 11:41:37] - C:\WINDOWS\Installer\25eccbd3.msi : (Adobe ARM Installer - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/03/2015 10:41:29] - C:\WINDOWS\Installer\4134d83.msi : ( - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [24/09/2012 16:18:02] - C:\WINDOWS\Installer\4894a97.msi : ( - Avid Technology Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [24/08/2017 14:28:55] - C:\WINDOWS\Installer\4894a9d.msi : (AvidLicenseControl - Avid Technology, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [08/05/2017 16:11:06] - C:\WINDOWS\Installer\50e326f.msi : ([ProductName] Installer - Apple Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [02/11/2017 14:52:34] - C:\WINDOWS\Installer\666985dd.msi : (Java SE Runtime Environment 8 Update 151 - Oracle Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [13/10/2017 10:35:42] - C:\WINDOWS\Installer\77b921.msi : (Apple Mobile Device Support Installer - Apple Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/11/2017 16:45:30] - C:\WINDOWS\Installer\7b6aa9e3.msi : (Backup and Sync from Google - Google, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [23/01/2019 17:30:38] - C:\WINDOWS\Installer\9c43d5.msi : (Apple Application Support Installer - Apple Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [23/01/2019 17:30:44] - C:\WINDOWS\Installer\9c4855.msi : (Apple Application Support Installer - Apple Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [15/01/2019 04:47:16] - C:\WINDOWS\Installer\9c4a46.msi : (Apple Software Update Installer - Apple Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [05/03/2019 19:51:00] - C:\WINDOWS\Installer\9c608d.msi : (Java SE Runtime Environment 8 Update 201 - Oracle Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [05/03/2019 19:52:07] - C:\WINDOWS\Installer\9c6096.msi : (Java Auto Updater - Oracle Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [15/05/2019 11:52:21] - C:\WINDOWS\Installer\afcdcd8d.msi : (Google Update Helper - Google LLC) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [11/11/2014 10:49:56] - C:\WINDOWS\Installer\b403e.msi : (Branding - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/11/2015 22:17:44] - C:\WINDOWS\Installer\b4042.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/11/2015 22:14:30] - C:\WINDOWS\Installer\b4046.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/11/2015 22:14:38] - C:\WINDOWS\Installer\b404a.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/11/2015 22:14:48] - C:\WINDOWS\Installer\b404e.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/11/2015 22:14:56] - C:\WINDOWS\Installer\b4052.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/11/2015 22:15:04] - C:\WINDOWS\Installer\b4056.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/11/2015 22:15:14] - C:\WINDOWS\Installer\b405a.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/11/2015 22:15:22] - C:\WINDOWS\Installer\b405e.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/11/2015 22:15:30] - C:\WINDOWS\Installer\b4062.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/11/2015 22:15:40] - C:\WINDOWS\Installer\b4066.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/11/2015 22:15:48] - C:\WINDOWS\Installer\b406a.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/11/2015 22:15:56] - C:\WINDOWS\Installer\b406e.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/11/2015 22:16:04] - C:\WINDOWS\Installer\b4072.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/11/2015 22:16:14] - C:\WINDOWS\Installer\b4076.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/11/2015 22:16:22] - C:\WINDOWS\Installer\b407a.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/11/2015 22:16:30] - C:\WINDOWS\Installer\b407e.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/11/2015 22:16:40] - C:\WINDOWS\Installer\b4082.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/11/2015 22:16:48] - C:\WINDOWS\Installer\b4086.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/11/2015 22:16:56] - C:\WINDOWS\Installer\b408a.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/11/2015 22:17:04] - C:\WINDOWS\Installer\b408e.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/11/2015 22:17:14] - C:\WINDOWS\Installer\b4092.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/11/2015 22:17:22] - C:\WINDOWS\Installer\b4096.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/11/2015 22:17:30] - C:\WINDOWS\Installer\b409a.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/11/2015 22:18:10] - C:\WINDOWS\Installer\b409e.msi : (Catalyst Control Center Utility 64 - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/11/2015 22:19:04] - C:\WINDOWS\Installer\b40a2.msi : (AMD Fuel - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/11/2015 22:14:18] - C:\WINDOWS\Installer\b40a6.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [13/11/2018 06:24:12] - [3485696] - (.().-. - ()) - C:\WINDOWS\Installer\11200a.msp [23/01/2013 18:05:40] - [9765376] - (.().-. - ()) - C:\WINDOWS\Installer\113fe0cc.msp [01/11/2013 18:17:42] - [5009920] - (.().-. - ()) - C:\WINDOWS\Installer\113fe0e1.msp [11/08/2017 12:04:59] - [2031616] - (.().-. - ()) - C:\WINDOWS\Installer\1187de.msp [28/08/2017 18:40:46] - [2424832] - (.().-. - ()) - C:\WINDOWS\Installer\14d2e218.msp [08/10/2018 13:11:44] - [2174976] - (.().-. - ()) - C:\WINDOWS\Installer\196a319.msp [13/11/2017 06:26:16] - [23506944] - (.().-. - ()) - C:\WINDOWS\Installer\1c4ba81.msp [10/12/2018 08:52:51] - [44044288] - (.().-. - ()) - C:\WINDOWS\Installer\1ce4e1b.msp [20/02/2019 14:28:20] - [1986560] - (.().-. - ()) - C:\WINDOWS\Installer\1e54063.msp [09/07/2018 07:47:48] - [27000832] - (.().-. - ()) - C:\WINDOWS\Installer\233e9953.msp [25/02/2009 19:08:18] - [8311808] - (.().-. - ()) - C:\WINDOWS\Installer\23526d.msp [01/11/2011 13:34:26] - [1169920] - (.().-. - ()) - C:\WINDOWS\Installer\235282.msp [01/11/2011 13:34:28] - [2247168] - (.().-. - ()) - C:\WINDOWS\Installer\235297.msp [15/03/2012 02:24:28] - [1795584] - (.().-. - ()) - C:\WINDOWS\Installer\2352ac.msp [17/02/2012 08:45:24] - [2299392] - (.().-. - ()) - C:\WINDOWS\Installer\2352c0.msp [18/07/2012 15:46:48] - [593408] - (.().-. - ()) - C:\WINDOWS\Installer\2352d5.msp [25/07/2012 16:57:08] - [2532864] - (.().-. - ()) - C:\WINDOWS\Installer\2352ea.msp [19/12/2012 22:36:38] - [13662720] - (.().-. - ()) - C:\WINDOWS\Installer\2352ff.msp [08/05/2013 21:36:50] - [10943488] - (.().-. - ()) - C:\WINDOWS\Installer\235326.msp [01/11/2013 18:15:08] - [6185472] - (.().-. - ()) - C:\WINDOWS\Installer\23533b.msp [16/04/2014 08:41:38] - [7844864] - (.().-. - ()) - C:\WINDOWS\Installer\235350.msp [16/04/2014 08:40:26] - [7900672] - (.().-. - ()) - C:\WINDOWS\Installer\235365.msp [19/11/2014 08:45:32] - [11059200] - (.().-. - ()) - C:\WINDOWS\Installer\235379.msp [14/01/2015 22:35:04] - [10158080] - (.().-. - ()) - C:\WINDOWS\Installer\235391.msp [20/06/2015 03:57:20] - [13508608] - (.().-. - ()) - C:\WINDOWS\Installer\2353ab.msp [22/07/2015 09:07:40] - [5079040] - (.().-. - ()) - C:\WINDOWS\Installer\2353c0.msp [22/07/2015 09:10:44] - [10031104] - (.().-. - ()) - C:\WINDOWS\Installer\2353d5.msp [16/10/2015 21:26:34] - [8691712] - (.().-. - ()) - C:\WINDOWS\Installer\2353f2.msp [11/11/2015 22:32:34] - [8818688] - (.().-. - ()) - C:\WINDOWS\Installer\235407.msp [10/12/2015 11:57:36] - [24256512] - (.().-. - ()) - C:\WINDOWS\Installer\23541c.msp [10/02/2016 11:39:52] - [2584576] - (.().-. - ()) - C:\WINDOWS\Installer\235433.msp [10/02/2016 11:39:10] - [3665920] - (.().-. - ()) - C:\WINDOWS\Installer\23544b.msp [14/04/2016 08:01:50] - [5959680] - (.().-. - ()) - C:\WINDOWS\Installer\235460.msp [14/04/2016 08:00:42] - [11554816] - (.().-. - ()) - C:\WINDOWS\Installer\235475.msp [19/05/2016 04:14:28] - [4030464] - (.().-. - ()) - C:\WINDOWS\Installer\23548b.msp [13/07/2016 01:04:26] - [4911104] - (.().-. - ()) - C:\WINDOWS\Installer\2354a4.msp [27/10/2016 15:43:22] - [9019392] - (.().-. - ()) - C:\WINDOWS\Installer\2354b9.msp [14/03/2017 14:51:22] - [909312] - (.().-. - ()) - C:\WINDOWS\Installer\2354ce.msp [11/04/2017 23:25:46] - [9420800] - (.().-. - ()) - C:\WINDOWS\Installer\2354e3.msp [03/09/2017 02:08:26] - [9703424] - (.().-. - ()) - C:\WINDOWS\Installer\2354f8.msp [03/09/2017 02:09:52] - [5218304] - (.().-. - ()) - C:\WINDOWS\Installer\23550e.msp [03/09/2017 02:10:26] - [4997120] - (.().-. - ()) - C:\WINDOWS\Installer\235528.msp [03/09/2017 02:07:04] - [1142784] - (.().-. - ()) - C:\WINDOWS\Installer\235532.msp [05/09/2017 18:24:04] - [8134656] - (.().-. - ()) - C:\WINDOWS\Installer\235547.msp [26/10/2017 14:21:46] - [5144576] - (.().-. - ()) - C:\WINDOWS\Installer\23555c.msp [14/12/2017 15:50:44] - [102400] - (.().-. - ()) - C:\WINDOWS\Installer\235567.msp [25/01/2018 18:59:52] - [17022976] - (.().-. - ()) - C:\WINDOWS\Installer\23557c.msp [25/01/2018 19:06:22] - [12877824] - (.().-. - ()) - C:\WINDOWS\Installer\2355ab.msp [25/01/2018 19:07:20] - [1875968] - (.().-. - ()) - C:\WINDOWS\Installer\2355b4.msp [24/03/2018 15:17:44] - [10461184] - (.().-. - ()) - C:\WINDOWS\Installer\2355c9.msp [24/03/2018 15:18:34] - [9695232] - (.().-. - ()) - C:\WINDOWS\Installer\2355de.msp [24/03/2018 15:18:30] - [4341760] - (.().-. - ()) - C:\WINDOWS\Installer\2355f3.msp [24/03/2018 15:18:34] - [10539008] - (.().-. - ()) - C:\WINDOWS\Installer\235609.msp [12/08/2019 08:29:03] - [50438144] - (.().-. - ()) - C:\WINDOWS\Installer\25eccc98.msp [18/09/2018 10:10:59] - [4706304] - (.().-. - ()) - C:\WINDOWS\Installer\31b7fcbb.msp [10/12/2018 08:52:51] - [44044288] - (.().-. - ()) - C:\WINDOWS\Installer\3dc3e7c.msp [28/06/2011 21:27:28] - [4028928] - (.().-. - ()) - C:\WINDOWS\Installer\3f6df16.msp [28/06/2011 21:21:32] - [4637184] - (.().-. - ()) - C:\WINDOWS\Installer\3f802e5.msp [22/10/2018 15:33:19] - [2584576] - (.().-. - ()) - C:\WINDOWS\Installer\43d44c9d.msp [29/11/2017 12:42:28] - [1355776] - (.().-. - ()) - C:\WINDOWS\Installer\49ae14b2.msp [13/06/2019 14:38:00] - [2260992] - (.().-. - ()) - C:\WINDOWS\Installer\5086fc3.msp [23/02/2018 15:25:19] - [1343488] - (.().-. - ()) - C:\WINDOWS\Installer\585b05e4.msp [22/08/2019 13:14:18] - [2002944] - (.().-. - ()) - C:\WINDOWS\Installer\5c22613e.msp [21/07/2011 13:34:34] - [3456000] - (.().-. - ()) - C:\WINDOWS\Installer\62049ce4.msp [17/05/2016 18:56:42] - [2978304] - (.().-. - ()) - C:\WINDOWS\Installer\62049ced.msp [08/04/2019 08:22:42] - [7155712] - (.().-. - ()) - C:\WINDOWS\Installer\6688055.msp [13/08/2018 08:19:45] - [1441792] - (.().-. - ()) - C:\WINDOWS\Installer\72b849e2.msp [03/01/2019 11:17:04] - [1720320] - (.().-. - ()) - C:\WINDOWS\Installer\74e4391b.msp [11/02/2019 08:36:53] - [8757248] - (.().-. - ()) - C:\WINDOWS\Installer\7c275dfb.msp [15/09/2011 18:39:56] - [15017984] - (.().-. - ()) - C:\WINDOWS\Installer\a3078.msp [15/09/2011 18:40:24] - [33243648] - (.().-. - ()) - C:\WINDOWS\Installer\a309b.msp [15/09/2011 18:34:14] - [8499712] - (.().-. - ()) - C:\WINDOWS\Installer\a3207.msp [15/09/2011 18:35:04] - [1833984] - (.().-. - ()) - C:\WINDOWS\Installer\a3210.msp [15/09/2011 18:37:06] - [14140416] - (.().-. - ()) - C:\WINDOWS\Installer\a321a.msp [15/09/2011 18:38:04] - [10838528] - (.().-. - ()) - C:\WINDOWS\Installer\a3223.msp [15/09/2011 18:39:22] - [11163136] - (.().-. - ()) - C:\WINDOWS\Installer\a322d.msp [15/09/2011 18:40:36] - [7959552] - (.().-. - ()) - C:\WINDOWS\Installer\a3235.msp [15/09/2011 18:40:52] - [4760064] - (.().-. - ()) - C:\WINDOWS\Installer\a323d.msp [14/04/2009 04:56:48] - [10826752] - (.().-. - ()) - C:\WINDOWS\Installer\a3243.msp [07/05/2009 09:04:18] - [10289664] - (.().-. - ()) - C:\WINDOWS\Installer\a3249.msp [14/04/2009 03:46:40] - [7391744] - (.().-. - ()) - C:\WINDOWS\Installer\a324f.msp [13/07/2016 01:06:16] - [4984832] - (.().-. - ()) - C:\WINDOWS\Installer\a3264.msp [14/04/2009 04:22:04] - [7532544] - (.().-. - ()) - C:\WINDOWS\Installer\a326a.msp [13/05/2019 08:57:34] - [59400192] - (.().-. - ()) - C:\WINDOWS\Installer\afe063c2.msp [12/05/2018 08:05:37] - [7094272] - (.().-. - ()) - C:\WINDOWS\Installer\ff6e55c.msp ---------- | %System%\*.in* [19/03/2019 06:45:40] - [3329] - C:\WINDOWS\System32\ieuinit.inf [13/09/2019 18:06:16] - [1681870] - C:\WINDOWS\System32\PerfStringBackup.INI [19/03/2019 06:45:00] - [60124] - C:\WINDOWS\System32\tcpmon.ini [19/03/2019 06:44:30] - [2404] - C:\WINDOWS\System32\WimBootCompress.ini [19/03/2019 06:46:01] - [3329] - C:\WINDOWS\Syswow64\ieuinit.inf [19/03/2019 06:45:19] - [2404] - C:\WINDOWS\Syswow64\WimBootCompress.ini ---------- | Listing no Microsoft signed files (Not necessary Malwares) | system32 | Syswow64 | General scan [MD5.8BFE7D274F3A4ADD556386FD19E417A3] - |A| - [13/09/2019 18:00:03] - (.-.) - [33.66 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\adobegc.log [MD5.F9BE00810AE8A687DFA29CCE88B11788] - |A| - [14/09/2019 10:29:20] - (.-.) - [824 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\Appraiser_AlternateData.cab [MD5.862DEC5C27142824A394BC6464928F48] - |AT| - [17/09/2019 19:18:21] - (.-.) - [0.03 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\asw-ba8e9511-b206-402a-8ca7-9a0766652842.tmp [MD5.41925CB7396E5870A10290DCF364CDAA] - |A| - [13/09/2019 18:07:08] - (.-.) - [2.96 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\AvastBrowser_installer.log [MD5.00000000000000000000000000000000] - |D| - [13/09/2019 18:03:36] - [105369.42 Ko] - C:\WINDOWS\Temp\avast_ash2 [MD5.500A2AE2BA84D0774F17513D57726961] - |A| - [13/09/2019 18:06:13] - (.-.) - [2.7 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\chrome_installer.log [MD5.00000000000000000000000000000000] - |D| - [13/09/2019 18:06:21] - [0.04 Ko] - C:\WINDOWS\Temp\Crashpad [MD5.00000000000000000000000000000000] - |D| - [13/09/2019 18:00:07] - [88.19 Ko] - C:\WINDOWS\Temp\CreativeCloud [MD5.589AE0A0A85F7C1888860BB61ABEE66C] - |A| - [13/09/2019 17:52:02] - (.-.) - [4.26 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\dd_vcredist_amd64_20190913175202.log [MD5.F7120EFBF84AEBC0904F338BE9210977] - |A| - [13/09/2019 17:51:53] - (.-.) - [4.15 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\dd_vcredist_x86_20190913175153.log [MD5.00000000000000000000000000000000] - |D| - [17/09/2019 19:58:30] - [0 Ko] - C:\WINDOWS\Temp\DiagTrack_alternativeTrace [MD5.00000000000000000000000000000000] - |D| - [17/09/2019 19:58:30] - [0 Ko] - C:\WINDOWS\Temp\DiagTrack_aot [MD5.00000000000000000000000000000000] - |D| - [17/09/2019 19:58:30] - [0 Ko] - C:\WINDOWS\Temp\DiagTrack_diag [MD5.00000000000000000000000000000000] - |D| - [17/09/2019 19:58:30] - [0 Ko] - C:\WINDOWS\Temp\DiagTrack_miniTrace [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [13/09/2019 18:34:01] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\FXSAPIDebugLogFile.txt [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [13/09/2019 18:33:59] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\FXSTIFFDebugLogFile.txt [MD5.720197E5142F4C25F90E4E8CD174BF52] - |A| - [13/09/2019 18:31:04] - (.-.) - [26.93 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MpCmdRun.log [MD5.F323EC6E5B9185784CF9F302233C00F2] - |A| - [14/09/2019 10:55:33] - (.-.) - [38.48 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MpSigStub.log [MD5.00000000000000000000000000000000] - |D| - [15/09/2019 09:42:45] - [0 Ko] - C:\WINDOWS\Temp\MPTelemetrySubmit [MD5.B13AF738AA8BE55154B2752979D76827] - |A| - [13/09/2019 17:44:09] - (.-.) - [0.2 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\temBF9E.tmp [MD5.9134BA3EEBC98D9046BB262446004F82] - |A| - [15/09/2019 09:39:21] - (.-.) - [192 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_3F71.tmp [MD5.F8F9F8FD07F79475338DAF8D12A13220] - |A| - [15/09/2019 09:42:04] - (.-.) - [256 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_BD44.tmp [MD5.00000000000000000000000000000000] - |D| - [13/09/2019 19:30:50] - [0 Ko] - C:\WINDOWS\Temp\tw-2c58-26f8-5728db.tmp [MD5.00000000000000000000000000000000] - |D| - [13/09/2019 19:30:51] - [0 Ko] - C:\WINDOWS\Temp\tw-2c58-26f8-572b8d.tmp [MD5.00000000000000000000000000000000] - |D| - [13/09/2019 19:30:51] - [0 Ko] - C:\WINDOWS\Temp\tw-2c58-26f8-572bdd.tmp [MD5.00000000000000000000000000000000] - |D| - [13/09/2019 19:30:51] - [0 Ko] - C:\WINDOWS\Temp\tw-2c58-26f8-572bee.tmp [MD5.00000000000000000000000000000000] - |D| - [13/09/2019 19:30:51] - [0 Ko] - C:\WINDOWS\Temp\tw-2c58-26f8-572bf0.tmp [MD5.00000000000000000000000000000000] - |D| - [13/09/2019 19:30:51] - [0 Ko] - C:\WINDOWS\Temp\tw-2c58-26f8-572c12.tmp [MD5.00000000000000000000000000000000] - |D| - [13/09/2019 19:30:51] - [0 Ko] - C:\WINDOWS\Temp\tw-2c58-26f8-572cb0.tmp [MD5.00000000000000000000000000000000] - |D| - [13/09/2019 19:30:51] - [0 Ko] - C:\WINDOWS\Temp\tw-2c58-26f8-572d00.tmp [MD5.00000000000000000000000000000000] - |D| - [13/09/2019 19:30:51] - [0 Ko] - C:\WINDOWS\Temp\tw-2c58-26f8-572e4a.tmp [MD5.00000000000000000000000000000000] - |D| - [13/09/2019 19:30:51] - [0 Ko] - C:\WINDOWS\Temp\tw-2c58-26f8-572eba.tmp [MD5.00000000000000000000000000000000] - |D| - [13/09/2019 19:31:09] - [0 Ko] - C:\WINDOWS\Temp\tw-2c58-26f8-577421.tmp [MD5.00000000000000000000000000000000] - |D| - [13/09/2019 19:31:10] - [0 Ko] - C:\WINDOWS\Temp\tw-2c58-26f8-577675.tmp [MD5.00000000000000000000000000000000] - |D| - [13/09/2019 19:31:11] - [0 Ko] - C:\WINDOWS\Temp\tw-2c58-26f8-577a01.tmp [MD5.00000000000000000000000000000000] - |D| - [13/09/2019 19:31:11] - [0 Ko] - C:\WINDOWS\Temp\tw-2c58-26f8-577c26.tmp [MD5.00000000000000000000000000000000] - |D| - [13/09/2019 19:31:11] - [0 Ko] - C:\WINDOWS\Temp\tw-2c58-26f8-577c57.tmp [MD5.00000000000000000000000000000000] - |D| - [13/09/2019 19:31:11] - [0 Ko] - C:\WINDOWS\Temp\tw-2c58-26f8-577cd6.tmp [MD5.00000000000000000000000000000000] - |D| - [13/09/2019 19:31:11] - [0 Ko] - C:\WINDOWS\Temp\tw-2c58-26f8-577cd8.tmp [MD5.00000000000000000000000000000000] - |D| - [13/09/2019 19:31:11] - [0 Ko] - C:\WINDOWS\Temp\tw-2c58-26f8-577cea.tmp [MD5.00000000000000000000000000000000] - |D| - [13/09/2019 19:31:11] - [0 Ko] - C:\WINDOWS\Temp\tw-2c58-26f8-577d97.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 10:49:52] - [0 Ko] - C:\WINDOWS\Temp\tw-2c64-11b0-3a09007.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 10:49:53] - [0 Ko] - C:\WINDOWS\Temp\tw-2c64-11b0-3a091dd.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 10:49:53] - [0 Ko] - C:\WINDOWS\Temp\tw-2c64-11b0-3a0923d.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 10:49:53] - [0 Ko] - C:\WINDOWS\Temp\tw-2c64-11b0-3a0925e.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 10:49:53] - [0 Ko] - C:\WINDOWS\Temp\tw-2c64-11b0-3a0928f.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 10:49:53] - [0 Ko] - C:\WINDOWS\Temp\tw-2c64-11b0-3a092a1.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 10:49:53] - [0 Ko] - C:\WINDOWS\Temp\tw-2c64-11b0-3a092e1.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 10:49:53] - [0 Ko] - C:\WINDOWS\Temp\tw-2c64-11b0-3a09332.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 10:49:53] - [0 Ko] - C:\WINDOWS\Temp\tw-2c64-11b0-3a09362.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 10:49:53] - [0 Ko] - C:\WINDOWS\Temp\tw-2c64-11b0-3a09384.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 10:49:53] - [0 Ko] - C:\WINDOWS\Temp\tw-2c64-11b0-3a09395.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 10:49:53] - [0 Ko] - C:\WINDOWS\Temp\tw-2c64-11b0-3a093a7.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 10:49:53] - [0 Ko] - C:\WINDOWS\Temp\tw-2c64-11b0-3a093b9.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 10:49:53] - [0 Ko] - C:\WINDOWS\Temp\tw-2c64-11b0-3a093ca.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 10:49:53] - [0 Ko] - C:\WINDOWS\Temp\tw-2c64-11b0-3a093cc.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 10:49:53] - [0 Ko] - C:\WINDOWS\Temp\tw-2c64-11b0-3a093de.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 10:49:53] - [0 Ko] - C:\WINDOWS\Temp\tw-2c64-11b0-3a094f9.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 10:49:53] - [0 Ko] - C:\WINDOWS\Temp\tw-2c64-11b0-3a09559.tmp [MD5.00000000000000000000000000000000] - |D| - [14/09/2019 10:49:53] - [0 Ko] - C:\WINDOWS\Temp\tw-2c64-11b0-3a095b9.tmp [MD5.00000000000000000000000000000000] - |D| - [13/09/2019 18:28:24] - [0 Ko] - C:\WINDOWS\Temp\tw-450-454-1e0173.tmp [MD5.00000000000000000000000000000000] - |D| - [13/09/2019 18:28:24] - [0 Ko] - C:\WINDOWS\Temp\tw-450-454-1e01a3.tmp [MD5.00000000000000000000000000000000] - |D| - [13/09/2019 18:28:24] - [0 Ko] - C:\WINDOWS\Temp\tw-450-454-1e01b5.tmp [MD5.00000000000000000000000000000000] - |D| - [13/09/2019 18:28:24] - [0 Ko] - C:\WINDOWS\Temp\tw-450-454-1e01b7.tmp [MD5.00000000000000000000000000000000] - |D| - [13/09/2019 18:28:24] - [0 Ko] - C:\WINDOWS\Temp\tw-450-454-1e0207.tmp [MD5.00000000000000000000000000000000] - |D| - [13/09/2019 18:28:24] - [0 Ko] - C:\WINDOWS\Temp\tw-450-454-1e0219.tmp [MD5.00000000000000000000000000000000] - |D| - [13/09/2019 18:28:24] - [0 Ko] - C:\WINDOWS\Temp\tw-450-454-1e021b.tmp [MD5.00000000000000000000000000000000] - |D| - [13/09/2019 18:28:24] - [0 Ko] - C:\WINDOWS\Temp\tw-450-454-1e022c.tmp [MD5.00000000000000000000000000000000] - |D| - [13/09/2019 18:28:24] - [0 Ko] - C:\WINDOWS\Temp\tw-450-454-1e022e.tmp [MD5.00000000000000000000000000000000] - |D| - [13/09/2019 18:28:24] - [0 Ko] - C:\WINDOWS\Temp\tw-450-454-1e0240.tmp [MD5.00000000000000000000000000000000] - |D| - [13/09/2019 18:28:24] - [0 Ko] - C:\WINDOWS\Temp\tw-450-454-1e0242.tmp [MD5.00000000000000000000000000000000] - |D| - [13/09/2019 18:28:24] - [0 Ko] - C:\WINDOWS\Temp\tw-450-454-1e0244.tmp [MD5.00000000000000000000000000000000] - |D| - [13/09/2019 18:28:24] - [0 Ko] - C:\WINDOWS\Temp\tw-450-454-1e0256.tmp [MD5.00000000000000000000000000000000] - |D| - [13/09/2019 18:28:24] - [0 Ko] - C:\WINDOWS\Temp\tw-450-454-1e0258.tmp [MD5.00000000000000000000000000000000] - |D| - [13/09/2019 18:28:24] - [0 Ko] - C:\WINDOWS\Temp\tw-450-454-1e025a.tmp [MD5.00000000000000000000000000000000] - |D| - [13/09/2019 18:28:24] - [0 Ko] - C:\WINDOWS\Temp\tw-450-454-1e027b.tmp [MD5.00000000000000000000000000000000] - |D| - [13/09/2019 18:28:24] - [0 Ko] - C:\WINDOWS\Temp\tw-450-454-1e027d.tmp [MD5.00000000000000000000000000000000] - |D| - [13/09/2019 18:28:24] - [0 Ko] - C:\WINDOWS\Temp\tw-450-454-1e029e.tmp [MD5.00000000000000000000000000000000] - |D| - [13/09/2019 18:28:24] - [0 Ko] - C:\WINDOWS\Temp\tw-450-454-1e02b0.tmp [MD5.00000000000000000000000000000000] - |D| - [13/09/2019 17:58:22] - [0 Ko] - C:\WINDOWS\Temp\_avast_ [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 14:00:40] - [0 Ko] - C:\WINDOWS\System32\0409 [MD5.C652A5EA6545C98CE71684018E0640E7] - |A| - [19/03/2019 06:44:33] - (.-.) - [3.1 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@AdvancedKeySettingsNotification.png [MD5.D6F8DD9F561B8A67FFAC2BAD7E989770] - |A| - [19/03/2019 06:44:28] - (.-.) - [0.23 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@AppHelpToast.png [MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [19/03/2019 06:44:28] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@AudioToastIcon.png [MD5.8E4B25CC8E98F63DBD54176DFAB539E0] - |A| - [19/03/2019 06:44:03] - (.-.) - [0.44 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@BackgroundAccessToastIcon.png [MD5.3937359E324E15F6A7A7092D4DAEBD64] - |A| - [19/03/2019 06:44:47] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@bitlockertoastimage.png [MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [19/03/2019 06:44:47] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@EnrollmentToastIcon.png [MD5.C2A332DE50FE519DA21AFB8BD6E134F4] - |A| - [19/03/2019 06:44:52] - (.-.) - [0.55 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@language_notification_icon.png [MD5.A119D69B4C29845D3F8CE2E5638C8E65] - |A| - [19/03/2019 06:45:47] - (.-.) - [0.47 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@optionalfeatures.png [MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [19/03/2019 06:45:02] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@VpnToastIcon.png [MD5.79166EAF65485F1432DD72B72870026B] - |A| - [19/03/2019 06:45:32] - (.-.) - [190.86 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@windows-hello-V4.1.gif [MD5.13EF2C8D799F7B6E9D8E3D6BACB9C779] - |A| - [19/03/2019 06:45:32] - (.-.) - [0.7 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsHelloFaceToastIcon.png [MD5.F553B252FEC3134D4F5303D9B25298B3] - |A| - [19/03/2019 06:44:21] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsUpdateToastIcon.contrast-black.png [MD5.DAD405CBDE259DE527EBF71BCC28099C] - |A| - [19/03/2019 06:44:21] - (.-.) - [0.79 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsUpdateToastIcon.contrast-white.png [MD5.F553B252FEC3134D4F5303D9B25298B3] - |A| - [19/03/2019 06:44:21] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsUpdateToastIcon.png [MD5.DB71001FC261F6685BE410527DAE3942] - |A| - [19/03/2019 06:44:01] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WirelessDisplayToast.png [MD5.D0FCF781D0801ABF5F74B54E98076A5B] - |A| - [19/03/2019 06:44:12] - (.-.) - [0.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WwanNotificationIcon.png [MD5.85D91E478AF18125007C531227FF6E59] - |A| - [19/03/2019 06:44:12] - (.-.) - [0.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WwanSimLockIcon.png [MD5.31A16C523B62500F83C82217F056A538] - |A| - [19/03/2019 06:44:21] - (.-.) - [8.13 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ActiveHours.png [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [2751.51 Ko] - C:\WINDOWS\System32\AdvancedInstallers [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\af-ZA [MD5.0724FA8BCAF2725746F9BB4264989D96] - |A| - [19/03/2019 06:43:47] - (.-.) - [13 Ko] - (0.0.0.0) - C:\WINDOWS\System32\agentactivationruntimestarter.exe [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [5.97 Ko] - C:\WINDOWS\System32\am-et [MD5.4B10D8998C824DD84AD597F9E058F6F0] - |A| - [30/07/2015 21:58:04] - (.-.) - [171.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\amde31a.dat [MD5.C8EDC7EFDAE950D1939B9A7E863642C9] - |A| - [16/12/2015 20:07:34] - (.-.) - [208.48 Ko] - (0.0.0.0) - C:\WINDOWS\System32\amdgfxinfo64.dll [MD5.4A8EEFA45D4DE092F9FB557B196BFE0F] - |A| - [16/12/2015 20:07:34] - (.-.) - [139.98 Ko] - (0.0.0.0) - C:\WINDOWS\System32\amdhdl64.dll [MD5.DDEB20626133878B0CE79CCE29B031B9] - |A| - [23/07/2015 11:52:32] - (.-.) - [814.26 Ko] - (0.0.0.0) - C:\WINDOWS\System32\amdicdxx.dat [MD5.038A004CF76AFDC15FA70863D3DC345A] - |A| - [16/12/2015 20:07:34] - (.Advanced Micro Devices, Inc. Copyright (C) 2015 - LiquidVR SDK 1.0.) - [616.98 Ko] - (1.0.3.8) - C:\WINDOWS\System32\amdlvr64.dll [MD5.5D4ABEC64507FDAF954B867AF85ADA87] - |A| - [16/12/2015 20:07:36] - (.Copyright (C) 2013 AMD Inc. - Mantle driver, support for SI family and above.) - [6529.48 Ko] - (9.1.10.83) - C:\WINDOWS\System32\amdmantle64.dll [MD5.D2112F5468176F075FAB0B08A142DB6A] - |A| - [16/12/2015 20:06:50] - (.-.) - [460.27 Ko] - (0.0.0.0) - C:\WINDOWS\System32\amdmiracast.dll [MD5.A40AD832C19625AAE912E2C8F26686A7] - |A| - [16/12/2015 20:07:34] - (.Copyright (c) 2013 Advanced Micro Devices, Inc. - Radeon MMOCL Universal Driver.) - [57.98 Ko] - (1.6.0.0) - C:\WINDOWS\System32\amdmmcl6.dll [MD5.575504216F2DA99FFAC2DDA8470B2BC7] - |A| - [16/12/2015 20:07:40] - (.Copyright (C) 2011 Advanced Micro Devices Inc. - AMD COMPILER OpenCL 1.1 Compiler.) - [26898.98 Ko] - (0.8.0.0) - C:\WINDOWS\System32\amdocl12cl64.dll [MD5.64C031B2785EFA20232E64CE9A4ED8C8] - |A| - [16/12/2015 20:07:40] - (.Copyright (C) 2011 Advanced Micro Devices Inc. - AMD Accelerated Parallel Processing OpenCL 2.0 Runtime.) - [46673.98 Ko] - (10.0.1800.11) - C:\WINDOWS\System32\amdocl64.dll [MD5.2C121EDECF6F26ADA8E6B2D5316966A7] - |A| - [16/12/2015 20:07:36] - (.-.) - [1168 Ko] - (0.0.0.0) - C:\WINDOWS\System32\amdocl_as64.exe [MD5.10E49359190C5F9EC0287991260805D4] - |A| - [16/12/2015 20:07:36] - (.-.) - [1045.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\amdocl_ld64.exe [MD5.42B9C6DE9E3E4F0925AD58DAD8A86B7B] - |A| - [16/12/2015 20:06:50] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon PCOM Universal Driver.) - [85.94 Ko] - (8.14.10.23) - C:\WINDOWS\System32\amdpcom64.dll [MD5.0EF0E1F7B96736DA036A8FA3EC1A389A] - |A| - [16/12/2015 20:06:50] - (.Copyright (C) 2014-2015 AMD Inc. - amdxc64.dll.) - [9135.76 Ko] - (8.18.10.44) - C:\WINDOWS\System32\amdxc64.dll [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [0 Ko] - C:\WINDOWS\System32\AppLocker [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [2710.82 Ko] - C:\WINDOWS\System32\appraiser [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [355.5 Ko] - C:\WINDOWS\System32\ar-SA [MD5.A3FA2DD7B000AE0964395512E9C37E41] - |A| - [19/03/2019 06:45:35] - (.Copyright (c) libarchive authors - Windows-internal libarchive library.) - [607 Ko] - (3.3.2.0) - C:\WINDOWS\System32\archiveint.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\as-IN [MD5.80C04025EB23316D1E9CFCC3E8D52AC5] - |A| - [16/12/2015 20:07:38] - (.Copyright (C) 2008-2014 Advanced Micro Devices, Inc. - ADL.) - [1226.98 Ko] - (7.15.20.1301) - C:\WINDOWS\System32\atiadlxx.dll [MD5.4920154E53FDD2E1BB3B877E7CEEFEC7] - |A| - [04/11/2015 21:25:16] - (.-.) - [646.88 Ko] - (0.0.0.0) - C:\WINDOWS\System32\atiapfxx.blb [MD5.0789EC00F29DCC4A1441F876B81F15A7] - |A| - [16/12/2015 20:07:38] - (.Copyright (C) 2009 Advanced Micro Devices, Inc. - atiapfxx Application.) - [366.98 Ko] - (6.14.10.1001) - C:\WINDOWS\System32\atiapfxx.exe [MD5.3845FDD141F1658CF28A3A199C40ADAF] - |A| - [16/12/2015 20:07:38] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL compiler runtime.) - [62.98 Ko] - (6.14.10.1848) - C:\WINDOWS\System32\aticalcl64.dll [MD5.CDDD4CB320EDAAA9AACEFA117CB0F3FA] - |A| - [16/12/2015 20:07:40] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL DD.) - [15356.98 Ko] - (6.14.10.1848) - C:\WINDOWS\System32\aticaldd64.dll [MD5.2568D12AF17245F8D8413AC9A8B4EDA5] - |A| - [16/12/2015 20:07:40] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL runtime.) - [69.48 Ko] - (6.14.10.1848) - C:\WINDOWS\System32\aticalrt64.dll [MD5.8AE77361DA429B75CB56F20E2B1CA044] - |A| - [16/12/2015 20:06:50] - (.Copyright (C) 1998-2012 AMD Inc. - aticfx64.dll.) - [1445.13 Ko] - (8.17.10.1404) - C:\WINDOWS\System32\aticfx64.dll [MD5.0924FBECA5B233CCD3F89306D6EBBB50] - |A| - [16/12/2015 20:07:40] - (.2002-2012 - Graphics DEM.) - [440.48 Ko] - (4.5.5786.29424) - C:\WINDOWS\System32\atidemgy.dll [MD5.0301F99122692B658DA76145ACDB2F4B] - |A| - [16/12/2015 20:06:50] - (.Copyright (C) 1998-2011 AMD Inc. - atidxx64.dll.) - [11804.69 Ko] - (8.17.10.625) - C:\WINDOWS\System32\atidxx64.dll [MD5.B238026AACDDF5D78920DD46F4B8B9CC] - |A| - [16/12/2015 20:07:40] - (.-.) - [164.98 Ko] - (0.0.0.0) - C:\WINDOWS\System32\atieah64.exe [MD5.B3AB2D5B98E67EC56ED4EB9D2A3199BF] - |A| - [16/12/2015 20:07:40] - (.Copyright © 2008-2009 AMD - AMD External Events Client Module.) - [667.48 Ko] - (6.14.11.1199) - C:\WINDOWS\System32\atieclxx.exe [MD5.BBADD85854BFB5D43C60B7AC8EEA3DBA] - |A| - [16/12/2015 20:07:40] - (.Copyright © 2008-2009 AMD - AMD External Events Service Module.) - [249.48 Ko] - (6.14.11.1199) - C:\WINDOWS\System32\atiesrxx.exe [MD5.A400AAEA1E6FD94A3874066BA26AE257] - |A| - [16/12/2015 20:07:40] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiglpxx.dll.) - [81.98 Ko] - (8.14.1.6463) - C:\WINDOWS\System32\atig6pxx.dll [MD5.3C4EAA6E0C68E6B097F93D08034499FE] - |A| - [16/12/2015 20:07:40] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atigktxx.dll.) - [161.48 Ko] - (8.14.1.6463) - C:\WINDOWS\System32\atig6txx.dll [MD5.DFC371CDDD3FCD6C24E753298A41E759] - |A| - [16/12/2015 20:07:40] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiglpxx.dll.) - [76.48 Ko] - (8.14.1.6463) - C:\WINDOWS\System32\atiglpxx.dll [MD5.079EFFD5BECB418FE6596229B28D7324] - |A| - [06/11/2014 10:53:26] - (.-.) - [720.13 Ko] - (0.0.0.0) - C:\WINDOWS\System32\atiicdxx.dat [MD5.DDFF3EC23045E0B96D9B2212B0B00E31] - |A| - [16/12/2015 20:06:50] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon PCOM Universal Driver.) - [85.94 Ko] - (8.14.10.23) - C:\WINDOWS\System32\atimpc64.dll [MD5.9A407EF63E33D60BD607CA6DC917676F] - |A| - [16/12/2015 20:07:40] - (.Copyright ? 2009 AMD - Multi-language DPPE DLL.) - [37.48 Ko] - (6.14.10.1002) - C:\WINDOWS\System32\atimuixx.dll [MD5.3FC67270212EDDA9B0C3D1276930F830] - |A| - [16/12/2015 20:07:42] - (.Copyright (C) 1998-2011 Advanced Micro Devices, Inc. - AMD OpenGL driver.) - [30054.48 Ko] - (6.14.10.13399) - C:\WINDOWS\System32\atio6axx.dll [MD5.1F5F96AE1C39FC46275D120CB1C0CC7F] - |A| - [16/12/2015 20:07:40] - (.Copyright (C) 2008 - ATIODCLI Application.) - [58.48 Ko] - (1.0.0.1) - C:\WINDOWS\System32\ATIODCLI.exe [MD5.D9D76760A606AA2946757BA583538BA2] - |A| - [16/12/2015 20:07:40] - (.Copyright (C) 2008 - ATIODE Application.) - [333.48 Ko] - (1.0.0.1) - C:\WINDOWS\System32\ATIODE.exe [MD5.A273FBD6DCBB91434E33C1EC2404DFCC] - |A| - [16/12/2015 20:07:40] - (.Copy Right © 2012 Advanced Micro Devices, Inc - TMM Clone Control Module.) - [194.98 Ko] - (6.14.11.25) - C:\WINDOWS\System32\atitmm64.dll [MD5.DF30135A414649B0A8E8FAD0D61C13C1] - |A| - [16/12/2015 20:06:50] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiu9pag.dll.) - [127.02 Ko] - (8.14.1.6463) - C:\WINDOWS\System32\atiu9p64.dll [MD5.EAD4B31FE72D70F2BACFC915454E5BE2] - |A| - [16/12/2015 20:06:50] - (.Copyright (C) 1998-2011 AMD Inc. - atiumd64.dll.) - [8657.15 Ko] - (9.14.10.1128) - C:\WINDOWS\System32\atiumd64.dll [MD5.E40A33F1DD46469DCFFA4BD5117C61B1] - |A| - [04/11/2015 21:25:34] - (.-.) - [3357.06 Ko] - (0.0.0.0) - C:\WINDOWS\System32\atiumd6a.cap [MD5.839B5E291DAFB7C489306844AB2C9989] - |A| - [16/12/2015 20:06:52] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon Video Acceleration Universal Driver.) - [8771.91 Ko] - (8.14.10.513) - C:\WINDOWS\System32\atiumd6a.dll [MD5.25DB83722B01C0614679ACAC8C59D51A] - |A| - [16/12/2015 20:06:50] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiuxpag.dll.) - [158.43 Ko] - (8.14.1.6463) - C:\WINDOWS\System32\atiuxp64.dll [MD5.EFA5E3D55F1CC185BC690B7D79D015A9] - |A| - [24/07/2015 21:44:06] - (.-.) - [98.45 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ativce02.dat [MD5.B974290EEE645249EE212FF62DD0824A] - |A| - [30/07/2015 22:00:06] - (.-.) - [173.19 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ativce03.dat [MD5.5EBC73A78E5903E7CE6F6B25E4A6BE8F] - |A| - [29/05/2015 01:00:42] - (.-.) - [228.93 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ativvaxy_cik.dat [MD5.C55D2CBC17AAE1FBAC9135E7C31A4D31] - |A| - [29/05/2015 00:58:32] - (.-.) - [227.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ativvaxy_cik_nd.dat [MD5.0770A5AB5218E6D3134A7A7239B9A216] - |A| - [29/05/2015 01:21:32] - (.-.) - [249.81 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ativvaxy_cz_nd.dat [MD5.A81F68A0D3387A06182EFA3880D3F0BD] - |A| - [29/05/2015 01:17:24] - (.-.) - [245 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ativvaxy_FJ.dat [MD5.7EE8F6853798F7A900DB15F3054A0277] - |A| - [29/05/2015 01:15:12] - (.-.) - [243.25 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ativvaxy_FJ_nd.dat [MD5.11355CAC5334C8999211C09CAAE194EF] - |A| - [29/05/2015 01:10:58] - (.-.) - [315.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ativvaxy_vi.dat [MD5.3544D6AF6E0C9783C2CF6FA9CE42D520] - |A| - [29/05/2015 01:08:18] - (.-.) - [313.67 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ativvaxy_vi_nd.dat [MD5.7C163EDE63854539828F5B2C1BC529FD] - |A| - [04/11/2015 21:24:18] - (.-.) - [153.46 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ativvsva.dat [MD5.219D7091DD1D93728392337FE9C7ADD6] - |A| - [04/11/2015 21:24:18] - (.-.) - [200.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ativvsvl.dat [MD5.C03F0062C0749CDB59A4D60862C3E83E] - |A| - [19/03/2019 06:43:47] - (.-.) - [134.86 Ko] - (0.0.0.0) - C:\WINDOWS\System32\AverageRoom.bin [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\az-Latn-AZ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\be-BY [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [348 Ko] - C:\WINDOWS\System32\bg-BG [MD5.705628497C0012302212A46ADD463E6E] - |A| - [19/03/2019 06:43:45] - (.-.) - [8.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.contrast-black.png [MD5.F63C615733A3337BF2BEA96C6EE9B568] - |A| - [19/03/2019 06:43:45] - (.-.) - [8.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.contrast-high.png [MD5.705628497C0012302212A46ADD463E6E] - |A| - [19/03/2019 06:43:45] - (.-.) - [8.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.contrast-white.png [MD5.DAF1DCB4AEE839A1965F4CC160C49A53] - |A| - [19/03/2019 06:43:45] - (.-.) - [8.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.png [MD5.28ECA83D7F9D10D69E969675D1FF6725] - |A| - [19/03/2019 06:43:45] - (.-.) - [1.29 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothSystemToastIcon.contrast-white.png [MD5.A620186FF1CDE4EE117FC4CAD648B9CC] - |A| - [19/03/2019 06:43:45] - (.-.) - [1.2 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\bn-BD [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\bn-IN [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [5783.46 Ko] - C:\WINDOWS\System32\Boot [MD5.F039924EC1F65213898B4055D0FA4363] - |A| - [05/06/2018 12:12:50] - (.Copyright (C) Brother Industries. 1996-2013 - Brother MFC WIA minidriver(for 64Bit).) - [211.62 Ko] - (8.0.7.7) - C:\WINDOWS\System32\BrMf4Wia.dll [MD5.3F7C07E76D2E6253657905E2C43D1578] - |A| - [05/06/2018 12:12:50] - (.Copyright(C) 2008-2013 Brother Industries, Ltd. - Scanning module for Brother Scanner (64bit).) - [36.59 Ko] - (8.0.2.2) - C:\WINDOWS\System32\BrMfJDec.dll [MD5.B81B1D2E19B76615C50A34D2A1E1AC70] - |A| - [05/06/2018 12:12:52] - (.Copyright(C) 2001-2013 Brother Industries, Ltd. - USB STI device accessing module for Brother MFC(for 64Bit).) - [63.59 Ko] - (8.0.1.1) - C:\WINDOWS\System32\BrUs3Sti.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\bs-Latn-BA [MD5.6CC5FAF5A7B51609D0D2A90AC1202918] - |A| - [19/03/2019 06:44:29] - (.Copyright (C) 2008 - Gestionnaire de contexte pour réseau personnel Bluetooth.) - [182 Ko] - (1.0.0.1) - C:\WINDOWS\System32\BthpanContextHandler.dll [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [0.1 Ko] - C:\WINDOWS\System32\Bthprops [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\ca-ES [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\ca-ES-valencia [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:37:22] - [66815.84 Ko] - C:\WINDOWS\System32\CatRoot [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [53666.05 Ko] - C:\WINDOWS\System32\catroot2 [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\chr-CHER-US [MD5.7BDE885D471C6478B13E0C32418EEE20] - |A| - [16/12/2015 20:07:40] - (.-.) - [237.98 Ko] - (0.0.0.0) - C:\WINDOWS\System32\clinfo.exe [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [11.19 Ko] - C:\WINDOWS\System32\CodeIntegrity [MD5.6960C5F72730E6DBDEBF087553BFAEB5] - |A| - [16/12/2015 20:07:40] - (.AMD. - CoInstaller DLL.) - [853.98 Ko] - (1.0.5.9) - C:\WINDOWS\System32\coinst_15.20.dll [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [370 Ko] - C:\WINDOWS\System32\Com [MD5.535884123FABC2C15AA7DEC9834B55D4] - |A| - [19/03/2019 06:43:45] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ComputerToastIcon.contrast-white.png [MD5.89F92266DFC6F93961DFFBB2D6C61A15] - |A| - [19/03/2019 06:43:45] - (.-.) - [0.38 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ComputerToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:37:22] - [250970.06 Ko] - C:\WINDOWS\System32\config [MD5.00000000000000000000000000000000] - |SD| - [19/03/2019 06:52:45] - [53.11 Ko] - C:\WINDOWS\System32\Configuration [MD5.FDCF1790F100879ADF8F8684018FAAC0] - |A| - [14/09/2019 18:35:03] - (.-.) - [232.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\containerdevicemanagement.dll [MD5.CFB2928BD9AAF5F465214A8251E7AE20] - |A| - [24/08/2017 12:29:41] - (.-.) - [87.98 Ko] - (0.0.0.0) - C:\WINDOWS\System32\cpwmon64_v32.dll [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [405.5 Ko] - C:\WINDOWS\System32\cs-CZ [MD5.2419907A0BB9A14F1871F0BDA7F65578] - |A| - [13/09/2019 18:14:34] - (.© 1996 - 2017 Daniel Stenberg, . - The curl executable.) - [411.5 Ko] - (7.55.1.0) - C:\WINDOWS\System32\curl.exe [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\cy-GB [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [401.5 Ko] - C:\WINDOWS\System32\da-DK [MD5.B3E4FEC7C8AD9291722B49D0D63E6550] - |A| - [14/09/2019 18:33:53] - (.-.) - [146 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DataStoreCacheDumpTool.exe [MD5.3F509F194EC9D439ED44C07E30640B54] - |A| - [05/09/2019 14:18:06] - (.Dropbox, Inc. - Dropbox Service.) - [49.83 Ko] - (1.0.24.0) - C:\WINDOWS\System32\DbxSvc.exe [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [277.94 Ko] - C:\WINDOWS\System32\DDFs [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [456 Ko] - C:\WINDOWS\System32\de-DE [MD5.C04ED7B2794D40E8E777FD44ED44FC50] - |A| - [19/03/2019 06:44:03] - (.-.) - [0.36 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultAccountTile.png [MD5.618BA9E529EAB7E11DBA43469481835F] - |A| - [19/03/2019 06:43:47] - (.-.) - [4128.04 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultHrtfs.bin [MD5.664AA698FC0106A2B075A641E8DC6302] - |A| - [19/03/2019 06:49:38] - (.-.) - [0.84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultQuestions.json [MD5.1EBB7CDEFF042029D19485A4F1292E89] - |A| - [18/04/2016 10:35:08] - (.Advanced Micro Devices. - Delay Audio Processing Object.) - [110.74 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DelayAPO.dll [MD5.6C22EC440786D5E1EA69E0D53C4F3B4B] - |A| - [19/03/2019 06:44:45] - (.-.) - [35 Ko] - (0.0.0.0) - C:\WINDOWS\System32\deploymentcsphelper.exe [MD5.851A9305E14B348CA0D9C7FB75391FDB] - |A| - [19/03/2019 06:44:21] - (.-.) - [272.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DesktopKeepOnToastImg.gif [MD5.4A6FA3C0EFD237F104E09A22883D9388] - |A| - [19/03/2019 06:44:25] - (.-.) - [3.85 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DetailedReading-Default.xml [MD5.00000000000000000000000000000000] - |SD| - [19/03/2019 06:52:45] - [914.5 Ko] - C:\WINDOWS\System32\DiagSvcs [MD5.173D1EB779621B66784DCABEDF9AFB4F] - |A| - [19/03/2019 06:44:18] - (.-.) - [82.77 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DiskSnapshot.conf [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [9441.31 Ko] - C:\WINDOWS\System32\Dism [MD5.6AB2B935BF38EB13CFCB9506223FD6E7] - |A| - [19/03/2019 06:43:45] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DisplaySystemToastIcon.contrast-white.png [MD5.FF004E0B30E5E4EC747B3D8EF6E3B89E] - |A| - [19/03/2019 06:43:45] - (.-.) - [0.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DisplaySystemToastIcon.png [MD5.8D220B2451DFE2E17A95212D8E0C7B2E] - |A| - [19/03/2019 06:45:32] - (.-.) - [0.31 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DrtmAuth1.bin [MD5.13318050805A1AC2D4A4C534887AB007] - |A| - [19/03/2019 06:45:32] - (.-.) - [0.31 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DrtmAuth10.bin [MD5.54A4D2752B62FFE8A98E588DB906E799] - |A| - [19/03/2019 06:45:34] - (.-.) - [0.31 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DrtmAuth11.bin [MD5.FA7D32EB423DAC57B0AE079CCA87DE7A] - |A| - [19/03/2019 06:45:34] - (.-.) - [0.31 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DrtmAuth12.bin [MD5.3570691E603B87CC41363341E8348904] - |A| - [19/03/2019 06:45:32] - (.-.) - [0.31 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DrtmAuth2.bin [MD5.DF7C0D8374183AB5CA91C1204CA91A0B] - |A| - [19/03/2019 06:45:32] - (.-.) - [0.31 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DrtmAuth3.bin [MD5.46F4C31CFE6F93F9CA045DF5C1E23752] - |A| - [19/03/2019 06:45:32] - (.-.) - [0.31 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DrtmAuth4.bin [MD5.A88FC6AF11F7E33395C51F9D979FFDFB] - |A| - [19/03/2019 06:45:32] - (.-.) - [0.31 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DrtmAuth5.bin [MD5.91B60C6DB00407A19FB7B16C15C3B07E] - |A| - [19/03/2019 06:45:32] - (.-.) - [0.31 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DrtmAuth6.bin [MD5.8F40E6DF99054EF4DF58281867B404B3] - |A| - [19/03/2019 06:45:32] - (.-.) - [0.31 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DrtmAuth7.bin [MD5.681F63EA513534AFC3A881CF81D65DEF] - |A| - [19/03/2019 06:45:32] - (.-.) - [0.31 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DrtmAuth8.bin [MD5.F0259D2CCAC0734A7E83CD875179A6A8] - |A| - [19/03/2019 06:45:32] - (.-.) - [0.31 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DrtmAuth9.bin [MD5.00000000000000000000000000000000] - |SD| - [19/03/2019 06:52:45] - [161.5 Ko] - C:\WINDOWS\System32\dsc [MD5.2AC58918336D59AAAB91DBDB97FB3182] - |A| - [19/03/2019 06:44:30] - (.-.) - [2529.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\dwmscene.dll [MD5.DF84EB7B44D1414284BA384F0061D1DC] - |A| - [19/03/2019 06:43:47] - (.-.) - [728.08 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DynamicLong.bin [MD5.346870077DFD18867A9693C7A59AA3E6] - |A| - [19/03/2019 06:43:47] - (.-.) - [503.08 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DynamicMedium.bin [MD5.2BEC13D68312ADE8C0065D8BCC146D2F] - |A| - [19/03/2019 06:43:47] - (.-.) - [315.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DynamicShort.bin [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [461 Ko] - C:\WINDOWS\System32\el-GR [MD5.E54798F526AA8A73AD9A62E1527B55D2] - |A| - [11/12/2017 20:19:34] - (.-.) - [22.66 Ko] - (0.0.0.0) - C:\WINDOWS\System32\emptyregdb.dat [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 14:00:40] - [0 Ko] - C:\WINDOWS\System32\en [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [326 Ko] - C:\WINDOWS\System32\en-GB [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [1651.53 Ko] - C:\WINDOWS\System32\en-US [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [436 Ko] - C:\WINDOWS\System32\es-ES [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [361.5 Ko] - C:\WINDOWS\System32\es-MX [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [320 Ko] - C:\WINDOWS\System32\et-EE [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\eu-ES [MD5.00000000000000000000000000000000] - |SD| - [19/03/2019 06:52:45] - [16908.14 Ko] - C:\WINDOWS\System32\F12 [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\fa-IR [MD5.4DED57BD7ACB9B0EBBE82034EC44645A] - |A| - [19/03/2019 06:44:39] - (.-.) - [43.22 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FeatureToastBulldogImg.png [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [7.11 Ko] - C:\WINDOWS\System32\ff-Adlm-SN [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [406.5 Ko] - C:\WINDOWS\System32\fi-FI [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\fil-PH [MD5.8897C549F7070C5F9BC665E43C245539] - |A| - [13/09/2019 17:38:28] - (.-.) - [613.19 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FNTCACHE.DAT [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 14:00:40] - [3403.5 Ko] - C:\WINDOWS\System32\fr [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [371.5 Ko] - C:\WINDOWS\System32\fr-CA [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [46599.25 Ko] - C:\WINDOWS\System32\fr-FR [MD5.3C402FA88BB488B77A73428623B7825B] - |A| - [19/03/2019 06:45:49] - (.-.) - [167 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FsNVSDeviceSource.dll [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [0 Ko] - C:\WINDOWS\System32\FxsTmp [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\ga-IE [MD5.41FD64AE28A0C932CA7B2A250993D675] - |A| - [19/03/2019 06:43:45] - (.-.) - [1.45 Ko] - (0.0.0.0) - C:\WINDOWS\System32\GameSystemToastIcon.contrast-white.png [MD5.6DC77FD8B062264AF1C6DA325ABB7010] - |A| - [19/03/2019 06:43:45] - (.-.) - [1.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\GameSystemToastIcon.png [MD5.2E6AF4D5BF6E31E728F409984C3045D4] - |A| - [19/03/2019 06:45:50] - (.-.) - [86.7 Ko] - (0.0.0.0) - C:\WINDOWS\System32\gatherNetworkInfo.vbs [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\gd-GB [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\gl-ES [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\System32\GroupPolicy [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\System32\GroupPolicyUsers [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\gu-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\ha-Latn-NG [MD5.EA99A87E98D995DE6E280CF85CEAD413] - |A| - [19/03/2019 06:43:45] - (.-.) - [1.21 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HandwritingSystemToastIcon.contrast-white.png [MD5.B8E586ED92DB703FFA480E254996160E] - |A| - [19/03/2019 06:43:45] - (.-.) - [0.89 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HandwritingSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [329.5 Ko] - C:\WINDOWS\System32\he-IL [MD5.6E9E9D56B192B2995493E529CFF2BBFE] - |A| - [19/03/2019 06:43:45] - (.-.) - [1.43 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadphoneSystemToastIcon.contrast-white.png [MD5.7F1E9502267F778F3A8139C35A352190] - |A| - [19/03/2019 06:43:45] - (.-.) - [1.09 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadphoneSystemToastIcon.png [MD5.202A07E4526B050E22624328E64E0470] - |A| - [19/03/2019 06:43:45] - (.-.) - [1.52 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadsetSystemToastIcon.contrast-white.png [MD5.1892ACC10CAC009BCAC146AD650ABA58] - |A| - [19/03/2019 06:43:45] - (.-.) - [1.17 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadsetSystemToastIcon.png [MD5.031713BFD5F30E63336D3CA5D2767BE9] - |A| - [19/03/2019 06:43:45] - (.-.) - [1.79 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HealthSystemToastIcon.contrast-white.png [MD5.C1BD7976C99830E33A713D02374054EC] - |A| - [19/03/2019 06:43:45] - (.-.) - [1.62 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HealthSystemToastIcon.png [MD5.D6F7FB7B9386E0A029DCCD11DD84B15A] - |A| - [19/03/2019 06:44:11] - (.-.) - [260 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeatCore.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\hi-IN [MD5.71A2AAF8AABD783B751A0939BEDA3BFF] - |A| - [03/07/2015 20:33:36] - (.Copyright (C) 2010 - HPB Print Coinstaller.) - [312.51 Ko] - (1.0.0.4) - C:\WINDOWS\System32\hpbcoinsx64.dll [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [337 Ko] - C:\WINDOWS\System32\hr-HR [MD5.DF432871A485FD77E6C90197BE0B637D] - |A| - [16/12/2015 20:07:40] - (.-.) - [108.98 Ko] - (0.0.0.0) - C:\WINDOWS\System32\hsa-thunk64.dll [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [413.5 Ko] - C:\WINDOWS\System32\hu-HU [MD5.B4DE48A0333CD63B62CDC63B516D9902] - |A| - [19/03/2019 06:45:54] - (.-.) - [37.8 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HvSocket.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\hy-AM [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 14:02:58] - [158.57 Ko] - C:\WINDOWS\System32\Hydrogen [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [5.36 Ko] - C:\WINDOWS\System32\ias [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [36.27 Ko] - C:\WINDOWS\System32\icsxml [MD5.2E977573411A099BD0213832B7442F0E] - |A| - [13/09/2019 18:11:56] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Combined Library.) - [2267 Ko] - (63.1.0.0) - C:\WINDOWS\System32\icu.dll [MD5.D2A4919E61E99157AD2DE994795C0F83] - |RA| - [19/03/2019 06:44:15] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU I18N DLL.) - [24.5 Ko] - (63.1.0.0) - C:\WINDOWS\System32\icuin.dll [MD5.003EEDD728E2952E23DB9F6516B9194A] - |RA| - [19/03/2019 06:44:15] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Common DLL.) - [29 Ko] - (63.1.0.0) - C:\WINDOWS\System32\icuuc.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\id-ID [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\ig-NG [MD5.8CE43FCE353B86A81F67014B6EEE5143] - |A| - [19/03/2019 06:43:45] - (.-.) - [195.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\IHDS.dll [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [25976.29 Ko] - C:\WINDOWS\System32\IME [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [0 Ko] - C:\WINDOWS\System32\inetsrv [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [6775 Ko] - C:\WINDOWS\System32\InputMethod [MD5.8DE9AE82152650C178BF1E24014E8503] - |A| - [19/03/2019 06:43:45] - (.-.) - [1.25 Ko] - (0.0.0.0) - C:\WINDOWS\System32\InputSystemToastIcon.contrast-white.png [MD5.0B9FBD6F3ED617CD36D042D3422F1C2B] - |A| - [19/03/2019 06:43:45] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\InputSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [0 Ko] - C:\WINDOWS\System32\Ipmi [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\is-IS [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [435 Ko] - C:\WINDOWS\System32\it-IT [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [325.09 Ko] - C:\WINDOWS\System32\ja-jp [MD5.23AC7515B6D8A794BCC01B582F044078] - |A| - [19/03/2019 06:43:45] - (.-.) - [0.82 Ko] - (0.0.0.0) - C:\WINDOWS\System32\KeyboardSystemToastIcon.contrast-white.png [MD5.3DF873E16CCEA9B42857FB5FA085CB00] - |A| - [19/03/2019 06:43:45] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\KeyboardSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [532.61 Ko] - C:\WINDOWS\System32\Keywords [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\kk-KZ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\km-KH [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\kn-IN [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [298 Ko] - C:\WINDOWS\System32\ko-KR [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\kok-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\ku-Arab-IQ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\ky-KG [MD5.9451D4436E2EA67EB33FCC764E4AABED] - |A| - [19/03/2019 06:44:21] - (.-.) - [186.29 Ko] - (0.0.0.0) - C:\WINDOWS\System32\LaptopPlugInToastImg.gif [MD5.F0CC83E1BA7E24F9B3292160C28AECD7] - |A| - [19/03/2019 06:43:47] - (.-.) - [145.56 Ko] - (0.0.0.0) - C:\WINDOWS\System32\LargeRoom.bin [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\lb-LU [MD5.C15D2C94E3C94CEFE8DE6A9D36C35FD1] - |A| - [13/10/2016 21:55:18] - (.(C) 1991-2012 Logitech. - LDA Component Extensions (UNICODE).) - [2410.45 Ko] - (1.10.77.0) - C:\WINDOWS\System32\LdaCx2.dll [MD5.157FB82D7141B18624FF2D42190C97E1] - |A| - [19/03/2019 14:01:40] - (.-.) - [1572 Ko] - (2.6.5.1) - C:\WINDOWS\System32\libcrypto.dll [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [625.17 Ko] - C:\WINDOWS\System32\Licenses [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\lo-LA [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [39783.58 Ko] - C:\WINDOWS\System32\LogFiles [MD5.1F1E9FBB7FE7A39A84A061F6EF7003B4] - |A| - [13/10/2016 21:55:24] - (.Copyright © 2010-2012 Logitech. All Rights Reserved - Logitech Download Assistant.) - [3850.45 Ko] - (1.10.77.0) - C:\WINDOWS\System32\LogiLDA.DLL [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [335.5 Ko] - C:\WINDOWS\System32\lt-LT [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [333.5 Ko] - C:\WINDOWS\System32\lv-LV [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [30106.02 Ko] - C:\WINDOWS\System32\Macromed [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 14:02:25] - [32.68 Ko] - C:\WINDOWS\System32\MailContactsCalendarSync [MD5.9E881E4739C6BCAA98F2152CAFC3E059] - |A| - [16/12/2015 20:07:40] - (.Copyright (C) 2013 AMD Inc. - Mantle loader.) - [132.98 Ko] - (9.1.10.83) - C:\WINDOWS\System32\mantle64.dll [MD5.CE5A4E28D6423278DD8440404B6B5851] - |A| - [16/12/2015 20:07:40] - (.Copyright (C) 2013 AMD Inc. - Mantle extension library.) - [100.98 Ko] - (9.1.10.83) - C:\WINDOWS\System32\mantleaxl64.dll [MD5.F53CAB05B340E9C28028764995BC1071] - |A| - [19/03/2019 06:45:05] - (.-.) - [836.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MBR2GPT.EXE [MD5.F23EB28468FC8B62AF941308EC30387F] - |A| - [19/03/2019 06:43:45] - (.-.) - [1.25 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediaSystemToastIcon.contrast-white.png [MD5.6E27512E38D598E0A60F8E5ADCF032CD] - |A| - [19/03/2019 06:43:45] - (.-.) - [0.83 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediaSystemToastIcon.png [MD5.69D04DE701CF1E8CE69C65D1671D2B3F] - |A| - [19/03/2019 06:43:47] - (.-.) - [107.46 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediumRoom.bin [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\mi-NZ [MD5.00000000000000000000000000000000] - |D| - [13/09/2019 18:27:15] - [1115.47 Ko] - C:\WINDOWS\System32\Microsoft [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [5312.67 Ko] - C:\WINDOWS\System32\migration [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [46626.32 Ko] - C:\WINDOWS\System32\migwiz [MD5.08749DCC252AE1148E3BEA32B3FFFBFC] - |A| - [19/03/2019 06:46:18] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MixedRealityRuntime.json [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\mk-MK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\ml-IN [MD5.C8BF077B236ED2803347BD95DE29BF68] - |A| - [19/03/2019 06:49:39] - (.-.) - [3.03 Ko] - (0.0.0.0) - C:\WINDOWS\System32\mmc.exe.config [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\mn-MN [MD5.B43E43FFFDD0F06A6925C7C89594042B] - |A| - [19/03/2019 06:43:45] - (.-.) - [1.35 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MouseSystemToastIcon.contrast-white.png [MD5.5D2F0D3E50BF1129D260AC1405FF2A18] - |A| - [19/03/2019 06:43:45] - (.-.) - [1.06 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MouseSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\mr-IN [MD5.00000000000000000000000000000000] - |D| - [23/08/2017 19:46:43] - [0 Ko] - C:\WINDOWS\System32\MRT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\ms-MY [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [45.5 Ko] - C:\WINDOWS\System32\MSDRM [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [4228.28 Ko] - C:\WINDOWS\System32\MsDtc [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\mt-MT [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [6 Ko] - C:\WINDOWS\System32\MUI [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [45.64 Ko] - C:\WINDOWS\System32\my-mm [MD5.6B1E196C4E5CB30D6FF99CFA8F1F071D] - |A| - [19/03/2019 06:44:28] - (.-.) - [28.7 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NarratorControlTemplates.xml [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [396.5 Ko] - C:\WINDOWS\System32\nb-NO [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [0 Ko] - C:\WINDOWS\System32\NDF [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\ne-NP [MD5.15B3943454B87F9A442E3A9210EC6572] - |A| - [11/12/2017 19:47:01] - (.-.) - [66.45 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NetSetupMig.log [MD5.C146E873B22C3B300B21A859FE66C27A] - |A| - [19/03/2019 06:45:50] - (.-.) - [21.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NetTrace.PLA.Diagnostics.xml [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [51 Ko] - C:\WINDOWS\System32\networklist [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [431.5 Ko] - C:\WINDOWS\System32\nl-NL [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\nn-NO [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\nso-ZA [MD5.00000000000000000000000000000000] - |SD| - [19/03/2019 06:52:45] - [3781.5 Ko] - C:\WINDOWS\System32\Nui [MD5.2145E8D9F059A01AD670A8A0FE3B74BF] - |A| - [19/03/2019 14:02:58] - (.-.) - [18.46 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OEMDefaultAssociations.xml [MD5.F3DC097E834C1A11F2BEDFD429C644A9] - |A| - [19/03/2019 06:44:21] - (.-.) - [0.41 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.contrast-black.png [MD5.BFE1CCA08FEFC8A3422F7DA615567D75] - |A| - [19/03/2019 06:44:21] - (.-.) - [0.43 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.contrast-white.png [MD5.F3DC097E834C1A11F2BEDFD429C644A9] - |A| - [19/03/2019 06:44:21] - (.-.) - [0.41 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.png [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [14682.07 Ko] - C:\WINDOWS\System32\oobe [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 14:01:40] - [3554.5 Ko] - C:\WINDOWS\System32\OpenSSH [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\or-IN [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [3.81 Ko] - C:\WINDOWS\System32\osa-Osge-001 [MD5.459FB33AA2114A28C5932FEAA115B072] - |A| - [19/03/2019 06:43:47] - (.-.) - [45.82 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OutdoorAudioEnvironment.bin [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\pa-Arab-PK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\pa-IN [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [1728.68 Ko] - C:\WINDOWS\System32\PerceptionSimulation [MD5.2B8663C1B9297A929EF6C60299F3E7CB] - |A| - [19/03/2019 06:55:38] - (.-.) - [122.43 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc009.dat [MD5.68FBA18A54C646044515B8AF95506073] - |A| - [19/03/2019 14:00:42] - (.-.) - [138.73 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc00C.dat [MD5.1E60BC5E525063B96078DF17FBD3C4E1] - |A| - [19/03/2019 06:55:38] - (.-.) - [32.64 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd009.dat [MD5.9F9AF8517189B0D61B2615007E071084] - |A| - [19/03/2019 14:00:42] - (.-.) - [39.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd00C.dat [MD5.FD50769B2DCEDDA70C6F177D96B560CD] - |A| - [19/03/2019 06:55:38] - (.-.) - [650.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh009.dat [MD5.0DB21DC596D65338C0C399CB6C91C5E0] - |A| - [19/03/2019 14:00:42] - (.-.) - [737.64 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh00C.dat [MD5.EEDC8E7113E74A3248B6635A8E7DBEF2] - |A| - [13/09/2019 18:06:16] - (.-.) - [1642.45 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PerfStringBackup.INI [MD5.79D34E3B62076D4C875C748F5BE71ECA] - |A| - [19/03/2019 06:43:45] - (.-.) - [2.21 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PhoneSystemToastIcon.contrast-white.png [MD5.4D9495349D00D9AD907F227FF51F289F] - |A| - [19/03/2019 06:43:45] - (.-.) - [1.92 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PhoneSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [430 Ko] - C:\WINDOWS\System32\pl-PL [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [448 Ko] - C:\WINDOWS\System32\PointOfService [MD5.77D96999819206E9208DF12819E5DBA7] - |A| - [19/03/2019 06:44:12] - (.-.) - [42.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\pospaymentsworker.exe [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 14:00:41] - [420.74 Ko] - C:\WINDOWS\System32\Printing_Admin_Scripts [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [0 Ko] - C:\WINDOWS\System32\ProximityToast [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\prs-AF [MD5.007893E8374C766471239EB291BA8C17] - |A| - [19/03/2019 06:44:00] - (.-.) - [4.05 Ko] - (0.0.0.0) - C:\WINDOWS\System32\psmodulediscoveryprovider.mof [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [424 Ko] - C:\WINDOWS\System32\pt-BR [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [426.5 Ko] - C:\WINDOWS\System32\pt-PT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\quc-Latn-GT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\quz-PE [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [23.75 Ko] - C:\WINDOWS\System32\ras [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [0 Ko] - C:\WINDOWS\System32\RasToast [MD5.2210F24EDC6E80B1D311B2C3641DE9FA] - |A| - [13/09/2019 18:14:54] - (.-.) - [1983.5 Ko] - (1.0.1907.17001) - C:\WINDOWS\System32\rdpnano.dll [MD5.D8D02FD6073373A537FC0C1024E7C6DA] - |A| - [19/03/2019 06:43:47] - (.-.) - [60.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\rdsxvmaudio.dll [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [2.19 Ko] - C:\WINDOWS\System32\Recovery [MD5.826549DF7B1333179BA8CA939B12DAD3] - |A| - [19/03/2019 06:43:45] - (.-.) - [1.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RemoteSystemToastIcon.contrast-white.png [MD5.B4DEEC96F9DF6961D5DE054F11BF9C2B] - |A| - [19/03/2019 06:43:45] - (.-.) - [1.1 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RemoteSystemToastIcon.png [MD5.093F9EE0C00B452996E7837F1D7165E5] - |A| - [13/09/2019 18:14:23] - (.-.) - [107.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResBParser.dll [MD5.1FB4B6A26FEEF4A99B7D0ECD2ADDF075] - |A| - [19/03/2019 06:45:56] - (.-.) - [9.19 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriHMImageList [MD5.93915F385A4EED6C0FBEE364EA90CE56] - |A| - [19/03/2019 06:45:56] - (.-.) - [9.09 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriHMImageListLowCost [MD5.39BB5D2A5EC1CBDD722CAB7BDCEC41F5] - |A| - [19/03/2019 06:45:56] - (.-.) - [8.64 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriImageList [MD5.39A2449AFF6ABAD80B97EA7C7CEB3F8E] - |A| - [19/03/2019 06:45:56] - (.-.) - [8.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriImageListLowCost [MD5.831C579709F4761E4AB7053FCF4176EC] - |A| - [19/03/2019 06:44:21] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.contrast-black.png [MD5.DF286186041C6BF73C5DC21CEEEFFED5] - |A| - [19/03/2019 06:44:21] - (.-.) - [0.77 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.contrast-white.png [MD5.831C579709F4761E4AB7053FCF4176EC] - |A| - [19/03/2019 06:44:21] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.png [MD5.AE9FE55FED83149715734CB83339055A] - |A| - [19/03/2019 06:44:21] - (.-.) - [1.07 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartTonight_80.png [MD5.AE9FE55FED83149715734CB83339055A] - |A| - [19/03/2019 06:44:21] - (.-.) - [1.07 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartTonight_80_contrast-black.png [MD5.891AD355AB777A95695FC8A8A623A614] - |A| - [19/03/2019 06:44:21] - (.-.) - [0.98 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartTonight_80_contrast-white.png [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [0.07 Ko] - C:\WINDOWS\System32\restore [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [351 Ko] - C:\WINDOWS\System32\ro-RO [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [421.5 Ko] - C:\WINDOWS\System32\ru-RU [MD5.AA694008D3068ED546D9DF920BF5300D] - |A| - [19/03/2019 06:44:35] - (.-.) - [57.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\runexehelper.exe [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\rw-RW [MD5.5C18CD22BE4628865FCB63337A6E5EF6] - |A| - [19/03/2019 06:46:39] - (.-.) - [10.18 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScavengeSpace.xml [MD5.2F24BC74DCB28FE032C1596755385917] - |A| - [19/03/2019 06:44:21] - (.-.) - [0.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.contrast-black.png [MD5.E72B1B6800DE45AA9AE7E10F899E5999] - |A| - [19/03/2019 06:44:21] - (.-.) - [0.54 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.contrast-white.png [MD5.2F24BC74DCB28FE032C1596755385917] - |A| - [19/03/2019 06:44:21] - (.-.) - [0.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\sd-Arab-PK [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [6.92 Ko] - C:\WINDOWS\System32\SecureBootUpdates [MD5.A8308D2F3DDE0745E8B678BF69A2ECD0] - |A| - [19/03/2019 06:44:01] - (.-.) - [8 Ko] - (0.0.0.0) - C:\WINDOWS\System32\settings.dat [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [77.44 Ko] - C:\WINDOWS\System32\Sgrm [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [2370 Ko] - C:\WINDOWS\System32\ShellExperiences [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [23.7 Ko] - C:\WINDOWS\System32\si-lk [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [341 Ko] - C:\WINDOWS\System32\sk-SK [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [337.5 Ko] - C:\WINDOWS\System32\sl-SI [MD5.00000000000000000000000000000000] - |D| - [13/09/2019 17:38:44] - [4018.69 Ko] - C:\WINDOWS\System32\SleepStudy [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 14:00:41] - [52.14 Ko] - C:\WINDOWS\System32\slmgr [MD5.DAC275ABAAD2B689D7BB3685E4032072] - |A| - [19/03/2019 06:43:47] - (.-.) - [68.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SmallRoom.bin [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:37:22] - [13385.02 Ko] - C:\WINDOWS\System32\SMI [MD5.55121989BE7B289813D419BA0FDEE8B7] - |A| - [19/03/2019 06:44:21] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.contrast-black.png [MD5.E30B7D226E7B5B0EC2B9FC2316694ECC] - |A| - [19/03/2019 06:44:21] - (.-.) - [0.88 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.contrast-white.png [MD5.55121989BE7B289813D419BA0FDEE8B7] - |A| - [19/03/2019 06:44:21] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.png [MD5.DE3EAAF17BC934C77C4FC0C626EEA03B] - |A| - [19/03/2019 06:43:45] - (.-.) - [1.48 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SpeakersSystemToastIcon.contrast-white.png [MD5.3308374DB8D20CFDA4D4204E2B5E559E] - |A| - [19/03/2019 06:43:45] - (.-.) - [0.88 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SpeakersSystemToastIcon.png [MD5.CEDAB194F8B9DADA895371B4560B97F0] - |A| - [19/03/2019 06:45:54] - (.-.) - [38 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SpectrumSyncClient.dll [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [7558.3 Ko] - C:\WINDOWS\System32\Speech [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [12411.23 Ko] - C:\WINDOWS\System32\Speech_OneCore [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [98230.85 Ko] - C:\WINDOWS\System32\spool [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [5931.05 Ko] - C:\WINDOWS\System32\spp [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [23.61 Ko] - C:\WINDOWS\System32\sppui [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\sq-AL [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\sr-Cyrl-BA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\sr-Cyrl-RS [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [339 Ko] - C:\WINDOWS\System32\sr-Latn-RS [MD5.DC9450258D80F46AEF8EF063A7C629B0] - |A| - [19/03/2019 06:45:56] - (.-.) - [19.03 Ko] - (0.0.0.0) - C:\WINDOWS\System32\srms-apr.dat [MD5.763BCEE61F573235E1C60E80438AC301] - |A| - [13/09/2019 18:14:54] - (.-.) - [57.45 Ko] - (0.0.0.0) - C:\WINDOWS\System32\srms.dat [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [26584 Ko] - C:\WINDOWS\System32\sru [MD5.EBF15D23B92DE845AC8C952AE9153492] - |A| - [19/03/2019 06:43:47] - (.-.) - [443 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ssdm.dll [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [403.5 Ko] - C:\WINDOWS\System32\sv-SE [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\sw-KE [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:43] - [1389.12 Ko] - C:\WINDOWS\System32\Sysprep [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [939.78 Ko] - C:\WINDOWS\System32\SystemResetPlatform [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [10.73 Ko] - C:\WINDOWS\System32\ta-in [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [10.73 Ko] - C:\WINDOWS\System32\ta-lk [MD5.5F6B04A0EC5FE46FEEEC887406F63E57] - |A| - [19/03/2019 06:45:35] - (.Copyright (c) libarchive authors - bsdtar archive tool.) - [49.5 Ko] - (3.3.2.0) - C:\WINDOWS\System32\tar.exe [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [625.11 Ko] - C:\WINDOWS\System32\Tasks [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [583.55 Ko] - C:\WINDOWS\System32\Tasks_Migrated [MD5.D602CA245CC6774A0981B607F0675609] - |A| - [19/03/2019 06:45:00] - (.-.) - [58.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\tcpmon.ini [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\te-IN [MD5.364B8B76EBB95762632341E49F26144D] - |A| - [13/09/2019 18:11:53] - (.-.) - [1798 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TextInputMethodFormatter.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\tg-Cyrl-TJ [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [310.5 Ko] - C:\WINDOWS\System32\th-TH [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [5.97 Ko] - C:\WINDOWS\System32\ti-et [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\tk-TM [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\tn-ZA [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [394 Ko] - C:\WINDOWS\System32\tr-TR [MD5.B88B8D017386A00D7724519F475317A0] - |A| - [19/03/2019 06:43:54] - (.-.) - [10.33 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlan.xslt [MD5.2F05390B798363D51EBE65D6320CD45E] - |A| - [19/03/2019 06:43:54] - (.-.) - [1.65 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlanCredentials.xslt [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\tt-RU [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\ug-CN [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [337 Ko] - C:\WINDOWS\System32\uk-UA [MD5.B9A75ED4500DD953DF172FE6F63578E8] - |A| - [19/03/2019 06:43:49] - (.-.) - [53.67 Ko] - (0.0.0.0) - C:\WINDOWS\System32\umpdc.dll [MD5.00000000000000000000000000000000] - |SD| - [19/03/2019 06:52:45] - [1917.6 Ko] - C:\WINDOWS\System32\UNP [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\ur-PK [MD5.21B9D3543310B811B3F0DBE3838EEF12] - |A| - [19/03/2019 06:44:18] - (.-.) - [44.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\UsbPmApi.dll [MD5.BAB4BA3C107F89955FABD06688B232F0] - |A| - [13/09/2019 18:12:01] - (.-.) - [37 Ko] - (0.0.0.0) - C:\WINDOWS\System32\usocoreps.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\uz-Latn-UZ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\vi-VN [MD5.E9A66CB07CCDB9B99F084315E04FCBC7] - |A| - [19/03/2019 06:59:03] - (.-.) - [92.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\VirtualMonitorManager.dll [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [117935.01 Ko] - C:\WINDOWS\System32\wbem [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 14:00:41] - [0 Ko] - C:\WINDOWS\System32\WCN [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [28879.47 Ko] - C:\WINDOWS\System32\WDI [MD5.6EDD021A8B6457DDE09DE7B7FA4E8C8B] - |A| - [19/03/2019 06:44:30] - (.-.) - [0.6 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WdsUnattendTemplate.xml [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [1.12 Ko] - C:\WINDOWS\System32\WinBioDatabase [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [49316.93 Ko] - C:\WINDOWS\System32\WinBioPlugIns [MD5.8B956E4F6378335CC19BE3296A6C9B7E] - |A| - [19/03/2019 06:44:11] - (.-.) - [122 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WindowsDefaultHeatProcessor.dll [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [10277.1 Ko] - C:\WINDOWS\System32\WindowsPowerShell [MD5.28E98ED0B6B08B7F1D163FFD184B28AF] - |A| - [19/03/2019 06:44:39] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WindowsSecurityIcon.png [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [57600 Ko] - C:\WINDOWS\System32\winevt [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [6160.01 Ko] - C:\WINDOWS\System32\WinMetadata [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 14:00:41] - [107.56 Ko] - C:\WINDOWS\System32\winrm [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\wo-SN [MD5.1B46E2E85D401A629966A8F62D9B0775] - |A| - [19/03/2019 06:43:52] - (.-.) - [9.91 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpcatltoast.png [MD5.C30C621748C66CE751B19B2788559A3E] - |A| - [19/03/2019 06:43:52] - (.-.) - [4.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpcmon.png [MD5.69FEC1494F4C454E994D27CA6750832B] - |A| - [19/03/2019 06:44:35] - (.-.) - [0.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpr.config.xml [MD5.2DE2D263D2C5739AB4A37C5616ABA671] - |A| - [19/03/2019 06:44:03] - (.-.) - [97 Ko] - (0.0.0.0) - C:\WINDOWS\System32\xboxgipsynthetic.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\xh-ZA [MD5.F7B865265606C41B0E07779D3317E0A8] - |A| - [19/03/2019 06:44:21] - (.-.) - [0.61 Ko] - (0.0.0.0) - C:\WINDOWS\System32\X_80.contrast-black.png [MD5.6FF92221AF9D6CDF0966C4E44C367975] - |A| - [19/03/2019 06:44:21] - (.-.) - [0.57 Ko] - (0.0.0.0) - C:\WINDOWS\System32\X_80.contrast-white.png [MD5.F7B865265606C41B0E07779D3317E0A8] - |A| - [19/03/2019 06:44:21] - (.-.) - [0.61 Ko] - (0.0.0.0) - C:\WINDOWS\System32\X_80.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\yo-NG [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [287.99 Ko] - C:\WINDOWS\System32\zh-CN [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [258 Ko] - C:\WINDOWS\System32\zh-TW [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\zu-ZA [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 14:00:41] - [0 Ko] - C:\WINDOWS\SysWOW64\0409 [MD5.D6F8DD9F561B8A67FFAC2BAD7E989770] - |A| - [19/03/2019 06:45:19] - (.-.) - [0.23 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@AppHelpToast.png [MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [19/03/2019 06:45:19] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@AudioToastIcon.png [MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [19/03/2019 06:45:22] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@EnrollmentToastIcon.png [MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [19/03/2019 06:45:30] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@VpnToastIcon.png [MD5.DB71001FC261F6685BE410527DAE3942] - |A| - [19/03/2019 06:45:13] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@WirelessDisplayToast.png [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [1856.8 Ko] - C:\WINDOWS\SysWOW64\AdvancedInstallers [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\af-ZA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\am-ET [MD5.A373223DA7D8955471215CE5B1BDCD0B] - |A| - [16/12/2015 20:07:34] - (.-.) - [193.98 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\amdgfxinfo32.dll [MD5.4DC0A8630E9C94AC559BDA738D228C2E] - |A| - [16/12/2015 20:07:34] - (.-.) - [128.98 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\amdhdl32.dll [MD5.870A3E3F7F49E0F0EDA057DE539BAA5C] - |A| - [16/12/2015 20:07:34] - (.Advanced Micro Devices, Inc. Copyright (C) 2015 - LiquidVR SDK 1.0.) - [511.98 Ko] - (1.0.3.8) - C:\WINDOWS\SysWOW64\amdlvr32.dll [MD5.DB00A1EDAF063A00E715BC0D844A6C6B] - |A| - [16/12/2015 20:07:36] - (.Copyright (C) 2013 AMD Inc. - Mantle driver, support for SI family and above.) - [5093.98 Ko] - (9.1.10.83) - C:\WINDOWS\SysWOW64\amdmantle32.dll [MD5.4C2E47A3ED607193656C44974AEA4162] - |A| - [16/12/2015 20:07:34] - (.Copyright (c) 2013 Advanced Micro Devices, Inc. - Radeon MMOCL Universal Driver.) - [46.98 Ko] - (1.6.0.0) - C:\WINDOWS\SysWOW64\amdmmcl.dll [MD5.E1B9410B2167B9B438B4C14639AA9FBC] - |A| - [16/12/2015 20:07:40] - (.Copyright (C) 2011 Advanced Micro Devices Inc. - AMD Accelerated Parallel Processing OpenCL 2.0 Runtime.) - [38789.98 Ko] - (10.0.1800.11) - C:\WINDOWS\SysWOW64\amdocl.dll [MD5.9DEF1F5B37479CB6AD2DE70AC5606759] - |A| - [16/12/2015 20:07:38] - (.Copyright (C) 2011 Advanced Micro Devices Inc. - AMD COMPILER OpenCL 1.1 Compiler.) - [21803.98 Ko] - (0.8.0.0) - C:\WINDOWS\SysWOW64\amdocl12cl.dll [MD5.ECC282372DEB746231685280F96442DF] - |A| - [16/12/2015 20:07:38] - (.-.) - [980.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\amdocl_as32.exe [MD5.EBC93A124038127EAD6CD8F16558C26B] - |A| - [16/12/2015 20:07:36] - (.-.) - [788.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\amdocl_ld32.exe [MD5.7D5DED378BFDB41955AC460C4F396F1B] - |A| - [16/12/2015 20:06:50] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon PCOM Universal Driver.) - [79.26 Ko] - (8.14.10.23) - C:\WINDOWS\SysWOW64\amdpcom32.dll [MD5.A400CFF0E7618D3C96E6D3FB5C657E6B] - |A| - [16/12/2015 20:06:50] - (.Copyright (C) 2014-2015 AMD Inc. - amdxc32.dll.) - [7503.02 Ko] - (8.18.10.44) - C:\WINDOWS\SysWOW64\amdxc32.dll [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [0 Ko] - C:\WINDOWS\SysWOW64\AppLocker [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [174 Ko] - C:\WINDOWS\SysWOW64\ar-SA [MD5.7230E04E6BD86FFE4E1034D9B3B893A3] - |A| - [19/03/2019 06:45:59] - (.Copyright (c) libarchive authors - Windows-internal libarchive library.) - [520 Ko] - (3.3.2.0) - C:\WINDOWS\SysWOW64\archiveint.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\as-IN [MD5.760A16CB68AA94B46C13E778E2C40C42] - |A| - [16/12/2015 20:07:38] - (.Copyright (C) 2008-2014 Advanced Micro Devices, Inc. - ADL.) - [913.48 Ko] - (7.15.20.1301) - C:\WINDOWS\SysWOW64\atiadlxx.dll [MD5.760A16CB68AA94B46C13E778E2C40C42] - |A| - [16/12/2015 20:07:38] - (.Copyright (C) 2008-2014 Advanced Micro Devices, Inc. - ADL.) - [913.48 Ko] - (7.15.20.1301) - C:\WINDOWS\SysWOW64\atiadlxy.dll [MD5.4920154E53FDD2E1BB3B877E7CEEFEC7] - |A| - [04/11/2015 21:25:16] - (.-.) - [646.88 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\atiapfxx.blb [MD5.6C1E0FA435FF2BE03DAE57482D70229C] - |A| - [16/12/2015 20:07:38] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL compiler runtime.) - [56.48 Ko] - (6.14.10.1848) - C:\WINDOWS\SysWOW64\aticalcl.dll [MD5.0D5F02309668BB18B09CC3018870A21D] - |A| - [16/12/2015 20:07:40] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL DD.) - [13975.48 Ko] - (6.14.10.1848) - C:\WINDOWS\SysWOW64\aticaldd.dll [MD5.91EE47E5F262066C4FE15FCC2AFA76D0] - |A| - [16/12/2015 20:07:40] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL runtime.) - [59.48 Ko] - (6.14.10.1848) - C:\WINDOWS\SysWOW64\aticalrt.dll [MD5.4ED9AE1B6AB8786EF287A005223602AF] - |A| - [16/12/2015 20:06:50] - (.Copyright (C) 1998-2012 AMD Inc. - aticfx32.dll.) - [1194.87 Ko] - (8.17.10.1404) - C:\WINDOWS\SysWOW64\aticfx32.dll [MD5.1F31F81DDBCE62FF5ED9EEB84B36994A] - |A| - [16/12/2015 20:06:50] - (.Copyright (C) 1998-2011 AMD Inc. - atidxx32.dll.) - [9971.7 Ko] - (8.17.10.625) - C:\WINDOWS\SysWOW64\atidxx32.dll [MD5.07722BE5C09F174DE3C857A384EB7A19] - |A| - [16/12/2015 20:07:40] - (.-.) - [148.98 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\atieah32.exe [MD5.FAA5C0AE370B2B4727A4D3BAD2E9FA90] - |A| - [16/12/2015 20:07:40] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atigktxx.dll.) - [146.98 Ko] - (8.14.1.6463) - C:\WINDOWS\SysWOW64\atigktxx.dll [MD5.DFC371CDDD3FCD6C24E753298A41E759] - |A| - [16/12/2015 20:07:40] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiglpxx.dll.) - [76.48 Ko] - (8.14.1.6463) - C:\WINDOWS\SysWOW64\atiglpxx.dll [MD5.212E4467D3558D6CF999942FBF24249A] - |A| - [16/12/2015 20:06:50] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon PCOM Universal Driver.) - [79.26 Ko] - (8.14.10.23) - C:\WINDOWS\SysWOW64\atimpc32.dll [MD5.0A4ECF95D837EB9C7990FDAE92077765] - |A| - [16/12/2015 20:07:42] - (.Copyright (C) 1998-2011 Advanced Micro Devices, Inc. - AMD OpenGL driver.) - [24726.98 Ko] - (6.14.10.13399) - C:\WINDOWS\SysWOW64\atioglxx.dll [MD5.CBA05A6A2400D9EFB00E8D8CF2BDD1E5] - |A| - [16/12/2015 20:06:50] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiu9pag.dll.) - [109.73 Ko] - (8.14.1.6463) - C:\WINDOWS\SysWOW64\atiu9pag.dll [MD5.D7D303BC870752D4E6CE9D9453B16FE6] - |A| - [16/12/2015 20:06:50] - (.Copyright (C) 1998-2011 AMD Inc. - atiumdag.dll.) - [7307.19 Ko] - (9.14.10.1128) - C:\WINDOWS\SysWOW64\atiumdag.dll [MD5.A6D47DE75D4DA8B345193FD2456A4386] - |A| - [04/11/2015 21:21:02] - (.-.) - [3390.02 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\atiumdva.cap [MD5.EEBEC694FFBAEF4812DE8D10E924E597] - |A| - [16/12/2015 20:06:52] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon Video Acceleration Universal Driver.) - [7821.64 Ko] - (8.14.10.513) - C:\WINDOWS\SysWOW64\atiumdva.dll [MD5.DBA2A487CC1913B9C6F4CFF3422D46B1] - |A| - [16/12/2015 20:06:50] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiuxpag.dll.) - [139.7 Ko] - (8.14.1.6463) - C:\WINDOWS\SysWOW64\atiuxpag.dll [MD5.7C163EDE63854539828F5B2C1BC529FD] - |A| - [04/11/2015 21:24:18] - (.-.) - [153.46 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\ativvsva.dat [MD5.219D7091DD1D93728392337FE9C7ADD6] - |A| - [04/11/2015 21:24:18] - (.-.) - [200.15 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\ativvsvl.dat [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\az-Latn-AZ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\be-BY [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [147.5 Ko] - C:\WINDOWS\SysWOW64\bg-BG [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\bn-BD [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\bn-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\bs-Latn-BA [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [0.1 Ko] - C:\WINDOWS\SysWOW64\Bthprops [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\ca-ES [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\ca-ES-valencia [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [0 Ko] - C:\WINDOWS\SysWOW64\catroot [MD5.1B4896DDC817BEE0E20BA5BD8C76643A] - |A| - [23/08/2017 16:38:40] - (.-.) - [60.47 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\CCCInstall_201708231638404768.log [MD5.9A9095BAD29ABB2168797111419DC28F] - |A| - [11/12/2017 19:53:01] - (.-.) - [59.61 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\CCCInstall_201712111853016486.log [MD5.58D8A0C43709876C319A17DA541D40F6] - |A| - [11/12/2017 19:54:54] - (.-.) - [60.47 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\CCCInstall_201712111854548886.log [MD5.2BDECF1F671F58F9C70E0F81B91B78E4] - |A| - [28/05/2018 12:46:41] - (.-.) - [59.61 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\CCCInstall_201805281246410571.log [MD5.10B7866E51FF1F8733AFC6B0BA91774C] - |A| - [28/05/2018 12:48:24] - (.-.) - [60.47 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\CCCInstall_201805281248242067.log [MD5.B718542A9879D3B06E531E9042599772] - |A| - [13/09/2019 17:50:39] - (.-.) - [59.61 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\CCCInstall_201909131750396814.log [MD5.97DE2CCA51CCC41BA387216552DAE0F0] - |A| - [13/09/2019 17:52:46] - (.-.) - [60.47 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\CCCInstall_201909131752465527.log [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\chr-CHER-US [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [317 Ko] - C:\WINDOWS\SysWOW64\Com [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [2.06 Ko] - C:\WINDOWS\SysWOW64\config [MD5.00000000000000000000000000000000] - |SD| - [19/03/2019 06:52:46] - [53.11 Ko] - C:\WINDOWS\SysWOW64\Configuration [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [206 Ko] - C:\WINDOWS\SysWOW64\cs-CZ [MD5.1E02A122FE09272058FC1EF0B1B6265E] - |A| - [13/09/2019 18:15:00] - (.© 1996 - 2017 Daniel Stenberg, . - The curl executable.) - [377 Ko] - (7.55.1.0) - C:\WINDOWS\SysWOW64\curl.exe [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\cy-GB [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [207 Ko] - C:\WINDOWS\SysWOW64\da-DK [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [229 Ko] - C:\WINDOWS\SysWOW64\de-DE [MD5.C04ED7B2794D40E8E777FD44ED44FC50] - |A| - [19/03/2019 06:45:13] - (.-.) - [0.36 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\DefaultAccountTile.png [MD5.00000000000000000000000000000000] - |SD| - [19/03/2019 06:52:46] - [186 Ko] - C:\WINDOWS\SysWOW64\DiagSvcs [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [7413.73 Ko] - C:\WINDOWS\SysWOW64\Dism [MD5.1E91815C329345AD54FE08BF7A98F749] - |A| - [19/03/2019 14:01:34] - (.Copyright (C) 2017 - Gracenote SDK component.) - [4073.5 Ko] - (3.10.5.5585) - C:\WINDOWS\SysWOW64\gnsdk_fp.dll [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [0 Ko] - C:\WINDOWS\SysWOW64\GroupPolicy [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [0 Ko] - C:\WINDOWS\SysWOW64\GroupPolicyUsers [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\gu-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\ha-Latn-NG [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [166 Ko] - C:\WINDOWS\SysWOW64\he-IL [MD5.791F8E1C60E6466F93D792D375D8F1B5] - |A| - [19/03/2019 06:45:13] - (.-.) - [203.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\HeatCore.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\hi-IN [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [142.5 Ko] - C:\WINDOWS\SysWOW64\hr-HR [MD5.B1414C449CDF025115DDA1DD58A77381] - |A| - [16/12/2015 20:07:40] - (.-.) - [108.48 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\hsa-thunk.dll [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [212.5 Ko] - C:\WINDOWS\SysWOW64\hu-HU [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\hy-AM [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [36.27 Ko] - C:\WINDOWS\SysWOW64\icsxml [MD5.659B216490380FBE2DC77DECC203E5ED] - |A| - [13/09/2019 18:13:31] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Combined Library.) - [1849.5 Ko] - (63.1.0.0) - C:\WINDOWS\SysWOW64\icu.dll [MD5.1EAD0C642EF0B2692D44A206CAD63C74] - |RA| - [19/03/2019 06:45:16] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU I18N DLL.) - [24 Ko] - (63.1.0.0) - C:\WINDOWS\SysWOW64\icuin.dll [MD5.9D459E0C31117F3A841D2EA00F7BC99C] - |RA| - [19/03/2019 06:45:16] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Common DLL.) - [28.5 Ko] - (63.1.0.0) - C:\WINDOWS\SysWOW64\icuuc.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\id-ID [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\ig-NG [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [21339.25 Ko] - C:\WINDOWS\SysWOW64\IME [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [0 Ko] - C:\WINDOWS\SysWOW64\inetsrv [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [213 Ko] - C:\WINDOWS\SysWOW64\InputMethod [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [1160 Ko] - C:\WINDOWS\SysWOW64\InstallShield [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [0 Ko] - C:\WINDOWS\SysWOW64\Ipmi [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\is-IS [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [216.5 Ko] - C:\WINDOWS\SysWOW64\it-IT [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [154 Ko] - C:\WINDOWS\SysWOW64\ja-JP [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [02/09/2017 17:07:55] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\last.dump [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\lb-LU [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [625.17 Ko] - C:\WINDOWS\SysWOW64\Licenses [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\lo-LA [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [0 Ko] - C:\WINDOWS\SysWOW64\LogFiles [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [145.5 Ko] - C:\WINDOWS\SysWOW64\lt-LT [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [142 Ko] - C:\WINDOWS\SysWOW64\lv-LV [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [24632.91 Ko] - C:\WINDOWS\SysWOW64\Macromed [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 14:02:25] - [32.68 Ko] - C:\WINDOWS\SysWOW64\MailContactsCalendarSync [MD5.DAE24406C99B03DE3070FCA7B8823C68] - |A| - [16/12/2015 20:07:40] - (.Copyright (C) 2013 AMD Inc. - Mantle loader.) - [119.48 Ko] - (9.1.10.83) - C:\WINDOWS\SysWOW64\mantle32.dll [MD5.4B15FFE298E746FC8FE1718461C8527D] - |A| - [16/12/2015 20:07:40] - (.Copyright (C) 2013 AMD Inc. - Mantle extension library.) - [94.48 Ko] - (9.1.10.83) - C:\WINDOWS\SysWOW64\mantleaxl32.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\mi-NZ [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [2776.1 Ko] - C:\WINDOWS\SysWOW64\migration [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [812.8 Ko] - C:\WINDOWS\SysWOW64\migwiz [MD5.08749DCC252AE1148E3BEA32B3FFFBFC] - |A| - [19/03/2019 06:46:21] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\MixedRealityRuntime.json [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\mk-MK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\ml-IN [MD5.C8BF077B236ED2803347BD95DE29BF68] - |A| - [19/03/2019 06:49:45] - (.-.) - [3.03 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\mmc.exe.config [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\mn-MN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\mr-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\ms-MY [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [45.5 Ko] - C:\WINDOWS\SysWOW64\MSDRM [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [52.28 Ko] - C:\WINDOWS\SysWOW64\Msdtc [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\mt-MT [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [6 Ko] - C:\WINDOWS\SysWOW64\MUI [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [205.5 Ko] - C:\WINDOWS\SysWOW64\nb-NO [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [0 Ko] - C:\WINDOWS\SysWOW64\NDF [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\ne-NP [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [51 Ko] - C:\WINDOWS\SysWOW64\networklist [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [215.5 Ko] - C:\WINDOWS\SysWOW64\nl-NL [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\nn-NO [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\nso-ZA [MD5.00000000000000000000000000000000] - |SD| - [19/03/2019 06:52:46] - [3781.5 Ko] - C:\WINDOWS\SysWOW64\Nui [MD5.B3B9C8925432FDA674ACCA908FE3CFDE] - |A| - [19/03/2019 07:00:31] - (.-.) - [36.79 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\OneDrive.ico [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [751.8 Ko] - C:\WINDOWS\SysWOW64\oobe [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\or-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\pa-Arab-PK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\pa-IN [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [79 Ko] - C:\WINDOWS\SysWOW64\PerceptionSimulation [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [216.5 Ko] - C:\WINDOWS\SysWOW64\pl-PL [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 14:00:41] - [420.74 Ko] - C:\WINDOWS\SysWOW64\Printing_Admin_Scripts [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\prs-AF [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [214.5 Ko] - C:\WINDOWS\SysWOW64\pt-BR [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [215.5 Ko] - C:\WINDOWS\SysWOW64\pt-PT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\quc-Latn-GT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\quz-PE [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [23.75 Ko] - C:\WINDOWS\SysWOW64\ras [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [0 Ko] - C:\WINDOWS\SysWOW64\RasToast [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [0.82 Ko] - C:\WINDOWS\SysWOW64\Recovery [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [0 Ko] - C:\WINDOWS\SysWOW64\restore [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [147.5 Ko] - C:\WINDOWS\SysWOW64\ro-RO [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [214 Ko] - C:\WINDOWS\SysWOW64\ru-RU [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\rw-RW [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\sd-Arab-PK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\si-LK [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [143.5 Ko] - C:\WINDOWS\SysWOW64\sk-SK [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [143 Ko] - C:\WINDOWS\SysWOW64\sl-SI [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 14:00:41] - [52.14 Ko] - C:\WINDOWS\SysWOW64\slmgr [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [0 Ko] - C:\WINDOWS\SysWOW64\SMI [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [4039.3 Ko] - C:\WINDOWS\SysWOW64\Speech [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [8872.12 Ko] - C:\WINDOWS\SysWOW64\Speech_OneCore [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [1306.25 Ko] - C:\WINDOWS\SysWOW64\spp [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [23.61 Ko] - C:\WINDOWS\SysWOW64\sppui [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\sq-AL [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\sr-Cyrl-BA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\sr-Cyrl-RS [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [142 Ko] - C:\WINDOWS\SysWOW64\sr-Latn-RS [MD5.DC9450258D80F46AEF8EF063A7C629B0] - |A| - [19/03/2019 06:46:09] - (.-.) - [19.03 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\srms-apr.dat [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [0 Ko] - C:\WINDOWS\SysWOW64\sru [MD5.EC1C75518F1AFF370C27B0EB8B09E932] - |A| - [19/03/2019 06:45:07] - (.-.) - [323 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\ssdm.dll [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [207.5 Ko] - C:\WINDOWS\SysWOW64\sv-SE [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\sw-KE [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 14:00:41] - [0 Ko] - C:\WINDOWS\SysWOW64\sysprep [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\ta-IN [MD5.A3487FD8447683A4F74645C99E7CB255] - |A| - [19/03/2019 06:45:59] - (.Copyright (c) libarchive authors - bsdtar archive tool.) - [42.5 Ko] - (3.3.2.0) - C:\WINDOWS\SysWOW64\tar.exe [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [0 Ko] - C:\WINDOWS\SysWOW64\Tasks [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\te-IN [MD5.21C60C44D0511D809DD8A381C4CE4E4D] - |A| - [13/09/2019 18:13:15] - (.-.) - [1075.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\tg-Cyrl-TJ [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [129 Ko] - C:\WINDOWS\SysWOW64\th-TH [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\ti-ET [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\tk-TM [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\tn-ZA [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [201 Ko] - C:\WINDOWS\SysWOW64\tr-TR [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\tt-RU [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\ug-CN [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [145 Ko] - C:\WINDOWS\SysWOW64\uk-UA [MD5.6C0B99BB629982510C1DA46E47AE6F6D] - |A| - [19/03/2019 06:45:16] - (.-.) - [45.56 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\umpdc.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\ur-PK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\uz-Latn-UZ [MD5.CC7C694B2BD1510C5AAE7374A5B52B92] - |A| - [03/02/1999 07:45:42] - (.-.) - [26.46 Ko] - (2.0.0.5215) - C:\WINDOWS\SysWOW64\VBAFR32.OLB [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\vi-VN [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [15706.07 Ko] - C:\WINDOWS\SysWOW64\wbem [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 14:00:41] - [0 Ko] - C:\WINDOWS\SysWOW64\WCN [MD5.69E4DB68C3968DF92346FDF8477A3D1B] - |A| - [19/03/2019 06:45:13] - (.-.) - [104.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\WindowsDefaultHeatProcessor.dll [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [9128.89 Ko] - C:\WINDOWS\SysWOW64\WindowsPowerShell [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 14:00:41] - [107.56 Ko] - C:\WINDOWS\SysWOW64\winrm [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\wo-SN [MD5.246C62BF8A69AF9A9D1783F4548652BF] - |A| - [19/03/2019 06:45:13] - (.-.) - [62.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\xboxgipsynthetic.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\xh-ZA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\yo-NG [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [135.5 Ko] - C:\WINDOWS\SysWOW64\zh-CN [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [136 Ko] - C:\WINDOWS\SysWOW64\zh-TW [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\zu-ZA ---------- | [Public] [23/08/2017 16:42:52] - |RHD| - [196] - C:\Users\Public\AccountPictures [18/03/2017 23:03:29] - |RHD| - [1234] - C:\Users\Public\Desktop [19/03/2019 06:49:35] - |ASH| - [174] - C:\Users\Public\desktop.ini [18/03/2017 23:03:29] - |RD| - [2871053] - C:\Users\Public\Documents [18/03/2017 23:03:29] - |RD| - [174] - C:\Users\Public\Downloads [19/03/2019 06:52:44] - |RHD| - [1135] - C:\Users\Public\Libraries [18/03/2017 23:03:29] - |RD| - [380] - C:\Users\Public\Music [18/03/2017 23:03:29] - |RD| - [380] - C:\Users\Public\Pictures [18/03/2017 23:03:29] - |RD| - [380] - C:\Users\Public\Videos ---------- | [xbera] [11/12/2017 20:36:52] - |RD| - [298] - C:\Users\xbera\3D Objects [13/09/2019 17:51:03] - |HD| - [6286057039] - C:\Users\xbera\AppData [13/09/2019 17:51:04] - |SHD| - [0] - C:\Users\xbera\Application Data [23/08/2017 16:42:51] - |RD| - [412] - C:\Users\xbera\Contacts [13/09/2019 17:51:04] - |SHD| - [0] - C:\Users\xbera\Cookies [24/08/2017 11:59:20] - |RD| - [149] - C:\Users\xbera\Creative Cloud Files [23/08/2017 16:40:47] - |RD| - [22977553] - C:\Users\xbera\Desktop [23/08/2017 16:40:47] - |RD| - [36384513019] - C:\Users\xbera\Documents [23/08/2017 16:40:47] - |RD| - [622271230] - C:\Users\xbera\Downloads [23/08/2017 19:00:20] - |RD| - [3387044749] - C:\Users\xbera\Dropbox [23/08/2017 16:40:47] - |RD| - [690] - C:\Users\xbera\Favorites [03/10/2017 16:03:28] - |RD| - [12667517030] - C:\Users\xbera\Google Drive [27/08/2017 12:36:28] - |RD| - [122966294] - C:\Users\xbera\iCloudDrive [23/08/2017 16:40:47] - |RD| - [4702] - C:\Users\xbera\Links [13/09/2019 17:51:04] - |SHD| - [0] - C:\Users\xbera\Local Settings [13/09/2019 17:51:04] - |SHD| - [0] - C:\Users\xbera\Menu Démarrer [13/09/2019 17:51:04] - |SHD| - [0] - C:\Users\xbera\Mes documents [11/12/2017 20:38:41] - |HD| - [5257977] - C:\Users\xbera\MicrosoftEdgeBackups [13/09/2019 17:51:04] - |SHD| - [0] - C:\Users\xbera\Modèles [23/08/2017 16:40:47] - |RD| - [66583648] - C:\Users\xbera\Music [13/09/2019 17:51:03] - |AH| - [3670016] - C:\Users\xbera\NTUSER.DAT [13/09/2019 17:51:04] - |ASH| - [491520] - C:\Users\xbera\ntuser.dat.LOG1 [13/09/2019 17:51:04] - |ASH| - [262144] - C:\Users\xbera\ntuser.dat.LOG2 [13/09/2019 17:51:05] - |ASH| - [65536] - C:\Users\xbera\NTUSER.DAT{d4a34b01-d644-11e9-ae34-80ee732934a0}.TM.blf [13/09/2019 17:51:05] - |ASH| - [524288] - C:\Users\xbera\NTUSER.DAT{d4a34b01-d644-11e9-ae34-80ee732934a0}.TMContainer00000000000000000001.regtrans-ms [13/09/2019 17:51:05] - |ASH| - [524288] - C:\Users\xbera\NTUSER.DAT{d4a34b01-d644-11e9-ae34-80ee732934a0}.TMContainer00000000000000000002.regtrans-ms [13/09/2019 18:33:54] - |SH| - [20] - C:\Users\xbera\ntuser.ini [23/08/2017 16:46:45] - |RAD| - [1299578] - C:\Users\xbera\OneDrive [23/08/2017 16:40:47] - |RD| - [13212046276] - C:\Users\xbera\Pictures [13/09/2019 17:51:04] - |SHD| - [0] - C:\Users\xbera\Recent [23/08/2017 16:40:47] - |RD| - [282] - C:\Users\xbera\Saved Games [23/08/2017 16:42:52] - |RD| - [3053] - C:\Users\xbera\Searches [13/09/2019 17:51:04] - |SHD| - [0] - C:\Users\xbera\SendTo [23/08/2017 16:40:47] - |RD| - [650] - C:\Users\xbera\Videos [13/09/2019 17:51:04] - |SHD| - [0] - C:\Users\xbera\Voisinage d'impression [13/09/2019 17:51:04] - |SHD| - [0] - C:\Users\xbera\Voisinage réseau [13/09/2019 17:51:03] - |D| - [2680952600] - C:\Users\xbera\AppData\Local [23/08/2017 16:40:47] - |D| - [18107975] - C:\Users\xbera\AppData\LocalLow [13/09/2019 17:51:03] - |D| - [3586996464] - C:\Users\xbera\AppData\Roaming [24/08/2017 11:44:05] - |D| - [68645131] - C:\Users\xbera\AppData\Local\Adobe [24/08/2017 12:00:43] - |D| - [639091] - C:\Users\xbera\AppData\Local\AMD [27/08/2017 12:10:41] - |D| - [0] - C:\Users\xbera\AppData\Local\Apple [27/08/2017 12:13:07] - |D| - [115842] - C:\Users\xbera\AppData\Local\Apple Computer [27/08/2017 12:36:26] - |D| - [2389454] - C:\Users\xbera\AppData\Local\Apple Inc [13/09/2019 17:51:04] - |SHD| - [0] - C:\Users\xbera\AppData\Local\Application Data [13/09/2019 17:51:03] - |D| - [68897] - C:\Users\xbera\AppData\Local\ATI [08/06/2018 17:54:49] - |D| - [113110443] - C:\Users\xbera\AppData\Local\AVAST Software [23/08/2017 16:58:25] - |D| - [446149] - C:\Users\xbera\AppData\Local\CEF [23/08/2017 16:44:29] - |D| - [36200452] - C:\Users\xbera\AppData\Local\Comms [23/08/2017 16:42:29] - |D| - [7145968] - C:\Users\xbera\AppData\Local\ConnectedDevicesPlatform [02/07/2018 19:04:47] - |D| - [44814612] - C:\Users\xbera\AppData\Local\CrashDumps [10/01/2018 15:13:23] - |D| - [0] - C:\Users\xbera\AppData\Local\CrashRpt [03/09/2017 20:08:54] - |D| - [0] - C:\Users\xbera\AppData\Local\CutePDF Writer [16/06/2018 16:00:09] - |D| - [205548] - C:\Users\xbera\AppData\Local\D3DSCache [10/01/2018 15:12:35] - |D| - [0] - C:\Users\xbera\AppData\Local\Dassault Systemes [23/08/2017 16:51:34] - |D| - [0] - C:\Users\xbera\AppData\Local\DBG [26/07/2018 10:22:28] - |D| - [0] - C:\Users\xbera\AppData\Local\Diagnostics [24/08/2017 14:28:55] - |D| - [11010048] - C:\Users\xbera\AppData\Local\Downloaded Installations [23/08/2017 18:55:48] - |D| - [48401341] - C:\Users\xbera\AppData\Local\Dropbox [26/07/2018 10:27:07] - |D| - [129550] - C:\Users\xbera\AppData\Local\ElevatedDiagnostics [27/08/2017 12:37:03] - |D| - [1244160] - C:\Users\xbera\AppData\Local\FA806E94-D096-4C2F-B90A-71EE9A25907F.aplzod [25/08/2017 12:15:21] - |A| - [118904] - C:\Users\xbera\AppData\Local\GDIPFONTCACHEV1.DAT [28/05/2018 12:47:36] - |D| - [1283922578] - C:\Users\xbera\AppData\Local\Google [13/09/2019 17:51:04] - |SHD| - [0] - C:\Users\xbera\AppData\Local\Historique [09/09/2019 16:44:16] - |D| - [74108140] - C:\Users\xbera\AppData\Local\HiSuite [23/08/2017 19:37:40] - |D| - [0] - C:\Users\xbera\AppData\Local\HP [11/12/2017 20:45:22] - |AH| - [187393] - C:\Users\xbera\AppData\Local\IconCache.db.backup [13/10/2018 08:07:21] - |D| - [776360] - C:\Users\xbera\AppData\Local\mbam [13/10/2018 08:03:43] - |D| - [235676] - C:\Users\xbera\AppData\Local\mbamtray [19/06/2019 11:59:43] - |D| - [1405114] - C:\Users\xbera\AppData\Local\MesLivres [20/06/2019 13:30:29] - |D| - [2822356] - C:\Users\xbera\AppData\Local\MesLivresPro [13/09/2019 17:51:03] - |D| - [412483844] - C:\Users\xbera\AppData\Local\Microsoft [28/05/2018 12:47:36] - |D| - [310032] - C:\Users\xbera\AppData\Local\Microsoft Help [23/08/2017 16:52:37] - |D| - [68704] - C:\Users\xbera\AppData\Local\MicrosoftEdge [20/03/2018 18:23:40] - |D| - [51420] - C:\Users\xbera\AppData\Local\MuseScore [11/10/2018 17:33:40] - |D| - [0] - C:\Users\xbera\AppData\Local\OneDrive [05/10/2018 09:14:11] - |A| - [0] - C:\Users\xbera\AppData\Local\oobelibMkey.log [11/12/2017 19:55:57] - |D| - [141166404] - C:\Users\xbera\AppData\Local\Packages [13/09/2019 18:38:12] - |D| - [0] - C:\Users\xbera\AppData\Local\PackageStaging [29/03/2018 18:34:04] - |D| - [6068] - C:\Users\xbera\AppData\Local\PlaceholderTileLogoFolder [24/08/2017 12:29:34] - |D| - [0] - C:\Users\xbera\AppData\Local\Programs [23/08/2017 16:43:19] - |D| - [853060] - C:\Users\xbera\AppData\Local\Publishers [15/12/2017 15:04:54] - |D| - [2820] - C:\Users\xbera\AppData\Local\speech [13/09/2019 17:51:03] - |D| - [44746224] - C:\Users\xbera\AppData\Local\Temp [13/09/2019 17:51:04] - |SHD| - [0] - C:\Users\xbera\AppData\Local\Temporary Internet Files [21/07/2018 15:17:53] - |D| - [0] - C:\Users\xbera\AppData\Local\Tempzxpsign0bc81bbbecacc5dd [21/07/2018 12:26:35] - |D| - [0] - C:\Users\xbera\AppData\Local\Tempzxpsign0e847888601c0c80 [21/07/2018 11:55:31] - |D| - [0] - C:\Users\xbera\AppData\Local\Tempzxpsign0e8c7b17d0209fab [10/03/2018 12:15:02] - |D| - [0] - C:\Users\xbera\AppData\Local\Tempzxpsign0f38212d3dc897ad [05/12/2017 15:08:11] - |D| - [0] - C:\Users\xbera\AppData\Local\Tempzxpsign16e0e362fb51f2f2 [05/12/2017 15:13:22] - |D| - [0] - C:\Users\xbera\AppData\Local\Tempzxpsign1eed423bd13fe39d [22/11/2017 17:12:03] - |D| - [0] - C:\Users\xbera\AppData\Local\Tempzxpsign21a2c006e2cf7d5e [15/02/2018 19:05:17] - |D| - [0] - C:\Users\xbera\AppData\Local\Tempzxpsign2224f45c64b78a3d [20/07/2018 14:38:49] - |D| - [0] - C:\Users\xbera\AppData\Local\Tempzxpsign269f1db705c7d5d9 [12/07/2018 12:56:53] - |D| - [0] - C:\Users\xbera\AppData\Local\Tempzxpsign28f1863b1e2421b8 [20/07/2018 14:19:33] - |D| - [0] - C:\Users\xbera\AppData\Local\Tempzxpsign2b2363f2d935fa88 [21/07/2018 13:02:41] - |D| - [0] - C:\Users\xbera\AppData\Local\Tempzxpsign30593b2a4d9748af [05/12/2017 15:05:42] - |D| - [0] - C:\Users\xbera\AppData\Local\Tempzxpsign388fa5b3ec3e1b30 [09/05/2018 12:48:17] - |D| - [0] - C:\Users\xbera\AppData\Local\Tempzxpsign4172c94f86d1043b [16/06/2018 17:50:40] - |D| - [0] - C:\Users\xbera\AppData\Local\Tempzxpsign4b7672c9590ba629 [09/05/2018 12:49:25] - |D| - [0] - C:\Users\xbera\AppData\Local\Tempzxpsign4be29ec7f324727c [15/02/2018 19:05:17] - |D| - [0] - C:\Users\xbera\AppData\Local\Tempzxpsign4d919ea33111a818 [21/07/2018 15:19:01] - |D| - [0] - C:\Users\xbera\AppData\Local\Tempzxpsign59ecc266f288fe2d [26/07/2018 14:31:19] - |D| - [0] - C:\Users\xbera\AppData\Local\Tempzxpsign5a00bc573c904fc3 [15/02/2018 17:55:29] - |D| - [0] - C:\Users\xbera\AppData\Local\Tempzxpsign5b818f52bd48b6bc [14/09/2018 22:24:12] - |D| - [0] - C:\Users\xbera\AppData\Local\Tempzxpsign61baf03a68b495af [03/07/2018 21:08:34] - |D| - [0] - C:\Users\xbera\AppData\Local\Tempzxpsign662c17bc815a6a63 [16/06/2018 17:49:17] - |D| - [0] - C:\Users\xbera\AppData\Local\Tempzxpsign66e85569f6a86de6 [20/07/2018 14:12:50] - |D| - [0] - C:\Users\xbera\AppData\Local\Tempzxpsign6c45405eb37c3d46 [26/11/2018 17:34:57] - |D| - [0] - C:\Users\xbera\AppData\Local\Tempzxpsign6d7c2d2b290da98b [09/05/2018 12:49:26] - |D| - [0] - C:\Users\xbera\AppData\Local\Tempzxpsign75572512225cb52c [15/02/2018 17:56:06] - |D| - [0] - C:\Users\xbera\AppData\Local\Tempzxpsign7fc9d2e30a203e9a [09/05/2018 12:46:32] - |D| - [0] - C:\Users\xbera\AppData\Local\Tempzxpsign80baaa49155d5ee7 [17/03/2018 18:17:04] - |D| - [0] - C:\Users\xbera\AppData\Local\Tempzxpsign8119573b12b0b92c [26/07/2018 14:32:57] - |D| - [0] - C:\Users\xbera\AppData\Local\Tempzxpsign870a9bb10a79b558 [10/03/2018 12:15:02] - |D| - [0] - C:\Users\xbera\AppData\Local\Tempzxpsign8821636841b073c5 [15/02/2018 17:56:29] - |D| - [0] - C:\Users\xbera\AppData\Local\Tempzxpsign8c4c4399ea3e8a35 [05/12/2017 15:05:42] - |D| - [0] - C:\Users\xbera\AppData\Local\Tempzxpsign8cb3645418d638bd [12/07/2018 12:47:50] - |D| - [0] - C:\Users\xbera\AppData\Local\Tempzxpsign8fc1e1a3ea275ecb [12/07/2018 13:02:23] - |D| - [0] - C:\Users\xbera\AppData\Local\Tempzxpsign944a5b1ba66be4b7 [21/07/2018 12:36:37] - |D| - [0] - C:\Users\xbera\AppData\Local\Tempzxpsign9690bc99705d2c83 [20/07/2018 14:15:05] - |D| - [0] - C:\Users\xbera\AppData\Local\Tempzxpsign9913d1f0210b9476 [03/07/2018 21:11:30] - |D| - [0] - C:\Users\xbera\AppData\Local\Tempzxpsign9beb34aa3c363866 [21/07/2018 11:57:37] - |D| - [0] - C:\Users\xbera\AppData\Local\Tempzxpsign9ff9e76330d1e3f9 [22/11/2017 17:11:46] - |D| - [0] - C:\Users\xbera\AppData\Local\Tempzxpsigna0747b6d36876ad3 [11/10/2018 14:40:02] - |D| - [0] - C:\Users\xbera\AppData\Local\Tempzxpsigna4b7f22141ab2061 [30/01/2018 13:12:26] - |D| - [0] - C:\Users\xbera\AppData\Local\Tempzxpsigna68a686acec4a4eb [22/11/2017 17:12:48] - |D| - [0] - C:\Users\xbera\AppData\Local\Tempzxpsignb317858bc9108356 [20/07/2018 14:40:07] - |D| - [0] - C:\Users\xbera\AppData\Local\Tempzxpsignb3b580816a44f6dc [30/01/2018 13:12:27] - |D| - [0] - C:\Users\xbera\AppData\Local\Tempzxpsignb60ff24df66e617c [15/02/2018 19:05:17] - |D| - [0] - C:\Users\xbera\AppData\Local\Tempzxpsignb715c87f90679237 [04/07/2018 12:05:16] - |D| - [0] - C:\Users\xbera\AppData\Local\Tempzxpsignba633e652e583889 [03/07/2018 21:04:22] - |D| - [0] - C:\Users\xbera\AppData\Local\Tempzxpsigncaaf2ebedf774574 [20/07/2018 15:19:29] - |D| - [0] - C:\Users\xbera\AppData\Local\Tempzxpsigncb26da0112ae91a5 [26/07/2018 14:32:57] - |D| - [0] - C:\Users\xbera\AppData\Local\Tempzxpsigncf0e67b97216f108 [30/01/2018 13:12:33] - |D| - [0] - C:\Users\xbera\AppData\Local\Tempzxpsignd1b112d4e00e5211 [20/07/2018 14:25:30] - |D| - [0] - C:\Users\xbera\AppData\Local\Tempzxpsigndd32f40a795b9e1b [17/03/2018 18:15:47] - |D| - [0] - C:\Users\xbera\AppData\Local\Tempzxpsigne2f4e3d4c8195f47 [20/07/2018 14:40:40] - |D| - [0] - C:\Users\xbera\AppData\Local\Tempzxpsigne4e2818709825033 [05/12/2017 15:06:35] - |D| - [0] - C:\Users\xbera\AppData\Local\Tempzxpsigne536dbd4c8bbecd3 [14/09/2018 22:25:34] - |D| - [0] - C:\Users\xbera\AppData\Local\Tempzxpsigne81e6edca295d8da [22/11/2017 17:11:46] - |D| - [0] - C:\Users\xbera\AppData\Local\Tempzxpsigne852d87cc58b72bc [15/09/2018 10:40:33] - |D| - [0] - C:\Users\xbera\AppData\Local\Tempzxpsigned0361b5a63ea3b6 [03/07/2018 21:04:21] - |D| - [0] - C:\Users\xbera\AppData\Local\Tempzxpsignf018d373347f6688 [30/01/2018 13:13:52] - |D| - [0] - C:\Users\xbera\AppData\Local\Tempzxpsignf277ad5ae2992ef3 [11/10/2018 14:41:31] - |D| - [0] - C:\Users\xbera\AppData\Local\Tempzxpsignf4255b4cb0d746de [15/02/2018 17:55:29] - |D| - [0] - C:\Users\xbera\AppData\Local\Tempzxpsignfa88cf82a7071f44 [21/07/2018 12:58:19] - |D| - [0] - C:\Users\xbera\AppData\Local\Tempzxpsignfbe2676e9fd4e04b [23/08/2017 19:47:08] - |D| - [371015867] - C:\Users\xbera\AppData\Local\Thunderbird [23/08/2017 16:42:30] - |D| - [12104950] - C:\Users\xbera\AppData\Local\TileDataLayer [23/08/2017 16:42:34] - |D| - [0] - C:\Users\xbera\AppData\Local\VirtualStore [24/08/2017 12:00:30] - |D| - [17712441] - C:\Users\xbera\AppData\LocalLow\Adobe [23/08/2017 16:42:58] - |SD| - [377503] - C:\Users\xbera\AppData\LocalLow\Microsoft [23/08/2017 19:47:25] - |D| - [0] - C:\Users\xbera\AppData\LocalLow\Mozilla [02/11/2017 14:53:40] - |D| - [18031] - C:\Users\xbera\AppData\LocalLow\Sun [28/11/2017 12:54:42] - |D| - [0] - C:\Users\xbera\AppData\LocalLow\Temp [23/08/2017 16:42:43] - |D| - [192909517] - C:\Users\xbera\AppData\Roaming\Adobe [25/09/2018 12:29:19] - |D| - [58864741] - C:\Users\xbera\AppData\Roaming\AMS Software [27/08/2017 12:13:07] - |D| - [9720578] - C:\Users\xbera\AppData\Roaming\Apple Computer [13/09/2019 17:51:03] - |D| - [0] - C:\Users\xbera\AppData\Roaming\ATI [17/01/2018 12:57:14] - |D| - [19893] - C:\Users\xbera\AppData\Roaming\Audacity [23/08/2017 16:58:31] - |D| - [11944018] - C:\Users\xbera\AppData\Roaming\AVAST Software [24/08/2017 14:15:35] - |D| - [133102951] - C:\Users\xbera\AppData\Roaming\Avid [25/09/2018 12:29:21] - |D| - [8] - C:\Users\xbera\AppData\Roaming\Below [10/01/2018 15:11:21] - |D| - [5962128] - C:\Users\xbera\AppData\Roaming\DraftSight [23/08/2017 18:56:09] - |D| - [1334148] - C:\Users\xbera\AppData\Roaming\Dropbox [15/09/2018 23:22:55] - |D| - [271] - C:\Users\xbera\AppData\Roaming\dvdcss [02/11/2017 14:47:51] - |D| - [1582] - C:\Users\xbera\AppData\Roaming\eTeks [10/01/2018 15:35:44] - |D| - [0] - C:\Users\xbera\AppData\Roaming\Google [23/08/2017 18:49:54] - |D| - [0] - C:\Users\xbera\AppData\Roaming\Identities [24/08/2017 14:15:06] - |D| - [297] - C:\Users\xbera\AppData\Roaming\Leadertech [10/01/2018 15:35:01] - |D| - [2178] - C:\Users\xbera\AppData\Roaming\Macromedia [13/09/2019 17:51:03] - |SD| - [8596821] - C:\Users\xbera\AppData\Roaming\Microsoft [23/08/2017 19:47:17] - |D| - [0] - C:\Users\xbera\AppData\Roaming\Mozilla [20/03/2018 18:24:00] - |D| - [3546] - C:\Users\xbera\AppData\Roaming\MuseScore [03/09/2017 19:36:46] - |D| - [2844] - C:\Users\xbera\AppData\Roaming\PhotoFiltre 7 [23/08/2017 16:46:52] - |D| - [77] - C:\Users\xbera\AppData\Roaming\Skype [02/11/2017 14:53:34] - |D| - [0] - C:\Users\xbera\AppData\Roaming\Sun [19/06/2019 12:01:06] - |D| - [0] - C:\Users\xbera\AppData\Roaming\System [23/08/2017 19:47:07] - |D| - [3121237443] - C:\Users\xbera\AppData\Roaming\Thunderbird [23/08/2017 19:45:42] - |D| - [113886] - C:\Users\xbera\AppData\Roaming\vlc [24/08/2017 11:28:27] - |D| - [12] - C:\Users\xbera\AppData\Roaming\WinRAR [07/10/2018 16:53:25] - |D| - [43179525] - C:\Users\xbera\AppData\Roaming\Zoom [23/08/2017 16:42:52] - |SH| - [174] - C:\Users\xbera\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini [13/09/2019 17:51:04] - |SHD| - [0] - C:\Users\xbera\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes [23/08/2017 16:40:47] - |RD| - [41529] - C:\Users\xbera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [13/09/2019 17:51:03] - |RD| - [3888] - C:\Users\xbera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility [13/09/2019 17:51:03] - |RD| - [2925] - C:\Users\xbera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [23/08/2017 16:42:52] - |RD| - [174] - C:\Users\xbera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [23/08/2017 19:16:40] - |D| - [2693] - C:\Users\xbera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Applications Chrome [13/09/2019 17:51:04] - |SH| - [264] - C:\Users\xbera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini [24/08/2017 12:20:50] - |A| - [585] - C:\Users\xbera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk [27/08/2017 12:36:35] - |D| - [832] - C:\Users\xbera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iCloud [03/09/2017 20:25:36] - |A| - [578] - C:\Users\xbera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Images.lnk [13/09/2019 17:51:03] - |D| - [170] - C:\Users\xbera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [20/03/2018 18:23:17] - |D| - [2200] - C:\Users\xbera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MuseScore 2 [13/09/2019 17:51:04] - |A| - [1105] - C:\Users\xbera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk [03/09/2017 19:36:44] - |D| - [4676] - C:\Users\xbera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PhotoFiltre 7 [23/08/2017 16:42:52] - |RD| - [174] - C:\Users\xbera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [13/09/2019 17:51:03] - |RD| - [4913] - C:\Users\xbera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools [13/09/2019 17:51:03] - |RD| - [7754] - C:\Users\xbera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell [23/08/2017 19:10:29] - |D| - [4561] - C:\Users\xbera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [23/08/2017 19:43:03] - |D| - [0] - C:\Users\xbera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinZip 21.5 [07/10/2018 16:53:35] - |D| - [4037] - C:\Users\xbera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom [23/08/2017 16:42:52] - |SH| - [174] - C:\Users\xbera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | C:\ProgramData [24/08/2017 11:48:03] - |D| - [1000616445] - C:\ProgramData\Adobe [27/08/2017 12:09:31] - |D| - [107697619] - C:\ProgramData\Apple [27/08/2017 12:11:56] - |D| - [158762213] - C:\ProgramData\Apple Computer [13/09/2019 18:32:25] - |SHD| - [0] - C:\ProgramData\Application Data [13/09/2019 18:46:13] - |D| - [188] - C:\ProgramData\ATI [23/08/2017 16:56:08] - |D| - [1046073] - C:\ProgramData\AVAST Software [24/08/2017 14:15:38] - |D| - [267361676] - C:\ProgramData\Avid [23/08/2017 16:09:52] - |SHD| - [0] - C:\ProgramData\Bureau [13/09/2019 18:32:25] - |SHD| - [0] - C:\ProgramData\Documents [23/08/2017 18:55:48] - |D| - [9380160] - C:\ProgramData\Dropbox [10/01/2018 15:35:44] - |D| - [0] - C:\ProgramData\Google [23/08/2017 16:46:06] - |D| - [0] - C:\ProgramData\HP [15/10/2018 19:32:50] - |D| - [820] - C:\ProgramData\Logs [15/02/2018 13:46:05] - |D| - [100394343] - C:\ProgramData\Malwarebytes [23/08/2017 16:09:53] - |SHD| - [0] - C:\ProgramData\Menu Démarrer [19/03/2019 06:52:44] - |SD| - [850200283] - C:\ProgramData\Microsoft [23/08/2017 18:34:37] - |D| - [66590] - C:\ProgramData\Microsoft Help [13/09/2019 18:42:46] - |D| - [0] - C:\ProgramData\Microsoft OneDrive [23/08/2017 16:09:53] - |SHD| - [0] - C:\ProgramData\Modèles [02/11/2017 14:37:41] - |D| - [72304836] - C:\ProgramData\Oracle [23/08/2017 16:38:10] - |D| - [57260793] - C:\ProgramData\Package Cache [21/06/2018 11:04:26] - |D| - [163840] - C:\ProgramData\Packages [24/08/2017 14:29:37] - |D| - [0] - C:\ProgramData\Pinnacle [24/08/2017 12:23:07] - |D| - [1698] - C:\ProgramData\regid.1986-12.com.adobe [19/03/2019 06:52:44] - |D| - [995] - C:\ProgramData\regid.1991-06.com.microsoft [19/03/2019 06:52:44] - |D| - [0] - C:\ProgramData\SoftwareDistribution [13/09/2018 11:54:33] - |D| - [4] - C:\ProgramData\TEMP [23/08/2017 19:42:29] - |D| - [294] - C:\ProgramData\UniqueId [19/03/2019 06:52:44] - |D| - [9425] - C:\ProgramData\USOPrivate [13/09/2019 17:47:51] - |D| - [1482752] - C:\ProgramData\USOShared [19/03/2019 14:02:58] - |D| - [0] - C:\ProgramData\WindowsHolographicDevices [23/08/2017 19:43:10] - |AD| - [9446] - C:\ProgramData\WinZip ---------- | C:\ProgramData\Microsoft\Windows\Start Menu [19/03/2019 06:49:34] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini [23/08/2017 16:09:53] - |SHD| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programmes [19/03/2019 06:52:44] - |D| - [159770] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs [19/03/2019 06:52:44] - |RD| - [1614] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility [19/03/2019 06:52:44] - |RD| - [14299] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories [24/08/2017 12:33:58] - |A| - [2457] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk [19/03/2019 06:52:44] - |RD| - [22954] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [24/08/2017 11:50:18] - |A| - [1298] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk [24/08/2017 11:57:55] - |A| - [1073] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign CC 2017.lnk [24/08/2017 12:11:55] - |A| - [1085] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2017.lnk [13/09/2019 17:52:46] - |D| - [4369] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center [27/08/2017 12:10:40] - |A| - [2535] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [17/01/2018 12:41:44] - |A| - [1088] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk [16/04/2019 11:06:58] - |A| - [2496] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk [24/08/2017 14:28:01] - |D| - [6148] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avid [25/01/2018 11:56:45] - |D| - [7370] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google [24/08/2017 12:29:41] - |D| - [2316] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF [19/03/2019 06:49:34] - |ASH| - [400] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini [13/09/2018 11:54:22] - |D| - [5666] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Direct MIDI to MP3 Converter [09/09/2019 15:06:28] - |D| - [1312] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox [23/08/2017 16:54:02] - |A| - [2299] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk [09/09/2019 16:52:51] - |D| - [1880] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HiSuite [19/03/2019 06:46:39] - |RAS| - [2349] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk [05/03/2019 19:49:08] - |D| - [4073] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [02/11/2017 14:53:23] - |D| - [6890] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java [19/03/2019 06:52:44] - |D| - [170] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance [05/03/2019 21:20:41] - |D| - [3896] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes [20/06/2019 13:30:29] - |D| - [3464] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mes Livres Pro [21/07/2018 17:52:34] - |D| - [37986] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [23/08/2017 19:46:47] - |A| - [1278] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk [25/09/2018 12:29:11] - |D| - [2448] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartSHOW 3D [19/03/2019 06:52:44] - |RD| - [1422] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp [19/03/2019 06:52:44] - |RD| - [1458] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools [23/08/2017 19:45:26] - |D| - [7188] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [23/08/2017 19:10:29] - |D| - [4489] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [05/03/2019 16:38:15] - |A| - [1248] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast Cleanup Premium.lnk [19/03/2019 06:49:34] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | C:\Program Files (x86) [24/08/2017 12:29:41] - |D| - [282250] - C:\Program Files (x86)\Acro Software [24/08/2017 11:47:29] - |D| - [656526363] - C:\Program Files (x86)\Adobe [05/03/2019 19:44:05] - |D| - [4057910] - C:\Program Files (x86)\Apple Software Update [13/09/2019 17:52:04] - |D| - [106367910] - C:\Program Files (x86)\ATI Technologies [17/01/2018 12:41:30] - |D| - [52589725] - C:\Program Files (x86)\Audacity [06/12/2017 17:36:46] - |D| - [649575934] - C:\Program Files (x86)\AVAST Software [24/08/2017 14:27:01] - |D| - [11029607917] - C:\Program Files (x86)\Avid [27/08/2017 12:10:16] - |AD| - [631713] - C:\Program Files (x86)\Bonjour [19/03/2019 06:52:44] - |D| - [1140320174] - C:\Program Files (x86)\Common Files [19/03/2019 06:49:34] - |ASH| - [174] - C:\Program Files (x86)\desktop.ini [13/09/2018 11:54:21] - |D| - [15384378] - C:\Program Files (x86)\Direct MIDI to MP3 Converter [23/08/2017 18:55:56] - |D| - [348321236] - C:\Program Files (x86)\Dropbox [19/03/2018 16:51:17] - |D| - [410454226] - C:\Program Files (x86)\EasyPHP-Devserver-17 [23/08/2017 16:53:45] - |D| - [524885804] - C:\Program Files (x86)\Google [24/08/2017 12:30:06] - |D| - [14001334] - C:\Program Files (x86)\GPLGS [09/09/2019 16:52:08] - |D| - [81788687] - C:\Program Files (x86)\HiSuite [19/03/2019 06:52:44] - |D| - [1984287] - C:\Program Files (x86)\Internet Explorer [02/11/2017 14:52:42] - |D| - [361177023] - C:\Program Files (x86)\Java [20/06/2019 13:30:28] - |D| - [11059328] - C:\Program Files (x86)\MesLivresPro [23/08/2017 18:34:37] - |AD| - [707022008] - C:\Program Files (x86)\Microsoft Office [21/07/2018 18:06:27] - |D| - [14904] - C:\Program Files (x86)\Microsoft Visual Studio [21/07/2018 17:51:23] - |D| - [3726168] - C:\Program Files (x86)\Microsoft Works [19/03/2019 06:52:44] - |D| - [23935] - C:\Program Files (x86)\Microsoft.NET [23/08/2017 19:46:45] - |D| - [484974] - C:\Program Files (x86)\Mozilla Maintenance Service [23/08/2017 19:46:31] - |AD| - [132699741] - C:\Program Files (x86)\Mozilla Thunderbird [21/07/2018 18:06:52] - |D| - [764] - C:\Program Files (x86)\MSBuild [20/03/2018 18:23:11] - |D| - [175490314] - C:\Program Files (x86)\MuseScore 2 [03/09/2017 19:36:40] - |D| - [8331623] - C:\Program Files (x86)\PhotoFiltre 7 [14/09/2019 19:52:19] - |D| - [7413760] - C:\Program Files (x86)\Reference Assemblies [25/09/2018 12:28:36] - |D| - [599209065] - C:\Program Files (x86)\SmartSHOW 3D [11/12/2017 20:11:14] - |HD| - [0] - C:\Program Files (x86)\Uninstall Information [23/08/2017 19:44:46] - |D| - [184810748] - C:\Program Files (x86)\VideoLAN [19/03/2019 06:52:44] - |D| - [1741328] - C:\Program Files (x86)\Windows Defender [19/03/2019 06:52:44] - |D| - [625664] - C:\Program Files (x86)\Windows Mail [19/03/2019 14:02:58] - |D| - [3238765] - C:\Program Files (x86)\Windows Media Player [19/03/2019 14:02:58] - |D| - [39720] - C:\Program Files (x86)\Windows Multimedia Platform [19/03/2019 06:52:44] - |D| - [7559512] - C:\Program Files (x86)\Windows NT [19/03/2019 14:02:58] - |D| - [5276616] - C:\Program Files (x86)\Windows Photo Viewer [19/03/2019 14:02:58] - |D| - [39720] - C:\Program Files (x86)\Windows Portable Devices [19/03/2019 06:52:44] - |SHD| - [0] - C:\Program Files (x86)\Windows Sidebar [19/03/2019 06:52:44] - |D| - [2250183] - C:\Program Files (x86)\WindowsPowerShell [24/08/2017 14:16:02] - |A| - [604] - C:\Program Files (x86)\_F2a ---------- | C:\Program Files [24/08/2017 11:54:33] - |AD| - [3003372208] - C:\Program Files\Adobe [23/08/2017 16:37:46] - |D| - [96874265] - C:\Program Files\AMD [13/09/2019 17:52:35] - |D| - [5603752] - C:\Program Files\ATI Technologies [24/08/2017 14:27:01] - |D| - [122434674] - C:\Program Files\Avid [27/08/2017 12:10:16] - |AD| - [615066] - C:\Program Files\Bonjour [19/03/2019 06:52:43] - |D| - [321243531] - C:\Program Files\Common Files [10/01/2018 15:09:40] - |D| - [194560] - C:\Program Files\Dassault Systemes [19/03/2019 06:49:34] - |ASH| - [174] - C:\Program Files\desktop.ini [23/08/2017 16:09:53] - |SHD| - [0] - C:\Program Files\Fichiers communs [28/03/2018 12:01:44] - |D| - [60369664] - C:\Program Files\Google [19/03/2019 06:52:44] - |D| - [2645506] - C:\Program Files\Internet Explorer [05/03/2019 19:49:00] - |D| - [4264763] - C:\Program Files\iPod [05/03/2019 19:47:54] - |D| - [394634721] - C:\Program Files\iTunes [15/02/2018 13:46:05] - |D| - [172332622] - C:\Program Files\Malwarebytes [21/07/2018 17:47:02] - |D| - [1139478] - C:\Program Files\Microsoft Office [19/03/2019 06:52:44] - |D| - [0] - C:\Program Files\ModifiableWindowsApps [17/11/2018 22:03:14] - |D| - [30945896] - C:\Program Files\rempl [23/08/2017 16:05:05] - |HD| - [0] - C:\Program Files\Uninstall Information [18/06/2019 15:57:54] - |D| - [7340032] - C:\Program Files\UNP [19/03/2019 06:52:44] - |D| - [30704495] - C:\Program Files\Windows Defender [19/03/2019 06:52:44] - |D| - [636416] - C:\Program Files\Windows Mail [19/03/2019 14:02:58] - |D| - [4710289] - C:\Program Files\Windows Media Player [19/03/2019 14:02:58] - |D| - [47720] - C:\Program Files\Windows Multimedia Platform [19/03/2019 06:52:44] - |D| - [7895896] - C:\Program Files\Windows NT [19/03/2019 14:02:58] - |D| - [6093976] - C:\Program Files\Windows Photo Viewer [19/03/2019 14:02:58] - |D| - [47720] - C:\Program Files\Windows Portable Devices [19/03/2019 06:52:44] - |D| - [110373] - C:\Program Files\Windows Security [19/03/2019 06:52:44] - |SHD| - [0] - C:\Program Files\Windows Sidebar [19/03/2019 06:52:44] - |HD| - [4334730838] - C:\Program Files\WindowsApps [19/03/2019 06:52:44] - |D| - [2545983] - C:\Program Files\WindowsPowerShell [23/08/2017 19:10:18] - |AD| - [7453113] - C:\Program Files\WinRAR ---------- | C:\Program Files (x86)\Common Files [24/08/2017 11:47:28] - |AD| - [706293624] - C:\Program Files (x86)\Common Files\Adobe [27/08/2017 12:09:31] - |D| - [145375832] - C:\Program Files (x86)\Common Files\Apple [24/08/2017 14:27:46] - |D| - [115523] - C:\Program Files (x86)\Common Files\Avid [26/07/2018 12:16:03] - |D| - [99992] - C:\Program Files (x86)\Common Files\DESIGNER [05/03/2019 19:52:09] - |D| - [1975280] - C:\Program Files (x86)\Common Files\Java [19/03/2019 06:52:44] - |D| - [241586766] - C:\Program Files (x86)\Common Files\Microsoft Shared [05/03/2019 19:51:48] - |D| - [1371344] - C:\Program Files (x86)\Common Files\Oracle [19/03/2019 06:52:44] - |D| - [2702] - C:\Program Files (x86)\Common Files\Services [19/03/2019 06:52:44] - |D| - [43499111] - C:\Program Files (x86)\Common Files\System ---------- | C:\Program Files\Common files [24/08/2017 11:57:55] - |D| - [101713357] - C:\Program Files\Common files\Adobe [27/08/2017 12:10:00] - |D| - [167741077] - C:\Program Files\Common files\Apple [23/08/2017 16:37:48] - |D| - [472544] - C:\Program Files\Common files\ATI Technologies [19/03/2019 06:52:43] - |D| - [41030960] - C:\Program Files\Common files\microsoft shared [19/03/2019 06:52:44] - |D| - [2702] - C:\Program Files\Common files\Services [19/03/2019 06:52:44] - |D| - [10282891] - C:\Program Files\Common files\System ---------- | Tasks [MD5.1D277D5B14E9C955469710910865B338] - [17/09/2019 19:50:57] - |A| - [214] - C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job [MD5.ECDA7856BDE14415A38AA44E4BFDABEE] - [23/08/2017 18:55:58] - |A| - [1212] - C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job [MD5.DB79C61261062742C0A3C032E68DBF3E] - [23/08/2017 18:55:59] - |A| - [1216] - C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job [MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [13/09/2019 18:31:06] - |AH| - [6] - C:\WINDOWS\Tasks\SA.DAT [MD5.C7000FDD0ED6E9DB76B91CBA4F688E21] - [13/09/2019 18:31:05] - |A| - [3482] - C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task : C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [MD5.D1271B0836F08B1991FDC32F09E0F198] - [13/09/2019 18:31:05] - |A| - [2856] - C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-xberaud@yahoo.fr : C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [MD5.A923EB14103DA402016C4161E6E702D8] - [13/09/2019 18:31:05] - |A| - [2842] - C:\WINDOWS\System32\Tasks\AdobeGCInvoker-1.0-MicrosoftAccount-xberaud@yahoo.fr : C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [MD5.00000000000000000000000000000000] - [13/09/2019 18:31:05] - |D| - [2600] - C:\WINDOWS\System32\Tasks\Apple [MD5.F24A5320023028A54D8833694F87F813] - [13/09/2019 18:31:05] - |A| - [3270] - C:\WINDOWS\System32\Tasks\Avast Cleanup Update : C:\Program Files (x86)\AVAST Software\Avast Cleanup\TUNEUpdate.exe [MD5.A8FDB121BE3C35E0A3B2CF9F5CCB328A] - [13/09/2019 18:31:05] - |A| - [3990] - C:\WINDOWS\System32\Tasks\Avast Emergency Update : C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [MD5.31807EA87605CDD56827C759DBE5040B] - [13/09/2019 18:31:05] - |A| - [3118] - C:\WINDOWS\System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) : C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [MD5.A11EBC426612004DB985C745C2693D68] - [13/09/2019 18:31:05] - |A| - [2636] - C:\WINDOWS\System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) : C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [MD5.00000000000000000000000000000000] - [13/09/2019 18:31:05] - |D| - [4086] - C:\WINDOWS\System32\Tasks\Avast Software [MD5.F1CF99A9C5E3E4CCF2EAF7326C1B9FC9] - [13/09/2019 18:31:05] - |A| - [3332] - C:\WINDOWS\System32\Tasks\AvastUpdateTaskMachineCore : C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [MD5.3918F2BD78C858A81EF2E8990658739B] - [13/09/2019 18:31:05] - |A| - [3556] - C:\WINDOWS\System32\Tasks\AvastUpdateTaskMachineUA : C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [MD5.5CE379F5C97E978398147A5027339D4E] - [13/09/2019 18:31:05] - |A| - [3566] - C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore : C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [MD5.06D9968C40AC4EAEB5428FDA095BC176] - [13/09/2019 18:31:05] - |A| - [3790] - C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA : C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [MD5.FA6380CA4B5EA39D22CA9CEB468D930D] - [13/09/2019 18:31:05] - |A| - [3292] - C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [MD5.8BACD76F938B80BAE1A45B0BD484839F] - [13/09/2019 18:31:05] - |A| - [3516] - C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [MD5.00000000000000000000000000000000] - [13/09/2019 18:31:05] - |D| - [0] - C:\WINDOWS\System32\Tasks\Leader Technologies [MD5.00000000000000000000000000000000] - [19/03/2019 06:52:45] - |D| - [584008] - C:\WINDOWS\System32\Tasks\Microsoft [MD5.5744316EAF6D9CEF0FBE334BDF0039FE] - [13/09/2019 18:31:06] - |A| - [2858] - C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2984681472-3382979029-149579308-1002 : %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe [MD5.D47EEA211F030AE4BF6B02D142E9DBEB] - [13/09/2019 18:31:06] - |A| - [3318] - C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{49CD5FE8-B3B2-45D4-97B1-48E96AF2119D} : C:\Windows\system32\msfeedssync.exe [MD5.00000000000000000000000000000000] - [19/03/2019 06:52:46] - |D| - [0] - C:\WINDOWS\Syswow64\Tasks\Microsoft ---------- | Firewall [HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules] "WiFiDirect-KM-Driver-In-TCP"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=System|Name=@wlansvc.dll,-37378|Desc=@wlansvc.dll,-37890|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "WiFiDirect-KM-Driver-Out-TCP"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=System|Name=@wlansvc.dll,-37379|Desc=@wlansvc.dll,-37891|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "WiFiDirect-KM-Driver-In-UDP"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=System|Name=@wlansvc.dll,-37380|Desc=@wlansvc.dll,-37892|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "WiFiDirect-KM-Driver-Out-UDP"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=System|Name=@wlansvc.dll,-37381|Desc=@wlansvc.dll,-37893|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "DeliveryOptimization-TCP-In"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-102|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE| "DeliveryOptimization-UDP-In"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-103|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE| "Netlogon-NamedPipe-In"=v2.30|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|Name=@netlogon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010| "Netlogon-TCP-RPC-In"=v2.30|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%SystemRoot%\System32\lsass.exe|Name=@netlogon.dll,-1008|Desc=@netlogon.dll,-1009|EmbedCtxt=@netlogon.dll,-1010| "WirelessDisplay-In-TCP"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10200|Desc=@wifidisplay.dll,-10201|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Out-TCP"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10202|Desc=@wifidisplay.dll,-10203|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Out-UDP"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10204|Desc=@wifidisplay.dll,-10205|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Infra-In-TCP"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7250|App=%systemroot%\system32\CastSrv.exe|Name=@wifidisplay.dll,-10206|Desc=@wifidisplay.dll,-10207|EmbedCtxt=@wifidisplay.dll,-100| "{AF6B34AC-B7DA-41E2-AA19-FE3F1CE92FC0}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files (x86)\Google\Chrome\Application\chrome.exe|Name=Google Chrome (mDNS-In)|Desc=Règle de trafic entrant pour Google Chrome autorisant le trafic mDNS|EmbedCtxt=Google Chrome| "{31A45ACE-7C74-41A2-8B5F-9D9343ED1F48}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-2984681472-3382979029-149579308-1002|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ| "{D2171B1C-C033-4518-BECE-1E9F0FCFC45C}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-2984681472-3382979029-149579308-1002|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ| "{34BA96E5-C0DA-4D8D-8C91-F4115A7FFE29}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe|Name=Avast Secure Browser (mDNS-In)|Desc=Règle de trafic entrant pour Avast Secure Browser autorisant le trafic mDNS|EmbedCtxt=Avast Secure Browser| "{787F14AE-8F13-4B48-91E8-0CB02416E1EB}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Dropbox\Client\Dropbox.exe|Name=Dropbox| "{2544A1E1-A1D9-46AC-B74D-FDB3F2299470}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Microsoft Sticky Notes|Desc=Microsoft Sticky Notes|LUOwn=S-1-5-21-2984681472-3382979029-149579308-1002|AppPkgId=S-1-15-2-3539788797-2700867667-1432428195-1581642-2885308443-3834444517-2495346167|EmbedCtxt=Microsoft Sticky Notes|Platform=2:6:2|Platform2=GTEQ| "{4447E4A0-D5E6-4E52-AA1C-F131D0133538}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Name=Microsoft Sticky Notes|Desc=Microsoft Sticky Notes|LUOwn=S-1-5-21-2984681472-3382979029-149579308-1002|AppPkgId=S-1-15-2-3539788797-2700867667-1432428195-1581642-2885308443-3834444517-2495346167|EmbedCtxt=Microsoft Sticky Notes|Platform=2:6:2|Platform2=GTEQ| "{AACA0079-B178-48EB-8918-BB133E27026E}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Name=HP Smart|Desc=HP Smart|LUOwn=S-1-5-21-2984681472-3382979029-149579308-1002|AppPkgId=S-1-15-2-744533573-2444454674-265863901-3215465728-4115286053-1341080355-789689510|EmbedCtxt=HP Smart|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{144CC2D7-E137-4E6A-BDC1-9C1574217826}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Name=HP Smart|Desc=HP Smart|LUOwn=S-1-5-21-2984681472-3382979029-149579308-1002|AppPkgId=S-1-15-2-744533573-2444454674-265863901-3215465728-4115286053-1341080355-789689510|EmbedCtxt=HP Smart|Platform=2:6:2|Platform2=GTEQ| "{C32B722F-FD16-4179-9189-77475CE77D6B}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Name=Keeper - Password Manager & Secure File Storage|Desc=Keeper - Password Manager & Secure File Storage|LUOwn=S-1-5-21-2984681472-3382979029-149579308-1002|AppPkgId=S-1-15-2-1693445186-3345176799-2248129915-4000651515-812732840-1010160964-1868342332|EmbedCtxt=Keeper - Password Manager & Secure File Storage|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{7255BA1A-486D-48B0-9A1A-7215FFBD7B3D}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Name=Keeper - Password Manager & Secure File Storage|Desc=Keeper - Password Manager & Secure File Storage|LUOwn=S-1-5-21-2984681472-3382979029-149579308-1002|AppPkgId=S-1-15-2-1693445186-3345176799-2248129915-4000651515-812732840-1010160964-1868342332|EmbedCtxt=Keeper - Password Manager & Secure File Storage|Platform=2:6:2|Platform2=GTEQ| "{9D7B9BD9-405B-4EFD-BD71-5A3792202074}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe|Name=Apple Push Service|Edge=TRUE| "{E25051CE-0BE1-47FF-ADC3-7CE4688E2DA0}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\AVAST Software\Avast Cleanup\TUNEUpdate.exe|Name=Avast Cleanup Update| "{36CE5227-435A-439F-A01D-35FEEA0A8688}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\AVAST Software\Avast Cleanup\TUNEUpdate.exe|Name=Avast Cleanup Update| "{AF7C36C1-3CE1-420D-AB91-916448F99815}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Name=Xbox TCUI|Desc=Xbox TCUI|LUOwn=S-1-5-21-2984681472-3382979029-149579308-1002|AppPkgId=S-1-15-2-2603511428-3224021693-1028932517-3941269705-3349582775-2312504883-4057327947|EmbedCtxt=Xbox TCUI|Platform=2:6:2|Platform2=GTEQ| "{DAF851D9-8D68-4C6A-A489-E43450BEB25C}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Bonjour\mDNSResponder.exe|Name=Service Bonjour| "{FC38B27A-10BB-4762-8B4A-1E706BE45C90}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Bonjour\mDNSResponder.exe|Name=Service Bonjour| "{918521E6-9EA7-46A9-8466-B00798E0A0DC}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\Bonjour\mDNSResponder.exe|Name=Service Bonjour| "{3C9DB178-5528-4AB9-A02D-BD43F4CBBE29}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\Bonjour\mDNSResponder.exe|Name=Service Bonjour| "{3264B65E-95CA-43CD-9812-52475E1826F9}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-18|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2:6:2|Platform2=GTEQ| "{F95AC1A5-415A-48FA-870A-2048402D2F4A}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Pay|Desc=Microsoft Pay|LUOwn=S-1-5-21-2984681472-3382979029-149579308-1002|AppPkgId=S-1-15-2-567501097-281763132-502764112-1855211022-3143306454-2372101908-561929011|EmbedCtxt=Microsoft Pay|Platform=2:6:2|Platform2=GTEQ| "{CFF22043-1545-429C-B165-3EDCD6447C5E}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Shell Input Application|Desc=Shell Input Application|LUOwn=S-1-5-21-2984681472-3382979029-149579308-1002|AppPkgId=S-1-15-2-3945102849-3632965805-3846928828-240845225-3300287824-62672950-817265009|EmbedCtxt=Shell Input Application|Platform=2:6:2|Platform2=GTEQ| "{C72DFEAD-7807-41E3-85E0-5D2F49FA15CF}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox Game Bar Plugin|Desc=Xbox Game Bar Plugin|LUOwn=S-1-5-21-2984681472-3382979029-149579308-1002|AppPkgId=S-1-15-2-1823635404-1364722122-2170562666-1762391777-2399050872-3465541734-3732476201|EmbedCtxt=Xbox Game Bar Plugin|Platform=2:6:2|Platform2=GTEQ| "{460123F7-86D1-40EE-B915-39A57B6504CF}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-2984681472-3382979029-149579308-1002|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ| "{79294D29-B284-46BA-9469-CB2425BDE70D}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-2984681472-3382979029-149579308-1002|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ| ---------- | Control\Class [HKLM\SYSTEM\CurrentControlSet\Control\Class\{05f5cfe2-4733-4950-a6bb-07aad01a3a84}] : (XboxComposite) [] -> @dc1-controller.inf,%ClassName%;Xbox Peripherals [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1264760F-A5C8-4BFE-B314-D56A7B44A362}] : (DXGKrnl) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{13e42dfa-85d9-424d-8646-28a70f864f9c}] : (RemotePosDevice) [] -> @remoteposdrv.inf,%ClassName%;POS Remote Device [HKLM\SYSTEM\CurrentControlSet\Control\Class\{14b62f50-3f15-11dd-ae16-0800200c9a66}] : (DigitalMediaDevices) [] -> @digitalmediadevice.inf,%ClassName%;Digital Media Devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}] : (PrintQueue) [] -> @printqueue.inf,%ClassName%;Print queues [HKLM\SYSTEM\CurrentControlSet\Control\Class\{25dbce51-6c8f-4a72-8a6d-b54c2b4fc835}] : (WCEUSBS) [] -> @%SystemRoot%\System32\SysClass.Dll,-3026 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{268c95a1-edfe-11d3-95c3-0010dc4050a5}] : (SecurityAccelerator) [] -> @c_sslaccel.inf,%ClassName%;Security accelerators [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2a9fe532-0cdc-44f9-9827-76192f2ca2fb}] : (HidMsr) [] -> @c_magneticstripereader.inf,%ClassName%;POS HID Magnetic Stripe Reader [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2db15374-706e-4131-a0c7-d7c78eb0289a}] : (SystemRecovery) [] -> @c_fssystemrecovery.inf,%ClassDesc%;FS System recovery filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B648}] : (fvevol) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B649}] : (fvevol) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{36fc9e60-c465-11cf-8056-444553540000}] : (USB) [] -> @%SystemRoot%\System32\SysClass.Dll,-3025 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3e3f0674-c83c-4558-bb26-9820e1eba5c5}] : (ContentScreener) [] -> @c_fscontentscreener.inf,%ClassDesc%;FS Content screener filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3f966bd9-fa04-4ec5-991c-d326973b5128}] : (AndroidUsbDeviceClass) [] -> @oem1.inf,%ClassName%;Android Phone [HKLM\SYSTEM\CurrentControlSet\Control\Class\{43675d81-502a-4a82-9f84-b75f418c5dea}] : (Media Center Extender) [] -> @c_mcx.inf,%ClassDesc%;Media Center Extenders [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4658ee7e-f050-11d1-b6bd-00c04fa372a7}] : (PnpPrinters) [] -> @%SystemRoot%\system32\ntprint.dll,-1300 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{48721b56-6795-11d2-b1a8-0080c72e74a2}] : (Dot4) [] -> @%SystemRoot%\system32\sysclass.dll,-3023 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{48d3ebc4-4cf8-48ff-b869-9c68ad42eb9f}] : (Replication) [] -> @c_fsreplication.inf,%ClassDesc%;FS Replication filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{49ce6ac8-6f86-11d2-b1e5-0080c72e74a2}] : (Dot4Print) [] -> @%SystemRoot%\system32\sysclass.dll,-3024 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e965-e325-11ce-bfc1-08002be10318}] : (CDROM) [] -> @%SystemRoot%\System32\StorProp.dll,-17001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e966-e325-11ce-bfc1-08002be10318}] : (Computer) [] -> @%SystemRoot%\System32\SysClass.dll,-3000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}] : (DiskDrive) [] -> @c_diskdrive.inf,%ClassDesc%;Disk drives [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}] : (Display) [] -> @c_display.inf,%ClassDesc%;Display adapters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e969-e325-11ce-bfc1-08002be10318}] : (FDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3013 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96a-e325-11ce-bfc1-08002be10318}] : (HDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96b-e325-11ce-bfc1-08002be10318}] : (Keyboard) [] -> @%SystemRoot%\System32\SysClass.Dll,-3002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96c-e325-11ce-bfc1-08002be10318}] : (MEDIA) [] -> @c_media.inf,%ClassDesc%;Sound, video and game controllers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}] : (Modem) [] -> @%SystemRoot%\System32\mdminst.dll,-14100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96e-e325-11ce-bfc1-08002be10318}] : (Monitor) [] -> @c_monitor.inf,%ClassDesc%;Monitors [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96f-e325-11ce-bfc1-08002be10318}] : (Mouse) [] -> @%SystemRoot%\System32\SysClass.Dll,-3004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e970-e325-11ce-bfc1-08002be10318}] : (MTD) [] -> @%SystemRoot%\System32\SysClass.Dll,-3021 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e971-e325-11ce-bfc1-08002be10318}] : (MultiFunction) [] -> @%SystemRoot%\System32\SysClass.Dll,-3014 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}] : (Net) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1502 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e973-e325-11ce-bfc1-08002be10318}] : (NetClient) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1504 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e974-e325-11ce-bfc1-08002be10318}] : (NetService) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1505 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e975-e325-11ce-bfc1-08002be10318}] : (NetTrans) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1503 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e977-e325-11ce-bfc1-08002be10318}] : (PCMCIA) [] -> @%SystemRoot%\System32\SysClass.Dll,-3010 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e978-e325-11ce-bfc1-08002be10318}] : (Ports) [] -> @%SystemRoot%\System32\msports.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e979-e325-11ce-bfc1-08002be10318}] : (Printer) [] -> @%SystemRoot%\system32\ntprint.dll,-1004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97b-e325-11ce-bfc1-08002be10318}] : (SCSIAdapter) [] -> @%SystemRoot%\System32\SysClass.Dll,-3005 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97d-e325-11ce-bfc1-08002be10318}] : (System) [] -> @%SystemRoot%\System32\SysClass.Dll,-3008 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97e-e325-11ce-bfc1-08002be10318}] : (Unknown) [] -> @%SystemRoot%\System32\SysClass.Dll,-3009 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e980-e325-11ce-bfc1-08002be10318}] : (FloppyDisk) [] -> @%SystemRoot%\System32\SysClass.Dll,-3015 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4fc9541c-0fe6-4480-a4f6-9495a0d17cd2}] : (HidLineDisplay) [] -> @c_linedisplay.inf,%ClassName%;POS Line Display [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50127dc3-0f36-415e-a6cc-4cb3be910b65}] : (Processor) [] -> @c_processor.inf,%ClassDesc%;Processors [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50906cb8-ba12-11d1-bf5d-0000f805f530}] : (MultiPortSerial) [] -> @%SystemRoot%\system32\sysclass.dll,-3022 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5099944a-f6b9-4057-a056-8c550228544c}] : (Memory) [] -> @%SystemRoot%\System32\SysClass.Dll,-3018 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50dd5230-ba8a-11d1-bf5d-0000f805f530}] : (SmartCardReader) [] -> @%SystemRoot%\System32\StorProp.dll,-17002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5175d334-c371-4806-b3ba-71fd53c9258d}] : (Sensor) [] -> @%SystemRoot%\system32\SensorsCpl.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{533c5b84-ec70-11d2-9505-00c04f79deaf}] : (VolumeSnapshot) [] -> @%SystemRoot%\System32\SysClass.Dll,-3011 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53487c23-680f-4585-acc3-1f10d6777e82}] : (SmrDisk) [] -> @c_smrdisk.inf,%ClassDesc%;Shingled magnetic recording disks [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53966cb1-4d46-4166-bf23-c522403cd495}] : (ScmDisk) [] -> @c_scmdisk.inf,%ClassDesc%;Persistent memory disks [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53b3cf03-8f5a-4788-91b6-d19ed9fcccbf}] : (SmrVolume) [] -> @c_smrvolume.inf,%ClassDesc%;Shingled magnetic recording volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53ccb149-e543-4c84-b6e0-bce4f6b7e806}] : (ScmVolume) [] -> @c_scmvolume.inf,%ClassDesc%;Storage Class Memory volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53d29ef7-377c-4d14-864b-eb3a85769359}] : (Biometric) [] -> @%SystemRoot%\System32\SysClass.DLL,-3028 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5630831c-06c9-4856-b327-f5d32586e060}] : (Proximity) [] -> @c_proximity.inf,%ClassDesc%;Proximity devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5989fce8-9cd0-467d-8a6a-5419e31529d4}] : (AudioProcessingObject) [] -> @c_apo.inf,%ClassDesc%;Audio Processing Objects (APOs) [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5aea001d-9372-4ed7-97f3-b79bf15a53c5}] : (OposLegacyDevice) [] -> @oposdrv.inf,%ClassName%;OPOS Legacy Device [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5c4c3332-344d-483c-8739-259e934c9cc8}] : (SoftwareComponent) [] -> @c_swcomponent.inf,%ClassDesc%;Software components [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5d1b9aaa-01e2-46af-849f-272b3f324c46}] : (FSFilterSystem) [] -> @c_fssystem.inf,%ClassDesc%;FS System filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{62f9c741-b25a-46ce-b54c-9bccce08b6f2}] : (SoftwareDevice) [] -> @c_swdevice.inf,%ClassDesc%;Software devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{645ad99b-1344-4316-837a-08a3e73db222}] : (PerceptionSimulation) [] -> @PerceptionSimulationSixDof.inf,%ClassName%;Perception Simulation Controllers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6a0a8e78-bba6-4fc4-a709-1e33cd09d67e}] : (PhysicalQuotaManagement) [] -> @c_fsphysicalquotamgmt.inf,%ClassDesc%;FS Physical quota management filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc1-810f-11d0-bec7-08002be2092f}] : (1394) [] -> @%SystemRoot%\System32\SysClass.Dll,-3016 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc5-810f-11d0-bec7-08002be2092f}] : (Infrared) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1501 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc6-810f-11d0-bec7-08002be2092f}] : (Image) [] -> @%SystemRoot%\system32\sti_ci.dll,-52 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6d807884-7d21-11cf-801c-08002be10318}] : (TapeDrive) [] -> @%SystemRoot%\System32\SysClass.Dll,-3006 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6FAE73B7-B735-4B50-A0DA-0DC2484B1F1A}] : (BasicDisplay) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{71a27cdd-812a-11d0-bec7-08002be2092f}] : (Volume) [] -> @c_volume.inf,%ClassDesc%;Storage volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{71aa14f8-6fad-4622-ad77-92bb9d7e6947}] : (ContinuousBackup) [] -> @c_fscontinuousbackup.inf,%ClassDesc%;FS Continuous backup filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{72631e54-78a4-11d0-bcf7-00aa00b7b32a}] : (Battery) [] -> @%SystemRoot%\system32\powrprof.dll,-611 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{745a17a0-74d3-11d0-b6fe-00a0c90f57da}] : (HIDClass) [] -> @%SystemRoot%\System32\hid.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{772e18f2-8925-4229-a5ac-6453cb482fda}] : (HidCashDrawer) [] -> @c_cashdrawer.inf,%ClassName%;POS Cash Drawer [HKLM\SYSTEM\CurrentControlSet\Control\Class\{7ebefbc0-3200-11d2-b4c2-00a0c9697d07}] : (61883) [] -> @%SystemRoot%\System32\SysClass.Dll,-3019 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{81C87465-DE07-4EFC-9D93-61E891D52FD2}] : (RdpVideoMiniport) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8503c911-a6c7-4919-8f79-5028f5866b0c}] : (QuotaManagement) [] -> @c_fsquotamgmt.inf,%ClassDesc%;FS Quota management filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{87ef9ad1-8f70-49ee-b215-ab1fcadcbe3c}] : (NetDriver) [] -> @c_netdriver.inf,%ClassDesc%;Universal Network Drivers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{88a1c342-4539-11d3-b88d-00c04fad5171}] : (TS_Generic) [] -> @ts_generic.inf,%TSClassName%;Generic Remote Desktop devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{88bae032-5a81-49f0-bc3d-a4ff138216d6}] : (USBDevice) [] -> @%SystemRoot%\System32\SysClass.Dll,-3029 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{89786ff1-9c12-402f-9c9e-17753c7f4375}] : (CopyProtection) [] -> @c_fscopyprotection.inf,%ClassDesc%;FS Copy protection filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8ecc055d-047f-11d1-a537-0000f8753ed1}] : (LegacyDriver) [] -> @%SystemRoot%\System32\SysClass.Dll,-3003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{990a2bd7-e738-46c7-b26f-1cf8fb9f1391}] : (SmartCard) [] -> @%SystemRoot%\System32\SysClass.DLL,-3031 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{9da2b80f-f89f-4a49-a5c2-511b085b9e8a}] : (EhStorSilo) [] -> @rawsilo.inf,%ClassName%;IEEE 1667 silo and control devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a588a4-c46f-4b37-b7ea-c82fe89870c6}] : (SDHost) [] -> @%SystemRoot%\System32\SysClass.Dll,-3012 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a701c0-a511-42ff-aa6c-06dc0395576f}] : (Encryption) [] -> @c_fsencryption.inf,%ClassDesc%;FS Encryption filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{A3E32DBA-BA89-4F17-8386-2D0127FBD4CC}] : (rdpbus) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b1d1a169-c54f-4379-81db-bee7d88d7454}] : (AntiVirus) [] -> @c_fsantivirus.inf,%ClassDesc%;FS Anti-virus filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b2728d24-ac56-42db-9e02-8edaf5db652f}] : (RDCamera) [] -> @rdcameradriver.inf,%ClassName%;Remote Desktop Camera devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b86dff51-a31e-4bac-b3cf-e8cfe75c9fc2}] : (ActivityMonitor) [] -> @c_fsactivitymonitor.inf,%ClassDesc%;FS Activity monitor filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{bbbe8734-08fa-4966-b6a6-4e5ad010cdd7}] : (USBFunctionController) [] -> @%SystemRoot%\System32\SysClass.Dll,-3030 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c06ff265-ae09-48f0-812c-16753d7cba83}] : (AVC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3027 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c166523c-fe0c-4a94-a586-f1a80cfbbf3e}] : (AudioEndpoint) [] -> @audioendpoint.inf,%ClassName%;Audio inputs and outputs [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c243ffbd-3afc-45e9-b3d3-2ba18bc7ebc5}] : (BarcodeScanner) [] -> @c_barcodescanner.inf,%ClassName%;POS Barcode Scanner [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c30ecea0-11ef-4ef9-b02e-6af81e6e65c0}] : (WSDPrintDevice) [] -> @wsdprint.inf,%ClassName%;WSD Print Provider [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c7bc9b22-21f0-4f0d-9bb6-66c229b8cd33}] : (POSPrinter) [] -> @c_receiptprinter.inf,%ClassName%;POS Receipt Printer [HKLM\SYSTEM\CurrentControlSet\Control\Class\{ca3e7ab9-b4c3-4ae6-8251-579ef933890f}] : (Camera) [] -> @c_camera.inf,%ClassDesc%;Cameras [HKLM\SYSTEM\CurrentControlSet\Control\Class\{cdcf0939-b75b-4630-bf76-80f7ba655884}] : (CFSMetadataServer) [] -> @c_fscfsmetadataserver.inf,%ClassDesc%;FS CFS metadata server filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{ce5939ae-ebde-11d0-b181-0000f8753ec4}] : (MediumChanger) [] -> @%SystemRoot%\System32\StorProp.dll,-17003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d02bc3da-0c8e-4945-9bd5-f1883c226c8c}] : (SecurityEnhancer) [] -> @c_fssecurityenhancer.inf,%ClassDesc%;FS Security enhancer filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d421b08e-6d16-41ca-9c4d-9147e5ac98e0}] : (Miracast) [] -> @miradisp.inf,%ClassName%;Miracast display devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d48179be-ec20-11d1-b6b8-00c04fa372a7}] : (SBP2) [] -> @%SystemRoot%\System32\SysClass.Dll,-3017 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d546500a-2aeb-45f6-9482-f4b1799c3177}] : (HSM) [] -> @c_fshsm.inf,%ClassDesc%;FS HSM filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d612553d-06b1-49ca-8938-e39ef80eb16f}] : (Holographic) [] -> @c_holographic.inf,%ClassName%;Mixed Reality devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d61ca365-5af4-4486-998b-9db4734c6ca3}] : (XnaComposite) [] -> @xusb22.inf,%XUSB22.ClassName%;Xbox 360 Peripherals [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d94ee5d8-d189-4994-83d2-f68d7d41b0e6}] : (SecurityDevices) [] -> @%SystemRoot%\System32\SysClass.Dll,-3020 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{db4f6ddd-9c0e-45e4-9597-78dbbad0f412}] : (SmartCardFilter) [] -> @%SystemRoot%\System32\SysClass.DLL,-3032 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{E004269C-D387-4461-B955-25A64CFE23CE}] : (amdkmdag) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e0cbf06c-cd8b-4647-bb8a-263b43f0f974}] : (Bluetooth) [] -> @%SystemRoot%\system32\bthci.dll,-4001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e2f84ce7-8efa-411c-aa69-97454ca4cb57}] : (Extension) [] -> @c_extension.inf,%ClassDesc%;Extensions [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e55fa6f9-128c-4d04-abab-630c74b1453a}] : (Infrastructure) [] -> @c_fsinfrastructure.inf,%ClassDesc%;FS Infrastructure filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e6f1aa1c-7f3b-4473-b2e8-c97d8ac71d53}] : (UCM) [] -> @c_ucm.inf,%ClassDesc%;USB Connector Managers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{eec5ad98-8080-425f-922a-dabf3de3f69a}] : (WPD) [] -> @%SystemRoot%\System32\wpd_ci.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f2e7dd72-6468-4e36-b6f1-6488f42c1b52}] : (Firmware) [] -> @c_firmware.inf,%ClassDesc%;Firmware [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f3586baf-b5aa-49b5-8d6c-0569284c639f}] : (Compression) [] -> @c_fscompression.inf,%ClassDesc%;FS Compression filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f75a86c0-10d8-4c3a-b233-ed60e4cdfaac}] : (Virtualization) [] -> @c_fsvirtualization.inf,%ClassDesc%;FS Virtualization filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f8ecafa6-66d1-41a5-899b-66585d7216b7}] : (OpenFileBackup) [] -> @c_fsopenfilebackup.inf,%ClassDesc%;FS Open file backup filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{fe8f1572-c67a-48c0-bbac-0b5c6d66cafb}] : (Undelete) [] -> @c_fsundelete.inf,%ClassDesc%;FS Undelete filters [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5] -> elstrans.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) ---------- | Loaded modules (whitelist) ---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service S0 - [Kernel Driver] - 3ware () -> System32\drivers\3ware.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - ACPI (@acpi.inf,%ACPI.SvcDesc%;Microsoft ACPI Driver) -> System32\drivers\ACPI.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - acpiex (Microsoft ACPIEx Driver) -> System32\Drivers\acpiex.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - ADP80XX () -> System32\drivers\ADP80XX.SYS - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdsata () -> System32\drivers\amdsata.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdsbs () -> System32\drivers\amdsbs.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdxata () -> System32\drivers\amdxata.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - arcsas (@arcsas.inf,%arcsas_ServiceName%;Adaptec SAS/SATA-II RAID Storport's Miniport Driver) -> System32\drivers\arcsas.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - atapi (@mshdc.inf,%idechannel.DeviceDesc%;IDE Channel) -> System32\drivers\atapi.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - b06bdrv (@netbvbda.inf,%vbd_srv_desc%;QLogic Network Adapter VBD) -> System32\drivers\bxvbda.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - bttflt (@virtdisk.inf,%service_desc%;Microsoft Hyper-V VHDPMEM BTT Filter) -> System32\drivers\bttflt.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - cht4iscsi () -> System32\drivers\cht4sx64.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - CLFS (@%SystemRoot%\system32\drivers\clfs.sys,-100) -> System32\drivers\CLFS.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - CNG () -> System32\Drivers\cng.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - disk (@disk.inf,%disk_ServiceDesc%;Disk Driver) -> System32\drivers\disk.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - ebdrv (@netevbda.inf,%vbd_srv_desc%;QLogic 10 Gigabit Ethernet Adapter VBD) -> System32\drivers\evbda.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - EhStorClass (@%SystemRoot%\system32\drivers\EhStorClass.sys,-100) -> System32\drivers\EhStorClass.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - EhStorTcgDrv (@ehstortcgdrv.inf,%EhStorTcgDrv.Desc%;Microsoft driver for storage devices supporting IEEE 1667 and TCG protocols) -> System32\drivers\EhStorTcgDrv.sys - AcceptPause: False - AcceptStop: False R0 - [File System Driver] - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) -> System32\drivers\fileinfo.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) -> system32\drivers\fltmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) -> System32\DRIVERS\fvevol.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - HpSAMD () -> System32\drivers\HpSAMD.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) -> System32\drivers\hwpolicy.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - iaStorAVC (@iastorav.inf,%iaStorAVC.DeviceDesc%;Intel Chipset SATA RAID Controller) -> System32\drivers\iaStorAVC.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - iaStorV (@iastorv.inf,%*PNP0600.DeviceDesc%;Intel RAID Controller Windows 7) -> System32\drivers\iaStorV.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - intelide () -> System32\drivers\intelide.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - intelpep (@intelpep.inf,%INTELPEP.SVCDESC%;Intel(R) Power Engine Plug-in Driver) -> System32\drivers\intelpep.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - iorate (@%SystemRoot%\system32\drivers\iorate.sys,-101) -> system32\drivers\iorate.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - isapnp () -> System32\drivers\isapnp.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - ItSas35i () -> System32\drivers\ItSas35i.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - KSecDD () -> System32\Drivers\ksecdd.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - KSecPkg () -> System32\Drivers\ksecpkg.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - LSI_SAS () -> System32\drivers\lsi_sas.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SAS2i () -> System32\drivers\lsi_sas2i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SAS3i () -> System32\drivers\lsi_sas3i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SSS () -> System32\drivers\lsi_sss.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - MbamElam (MbamElam) -> system32\DRIVERS\MbamElam.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasas () -> System32\drivers\megasas.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasas2i () -> System32\drivers\MegaSas2i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasas35i () -> System32\drivers\megasas35i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasr () -> System32\drivers\megasr.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) -> System32\drivers\mountmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - msisadrv () -> System32\drivers\msisadrv.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - Mup (@%systemroot%\system32\drivers\mup.sys,-101) -> System32\Drivers\mup.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - mvumis () -> System32\drivers\mvumis.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) -> system32\drivers\ndis.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - nvraid () -> System32\drivers\nvraid.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - nvstor () -> System32\drivers\nvstor.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) -> System32\drivers\partmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - pci (@pci.inf,%pci_svcdesc%;PCI Bus Driver) -> System32\drivers\pci.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - pciide () -> System32\drivers\pciide.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - pcmcia () -> System32\drivers\pcmcia.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - pcw (Performance Counters for Windows Driver) -> System32\drivers\pcw.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - pdc (@%SystemRoot%\system32\drivers\pdc.sys,-100) -> system32\drivers\pdc.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - percsas2i () -> System32\drivers\percsas2i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - percsas3i () -> System32\drivers\percsas3i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - Ramdisk (Windows RAM Disk Driver) -> system32\DRIVERS\ramdisk.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - rdyboost (ReadyBoost) -> System32\drivers\rdyboost.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - sbp2port (@sbp2.inf,%sbp2_ServiceDesc%;SBP-2 Transport/Protocol Bus Driver) -> System32\drivers\sbp2port.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - scmbus (@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver) -> System32\drivers\scmbus.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - SgrmAgent (@%SystemRoot%\System32\Drivers\SgrmAgent.sys,-1001) -> system32\drivers\SgrmAgent.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - SiSRaid2 () -> System32\drivers\SiSRaid2.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - SiSRaid4 () -> System32\drivers\sisraid4.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - SmartSAMD () -> System32\drivers\SmartSAMD.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - spaceport (@spaceport.inf,%Spaceport_ServiceDesc%;Storage Spaces Driver) -> System32\drivers\spaceport.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - stexstor () -> System32\drivers\stexstor.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - storahci (@mshdc.inf,%storahci_ServiceDescription%;Microsoft Standard SATA AHCI Driver) -> System32\drivers\storahci.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - storflt (@wstorflt.inf,%service_desc%;Microsoft Hyper-V Storage Accelerator) -> System32\drivers\vmstorfl.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - stornvme (@stornvme.inf,%StorNVMe_ServiceDesc%;Microsoft Standard NVM Express Driver) -> System32\drivers\stornvme.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storufs (@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver) -> System32\drivers\storufs.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storvsc () -> System32\drivers\storvsc.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - Tcpip (@%SystemRoot%\system32\drivers\tcpip.sys,-10001) -> System32\drivers\tcpip.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - vdrvroot (@vdrvroot.inf,%vdrvroot_svcdesc%;Microsoft Virtual Drive Enumerator) -> System32\drivers\vdrvroot.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - vmbus (@wvmbus.inf,%vmbus.SVCDESC%;Virtual Machine Bus) -> System32\drivers\vmbus.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - volmgr (@volmgr.inf,%volmgr_svcdesc%;Volume Manager Driver) -> System32\drivers\volmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) -> System32\drivers\volmgrx.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volsnap (@%SystemRoot%\system32\drivers\volsnap.sys,-100) -> System32\drivers\volsnap.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volume (@volume.inf,%VolumeServiceDesc%;Volume driver) -> System32\drivers\volume.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - vsmraid () -> System32\drivers\vsmraid.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - VSTXRAID (@vstxraid.inf,%Driver.DeviceDesc%;VIA StorX Storage RAID Controller Windows Driver) -> System32\drivers\vstxraid.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - WdBoot (@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-390) -> system32\drivers\wd\WdBoot.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) -> system32\drivers\Wdf01000.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - WdFilter (@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-330) -> system32\drivers\wd\WdFilter.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WFPLWFS (@%SystemRoot%\System32\drivers\wfplwfs.sys,-6000) -> System32\drivers\wfplwfs.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WindowsTrustedRT (Windows Trusted Execution Environment Class Extension) -> system32\drivers\WindowsTrustedRT.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WindowsTrustedRTProxy (@WindowsTrustedRTProxy.inf,%WindowsTrustedRTProxy.SVCDESC%;Microsoft Windows Trusted Runtime Secure Service) -> System32\drivers\WindowsTrustedRTProxy.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - Wof (Windows Overlay File System Filter Driver) -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) -> \SystemRoot\system32\drivers\afd.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - afunix (afunix) -> \SystemRoot\system32\drivers\afunix.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - ahcache (@%systemroot%\system32\drivers\ahcache.sys,-102) -> system32\DRIVERS\ahcache.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - bam (@%SystemRoot%\system32\drivers\bam.sys,-100) -> system32\drivers\bam.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - BasicDisplay () -> \SystemRoot\System32\DriverStore\FileRepository\basicdisplay.inf_amd64_307898c750ba9e44\BasicDisplay.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - BasicRender () -> \SystemRoot\System32\DriverStore\FileRepository\basicrender.inf_amd64_ba2a8de08ea0d469\BasicRender.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Beep (Beep) -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - cdrom (@cdrom.inf,%cdrom_ServiceDesc%;CD-ROM Driver) -> \SystemRoot\System32\drivers\cdrom.sys - AcceptPause: False - AcceptStop: True S1 - [Kernel Driver] - dam (@%SystemRoot%\system32\drivers\dam.sys,-100) -> system32\drivers\dam.sys - AcceptPause: False - AcceptStop: False R1 - [File System Driver] - Dfsc (@%systemroot%\system32\wkssvc.dll,-1008) -> System32\Drivers\dfsc.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - DXGKrnl (LDDM Graphics Subsystem) -> \SystemRoot\System32\drivers\dxgkrnl.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - FileCrypt (@%systemroot%\system32\drivers\filecrypt.sys,-100) -> system32\drivers\filecrypt.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - GpuEnergyDrv (@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100) -> System32\drivers\gpuenergydrv.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - Msfs () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - mssmbios (@mssmbios.inf,%mssmbios_svcdesc%;Microsoft System Management BIOS Driver) -> \SystemRoot\System32\drivers\mssmbios.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - NetBIOS (@%windir%\system32\drivers\netbios.sys,-503) -> system32\drivers\netbios.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - NetBT (@%SystemRoot%\system32\drivers\netbt.sys,-2) -> System32\DRIVERS\netbt.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - Npfs () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - npsvctrig (@npsvctrig.inf,%NPSVCTRIG.SvcDisplayName%;Named pipe service trigger provider) -> \SystemRoot\System32\drivers\npsvctrig.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) -> system32\drivers\nsiproxy.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Null () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Psched (@%windir%\System32\drivers\pacer.sys,-101) -> System32\drivers\pacer.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) -> system32\DRIVERS\rdbss.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) -> \SystemRoot\system32\DRIVERS\tdx.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - vwififlt (@%SystemRoot%\System32\drivers\vwififlt.sys,-259) -> System32\drivers\vwififlt.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - CldFlt (Windows Cloud Files Filter Driver) -> system32\drivers\cldflt.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - lltdio (@%SystemRoot%\system32\lltdres.dll,-6) -> system32\drivers\lltdio.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) -> \SystemRoot\system32\drivers\luafv.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - MMCSS (@%systemroot%\system32\drivers\mmcss.sys,-100) -> \SystemRoot\system32\drivers\mmcss.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - MsLldp (@%SystemRoot%\system32\drivers\mslldp.sys,-200) -> system32\drivers\mslldp.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - Ndu (@%SystemRoot%\system32\drivers\Ndu.sys,-10001) -> system32\drivers\Ndu.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - PEAUTH (PEAUTH) -> system32\drivers\peauth.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - rspndr (@%SystemRoot%\system32\lltdres.dll,-5) -> system32\drivers\rspndr.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - srv (@%systemroot%\system32\srvsvc.dll,-102) -> System32\DRIVERS\srv.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - storqosflt (@%SystemRoot%\System32\drivers\storqosflt.sys,-101) -> system32\drivers\storqosflt.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - tcpipreg (TCP/IP Registry Compatibility) -> System32\drivers\tcpipreg.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - wanarp (@%systemroot%\system32\mprmsg.dll,-32011) -> System32\DRIVERS\wanarp.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - wcifs (@%systemroot%\system32\drivers\wcifs.sys,-100) -> \SystemRoot\system32\drivers\wcifs.sys - AcceptPause: False - AcceptStop: True ---------- | System files (Microsoft|Avast|Atheros|Adaptec|Brother|Intel Files whitelisted) ---------- | Uninstall (Whitelist) [HKU\S-1-5-21-2984681472-3382979029-149579308-1002\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\ZoomUMX] : (Zoom.-.Zoom Video Communications, Inc.) -> C:\Users\xbera\AppData\Roaming\Zoom\uninstall\Installer.exe /uninstall [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{2F044B6B-7F73-4FA3-A65B-27E11919E65C}] : (iTunes.-.Apple Inc.) -> MsiExec.exe /I{2F044B6B-7F73-4FA3-A65B-27E11919E65C} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{31A0B634-BCF4-4D3F-8336-87FEACFEE142}] : (Apple Mobile Device Support.-.Apple Inc.) -> MsiExec.exe /I{31A0B634-BCF4-4D3F-8336-87FEACFEE142} ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{36FAF585-3D08-3D84-8330-4D048F4B6CE6}] : (AMD Fuel.-.Advanced Micro Devices, Inc.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}] : (Bonjour.-.Apple Inc.) -> MsiExec.exe /X{56DDDFB8-7F79-4480-89D5-25E1F52AB28F} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{768C0072-2FD2-4934-9824-B2A1E81AEA5D}] : (Backup and Sync from Google.-.Google, Inc.) -> MsiExec.exe /X{768C0072-2FD2-4934-9824-B2A1E81AEA5D} ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{D9C2E250-17A1-0D68-CB41-83232EC31C2C}] : (ccc-utility64.-.Advanced Micro Devices, Inc.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{F8060941-C0AB-4BCE-88AC-F2FDA2E9F286}] : (Apple Application Support (64 bits).-.Apple Inc.) -> MsiExec.exe /I{F8060941-C0AB-4BCE-88AC-F2FDA2E9F286} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MbConceptLL_is1] : (MbConcept LL.-.) -> "C:\MbConcept_LC\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Mes Livres Ed.Pro_is1] : (Mes Livres Ed.Pro v2.28.-.Soft Creation) -> "C:\Program Files (x86)\MesLivresPro\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{084C69EC-4E41-4182-8746-9FB7A319EE9C}_is1] : (SmartSHOW 3D 10.0.-.AMS Software) -> "C:\Program Files (x86)\SmartSHOW 3D\unins000.exe" ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{099218A5-A723-43DC-8DB5-6173656A1E94}] : (Dropbox Update Helper.-.Dropbox, Inc.) -> MsiExec.exe /I{099218A5-A723-43DC-8DB5-6173656A1E94} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{11087D24-567D-7D88-69C6-D7A08B5F4C47}] : (Catalyst Control Center - Branding.-.Advanced Micro Devices, Inc.) -> MsiExec.exe /I{11087D24-567D-7D88-69C6-D7A08B5F4C47} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1E93452B-BA3E-7375-958C-EBC5E8672A5E}] : (CCC Help Danish.-.Advanced Micro Devices, Inc.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F32180151F0}] : (Java 8 Update 151.-.Oracle Corporation) -> MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F32180151F0} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F32180201F0}] : (Java 8 Update 201.-.Oracle Corporation) -> MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F32180201F0} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{2B642F70-BA82-5E78-41CE-BDFFD5C37530}] : (CCC Help Swedish.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{2EA40F3D-0D93-A391-F383-6F1C708B80BF}] : (CCC Help Turkish.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{3310DD5A-3695-3390-6F38-2B93D862FE02}] : (CCC Help German.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{3C7B5C75-FD82-BC1F-F148-89A3189EF385}] : (AMD Catalyst Control Center.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}] : (Java Auto Updater.-.Oracle Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{4D72F94C-95A5-AA85-E75B-A1A1CB8FCE7A}] : (CCC Help Greek.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{5644668B-04A5-68F6-0AA9-03255877C58F}] : (Catalyst Control Center Localization All.-.Advanced Micro Devices, Inc.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{5A659BE5-849B-484E-A83B-DCB78407F3A4}] : (Apple Application Support (32 bits).-.Apple Inc.) -> MsiExec.exe /I{5A659BE5-849B-484E-A83B-DCB78407F3A4} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{5DA870C0-BC5C-BE96-5045-BD429959C0D3}] : (CCC Help Korean.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{5F3182EE-2532-3B96-2BBB-03B87F574E76}] : (CCC Help Portuguese.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}] : (Google Update Helper.-.Google LLC) -> MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{623C2BD8-1B28-4F98-B578-E9D139827269}] : (Sibelius 7 OpenType Fonts.-.Avid) -> MsiExec.exe /I{623C2BD8-1B28-4F98-B578-E9D139827269} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{6953ECF8-0B1B-FBD7-0DDB-84C82FBBC2F4}] : (CCC Help Japanese.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{6D7A146A-BD56-8EE1-FCC7-BE02013ACE36}] : (CCC Help Chinese Standard.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{71971AE8-C8F3-3C62-FB89-AC41A96761AB}] : (CCC Help Italian.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{7D94356D-48E0-DE1A-423C-67A363C13771}] : (CCC Help English.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{7DE27D8A-1D73-61EB-86F1-079AF7E55C3A}] : (CCC Help Thai.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{7E0B1563-7607-00D7-21CE-7DAFA6FF009C}] : (CCC Help Czech.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{7F8B68A2-0CD0-7DAF-8955-1419C60886D3}] : (CCC Help Spanish.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{87006B27-A5A6-9EF1-BA04-CD7284462419}] : (CCC Help Norwegian.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{947E1256-258E-60A2-7331-44D09E61CF99}] : (CCC Help Russian.-.Advanced Micro Devices, Inc.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A30EA700-5515-48F0-88B0-9E99DC356B88}] : (Apple Software Update.-.Apple Inc.) -> MsiExec.exe /I{A30EA700-5515-48F0-88B0-9E99DC356B88} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A3168DE0-479A-D5EC-59C4-0278C7DEC11C}] : (CCC Help Hungarian.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}] : (Avast Update Helper.-.AVAST Software) -> MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AAAE97DA-1E8B-C0E9-F0E3-5481A09F97C8}] : (CCC Help French.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-0804-1033-1959-001824341201}] : (Adobe Refresh Manager.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-0804-1033-1959-001824341201} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}] : (Adobe Acrobat Reader DC - Français.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-AC0F074E4100} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AFDFBED8-CC9A-8E00-015D-845F0BF9D1E1}] : (CCC Help Chinese Traditional.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{BF44ADDF-E927-4B66-E829-4AF27BF6A58B}] : (CCC Help Polish.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{C3EAC1D2-A492-7B08-A9D5-15EDD5EA1A89}] : (CCC Help Dutch.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{D7D20EB4-BD89-05C0-05C6-33E5B762989E}] : (Catalyst Control Center InstallProxy.-.Advanced Micro Devices, Inc.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{DC8A2B29-D9A7-4D67-A049-BC0A659A2B57}] : (MuseScore 2.-.Werner Schweer and Others) -> MsiExec.exe /X{DC8A2B29-D9A7-4D67-A049-BC0A659A2B57} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F187D064-F101-4E95-8D05-4027809AA0F8}] : (Avid License Control.-.Avid Technology, Inc.) -> MsiExec.exe /X{F187D064-F101-4E95-8D05-4027809AA0F8} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F6860530-9733-0BB2-9C09-F25101076E78}] : (CCC Help Finnish.-.Advanced Micro Devices, Inc.) -> ---------- | Ports ---------- | Installer [HKCR\Installer\Products\007AE03A51550F84880BE999CD53B688] : Apple Software Update -> C:\WINDOWS\Installer\{A30EA700-5515-48F0-88B0-9E99DC356B88}\Installer.ico [HKCR\Installer\Products\0350686F33792BB0C9902F151070E687] : CCC Help Finnish -> C:\WINDOWS\Installer\{F6860530-9733-0BB2-9C09-F25101076E78}\ARPPRODUCTICON.exe [HKCR\Installer\Products\052E2C9D1A7186D0BC143832E23CC1C2] : ccc-utility64 -> C:\WINDOWS\Installer\{D9C2E250-17A1-0D68-CB41-83232EC31C2C}\ARPPRODUCTICON.exe [HKCR\Installer\Products\07F246B228AB87E514ECDBFF5D3C5703] : CCC Help Swedish -> C:\WINDOWS\Installer\{2B642F70-BA82-5E78-41CE-BDFFD5C37530}\ARPPRODUCTICON.exe [HKCR\Installer\Products\0C078AD5C5CB69EB0554DB2499950C3D] : CCC Help Korean -> C:\WINDOWS\Installer\{5DA870C0-BC5C-BE96-5045-BD429959C0D3}\ARPPRODUCTICON.exe [HKCR\Installer\Products\0ED8613AA974CE5D954C20877CED1CC1] : CCC Help Hungarian -> C:\WINDOWS\Installer\{A3168DE0-479A-D5EC-59C4-0278C7DEC11C}\ARPPRODUCTICON.exe [HKCR\Installer\Products\1490608FBA0CECB488CA2FDF2A9E2F68] : Apple Application Support (64 bits) -> C:\WINDOWS\Installer\{F8060941-C0AB-4BCE-88AC-F2FDA2E9F286}\WinInstall.ico [HKCR\Installer\Products\2700C8672DF2439489422B1A8EA1AED5] : Backup and Sync from Google -> C:\WINDOWS\Installer\{768C0072-2FD2-4934-9824-B2A1E81AEA5D}\DriveIcon [HKCR\Installer\Products\2A86B8F70DC0FAD7985541916C80683D] : CCC Help Spanish -> C:\WINDOWS\Installer\{7F8B68A2-0CD0-7DAF-8955-1419C60886D3}\ARPPRODUCTICON.exe [HKCR\Installer\Products\2D1CAE3C294A80B79A5D51DE5DAEA198] : CCC Help Dutch -> C:\WINDOWS\Installer\{C3EAC1D2-A492-7B08-A9D5-15EDD5EA1A89}\ARPPRODUCTICON.exe [HKCR\Installer\Products\3651B0E770677D0012ECD7FA6AFF00C9] : CCC Help Czech -> C:\WINDOWS\Installer\{7E0B1563-7607-00D7-21CE-7DAFA6FF009C}\ARPPRODUCTICON.exe [HKCR\Installer\Products\42D78011D76588D7966C7D0AB8F5C474] : Catalyst Control Center - Branding -> C:\WINDOWS\Installer\{11087D24-567D-7D88-69C6-D7A08B5F4C47}\ARPPRODUCTICON.exe [HKCR\Installer\Products\436B0A134FCBF3D4386378EFCAEF1E24] : Apple Mobile Device Support -> C:\Windows\Installer\{31A0B634-BCF4-4D3F-8336-87FEACFEE142}\Installer.ico [HKCR\Installer\Products\460D781F101F59E4D850047208A90A8F] : Avid License Control -> C:\Windows\Installer\{F187D064-F101-4E95-8D05-4027809AA0F8}\ARPPRODUCTICON.exe [HKCR\Installer\Products\4BE02D7D98DB0C50506C335E7B2689E9] : Catalyst Control Center InstallProxy -> C:\Windows\Installer\{D7D20EB4-BD89-05C0-05C6-33E5B762989E}\ARPPRODUCTICON.exe [HKCR\Installer\Products\4EA42A62D9304AC4784BF2238110150F] : Java 8 Update 151 -> C:\Program Files (x86)\Java\jre1.8.0_151\\bin\javaws.exe [HKCR\Installer\Products\4EA42A62D9304AC4784BF2238120100F] : Java 8 Update 201 -> C:\Program Files (x86)\Java\jre1.8.0_201\\bin\javaws.exe [HKCR\Installer\Products\57C5B7C328DFF1CB1F84983A81E93F58] : AMD Catalyst Control Center -> C:\WINDOWS\Installer\{3C7B5C75-FD82-BC1F-F148-89A3189EF385}\ARPPRODUCTICON.exe [HKCR\Installer\Products\585FAF6380D348D33803D440F8B4C66E] : AMD Fuel -> C:\WINDOWS\Installer\{36FAF585-3D08-3D84-8330-4D048F4B6CE6}\ARPPRODUCTICON.exe [HKCR\Installer\Products\5A812990327ACD34D85B163756A6E149] : Dropbox Update Helper [HKCR\Installer\Products\5EB956A5B948E4848AB3CD7B48703F4A] : Apple Application Support (32 bits) -> C:\WINDOWS\Installer\{5A659BE5-849B-484E-A83B-DCB78407F3A4}\WinInstall.ico [HKCR\Installer\Products\6521E749E8522A063713440DE916FC99] : CCC Help Russian -> C:\WINDOWS\Installer\{947E1256-258E-60A2-7331-44D09E61CF99}\ARPPRODUCTICON.exe [HKCR\Installer\Products\68AB67CA408033019195008142432110] : Adobe Refresh Manager -> C:\WINDOWS\Installer\{AC76BA86-0804-1033-1959-001824341201}\ARPPRODUCTICON.exe [HKCR\Installer\Products\68AB67CA7DA76301B744CAF070E41400] : Adobe Acrobat Reader DC - Français -> C:\Windows\Installer\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}\SC_Reader.ico [HKCR\Installer\Products\72B600786A5A1FE9AB40DC2748644291] : CCC Help Norwegian -> C:\WINDOWS\Installer\{87006B27-A5A6-9EF1-BA04-CD7284462419}\ARPPRODUCTICON.exe [HKCR\Installer\Products\8BFDDD6597F70844985D521E5FA22BF8] : Bonjour -> C:\Windows\Installer\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}\Bonjour.ico [HKCR\Installer\Products\8DB2C32682B189F45B879E1D93282796] : Sibelius 7 OpenType Fonts [HKCR\Installer\Products\8DEBFDFAA9CC00E810D548F5B09F1D1E] : CCC Help Chinese Traditional -> C:\WINDOWS\Installer\{AFDFBED8-CC9A-8E00-015D-845F0BF9D1E1}\ARPPRODUCTICON.exe [HKCR\Installer\Products\8EA179173F8C26C3BF98CA149A7616BA] : CCC Help Italian -> C:\WINDOWS\Installer\{71971AE8-C8F3-3C62-FB89-AC41A96761AB}\ARPPRODUCTICON.exe [HKCR\Installer\Products\8FCE3596B1B07DBFD0BD488CF2BB2C4F] : CCC Help Japanese -> C:\WINDOWS\Installer\{6953ECF8-0B1B-FBD7-0DDB-84C82FBBC2F4}\ARPPRODUCTICON.exe [HKCR\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E] : Avast Update Helper [HKCR\Installer\Products\A089CE062ADB6BC44A720BA745894BAC] : Google Update Helper [HKCR\Installer\Products\A5DD013359630933F683B2398D26EF20] : CCC Help German -> C:\WINDOWS\Installer\{3310DD5A-3695-3390-6F38-2B93D862FE02}\ARPPRODUCTICON.exe [HKCR\Installer\Products\A641A7D665DB1EE8CF7CEB2010A3EC63] : CCC Help Chinese Standard -> C:\WINDOWS\Installer\{6D7A146A-BD56-8EE1-FCC7-BE02013ACE36}\ARPPRODUCTICON.exe [HKCR\Installer\Products\A8D72ED737D1BE16681F70A97F5EC5A3] : CCC Help Thai -> C:\WINDOWS\Installer\{7DE27D8A-1D73-61EB-86F1-079AF7E55C3A}\ARPPRODUCTICON.exe [HKCR\Installer\Products\AD79EAAAB8E19E0C0F3E45180AF9798C] : CCC Help French -> C:\WINDOWS\Installer\{AAAE97DA-1E8B-C0E9-F0E3-5481A09F97C8}\ARPPRODUCTICON.exe [HKCR\Installer\Products\B25439E1E3AB573759C8BE5C8E76A2E5] : CCC Help Danish -> C:\WINDOWS\Installer\{1E93452B-BA3E-7375-958C-EBC5E8672A5E}\ARPPRODUCTICON.exe [HKCR\Installer\Products\B6B440F237F73AF46AB5721E91916EC5] : iTunes -> C:\WINDOWS\Installer\{2F044B6B-7F73-4FA3-A65B-27E11919E65C}\Installer.ico [HKCR\Installer\Products\B86644655A406F86A09A305285775CF8] : Catalyst Control Center Localization All -> C:\WINDOWS\Installer\{5644668B-04A5-68F6-0AA9-03255877C58F}\ARPPRODUCTICON.exe [HKCR\Installer\Products\C49F27D45A5958AA7EB51A1ABCF8ECA7] : CCC Help Greek -> C:\WINDOWS\Installer\{4D72F94C-95A5-AA85-E75B-A1A1CB8FCE7A}\ARPPRODUCTICON.exe [HKCR\Installer\Products\D3F04AE239D0193A3F38F6C107B808FB] : CCC Help Turkish -> C:\WINDOWS\Installer\{2EA40F3D-0D93-A391-F383-6F1C708B80BF}\ARPPRODUCTICON.exe [HKCR\Installer\Products\D65349D70E84A1ED24C3763A361C7317] : CCC Help English -> C:\WINDOWS\Installer\{7D94356D-48E0-DE1A-423C-67A363C13771}\ARPPRODUCTICON.exe [HKCR\Installer\Products\E128CD23D7A48784EB8E33F71A357D2F] : Update for Windows 10 for x64-based Systems (KB4023057) [HKCR\Installer\Products\EE2813F5235269B3B2BB308BF775E467] : CCC Help Portuguese -> C:\WINDOWS\Installer\{5F3182EE-2532-3B96-2BBB-03B87F574E76}\ARPPRODUCTICON.exe [HKCR\Installer\Products\F60730A4A66673047777F5728467D401] : Java Auto Updater [HKCR\Installer\Products\FDDA44FB729E66B48E92A42FB76F5AB8] : CCC Help Polish -> C:\WINDOWS\Installer\{BF44ADDF-E927-4B66-E829-4AF27BF6A58B}\ARPPRODUCTICON.exe ---------- | Drives ---------- | MBR 64 bits not supported by MBR.exe, Dump : C:\QuickDiag\MBR.Bin ---------- | 20 LastEventLog Le programme Taskmgr.exe version 10.0.18362.1 a cessé d'interagir avec Windows et a été fermé. Pour voir si plus d'informations sur le problème sont disponibles, vérifiez l'historique des problèmes dans le Panneau de configuration Sécurité et maintenance. ID de processus : 2370 Heure de début : 01d56d7d4e3dba9d Heure d'arrêt : 13 Chemin d'accès à l'application : C:\Windows\System32\Taskmgr.exe ID de rapport : a29048f1-3a45-4a62-b008-2ea81f77a4fd Nom complet du package défectueux : ID de l'application relative à un package défectueux : Type de blocage : Unknown ------------ Erreur lors de la mise à jour du statut vers SECURITY_PRODUCT_STATE_ON. ------------ Erreur du service de cliché instantané des volumes : erreur lors de l’appel de la routine CoCreateInstance. hr = 0x8007045b, Un arrêt système est en cours. . ------------ Informations du service de cliché instantané de volumes : impossible de démarrer le serveur COM de CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} et de nom CEventSystem. [0x8007045b, Un arrêt système est en cours. ] ------------ Windows ne peut pas charger la DLL de compteur extensible « C:\WINDOWS\system32\sysmain.dll » (code d'erreur Win32 Le module spécifié est introuvable.). ------------ Task Scheduling Error: m->NextScheduledSPRetry 15547 ------------ Task Scheduling Error: m->NextScheduledEvent 15547 ------------ Task Scheduling Error: Continuously busy for more than a second ------------ La ruche utilisateur est chargée par un autre processus (verrouillage de Registre) Nom du processus : C:\Windows\System32\svchost.exe, PID : 4880, PID ProfSvc : 1820. ------------ La ruche utilisateur est chargée par un autre processus (verrouillage de Registre) Nom du processus : C:\Program Files\AVAST Software\Avast\AvastSvc.exe, PID : 1604, PID ProfSvc : 1820. ------------ Windows ne peut pas charger la DLL de compteur extensible « C:\WINDOWS\system32\sysmain.dll » (code d'erreur Win32 Le module spécifié est introuvable.). ------------ Le processus d’ouverture de session de Windows s’est terminé de manière inattendue. ------------ Nom de l’application défaillante mbamtray.exe, version : 3.1.0.1807, horodatage : 0x5cc0b4e2 Nom du module défaillant : Qt5Quick.dll, version : 5.11.1.0, horodatage : 0x5cba0458 Code d’exception : 0xc0000005 Décalage d’erreur : 0x000d0c5b ID du processus défaillant : 0x1164 Heure de début de l’application défaillante : 0x01d56a511154dd0e Chemin d’accès de l’application défaillante : C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe Chemin d’accès du module défaillant: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Quick.dll ID de rapport : a94134c5-1c1b-48d8-97c7-62d520c588b1 Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Échec de lecture de l'état du nœud de cluster : . Le code d'erreur retourné est : 0x8007085A ------------ Échec de lecture de l'état du nœud de cluster : . Le code d'erreur retourné est : 0x8007085A ------------ Échec de lecture de l'état du nœud de cluster : . Le code d'erreur retourné est : 0x8007085A ------------ Échec de lecture de l'état du nœud de cluster : . Le code d'erreur retourné est : 0x8007085A ------------ Échec de la création d’un point de restauration (Processus = C:\AMD\WU-CCC2\ccc2_install\VC12RTx64\vcredist_x64.exe /q /norestart ; Description = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 ; Erreur = 0x80042302). ------------ Erreur du service de cliché instantané des volumes : erreur lors de l’appel de la routine CoCreateInstance. hr = 0x80070422, Le service ne peut pas être démarré parce qu’il est désactivé ou qu’aucun périphérique activé ne lui est associé. . Opération : Instanciation du serveur VSS en cours ------------ ----------( EOF)---------- - 4330 | 20:55:42